Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-27 22:32:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

Restructure SwitchUserFilter Logs

Browse Source 
Issue gh-6311
This commit is contained in:
Josh Cummings 2021-10-12 12:56:36 -06:00 committed by Joe Grandja
parent b1588c3d73
commit 21f0ccd088
1 changed files with 18 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilter.java
View File

@ -34,6 +34,7 @@ import org.springframework.context.ApplicationEventPublisherAware;
import org.springframework.context.MessageSource; import org.springframework.context.MessageSource;
import org.springframework.context.MessageSourceAware; import org.springframework.context.MessageSourceAware;
import org.springframework.context.support.MessageSourceAccessor; import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.core.log.LogMessage;
import org.springframework.security.authentication.AccountExpiredException; import org.springframework.security.authentication.AccountExpiredException;
import org.springframework.security.authentication.AccountStatusUserDetailsChecker; import org.springframework.security.authentication.AccountStatusUserDetailsChecker;
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException; import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
@ -46,6 +47,7 @@ import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.SpringSecurityMessageSource; import org.springframework.security.core.SpringSecurityMessageSource;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsChecker; import org.springframework.security.core.userdetails.UserDetailsChecker;
@ -171,8 +173,10 @@ public class SwitchUserFilter extends GenericFilterBean
Authentication targetUser = attemptSwitchUser(request); Authentication targetUser = attemptSwitchUser(request);
// update the current context to the new target user // update the current context to the new target user
SecurityContextHolder.getContext().setAuthentication(targetUser); SecurityContext context = SecurityContextHolder.createEmptyContext();
context.setAuthentication(targetUser);
SecurityContextHolder.setContext(context);
this.logger.debug(LogMessage.format("Set SecurityContextHolder to %s", targetUser));
// redirect to target url // redirect to target url
this.successHandler.onAuthenticationSuccess(request, response, this.successHandler.onAuthenticationSuccess(request, response,
targetUser); targetUser);
@ -189,14 +193,17 @@ public class SwitchUserFilter extends GenericFilterBean
Authentication originalUser = attemptExitUser(request); Authentication originalUser = attemptExitUser(request);
// update the current context back to the original user // update the current context back to the original user
SecurityContextHolder.getContext().setAuthentication(originalUser); SecurityContext context = SecurityContextHolder.createEmptyContext();
context.setAuthentication(originalUser);
SecurityContextHolder.setContext(context);
this.logger.debug(LogMessage.format("Set SecurityContextHolder to %s", originalUser));
// redirect to target url // redirect to target url
this.successHandler.onAuthenticationSuccess(request, response, originalUser); this.successHandler.onAuthenticationSuccess(request, response, originalUser);
return; return;
} }
this.logger.trace(LogMessage.format("Did not attempt to switch user since request did not match [%s] or [%s]",
this.switchUserMatcher, this.exitUserMatcher));
chain.doFilter(request, response); chain.doFilter(request, response);
} }
@ -218,25 +225,13 @@ public class SwitchUserFilter extends GenericFilterBean
UsernamePasswordAuthenticationToken targetUserRequest; UsernamePasswordAuthenticationToken targetUserRequest;
String username = request.getParameter(this.usernameParameter); String username = request.getParameter(this.usernameParameter);
username = (username != null) ? username : "";
if (username == null) { this.logger.debug(LogMessage.format("Attempting to switch to user [%s]", username));
username = "";
}
if (this.logger.isDebugEnabled()) {
this.logger.debug("Attempt to switch to user [" + username + "]");
}
UserDetails targetUser = this.userDetailsService.loadUserByUsername(username); UserDetails targetUser = this.userDetailsService.loadUserByUsername(username);
this.userDetailsChecker.check(targetUser); this.userDetailsChecker.check(targetUser);
// OK, create the switch user token // OK, create the switch user token
targetUserRequest = createSwitchUserToken(request, targetUser); targetUserRequest = createSwitchUserToken(request, targetUser);
if (this.logger.isDebugEnabled()) {
this.logger.debug("Switch User Token [" + targetUserRequest + "]");
}
// publish event // publish event
if (this.eventPublisher != null) { if (this.eventPublisher != null) {
this.eventPublisher.publishEvent(new AuthenticationSwitchUserEvent( this.eventPublisher.publishEvent(new AuthenticationSwitchUserEvent(
@ -273,10 +268,9 @@ public class SwitchUserFilter extends GenericFilterBean
Authentication original = getSourceAuthentication(current); Authentication original = getSourceAuthentication(current);
if (original == null) { if (original == null) {
this.logger.debug("Could not find original user Authentication object!"); this.logger.debug("Failed to find original user");
throw new AuthenticationCredentialsNotFoundException( throw new AuthenticationCredentialsNotFoundException(this.messages
this.messages.getMessage("SwitchUserFilter.noOriginalAuthentication", .getMessage("SwitchUserFilter.noOriginalAuthentication", "Failed to find original user"));
"Could not find original Authentication object"));
} }
// get the source user details // get the source user details
@ -373,8 +367,7 @@ public class SwitchUserFilter extends GenericFilterBean
// check for switch user type of authority // check for switch user type of authority
if (auth instanceof SwitchUserGrantedAuthority) { if (auth instanceof SwitchUserGrantedAuthority) {
original = ((SwitchUserGrantedAuthority) auth).getSource(); original = ((SwitchUserGrantedAuthority) auth).getSource();
this.logger.debug("Found original switch user granted authority [" this.logger.debug(LogMessage.format("Found original switch user granted authority [%s]", original));
+ original + "]");
} }
} }