UserAuthenticationFailureHandler.java example

Explorer
jcommune-master
/**
 * Copyright (C) 2011  JTalks.org Team
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 */
package org.jtalks.jcommune.web.util;

import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;

/**
 * <tt>AuthenticationFailureHandler</tt> which extends <tt>SimpleUrlAuthenticationFailureHandler</tt>
 * by adding to the Session an attribute with value of username which was used in authentication
 * @author Andrei Alikov
 */
public class UserAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {

    /**
     * Default session attribute name storing username
     */
    public static final String DEFAULT_USERNAME_SESSION_ATTRIBUTE = "username";

    private String usernameSessionAttribute = DEFAULT_USERNAME_SESSION_ATTRIBUTE;

    /**
     * {@inheritDoc}
     */
    @Override
    public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
                                        AuthenticationException exception) throws IOException, ServletException {

        HttpSession session = request.getSession(false);
        if ((session != null || isAllowSessionCreation()) && exception.getAuthentication() != null) {
            request.getSession().setAttribute(usernameSessionAttribute, exception.getAuthentication().getName());
        }

        super.onAuthenticationFailure(request, response, exception);
    }

    /**
     * Gets name of Session's attribute which is used to store username.
     * Default value is DEFAULT_USERNAME_SESSION_ATTRIBUTE
     * @return name of Session attribute which is used to store username
     */
    public String getUsernameSessionAttribute() {
        return usernameSessionAttribute;
    }

    /**
     * Set the name of Session's attribute which is used to store username
     * @param usernameSessionAttribute
     */
    public void setUsernameSessionAttribute(String usernameSessionAttribute) {
        this.usernameSessionAttribute = usernameSessionAttribute;
    }
}