[#SEC-802] Save POST data to SavedRequest object so that it can be used after authentication

Spring Security

Save POST data to SavedRequest object so that it can be used after authentication

Created: 28/Apr/08 04:24 PM Updated: 31/Jul/08 11:28 AM

Component/s:

Core

Affects Version/s:

2.0.0

Fix Version/s:

2.5

Time Tracking:

Not Specified

File Attachments:	1. PostDataPatch.txt (9 kB)
Environment:	All

Description

« Hide

Currently if a POST request is sent to the server and it requires authentication the body of the post is lost and because of this the default for Spring Security is to redirect to the default page after authentication. A better solution would be to save the body from the post so that it can be used following authentication.

All

Comments

Work Log

Change History

FishEye

Builds

Sort Order:

[ Permlink | « Hide ]

Mark Curtis added a comment - 28/Apr/08 04:29 PM

Patch for the 2.0.0 release that addresses this issue.

[ Permlink | « Hide ]

Luke Taylor added a comment - 31/Jul/08 09:21 AM

It is possible to have a POST request start authentication and pick it up later - webflow uses this (there were one or two issues with parameters and saved requests). It won't automatically use the default target. The parameters, headers etc will be retained, but not the body. Retaining the body would potentially leave the app vulnerable to being easily overloaded by unauthenticated users submitting large requests.

[ Permlink | « Hide ]

Jon Osborn added a comment - 31/Jul/08 11:28 AM

Maybe just moving the request from the current 'special' slot in the sesion to a 'saved' slot will meet the requirement?