如何使用angularjs登录以提高安全性 [英] how to use angularjs login to spring security
问题描述
我想使用angularjs发送用户名和密码登录到Spring Security,而不是普通的login.jsp.我有一些如下配置:
I want to use angularjs send username and password for login to spring security instead of normal login.jsp . I have some configure like below:
-security_config.xml
-security_config.xml
<http use-expressions="true" auto-config="true">
<access-denied-handler error-page="/403page" />
<anonymous enabled="false" />
<intercept-url pattern="/api/**" access="hasRole('ROLE_USER')" />
<custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
<access-denied-handler ref="oauthAccessDeniedHandler" />
<form-login login-page='/login' username-parameter="username"
password-parameter="password" default-target-url="/api/users"
authentication-failure-url="/login?authfailed" />
<logout logout-success-url="/login?logout" />
</http>
<authentication-manager alias="authenticationManager"
xmlns="http://www.springframework.org/schema/security">
<authentication-provider>
<password-encoder ref="encoder" />
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select username,password, enabled from users where username=?"
authorities-by-username-query="select username, role from user_roles where username =? " />
</authentication-provider>
</authentication-manager>
<beans:bean id="encoder"
class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder">
<beans:constructor-arg name="strength" value="10" />
</beans:bean>
-LoginController.java
-LoginController.java
@RequestMapping("login")
public ModelAndView getLoginForm(@RequestParam(required = false) String authfailed, String logout,String denied) {
String message = "";
if (authfailed != null) {
message = "Invalid username of password, try again !";
} else if (logout != null) {
message = "Logged Out successfully, login again to continue !";
} else if (denied != null) {
message = "Access denied for this user !";
}
return new ModelAndView("loginForm", "message", message);
}
@RequestMapping("user")
public String geUserPage() {
return "user";
}
-loginForm.jsp
-loginForm.jsp
<form method="post" action="<c:url value='j_spring_security_check' />">
<table>
<tr>
<td colspan="2" style="color: red">${message}</td>
</tr>
<tr>
<td>User Name:</td>
<td><input type="text" name="username" />
</td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="password" />
</td>
</tr>
<tr>
<td> </td>
<td><input type="submit" value="Login" />
</td>
</tr>
</table>
</form>
当我这样使用时,我可以正常登录,但是我不想使用上面的loginForm.jsp.我想通过angularjs使用Restful Web服务将用户名和密码发送到Spring Security进行登录.我能怎么做?请帮助我!
when i use like this i can login normally,but i don't want to use like loginForm.jsp above. I wanna use restful web service by angularjs send username and password to spring security for login. How can i do? please help me!
推荐答案
在您的示例中,您不需要控制器(LoginController.java)来处理安全性,Spring Security会为您完成.删除此代码.
In your example you don't need a controller (LoginController.java) to handle security, Spring Security does it for you. Remove this code.
在AngularJs中,您需要发送POST请求才能登录.像这样:
In AngularJs you need to send a POST request to login. Like this :
var data = "username="+username+"&password="+password+"&submit=Login";
$http({
method: 'POST',
url: $window.domaineName + 'j_spring_security_check',
data: data,
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
}
})
.success(function(data, status){
//login success
})
.error(function(data, status){
// login failure
})
要注销,您需要发送另一个Http POST请求:
In order to logout, you need to send another Http POST request :
$http({
method: 'POST',
url: $window.domaineName + 'j_spring_security_logout',
})
.success(function(data, status){
// logout success
})
.error(function(data, status){
// logout failure
})
这篇关于如何使用angularjs登录以提高安全性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!