Natalia Zinoviev (Migrated from SEC-1067) said:
I’ve attached a war to demostrate the problem, most of it is exactly the same as the sample tutorial war, all I’ve done is add a new page /secure/another-page.jsp
Steps to demonstrate problem:
1. user tries to go to a secured resource, e.g.
2. user is re-directed to login page
3. user logs in
4. user is redirected to
I’ve also submitted a post about this issue:
Blake Pettersson said:
According to the HTTP spec, fragments are not supposed to be included in the referer URI.
Luke Taylor said:
I don't think this is something we can do anything about. The fragment is not submitted by the browser to the server - it is only needed on the browser side to find the location in the page once it has been loaded. So it isn't possible for the server side to redirect to the full rebuilt URL, including the fragment.
Jorge L Garcia Perez said:
As a patch, on the login form you can do this:
var hash = unescape(self.document.location.hash.substring(1));
form.action = "j_spring_security_check#" + hash;