0

Spring security login after server reload

asked 2020-02-08 01:44:08 +0800

gvguad gravatar image gvguad
7 2

updated 2020-02-08 01:59:36 +0800

In my project we use spring security for user authentication. It was made as said in ZKDeveloper'sReference/Integration/Security/Spring_Security + added small to provide ability press enter in for login even form is not in focus.

document.addEventListener("keydown", submitFormOnKeydown, false);
function submitFormOnKeydown(e) {
    var keyCode = e.keyCode;
    if(keyCode==13) {
        document.getElementById("loginForm").submit();
    }
}


The main problem is if I open login page and then restart. After that switch back in a browser by alt+tab, wait till the server starts and then press ENTER this will send a request to the authentification server but the authorization will fail because login page will be reloaded. Does ZK provide some id for clients? Is this possible that this happens because ZK does recognize user and reinit all inner js state? P.S. Also this happens if open page and left it inactive for 20-30 min.

delete flag offensive retag edit

1 Answer

Sort by » oldest newest most voted
0

answered 2020-02-10 10:22:07 +0800

cor3000 gravatar image cor3000
6280 2 7

updated 2020-02-10 10:31:50 +0800

Is your problem related in any way to your added script? Does it only happen when pressing ENTER? or also when using the form "normally"? (From my perspective it shouldn't make a difference, how the form is submitted). So please remove irrelevant information allowing to focus on the actual problem. If the problem is actually related to pressing ENTER then you should check what your code does differently than the default form implementation.

Anyway I found this similar problem describing the effect you mention without any ZK involved. So for now it sounds like it is the default behavior of spring security to redirect to the login page after a session timeout (a server restart has the same effect, unless you serialize/deserialize the session between restarts).

If that's the case ZK is not involved at all and the request is already bounced back from the Spring security filter chain. This behavior should also happen with JSP/JFS/other front-end technologies, when applying the same Spring Security configuration.

In this case you'll have a better chance for a response by asking for help in a Spring Security forum.

Can you please verify the behavior also happens without involving ZK.

link publish delete flag offensive edit
Your answer
Please start posting your answer anonymously - your answer will be saved within the current session and published after you log in or create a new account. Please try to give a substantial answer, for discussions, please use comments and please do remember to vote (after you log in)!

[hide preview]

Question tools

Follow
1 follower

RSS

Stats

Asked: 2020-02-08 01:44:08 +0800

Seen: 10 times

Last updated: Feb 10 '20

Related questions

zk.wpd 文件存在js漏洞

Fix auEngine mixed with POST and GET methods.

Security issue with Clients.showNotification

ZK Calendar Wire Spring-managed Beans Failed [closed]

Spring security doesn't return user inside event listener

where to put @Transactional (Hibernate Spring)

Clustered Session Terracotta not working

Can't inject using @Value in ViewModel if not declaring as @Component.. so what do we use?

Not able to bind Spring beans after zk upgrade

retriving Spring authentication provider Name dynamically in multiple authentication providers

About Us | Faq | Help | Privacy Policy | Contact Us
Copyright Potix Corporation 2015.
Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
Support Options
  • Email Support
  • Training
  • Consulting
  • Outsourcing
Learn More