SavedRequestAwareAuthenticationSuccessHandler

Class Overview

An authentication success strategy which can make use of the DefaultSavedRequest which may have been stored in the session by the ExceptionTranslationFilter. When such a request is intercepted and requires authentication, the request data is stored to record the original destination before the authentication process commenced, and to allow the request to be reconstructed when a redirect to the same URL occurs. This class is responsible for performing the redirect to the original URL if appropriate.

Following a successful authentication, it decides on the redirect destination, based on the following scenarios:

• If the alwaysUseDefaultTargetUrl property is set to true, the defaultTargetUrl will be used for the destination. Any DefaultSavedRequest stored in the session will be removed.
• If the targetUrlParameter has been set on the request, the value will be used as the destination. Any DefaultSavedRequest will again be removed.
• If a SavedRequest is found in the RequestCache (as set by the ExceptionTranslationFilter to record the original destination before the authentication process commenced), a redirect will be performed to the Url of that original destination. The SavedRequest object will remain cached and be picked up when the redirected request is received (See org.springframework.security.web.savedrequest.SavedRequestAwareWrapper SavedRequestAwareWrapper).
• If no SavedRequest is found, it will delegate to the base class.

Summary

[Expand] Inherited Fields
From class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler protected final Log logger

[Expand] Inherited Methods
From class org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler final void clearAuthenticationAttributes(HttpServletRequest request) Removes temporary authentication-related data which may have been stored in the session during the authentication process. void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) Calls the parent class handle() method to forward or redirect to the target URL, and then calls clearAuthenticationAttributes() to remove any leftover session data.
From class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler String determineTargetUrl(HttpServletRequest request, HttpServletResponse response) Builds the target URL according to the logic defined in the main class Javadoc. final String getDefaultTargetUrl() Supplies the default target Url that will be used if no saved request is found or the alwaysUseDefaultTargetUrl property is set to true. RedirectStrategy getRedirectStrategy() String getTargetUrlParameter() void handle(HttpServletRequest request, HttpServletResponse response, Authentication authentication) Invokes the configured RedirectStrategy with the URL returned by the determineTargetUrl method. boolean isAlwaysUseDefaultTargetUrl() void setAlwaysUseDefaultTargetUrl(boolean alwaysUseDefaultTargetUrl) If true, will always redirect to the value of defaultTargetUrl (defaults to false). void setDefaultTargetUrl(String defaultTargetUrl) Supplies the default target Url that will be used if no saved request is found in the session, or the alwaysUseDefaultTargetUrl property is set to true. void setRedirectStrategy(RedirectStrategy redirectStrategy) Allows overriding of the behaviour when redirecting to a target URL. void setTargetUrlParameter(String targetUrlParameter) If this property is set, the current request will be checked for this a parameter with this name and the value used as the target URL if present. void setUseReferer(boolean useReferer) If set to true the Referer header will be used (if available).
From class java.lang.Object Object clone() boolean equals(Object arg0) void finalize() final Class<?> getClass() int hashCode() final void notify() final void notifyAll() String toString() final void wait() final void wait(long arg0, int arg1) final void wait(long arg0)
From interface org.springframework.security.web.authentication.AuthenticationSuccessHandler abstract void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) Called when a user has been successfully authenticated.