Announcement Announcement Module
Collapse
No announcement yet.
how to redirect user to the page before login screen Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • how to redirect user to the page before login screen

    I am using Spring Security 3.2 to implement login screen.

    When user clicks on login link, he is redirected to login page url. Now, after successful login, I want him redirect back to the page before login screen.

    Is there any simple way to do that using Spring Security?

    security-config.xml

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <beans:beans xmlns="http://www.springframework.org/schema/security"
    	xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
            http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
    
    	<http pattern="/resources" security="none" />
    
    	<!-- HTTP security configurations -->
    	<http auto-config="true" use-expressions="true">
    
    		<!-- Configure these elements to secure URIs in your application -->
    		<intercept-url pattern="/admin.htm" access="hasRole('ROLE_ADMIN')" />
    
    		<form-login login-processing-url="/j_spring_security_check"
    			login-page="/login.htm" authentication-failure-url="/login.htm?login_error=t" />
    
    		<remember-me key="myAppKey" token-validity-seconds="864000" />
    
    		<access-denied-handler error-page="/denied" />
    
    	</http>
    
    	<authentication-manager>
    		<authentication-provider user-service-ref="customUserDetailsService">
    			<password-encoder hash="sha" />
    		</authentication-provider>
    	</authentication-manager>
    
    </beans:beans>
    Last edited by vikas_chess; Dec 23rd, 2012, 11:30 AM. Reason: adding code

  • #2
    Actually, Spring does so by default. Have a look at SavedRequestAwareAuthenticationSuccessHandler (which is used by Spring as a default handler).

    What I suggest is: do not try to access directly the login page. Instead, try to get to a 'protected resource' which is protected by Spring. Then, Spring will redirect you to the login page, and after successful login it will redirect you back to the resource.

    Comment


    • #3
      Originally posted by OhadR View Post
      Instead, try to get to a 'protected resource' which is protected by Spring.
      Sorry, I did not get you. What do you mean by 'protected resource'? Kindly elaborate. Or, could you please show me some example or modifying the code I have added in my first post. Thanks.

      Also, please find below web.xml, in case, if it is related to this:

      Code:
        <filter>
          <filter-name>springSecurityFilterChain</filter-name>
          <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
        </filter>
        <filter-mapping>
          <filter-name>springSecurityFilterChain</filter-name>
          <url-pattern>/*</url-pattern>
        </filter-mapping>
        <servlet>
          <servlet-name>demo</servlet-name>
          <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
          <init-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>WEB-INF/spring/applicationContext.xml</param-value>
          </init-param>
          <load-on-startup>1</load-on-startup>
        </servlet>
        <servlet-mapping>
          <servlet-name>demo</servlet-name>
          <url-pattern>/</url-pattern>
        </servlet-mapping>
      and, in application-context.xml

      Code:
      	<!-- Handles HTTP GET requests for /resources/** by efficiently serving 
      		up static resources -->
      	<mvc:resources location="/" mapping="/**" />
      Last edited by vikas_chess; Dec 26th, 2012, 11:31 PM.

      Comment


      • #4
        'Protected resource' is something you protect, using Spring Security. In your case, you have a web app that you protect, meaning only logged-in users can see.
        Let's say you have a page in your app, 'accounts.html'. since it is in your protected app, a user that tries to reach this page will be redirected to the login page, and after successful login he will be redirected back to 'accounts.html'.

        HTH.

        Comment


        • #5
          To make all the resources protected, I have used <intercept-url pattern="/**" /> as shown below:

          Code:
          	<http auto-config="true" use-expressions="true">
          
          		<!-- Configure these elements to secure URIs in your application -->
          		<intercept-url pattern="/**" access="hasAnyRole('ROLE_ANONYMOUS', 'ROLE_USER', 'ROLE_ADMIN')" />
          
          		<form-login login-processing-url="/j_spring_security_check"
          			login-page="/login.htm" authentication-failure-url="/login.htm?login_error=t" />
          
          
          		<logout logout-success-url="/" />
          
          		<remember-me key="myAppKey" token-validity-seconds="864000" />
          
          		<access-denied-handler error-page="/denied" />
          
          	</http>
          But, still it's not redirecting to previous page.

          I have also tried intercept-url pattern="/*" and pattern="/" .. but, none works.

          Kindly help me, where am going wrong.

          Comment


          • #6
            what is your flow? do you try to directly get to the login page? if so, Spring does not know what is your "previous" page.
            do you try to get to another page, and then you get to the login screen?

            Comment


            • #7
              I go to another page and then go to login page. After login successful, I want to return back to previous page.

              Comment


              • #8
                what do u mean by
                Originally posted by vikas_chess View Post
                and then go to login page.
                do you get redirected?

                Comment


                • #9
                  Let's say, I am on page http://localhost:8080/vikas/personal.htm . After click on login hyper-link on the page, I am on http://localhost:8080/vikas/login.htm . On submit in the login screen, I am returning to http://localhost:8080/vikas/ page instead of http://localhost:8080/vikas/personal.htm .

                  Comment


                  • #10
                    My suggestion is to make personal.htm 'prtected', meaning defining it in your security.xml so only ROLE_USER can access it. This way, when a non-registered user will try to get to this page, he will be redirected to the login page, and after successful login he will redirect you back to 'personal.htm'.


                    Code:
                    	<http auto-config="true" use-expressions="true">
                    
                    		<!-- Configure these elements to secure URIs in your application -->
                    		<intercept-url pattern="/admin.htm" access="hasRole('ROLE_ADMIN')" />
                    		<intercept-url pattern="/personal.htm" access="ROLE_USER" />
                    
                    ...
                    	</http>

                    Comment


                    • #11
                      Thanks a lot OhadR! now it works. Thanks for your prompt responses and patience.

                      I am wondering, why can't I protect all my resources using pattern="/" or pattern="/*" or similar expression. I have to individually protect each resource.

                      Comment


                      • #12
                        Originally posted by vikas_chess View Post
                        I am wondering, why can't I protect all my resources using pattern="/" or pattern="/*" or similar expression. I have to individually protect each resource.
                        That will be problematic, since if you use this, you will not be able to use any other rule

                        Comment

                        Working...
                        X