From 890864ed00fd058d191937fbfc391afe5a52475c Mon Sep 17 00:00:00 2001
From: Ben Alex <ben.alex@springsource.com>
Date: Fri, 28 Apr 2006 08:54:54 +0000
Subject: [PATCH] SEC-194: Allow remember-me services to be used with BASIC
 authentication.

---
 .../ui/basicauth/BasicProcessingFilter.java   | 40 +++++++++++++++----
 1 file changed, 33 insertions(+), 7 deletions(-)

diff --git a/core/src/main/java/org/acegisecurity/ui/basicauth/BasicProcessingFilter.java b/core/src/main/java/org/acegisecurity/ui/basicauth/BasicProcessingFilter.java
index 13eb091558..a93ce9612e 100644
--- a/core/src/main/java/org/acegisecurity/ui/basicauth/BasicProcessingFilter.java
+++ b/core/src/main/java/org/acegisecurity/ui/basicauth/BasicProcessingFilter.java
@@ -26,6 +26,7 @@ import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
 import org.acegisecurity.ui.AuthenticationDetailsSource;
 import org.acegisecurity.ui.AuthenticationDetailsSourceImpl;
 import org.acegisecurity.ui.AuthenticationEntryPoint;
+import org.acegisecurity.ui.rememberme.RememberMeServices;
 
 import org.apache.commons.codec.binary.Base64;
 import org.apache.commons.logging.Log;
@@ -98,6 +99,13 @@ import javax.servlet.http.HttpServletResponse;
  * </p>
  * 
  * <p>
+ * Note that if a {@link #rememberMeServices} is set, this filter will
+ * automatically send back remember-me details to the client. Therefore,
+ * subsequent requests will not need to present a BASIC authentication header
+ * as they will be authenticated using the remember-me mechanism.
+ * </p>
+ * 
+ * <p>
  * <b>Do not use this class directly.</b> Instead configure
  * <code>web.xml</code> to use the {@link
  * org.acegisecurity.util.FilterToBeanProxy}.
@@ -113,18 +121,14 @@ public class BasicProcessingFilter implements Filter, InitializingBean {
 
     //~ Instance fields ========================================================
 
+    private AuthenticationDetailsSource authenticationDetailsSource = new AuthenticationDetailsSourceImpl();
     private AuthenticationEntryPoint authenticationEntryPoint;
     private AuthenticationManager authenticationManager;
+    private RememberMeServices rememberMeServices;
     private boolean ignoreFailure = false;
-    private AuthenticationDetailsSource authenticationDetailsSource = new AuthenticationDetailsSourceImpl();
 
     //~ Methods ================================================================
 
-    public void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource) {
-    	Assert.notNull(authenticationDetailsSource, "AuthenticationDetailsSource required");
-		this.authenticationDetailsSource = authenticationDetailsSource;
-	}
-
     public void afterPropertiesSet() throws Exception {
         Assert.notNull(this.authenticationManager,
             "An AuthenticationManager is required");
@@ -145,6 +149,7 @@ public class BasicProcessingFilter implements Filter, InitializingBean {
         }
 
         HttpServletRequest httpRequest = (HttpServletRequest) request;
+        HttpServletResponse httpResponse = (HttpServletResponse) response;
 
         String header = httpRequest.getHeader("Authorization");
 
@@ -175,7 +180,8 @@ public class BasicProcessingFilter implements Filter, InitializingBean {
                 || !existingAuth.isAuthenticated()) {
                 UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username,
                         password);
-                authRequest.setDetails(authenticationDetailsSource.buildDetails((HttpServletRequest) request));
+                authRequest.setDetails(authenticationDetailsSource.buildDetails(
+                        (HttpServletRequest) request));
 
                 Authentication authResult;
 
@@ -190,6 +196,10 @@ public class BasicProcessingFilter implements Filter, InitializingBean {
 
                     SecurityContextHolder.getContext().setAuthentication(null);
 
+                    if (rememberMeServices != null) {
+                        rememberMeServices.loginFail(httpRequest, httpResponse);
+                    }
+
                     if (ignoreFailure) {
                         chain.doFilter(request, response);
                     } else {
@@ -207,6 +217,11 @@ public class BasicProcessingFilter implements Filter, InitializingBean {
                 }
 
                 SecurityContextHolder.getContext().setAuthentication(authResult);
+
+                if (rememberMeServices != null) {
+                    rememberMeServices.loginSuccess(httpRequest, httpResponse,
+                        authResult);
+                }
             }
         }
 
@@ -227,6 +242,13 @@ public class BasicProcessingFilter implements Filter, InitializingBean {
         return ignoreFailure;
     }
 
+    public void setAuthenticationDetailsSource(
+        AuthenticationDetailsSource authenticationDetailsSource) {
+        Assert.notNull(authenticationDetailsSource,
+            "AuthenticationDetailsSource required");
+        this.authenticationDetailsSource = authenticationDetailsSource;
+    }
+
     public void setAuthenticationEntryPoint(
         AuthenticationEntryPoint authenticationEntryPoint) {
         this.authenticationEntryPoint = authenticationEntryPoint;
@@ -240,4 +262,8 @@ public class BasicProcessingFilter implements Filter, InitializingBean {
     public void setIgnoreFailure(boolean ignoreFailure) {
         this.ignoreFailure = ignoreFailure;
     }
+
+    public void setRememberMeServices(RememberMeServices rememberMeServices) {
+        this.rememberMeServices = rememberMeServices;
+    }
 }