I'm using Spring Security 3 to protect access to a Spring-based Java Web application. The security mechanism is all configured through a standard Spring Security bean definition file, using the "security" schema. By default the user can access any URL and those that require a login are listed in the “http” element of the Spring configuration file. The system is configured so that a user who has not performed a login will 开发者_运维百科be redirected to a login form before they can access such a URL.
The problem that I have is that certain URLs in the system are intended for programmatic access and return XML rather than HTML. For such URLs I need to be able to return a “user not logged in” XML instead of forcing a redirect to a login form. How can I reconfigure my “http” element (and its associated elements in the configuration file) to allow me to have one set of controlled URLs that will redirect to a login form when the user isn't logged in and another set that will return an error?
Cheers, Adam.
Maybe an authentication filter helps you. Inside the doFilter() method of Spring's AbstractAuthenticationProcessingFilter you could check whether a XML file is requested. If yes, you interrupt the chain and return an error XML file if there's no active user session. See here for more details:
http://mark.koli.ch/2010/07/spring-3-and-spring-security-setting-your-own-custom-j-spring-security-check-filter-processes-url.html
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论