org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler

All Implemented Interfaces:: AuthenticationSuccessHandler

public class SavedRequestAwareAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler

An authentication success strategy which can make use of the DefaultSavedRequest which may have been stored in the session by the ExceptionTranslationFilter. When such a request is intercepted and requires authentication, the request data is stored to record the original destination before the authentication process commenced, and to allow the request to be reconstructed when a redirect to the same URL occurs. This class is responsible for performing the redirect to the original URL if appropriate.

Following a successful authentication, it decides on the redirect destination, based on the following scenarios:

If the alwaysUseDefaultTargetUrl property is set to true, the defaultTargetUrl will be used for the destination. Any DefaultSavedRequest stored in the session will be removed.
If the targetUrlParameter has been set on the request, the value will be used as the destination. Any DefaultSavedRequest will again be removed.
If a SavedRequest is found in the RequestCache (as set by the ExceptionTranslationFilter to record the original destination before the authentication process commenced), a redirect will be performed to the Url of that original destination. The SavedRequest object will remain cached and be picked up when the redirected request is received (See SavedRequestAwareWrapper).
If no SavedRequest is found, it will delegate to the base class.

Since:: 3.0

Field Summary

Fields

Modifier and Type

Field

Description

protected final org.apache.commons.logging.Log

logger
Constructor Summary

Constructors

Constructor

Description

SavedRequestAwareAuthenticationSuccessHandler()
Method Summary

Modifier and Type

Method

Description

void

onAuthenticationSuccess(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, Authentication authentication)

Calls the parent class handle() method to forward or redirect to the target URL, and then calls clearAuthenticationAttributes() to remove any leftover session data.

void

setRequestCache(RequestCache requestCache)

Methods inherited from class org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler
clearAuthenticationAttributes

Methods inherited from class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
determineTargetUrl, determineTargetUrl, getDefaultTargetUrl, getRedirectStrategy, getTargetUrlParameter, handle, isAlwaysUseDefaultTargetUrl, setAlwaysUseDefaultTargetUrl, setDefaultTargetUrl, setRedirectStrategy, setTargetUrlParameter, setUseReferer

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.springframework.security.web.authentication.AuthenticationSuccessHandler
onAuthenticationSuccess

Field Details
- logger
  
  protected final org.apache.commons.logging.Log logger
Constructor Details
- SavedRequestAwareAuthenticationSuccessHandler
  
  public SavedRequestAwareAuthenticationSuccessHandler()
Method Details
- onAuthenticationSuccess
  
  public void onAuthenticationSuccess(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, Authentication authentication) throws jakarta.servlet.ServletException, IOException
  
  Description copied from class: SimpleUrlAuthenticationSuccessHandler
  
  Calls the parent class handle() method to forward or redirect to the target URL, and then calls clearAuthenticationAttributes() to remove any leftover session data.
  
  Specified by:
  
  onAuthenticationSuccess in interface AuthenticationSuccessHandler
  
  Overrides:
  
  onAuthenticationSuccess in class SimpleUrlAuthenticationSuccessHandler
  
  Parameters:
  
  request - the request which caused the successful authentication
  
  response - the response
  
  authentication - the Authentication object which was created during the authentication process.
  
  Throws:
  
  jakarta.servlet.ServletException
  
  IOException
- setRequestCache
  
  public void setRequestCache(RequestCache requestCache)

Class SavedRequestAwareAuthenticationSuccessHandler

Field Summary

Constructor Summary

Method Summary

Methods inherited from class org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler

Methods inherited from class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler

Methods inherited from class java.lang.Object

Methods inherited from interface org.springframework.security.web.authentication.AuthenticationSuccessHandler

Field Details

logger

Constructor Details

SavedRequestAwareAuthenticationSuccessHandler

Method Details

onAuthenticationSuccess

setRequestCache