Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

[cfid-298] HTML content for access-denied error, instead of the defau…

…lt XML

Fixes [#39186207]

Change-Id: I61bb21a9a1b2e00676b7d69ae833d26c3898f5c8
  • Loading branch information...
commit c5e4626dbc1c7fef1d1d7772a5a25e1b4a9c0064 1 parent d6b9469
@vedyval vedyval authored
View
5 dashboard/pom.xml
@@ -189,6 +189,11 @@
<version>${identity.common.version}</version>
</dependency>
<dependency>
+ <groupId>javax.servlet</groupId>
+ <artifactId>jstl</artifactId>
+ <version>1.2</version>
+ </dependency>
+ <dependency>
<groupId>org.slf4j</groupId>
<artifactId>jcl-over-slf4j</artifactId>
<version>${slf4j.version}</version>
View
37 ...oard/src/main/java/com/cloudfoundry/dashboard/authentication/ForwardingLogoutHandler.java
@@ -0,0 +1,37 @@
+package com.cloudfoundry.dashboard.authentication;
+
+import org.springframework.security.core.Authentication;
+import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
+
+import javax.servlet.RequestDispatcher;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.Collections;
+import java.util.Map;
+
+public class ForwardingLogoutHandler implements LogoutSuccessHandler {
+
+ private String onLogoutPage = "logout.jsp";
+
+ private Map<String, String> logoutPageAttributes = Collections.emptyMap();
+
+ public void setOnLogoutPage(String onLogoutPage) {
+ this.onLogoutPage = onLogoutPage;
+ }
+
+ public void setLogoutPageAttributes(Map<String, String> logoutPageAttributes) {
+ this.logoutPageAttributes = logoutPageAttributes;
+ }
+
+ @Override
+ public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
+ for (String attr : logoutPageAttributes.keySet()) {
+ request.setAttribute(attr, logoutPageAttributes.get(attr));
+ }
+ // forward to configured page
+ RequestDispatcher dispatcher = request.getRequestDispatcher(onLogoutPage);
+ dispatcher.forward(request, response);
+ }
+}
View
33 .../src/main/java/com/cloudfoundry/dashboard/authentication/RedirectAccessDeniedHandler.java
@@ -0,0 +1,33 @@
+package com.cloudfoundry.dashboard.authentication;
+
+import org.springframework.beans.factory.InitializingBean;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.web.WebAttributes;
+import org.springframework.security.web.access.AccessDeniedHandler;
+import org.springframework.security.web.access.AccessDeniedHandlerImpl;
+import org.springframework.util.Assert;
+import org.springframework.util.StringUtils;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+public class RedirectAccessDeniedHandler implements AccessDeniedHandler, InitializingBean {
+
+ private String redirectUrl;
+
+ public void setRedirectUrl(String redirectUrl) {
+ this.redirectUrl = redirectUrl;
+ }
+
+ @Override
+ public void afterPropertiesSet() throws Exception {
+ Assert.notNull(redirectUrl, "Please supply a redirect-url");
+ }
+
+ @Override
+ public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException {
+ response.sendRedirect(response.encodeRedirectURL(redirectUrl));
+ }
+}
View
19 dashboard/src/main/webapp/WEB-INF/security.xml
@@ -16,11 +16,22 @@
<sec:authentication-manager alias="emptyAuthenticationManager"/>
<!-- Default Oauth2 access denied handler -->
- <bean id="oauthAccessDeniedHandler"
- class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler"/>
+ <bean id="oauthAccessDeniedHandler" class="com.cloudfoundry.dashboard.authentication.RedirectAccessDeniedHandler">
+ <property name="redirectUrl" value="logout?access_denied=true" />
+ </bean>
+
+ <!-- use a handler that forwards to a logout success page instead of redirection -->
+ <bean id="logoutSuccessHandler" class="com.cloudfoundry.dashboard.authentication.ForwardingLogoutHandler">
+ <property name="logoutPageAttributes">
+ <map key-type="java.lang.String" value-type="java.lang.String">
+ <entry key="uaaUrl" value="${uaa.url}" />
+ </map>
+ </property>
+ </bean>
<!-- list all unsecured resources/endpoints -->
- <sec:http pattern="/logout.html" security="none"/>
+ <sec:http pattern="/logout.*" security="none"/>
+ <sec:http pattern="/login_error.jsp" security="none"/>
<!-- make ALL other requests go thru the Oauth security filters -->
<http pattern="/**" create-session="always" entry-point-ref="oauthAuthenticationEntryPoint"
@@ -33,7 +44,7 @@
<!-- The filter that validates an Oauth token and loads an Oauth2Authentication object in the SecurityContextHolder -->
<custom-filter ref="oauth2AuthenticationFilter" before="FILTER_SECURITY_INTERCEPTOR"/>
<access-denied-handler ref="oauthAccessDeniedHandler"/>
- <logout logout-url="/logout" logout-success-url="/logout.html"/>
+ <logout success-handler-ref="logoutSuccessHandler" logout-url="/logout"/>
</http>
<oauth:client id="oauth2RedirectForAccessTokenFilter"/>
View
18 dashboard/src/main/webapp/login_error.jsp
@@ -1,24 +1,30 @@
<%@ page import="org.springframework.security.web.WebAttributes" %>
+<%@ page import="org.springframework.security.access.AccessDeniedException" %>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
+<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
<html>
+<head><title>Access Denied</title></head>
<body>
-<h1>Sample Error Page</h1>
-
-<p>
- There was a problem logging you in. Don't panic.
-</p>
<%
if (request.getAttribute(WebAttributes.ACCESS_DENIED_403) != null) {
%>
<div class="error">
+ <h3>
+ <p>
+ <%= ((AccessDeniedException)request.getAttribute(WebAttributes.ACCESS_DENIED_403)).getMessage() %>
+ </p>
+ </h3>
<p>
- <%= request.getAttribute(WebAttributes.ACCESS_DENIED_403) %>
+ Oops! It looks like you don't have the necessary authorizations to access this resource. Click <a href="logout">here</a> to logout of Dashboard.
+ <br />
+ <b>Please contact your system administrator for access permissions before trying again!</b> <br />
</p>
</div>
<%
}
%>
+
</body>
</html>
View
14 dashboard/src/main/webapp/logout.html
@@ -1,14 +0,0 @@
-<!--
- ~ Copyright (c) 2011 VMware, Inc.
- -->
-
-<!doctype html>
-<html>
-<head>
- <meta http-equiv="content-type" content="text/html; charset=UTF-8">
- <title>Dashboard Logout</title>
-</head>
-<body>
-You are successfully logged out! Good-bye!
-</body>
-</html>
View
46 dashboard/src/main/webapp/logout.jsp
@@ -0,0 +1,46 @@
+<%@ page import="org.springframework.security.web.WebAttributes" %>
+<%@ page import="org.springframework.security.access.AccessDeniedException" %>
+<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
+<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
+
+<html>
+<head><title>Dashboard Logout</title></head>
+<body>
+
+<%
+ if (request.getParameter("access_denied") != null && "true".equals(request.getParameter("access_denied").toLowerCase())) {
+%>
+<div class="error">
+ <h3>
+ <p>
+ Access is denied
+ </p>
+ </h3>
+ <p>
+ Oops! It looks like you don't have the necessary authorizations to access this resource.
+ <br />
+ <b>Please contact your system administrator for access permissions before trying again!</b> <br />
+ </p>
+</div>
+<%
+ }
+%>
+
+<div class="logout">
+ <p>
+ You have been logged out of Dashboard.
+ <%
+ if (request.getParameter("slo") == null || "false".equals(request.getParameter("slo").toLowerCase())) {
+ String callbackUrl = request.getRequestURL().append("?slo=true").toString();
+ String sloUrl = request.getAttribute("uaaUrl") != null ? request.getAttribute("uaaUrl") + "/logout.do?redirect=" + response.encodeRedirectURL(callbackUrl) : "logout?slo=true";
+ %>
+ <br />
+ Click <a href="<%= sloUrl %>">here</a> to logout of CloudFoundry too.
+ <%
+ }
+ %>
+ </p>
+</div>
+
+</body>
+</html>
Please sign in to comment.
Something went wrong with that request. Please try again.