shiro 用ajax方式登录的话，如何配置

 下马是java代码中要增加：

 

@RequestMapping(value = "/login")
	@ResponseBody
	public Object ajaxLogin(@RequestParam String username,
			@RequestParam String password, @RequestParam boolean rememberMe) {
		String ret="";
		Subject currentUser = SecurityUtils.getSubject();
		if (!currentUser.isAuthenticated()) {
			UsernamePasswordToken token = new UsernamePasswordToken(username,
					password);
			token.setRememberMe(rememberMe);
			try {
				currentUser.login(token);
				ret = "{success:true,message:'登陆成功'}";
			} catch (UnknownAccountException ex) {
				ret = "{success:false,message:'账号错误'}";
				logger.debug(ret);
			} catch (IncorrectCredentialsException ex) {
				ret = "{success:false,message:'密码错误'}";
				logger.debug(ret);
			} catch (LockedAccountException ex) {
				ret = "{success:false,message:'账号已被锁定，请与管理员联系'}";
				logger.debug(ret);
			} catch (AuthenticationException ex) {
				ret = "{success:false,message:'您没有授权'}";
				logger.debug(ret);
			}
		}
		// 返回json数据
		return ret;
	}

 

 

如果是html通过ajax请求，还需要加上跨域支持：

		accessFilter
		com.hotice.shequ.filter.AccessFilter
	
	
		accessFilter
		/*
	

 

@Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse,  
            FilterChain chain) throws IOException, ServletException {  
            HttpServletResponse response = (HttpServletResponse) servletResponse;  
            response.setHeader("Access-Control-Allow-Origin","*");
            response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
            chain.doFilter(servletRequest, servletResponse);  
              
    }