Announcement Announcement Module
Collapse
No announcement yet.
Login page is not redirecting for logged user Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Login page is not redirecting for logged user

    Hi.
    I have a problem with users logged in. When I hit back on the browser or simply will go to login page id doesn't redirect me to home page. I don't really know if this should be default behavior of spring security so maybe anyone can give me some advice??
    My codes:

    security-context.xml
    Code:
        <http auto-config="true">
            <intercept-url pattern="/css/**" filters="none"/>
            <intercept-url pattern="/images/**" filters="none"/>
            <intercept-url pattern="/reports/*" access="ROLE_ADMIN"/>
            <intercept-url pattern="/temp/*" access="ROLE_ADMIN"/>
            <intercept-url pattern="/login.zul*" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
            <intercept-url pattern="/zul/**" access="ROLE_USER,ROLE_ADMIN"/>
            <intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
    
            <form-login login-page="/login.zul" default-target-url="/zul/test.zul"
                        always-use-default-target="true"
                        authentication-success-handler-ref="authenticationHandler"
                        authentication-failure-url="/login.zul?login_error=1"/>
        </http>
    
        <beans:bean id="authenticationHandler" class="CustomAuthenticationHandler">
            <beans:property name="defaultTargetUrl" value="/zul/test.zul"/>
            <beans:property name="alwaysUseDefaultTargetUrl" value="true"/>
        </beans:bean>
    
        <beans:bean id="CustomProvider" class="CustomLoginProvider"/>
    
        <authentication-manager>
            <authentication-provider ref="CustomProvider"/>
        </authentication-manager>
    on successful login:
    Code:
    public class CustomAuthenticationHandler extends SavedRequestAwareAuthenticationSuccessHandler {
    
        @Override
        public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
    
            ....///some logic here
    
            super.onAuthenticationSuccess(httpServletRequest, httpServletResponse, authentication);
        }

  • #2
    Spring Security is not aware of the internals of your application (i.e. if you want to make your login page flex based upon if the user is logged in or not). To show your home page when the login page is requested and the user is logged in use the SecurityContextHolder in the login page (or its controller) and redirect or forward the user to the home page.

    Comment


    • #3
      So I guess I should use:
      Code:
      SecurityContextHolder.getContext().getAuthentication().getAuthorities();
      then check what authority and redirect accordingly.

      But is there anyway to read the default target url?? I mean:
      Code:
      <beans:property name="defaultTargetUrl" value="/zul/test.zul"/>
      Because I would not like to hardcode this in my controller (for redirection).

      Comment


      • #4
        I've done it in this way (as I'm using custom authentication handler):
        Code:
        @Autowired
        private AuthenticationHandler authenticationHandler;
        ....
        Executions.getCurrent().sendRedirect(authenticationHandler.getDefaultUrl());
        and in handler:
        Code:
        public String getDefaultUrl() {
                return super.getDefaultTargetUrl();
            }
        It works but I guess it's not really the best way :/

        Comment


        • #5
          Originally posted by galgavu View Post
          So I guess I should use:
          Code:
          SecurityContextHolder.getContext().getAuthentication().getAuthorities();
          then check what authority and redirect accordingly.

          But is there anyway to read the default target url?? I mean:
          Code:
          <beans:property name="defaultTargetUrl" value="/zul/test.zul"/>
          Because I would not like to hardcode this in my controller (for redirection).
          You would use the AuthenticationTrustResolverImpl to determine if the user is authenticated or not. Then you could redirect to a URL that is injected into your controller if the user is already authenticated.

          Comment

          Working...
          X