需求:当用户登录成功的时候,记录下username、ip、时间等信息,存入数据库。
login.jsp页面登录form,使用Spring Security
<form method="post" id="loginForm" class="loginForm_css" action="<%=request.getContextPath()%>/j_spring_security_check" autocomplete="off"> <div class="form_left"> <input type="text" name="j_username" id="username" placeholder="用户名" autocomplete="off"/> <input type="password" name="j_password" id="password" placeholder="密码" autocomplete="off"/> </div> <div class="form_submit"> <input type="submit" id="submit" value="登 录"/> </div> <div class="clearboth"></div>
</form>
配置文件applicationContext-security.xml
<form-login login-page="/security/login.jsp" login-processing-url="/j_spring_security_check" authentication-failure-url="/security/login.jsp?error=1" default-target-url="/index.jsp" />
之前的设想太简单,停留在表面思考问题。登录成功后跳转到首页,首页加载时调用ajax传入后台用户信息等等。现在看来,完全是一个错误的方向。
后来查资料找到了form-login中的一个属性 authentication-success-handler-ref 权限赋予成功后跳转到后台的某个action,找到key之后剩下的问题迎刃而解。
login.jsp页面无需更改。
applicationContext-security.xml中的form-login加上key,手动配置后台action的bean
<form-login login-page="/security/login.jsp" login-processing-url="/j_spring_security_check" authentication-success-handler-ref="loginLog" authentication-failure-url="/security/login.jsp?error=1" default-target-url="/index.jsp" /> <b:bean id="loginLog" class="com.test.LoginLogAction"> <b:property name="defaultTargetUrl" value="/index.jsp"></b:property> </b:bean>
LoginLogAction需要实现AuthenticationSuccessHandler接口
package com.test.security; import java.io.IOException; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.core.Authentication; import org.springframework.security.web.DefaultRedirectStrategy; import org.springframework.security.web.RedirectStrategy; import org.springframework.security.web.authentication.AuthenticationSuccessHandler; import com.goodwill.core.utils.DateUtils; import com.goodwill.security.entity.LoginLog; import com.goodwill.security.service.LoginLogService; import com.goodwill.security.utils.SecurityUtils; public class LoginLogAction implements AuthenticationSuccessHandler { @Autowired private LoginLogService loginLogService; private String defaultTargetUrl; private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy(); public String getDefaultTargetUrl() { return defaultTargetUrl; } public void setDefaultTargetUrl(String defaultTargetUrl) { this.defaultTargetUrl = defaultTargetUrl; } @Override public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException { LoginLog loginInfo = new LoginLog(); String username = SecurityUtils.getCurrentUserName(); String ip = getIpAddr(request); String loginTime = DateUtils.getNowDateTime(); String project = request.getContextPath(); loginInfo.setUsername(username); loginInfo.setProject(project); loginInfo.setIp(ip); loginInfo.setLoginTime(loginTime); loginInfo.setLoginType("LOGIN"); loginLogService.save(loginInfo); this.redirectStrategy.sendRedirect(request, response, this.defaultTargetUrl); } /** * 获取用户的IP地址 * @param request * @return */ private String getIpAddr(HttpServletRequest request) { String ip = request.getHeader("x-forwarded-for"); if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getHeader("Proxy-Client-IP"); } if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getHeader("WL-Proxy-Client-IP"); } if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getRemoteAddr(); } return ip; } }