Skip to content

SEC-2708: SavedRequestAwareAuthenticationSuccessHandler ignores configured RequestCache #2932

Closed
@spring-projects-issues

Description

@spring-projects-issues

Greg Adams (Migrated from SEC-2708) said:

I'm using a custom RequestCache, specified in JavaConfig thus:

@Order(Ordered.LOWEST_PRECEDENCE - 8)
    protected static class SecurityConfig extends WebSecurityConfigurerAdapter {
...
    @Override
        protected void configure(HttpSecurity http) throws Exception {
            http
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
                .requestCache().requestCache(new CookieRequestCache()).and()
...

The problem is that SavedRequestAwareAuthenticationSuccessHandler doesn't use CookieRequestCache when configured like this, it still uses the default HttpSessionRequestCache. I have to resort to something like this:

@Override
        protected void configure(HttpSecurity http) throws Exception {
            RequestCache requestCache = new CookieRequestCache();
            SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
            successHandler.setRequestCache(requestCache);
            http
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
                .requestCache().requestCache(requestCache).and()
...
.formLogin()
                    .loginPage("/login")
                    .permitAll()
                    .successHandler(successHandler)

to get saved request functionality to work with my customer request cache. I would think the request cache configured at the HttpSecurity level should be shared and used in the default form login success handler.

Metadata

Metadata

Assignees

No one assigned

    Labels

    in: configAn issue in spring-security-configtype: bugA general bugtype: jiraAn issue that was migrated from JIRA

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions