package com.mossle.security.util;
import java.io.IOException;
import javax.annotation.Resource;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import com.mossle.api.tenant.TenantHolder;
import com.mossle.security.SecurityConstants;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
public class RememberLastUsernameAuthenticationFailureHandler extends
SimpleUrlAuthenticationFailureHandler {
private TenantHolder tenantHolder;
@Override
public void onAuthenticationFailure(HttpServletRequest request,
HttpServletResponse response, AuthenticationException exception)
throws IOException, ServletException {
HttpSession session = request.getSession();
session.setAttribute(
SecurityConstants.SECURITY_LAST_USERNAME,
request.getParameter(UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_USERNAME_KEY));
session.setAttribute(SecurityConstants.SECURITY_LAST_TENANT,
tenantHolder.getTenantCode());
Integer failureCount = (Integer) session
.getAttribute("SECURITY_FAILURE_COUNT");
if (failureCount == null) {
failureCount = 0;
}
failureCount++;
if (failureCount > 3) {
session.removeAttribute("SECURITY_FAILURE_COUNT");
session.setAttribute("captchaSessionToken", true);
} else {
session.setAttribute("SECURITY_FAILURE_COUNT", failureCount);
}
super.onAuthenticationFailure(request, response, exception);
}
@Resource
public void setTenantHolder(TenantHolder tenantHolder) {
this.tenantHolder = tenantHolder;
}
}