I am using Spring Security for access control and I have two pages in my application page1.html and page2.html. All the html pages are accessible to the users with role ROLE_USER.
<http auto-config="false" use-expressions="true" disable-url-rewriting="true">
<intercept-url pattern="/**/*.html" access="hasRole('ROLE_USER')"/>
<form-login login-page="/login.jsp" authentication-failure-url="/login.jsp?authfailed=true"/>
<logout invalidate-session="true" logout-url="/j_spring_security_logout"/>
I'm facing problems when I try following steps:
1. Open two tabs in firefox.
2. Open page1.html in tab1-> redirected to login.jsp
3. Open page2.html in tab2-> redirected to login.jsp
4. Goto tab 1 and enter username and password -> redirected to page2.html [it should be page1.html]
5. Goto tab 2 and enter username and password -> redirected to / [it should be page2.html]
I think this is because only one request is cached per session. Is there some way to maintain login success url for each browser tab/window, i.e. step 4 redirects to page1.html and step 5 redirects to page2.html?
Also I do not want POST requests to be resubmitted because that can lead to inconsistency, is there some way to configure this?