@RequestMapping("/login/oauth2/github") public void oauth( ImportedSignaturesSessionAttr importedSignaturesAttr, HttpServletRequest request, HttpServletResponse response, @RequestParam String code, @RequestParam String state) throws Exception { String actualState = (String) request.getSession().getAttribute("state"); if (actualState == null || !actualState.equals(state)) { throw new InvalidSecretState(); } boolean admin = GitHubAuthenticationEntryPoint.isAdmin(state); OAuthAccessTokenParams params = new OAuthAccessTokenParams(); params.setCallbackUrl(UrlBuilder.fromRequest(request).callbackUrl()); params.setCode(code); params.setState(actualState); CurrentUserRequest userRequest = new CurrentUserRequest(); userRequest.setOauthParams(params); userRequest.setRequestAdminAccess(admin); User user = gitHub.getCurrentUser(userRequest); User existingUser = users.findOne(user.getGitHubLogin()); boolean isNewUser = existingUser == null; users.save(user); Authentication authentication = Login.loginAs(user); if (isNewUser) { List<IndividualSignature> individualSignatures = individual.findSignaturesFor(new PageRequest(0, 1), user); boolean signed = !individualSignatures.isEmpty(); if (!signed) { List<String> organizations = gitHub.getOrganizations(user.getGitHubLogin()); signed = !corporate .findSignatures(new PageRequest(0, 1), organizations, user.getEmails()) .isEmpty(); } if (signed) { importedSignaturesAttr.setValue(true); } } success.onAuthenticationSuccess(request, response, authentication); }
@Override public void onAuthenticationSuccess( final HttpServletRequest request, final HttpServletResponse response, final Authentication authentication) throws IOException, ServletException { if ("true".equals(request.getHeader("X-Login-Ajax-call"))) { final Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities(); final StringBuilder roles = new StringBuilder(); for (final GrantedAuthority grantedAuthority : authorities) { roles.append(grantedAuthority.getAuthority()); } // response.getWriter().print("ok"); response.getWriter().print(roles.toString()); response.getWriter().flush(); } else { defaultHandler.onAuthenticationSuccess(request, response, authentication); } }
@Override public void onAuthenticationSuccess( HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException { HttpSession session = request.getSession(); // check to see if we've got a target String target = getStoredSessionString(session, TARGET_SESSION_VARIABLE); if (!Strings.isNullOrEmpty(target)) { session.removeAttribute(TARGET_SESSION_VARIABLE); target = deepLinkFilter.filter(target); response.sendRedirect(target); } else { // if the target was blank, use the default behavior here passthrough.onAuthenticationSuccess(request, response, authentication); } }