SEC-576: Tidying.
This commit is contained in:
parent
c8b9f24038
commit
7854e36029
|
@ -14,7 +14,7 @@ import org.springframework.util.Assert;
|
|||
/**
|
||||
* <p>
|
||||
* Processes a pre-authenticated authentication request. The request will
|
||||
* typically originate from a {@link AbstractPreAuthenticatedProcessingFilter}
|
||||
* typically originate from a {@link org.springframework.security.ui.preauth.AbstractPreAuthenticatedProcessingFilter}
|
||||
* subclass.
|
||||
* </p>
|
||||
*
|
||||
|
@ -55,8 +55,8 @@ public class PreAuthenticatedAuthenticationProvider implements AuthenticationPro
|
|||
if (ud == null) {
|
||||
return null;
|
||||
}
|
||||
PreAuthenticatedAuthenticationToken result = new PreAuthenticatedAuthenticationToken(ud, authentication.getCredentials(), ud
|
||||
.getAuthorities());
|
||||
PreAuthenticatedAuthenticationToken result =
|
||||
new PreAuthenticatedAuthenticationToken(ud, authentication.getCredentials(), ud.getAuthorities());
|
||||
result.setDetails(authentication.getDetails());
|
||||
|
||||
return result;
|
||||
|
@ -64,8 +64,7 @@ public class PreAuthenticatedAuthenticationProvider implements AuthenticationPro
|
|||
}
|
||||
|
||||
/**
|
||||
* Indicate that this provider only supports
|
||||
* PreAuthenticatedAuthenticationToken (sub)classes.
|
||||
* Indicate that this provider only supports PreAuthenticatedAuthenticationToken (sub)classes.
|
||||
*/
|
||||
public boolean supports(Class authentication) {
|
||||
return PreAuthenticatedAuthenticationToken.class.isAssignableFrom(authentication);
|
||||
|
|
|
@ -15,20 +15,22 @@ public abstract class FilterChainOrder {
|
|||
*/
|
||||
public static final int FILTER_CHAIN_FIRST = Ordered.HIGHEST_PRECEDENCE + 1000;
|
||||
private static final int INTERVAL = 100;
|
||||
private static int i = 1;
|
||||
|
||||
public static final int CHANNEL_PROCESSING_FILTER = FILTER_CHAIN_FIRST + INTERVAL;
|
||||
public static final int CONCURRENT_SESSION_FILTER = FILTER_CHAIN_FIRST + INTERVAL * 2;
|
||||
public static final int HTTP_SESSION_CONTEXT_FILTER = FILTER_CHAIN_FIRST + INTERVAL * 3;
|
||||
public static final int LOGOUT_FILTER = FILTER_CHAIN_FIRST + INTERVAL * 4;
|
||||
public static final int AUTH_PROCESSING_FILTER = FILTER_CHAIN_FIRST + INTERVAL * 5;
|
||||
public static final int CAS_PROCESSING_FILTER = FILTER_CHAIN_FIRST + INTERVAL * 5;
|
||||
public static final int LOGIN_PAGE_FILTER = FILTER_CHAIN_FIRST + INTERVAL * 6;
|
||||
public static final int BASIC_PROCESSING_FILTER = FILTER_CHAIN_FIRST + INTERVAL * 7;
|
||||
public static final int SECURITY_CONTEXT_HOLDER_AWARE_FILTER = FILTER_CHAIN_FIRST + INTERVAL * 8;
|
||||
public static final int REMEMBER_ME_FILTER = FILTER_CHAIN_FIRST + INTERVAL * 9;
|
||||
public static final int ANON_PROCESSING_FILTER = FILTER_CHAIN_FIRST + INTERVAL * 10;
|
||||
public static final int EXCEPTION_TRANSLATION_FILTER = FILTER_CHAIN_FIRST + INTERVAL * 11;
|
||||
public static final int NTLM_FILTER = FILTER_CHAIN_FIRST + INTERVAL * 12;
|
||||
public static final int FILTER_SECURITY_INTERCEPTOR = FILTER_CHAIN_FIRST + INTERVAL * 13;
|
||||
public static final int SWITCH_USER_FILTER = FILTER_CHAIN_FIRST + INTERVAL * 14;
|
||||
public static final int CHANNEL_PROCESSING_FILTER = FILTER_CHAIN_FIRST;
|
||||
public static final int CONCURRENT_SESSION_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++;
|
||||
public static final int HTTP_SESSION_CONTEXT_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++;
|
||||
public static final int LOGOUT_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++;
|
||||
public static final int PRE_AUTH_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++;
|
||||
public static final int CAS_PROCESSING_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++;
|
||||
public static final int AUTH_PROCESSING_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++;
|
||||
public static final int LOGIN_PAGE_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++;
|
||||
public static final int BASIC_PROCESSING_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++;
|
||||
public static final int SECURITY_CONTEXT_HOLDER_AWARE_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++;
|
||||
public static final int REMEMBER_ME_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++;
|
||||
public static final int ANON_PROCESSING_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++;
|
||||
public static final int EXCEPTION_TRANSLATION_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++;
|
||||
