Prevent redirect to login for Spring Security

Question

I have Spring MVC + Spring Security project.

Answer 1

We add a new authenticationEntryPoint:

<http auto-config="true" access-denied-page="/security/accessDenied" use-expressions="true"
      disable-url-rewriting="true" entry-point-ref="authenticationEntryPoint"/>

<beans:bean id="authenticationEntryPoint" class="a.b.c..AuthenticationEntryPoint">
    <beans:constructor-arg name="loginUrl" value="/security/login"/>
</beans:bean>

public class AuthenticationEntryPoint extends LoginUrlAuthenticationEntryPoint {    
    public AuthenticationEntryPoint(String loginUrl)  {
        super(loginUrl);
    }

    @Override
    public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException {
        response.sendError(403, "Forbidden");
    }
}

Answer 2

In annotated configuration in SpringSecurity 4 you can do:

public class SecurityConfig extends WebSecurityConfigurerAdapter {

@Override
protected void configure(HttpSecurity http) throws Exception {
    // ....
    http.exceptionHandling().authenticationEntryPoint(new AuthenticationEntryPoint() {

        @Override
        public void commence(HttpServletRequest request, HttpServletResponse response,
                AuthenticationException authException) throws IOException, ServletException {
            if (authException != null) {
                response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
                response.getWriter().print("Unauthorizated....");
            }
        }
    });
    // ....
}

}

Answer 3

Found this: always-use-default-target="true"

I this way, my controller function is always invoked after any login.