Improve AbstractAuthenticationFilterConfigurer by only using one instance of successHandler

Instead of keeping 2 instances of successHandler (defaultSuccessHandler) only one is kept and the request cache is only set if the instance implements `HasRequestCacheSetter` and the `trySetRequestCacheIntoSuccessHandler` flag is set to true (default).

This way it's also easier for devs to customize the corresponding code as RequestCache must no longer be set manually.

Author: AB-xdev

config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractAuthenticationFilterConfigurer.java

@@ -32,6 +32,7 @@
 import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
 import org.springframework.security.web.authentication.AuthenticationFailureHandler;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
+import org.springframework.security.web.authentication.HasRequestCacheSetter;
 import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
 import org.springframework.security.web.authentication.RememberMeServices;
 import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
@@ -66,9 +67,9 @@ public abstract class AbstractAuthenticationFilterConfigurer<B extends HttpSecur
 
 	private AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource;
 
-	private SavedRequestAwareAuthenticationSuccessHandler defaultSuccessHandler = new SavedRequestAwareAuthenticationSuccessHandler();
+	private AuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
 
-	private AuthenticationSuccessHandler successHandler = this.defaultSuccessHandler;
+	private boolean trySetRequestCacheIntoSuccessHandler = true;
 
 	private LoginUrlAuthenticationEntryPoint authenticationEntryPoint;
 
@@ -131,7 +132,7 @@ public final T defaultSuccessUrl(String defaultSuccessUrl, boolean alwaysUse) {
 		SavedRequestAwareAuthenticationSuccessHandler handler = new SavedRequestAwareAuthenticationSuccessHandler();
 		handler.setDefaultTargetUrl(defaultSuccessUrl);
 		handler.setAlwaysUseDefaultTargetUrl(alwaysUse);
-		this.defaultSuccessHandler = handler;
+		this.successHandler = handler;
 		return successHandler(handler);
 	}
 
@@ -183,6 +184,16 @@ public final T successHandler(AuthenticationSuccessHandler successHandler) {
 		return getSelf();
 	}
 
+	/**
+	 * Should the {@link RequestCache} be set into the {@link AuthenticationSuccessHandler} if possible?
+	 * @param trySetRequestCacheIntoSuccessHandler true if the {@code RequestCache} should be tried to be set
+	 * @return the {@link AbstractAuthenticationFilterConfigurer} for additional customization
+	 */
+	public final T trySetRequestCacheIntoSuccessHandler(boolean trySetRequestCacheIntoSuccessHandler) {
+		this.trySetRequestCacheIntoSuccessHandler = trySetRequestCacheIntoSuccessHandler;
+		return getSelf();
+	}
+
 	/**
 	 * Equivalent of invoking permitAll(true)
 	 * @return the {@link FormLoginConfigurer} for additional customization
@@ -273,9 +284,12 @@ public void configure(B http) {
 		if (portMapper != null) {
 			this.authenticationEntryPoint.setPortMapper(portMapper);
 		}
-		RequestCache requestCache = http.getSharedObject(RequestCache.class);
-		if (requestCache != null) {
-			this.defaultSuccessHandler.setRequestCache(requestCache);
+		if(trySetRequestCacheIntoSuccessHandler
+				&& successHandler instanceof HasRequestCacheSetter hasRequestCacheSetter) {
+			RequestCache requestCache = http.getSharedObject(RequestCache.class);
+			if (requestCache != null) {
+				hasRequestCacheSetter.setRequestCache(requestCache);
+			}
 		}
 		this.authFilter.setAuthenticationManager(http.getSharedObject(AuthenticationManager.class));
 		this.authFilter.setAuthenticationSuccessHandler(this.successHandler);

web/src/main/java/org/springframework/security/web/authentication/HasRequestCacheSetter.java

@@ -0,0 +1,8 @@
+package org.springframework.security.web.authentication;
+
+import org.springframework.security.web.savedrequest.RequestCache;
+
+public interface HasRequestCacheSetter {
+
+	void setRequestCache(RequestCache requestCache);
+}

web/src/main/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandler.java

@@ -63,7 +63,8 @@
  * @author Luke Taylor
  * @since 3.0
  */
-public class SavedRequestAwareAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
+public class SavedRequestAwareAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler
+	implements HasRequestCacheSetter {
 
 	protected final Log logger = LogFactory.getLog(this.getClass());
 
@@ -90,6 +91,7 @@ public void onAuthenticationSuccess(HttpServletRequest request, HttpServletRespo
 		getRedirectStrategy().sendRedirect(request, response, targetUrl);
 	}
 
+	@Override
 	public void setRequestCache(RequestCache requestCache) {
 		this.requestCache = requestCache;
 	}