security work

2013-05-26 18:51:36 +03:00 · 2013-05-26 18:51:36 +03:00 · 74bafb99a9
commit 74bafb99a9
parent 9ca6724a17
7 changed files with 99 additions and 67 deletions
--- a/spring-security-rest/src/main/java/org/baeldung/spring/web/config/ClientWebConfig.java
+++ b/spring-security-rest/src/main/java/org/baeldung/spring/web/config/ClientWebConfig.java
@ -1,4 +1,4 @@
-package org.baeldung.spring.web.config;
+package org.baeldung.spring.config;

 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
--- a/spring-security-rest/src/main/java/org/baeldung/spring/web/config/SecSecurityConfig.java
+++ b/spring-security-rest/src/main/java/org/baeldung/spring/web/config/SecSecurityConfig.java
@ -1,10 +1,12 @@
-package org.baeldung.spring.web.config;
+package org.baeldung.spring.config;

+import org.springframework.context.annotation.ComponentScan;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.ImportResource;

@Configuration
@ImportResource({ "classpath:webSecurityConfig.xml" })
+@ComponentScan("org.baeldung.spring.security")
 public class SecSecurityConfig {

    public SecSecurityConfig() {
--- a/spring-security-rest/src/main/java/org/baeldung/spring/security/CustomLogoutSuccessHandler.java
+++ b/spring-security-rest/src/main/java/org/baeldung/spring/security/CustomLogoutSuccessHandler.java
@ -1,29 +0,0 @@
-package org.baeldung.spring.security;
-
-import java.io.IOException;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.springframework.security.core.Authentication;
-import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
-import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler;
-
-public class CustomLogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler implements LogoutSuccessHandler {
-
-    public CustomLogoutSuccessHandler() {
-        super();
-    }
-
-    // API
-
-    @Override
-    public void onLogoutSuccess(final HttpServletRequest request, final HttpServletResponse response, final Authentication authentication) throws IOException, ServletException {
-        final String refererUrl = request.getHeader("Referer");
-        System.out.println(refererUrl);
-
-        super.onLogoutSuccess(request, response, authentication);
-    }
-
-}
--- a/spring-security-rest/src/main/java/org/baeldung/spring/security/MySavedRequestAwareAuthenticationSuccessHandler.java
+++ b/spring-security-rest/src/main/java/org/baeldung/spring/security/MySavedRequestAwareAuthenticationSuccessHandler.java
@ -0,0 +1,48 @@
+package org.baeldung.spring.security;
+
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.security.core.Authentication;
+import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
+import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
+import org.springframework.security.web.savedrequest.RequestCache;
+import org.springframework.security.web.savedrequest.SavedRequest;
+import org.springframework.util.StringUtils;
+
+public class MySavedRequestAwareAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
+
+    private RequestCache requestCache = new HttpSessionRequestCache();
+
+    @Override
+    public void onAuthenticationSuccess(final HttpServletRequest request, final HttpServletResponse response, final Authentication authentication) throws ServletException, IOException {
+        final SavedRequest savedRequest = requestCache.getRequest(request, response);
+
+        if (savedRequest == null) {
+            super.onAuthenticationSuccess(request, response, authentication);
+
+            return;
+        }
+        final String targetUrlParameter = getTargetUrlParameter();
+        if (isAlwaysUseDefaultTargetUrl() || (targetUrlParameter != null && StringUtils.hasText(request.getParameter(targetUrlParameter)))) {
+            requestCache.removeRequest(request, response);
+            super.onAuthenticationSuccess(request, response, authentication);
+
+            return;
+        }
+
+        clearAuthenticationAttributes(request);
+
+        // Use the DefaultSavedRequest URL
+        // final String targetUrl = savedRequest.getRedirectUrl();
+        // logger.debug("Redirecting to DefaultSavedRequest Url: " + targetUrl);
+        // getRedirectStrategy().sendRedirect(request, response, targetUrl);
+    }
+
+    public void setRequestCache(final RequestCache requestCache) {
+        this.requestCache = requestCache;
+    }
+}
--- a/spring-security-rest/src/main/java/org/baeldung/spring/security/RestAuthenticationEntryPoint.java
+++ b/spring-security-rest/src/main/java/org/baeldung/spring/security/RestAuthenticationEntryPoint.java
@ -0,0 +1,19 @@
+package org.baeldung.spring.security;
+
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.stereotype.Component;
+
+@Component
+public final class RestAuthenticationEntryPoint implements AuthenticationEntryPoint {
+
+    @Override
+    public void commence(final HttpServletRequest request, final HttpServletResponse response, final AuthenticationException authException) throws IOException {
+        response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized");
+    }
+}
--- a/spring-security-rest/src/main/resources/webSecurityConfig.xml
+++ b/spring-security-rest/src/main/resources/webSecurityConfig.xml
@ -1,41 +1,33 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<beans:beans xmlns="http://www.springframework.org/schema/security"
-	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans"
-	xsi:schemaLocation="
-		http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
-		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd">
+<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans"
+    xmlns:sec="http://www.springframework.org/schema/security"
+    xsi:schemaLocation="
+      http://www.springframework.org/schema/security
+      http://www.springframework.org/schema/security/spring-security-3.1.xsd
+      http://www.springframework.org/schema/beans
+      http://www.springframework.org/schema/beans/spring-beans-3.2.xsd">

