Spring security not hitting default-target-url after successful authtication

Question

I have implemented spring-security in my application, my spring-security.xml has following form-login tag.

Answer 1

Try removing the default-target-url attribute and add the following:

<b:bean id="authenticationSuccessHandler" class="com.example.CustomSimpleURLAuthenticationSuccessHandler">
    <b:property name="defaultTargetUrl" value="/dashboard.htm"/>
</b:bean>

Answer 2

<beans:bean id="loginSuccessHandler" class="com.example.LoginSuccessHandler">
    <beans:property name="defaultTargetUrl" value="/security/success"/>
    <beans:property name="alwaysUseDefaultTargetUrl" value="true"/>
</beans:bean>

public class LoginSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {

     @Override
     public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
                                    Authentication authentication) throws ServletException, IOException {
         request.getSession().setMaxInactiveInterval(60 * 60); //one hour
         System.out.println("Session set up for 60min");
         super.onAuthenticationSuccess(request, response, authentication);
      }
}

Answer 3

I use this suggestion from the question spring is not redirecting to default target url?. I tried this and it is working.

<form-login login-page="/login.htm" 
default-target-url="/dashboard.htm" 
always-use-default-target="true"/>

Answer 4

As you can see in the image, there is some kind of bad design (IMO It always redirect to the default-target-url). When you go to the login form from a forbidden resource, it will redirect you to that URL and not going thru the default-target-url

http://i.stack.imgur.com/fj9ou.png