日期:2014-05-20 浏览次数:21226 次
简单的权限控制,密码使用sha加密
?
?
?
?
?
web.xml
?
?
<?xml version="1.0" encoding="UTF-8"?> <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"> <welcome-file-list> <welcome-file>index.jsp</welcome-file> </welcome-file-list> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> <!-- default: /WEB-INF/applicationContext.xml --> </listener> <!-- --> <!-- spring security --> <context-param> <param-name>contextConfigLocation</param-name> <param-value> classpath*:applicationContext*.xml </param-value> </context-param> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class> org.springframework.web.filter.DelegatingFilterProxy </filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <listener> <listener-class> org.springframework.web.context.ContextLoaderListener </listener-class> </listener> <filter> <filter-name>encodingFilter</filter-name> <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class> <init-param> <param-name>encoding</param-name> <param-value>utf8</param-value> </init-param> </filter> <filter-mapping> <filter-name>encodingFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- <filter> <filter-name>openSessionInView</filter-name> <filter-class>org.springframework.orm.hibernate3.support.OpenSessionInViewFilter</filter-class> </filter> <filter-mapping> <filter-name>openSessionInView</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> --> <filter> <filter-name>struts2</filter-name> <filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class> </filter> <filter-mapping> <filter-name>struts2</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> </web-app>
?
applicationContext.xml
?
?
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p" xmlns:context="http://www.springframework.org/schema/context" xmlns:jee="http://www.springframework.org/schema/jee" xmlns:tx="http://www.springframework.org/schema/tx" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-2.5.xsd http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee-2.5.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.5.xsd"> <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" /> <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"> <property name="locations"> <value>classpath:jdbc.properties</value> </property> </bean> <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource"> <property name="driverClassName" value="${jdbc.driverClassName}" /> <property name="url" value="${jdbc.url}" /> <property name="username" value="${jdbc.username}" /> <property name="password" value="${jdbc.password}" /> </bean> <!-- 配置事务管理器,注意这里的dataSource和SqlSessionFactoryBean的dataSource要一致,不然事务就没有作用了 --> <bean id="transactionManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager"> <property name="dataSource" ref="dataSource" /> </bean> <tx:annotation-driven transaction-manager="transactionManager" /> <!-- myBatis文件 --> <bean id="sqlSessionFactory" class="org.mybatis.spring.SqlSessionFactoryBean"> <property name="configLocation" value="classpath:mybatis.xml" /> <property name="mapperLocations" value="classpath*:com/glen/model/*.xml" /> <property name="dataSource" ref="dataSource" /> </bean> <!-- <bean id="accountDao" class="com.glen.dao.AccountDao"> <property name="sessionFactory" ref="sqlSessionFactory" /> </bean> <bean id="accountService" class="com.glen.service.AccountService"> <property name="accountDao" ref="accountDao" /> </bean> --> <context:annotation-config /> <context:component-scan base-package="com.glen" /> </beans>
?
?
applicationContext-security.xml
?
?
?
?
<?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"> <!-- auto-config = true 则使用from-login. 如果不使用该属性 则默认为http-basic(没有session). access-denied-page:出错后跳转到的错误页面; --> <http auto-config="true" access-denied-page="/common/403.jsp"> <!-- intercept-url:拦截器,可以设定哪些路径需要哪些权限来访问. filters=none 不使用过滤,也可以理解为忽略 --> <intercept-url pattern="/index.jsp" access="ROLE_USER,ROLE_ADMIN" /> <intercept-url pattern="/login.jsp" filters="none" /> <intercept-url pattern="/common/**" filters="none" /> <intercept-url pattern="/script/**" filters="none" /> <intercept-url pattern="/admin.jsp" access="ROLE_ADMIN" /> <intercept-url pattern="/user.jsp" access="ROLE_USER" /> <!-- session-management是针对session的管理. 这里可以不配置. 如有需求可以配置. --> <!-- id登陆唯一. 后登陆的账号会挤掉第一次登陆的账号 error-if-maximum-exceeded="true" 禁止2次登陆; session-fixation-protection="none" 防止伪造sessionid攻击. 用户登录成功后会销毁用户当前的session. 创建新的session,并把用户信息复制到新session中. --> <session-management session-fixation-protection="none"> <concurrency-control /> </session-management> <!-- login-page:默认指定的登录页面. authentication-failure-url:出错后跳转页面. default-target-url:成功登陆后跳转页面 --> <form-login login-page="/login.jsp" authentication-failure-url="/login.jsp" default-target-url="/index.jsp" /> <!-- logout-success-url:成功注销后跳转到的页面; --> <logout logout-success-url="/login.jsp" /> <http-basic /> </http> <!-- 权限管理操作 --> <authentication-manager> <authentication-provider> <!-- 使用固定的用户名和密码及权限来做验证. --> <!-- <user-service> <user name="admin" password="admin" authorities="ROLE_USER, ROLE_ADMIN" /> <user name="user" password="user" authorities="ROLE_USER" /> </user-service> --> <jdbc-user-service data-source-ref="dataSource" users-by-username-query="select username,password,enabled from account where username=?" authorities-by-username-query="select username,authority from authorities where username=?" /> <password-encoder hash="sha"/> </authentication-provider> </authentication-manager> <!-- <beans:bean id="userDetailsServiceImpl" class="com.demo.test.service.impl.UserDetailsServiceImpl" /> --> </beans:beans>
?
