Add hook methods to AbstractProcessingFilter.

2025-06-27 06:12:27 +00:00 · 2004-12-20 11:14:34 +00:00 · 2004-12-20 11:14:34 +00:00 · 823a2e990b
commit 823a2e990b
parent 67d642cfeb
2 changed files with 90 additions and 62 deletions
--- a/core/src/main/java/org/acegisecurity/ui/AbstractProcessingFilter.java
+++ b/core/src/main/java/org/acegisecurity/ui/AbstractProcessingFilter.java
@ -311,83 +311,110 @@ public abstract class AbstractProcessingFilter implements Filter,
                logger.debug("Request is to process authentication");
            }
            onPreAuthentication(httpRequest, httpResponse);
            Authentication authResult;
            try {
                authResult = attemptAuthentication(httpRequest);
            } catch (AuthenticationException failed) {
                // Authentication failed
-                String failureUrl = authenticationFailureUrl;
+                unsuccessfulAuthentication(httpRequest, httpResponse, failed);
                if (failed instanceof AuthenticationServiceException
                    && (authenticationServiceFailureUrl != null)) {
                    failureUrl = authenticationServiceFailureUrl;
                }
                if (failed instanceof BadCredentialsException
                    && (this.authenticationCredentialCheckFailureUrl != null)) {
                    failureUrl = authenticationCredentialCheckFailureUrl;
                }
                if (failed instanceof DisabledException
                    && (authenticationDisabledFailureUrl != null)) {
                    failureUrl = authenticationDisabledFailureUrl;
                }
                if (failed instanceof LockedException
                    && (authenticationLockedFailureUrl != null)) {
                    failureUrl = authenticationLockedFailureUrl;
                }
                if (failed instanceof ProxyUntrustedException
                    && (authenticationProxyUntrustedFailureUrl != null)) {
                    failureUrl = authenticationProxyUntrustedFailureUrl;
                }
                if (logger.isDebugEnabled()) {
                    logger.debug("Authentication request failed: "
                        + failed.toString());
                }
                httpRequest.getSession().setAttribute(ACEGI_SECURITY_LAST_EXCEPTION_KEY,
                    failed);
                httpRequest.getSession().removeAttribute(HttpSessionIntegrationFilter.ACEGI_SECURITY_AUTHENTICATION_KEY);
                httpResponse.sendRedirect(httpResponse.encodeRedirectURL(httpRequest
                        .getContextPath() + failureUrl));
                return;
            }
            // Authentication success
-            if (logger.isDebugEnabled()) {
+            successfulAuthentication(httpRequest, httpResponse, authResult);
                logger.debug("Authentication success: " + authResult.toString());
            }
            httpRequest.getSession().setAttribute(HttpSessionIntegrationFilter.ACEGI_SECURITY_AUTHENTICATION_KEY,
                authResult);
            String targetUrl = (String) httpRequest.getSession().getAttribute(ACEGI_SECURITY_TARGET_URL_KEY);
            httpRequest.getSession().removeAttribute(ACEGI_SECURITY_TARGET_URL_KEY);
            if (alwaysUseDefaultTargetUrl == true) {
                targetUrl = null;
            }
            if (targetUrl == null) {
                targetUrl = httpRequest.getContextPath() + defaultTargetUrl;
            }
            if (logger.isDebugEnabled()) {
                logger.debug(
                    "Redirecting to target URL from HTTP Session (or default): "
                    + targetUrl);
            }
            httpResponse.sendRedirect(httpResponse.encodeRedirectURL(targetUrl));
            return;
        }
        chain.doFilter(request, response);
    }
    protected void onPreAuthentication(HttpServletRequest request,
        HttpServletResponse response) throws IOException {}
    protected void onSuccessfulAuthentication(HttpServletRequest request,
        HttpServletResponse response) throws IOException {}
    protected void onUnsuccessfulAuthentication(HttpServletRequest request,
        HttpServletResponse response) throws IOException {}
    protected void successfulAuthentication(HttpServletRequest request,
        HttpServletResponse response, Authentication authResult)
        throws IOException {
        if (logger.isDebugEnabled()) {
            logger.debug("Authentication success: " + authResult.toString());
        }
        request.getSession().setAttribute(HttpSessionIntegrationFilter.ACEGI_SECURITY_AUTHENTICATION_KEY,
            authResult);
        String targetUrl = (String) request.getSession().getAttribute(ACEGI_SECURITY_TARGET_URL_KEY);
        request.getSession().removeAttribute(ACEGI_SECURITY_TARGET_URL_KEY);
        if (alwaysUseDefaultTargetUrl == true) {
            targetUrl = null;
        }
        if (targetUrl == null) {
            targetUrl = request.getContextPath() + defaultTargetUrl;
        }
        if (logger.isDebugEnabled()) {
            logger.debug(
                "Redirecting to target URL from HTTP Session (or default): "
                + targetUrl);
        }
        onSuccessfulAuthentication(request, response);
        response.sendRedirect(response.encodeRedirectURL(targetUrl));
    }
    protected void unsuccessfulAuthentication(HttpServletRequest request,
        HttpServletResponse response, AuthenticationException failed)
        throws IOException {
        String failureUrl = authenticationFailureUrl;
        if (failed instanceof AuthenticationServiceException
            && (authenticationServiceFailureUrl != null)) {
            failureUrl = authenticationServiceFailureUrl;
        }
        if (failed instanceof BadCredentialsException
            && (this.authenticationCredentialCheckFailureUrl != null)) {
            failureUrl = authenticationCredentialCheckFailureUrl;
        }
        if (failed instanceof DisabledException
            && (authenticationDisabledFailureUrl != null)) {
            failureUrl = authenticationDisabledFailureUrl;
        }
        if (failed instanceof LockedException
            && (authenticationLockedFailureUrl != null)) {
            failureUrl = authenticationLockedFailureUrl;
        }
        if (failed instanceof ProxyUntrustedException
            && (authenticationProxyUntrustedFailureUrl != null)) {
            failureUrl = authenticationProxyUntrustedFailureUrl;
        }
        if (logger.isDebugEnabled()) {
            logger.debug("Authentication request failed: " + failed.toString());
        }
        request.getSession().setAttribute(ACEGI_SECURITY_LAST_EXCEPTION_KEY,
            failed);
        request.getSession().removeAttribute(HttpSessionIntegrationFilter.ACEGI_SECURITY_AUTHENTICATION_KEY);
        onUnsuccessfulAuthentication(request, response);
        response.sendRedirect(response.encodeRedirectURL(request.getContextPath()
                + failureUrl));
    }
 }
--- a/doc/xdocs/changes.xml
+++ b/doc/xdocs/changes.xml
@ -52,6 +52,7 @@
      <action dev="benalex" type="update">Made DaoAuthenticationProvider detect null in Authentication.principal</action>
      <action dev="benalex" type="update">Improved JaasAuthenticationProvider startup error detection</action>
      <action dev="benalex" type="update">Refactored EH-CACHE implementations to use Spring IoC defined caches instead</action>
      <action dev="benalex" type="update">AbstractProcessingFilter now has various hook methods to assist subclasses</action>
      <action dev="benalex" type="fix">Fixed ambiguous column references in JdbcDaoImpl default query</action>
      <action dev="benalex" type="fix">Fixed AbstractProcessingFilter to use removeAttribute (JRun compatibility)</action>
      <action dev="benalex" type="fix">Fixed GrantedAuthorityEffectiveAclResolver support of UserDetails principals</action>