blue.hive.security.web

Class BHiveLoginUrlAuthenticationEntryPoint

java.lang.Object

blue.hive.security.web.BHiveLoginUrlAuthenticationEntryPoint

All Implemented Interfaces:

org.springframework.beans.factory.InitializingBean, org.springframework.security.web.AuthenticationEntryPoint

public class BHiveLoginUrlAuthenticationEntryPoint
extends Object
implements org.springframework.security.web.AuthenticationEntryPoint, org.springframework.beans.factory.InitializingBean

LoginUrlAuthenticationEntryPoint의 동작 수정 RedirectStrategy를 EslAjaxRedirectStrategy 사용. Ajax일때는 ResponseBody로 Redirect Callback Command를 전송

Since:

3.0

Author:

DongMan Kwon dmkwon@intellicode.co.kr Used by the ExceptionTranslationFilter to commence a form login authentication via the UsernamePasswordAuthenticationFilter.

Holds the location of the login form in the loginFormUrl property, and uses that to build a redirect URL to the login page. Alternatively, an absolute URL can be set in this property and that will be used exclusively.

When using a relative URL, you can set the forceHttps property to true, to force the protocol used for the login form to be HTTPS, even if the original intercepted request for a resource used the HTTP protocol. When this happens, after a successful login (via HTTPS), the original resource will still be accessed as HTTP, via the original request URL. For the forced HTTPS feature to work, the PortMapper is consulted to determine the HTTP:HTTPS pairs. The value of forceHttps will have no effect if an absolute URL is used., Ben Alex, colin sampaleanu, Omri Spector, Luke Taylor

Constructor Summary

Constructors

Constructor and Description
BHiveLoginUrlAuthenticationEntryPoint(String loginFormUrl)

Method Summary

Modifier and Type	Method and Description
void	afterPropertiesSet()
protected String	buildHttpsRedirectUrlForRequest(javax.servlet.http.HttpServletRequest request) Builds a URL to redirect the supplied request to HTTPS.
protected String	buildRedirectUrlToLoginPage(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.security.core.AuthenticationException authException)
void	commence(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.security.core.AuthenticationException authException) Performs the redirect (or forward) to the login form URL.
protected String	determineUrlToUseForThisRequest(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.security.core.AuthenticationException exception) Allows subclasses to modify the login form URL that should be applicable for a given request.
String	getLoginFormUrl()
protected org.springframework.security.web.PortMapper	getPortMapper()
protected org.springframework.security.web.PortResolver	getPortResolver()
protected boolean	isForceHttps()
protected boolean	isUseForward()
void	setForceHttps(boolean forceHttps) Set to true to force login form access to be via https.
void	setPortMapper(org.springframework.security.web.PortMapper portMapper)
void	setPortResolver(org.springframework.security.web.PortResolver portResolver)
void	setUseForward(boolean useForward) Tells if we are to do a forward to the loginFormUrl using the RequestDispatcher, instead of a 302 redirect.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

BHiveLoginUrlAuthenticationEntryPoint

public BHiveLoginUrlAuthenticationEntryPoint(String loginFormUrl)

Parameters:

loginFormUrl - URL where the login page can be found. Should either be relative to the web-app context path (include a leading /) or an absolute URL.

Method Detail

afterPropertiesSet

public void afterPropertiesSet()
                        throws Exception

Specified by:

afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean

Throws:

Exception

determineUrlToUseForThisRequest

protected String determineUrlToUseForThisRequest(javax.servlet.http.HttpServletRequest request,
                                                 javax.servlet.http.HttpServletResponse response,
                                                 org.springframework.security.core.AuthenticationException exception)

Allows subclasses to modify the login form URL that should be applicable for a given request.

Parameters:

request - the request

response - the response

exception - the exception

Returns:

the URL (cannot be null or empty; defaults to getLoginFormUrl())

commence

public void commence(javax.servlet.http.HttpServletRequest request,
                     javax.servlet.http.HttpServletResponse response,
                     org.springframework.security.core.AuthenticationException authException)
              throws IOException,
                     javax.servlet.ServletException

Performs the redirect (or forward) to the login form URL.

Specified by:

commence in interface org.springframework.security.web.AuthenticationEntryPoint

Throws:

IOException

javax.servlet.ServletException

buildRedirectUrlToLoginPage

protected String buildRedirectUrlToLoginPage(javax.servlet.http.HttpServletRequest request,
                                             javax.servlet.http.HttpServletResponse response,
                                             org.springframework.security.core.AuthenticationException authException)

buildHttpsRedirectUrlForRequest

protected String buildHttpsRedirectUrlForRequest(javax.servlet.http.HttpServletRequest request)
                                          throws IOException,
                                                 javax.servlet.ServletException

Builds a URL to redirect the supplied request to HTTPS. Used to redirect the current request to HTTPS, before doing a forward to the login page.

Parameters:

request - Http Servlet Request

Returns:

url String value

Throws:

IOException - throw io exception

javax.servlet.ServletException - throw servlet exception

setForceHttps

public void setForceHttps(boolean forceHttps)

Set to true to force login form access to be via https. If this value is true (the default is false), and the incoming request for the protected resource which triggered the interceptor was not already https, then the client will first be redirected to an https URL, even if serverSideRedirect is set to true.

Parameters:

forceHttps - boolean https setting true|false

isForceHttps

protected boolean isForceHttps()

getLoginFormUrl

public String getLoginFormUrl()

setPortMapper

public void setPortMapper(org.springframework.security.web.PortMapper portMapper)

getPortMapper

protected org.springframework.security.web.PortMapper getPortMapper()

setPortResolver

public void setPortResolver(org.springframework.security.web.PortResolver portResolver)

getPortResolver

protected org.springframework.security.web.PortResolver getPortResolver()

setUseForward

public void setUseForward(boolean useForward)

Tells if we are to do a forward to the loginFormUrl using the RequestDispatcher, instead of a 302 redirect.

Parameters:

useForward - true if a forward to the login page should be used. Must be false (the default) if loginFormUrl is set to an absolute value.

isUseForward

protected boolean isUseForward()