Package org.springframework.security.web.authentication

Class SavedRequestAwareAuthenticationSuccessHandler

java.lang.Object
org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler
org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler
All Implemented Interfaces:
AuthenticationSuccessHandler
public class SavedRequestAwareAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler
An authentication success strategy which can make use of the DefaultSavedRequest which may have been stored in the session by the ExceptionTranslationFilter. When such a request is intercepted and requires authentication, the request data is stored to record the original destination before the authentication process commenced, and to allow the request to be reconstructed when a redirect to the same URL occurs. This class is responsible for performing the redirect to the original URL if appropriate.

Following a successful authentication, it decides on the redirect destination, based on the following scenarios:

  • If the alwaysUseDefaultTargetUrl property is set to true, the defaultTargetUrl will be used for the destination. Any DefaultSavedRequest stored in the session will be removed.
  • If the targetUrlParameter has been set on the request, the value will be used as the destination. Any DefaultSavedRequest will again be removed.
  • If a SavedRequest is found in the RequestCache (as set by the ExceptionTranslationFilter to record the original destination before the authentication process commenced), a redirect will be performed to the Url of that original destination. The SavedRequest object will remain cached and be picked up when the redirected request is received (See SavedRequestAwareWrapper).
  • If no SavedRequest is found, it will delegate to the base class.
Since:
3.0

  • Field Details

    • logger

      protected final org.apache.commons.logging.Log logger

  • Constructor Details

    • SavedRequestAwareAuthenticationSuccessHandler

      public SavedRequestAwareAuthenticationSuccessHandler()

  • Method Details

    • onAuthenticationSuccess

      public void onAuthenticationSuccess(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, org.springframework.security.core.Authentication authentication) throws jakarta.servlet.ServletException, IOException
      Description copied from class: SimpleUrlAuthenticationSuccessHandler
      Calls the parent class handle() method to forward or redirect to the target URL, and then calls clearAuthenticationAttributes() to remove any leftover session data.
      Specified by:
      onAuthenticationSuccess in interface AuthenticationSuccessHandler
      Overrides:
      onAuthenticationSuccess in class SimpleUrlAuthenticationSuccessHandler
      Parameters:
      request - the request which caused the successful authentication
      response - the response
      authentication - the Authentication object which was created during the authentication process.
      Throws:
      jakarta.servlet.ServletException
      IOException

    • setRequestCache

      public void setRequestCache(RequestCache requestCache)