[FIXED] The response has been already committed. Could not send the response to another URL

Issue

I'm using spring security 4.2.3.RELEASE in my spring mvc application. I have login success handler to handle the actions upon successful authentication.

Here is my LoginSuccessHandler.java

data-babel="false">

package com.application.security;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.PropertySource;
import org.springframework.core.env.Environment;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;

import com.application.util.CommonUtils;


@PropertySource(value = { "classpath:application.properties" })
public class LoginSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {
    
    private final static Logger logger = Logger.getLogger(LoginSuccessHandler.class); 
    
    @Autowired
    Environment environment;
    
    @Autowired
    CommonUtils commonUtils;
    
    @Override
    public void onAuthenticationSuccess(
            HttpServletRequest request,
            HttpServletResponse response,
            Authentication authentication) throws ServletException, IOException {
        int sessionTimeOut = Integer.parseInt(environment.getRequiredProperty("server.session.timeout").toString().trim());
        request.getSession().setMaxInactiveInterval(sessionTimeOut);
        super.onAuthenticationSuccess(request, response, authentication);
        CustomUser user = commonUtils.getLoggedInUserDetails();
        if(user != null) {
            if(!user.isPasswordReset()) {
                response.sendRedirect("changePassword");    
            }
        }
        logger.info("Successfully LoggedIn......");
    }
}

Everything is working fine until the line
response.sendRedirect("changePassword"); execute. This line is generating the below error.

java.lang.IllegalStateException: Cannot call sendRedirect() after the response has been committed

I know that the response been already committed when the application calls super.onAuthenticationSuccess(request, response, authentication);

Do i need to override this super class to resolve this issue? Or any other ideas?

Solution

This is happening because response already has been committed by super.onAuthenticationSuccess(request, response, authentication);

but the time you are using response.sendRedirect("changePassword"); response has been already sent.

see this for more info

Note : This line should be the last line of the method super.onAuthenticationSuccess(request, response, authentication);

Answered By - Alien
Answer Checked By - David Goodson (JavaFixing Volunteer)