Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

SEC-1498: An absolute URL does not work for property loginFormUrl in LoginUrlAuthenticationEntryPoint #1741

spring-issuemaster opened this Issue Jun 14, 2010 · 3 comments


None yet
1 participant

Simon Lam (Migrated from SEC-1498) said:

An absolute URL does not work when used as the login page using the security namespace http.

If my app is at http://localhost:8080/webapp. the resulting url will be http://localhost:8080/webapphttp://foo.com/login

Looking through the code, the problem lies in the method: LoginUrlAuthenticationEntryPoint.buildRedirectUrlToLoginPage.

As a workaround for now, I could subclass LoginUrlAuthenticationEntryPoint, override the buildRedirectUrlToLoginPage method, and then use an explicit bean rather than the security namespace config.

Luke Taylor said:

This isn't a bug - the Javadoc for LoginUrlAuthenticationEntryPoint is clear that the loginFormUrl is relative to the application context path.

Simon Lam said:

Oops, I missed that in the javadoc. I based this on the fact that in the afterPropertiesSet(), a URL starting with "http" is accepted. My mistake.

Luke Taylor said:

I've added support for absolute URLs.

@spring-issuemaster spring-issuemaster added this to the 3.1.0.M1 milestone Feb 5, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment