Expected Behavior

  • There exists an implementation of AuthenticationFailureHandler which returns an HTTP status code of 401 Unauthorized by default and can be configured to return a user-defined HTTP status code.
  • There exists an implementation of AuthenticationSuccessHandler which returns an HTTP status code of 200 OK by default and can be configured to return a user-defined HTTP status code.

Example usage:

@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    // ...

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.formLogin()
                .successHandler(new HttpStatusReturningAuthenticationSuccessHandler())
                .failureHandler(new HttpStatusReturningAuthenticationFailureHandler());
    }
}

Current Behavior There are no such handler implementations yet.

Context These convenience handlers are particularly useful in REST-type scenarios in which a redirect upon successful/failed authentication is not desired. As there already exists a similar implementation of the LogoutSuccessHandler, this could be a reasonable feature to add.

Comment From: jzheaux

Thanks for the suggestion, @mluppi.

I'm not really understanding the use case just yet. If you are in a REST-type scenario, why are you using form login? It seems like an uncommon scenario, or am I misunderstanding?

Comment From: spring-projects-issues

If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.

Comment From: spring-projects-issues

Closing due to lack of requested feedback. If you would like us to look at this issue, please provide the requested information and we will re-open the issue.