Java tutorial
/* * Copyright (c) 2016 Prasenjit Purohit * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package net.prasenjit.auth.config; import org.springframework.beans.factory.InitializingBean; import org.springframework.http.HttpStatus; import org.springframework.security.access.AccessDeniedException; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.security.web.AuthenticationEntryPoint; import org.springframework.security.web.access.AccessDeniedHandler; import org.springframework.security.web.access.AccessDeniedHandlerImpl; import org.springframework.security.web.authentication.*; import org.springframework.security.web.authentication.logout.LogoutSuccessHandler; import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler; import org.springframework.security.web.csrf.CsrfException; import org.springframework.stereotype.Component; import org.springframework.util.StringUtils; import javax.servlet.ServletException; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; /** * Created by PRASENJIT-NET on 4/21/2016. * * @author PRASEN * @version $Id: $Id */ @Component public class CustomAjaxAwareHandler implements InitializingBean, AuthenticationSuccessHandler, AuthenticationFailureHandler, AccessDeniedHandler, AuthenticationEntryPoint, LogoutSuccessHandler { private SavedRequestAwareAuthenticationSuccessHandler delegatedSuccessHandler = new SavedRequestAwareAuthenticationSuccessHandler(); private SimpleUrlAuthenticationFailureHandler delegatedFailureHandler = new SimpleUrlAuthenticationFailureHandler( "/login?error"); private AccessDeniedHandlerImpl delegatedAccessDeniedHandler = new AccessDeniedHandlerImpl(); private LoginUrlAuthenticationEntryPoint delegatedAuthenticationEntryPoint = new LoginUrlAuthenticationEntryPoint( "/login"); private SimpleUrlLogoutSuccessHandler delegatedLogoutSuccessHandler = new SimpleUrlLogoutSuccessHandler(); /** * {@inheritDoc} */ @Override public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException { if (checkIfAjaxRequest(request)) { response.setStatus(HttpStatus.OK.value()); } else { delegatedSuccessHandler.onAuthenticationSuccess(request, response, authentication); } } /** {@inheritDoc} */ @Override public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException { if (checkIfAjaxRequest(request)) { response.setStatus(HttpStatus.UNAUTHORIZED.value()); } else { delegatedFailureHandler.onAuthenticationFailure(request, response, exception); } } private boolean checkIfAjaxRequest(HttpServletRequest request) { String requestedWith = request.getHeader("X-Requested-With"); return StringUtils.hasText(requestedWith); } /** {@inheritDoc} */ @Override public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException { request.setAttribute("javax.servlet.error.status_code", HttpServletResponse.SC_FORBIDDEN); request.setAttribute("org.springframework.boot.autoconfigure.web.DefaultErrorAttributes.ERROR", accessDeniedException); if (accessDeniedException instanceof CsrfException && !response.isCommitted()) { // Remove the session cookie so that client knows it's time to obtain a new CSRF token String pCookieName = "CSRF-TOKEN"; Cookie cookie = new Cookie(pCookieName, ""); cookie.setMaxAge(0); cookie.setHttpOnly(false); cookie.setPath("/"); response.addCookie(cookie); } delegatedAccessDeniedHandler.handle(request, response, accessDeniedException); } /** {@inheritDoc} */ @Override public void afterPropertiesSet() throws Exception { delegatedAccessDeniedHandler.setErrorPage("/error"); } /** {@inheritDoc} */ @Override public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException { if (checkIfAjaxRequest(request)) { response.setStatus(HttpStatus.UNAUTHORIZED.value()); } else { delegatedAuthenticationEntryPoint.commence(request, response, authException); } } /** {@inheritDoc} */ @Override public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException { if (checkIfAjaxRequest(request)) { response.setStatus(HttpStatus.OK.value()); } else { delegatedLogoutSuccessHandler.onLogoutSuccess(request, response, authentication); } } }