SpringSecurity with JQuery AJAX - Handle Session Timeout

SpringSecurity with JQuery AJAX - Handle Session Timeout

1. Simple But not Best Solution
<script type="text/javascript"   src="http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js"></script>
<script src="../resources/components/json/json2.js"></script>
<script type="text/javascript">

$(function() {

$("#GetAjax").click(function() {
    var theId = $.trim($("#theId").val());
    $.ajax({
          type: "GET",
          url: "../service/person/" + theId,
          contentType: "application/json",
          cache: false,
          success: onSuccess
    });
});

function onSuccess(data,status)
{
if (HasErrors(data)){
return;
}
    $("#resultLog").html("Result: " + data.personName + " status:" + status);
}

});

function HasErrors(data) {
var data_str = JSON.stringify(data);
alert(data_str);
// check for redirect to login page
if (data_str.search(/j_spring_security_check/i) != -1) {
top.location.href = './openidlogin.jsp';
    return true;
}
// check for IIS error page
if (data_str.search(/Internal Server Error/) != -1) {
    alert('Server Error.');
    return true;
}
// check for our custom error handling page
if (data_str.search(/Error.jsp/) != -1) {
    alert('An error occurred on the server. The Technical Support Team has been provided with the error details.');
    return true;
}
return false;
}

</script>

But this solution is not good.

2. Better Way to Handle this with Spring Security Server Side
Spring Configuration Changes
<security:http access-denied-page="/denied.jsp" use-expressions="true" entry-point-ref="authenticationProcessingFilterEntryPoint">

<bean id="authenticationProcessingFilterEntryPoint"  class="com.sillycat.easyopenidgoogle.security.AjaxAwareAuthenticationEntryPoint">
        <property name="loginFormUrl" value="/openidlogin.jsp"/>
        <property name="forceHttps" value="false"/>
</bean>

The customized Java class is as follow:
package com.sillycat.easyopenidgoogle.security;

import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;

public class AjaxAwareAuthenticationEntryPoint extends
LoginUrlAuthenticationEntryPoint {

private final Log log = LogFactory.getLog(this.getClass());

public void commence(HttpServletRequest request,
HttpServletResponse response, AuthenticationException authException)
throws IOException, ServletException {
if (request.getHeader("X-AjaxRequest") != null
&& request.getHeader("X-AjaxRequest").equals("1")) {
((HttpServletResponse) response).sendError(403, "");
log.debug("Ajax parameter: " + request.getHeader("X-AjaxRequest"));
} else {
super.commence(request, response, authException);
log.debug("Ajax parameter: " + request.getHeader("X-AjaxRequest"));
}
}

}

And our AJAX client codes will be as follow:
    $.ajax({
          type: "GET",
          url: "../service/person/" + theId,
          'beforeSend': function(data) {
                data.setRequestHeader("X-AjaxRequest", "1");
          },
          contentType: "application/json",
          cache: false,
          success: onSuccess,
          complete: function(data) {
              //alert(data + " " + data.status);
          if (data.status == 403) {
                    window.location.reload();
              }
          }
    });

references:
http://forum.springsource.org/showthread.php?95881-Ajax-request-session-timeout
http://forum.springsource.org/showthread.php?85088-Spring-security-session-timeout-and-JQuery
http://stackoverflow.com/questions/3339431/how-to-handle-expired-session-using-spring-security-and-jquery
http://blog.csdn.net/foamflower/article/details/5802743

http://cyr520.blog.51cto.com/714067/759731

你可能感兴趣的:(SpringSecurity)