<property name="filterChainDefinitions"> <value> /login/** = anon </value> </property>
下马是java代码中要增加:
@RequestMapping(value = "/login") @ResponseBody public Object ajaxLogin(@RequestParam String username, @RequestParam String password, @RequestParam boolean rememberMe) { String ret=""; Subject currentUser = SecurityUtils.getSubject(); if (!currentUser.isAuthenticated()) { UsernamePasswordToken token = new UsernamePasswordToken(username, password); token.setRememberMe(rememberMe); try { currentUser.login(token); ret = "{success:true,message:'登陆成功'}"; } catch (UnknownAccountException ex) { ret = "{success:false,message:'账号错误'}"; logger.debug(ret); } catch (IncorrectCredentialsException ex) { ret = "{success:false,message:'密码错误'}"; logger.debug(ret); } catch (LockedAccountException ex) { ret = "{success:false,message:'账号已被锁定,请与管理员联系'}"; logger.debug(ret); } catch (AuthenticationException ex) { ret = "{success:false,message:'您没有授权'}"; logger.debug(ret); } } // 返回json数据 return ret; }
如果是html通过ajax请求,还需要加上跨域支持:
<filter> <filter-name>accessFilter</filter-name> <filter-class>com.hotice.shequ.filter.AccessFilter</filter-class> </filter> <filter-mapping> <filter-name>accessFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
@Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws IOException, ServletException { HttpServletResponse response = (HttpServletResponse) servletResponse; response.setHeader("Access-Control-Allow-Origin","*"); response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept"); chain.doFilter(servletRequest, servletResponse); }