Menu
I have Spring MVC + Spring Security project.
<http auto-config="true" access-denied-page="/security/accessDenied" use-expressions="true" disable-url-rewriting="true">
...
<intercept-url pattern="/dashboard/myaccount/**" access="hasAnyRole('ROLE_PERSON', 'ROLE_DEALER')"/>
...
<form-login login-page="/security/login" authentication-failure-url="/security/login?error=true"
default-target-url="/security/success" username-parameter="email"
password-parameter="secret"/>
<logout invalidate-session="true" logout-success-url="/index" logout-url="/security/logout"/>
If a user goes to login page, if successful will be redirected to "/security/success" where I do more stuff in the controller with the session object (record userID, ...etc)
My problem is when an GUEST user is going to /dashboard/myaccount (which requires AUTH), he is being redirected to LOGIN page (Which I don't want, I prefer a 404 thrown). After that Spring Security is not redirecting to /security/success. Instead is redirected to /dashboard/myaccount.
I would prefer to find a way to disable completely this redirection to login page in case of GUEST trying to access a AUTH page.
Is any way to do this?
Tnx
407
In this configuration Spring Security will render a default log in page. Most production applications will require a custom log in form. The configuration below demonstrates how to provide a custom log in form. public SecurityFilterChain filterChain(HttpSecurity http) { http .
To disable Security Auto-Configuration and add our own configuration, we need to exclude the SecurityAutoConfiguration class from auto-configuration. If you have spring-boot-actuator included in your dependecies then you need to exclude ManagementWebSecurityAutoConfiguration class from auto-configuration.
Found this: always-use-default-target="true"
I this way, my controller function is always invoked after any login.
155
In annotated configuration in SpringSecurity 4 you can do:
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// ....
http.exceptionHandling().authenticationEntryPoint(new AuthenticationEntryPoint() {
@Override
public void commence(HttpServletRequest request, HttpServletResponse response,
AuthenticationException authException) throws IOException, ServletException {
if (authException != null) {
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
response.getWriter().print("Unauthorizated....");
}
}
});
// ....
}
}
33
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
