如何使用angularjs登錄彈簧安全

Question

我想使用angularjs發送用戶名和密碼登錄到彈簧安全性，而不是普通的login.jsp。我有一些配置如下圖所示：

-security_config.xml

<http use-expressions="true" auto-config="true"> 
     <access-denied-handler error-page="/403page" /> 
     <anonymous enabled="false" /> 
     <intercept-url pattern="/api/**" access="hasRole('ROLE_USER')" /> 
     <custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" /> 
     <access-denied-handler ref="oauthAccessDeniedHandler" /> 
     <form-login login-page='/login' username-parameter="username" 
      password-parameter="password" default-target-url="/api/users" 
      authentication-failure-url="/login?authfailed" /> 
     <logout logout-success-url="/login?logout" /> 
    </http> 
<authentication-manager alias="authenticationManager" 
     xmlns="http://www.springframework.org/schema/security"> 
     <authentication-provider> 
      <password-encoder ref="encoder" /> 
      <jdbc-user-service data-source-ref="dataSource" 
       users-by-username-query="select username,password, enabled from users where username=?" 
       authorities-by-username-query="select username, role from user_roles where username =? " /> 
     </authentication-provider> 
    </authentication-manager> 
<beans:bean id="encoder" 
     class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"> 
     <beans:constructor-arg name="strength" value="10" /> 
    </beans:bean> 

-LoginController.java

@RequestMapping("login") 
    public ModelAndView getLoginForm(@RequestParam(required = false) String authfailed, String logout,String denied) { 
     String message = ""; 
     if (authfailed != null) { 
      message = "Invalid username of password, try again !"; 
     } else if (logout != null) { 
      message = "Logged Out successfully, login again to continue !"; 
     } else if (denied != null) { 
      message = "Access denied for this user !"; 
     } 
     return new ModelAndView("loginForm", "message", message); 
    } 

    @RequestMapping("user") 
    public String geUserPage() { 
     return "user"; 
    } 

-loginForm.jsp

<form method="post" action="<c:url value='j_spring_security_check' />"> 

    <table> 
        <tr> 
         <td colspan="2" style="color: red">${message}</td> 

        </tr> 
        <tr> 
         <td>User Name:</td> 
         <td><input type="text" name="username" /> 
         </td> 
        </tr> 
        <tr> 
         <td>Password:</td> 
         <td><input type="password" name="password" /> 
         </td> 
        </tr> 
        <tr> 
         <td>&nbsp;</td> 
         <td><input type="submit" value="Login" /> 
         </td> 

        </tr> 
       </table> 
      </form> 

當我使用這樣的我可以正常登錄，但我不想使用上面的loginForm.jsp。我想通過angularjs使用restful web服務發送用戶名和密碼來爲安全性進行登錄。我能怎麼做？請幫幫我！

Answer 1

在你的例子中，你不需要一個控制器（LoginController.java）來處理安全性，Spring Security會爲你做。刪除此代碼。

在AngularJs中，您需要發送POST請求來登錄。就像這樣：

 var data = "username="+username+"&password="+password+"&submit=Login"; 

     $http({ 
      method: 'POST', 
      url: $window.domaineName + 'j_spring_security_check', 
      data: data, 
      headers: { 
       'Content-Type': 'application/x-www-form-urlencoded', 
       } 
     }) 
     .success(function(data, status){ 
      //login success 
     }) 
     .error(function(data, status){ 
      // login failure 
     }) 

爲了註銷，你需要發送另一個HTTP POST請求：

 $http({ 
      method: 'POST', 
      url: $window.domaineName + 'j_spring_security_logout', 
     }) 
     .success(function(data, status){ 
      // logout success 
     }) 
     .error(function(data, status){ 
      // logout failure 
     })