com.irs.security.MyUsernamePasswordAuthenticationFilter.java Source code

Java tutorial

  1. HOME
  2. Java
  3. com.irs.security.MyUsernamePasswordAuthenticationFilter.java

Introduction

Here is the source code for com.irs.security.MyUsernamePasswordAuthenticationFilter.java

Source

/*
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the
 * Free Software Foundation, Inc.,
 * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 */
package com.irs.security;

import java.io.PrintWriter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.authentication.encoding.Md5PasswordEncoder;
import org.springframework.security.authentication.encoding.PasswordEncoder;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

/**
 *
 * @author nguni52
 */
public class MyUsernamePasswordAuthenticationFilter extends UsernamePasswordAuthenticationFilter {
    private Log log = LogFactory.getLog(MyUsernamePasswordAuthenticationFilter.class.getName());
    private PasswordEncoder passwordEncoder = new Md5PasswordEncoder();

    @Override
    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
            throws AuthenticationException {
        String username = request.getParameter(SPRING_SECURITY_FORM_USERNAME_KEY);
        String password = request.getParameter(SPRING_SECURITY_FORM_PASSWORD_KEY);
        if (password.trim().isEmpty()) {
            //force logout
            SecurityContextHolder.getContext().setAuthentication(null);
            Authentication auth = SecurityContextHolder.getContext().getAuthentication();
            try {
                PrintWriter out = response.getWriter();
                //response.sendRedirect(username)
                out.print(
                        "<html><body><center><h1><font color=\"red\">Empty password not allowed!!!!!!</font><h1><a href=\""
                                + request.getContextPath() + "/login\">Back to login</a></center></body></html>");
            } catch (Exception ex) {
            }

            return auth;
        }

        return super.attemptAuthentication(request, response);
    }

    @Override
    protected String obtainPassword(HttpServletRequest request) {
        return super.obtainPassword(request);
    }

    @Override
    protected String obtainUsername(HttpServletRequest request) {
        return super.obtainUsername(request);
    }

    @Override
    protected boolean requiresAuthentication(HttpServletRequest request, HttpServletResponse response) {
        return super.requiresAuthentication(request, response);
    }
}