public static final int NTLM_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++;
|
||||
public static final int FILTER_SECURITY_INTERCEPTOR = FILTER_CHAIN_FIRST + INTERVAL * i++;
|
||||
public static final int SWITCH_USER_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++;
|
||||
}
|
||||
|
|
|
@ -2,12 +2,8 @@ package org.springframework.security.ui.preauth;
|
|||
|
||||
import java.io.IOException;
|
||||
|
||||
import javax.servlet.Filter;
|
||||
import javax.servlet.FilterChain;
|
||||
import javax.servlet.FilterConfig;
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.ServletRequest;
|
||||
import javax.servlet.ServletResponse;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
|
@ -19,6 +15,7 @@ import org.springframework.security.event.authentication.InteractiveAuthenticati
|
|||
import org.springframework.security.ui.AuthenticationDetailsSource;
|
||||
import org.springframework.security.ui.AuthenticationDetailsSourceImpl;
|
||||
import org.springframework.security.ui.AbstractProcessingFilter;
|
||||
import org.springframework.security.ui.SpringSecurityFilter;
|
||||
import org.springframework.security.context.SecurityContextHolder;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
|
@ -29,16 +26,16 @@ import org.springframework.context.ApplicationEventPublisherAware;
|
|||
import org.springframework.util.Assert;
|
||||
|
||||
/**
|
||||
* Base class for processing filters that handle pre-authenticated
|
||||
* authentication requests. Subclasses must implement the
|
||||
* getPreAuthenticatedPrincipal() and getPreAuthenticatedCredentials() methods.
|
||||
* <p>
|
||||
* This code is partly based on
|
||||
* {@link org.springframework.security.ui.x509.X509ProcessingFilter}.
|
||||
* </p>
|
||||
* Base class for processing filters that handle pre-authenticated authentication requests. Subclasses must implement
|
||||
* the getPreAuthenticatedPrincipal() and getPreAuthenticatedCredentials() methods.
|
||||
*
|
||||
* @author Ruud Senden
|
||||
* @since 2.0
|
||||
*/
|
||||
public abstract class AbstractPreAuthenticatedProcessingFilter implements Filter, InitializingBean, ApplicationEventPublisherAware {
|
||||
private static final Log LOG = LogFactory.getLog(AbstractPreAuthenticatedProcessingFilter.class);
|
||||
public abstract class AbstractPreAuthenticatedProcessingFilter extends SpringSecurityFilter implements
|
||||
InitializingBean, ApplicationEventPublisherAware {
|
||||
|
||||
private static final Log LOG = LogFactory.getLog(AbstractPreAuthenticatedProcessingFilter.class);
|
||||
|
||||
private ApplicationEventPublisher eventPublisher = null;
|
||||
|
||||
|
@ -54,37 +51,21 @@ public abstract class AbstractPreAuthenticatedProcessingFilter implements Filter
|
|||
}
|
||||
|
||||
/**
|
||||
* Try to authenticate a pre-authenticated user with Acegi if the user has
|
||||
* not yet been authenticated.
|
||||
* Try to authenticate a pre-authenticated user with Spring Security if the user has not yet been authenticated.
|
||||
*/
|
||||
public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException {
|
||||
if (!(request instanceof HttpServletRequest)) {
|
||||
throw new ServletException("Can only process HttpServletRequest");
|
||||
}
|
||||
if (!(response instanceof HttpServletResponse)) {
|
||||
throw new ServletException("Can only process HttpServletResponse");
|
||||
}
|
||||
|
||||
HttpServletRequest httpRequest = (HttpServletRequest) request;
|
||||
HttpServletResponse httpResponse = (HttpServletResponse) response;
|
||||
|
||||
public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException {
|
||||
if (LOG.isDebugEnabled()) {
|
||||
LOG.debug("Checking secure context token: " + SecurityContextHolder.getContext().getAuthentication());
|
||||
}
|
||||
|
||||
if (SecurityContextHolder.getContext().getAuthentication() == null) {
|
||||
doAuthenticate(httpRequest, httpResponse);
|
||||
doAuthenticate(request, response);
|
||||
}
|
||||
filterChain.doFilter(request, response);
|
||||
}
|
||||
|
||||
/**
|
||||
* Do the actual authentication for a pre-authenticated user.
|
||||
*
|
||||
* @param httpRequest
|
||||
* The HttpServletRequest object
|
||||
* @param httpResponse
|
||||
* The HttpServletResponse object
|
||||
*/
|
||||
private void doAuthenticate(HttpServletRequest httpRequest, HttpServletResponse httpResponse) {
|
||||
Authentication authResult = null;
|
||||
|
@ -126,9 +107,10 @@ public abstract class AbstractPreAuthenticatedProcessingFilter implements Filter
|
|||
* when authentication fails.
