AngularJS:如何分析的302响应 [英] AngularJS: How to parse response of 302
问题描述
我实现一个登录页面AngularJS打击LDAP服务器进行身份验证。在后端的认证是由Spring Security的完成。基本上,用户名和密码通过由弹簧没有明确的处理程序处理POST请求发送到服务器。
I am implementing a Login page with AngularJS to authenticate against LDAP server. The authentication at the back end is done by Spring Security. Basically username and password are sent to server via a post request which is handled by Spring without an explicit handler.
当我提交登录表单,POST请求返回302并重定向到基于凭证是否有效与否的另一个URL。如果密码是正确的,它会发起GET请求的http://本地主机:8080 / 。如果密码是错误的,它重定向到的http://本地主机:8080 /登录错误。这是Spring Security的已知行为。据戴夫Syer的文章,Spring Security的默认行为是发送302对成功与失败,和角度将遵循重定向,所以我们将不得不真正分析从响应。在Dave的教程中,他用了一个辅助函数,以验证在一般情况下的认证。我不认为这会为LDAP认证工作,虽然。
When I submit the login form, the post request returns 302 and redirect to another url based on whether credentials are valid or not. If the password is correct, it will initiate GET request to "http://localhost:8080/". If password is wrong, it redirects to "http://localhost:8080/login?error". This is known behavior of Spring Security. According to Dave Syer's article, "the Spring Security default behaviour is to send a 302 on success and failure, and Angular will follow the redirect, so we would have to actually parse the response from that". In Dave's tutorial, he used a helper function to verify the authentication in the general case. I don't think it would work for LDAP authentication though.
我发现了另一个非常类似的帖子<一个href=\"http://stackoverflow.com/questions/28460071/spring-boot-and-security-with-custom-angularjs-login-page\">Spring引导和安全自定义AngularJS登录页面。虽然没有一个正式答复的基础上,最后的评论,似乎在修改 .antMatchers Java中的配置可能已经解决了这个问题的路径。不过,我有我的安全配置发挥(见下文)来回,它似乎并没有帮助。
I found another very similar post Spring Boot and Security with custom AngularJS Login page. Although it does not have an official answer, based on the last comment, it seems modifying paths in .antMatchers in Java config may have resolved the issue. However I played with my security config (see below) back and forth and it did not seem to help.
protected void configure(HttpSecurity http) throws Exception {
http
.httpBasic().and()
.addFilterBefore(new CORSFilter(), ChannelProcessingFilter.class)
.csrf().disable()
.authorizeRequests()
.antMatchers("/login/", "/login","login/")
.permitAll()
.anyRequest()
.authenticated()
.and()
.formLogin();
}
尽管302不产生任何响应,客户端因为某种知道重定向到基于证书的有效性,而URL。我的理解是,如果认证成功与否的一个秘密的方式从服务器必须告诉客户端。如果我捕捉和之前客户端发送GET请求解析这个隐藏的信息,我可以使与角的认证工作。事情是这样的(部分伪code):
Although 302 does not produce any response, client somehow knows which url to redirect to based on credential's validity. My understanding is that the server must have told client if authentication succeeds or not in a "secret" way. If I capture and parse this hidden information before client sends GET request, I could make the authentication work with Angular. Something like this (partially pseudo code):
app.controller("LoginCtrl", ['$scope', '$location',
function($scope, $location){
$scope.authenticate = function() {
loginFactory.login($scope.username, $scope.password) {
// pseudo code starts
if (redirect.path == 'localhost') {
$location.path('/main');
}
else {
$location.path('/loginfail');
console.log("Login failed");
}
}
}]);
问题是如何诊断的302和识别重定向发生之前的反应的本质?最坏的情况,我可以让重定向启动,并从GET请求抢 response.path 并决定登录是否成功。但我尽量不走这条路。需要建议厉害。
The question is how to diagnose the 302 and identify the nature of the response before redirect happens? Worst case scenario, I could let the redirect to start, and grab response.path from the GET request and decide whether login is successful. But I try not to go down that path. Need suggestion badly.
推荐答案
在谷歌搜索的时间,我发现了一种燮preSS 302,从而避免在此基础上<一个重定向href=\"http://www.baeldung.com/2011/10/31/securing-a-restful-web-service-with-spring-security-3-1-part-3/#ch_3_4\"相对=nofollow>文章。该解决方案是注入的形式登录过滤器自定义身份验证成功处理程序和 SimpleUrlAuthenticationFailureHandler 来处理身份验证失败。
After hours of google search, I found a way to suppress the 302 and thus avoid redirects based on this article. The resolution is to inject a custom authentication success handler in the form login filter and SimpleUrlAuthenticationFailureHandler to handle failed authentication.
这篇关于AngularJS:如何分析的302响应的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
