Spring Security - Redirect if already logged in

Question

I\'m new to Spring:

I do not want authenticated user from accessing the login page. What is the proper way to handle redirects for the \'/login\' if the user is alr

Answer 1

To successfully redirect from login page, if user is already logged in, add the following to your login.jsp:

Add a security taglib header to the top of your jsp:

<%@taglib uri="http://www.springframework.org/security/tags" prefix="sec"%>

Then add the following tag inside your "head" tag (preferably near the top):

    <% response.sendRedirect("main"); %>

This will redirect to main.html (or whatever your main .jsp is mapped to) if the user accessing the login page is already logged-in.

Doing this through a controller didn't work for me, since the valid login page practice is to let the spring security's "form-login" bean do all the redirecting work, so there was no login controller for me to modify.