实现功能只需要输入一个帐号即可登录系统。
需要实现上面的功能需要:
1.编辑imitate.jsp页面
<%@page import="com.hotent.core.util.ContextUtil"%>
<%@page import="com.hotent.platform.model.system.SysUser"%>
<%@page import="org.springframework.security.core.Authentication,
org.springframework.security.core.context.SecurityContext,
com.hotent.core.util.AppUtil,
org.springframework.security.authentication.AuthenticationManager,
org.springframework.security.core.context.SecurityContextHolder,
org.springframework.security.web.authentication.WebAuthenticationDetails,
org.springframework.security.authentication.UsernamePasswordAuthenticationToken"%>
<%@ page language="java" contentType="text/html; charset=utf-8"
pageEncoding="utf-8"%>
<%
AuthenticationManager authenticationManager=(AuthenticationManager)AppUtil.getBean("authenticationManager");
String account=request.getParameter("account"); UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(account, "");
authRequest.setDetails(new WebAuthenticationDetails(request));
SecurityContext securityContext = SecurityContextHolder.getContext();
Authentication auth = authenticationManager.authenticate(authRequest);
securityContext.setAuthentication(auth); SysUser user=ContextUtil.getCurrentUser(); out.print(user.getFullname());
%>
调用api验证用户,这里只输入了帐号,密码为空,但是数据库中的密码是使用sha256算法加密的密码,这个时候我们需要实现一个PasswordEncoder。
2.实现PasswordEncoder,这个encoder 始终返回为true,具体实现由用户自己实现。
package com.hotent.platform.service.system.impl;
import org.springframework.security.authentication.encoding.PasswordEncoder;
public class EmptyPasswordEncoder implements PasswordEncoder {
@Override
public String encodePassword(String rawPass, Object salt) {
System.out.println(rawPass);
return rawPass;
}
/**
* encPass:数据库密码
* rawPass:原密码
*/
@Override
public boolean isPasswordValid(String encPass, String rawPass, Object salt) {
return true;
}
}
3.配置app-security.xml.
<security:authentication-manager alias="authenticationManager" >
<security:authentication-provider user-service-ref="sysUserDao">
<security:password-encoder ref="passwordEncoder"/>
</security:authentication-provider>
</security:authentication-manager> <bean id="passwordEncoder" class="com.hotent.platform.service.system.impl.EmptyPasswordEncoder"></bean>
4.配置imitate.jsp匿名访问。
<property name="anonymousUrls">
<set>
<value>/mobileLogin.jsp</value>
<value>/mobileLogin.ht</value>
<value>/platform/mobile/lang/changLang.ht</value>
<value>/loginRedirect.ht</value>
<value>/login.jsp</value>
<value>/imitate.jsp</value>
<value>/login.ht</value>
<value>/bpmImage</value>
<value>/platform/bpm/processRun/processImage.ht</value>
<value>/platform/bpm/processRun/getFlowStatusByInstanceId.ht</value>
<value>/platform/bpm/processRun/taskUser.ht</value>
<value>/platform/bpm/taskOpinion/list.ht</value>
<!-- flex附件上传的 -->
<value>/platform/bpm/bpmDefinition/getXmlImport.ht</value>
<value>/mobile/system/mobileLogin.ht</value>
<value>/mobile/system/mobileLogout.ht</value>
</set>
</property>