//Spring 配置
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:b="http://www.springframework.org/schema/beans" xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<http pattern="/manager/login.jsp*" security="none"/>
<http pattern="/manager/loggedout.jsp" security="none"/>
<!--<http pattern="/manager/addAdmin" security="none"/>-->
<http access-denied-page="/manager/login.jsp?errorcode=true">
<!-- 则表示只有拥有对应的角色才能访问. -->
<intercept-url pattern="/manager/**" access="ROLE_ADMIN,ROLE_USER_ENABLE,ROLE_USER_RESETPWD,ROLE_ADMIN_UPDATE,ROLE_USER_DISABLE,ROLE_ADMIN_DELETE,ROLE_ADMIN_ADD,ROLE_GROUP_UPDATE,ROLE_GROUP_DELETE,ROLE_GROUP_BATCHDELETE,ROLE_GROUP_ADD,ROLE_SETTINGS,ROLE_ASSIGNROLE,ROLE_STATION_MANAGER_LOOK,ROLE_STATION_MANAGER_SELECT,ROLE_STATION_MANAGER_ADD,ROLE_STATION_MANAGER_UPDATE,ROLE_STATION_MANAGER_DELETE,ROLE_EQUIPMENT_MANAGER_LOOK,ROLE_EQUIPMENT_MANAGER_SELECT,ROLE_EQUIPMENT_MANAGER_ADD,ROLE_EQUIPMENT_MANAGER_UPDATE,ROLE_EQUIPMENT_MANAGER_DELETE,ROLE_STATUS_LOOK,ROLE_STATUS_BASEDATA_LOOK,ROLE_STATUS_BASEEM_LOOK,ROLE_STATUS_CTRL_COMMAND_LOOK,ROLE_STATUS_BASEDATA_SELECT,ROLE_STATUS_BASEDATA_REMOTE_ON,ROLE_STATUS_BASEDATA_REMOTE_OFF,ROLE_STATUS_BASEDATA_AC1_ON,ROLE_STATUS_BASEDATA_AC1_OFF,ROLE_STATUS_BASEDATA_JN_ON,ROLE_STATUS_BASEDATA_JN_OFF,ROLE_STATUS_BASEDATA_FAN1_ON,ROLE_STATUS_BASEDATA_FAN1_OFF,ROLE_STATUS_BASEDATA_COLLECT,ROLE_STATUS_BASEEM_SELECT,ROLE_STATUS_CTRL_COMMAND_SELECT,ROLE_STATUS_CTRL_COMMAND_DELETE,ROLE_JN_POLICY_LOOK,ROLE_JN_POLICY_STATION_SELECT,ROLE_JN_POLICY_STATION_ADD,ROLE_JN_POLICY_STATION_EXECUTE,ROLE_JN_POLICY_STATION_UPDATE,ROLE_JN_POLICY_MANAGER_UPDATE,ROLE_JN_POLICY_MANAGER_ADD,ROLE_JN_POLICY_MANAGER_SELECT,ROLE_JN_POLICY_ALLOCATION_LOOK,ROLE_JN_POLICY_STATION_LOOK,ROLE_JN_POLICY_MANAGER_LOOK,ROLE_JN_POLICY_ALLOCATION_SELECT,ROLE_WARN_MANAGER_LOOK,ROLE_WARN_NEW_LOOK,ROLE_WARN_HISTORY_LOOK,ROLE_WARN_NEW_SELECT,ROLE_WARN_NEW_DETAIL,ROLE_WARN_HISTORY_SELECT,ROLE_WARN_HISTORY_DETAIL,ROLE_WARN_NOTIFY_LOOK,ROLE_WARN_NOTIFY_SELECT,ROLE_WARN_NOTIFY_SET,ROLE_WARN_NOTIFY_BATCH_DELETE,ROLE_WARN_NOTIFY_UPDATE,ROLE_WARN_NOTIFY_RECEIVER_LOOK,ROLE_WARN_NOTIFY_RECEIVER_SELECT,ROLE_WARN_NOTIFY_RECEIVER_ADD,ROLE_WARN_NOTIFY_RECEIVER_UPDATE,ROLE_WARN_NOTIFY_RECEIVER_DELETE,ROLE_COUNT_LOOK,ROLE_COUNT_SUM,ROLE_COUNT_ACCOUNTING,ROLE_COUNT_TREND,ROLE_COUNT_YOY,ROLE_COUNT_TOP,ROLE_COUNT_EFFECT,ROLE_WARN_COUNT_LOOK,ROLE_WARN_BATCH_DELETE"/>
<!-- 表示通过 /manager/login.jsp 这个映射进行登录 -->
<!-- 如果验证失败则返回一个URL:/manager/login.jsp?error=true -->
<!-- 如果登录成功则默认指向:/manager/welcome.jsp -->
<form-login login-page="/manager/login.jsp" login-processing-url="/j_spring_security_check" default-target-url="/manager/welcome.jsp"
authentication-failure-url="/manager/login.jsp?error=true"/>
<!-- 自定义过滤器,FORM_LOGIN_FILTER 别名 对应类 UsernamePasswordAuthenticationFilter;
该过滤器会覆盖掉 http/form-login 中的 authentication-failure-url 和 default-target-url 这两个属性 -->
<custom-filter before="FORM_LOGIN_FILTER" ref="authenticationProcessingFilter"/>
<!-- 开启session 失效功能 -->
<!-- 注销URL为:/logout -->
<!-- 注销成功后转向:/manager/loggedout.jsp -->
<logout logout-success-url="/manager/loggedout.jsp" logout-url="/logout" delete-cookies="JSESSIONID"/>
<!-- 会话管理,设置最多登录异常,error-if-maximum-exceeded = false为第二次登录就会使前一个登录失效 -->
<session-management invalid-session-url="/manager/welcome.jsp">
<concurrency-control max-sessions="1" error-if-maximum-exceeded="false" />
</session-management>
</http>
<global-method-security secured-annotations="enabled"></global-method-security>
<!-- 认证管理的几种方式 -->
<!-- 配置认证管理器 -->
<authentication-manager alias="authenticationManager">
<authentication-provider>
<!-- 密码加密方式. 常用的有md5 和 sha -->
<password-encoder hash="md5">
<salt-source user-property="username"/>
</password-encoder>
<!-- 注入dataSource验证数据库中的用户名.密码 和 权限相关 -->
<jdbc-user-service data-source-ref="dataSource"
group-authorities-by-username-query="SELECT
g.id,g.groupname,
role.role
FROM t_group AS g
LEFT OUTER JOIN t_group_role AS grouprole ON (g.id = grouprole.groupid)
LEFT OUTER JOIN t_role AS role ON (role.id = grouprole.roleid)
LEFT OUTER JOIN t_group_user AS groupuser on (g.id = groupuser.groupid)
LEFT OUTER JOIN t_admin ON (t_admin.id = groupuser.userid)
WHERE t_admin.nickname = ?"
users-by-username-query="SELECT t_admin.nickname AS username,t_admin.passwd as password,'true' AS enabled
FROM t_admin
WHERE t_admin.nickname = ?"
authorities-by-username-query="SELECT t_admin.nickname AS username,role.role as authorities
FROM t_admin
LEFT OUTER JOIN t_user_role AS userrole ON(t_admin.id = userrole.userid)
LEFT OUTER JOIN t_role AS role ON (userrole.roleid = role.id)
WHERE t_admin.nickname = ?" />
<!-- 使用固定的用户名和密码及权限来做验证.
<user-service>
<user name="admin" password="admin" authorities="ROLE_USER, ROLE_ADMIN" />
<user name="user" password="user" authorities="ROLE_USER" />
</user-service>
-->
</authentication-provider>
</authentication-manager>
<!-- 自定义消息 -->
<b:bean id="messageSource"
class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
<b:property name="basename"
value="classpath:messages_zh_CN" />
</b:bean>
<beans:bean id="authenticationProcessingFilter" class="com.supinfo.jieneng.aop.LoginUsernamePasswordAuthenticationFilter">
<beans:property name="authenticationSuccessHandler" ref="loginSuccessHandler"/>
<beans:property name="authenticationFailureHandler" ref="authenticationFailureHandler"/>
<beans:property name="authenticationManager" ref="authenticationManager"/>
</beans:bean>
<!-- 过滤 成功 -->
<beans:bean id="loginSuccessHandler" class="com.supinfo.jieneng.aop.LoginSuccessHandler">
<b:property name="defaultTargetUrl">
<b:value>/manager/welcome.jsp</b:value>
</b:property>
</beans:bean>
<!-- 过滤 失败 -->
<beans:bean id="authenticationFailureHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<beans:property name="defaultFailureUrl">
<beans:value>/manager/login.jsp?error=true</beans:value>
</beans:property>
</beans:bean>
</beans:beans>
//====================================LoginSuccessHandler================================
package com.supinfo.jieneng.aop;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import com.supinfo.core.base.ServiceManager;
import com.supinfo.jieneng.domains.Admin;
import com.supinfo.jieneng.domains.Log;
/**
* 处理管理员登录日志
* @author
*
*/
public class LoginSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler{
@Autowired
private ServiceManager serviceManager;
@Override
public void onAuthenticationSuccess(HttpServletRequest request,
HttpServletResponse response, Authentication authentication) throws IOException,
ServletException {
UserDetails userDetails = (UserDetails)authentication.getPrincipal();
//for(GrantedAuthority obj : userDetails.getAuthorities()){
//if(obj.getAuthority().equals("ROLE_ADMIN")){
//System.out.println("管理员 " + userDetails.getUsername() + " 登录");
Log log = new Log();
//log.setCreatedate(new Date());
log.setUserid(loginUserId(userDetails.getUsername()));
log.setContent("管理员:" + userDetails.getUsername());
log.setOperation("登录");
serviceManager.getLogService().log(log);
//}
//}
super.onAuthenticationSuccess(request, response, authentication);
}
/**
* 获取登录用户ID
*
* @return
*/
private Long loginUserId(String userName) {
// 根据用户名获取用户ID
Admin admin = serviceManager.getAdminService().findAdminByNickname(userName);
return admin.getId();
}
}
//==================================UsernamePasswordAuthenticationFilter==================================
package com.supinfo.jieneng.aop;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
public class LoginUsernamePasswordAuthenticationFilter extends
UsernamePasswordAuthenticationFilter {
// @Override
// public Authentication attemptAuthentication(HttpServletRequest request,
// HttpServletResponse response) throws AuthenticationException {
// try {
// User user = new User();
// user.setNickname(request.getParameter("j_username"));
// user.setPasswd(request.getParameter("j_password"));
// if (user != null && DataUtil.isNullAndEmpty(user.getNickname())) {
// /*
// * request.getSession().setAttribute("houtaiUser", user);
// // 后台城市切换
// String path = getClass().getClassLoader()
// .getResource("signCity.xml").getPath();
// Map<String, Object> citys = null;
// if (DataUtil.isNullAndEmpty(path)) {
// //citys = UrlUtil.readyCity(path);
// }
// request.getSession().setAttribute("houtaiCitys", citys);
// */
// }
// } catch (Exception e) {
// e.printStackTrace();
// }
// return super.attemptAuthentication(request, response);
//
// }
}
//web.xml
<!-- Spring Security 过滤器配置 -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/manager/*</url-pattern>
<url-pattern>/j_spring_security_check</url-pattern>
<url-pattern>/logout</url-pattern>
</filter-mapping>
|