Login page is not redirecting for logged user

[galgavu]

Hi.
I have a problem with users logged in. When I hit back on the browser or simply will go to login page id doesn't redirect me to home page. I don't really know if this should be default behavior of spring security so maybe anyone can give me some advice??
My codes:

security-context.xml

Code:

    <http auto-config="true">
        <intercept-url pattern="/css/**" filters="none"/>
        <intercept-url pattern="/images/**" filters="none"/>
        <intercept-url pattern="/reports/*" access="ROLE_ADMIN"/>
        <intercept-url pattern="/temp/*" access="ROLE_ADMIN"/>
        <intercept-url pattern="/login.zul*" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
        <intercept-url pattern="/zul/**" access="ROLE_USER,ROLE_ADMIN"/>
        <intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>

        <form-login login-page="/login.zul" default-target-url="/zul/test.zul"
                    always-use-default-target="true"
                    authentication-success-handler-ref="authenticationHandler"
                    authentication-failure-url="/login.zul?login_error=1"/>
    </http>

    <beans:bean id="authenticationHandler" class="CustomAuthenticationHandler">
        <beans:property name="defaultTargetUrl" value="/zul/test.zul"/>
        <beans:property name="alwaysUseDefaultTargetUrl" value="true"/>
    </beans:bean>

    <beans:bean id="CustomProvider" class="CustomLoginProvider"/>

    <authentication-manager>
        <authentication-provider ref="CustomProvider"/>
    </authentication-manager>

on successful login:

Code:

public class CustomAuthenticationHandler extends SavedRequestAwareAuthenticationSuccessHandler {

    @Override
    public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {

        ....///some logic here

        super.onAuthenticationSuccess(httpServletRequest, httpServletResponse, authentication);
    }

[Rob Winch]

Spring Security is not aware of the internals of your application (i.e. if you want to make your login page flex based upon if the user is logged in or not). To show your home page when the login page is requested and the user is logged in use the SecurityContextHolder in the login page (or its controller) and redirect or forward the user to the home page.

[galgavu]

So I guess I should use:

Code:

SecurityContextHolder.getContext().getAuthentication().getAuthorities();

then check what authority and redirect accordingly.

But is there anyway to read the default target url?? I mean:

Code:

<beans:property name="defaultTargetUrl" value="/zul/test.zul"/>

Because I would not like to hardcode this in my controller (for redirection).

[galgavu]

I've done it in this way (as I'm using custom authentication handler):

Code:

@Autowired
private AuthenticationHandler authenticationHandler;
....
Executions.getCurrent().sendRedirect(authenticationHandler.getDefaultUrl());

and in handler:

Code:

public String getDefaultUrl() {
        return super.getDefaultTargetUrl();
    }

It works but I guess it's not really the best way :/

[Rob Winch]

So I guess I should use:

Code:

SecurityContextHolder.getContext().getAuthentication().getAuthorities();

then check what authority and redirect accordingly.

But is there anyway to read the default target url?? I mean:

Code:

<beans:property name="defaultTargetUrl" value="/zul/test.zul"/>

Because I would not like to hardcode this in my controller (for redirection).

You would use the AuthenticationTrustResolverImpl to determine if the user is authenticated or not. Then you could redirect to a URL that is injected into your controller if the user is already authenticated.