New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for login page when integration with Spring Security #19
Comments
Try to use the new 'loginPage' attribute on hdiv:config. <hdiv:config errorPage="/error.jsp" loginPage="/login.html" Regards |
Hi Gillarramendi, The login page works when the session expires automatically. It doesn't work in the following scenario.
I set the log level to trace and following are the logs! [DEBUG] http-bio-7780-exec-9 09:57:58 New ResponseWrapper instance. |
Hi Gillarramendi, I have fixed it. Can you do the review as I am not sure if this breaks any other functionality. The changes are as follows: ValidatorHelperRequest.java 127 +++ public boolean validate(HttpServletRequest request) throws HDIVException { 127 ----- public boolean validate(HttpServletRequest request) { 165 +++ IState state = null; 166 ----- IState state = this.restoreState(request, target); 531 +++ private IState restoreState(HttpServletRequest request, String target) throws HDIVException { 526 ----- private IState restoreState(HttpServletRequest request, String target) throws HDIVException { 564 +++ if(e.getMessage().contains("not found in session")) { ValidatorFilter.java 32 +++ import org.hdiv.exception.HDIVException; 120 +++ boolean sessionExpired = false; 144 +++ try { 156 +++ if (sessionExpired || session == null || session.isNew()) { 156 ----- if (session == null || session.isNew()) { |
Hi, Currently, I am refactoring error handling code to get more flexible solution. We want to differentiate logged and not logged users in 'session expired' error, to send ones to login page and the other to the home. Regards |
I haven't committed the change. I am using it locally! |
There are two new attributes on configuration: To define error pages showed on session expiration cases. |
I have integrated spring-security into my application. HDIV integration is done on top of it.
When the session expires, if HDIV is not integrated, upon accessing any URL, the redirection happens to the login page. But when HDIV is integrated with the application , the redirection happens to the error page configured in hdiv-config.xml,
I thin the redirection to error page should be only when there URL is tampered, when the session expires it should be redirected to the login page.
The text was updated successfully, but these errors were encountered: