Friday, January 29, 2016

Spring Security: Redirecting to original URL after login

Its simple, monkey friends.

Your springContext.xml file:
Note: always-use-default-target="false" and authentication-success-handler-ref="authenticationSuccessHandler" 
...
       <s:http auto-config='true'>
  <s:intercept-url pattern="/secure/**" access="ROLE_WEBUSER" />
  <s:form-login always-use-default-target="false" 
                login-processing-url="/j_spring_security_check"
             login-page="/index.html" 
             authentication-failure-handler-ref="authenticationFailureHandler" 
             authentication-success-handler-ref="authenticationSuccessHandler"
             default-target-url="/secure/alert.html" />
  <s:logout logout-url="/j_spring_security_logout" logout-success-url="/index.jsp" />
  <s:access-denied-handler error-page="/index.html" />
 </s:http>

        <bean id="authenticationSuccessHandler" class="monkey.web.springsecurity.AuthSuccessHandler" />
...


Your class: 
package monkey.web.springsecurity;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.log4j.Logger;
import org.springframework.security.web.DefaultRedirectStrategy;
import org.springframework.security.web.RedirectStrategy;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
import org.springframework.security.web.savedrequest.SavedRequest;

import works.deepdata.deepalert.util.DeepAlertConstants;
import works.deepdata.deepalert.util.StringUtils;

public class AuthSuccessHandler implements AuthenticationSuccessHandler {
    
    private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();

    private static Logger logger = Logger.getLogger(AuthSuccessHandler.class);
    
    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
            org.springframework.security.core.Authentication authentication) throws IOException, ServletException {
        logger.debug("After successful auth...");        
        String targetUrl = determineTargetUrl(request, response);        
        if (response.isCommitted()) {
            logger.error("Response has already been committed. Unable to redirect to " + targetUrl);
            return;
        }
        redirectStrategy.sendRedirect(request, response, targetUrl);
    }
    
    protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response) {
        SavedRequest savedRequest = new HttpSessionRequestCache().getRequest(request, response);
        if (savedRequest != null) {
            String targetUrl = savedRequest.getRedirectUrl();
            if (StringUtils.isNotNullOrBlank(targetUrl)) {
                logger.debug("Redirecting to: "+targetUrl);
                return targetUrl;
            }
        }
        return DeepAlertConstants.DEFAULT_AUTH_URL;
    }
}
Posted by at No comments:
Subscribe to: Comments (Atom)