0

I have used form-login and login success in Spring security 4.2.

Then client will send cookie to server next time , and i want add a custom filter to verify url parameter value with cookie from client . when cookie value is not valid with url parameter value, redirect to login page.

I have tried to extend AbstractAuthenticationProcessingFilter , but i don't know how to add filter in http-sercurity (add fileter before or after ?), and how to redirect to login page(because i want redirect to original page after success login).

Update: I can get cookie from controller ,redirect to login page when cookie is not valid . But it will not redirect to original page after success login ,because i use spring security to login and request cache in SavedRequestAwareAuthenticationSuccessHandler is null , so i want add filter to do this in spring security

Buffer
  • 81
  • 1
  • 7
  • Headers, Cookies and Parameters with REST-assured - https://www.baeldung.com/rest-assured-header-cookie-parameter – Dulaj Kulathunga Sep 04 '19 at 14:33
  • yeah , i know what you mean , i can get cookie from controller ,redirect to login page when cookie is not valid . But it will not redirect to original page because request cache is null , so i want do this in spring security – Buffer Sep 04 '19 at 14:37
  • @Buffer You don't need to implement `AbstractAuthenticationProcessingFilter`. It is enough to implement `Filter` or `GenericFilter`. To redirect your request, see https://stackoverflow.com/questions/2047122/requestdispatcher-forward-vs-httpservletresponse-sendredirect – dur Sep 04 '19 at 16:20
  • @dur But i don't know how to add filter in http-sercurity (add filter before or after which filter). I have already debug whole process flow and i don't know when spring security begin to deal with cookie about whether it need to be authenticated. – Buffer Sep 04 '19 at 16:32
  • @Buffer Spring Security doesn't deal with cookie. The session cookie is part of the server. – dur Sep 04 '19 at 16:49

0 Answers0