在基于 Spring 的 Web 应用程序中处理会话过期事件 [英] handle session expired event in spring based web application

问题描述

我在我的应用程序中使用了 Spring 安全功能，但我发现当会话过期时，所有请求 ajax 都返回页面 login.jsp(不是重定向，在 http 响应中，它放置了所有 html 内容)这是我的 webapp 的登录页面.我在我的应用程序中使用了很多 ajax 请求，目标是返回某些错误代码，例如 510 而不是登录页面.

I am using Spring security feature in my application, but I found out that when the session expired, all the request ajax return the page login.jsp(not redirect, in http response, it puts all the html content) which is the login page of my webapp. I used a lot of ajax request in my app and the goal is return certain error code like 510 instead of the login page.

<session-management session-authentication-strategy-ref="example" /> 

没有无效会话网址我试图使无效会话 url = ""，不起作用.非常感谢

without invalid-session-url I tried to make invalid-session-url = "", doesn't work. Many thanks

推荐答案

使用自定义 AuthenticationEntryPoint:

package com.example.spring.security
// imports here

public class AjaxAwareAuthenticationEntryPoint
     extends LoginUrlAuthenticationEntryPoint {

  public AjaxAwareAuthenticationEntryPoint(final String loginFormUrl) {
    super(loginFormUrl);
  }

  @Override
  public void commence(final HttpServletRequest request, final HttpServletResponse response, final AuthenticationException authException)
      throws IOException, ServletException {

    if ("XMLHttpRequest".equals(request.getHeader("X-Requested-With"))) {
      response.sendError(403, "Forbidden");
    } else {
      super.commence(request, response, authException);
    }
  }
}

在 元素:

Define a bean and use it as entry-point-ref in <http> element:

<http entry-point-ref="authenticationEntryPoint">
  <!-- more configuration here -->
</http>

<bean id="authenticationEntryPoint"
   class="com.example.spring.security.AjaxAwareAuthenticationEntryPoint">
 <constructor-arg value="/login.jsp"/>
</bean>

这篇关于在基于 Spring 的 Web 应用程序中处理会话过期事件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！