Clever Geek Handbook

Show login dialog if not already authenticated

I have a home page with a login dialog. With my current spring security configuration, whenever I access a protected resource (not logged in yet) like '/ ticket / list', I was redirected to the main page. I think the interceptor redirected me to the login url defined in the config file.

The question arises:

  • Do I understand correctly? (I'm new to spring security)
  • I want to show a login dialog if the user is not yet logged in when the user accessed a protected resource. How can i do this? (I have a simple solution: make an AJAX request to check if the user is logged in. But that doesn't seem like the best solution.)

Here is my current spring security config file:

<?xml version="1.0" encoding="UTF-8" ?>
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns="http://www.springframework.org/schema/security"
    xmlns:oauth="http://www.springframework.org/schema/security/oauth"
    xsi:schemaLocation="http://www.springframework.org/schema/security 
                        http://www.springframework.org/schema/security/spring-security-4.0.xsd 
                        http://www.springframework.org/schema/security/oauth 
                        http://www.springframework.org/schema/security/spring-security-oauth.xsd 
                        http://www.springframework.org/schema/beans 
                        http://www.springframework.org/schema/beans/spring-beans-4.0.xsd">

<http pattern="/resources/**" security="none"/>

<!-- Form and Security Access Configuration -->
<http use-expressions="true" disable-url-rewriting="true" auto-config="false">
    <!-- <form-login/> -->
    <form-login login-page="/" login-processing-url="/login/perform"/>
    <logout logout-success-url="/"/>
    <remember-me/>

    <intercept-url pattern="/" access="permitAll" />
    <intercept-url pattern="/login" access="permitAll" />
    <intercept-url pattern="/ticket/*" access="isAuthenticated()" />
</http>

<b:bean id="userDetailsService" class="vn.web.security.UserDetailsServiceImpl"/>
<b:bean id="serviceBaseAuthenticationProvider" class="vn.web.security.ServiceBaseAuthenticationProvider"/>

<authentication-manager alias="authenticationManager">
    <authentication-provider ref="serviceBaseAuthenticationProvider"/>
</authentication-manager>

Thank.

+3


source to share


1 answer


What happens is Spring-Security takes the log data and feeds it to the provider or user authentication service, which should try to get the user data from your database, or whatever other solution you use. This should return whatever information the user needs to access the session, or tell Spring Security that the credentials were invalid, or even if the user account was denied.

In the negative case, the key is on this line:

<form-login login-page="/" login-processing-url="/login/perform"/>


This is reported by Spring Security, which redirects the url to your login page. You currently have this set for the context root, which is usually your home page. If you want to redirect to a webpage that contains only a registration form, you will need to create a jsp for it, add a method to the controller to map, and update your Spring-security config to match the method url handler in your controller, for example

<form-login login-page="/login" login-processing-url="/login/perform"/>
+2


source






More articles:


All Articles