AuthenticationWithCaptchaEntryPoint.java

/* vim: set ts=2 et sw=2 cindent fo=qroca: */

package com.globant.katari.login.local.view;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.lang.Validate;
import org.springframework.util.Assert;

import org.acegisecurity.AuthenticationException;
import org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint;

/** Determines the entry point url that shows the login form, considering if
 * the user must be challenged with a captcha or not.
 *
 * This filter checks if the ip of the client attempting the login has failed
 * once. If that is the case, then the ip is considered blacklisted for login
 * without a captcha, and any further attempt will challenge the user with a
 * captcha.
 */
public class AuthenticationWithCaptchaEntryPoint extends
  AuthenticationProcessingFilterEntryPoint {

  /** The context relative url that will show the login form with a captcha
   * challenge.
   *
   * This is never null.
   */
  private String loginWithCaptchaFormUrl;

  /** The IP BlackList, cannot be null.
  */
  private IpBlacklist blackList;

  /** {@inheritDoc}
   *
   * Validates the invariants, called by the container (spring) after setting
   * all properties.
   */
  public void afterPropertiesSet() throws Exception {
    super.afterPropertiesSet();
    Assert.notNull(loginWithCaptchaFormUrl,
        "loginWithCaptchaFormUrl required");
    Assert.notNull(blackList, "ipBlacklist required");
  }

  /** {@inheritDoc}
   */
  @Override
  protected String determineUrlToUseForThisRequest(
      final HttpServletRequest request,
      final HttpServletResponse response,
      final AuthenticationException exception) {
    if (blackList.isBlacklisted(request.getRemoteAddr())) {
      return loginWithCaptchaFormUrl;
    } else {
      return super.determineUrlToUseForThisRequest(request, response,
          exception);
    }
  }

  /** Sets the url to present the user the login form with the captcha
   * challenge.
   *
   * @param url the url of the login page with the captcha. It cannot be null.
   */
  public void setLoginWithCaptchaFormUrl(final String url) {
    Validate.notNull(url, "the captcha login form url cannot be null");
    loginWithCaptchaFormUrl = url;
  }

  /** Sets the blacklist used to decide over an invocation.
   *
   * @param theBlackList the blacklist, cannot be null
   */
  public void setIpBlacklist(final IpBlacklist theBlackList) {
    Validate.notNull(theBlackList, "Blacklist cannot be null");
    blackList = theBlackList;
  }
}