Geek Answers Handbook

How to set up redirection after successful login?

I am using spring boot with spring-boot-starter-security dependencies.

I have an application that successfully logs in with the correct credentials. However, whenever I log in, I am not redirected anywhere. How can I customize this?

Below is the form:

<form th:action="@{/login}" method="post"> <div><label> User Name : <input type="text" name="username"/> </label></div> <div><label> Password: <input type="password" name="password"/> </label></div> <div><input type="submit" value="Sign In"/></div> </form>

I tried to change the th: action tag above, but I could not contact him with anything.

The following is the MvcConfig method:

 public void addViewControllers(ViewControllerRegistry registry) { registry.addViewController("/login").setViewName("login"); registry.addViewController("/").setViewName("login"); }
+8
source share
2 answers

The definition of redirection after a successful login should be applied to Spring Security, not Spring MVC.

th:action defines the Spring security endpoint that will handle the authentication request. It does not define a redirect URL. Out of the box, Spring Boot Security will provide you with the /login endpoint. By default, Spring Security will be redirected after entering the protected resource that you were trying to access. If you want to always redirect to a specific URL, you can force this through the HttpSecurity configuration object.

Assuming you are using the latest version of Spring Boot, you should use JavaConfig.

Here is a simple example:

 @Configuration @EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private UserService userService; @Override protected void configure(HttpSecurity http) throws Exception { // the boolean flags force the redirection even though // the user requested a specific secured resource. http.formLogin().defaultSuccessUrl("/success.html", true); } @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { auth.userDetailsService(userService); } }

Note that you need to define a proprer endpoint to serve content for the URL /success.html . The static resource, available by default in src/main/resources/public/ , could do the trick for testing purposes. I would rather define a secure URL served by Spring MVC controller serving content with Thymeleaf. You do not want any anonymous user to access the success page. Thymeleaf as some useful features for interacting with Spring Security when rendering HTML content.

Regards, Daniel

+29
source

You can also determine the redirection after logging in dynamically. It turns out it's just crazy.

Suppose you have a controller with complex conditions in which you need to make sure that the user is logged in correctly.

By setting a value in the "request" cache for the current request / response, and then performing a redirect, Spring Security will redirect the cached request after a successful login.

  RequestCache requestCache = new HttpSessionRequestCache(); requestCache.saveRequest(request,response); return "redirect:/login";

No, this is not documented anywhere. The only mention of this I found the following:

SavedRequests and RequestCache interface Another duty of ExceptionTranslationFilter responsibilities is to save the current request before calling AuthenticationEntryPoint. This allows you to restore the request after user authentication (see Previous Web Authentication Overview). A typical example would be for a user to log in using a form and then redirected to the default SavedRequestAwareAuthenticationSuccessHandler source URL (see below).

RequestCache includes the functionality needed to store and retrieve HttpServletRequest instances. By default, HttpSessionRequestCache is used, which saves the request in HttpSession. RequestCacheFilter actually retrieves the saved request from the cache when the user is redirected to the original URL.

0
source

More articles:


All Articles