After successful authentication FormAuthenticationMechanism calls handleRedirectBack method which in turn first gets the LOCATION_ATTRIBUTE from session which is the complete URL and not the relative one e.g (http://localhost:9007/system/console) which further calls the sendRedirect method.

Now sendRedirect method computes the location like this:

// TODO - String concatenation to construct URLS is extremely error prone - switch to a URI which will better handle this.
String loc = exchange.getRequestScheme() + "://" + exchange.getHostAndPort() + location;

since location was already a complete URL prepending "exchange.getRequestScheme() + "://" + exchange.getHostAndPort()" malformed the url which becomes like this:

http://localhost:9007http://localhost:9007/system/console

which is wrong and due to this the redirect doesn't work at all.

Please look into this.

Thanks,
Rakesh