Announcement Announcement Module
Collapse
No announcement yet.
First login always leads to default target url (SavedRequest is null) Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • First login always leads to default target url (SavedRequest is null)

    Hello

    Everything is working fine with my spring security application, except that the first login in any browser leads to the default target url instead of the url originally requested. E.g. the first access to http://localhost/test/123.html leads (after the login) to http://localhost (default target url) while the second access within the same browser leads to http://localhost/test/123.html after the login.

    In the first request the onAuthenticationSuccess function of SavedRequestAwareAuthenticationSuccessHandler retrieves (null) from 'requestCache.getRequest(request, response);'.

    Is there are a workaround, which filter do I have to implement to set the saved request manually? Thank you in advance very much for any hints

    web.xml:
    PHP Code:
    <?xml version="1.0" encoding="ISO-8859-1" standalone="no"?>
    <web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        version="2.4"
        xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">

        <!-- disable all but GET/POST -->
        <security-constraint>
            <display-name>excluded</display-name>
            <web-resource-collection>
                <web-resource-name>No Access</web-resource-name>
                <url-pattern>/*</url-pattern>
                <http-method>HEAD</http-method>
                <http-method>PUT</http-method>
                <http-method>DELETE</http-method>
                <http-method>TRACE</http-method>
                <http-method>OPTIONS</http-method>
            </web-resource-collection>
            <auth-constraint />
            <user-data-constraint>
                <transport-guarantee>NONE</transport-guarantee>
            </user-data-constraint>
        </security-constraint>


        <display-name>login</display-name>

        <description>Roo generated login application</description>


        <!-- Enable escaping of form submission contents -->
        <context-param>
            <param-name>defaultHtmlEscape</param-name>
            <param-value>true</param-value>
        </context-param>

        <context-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>classpath*:META-INF/spring/applicationContext*.xml</param-value>
        </context-param>

        <filter>
            <filter-name>CharacterEncodingFilter</filter-name>
            <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
            <init-param>
                <param-name>encoding</param-name>
                <param-value>UTF-8</param-value>
            </init-param>
            <init-param>
                <param-name>forceEncoding</param-name>
                <param-value>true</param-value>
            </init-param>
        </filter>

        <listener>
            <listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
        </listener>

        <filter>
            <filter-name>HttpMethodFilter</filter-name>
            <filter-class>org.springframework.web.filter.HiddenHttpMethodFilter</filter-class>
        </filter>



        <filter>
            <filter-name>springSecurityFilterChain</filter-name>
            <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
        </filter>
        <filter-mapping>
            <filter-name>springSecurityFilterChain</filter-name>
            <url-pattern>/*</url-pattern>
        </filter-mapping>
            
        <filter>
            <filter-name>Spring OpenEntityManagerInViewFilter</filter-name>
            <filter-class>org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter</filter-class>
        </filter>
            <filter-mapping>
            <filter-name>Spring OpenEntityManagerInViewFilter</filter-name>
            <url-pattern>/*</url-pattern>
        </filter-mapping>
        
        
        <filter-mapping>
            <filter-name>CharacterEncodingFilter</filter-name>
            <url-pattern>/*</url-pattern>
        </filter-mapping>

        <filter-mapping>
            <filter-name>HttpMethodFilter</filter-name>
            <url-pattern>/*</url-pattern>
        </filter-mapping>





        <!-- Creates the Spring Container shared by all Servlets and Filters -->
        <listener>
            <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
        </listener>

        <!-- Handles Spring requests -->
        <servlet>
            <servlet-name>login</servlet-name>
            <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
            <init-param>
                <param-name>contextConfigLocation</param-name>
                <param-value>WEB-INF/spring/webmvc-config.xml</param-value>
            </init-param>
            <load-on-startup>1</load-on-startup>
        </servlet>

        <servlet-mapping>
            <servlet-name>login</servlet-name>
            <url-pattern>/</url-pattern>
        </servlet-mapping>

        <session-config>
            <session-timeout>10</session-timeout>
        </session-config>

        <error-page>
            <exception-type>java.lang.Exception</exception-type>
            <location>/uncaughtException</location>
        </error-page>

