001/** 002 * Copyright 2011-2013 The Kuali Foundation Licensed under the 003 * Educational Community License, Version 2.0 (the "License"); you may 004 * not use this file except in compliance with the License. You may 005 * obtain a copy of the License at 006 * 007 * http://www.osedu.org/licenses/ECL-2.0 008 * 009 * Unless required by applicable law or agreed to in writing, 010 * software distributed under the License is distributed on an "AS IS" 011 * BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 012 * or implied. See the License for the specific language governing 013 * permissions and limitations under the License. 014 */ 015 016package org.kuali.mobility.security.authn.interceptors; 017 018import org.kuali.mobility.security.authn.util.AuthenticationConstants; 019import org.kuali.mobility.security.authn.util.AuthenticationMapper; 020import org.kuali.mobility.security.user.api.User; 021import org.slf4j.Logger; 022import org.slf4j.LoggerFactory; 023import org.springframework.web.servlet.HandlerInterceptor; 024import org.springframework.web.servlet.ModelAndView; 025 026import javax.servlet.http.HttpServletRequest; 027import javax.servlet.http.HttpServletResponse; 028 029/** 030 * The AuthenticationInterceptor is a check against the authentication 031 * xml properties file to see if a particular URL must use authentication. 032 * If it does and there is no user in the session then it forces a 033 * redirection. It is a backup for the SSO filters (CAS/CoSIgn/Shibboleth/etc) 034 * to protect a resource. If you somehow got to this filter without satisfying 035 * SSO, it will step in and send you to SSO to log in. 036 * 037 */ 038public class AuthenticationInterceptor implements HandlerInterceptor { 039 040 private static final Logger LOG = LoggerFactory.getLogger( AuthenticationInterceptor.class); 041 042 private AuthenticationMapper authenticationMapper; 043 044 @Override 045 public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { 046 User user = (User)request.getSession(true).getAttribute( AuthenticationConstants.KME_USER_KEY ); 047 048 boolean passThrough = true; 049 if( getAuthenticationMapper().requiresAuthentication( request.getServletPath() ) ) 050 { 051 if( user == null ) 052 { 053 LOG.info( "User object not found in session. This should not happen." ); 054 doLogin( request, response ); 055 passThrough=false; 056 } 057 else if( user.isPublicUser() ) 058 { 059 user.setRequestURL(request.getServletPath()); 060 doLogin( request, response ); 061 passThrough=false; 062 } 063 } 064 return passThrough; 065 } 066 067 @Override 068 public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {} 069 070 @Override 071 public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {} 072 073 private void doLogin(HttpServletRequest request, HttpServletResponse response) throws Exception 074 { 075 if( getAuthenticationMapper().getLoginURL().startsWith( "http:" ) ) 076 { 077 response.sendRedirect( getAuthenticationMapper().getLoginURL() ); 078 } 079 else 080 { 081 response.sendRedirect( request.getContextPath() + getAuthenticationMapper().getLoginURL() ); 082 } 083 } 084 085 public AuthenticationMapper getAuthenticationMapper() { 086 return authenticationMapper; 087 } 088 089 public void setAuthenticationMapper(AuthenticationMapper authenticationMapper) { 090 this.authenticationMapper = authenticationMapper; 091 } 092 093}