Rest call on expired session: HTTP 401 response causes browser to display login window

Question

I have written a HTML 5 application that uses AngularJS and interfaces with a Java REST backend running on Tomcat. I use Spring Security to handle login and security.

W

Answer 1

I finally found the solution for this. As I mentioned in my update the reason is, that the response contains the WWW-Authenticate header field. My solution was then to change the configuration of spring security to return a different header:

WWW-Authenticate: FormBased

To do this I had to implement the AuthenticaitonEntryPoint interface and manually set the header and status code in the response:

@Component( "restAuthenticationEntryPoint" )
public class RestAuthenticationEntryPoint implements AuthenticationEntryPoint {

    @Override
    public void commence( HttpServletRequest request, HttpServletResponse response,
                          AuthenticationException authException ) throws IOException {
        response.setHeader("WWW-Authenticate", "FormBased");
        response.setStatus( HttpServletResponse.SC_UNAUTHORIZED );
    }
}

then I changed the configuration of spring-security and set the entry-point-ref to point to the new class: