send the user back to where he came from after a successful authentication.

git-svn-id: https://hudson.dev.java.net/svn/hudson/trunk/hudson/main@6335 71c3de6d-444a-0410-be80-ed276b4c234a

send the user back to where he came from after a successful authentication.
git-svn-id: https://hudson.dev.java.net/svn/hudson/trunk/hudson/main@6335 71c3de6d-444a-0410-be80-ed276b4c234a
5602be27 · kohsuke · 1f039e83 · 5602be27 · 5602be27 · 5602be27
6 changed file
--- a/core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java
+++ b/core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java
+package hudson.security;
+
+import org.acegisecurity.ui.webapp.AuthenticationProcessingFilter;
+
+import javax.servlet.http.HttpServletRequest;
+
+/**
+ * {@link AuthenticationProcessingFilter} with a change for Hudson so that
+ * we can pick up the hidden "from" form field defined in <tt>login.jelly</tt>
+ * to send the user back to where he came from, after a successful authentication.
+ * 
+ * @author Kohsuke Kawaguchi
+ */
+public class AuthenticationProcessingFilter2 extends AuthenticationProcessingFilter {
+    @Override
+    protected String determineTargetUrl(HttpServletRequest request) {
+        String targetUrl = request.getParameter("from");
+
+        if (targetUrl == null) {
+            targetUrl = getDefaultTargetUrl();
+        }
+
+        return targetUrl;
+    }
+
+}
--- a/core/src/main/java/hudson/security/LegacySecurityRealm.java
+++ b/core/src/main/java/hudson/security/LegacySecurityRealm.java
@@ -32,6 +32,11 @@ public final class LegacySecurityRealm extends SecurityRealm implements Authenti
        return "j_security_check";
    }

+    @Override
+    public String getLoginUrl() {
+        return "loginEntry";
+    }
+
    public Descriptor<SecurityRealm> getDescriptor() {
        return DESCRIPTOR;
    }

--- a/core/src/main/java/hudson/security/SecurityRealm.java
+++ b/core/src/main/java/hudson/security/SecurityRealm.java
@@ -61,6 +61,17 @@ public abstract class SecurityRealm implements Describable<SecurityRealm>, Exten
        return "j_acegi_security_check";
    }

+    /**
+     * Gets the target URL of the "login" link.
+     * There's no need to override this, except for {@link LegacySecurityRealm}.
+     * On legacy implementation this should point to "longinEntry", which
+     * is protected by <tt>web.xml</tt>, so that the user can be eventually authenticated
+     * by the container.
+     */
+    public String getLoginUrl() {
+        return "login";
+    }
+
    /**
     * Returns true if this {@link SecurityRealm} allows online sign-up.
     * This creates a hyperlink that redirects users to <tt>CONTEXT_ROOT/signUp</tt>,

--- a/core/src/main/resources/hudson/model/Hudson/login.jelly
+++ b/core/src/main/resources/hudson/model/Hudson/login.jelly
@@ -15,7 +15,7 @@
              <td><input type="password" name="j_password" /></td>
            </tr>
          </table>
-          <input type="hidden" name="target" value="${request.getParameter('from')}" />
+          <input type="hidden" name="from" value="${request.getParameter('from')}" />
          <f:submit value="login" />
          <script>
            $('j_username').focus();

--- a/core/src/main/resources/lib/layout/layout.jelly
+++ b/core/src/main/resources/lib/layout/layout.jelly
@@ -102,7 +102,7 @@
                    <a style="color:white" href="${rootURL}/logout"><b>logout</b></a>
                  </j:when>
                  <j:otherwise>
-                    <a style="color:white" href="${rootURL}/loginEntry?from=${request.requestURI}"><b>login</b></a>
+                    <a style="color:white" href="${rootURL}/${app.securityRealm.loginUrl}?from=${request.requestURI}"><b>login</b></a>
                  </j:otherwise>
                </j:choose>
              </j:if>

--- a/war/resources/WEB-INF/security/SecurityFilters.groovy
+++ b/war/resources/WEB-INF/security/SecurityFilters.groovy
@@ -7,12 +7,12 @@ import org.acegisecurity.providers.anonymous.AnonymousProcessingFilter
 import org.acegisecurity.ui.ExceptionTranslationFilter
 import org.acegisecurity.ui.basicauth.BasicProcessingFilter
 import org.acegisecurity.ui.basicauth.BasicProcessingFilterEntryPoint
-import org.acegisecurity.ui.webapp.AuthenticationProcessingFilter
 import org.acegisecurity.context.HttpSessionContextIntegrationFilter
 import org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint
 import hudson.security.ChainedServletFilter
 import hudson.security.AccessDeniedHandlerImpl
 import hudson.security.BasicAuthenticationFilter
+import hudson.security.AuthenticationProcessingFilter2

 // providers that apply to both patterns
 def commonProviders(redirectUrl) {
@@ -46,7 +46,7 @@ filter(ChainedServletFilter) {
                realmName = "Hudson"
            }
        },
-        bean(AuthenticationProcessingFilter) {
+        bean(AuthenticationProcessingFilter2) {
            authenticationManager = authenticationManager
            authenticationFailureUrl = "/loginError"
            defaultTargetUrl = "/"