Authentication object into the
* HttpSession.
*
*
* This filter is responsible for processing authentication requests. If
* authentication is successful, the resulting {@link Authentication} object
* will be placed into the HttpSession with the attribute defined
* by {@link HttpSessionIntegrationFilter#ACEGI_SECURITY_AUTHENTICATION_KEY}.
*
* If authentication fails, the AuthenticationException will be
* placed into the HttpSession with the attribute defined by
* {@link #ACEGI_SECURITY_LAST_EXCEPTION_KEY}.
*
* To use this filter, it is necessary to specify the following properties: *
* *defaultTargetUrl indicates the URL that should be used for
* redirection if the HttpSession attribute named {@link
* #ACEGI_SECURITY_TARGET_URL_KEY} does not indicate the target URL once
* authentication is completed successfully. eg: /. This will be
* treated as relative to the web-app's context path, and should include the
* leading /.
* authenticationFailureUrl indicates the URL that should be used
* for redirection if the authentication request fails. eg:
* /login.jsp?login_error=1.
* filterProcessesUrl indicates the URL that this filter will
* respond to. This parameter varies by subclass.
* null
*/
private String defaultTargetUrl;
/**
* The URL destination that this filter intercepts and processes (usually
* something like /j_acegi_security_check)
*/
private String filterProcessesUrl = getDefaultFilterProcessesUrl();
//~ Methods ================================================================
/**
* Specifies the default filterProcessesUrl for the
* implementation.
*
* @return the default filterProcessesUrl
*/
public abstract String getDefaultFilterProcessesUrl();
/**
* Performs actual authentication.
*
* @param request from which to extract parameters and perform the
* authentication
*
* @return the authenticated user
*
* @throws AuthenticationException if authentication fails
*/
public abstract Authentication attemptAuthentication(
HttpServletRequest request) throws AuthenticationException;
public void setAuthenticationFailureUrl(String authenticationFailureUrl) {
this.authenticationFailureUrl = authenticationFailureUrl;
}
public String getAuthenticationFailureUrl() {
return authenticationFailureUrl;
}
public String getAuthenticationServiceFailureUrl() {
return authenticationServiceFailureUrl;
}
public void setAuthenticationServiceFailureUrl(String authenticationServiceFailureUrl) {
this.authenticationServiceFailureUrl = authenticationServiceFailureUrl;
}
public String getAuthenticationCredentialCheckFailureUrl() {
return authenticationCredentialCheckFailureUrl;
}
public void setAuthenticationCredentialCheckFailureUrl(String authenticationCredentialCheckFailureUrl) {
this.authenticationCredentialCheckFailureUrl = authenticationCredentialCheckFailureUrl;
}
public String getAuthenticationDisabledFailureUrl() {
return authenticationDisabledFailureUrl;
}
public void setAuthenticationDisabledFailureUrl(String authenticationDisabledFailureUrl) {
this.authenticationDisabledFailureUrl = authenticationDisabledFailureUrl;
}
public String getAuthenticationLockedFailureUrl() {
return authenticationLockedFailureUrl;
}
public void setAuthenticationLockedFailureUrl(String authenticationLockedFailureUrl) {
this.authenticationLockedFailureUrl = authenticationLockedFailureUrl;
}
public String getAuthenticationProxyUntrustedFailureUrl() {
return authenticationProxyUntrustedFailureUrl;
}
public void setAuthenticationProxyUntrustedFailureUrl(String authenticationProxyUntrustedFailureUrl) {
this.authenticationProxyUntrustedFailureUrl = authenticationProxyUntrustedFailureUrl;
}
public String getAuthenticationUsernameNotFoundFailureUrl() {
return authenticationUsernameNotFoundFailureUrl;
}
public void setAuthenticationUsernameNotFoundFailureUrl(String authenticationUsernameNotFoundFailureUrl) {
this.authenticationUsernameNotFoundFailureUrl = authenticationUsernameNotFoundFailureUrl;
}
public void setAuthenticationManager(
