Announcement Announcement Module
Collapse
No announcement yet.
Handle Redirect in AbstractAuthenticationProcessingFilter Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Handle Redirect in AbstractAuthenticationProcessingFilter

    I'm trying to refactor spring-social-security code, and find that in order to use AbstractAuthenticationProcessingFilter, I need to add code in its doFilter() method to handle redirect.

    So I added an AuthenticationRedirectException class:

    Code:
    public class AuthenticationRedirectException extends AuthenticationException{
        private final String redirectUrl;
    
        public AuthenticationRedirectException(URL redirectUrl) {
            this(redirectUrl.toString());
        }
    
        public AuthenticationRedirectException(String redirectUrl) {
            super("");
            this.redirectUrl = redirectUrl;
        }
    
        public String getRedirectUrl() {
            return redirectUrl;
        }
    
    }
    And changed doFilter() to catch the exception:

    Code:
        public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
                throws IOException, ServletException {
    
            HttpServletRequest request = (HttpServletRequest) req;
            HttpServletResponse response = (HttpServletResponse) res;
    
            if (!requiresAuthentication(request, response)) {
                chain.doFilter(request, response);
    
                return;
            }
    
            if (logger.isDebugEnabled()) {
                logger.debug("Request is to process authentication");
            }
    
            Authentication authResult;
    
            try {
                authResult = attemptAuthentication(request, response);
                if (authResult == null) {
                    // return immediately as subclass has indicated that it hasn't completed authentication
                    return;
                }
                sessionStrategy.onAuthentication(authResult, request, response);
            } catch (AuthenticationRedirectException e) {
                response.sendRedirect(e.getRedirectUrl()); 
                return;
            } catch(InternalAuthenticationServiceException failed) {
                logger.error("An internal error occurred while trying to authenticate the user.", failed);
                unsuccessfulAuthentication(request, response, failed);
    
                return;
            }
            catch (AuthenticationException failed) {
                // Authentication failed
                unsuccessfulAuthentication(request, response, failed);
    
                return;
            }
    
            // Authentication success
            if (continueChainBeforeSuccessfulAuthentication) {
                chain.doFilter(request, response);
            }
    
            successfulAuthentication(request, response, chain, authResult);
        }
    Please let me know if above code changes are appropriate.

    Thanks.

  • #2
    I think its better to use a custom implementation of failureHandler to handle this. for details look here

    Comment


    • #3
      Thanks objectamit. Rob Winch also pointed that out at SEC2102.

      I also feel maybe it is better to override unsuccessfulAuthentication() to pass redirect if AuthenticationException is for redirect. What do you think? Add a custom implementation of failureHandler or override unsuccessfulAuthentication()?

      Comment

      Working...
      X