Skip to content

SEC-2708: SavedRequestAwareAuthenticationSuccessHandler ignores configured RequestCache #2932

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
spring-projects-issues opened this issue Aug 22, 2014 · 2 comments
Closed

SEC-2708: SavedRequestAwareAuthenticationSuccessHandler ignores configured RequestCache #2932

spring-projects-issues opened this issue Aug 22, 2014 · 2 comments
Labels
in: config An issue in spring-security-config type: bug A general bug type: jira An issue that was migrated from JIRA

Comments

@spring-projects-issues
Copy link

Greg Adams (Migrated from SEC-2708) said:

I'm using a custom RequestCache, specified in JavaConfig thus:

@Order(Ordered.LOWEST_PRECEDENCE - 8)
    protected static class SecurityConfig extends WebSecurityConfigurerAdapter {
...
    @Override
        protected void configure(HttpSecurity http) throws Exception {
            http
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
                .requestCache().requestCache(new CookieRequestCache()).and()
...

The problem is that SavedRequestAwareAuthenticationSuccessHandler doesn't use CookieRequestCache when configured like this, it still uses the default HttpSessionRequestCache. I have to resort to something like this:

@Override
        protected void configure(HttpSecurity http) throws Exception {
            RequestCache requestCache = new CookieRequestCache();
            SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
            successHandler.setRequestCache(requestCache);
            http
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
                .requestCache().requestCache(requestCache).and()
...
.formLogin()
                    .loginPage("/login")
                    .permitAll()
                    .successHandler(successHandler)

to get saved request functionality to work with my customer request cache. I would think the request cache configured at the HttpSecurity level should be shared and used in the default form login success handler.
@spring-projects-issues spring-projects-issues added in: config An issue in spring-security-config Open type: bug A general bug type: jira An issue that was migrated from JIRA labels Feb 5, 2016
@rwinch rwinch removed the Open label May 3, 2019
@2is10
Copy link

2is10 commented Jun 5, 2024

Will this ever be prioritized?

@2is10 2is10 mentioned this issue Jun 5, 2024
Closed
@marcusdacoregio
Copy link
Contributor

Closed via #5582

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
in: config An issue in spring-security-config type: bug A general bug type: jira An issue that was migrated from JIRA
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@rwinch @2is10 @marcusdacoregio @spring-projects-issues