Spring Security
  1. Spring Security
  2. SEC-1498

An absolute URL does not work for property loginFormUrl in LoginUrlAuthenticationEntryPoint

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Complete
    • Affects Version/s: 3.0.2
    • Fix Version/s: 3.1.0.M1
    • Component/s: Web
    • Labels:
      None
    • Environment:
      Windows XP, Spring Security 3.0.2, Java 1.6_18, tc server v6.0

      Description

      An absolute URL does not work when used as the login page using the security namespace http.

      <http>
      <form-login login-page"http://foo.com/login" />
      </http>

      If my app is at http://localhost:8080/webapp. the resulting url will be http://localhost:8080/webapphttp://foo.com/login

      Looking through the code, the problem lies in the method: LoginUrlAuthenticationEntryPoint.buildRedirectUrlToLoginPage.

      As a workaround for now, I could subclass LoginUrlAuthenticationEntryPoint, override the buildRedirectUrlToLoginPage method, and then use an explicit bean rather than the security namespace config.

        Activity

        Hide
        Luke Taylor added a comment - - edited

        This isn't a bug - the Javadoc for LoginUrlAuthenticationEntryPoint is clear that the loginFormUrl is relative to the application context path.

        Show
        Luke Taylor added a comment - - edited This isn't a bug - the Javadoc for LoginUrlAuthenticationEntryPoint is clear that the loginFormUrl is relative to the application context path.
        Hide
        Simon Lam added a comment -

        Oops, I missed that in the javadoc. I based this on the fact that in the afterPropertiesSet(), a URL starting with "http" is accepted. My mistake.

        Show
        Simon Lam added a comment - Oops, I missed that in the javadoc. I based this on the fact that in the afterPropertiesSet(), a URL starting with "http" is accepted. My mistake.
        Hide
        Luke Taylor added a comment -

        I've added support for absolute URLs.

        Show
        Luke Taylor added a comment - I've added support for absolute URLs.

          People

          • Assignee:
            Luke Taylor
            Reporter:
            Simon Lam
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: