Announcement Announcement Module
Collapse
No announcement yet.
Are custom Authentication Success/Failure Handlers expected to redirect? Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Are custom Authentication Success/Failure Handlers expected to redirect?

    So I had this bright idea of transforming the standard form login endpoint (j_spring_security_check) into an ajax response, by overriding the "AuthenticationSuccessHandler" to just set a HTTP status of 200, and then return. However, from the browser side, the connection always get timed out. From what I can tell when making a test client, the response object doesn't seem to close/flush the output stream.

    If I use code like that of SimpleURLAuthenticationSuccessHandler, everything works fine. if I do the flush in the handler, the problem is that the session and security context isn't created. What am I doing wrong?

    My onAuthenticationSuccess:

    Code:
    	public void onAuthenticationSuccess(HttpServletRequest request,
    			HttpServletResponse response, Authentication authentication)
    			throws IOException, ServletException {
            clearAuthenticationAttributes(request);
            String value=environment.getProperty("application.url")+"rest/api/user/"+authentication.getName();
            response.addHeader("Location", value);
            response.setStatus(200);
            response.getWriter().print(value);
        }
Working...
X