I realise this is from quite some time ago, but I want to put this here to see if it helps someone else.
I followed the same idea in http://distigme.wordpress.com/2012/11/01/ajax-and-spring-security-form-based-login/ and had the same issue in that the first returned content was the login page, and the next was a HTTP 403.
I think this is the part of Spring where we hit the split between Spring XML config doing everything, or we write a bunch of code to overload what it can do for us. I prefer to do as much as I can in the XML config.
My solution was to have the XML configuration throwing a 403 error as what the blog has. I didn't write a Matching class because my workflow required going back to the first page, so I don't use the org.springframework.security.web.savedrequest.HttpSessionRequestCache.
I'm a big fan of nesting beans if I don't need them elsewhere. In my $.ajax call I put
dataType: 'json'
to make sure that if the returned content is not JSON (e.g. the login page) then the error function is called. This will also catch a 403 error as well.
error: function (xhr, textStatus, errorThrown) {
if (xhr.status == 403 || textStatus == 'parsererror' && xhr.responseText.match('rememberMe').length > 0) {
alert('Your session has timed out.');
window.location = '';
} else
alert('Something went wrong. ' + xhr.status + ': ' + errorThrown);
}
I'm searching for the rememberMe text to make sure it's the login page. I don't expect that on any other page.