Announcement Announcement Module
No announcement yet.
No access to default-target-url from an authentication-success-handler... ? Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • No access to default-target-url from an authentication-success-handler... ?

    I am implementing change-password functionality for my app including forced pass changes on expiration. While catering for users who have a protected (behind login) page bookmarked (or type them in free-hand) I have implemented an AuthenticationSuccessHandler (ASH).

    My ASH works fine and I can take any request for a secured resource and force it to the Change Password page post-login, if the password has expired. The problem exists when I test a user who's password has Not expired. I would like to be able to query the <form-login>'s default-target-url and send the user to whatever that is. There is even a method:
    AbstractAuthenticationTargetUrlRequestHandler.determineTargetUrl(req, res)
    Which would appear to return the URL I want but instead only returns "/" for me no matter what I try.

    I have even gone through the source looking for where the default-target-url is parsed from the security.xml file and can't find it. As a work-around I have added a property to my ASH which I then hard-code with the default-target-url instead of putting it into the <form-login>. This works for me but does not seem to be the right way to do things.

    Should the presence of an ASH over-ride the attributes of a <form-login> completely? Or am I missing something?

    Any help gratefully received.