stackoom
  简体   繁体   中英

Spring-Security-Oauth2: Default login success url

 原文  2015-05-30 10:36:29       java/ spring/ spring-security/ spring-security-oauth2

Question

Is it possible to set a default login successurl for a Spring Oauth2 Sso service?

Following szenario

  1. browser reqeuests index.html
  2. sso service: Not protected ==> return the index.html
  3. index.html contains manifest attribute ==> browser requests the manifest
  4. sso service: Manifest is protected ==> returns 401
  5. client redirects to ${sso.host}/login
  6. sso service redirects to auth server
  7. authentication ==> redirects back to ${sso.host}/login with the code in the query-String
  8. sso service: requests token and redirects to the manifest file

Is there a way to NOT redirect to the last requested resource which was protected, but redirect to 'index.html' by default?

Please let me know even if there isn't a way to achieve this

2 answers

solution1
 10 ACCPTED  2016-08-28 07:32:34

I have (I think) a similar issue: in my case, once the SSO request succeeds the user is redirected to /, which is not what I want.

There is a built-in solution that took a bit of digging to find.

The AbstractAuthenticationProcessingFilter has a method setAuthenticationSuccessHandler that allows you to control this, so if you have access to the OAuth2ClientAuthenticationProcessingFilter you can set it to what you want.

If you have a setup similar to the tutorial: https://spring.io/guides/tutorials/spring-boot-oauth2/#_social_login_manual then you can simply add the following to the OAuth2ClientAuthenticationProcessingFilter that is created in the tutorial: 

OAuth2ClientAuthenticationProcessingFilter oauth2Filter = new OAuth2ClientAuthenticationProcessingFilter("/XXXProvider/login");
oauth2Filter.setAuthenticationSuccessHandler(new SimpleUrlAuthenticationSuccessHandler() {
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
        this.setDefaultTargetUrl("/my_preferred_location");
        super.onAuthenticationSuccess(request, response, authentication);
    }
});

solution2
 1  2021-08-26 10:13:22

Is there a way to NOT redirect to the last requested resource which was protected, but redirect to 'index.html' by default?

Yes, in the WebSecurityConfigurerAdapter:

public class MyWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {

[...]

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
[...]
            .oauth2Login()
            .defaultSuccessUrl("index.html", true)
[...]

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question No Bean for ResourceServerTokenServices found - Spring-Security-Oauth2 Understanding spring-security-oauth2 @EnableAuthorizationServer grant_type in Spring-Security-OAuth2 How to test spring-security-oauth2 resource server security? Spring Oauth and security redirect to /login when login success SSO using spring-security-oauth2 : Authentication Code never read Spring-Security-Oauth2: Full authentication is required to access this resource EnableWebSecurity annotation gives error at spring-security-oauth2 Documentation on creating a spring-security-oauth2 client using java config how to use redis to persist token using spring-security-oauth2
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM