Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SEC-1058: Further refactoring to remove use of getDefaultTargetUrl(). Subclasses now pass the default value as a constructor argument.

This commit is contained in:
Luke Taylor 2008-12-15 01:25:12 +00:00
parent fcc68e636e
commit 40ccd3be11
9 changed files with 183 additions and 199 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

104
cas/src/main/java/org/springframework/security/ui/cas/CasProcessingFilter.java
View File

@ -33,23 +33,27 @@ import javax.servlet.http.HttpServletResponse;
/**
* Processes a CAS service ticket.<p>A service ticket consists of an opaque ticket string. It arrives at this
* filter by the user's browser successfully authenticating using CAS, and then receiving a HTTP redirect to a
* <code>service</code>. The opaque ticket string is presented in the <code>ticket</code> request parameter. This
* filter monitors the <code>service</code> URL so it can receive the service ticket and process it. The CAS server
* knows which <code>service</code> URL to use via the {@link ServiceProperties#getService()} method.</p>
* <p>Processing the service ticket involves creating a <code>UsernamePasswordAuthenticationToken</code> which
* Processes a CAS service ticket.
* <p>
* A service ticket consists of an opaque ticket string. It arrives at this filter by the user's browser successfully
* authenticating using CAS, and then receiving a HTTP redirect to a <code>service</code>. The opaque ticket string is
* presented in the <code>ticket</code> request parameter. This filter monitors the <code>service</code> URL so it can
* receive the service ticket and process it. The CAS server knows which <code>service</code> URL to use via the
* {@link ServiceProperties#getService()} method.
* <p>
* Processing the service ticket involves creating a <code>UsernamePasswordAuthenticationToken</code> which
* uses {@link #CAS_STATEFUL_IDENTIFIER} for the <code>principal</code> and the opaque ticket string as the
* <code>credentials</code>.</p>
* <p>The configured <code>AuthenticationManager</code> is expected to provide a provider that can recognise
* <code>credentials</code>.
* <p>
* The configured <code>AuthenticationManager</code> is expected to provide a provider that can recognise
* <code>UsernamePasswordAuthenticationToken</code>s containing this special <code>principal</code> name, and process
* them accordingly by validation with the CAS server.</p>
* <p>By configuring a shared {@link ProxyGrantingTicketStorage} between the {@link TicketValidator} and the CasProcessingFilter
* one can have the CasProcessingFilter handle the proxying requirements for CAS. In addition, the URI endpoint for the proxying
* would also need to be configured (i.e. the part after protocol, hostname, and port).
*
* <p><b>Do not use this class directly.</b> Instead configure <code>web.xml</code> to use the {@link
* org.springframework.security.util.FilterToBeanProxy}.</p>
* them accordingly by validation with the CAS server.
* <p>
* By configuring a shared {@link ProxyGrantingTicketStorage} between the {@link TicketValidator} and the
* CasProcessingFilter one can have the CasProcessingFilter handle the proxying requirements for CAS. In addition, the
* URI endpoint for the proxying would also need to be configured (i.e. the part after protocol, hostname, and port).
* <p>
* By default this filter processes the URL <tt>/j_spring_cas_security_check</tt>.
*
* @author Ben Alex
* @version $Id$
@ -71,13 +75,19 @@ public class CasProcessingFilter extends AbstractProcessingFilter {
* The last portion of the receptor url, i.e. /proxy/receptor
*/
private String proxyReceptorUrl;
/**
* The backing storage to store ProxyGrantingTicket requests.
*/
private ProxyGrantingTicketStorage proxyGrantingTicketStorage;
//~ Methods ========================================================================================================
//~ Constructors ===================================================================================================
public CasProcessingFilter() {
super("/j_spring_cas_security_check");
}
//~ Methods ========================================================================================================
public Authentication attemptAuthentication(final HttpServletRequest request, HttpServletResponse response)
throws AuthenticationException {
final String username = CAS_STATEFUL_IDENTIFIER;
@ -95,46 +105,34 @@ public class CasProcessingFilter extends AbstractProcessingFilter {
}
/**
* This filter by default responds to <code>/j_spring_cas_security_check</code>.
*
* @return the default
* Overridden to provide proxying capabilities.
*/
public String getDefaultFilterProcessesUrl() {
return "/j_spring_cas_security_check";
protected boolean requiresAuthentication(final HttpServletRequest request,
final HttpServletResponse response) {
final String requestUri = request.getRequestURI();
if (CommonUtils.isEmpty(this.proxyReceptorUrl) || !requestUri.endsWith(this.proxyReceptorUrl) || this.proxyGrantingTicketStorage == null) {
return super.requiresAuthentication(request, response);
}
try {
CommonUtils.readAndRespondToProxyReceptorRequest(request, response, this.proxyGrantingTicketStorage);
return false;
} catch (final IOException e) {
return super.requiresAuthentication(request, response);
}
}
public final void setProxyReceptorUrl(final String proxyReceptorUrl) {
this.proxyReceptorUrl = proxyReceptorUrl;
}
public final void setProxyGrantingTicketStorage(
final ProxyGrantingTicketStorage proxyGrantingTicketStorage) {
this.proxyGrantingTicketStorage = proxyGrantingTicketStorage;
}
public int getOrder() {
return FilterChainOrder.CAS_PROCESSING_FILTER;
}
/**
* Overridden to provide proxying capabilities.
*/
protected boolean requiresAuthentication(final HttpServletRequest request,
final HttpServletResponse response) {
final String requestUri = request.getRequestURI();
if (CommonUtils.isEmpty(this.proxyReceptorUrl) || !requestUri.endsWith(this.proxyReceptorUrl) || this.proxyGrantingTicketStorage == null) {
return super.requiresAuthentication(request, response);
}
try {
CommonUtils.readAndRespondToProxyReceptorRequest(request, response, this.proxyGrantingTicketStorage);
return false;
} catch (final IOException e) {
return super.requiresAuthentication(request, response);
}
}
public final void setProxyReceptorUrl(final String proxyReceptorUrl) {
this.proxyReceptorUrl = proxyReceptorUrl;
}
public final void setProxyGrantingTicketStorage(
final ProxyGrantingTicketStorage proxyGrantingTicketStorage) {
this.proxyGrantingTicketStorage = proxyGrantingTicketStorage;
}
}

2
cas/src/test/java/org/springframework/security/ui/cas/CasProcessingFilterTests.java
View File

@ -36,7 +36,7 @@ public class CasProcessingFilterTests extends TestCase {
public void testGetters() {
CasProcessingFilter filter = new CasProcessingFilter();
assertEquals("/j_spring_cas_security_check", filter.getDefaultFilterProcessesUrl());
assertEquals("/j_spring_cas_security_check", filter.getFilterProcessesUrl());
}
public void testNormalOperation() throws Exception {

22
core/src/main/java/org/springframework/security/ui/AbstractProcessingFilter.java
View File

@ -80,7 +80,7 @@ import org.springframework.util.Assert;
* client. It may also be configured with a failure URL as an alternative. Again you can inject whatever
* behaviour you require here.
*
* <h4>Event Pulication</h4>
* <h4>Event Publication</h4>
*
* If authentication is successful, an
* {@link org.springframework.security.event.authentication.InteractiveAuthenticationSuccessEvent
@ -123,7 +123,7 @@ public abstract class AbstractProcessingFilter extends SpringSecurityFilter impl
* The URL destination that this filter intercepts and processes (usually
* something like <code>/j_spring_security_check</code>)
*/
private String filterProcessesUrl = getDefaultFilterProcessesUrl();
private String filterProcessesUrl;
private boolean continueChainBeforeSuccessfulAuthentication = false;
@ -150,6 +150,15 @@ public abstract class AbstractProcessingFilter extends SpringSecurityFilter impl
private AuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
private AuthenticationFailureHandler failureHandler = new SimpleUrlAuthenticationFailureHandler();
//~ Constructors ===================================================================================================
/**
* @param defaultFilterProcessesUrl the default value for <tt>filterProcessesUrl</tt>.
*/
protected AbstractProcessingFilter(String defaultFilterProcessesUrl) {
this.filterProcessesUrl = defaultFilterProcessesUrl;
}
//~ Methods ========================================================================================================
public void afterPropertiesSet() throws Exception {
@ -273,7 +282,7 @@ public abstract class AbstractProcessingFilter extends SpringSecurityFilter impl
* <ol>
* <li>Sets the successful <tt>Authentication</tt> object on the {@link SecurityContextHolder}</li>
* <li>Performs any configured session migration behaviour</li>
* <li>Informs the configured <tt>RememberMeServices</tt> of the successul login</li>
* <li>Informs the configured <tt>RememberMeServices</tt> of the successful login</li>
* <li>Fires an {@link InteractiveAuthenticationSuccessEvent} via the configured
* <tt>ApplicationEventPublisher</tt></li>
* <li>Delegates additional behaviour to the {@link AuthenticationSuccessHandler}.</li>
@ -346,13 +355,6 @@ public abstract class AbstractProcessingFilter extends SpringSecurityFilter impl
this.authenticationManager = authenticationManager;
}
/**
* Specifies the default <code>filterProcessesUrl</code> for the implementation.
*
* @return the default <code>filterProcessesUrl</code>
*/
public abstract String getDefaultFilterProcessesUrl();
public String getFilterProcessesUrl() {
return filterProcessesUrl;
}

