I am using Spring Security 3.0.6, and I would like to be able to do the following:
If the user is on the page and the session timeout occurs, the user will be sent to the login page and in the actual log will be redirected back to the page in which the timeout occurred.
In my security.xml file, I have the following.
<http auto-config="true" use-expressions="true">
<form-login
login-page="/login"
default-target-url="/main"
always-use-default-target="false"
authentication-failure-url="/login.html?error=true"
authentication-success-handler-ref="authenticationSuccessHandler" />
<remember-me/>
<logout logout-success-url="/login" />
</http>
This is my authentication class:
public class AuthenticationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException {
String url = "";
HttpSession session = request.getSession(false);
if (session != null) {
SavedRequest savedRequest = (SavedRequest) session.getAttribute(WebAttributes.SAVED_REQUEST);
if (savedRequest != null) {
url = savedRequest.getRedirectUrl();
}
}
System.out.println("url: "+ url);
if (url == "") {
response.sendRedirect(request.getContextPath()+"/main");
} else {
response.sendRedirect(url);
}
}
}
I send the user back to the login page via javascript, for example:
window.location.href="/login";
In my authentication class, url is always null. How can I do this work, so Spring will redirect to the correct page?
source
share