source: branches/TaskRewrite/src/plugins/acegi-0.5.1/src/groovy/org/codehaus/groovy/grails/plugins/springsecurity/GrailsAuthenticationProcessingFilter.groovy @ 58

/* Copyright 2006-2009 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.codehaus.groovy.grails.plugins.springsecurity

import javax.servlet.FilterChain
import javax.servlet.ServletException
import javax.servlet.http.HttpServletRequest
import javax.servlet.http.HttpServletResponse

import org.springframework.security.Authentication
import org.springframework.security.AuthenticationException
import org.springframework.security.ui.webapp.AuthenticationProcessingFilter

/**
 * Extends the default {@link AuthenticationProcessingFilter} to override the <code>sendRedirect()</code>
 * logic and always send absolute redirects.
 *
 * @author Tsuyoshi Yamamoto
 */
class GrailsAuthenticationProcessingFilter extends AuthenticationProcessingFilter {

        /**
         * Dependency injection for the authentication service.
         */
        def authenticateService

        /**
         * Dependency injection for the Ajax auth fail url.
         */
        String ajaxAuthenticationFailureUrl

        /**
         * {@inheritDoc}
         * @see org.springframework.security.ui.AbstractProcessingFilter#doFilterHttp(
         *      javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse,
         *      javax.servlet.FilterChain)
         */
        @Override
        void doFilterHttp(HttpServletRequest request, HttpServletResponse response,
                        FilterChain chain) throws IOException, ServletException {

                SecurityRequestHolder.set request, response
                try {
                        super.doFilterHttp(request, response, chain)
                }
                finally {
                        SecurityRequestHolder.reset()
                }
        }

        /**
         * {@inheritDoc}
         * @see org.springframework.security.ui.AbstractProcessingFilter#sendRedirect(
         *      javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse,
         *      java.lang.String)
         */
        @Override
        protected void sendRedirect(
                        HttpServletRequest request,
                        HttpServletResponse response,
                        String url) throws IOException {
                RedirectUtils.sendRedirect(request, response, url);
        }

        /**
         * {@inheritDoc}
         * @see org.springframework.security.ui.AbstractProcessingFilter#determineFailureUrl(
         *      javax.servlet.http.HttpServletRequest, org.springframework.security.AuthenticationException)
         */
        @Override
        protected String determineFailureUrl(HttpServletRequest request, AuthenticationException failed) {
                String url = super.determineFailureUrl(request, failed)
                if (url == authenticationFailureUrl && authenticateService.isAjax(request)) {
                        url = ajaxAuthenticationFailureUrl ?: authenticationFailureUrl
                }
                return url
        }
}