Commit a9051a40 authored by Gradl, Tobias's avatar Gradl, Tobias
Browse files

708: Implement request caching for security

Task-Url: https://minfba.de.dariah.eu/mantisbt/view.php?id=708
parent fd3d9acb
......@@ -15,15 +15,19 @@ public class RedirectingAuthenticationHandler extends SavedRequestAwareAuthentic
protected static final Logger logger = LoggerFactory.getLogger(RedirectingAuthenticationHandler.class);
private RedirectCache redirectCache;
private String logoutUrl;
public RedirectCache getRedirectCache() { return redirectCache; }
public void setRedirectCache(RedirectCache redirectCache) { this.redirectCache = redirectCache; }
public String getLogoutUrl() { return logoutUrl; }
public void setLogoutUrl(String logoutUrl) { this.logoutUrl = logoutUrl; }
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws ServletException, IOException {
String redirect = redirectCache.getRedirect(request);
if (redirect!=null) {
if (redirect!=null && !redirect.equals(logoutUrl)) {
logger.debug("Redirecting to provided loginRedirectUrl: " + redirect);
getRedirectStrategy().sendRedirect(request, response, redirect);
return;
......
......@@ -49,10 +49,7 @@ public class HomeController {
return "redirect:/saml/logout" + (!url.equals("/") ? "?loginRedirectUrl=" + url : "");
} else if (!saml && authInfoHelper.getCurrentUserDetails(request).isAuth()) {
return "redirect:/localsec/logout" + (!url.equals("/") ? "?loginRedirectUrl=" + url : "");
} else if (saml) {
return "common/logout";
}
// TODO What if !saml but isAuth? -> handled in filter?
return "common/logout";
}
......
......@@ -53,6 +53,7 @@
<bean id="successRedirectHandler" class="eu.dariah.de.dariahsp.web.RedirectingAuthenticationHandler">
<property name="defaultTargetUrl" value="/"/>
<property name="redirectCache" ref="redirectCache" />
<property name="logoutUrl" value="/logout" />
</bean>
<bean id="authInfoHelper" class="eu.dariah.de.dariahsp.web.AuthInfoHelper">
......
......@@ -51,6 +51,9 @@
<bean id="loginFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter" >
<property name="authenticationManager" ref="authenticationManager" />
<property name="filterProcessesUrl" value="/localsec/login" />
<property name="authenticationSuccessHandler" ref="successRedirectHandler" />
</bean>
<bean id="logoutHandler" class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler">
......
......@@ -29,8 +29,7 @@
<!-- Handler deciding where to redirect user after failed login -->
<bean id="failureRedirectHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<bean id="failureRedirectHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<property name="useForward" value="true"/>
<property name="defaultFailureUrl" value="/error.jsp"/>
</bean>
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment