Spring Security版本:2.0.5
重写org.springframework.security.ui.webapp.AuthenticationProcessingFilter:
package com.cay.core.web;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationException;
import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;
import org.springframework.security.util.RedirectUtils;
import com.cay.utils.RenderUtils;
public class AjaxableAuthenticationProcessingFilter extends
AuthenticationProcessingFilter {
/**
* If true, causes any redirection URLs to be calculated minus the protocol
* and context path (defaults to false).
*/
private boolean useRelativeContext = false;
public void setUseRelativeContext(boolean useRelativeContext) {
this.useRelativeContext = useRelativeContext;
}
protected void onSuccessfulAuthentication(HttpServletRequest request,
HttpServletResponse response, Authentication authResult)
throws IOException {
super.onSuccessfulAuthentication(request, response, authResult);
if ("XMLHttpRequest".equals(request.getHeader("X-Requested-With"))){
Map<String, Object> message = new HashMap<String, Object>();
message.put("success", true);
message.put("status", "1");
RenderUtils.renderJSON(response, message);
}
}
protected void onUnsuccessfulAuthentication(HttpServletRequest request,
HttpServletResponse response, AuthenticationException failed)
throws IOException {
super.onUnsuccessfulAuthentication(request, response, failed);
if ("XMLHttpRequest".equals(request.getHeader("X-Requested-With"))){
Map<String, Object> message = new HashMap<String, Object>();
message.put("success", true);
message.put("status", "-1");
message.put("message", failed.getMessage());
RenderUtils.renderJSON(response, message);
}
}
protected void sendRedirect(HttpServletRequest request, HttpServletResponse response, String url)
throws IOException {
// ignore redirect when request via ajax
if (!"XMLHttpRequest".equals(request.getHeader("X-Requested-With"))){
RedirectUtils.sendRedirect(request, response, url, useRelativeContext);
}
}
}
applicationContext-security.xml如下:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">
<http entry-point-ref="authenticationProcessingFilterEntryPoint">
<intercept-url pattern="/pages/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<intercept-url pattern="/css/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<intercept-url pattern="/images/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<intercept-url pattern="/new/commons/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<intercept-url pattern="/new/core/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<intercept-url pattern="/new/extjs/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<intercept-url pattern="/favicon.ico" access="ROLE_ANONYMOUS" />
<intercept-url pattern="/**" access="ROLE_AUTHENTICATED" />
<!-- 定制AuthenticationProcessingFilter不能使用form-login标签与auto-config="true" -->
<!-- 同时必须使用logout、http-basic与anonymous标签 -->
<logout logout-success-url="/pages/login.jsp" />
<http-basic />
<anonymous />
<!--
<form-login login-page="/pages/login.jsp"
authentication-failure-url="/pages/login.jsp?error=true"
default-target-url="/index.do" />
-->
</http>
<authentication-provider user-service-ref="userDetailsService">
<password-encoder hash="md5" />
</authentication-provider>
<beans:bean id="authenticationProcessingFilter"
class="com.cay.core.web.AjaxableAuthenticationProcessingFilter">
<custom-filter position="AUTHENTICATION_PROCESSING_FILTER" />
<beans:property name="defaultTargetUrl" value="/index.do" />
<beans:property name="authenticationFailureUrl" value="/pages/login.jsp?error=true"/>
<beans:property name="authenticationManager" ref="authenticationManager" />
</beans:bean>
<authentication-manager alias="authenticationManager"/>
<beans:bean id="authenticationProcessingFilterEntryPoint"
class="com.cay.core.web.handler.AjaxableAuthenticationProcessingFilterEntryPoint">
<beans:property name="loginFormUrl" value="/pages/login.jsp" />
</beans:bean>
<beans:bean id="messageSource"
class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
<beans:property name="basename"
value="classpath:com/cay/security/messages" />
</beans:bean>
<beans:bean id="localeResolver"
class="org.springframework.web.servlet.i18n.AcceptHeaderLocaleResolver" />
</beans:beans>
参考链接:
http://forum.springsource.org/showthread.php?56167-Overriding-AUTHENTICATION_PROCESSING_FILTER
http://forum.springsource.org/showthread.php?57373-How-to-replace-form-login
http://loianegroner.com/2010/02/integrating-spring-security-with-extjs-login-page/
http://stackoverflow.com/questions/4885893/how-to-differentiate-ajax-requests-from-normal-http-requests
http://androider.iteye.com/blog/588379
分享到:
相关推荐
主要介绍了SpringBoot+SpringSecurity处理Ajax登录请求问题,本文给大家介绍的非常不错,具有参考借鉴价值,需要的朋友可以参考下
spring security 安全认证与资源管理,,安全性特别高,,可以配置更多的安全设置。在许多企业应用中,都选用了这项技术。该代码主要将ajax请求与from请求区别。供大家参考!
