Rest call on expired session: HTTP 401 response causes browser to display login window

Question

I have written a HTML 5 application that uses AngularJS and interfaces with a Java REST backend running on Tomcat. I use Spring Security to handle login and security.

W

Answer 1

If you want to avoid changing the server and make it return WWW-Authenticate header for all other callers, you can change your client to send its request with X-Requested-With header with XMLHttpRequest value. By default, Spring Security will not to send WWW-Authenticate for such requests. (see Spring source)