3

I have three roles, and i want to redirect user to different pages after login according to their roles. I know this can be done by AuthenticationSuccessHandler, but I am having trouble in declaring it in Java based configuration.

So far I have done this.

protected void configure(HttpSecurity http) throws Exception {

    http
    .authorizeRequests()                                                                
    .antMatchers("/resources/**", "/login").permitAll()                  
    .antMatchers("/admin/**").hasRole("USER")                           
    .and()

    .formLogin()
        .loginPage("/login")
        .defaultSuccessUrl("/")
        .successHandler(successHandler) //----- to handle user role
        .failureUrl("/loginfailed")             
        .permitAll()
        .and()

    .logout()
        .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
        .deleteCookies("JSESSIONID")
        .invalidateHttpSession( true )
        .and();                    
}

My question is where to declare successHandler and how to autowire it in this class, or how to declare successHandler method in this class and use it.

informatik01
  • 16,038
  • 10
  • 74
  • 104
Kharoud
  • 307
  • 1
  • 7
  • 20
  • did the answer below work? – Paul John Mar 09 '15 at 06:58
  • Thank you for the answer. Actually to be honest i am having some other difficulties with the project so i was preoccupied in solving them. I will check this configuration as soon as i can. And will definitely ask for help if found any unsolvable problem. This does look simple and definitely i will marked your answer as solved once i implement it. Thank you . – Kharoud Mar 09 '15 at 09:10
  • It works fine. Just little custom modification were needed. Thank you for answer – Kharoud Mar 16 '15 at 07:09

1 Answers1

10

Try this: Moving Spring Security To Java Config, where does authentication-success-handler-ref go?

Code from the post above:

@Override
protected void configure(HttpSecurity http) throws Exception {
http
    .authorizeRequests()
      .anyRequest().authenticated()
      .and()
    .formLogin()
      .loginPage("")
      .defaultSuccessUrl("/")
      .failureUrl("")
      .successHandler(//declare your bean here) 
      .and()
    .logout()
      .permitAll()
      .and()
  }

Then in the authentication handler you can apply the required logic

public class MYSuccessHandler implements    AuthenticationSuccessHandler {


private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();

@Override
public void onAuthenticationSuccess(HttpServletRequest request,
  HttpServletResponse response, Authentication authentication) throws IOException {
    handle(request, response, authentication);

}

protected void handle(HttpServletRequest request,
  // logic

    redirectStrategy.sendRedirect(request, response, targetUrl);
}

/** Builds the target URL according to the logic defined in the main class Javadoc. */
protected String determineTargetUrl(Authentication authentication) {
  }
   }

Tutorial listed here http://www.baeldung.com/spring_redirect_after_login

Community
  • 1
  • 1
Paul John
  • 1,626
  • 1
  • 13
  • 15