Announcement Announcement Module
Collapse
No announcement yet.
login returning 200 instead of 302 Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • login returning 200 instead of 302

    I'm building a REST based API and I am trying to get the login REST call to return 200 instead of 302. Is there any example of such a Spring Security configuration?
    Any help is appreciated.
    Thanks.
    Eugen.

  • #2
    Use a custom AuthenticationSuccessHandler to control the post-login behaviour.

    Comment


    • #3
      Yes, I was rather hoping I wouldn't have to.
      The problem with that is that my app is in fact a REST API - I am not using the <form-login> element, so I cannot just provide a AuthenticationSuccessHandler.
      The only other way I'm aware of is to define another customer filter to replace the standard UsernamePasswordAuthenticationFilter and provide my AuthenticationSuccessHandler there.
      The other problem is that I need to check if I have this filter in my chain right now - it's javadoc says "Processes an authentication form submission" and seeing how there's no form submission in play and no <form-login> element to create it, it may simply not there. What's more, I could add it but I'm unsure if that's the right way to go just to change the http response code.
      Is there a simpler way I'm missing or is this the recommended way of achieving what I'm after?
      Thanks for the help.
      Eugen.
      Last edited by eugenparaschiv; Jul 4th, 2011, 09:52 AM.

      Comment


      • #4
        Ok, well it would help if you could explain what you are using for authentication or attach your configuration.

        Comment


        • #5
          I have resolved this - attaching my notes for reference if anyone else stumbles upon this:

          - note: because it’s a REST API, there’s not <login-form> element
          - specify a custom filter for the FORM_LOGIN_FILTER position
          <http ...>
          ...
          <custom-filter ref="myFilter" position="FORM_LOGIN_FILTER" />
          ...
          </http>

          - define the filter and point to a custom success handler:
          <beans:bean id="myFilter" class="org.springframework.security.web.authentica tion.UsernamePasswordAuthenticationFilter">

          <beansroperty name="authenticationManager" ref="authenticationManager" />

          <beansroperty name="authenticationSuccessHandler" ref="mySuccessHandler" />
          </beans:bean>
          <beans:bean id="mySuccessHandler" class="com.avaya.thunder.server.security.MySavedRe questAwareAuthenticationSuccessHandler" />

          - define the MySavedRequestAwareAuthenticationSuccessHandler bean:
          extends AbstractAuthenticationTargetUrlRequestHandler implements AuthenticationSuccessHandler
          - the handle method overrides the handle from AbstractAuthenticationTargetUrlRequestHandler but doesn’t do redirect

          - the response code is now 200 instead of 302

          Comment


          • #6
            You don't need to add the filter explicitly - you can inject an AuthenticationSuccessHandler using the namespace.

            Comment


            • #7
              Could you please point me to an example?
              Thanks.

              Comment


              • #8
                You can find the documentation in the appendix. A short example would be:
                Code:
                <http ..>
                  <form-login authentication-success-handler-ref="authSuccessHandler"/>
                </http>
                <b:bean id="authSuccessHandler" class="MyAuthenticationSuccessHandler"/>

                Comment


                • #9
                  Yes, I am aware of that, but as I mentioned, being a REST API only, there is no <form-login> element.
                  Eugen.

                  Comment

                  Working...
                  X