使用 Ajax 使用 Spring security 登录 [英] Login with Spring security using Ajax
问题描述
我正在尝试使用 Spring Security 在基于 Ajax 的登录系统上工作并且它工作正常,直到我遇到另一个需要配置 authentication-success-handler
的要求,以便我可以一旦用户通过 Spring 安全认证,做一些后处理.
I am trying to work on Ajax based login system using Spring Security and it was working fine, till I got with another requirement where I need to configure authentication-success-handler
, so as I can do some post processing once user is authenticated by Spring security.
之前我没有使用 <form-login/>
来显示登录页面.我的登录部分是一个下拉列表,是整个应用程序常见的标题部分的一部分.
Earlier I was not using <form-login/>
for showing Login page.My Login section is a drop down and part of header section which is common for entire application.
这就是我尝试配置 Spring 安全性的方式
This is how I am trying to configure Spring security
<http pattern="/customer/**" auto-config="true" use-expressions="true" authentication-manager-ref="customerAuthenticationManager">
<!--<http pattern="/customer/**" auto-config="true" use-expressions="true">-->
<intercept-url pattern="/customer/logon.html*" access="permitAll" />
<intercept-url pattern="/customer/denied.html" access="permitAll"/>
<intercept-url pattern="/customer" access="hasRole('AUTH_CUSTOMER')" />
<intercept-url pattern="/customer/" access="hasRole('AUTH_CUSTOMER')" />
<intercept-url pattern="/customer/*.html" access="hasRole('AUTH_CUSTOMER')" />
<intercept-url pattern="/customer/*/*.html" access="hasRole('AUTH_CUSTOMER')" />
<form-login login-processing-url="/customer/logon.html" login-page="/shop/home.html"
authentication-success-handler-ref="webshopAuthenticationSuccessHandler" />
<logout invalidate-session="true"
logout-success-url="/customer/home.html"
logout-url="/customer/j_spring_security_logout" />
<access-denied-handler error-page="/customer/denied.html"/>
</http>
使用这些配置,当我使用正确的凭据点击登录按钮时,我会收到 HTTP 302 错误
With these configuration, when ever I am clicking on login button with correct credentials, i am getting HTTP 302 error
http://localhost:8080/shop/customer/logon.html 302 found
不确定我到底做错了什么?
Not sure what exactly I am doing wrong?
<form id="login" method="post" accept-charset="UTF-8">
<input id="userName" type="text" name="userName" size="30" />
<button type="submit" class="btn">Login</button>
</form>
Ajax 代码
var data = $(this).serializeObject();
$.ajax({
'type': 'POST',
'url': "<c:url value="/customer/logon.html"/>",
'contentType': 'application/json',
'data': JSON.stringify(data),
'dataType': 'json',
....
}}:
登录部分
Authentication authenticationToken = new UsernamePasswordAuthenticationToken(customer.getUserName(), customer.getPassword());
try {
Authentication authentication = customerAuthenticationManager.authenticate(authenticationToken);
SecurityContextHolder.getContext().setAuthentication(authentication);
resp.setStatus(AjaxResponse.RESPONSE_STATUS_SUCCESS);
} catch (AuthenticationException ex) {
resp.setStatus(AjaxResponse.RESPONSE_STATUS_FAIURE);
}
有任何输入吗?经过我所有的努力,我仍然得到 302 和上述配置,即使我的 logon.html
控制器也没有被调用.
Any inputs? With all my efforts, I am still getting 302 and with above configuration, even my logon.html
controller is not getting called.
我的主要问题是当我使用
My main issue is when I am enabling Spring security using
<form-login login-processing-url="/customer/logon.html" login-page="/shop/home.html"
authentication-success-handler-ref="webshopAuthenticationSuccessHandler" />
我从 logon.html
得到 302
甚至 logon.html
控制器没有被触发(在它上面放置了调试器)>
I am getting 302
from logon.html
and even logon.html
Controller is not being triggered (placed debugger on it)
推荐答案
首先你不需要控制器,spring security 会为你处理这一切.所以放下控制器.
First you don't need a controller, spring security handles all this for you. So drop the controller.
当前问题是由于您的基于 JSON 的帖子造成的.这是由处理登录的普通过滤器处理的,但它没有看到 j_username
和 j_password
字段,因此将(302)重定向到登录页面(在您的情况下 /shop/home.html
) 要求这些字段.
The current problem is due to your JSON based post. This is handled by the normal filter which handles login, but it doesn't see a j_username
and j_password
field and as such will redirect (the 302) to the login page (in your case /shop/home.html
) asking for those fields.
基本上,您将数据作为 JSON 发布,而它应该只是一个 ajaxified 表单发布.这允许您编写一个简单的 AuthenticationSuccessHandler
,当一切正常时,它只返回 401 或 200 状态代码(可能还有正文).
Basically you are posting the data as JSON whereas it simply should be just an ajaxified form post. This allows you to write a simple AuthenticationSuccessHandler
which simply returns a 401 or a 200 status-code (and maybe a body) when things are ok.
将您的 ajax 提交更改为这样的内容应该可以使事情正常进行.
Changing your ajax submit to something like this should make things work.
var data = $(this).serializeObject();
$.ajax({
'type': $(this).action,
'url': $(this).target,
'data': data
}):
这应该创建一个 ajax 表单帖子.可能是您需要在周围的方法中调用 preventDefault()
来阻止表单实际发布.
This should create a ajax form post. Might be that you need a call to preventDefault()
in the surrounding method to stop the form from actual posting.
这篇关于使用 Ajax 使用 Spring security 登录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!