1 package de.juplo.yourshouter;
3 import java.io.IOException;
4 import javax.servlet.ServletException;
5 import javax.servlet.http.HttpServletRequest;
6 import javax.servlet.http.HttpServletResponse;
7 import javax.servlet.http.HttpSession;
8 import org.slf4j.Logger;
9 import org.slf4j.LoggerFactory;
10 import org.springframework.security.core.AuthenticationException;
11 import org.springframework.security.web.AuthenticationEntryPoint;
12 import org.springframework.stereotype.Service;
16 * Specialized implementation of {@link AuthenticationEntryPoint}, that
17 * redirects to the social sign-in-page, to let the user decide to sign in or
23 public class SocialAuthenticationEntryPoint implements AuthenticationEntryPoint
25 private static final Logger LOG =
26 LoggerFactory.getLogger(SocialAuthenticationEntryPoint.class);
28 public final static String REDIRECT_ATTRIBUTE =
29 SocialAuthenticationEntryPoint.class.getCanonicalName() + ".REDIRECT";
35 * To commence the sign-in through the Graph-API, we have to redirect
36 * to our already implemented sign-in-page.
38 * We store the originally requested page in the {@link HttpSession}, to be
39 * redirect back to that page after a successful authentication in
40 * {@link SpringSecuritySignInAdapter}.
42 * Only the first request of a ressource, that requires authentication, will
43 * trigger the redirect to the sing-in-page.
45 * @see SpringSecuritySignInAdapter
49 HttpServletRequest request,
50 HttpServletResponse response,
51 AuthenticationException exception
57 HttpSession session = request.getSession();
58 if (session.getAttribute(REDIRECT_ATTRIBUTE) == null)
61 "redirecting unauthenticated request to {}",
62 request.getRequestURI()
64 StringBuffer url = request.getRequestURL();
65 if (request.getQueryString() != null)
68 url.append(request.getQueryString());
70 session.setAttribute(REDIRECT_ATTRIBUTE, url.toString());
71 response.sendRedirect("/signin.html");
76 "redirect to sign-in already in progress, forbidding access to {}",
77 request.getRequestURI()
79 response.sendError(HttpServletResponse.SC_FORBIDDEN);