This forum is now a read-only archive. All commenting, posting, registration services have been turned off. Those needing community support and/or wanting to ask questions should refer to the Tag/Forum map, and to http://spring.io/questions for a curated list of stackoverflow tags that Pivotal engineers, and the community, monitor.
No announcement yet.
login returning 200 instead of 302Page Title Module
I'm building a REST based API and I am trying to get the login REST call to return 200 instead of 302. Is there any example of such a Spring Security configuration?
Any help is appreciated.
Yes, I was rather hoping I wouldn't have to.
The problem with that is that my app is in fact a REST API - I am not using the <form-login> element, so I cannot just provide a AuthenticationSuccessHandler.
The only other way I'm aware of is to define another customer filter to replace the standard UsernamePasswordAuthenticationFilter and provide my AuthenticationSuccessHandler there.
The other problem is that I need to check if I have this filter in my chain right now - it's javadoc says "Processes an authentication form submission" and seeing how there's no form submission in play and no <form-login> element to create it, it may simply not there. What's more, I could add it but I'm unsure if that's the right way to go just to change the http response code.
Is there a simpler way I'm missing or is this the recommended way of achieving what I'm after?
Thanks for the help.
I have resolved this - attaching my notes for reference if anyone else stumbles upon this:
- note: because it’s a REST API, there’s not <login-form> element
- specify a custom filter for the FORM_LOGIN_FILTER position
<custom-filter ref="myFilter" position="FORM_LOGIN_FILTER" />
- define the filter and point to a custom success handler:
<beans:bean id="myFilter" class="org.springframework.security.web.authentica tion.UsernamePasswordAuthenticationFilter">
- define the MySavedRequestAwareAuthenticationSuccessHandler bean:
extends AbstractAuthenticationTargetUrlRequestHandler implements AuthenticationSuccessHandler
- the handle method overrides the handle from AbstractAuthenticationTargetUrlRequestHandler but doesn’t do redirect