Spring Boot Spring Security Change dst after login
Success Handler
We can change dst after login using Spring Security.
In this case, we need to extend SavedRequestAwareAuthenticationSuccessHandler.
We can get role and decide which role where goes
Example
@Component public class AuthSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler { @Override protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response) { Authentication auth = SecurityContextHolder.getContext().getAuthentication(); String role = auth.getAuthorities().toString(); String targetUrl = "/"; if (role != null) { if (role.contains("ADMIN")) { targetUrl = "/admin"; } else if (role.contains("USER")) { targetUrl = "/user/index"; } else { // Others targetUrl = "/"; } } return targetUrl; } }
Point : Get role from context and check Role and handle destination.
ADMIN goes to /admin, USER goes to /user/index.
How to set role? This is next step. We can set role from configuration.
Set and Test
@EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private AuthSuccessHandler authSuccessHandler; @Override protected void configure(HttpSecurity http) throws Exception { http .csrf().disable() .authorizeRequests() .antMatchers("/css/**", "/index").permitAll() .antMatchers("/api/**").permitAll() .antMatchers("/admin/**").hasAuthority("ADMIN") .antMatchers("/user/**").hasAnyRole(new String[]{"USER", "ADMIN"}) .and() .formLogin() .successHandler(authSuccessHandler); } @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { auth .inMemoryAuthentication() .withUser("user").password("password").roles("USER") .and() .withUser("admin").password("admin").authorities(new String[]{"ADMIN"}) .and() .withUser("buruburu").password("buruburu").roles("BLUE"); } }
Disable csrf for Test.
/admin, Only users who have ADMIN authority can access.
/user, Only users who are USER or ADMIN role can access.
Those users authority are required to login.
Auth configure part, I prepared 3 users, USER role “user”, ADMIN auth “admin”, and general user “buruburu”
Test
Access login localhost:8080/login, this is default login page.
If you can sign in as user or admin, you can access under /user, /admin.
For details
User | Access point |
---|---|
user | /api, /user |
admin | /api, /user, /admin |
buruburu | /api |