使用Spring Security告诉Ajax请求，其中登录页面 [英] use spring security to tell ajax requests where the login page is

问题描述

我有一些固定的URL与弹簧（通过XML配置）。有用。然而，当我试着打该端点与一个Ajax请求，我收到了302（找到）响应。这重定向我的ajax调用到登录页面（让我得到的HTML）。不过，我想获得与提供给客户端应用程序的登录页面的URL一个401的响应，这样我就可以使用JavaScript重定向用户那里。 <一href="http://stackoverflow.com/questions/6243075/whats-the-best-way-to-let-the-ajax-app-know-of-the-errors-back-at-server">This问题似乎是最接近我想要的，但有没有例子，它表明再次改变控制器。是否有弹簧的安全性无需配置，这将使我一个401和一个URL（或其他一些有意义的错误消息和登录页面的URL）？

I have some url secured with spring (configured through xml). It works. However when I try to hit that endpoint with an ajax request I get a 302 (found) response. This redirects my ajax call to the login page (so I GET the html). However I'd like to get a 401 (unauthorized) response with the url of the login page available to the client application, so I can redirect the user there with javascript. This question seems to be the closest to what I want, but there's no example and it suggests changing the controller again. Is there no configuration in spring-security that will give me a 401 and a url (or some other sensible error message and the url of the login page)?

推荐答案

您可以扩展LoginUrlAuthenticationEntryPoint。这是我的一种：

You can extend LoginUrlAuthenticationEntryPoint. Here is my one:

package hu.progos.springutils;
// imports omitted
public class AjaxAwareLoginUrlAuthenticationEntryPoint extends LoginUrlAuthenticationEntryPoint {
    public void commence(final HttpServletRequest request, final HttpServletResponse response, final AuthenticationException authException) throws IOException, ServletException {
        if ("XMLHttpRequest".equals(request.getHeader("X-Requested-With"))) {
            response.sendError(HttpServletResponse.SC_FORBIDDEN, "Access Denied");
        } else {
            super.commence(request, response, authException);
        }
    }
}

然后配置Spring使用您的实现：

Then configure spring to use your implementation:

<beans:bean id="authEntryPoint" class="hu.progos.springutils.AjaxAwareLoginUrlAuthenticationEntryPoint" scope="singleton>
    <beans:property name="loginFormUrl" value="/login.html" />
</beans:bean>

<http entry-point-ref="authEntryPoint">
  <!-- your settings here -->
</http>

这篇关于使用Spring Security告诉Ajax请求，其中登录页面的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！