Remember original page to redirect to with spring security after a failed login on unprotected URL_问答_开发者

Remember original page to redirect to with spring security after a failed login on unprotected URL

开发者 https://www.devze.com 2022-12-17 18:55 出处：网络

I\'m using spring-security and struts 2. Most of our pages have content that is unprotected mixed with some protected content (user controls) so it is not like the examples where you go to a certain p

I'm using spring-security and struts 2. Most of our pages have content that is unprotected mixed with some protected content (user controls) so it is not like the examples where you go to a certain page and spring-security intercepts everything. Rather I'd like to be able to work with a login form that you access by pressing a login button on any page. Once you've succesfully authenticated you should be redirected to the original page.

This is where I'm stumped. Sending the URL to redirect to can be done by adding it into the form action like so:

<form action="/j_spring_security_check?spring-security-redirect=${url}" method="POST">
     <...>
 </form>

The problem is that after this login fails spring-security redirects to the same page (it's set up to do that in the application context) and I have no way to retrieve the url I passed to spring-security-redirect. If this were accessing one of my own classes I would normally just pass it along as a hidden parameter in the form or a request parameter of my login controller. But since spring security is the one doing the redirection I'm a l开发者_开发技巧ittle lost.

So far the only solution I've come up with is trying to store this url in the sesssion, but then there's also no good way to remove it after a login completes succesfully. Any ideas?

If you use Spring Security 3.0, you can customize AuthenticationFailureHandler. For example, its default implementation can be configured to use forward instead of redirect.