Spring Security Ajax login

Question

I have implemented this security proccess in my project: Spring Security 3 - MVC Integration Tutorial (Part 2).

My problem is that I need to turn it into an Ajax-ba

Answer 1

This is an old post, but it still comes up as one of the top results for "spring security ajax login," so I figured I'd share my solution. It follows Spring Security standards and is pretty simple to setup, the trick is to have 2 elements in your security configuration, one for REST/Ajax and one for the rest of the app (regular HTML pages). The order in which 's appear is important, it has to go from more specific to more generic URLs, just like elements inside of a .

Step 1: Setup Two Separate 's

Step 2: REST Authentication Controller

import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;

import flexjson.JSONSerializer;

@Controller
@RequestMapping(value = "/rest/security")
public class RestAuthenticationController {

    public HttpHeaders getJsonHeaders() {
        HttpHeaders headers = new HttpHeaders();
        headers.add("Content-Type", "application/json");
        return headers;
    }

    @RequestMapping(value="/login-page", method = RequestMethod.GET)
    public ResponseEntity apiLoginPage() {
        return new ResponseEntity(getJsonHeaders(), HttpStatus.UNAUTHORIZED);
    }

    @RequestMapping(value="/authentication-failure", method = RequestMethod.GET)
    public ResponseEntity apiAuthenticationFailure() {
        // return HttpStatus.OK to let your front-end know the request completed (no 401, it will cause you to go back to login again, loops, not good)
        // include some message code to indicate unsuccessful login
        return new ResponseEntity("{\"success\" : false, \"message\" : \"authentication-failure\"}", getJsonHeaders(), HttpStatus.OK);
    }

    @RequestMapping(value="/default-target", method = RequestMethod.GET)
    public ResponseEntity apiDefaultTarget() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        // exclude/include whatever fields you need
        String userJson = new JSONSerializer().exclude("*.class", "*.password").serialize(authentication);
        return new ResponseEntity(userJson, getJsonHeaders(), HttpStatus.OK);
    }
}

Step 3: Submit AJAX form and process the response, required jQuery's ajaxForm library

...


$('form').ajaxForm({
    success: function(response, statusText, xhr, $form)  {
        console.log(response);
        if(response == null || response.username == null) {
            alert("authentication failure");
        } else {
            // response is JSON version of the Spring's Authentication
            alert("authentication success");
        }
    },
    error: function(response, statusText, error, $form)  { 
        if(response != null && response.message == "authentication-failure") {
            alert("authentication failure");
        }
    }
});