Remove Servlet Spec 2.5 Support for SecurityContextHolderAwareRequestFilter
Fixes: gh-6260
This commit is contained in:
Dongmin Shin
Josh Cummings
parent
3bcb1d9458
commit
733a380bc7
|
|
@ -1,44 +0,0 @@
|
|||
/*
|
||||
* Copyright 2002-2016 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.web.servletapi;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.springframework.security.authentication.AuthenticationTrustResolver;
|
||||
|
||||
/**
|
||||
* Creates a {@link SecurityContextHolderAwareRequestWrapper}
|
||||
*
|
||||
* @author Rob Winch
|
||||
* @see SecurityContextHolderAwareRequestWrapper
|
||||
*/
|
||||
final class HttpServlet25RequestFactory implements HttpServletRequestFactory {
|
||||
private final String rolePrefix;
|
||||
private final AuthenticationTrustResolver trustResolver;
|
||||
|
||||
HttpServlet25RequestFactory(AuthenticationTrustResolver trustResolver,
|
||||
String rolePrefix) {
|
||||
this.trustResolver = trustResolver;
|
||||
this.rolePrefix = rolePrefix;
|
||||
}
|
||||
|
||||
public HttpServletRequest create(HttpServletRequest request,
|
||||
HttpServletResponse response) {
|
||||
return new SecurityContextHolderAwareRequestWrapper(request, trustResolver,
|
||||
rolePrefix);
|
||||
}
|
||||
}
|
||||
|
|
@ -48,9 +48,8 @@ import org.springframework.util.Assert;
|
|||
import org.springframework.util.CollectionUtils;
|
||||
|
||||
/**
|
||||
* Provides integration with the Servlet 3 APIs in addition to the ones found in
|
||||
* {@link HttpServlet25RequestFactory}. The additional methods that are integrated with
|
||||
* can be found below:
|
||||
* Provides integration with the Servlet 3 APIs. The additional methods that are
|
||||
* integrated with can be found below:
|
||||
*
|
||||
* <ul>
|
||||
* <li>{@link HttpServletRequest#authenticate(HttpServletResponse)} - Allows the user to
|
||||
|
|
@ -71,7 +70,6 @@ import org.springframework.util.CollectionUtils;
|
|||
* @author Rob Winch
|
||||
*
|
||||
* @see SecurityContextHolderAwareRequestFilter
|
||||
* @see HttpServlet25RequestFactory
|
||||
* @see Servlet3SecurityContextHolderAwareRequestWrapper
|
||||
* @see SecurityContextAsyncContext
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -19,13 +19,11 @@ import javax.servlet.http.HttpServletRequest;
|
|||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
/**
|
||||
* Internal interface for creating a {@link HttpServletRequest}. This allows for creating
|
||||
* a different implementation for Servlet 2.5 and Servlet 3.0 environments.
|
||||
* Internal interface for creating a {@link HttpServletRequest}.
|
||||
*
|
||||
* @author Rob Winch
|
||||
* @since 3.2
|
||||
* @see HttpServlet3RequestFactory
|
||||
* @see HttpServlet25RequestFactory
|
||||
*/
|
||||
interface HttpServletRequestFactory {
|
||||
|
||||
|
|
|
|||
|
|
@ -35,20 +35,14 @@ import org.springframework.security.core.context.SecurityContextHolder;
|
|||
import org.springframework.security.web.AuthenticationEntryPoint;
|
||||
import org.springframework.security.web.authentication.logout.LogoutHandler;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.util.ClassUtils;
|
||||
import org.springframework.web.filter.GenericFilterBean;
|
||||
|
||||
/**
|
||||
* A <code>Filter</code> which populates the <code>ServletRequest</code> with a request
|
||||
* wrapper which implements the servlet API security methods.
|
||||
* <p>
|
||||
* In pre servlet 3 environment the wrapper class used is
|
||||
* {@link SecurityContextHolderAwareRequestWrapper}. See its javadoc for the methods that
|
||||
* are implemented.
|
||||
* </p>
|
||||
* <p>
|
||||
* In a servlet 3 environment {@link SecurityContextHolderAwareRequestWrapper} is extended
|
||||
* to provide the following additional methods:
|
||||
* {@link SecurityContextHolderAwareRequestWrapper} is extended to provide the following
|
||||
* additional methods:
|
||||
* </p>
|
||||
* <ul>
|
||||
* <li>{@link HttpServletRequest#authenticate(HttpServletResponse)} - Allows the user to
|
||||
|
|
@ -114,8 +108,6 @@ public class SecurityContextHolderAwareRequestFilter extends GenericFilterBean {
|
|||
* @param authenticationEntryPoint the {@link AuthenticationEntryPoint} to use when
|
||||
* invoking {@link HttpServletRequest#authenticate(HttpServletResponse)} if the user
|
||||
* is not authenticated.
|
||||
*
|
||||
* @throws IllegalStateException if the Servlet 3 APIs are not found on the classpath
|
||||
*/
|
||||
public void setAuthenticationEntryPoint(
|
||||
AuthenticationEntryPoint authenticationEntryPoint) {
|
||||
|
|
@ -136,8 +128,6 @@ public class SecurityContextHolderAwareRequestFilter extends GenericFilterBean {
|
|||
*
|
||||
* @param authenticationManager the {@link AuthenticationManager} to use when invoking
|
||||
* {@link HttpServletRequest#login(String, String)}
|
||||
*
|
||||
* @throws IllegalStateException if the Servlet 3 APIs are not found on the classpath
|
||||
*/
|
||||
public void setAuthenticationManager(AuthenticationManager authenticationManager) {
|
||||
this.authenticationManager = authenticationManager;
|
||||
|
|
@ -158,8 +148,6 @@ public class SecurityContextHolderAwareRequestFilter extends GenericFilterBean {
|
|||
*
|
||||
* @param logoutHandlers the {@code List<LogoutHandler>}s when invoking
|
||||
* {@link HttpServletRequest#logout()}.
|
||||
*
|
||||
* @throws IllegalStateException if the Servlet 3 APIs are not found on the classpath
|
||||
*/
|
||||
public void setLogoutHandlers(List<LogoutHandler> logoutHandlers) {
|
||||
this.logoutHandlers = logoutHandlers;
|
||||
|
|
@ -179,8 +167,7 @@ public class SecurityContextHolderAwareRequestFilter extends GenericFilterBean {
|
|||
|
||||
private void updateFactory() {
|
||||
String rolePrefix = this.rolePrefix;
|
||||
this.requestFactory = isServlet3() ? createServlet3Factory(rolePrefix)
|
||||
: new HttpServlet25RequestFactory(this.trustResolver, rolePrefix);
|
||||
this.requestFactory = createServlet3Factory(rolePrefix);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -205,11 +192,4 @@ public class SecurityContextHolderAwareRequestFilter extends GenericFilterBean {
|
|||
return factory;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns true if the Servlet 3 APIs are detected.
|
||||
* @return
|
||||
*/
|
||||
private boolean isServlet3() {
|
||||
return ClassUtils.hasMethod(ServletRequest.class, "startAsync");
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue