返回状态码,json格式适用于前后分离时,前段清一色的ajax,他们判断你登录成功,或者没有权限等,不能解析你的返回url页面,这时你重写在用url跳转的时候判断是ajax请求就返回状态码给前台,不做跳转
response中的内容只要mvc返回了就自动会返回页面,在相应的结构可以看到,+return null;或者return;
用response.getWriter().print("未找到图片");/////////////打印普通字符或者response.getOutputStream().write(bytes,0,length);///打印流=@ResponseBody 最好加return null;
这是自动当着页面返回请求页(下载之类)
shiro控制返回的三种形式:
整个思路:url配置了不一样用,判断是ajax就返回状态码,普通请求就用url跳转
1,跳转:
自己写跳转:
@Override
protected boolean onLoginFailure(org.apache.shiro.authc.AuthenticationToken token, AuthenticationException e, ServletRequest request, ServletResponse response) {
RequestDispatcher rd=null;
try{
//this.saveRequestAndRedirectToLogin(request, response);
request.setAttribute("msg", "用户名或密码不正确");
rd = request.getRequestDispatcher("/login");
this.setFailureAttribute(request, e);
rd.forward(request, response);
}catch (Exception e1){
//rd.forward();
}
return true;
}
用框架的跳转:
protected boolean onLoginSuccess(AuthenticationToken token, Subject subject, ServletRequest request, ServletResponse response) throws Exception {
this.issueSuccessRedirect(request, response);
return false;
}
2,返回json和状态码:
@Override
protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
String requestType = request.getHeader("X-Requested-With");
String contentType = request.getHeader("content-type");
request.getHeaderNames();
if ((requestType != null && requestType.equalsIgnoreCase("XMLHttpRequest"))||(contentType!=null && contentType.equalsIgnoreCase("application/json; charset=utf-8"))) {
response.addHeader("loginStatus", "accessDenied");
response.sendError(HttpServletResponse.SC_FORBIDDEN);
response.setCharacterEncoding("UTF-8");
response.setContentType("application/json");
return false;//状态码
}
String method = request.getMethod();
if("GET".equalsIgnoreCase(method)){//跳转
WebUtils.issueRedirect(request, response, "/");
return false;
}
return super.onAccessDenied(request, response);
}
我们shiro配置的successurl是在onLoginSuccess用
protected boolean onLoginSuccess(AuthenticationToken token, Subject subject, ServletRequest request, ServletResponse response) throws Exception {
this.issueSuccessRedirect(request, response);
return false;
}
protected void issueSuccessRedirect(ServletRequest request, ServletResponse response) throws Exception {
WebUtils.redirectToSavedRequest(request, response, this.getSuccessUrl());
}
自定义的onLoginSuccess也可以像上面一样判断如果是ajax返回状态码(下面的代码没加)
@Override
protected boolean onLoginSuccess(org.apache.shiro.authc.AuthenticationToken token, Subject subject, ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
Session session = subject.getSession();
Map<Object, Object> attributes = new HashMap<Object, Object>();
Collection<Object> keys = session.getAttributeKeys();
for (Object key : keys) {
attributes.put(key, session.getAttribute(key));
}
//session.stop();
session = subject.getSession();
for (Entry<Object, Object> entry : attributes.entrySet()) {
session.setAttribute(entry.getKey(), entry.getValue());
}
setLoginSession(servletRequest, servletResponse);
return super.onLoginSuccess(token, subject, servletRequest, servletResponse);
}