spring security3案例,基于数据库存储角色权限资源信息,支持记住我、session并发控制、AJAX调用。
Spring Security 参考 1 第一部分前言 15 1.入门 16 2.介绍 17 2.1什么是Spring Security? 17 2.2历史 19 2.3版本编号 20 2.4获得Spring安全 21 2.4.1使用Maven 21 Maven仓库 21 Spring框架 22 2.4.2 Gradle 23 ...
更改了RedirectUtils类的 response.sendRedirect(response.encodeRedirectURL(finalUrl)); 改为了 StringBuffer str = new StringBuffer(); str.append("{"); str.append("status: \"true\",");...
Architect solutions that leverage the full power of Spring Security while remaining loosely coupled. Implement various scenarios such as supporting existing user stores, user sign up, authentication, ...
主要介绍了Ajax登陆使用Spring Security缓存跳转到登陆前的链接,需要的朋友可以参考下
我自己做的spring3+struts2+hibernate3+dwr3+spring security3+ajax请求+数据库配置权限 完整实例
主要介绍了Spring Security基于json登录实现过程详解,文中通过示例代码介绍的非常详细,对大家的学习或者工作具有一定的参考学习价值,需要的朋友可以参考下
1. 后台架构:SpringMVC 5.1.5、Spring 5.1.5、SpringSecurity 5.1.4、Hibernate 5.3.7 2. 前端架构:Bootstrap,兼容JQuery,AJAX 3. 页面设计:SmartAdmin,AJAX + 对话框操作风格,可换6种页面风格和颜色 4. ...
Springboot+SSM+security
Security 来保护 AJAX 环境中的应用程序资源。 2. 概述 是一个开源项目,展示了各种基于 JavaScript 的 MVC 框架的功能。 它提供了一个单页应用程序,允许用户管理任务列表(待办事项)。 此示例应用程序提供了 Todo...
- Spring Security - Spring Cloud 4. Web开发: - HTML、CSS、JavaScript - HTTP协议 - Servlet、JSP - AJAX、JSON、XML 5. 框架和工具: - MyBatis - Hibernate - Maven、Gradle - Git、SVN - ...
spring boot 实践学习案例,与其它组件结合如 mybatis、jpa、dubbo、redis、mongodb、memcached、kafka、rabbitmq、activemq、elasticsearch、security、shiro等 #### Spring Boot 版本 - 2.0.3.RELEASE #### 模块...
使用Thymeleaf,Ajax,Spring Security等 包括 用于Servlet 3.0环境的No-xml Spring MVC 4 Web应用程序 胸腺,引导 JPA 2.0(Hibernate / HSQLDB / Spring Data JPA) JUnit的/ Mockito的 Spring安全4.0 安装 要将...
Spring 4:用于创建 RESTful 控制器接口,然后通过 ajax 请求调用。 Spring Security 3:使用一个简单的设置,并配置了一个 http 基本入口点,该入口点将始终返回未经授权的 http 状态(401),这将导致 angular js...
(仅限已部署的文物)吞咽: 用作客户端的构建工具,已使用ES6编写Spring4: 用于创建RESTful控制器接口,然后通过ajax请求调用该接口。Spring Security 4: 用于无状态api,该API允许通过基本身份验证或令牌身份...
书店后端程序结构Sprint BootSpring数据JPA Spring安全BCrypt编码MySQL的slf4j数据库sql...参考Spring Security Ajax登录: : Spring数据JPA: : Spring Data JPA更新: : 待办事项清单相同的用户名通知RedisSpring会议
Table of Contents Configuring a Spring Development Environment Spring ...AJAX Resolving and Implementing Views Testing Spring MVC Applications Spring Web Flow Building Applications with Spring Web Flow ...