I have a HttpServletRequest object with me in a post login hook. How to get what URL is there is the browser.
When I am using PortalUtil.getCurrentCompleteURL(HttpServletRequest) I am always getting http://localhost:8080/c. I need something like http://localhost:8080/web/abc.
I don't have ThemeDisplay object with me.
I guess that the URL you are looking for is the one from before the login. The portal saves that one in the session when redirecting to the login page. You can access it like this:
String lastPath = session.getAttribute(WebKeys.LAST_PATH);
Related
Currently, I’m developing a web app with server-side rendering using the Gin framework and I’m having a problem with login intercepting. When an HTTP GET request hits an endpoint, middleware is used to check the browser cookie and redirect the traffic to the login page. This works fine and after successful login, the user is always redirected to the dashboard page. My question is how I should redirect the user back to the originally requested URI instead of the dashboard page?
Also, a bit more complex scenario is on HTTP POST. It looks like the HTTP POST method doesn’t work quite well with a redirect. Also, how would I resume the request with the same post request after the user successfully login?
Thanks for the help!
For the HTTP GET scenario, this one is easy, you need to remember the original URL somewhere. The are a few ways you could go about this:
Store the URL in session information(if any is available, you do need sessions for non-authenticated users)
Store it in a query string, for example, redirect to example.com/login?original=https%3A%2F%2Fexample.com%2Fanother-page. Your login page can look for the query parameter and include it in the login form or make sure that the action of the login form matches the given URI. On a successful login attempt you can get the original URL form the query param and set it as the Location.
Store the original URL in a cookie, upon successful login you can just check the cookie value and use that.
As for the HTTP POST scenario. If you just want to redirect the same POST request to a different URL you can use a 307 Temporary redirect. A 307 will preserve the request body and method and not turn it into a GET request like a 303 See Other or 302 Found.
Resuming the original POST after showing the login screen and after a successful login is a little more complex. When you redirect to the login page you interrupt the flow of the user, maybe it is better to let the user re-post their request after logging in, instead of doing it for them.
Having said that, it is technically possible. We require two steps, first is storing all the data to recreate the request. Then after login completion we can render a form with this saved data and use javascript to submit the form. By adding:
<script>document.getElementById("myForm").submit();</script>
After your form, the browser will submit the form after loading the javascript, thus recreating the original POST.
The storage part can be done via the server side session or a cookie.
I have created a slack app and stuck at adding the redirect url. I want information like token, team_id from redirect url. I went through the link https://api.slack.com/authentication/oauth-v2 I got the idea of redirect url, but how should I create although I used client_id,secret in the url but I want to capture the HTTP request response. How should I create one?
I'm trying to use Spring Social Facebook login along side form login, more or less following the guide here: http://www.baeldung.com/get-user-in-spring-security, only using header-based session management rather than cookies. Right now the login is successful. Facebook sends a 302 to my server at /api/signin/facebook, and my server sends a 302 to the post-sign-in url I've set on my ProviderSignInController along with the x-auth-token header. The issue is that when following the last redirect my browser throws away the auth token.
I think I want to just add the auth token as a query param on the final redirect uri, but I don't know how to intercept the final response. I've called setSignInInterceptors on my ProviderSignInController but that seems to be ignored after the first sign in. How can I keep my session information when it's not a cookie?
Just added the token as a query parameter and returned it from my custom SignInAdapter.signIn method. I feel like there's probably a better solution but I needed something.
I am trying to login the site. There are couple of GET request before moving to login screen and on the login screen:
My Request Parameter is:
username=8888888888&password=8888888888&AUTH_STATE=2c83bef4-9ab3-4549-8d3b-243e5864cc78
I know my username and password but when i capture the parameters using firebug, i found that along with that AUTH_STATE also going..
I tried to find the AUTH_STATE parameter in any of the GET Response made before login call.. But i did not find it out.. Is there any way to get that ???
I should be there in the login page. Check the HTML response of the login page.
I am building an application and I want to do a validation in which when user tries to access a POST method he should be redirected to a new Page. For example when I Login, the username and password validations are done in the post method that has
#RequestMapping(value = "/firstPage.htm", method = RequestMethod.POST)
So what I want to do is if user saves this link xyz.../firstPage.htm after the application is closed by pasting it in browser url, he should not get 405 error instead he should be redirected to another page that says You are not Authenticated to view this page.
How do I do this?
Regards,
Zingo
You could add another method in your controller that handles the same URI, but with RequestMethod Get. It can simply shows a page with a login form asking the user to login.
This will also lead to a more standardized approach. Where a GET request to a URL shows the form, while POSTing credentials to the same URL logs you in.
Hope this helps.