Grails Spring Security Redirect after Session-Timeout

3
votes

I have an issue with the Session Timeout. In my grails application an user logs in after a session timeout, but then gets to the last edited page. I want to prevent that and send them to a specific URL. How can I achieve this, I cant find something in the spring security documentation.

Greetings.

2
grailsspring-securitysession-timeout

2 Answers

2
votes

Per the docs, it looks like you might be able to use a combination of:

successHandler.defaultTargetUrl="/whatever/url/you/want"
successHandler.alwaysUseDefault=true
1
votes

By default spring security will forward the original request after successful login. You can prevent that by adding the following to Config.groovy:

grails.plugins.springsecurity.successHandler.alwaysUseDefault = true
grails.plugins.springsecurity.successHandler.alwaysUseDefaultTargetUrl = true
grails.plugins.springsecurity.successHandler.defaultTargetUrl = '/my/default/url'

The two properties sound like they should do the same, but in my case it only works when I have them both. Perhaps you can remove one of them and get it to work...

This will alter the behavior any time you log in, not just after a timeout. If you need a more dynamic solution, I guess you have to dig into the spring security source code...