20
core/src/main/java/org/springframework/security/ui/webapp/AuthenticationProcessingFilter.java
View File

@ -32,11 +32,14 @@ import javax.servlet.http.HttpSession;
/**
* Processes an authentication form.
* <p>Login forms must present two parameters to this filter: a username and
* <p>
* Login forms must present two parameters to this filter: a username and
* password. The default parameter names to use are contained in the
* static fields {@link #SPRING_SECURITY_FORM_USERNAME_KEY} and {@link #SPRING_SECURITY_FORM_PASSWORD_KEY}.
* The parameter names can also be changed by setting the <tt>usernameParameter</tt> and <tt>passwordParameter</tt>
* properties.
* <p>
* This filter by default responds to the URL <tt>/j_spring_security_check</tt>.
*
* @author Ben Alex
* @author Colin Sampaleanu
@ -52,6 +55,12 @@ public class AuthenticationProcessingFilter extends AbstractProcessingFilter {
private String usernameParameter = SPRING_SECURITY_FORM_USERNAME_KEY;
private String passwordParameter = SPRING_SECURITY_FORM_PASSWORD_KEY;
//~ Constructors ===================================================================================================
public AuthenticationProcessingFilter() {
super("/j_spring_security_check");
}
//~ Methods ========================================================================================================
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
@ -83,15 +92,6 @@ public class AuthenticationProcessingFilter extends AbstractProcessingFilter {
return this.getAuthenticationManager().authenticate(authRequest);
}
/**
* This filter by default responds to <code>/j_spring_security_check</code>.
*
* @return the default
*/
public String getDefaultFilterProcessesUrl() {
return "/j_spring_security_check";
}
/**
* Enables subclasses to override the composition of the password, such as by including additional values
* and a separator.<p>This might be used for example if a postcode/zipcode was required in addition to the

176
core/src/main/java/org/springframework/security/ui/webapp/DefaultLoginPageGeneratingFilter.java
View File

@ -37,40 +37,40 @@ public class DefaultLoginPageGeneratingFilter extends SpringSecurityFilter {
private String openIDauthenticationUrl;
private String openIDusernameParameter;
private String openIDrememberMeParameter;
public DefaultLoginPageGeneratingFilter(AbstractProcessingFilter filter) {
if (filter instanceof AuthenticationProcessingFilter) {
init((AuthenticationProcessingFilter)filter, null);
} else {
init(null, filter);
}
}
public DefaultLoginPageGeneratingFilter(AuthenticationProcessingFilter authFilter, AbstractProcessingFilter openIDFilter) {
init(authFilter, openIDFilter);
}
private void init(AuthenticationProcessingFilter authFilter, AbstractProcessingFilter openIDFilter) {
if (authFilter != null) {
formLoginEnabled = true;
authenticationUrl = authFilter.getDefaultFilterProcessesUrl();
usernameParameter = authFilter.getUsernameParameter();
passwordParameter = authFilter.getPasswordParameter();
if (authFilter.getRememberMeServices() instanceof AbstractRememberMeServices) {
rememberMeParameter = ((AbstractRememberMeServices)authFilter.getRememberMeServices()).getParameter();
}
}
if (openIDFilter != null) {
openIdEnabled = true;
openIDauthenticationUrl = openIDFilter.getDefaultFilterProcessesUrl();
openIDusernameParameter = (String) (new BeanWrapperImpl(openIDFilter)).getPropertyValue("claimedIdentityFieldName");
if (openIDFilter.getRememberMeServices() instanceof AbstractRememberMeServices) {
openIDrememberMeParameter = ((AbstractRememberMeServices)openIDFilter.getRememberMeServices()).getParameter();
}
}
public DefaultLoginPageGeneratingFilter(AbstractProcessingFilter filter) {
if (filter instanceof AuthenticationProcessingFilter) {
init((AuthenticationProcessingFilter)filter, null);
} else {
init(null, filter);
}
}
public DefaultLoginPageGeneratingFilter(AuthenticationProcessingFilter authFilter, AbstractProcessingFilter openIDFilter) {
init(authFilter, openIDFilter);
}
private void init(AuthenticationProcessingFilter authFilter, AbstractProcessingFilter openIDFilter) {
if (authFilter != null) {
formLoginEnabled = true;
authenticationUrl = authFilter.getFilterProcessesUrl();
usernameParameter = authFilter.getUsernameParameter();
passwordParameter = authFilter.getPasswordParameter();
if (authFilter.getRememberMeServices() instanceof AbstractRememberMeServices) {
rememberMeParameter = ((AbstractRememberMeServices)authFilter.getRememberMeServices()).getParameter();
}
}
if (openIDFilter != null) {
openIdEnabled = true;
openIDauthenticationUrl = openIDFilter.getFilterProcessesUrl();
openIDusernameParameter = (String) (new BeanWrapperImpl(openIDFilter)).getPropertyValue("claimedIdentityFieldName");
if (openIDFilter.getRememberMeServices() instanceof AbstractRememberMeServices) {
openIDrememberMeParameter = ((AbstractRememberMeServices)openIDFilter.getRememberMeServices()).getParameter();
}
}
}
protected void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
@ -78,7 +78,7 @@ public class DefaultLoginPageGeneratingFilter extends SpringSecurityFilter {
String loginPageHtml = generateLoginPageHtml(request);
response.setContentType("text/html;charset=UTF-8");
response.setContentLength(loginPageHtml.length());
response.getOutputStream().print(loginPageHtml);
response.getOutputStream().print(loginPageHtml);
return;
}
@ -95,66 +95,66 @@ public class DefaultLoginPageGeneratingFilter extends SpringSecurityFilter {
HttpSession session = request.getSession(false);
if(session != null) {
lastUser = (String) session.getAttribute(AuthenticationProcessingFilter.SPRING_SECURITY_LAST_USERNAME_KEY);
AuthenticationException ex = (AuthenticationException) session.getAttribute(AbstractProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY);
lastUser = (String) session.getAttribute(AuthenticationProcessingFilter.SPRING_SECURITY_LAST_USERNAME_KEY);
AuthenticationException ex = (AuthenticationException) session.getAttribute(AbstractProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY);
errorMsg = ex != null ? ex.getMessage() : "none";
if (lastUser == null) {
lastUser = "";
lastUser = "";
}
}
}
StringBuffer sb = new StringBuffer();
sb.append("<html><head><title>Login Page</title></head>");
if (formLoginEnabled) {
sb.append("<body onload='document.f.").append(usernameParameter).append(".focus();'>\n");
sb.append("<body onload='document.f.").append(usernameParameter).append(".focus();'>\n");
}
if (loginError) {
sb.append("<p><font color='red'>Your login attempt was not successful, try again.<br/><br/>Reason: ");
