Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SEC-576: Tidying.

This commit is contained in:
Luke Taylor 2008-01-22 15:07:37 +00:00
parent c8b9f24038
commit 7854e36029
5 changed files with 54 additions and 93 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
core/src/main/java/org/springframework/security/providers/preauth/PreAuthenticatedAuthenticationProvider.java
View File

@ -14,7 +14,7 @@ import org.springframework.util.Assert;
/**
* <p>
* Processes a pre-authenticated authentication request. The request will
* typically originate from a {@link AbstractPreAuthenticatedProcessingFilter}
* typically originate from a {@link org.springframework.security.ui.preauth.AbstractPreAuthenticatedProcessingFilter}
* subclass.
* </p>
*
@ -55,8 +55,8 @@ public class PreAuthenticatedAuthenticationProvider implements AuthenticationPro
if (ud == null) {
return null;
}
PreAuthenticatedAuthenticationToken result = new PreAuthenticatedAuthenticationToken(ud, authentication.getCredentials(), ud
.getAuthorities());
PreAuthenticatedAuthenticationToken result =
new PreAuthenticatedAuthenticationToken(ud, authentication.getCredentials(), ud.getAuthorities());
result.setDetails(authentication.getDetails());
return result;
@ -64,8 +64,7 @@ public class PreAuthenticatedAuthenticationProvider implements AuthenticationPro
}
/**
* Indicate that this provider only supports
* PreAuthenticatedAuthenticationToken (sub)classes.
* Indicate that this provider only supports PreAuthenticatedAuthenticationToken (sub)classes.
*/
public boolean supports(Class authentication) {
return PreAuthenticatedAuthenticationToken.class.isAssignableFrom(authentication);

32
core/src/main/java/org/springframework/security/ui/FilterChainOrder.java
View File

@ -15,20 +15,22 @@ public abstract class FilterChainOrder {
*/
public static final int FILTER_CHAIN_FIRST = Ordered.HIGHEST_PRECEDENCE + 1000;
private static final int INTERVAL = 100;
private static int i = 1;
public static final int CHANNEL_PROCESSING_FILTER = FILTER_CHAIN_FIRST + INTERVAL;
public static final int CONCURRENT_SESSION_FILTER = FILTER_CHAIN_FIRST + INTERVAL * 2;
public static final int HTTP_SESSION_CONTEXT_FILTER = FILTER_CHAIN_FIRST + INTERVAL * 3;
public static final int LOGOUT_FILTER = FILTER_CHAIN_FIRST + INTERVAL * 4;
public static final int AUTH_PROCESSING_FILTER = FILTER_CHAIN_FIRST + INTERVAL * 5;
public static final int CAS_PROCESSING_FILTER = FILTER_CHAIN_FIRST + INTERVAL * 5;
public static final int LOGIN_PAGE_FILTER = FILTER_CHAIN_FIRST + INTERVAL * 6;
public static final int BASIC_PROCESSING_FILTER = FILTER_CHAIN_FIRST + INTERVAL * 7;
public static final int SECURITY_CONTEXT_HOLDER_AWARE_FILTER = FILTER_CHAIN_FIRST + INTERVAL * 8;
public static final int REMEMBER_ME_FILTER = FILTER_CHAIN_FIRST + INTERVAL * 9;
public static final int ANON_PROCESSING_FILTER = FILTER_CHAIN_FIRST + INTERVAL * 10;
public static final int EXCEPTION_TRANSLATION_FILTER = FILTER_CHAIN_FIRST + INTERVAL * 11;
public static final int NTLM_FILTER = FILTER_CHAIN_FIRST + INTERVAL * 12;
public static final int FILTER_SECURITY_INTERCEPTOR = FILTER_CHAIN_FIRST + INTERVAL * 13;
public static final int SWITCH_USER_FILTER = FILTER_CHAIN_FIRST + INTERVAL * 14;
public static final int CHANNEL_PROCESSING_FILTER = FILTER_CHAIN_FIRST;
public static final int CONCURRENT_SESSION_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++;
public static final int HTTP_SESSION_CONTEXT_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++;
public static final int LOGOUT_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++;
public static final int PRE_AUTH_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++;
public static final int CAS_PROCESSING_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++;
public static final int AUTH_PROCESSING_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++;
public static final int LOGIN_PAGE_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++;
public static final int BASIC_PROCESSING_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++;
public static final int SECURITY_CONTEXT_HOLDER_AWARE_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++;
public static final int REMEMBER_ME_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++;
public static final int ANON_PROCESSING_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++;
public static final int EXCEPTION_TRANSLATION_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++;
public static final int NTLM_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++;
public static final int FILTER_SECURITY_INTERCEPTOR = FILTER_CHAIN_FIRST + INTERVAL * i++;
public static final int SWITCH_USER_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++;
}

