spring-redirect-and-forward

This article will focus on implementing a Redirect in Spring and will discuss the reasoning behind each strategy.

Example of how to Redirect to different pages after Login with Spring Security.

Read more →

A short example of redirection after login in Spring Security

Read more →

Configure Sessions with Spring Security – set up Concurrent Sessions, enable Session Fixation Protection and prevent URLs from containing Session information.

Read more →

Let’s first consider the reasons why you may need to do a redirect in a Spring application.

There are many possible examples and reasons of course. One simple one might be POSTing form data, working around the double submission problem, or just delegating the execution flow to another controller method.

A quick side note here is that the typical Post/Redirect/Get pattern doesn’t adequately address double submission issues – problems such as refreshing the page before the initial submission has completed may still result in a double submission.

Let’s start with this simple approach – and go straight to an example:

Behind the scenes, RedirectView will trigger a HttpServletResponse.sendRedirect() – which will perform the actual redirect.

Notice here how we’re injecting the redirect attributes into the method – the framework will do the heavy lifting here and allow us to interact with these attributes.

We’re adding the model attribute attribute – which will be exposed as HTTP query parameter. The model must contain only objects – generally Strings or objects that can be converted to Strings.

Let’s now test our redirect – with the help of a simple curl command:

The result will be:

The previous approach – using RedirectView – is suboptimal for a few reasons.

First- we’re now coupled to the Spring API because we’re using the RedirectView directly in our code.

Second – we now need to know from the start, when implementing that controller operation – that the result will always be a redirect – which may not always be the case.

A better option is using the prefix redirect: – the redirect view name is injected into the controller like any other logical view name. The controller is not even aware that redirection is happening.

Here’s what that looks like:

When a view name is returned with the prefix redirect: – the UrlBasedViewResolver (and all its subclasses) will recognize this as a special indication that a redirect needs to happen. The rest of the view name will be used as the redirect URL.

A quick but important note here is that – when we use this logical view name here – redirect:/redirectedUrl – we’re doing a redirect relative to the current Servlet context.

We can use a name such as a redirect: http://localhost:8080/spring-redirect-and-forward/redirectedUrl if we need to redirect to an absolute URL.

So now, when we execute the curl command:

We’ll immediately get redirected:

Let’s now see how to do something slightly different – a forward.

Before the code, let’s go over a quick, high-level overview of the semantics of forward vs. redirect:

Now let’s look at the code:

Same as redirect:, the forward: prefix will be resolved by UrlBasedViewResolver and its subclasses. Internally, this will create an InternalResourceView which does a RequestDispatcher.forward() to the new view.

When we execute the command with curl:

We will get HTTP 405 (Method not allowed):

To wrap up, compared to the two requests that we had in the case of the redirect solution, in this case, we only have a single request going out from the browser/client to the server side. The attribute that was previously added by the redirect is, of course, missing as well.

Next – let’s look closer at passing attributes in a redirect – making full use the framework with RedirectAttribures:

As we saw before, we can inject the attributes object in the method directly – which makes this mechanism very easy to use.

Notice also that we are adding a flash attribute as well – this is an attribute that won’t make it into the URL. What we can achieve with this kind of attribute is – we can later access the flash attribute using @ModelAttribute(“flashAttribute”) only in the method that is the final target of the redirect:

So, to wrap up – if we test the functionality with curl:

We will be redirected to the new location:

That way, using RedirectAttribures instead of a ModelMap gives us the ability only to share some attributes between the two methods that are involved in the redirect operation.

Let’s now explore an alternative configuration – a redirect without using the prefix.

To achieve this, we need to use an org.springframework.web.servlet.view.XmlViewResolver:

Instead of org.springframework.web.servlet.view.InternalResourceViewResolver we used in the previous configuration:

We also need to define a RedirectView bean in the configuration:

Now we can trigger the redirect by referencing this new bean by id:

And to test it, we’ll again use the curl command:

The result will be:

For use cases like bank payments, we might need to redirect an HTTP POST request. Depending upon the HTTP status code returned, POST request can be redirected to an HTTP GET or POST.

As per HTTP 1.1 protocol reference, status codes 301 (Moved Permanently) and 302 (Found) allow the request method to be changed from POST to GET. The specification also defines the corresponding 307 (Temporary Redirect) and 308 (Permanent Redirect) status codes that don’t allow the request method to be changed from POST to GET.

Now let’s look at the code for redirecting a post request to another post request:

Now, let’s test the redirect of POST using the curl command:

We are getting redirected to the destined location:

This article illustrated three different approaches to implementing a redirect in Spring, how to handle/pass attributes when doing these redirects as well as how to handle redirects of HTTP POST requests.