View Javadoc
1   package org.itracker.web.security;
2   
3   import org.apache.commons.lang.StringUtils;
4   import org.itracker.core.AuthenticationConstants;
5   import org.itracker.core.resources.ITrackerResources;
6   import org.itracker.model.PermissionType;
7   import org.itracker.model.User;
8   import org.itracker.model.UserPreferences;
9   import org.itracker.services.UserService;
10  import org.itracker.web.util.*;
11  import org.slf4j.Logger;
12  import org.slf4j.LoggerFactory;
13  import org.springframework.security.core.Authentication;
14  import org.springframework.security.web.DefaultRedirectStrategy;
15  import org.springframework.security.web.RedirectStrategy;
16  import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
17  import org.springframework.security.web.savedrequest.DefaultSavedRequest;
18  import org.springframework.security.web.savedrequest.SavedRequest;
19  
20  import javax.servlet.ServletException;
21  import javax.servlet.http.HttpServletRequest;
22  import javax.servlet.http.HttpServletResponse;
23  import javax.servlet.http.HttpSession;
24  import java.io.IOException;
25  import java.util.Map;
26  import java.util.Set;
27  
28  public class LoginHandler implements AuthenticationSuccessHandler {
29      private static final Logger log = LoggerFactory.getLogger(LoginHandler.class);
30  
31      static final String SAVED_REQUEST = "SPRING_SECURITY_SAVED_REQUEST";
32  
33      private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
34      private String redirectUrl = "/";
35      private boolean isAutologinSuccessHandler = false;
36  
37  
38      @Override
39      public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
40  
41          UserService userService = ServletContextUtils.getItrackerServices().getUserService();
42  
43          log.debug("Creating new session");
44  
45          HttpSession session = request.getSession(true);
46  
47          if (log.isDebugEnabled()) {
48              log.debug("Setting session timeout to "
49                      + LoginUtilities.getConfiguredSessionTimeout() + " minutes");
50          }
51          session.setMaxInactiveInterval(LoginUtilities.getConfiguredSessionTimeout() * 60);
52  
53          if (log.isDebugEnabled()) {
54              log.debug("Setting session tracker");
55          }
56          session.setAttribute(Constants.SESSION_TRACKER_KEY, new SessionTracker(
57                  request.getRemoteUser(), session.getId()));
58  
59          log.debug("Setting user information");
60  
61          final User user = userService.getUserByLogin(authentication.getName());
62  
63          session.setAttribute(Constants.USER_KEY, user);
64          session.setAttribute("userDN", getDisplayName(user));
65  
66          log.debug("Setting preferences for user {}", user.getLogin());
67  
68          UserPreferences userPrefs = user.getPreferences();
69  
70          session.setAttribute(Constants.PREFERENCES_KEY, userPrefs);
71  
72          if (log.isDebugEnabled()) {
73              log.debug("Setting user " + user + " locale to " + ITrackerResources
74                      .getLocale(userPrefs.getUserLocale()));
75          }
76          session.setAttribute(Constants.LOCALE_KEY, ITrackerResources
77                  .getLocale(userPrefs.getUserLocale()));
78  
79          if (log.isDebugEnabled()) {
80              log.debug("Setting autologin cookie for user " + user.getLogin());
81          }
82  
83          log.debug("Setting permissions for user {}", user.getLogin());
84          Map<Integer, Set<PermissionType>> usersMapOfProjectIdsAndSetOfPermissionTypes = userService
85                  .getUsersMapOfProjectIdsAndSetOfPermissionTypes(user,
86                          AuthenticationConstants.REQ_SOURCE_WEB);
87          session.setAttribute(Constants.PERMISSIONS_KEY,
88                  usersMapOfProjectIdsAndSetOfPermissionTypes);
89  
90          // Reset some session forms
91          session.setAttribute(Constants.SEARCH_QUERY_KEY, null);
92  
93          SessionManager.clearSessionNeedsReset(user.getLogin());
94          log.debug("User session data updated.");
95  
96          SessionManager.createSession(user.getLogin());
97  
98          redirectToOnLoginSuccess(request, response, getRedirectStrategy());
99  
100     }
101 
102     private Object getDisplayName(User user) {
103         StringBuilder sb =
104                 new StringBuilder(StringUtils.defaultString(user.getFirstName()));
105         if (sb.length() > 0)
106             sb.append(' ');
107         sb.append(StringUtils.defaultString(user.getLastName()));
108         if (sb.length() == 1) {
109             return user.getLogin();
110         }
111         return sb.toString();
112     }
113 
114     public void redirectToOnLoginSuccess(HttpServletRequest request,
115                                                 HttpServletResponse response,
116                                                 RedirectStrategy redirectStrategy) throws IOException {
117 
118         final String path = getRedirectUrl(request);
119 
120         redirectStrategy.sendRedirect(request, response, path);
121     }
122     protected SavedRequest getRequest(HttpServletRequest currentRequest) {
123         HttpSession session = currentRequest.getSession(false);
124 
125         if (session != null) {
126             return (DefaultSavedRequest) session.getAttribute(SAVED_REQUEST);
127         }
128 
129         return null;
130     }
131     protected String getRedirectUrl(HttpServletRequest request) {
132 
133         if (isAutologinSuccessHandler()) {
134 
135             return StringUtils.defaultString(request.getServletPath());
136         }
137 
138         SavedRequest savedRequest = getRequest(request);
139         if (getRequest(request) != null) {
140             return savedRequest.getRedirectUrl();
141         }
142 
143 
144         /* return a sane default in case data isn't there */
145         return getRedirectUrl();
146     }
147     public RedirectStrategy getRedirectStrategy() {
148         return redirectStrategy;
149     }
150 
151     public void setRedirectStrategy(RedirectStrategy redirectStrategy) {
152         this.redirectStrategy = redirectStrategy;
153     }
154 
155     public String getRedirectUrl() {
156         return redirectUrl;
157     }
158 
159     public boolean isAutologinSuccessHandler() {
160         return isAutologinSuccessHandler;
161     }
162 
163     public void setIsAutologinSuccessHandler(boolean isAutologinSuccessHandler) {
164         this.isAutologinSuccessHandler = isAutologinSuccessHandler;
165     }
166 
167     public void setRedirectUrl(String redirectUrl) {
168         this.redirectUrl = redirectUrl;
169     }
170 }