64
core/src/main/java/org/springframework/security/ui/preauth/AbstractPreAuthenticatedProcessingFilter.java
View File

@ -2,12 +2,8 @@ package org.springframework.security.ui.preauth;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@ -19,6 +15,7 @@ import org.springframework.security.event.authentication.InteractiveAuthenticati
import org.springframework.security.ui.AuthenticationDetailsSource;
import org.springframework.security.ui.AuthenticationDetailsSourceImpl;
import org.springframework.security.ui.AbstractProcessingFilter;
import org.springframework.security.ui.SpringSecurityFilter;
import org.springframework.security.context.SecurityContextHolder;
import org.apache.commons.logging.Log;
@ -29,16 +26,16 @@ import org.springframework.context.ApplicationEventPublisherAware;
import org.springframework.util.Assert;
/**
* Base class for processing filters that handle pre-authenticated
* authentication requests. Subclasses must implement the
* getPreAuthenticatedPrincipal() and getPreAuthenticatedCredentials() methods.
* <p>
* This code is partly based on
* {@link org.springframework.security.ui.x509.X509ProcessingFilter}.
* </p>
* Base class for processing filters that handle pre-authenticated authentication requests. Subclasses must implement
* the getPreAuthenticatedPrincipal() and getPreAuthenticatedCredentials() methods.
*
* @author Ruud Senden
* @since 2.0
*/
public abstract class AbstractPreAuthenticatedProcessingFilter implements Filter, InitializingBean, ApplicationEventPublisherAware {
private static final Log LOG = LogFactory.getLog(AbstractPreAuthenticatedProcessingFilter.class);
public abstract class AbstractPreAuthenticatedProcessingFilter extends SpringSecurityFilter implements
InitializingBean, ApplicationEventPublisherAware {
private static final Log LOG = LogFactory.getLog(AbstractPreAuthenticatedProcessingFilter.class);
private ApplicationEventPublisher eventPublisher = null;
@ -54,37 +51,21 @@ public abstract class AbstractPreAuthenticatedProcessingFilter implements Filter
}
/**
* Try to authenticate a pre-authenticated user with Acegi if the user has
* not yet been authenticated.
* Try to authenticate a pre-authenticated user with Spring Security if the user has not yet been authenticated.
*/
public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException {
if (!(request instanceof HttpServletRequest)) {
throw new ServletException("Can only process HttpServletRequest");
}
if (!(response instanceof HttpServletResponse)) {
throw new ServletException("Can only process HttpServletResponse");
}
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException {
if (LOG.isDebugEnabled()) {
LOG.debug("Checking secure context token: " + SecurityContextHolder.getContext().getAuthentication());
}
if (SecurityContextHolder.getContext().getAuthentication() == null) {
doAuthenticate(httpRequest, httpResponse);
doAuthenticate(request, response);
}
filterChain.doFilter(request, response);
}
/**
* Do the actual authentication for a pre-authenticated user.
*
* @param httpRequest
* The HttpServletRequest object
* @param httpResponse
* The HttpServletResponse object
*/
private void doAuthenticate(HttpServletRequest httpRequest, HttpServletResponse httpResponse) {
Authentication authResult = null;
@ -126,9 +107,10 @@ public abstract class AbstractPreAuthenticatedProcessingFilter implements Filter
* when authentication fails.
*/
protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed) {
SecurityContextHolder.getContext().setAuthentication(null);
if (LOG.isDebugEnabled()) {
LOG.debug("Updated SecurityContextHolder to contain null Authentication due to exception", failed);
SecurityContextHolder.clearContext();
if (LOG.isDebugEnabled()) {
LOG.debug("Cleared security context due to exception", failed);
}
request.getSession().setAttribute(AbstractProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY, failed);
}
@ -158,18 +140,6 @@ public abstract class AbstractPreAuthenticatedProcessingFilter implements Filter
this.authenticationManager = authenticationManager;
}
/**
* Required method, does nothing.
*/
public void init(FilterConfig filterConfig) {
}
/**
* Required method, does nothing.
*/
public void destroy() {
}
protected abstract Object getPreAuthenticatedPrincipal(HttpServletRequest httpRequest);
protected abstract Object getPreAuthenticatedCredentials(HttpServletRequest httpRequest);

