I have some kind of controller:
@Controller
public class DefaultController {
@RequestMapping(value="/index.html", method=RequestMethod.GET)
public String indexView(){
return "index";
}
@RequestMapping(value="/some.action", method=RequestMethod.POST)
@ResponseBody
public MyObject indexView(some parametrs.... ){
MyObject o= daoService.getO(id);
return o;
}
}
I'm using Spring Security:
<security:global-method-security secured-annotations="enabled" />
<security:http auto-config="true" access-denied-page="/accessDenied.jsp">
<security:form-login login-page="/login.html" login-processing-url="/login" authentication-failure-url="/login.html?login_error=1" default-target-url="/"/>
<security:http-basic/>
<security:intercept-url pattern='/**' access='ROLE_USER' />
<security:logout logout-url="/logout" logout-success-url="/"/>
<security:remember-me services-ref="rememberMeServices"/>
</security:http>
Now, my problem is th following:
when accessing /some.action using AJAX with none authenticated user Spring Security returns 301 command (Redirect to access denied page).
What I need is even if user is not authenticated to return 200 OK and send authentication error message to the client or event or in worst case to return 400 something error.
I understand that I need to create custom authentication success handler, but can I do it and how can I apply this handler on *.action URIs?