如果我一个用户不输入用户名或者用户名是错的
像这中情况就是登陆失败,你可以通过配置是页面转向失败页面。
建立三个表。
表一:用户信息表 CREATE TABLE `userinfo` (
`USER_ID` INTEGER(11) NOT NULL AUTO_INCREMENT,
`USERNAME` VARCHAR(10) NOT NULL,
`PASSWORD` VARCHAR(30) DEFAULT NULL,
`ENABLED` TINYINT(1) NOT NULL DEFAULT '0',
PRIMARY KEY (`USER_ID`),
UNIQUE KEY `USER_ID` (`USER_ID`),
UNIQUE KEY `USERNAME` (`USERNAME`)
);
INSERT INTO `userinfo` (`USER_ID`, `USERNAME`, `PASSWORD`, `ENABLED`) VALUES
(1,'root','root',1)
表二:权限表 CREATE TABLE `authorities` (
`AUTH_ID` INTEGER(11) NOT NULL DEFAULT '0',
`AUTHORITY` VARCHAR(255) NOT NULL,
`AUTH_TYPE` VARCHAR(32) NOT NULL,
`PROTECTED_RES` VARCHAR(64) NOT NULL,
`DISPLAY` VARCHAR(64) NOT NULL,
`NOTE` VARCHAR(64) DEFAULT NULL,
PRIMARY KEY (`AUTH_ID`),
UNIQUE KEY `AUTH_ID` (`AUTH_ID`)
);
COMMIT;
INSERT INTO `authorities` (`AUTH_ID`, `AUTHORITY`, `AUTH_TYPE`, `PROTECTED_RES`, `DISPLAY`, `NOTE`) VALUES
(0,'AUTH_USER','USER','USER','一般用户权限',NULL);
表三:用户权限关联表 CREATE TABLE `user_auth` (
`USER_ID` INTEGER(11) NOT NULL DEFAULT '0',
`AUTH_ID` INTEGER(11) NOT NULL DEFAULT '0',
PRIMARY KEY (`USER_ID`, `AUTH_ID`)
);
INSERT INTO `user_auth` (`USER_ID`, `AUTH_ID`) VALUES
(1,0)
然后进行如下配置:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
<beans>
<!-- ======================== FILTER CHAIN ======================= -->
<!-- if you wish to use channel security, add "channelProcessingFilter," in front
of "httpSessionContextIntegrationFilter" in the list below -->
<bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
</value>
</property>
</bean>
<bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContextIntegrationFilter">
<property name="context"><value>org.acegisecurity.context.security.SecureContextImpl</value></property>
</bean>
<!-- ======================== AUTHENTICATION ======================= -->
<bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
<property name="providers">
<list>
<ref local="daoAuthenticationProvider"/>
<ref local="anonymousAuthenticationProvider"/>
</list>
</property>
</bean>
<bean id="jdbcDaoImpl" class="org.acegisecurity.providers.dao.jdbc.JdbcDaoImpl">
<property name="dataSource"><ref bean="dataSource"/></property>
<property name="usersByUsernameQuery">
<value>SELECT USERNAME, PASSWORD,ENABLED FROM USERINFO WHERE USERNAME=?</value>
</property>
<property name="authoritiesByUsernameQuery">
<value>
SELECT username,authority FROM `userinfo` u, `authorities` a,`user_auth` ua
WHERE u.user_id=ua.user_id
and a.auth_id=ua.auth_id
and u.username = ?
</value>
</property>
</bean>
<bean id="cacheManager" class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>
<bean id="userCacheBackend" class="org.springframework.cache.ehcache.EhCacheFactoryBean">
<property name="cacheManager"> <ref local="cacheManager"/> </property>
<property name="cacheName"> <value>userCache</value> </property>
</bean>
<bean id="userCache" class="org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
<property name="cache"><ref local="userCacheBackend"/></property>
</bean>
<bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
<property name="authenticationDao"><ref local="jdbcDaoImpl"/></property>
<property name="userCache"><ref local="userCache"/></property>
</bean>
<!-- Automatically receives AuthenticationEvent messages from DaoAuthenticationProvider -->
<bean id="loggerListener" class="org.acegisecurity.event.authentication.LoggerListener"/>
<bean id="anonymousProcessingFilter" class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
<property name="key"><value>foobar</value></property>
<property name="userAttribute"><value>anonymousUser,AUTH_ANONYMOUS</value></property>
</bean>
<bean id="anonymousAuthenticationProvider" class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
<property name="key"><value>foobar</value></property>
</bean>
<!-- ===================== HTTP REQUEST SECURITY ==================== -->
<bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
<property name="authenticationManager"><ref bean="authenticationManager"/></property>
<property name="authenticationFailureUrl"><value>/login.jsp?login_error=1</value></property>
<property name="defaultTargetUrl"><value>/index.jsp</value></property>
<property name="filterProcessesUrl"><value>/j_acegi_security_check</value></property>
</bean>
<bean id="securityEnforcementFilter" class="org.acegisecurity.intercept.web.SecurityEnforcementFilter">
<property name="filterSecurityInterceptor"><ref local="filterInvocationInterceptor"/></property>
<property name="authenticationEntryPoint"><ref local="authenticationProcessingFilterEntryPoint"/></property>
</bean>
<bean id="authenticationProcessingFilterEntryPoint" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<property name="loginFormUrl"><value>/login.jsp</value></property>
<property name="forceHttps"><value>false</value></property>
</bean>
<bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager"><ref bean="authenticationManager"/></property>
<property name="accessDecisionManager"><ref local="httpRequestAccessDecisionManager"/></property>
<property name="objectDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/login.jsp*=AUTH_ANONYMOUS,AUTH_USER
/**=AUTH_USER
</value>
</property>
</bean>
<bean id="httpRequestAccessDecisionManager" class="org.acegisecurity.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions"><value>false</value></property>
<property name="decisionVoters">
<list>
<ref bean="roleVoter"/>
</list>
</property>
</bean>
<!-- An access decision voter that reads AUTH_* configuration settings -->
<bean id="roleVoter" class="org.acegisecurity.vote.RoleVoter">
<!-- set that this voter can only used for AUTH_ started roles! -->
<property name="rolePrefix"><value>AUTH_</value></property>
</bean>
</beans>
分享到:
相关推荐
acegi,acegi,acegi
不错的ACEGI 教程
Acegi文档 spring acegi 详细文档
1、一个Acegi的例子,可以运行 2、一个很好的学Acegi的网址,0基础学习Acegi,强烈推荐 3、有什么问题可以发邮件heroshen@126.com讨论
acegi 框架 介绍 spring 安全
Acegi能做什么 Acegi的体系结构 Acegi核心组件 典型的web认证过程 Acegi的登陆认证 Acegi对安全对象的访问控制 Filter 组件 Acegi的不足之处
Acegi安全系统,是一个用于Spring Framework的安全框架,能够和目前流行的Web容器无缝集成。它使用了Spring的方式提供了安全和认证安全服务,包括使用Bean Context,拦截器和面向接口的编程方式。因此,Acegi安全...
Acegi安全系统,是一个用于Spring Framework的安全框架,能够和目前流行的Web容器无缝集成。它使用了Spring的方式提供了安全和认证安全服务,包括使用Bean Context,拦截器和面向接口的编程方式。因此,Acegi安全...
acegi,spring的安全验证框架
acegi-security 1.0.2.jar
关于Acegi的安全框架,里面有Acegi的实例,讲述得挺清楚的,
包含acegi-security-1.0.7.jar,acegi-security-1.0.7-sources.jar,acegi-security-cas-1.0.7.jar,acegi-security-cas-1.0.7-sources.jar,acegi-security-catalina-1.0.7.jar,acegi-security-catalina-1.0.7-...
Acegi使用.pdf
spring Acegi例子,很简单的一个acegi实例,容易理解
Acegi是一个专门为SpringFramework提供安全机制的项目,全称为Acegi Security System for Spring.
spring acegi 使用工程demo
Spring Acegi权限控制,安全系统就只包括两个问题: 认证和授权.
实战Acegi:使用Acegi作为基于Spring框架的WEB应
Acegi Security System for Spring