diff --git a/spring-security-mvc-custom/README.md b/spring-security-mvc-custom/README.md
index 256078f4b6..a4e96afc2a 100644
--- a/spring-security-mvc-custom/README.md
+++ b/spring-security-mvc-custom/README.md
@@ -4,9 +4,6 @@
### Relevant Articles:
-- [Spring Security Form Login](http://www.baeldung.com/spring-security-login)
-- [Spring Security Logout](http://www.baeldung.com/spring-security-logout)
-- [Spring Security Expressions – hasRole Example](http://www.baeldung.com/spring-security-expressions-basic)
### Build the Project
diff --git a/spring-security-mvc-custom/src/main/java/org/baeldung/security/CustomLogoutSuccessHandler.java b/spring-security-mvc-custom/src/main/java/org/baeldung/security/CustomLogoutSuccessHandler.java
deleted file mode 100644
index 7360b4e03f..0000000000
--- a/spring-security-mvc-custom/src/main/java/org/baeldung/security/CustomLogoutSuccessHandler.java
+++ /dev/null
@@ -1,29 +0,0 @@
-package org.baeldung.security;
-
-import java.io.IOException;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.springframework.security.core.Authentication;
-import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
-import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler;
-
-public class CustomLogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler implements LogoutSuccessHandler {
-
- public CustomLogoutSuccessHandler() {
- super();
- }
-
- // API
-
- @Override
- public void onLogoutSuccess(final HttpServletRequest request, final HttpServletResponse response, final Authentication authentication) throws IOException, ServletException {
- final String refererUrl = request.getHeader("Referer");
- System.out.println(refererUrl);
-
- super.onLogoutSuccess(request, response, authentication);
- }
-
-}
diff --git a/spring-security-mvc-custom/src/main/java/org/baeldung/security/MySimpleUrlAuthenticationSuccessHandler.java b/spring-security-mvc-custom/src/main/java/org/baeldung/security/MySimpleUrlAuthenticationSuccessHandler.java
new file mode 100644
index 0000000000..c736e79743
--- /dev/null
+++ b/spring-security-mvc-custom/src/main/java/org/baeldung/security/MySimpleUrlAuthenticationSuccessHandler.java
@@ -0,0 +1,62 @@
+package org.baeldung.security;
+
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.springframework.security.core.Authentication;
+import org.springframework.security.web.WebAttributes;
+import org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler;
+import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
+
+/**
+ * AuthenticationSuccessHandler which can be configured with a default URL which users should be
+ * sent to upon successful authentication.
+ *
+ * The logic used is that of the {@link AbstractAuthenticationTargetUrlRequestHandler parent class}.
+ *
+ * @author Luke Taylor
+ * @since 3.0
+ */
+public class MySimpleUrlAuthenticationSuccessHandler extends AbstractAuthenticationTargetUrlRequestHandler implements AuthenticationSuccessHandler {
+
+ public MySimpleUrlAuthenticationSuccessHandler() {
+ super();
+ }
+
+ /**
+ * Constructor which sets the defaultTargetUrl property of the base class.
+ * @param defaultTargetUrl the URL to which the user should be redirected on successful authentication.
+ */
+ public MySimpleUrlAuthenticationSuccessHandler(final String defaultTargetUrl) {
+ setDefaultTargetUrl(defaultTargetUrl);
+ }
+
+ /**
+ * Calls the parent class {@code handle()} method to forward or redirect to the target URL, and
+ * then calls {@code clearAuthenticationAttributes()} to remove any leftover session data.
+ */
+ @Override
+ public void onAuthenticationSuccess(final HttpServletRequest request, final HttpServletResponse response, final Authentication authentication) throws IOException, ServletException {
+ handle(request, response, authentication);
+ clearAuthenticationAttributes(request);
+ }
+
+ /**
+ * Removes temporary authentication-related data which may have been stored in the session
+ * during the authentication process.
+ */
+ protected final void clearAuthenticationAttributes(final HttpServletRequest request) {
+ final HttpSession session = request.getSession(false);
+
+ if (session == null) {
+ return;
+ }
+
+ session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
+ }
+
+}
diff --git a/spring-security-mvc-custom/src/main/resources/webSecurityConfig.xml b/spring-security-mvc-custom/src/main/resources/webSecurityConfig.xml
index 742d9fdf03..dffbcf0d04 100644
--- a/spring-security-mvc-custom/src/main/resources/webSecurityConfig.xml
+++ b/spring-security-mvc-custom/src/main/resources/webSecurityConfig.xml
@@ -15,18 +15,19 @@
+ authentication-success-handler-ref="myAuthenticationSuccessHandler"
+ authentication-failure-url="/login.html?error=true"
+ />
-
+
-
-
+
+