CODEWITHSUNDEEP
springspring-mvcspring-security
TheByeByeMan
TheByeByeMan

Reputation: 1424

Overriding J_Spring_Security_Check

I'm developing a Spring MVC Based WebApp, and I'm using Spring Security to implement authentication and authorization principles. I need to know if I can Override the J_Spring_Security_Check controller, because I need to perform some specific Actions before redirecting the User to the requested page ...

I want to check if this is the first log in for the user, if So he will be redirect to a custom page to modify it's password ... The problem is that I have the UserDetailsService when I get the user properties and nothing else where I can check the user and redirect it ...

I've added an bool attribute in my user model to check if its newly registered or already registered ... How can I redirect the user by checking this field ?

Upvotes: 3

Views: 1571

Answers (1)

Sunil Khokhar
Sunil Khokhar

Reputation: 370

I have done same thing and add boolean attribute in my user model if user is first time login I have done using this code

/**
 * 
 * @author sunil.khokhar
 * Override SavedRequestAwareAuthenticationSuccessHandler class of spring security
 *  to redirect to changePassword Screen on first time login after reset password
 */
public class CustomAuthenticationSuccesshandler extends SavedRequestAwareAuthenticationSuccessHandler {
  //  private AuthenticationSuccessHandler target = new SavedRequestAwareAuthenticationSuccessHandler();

    /**
     * To redirect to changePassword Screen on first time login after reset password
     */

    public void onAuthenticationSuccess(HttpServletRequest request,
        HttpServletResponse response, Authentication auth) throws IOException, ServletException {
        UserInfo userInfo = (UserInfo) auth.getPrincipal();
        if (userInfo.getIsCredentialChangeRequired()) {
            String url = "/forcedChangePassword";
             String redirectUrl = request.getContextPath()+url;
                redirectUrl = response.encodeRedirectURL(redirectUrl);

            response.sendRedirect(redirectUrl);
        } else {
            //setting browser details object in session 
            BrowserInfo.setBrowserObjectInSession(request);

            BrowserInfo.setCookieToken(request, response);

            super.onAuthenticationSuccess(request, response, auth);
        }
    }

    public void proceed(HttpServletRequest request, 
        HttpServletResponse response, Authentication auth) throws IOException, ServletException {
        super.onAuthenticationSuccess(request, response, auth);
    }


}

Define this bean into spring-security.xml file

If still you have any doubt you can ask.

Upvotes: 3

Related Questions