In Grails (version 3.1.9), I'm trying to find a way to redirect user to a different page after they have logged in than it is right now. I didn't work with this application before, but from what I've noticed, it's using SpringSecurity and SAML, which I have never been working with until now. Here's the auth.gsp code that contains the login form:
<form action="/login/authenticate" method="POST" id="loginForm" class="cssform"
autocomplete="off">
<label for="username"><g:message code='springSecurity.login.username.label'/>:</label>
<div class="pg-input">
<input type="text" name="${usernameParameter ?: 'username'}" id="username"/>
</div>
<label for="password"><g:message code='springSecurity.login.password.label'/>:</label>
<div class="pg-input">
<input type="password" name="${passwordParameter ?: 'password'}" id="password"/>
</div>
<div class="pg-row">
<button class="pg-button square" role="button" type="submit" id="submit"
value="${message(code: 'springSecurity.login.button')}"
>Log in</button>
</div>
</form>
I'm new to this, but if I'm correct, the action="/login/authenticate"
refers to SpringSecurity.
Here are some parts of the Config.groovy class code:
@Configuration
@EnableWebSecurity
class Config extends WebSecurityConfigurerAdapter {
...
// Handler deciding where to redirect user after successful login
@Bean
SavedRequestAwareAuthenticationSuccessHandler successRedirectHandler() {
SavedRequestAwareAuthenticationSuccessHandler successRedirectHandler =
new SavedRequestAwareAuthenticationSuccessHandler()
successRedirectHandler.setDefaultTargetUrl("/content")
successRedirectHandler.setAlwaysUseDefaultTargetUrl(true)
return successRedirectHandler
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.exceptionHandling()
.authenticationEntryPoint(delegatingEntryPoint())
http
.httpBasic()
.authenticationEntryPoint(samlEntryPoint())
http
.csrf()
.disable()
http.headers().frameOptions().disable()
http
.addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.class)
.addFilterAfter(samlFilter(), BasicAuthenticationFilter.class)
http
.authorizeRequests()
.antMatchers('/admin/**').hasRole('ROLE_ADMIN')
.antMatchers('/panel').hasRole('ROLE_ADMIN')
.antMatchers('/index/**').hasRole('ROLE_ADMIN')
.antMatchers('/admin/**').hasRole('ROLE_ADMIN')
.antMatchers('/item/**').hasRole('ROLE_ADMIN')
.antMatchers('/category/**').hasRole('ROLE_ADMIN')
.antMatchers('/serviceUser/**').hasRole('ROLE_ADMIN')
.antMatchers('/serviceRole/**').hasRole('ROLE_ADMIN')
.antMatchers('/fileLink/**').hasRole('ROLE_ADMIN')
.antMatchers('/serviceUserServiceRole/**').hasRole('ROLE_ADMIN')
.antMatchers("/error").hasRole('ROLE_ADMIN')
.antMatchers("/content").fullyAuthenticated()
.antMatchers("/content/**").fullyAuthenticated()
.antMatchers("/assets/files/**").fullyAuthenticated()
.antMatchers("/**").permitAll()
.antMatchers("/assets/**").permitAll()
.antMatchers("/saml/**").permitAll()
.anyRequest().authenticated()
.anyRequest().hasAnyRole('ROLE_USER', 'ROLE_ADMIN')
http
.logout()
.invalidateHttpSession(true)
.logoutSuccessUrl("/")
}
What I've tried so far:
successRedirectHandler()
method, changing the setDefaultTargetUrl("/content")
to setDefaultTargetUrl("https://www.google.com")
and setAlwaysUseDefaultTargetUrl(true)
to setAlwaysUseDefaultTargetUrl(false)
configure(HttpSecurity http)
method adding http.loginForm().defaultSuccessUrl("https://www.google.com", true)
For now, after user logs in, application redirects from http://localhost:443/login/auth to http://localhost:443/content/index . I need to find where this path is specified, but I have no ideas anymore. I also think it may be related to the SAML, but I have no idea how to use it at this moment and learning it from scratches may take some time. Tell me if I should add more information as I'm not sure if what I've put here is enough.
It's incredible, how after hours of research I post a question and find the answer immediately after.
I've found that there's been a property specified in the application.yml - successHandler.defaultTargetUrl : '/content/index'
After changing it, the application works as I wanted. It seems that application.yml properties override everything that's specified in the other files.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.