我目前正在使用Spring Security 4.如果使用默认登录方法,一切正常。但是,在实践中,我需要使用Ajax方法登录。
弹簧security.xml文件
<http use-expressions="true" auto-config="true">
<intercept-url pattern="/resources/**" access="permitAll" />
<form-login
login-processing-url="/resources/login-processing"
default-target-url="http://127.0.0.1:57633/"
/>
<csrf request-matcher-ref="csrfSecurityRequestMatcher"/>
<!-- <csrf disabled="true" /> -->
</http>
在controllers
中,我使用@PreAuthorize
注释。在jQuery中,ajax请求如下:
$.ajax({
url:"http://localhost:8080/myapp/resources/login-processing",
data:{username:$("#inputLogin")[0].value,
password:$("#inputPassword")[0].value
},
method:"POST",
success: function(data, textStatus, request) {
console.log(request.getResponseHeader())
}
})
.done(function(data, textStatus, request) {
console.log(request.getResponseHeader("Set-Cookie"))
})
.error(function(error) {
console.log(error)
})
即使我设置了permitAll
,它仍然会响应以下响应头的403错误:
Access-Control-Allow-Headers:x-requested-with
Access-Control-Allow-Methods:POST, GET, OPTIONS, DELETE
Access-Control-Allow-Origin:*
Access-Control-Max-Age:3600
Cache-Control:no-cache, no-store, max-age=0, must-revalidate
Content-Language:en
Content-Length:1116
Content-Type:text/html;charset=utf-8
Date:Mon, 18 Apr 2016 02:07:26 GMT
Expires:0
Pragma:no-cache
Server:Apache-Coyote/1.1
Set-Cookie:JSESSIONID=974B1629ECE3EB289F35097C9E9D9FDC; Path=/cancercloud/; HttpOnly
X-Content-Type-Options:nosniff
X-Frame-Options:DENY
X-XSS-Protection:1; mode=block
如何配置Ajax登录?
答案 0 :(得分:0)
public class MySavedRequestAwareAuthenticationSuccessHandler extends
SimpleUrlAuthenticationSuccessHandler{
private RequestCache requestCache = new HttpSessionRequestCache();
public RequestCache getRequestCache() {
return requestCache;
}
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
Authentication authentication) throws IOException, ServletException {
SavedRequest savedRequest
= requestCache.getRequest(request, response);
response.setHeader("targetUrl", determineTargetUrl(authentication));
if (savedRequest == null) {
clearAuthenticationAttributes(request);
return;
}
String targetUrlParam = getTargetUrlParameter();
if (isAlwaysUseDefaultTargetUrl()
|| (targetUrlParam != null
&& StringUtils.hasText(request.getParameter(targetUrlParam)))) {
requestCache.removeRequest(request, response);
clearAuthenticationAttributes(request);
return;
}
clearAuthenticationAttributes(request);
}
public String determineTargetUrl(Authentication authentication) {
boolean isUser = false;
boolean isAdmin = false;
boolean isRegisteredUser = false;
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
System.out.println("Authorities......" + authorities);
// List<Role> roles = roleRepository.findRoleByPrivleges(authorities);
List<String> privleges = new ArrayList<>();
for (GrantedAuthority authority : authorities) {
// System.out.println("Authority = " + authority.getAuthority());
privleges.add(authority.getAuthority());
if (authority.getAuthority().equals("READ_USER")) {
isUser = true;
isAdmin = false;
isRegisteredUser = false;
break;
} else if (authority.getAuthority().equals("CREATE_USER")) {
isAdmin = true;
isUser = false;
isRegisteredUser = false;
break;
}
}
if (isUser) {
return "/spring-mvc/jk";
} else if (isAdmin) {
return "/spring-mvc/admin/adminHome.htm";
} else {
throw new IllegalStateException();
}
}
}
public class CustomAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
@Autowired
private AuthenticationFailureHandler authenticationFailureHandler;
@Autowired
private MessageSource messageResource;
@Autowired
private LocaleResolver localeResolver;
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
AuthenticationException exception) throws IOException, ServletException {
// setDefaultFailureUrl("/main?error=true");
// response.setStatus(HttpStatus.);
// super.onAuthenticationFailure(request, response, exception);
Locale locale = localeResolver.resolveLocale(request);
System.out.println("********************************************");
System.out.println(exception.getMessage() + " " + locale.getLanguage() + "_" + locale.getCountry());
System.out.println("********************************************");
String errorMessage = null;
if (exception.getMessage().equalsIgnoreCase("blocked")) {
errorMessage = messageResource.getMessage("auth.message.blocked", null, locale);
} else if (exception.getMessage().equalsIgnoreCase("User is disabled")) {
errorMessage = messageResource.getMessage("auth.message.disabled", null, locale);
} else if (exception.getMessage().equalsIgnoreCase("User account has expired")) {
errorMessage = messageResource.getMessage("auth.message.expired", null, locale);
} else {
errorMessage = messageResource.getMessage("message.badCredentials", null, locale);
}
System.out.println(errorMessage);
HttpSession session = null;
session = request.getSession();
/*
* HttpSession session = request.getSession(); try{ Exception e=
* (Exception)
* session.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
* System.out.println(e.getMessage());
* session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
* }catch(NullPointerException npe){ npe.printStackTrace(); }
*/
// session.setAttribute("errorMessage", errorMessage);
session.setAttribute(WebAttributes.AUTHENTICATION_EXCEPTION, errorMessage);
System.out.println(session.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION));
System.out.println("********************************************");
//response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
response.setHeader("errorMessage", errorMessage);
return;
//response.getWriter().flush();
// authenticationFailureHandler.onAuthenticationFailure(request,
// response, exception);
// request.setAttribute("errorMessage", errorMessage);
}
}
$(document).ready(function() {
$('#login').validate({
submitHandler : function(form, event) {
event.preventDefault();
$('#signInBtn').attr('disabled', true);
alert('submit handler for login');
var formdata = $('#login').serialize();
alert(formdata);
// $("#validation_sign_in_error").empty();
$.ajax({
type : 'POST',
url : '/spring-mvc/j_spring_security_check',
data : formdata,
beforeSend:function(xhr){
xhr.setRequestHeader("X-Ajax-Call","true");
},
success : function(response, status, jqXHR) {
// alert(status);alert(response);
// alert(jqXHR.status);
// alert( jqXHR.getResponseHeader("targetUrl"));
var targetUrl=jqXHR.getResponseHeader("targetUrl");
if(jqXHR.status==200 && targetUrl != null)
window.location=targetUrl;
if(jqXHR.getResponseHeader("errorMessage") != null){
// var springException = '${sessionScope.SPRING_SECURITY_LAST_EXCEPTION}';
// alert('Exception = ' +springException);
$("#validation_sign_in_error").empty();
$('#validation_sign_in_error').text(jqXHR.getResponseHeader("errorMessage"));
$("#validation_sign_in_error").show();
$('#signInBtn').attr('disabled', false);
}
}
});
}
});