From 18b816f4f299930f44b3c3939ab33e4a9b39284e Mon Sep 17 00:00:00 2001
From: Julian Horner <julianhorner@web.de>
Date: Wed, 8 Jan 2020 17:01:31 +0100
Subject: [PATCH] Implement dynamic forwarding after the login page
---
.../ms/apig/config/SecurityConfiguration.java | 3 ++
.../rtuni/ms/apig/filter/ForwardFilter.java | 54 +++++++++++++++++++
src/main/resources/templates/login.html | 29 ++++++++--
3 files changed, 83 insertions(+), 3 deletions(-)
create mode 100644 src/main/java/de/rtuni/ms/apig/filter/ForwardFilter.java
diff --git a/src/main/java/de/rtuni/ms/apig/config/SecurityConfiguration.java b/src/main/java/de/rtuni/ms/apig/config/SecurityConfiguration.java
index 789e1c3..bdc50ab 100644
--- a/src/main/java/de/rtuni/ms/apig/config/SecurityConfiguration.java
+++ b/src/main/java/de/rtuni/ms/apig/config/SecurityConfiguration.java
@@ -13,6 +13,7 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import de.rtuni.ms.apig.filter.ForwardFilter;
import de.rtuni.ms.apig.filter.JWTAuthenticationFilter;
/**
@@ -49,6 +50,8 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
// Use stateless sessions.
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
+ // Add filter to set passed cookie.
+ .addFilterBefore(new ForwardFilter(), UsernamePasswordAuthenticationFilter.class)
// Add filter to validate tokens with every request.
.addFilterAfter(new JWTAuthenticationFilter(jwtConfiguration),
UsernamePasswordAuthenticationFilter.class)
diff --git a/src/main/java/de/rtuni/ms/apig/filter/ForwardFilter.java b/src/main/java/de/rtuni/ms/apig/filter/ForwardFilter.java
new file mode 100644
index 0000000..ac2ceaf
--- /dev/null
+++ b/src/main/java/de/rtuni/ms/apig/filter/ForwardFilter.java
@@ -0,0 +1,54 @@
+/*
+ * Copyright 2019 (C) by Julian Horner.
+ * All Rights Reserved.
+ */
+
+package de.rtuni.ms.apig.filter;
+
+import java.io.IOException;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.web.filter.OncePerRequestFilter;
+
+/**
+ * Filter class which sets the last requested path to the response before login or auth.
+ *
+ * @author Julian
+ *
+ */
+public class ForwardFilter extends OncePerRequestFilter {
+ //---------------------------------------------------------------------------------------------
+
+ /** The login path. */
+ private static final String LOGIN_PATH = "/login";
+
+ /** The auth path. */
+ private static final String AUTH_PATH = "/auth";
+
+ //=============================================================================================
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
+ FilterChain filterChain) throws ServletException, IOException {
+ boolean isLoginPath = LOGIN_PATH.equals(request.getServletPath());
+ boolean isAuthPath = AUTH_PATH.equals(request.getServletPath());
+
+ if (!(isLoginPath || isAuthPath)) {
+ Cookie forwardPageCookie = new Cookie("forwardPage", request.getServletPath());
+ // Adds the last requested path to the response before login or auth.
+ response.addCookie(forwardPageCookie);
+ }
+
+ filterChain.doFilter(request, response);
+ }
+
+ //---------------------------------------------------------------------------------------------
+}
diff --git a/src/main/resources/templates/login.html b/src/main/resources/templates/login.html
index b3833c2..16aeb07 100644
--- a/src/main/resources/templates/login.html
+++ b/src/main/resources/templates/login.html
@@ -7,7 +7,7 @@
<body>
<h1>Login</h1>
- <form name="loginForm" action="securedPage/" method="POST">
+ <form name="loginForm" action="/" method="POST">
<input type="hidden" id="access_token" name="access_token" value="">
<fieldset>
@@ -36,7 +36,7 @@
httpRequest.setRequestHeader("Cache-Control", "no-cache");
httpRequest.setRequestHeader("Content-Type", "application/json; charset=UTF-8");
- let params = {};
+ const params = {};
params.username = usernameElem.value;
params.password = passwordElem.value;
@@ -53,7 +53,16 @@
const tokenElem = document.getElementById("access_token");
tokenElem.value = token;
-
+
+ const cookies = document.cookie;
+ let forwardPageCookie = "";
+ cookies.split("; ").forEach((elem) => {
+ if (elem.split("=")[0] === "forwardPage") {
+ forwardPageCookie = elem.split("=")[1];
+ }
+ });
+
+ document.loginForm.action = getCookie("forwardPage");
document.loginForm.submit();
} else if (httpRequest.status === 401) {
alert("Authorization failed, either user or password was incorrect.");
@@ -65,5 +74,19 @@
}
//-------------------------------------------------------------------------------------------
+
+ function getCookie(name) {
+ const cookies = document.cookie;
+ let forwardPageCookie = "";
+ cookies.split("; ").forEach((elem) => {
+ if (elem.split("=")[0] === "name") {
+ forwardPageCookie = elem.split("=")[1];
+ }
+ });
+
+ return forwardPageCookie;
+ }
+
+ //-------------------------------------------------------------------------------------------
</script>
</html>
\ No newline at end of file
--
GitLab