sb.append("<p><font color='red'>Your login attempt was not successful, try again.<br/><br/>Reason: ");
sb.append(errorMsg);
sb.append("</font></p>");
}
if (formLoginEnabled) {
sb.append("<h3>Login with Username and Password</h3>");
sb.append("<form name='f' action='").append(request.getContextPath()).append(authenticationUrl).append("' method='POST'>\n");
sb.append(" <table>\n");
sb.append(" <tr><td>User:</td><td><input type='text' name='");
sb.append(usernameParameter).append("' value='").append(lastUser).append("'></td></tr>\n");
sb.append(" <tr><td>Password:</td><td><input type='password' name='").append(passwordParameter).append("'/></td></tr>\n");
if (rememberMeParameter != null) {
sb.append(" <tr><td><input type='checkbox' name='").append(rememberMeParameter).append("'/></td><td>Remember me on this computer.</td></tr>\n");
}
sb.append(" <tr><td colspan='2'><input name=\"submit\" type=\"submit\"/></td></tr>\n");
sb.append(" <tr><td colspan='2'><input name=\"reset\" type=\"reset\"/></td></tr>\n");
sb.append(" </table>\n");
sb.append("</form>");
sb.append("<h3>Login with Username and Password</h3>");
sb.append("<form name='f' action='").append(request.getContextPath()).append(authenticationUrl).append("' method='POST'>\n");
sb.append(" <table>\n");
sb.append(" <tr><td>User:</td><td><input type='text' name='");
sb.append(usernameParameter).append("' value='").append(lastUser).append("'></td></tr>\n");
sb.append(" <tr><td>Password:</td><td><input type='password' name='").append(passwordParameter).append("'/></td></tr>\n");
if (rememberMeParameter != null) {
sb.append(" <tr><td><input type='checkbox' name='").append(rememberMeParameter).append("'/></td><td>Remember me on this computer.</td></tr>\n");
}
sb.append(" <tr><td colspan='2'><input name=\"submit\" type=\"submit\"/></td></tr>\n");
sb.append(" <tr><td colspan='2'><input name=\"reset\" type=\"reset\"/></td></tr>\n");
sb.append(" </table>\n");
sb.append("</form>");
}
if(openIdEnabled) {
sb.append("<h3>Login with OpenID Identity</h3>");
sb.append("<form name='oidf' action='").append(request.getContextPath()).append(openIDauthenticationUrl).append("' method='POST'>\n");
sb.append(" <table>\n");
sb.append(" <tr><td>Identity:</td><td><input type='text' name='");
sb.append(openIDusernameParameter).append("'/></td></tr>\n");
if (rememberMeParameter != null) {
sb.append(" <tr><td><input type='checkbox' name='").append(openIDrememberMeParameter).append("'></td><td>Remember me on this computer.</td></tr>\n");
}
sb.append(" <tr><td colspan='2'><input name=\"submit\" type=\"submit\"/></td></tr>\n");
sb.append(" <tr><td colspan='2'><input name=\"reset\" type=\"reset\"/></td></tr>\n");
sb.append(" </table>\n");
sb.append("</form>");
sb.append("<h3>Login with OpenID Identity</h3>");
sb.append("<form name='oidf' action='").append(request.getContextPath()).append(openIDauthenticationUrl).append("' method='POST'>\n");
sb.append(" <table>\n");
sb.append(" <tr><td>Identity:</td><td><input type='text' name='");
sb.append(openIDusernameParameter).append("'/></td></tr>\n");
if (rememberMeParameter != null) {
sb.append(" <tr><td><input type='checkbox' name='").append(openIDrememberMeParameter).append("'></td><td>Remember me on this computer.</td></tr>\n");
}
sb.append(" <tr><td colspan='2'><input name=\"submit\" type=\"submit\"/></td></tr>\n");
sb.append(" <tr><td colspan='2'><input name=\"reset\" type=\"reset\"/></td></tr>\n");
sb.append(" </table>\n");
sb.append("</form>");
}
sb.append("</body></html>");
return sb.toString();
}
@ -162,19 +162,19 @@ public class DefaultLoginPageGeneratingFilter extends SpringSecurityFilter {
return FilterChainOrder.LOGIN_PAGE_FILTER;
}
private boolean isLoginUrlRequest(HttpServletRequest request) {
String uri = request.getRequestURI();
int pathParamIndex = uri.indexOf(';');
private boolean isLoginUrlRequest(HttpServletRequest request) {
String uri = request.getRequestURI();
int pathParamIndex = uri.indexOf(';');
if (pathParamIndex > 0) {
// strip everything after the first semi-colon
uri = uri.substring(0, pathParamIndex);
}
if (pathParamIndex > 0) {
// strip everything after the first semi-colon
uri = uri.substring(0, pathParamIndex);
}
if ("".equals(request.getContextPath())) {
return uri.endsWith(DEFAULT_LOGIN_PAGE_URL);
}
if ("".equals(request.getContextPath())) {
return uri.endsWith(DEFAULT_LOGIN_PAGE_URL);
}
return uri.endsWith(request.getContextPath() + DEFAULT_LOGIN_PAGE_URL);
}
return uri.endsWith(request.getContextPath() + DEFAULT_LOGIN_PAGE_URL);
}
}

