Menu
I have a Spring Security implementation that is stateless and uses token-based authentication. Most of my logic lives inside of a class that extends AbstractAuthenticationProcessingFilter. My problem is that after authentication is successful, AbstractAuthenticationProcessingFilter does a 302 redirect, which I don't want. I just want the original request to complete. How do I get around this?
852
I was able to make the "login" rest method exposed by spring security to return "200 OK" rather than "302 Redirect" by overriding the success and failure handler. The below code shows how to achieve the same.
//configure http by using the successHandler
//and failure handler methods
http.
formLogin()
.loginPage("/authentication/login")
.loginProcessingUrl("/authentication/processLogin")
.successHandler(successHandler())
.failureHandler(failureHandler())
.and()
......
private AuthenticationFailureHandler failureHandler() {
return new SimpleUrlAuthenticationFailureHandler() {
public void onAuthenticationFailure(HttpServletRequest request,
HttpServletResponse response, AuthenticationException exception)
throws IOException, ServletException {
response.setContentType("text/html;charset=UTF-8");
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Authentication Failed. Wrong username or password or both");
}
};
}
private AuthenticationSuccessHandler successHandler() {
return new SimpleUrlAuthenticationSuccessHandler() {
public void onAuthenticationSuccess(HttpServletRequest request,
HttpServletResponse response, Authentication authentication)
throws IOException, ServletException {
response.setContentType("text/html;charset=UTF-8");
HttpSession session = request.getSession(false);
session.setMaxInactiveInterval(60*180);
response.getWriter().println("LoginSuccessful");
}
};
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
