On my previous post there is a step by step explanation on how to create your own Web App in Heroku.
After I finished the whole process and I had my Web App up and running on Heroku, I thought I had reached the end and it would all be working smoothly. My surprise came when some pictures on my site and some pages redirections were not working properly.
The key is in the way that you specify your URLs; you cannot use the forward slash ('/') to prefix your URLs, because Heroku will understand them as absolute paths, and it will look for the page in the wrong place.
That was the case of my web app, the login page had a reference to a warning image, but this image was not being loaded when the error message appeared.
The next snippet shows the original source code for that image import.
The problem was that I was using the forward slash ('/') as a prefix for the image's URL, so the change required to get this working is to just remove this prefix, so that Heroku understands it as a relative path, as shown in the following snippet.
The same thing happened with some script imports I was doing to be used with my pages, and it was solved in the same way, just by removing the preceding forward slash ('/') from the URLs.
However, another problem arose when redirecting to the login failure URL (that was being handled by Spring Security), whose solution is similar to the one stated above, but requires more customisation.
Spring Security URL Authentication Failure Handling
The default URL authentication failure handler used within Spring Security is the SimpleUrlAuthenticationFailureHandler; the next snippet shows the typical definition of the security beans to use the default handler:
The default class does not accept a URL without a forward slash ('/') prefix, so that makes it impossible to specify the redirection as stated above in this post.
Apart from that, the redirection uses a RedirectStrategy object, which modifies the URL string specified in the bean.
The solution I propose to solve this issue is to create a custom class to handle the authentication failure, and then use that class as a reference for the form-login bean.
The new definition of the security bean is as follows:
And the code for the new class NoSlashAuthenticationFailureHandler is shown in the next snippet; as you can see, the redirection is not using any RedirectStrategy object, so it will not modify the value of the URL that you specify in the constructor bean.
So there you are the way to keep using Spring Security to handle the authentication failure. Try it on your Web App and let me know any feedback in the comments section.
Julio,
ReplyDeleteGreat post, Thanks for taking time to share this info on the net.
I am experimenting with an app, same scenario on Heroku, spring MVC, spring security.
However I figured out the forward slash was the culprit and quickly fixed it for resources redirection but my current challenge is, how do i create the link to home page on my nav bar. where it is simple / (using
"a href='s : url value="/" >Home a" (was not able to include tags as html not allowed here)
if i remove the / then the page goes no where.
I am yet to come to the security related redirect issues you mentioned, I would say your above post will save me hours of time when i encounter that.
Thanks again for your help.