Skip to content

Make authenticationSuccessHandler Configurable in Resource Server DSL#18895

Open
iain-henderson wants to merge 6 commits into
spring-projects:mainfrom
iain-henderson:feature/oauth2resourceserverspec-success-handler
Open

Make authenticationSuccessHandler Configurable in Resource Server DSL#18895
iain-henderson wants to merge 6 commits into
spring-projects:mainfrom
iain-henderson:feature/oauth2resourceserverspec-success-handler

Conversation

@iain-henderson

@iain-henderson iain-henderson commented Mar 14, 2026

Copy link
Copy Markdown

The lack of a configurable ServerAuthenticationSuccessHandler in OAuth2ResourceServerSpec seemed like an oversight.

This PR corrects that.

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Mar 14, 2026
jzheaux
jzheaux requested changes Mar 20, 2026
View reviewed changes

@jzheaux jzheaux left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, @iain-henderson! I've left some feedback inline. Will you also please add a unit test to OAuth2ResourceServerSpecTests to confirm the authenticationSuccessHandler is used when specified?

Comment thread config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
@jzheaux

jzheaux commented Mar 20, 2026

Copy link
Copy Markdown
Collaborator

In addition to the review comments, will you please make sure to sign the DCO?

@jzheaux jzheaux self-assigned this Mar 20, 2026
@jzheaux jzheaux added in: config An issue in spring-security-config type: enhancement A general enhancement in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) and removed status: waiting-for-triage An issue we've not yet triaged labels Mar 20, 2026
@jzheaux jzheaux added this to the 7.1.0-RC1 milestone Mar 20, 2026
@jzheaux jzheaux added the status: waiting-for-feedback We need additional information before we can continue label Mar 23, 2026
@iain-henderson iain-henderson force-pushed the feature/oauth2resourceserverspec-success-handler branch from 1b5f59b to c342b89 Compare April 6, 2026 12:04
@iain-henderson iain-henderson reopened this Apr 6, 2026
@iain-henderson

iain-henderson commented Apr 6, 2026

Copy link
Copy Markdown
Author

DCO Signoff fixed and unit tests added. Please review to see if changes cover what is needed.

@spring-projects-issues spring-projects-issues added status: feedback-provided Feedback has been provided and removed status: waiting-for-feedback We need additional information before we can continue labels Apr 6, 2026
@iain-henderson @jzheaux
Add authenticationSuccessHandler to Reactive Resource Server DSL
3329884 
Signed-off-by: Iain Henderson <Iain.henderson@mac.com>
@jzheaux jzheaux force-pushed the feature/oauth2resourceserverspec-success-handler branch from 4a329ed to 3329884 Compare April 17, 2026 16:27
jzheaux added 3 commits April 17, 2026 10:32
@jzheaux
Align Formatting
83bed99 
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
@jzheaux
Update What's New
b514941 
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
@jzheaux
Add authenticationSuccessHandler to Reactive Resource Server Kotlin DSL
ff0abc7 
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
@jzheaux

jzheaux commented Apr 17, 2026

Copy link
Copy Markdown
Collaborator

@iain-henderson can you clarify for me what you are needing this for? Is the primary motivation to address what feels like an oversight?

@jzheaux jzheaux changed the title Add a configurable ServerAuthenticationSuccessHandler to OAuth2Resour… Make authenticationSuccessHandler Configurable in Resource Server DSL Apr 17, 2026
@jzheaux jzheaux added status: waiting-for-feedback We need additional information before we can continue and removed status: feedback-provided Feedback has been provided labels Apr 17, 2026
@jzheaux jzheaux removed this from the 7.1.0-RC1 milestone Apr 17, 2026
@jzheaux

jzheaux commented Apr 17, 2026

Copy link
Copy Markdown
Collaborator

I've added some polish as well as the symmetric Kotlin support. However, to be clear, I'd like to wait until we have a clear use case to add this feature.

@iain-henderson

iain-henderson commented Apr 18, 2026

Copy link
Copy Markdown
Author

@jzheaux Just to clarify, my primary motivation is to address an oversight.

Our implementation supports multiple authentication methods (including OAUTH) and we were using successHandlers on all of these, but we had to re-implement our success handlers as a WebFilter to work around this oversight.

It actually might be more maintainable the way it is (it matches our non-reactive implementation), but I'm sure we aren't the only ones impacted by this.

@spring-projects-issues spring-projects-issues added the status: feedback-provided Feedback has been provided label Apr 18, 2026
@spring-projects-issues spring-projects-issues removed the status: waiting-for-feedback We need additional information before we can continue label Apr 18, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jzheaux jzheaux jzheaux approved these changes

Assignees

@jzheaux jzheaux

Labels

in: config An issue in spring-security-config in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: feedback-provided Feedback has been provided type: enhancement A general enhancement

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@iain-henderson @jzheaux @spring-projects-issues