Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Spring Security change defaultSuccessUrl not working in vaadin 21 #867

Closed
florianrhomberg opened this issue Aug 5, 2021 · 5 comments
Closed

Spring Security change defaultSuccessUrl not working in vaadin 21 #867

florianrhomberg opened this issue Aug 5, 2021 · 5 comments
Labels
bug Impact: High Severity: Major workaround
Projects
OLD Vaadin Flow bugs & maintenance (V...

Comments

@florianrhomberg
Copy link

florianrhomberg commented Aug 5, 2021
edited by denis-anisimov

After a successfully form login the default successUrl is always "", no matter which URL is configured as defaulSuccessUrl or successUrl.

Try the following code in your security configuration class to repriduce the issue:

@Override
    protected void configure(HttpSecurity http) throws Exception {
        http.rememberMe().alwaysRemember(false);

        // Current
        http.authorizeRequests().antMatchers("/VAADIN/**").permitAll();
        http.authorizeRequests().antMatchers("/services/**").permitAll();

        // Set the login processing url
        http.formLogin().loginProcessingUrl(ApplicationUrl.APP_LOGIN_PROCESSING_URL);

        // Set the default success Url
        http.formLogin().defaultSuccessUrl(ApplicationUrl.APP);
        http.formLogin().successForwardUrl(ApplicationUrl.APP);

        // Set the default failure Url
        http.formLogin().failureUrl(ApplicationUrl.APP_LOGIN_FAILURE_URL);

        super.configure(http);

        // This is important to register your login view to the
        // view access checker mechanism:
        setLoginView(http, LoginView.class);
    }

It does not matters if you put the configuration before or after super.configure.

Refrence to stackoverflow: https://stackoverflow.com/questions/68662331/change-default-success-url-in-spring-security-using-vaadin-21

Florian
@denis-anisimov denis-anisimov added this to Needs triage in OLD Vaadin Flow bugs & maintenance (Vaadin 10+) via automation Aug 9, 2021
@florianrhomberg
Copy link
Author

Anonymous access to vaadin views, excepted the login page, also not working:
`@Override
protected void configure(HttpSecurity http) throws Exception {
http.rememberMe().alwaysRemember(false);

    // Define public resources, must be before super.configure()
    http.authorizeRequests().antMatchers("/VAADIN/**").permitAll();
    http.authorizeRequests().antMatchers("/services/**").permitAll();

    // Vaadin public views/resources
    http.authorizeRequests().antMatchers("/newstool/unregister**").permitAll();

    // Set the login processing url
    //http.formLogin().loginProcessingUrl(ApplicationUrl.APP_LOGIN_PROCESSING_URL);

    // Set the default success Url
    //http.formLogin().defaultSuccessUrl(ApplicationUrl.APP);
    //http.formLogin().successForwardUrl(ApplicationUrl.APP);

    // Set the default failure Url
    //http.formLogin().failureUrl(ApplicationUrl.APP_LOGIN_FAILURE_URL);

    super.configure(http);

    // This is important to register your login view to the
    // view access checker mechanism:
    setLoginView(http, LoginView.class);
}`

Anonymous access to /newstool/unregister which is a vaadin view is not possible, even if you add the @AnonymousAllowed annotation to the view.

Florian

@Artur-
Copy link
Member

Artur- commented Aug 20, 2021

Tested by:

  1. Going to start.vaadin.com
  2. Setting all views to require login
  3. Download
  4. Changing SecurityConfiguration.java to be
   @Override
    protected void configure(HttpSecurity http) throws Exception {
        super.configure(http);
        setLoginView(http, LoginView.class, LOGOUT_URL);
        http.formLogin().defaultSuccessUrl("/foo");
    }
  1. Open http://localhost:8080/login and log in

End result: redirected to http://localhost:8080/foo

However, when you log out there is a logout success url set to "/" so after logout, the browser tries to access "/". Then you are redirected to /login and after login you end up on the page you tried to reach, i.e. /.

@joheriks
Copy link

joheriks commented Feb 7, 2022
edited

This does not work with 23.0.0.alpha3. After modifying SecurityConfiguration in a secured started app according to previous comment, after login you are redirected to http://localhost:8080/ rather than to http://localhost:8080/foo. It starts working after disabling the request cache (add line http.requestCache().disable(); to configure).

@joheriks
Copy link

joheriks commented Feb 7, 2022

@florianrhomberg Would the following configuration work for you case:

   @Override
    protected void configure(HttpSecurity http) throws Exception {
        super.configure(http);
        setLoginView(http, LoginView.class, LOGOUT_URL);
        http.formLogin().defaultSuccessUrl("/foo", true);
    }

Note that in this case the redirect URL will always be used, even if the path to a secured view is entered in to the pre-login-redirect URL. E.g., http://localhost:8080/about will redirect to /login will redirect to /foo after authentication.

@mshabarov
Copy link
Contributor

Closed due to no response from author. If this is still an issue, please reopen the ticket and provide more information.

OLD Vaadin Flow bugs & maintenance (Vaadin 10+) automation moved this from New P2 to Closed Jul 28, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Impact: High Severity: Major workaround
Projects
OLD Vaadin Flow bugs & maintenance (V...
Closed
Milestone
No milestone
Development

No branches or pull requests
5 participants
@Artur- @joheriks @denis-anisimov @florianrhomberg @mshabarov