前后端完全分离:后端响应的都是json数据,而不再是网页。
1. 登录成功或者失败应该返回json数据
2. 当未登录时返回的也是json数据
3. 访问未授权的资源,也要分会json。
1. 登录成功或者失败应该返回json数据
修改登录接口
@Controller
@ResponseBody
public class LoginController {
@GetMapping("login")
public CommonResult login(String username, String password) {
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken(username,password);
try {
subject.login(token);
return new CommonResult(2000,"登陆成功",null);
}catch (Exception e){
e.printStackTrace();
return new CommonResult(5000,"账号密码输入错误",null);
}
}
}
2 当未登录时返回的也是json数据
创建一个过滤器,继承登录校验的某个接口。
@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
response.setContentType("application/json;charset=utf-8");
PrintWriter writer = response.getWriter();
CommonResult commonResult = new CommonResult(4001, "未登录", null);
ObjectMapper objectMapper=new ObjectMapper();
String json = objectMapper.writeValueAsString(commonResult);
writer.print(json); //响应给客户json数据
writer.flush();
writer.close();
return false;
}
3 如果没有权限应该返回json数据
@ControllerAdvice
@ResponseBody
public class MyException {
@ExceptionHandler(value = UnauthorizedException.class)
public CommonResult auth(UnauthorizedException u){
u.printStackTrace();
return new CommonResult(4002,"没有权限",null);
}
}