This project provides implementation of AuthenticationEntryPoint
which returns status 401 FORBIDDEN for AJAX calls requesting application/json format in their Accept headers on the first place.
The primary use case is to use AngularJS and its Angular HTTP Auth module with Grails framework and its Spring Security Core Plugin.
Master branch is for Spring Security 4.x. Versions deployed to master will have version number 1.x.x
This branch is for Spring Security 3.x. Versions deployed to spring-security-web-3.x_ will have version number 0.x.x
You need to override authenticationEntryPoint bean in your application.
For the most simple use case in Grails you can easy set it up using following snippet in /grails-app/conf/spring/resources.groovy:
import org.modelcatalogue.core.security.ajax.AjaxAwareLoginUrlAuthenticationEntryPoint
// Place your Spring DSL code here
beans = {
authenticationEntryPoint(AjaxAwareLoginUrlAuthenticationEntryPoint) {
loginFormUrl = '/login/auth'
portMapper = ref('portMapper')
portResolver = ref('portResolver')
}
}
Inspired by http://stackoverflow.com/questions/8171256/use-spring-security-to-tell-ajax-requests-where-the-login-page-is