The return status code, json format is suitable for the front and rear separation, the front section is all ajax, they judge that you have successfully logged in, or you do not have permission, etc., and cannot parse your returned url page, then you rewrite the judgment when using the url to jump. The ajax request returns the status code to the foreground without jumping
The content in the response will automatically return to the page as long as mvc returns, as you can see in the corresponding structure, +return null; or return;
Use response.getWriter().print("image not found");///////////// print ordinary characters or response.getOutputStream().write(bytes,0,length);// /Print stream = @ResponseBody is best to add return null;
This is automatically returning the request page (download, etc.) in front of the page
Three forms of shiro control return:
The whole idea: the url is configured differently, if it is judged to be ajax, it will return the status code, and ordinary requests will use the url to jump.
1. Jump:
Write the jump yourself:
@Override
protected boolean onLoginFailure(org.apache.shiro.authc.AuthenticationToken token, AuthenticationException e, ServletRequest request, ServletResponse response) {
RequestDispatcher rd=null;
try{
//this.saveRequestAndRedirectToLogin(request, response);
request.setAttribute("msg", "Incorrect username or password");
rd = request.getRequestDispatcher("/login");
this.setFailureAttribute(request, e);
rd.forward(request, response);
}catch (Exception e1){
//rd.forward();
}
return true;
}
用框架的跳转:
protected boolean onLoginSuccess(AuthenticationToken token, Subject subject, ServletRequest request, ServletResponse response) throws Exception {
this.issueSuccessRedirect(request, response);
return false;
}
2,返回json和状态码:
@Override
protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
String requestType = request.getHeader("X-Requested-With");
String contentType = request.getHeader("content-type");
request.getHeaderNames();
if ((requestType != null && requestType.equalsIgnoreCase("XMLHttpRequest"))||(contentType!=null && contentType.equalsIgnoreCase("application/json; charset=utf-8"))) {
response.addHeader("loginStatus", "accessDenied");
response.sendError(HttpServletResponse.SC_FORBIDDEN);
response.setCharacterEncoding("UTF-8");
response.setContentType("application/json");
return false;//状态码
}
String method = request.getMethod();
if("GET".equalsIgnoreCase(method)){//跳转
WebUtils.issueRedirect(request, response, "/");
return false;
}
return super.onAccessDenied(request, response);
}
我们shiro配置的successurl是在onLoginSuccess用
protected boolean onLoginSuccess(AuthenticationToken token, Subject subject, ServletRequest request, ServletResponse response) throws Exception {
this.issueSuccessRedirect(request, response);
return false;
}
protected void issueSuccessRedirect(ServletRequest request, ServletResponse response) throws Exception {
WebUtils.redirectToSavedRequest(request, response, this.getSuccessUrl());
}
自定义的onLoginSuccess也可以像上面一样判断如果是ajax返回状态码(下面的代码没加)
@Override
protected boolean onLoginSuccess(org.apache.shiro.authc.AuthenticationToken token, Subject subject, ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
Session session = subject.getSession();
Map<Object, Object> attributes = new HashMap<Object, Object>();
Collection<Object> keys = session.getAttributeKeys();
for (Object key : keys) {
attributes.put(key, session.getAttribute(key));
}
//session.stop();
session = subject.getSession();
for (Entry<Object, Object> entry : attributes.entrySet()) {
session.setAttribute(entry.getKey(), entry.getValue());
}
setLoginSession(servletRequest, servletResponse);
return super.onLoginSuccess(token, subject, servletRequest, servletResponse);
}