堆栈内存溢出
  简体   繁体   English

会话过期后的 Ajax 调用未重定向到登录页面 - Spring Boot

[英]Ajax call after session expired not redirecting to login page - spring boot

 原文  2020-02-12 18:00:30       ajax/ spring-boot/ spring-security/ session-timeout

问题描述

I want to redirect to the login page if while doing an ajax call the session is expired.如果在执行 ajax 调用时会话已过期,我想重定向到登录页面。 I'm following the instructions on thislink to do that, but every time I do an ajax call with the session expired it returns the login page as part of the response instead of redirecting to the login page, this never fails and response always goes to success piece of the ajax call with readyState: 4 and status: 200 and this is giving me a jquery error because I'm expecting a list and it's returning the html code for the login page.我正在按照此链接上的说明执行此操作,但是每次我在会话已过期的情况下执行 ajax 调用时,它都会返回登录页面作为响应的一部分,而不是重定向到登录页面,这永远不会失败,响应总是会进行使用readyState: 4status: 200 success调用 ajax,这给了我一个 jquery 错误,因为我期待一个列表,它返回登录页面的 html 代码。

My code is as below:我的代码如下:

WebSecurityConfig.java网络安全配置文件

@Override
protected void configure(HttpSecurity http) throws Exception {      

    http.authorizeRequests()
            .antMatchers(URL_LOGIN, "/css/**", "/img/**").permitAll()
            .antMatchers("/admin/**").hasAnyAuthority(authorizedRolesAdmin)
            .antMatchers("/**").hasAnyAuthority(ArrayUtils.addAll(authorizedRolesUser, authorizedRolesAdmin))
                .and()
            .formLogin()
                .loginPage(URL_LOGIN)                   
                .defaultSuccessUrl("/", true)               
                .failureUrl(URL_LOGIN_FAILED)
                .permitAll()
                .and()
            .logout()                   
                .logoutSuccessUrl(URL_LOGOUT)
                .deleteCookies("JSESSIONID")
                .invalidateHttpSession(true)
                .permitAll()
                .and()
            .exceptionHandling()                
                .accessDeniedPage(URL_LOGIN_UNAUTHORIZED)
                .authenticationEntryPoint(new AjaxAwareAuthenticationEntryPoint(URL_LOGIN))
                .and()
            .sessionManagement()
                .maximumSessions(1)
                .expiredUrl(URL_LOGOUT)
                .and()
                .invalidSessionUrl(URL_LOGOUT);
}

AjaxAwareAuthenticationEntryPoint.java AjaxAwareAuthenticationEntryPoint.java

public class AjaxAwareAuthenticationEntryPoint extends LoginUrlAuthenticationEntryPoint {

    public AjaxAwareAuthenticationEntryPoint(String loginFormUrl) {
        super(loginFormUrl);        
    }

    @Override
    public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException {
        String ajaxHeader = request.getHeader("X-Requested-With");
        if ("XMLHttpRequest".equals(ajaxHeader)) {
            response.sendError(HttpServletResponse.SC_FORBIDDEN, "Ajax Request Denied (Session Expired)");
        } else {
            super.commence(request, response, authException);
        }
    }

}

While debugging after session expired, I noticed that it doesn't even enter to: AjaxAwareAuthenticationEntryPoint java class commence method.在会话过期后调试时,我注意到它甚至没有进入: AjaxAwareAuthenticationEntryPoint java 类commence方法。

What I'm missing here?我在这里缺少什么?

