Post login execution

Question

Hello,

I need to do some processing only after the user has successfully logged in the system. I have thought that I can do a RESTful method and setting it as the default-target-url so when the login is successful it goes to this url and then I can redirect to the real index of my web application.

<form-login login-page='/login.htm' default-target-url='/home.htm' always-use-default-target='true' />

The problem is that this processing can be executed by calling its URL so it could be executed by any user at any time. I want to make sure it is only executed after login. Is there any way to do this?

Thank you very much.

Answer 1

Could you do this in a Servlet Filter?

/**
 * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest,
 *      javax.servlet.ServletResponse, javax.servlet.FilterChain)
 */
public void doFilter(ServletRequest request, ServletResponse response,
        FilterChain chain) throws IOException, ServletException
{
    chain.doFilter(request, response);

    // Do post processing here if we have a valid session for the user
}

And in web.xml

<filter>
    <filter-name>PostLoginFilter</filter-name>
    <filter-class>
        com.scoreout.web.servlet.filter.PostLoginFilter
    </filter-class>
</filter>

<filter-mapping>
    <filter-name>PostLoginFilter</filter-name>
    <url-pattern>/login.htm</url-pattern>
</filter-mapping>

Answer 2

I solved it by creating a handler which extends SavedRequestAwareAuthenticationSuccessHandler implements AuthenticationSuccessHandler and by doing my custom implementation in onAuthenticationSuccess method.

To call this handler after the succeeded Login I set authentication-success-handler-ref property in the XML configuration.