Summary
I have several static resources served by tomcat servers, these servers are siting behind the Spring Cloud Gateway. I integrate the Spring Security to protect these resources. All is working well, until I found Spring Security can not redirect well for URL that with Query Parameters
It can be reprduced by below:
- Access: localhost/mystatic/resource/index.html?id=1
- As not authenticated, Spring Security redirect to: localhost/login
- After input the correct username(user) and password(randomly generated in the log) and login sucessful
Actual Behavior
User was redirected to: localhost/mystatic/resource/index.html
Expected Behavior
User was redirected to: localhost/mystatic/resource/index.html&id=1
Configuration
Configuration can be very simple: initialize a project with Spring Initalizer, and introduce Spring-security and Spring Cloud Gateway
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.1.1.RELEASE</version>
</parent>
<groupId>com.example</groupId>
<artifactId>demo</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>demo</name>
<description>Demo project for Spring Boot</description>
<properties>
<java.version>1.8</java.version>
<spring-cloud.version>Greenwich.SR2</spring-cloud.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-gateway</artifactId>
</dependency>
</dependencies>
Version
Spring Boot: 2.1.1.RELEASE Spring Cloud Version: Greenwich.SR2
Sample
https://github.com/ZhuBicen/SpringCloudSamples/tree/master/security_gateway
Comment From: eleftherias
Closing as duplicate of gh-6421. This is fixed in Spring Security 5.1.4 and later versions.