Added extra logging.

web/src/main/java/org/springframework/security/web/DefaultRedirectStrategy.java

@@ -5,6 +5,9 @@ import java.io.IOException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
 /**
  * Simple implementation of <tt>RedirectStrategy</tt> which is the default used throughout the framework.
  *
@@ -13,6 +16,8 @@ import javax.servlet.http.HttpServletResponse;
  * @since 3.0
  */
 public class DefaultRedirectStrategy implements RedirectStrategy {
+    protected final Log logger = LogFactory.getLog(getClass());
+
     private boolean contextRelative;
 
     /**
@@ -46,6 +51,10 @@ public class DefaultRedirectStrategy implements RedirectStrategy {
             finalUrl = url;
         }
 
+        if (logger.isDebugEnabled()) {
+            logger.debug("Redirecting to '" + finalUrl + "'");
+        }
+
         response.sendRedirect(response.encodeRedirectURL(finalUrl));
     }
 

web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandler.java

@@ -6,6 +6,8 @@ import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.DefaultRedirectStrategy;
 import org.springframework.security.web.RedirectStrategy;
@@ -26,6 +28,8 @@ import org.springframework.util.Assert;
  * @since 3.0
  */
 public class SimpleUrlAuthenticationFailureHandler implements AuthenticationFailureHandler {
+    protected final Log logger = LogFactory.getLog(getClass());
+
     private String defaultFailureUrl;
     private boolean forwardToDestination = false;
     private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
@@ -39,12 +43,18 @@ public class SimpleUrlAuthenticationFailureHandler implements AuthenticationFail
 
     public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
             AuthenticationException exception) throws IOException, ServletException {
+
         if (defaultFailureUrl == null) {
+            logger.debug("No failure URL set, sending 401 Unauthorized error");
+
             response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Authentication Failed: " + exception.getMessage());
         } else {
             if (forwardToDestination) {
+                logger.debug("Forwarding to " + defaultFailureUrl);
+
                 request.getRequestDispatcher(defaultFailureUrl).forward(request, response);
             } else {
+                logger.debug("Redirecting to " + defaultFailureUrl);
                 redirectStrategy.sendRedirect(request, response, defaultFailureUrl);
             }
         }