mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-03-09 06:50:05 +00:00
Make Spring Security filters implement the Ordered interface, for use when post-processing the application context
This commit is contained in:
Luke Taylor
parent
9b8c06e9f6
commit
2b14d2da98
@ -18,12 +18,8 @@ package org.springframework.security.context;
|
||||
import java.io.IOException;
|
||||
import java.lang.reflect.Method;
|
||||
|
||||
import javax.servlet.Filter;
|
||||
import javax.servlet.FilterChain;
|
||||
import javax.servlet.FilterConfig;
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.ServletRequest;
|
||||
import javax.servlet.ServletResponse;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import javax.servlet.http.HttpServletResponseWrapper;
|
||||
@ -34,6 +30,8 @@ import org.apache.commons.logging.LogFactory;
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.util.ReflectionUtils;
|
||||
import org.springframework.security.ui.SpringSecurityFilter;
|
||||
import org.springframework.security.ui.FilterChainOrderUtils;
|
||||
|
||||
/**
|
||||
* Populates the {@link SecurityContextHolder} with information obtained from
|
||||
@ -99,7 +97,7 @@ import org.springframework.util.ReflectionUtils;
|
||||
*
|
||||
* @version $Id$
|
||||
*/
|
||||
public class HttpSessionContextIntegrationFilter implements InitializingBean, Filter {
|
||||
public class HttpSessionContextIntegrationFilter extends SpringSecurityFilter implements InitializingBean {
|
||||
//~ Static fields/initializers =====================================================================================
|
||||
|
||||
protected static final Log logger = LogFactory.getLog(HttpSessionContextIntegrationFilter.class);
|
||||
@ -174,8 +172,8 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi
|
||||
public void afterPropertiesSet() throws Exception {
|
||||
if ((this.context == null) || (!SecurityContext.class.isAssignableFrom(this.context))) {
|
||||
throw new IllegalArgumentException("context must be defined and implement SecurityContext "
|
||||
+ "(typically use org.springframework.security.context.SecurityContextImpl; existing class is " + this.context
|
||||
+ ")");
|
||||
+ "(typically use org.springframework.security.context.SecurityContextImpl; existing class is "
|
||||
+ this.context + ")");
|
||||
}
|
||||
|
||||
if (forceEagerSessionCreation && !allowSessionCreation) {
|
||||
@ -184,14 +182,8 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi
|
||||
}
|
||||
}
|
||||
|
||||
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException,
|
||||
ServletException {
|
||||
|
||||
Assert.isInstanceOf(HttpServletRequest.class, req, "ServletRequest must be an instance of HttpServletRequest");
|
||||
Assert.isInstanceOf(HttpServletResponse.class, res, "ServletResponse must be an instance of HttpServletResponse");
|
||||
|
||||
HttpServletRequest request = (HttpServletRequest) req;
|
||||
HttpServletResponse response = (HttpServletResponse) res;
|
||||
public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
|
||||
throws IOException, ServletException {
|
||||
|
||||
if (request.getAttribute(FILTER_APPLIED) != null) {
|
||||
// ensure that filter is only applied once per request
|
||||
@ -261,7 +253,7 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi
|
||||
// if something in the chain called sendError() or sendRedirect(). This ensures we only call it
|
||||
// once per request.
|
||||
if ( !responseWrapper.isSessionUpdateDone() ) {
|
||||
storeSecurityContextInSession(contextAfterChainExecution, request,
|
||||
storeSecurityContextInSession(contextAfterChainExecution, request,
|
||||
httpSessionExistedAtStartOfRequest, contextHashBeforeChainExecution);
|
||||
}
|
||||
|
||||
@ -425,21 +417,6 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Does nothing. We use IoC container lifecycle services instead.
|
||||
*
|
||||
* @param filterConfig ignored
|
||||
* @throws ServletException ignored
|
||||
*/
|
||||
public void init(FilterConfig filterConfig) throws ServletException {
|
||||
}
|
||||
|
||||
/**
|
||||
* Does nothing. We use IoC container lifecycle services instead.
|
||||
*/
|
||||
public void destroy() {
|
||||
}
|
||||
|
||||
public boolean isAllowSessionCreation() {
|
||||
return allowSessionCreation;
|
||||
}
|
||||
@ -464,6 +441,9 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi
|
||||
this.forceEagerSessionCreation = forceEagerSessionCreation;
|
||||
}
|
||||
|
||||
public int getOrder() {
|
||||
return FilterChainOrderUtils.HTTP_SESSION_CONTEXT_FILTER_ORDER;
|
||||
}
|
||||
|
||||
//~ Inner Classes ==================================================================================================
|
||||
|
||||
|
||||
@ -18,6 +18,8 @@ package org.springframework.security.intercept.web;
|
||||
import org.springframework.security.intercept.AbstractSecurityInterceptor;
|
||||
import org.springframework.security.intercept.InterceptorStatusToken;
|
||||
import org.springframework.security.intercept.ObjectDefinitionSource;
|
||||
import org.springframework.security.ui.FilterChainOrderUtils;
|
||||
import org.springframework.core.Ordered;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
@ -33,12 +35,12 @@ import javax.servlet.ServletResponse;
|
||||
* Performs security handling of HTTP resources via a filter implementation.<p>The
|
||||
* <code>ObjectDefinitionSource</code> required by this security interceptor is of type {@link
|
||||
* FilterInvocationDefinitionSource}.</p>
|
||||
* <P>Refer to {@link AbstractSecurityInterceptor} for details on the workflow.</p>
|
||||
* <p>Refer to {@link AbstractSecurityInterceptor} for details on the workflow.</p>
|
||||
*
|
||||
* @author Ben Alex
|
||||
* @version $Id$
|
||||
*/
|
||||
public class FilterSecurityInterceptor extends AbstractSecurityInterceptor implements Filter {
|
||||
public class FilterSecurityInterceptor extends AbstractSecurityInterceptor implements Filter, Ordered {
|
||||
//~ Static fields/initializers =====================================================================================
|
||||
|
||||
private static final String FILTER_APPLIED = "__spring_security_filterSecurityInterceptor_filterApplied";
|
||||
@ -50,6 +52,15 @@ public class FilterSecurityInterceptor extends AbstractSecurityInterceptor imple
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
/**
|
||||
* Not used (we rely on IoC container lifecycle services instead)
|
||||
*
|
||||
* @param arg0 ignored
|
||||
*
|
||||
* @throws ServletException never thrown
|
||||
*/
|
||||
public void init(FilterConfig arg0) throws ServletException {}
|
||||
|
||||
/**
|
||||
* Not used (we rely on IoC container lifecycle services instead)
|
||||
*/
|
||||
@ -80,15 +91,6 @@ public class FilterSecurityInterceptor extends AbstractSecurityInterceptor imple
|
||||
return FilterInvocation.class;
|
||||
}
|
||||
|
||||
/**
|
||||
* Not used (we rely on IoC container lifecycle services instead)
|
||||
*
|
||||
* @param arg0 ignored
|
||||
*
|
||||
* @throws ServletException never thrown
|
||||
*/
|
||||
public void init(FilterConfig arg0) throws ServletException {}
|
||||
|
||||
public void invoke(FilterInvocation fi) throws IOException, ServletException {
|
||||
if ((fi.getRequest() != null) && (fi.getRequest().getAttribute(FILTER_APPLIED) != null)
|
||||
&& observeOncePerRequest) {
|
||||
@ -136,4 +138,8 @@ public class FilterSecurityInterceptor extends AbstractSecurityInterceptor imple
|
||||
public void setObserveOncePerRequest(boolean observeOncePerRequest) {
|
||||
this.observeOncePerRequest = observeOncePerRequest;
|
||||
}
|
||||
|
||||
public int getOrder() {
|
||||
return FilterChainOrderUtils.FILTER_SECURITY_INTERCEPTOR_ORDER;
|
||||
}
|
||||
}
|
||||
|
||||
