mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-05-31 09:12:14 +00:00
SEC-671: Changed AuthenticationDetailsSource to take an object as argument instead of an HttpServletRequest and renamed AuthenticationDetailsSourceImpl to WebAuthenticationDetailsSource. Also removed some preauth dependencies on commons lang
This commit is contained in:
Luke Taylor
parent
df0d52ada7
commit
42a80931c1
@ -4,6 +4,7 @@ import java.io.FilterInputStream;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.io.StringReader;
|
||||
import java.util.Arrays;
|
||||
import java.util.List;
|
||||
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
@ -11,7 +12,6 @@ import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.parsers.FactoryConfigurationError;
|
||||
import javax.xml.parsers.ParserConfigurationException;
|
||||
|
||||
import org.apache.commons.lang.ArrayUtils;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.jaxen.JaxenException;
|
||||
@ -75,7 +75,7 @@ public abstract class XmlMappableAttributesRetriever implements MappableAttribut
|
||||
Document doc = getDocument(aStream);
|
||||
String[] roles = getMappableAttributes(doc);
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Mappable attributes from XML document: " + ArrayUtils.toString(roles));
|
||||
logger.debug("Mappable attributes from XML document: " + Arrays.asList(roles));
|
||||
}
|
||||
return roles;
|
||||
} finally {
|
||||
|
||||
@ -20,7 +20,7 @@ import org.springframework.security.Authentication;
|
||||
import org.springframework.security.context.SecurityContextHolder;
|
||||
|
||||
import org.springframework.security.ui.AuthenticationDetailsSource;
|
||||
import org.springframework.security.ui.AuthenticationDetailsSourceImpl;
|
||||
import org.springframework.security.ui.WebAuthenticationDetailsSource;
|
||||
import org.springframework.security.ui.FilterChainOrder;
|
||||
import org.springframework.security.ui.SpringSecurityFilter;
|
||||
|
||||
@ -56,7 +56,7 @@ public class AnonymousProcessingFilter extends SpringSecurityFilter implements
|
||||
|
||||
//~ Instance fields ================================================================================================
|
||||
|
||||
private AuthenticationDetailsSource authenticationDetailsSource = new AuthenticationDetailsSourceImpl();
|
||||
private AuthenticationDetailsSource authenticationDetailsSource = new WebAuthenticationDetailsSource();
|
||||
private String key;
|
||||
private UserAttribute userAttribute;
|
||||
private boolean removeAfterRequest = true;
|
||||
|
||||
@ -83,7 +83,7 @@ public class PreAuthenticatedAuthenticationProvider implements AuthenticationPro
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the PreAuthenticatedUserDetailsServices to be used.
|
||||
* Set the AuthenticatedUserDetailsServices to be used.
|
||||
*
|
||||
* @param aPreAuthenticatedUserDetailsService
|
||||
*/
|
||||
|
||||
@ -143,7 +143,7 @@ public abstract class AbstractProcessingFilter extends SpringSecurityFilter impl
|
||||
|
||||
protected ApplicationEventPublisher eventPublisher;
|
||||
|
||||
protected AuthenticationDetailsSource authenticationDetailsSource = new AuthenticationDetailsSourceImpl();
|
||||
protected AuthenticationDetailsSource authenticationDetailsSource = new WebAuthenticationDetailsSource();
|
||||
|
||||
private AuthenticationManager authenticationManager;
|
||||
|
||||
|
||||
@ -15,7 +15,6 @@
|
||||
|
||||
package org.springframework.security.ui;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
|
||||
/**
|
||||
@ -31,9 +30,9 @@ public interface AuthenticationDetailsSource {
|
||||
/**
|
||||
* Called by a class when it wishes a new authentication details instance to be created.
|
||||
*
|
||||
* @param request the request object, which may be used by the authentication details object
|
||||
* @param context the request object, which may be used by the authentication details object
|
||||
*
|
||||
* @return a fully-configured authentication details instance
|
||||
*/
|
||||
Object buildDetails(HttpServletRequest request);
|
||||
Object buildDetails(Object context);
|
||||
}
|
||||
|
||||
@ -25,25 +25,31 @@ import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
|
||||
/**
|
||||
* Base implementation of {@link AuthenticationDetailsSource}.<P>By default will create an instance of
|
||||
* <code>WebAuthenticationDetails</code>. Any object that accepts a <code>HttpServletRequest</code> as its sole
|
||||
* constructor can be used instead of this default.</p>
|
||||
* Implementation of {@link AuthenticationDetailsSource} which builds the details object from
|
||||
* an <tt>HttpServletRequest</tt> object.
|
||||
* <p>
|
||||
* By default will create an instance of <code>WebAuthenticationDetails</code>. Any object that accepts a
|
||||
* <code>HttpServletRequest</code> as its sole constructor can be used instead of this default.
|
||||
*
|
||||
* @author Ben Alex
|
||||
* @version $Id$
|
||||
*/
|
||||
public class AuthenticationDetailsSourceImpl implements AuthenticationDetailsSource {
|
||||
public class WebAuthenticationDetailsSource implements AuthenticationDetailsSource {
|
||||
//~ Instance fields ================================================================================================
|
||||
|
||||
private Class clazz = WebAuthenticationDetails.class;
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
public Object buildDetails(HttpServletRequest request) {
|
||||
/**
|
||||
* @param context the <tt>HttpServletRequest</tt> object.
|
||||
*/
|
||||
public Object buildDetails(Object context) {
|
||||
Assert.isInstanceOf(HttpServletRequest.class, context);
|
||||
try {
|
||||
Constructor constructor = clazz.getConstructor(new Class[] {HttpServletRequest.class});
|
||||
|
||||
return constructor.newInstance(new Object[] {request});
|
||||
return constructor.newInstance(new Object[] {context});
|
||||
} catch (NoSuchMethodException ex) {
|
||||
ReflectionUtils.handleReflectionException(ex);
|
||||
} catch (InvocationTargetException ex) {
|
||||
@ -33,7 +33,7 @@ import org.springframework.security.context.SecurityContextHolder;
|
||||
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.providers.anonymous.AnonymousAuthenticationToken;
|
||||
import org.springframework.security.ui.AuthenticationDetailsSource;
|
||||
import org.springframework.security.ui.AuthenticationDetailsSourceImpl;
|
||||
import org.springframework.security.ui.WebAuthenticationDetailsSource;
|
||||
import org.springframework.security.ui.AuthenticationEntryPoint;
|
||||
import org.springframework.security.ui.FilterChainOrder;
|
||||
import org.springframework.security.ui.SpringSecurityFilter;
|
||||
@ -93,7 +93,7 @@ public class BasicProcessingFilter extends SpringSecurityFilter implements Initi
|
||||
|
||||
//~ Instance fields ================================================================================================
|
||||
|
||||
private AuthenticationDetailsSource authenticationDetailsSource = new AuthenticationDetailsSourceImpl();
|
||||
private AuthenticationDetailsSource authenticationDetailsSource = new WebAuthenticationDetailsSource();
|
||||
private AuthenticationEntryPoint authenticationEntryPoint;
|
||||
private AuthenticationManager authenticationManager;
|
||||
private RememberMeServices rememberMeServices;
|
||||
|
||||
@ -27,7 +27,7 @@ import org.springframework.security.providers.dao.UserCache;
|
||||
import org.springframework.security.providers.dao.cache.NullUserCache;
|
||||
|
||||
import org.springframework.security.ui.AuthenticationDetailsSource;
|
||||
import org.springframework.security.ui.AuthenticationDetailsSourceImpl;
|
||||
import org.springframework.security.ui.WebAuthenticationDetailsSource;
|
||||
|
||||
import org.springframework.security.userdetails.UserDetails;
|
||||
import org.springframework.security.userdetails.UserDetailsService;
|
||||
@ -91,7 +91,7 @@ public class DigestProcessingFilter implements Filter, InitializingBean, Message
|
||||
|
||||
//~ Instance fields ================================================================================================
|
||||
|
||||
private AuthenticationDetailsSource authenticationDetailsSource = new AuthenticationDetailsSourceImpl();
|
||||
private AuthenticationDetailsSource authenticationDetailsSource = new WebAuthenticationDetailsSource();
