SEC-194: Allow remember-me services to be used with BASIC authentication.

2025-06-14 08:02:22 +00:00 · 2006-04-28 08:54:54 +00:00 · 2006-04-28 08:54:54 +00:00 · 890864ed00
commit 890864ed00
parent 9b63051149
1 changed files with 33 additions and 7 deletions
--- a/core/src/main/java/org/acegisecurity/ui/basicauth/BasicProcessingFilter.java
+++ b/core/src/main/java/org/acegisecurity/ui/basicauth/BasicProcessingFilter.java
@ -26,6 +26,7 @@ import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
 import org.acegisecurity.ui.AuthenticationDetailsSource;
 import org.acegisecurity.ui.AuthenticationDetailsSourceImpl;
 import org.acegisecurity.ui.AuthenticationEntryPoint;
+import org.acegisecurity.ui.rememberme.RememberMeServices;

 import org.apache.commons.codec.binary.Base64;
 import org.apache.commons.logging.Log;
@ -98,6 +99,13 @@ import javax.servlet.http.HttpServletResponse;
 * </p>
 * 
 * <p>
+ * Note that if a {@link #rememberMeServices} is set, this filter will
+ * automatically send back remember-me details to the client. Therefore,
+ * subsequent requests will not need to present a BASIC authentication header
+ * as they will be authenticated using the remember-me mechanism.
+ * </p>
+ * 
+ * <p>
 * <b>Do not use this class directly.</b> Instead configure
 * <code>web.xml</code> to use the {@link
 * org.acegisecurity.util.FilterToBeanProxy}.
@ -113,18 +121,14 @@ public class BasicProcessingFilter implements Filter, InitializingBean {

    //~ Instance fields ========================================================

+    private AuthenticationDetailsSource authenticationDetailsSource = new AuthenticationDetailsSourceImpl();
    private AuthenticationEntryPoint authenticationEntryPoint;
    private AuthenticationManager authenticationManager;
+    private RememberMeServices rememberMeServices;
    private boolean ignoreFailure = false;
-    private AuthenticationDetailsSource authenticationDetailsSource = new AuthenticationDetailsSourceImpl();

    //~ Methods ================================================================

-    public void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource) {
-    	Assert.notNull(authenticationDetailsSource, "AuthenticationDetailsSource required");
-		this.authenticationDetailsSource = authenticationDetailsSource;
-	}
-
    public void afterPropertiesSet() throws Exception {
        Assert.notNull(this.authenticationManager,
            "An AuthenticationManager is required");
@ -145,6 +149,7 @@ public class BasicProcessingFilter implements Filter, InitializingBean {
        }

        HttpServletRequest httpRequest = (HttpServletRequest) request;
+        HttpServletResponse httpResponse = (HttpServletResponse) response;

        String header = httpRequest.getHeader("Authorization");

@ -175,7 +180,8 @@ public class BasicProcessingFilter implements Filter, InitializingBean {
                || !existingAuth.isAuthenticated()) {
                UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username,
                        password);
-                authRequest.setDetails(authenticationDetailsSource.buildDetails((HttpServletRequest) request));
+                authRequest.setDetails(authenticationDetailsSource.buildDetails(
+                        (HttpServletRequest) request));

                Authentication authResult;

@ -190,6 +196,10 @@ public class BasicProcessingFilter implements Filter, InitializingBean {

                    SecurityContextHolder.getContext().setAuthentication(null);

+                    if (rememberMeServices != null) {
+                        rememberMeServices.loginFail(httpRequest, httpResponse);
+                    }
+
                    if (ignoreFailure) {
                        chain.doFilter(request, response);
                    } else {
@ -207,6 +217,11 @@ public class BasicProcessingFilter implements Filter, InitializingBean {
                }

                SecurityContextHolder.getContext().setAuthentication(authResult);
+
+                if (rememberMeServices != null) {
+                    rememberMeServices.loginSuccess(httpRequest, httpResponse,
+                        authResult);
+                }
            }
        }

@ -227,6 +242,13 @@ public class BasicProcessingFilter implements Filter, InitializingBean {
        return ignoreFailure;
    }

+    public void setAuthenticationDetailsSource(
+        AuthenticationDetailsSource authenticationDetailsSource) {
+        Assert.notNull(authenticationDetailsSource,
+            "AuthenticationDetailsSource required");
+        this.authenticationDetailsSource = authenticationDetailsSource;
+    }
+
    public void setAuthenticationEntryPoint(
        AuthenticationEntryPoint authenticationEntryPoint) {
        this.authenticationEntryPoint = authenticationEntryPoint;
@ -240,4 +262,8 @@ public class BasicProcessingFilter implements Filter, InitializingBean {
    public void setIgnoreFailure(boolean ignoreFailure) {
        this.ignoreFailure = ignoreFailure;
    }
+
+    public void setRememberMeServices(RememberMeServices rememberMeServices) {
+        this.rememberMeServices = rememberMeServices;
+    }
 }