Announcement Announcement Module
Collapse
No announcement yet.
Is it possible to change Spring Security 3 redirects from full urls to relative urls? Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Is it possible to change Spring Security 3 redirects from full urls to relative urls?

    I'm using urlrewriting to make my Spring Application urls SEF, but Spring Security dose redirects with full urls like http://localhost:8080/app/whateverurl/. Context app is for spring and then there are css, script etc static content folders. So app in url is rewritten to nothing, so urls would look much cleaner.

    When I would like to have whateverurl/ urls. Is it possible to configure just like I suggested, or do I have to use custom work arounds?

  • #2
    Hi

    See: http://tools.ietf.org/html/rfc2616#section-14.30.

    Wikipedia says: http://en.wikipedia.org/wiki/HTTP_lo...ve_URL_Example, but you have to perform workaround of not only SpringSecurity, but also HttpServletResponse.sendRedirect()...

    regards
    Grzegorz Grzybek

    Comment


    • #3
      There are a few places you will need to modify your configuration:

      1) The ExceptionTranslationFilter has a LoginUrlAuthenticationEntryPoint on it. The LoginUrlAuthenticationEntryPoint has a DefaultRedirectStrategy on it. You will need to set the contextRelative property to true. This redirect occurs when you are requested to login when specifying a protected url and not logged in.

      2) Update the UsernamePasswordAuthenticationFailureHandler to have a SimpleUrlAuthenticationFailureHandler that has a DefaultRedirectStrategy that also sets the contextRelative property to true. This redirect occurs when you fail to login (i.e. wrong username/password).

      3) The UsernamePasswordAuthenticationFilter has a SavedRequestAwareAuthenticationSuccessHandler on it. The SavedRequestAwareAuthenticationSuccessHandler has a DefaultRedirectStrategy on it. Change the DefaultRedirectStrategy to be context relative. This redirect occurs when redirecting after a successful login.

      HTH,

      Comment


      • #4
        Rob Winch

        Rob Winch, could you show an example how to do that?

        Thank you soo much!

        Comment


        • #5
          I had forgotten that the LoginUrlAuthenticationEntryPoint's RedirectStrategy did not have a setter. You will need to use forward for it instead or write your own AuthenticationEntryPoint. For most circumstances I would recommend you try to use the redirects the way they are and figure out why you are having problems with the full redirects. For example if UrlRewriteFilter is having giving your problems remove it or ensure it is the first filter. There are quite a few threads that have information about UrlRewriteFilter (i.e. this thread).

          The config would look something like this...
          Code:
          <http entry-point-ref="entryPoint" ... >		
            <form-login authentication-failure-handler-ref="authFailHandler" authentication-success-handler-ref="authSuccessHandler"/>
            ...
          </http>
          	
          <b:bean id="entryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint" 
            p:loginFormUrl="/login.jsp" p:useForward="true"/>
          		
          <b:bean id="authFailHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler" 
            p:defaultFailureUrl="/login.jsp?faile=true" 
            p:redirectStrategy-ref="redirectStrategy"/>
          		
          <b:bean id="authSuccessHandler" class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler" 
            p:defaultTargetUrl="/" 
            p:redirectStrategy-ref="redirectStrategy"/>
          			
          <b:bean id="redirectStrategy" class="org.springframework.security.web.DefaultRedirectStrategy" 
            p:contextRelative="true"/>

          Comment

          Working...
          X