spring security 自定义登陆 - AJAX

除了自定义登陆页面外，我们经常会需要处理ajax登陆 

(自定义登陆参考: http://blog.csdn.net/buyaore_wo/article/details/50056353 )

1.修改LoginPage

@Overrideprotected void configure(HttpSecurity http) throws Exception {// @formatter:off        http            .authorizeRequests()                .antMatchers(PermitAllPages).permitAll()                .anyRequest().hasRole("USER")                .and()            .exceptionHandling()                .accessDeniedPage("/access/denied")                .and()            // TODO: put CSRF protection back into this endpoint            .csrf()                .disable()            .logout()            .logoutUrl("/logout")                .logoutSuccessUrl("/login.jsp")                .and()            .formLogin()            .loginPage("/loginPage")//登陆页面            .loginProcessingUrl("/login")//登陆处理路径            .usernameParameter("username")//登陆用户名参数            .passwordParameter("password")//登陆密码参数            .defaultSuccessUrl("/login/success")//登陆成功路径                .failureUrl("/login/failure");//登陆失败路径        // @formatter:on}

2. ajax登陆处理

@RequestMapping("loginPage")public String loginPage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {if (HttpUtils.isAjaxRequest(httpServletRequest)) {return "forward:/loginPageAjax";} else {return "forward:/login.html";}}@RequestMapping("loginPageAjax")public @ResponseBody HttpJsonResponse loginPageAjax() {return new HttpJsonResponse("-1", "need to login");}