Redirect user to original URL after successful authentication

[straurob]

Thanks a lot for your video presentation and this repository :slightly_smiling_face:

I have a very similar setup of applications/components but I currently got stuck with the security configuration in the gateway. Mabye you can get me out of there.

The basic parts of the application are:

• A single-page application in Vue
• A Spring Cloud Gateway acting as OAuth2 client for a Keycloak IDP
• A Spring Boot API backend

The integration itself is working but for the time being I'm getting redirected to a hard-coded URL after a successful authentication. Now I'd like to change this behavior, so that if the user originally visited http://localhost:8093/profile, then the gateway should redirect the user to exactly this URL after login.

@Configuration
@EnableWebFluxSecurity
public class SecurityConfiguration {

    @Bean
    public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity httpSecurity) {
        httpSecurity
                .csrf().disable()
                .authorizeExchange()
                .anyExchange().authenticated()
                .and()
                .oauth2Login()
                // Use original user-agent URL here?
                .authenticationSuccessHandler(new RedirectServerAuthenticationSuccessHandler("http://localhost:8093"))
                .and()
                .exceptionHandling().authenticationEntryPoint(new HttpStatusServerEntryPoint(HttpStatus.UNAUTHORIZED))
                .and()
                .oauth2ResourceServer().jwt();
        return httpSecurity.build();
    }
}

This question is also available at https://stackoverflow.com/q/71176804/478406 but the answer seems not to apply when using @EnableWebfluxSecurity.

[sjohnr]

Hi @straurob! Sorry for the delay, I don't have time to check in on this repo very often.

I'm assuming that the application on port 8093 is either your Vue application or a bundled version of it being served by the gateway? There are some details missing from the overview of your app so let me know if I'm misunderstanding.

The answer on stackoverflow seems pretty close to what you're looking for. You just need to adapt the implementation to use ServerAuthenticationSuccessHandler instead. You can use the DefaultServerRedirectStrategy class to perform the actual work, which pretty much just sets the status code to 302 and adds a Location header.

I would caution you on the use of the Referer header and performing redirects of this kind however. It could result in an open-redirector that could be used by attackers. It would be better to simply redirect to a specific URL within your Vue application that uses (previously persisted) state within the client application to determine what route to return to after the auth flow.

[straurob]

Thanks for the feedback, @sjohnr.

It would be better to simply redirect to a specific URL within your Vue application that uses (previously persisted) state within the client application to determine what route to return to after the auth flow.

Yes, I agree on your idea. This is probably the easiest and concise way to do it.