Dec 17th, 2010, 01:59 PM
How to verify Ajax method authentication with Spring Security
Sometimes my users leave their window open until their session times out. However, if they try to click a link that makes an ajax call, I'm having problems handling the response when their session is expired.
They visually don't know they're not logged in. The app framework is Spring using Spring Security. The ajax call fires the method but it re-directs to the login page because they are not logged in. so the login page is getting returned as the response instead of JSON. The controller never even executes so I can't inject another response.
But I'm worried about making the ajax method unsecure.
Dec 17th, 2010, 04:06 PM
You can create a DelegatingAuthenticationEntryPoint with a mapping of a RequestMatcher that matches your ajax requests to a custom AuthenticationEntryPoint that signals to the js code that login is required. The default AuthenticationEntryPoint could be an instance of LoginUrlAuthenticationEntryPoint.
Dec 29th, 2010, 05:21 PM
Thanks for the reply.
Unfortunately, my app is using Spring Security 2.0.4
Dec 29th, 2010, 05:33 PM
The source is available, so you can always provide the implementation yourself.
Tags for this Thread