spring security的ajax提交和json返回数据

最新推荐文章于 2024-05-15 22:38:53 发布
最新推荐文章于 2024-05-15 22:38:53 发布
阅读量5.1k 收藏 3
点赞数
文章标签: spring security json
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/want_water_fish/article/details/70842298
版权

版本一
ajax提交思想:用filter来实现,请求的匹配
json返回数据

public class LoginAuthenticationSuccesssHandler implements AuthenticationSuccessHandler {
    static final Logger logger = LogManager.getLogger(LoginAuthenticationSuccesssHandler.class.getName());
    private String defaultUrl;

    public void setDefaultUrl(String defaultUrl) {
        this.defaultUrl = defaultUrl;
    }

    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
            Authentication authentication) throws IOException, ServletException {
        response.setContentType("application/json; charset=UTF-8");
        ReturnEntity<String> returnEntity = new ReturnEntity<>();
        ObjectMapper mapper = new ObjectMapper();
        mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
        mapper.writeValue(response.getWriter(), returnEntity);
    }

}

以后抽空完善具体代码,现在就说下核心思路

版本二

先直接上代码:
spring-security.xml的配置文件

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.2.xsd
                    http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd">

    <http pattern="/login/**" security="none"></http>
    <http auto-config="false" use-expressions="true" entry-point-ref="http403EntryPoint">
        <csrf disabled="true" />

        <!-- 退出 -->
        <logout invalidate-session="true" logout-url="/logout.do" logout-success-url="/index.html" delete-cookies="true" />

        <!-- session管理 -->
        <session-management invalid-session-url="/login/timedout.do" session-fixation-protection="none"
            session-authentication-error-url="/login/timedout.do">
            <concurrency-control error-if-maximum-exceeded="true" expired-url="/login/timedout.do"
                max-sessions="1" />
        </session-management>
        <!-- 拦截器 -->
        <custom-filter ref="CustomUsernamePasswordAuthenticationFilter" position="FORM_LOGIN_FILTER " />
        <access-denied-handler error-page="/accessDenied.htm" />
    </http>

    <!-- 权限管理器 -->
    <authentication-manager alias="authenticationManager">
        <authentication-provider user-service-ref="userServiceDetail">
            <password-encoder ref="standardPasswordEncoder" />
        </authentication-provider>
    </authentication-manager>

    <beans:bean id="CustomUsernamePasswordAuthenticationFilter" class="u.frame.web.trade.security.ne.MyUsernamePasswordAuthenticationFilter">
        <beans:property name="authenticationManager" ref="authenticationManager" />
        <beans:property name="authenticationSuccessHandler" ref="customSuccessHandler" />
        <beans:property name="authenticationFailureHandler" ref="failureHandler" />
        <beans:property name="filterProcessesUrl" value="/j_spring_security_check.do" />
<!--        <beans:property name="usernameParameter" value="jsonUsername" /> -->
<!--        <beans:property name="passwordParameter" value="j_password" /> -->
    </beans:bean>

    <!-- 登录成功的处理 -->
    <beans:bean id="customSuccessHandler" class="u.frame.web.trade.security.ne.MySimpleUrlAuthenticationSuccessHandler">
        <beans:property name="defaultTargetUrl" value="/login.htm" />
        <beans:property name="targetUrlParameter" value="/LoginSuccessful.htm" />
    </beans:bean>

    <!-- 登录失败的处理 -->
    <beans:bean id="failureHandler" class="u.frame.web.trade.security.ne.MySimpleUrlAuthenticationFailureHandler">
        <beans:property name="defaultFailureUrl" value="/login.htm" />
    </beans:bean>

    <!-- 403的处理 -->
    <beans:bean id="http403EntryPoint" class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint" />

    <!-- 获得用户信息 -->
    <beans:bean id="userServiceDetail" class="u.frame.web.trade.security.old.MyUserDetailServiceImpl" />

    <!-- 密码加密工具 -->
    <beans:bean id="standardPasswordEncoder" class="org.springframework.security.crypto.password.StandardPasswordEncoder">
        <beans:constructor-arg value="q1w2e3r4t5y6u7i8o9" />
    </beans:bean>
</beans:beans>

MyUsernamePasswordAuthenticationFilter.java

package u.frame.web.trade.security.ne;

import java.io.BufferedReader;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

import com.fasterxml.jackson.databind.ObjectMapper;

import u.frame.web.trade.model.Login;

public class MyUsernamePasswordAuthenticationFilter extends UsernamePasswordAuthenticationFilter {
    private String jsonUsername;
    private String jsonPassword;

    @Override
    protected String obtainPassword(HttpServletRequest request) {
        String password = null;

        if (checkJson(request)) {
            password = this.jsonPassword;
        } else {
            password = super.obtainPassword(request);
        }

        return password;
    }

    @Override
    protected String obtainUsername(HttpServletRequest request) {
        String username = null;

        if (checkJson(request)) {
            username = this.jsonUsername;
        } else {
            username = super.obtainUsername(request);
        }

        return username;
    }

    @Override
    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) {
        if (checkJson(request)) {
            try {
                /*
                 * HttpServletRequest can be read only once
                 */
                StringBuffer sb = new StringBuffer();
                String line = null;

                BufferedReader reader = request.getReader();
                while ((line = reader.readLine()) != null) {
                    sb.append(line);
                }

                // json transformation
                ObjectMapper mapper = new ObjectMapper();
                Login login = mapper.readValue(sb.toString(), Login.class);

                this.jsonUsername = login.getUserName();
                this.jsonPassword = login.getPassWord();
                return new UsernamePasswordAuthenticationToken(jsonUsername, jsonPassword);
            } catch (Exception e) {
                e.printStackTrace();
            }
        }

        return super.attemptAuthentication(request, response);
    }

    public boolean checkJson(HttpServletRequest request) {
        if ("application/json".equals(request.getHeader("Content-Type"))) {
            return true;
        }
        return false;

    }
}

MySimpleUrlAuthenticationSuccessHandler.java

package u.frame.web.trade.security.ne;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;

public class MySimpleUrlAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication auth)
            throws IOException, ServletException {

        if ("application/json".equals(request.getHeader("Content-Type"))) {
            /*
             * USED if you want to AVOID redirect to LoginSuccessful.htm in JSON authentication
             */
            response.getWriter().print("{\"responseCode\":\"SUCCESS\"}");
            response.getWriter().flush();
        } else {
            super.onAuthenticationSuccess(request, response, auth);
        }
    }
}

MySimpleUrlAuthenticationFailureHandler.java

package u.frame.web.trade.security.ne;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;

public class MySimpleUrlAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {

    @Override
    public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception)
            throws IOException, ServletException {
        if ("application/json".equals(request.getHeader("Content-Type"))) {
            /*
             * USED if you want to AVOID redirect to LoginSuccessful.htm in JSON authentication
             */
            response.getWriter().print("{\"responseCode\":\"Failure\"}");
            response.getWriter().flush();
        } else {
            // TODO Auto-generated method stub
            super.onAuthenticationFailure(request, response, exception);
        }

    }

}

MyUserDetailServiceImpl.java

package u.frame.web.trade.security.old;

import java.util.HashSet;
import java.util.Set;

import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.password.StandardPasswordEncoder;

import u.frame.web.trade.model.Login;

public class MyUserDetailServiceImpl implements UserDetailsService {
    static final Logger logger = LogManager.getLogger(MyUserDetailServiceImpl.class.getName());
    @Autowired
    private StandardPasswordEncoder standardPasswordEncoder;

    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        if (StringUtils.isEmpty(username)) {
            throw new UsernameNotFoundException("用户名不可为空!");
        }
        //测试用的
        if (!"123".equals(username)) {
            throw new UsernameNotFoundException("error");
        }
        Login login = new Login();
        login.setUserName(username);
        login.setPassWord(standardPasswordEncoder.encode("123"));
        logger.info(username);

        boolean enabled = true;
        boolean accountNonExpired = true; 
        boolean credentialsNonExpired = true; 
        boolean accountNonLocked = true;

        Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
        return new org.springframework.security.core.userdetails.User(//
                login.getUserName(), //
                // user.getUserPassword()+"{"+user.getUserName()+"}",
                login.getPassWord(), //
                enabled, //
                accountNonExpired, //
                credentialsNonExpired, //
                accountNonLocked, //
                authorities//
        );
    }
}

思路来源于http://stackoverflow.com/questions/19500332/spring-security-and-json-authentication

整体思想,就是filter过滤拦截。

版本三
不多说,直接上代码
applicationContext-security.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.2.xsd
                    http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd">
    <!-- 不需要拦截 -->
    <http pattern="/login/**" security="none"></http>
    <http auto-config="false" use-expressions="true" entry-point-ref="http403EntryPoint">
        <csrf disabled="true" />
        <headers>
            <frame-options policy="SAMEORIGIN" />
            <cache-control disabled="true" />
            <content-type-options disabled="true" />
        </headers>
        <logout invalidate-session="true" logout-url="/login/logout.do" logout-success-url="/login/success.do" delete-cookies="true" />
        <session-management invalid-session-url="/login/timedout.do" session-fixation-protection="none"
            session-authentication-error-url="/login/timedout.do">
            <concurrency-control error-if-maximum-exceeded="false" expired-url="/login/timedout.do" max-sessions="1" />
        </session-management>
        <!-- filter_security_interceptor -->
        <custom-filter ref="mySecurityFilter" before="FILTER_SECURITY_INTERCEPTOR" />
        <!-- form_login_filter -->
        <custom-filter ref="CustomUsernamePasswordAuthenticationFilter" before="FORM_LOGIN_FILTER" />
    </http>

    <beans:bean id="CustomUsernamePasswordAuthenticationFilter" class="u.frame.web.trade.security.ne.MyUsernamePasswordAuthenticationFilter">
        <beans:property name="authenticationManager" ref="authenticationManager" />
        <beans:property name="authenticationSuccessHandler" ref="successHandler" />
        <beans:property name="authenticationFailureHandler" ref="failureHandler" />
        <beans:property name="filterProcessesUrl" value="/logincheck1.do" />
        <!-- <beans:property name="usernameParameter" value="jsonUsername" /> -->
        <!-- <beans:property name="passwordParameter" value="j_password" /> -->
    </beans:bean>

    <!-- 自定义过滤器 -->
    <beans:bean id="mySecurityFilter" class="u.frame.web.trade.security.old.MyFilterSecurityInterceptor" />

    <!-- =========== -->
    <!-- =========== -->
    <!-- =========== -->
    <!-- =========== -->
    <!-- =========== -->
    <!-- =========== -->
    <!-- =========== -->
    <!-- =========== -->

    <!-- 认证管理器 -->
    <!--验证配置,认证管理器,实现用户认证的入口,主要实现UserDetailsService接口即可 -->
    <authentication-manager alias="authenticationManager">
        <authentication-provider user-service-ref="userServiceDetail">
            <password-encoder ref="standardPasswordEncoder" />
        </authentication-provider>
    </authentication-manager>

    <!-- 登录成功的处理 -->
    <beans:bean id="successHandler" class="u.frame.web.trade.security.ne.MySimpleUrlAuthenticationSuccessHandler">
        <beans:property name="defaultTargetUrl" value="/login/success.do" />
        <!-- <beans:property name="targetUrlParameter" value="/LoginSuccessful.htm" /> -->
    </beans:bean>

    <!-- 登录失败的处理 -->
    <beans:bean id="failureHandler" class="u.frame.web.trade.security.ne.MySimpleUrlAuthenticationFailureHandler">
        <beans:property name="defaultFailureUrl" value="/login/error.do" />
    </beans:bean>

    <!-- 403的处理 -->
    <beans:bean id="http403EntryPoint" class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint" />

    <!-- 获得用户信息 -->
    <beans:bean id="userServiceDetail" class="u.frame.web.trade.security.old.MyUserDetailServiceImpl" />

    <!-- 密码加密工具 -->
    <beans:bean id="standardPasswordEncoder" class="org.springframework.security.crypto.password.StandardPasswordEncoder">
        <beans:constructor-arg value="q1w2e3r4t5y6u7i8o9p0" />
    </beans:bean>
</beans:beans>

MyUsernamePasswordAuthenticationFilter.java

package u.frame.web.trade.security.ne;

import java.io.BufferedReader;
import java.io.IOException;

import javax.servlet.http.HttpServletRequest;

import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

import com.fasterxml.jackson.databind.ObjectMapper;

import u.frame.web.trade.model.Login;

public class MyUsernamePasswordAuthenticationFilter extends UsernamePasswordAuthenticationFilter {
    static Log log = LogFactory.getLog(MySimpleUrlAuthenticationFailureHandler.class);
    // 用户的登录信息
    private Login login;

    @Override
    protected String obtainPassword(HttpServletRequest request) {
        System.out.println("MyUsernamePasswordAuthenticationFilter-obtainPassword");
        if (checkJson(request)) {
            if (login != null) {
                return login.getPassWord();
            }
        }
        // }
        return super.obtainPassword(request);
    }

    @Override
    protected String obtainUsername(HttpServletRequest request) {
        System.out.println("MyUsernamePasswordAuthenticationFilter-obtainUsername");
        if (checkJson(request)) {
            if (login != null) {
                return login.getUserName();
            }
        }
        return super.obtainUsername(request);
    }

    public boolean checkJson(HttpServletRequest request) {
        try {
            if ("application/json".equals(request.getHeader("Content-Type"))) {
                StringBuffer sb = new StringBuffer();
                String line = null;
                BufferedReader reader;
                reader = request.getReader();
                while ((line = reader.readLine()) != null) {
                    sb.append(line);
                }
                if (StringUtils.isNotEmpty(sb.toString())) {
                    ObjectMapper mapper = new ObjectMapper();
                    login = mapper.readValue(sb.toString(), Login.class);
                }
                return true;
            }
        } catch (IOException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }
        return false;

    }
}

思想来源:
http://docs.spring.io/spring-security/site/docs/3.0.x/reference/ns-config.html

说明:
这里写图片描述

简单的说,就是重写http/form-login,使用http/form-login的另一种形式UsernamePasswordAuthenticationFilter就可以了。

版本4

为了解决UsernameNotFoundException的异常抛出问题

直接上代码:
applicationContext-security.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:security="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.2.xsd
                    http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd">
    <!-- 不需要拦截 -->
    <security:http pattern="/login/**" security="none"></security:http>
    <security:http auto-config="false" use-expressions="true" entry-point-ref="http403EntryPoint">
        <security:csrf disabled="true" />
        <security:headers>
            <security:frame-options policy="SAMEORIGIN" />
            <security:cache-control disabled="true" />
            <security:content-type-options disabled="true" />
        </security:headers>
        <!-- 退出 -->
        <security:logout invalidate-session="true" logout-url="/login/logout.do" logout-success-url="/login/outSuccess.do"
            delete-cookies="true" />
        <!-- session超时 -->
        <security:session-management invalid-session-url="/login/timedout.do" session-fixation-protection="none"
            session-authentication-error-url="/login/timedout.do">
            <security:concurrency-control error-if-maximum-exceeded="false" expired-url="/login/timedout.do"
                max-sessions="1" />
        </security:session-management>
        <!-- filter_security_interceptor -->
        <security:custom-filter ref="mySecurityFilter" before="FILTER_SECURITY_INTERCEPTOR" />
        <!-- form_login_filter -->
        <security:custom-filter ref="CustomUsernamePasswordAuthenticationFilter" before="FORM_LOGIN_FILTER" />
    </security:http>

    <bean id="CustomUsernamePasswordAuthenticationFilter" class="u.frame.web.trade.security.MyUsernamePasswordAuthenticationFilter">
        <property name="authenticationManager" ref="authenticationManager" />
        <property name="authenticationSuccessHandler" ref="successHandler" />
        <property name="authenticationFailureHandler" ref="failureHandler" />
        <property name="filterProcessesUrl" value="/logincheck.do" />
    </bean>

    <!-- 自定义过滤器 -->
    <bean id="mySecurityFilter" class="u.frame.web.trade.security.MyFilterSecurityInterceptor" />

    <!-- 认证管理器 -->
    <bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager">
        <constructor-arg>
            <list>
                <ref bean="daoAuthenticationProvider" />
            </list>
        </constructor-arg>
    </bean>
    <!-- 认证提供类 -->
    <bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
        <property name="userDetailsService" ref="userServiceDetail" />
        <property name="passwordEncoder" ref="standardPasswordEncoder" />
        <!--不隐藏错误-->
        <property name="hideUserNotFoundExceptions" value="false" />
    </bean>

    <!-- 登录成功的处理 -->
    <bean id="successHandler" class="u.frame.web.trade.security.MySimpleUrlAuthenticationSuccessHandler">
        <property name="defaultTargetUrl" value="/login/success.do" />
        <!-- <property name="targetUrlParameter" value="/LoginSuccessful.htm" /> -->
    </bean>

    <!-- 登录失败的处理 -->
    <bean id="failureHandler" class="u.frame.web.trade.security.MySimpleUrlAuthenticationFailureHandler">
        <property name="defaultFailureUrl" value="/login/error.do" />
    </bean>

