FullAjaxExceptionHandler 不会在 ajax 按钮上显示会话过期错误页面 [英] FullAjaxExceptionHandler does not show session expired error page on ajax button

问题描述

我已经实现了 Omnifaces FullAjaxExceptionHandler 但问题是它不适用于 ajax 请求.当我单击非 ajax 按钮时会话过期后，它运行良好.它将用户重定向到自定义错误页面.但是如果按钮使用ajax，它不会做任何事情.页面卡住了.

I have implemented Omnifaces FullAjaxExceptionHandler but the problem is It is not working with ajax requests. After session expires when I click to non-ajax button, It works well. It redirects user to custom error page. But if the button uses ajax, It doesn't do anything. Page just stucks.

我已将 ActionListener 更改为 Action 并且仍然相同.

I have changed ActionListener to Action and still same.

Edit2:它没有给出错误.Apache Tomcat 输出和 Apache Tomcat 日志都没有.

It gives no error. Neither Apache Tomcat output nor Apache Tomcat Log.

这是我的弹簧安全；

<http auto-config='true' use-expressions="true">
    <intercept-url pattern="/login" access="permitAll"/>
    <intercept-url pattern="/ajaxErrorPage" access="permitAll"/>
    <intercept-url pattern="/pages/*" access="hasRole('admin')" />
    <intercept-url pattern="/j_spring_security_check" access="permitAll"/>        
    <logout logout-success-url="/login.xhtml" />
    <form-login login-page="/login.xhtml"
                login-processing-url="/j_spring_security_check"                                                       
                default-target-url="/pages/index.xhtml"
                always-use-default-target="true"                                                        
                authentication-failure-url="/login.xhtml"/>
</http>

推荐答案

您正在发送同步重定向作为对 ajax 请求的响应(使用例如 response.sendRedirect() 的 HTTP 302 响应).这个不对.JavaScript ajax 引擎将 302 响应视为将 ajax 请求重新发送到的新目的地.然而，这反过来返回一个普通的 HTML 页面，而不是一个 XML 文档，其中包含页面的哪些部分要更新的说明.这是令人困惑的，因此重定向的响应被完全忽略.这正好解释了您所面临的症状.

You're sending a synchronous redirect as a response to the ajax request (a HTTP 302 response using e.g. response.sendRedirect()). This is not right. The JavaScript ajax engine treats the 302 response as a new destination to re-send the ajax request to. However, that in turn returns a plain vanilla HTML page instead of a XML document with instructions which parts of the page to update. This is confusing and thus the redirected response is altogether ignored. That explains precisely the symptoms you're facing.

在以下密切相关的问题中也提出并回答了同样的问题:

The very same problem is also asked and answered in the following closely related questions:

• FullAjaxExceptionHandler 在之后不会重定向到错误页面无效会话
• 如果用户单击浏览器后退按钮，如何在会话过期时将用户移动到超时页面
• 浏览器发起的重定向请求，但不成功
• 会话过期时的授权重定向不适用于提交 JSF 表单，页面保持不变
• JSF 过滤器在初始重定向后未重定向

基本上，您需要以某种方式指示 Spring Security 执行以下条件检查:

Basically, you need to instruct Spring Security in some way to perform the following conditional check:

if ("partial/ajax".equals(request.getHeader("Faces-Request"))) {
    // JSF ajax request. Return special XML response which instructs JavaScript that it should in turn perform a redirect.
    response.setContentType("text/xml");
    response.getWriter()
        .append("<?xml version="1.0" encoding="UTF-8"?>")
        .printf("<partial-response><redirect url="%s"></redirect></partial-response>", loginURL);
} else {
    // Normal request. Perform redirect as usual.
    response.sendRedirect(loginURL);
}

然而，我不是 Spring 用户，我对使用它不感兴趣，因此无法提供更详细的答案，如何在 Spring Security 中执行此检查.然而，我可以说 Apache Shiro 有完全相同的问题，这在这篇博客文章中得到了解释和解决:让 Shiro JSF Ajax 感知.

I'm however no Spring user and I'm not interested to use it, and am therefore not able to give a more detailed answer how to perform this check in Spring Security. I can however tell that Apache Shiro has exactly the same problem which is explained and solved in this blog article: Make Shiro JSF Ajax Aware.

这篇关于FullAjaxExceptionHandler 不会在 ajax 按钮上显示会话过期错误页面的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！