Results 1 to 3 of 3

Thread: Redirect after login

Hybrid View

  1. May 26th, 2008, 04:13 PM #1
    ccin123
    ccin123 is offline Junior Member
    Join Date
    May 2008
    Posts
    12

    Default Redirect after login

    Hello, I'm quite new to spring security and I'm trying some basic things. I have this login form, and if login is successful, I would like it to redirect to a success page, and I cannot figure out how. Before spring security, the action in the form tag was directed at the controller which directed to a success page after login. But with spring security, the form action is now directed at /j_spring_security_check and after a successful login, it redirects to "/". Can someone please advise on this?

    Thanks a lot

    Here's my code
    Code:
    <code>
<?xml version="1.0" encoding="UTF-8"?>

	<http auto-config="true">
		<intercept-url pattern="/login.ccin"
			access="IS_AUTHENTICATED_ANONYMOUSLY" />
		<intercept-url pattern="/secure/extreme/**" access="ROLE_ADMIN" />
		<intercept-url pattern="/secure/**" access="ROLE_USER" />
		<intercept-url pattern="/**" access="ROLE_ADMIN" />
		<form-login login-page="/login.ccin" />
		<form-login login-page="/login.ccin"
			authentication-failure-url="/login.ccin?login_error=1" />
	</http>

	<authentication-provider>
		<user-service>
			<user name="temp" password="temp" authorities="ROLE_ADMIN" />
			<user name="hi" password="bye" authorities="ROLE_ADMIN" />
		</user-service>
	</authentication-provider>

	<authentication-manager alias="authenticationManager" />

	<beansbean id="exceptionTranslationFilter"
		class="org.springframework.security.ui.ExceptionTranslationFilter">
		<beansproperty name="authenticationEntryPoint"
			ref="authenticationProcessingFilterEntryPoint" />
		<beansproperty name="accessDeniedHandler">
			<beansbean
				class="org.springframework.security.ui.AccessDeniedHandlerImpl">
				<beansproperty name="errorPage"
					value="/accessdenied.ccin" />
			</beansbean>
		</beansproperty>
	</beansbean>

	<beansbean id="authenticationProcessingFilterEntryPoint"
		class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
		<beansproperty name="loginFormUrl" value="/login.ccin" />
		<beansproperty name="forceHttps" value="false" />
	</beansbean>

	<beansbean id="authenticationProcessingFilter"
		class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter">
		<beansproperty name="authenticationManager" ref="authenticationManager"></beansproperty> 
		<beansproperty name="authenticationFailureUrl"
			value="/login.ccin?login_error=1" />
		<beansproperty name="defaultTargetUrl" value="/" />
		<beansproperty name="filterProcessesUrl"
			value="/j_spring_security_check" />
	</beansbean>

	<beansbean id="springSecurityFilterChain"
		class="org.springframework.security.util.FilterChainProxy">
		<filter-chain-map path-type="ant">
			<filter-chain pattern="/**"
				filters="httpSessionContextIntegrationFilter,authenticationProcessingFilter,exceptionTranslationFilter" />
		</filter-chain-map>
	</beansbean>

</beansbeans>
</code>
<code>
<form id="login" action="<c:url value='j_spring_security_check'/>"
					method="post">
				<table>
					<tr>
						<td><span class="red"> <form:errors path="*" /> </span></td>
					</tr>
					<tr>
						<td colspan="3">
						<h4>Sign In</h4>
						</td>
					</tr>
				</table>
				<table border="0" cellpadding="0" cellspacing="0" width="300">
					<tr>
						<td width="50%"><span class="heading"> E-mail </span></td>
						<td width="50%"><input type="text" name="j_username" /></td>
					</tr>
					<tr>
						<td width="50%"><span class="heading">Password</span></td>
						<td width="50%"><input type="password" name="j_password" /></td>
					</tr>

				</table>
				<table border="0" cellpadding="0" cellspacing="0" width="300">
					<tr>
						<td align="right">
						<div id="reg">
						<div align="right"><input type="submit" value="Sign In" />
						</div>
						</div>
						</td>
					</tr>
				</table>
				</center>

				</form>
</code>
    Last edited by Luke Taylor; May 27th, 2008 at 03:35 AM. Reason: Added code tags
  2. May 27th, 2008, 02:49 AM #2
    michael.i
    michael.i is offline Member Spring Team
    Join Date
    May 2008
    Posts
    34

    Default Re:

    Hi ccin123,
    your authentication form behaves like a firewall to your target page.
    Imagine that you are targeting a url called http...localhost:8080/myapp/secure/mypage.ccin

    Since you have not been authenticated yet, Spring Security will redirect you to the login page. Once you will have been authenticated properly, you'll be automatically redirected to http...localhost:8080/myapp/secure/mypage.ccin

    And if you'd like to use the code tags inside your posts, you can use the # icon that you can see above.

    Cheers,
    Michael.
  3. May 27th, 2008, 03:42 AM #3
    Luke Taylor
    Luke Taylor is offline Senior Member Acegi Security System TeamSpring Team
    Join Date
    Aug 2004
    Location
    Glasgow, Scotland
    Posts
    3,449

    Default

    You are using a namespace configuration and then overwriting it by using a bean with the standard filter chain name "springSecurityFilterChain". You have no FilterSecurityInterceptor so you will not be asked to authenticate on demand, so every time you login you are going to the default target, which you have configured to be "/".

    I'd recommend you read the getting started section of the manual and begin with the tutorial sample application.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules