Package com.lanyuan.security

Source Code of com.lanyuan.security.MyAuthenticationFilter

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
package com.lanyuan.security;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

import com.lanyuan.dao.UserDao;
import com.lanyuan.entity.User;
import com.lanyuan.entity.UserLoginList;
import com.lanyuan.service.UserLoginListService;
import com.lanyuan.util.Common;

/**
* 这个类主要是用户登录验证
*
* @author lanyuan 2013-11-19
* @Email: mmm333zzz520@163.com
* @version 1.0v
*/
public class MyAuthenticationFilter extends
    UsernamePasswordAuthenticationFilter {
  private static final String USERNAME = "username";
  private static final String PASSWORD = "password";
  /**
   * 登录成功后跳转的地址
   */
  private String successUrl = "/background/index.html";
  /**
   * 登录失败后跳转的地址
   */
  private String errorUrl = "/background/login.html";
  @Autowired
  private UserDao userDao;
  @Autowired
  private UserLoginListService userLoginListService;
 
  /**
   * 自定义表单参数的name属性,默认是 j_username 和 j_password
   * 定义登录成功和失败的跳转地址
   * @author LJN
   * Email: mmm333zzz520@163.com
   * @date 2013-12-5 下午7:02:32
   */
  public void init() {
//    System.err.println(" ---------------  MyAuthenticationFilter init--------------- ");
    this.setUsernameParameter(USERNAME);
    this.setPasswordParameter(PASSWORD);
    // 验证成功,跳转的页面
    SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
    successHandler.setDefaultTargetUrl(successUrl);
    this.setAuthenticationSuccessHandler(successHandler);

    // 验证失败,跳转的页面
    SimpleUrlAuthenticationFailureHandler failureHandler = new SimpleUrlAuthenticationFailureHandler();
    failureHandler.setDefaultFailureUrl(errorUrl);
    this.setAuthenticationFailureHandler(failureHandler);
  }

  @Override
  public Authentication attemptAuthentication(HttpServletRequest request,
      HttpServletResponse response) throws AuthenticationException {
//    System.err.println(" ---------------  MyAuthenticationFilter attemptAuthentication--------------- ");
   
    if (!request.getMethod().equals("POST")) {
      throw new AuthenticationServiceException(
          "Authentication method not supported: "
              + request.getMethod());
    }

    String username = obtainUsername(request).trim();
    String password = obtainPassword(request).trim();
    // System.out.println(">>>>>>>>>>000<<<<<<<<<< username is " +
    // username);
    if (Common.isEmpty(username) || Common.isEmpty(password)) {
      BadCredentialsException exception = new BadCredentialsException(
          "用户名或密码不能为空!");// 在界面输出自定义的信息!!
      throw exception;
    }

    // 验证用户账号与密码是否正确
    User users = this.userDao.querySingleUser(username);
    if (users == null || !users.getUserPassword().equals(password)) {
      BadCredentialsException exception = new BadCredentialsException(
          "用户名或密码不匹配!");// 在界面输出自定义的信息!!
      // request.setAttribute(WebAttributes.AUTHENTICATION_EXCEPTION,
      // exception);
      throw exception;
    }
    // 当验证都通过后,把用户信息放在session里
    request.getSession().setAttribute("userSession", users);
    // 记录登录信息
    UserLoginList userLoginList = new UserLoginList();
    userLoginList.setUserId(users.getUserId());
    System.out.println("userId----" + users.getUserId() + "---ip--"
        + Common.toIpAddr(request));
    userLoginList.setLoginIp(Common.toIpAddr(request));
    userLoginListService.add(userLoginList);
    // 实现 Authentication
    UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(
        username, password);
    // 允许子类设置详细属性
    setDetails(request, authRequest);

    // 运行UserDetailsService的loadUserByUsername 再次封装Authentication
    return this.getAuthenticationManager().authenticate(authRequest);
  }

  public String getSuccessUrl() {
    return successUrl;
  }

  public void setSuccessUrl(String successUrl) {
    this.successUrl = successUrl;
  }

  public String getErrorUrl() {
    return errorUrl;
  }

  public void setErrorUrl(String errorUrl) {
    this.errorUrl = errorUrl;
  }
}
TOP

Related Classes of com.lanyuan.security.MyAuthenticationFilter

  • com.lanyuan.entity.User
  • com.lanyuan.entity.UserLoginList
  • org.springframework.security.authentication.UsernamePasswordAuthenticationToken
  • org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler
  • org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler
  • org.springframework.security.authentication.AuthenticationServiceException
  • org.springframework.security.authentication.BadCredentialsException
    • TOP
    Copyright © 2018 www.massapi.com. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.