We use Spring Security 2.0.7 :=( in our application.
Spring Security implements the following feature: when an unauthenticated user access page X, the following happens:
In my application, for reasons beyond my control, this is not the desired behavior. We want to land on the target page of the login form no matter what the page that the user tried to access.
Q: Is it possible to disable this feature of Spring Security and how ?
I suppose one of the filters of the standard filter chain is doing this, but I could not identify which.
Securing the URLs The most common methods are: authenticated(): This is the URL you want to protect, and requires the user to login. permitAll(): This is used for URL's with no security applied for example css, javascript. hasRole(String role): Restrict to single role.
You can apply this filter to the routes that need authentication. Route::filter('auth', function() { if (Auth::guest()) { return Redirect::guest('login'); } }); What this method basically does it's to store the page you were trying to visit and it is redirects you to the login page. return Redirect::intended();
Try modifying always-use-default-target="true"
in the of your Spring Security Configuration xml file.
The default value is false
, and leads to the behavior you describe.
Example:
<form-login
login-page="/login.html"
authentication-failure-url="/login.html?status=LOGIN_FAILURE"
default-target-url="/index.html"
always-use-default-target="true" />
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With