package com.github.kazuki43zoo.web.security;
import com.github.kazuki43zoo.core.config.SecurityConfigs;
import com.github.kazuki43zoo.core.message.Message;
import com.github.kazuki43zoo.domain.model.account.AccountAuthenticationHistory;
import com.github.kazuki43zoo.domain.model.account.AuthenticationType;
import com.github.kazuki43zoo.domain.service.security.AuthenticationSharedService;
import com.github.kazuki43zoo.domain.service.security.CustomAuthenticationDetails;
import org.dozer.Mapper;
import org.springframework.context.MessageSource;
import org.springframework.security.authentication.AuthenticationDetailsSource;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.ExceptionMappingAuthenticationFailureHandler;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.security.web.authentication.session.SessionAuthenticationException;
import org.terasoluna.gfw.common.exception.SystemException;
import javax.inject.Inject;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
public class CustomAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
@Inject
MessageSource messageSource;
@Inject
AuthenticationSharedService authenticationSharedService;
@Inject
SecurityConfigs securityConfigs;
@Inject
AuthenticationDetailsSource<HttpServletRequest, CustomAuthenticationDetails> authenticationDetailsSource;
@Inject
Mapper beanMapper;
@Override
public void onAuthenticationFailure(final HttpServletRequest request, final HttpServletResponse response, final AuthenticationException exception) throws IOException, ServletException {
if (exception instanceof SessionAuthenticationException) {
createConcurrentAuthenticationFailureHistory(request);
}
super.onAuthenticationFailure(request, response, exception);
}
private void createConcurrentAuthenticationFailureHistory(final HttpServletRequest request) {
final String accountId = request.getParameter(securityConfigs.getUsernameParameter());
final String message = Message.SECURITY_CONCURRENT_LOGIN.text(messageSource);
final CustomAuthenticationDetails authenticationDetails = authenticationDetailsSource.buildDetails(request);
final AccountAuthenticationHistory authenticationHistory = beanMapper.map(authenticationDetails, AccountAuthenticationHistory.class);
authenticationSharedService.createAuthenticationFailureHistory(accountId, authenticationHistory, AuthenticationType.LOGIN, message);
}
}