spring security LoginUrlAuthenticationEntryPoint - slahsk/study GitHub Wiki
session λκΈ΄ν ajax λ₯Ό νΈμΆνλ©΄ μνκ°μ΄ 200 λ¨μ΄μ§λ©΄μ μ μμ²λ¦¬ λλ€.
μ΄λ₯Ό μ²λ¦¬ νκΈ° μν΄μ LoginUrlAuthenticationEntryPoint μμ commence λ©μλλ₯Ό μ€λ²λΌλ© ν΄νλ€.
AuthenticationException or AccessDeniedException
λ°μμ ExceptionTranslationFilter μμ μ²λ¦¬ νλλ― νλ€.
AccessDeniedException λ°μμ url κ²μ¬λ₯Ό νμ¬ ajax ν¬ν¨ νκ³ μμΌλ©΄ response header μνκ°μ 403 μΌλ‘ λ³νμν¨λ€
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
public class AjaxAwareAuthenticationEntryPoint extends LoginUrlAuthenticationEntryPoint{
public AjaxAwareAuthenticationEntryPoint(String loginUrl) {
super(loginUrl);
}
@Override
public void commence(
HttpServletRequest request,
HttpServletResponse response,
AuthenticationException authException)
throws IOException, ServletException {
boolean isAjax = request.getRequestURI().contains("ajax");
if (isAjax) {
response.sendError(403, "Forbidden");
} else {
super.commence(request, response, authException);
}
}
}ExceptionTranslationFilter μ λ±λ‘ν΄μ μ¬μ© νμ§λ§ κ°λ¨νκ² μ¬μ©μ
<bean id="exceptionTranslationFilter" class="org.springframework.security.web.access.ExceptionTranslationFilter">
<property name="authenticationEntryPoint" ref="authenticationEntryPoint"/>
<property name="accessDeniedHandler" ref="accessDeniedHandler"/>
</bean>
<bean id="authenticationEntryPoint"
class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<property name="loginFormUrl" value="/login.jsp"/>
</bean>
<bean id="accessDeniedHandler" class="org.springframework.security.web.access.AccessDeniedHandlerImpl">
<property name="errorPage" value="/accessDenied.htm"/>
</bean><http auto-config="true" entry-point-ref="ajaxAwareAuthenticationEntryPoint">
....
</http>