@ -50,12 +50,8 @@ import java.util.HashMap;
|
||||
import java.util.Iterator;
|
||||
import java.util.Map;
|
||||
|
||||
import javax.servlet.Filter;
|
||||
import javax.servlet.FilterChain;
|
||||
import javax.servlet.FilterConfig;
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.ServletRequest;
|
||||
import javax.servlet.ServletResponse;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import javax.servlet.http.HttpSession;
|
||||
@ -139,8 +135,8 @@ import javax.servlet.http.HttpSession;
|
||||
* @version $Id: AbstractProcessingFilter.java 1909 2007-06-19 04:08:19Z
|
||||
* vishalpuri $
|
||||
*/
|
||||
public abstract class AbstractProcessingFilter implements Filter, InitializingBean, ApplicationEventPublisherAware,
|
||||
MessageSourceAware {
|
||||
public abstract class AbstractProcessingFilter extends SpringSecurityFilter implements InitializingBean,
|
||||
ApplicationEventPublisherAware, MessageSourceAware {
|
||||
//~ Static fields/initializers =====================================================================================
|
||||
|
||||
public static final String SPRING_SECURITY_SAVED_REQUEST_KEY = "SPRING_SECURITY_SAVED_REQUEST_KEY";
|
||||
@ -239,26 +235,10 @@ public abstract class AbstractProcessingFilter implements Filter, InitializingBe
|
||||
*/
|
||||
public abstract Authentication attemptAuthentication(HttpServletRequest request) throws AuthenticationException;
|
||||
|
||||
/**
|
||||
* Does nothing. We use IoC container lifecycle services instead.
|
||||
*/
|
||||
public void destroy() {
|
||||
}
|
||||
|
||||
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
|
||||
public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException,
|
||||
ServletException {
|
||||
if (!(request instanceof HttpServletRequest)) {
|
||||
throw new ServletException("Can only process HttpServletRequest");
|
||||
}
|
||||
|
||||
if (!(response instanceof HttpServletResponse)) {
|
||||
throw new ServletException("Can only process HttpServletResponse");
|
||||
}
|
||||
|
||||
HttpServletRequest httpRequest = (HttpServletRequest) request;
|
||||
HttpServletResponse httpResponse = (HttpServletResponse) response;
|
||||
|
||||
if (requiresAuthentication(httpRequest, httpResponse)) {
|
||||
if (requiresAuthentication(request, response)) {
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Request is to process authentication");
|
||||
}
|
||||
@ -266,12 +246,12 @@ public abstract class AbstractProcessingFilter implements Filter, InitializingBe
|
||||
Authentication authResult;
|
||||
|
||||
try {
|
||||
onPreAuthentication(httpRequest, httpResponse);
|
||||
authResult = attemptAuthentication(httpRequest);
|
||||
onPreAuthentication(request, response);
|
||||
authResult = attemptAuthentication(request);
|
||||
}
|
||||
catch (AuthenticationException failed) {
|
||||
// Authentication failed
|
||||
unsuccessfulAuthentication(httpRequest, httpResponse, failed);
|
||||
unsuccessfulAuthentication(request, response, failed);
|
||||
|
||||
return;
|
||||
}
|
||||
@ -281,7 +261,7 @@ public abstract class AbstractProcessingFilter implements Filter, InitializingBe
|
||||
chain.doFilter(request, response);
|
||||
}
|
||||
|
||||
successfulAuthentication(httpRequest, httpResponse, authResult);
|
||||
successfulAuthentication(request, response, authResult);
|
||||
|
||||
return;
|
||||
}
|
||||
@ -330,16 +310,6 @@ public abstract class AbstractProcessingFilter implements Filter, InitializingBe
|
||||
return rememberMeServices;
|
||||
}
|
||||
|
||||
/**
|
||||
* Does nothing. We use IoC container lifecycle services instead.
|
||||
*
|
||||
* @param arg0 ignored
|
||||
*
|
||||
* @throws ServletException ignored
|
||||
*/
|
||||
public void init(FilterConfig arg0) throws ServletException {
|
||||
}
|
||||
|
||||
public boolean isAlwaysUseDefaultTargetUrl() {
|
||||
return alwaysUseDefaultTargetUrl;
|
||||
}
|
||||
|
||||
@ -21,11 +21,8 @@ import org.springframework.security.AuthenticationException;
|
||||
import org.springframework.security.AuthenticationTrustResolver;
|
||||
import org.springframework.security.AuthenticationTrustResolverImpl;
|
||||
import org.springframework.security.InsufficientAuthenticationException;
|
||||
|
||||
import org.springframework.security.context.SecurityContextHolder;
|
||||
|
||||
import org.springframework.security.ui.savedrequest.SavedRequest;
|
||||
|
||||
import org.springframework.security.util.PortResolver;
|
||||
import org.springframework.security.util.PortResolverImpl;
|
||||
|
||||
@ -38,9 +35,7 @@ import org.springframework.util.Assert;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import javax.servlet.Filter;
|
||||
import javax.servlet.FilterChain;
|
||||
import javax.servlet.FilterConfig;
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.ServletRequest;
|
||||
import javax.servlet.ServletResponse;
|
||||
@ -85,7 +80,7 @@ import javax.servlet.http.HttpServletResponse;
|
||||
* @author colin sampaleanu
|
||||
* @version $Id$
|
||||
*/
|
||||
public class ExceptionTranslationFilter implements Filter, InitializingBean {
|
||||
public class ExceptionTranslationFilter extends SpringSecurityFilter implements InitializingBean {
|
||||
|
||||
//~ Static fields/initializers =====================================================================================
|
||||
|
||||
@ -107,15 +102,8 @@ public class ExceptionTranslationFilter implements Filter, InitializingBean {
|
||||
Assert.notNull(authenticationTrustResolver, "authenticationTrustResolver must be specified");
|
||||
}
|
||||
|
||||
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
|
||||
public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException,
|
||||
ServletException {
|
||||
if (!(request instanceof HttpServletRequest)) {
|
||||
throw new ServletException("HttpServletRequest required");
|
||||
}
|
||||
|
||||
if (!(response instanceof HttpServletResponse)) {
|
||||
throw new ServletException("HttpServletResponse required");
|
||||
}
|
||||
|
||||
try {
|
||||
chain.doFilter(request, response);
|
||||
@ -223,7 +211,7 @@ public class ExceptionTranslationFilter implements Filter, InitializingBean {
|
||||
// existing Authentication is no longer considered valid
|
||||
SecurityContextHolder.getContext().setAuthentication(null);
|
||||
|
||||
authenticationEntryPoint.commence(httpRequest, (HttpServletResponse) response, reason);
|
||||
authenticationEntryPoint.commence(httpRequest, response, reason);
|
||||
}
|
||||
|
||||
public void setAccessDeniedHandler(AccessDeniedHandler accessDeniedHandler) {
|
||||
@ -247,9 +235,7 @@ public class ExceptionTranslationFilter implements Filter, InitializingBean {
|
||||
this.portResolver = portResolver;
|
||||
}
|
||||
|
||||
public void init(FilterConfig filterConfig) throws ServletException {
|
||||
}
|
||||
|
||||
public void destroy() {
|
||||
public int getOrder() {
|
||||
return FilterChainOrderUtils.EXCEPTION_TRANSLATION_FILTER_ORDER;
|
||||
}
|
||||
}
|
||||
|
||||
@ -17,12 +17,8 @@ package org.springframework.security.ui.basicauth;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import javax.servlet.Filter;
|
||||
import javax.servlet.FilterChain;
|
||||
import javax.servlet.FilterConfig;
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.ServletRequest;
|
||||
import javax.servlet.ServletResponse;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
@ -34,6 +30,8 @@ import org.springframework.security.providers.UsernamePasswordAuthenticationToke
|
||||
import org.springframework.security.ui.AuthenticationDetailsSource;
