解决SpringSide 3.2.2用户注册后自动登录问题
首先,客户端登录时密码在客户端通过MD5加密,在CustomAuthenticationProcessingFilter中验证时不需要加密。
用户登录页面:
<script src="${ctx}/js/jquery.js" type="text/javascript"></script>
<script src="${ctx}/js/jquery.sha1.js" type="text/javascript"></script>
<script src="${ctx}/js/validate/jquery.validate.js" type="text/javascript"></script>
<script src="${ctx}/js/validate/messages_cn.js" type="text/javascript"></script>
<script>
?function reloadCaptcha() {
??$("#captcha").attr("src", "${ctx}/servlet/captchaServlet?r=" + Math.random());
?}
?function encode() {
??$('#j_password').val($.sha1($('#j_password').val()));
??return true;
?}
?$(document).ready(function() {
??$("#j_username").focus();
?});
</script>
<div><label>密码:</label><input type='password' id='j_password' name='j_password' /></div>
用户注册页面,当用户注册结束后,我们使用一个跳转把用户名、密码和验证码等都自动提交,从而实现用户自动登录。
<script src="${ctx}/js/jquery.js" type="text/javascript"></script>
?<script src="${ctx}/js/jquery.form.js" type="text/javascript"></script>
?<script src="${ctx}/js/jquery.sha1.js" type="text/javascript"></script>
?<script src="${ctx}/js/validate/jquery.validate.js" type="text/javascript"></script>
?<script src="${ctx}/js/validate/messages_cn.js" type="text/javascript"></script>
?<script>
??function reloadCaptcha() {
???$("#captcha").attr("src", "${ctx}/servlet/captchaServlet?r=" + Math.random());
??}
??$(document).ready(function() {
???$("#loginName").focus();
???$("#registerForm").validate({
????rules: {
?????loginName: {
??????required: true,
??????remote: "account!checkLoginName.action?oldLoginName=" + encodeURIComponent('${loginName}')
?????},
?????name: "required",
?????password: {
??????required: true,
??????minlength: 6
?????},
?????passwordConfirm: {
??????equalTo:"#password"
?????},
?????email: "email",
?????j_captcha: {
??????required: true,
??????remote: "account!checkCaptcha.action"
?????},
?????agreed: "required"
????},
????messages: {
?????loginName: {
??????remote: "用户登录名已存在"
?????},
?????name: '姓名不能为空',
?????email: '邮箱格式错误',
?????passwordConfirm: {
??????equalTo: "输入与上面相同的密码"
?????},
?????j_captcha: '验证码错误'
????},
????submitHandler: function(form) {
?????$('#password').val($.sha1($('#password').val()));
?????$(form).ajaxSubmit({
??????success: function(msg) {
???????alert("用户注册成功!");
???????window.location = "${ctx}/j_spring_security_check?j_username=" + $('#loginName').val() + "&j_password=" + $('#password').val() + "&j_captcha=" + $('#j_captcha').val();
??????},
??????error: function(msg) {
???????alert("用户注册失败!");
??????}
?????});
?????return false;
????}
???});
??});
?</script>
其次,在application-Context.xml中,密码采用明文方式,即在springsecurity过滤时不需要再次加密密码
<s:authentication-provider user-service-ref="userDetailsService">
?????????????????? <s:password-encoder hash="plaintext" />
?????????????????? <!-- <s:password-encoder hash="sha" base64="false"/> -->
???????? </s:authentication-provider>