The SecurityEnforcementFilter was forced to catch Throwable by the FilterInvocation.invoke(...) method. Therefore it was wrapping the throwable in ServletException, which left it wrapping SevletException and IOException in ServletException.
This commit is contained in:
parent
2c23c75f91
commit
54ccbf5617
|
@ -15,11 +15,7 @@
|
|||
|
||||
package net.sf.acegisecurity.intercept.web;
|
||||
|
||||
import net.sf.acegisecurity.AccessDeniedException;
|
||||
import net.sf.acegisecurity.AuthenticationException;
|
||||
import net.sf.acegisecurity.AuthenticationTrustResolver;
|
||||
import net.sf.acegisecurity.AuthenticationTrustResolverImpl;
|
||||
import net.sf.acegisecurity.InsufficientAuthenticationException;
|
||||
import net.sf.acegisecurity.*;
|
||||
import net.sf.acegisecurity.context.security.SecureContextUtils;
|
||||
import net.sf.acegisecurity.ui.AbstractProcessingFilter;
|
||||
import net.sf.acegisecurity.util.PortResolver;
|
||||
|
@ -34,12 +30,7 @@ import org.springframework.util.Assert;
|
|||
|
||||
import java.io.IOException;
|
||||
|
||||
import javax.servlet.Filter;
|
||||
import javax.servlet.FilterChain;
|
||||
import javax.servlet.FilterConfig;
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.ServletRequest;
|
||||
import javax.servlet.ServletResponse;
|
||||
import javax.servlet.*;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
|
@ -53,8 +44,8 @@ import javax.servlet.http.HttpServletResponse;
|
|||
* </p>
|
||||
*
|
||||
* <p>
|
||||
* If an {@link AuthenticationException} is detected, the filter will launch the
|
||||
* <code>authenticationEntryPoint</code>. This allows common handling of
|
||||
* If an {@link AuthenticationException} is detected, the filter will launch
|
||||
* the <code>authenticationEntryPoint</code>. This allows common handling of
|
||||
* authentication failures originating from any subclass of {@link
|
||||
* net.sf.acegisecurity.intercept.AbstractSecurityInterceptor}.
|
||||
* </p>
|
||||
|
@ -210,6 +201,10 @@ public class SecurityEnforcementFilter implements Filter, InitializingBean {
|
|||
|
||||
sendAccessDeniedError(fi, accessDenied);
|
||||
}
|
||||
} catch (ServletException e) {
|
||||
throw e;
|
||||
} catch (IOException e) {
|
||||
throw e;
|
||||
} catch (Throwable otherException) {
|
||||
throw new ServletException(otherException);
|
||||
}
|
||||
|
|
|
@ -17,18 +17,16 @@ package net.sf.acegisecurity.intercept.web;
|
|||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import net.sf.acegisecurity.AccessDeniedException;
|
||||
import net.sf.acegisecurity.BadCredentialsException;
|
||||
import net.sf.acegisecurity.GrantedAuthority;
|
||||
import net.sf.acegisecurity.GrantedAuthorityImpl;
|
||||
import net.sf.acegisecurity.MockAuthenticationEntryPoint;
|
||||
import net.sf.acegisecurity.MockPortResolver;
|
||||
import net.sf.acegisecurity.*;
|
||||
import net.sf.acegisecurity.context.ContextHolder;
|
||||
import net.sf.acegisecurity.context.security.SecureContext;
|
||||
import net.sf.acegisecurity.context.security.SecureContextImpl;
|
||||
import net.sf.acegisecurity.providers.anonymous.AnonymousAuthenticationToken;
|
||||
import net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilter;
|
||||
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import javax.servlet.FilterChain;
|
||||
|
@ -36,9 +34,6 @@ import javax.servlet.ServletException;
|
|||
import javax.servlet.ServletRequest;
|
||||
import javax.servlet.ServletResponse;
|
||||
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
|
||||
|
||||
/**
|
||||
* Tests {@link SecurityEnforcementFilter}.
