What happens after login (to which url the user is redirected) is handled by the AuthenticationSuccessHandler
.
This interface (a concrete class implementing it is SavedRequestAwareAuthenticationSuccessHandler
) is invoked by the AbstractAuthenticationProcessingFilter
or one of its subclasses like (UsernamePasswordAuthenticationFilter
) in the method successfulAuthentication
.
So in order to have an other redirect in case 3 you have to subclass SavedRequestAwareAuthenticationSuccessHandler
and make it to do what you want.
Sometimes (depending on your exact usecase) it is enough to enable the useReferer
flag of AbstractAuthenticationTargetUrlRequestHandler
which is invoked by SimpleUrlAuthenticationSuccessHandler
(super class of SavedRequestAwareAuthenticationSuccessHandler
).
<bean id="authenticationFilter"
class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
<property name="filterProcessesUrl" value="/login/j_spring_security_check" />
<property name="authenticationManager" ref="authenticationManager" />
<property name="authenticationSuccessHandler">
<bean class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
<property name="useReferer" value="true"/>
</bean>
</property>
<property name="authenticationFailureHandler">
<bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<property name="defaultFailureUrl" value="/login?login_error=t" />
</bean>
</property>
</bean>