1 个解决方案

解决方案1
 0  2020-12-22 22:39:46

I know, that it is probably too late for the answer, but anyway the code you've attached helped me to resolve the absolutely same issue.我知道,答案可能为时已晚,但无论如何,您附加的代码帮助我解决了完全相同的问题。 To be honest, I don't see any issues in your code that makes it not to enter to the AjaxAwareAuthenticationEntryPoint, only may be you have some other configs behind the scene.老实说,我没有看到您的代码中有任何问题导致无法进入 AjaxAwareAuthenticationEntryPoint,可能只是您在幕后还有其他一些配置。 But anyway, let my answer be an example for everyone, who struggles with the same issue, cause for me it works fine, and returns 403 if session is expired.但无论如何,让我的回答成为每个人的例子,他们在同一个问题上挣扎,对我来说它工作正常,如果会话过期则返回 403。 I am using Spring Boot v2.3.5 and this is my code:我正在使用 Spring Boot v2.3.5,这是我的代码:

AjaxAwareAuthenticationEntryPoint.java AjaxAwareAuthenticationEntryPoint.java

public class AjaxAwareAuthenticationEntryPoint extends LoginUrlAuthenticationEntryPoint {

public AjaxAwareAuthenticationEntryPoint(String loginFormUrl) {
    super(loginFormUrl);
}

@Override
public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException {
    String ajaxHeader = ((HttpServletRequest) request).getHeader("X-Requested-With");
    if ("XMLHttpRequest".equals(ajaxHeader)) {
        response.sendError(HttpServletResponse.SC_FORBIDDEN, "Ajax Request Denied (Session Expired)");
    } else {
        super.commence(request, response, authException);
    }
}

} }

WebSecurityConfig.java网络安全配置文件

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private AuthenticationFailureHandler authenticationFailureHandler;

    @Autowired
    private AccessDeniedHandler accessDeniedHandler;

    @Override
    protected void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity
                .csrf()
                .disable()
                .authorizeRequests()
                .antMatchers("/").permitAll()
                .antMatchers("/login").permitAll()
                .antMatchers("/registration*").permitAll()
                .antMatchers("/admin/**").hasAuthority("ADMIN")
                .anyRequest().authenticated()
                .and()
                .formLogin()
                .loginPage("/login")
                .failureUrl("/login?error=true")
                .defaultSuccessUrl("/admin", true)
                .failureHandler(authenticationFailureHandler)
                .and()
                .logout()
                .invalidateHttpSession(true)
                .clearAuthentication(true)
                .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
                .logoutSuccessUrl("/login")
                .and()
                .exceptionHandling()
                .accessDeniedHandler(accessDeniedHandler)
                .and()
                .exceptionHandling()
                .authenticationEntryPoint(new AjaxAwareAuthenticationEntryPoint("/login"));
    }

   

}

and inside my main.js where I have some jquery ajax calls I have this:在我的main.js 中,我有一些 jquery ajax 调用,我有这个:

$(document).ajaxError(function myErrorHandler(event, xhr, ajaxOptions, thrownError) {
        if (xhr.status == 403) {
            window.location.href ="/login";
        }
    });

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 当ajax调用中的会话过期时,避免显示登录页面 - Avoid showing login page when session is expired in ajax call 基于Ajax的应用程序,并希望在会话过期后重定向到登录页面 - Ajax based application and want to redirect to login page after session expired 使用AJAX会话过期后,页面未重定向到登录页面 - Page is not redirecting to login page after session expire using AJAX 会话过期后重定向到登录页面 - redirect to the login page after session expired Ajax调用Spring Boot Controller重定向视图 - Ajax call to spring boot controller to redirecting a view Laravel:在会话在ajax请求上过期后重定向到登录 - Laravel: Redirect to login after session has expired on ajax request 如果会话不存在,则Codeigniter Ajax函数不会重定向到登录页面 - Codeigniter ajax function not redirecting to login page if session does not exists 如果未设置$ _SESSION,则在ajax调用后重定向到登录 - Redirect to login after ajax call if $_SESSION not set 如果spring security session超时,如何在尝试执行ajax请求后将用户重定向到登录页面? - How redirect user to login page after try to execute ajax request if spring security session is timeout? 如果会话过期,如何移动到登录页面 - how to move to login page if session is expired
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM