From 74bafb99a9e7325cad578171e96713f3e17977ee Mon Sep 17 00:00:00 2001
From: eugenp <hanriseldon@gmail.com>
Date: Sun, 26 May 2013 18:51:36 +0300
Subject: [PATCH] security work

---
 .../{web => }/config/ClientWebConfig.java     |  2 +-
 .../{web => }/config/SecSecurityConfig.java   |  4 +-
 .../security/CustomLogoutSuccessHandler.java  | 29 ---------
 ...uestAwareAuthenticationSuccessHandler.java | 48 ++++++++++++++
 .../RestAuthenticationEntryPoint.java         | 19 ++++++
 .../src/main/resources/webSecurityConfig.xml  | 62 ++++++++-----------
 .../src/main/webapp/WEB-INF/web.xml           |  2 +-
 7 files changed, 99 insertions(+), 67 deletions(-)
 rename spring-security-rest/src/main/java/org/baeldung/spring/{web => }/config/ClientWebConfig.java (96%)
 rename spring-security-rest/src/main/java/org/baeldung/spring/{web => }/config/SecSecurityConfig.java (66%)
 delete mode 100644 spring-security-rest/src/main/java/org/baeldung/spring/security/CustomLogoutSuccessHandler.java
 create mode 100644 spring-security-rest/src/main/java/org/baeldung/spring/security/MySavedRequestAwareAuthenticationSuccessHandler.java
 create mode 100644 spring-security-rest/src/main/java/org/baeldung/spring/security/RestAuthenticationEntryPoint.java

diff --git a/spring-security-rest/src/main/java/org/baeldung/spring/web/config/ClientWebConfig.java b/spring-security-rest/src/main/java/org/baeldung/spring/config/ClientWebConfig.java
similarity index 96%
rename from spring-security-rest/src/main/java/org/baeldung/spring/web/config/ClientWebConfig.java
rename to spring-security-rest/src/main/java/org/baeldung/spring/config/ClientWebConfig.java
index 316759b24b..d0c33bd135 100644
--- a/spring-security-rest/src/main/java/org/baeldung/spring/web/config/ClientWebConfig.java
+++ b/spring-security-rest/src/main/java/org/baeldung/spring/config/ClientWebConfig.java
@@ -1,4 +1,4 @@
-package org.baeldung.spring.web.config;
+package org.baeldung.spring.config;
 
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
diff --git a/spring-security-rest/src/main/java/org/baeldung/spring/web/config/SecSecurityConfig.java b/spring-security-rest/src/main/java/org/baeldung/spring/config/SecSecurityConfig.java
similarity index 66%
rename from spring-security-rest/src/main/java/org/baeldung/spring/web/config/SecSecurityConfig.java
rename to spring-security-rest/src/main/java/org/baeldung/spring/config/SecSecurityConfig.java
index a21a05c17d..d38c304d9a 100644
--- a/spring-security-rest/src/main/java/org/baeldung/spring/web/config/SecSecurityConfig.java
+++ b/spring-security-rest/src/main/java/org/baeldung/spring/config/SecSecurityConfig.java
@@ -1,10 +1,12 @@
-package org.baeldung.spring.web.config;
+package org.baeldung.spring.config;
 
+import org.springframework.context.annotation.ComponentScan;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.ImportResource;
 
 @Configuration
 @ImportResource({ "classpath:webSecurityConfig.xml" })
+@ComponentScan("org.baeldung.spring.security")
 public class SecSecurityConfig {
 
