SEC-271: implemented Orderd interface in all the entrypoints
This commit is contained in:
parent
8b1cc05518
commit
001dc0b1d9
|
@ -15,12 +15,6 @@
|
|||
|
||||
package org.acegisecurity.ui.basicauth;
|
||||
|
||||
import org.acegisecurity.AuthenticationException;
|
||||
|
||||
import org.acegisecurity.ui.AuthenticationEntryPoint;
|
||||
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import javax.servlet.ServletException;
|
||||
|
@ -28,6 +22,11 @@ import javax.servlet.ServletRequest;
|
|||
import javax.servlet.ServletResponse;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.acegisecurity.AuthenticationException;
|
||||
import org.acegisecurity.ui.AuthenticationEntryPoint;
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
import org.springframework.core.Ordered;
|
||||
|
||||
|
||||
/**
|
||||
* Used by the <code>SecurityEnforcementFilter</code> to commence authentication via the {@link
|
||||
|
@ -39,14 +38,23 @@ import javax.servlet.http.HttpServletResponse;
|
|||
* @author Ben Alex
|
||||
* @version $Id$
|
||||
*/
|
||||
public class BasicProcessingFilterEntryPoint implements AuthenticationEntryPoint, InitializingBean {
|
||||
public class BasicProcessingFilterEntryPoint implements AuthenticationEntryPoint, InitializingBean, Ordered {
|
||||
//~ Instance fields ================================================================================================
|
||||
|
||||
private String realmName;
|
||||
private int order = Integer.MAX_VALUE; // ~ default
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
public void afterPropertiesSet() throws Exception {
|
||||
public int getOrder() {
|
||||
return order;
|
||||
}
|
||||
|
||||
public void setOrder(int order) {
|
||||
this.order = order;
|
||||
}
|
||||
|
||||
public void afterPropertiesSet() throws Exception {
|
||||
if ((realmName == null) || "".equals(realmName)) {
|
||||
throw new IllegalArgumentException("realmName must be specified");
|
||||
}
|
||||
|
|
|
@ -15,16 +15,7 @@
|
|||
|
||||
package org.acegisecurity.ui.cas;
|
||||
|
||||
import org.acegisecurity.AuthenticationException;
|
||||
|
||||
import org.acegisecurity.ui.AuthenticationEntryPoint;
|
||||
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import java.net.URLEncoder;
|
||||
|
||||
import javax.servlet.ServletException;
|
||||
|
@ -33,6 +24,12 @@ import javax.servlet.ServletResponse;
|
|||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.acegisecurity.AuthenticationException;
|
||||
import org.acegisecurity.ui.AuthenticationEntryPoint;
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
import org.springframework.core.Ordered;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
|
||||
/**
|
||||
* Used by the <code>SecurityEnforcementFilter</code> to commence authentication via the JA-SIG Central
|
||||
|
@ -45,15 +42,24 @@ import javax.servlet.http.HttpServletResponse;
|
|||
* @author Ben Alex
|
||||
* @version $Id$
|
||||
*/
|
||||
public class CasProcessingFilterEntryPoint implements AuthenticationEntryPoint, InitializingBean {
|
||||
public class CasProcessingFilterEntryPoint implements AuthenticationEntryPoint, InitializingBean, Ordered{
|
||||
//~ Instance fields ================================================================================================
|
||||
|
||||
private ServiceProperties serviceProperties;
|
||||
private String loginUrl;
|
||||
private int order = Integer.MAX_VALUE; // ~ default
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
public void afterPropertiesSet() throws Exception {
|
||||
public int getOrder() {
|
||||
return order;
|
||||
}
|
||||
|
||||
public void setOrder(int order) {
|
||||
this.order = order;
|
||||
}
|
||||
|
||||
public void afterPropertiesSet() throws Exception {
|
||||
Assert.hasLength(this.loginUrl, "loginUrl must be specified");
|
||||
Assert.notNull(this.serviceProperties, "serviceProperties must be specified");
|
||||
}
|
||||
|
|
|
@ -15,17 +15,6 @@
|
|||
|
||||
package org.acegisecurity.ui.digestauth;
|
||||
|
||||
import org.acegisecurity.AuthenticationException;
|
||||
|
||||
import org.acegisecurity.ui.AuthenticationEntryPoint;
|
||||
|
||||
import org.apache.commons.codec.binary.Base64;
|
||||
import org.apache.commons.codec.digest.DigestUtils;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import javax.servlet.ServletException;
|
||||
|
@ -33,6 +22,15 @@ import javax.servlet.ServletRequest;
|
|||
import javax.servlet.ServletResponse;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.acegisecurity.AuthenticationException;
|
||||
import org.acegisecurity.ui.AuthenticationEntryPoint;
|
||||
import org.apache.commons.codec.binary.Base64;
|
||||
import org.apache.commons.codec.digest.DigestUtils;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
import org.springframework.core.Ordered;
|
||||
|
||||
|
||||
/**
|
||||
* Used by the <code>SecurityEnforcementFilter</code> to commence authentication via the {@link
|
||||
|
@ -45,7 +43,7 @@ import javax.servlet.http.HttpServletResponse;
|
|||
* @author Ben Alex
|
||||
* @version $Id$
|
||||
*/
|
||||
public class DigestProcessingFilterEntryPoint implements AuthenticationEntryPoint, InitializingBean {
|
||||
public class DigestProcessingFilterEntryPoint implements AuthenticationEntryPoint, InitializingBean, Ordered {
|
||||
//~ Static fields/initializers =====================================================================================
|
||||
|
||||
private static final Log logger = LogFactory.getLog(DigestProcessingFilterEntryPoint.class);
|
||||
|
@ -55,10 +53,19 @@ public class DigestProcessingFilterEntryPoint implements AuthenticationEntryPoin
|
|||
private String key;
|
||||
private String realmName;
|
||||
private int nonceValiditySeconds = 300;
|
||||
private int order = Integer.MAX_VALUE; // ~ default
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
public void afterPropertiesSet() throws Exception {
|
||||
public int getOrder() {
|
||||
return order;
|
||||
}
|
||||
|
||||
public void setOrder(int order) {
|
||||
this.order = order;
|
||||
}
|
||||
|
||||
public void afterPropertiesSet() throws Exception {
|
||||
if ((realmName == null) || "".equals(realmName)) {
|
||||
throw new IllegalArgumentException("realmName must be specified");
|
||||
}
|
||||
|
|
|
@ -28,6 +28,7 @@ import org.apache.commons.logging.Log;
|
|||
import org.apache.commons.logging.LogFactory;
|
||||
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
import org.springframework.core.Ordered;
|
||||
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
|
@ -56,7 +57,7 @@ import javax.servlet.http.HttpServletResponse;
|
|||
* @author Omri Spector
|
||||
* @version $Id$
|
||||
*/
|
||||
public class AuthenticationProcessingFilterEntryPoint implements AuthenticationEntryPoint, InitializingBean {
|
||||
public class AuthenticationProcessingFilterEntryPoint implements AuthenticationEntryPoint, InitializingBean, Ordered {
|
||||
//~ Static fields/initializers =====================================================================================
|
||||
|
||||
private static final Log logger = LogFactory.getLog(AuthenticationProcessingFilterEntryPoint.class);
|
||||
|
@ -68,10 +69,11 @@ public class AuthenticationProcessingFilterEntryPoint implements AuthenticationE
|
|||
private String loginFormUrl;
|
||||
private boolean forceHttps = false;
|
||||
private boolean serverSideRedirect = false;
|
||||
private int order = Integer.MAX_VALUE; // ~ default
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
public void afterPropertiesSet() throws Exception {
|
||||
public void afterPropertiesSet() throws Exception {
|
||||
Assert.hasLength(loginFormUrl, "loginFormUrl must be specified");
|
||||
Assert.notNull(portMapper, "portMapper must be specified");
|
||||
Assert.notNull(portResolver, "portResolver must be specified");
|
||||
|
@ -222,4 +224,13 @@ public class AuthenticationProcessingFilterEntryPoint implements AuthenticationE
|
|||
this.serverSideRedirect = serverSideRedirect;
|
||||
}
|
||||
|
||||
|
||||
public int getOrder() {
|
||||
return order;
|
||||
}
|
||||
|
||||
public void setOrder(int order) {
|
||||
this.order = order;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -15,13 +15,6 @@
|
|||
|
||||
package org.acegisecurity.ui.x509;
|
||||
|
||||
import org.acegisecurity.AuthenticationException;
|
||||
|
||||
import org.acegisecurity.ui.AuthenticationEntryPoint;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import javax.servlet.ServletException;
|
||||
|
@ -29,45 +22,70 @@ import javax.servlet.ServletRequest;
|
|||
import javax.servlet.ServletResponse;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.acegisecurity.AuthenticationException;
|
||||
import org.acegisecurity.ui.AuthenticationEntryPoint;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.springframework.core.Ordered;
|
||||
|
||||
/**
|
||||
* In the X.509 authentication case (unlike CAS, for example) the certificate will already have been extracted from
|
||||
* the request and a secure context established by the time the security-enforcement filter is invoked.<p>Therefore
|
||||
* this class isn't actually responsible for the commencement of authentication, as it is in the case of other
|
||||
* providers. It will be called if the certificate was rejected by Acegi's X509AuthenticationProvider, resulting in a
|
||||
* null authentication.</p>
|
||||
* The <code>commence</code> method will always return an <code>HttpServletResponse.SC_FORBIDDEN</code> (403
|
||||
* error).
|
||||
* In the X.509 authentication case (unlike CAS, for example) the certificate
|
||||
* will already have been extracted from the request and a secure context
|
||||
* established by the time the security-enforcement filter is invoked.
|
||||
* <p>
|
||||
* Therefore this class isn't actually responsible for the commencement of
|
||||
* authentication, as it is in the case of other providers. It will be called if
|
||||
* the certificate was rejected by Acegi's X509AuthenticationProvider, resulting
|
||||
* in a null authentication.
|
||||
* </p>
|
||||
* The <code>commence</code> method will always return an
|
||||
* <code>HttpServletResponse.SC_FORBIDDEN</code> (403 error).
|
||||
*
|
||||
* @author Luke Taylor
|
||||
* @version $Id$
|
||||
* @version $Id: X509ProcessingFilterEntryPoint.java 1496 2006-05-23 13:38:33Z
|
||||
* benalex $
|
||||
*
|
||||
* @see org.acegisecurity.ui.ExceptionTranslationFilter
|
||||
*/
|
||||
public class X509ProcessingFilterEntryPoint implements AuthenticationEntryPoint {
|
||||
//~ Static fields/initializers =====================================================================================
|
||||
public class X509ProcessingFilterEntryPoint implements AuthenticationEntryPoint, Ordered {
|
||||
// ~ Static fields/initializers
|
||||
// =====================================================================================
|
||||
|
||||
private static final Log logger = LogFactory.getLog(X509ProcessingFilterEntryPoint.class);
|
||||
private static final Log logger = LogFactory.getLog(X509ProcessingFilterEntryPoint.class);
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
// ~ instance fields
|
||||
// =====================================================================================
|
||||
|
||||
/**
|
||||
* Returns a 403 error code to the client.
|
||||
*
|
||||
* @param request DOCUMENT ME!
|
||||
* @param response DOCUMENT ME!
|
||||
* @param authException DOCUMENT ME!
|
||||
*
|
||||
* @throws IOException DOCUMENT ME!
|
||||
* @throws ServletException DOCUMENT ME!
|
||||
*/
|
||||
public void commence(ServletRequest request, ServletResponse response, AuthenticationException authException)
|
||||
throws IOException, ServletException {
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("X509 entry point called. Rejecting access");
|
||||
}
|
||||
private int order = Integer.MAX_VALUE; // ~ default
|
||||
|
||||
HttpServletResponse httpResponse = (HttpServletResponse) response;
|
||||
httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN, "Access Denied");
|
||||
}
|
||||
// ~ Methods
|
||||
// ========================================================================================================
|
||||
|
||||
public int getOrder() {
|
||||
return order;
|
||||
}
|
||||
|
||||
public void setOrder(int order) {
|
||||
this.order = order;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a 403 error code to the client.
|
||||
*
|
||||
* @param request DOCUMENT ME!
|
||||
* @param response DOCUMENT ME!
|
||||
* @param authException DOCUMENT ME!
|
||||
*
|
||||
* @throws IOException DOCUMENT ME!
|
||||
* @throws ServletException DOCUMENT ME!
|
||||
*/
|
||||
public void commence(ServletRequest request, ServletResponse response, AuthenticationException authException)
|
||||
throws IOException, ServletException {
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("X509 entry point called. Rejecting access");
|
||||
}
|
||||
|
||||
HttpServletResponse httpResponse = (HttpServletResponse) response;
|
||||
httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN, "Access Denied");
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue