Skip to content

Commit 08ae0f8

Browse files
mraiblemraible
committed
Improve redirect to use custom request cache
1 parent a1b4d40 commit 08ae0f8

6 files changed

Lines changed: 113 additions & 172 deletions

File tree

src/main/java/com/okta/developer/jugtours/config/OAuth2AuthenticationSuccessHandler.java

Lines changed: 0 additions & 68 deletions
This file was deleted.

src/main/java/com/okta/developer/jugtours/config/OAuth2Configuration.java

Lines changed: 0 additions & 98 deletions
This file was deleted.

src/main/java/com/okta/developer/jugtours/config/SecurityConfiguration.java

Lines changed: 110 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,15 +1,32 @@
11
package com.okta.developer.jugtours.config;
22

3+
import org.slf4j.Logger;
4+
import org.slf4j.LoggerFactory;
35
import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso;
6+
import org.springframework.context.annotation.Bean;
47
import org.springframework.context.annotation.Configuration;
8+
import org.springframework.context.annotation.Profile;
59
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
610
import org.springframework.security.config.annotation.web.builders.WebSecurity;
711
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
12+
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
813
import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
14+
import org.springframework.security.web.savedrequest.RequestCache;
15+
import org.springframework.security.web.savedrequest.SavedRequest;
16+
17+
import javax.servlet.http.Cookie;
18+
import javax.servlet.http.HttpServletRequest;
19+
import javax.servlet.http.HttpServletResponse;
20+
import javax.servlet.http.HttpSession;
21+
import java.util.Collection;
22+
import java.util.List;
23+
import java.util.Locale;
24+
import java.util.Map;
925

1026
@Configuration
1127
@EnableOAuth2Sso
1228
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
29+
private final Logger log = LoggerFactory.getLogger(SecurityConfiguration.class);
1330

1431
@Override
1532
public void configure(WebSecurity web) throws Exception {
@@ -18,15 +35,108 @@ public void configure(WebSecurity web) throws Exception {
1835

1936
@Override
2037
protected void configure(HttpSecurity http) throws Exception {
38+
RequestCache requestCache = refererRequestCache();
39+
SavedRequestAwareAuthenticationSuccessHandler handler = new SavedRequestAwareAuthenticationSuccessHandler();
40+
handler.setRequestCache(requestCache);
2141
http
2242
.csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
43+
.and()
44+
.oauth2Login()
45+
.successHandler(handler)
2346
.and()
2447
.authorizeRequests()
48+
.antMatchers("/**/*.{js,html,css}").permitAll()
2549
.antMatchers("/", "/api/user").permitAll()
2650
.anyRequest().authenticated();/*
2751
.and()
2852
.requiresChannel()
2953
.requestMatchers(r -> r.getHeader("x-forwarded-proto") != null)
3054
.requiresSecure();*/
3155
}
56+
57+
@Bean
58+
@Profile("dev")
59+
public RequestCache refererRequestCache() {
60+
return new RequestCache() {
61+
private String savedAttrName = getClass().getName().concat(".SAVED");
62+
63+
@Override
64+
public void saveRequest(HttpServletRequest request, HttpServletResponse response) {
65+
String referrer = request.getHeader("referer");
66+
if (referrer != null) {
67+
request.getSession().setAttribute(this.savedAttrName, referrerRequest(referrer));
68+
}
69+
}
70+
71+
@Override
72+
public SavedRequest getRequest(HttpServletRequest request, HttpServletResponse response) {
73+
HttpSession session = request.getSession(false);
74+
75+
if (session != null) {
76+
return (SavedRequest) session.getAttribute(this.savedAttrName);
77+
}
78+
79+
return null;
80+
}
81+
82+
@Override
83+
public HttpServletRequest getMatchingRequest(HttpServletRequest request, HttpServletResponse response) {
84+
return request;
85+
}
86+
87+
@Override
88+
public void removeRequest(HttpServletRequest request, HttpServletResponse response) {
89+
HttpSession session = request.getSession(false);
90+
91+
if (session != null) {
92+
log.debug("Removing SavedRequest from session if present");
93+
session.removeAttribute(this.savedAttrName);
94+
}
95+
}
96+
};
97+
}
98+
99+
private SavedRequest referrerRequest(final String referrer) {
100+
return new SavedRequest() {
101+
@Override
102+
public String getRedirectUrl() {
103+
return referrer;
104+
}
105+
106+
@Override
107+
public List<Cookie> getCookies() {
108+
return null;
109+
}
110+
111+
@Override
112+
public String getMethod() {
113+
return null;
114+
}
115+
116+
@Override
117+
public List<String> getHeaderValues(String name) {
118+
return null;
119+
}
120+
121+
@Override
122+
public Collection<String> getHeaderNames() {
123+
return null;
124+
}
125+
126+
@Override
127+
public List<Locale> getLocales() {
128+
return null;
129+
}
130+
131+
@Override
132+
public String[] getParameterValues(String name) {
133+
return new String[0];
134+
}
135+
136+
@Override
137+
public Map<String, String[]> getParameterMap() {
138+
return null;
139+
}
140+
};
141+
}
32142
}

src/main/java/com/okta/developer/jugtours/model/GroupEventHandler.java

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,8 @@ public class GroupEventHandler {
1818
public void handleBeforeSave(Group group) {
1919
Map<String, Object> details = (Map<String, Object>) SecurityContextHolder.getContext()
2020
.getAuthentication().getDetails();
21-
User user = new User(null, details.get("name").toString(), details.get("email").toString());
21+
User user = new User(details.get("sub").toString(),
22+
details.get("name").toString(), details.get("email").toString());
2223
log.info("Creating group: {} with user: {}", group.getName());
2324
group.setUser(user);
2425
}

src/main/java/com/okta/developer/jugtours/model/User.java

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,6 @@
55
import lombok.NoArgsConstructor;
66

77
import javax.persistence.Entity;
8-
import javax.persistence.GeneratedValue;
98
import javax.persistence.Id;
109

1110
@Data
@@ -15,8 +14,7 @@
1514
public class User {
1615

1716
@Id
18-
@GeneratedValue
19-
private Long id;
17+
private String id;
2018
private String name;
2119
private String email;
2220
}

src/main/java/com/okta/developer/jugtours/web/UserController.java

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,5 @@
11
package com.okta.developer.jugtours.web;
22

3-
import org.apache.tomcat.util.net.openssl.ciphers.Authentication;
43
import org.springframework.beans.factory.annotation.Value;
54
import org.springframework.boot.autoconfigure.security.oauth2.resource.UserInfoRestTemplateFactory;
65
import org.springframework.http.HttpStatus;
@@ -12,7 +11,6 @@
1211
import org.springframework.web.bind.annotation.RestController;
1312

1413
import javax.servlet.http.HttpServletRequest;
15-
import javax.xml.ws.Response;
1614
import java.security.Principal;
1715
import java.util.HashMap;
1816
import java.util.Map;

0 commit comments

Comments
 (0)