Currently prototyping a new application with Spring boot & Spring security we have put in place working solution for our authentication.
To simplify, on each call we use Spring Security to test if a JWT token exists in the cookies and is valid.
If not, we redirect to another URL where we perform SSO with Kerberos (With a fallback to Basic authentication if SSO is not working) then we redirect back to the original with a new JWT token set in the cookies.
The current solution that we use is to add a "redirect" parameter when redirecting to the authentication URL, as well as the paramters :
RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
redirectStrategy.sendRedirect(request, response, "/auth/token?redirect=" + request.getServletPath() + "&" + request.getQueryString());
Then in the authentication URL, when the authentication is successful, we redirect back to the original "redirect" URL :
CookiesUtils.setCookie(request, response, Constants.JWT_COOKIE_ACCESS, principal.getToken());
RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
redirectStrategy.sendRedirect(request, response, request.getParameter("redirect") + "?" + request.getQueryString());
This is only working with GET parameters but the original call can be of any type, even a POST with upload data.
So I was wondering: is it possible to just put something in the redirect to force the browser to redo the previous call?
Any other solution is welcome of course ! :-)
