Announcement Announcement Module
Collapse
No announcement yet.
Redirect to original page after login success/failure Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Redirect to original page after login success/failure

    Hi All,

    I have a web app which has a login form on all the pages.

    I am using spring 2.5 .

    After the login happens (whether successs or failure) the user should be redirected back to the same page. Can someone please tell me how to go about implementing this ?

    Below are my files:

    Spring XML file:

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns="http://www.springframework.org/schema/beans"
      xmlns:security="http://www.springframework.org/schema/security"
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:schemaLocation="http://www.springframework.org/schema/beans
      					  http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
                  		  http://www.springframework.org/schema/security
                          http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">
                          
    
    	<security:http auto-config="true" access-denied-page="/HCPHome">
    		<security:intercept-url pattern="/loginURL*" access="ROLE_USER" />
    		<security:form-login login-page="/loginURL"
    							 login-processing-url="/loginURL"
    							 authentication-failure-url="/general/home?login_error=true"
    							 default-target-url="/general/home"/>
    		<security:logout logout-url="/signout" logout-success-url="/general/home"/>
    	</security:http>
    
     	<bean id="customAuthenticationProvider"	class="com.myapp.authentication.CustomAuthenticationProvider" >
     		<security:custom-authentication-provider />
     		<property name="userDetailsService">
    			<ref bean="userDetailsService" />
    		</property>
     	</bean>
    
    <bean id="userDetailsService" class="com.myapp.authentication.UserDetailsService">
    		
    	</bean>
    	
     	<bean id="securityContext" class="org.springframework.security.context.SecurityContextHolder"
        factory-method="getContext">

    Authentication class
    Code:
    public class CustomAuthenticationProvider implements AuthenticationProvider {
        public Authentication authenticate(Authentication authentication) {
            /*    Authentication logic goes here */
    
           return new UsernamePasswordAuthenticationToken(securityUser, username, securityUser.getAuthorities());		
       }
    
       public boolean supports(Class authentication) {
    		return true;
       }
    }

    Login Form
    Code:
    <form:form action="/myapp/loginURL"  commandName="command"  name="login_form" method="post">
       <input class="UserName" type="text" id="j_username" name="j_username" onClick="clearText(0);"  onBlur="fillText(0)" value="Enter User Name"/>
    </form:form>
    <input type="password" name="j_password" id="j_password" style="display:none;" type="password" value="" class="last" onblur="onBlurHandler_password(this);" onkeypress="javascript:trapLoginEnter(event);" />
    Last edited by anoop nair; Sep 16th, 2010, 09:07 AM. Reason: missed the post type earlier

  • #2
    Did you try the always-use-default-target attribute?

    Comment


    • #3
      Hi rwinch,

      I tried the always-use-default-target attribute....
      But it defaults to false... so dont know what else could be tried there.... But still I tried it by explicitly setting it to false... Didnt work out....

      Do I have to implement some class to achieve this ???

      Comment


      • #4
        You'll probably have to make use of the referer header if you want to do this (without customizing the login form for every page). There's no other information that is available on the server side which provides information on which page the user was on when they submitted the form.

        You can configure both the login success and failure handlers to use the referer information. See, for example, the Javadoc for SimpleUrlAuthenticationSuccessHandler and its base class AbstractAuthenticationTargetUrlRequestHandler.

        Comment


        • #5
          Thanks Luke,

          But SimpleUrlAuthenticationSuccessHandler and its base class AbstractAuthenticationTargetUrlRequestHandler are available in spring 3.0 and above. I am using Spring 2.5...

          Is there a way to achieve the same in Spring 2.5 ?

          Comment


          • #6
            I'm sorry, I missed that there was login form on each of the pages (I was thinking you would just set always-use-default-target to true). I think you will need to extend AuthenticationProcessingFilter and override the determineTargetUrl method in AbstractProcessingFilter to do this.

            Comment


            • #7
              thanks rwinch.

              can u provide me some sample with which i can get started ?

              Comment


              • #8
                Hi rwinch,

                As per ur suggestion i tried extending AuthenticationProcessingFilter.

                My security xml looks as below:
                Code:
                  <security:http auto-config="false" entry-point-ref="authenticationProcessingFilterEntryPoint">
                	<security:intercept-url pattern="/loginURL*" access="ROLE_USER" />
                	<security:logout logout-url="/signout" logout-success-url="/general/home" />
                  </security:http>
                
                  <bean id="securityContext" class="org.springframework.security.context.SecurityContextHolder" factory-method="getContext">
                  </bean>
                
                  <bean id="customAuthenticationProvider" class="com.myapp.authentication.CustomAuthenticationProvider" >
                 	<security:custom-authentication-provider />
                 	<property name="userDetailsService" ref="userDetailsService" />
                  </bean>
                
                  <bean id="userDetailsService" class="com.myapp.authentication.UserDetailsService">
                  </bean>
                
                  <bean id="authenticationProcessingFilter" class="com.myapp.authentication.CustomAuthenticationProcessingFilter">
                    <security:custom-filter position="AUTHENTICATION_PROCESSING_FILTER" />
                    <property name="defaultTargetUrl" value="/general/home" />
                    <property name="authenticationManager" ref="authenticationManager" />
                  </bean>
                
                  <security:authentication-manager alias="authenticationManager" />
                
                  <bean id="authenticationProcessingFilterEntryPoint" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
                    <property name="loginFormUrl" value="/jsp/login/HCPLogin.jsp" />
                    <property name="forceHttps" value="false" />
                  </bean>
                
                </beans>


                However, in authenticationProcessingFilterEntryPoint i have to specify a loginFormUrl. and whenever i click on login in any of my pages, it redirects me to the page specified in loginFormUrl. Is there any way to avoid this ??
                Last edited by anoop nair; Sep 17th, 2010, 04:30 AM.

                Comment


                • #9
                  What is "/loginURL" and why do you have it protected?

                  What URL are you subitting the login form to? As always I would recommend starting with a working sample application (such as the "tutorial" sample) and building on that.

                  Comment


                  • #10
                    /loginURL is the url to which i am submitting the login form.

                    i didnt get the part about it being protected...


                    What I am trying to achieve is something like this forum. Where people can browse the site without logging in. But if they have to post something then they need to log in. The login form is available on each page. And after login they should be redirected to the page they were viewing earlier. The only difference is that i dont want an intermediate login success page like the one in this forum.

                    Comment


                    • #11
                      Originally posted by anoop nair View Post
                      i didnt get the part about it being protected...
                      You have a security constraint which prevents it from being accessed unless the user has the role "ROLE_USER". You need to understand the basics before you try to customize things. Does your filter actually handle the URL "/loginURL"? If not, then the request will be rejected because of the security constraint. If it does, then the security constraint serves no purpose. In fact, it servers no puspose in any case, since only anonymous users should be submitting a login form.

                      The forum uses the referer header as I suggested above.

                      Comment


                      • #12
                        Solved.

                        Hi Luke,

                        Thanks for your suggestion. My filter was not actually handling the url....

                        I added the following line to my filter bean and now it works.
                        Code:
                        <property name="filterProcessesUrl" value="/loginURL"></property>
                        My filter bean now looks like
                        Code:
                        <bean id="authenticationProcessingFilter" class="com.myapp.authentication.CustomAuthenticationProcessingFilter">
                            <security:custom-filter position="AUTHENTICATION_PROCESSING_FILTER" />
                            <property name="defaultTargetUrl" value="/general/home" />
                            <property name="authenticationManager" ref="authenticationManager" />
                            <property name="filterProcessesUrl" value="/loginURL"></property>
                          </bean>

                        Also in my AuthenticationProcessingFilter I am overriding determineTargetUrl method to redirect to the referer....

                        however.... if i remove "ROLE_USER" from my security:http intercept-url element it doesnt work.

                        Comment

                        Working...
                        X