1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24 package waffle.spring;
25
26 import java.io.IOException;
27
28 import javax.servlet.ServletException;
29 import javax.servlet.http.HttpServletRequest;
30 import javax.servlet.http.HttpServletResponse;
31
32 import org.slf4j.Logger;
33 import org.slf4j.LoggerFactory;
34 import org.springframework.security.access.AccessDeniedException;
35 import org.springframework.security.authentication.AuthenticationManager;
36 import org.springframework.security.core.Authentication;
37 import org.springframework.security.core.AuthenticationException;
38 import org.springframework.security.core.context.SecurityContextHolder;
39 import org.springframework.security.web.access.AccessDeniedHandler;
40 import org.springframework.security.web.authentication.AuthenticationFailureHandler;
41 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77 public class DelegatingNegotiateSecurityFilter extends NegotiateSecurityFilter {
78
79
80 private static final Logger LOGGER = LoggerFactory.getLogger(DelegatingNegotiateSecurityFilter.class);
81
82
83 private AuthenticationManager authenticationManager;
84
85
86 private AuthenticationSuccessHandler authenticationSuccessHandler;
87
88
89 private AuthenticationFailureHandler authenticationFailureHandler;
90
91
92 private AccessDeniedHandler accessDeniedHandler;
93
94
95
96
97 public DelegatingNegotiateSecurityFilter() {
98 super();
99 DelegatingNegotiateSecurityFilter.LOGGER.debug("[waffle.spring.NegotiateSecurityFilter] loaded");
100 }
101
102
103
104
105
106
107 public AccessDeniedHandler getAccessDeniedHandler() {
108 return this.accessDeniedHandler;
109 }
110
111
112
113
114
115
116
117 public void setAccessDeniedHandler(final AccessDeniedHandler value) {
118 this.accessDeniedHandler = value;
119 }
120
121
122
123
124
125
126 public AuthenticationFailureHandler getAuthenticationFailureHandler() {
127 return this.authenticationFailureHandler;
128 }
129
130
131
132
133
134
135
136 public void setAuthenticationFailureHandler(final AuthenticationFailureHandler value) {
137 this.authenticationFailureHandler = value;
138 }
139
140 @Override
141 protected boolean setAuthentication(final HttpServletRequest request, final HttpServletResponse response,
142 final Authentication authentication) {
143 try {
144 Authentication delegateAuthentication = authentication;
145 if (this.authenticationManager != null) {
146 DelegatingNegotiateSecurityFilter.LOGGER.debug("Delegating to custom authenticationmanager");
147 delegateAuthentication = this.authenticationManager.authenticate(authentication);
148 }
149 SecurityContextHolder.getContext().setAuthentication(delegateAuthentication);
150 if (this.authenticationSuccessHandler != null) {
151 try {
152 this.authenticationSuccessHandler.onAuthenticationSuccess(request, response,
153 delegateAuthentication);
154 } catch (final IOException | ServletException e) {
155 DelegatingNegotiateSecurityFilter.LOGGER.warn("Error calling authenticationSuccessHandler: {}",
156 e.getMessage());
157 DelegatingNegotiateSecurityFilter.LOGGER.trace("", e);
158 return false;
159 }
160 }
161 } catch (final AuthenticationException e) {
162 DelegatingNegotiateSecurityFilter.LOGGER
163 .warn("Error authenticating user in custom authenticationmanager: {}", e.getMessage());
164 this.sendAuthenticationFailed(request, response, e);
165 return false;
166 } catch (final AccessDeniedException e) {
167 DelegatingNegotiateSecurityFilter.LOGGER.warn("Error authorizing user in custom authenticationmanager: {}",
168 e.getMessage());
169 this.sendAccessDenied(request, response, e);
170 return false;
171 }
172 return true;
173 }
174
175 @Override
176 public void afterPropertiesSet() throws ServletException {
177 super.afterPropertiesSet();
178
179 if (this.getProvider() == null) {
180 throw new ServletException("Missing NegotiateSecurityFilter.Provider");
181 }
182 }
183
184
185
186
187
188
189
190
191
192
193
194 private void sendAuthenticationFailed(final HttpServletRequest request, final HttpServletResponse response,
195 final AuthenticationException ae) {
196 if (this.authenticationFailureHandler != null) {
197 try {
198 this.authenticationFailureHandler.onAuthenticationFailure(request, response, ae);
199 return;
200 } catch (final IOException e) {
201 DelegatingNegotiateSecurityFilter.LOGGER.warn("IOException invoking authenticationFailureHandler: {}",
202 e.getMessage());
203 DelegatingNegotiateSecurityFilter.LOGGER.trace("", e);
204 } catch (final ServletException e) {
205 DelegatingNegotiateSecurityFilter.LOGGER
206 .warn("ServletException invoking authenticationFailureHandler: {}", e.getMessage());
207 DelegatingNegotiateSecurityFilter.LOGGER.trace("", e);
208 }
209 }
210 super.sendUnauthorized(response, true);
211 }
212
213
214
215
216
217
218
219
220
221
222
223 private void sendAccessDenied(final HttpServletRequest request, final HttpServletResponse response,
224 final AccessDeniedException ae) {
225 if (this.accessDeniedHandler != null) {
226 try {
227 this.accessDeniedHandler.handle(request, response, ae);
228 return;
229 } catch (final IOException e) {
230 DelegatingNegotiateSecurityFilter.LOGGER.warn("IOException invoking accessDeniedHandler: {}",
231 e.getMessage());
232 DelegatingNegotiateSecurityFilter.LOGGER.trace("", e);
233 } catch (final ServletException e) {
234 DelegatingNegotiateSecurityFilter.LOGGER.warn("ServletException invoking accessDeniedHandler: {}",
235 e.getMessage());
236 DelegatingNegotiateSecurityFilter.LOGGER.trace("", e);
237 }
238 }
239
240 this.sendUnauthorized(response, true);
241 }
242
243
244
245
246
247
248 public AuthenticationSuccessHandler getAuthenticationSuccessHandler() {
249 return this.authenticationSuccessHandler;
250 }
251
252
253
254
255
256
257
258 public void setAuthenticationSuccessHandler(final AuthenticationSuccessHandler value) {
259 this.authenticationSuccessHandler = value;
260 }
261
262
263
264
265
266
267 public AuthenticationManager getAuthenticationManager() {
268 return this.authenticationManager;
269 }
270
271
272
273
274
275
276
277 public void setAuthenticationManager(final AuthenticationManager value) {
278 this.authenticationManager = value;
279 }
280
281 }