Spring安全会话超时处理Ajax调用 [英] Spring security Session Timeout handling for Ajax calls

问题描述

我已经在使用Spring Security的地方创建了webapp，并在下面显示的 spring-security.xml 文件中添加了2个自定义过滤器.

I have create webapp where I have used Spring Security and I have added 2 custom filters to spring-security.xml file shown below.

    <security:custom-filter ref="authenticationFilter" position="FORM_LOGIN_FILTER"/>
    <security:custom-filter ref="concurrencyFilter" position="CONCURRENT_SESSION_FILTER"/>

它适用于非ajax请求.当我尝试在会话已过期时发送AJAX请求时，操作将以html形式返回给我登录页面，该页面作为响应被加载到div元素中.我已经搜索了解决方案，并找到了此链接

It works for non ajax requests. When I try to send AJAX request while session is already expired action returns me login page as html which as response is loaded into the div element. I have already searched for solution and found this link Session Timeout handling for Ajax calls where defined functionality returns status code and this code used in javascript side in order to navigate user to login page.

我的问题是:

必须在 spring-security.xml 文件中定义 authenticationFilter ， concurrencyFilter 和 ajaxTimeoutRedirectFilter 的顺序.使请求管道正确处理?

In which order authenticationFilter, concurrencyFilter and ajaxTimeoutRedirectFilter have to be defined in spring-security.xml file to make request pipeline correctly to be handled?

推荐答案

查看 3)过滤器配置:

这个想法是在Spring Security过滤器链中添加上述自定义过滤器.筛选器链中的顺序至关重要.为了发送自定义HTTP错误代码，我们的过滤器应在香草ExceptionTranslationFilter 之前拦截Ajax调用的会话超时.

The idea is to add the above custom filter in the Spring Security filter chain. The order in the filter chain is crucial. Our filter should intercept the session timeout for Ajax calls before the vanilla ExceptionTranslationFilter in order to send the custom HTTP error code.

在xml配置中添加:

<custom-filter ref="ajaxTimeoutRedirectFilter" after="EXCEPTION_TRANSLATION_FILTER"/>

在Java配置中添加:

in java config add :

@Bean
public Filter ajaxTimeOutRedirectFilter() {
    AjaxTimeOutRedirectFilter f = new AjaxTimeOutRedirectFilter();
    //f.setCustomSessionExpiredErrorCode(901);
    return f;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .addFilterAfter(ajaxTimeOutRedirectFilter(), ExceptionTranslationFilter.class)
        ...
        ...
}

它对我有用，这要感谢 DuyHai的Java博客和

it works for me, thanks to DuyHai's Java Blog and Demo application for the article

这篇关于Spring安全会话超时处理Ajax调用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！