Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-07-12 13:23:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Allow filter to update multiple HttpSession attributes (useful if servlets etc expect to find an Authentication object in a given HttpSession attribute, like Jakarta Slide).

Browse Source
This commit is contained in:
Ben Alex 2004-05-04 07:27:57 +00:00
parent eaa92cd80a
commit 4152df1225
2 changed files with 120 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
core/src/main/java/org/acegisecurity/ui/webapp/HttpSessionIntegrationFilter.java
View File

@ -18,6 +18,9 @@ package net.sf.acegisecurity.ui.webapp;
import net.sf.acegisecurity.Authentication; import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.ui.AbstractIntegrationFilter; import net.sf.acegisecurity.ui.AbstractIntegrationFilter;
import java.util.Iterator;
import java.util.List;
import javax.servlet.ServletRequest; import javax.servlet.ServletRequest;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession; import javax.servlet.http.HttpSession;
@ -53,6 +56,13 @@ import javax.servlet.http.HttpSession;
* request. * request.
* </p> * </p>
* *
* <P>
* The filter can also copy the <code>Authentication</code> object to any
* number of additional <code>HttpSession</code> attributes. To use this
* capability, provide <code>String</code>s indicating the additional
* attribute name(s) to {@link #setAdditionalAttributes(List)}.
* </p>
*
* <p> * <p>
* See {@link AbstractIntegrationFilter} for further information. * See {@link AbstractIntegrationFilter} for further information.
* </p> * </p>
@ -65,8 +75,21 @@ public class HttpSessionIntegrationFilter extends AbstractIntegrationFilter {
public static final String ACEGI_SECURITY_AUTHENTICATION_KEY = "ACEGI_SECURITY_AUTHENTICATION"; public static final String ACEGI_SECURITY_AUTHENTICATION_KEY = "ACEGI_SECURITY_AUTHENTICATION";
//~ Instance fields ========================================================
private List additionalAttributes = null;
//~ Methods ================================================================ //~ Methods ================================================================
public void setAdditionalAttributes(List additionalAttributes) {
validateList(additionalAttributes);
this.additionalAttributes = additionalAttributes;
}
public List getAdditionalAttributes() {
return additionalAttributes;
}
public void commitToContainer(ServletRequest request, public void commitToContainer(ServletRequest request,
Authentication authentication) { Authentication authentication) {
if (request instanceof HttpServletRequest) { if (request instanceof HttpServletRequest) {
@ -75,6 +98,7 @@ public class HttpSessionIntegrationFilter extends AbstractIntegrationFilter {
if (httpSession != null) { if (httpSession != null) {
httpSession.setAttribute(ACEGI_SECURITY_AUTHENTICATION_KEY, httpSession.setAttribute(ACEGI_SECURITY_AUTHENTICATION_KEY,
authentication); authentication);
updateOtherLocations(httpSession, authentication);
} }
} }
} }
@ -87,6 +111,9 @@ public class HttpSessionIntegrationFilter extends AbstractIntegrationFilter {
Object authObject = httpSession.getAttribute(ACEGI_SECURITY_AUTHENTICATION_KEY); Object authObject = httpSession.getAttribute(ACEGI_SECURITY_AUTHENTICATION_KEY);
if (authObject instanceof Authentication) { if (authObject instanceof Authentication) {
updateOtherLocations(httpSession,
(Authentication) authObject);
return authObject; return authObject;
} }
} }
@ -94,4 +121,33 @@ public class HttpSessionIntegrationFilter extends AbstractIntegrationFilter {
return null; return null;
} }
private void updateOtherLocations(HttpSession session,
Authentication authentication) {
if (additionalAttributes == null) {
return;
}
Iterator iter = additionalAttributes.iterator();
while (iter.hasNext()) {
String attribute = (String) iter.next();
session.setAttribute(attribute, authentication);
}
}
private void validateList(List newAdditionalAttributes) {
if (newAdditionalAttributes != null) {
Iterator iter = newAdditionalAttributes.iterator();
while (iter.hasNext()) {
Object objectToTest = iter.next();
if (!(objectToTest instanceof String)) {
throw new IllegalArgumentException(
"List of additional attributes can only contains Strings!");
}
}
}
}
} }

