Home/ Questions/Q 7404825
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-29T05:18:40+00:00

Is there a way in spring security 3 to redirect the user to a

  • 0

Is there a way in spring security 3 to redirect the user to a different page rather than the user account page if cookies are disabled on the browser?

Just like gmail does. As it redirects the user to a different page than the user account page and force user to enable cookies.

What I want is to force the user to enable cookies before he lands on his account page.

Thanks.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    To handle cookies you can use a handler servlet for viewing cookie details. To do this you need to prepare your login form manually and if condition matches with your requirements than forward to /j_spring_security_check. I have just used simple validation on embedded cookie in the request. In the below example servlet, I have checked if request contains any cookie if not I have forwarded page to cookieDisabled.jsp

    package com.udb.servlets;

import java.io.IOException;

import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.logging.Log;

/**
 * Servlet implementation class cookieHandler
 */
public class cookieHandler extends HttpServlet
{
    private static final long serialVersionUID = 1L;
    private static final String cookieDisabled = "/cookieDisabled.jsp";
    private static final String cookieEnabled = "/j_spring_security_check";
    RequestDispatcher dispatcher = null;

    /**
     * @see HttpServlet#HttpServlet()
     */
    public cookieHandler() {
        super();
        // TODO Auto-generated constructor stub
    }

    /**
     * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
     *      response)
     */
    public void doPost(HttpServletRequest request, HttpServletResponse response)
    {

        if (request.getCookies() == null) {
            System.out.println("cookie disabled!");
            dispatcher = getServletContext().getRequestDispatcher(
                    cookieDisabled);
            try {
                dispatcher.forward(request, response);
            } catch (ServletException e) {
                e.printStackTrace();
            } catch (IOException e) {
                e.printStackTrace();
            }
        } else {

                dispatcher = getServletContext().getRequestDispatcher(
                        cookieEnabled);
                System.out.println("Cookies active!");
                try {
                    dispatcher.forward(request, response);
                } catch (ServletException e) {
                    e.printStackTrace();
                } catch (IOException e) {
                    e.printStackTrace();
                }


        }
    }

    public void doGet(HttpServletRequest req, HttpServletResponse res)
    {
        doPost(req, res);
    }

}

    web-xml for handler:

    <servlet>
        <description>   </description>
        <display-name>cookieHandler</display-name>
        <servlet-name>cookieHandler</servlet-name>
        <servlet-class>com.udb.servlets</servlet-class>
    </servlet>
    <servlet-mapping>
        <servlet-name>cookieHandler</servlet-name>
        <url-pattern>/cookieHandler</url-pattern>
    </servlet-mapping>

    if you have secured all urls then you need to add below tag into security.xml as below:

    <security:intercept-url pattern="/cookieDisabled*"
            filters="none" />

    And in your login form you need to post request to cookieHandler instead of j_spring_security_check:

    <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<html>
<head>
<title>Login Page</title>
<style>
.errorblock {
    color: #ff0000;
    background-color: #ffEEEE;
    border: 3px solid #ff0000;
    padding: 8px;
    margin: 16px;
}
</style>
</head>
<body onload='document.f.j_username.focus();'>
    <h3>Login with Username and Password (Custom Page)</h3>

    <c:if test="${not empty error}">
        <div class="errorblock">
            Your login attempt was not successful, try again.<br /> Caused :
            ${sessionScope["SPRING_SECURITY_LAST_EXCEPTION"].message}
        </div>
    </c:if>

    <form name='f' action="<c:url value='cookieHandler' />"
        method='POST'>

        <table>
            <tr>
                <td>User:</td>
                <td><input type='text' name='j_username' value=''>
                </td>
            </tr>
            <tr>
                <td>Password:</td>
                <td><input type='password' name='j_password' />
                </td>
            </tr>
            <tr>
                <td colspan='2'><input name="submit" type="submit"
                    value="submit" />
                </td>
            </tr>
            <tr>
                <td colspan='2'><input name="reset" type="reset" />
                </td>
            </tr>
        </table>

    </form>
</body>
</html>

    Process quite similar with JSF (if you are using) as you handle login via servlet dispatcher.

    • 0