Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Spring Security - Retaining URL parameters on redirect to login

Tags:

ok.

lets say I have a secure url pattern

/secure/link-profile

optionally, there can be url paramaters appended.

/secure/link-profile?firstName=Bob&secondName=Smith&membershipNumber=1234

how can I make it so that those url params are carried over to the login page?

/login?firstName=Bob&secondName=Smith&membershipNumber=1234

the basic premise is that we offer rewards integration with a 3rd party, who will send their users to us. They will be taken to a page to link their 3rd party account/profile with their/our website user. If however, they dont have an existing account with us, then on the login page, they will go to the signup page, and we would then like to prepopulate some of their details that the 3rd party has passed on to us.

thanks in advance

spring security 2.0.7.RELEASE spring framework 3.1.1.RELEASE

like image 645
kabal Avatar asked Jan 11 '13 16:01

kabal

People also ask

How do I redirect a requested URL after login?

The most common ways to implement redirection logic after login are: using HTTP Referer header. saving the original request in the session. appending original URL to the redirected login URL.

2 Answers

See the method buildRedirectUrlToLoginPage(HttpServletRequest request, ...) in LoginUrlAuthenticationEntryPoint.

If I understood correctly what you want to achieve, I think it should be enough to override this method in a sublclass, copy the original method, but additionally call urlBuilder.setQuery(request.getQueryString()) when it builds the url.

Then you only need to configure the ExceptionTranslationFilter with this customized entry point.

like image 171
zagyi Avatar answered Sep 26 '22 03:09

zagyi

as per @zagyi's response I just overrode a method in my existing extension of AuthenticationProcessingFilterEntryPoint

the method to override is protected String determineUrlToUseForThisRequest(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) which is called by buildRedirectUrlToLoginPage(..

@Override protected String determineUrlToUseForThisRequest(HttpServletRequest request, HttpServletResponse response,         AuthenticationException exception) {     String url = super.determineUrlToUseForThisRequest(request, response, exception);     return url + "?" + request.getQueryString(); }

obviously that could be improved to also use a builder of sorts, catering for an existing query string on the url, but at this time I know my login url is always /login/, so this is fine for my purposes

like image 29
kabal Avatar answered Sep 23 '22 03:09

kabal
Sign in to Comment

Related questions

(Missing) performance improvements with C++11 move semantics
How to make the NSOperationQueue serial? [closed]
Changing "Publisher" information for a ".exe" file
How to pause, and resume a TimerTask/ Timer
Context-free grammar for C
Query Performance INNER JOIN ON AND comparison
How is source port for HTTP determined? Is there ever collision in NAT? [closed]
How to learn and use OpenGL ES 2.0? I just don't get it - serious Qn. [closed]
jQuery .hasClass() method fails for SVG elements
What is the Difference between GetBlobReference and GetBlobReferenceFromServer?
SignalR with Self-Signed SSL and Self-Host
Best practice android:onClick XML attribute or setOnClickListener? [duplicate]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!