-    <debug/>
-    
-	<http use-expressions="true" >
-		<intercept-url pattern="/anonymous*" access="isAnonymous()" />
-		
-        <intercept-url pattern="/login*" access="permitAll" />
-        
-        <intercept-url pattern="/**" access="isAuthenticated()" />
+    <http entry-point-ref="restAuthenticationEntryPoint">
+        <intercept-url pattern="/api/admin/**" access="ROLE_ADMIN" />

-		<form-login 
-			login-page='/login.html' 
-			login-processing-url="/perform_login" 
-			default-target-url="/homepage.html"
-			authentication-failure-url="/login.html?error=true" 
-			always-use-default-target="true"/>
-            
-            <logout 
-            	logout-url="/perform_logout"
-                delete-cookies="JSESSIONID"
-                success-handler-ref="customLogoutSuccessHandler" />
-            
-	</http>
-    
-    <beans:bean name="customLogoutSuccessHandler" class="org.baeldung.spring.security.CustomLogoutSuccessHandler" />
+        <custom-filter ref="myFilter" position="FORM_LOGIN_FILTER" />

-	<authentication-manager>
-		<authentication-provider>
-			<user-service>
-				<user name="user1" password="user1Pass" authorities="ROLE_USER" />
-			</user-service>
-		</authentication-provider>
-	</authentication-manager>
+        <logout />
+    </http>
+
+    <beans:bean id="myFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
+        <beans:property name="authenticationManager" ref="authenticationManager" />
+        <beans:property name="authenticationSuccessHandler" ref="mySuccessHandler" />
+    </beans:bean>
+    <beans:bean id="mySuccessHandler" class="org.baeldung.spring.security.MySavedRequestAwareAuthenticationSuccessHandler" />
+
+    <authentication-manager alias="authenticationManager">
+        <authentication-provider>
+            <user-service>
+                <user name="temporary" password="temporary" authorities="ROLE_ADMIN" />
+                <user name="user" password="user" authorities="ROLE_USER" />
+            </user-service>
+        </authentication-provider>
+    </authentication-manager>

 </beans:beans>
--- a/spring-security-rest/src/main/webapp/WEB-INF/web.xml
+++ b/spring-security-rest/src/main/webapp/WEB-INF/web.xml
@ -15,7 +15,7 @@
    </context-param>
    <context-param>
        <param-name>contextConfigLocation</param-name>
-        <param-value>org.baeldung.spring.web.config</param-value>
+        <param-value>org.baeldung.spring.config</param-value>
    </context-param>

    <listener>