springboot+security+ajax进行登录自定义验证,并返回json数据
因为Ajax进行向后台请求登录验证时,需要返回json数据,但是security默认返回的是页面,所以做了下面的自定义登录验证。代码如下
前端js代码:
/* 表单提交 */
form.on('submit(loginSubmit)', function (obj) {
$.post('/login', //登录路径,需要和security配置保持一致,必须是post请求
obj.field,//输入框中的name属性是username和password,因为security的默认属性是这两个,这里需要注意下
function (res) {
if (res.code == 0) {//登录成功
layer.msg('登录成功', {icon: 1, time: 1000}, function () {
location.replace('../index.html')//js控制页面跳转页面地址
});
} else {
layer.msg(res.msg, {icon: 5});
}
return false;
});
后端security的配置代码:
@Configuration
public class ExpressSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserService userService;
@Bean
PasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();//这是security自带的密码加密器
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userService).passwordEncoder(passwordEncoder());//这是配置账号和密码是通过自己的方式(查数据库)进行
}
//这里是对权限的配置了
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/json/**","/components/**", "/assets/**").permitAll(); //文件下的所有都能访问
http.formLogin()
.loginPage("/login.html")//配置登录页面路径
.loginProcessingUrl("/login")//登录的post请求路径保持一致
//配置自定义登录验证成功的处理,这里我们返回json数据
.successHandler(new AuthenticationSuccessHandler() {
@Override
public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
JSONObject returnObj = new JSONObject();
try {
returnObj.put("code", 0);
returnObj.put("msg","登录成功" );
} catch (JSONException e) {
e.printStackTrace();
}
httpServletResponse.setContentType("application/json;charset=utf-8");
httpServletResponse.getWriter().print(returnObj.toString());
httpServletResponse.getWriter().flush();
}
})
//登录验证失败的处理
.failureHandler(new AuthenticationFailureHandler() {
@Override
public void onAuthenticationFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException, ServletException {
JSONObject returnObj = new JSONObject();
try {
returnObj.put("code", 400);
returnObj.put("msg","账号或者密码有误!" );
} catch (JSONException e1) {
e1.printStackTrace();
}
httpServletResponse.setContentType("application/json;charset=utf-8");
httpServletResponse.getWriter().print(returnObj.toString());
httpServletResponse.getWriter().flush();
}
})
.and().logout()
.logoutUrl("/logout").logoutSuccessUrl("/login.html")
.permitAll()
.and().authorizeRequests()
.antMatchers("/","/login").permitAll()
.anyRequest().authenticated()
.and().csrf().disable();
}
}
版权声明:本文为Mr_OldMoney原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接和本声明。