     public SecSecurityConfig() {
diff --git a/spring-security-rest/src/main/java/org/baeldung/spring/security/CustomLogoutSuccessHandler.java b/spring-security-rest/src/main/java/org/baeldung/spring/security/CustomLogoutSuccessHandler.java
deleted file mode 100644
index 4d19744033..0000000000
--- a/spring-security-rest/src/main/java/org/baeldung/spring/security/CustomLogoutSuccessHandler.java
+++ /dev/null
@@ -1,29 +0,0 @@
-package org.baeldung.spring.security;
-
-import java.io.IOException;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.springframework.security.core.Authentication;
-import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
-import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler;
-
-public class CustomLogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler implements LogoutSuccessHandler {
-
-    public CustomLogoutSuccessHandler() {
-        super();
-    }
-
-    // API
-
-    @Override
-    public void onLogoutSuccess(final HttpServletRequest request, final HttpServletResponse response, final Authentication authentication) throws IOException, ServletException {
-        final String refererUrl = request.getHeader("Referer");
-        System.out.println(refererUrl);
-
-        super.onLogoutSuccess(request, response, authentication);
-    }
-
-}
diff --git a/spring-security-rest/src/main/java/org/baeldung/spring/security/MySavedRequestAwareAuthenticationSuccessHandler.java b/spring-security-rest/src/main/java/org/baeldung/spring/security/MySavedRequestAwareAuthenticationSuccessHandler.java
new file mode 100644
index 0000000000..82272292de
--- /dev/null
+++ b/spring-security-rest/src/main/java/org/baeldung/spring/security/MySavedRequestAwareAuthenticationSuccessHandler.java
@@ -0,0 +1,48 @@
+package org.baeldung.spring.security;
+
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.security.core.Authentication;
+import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
+import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
+import org.springframework.security.web.savedrequest.RequestCache;
+import org.springframework.security.web.savedrequest.SavedRequest;
+import org.springframework.util.StringUtils;
+
+public class MySavedRequestAwareAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
+
+    private RequestCache requestCache = new HttpSessionRequestCache();
+
+    @Override
+    public void onAuthenticationSuccess(final HttpServletRequest request, final HttpServletResponse response, final Authentication authentication) throws ServletException, IOException {
+        final SavedRequest savedRequest = requestCache.getRequest(request, response);
+
+        if (savedRequest == null) {
+            super.onAuthenticationSuccess(request, response, authentication);
+
+            return;
+        }
+        final String targetUrlParameter = getTargetUrlParameter();
+        if (isAlwaysUseDefaultTargetUrl() || (targetUrlParameter != null && StringUtils.hasText(request.getParameter(targetUrlParameter)))) {
+            requestCache.removeRequest(request, response);
+            super.onAuthenticationSuccess(request, response, authentication);
+
+            return;
+        }
+
+        clearAuthenticationAttributes(request);
+
+        // Use the DefaultSavedRequest URL
+        // final String targetUrl = savedRequest.getRedirectUrl();
+        // logger.debug("Redirecting to DefaultSavedRequest Url: " + targetUrl);
+        // getRedirectStrategy().sendRedirect(request, response, targetUrl);
+    }
+
+    public void setRequestCache(final RequestCache requestCache) {
+        this.requestCache = requestCache;
+    }
+}
diff --git a/spring-security-rest/src/main/java/org/baeldung/spring/security/RestAuthenticationEntryPoint.java b/spring-security-rest/src/main/java/org/baeldung/spring/security/RestAuthenticationEntryPoint.java
new file mode 100644
index 0000000000..53f2a736e0
--- /dev/null
+++ b/spring-security-rest/src/main/java/org/baeldung/spring/security/RestAuthenticationEntryPoint.java
@@ -0,0 +1,19 @@
+package org.baeldung.spring.security;
+
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.stereotype.Component;
+
+@Component
+public final class RestAuthenticationEntryPoint implements AuthenticationEntryPoint {
+
+    @Override
+    public void commence(final HttpServletRequest request, final HttpServletResponse response, final AuthenticationException authException) throws IOException {
+        response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized");
+    }
+}
\ No newline at end of file
diff --git a/spring-security-rest/src/main/resources/webSecurityConfig.xml b/spring-security-rest/src/main/resources/webSecurityConfig.xml
index e2b63fe458..b40b5390ba 100644
--- a/spring-security-rest/src/main/resources/webSecurityConfig.xml
+++ b/spring-security-rest/src/main/resources/webSecurityConfig.xml
@@ -1,41 +1,33 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<beans:beans xmlns="http://www.springframework.org/schema/security"
-	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans"
-	xsi:schemaLocation="
-		http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
-		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd">
+<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans"
+    xmlns:sec="http://www.springframework.org/schema/security"
+    xsi:schemaLocation="
+      http://www.springframework.org/schema/security
+      http://www.springframework.org/schema/security/spring-security-3.1.xsd
+      http://www.springframework.org/schema/beans
+      http://www.springframework.org/schema/beans/spring-beans-3.2.xsd">
 
-    <debug/>
-    
-	<http use-expressions="true" >
-		<intercept-url pattern="/anonymous*" access="isAnonymous()" />
-		
-        <intercept-url pattern="/login*" access="permitAll" />
-        
-        <intercept-url pattern="/**" access="isAuthenticated()" />
+    <http entry-point-ref="restAuthenticationEntryPoint">
+        <intercept-url pattern="/api/admin/**" access="ROLE_ADMIN" />
 
-		<form-login 
-			login-page='/login.html' 
-			login-processing-url="/perform_login" 
-			default-target-url="/homepage.html"
-			authentication-failure-url="/login.html?error=true" 
-			always-use-default-target="true"/>
-            
-            <logout 
-            	logout-url="/perform_logout"
-                delete-cookies="JSESSIONID"
-                success-handler-ref="customLogoutSuccessHandler" />
-            
-	</http>
-    
-    <beans:bean name="customLogoutSuccessHandler" class="org.baeldung.spring.security.CustomLogoutSuccessHandler" />
+        <custom-filter ref="myFilter" position="FORM_LOGIN_FILTER" />
 
-	<authentication-manager>
-		<authentication-provider>
-			<user-service>
-				<user name="user1" password="user1Pass" authorities="ROLE_USER" />
-			</user-service>
-		</authentication-provider>
-	</authentication-manager>
+        <logout />
+    </http>
+
+    <beans:bean id="myFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
+        <beans:property name="authenticationManager" ref="authenticationManager" />
+        <beans:property name="authenticationSuccessHandler" ref="mySuccessHandler" />
+    </beans:bean>
+    <beans:bean id="mySuccessHandler" class="org.baeldung.spring.security.MySavedRequestAwareAuthenticationSuccessHandler" />
+
+    <authentication-manager alias="authenticationManager">
+        <authentication-provider>
+            <user-service>
+                <user name="temporary" password="temporary" authorities="ROLE_ADMIN" />
+                <user name="user" password="user" authorities="ROLE_USER" />
+            </user-service>
+        </authentication-provider>
+    </authentication-manager>
 
 </beans:beans>
\ No newline at end of file
diff --git a/spring-security-rest/src/main/webapp/WEB-INF/web.xml b/spring-security-rest/src/main/webapp/WEB-INF/web.xml
index aa8d47fe86..3238896d4a 100644
--- a/spring-security-rest/src/main/webapp/WEB-INF/web.xml
+++ b/spring-security-rest/src/main/webapp/WEB-INF/web.xml
@@ -15,7 +15,7 @@
     </context-param>
     <context-param>
         <param-name>contextConfigLocation</param-name>
-        <param-value>org.baeldung.spring.web.config</param-value>
+        <param-value>org.baeldung.spring.config</param-value>
     </context-param>
 
     <listener>