|
1
|
|
|
package unicon.matthews.security.auth.ajax; |
|
2
|
|
|
|
|
3
|
|
|
import java.io.IOException; |
|
4
|
|
|
import java.util.HashMap; |
|
5
|
|
|
import java.util.Map; |
|
6
|
|
|
|
|
7
|
|
|
import javax.servlet.ServletException; |
|
8
|
|
|
import javax.servlet.http.HttpServletRequest; |
|
9
|
|
|
import javax.servlet.http.HttpServletResponse; |
|
10
|
|
|
import javax.servlet.http.HttpSession; |
|
11
|
|
|
|
|
12
|
|
|
import org.springframework.beans.factory.annotation.Autowired; |
|
13
|
|
|
import org.springframework.http.HttpStatus; |
|
14
|
|
|
import org.springframework.http.MediaType; |
|
15
|
|
|
import org.springframework.security.core.Authentication; |
|
16
|
|
|
import org.springframework.security.web.WebAttributes; |
|
17
|
|
|
import org.springframework.security.web.authentication.AuthenticationSuccessHandler; |
|
18
|
|
|
import org.springframework.stereotype.Component; |
|
19
|
|
|
|
|
20
|
|
|
import unicon.matthews.security.model.UserContext; |
|
21
|
|
|
import unicon.matthews.security.model.token.JwtToken; |
|
22
|
|
|
import unicon.matthews.security.model.token.JwtTokenFactory; |
|
23
|
|
|
|
|
24
|
|
|
import com.fasterxml.jackson.databind.ObjectMapper; |
|
25
|
|
|
|
|
26
|
|
|
/** |
|
27
|
|
|
* AjaxAwareAuthenticationSuccessHandler |
|
28
|
|
|
* |
|
29
|
|
|
* @author vladimir.stankovic |
|
30
|
|
|
* |
|
31
|
|
|
* Aug 3, 2016 |
|
32
|
|
|
*/ |
|
33
|
|
|
@Component |
|
34
|
|
|
public class AjaxAwareAuthenticationSuccessHandler implements AuthenticationSuccessHandler { |
|
35
|
|
|
private final ObjectMapper mapper; |
|
36
|
|
|
private final JwtTokenFactory tokenFactory; |
|
37
|
|
|
|
|
38
|
|
|
@Autowired |
|
39
|
|
|
public AjaxAwareAuthenticationSuccessHandler(final ObjectMapper mapper, final JwtTokenFactory tokenFactory) { |
|
40
|
|
|
this.mapper = mapper; |
|
41
|
|
|
this.tokenFactory = tokenFactory; |
|
42
|
|
|
} |
|
43
|
|
|
|
|
44
|
|
|
@Override |
|
45
|
|
|
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, |
|
46
|
|
|
Authentication authentication) throws IOException, ServletException { |
|
47
|
|
|
UserContext userContext = (UserContext) authentication.getPrincipal(); |
|
48
|
|
|
|
|
49
|
|
|
JwtToken accessToken = tokenFactory.createAccessJwtToken(userContext); |
|
50
|
|
|
JwtToken refreshToken = tokenFactory.createRefreshToken(userContext); |
|
51
|
|
|
|
|
52
|
|
|
Map<String, String> tokenMap = new HashMap<String, String>(); |
|
53
|
|
|
tokenMap.put("token", accessToken.getToken()); |
|
54
|
|
|
tokenMap.put("refreshToken", refreshToken.getToken()); |
|
55
|
|
|
|
|
56
|
|
|
response.setStatus(HttpStatus.OK.value()); |
|
57
|
|
|
response.setContentType(MediaType.APPLICATION_JSON_VALUE); |
|
58
|
|
|
mapper.writeValue(response.getWriter(), tokenMap); |
|
59
|
|
|
|
|
60
|
|
|
clearAuthenticationAttributes(request); |
|
61
|
|
|
} |
|
62
|
|
|
|
|
63
|
|
|
/** |
|
64
|
|
|
* Removes temporary authentication-related data which may have been stored |
|
65
|
|
|
* in the session during the authentication process.. |
|
66
|
|
|
* |
|
67
|
|
|
*/ |
|
68
|
|
|
protected final void clearAuthenticationAttributes(HttpServletRequest request) { |
|
69
|
|
|
HttpSession session = request.getSession(false); |
|
70
|
|
|
|
|
71
|
|
|
if (session == null) { |
|
72
|
|
|
return; |
|
73
|
|
|
} |
|
74
|
|
|
|
|
75
|
|
|
session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION); |
|
76
|
|
|
} |
|
77
|
|
|
} |
|
78
|
|
|
|
Apereo-Learning-Analytics-Initiative /
OpenLRW
