Redirect to original page after login success/failure

**anoop nair** · Sep 16th, 2010, 09:05 AM

Hi All,

I have a web app which has a login form on all the pages.

I am using spring 2.5 .

After the login happens (whether successs or failure) the user should be redirected back to the same page. Can someone please tell me how to go about implementing this ?

Below are my files:

Spring XML file:

Code:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
  xmlns:security="http://www.springframework.org/schema/security"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://www.springframework.org/schema/beans
  					  http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
              		  http://www.springframework.org/schema/security
                      http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">
                      

	<security:http auto-config="true" access-denied-page="/HCPHome">
		<security:intercept-url pattern="/loginURL*" access="ROLE_USER" />
		<security:form-login login-page="/loginURL"
							 login-processing-url="/loginURL"
							 authentication-failure-url="/general/home?login_error=true"
							 default-target-url="/general/home"/>
		<security:logout logout-url="/signout" logout-success-url="/general/home"/>
	</security:http>

 	<bean id="customAuthenticationProvider"	class="com.myapp.authentication.CustomAuthenticationProvider" >
 		<security:custom-authentication-provider />
 		<property name="userDetailsService">
			<ref bean="userDetailsService" />
		</property>
 	</bean>

<bean id="userDetailsService" class="com.myapp.authentication.UserDetailsService">
		
	</bean>
	
 	<bean id="securityContext" class="org.springframework.security.context.SecurityContextHolder"
    factory-method="getContext">

Authentication class

Code:

public class CustomAuthenticationProvider implements AuthenticationProvider {
    public Authentication authenticate(Authentication authentication) {
        /*    Authentication logic goes here */

       return new UsernamePasswordAuthenticationToken(securityUser, username, securityUser.getAuthorities());		
   }

   public boolean supports(Class authentication) {
		return true;
   }
}

Login Form

Code:

<form:form action="/myapp/loginURL"  commandName="command"  name="login_form" method="post">
   <input class="UserName" type="text" id="j_username" name="j_username" onClick="clearText(0);"  onBlur="fillText(0)" value="Enter User Name"/>
</form:form>
<input type="password" name="j_password" id="j_password" style="display:none;" type="password" value="" class="last" onblur="onBlurHandler_password(this);" onkeypress="javascript:trapLoginEnter(event);" />

**Rob Winch** · Sep 16th, 2010, 10:36 AM

Did you try the always-use-default-target attribute?

**anoop nair** · Sep 16th, 2010, 01:22 PM

Hi rwinch,

I tried the always-use-default-target attribute....
But it defaults to false... so dont know what else could be tried there.... But still I tried it by explicitly setting it to false... Didnt work out....

Do I have to implement some class to achieve this ???

**Luke Taylor** · Sep 16th, 2010, 01:43 PM

You'll probably have to make use of the referer header if you want to do this (without customizing the login form for every page). There's no other information that is available on the server side which provides information on which page the user was on when they submitted the form.

You can configure both the login success and failure handlers to use the referer information. See, for example, the Javadoc for SimpleUrlAuthenticationSuccessHandler and its base class AbstractAuthenticationTargetUrlRequestHandler.

**anoop nair** · Sep 16th, 2010, 07:38 PM

Thanks Luke,

But SimpleUrlAuthenticationSuccessHandler and its base class AbstractAuthenticationTargetUrlRequestHandler are available in spring 3.0 and above. I am using Spring 2.5...

Is there a way to achieve the same in Spring 2.5 ?

**Rob Winch** · Sep 16th, 2010, 08:50 PM

I'm sorry, I missed that there was login form on each of the pages (I was thinking you would just set always-use-default-target to true). I think you will need to extend AuthenticationProcessingFilter and override the determineTargetUrl method in AbstractProcessingFilter to do this.

**anoop nair** · Sep 16th, 2010, 11:45 PM

thanks rwinch.

can u provide me some sample with which i can get started ?

**anoop nair** · Sep 17th, 2010, 04:17 AM

Hi rwinch,

As per ur suggestion i tried extending AuthenticationProcessingFilter.

My security xml looks as below:

Code:

  <security:http auto-config="false" entry-point-ref="authenticationProcessingFilterEntryPoint">
	<security:intercept-url pattern="/loginURL*" access="ROLE_USER" />
	<security:logout logout-url="/signout" logout-success-url="/general/home" />
  </security:http>

  <bean id="securityContext" class="org.springframework.security.context.SecurityContextHolder" factory-method="getContext">
  </bean>

  <bean id="customAuthenticationProvider" class="com.myapp.authentication.CustomAuthenticationProvider" >
 	<security:custom-authentication-provider />
 	<property name="userDetailsService" ref="userDetailsService" />
  </bean>

  <bean id="userDetailsService" class="com.myapp.authentication.UserDetailsService">
  </bean>

  <bean id="authenticationProcessingFilter" class="com.myapp.authentication.CustomAuthenticationProcessingFilter">
    <security:custom-filter position="AUTHENTICATION_PROCESSING_FILTER" />
    <property name="defaultTargetUrl" value="/general/home" />
    <property name="authenticationManager" ref="authenticationManager" />
  </bean>

  <security:authentication-manager alias="authenticationManager" />

  <bean id="authenticationProcessingFilterEntryPoint" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
    <property name="loginFormUrl" value="/jsp/login/HCPLogin.jsp" />
    <property name="forceHttps" value="false" />
  </bean>

</beans>

However, in authenticationProcessingFilterEntryPoint i have to specify a loginFormUrl. and whenever i click on login in any of my pages, it redirects me to the page specified in loginFormUrl. Is there any way to avoid this ??

**Luke Taylor** · Sep 17th, 2010, 04:35 AM

What is "/loginURL" and why do you have it protected?

What URL are you subitting the login form to? As always I would recommend starting with a working sample application (such as the "tutorial" sample) and building on that.

**anoop nair** · Sep 17th, 2010, 05:20 AM

/loginURL is the url to which i am submitting the login form.

i didnt get the part about it being protected...

What I am trying to achieve is something like this forum. Where people can browse the site without logging in. But if they have to post something then they need to log in. The login form is available on each page. And after login they should be redirected to the page they were viewing earlier. The only difference is that i dont want an intermediate login success page like the one in this forum.

Thread: Redirect to original page after login success/failure

Thread Tools

Display

Redirect to original page after login success/failure

Posting Permissions