I'm working with Spring Security 3.2 and Hibernate 4. Currently I have a custom login wich works as follows . The URL "/"
(root ) is a welcome jsp requests wich ask for a parameter to display a different login according to the same parameter . For example if the user enters the url "/parameter1"
(manual action ) , this variable shows me a personalized login generated by a driver that cathes a RequestMapping ( value = " /{parameter}"from there, all URLS will have that parameter , the problem that I have is that when the user wishes to leave or your session expires , spring sends me the url "/"
, but I need it to send me a /parameter1
, in order to capture the parameter "parameter1"
so that It leaves me in the custom login. That way I would not have to manually re- enter the parameter . My security settings are as follows:
<custom-filter position="FORM_LOGIN_FILTER" ref="myFilter" />
<!-- <form-login login-page="/loginUser" login-processing-url="/testUser/j_spring_security_check"
authentication-failure-url="/loginError" default-target-url="/testUser"
username-parameter="j_username" password-parameter="j_password" /> -->
<logout invalidate-session="true" delete-cookies="JSESSIONID" logout-success-url="/loginUser" logout-url="/testUser/j_spring_security_logout"/>
<session-management invalid-session-url="/" session-fixation-protection="migrateSession" >
<concurrency-control max-sessions="2" expired-url="/" error-if-maximum-exceeded="false"/>
</session-management>
<beans:bean id="loginUrlAuthenticationEntryPoint"
class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<beans:property name="loginFormUrl" value="/loginUser" />
</beans:bean>
<beans:bean id="myFilter" class="net.universia.test.autenticacionService.LoginAuthenticationFilter">
<beans:property name="authenticationManager" ref='UserauthenticationManager'/>
<beans:property name="authenticationFailureHandler" ref="failureHandler"/>
<beans:property name="authenticationSuccessHandler" ref="successHandler"/>
<beans:property name="filterProcessesUrl" value="/testUser/j_spring_security_check"/>
</beans:bean>
<beans:bean id = "exceptionTranslationFilter" class = "org.springframework.security.web.access.ExceptionTranslationFilter" >
<beans:property name = "authenticationEntryPoint" ref = "loginUrlAuthenticationEntryPoint" />
<beans:property name = "accessDeniedHandler" ref = "accessDeniedHandler" />
</beans:bean>
<beans:bean id="successHandler" class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
<beans:property name="defaultTargetUrl" value="/testUser"/>
</beans:bean>
<beans:bean id = "accessDeniedHandler" class = "org.springframework.security.web.access.AccessDeniedHandlerImpl" >
<beans:property name = "errorPage" value = "/403" />
</beans:bean>
And the driver that displays the login form is:
@RequestMapping(value ="/{testRef}", method = {RequestMethod.POST,RequestMethod.GET})
public @ResponseBody ModelAndView loginTestRef(@PathVariable("testRef") String testRef,HttpSession session, HttpServletRequest request) {
session.setAttribute("ssidreffh", testRef);
TestDatos test = testService.showTestUserByRef(testRef);
request.getSession().setAttribute("test", test);
ModelAndView mav = new ModelAndView("/loginUser");
mav.addObject("test", test);
return mav;
}
If the user is in the url /dominio/parametro1/paginaPerfil goes or your session ends, spring redirect me to the url "/myApp/parameter1" and so would be in the login and not the root "/".
I could finally resolve my problem. I implemented a custom filter for logging out with
SimpleUrlLogoutSuccessHandler
and I could capture the previous URL and from that the parameter that I return with a redirect (/parameter1
). This is my code: