Announcement Announcement Module
Collapse
No announcement yet.
AuthenticationSuccessHandler not getting called Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • AuthenticationSuccessHandler not getting called

    I'm just getting my feet wet with Spring and Spring Security, and I feel I must be missing something fundamental to the authentication configuration/process. After successful authentication, I need to redirect to one of several pages (sub-applications), depending upon how the user authenticated and their roles.

    It was my understanding that I would have to write a custom AuthenticationSuccessHandler and override onAuthenticationSuccess(). I did that, but that class isn't getting called, so Spring Security just redirects to "/" by default I guess (where I get a 404). If I manually navigate to the proper page after authentication, it loads fine. Am I misconfigured?
    Code:
    <beans:bean id="myCustomAuthenticationProvider" class="com.company.MyAuthenticationProvider" >
    <!-- this works fine -->
    </beans:bean>
    
    <beans:bean id="myAuthenticationSuccessHandler" class="com.company.MyAuthenticationSuccessHandler">
    <!-- This never gets called -->
    </beans:bean>
    
    <beans:bean id="myAuthenticationEntryPoint" class="com.company.MyAuthenticationProcessingFilterEntryPoint">
        	<!-- This just appends to the querystring -->
       	<beans:property name="loginFormUrl" value="/login.html"/>
        	<beans:property name="forceHttps" value="true"/>
    </beans:bean>
    
    <beans:bean id="customAuthenticationProcessingFilter" class="com.company.MyAuthenticationProcessingFilter">
    	<!-- this invalidates existing session before calling super.attemptAuthentication(...) -->
    	<beans:property name="authenticationManager" ref="authenticationManager" />
    
    <!-- Is this line configured wrong??? -->
    	<beans:property name="authenticationSuccessHandler" ref="myAuthenticationSuccessHandler" />
    
    	<beans:property name="allowSessionCreation" value="true" />
    </beans:bean>
    
    <authentication-manager alias='authenticationManager' >
    	<authentication-provider ref="myCustomAuthenticationProvider" />
    </authentication-manager>
    ...
    <http auto-config="false" entry-point-ref="myAuthenticationEntryPoint" 
        		authentication-manager-ref="authenticationManager">
            
      		<custom-filter ref="customAuthenticationProcessingFilter" position="FORM_LOGIN_FILTER" />
    ...

  • #2
    What does MyAuthenticationProcessingFilter look like? Can you use a tool like FireFox Tamper Data to see what the HTTP request/responses are after loging in? You might also enable debug logging in Spring Security and see if the logs help any.

    Comment


    • #3
      The filter gets the session and invalidates it if it already existed, then creates a new one. Then it returns super.attemptAuthentication(request,response); Does that by itself say anything to you?

      I used Chrome's developer tools to get the header/post data.

      The login posts to j_spring_security_check with the correct form fields

      j_spring_security_check responds with a 302. Header's location is just the app's root. It never enters the MyAuthenticationSuccessHandler to do the custom redirection.
      Last edited by VibrantIce; Jun 18th, 2012, 09:04 AM. Reason: Additional info added about http headers

      Comment


      • #4
        Originally posted by VibrantIce View Post
        The filter gets the session and invalidates it if it already existed, then creates a new one. Then it returns super.attemptAuthentication(request,response); Does that by itself say anything to you?
        Something but not enough For example, what is the super class? Can you post the code?

        I used Chrome's developer tools to get the header/post data.

        The login posts to j_spring_security_check with the correct form fields

        j_spring_security_check responds with a 302. Header's location is just the app's root. It never enters the MyAuthenticationSuccessHandler to do the custom redirection.
        What does the debug logging look like?

        Comment


        • #5
          I found that this was preventing the code from executing:

          Code:
          position="FORM_LOGIN_FILTER"
          I changed it to:

          Code:
          before="FORM_LOGIN_FILTER"
          And now it works.

          Comment


          • #6
            Hi Vibrantice

            i am having the same issue, i am working on Spring security and i have an issue where after successfulAuthentication the request is not being passed to the sucesshandler url
            i have my own CustomAuthenticationProcessingFilter which extends UsernamePasswordAuthenticationFilter and added two overridden methods as seen below
            i dont want to type the entire thing again here is the thread i have already started, can you please advice how where you able to fix this.

            Hello i am working on Spring security and i have an issue where after successfulAuthentication the request is not being passed to the sucesshandler ur

            Comment

            Working...
            X