Is there a way to disable redirection for Spring Security and the login page. My requirements indicate that the login should be part of the navigation menu.
Example:
Therefore, there is no dedicated login page. Login information must be sent via Ajax. If an error occurs, it should return a JSON indicating the error and use the correct HTTP status code. If authentication is verified, it should return 200, and then javascript can process it from there.
I hope this makes sense if there is no easier way to do this with Spring Security. I do not have much experience with Spring Security. I suppose this should be common practice, but I have not found much.
Current Spring Security Configuration
@Configuration @EnableGlobalMethodSecurity(prePostEnabled = true) @Order(SecurityProperties.ACCESS_OVERRIDE_ORDER) public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private UserDetailsService userDetailsService; @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .antMatchers("/", "/public/**").permitAll() .antMatchers("/about").permitAll() .anyRequest().fullyAuthenticated() .and() .formLogin() .loginPage("/login") .failureUrl("/login?error") .usernameParameter("email") .permitAll() .and() .logout() .logoutUrl("/logout") .deleteCookies("remember-me") .logoutSuccessUrl("/") .permitAll() .and() .rememberMe(); } @Override public void configure(AuthenticationManagerBuilder auth) throws Exception { auth .userDetailsService(userDetailsService) .passwordEncoder(new BCryptPasswordEncoder()); }
Update:
I tried using HttpBasic (), but then it asks for credit to log in, no matter what and how ugly the browser pop-up is, which is not acceptable for the end user. It looks like I might have to extend AuthenticationEntryPoint.
At the end of the day, I need Spring Security to send JSON back saying that the authentication was successful or failed.
source share