001 /* Copyright 2006-2009 the original author or authors. 002 * 003 * Licensed under the Apache License, Version 2.0 (the "License"); 004 * you may not use this file except in compliance with the License. 005 * You may obtain a copy of the License at 006 * 007 * http://www.apache.org/licenses/LICENSE-2.0 008 * 009 * Unless required by applicable law or agreed to in writing, software 010 * distributed under the License is distributed on an "AS IS" BASIS, 011 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 012 * See the License for the specific language governing permissions and 013 * limitations under the License. 014 */ 015 package org.codehaus.groovy.grails.plugins.springsecurity; 016 017 import javax.servlet.http.HttpServletRequest; 018 import javax.servlet.http.HttpServletResponse; 019 020 import org.springframework.security.AuthenticationException; 021 import org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint; 022 023 /** 024 * {@link AuthenticationProcessingFilterEntryPoint} with Ajax login form option if 025 * Method Access is denied returns <code>null</code>. 026 * 027 * @author T.Yamamoto 028 * @author <a href='mailto:beckwithb@studentsonly.com'>Burt Beckwith</a> 029 */ 030 public class WithAjaxAuthenticationProcessingFilterEntryPoint extends AuthenticationProcessingFilterEntryPoint { 031 032 /** 033 * Default value for the name of the Ajax header. 034 */ 035 public static final String AJAX_HEADER = "X-Requested-With"; 036 037 private String ajaxLoginFormUrl; 038 private String ajaxHeader = AJAX_HEADER; 039 040 /** 041 * {@inheritDoc} 042 * @see org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint#determineUrlToUseForThisRequest( 043 * javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, 044 * org.springframework.security.AuthenticationException) 045 */ 046 @Override 047 protected String determineUrlToUseForThisRequest( 048 final HttpServletRequest request, final HttpServletResponse response, 049 final AuthenticationException exception) { 050 051 if (request.getHeader(ajaxHeader) != null && ajaxLoginFormUrl != null) { 052 return ajaxLoginFormUrl; 053 } 054 055 return getLoginFormUrl(); 056 } 057 058 /** 059 * Dependency injection for the Ajax login form url, e.g. '/login/authAjax'. 060 * @param url the url 061 */ 062 public void setAjaxLoginFormUrl(final String url) { 063 if (url != null && !url.startsWith("/")) { 064 throw new IllegalArgumentException("ajaxLoginFormUrl must begin with '/'"); 065 } 066 ajaxLoginFormUrl = url; 067 } 068 069 /** 070 * Dependency injection for the Ajax header name; defaults to 'X-Requested-With'. 071 * @param header the header name 072 */ 073 public void setAjaxHeader(final String header) { 074 ajaxHeader = header; 075 } 076 }