Closed
Description
Greg Adams (Migrated from SEC-2708) said:
I'm using a custom RequestCache, specified in JavaConfig thus:
@Order(Ordered.LOWEST_PRECEDENCE - 8)
protected static class SecurityConfig extends WebSecurityConfigurerAdapter {
...
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.requestCache().requestCache(new CookieRequestCache()).and()
...
The problem is that SavedRequestAwareAuthenticationSuccessHandler doesn't use CookieRequestCache when configured like this, it still uses the default HttpSessionRequestCache. I have to resort to something like this:
@Override
protected void configure(HttpSecurity http) throws Exception {
RequestCache requestCache = new CookieRequestCache();
SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
successHandler.setRequestCache(requestCache);
http
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.requestCache().requestCache(requestCache).and()
...
.formLogin()
.loginPage("/login")
.permitAll()
.successHandler(successHandler)
to get saved request functionality to work with my customer request cache. I would think the request cache configured at the HttpSecurity level should be shared and used in the default form login success handler.