|
||||
import org.springframework.security.ui.AuthenticationDetailsSourceImpl;
|
||||
import org.springframework.security.ui.AuthenticationEntryPoint;
|
||||
import org.springframework.security.ui.SpringSecurityFilter;
|
||||
import org.springframework.security.ui.FilterChainOrderUtils;
|
||||
import org.springframework.security.ui.rememberme.RememberMeServices;
|
||||
import org.apache.commons.codec.binary.Base64;
|
||||
import org.apache.commons.logging.Log;
|
||||
@ -72,7 +70,7 @@ import org.springframework.util.Assert;
|
||||
* @author Ben Alex
|
||||
* @version $Id$
|
||||
*/
|
||||
public class BasicProcessingFilter implements Filter, InitializingBean {
|
||||
public class BasicProcessingFilter extends SpringSecurityFilter implements InitializingBean {
|
||||
//~ Static fields/initializers =====================================================================================
|
||||
|
||||
private static final Log logger = LogFactory.getLog(BasicProcessingFilter.class);
|
||||
@ -92,22 +90,9 @@ public class BasicProcessingFilter implements Filter, InitializingBean {
|
||||
Assert.notNull(this.authenticationEntryPoint, "An AuthenticationEntryPoint is required");
|
||||
}
|
||||
|
||||
public void destroy() {}
|
||||
|
||||
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
|
||||
public void doFilterHttp(HttpServletRequest httpRequest, HttpServletResponse httpResponse, FilterChain chain)
|
||||
throws IOException, ServletException {
|
||||
|
||||
if (!(request instanceof HttpServletRequest)) {
|
||||
throw new ServletException("Can only process HttpServletRequest");
|
||||
}
|
||||
|
||||
if (!(response instanceof HttpServletResponse)) {
|
||||
throw new ServletException("Can only process HttpServletResponse");
|
||||
}
|
||||
|
||||
HttpServletRequest httpRequest = (HttpServletRequest) request;
|
||||
HttpServletResponse httpResponse = (HttpServletResponse) response;
|
||||
|
||||
String header = httpRequest.getHeader("Authorization");
|
||||
|
||||
if (logger.isDebugEnabled()) {
|
||||
@ -130,7 +115,7 @@ public class BasicProcessingFilter implements Filter, InitializingBean {
|
||||
if (authenticationIsRequired(username)) {
|
||||
UsernamePasswordAuthenticationToken authRequest =
|
||||
new UsernamePasswordAuthenticationToken(username, password);
|
||||
authRequest.setDetails(authenticationDetailsSource.buildDetails((HttpServletRequest) request));
|
||||
authRequest.setDetails(authenticationDetailsSource.buildDetails(httpRequest));
|
||||
|
||||
Authentication authResult;
|
||||
|
||||
@ -149,9 +134,9 @@ public class BasicProcessingFilter implements Filter, InitializingBean {
|
||||
}
|
||||
|
||||
if (ignoreFailure) {
|
||||
chain.doFilter(request, response);
|
||||
chain.doFilter(httpRequest, httpResponse);
|
||||
} else {
|
||||
authenticationEntryPoint.commence(request, response, failed);
|
||||
authenticationEntryPoint.commence(httpRequest, httpResponse, failed);
|
||||
}
|
||||
|
||||
return;
|
||||
@ -170,7 +155,7 @@ public class BasicProcessingFilter implements Filter, InitializingBean {
|
||||
}
|
||||
}
|
||||
|
||||
chain.doFilter(request, response);
|
||||
chain.doFilter(httpRequest, httpResponse);
|
||||
}
|
||||
|
||||
private boolean authenticationIsRequired(String username) {
|
||||
@ -200,8 +185,6 @@ public class BasicProcessingFilter implements Filter, InitializingBean {
|
||||
return authenticationManager;
|
||||
}
|
||||
|
||||
public void init(FilterConfig arg0) throws ServletException {}
|
||||
|
||||
public boolean isIgnoreFailure() {
|
||||
return ignoreFailure;
|
||||
}
|
||||
@ -227,4 +210,7 @@ public class BasicProcessingFilter implements Filter, InitializingBean {
|
||||
this.rememberMeServices = rememberMeServices;
|
||||
}
|
||||
|
||||
public int getOrder() {
|
||||
return FilterChainOrderUtils.BASIC_PROCESSING_FILTER_ORDER;
|
||||
}
|
||||
}
|
||||
|
||||
@ -21,6 +21,7 @@ import org.springframework.security.AuthenticationException;
