Announcement Announcement Module
No announcement yet.
Issue with SavedRequestAwareWrapper and cookies Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Issue with SavedRequestAwareWrapper and cookies

    I have an app setup that uses the CasAuthenticationEntryPoint. The URL that the user is sent to however, is not really a CAS endpoint. It's home grown login page that authenticates the user and writes out a cookie that includes a token. I then have a RememberMeServices implementation that checks that token and if it's good, it creates a valid UsernamePasswordAuthenticationToken thus allowing the user access.

    This all works fine until a token expires. In that case, the cookie is sent to my RemberMeServices but is then rejected because it's expired. The RememberMeServices then attempts to clear that cookie by writing the same cookie but with a 0 maxAge. The request is then re-directed to our home grown login page where authentication takes place and the new token is written out to a cookie. However, when the request is re-directed back to the original URL, a SavedRequestAwareWrapper is created. When my RememberMeServices attempts to read the token cookie, it gets pulled from the SavedRequest and thus gets the same expired token. Thus, the user is sent back to th e login page.

    How can I stop Spring from using the SavedRequestAwareWrapper in this instance so the expired token doesn't get re-used?