我有运行在WebSphere 7. Java Web应用程序的应用程序使用形式的身份验证方法和应用程序的一部分存取一些受保护的资源。但是，当用户的会话过期，我得到了登录页面的地方是应该由Ajax请求更新的内容。

I have a java web application running on WebSphere 7. The application uses form authentication method and part of the application accesses some protected resources using ajax requests. However, when the user's session expires, I am getting the login page in place of the content that is supposed to be refreshed by the ajax request.

有没有好的办法来处理这​​个问题？的WebSphere返回响应状态200的登录页面，所以我不能依靠这一点。

Is there a good way to handle this problem? WebSphere returns a response status 200 with the login page so I cannot rely on that.

也许有一种方法来告诉基本身份验证应在某些情况下可以使用的服务器，但我不知道怎么办。

Maybe there is a way to tell the server that basic authentication should be used in certain circumstances but I don't know how.

我也想过先检查，如果会议是新通过的请求，不受保护的资源先再返回一定的地位，但它看起来像一个code异味的解决方案...

I also thought of checking first if the session is new by making a request to unprotected resources first then return a certain status but it looks like a code smell solution...

推荐答案

这是我在一个类似的情况来处理它。在我们的例子中，AJAX的反应总是JSON。当登录期满，认证过滤器总是发出一个HTML登录表单。所以，我检查内容类型这样，

This is how I handled it in a similar situation. In our case, the AJAX response is always JSON. When the login expires, the authentication filter always sends a login form in HTML. So I check the content-type like this,

 if ((this.getHeader('Content-type') || '').include('application/json'))

如果这不是JSON，我只是重定向到另外一个受保护的页面，这将引发全屏幕登录，然后该网页将引导用户回到AJAX页面。

If it's not JSON, I simply redirect to another protected page, which will trigger a full screen login and then that page will direct user back to the AJAX page.