Menu
I have a Grails application with spring-security-core plugin and Atmosphere framework.
If I log out from a page that has opened a WebSocket connection, then Spring Security keeps the URL of the WebSocket connection as SavedRequest.
DEBUG savedrequest.HttpSessionRequestCache - DefaultSavedRequest added to Session: DefaultSavedRequest[http://localhost:8080/formx/formX/update]
DEBUG savedrequest.HttpSessionRequestCache - DefaultSavedRequest added to Session: DefaultSavedRequest[http://localhost:8080/formx/formX/notifications/?X-Atmosphere-Transport=close&X-Atmosphere-tracking-id=b5d8fde4-d950-41fd-9b49-02e06799a36f&conversationId=988080042]
The first entry in the log has the correct value for SavedRequest, but somehow it is overwritten by the Atmosphere WebSocket connection.
How do I tell Spring Security to not use the Atmosphere WebSocket connection as SavedRequest?
I guess I can use some Atmosphere Protocol Specific Header to distinguish connections.
755
In Java config you can set the RequestMatcher - then it's easy.
In WebSecurityConfigurerAdapter:
protected void configure(HttpSecurity http) {
HttpSessionRequestCache cache = new HttpSessionRequestCache(); //this one is used by default
cache.setRequestMatcher(AnyRequestMatcher.INSTANCE); //change the request matcher, so it do not match your Atmosphere requests
http.requestCache().requestCache(cache);
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
