Results 1 to 3 of 3

Thread: Loossing original requested URL

  1. Apr 16th, 2010, 12:44 AM #1
    anyz
    anyz is offline Member
    Join Date
    Feb 2009
    Posts
    50

    Default Loossing original requested URL

    I have Spring Security configured in standard way. As user hits the application URL and his session is not started before he is redirected to login.jsp.

    However my application is accessed by various customers like:

    http://myserver.com/cust1
    http://myserver.com/cust2
    http://myserver.com/cust3

    So i need to know which customer is accessing it. And it is done through last word after slash (cust1, cust2 etc). But spring security redirects user to http://myserver.com/login.jsp and i lose which customer was it.

    How can i know the exact URL typed by customer?

    Thanks
  2. Apr 16th, 2010, 01:46 AM #2
    anyz
    anyz is offline Member
    Join Date
    Feb 2009
    Posts
    50

    Default

    i found the target url can be get as:
    Code:
    SavedRequest savedRequest = (SavedRequest)session.getAttribute(AbstractProcessingFilter.SPRING_SECURITY_SAVED_REQUEST_KEY);

String targetUrl = savedRequest.getFullRequestUrl()
    However how can i change this URL now. DO i need to write custom filter?
  3. Apr 16th, 2010, 04:21 AM #3
    anyz
    anyz is offline Member
    Join Date
    Feb 2009
    Posts
    50

    Default

    one step foward. Found this URL very helpful
    http://angelborroy.wordpress.com/200...the-user-role/

    I actually have pretty basic settings working good as given below:

    Code:
    	
<security:global-method-security secured-annotations="enabled" />
    
<security:http auto-config="true">
<!-- Restrict URLs based on role -->
<security:intercept-url pattern="/publicpages/*" access="ROLE_ANONYMOUS" />
<security:intercept-url pattern="/index.jsp" access="ROLE_ANONYMOUS,ROLE_USER" />
<security:intercept-url pattern="/login.htm*" access="ROLE_ANONYMOUS,ROLE_USER" />

<security:intercept-url pattern="/*" access="ROLE_USER" />

        <!-- Override default login and logout pages -->
        <security:form-login login-page="/login.htm" 
                             login-processing-url="/j_spring_security_check" 
                             default-target-url="/welcome.htm" 
                             authentication-failure-url="/login.htm?login_error=1" />
        <security:logout logout-url="/logout" logout-success-url="/logoutSuccess.jsp" />
    </security:http>

    <security:authentication-provider>
        <security:jdbc-user-service data-source-ref="dataSource" />

    </security:authentication-provider>
    
</beans>
    As user is fwarded to login page i get conrtol of actuall URL entered in spring controller. Is there a way to override the targetURL stored by spring security at this point. This way i dont' have to do anything with custom filters and security settings.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules