From b288d241009c9533b303ffa22f8c81d6901ddd67 Mon Sep 17 00:00:00 2001 From: Shazin Sadakath Date: Wed, 9 Mar 2016 10:17:27 -0600 Subject: [PATCH] Add ForwardAuthenticationFailureHandler Fixes gh-3727 --- .../ForwardAuthenticationFailureHandler.java | 54 +++++++++++++++++ ...wardAuthenticationFailureHandlerTests.java | 60 +++++++++++++++++++ 2 files changed, 114 insertions(+) create mode 100644 web/src/main/java/org/springframework/security/web/authentication/ForwardAuthenticationFailureHandler.java create mode 100644 web/src/test/java/org/springframework/security/web/authentication/ForwardAuthenticationFailureHandlerTests.java diff --git a/web/src/main/java/org/springframework/security/web/authentication/ForwardAuthenticationFailureHandler.java b/web/src/main/java/org/springframework/security/web/authentication/ForwardAuthenticationFailureHandler.java new file mode 100644 index 0000000000..ac0651e336 --- /dev/null +++ b/web/src/main/java/org/springframework/security/web/authentication/ForwardAuthenticationFailureHandler.java @@ -0,0 +1,54 @@ +/* + * Copyright 2002-2016 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.springframework.security.web.authentication; + +import org.springframework.security.core.AuthenticationException; +import org.springframework.security.web.WebAttributes; +import org.springframework.security.web.util.UrlUtils; +import org.springframework.util.Assert; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; + +/** + *

+ * Forward Authentication Failure Handler + *

+ * + * @author Shazin Sadakath + * + */ +public class ForwardAuthenticationFailureHandler implements AuthenticationFailureHandler { + + private final String forwardUrl; + + /** + * @param forwardUrl + */ + public ForwardAuthenticationFailureHandler(String forwardUrl) { + Assert.isTrue(UrlUtils.isValidRedirectUrl(forwardUrl), "'" + + forwardUrl + "' is not a valid forward URL"); + this.forwardUrl = forwardUrl; + } + + @Override + public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException { + request.setAttribute(WebAttributes.AUTHENTICATION_EXCEPTION, exception); + request.getRequestDispatcher(forwardUrl).forward(request, response); + } +} diff --git a/web/src/test/java/org/springframework/security/web/authentication/ForwardAuthenticationFailureHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/ForwardAuthenticationFailureHandlerTests.java new file mode 100644 index 0000000000..1ff3c131f1 --- /dev/null +++ b/web/src/test/java/org/springframework/security/web/authentication/ForwardAuthenticationFailureHandlerTests.java @@ -0,0 +1,60 @@ +/* + * Copyright 2002-2016 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.springframework.security.web.authentication; + +import org.junit.Test; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.security.core.AuthenticationException; +import org.springframework.security.web.WebAttributes; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.mockito.Mockito.mock; + +/** + *

+ * Forward Authentication Failure Handler Tests + *

+ * + * @author Shazin Sadakath + * + */ +public class ForwardAuthenticationFailureHandlerTests { + + @Test(expected = IllegalArgumentException.class) + public void invalidForwardUrl() { + new ForwardAuthenticationFailureHandler("aaa"); + } + + @Test(expected = IllegalArgumentException.class) + public void emptyForwardUrl() { + new ForwardAuthenticationFailureHandler(""); + } + + @Test + public void responseIsForwarded() throws Exception { + ForwardAuthenticationFailureHandler fafh = new ForwardAuthenticationFailureHandler("/forwardUrl"); + + MockHttpServletRequest request = new MockHttpServletRequest(); + MockHttpServletResponse response = new MockHttpServletResponse(); + AuthenticationException e = mock(AuthenticationException.class); + + fafh.onAuthenticationFailure(request, response, e); + + assertThat(response.getForwardedUrl()).isEqualTo("/forwardUrl"); + assertThat(request.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION)).isEqualTo(e); + } +}