0

I am having a issue where once a user is authenticated, the user is still able to access the login page by accessing the URL at localhost:8080/login. I would like it to be redirected automatically to the user's landing page if the authenticated user tries to access the login page again.

My SecurityConfig is set like this:

        .csrf()
        .and()
          .authorizeRequests()
          .antMatchers("/programme/**").hasRole("USER1")
          .antMatchers("/programme1/**").hasRole("USER1")
          .antMatchers("/project/**").hasRole("USER2")
            .antMatchers("/").authenticated()
            .and()
            .formLogin()
            .loginPage("/login")    
            .failureUrl("/login-error")
            .successHandler(authenticationSuccessHandler)
            .failureHandler(customAuthenticationFailureHandler() )
            .permitAll()
            .and()
            .logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
            .deleteCookies("JSESSIONID").invalidateHttpSession(true)
             .and()
             .rememberMe().key("uniqueAndSecret").userDetailsService(userDetailsService);
YuriMarikov
  • 13
  • 6
  • Why? What if the user want to log in as a different user? Why not allow that? Why force user to log out first? – Andreas Apr 20 '20 at 04:12
  • The user can login as a different user, but the user needs to log out first and then proceed to the login page. Something like Facebook, once you go to facebook.com, you are automatically redirected to your landing page if you were signed in. But if you are not, then you can access the login page again – YuriMarikov Apr 20 '20 at 04:13
  • So put in a controller with a redirect. – chrylis -cautiouslyoptimistic- Apr 20 '20 at 04:20
  • Possible duplicate of https://stackoverflow.com/questions/33283213/deny-log-in-with-already-authenticated-session – dur Apr 20 '20 at 09:18

0 Answers0