Login with Spring security using Ajax

Question

I am trying to work on Ajax based login system using Spring Security and it was working fine, till I got with another requirement where I need to configure authenticat

Answer 1

With the login form that is currently posted it cannot work, as a form like this is needed:

<body>
  <form action="/j_spring_security_check" method="POST">
    <label for="username">User Name:</label>
    <input id="username" name="j_username" type="text"/>
    <label for="password">Password:</label>
    <input id="password" name="j_password" type="password"/>
    <input type="submit" value="Log In"/>
  </form>
</body>

The post needs to be done j_spring_security_check, and username and password need to be suplied in fields j_username and j_password, otherwise it won't work.

I think you are getting a redirect to a login page.

You can see where the redirect is going with the chrome debugger or firebug if using firefox.

To approach this first get the rest of the config working with the default login page generated by spring security, by removing login-page="/customer/logon.html".

Once this works you can add back the custom login page, but it needs to have the elements above.

Also I believe you are trying to post a JSTL tag via ajax to the server? If it's true it won't work, otherwise can you edit the question.

Try it step by step by first using the default login page, then with an ajax request with hardcoded values just for testing and then when this works with a custom login page.

Answer 2

response code 302 is not an error indication. It's a way of performing a redirection. as you have not shared your webshopAuthenticationSuccessHandler code.

But i am pretty much sure you are redirecting the request to some specified resource after processing some certain condition. so just check your header and get the URL of redirection. and then redirect with javascript code.

An HTTP response with this status code will additionally provide a URL in the Location header field.

For an example -

Client request:

---

GET /index.html HTTP/1.1

Host: www.example.com

---

Server response:

---

HTTP/1.1 302 Found

Location: http://www.iana.org/domains/example/

so along with this error code you are getting http://www.iana.org/domains/example/ url where your authenticationSuccessHandler want you to redirect so redirect it through javascript code.

Answer 3

First you don't need a controller, spring security handles all this for you. So drop the controller.

The current problem is due to your JSON based post. This is handled by the normal filter which handles login, but it doesn't see a j_username and j_password field and as such will redirect (the 302) to the login page (in your case /shop/home.html) asking for those fields.

Basically you are posting the data as JSON whereas it simply should be just an ajaxified form post. This allows you to write a simple AuthenticationSuccessHandler which simply returns a 401 or a 200 status-code (and maybe a body) when things are ok.

Changing your ajax submit to something like this should make things work.

var data = $(this).serializeObject();
$.ajax({
    'type': $(this).action,
    'url': $(this).target,
    'data': data
}):

This should create a ajax form post. Might be that you need a call to preventDefault() in the surrounding method to stop the form from actual posting.