001    /* Copyright 2006-2009 the original author or authors.
002     *
003     * Licensed under the Apache License, Version 2.0 (the "License");
004     * you may not use this file except in compliance with the License.
005     * You may obtain a copy of the License at
006     *
007     *      http://www.apache.org/licenses/LICENSE-2.0
008     *
009     * Unless required by applicable law or agreed to in writing, software
010     * distributed under the License is distributed on an "AS IS" BASIS,
011     * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
012     * See the License for the specific language governing permissions and
013     * limitations under the License.
014     */
015    package org.codehaus.groovy.grails.plugins.springsecurity;
016    
017    import javax.servlet.http.HttpServletRequest;
018    import javax.servlet.http.HttpServletResponse;
019    
020    import org.springframework.security.AuthenticationException;
021    import org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint;
022    
023    /**
024     * {@link AuthenticationProcessingFilterEntryPoint} with Ajax login form option if
025     * Method Access is denied returns <code>null</code>.
026     *
027     * @author T.Yamamoto
028     * @author <a href='mailto:beckwithb@studentsonly.com'>Burt Beckwith</a>
029     */
030    public class WithAjaxAuthenticationProcessingFilterEntryPoint extends AuthenticationProcessingFilterEntryPoint {
031    
032            /**
033             * Default value for the name of the Ajax header.
034             */
035            public static final String AJAX_HEADER = "X-Requested-With";
036    
037            private String ajaxLoginFormUrl;
038            private String ajaxHeader = AJAX_HEADER;
039    
040            /**
041             * {@inheritDoc}
042             * @see org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint#determineUrlToUseForThisRequest(
043             *      javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse,
044             *      org.springframework.security.AuthenticationException)
045             */
046            @Override
047            protected String determineUrlToUseForThisRequest(
048                            final HttpServletRequest request, final HttpServletResponse response,
049                            final AuthenticationException exception) {
050    
051                    if (request.getHeader(ajaxHeader) != null && ajaxLoginFormUrl != null) {
052                            return ajaxLoginFormUrl;
053                    }
054    
055                    return getLoginFormUrl();
056            }
057    
058            /**
059             * Dependency injection for the Ajax login form url, e.g. '/login/authAjax'.
060             * @param url  the url
061             */
062            public void setAjaxLoginFormUrl(final String url) {
063                    if (url != null && !url.startsWith("/")) {
064                            throw new IllegalArgumentException("ajaxLoginFormUrl must begin with '/'");
065                    }
066                    ajaxLoginFormUrl = url;
067            }
068    
069            /**
070             * Dependency injection for the Ajax header name; defaults to 'X-Requested-With'.
071             * @param header  the header name
072             */
073            public void setAjaxHeader(final String header) {
074                    ajaxHeader = header;
075            }
076    }