// Handler deciding where to redirect user after failed login
 @Bean
 public SimpleUrlAuthenticationFailureHandler authenticationFailureHandler() {
   SimpleUrlAuthenticationFailureHandler failureHandler =
       new SimpleUrlAuthenticationFailureHandler();
   failureHandler.setUseForward(true);
   failureHandler.setDefaultFailureUrl("/error");
   return failureHandler;
 }
  @Override
  public void initializeFromConfig(SecurityNamedServiceConfig config) throws IOException {
    super.initializeFromConfig(config);

    pathInfos = GeoServerSecurityFilterChain.FORM_LOGIN_CHAIN.split(",");

    UsernamePasswordAuthenticationFilterConfig upConfig =
        (UsernamePasswordAuthenticationFilterConfig) config;

    aep = new LoginUrlAuthenticationEntryPoint(URL_LOGIN_FORM);
    aep.setForceHttps(false);
    try {
      aep.afterPropertiesSet();
    } catch (Exception e2) {
      throw new IOException(e2);
    }

    RememberMeServices rms = securityManager.getRememberMeService();

    // add login filter
    UsernamePasswordAuthenticationFilter filter =
        new UsernamePasswordAuthenticationFilter() {
          @Override
          protected boolean requiresAuthentication(
              HttpServletRequest request, HttpServletResponse response) {

            for (String pathInfo : pathInfos) {
              if (getRequestPath(request).startsWith(pathInfo)) return true;
            }
            return false;
          }
        };

    filter.setPasswordParameter(upConfig.getPasswordParameterName());
    filter.setUsernameParameter(upConfig.getUsernameParameterName());
    filter.setAuthenticationManager(getSecurityManager());

    filter.setRememberMeServices(rms);
    GeoServerWebAuthenticationDetailsSource s = new GeoServerWebAuthenticationDetailsSource();
    filter.setAuthenticationDetailsSource(s);

    filter.setAllowSessionCreation(false);
    // filter.setFilterProcessesUrl(URL_FOR_LOGIN);

    SimpleUrlAuthenticationSuccessHandler successHandler =
        new SimpleUrlAuthenticationSuccessHandler();
    successHandler.setDefaultTargetUrl(URL_LOGIN_SUCCCESS);
    filter.setAuthenticationSuccessHandler(successHandler);

    SimpleUrlAuthenticationFailureHandler failureHandler =
        new SimpleUrlAuthenticationFailureHandler();
    // TODO, check this when using encrypting of URL parameters
    failureHandler.setDefaultFailureUrl(URL_LOGIN_FAILURE);
    filter.setAuthenticationFailureHandler(failureHandler);

    // filter.afterPropertiesSet();
    getNestedFilters().add(filter);
  }
  @SuppressWarnings("deprecation")
  @Override
  public void onAuthenticationFailure(
      HttpServletRequest request, HttpServletResponse response, AuthenticationException exception)
      throws IOException, ServletException {

    if (exception.getClass().isAssignableFrom(UnverifiedUserException.class)) {
      System.out.println(exception.getExtraInformation());
      getRedirectStrategy()
          .sendRedirect(
              request,
              response,
              "/login/unverified?email="
                  + exception.getAuthentication().getName()
                  + "&status="
                  + ((FingraphUser) exception.getExtraInformation()).getStatus());
    } else if (exception.getClass().isAssignableFrom(PasswordMissmatchUserException.class)) {
      System.out.println(exception.getExtraInformation());
      getRedirectStrategy().sendRedirect(request, response, "/login/form?error=100");
    } else if (exception.getClass().isAssignableFrom(UnapprovalUserException.class)) {
      System.out.println(exception.getExtraInformation());
      getRedirectStrategy().sendRedirect(request, response, "/login/form?error=200");
    } else {
      super.onAuthenticationFailure(request, response, exception);
    }
  }
예제 #4
0
  @Override
  public void onAuthenticationFailure(
      HttpServletRequest request, HttpServletResponse response, AuthenticationException exception)
      throws IOException, ServletException {
    super.onAuthenticationFailure(request, response, exception);

    response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
  }
 @Override
 public void onAuthenticationFailure(
     HttpServletRequest request, HttpServletResponse response, AuthenticationException exception)
     throws IOException, ServletException {
   if (openIdAuthenticationSuccesfullButUserIsNotRegistered(exception)) {
     redirectToOpenIdRegistrationUrl(request, response, exception);
   } else {
     super.onAuthenticationFailure(request, response, exception);
   }
 }
  @Override
  public void onAuthenticationFailure(
      HttpServletRequest request, HttpServletResponse response, AuthenticationException exception)
      throws IOException, ServletException {

    Authentication auth = exception.getAuthentication();
    if (auth != null) {
      logger.info("username: " + auth.getName());
    }
    super.onAuthenticationFailure(request, response, exception);
  }
 @Override
 public void onAuthenticationFailure(
     final HttpServletRequest request,
     final HttpServletResponse response,
     final AuthenticationException exception)
     throws IOException, ServletException {
   bruteForceAttackCounter.registerLoginFailure(request.getParameter("j_username"));
   request
       .getSession()
       .setAttribute("SPRING_SECURITY_LAST_USERNAME", request.getParameter("j_username"));
   super.onAuthenticationFailure(request, response, exception);
 }
  @Override
  public void onAuthenticationFailure(
      HttpServletRequest request, HttpServletResponse response, AuthenticationException exception)
      throws IOException, ServletException {

    super.onAuthenticationFailure(request, response, exception);

    String usernameParameter = usernamePasswordAuthenticationFilter.getUsernameParameter();
    String lastUserName = request.getParameter(usernameParameter);

    HttpSession session = request.getSession(false);
    if (session != null || isAllowSessionCreation()) {
      request.getSession().setAttribute("error", "Пользователь/пароль не найден!");
      request.getSession().setAttribute(LAST_USERNAME_KEY, lastUserName);
    }
  }
  @Override
  public void onAuthenticationFailure(
      HttpServletRequest request, HttpServletResponse response, AuthenticationException exception)
      throws IOException, ServletException {
    if (RequestUtils.isAajaxRequest(request)) {

      response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);

      PrintWriter writer = response.getWriter();
      writer.write(exception.getMessage());
      writer.flush();

    } else {
      super.onAuthenticationFailure(request, response, exception);
    }
  }