Home/ Questions/Q 8148137
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-06T14:35:19+00:00

I am using Spring security feature in my application, but I found out that

  • 0

I am using Spring security feature in my application, but I found out that when the session expired, all the request ajax return the page login.jsp(not redirect, in http response, it puts all the html content) which is the login page of my webapp.
I used a lot of ajax request in my app and the goal is return certain error code like 510 instead of the login page.

<session-management session-authentication-strategy-ref="example" />

without invalid-session-url
I tried to make invalid-session-url = “”, doesn’t work.
Many thanks

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Use custom AuthenticationEntryPoint:

    package com.example.spring.security
// imports here

public class AjaxAwareAuthenticationEntryPoint
     extends LoginUrlAuthenticationEntryPoint {

  public AjaxAwareAuthenticationEntryPoint(final String loginFormUrl) {
    super(loginFormUrl);
  }

  @Override
  public void commence(final HttpServletRequest request, final HttpServletResponse response, final AuthenticationException authException)
      throws IOException, ServletException {

    if ("XMLHttpRequest".equals(request.getHeader("X-Requested-With"))) {
      response.sendError(403, "Forbidden");
    } else {
      super.commence(request, response, authException);
    }
  }
}

    Define a bean and use it as entry-point-ref in <http> element:

    <http entry-point-ref="authenticationEntryPoint">
  <!-- more configuration here -->
</http>

<bean id="authenticationEntryPoint"
   class="com.example.spring.security.AjaxAwareAuthenticationEntryPoint">
 <constructor-arg value="/login.jsp"/>
</bean>
    • 0