简体繁体 English

具有AJAX身份验证的Spring Security

[英]Spring Security with AJAX authentication

原文 2014-05-04 06:53:56 8 1 jquery/ ajax/ spring/ spring-security

I am trying to use Spring security to authenticate a web application to protected resources using AJAX, as in, a popup dialog rather than the default redirect to a separate login form. 我正在尝试使用Spring安全性使用AJAX对Web应用程序进行身份验证，以保护资源，例如弹出对话框，而不是默认重定向到单独的登录表单。 However I am having real trouble getting my noggin around this problem. 但是，我很难解决这个问题。 I have tried to implement a test based on the contents of the following URL: 我试图根据以下URL的内容实施测试：

http://www.cavalr.com/blog/Spring_MVC_-_Spring_Security_with_AJAX_and_JSON http://www.cavalr.com/blog/Spring_MVC_-_Spring_Security_with_AJAX_and_JSON

But to no avail - the dialog remains open and the controller is not called. 但无济于事-对话框保持打开状态，未调用控制器。

I have read conflicting information that says the AJAX URL must POST to j_spring_security_check and that it will expect the login and password form components to be named according to Spring security's requirements. 我已经读到了一些相互矛盾的信息，其中说AJAX URL必须POST到j_spring_security_check ，并且它将期望根据Spring安全性的要求来命名登录名和密码表单组件。

Can someone clarify this for me? 有人可以帮我澄清一下吗？

1 个解决方案

Spring Security Web was designed during the time when JSP was the primary UI code. Spring Security Web是在JSP是主要UI代码的时候设计的。 Therefore the default implementation of success/failed authentication is to redirect user to a success/failed page. 因此，成功/失败认证的默认实现是将用户重定向到成功/失败页面。 If you are building Web 2.0 based application which is heavily using Ajax, you'll need to extend spring security code to always return json/XML to your UI code. 如果要构建大量使用Ajax的基于Web 2.0的应用程序，则需要扩展spring安全代码以始终将json / XML返回到UI代码。