I've seen some threads here and here but they're old and I'm loathe to add any big implementations of various filters and loaders.
I'm handling a /logout manually as follows, then redirect to my /login (Login is managed by Spring Security) with a custom param:
@GetMapping("/participant/logout")
public String logout(HttpServletRequest request, HttpServletResponse response, @RequestParam("exitMsg") String exitMsg){
SecurityContextLogoutHandler securityContextLogoutHandler = new SecurityContextLogoutHandler();
securityContextLogoutHandler.logout(request, response, null);
return "redirect:/participant/login?logout=true&exitMsg=" + exitMsg;
}
@GetMapping("/participant/login")
public ModelAndView loginPage(HttpServletRequest request, HttpServletResponse response,
@RequestParam("exitMsg") String exitMsg) {
// exitMsg is NULL here!
}
In the debugger I see the correct formation of the URL and then I hit /login correctly, but the request parameter to /login (exitMsg) is lost.
So how can I keep custom params to /login ?
Spring Security Config:
http.antMatcher("/participant/**").authorizeRequests()
.antMatchers("/participant/id/**").permitAll()
.antMatchers("/participant/faq").permitAll()
.antMatchers("/participant/forgetPassword").permitAll()
.antMatchers("/participant/securityQuestions").permitAll()
.antMatchers("/participant/securityCheck").permitAll()
.antMatchers("/participant/resetPassword").permitAll()
.antMatchers("/participant/**").authenticated()
.and()
.formLogin().loginPage("/participant/login").permitAll()
.failureUrl("/participant/login?error").permitAll()
.defaultSuccessUrl("/participant/home")
.usernameParameter("username").passwordParameter("password")
.and()
.logout()
.and()
.csrf().disable();
