Spring Security - Dispatch to /j_spring_security_check

Question

I have spring security in place and login via login.jsp works perfectly fine.

Now, I have to automatically get the user logged in based on the URL (similar to Single

Answer 1

You could bypass the check by using a request wrapper which returns "POST" instead of "GET" for getMethod.

However, the check is there for a reason. It is generally considered bad practice to send credentials as URL parameters. Even if you are using an encrypted parameter, it is still technically equivalent to sending unencrypted authentication credentials since anyone who steals it can use it to authenticate.