0

I'm using Spring Security 3 to authenticate users and I'm using a form in a pop-up to allow users to enter their credentials. I'm using Ajax to process the login. The logging in process works great, however I cannot get Spring Security to redirect the to the success/failure handlers specified in my configuration. Instead, it always returns the home page for the site (home.do). I know Spring Security is authenticating users correctly because, when I reload my page, links that are hidden if the user isn't authenticated are present (whereas they weren't before, obviously).

Anyone have any ideas as to why this is happening? My configuration is below. Let me know if any more information is needed.

authentication-config.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:security="http://www.springframework.org/schema/security"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
                http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                http://www.springframework.org/schema/security
                http://www.springframework.org/schema/security/spring-security-3.0.3.xsd">

    <bean id="customUserDetailsService" class="com.mydomain.services.AuthenticationService">
        <property name="userDAO">
            <bean class="com.mydomain.dao.UserDAOImpl" />
        </property>
    </bean>

    <security:http auto-config='true' use-expressions="true">
        <security:http-basic />
        <security:logout logout-url="/logout"
            logout-success-url="/home.do" />
        <security:session-management
            invalid-session-url="/sessionTimeout.htm" />
    </security:http>

    <security:authentication-manager alias="authenticationManager">
        <security:authentication-provider
            user-service-ref='customUserDetailsService'>
        </security:authentication-provider>
    </security:authentication-manager>

    <bean id="authenticationFilter"
        class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
        <property name="filterProcessesUrl" value="/j_spring_security_check" />
        <property name="authenticationManager" ref="authenticationManager" />
        <property name="authenticationFailureHandler" ref="failureHandler" />
        <property name="authenticationSuccessHandler" ref="successHandler" />
    </bean> 

    <bean id="successHandler"
        class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
            <property name="alwaysUseDefaultTargetUrl" value="false"/>
        <property name="defaultTargetUrl" value="/loginSuccess.do" />
    </bean>

    <bean id="failureHandler"
        class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
        <property name="defaultFailureUrl" value="/login.jsp" />
    </bean>
</beans>

web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
    version="2.5">
    <display-name>MyWebApp</display-name>
    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
            classpath:services-config.xml
            classpath:authentication-config.xml
        </param-value>
    </context-param>
    <welcome-file-list>
        <welcome-file>home.do</welcome-file>
    </welcome-file-list>
    <servlet>
        <servlet-name>myServlet</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    </servlet>
    <servlet-mapping>
        <servlet-name>myServlet</servlet-name>
        <url-pattern>*.do</url-pattern>
    </servlet-mapping>
    <servlet>
        <servlet-name>Resource Servlet</servlet-name>
        <servlet-class>org.springframework.js.resource.ResourceServlet</servlet-class>
    </servlet>
    <!-- Map all /resources requests to the Resource Servlet for handling -->
    <servlet-mapping>
        <servlet-name>Resource Servlet</servlet-name>
        <url-pattern>/resources/*</url-pattern>
    </servlet-mapping>

    <!--  security configuration -->
    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    <!-- end of security configuration -->

</web-app>
threejeez
  • 2,314
  • 6
  • 30
  • 51

1 Answers1

0

The XHR is getting a redirect back and following it.

See the answers to this question for examples of what to do next.

Community
  • 1
  • 1
sourcedelica
  • 23,940
  • 7
  • 66
  • 74
  • Thank you very much for your reply. I'm not sure that's what's going on. The data that's returned is the entire text of home.do (and I'm not even on home.do... I'm logging in from an inner page). Also, the response code is 200, not one of the others mentioned on the post you suggested. Furthermore, I tried using the form login and, while the login is again a success, I just get directed back to home.do. No redirect happens even when left up to the browser. Naturally, I could be wrong... it's happened before! – threejeez Jun 24 '11 at 01:46