AuthenticationController.java

/*
 * Copyright (C) 2014 Toshiaki Maki
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
 * either express or implied. See the License for the specific language
 * governing permissions and limitations under the License.
 */
package am.ik.categolj2.app.authentication;

import am.ik.categolj2.app.Categolj2Cookies;
import am.ik.categolj2.core.logger.LogManager;
import com.google.common.base.Strings;
import org.slf4j.Logger;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpEntity;
import org.springframework.http.ResponseEntity;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.provider.token.ConsumerTokenServices;
import org.springframework.stereotype.Controller;
import org.springframework.util.MultiValueMap;
import org.springframework.web.bind.annotation.CookieValue;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.client.HttpStatusCodeException;
import org.springframework.web.client.ResourceAccessException;
import org.springframework.web.client.RestTemplate;
import org.springframework.web.servlet.mvc.support.RedirectAttributes;
import org.springframework.web.util.UriComponentsBuilder;

import javax.inject.Inject;
import javax.net.ssl.SSLException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

@Controller
@RequestMapping
public class AuthenticationController {
    private static Logger logger = LogManager.getLogger();

    @Inject
    RestTemplate restTemplate;
    @Inject
    ConsumerTokenServices tokenServices;
    @Inject
    AuthenticationHelper authenticationHelper;
    @Value("${server.port:8443}")
    int httpsPort;

    @RequestMapping(value = "login", method = RequestMethod.GET)
    String loginForm() {
        return "login";
    }

    @RequestMapping(value = "login", method = RequestMethod.POST)
    String login(@RequestParam("username") String username, @RequestParam("password") String password,
                 UriComponentsBuilder builder, RedirectAttributes attributes,
                 HttpServletRequest request, HttpServletResponse response) throws IOException {
        logger.info("attempt to login (username={})", username);
        String tokenEndpoint = builder.path("oauth/token").build().toUriString();
        HttpEntity<MultiValueMap<String, Object>> ropRequest = authenticationHelper.createRopRequest(username, password);
        try {
            ResponseEntity<OAuth2AccessToken> result = restTemplate.postForEntity(tokenEndpoint, ropRequest, OAuth2AccessToken.class);
            OAuth2AccessToken accessToken = result.getBody();
            authenticationHelper.saveAccessTokenInCookie(accessToken, response);
            authenticationHelper.writeLoginHistory(accessToken, request, response);
        } catch (HttpStatusCodeException e) {
            authenticationHelper.handleHttpStatusCodeException(e, attributes);
            return "redirect:/login";
        } catch (ResourceAccessException e) {
            // I/O error on POST request for "https://xxxx:8080/oauth/token":Unrecognized SSL message, plaintext connection?
            if (e.getCause() instanceof SSLException) {
                // fallback to another port
                UriComponentsBuilder b = builder.replacePath("").port(httpsPort);
                return login(username, password, b, attributes, request, response);
            } else {
                throw e;
            }
        }
        return "redirect:/admin";
    }

    @RequestMapping({"doLogout", "dologout"})
    String logout(@CookieValue(value = Categolj2Cookies.ACCESS_TOKEN_VALUE_COOKIE, required = false) String accessTokenValue,
                  @CookieValue(value = Categolj2Cookies.REFRESH_TOKEN_VALUE_COOKIE, required = false) String refreshTokenValue,
                  HttpServletResponse response) throws IOException {
        logger.debug("remove token {}", accessTokenValue);

        if (!Strings.isNullOrEmpty(refreshTokenValue)) {
            authenticationHelper.removeRefreshTokenFromCookie(response);
        }
        if (!Strings.isNullOrEmpty(accessTokenValue)) {
            authenticationHelper.removeAccessTokenFromCookie(response);
            tokenServices.revokeToken(accessTokenValue);
        }
        authenticationHelper.removeCookie("JSESSIONID", response);
        return "redirect:/login";
    }


}