We use cookies to serve our customers and website visitors in the best possible way. Cookies are used for the proper functioning of the website and for improving the user experience, monitoring visitor traffic and marketing purposes. By continuing to browse the site, you agree to our use of cookies. You can read more about cookies here.
com.vaadin.flow.spring.security.
Package com.vaadin.flow.spring.security
Class VaadinSavedRequestAwareAuthenticationSuccessHandler
java.lang.Object
org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler
org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler
com.vaadin.flow.spring.security.VaadinSavedRequestAwareAuthenticationSuccessHandler
All Implemented Interfaces:
org.springframework.security.web.authentication.AuthenticationSuccessHandler
public class VaadinSavedRequestAwareAuthenticationSuccessHandler
extends org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler
A version of SavedRequestAwareAuthenticationSuccessHandler that
writes a different return value for a Fusion TypeScript client.
This class acts as a SavedRequestAwareAuthenticationSuccessHandler
unless the request from the client contains a "source: typescript" header.
If the header is present, it sends a return value that is an "ok" instead of a "redirect" response. This is so that the TypeScript caller is able to read the returned values. Additionally it sends the saved URL separately so the client can decide where to redirect if no URL was saved.
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic classRedirect strategy used by
VaadinSavedRequestAwareAuthenticationSuccessHandler. -
Field Summary
Fields inherited from class org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler
logger -
Constructor Summary
ConstructorsConstructorDescriptionCreates a new instance.
-
Method Summary
Modifier and TypeMethodDescriptionprotected StringdetermineTargetUrl(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) Determines the originally requested path by the user before authentication by reading the target redirect url from the response header.
voidonAuthenticationSuccess(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, org.springframework.security.core.Authentication authentication) Called when a user has been successfully authenticated and finds out whether it should redirect the user back to a default success url or the originally requested url before the authentication.
voidsetCsrfTokenRepository(org.springframework.security.web.csrf.CsrfTokenRepository csrfTokenRepository) Sets the csrf token repository which is used to generate the csrf token when using a cookie based (stateless) csrf store.
voidsetRequestCache(org.springframework.security.web.savedrequest.RequestCache requestCache) Methods inherited from class org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler
clearAuthenticationAttributesMethods inherited from class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
determineTargetUrl, getDefaultTargetUrl, getRedirectStrategy, getTargetUrlParameter, handle, isAlwaysUseDefaultTargetUrl, setAlwaysUseDefaultTargetUrl, setDefaultTargetUrl, setRedirectStrategy, setTargetUrlParameter, setUseRefererMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface org.springframework.security.web.authentication.AuthenticationSuccessHandler
onAuthenticationSuccess
-
Constructor Details
-
VaadinSavedRequestAwareAuthenticationSuccessHandler
public VaadinSavedRequestAwareAuthenticationSuccessHandler()Creates a new instance.
-
-
Method Details
-
onAuthenticationSuccess
public void onAuthenticationSuccess(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, org.springframework.security.core.Authentication authentication) throws jakarta.servlet.ServletException, IOException Called when a user has been successfully authenticated and finds out whether it should redirect the user back to a default success url or the originally requested url before the authentication.
As the user might have initiated the request to a restricted resource in different ways, this method is responsible for extracting the final target for redirection of the user and to set it on the response header, so that it can be used by the redirection strategy in a unified way. See
VaadinSavedRequestAwareAuthenticationSuccessHandler.RedirectStrategyanddetermineTargetUrl(HttpServletRequest, HttpServletResponse)If the redirection to the login page for authentication is initiated by spring security (such as entering some URI manually into the address bar and not navigating via Vaadin application), then a SavedRequest object containing the originally requested path is pushed to the request cache by the Spring Security so the redirect target url would be extracted from that.
Contrarily, navigating via Vaadin application router (e.g. via menus or the links within the application) will result in requests being sent to "/" or "/{app-context-root}", so the Spring Security will not intercept and the SavedRequest will be null. In this case, the target redirect url can be extracted from the session. See
NavigationAccessControl.beforeEnter(BeforeEnterEvent)Specified by:
onAuthenticationSuccessin interfaceorg.springframework.security.web.authentication.AuthenticationSuccessHandlerOverrides:
onAuthenticationSuccessin classorg.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandlerParameters:
request- the request which caused the successful authenticationresponse- the responseauthentication- theAuthenticationobject which was created during the authentication process.Throws:
jakarta.servlet.ServletException -
determineTargetUrl
protected String determineTargetUrl(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) Determines the originally requested path by the user before authentication by reading the target redirect url from the response header.
Note that if a defaultSuccessUrl has been configured on the http security configurer, or the value of
targetUrlParameterisnull, it will fall back to the default super class implementation.Overrides:
determineTargetUrlin classorg.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandlerParameters:
request- the http servlet request instanceresponse- the http servlet response instanceReturns:
the original requested path by the user before authentication.
-
setRequestCache
public void setRequestCache(org.springframework.security.web.savedrequest.RequestCache requestCache) Overrides:
setRequestCachein classorg.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler -
setCsrfTokenRepository
public void setCsrfTokenRepository(org.springframework.security.web.csrf.CsrfTokenRepository csrfTokenRepository) Sets the csrf token repository which is used to generate the csrf token when using a cookie based (stateless) csrf store.
Parameters:
csrfTokenRepository- the csrf token repository
-