Stop Spring Security SavedDefaultRequest
We have an application using Spring Security(Version 4.0.3.RELEASE). When a user goes to an endpoint https://system.com/app/accountSummary?accountId=230 they get redirected to another page and the redirect page is set as we see this in the log:
DefaultSavedRequest added to Session: DefaultSavedRequest[http://system.com/app/accountSummary?accountId=230]
We then redirect them to a main page. When our user clicks to login it resets the DefaultSavedRequest. We see this in the logs: DefaultSavedRequest added to Session: DefaultSavedRequest[http://system.com/app/mainpage]
After the user logs in properly Spring Security is taking them back to the mainpage not the account screen they wanted.
Is there a way to stop the DefaultSavedRequest from updating or check if it is set and not update it?
Is it possible to do something at the page level? Or should I do this in a different fashion.
java spring redirect spring-security
add a comment |
We have an application using Spring Security(Version 4.0.3.RELEASE). When a user goes to an endpoint https://system.com/app/accountSummary?accountId=230 they get redirected to another page and the redirect page is set as we see this in the log:
DefaultSavedRequest added to Session: DefaultSavedRequest[http://system.com/app/accountSummary?accountId=230]
We then redirect them to a main page. When our user clicks to login it resets the DefaultSavedRequest. We see this in the logs: DefaultSavedRequest added to Session: DefaultSavedRequest[http://system.com/app/mainpage]
After the user logs in properly Spring Security is taking them back to the mainpage not the account screen they wanted.
Is there a way to stop the DefaultSavedRequest from updating or check if it is set and not update it?
Is it possible to do something at the page level? Or should I do this in a different fashion.
java spring redirect spring-security
add a comment |
We have an application using Spring Security(Version 4.0.3.RELEASE). When a user goes to an endpoint https://system.com/app/accountSummary?accountId=230 they get redirected to another page and the redirect page is set as we see this in the log:
DefaultSavedRequest added to Session: DefaultSavedRequest[http://system.com/app/accountSummary?accountId=230]
We then redirect them to a main page. When our user clicks to login it resets the DefaultSavedRequest. We see this in the logs: DefaultSavedRequest added to Session: DefaultSavedRequest[http://system.com/app/mainpage]
After the user logs in properly Spring Security is taking them back to the mainpage not the account screen they wanted.
Is there a way to stop the DefaultSavedRequest from updating or check if it is set and not update it?
Is it possible to do something at the page level? Or should I do this in a different fashion.
java spring redirect spring-security
We have an application using Spring Security(Version 4.0.3.RELEASE). When a user goes to an endpoint https://system.com/app/accountSummary?accountId=230 they get redirected to another page and the redirect page is set as we see this in the log:
DefaultSavedRequest added to Session: DefaultSavedRequest[http://system.com/app/accountSummary?accountId=230]
We then redirect them to a main page. When our user clicks to login it resets the DefaultSavedRequest. We see this in the logs: DefaultSavedRequest added to Session: DefaultSavedRequest[http://system.com/app/mainpage]
After the user logs in properly Spring Security is taking them back to the mainpage not the account screen they wanted.
Is there a way to stop the DefaultSavedRequest from updating or check if it is set and not update it?
Is it possible to do something at the page level? Or should I do this in a different fashion.
java spring redirect spring-security
java spring redirect spring-security
asked Nov 12 '18 at 14:04
Tom HenricksenTom Henricksen
13
13
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
A teammate of mine created this solution:
AuthenticationPoint.java
SavedRequest savedRequest = null;
if (request.getSession().getAttribute(ORIG_SAVED_REQUEST_URL) != null)
saveURL = request.getSession().getAttribute(ORIG_SAVED_REQUEST_URL).toString();
savedRequest = (SavedRequest) request.getSession().getAttribute(ORIG_SAVED_REQUEST);
request.getSession().setAttribute(ORIG_SAVED_REQUEST_URL, saveURL);
request.getSession().setAttribute(ORIG_SAVED_REQUEST, savedRequest);
request.getSession().setAttribute(SPRING_SECURITY_SAVED_REQUEST, savedRequest);
logger.debug("Session Variable ORIG-SAVED-REQUEST=",savedRequest.getRedirectUrl());
Then in Controller.java
if ((request != null) && (request.getSession() != null) &&
(request.getSession().getAttribute(SPRING_SECURITY_SAVED_REQUEST) != null) )
savedRequest = (SavedRequest) request.getSession().getAttribute(SPRING_SECURITY_SAVED_REQUEST);
request.getSession().setAttribute(ORIG_SAVED_REQUEST_URL, savedRequest.getRedirectUrl());
request.getSession().setAttribute(ORIG_SAVED_REQUEST, savedRequest);
logger.debug("Session Variable ORIG-SAVED-REQUEST=",savedRequest.getRedirectUrl());
Then he added this to the spring security xml:
<property name="alwaysUseDefaultTargetUrl"><value>false</value></property>
These changes resolved the issue in our application.
