From 7ad8e2acf04992e6315c11abb975d51002cdc265 Mon Sep 17 00:00:00 2001 From: Luke Taylor Date: Tue, 6 Nov 2007 21:43:37 +0000 Subject: [PATCH] SEC-591: Removed default NullRememberMeServices in RememberMeProcessingFilter --- .../RememberMeProcessingFilter.java | 62 +++++-------------- .../RememberMeProcessingFilterTests.java | 21 ++----- 2 files changed, 23 insertions(+), 60 deletions(-) diff --git a/core/src/main/java/org/springframework/security/ui/rememberme/RememberMeProcessingFilter.java b/core/src/main/java/org/springframework/security/ui/rememberme/RememberMeProcessingFilter.java index 4a2824464a..f93815a5f3 100644 --- a/core/src/main/java/org/springframework/security/ui/rememberme/RememberMeProcessingFilter.java +++ b/core/src/main/java/org/springframework/security/ui/rememberme/RememberMeProcessingFilter.java @@ -18,31 +18,23 @@ package org.springframework.security.ui.rememberme; import org.springframework.security.Authentication; import org.springframework.security.AuthenticationException; import org.springframework.security.AuthenticationManager; - import org.springframework.security.context.SecurityContextHolder; - import org.springframework.security.event.authentication.InteractiveAuthenticationSuccessEvent; +import org.springframework.security.ui.FilterChainOrderUtils; +import org.springframework.security.ui.SpringSecurityFilter; +import org.springframework.beans.factory.InitializingBean; +import org.springframework.context.ApplicationEventPublisher; +import org.springframework.context.ApplicationEventPublisherAware; +import org.springframework.util.Assert; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.springframework.beans.factory.InitializingBean; - -import org.springframework.context.ApplicationEventPublisher; -import org.springframework.context.ApplicationEventPublisherAware; - -import org.springframework.util.Assert; - -import java.io.IOException; - -import javax.servlet.Filter; import javax.servlet.FilterChain; -import javax.servlet.FilterConfig; import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import java.io.IOException; /** @@ -64,7 +56,8 @@ import javax.servlet.http.HttpServletResponse; * @author Ben Alex * @version $Id$ */ -public class RememberMeProcessingFilter implements Filter, InitializingBean, ApplicationEventPublisherAware { +public class RememberMeProcessingFilter extends SpringSecurityFilter implements InitializingBean, + ApplicationEventPublisherAware { //~ Static fields/initializers ===================================================================================== private static final Log logger = LogFactory.getLog(RememberMeProcessingFilter.class); @@ -73,35 +66,20 @@ public class RememberMeProcessingFilter implements Filter, InitializingBean, App private ApplicationEventPublisher eventPublisher; private AuthenticationManager authenticationManager; - private RememberMeServices rememberMeServices = new NullRememberMeServices(); + private RememberMeServices rememberMeServices; //~ Methods ======================================================================================================== public void afterPropertiesSet() throws Exception { Assert.notNull(authenticationManager, "authenticationManager must be specified"); - Assert.notNull(this.rememberMeServices); + Assert.notNull(rememberMeServices, "rememberMeServices must be specified"); } - /** - * Does nothing - we rely on IoC lifecycle services instead. - */ - public void destroy() {} - - public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) + public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException { - if (!(request instanceof HttpServletRequest)) { - throw new ServletException("Can only process HttpServletRequest"); - } - - if (!(response instanceof HttpServletResponse)) { - throw new ServletException("Can only process HttpServletResponse"); - } - - HttpServletRequest httpRequest = (HttpServletRequest) request; - HttpServletResponse httpResponse = (HttpServletResponse) response; if (SecurityContextHolder.getContext().getAuthentication() == null) { - Authentication rememberMeAuth = rememberMeServices.autoLogin(httpRequest, httpResponse); + Authentication rememberMeAuth = rememberMeServices.autoLogin(request, response); if (rememberMeAuth != null) { // Attempt authenticaton via AuthenticationManager @@ -128,7 +106,7 @@ public class RememberMeProcessingFilter implements Filter, InitializingBean, App + rememberMeAuth + "'; invalidating remember-me token", authenticationException); } - rememberMeServices.loginFail(httpRequest, httpResponse); + rememberMeServices.loginFail(request, response); } } @@ -147,15 +125,6 @@ public class RememberMeProcessingFilter implements Filter, InitializingBean, App return rememberMeServices; } - /** - * Does nothing - we rely on IoC lifecycle services instead. - * - * @param ignored not used - * - * @throws ServletException DOCUMENT ME! - */ - public void init(FilterConfig ignored) throws ServletException {} - public void setApplicationEventPublisher(ApplicationEventPublisher eventPublisher) { this.eventPublisher = eventPublisher; } @@ -168,4 +137,7 @@ public class RememberMeProcessingFilter implements Filter, InitializingBean, App this.rememberMeServices = rememberMeServices; } + public int getOrder() { + return FilterChainOrderUtils.REMEMBER_ME_FILTER_ORDER; + } } diff --git a/core/src/test/java/org/springframework/security/ui/rememberme/RememberMeProcessingFilterTests.java b/core/src/test/java/org/springframework/security/ui/rememberme/RememberMeProcessingFilterTests.java index 926fb610be..ef95a6fcc9 100644 --- a/core/src/test/java/org/springframework/security/ui/rememberme/RememberMeProcessingFilterTests.java +++ b/core/src/test/java/org/springframework/security/ui/rememberme/RememberMeProcessingFilterTests.java @@ -15,22 +15,17 @@ package org.springframework.security.ui.rememberme; -import junit.framework.TestCase; - import org.springframework.security.Authentication; import org.springframework.security.GrantedAuthority; import org.springframework.security.GrantedAuthorityImpl; import org.springframework.security.MockAuthenticationManager; import org.springframework.security.MockFilterConfig; - import org.springframework.security.context.SecurityContextHolder; - import org.springframework.security.providers.TestingAuthenticationToken; - import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; -import java.io.IOException; +import junit.framework.TestCase; import javax.servlet.Filter; import javax.servlet.FilterChain; @@ -40,6 +35,7 @@ import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import java.io.IOException; /** @@ -69,10 +65,6 @@ public class RememberMeProcessingFilterTests extends TestCase { filter.destroy(); } - public static void main(String[] args) { - junit.textui.TestRunner.run(RememberMeProcessingFilterTests.class); - } - protected void setUp() throws Exception { super.setUp(); SecurityContextHolder.clearContext(); @@ -83,10 +75,10 @@ public class RememberMeProcessingFilterTests extends TestCase { SecurityContextHolder.clearContext(); } - public void testDetectsAuthenticationManagerProperty() - throws Exception { + public void testDetectsAuthenticationManagerProperty() throws Exception { RememberMeProcessingFilter filter = new RememberMeProcessingFilter(); filter.setAuthenticationManager(new MockAuthenticationManager()); + filter.setRememberMeServices(new NullRememberMeServices()); filter.afterPropertiesSet(); assertTrue(true); @@ -101,13 +93,12 @@ public class RememberMeProcessingFilterTests extends TestCase { } } - public void testDetectsRememberMeServicesProperty() - throws Exception { + public void testDetectsRememberMeServicesProperty() throws Exception { RememberMeProcessingFilter filter = new RememberMeProcessingFilter(); filter.setAuthenticationManager(new MockAuthenticationManager()); // check default is NullRememberMeServices - assertEquals(NullRememberMeServices.class, filter.getRememberMeServices().getClass()); + // assertEquals(NullRememberMeServices.class, filter.getRememberMeServices().getClass()); // check getter/setter filter.setRememberMeServices(new TokenBasedRememberMeServices());