How to made Spring Security to redirect to specified path after Authentation -


its first attempt spring security, final solution question may easy. so... have index page, has sign in form: 

<form name="loginform" action="login.html" method="post"> <table>     <tr>         <td><@spring.message "form.email" /></td>         <td><input type="text" name="email" /></td>     </tr>     <tr>         <td><@spring.message "form.password" /></td>         <td><input type="password" name="password" /></td     </tr> </table>     <input type="submit" value="${signin}" /> </form> <form name="" action="createaccount.html">     <input type="submit" value="${register}" /> </form>

when im post request, handled controller. in controller retrieve useraccount data db , pass page called "account.html".

this controller method posted below: 

@requestmapping(value = "/login", method = requestmethod.post)     public string loguseraccount(@requestparam(value = "email", required = false) string email,             @requestparam(value = "password", required = false) string password, redirectattributes redirect) {         try {              useraccount useraccount = useraccountservice.signin(email, password);             redirect.addflashattribute("useraccount", useraccount);              return "redirect:account.html";          } catch (invalidcreditnailsexception e) {             return redirectcontroller.redirect_to_index_view;         }     }

and next controller method, put user account data model , render account.html page: 

@requestmapping(value = "/account", method = requestmethod.get)     public string accountwindow(@modelattribute("useraccount") useraccount useraccount, model model){         model.addattribute("useraccount", useraccount);         return "account";     }

now, want secure account.html page, preventing non authorized users go directly /account.html page. configuration of spring security not correct. looks this: 

<security:http>         <security:intercept-url pattern="/account**" access="role_user" />         <security:form-login             login-page="/index.html"             login-processing-url="/login.html"             default-target-url="/account.html"             username-parameter="email"             password-parameter="password"           />         <security:logout />     </security:http>      <security:authentication-manager>         <security:authentication-provider>             <security:user-service>                 <security:user name="test@gmail.com" password="qwerty" authorities="role_user"/>             </security:user-service>         </security:authentication-provider>     </security:authentication-manager>

what actually? when im trying access /account.html directly redirect me index.html have sign in form. thats fine. when im log in spring security redirect me directly /account.html page, instead of sending /login.html request login controller retrieve user data.

how set this> ideas? maybe approach not correct? want index , register page available guests. rest of page logged users.

thank help.

sounds need user account current context because logged in. example: log in, close browser, open new browser window, , navigation /account.html. should still able reach /account.html because have active session on server.

you may want consider doing following in accountcontroller:

retrieve authenticated user:

authentication auth = securitycontextholder().getcontext().getauthentication();

get user's username:

string username = auth.getname();

get user's account object:

useraccount useraccount = userservice.getaccount(username);

alternatively, can add principal argument accountcontroller automatically inject principal.

@requestmapping(value = "/account", method = requestmethod.get) public string accountwindow(model model, principal principal){     useraccount useraccount = userservice.getaccount(principal.getname());     model.addattribute("useraccount", useraccount);     return "account"; }

Comments

Post a Comment

Popular posts from this blog

php - Wordpress website dashboard page or post editor content is not showing but front end data is showing properly -

Image
recently have uploaded wordpress site onto server. have uploaded wordpress site in sub-folder under root folder ../root(domain root folder)/wordpress (where host wordpress folder). now problem content data in page or post in dashboard of wordpress admin panel not showing - see image. but data showing in front view - see image. if not browser cache issue , not issue happened tinymce editor during upgrade; try add config file: define('concatenate_scripts', false);
Read more

How to get the ip address of VM and use it to configure SSH connection dynamically in Ansible -

i trying ip address of vm , trying use establish ssh vm. following script: --- - hosts: localhost become: yes connection: local gather_facts: false serial: 1 vars_files: - createvmvars.yml tasks: - name: gathering vm info. vsphere_guest: vcenter_hostname: "{{vcenter_hostname}}" username: "{{vcenter_username}}" password: "{{vcenter_password}}" guest: "{{guest_name}}" vmware_guest_facts: yes register: var - debug: msg="{{var.ansible_facts.hw_eth0.ipaddresses[0]}}" - name: establishing ssh connection. script: /home/shasha/devops/scripts/ssh_configure.sh "{{var.ansible_facts.hw_eth0.ipaddresses[0]}}" following content of ssh_configure.sh : #!/bin/sh ssh-keygen -t rsa ssh-copy-id $1 but when running playbook, getting following error while executing third task: error! 'var' undefined but debug module(second task) printin
Read more

javascript - Get parameter of GET request -

i make request: createxhrrequest( "get", fileurl, function( err, response ) { if( err ) { alert( "error get!" ); } alert(response); }); and full response: { "status" : "ok", "message" : "jvberi0xljqkjdduxdgkmy how can jvberi0xlj ? i try response.message , response["message"]. nothing works. just simple access this: var json = json.parse(response); json.message
Read more