diff --git a/web/src/main/java/org/springframework/security/web/authentication/ott/OneTimeTokenAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/ott/OneTimeTokenAuthenticationFilter.java index ba2930e491..ab5f54d4d7 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/ott/OneTimeTokenAuthenticationFilter.java +++ b/web/src/main/java/org/springframework/security/web/authentication/ott/OneTimeTokenAuthenticationFilter.java @@ -16,19 +16,8 @@ package org.springframework.security.web.authentication.ott; -import java.io.IOException; - -import jakarta.servlet.ServletException; -import jakarta.servlet.http.HttpServletRequest; -import jakarta.servlet.http.HttpServletResponse; - -import org.springframework.security.authentication.BadCredentialsException; -import org.springframework.security.core.Authentication; -import org.springframework.security.core.AuthenticationException; import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter; -import org.springframework.security.web.authentication.AuthenticationConverter; import org.springframework.security.web.util.matcher.AntPathRequestMatcher; -import org.springframework.util.Assert; /** * Filter that processes a one-time token for log in. @@ -43,31 +32,9 @@ public final class OneTimeTokenAuthenticationFilter extends AbstractAuthenticati public static final String DEFAULT_LOGIN_PROCESSING_URL = "/login/ott"; - private AuthenticationConverter authenticationConverter = new OneTimeTokenAuthenticationConverter(); - public OneTimeTokenAuthenticationFilter() { super(new AntPathRequestMatcher(DEFAULT_LOGIN_PROCESSING_URL, "POST")); - } - - @Override - public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) - throws AuthenticationException, IOException, ServletException { - Authentication authentication = this.authenticationConverter.convert(request); - if (authentication == null) { - throw new BadCredentialsException("Unable to authenticate with the one-time token"); - } - return getAuthenticationManager().authenticate(authentication); - } - - /** - * Use this {@link AuthenticationConverter} when converting incoming requests to an - * {@link Authentication}. By default, the {@link OneTimeTokenAuthenticationConverter} - * is used. - * @param authenticationConverter the {@link AuthenticationConverter} to use - */ - public void setAuthenticationConverter(AuthenticationConverter authenticationConverter) { - Assert.notNull(authenticationConverter, "authenticationConverter cannot be null"); - this.authenticationConverter = authenticationConverter; + setAuthenticationConverter(new OneTimeTokenAuthenticationConverter()); } } diff --git a/web/src/test/java/org/springframework/security/web/authentication/ott/OneTimeTokenAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/ott/OneTimeTokenAuthenticationFilterTests.java index 3fc3ec70de..35eb863bf3 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/ott/OneTimeTokenAuthenticationFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/ott/OneTimeTokenAuthenticationFilterTests.java @@ -95,10 +95,10 @@ class OneTimeTokenAuthenticationFilterTests { } @Test - void doFilterWhenMissingTokenThenUnauthorized() throws ServletException, IOException { - this.filter.doFilter(post("/login/ott").buildRequest(new MockServletContext()), this.response, this.chain); - assertThat(this.response.getStatus()).isEqualTo(HttpStatus.UNAUTHORIZED.value()); - verifyNoInteractions(this.chain); + void doFilterWhenMissingTokenThenPropagatesRequest() throws ServletException, IOException { + FilterChain chain = mock(FilterChain.class); + this.filter.doFilter(post("/login/ott").buildRequest(new MockServletContext()), this.response, chain); + verify(chain).doFilter(any(), any()); } @Test