I have developed a solution I'd like to share to the problem that in some cases the anchor/fragment part of a URL ("#anchor") is lost when redirects are involved in the authentication (e.g. with login pages or CAS). Anchors are commonly used in GWT applications to denote a specific (history) state in an application; a user can then create a bookmark and later come back to that state.

See also http://forum.springsource.org/showthread.php?p=219895 or https://jira.springframework.org/browse/SEC-1067.
As noted there, anchors are a client-side concept, so the correct handling must be performed by the browser.

Problem:
1. User tries to log in to <application-url>#anchor
2. User is redirected for authentication (e.g. to CAS)
...
3. User is redirected back to <application-url>

On my test systems, Firefox keeps the #anchor when it gets a HTTP 302 redirect (i.e., it is re-appended to the redirect location). Internet Explorer (tested for IE6 and IE8) do not re-append the anchor, so it is lost in step 2. Therefore, the solution suggested in SEC-1067 does not work either.

To make the above scenario work consistently, I have developed a filter which intercepts the redirects, and sends Javascript pages to
* store the anchor in a cookie then redirect (to be applied to step 2)
* restore the anchor from this cookie then redirect (to be applied to step 3)

This solution works for me. If anyone has feedback about the appropriateness of this solution or has solved the same problem in a different way, I'd be interested. In case anyone is interested in the details, I could also post the code.

Best regards,
Guido