Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-27 14:22:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-576: Tidying.

Browse Source
This commit is contained in:
Luke Taylor 2008-01-22 15:07:37 +00:00
parent c8b9f24038
commit 7854e36029
5 changed files with 54 additions and 93 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
core/src/main/java/org/springframework/security/providers/preauth/PreAuthenticatedAuthenticationProvider.java
View File

@ -14,7 +14,7 @@ import org.springframework.util.Assert;
/** /**
* <p> * <p>
* Processes a pre-authenticated authentication request. The request will * Processes a pre-authenticated authentication request. The request will
* typically originate from a {@link AbstractPreAuthenticatedProcessingFilter} * typically originate from a {@link org.springframework.security.ui.preauth.AbstractPreAuthenticatedProcessingFilter}
* subclass. * subclass.
* </p> * </p>
* *
@ -55,8 +55,8 @@ public class PreAuthenticatedAuthenticationProvider implements AuthenticationPro
if (ud == null) { if (ud == null) {
return null; return null;
} }
PreAuthenticatedAuthenticationToken result = new PreAuthenticatedAuthenticationToken(ud, authentication.getCredentials(), ud PreAuthenticatedAuthenticationToken result =
.getAuthorities()); new PreAuthenticatedAuthenticationToken(ud, authentication.getCredentials(), ud.getAuthorities());
result.setDetails(authentication.getDetails()); result.setDetails(authentication.getDetails());
return result; return result;
@ -64,8 +64,7 @@ public class PreAuthenticatedAuthenticationProvider implements AuthenticationPro
} }
/** /**
* Indicate that this provider only supports * Indicate that this provider only supports PreAuthenticatedAuthenticationToken (sub)classes.
* PreAuthenticatedAuthenticationToken (sub)classes.
*/ */
public boolean supports(Class authentication) { public boolean supports(Class authentication) {
return PreAuthenticatedAuthenticationToken.class.isAssignableFrom(authentication); return PreAuthenticatedAuthenticationToken.class.isAssignableFrom(authentication);

32
core/src/main/java/org/springframework/security/ui/FilterChainOrder.java
View File

@ -15,20 +15,22 @@ public abstract class FilterChainOrder {
*/ */
public static final int FILTER_CHAIN_FIRST = Ordered.HIGHEST_PRECEDENCE + 1000; public static final int FILTER_CHAIN_FIRST = Ordered.HIGHEST_PRECEDENCE + 1000;
private static final int INTERVAL = 100; private static final int INTERVAL = 100;
private static int i = 1;
public static final int CHANNEL_PROCESSING_FILTER = FILTER_CHAIN_FIRST + INTERVAL; public static final int CHANNEL_PROCESSING_FILTER = FILTER_CHAIN_FIRST;
public static final int CONCURRENT_SESSION_FILTER = FILTER_CHAIN_FIRST + INTERVAL * 2; public static final int CONCURRENT_SESSION_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++;
public static final int HTTP_SESSION_CONTEXT_FILTER = FILTER_CHAIN_FIRST + INTERVAL * 3; public static final int HTTP_SESSION_CONTEXT_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++;
public static final int LOGOUT_FILTER = FILTER_CHAIN_FIRST + INTERVAL * 4; public static final int LOGOUT_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++;
public static final int AUTH_PROCESSING_FILTER = FILTER_CHAIN_FIRST + INTERVAL * 5; public static final int PRE_AUTH_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++;
public static final int CAS_PROCESSING_FILTER = FILTER_CHAIN_FIRST + INTERVAL * 5; public static final int CAS_PROCESSING_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++;
public static final int LOGIN_PAGE_FILTER = FILTER_CHAIN_FIRST + INTERVAL * 6; public static final int AUTH_PROCESSING_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++;
public static final int BASIC_PROCESSING_FILTER = FILTER_CHAIN_FIRST + INTERVAL * 7; public static final int LOGIN_PAGE_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++;
public static final int SECURITY_CONTEXT_HOLDER_AWARE_FILTER = FILTER_CHAIN_FIRST + INTERVAL * 8; public static final int BASIC_PROCESSING_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++;
public static final int REMEMBER_ME_FILTER = FILTER_CHAIN_FIRST + INTERVAL * 9; public static final int SECURITY_CONTEXT_HOLDER_AWARE_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++;
public static final int ANON_PROCESSING_FILTER = FILTER_CHAIN_FIRST + INTERVAL * 10; public static final int REMEMBER_ME_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++;
public static final int EXCEPTION_TRANSLATION_FILTER = FILTER_CHAIN_FIRST + INTERVAL * 11; public static final int ANON_PROCESSING_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++;
public static final int NTLM_FILTER = FILTER_CHAIN_FIRST + INTERVAL * 12; public static final int EXCEPTION_TRANSLATION_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++;
public static final int FILTER_SECURITY_INTERCEPTOR = FILTER_CHAIN_FIRST + INTERVAL * 13; public static final int NTLM_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++;
public static final int SWITCH_USER_FILTER = FILTER_CHAIN_FIRST + INTERVAL * 14; public static final int FILTER_SECURITY_INTERCEPTOR = FILTER_CHAIN_FIRST + INTERVAL * i++;
public static final int SWITCH_USER_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++;
} }

