CODEWITHSUNDEEP
jsf-2spring-security
KVISH
KVISH

Reputation: 13178

redirect after j_spring_security_check

I was able to get spring security everything to work with the following:

<http access-denied-page="/start.jsf">
    <intercept-url pattern="/start.jsf" filters="none" />
    <intercept-url pattern="/web/**" access="ROLE_USER" />
    <form-login login-page="/start.jsf" default-target-url="/web/user/homepage.jsf"
            authentication-success-handler-ref="successHandler" always-use-default-target="true"
            authentication-failure-url="/index.jsf?state=failure"/>
    <logout logout-success-url="/index.jsf?state=logout" />
</http>

<beans:bean id="successHandler" class="com.myapp.security.MyAuthenticationSuccessHandler"/>

My question is for the class MyAuthenticationSuccessHandler, after it authenticates, it just stays as a blank white page. I can redirect to the default homepage with the context.redirect(), but is there a way for it to goto the default homepage automatically? I even have it listed in the spring xml.

Upvotes: 2

Views: 5138

Answers (2)

raulraja
raulraja

Reputation: 76

One of the reasons why this may not work is because your com.myapp.security.MyAuthenticationSuccessHandler does not extend org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler or any other authentication handler that internally redirects on #onAuthenticationSuccess.

You can get it to work without manually redirecting by having your service extend one that does it for you. For example...

@Service("authenticationSuccessHandler")
public class WebAuthenticationSuccessHandlerImpl extends SavedRequestAwareAuthenticationSuccessHandler {

    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
        //do your work here then call super so it redirects accordingly
        super.onAuthenticationSuccess(request, response, authentication);
    }
}

Upvotes: 6

vliolios
vliolios

Reputation: 458

Try removing the default-target-url attribute and add the following:

<beans:bean id="successHandler" class="com.myapp.security.MyAuthenticationSuccessHandler">
    <beans:property name="defaultTargetUrl" value="/web/user/homepage.jsf"/>
</beans:bean>

Spring security documentation says that when a custom authentication success handler is used, then you have to remove the attribute and set the target in your handler.

Upvotes: 3

Related Questions