我正在尝试调用我的 Spring-MVC 控制器,该控制器将负责使用 Spring 安全性继续使用登录/授权机制。
这是要求
- Spring security 需要有来自 HTTPS 的请求,否则会抛出错误。
我按照以下教程完成了这个/implementing_ajax_authentication_using_jquery。
这是我的一段 Jquery 代码
jQuery("#loginForm").submit(function(e) {
e.preventDefault();
jQuery.ajax({
url: "https://localhost:9002/myApp/springSecurity/login.json",
beforeSend: function(xhr) {
xhr.withCredentials = true;
},
type: "POST",
data: jQuery("#loginForm").serialize(),
dataType: 'application/json',
success: function(data, status) {
if (data.loggedIn) {
// location.href = getHost() + '${ctx}/users';
//login_pannel
alert("jai ho");
} else {
loginFailed(data);
}
},
error: loginFailed
});
});
为了处理跨域问题,我创建了一个过滤器并将其放在我的 web.xml 中,并带有以下条目
response.setHeader("Access-Control-Allow-Origin", "http://" + req.getServerName());
response.setHeader("Access-Control-Allow-Methods", "GET,POST");
response.setHeader("Access-Control-Max-Age", "360");
response.setHeader("Access-Control-Allow-Headers", "x-requested-with");
response.setHeader("Access-Control-Allow-Credentials", "true");
弹簧控制器
@RequestMapping(method = RequestMethod.POST)
@ResponseBody
public SpringSecurityLoginStatus login(@RequestParam("j_username") final String username,
@RequestParam("j_password") final String password, final HttpServletRequest request, final HttpServletResponse response)
{
LOG.info("Starting login process");
return springSecurityLoginService.login(username, password, request, response);
}
但是我遇到了一个奇怪的问题,当我点击提交按钮时,浏览器正在向安全 URL 发送请求,https://localhost:9002/myApp/springSecurity/login.json但我的控制器方法从未被调用,实际上这是我在 Mozilla 错误控制台中看到的错误
查看控制台后,浏览器似乎再次使用 GET 方法调用,这似乎是一个重定向。
我不确定为什么会发生这种情况以及为什么浏览器使用 GET 请求静默地从 HTTPS 重定向到 HTTP
这是 Mozila 网络面板的输出
响应标头view source
Access-Control-Allow-Cred... true
Access-Control-Allow-Head... x-requested-with
Access-Control-Allow-Meth... GET,POST
Access-Control-Allow-Orig... https://localhost
Access-Control-Max-Age 360
Content-Length 0
Date Thu, 14 Jun 2012 11:12:36 GMT
Location http://localhost:9001/myapp/springSecurity/login.json
Server Apache-Coyote/1.1
Set-Cookie _system.tenantID_=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Request Headersview source
Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding gzip, deflate
Accept-Language en-us,en;q=0.5
Connection keep-alive
Cookie JSESSIONID=26BEEB7DC056D2A5F08D107E3D4BCDDB; __atuvc=4|22; secureGUID=60be684d748027c1f567eadead08f28771ab7d25; JSESSIONID=4E2300220697C799AF4539ABCB9108DD
Host localhost:9002
Referer http://localhost:9001/myapp/
User-Agent Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0
来自缓存的响应标头
Access-Control-Allow-Cred... true
Access-Control-Allow-Head... x-requested-with
Access-Control-Allow-Meth... GET,POST
Access-Control-Allow-Orig... https://localhost
Access-Control-Max-Age 360
Content-Length 0
Date Thu, 14 Jun 2012 11:12:36 GMT
Location http://localhost:9001/myapp/springSecurity/login.json
Server Apache-Coyote/1.1
Set-Cookie _system.tenantID_=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
附带说明一下,如果我将 URL 更改http://localhost:9001/myapp/springSecurity/login.json为 HTTP 协议,它就可以调用我的控制器。
响应类
public class SpringSecurityLoginStatus
{
private final boolean loggedIn;
private final String username;
public SpringSecurityLoginStatus(final boolean loggedIn, final String username)
{
this.loggedIn = loggedIn;
this.username = username;
}
public boolean isLoggedIn()
{
return loggedIn;
}
public String getUsername()
{
return username;
}