Announcement Announcement Module
Collapse
No announcement yet.
Problem getting current Authentication after "error-page" redirection Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Problem getting current Authentication after "error-page" redirection

    Hi,
    I am developing a single-page webapp with spring mvc and I secured it with spring security (3.1.0.RELEASE).
    I am also using the history API of html5. So everytime the content of the page changes, a fake URL appears in the browser.
    The problem with the history API is you get a 404 error if you refresh the page (fake URL -> 404). So I decided to redirect every 404 to the index page :
    Code:
    	<error-page>
    		<error-code>404</error-code>
    		<location>/index.jsp</location>
    	</error-page>
    It seemed to be the easiest way to manage the 404 and as it is a single-page webapp, the "real" 404 errors (happening when doing ajax requests) are managed in the javascript.
    Now, the real problem :
    I'm using the "authorize" taglib to check authorization in the index.jsp and to display (or not) a menu :
    Code:
    				<sec:authorize access="hasRole('admin')">
    					<li><a href="javascript:;" id="admin" title="Administration"><img
    							src="img/admin.png" /></a></li>
    				</sec:authorize>
    It works great when I log in : the menu is displayed when I am admin and isn't displayed when I am a simple user. But if I connect as an admin and refresh the page with a fake URL, the menu is not displayed.
    I tried debugging the taglib and found that the problem is in AbstractAuthorizeTag, in the authorizeUsingAccessExpression method :
    Code:
            if (SecurityContextHolder.getContext().getAuthentication() == null) {
                return false;
            }
    It returns false, as the current Authentication is null.
    If I put something like :
    Code:
    <%
       Authentication auth = SecurityContextHolder.getContext().getAuthentication();
       System.out.println(auth);
    
    %>
    in my index.jsp, the auth object is null too.
    It is always null when coming from a redirection and works fine when using the "index.jsp" in the URL.

    I fixed the problem by redirecting the 404 "error-page" to a "404.jsp" that redirects to the index.jsp, but I would like to understand why it does not work when I directly redirect to index.jsp.
    Can anyone please help me to understand ?

    Thanks, and sorry for my poor english.
Working...
X