Clever Geek Handbook

Overriding J_Spring_Security_Check

I am developing WebApp based Spring MVA and I am using Spring Security to implement the principles of Authentication and Authorization. I need to know if I can override the J_Spring_Security_Check controller because I need to do some specific actions before redirecting the user to the requested page ...

I want to check if this is the first login for a user if he is redirected to a custom page to change his password ... The problem is that I have UserDetailsService

when I get the user property and nothing else where I can check the user and redirect it ...

I added a bool attribute to my user model to check if it is registered or already registered ... How do I redirect the user by setting this field?

+3


source to share


1 answer


I did the same and add boolean attribute in my user model if the user is first logged in I used this code

/**
 * 
 * @author sunil.khokhar
 * Override SavedRequestAwareAuthenticationSuccessHandler class of spring security
 *  to redirect to changePassword Screen on first time login after reset password
 */
public class CustomAuthenticationSuccesshandler extends SavedRequestAwareAuthenticationSuccessHandler {
  //  private AuthenticationSuccessHandler target = new SavedRequestAwareAuthenticationSuccessHandler();

    /**
     * To redirect to changePassword Screen on first time login after reset password
     */

    public void onAuthenticationSuccess(HttpServletRequest request,
        HttpServletResponse response, Authentication auth) throws IOException, ServletException {
        UserInfo userInfo = (UserInfo) auth.getPrincipal();
        if (userInfo.getIsCredentialChangeRequired()) {
            String url = "/forcedChangePassword";
             String redirectUrl = request.getContextPath()+url;
                redirectUrl = response.encodeRedirectURL(redirectUrl);

            response.sendRedirect(redirectUrl);
        } else {
            //setting browser details object in session 
            BrowserInfo.setBrowserObjectInSession(request);

            BrowserInfo.setCookieToken(request, response);

            super.onAuthenticationSuccess(request, response, auth);
        }
    }

    public void proceed(HttpServletRequest request, 
        HttpServletResponse response, Authentication auth) throws IOException, ServletException {
        super.onAuthenticationSuccess(request, response, auth);
    }


}

Define this bean in spring-security.xml file



                

If in doubt, you can ask.

+3


source






More articles:


All Articles