使用Spring Security和Ajax登录信息处理无效的用户/密码

Question

I am using spring security login+ ajax login. If a user provides wrong credential i need to show a message saying "invalid user/password"

This is the ajax login jquery code.

$(document).ready(function(){
$('#login_btn').click(function(){
    //alert("aaa"+validateLoginForm());
    if(validateLoginForm()){

        sprpst = 'j_username='+$('#j_username').val()+'&j_password='+$('#j_password').val();
        $.post('j_spring_security_check',sprpst,function(data1) {

            window.location.reload();

        }); 
        $.blockUI({ message : '<h1><img src="images/busy.gif" /> Loading...</h1>' });
    }
});
});

This is the spring security login

<form-login login-page="/login" default-target-url="/deals" authentication-failure-url="/deals?login_error=1"/>

Any help will be appreciated.

Thanks :)

Answer 1

You need:

1. Provide a custom AuthenticationEntryPoint (that can use default LoginUrlAuthenticationEntryPoint as a base class). In AuthenticationEntryPoint.commence(...) method check that this is AJAX call and return 403 code instead of redirecting to login page.
2. Set up your custom AuthenticationEntryPoint in Spring Security conf.
3. Check the code of AJAX response. If it contains 403 then show corresponding error message about wrong credentials.

The code of a custom authentication entry point may looks like:

public class CustomAuthenticationEntryPoint extends LoginUrlAuthenticationEntryPoint {

    @Override
    public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException {
        String header = request.getHeader("X-Requested-With");
        if (StringUtils.hasText(header) && header.equals("XMLHttpRequest") && authException != null) {
            response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
        } else {
            super.commence(request, response, authException);
        }
    }
}