mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-06-01 09:42:13 +00:00
SEC-1047: Added an option to DigestProcessingFilter that the created Authentication object is now marked as "authenticated"
This commit is contained in:
parent
e14a904306
commit
5623c13038
@ -1,4 +1,4 @@
|
|||||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
/* Copyright 2004, 2005, 2006 2009 Acegi Technology Pty Limited
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
@ -90,10 +90,13 @@ public class DigestProcessingFilter extends GenericFilterBean implements Message
|
|||||||
private UserCache userCache = new NullUserCache();
|
private UserCache userCache = new NullUserCache();
|
||||||
private UserDetailsService userDetailsService;
|
private UserDetailsService userDetailsService;
|
||||||
private boolean passwordAlreadyEncoded = false;
|
private boolean passwordAlreadyEncoded = false;
|
||||||
|
private boolean createAuthenticatedToken = false;
|
||||||
|
|
||||||
//~ Methods ========================================================================================================
|
//~ Methods ========================================================================================================
|
||||||
|
|
||||||
@Override
|
|
||||||
|
|
||||||
|
@Override
|
||||||
public void afterPropertiesSet() {
|
public void afterPropertiesSet() {
|
||||||
Assert.notNull(userDetailsService, "A UserDetailsService is required");
|
Assert.notNull(userDetailsService, "A UserDetailsService is required");
|
||||||
Assert.notNull(authenticationEntryPoint, "A DigestProcessingFilterEntryPoint is required");
|
Assert.notNull(authenticationEntryPoint, "A DigestProcessingFilterEntryPoint is required");
|
||||||
@ -300,8 +303,14 @@ public class DigestProcessingFilter extends GenericFilterBean implements Message
|
|||||||
+ "'");
|
+ "'");
|
||||||
}
|
}
|
||||||
|
|
||||||
UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(user,
|
UsernamePasswordAuthenticationToken authRequest;
|
||||||
user.getPassword());
|
if (createAuthenticatedToken) {
|
||||||
|
authRequest = new UsernamePasswordAuthenticationToken(user, user.getPassword(), user.getAuthorities());
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
authRequest = new UsernamePasswordAuthenticationToken(user, user.getPassword());
|
||||||
|
}
|
||||||
|
|
||||||
authRequest.setDetails(authenticationDetailsSource.buildDetails((HttpServletRequest) request));
|
authRequest.setDetails(authenticationDetailsSource.buildDetails((HttpServletRequest) request));
|
||||||
|
|
||||||
@ -358,4 +367,23 @@ public class DigestProcessingFilter extends GenericFilterBean implements Message
|
|||||||
public void setUserDetailsService(UserDetailsService userDetailsService) {
|
public void setUserDetailsService(UserDetailsService userDetailsService) {
|
||||||
this.userDetailsService = userDetailsService;
|
this.userDetailsService = userDetailsService;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* If you set this property, the Authentication object, which is
|
||||||
|
* created after the successful digest authentication will be marked
|
||||||
|
* as <b>authenticated</b> and filled with the authorities loaded by
|
||||||
|
* the UserDetailsService. It therefore will not be re-authenticated
|
||||||
|
* by your AuthenticationProvider. This means, that only the password
|
||||||
|
* of the user is checked, but not the flags like isEnabled() or
|
||||||
|
* isAccountNonExpired(). You will save some time by enabling this flag,
|
||||||
|
* as otherwise your UserDetailsService will be called twice. A more secure
|
||||||
|
* option would be to introduce a cache around your UserDetailsService, but
|
||||||
|
* if you don't use these flags, you can also safely enable this option.
|
||||||
|
*
|
||||||
|
* @param createAuthenticatedToken default is false
|
||||||
|
*/
|
||||||
|
public void setCreateAuthenticatedToken(boolean createAuthenticatedToken) {
|
||||||
|
this.createAuthenticatedToken = createAuthenticatedToken;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
@ -35,6 +35,7 @@ import org.junit.Before;
|
|||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
import org.springframework.mock.web.MockHttpServletRequest;
|
import org.springframework.mock.web.MockHttpServletRequest;
|
||||||
import org.springframework.mock.web.MockHttpServletResponse;
|
import org.springframework.mock.web.MockHttpServletResponse;
|
||||||
|
import org.springframework.security.core.authority.AuthorityUtils;
|
||||||
import org.springframework.security.core.context.SecurityContextHolder;
|
import org.springframework.security.core.context.SecurityContextHolder;
|
||||||
import org.springframework.security.core.userdetails.UserDetails;
|
import org.springframework.security.core.userdetails.UserDetails;
|
||||||
import org.springframework.security.core.userdetails.cache.NullUserCache;
|
import org.springframework.security.core.userdetails.cache.NullUserCache;
|
||||||
@ -294,6 +295,26 @@ public class DigestProcessingFilterTests {
|
|||||||
assertNotNull(SecurityContextHolder.getContext().getAuthentication());
|
assertNotNull(SecurityContextHolder.getContext().getAuthentication());
|
||||||
assertEquals(USERNAME,
|
assertEquals(USERNAME,
|
||||||
((UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername());
|
((UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername());
|
||||||
|
assertFalse(SecurityContextHolder.getContext().getAuthentication().isAuthenticated());
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testNormalOperationWhenPasswordNotAlreadyEncodedAndWithoutReAuthentication() throws Exception {
|
||||||
|
String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET",
|
||||||
|
REQUEST_URI, QOP, NONCE, NC, CNONCE);
|
||||||
|
|
||||||
|
request.addHeader("Authorization",
|
||||||
|
createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
|
||||||
|
|
||||||
|
filter.setCreateAuthenticatedToken(true);
|
||||||
|
executeFilterInContainerSimulator(filter, request, true);
|
||||||
|
|
||||||
|
assertNotNull(SecurityContextHolder.getContext().getAuthentication());
|
||||||
|
assertEquals(USERNAME,
|
||||||
|
((UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername());
|
||||||
|
assertTrue(SecurityContextHolder.getContext().getAuthentication().isAuthenticated());
|
||||||
|
assertEquals(AuthorityUtils.createAuthorityList("ROLE_ONE","ROLE_TWO"),
|
||||||
|
SecurityContextHolder.getContext().getAuthentication().getAuthorities());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
Loading…
x
Reference in New Issue
Block a user