Spring Security Fowarding to original URL for stateless session

Expected Behavior

I should use setAuthenticationSuccessHandler(new ForwardAuthenticationSuccessHandler ()); in the filter constructor to foward an authentication success to request target

Current Behavior

Today there is a need to create an custom AuthenticationSuccessHandler or override successfulAuthentication() to call chain.doFilter(request, response); instead of successHandler.onAuthenticationSuccess(request, response, authResult);

Context This occured me when im creating a custom authentication filter, the solution for this is simple modify the ForwardAuthenticationSuccessHandler to

public class ForwardAuthenticationSuccessHandler implements AuthenticationSuccessHandler {

    private final String forwardUrl;

    /**
     * @param forwardUrl
     */
    public ForwardAuthenticationSuccessHandler(String forwardUrl) {
        Assert.isTrue(UrlUtils.isValidRedirectUrl(forwardUrl), "'"
                + forwardUrl + "' is not a valid forward URL");
        this.forwardUrl = forwardUrl;
    }

    public ForwardAuthenticationSuccessHandler() {

    }


    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
            if(forwardUrl != null) {
                 request.getRequestDispatcher(forwardUrl).forward(request, response);
        }else{
                request.getRequestDispatcher(request.getServletPath()).forward(request, response);
        }

    }


}

But with this modification the given response code for fobbiden error i getting are 200 with a empty body istead of 403

Comment From: marcusdacoregio

Hi @willer007.

I don't know if I follow. Why can't you use new ForwardAuthenticationSuccessHandler("/my-desired-url")?

Can you clarify a little bit more what you are trying to achieve with this change?

Comment From: sjohnr

@willer007, in case you missed the above comment, could you clarify further what you're trying to accomplish? For example, are you trying to implement a success handler for stateless request to a resource server (e.g. with a JWT)?

Comment From: spring-projects-issues

If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.

Comment From: spring-projects-issues

Closing due to lack of requested feedback. If you would like us to look at this issue, please provide the requested information and we will re-open the issue.