Announcement Announcement Module
No announcement yet.
always-use-default-target="false" does not work using openid login Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • always-use-default-target="false" does not work using openid login

    Hi all,

    I am using openId authentication with Spring Security 3.0.5.RELEASE, but I can't make my user be redirected to its inital url after authentication.

    In my case, the initial url (before auth) is http://localhost:8080/my-web-app/admin/shop, but the user is always redirected to root.

    It is a valid url, and always-use-default-target is set to false.

    I am using the following security configuration:

    <http auto-config='true' use-expressions="true">
    		<intercept-url pattern="/admin/security/**" access="hasRole('SUPER_ADMIN')" />
    		<intercept-url pattern="/direct/admin/security/**"
    			access="hasRole('SUPER_ADMIN')" />
    		<intercept-url pattern="/admin/**"
    			access="hasAnyRole('ADMIN','SUPER_ADMIN')" />
    		<intercept-url pattern="/direct/admin/**"
    			access="hasAnyRole('ADMIN','SUPER_ADMIN')" />
    		<logout logout-url="/logout" />
    		<openid-login login-page="/login" user-service-ref="openIdUserDetailsService"
    				<openid-attribute name="email"
    					type="" required="true" />
    				<openid-attribute name="oiContactEmail"
    					type="" required="true" />
    				<openid-attribute name="fullname"
    					type="" required="true" />
    				<openid-attribute name="nickname"
    					type="" required="true" />
    				<openid-attribute name="axNamePersonFirstName"
    					type="" required="true" />
    				<openid-attribute name="axNamePersonLastName"
    					type="" required="true" />
    				<openid-attribute name="image"
    					type="" required="true" />
    				<openid-attribute name="language"
    					type="" required="true" />
    				<openid-attribute name="country"
    					type="" required="true" />

    User roles are setted in my bean openIDAuthenticationSuccessHandler implementing SimpleUrlAuthenticationSuccessHandler, could it be too late?
    If yes, is there an other way?


    SimpleUrlAuthenticationSuccessHandler herit from AbstractAuthenticationTargetUrlRequestHandler, and in method determineTargetUrl:
     protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response) {
            if (isAlwaysUseDefaultTargetUrl()) {
                return defaultTargetUrl;
            // Check for the parameter and use that if available
            String targetUrl = request.getParameter(targetUrlParameter);
    ... targetUrl is null.

    The parameter name is "spring-security-redirect". Where is this request parameter supposed to be set?
    Last edited by Toub; Jan 22nd, 2012, 08:07 AM. Reason: Adding information about AbstractAuthenticationTargetUrlRequestHandler.determineTargetUrl