检测ajax调用上的身份验证异常

时间:2014-07-24 05:03:41

标签: jquery ajax spring spring-mvc spring-security

我正在开发一个具有spring-mvc和spring security的应用程序。

我在视图层使用这个小脚本,以便用我的控制器返回的html数据填充页面内的div

$.ajax({
    type : 'GET',
    url : $("#"+ event.args.element.id+ "Url").val(),
    dataType : 'html',
    success : function(data){
        $("#ContentPanel").html(data);
    },
    error : function(XMLHttpRequest, textStatus, errorThrown) {
        alert("Error!!!");
    }
});

但是如果用户未经过身份验证(例如因为会话过期),则会使用登录页面中的html填充div。如何避免它,让spring将这样的错误信息提供给视图中的脚本?

这是我的spring安全配置:

<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
                    http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd">

<http auto-config="true" use-expressions="true">
    <session-management>
        <concurrency-control max-sessions="1" />
    </session-management>

    <form-login 
        login-page="/login" 
        login-processing-url="/resources/j_spring_security_check"  
        authentication-failure-url="/login?login_error=t"/>
    <logout logout-url="/resources/j_spring_security_logout"/>

    <intercept-url pattern="/resources/**" access="permitAll" />
    <intercept-url pattern="/login" access="permitAll" />

    <intercept-url pattern="/url1**" access="hasRole('ROLE_ADMIN')" />
    <intercept-url pattern="/url2/**" access="hasRole('ROLE_ADMIN')" />

    <intercept-url pattern="/**" access="isAuthenticated()" />
</http>

<beans:bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
    <beans:property name="userDetailsService" ref="userDetailsService" />
</beans:bean>

<beans:bean id="authenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
    <beans:property name="userDetailsService" ref="userDetailsService" />
</beans:bean>

<beans:bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager">
    <beans:constructor-arg>
        <beans:ref bean="authenticationProvider"/>
    </beans:constructor-arg>
</beans:bean>

<beans:bean id="userDetailsService" class="it.cpmapave.fgas.aziende.service.jpa.UserDetailsServiceImpl" />

<authentication-manager>
    <authentication-provider user-service-ref="userDetailsService">
        <password-encoder hash="sha-256"/>
    </authentication-provider>
</authentication-manager>



<global-method-security pre-post-annotations="enabled" />

感谢任何提示!

1 个答案:

答案 0 :(得分:0)

您需要在错误授权后检测401或404 Spring返回403资源不可访问

       $.ajax({
       type : "GET",
       url : url,
       statusCode : {

       200 : function() {
          alert("Successfull access.");
       },
       401 : function() {
          alert("Unauthorised access.");
       },

       403 : function() {
          alert("Forbidden resouce can't be accessed");
       }
       });

       };

在任何情况下,如果您在Spring安全性上定义了一个表单,您可以告诉表单哪个页面必须以防万一或登录失败。

              <form-login
                login-processing-url="/doLogin.do"
                login-page="/login.do"
                username-parameter="username"
                password-parameter="password"
                default-target-url="/foo.do"
                authentication-failure-handler-ref="simpleUrlAuthenticationFailureHandler"
            />
相关问题
最新问题