Is it possible to set a default login successurl for a Spring Oauth2 Sso service?
Following szenario
index.html
index.html
manifest
attribute ==> browser requests the manifest${sso.host}/login
${sso.host}/login
with the code in the query-StringIs there a way to NOT redirect to the last requested resource which was protected, but redirect to 'index.html' by default?
Please let me know even if there isn't a way to achieve this
The most common ways to implement redirection logic after login are: using HTTP Referer header. saving the original request in the session. appending original URL to the redirected login URL.
By default, Spring Security will redirect after login to the secured ressource you tried to access. If you wish to always redirect to a specific URL, you can force that through the HttpSecurity configuration object. Assuming you are using a recent version of Spring Boot, you should be able to use JavaConfig.
To do so, send a POST request to the OAuth2 Token URL: https://<server>/Panopto/oauth2/connect/token. The post request should be sent with a content type of x-www-form-urlencoded and include the following parameters: grant_type: The method you are using to get a token.
I have (I think) a similar issue: in my case, once the SSO request succeeds the user is redirected to /, which is not what I want.
There is a built-in solution that took a bit of digging to find.
The AbstractAuthenticationProcessingFilter
has a method setAuthenticationSuccessHandler
that allows you to control this, so if you have access to the OAuth2ClientAuthenticationProcessingFilter
you can set it to what you want.
If you have a setup similar to the tutorial: https://spring.io/guides/tutorials/spring-boot-oauth2/#_social_login_manual then you can simply add the following to the OAuth2ClientAuthenticationProcessingFilter
that is created in the tutorial:
OAuth2ClientAuthenticationProcessingFilter oauth2Filter = new OAuth2ClientAuthenticationProcessingFilter("/XXXProvider/login");
oauth2Filter.setAuthenticationSuccessHandler(new SimpleUrlAuthenticationSuccessHandler() {
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
this.setDefaultTargetUrl("/my_preferred_location");
super.onAuthenticationSuccess(request, response, authentication);
}
});
Is there a way to NOT redirect to the last requested resource which was protected, but redirect to 'index.html' by default?
Yes, in the WebSecurityConfigurerAdapter:
public class MyWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
[...]
@Override
protected void configure(HttpSecurity http) throws Exception {
http
[...]
.oauth2Login()
.defaultSuccessUrl("index.html", true)
[...]
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With