I have a jboss web application with form-based authentication and Angular based client. Scenario:
- I go to http://localhost:8082/my-app/#/dashboard, with session timed out
- It redirects to login page (login.jsp). I enter the username and password, and submit.
- It sends me to localhost:8080/my-app, not http://localhost:8082/my-app/#/dashboard
j_security_check is supposed to return the requested url after successful login. but does it ignore the # suffix?
login.jsp
<form id="loginForm" method="post" action="/my-app/j_security_check">
<input id="usernameInput" name="j_username" type="hidden" />
<input id="password" name="j_password" type="password" required="">
<button type="submit">
Sign In
</button>
</form>web.xml
<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
version="2.4">
<display-name>OpTierUI Application </display-name>
<security-constraint>
<web-resource-collection>
<web-resource-name>CSS</web-resource-name>
<url-pattern>/styles/*</url-pattern>
<url-pattern>/fonts/*</url-pattern>
<url-pattern>/assets/images/*</url-pattern>
</web-resource-collection>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<description>These pages are only accessible by authorized administrators.</description>
<url-pattern>/*</url-pattern>
</web-resource-collection>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/login.jsp?error=error</form-error-page>
</form-login-config>
</login-config>
<error-page>
<error-code>403</error-code>
<location>/login.jsp?unauthorized=unauthorized</location>
</error-page>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
</web-app>
Browser does not send #hash key or anything after that to server. #hash key is only recognized by browser.