        <error-page>
            <error-code>404</error-code>
            <location>/resourceNotFound</location>
        </error-page>
    </web-app>
    applicationContext-security.xml:
    PHP Code:
    <?xml version="1.0" encoding="UTF-8"?>

    <beans:beans xmlns="http://www.springframework.org/schema/security"
        xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:aop="http://www.springframework.org/schema/aop"
        xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd 
                            http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">

        <!-- HTTP security configurations -->
        <http auto-config="false" use-expressions="true"
            entry-point-ref="loginUrlAuthenticationEntryPoint"
            disable-url-rewriting="true">

            <logout logout-url="/resources/j_spring_security_logout"
                logout-success-url="/logout" invalidate-session="true"
                delete-cookies="JSESSIONID" />

            <!-- Configure these elements to secure URIs in your application -->


            <!-- external interface -->

            <!-- UI CRUD -->
            <!-- only developers may create new applications -->
            <intercept-url pattern="/applications" access="hasAnyRole('ROLE_REGISTERED')"
                method="POST" requires-channel="https" />
            <intercept-url pattern="/applications/update" access="hasAnyRole('ROLE_REGISTERED')"
                method="POST" requires-channel="https" />
            <intercept-url pattern="/applications/delete/**" access="hasAnyRole('ROLE_REGISTERED')"
                method="POST" requires-channel="https" />
            <intercept-url pattern="/applications/**" access="hasAnyRole('ROLE_REGISTERED')"
                method="GET" requires-channel="https" />

            <intercept-url pattern="/" access="permitAll" />
            <intercept-url pattern="/signin" access="permitAll"
                requires-channel="https" />
            <intercept-url pattern="/logout" access="permitAll"
                method="GET" requires-channel="https" />

            <intercept-url pattern="/signup" access="permitAll"
                method="GET" requires-channel="https" />
            <intercept-url pattern="/signup" access="permitAll"
                method="POST" requires-channel="https" />
            <intercept-url pattern="/signup/activate" access="permitAll"
                method="GET" requires-channel="https" />

            <intercept-url pattern="/docs/**" access="hasRole('ROLE_REGISTERED')" />
            <intercept-url pattern="/resources/**" access="permitAll" />
            <intercept-url pattern="/js/**" access="permitAll" />

            <intercept-url pattern="/**" access="denyAll" />

            <session-management invalid-session-url="/signin">
                <concurrency-control max-sessions="1" />
            </session-management>

            <custom-filter position="FORM_LOGIN_FILTER"
                ref="customUsernamePasswordAuthenticationFilter" />
        </http>

        <beans:bean id="loginUrlAuthenticationEntryPoint"
            class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
            <beans:property name="loginFormUrl" value="/signin" />
        </beans:bean>

        <beans:bean id="customUsernamePasswordAuthenticationFilter"
            class="com.myapp.MyAuthenticationProcessingFilter">
            <beans:property name="authenticationManager" ref="authenticationManager" />
            <beans:property name="authenticationFailureHandler"
                ref="failureHandler" />
            <beans:property name="authenticationSuccessHandler"
                ref="successHandler" />
        </beans:bean>

        <beans:bean id="successHandler" class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
            <beans:property name="defaultTargetUrl" value="/" />
        </beans:bean>
        <beans:bean id="failureHandler"
            class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
            <beans:property name="defaultFailureUrl" value="/signin?login_error=t" />
        </beans:bean>

        <authentication-manager alias="authenticationManager">
            <authentication-provider>
                <password-encoder ref="passwordEncoder" />
                <jdbc-user-service data-source-ref="jndiDataSource" 
                    users-by-username-query="..." />
            </authentication-provider>
        </authentication-manager>
        <beans:bean id="passwordEncoder"
            class="com.medisanaspace.library.BCryptPasswordEncoder" />
        <beans:bean id="jndiDataSource"
            class="org.springframework.jndi.JndiObjectFactoryBean">
            <beans:property name="jndiName" value="jdbc/login" />
        </beans:bean>

    </beans:beans>
Working...
X