2

By default, spring security after authentication redirects you to protected page you tried to access before.

When I implement my own success handler

@Component
class MyS: AuthenticationSuccessHandler {
    override fun onAuthenticationSuccess(request: HttpServletRequest?, response: HttpServletResponse?, authentication: Authentication?) {

        response?.sendRedirect(request?.getHeader(HttpHeaders.REFERER))

    }
}

class SecurityConfigTH(@Autowired private val myHandler: MyS) : WebSecurityConfigurerAdapter() { 
...
    .formLogin()
        .loginPage("/en/login")
        .successHandler(myHandler)
        .permitAll()
 }

I cannot achieve the same effect. I tried redirect to referrer, but in this case referrer is /en/login page.

Basically:

  1. User try to access protected url /protected
  2. Redirect user to /login page
  3. After authentication user should be redirected to /protected again

How to do it with custom successHandler?

Jonathan Hall
  • 75,165
  • 16
  • 143
  • 189
pszkv
  • 549
  • 6
  • 14

2 Answers2

1

In my project, i used DefaultSavedRequest that completed my requirement. DefaultSavedRequest class is used by AbstractAuthenticationProcessingFilter and SavedRequestAwareWrapper to reproduce the request after successful authentication. An instance of this class is stored at the time of an authentication exception by ExceptionTranslationFilter.

https://docs.spring.io/spring-security/site/docs/4.1.2.RELEASE/apidocs/org/springframework/security/web/savedrequest/DefaultSavedRequest.html

@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) 
        throws IOException, ServletException {
    DefaultSavedRequest defaultSavedRequest = (DefaultSavedRequest) session.getAttribute("SPRING_SECURITY_SAVED_REQUEST");
    if(defaultSavedRequest != null){
       String targetURL = defaultSavedRequest.getRedirectUrl();
       redirectStrategy.sendRedirect(request, response, targetURL);
       return;
    }
}
Mohd Yasin
  • 427
  • 1
  • 5
  • 13
0

Thanks to Mhod's answer this did the trick.

@Component
class MyS: AuthenticationSuccessHandler {
    override fun onAuthenticationSuccess(request: HttpServletRequest?, response: HttpServletResponse?, authentication: Authentication?) {

        val defaultSavedRequest = request?.session?.getAttribute("SPRING_SECURITY_SAVED_REQUEST") as DefaultSavedRequest
        response?.sendRedirect(defaultSavedRequest.requestURI)

    }
}
pszkv
  • 549
  • 6
  • 14