The client and server timed out and authentication failed due to prolonged interaction on the server.However, the user does not want to jump to the login interface for login, expecting to login in the current interface pop-up window and proceed to the next step.
Solution: When the server intercepts the request to discover that authentication is invalid, the value returned to Code prompts the client for JSON login, and the client proceeds to the previous step after successful login.
Note: HTTP CODE cannot return 302, this code viewer will block automatic go to landing page
Implement this by adding an interceptor in Spring security to intercept a specified JSON request for a login operation.
/** * Support for JSON login * AuthenticationFilter that supports rest login(json login) and form login. */ @Slf4j public class AuthenticationRestfullFilter extends UsernamePasswordAuthenticationFilter { @Override public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException { //attempt Authentication when Content-Type is json if (MediaType.APPLICATION_JSON_UTF8_VALUE.equals(request.getContentType()) || MediaType.APPLICATION_JSON_VALUE.equals(request.getContentType())) { //use jackson to deserialize json can use jackson here because it is wrapped by Security ObjectMapper mapper = new ObjectMapper(); UsernamePasswordAuthenticationToken authRequest = null; try (InputStream is = request.getInputStream()) { UsernamePasswordVm userDto = mapper.readValue(is, UsernamePasswordVm.class); authRequest = new UsernamePasswordAuthenticationToken(userDto.getUsername(), userDto.getPassword()); } catch (IOException e) { log.warn(e.getMessage(), e); e.printStackTrace(); authRequest = new UsernamePasswordAuthenticationToken("", ""); } finally { setDetails(request, authRequest); } log.debug("User Rest login app !"); return this.getAuthenticationManager().authenticate(authRequest); } return super.attemptAuthentication(request, response); } } @Getter @Setter public class UsernamePasswordVm { private String username; private String password; private Boolean rememberMe; }Shared Session
Introduction: When an application evolves into a distributed or clustered application, user requests may be loaded onto different servers, and Web container sessions are not universal, so user session information is shared through Spring Session.
Solution: Spring Session intercepts user session (wrapping Http Request) information and stores it in a specified storage location while other servers can manipulate the data, enabling Session sharing and improving application performance and concurrency.
Implementation:
@EnableRedisHttpSession(maxInactiveIntervalInSeconds="Maximum request interval period, which can be interpreted as Session Timeout") public class StarUpAdminApp { }
Related Configuration
spring: http: encoding: charset: UTF-8 enabled: true force: true session: store-type: redis redis: flush-mode: on-save namespace: session database: 2 host: 127.0.0.1 lettuce: pool: max-active: 4 max-wait: -1ms max-idle: 2 min-idle: 0