- 浏览: 1233819 次
- 性别:
- 来自: 上海
文章分类
最新评论
-
lankk:
lankk 写道事实上,在运行String s1=new St ...
理解String 及 String.intern() 在实际中的应用 -
lankk:
事实上,在运行String s1=new String(&qu ...
理解String 及 String.intern() 在实际中的应用 -
lankk:
同意1楼的说法http://docs.oracle.com/j ...
理解String 及 String.intern() 在实际中的应用 -
raoyutao:
...
jdk 线程池 ThreadPoolExecutor -
hongdanning:
理解了。之前困惑的一些明白了。谢谢分享。
理解String 及 String.intern() 在实际中的应用
转自 http://loianegroner.com/2010/02/integrating-spring-security-with-extjs-login-page/
This tutorial will walk through how to configure ExtJS Login form (Ajax login form) instead of default Spring Security login.jsp.
Instead of using login.jsp from spring security, why do not use an ajax login form?
And How to integrate the ExtJS Login Form with Spring Security ?
You did try to do it, the user is successfully authenticated, but the user is not redirected to the application main page. How to fix this situation? How to make it work?
It does not matter if you set the default-target-url in applicationContext-security.xml, or set a redirect URL on server side. It will not work this way.
The issue is that ExtJS make Ajax calls, and no redirect will work on server side. You have to redirect it on the client side, which is the ExtJS/javascript code.
First, you need to create the login form. You can use the javascript code provided by ExtJS and you can modify it to work with spring security.
If you take a look at the login.jsp, you will see three key points:
- URL / form action: j_spring_security_check
- Username input name: j_username
- Password input name: j_password
That is what you need to customize to make ExtJS Login form works! But do not be too comfortable, there are some issues you need to fix to make it work perfectly.
Take a look how login.js looks like (after customization):
01
|
Ext.onReady(
function
(){
|
02
|
Ext.QuickTips.init();
|
03
|
04
|
// Create a
variable to hold our EXT Form Panel.
|
05
|
06
|
// Assign
various config options as seen.
|
07
|
var
login =
new
Ext.FormPanel({
|
08
|
labelWidth:80,
|
09
|
url:
'j_spring_security_check'
,
|
10
|
frame:
true
,
|
11
|
title:
'Please
Login'
,
|
12
|
13
|
defaultType:
'textfield'
,
|
14
|
width:300,
|
15
|
height:150,
|
16
|
monitorValid:
true
,
|
17
|
// Specific attributes for the text fields for
username / password.
|
18
|
// The "name" attribute defines the name of
variables sent to the server.
|
19
|
20
|
items:[{
|
21
|
fieldLabel:
'Username'
,
|
22
|
name:
'j_username'
,
|
23
|
allowBlank:
false
|
24
|
},{
|
25
|
fieldLabel:
'Password'
,
|
26
|
27
|
name:
'j_password'
,
|
28
|
inputType:
'password'
,
|
29
|
allowBlank:
false
|
30
|
}],
|
31
|
32
|
// All the
magic happens after the user clicks the button
|
33
|
buttons:[{
|
34
|
35
|
text:
'Login'
,
|
36
|
formBind:
true
,
|
37
|
// Function that fires when user clicks the
button
|
38
|
handler:
function
(){
|
39
|
login.getForm().submit({
|
40
|
41
|
method:
'POST'
,
|
42
|
43
|
//
Functions that fire (success or failure) when the server responds.
|
44
|
// The server would actually respond with valid
JSON,
|
45
|
//
something like: response.write "{ success: true}" or
|
46
|
47
|
//
response.write "{ success: false, errors: { reason: 'Login failed. Try
again.' }}"
|
48
|
//
depending on the logic contained within your server script.
|
49
|
// If a success occurs, the user is notified
with an alert messagebox,
|
50
|
51
|
//
and when they click "OK", they are redirected to whatever page
|
52
|
// you define as redirect.
|
53
|
54
|
success:
function
(){
|
55
|
Ext.Msg.alert(
'Status'
,
'Login
Successful!'
,
function
(btn,
text){
|
56
|
57
|
if
(btn ==
'ok'
){
|
58
|
window.location =
'main.action'
;
|
59
|
}
|
60
|
});
|
61
|
62
|
},
|
63
|
64
|
//
Failure function, see comment above re: success and failure.
|
65
|
// You can see here, if login fails, it throws a
messagebox
|
66
|
// at
the user telling him / her as much.
|
67
|
68
|
failure:
function
(form,
action){
|
69
|
if
(action.failureType ==
'server'
){
|
70
|
obj =
Ext.util.JSON.decode(action.response.responseText);
|
71
|
72
|
Ext.Msg.alert(
'Login Failed!'
, obj.errors.reason);
|
73
|
}
else
{
|
74
|
Ext.Msg.alert(
'Warning!'
,
'Authentication
server is unreachable : '
+
action.response.responseText);
|
75
|
76
|
}
|
77
|
login.getForm().reset();
|
78
|
}
|
79
|
80
|
});
|
81
|
}
|
82
|
}]
|
83
|
});
|
84
|
85
|
login.render(
'login'
);
|
86
|
87
|
});
|
If you make these changes and try to execute the application with a basic applicationContext-security.xml file, the user will be successfully authenticated, but is not going to be redirected.
What are we missing then?
You need to customize AuthenticationProcessingFilter class for spring security to perform actions on login.
The “onSuccessfulAuthentication” and “onUnsuccessfulAuthentication” methods need to return some JSON content. If user is successfully authenticated, then redirect to main page, otherwise, the application will show an error message.
This is MyAuthenticationProcessingFilter class:
01
|
package
com.loiane.security;
|
02
|
03
|
import
java.io.IOException;
|
04
|
import
java.io.Writer;
|
05
|
06
|
import
javax.servlet.http.HttpServletRequest;
|
07
|
import
javax.servlet.http.HttpServletResponse;
|
08
|
import
javax.servlet.http.HttpServletResponseWrapper;
|
09
|
10
|
import
org.springframework.security.Authentication;
|
11
|
import
org.springframework.security.AuthenticationException;
|
12
|
import
org.springframework.security.ui.webapp.AuthenticationProcessingFilter;
|
13
|
14
|
public
class
MyAuthenticationProcessingFilter
extends
AuthenticationProcessingFilter
{
|
15
|
16
|
protected
void
onSuccessfulAuthentication(HttpServletRequest
request,
|
17
|
HttpServletResponse
response, Authentication authResult)
|
18
|
throws
IOException {
|
19
|
super
.onSuccessfulAuthentication(request,
response, authResult);
|
20
|
21
|
HttpServletResponseWrapper
responseWrapper =
new
HttpServletResponseWrapper(response);
|
22
|
23
|
Writer out =
responseWrapper.getWriter();
|
24
|
25
|
String targetUrl =
determineTargetUrl( request );
|
26
|
out.write(
"{success:true,
targetUrl : \'"
+ targetUrl +
"\'}"
);
|
27
|
out.close();
|
28
|
29
|
}
|
30
|
31
|
protected
void
onUnsuccessfulAuthentication(
HttpServletRequest request,
|
32
|
HttpServletResponse response, AuthenticationException
failed )
|
33
|
throws
IOException {
|
34
|
35
|
HttpServletResponseWrapper
responseWrapper =
new
HttpServletResponseWrapper(response);
|
36
|
37
|
Writer out =
responseWrapper.getWriter();
|
38
|
39
|
out.write(
"{ success: false, errors: { reason: 'Login failed.
Try again.' }}"
);
|
40
|
out.close();
|
41
|
42
|
}
|
43
|
44
|
}
|
And this is how applicationContext-security.xml looks like :
01
|
<?
xml
version
=
"1.0"
encoding
=
"UTF-8"
?>
|
02
|
03
|
<
beans
xmlns
=
"http://www.springframework.org/schema/beans
"
|
04
|
xmlns:security
=
"http://www.springframework.org/schema/security
"
|
05
|
xmlns:xsi
=
"http://www.w3.org/2001/XMLSchema-instance
"
|
06
|
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
|
07
|
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-2.0.xsd
">
|
08
|
09
|
<
security:global-method-security
/>
|
10
|
11
|
<
security:http
auto-config
=
"false"
entry-point-ref
=
"authenticationProcessingFilterEntryPoint"
>
|
12
|
<
security:intercept-url
pattern
=
"/index.jsp"
filters
=
"none"
/>
|
13
|
<
security:intercept-url
pattern
=
"/*.action"
access
=
"ROLE_USER"
/>
|
14
|
</
security:http
>
|
15
|
16
|
<
bean
id
=
"authenticationProcessingFilter"
class
=
"com.loiane.security.MyAuthenticationProcessingFilter"
>
|
17
|
<
security:custom-filter
position
=
"AUTHENTICATION_PROCESSING_FILTER"
/>
|
18
|
<
property
name
=
"defaultTargetUrl"
value
=
"/main.html"
/>
|
19
|
<
property
name
=
"authenticationManager"
ref
=
"authenticationManager"
/>
|
20
|
</
bean
>
|
21
|
22
|
<
security:authentication-manager
alias
=
"authenticationManager"
/>
|
23
|
24
|
<
bean
id
=
"authenticationProcessingFilterEntryPoint"
|
25
|
class
=
"org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint"
>
|
26
|
<
property
name
=
"loginFormUrl"
value
=
"/index.jsp"
/>
|
27
|
<
property
name
=
"forceHttps"
value
=
"false"
/>
|
28
|
</
bean
>
|
29
|
30
|
<!--
|
31
|
Usernames/Passwords are
|
32
|
rod/koala
|
33
|
dianne/emu
|
34
|
scott/wombat
|
35
|
peter/opal
|
36
|
These passwords are from spring security app example
|
37
|
-->
|
38
|
<
security:authentication-provider
>
|
39
|
<
security:password-encoder
hash
=
"md5"
/>
|
40
|
<
security:user-service
>
|
41
|
<
security:user
name
=
"rod"
password
=
"a564de63c2d0da68cf47586ee05984d7"
authorities
=
"ROLE_SUPERVISOR, ROLE_USER, ROLE_TELLER"
/>
|
42
|
<
security:user
name
=
"dianne"
password
=
"65d15fe9156f9c4bbffd98085992a44e"
authorities
=
"ROLE_USER,ROLE_TELLER"
/>
|
43
|
<
security:user
name
=
"scott"
password
=
"2b58af6dddbd072ed27ffc86725d7d3a"
authorities
=
"ROLE_USER"
/>
|
44
|
<
security:user
name
=
"peter"
password
=
"22b5c9accc6e1ba628cedc63a72d57f8"
authorities
=
"ROLE_USER"
/>
|
45
|
</
security:user-service
>
|
46
|
</
security:authentication-provider
>
|
47
|
</
beans
>
|
Now you can login using ExtJS login form.
I coded a sample application for this example. If you like it, you can download it from my GitHub: http://github.com/loiane/spring-security-extjs-login
Happy coding!
发表评论
-
ServiceLocatorFactoryBean 学习
2016-01-27 14:36 3390今天看一个新项目 ... -
连接池exception GetConnectionTimeoutException get/close not same thread
2015-09-24 14:44 7125环境 hibernate 4.2.0.Final sp ... -
jboss Closing a connection for you
2011-05-10 19:06 2063jboss 报了如下的错 [CachedConnect ... -
jersey spring tomcat 集成
2011-05-04 15:39 3627首先把jersey的相关jar放到WEB-INF/lib目录下 ... -
spring 源码阅读之 WebApplicationContext 初始化
2011-03-21 15:32 2262web.xml <listener> ... -
spring security debug 小结
2010-05-21 16:06 2920有时需要在默认的filter之前定义自己的filter来改 ... -
spring security 修改 RememberMeServices的key
2010-05-21 12:11 2135用RememberMe的时候想改一些RememberMeSer ... -
spring security 自定义过滤器
2010-05-20 13:45 4119Filters 'com.lich0079.services. ... -
web 代码中 如何获得 applicationcontext 及与 beanfactory 区别
2010-05-19 17:18 1971WebApplicationContextUtils.getW ... -
spring aop
2009-12-11 18:35 1458spring对AOP的支持(采用Annotation的方式)1 ... -
spring 初步
2009-12-11 18:34 11201、spring普通属性注入 参见spring文档3.3. ... -
spring servlet jdbc
2009-12-05 18:14 2353这个文章的关注点是如何在只准使用servlet jsp jdb ... -
Spring+Ibatis构建多库业务系统(一)
2009-06-17 18:33 1477http://244369.blog.chinajavawor ... -
使用spring发送邮件例
2009-03-04 11:50 2489使用javamail來發送信件的主要流程是由 web serv ...
相关推荐
SpringBoot+SpringSecurity处理Ajax登录请求问题 SpringBoot+SpringSecurity处理Ajax登录请求问题是SpringBoot开发中的一個常见问题,本文将详细介绍如何使用SpringBoot+SpringSecurity处理Ajax登录请求问题。 ...
当Ajax请求被拒绝时,Spring Security默认会重定向到一个错误页面,但这对Ajax请求并不适用。因此,我们需要提供一个错误处理器,将错误信息作为JSON或其他适合Ajax响应的格式返回。 5. **HTML与Ajax共存** 在...
在提供的压缩包文件"springsecurity_database"中,可能包含了示例代码、配置文件和其他相关资源,可以帮助你理解和实现上述功能。在实际项目中,你需要根据自己的需求调整和扩展这些示例,以构建一个符合业务场景的...
**Spring Security 用户权限项目概述** Spring Security 是一个强大的安全框架,专为 Java 应用程序设计,用于处理身份验证和授权。在这个项目中,它被用来实现用户权限管理,确保只有授权的用户才能访问特定的资源...
6. **CSRF防护**:为防止跨站请求伪造(Cross-Site Request Forgery)攻击,Spring Security提供了内置的CSRF保护,可以通过添加特定的token到表单或Ajax请求中来验证请求的合法性。 7. **AOP(面向切面编程)**:...
在本“springsecurity前端素材”中,我们有两个主要的文件夹:templates和static,它们分别代表了前端展示层的不同方面。 **templates** 文件夹通常包含了应用的HTML模板文件,这些文件被用于构建用户界面。在...
在本项目中,"SpringBoot项目+SpringSecurity+前端静态资源"是一个综合性的开发实践,主要涉及了Spring Boot和Spring Security这两个核心的Java框架,以及前端的静态资源管理。Spring Boot简化了Java应用的初始化和...
### Spring Security权限管理开发手册知识点概述 #### 一、序言 - **为什么选择Spring Security:** - **安全性:** 提供了强大的安全性保障,包括认证(Authentication)、授权(Authorization)以及会话管理(Session...
Spring Security 参考 1 第一部分前言 15 1.入门 16 2.介绍 17 2.1什么是Spring Security? 17 2.2历史 19 2.3版本编号 20 2.4获得Spring安全 21 2.4.1使用Maven 21 Maven仓库 21 Spring框架 22 2.4.2 Gradle 23 ...
Architect solutions that leverage the full power of Spring Security while remaining loosely coupled. Implement various scenarios such as supporting existing user stores, user sign up, authentication, ...
关于使用Ajax进行登录并使用Spring Security缓存跳转回登录前的URL的实现方法,主要涉及的IT知识点如下: 1. **Ajax的定义与作用** Ajax(Asynchronous JavaScript and XML)是一种在无需重新加载整个页面的情况下...
这是一个基于Java技术栈的Web应用实例,整合了Spring 3、Struts 2、Hibernate 3、Direct Web Remoting (DWR) 3、以及Spring Security 3,并且利用Ajax进行异步通信,实现了数据库配置的权限管理。下面将详细阐述这些...
此外,Spring的安全模块(如Spring Security)也可以用来实现用户认证和授权,防止未授权的访问。 **Ajax** (Asynchronous JavaScript and XML)是一种在无需刷新整个页面的情况下更新部分网页的技术,通过...
更改了RedirectUtils类的 response.sendRedirect(response.encodeRedirectURL(finalUrl)); 改为了 StringBuffer str = new StringBuffer(); str.append("{"); str.append("status: \"true\",");...
【标题】"Springboot+SSM+security+ajax+bootstrap+jquery+mysql"是一个综合性的Java Web项目,它集成了多种技术以构建高效、现代化的Web应用。此项目的核心是Spring Boot框架,它简化了Spring应用程序的初始设置和...
本项目是一个基于SSM(Spring、SpringMVC、MyBatis)框架的循环水能效管理系统,采用现代前端技术如Bootstrap、JSP、Ajax以及数据交换格式JSON,同时结合SpringSecurity进行安全控制。这个系统主要适用于高校计算机...
### Spring Security3技术手册知识点概览 #### 一、基础篇 **1. 一个简单的Hello World** - **1.1 配置过滤器** - Spring Security通过一系列的过滤器来实现对Web应用程序的安全控制。了解如何配置这些过滤器是...
本文将深入探讨如何使用Spring Boot、Spring Security、Vue.js以及Element UI来实现用户认证功能,这些都是Java后端和前端开发的重要工具。 首先,Spring Boot是基于Spring框架的一个微服务开发工具,它简化了初始...
spring security form表单,基于ajax请求,用于前后端分离,包含多登出方式
1. 后台架构:SpringMVC 5.1.5、Spring 5.1.5、SpringSecurity 5.1.4、Hibernate 5.3.7 2. 前端架构:Bootstrap,兼容JQuery,AJAX 3. 页面设计:SmartAdmin,AJAX + 对话框操作风格,可换6种页面风格和颜色 4. ...