您好我将此配置用于Spring Security:
<http auto-config="true" use-expressions="true">
<session-management>
<concurrency-control max-sessions="1" />
</session-management>
<form-login login-page="/login" login-processing-url="/resources/j_spring_security_check" authentication-failure-url="/login?login_error=t"/>
<logout logout-url="/resources/j_spring_security_logout"/>
<intercept-url pattern="/resources/**" access="permitAll" />
<intercept-url pattern="/login" access="permitAll" />
<intercept-url pattern="/**" access="isAuthenticated()" />
</http>
如果我的标头请求中的Http Error Code为401,我需要返回Content-Type application/json;,否则我想重定向到登录页面。
但是使用此配置,无论请求内容类型如何,我都会被重定向到带有302响应代码的登录网址。
有办法吗?
修改 我只想使用一个servlet来处理html和json,所以我试试这个:
@Component
public class CustomEntryPoint extends LoginUrlAuthenticationEntryPoint {
private final Logger log = LoggerFactory.getLogger(CustomEntryPoint.class);
public CustomEntryPoint(String loginFormUrl) {
super(loginFormUrl);
}
@Override
public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException)
throws IOException, ServletException {
if(request.getContentType() != null && request.getContentType().equals("application/json")) {
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Access Denied");
}else {
super.commence(request, response, authException);
}
}
}
这是我的新安全配置:
<http auto-config="true" use-expressions="true" entry-point-ref="customEntryPoint">
<session-management>
<concurrency-control max-sessions="1" />
</session-management>
<form-login login-page="/login" login-processing-url="/resources/j_spring_security_check" authentication-failure-url="/login?login_error=t"/>
<logout logout-url="/resources/j_spring_security_logout"/>
<intercept-url pattern="/resources/**" access="permitAll" />
<intercept-url pattern="/login" access="permitAll" />
<intercept-url pattern="/**" access="isAuthenticated()" />
</http>
<beans:bean id="customEntryPoint" class="x.x.CustomEntryPoint">
<beans:constructor-arg value="/login"/>
</beans:bean>
你怎么看?这是一种正确的方法,或者你知道更好的方法吗?
谢谢
答案 0 :(得分:7)
我这样解决了:
public class CustomEntryPoint extends LoginUrlAuthenticationEntryPoint {
private static final String XML_HTTP_REQUEST = "XMLHttpRequest";
private static final String X_REQUESTED_WITH = "X-Requested-With";
public CustomEntryPoint(String loginFormUrl) {
super(loginFormUrl);
}
@Override
public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception)
throws IOException, ServletException {
if (XML_HTTP_REQUEST.equals(request.getHeader(X_REQUESTED_WITH))) {
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
} else {
super.commence(request, response, exception);
}
}
}
安全配置是:
<http auto-config="true" use-expressions="true" entry-point-ref="customEntryPoint">
<session-management>
<concurrency-control max-sessions="1" />
</session-management>
<form-login login-page="/login" login-processing-url="/resources/j_spring_security_check" authentication-failure-url="/login?login_error=t"/>
<logout logout-url="/resources/j_spring_security_logout"/>
<intercept-url pattern="/resources/**" access="permitAll" />
<intercept-url pattern="/login" access="permitAll" />
<intercept-url pattern="/**" access="isAuthenticated()" />
</http>
<beans:bean id="customEntryPoint" class="x.x.CustomEntryPoint">
<beans:constructor-arg value="/login"/>
</beans:bean>