English 中文(简体)
using request builder to authenticate user: Not working in spring security
原标题:

I need to authenticate a user in a page based on the remember me cookie, inspired by this site: Tutorial for checking spring authentication, I came up with a solution for checking the authentication.

Changes made in my application

applicationContext-security.xml:

<intercept-url pattern= /**AuthenticationChecker.html  access="ROLE_ADMIN"/>
...
<form-login login-page="/Login.html" authentication-failure-url="/Login.html" always-use-default-target="true" default-target-url="/Main.html"/>

Gwt code:

try
{
    RequestBuilder rb = new RequestBuilder(
    RequestBuilder.POST, "AuthenticationChecker.html");
            rb.sendRequest(null, new RequestCallback() 
            {
                public void onError(Request request, Throwable exception)
                {
                    RootPanel.get().add(new HTML("[error]" + exception.getMessage()));
                }
                public void onResponseReceived(Request request, Response response)
                {
                    RootPanel.get()
                   .add(new HTML("[success (" + response.getStatusCode() + "," + response.getStatusText() + ")]"));
                }
            }
    );
}
catch (Exception e)
{
    RootPanel.get().add(new HTML("Error sending request " + e.getMessage()));
}

AuthenticationChecker.html is a simple blank html page, from what I understand, as AuthenticationChecker.html requires role as admin, I should have got a 401 Unauthorized if remember me cookie was not present and a 200 OK if the user was authenticated and his cookie was present.

However, the output always shows: [success (200,OK)]

To cross check, i simply typed authenticaionChecker.html (without logging in) and it returned back to Login.html indicating that spring is indeed authenticating the user.

Am I doing something wrong here ?

最佳回答

If you look at the tutorial, you ll see that a 401 is only returned when you re using Basic Authentication. With form-based authentication, you have to check the response text for an error message. For example:

public void onResponseReceived(Request request, Response response) {
    if (response.getStatusCode() != Response.SC_OK) {
        onError(request, new RequestException(response.getStatusText() + ":
" + response.getText()));
        return;
    }

    if (response.getText().contains("Access Denied")) {
        Window.alert("You have entered an incorrect username or password. Please try again.");
    } else {
        // authentication worked, show a fancy dashboard screen
    }
}
时间:2009-11-25 09:04:01
问题回答

暂无回答


上一篇:
下一篇:


相关问题
ajax login using httpRequest?

I am trying to develop my login script to give feedback to the user if the login is valid or not. Basically if it isn t correct a div box will show saying its wrong, if its correct it will show its ...

时间:2009-11-14 12:18:03 回答:4 展示:1
Remotely authenticating client Windows user on demand

Suppose I am writing a server for a particular network protocol. If I know that the client is running on a Windows machine, is it possible for my server to authenticate the Windows user that owns the ...

时间:2009-11-14 11:57:12 回答:1 展示:1
Role/Permission based forms authorizing/authentication?

While looking into forms authorizing/authentication, I found that it is possible to do role based authorizing by adding an array of roles to a FormsAuthenticationTicket. That way I can write User....

时间:2009-11-05 23:14:23 回答:1 展示:1
热门标签

友情链接

Allggapp Alljchome-教程家园 mvfinale.com-影视剧情大结局大全