Is there a complete example where always-use-default-target is used in Spring Security? Especially I had asked the following question at the following link
“Does it mean that for any page requested the spring security will start checking if the user has logged in? If not then if you mean to say that only when /secure/kittens.html is requested, the spring will try to check if the user is logged in, i would like to know where or how this check is made? The reason i am asking is i just tested but it did not work, i would like to know if i have to write some redirect logic in /secure/kittens.html?
Is there a complete example where always-use-default-target is used in Spring Security? Especially I
Share
Spring will use a filter to make the security check based on your configuration. In your spring-security configuration you will need to setup an entry for /secure/kittens.html (or more generally /secure ) to tell spring-security that the user must be authenticated, or must have a given role in order to view the page. Once that is configured the filter will check against your rules, in order, to see if the user has permission to view the page. If not, spring-security will send them to the configured login page.
Have a look at the configuration of spring-security, specifically the intercept-url configuration for examples of configuring spring-security for your url space. That configuration page also has an example of configuring always-use-default-target. Again, note that the rules are evaluated in order, so a general case check at the top of the list will be matched before a specific one at the bottom, so make sure your rules are in order, specific to general.