SEC-1498: An absolute URL does not work for property loginFormUrl in LoginUrlAuthenticationEntryPoint #1741

Closed
spring-issuemaster opened this Issue Jun 14, 2010 · 3 comments

1 participant

@spring-issuemaster

Simon Lam (Migrated from SEC-1498) said:

An absolute URL does not work when used as the login page using the security namespace http.



If my app is at http://localhost:8080/webapp. the resulting url will be http://localhost:8080/webapphttp://foo.com/login

Looking through the code, the problem lies in the method: LoginUrlAuthenticationEntryPoint.buildRedirectUrlToLoginPage.

As a workaround for now, I could subclass LoginUrlAuthenticationEntryPoint, override the buildRedirectUrlToLoginPage method, and then use an explicit bean rather than the security namespace config.

@spring-issuemaster

Luke Taylor said:

This isn't a bug - the Javadoc for LoginUrlAuthenticationEntryPoint is clear that the loginFormUrl is relative to the application context path.

@spring-issuemaster

Simon Lam said:

Oops, I missed that in the javadoc. I based this on the fact that in the afterPropertiesSet(), a URL starting with "http" is accepted. My mistake.

@spring-issuemaster

Luke Taylor said:

I've added support for absolute URLs.

@spring-issuemaster spring-issuemaster added this to the 3.1.0.M1 milestone Feb 5, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment