Issue #160: Provide Async Error Handling

Added Toast notification for unexpected errors On 401 and 403 Errors, user is redirected to login
2016-12-01 19:28:28 +01:00
parent e5ed24fcf7
commit feb38eef8c
8 changed files with 160 additions and 4 deletions
--- a/webgoat-container/src/main/java/org/owasp/webgoat/AjaxAuthenticationEntryPoint.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/AjaxAuthenticationEntryPoint.java
@ -0,0 +1,58 @@
+/**
+ * *************************************************************************************************
+ * <p>
+ * <p>
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ * <p>
+ * Copyright (c) 2002 - 20014 Bruce Mayhew
+ * <p>
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ * <p>
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ * <p>
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ * <p>
+ * Getting Source ==============
+ * <p>
+ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository
+ * for free software projects.
+ */
+
+package org.owasp.webgoat;
+
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+/**
+ * <p>LabelService class.</p>
+ *
+ * @author zupzup
+ */
+
+public class AjaxAuthenticationEntryPoint extends LoginUrlAuthenticationEntryPoint {
+    public AjaxAuthenticationEntryPoint(String loginFormUrl) {
+        super(loginFormUrl);
+    }
+
+    public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException {
+        if(request.getHeader("x-requested-with") != null) {
+            response.sendError(401, authException.getMessage());
+        } else {
+            super.commence(request, response, authException);
+        }
+    }
+}