3

I have three roles, and i want to redirect user to different pages after login according to their roles. I know this can be done by AuthenticationSuccessHandler, but I am having trouble in declaring it in Java based configuration.

So far I have done this.

protected void configure(HttpSecurity http) throws Exception {

    http
    .authorizeRequests()                                                                
    .antMatchers("/resources/**", "/login").permitAll()                  
    .antMatchers("/admin/**").hasRole("USER")                           
    .and()

    .formLogin()
        .loginPage("/login")
        .defaultSuccessUrl("/")
        .successHandler(successHandler) //----- to handle user role
        .failureUrl("/loginfailed")             
        .permitAll()
        .and()

    .logout()
        .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
        .deleteCookies("JSESSIONID")
        .invalidateHttpSession( true )
        .and();                    
}

My question is where to declare successHandler and how to autowire it in this class, or how to declare successHandler method in this class and use it.

Improve this question
3
  • did the answer below work? Commented Mar 9, 2015 at 6:58
  • Thank you for the answer. Actually to be honest i am having some other difficulties with the project so i was preoccupied in solving them. I will check this configuration as soon as i can. And will definitely ask for help if found any unsolvable problem. This does look simple and definitely i will marked your answer as solved once i implement it. Thank you . Commented Mar 9, 2015 at 9:10
  • It works fine. Just little custom modification were needed. Thank you for answer Commented Mar 16, 2015 at 7:09

1 Answer 1

Reset to default
10

Try this: Moving Spring Security To Java Config, where does authentication-success-handler-ref go?

Code from the post above:

@Override
protected void configure(HttpSecurity http) throws Exception {
http
    .authorizeRequests()
      .anyRequest().authenticated()
      .and()
    .formLogin()
      .loginPage("")
      .defaultSuccessUrl("/")
      .failureUrl("")
      .successHandler(//declare your bean here) 
      .and()
    .logout()
      .permitAll()
      .and()
  }

Then in the authentication handler you can apply the required logic

public class MYSuccessHandler implements    AuthenticationSuccessHandler {


private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();

@Override
public void onAuthenticationSuccess(HttpServletRequest request,
  HttpServletResponse response, Authentication authentication) throws IOException {
    handle(request, response, authentication);

}

protected void handle(HttpServletRequest request,
  // logic

    redirectStrategy.sendRedirect(request, response, targetUrl);
}

/** Builds the target URL according to the logic defined in the main class Javadoc. */
protected String determineTargetUrl(Authentication authentication) {
  }
   }

Tutorial listed here http://www.baeldung.com/spring_redirect_after_login

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.