Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

The SecurityEnforcementFilter was forced to catch Throwable by the FilterInvocation.invoke(...) method. Therefore it was wrapping the throwable in ServletException, which left it wrapping SevletException and IOException in ServletException.

This commit is contained in:
Ray Krueger 2005-04-29 02:53:02 +00:00
parent 2c23c75f91
commit 54ccbf5617
2 changed files with 76 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
core/src/main/java/org/acegisecurity/intercept/web/SecurityEnforcementFilter.java
View File

@ -15,11 +15,7 @@
package net.sf.acegisecurity.intercept.web; package net.sf.acegisecurity.intercept.web;
import net.sf.acegisecurity.AccessDeniedException; import net.sf.acegisecurity.*;
import net.sf.acegisecurity.AuthenticationException;
import net.sf.acegisecurity.AuthenticationTrustResolver;
import net.sf.acegisecurity.AuthenticationTrustResolverImpl;
import net.sf.acegisecurity.InsufficientAuthenticationException;
import net.sf.acegisecurity.context.security.SecureContextUtils; import net.sf.acegisecurity.context.security.SecureContextUtils;
import net.sf.acegisecurity.ui.AbstractProcessingFilter; import net.sf.acegisecurity.ui.AbstractProcessingFilter;
import net.sf.acegisecurity.util.PortResolver; import net.sf.acegisecurity.util.PortResolver;
@ -34,12 +30,7 @@ import org.springframework.util.Assert;
import java.io.IOException; import java.io.IOException;
import javax.servlet.Filter; import javax.servlet.*;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
@ -53,8 +44,8 @@ import javax.servlet.http.HttpServletResponse;
* </p> * </p>
* *
* <p> * <p>
* If an {@link AuthenticationException} is detected, the filter will launch the * If an {@link AuthenticationException} is detected, the filter will launch
* <code>authenticationEntryPoint</code>. This allows common handling of * the <code>authenticationEntryPoint</code>. This allows common handling of
* authentication failures originating from any subclass of {@link * authentication failures originating from any subclass of {@link
* net.sf.acegisecurity.intercept.AbstractSecurityInterceptor}. * net.sf.acegisecurity.intercept.AbstractSecurityInterceptor}.
* </p> * </p>
@ -210,6 +201,10 @@ public class SecurityEnforcementFilter implements Filter, InitializingBean {
sendAccessDeniedError(fi, accessDenied); sendAccessDeniedError(fi, accessDenied);
} }
} catch (ServletException e) {
throw e;
} catch (IOException e) {
throw e;
} catch (Throwable otherException) { } catch (Throwable otherException) {
throw new ServletException(otherException); throw new ServletException(otherException);
} }

92
core/src/test/java/org/acegisecurity/intercept/web/SecurityEnforcementFilterTests.java
View File

@ -17,18 +17,16 @@ package net.sf.acegisecurity.intercept.web;
import junit.framework.TestCase; import junit.framework.TestCase;
import net.sf.acegisecurity.AccessDeniedException; import net.sf.acegisecurity.*;
import net.sf.acegisecurity.BadCredentialsException;
import net.sf.acegisecurity.GrantedAuthority;
import net.sf.acegisecurity.GrantedAuthorityImpl;
import net.sf.acegisecurity.MockAuthenticationEntryPoint;
import net.sf.acegisecurity.MockPortResolver;
import net.sf.acegisecurity.context.ContextHolder; import net.sf.acegisecurity.context.ContextHolder;
import net.sf.acegisecurity.context.security.SecureContext; import net.sf.acegisecurity.context.security.SecureContext;
import net.sf.acegisecurity.context.security.SecureContextImpl; import net.sf.acegisecurity.context.security.SecureContextImpl;
import net.sf.acegisecurity.providers.anonymous.AnonymousAuthenticationToken; import net.sf.acegisecurity.providers.anonymous.AnonymousAuthenticationToken;
import net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilter; import net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilter;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import java.io.IOException; import java.io.IOException;
import javax.servlet.FilterChain; import javax.servlet.FilterChain;
@ -36,9 +34,6 @@ import javax.servlet.ServletException;
import javax.servlet.ServletRequest; import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse; import javax.servlet.ServletResponse;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.mock.web.MockHttpServletRequest;
/** /**
* Tests {@link SecurityEnforcementFilter}. * Tests {@link SecurityEnforcementFilter}.
@ -82,7 +77,7 @@ public class SecurityEnforcementFilterTests extends TestCase {
// Setup the FilterSecurityInterceptor thrown an access denied exception // Setup the FilterSecurityInterceptor thrown an access denied exception
MockFilterSecurityInterceptor interceptor = new MockFilterSecurityInterceptor(true, MockFilterSecurityInterceptor interceptor = new MockFilterSecurityInterceptor(true,
false); false, false, false);
// Setup ContextHolder, as filter needs to check if user is anonymous // Setup ContextHolder, as filter needs to check if user is anonymous
SecureContext sc = new SecureContextImpl(); SecureContext sc = new SecureContextImpl();
@ -114,7 +109,7 @@ public class SecurityEnforcementFilterTests extends TestCase {
// Setup the FilterSecurityInterceptor thrown an access denied exception // Setup the FilterSecurityInterceptor thrown an access denied exception
MockFilterSecurityInterceptor interceptor = new MockFilterSecurityInterceptor(true, MockFilterSecurityInterceptor interceptor = new MockFilterSecurityInterceptor(true,
false); false, false, false);
// Setup ContextHolder, as filter needs to check if user is anonymous // Setup ContextHolder, as filter needs to check if user is anonymous
SecureContext sc = new SecureContextImpl(); SecureContext sc = new SecureContextImpl();
@ -131,8 +126,8 @@ public class SecurityEnforcementFilterTests extends TestCase {
filter.doFilter(request, response, chain); filter.doFilter(request, response, chain);
assertEquals(403, response.getStatus()); assertEquals(403, response.getStatus());
assertEquals(AccessDeniedException.class, assertEquals(AccessDeniedException.class,
request.getSession().getAttribute( request.getSession()
SecurityEnforcementFilter.ACEGI_SECURITY_ACCESS_DENIED_EXCEPTION_KEY) .getAttribute(SecurityEnforcementFilter.ACEGI_SECURITY_ACCESS_DENIED_EXCEPTION_KEY)
.getClass()); .getClass());
} }
@ -165,7 +160,7 @@ public class SecurityEnforcementFilterTests extends TestCase {
public void testGettersSetters() { public void testGettersSetters() {
SecurityEnforcementFilter filter = new SecurityEnforcementFilter(); SecurityEnforcementFilter filter = new SecurityEnforcementFilter();
filter.setFilterSecurityInterceptor(new MockFilterSecurityInterceptor( filter.setFilterSecurityInterceptor(new MockFilterSecurityInterceptor(
false, false)); false, false, false, false));
assertTrue(filter.getFilterSecurityInterceptor() != null); assertTrue(filter.getFilterSecurityInterceptor() != null);
filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint( filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint(
@ -192,7 +187,7 @@ public class SecurityEnforcementFilterTests extends TestCase {
// Setup the FilterSecurityInterceptor thrown an authentication failure exceptions // Setup the FilterSecurityInterceptor thrown an authentication failure exceptions
MockFilterSecurityInterceptor interceptor = new MockFilterSecurityInterceptor(false, MockFilterSecurityInterceptor interceptor = new MockFilterSecurityInterceptor(false,
true); true, false, false);
// Test // Test
SecurityEnforcementFilter filter = new SecurityEnforcementFilter(); SecurityEnforcementFilter filter = new SecurityEnforcementFilter();
@ -225,7 +220,7 @@ public class SecurityEnforcementFilterTests extends TestCase {
// Setup the FilterSecurityInterceptor thrown an authentication failure exceptions // Setup the FilterSecurityInterceptor thrown an authentication failure exceptions
MockFilterSecurityInterceptor interceptor = new MockFilterSecurityInterceptor(false, MockFilterSecurityInterceptor interceptor = new MockFilterSecurityInterceptor(false,
true); true, false, false);
// Test // Test
SecurityEnforcementFilter filter = new SecurityEnforcementFilter(); SecurityEnforcementFilter filter = new SecurityEnforcementFilter();
@ -246,7 +241,7 @@ public class SecurityEnforcementFilterTests extends TestCase {
throws Exception { throws Exception {
SecurityEnforcementFilter filter = new SecurityEnforcementFilter(); SecurityEnforcementFilter filter = new SecurityEnforcementFilter();
filter.setFilterSecurityInterceptor(new MockFilterSecurityInterceptor( filter.setFilterSecurityInterceptor(new MockFilterSecurityInterceptor(
false, false)); false, false, false, false));
try { try {
filter.afterPropertiesSet(); filter.afterPropertiesSet();
@ -276,7 +271,7 @@ public class SecurityEnforcementFilterTests extends TestCase {
throws Exception { throws Exception {
SecurityEnforcementFilter filter = new SecurityEnforcementFilter(); SecurityEnforcementFilter filter = new SecurityEnforcementFilter();
filter.setFilterSecurityInterceptor(new MockFilterSecurityInterceptor( filter.setFilterSecurityInterceptor(new MockFilterSecurityInterceptor(
false, false)); false, false, false, false));
filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint( filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint(
"/login.jsp")); "/login.jsp"));
filter.setPortResolver(null); filter.setPortResolver(null);
@ -299,7 +294,7 @@ public class SecurityEnforcementFilterTests extends TestCase {
// Setup the FilterSecurityInterceptor to not thrown any exceptions // Setup the FilterSecurityInterceptor to not thrown any exceptions
MockFilterSecurityInterceptor interceptor = new MockFilterSecurityInterceptor(false, MockFilterSecurityInterceptor interceptor = new MockFilterSecurityInterceptor(false,
false); false, false, false);
// Test // Test
SecurityEnforcementFilter filter = new SecurityEnforcementFilter(); SecurityEnforcementFilter filter = new SecurityEnforcementFilter();
@ -320,6 +315,46 @@ public class SecurityEnforcementFilterTests extends TestCase {
assertTrue(true); assertTrue(true);
} }
public void testThrowIOException() throws Exception {
SecurityEnforcementFilter filter = new SecurityEnforcementFilter();
filter.setFilterSecurityInterceptor(new MockFilterSecurityInterceptor(
false, false, false, true));
filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint(""));
filter.afterPropertiesSet();
try {
filter.doFilter(new MockHttpServletRequest(),
new MockHttpServletResponse(), new MockFilterChain(false));
fail("Should have thrown IOException");
} catch (IOException e) {
assertNull("The IOException thrown should not have been wrapped",
e.getCause());
}
}
public void testThrowServletException() throws Exception {
SecurityEnforcementFilter filter = new SecurityEnforcementFilter();
filter.setFilterSecurityInterceptor(new MockFilterSecurityInterceptor(
false, false, true, false));
filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint(""));
filter.afterPropertiesSet();
try {
filter.doFilter(new MockHttpServletRequest(),
new MockHttpServletResponse(), new MockFilterChain(false));
fail("Should have thrown ServletException");
} catch (ServletException e) {
assertNull("The ServletException thrown should not have been wrapped",
e.getCause());
}
}
protected void tearDown() throws Exception { protected void tearDown() throws Exception {
super.tearDown(); super.tearDown();
ContextHolder.setContext(null); ContextHolder.setContext(null);
@ -352,15 +387,16 @@ public class SecurityEnforcementFilterTests extends TestCase {
extends FilterSecurityInterceptor { extends FilterSecurityInterceptor {
private boolean throwAccessDenied; private boolean throwAccessDenied;
private boolean throwAuthenticationFailure; private boolean throwAuthenticationFailure;
private boolean throwIOException;
private boolean throwServletException;
public MockFilterSecurityInterceptor(boolean throwAccessDenied, public MockFilterSecurityInterceptor(boolean throwAccessDenied,
boolean throwAuthenticationFailure) { boolean throwAuthenticationFailure, boolean throwServletException,
boolean throwIOException) {
this.throwAccessDenied = throwAccessDenied; this.throwAccessDenied = throwAccessDenied;
this.throwAuthenticationFailure = throwAuthenticationFailure; this.throwAuthenticationFailure = throwAuthenticationFailure;
} this.throwServletException = throwServletException;
this.throwIOException = throwIOException;
private MockFilterSecurityInterceptor() {
super();
} }
public void invoke(FilterInvocation fi) throws Throwable { public void invoke(FilterInvocation fi) throws Throwable {
@ -372,6 +408,14 @@ public class SecurityEnforcementFilterTests extends TestCase {
throw new BadCredentialsException("As requested"); throw new BadCredentialsException("As requested");
} }
if (throwServletException) {
throw new ServletException("As requested");
}
if (throwIOException) {
throw new IOException("As requested");
}
fi.getChain().doFilter(fi.getRequest(), fi.getResponse()); fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
} }
} }