|
||||
|
@ -82,7 +77,7 @@ public class SecurityEnforcementFilterTests extends TestCase {
|
|||
|
||||
// Setup the FilterSecurityInterceptor thrown an access denied exception
|
||||
MockFilterSecurityInterceptor interceptor = new MockFilterSecurityInterceptor(true,
|
||||
false);
|
||||
false, false, false);
|
||||
|
||||
// Setup ContextHolder, as filter needs to check if user is anonymous
|
||||
SecureContext sc = new SecureContextImpl();
|
||||
|
@ -114,7 +109,7 @@ public class SecurityEnforcementFilterTests extends TestCase {
|
|||
|
||||
// Setup the FilterSecurityInterceptor thrown an access denied exception
|
||||
MockFilterSecurityInterceptor interceptor = new MockFilterSecurityInterceptor(true,
|
||||
false);
|
||||
false, false, false);
|
||||
|
||||
// Setup ContextHolder, as filter needs to check if user is anonymous
|
||||
SecureContext sc = new SecureContextImpl();
|
||||
|
@ -131,8 +126,8 @@ public class SecurityEnforcementFilterTests extends TestCase {
|
|||
filter.doFilter(request, response, chain);
|
||||
assertEquals(403, response.getStatus());
|
||||
assertEquals(AccessDeniedException.class,
|
||||
request.getSession().getAttribute(
|
||||
SecurityEnforcementFilter.ACEGI_SECURITY_ACCESS_DENIED_EXCEPTION_KEY)
|
||||
request.getSession()
|
||||
.getAttribute(SecurityEnforcementFilter.ACEGI_SECURITY_ACCESS_DENIED_EXCEPTION_KEY)
|
||||
.getClass());
|
||||
}
|
||||
|
||||
|
@ -165,7 +160,7 @@ public class SecurityEnforcementFilterTests extends TestCase {
|
|||
public void testGettersSetters() {
|
||||
SecurityEnforcementFilter filter = new SecurityEnforcementFilter();
|
||||
filter.setFilterSecurityInterceptor(new MockFilterSecurityInterceptor(
|
||||
false, false));
|
||||
false, false, false, false));
|
||||
assertTrue(filter.getFilterSecurityInterceptor() != null);
|
||||
|
||||
filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint(
|
||||
|
@ -192,7 +187,7 @@ public class SecurityEnforcementFilterTests extends TestCase {
|
|||
|
||||
// Setup the FilterSecurityInterceptor thrown an authentication failure exceptions
|
||||
MockFilterSecurityInterceptor interceptor = new MockFilterSecurityInterceptor(false,
|
||||
true);
|
||||
true, false, false);
|
||||
|
||||
// Test
|
||||
SecurityEnforcementFilter filter = new SecurityEnforcementFilter();
|
||||
|
@ -225,7 +220,7 @@ public class SecurityEnforcementFilterTests extends TestCase {
|
|||
|
||||
// Setup the FilterSecurityInterceptor thrown an authentication failure exceptions
|
||||
MockFilterSecurityInterceptor interceptor = new MockFilterSecurityInterceptor(false,
|
||||
true);
|
||||
true, false, false);
|
||||
|
||||
// Test
|
||||
SecurityEnforcementFilter filter = new SecurityEnforcementFilter();
|
||||
|
@ -246,7 +241,7 @@ public class SecurityEnforcementFilterTests extends TestCase {
|
|||
throws Exception {
|
||||
SecurityEnforcementFilter filter = new SecurityEnforcementFilter();
|
||||
filter.setFilterSecurityInterceptor(new MockFilterSecurityInterceptor(
|
||||
false, false));
|
||||
false, false, false, false));
|
||||
|
||||
try {
|
||||
filter.afterPropertiesSet();
|
||||
|
@ -276,7 +271,7 @@ public class SecurityEnforcementFilterTests extends TestCase {
|
|||
throws Exception {
|
||||
SecurityEnforcementFilter filter = new SecurityEnforcementFilter();
|
||||
filter.setFilterSecurityInterceptor(new MockFilterSecurityInterceptor(
|
||||
false, false));
|
||||
false, false, false, false));
|
||||
filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint(
|
||||
