Java tutorial
package org.smigo.user.authentication; /* * #%L * Smigo * %% * Copyright (C) 2015 Christian Nilsson * %% * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as * published by the Free Software Foundation, either version 3 of the * License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Lesser Public License for more details. * * You should have received a copy of the GNU General Lesser Public * License along with this program. If not, see * <http://www.gnu.org/licenses/lgpl-3.0.html>. * #L% */ import com.fasterxml.jackson.databind.ObjectMapper; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.smigo.user.MailHandler; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.core.AuthenticationException; import org.springframework.security.web.authentication.AuthenticationFailureHandler; import org.springframework.stereotype.Component; import org.springframework.validation.ObjectError; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; import java.util.ArrayList; import java.util.Arrays; import java.util.List; @Component class RestAuthenticationFailureHandler implements AuthenticationFailureHandler { private final Logger log = LoggerFactory.getLogger(getClass()); @Autowired private ObjectMapper objectMapper; @Autowired private MailHandler mailHandler; @Override public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException { response.setStatus(HttpStatus.FORBIDDEN.value()); List<ObjectError> errors = new ArrayList<ObjectError>(); if (exception instanceof BadCredentialsException) { errors.add(new ObjectError("bad-credentials", "msg.badcredentials")); } else { errors.add(new ObjectError("username", "msg.unknownerror")); } String responseBody = objectMapper.writeValueAsString(errors); response.getWriter().append(responseBody); final String username = Arrays.toString(request.getParameterMap().get("username")); final String note = "Authentication Failure:" + username + System.lineSeparator() + exception; log.info(note); mailHandler.sendAdminNotification("authentication failure", note); } }