实现功能只需要输入一个帐号即可登录系统。
需要实现上面的功能需要:
1.编辑imitate.jsp页面
<%@page import="com.hotent.core.util.ContextUtil"%> <%@page import="com.hotent.platform.model.system.SysUser"%> <%@page import="org.springframework.security.core.Authentication, org.springframework.security.core.context.SecurityContext, com.hotent.core.util.AppUtil, org.springframework.security.authentication.AuthenticationManager, org.springframework.security.core.context.SecurityContextHolder, org.springframework.security.web.authentication.WebAuthenticationDetails, org.springframework.security.authentication.UsernamePasswordAuthenticationToken"%> <%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%> <% AuthenticationManager authenticationManager=(AuthenticationManager)AppUtil.getBean("authenticationManager"); String account=request.getParameter("account"); UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(account, ""); authRequest.setDetails(new WebAuthenticationDetails(request)); SecurityContext securityContext = SecurityContextHolder.getContext(); Authentication auth = authenticationManager.authenticate(authRequest); securityContext.setAuthentication(auth); SysUser user=ContextUtil.getCurrentUser(); out.print(user.getFullname()); %>
调用api验证用户,这里只输入了帐号,密码为空,但是数据库中的密码是使用sha256算法加密的密码,这个时候我们需要实现一个PasswordEncoder。
2.实现PasswordEncoder,这个encoder 始终返回为true,具体实现由用户自己实现。
package com.hotent.platform.service.system.impl; import org.springframework.security.authentication.encoding.PasswordEncoder; public class EmptyPasswordEncoder implements PasswordEncoder { @Override public String encodePassword(String rawPass, Object salt) { System.out.println(rawPass); return rawPass; } /** * encPass:数据库密码 * rawPass:原密码 */ @Override public boolean isPasswordValid(String encPass, String rawPass, Object salt) { return true; } }
3.配置app-security.xml.
<security:authentication-manager alias="authenticationManager" > <security:authentication-provider user-service-ref="sysUserDao"> <security:password-encoder ref="passwordEncoder"/> </security:authentication-provider> </security:authentication-manager> <bean id="passwordEncoder" class="com.hotent.platform.service.system.impl.EmptyPasswordEncoder"></bean>
4.配置imitate.jsp匿名访问。
<property name="anonymousUrls"> <set> <value>/mobileLogin.jsp</value> <value>/mobileLogin.ht</value> <value>/platform/mobile/lang/changLang.ht</value> <value>/loginRedirect.ht</value> <value>/login.jsp</value> <value>/imitate.jsp</value> <value>/login.ht</value> <value>/bpmImage</value> <value>/platform/bpm/processRun/processImage.ht</value> <value>/platform/bpm/processRun/getFlowStatusByInstanceId.ht</value> <value>/platform/bpm/processRun/taskUser.ht</value> <value>/platform/bpm/taskOpinion/list.ht</value> <!-- flex附件上传的 --> <value>/platform/bpm/bpmDefinition/getXmlImport.ht</value> <value>/mobile/system/mobileLogin.ht</value> <value>/mobile/system/mobileLogout.ht</value> </set> </property>