Spring Security AJAX登录

[b]Spring Security版本：2.0.5[/b]

重写org.springframework.security.ui.webapp.AuthenticationProcessingFilter：

package com.cay.core.web;

import java.io.IOException;
import java.util.HashMap;
import java.util.Map;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationException;
import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;
import org.springframework.security.util.RedirectUtils;

import com.cay.utils.RenderUtils;

public class AjaxableAuthenticationProcessingFilter extends
		AuthenticationProcessingFilter {	

	/**
     * If true, causes any redirection URLs to be calculated minus the protocol
     * and context path (defaults to false).
     */
    private boolean useRelativeContext = false;

    public void setUseRelativeContext(boolean useRelativeContext) {
        this.useRelativeContext = useRelativeContext;
    }

	protected void onSuccessfulAuthentication(HttpServletRequest request,
			HttpServletResponse response, Authentication authResult)
			throws IOException {
		super.onSuccessfulAuthentication(request, response, authResult);
		if ("XMLHttpRequest".equals(request.getHeader("X-Requested-With"))){
			Map message = new HashMap();
			message.put("success", true);
			message.put("status", "1");
			RenderUtils.renderJSON(response, message);
		}
	}

	protected void onUnsuccessfulAuthentication(HttpServletRequest request,
			HttpServletResponse response, AuthenticationException failed)
			throws IOException {
		super.onUnsuccessfulAuthentication(request, response, failed);
		if ("XMLHttpRequest".equals(request.getHeader("X-Requested-With"))){
			Map message = new HashMap();
			message.put("success", true);
			message.put("status", "-1");
			message.put("message", failed.getMessage());
			RenderUtils.renderJSON(response, message);
		}
	}

	protected void sendRedirect(HttpServletRequest request, HttpServletResponse response, String url)
            throws IOException {
		// ignore redirect when request via ajax
		if (!"XMLHttpRequest".equals(request.getHeader("X-Requested-With"))){
			RedirectUtils.sendRedirect(request, response, url, useRelativeContext);
		}
    }
}

applicationContext-security.xml如下：

    xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">

	

			
		
					
			
		
		
		
		

		
		
        
        
        

        
	

	
		
	

			class="com.cay.core.web.AjaxableAuthenticationProcessingFilter">
		
		
		
		
	

	

			class="com.cay.core.web.handler.AjaxableAuthenticationProcessingFilterEntryPoint">
		
	

			class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
					value="classpath:com/cay/security/messages" />
	
			class="org.springframework.web.servlet.i18n.AcceptHeaderLocaleResolver" /> 

参考链接：
http://forum.springsource.org/showthread.php?56167-Overriding-AUTHENTICATION_PROCESSING_FILTER
http://forum.springsource.org/showthread.php?57373-How-to-replace-form-login
http://loianegroner.com/2010/02/integrating-spring-security-with-extjs-login-page/
http://stackoverflow.com/questions/4885893/how-to-differentiate-ajax-requests-from-normal-http-requests
http://androider.iteye.com/blog/588379