Form Login authenticationFailureHandler is not used in ServerHttpSecurity

[lizz365]

Summary

Use custom method when login fails, but authenticationFailureHandler method is invalid

Actual Behavior

Use the wrong user in the page at "/login",forward an authentication error page is "login?error".

Expected Behavior

Use the wrong user in the page at "/login",Execute my custom method.

Configuration

@EnableWebFluxSecurity
public class SecurityConfig {
@Autowired
    private AuthFailureHandler authFailureHandler;
@Bean
    SecurityWebFilterChain webFluxSecurityFilterChain(ServerHttpSecurity http){
        //
        http.authorizeExchange() 
                .and()
                .formLogin() 
                .authenticationFailureHandler(authFailureHandler); 
        return http.build();
    }
}

@Component
public class AuthFailureHandler implements ServerAuthenticationFailureHandler {
    private static final Logger logger = LoggerFactory.getLogger(AuthFailureHandler.class);
    @Override
    public Mono<Void> onAuthenticationFailure(WebFilterExchange webFilterExchange, AuthenticationException e) {
        logger.info("Authentication Failure");
        return null;
    }
}

spring:
  security:
    user: 
      name: guest 
      password: 123

Version

5.2.1-RELEASE

Reference

public FormLoginSpec loginPage(String loginPage) {
			this.defaultEntryPoint = new RedirectServerAuthenticationEntryPoint(loginPage);
			this.authenticationEntryPoint = this.defaultEntryPoint;
			this.requiresAuthenticationMatcher = ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST, loginPage);
			this.authenticationFailureHandler = new RedirectServerAuthenticationFailureHandler(loginPage + "?error");
			return this;
		}

Override authenticationFailureHandler value When build method of ServerHttpSecurity is executed 。

[eleftherias]

Thanks for the report @lizz365. This is now fixed by 2937754.