SEC-1058: Further refactoring to remove use of getDefaultTargetUrl(). Subclasses now pass the default value as a constructor argument.

cas/src/main/java/org/springframework/security/ui/cas/CasProcessingFilter.java

@@ -33,23 +33,27 @@ import javax.servlet.http.HttpServletResponse;
 
 
 /**
- * Processes a CAS service ticket.<p>A service ticket consists of an opaque ticket string. It arrives at this
- * filter by the user's browser successfully authenticating using CAS, and then receiving a HTTP redirect to a
- * <code>service</code>. The opaque ticket string is presented in the <code>ticket</code> request parameter. This
- * filter monitors the <code>service</code> URL so it can receive the service ticket and process it. The CAS server
- * knows which <code>service</code> URL to use via the {@link ServiceProperties#getService()} method.</p>
- *  <p>Processing the service ticket involves creating a <code>UsernamePasswordAuthenticationToken</code> which
+ * Processes a CAS service ticket.
+ * <p>
+ * A service ticket consists of an opaque ticket string. It arrives at this filter by the user's browser successfully
+ * authenticating using CAS, and then receiving a HTTP redirect to a <code>service</code>. The opaque ticket string is
+ * presented in the <code>ticket</code> request parameter. This filter monitors the <code>service</code> URL so it can
+ * receive the service ticket and process it. The CAS server knows which <code>service</code> URL to use via the
+ * {@link ServiceProperties#getService()} method.
+ * <p>
+ * Processing the service ticket involves creating a <code>UsernamePasswordAuthenticationToken</code> which
  * uses {@link #CAS_STATEFUL_IDENTIFIER} for the <code>principal</code> and the opaque ticket string as the
- * <code>credentials</code>.</p>
- *  <p>The configured <code>AuthenticationManager</code> is expected to provide a provider that can recognise
+ * <code>credentials</code>.
+ * <p>
+ * The configured <code>AuthenticationManager</code> is expected to provide a provider that can recognise
  * <code>UsernamePasswordAuthenticationToken</code>s containing this special <code>principal</code> name, and process
- * them accordingly by validation with the CAS server.</p>
- * <p>By configuring a shared {@link ProxyGrantingTicketStorage} between the {@link TicketValidator} and the CasProcessingFilter
- * one can have the CasProcessingFilter handle the proxying requirements for CAS.  In addition, the URI endpoint for the proxying
- * would also need to be configured (i.e. the part after protocol, hostname, and port).
- * 
- * <p><b>Do not use this class directly.</b> Instead configure <code>web.xml</code> to use the {@link
- * org.springframework.security.util.FilterToBeanProxy}.</p>
+ * them accordingly by validation with the CAS server.
+ * <p>
+ * By configuring a shared {@link ProxyGrantingTicketStorage} between the {@link TicketValidator} and the
+ * CasProcessingFilter one can have the CasProcessingFilter handle the proxying requirements for CAS. In addition, the
+ * URI endpoint for the proxying would also need to be configured (i.e. the part after protocol, hostname, and port).
+ * <p>
+ * By default this filter processes the URL <tt>/j_spring_cas_security_check</tt>.
  *
  * @author Ben Alex
  * @version $Id$
@@ -77,6 +81,12 @@ public class CasProcessingFilter extends AbstractProcessingFilter {
      */
     private ProxyGrantingTicketStorage proxyGrantingTicketStorage;
 
+    //~ Constructors ===================================================================================================
+
+    public CasProcessingFilter() {
+        super("/j_spring_cas_security_check");
+    }
+
     //~ Methods ========================================================================================================
     public Authentication attemptAuthentication(final HttpServletRequest request, HttpServletResponse response)
         throws AuthenticationException {
@@ -94,20 +104,6 @@ public class CasProcessingFilter extends AbstractProcessingFilter {
         return this.getAuthenticationManager().authenticate(authRequest);
     }
 
-    /**
-     * This filter by default responds to <code>/j_spring_cas_security_check</code>.
-     *
-     * @return the default
-     */
-    public String getDefaultFilterProcessesUrl() {
-        return "/j_spring_cas_security_check";
-    }
-
-    public int getOrder() {
-        return FilterChainOrder.CAS_PROCESSING_FILTER;
-    }
-    
-
     /**
      * Overridden to provide proxying capabilities.
      */
@@ -136,5 +132,7 @@ public class CasProcessingFilter extends AbstractProcessingFilter {
         this.proxyGrantingTicketStorage = proxyGrantingTicketStorage;
     }
 
-	
+    public int getOrder() {
+        return FilterChainOrder.CAS_PROCESSING_FILTER;
+    }
 }

cas/src/test/java/org/springframework/security/ui/cas/CasProcessingFilterTests.java

@@ -36,7 +36,7 @@ public class CasProcessingFilterTests extends TestCase {
 
     public void testGetters() {
         CasProcessingFilter filter = new CasProcessingFilter();
-        assertEquals("/j_spring_cas_security_check", filter.getDefaultFilterProcessesUrl());
+        assertEquals("/j_spring_cas_security_check", filter.getFilterProcessesUrl());
     }
 
     public void testNormalOperation() throws Exception {

core/src/main/java/org/springframework/security/ui/AbstractProcessingFilter.java

@@ -80,7 +80,7 @@ import org.springframework.util.Assert;
  * client. It may also be configured with a failure URL as an alternative. Again you can inject whatever
  * behaviour you require here.
  *
- * <h4>Event Pulication</h4>
+ * <h4>Event Publication</h4>
  *
  * If authentication is successful, an
  * {@link org.springframework.security.event.authentication.InteractiveAuthenticationSuccessEvent
@@ -123,7 +123,7 @@ public abstract class AbstractProcessingFilter extends SpringSecurityFilter impl
      * The URL destination that this filter intercepts and processes (usually
      * something like <code>/j_spring_security_check</code>)
      */
-    private String filterProcessesUrl = getDefaultFilterProcessesUrl();
+    private String filterProcessesUrl;
 
     private boolean continueChainBeforeSuccessfulAuthentication = false;
 
@@ -150,6 +150,15 @@ public abstract class AbstractProcessingFilter extends SpringSecurityFilter impl
     private AuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
     private AuthenticationFailureHandler failureHandler = new SimpleUrlAuthenticationFailureHandler();
 
+    //~ Constructors ===================================================================================================
+
+    /**
+     * @param defaultFilterProcessesUrl the default value for <tt>filterProcessesUrl</tt>.
+     */
+    protected AbstractProcessingFilter(String defaultFilterProcessesUrl) {
+        this.filterProcessesUrl = defaultFilterProcessesUrl;
+    }
+
     //~ Methods ========================================================================================================
 
     public void afterPropertiesSet() throws Exception {
@@ -273,7 +282,7 @@ public abstract class AbstractProcessingFilter extends SpringSecurityFilter impl
      * <ol>
      * <li>Sets the successful <tt>Authentication</tt> object on the {@link SecurityContextHolder}</li>
      * <li>Performs any configured session migration behaviour</li>
-     * <li>Informs the configured <tt>RememberMeServices</tt> of the successul login</li>
+     * <li>Informs the configured <tt>RememberMeServices</tt> of the successful login</li>
      * <li>Fires an {@link InteractiveAuthenticationSuccessEvent} via the configured
      * <tt>ApplicationEventPublisher</tt></li>
      * <li>Delegates additional behaviour to the {@link AuthenticationSuccessHandler}.</li>
@@ -346,13 +355,6 @@ public abstract class AbstractProcessingFilter extends SpringSecurityFilter impl
         this.authenticationManager = authenticationManager;
     }
 
-    /**
-     * Specifies the default <code>filterProcessesUrl</code> for the implementation.
-     *
-     * @return the default <code>filterProcessesUrl</code>
-     */
-    public abstract String getDefaultFilterProcessesUrl();
-
     public String getFilterProcessesUrl() {
         return filterProcessesUrl;
     }

core/src/main/java/org/springframework/security/ui/webapp/AuthenticationProcessingFilter.java

@@ -32,11 +32,14 @@ import javax.servlet.http.HttpSession;
 
