Redirect to page that required authentication after login success notworking

valiant-elephant · June 27, 2023, 6:49pm

Hey we are using spring security and extending the VaadinWebSecurity as following:

@Override
protected void configure(HttpSecurity http) throws Exception {
        http.authorizeHttpRequests()
                .requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()
                .requestMatchers(new AntPathRequestMatcher("/icons/*.ico")).permitAll()
                .and()
                .securityContext(securityContext -> securityContext.requireExplicitSave(false))
                .headers().frameOptions().disable()
                .and()
                .csrf()
                .and()
                .cors().disable();

        if(softwareConfiguration.isDevelopmentMode()) {
            http.authorizeHttpRequests()
                    .requestMatchers(new AntPathRequestMatcher("/h2-console/**")).permitAll()
                    .and()
                    .csrf().ignoringRequestMatchers(new AntPathRequestMatcher("/h2-console/**"));
        }

        super.configure(http);
        setLoginView(http, LoginView.class);
    }

from my understanding the super call should add the VaadinDefaultRequestCache and redirect to the page which required the autentication after login success. Somehow this doesn’t seem to work. Any ideas?

valiant-elephant · June 27, 2023, 7:20pm

We have custom login logic. Maybe that’s the problem hmm

valiant-elephant · June 27, 2023, 8:56pm

Particially fixed it with this little snippet called after context.setAuthentication(authentication);:

HttpSession session = httpRequest.getSession(false);
DefaultSavedRequest savedRequest = (DefaultSavedRequest) session.getAttribute("SPRING_SECURITY_SAVED_REQUEST");
String requestedURI = savedRequest != null ? savedRequest.getRequestURI() : "/dashboard";

UI.getCurrent().navigate(StringUtils.removeStart(requestedURI, "/"));

This still has one problem:
It redirects to the correct page but after that I see the login view again. Navigation is not changed to /login tho. After a reload everything is fine and I’m logged in

valiant-elephant · June 27, 2023, 9:18pm

Fixed it completly. In case someone needs it: ```
HttpSession session = httpRequest.getSession(false);
DefaultSavedRequest savedRequest = (DefaultSavedRequest) session.getAttribute(“SPRING_SECURITY_SAVED_REQUEST”);
String requestedURI = savedRequest != null ? savedRequest.getRequestURI() : RouteConfiguration.forSessionScope().getUrl(DashboardView.class);

UI.getCurrent().getPage().setLocation(requestedURI);