Spring remember-me doesn't redirect to homepage

StackOverflow https://stackoverflow.com/questions/15439884

  •  24-03-2022
  •  | 
  •  

Question

Here is how I configured Spring-security :

   <security:http auto-config="true">
        <security:remember-me key="123456" />   <!--  Be Aware -->
        <!-- Restrict URLs based on role -->
        <security:intercept-url pattern="/index*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
        <security:intercept-url pattern="/account/*" access="IS_AUTHENTICATED_ANONYMOUSLY" />        
        <security:intercept-url pattern="/assets/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />

        <security:intercept-url pattern="/**" access="ROLE_USER" />
        <!-- Override default login and logout pages -->
        <security:form-login login-page="/account/login.html" 
                             login-processing-url="/account/loginProcess" 
                             default-target-url="/home.html" 
                             authentication-failure-url="/account/login.html?login_error=1" />
        <security:logout logout-url="/account/logout" logout-success-url="/account/login.html" />
    </security:http>

Also my login page includes all the necessary items (remember-me checkbox, j_username ,j_password) for Spring security. Another thing to point at is the Spring-security cookie which gets created after I login. However the next time I startup the browser I don't automatically get redirected to home page. (although the session exists and if I attempt to enter home.html I can). I was wondering maybe it is something that I should Imply in my configuration to get redirected to home.html . But any of the examples I found in internet had mentioned it. Can you help?

Was it helpful?

Solution

I'm not sure what you exactly expect, but the remember-me filter is not supposed to perform any redirection on a successful auto-login (authentication based on the remember-me cookie). The whole point of the remember-me functionality is to let a request go through the authentication checks and be processed without breaking its flow in case the remember-me cookie is valid.

Edit: It's not clear when and why you want the redirection to happen. After the user interactively authenticates himself (by filling out and submitting the login form), he receives a remember-me cookie that is saved by his browser. Then later (maybe some days later) in a subsequent session he browses to some random URL of your application (e.g. by a bookmark). The browser still has the remember-me cookie, so it sends that along with the request. Then the remember-me filter on the server side processes the cookie, and authenticates the user without any further interaction. Now why would you want to redirect that request to home.html instead of serving the content that the user requested?

OTHER TIPS

Try setting default-target-url=/path/to/your/homepage under form login tag

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top