On formLogin -> authenticationSuccessHandler -> new RedirectServerAuthenticationSuccessHandler("/location") fails redirect

[hth]

Describe the bug
On successful login, I am trying to redirect but it always defaults to "/"

To Reproduce
Steps to reproduce the behavior.

@Configuration
@EnableWebFluxSecurity
@EnableReactiveMethodSecurity
public class MultiSecurityHttpConfig {

  http
      .authorizeExchange((authorize) -> authorize
                    .pathMatchers("/resources/**", "/signup", "/about").permitAll()
                    .pathMatchers("/home/**").hasRole("USER")
                    .pathMatchers("/admin/**").hasRole("ADMIN")
                    .pathMatchers("/db/**").access((authentication, context) ->
                            hasRole("ADMIN")
                                    .check(authentication, context)
                                    .filter(decision -> !decision.isGranted())
                                    .switchIfEmpty(hasRole("DBA").check(authentication, context))
                    )
                    .anyExchange().denyAll())
      .formLogin(formLogin -> formLogin
                 .authenticationSuccessHandler(new RedirectServerAuthenticationSuccessHandler("/home/landing")));

Expected behavior
After successful login, should get re-directed to "/home/landing"

Sample

A link to a GitHub repository with a minimal, reproducible sample.

Reports that include a sample will take priority over reports that do not.
At times, we may require a sample, so it is good to try and include a sample up front.

[abimael-turing]

I was unable to replicate the error using the code you provided. Upon testing the following code snippet, it executed successfully:

@Bean
SecurityFilterChain springSecurityFilterChain(HttpSecurity http) throws Exception {

    AuthenticationSuccessHandler successHandler = (request, response, authentication) -> response.sendRedirect("/home/landing");
    
    http.authorizeHttpRequests((requests) -> requests
                    .requestMatchers("/home/**").authenticated()
                    .requestMatchers("/resources/**", "/signup", "/about").permitAll())
            .formLogin(form -> form.successHandler(successHandler))
            .httpBasic(withDefaults());
    return http.build();
}

Could you please provide a more comprehensive code snippet for further analysis?

[hth]

Sample code listed at https://github.com/hth/spring-security-samples
Run module configured-login
User name: user@hth.github.com
Password: password
Expected to redirect -> "/home/landing"

Successful login first time gives you 'Access Denied'

Steps to follow @abimael-turing

1. http://localhost:8092
2. Enter credentials
3. Access denied shown

File

[abimael-turing]

Hi @hth,

I wanted to update you that I followed your instructions, and everything is working as expected on my end. There are no errors or 'Access denied' messages. If you need any further assistance or have additional instructions, please let me know. Thank you.

[abimael-turing]

@hth I am running configured-login

[hth]

Please see the steps and match with the gif @abimael-turing

1. http://localhost:8092/
2. Enter credentials
3. Access denied shown

Expected to redirect after successful login
Should have redirected to http://localhost:8092/home/landing

Note: Your starting link has to be http://localhost:8092/

[sjohnr]

Thanks for getting in touch @hth, but it feels like this is a question that would be better suited to Stack Overflow. We prefer to use GitHub issues only for bugs and enhancements. Feel free to update this issue with a link to the re-posted question (so that other people can find it) or add a minimal sample that reproduces this issue if you feel this is a genuine bug.

Please note that the sample you have linked is not minimal and contains numerous customizations unrelated to the redirect handler.