Overriding J_Spring_Security_Check
I am developing WebApp based Spring MVA and I am using Spring Security to implement the principles of Authentication and Authorization. I need to know if I can override the J_Spring_Security_Check controller because I need to do some specific actions before redirecting the user to the requested page ...
I want to check if this is the first login for a user if he is redirected to a custom page to change his password ... The problem is that I have UserDetailsService
when I get the user property and nothing else where I can check the user and redirect it ...
I added a bool attribute to my user model to check if it is registered or already registered ... How do I redirect the user by setting this field?
source to share
I did the same and add boolean attribute in my user model if the user is first logged in I used this code
/**
*
* @author sunil.khokhar
* Override SavedRequestAwareAuthenticationSuccessHandler class of spring security
* to redirect to changePassword Screen on first time login after reset password
*/
public class CustomAuthenticationSuccesshandler extends SavedRequestAwareAuthenticationSuccessHandler {
// private AuthenticationSuccessHandler target = new SavedRequestAwareAuthenticationSuccessHandler();
/**
* To redirect to changePassword Screen on first time login after reset password
*/
public void onAuthenticationSuccess(HttpServletRequest request,
HttpServletResponse response, Authentication auth) throws IOException, ServletException {
UserInfo userInfo = (UserInfo) auth.getPrincipal();
if (userInfo.getIsCredentialChangeRequired()) {
String url = "/forcedChangePassword";
String redirectUrl = request.getContextPath()+url;
redirectUrl = response.encodeRedirectURL(redirectUrl);
response.sendRedirect(redirectUrl);
} else {
//setting browser details object in session
BrowserInfo.setBrowserObjectInSession(request);
BrowserInfo.setCookieToken(request, response);
super.onAuthenticationSuccess(request, response, auth);
}
}
public void proceed(HttpServletRequest request,
HttpServletResponse response, Authentication auth) throws IOException, ServletException {
super.onAuthenticationSuccess(request, response, auth);
}
}
Define this bean in spring-security.xml file
If in doubt, you can ask.
source to share