Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-22 12:02:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

SecureContextLoginModuleTest has been renamed to ...Tests as per Acegi project.

Browse Source 
SecureContextLoginModule now throws a LoginException if there is no authentication present, if the ignoreMissingAuthentication option is true, the login() method will simply return false.
This commit is contained in:
Ray Krueger 2005-07-22 04:35:31 +00:00
parent 28e8c93beb
commit 4b98d357ff
2 changed files with 41 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
core/src/main/java/org/acegisecurity/providers/jaas/SecureContextLoginModule.java
View File

@ -38,7 +38,13 @@ import javax.security.auth.spi.LoginModule;
* The {@link JaasAuthenticationProvider} allows Acegi to authenticate against * The {@link JaasAuthenticationProvider} allows Acegi to authenticate against
* Jaas. <br> * Jaas. <br>
* The SecureContextLoginModule allows a Jaas based application to * The SecureContextLoginModule allows a Jaas based application to
* authenticate against Acegi. * authenticate against Acegi. If there is no Authentication in the {@link
* SecurityContextHolder} the login() method will throw a LoginException by
* default. This functionality can be changed with the
* <tt>ignoreMissingAuthentication</tt> option by setting it to "true".
* Setting ignoreMissingAuthentication=true will tell the
* SecureContextLoginModule to simply return false and be ignored if the
* authentication is null.
* *
* @author Brian Moseley * @author Brian Moseley
* @author Ray Krueger * @author Ray Krueger
@ -52,6 +58,7 @@ public class SecureContextLoginModule implements LoginModule {
private Authentication authen; private Authentication authen;
private Subject subject; private Subject subject;
private boolean ignoreMissingAuthentication = false;
//~ Methods ================================================================ //~ Methods ================================================================
@ -109,6 +116,11 @@ public class SecureContextLoginModule implements LoginModule {
public void initialize(Subject subject, CallbackHandler callbackHandler, public void initialize(Subject subject, CallbackHandler callbackHandler,
Map sharedState, Map options) { Map sharedState, Map options) {
this.subject = subject; this.subject = subject;
if (options != null) {
ignoreMissingAuthentication = "true".equals(options.get(
"ignoreMissingAuthentication"));
}
} }
/** /**
@ -125,8 +137,15 @@ public class SecureContextLoginModule implements LoginModule {
authen = SecurityContextHolder.getContext().getAuthentication(); authen = SecurityContextHolder.getContext().getAuthentication();
if (authen == null) { if (authen == null) {
throw new LoginException("Authentication not found in security" String msg = "Login cannot complete, authentication not found in security context";
+ " context");
if (ignoreMissingAuthentication) {
log.warn(msg);
return false;
} else {
throw new LoginException(msg);
}
} }
return true; return true;

20
core/src/test/java/org/acegisecurity/providers/jaas/SecureContextLoginModuleTest.java → core/src/test/java/org/acegisecurity/providers/jaas/SecureContextLoginModuleTests.java
View File

@ -22,6 +22,8 @@ import net.sf.acegisecurity.context.SecurityContextImpl;
import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken; import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import java.util.HashSet; import java.util.HashSet;
import java.util.Map;
import java.util.HashMap;
import javax.security.auth.Subject; import javax.security.auth.Subject;
import javax.security.auth.login.LoginException; import javax.security.auth.login.LoginException;
@ -32,7 +34,7 @@ import javax.security.auth.login.LoginException;
* *
* @author Ray Krueger * @author Ray Krueger
*/ */
public class SecureContextLoginModuleTest extends TestCase { public class SecureContextLoginModuleTests extends TestCase {
//~ Instance fields ======================================================== //~ Instance fields ========================================================
private SecureContextLoginModule module = null; private SecureContextLoginModule module = null;
@ -82,6 +84,22 @@ public class SecureContextLoginModuleTest extends TestCase {
public void testNullAuthenticationInSecureContext() public void testNullAuthenticationInSecureContext()
throws Exception { throws Exception {
try {
SecurityContextHolder.getContext().setAuthentication(null);
module.login();
fail("LoginException expected, the authentication is null in the SecureContext");
} catch (Exception e) {
}
}
public void testNullAuthenticationInSecureContextIgnored()
throws Exception {
module = new SecureContextLoginModule();
Map options = new HashMap();
options.put("ignoreMissingAuthentication", "true");
module.initialize(subject, null, null, options);
SecurityContextHolder.getContext().setAuthentication(null); SecurityContextHolder.getContext().setAuthentication(null);
assertFalse("Should return false and ask to be ignored", module.login()); assertFalse("Should return false and ask to be ignored", module.login());
} }