|
||||
*/
|
||||
protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed) {
|
||||
SecurityContextHolder.getContext().setAuthentication(null);
|
||||
if (LOG.isDebugEnabled()) {
|
||||
LOG.debug("Updated SecurityContextHolder to contain null Authentication due to exception", failed);
|
||||
SecurityContextHolder.clearContext();
|
||||
|
||||
if (LOG.isDebugEnabled()) {
|
||||
LOG.debug("Cleared security context due to exception", failed);
|
||||
}
|
||||
request.getSession().setAttribute(AbstractProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY, failed);
|
||||
}
|
||||
|
@ -158,18 +140,6 @@ public abstract class AbstractPreAuthenticatedProcessingFilter implements Filter
|
|||
this.authenticationManager = authenticationManager;
|
||||
}
|
||||
|
||||
/**
|
||||
* Required method, does nothing.
|
||||
*/
|
||||
public void init(FilterConfig filterConfig) {
|
||||
}
|
||||
|
||||
/**
|
||||
* Required method, does nothing.
|
||||
*/
|
||||
public void destroy() {
|
||||
}
|
||||
|
||||
protected abstract Object getPreAuthenticatedPrincipal(HttpServletRequest httpRequest);
|
||||
|
||||
protected abstract Object getPreAuthenticatedCredentials(HttpServletRequest httpRequest);
|
||||
|
|
|
@ -33,4 +33,8 @@ public class J2eePreAuthenticatedProcessingFilter extends AbstractPreAuthenticat
|
|||
protected Object getPreAuthenticatedCredentials(HttpServletRequest httpRequest) {
|
||||
return "N/A";
|
||||
}
|
||||
|
||||
public int getOrder() {
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -2,13 +2,13 @@ package org.springframework.security.ui.preauth;
|
|||
|
||||
import org.springframework.security.context.SecurityContextHolder;
|
||||
import org.springframework.security.MockAuthenticationManager;
|
||||
import org.springframework.security.ui.FilterChainOrder;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import org.springframework.mock.web.MockFilterChain;
|
||||
import org.springframework.mock.web.MockFilterConfig;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
|
||||
|
@ -17,8 +17,7 @@ public class PreAuthenticatedProcessingFilterTests extends TestCase {
|
|||
SecurityContextHolder.clearContext();
|
||||
}
|
||||
|
||||
public void testAfterPropertiesSet()
|
||||
{
|
||||
public void testAfterPropertiesSet() {
|
||||
ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter();
|
||||
try {
|
||||
filter.afterPropertiesSet();
|
||||
|
@ -29,51 +28,38 @@ public class PreAuthenticatedProcessingFilterTests extends TestCase {
|
|||
}
|
||||
}
|
||||
|
||||
public void testInit() throws Exception
|
||||
{
|
||||
getFilter(true).init(new MockFilterConfig());
|
||||
// Init doesn't do anything, so nothing to test
|
||||
}
|
||||
|
||||
public void testDestroy() throws Exception
|
||||
{
|
||||
getFilter(true).destroy();
|
||||
// Destroy doesn't do anything, so nothing to test
|
||||
}
|
||||
|
||||
public final void testDoFilterAuthenticated() throws Exception
|
||||
{
|
||||
public final void testDoFilterAuthenticated() throws Exception {
|
||||
testDoFilter(true);
|
||||
}
|
||||
|
||||
public final void testDoFilterUnauthenticated() throws Exception
|
||||
{
|
||||
public final void testDoFilterUnauthenticated() throws Exception {
|
||||
testDoFilter(false);
|
||||
}
|
||||
|
||||
private final void testDoFilter(boolean grantAccess) throws Exception
|
||||
{
|
||||
private final void testDoFilter(boolean grantAccess) throws Exception {
|
||||
MockHttpServletRequest req = new MockHttpServletRequest();
|
||||
MockHttpServletResponse res = new MockHttpServletResponse();
|
||||
getFilter(grantAccess).doFilter(req,res,new MockFilterChain());
|
||||
assertEquals(grantAccess,null!= SecurityContextHolder.getContext().getAuthentication());
|
||||
}
|
||||
|
||||
private static final ConcretePreAuthenticatedProcessingFilter getFilter(boolean grantAccess) throws Exception
|
||||
{
|
||||
private static final ConcretePreAuthenticatedProcessingFilter getFilter(boolean grantAccess) throws Exception {
|
||||
ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter();
|
||||
filter.setAuthenticationManager(new MockAuthenticationManager(grantAccess));
|
||||
filter.afterPropertiesSet();
|
||||
return filter;
|
||||
}
|
||||
|
||||
private static final class ConcretePreAuthenticatedProcessingFilter extends AbstractPreAuthenticatedProcessingFilter
|
||||
{
|
||||
private static final class ConcretePreAuthenticatedProcessingFilter extends AbstractPreAuthenticatedProcessingFilter {
|
||||
protected Object getPreAuthenticatedPrincipal(HttpServletRequest httpRequest) {
|
||||
return "testPrincipal";
|
||||
}
|
||||
protected Object getPreAuthenticatedCredentials(HttpServletRequest httpRequest) {
|
||||
return "testCredentials";
|
||||
}
|
||||
}
|
||||
|
||||
public int getOrder() {
|
||||
return FilterChainOrder.PRE_AUTH_FILTER;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue