It is not possible to use referer as redirection location using SavedRequestAwareAuthenticationSuccessHandler

[Antoniossss]

Summary

Current implementation by any means does not allow to use referer as redirection url despite extending AbstractAuthenticationTargetUrlRequestHandler which allows that and exposes propert setter useReferer(true).

Actual Behavior

Exposed useReferer setter has no effect.

Expected Behavior

Use referrer as redirection location if useReferer(true) is set and proper header is present in the original request.

Version

<spring-security.version>5.0.10.RELEASE</spring-security.version>

Sample

This example shows badly written (trial and error yet) workaround implementation

Will add working workaround

This is done to affect following check inside SavedRequestAwareAuthenticationSuccessHandler

spring-security/web/src/main/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandler.java

Lines 84 to 91 in 05caf3d

	String targetUrlParameter = getTargetUrlParameter();
	if (isAlwaysUseDefaultTargetUrl()
	|| (targetUrlParameter != null && StringUtils.hasText(request
	.getParameter(targetUrlParameter)))) {
	requestCache.removeRequest(request, response);
	super.onAuthenticationSuccess(request, response, authentication);
	return;

In general, if isAlwaysUseDefaultTargetUrl - default target will be used even if not specified. If targetUrl parameter is set and present - it will be used. There is no other path to access .superOnAuthenticationSuccess to get referer working having saver request - and this is my goal