in src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java [342:398]
public boolean authenticationSucceeded(HttpServletRequest request, HttpServletResponse response,
AuthenticationInfo authInfo) {
/*
* Note: This method is called if this handler provided credentials which
* succeeded login into the repository
*/
// ensure fresh authentication data
refreshAuthData(request, response, authInfo);
final boolean result;
// SLING-1847: only consider a resource redirect if this is a POST request
// to the j_security_check URL
if (REQUEST_METHOD.equals(request.getMethod()) && request.getRequestURI().endsWith(REQUEST_URL_SUFFIX)) {
if (DefaultAuthenticationFeedbackHandler.handleRedirect(request, response)) {
// terminate request, all done in the default handler
result = false;
} else {
// check whether redirect is requested by the resource parameter
final String targetResource = AuthUtil.getLoginResource(request, null);
if (targetResource != null) {
try {
if (response.isCommitted()) {
throw new IllegalStateException("Response is already committed");
}
response.resetBuffer();
StringBuilder b = new StringBuilder();
if (AuthUtil.isRedirectValid(request, targetResource)) {
b.append(targetResource);
} else if (request.getContextPath().length() == 0) {
b.append("/");
} else {
b.append(request.getContextPath());
}
response.sendRedirect(b.toString());
} catch (IOException ioe) {
log.error("Failed to send redirect to: " + targetResource, ioe);
}
// terminate request, all done
result = true;
} else {
// no redirect, hence continue processing
result = false;
}
}
} else {
// no redirect, hence continue processing
result = false;
}
// no redirect
return result;
}