[cfid-298] HTML content for access-denied error, instead of the defau…

…lt XML Fixes [#39186207] Change-Id: I61bb21a9a1b2e00676b7d69ae833d26c3898f5c8
cloudfoundry-attic · Nov 9, 2012 · c5e4626 · c5e4626
1 parent d6b9469
commit c5e4626
Show file tree

Hide file tree

Showing 7 changed files with 148 additions and 24 deletions.
diff --git a/dashboard/pom.xml b/dashboard/pom.xml
@@ -188,6 +188,11 @@
             <artifactId>cloudfoundry-identity-common</artifactId>
             <version>${identity.common.version}</version>
         </dependency>
+        <dependency>
+            <groupId>javax.servlet</groupId>
+            <artifactId>jstl</artifactId>
+            <version>1.2</version>
+        </dependency>
         <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>jcl-over-slf4j</artifactId>

diff --git a/...oard/src/main/java/com/cloudfoundry/dashboard/authentication/ForwardingLogoutHandler.java b/...oard/src/main/java/com/cloudfoundry/dashboard/authentication/ForwardingLogoutHandler.java
@@ -0,0 +1,37 @@
+package com.cloudfoundry.dashboard.authentication;
+
+import org.springframework.security.core.Authentication;
+import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
+
+import javax.servlet.RequestDispatcher;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.Collections;
+import java.util.Map;
+
+public class ForwardingLogoutHandler implements LogoutSuccessHandler {
+
+    private String onLogoutPage = "logout.jsp";
+
+    private Map<String, String> logoutPageAttributes = Collections.emptyMap();
+
+    public void setOnLogoutPage(String onLogoutPage) {
+        this.onLogoutPage = onLogoutPage;
+    }
+
+    public void setLogoutPageAttributes(Map<String, String> logoutPageAttributes) {
+        this.logoutPageAttributes = logoutPageAttributes;
+    }
+
+    @Override
+    public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
+        for (String attr : logoutPageAttributes.keySet()) {
+            request.setAttribute(attr, logoutPageAttributes.get(attr));
+        }
+        // forward to configured page
+        RequestDispatcher dispatcher = request.getRequestDispatcher(onLogoutPage);
+        dispatcher.forward(request, response);
+    }
+}
diff --git a/.../src/main/java/com/cloudfoundry/dashboard/authentication/RedirectAccessDeniedHandler.java b/.../src/main/java/com/cloudfoundry/dashboard/authentication/RedirectAccessDeniedHandler.java
@@ -0,0 +1,33 @@
+package com.cloudfoundry.dashboard.authentication;
+
+import org.springframework.beans.factory.InitializingBean;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.web.WebAttributes;
+import org.springframework.security.web.access.AccessDeniedHandler;
+import org.springframework.security.web.access.AccessDeniedHandlerImpl;
+import org.springframework.util.Assert;
+import org.springframework.util.StringUtils;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+public class RedirectAccessDeniedHandler implements AccessDeniedHandler, InitializingBean {
+
+    private String redirectUrl;
+
+    public void setRedirectUrl(String redirectUrl) {
+        this.redirectUrl = redirectUrl;
+    }
+
+    @Override
+    public void afterPropertiesSet() throws Exception {
+        Assert.notNull(redirectUrl, "Please supply a redirect-url");
+    }
+
+    @Override
+    public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException {
+        response.sendRedirect(response.encodeRedirectURL(redirectUrl));
+    }
+}
diff --git a/dashboard/src/main/webapp/WEB-INF/security.xml b/dashboard/src/main/webapp/WEB-INF/security.xml
@@ -16,11 +16,22 @@
     <sec:authentication-manager alias="emptyAuthenticationManager"/>
 
     <!-- Default Oauth2 access denied handler -->
-    <bean id="oauthAccessDeniedHandler"
-          class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler"/>
+    <bean id="oauthAccessDeniedHandler" class="com.cloudfoundry.dashboard.authentication.RedirectAccessDeniedHandler">
+        <property name="redirectUrl" value="logout?access_denied=true" />
+    </bean>
+
+    <!-- use a handler that forwards to a logout success page instead of redirection -->
+    <bean id="logoutSuccessHandler" class="com.cloudfoundry.dashboard.authentication.ForwardingLogoutHandler">
+        <property name="logoutPageAttributes">
+            <map key-type="java.lang.String" value-type="java.lang.String">
+                <entry key="uaaUrl" value="${uaa.url}" />
+            </map>
+        </property>
+    </bean>
 
     <!-- list all unsecured resources/endpoints -->
-    <sec:http pattern="/logout.html" security="none"/>
+    <sec:http pattern="/logout.*" security="none"/>
+    <sec:http pattern="/login_error.jsp" security="none"/>
 
     <!-- make ALL other requests go thru the Oauth security filters -->
     <http pattern="/**" create-session="always" entry-point-ref="oauthAuthenticationEntryPoint"
@@ -33,7 +44,7 @@
         <!-- The filter that validates an Oauth token and loads an Oauth2Authentication object in the SecurityContextHolder -->
         <custom-filter ref="oauth2AuthenticationFilter" before="FILTER_SECURITY_INTERCEPTOR"/>
         <access-denied-handler ref="oauthAccessDeniedHandler"/>
-        <logout logout-url="/logout" logout-success-url="/logout.html"/>
+        <logout success-handler-ref="logoutSuccessHandler" logout-url="/logout"/>
     </http>
 
     <oauth:client id="oauth2RedirectForAccessTokenFilter"/>

diff --git a/dashboard/src/main/webapp/login_error.jsp b/dashboard/src/main/webapp/login_error.jsp
@@ -1,24 +1,30 @@
 <%@ page import="org.springframework.security.web.WebAttributes" %>
+<%@ page import="org.springframework.security.access.AccessDeniedException" %>
 <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
+<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
 
 <html>
+<head><title>Access Denied</title></head>
 <body>
 
-<h1>Sample Error Page</h1>
-
-<p>
-    There was a problem logging you in. Don't panic.
-</p>
 <%
     if (request.getAttribute(WebAttributes.ACCESS_DENIED_403) != null) {
 %>
 <div class="error">
+    <h3>
+        <p>
+            <%= ((AccessDeniedException)request.getAttribute(WebAttributes.ACCESS_DENIED_403)).getMessage() %>
+        </p>
+    </h3>
     <p>
-        <%= request.getAttribute(WebAttributes.ACCESS_DENIED_403) %>
+        Oops! It looks like you don't have the necessary authorizations to access this resource. Click <a href="logout">here</a> to logout of Dashboard.
+        <br />
+        <b>Please contact your system administrator for access permissions before trying again!</b> <br />
     </p>
 </div>
 <%
     }
 %>
+
 </body>
 </html>
diff --git a/dashboard/src/main/webapp/logout.html b/dashboard/src/main/webapp/logout.html
diff --git a/dashboard/src/main/webapp/logout.jsp b/dashboard/src/main/webapp/logout.jsp
@@ -0,0 +1,46 @@
+<%@ page import="org.springframework.security.web.WebAttributes" %>
+<%@ page import="org.springframework.security.access.AccessDeniedException" %>
+<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
+<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
+
+<html>
+<head><title>Dashboard Logout</title></head>
+<body>
+
+<%
+    if (request.getParameter("access_denied") != null && "true".equals(request.getParameter("access_denied").toLowerCase())) {
+%>
+<div class="error">
+    <h3>
+        <p>
+            Access is denied
+        </p>
+    </h3>
+    <p>
+        Oops! It looks like you don't have the necessary authorizations to access this resource.
+        <br />
+        <b>Please contact your system administrator for access permissions before trying again!</b> <br />
+    </p>
+</div>
+<%
+    }
+%>
+
+<div class="logout">
+    <p>
+        You have been logged out of Dashboard.
+        <%
+            if (request.getParameter("slo") == null || "false".equals(request.getParameter("slo").toLowerCase())) {
+                String callbackUrl = request.getRequestURL().append("?slo=true").toString();
+                String sloUrl = request.getAttribute("uaaUrl") != null ? request.getAttribute("uaaUrl") + "/logout.do?redirect=" + response.encodeRedirectURL(callbackUrl) : "logout?slo=true";
+        %>
+        <br />
+        Click <a href="<%= sloUrl %>">here</a> to logout of CloudFoundry too.
+        <%
+            }
+        %>
+    </p>
+</div>
+
+</body>
+</html>