<property name="filterChainDefinitions"> <value> /login/** = anon </value> </property>
下马是java代码中要增加:
@RequestMapping(value = "/login")
@ResponseBody
public Object ajaxLogin(@RequestParam String username,
@RequestParam String password, @RequestParam boolean rememberMe) {
String ret="";
Subject currentUser = SecurityUtils.getSubject();
if (!currentUser.isAuthenticated()) {
UsernamePasswordToken token = new UsernamePasswordToken(username,
password);
token.setRememberMe(rememberMe);
try {
currentUser.login(token);
ret = "{success:true,message:'登陆成功'}";
} catch (UnknownAccountException ex) {
ret = "{success:false,message:'账号错误'}";
logger.debug(ret);
} catch (IncorrectCredentialsException ex) {
ret = "{success:false,message:'密码错误'}";
logger.debug(ret);
} catch (LockedAccountException ex) {
ret = "{success:false,message:'账号已被锁定,请与管理员联系'}";
logger.debug(ret);
} catch (AuthenticationException ex) {
ret = "{success:false,message:'您没有授权'}";
logger.debug(ret);
}
}
// 返回json数据
return ret;
}
如果是html通过ajax请求,还需要加上跨域支持:
<filter> <filter-name>accessFilter</filter-name> <filter-class>com.hotice.shequ.filter.AccessFilter</filter-class> </filter> <filter-mapping> <filter-name>accessFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse,
FilterChain chain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) servletResponse;
response.setHeader("Access-Control-Allow-Origin","*");
response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
chain.doFilter(servletRequest, servletResponse);
}