AuthenticationManager authenticationManager) {
this.authenticationManager = authenticationManager;
}
public AuthenticationManager getAuthenticationManager() {
return authenticationManager;
}
public void setDefaultTargetUrl(String defaultTargetUrl) {
this.defaultTargetUrl = defaultTargetUrl;
}
public String getDefaultTargetUrl() {
return defaultTargetUrl;
}
public void setFilterProcessesUrl(String filterProcessesUrl) {
this.filterProcessesUrl = filterProcessesUrl;
}
public String getFilterProcessesUrl() {
return filterProcessesUrl;
}
public void afterPropertiesSet() throws Exception {
if ((filterProcessesUrl == null) || "".equals(filterProcessesUrl)) {
throw new IllegalArgumentException(
"filterProcessesUrl must be specified");
}
if ((defaultTargetUrl == null) || "".equals(defaultTargetUrl)) {
throw new IllegalArgumentException(
"defaultTargetUrl must be specified");
}
if ((authenticationFailureUrl == null)
|| "".equals(authenticationFailureUrl)) {
throw new IllegalArgumentException(
"authenticationFailureUrl must be specified");
}
if (authenticationManager == null) {
throw new IllegalArgumentException(
"authenticationManager must be specified");
}
}
public void destroy() {}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
if (!(request instanceof HttpServletRequest)) {
throw new ServletException("Can only process HttpServletRequest");
}
if (!(response instanceof HttpServletResponse)) {
throw new ServletException("Can only process HttpServletResponse");
}
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
if (httpRequest.getRequestURL().toString().endsWith(httpRequest
.getContextPath() + filterProcessesUrl)) {
if (logger.isDebugEnabled()) {
logger.debug("Request is to process authentication");
}
Authentication authResult;
try {
authResult = attemptAuthentication(httpRequest);
} catch (AuthenticationException failed) {
// Authentication failed
String failureUrl = authenticationFailureUrl;
if (failed instanceof AuthenticationServiceException && authenticationServiceFailureUrl != null) {
failureUrl = authenticationServiceFailureUrl;
}
if (failed instanceof BadCredentialsException && this.authenticationCredentialCheckFailureUrl != null) {
failureUrl = authenticationCredentialCheckFailureUrl;
}
if (failed instanceof DisabledException && authenticationDisabledFailureUrl != null) {
failureUrl = authenticationDisabledFailureUrl;
}
if (failed instanceof LockedException && authenticationLockedFailureUrl != null) {
failureUrl = authenticationLockedFailureUrl;
}
if (failed instanceof ProxyUntrustedException && authenticationProxyUntrustedFailureUrl != null) {
failureUrl = authenticationProxyUntrustedFailureUrl;
}
if (failed instanceof UsernameNotFoundException && this.authenticationUsernameNotFoundFailureUrl != null) {
failureUrl = authenticationUsernameNotFoundFailureUrl;
}
if (logger.isDebugEnabled()) {
logger.debug("Authentication request failed: "
+ failed.toString());
}
httpRequest.getSession().setAttribute(ACEGI_SECURITY_LAST_EXCEPTION_KEY,
failed);
httpRequest.getSession().setAttribute(HttpSessionIntegrationFilter.ACEGI_SECURITY_AUTHENTICATION_KEY,
null);
httpResponse.sendRedirect(httpResponse.encodeRedirectURL(httpRequest
.getContextPath() + failureUrl));
return;
}
// Authentication success
if (logger.isDebugEnabled()) {
logger.debug("Authentication success: " + authResult.toString());
}
httpRequest.getSession().setAttribute(HttpSessionIntegrationFilter.ACEGI_SECURITY_AUTHENTICATION_KEY,
authResult);
String targetUrl = (String) httpRequest.getSession().getAttribute(ACEGI_SECURITY_TARGET_URL_KEY);
httpRequest.getSession().setAttribute(ACEGI_SECURITY_TARGET_URL_KEY,
null);
if (targetUrl == null) {
targetUrl = httpRequest.getContextPath() + defaultTargetUrl;
}
if (logger.isDebugEnabled()) {
logger.debug(
"Redirecting to target URL from HTTP Session (or default): "
+ targetUrl);
}
httpResponse.sendRedirect(httpResponse.encodeRedirectURL(targetUrl));
return;
}
chain.doFilter(request, response);
}
}