English 中文(简体)
如果春季布瓦特需要Athentication,如何对AJAX的请求发出不同的答复
原标题:How to send different response for AJAX request if Authentication is required in Spring Boot

我有一份申请,当时我正在使用春天的安保和奥安特2的标识。 一切都在发挥作用。 如果用户没有登录在册,则按预期将用户重新定位为登录页。 然而,这一重新定位造成了申请的麻烦。 如果用户不挂在册,则对<代码>AJAX的要求是否发出不同的答复。 我曾尝试过这样的事情,但认为“<编码>除外,<>/代码”不是截获这种请求的适当场所。

@Bean
public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
    return http
            .authorizeExchange(authorizeExchangeSpec -> {
                authorizeExchangeSpec.anyExchange().authenticated();
            })
            .csrf(csrfSpec -> {
                csrfSpec.csrfTokenRepository(CookieServerCsrfTokenRepository.withHttpOnlyFalse());
            })
            .logout(logoutSpec -> {
                logoutSpec.logoutSuccessHandler(oidcLogoutSuccessHandler(this.clientRegistrationRepository));
            })
            .oauth2Login(Customizer.withDefaults())
            .exceptionHandling(exceptionHandlingSpec -> {
                exceptionHandlingSpec.authenticationEntryPoint((swe, e) -> {
                    // It seems its too late here to do such check none of the header have this? Eventhough `AJAX` request triggered this.
                    if (swe.getRequest().getHeaders().containsKey("X-Requested-With")) {
                        return Mono.fromRunnable(() -> swe.getResponse().setStatusCode(HttpStatus.UNAUTHORIZED));
                    }
                });
            })
            .build();
    }
问题回答

您对<>OAuth2”客户构成下定义:经会议授权的请求,以及对有302个身份的缺失或无效授权的请求(改称标志)。 这对服务器上提供的网页(Thyme pages, JSF, 或以任何方式)来说都是罚款。

REST终端点应配置为OAuth2台资源服务器:经授权可使用象征性设备、不举行任何会议的请求,以及用401份(未经批准)的缺失或无效授权的请求。

如果你的申请既服务于服务器,又服务于遥感技术资源,那么你应界定两种不同的安全过滤链:一种是用户配置,另一种是资源服务器配置。

当你界定了不止一个安全过滤链条时,应当将其与<代码>@ 第号令,用以界定其评价顺序和所有过滤链,但最后一条载于@ 命令应当有一个安全匹配器(例如>http.securityMatcher("/api/**”),用于一个资源服务器过滤链,以将其限制在它应当得到的资源上,并使那些有更高顺序的人有机会处理这一请求(如果安全匹配者不匹配,可评估次)。

详情见my tutorials。 (一) 专用于为教育、教育、科学和技术部的APIC和Tymehil客户服务。

时间:2023-06-16 02:54:38


上一篇:
下一篇:


相关问题
Spring Properties File

Hi have this j2ee web application developed using spring framework. I have a problem with rendering mnessages in nihongo characters from the properties file. I tried converting the file to ascii using ...

时间:2009-11-13 05:05:41 回答:3 展示:1
Logging a global ID in multiple components

I have a system which contains multiple applications connected together using JMS and Spring Integration. Messages get sent along a chain of applications. [App A] -> [App B] -> [App C] We set a ...

时间:2009-11-09 14:50:12 回答:4 展示:1
Java Library Size

If I m given two Java Libraries in Jar format, 1 having no bells and whistles, and the other having lots of them that will mostly go unused.... my question is: How will the larger, mostly unused ...

时间:2009-11-09 14:44:57 回答:2 展示:1
How to get the Array Class for a given Class in Java?

I have a Class variable that holds a certain type and I need to get a variable that holds the corresponding array class. The best I could come up with is this: Class arrayOfFooClass = java.lang....

时间:2009-11-05 09:41:59 回答:5 展示:1
SQLite , Derby vs file system

I m working on a Java desktop application that reads and writes from/to different files. I think a better solution would be to replace the file system by a SQLite database. How hard is it to migrate ...

时间:2009-11-05 09:26:46 回答:3 展示:1
热门标签

友情链接

Allggapp Alljchome-教程家园 mvfinale.com-影视剧情大结局大全