Spring: Special Character in URL; Login Works; Redirect

I had a special character in my project name (e.g. project-name), so Maven built a WAR that would be deployed to http://localhost:8080/project-name. Now, this worked perfectly on localhost. Yet, when deployed to a server (some.ip.address) and trying to login, the login process itself worked. But afterwards I was redirected back to the login page. This was my stack trace:

16:20:32,174 DEBUG http-bio-8080-exec-21 aop.TraceInterceptor:22 - Leaving CustomUserDetailsService.loadUserByUsername(): org.springframework.security.core.userdetails.User@acf8d1d8: Username: user; Password: [P
ROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER
16:20:32,175 DEBUG http-bio-8080-exec-21 session.SessionFixationProtectionStrategy:91 - Invalidating session with Id 'E227BBEA6A698999347C63BB358445A6' and migrating attributes.
16:20:32,180 DEBUG http-bio-8080-exec-21 session.SessionFixationProtectionStrategy:101 - Started new session: 507EEAC093A14D78A3BDE0DDC1B478E7
16:20:32,180 DEBUG http-bio-8080-exec-21 authentication.UsernamePasswordAuthenticationFilter:311 - Authentication success. Updating SecurityContextHolder to contain: org.springframework.security.authentication.Use
rnamePasswordAuthenticationToken@171a9f74: Principal: org.springframework.security.core.userdetails.User@acf8d1d8: Username: user; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExp
ired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c: Remote
IpAddress: some.ip.address; SessionId: E227BBEA6A698999347C63BB358445A6; Granted Authorities: ROLE_USER
16:20:32,180 DEBUG http-bio-8080-exec-21 authentication.SavedRequestAwareAuthenticationSuccessHandler:79 - Redirecting to DefaultSavedRequest Url: http://some.ip.address:8080/project-name/
16:20:32,181 DEBUG http-bio-8080-exec-21 web.DefaultRedirectStrategy:36 - Redirecting to 'http://some.ip.address:8080/project%2Dname/'
16:20:32,182 DEBUG http-bio-8080-exec-21 context.HttpSessionSecurityContextRepository:291 - SecurityContext stored to HttpSession: 'org.springframework.security.core.context.SecurityContextImpl@171a9f74: Authentic
ation: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@171a9f74: Principal: org.springframework.security.core.userdetails.User@acf8d1d8: Username: user; Password: [PROTECTED]; Ena
bled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.au
thentication.WebAuthenticationDetails@ffff4c9c: RemoteIpAddress: some.ip.address; SessionId: E227BBEA6A698999347C63BB358445A6; Granted Authorities: ROLE_USER'
16:20:32,182 DEBUG http-bio-8080-exec-21 context.SecurityContextPersistenceFilter:97 - SecurityContextHolder now cleared, as request processing completed
16:20:32,187 DEBUG http-bio-8080-exec-22 web.FilterChainProxy:318 - / at position 1 of 10 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
16:20:32,188 DEBUG http-bio-8080-exec-22 context.HttpSessionSecurityContextRepository:127 - No HttpSession currently exists
16:20:32,189 DEBUG http-bio-8080-exec-22 context.HttpSessionSecurityContextRepository:85 - No SecurityContext was available from the HttpSession: null. A new one will be created.

Now it turns out, that the reason for this was the hypen in the URL. Removing it did the trick. These lines deferred:

some.ip.address

web.DefaultRedirectStrategy:36 - Redirecting to 'http://some.ip.address:8080/project%2Dname/'

localhost

web.DefaultRedirectStrategy:36 - Redirecting to 'http://some.ip.address:8080/project-name/'

I suspect the cookie is being saved for a different URL than is searched for later on, namely 'http://some.ip.address:8080/project%2Dname/' VS 'http://some.ip.address:8080/project-name/' . But this is just a guess. I have not figured out yet, which setting is responsible for the difference in redirect URLs, but is has nothing to do with the Spring or project specific settings. Otherwise it would not work on localhost.

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Leave a Reply