AuthenticationSuccessHandler not getting called

[VibrantIce]

I'm just getting my feet wet with Spring and Spring Security, and I feel I must be missing something fundamental to the authentication configuration/process. After successful authentication, I need to redirect to one of several pages (sub-applications), depending upon how the user authenticated and their roles.

It was my understanding that I would have to write a custom AuthenticationSuccessHandler and override onAuthenticationSuccess(). I did that, but that class isn't getting called, so Spring Security just redirects to "/" by default I guess (where I get a 404). If I manually navigate to the proper page after authentication, it loads fine. Am I misconfigured?

Code:

<beans:bean id="myCustomAuthenticationProvider" class="com.company.MyAuthenticationProvider" >
<!-- this works fine -->
</beans:bean>

<beans:bean id="myAuthenticationSuccessHandler" class="com.company.MyAuthenticationSuccessHandler">
<!-- This never gets called -->
</beans:bean>

<beans:bean id="myAuthenticationEntryPoint" class="com.company.MyAuthenticationProcessingFilterEntryPoint">
    	<!-- This just appends to the querystring -->
   	<beans:property name="loginFormUrl" value="/login.html"/>
    	<beans:property name="forceHttps" value="true"/>
</beans:bean>

<beans:bean id="customAuthenticationProcessingFilter" class="com.company.MyAuthenticationProcessingFilter">
	<!-- this invalidates existing session before calling super.attemptAuthentication(...) -->
	<beans:property name="authenticationManager" ref="authenticationManager" />

<!-- Is this line configured wrong??? -->
	<beans:property name="authenticationSuccessHandler" ref="myAuthenticationSuccessHandler" />

	<beans:property name="allowSessionCreation" value="true" />
</beans:bean>

<authentication-manager alias='authenticationManager' >
	<authentication-provider ref="myCustomAuthenticationProvider" />
</authentication-manager>
...
<http auto-config="false" entry-point-ref="myAuthenticationEntryPoint" 
    		authentication-manager-ref="authenticationManager">
        
  		<custom-filter ref="customAuthenticationProcessingFilter" position="FORM_LOGIN_FILTER" />
...

[Rob Winch]

What does MyAuthenticationProcessingFilter look like? Can you use a tool like FireFox Tamper Data to see what the HTTP request/responses are after loging in? You might also enable debug logging in Spring Security and see if the logs help any.

[VibrantIce]

The filter gets the session and invalidates it if it already existed, then creates a new one. Then it returns super.attemptAuthentication(request,response); Does that by itself say anything to you?

I used Chrome's developer tools to get the header/post data.

The login posts to j_spring_security_check with the correct form fields

j_spring_security_check responds with a 302. Header's location is just the app's root. It never enters the MyAuthenticationSuccessHandler to do the custom redirection.

[Rob Winch]

The filter gets the session and invalidates it if it already existed, then creates a new one. Then it returns super.attemptAuthentication(request,response); Does that by itself say anything to you?

Something but not enough For example, what is the super class? Can you post the code?

I used Chrome's developer tools to get the header/post data.

The login posts to j_spring_security_check with the correct form fields

j_spring_security_check responds with a 302. Header's location is just the app's root. It never enters the MyAuthenticationSuccessHandler to do the custom redirection.

What does the debug logging look like?

[VibrantIce]

I found that this was preventing the code from executing:

Code:

position="FORM_LOGIN_FILTER"

I changed it to:

Code:

before="FORM_LOGIN_FILTER"

And now it works.