1 | package dbnp.authentication |
---|
2 | |
---|
3 | import grails.converters.JSON |
---|
4 | |
---|
5 | import org.codehaus.groovy.grails.plugins.springsecurity.SpringSecurityUtils |
---|
6 | |
---|
7 | import org.springframework.security.authentication.AccountExpiredException |
---|
8 | import org.springframework.security.authentication.CredentialsExpiredException |
---|
9 | import org.springframework.security.authentication.DisabledException |
---|
10 | import org.springframework.security.authentication.LockedException |
---|
11 | import org.springframework.security.core.context.SecurityContextHolder as SCH |
---|
12 | import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter |
---|
13 | import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter |
---|
14 | |
---|
15 | class LoginController { |
---|
16 | |
---|
17 | /** |
---|
18 | * Dependency injection for the authenticationTrustResolver. |
---|
19 | */ |
---|
20 | def authenticationTrustResolver |
---|
21 | |
---|
22 | /** |
---|
23 | * Dependency injection for the springSecurityService. |
---|
24 | */ |
---|
25 | def springSecurityService |
---|
26 | |
---|
27 | /** |
---|
28 | * Default action; redirects to 'defaultTargetUrl' if logged in, /login/auth otherwise. |
---|
29 | */ |
---|
30 | def index = { |
---|
31 | if (springSecurityService.isLoggedIn()) { |
---|
32 | redirect uri: SpringSecurityUtils.securityConfig.successHandler.defaultTargetUrl |
---|
33 | } |
---|
34 | else { |
---|
35 | redirect action: auth, params: params |
---|
36 | } |
---|
37 | } |
---|
38 | |
---|
39 | /** |
---|
40 | * Show the login page. |
---|
41 | */ |
---|
42 | def auth = { |
---|
43 | |
---|
44 | def config = SpringSecurityUtils.securityConfig |
---|
45 | |
---|
46 | if (springSecurityService.isLoggedIn()) { |
---|
47 | redirect uri: config.successHandler.defaultTargetUrl |
---|
48 | return |
---|
49 | } |
---|
50 | |
---|
51 | String view = 'auth' |
---|
52 | String postUrl = "${request.contextPath}${config.apf.filterProcessesUrl}" |
---|
53 | render view: view, model: [postUrl: postUrl, |
---|
54 | rememberMeParameter: config.rememberMe.parameter] |
---|
55 | } |
---|
56 | |
---|
57 | /** |
---|
58 | * Show denied page. |
---|
59 | */ |
---|
60 | def denied = { |
---|
61 | if (springSecurityService.isLoggedIn() && |
---|
62 | authenticationTrustResolver.isRememberMe(SCH.context?.authentication)) { |
---|
63 | // have cookie but the page is guarded with IS_AUTHENTICATED_FULLY |
---|
64 | redirect action: full, params: params |
---|
65 | } |
---|
66 | } |
---|
67 | |
---|
68 | /** |
---|
69 | * Login page for users with a remember-me cookie but accessing a IS_AUTHENTICATED_FULLY page. |
---|
70 | */ |
---|
71 | def full = { |
---|
72 | def config = SpringSecurityUtils.securityConfig |
---|
73 | render view: 'auth', params: params, |
---|
74 | model: [hasCookie: authenticationTrustResolver.isRememberMe(SCH.context?.authentication), |
---|
75 | postUrl: "${request.contextPath}${config.apf.filterProcessesUrl}"] |
---|
76 | } |
---|
77 | |
---|
78 | /** |
---|
79 | * Callback after a failed login. Redirects to the auth page with a warning message. |
---|
80 | */ |
---|
81 | def authfail = { |
---|
82 | |
---|
83 | def username = session[UsernamePasswordAuthenticationFilter.SPRING_SECURITY_LAST_USERNAME_KEY] |
---|
84 | String msg = '' |
---|
85 | def exception = session[AbstractAuthenticationProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY] |
---|
86 | if (exception) { |
---|
87 | if (exception instanceof AccountExpiredException) { |
---|
88 | msg = SpringSecurityUtils.securityConfig.errors.login.expired |
---|
89 | } |
---|
90 | else if (exception instanceof CredentialsExpiredException) { |
---|
91 | msg = SpringSecurityUtils.securityConfig.errors.login.passwordExpired |
---|
92 | } |
---|
93 | else if (exception instanceof DisabledException) { |
---|
94 | msg = SpringSecurityUtils.securityConfig.errors.login.disabled |
---|
95 | } |
---|
96 | else if (exception instanceof LockedException) { |
---|
97 | msg = SpringSecurityUtils.securityConfig.errors.login.locked |
---|
98 | } |
---|
99 | else { |
---|
100 | msg = SpringSecurityUtils.securityConfig.errors.login.fail |
---|
101 | } |
---|
102 | } |
---|
103 | |
---|
104 | if (springSecurityService.isAjax(request)) { |
---|
105 | render([error: msg] as JSON) |
---|
106 | } |
---|
107 | else { |
---|
108 | flash.message = msg |
---|
109 | redirect action: auth, params: params |
---|
110 | } |
---|
111 | } |
---|
112 | |
---|
113 | /** |
---|
114 | * The Ajax success redirect url. |
---|
115 | */ |
---|
116 | def ajaxSuccess = { |
---|
117 | render([success: true, username: springSecurityService.authentication.name] as JSON) |
---|
118 | } |
---|
119 | |
---|
120 | /** |
---|
121 | * The Ajax denied redirect url. |
---|
122 | */ |
---|
123 | def ajaxDenied = { |
---|
124 | render([error: 'access denied'] as JSON) |
---|
125 | } |
---|
126 | } |
---|