PageRenderTime 27ms CodeModel.GetById 17ms app.highlight 6ms RepoModel.GetById 1ms app.codeStats 0ms

/hudson-core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java

http://github.com/hudson/hudson
Java | 88 lines | 35 code | 10 blank | 43 comment | 3 complexity | e28c44947de6124e832bec6fcb7fe01e MD5 | raw file
 1/*
 2 * The MIT License
 3 * 
 4 * Copyright (c) 2004-2009, Sun Microsystems, Inc., Kohsuke Kawaguchi, Matthew R. Harrah
 5 * 
 6 * Permission is hereby granted, free of charge, to any person obtaining a copy
 7 * of this software and associated documentation files (the "Software"), to deal
 8 * in the Software without restriction, including without limitation the rights
 9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 * 
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 * 
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22 * THE SOFTWARE.
23 */
24package hudson.security;
25
26import java.util.Properties;
27import java.util.logging.Logger;
28import java.util.logging.Level;
29import java.io.IOException;
30
31import javax.servlet.http.HttpServletRequest;
32import javax.servlet.http.HttpServletResponse;
33
34import org.acegisecurity.AuthenticationException;
35import org.acegisecurity.ui.webapp.AuthenticationProcessingFilter;
36
37/**
38 * {@link AuthenticationProcessingFilter} with a change for Hudson so that
39 * we can pick up the hidden "from" form field defined in <tt>login.jelly</tt>
40 * to send the user back to where he came from, after a successful authentication.
41 * 
42 * @author Kohsuke Kawaguchi
43 */
44public class AuthenticationProcessingFilter2 extends AuthenticationProcessingFilter {
45    @Override
46    protected String determineTargetUrl(HttpServletRequest request) {
47        String targetUrl = request.getParameter("from");
48        request.getSession().setAttribute("from", targetUrl);
49
50        if (targetUrl == null)
51            return getDefaultTargetUrl();
52
53        // URL returned from determineTargetUrl() is resolved against the context path,
54        // whereas the "from" URL is resolved against the top of the website, so adjust this.
55        if(targetUrl.startsWith(request.getContextPath()))
56            return targetUrl.substring(request.getContextPath().length());
57
58        // not sure when this happens, but apparently this happens in some case.
59        // see #1274
60        return targetUrl;
61    }
62
63    /**
64     * @see org.acegisecurity.ui.AbstractProcessingFilter#determineFailureUrl(javax.servlet.http.HttpServletRequest, org.acegisecurity.AuthenticationException)
65     */
66    @Override
67    protected String determineFailureUrl(HttpServletRequest request, AuthenticationException failed) {
68        Properties excMap = getExceptionMappings();
69		String failedClassName = failed.getClass().getName();
70		String whereFrom = request.getParameter("from");
71		request.getSession().setAttribute("from", whereFrom);
72		return excMap.getProperty(failedClassName, getAuthenticationFailureUrl());
73    }
74
75    /**
76     * Leave the information about login failure.
77     *
78     * <p>
79     * Otherwise it seems like Acegi doesn't really leave the detail of the failure anywhere.
80     */
81    @Override
82    protected void onUnsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed) throws IOException {
83        super.onUnsuccessfulAuthentication(request, response, failed);
84        LOGGER.log(Level.INFO, "Login attempt failed", failed);
85    }
86
87    private static final Logger LOGGER = Logger.getLogger(AuthenticationProcessingFilter2.class.getName());
88}