Redirecting to the login page after logging in, caused by an attempt to log out when the session has expired.

Question

Redirecting to the login page after logging in, caused by an attempt to log out when the session has expired.

I apologize if the title is not clear enough. Here are the details.

Background

I am working on a Spring application that uses Spring 3.1.1 and Spring security 3.1.0. Here is the corresponding fragment of our descriptor:

<security:http auto-config='true'>      
    <security:intercept-url pattern="/login.jsp*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    <security:intercept-url pattern="/login*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    <security:intercept-url pattern="/**" access="ROLE_USER" />     
    <security:form-login login-page='/login' authentication-failure-url="/login?authfailed=true"/>              
</security:http>

The Exit link on a web page refers to a URL, for example ROOT-URL/j_spring_security_logout. So clicking on this url takes us to the login page ( login.jsp) and can log in again.

Problem

, , . . . , , . .

: , , , . , , . .

. - HTTP, SavedRequestAwareAuthenticationSuccessHandler.onAuthenticationSuccess(), , requestCache . requestCache HttpSessionRequestCache, "" session "SPRING_SECURITY_SAVED_REQUEST".

, .

. . . . , "j_spring_security_logout", .

- URL- "", URL-, . , URL- , ; .

:

ExceptionTranslationFilter.handleSpringSecurityException() sendStartAuthentication() ( 168)

( 183-184):

    SecurityContextHolder.getContext().setAuthentication(null);
    requestCache.saveRequest(request, response);

URL- - . , .

, saveRequest() , . Spring...

, . , , - "" .

.

+3

java redirect spring spring-security

AlexR 03 '12 12:14

3

pap · Answer 1 · 2012-05-03T13:25:01+0000

<intercept-url pattern="/login.jsp*" access="permitAll" />
<intercept-url pattern="/login*" access="permitAll" />

- .

Nandkumar Tekale · Answer 2 · 2012-05-03T13:41:27+0000

, :

<security:form-login 
        login-page="/login.jsp" 
        default-target-url="/home.jsp"
        always-use-default-target="true" 
        authentication-failure-url="/login?authfailed=true"/>

Edison martins · Answer 3 · 2016-10-26T02:31:26+0000

:

.defaultSuccessUrl("/paginas/geral/index.jsf")

:

.defaultSuccessUrl("/paginas/geral/index.jsf", true)

http.authorizeRequests (). anyRequest (). authenticated () .and (). formLogin () .loginPage ("/login.jsf") .permitAll () .usernameParameter ("Login") .passwordParameter ("senha") .defaultSuccessUrl ("/ paginas / geral / index. jsf ", true) .failureUrl (" /login.jsf is invalid = true? ");

he works for me. (spring -security-web: 4.1.3.RELEASE)

Redirecting to the login page after logging in, caused by an attempt to log out when the session has expired.

More articles: