使用AngularJS和Spring的java错误路由
我有一个带有AngularJS 1.3前端和SpringAPI-REST的应用程序
对于登录,我正在使用会话(无jwt),我遇到以下问题:
- 我登录到应用程序李>
- 在应用程序中导航李>
- 会话丢失时,对后端的第一个请求会将我发送到登录页面李>
- 我再次登录到应用程序,但它将我重定向到最后一个请求(将我踢出应用程序的请求),有时是一个API调用,另一些是对资源的请求(例如JavaScript)李>
我不确定如何避免这种行为,这是我的Spring安全文件:
<sec:http use-expressions="true" auto-config="false">
<sec:custom-filter ref="captchaFilter" before="FORM_LOGIN_FILTER" />
<sec:custom-filter position="SWITCH_USER_FILTER" ref="switchUserProcessingFilter" />
<sec:session-management session-fixation-protection="newSession"></sec:session-management>
<sec:intercept-url pattern="/j_spring_security_switch_user" access="isAuthenticated()"/>
<sec:intercept-url pattern="*/app/**" access="isAuthenticated()" />
<sec:intercept-url pattern="/" access="permitAll" />
<sec:intercept-url pattern="/login" access="permitAll" />
<sec:intercept-url pattern="/accessDenied" access="permitAll" />
<sec:intercept-url pattern="/loginFailed" access="permitAll" />
<sec:intercept-url pattern="/css/**" access="permitAll" />
<sec:intercept-url pattern="/img/**" access="permitAll" />
<sec:intercept-url pattern="/public*" access="permitAll" />
<sec:intercept-url pattern="/libs/**" access="permitAll" />
<sec:intercept-url pattern="/fonts/**" access="permitAll" />
<sec:intercept-url pattern="/*" access="permitAll" />
<sec:intercept-url pattern="/**" access="isAuthenticated()" />
<sec:form-login login-page="/login"
authentication-failure-url="/accessDenied"
authentication-success-handler-ref="authSuccessHandler"
authentication-failure-handler-ref="authFailureHandler"
login-processing-url="/login" />
<sec:access-denied-handler error-page="/accessDenied" />
<sec:logout />
</sec:http>
<!-- Authentication providers -->
<bean id="passwordEncoder"
class="org.springframework.security.authentication.encoding.ShaPasswordEncoder">
<constructor-arg value="512" />
</bean>
<bean id="authSuccessHandler"
class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
</bean>
<bean id="authFailureHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler"
p:defaultFailureUrl="/loginFailed" />
<sec:authentication-manager alias="authenticationManager">
<sec:authentication-provider ref="jaasAuthProvider" />
</sec:authentication-manager>
</beans>
# 1 楼答案
见Spring Security Reference: