org.springframework.security.web.authentication
Class SavedRequestAwareAuthenticationSuccessHandler
java.lang.Object
org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler
org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler
- All Implemented Interfaces:
- AuthenticationSuccessHandler
public class SavedRequestAwareAuthenticationSuccessHandler
- extends SimpleUrlAuthenticationSuccessHandler
An authentication success strategy which can make use of the DefaultSavedRequest which may have been stored in
the session by the ExceptionTranslationFilter. When such a request is intercepted and requires authentication,
the request data is stored to record the original destination before the authentication process commenced, and to
allow the request to be reconstructed when a redirect to the same URL occurs. This class is responsible for
performing the redirect to the original URL if appropriate.
Following a successful authentication, it decides on the redirect destination, based on the following scenarios:
-
If the
alwaysUseDefaultTargetUrl property is set to true, the defaultTargetUrl
will be used for the destination. Any DefaultSavedRequest stored in the session will be
removed.
-
If the
targetUrlParameter has been set on the request, the value will be used as the destination.
Any DefaultSavedRequest will again be removed.
-
If a
SavedRequest is found in the RequestCache (as set by the ExceptionTranslationFilter to
record the original destination before the authentication process commenced), a redirect will be performed to the
Url of that original destination. The SavedRequest object will remain cached and be picked up
when the redirected request is received
(See SavedRequestAwareWrapper).
-
If no
SavedRequest is found, it will delegate to the base class.
- Since:
- 3.0
|
Field Summary |
protected org.apache.commons.logging.Log |
logger
|
|
Method Summary |
void |
onAuthenticationSuccess(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
Authentication authentication)
Calls the parent class handle() method to forward or redirect to the target URL, and
then calls clearAuthenticationAttributes() to remove any leftover session data. |
void |
setRequestCache(RequestCache requestCache)
|
| Methods inherited from class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler |
determineTargetUrl, getDefaultTargetUrl, getRedirectStrategy, getTargetUrlParameter, handle, isAlwaysUseDefaultTargetUrl, setAlwaysUseDefaultTargetUrl, setDefaultTargetUrl, setRedirectStrategy, setTargetUrlParameter, setUseReferer |
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
logger
protected final org.apache.commons.logging.Log logger
SavedRequestAwareAuthenticationSuccessHandler
public SavedRequestAwareAuthenticationSuccessHandler()
onAuthenticationSuccess
public void onAuthenticationSuccess(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
Authentication authentication)
throws javax.servlet.ServletException,
IOException
- Description copied from class:
SimpleUrlAuthenticationSuccessHandler
- Calls the parent class
handle() method to forward or redirect to the target URL, and
then calls clearAuthenticationAttributes() to remove any leftover session data.
- Specified by:
onAuthenticationSuccess in interface AuthenticationSuccessHandler- Overrides:
onAuthenticationSuccess in class SimpleUrlAuthenticationSuccessHandler
- Parameters:
request - the request which caused the successful authenticationresponse - the responseauthentication - the Authentication object which was created during the authentication process.
- Throws:
javax.servlet.ServletException
IOException
setRequestCache
public void setRequestCache(RequestCache requestCache)