AuthenticationProcessingFilter2.java example

Explorer
hudson.core-master
/*******************************************************************************
 *
 * Copyright (c) 2004-2009 Oracle Corporation.
 *
 * All rights reserved. This program and the accompanying materials
 * are made available under the terms of the Eclipse Public License v1.0
 * which accompanies this distribution, and is available at
 * http://www.eclipse.org/legal/epl-v10.html
 *
 * Contributors:
 * 
 *    Kohsuke Kawaguchi, Matthew R. Harrah
 *
 *
 *******************************************************************************/ 

package hudson.security;

import java.util.logging.Logger;
import java.util.logging.Level;
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

/**
 * {@link AuthenticationProcessingFilter} with a change for Hudson so that we
 * can pick up the hidden "from" form field defined in <tt>login.jelly</tt> to
 * send the user back to where he came from, after a successful authentication.
 *
 * @author Kohsuke Kawaguchi
 */
public class AuthenticationProcessingFilter2 extends UsernamePasswordAuthenticationFilter {
    
    private static final Logger LOGGER = Logger.getLogger(AuthenticationProcessingFilter2.class.getName());

    @Override
    protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed) throws IOException, ServletException {
        SimpleUrlAuthenticationFailureHandler handler = (SimpleUrlAuthenticationFailureHandler) super.getFailureHandler();
        handler.setDefaultFailureUrl("/loginError");
        super.unsuccessfulAuthentication(request, response, failed); 
        LOGGER.log(Level.INFO, "Login attempt Failed - ", failed.getLocalizedMessage());
    }

    @Override
    protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Authentication authResult) throws IOException, ServletException {
        SavedRequestAwareAuthenticationSuccessHandler handler = (SavedRequestAwareAuthenticationSuccessHandler) super.getSuccessHandler();
        String targetUrl = request.getParameter("from");
        if ((targetUrl != null) && !targetUrl.equals("")) {
            handler.setDefaultTargetUrl(targetUrl);
        }else{
            handler.setDefaultTargetUrl("/");
        }
        super.successfulAuthentication(request, response, chain, authResult); 
        LOGGER.log(Level.INFO, "Login attempt successful for user", authResult.getPrincipal());
    }
    
    
    

//    @Override
//    protected String determineTargetUrl(HttpServletRequest request) {
//        String targetUrl = request.getParameter("from");
//        request.getSession().setAttribute("from", targetUrl);
//
//        if (targetUrl == null) {
//            return getDefaultTargetUrl();
//        }
//
//        // URL returned from determineTargetUrl() is resolved against the context path,
//        // whereas the "from" URL is resolved against the top of the website, so adjust this.
//        if (targetUrl.startsWith(request.getContextPath())) {
//            return targetUrl.substring(request.getContextPath().length());
//        }
//
//        // not sure when this happens, but apparently this happens in some case.
//        // see #1274
//        return targetUrl;
//    }
//
//    /**
//     * @see
//     * org.springframework.security.ui.AbstractProcessingFilter#determineFailureUrl(javax.servlet.http.HttpServletRequest,
//     * org.springframework.security.AuthenticationException)
//     */
//    @Override
//    protected String determineFailureUrl(HttpServletRequest request, AuthenticationException failed) {
//        Properties excMap = getExceptionMappings();
//        String failedClassName = failed.getClass().getName();
//        String whereFrom = request.getParameter("from");
//        request.getSession().setAttribute("from", whereFrom);
//        return excMap.getProperty(failedClassName, getAuthenticationFailureUrl());
//    }
//
//    /**
//     * Leave the information about login failure.
//     *
//     * <p> Otherwise it seems like Spring Security doesn't really leave the
//     * detail of the failure anywhere.
//     */
//    @Override
//    protected void onUnsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed) throws IOException {
//        super.onUnsuccessfulAuthentication(request, response, failed);
//        LOGGER.log(Level.INFO, "Login attempt failed", failed);
//    }
//    private static final Logger LOGGER = Logger.getLogger(AuthenticationProcessingFilter2.class.getName());
}