Your springContext.xml file:
Note: always-use-default-target="false" and authentication-success-handler-ref="authenticationSuccessHandler"
... <s:http auto-config='true'> <s:intercept-url pattern="/secure/**" access="ROLE_WEBUSER" /> <s:form-login always-use-default-target="false" login-processing-url="/j_spring_security_check" login-page="/index.html" authentication-failure-handler-ref="authenticationFailureHandler" authentication-success-handler-ref="authenticationSuccessHandler" default-target-url="/secure/alert.html" /> <s:logout logout-url="/j_spring_security_logout" logout-success-url="/index.jsp" /> <s:access-denied-handler error-page="/index.html" /> </s:http> <bean id="authenticationSuccessHandler" class="monkey.web.springsecurity.AuthSuccessHandler" /> ...
Your class:
package monkey.web.springsecurity; import java.io.IOException; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.log4j.Logger; import org.springframework.security.web.DefaultRedirectStrategy; import org.springframework.security.web.RedirectStrategy; import org.springframework.security.web.authentication.AuthenticationSuccessHandler; import org.springframework.security.web.savedrequest.HttpSessionRequestCache; import org.springframework.security.web.savedrequest.SavedRequest; import works.deepdata.deepalert.util.DeepAlertConstants; import works.deepdata.deepalert.util.StringUtils; public class AuthSuccessHandler implements AuthenticationSuccessHandler { private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy(); private static Logger logger = Logger.getLogger(AuthSuccessHandler.class); @Override public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, org.springframework.security.core.Authentication authentication) throws IOException, ServletException { logger.debug("After successful auth..."); String targetUrl = determineTargetUrl(request, response); if (response.isCommitted()) { logger.error("Response has already been committed. Unable to redirect to " + targetUrl); return; } redirectStrategy.sendRedirect(request, response, targetUrl); } protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response) { SavedRequest savedRequest = new HttpSessionRequestCache().getRequest(request, response); if (savedRequest != null) { String targetUrl = savedRequest.getRedirectUrl(); if (StringUtils.isNotNullOrBlank(targetUrl)) { logger.debug("Redirecting to: "+targetUrl); return targetUrl; } } return DeepAlertConstants.DEFAULT_AUTH_URL; } }