Announcement Announcement Module
Collapse
No announcement yet.
remember-me always redirecting to / on Authentication Success Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • remember-me always redirecting to / on Authentication Success

    I'm using spring-security-3.1.0.RELEASE. I'm finding that when I hit a deep link with a valid remember-me token (such as "/foo") that I'm always redirected to "/" after successful authentication. Note that my configured default-target-url is "/home."

    Here's the relevant xml from my security config:

    Code:
    <security:http use-expressions="true" authentication-manager-ref="userServiceAuthenticationManager"
    	               pattern="/**" disable-url-rewriting="true" >
    	<security:form-login login-page="/member/login" login-processing-url="/member/loginProcess"
    	                     default-target-url="/home" authentication-failure-url="/member/login?login_error=1"
    	                     authentication-success-handler-ref="memberAuthenticationSuccessHandler"/>
    	<security:remember-me authentication-success-handler-ref="memberAuthenticationSuccessHandler"
    	                      user-service-ref="userService" />
    </security:http>
    
    <bean id="memberAuthenticationSuccessHandler"
          class="com.example.application.MemberAuthenticationSuccessHandler"/>
    
    <bean id="userService" class="com.example.application.service.member.MemberAuthenticationProvider"/>
    
    <security:authentication-manager alias="userServiceAuthenticationManager" id="userServiceAuthenticationManager">
    	<security:authentication-provider user-service-ref="userService"/>
    </security:authentication-manager>
    I'm implementing a SavedRequestAwareAuthenticationSuccessHandler in both the form-login and remember-me auth cases so I can set some stuff I need in the session. Here's the relevant code from my AuthenticationSuccessHandler:

    Code:
    public class MemberAuthenticationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {
    	@Override
    	public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws ServletException, IOException {
    	
    		Member member = (Member) authentication.getPrincipal();
    
    		// Set some stuff in the session for the member.
    	
    		super.onAuthenticationSuccess(request, response, authentication);
    	}
    }
    Any ideas on what might be going on here?

    Thanks.
Working...
X