View Javadoc

1   package org.appfuse.webapp.security;
2   
3   import java.io.IOException;
4   
5   import javax.servlet.ServletException;
6   import javax.servlet.http.HttpServletRequest;
7   import javax.servlet.http.HttpServletResponse;
8   
9   import org.springframework.security.core.AuthenticationException;
10  import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
11  import org.springframework.security.web.util.ELRequestMatcher;
12  import org.springframework.security.web.util.RequestMatcher;
13  
14  /**
15   * 
16   * @author ivangsa
17   *
18   */
19  public class RpcAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
20  
21      private RequestMatcher requestMatcher = new ELRequestMatcher("hasHeader('X-Requested-With','XMLHttpRequest')");
22  
23      public void setRequestMatcher(RequestMatcher requestMatcher) {
24          this.requestMatcher = requestMatcher;
25      }
26  
27      @Override
28      public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {
29          if (isRpcRequest(request, response)) {
30              response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
31          } else {
32              super.onAuthenticationFailure(request, response, exception);
33          }
34      }
35  
36      protected boolean isRpcRequest(HttpServletRequest request, HttpServletResponse response) {
37          return requestMatcher.matches(request);
38      }
39  
40  }