SEC-1767: Allow to change Authentication Failure Handler in security namespace for SessionManagementFilter #2000
Labels
in: config
An issue in spring-security-config
status: ideal-for-contribution
An issue that we actively are looking for someone to help us with
type: enhancement
A general enhancement
type: jira
An issue that was migrated from JIRA
Roberto Ruiz (Migrated from SEC-1767) said:
In form login, I use a custom Authentication failure handler to redirect to login page and show a message. I configure it easily with the authentication-failure-handler-ref attribute.
It would be nice to be able to do the same for Session Management Filter in the security:session-management tag. Currently, if I want to change the handler, I have to create my own Session Management Filter and insert it in the chain:
<security:custom-filter before="SESSION_MANAGEMENT_FILTER" ref="mptSessionManagementFilter" />
I have to insert it before the default session management filter. For some reason it does not allow me to override the default one. My complete security configuration is:
Related gh-2121
The text was updated successfully, but these errors were encountered: