#java #spring #redirect #web #spring-security
#java #spring #перенаправление #веб #spring-security
Вопрос:
У меня есть следующая конфигурация:
<http entry-point-ref="authenticaionEntryPoint"
access-decision-manager-ref="accessDecisionManager"
disable-url-rewriting="true">
<intercept-url pattern="/custom-url" access="ROLE_USER"
requires-channel="https" />
Now since url: /custom-url is on https. I am facing a weird use case when user is logged in (jsessionid is maintained https only, so on http user's session won't be recognized) :
1. Open http://www.dummy-domain.com/custom-url
2. User is redirected to http://www.dummy-domain.com/login
3. User is redirected to https://www.dummy-domain.com/login
4. User is redirected to https://www.dummy-domain.com, since user is already logged in.
In my opinion, it should have been this way :
1. Open http://www.dummy-domain.com/custom-url
2. User is redirected to https://www.dummy-domain.com/custom-url
I am assuming in first scenario channel processing filter is not getting executed first.
Есть мысли, чего мне не хватает? Для информации я все еще работаю над Spring security 3.1