Welcome to the new Spring.io forums!
If this is your first visit, be sure to check out the
by clicking the link above, and for security reasons, use the
forgot password link to reset your password..
You may have to register before you can post: click the register
link above to proceed. To start viewing messages, select the forum that you want to visit
from the selection below.
No announcement yet.
login returning 200 instead of 302Page Title Module
I'm building a REST based API and I am trying to get the login REST call to return 200 instead of 302. Is there any example of such a Spring Security configuration?
Any help is appreciated.
Yes, I was rather hoping I wouldn't have to.
The problem with that is that my app is in fact a REST API - I am not using the <form-login> element, so I cannot just provide a AuthenticationSuccessHandler.
The only other way I'm aware of is to define another customer filter to replace the standard UsernamePasswordAuthenticationFilter and provide my AuthenticationSuccessHandler there.
The other problem is that I need to check if I have this filter in my chain right now - it's javadoc says "Processes an authentication form submission" and seeing how there's no form submission in play and no <form-login> element to create it, it may simply not there. What's more, I could add it but I'm unsure if that's the right way to go just to change the http response code.
Is there a simpler way I'm missing or is this the recommended way of achieving what I'm after?
Thanks for the help.
I have resolved this - attaching my notes for reference if anyone else stumbles upon this:
- note: because it’s a REST API, there’s not <login-form> element
- specify a custom filter for the FORM_LOGIN_FILTER position
<custom-filter ref="myFilter" position="FORM_LOGIN_FILTER" />
- define the filter and point to a custom success handler:
<beans:bean id="myFilter" class="org.springframework.security.web.authentica tion.UsernamePasswordAuthenticationFilter">
- define the MySavedRequestAwareAuthenticationSuccessHandler bean:
extends AbstractAuthenticationTargetUrlRequestHandler implements AuthenticationSuccessHandler
- the handle method overrides the handle from AbstractAuthenticationTargetUrlRequestHandler but doesn’t do redirect