Since onSuccessfulAuthentication is extended by custom logic, it may be possible that this logic may want to rediect the response to a different url.
A response.sendRedirect() in the onSuccessfulAuthentication() implementation would cause a failure in the subsequent sendRedirect.
A Sample Use Case can be:
1. attemptAuth() succeeds
2. successfulAuthentication called
3. onSuccessfulAuthentication in 2 calls a userLogic()
4. userLogic builds some other data – some data couldnot be built – fatal/error/warn – send to a different page.
5. but sendRedirect called after 4 completes – Throughs IlleagalStateException as response already redirected.
Is there an existing solution to this?
The text was updated successfully, but these errors were encountered:
The intended flow is as you describe and caters for the vast majority of use cases. You can always override the successfulAuthentication method itself if you need to do something that doesn’t fit the current template.
There is a lot of Spring code in successfulAuthentication(). This weight lifting should not be delegated to the developer who doenot need to know it.
The main reason why a onSuccessfulAuthentication() call back is provided is for the same reason. The developer will do only the user logic, not the spring logic. It is just that there is no control on the response.
In a similar issue, instead of overriding successfulAuthentication(), I threw a user defined Exception and wrote an exception page in web.xml. It is fine by me. But I thought this is more frequently applied use case. having a flag to return to control the response would definitely be a plus.