spring-security 3.0.X, 让ajax login跟普通login共存
日期:2014-05-16 浏览次数:21063 次
spring-security 3.0.X, 让ajax login和普通login共存
使用spring security时遇到一个问题,有大量的ajax post是需要登录控制的,但是默认的spring-security机制导致post结果返回的是登录页。
?
现在要解决几个问题:
1,ajax post如果需要登录的话,返回需要登录的json消息,前端可以继续处理
2,新建一套ajax login的页面流转,但是不能和原有的login过程冲突,因为其他的非ajax请求还是需要用正常的login。
?
?spring security配置如下:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<!-- Configure Spring Security -->
<!--
<security:http auto-config="true">
<security:form-login login-page="/login" login-processing-url="/loginProcess"
default-target-url="/" authentication-failure-url="/login?login_error=1" />
<security:logout logout-url="/logout" logout-success-url="/logoutSuccess" />
<security:remember-me key="bookingtest" />
</security:http>
-->
<security:http auto-config="false" entry-point-ref="jilujiaAuthenticationEntryPoint">
<!-- 登录过滤器 -->
<security:custom-filter before="FORM_LOGIN_FILTER" ref="loginFilter"/>
<!-- ajax登录过滤器 -->
<security:custom-filter position="FORM_LOGIN_FILTER" ref="ajaxLoginFilter"/>
<!-- 只cache get,避免ajax post 被cache -->
<security:request-cache ref="httpSessionRequestCache"/>
<!-- 注销过滤器 -->
<security:logout logout-url="/logout" logout-success-url="/logoutSuccess" />
<!-- remember me -->
<security:remember-me key="bookingtest" />
</security:http>
<bean id="jilujiaAuthenticationEntryPoint" class="com.jilujia.framework.security.JilujiaAuthenticationEntryPoint">
<property name="loginFormUrl" value="/login" />
</bean>
<bean id="httpSessionRequestCache" class="org.springframework.security.web.savedrequest.HttpSessionRequestCache">
<property name="justUseSavedRequestOnGet" value="true" />
</bean>
<!-- 验证普通用户 -->
<bean id="loginFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="authenticationFailureHandler" ref="failureHandler"/>
<property name="authenticationSuccessHandler" ref="successHandler"/>
<property name="filterProcessesUrl" value="/loginProcess"/>
</bean>
<bean id="failureHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<property name="defaultFailureUrl" value="/login?login_error=1" />
</bean>
<bean id="successHandler" class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
<property name="alwaysUseDefaultTargetUrl" value="false"/>
<property name="defaultTargetUrl" value="/"/>
</bean>
<!-- 验证ajax请求-->
<bean id="ajaxLoginFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="authenticationFailureHandler" ref="ajaxFailureHandler"/>
<property name="authenticationSuccessHandler" ref="ajaxSuccessHandler"/>
<property name="filterProcessesUrl" value="/ajaxLoginProcess"/>
</bean>
<bean id="ajaxFailureHandler" class="com.jilujia.fra
免责声明: 本文仅代表作者个人观点,与爱易网无关。其原创性以及文中陈述文字和内容未经本站证实,对本文以及其中全部或者部分内容、文字的真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
