Last active
December 17, 2015 06:59
-
-
Save bmchild/5569833 to your computer and use it in GitHub Desktop.
SpringMVC Return 401 for Unauthenticated Rest Calls
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package com.bmchild.service.user; | |
import java.io.IOException; | |
import javax.servlet.ServletException; | |
import javax.servlet.http.HttpServletRequest; | |
import javax.servlet.http.HttpServletResponse; | |
import org.apache.commons.lang.StringUtils; | |
import org.springframework.security.core.AuthenticationException; | |
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint; | |
import org.springframework.security.web.util.ELRequestMatcher; | |
import org.springframework.security.web.util.RequestMatcher; | |
/** | |
* @author bchild | |
* | |
*/ | |
public class AjaxAwareLoginUrlAuthenticationEntryPoint extends | |
LoginUrlAuthenticationEntryPoint { | |
private static final RequestMatcher requestMatcher = new ELRequestMatcher( | |
"hasHeader('X-Requested-With','XMLHttpRequest')"); | |
@SuppressWarnings("deprecation") | |
public AjaxAwareLoginUrlAuthenticationEntryPoint() { | |
super(); | |
} | |
public AjaxAwareLoginUrlAuthenticationEntryPoint(String loginFormUrl) { | |
super(loginFormUrl); | |
} | |
@Override | |
public void commence(final HttpServletRequest request, final HttpServletResponse response, final AuthenticationException authException) throws IOException, ServletException { | |
if(isPreflight(request)){ | |
response.setStatus(HttpServletResponse.SC_NO_CONTENT); | |
} else if (isRestRequest(request)) { | |
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized"); | |
} else { | |
super.commence(request, response, authException); | |
} | |
} | |
/** | |
* Checks if this is a X-domain pre-flight request. | |
* @param request | |
* @return | |
*/ | |
private boolean isPreflight(HttpServletRequest request) { | |
return "OPTIONS".equals(request.getMethod()); | |
} | |
/** | |
* Checks if it is a rest request | |
* @param request | |
* @return | |
*/ | |
protected boolean isRestRequest(HttpServletRequest request) { | |
return requestMatcher.matches(request); | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<beans xmlns="http://www.springframework.org/schema/beans" | |
xmlns:security="http://www.springframework.org/schema/security" | |
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | |
xsi:schemaLocation="http://www.springframework.org/schema/beans | |
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd | |
http://www.springframework.org/schema/security | |
http://www.springframework.org/schema/security/spring-security-3.1.xsd"> | |
<security:global-method-security pre-post-annotations="enabled" secured-annotations="enabled"/> | |
<security:http disable-url-rewriting="true" use-expressions="true" | |
entry-point-ref="ajaxAwareLoginUrlAuthenticationEntryPoint"> | |
<security:form-login | |
authentication-failure-url="/login?error=1" | |
login-processing-url="/login/submit"/> | |
<security:logout logout-url="/logout" logout-success-url="/login"/> | |
<security:intercept-url pattern="/" access="permitAll" /> | |
<security:intercept-url pattern="/css/**" access="permitAll" /> | |
<security:intercept-url pattern="/images/**" access="permitAll" /> | |
<security:intercept-url pattern="/js/**" access="permitAll" /> | |
<security:intercept-url pattern="/login" access="permitAll" /> | |
<security:intercept-url pattern="/**" access="isAuthenticated()" /> | |
</security:http> | |
<security:authentication-manager erase-credentials="true" alias="authenticationManager" > | |
<security:authentication-provider user-service-ref="customUserDetailsService"> | |
<security:password-encoder ref="passwordEncoder" base64="true"/> | |
</security:authentication-provider> | |
</security:authentication-manager> | |
<bean id="ajaxAwareLoginUrlAuthenticationEntryPoint" class="com.bmchild.service.user.AjaxAwareLoginUrlAuthenticationEntryPoint"> | |
<constructor-arg value="/login" /> | |
</bean> | |
</beans> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment