From 9dab68a48e32d632ecc120dd60d13b6a112cfe56 Mon Sep 17 00:00:00 2001
From: Tian Baoqiang <aietcn@users.noreply.github.com>
Date: Sat, 25 Feb 2017 14:41:07 +0800
Subject: [PATCH] add redirection after login with Spring Security(BAEL-648)
 (#1214)

---
 spring-security-mvc-login/pom.xml             | 15 ++-
 .../controller/SecuredResourceController.java | 17 ++++
 .../RefererAuthenticationSuccessHandler.java  | 13 +++
 .../spring/RedirectionSecurityConfig.java     | 44 +++++++++
 .../RedirectionWebSecurityConfig.xml          | 29 ++++++
 .../RedirectionSecurityIntegrationTest.java   | 94 +++++++++++++++++++
 .../src/test/resources/mvc-servlet.xml        |  8 ++
 7 files changed, 219 insertions(+), 1 deletion(-)
 create mode 100644 spring-security-mvc-login/src/main/java/org/baeldung/controller/SecuredResourceController.java
 create mode 100644 spring-security-mvc-login/src/main/java/org/baeldung/security/RefererAuthenticationSuccessHandler.java
 create mode 100644 spring-security-mvc-login/src/main/java/org/baeldung/spring/RedirectionSecurityConfig.java
 create mode 100644 spring-security-mvc-login/src/main/resources/RedirectionWebSecurityConfig.xml
 create mode 100644 spring-security-mvc-login/src/test/java/org/baeldung/security/RedirectionSecurityIntegrationTest.java
 create mode 100644 spring-security-mvc-login/src/test/resources/mvc-servlet.xml

diff --git a/spring-security-mvc-login/pom.xml b/spring-security-mvc-login/pom.xml
index 965f4fe1de..3809dc9f26 100644
--- a/spring-security-mvc-login/pom.xml
+++ b/spring-security-mvc-login/pom.xml
@@ -152,6 +152,19 @@
             <scope>test</scope>
         </dependency>
 
+        <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-test</artifactId>
+            <version>${org.springframework.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-test</artifactId>
+            <version>${org.springframework.security.version}</version>
+            <scope>test</scope>
+        </dependency>
+
     </dependencies>
 
     <build>
@@ -222,7 +235,7 @@
 
     <properties>
         <!-- Spring -->
-        <org.springframework.version>4.3.5.RELEASE</org.springframework.version>
+        <org.springframework.version>4.3.6.RELEASE</org.springframework.version>
         <org.springframework.security.version>4.2.1.RELEASE</org.springframework.security.version>
 
         <!-- persistence -->
diff --git a/spring-security-mvc-login/src/main/java/org/baeldung/controller/SecuredResourceController.java b/spring-security-mvc-login/src/main/java/org/baeldung/controller/SecuredResourceController.java
new file mode 100644
index 0000000000..4b68eee983
--- /dev/null
+++ b/spring-security-mvc-login/src/main/java/org/baeldung/controller/SecuredResourceController.java
@@ -0,0 +1,17 @@
+package org.baeldung.controller;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+@Controller
+public class SecuredResourceController {
+
+    @RequestMapping("/secured")
+    public void secureResource(HttpServletRequest request, HttpServletResponse response) {
+        System.out.println("accessing secured resource");
+    }
+
+}
diff --git a/spring-security-mvc-login/src/main/java/org/baeldung/security/RefererAuthenticationSuccessHandler.java b/spring-security-mvc-login/src/main/java/org/baeldung/security/RefererAuthenticationSuccessHandler.java
new file mode 100644
index 0000000000..5b025d9fd1
--- /dev/null
+++ b/spring-security-mvc-login/src/main/java/org/baeldung/security/RefererAuthenticationSuccessHandler.java
@@ -0,0 +1,13 @@
+package org.baeldung.security;
+
+import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
+import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
+
+public class RefererAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
+
+    public RefererAuthenticationSuccessHandler() {
+        super();
+        setUseReferer(true);
+    }
+
+}
\ No newline at end of file
diff --git a/spring-security-mvc-login/src/main/java/org/baeldung/spring/RedirectionSecurityConfig.java b/spring-security-mvc-login/src/main/java/org/baeldung/spring/RedirectionSecurityConfig.java
new file mode 100644
index 0000000000..b68e7eab50
--- /dev/null
+++ b/spring-security-mvc-login/src/main/java/org/baeldung/spring/RedirectionSecurityConfig.java
@@ -0,0 +1,44 @@
+package org.baeldung.spring;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
+
+@Configuration
+//@ImportResource({ "classpath:RedirectionWebSecurityConfig.xml" })
+@EnableWebSecurity
+@Profile("!https")
+public class RedirectionSecurityConfig extends WebSecurityConfigurerAdapter {
+
+    public RedirectionSecurityConfig() {
+        super();
+    }
+
+    @Override
+    protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
+        auth
+          .inMemoryAuthentication()
+          .withUser("user1")
+          .password("user1Pass")
+          .roles("USER");
+    }
+
+    @Override
+    protected void configure(final HttpSecurity http) throws Exception {
+        http
+          .authorizeRequests()
+          .antMatchers("/login*")
+          .permitAll()
+          .anyRequest()
+          .authenticated()
+          .and()
+          .formLogin()
+          .successHandler(new SavedRequestAwareAuthenticationSuccessHandler());
+        //.successHandler(new RefererAuthenticationSuccessHandler())
+    }
+
+}
diff --git a/spring-security-mvc-login/src/main/resources/RedirectionWebSecurityConfig.xml b/spring-security-mvc-login/src/main/resources/RedirectionWebSecurityConfig.xml
new file mode 100644
index 0000000000..231b5ab57e
--- /dev/null
+++ b/spring-security-mvc-login/src/main/resources/RedirectionWebSecurityConfig.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans"
+             xsi:schemaLocation="
+		http://www.springframework.org/schema/security
+        http://www.springframework.org/schema/security/spring-security-4.2.xsd
+		http://www.springframework.org/schema/beans
+        http://www.springframework.org/schema/beans/spring-beans-4.3.xsd"
+>
+    <http use-expressions="true">
+        <intercept-url pattern="/login*" access="permitAll"/>
+        <intercept-url pattern="/**" access="isAuthenticated()"/>
+
+        <form-login authentication-success-handler-ref="awareAuthenticationSuccessHandler" />
+    </http>
+
+    <beans:bean class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler" name="awareAuthenticationSuccessHandler"/>
+    <beans:bean class="org.baeldung.security.RefererAuthenticationSuccessHandler" name="refererHandler"/>
+
+    <authentication-manager>
+        <authentication-provider>
+            <user-service>
+                <user name="user1" password="user1Pass" authorities="ROLE_USER"/>
+            </user-service>
+        </authentication-provider>
+    </authentication-manager>
+
+
+</beans:beans>
+
diff --git a/spring-security-mvc-login/src/test/java/org/baeldung/security/RedirectionSecurityIntegrationTest.java b/spring-security-mvc-login/src/test/java/org/baeldung/security/RedirectionSecurityIntegrationTest.java
new file mode 100644
index 0000000000..1d7fae8b60
--- /dev/null
+++ b/spring-security-mvc-login/src/test/java/org/baeldung/security/RedirectionSecurityIntegrationTest.java
@@ -0,0 +1,94 @@
+package org.baeldung.security;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.mock.web.MockHttpSession;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.test.context.web.WebAppConfiguration;
+import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.MvcResult;
+import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder;
+import org.springframework.test.web.servlet.setup.MockMvcBuilders;
+import org.springframework.web.context.WebApplicationContext;
+
+import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
+import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.user;
+import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.redirectedUrlPattern;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration({ "/RedirectionWebSecurityConfig.xml", "/mvc-servlet.xml" })
+@WebAppConfiguration
+public class RedirectionSecurityIntegrationTest {
+
+    @Autowired private WebApplicationContext context;
+
+    @Autowired private UserDetailsService userDetailsService;
+
+    private MockMvc mvc;
+    private UserDetails userDetails;
+
+    @Before
+    public void setup() {
+        mvc = MockMvcBuilders
+          .webAppContextSetup(context)
+          .apply(springSecurity())
+          .build();
+        userDetails = userDetailsService.loadUserByUsername("user1");
+    }
+
+    @Test
+    public void givenSecuredResource_whenAccessUnauthenticated_thenRequiresAuthentication() throws Exception {
+        mvc
+          .perform(get("/secured"))
+          .andExpect(status().is3xxRedirection())
+          .andExpect(redirectedUrlPattern("**/login"));
+
+    }
+
+    @Test
+    public void givenCredentials_whenAccessSecuredResource_thenSuccess() throws Exception {
+        mvc
+          .perform(get("/secured").with(user(userDetails)))
+          .andExpect(status().isOk());
+    }
+
+    @Test
+    public void givenAccessSecuredResource_whenAuthenticated_thenRedirectedBack() throws Exception {
+        MockHttpServletRequestBuilder securedResourceAccess = get("/secured");
+        MvcResult unauthenticatedResult = mvc
+          .perform(securedResourceAccess)
+          .andExpect(status().is3xxRedirection())
+          .andReturn();
+
+        MockHttpSession session = (MockHttpSession) unauthenticatedResult
+          .getRequest()
+          .getSession();
+        String loginUrl = unauthenticatedResult
+          .getResponse()
+          .getRedirectedUrl();
+        mvc
+          .perform(post(loginUrl)
+            .param("username", userDetails.getUsername())
+            .param("password", userDetails.getPassword())
+            .session(session)
+            .with(csrf()))
+          .andExpect(status().is3xxRedirection())
+          .andExpect(redirectedUrlPattern("**/secured"))
+          .andReturn();
+
+        mvc
+          .perform(securedResourceAccess.session(session))
+          .andExpect(status().isOk());
+
+    }
+
+}
diff --git a/spring-security-mvc-login/src/test/resources/mvc-servlet.xml b/spring-security-mvc-login/src/test/resources/mvc-servlet.xml
new file mode 100644
index 0000000000..aa5488b116
--- /dev/null
+++ b/spring-security-mvc-login/src/test/resources/mvc-servlet.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
+       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.2.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
+
+    <context:component-scan base-package="org.baeldung.controller" />
+
+</beans>
\ No newline at end of file