@Override
  public void initializeFromConfig(SecurityNamedServiceConfig config) throws IOException {
    super.initializeFromConfig(config);

    pathInfos = GeoServerSecurityFilterChain.FORM_LOGIN_CHAIN.split(",");

    UsernamePasswordAuthenticationFilterConfig upConfig =
        (UsernamePasswordAuthenticationFilterConfig) config;

    aep = new LoginUrlAuthenticationEntryPoint(URL_LOGIN_FORM);
    aep.setForceHttps(false);
    try {
      aep.afterPropertiesSet();
    } catch (Exception e2) {
      throw new IOException(e2);
    }

    RememberMeServices rms = securityManager.getRememberMeService();

    // add login filter
    UsernamePasswordAuthenticationFilter filter =
        new UsernamePasswordAuthenticationFilter() {
          @Override
          protected boolean requiresAuthentication(
              HttpServletRequest request, HttpServletResponse response) {

            for (String pathInfo : pathInfos) {
              if (getRequestPath(request).startsWith(pathInfo)) return true;
            }
            return false;
          }
        };

    filter.setPasswordParameter(upConfig.getPasswordParameterName());
    filter.setUsernameParameter(upConfig.getUsernameParameterName());
    filter.setAuthenticationManager(getSecurityManager());

    filter.setRememberMeServices(rms);
    GeoServerWebAuthenticationDetailsSource s = new GeoServerWebAuthenticationDetailsSource();
    filter.setAuthenticationDetailsSource(s);

    filter.setAllowSessionCreation(false);
    // filter.setFilterProcessesUrl(URL_FOR_LOGIN);

    SimpleUrlAuthenticationSuccessHandler successHandler =
        new SimpleUrlAuthenticationSuccessHandler();
    successHandler.setDefaultTargetUrl(URL_LOGIN_SUCCCESS);
    filter.setAuthenticationSuccessHandler(successHandler);

    SimpleUrlAuthenticationFailureHandler failureHandler =
        new SimpleUrlAuthenticationFailureHandler();
    // TODO, check this when using encrypting of URL parameters
    failureHandler.setDefaultFailureUrl(URL_LOGIN_FAILURE);
    filter.setAuthenticationFailureHandler(failureHandler);

    // filter.afterPropertiesSet();
    getNestedFilters().add(filter);
  }
Esempio n. 2
0
 @Override
 public void commence(
     HttpServletRequest request,
     HttpServletResponse response,
     AuthenticationException authException)
     throws IOException, ServletException {
   super.commence(request, response, authException);
 }
 @Override
 public void commence(
     HttpServletRequest request,
     HttpServletResponse response,
     AuthenticationException authException)
     throws IOException, ServletException {
   if ("XMLHttpRequest".equals(request.getHeader("X-Requested-With"))) {
     // response.sendError(403, "Forbidden");
     response.getWriter().write("Sorry !! User js not Authorized");
   } else {
     super.commence(request, response, authException);
   }
 }
 @Override
 public void afterPropertiesSet() throws Exception {
   super.afterPropertiesSet();
 }