View Javadoc

1   /**
2    * Copyright 2011-2013 The Kuali Foundation Licensed under the
3    * Educational Community License, Version 2.0 (the "License"); you may
4    * not use this file except in compliance with the License. You may
5    * obtain a copy of the License at
6    *
7    * http://www.osedu.org/licenses/ECL-2.0
8    *
9    * Unless required by applicable law or agreed to in writing,
10   * software distributed under the License is distributed on an "AS IS"
11   * BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
12   * or implied. See the License for the specific language governing
13   * permissions and limitations under the License.
14   */
15  
16  package org.kuali.mobility.security.authn.interceptors;
17  
18  import javax.servlet.http.HttpServletRequest;
19  import javax.servlet.http.HttpServletResponse;
20  
21  import org.apache.log4j.Logger;
22  import org.kuali.mobility.security.user.api.User;
23  import org.kuali.mobility.security.authn.util.AuthenticationConstants;
24  import org.kuali.mobility.security.authn.util.AuthenticationMapper;
25  import org.springframework.web.servlet.HandlerInterceptor;
26  import org.springframework.web.servlet.ModelAndView;
27  
28  /**
29   * The AuthenticationInterceptor is a check against the authentication 
30   * xml properties file to see if a particular URL must use authentication.  
31   * If it does and there is no user in the session then it forces a 
32   * redirection.  It is a backup for the SSO filters (CAS/CoSIgn/Shibboleth/etc) 
33   * to protect a resource.  If you somehow got to this filter without satisfying 
34   * SSO, it will step in and send you to SSO to log in.
35   *
36   */
37  public class AuthenticationInterceptor implements HandlerInterceptor {
38  
39  	private static final Logger LOG = Logger.getLogger( AuthenticationInterceptor.class);
40  	
41  	private AuthenticationMapper authenticationMapper;
42  	
43  	@Override
44  	public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
45  		User user = (User)request.getSession(true).getAttribute( AuthenticationConstants.KME_USER_KEY );
46  
47  		boolean passThrough = true;
48  		if( getAuthenticationMapper().requiresAuthentication( request.getServletPath() ) )
49  		{
50  			if( user == null )
51  			{
52  				LOG.info( "User object not found in session.  This should not happen." );
53  				doLogin( request, response );
54  				passThrough=false;
55  			}
56  			else if( user.isPublicUser() )
57  			{
58  				user.setRequestURL(request.getServletPath());
59  				doLogin( request, response );
60  				passThrough=false;
61  			}
62  		}
63  		return passThrough;
64  	}
65  
66      @Override
67      public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {}
68  
69      @Override
70      public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {}
71  
72  	private void doLogin(HttpServletRequest request, HttpServletResponse response) throws Exception
73  	{
74  		if( getAuthenticationMapper().getLoginURL().startsWith( "http:" ) )
75  		{
76  			response.sendRedirect( getAuthenticationMapper().getLoginURL() );
77  		}
78  		else
79  		{
80  			response.sendRedirect( request.getContextPath() + getAuthenticationMapper().getLoginURL() );
81  		}
82  	}
83  
84  	public AuthenticationMapper getAuthenticationMapper() {
85  		return authenticationMapper;
86  	}
87  
88  	public void setAuthenticationMapper(AuthenticationMapper authenticationMapper) {
89  		this.authenticationMapper = authenticationMapper;
90  	}
91  	
92  }