Announcement Announcement Module
No announcement yet.
Wrong redirection after logged in Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Wrong redirection after logged in


    when I "copy & paste" a valid url on the url bar, my application requires log in. When I log in successfully, it redirects me to the correct page. But when the same url is executed from a link on excel file, after the login it redirects me to the home page (defaultTargetUrl) and not to the required page.

    I guessed it was something about the login form, so I used <c:url />:

    <form action="<c:url value='j_spring_security_check'/>" name="loginform"

    but without success.

    Any hints about possible causes?


  • #2
    I would debug the requests that are sent from your browser in both cases and also the creation (and maintenance) of the session. You may be losing the session in once case, in which case the originally requested URL will not be available after you authenticate.


    • #3
      thanks for the reply,

      I have attached for the remote debugging the source codes of Spring (2.5.2) and Spring-Security (2.0.5). Of course, before to get to the controller, the request goes through the "filters", and in this situation everything is forwarded to Spring-Security.

      Reading this post:

      it seems related to the "intercept-url" tags applied as in my situation.

      Could be it right? Any hints for the code to monitor and "breakpoints" to apply?



      • #4
        I went through the thing more in details and as suggested in that post I "sniffed" the http-requests. This is basically the "sequence":

        1) click on the link from the doc file (same for excel):

        org.application:443 CONNECT 200 ("ms office" connected to the server)

        2) application knows the resource required by url is existent and reply with the redirect url:

        > replies value 302 (so it means, the resource exists) and redirects to

        3) now "office" requires for and no more for as replied by the server in the step 2

        4) server shows default page

        This doesn't happen for OpenOffice



        • #5
          this is the confirm:



          • #6
            I would implement now a "double authentication" in a transparent way:

            As far as I know when a link is executed via Microsoft-Office (Word, Excel, etc), Office starts an authentication session not sharing JSESSIONID (same as I described above). Basically 2 authoring sessions are started indipendently each other.

            Is it possible with Spring-Security "merge" these 2 sessions and redirecting the Office auth to the normal session-id auth? I think I have to modify the behaviour of "intercept-url" via ChannelProcessingFilter but I'm not sure it's the right and the only thing to do. Any hints?