I have one working Spring web application deployed on tomcat, using Spring Security to do authentication and authorization. My new requirement is using SSO via apache http request to tomcat.
I got this working using the preauthentication filter and get authorization through LDAP server( MS AD). The problem is the default page is not opened automatically. it's working when I type in the URl like http://localhost/postLogin.sp. Here is the security.xml
<http use-expressions="true" entry-point-ref="http403ForbiddenEntryPoint">
<custom-filter position="PRE_AUTH_FILTER" ref="ssoPreAuthenticationFilter" />
<!-- other static assets skip -->
<intercept-url pattern="/**" access="hasRole('ROLE_USER')" />
<!--<form-login authentication-failure-url="/loginForm.jsp?failure=true" default-target-url='/postLogin.sp' always-use-default-target='true' />-->
</http>I comment out the , because using ssoPreAuthenticationFilter as preauthentication filter. but where is could setup this default page "postLogin.sp". The authentication-success-handler-ref is part of , so it's not useful here.
I have welcome-file-list configured as below
<welcome-file-list>
<welcome-file>/postLogin.sp</welcome-file>
</welcome-file-list>
<servlet-mapping>
<servlet-name>defaultServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>So please help.
