在Spring Security中在会话超时时重定向处理PrimeFaces Ajax请求 [英] Redirect handling PrimeFaces Ajax requests on session timeout in Spring Security
问题描述
我正在尝试让JSF Web前端在会话超时时重定向到登录页面(在Spring Security中).
I am trying to get the JSF web front-end to redirect to back to the login page (in Spring Security) when the session times-out.
我尝试使用元刷新方法,但是这会产生不希望的副作用,即仅在页面上使用AJAX控件时,元刷新时间将不会更新.这意味着该页面可能会在您仍在使用时刷新,因为您尚未转换到另一个页面,而仅对服务器进行了AJAX调用.我还没有找到使用Primefaces轻松更改此行为的方法.
I have tried using a meta-refresh approach, however this causes an undesired side-effect that the meta-refresh time will not be updated when only AJAX controls are used on the page. This means that the page may refresh while you are still using it, because you haven't transitioned to another page and only made AJAX calls to the server. I have not found a way to change this behavior easily using Primefaces.
当会话终止时,Spring Security将302 HTTP错误消息发送回Primefaces,但是Primefaces只是忽略了重定向请求.您可以知道会话何时到期,因为Primefaces控件的AJAX调用未成功,因此它们停止了响应.
The Spring Security sends a 302 HTTP error message back to Primefaces when the session has expired, however Primefaces just ignores redirect request. You can tell when the session has expired as the Primefaces controls stop responding as their AJAX calls are not succeeding.
我正在使用在Glassfish 3.1.2.2上运行的Primefaces 3.4.2和Spring Security 3.1.4.
I have am using Primefaces 3.4.2, and Spring Security 3.1.4 running on Glassfish 3.1.2.2.
推荐答案
Spring Security将重定向发送回客户端的默认方式存在问题.发送重定向到客户端的默认方法是发送302临时移动响应的HTML方法,但是这不适用于AJAX客户端. AJAX客户端会将其解释为重定向到新位置以发布/获取其数据,而不是页面重定向.使AJAX客户端以与普通HTML请求相同的方式将浏览器重定向到新页面的正确方法是:
This is a problem with the default way that Spring Security sends redirects back to the client. The default method of sending a redirect to the client is the HTML approach of sending a 302 Temporarily Moved response, however this does not work for AJAX clients. The AJAX client will interpret this as a redirect to a new location to post/get its data and not as a page redirect. The correct way to get the AJAX client to redirect the browser to a new page in the same way as a normal HTML request is:
<?xml version=\"1.0\" encoding=\"UTF-8\"?>
<partial-response>
<redirect url="http://your.url.here/"></redirect>
</partial-response>
要覆盖Spring Security使用的默认无效会话策略,您需要在Spring配置中创建一个 SessionManagementFilter bean,并向其传递一个实现 InvalidSessionStrategy 的类,通过HTML或AJAX接收到请求时,发送正确的重定向响应:
To override the default invalid session strategy used by Spring Security, you need to create a SessionManagementFilter bean in your Spring config, and pass it a class that implements InvalidSessionStrategy and sends the correct redirect response when a request is received either via HTML or AJAX:
<bean id="sessionManagementFilter" class="org.springframework.security.web.session.SessionManagementFilter">
<constructor-arg name="securityContextRepository" ref="httpSessionSecurityContextRepository" />
<property name="invalidSessionStrategy">
<bean class="yourpackage.JsfRedirectStrategy">
<constructor-arg name="invalidSessionUrl" value="/your_session_expired_page.xhtml" />
</bean>
</property>
</bean>
<bean id="httpSessionSecurityContextRepository" class="org.springframework.security.web.context.HttpSessionSecurityContextRepository"/>
然后,您需要将此过滤器添加到Spring Security HTTP块中:
You then need to add this filter to your Spring Security HTTP block:
<security:http use-expressions="true">
<security:custom-filter ref="sessionManagementFilter" before="SESSION_MANAGEMENT_FILTER" />
...
</security:http>
现在,当您的应用程序启动时,将创建自定义会话管理过滤器,并且只要发现过期的会话,就会执行所提供的无效会话策略类.
The custom session management filter will now be created when your application starts, and the invalid session strategy class provided will execute whenever an expired session is found.
可以在此处找到有关如何实现无效会话策略的良好示例: https://gist .github.com/banterCZ/5160269
A good example of how to implement the invalid session strategy can be found here: https://gist.github.com/banterCZ/5160269
A similar question using IceFaces is available here: JSF 2, Spring Security 3.x and Richfaces 4 redirect to login page on session time out for ajax requests
这篇关于在Spring Security中在会话超时时重定向处理PrimeFaces Ajax请求的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
