Spring防止Ajax调用成为身份验证的目标URL [英] Spring prevent ajax call from being target url on authentication

问题描述

我有一个运行中的Spring/Java Web应用程序.在某些页面上，当我注销时，要发出的最后一个请求是AJAX调用.因此，当我重新登录时，Spring将我重定向到ajax调用，这给了我一个充满json的浏览器.我的登录成功处理程序扩展了 SavedRequestAwareAuthenticationSuccessHandler .

I have a working Spring/Java web application. On some pages, when I log out, the last request to be made is an AJAX call. So, when I log back in, Spring redirects me to the ajax call giving me a browser full of json. My login success handler extends the SavedRequestAwareAuthenticationSuccessHandler.

如何控制成功登录后转发到哪个网址?

How can I control which url's get forwarded to on a successful login?

推荐答案

我的解决方案受到Rob Winch的回答的启发.尽管在我的场景中，Spring 正在保存设置了 X-Requested-With:XMLHttpRequest 的请求.这些是我必须忽略的要求.

My solution is inspired by Rob Winch's answer. Though, in my scenario, Spring was saving requests that had X-Requested-With: XMLHttpRequest set. These were the requests I had to ignore.

我创建了一个类作为我的自定义 RequestCache 类.

I created a class to be my custom RequestCache class.

@Service("customRequestCache")
public class CustomRequestCache extends HttpSessionRequestCache { //this class (bean) is used by spring security

    @Override
    public void saveRequest(HttpServletRequest request, HttpServletResponse response) {
        if (!"XMLHttpRequest".equalsIgnoreCase(request.getHeader("X-Requested-With"))) {
            //request is not ajax, we can store it
            super.saveRequest(request, response);
        } else {
            //do nothing, add some logs if you want
        }
    }
}

然后，在我的春季安全配置中:

Then, in my spring security config:

<http>
    <request-cache ref="customRequestCache" />
</http>

使用此自定义请求缓存类后，不再存储ajax请求.

With this custom request cache class being used, ajax requests are no longer being stored.

这篇关于Spring防止Ajax调用成为身份验证的目标URL的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！