Results 1 to 3 of 3

Thread: Redirecting to original page upon authentication failure

  1. Sep 10th, 2010, 12:35 AM #1
    mueller
    mueller is offline Senior Member
    Join Date
    Feb 2008
    Posts
    169

    Question Redirecting to original page upon authentication failure

    My web app has a login dialog box on every webpage. When a user logs successfully, I simply redirect back to the original webpage by passing a hidden variable to spring's security_check servlet:
    Code:
    <input type="hidden" name="spring-security-redirect" value="/original_webpage_logged_in_from"/>
    Works great. Problem is when the login is unsuccessful, maybe a bad password. Then the user is redirected to the default authentication failure page defined in the <form-login> configuration (/login?error=credentials):
    Code:
    <form-login login-page="/login" authentication-failure-url="/login?error=credentials" default-target-url="/account" login-processing-url="/security_check"/>
    I want the user redirected back to the original webpage where I'll pop up the same login dialog box again with an error message.

    What's the proper way to do this?
  2. Sep 10th, 2010, 07:20 AM #2
    mueller
    mueller is offline Senior Member
    Join Date
    Feb 2008
    Posts
    169

    Default

    Is the right way to do this to implement the RedirectStrategy interface and create a SimpleUrlAuthenticationFailureHandler bean referencing it?

    Code:
    <beans:bean id="simpleUrlAuthenticationFailureHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
    <beans:property name="redirectStrategy" ref="backToReferrer"/>
</beans:bean>

<beans:bean id="backToReferrer" class="com.example.RedirectStrategyBackToReferrer"/>
    And then the class:
    Code:
    public class RedirectStrategyBackToReferrer implements RedirectStrategy {
    public void sendRedirect(HttpServletRequest request, HttpServletResponse response, String url) {
        response.sendRedirect(addParameterIndicatingFailedLogin(request.getHeader("Referer")));
    }
}
    Make sense? Was this the purpose of SimpleUrlAuthenticationFailureHandler and RedirectStrategy?
  3. Sep 10th, 2010, 07:37 AM #3
    Luke Taylor
    Luke Taylor is offline Senior Member Acegi Security System TeamSpring Team
    Join Date
    Aug 2004
    Location
    Glasgow, Scotland
    Posts
    3,449

    Default

    The AuthenticationFailureHandler is intended to control the navigation flow for a failed authentication (see the manual). You can just implement this directly.

    You don't need to use a custom RedirectStrategy (or indeed any RedirectStrategy) unless you have specific requirements to cope with proxies etc.

    The strategies are there to provide maximum flexibility in achieving what you want. Their purpose isn't really set in stone.
    Spring - by Pivotal
    twitter @tekul
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules