Spring security and ajax/json

**fawzyj** · Mar 20th, 2011, 08:22 PM

Hi
i have an application which is ajax heavy...
actually all the interaction with the server done via json messages, from spring mvc @Controller web layer
the question is :
how to make spring security communicate with my front end via json? instead of http redirect
for example, in the default case... when spring security think that this user need authentication.. it redirect him to a login page
how to make it send a json message to the web page to let the page fire a custom login dialog
the same for authorization... in any error , a redirect happen... how to recieve this as a message
OR where to plug the code to captute these events to send these messages

thanks
Joe

**Rob Winch** · Mar 20th, 2011, 10:44 PM

Have you seen Matt Raible's blog post on this? I think it might help you out.

**fawzyj** · Mar 22nd, 2011, 06:40 PM

i found this post on stackoverflow
http://stackoverflow.com/questions/3...pring-security
this is good for the login part (authentication)
But how can i get authorization errors

Thanks
Joe

**blaine** · Mar 22nd, 2011, 07:31 PM

Originally Posted by fawzyj

i found this post on stackoverflow
http://stackoverflow.com/questions/3...pring-security
this is good for the login part (authentication)
But how can i get authorization errors

Thanks
Joe

Examine the the response in your Ajax callbacks. Pretty easy to return a JSON object that can accommodate any kind of details that you need. For example, a recent app of mine returns the input error location row and column in submitted input, error message, and different details if there was success.

For live sample, you can go to http://admc.com/jcreole/wiki.jsp, click on the auto-preview button, and enter an illegal Creole element like "<<bad>>" into the editor.

**fawzyj** · Mar 22nd, 2011, 08:21 PM

Hey, what is the extension point? i.e. what to extend/implement/override to catch authorization errors in custom class and disable the default redirect behavior , then i can generate the json and send it back

Thanks
Joe

**blaine** · Mar 22nd, 2011, 08:44 PM

Originally Posted by fawzyj

Hey, what is the extension point? i.e. what to extend/implement/override to catch authorization errors in custom class and disable the default redirect behavior , then i can generate the json and send it back

Thanks
Joe

I don't know how you are implementing authentication, because I'm not going to take the time to read the previous text in this thread and follow the links, etc. I attempted to answer what I though was a remnant question. So, it depends on how you are doing it, but one possibility would be to set the authentication authentication-failure-url to your servlet which will read the exception which is stored as attribute value for key SPRINGSECURITY_LAST_EXCEPTION.

Thread: Spring security and ajax/json

Thread Tools

Display

Spring security and ajax/json

Posting Permissions