shiro 用ajax方式登录的话,如何配置

 
<property name="filterChainDefinitions">
			<value>
				/login/** = anon
			</value>
</property>
 
 

 下马是java代码中要增加:

 

@RequestMapping(value = "/login")
	@ResponseBody
	public Object ajaxLogin(@RequestParam String username,
			@RequestParam String password, @RequestParam boolean rememberMe) {
		String ret="";
		Subject currentUser = SecurityUtils.getSubject();
		if (!currentUser.isAuthenticated()) {
			UsernamePasswordToken token = new UsernamePasswordToken(username,
					password);
			token.setRememberMe(rememberMe);
			try {
				currentUser.login(token);
				ret = "{success:true,message:'登陆成功'}";
			} catch (UnknownAccountException ex) {
				ret = "{success:false,message:'账号错误'}";
				logger.debug(ret);
			} catch (IncorrectCredentialsException ex) {
				ret = "{success:false,message:'密码错误'}";
				logger.debug(ret);
			} catch (LockedAccountException ex) {
				ret = "{success:false,message:'账号已被锁定,请与管理员联系'}";
				logger.debug(ret);
			} catch (AuthenticationException ex) {
				ret = "{success:false,message:'您没有授权'}";
				logger.debug(ret);
			}
		}
		// 返回json数据
		return ret;
	}
 

 

如果是html通过ajax请求,还需要加上跨域支持:

<filter>
		<filter-name>accessFilter</filter-name>
		<filter-class>com.hotice.shequ.filter.AccessFilter</filter-class>
	</filter>
	<filter-mapping>
		<filter-name>accessFilter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>

 

@Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse,  
            FilterChain chain) throws IOException, ServletException {  
            HttpServletResponse response = (HttpServletResponse) servletResponse;  
            response.setHeader("Access-Control-Allow-Origin","*");
            response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
            chain.doFilter(servletRequest, servletResponse);  
              
    }  

 

 

你可能感兴趣的:(shiro)