'spring AuthenticationSuccessHandler not called

I'm using Spring Boot security and trying to implement an AuthenticationSuccessHandler, but it's ignored when I authenticate. Currently I've not implemented any Roles.

I have an AbstractController containing an /authenticate endpoint and a CustomerController which extends it, this is why I have :

            .loginProcessingUrl("customer/authenticate").permitAll()

I have

@Component public class JwtFilter extends OncePerRequestFilter

And added as a filterBefore in my WebSecurity like so :

.addFilterBefore(jwtFitler,UsernamePasswordAuthenticationFilter.clas)

What I've tried :

  1. Removing "customer" prefix in loginProcessingUrl
          .loginProcessingUrl("/authenticate").permitAll()
  1. Removing
          .addFilterBefore(jwtFitler, UsernamePasswordAuthenticationFilter.class);
  1. Using SimpleUrlAuthenticationSuccessHandler instead of AuthenticationProvider

CODE :

WebSecurity configuration :

protected void configure(HttpSecurity http) throws Exception {
        http.cors().and().csrf().disable().authorizeRequests()
                .antMatchers(HttpMethod.POST, REGISTER_USERS_URL, LOG_IN_URL).permitAll()
                .antMatchers(HttpMethod.GET, "/", HOME, GET_ACCOUNTS_URL).permitAll()
                .antMatchers("/**.js").permitAll()
                .antMatchers("/**.css").permitAll()
                .anyRequest().authenticated()
                .and()
                .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
                .formLogin()
                .loginPage("/login").permitAll()
                .loginProcessingUrl("customer/authenticate").permitAll()
                .successHandler(authenticationSuccessHandler)
                .and()
                .addFilterBefore(jwtFitler, UsernamePasswordAuthenticationFilter.class);
    }

----------------------- EDIT WITH SOLUTION ----------------------

Solution :

Call the authentication success handler before doFilter ;

    authenticationSuccessHandler.onAuthenticationSuccess(
       httpServletRequest, 
       httpServletResponse,                      
       SecurityContextHolder.getContext().getAuthentication());


filterChain.doFilter(httpServletRequest, httpServletResponse);

Complete code :

@Component
public class JwtFilter extends OncePerRequestFilter {
                                
    @Autowired
      private AuthenticationSuccessHandlerImpl 
       authenticationSuccessHandler;
                
      @Override
      protected void doFilterInternal(HttpServletRequest, 
      @NotNull HttpServletResponse httpServletResponse,
      @NotNull FilterChain filterChain) throws ServletException, 
   IOException {
                                    
    //SOLUTION        
          authenticationSuccessHandler.onAuthenticationSuccess(httpServletRequest, 
    httpServletResponse,                                        
    SecurityContextHolder.getContext().getAuthentication());
    filterChain.doFilter(httpServletRequest, httpServletResponse);
     }
    }
javaspringspring-bootspring-security


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions