oauth2 spring-security success and failure handler

Question

I am using Spring Security with OAuth2. It's working fine except login success and failure handlers.

Like in spring web security OAuth2 does not have clearly defined success and failure handlers hooks to update DB and set response accordingly.

What filter do I need to extend and what should its position be in the Spring Security filter chain?

MariuszS · Answer 1 · 2020-08-06T11:20:41.923

Specify successHandler and failureHandler for oauth2login method:

@Configuration
@EnableWebSecurity
class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Value("${successUrl}")
    private String successUrl;
    @Value("${failureUrl}")
    private String failureUrl;

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http
            .oauth2Login()
                .successHandler(successHandler())
                .failureHandler(failureHandler());
    }

    @Bean
    SimpleUrlAuthenticationSuccessHandler successHandler() {
        return new SimpleUrlAuthenticationSuccessHandler(successUrl);
    }
    
    @Bean
    SimpleUrlAuthenticationFailureHandler failureHandler() {
        return new SimpleUrlAuthenticationFailureHandler(failureUrl);
    }
}

Tested for Spring Security 5.0.6

score 6 · Answer 2 · answered Apr 11 '18 at 18:26

6

I personally use

@Component
public class MyAuthenticationSuccessListener implements ApplicationListener<AuthenticationSuccessEvent> {

    @Override
    public void onApplicationEvent(AuthenticationSuccessEvent event) {
        System.out.println("Authenticated");
    }

}

Additional informations in response can be set by CustomTokenEnhancer

answered Apr 11 '18 at 18:26

dagi12

449
1
5
20

2

In my case, I got the fired event twice – snso Oct 07 '19 at 07:40

score 3 · Answer 3 · edited May 13 '20 at 13:03

This is a nice tutorial about how to use spring boot with oauth2. Down to the road they show how to configure sso filter by hand:

private Filter ssoFilter(OAuth2Configuration client, String path) {
    OAuth2ClientAuthenticationProcessingFilter filter = new OAuth2ClientAuthenticationProcessingFilter(path);
    OAuth2RestTemplate template = new OAuth2RestTemplate(client.getClient(), oauth2ClientContext);
    filter.setRestTemplate(template);
    filter.setTokenServices(new UserInfoTokenServices(
        client.getResource().getUserInfoUri(), client.getClient().getClientId()));

    //THIS IS THE PLACE YOU CAN SET THE HANDLER
    filter.setAuthenticationSuccessHandler(savedRequestAwareAuthenticationSuccessHandler());

    return filter;
 }

They didn't provide the line you need, here it is.

Hi! vadim how can we achieve this with XML tags ? – Ninad Apr 04 '19 at 07:04 — Ninad, Apr 04 '19 at 07:04

OhadR · Answer 4 · 2018-02-08T14:03:45.193

-3

The success handler and failure handler are defined in the form-login (if you use Spring's XML). It is not different than any other spring-security definitions:

<security:form-login 
            login-page="/login/login.htm" 
            authentication-success-handler-ref="authenticationSuccessHandler"
            authentication-failure-url="/login/login.htm?login_error=1" />

and you can find the handler here.

The "failure handler" is pretty similar.

edited Feb 08 '18 at 14:03

answered Jun 01 '14 at 09:26

OhadR

8,276
3
47
53

6

That's "form login", it has nothing to do with oauth2. – Vadim Kirilchuk Nov 13 '16 at 21:01
1

because It is not different than any other spring-security definitions: – OhadR Feb 08 '18 at 14:03

oauth2 spring-security success and failure handler

4 Answers4