Spring Security Ajax登录
[英]Spring Security Ajax Login
问题描述
I am currently working on Spring Security 4. Everything works fine if using default login method. 
我目前正在使用Spring Security4。如果使用默认登录方法,一切都可以正常工作。 However, in practice, I need to login using Ajax method. 但是,实际上,我需要使用Ajax方法登录。
spring-security.xml spring-security.xml
<http use-expressions="true" auto-config="true">
<intercept-url pattern="/resources/**" access="permitAll" />
<form-login
login-processing-url="/resources/login-processing"
default-target-url="http://127.0.0.1:57633/"
/>
<csrf request-matcher-ref="csrfSecurityRequestMatcher"/>
<!-- <csrf disabled="true" /> -->
</http>
In the controllers , I use @PreAuthorize annotation. 在controllers ,我使用@PreAuthorize批注。 In jQuery, the ajax request is as follows: 在jQuery中,ajax请求如下:
$.ajax({
url:"http://localhost:8080/myapp/resources/login-processing",
data:{username:$("#inputLogin")[0].value,
password:$("#inputPassword")[0].value
},
method:"POST",
success: function(data, textStatus, request) {
console.log(request.getResponseHeader())
}
})
.done(function(data, textStatus, request) {
console.log(request.getResponseHeader("Set-Cookie"))
})
.error(function(error) {
console.log(error)
})
Even though I set permitAll , it still response 403 error with the following response header: 即使我设置了permitAll ,它仍然使用以下响应标头响应403错误:
Access-Control-Allow-Headers:x-requested-with
Access-Control-Allow-Methods:POST, GET, OPTIONS, DELETE
Access-Control-Allow-Origin:*
Access-Control-Max-Age:3600
Cache-Control:no-cache, no-store, max-age=0, must-revalidate
Content-Language:en
Content-Length:1116
Content-Type:text/html;charset=utf-8
Date:Mon, 18 Apr 2016 02:07:26 GMT
Expires:0
Pragma:no-cache
Server:Apache-Coyote/1.1
Set-Cookie:JSESSIONID=974B1629ECE3EB289F35097C9E9D9FDC; Path=/cancercloud/; HttpOnly
X-Content-Type-Options:nosniff
X-Frame-Options:DENY
X-XSS-Protection:1; mode=block
What should I do to configure Ajax login? 我应该如何配置Ajax登录?
1 个解决方案
解决方案1
0 2017-05-17 06:01:40
public class MySavedRequestAwareAuthenticationSuccessHandler extends
SimpleUrlAuthenticationSuccessHandler{
private RequestCache requestCache = new HttpSessionRequestCache();
public RequestCache getRequestCache() {
return requestCache;
}
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
Authentication authentication) throws IOException, ServletException {
SavedRequest savedRequest
= requestCache.getRequest(request, response);
response.setHeader("targetUrl", determineTargetUrl(authentication));
if (savedRequest == null) {
clearAuthenticationAttributes(request);
return;
}
String targetUrlParam = getTargetUrlParameter();
if (isAlwaysUseDefaultTargetUrl()
|| (targetUrlParam != null
&& StringUtils.hasText(request.getParameter(targetUrlParam)))) {
requestCache.removeRequest(request, response);
clearAuthenticationAttributes(request);
return;
}
clearAuthenticationAttributes(request);
}
public String determineTargetUrl(Authentication authentication) {
boolean isUser = false;
boolean isAdmin = false;
boolean isRegisteredUser = false;
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
System.out.println("Authorities......" + authorities);
// List<Role> roles = roleRepository.findRoleByPrivleges(authorities);
List<String> privleges = new ArrayList<>();
for (GrantedAuthority authority : authorities) {
// System.out.println("Authority = " + authority.getAuthority());
privleges.add(authority.getAuthority());
if (authority.getAuthority().equals("READ_USER")) {
isUser = true;
isAdmin = false;
isRegisteredUser = false;
break;
} else if (authority.getAuthority().equals("CREATE_USER")) {
isAdmin = true;
isUser = false;
isRegisteredUser = false;
break;
}
}
if (isUser) {
return "/spring-mvc/jk";
} else if (isAdmin) {
return "/spring-mvc/admin/adminHome.htm";
} else {
throw new IllegalStateException();
}
}
}
public class CustomAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
@Autowired
private AuthenticationFailureHandler authenticationFailureHandler;
@Autowired
private MessageSource messageResource;
@Autowired
private LocaleResolver localeResolver;
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
