All geek questions in one place

Ajax and form authentication

I am trying to implement authentication in my ajax application. The problem is that when the session ends, I get the code 302, which redirects me to the login page specified in web.xml (and this forces everyone to update the entire application on the login page).

What I want to do is get the “unauthenticated” (401) code, and then display the login form in the popup window and when the login successfully continues what I am doing.

here is a picture of what is happening: http://docs.oracle.com/javaee/1.4/tutorial/doc/images/security-formBasedLogin.gif

and docs http://docs.oracle.com/javaee/1.4/tutorial/doc/Security5.html

Basically, I want to display a popup, rather than redirecting to the login page, and then not redirecting to the resource, but performing my AJAX update. As far as I understand, this cannot be done only on the client side, since redirects cannot be avoided (see here: redirection information ), I will need to write some logic on the server to prevent redirection, see here for details on how do it in IIS: Implementing IIS

PS So far this: http://www.oracle.com/technetwork/articles/entarch/session-lifecycle-096133.html looks like the most promising way to implement it. The class is deprecated, but I cannot find a new one and I think this is the only way to do this for Weblogic.

+4
source share
5 answers

This is not an easy way, but still it works.

You have a form on your page that is filled out by the user.

The user clicks the submit button.

An ajax request is sent to the server.

A server-side implementation can check for a session or not. and accordingly you can send the response code 401 .. (response.setStatus ());

This 401 can be tested on the client side using ajax --- xhr.status

If the answer is 401, you can show the login form and hide the current form. using js and css.

The user fills in the registration data and clicks send.

You can check on the server side and check on the client side the status of this login request.

if the login is successful, you can submit the first form using ajax or js ..

+1
source

You may need to use servlet validation filters, as described in weblogic.xml Deployment Descriptor Elements

The following tutorials can help you:
oracle servlet authentication filters
Using servlet filters to authenticate users
Writing Servlet Filters

+1
source

You can use heart rate checking with an ajax request to your server for any resource that needs to be authenticated in order to receive it. If you cannot get this resource, then you are not logged in .. so that you can send another authentication, ask to continue your rendering.

see this article .. http://ajaxpatterns.org/archive/Heartbeat.php

so that your authentication procedure is implemented.

0
source

You need to click on the page, not the survey. Therefore, you need Strophe and your session handler. When the session ends, the signal is sent to the Strophe instance that is running in your web application, and after that it is easy to make a popup or something else. For all things in real time I use Strophe!

This is a book about this meter, and this is for Strophe , also this is a php xmpp class reference.

It will take you a couple of days to figure it out, but it's a couple of days spent well! If you carefully read the book and move on to examples using only a basic understanding of javascript / jquery, you can create powerful web applications.

0
source

I know that you are trying to authenticate FORM using an ajax application, but is it really ?

BASIC authentication is simplified and transparent for ajax requests, as it is handled by the browser and not by your application. But I admit / understand that the popup is ugly.

-1
source

Source: https://habr.com/ru/post/1446566/

More articles:


All Articles