CasOAuthClientFilter.java

/**
 * Copyright (c) 2011-2014, OpenIoT
 *
 * This library is free software; you can redistribute it and/or
 * modify it either under the terms of the GNU Lesser General Public
 * License version 2.1 as published by the Free Software Foundation
 * (the "LGPL"). If you do not alter this
 * notice, a recipient may use your version of this file under the LGPL.
 *
 * You should have received a copy of the LGPL along with this library
 * in the file COPYING-LGPL-2.1; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 *
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY
 * OF ANY KIND, either express or implied. See the LGPL  for
 * the specific language governing rights and limitations.
 *
 * Contact: OpenIoT mailto: info@openiot.eu
 */

package org.openiot.security.client;

import java.io.IOException;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.util.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import io.buji.pac4j.ClientFilter;

/**
 * @author Mehdi Riahi
 * 
 */
public class CasOAuthClientFilter extends ClientFilter {
	private static Logger log = LoggerFactory.getLogger(CasOAuthClientFilter.class);

	/**
	 * If login has failed, redirect user to the error page except if the user is already
	 * authenticated, in which case redirect to the default success url.
	 * 
	 * @param token
	 *            the token representing the current authentication
	 * @param ae
	 *            the current authentication exception
	 * @param request
	 *            the incoming request
	 * @param response
	 *            the outgoing response
	 */
	@Override
	protected boolean onLoginFailure(final AuthenticationToken token, final AuthenticationException ae, final ServletRequest request,
			final ServletResponse response) {
		// is user authenticated ?
		final Subject subject = getSubject(request, response);
		if (subject.isAuthenticated()) {
			try {
				issueSuccessRedirect(request, response);
			} catch (final Exception e) {
				log.error("Cannot redirect to the default success url", e);
			}
		} else {
			try {
				ae.printStackTrace();
				WebUtils.issueRedirect(request, response, getFailureUrl());
			} catch (final IOException e) {
				log.error("Cannot redirect to failure url : {}", getFailureUrl(), e);
			}
		}
		return false;
	}
}