handle session expired event in spring based web application

后端未结

关注

 1  1784

I am using Spring security feature in my application, but I found out that when the session expired, all the request ajax return the page login.jsp(not redirect, in http res

相关标签:

1条回答

猫巷女王i

2020-12-17 07:36

Use custom AuthenticationEntryPoint:

package com.example.spring.security
// imports here

public class AjaxAwareAuthenticationEntryPoint
     extends LoginUrlAuthenticationEntryPoint {

  public AjaxAwareAuthenticationEntryPoint(final String loginFormUrl) {
    super(loginFormUrl);
  }

  @Override
  public void commence(final HttpServletRequest request, final HttpServletResponse response, final AuthenticationException authException)
      throws IOException, ServletException {

    if ("XMLHttpRequest".equals(request.getHeader("X-Requested-With"))) {
      response.sendError(403, "Forbidden");
    } else {
      super.commence(request, response, authException);
    }
  }
}

Define a bean and use it as entry-point-ref in <http> element:

<http entry-point-ref="authenticationEntryPoint">
  <!-- more configuration here -->
</http>

<bean id="authenticationEntryPoint"
   class="com.example.spring.security.AjaxAwareAuthenticationEntryPoint">
 <constructor-arg value="/login.jsp"/>
</bean>

0 讨论(0)