Customize Redirect After Successful Login

Using Spring boot and Authorization Code Flow.
After the user successfully authenticates with Okta I want to customize where the user is redirected to. I am having trouble finding a way to customize this. Any thoughts?

http.csrf().disable()
		.authorizeRequests()
		.antMatchers(HttpMethod.GET, "/api/programs/*", "/api/programs").permitAll()
		.antMatchers(HttpMethod.POST, "/api/users").permitAll()
		.antMatchers("/api/**", "/login", "/patron/**").authenticated()
		.antMatchers("/**").permitAll()
		.anyRequest().authenticated()
		.and()
		.logout().deleteCookies().invalidateHttpSession(true).logoutSuccessUrl("/").permitAll();

If I secure the /login route, I would expect that I could set a controller get some response, but it looks like Spring Security never lets it come to my controller.

Doing some debugging I find that SavedRequestAwareAuthenticationSuccessHandler is the handler being used by default, which has my request saved in session. Is there a way to override this behavior?

Hey @josh.hardy.ufen!

IIRC the default login success handler saves the page that redirects you over to your login page. If you were to navigate to /login I think it would default to / but there is a method to change that.

To change this behavior you can set the SuccessHandler, take a look at:

Keep us posted!

1 Like

Does this mean I also have to implement my own login page? I thought the formLogin() didn’t have anything to do with OAuth SSO.

The formLogin didn’t work. It looks like the formLogin is not paid attention to if you are using an IDP like Okta to handle the login.
To get around this I created a protected route /login-redirect that can do my redirection between different views based on the user role.

If there is a better solution I would love to know.

the formLogin() is a Spring Security thing. Typically you wouldn’t configure OAuth and Form security.
If you want a custom login page for use with OAuth take a look at this example: https://github.com/okta/samples-java-spring-mvc/tree/master/custom-login