    <!-- 403的处理 -->
    <bean id="http403EntryPoint" class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint" />

    <!-- 获得用户信息 -->
    <bean id="userServiceDetail" class="u.frame.web.trade.security.MyUserDetailServiceImpl" />

    <!-- 密码加密工具 -->
    <bean id="standardPasswordEncoder" class="org.springframework.security.crypto.password.StandardPasswordEncoder">
        <constructor-arg value="q1w2e3r4t5y6u7i8o9" />
    </bean>
</beans>
want_water_fish
关注
  • 0
    点赞
  • 3
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
Spring Security基于json登录实现过程详解
10-14
主要介绍了Spring Security基于json登录实现过程详解,文中通过示例代码介绍的非常详细,对大家的学习或者工作具有一定的参考学习价值,需要的朋友可以参考下
spring Security Json 数据登录验证
01-21
提交表单时,前端通过Ajax发送一个POST请求到`/api/login`,携带JSON数据。例如: ```html <!DOCTYPE html> <title>Login <script src="jquery-1.8.2.min.js"></script> <button type="submit">...
Spring Security实现前后端分离Login登录功能,返回JSON提示,核心代码不到100行!
m0_59562547的博客
10-25 1796
#前后端分离登录设计思路和流程图 前后端分离是企业级应用开发的主流,登录功能同样采用前后端分离模式。 用户信息存在数据库中。 Spring Security提供身份认证。 前后端交互通过JSON进行。 登录成功不是页面跳转,而是一段JSON提示。 #第一步:前期准备工作 项目架构: 开发环境Spring-boot 2.5.5 Maven 数据库MySQL8.0+,存放用户、角色、用户角色对照表 持久层Mybatis 数据库及表设计;MAVEN依赖;application.pro...
Spring Security实现用户认证二:前后端分离时自定义返回Json内容
最新发布
不做菜虚困的博客
05-15 914
注释掉原来的formLogin和httpBasic。@Beanauthorizelogin.loginPage("/login").permitAll() // 一定加上这个,不然会一直重定向,导致报错在resources下创建目录templates,用来存放thymeleaf写的页面,在这个目录下面创建login.html页面。
Spring security安全登录-当AJAX遇上Redirect
Aubergines的专栏
03-21 1469
Spring security安全登录-当AJAX遇上Redirect前言:最近做平台引入spring security做为安全认证框架,在登录的时候使用的ajax的请求方式,最开始的做法是调用登录的接口,成功后再前端使用`window.location.href = ./index.html`的方式跳转到希望的页面,考虑到以后会根据用户的权限做页面的跳转,就打算在后台做成功页面的跳转,这个时候想到
spring security3 ajax,spring security 3中关于ajax的处理
weixin_42464697的博客
08-05 429
spring security 3中关于ajax的处理2019年11月17日阅读数:18这篇文章主要向大家介绍spring security 3中关于ajax的处理,主要内容包括基础应用、实用技巧、原理机制等方面,希望对大家有所帮助。在spring security 3中,对于某些须要保护的url,能够很容易地实现当没权限的时候,redirect到一个页面(好比自定义的404.jsp页面)进行显示...
springsecurity拦截ajax,Spring Security Ajax 被拦截
weixin_39614546的博客
08-05 471
背景是项目中使用Spring Security 进行安全控制再使用Ajax的时候会报 403(ajax get 方式是没问题的 post 的时候会报)Spring Security 原本是 防止 CSRF 攻击 现在 ajax 被误伤了...然后下面贴解决方法,页面的head标签里 下记追加(这里要说的是用的是thymeleaf模板 所有才会有 th:如果是jsp的话使用EL表达式吧th:去掉就...
Spring Security 3 Ajax登录–访问受保护的资源
最佳 Java 编程
05-10 282
我看过一些有关Spring Security 3 Ajax登录的博客,但是我找不到能解决如何调用基于Ajax登录的博客,匿名用户正在Ajax中访问受保护的资源。 问题 – Web应用程序允许匿名访问某些部分,并且某些部分是受保护的资源,需要用户登录。 当匿名用户(通过Http Get / Post)访问受保护的资源时,Spring Security会自动调用登录页面,并在成功通过...
spring security ajax请求与html共存
03-23
`META-INF`和`WEB-INF`是标准的Web应用目录结构,其中`META-INF`存储元数据,`WEB-INF`包含`web.xml`配置文件、类和其他资源,它们对于Spring Security的配置和应用的正常运行至关重要。 通过理解以上知识点,你...
基于SSM的循环水能效管理系统,使用Bootstrap、JSP、SpringSecurityAjaxJSON.zip
05-10
本项目是一个基于SSM(SpringSpringMVC、MyBatis)框架的循环水能效管理系统,采用现代前端技术如Bootstrap、JSP、Ajax以及数据交换格式JSON,同时结合SpringSecurity进行安全控制。这个系统主要适用于高校计算机...
spring security CSRF防护的示例代码
08-26
Spring Security CSRF 防护机制针对 PATCH、POST、PUT 和 DELETE 方法进行防护。 启用 CSRF 防护 在 Spring Boot 项目中,使用 @EnableWebSecurity 注解后,CSRF 防护就自动生效了。因此,在默认配置下,即便已经...
SpringBoot+SpringSecurity处理Ajax登录请求问题(推荐)
08-28
主要介绍了SpringBoot+SpringSecurity处理Ajax登录请求问题,本文给大家介绍的非常不错,具有参考借鉴价值,需要的朋友可以参考下
SpringSecurity登录使用JSON格式数据的方法
10-17
主要介绍了SpringSecurity登录使用JSON格式数据的方法,文中通过示例代码介绍的非常详细,对大家的学习或者工作具有一定的参考学习价值,需要的朋友们下面随着小编来一起学习学习吧
Spring security ajax提交数据
征途人生&梦
04-16 626
使用spring security后,如果使用的是thymeleaf,那么form action会帮我们自动加上csrf 隐藏域,但是ajax提交就需要自己获取了,在文档中有提到。 Example 124. AJAX send CSRF Token $(function () { var token = $("meta[name='_csrf']").attr("content");...
spring mvc ajax登录验证,springMVC框架中的ajax验证
weixin_39713833的博客
08-05 226
当然,你在使用springMVC之前需要进行环境的配置,这里就不讲了,直接上代码.在使用springMVC之前,我在使用ajax验证的时候,需要用到一个解析json的jar包:将数据通过ajax拿到后台servlet,再通过jsonObject对象进行来像前台进行数据的传递.像下面这样:JSONObject j = newJSONObject();request.setCharacterEncod...
spring 拦截ajax,spring security spring mvc ajax 请求 controller 被拦截
weixin_26899659的博客
08-06 225
你是烦恼在spring security中怎么进行ajax请求吧。一般的ajax请求在Spring Security中是被forbidden的,因为请求的时候csrf这个token为null。官方提供了一个解决办法,参考官方文档http://docs.spring.io/spring-security/site/docs/3.2.0.CI-SNAPSHOT/reference/html/csrf....
SpringMVC 中 拦截器对AJAX请求的拦截处理
scanner_new的博客
05-30 2793
项目使用HTML页面,所以多数请求都是使用的ajax,拦截器主要是验证用户的token,一旦token失效就跳转到登录页面,但是发现中间的ajax请求不能完成想要的跳转,于是借助度娘,现将实现的方法总结如下,已被后用。 一,后台处理 在拦截器的设置上,在原有的token失效后的处理逻辑中增加如下的判断: if(req.getHeader("x-requested-with") != nul...
Spring拦截器针对Ajax请求进行个性化处理
Hatoandaburedo的博客
10-24 417
文章目录使用场景整体思路我们的整体思路实现代码Alert版跳转版(可以跳转到页面或Controller)对layui请求的特殊处理 使用场景 在Spring中使用拦截器时,有时候会拦截ajax请求,此时我们可能会根据权限等因素对ajax数据进行个性化返回,比如跳转到其他页面或者进行alert提示等,从response对象中是无法直接进行这些操作的,需经过前端页面的配合才行。 整体思路 前端要使用...
springsecurity的退出登陆
weixin_30685029的博客
05-10 155
登陆成功就有退出,退出的实质就是让session失效 要实现退出登录只需要在spring-security配置文件中在加一行代码就可以了 1 <!--退出登陆--> 2 <security:logout logout-url="/loginout.do" delete-cookies="true" logout-success-url="/l...
springsecurity使用json登录
03-16
Spring Security 可以使用 JSON ...6. 在前端页面中使用 AJAX 技术发送 JSON 格式的登录请求,接收后端返回登录结果。 以上是 Spring Security 使用 JSON 登录的大致步骤,具体实现需要根据具体的业务需求进行调整。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值