<sec:authorize access="isAnonymous()">

		<a href="/login?redirect=addProduct">상품 추가하기</a>

	</sec:authorize>

	<sec:authorize access="isAuthenticated()">

		<a href="/addProduct">상품 추가하기</a>

	</sec:authorize>

제가 지금 하고싶은게 '상품추가하기' 버튼을 눌렀을때 비회원이면 로그인페이지로 보낸 뒤

로그인 성공 시 상품추가페이지로 가게하고싶습니다

이렇게 하는게 맞는건가요?? 

혹시몰라 컨트롤러 , 시큐리티설정파일 올려보겠습니다..

	@RequestMapping(value="login" , method = RequestMethod.GET)
	public String loginPage(HttpServletRequest request ,
			@RequestParam(value="redirect" ,defaultValue="",required=false) String redirect) {
				if(redirect.equals("error")) {
					System.out.println("로그인 에러");
				}
				else if(redirect.equals("addProduct")) {
					request.getSession().setAttribute("prevPage","http://localhost:8085/myapp/addProduct");
				}
				else {
				    String referer = request.getHeader("Referer");
				    request.getSession().setAttribute("prevPage", referer);
				}
		return "/login";
	}

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:sec="http://www.springframework.org/schema/security"
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
        http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/security
        http://www.springframework.org/schema/security/spring-security.xsd">

	<bean id="SuccessHandler" class="com.mycompany.myapp.LoginHandler.SuccessHandler" >
	             <constructor-arg value="/" />
	</bean>
    <sec:http auto-config='true' use-expressions="true">
        <sec:intercept-url pattern="/" access="permitAll" />  
        <sec:intercept-url pattern="/home" access="permitAll" />
        <sec:intercept-url pattern="/login" access="permitAll" />
        <sec:intercept-url pattern="/**" access="isAuthenticated()" />
   
        <sec:form-login login-page="/login"
                        login-processing-url="/user/login"
                       	authentication-success-handler-ref="SuccessHandler"
                        username-parameter="email" 
                        password-parameter="password"
                        authentication-failure-url="/login?redirect=error"
                        always-use-default-target='true' />
        <sec:logout invalidate-session="true"
                    logout-url="/logout" 
                  	logout-success-url="/"
                     />
        <!-- enable csrf protection -->
        <sec:csrf/>
    </sec:http>
    <sec:authentication-manager>
        <sec:authentication-provider>
             <sec:jdbc-user-service data-source-ref="dataSource"
                users-by-username-query="SELECT email, password, enabled FROM user WHERE email = ?"
                authorities-by-username-query="SELECT email, authority FROM shop_authorities WHERE email = ?" />
       </sec:authentication-provider>
    </sec:authentication-manager>
</beans>

public class SuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {
    public SuccessHandler(String defaultTargetUrl) {
        setDefaultTargetUrl(defaultTargetUrl);
    }
 
    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, 
        Authentication authentication) throws ServletException, IOException {
        HttpSession session = request.getSession();

        if (session != null) {
            String redirectUrl = (String) session.getAttribute("prevPage");
            System.out.println("redirectUrl="+redirectUrl);
            if (redirectUrl != null) {
                session.removeAttribute("prevPage");
                getRedirectStrategy().sendRedirect(request, response, redirectUrl);
            } else {
                super.onAuthenticationSuccess(request, response, authentication);
            }
        } else {
            super.onAuthenticationSuccess(request, response, authentication);
        }
    }
}