source: branches/TaskRewrite/src/plugins/acegi-0.5.1/src/java/org/codehaus/groovy/grails/plugins/springsecurity/GrailsAccessDeniedHandlerImpl.java @ 58

Last change on this file since 58 was 58, checked in by gav, 15 years ago

Configure BootStrap? with latest concepts.
Install and setup Acegi plugin with custom views.
Test Fixture plugin in a test app but couldn't get it to work with Acegi encodePassword() so gave up.
File size: 5.8 KB
Line 
1/* Copyright 2006-2009 the original author or authors.
2 *
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 *      http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15package org.codehaus.groovy.grails.plugins.springsecurity;
16
17import java.io.IOException;
18
19import javax.servlet.ServletRequest;
20import javax.servlet.ServletResponse;
21import javax.servlet.http.HttpServletRequest;
22import javax.servlet.http.HttpServletResponse;
23
24import org.springframework.beans.factory.InitializingBean;
25import org.springframework.security.AccessDeniedException;
26import org.springframework.security.Authentication;
27import org.springframework.security.AuthenticationTrustResolver;
28import org.springframework.security.AuthenticationTrustResolverImpl;
29import org.springframework.security.context.SecurityContextHolder;
30import org.springframework.security.ui.AbstractProcessingFilter;
31import org.springframework.security.ui.AccessDeniedHandler;
32import org.springframework.security.ui.savedrequest.SavedRequest;
33import org.springframework.security.userdetails.UserDetails;
34import org.springframework.security.util.PortResolver;
35import org.springframework.util.Assert;
36
37/**
38 * {@link AccessDeniedHandler} for redirect to errorPage (not RequestDispatcher#forward).
39 *
40 * @author T.Yamamoto
41 * @author <a href='mailto:beckwithb@studentsonly.com'>Burt Beckwith</a>
42 */
43public class GrailsAccessDeniedHandlerImpl implements AccessDeniedHandler, InitializingBean {
44
45        private String errorPage;
46        private String ajaxErrorPage;
47        private String ajaxHeader = WithAjaxAuthenticationProcessingFilterEntryPoint.AJAX_HEADER;
48        private PortResolver portResolver;
49        private final AuthenticationTrustResolver authenticationTrustResolver = new AuthenticationTrustResolverImpl();
50
51        /**
52         * {@inheritDoc}
53         * @see org.springframework.security.ui.AccessDeniedHandler#handle(
54         *      javax.servlet.ServletRequest, javax.servlet.ServletResponse,
55         *      org.springframework.security.AccessDeniedException)
56         */
57        public void handle(final ServletRequest req, final ServletResponse res, final AccessDeniedException e)
58                        throws IOException {
59
60                HttpServletRequest request = (HttpServletRequest)req;
61                HttpServletResponse response = (HttpServletResponse)res;
62
63                if (e != null && isLoggedIn() && authenticationTrustResolver.isRememberMe(getAuthentication())) {
64                        // user has a cookie but is getting bounced because of IS_AUTHENTICATED_FULLY,
65                        // so Acegi won't save the original request
66                        request.getSession().setAttribute(
67                                        AbstractProcessingFilter.SPRING_SECURITY_SAVED_REQUEST_KEY,
68                                        new SavedRequest(request, portResolver));
69                }
70
71                if (errorPage != null || (ajaxErrorPage != null && request.getHeader(ajaxHeader) != null)) {
72                        boolean includePort = true;
73                        String scheme = request.getScheme();
74                        String serverName = request.getServerName();
75                        int serverPort = portResolver.getServerPort(request);
76                        String contextPath = request.getContextPath();
77                        boolean inHttp = "http".equals(scheme.toLowerCase());
78                        boolean inHttps = "https".equals(scheme.toLowerCase());
79
80                        if (inHttp && (serverPort == 80)) {
81                                includePort = false;
82                        }
83                        else if (inHttps && (serverPort == 443)) {
84                                includePort = false;
85                        }
86
87                        String commonRedirectUrl = scheme + "://" + serverName + ((includePort) ? (":" + serverPort) : "")
88                                        + contextPath;
89                        String redirectUrl = commonRedirectUrl;
90                        if (ajaxErrorPage != null && request.getHeader(ajaxHeader) != null) {
91                                redirectUrl += ajaxErrorPage;
92                        }
93                        else if (errorPage != null) {
94                                redirectUrl += errorPage;
95                        }
96                        else {
97                                response.sendError(HttpServletResponse.SC_FORBIDDEN, e.getMessage());
98                        }
99
100                        response.sendRedirect(response.encodeRedirectURL(redirectUrl));
101                }
102
103                if (!response.isCommitted()) {
104                        // Send 403 (we do this after response has been written)
105                        response.sendError(HttpServletResponse.SC_FORBIDDEN, e.getMessage());
106                }
107        }
108
109        private boolean isLoggedIn() {
110                if (getAuthentication() == null) {
111                        return false;
112                }
113                return getAuthentication().getPrincipal() instanceof UserDetails;
114        }
115
116        private Authentication getAuthentication() {
117                return SecurityContextHolder.getContext() == null ? null
118                                : SecurityContextHolder.getContext().getAuthentication();
119        }
120
121        /**
122         * Dependency injection for the error page, e.g. '/login/denied'.
123         * @param page  the page
124         */
125        public void setErrorPage(final String page) {
126                if (page != null && !page.startsWith("/")) {
127                        throw new IllegalArgumentException("ErrorPage must begin with '/'");
128                }
129                errorPage = page;
130        }
131
132        /**
133         * Dependency injection for the Ajax error page, e.g. '/login/deniedAjax'.
134         * @param page  the page
135         */
136        public void setAjaxErrorPage(final String page) {
137                if (page != null && !page.startsWith("/")) {
138                        throw new IllegalArgumentException("ErrorPage must begin with '/'");
139                }
140                ajaxErrorPage = page;
141        }
142
143        /**
144         * Dependency injection for the Ajax header name; defaults to 'X-Requested-With'.
145         * @param header  the header name
146         */
147        public void setAjaxHeader(final String header) {
148                ajaxHeader = header;
149        }
150
151        /**
152         * Dependency injection for the port resolver.
153         * @param resolver  the resolver
154         */
155        public void setPortResolver(final PortResolver resolver) {
156                portResolver = resolver;
157        }
158
159        /**
160         * {@inheritDoc}
161         * @see org.springframework.beans.factory.InitializingBean#afterPropertiesSet()
162         */
163        public void afterPropertiesSet() {
164                Assert.notNull(ajaxHeader, "ajaxHeader is required");
165                Assert.notNull(portResolver, "portResolver is required");
166        }
167}
Note: See TracBrowser for help on using the repository browser.