4

In my web app, I have a the login/registration part as bootstrap modals that appears when the login icon in the header is clicked. I'm trying to configure this in spring security, but I see that I have to return a page in config method:

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .formLogin().loginPage("/login")
        .and()
        ...
}

My question is how to properly implement a modal to be the login page instead of a full html page. I'm using spring mvc 4 with spring security 4 and thymeleaf

In my header in the html pages:

<div class="col-xs-7 col-sm-4">
    <div class="top-social-last top-dark pull-right"
         data-toggle="tooltip" data-placement="bottom"
         title="Login/Register">
        <a class="top-icon-circle" href="#login-modal"
           data-toggle="modal">
            <i class="fa fa-lock"></i>
        </a>
    </div>
    <!-- social icons -->
</div>

This header and the modal implementaion is shared as a fragment that is included in all pages (long code for modal so I didn't copy it here).

Now there are certain requests that requires login so I have to add a login page in security config that these requests should be redirected to, but I don't have a page, I just have this modal that is shared as a fragment among all pages. I think I'm not doing it right, so if anyone can please show me how to work with modals in spring security.

For example, in airbnb site, if you want to like an advertisement and not logged in, a modal pops up instead of redirecting to a page.

Mahozad
  • 18,032
  • 13
  • 118
  • 133
M.R.M
  • 540
  • 1
  • 13
  • 30
  • 1
    can you tell us what have you tried so far.can you post some code about the issue you are facing in implementing it – Robert Ellis Jun 11 '16 at 11:00

2 Answers2

1

You have to create login modal in bootstrap and just show it when someone click on login button. Your login modal should contain standard login form in <form> tags. After clicking submit button form should redirect user to th:action="@{/j_spring_security_check}" and that's all.

Jakub Pomykała
  • 2,082
  • 3
  • 27
  • 58
  • yeah, this is not a problem .. but in spring security, I want to intercept certain requests that requires login and redirect the user to this modal .. but the security config requires a page not a modal .. so how can I do that (for example, in airbnb site, if you want to like an advertisement and not logged in, a modal pops up instead of redirecting to a page) – M.R.M Jun 11 '16 at 11:55
  • So you want to open model if some one go to for example `http://domain.com/need-login-to-view`? instead of redirecting to login page, yup? – Jakub Pomykała Jun 11 '16 at 12:16
  • exactly .. just a modal instead of a page – M.R.M Jun 11 '16 at 12:17
  • So you should redirect to for example your home page and pass in parameter that you want to show modal. `loginPage("/?needLogin=1")` and show modal if there is parameter `needLogin=1` – Jakub Pomykała Jun 11 '16 at 12:18
  • can i redirect to the current page? I don't want the user to go to another page? is it possible in spring security config? – M.R.M Jun 11 '16 at 12:20
  • Server side HTML generator are not userfriendly in that situations. Of course you can do it by making eg interceptor and checking is someone is trying go to restricted page and return him the same view which he come from but it's quite troublesome. – Jakub Pomykała Jun 11 '16 at 12:29
  • aha thx .. then maybe it's better to make it a page since I have very complicated urls and links, instead of complicating things with interceptors .. thx a lot – M.R.M Jun 11 '16 at 12:33
  • If my answers helped you in someway you can give me some points. I recommend to build REST API and create angular application if you want to build more complex views. – Jakub Pomykała Jun 11 '16 at 12:39
  • sure thing ^_^ .. and as for angular, I don't have time to learn a new framework but surely in future projects I'll consider it. – M.R.M Jun 11 '16 at 12:48
1

1.you will need a custom implementation of spring security login ,FilterChainProxy and you have to put this modal in every page i would put this in the footer section or put this in header section since you have already have this in fragment .

2.when ever a secure url gets accessed check for the principal session if this request is not in the session you could return a error code if it is ajax request for this you need a filter and redirect to page when it is not a ajax request to the authentication manager where you can show the modal on page load.

what you need exaclty is a preauth filter for achieving this.take a look at the following link preauth filter

Community
  • 1
  • 1
Robert Ellis
  • 714
  • 6
  • 19