AuthenticationException exception) throws IOException, ServletException {
// setDefaultFailureUrl("/main?error=true");
// response.setStatus(HttpStatus.);
// super.onAuthenticationFailure(request, response, exception);
Locale locale = localeResolver.resolveLocale(request);
System.out.println("********************************************");
System.out.println(exception.getMessage() + " " + locale.getLanguage() + "_" + locale.getCountry());
System.out.println("********************************************");
String errorMessage = null;
if (exception.getMessage().equalsIgnoreCase("blocked")) {
errorMessage = messageResource.getMessage("auth.message.blocked", null, locale);
} else if (exception.getMessage().equalsIgnoreCase("User is disabled")) {
errorMessage = messageResource.getMessage("auth.message.disabled", null, locale);
} else if (exception.getMessage().equalsIgnoreCase("User account has expired")) {
errorMessage = messageResource.getMessage("auth.message.expired", null, locale);
} else {
errorMessage = messageResource.getMessage("message.badCredentials", null, locale);
}
System.out.println(errorMessage);
HttpSession session = null;
session = request.getSession();
/*
* HttpSession session = request.getSession(); try{ Exception e=
* (Exception)
* session.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
* System.out.println(e.getMessage());
* session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
* }catch(NullPointerException npe){ npe.printStackTrace(); }
*/
// session.setAttribute("errorMessage", errorMessage);
session.setAttribute(WebAttributes.AUTHENTICATION_EXCEPTION, errorMessage);
System.out.println(session.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION));
System.out.println("********************************************");
//response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
response.setHeader("errorMessage", errorMessage);
return;
//response.getWriter().flush();
// authenticationFailureHandler.onAuthenticationFailure(request,
// response, exception);
// request.setAttribute("errorMessage", errorMessage);
}
}
$(document).ready(function() {
$('#login').validate({
submitHandler : function(form, event) {
event.preventDefault();
$('#signInBtn').attr('disabled', true);
alert('submit handler for login');
var formdata = $('#login').serialize();
alert(formdata);
// $("#validation_sign_in_error").empty();
$.ajax({
type : 'POST',
url : '/spring-mvc/j_spring_security_check',
data : formdata,
beforeSend:function(xhr){
xhr.setRequestHeader("X-Ajax-Call","true");
},
success : function(response, status, jqXHR) {
// alert(status);alert(response);
// alert(jqXHR.status);
// alert( jqXHR.getResponseHeader("targetUrl"));
var targetUrl=jqXHR.getResponseHeader("targetUrl");
if(jqXHR.status==200 && targetUrl != null)
window.location=targetUrl;
if(jqXHR.getResponseHeader("errorMessage") != null){
// var springException = '${sessionScope.SPRING_SECURITY_LAST_EXCEPTION}';
// alert('Exception = ' +springException);
$("#validation_sign_in_error").empty();
$('#validation_sign_in_error').text(jqXHR.getResponseHeader("errorMessage"));
$("#validation_sign_in_error").show();
$('#signInBtn').attr('disabled', false);
}
}
});
}
});
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
Spring Security AJAX / JSON登录问题 - Spring Security AJAX / JSON Login Issues
向 spring 安全登录发送 ajax 请求 - send ajax request to spring security login
Spring Security Ajax登录被解释为常规登录请求(不是AJAX) - Spring Security ajax login interpreted as regular login request (not AJAX)
使用Spring Security和Ajax登录信息处理无效的用户/密码 - Handling invalid user/password using spring security and ajax login
Ajax登录系统的安全性 - Security with Ajax login system
Spring Security登录页面 - Spring Security Login Page
具有AJAX身份验证的Spring Security - Spring Security with AJAX authentication
当弹簧安全性为ajax URL启用时,重定向到Ajax Post Request上的Login页面 - Redirecting to Login page on Ajax Post Request when spring Security is Enable for ajax URL
春季安全登录表单重新提交 - Spring security login form resubmit
成功安装Spring Security后,如何回调AJAX成功函数? - How can I callback AJAX success function after successful Spring Security login?
相关标签