Customize Redirect After Successful Login

josh.hardy.ufen · December 15, 2017, 3:23am

Using Spring boot and Authorization Code Flow.
After the user successfully authenticates with Okta I want to customize where the user is redirected to. I am having trouble finding a way to customize this. Any thoughts?

http.csrf().disable()
		.authorizeRequests()
		.antMatchers(HttpMethod.GET, "/api/programs/*", "/api/programs").permitAll()
		.antMatchers(HttpMethod.POST, "/api/users").permitAll()
		.antMatchers("/api/**", "/login", "/patron/**").authenticated()
		.antMatchers("/**").permitAll()
		.anyRequest().authenticated()
		.and()
		.logout().deleteCookies().invalidateHttpSession(true).logoutSuccessUrl("/").permitAll();

If I secure the /login route, I would expect that I could set a controller get some response, but it looks like Spring Security never lets it come to my controller.

Doing some debugging I find that SavedRequestAwareAuthenticationSuccessHandler is the handler being used by default, which has my request saved in session. Is there a way to override this behavior?

bdemers · December 15, 2017, 10:01pm

Hey @josh.hardy.ufen!

IIRC the default login success handler saves the page that redirects you over to your login page. If you were to navigate to /login I think it would default to / but there is a method to change that.

To change this behavior you can set the SuccessHandler, take a look at:

Keep us posted!

josh.hardy.ufen · December 16, 2017, 2:58am

Does this mean I also have to implement my own login page? I thought the formLogin() didn’t have anything to do with OAuth SSO.

josh.hardy.ufen · December 17, 2017, 2:27pm

The formLogin didn’t work. It looks like the formLogin is not paid attention to if you are using an IDP like Okta to handle the login.
To get around this I created a protected route /login-redirect that can do my redirection between different views based on the user role.

If there is a better solution I would love to know.

bdemers · December 18, 2017, 6:32pm

the formLogin() is a Spring Security thing. Typically you wouldn’t configure OAuth and Form security.
If you want a custom login page for use with OAuth take a look at this example: https://github.com/okta/samples-java-spring-mvc/tree/master/custom-login

system · January 12, 2024, 8:08pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.

Post		Replies	Views
Customizing the redirect uri in Spring Boot OAuth2 client application OAuth/OIDC api , spring , java	3	19508	February 12, 2024
Spring Boot Okta Invalid Credentials OAuth/OIDC spring , java	7	1980	January 11, 2024
Post process Okta auth code flow Questions	2	4542	August 28, 2019
Override/Bypass Spring Boot default login page to okta login page OAuth/OIDC spring , java	10	12506	January 12, 2024
A redirect is required to get the users approval OAuth/OIDC spring , java	9	20643	October 20, 2017

Customize Redirect After Successful Login

Related topics