Java Spring引导和安全性:如何扩展302状态代码的响应?
设置:Java Spring引导和安全性:如何扩展302状态代码的响应?,java,spring,http,spring-boot,oauth-2.0,Java,Spring,Http,Spring Boot,Oauth 2.0,设置: Cache-Control:no-cache, no-store, max-age=0, must-revalidate Connection:keep-alive Content-Length:0 Date:Fri, 06 Oct 2017 12:12:26 GMT Expires:0 Location:http://localhost:8080/login Pragma:no-cache X-Content-Type-Options:nosniff X-Frame-Options:D
Cache-Control:no-cache, no-store, max-age=0, must-revalidate
Connection:keep-alive
Content-Length:0
Date:Fri, 06 Oct 2017 12:12:26 GMT
Expires:0
Location:http://localhost:8080/login
Pragma:no-cache
X-Content-Type-Options:nosniff
X-Frame-Options:DENY
X-XSS-Protection:1; mode=block
- Spring启动应用程序
- OAuth2安全
- 用于UI实现的ReactJS
Cache-Control:no-cache, no-store, max-age=0, must-revalidate
Connection:keep-alive
Content-Length:0
Date:Fri, 06 Oct 2017 12:12:26 GMT
Expires:0
Location:http://localhost:8080/login
Pragma:no-cache
X-Content-Type-Options:nosniff
X-Frame-Options:DENY
X-XSS-Protection:1; mode=block
- 登录到应用程序
- 在同一浏览器中打开具有相同应用程序的其他选项卡
- 从应用程序注销在其中一个选项卡中,用户将重定向到登录视图
- 转到第一个选项卡(用户已注销,如果我刷新页面,我将获得登录表单),并执行触发POST/PUT/PATCH请求的任何操作。请求和响应示例如下:
Request URL:http://localhost:8080/api/info
Request Method:PUT
Status Code:302 Found
Remote Address:[::1]:8080
Referrer Policy:no-referrer-when-downgrade
accept:application/json
Accept-Encoding:gzip, deflate, br
Accept-Language:en-US,en;q=0.8,sv;q=0.6,ru;q=0.4,uk;q=0.2,fr;q=0.2
Cache-Control:no-cache
Connection:keep-alive
Content-Length:66
Content-Type:application/json
Cookie:_ga=GA1.1.1868465923.1505828166; _gid=GA1.1.612220229.1507272075; session=e4oSW4Kq; prod_user_session=4d6b615f-521704; user_session=g3ggLxJDomyZ
Host:localhost:8080
mode:cors
Origin:http://localhost:8080
Pragma:no-cache
Referer:http://localhost:8080/profile
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
响应:
Cache-Control:no-cache, no-store, max-age=0, must-revalidate
Connection:keep-alive
Content-Length:0
Date:Fri, 06 Oct 2017 12:12:26 GMT
Expires:0
Location:http://localhost:8080/login
Pragma:no-cache
X-Content-Type-Options:nosniff
X-Frame-Options:DENY
X-XSS-Protection:1; mode=block
此响应系统触发后,将请求放入http://localhost:8080/login
和失败,因为http://localhost:8080/login
请求
问题:
Cache-Control:no-cache, no-store, max-age=0, must-revalidate
Connection:keep-alive
Content-Length:0
Date:Fri, 06 Oct 2017 12:12:26 GMT
Expires:0
Location:http://localhost:8080/login
Pragma:no-cache
X-Content-Type-Options:nosniff
X-Frame-Options:DENY
X-XSS-Protection:1; mode=block
我知道我得到了302状态和
位置:http://localhost:8080/login
标题,因为我已注销。我希望用JSON正文扩展此案例的响应,或者至少确保对于此案例,我将获得401未经授权
状态代码,而不是302 如果我正确理解了您的问题,那么对于通过常规网页加载(products=“text/html”
)和AJAX调用(products=“application/json”
)发出的未经授权请求,您似乎需要两种不同的响应。目前,未经授权的AJAX调用被重定向到登录页面,这是一个合法页面,因此没有401响应代码。下面是一个使用XML配置和@Configuration-config实现所需设置的示例
另一个更为用户友好的选项是使用Spring的WebSocket支持向给定用户可能打开的所有选项卡(跨所有设备和浏览器)发送注销事件信号,从而触发每个选项卡重定向到登录页面