From 0a572c73a24545e654a0a14f3d6fa753a422478d Mon Sep 17 00:00:00 2001 From: Pekka Helenius Date: Sun, 4 Oct 2020 14:09:57 +0300 Subject: [PATCH] Implement Bookstore Authentication Handler classes Signed-off-by: Pekka Helenius --- ...BookStoreAuthenticationFailureHandler.java | 55 +++++++++++++++++++ ...BookStoreAuthenticationSuccessHandler.java | 45 +++++++++++++++ 2 files changed, 100 insertions(+) create mode 100644 bookstore/src/main/java/com/fjordtek/bookstore/service/session/BookStoreAuthenticationFailureHandler.java create mode 100644 bookstore/src/main/java/com/fjordtek/bookstore/service/session/BookStoreAuthenticationSuccessHandler.java diff --git a/bookstore/src/main/java/com/fjordtek/bookstore/service/session/BookStoreAuthenticationFailureHandler.java b/bookstore/src/main/java/com/fjordtek/bookstore/service/session/BookStoreAuthenticationFailureHandler.java new file mode 100644 index 0000000..28f6020 --- /dev/null +++ b/bookstore/src/main/java/com/fjordtek/bookstore/service/session/BookStoreAuthenticationFailureHandler.java @@ -0,0 +1,55 @@ +//Pekka Helenius , Fjordtek 2020 + +package com.fjordtek.bookstore.service.session; + +import java.io.IOException; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.security.core.AuthenticationException; +import org.springframework.security.web.authentication.AuthenticationFailureHandler; + +import com.fjordtek.bookstore.service.HttpServerLogger; + +/** +* +* This class implements Spring Framework security AuthenticationFailureHandler +* interface with specific method overrides. +*

+* Main purpose is to properly handle invalid authentication requests. +*

+* Additional request attributes are being delivered to /autherror POST end point. +* +* @see com.fjordtek.bookstore.web.BookController +* +* @author Pekka Helenius +*/ + +public class BookStoreAuthenticationFailureHandler implements AuthenticationFailureHandler { + + private HttpServerLogger httpServerLogger = new HttpServerLogger(); + + @Override + public void onAuthenticationFailure( + HttpServletRequest requestData, + HttpServletResponse responseData, + AuthenticationException exception + ) throws IOException, ServletException { + + responseData.setStatus(HttpServletResponse.SC_UNAUTHORIZED); + httpServerLogger.log(requestData, responseData); + + requestData + .setAttribute("username", requestData.getParameter("b_username")); + + requestData + .setAttribute("authfailure", "Authentication failure!"); + + requestData.getRequestDispatcher("/autherror") + .forward(requestData, responseData); + + } + +} diff --git a/bookstore/src/main/java/com/fjordtek/bookstore/service/session/BookStoreAuthenticationSuccessHandler.java b/bookstore/src/main/java/com/fjordtek/bookstore/service/session/BookStoreAuthenticationSuccessHandler.java new file mode 100644 index 0000000..aab06b4 --- /dev/null +++ b/bookstore/src/main/java/com/fjordtek/bookstore/service/session/BookStoreAuthenticationSuccessHandler.java @@ -0,0 +1,45 @@ +//Pekka Helenius , Fjordtek 2020 + +package com.fjordtek.bookstore.service.session; + +import java.io.IOException; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.security.core.Authentication; +import org.springframework.security.web.DefaultRedirectStrategy; +import org.springframework.security.web.RedirectStrategy; +import org.springframework.security.web.authentication.AuthenticationSuccessHandler; + +/** +* +* This class implements Spring Framework security AuthenticationSuccessHandler +* interface with specific method overrides. +*

+* Main purpose is to properly handle valid authentication requests. +* +* @author Pekka Helenius +*/ + +public class BookStoreAuthenticationSuccessHandler implements AuthenticationSuccessHandler { + + private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy(); + + @Override + public void onAuthenticationSuccess( + HttpServletRequest requestData, + HttpServletResponse responseData, + Authentication authentication + ) throws IOException, ServletException { + + // Nothing special here + // TODO add proper server logging for auditing purposes + + redirectStrategy.sendRedirect(requestData, responseData, "/"); + //responseData.sendRedirect("/"); + + } + +} \ No newline at end of file