Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-07-10 04:13:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

BasicAuthenticationProcessingFilter no longer creates HttpSession via WebAuthenticationDetails call.

Browse Source
This commit is contained in:
Ben Alex 2005-09-08 11:15:48 +00:00
parent c64a3770de
commit 35ca25f085
3 changed files with 30 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
core/src/main/java/org/acegisecurity/ui/WebAuthenticationDetails.java
View File

@ -12,7 +12,6 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.ui;
import java.io.Serializable;
@ -27,13 +26,9 @@ import javax.servlet.http.HttpServletRequest;
* @version $Id$
*/
public class WebAuthenticationDetails implements Serializable {
//~ Instance fields ========================================================
private String remoteAddress;
private String sessionId;
//~ Constructors ===========================================================
/**
* Constructor.
*
@ -48,7 +43,14 @@ public class WebAuthenticationDetails implements Serializable {
*/
public WebAuthenticationDetails(HttpServletRequest request) {
this.remoteAddress = request.getRemoteAddr();
this.sessionId = request.getSession().getId();
this.sessionId = request.getSession(true).getId();
doPopulateAdditionalInformation(request);
}
public WebAuthenticationDetails(HttpServletRequest request,
boolean forceSessionCreation) {
this.remoteAddress = request.getRemoteAddr();
this.sessionId = request.getSession(forceSessionCreation).getId();
doPopulateAdditionalInformation(request);
}
@ -56,8 +58,6 @@ public class WebAuthenticationDetails implements Serializable {
throw new IllegalArgumentException("Cannot use default constructor");
}
//~ Methods ================================================================
/**
* Indicates the TCP/IP address the authentication request was received
* from.
@ -92,5 +92,6 @@ public class WebAuthenticationDetails implements Serializable {
*
* @param request that the authentication request was received from
*/
protected void doPopulateAdditionalInformation(HttpServletRequest request) {}
protected void doPopulateAdditionalInformation(HttpServletRequest request) {
}
}

24
core/src/main/java/org/acegisecurity/ui/basicauth/BasicProcessingFilter.java
View File

@ -12,7 +12,6 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.ui.basicauth;
import net.sf.acegisecurity.Authentication;
@ -102,17 +101,10 @@ import javax.servlet.http.HttpServletResponse;
* @version $Id$
*/
public class BasicProcessingFilter implements Filter, InitializingBean {
//~ Static fields/initializers =============================================
private static final Log logger = LogFactory.getLog(BasicProcessingFilter.class);
//~ Instance fields ========================================================
private AuthenticationEntryPoint authenticationEntryPoint;
private AuthenticationManager authenticationManager;
//~ Methods ================================================================
public void setAuthenticationEntryPoint(
AuthenticationEntryPoint authenticationEntryPoint) {
this.authenticationEntryPoint = authenticationEntryPoint;
@ -138,7 +130,8 @@ public class BasicProcessingFilter implements Filter, InitializingBean {
"An AuthenticationEntryPoint is required");
}
public void destroy() {}
public void destroy() {
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
@ -174,7 +167,8 @@ public class BasicProcessingFilter implements Filter, InitializingBean {
UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username,
password);
authRequest.setDetails(new WebAuthenticationDetails(httpRequest));
authRequest.setDetails(new WebAuthenticationDetails(httpRequest,
false));
Authentication authResult;
@ -183,8 +177,8 @@ public class BasicProcessingFilter implements Filter, InitializingBean {
} catch (AuthenticationException failed) {
// Authentication failed
if (logger.isDebugEnabled()) {
logger.debug("Authentication request for user: " + username
+ " failed: " + failed.toString());
logger.debug("Authentication request for user: " +
username + " failed: " + failed.toString());
}
SecurityContextHolder.getContext().setAuthentication(null);
@ -195,7 +189,8 @@ public class BasicProcessingFilter implements Filter, InitializingBean {
// Authentication success
if (logger.isDebugEnabled()) {
logger.debug("Authentication success: " + authResult.toString());
logger.debug("Authentication success: " +
authResult.toString());
}
SecurityContextHolder.getContext().setAuthentication(authResult);
@ -204,5 +199,6 @@ public class BasicProcessingFilter implements Filter, InitializingBean {
chain.doFilter(request, response);
}
public void init(FilterConfig arg0) throws ServletException {}
public void init(FilterConfig arg0) throws ServletException {
}
}

1
doc/xdocs/changes.xml
View File

@ -28,6 +28,7 @@
<release version="0.9.0" date="In CVS">
<action dev="markstg" type="add">SwitchUserProcessingFilter to provide user security context switching</action>
<action dev="markstg" type="add">Java 1.5 annotation support</action>
<action dev="benalex" type="update">BasicAuthenticationProcessingFilter no longer creates HttpSession via WebAuthenticationDetails call</action>
<action dev="benalex" type="update">JdbcDaoImpl modified to support synthetic primary keys</action>
<action dev="benalex" type="update">Greatly improve BasicAclEntryAfterInvocationCollectionFilteringProvider performance with large collections (if the principal has access to relatively few collection elements)</action>
<action dev="benalex" type="update">Reorder DaoAuthenticationProvider exception logic as per developer list discussion</action>