Spring Security: How to get the initial target url

Question

I am using the spring security to restricted urls. I am trying to provide signup and login page, on the same page.

On login spring security transfers to the restricted page. However i am trying to pass the target url to the signup process, so that after signup we can redirect to the restricted page.

How to get the actual URL that user was redirected from.

Any Ideas?

Answer 1

This is how i got the URL from the Spring Security.

SavedRequest savedRequest = (SavedRequest)session.getAttribute(
    AbstractProcessingFilter.SPRING_SECURITY_SAVED_REQUEST_KEY);
String requestUrl = savedRequest.getFullRequestUrl();

Answer 2

They moved things around a bit in spring security 3.0, so the above code snippet doesn't work anymore. This does the trick, though:

protected String getRedirectUrl(HttpServletRequest request) {
    HttpSession session = request.getSession(false);
    if(session != null) {
        SavedRequest savedRequest = (SavedRequest) session.getAttribute(WebAttributes.SAVED_REQUEST);
        if(savedRequest != null) {
            return savedRequest.getRedirectUrl();
        }
    }

    /* return a sane default in case data isn't there */
    return request.getContextPath() + "/";
}

Answer 3

with spring security 4.1.4:

@Override
public void onAuthenticationSuccess(HttpServletRequest request,
        HttpServletResponse response, Authentication authentication)
        throws IOException, ServletException {

    SavedRequest savedRequest = new HttpSessionRequestCache().getRequest(request, response);
    if (savedRequest != null) {
        response.sendRedirect(savedRequest.getRedirectUrl());
    }
    else{
        response.sendRedirect("some/path");
    }
}