jecyhw · February 10, 2022 05:59 · subinsoman · Feb 10, 2022
diff --git a/AjaxAwareAuthenticationEntryPoint.java b/AjaxAwareAuthenticationEntryPoint.java
 public class AjaxAwareAuthenticationEntryPoint extends LoginUrlAuthenticationEntryPoint {
    public AjaxAwareAuthenticationEntryPoint(String loginFormUrl) {
        super(loginFormUrl);
    }

    @Override
    public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException {
        String ajaxHeader = ((HttpServletRequest) request).getHeader("X-Requested-With");
        if ("XMLHttpRequest".equals(ajaxHeader)) {
            response.sendError(HttpServletResponse.SC_FORBIDDEN, "Ajax Request Denied (Session Expired)");
        } else {
            super.commence(request, response, authException);
        }
    }
 }


 /**
 @Configuration
 public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private UserDetailsService userDetailsService;

    @Bean
    public BCryptPasswordEncoder bCryptPasswordEncoder() {
        return new BCryptPasswordEncoder();
    }
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                    .headers()
                    .frameOptions().sameOrigin()
                .and()
                    .authorizeRequests()
                    .antMatchers("/**/create", "/**/recognition", "/**/delete*", "/**/uploadFile*").authenticated()
                    .antMatchers("/**").permitAll()
                .and()
                    .formLogin()
                    .loginPage("/login?auth")
                    .loginProcessingUrl("/login")
                    .failureUrl("/login?error")
                    .defaultSuccessUrl("/")
                    .usernameParameter("userName")
                    .passwordParameter("password")
                    .permitAll()
                .and()
                    .logout().logoutSuccessUrl("/login").logoutRequestMatcher(new AntPathRequestMatcher("/logout")).permitAll()
                .and().csrf()
                .and().exceptionHandling().authenticationEntryPoint(new AjaxAwareAuthenticationEntryPoint("/login"));
    }
 }
 **/
    
 /**
 $(document).ajaxError(function (e, xhr, options) {
        if (xhr.status == 403) {
            window.location.href = 'login';
        }
    });
 **/
	public class AjaxAwareAuthenticationEntryPoint extends LoginUrlAuthenticationEntryPoint {
	public AjaxAwareAuthenticationEntryPoint(String loginFormUrl) {
	super(loginFormUrl);
	}

	@Override
	public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException {
	String ajaxHeader = ((HttpServletRequest) request).getHeader("X-Requested-With");
	if ("XMLHttpRequest".equals(ajaxHeader)) {
	response.sendError(HttpServletResponse.SC_FORBIDDEN, "Ajax Request Denied (Session Expired)");
	} else {
	super.commence(request, response, authException);
	}
	}
	}


	/**
	@Configuration
	public class SecurityConfig extends WebSecurityConfigurerAdapter {

	@Autowired
	private UserDetailsService userDetailsService;

	@Bean
	public BCryptPasswordEncoder bCryptPasswordEncoder() {
	return new BCryptPasswordEncoder();
	}
	@Override
	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
	auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder());
	}

	@Override
	protected void configure(HttpSecurity http) throws Exception {
	http
	.headers()
	.frameOptions().sameOrigin()
	.and()
	.authorizeRequests()
	.antMatchers("//create", "//recognition", "/*/delete", "/*/uploadFile").authenticated()
	.antMatchers("/**").permitAll()
	.and()
	.formLogin()
	.loginPage("/login?auth")
	.loginProcessingUrl("/login")
	.failureUrl("/login?error")
	.defaultSuccessUrl("/")
	.usernameParameter("userName")
	.passwordParameter("password")
	.permitAll()
	.and()
	.logout().logoutSuccessUrl("/login").logoutRequestMatcher(new AntPathRequestMatcher("/logout")).permitAll()
	.and().csrf()
	.and().exceptionHandling().authenticationEntryPoint(new AjaxAwareAuthenticationEntryPoint("/login"));
	}
	}
	**/

	/**
	$(document).ajaxError(function (e, xhr, options) {
	if (xhr.status == 403) {
	window.location.href = 'login';
	}
	});
	**/