|
||||
private DigestProcessingFilterEntryPoint authenticationEntryPoint;
|
||||
protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
|
||||
private UserCache userCache = new NullUserCache();
|
||||
|
||||
@ -13,7 +13,7 @@ import org.springframework.security.Authentication;
|
||||
import org.springframework.security.AuthenticationException;
|
||||
import org.springframework.security.event.authentication.InteractiveAuthenticationSuccessEvent;
|
||||
import org.springframework.security.ui.AuthenticationDetailsSource;
|
||||
import org.springframework.security.ui.AuthenticationDetailsSourceImpl;
|
||||
import org.springframework.security.ui.WebAuthenticationDetailsSource;
|
||||
import org.springframework.security.ui.AbstractProcessingFilter;
|
||||
import org.springframework.security.ui.SpringSecurityFilter;
|
||||
import org.springframework.security.context.SecurityContextHolder;
|
||||
@ -40,7 +40,7 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends SpringSec
|
||||
|
||||
private ApplicationEventPublisher eventPublisher = null;
|
||||
|
||||
private AuthenticationDetailsSource authenticationDetailsSource = new AuthenticationDetailsSourceImpl();
|
||||
private AuthenticationDetailsSource authenticationDetailsSource = new WebAuthenticationDetailsSource();
|
||||
|
||||
private AuthenticationManager authenticationManager = null;
|
||||
|
||||
|
||||
@ -1,5 +1,7 @@
|
||||
package org.springframework.security.ui.preauth;
|
||||
|
||||
import java.util.Arrays;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
import org.springframework.security.providers.preauth.PreAuthenticatedGrantedAuthoritiesRetriever;
|
||||
@ -7,7 +9,6 @@ import org.springframework.security.providers.preauth.PreAuthenticatedGrantedAut
|
||||
import org.springframework.security.ui.WebAuthenticationDetails;
|
||||
import org.springframework.security.GrantedAuthority;
|
||||
|
||||
import org.apache.commons.lang.StringUtils;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
/**
|
||||
@ -33,7 +34,7 @@ public class PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails extends
|
||||
public String toString() {
|
||||
StringBuffer sb = new StringBuffer();
|
||||
sb.append(super.toString() + "; ");
|
||||
sb.append("preAuthenticatedGrantedAuthorities: " + StringUtils.join(preAuthenticatedGrantedAuthorities, ", "));
|
||||
sb.append("preAuthenticatedGrantedAuthorities: " + Arrays.asList(preAuthenticatedGrantedAuthorities));
|
||||
return sb.toString();
|
||||
}
|
||||
|
||||
|
||||
@ -1,23 +1,29 @@
|
||||
package org.springframework.security.ui.preauth.j2ee;
|
||||
|
||||
import org.springframework.security.ui.preauth.PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails;
|
||||
import org.springframework.security.ui.AuthenticationDetailsSourceImpl;
|
||||
import org.springframework.security.ui.WebAuthenticationDetailsSource;
|
||||
import org.springframework.security.providers.preauth.PreAuthenticatedGrantedAuthoritiesSetter;
|
||||
import org.springframework.security.GrantedAuthority;
|
||||
import org.springframework.security.authoritymapping.Attributes2GrantedAuthoritiesMapper;
|
||||
import org.springframework.security.authoritymapping.MappableAttributesRetriever;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Arrays;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
import org.apache.commons.lang.StringUtils;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
public class J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource extends AuthenticationDetailsSourceImpl implements InitializingBean {
|
||||
/**
|
||||
* Extended AuthenticationDetailsSource which allows
|
||||
*
|
||||
* @author Ruud Senden
|
||||
* @since 2.0
|
||||
*/
|
||||
public class J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource extends WebAuthenticationDetailsSource implements InitializingBean {
|
||||
private static final Log logger = LogFactory.getLog(J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.class);
|
||||
|
||||
private String[] j2eeMappableRoles;
|
||||
@ -41,18 +47,18 @@ public class J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource extends Aut
|
||||
}
|
||||
|
||||
/**
|
||||
* Build the authentication details object. If the speficied authentication
|
||||
* Build the authentication details object. If the specified authentication
|
||||
* details class implements the PreAuthenticatedGrantedAuthoritiesSetter, a
|
||||
* list of pre-authenticated Granted Authorities will be set based on the
|
||||
* J2EE roles for the current user.
