@Inject @Value( "${spring-security.check.url}" ) final String authUrl,
@Inject @Value( "${spring-security.target.url}" ) final String targetUrl,
@Inject @Value( "${spring-security.failure.url}" ) final String failureUrl,
@Inject @Value( "${spring-security.always.use.target.url}" ) final String alwaysUseTargetUrl ) throws Exception {
UsernamePasswordAuthenticationFilter filter = new UsernamePasswordAuthenticationFilter();
filter.setAuthenticationManager( manager );
filter.setPostOnly(false);
filter.setAuthenticationFailureHandler( new SimpleUrlAuthenticationFailureHandler(failureUrl) );
SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
successHandler.setDefaultTargetUrl(targetUrl);
successHandler.setAlwaysUseDefaultTargetUrl( Boolean.parseBoolean( alwaysUseTargetUrl ) );
filter.setAuthenticationSuccessHandler( successHandler);
filter.setRequiresAuthenticationRequestMatcher(new RequestMatcher() {
// copied from AbstractAuthenticationProcessingFilter
@Override
public boolean matches(HttpServletRequest request) {
String uri = request.getRequestURI();
int pathParamIndex = uri.indexOf(';');
if (pathParamIndex > 0) {
// strip everything after the first semi-colon
uri = uri.substring(0, pathParamIndex);
}
if ("".equals(request.getContextPath())) {
return uri.endsWith(authUrl);
}
return uri.endsWith(request.getContextPath() + authUrl);
}
});
filter.setRememberMeServices( rememberMeServices );
filter.afterPropertiesSet();
return filter;
}