FullAjaxExceptionHandler 不会在 ajax 按钮上显示会话过期错误页面 [英] FullAjaxExceptionHandler does not show session expired error page on ajax button
问题描述
我已经实现了 Omnifaces FullAjaxExceptionHandler 但问题是它不适用于 ajax 请求.当我单击非 ajax 按钮时会话过期后,它运行良好.它将用户重定向到自定义错误页面.但是如果按钮使用ajax,它不会做任何事情.页面卡住了.
I have implemented Omnifaces FullAjaxExceptionHandler but the problem is It is not working with ajax requests. After session expires when I click to non-ajax button, It works well. It redirects user to custom error page. But if the button uses ajax, It doesn't do anything. Page just stucks.
我已将 ActionListener 更改为 Action 并且仍然相同.
I have changed ActionListener to Action and still same.
Edit2:它没有给出错误.Apache Tomcat 输出和 Apache Tomcat 日志都没有.
It gives no error. Neither Apache Tomcat output nor Apache Tomcat Log.
这是我的弹簧安全;
<http auto-config='true' use-expressions="true">
<intercept-url pattern="/login" access="permitAll"/>
<intercept-url pattern="/ajaxErrorPage" access="permitAll"/>
<intercept-url pattern="/pages/*" access="hasRole('admin')" />
<intercept-url pattern="/j_spring_security_check" access="permitAll"/>
<logout logout-success-url="/login.xhtml" />
<form-login login-page="/login.xhtml"
login-processing-url="/j_spring_security_check"
default-target-url="/pages/index.xhtml"
always-use-default-target="true"
authentication-failure-url="/login.xhtml"/>
</http>
推荐答案
您正在发送同步重定向作为对 ajax 请求的响应(使用例如 response.sendRedirect()
的 HTTP 302 响应).这个不对.JavaScript ajax 引擎将 302 响应视为将 ajax 请求重新发送到的新目的地.然而,这反过来返回一个普通的 HTML 页面,而不是一个 XML 文档,其中包含页面的哪些部分要更新的说明.这是令人困惑的,因此重定向的响应被完全忽略.这正好解释了您所面临的症状.
You're sending a synchronous redirect as a response to the ajax request (a HTTP 302 response using e.g. response.sendRedirect()
). This is not right. The JavaScript ajax engine treats the 302 response as a new destination to re-send the ajax request to. However, that in turn returns a plain vanilla HTML page instead of a XML document with instructions which parts of the page to update. This is confusing and thus the redirected response is altogether ignored. That explains precisely the symptoms you're facing.
在以下密切相关的问题中也提出并回答了同样的问题:
The very same problem is also asked and answered in the following closely related questions:
- FullAjaxExceptionHandler 在之后不会重定向到错误页面无效会话
- 如果用户单击浏览器后退按钮,如何在会话过期时将用户移动到超时页面
- 浏览器发起的重定向请求,但不成功
- 会话过期时的授权重定向不适用于提交 JSF 表单,页面保持不变
- JSF 过滤器在初始重定向后未重定向
基本上,您需要以某种方式指示 Spring Security 执行以下条件检查:
Basically, you need to instruct Spring Security in some way to perform the following conditional check:
if ("partial/ajax".equals(request.getHeader("Faces-Request"))) {
// JSF ajax request. Return special XML response which instructs JavaScript that it should in turn perform a redirect.
response.setContentType("text/xml");
response.getWriter()
.append("<?xml version="1.0" encoding="UTF-8"?>")
.printf("<partial-response><redirect url="%s"></redirect></partial-response>", loginURL);
} else {
// Normal request. Perform redirect as usual.
response.sendRedirect(loginURL);
}
然而,我不是 Spring 用户,我对使用它不感兴趣,因此无法提供更详细的答案,如何在 Spring Security 中执行此检查.然而,我可以说 Apache Shiro 有完全相同的问题,这在这篇博客文章中得到了解释和解决:让 Shiro JSF Ajax 感知.
I'm however no Spring user and I'm not interested to use it, and am therefore not able to give a more detailed answer how to perform this check in Spring Security. I can however tell that Apache Shiro has exactly the same problem which is explained and solved in this blog article: Make Shiro JSF Ajax Aware.
这篇关于FullAjaxExceptionHandler 不会在 ajax 按钮上显示会话过期错误页面的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!