|
|
@@ -5,8 +5,10 @@ import java.io.IOException;
|
|
|
import javax.servlet.ServletException;
|
|
|
import javax.servlet.http.HttpServletRequest;
|
|
|
import javax.servlet.http.HttpServletResponse;
|
|
|
+import javax.servlet.http.HttpSession;
|
|
|
|
|
|
import org.springframework.security.core.Authentication;
|
|
|
+import org.springframework.security.web.WebAttributes;
|
|
|
|
|
|
/**
|
|
|
* <tt>AuthenticationSuccessHandler</tt> which can be configured with a default URL which users should be
|
|
|
@@ -30,9 +32,29 @@ public class SimpleUrlAuthenticationSuccessHandler extends AbstractAuthenticatio
|
|
|
setDefaultTargetUrl(defaultTargetUrl);
|
|
|
}
|
|
|
|
|
|
+ /**
|
|
|
+ * Calls the parent class {@code handle()} method to forward or redirect to the target URL, and
|
|
|
+ * then calls {@code clearAuthenticationAttributes()} to remove any leftover session data.
|
|
|
+ */
|
|
|
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
|
|
|
Authentication authentication) throws IOException, ServletException {
|
|
|
|
|
|
handle(request, response, authentication);
|
|
|
+ clearAuthenticationAttributes(request);
|
|
|
+ }
|
|
|
+
|
|
|
+ /**
|
|
|
+ * Removes temporary authentication-related data which may have been stored in the session
|
|
|
+ * during the authentication process.
|
|
|
+ */
|
|
|
+ protected final void clearAuthenticationAttributes(HttpServletRequest request) {
|
|
|
+ HttpSession session = request.getSession(false);
|
|
|
+
|
|
|
+ if (session == null) {
|
|
|
+ return;
|
|
|
+ }
|
|
|
+
|
|
|
+ session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
|
|
|
+ session.removeAttribute(WebAttributes.LAST_USERNAME);
|
|
|
}
|
|
|
}
|
Luke Taylor