?
mybatis.xml?
?
?
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE configuration PUBLIC "-//mybatis.org//DTD Config 3.0//EN" "http://mybatis.org/dtd/mybatis-3-config.dtd"> <configuration> </configuration>
?
struts.xml
?
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE struts PUBLIC "-//Apache Software Foundation//DTD Struts Configuration 2.0//EN" "http://struts.apache.org/dtds/struts-2.0.dtd"> <struts> <constant name="struts.i18n.encoding" value="UTF-8" /> <package name="User" extends="json-default"> <action name="user" class="com.glen.action.AccountAction"> <result type="json" /> </action> </package> </struts>
?
account-mapper.xml
?
?
?
?
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd"> <mapper namespace="account"> <!-- <select id="getList" parameterType="com.glen.model.Account" resultType="list" resultMap="accountMap.accountResultMap"> select * from account where username like '%' #{username} '%' </select> --> <select id="getAllAccount" resultType="list" resultMap="accountMap.accountResultMap"> select * from account </select> <!-- accountResultMap是account-resultmap.xml中定义的resultmap --> <select id="get" parameterType="com.glen.model.Account" resultType="com.glen.model.Account" resultMap="accountMap.accountResultMap"> <![CDATA[ select * from account where id = #{id} ]]> </select> <!-- 自动生成id策略 --> <insert id="add" useGeneratedKeys="true" keyProperty="id" parameterType="com.glen.model.Account"> insert into account(id, username, password) values(#{id,jdbcType=BIGINT}, #{username}, sha(#{password})) <!--将最后插入的逐渐返回到java对象--> <selectKey resultType="int" keyProperty="id"> SELECT LAST_INSERT_ID() </selectKey> </insert> <update id="edit" parameterType="com.glen.model.Account"> update account set username = #{username}, password = #{password} where id = #{id} </update> <delete id="remove" parameterType="com.glen.model.Account"> delete from account where id = #{id} </delete> </mapper>
?
account-resultMap.xml
?
?
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd"> <mapper namespace="accountMap"> <resultMap type="com.glen.model.Account" id="accountResultMap"> <id property="id" column="id"/> <result property="username" column="username"/> <result property="password" column="password"/> <result property="enabled" column="enabled"/> </resultMap> </mapper>
?Account.java
?
package com.glen.model; import java.io.Serializable; public class Account implements Serializable { private static final long serialVersionUID = -7970848646314840509L; private Integer id; private String username; private String password; private int enabled; public Account() { super(); } public Integer getId() { return id; } public void setId(Integer id) { this.id = id; } public String getUsername() { return username; } public void setUsername(String username) { this.username = username; } public String getPassword() { return password; } public void setPassword(String password) { this.password = password; } public int getEnabled() { return enabled; } public void setEnabled(int enabled) { this.enabled = enabled; } }
?AccountDao.java
?
package com.glen.dao; import java.util.List; import javax.annotation.Resource; import org.apache.ibatis.session.SqlSession; import org.apache.ibatis.session.SqlSessionFactory; import org.springframework.stereotype.Repository; import com.glen.model.Account; @Repository public class AccountDao { @Resource private SqlSessionFactory sessionFactory; public SqlSessionFactory getSessionFactory() { return sessionFactory; } public void setSessionFactory(SqlSessionFactory sessionFactory) { this.sessionFactory = sessionFactory; } public int insert(Account account) { SqlSession session = sessionFactory.openSession(); return session.insert("account.add", account); } public void remove(Account account) { SqlSession session = sessionFactory.openSession(); session.delete("account.remove", account); } public Account getAccountById(Account account) { SqlSession session = sessionFactory.openSession(); Account accountFromDb = (Account) session.selectOne("account.get", account); return accountFromDb; } @SuppressWarnings("unchecked") public List<Account> getAllAccount(){ SqlSession session = sessionFactory.openSession(); List<Account> accountFromDb = (List<Account>) session.selectList("account.getAllAccount"); return accountFromDb; } }
?
AccountService.java
?
package com.glen.service; import java.util.List; import javax.annotation.Resource; import org.springframework.stereotype.Repository; import com.glen.dao.AccountDao; import com.glen.model.Account; @Repository public class AccountService { @Resource private AccountDao accountDao; public int insertAccount(Account account) { return accountDao.insert(account); } public int remove(String removeNumbers) { String arrs[] = removeNumbers.split("\\|"); for (String string : arrs) { System.out.println(string); Account account = new Account(); account.setId(Integer.parseInt(string)); accountDao.remove(account); } return arrs.length; } public Account getAccountById(Account account) { return accountDao.getAccountById(account); } public List<Account> getAllAccount() { return accountDao.getAllAccount(); } public AccountDao getAccountDao() { return accountDao; } public void setAccountDao(AccountDao accountDao) { this.accountDao = accountDao; } }
?
AccountAction.java
?
package com.glen.action; import java.io.IOException; import java.util.List; import javax.annotation.Resource; import javax.servlet.http.HttpServletResponse; import net.sf.json.JSONObject; import org.apache.struts2.ServletActionContext; import org.springframework.stereotype.Component; import com.glen.model.Account; import com.glen.service.AccountService; import com.opensymphony.xwork2.ActionSupport; @SuppressWarnings("serial") @Component public class AccountAction extends ActionSupport{ @Resource private AccountService accountService; private List<Account> list; private HttpServletResponse response ; private String removeNumbers; private Account account; private String level; @Override public String execute() throws Exception { // TODO Auto-generated method stub response = ServletActionContext.getResponse(); list = accountService.getAllAccount(); String jsonStr=""; for (Account account2 : list) { JSONObject jo = JSONObject.fromObject(account2); jsonStr+=","+ jo.toString(); } jsonStr = jsonStr.substring(1,jsonStr.length()); try { // 返回成功标识 response.getWriter().println(jsonStr); response.getWriter().flush(); System.out.println("haha"); } catch (IOException e) { e.printStackTrace(); } finally { try { response.getWriter().close(); } catch (IOException e) { e.printStackTrace(); } } return null; } public String addUser() throws Exception{ response = ServletActionContext.getResponse(); account.setEnabled(1); accountService.insertAccount(account); try { // 返回成功标识 response.getWriter().println("{success:true,userID:"+account.getId()+"}"); response.getWriter().flush(); System.out.println("haha"); } catch (IOException e) { e.printStackTrace(); } finally { try { response.getWriter().close(); } catch (IOException e) { e.printStackTrace(); } } return null; } public String removes(){ System.out.println(removeNumbers); response = ServletActionContext.getResponse(); int count = accountService.remove(removeNumbers); try { // 返回成功标识 response.getWriter().println(count); response.getWriter().flush(); System.out.println("haha"); } catch (IOException e) { e.printStackTrace(); } finally { try { response.getWriter().close(); } catch (IOException e) { e.printStackTrace(); } } return null; } public HttpServletResponse getResponse() { return response; } public void setResponse(HttpServletResponse response) { this.response = response; } public AccountService getAccountService() { return accountService; } public void setAccountService(AccountService accountService) { this.accountService = accountService; } public List<Account> getList() { return list; } public void setList(List<Account> list) { this.list = list; } public Account getAccount() { return account; } public void setAccount(Account account) { this.account = account; } public String getRemoveNumbers() { return removeNumbers; } public void setRemoveNumbers(String removeNumbers) { this.removeNumbers = removeNumbers; } public String getLevel() { return level; } public void setLevel(String level) { this.level = level; } }
?login.js
?
/** * @author joo */ Ext.require( [ 'Ext.form.*', 'Ext.window.*' ]) Ext.onReady(function() { var form = Ext.create('Ext.form.Panel', { border : false, url : 'j_spring_security_check', method : 'post', fieldDefaults : { labelWidth : 50 }, bodyPadding : '30 60 10 60', items : [ { id:'loginUsername', xtype : 'textfield', fieldLabel : '用户名', name : 'j_username', anchor : '100%', shadow : true }, { xtype : 'textfield', id:'loginPassword', fieldLabel : '密码', name : 'j_password', anchor : '100%', padding : '20 0 0 0' } ] }) var win = Ext.create('Ext.window.Window', { title : 'Resize Me', width : 400, height : 200, layout : 'fit', x:500, y:200, plain : true, items : form, buttons : [ { text : '登陸', handler : function() { var username = Ext.getCmp('loginUsername').value; var password = Ext.getCmp('loginPassword').value; $('#bestLoginUsername').val(username); $('#bestLoginPassword').val(password); $('#submitForm').submit(); } }, { text : '取消' } ] }); win.show(); });
?login.jsp
?
?
<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%> <% String path = request.getContextPath(); String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/"; %> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <base href="<%=basePath%>"> <title>My JSP 'Login' starting page</title> <meta http-equiv="pragma" content="no-cache"> <meta http-equiv="cache-control" content="no-cache"> <meta http-equiv="expires" content="0"> <meta http-equiv="keywords" content="keyword1,keyword2,keyword3"> <meta http-equiv="description" content="This is my page"> <!-- <link rel="stylesheet" type="text/css" href="styles.css"> --> <link rel="stylesheet" type="text/css" href="ext-4.0/resources/css/ext-all.css" /> <link rel="stylesheet" type="text/css" href="ext-4.0/examples/shared/example.css" /> <script type="text/javascript" src="ext-4.0/bootstrap.js"></script> <script type="text/javascript" src="jquery-1.4.1.js"></script> <script type="text/javascript" src="login.js" charset="utf-8"></script> </head> <body> <div align="center" style="padding-top: 200px;padding-left:100px"> <form id="submitForm" action="<%=path %>/j_spring_security_check" method="post"> USERNAME:<input type="text" name="j_username" id="bestLoginUsername" value="" /><br/> PASSWORD:<input type="password" name="j_password" id="bestLoginPassword" value="" /><br/> </form> </div> </body> </html>?
?
user.js
?
/** * @author joo */ Ext.require([ 'Ext.dd.*', 'Ext.data.*', 'Ext.grid.*', 'Ext.ModelManager.*' ]) Ext.define('DataObject',{ extend:'Ext.data.Model', fields:['id','username','password'] }); function strToJson(str){ var json = eval('(' + str + ')'); return json; } var auth ; function getGrid(firstGridStore){ var Levelstates = Ext.create('Ext.data.Store', { fields: ['level', 'value'], data: [{ "level": "ROLE_USER", "value": "ROLE_USER" }, { "level": "ROLE_ADMIN", "value": "ROLE_ADMIN" } // ... ] }); var columns = [ {text:'用户名',flex:1,sortable:true,dataIndex:'username'}, {text:'密码',winth:70,sortable:true,dataIndex:'password'} ] firstGrid = Ext.create('Ext.grid.Panel',{ multiSelect:true, viewConfig:{ plugins:{ ptype:'gridviewdragdrop', dragGroup:'firstGridDDGroup', dropGroup:'secondGridDDGroup' }, listeners: { drop: function(node, data, dropRec, dropPosition) { var dropOn = dropRec ? ' ' + dropPosition + ' ' + dropRec.get('name') : ' on empty view'; Ext.example.msg("Drag from right to left", 'Dropped ' + data.records[0].get('name') + dropOn); } } }, store:firstGridStore, columns:columns, title:'用户列表', stripeRows:true, margins:'0 4 0 0' }) var secondGridStore = Ext.create('Ext.data.Store',{ model:DataObject }) secondGrid = Ext.create('Ext.grid.Panel',{ viewConfig:{ plugins:{ ptype:'gridviewdragdrop', dragGroup:'secondGridDDGroup', dropGroup:'firstGridDDGroup' }, listeners: { drop: function(node, data, dropRec, dropPosition) { var dropOn = dropRec ? ' ' + dropPosition + ' ' + dropRec.get('name') : ' on empty view'; Ext.example.msg("Drag from left to right", 'Dropped ' + data.records[0].get('name') + dropOn); } } }, store:secondGridStore, stripeRows:true, columns:columns, title:'删除列表' }) var displayPanel = Ext.create('Ext.Panel',{ width:650, height:300, layout:{ type:'hbox', align:'stretch', padding:5 }, defaults:{flex:1}, items:[firstGrid,secondGrid], renderTo:'panel', dockedItems:{ xtype:'toolbar', dock:'bottom', items:[{ text:'添加', handler:function(){ if(auth=='[ROLE_ADMIN]') win.show(); if(auth=='[ROLE_USER]') Ext.Msg.alert('用户','您没有权限') } },'->',{ text:'删除', handler:function(){ if(auth=='[ROLE_USER]'){ Ext.Msg.alert('用户','您没有权限') return; } var store = (secondGrid.getStore()); if(store.getCount()<=0){ Ext.Msg.alert('消息', '请拖动数据到删除列表..'); return } var val = ""; for(var i=0;i<store.getCount();i++){ val += "|"+(store.getAt(i).get('id')) } val=val.substring(1, val.length); Ext.Ajax.request({ url: 'user!removes.action', success:function(response,opts){ Ext.Msg.alert('消息', '删除成功:共删除了'+response.responseText+'条内容'); secondGridStore.removeAll() }, failure:function(response,opts){ Ext.Msg.alert('消息', '删除失败'); }, params:{removeNumbers:val} }); //; } }] } }) var addUserForm = Ext.create('Ext.form.Panel',{ border:false, fieldDefaults:{ labelWidth:50 }, bodyPadding:'30 60 10 60', items:[{ xtype:'textfield', fieldLabel:'姓名', name:'account.username', anchor:'100%', shadow :true, id:'username', },{ xtype:'textfield', fieldLabel:'密碼', name:'account.password', anchor:'100%' , padding:'20 0 0 0', id:'password' } ] }) var win = Ext.create('Ext.window.Window', { title: 'Resize Me', width: 400, height:300, layout: 'fit', plain: true, items:addUserForm, buttons: [{ text: '添加', handler:function(){ var store = firstGrid.getStore(); //var loginForm = Ext.getCmp('login-form').form; addUserForm.form.doAction('submit', { url:'user!addUser.action', method:'POST', waitMsg:'正在添加...', timeout:10000,//10秒超时, //params:loginForm.getValues(), success:function(form, action){ //alert(action.result.userID); var user = Ext.ModelManager.create({ username : Ext.getCmp('username').value, password : Ext.getCmp('password').value, id : action.result.userID, }, 'DataObject'); store.insert(store.getCount(),user); }, failure:function(form, action){ alert('添加失败'); } }); win.hide(); } },{ text: '取消', handler:function(){ win.hide() } }] }); } Ext.onReady(function(){ //您的权限为 auth = $('#authHidden').val(); if(auth=='[ROLE_ADMIN]') Ext.Msg.alert('管理员','您的权限为管理员') if(auth=='[ROLE_USER]') Ext.Msg.alert('用户','您的权限为普通用户') Ext.Ajax.request({ url: 'user.action', success:function(response,opts){ var data = ('['+response.responseText+']'); var onepiece=strToJson(data); var firstGridStore = Ext.create('Ext.data.JsonStore',{ model:DataObject, data:onepiece }) getGrid(firstGridStore) }, failure:function(response,opts){ Ext.Msg.alert('消息', '错误'); }, params:{page:1} }); });
?index.jsp
?
<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %> <%@ page language="java" import="java.util.*" pageEncoding="utf-8"%> <%@ taglib prefix="s" uri="/struts-tags" %> <% String path = request.getContextPath(); String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/"; %> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <base href="<%=basePath%>"> <title>My JSP 'index.jsp' starting page</title> <meta http-equiv="pragma" content="no-cache"> <meta http-equiv="cache-control" content="no-cache"> <meta http-equiv="expires" content="0"> <meta http-equiv="keywords" content="keyword1,keyword2,keyword3"> <meta http-equiv="description" content="This is my page"> <!-- <link rel="stylesheet" type="text/css" href="styles.css"> --> </head> <link rel="stylesheet" type="text/css" href="ext-4.0/resources/css/ext-all.css" /> <link rel="stylesheet" type="text/css" href="ext-4.0/examples/shared/example.css" /> <script type="text/javascript" src="ext-4.0/bootstrap.js"></script> <script type="text/javascript" src="ext-4.0/examples/shared/examples.js"></script> <script type="text/javascript" src="user.js" charset="utf-8"></script> <script type="text/javascript" src="jquery-1.4.1.js"></script> <SCRIPT type="text/javascript"> </SCRIPT> <body> <INPUT type="hidden" id="authHidden" value ="<sec:authentication property="principal.authorities"/>"/> <div align="center" style="padding-top:120px;" id="panel"></div> </body> </html>