问题
We have a Vaadin 14 (Flow) application which is fronted by an Apache reverse proxy that integrates with Gluu for authentication.
When the session is not valid anymore, either because of session timeout or a logout in another browser tab/window, the Apache server will send a redirect to the Gluu server to let the user log in again. However when this happens for an internal Vaadin XHR call (Ajax request), Vaadin does not seem to handle this response very well, and shows an "Invalid JSON response from server" error.
What I want is either for Vaadin to set the browser location to the URL indicated in the redirect, or refresh the page (maybe with a confirmation message between) in which case the browser will nicely follow the redirect. How can this be achieved, or what other options are there?
回答1:
If the XHR response cannot be parsed as JSON, Vaadin will look for a Vaadin-Refresh string anywhere inside the response text. If it's present, then Vaadin will reload the page instead of showing an error message. Optionally, you can use the format Vaadin-Refresh: <url> which will make Vaadin redirect to <url> rather than reloading the current location.
You can configure Gluu to include this string as e.g. a HTML comment in the response that sent when the user needs to log in.
来源:https://stackoverflow.com/questions/60377408/how-to-handle-sso-redirect-in-vaadin-14