除了自定义登陆页面外,我们经常会需要处理ajax登陆
(自定义登陆参考: http://blog.csdn.net/buyaore_wo/article/details/50056353 )
1.修改LoginPage
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.antMatchers(PermitAllPages).permitAll()
.anyRequest().hasRole("USER")
.and()
.exceptionHandling()
.accessDeniedPage("/access/denied")
.and()
// TODO: put CSRF protection back into this endpoint
.csrf()
.disable()
.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/login.jsp")
.and()
.formLogin()
.loginPage("/loginPage")//登陆页面
.loginProcessingUrl("/login")//登陆处理路径
.usernameParameter("username")//登陆用户名参数
.passwordParameter("password")//登陆密码参数
.defaultSuccessUrl("/login/success")//登陆成功路径
.failureUrl("/login/failure");//登陆失败路径
// @formatter:on
}
2. ajax登陆处理
@RequestMapping("loginPage")
public String loginPage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
if (HttpUtils.isAjaxRequest(httpServletRequest)) {
return "forward:/loginPageAjax";
} else {
return "forward:/login.html";
}
}
@RequestMapping("loginPageAjax")
public @ResponseBody HttpJsonResponse loginPageAjax() {
return new HttpJsonResponse("-1", "need to login");
}