security work
This commit is contained in:
eugenp
parent
9ca6724a17
commit
74bafb99a9
@ -1,4 +1,4 @@
|
|||||||
package org.baeldung.spring.web.config;
|
package org.baeldung.spring.config;
|
||||||
|
|
||||||
import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Bean;
|
||||||
import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.Configuration;
|
||||||
@ -1,10 +1,12 @@
|
|||||||
package org.baeldung.spring.web.config;
|
package org.baeldung.spring.config;
|
||||||
|
|
||||||
|
import org.springframework.context.annotation.ComponentScan;
|
||||||
import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.Configuration;
|
||||||
import org.springframework.context.annotation.ImportResource;
|
import org.springframework.context.annotation.ImportResource;
|
||||||
|
|
||||||
@Configuration
|
@Configuration
|
||||||
@ImportResource({ "classpath:webSecurityConfig.xml" })
|
@ImportResource({ "classpath:webSecurityConfig.xml" })
|
||||||
|
@ComponentScan("org.baeldung.spring.security")
|
||||||
public class SecSecurityConfig {
|
public class SecSecurityConfig {
|
||||||
|
|
||||||
public SecSecurityConfig() {
|
public SecSecurityConfig() {
|
||||||
@ -1,29 +0,0 @@
|
|||||||
package org.baeldung.spring.security;
|
|
||||||
|
|
||||||
import java.io.IOException;
|
|
||||||
|
|
||||||
import javax.servlet.ServletException;
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
|
||||||
import javax.servlet.http.HttpServletResponse;
|
|
||||||
|
|
||||||
import org.springframework.security.core.Authentication;
|
|
||||||
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
|
|
||||||
import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler;
|
|
||||||
|
|
||||||
public class CustomLogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler implements LogoutSuccessHandler {
|
|
||||||
|
|
||||||
public CustomLogoutSuccessHandler() {
|
|
||||||
super();
|
|
||||||
}
|
|
||||||
|
|
||||||
// API
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public void onLogoutSuccess(final HttpServletRequest request, final HttpServletResponse response, final Authentication authentication) throws IOException, ServletException {
|
|
||||||
final String refererUrl = request.getHeader("Referer");
|
|
||||||
System.out.println(refererUrl);
|
|
||||||
|
|
||||||
super.onLogoutSuccess(request, response, authentication);
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
@ -0,0 +1,48 @@
|
|||||||
|
package org.baeldung.spring.security;
|
||||||
|
|
||||||
|
import java.io.IOException;
|
||||||
|
|
||||||
|
import javax.servlet.ServletException;
|
||||||
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
import javax.servlet.http.HttpServletResponse;
|
||||||
|
|
||||||
|
import org.springframework.security.core.Authentication;
|
||||||
|
import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
|
||||||
|
import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
|
||||||
|
import org.springframework.security.web.savedrequest.RequestCache;
|
||||||
|
import org.springframework.security.web.savedrequest.SavedRequest;
|
||||||
|
import org.springframework.util.StringUtils;
|
||||||
|
|
||||||
|
public class MySavedRequestAwareAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
|
||||||
|
|
||||||
|
private RequestCache requestCache = new HttpSessionRequestCache();
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void onAuthenticationSuccess(final HttpServletRequest request, final HttpServletResponse response, final Authentication authentication) throws ServletException, IOException {
|
||||||
|
final SavedRequest savedRequest = requestCache.getRequest(request, response);
|
||||||
|
|
||||||
|
if (savedRequest == null) {
|
||||||
|
super.onAuthenticationSuccess(request, response, authentication);
|
||||||
|
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
final String targetUrlParameter = getTargetUrlParameter();
|
||||||
|
if (isAlwaysUseDefaultTargetUrl() || (targetUrlParameter != null && StringUtils.hasText(request.getParameter(targetUrlParameter)))) {
|
||||||
|
requestCache.removeRequest(request, response);
|
||||||
|
super.onAuthenticationSuccess(request, response, authentication);
|
||||||
|
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
clearAuthenticationAttributes(request);
|
||||||
|
|
||||||
|
// Use the DefaultSavedRequest URL
|
||||||
|
// final String targetUrl = savedRequest.getRedirectUrl();
|
||||||
|
// logger.debug("Redirecting to DefaultSavedRequest Url: " + targetUrl);
|
||||||
|
// getRedirectStrategy().sendRedirect(request, response, targetUrl);
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setRequestCache(final RequestCache requestCache) {
|
||||||
|
this.requestCache = requestCache;
|
||||||
|
}
|
||||||
|
}
|
||||||
@ -0,0 +1,19 @@
|
|||||||
|
package org.baeldung.spring.security;
|
||||||
|
|
||||||
|
import java.io.IOException;
|
||||||
|
|
||||||
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
import javax.servlet.http.HttpServletResponse;
|
||||||
|
|
||||||
|
import org.springframework.security.core.AuthenticationException;
|
||||||
|
import org.springframework.security.web.AuthenticationEntryPoint;
|
||||||
|
import org.springframework.stereotype.Component;
|
||||||
|
|
||||||
|
@Component
|
||||||
|
public final class RestAuthenticationEntryPoint implements AuthenticationEntryPoint {
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void commence(final HttpServletRequest request, final HttpServletResponse response, final AuthenticationException authException) throws IOException {
|
||||||
|
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized");
|
||||||
|
}
|
||||||
|
}
|
||||||
@ -1,41 +1,33 @@
|
|||||||
<?xml version="1.0" encoding="UTF-8"?>
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
<beans:beans xmlns="http://www.springframework.org/schema/security"
|
<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans"
|
||||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans"
|
xmlns:sec="http://www.springframework.org/schema/security"
|
||||||
xsi:schemaLocation="
|
xsi:schemaLocation="
|
||||||
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
|
http://www.springframework.org/schema/security
|
||||||
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd">
|
http://www.springframework.org/schema/security/spring-security-3.1.xsd
|
||||||
|
http://www.springframework.org/schema/beans
|
||||||
|
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd">
|
||||||
|
|
||||||
<debug/>
|
<http entry-point-ref="restAuthenticationEntryPoint">
|
||||||
|
<intercept-url pattern="/api/admin/**" access="ROLE_ADMIN" />
|
||||||
<http use-expressions="true" >
|
|
||||||
<intercept-url pattern="/anonymous*" access="isAnonymous()" />
|
|
||||||
|
|
||||||
<intercept-url pattern="/login*" access="permitAll" />
|
|
||||||
|
|
||||||
<intercept-url pattern="/**" access="isAuthenticated()" />
|
|
||||||
|
|
||||||
<form-login
|
<custom-filter ref="myFilter" position="FORM_LOGIN_FILTER" />
|
||||||
login-page='/login.html'
|
|
||||||
login-processing-url="/perform_login"
|
|
||||||
default-target-url="/homepage.html"
|
|
||||||
authentication-failure-url="/login.html?error=true"
|
|
||||||
always-use-default-target="true"/>
|
|
||||||
|
|
||||||
<logout
|
|
||||||
logout-url="/perform_logout"
|
|
||||||
delete-cookies="JSESSIONID"
|
|
||||||
success-handler-ref="customLogoutSuccessHandler" />
|
|
||||||
|
|
||||||
</http>
|
|
||||||
|
|
||||||
<beans:bean name="customLogoutSuccessHandler" class="org.baeldung.spring.security.CustomLogoutSuccessHandler" />
|
|
||||||
|
|
||||||
<authentication-manager>
|
<logout />
|
||||||
<authentication-provider>
|
</http>
|
||||||
<user-service>
|
|
||||||
<user name="user1" password="user1Pass" authorities="ROLE_USER" />
|
<beans:bean id="myFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
|
||||||
</user-service>
|
<beans:property name="authenticationManager" ref="authenticationManager" />
|
||||||
</authentication-provider>
|
<beans:property name="authenticationSuccessHandler" ref="mySuccessHandler" />
|
||||||
</authentication-manager>
|
</beans:bean>
|
||||||
|
<beans:bean id="mySuccessHandler" class="org.baeldung.spring.security.MySavedRequestAwareAuthenticationSuccessHandler" />
|
||||||
|
|
||||||
|
<authentication-manager alias="authenticationManager">
|
||||||
|
<authentication-provider>
|
||||||
|
<user-service>
|
||||||
|
<user name="temporary" password="temporary" authorities="ROLE_ADMIN" />
|
||||||
|
<user name="user" password="user" authorities="ROLE_USER" />
|
||||||
|
</user-service>
|
||||||
|
</authentication-provider>
|
||||||
|
</authentication-manager>
|
||||||
|
|
||||||
</beans:beans>
|
</beans:beans>
|
||||||
@ -15,7 +15,7 @@
|
|||||||
</context-param>
|
</context-param>
|
||||||
<context-param>
|
<context-param>
|
||||||
<param-name>contextConfigLocation</param-name>
|
<param-name>contextConfigLocation</param-name>
|
||||||
<param-value>org.baeldung.spring.web.config</param-value>
|
<param-value>org.baeldung.spring.config</param-value>
|
||||||
</context-param>
|
</context-param>
|
||||||
|
|
||||||
<listener>
|
<listener>
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user