Spring Security Always Redirecting to "/" After Login

Question

I added Spring Security Kerberos to my application and I implemented a form login in case the user is not logged in to the domain or the browser does not support SSO. The only problem with this is that after successful login the user is not redirected to the original page, they are instead redirected to the default "/". Below you can find my configuration, what am I missing please?

@Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .headers().frameOptions().disable()
                .and()
                .exceptionHandling().accessDeniedPage("/login")
                .authenticationEntryPoint(spnegoEntryPoint())
                .and()
                .authorizeRequests()
                .regexMatchers("^\\S*.js|\\S*.css$").permitAll()
                .anyRequest().hasAnyAuthority("APP USER")
                .and()
                .logout()
                .permitAll()
                .and()
                .formLogin().loginPage("login").loginProcessingUrl("/spnego_login").permitAll()
                .and()
                .rememberMe().rememberMeServices(rememberMeServices()).key(KEY)
                .and()
                .addFilterBefore(
                        spnegoAuthenticationProcessingFilter(authenticationManagerBean()),
                        BasicAuthenticationFilter.class)
                .csrf().disable();
    }

Login Page

<form class="form-signin" action="/spnego_login" method="post" accept-charset=utf-8>
            <h2 class="form-signin-heading">Please Log In Manually</h2>
            <label for="inputEmail" class="sr-only">Username</label>
            <input type="text" id="inputEmail" class="form-control" placeholder="username" name="username" required autofocus>
            <label for="inputPassword" class="sr-only">Password</label>
            <input type="password" id="inputPassword" class="form-control" placeholder="Password" name="password" required>
            <button class="btn btn-lg btn-primary btn-block" type="submit">Sign in</button>
        </form>

UPDATE I tried using SavedRequestAwareAuthenticationSuccessHandler as recommended but it turns out that the previous URL is not found in the Cache. Therefore, the success handler always defaults.

Possible duplicate of [Spring Security redirect to previous page after succesful login](http://stackoverflow.com/questions/14573654/spring-security-redirect-to-previous-page-after-succesful-login) — OrangeDog, May 20 '16 at 14:06

score 1 · Accepted Answer · answered May 25 '16 at 05:59

1

After setting the login page URL and the login process URL as the same URL the redirection started working correctly

answered May 25 '16 at 05:59

Samantha Catania

5,116
5
39
69

score -1 · Answer 2 · answered May 20 '16 at 14:08

this configuration works so fine for me

@Configuration
@EnableWebSecurity
@EnableWebMvcSecurity
public class SecurityConfigurations extends WebSecurityConfigurerAdapter {

    @Autowired
    DataSource dataSource;

    @Autowired
    public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {

          auth.jdbcAuthentication().dataSource(dataSource)
            .usersByUsernameQuery(
                "select login,password,enabled from users where login=?")
            .authoritiesByUsernameQuery(
                "select u.login,r.role from roles as r , users as u where u.id=r.user_id and u.login=?");
        }

    @Override
    protected void configure(HttpSecurity http) throws Exception   {

      http.authorizeRequests()
        .antMatchers("/index").access("hasRole('ROLE_USER')")
        .and()
          .formLogin().loginProcessingUrl("/j_spring_security_check").loginPage("/login").failureUrl("/login?error")
          .usernameParameter("login").passwordParameter("password")
        .and()
          .logout().logoutSuccessUrl("/login").and()
          .csrf();
    }

}

jsp form :

<form method="POST" action="j_spring_security_check" >

              <input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />

                <div class="form-group">
                  <input type="text" class="form-control material" name="login" autofocus="autofocus">
                </div>
                <div class="form-group">
                  <input type="password" class="form-control material" name="password" >
                </div>

                <button type="submit" class="btn btn-block btn-info text-uppercase waves waves-effect waves-float">Login</button>

              </form>

Spring Security Always Redirecting to "/" After Login

2 Answers2