Geek Answers Handbook

Spring Security 3 SavedRequestAwareAuthenticationSuccessHandler does not save the original request

I am trying to configure spring security 3 so that when users log back in (for example, when the session ends), the user will be returned to the page where they were before the authorization process began.

I use SavedRequestAwareAuthenticationSuccessHandler, but the original request is not cached.

Below is my security configuration.

<security:http auto-config="false" 
               use-expressions="true"
               access-denied-page="/views/auth/login?error=true"
               entry-point-ref="authenticationEntryPoint"  >
    <security:intercept-url pattern="/*" access="hasRole('ROLE_USER')" />
    <security:intercept-url pattern="/views/*" access="hasRole('ROLE_USER')" />
    <security:intercept-url pattern="/data/*" access="hasRole('ROLE_USER')" />  
    <security:intercept-url pattern="/auth/*" access="permitAll" />
    <security:logout invalidate-session="true" logout-success-url="/views/auth/login" logout-url="/views/auth/logout" />
        <security:session-management invalid-session-url="/views/auth/login" >
        <security:concurrency-control max-sessions="1" error-if-maximum-exceeded="true" />
    </security:session-management>
    <security:custom-filter ref="authenticationFilter" position="FORM_LOGIN_FILTER"/>
</security:http>

<security:authentication-manager />

<bean id="authenticationFilter" class="com.security.web.filter.UsernamePasswordAuthenticationFilter">             
    <property name="allowSessionCreation" value="true" />
    <property name="authenticationManager" ref="authenticationManager"/>
    <property name="authenticationFailureHandler" ref="aAuthenticationFailureHandler" />
    <property name="authenticationSuccessHandler" ref="authenticationSuccessHandler" />
</bean>

<bean id="authenticationManager" class="com.security.web.manager.AuthenticationManager" />

<bean id="authenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint" >
    <property name="loginFormUrl" value="/views/auth/login"/>
</bean>

<bean id="authenticationFailureHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
    <property name="defaultFailureUrl" value="/views/auth/login?error=true"/>
 </bean>

<bean id="authenticationSuccessHandler" class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
    <property name="defaultTargetUrl" value="/views"/>
</bean>

Any help would be appreciated.

+5
source share
2 answers

I know this question is old, but I wanted to document what I found for others.

Short answer

, -session-url < session-management > , .

spring: http://forum.springsource.org/showthread.php?89352-requestCache-null-when-using-session-management-gt-invalid-session-url

, , , :

-session-url , , . RequestCache, .

, , URL-, . , .


+3

, :

<bean id="requestCacheAwareFilter"
      class="org.springframework.security.web.savedrequest.RequestCacheAwareFilter">
    <constructor-arg ref="requestCache"/>
</bean>

<bean id="requestCache" class="org.springframework.security.web.savedrequest.HttpSessionRequestCache"/>

requestCache SuccessHandler

<property name="requestCache" ref="requestCache"/>
0

More articles:


All Articles