KaaAdminAuthFailureHandler.java

/*
 * Copyright 2014-2016 CyberVision, Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.kaaproject.kaa.server.admin.services.auth;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.DefaultRedirectStrategy;
import org.springframework.security.web.RedirectStrategy;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.util.UrlUtils;
import org.springframework.util.Assert;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class KaaAdminAuthFailureHandler implements AuthenticationFailureHandler {

  private static final Logger LOG = LoggerFactory.getLogger(KaaAdminAuthFailureHandler.class);

  private String defaultFailureUrl;
  private boolean forwardToDestination = false;
  private boolean allowSessionCreation = true;
  private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();

  public KaaAdminAuthFailureHandler() {
  }

  public KaaAdminAuthFailureHandler(String defaultFailureUrl) {
    setDefaultFailureUrl(defaultFailureUrl);
  }

  /**
   * Performs the redirect or forward to the {@code defaultFailureUrl} if set, otherwise returns a
   * 401 error code.
   *
   * <p>If redirecting or forwarding, {@code saveException}
   * will be called to cache the exception for use in the target view.
   */
  public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
                                      AuthenticationException exception)
      throws IOException, ServletException {

    if (defaultFailureUrl == null) {
      LOG.debug("No failure URL set, sending 401 Unauthorized error");

      response.sendError(
          HttpServletResponse.SC_UNAUTHORIZED,
          "Authentication Failed: " + exception.getLocalizedMessage());
    } else {
      saveException(request, exception);

      String targetUrl = defaultFailureUrl;

      if (forwardToDestination) {
        LOG.debug("Forwarding to " + targetUrl);

        request.getRequestDispatcher(targetUrl).forward(request, response);
      } else {
        response.addHeader("Error", exception.getLocalizedMessage());
        if (exception instanceof TempCredentialsException) {
          response.addHeader("ErrorType", "TempCredentials");
        } else {
          response.addHeader("ErrorType", "GeneralError");
        }
        response.setStatus(HttpServletResponse.SC_OK);
      }
    }
  }

  /**
   * Caches the {@code AuthenticationException} for use in view rendering.
   *
   * <p>If {@code
   * forwardToDestination} is set to true, request scope will be used, otherwise it will attempt to
   * store the exception in the session. If there is no session and {@code allowSessionCreation} is
   * {@code true} a session will be created. Otherwise the exception will not be stored.
   *
   * @param request   the request
   * @param exception the exception
   */
  protected final void saveException(HttpServletRequest request,
                                     AuthenticationException exception) {
    // Do nothing
  }

  /**
   * The URL which will be used as the failure destination.
   *
   * @param defaultFailureUrl the failure URL, for example "/loginFailed.jsp".
   */
  public void setDefaultFailureUrl(String defaultFailureUrl) {
    Assert.isTrue(UrlUtils.isValidRedirectUrl(defaultFailureUrl),
        "'" + defaultFailureUrl + "' is not a valid redirect URL");
    this.defaultFailureUrl = defaultFailureUrl;
  }

  protected boolean isUseForward() {
    return forwardToDestination;
  }

  /**
   * If set to <tt>true</tt>, performs a forward to the failure destination URL instead of a
   * redirect. Defaults to <tt>false</tt>.
   *
   * @param forwardToDestination the forward to destination
   */
  public void setUseForward(boolean forwardToDestination) {
    this.forwardToDestination = forwardToDestination;
  }

  protected RedirectStrategy getRedirectStrategy() {
    return redirectStrategy;
  }

  /**
   * Allows overriding of the behaviour when redirecting to a target URL.
   *
   * @param redirectStrategy the redirect strategy
   */
  public void setRedirectStrategy(RedirectStrategy redirectStrategy) {
    this.redirectStrategy = redirectStrategy;
  }

  protected boolean isAllowSessionCreation() {
    return allowSessionCreation;
  }

  public void setAllowSessionCreation(boolean allowSessionCreation) {
    this.allowSessionCreation = allowSessionCreation;
  }
}