Announcement Announcement Module
No announcement yet.
SavedRequestAwareWrapper: what is the point of this and how do I stop it Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • SavedRequestAwareWrapper: what is the point of this and how do I stop it

    I am having problems with a simple login controller. If you try to log in with a few different user names the the value of the request parameter passed in for the @RequestParam is set to the concatenation of all previous values!
    So if I try username=foo and then in another request username=bar then my controller gets passed a value of "foo,bar"

    I debugged this back to SavedRequestAwareWrapper which apparently saves the values from previous requests and provides them as well as what was really passed in! I cannot comprehend what the point of this class is. I don't think I have done anything particularly strange in my spring security setup to deserve this!

    Please, how on earth do I disable the use of parameters from previous requests?

  • #2
    Ok, I think I figured out what is happening. The redirect-to-login logic of Spring Security really doesn't play nicely with REST or AJAX style apps.

    Disabling the request cache should hopefully fix it:

    <request-cache ref="nullRequestCache"/>

    <beans:bean id="nullRequestCache" class=" st.NullRequestCache"/>


    • #3
      Incidentally, there are no source downloads available anywhere for spring security. The maven repo doesn't have them, the download doesn't have them. I had to get the source from github.


      • #4
        You can download the whole distro from which includes binary and source jars, or get individual jars from Maven Central, e.g.