cleanup work on mvc custom project

2013-07-15 17:56:43 +03:00 · 2013-07-15 17:56:43 +03:00 · 909f05af95
commit 909f05af95
parent 6858e46070
4 changed files with 72 additions and 41 deletions
--- a/spring-security-mvc-custom/README.md
+++ b/spring-security-mvc-custom/README.md
@ -4,9 +4,6 @@


 ### Relevant Articles: 
- [Spring Security Form Login](http://www.baeldung.com/spring-security-login)
- [Spring Security Logout](http://www.baeldung.com/spring-security-logout)
- [Spring Security Expressions – hasRole Example](http://www.baeldung.com/spring-security-expressions-basic)


 ### Build the Project
--- a/spring-security-mvc-custom/src/main/java/org/baeldung/security/CustomLogoutSuccessHandler.java
+++ b/spring-security-mvc-custom/src/main/java/org/baeldung/security/CustomLogoutSuccessHandler.java
@ -1,29 +0,0 @@
-package org.baeldung.security;
-
-import java.io.IOException;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.springframework.security.core.Authentication;
-import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
-import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler;
-
-public class CustomLogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler implements LogoutSuccessHandler {
-
-    public CustomLogoutSuccessHandler() {
-        super();
-    }
-
-    // API
-
-    @Override
-    public void onLogoutSuccess(final HttpServletRequest request, final HttpServletResponse response, final Authentication authentication) throws IOException, ServletException {
-        final String refererUrl = request.getHeader("Referer");
-        System.out.println(refererUrl);
-
-        super.onLogoutSuccess(request, response, authentication);
-    }
-
-}
--- a/spring-security-mvc-custom/src/main/java/org/baeldung/security/MySimpleUrlAuthenticationSuccessHandler.java
+++ b/spring-security-mvc-custom/src/main/java/org/baeldung/security/MySimpleUrlAuthenticationSuccessHandler.java
@ -0,0 +1,62 @@
+package org.baeldung.security;
+
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.springframework.security.core.Authentication;
+import org.springframework.security.web.WebAttributes;
+import org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler;
+import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
+
+/**
+ * <tt>AuthenticationSuccessHandler</tt> which can be configured with a default URL which users should be
+ * sent to upon successful authentication.
+ * <p>
+ * The logic used is that of the {@link AbstractAuthenticationTargetUrlRequestHandler parent class}.
+ *
+ * @author Luke Taylor
+ * @since 3.0
+ */
+public class MySimpleUrlAuthenticationSuccessHandler extends AbstractAuthenticationTargetUrlRequestHandler implements AuthenticationSuccessHandler {
+
+    public MySimpleUrlAuthenticationSuccessHandler() {
+        super();
+    }
+
+    /**
+     * Constructor which sets the <tt>defaultTargetUrl</tt> property of the base class.
+     * @param defaultTargetUrl the URL to which the user should be redirected on successful authentication.
+     */
+    public MySimpleUrlAuthenticationSuccessHandler(final String defaultTargetUrl) {
+        setDefaultTargetUrl(defaultTargetUrl);
+    }
+
+    /**
+     * Calls the parent class {@code handle()} method to forward or redirect to the target URL, and
+     * then calls {@code clearAuthenticationAttributes()} to remove any leftover session data.
+     */
+    @Override
+    public void onAuthenticationSuccess(final HttpServletRequest request, final HttpServletResponse response, final Authentication authentication) throws IOException, ServletException {
+        handle(request, response, authentication);
+        clearAuthenticationAttributes(request);
+    }
+
+    /**
+     * Removes temporary authentication-related data which may have been stored in the session
+     * during the authentication process.
+     */
+    protected final void clearAuthenticationAttributes(final HttpServletRequest request) {
+        final HttpSession session = request.getSession(false);
+
+        if (session == null) {
+            return;
+        }
+
+        session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
+    }
+
+}
--- a/spring-security-mvc-custom/src/main/resources/webSecurityConfig.xml
+++ b/spring-security-mvc-custom/src/main/resources/webSecurityConfig.xml
@ -15,18 +15,19 @@
 		<form-login 
 			login-page='/login.html' 
 			login-processing-url="/perform_login" 
-			default-target-url="/homepage.html"
-			authentication-failure-url="/login.html?error=true" 
-			always-use-default-target="true"/>
+			authentication-success-handler-ref="myAuthenticationSuccessHandler"
+			authentication-failure-url="/login.html?error=true"
+		/>
            
-            <logout 
-            	logout-url="/perform_logout"
-                delete-cookies="JSESSIONID"
-                success-handler-ref="customLogoutSuccessHandler" />
+        <logout 
+        	logout-url="/perform_logout"
+            delete-cookies="JSESSIONID" 
+        />
            
 	</http>
-    
-    <beans:bean name="customLogoutSuccessHandler" class="org.baeldung.security.CustomLogoutSuccessHandler" />
+
+	<beans:bean id="myAuthenticationSuccessHandler"
+		class="org.baeldung.security.MySimpleUrlAuthenticationSuccessHandler" />

 	<authentication-manager>
 		<authentication-provider>