Java tutorial
/* * Weblounge: Web Content Management System * Copyright (c) 2011 The Weblounge Team * http://weblounge.o2it.ch * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public License * along with this program; if not, write to the Free Software Foundation * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ package ch.entwine.weblounge.kernel.security; import ch.entwine.weblounge.common.impl.security.RoleImpl; import ch.entwine.weblounge.common.impl.security.SecurityUtils; import ch.entwine.weblounge.common.impl.security.SystemRole; import ch.entwine.weblounge.common.security.SecurityService; import ch.entwine.weblounge.common.security.User; import org.apache.commons.lang.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.security.core.Authentication; import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler; import org.springframework.security.web.savedrequest.SavedRequest; import java.io.IOException; import java.util.Date; import java.util.HashMap; import java.util.Map; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; /** * This handler processes the login request once spring security is satisfied * with the credentials that have been provided. */ public class RoleBasedLoginSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler { /** The logging facility */ private static Logger logger = LoggerFactory.getLogger(RoleBasedLoginSuccessHandler.class); /** Saved request key. Unfortunately, the spring constant is not accessible */ private static final String SAVED_REQUEST = "SPRING_SECURITY_SAVED_REQUEST"; /** The security service */ protected SecurityService securityService = null; /** The maps of roles to welcome pages */ protected Map<String, String> welcomePages = new HashMap<String, String>(); /** The default welcome page */ protected String defaultWelcomePage = "/"; /** * {@inheritDoc} * * @see org.springframework.security.web.authentication.AuthenticationSuccessHandler#onAuthenticationSuccess(javax.servlet.http.HttpServletRequest, * javax.servlet.http.HttpServletResponse, * org.springframework.security.core.Authentication) */ public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException { Object principal = authentication.getPrincipal(); if (!(principal instanceof SpringSecurityUser)) { super.onAuthenticationSuccess(request, response, authentication); return; } // Try to process login based on the user's role User user = ((SpringSecurityUser) principal).getUser(); boolean isEditor = SecurityUtils.userHasRole(user, SystemRole.EDITOR); logger.info("User '{}' logged in", user); // Try to redirect the user to the initial url HttpSession session = request.getSession(false); if (session != null) { SavedRequest savedRequest = (SavedRequest) session.getAttribute(SAVED_REQUEST); if (savedRequest != null) { response.sendRedirect(addTimeStamp(savedRequest.getRedirectUrl())); return; } } // If the user was intending to edit a page, let him do just that if (isEditor && StringUtils.isNotBlank(request.getParameter("edit"))) { super.onAuthenticationSuccess(request, response, authentication); return; } // Try to send users to an appropriate welcome page based on their roles for (Map.Entry<String, String> entry : welcomePages.entrySet()) { String roleId = entry.getKey(); String welcomePage = entry.getValue(); if (SecurityUtils.userHasRole(user, new RoleImpl(roleId))) { response.sendRedirect(addTimeStamp(welcomePage)); return; } } // No idea what the user wants or who he/she is. Send them back response.sendRedirect(addTimeStamp(defaultWelcomePage)); } /** * Add a timestamp parameter to the url location * * @param location * the url * @return the page with a timestamp */ private String addTimeStamp(String location) { long timeStamp = new Date().getTime(); if (location.contains("?")) { return location.concat("&_=" + timeStamp); } else { return location.concat("?_=" + timeStamp); } } /** * Sets the welcome pages that have been configured in spring security. * * @param welcomePages * the welcomePages */ public void setWelcomePages(Map<String, String> welcomePages) { this.welcomePages = welcomePages; } /** * Callback from spring security which will set the security service. * * @param securityService * the security service */ public void setSecurityService(SecurityService securityService) { this.securityService = securityService; } }