|
||||
*
|
||||
* @see org.springframework.security.ui.AuthenticationDetailsSource#buildDetails(javax.servlet.http.HttpServletRequest)
|
||||
* @see org.springframework.security.ui.AuthenticationDetailsSource#buildDetails(Object)
|
||||
*/
|
||||
public Object buildDetails(HttpServletRequest request) {
|
||||
Object result = super.buildDetails(request);
|
||||
public Object buildDetails(Object context) {
|
||||
Object result = super.buildDetails(context);
|
||||
if (result instanceof PreAuthenticatedGrantedAuthoritiesSetter) {
|
||||
((PreAuthenticatedGrantedAuthoritiesSetter) result)
|
||||
.setPreAuthenticatedGrantedAuthorities(getJ2eeBasedGrantedAuthorities(request));
|
||||
.setPreAuthenticatedGrantedAuthorities(getJ2eeBasedGrantedAuthorities((HttpServletRequest)context));
|
||||
}
|
||||
return result;
|
||||
}
|
||||
@ -76,8 +82,8 @@ public class J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource extends Aut
|
||||
j2eeUserRoles = (String[]) j2eeUserRolesList.toArray(j2eeUserRoles);
|
||||
GrantedAuthority[] userGas = j2eeUserRoles2GrantedAuthoritiesMapper.getGrantedAuthorities(j2eeUserRoles);
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("J2EE user roles [" + StringUtils.join(j2eeUserRoles) + "] mapped to Granted Authorities: ["
|
||||
+ StringUtils.join(userGas) + "]");
|
||||
logger.debug("J2EE user roles [" + j2eeUserRolesList + "] mapped to Granted Authorities: ["
|
||||
+ Arrays.asList(userGas) + "]");
|
||||
}
|
||||
return userGas;
|
||||
}
|
||||
|
||||
@ -10,7 +10,7 @@ import org.springframework.security.SpringSecurityMessageSource;
|
||||
import org.springframework.security.AccountStatusException;
|
||||
import org.springframework.security.providers.rememberme.RememberMeAuthenticationToken;
|
||||
import org.springframework.security.ui.AuthenticationDetailsSource;
|
||||
import org.springframework.security.ui.AuthenticationDetailsSourceImpl;
|
||||
import org.springframework.security.ui.WebAuthenticationDetailsSource;
|
||||
import org.springframework.security.ui.logout.LogoutHandler;
|
||||
import org.springframework.security.userdetails.UserDetails;
|
||||
import org.springframework.security.userdetails.UserDetailsService;
|
||||
@ -47,7 +47,7 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
|
||||
|
||||
private UserDetailsService userDetailsService;
|
||||
private UserDetailsChecker userDetailsChecker = new AccountStatusUserDetailsChecker();
|
||||
private AuthenticationDetailsSource authenticationDetailsSource = new AuthenticationDetailsSourceImpl();
|
||||
private AuthenticationDetailsSource authenticationDetailsSource = new WebAuthenticationDetailsSource();
|
||||
|
||||
private String cookieName = SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY;
|
||||
private String parameter = DEFAULT_PARAMETER;
|
||||
|
||||
@ -29,7 +29,7 @@ import org.springframework.security.context.SecurityContextHolder;
|
||||
import org.springframework.security.event.authentication.AuthenticationSwitchUserEvent;
|
||||
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.ui.AuthenticationDetailsSource;
|
||||
import org.springframework.security.ui.AuthenticationDetailsSourceImpl;
|
||||
import org.springframework.security.ui.WebAuthenticationDetailsSource;
|
||||
import org.springframework.security.ui.SpringSecurityFilter;
|
||||
import org.springframework.security.ui.FilterChainOrder;
|
||||
import org.springframework.security.ui.AbstractProcessingFilter;
|
||||
@ -113,7 +113,7 @@ public class SwitchUserProcessingFilter extends SpringSecurityFilter implements
|
||||
//~ Instance fields ================================================================================================
