mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-07-11 21:03:31 +00:00
BasicAuthenticationProcessingFilter no longer creates HttpSession via WebAuthenticationDetails call.
This commit is contained in:
Ben Alex
parent
c64a3770de
commit
35ca25f085
@ -12,7 +12,6 @@
|
|||||||
* See the License for the specific language governing permissions and
|
* See the License for the specific language governing permissions and
|
||||||
* limitations under the License.
|
* limitations under the License.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
package net.sf.acegisecurity.ui;
|
package net.sf.acegisecurity.ui;
|
||||||
|
|
||||||
import java.io.Serializable;
|
import java.io.Serializable;
|
||||||
@ -27,13 +26,9 @@ import javax.servlet.http.HttpServletRequest;
|
|||||||
* @version $Id$
|
* @version $Id$
|
||||||
*/
|
*/
|
||||||
public class WebAuthenticationDetails implements Serializable {
|
public class WebAuthenticationDetails implements Serializable {
|
||||||
//~ Instance fields ========================================================
|
|
||||||
|
|
||||||
private String remoteAddress;
|
private String remoteAddress;
|
||||||
private String sessionId;
|
private String sessionId;
|
||||||
|
|
||||||
//~ Constructors ===========================================================
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Constructor.
|
* Constructor.
|
||||||
*
|
*
|
||||||
@ -48,7 +43,14 @@ public class WebAuthenticationDetails implements Serializable {
|
|||||||
*/
|
*/
|
||||||
public WebAuthenticationDetails(HttpServletRequest request) {
|
public WebAuthenticationDetails(HttpServletRequest request) {
|
||||||
this.remoteAddress = request.getRemoteAddr();
|
this.remoteAddress = request.getRemoteAddr();
|
||||||
this.sessionId = request.getSession().getId();
|
this.sessionId = request.getSession(true).getId();
|
||||||
|
doPopulateAdditionalInformation(request);
|
||||||
|
}
|
||||||
|
|
||||||
|
public WebAuthenticationDetails(HttpServletRequest request,
|
||||||
|
boolean forceSessionCreation) {
|
||||||
|
this.remoteAddress = request.getRemoteAddr();
|
||||||
|
this.sessionId = request.getSession(forceSessionCreation).getId();
|
||||||
doPopulateAdditionalInformation(request);
|
doPopulateAdditionalInformation(request);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -56,8 +58,6 @@ public class WebAuthenticationDetails implements Serializable {
|
|||||||
throw new IllegalArgumentException("Cannot use default constructor");
|
throw new IllegalArgumentException("Cannot use default constructor");
|
||||||
}
|
}
|
||||||
|
|
||||||
//~ Methods ================================================================
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Indicates the TCP/IP address the authentication request was received
|
* Indicates the TCP/IP address the authentication request was received
|
||||||
* from.
|
* from.
|
||||||
@ -92,5 +92,6 @@ public class WebAuthenticationDetails implements Serializable {
|
|||||||
*
|
*
|
||||||
* @param request that the authentication request was received from
|
* @param request that the authentication request was received from
|
||||||
*/
|
*/
|
||||||
protected void doPopulateAdditionalInformation(HttpServletRequest request) {}
|
protected void doPopulateAdditionalInformation(HttpServletRequest request) {
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -12,7 +12,6 @@
|
|||||||
* See the License for the specific language governing permissions and
|
* See the License for the specific language governing permissions and
|
||||||
* limitations under the License.
