All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.springframework.security.web.server.ui.LoginPageGeneratingWebFilter Maven / Gradle / Ivy

There is a newer version: 6.2.4
Show newest version
/*
 * Copyright 2002-2017 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.springframework.security.web.server.ui;

import org.springframework.core.io.buffer.DataBuffer;
import org.springframework.core.io.buffer.DataBufferFactory;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.server.reactive.ServerHttpResponse;
import org.springframework.security.web.server.csrf.CsrfToken;
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers;
import org.springframework.util.MultiValueMap;
import org.springframework.web.server.ServerWebExchange;
import org.springframework.web.server.WebFilter;
import org.springframework.web.server.WebFilterChain;
import reactor.core.publisher.Mono;

import java.nio.charset.Charset;

/**
 * Generates a default log in page used for authenticating users.
 *
 * @author Rob Winch
 * @since 5.0
 */
public class LoginPageGeneratingWebFilter implements WebFilter {
	private ServerWebExchangeMatcher matcher = ServerWebExchangeMatchers
		.pathMatchers(HttpMethod.GET, "/login");

	@Override
	public Mono filter(ServerWebExchange exchange, WebFilterChain chain) {
		return this.matcher.matches(exchange)
			.filter(ServerWebExchangeMatcher.MatchResult::isMatch)
			.switchIfEmpty(chain.filter(exchange).then(Mono.empty()))
			.flatMap(matchResult -> render(exchange));
	}

	private Mono render(ServerWebExchange exchange) {
		ServerHttpResponse result = exchange.getResponse();
		result.setStatusCode(HttpStatus.OK);
		result.getHeaders().setContentType(MediaType.TEXT_HTML);
		return result.writeWith(createBuffer(exchange));
	}

	private Mono createBuffer(ServerWebExchange exchange) {
		MultiValueMap queryParams = exchange.getRequest()
			.getQueryParams();
		Mono token = exchange.getAttributeOrDefault(CsrfToken.class.getName(), Mono.empty());
		return token
			.map(LoginPageGeneratingWebFilter::csrfToken)
			.defaultIfEmpty("")
			.map(csrfTokenHtmlInput -> {
				boolean isError = queryParams.containsKey("error");
				boolean isLogoutSuccess = queryParams.containsKey("logout");
				byte[] bytes = createPage(isError, isLogoutSuccess, csrfTokenHtmlInput);
				DataBufferFactory bufferFactory = exchange.getResponse().bufferFactory();
				return bufferFactory.wrap(bytes);
			});
	}

	private static byte[] createPage(boolean isError, boolean isLogoutSuccess, String csrfTokenHtmlInput) {
		String page =  "\n"
			+ "\n"
			+ "  \n"
			+ "    \n"
			+ "    \n"
			+ "    \n"
			+ "    \n"
			+ "    Please sign in\n"
			+ "    \n"
			+ "    \n"
			+ "  \n"
			+ "  \n"
			+ "     
\n" + "
\n" + " \n" + createError(isError) + createLogoutSuccess(isLogoutSuccess) + "

\n" + " \n" + " \n" + "

\n" + "

\n" + " \n" + " \n" + "

\n" + csrfTokenHtmlInput + " \n" + "
\n" + "
\n" + " \n" + ""; return page.getBytes(Charset.defaultCharset()); } private static String csrfToken(CsrfToken token) { return " \n"; } private static String createError(boolean isError) { return isError ? "
Invalid credentials
" : ""; } private static String createLogoutSuccess(boolean isLogoutSuccess) { return isLogoutSuccess ? "
You have been signed out
" : ""; } }




© 2015 - 2024 Weber Informatics LLC | Privacy Policy