FullAjaxExceptionHandler不在ajax按钮上显示会话过期错误页面 [英] FullAjaxExceptionHandler does not show session expired error page on ajax button
问题描述
我已经实现了Omnifaces FullAjaxExceptionHandler,但问题是它不适用于ajax请求.当会话过期后,当我单击非ajax按钮时,它将运行良好.它将用户重定向到自定义错误页面.但是,如果按钮使用ajax,则不会执行任何操作.页面只是卡住了.
I have implemented Omnifaces FullAjaxExceptionHandler but the problem is It is not working with ajax requests. After session expires when I click to non-ajax button, It works well. It redirects user to custom error page. But if the button uses ajax, It doesn't do anything. Page just stucks.
我将ActionListener更改为Action,并且仍然相同.
I have changed ActionListener to Action and still same.
Edit2:它没有错误. Apache Tomcat输出或Apache Tomcat日志都不会.
It gives no error. Neither Apache Tomcat output nor Apache Tomcat Log.
这是我的春季安全用品;
here is my spring security;
<http auto-config='true' use-expressions="true">
<intercept-url pattern="/login" access="permitAll"/>
<intercept-url pattern="/ajaxErrorPage" access="permitAll"/>
<intercept-url pattern="/pages/*" access="hasRole('admin')" />
<intercept-url pattern="/j_spring_security_check" access="permitAll"/>
<logout logout-success-url="/login.xhtml" />
<form-login login-page="/login.xhtml"
login-processing-url="/j_spring_security_check"
default-target-url="/pages/index.xhtml"
always-use-default-target="true"
authentication-failure-url="/login.xhtml"/>
</http>
推荐答案
您正在发送同步重定向作为对ajax请求的响应(使用例如response.sendRedirect()
的HTTP 302响应).这个不对. JavaScript ajax引擎将302响应视为重新发送ajax请求的新目的地.但是,这反过来会返回普通的HTML页面,而不是XML文档,其中包含要更新页面的哪些部分的说明.这令人困惑,因此重定向响应被完全忽略.那正好解释了您所面临的症状.
You're sending a synchronous redirect as a response to the ajax request (a HTTP 302 response using e.g. response.sendRedirect()
). This is not right. The JavaScript ajax engine treats the 302 response as a new destination to re-send the ajax request to. However, that in turn returns a plain vanilla HTML page instead of a XML document with instructions which parts of the page to update. This is confusing and thus the redirected response is altogether ignored. That explains precisely the symptoms you're facing.
在以下密切相关的问题中也提出并回答了同样的问题:
The very same problem is also asked and answered in the following closely related questions:
- FullAjaxExceptionHandler在此之后不会重定向到错误页面无效的会话
- 获取由浏览器发起的重定向请求,但不成功
- 会话过期时的授权重定向不适用于提交JSF表单,页面保持不变
- 初始重定向后JSF过滤器未重定向
- FullAjaxExceptionHandler does not redirect to error page after invalidated session
- How to move user to timeout page when session expires, if user click on browser back button
- GET request for redirect initiated by browser but not successful
- Authorization redirect on session expiration does not work on submitting a JSF form, page stays the same
- JSF Filter not redirecting After Initial Redirect
基本上,您需要以某种方式指导Spring Security来执行以下条件检查:
Basically, you need to instruct Spring Security in some way to perform the following conditional check:
if ("partial/ajax".equals(request.getHeader("Faces-Request"))) {
// JSF ajax request. Return special XML response which instructs JavaScript that it should in turn perform a redirect.
response.setContentType("text/xml");
response.getWriter()
.append("<?xml version=\"1.0\" encoding=\"UTF-8\"?>")
.printf("<partial-response><redirect url=\"%s\"></redirect></partial-response>", loginURL);
} else {
// Normal request. Perform redirect as usual.
response.sendRedirect(loginURL);
}
但是我不是Spring用户,所以我对它不感兴趣,因此无法给出更详细的答案,说明如何在Spring Security中执行此检查.但是,我可以说Apache Shiro遇到的问题与本博客文章中解释和解决的问题完全相同:
I'm however no Spring user and I'm not interested to use it, and am therefore not able to give a more detailed answer how to perform this check in Spring Security. I can however tell that Apache Shiro has exactly the same problem which is explained and solved in this blog article: Make Shiro JSF Ajax Aware.
这篇关于FullAjaxExceptionHandler不在ajax按钮上显示会话过期错误页面的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!