|
||||
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
|
||||
|
||||
import org.springframework.security.ui.AbstractProcessingFilter;
|
||||
import org.springframework.security.ui.FilterChainOrderUtils;
|
||||
|
||||
import javax.servlet.FilterConfig;
|
||||
import javax.servlet.ServletException;
|
||||
@ -71,7 +72,7 @@ public class CasProcessingFilter extends AbstractProcessingFilter {
|
||||
|
||||
UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);
|
||||
|
||||
authRequest.setDetails(authenticationDetailsSource.buildDetails((HttpServletRequest) request));
|
||||
authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
|
||||
|
||||
return this.getAuthenticationManager().authenticate(authRequest);
|
||||
}
|
||||
@ -85,5 +86,7 @@ public class CasProcessingFilter extends AbstractProcessingFilter {
|
||||
return "/j_spring_cas_security_check";
|
||||
}
|
||||
|
||||
public void init(FilterConfig filterConfig) throws ServletException {}
|
||||
public int getOrder() {
|
||||
return FilterChainOrderUtils.CAS_PROCESSING_FILTER_ORDER;
|
||||
}
|
||||
}
|
||||
|
||||
@ -27,6 +27,8 @@ import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.springframework.security.Authentication;
|
||||
import org.springframework.security.ui.SpringSecurityFilter;
|
||||
import org.springframework.security.ui.FilterChainOrderUtils;
|
||||
import org.springframework.security.util.RedirectUtils;
|
||||
import org.springframework.security.context.SecurityContextHolder;
|
||||
import org.apache.commons.logging.Log;
|
||||
@ -51,7 +53,7 @@ import org.springframework.util.Assert;
|
||||
* @author Ben Alex
|
||||
* @version $Id$
|
||||
*/
|
||||
public class LogoutFilter implements Filter {
|
||||
public class LogoutFilter extends SpringSecurityFilter {
|
||||
//~ Static fields/initializers =====================================================================================
|
||||
|
||||
private static final Log logger = LogFactory.getLog(LogoutFilter.class);
|
||||
@ -74,26 +76,10 @@ public class LogoutFilter implements Filter {
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
/**
|
||||
* Not used. Use IoC container lifecycle methods instead.
|
||||
*/
|
||||
public void destroy() {
|
||||
}
|
||||
|
||||
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
|
||||
public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException,
|
||||
ServletException {
|
||||
if (!(request instanceof HttpServletRequest)) {
|
||||
throw new ServletException("Can only process HttpServletRequest");
|
||||
}
|
||||
|
||||
if (!(response instanceof HttpServletResponse)) {
|
||||
throw new ServletException("Can only process HttpServletResponse");
|
||||
}
|
||||
|
||||
HttpServletRequest httpRequest = (HttpServletRequest) request;
|
||||
HttpServletResponse httpResponse = (HttpServletResponse) response;
|
||||
|
||||
if (requiresLogout(httpRequest, httpResponse)) {
|
||||
if (requiresLogout(request, response)) {
|
||||
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
|
||||
|
||||
if (logger.isDebugEnabled()) {
|
||||
@ -101,10 +87,10 @@ public class LogoutFilter implements Filter {
|
||||
}
|
||||
|
||||
for (int i = 0; i < handlers.length; i++) {
|
||||
handlers[i].logout(httpRequest, httpResponse, auth);
|
||||
handlers[i].logout(request, response, auth);
|
||||
}
|
||||
|
||||
sendRedirect(httpRequest, httpResponse, logoutSuccessUrl);
|
||||
sendRedirect(request, response, logoutSuccessUrl);
|
||||
|
||||
return;
|
||||
}
|
||||
@ -112,16 +98,6 @@ public class LogoutFilter implements Filter {
|
||||
chain.doFilter(request, response);
|
||||
}
|
||||
|
||||
/**
|
||||
* Not used. Use IoC container lifecycle methods instead.
|
||||
*
|
||||
* @param arg0 ignored
|
||||
*
|
||||
* @throws ServletException ignored
|
||||
*/
|
||||
public void init(FilterConfig arg0) throws ServletException {
|
||||
}
|
||||
|
||||
/**
|
||||
* Allow subclasses to modify when a logout should take place.
