Spring Security - Is SavedRequestAwareAuthenticationSuccessHandler broke? -


tldr: spring destroying current http session when redirecting login page; destroys ability navigate defaultsavedrequest after login. why happening?

details - maintaining legacy spring application:

  • spring core version 3.1.0
  • spring security version 3.1.0

when trying utilize savedrequestawareauthenticationsuccesshandler in login configuration, not working. here seems happening:

  • http secured resource: http://localhost:8080/myapp/viewworkorder?workordernumber=315261

  • spring correctly determines not logged in , saves request:

    debug o.s.s.w.s.httpsessionrequestcache - defaultsavedrequest added session: defaultsavedrequest[http://localhost:8080/myapp/viewworkorder?workordernumber=315261]

  • spring correctly redirects login page:

    debug o.s.security.web.filterchainproxy - /login.jsp @ position 1 of 9 in additional filter chain; firing filter: 'channelprocessingfilter'

  • spring destroys current session destroys ability later use defaultsavedrequest:

    debug o.s.s.w.s.httpsessioneventpublisher - publishing event: org.springframework.security.web.session.httpsessiondestroyedevent[source=org.apache.catalina.session.standardsessionfacade@b25f027]

why or causing current session destroyed?

here pertinent configuration details:

<bean id="savedrequestawareauthenticationsuccesshandler"     class="org.springframework.security.web.authentication.savedrequestawareauthenticationsuccesshandler">     <property name="defaulttargeturl" value="/postlogin" />     <property name="targeturlparameter" value="targeturl" />     <property name="alwaysusedefaulttargeturl" value="false" /> </bean>  <security:http auto-config="false">     <!-- override default login , logout pages -->     <security:form-login login-page="/login.jsp"                          login-processing-url="/j_spring_security_check"                          authentication-failure-url="/login.jsp?login_error=1"                          authentication-success-handler-ref="savedrequestawareauthenticationsuccesshandler"                          />      <security:session-management session-fixation-protection="none"/>
  • note inclusion of session-management not seem affect feature either way.

well, embarrassing in interest of being citizen on stack overflow thought share found.

after setting breakpoint in spring httpsessioneventpublisher see if stack might give me clue, did. here screenshot: enter image description here

you'll notice login.jsp on stack. being new particular application, hadn't suspected jsp here found:

enter image description here

obviously, removing scriptlet solved issue. wonder why did , broke in process :)


Comments

Post a Comment

Popular posts from this blog

Sort a complex associative array in PHP -

this question has answer here: php sort array subarray value 5 answers i have associative array in php like: $newarray1 = array ( [producta] => array ( [link] => http://sanjosespartan.com/blog/products/agile-java-development/ [visitcount] => 4 ) [productd] => array ( [link] => http://sanjosespartan.com/blog/products/intro-to-go/ [visitcount] => 1 ) [productg] => array ( [link] => http://sanjosespartan.com/blog/products/node-js-for-developers/ [visitcount] => 1 ) [productb] => array ( [link] => http://sanjosespartan.com/blog/products/beginning-mysql/ [visitcount] => 1 ) [productc] => array ( [link] => http://sanjosespartan.com/blog/products/computer-networks/ [visitcount] => 1 ) ...
Read more

vb.net - How to ignore if a cell is empty nothing -

how use roscolor() ignore value (like empty cell) ? color row if value upper 5 when there nothing in cell, want ignore roscolor() apply, how? public sub roscolor() integer = 0 quotedatagridview1.rows.count() - 1 step +1 dim val integer val = quotedatagridview1.rows(i).cells(3).value if val = vbempty quotedatagridview1.rows(i).defaultcellstyle.backcolor = color.white elseif val < 5 quotedatagridview1.rows(i).defaultcellstyle.backcolor = color.red elseif val > 5 , val < 10 quotedatagridview1.rows(i).defaultcellstyle.backcolor = color.lightyellow end if next end sub you can check empty value following public sub roscolor() integer = 0 quotedatagridview1.rows.count() - 1 step +1 dim val = quotedatagridview1.rows(i).cells(3).value if isdbnull(val) or val nothing quotedatagridview1.rows(i).defaultcellstyle.backcolor = color.white ...
Read more

recursion - Can every recursive algorithm be improved with dynamic programming? -

i first year undergraduate csc student looking competitive programming. recursion involves defining , solving sub problems. understand, top down dynamic programming (dp) involves memoizing solutions sub problems reduce time complexity of algorithm. can top down dp used improve efficiency of every recursive algorithm overlapping sub problems? dp fail work , how can identify this? the short answer is: yes. however, there constraints. obvious 1 recursive calls must overlap. i.e. during execution of algorithm, recursive function must called multiple times same parameters. lets truncate recursion tree memoization. can use memoization reduce number of calls. however, reduction of calls comes price. need store results somewhere. next obvious constraint need have enough memory. comes not-so obvious constraint. memory access requires time. first need find result stored , maybe copy location. in cases, might faster let recursion calculate result instead of loading somewher...
Read more