Announcement Announcement Module
No announcement yet.
spring_security_login using GET Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • spring_security_login using GET

    Hi all,

    I know I've seen it before but for the life of me I can't find it now ... by default Spring security only accepts POST when using /spring_security_login but I need to be able to use GET requests.

    Anyone know how to configure using GET?

    Thanks in advance.

  • #2
    Why? Why even bother adding security if you can login with a GET request. So you want to login with a url that has the user credentials in it, not really secure and something you should avoid.


    • #3
      URL is not exposed - it's not a link ... not in an email etc ... it's a URLConnection from another app. As far as security, they are inherently the same. While it is true that POST doesn't expose information via the URL, it exposes just as much information as a GET in the actual network communication between the client and server.

      And I found what I was looking for: UsernamePasswordAuthenticationFilter.setPostOnly()

      Last edited by pidepiper; Apr 2nd, 2012, 03:10 PM.


      • #4
        It still is a GET no matter if you expose it or not. IMHO you create a security hole this way but as stated IMHO that is.