7
core/src/test/java/org/springframework/security/ui/AbstractProcessingFilterTests.java
View File

@ -549,18 +549,21 @@ public class AbstractProcessingFilterTests extends TestCase {
private boolean grantAccess;
public MockAbstractProcessingFilter(boolean grantAccess) {
this();
setRememberMeServices(new NullRememberMeServices());
this.grantAccess = grantAccess;
this.exceptionToThrow = new BadCredentialsException("Mock requested to do so");
}
public MockAbstractProcessingFilter(AuthenticationException exceptionToThrow) {
this();
setRememberMeServices(new NullRememberMeServices());
this.grantAccess = false;
this.exceptionToThrow = exceptionToThrow;
}
private MockAbstractProcessingFilter() {
super("/j_mock_post");
}
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
@ -571,10 +574,6 @@ public class AbstractProcessingFilterTests extends TestCase {
}
}
public String getDefaultFilterProcessesUrl() {
return "/j_mock_post";
}
public boolean requiresAuthentication(HttpServletRequest request, HttpServletResponse response) {
return super.requiresAuthentication(request, response);
}

26
core/src/test/java/org/springframework/security/ui/webapp/AuthenticationProcessingFilterTests.java
View File

@ -15,19 +15,16 @@
package org.springframework.security.ui.webapp;
import javax.servlet.ServletException;
import junit.framework.TestCase;
import org.springframework.security.Authentication;
import org.springframework.security.MockAuthenticationManager;
import org.springframework.security.AuthenticationException;
import org.springframework.security.ui.WebAuthenticationDetails;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationException;
import org.springframework.security.MockAuthenticationManager;
import org.springframework.security.ui.WebAuthenticationDetails;
/**
@ -37,20 +34,11 @@ import javax.servlet.http.HttpServletResponse;
* @version $Id$
*/
public class AuthenticationProcessingFilterTests extends TestCase {
//~ Constructors ===================================================================================================
public AuthenticationProcessingFilterTests() {
}
public AuthenticationProcessingFilterTests(String arg0) {
super(arg0);
}
//~ Methods ========================================================================================================
public void testGetters() {
AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
assertEquals("/j_spring_security_check", filter.getDefaultFilterProcessesUrl());
assertEquals("/j_spring_security_check", filter.getFilterProcessesUrl());
}
public void testNormalOperation() throws Exception {

15
core/src/test/java/org/springframework/security/ui/webapp/DefaultLoginPageGeneratingFilterTests.java
View File

@ -1,7 +1,5 @@
package org.springframework.security.ui.webapp;
import static org.junit.Assert.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@ -10,9 +8,9 @@ import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationException;
import org.springframework.security.util.MockFilterChain;
import org.springframework.security.ui.AbstractProcessingFilter;
import org.springframework.security.ui.FilterChainOrder;
import org.springframework.security.util.MockFilterChain;
/**
*
@ -36,15 +34,14 @@ public class DefaultLoginPageGeneratingFilterTests {
filter.doFilter(new MockHttpServletRequest("GET", "/spring_security_login"), new MockHttpServletResponse(), new MockFilterChain(false));
}
// Fake OpenID filter (since it's not in this module
private static class MockProcessingFilter extends AbstractProcessingFilter {
@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
return null;
protected MockProcessingFilter() {
super("/someurl");
}
@Override
public String getDefaultFilterProcessesUrl() {
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
return null;
}
@ -55,7 +52,5 @@ public class DefaultLoginPageGeneratingFilterTests {
public String getClaimedIdentityFieldName() {
return "unused";
}
}
}

10
openid/src/main/java/org/springframework/security/ui/openid/OpenIDAuthenticationProcessingFilter.java
View File

@ -77,6 +77,12 @@ public class OpenIDAuthenticationProcessingFilter extends AbstractProcessingFilt
private String claimedIdentityFieldName = DEFAULT_CLAIMED_IDENTITY_FIELD;
private Map<String,String> realmMapping = Collections.emptyMap();
//~ Constructors ===================================================================================================
public OpenIDAuthenticationProcessingFilter() {
super("/j_spring_openid_security_check");
}
//~ Methods ========================================================================================================
public void afterPropertiesSet() throws Exception {
@ -86,10 +92,6 @@ public class OpenIDAuthenticationProcessingFilter extends AbstractProcessingFilt
}
}
public String getDefaultFilterProcessesUrl() {
return "/j_spring_openid_security_check";
}
/**
* Authentication has two phases.
* <ol>