0

I want to redirect users to the last visited page if session expired due to long interval.

However, I got the URL through referrer attribute and also from front-end js file I send to the controller but still the controller is not able to redirect the request to the last visited url. Instead, it always redirects to the default URL: Login.js

var comesFromUrl  = document.referrer,
                    mySiteDomain = document.domain;
                    last_location = comesFromUrl,
                        current_location = document.URL;

                    // Check if cookie exists and if its value is not the current location
                    if(typeof last_location !== "undefined"
                       && last_location !== current_location) {
                        // Here is possible to choose if remove the cookie or refresh it. It's up to you.

                        window.location.href = last_location;
                    }


                    this.sendNotification( publicLogin.ApplicationFacade.LOGIN_SUCCESS);

This is my successhandler class.

public void onAuthenticationSuccess(HttpServletRequest request,
            HttpServletResponse response, Authentication authentication)
            throws IOException, ServletException {
response.setHeader("Cache-Control", "no-cache,no-store,must-revalidate");
        response.setHeader("Pragma", "no-cache");
        response.setDateHeader("Expires", -1);
        Object obj = authentication.getDetails();
        if (obj instanceof PublicUserInfo) {
            PublicUserInfo objUser = (PublicUserInfo) obj;

            String cookieData = "userId|~~~" + objUser.getGuid() + "|~~~|instituteId|~~~" + objUser.getInstitutionId();

            Cookie ck= new Cookie("user_info", cookieData);

            ck.setPath("/");
            response.addCookie(ck);
}

This is my controller class

@RequestMapping(method = RequestMethod.GET, value = "/userlogin/iscaptcharequired.json")
    public ModelAndView isCaptchaRequired(HttpServletRequest objServletRequest,
            HttpServletResponse objServletRespose) {
        // Setting response header to tell client browser not to cache anything.
        objServletRespose.setHeader("Cache-Control",
                "no-cache,no-store,must-revalidate");
        objServletRespose.setHeader("Pragma", "no-cache");
        objServletRespose.setDateHeader("Expires", -1);
        String referrer = objServletRequest.getHeader("Referer");

            objServletRequest.getSession().setAttribute("url_prior_login", referrer);
}

This is my security-config.xml file

<sec:filter-chain pattern="/service/**"
                filters="publicSecurityContextPersistenceFilter, 
                    concurrentSessionFilter,
                    publicLogoutFilter,
                    SSOAutoLoginGatewayFilter, 
                    myNePublicUserNamePasswordAuthFilter, 
                    publicAnonymousFilter, 
                    publicExceptionTranslationFilter, 
                    publicFilterSecurityInterceptor" />
<bean id="myNePublicUserNamePasswordAuthFilter"
        class="com.ne.mynelson.authentication.publicuser.MyNePublicUserPasswordAuthFilter">
        <property name="filterProcessesUrl" value="/service/json_authentication_check"></property>
        <property name="authenticationManager" ref="myNePublicUserAuthenticationManager" />
        <property name="authenticationFailureHandler" ref="failureHandler" />
        <property name="authenticationSuccessHandler" ref="successHandler" />
        <property name="authenticationInputProcessor" ref="myNePublicUserAuthInputProcessor"></property>
    </bean>
<bean id="successHandler"
        class="com.ne.mynelson.authentication.publicuser.MyNePublicUserAuthSuccessHandler">
        <property name="authHandlerView" ref="authHandlerView"></property>
        <property name="sessionRegistry" ref="sessionRegistry"></property>
        <property name="publicLoginManager" ref="publicLoginManager"></property>
    </bean>
<bean id="concurrentSessionFilter" class="com.magic.spring.security.ConcurrentSessionFilter">
        <property name="sessionRegistry">
            <ref bean="sessionRegistry" />
        </property>
        <property name="expiredUrl" value="/webapp/staticcontent/html/PublicLogin.html" />
        <property name="logoutHandlers">
            <list>
                <ref bean="publicUserSessionCleanupLogoutHandler" />
                <ref bean="rememberMeServices" /> 
                <ref bean="publicSecurityContextLogoutHandler" />
            </list>
        </property>
    </bean>
Micho
  • 3,929
  • 13
  • 37
  • 40
Sudhir Ranjan Rout
  • 1
  • 2

1 Answers1

1

Add to your spring-security.xml somthing like this

<sec:session-management invalid-session-url="/login">
        <sec:concurrency-control expired-url="/expired-page-url" />
</sec:session-management>

UPDATE:

Read this Spring Security redirect to previous page after successful login

You need SavedRequestAwareAuthenticationSuccessHandler

From javadoc

 * An authentication success strategy which can make use of the
 * {@link org.springframework.security.web.savedrequest.DefaultSavedRequest} which may have been stored in the session by the
 * {@link ExceptionTranslationFilter}. When such a request is intercepted and requires
 * authentication, the request data is stored to record the original destination before
 * the authentication process commenced, and to allow the request to be reconstructed when
 * a redirect to the same URL occurs. This class is responsible for performing the
 * redirect to the original URL if appropriate.
Community
  • 1
  • 1
StanislavL
  • 56,971
  • 9
  • 68
  • 98