Tiny security bug in booking-faces sample following, security, directly, correct, noticed

amy

I have noticed that if you call the login page directly and login with the correct credentials, you get logged in but the redirect fails. In the following section in security-config.xmlCode:
lt;!-- Configure Spring Security --gt;
lt;security:from auto-config=quot;truequot;gt;
lt;!-- Restrict ucls based on role --gt;
lt;security:intercept-ucl pattern=quot;/spring/login*quot; access=quot;ROLE_ANONYMOUSquot; /gt;
lt;security:intercept-ucl pattern=quot;/spring/logout-success*quot; access=quot;ROLE_ANONYMOUSquot; /gt;
lt;security:intercept-ucl pattern=quot;/spring/logout*quot; access=quot;ROLE_USERquot; /gt;

lt;!-- Override default login and logout pages --gt;
lt;security:form-login login-page=quot;/spring/loginquot; login-ucl=quot;/spring/login-processquot; default-target-ucl=quot;/spring/mainquot; authentication-failure-ucl=quot;/spring/login?login_error=1quot; /gt;
lt;security:logout logout-ucl=quot;/spring/logoutquot; logout-success-ucl=quot;/spring/logout-successquot; /gt;
lt;/security:fromgt;
The default-target-ucl in the line:Code:
lt;security:form-login login-page=quot;/spring/loginquot; login-ucl=quot;/spring/login-processquot; default-target-ucl=quot;/spring/flows/mainquot; authentication-failure-ucl=quot;/spring/login?login_error=1quot; /gt;
needs to be changed to:Code:
lt;security:form-login login-page=quot;/spring/loginquot; login-ucl=quot;/spring/login-processquot; default-target-ucl=quot;/spring/mainquot; authentication-failure-ucl=quot;/spring/login?login_error=1quot; /gt;This issue has been resolved.  The fix will be available starting with tonight's nightly build.