Package com.vaadin.flow.spring.security

Class VaadinSavedRequestAwareAuthenticationSuccessHandler

  • All Implemented Interfaces:
    org.springframework.security.web.authentication.AuthenticationSuccessHandler
    public class VaadinSavedRequestAwareAuthenticationSuccessHandler
extends org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler
    A version of SavedRequestAwareAuthenticationSuccessHandler that writes a different return value for a Fusion TypeScript client.

    This class acts as a SavedRequestAwareAuthenticationSuccessHandler unless the request from the client contains a "source: typescript" header.

    If the header is present, it sends a return value that is an "ok" instead of a "redirect" response. This is so that the TypeScript caller is able to read the returned values. Additionally it sends the saved URL separately so the client can decide where to redirect if no URL was saved.

    • Field Summary

      • Fields inherited from class org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler

        logger

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      protected String determineTargetUrl​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
      Determines the originally requested path by the user before authentication by reading the target redirect url from the response header.
      void onAuthenticationSuccess​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.security.core.Authentication authentication)
      Called when a user has been successfully authenticated and finds out whether it should redirect the user back to a default success url or the originally requested url before the authentication.
      void setRequestCache​(org.springframework.security.web.savedrequest.RequestCache requestCache)  

      • Methods inherited from class org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler

        clearAuthenticationAttributes

      • Methods inherited from class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler

        determineTargetUrl, getDefaultTargetUrl, getRedirectStrategy, getTargetUrlParameter, handle, isAlwaysUseDefaultTargetUrl, setAlwaysUseDefaultTargetUrl, setDefaultTargetUrl, setRedirectStrategy, setTargetUrlParameter, setUseReferer

      • Methods inherited from interface org.springframework.security.web.authentication.AuthenticationSuccessHandler

        onAuthenticationSuccess

    • Constructor Detail

      • VaadinSavedRequestAwareAuthenticationSuccessHandler

        public VaadinSavedRequestAwareAuthenticationSuccessHandler()
        Creates a new instance.

    • Method Detail

      • onAuthenticationSuccess

        public void onAuthenticationSuccess​(javax.servlet.http.HttpServletRequest request,
                                    javax.servlet.http.HttpServletResponse response,
                                    org.springframework.security.core.Authentication authentication)
                             throws javax.servlet.ServletException,
                                    IOException
        Called when a user has been successfully authenticated and finds out whether it should redirect the user back to a default success url or the originally requested url before the authentication.

        As the user might have initiated the request to a restricted resource in different ways, this method is responsible for extracting the final target for redirection of the user and to set it on the response header, so that it can be used by the redirection strategy in a unified way. See VaadinSavedRequestAwareAuthenticationSuccessHandler.RedirectStrategy and determineTargetUrl(HttpServletRequest, HttpServletResponse)

        If the redirection to the login page for authentication is initiated by spring security (such as entering some URI manually into the address bar and not navigating via Vaadin application), then a SavedRequest object containing the originally requested path is pushed to the request cache by the Spring Security so the redirect target url would be extracted from that.

        Contrarily, navigating via Vaadin application router (e.g. via menus or the links within the application) will result in requests being sent to "/" or "/{app-context-root}", so the Spring Security will not intercept and the SavedRequest will be null. In this case, the target redirect url can be extracted from the session. See ViewAccessChecker.beforeEnter(BeforeEnterEvent)

        Specified by:
        onAuthenticationSuccess in interface org.springframework.security.web.authentication.AuthenticationSuccessHandler
        Overrides:
        onAuthenticationSuccess in class org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler
        Parameters:
        request - the request which caused the successful authentication
        response - the response
        authentication - the Authentication object which was created during the authentication process.
        Throws:
        javax.servlet.ServletException
        IOException

      • determineTargetUrl

        protected String determineTargetUrl​(javax.servlet.http.HttpServletRequest request,
                                    javax.servlet.http.HttpServletResponse response)
        Determines the originally requested path by the user before authentication by reading the target redirect url from the response header.

        Note that if a defaultSuccessUrl has been configured on the http security configurer, or the value of targetUrlParameter is null, it will fall back to the default super class implementation.

        Overrides:
        determineTargetUrl in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
        Parameters:
        request - the http servlet request instance
        response - the http servlet response instance
        Returns:
        the original requested path by the user before authentication.

      • setRequestCache

        public void setRequestCache​(org.springframework.security.web.savedrequest.RequestCache requestCache)
        Overrides:
        setRequestCache in class org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler