SEC-671: Changed AuthenticationDetailsSource to take an object as argument instead of an HttpServletRequest and renamed AuthenticationDetailsSourceImpl to WebAuthenticationDetailsSource. Also removed some preauth dependencies on commons lang

2025-09-08 20:51:41 +00:00 · 2008-03-13 14:42:38 +00:00 · 2008-03-13 14:42:38 +00:00 · 42a80931c1
commit 42a80931c1
parent df0d52ada7
16 changed files with 55 additions and 44 deletions
--- a/core/src/main/java/org/springframework/security/authoritymapping/XmlMappableAttributesRetriever.java
+++ b/core/src/main/java/org/springframework/security/authoritymapping/XmlMappableAttributesRetriever.java
@ -4,6 +4,7 @@ import java.io.FilterInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.StringReader;
 import java.util.Arrays;
 import java.util.List;
 import javax.xml.parsers.DocumentBuilder;
@ -11,7 +12,6 @@ import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.FactoryConfigurationError;
 import javax.xml.parsers.ParserConfigurationException;
 import org.apache.commons.lang.ArrayUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.jaxen.JaxenException;
@ -75,7 +75,7 @@ public abstract class XmlMappableAttributesRetriever implements MappableAttribut
            Document doc = getDocument(aStream);
            String[] roles = getMappableAttributes(doc);
            if (logger.isDebugEnabled()) {
-                logger.debug("Mappable attributes from XML document: " + ArrayUtils.toString(roles));
+                logger.debug("Mappable attributes from XML document: " + Arrays.asList(roles));
            }
            return roles;
        } finally {
--- a/core/src/main/java/org/springframework/security/providers/anonymous/AnonymousProcessingFilter.java
+++ b/core/src/main/java/org/springframework/security/providers/anonymous/AnonymousProcessingFilter.java
@ -20,7 +20,7 @@ import org.springframework.security.Authentication;
 import org.springframework.security.context.SecurityContextHolder;
 import org.springframework.security.ui.AuthenticationDetailsSource;
-import org.springframework.security.ui.AuthenticationDetailsSourceImpl;
+import org.springframework.security.ui.WebAuthenticationDetailsSource;
 import org.springframework.security.ui.FilterChainOrder;
 import org.springframework.security.ui.SpringSecurityFilter;
@ -56,7 +56,7 @@ public class AnonymousProcessingFilter  extends SpringSecurityFilter  implements
    //~ Instance fields ================================================================================================
-    private AuthenticationDetailsSource authenticationDetailsSource = new AuthenticationDetailsSourceImpl();
+    private AuthenticationDetailsSource authenticationDetailsSource = new WebAuthenticationDetailsSource();
    private String key;
    private UserAttribute userAttribute;
    private boolean removeAfterRequest = true;
--- a/core/src/main/java/org/springframework/security/providers/preauth/PreAuthenticatedAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/providers/preauth/PreAuthenticatedAuthenticationProvider.java
@ -83,7 +83,7 @@ public class PreAuthenticatedAuthenticationProvider implements AuthenticationPro
    }
    /**
-     * Set the PreAuthenticatedUserDetailsServices to be used.
+     * Set the AuthenticatedUserDetailsServices to be used.
     *
     * @param aPreAuthenticatedUserDetailsService
     */
--- a/core/src/main/java/org/springframework/security/ui/AbstractProcessingFilter.java
+++ b/core/src/main/java/org/springframework/security/ui/AbstractProcessingFilter.java
@ -143,7 +143,7 @@ public abstract class AbstractProcessingFilter extends SpringSecurityFilter impl
    protected ApplicationEventPublisher eventPublisher;
-    protected AuthenticationDetailsSource authenticationDetailsSource = new AuthenticationDetailsSourceImpl();
+    protected AuthenticationDetailsSource authenticationDetailsSource = new WebAuthenticationDetailsSource();
    private AuthenticationManager authenticationManager;
--- a/core/src/main/java/org/springframework/security/ui/AuthenticationDetailsSource.java
+++ b/core/src/main/java/org/springframework/security/ui/AuthenticationDetailsSource.java
@ -15,7 +15,6 @@
 package org.springframework.security.ui;
 import javax.servlet.http.HttpServletRequest;
 /**
@ -31,9 +30,9 @@ public interface AuthenticationDetailsSource {
    /**
     * Called by a class when it wishes a new authentication details instance to be created.
     *
-     * @param request the request object, which may be used by the authentication details object
+     * @param context the request object, which may be used by the authentication details object
     *
     * @return a fully-configured authentication details instance
     */
-    Object buildDetails(HttpServletRequest request);
+    Object buildDetails(Object context);
 }
--- a/core/src/main/java/org/springframework/security/ui/AuthenticationDetailsSourceImpl.java
+++ b/core/src/main/java/org/springframework/security/ui/AuthenticationDetailsSourceImpl.java
@ -25,25 +25,31 @@ import javax.servlet.http.HttpServletRequest;
 /**
- * Base implementation of {@link AuthenticationDetailsSource}.<P>By default will create an instance of
+ * Implementation of {@link AuthenticationDetailsSource} which builds the details object from
- * <code>WebAuthenticationDetails</code>. Any object that accepts a <code>HttpServletRequest</code> as its sole
+ * an <tt>HttpServletRequest</tt> object.
- * constructor can be used instead of this default.</p>
+ * <p>
 * By default will create an instance of <code>WebAuthenticationDetails</code>. Any object that accepts a 
 * <code>HttpServletRequest</code> as its sole constructor can be used instead of this default.
 *
 * @author Ben Alex
 * @version $Id$
 */
-public class AuthenticationDetailsSourceImpl implements AuthenticationDetailsSource {
+public class WebAuthenticationDetailsSource implements AuthenticationDetailsSource {
    //~ Instance fields ================================================================================================
    private Class clazz = WebAuthenticationDetails.class;
    //~ Methods ========================================================================================================
-    public Object buildDetails(HttpServletRequest request) {
+    /**
     * @param context the <tt>HttpServletRequest</tt> object.
     */
    public Object buildDetails(Object context) {
        Assert.isInstanceOf(HttpServletRequest.class, context);
        try {
            Constructor constructor = clazz.getConstructor(new Class[] {HttpServletRequest.class});
-            return constructor.newInstance(new Object[] {request});
+            return constructor.newInstance(new Object[] {context});
        } catch (NoSuchMethodException ex) {
            ReflectionUtils.handleReflectionException(ex);
        } catch (InvocationTargetException ex) {
--- a/core/src/main/java/org/springframework/security/ui/basicauth/BasicProcessingFilter.java
+++ b/core/src/main/java/org/springframework/security/ui/basicauth/BasicProcessingFilter.java
@ -33,7 +33,7 @@ import org.springframework.security.context.SecurityContextHolder;
 import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
 import org.springframework.security.providers.anonymous.AnonymousAuthenticationToken;
 import org.springframework.security.ui.AuthenticationDetailsSource;
-import org.springframework.security.ui.AuthenticationDetailsSourceImpl;
+import org.springframework.security.ui.WebAuthenticationDetailsSource;
 import org.springframework.security.ui.AuthenticationEntryPoint;
 import org.springframework.security.ui.FilterChainOrder;
 import org.springframework.security.ui.SpringSecurityFilter;
@ -93,7 +93,7 @@ public class BasicProcessingFilter extends SpringSecurityFilter implements Initi
    //~ Instance fields ================================================================================================
-    private AuthenticationDetailsSource authenticationDetailsSource = new AuthenticationDetailsSourceImpl();
+    private AuthenticationDetailsSource authenticationDetailsSource = new WebAuthenticationDetailsSource();
    private AuthenticationEntryPoint authenticationEntryPoint;
    private AuthenticationManager authenticationManager;
    private RememberMeServices rememberMeServices;
--- a/core/src/main/java/org/springframework/security/ui/digestauth/DigestProcessingFilter.java
+++ b/core/src/main/java/org/springframework/security/ui/digestauth/DigestProcessingFilter.java
@ -27,7 +27,7 @@ import org.springframework.security.providers.dao.UserCache;
 import org.springframework.security.providers.dao.cache.NullUserCache;
 import org.springframework.security.ui.AuthenticationDetailsSource;
-import org.springframework.security.ui.AuthenticationDetailsSourceImpl;
+import org.springframework.security.ui.WebAuthenticationDetailsSource;
 import org.springframework.security.userdetails.UserDetails;
 import org.springframework.security.userdetails.UserDetailsService;
@ -91,7 +91,7 @@ public class DigestProcessingFilter implements Filter, InitializingBean, Message
    //~ Instance fields ================================================================================================
-    private AuthenticationDetailsSource authenticationDetailsSource = new AuthenticationDetailsSourceImpl();
+    private AuthenticationDetailsSource authenticationDetailsSource = new WebAuthenticationDetailsSource();
    private DigestProcessingFilterEntryPoint authenticationEntryPoint;
    protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
    private UserCache userCache = new NullUserCache();
--- a/core/src/main/java/org/springframework/security/ui/preauth/AbstractPreAuthenticatedProcessingFilter.java
+++ b/core/src/main/java/org/springframework/security/ui/preauth/AbstractPreAuthenticatedProcessingFilter.java
@ -13,7 +13,7 @@ import org.springframework.security.Authentication;
 import org.springframework.security.AuthenticationException;
 import org.springframework.security.event.authentication.InteractiveAuthenticationSuccessEvent;
 import org.springframework.security.ui.AuthenticationDetailsSource;
-import org.springframework.security.ui.AuthenticationDetailsSourceImpl;
+import org.springframework.security.ui.WebAuthenticationDetailsSource;
 import org.springframework.security.ui.AbstractProcessingFilter;
 import org.springframework.security.ui.SpringSecurityFilter;
 import org.springframework.security.context.SecurityContextHolder;
@ -40,7 +40,7 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends SpringSec
    private ApplicationEventPublisher eventPublisher = null;
-    private AuthenticationDetailsSource authenticationDetailsSource = new AuthenticationDetailsSourceImpl();
+    private AuthenticationDetailsSource authenticationDetailsSource = new WebAuthenticationDetailsSource();
    private AuthenticationManager authenticationManager = null;
--- a/core/src/main/java/org/springframework/security/ui/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails.java
+++ b/core/src/main/java/org/springframework/security/ui/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails.java
@ -1,5 +1,7 @@
 package org.springframework.security.ui.preauth;
 import java.util.Arrays;
 import javax.servlet.http.HttpServletRequest;
 import org.springframework.security.providers.preauth.PreAuthenticatedGrantedAuthoritiesRetriever;
@ -7,7 +9,6 @@ import org.springframework.security.providers.preauth.PreAuthenticatedGrantedAut
 import org.springframework.security.ui.WebAuthenticationDetails;
 import org.springframework.security.GrantedAuthority;
 import org.apache.commons.lang.StringUtils;
 import org.springframework.util.Assert;
 /**
@ -33,7 +34,7 @@ public class PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails extends
 	public String toString() {
 		StringBuffer sb = new StringBuffer();
 		sb.append(super.toString() + "; ");
-		sb.append("preAuthenticatedGrantedAuthorities: " + StringUtils.join(preAuthenticatedGrantedAuthorities, ", "));
+		sb.append("preAuthenticatedGrantedAuthorities: " + Arrays.asList(preAuthenticatedGrantedAuthorities));
 		return sb.toString();
 	}
--- a/core/src/main/java/org/springframework/security/ui/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.java
+++ b/core/src/main/java/org/springframework/security/ui/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.java
@ -1,23 +1,29 @@
 package org.springframework.security.ui.preauth.j2ee;
 import org.springframework.security.ui.preauth.PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails;
-import org.springframework.security.ui.AuthenticationDetailsSourceImpl;
+import org.springframework.security.ui.WebAuthenticationDetailsSource;
 import org.springframework.security.providers.preauth.PreAuthenticatedGrantedAuthoritiesSetter;
 import org.springframework.security.GrantedAuthority;
 import org.springframework.security.authoritymapping.Attributes2GrantedAuthoritiesMapper;
 import org.springframework.security.authoritymapping.MappableAttributesRetriever;
 import java.util.ArrayList;
 import java.util.Arrays;
 import javax.servlet.http.HttpServletRequest;
 import org.apache.commons.lang.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.util.Assert;
-public class J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource extends AuthenticationDetailsSourceImpl implements InitializingBean {
+/**
 * Extended AuthenticationDetailsSource which allows
 *
 * @author Ruud Senden
 * @since 2.0
 */
 public class J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource extends WebAuthenticationDetailsSource implements InitializingBean {
    private static final Log logger = LogFactory.getLog(J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.class);
    private String[] j2eeMappableRoles;
@ -41,18 +47,18 @@ public class J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource extends Aut
    }
    /**
-     * Build the authentication details object. If the speficied authentication
+     * Build the authentication details object. If the specified authentication
     * details class implements the PreAuthenticatedGrantedAuthoritiesSetter, a
     * list of pre-authenticated Granted Authorities will be set based on the
     * J2EE roles for the current user.
     *
-     * @see org.springframework.security.ui.AuthenticationDetailsSource#buildDetails(javax.servlet.http.HttpServletRequest)
+     * @see org.springframework.security.ui.AuthenticationDetailsSource#buildDetails(Object)
     */
-    public Object buildDetails(HttpServletRequest request) {
+    public Object buildDetails(Object context) {
-        Object result = super.buildDetails(request);
+        Object result = super.buildDetails(context);
        if (result instanceof PreAuthenticatedGrantedAuthoritiesSetter) {
            ((PreAuthenticatedGrantedAuthoritiesSetter) result)
-                    .setPreAuthenticatedGrantedAuthorities(getJ2eeBasedGrantedAuthorities(request));
+                    .setPreAuthenticatedGrantedAuthorities(getJ2eeBasedGrantedAuthorities((HttpServletRequest)context));
        }
        return result;
    }
@ -76,8 +82,8 @@ public class J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource extends Aut
        j2eeUserRoles = (String[]) j2eeUserRolesList.toArray(j2eeUserRoles);
        GrantedAuthority[] userGas = j2eeUserRoles2GrantedAuthoritiesMapper.getGrantedAuthorities(j2eeUserRoles);
        if (logger.isDebugEnabled()) {
-            logger.debug("J2EE user roles [" + StringUtils.join(j2eeUserRoles) + "] mapped to Granted Authorities: ["
+            logger.debug("J2EE user roles [" + j2eeUserRolesList + "] mapped to Granted Authorities: ["
-                    + StringUtils.join(userGas) + "]");
+                    + Arrays.asList(userGas) + "]");
        }
        return userGas;
    }
--- a/core/src/main/java/org/springframework/security/ui/rememberme/AbstractRememberMeServices.java
+++ b/core/src/main/java/org/springframework/security/ui/rememberme/AbstractRememberMeServices.java
@ -10,7 +10,7 @@ import org.springframework.security.SpringSecurityMessageSource;
 import org.springframework.security.AccountStatusException;
 import org.springframework.security.providers.rememberme.RememberMeAuthenticationToken;
 import org.springframework.security.ui.AuthenticationDetailsSource;
-import org.springframework.security.ui.AuthenticationDetailsSourceImpl;
+import org.springframework.security.ui.WebAuthenticationDetailsSource;
 import org.springframework.security.ui.logout.LogoutHandler;
 import org.springframework.security.userdetails.UserDetails;
 import org.springframework.security.userdetails.UserDetailsService;
@ -47,7 +47,7 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
    private UserDetailsService userDetailsService;
    private UserDetailsChecker userDetailsChecker = new AccountStatusUserDetailsChecker();
-    private AuthenticationDetailsSource authenticationDetailsSource = new AuthenticationDetailsSourceImpl();
+    private AuthenticationDetailsSource authenticationDetailsSource = new WebAuthenticationDetailsSource();
    private String cookieName = SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY;
 	private String parameter = DEFAULT_PARAMETER;
--- a/core/src/main/java/org/springframework/security/ui/switchuser/SwitchUserProcessingFilter.java
+++ b/core/src/main/java/org/springframework/security/ui/switchuser/SwitchUserProcessingFilter.java
@ -29,7 +29,7 @@ import org.springframework.security.context.SecurityContextHolder;
 import org.springframework.security.event.authentication.AuthenticationSwitchUserEvent;
 import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
 import org.springframework.security.ui.AuthenticationDetailsSource;
-import org.springframework.security.ui.AuthenticationDetailsSourceImpl;
+import org.springframework.security.ui.WebAuthenticationDetailsSource;
 import org.springframework.security.ui.SpringSecurityFilter;
 import org.springframework.security.ui.FilterChainOrder;
 import org.springframework.security.ui.AbstractProcessingFilter;
@ -113,7 +113,7 @@ public class SwitchUserProcessingFilter extends SpringSecurityFilter implements
    //~ Instance fields ================================================================================================
    private ApplicationEventPublisher eventPublisher;
-    private AuthenticationDetailsSource authenticationDetailsSource = new AuthenticationDetailsSourceImpl();
+    private AuthenticationDetailsSource authenticationDetailsSource = new WebAuthenticationDetailsSource();
    protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
    private String exitUserUrl = "/j_spring_security_exit_user";
    private String switchUserUrl = "/j_spring_security_switch_user";
--- a/core/src/main/java/org/springframework/security/ui/x509/X509ProcessingFilter.java
+++ b/core/src/main/java/org/springframework/security/ui/x509/X509ProcessingFilter.java
@ -27,7 +27,7 @@ import org.springframework.security.providers.x509.X509AuthenticationToken;
 import org.springframework.security.ui.AbstractProcessingFilter;
 import org.springframework.security.ui.AuthenticationDetailsSource;
-import org.springframework.security.ui.AuthenticationDetailsSourceImpl;
+import org.springframework.security.ui.WebAuthenticationDetailsSource;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
@ -77,7 +77,7 @@ public class X509ProcessingFilter implements Filter, InitializingBean, Applicati
    //~ Instance fields ================================================================================================
    private ApplicationEventPublisher eventPublisher;
-    private AuthenticationDetailsSource authenticationDetailsSource = new AuthenticationDetailsSourceImpl();
+    private AuthenticationDetailsSource authenticationDetailsSource = new WebAuthenticationDetailsSource();
    private AuthenticationManager authenticationManager;
    //~ Methods ========================================================================================================
--- a/core/src/test/java/org/springframework/security/ui/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetailsTests.java
+++ b/core/src/test/java/org/springframework/security/ui/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetailsTests.java
@ -12,7 +12,6 @@ import javax.servlet.http.HttpServletRequest;
 import junit.framework.TestCase;
 import org.apache.commons.lang.StringUtils;
 import org.springframework.mock.web.MockHttpServletRequest;
 /**
@ -28,8 +27,8 @@ public class PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetailsTests ext
 		GrantedAuthority[] gas = new GrantedAuthority[] { new GrantedAuthorityImpl("Role1"), new GrantedAuthorityImpl("Role2") };
 		details.setPreAuthenticatedGrantedAuthorities(gas);
 		String toString = details.toString();
-		assertTrue("toString doesn't contain Role1", StringUtils.contains(toString, "Role1"));
+		assertTrue("toString should contain Role1", toString.contains("Role1"));
-		assertTrue("toString doesn't contain Role2", StringUtils.contains(toString, "Role2"));
+		assertTrue("toString should contain Role2", toString.contains("Role2"));
 	}
 	public final void testGetSetPreAuthenticatedGrantedAuthorities() {
--- a/ntlm/src/main/java/org/springframework/security/ui/ntlm/NtlmProcessingFilter.java
+++ b/ntlm/src/main/java/org/springframework/security/ui/ntlm/NtlmProcessingFilter.java
@ -27,7 +27,7 @@ import org.springframework.security.providers.anonymous.AnonymousAuthenticationT
 import org.springframework.security.ui.SpringSecurityFilter;
 import org.springframework.security.ui.FilterChainOrder;
 import org.springframework.security.ui.AuthenticationDetailsSource;
-import org.springframework.security.ui.AuthenticationDetailsSourceImpl;
+import org.springframework.security.ui.WebAuthenticationDetailsSource;
 import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.util.Assert;
@ -112,7 +112,7 @@ public class NtlmProcessingFilter extends SpringSecurityFilter implements Initia
 	private String	defaultDomain;
 	private String	domainController;
 	private AuthenticationManager authenticationManager;
-    private AuthenticationDetailsSource authenticationDetailsSource = new AuthenticationDetailsSourceImpl();
+    private AuthenticationDetailsSource authenticationDetailsSource = new WebAuthenticationDetailsSource();
    //~ Methods ========================================================================================================