org.springframework.security.web.authentication
Class SavedRequestAwareAuthenticationSuccessHandler
java.lang.Object
org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler
org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler
- All Implemented Interfaces:
- AuthenticationSuccessHandler
public class SavedRequestAwareAuthenticationSuccessHandler
- extends SimpleUrlAuthenticationSuccessHandler
An authentication success strategy which can make use of the DefaultSavedRequest
which may have been stored in
the session by the ExceptionTranslationFilter
. When such a request is intercepted and requires authentication,
the request data is stored to record the original destination before the authentication process commenced, and to
allow the request to be reconstructed when a redirect to the same URL occurs. This class is responsible for
performing the redirect to the original URL if appropriate.
Following a successful authentication, it decides on the redirect destination, based on the following scenarios:
-
If the alwaysUseDefaultTargetUrl property is set to true, the defaultTargetUrl
will be used for the destination. Any DefaultSavedRequest stored in the session will be
removed.
-
If the targetUrlParameter has been set on the request, the value will be used as the destination.
Any DefaultSavedRequest will again be removed.
-
If a
DefaultSavedRequest
is found in the RequestCache (as set by the ExceptionTranslationFilter
to
record the original destination before the authentication process commenced), a redirect will be performed to the
Url of that original destination. The DefaultSavedRequest object will remain cached and be picked up
when the redirected request is received
(See SavedRequestAwareWrapper
).
-
If no DefaultSavedRequest is found, it will delegate to the base class.
- Since:
- 3.0
Field Summary |
protected org.apache.commons.logging.Log |
logger
|
Method Summary |
void |
onAuthenticationSuccess(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
Authentication authentication)
Calls the parent class handle() method to forward or redirect to the target URL, and
then calls clearAuthenticationAttributes() to remove any leftover session data. |
void |
setRequestCache(RequestCache requestCache)
|
Methods inherited from class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler |
determineTargetUrl, getDefaultTargetUrl, getRedirectStrategy, getTargetUrlParameter, handle, isAlwaysUseDefaultTargetUrl, setAlwaysUseDefaultTargetUrl, setDefaultTargetUrl, setRedirectStrategy, setTargetUrlParameter, setUseReferer |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
logger
protected final org.apache.commons.logging.Log logger
SavedRequestAwareAuthenticationSuccessHandler
public SavedRequestAwareAuthenticationSuccessHandler()
onAuthenticationSuccess
public void onAuthenticationSuccess(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
Authentication authentication)
throws javax.servlet.ServletException,
IOException
- Description copied from class:
SimpleUrlAuthenticationSuccessHandler
- Calls the parent class
handle()
method to forward or redirect to the target URL, and
then calls clearAuthenticationAttributes()
to remove any leftover session data.
- Specified by:
onAuthenticationSuccess
in interface AuthenticationSuccessHandler
- Overrides:
onAuthenticationSuccess
in class SimpleUrlAuthenticationSuccessHandler
- Parameters:
request
- the request which caused the successful authenticationresponse
- the responseauthentication
- the Authentication object which was created during the authentication process.
- Throws:
javax.servlet.ServletException
IOException
setRequestCache
public void setRequestCache(RequestCache requestCache)