Spring-Security-Oauth2: Default login success url

Question

Is it possible to set a default login successurl for a Spring Oauth2 Sso service?

Following szenario

1. browser reqeuests index.html
2. sso service: Not protected ==> return the index.html
3. index.html contains manifest attribute ==> browser requests the manifest
4. sso service: Manifest is protected ==> returns 401
5. client redirects to ${sso.host}/login
6. sso service redirects to auth server
7. authentication ==> redirects back to ${sso.host}/login with the code in the query-String
8. sso service: requests token and redirects to the manifest file

Is there a way to NOT redirect to the last requested resource which was protected, but redirect to 'index.html' by default?

Please let me know even if there isn't a way to achieve this

Answer 1

I have (I think) a similar issue: in my case, once the SSO request succeeds the user is redirected to /, which is not what I want.

There is a built-in solution that took a bit of digging to find.

The AbstractAuthenticationProcessingFilter has a method setAuthenticationSuccessHandler that allows you to control this, so if you have access to the OAuth2ClientAuthenticationProcessingFilter you can set it to what you want.

If you have a setup similar to the tutorial: https://spring.io/guides/tutorials/spring-boot-oauth2/#_social_login_manual then you can simply add the following to the OAuth2ClientAuthenticationProcessingFilter that is created in the tutorial:

OAuth2ClientAuthenticationProcessingFilter oauth2Filter = new OAuth2ClientAuthenticationProcessingFilter("/XXXProvider/login");
oauth2Filter.setAuthenticationSuccessHandler(new SimpleUrlAuthenticationSuccessHandler() {
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
        this.setDefaultTargetUrl("/my_preferred_location");
        super.onAuthenticationSuccess(request, response, authentication);
    }
});