List of usage examples for org.springframework.security.web.savedrequest SavedRequest getMethod
String getMethod();
From source file:org.socialsignin.springsocial.security.signup.AbstractSignUpController.java
@RequestMapping(value = "", method = RequestMethod.POST) public String signUpSubmit(ServletWebRequest request, @ModelAttribute("signUpForm") P signUpForm, BindingResult result) {/*from ww w .j av a 2 s. c o m*/ Connection<?> connection = getProviderSignInUtils().getConnectionFromSession(request); String userId = signUpUser(request, signUpForm, result); if (result.hasErrors() || userId == null) { return signUpView; } springSocialSecuritySignInService.signIn(userId, connection, request); if (useSocialAuthenticationFilter) { // Attempt to determine the original requested url if access was originally denied SavedRequest savedRequest = requestCache.getRequest(request.getRequest(), request.getResponse()); if (savedRequest != null) { String redirectUrl = savedRequest.getRedirectUrl(); if (redirectUrl != null && savedRequest.getMethod().equalsIgnoreCase("get")) { return "redirect:" + redirectUrl; } } return "redirect:/"; } else { return "redirect:" + authenticateUrl; } }
From source file:org.socialsignin.springsocial.security.signin.SpringSocialSecurityConnectInterceptor.java
/** * This callback 1) Ensures that 2 different local users * cannot share the same 3rd party connection 2) Updates the current * user's authentication if the set of roles they are assigned * needs to change now that this connection has been made. * 3) Looks for a request previously saved by an access denied * handler, and if present, sets the url of this original * pre-authorisation request as a session attribute * /*from w ww.j a v a 2 s. c om*/ */ @Override public void postConnect(Connection<S> connection, WebRequest webRequest) { super.postConnect(connection, webRequest); /** * User roles are generated according to connected * providers in spring-social-security * * Now that this connection has been made, * doe we need to update the user roles? * * If so, update the current user's authentication and update * remember-me services accordingly. */ Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); Collection<? extends GrantedAuthority> existingAuthorities = authentication.getAuthorities(); GrantedAuthority newAuthority = userAuthoritiesService.getProviderAuthority(connection.getKey()); if (!existingAuthorities.contains(newAuthority)) { Authentication newAuthentication = authenticationFactory .updateAuthenticationForNewConnection(authentication, connection); SecurityContextHolder.getContext().setAuthentication(newAuthentication); if (rememberMeServices != null && webRequest instanceof ServletWebRequest) { ServletWebRequest servletWebRequest = ((ServletWebRequest) webRequest); rememberMeServices.loginSuccess(servletWebRequest.getRequest(), servletWebRequest.getResponse(), newAuthentication); } } /** * This connection may have been instigated by an * access denied handler which may have saved the * original request made by the user before their access * was denied. * * Spring Social sends the user to a particular view * on completion of connection. We may wish to offer the * user a "continue" link on this view, allowing their * original request (if saved by the access denied handler) * to be re-attempted * */ if (webRequest instanceof ServletWebRequest) { ServletWebRequest servletWebRequest = (ServletWebRequest) webRequest; SavedRequest savedRequest = requestCache.getRequest(servletWebRequest.getRequest(), servletWebRequest.getResponse()); if (savedRequest != null) { String redirectUrl = savedRequest.getRedirectUrl(); if (redirectUrl != null && savedRequest.getMethod().equalsIgnoreCase("get")) { servletWebRequest.setAttribute(SAVED_REQUEST_URL_ATTRIBUTE_NAME, savedRequest.getRedirectUrl(), RequestAttributes.SCOPE_SESSION); } } } }