receiving 404 error with adding a controller to spring saml sample

Question

My goal is to have a link on the page that returns the user to the originating site.I am starting from the spring saml sample http://projects.spring.io/spring-security-saml/ and am adding a new function to the index page.

my saml-servlet.xml and securityContext.xml both have

<context:component-scan base-package="com.home.saml.sp"/>

my returnController.java in the package com.home.saml.sp

@Controller
public class ReturnController {

    @RequestMapping(value = "/redirect", method = RequestMethod.POST)
    public String redirect() {
        String redirectUrl = "http://www.home.com";
        return "redirect:"+ redirectUrl; 
    }
}

and my index.jsp adds

<form method="POST" action="/redirect">
    <table>
        <tr>
            <td><input type="submit" value="Redirect * Page" /></td>
        </tr>
    </table>
</form>

Answer 1

The saml servlet processes URLs /saml/web/* and therefore skips your /redirect controller. You will need to change the saml servlet mapping in web.xml to:

<servlet-mapping>
    <servlet-name>saml</servlet-name>
    <url-pattern>/*</url-pattern>
</servlet-mapping>

Please note that this will break the metadata administration UI in the sample application. You would need to replace the current security for admin UI with:

<!-- Security for the administration UI -->
<security:http pattern="/metadata/**" access-denied-page="/metadata/login">
    <security:form-login login-processing-url="/metadata/login_check" login-page="/metadata/login" default-target-url="/metadata"/>
    <security:intercept-url pattern="/metadata/login" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
    <security:intercept-url pattern="/metadata/**" access="ROLE_ADMIN"/>
    <security:custom-filter before="FIRST" ref="metadataGeneratorFilter"/>
</security:http>

Then remove all /saml/web prefixes in JSPs and change adminLogin.jsp to use /metadata/login_check in the loginForm.