详解使用Spring3 实现用户登录以及权限认证

 <form action="loginAction.do" method="post">   <div class="header">   <h2 class="logo png"></h2>   </div>   <ul>         <li><label>用户名</label><input name="username" type="text" class="text"/></li>         <li/>         <li><label>密　码</label><input name="password" type="password" class="text" /></li>          <li/>         <li class="submits">           <input class="submit" type="submit" value="登录" />         </li>   </ul>   <div class="copyright">© 2013 - 2014 |</div> </form> 

    @RequestMapping(value="loginAction.do", method=RequestMethod.POST) public ModelAndView loginAction(@RequestParam(value="username") String username, @RequestParam(value="password") String password, HttpSession session, HttpServletResponse resp, @RequestParam(value="savetime", required=false) String savetime) {   session.removeAttribute(LogConstant.LOGIN_MESSAGE);   SystemUserDataBean user = userDao.getSystemUserByUserName(username);   ModelAndView view = null;   if(user == null) {     view = new ModelAndView(new RedirectView("login.html"));     session.setAttribute(LogConstant.LOGIN_MESSAGE, "用户名不正确");     return view;   }   boolean isPasswordCorrect = EncryptionUtil.compareSHA(password, user.getPassword());   if(isPasswordCorrect){     session.setAttribute(LogConstant.CURRENT_USER, username);        } else{     view = new ModelAndView(new RedirectView("login.html"));     session.setAttribute(LogConstant.LOGIN_MESSAGE, "密码不正确");   }        return view; } 

<script type="text/javascript"> var login_username_info = '<%=request.getSession().getAttribute("currentUser") == null ? "" : request.getSession().getAttribute("currentUser")%>'; var login_message_info = '<%=request.getSession().getAttribute("login_message") == null ? "" : request.getSession().getAttribute("login_message")%>'; if(login_message_info != null && login_message_info != ''){   alert(login_message_info); }  </script> 

<% if(session.getAttribute("currentUser")==null){ %> window.parent.location='login.html'; <% } %> 

<!-- 拦截器 -->    <mvc:interceptors>      <mvc:interceptor>        <mvc:mapping path="/*.do" />        <bean class="com..log.report.interceptor.AccessStatisticsIntceptor" />      </mvc:interceptor>    </mvc:interceptors>  

import org.springframework.web.servlet.HandlerInterceptor; import org.springframework.web.servlet.ModelAndView;   public class AccessStatisticsIntceptor implements HandlerInterceptor { @Override   public void afterCompletion(HttpServletRequest arg0,       HttpServletResponse arg1, Object arg2, Exception arg3)       throws Exception {     // TODO Auto-generated method stub    }    @Override   public void postHandle(HttpServletRequest arg0, HttpServletResponse arg1,       Object arg2, ModelAndView arg3) throws Exception {     // TODO Auto-generated method stub    }    @Override   public boolean preHandle(HttpServletRequest request, HttpServletResponse response,       Object obj) throws Exception {            String uri = request.getRequestURI().substring(request.getRequestURI().lastIndexOf("/") +1);     if(!AuthorityController.isAuthorized(uri, request.getSession())) {       //校验失败       return false; //     throw new CustomException(LogConstant.USER_NOT_LOGIN);     }       return true;  } 

    var page = ""; var loc = decodeURIComponent(window.parent.location); var start = loc.indexOf("Log/") + 8; var end = loc.indexOf(".html"); page = loc.substr(start, end-start); if(page != null && page != '') {   alert(page);   $.ajax({     type : "get",     url : "setPreviousPageAction.do?previousPage=" + page + ".html",     success : function(msg){        }   }); } 

@RequestMapping(value="setPreviousPageAction.do") public void setPreviousPageAction(@RequestParam(value="previousPage") String previousPage, HttpSession session){   session.setAttribute(LogConstant.PREVIOUS_PAGE, previousPage); } 

<select class="save_login" id="savetime" name="savetime">   <option selected value="0">不保存</option>   <option value="1">保存一天</option>   <option value="2">保存一月</option>   <option value="3">保存一年</option> </select> 

if(savetime != null) { //保存用户在Cookie   int savetime_value = savetime != null ? Integer.valueOf(savetime) : 0;   int time = 0;   if(savetime_value == 1) { //记住一天     time = 60 * 60 * 24;   } else if(savetime_value == 2) { //记住一月     time = 60 * 60 * 24 * 30;   } else if(savetime_value == 2) { //记住一年     time = 60 * 60 * 24 * 365;   }   Cookie cid = new Cookie(LogConstant.LOG_USERNAME, username);   cid.setMaxAge(time);   Cookie cpwd = new Cookie(LogConstant.LOG_PASSWORD, password);   cpwd.setMaxAge(time);   resp.addCookie(cid);   resp.addCookie(cpwd); }  

if(session.getAttribute("currentUser")==null){   Cookie[] cookies = request.getCookies();   String username = null;   String password = null;   for(Cookie cookie : cookies) {     if(cookie.getName().equals("log_username")) {       username = cookie.getValue();     } else if(cookie.getName().equals("log_password")) {       password = cookie.getValue();     }   }   if(username != null && password != null) {     %>     $.ajax({       type : "post",       url : "loginByCookieAction.do",       data:"username=" + "<%=username%>"+ "&password=" + "<%=password%>",       success : function(msg){           if(msg.status == 'success')           window.parent.location.reload();         else if(msg.status == 'failed')           gotoLoginPage();       }     });     <%   } else {     %>     gotoLoginPage();     <%   }      ...