"/login.jsp"));
|
||||
filter.setPortResolver(null);
|
||||
|
@ -299,7 +294,7 @@ public class SecurityEnforcementFilterTests extends TestCase {
|
|||
|
||||
// Setup the FilterSecurityInterceptor to not thrown any exceptions
|
||||
MockFilterSecurityInterceptor interceptor = new MockFilterSecurityInterceptor(false,
|
||||
false);
|
||||
false, false, false);
|
||||
|
||||
// Test
|
||||
SecurityEnforcementFilter filter = new SecurityEnforcementFilter();
|
||||
|
@ -320,6 +315,46 @@ public class SecurityEnforcementFilterTests extends TestCase {
|
|||
assertTrue(true);
|
||||
}
|
||||
|
||||
public void testThrowIOException() throws Exception {
|
||||
SecurityEnforcementFilter filter = new SecurityEnforcementFilter();
|
||||
|
||||
filter.setFilterSecurityInterceptor(new MockFilterSecurityInterceptor(
|
||||
false, false, false, true));
|
||||
|
||||
filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint(""));
|
||||
|
||||
filter.afterPropertiesSet();
|
||||
|
||||
try {
|
||||
filter.doFilter(new MockHttpServletRequest(),
|
||||
new MockHttpServletResponse(), new MockFilterChain(false));
|
||||
fail("Should have thrown IOException");
|
||||
} catch (IOException e) {
|
||||
assertNull("The IOException thrown should not have been wrapped",
|
||||
e.getCause());
|
||||
}
|
||||
}
|
||||
|
||||
public void testThrowServletException() throws Exception {
|
||||
SecurityEnforcementFilter filter = new SecurityEnforcementFilter();
|
||||
|
||||
filter.setFilterSecurityInterceptor(new MockFilterSecurityInterceptor(
|
||||
false, false, true, false));
|
||||
|
||||
filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint(""));
|
||||
|
||||
filter.afterPropertiesSet();
|
||||
|
||||
try {
|
||||
filter.doFilter(new MockHttpServletRequest(),
|
||||
new MockHttpServletResponse(), new MockFilterChain(false));
|
||||
fail("Should have thrown ServletException");
|
||||
} catch (ServletException e) {
|
||||
assertNull("The ServletException thrown should not have been wrapped",
|
||||
e.getCause());
|
||||
}
|
||||
}
|
||||
|
||||
protected void tearDown() throws Exception {
|
||||
super.tearDown();
|
||||
ContextHolder.setContext(null);
|
||||
|
@ -352,15 +387,16 @@ public class SecurityEnforcementFilterTests extends TestCase {
|
|||
extends FilterSecurityInterceptor {
|
||||
private boolean throwAccessDenied;
|
||||
private boolean throwAuthenticationFailure;
|
||||
private boolean throwIOException;
|
||||
private boolean throwServletException;
|
||||
|
||||
public MockFilterSecurityInterceptor(boolean throwAccessDenied,
|
||||
boolean throwAuthenticationFailure) {
|
||||
boolean throwAuthenticationFailure, boolean throwServletException,
|
||||
boolean throwIOException) {
|
||||
this.throwAccessDenied = throwAccessDenied;
|
||||
this.throwAuthenticationFailure = throwAuthenticationFailure;
|
||||
}
|
||||
|
||||
private MockFilterSecurityInterceptor() {
|
||||
super();
|
||||
this.throwServletException = throwServletException;
|
||||
this.throwIOException = throwIOException;
|
||||
}
|
||||
|
||||
public void invoke(FilterInvocation fi) throws Throwable {
|
||||
|
@ -372,6 +408,14 @@ public class SecurityEnforcementFilterTests extends TestCase {
|
|||
throw new BadCredentialsException("As requested");
|
||||
}
|
||||
|
||||
if (throwServletException) {
|
||||
throw new ServletException("As requested");
|
||||
}
|
||||
|
||||
if (throwIOException) {
|
||||
throw new IOException("As requested");
|
||||
}
|
||||
|
||||
fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue