My way is with ajax login
Js code:
$. Ajax ({
Url: ajaxUrl + "/login_entry",
Type: "post",
Data: form. Serialize (),
Success: the function (result) {
If (result. State==000000) {
The console. The log (" success ");
Var token=result. The data. The access_token;
LocalStorage. Token=token;
window.location.href=https://bbs.csdn.net/topics/ajaxUrl + "/index";
} else {
The console. The log (" failed "+ result. The message).
}
},
Error: function () {
The console. The log (" error ");
}
Java code:
@ Override
Protected void the configure (HTTP) HttpSecurity throws the Exception {
//custom authorization rules
HTTP. CSRF (). The disable () sessionManagement (). SessionCreationPolicy (sessionCreationPolicy. STATELESS) ;
HTTP. AuthorizeRequests ()
AntMatchers ("/inspinia_admin - v2.5/* * "). The permitAll ()
AnyRequest (). Authenticated ()
And ()
FormLogin ()
LoginPage (LOGIN_PAGE)
. LoginProcessingUrl (LOGIN_ENTRY)
. SuccessHandler (myAuthenticationSuccessHandler)
. FailureHandler (myAuthenticationFailHander)
PermitAll ()
And ()
ExceptionHandling (),
. AuthenticationEntryPoint (authenticationEntryPoint)
. AccessDeniedHandler (myAccessDeniedHandler)
And ()
The logout ()
. LogoutSuccessUrl (LOGIN_PAGE)
. LogoutSuccessHandler (myLogoutSuccessHandler)
PermitAll ();
HTTP. AddFilterBefore (myFilterSecurityInterceptor, FilterSecurityInterceptor. Class);
HTTP. AddFilterBefore (myUsernamePasswordAuthenticationFilter, FilterSecurityInterceptor. Class);
HTTP. AddFilterBefore (jwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter. Class);
}
click on the button, will call as part of js code,
1, there is the red part of the code
This line of code makes springsecurity does not create session, also can't save the certification result, lead to after the success of the first request, although generate the token, capturing the front also successfully, also save to localStorage, but the next page jump window.location.href=https://bbs.csdn.net/topics/ajaxUrl + "/index"; Cannot carry token, springsecurity can't do the according to the token for the user information, so springsecurity think "boy, you didn't have a key, also don't know about you, can't cross the door", and then as an authorization failure, is redirected to the login page, if is the window. The other location. The href this way, the SecurityContextHolder. GetContext () getAuthentication ()) this is null, no way to get the user in the custom tokenFilter
Part 2, there is no red
Springsecurity will put authentication results in the SecurityContext, then into the session, because/login_entry request has been successfully certified, later can obtain certification from the SecurityContext results, so other functions can be implemented,
Appear this kind of circumstance is the cause of page by clicking on a log in, will ask twice, window. The location. The href cannot carry ("/login_entry ",) for the first time an ajax request to return the token,
On the Internet a lot, but this didn't happen, the only situation is similar to that of cross-domain request, but it seems to me that does not belong to cross-domain request, is the request 127.0.0.1:8080, IP, port,
Did I write wrong, there must be somewhere which the great spirit to guide the ah,,, (^_^)