会话过期后,Spring Boot 安全性不会重定向
[英]Spring boot security does not redirect after session expires
问题描述
I have been using spring boot, with spring security and Ext Js as frontend.
我一直在使用 spring boot,以 spring security 和 Ext Js 作为前端。 I added this piece of code as configuration for spring security.我添加了这段代码作为 spring 安全的配置。 It means that, when the session expires the user will be redirected to the referenced url, right?这意味着,当会话过期时,用户将被重定向到引用的 url,对吗?
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().and()
.authorizeRequests().antMatchers("/", "/login/**").permitAll().and()
.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.loginProcessingUrl("/userAuth")
.permitAll()
.and()
.logout()
.permitAll()
.and()
.authorizeRequests()
.antMatchers(HttpMethod.POST, "/**").permitAll();
http.csrf().disable();
http.headers().frameOptions().disable();
http.sessionManagement().maximumSessions(1).expiredUrl("/login?logout");
}
Everytime my frontend sends an ajax request to spring, and the user has lost session, spring turns the request into a get request to /login?logout, as to be expected, but the page does not get redirected.每次我的前端向 spring 发送 ajax 请求,并且用户丢失会话时,spring 会将请求转换为对 /login?logout 的 get 请求,正如预期的那样,但页面没有被重定向。 All I can see is the login page on the response content of the request, without any effect on the page the user is seeing.我只能看到请求响应内容上的登录页面,对用户看到的页面没有任何影响。
Why does this happen?为什么会发生这种情况? Am I missing any configuration or implementation here?我在这里缺少任何配置或实现吗?
EDIT: Here is what my Ext Js for the AJAX request looks like:编辑:这是我的 AJAX 请求的 Ext Js 的样子:
onAuthCheck: function (users) {
var result = Ext.Ajax.request({
url: '/Queue/requests/loginCheck',
method: 'POST',
async: false,
params: {
usersInfo: Ext.encode(users)
},
success: function (conn, response, options, eOpts) {
console.log(response)
console.log(conn.status);
if (conn.status === 401 || conn.status === 302) {
location.href='/login?logout';
}
},
failure: function (conn, response, options, eOpts) {
console.log(response)
console.log(conn.status)
if (conn.status === 401 || conn.status === 302) {
location.href='/login?logout';
}
}
})
return (Ext.JSON.decode(result.responseText, true).success);
},
EDIT2: Here is what my request looks like: It has a request with status 302, and still Im getting 200 status on my AJAX response on JS code. EDIT2:这是我的请求的样子:它有一个状态为 302 的请求,但我仍然在 JS 代码的 AJAX 响应中获得 200 状态。
2 个解决方案
解决方案1
1 2019-05-15 14:35:22
Short and simple Answer:简短而简单的答案:
Because you are submitting your request by AJAX, the Response is not "affecting" your current loaded page.由于您通过 AJAX 提交请求,因此响应不会“影响”您当前加载的页面。
To be more precise:更准确地说:
Most Browser (all i know) only redirect (respect the location header), if an HTTP Redirect Code (301, 302, 303) is found in the response header.如果在响应标头中找到 HTTP 重定向代码(301、302、303),则大多数浏览器(我所知道的)仅重定向(尊重位置标头)。 So technically, if spring would send an 302 http status code along with the authentication url, the browser would switch the location.所以从技术上讲,如果 spring 将 302 http 状态代码与身份验证 url 一起发送,浏览器将切换位置。
As far as i know, Spring sends a 302 IF it is a GET-Request据我所知,如果它是一个GET 请求,Spring 会发送一个 302
A simple Solution:一个简单的解决方案:
This is one way to go by Javascript and JQuery: Check the result of your ajax response.这是 Javascript 和 JQuery 的一种方法:检查 ajax 响应的结果。 (This is just an example to give you a direction, there will be more solutions. (这只是给你一个方向的例子,会有更多的解决方案。
$.ajax({
type: 'POST',
url: '/url',
success: function (result, status) {
if (result.status === 401) {
location.href='/login?logout';
}
}
});
解决方案2
0 2021-04-27 10:25:06
You can write this function, it will be fired everytime an ajax request is called.您可以编写此函数,每次调用 ajax 请求时都会触发它。
$(document).ajaxComplete(function(result, status) {
if(status.status == 401){
location.href = "/login?logout";
}
});
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.