/** * Configure form login */ @Override protected void formLogin(ServerHttpSecurity http) { http.formLogin() .loginPage(loginPage()) // Should be "/login" by default, but not providing that overwrites our AuthenticationFailureHandler, because this is called later .authenticationFailureHandler(authenticationFailureHandler()) .authenticationSuccessHandler(new WebFilterChainServerAuthenticationSuccessHandler()); }