Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-25 05:22:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-618: Move copyDetails method into ProviderManager and call it before checking with ConcurrentSessionController.

Browse Source
This commit is contained in:
Luke Taylor 2007-12-07 16:17:59 +00:00
parent 89cde2507d
commit 2b0ee23396
2 changed files with 17 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
core/src/main/java/org/acegisecurity/AbstractAuthenticationManager.java
View File

@ -42,31 +42,13 @@ public abstract class AbstractAuthenticationManager implements AuthenticationMan
public final Authentication authenticate(Authentication authRequest) public final Authentication authenticate(Authentication authRequest)
throws AuthenticationException { throws AuthenticationException {
try { try {
Authentication authResult = doAuthentication(authRequest); return doAuthentication(authRequest);
copyDetails(authRequest, authResult);
return authResult;
} catch (AuthenticationException e) { } catch (AuthenticationException e) {
e.setAuthentication(authRequest); e.setAuthentication(authRequest);
throw e; throw e;
} }
} }
/**
* Copies the authentication details from a source Authentication object to a destination one, provided the
* latter does not already have one set.
*
* @param source source authentication
* @param dest the destination authentication object
*/
private void copyDetails(Authentication source, Authentication dest) {
if ((dest instanceof AbstractAuthenticationToken) && (dest.getDetails() == null)) {
AbstractAuthenticationToken token = (AbstractAuthenticationToken) dest;
token.setDetails(source.getDetails());
}
}
/** /**
* <p>Concrete implementations of this class override this method to provide the authentication service.</p> * <p>Concrete implementations of this class override this method to provide the authentication service.</p>
* <p>The contract for this method is documented in the {@link * <p>The contract for this method is documented in the {@link

16
core/src/main/java/org/acegisecurity/providers/ProviderManager.java
View File

@ -193,6 +193,7 @@ public class ProviderManager extends AbstractAuthenticationManager implements In
try { try {
result = provider.authenticate(authentication); result = provider.authenticate(authentication);
copyDetails(authentication, result);
sessionController.checkAuthenticationAllowed(result); sessionController.checkAuthenticationAllowed(result);
} catch (AuthenticationException ae) { } catch (AuthenticationException ae) {
lastException = ae; lastException = ae;
@ -245,6 +246,21 @@ public class ProviderManager extends AbstractAuthenticationManager implements In
throw lastException; throw lastException;
} }
/**
* Copies the authentication details from a source Authentication object to a destination one, provided the
* latter does not already have one set.
*
* @param source source authentication
* @param dest the destination authentication object
*/
private void copyDetails(Authentication source, Authentication dest) {
if ((dest instanceof AbstractAuthenticationToken) && (dest.getDetails() == null)) {
AbstractAuthenticationToken token = (AbstractAuthenticationToken) dest;
token.setDetails(source.getDetails());
}
}
public List getProviders() { public List getProviders() {
return this.providers; return this.providers;
} }