 /**
  * Processes an authentication form.
- * <p>Login forms must present two parameters to this filter: a username and
+ * <p>
+ * Login forms must present two parameters to this filter: a username and
  * password. The default parameter names to use are contained in the
  * static fields {@link #SPRING_SECURITY_FORM_USERNAME_KEY} and {@link #SPRING_SECURITY_FORM_PASSWORD_KEY}.
  * The parameter names can also be changed by setting the <tt>usernameParameter</tt> and <tt>passwordParameter</tt>
  * properties.
+ * <p>
+ * This filter by default responds to the URL <tt>/j_spring_security_check</tt>.
  *
  * @author Ben Alex
  * @author Colin Sampaleanu
@@ -52,6 +55,12 @@ public class AuthenticationProcessingFilter extends AbstractProcessingFilter {
     private String usernameParameter = SPRING_SECURITY_FORM_USERNAME_KEY;
     private String passwordParameter = SPRING_SECURITY_FORM_PASSWORD_KEY;
 
+    //~ Constructors ===================================================================================================
+
+    public AuthenticationProcessingFilter() {
+        super("/j_spring_security_check");
+    }
+
     //~ Methods ========================================================================================================
 
     public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
@@ -83,15 +92,6 @@ public class AuthenticationProcessingFilter extends AbstractProcessingFilter {
         return this.getAuthenticationManager().authenticate(authRequest);
     }
 
-    /**
-     * This filter by default responds to <code>/j_spring_security_check</code>.
-     *
-     * @return the default
-     */
-    public String getDefaultFilterProcessesUrl() {
-        return "/j_spring_security_check";
-    }
-
     /**
      * Enables subclasses to override the composition of the password, such as by including additional values
      * and a separator.<p>This might be used for example if a postcode/zipcode was required in addition to the

core/src/main/java/org/springframework/security/ui/webapp/DefaultLoginPageGeneratingFilter.java

@@ -53,7 +53,7 @@ public class DefaultLoginPageGeneratingFilter extends SpringSecurityFilter {
     private void init(AuthenticationProcessingFilter authFilter, AbstractProcessingFilter openIDFilter) {
         if (authFilter != null) {
             formLoginEnabled = true;
-	        authenticationUrl = authFilter.getDefaultFilterProcessesUrl();
+            authenticationUrl = authFilter.getFilterProcessesUrl();
             usernameParameter = authFilter.getUsernameParameter();
             passwordParameter = authFilter.getPasswordParameter();
 
@@ -64,7 +64,7 @@ public class DefaultLoginPageGeneratingFilter extends SpringSecurityFilter {
 
         if (openIDFilter != null) {
             openIdEnabled = true;
-    		openIDauthenticationUrl = openIDFilter.getDefaultFilterProcessesUrl();
+            openIDauthenticationUrl = openIDFilter.getFilterProcessesUrl();
             openIDusernameParameter = (String) (new BeanWrapperImpl(openIDFilter)).getPropertyValue("claimedIdentityFieldName");
 
             if (openIDFilter.getRememberMeServices() instanceof AbstractRememberMeServices) {

core/src/test/java/org/springframework/security/ui/AbstractProcessingFilterTests.java

@@ -549,18 +549,21 @@ public class AbstractProcessingFilterTests extends TestCase {
         private boolean grantAccess;
 
         public MockAbstractProcessingFilter(boolean grantAccess) {
+            this();
             setRememberMeServices(new NullRememberMeServices());
             this.grantAccess = grantAccess;
             this.exceptionToThrow = new BadCredentialsException("Mock requested to do so");
         }
 
         public MockAbstractProcessingFilter(AuthenticationException exceptionToThrow) {
+            this();
             setRememberMeServices(new NullRememberMeServices());
             this.grantAccess = false;
             this.exceptionToThrow = exceptionToThrow;
         }
 
         private MockAbstractProcessingFilter() {
+            super("/j_mock_post");
         }
 
         public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
@@ -571,10 +574,6 @@ public class AbstractProcessingFilterTests extends TestCase {
             }
         }
 
-        public String getDefaultFilterProcessesUrl() {
-            return "/j_mock_post";
-        }
-
         public boolean requiresAuthentication(HttpServletRequest request, HttpServletResponse response) {
             return super.requiresAuthentication(request, response);
         }

core/src/test/java/org/springframework/security/ui/webapp/AuthenticationProcessingFilterTests.java

@@ -15,19 +15,16 @@
 
 package org.springframework.security.ui.webapp;
 
+import javax.servlet.ServletException;
+
 import junit.framework.TestCase;
 
-import org.springframework.security.Authentication;
-import org.springframework.security.MockAuthenticationManager;
-import org.springframework.security.AuthenticationException;
-
-import org.springframework.security.ui.WebAuthenticationDetails;
-
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletResponse;
+import org.springframework.security.Authentication;
+import org.springframework.security.AuthenticationException;
+import org.springframework.security.MockAuthenticationManager;
+import org.springframework.security.ui.WebAuthenticationDetails;
 
 
 /**
@@ -37,20 +34,11 @@ import javax.servlet.http.HttpServletResponse;
  * @version $Id$
  */
 public class AuthenticationProcessingFilterTests extends TestCase {
-    //~ Constructors ===================================================================================================
-
-    public AuthenticationProcessingFilterTests() {
-    }
-
-    public AuthenticationProcessingFilterTests(String arg0) {
-        super(arg0);
-    }
-
     //~ Methods ========================================================================================================
 
     public void testGetters() {
         AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
-        assertEquals("/j_spring_security_check", filter.getDefaultFilterProcessesUrl());
+        assertEquals("/j_spring_security_check", filter.getFilterProcessesUrl());
     }
 
     public void testNormalOperation() throws Exception {

core/src/test/java/org/springframework/security/ui/webapp/DefaultLoginPageGeneratingFilterTests.java

@@ -1,7 +1,5 @@
 package org.springframework.security.ui.webapp;
 
-import static org.junit.Assert.*;
-
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
@@ -10,9 +8,9 @@ import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.Authentication;
 import org.springframework.security.AuthenticationException;
-import org.springframework.security.util.MockFilterChain;
 import org.springframework.security.ui.AbstractProcessingFilter;
 import org.springframework.security.ui.FilterChainOrder;
+import org.springframework.security.util.MockFilterChain;
 
 /**
  *
@@ -36,15 +34,14 @@ public class DefaultLoginPageGeneratingFilterTests {
         filter.doFilter(new MockHttpServletRequest("GET", "/spring_security_login"), new MockHttpServletResponse(), new MockFilterChain(false));
     }
 
+    // Fake OpenID filter (since it's not in this module
     private static class MockProcessingFilter extends AbstractProcessingFilter {
-
-        @Override
-        public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
-            return null;
+        protected MockProcessingFilter() {
+            super("/someurl");
         }
 
         @Override
-        public String getDefaultFilterProcessesUrl() {
+        public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
             return null;
         }
 
@@ -55,7 +52,5 @@ public class DefaultLoginPageGeneratingFilterTests {
         public String getClaimedIdentityFieldName() {
             return "unused";
         }
-
     }
-
 }

openid/src/main/java/org/springframework/security/ui/openid/OpenIDAuthenticationProcessingFilter.java

@@ -77,6 +77,12 @@ public class OpenIDAuthenticationProcessingFilter extends AbstractProcessingFilt
     private String claimedIdentityFieldName = DEFAULT_CLAIMED_IDENTITY_FIELD;
     private Map<String,String> realmMapping = Collections.emptyMap();
 
+    //~ Constructors ===================================================================================================
+
+    public OpenIDAuthenticationProcessingFilter() {
+        super("/j_spring_openid_security_check");
+    }
+
     //~ Methods ========================================================================================================
 
     public void afterPropertiesSet() throws Exception {
@@ -86,10 +92,6 @@ public class OpenIDAuthenticationProcessingFilter extends AbstractProcessingFilt
         }
     }
 
-    public String getDefaultFilterProcessesUrl() {
-        return "/j_spring_openid_security_check";
-    }
-
     /**
      * Authentication has two phases.
      * <ol>