Process authentications for XMLHttpRequest

kanban-auth/src/main/java/com/uas/kanban/filter/SecurityInterceptor.java

@@ -67,6 +67,10 @@ public class SecurityInterceptor extends HandlerInterceptorAdapter {
         // session 中不存在登陆信息
         if (user == null) {
             logger.info("No session for path: " + url + " , redirecting to page: login ...");
+            // 如果是 XMLHttpRequest ，抛出异常，否则直接重定向
+            if (request.getHeader("X-Requested-With") != null) {
+                throw new SecurityException("未登录");
+            }
             String returnUrl = request.getRequestURL().toString();
             String queryString = request.getQueryString();
             if (!StringUtils.isEmpty(queryString)) {

kanban-common/src/main/java/com/uas/kanban/aop/ExceptionHandlerAdvice.java

@@ -38,6 +38,9 @@ public class ExceptionHandlerAdvice {
         map.put("detailedMessage", ExceptionUtils.getDetailedMessage(e));
         HttpHeaders headers = new HttpHeaders();
         headers.add("Content-Type", "application/json; charset=utf-8");
+        if (e instanceof SecurityException) {
+            return new ResponseEntity<>(map, headers, HttpStatus.FORBIDDEN);
+        }
         return new ResponseEntity<>(map, headers, HttpStatus.INTERNAL_SERVER_ERROR);
     }