I need to set a cookie when someone logs in, and the JSP page that appears should be able to read this cookie in Javascript and perform an action based on it. The part I'm stuck on sets a cookie on login. I am using Spring 3.0 and Spring Security 3.0.
I registered LoginListener:
public class LoginListener implements ApplicationListener {
public void onApplicationEvent(ApplicationEvent event) {
if (event instanceof AuthenticationSuccessEvent) {
somehowGetResponseObject.addCookie(new Cookie(name, value));
}
}
}
Ideally, I can also get the request object so that I can find contextPath and set it as the path to the cookie. I am fine with adding a cookie to a ThreadLocal object and then reading it later when I have access to the response object, but is there a later time when I will have such access? I am not very keen on adding a cookie to the session and then reading it on the JSP page, but I will do it if necessary. Can I access HttpSession?
The UPDATE . Specifying authentication-success-handler-ref resolved this: http://static.springsource.org/spring-security/site/docs/3.0.x/reference/core-web-filters.html#form-login-flow- handling