I'm using spring-security-3.1.0.RELEASE. I'm finding that when I hit a deep link with a valid remember-me token (such as "/foo") that I'm always redirected to "/" after successful authentication. Note that my configured default-target-url is "/home."

Here's the relevant xml from my security config:

Code:
<security:http use-expressions="true" authentication-manager-ref="userServiceAuthenticationManager"
	               pattern="/**" disable-url-rewriting="true" >
	<security:form-login login-page="/member/login" login-processing-url="/member/loginProcess"
	                     default-target-url="/home" authentication-failure-url="/member/login?login_error=1"
	                     authentication-success-handler-ref="memberAuthenticationSuccessHandler"/>
	<security:remember-me authentication-success-handler-ref="memberAuthenticationSuccessHandler"
	                      user-service-ref="userService" />
</security:http>

<bean id="memberAuthenticationSuccessHandler"
      class="com.example.application.MemberAuthenticationSuccessHandler"/>

<bean id="userService" class="com.example.application.service.member.MemberAuthenticationProvider"/>

<security:authentication-manager alias="userServiceAuthenticationManager" id="userServiceAuthenticationManager">
	<security:authentication-provider user-service-ref="userService"/>
</security:authentication-manager>
I'm implementing a SavedRequestAwareAuthenticationSuccessHandler in both the form-login and remember-me auth cases so I can set some stuff I need in the session. Here's the relevant code from my AuthenticationSuccessHandler:

Code:
public class MemberAuthenticationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {
	@Override
	public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws ServletException, IOException {
	
		Member member = (Member) authentication.getPrincipal();

		// Set some stuff in the session for the member.
	
		super.onAuthenticationSuccess(request, response, authentication);
	}
}
Any ideas on what might be going on here?

Thanks.