From 5e0500933d2f805fe879ced9171c65839c72579b Mon Sep 17 00:00:00 2001
From: Vitaly Takmazov
Date: Wed, 7 Dec 2022 16:13:57 +0300
Subject: Login: use `Referer` header to redirect after the successful login

---
 src/main/java/com/juick/config/SecurityConfig.java | 36 ++++++++++++++++------
 1 file changed, 26 insertions(+), 10 deletions(-)

(limited to 'src/main/java/com/juick/config/SecurityConfig.java')

diff --git a/src/main/java/com/juick/config/SecurityConfig.java b/src/main/java/com/juick/config/SecurityConfig.java
index f93e12a8..b16dc755 100644
--- a/src/main/java/com/juick/config/SecurityConfig.java
+++ b/src/main/java/com/juick/config/SecurityConfig.java
@@ -34,7 +34,9 @@ import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.web.AuthenticationEntryPoint;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
 import org.springframework.security.web.authentication.RememberMeServices;
+import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
 import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;
 import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint;
 import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
@@ -126,30 +128,45 @@ public class SecurityConfig {
                         BasicAuthenticationFilter.class)
                 .authorizeHttpRequests(requests -> requests
                         .requestMatchers(HttpMethod.OPTIONS).permitAll()
-                        .requestMatchers("/api/", "/api/messages", "/api/avatar", "/api/messages/discussions",
-                                "/api/users", "/api/thread", "/api/tags", "/api/tlgmbtwbhk", "/api/fbwbhk",
-                                "/api/skypebotendpoint", "/api/_fblogin", "/api/_vklogin", "/api/_tglogin",
-                                "/api/_google", "/api/_applelogin", "/api/signup", "/api/inbox", "/api/events",
+                        .requestMatchers("/api/", "/api/messages", "/api/avatar",
+                                "/api/messages/discussions",
+                                "/api/users", "/api/thread", "/api/tags",
+                                "/api/tlgmbtwbhk", "/api/fbwbhk",
+                                "/api/skypebotendpoint", "/api/_fblogin",
+                                "/api/_vklogin", "/api/_tglogin",
+                                "/api/_google", "/api/_applelogin", "/api/signup",
+                                "/api/inbox", "/api/events",
                                 "/api/info/**",
                                 "/api/nodeinfo/2.0")
                         .permitAll()
                         .anyRequest().hasRole("USER"))
                 .anonymous(anonymous -> anonymous.principal(JuickUser.ANONYMOUS_USER)
                         .authorities(JuickUser.ANONYMOUS_AUTHORITY))
-                .httpBasic(httpBasic -> httpBasic.authenticationEntryPoint(juickAuthenticationEntryPoint()))
+                .httpBasic(httpBasic -> httpBasic
+                        .authenticationEntryPoint(juickAuthenticationEntryPoint()))
                 .cors(cors -> cors.configurationSource(corsConfigurationSource()))
-                .sessionManagement(sessionManagement -> sessionManagement.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
-                .exceptionHandling(exceptionHandling -> exceptionHandling.authenticationEntryPoint(juickAuthenticationEntryPoint()))
+                .sessionManagement(sessionManagement -> sessionManagement
+                        .sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+                .exceptionHandling(exceptionHandling -> exceptionHandling
+                        .authenticationEntryPoint(juickAuthenticationEntryPoint()))
                 .csrf().disable()
                 .headers().defaultsDisabled().cacheControl();
         return http.build();
     }
 
+    @Bean
+    public AuthenticationSuccessHandler successHandler() {
+        SimpleUrlAuthenticationSuccessHandler handler = new SimpleUrlAuthenticationSuccessHandler();
+        handler.setUseReferer(true);
+        return handler;
+    }
+
     @Bean
     public SecurityFilterChain wwwChain(HttpSecurity http) throws Exception {
         http.addFilterBefore(wwwAuthenticationFilter(), BasicAuthenticationFilter.class)
                 .authorizeHttpRequests(authorize -> authorize
-                        .requestMatchers("/settings", "/pm/**", "/**/bl", "/_twitter", "/post", "/post2",
+                        .requestMatchers("/settings", "/pm/**", "/**/bl", "/_twitter", "/post",
+                                "/post2",
                                 "/comment")
                         .authenticated()
                         .requestMatchers("/actuator/**").hasRole("ADMIN")
@@ -168,10 +185,9 @@ public class SecurityConfig {
                         .logoutSuccessUrl("/")
                         .deleteCookies("hash", COOKIE_NAME))
                 .formLogin(form -> form.loginPage("/login")
-                         .defaultSuccessUrl("/")
-                        .loginProcessingUrl("/login")
                         .usernameParameter("username")
                         .passwordParameter("password")
+                        .successHandler(successHandler())
                         .failureUrl("/login?error=1")
                         .permitAll())
                 .csrf(csrf -> csrf.ignoringRequestMatchers("/settings/unsubscribe", "/h2-console/**"))
-- 
cgit v1.2.3