|
* limitations under the License.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
package net.sf.acegisecurity.ui.basicauth;
|
package net.sf.acegisecurity.ui.basicauth;
|
||||||
|
|
||||||
import net.sf.acegisecurity.Authentication;
|
import net.sf.acegisecurity.Authentication;
|
||||||
@ -102,17 +101,10 @@ import javax.servlet.http.HttpServletResponse;
|
|||||||
* @version $Id$
|
* @version $Id$
|
||||||
*/
|
*/
|
||||||
public class BasicProcessingFilter implements Filter, InitializingBean {
|
public class BasicProcessingFilter implements Filter, InitializingBean {
|
||||||
//~ Static fields/initializers =============================================
|
|
||||||
|
|
||||||
private static final Log logger = LogFactory.getLog(BasicProcessingFilter.class);
|
private static final Log logger = LogFactory.getLog(BasicProcessingFilter.class);
|
||||||
|
|
||||||
//~ Instance fields ========================================================
|
|
||||||
|
|
||||||
private AuthenticationEntryPoint authenticationEntryPoint;
|
private AuthenticationEntryPoint authenticationEntryPoint;
|
||||||
private AuthenticationManager authenticationManager;
|
private AuthenticationManager authenticationManager;
|
||||||
|
|
||||||
//~ Methods ================================================================
|
|
||||||
|
|
||||||
public void setAuthenticationEntryPoint(
|
public void setAuthenticationEntryPoint(
|
||||||
AuthenticationEntryPoint authenticationEntryPoint) {
|
AuthenticationEntryPoint authenticationEntryPoint) {
|
||||||
this.authenticationEntryPoint = authenticationEntryPoint;
|
this.authenticationEntryPoint = authenticationEntryPoint;
|
||||||
@ -138,7 +130,8 @@ public class BasicProcessingFilter implements Filter, InitializingBean {
|
|||||||
"An AuthenticationEntryPoint is required");
|
"An AuthenticationEntryPoint is required");
|
||||||
}
|
}
|
||||||
|
|
||||||
public void destroy() {}
|
public void destroy() {
|
||||||
|
}
|
||||||
|
|
||||||
public void doFilter(ServletRequest request, ServletResponse response,
|
public void doFilter(ServletRequest request, ServletResponse response,
|
||||||
FilterChain chain) throws IOException, ServletException {
|
FilterChain chain) throws IOException, ServletException {
|
||||||
@ -174,7 +167,8 @@ public class BasicProcessingFilter implements Filter, InitializingBean {
|
|||||||
|
|
||||||
UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username,
|
UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username,
|
||||||
password);
|
password);
|
||||||
authRequest.setDetails(new WebAuthenticationDetails(httpRequest));
|
authRequest.setDetails(new WebAuthenticationDetails(httpRequest,
|
||||||
|
false));
|
||||||
|
|
||||||
Authentication authResult;
|
Authentication authResult;
|
||||||
|
|
||||||
@ -183,8 +177,8 @@ public class BasicProcessingFilter implements Filter, InitializingBean {
|
|||||||
} catch (AuthenticationException failed) {
|
} catch (AuthenticationException failed) {
|
||||||
// Authentication failed
|
// Authentication failed
|
||||||
if (logger.isDebugEnabled()) {
|
if (logger.isDebugEnabled()) {
|
||||||
logger.debug("Authentication request for user: " + username
|
logger.debug("Authentication request for user: " +
|
||||||
+ " failed: " + failed.toString());
|
username + " failed: " + failed.toString());
|
||||||
}
|
}
|
||||||
|
|
||||||
SecurityContextHolder.getContext().setAuthentication(null);
|
SecurityContextHolder.getContext().setAuthentication(null);
|
||||||
@ -195,7 +189,8 @@ public class BasicProcessingFilter implements Filter, InitializingBean {
|
|||||||
|
|
||||||
// Authentication success
|
// Authentication success
|
||||||
if (logger.isDebugEnabled()) {
|
if (logger.isDebugEnabled()) {
|
||||||
logger.debug("Authentication success: " + authResult.toString());
|
logger.debug("Authentication success: " +
|
||||||
|
authResult.toString());
|
||||||
}
|
}
|
||||||
|
|
||||||
SecurityContextHolder.getContext().setAuthentication(authResult);
|
SecurityContextHolder.getContext().setAuthentication(authResult);
|
||||||
@ -204,5 +199,6 @@ public class BasicProcessingFilter implements Filter, InitializingBean {
|
|||||||
chain.doFilter(request, response);
|
chain.doFilter(request, response);
|
||||||
}
|
}
|
||||||
|
|
||||||
public void init(FilterConfig arg0) throws ServletException {}
|
public void init(FilterConfig arg0) throws ServletException {
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -28,6 +28,7 @@
|
|||||||
<release version="0.9.0" date="In CVS">
|
<release version="0.9.0" date="In CVS">
|
||||||
<action dev="markstg" type="add">SwitchUserProcessingFilter to provide user security context switching</action>
|
<action dev="markstg" type="add">SwitchUserProcessingFilter to provide user security context switching</action>
|
||||||
<action dev="markstg" type="add">Java 1.5 annotation support</action>
|
<action dev="markstg" type="add">Java 1.5 annotation support</action>
|
||||||
|
<action dev="benalex" type="update">BasicAuthenticationProcessingFilter no longer creates HttpSession via WebAuthenticationDetails call</action>
|
||||||
<action dev="benalex" type="update">JdbcDaoImpl modified to support synthetic primary keys</action>
|
<action dev="benalex" type="update">JdbcDaoImpl modified to support synthetic primary keys</action>
|
||||||
<action dev="benalex" type="update">Greatly improve BasicAclEntryAfterInvocationCollectionFilteringProvider performance with large collections (if the principal has access to relatively few collection elements)</action>
|
<action dev="benalex" type="update">Greatly improve BasicAclEntryAfterInvocationCollectionFilteringProvider performance with large collections (if the principal has access to relatively few collection elements)</action>
|
||||||
<action dev="benalex" type="update">Reorder DaoAuthenticationProvider exception logic as per developer list discussion</action>
|
<action dev="benalex" type="update">Reorder DaoAuthenticationProvider exception logic as per developer list discussion</action>
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user