model view controller - ajax login with spring webMVC and spring security

Question

I've been using Spring Security 3.0 for our website login mechanism using a dedicated login webpage. Now I need that login webpage to instead be a lightbox/popup window on every webpage in our site where upon logging in I get an AJAX result whether it was successful or not. What's the best way to go about this with Spring Security and Spring webmvc 3.0?

Answer 1

At the client-side you may simulate a normal form submission to your login url via ajax. For example, in jQuery:

$.ajax({
    url: "${pageContext.request.contextPath}/j_spring_security_check",
    type: "POST",
    data: $("#loginFormName").serialize(),
    beforeSend: function (xhr) {
        xhr.setRequestHeader("X-Ajax-call", "true");
    },
    success: function(result) {
        if (result == "ok") {
            ...
        } else if (result == "error") {
            ...
        }
    }
});

At the server side, you may customize AuthenticationSuccessHandler and AuthenticationFailureHandler to return a value instead of redirect. Because you probably need a normal login page as well (for attempt to access a secured page via direct url), you should tell ajax calls from normal calls, for example, using header:

public class AjaxAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
    private AuthenticationSuccessHandler defaultHandler;

    public AjaxAuthenticationSuccessHandler() {

    }
    public AjaxAuthenticationSuccessHandler(AuthenticationSuccessHandler defaultHandler) {
        this.defaultHandler = defaultHandler;
    }

    public void onAuthenticationSuccess(HttpServletRequest request,
        HttpServletResponse response, Authentication auth)
        throws IOException, ServletException {
    if ("true".equals(request.getHeader("X-Ajax-call"))) {
        response.getWriter().print("ok");
        response.getWriter().flush();
    } else {
        defaultHandler.onAuthenticationSuccess(request, response, auth);
    }
}
}