我需要在春天有一個自定義認證,它應該是一個簡單的類,它接受用戶提供的用戶名和密碼,並將其與某些值進行比較,並基於該值進行身份驗證。春季我需要一個簡單的自定義認證
我們使用GWT系統製作的系統,我們的登錄表單在成功時在新窗口中打開另一頁。
這是我迄今爲止嘗試: 文件:應用程序上下文安全性:
...
<http auto-config="true">
<intercept-url pattern='/*Login.html' access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<intercept-url pattern='/**/*MainScreen.html' access="ROLE_ADMIN"/>
<form-login login-page="/Login.html"/><!-- This is the default login page -->
</http>
<authentication-provider>
<user-service>
<user name="test1" password="abc" authorities="ROLE_ADMIN" />
<user name="test2" password="test" authorities="ROLE_ADMIN" />
</user-service>
</authentication-provider>
...
定製登錄代碼(在單擊OK按鈕):
RequestBuilder requestBuilder = new RequestBuilder(RequestBuilder.POST,"j_spring_security_check");
requestBuilder.setHeader("Content-Type", "application/x-www-form-urlencoded");
//-- sending the username and the password in designated fields.
//Hard coding values for testing reasons:
requestBuilder.setRequestData("j_username=test1" +
"&j_password=abc");
requestBuilder.setCallback(new RequestCallback() {
public void onError(Request request, Throwable exception)
{
Window.alert("ERROR !!!"+exception.getMessage());
}
public void onResponseReceived(Request request, Response response)
{
if (response.getStatusCode() != Response.SC_UNAUTHORIZED && response.getStatusCode() != Response.SC_OK)
{
onError(request, new RequestException(response.getStatusText() + ":\n" + response.getText()));
return;
}
if (response.getStatusCode() == Response.SC_UNAUTHORIZED)
{
//This code is never encountered !! :((
Window.alert("You have entered an incorrect username or password. Please try again.");
}
else
{
String height = 800+"";
String width = 600+"";
Window.alert("Authorisation succeeded, you may enter....");
Window.open("MainScreen.html", "Main screen!!", "height=" + height + ",width=" + width
+ ",scrollbars=yes,resizable=yes,titlebar=no,toolbar=no,status=yes,close=no,left=0,top=0");
}
}
});
requestBuilder.send();
問題:
- 不正確的登錄:它顯示成功並打開包含登錄屏幕的彈出窗口! (顯然,登錄沒有成功,但登錄屏幕無法檢測到)
- 我不想在認證提供程序中硬編碼值,有沒有另一種方法來提供我自己的類?我嘗試了幾個教程但徒勞無功,他們似乎都指向我允許spring通過數據庫或其他類型的文件來完成比較工作,我不能自己做這件事嗎?
客戶端登錄代碼基於:http://raibledesigns.com/rd/entry/integrating_gwt_with_spring_security –
除了用戶名和密碼之外,我還需要傳遞更多的數據,這是否可能呢? –