Example usage for org.springframework.security.web.authentication SimpleUrlAuthenticationSuccessHandler setDefaultTargetUrl

List of usage examples for org.springframework.security.web.authentication SimpleUrlAuthenticationSuccessHandler setDefaultTargetUrl

  1. HOME
  2. Java
  3. org.springframework
  4. org.springframework.security.web.authentication.*
  5. SimpleUrlAuthenticationSuccessHandler
  6. setDefaultTargetUrl

Introduction

In this page you can find the example usage for org.springframework.security.web.authentication SimpleUrlAuthenticationSuccessHandler setDefaultTargetUrl.

Prototype

public void setDefaultTargetUrl(String defaultTargetUrl)

Source Link

Document

Supplies the default target Url that will be used if no saved request is found in the session, or the alwaysUseDefaultTargetUrl property is set to true.

Usage

From source file:scratch.cucumber.example.SecurityConfiguration.java

@Override
protected void configure(HttpSecurity http) throws Exception {

    // The http.formLogin().defaultSuccessUrl("/path/") method is required when using stateless Spring Security
    // because the session cannot be used to redirect to the page that was requested while signed out. Unfortunately
    // using this configuration method will cause our custom success handler (below) to be overridden with the
    // default success handler. So to replicate the defaultSuccessUrl("/path/") configuration we will instead
    // correctly configure and delegate to the default success handler.
    final SimpleUrlAuthenticationSuccessHandler delegate = new SimpleUrlAuthenticationSuccessHandler();
    delegate.setDefaultTargetUrl("/spring/");

    // Make Spring Security stateless. This means no session will be created by Spring Security, nor will it use any
    // previously existing session.
    http.sessionManagement().sessionCreationPolicy(STATELESS);
    // Disable the CSRF prevention because it requires the session, which of course is not available in a
    // stateless application. It also greatly complicates the requirements for the sign in POST request.
    http.csrf().disable();/*from w  ww.j  a  v  a2s  . c o  m*/
    // Viewing any page requires authentication.
    http.authorizeRequests().anyRequest().authenticated();
    http.formLogin()
            // Viewing the sign in page does not require authentication.
            .loginPage("/spring/signIn").permitAll()
            // Override the sign in success handler with our stateless implementation. This will update the response
            // with any headers and cookies that are required for subsequent authenticated requests.
            .successHandler(new StatelessAuthenticationSuccessHandler(authenticationBinder, delegate));
    http.logout().logoutUrl("/spring/signOut").logoutSuccessUrl("/spring/");
    // Add our stateless authentication filter before the default sign in filter. The default sign in filter is
    // still used for the initial sign in, but if a user is authenticated we need to acknowledge this before it is
    // reached.
    http.addFilterBefore(new StatelessAuthenticationFilter(authenticationBinder, securityContextHolder),
            UsernamePasswordAuthenticationFilter.class);
}

From source file:org.esupportail.publisher.config.SecurityConfiguration.java

@Bean
public SimpleUrlAuthenticationSuccessHandler authenticationSuccessHandler() {
    SimpleUrlAuthenticationSuccessHandler authenticationSuccessHandler = new SimpleUrlAuthenticationSuccessHandler();
    authenticationSuccessHandler.setDefaultTargetUrl("/");
    authenticationSuccessHandler.setTargetUrlParameter(getCasTargetUrlParameter());
    return authenticationSuccessHandler;
}