1. Zuhause
  2. Frage und Antwort
  3. Spring Security Ajax Anmelden

Spring Security Ajax Anmelden

2016-04-18 12 views
0

Ich arbeite gerade an Spring Security 4. Alles funktioniert gut, wenn Sie Standard-Login-Methode verwenden. In der Praxis muss ich mich jedoch mit der Ajax-Methode anmelden.Spring Security Ajax Anmelden

feder security.xml

<http use-expressions="true" auto-config="true"> 
    <intercept-url pattern="/resources/**" access="permitAll" /> 
    <form-login 
     login-processing-url="/resources/login-processing" 
     default-target-url="http://127.0.0.1:57633/" 
    /> 
    <csrf request-matcher-ref="csrfSecurityRequestMatcher"/> 
    <!-- <csrf disabled="true" /> --> 
</http>

Im controllers verwende ich @PreAuthorize Anmerkung. In jQuery ist die Ajax-Anforderung wie folgt:

$.ajax({ 
     url:"http://localhost:8080/myapp/resources/login-processing", 
     data:{username:$("#inputLogin")[0].value, 
       password:$("#inputPassword")[0].value 
      }, 
     method:"POST", 
     success: function(data, textStatus, request) { 
      console.log(request.getResponseHeader()) 
     } 
    }) 
    .done(function(data, textStatus, request) { 
     console.log(request.getResponseHeader("Set-Cookie")) 
    }) 
    .error(function(error) { 
     console.log(error) 
    })

Auch wenn ich gesetzt permitAll, ist es noch Antwort 403-Fehler mit den folgenden Antwort-Header:

Access-Control-Allow-Headers:x-requested-with 
Access-Control-Allow-Methods:POST, GET, OPTIONS, DELETE 
Access-Control-Allow-Origin:* 
Access-Control-Max-Age:3600 
Cache-Control:no-cache, no-store, max-age=0, must-revalidate 
Content-Language:en 
Content-Length:1116 
Content-Type:text/html;charset=utf-8 
Date:Mon, 18 Apr 2016 02:07:26 GMT 
Expires:0 
Pragma:no-cache 
Server:Apache-Coyote/1.1 
Set-Cookie:JSESSIONID=974B1629ECE3EB289F35097C9E9D9FDC; Path=/cancercloud/; HttpOnly 
X-Content-Type-Options:nosniff 
X-Frame-Options:DENY 
X-XSS-Protection:1; mode=block

Was soll ich tun, Ajax Login konfigurieren?

Quelle

2016-04-18 Steven Luo

+0

Benutzername oder Passwort möglicherweise falsch? versuche hartcodiert. Haben Sie versucht, "http: // localhost: 8080/myapp/resources/login-processing" in den Namen des Servlets zu ändern? – Gero

+0

Bitte csrf auch in Ajax enthalten – FreezY

Antwort

0 
public class MySavedRequestAwareAuthenticationSuccessHandler extends 
     SimpleUrlAuthenticationSuccessHandler{ 
     private RequestCache requestCache = new HttpSessionRequestCache(); 

     public RequestCache getRequestCache() { 
      return requestCache; 
     } 

     @Override 
     public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, 
       Authentication authentication) throws IOException, ServletException { 
      SavedRequest savedRequest 
      = requestCache.getRequest(request, response); 

      response.setHeader("targetUrl", determineTargetUrl(authentication)); 
      if (savedRequest == null) { 
       clearAuthenticationAttributes(request); 
       return; 
      } 
      String targetUrlParam = getTargetUrlParameter(); 
      if (isAlwaysUseDefaultTargetUrl() 
      || (targetUrlParam != null 
      && StringUtils.hasText(request.getParameter(targetUrlParam)))) { 
       requestCache.removeRequest(request, response); 
       clearAuthenticationAttributes(request); 
       return; 
      } 

      clearAuthenticationAttributes(request); 
     } 

     public String determineTargetUrl(Authentication authentication) { 
      boolean isUser = false; 
      boolean isAdmin = false; 
      boolean isRegisteredUser = false; 

      Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities(); 
      System.out.println("Authorities......" + authorities); 
      // List<Role> roles = roleRepository.findRoleByPrivleges(authorities); 
      List<String> privleges = new ArrayList<>(); 
      for (GrantedAuthority authority : authorities) { 

       // System.out.println("Authority = " + authority.getAuthority()); 
       privleges.add(authority.getAuthority()); 
       if (authority.getAuthority().equals("READ_USER")) { 
        isUser = true; 
        isAdmin = false; 
        isRegisteredUser = false; 
        break; 
       } else if (authority.getAuthority().equals("CREATE_USER")) { 

        isAdmin = true; 
        isUser = false; 
        isRegisteredUser = false; 
        break; 
       } 
      } 

      if (isUser) { 
       return "/spring-mvc/jk"; 
      } else if (isAdmin) { 
       return "/spring-mvc/admin/adminHome.htm"; 
      } else { 
       throw new IllegalStateException(); 
      } 
     } 

    } 
public class CustomAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler { 
    @Autowired 
    private AuthenticationFailureHandler authenticationFailureHandler; 

    @Autowired 
    private MessageSource messageResource; 

    @Autowired 
    private LocaleResolver localeResolver; 

    @Override 
    public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, 
      AuthenticationException exception) throws IOException, ServletException { 
     // setDefaultFailureUrl("/main?error=true"); 
     // response.setStatus(HttpStatus.); 
     // super.onAuthenticationFailure(request, response, exception); 

     Locale locale = localeResolver.resolveLocale(request); 

     System.out.println("********************************************"); 
     System.out.println(exception.getMessage() + " " + locale.getLanguage() + "_" + locale.getCountry()); 
     System.out.println("********************************************"); 

     String errorMessage = null; 
     if (exception.getMessage().equalsIgnoreCase("blocked")) { 
      errorMessage = messageResource.getMessage("auth.message.blocked", null, locale); 
     } else if (exception.getMessage().equalsIgnoreCase("User is disabled")) { 
      errorMessage = messageResource.getMessage("auth.message.disabled", null, locale); 
     } else if (exception.getMessage().equalsIgnoreCase("User account has expired")) { 
      errorMessage = messageResource.getMessage("auth.message.expired", null, locale); 
     } else { 
      errorMessage = messageResource.getMessage("message.badCredentials", null, locale); 
     } 

     System.out.println(errorMessage); 
     HttpSession session = null; 
     session = request.getSession(); 

     /* 
     * HttpSession session = request.getSession(); try{ Exception e= 
     * (Exception) 
     * session.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION); 
     * System.out.println(e.getMessage()); 
     * session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION); 
     * }catch(NullPointerException npe){ npe.printStackTrace(); } 
     */ 
     // session.setAttribute("errorMessage", errorMessage); 
     session.setAttribute(WebAttributes.AUTHENTICATION_EXCEPTION, errorMessage); 
     System.out.println(session.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION)); 
     System.out.println("********************************************"); 
     //response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); 
     response.setHeader("errorMessage", errorMessage); 
     return; 
     //response.getWriter().flush(); 

     // authenticationFailureHandler.onAuthenticationFailure(request, 
     // response, exception); 
     // request.setAttribute("errorMessage", errorMessage); 

    } 

} 


    $(document).ready(function() { 

      $('#login').validate({ 

       submitHandler : function(form, event) { 
        event.preventDefault(); 
        $('#signInBtn').attr('disabled', true); 
        alert('submit handler for login'); 
        var formdata = $('#login').serialize(); 
        alert(formdata); 
       // $("#validation_sign_in_error").empty(); 
        $.ajax({ 
         type : 'POST', 
         url : '/spring-mvc/j_spring_security_check', 
         data : formdata, 
         beforeSend:function(xhr){ 
          xhr.setRequestHeader("X-Ajax-Call","true"); 
         }, 
         success : function(response, status, jqXHR) { 
       //   alert(status);alert(response); 
      //  alert(jqXHR.status); 
       // alert(jqXHR.getResponseHeader("targetUrl")); 
        var targetUrl=jqXHR.getResponseHeader("targetUrl"); 
        if(jqXHR.status==200 && targetUrl != null) 
         window.location=targetUrl; 

        if(jqXHR.getResponseHeader("errorMessage") != null){ 
         //  var springException = '${sessionScope.SPRING_SECURITY_LAST_EXCEPTION}'; 
          //  alert('Exception = ' +springException); 
          $("#validation_sign_in_error").empty(); 
          $('#validation_sign_in_error').text(jqXHR.getResponseHeader("errorMessage")); 
          $("#validation_sign_in_error").show(); 
          $('#signInBtn').attr('disabled', false); 
        } 

         } 
        }); 
       } 
      });

Quelle

2017-05-17 06:01:40 Sandy

Verwandte Themen

 Verwandte Themen