Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SEC-591: Removed default NullRememberMeServices in RememberMeProcessingFilter

This commit is contained in:
Luke Taylor 2007-11-06 21:43:37 +00:00
parent 4c44bd782f
commit 7ad8e2acf0
2 changed files with 23 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
core/src/main/java/org/springframework/security/ui/rememberme/RememberMeProcessingFilter.java
View File

@ -18,31 +18,23 @@ package org.springframework.security.ui.rememberme;
import org.springframework.security.Authentication; import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationException; import org.springframework.security.AuthenticationException;
import org.springframework.security.AuthenticationManager; import org.springframework.security.AuthenticationManager;
import org.springframework.security.context.SecurityContextHolder; import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.event.authentication.InteractiveAuthenticationSuccessEvent; import org.springframework.security.event.authentication.InteractiveAuthenticationSuccessEvent;
import org.springframework.security.ui.FilterChainOrderUtils;
import org.springframework.security.ui.SpringSecurityFilter;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.ApplicationEventPublisherAware;
import org.springframework.util.Assert;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.ApplicationEventPublisherAware;
import org.springframework.util.Assert;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain; import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException; import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/** /**
@ -64,7 +56,8 @@ import javax.servlet.http.HttpServletResponse;
* @author Ben Alex * @author Ben Alex
* @version $Id$ * @version $Id$
*/ */
public class RememberMeProcessingFilter implements Filter, InitializingBean, ApplicationEventPublisherAware { public class RememberMeProcessingFilter extends SpringSecurityFilter implements InitializingBean,
ApplicationEventPublisherAware {
//~ Static fields/initializers ===================================================================================== //~ Static fields/initializers =====================================================================================
private static final Log logger = LogFactory.getLog(RememberMeProcessingFilter.class); private static final Log logger = LogFactory.getLog(RememberMeProcessingFilter.class);
@ -73,35 +66,20 @@ public class RememberMeProcessingFilter implements Filter, InitializingBean, App
private ApplicationEventPublisher eventPublisher; private ApplicationEventPublisher eventPublisher;
private AuthenticationManager authenticationManager; private AuthenticationManager authenticationManager;
private RememberMeServices rememberMeServices = new NullRememberMeServices(); private RememberMeServices rememberMeServices;
//~ Methods ======================================================================================================== //~ Methods ========================================================================================================
public void afterPropertiesSet() throws Exception { public void afterPropertiesSet() throws Exception {
Assert.notNull(authenticationManager, "authenticationManager must be specified"); Assert.notNull(authenticationManager, "authenticationManager must be specified");
Assert.notNull(this.rememberMeServices); Assert.notNull(rememberMeServices, "rememberMeServices must be specified");
} }
/** public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
* Does nothing - we rely on IoC lifecycle services instead.
*/
public void destroy() {}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException { throws IOException, ServletException {
if (!(request instanceof HttpServletRequest)) {
throw new ServletException("Can only process HttpServletRequest");
}
if (!(response instanceof HttpServletResponse)) {
throw new ServletException("Can only process HttpServletResponse");
}
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
if (SecurityContextHolder.getContext().getAuthentication() == null) { if (SecurityContextHolder.getContext().getAuthentication() == null) {
Authentication rememberMeAuth = rememberMeServices.autoLogin(httpRequest, httpResponse); Authentication rememberMeAuth = rememberMeServices.autoLogin(request, response);
if (rememberMeAuth != null) { if (rememberMeAuth != null) {
// Attempt authenticaton via AuthenticationManager // Attempt authenticaton via AuthenticationManager
@ -128,7 +106,7 @@ public class RememberMeProcessingFilter implements Filter, InitializingBean, App
+ rememberMeAuth + "'; invalidating remember-me token", authenticationException); + rememberMeAuth + "'; invalidating remember-me token", authenticationException);
} }
rememberMeServices.loginFail(httpRequest, httpResponse); rememberMeServices.loginFail(request, response);
} }
} }
@ -147,15 +125,6 @@ public class RememberMeProcessingFilter implements Filter, InitializingBean, App
return rememberMeServices; return rememberMeServices;
} }
/**
* Does nothing - we rely on IoC lifecycle services instead.
*
* @param ignored not used
*
* @throws ServletException DOCUMENT ME!
*/
public void init(FilterConfig ignored) throws ServletException {}
public void setApplicationEventPublisher(ApplicationEventPublisher eventPublisher) { public void setApplicationEventPublisher(ApplicationEventPublisher eventPublisher) {
this.eventPublisher = eventPublisher; this.eventPublisher = eventPublisher;
} }
@ -168,4 +137,7 @@ public class RememberMeProcessingFilter implements Filter, InitializingBean, App
this.rememberMeServices = rememberMeServices; this.rememberMeServices = rememberMeServices;
} }
public int getOrder() {
return FilterChainOrderUtils.REMEMBER_ME_FILTER_ORDER;
}
} }

21
core/src/test/java/org/springframework/security/ui/rememberme/RememberMeProcessingFilterTests.java
View File

@ -15,22 +15,17 @@
package org.springframework.security.ui.rememberme; package org.springframework.security.ui.rememberme;
import junit.framework.TestCase;
import org.springframework.security.Authentication; import org.springframework.security.Authentication;
import org.springframework.security.GrantedAuthority; import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl; import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.MockAuthenticationManager; import org.springframework.security.MockAuthenticationManager;
import org.springframework.security.MockFilterConfig; import org.springframework.security.MockFilterConfig;
import org.springframework.security.context.SecurityContextHolder; import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.providers.TestingAuthenticationToken; import org.springframework.security.providers.TestingAuthenticationToken;
import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse; import org.springframework.mock.web.MockHttpServletResponse;
import java.io.IOException; import junit.framework.TestCase;
import javax.servlet.Filter; import javax.servlet.Filter;
import javax.servlet.FilterChain; import javax.servlet.FilterChain;
@ -40,6 +35,7 @@ import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse; import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/** /**
@ -69,10 +65,6 @@ public class RememberMeProcessingFilterTests extends TestCase {
filter.destroy(); filter.destroy();
} }
public static void main(String[] args) {
junit.textui.TestRunner.run(RememberMeProcessingFilterTests.class);
}
protected void setUp() throws Exception { protected void setUp() throws Exception {
super.setUp(); super.setUp();
SecurityContextHolder.clearContext(); SecurityContextHolder.clearContext();
@ -83,10 +75,10 @@ public class RememberMeProcessingFilterTests extends TestCase {
SecurityContextHolder.clearContext(); SecurityContextHolder.clearContext();
} }
public void testDetectsAuthenticationManagerProperty() public void testDetectsAuthenticationManagerProperty() throws Exception {
throws Exception {
RememberMeProcessingFilter filter = new RememberMeProcessingFilter(); RememberMeProcessingFilter filter = new RememberMeProcessingFilter();
filter.setAuthenticationManager(new MockAuthenticationManager()); filter.setAuthenticationManager(new MockAuthenticationManager());
filter.setRememberMeServices(new NullRememberMeServices());
filter.afterPropertiesSet(); filter.afterPropertiesSet();
assertTrue(true); assertTrue(true);
@ -101,13 +93,12 @@ public class RememberMeProcessingFilterTests extends TestCase {
} }
} }
public void testDetectsRememberMeServicesProperty() public void testDetectsRememberMeServicesProperty() throws Exception {
throws Exception {
RememberMeProcessingFilter filter = new RememberMeProcessingFilter(); RememberMeProcessingFilter filter = new RememberMeProcessingFilter();
filter.setAuthenticationManager(new MockAuthenticationManager()); filter.setAuthenticationManager(new MockAuthenticationManager());
// check default is NullRememberMeServices // check default is NullRememberMeServices
assertEquals(NullRememberMeServices.class, filter.getRememberMeServices().getClass()); // assertEquals(NullRememberMeServices.class, filter.getRememberMeServices().getClass());
// check getter/setter // check getter/setter
filter.setRememberMeServices(new TokenBasedRememberMeServices()); filter.setRememberMeServices(new TokenBasedRememberMeServices());