4
core/src/main/java/org/springframework/security/ui/preauth/j2ee/J2eePreAuthenticatedProcessingFilter.java
View File

@ -33,4 +33,8 @@ public class J2eePreAuthenticatedProcessingFilter extends AbstractPreAuthenticat
protected Object getPreAuthenticatedCredentials(HttpServletRequest httpRequest) {
return "N/A";
}
public int getOrder() {
return 0;
}
}

38
core/src/test/java/org/springframework/security/ui/preauth/PreAuthenticatedProcessingFilterTests.java
View File

@ -2,13 +2,13 @@ package org.springframework.security.ui.preauth;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.MockAuthenticationManager;
import org.springframework.security.ui.FilterChainOrder;
import javax.servlet.http.HttpServletRequest;
import junit.framework.TestCase;
import org.springframework.mock.web.MockFilterChain;
import org.springframework.mock.web.MockFilterConfig;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
@ -17,8 +17,7 @@ public class PreAuthenticatedProcessingFilterTests extends TestCase {
SecurityContextHolder.clearContext();
}
public void testAfterPropertiesSet()
{
public void testAfterPropertiesSet() {
ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter();
try {
filter.afterPropertiesSet();
@ -28,52 +27,39 @@ public class PreAuthenticatedProcessingFilterTests extends TestCase {
fail("AfterPropertiesSet throws unexpected exception");
}
}
public void testInit() throws Exception
{
getFilter(true).init(new MockFilterConfig());
// Init doesn't do anything, so nothing to test
}
public void testDestroy() throws Exception
{
getFilter(true).destroy();
// Destroy doesn't do anything, so nothing to test
}
public final void testDoFilterAuthenticated() throws Exception
{
public final void testDoFilterAuthenticated() throws Exception {
testDoFilter(true);
}
public final void testDoFilterUnauthenticated() throws Exception
{
public final void testDoFilterUnauthenticated() throws Exception {
testDoFilter(false);
}
private final void testDoFilter(boolean grantAccess) throws Exception
{
private final void testDoFilter(boolean grantAccess) throws Exception {
MockHttpServletRequest req = new MockHttpServletRequest();
MockHttpServletResponse res = new MockHttpServletResponse();
getFilter(grantAccess).doFilter(req,res,new MockFilterChain());
assertEquals(grantAccess,null!= SecurityContextHolder.getContext().getAuthentication());
}
private static final ConcretePreAuthenticatedProcessingFilter getFilter(boolean grantAccess) throws Exception
{
private static final ConcretePreAuthenticatedProcessingFilter getFilter(boolean grantAccess) throws Exception {
ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter();
filter.setAuthenticationManager(new MockAuthenticationManager(grantAccess));
filter.afterPropertiesSet();
return filter;
}
private static final class ConcretePreAuthenticatedProcessingFilter extends AbstractPreAuthenticatedProcessingFilter
{
private static final class ConcretePreAuthenticatedProcessingFilter extends AbstractPreAuthenticatedProcessingFilter {
protected Object getPreAuthenticatedPrincipal(HttpServletRequest httpRequest) {
return "testPrincipal";
}
protected Object getPreAuthenticatedCredentials(HttpServletRequest httpRequest) {
return "testCredentials";
}
}
public int getOrder() {
return FilterChainOrder.PRE_AUTH_FILTER;
}
}
}