I’m using 24.4.0.alpha22 and the file router.
I have configured Spring security to use Google OAuth login. My view has the following ViewConfig
:
export const config: ViewConfig = {
menu: { order: 1, icon: 'line-awesome/svg/lock-solid.svg' },
title: 'Secret',
loginRequired: true,
};
When I navigate to the view, I am correctly presented with the login view. But after logging in, I get redirected to /
instead of the view I tried to access.
I guess, the Spring Security’s default SavedRequestAwareAuthenticationSuccessHandler
never had a chance to save the navigation request attempt for the secret view, cause that navigation was client-side.
We need to find a different redirect strategy then. Would changing to Referer-based redirects help? See https://www.baeldung.com/spring-security-redirect-login#2-simpleurlauthenticationsuccesshandler for the example.
Please be extra careful with customizing the redirect URL to avoid creating vulnerabilities of unvalidated redirects.
In a previous manual authentication solution for Hilla, I saved the client-side requested route in localstorage. Not sure it was the best way, but it worked.
1 Like