DelegateAuthenticationSuccessHandler.java example

Explorer
sched-assist-master
/**
 * Licensed to Jasig under one or more contributor license
 * agreements. See the NOTICE file distributed with this work
 * for additional information regarding copyright ownership.
 * Jasig licenses this file to you under the Apache License,
 * Version 2.0 (the "License"); you may not use this file
 * except in compliance with the License. You may obtain a
 * copy of the License at:
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on
 * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied. See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */


package org.jasig.schedassist.web.security;

import java.io.IOException;
import java.util.Collection;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.web.DefaultRedirectStrategy;
import org.springframework.security.web.RedirectStrategy;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;

/**
 * {@link AuthenticationSuccessHandler} for the delegation login form.
 *  
 * @author Nicholas Blair, nblair@doit.wisc.edu
 * @version $Id: DelegateAuthenticationSuccessHandler.java 2089 2010-05-03 19:04:26Z npblair $
 */
public final class DelegateAuthenticationSuccessHandler implements AuthenticationSuccessHandler {

	private String delegateOwnerTarget;
	private String delegateRegisterTarget;
	private String logoutTarget;
	private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();

	/**
	 * @param delegateOwnerTarget the delegateOwnerTarget to set
	 */
	public void setDelegateOwnerTarget(String delegateOwnerTarget) {
		this.delegateOwnerTarget = delegateOwnerTarget;
	}
	/**
	 * @param delegateRegisterTarget the delegateRegisterTarget to set
	 */
	public void setDelegateRegisterTarget(String delegateRegisterTarget) {
		this.delegateRegisterTarget = delegateRegisterTarget;
	}
	/**
	 * @param logoutTarget the logoutTarget to set
	 */
	public void setLogoutTarget(String logoutTarget) {
		this.logoutTarget = logoutTarget;
	}
	/**
	 * @param redirectStrategy the redirectStrategy to set
	 */
	public void setRedirectStrategy(RedirectStrategy redirectStrategy) {
		this.redirectStrategy = redirectStrategy;
	}


	/**
	 * Redirects to the correct url based on the {@link GrantedAuthority}s contained by the {@link Authentication} argument.
	 * 
	 * @see org.springframework.security.web.authentication.AuthenticationSuccessHandler#onAuthenticationSuccess(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, org.springframework.security.core.Authentication)
	 */
	public void onAuthenticationSuccess(HttpServletRequest request,
			HttpServletResponse response, Authentication authentication)
	throws IOException, ServletException {

		Collection<GrantedAuthority> authorities = authentication.getAuthorities();
		if(authorities.contains(SecurityConstants.DELEGATE_OWNER)) {
			// redirect to delegateOwnerTarget
			this.redirectStrategy.sendRedirect(request, response, this.delegateOwnerTarget);
		} else if(authorities.contains(SecurityConstants.DELEGATE_REGISTER)) {
			// redirect to delegateRegisterTarget
			this.redirectStrategy.sendRedirect(request, response, this.delegateRegisterTarget);
		} else {
			// this must be a logout success
			// redirect to logoutTarget
			this.redirectStrategy.sendRedirect(request, response, this.logoutTarget);
		}
	}

}