Reputation: 1640
I encountered a small problem in my Spring application. I am using Spring Security to handle logins and logouts. It works very fine. My question is however about redirects in Spring. What I am talking about: By default, the Spring Security is configured in the way, that after successful logout, it redirects user to /login?logout
which works totally fine, same for /login?error
.
I am trying to implement a simple "Enter your email here to reset your password". The page resides at /resetPassword
. Here is the relevant part of the template:
<form name="f" th:action="@{/resetPassword}" method="post" id="needs-validation" novalidate>
<div class="form-group">
<label for="email">Login email</label>
<input type="email" id="email" name="email" class="form-control" required/>
</div>
<div class="form-actions">
<button type="submit" class="btn btn-primary btn-block">Reset password</button>
</div>
</form>
And my method that handles that looks like this:
@PostMapping("/resetPassword")
fun resetPasswordForEmail(@RequestParam("email") email: String): String {
userFacade.resetPassword(email)
return "redirect:/login?reset"
}
A method gets called, everything is fine, but: in the browser, I am not being redirected to /login?reset
but I was redirected even further, more specifically back to /login
. I can see that in developer tools in Chrome.
However, I do not know why that's happening. I also tried with RedirectAttributes
, with returning RedirectView
, but same result all the time.
Can anyone give me something to catch?
Upvotes: 0
Views: 35
Reputation: 408
You're not loggedin so Spring security redirect you to the login. You must configure it with ROLE_ANONYMOUS to allow access to resetpassword page.
Upvotes: 1