tag:blogger.com,1999:blog-5680703984366099023.post375226377863878914..comments2023-10-15T17:47:00.984+03:00Comments on Gal Levinsky: Spring security 3 Ajax login - accessing protected resourcesGal Levinskyhttp://www.blogger.com/profile/05872889954243867542noreply@blogger.comBlogger7125tag:blogger.com,1999:blog-5680703984366099023.post-8047895919603779952017-01-18T05:02:07.942+02:002017-01-18T05:02:07.942+02:00really interesting and decisive. thanks I have sol...really interesting and decisive. thanks I have solved a problem in an easy and powerfulMatteohttps://www.blogger.com/profile/17600315551605005757noreply@blogger.comtag:blogger.com,1999:blog-5680703984366099023.post-3043800048210736902014-04-23T14:15:10.654+03:002014-04-23T14:15:10.654+03:00This code can easily be slightly modified to suppo...This code can easily be slightly modified to support any kind of status and response.<br />However, as a security best practice I would be advised to prevent any concrete error message regarding the reason the user/password validation failed, since it can help attackers too.Gal Levinskyhttps://www.blogger.com/profile/05872889954243867542noreply@blogger.comtag:blogger.com,1999:blog-5680703984366099023.post-78131779410100879782014-04-19T18:04:20.312+03:002014-04-19T18:04:20.312+03:00Does this code correctly handle validation failure...Does this code correctly handle validation failures? E.g. if the password doesn't conform to a certain pattern you want more than not-ok, you want to return a bindingresult errors object with details on the validation issue. Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-5680703984366099023.post-48809334208174920762014-03-12T09:41:00.673+02:002014-03-12T09:41:00.673+02:00Failure is very similar to the success handler, ex...Failure is very similar to the success handler, except it prints our "error" string.<br />As you can see - the ajaxLogin JS method will handle only "ok" string as success.Gal Levinskyhttps://www.blogger.com/profile/05872889954243867542noreply@blogger.comtag:blogger.com,1999:blog-5680703984366099023.post-79756407196271041662014-03-11T08:44:02.102+02:002014-03-11T08:44:02.102+02:00it is handling success only . What about ajaxAuthe...it is handling success only . What about ajaxAuthenticationFailureHandler!!!<br />Thanks in advance for above informationAnonymoushttps://www.blogger.com/profile/09199327362870367089noreply@blogger.comtag:blogger.com,1999:blog-5680703984366099023.post-28628873076154060772014-01-15T21:54:47.705+02:002014-01-15T21:54:47.705+02:00Since it works well I didn't seek for other so...Since it works well I didn't seek for other solution.. Will let you know if I'll find any :-)Gal Levinskyhttps://www.blogger.com/profile/05872889954243867542noreply@blogger.comtag:blogger.com,1999:blog-5680703984366099023.post-77789169544487877802014-01-15T21:38:17.981+02:002014-01-15T21:38:17.981+02:00Interesting post. I have come up with a similar s...Interesting post. I have come up with a similar solution, but quite frankly don't like it very much. I have been looking for a way for Spring Security to return a status other than 302->redirect to login page and then be able to validate against the status code as opposed to checking the return page for a special string. However, I have been unable to figure out how to do this.<br /><br />Is this still the solution that you are using, or have you found something different since this posting?benzehttps://www.blogger.com/profile/03202683684764043220noreply@blogger.com