Search in sources :

Example 1 with SimpleUrlAuthenticationFailureHandler

use of org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler in project spring-security by spring-projects.

the class AbstractAuthenticationFilterConfigurer method failureUrl.

/**
	 * The URL to send users if authentication fails. This is a shortcut for invoking
	 * {@link #failureHandler(AuthenticationFailureHandler)}. The default is
	 * "/login?error".
	 *
	 * @param authenticationFailureUrl the URL to send users if authentication fails (i.e.
	 * "/login?error").
	 * @return the {@link FormLoginConfigurer} for additional customization
	 */
public final T failureUrl(String authenticationFailureUrl) {
    T result = failureHandler(new SimpleUrlAuthenticationFailureHandler(authenticationFailureUrl));
    this.failureUrl = authenticationFailureUrl;
    return result;
}
Also used : SimpleUrlAuthenticationFailureHandler(org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler)

Example 2 with SimpleUrlAuthenticationFailureHandler

use of org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler in project spring-security by spring-projects.

the class SessionManagementConfigurer method configure.

@Override
public void configure(H http) throws Exception {
    SecurityContextRepository securityContextRepository = http.getSharedObject(SecurityContextRepository.class);
    SessionManagementFilter sessionManagementFilter = new SessionManagementFilter(securityContextRepository, getSessionAuthenticationStrategy(http));
    if (this.sessionAuthenticationErrorUrl != null) {
        sessionManagementFilter.setAuthenticationFailureHandler(new SimpleUrlAuthenticationFailureHandler(this.sessionAuthenticationErrorUrl));
    }
    InvalidSessionStrategy strategy = getInvalidSessionStrategy();
    if (strategy != null) {
        sessionManagementFilter.setInvalidSessionStrategy(strategy);
    }
    AuthenticationFailureHandler failureHandler = getSessionAuthenticationFailureHandler();
    if (failureHandler != null) {
        sessionManagementFilter.setAuthenticationFailureHandler(failureHandler);
    }
    AuthenticationTrustResolver trustResolver = http.getSharedObject(AuthenticationTrustResolver.class);
    if (trustResolver != null) {
        sessionManagementFilter.setTrustResolver(trustResolver);
    }
    sessionManagementFilter = postProcess(sessionManagementFilter);
    http.addFilter(sessionManagementFilter);
    if (isConcurrentSessionControlEnabled()) {
        ConcurrentSessionFilter concurrentSessionFilter = createConccurencyFilter(http);
        concurrentSessionFilter = postProcess(concurrentSessionFilter);
        http.addFilter(concurrentSessionFilter);
    }
}
Also used : SessionManagementFilter(org.springframework.security.web.session.SessionManagementFilter) ConcurrentSessionFilter(org.springframework.security.web.session.ConcurrentSessionFilter) SimpleRedirectInvalidSessionStrategy(org.springframework.security.web.session.SimpleRedirectInvalidSessionStrategy) InvalidSessionStrategy(org.springframework.security.web.session.InvalidSessionStrategy) AuthenticationTrustResolver(org.springframework.security.authentication.AuthenticationTrustResolver) NullSecurityContextRepository(org.springframework.security.web.context.NullSecurityContextRepository) HttpSessionSecurityContextRepository(org.springframework.security.web.context.HttpSessionSecurityContextRepository) SecurityContextRepository(org.springframework.security.web.context.SecurityContextRepository) SimpleUrlAuthenticationFailureHandler(org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler) AuthenticationFailureHandler(org.springframework.security.web.authentication.AuthenticationFailureHandler) SimpleUrlAuthenticationFailureHandler(org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler)

Example 3 with SimpleUrlAuthenticationFailureHandler

use of org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler in project spring-security by spring-projects.

the class SwitchUserFilter method afterPropertiesSet.

// ~ Methods
// ========================================================================================================
@Override
public void afterPropertiesSet() {
    Assert.notNull(this.userDetailsService, "userDetailsService must be specified");
    Assert.isTrue(this.successHandler != null || this.targetUrl != null, "You must set either a successHandler or the targetUrl");
    if (this.targetUrl != null) {
        Assert.isNull(this.successHandler, "You cannot set both successHandler and targetUrl");
        this.successHandler = new SimpleUrlAuthenticationSuccessHandler(this.targetUrl);
    }
    if (this.failureHandler == null) {
        this.failureHandler = this.switchFailureUrl == null ? new SimpleUrlAuthenticationFailureHandler() : new SimpleUrlAuthenticationFailureHandler(this.switchFailureUrl);
    } else {
        Assert.isNull(this.switchFailureUrl, "You cannot set both a switchFailureUrl and a failureHandler");
    }
}
Also used : SimpleUrlAuthenticationSuccessHandler(org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler) SimpleUrlAuthenticationFailureHandler(org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler)

Example 4 with SimpleUrlAuthenticationFailureHandler

use of org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler in project spring-security-oauth by spring-projects.

the class AuthorizationServerBeanDefinitionParserTests method filterUsesConfiguredFailureHandler.

@Test
public void filterUsesConfiguredFailureHandler() throws Exception {
    final Field failureHandlerField = AbstractAuthenticationProcessingFilter.class.getDeclaredField("failureHandler");
    ReflectionUtils.makeAccessible(failureHandlerField);
    AuthenticationFailureHandler failureHandler = (AuthenticationFailureHandler) ReflectionUtils.getField(failureHandlerField, filter);
    assertTrue("failure handler should be a simpleUrlFailureHandler", failureHandler instanceof SimpleUrlAuthenticationFailureHandler);
    final Field failureUrlField = SimpleUrlAuthenticationFailureHandler.class.getDeclaredField("defaultFailureUrl");
    ReflectionUtils.makeAccessible(failureUrlField);
    String failureUrl = (String) ReflectionUtils.getField(failureUrlField, failureHandler);
    assertEquals("failure URL should be the configured url", "/oauth/confirm_access", failureUrl);
}
Also used : Field(java.lang.reflect.Field) SimpleUrlAuthenticationFailureHandler(org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler) AuthenticationFailureHandler(org.springframework.security.web.authentication.AuthenticationFailureHandler) SimpleUrlAuthenticationFailureHandler(org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler) Test(org.junit.Test)

Aggregations

SimpleUrlAuthenticationFailureHandler (org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler)4 AuthenticationFailureHandler (org.springframework.security.web.authentication.AuthenticationFailureHandler)2 Field (java.lang.reflect.Field)1 Test (org.junit.Test)1 AuthenticationTrustResolver (org.springframework.security.authentication.AuthenticationTrustResolver)1 SimpleUrlAuthenticationSuccessHandler (org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler)1 HttpSessionSecurityContextRepository (org.springframework.security.web.context.HttpSessionSecurityContextRepository)1 NullSecurityContextRepository (org.springframework.security.web.context.NullSecurityContextRepository)1 SecurityContextRepository (org.springframework.security.web.context.SecurityContextRepository)1 ConcurrentSessionFilter (org.springframework.security.web.session.ConcurrentSessionFilter)1 InvalidSessionStrategy (org.springframework.security.web.session.InvalidSessionStrategy)1 SessionManagementFilter (org.springframework.security.web.session.SessionManagementFilter)1 SimpleRedirectInvalidSessionStrategy (org.springframework.security.web.session.SimpleRedirectInvalidSessionStrategy)1