Last visited page problem

[kostepanych]

Our application based on Spring Security & Struts 2 runs under tomcat 6.

Here is security http config:

Code:

<security:http auto-config="true">
       .....
        <security:form-login login-page='/login.action'
                             authentication-failure-url="/login.action?login_error=1"
                             default-target-url='/dashboard.action'/>
    </security:http>

Our default login page /dashboard.action sends many ajax requests which receives json objects as the response:


If user does logout quickly after login, on next login sometimes he hit ajax json request action instead of the last visited page, and download file interface appears:


So how can I resolve this problem?

I can't use always-use-default-target="true", because project requirement is to remember last visited page and enter it after login.

[Luke Taylor]

It seems like in the cases where JSon requests are activating the login, you would want to use the default page instead?

You could either customize the RequestCache (which is used to cache the previous requests) and ignore those which should not be used as target pages.

Alternatively you can customize the AuthenticationSuccessHandler and make the decision there (check the code for the default saved-request based one).

Of course, you need some way of differentiating what is a valid page request as opposed to a JSon one.