|
||||
*
|
||||
@ -180,4 +156,8 @@ public class LogoutFilter implements Filter {
|
||||
public void setUseRelativeContext(boolean useRelativeContext) {
|
||||
this.useRelativeContext = useRelativeContext;
|
||||
}
|
||||
|
||||
public int getOrder() {
|
||||
return FilterChainOrderUtils.LOGOUT_FILTER_ORDER;
|
||||
}
|
||||
}
|
||||
|
||||
@ -21,10 +21,9 @@ import org.springframework.security.AuthenticationException;
|
||||
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
|
||||
|
||||
import org.springframework.security.ui.AbstractProcessingFilter;
|
||||
import org.springframework.security.ui.FilterChainOrderUtils;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
import javax.servlet.FilterConfig;
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
|
||||
@ -90,8 +89,6 @@ public class AuthenticationProcessingFilter extends AbstractProcessingFilter {
|
||||
return "/j_spring_security_check";
|
||||
}
|
||||
|
||||
public void init(FilterConfig filterConfig) throws ServletException {}
|
||||
|
||||
/**
|
||||
* Enables subclasses to override the composition of the password, such as by including additional values
|
||||
* and a separator.<p>This might be used for example if a postcode/zipcode was required in addition to the
|
||||
@ -150,4 +147,16 @@ public class AuthenticationProcessingFilter extends AbstractProcessingFilter {
|
||||
Assert.hasText(passwordParameter, "Password parameter must not be empty or null");
|
||||
this.passwordParameter = passwordParameter;
|
||||
}
|
||||
|
||||
public int getOrder() {
|
||||
return FilterChainOrderUtils.AUTH_PROCESSING_FILTER_ORDER;
|
||||
}
|
||||
|
||||
String getUsernameParameter() {
|
||||
return usernameParameter;
|
||||
}
|
||||
|
||||
String getPasswordParameter() {
|
||||
return passwordParameter;
|
||||
}
|
||||
}
|
||||
|
||||
@ -480,6 +480,10 @@ public class AbstractProcessingFilterTests extends TestCase {
|
||||
public boolean requiresAuthentication(HttpServletRequest request, HttpServletResponse response) {
|
||||
return super.requiresAuthentication(request, response);
|
||||
}
|
||||
|
||||
public int getOrder() {
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
private class MockFilterChain implements FilterChain {
|
||||
|
||||
@ -46,8 +46,7 @@ import javax.servlet.ServletResponse;
|
||||
* benalex $
|
||||
*/
|
||||
public class ExceptionTranslationFilterTests extends TestCase {
|
||||
// ~ Constructors
|
||||
// ===================================================================================================
|
||||
//~ Constructors ===================================================================================================
|
||||
|
||||
public ExceptionTranslationFilterTests() {
|
||||
super();
|
||||
@ -57,16 +56,8 @@ public class ExceptionTranslationFilterTests extends TestCase {
|
||||
super(arg0);
|
||||
}
|
||||
|
||||
// ~ Methods
|
||||
// ========================================================================================================
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
public static void main(String[] args) {
|
||||
junit.textui.TestRunner.run(ExceptionTranslationFilterTests.class);
|
||||
}
|
||||
|
||||
public final void setUp() throws Exception {
|
||||
super.setUp();
|
||||
}
|
||||
|
||||
protected void tearDown() throws Exception {
|
||||
super.tearDown();
|
||||
@ -139,7 +130,7 @@ public class ExceptionTranslationFilterTests extends TestCase {
|
||||
fail("Should have thrown ServletException");
|
||||
}
|
||||
catch (ServletException expected) {
|
||||
assertEquals("HttpServletRequest required", expected.getMessage());
|
||||
assertEquals("Can only process HttpServletRequest", expected.getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
@ -152,7 +143,7 @@ public class ExceptionTranslationFilterTests extends TestCase {
|
||||
fail("Should have thrown ServletException");
|
||||
}
|
||||
catch (ServletException expected) {
|
||||
assertEquals("HttpServletResponse required", expected.getMessage());
|
||||
assertEquals("Can only process HttpServletResponse", expected.getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user