I am using Spring Security Version 3.1.2.
Here is the configuration:
<http pattern="/embedded/**" auto-config="true" use-expressions="true" access-denied-page="/embedded/login.htm"> <intercept-url pattern="/embedded/login-embedded.html" access="hasRole('ROLE_AUTHENTICATED')"/> <intercept-url pattern="/embedded/**" access="permitAll"/> <form-login login-page="/embedded/login.htm" authentication-failure-url="/embedded/login.htm?error=true" default-target-url="/embedded/login-embedded.html" /> <logout logout-success-url="/embedded/index.html"/> </http> <http auto-config="true" use-expressions="true" access-denied-page="/login.htm"> <intercept-url pattern="/login-success.html" access="hasRole('ROLE_AUTHENTICATED')"/> <intercept-url pattern="/**" access="permitAll"/> <form-login login-page="/login.htm" authentication-failure-url="/login.htm?error=true" default-target-url="/login-success.html"/> <logout logout-success-url="/index.html"/> </http>
I POST data to the Spring MVC controller, which calls the service to check captcha. If this passes, it forwards it to j_spring_security_check RequestDispatcher.
Here is the relevant part of the controller:
@RequestMapping(value ="/embedded/login.htm", method = RequestMethod.POST) public String authenticateCaptcha(HttpServletRequest request, HttpServletResponse response, @RequestParam String verificationText) throws IOException, ServletException { HttpSession session = request.getSession(); String sessionId = session.getId(); if (captchaService.validate(sessionId, verificationText)) { request.getRequestDispatcher("/j_spring_security_check").forward(request, response); return null; } return buildErrorRedirect(request); }
My problem is that after the captcha is verified and the request is redirected to Spring. Security and authentication fail, the error page it sends to is /login.htm?error=true instead of /embedded/login.htm?error=true .
source share