Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SEC-1498: An absolute URL does not work for property loginFormUrl in LoginUrlAuthenticationEntryPoint #1741

Closed
spring-issuemaster opened this issue Jun 14, 2010 · 3 comments

Comments

@spring-issuemaster
Copy link

@spring-issuemaster spring-issuemaster commented Jun 14, 2010

Simon Lam (Migrated from SEC-1498) said:

An absolute URL does not work when used as the login page using the security namespace http.

If my app is at http://localhost:8080/webapp. the resulting url will be http://localhost:8080/webapphttp://foo.com/login

Looking through the code, the problem lies in the method: LoginUrlAuthenticationEntryPoint.buildRedirectUrlToLoginPage.

As a workaround for now, I could subclass LoginUrlAuthenticationEntryPoint, override the buildRedirectUrlToLoginPage method, and then use an explicit bean rather than the security namespace config.

@spring-issuemaster

This comment has been minimized.

Copy link
Author

@spring-issuemaster spring-issuemaster commented Jun 17, 2010

Luke Taylor said:

This isn't a bug - the Javadoc for LoginUrlAuthenticationEntryPoint is clear that the loginFormUrl is relative to the application context path.

@spring-issuemaster

This comment has been minimized.

Copy link
Author

@spring-issuemaster spring-issuemaster commented Jun 17, 2010

Simon Lam said:

Oops, I missed that in the javadoc. I based this on the fact that in the afterPropertiesSet(), a URL starting with "http" is accepted. My mistake.

@spring-issuemaster

This comment has been minimized.

Copy link
Author

@spring-issuemaster spring-issuemaster commented Aug 5, 2010

Luke Taylor said:

I've added support for absolute URLs.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
1 participant
You can’t perform that action at this time.