Package org.springframework.security.web.authentication

Class SavedRequestAwareAuthenticationSuccessHandler

  • All Implemented Interfaces:
    AuthenticationSuccessHandler
    public class SavedRequestAwareAuthenticationSuccessHandler
extends SimpleUrlAuthenticationSuccessHandler
    An authentication success strategy which can make use of the DefaultSavedRequest which may have been stored in the session by the ExceptionTranslationFilter. When such a request is intercepted and requires authentication, the request data is stored to record the original destination before the authentication process commenced, and to allow the request to be reconstructed when a redirect to the same URL occurs. This class is responsible for performing the redirect to the original URL if appropriate.

    Following a successful authentication, it decides on the redirect destination, based on the following scenarios:

    • If the alwaysUseDefaultTargetUrl property is set to true, the defaultTargetUrl will be used for the destination. Any DefaultSavedRequest stored in the session will be removed.
    • If the targetUrlParameter has been set on the request, the value will be used as the destination. Any DefaultSavedRequest will again be removed.
    • If a SavedRequest is found in the RequestCache (as set by the ExceptionTranslationFilter to record the original destination before the authentication process commenced), a redirect will be performed to the Url of that original destination. The SavedRequest object will remain cached and be picked up when the redirected request is received (See SavedRequestAwareWrapper).
    • If no SavedRequest is found, it will delegate to the base class.
    Since:
    3.0

    • Field Detail

      • logger

        protected final org.apache.commons.logging.Log logger

    • Constructor Detail

      • SavedRequestAwareAuthenticationSuccessHandler

        public SavedRequestAwareAuthenticationSuccessHandler()

    • Method Detail

      • onAuthenticationSuccess

        public void onAuthenticationSuccess​(javax.servlet.http.HttpServletRequest request,
                                    javax.servlet.http.HttpServletResponse response,
                                    Authentication authentication)
                             throws javax.servlet.ServletException,
                                    java.io.IOException
        Description copied from class: SimpleUrlAuthenticationSuccessHandler
        Calls the parent class handle() method to forward or redirect to the target URL, and then calls clearAuthenticationAttributes() to remove any leftover session data.
        Specified by:
        onAuthenticationSuccess in interface AuthenticationSuccessHandler
        Overrides:
        onAuthenticationSuccess in class SimpleUrlAuthenticationSuccessHandler
        Parameters:
        request - the request which caused the successful authentication
        response - the response
        authentication - the Authentication object which was created during the authentication process.
        Throws:
        javax.servlet.ServletException
        java.io.IOException

      • setRequestCache

        public void setRequestCache​(RequestCache requestCache)