64
core/src/test/java/org/acegisecurity/ui/webapp/HttpSessionIntegrationFilterTests.java
View File

@ -23,6 +23,9 @@ import net.sf.acegisecurity.MockHttpServletRequest;
import net.sf.acegisecurity.MockHttpSession; import net.sf.acegisecurity.MockHttpSession;
import net.sf.acegisecurity.adapters.PrincipalAcegiUserToken; import net.sf.acegisecurity.adapters.PrincipalAcegiUserToken;
import java.util.List;
import java.util.Vector;
/** /**
* Tests {@link HttpSessionIntegrationFilter}. * Tests {@link HttpSessionIntegrationFilter}.
@ -115,6 +118,19 @@ public class HttpSessionIntegrationFilterTests extends TestCase {
assertEquals(principal, result); assertEquals(principal, result);
} }
public void testDetectsInvalidAdditionalAttributes() {
HttpSessionIntegrationFilter filter = new HttpSessionIntegrationFilter();
List list = new Vector();
list.add(new Integer(4));
try {
filter.setAdditionalAttributes(list);
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertTrue(true);
}
}
public void testHandlesIfHttpRequestIsNullForSomeReason() { public void testHandlesIfHttpRequestIsNullForSomeReason() {
HttpSessionIntegrationFilter filter = new HttpSessionIntegrationFilter(); HttpSessionIntegrationFilter filter = new HttpSessionIntegrationFilter();
assertEquals(null, filter.extractFromContainer(null)); assertEquals(null, filter.extractFromContainer(null));
@ -132,4 +148,52 @@ public class HttpSessionIntegrationFilterTests extends TestCase {
filter.extractFromContainer( filter.extractFromContainer(
new MockHttpServletRequest(null, new MockHttpSession()))); new MockHttpServletRequest(null, new MockHttpSession())));
} }
public void testSettingEmptyListForAdditionalAttributesIsAcceptable() {
HttpSessionIntegrationFilter filter = new HttpSessionIntegrationFilter();
filter.setAdditionalAttributes(new Vector());
assertTrue(filter.getAdditionalAttributes() != null);
}
public void testSettingNullForAdditionalAttributesIsAcceptable() {
HttpSessionIntegrationFilter filter = new HttpSessionIntegrationFilter();
filter.setAdditionalAttributes(null);
assertNull(filter.getAdditionalAttributes());
}
public void testUpdatesAdditionalAttributes() {
// Build a mock session containing the authenticated user
PrincipalAcegiUserToken principal = new PrincipalAcegiUserToken("key",
"someone", "password",
new GrantedAuthority[] {new GrantedAuthorityImpl("SOME_ROLE")});
MockHttpSession session = new MockHttpSession();
session.setAttribute(HttpSessionIntegrationFilter.ACEGI_SECURITY_AUTHENTICATION_KEY,
principal);
// Check our attributes are not presently set
assertNull(session.getAttribute("SOME_EXTRA_ATTRIBUTE_1"));
assertNull(session.getAttribute("SOME_EXTRA_ATTRIBUTE_2"));
// Generate filter
HttpSessionIntegrationFilter filter = new HttpSessionIntegrationFilter();
List list = new Vector();
list.add("SOME_EXTRA_ATTRIBUTE_1");
list.add("SOME_EXTRA_ATTRIBUTE_2");
filter.setAdditionalAttributes(list);
// Confirm filter can extract required credentials from session
Object result = filter.extractFromContainer(new MockHttpServletRequest(
null, session));
if (!(result instanceof PrincipalAcegiUserToken)) {
fail("Should have returned PrincipalAcegiUserToken");
}
PrincipalAcegiUserToken castResult = (PrincipalAcegiUserToken) result;
assertEquals(principal, result);
// Now double-check it updated our earlier set additionalAttributes
assertEquals(principal, session.getAttribute("SOME_EXTRA_ATTRIBUTE_1"));
assertEquals(principal, session.getAttribute("SOME_EXTRA_ATTRIBUTE_2"));
}
} }