This week's book giveaway is in the OCPJP forum. We're giving away four copies of OCA/OCP Java SE 7 Programmer I & II Study Guide and have Kathy Sierra & Bert Bates on-line! See this thread for details.
i am working on Spring security and i have an issue where after successfulAuthentication the request is not being passed to the sucesshandler url
i have my own CustomAuthenticationProcessingFilter which extends UsernamePasswordAuthenticationFilter and added two overridden methods as seen below
Below is my spring security configuration
When the user submits the login form the request comes to these overridden methods and we create all necessary cookies but the request is not delegated to the url mentioned in successHandler
in the browser window the request comes back to
http://myhost:8080/j_security_check with a blank screen
just to add my login form submit action url is
<s:form action="/j_spring_security_check" method="post" id="form1" name="form1">
Thats one problem
The other problem i have is for example the first time when i go to secure page for example
http://domian:8080/era/secure/MyAccount.load.action the request gets intercepted and i see login page, i enter my username and password and the request comes to attemptAuthentication and i see we create the correct user object with granted authority as ROLE_USER
return new org.springframework.security.core.userdetails.User(user.getEmail(),
user.getNewPassword(), notPending, true, true, notDisabled, grantedAuthcollection)
and i also see the jSESSION cookie created.
Yeah, that line is important Glad you got it figured out. Thanks for posting back.
Joined: May 12, 2008
i am faced with some new issue where i am not able to see the cookie created in the same request.
when i hit this url the first time
As is said before it routes me to login page i enter my login info and in the successfulAuthentication method we create some cookie.
After login, spring now directs the request comes to MyAccount.load.action i am trying to get that cookie but its not available, since its the same request. Hence Myaccount.load.action class does not find the cookie and we have written some code to redirect back to login screen. once the request gets complete i see the cookie now.
How is it possible to make the Myaccount.load.action class to see the cookie in the same request flow after user is logged in.
Joined: May 12, 2008
Just to add in order to fix this i implemented my own DefaultRedirectStrategy, but still no luck
The below is my code where i redirect the request, so i assume when the contorl goes to myaccount action class the cookie should be present but still not the case, any advice.