Spring security re-authentication on some pages
2 answers
If you are using session based authentication. You can use something like this for this:
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.rememberMe()
.and()
.authorizeRequests()
.anyRequest().permitAll()
.and()
.formLogin()
.loginPage("/logout")
.loginProcessingUrl("/j_spring_security_check")
.defaultSuccessUrl("/my-profile")
.usernameParameter("username")
.passwordParameter("password")
.failureUrl("/login?error")
.and()
.logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/login?logout").deleteCookies("JSESSIONID")
.invalidateHttpSession(true);
}
Spring Security is automatically redirected to the login page if the user doesn't delay the request. So to redirect to .loginPage("/logout")
logout and then redirect to login page after logout.logoutSuccessUrl("/login?logout")
+1
source to share