88import org .springframework .security .config .annotation .web .builders .HttpSecurity ;
99import org .springframework .security .config .annotation .web .builders .WebSecurity ;
1010import org .springframework .security .config .annotation .web .configuration .WebSecurityConfigurerAdapter ;
11- import org .springframework .security .web .PortResolver ;
12- import org .springframework .security .web .PortResolverImpl ;
11+ import org .springframework .security .web .authentication .SavedRequestAwareAuthenticationSuccessHandler ;
1312import org .springframework .security .web .csrf .CookieCsrfTokenRepository ;
14- import org .springframework .security .web .savedrequest .DefaultSavedRequest ;
1513import org .springframework .security .web .savedrequest .RequestCache ;
1614import org .springframework .security .web .savedrequest .SavedRequest ;
17- import org .springframework .security .web .util .matcher .AnyRequestMatcher ;
18- import org .springframework .security .web .util .matcher .RequestMatcher ;
19- import org .springframework .util .StringUtils ;
2015
2116import javax .servlet .http .*;
22- import java .text .SimpleDateFormat ;
2317import java .util .*;
2418
2519@ Configuration
2620public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
27- private static final String SAVED_LOGIN_ORIGIN_URI = SecurityConfiguration .class .getName () + "_SAVED_ORIGIN" ;
2821 private final Logger log = LoggerFactory .getLogger (SecurityConfiguration .class );
2922
3023 @ Override
@@ -34,13 +27,20 @@ public void configure(WebSecurity web) throws Exception {
3427
3528 @ Override
3629 protected void configure (HttpSecurity http ) throws Exception {
37- http .oauth2Login ()
38- .and ()
39- .csrf ().csrfTokenRepository (CookieCsrfTokenRepository .withHttpOnlyFalse ())
40- .and ()
41- .requestCache ().requestCache (refererRequestCache ())
42- .and ()
43- .authorizeRequests ()
30+ RequestCache requestCache = refererRequestCache ();
31+ SavedRequestAwareAuthenticationSuccessHandler handler = new SavedRequestAwareAuthenticationSuccessHandler ();
32+ handler .setRequestCache (requestCache );
33+ http
34+ .oauth2Login ()
35+ .successHandler (handler )
36+ .and ()
37+ .csrf ()
38+ .csrfTokenRepository (CookieCsrfTokenRepository .withHttpOnlyFalse ())
39+ .and ()
40+ .requestCache ()
41+ .requestCache (requestCache )
42+ .and ()
43+ .authorizeRequests ()
4444 .antMatchers ("/" , "/api/user" ).permitAll ()
4545 .anyRequest ().authenticated ();/*
4646 .and()
@@ -53,21 +53,13 @@ protected void configure(HttpSecurity http) throws Exception {
5353 @ Profile ("dev" )
5454 public RequestCache refererRequestCache () {
5555 return new RequestCache () {
56- private RequestMatcher requestMatcher = AnyRequestMatcher .INSTANCE ;
57- private PortResolver portResolver = new PortResolverImpl ();
56+ private String savedAttrName = getClass ().getName ().concat (".SAVED" );
5857
5958 @ Override
6059 public void saveRequest (HttpServletRequest request , HttpServletResponse response ) {
61- if (request .getRemoteUser () == null && this .requestMatcher .matches (request )) {
62- String referrer = request .getHeader ("referer" );
63- if (!StringUtils .isEmpty (referrer ) &&
64- request .getSession ().getAttribute (SAVED_LOGIN_ORIGIN_URI ) == null ) {
65- log .info ("Saving login origin URI: {}" , referrer );
66- SavedRequest savedRequest = referrerRequest (referrer );
67- request .getSession ().setAttribute (SAVED_LOGIN_ORIGIN_URI , savedRequest );
68- }
69- } else {
70- log .debug ("Request not saved as configured RequestMatcher did not match" );
60+ String referrer = request .getHeader ("referer" );
61+ if (referrer != null ) {
62+ request .getSession ().setAttribute (this .savedAttrName , referrerRequest (referrer ));
7163 }
7264 }
7365
@@ -76,23 +68,15 @@ public SavedRequest getRequest(HttpServletRequest request, HttpServletResponse r
7668 HttpSession session = request .getSession (false );
7769
7870 if (session != null ) {
79- return (SavedRequest ) session .getAttribute (SAVED_LOGIN_ORIGIN_URI );
71+ return (SavedRequest ) session .getAttribute (this . savedAttrName );
8072 }
8173
8274 return null ;
8375 }
8476
8577 @ Override
8678 public HttpServletRequest getMatchingRequest (HttpServletRequest request , HttpServletResponse response ) {
87- SavedRequest saved = getRequest (request , response );
88-
89- if (saved == null ) {
90- return null ;
91- }
92-
93- removeRequest (request , response );
94-
95- return new SavedRequestAwareWrapper (saved , request );
79+ return request ;
9680 }
9781
9882 @ Override
@@ -101,37 +85,12 @@ public void removeRequest(HttpServletRequest request, HttpServletResponse respon
10185
10286 if (session != null ) {
10387 log .debug ("Removing SavedRequest from session if present" );
104- session .removeAttribute (SAVED_LOGIN_ORIGIN_URI );
88+ session .removeAttribute (this . savedAttrName );
10589 }
10690 }
10791 };
10892 }
10993
110- private static final TimeZone GMT_ZONE = TimeZone .getTimeZone ("GMT" );
111- private SavedRequest savedRequest = null ;
112- /**
113- * The set of SimpleDateFormat formats to use in getDateHeader(). Notice that because
114- * SimpleDateFormat is not thread-safe, we can't declare formats[] as a static
115- * variable.
116- */
117- protected final SimpleDateFormat [] formats = new SimpleDateFormat [3 ];
118-
119- class SavedRequestAwareWrapper extends HttpServletRequestWrapper {
120-
121- SavedRequestAwareWrapper (SavedRequest saved , HttpServletRequest request ){
122- super (request );
123- savedRequest = saved ;
124-
125- formats [0 ] = new SimpleDateFormat ("EEE, dd MMM yyyy HH:mm:ss zzz" , Locale .US );
126- formats [1 ] = new SimpleDateFormat ("EEEEEE, dd-MMM-yy HH:mm:ss zzz" , Locale .US );
127- formats [2 ] = new SimpleDateFormat ("EEE MMMM d HH:mm:ss yyyy" , Locale .US );
128-
129- formats [0 ].setTimeZone (GMT_ZONE );
130- formats [1 ].setTimeZone (GMT_ZONE );
131- formats [2 ].setTimeZone (GMT_ZONE );
132- }
133- }
134-
13594 private SavedRequest referrerRequest (final String referrer ) {
13695 return new SavedRequest () {
13796 @ Override
0 commit comments