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53263813%2fstop-spring-security-saveddefaultrequest%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
A teammate of mine created this solution:
AuthenticationPoint.java
SavedRequest savedRequest = null;
if (request.getSession().getAttribute(ORIG_SAVED_REQUEST_URL) != null)
saveURL = request.getSession().getAttribute(ORIG_SAVED_REQUEST_URL).toString();
savedRequest = (SavedRequest) request.getSession().getAttribute(ORIG_SAVED_REQUEST);
request.getSession().setAttribute(ORIG_SAVED_REQUEST_URL, saveURL);
request.getSession().setAttribute(ORIG_SAVED_REQUEST, savedRequest);
request.getSession().setAttribute(SPRING_SECURITY_SAVED_REQUEST, savedRequest);
logger.debug("Session Variable ORIG-SAVED-REQUEST=",savedRequest.getRedirectUrl());
Then in Controller.java
if ((request != null) && (request.getSession() != null) &&
(request.getSession().getAttribute(SPRING_SECURITY_SAVED_REQUEST) != null) )
savedRequest = (SavedRequest) request.getSession().getAttribute(SPRING_SECURITY_SAVED_REQUEST);
request.getSession().setAttribute(ORIG_SAVED_REQUEST_URL, savedRequest.getRedirectUrl());
request.getSession().setAttribute(ORIG_SAVED_REQUEST, savedRequest);
logger.debug("Session Variable ORIG-SAVED-REQUEST=",savedRequest.getRedirectUrl());
Then he added this to the spring security xml:
<property name="alwaysUseDefaultTargetUrl"><value>false</value></property>
These changes resolved the issue in our application.
add a comment |
A teammate of mine created this solution:
AuthenticationPoint.java
SavedRequest savedRequest = null;
if (request.getSession().getAttribute(ORIG_SAVED_REQUEST_URL) != null)
saveURL = request.getSession().getAttribute(ORIG_SAVED_REQUEST_URL).toString();
savedRequest = (SavedRequest) request.getSession().getAttribute(ORIG_SAVED_REQUEST);
request.getSession().setAttribute(ORIG_SAVED_REQUEST_URL, saveURL);
request.getSession().setAttribute(ORIG_SAVED_REQUEST, savedRequest);
request.getSession().setAttribute(SPRING_SECURITY_SAVED_REQUEST, savedRequest);
logger.debug("Session Variable ORIG-SAVED-REQUEST=",savedRequest.getRedirectUrl());
Then in Controller.java
if ((request != null) && (request.getSession() != null) &&
(request.getSession().getAttribute(SPRING_SECURITY_SAVED_REQUEST) != null) )
savedRequest = (SavedRequest) request.getSession().getAttribute(SPRING_SECURITY_SAVED_REQUEST);
request.getSession().setAttribute(ORIG_SAVED_REQUEST_URL, savedRequest.getRedirectUrl());
request.getSession().setAttribute(ORIG_SAVED_REQUEST, savedRequest);
logger.debug("Session Variable ORIG-SAVED-REQUEST=",savedRequest.getRedirectUrl());
Then he added this to the spring security xml:
<property name="alwaysUseDefaultTargetUrl"><value>false</value></property>
These changes resolved the issue in our application.
add a comment |
A teammate of mine created this solution:
AuthenticationPoint.java
SavedRequest savedRequest = null;
if (request.getSession().getAttribute(ORIG_SAVED_REQUEST_URL) != null)
saveURL = request.getSession().getAttribute(ORIG_SAVED_REQUEST_URL).toString();
savedRequest = (SavedRequest) request.getSession().getAttribute(ORIG_SAVED_REQUEST);
request.getSession().setAttribute(ORIG_SAVED_REQUEST_URL, saveURL);
request.getSession().setAttribute(ORIG_SAVED_REQUEST, savedRequest);
request.getSession().setAttribute(SPRING_SECURITY_SAVED_REQUEST, savedRequest);
logger.debug("Session Variable ORIG-SAVED-REQUEST=",savedRequest.getRedirectUrl());
Then in Controller.java
if ((request != null) && (request.getSession() != null) &&
(request.getSession().getAttribute(SPRING_SECURITY_SAVED_REQUEST) != null) )
savedRequest = (SavedRequest) request.getSession().getAttribute(SPRING_SECURITY_SAVED_REQUEST);
request.getSession().setAttribute(ORIG_SAVED_REQUEST_URL, savedRequest.getRedirectUrl());
request.getSession().setAttribute(ORIG_SAVED_REQUEST, savedRequest);
logger.debug("Session Variable ORIG-SAVED-REQUEST=",savedRequest.getRedirectUrl());
Then he added this to the spring security xml:
<property name="alwaysUseDefaultTargetUrl"><value>false</value></property>
These changes resolved the issue in our application.
A teammate of mine created this solution:
AuthenticationPoint.java
SavedRequest savedRequest = null;
if (request.getSession().getAttribute(ORIG_SAVED_REQUEST_URL) != null)
saveURL = request.getSession().getAttribute(ORIG_SAVED_REQUEST_URL).toString();
savedRequest = (SavedRequest) request.getSession().getAttribute(ORIG_SAVED_REQUEST);
request.getSession().setAttribute(ORIG_SAVED_REQUEST_URL, saveURL);
request.getSession().setAttribute(ORIG_SAVED_REQUEST, savedRequest);
request.getSession().setAttribute(SPRING_SECURITY_SAVED_REQUEST, savedRequest);
logger.debug("Session Variable ORIG-SAVED-REQUEST=",savedRequest.getRedirectUrl());
Then in Controller.java
if ((request != null) && (request.getSession() != null) &&
(request.getSession().getAttribute(SPRING_SECURITY_SAVED_REQUEST) != null) )
savedRequest = (SavedRequest) request.getSession().getAttribute(SPRING_SECURITY_SAVED_REQUEST);
request.getSession().setAttribute(ORIG_SAVED_REQUEST_URL, savedRequest.getRedirectUrl());
request.getSession().setAttribute(ORIG_SAVED_REQUEST, savedRequest);
logger.debug("Session Variable ORIG-SAVED-REQUEST=",savedRequest.getRedirectUrl());
Then he added this to the spring security xml:
<property name="alwaysUseDefaultTargetUrl"><value>false</value></property>
These changes resolved the issue in our application.
answered Dec 10 '18 at 20:42
Tom HenricksenTom Henricksen
13
13
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53263813%2fstop-spring-security-saveddefaultrequest%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown