Results 1 to 3 of 3

Thread: dynamic default Target Url in Acegi

  1. Feb 2nd, 2011, 04:03 AM #1
    ashil
    ashil is offline Junior Member
    Join Date
    Feb 2011
    Posts
    3

    Default dynamic default Target Url in Acegi

    Hi,
    I have two requirements in my project as immediate requirement.

    1.) I m using the Acegi for my web app as well as from a mobile application. So whenever i log in from a mobile app using the same login page of acegi, I wish to fetch a parameter from the url as app="mobile" or if it is from other app i need to fetch the appname from the which application i am sending the login credentials. along with the j_username , j_password. I wish to know to how to access the app parameter that im sending in the url and wish to save the app parameter in the session of spring application and based on that attribute i wish to achieve below requirement.

    2. Based on the parameter in the app ="", that comes along with the login url j_security_check , username and password, i wish to change the defaultUrl in the Acegi dynamically to where it has be redirected.

    So i wish some one would help me immediately regarding this requirement as it is very urgent for me to deliver the output.

    Guys this is my first post so please dont disappoint me, and help me timely.
    Reply With Quote Reply With Quote
  2. Feb 3rd, 2011, 08:59 AM #2
    Rob Winch
    Rob Winch is offline Senior Member Spring Team
    Join Date
    Jan 2008
    Posts
    1,826

    Default

    Quote Originally Posted by ashil View Post
    Hi,
    I have two requirements in my project as immediate requirement.

    1.) I m using the Acegi for my web app as well as from a mobile application. So whenever i log in from a mobile app using the same login page of acegi, I wish to fetch a parameter from the url as app="mobile" or if it is from other app i need to fetch the appname from the which application i am sending the login credentials. along with the j_username , j_password. I wish to know to how to access the app parameter that im sending in the url and wish to save the app parameter in the session of spring application and based on that attribute i wish to achieve below requirement.

    2. Based on the parameter in the app ="", that comes along with the login url j_security_check , username and password, i wish to change the defaultUrl in the Acegi dynamically to where it has be redirected.

    So i wish some one would help me immediately regarding this requirement as it is very urgent for me to deliver the output.

    Guys this is my first post so please dont disappoint me, and help me timely.
    Is there a reason you are using Acegi? Since it is no longer supported it will be difficult to get answers to questions. Not to mention the fact that it has security vulnerabilities in it that will not be addressed. I would recommend upgrading to Spring Security 3.x if possible, but at minimum I would use Spring Security 2.x.

    Spring Security 3 has a parameter (i.e. spring-security-redirect) that can be specified on the login form that tells what page the user should go to. You would need to ensure you validate that the url is acceptable value (i.e. it is not http://evil.example.com) and if so have your AuthenticationEntryPoint include it in the URL to the login page. The login page would then need to render it so it is submitted to the url that processes authentication. The AbstractAuthenticationTargetUrlRequestHandler then uses that parameter to determine where to redirect you to. It may be better to place the validation of spring-security-redirect here since it is where the redirect is actually being done).

    I don't recall the exact flow for using Acegi as I haven't really used it in a while. If you are struggling and must use Acegi and I will dig through the code to give you a suggestion. I highly recommend you upgrade to Spring Security though.
    Rob Winch - @rob_winch
    Spring Security Lead
    Pivotal
    Reply With Quote Reply With Quote
  3. Feb 3rd, 2011, 02:58 PM #3
    srikondoji
    srikondoji is offline Senior Member
    Join Date
    Jan 2010
    Posts
    124

    Default

    Best option would be to have your own version of SavedRequestAwareAuthenticationSuccessHandler filter.

    Pass whatever request parameters from login form and make decision to where to redirect in the above filter.

    In my use case this is what id.
    for secured pages redirects are automatically handled by ExceptionTranslationFilter (i think it stores the original url in DefaultSavedRequest) and SavedRequestAwareAuthenticationSuccessHandler.

    For pages that are public (where access is Anonymous), i append the current page url to Login link as return_to_url="/whatever_public_page", which i then pass it as hidden field "spring-security-redirect" in my login form post.
    The SavedRequestAwareAuthenticationSuccessHandler will then redirect appropriately.

    All my current usecases are implementable with namespace declarations without any custom filters.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules