Stirling-PDF/src/main/java/stirling/software/SPDF/config/security/CustomAuthenticationSuccessHandler.java

package stirling.software.SPDF.config.security;

import java.io.IOException;

import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.security.web.savedrequest.SavedRequest;

import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpSession;
import lombok.extern.slf4j.Slf4j;
import stirling.software.SPDF.utils.RequestUriUtils;

@Slf4j
public class CustomAuthenticationSuccessHandler
        extends SavedRequestAwareAuthenticationSuccessHandler {

    private LoginAttemptService loginAttemptService;
    private UserService userService;

    public CustomAuthenticationSuccessHandler(
            LoginAttemptService loginAttemptService, UserService userService) {
        this.loginAttemptService = loginAttemptService;
        this.userService = userService;
    }

    @Override
    public void onAuthenticationSuccess(
            HttpServletRequest request, HttpServletResponse response, Authentication authentication)
            throws ServletException, IOException {

        String userName = request.getParameter("username");
        if (userService.isUserDisabled(userName)) {
            getRedirectStrategy().sendRedirect(request, response, "/logout?userIsDisabled=true");
            return;
        }
        loginAttemptService.loginSucceeded(userName);

        // Get the saved request
        HttpSession session = request.getSession(false);
        SavedRequest savedRequest =
                (session != null)
                        ? (SavedRequest) session.getAttribute("SPRING_SECURITY_SAVED_REQUEST")
                        : null;

        if (savedRequest != null
                && !RequestUriUtils.isStaticResource(
                        request.getContextPath(), savedRequest.getRedirectUrl())) {
            // Redirect to the original destination
            super.onAuthenticationSuccess(request, response, authentication);
        } else {
            // Redirect to the root URL (considering context path)
            getRedirectStrategy().sendRedirect(request, response, "/");
        }

        // super.onAuthenticationSuccess(request, response, authentication);
    }
}
internal API plus brute force security 2023-12-24 17:12:32 +00:00			`package stirling.software.SPDF.config.security;`

			`import java.io.IOException;`

			`import org.springframework.security.core.Authentication;`
			`import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;`
contextPath fixes 2023-12-28 13:50:31 +00:00			`import org.springframework.security.web.savedrequest.SavedRequest;`
internal API plus brute force security 2023-12-24 17:12:32 +00:00
			`import jakarta.servlet.ServletException;`
			`import jakarta.servlet.http.HttpServletRequest;`
			`import jakarta.servlet.http.HttpServletResponse;`
contextPath fixes 2023-12-28 13:50:31 +00:00			`import jakarta.servlet.http.HttpSession;`
Admin panel - Enhanced User Management & Fix: #1630 (#1658) * Prevents SSO login due to faulty verification * add translation & fix show error message * Update settings.yml.template --------- Co-authored-by: Anthony Stirling <77850077+Frooodle@users.noreply.github.com> 2024-08-16 12:57:37 +02:00			`import lombok.extern.slf4j.Slf4j;`
reviews 2023-12-29 20:48:21 +00:00			`import stirling.software.SPDF.utils.RequestUriUtils;`
internal API plus brute force security 2023-12-24 17:12:32 +00:00
Admin panel - Enhanced User Management & Fix: #1630 (#1658) * Prevents SSO login due to faulty verification * add translation & fix show error message * Update settings.yml.template --------- Co-authored-by: Anthony Stirling <77850077+Frooodle@users.noreply.github.com> 2024-08-16 12:57:37 +02:00			`@Slf4j`
internal API plus brute force security 2023-12-24 17:12:32 +00:00			`public class CustomAuthenticationSuccessHandler`
			`extends SavedRequestAwareAuthenticationSuccessHandler {`
extends the functionality of oauth in Stirling PDF 2. 2024-05-18 23:47:05 +02:00
			`private LoginAttemptService loginAttemptService;`
Admin panel - Enhanced User Management & Fix: #1630 (#1658) * Prevents SSO login due to faulty verification * add translation & fix show error message * Update settings.yml.template --------- Co-authored-by: Anthony Stirling <77850077+Frooodle@users.noreply.github.com> 2024-08-16 12:57:37 +02:00			`private UserService userService;`
extends the functionality of oauth in Stirling PDF 2. 2024-05-18 23:47:05 +02:00
Admin panel - Enhanced User Management & Fix: #1630 (#1658) * Prevents SSO login due to faulty verification * add translation & fix show error message * Update settings.yml.template --------- Co-authored-by: Anthony Stirling <77850077+Frooodle@users.noreply.github.com> 2024-08-16 12:57:37 +02:00			`public CustomAuthenticationSuccessHandler(`
			`LoginAttemptService loginAttemptService, UserService userService) {`
extends the functionality of oauth in Stirling PDF 2. 2024-05-18 23:47:05 +02:00			`this.loginAttemptService = loginAttemptService;`
Admin panel - Enhanced User Management & Fix: #1630 (#1658) * Prevents SSO login due to faulty verification * add translation & fix show error message * Update settings.yml.template --------- Co-authored-by: Anthony Stirling <77850077+Frooodle@users.noreply.github.com> 2024-08-16 12:57:37 +02:00			`this.userService = userService;`
extends the functionality of oauth in Stirling PDF 2. 2024-05-18 23:47:05 +02:00			`}`
internal API plus brute force security 2023-12-24 17:12:32 +00:00
			`@Override`
			`public void onAuthenticationSuccess(`
			`HttpServletRequest request, HttpServletResponse response, Authentication authentication)`
			`throws ServletException, IOException {`
extends the functionality of oauth in Stirling PDF 2. 2024-05-18 23:47:05 +02:00
			`String userName = request.getParameter("username");`
Admin panel - Enhanced User Management & Fix: #1630 (#1658) * Prevents SSO login due to faulty verification * add translation & fix show error message * Update settings.yml.template --------- Co-authored-by: Anthony Stirling <77850077+Frooodle@users.noreply.github.com> 2024-08-16 12:57:37 +02:00			`if (userService.isUserDisabled(userName)) {`
			`getRedirectStrategy().sendRedirect(request, response, "/logout?userIsDisabled=true");`
			`return;`
			`}`
extends the functionality of oauth in Stirling PDF 2. 2024-05-18 23:47:05 +02:00			`loginAttemptService.loginSucceeded(userName);`

contextPath fixes 2023-12-28 13:50:31 +00:00			`// Get the saved request`
			`HttpSession session = request.getSession(false);`
			`SavedRequest savedRequest =`
extends the functionality of oauth in Stirling PDF 2. 2024-05-18 23:47:05 +02:00			`(session != null)`
contextPath fixes 2023-12-28 13:50:31 +00:00			`? (SavedRequest) session.getAttribute("SPRING_SECURITY_SAVED_REQUEST")`
			`: null;`
extends the functionality of oauth in Stirling PDF 2. 2024-05-18 23:47:05 +02:00
reviews 2023-12-29 20:48:21 +00:00			`if (savedRequest != null`
Bugfix: missing contextPath (#1434) 2024-06-12 21:36:18 +02:00			`&& !RequestUriUtils.isStaticResource(`
			`request.getContextPath(), savedRequest.getRedirectUrl())) {`
contextPath fixes 2023-12-28 13:50:31 +00:00			`// Redirect to the original destination`
			`super.onAuthenticationSuccess(request, response, authentication);`
			`} else {`
			`// Redirect to the root URL (considering context path)`
			`getRedirectStrategy().sendRedirect(request, response, "/");`
			`}`
reviews 2023-12-29 20:48:21 +00:00
contextPath fixes 2023-12-28 13:50:31 +00:00			`// super.onAuthenticationSuccess(request, response, authentication);`
formatting 2023-12-30 19:11:27 +00:00			`}`
internal API plus brute force security 2023-12-24 17:12:32 +00:00			`}`