LoginController.java example

Explorer
hq-master
/**
 * NOTE: This copyright does *not* cover user programs that use HQ
 * program services by normal system calls through the application
 * program interfaces provided as part of the Hyperic Plug-in Development
 * Kit or the Hyperic Client Development Kit - this is merely considered
 * normal use of the program, and does *not* fall under the heading of
 *  "derived work".
 *
 *  Copyright (C) [2009-2010], VMware, Inc.
 *  This file is part of HQ.
 *
 *  HQ is free software; you can redistribute it and/or modify
 *  it under the terms version 2 of the GNU General Public License as
 *  published by the Free Software Foundation. This program is distributed
 *  in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
 *  even the implied warranty of MERCHANTABILITY or FITNESS FOR A
 *  PARTICULAR PURPOSE. See the GNU General Public License for more
 *  details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, write to the Free Software
 *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
 *  USA.
 *
 */

package org.hyperic.hq.web.login;

import java.io.IOException;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.hyperic.hq.authz.server.session.AuthzSubject;
import org.hyperic.hq.authz.shared.AuthzConstants;
import org.hyperic.hq.authz.shared.AuthzSubjectManager;
import org.hyperic.hq.ui.util.RequestUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.servlet.ModelAndView;

/**
 * This controller provides the data needs of the login view. It doesn't actually perform any 
 * authentication as that's handled by Spring Security.
 * 
 * @author David Crutchfield
 *
 */
@Controller
public class LoginController {
    private static final Log log = LogFactory.getLog(LoginController.class.getName());
    
    private AuthzSubjectManager authzSubjectManager;
    
    @Autowired
    public LoginController(AuthzSubjectManager authzSubjectManager) {
    	this.authzSubjectManager = authzSubjectManager;
    }
    
    @RequestMapping(value = "/login", method = RequestMethod.GET)
    public ModelAndView login(HttpServletRequest request, HttpServletResponse response, HttpSession session) {
        final boolean debug = log.isDebugEnabled();
        
        ModelAndView result = new ModelAndView();
        
        // ...first check for an authentication object, if one exists we are already logged in...
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        
        if (authentication != null && 
            !(authentication instanceof AnonymousAuthenticationToken) && 
            authentication.isAuthenticated()) {
            try {
                if (debug) log.debug("User has already been authenticated.  Redirecting to dashboard.");
                
                // Redirect to Dashboard.action for struts2 support
                response.sendRedirect("Dashboard.action");
                
                return result;
            } catch(IOException e) {
                log.warn("Could not perform the redirect for an authenticated user, displaying login page instead");
            }
        }
        
        // ...we're dealing with an unauthenticated user, we're going to show the login form...
        AuthzSubject guestUser = authzSubjectManager.getSubjectById(AuthzConstants.guestId);
        
        // ...before we return, check for an error message...
        boolean loginError = request.getParameter("authfailed") != null;
        
        if (loginError) {
            if (session != null) {
                AuthenticationException ex = (AuthenticationException) session.getAttribute(AbstractAuthenticationProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY);
                
                if (ex != null) {
                	try {
                		result.addObject("errorMessage", RequestUtils.message(request, ex.getMessage()));
                	} catch (Exception noKey) {
                		result.addObject("errorMessage", ex.getMessage());
                	}
                }
            }
        }
        
        result.addObject("guestUsername", (guestUser != null) ? guestUser.getName() : "guest");
        result.addObject("guestEnabled", (guestUser != null && guestUser.getActive()));
        
        // ...set a response header so we can identify the login page explicitly...
        response.setHeader("hq-requires-auth", "1");
        
        return result;
    }
}