Dec 24

Customizing Post Authentication Handlers

In a Security enabled WaveMaker app, post-authentication the following actions are performed:

  1. The Default Success Handler, which includes generation of CSRF token, storing the session context, etc., gets invoked.
  2. Next, any custom authentication success handlers provided by the app developer are triggered.
  3. Post authentication redirection handler will be triggered. This can either be the default redirection handler provided by WaveMaker or any custom redirection handler provided by the app developer.

This section shows how custom post-authentication success handler and custom redirection handler can be implemented.

Custom Post-Authentication Success Handler

Post-Authentication Success Handlers, apart from the default one, can be implemented as per app requirements. At app runtime, WaveMaker will automatically trigger these custom handlers.

Creating custom post-authentication success handler involves the following steps:

  • Creation of a package structure in src/main/java.
  • Creating the interface implementation in that package.
  • Declaring the custom post-authentication success handler implementation (along with the path) in project-user-spring.xml.

Note: Multiple implementations can be provided as per your app requirements by following the above-mentioned steps for each handler.

Interface to implement

After creating the package structure, the following interface needs to be implemented in that package for creating a custom post-authentication success handler.

For example, the following CustomAuthenticationSuccessHandler fetches lastAccessedTime of the authenticated user and sets it in the custom attributes.

Custom Handler Declaration

Declare the above-created custom post-authentication success handler implementation (along with the path) in project-user-spring.xml. At app runtime, WaveMaker will automatically trigger these custom handlers.

WMAuthentication Class

WMAuthentication wrapper class holds authentication information like principal, loginTime, userId and the original authentication object. This wrapper class has the following structure:

You can add custom attributes using the addAttribute method. You need to implement methods in the authenticationSuccessHandler interface and call the below method of wmAuthentication object to add any custom attributes.


Each attribute is associated with a key, value and a scope.

Attribute Scope

AttributeScope determines whether the attribute is server only property or can be visible to both client and server. You can filter out the custom attributes from being visible to the client by setting Attribute.AttributeScope property.

Post-Authentication Redirection Handler

Post authentication, the Redirection Handler redirects to the appropriate landing page based upon the login user role.

To customize the redirection, implement the following interface and declare as a bean in project-user-spring.xml (as mentioned in the earlier section for success handlers).

Interface to implement:

We use cookies to provide you with a better experience. By using our website you agree to the use of cookies as described in our Privacy Policy.