Logging in sometimes redirect to wrong url

[adrianblancode]

I tried logging in, but instead of being redirected to the main page after a successful login I was somehow redirected to http://qwait.csc.kth.se/api/users?role=admin for some odd reason. I have no idea what caused this or how to reproduce it, but it ocurred after I had already input my password wrong once into the KTH login. Not sure if that has got anything to do with it or not.

[dflemstr]

So apparently the Spring Security system DOES have support for "redirect back to where you were," because it stores the location of the last "unauthorized" page you went to.

It works like this:

• You are not logged in
• You load some page, e.g. "/"
• The "users" Angular service does a request to the URL "/api/users?role=admin"
• The above URL can only be accessed while logged in, so the server responds with "Unauthorized" (probably? check your debug log in Chrome to see what it responds with). For me it looks like this:
  
• You do some other stuff and press "/login"
• The server somehow thinks your last visited page is the API page
• You do the login flow
• You are redirected back to that URL