Spring防止Ajax调用成为身份验证的目标URL [英] Spring prevent ajax call from being target url on authentication
问题描述
我有一个运行中的Spring/Java Web应用程序.在某些页面上,当我注销时,要发出的最后一个请求是AJAX调用.因此,当我重新登录时,Spring将我重定向到ajax调用,这给了我一个充满json的浏览器.我的登录成功处理程序扩展了 SavedRequestAwareAuthenticationSuccessHandler
.
I have a working Spring/Java web application. On some pages, when I log out, the last request to be made is an AJAX call. So, when I log back in, Spring redirects me to the ajax call giving me a browser full of json. My login success handler extends the SavedRequestAwareAuthenticationSuccessHandler
.
如何控制成功登录后转发到哪个网址?
How can I control which url's get forwarded to on a successful login?
推荐答案
我的解决方案受到Rob Winch的回答的启发.尽管在我的场景中,Spring 正在保存设置了 X-Requested-With:XMLHttpRequest
的请求.这些是我必须忽略的要求.
My solution is inspired by Rob Winch's answer. Though, in my scenario, Spring was saving requests that had X-Requested-With: XMLHttpRequest
set. These were the requests I had to ignore.
我创建了一个类作为我的自定义 RequestCache
类.
I created a class to be my custom RequestCache
class.
@Service("customRequestCache")
public class CustomRequestCache extends HttpSessionRequestCache { //this class (bean) is used by spring security
@Override
public void saveRequest(HttpServletRequest request, HttpServletResponse response) {
if (!"XMLHttpRequest".equalsIgnoreCase(request.getHeader("X-Requested-With"))) {
//request is not ajax, we can store it
super.saveRequest(request, response);
} else {
//do nothing, add some logs if you want
}
}
}
然后,在我的春季安全配置中:
Then, in my spring security config:
<http>
<request-cache ref="customRequestCache" />
</http>
使用此自定义请求缓存类后,不再存储ajax请求.
With this custom request cache class being used, ajax requests are no longer being stored.
这篇关于Spring防止Ajax调用成为身份验证的目标URL的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!