From 3a1897d610c0585e27c93cabd42018b92b3f000f Mon Sep 17 00:00:00 2001 From: eugenp Date: Mon, 15 Jul 2013 18:08:19 +0300 Subject: [PATCH] redirect after login --- ...SimpleUrlAuthenticationSuccessHandler.java | 67 ++++++++++++++----- .../java/org/baeldung/spring/MvcConfig.java | 1 + .../src/main/resources/webSecurityConfig.xml | 1 + .../src/main/webapp/WEB-INF/view/console.jsp | 22 ++++++ 4 files changed, 75 insertions(+), 16 deletions(-) create mode 100644 spring-security-mvc-custom/src/main/webapp/WEB-INF/view/console.jsp diff --git a/spring-security-mvc-custom/src/main/java/org/baeldung/security/MySimpleUrlAuthenticationSuccessHandler.java b/spring-security-mvc-custom/src/main/java/org/baeldung/security/MySimpleUrlAuthenticationSuccessHandler.java index c736e79743..aa5a666e9a 100644 --- a/spring-security-mvc-custom/src/main/java/org/baeldung/security/MySimpleUrlAuthenticationSuccessHandler.java +++ b/spring-security-mvc-custom/src/main/java/org/baeldung/security/MySimpleUrlAuthenticationSuccessHandler.java @@ -7,32 +7,67 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; import org.springframework.security.core.Authentication; +import org.springframework.security.web.DefaultRedirectStrategy; +import org.springframework.security.web.RedirectStrategy; import org.springframework.security.web.WebAttributes; -import org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler; import org.springframework.security.web.authentication.AuthenticationSuccessHandler; +import org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper; -/** - * AuthenticationSuccessHandler which can be configured with a default URL which users should be - * sent to upon successful authentication. - *

- * The logic used is that of the {@link AbstractAuthenticationTargetUrlRequestHandler parent class}. - * - * @author Luke Taylor - * @since 3.0 - */ -public class MySimpleUrlAuthenticationSuccessHandler extends AbstractAuthenticationTargetUrlRequestHandler implements AuthenticationSuccessHandler { +public class MySimpleUrlAuthenticationSuccessHandler implements AuthenticationSuccessHandler { + protected final Log logger = LogFactory.getLog(this.getClass()); - public MySimpleUrlAuthenticationSuccessHandler() { + private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy(); + + protected MySimpleUrlAuthenticationSuccessHandler() { super(); } /** - * Constructor which sets the defaultTargetUrl property of the base class. - * @param defaultTargetUrl the URL to which the user should be redirected on successful authentication. + * Invokes the configured {@code RedirectStrategy} with the URL returned by the {@code determineTargetUrl} method. + *

+ * The redirect will not be performed if the response has already been committed. */ - public MySimpleUrlAuthenticationSuccessHandler(final String defaultTargetUrl) { - setDefaultTargetUrl(defaultTargetUrl); + protected void handle(final HttpServletRequest request, final HttpServletResponse response, final Authentication authentication) throws IOException, ServletException { + final String targetUrl = determineTargetUrl(request, response); + + if (response.isCommitted()) { + logger.debug("Response has already been committed. Unable to redirect to " + targetUrl); + return; + } + + redirectStrategy.sendRedirect(request, response, targetUrl); + } + + /** + * Builds the target URL according to the logic defined in the main class Javadoc. + */ + protected String determineTargetUrl(final HttpServletRequest requestRaw, final HttpServletResponse response) { + // Check for the parameter and use that if available + + final SecurityContextHolderAwareRequestWrapper req = (SecurityContextHolderAwareRequestWrapper) requestRaw; + final boolean isUser = req.isUserInRole("ROLE_USER"); + final boolean isAdmin = req.isUserInRole("ROLE_ADMIN"); + if (isUser) { + return "/homepage.html"; + } else if (isAdmin) { + return "/console.html"; + } else { + throw new IllegalStateException(); + } + } + + /** + * Allows overriding of the behavior when redirecting to a target URL. + */ + public void setRedirectStrategy(final RedirectStrategy redirectStrategy) { + this.redirectStrategy = redirectStrategy; + } + + protected RedirectStrategy getRedirectStrategy() { + return redirectStrategy; } /** diff --git a/spring-security-mvc-custom/src/main/java/org/baeldung/spring/MvcConfig.java b/spring-security-mvc-custom/src/main/java/org/baeldung/spring/MvcConfig.java index f6f3e2a429..2229516633 100644 --- a/spring-security-mvc-custom/src/main/java/org/baeldung/spring/MvcConfig.java +++ b/spring-security-mvc-custom/src/main/java/org/baeldung/spring/MvcConfig.java @@ -27,6 +27,7 @@ public class MvcConfig extends WebMvcConfigurerAdapter { registry.addViewController("/login.html"); registry.addViewController("/homepage.html"); + registry.addViewController("/console.html"); } @Bean diff --git a/spring-security-mvc-custom/src/main/resources/webSecurityConfig.xml b/spring-security-mvc-custom/src/main/resources/webSecurityConfig.xml index dffbcf0d04..edf0776151 100644 --- a/spring-security-mvc-custom/src/main/resources/webSecurityConfig.xml +++ b/spring-security-mvc-custom/src/main/resources/webSecurityConfig.xml @@ -34,6 +34,7 @@ + diff --git a/spring-security-mvc-custom/src/main/webapp/WEB-INF/view/console.jsp b/spring-security-mvc-custom/src/main/webapp/WEB-INF/view/console.jsp new file mode 100644 index 0000000000..93f9dc2fbd --- /dev/null +++ b/spring-security-mvc-custom/src/main/webapp/WEB-INF/view/console.jsp @@ -0,0 +1,22 @@ +<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> +<%@ taglib prefix="security" uri="http://www.springframework.org/security/tags" %> + + + + +

This is the body of the sample view

+ + + This text is only visible to a user +
+
+ + + This text is only visible to an admin +
+
+ + ">Logout + + + \ No newline at end of file