|
||||
|
||||
private ApplicationEventPublisher eventPublisher;
|
||||
private AuthenticationDetailsSource authenticationDetailsSource = new AuthenticationDetailsSourceImpl();
|
||||
private AuthenticationDetailsSource authenticationDetailsSource = new WebAuthenticationDetailsSource();
|
||||
protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
|
||||
private String exitUserUrl = "/j_spring_security_exit_user";
|
||||
private String switchUserUrl = "/j_spring_security_switch_user";
|
||||
|
||||
@ -27,7 +27,7 @@ import org.springframework.security.providers.x509.X509AuthenticationToken;
|
||||
|
||||
import org.springframework.security.ui.AbstractProcessingFilter;
|
||||
import org.springframework.security.ui.AuthenticationDetailsSource;
|
||||
import org.springframework.security.ui.AuthenticationDetailsSourceImpl;
|
||||
import org.springframework.security.ui.WebAuthenticationDetailsSource;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
@ -77,7 +77,7 @@ public class X509ProcessingFilter implements Filter, InitializingBean, Applicati
|
||||
//~ Instance fields ================================================================================================
|
||||
|
||||
private ApplicationEventPublisher eventPublisher;
|
||||
private AuthenticationDetailsSource authenticationDetailsSource = new AuthenticationDetailsSourceImpl();
|
||||
private AuthenticationDetailsSource authenticationDetailsSource = new WebAuthenticationDetailsSource();
|
||||
private AuthenticationManager authenticationManager;
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
@ -12,7 +12,6 @@ import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import org.apache.commons.lang.StringUtils;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
|
||||
/**
|
||||
@ -28,8 +27,8 @@ public class PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetailsTests ext
|
||||
GrantedAuthority[] gas = new GrantedAuthority[] { new GrantedAuthorityImpl("Role1"), new GrantedAuthorityImpl("Role2") };
|
||||
details.setPreAuthenticatedGrantedAuthorities(gas);
|
||||
String toString = details.toString();
|
||||
assertTrue("toString doesn't contain Role1", StringUtils.contains(toString, "Role1"));
|
||||
assertTrue("toString doesn't contain Role2", StringUtils.contains(toString, "Role2"));
|
||||
assertTrue("toString should contain Role1", toString.contains("Role1"));
|
||||
assertTrue("toString should contain Role2", toString.contains("Role2"));
|
||||
}
|
||||
|
||||
public final void testGetSetPreAuthenticatedGrantedAuthorities() {
|
||||
|
||||
@ -27,7 +27,7 @@ import org.springframework.security.providers.anonymous.AnonymousAuthenticationT
|
||||
import org.springframework.security.ui.SpringSecurityFilter;
|
||||
import org.springframework.security.ui.FilterChainOrder;
|
||||
import org.springframework.security.ui.AuthenticationDetailsSource;
|
||||
import org.springframework.security.ui.AuthenticationDetailsSourceImpl;
|
||||
import org.springframework.security.ui.WebAuthenticationDetailsSource;
|
||||
import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
import org.springframework.util.Assert;
|
||||
@ -112,7 +112,7 @@ public class NtlmProcessingFilter extends SpringSecurityFilter implements Initia
|
||||
private String defaultDomain;
|
||||
private String domainController;
|
||||
private AuthenticationManager authenticationManager;
|
||||
private AuthenticationDetailsSource authenticationDetailsSource = new AuthenticationDetailsSourceImpl();
|
||||
private AuthenticationDetailsSource authenticationDetailsSource = new WebAuthenticationDetailsSource();
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user