Package com.vaadin.flow.spring.security

Class VaadinSavedRequestAwareAuthenticationSuccessHandler

java.lang.Object

org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler

org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler

org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler

com.vaadin.flow.spring.security.VaadinSavedRequestAwareAuthenticationSuccessHandler

All Implemented Interfaces:

org.springframework.security.web.authentication.AuthenticationSuccessHandler

public class VaadinSavedRequestAwareAuthenticationSuccessHandler
extends org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler

A version of SavedRequestAwareAuthenticationSuccessHandler that writes a different return value for a Fusion TypeScript client.

This class acts as a SavedRequestAwareAuthenticationSuccessHandler unless the request from the client contains a "source: typescript" header.

If the header is present, it sends a return value that is an "ok" instead of a "redirect" response. This is so that the TypeScript caller is able to read the returned values. Additionally it sends the saved URL separately so the client can decide where to redirect if no URL was saved.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	VaadinSavedRequestAwareAuthenticationSuccessHandler.RedirectStrategy	Redirect strategy used by VaadinSavedRequestAwareAuthenticationSuccessHandler.

Field Summary

Fields inherited from class org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler

logger

Constructor Summary

Constructors

Constructor	Description
VaadinSavedRequestAwareAuthenticationSuccessHandler()	Creates a new instance.

Method Summary

Modifier and Type	Method	Description
protected String	determineTargetUrl(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)	Determines the originally requested path by the user before authentication by reading the target redirect url from the response header.
void	onAuthenticationSuccess(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, org.springframework.security.core.Authentication authentication)	Called when a user has been successfully authenticated and finds out whether it should redirect the user back to a default success url or the originally requested url before the authentication.
void	setCsrfTokenRepository(org.springframework.security.web.csrf.CsrfTokenRepository csrfTokenRepository)	Sets the csrf token repository which is used to generate the csrf token when using a cookie based (stateless) csrf store.
void	setRequestCache(org.springframework.security.web.savedrequest.RequestCache requestCache)

Methods inherited from class org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler

clearAuthenticationAttributes

Methods inherited from class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler

determineTargetUrl, getDefaultTargetUrl, getRedirectStrategy, getTargetUrlParameter, handle, isAlwaysUseDefaultTargetUrl, setAlwaysUseDefaultTargetUrl, setDefaultTargetUrl, setRedirectStrategy, setTargetUrlParameter, setUseReferer

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.springframework.security.web.authentication.AuthenticationSuccessHandler

onAuthenticationSuccess

Constructor Details

VaadinSavedRequestAwareAuthenticationSuccessHandler

public VaadinSavedRequestAwareAuthenticationSuccessHandler()

Creates a new instance.

Method Details

onAuthenticationSuccess

public void onAuthenticationSuccess(jakarta.servlet.http.HttpServletRequest request,
 jakarta.servlet.http.HttpServletResponse response,
 org.springframework.security.core.Authentication authentication)
                             throws jakarta.servlet.ServletException,
IOException

Called when a user has been successfully authenticated and finds out whether it should redirect the user back to a default success url or the originally requested url before the authentication.

As the user might have initiated the request to a restricted resource in different ways, this method is responsible for extracting the final target for redirection of the user and to set it on the response header, so that it can be used by the redirection strategy in a unified way. See VaadinSavedRequestAwareAuthenticationSuccessHandler.RedirectStrategy and determineTargetUrl(HttpServletRequest, HttpServletResponse)

If the redirection to the login page for authentication is initiated by spring security (such as entering some URI manually into the address bar and not navigating via Vaadin application), then a SavedRequest object containing the originally requested path is pushed to the request cache by the Spring Security so the redirect target url would be extracted from that.

Contrarily, navigating via Vaadin application router (e.g. via menus or the links within the application) will result in requests being sent to "/" or "/{app-context-root}", so the Spring Security will not intercept and the SavedRequest will be null. In this case, the target redirect url can be extracted from the session. See NavigationAccessControl.beforeEnter(BeforeEnterEvent)

Specified by:

onAuthenticationSuccess in interface org.springframework.security.web.authentication.AuthenticationSuccessHandler

Overrides:

onAuthenticationSuccess in class org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler

Parameters:

request - the request which caused the successful authentication

response - the response

authentication - the Authentication object which was created during the authentication process.

Throws:

jakarta.servlet.ServletException

IOException

determineTargetUrl

protected String determineTargetUrl(jakarta.servlet.http.HttpServletRequest request,
 jakarta.servlet.http.HttpServletResponse response)

Determines the originally requested path by the user before authentication by reading the target redirect url from the response header.

Note that if a defaultSuccessUrl has been configured on the http security configurer, or the value of targetUrlParameter is null, it will fall back to the default super class implementation.

Overrides:

determineTargetUrl in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler

Parameters:

request - the http servlet request instance

response - the http servlet response instance

Returns:

the original requested path by the user before authentication.

setRequestCache

public void setRequestCache(org.springframework.security.web.savedrequest.RequestCache requestCache)

Overrides:

setRequestCache in class org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler

setCsrfTokenRepository

public void setCsrfTokenRepository(org.springframework.security.web.csrf.CsrfTokenRepository csrfTokenRepository)

Sets the csrf token repository which is used to generate the csrf token when using a cookie based (stateless) csrf store.

Parameters:

csrfTokenRepository - the csrf token repository