Get original request url in Spring Security form-login page

spring-security

I have the following declared in my spring security configuration file (http://www.springframework.org/schema/security/spring-security-2.0.1.xsd):

<form-login login-page="/login.html" />

What Spring Security does is redirect the user to that page if they don't have the correct authentication credentials. How can I get the url of the page the user was trying to get to?

Best Answer

Original request is represented by the SavedRequest object, which can be accessed as a session attribute named SPRING_SECURITY_SAVED_REQUEST_KEY.

Related Solutions

Java – Spring 3.0 – Unable to locate Spring NamespaceHandler for XML schema namespace [http://www.springframework.org/schema/security]

I needed to add an additional Maven dependency:

    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-config</artifactId>
        <version>3.0.1.RELEASE</version>
    </dependency>

Spring Security with Openid and Database Integration

As I see that question text itself contains the answer. I am just pulling it out and posting it as the answer for the sake of clarity to other developers with the same problem. It took me a while to figure out that question has the answer!

To access user email & name, you need to add below configuration in the security xml file.

<security:attribute-exchange identifier-match="https://www.google.com/.*">
    <security:openid-attribute name="email" type="http://schema.openid.net/contact/email" required="true" />
    <security:openid-attribute name="firstName" type="http://axschema.org/namePerson/first" required="true" />
    <security:openid-attribute name="lastName" type="http://axschema.org/namePerson/last" required="true" />
</security:attribute-exchange>
<security:attribute-exchange identifier-match=".*yahoo.com.*">
    <security:openid-attribute name="email" type="http://axschema.org/contact/email" required="true"/>
    <security:openid-attribute name="fullname" type="http://axschema.org/namePerson" required="true" />
</security:attribute-exchange>

Thereafter, it will be accessible in the AuthenticationUserDetailsService class, as shown below.

public UserDetails loadUserDetails(OpenIDAuthenticationToken token) {
    String id = token.getIdentityUrl();
        :
        :
    List attributes = token.getAttributes();
    for (OpenIDAttribute attribute : attributes) {
        if (attribute.getName().equals("email")) {
            email = attribute.getValues().get(0);
        }
        if (attribute.getName().equals("firstName")) {
            firstName = attribute.getValues().get(0);
        }
        if (attribute.getName().equals("lastName")) {
            lastName = attribute.getValues().get(0);
        }
        if (attribute.getName().equals("fullname")) {
            fullName = attribute.getValues().get(0);
        }
    }
        :
        :
    // form and return user object
}

Considering that we use more of Java-based configuration/beans now, translating these XML configuration to Java-based configuration shouldn't be a problem.

Hope it helps.

Best Answer

Related Solutions

Java – Spring 3.0 – Unable to locate Spring NamespaceHandler for XML schema namespace [http://www.springframework.org/schema/security]

Spring Security with Openid and Database Integration

Related Topic