Created
February 24, 2011 21:42
-
-
Save mraible/842948 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/src/main/java/org/appfuse/examples/web/AjaxAuthenticationSuccessHandler.java b/src/main/java/org/appfuse/examples/web/AjaxAuthenticationSuccessHandler.java | |
index 2a68529..99980ed 100644 | |
--- a/src/main/java/org/appfuse/examples/web/AjaxAuthenticationSuccessHandler.java | |
+++ b/src/main/java/org/appfuse/examples/web/AjaxAuthenticationSuccessHandler.java | |
@@ -1,16 +1,31 @@ | |
package org.appfuse.examples.web; | |
+import org.codehaus.jackson.map.ObjectMapper; | |
+import org.springframework.security.core.Authentication; | |
+import org.springframework.security.web.authentication.AuthenticationSuccessHandler; | |
+ | |
+import javax.servlet.ServletException; | |
+import javax.servlet.http.HttpServletRequest; | |
+import javax.servlet.http.HttpServletResponse; | |
+import java.io.IOException; | |
+ | |
public class AjaxAuthenticationSuccessHandler implements AuthenticationSuccessHandler { | |
private AuthenticationSuccessHandler defaultHandler; | |
+ private ObjectMapper mapper = new ObjectMapper(); | |
public AjaxAuthenticationSuccessHandler(AuthenticationSuccessHandler defaultHandler) { | |
this.defaultHandler = defaultHandler; | |
} | |
- void onAuthenticationSuccess(HttpServletRequest request, | |
- HttpServletResponse response, Authentication auth) { | |
- if ("true".eqauls(request.getHeader("X-Ajax-call")) { | |
- response.getWriter().print("ok"); | |
+ public void onAuthenticationSuccess(HttpServletRequest request, | |
+ HttpServletResponse response, | |
+ Authentication auth) | |
+ throws IOException, ServletException { | |
+ | |
+ if ("XMLHttpRequest".equals(request.getHeader("X-Requested-With"))) { | |
+ response.setContentType("application/json"); | |
+ LoginStatus status = new LoginStatus(true, auth.getName()); | |
+ response.getWriter().print(mapper.writeValueAsString(status)); | |
response.getWriter().flush(); | |
} else { | |
defaultHandler.onAuthenticationSuccess(request, response, auth); | |
diff --git a/src/main/java/org/appfuse/examples/web/LoginService.java b/src/main/java/org/appfuse/examples/web/LoginService.java | |
index 9198f6a..a9e7163 100644 | |
--- a/src/main/java/org/appfuse/examples/web/LoginService.java | |
+++ b/src/main/java/org/appfuse/examples/web/LoginService.java | |
@@ -63,24 +63,7 @@ public class LoginService { | |
} | |
} | |
- public class LoginStatus { | |
- private final boolean loggedIn; | |
- private final String username; | |
- | |
- public LoginStatus(boolean loggedIn, String username) { | |
- this.loggedIn = loggedIn; | |
- this.username = username; | |
- } | |
- | |
- public boolean isLoggedIn() { | |
- return loggedIn; | |
- } | |
- | |
- public String getUsername() { | |
- return username; | |
- } | |
- } | |
/*@RequestMapping(method = RequestMethod.OPTIONS) | |
public void setOptionsHeaders(HttpServletResponse response) { | |
diff --git a/src/main/java/org/appfuse/examples/web/LoginStatus.java b/src/main/java/org/appfuse/examples/web/LoginStatus.java | |
index 3ea8e9a..05d7073 100644 | |
--- a/src/main/java/org/appfuse/examples/web/LoginStatus.java | |
+++ b/src/main/java/org/appfuse/examples/web/LoginStatus.java | |
@@ -2,19 +2,19 @@ package org.appfuse.examples.web; | |
public class LoginStatus { | |
- private final boolean loggedIn; | |
- private final String username; | |
+ private final boolean loggedIn; | |
+ private final String username; | |
- public LoginStatus(boolean loggedIn, String username) { | |
- this.loggedIn = loggedIn; | |
- this.username = username; | |
- } | |
+ public LoginStatus(boolean loggedIn, String username) { | |
+ this.loggedIn = loggedIn; | |
+ this.username = username; | |
+ } | |
- public boolean isLoggedIn() { | |
- return loggedIn; | |
- } | |
+ public boolean isLoggedIn() { | |
+ return loggedIn; | |
+ } | |
- public String getUsername() { | |
- return username; | |
- } | |
- } | |
\ No newline at end of file | |
+ public String getUsername() { | |
+ return username; | |
+ } | |
+} | |
\ No newline at end of file | |
diff --git a/src/main/java/org/appfuse/examples/web/OptionsHeadersFilter.java b/src/main/java/org/appfuse/examples/web/OptionsHeadersFilter.java | |
index 3013f3b..eea9937 100644 | |
--- a/src/main/java/org/appfuse/examples/web/OptionsHeadersFilter.java | |
+++ b/src/main/java/org/appfuse/examples/web/OptionsHeadersFilter.java | |
@@ -6,21 +6,35 @@ import javax.servlet.FilterConfig; | |
import javax.servlet.ServletException; | |
import javax.servlet.ServletRequest; | |
import javax.servlet.ServletResponse; | |
+import javax.servlet.http.Cookie; | |
+import javax.servlet.http.HttpServletRequest; | |
import javax.servlet.http.HttpServletResponse; | |
import java.io.IOException; | |
+import java.util.Enumeration; | |
public class OptionsHeadersFilter implements Filter { | |
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) | |
throws IOException, ServletException { | |
+ HttpServletRequest request = (HttpServletRequest) req; | |
HttpServletResponse response = (HttpServletResponse) res; | |
+ if (request.getMethod().equalsIgnoreCase("OPTIONS")) { | |
+ addOptionsHeaders(response); | |
+ return; | |
+ } else if (request.getMethod().equalsIgnoreCase("POST")) { | |
+ addOptionsHeaders(response); | |
+ } | |
+ | |
+ | |
+ chain.doFilter(req, res); | |
+ } | |
+ | |
+ private void addOptionsHeaders(HttpServletResponse response) { | |
response.setHeader("Access-Control-Allow-Origin", "*"); | |
response.setHeader("Access-Control-Allow-Methods", "GET,POST"); | |
response.setHeader("Access-Control-Max-Age", "360"); | |
response.setHeader("Access-Control-Allow-Headers", "x-requested-with"); | |
- | |
- chain.doFilter(req, res); | |
} | |
public void init(FilterConfig filterConfig) { | |
diff --git a/src/main/webapp/WEB-INF/security.xml b/src/main/webapp/WEB-INF/security.xml | |
index 93da1c4..3b96451 100644 | |
--- a/src/main/webapp/WEB-INF/security.xml | |
+++ b/src/main/webapp/WEB-INF/security.xml | |
@@ -13,7 +13,8 @@ | |
<intercept-url pattern="/app/users" access="ROLE_ADMIN" requires-channel="https"/> | |
<intercept-url pattern="/app/**" access="ROLE_ADMIN,ROLE_USER" requires-channel="any"/> | |
<form-login login-page="/login" authentication-failure-url="/login?error=true" | |
- login-processing-url="/j_security_check"/> | |
+ login-processing-url="/j_security_check" | |
+ authentication-success-handler-ref="ajaxAuthenticationHandler"/> | |
<logout logout-url="/logout"/> | |
<session-management session-fixation-protection="newSession" > | |
<concurrency-control max-sessions="1" error-if-maximum-exceeded="false"/> | |
@@ -34,6 +35,13 @@ | |
<protect-pointcut expression="execution(* *..service.UserManager.removeUser(..))" access="ROLE_ADMIN"/> | |
</global-method-security> | |
+ <beans:bean id="ajaxAuthenticationHandler" class="org.appfuse.examples.web.AjaxAuthenticationSuccessHandler"> | |
+ <beans:constructor-arg ref="defaultSuccessHandler"/> | |
+ </beans:bean> | |
+ | |
+ <beans:bean id="defaultSuccessHandler" | |
+ class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler"/> | |
+ | |
<!-- Override userSecurityAdvice bean in appfuse-service to allow any role to update a user. --> | |
<beans:bean id="userSecurityAdvice" class="org.appfuse.examples.web.UserSecurityAdvice"/> | |
</beans:beans> | |
\ No newline at end of file | |
diff --git a/src/main/webapp/WEB-INF/web.xml b/src/main/webapp/WEB-INF/web.xml | |
index 1eeacf5..b8fed84 100644 | |
--- a/src/main/webapp/WEB-INF/web.xml | |
+++ b/src/main/webapp/WEB-INF/web.xml | |
@@ -102,10 +102,6 @@ | |
<url-pattern>/*</url-pattern> | |
</filter-mapping>--> | |
<filter-mapping> | |
- <filter-name>optionsHeaders</filter-name> | |
- <url-pattern>/*</url-pattern> | |
- </filter-mapping> | |
- <filter-mapping> | |
<filter-name>messageFilter</filter-name> | |
<url-pattern>/*</url-pattern> | |
<dispatcher>REQUEST</dispatcher> | |
@@ -120,6 +116,12 @@ | |
<url-pattern>/*</url-pattern> | |
</filter-mapping> | |
<filter-mapping> | |
+ <filter-name>optionsHeaders</filter-name> | |
+ <url-pattern>/j_security_check</url-pattern> | |
+ <dispatcher>REQUEST</dispatcher> | |
+ <dispatcher>FORWARD</dispatcher> | |
+ </filter-mapping> | |
+ <filter-mapping> | |
<filter-name>securityFilter</filter-name> | |
<url-pattern>/*</url-pattern> | |
<dispatcher>REQUEST</dispatcher> | |
diff --git a/src/main/webapp/login.jsp b/src/main/webapp/login.jsp | |
index a7d106e..416426b 100644 | |
--- a/src/main/webapp/login.jsp | |
+++ b/src/main/webapp/login.jsp | |
@@ -43,10 +43,14 @@ | |
$("#login").live('click', function(e) { | |
e.preventDefault(); | |
- $.ajax({url: getHost() + "${ctx}/api/login.json", | |
+ $.ajax({url: getHost() + "${ctx}/j_security_check", | |
type: "POST", | |
data: $("#loginForm").serialize(), | |
- success: function(data, status) { | |
+ beforeSend: function (xhr) { | |
+ xhr.setRequestHeader("X-Requested-With", "XMLHttpRequest"); | |
+ }, | |
+ success: function(data, status, xhr) { | |
+ //console.log(xhr.getResponseHeader("Set-Cookie")); | |
if (data.loggedIn) { | |
// success | |
dialog.dialog('close'); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment