Source Code of org.geoserver.security.filter.GeoServerUserNamePasswordAuthenticationFilter

/* (c) 2014 Open Source Geospatial Foundation - all rights reserved
 * (c) 2001 - 2013 OpenPlans
 * This code is licensed under the GPL 2.0 license, available at the root
 * application directory.
 */
package org.geoserver.security.filter;


import java.io.IOException;


import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;


import org.geoserver.security.GeoServerSecurityFilterChain;
import org.geoserver.security.config.SecurityNamedServiceConfig;
import org.geoserver.security.config.UsernamePasswordAuthenticationFilterConfig;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
import org.springframework.security.web.authentication.RememberMeServices;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;


/**
 * User name / password authentication filter
 * 
 * 
 * @author christian
 * 
 */
public class GeoServerUserNamePasswordAuthenticationFilter extends GeoServerCompositeFilter
    implements GeoServerAuthenticationFilter {


    //public static final String URL_FOR_LOGIN = "/j_spring_security_check";
    public static final String URL_LOGIN_SUCCCESS = "/web";
    public static final String URL_LOGIN_FAILURE = "/web/?wicket:bookmarkablePage=:org.geoserver.web.GeoServerLoginPage&error=true";
    public static final String URL_LOGIN_FORM="/web/?wicket:bookmarkablePage=:org.geoserver.web.GeoServerLoginPage&error=false";
    //public static final String URL_LOGIN_FORM="/admin/login.do";
    
    
    private LoginUrlAuthenticationEntryPoint aep;
    String[] pathInfos;




    @Override
    public void initializeFromConfig(SecurityNamedServiceConfig config) throws IOException {
        super.initializeFromConfig(config);
        
        pathInfos=GeoServerSecurityFilterChain.FORM_LOGIN_CHAIN.split(",");
        
        UsernamePasswordAuthenticationFilterConfig upConfig = (UsernamePasswordAuthenticationFilterConfig) config;
        
        aep=new LoginUrlAuthenticationEntryPoint(URL_LOGIN_FORM);
        aep.setForceHttps(false);
        try {
            aep.afterPropertiesSet();
        } catch (Exception e2) {
            throw new IOException(e2);
        }


        RememberMeServices rms = securityManager.getRememberMeService(); 


        // add login filter
        UsernamePasswordAuthenticationFilter filter = new UsernamePasswordAuthenticationFilter() {
            @Override
            protected boolean requiresAuthentication(HttpServletRequest request,
                    HttpServletResponse response) {
                
                for (String pathInfo:pathInfos) {            
                    if (getRequestPath(request).startsWith(pathInfo)) 
                        return true;
                    
                }   
                return false;
            }
        };




        filter.setPasswordParameter(upConfig.getPasswordParameterName());
        filter.setUsernameParameter(upConfig.getUsernameParameterName());
        filter.setAuthenticationManager(getSecurityManager());


        filter.setRememberMeServices(rms);
        GeoServerWebAuthenticationDetailsSource s = new GeoServerWebAuthenticationDetailsSource();
        filter.setAuthenticationDetailsSource(s);


        filter.setAllowSessionCreation(false);
        //filter.setFilterProcessesUrl(URL_FOR_LOGIN);


        SimpleUrlAuthenticationSuccessHandler successHandler = new SimpleUrlAuthenticationSuccessHandler();
        successHandler.setDefaultTargetUrl(URL_LOGIN_SUCCCESS);
        filter.setAuthenticationSuccessHandler(successHandler);


        SimpleUrlAuthenticationFailureHandler failureHandler = new SimpleUrlAuthenticationFailureHandler();
        // TODO, check this when using encrypting of URL parameters
        failureHandler
                .setDefaultFailureUrl(URL_LOGIN_FAILURE);
        filter.setAuthenticationFailureHandler(failureHandler);


        //filter.afterPropertiesSet();
        getNestedFilters().add(filter);
    }
    
    @Override
    public AuthenticationEntryPoint getAuthenticationEntryPoint() {
        return aep;
    }


    @Override
    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
            throws IOException, ServletException {
        req.setAttribute(GeoServerSecurityFilter.AUTHENTICATION_ENTRY_POINT_HEADER, aep);
        super.doFilter(req, res, chain);
    }            


    /**
     * @see org.geoserver.security.filter.GeoServerAuthenticationFilter#applicableForHtml()
     */
    @Override
    public boolean applicableForHtml() {
        return true;
    }




    /**
     * @see org.geoserver.security.filter.GeoServerAuthenticationFilter#applicableForServices()
     */
    @Override
    public boolean applicableForServices() {
        return false;
    }




}
Source Code of org.geoserver.security.filter.GeoServerUserNamePasswordAuthenticationFilter

Related Classes of org.geoserver.security.filter.GeoServerUserNamePasswordAuthenticationFilter
