protected void handleAuthenticationExceptions(AuthenticationException e) {
if (e instanceof BadCredentialsException || e instanceof UsernameNotFoundException)
throw SecurityServiceException.newInvalidCredentialsException(e.getMessage());
throw SecurityServiceException.newAuthenticationFailedException(e.getMessage());
}
public void doFilter(
final ServletRequest request, final ServletResponse response, final FilterChain chain)
throws IOException, ServletException {
if (!(request instanceof HttpServletRequest)) {
throw new ServletException(
Messages.getInstance()
.getErrorString(
"RequestParameterAuthenticationFilter.ERROR_0005_HTTP_SERVLET_REQUEST_REQUIRED")); //$NON-NLS-1$
}
if (!(response instanceof HttpServletResponse)) {
throw new ServletException(
Messages.getInstance()
.getErrorString(
"RequestParameterAuthenticationFilter.ERROR_0006_HTTP_SERVLET_RESPONSE_REQUIRED")); //$NON-NLS-1$
}
HttpServletRequest httpRequest = (HttpServletRequest) request;
InputStream in = httpRequest.getInputStream();
byte[] bytes = IOUtils.toByteArray(in);
// Do something with Bytes.
final BufferedInputStream newStream = new BufferedInputStream(new ByteArrayInputStream(bytes));
final Map parameterMap = request.getParameterMap();
HttpServletRequestWrapper wrapper =
new HttpServletRequestWrapper(httpRequest) {
@Override
public Map getParameterMap() {
return parameterMap;
}
@Override
public ServletInputStream getInputStream() throws IOException {
return new ServletInputStream() {
@Override
public int read() throws IOException {
return newStream.read();
}
};
}
};
String username = httpRequest.getParameter(this.userNameParameter);
String password = httpRequest.getParameter(this.passwordParameter);
if (RequestParameterAuthenticationFilter.logger.isDebugEnabled()) {
RequestParameterAuthenticationFilter.logger.debug(
Messages.getInstance()
.getString(
"RequestParameterAuthenticationFilter.DEBUG_AUTH_USERID",
username)); //$NON-NLS-1$
}
if ((username != null) && (password != null)) {
// Only reauthenticate if username doesn't match SecurityContextHolder and user isn't
// authenticated (see SEC-53)
Authentication existingAuth = SecurityContextHolder.getContext().getAuthentication();
if ((existingAuth == null)
|| !existingAuth.getName().equals(username)
|| !existingAuth.isAuthenticated()) {
UsernamePasswordAuthenticationToken authRequest =
new UsernamePasswordAuthenticationToken(username, password);
authRequest.setDetails(new WebAuthenticationDetails(httpRequest));
Authentication authResult;
try {
authResult = authenticationManager.authenticate(authRequest);
} catch (AuthenticationException failed) {
// Authentication failed
if (RequestParameterAuthenticationFilter.logger.isDebugEnabled()) {
RequestParameterAuthenticationFilter.logger.debug(
Messages.getInstance()
.getString(
"RequestParameterAuthenticationFilter.DEBUG_AUTHENTICATION_REQUEST",
username,
failed.toString())); // $NON-NLS-1$
}
SecurityContextHolder.getContext().setAuthentication(null);
if (ignoreFailure) {
chain.doFilter(wrapper, response);
} else {
authenticationEntryPoint.commence(wrapper, response, failed);
}
return;
}
// Authentication success
if (RequestParameterAuthenticationFilter.logger.isDebugEnabled()) {
RequestParameterAuthenticationFilter.logger.debug(
Messages.getInstance()
.getString(
"RequestParameterAuthenticationFilter.DEBUG_AUTH_SUCCESS",
authResult.toString())); // $NON-NLS-1$
}
SecurityContextHolder.getContext().setAuthentication(authResult);
}
}
chain.doFilter(wrapper, response);
}