64
core/src/main/java/org/springframework/security/ui/preauth/AbstractPreAuthenticatedProcessingFilter.java
View File

@ -2,12 +2,8 @@ package org.springframework.security.ui.preauth;
import java.io.IOException; import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain; import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException; import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
@ -19,6 +15,7 @@ import org.springframework.security.event.authentication.InteractiveAuthenticati
import org.springframework.security.ui.AuthenticationDetailsSource; import org.springframework.security.ui.AuthenticationDetailsSource;
import org.springframework.security.ui.AuthenticationDetailsSourceImpl; import org.springframework.security.ui.AuthenticationDetailsSourceImpl;
import org.springframework.security.ui.AbstractProcessingFilter; import org.springframework.security.ui.AbstractProcessingFilter;
import org.springframework.security.ui.SpringSecurityFilter;
import org.springframework.security.context.SecurityContextHolder; import org.springframework.security.context.SecurityContextHolder;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
@ -29,16 +26,16 @@ import org.springframework.context.ApplicationEventPublisherAware;
import org.springframework.util.Assert; import org.springframework.util.Assert;
/** /**
* Base class for processing filters that handle pre-authenticated * Base class for processing filters that handle pre-authenticated authentication requests. Subclasses must implement
* authentication requests. Subclasses must implement the * the getPreAuthenticatedPrincipal() and getPreAuthenticatedCredentials() methods.
* getPreAuthenticatedPrincipal() and getPreAuthenticatedCredentials() methods. *
* <p> * @author Ruud Senden
* This code is partly based on * @since 2.0
* {@link org.springframework.security.ui.x509.X509ProcessingFilter}.
* </p>
*/ */
public abstract class AbstractPreAuthenticatedProcessingFilter implements Filter, InitializingBean, ApplicationEventPublisherAware { public abstract class AbstractPreAuthenticatedProcessingFilter extends SpringSecurityFilter implements
private static final Log LOG = LogFactory.getLog(AbstractPreAuthenticatedProcessingFilter.class); InitializingBean, ApplicationEventPublisherAware {
private static final Log LOG = LogFactory.getLog(AbstractPreAuthenticatedProcessingFilter.class);
private ApplicationEventPublisher eventPublisher = null; private ApplicationEventPublisher eventPublisher = null;
@ -54,37 +51,21 @@ public abstract class AbstractPreAuthenticatedProcessingFilter implements Filter
} }
/** /**
* Try to authenticate a pre-authenticated user with Acegi if the user has * Try to authenticate a pre-authenticated user with Spring Security if the user has not yet been authenticated.
* not yet been authenticated.
*/ */
public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException { public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException {
if (!(request instanceof HttpServletRequest)) {
throw new ServletException("Can only process HttpServletRequest");
}
if (!(response instanceof HttpServletResponse)) {
throw new ServletException("Can only process HttpServletResponse");
}
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
if (LOG.isDebugEnabled()) { if (LOG.isDebugEnabled()) {
LOG.debug("Checking secure context token: " + SecurityContextHolder.getContext().getAuthentication()); LOG.debug("Checking secure context token: " + SecurityContextHolder.getContext().getAuthentication());
} }
if (SecurityContextHolder.getContext().getAuthentication() == null) { if (SecurityContextHolder.getContext().getAuthentication() == null) {
doAuthenticate(httpRequest, httpResponse); doAuthenticate(request, response);
} }
filterChain.doFilter(request, response); filterChain.doFilter(request, response);
} }
/** /**
* Do the actual authentication for a pre-authenticated user. * Do the actual authentication for a pre-authenticated user.
*
* @param httpRequest
* The HttpServletRequest object
* @param httpResponse
* The HttpServletResponse object
*/ */
private void doAuthenticate(HttpServletRequest httpRequest, HttpServletResponse httpResponse) { private void doAuthenticate(HttpServletRequest httpRequest, HttpServletResponse httpResponse) {
Authentication authResult = null; Authentication authResult = null;
@ -126,9 +107,10 @@ public abstract class AbstractPreAuthenticatedProcessingFilter implements Filter
* when authentication fails. * when authentication fails.
*/ */
protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed) { protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed) {
SecurityContextHolder.getContext().setAuthentication(null); SecurityContextHolder.clearContext();
if (LOG.isDebugEnabled()) {
LOG.debug("Updated SecurityContextHolder to contain null Authentication due to exception", failed); if (LOG.isDebugEnabled()) {
LOG.debug("Cleared security context due to exception", failed);
} }
request.getSession().setAttribute(AbstractProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY, failed); request.getSession().setAttribute(AbstractProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY, failed);
} }
@ -158,18 +140,6 @@ public abstract class AbstractPreAuthenticatedProcessingFilter implements Filter
this.authenticationManager = authenticationManager; this.authenticationManager = authenticationManager;
} }
/**
* Required method, does nothing.
*/
public void init(FilterConfig filterConfig) {
}
/**
* Required method, does nothing.
*/
public void destroy() {
}
protected abstract Object getPreAuthenticatedPrincipal(HttpServletRequest httpRequest); protected abstract Object getPreAuthenticatedPrincipal(HttpServletRequest httpRequest);
protected abstract Object getPreAuthenticatedCredentials(HttpServletRequest httpRequest); protected abstract Object getPreAuthenticatedCredentials(HttpServletRequest httpRequest);

4
core/src/main/java/org/springframework/security/ui/preauth/j2ee/J2eePreAuthenticatedProcessingFilter.java
View File

@ -33,4 +33,8 @@ public class J2eePreAuthenticatedProcessingFilter extends AbstractPreAuthenticat
protected Object getPreAuthenticatedCredentials(HttpServletRequest httpRequest) { protected Object getPreAuthenticatedCredentials(HttpServletRequest httpRequest) {
return "N/A"; return "N/A";
} }
public int getOrder() {
return 0;
}
} }

38
core/src/test/java/org/springframework/security/ui/preauth/PreAuthenticatedProcessingFilterTests.java
View File

@ -2,13 +2,13 @@ package org.springframework.security.ui.preauth;
import org.springframework.security.context.SecurityContextHolder; import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.MockAuthenticationManager; import org.springframework.security.MockAuthenticationManager;
import org.springframework.security.ui.FilterChainOrder;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import junit.framework.TestCase; import junit.framework.TestCase;
import org.springframework.mock.web.MockFilterChain; import org.springframework.mock.web.MockFilterChain;
import org.springframework.mock.web.MockFilterConfig;
import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse; import org.springframework.mock.web.MockHttpServletResponse;
@ -17,8 +17,7 @@ public class PreAuthenticatedProcessingFilterTests extends TestCase {
SecurityContextHolder.clearContext(); SecurityContextHolder.clearContext();
} }
public void testAfterPropertiesSet() public void testAfterPropertiesSet() {
{
ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter(); ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter();
try { try {
filter.afterPropertiesSet(); filter.afterPropertiesSet();
@ -29,51 +28,38 @@ public class PreAuthenticatedProcessingFilterTests extends TestCase {
} }
} }
public void testInit() throws Exception public final void testDoFilterAuthenticated() throws Exception {
{
getFilter(true).init(new MockFilterConfig());
// Init doesn't do anything, so nothing to test
}
public void testDestroy() throws Exception
{
getFilter(true).destroy();
// Destroy doesn't do anything, so nothing to test
}
public final void testDoFilterAuthenticated() throws Exception
{
testDoFilter(true); testDoFilter(true);
} }
public final void testDoFilterUnauthenticated() throws Exception public final void testDoFilterUnauthenticated() throws Exception {
{
testDoFilter(false); testDoFilter(false);
} }
private final void testDoFilter(boolean grantAccess) throws Exception private final void testDoFilter(boolean grantAccess) throws Exception {
{
MockHttpServletRequest req = new MockHttpServletRequest(); MockHttpServletRequest req = new MockHttpServletRequest();
MockHttpServletResponse res = new MockHttpServletResponse(); MockHttpServletResponse res = new MockHttpServletResponse();
getFilter(grantAccess).doFilter(req,res,new MockFilterChain()); getFilter(grantAccess).doFilter(req,res,new MockFilterChain());
assertEquals(grantAccess,null!= SecurityContextHolder.getContext().getAuthentication()); assertEquals(grantAccess,null!= SecurityContextHolder.getContext().getAuthentication());
} }
private static final ConcretePreAuthenticatedProcessingFilter getFilter(boolean grantAccess) throws Exception private static final ConcretePreAuthenticatedProcessingFilter getFilter(boolean grantAccess) throws Exception {
{
ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter(); ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter();
filter.setAuthenticationManager(new MockAuthenticationManager(grantAccess)); filter.setAuthenticationManager(new MockAuthenticationManager(grantAccess));
filter.afterPropertiesSet(); filter.afterPropertiesSet();
return filter; return filter;
} }
private static final class ConcretePreAuthenticatedProcessingFilter extends AbstractPreAuthenticatedProcessingFilter private static final class ConcretePreAuthenticatedProcessingFilter extends AbstractPreAuthenticatedProcessingFilter {
{
protected Object getPreAuthenticatedPrincipal(HttpServletRequest httpRequest) { protected Object getPreAuthenticatedPrincipal(HttpServletRequest httpRequest) {
return "testPrincipal"; return "testPrincipal";
} }
protected Object getPreAuthenticatedCredentials(HttpServletRequest httpRequest) { protected Object getPreAuthenticatedCredentials(HttpServletRequest httpRequest) {
return "testCredentials"; return "testCredentials";
} }
}
public int getOrder() {
return FilterChainOrder.PRE_AUTH_FILTER;
}
}
} }