Spring 3.1: Redirect after login not working

Question

I have a page which has multiple links to other pages in the application. When a user visits the website, the systems page is shown which is accessible even if user is not logged in. However, if user clicks on some other link, that expects the user to be logged in, user is rightly redirected to the login page. However, after login, the user is not redirected to link that was clicked, instead the user is taken to the systems page (systems page is the default target url).

Here is snippet from spring config file -

<logout logout-url="/logout"
    logout-success-url="/login"
    invalidate-session="true" />

<form-login login-page="/login"
    login-processing-url="/j_security_check"

    always-use-default-target="false"
    authentication-failure-url="/login?failure=true"
    username-parameter="username"
    password-parameter="password"/>

I tried using authentication-success-handler-ref property to refer a SavedRequestAwareAuthenticationSuccessHandler instance, however, that did not work either.

Any inputs?

Answer 1

In the Spring, there is requestCache (which stores the SavedRequest in the HttpSession) which determines the strategy used to save a request during the authentication process in order that it may be retrieved and reused once the user has authenticated.

So when user request to open a page but that page expects the user to be logged in In that you have to store that request in requestCache and once Authentication will be successful then you have to get that previous request which is already stored in the requestCatch and redirect user to that request Below information help you to achieve this.

See this example which explains the same concept you are looking for

Good Article which also explains same concept in detail with a little bit different way

SavedRequestAwareAuthenticationSuccessHandler :

In your case you have to use authentication success strategy which can make use of the DefaultSavedRequest which may have been stored in the session by the ExceptionTranslationFilter. When such a request is intercepted and requires authentication, the request data is stored to record the original destination before the authentication process commenced, and to allow the request to be reconstructed when a redirect to the same URL occurs. This class is responsible for performing the redirect to the original URL if appropriate.

• If the alwaysUseDefaultTargetUrl property is set to true, the defaultTargetUrl will be used for the destination. Any DefaultSavedRequest stored in the session will be removed.

• If the targetUrlParameter has been set on the request, the value will be used as the destination. Any DefaultSavedRequest will again be removed.

• If a DefaultSavedRequest is found in the RequestCache (as set by the ExceptionTranslationFilter to record the original destination before the authentication process commenced), a redirect will be performed to the Url of that original destination. The DefaultSavedRequest object will remain cached and be picked up when the redirected request is received (See SavedRequestAwareWrapper).

• If no DefaultSavedRequest is found, it will delegate to the base class.