Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-15 08:32:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-194: Allow remember-me services to be used with BASIC authentication.

Browse Source
This commit is contained in:
Ben Alex 2006-04-28 08:54:54 +00:00
parent 9b63051149
commit 890864ed00
1 changed files with 33 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
core/src/main/java/org/acegisecurity/ui/basicauth/BasicProcessingFilter.java
View File

@ -26,6 +26,7 @@ import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.acegisecurity.ui.AuthenticationDetailsSource; import org.acegisecurity.ui.AuthenticationDetailsSource;
import org.acegisecurity.ui.AuthenticationDetailsSourceImpl; import org.acegisecurity.ui.AuthenticationDetailsSourceImpl;
import org.acegisecurity.ui.AuthenticationEntryPoint; import org.acegisecurity.ui.AuthenticationEntryPoint;
import org.acegisecurity.ui.rememberme.RememberMeServices;
import org.apache.commons.codec.binary.Base64; import org.apache.commons.codec.binary.Base64;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
@ -98,6 +99,13 @@ import javax.servlet.http.HttpServletResponse;
* </p> * </p>
* *
* <p> * <p>
* Note that if a {@link #rememberMeServices} is set, this filter will
* automatically send back remember-me details to the client. Therefore,
* subsequent requests will not need to present a BASIC authentication header
* as they will be authenticated using the remember-me mechanism.
* </p>
*
* <p>
* <b>Do not use this class directly.</b> Instead configure * <b>Do not use this class directly.</b> Instead configure
* <code>web.xml</code> to use the {@link * <code>web.xml</code> to use the {@link
* org.acegisecurity.util.FilterToBeanProxy}. * org.acegisecurity.util.FilterToBeanProxy}.
@ -113,18 +121,14 @@ public class BasicProcessingFilter implements Filter, InitializingBean {
//~ Instance fields ======================================================== //~ Instance fields ========================================================
private AuthenticationDetailsSource authenticationDetailsSource = new AuthenticationDetailsSourceImpl();
private AuthenticationEntryPoint authenticationEntryPoint; private AuthenticationEntryPoint authenticationEntryPoint;
private AuthenticationManager authenticationManager; private AuthenticationManager authenticationManager;
private RememberMeServices rememberMeServices;
private boolean ignoreFailure = false; private boolean ignoreFailure = false;
private AuthenticationDetailsSource authenticationDetailsSource = new AuthenticationDetailsSourceImpl();
//~ Methods ================================================================ //~ Methods ================================================================
public void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource) {
Assert.notNull(authenticationDetailsSource, "AuthenticationDetailsSource required");
this.authenticationDetailsSource = authenticationDetailsSource;
}
public void afterPropertiesSet() throws Exception { public void afterPropertiesSet() throws Exception {
Assert.notNull(this.authenticationManager, Assert.notNull(this.authenticationManager,
"An AuthenticationManager is required"); "An AuthenticationManager is required");
@ -145,6 +149,7 @@ public class BasicProcessingFilter implements Filter, InitializingBean {
} }
HttpServletRequest httpRequest = (HttpServletRequest) request; HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
String header = httpRequest.getHeader("Authorization"); String header = httpRequest.getHeader("Authorization");
@ -175,7 +180,8 @@ public class BasicProcessingFilter implements Filter, InitializingBean {
|| !existingAuth.isAuthenticated()) { || !existingAuth.isAuthenticated()) {
UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username,
password); password);
authRequest.setDetails(authenticationDetailsSource.buildDetails((HttpServletRequest) request)); authRequest.setDetails(authenticationDetailsSource.buildDetails(
(HttpServletRequest) request));
Authentication authResult; Authentication authResult;
@ -190,6 +196,10 @@ public class BasicProcessingFilter implements Filter, InitializingBean {
SecurityContextHolder.getContext().setAuthentication(null); SecurityContextHolder.getContext().setAuthentication(null);
if (rememberMeServices != null) {
rememberMeServices.loginFail(httpRequest, httpResponse);
}
if (ignoreFailure) { if (ignoreFailure) {
chain.doFilter(request, response); chain.doFilter(request, response);
} else { } else {
@ -207,6 +217,11 @@ public class BasicProcessingFilter implements Filter, InitializingBean {
} }
SecurityContextHolder.getContext().setAuthentication(authResult); SecurityContextHolder.getContext().setAuthentication(authResult);
if (rememberMeServices != null) {
rememberMeServices.loginSuccess(httpRequest, httpResponse,
authResult);
}
} }
} }
@ -227,6 +242,13 @@ public class BasicProcessingFilter implements Filter, InitializingBean {
return ignoreFailure; return ignoreFailure;
} }
public void setAuthenticationDetailsSource(
AuthenticationDetailsSource authenticationDetailsSource) {
Assert.notNull(authenticationDetailsSource,
"AuthenticationDetailsSource required");
this.authenticationDetailsSource = authenticationDetailsSource;
}
public void setAuthenticationEntryPoint( public void setAuthenticationEntryPoint(
AuthenticationEntryPoint authenticationEntryPoint) { AuthenticationEntryPoint authenticationEntryPoint) {
this.authenticationEntryPoint = authenticationEntryPoint; this.authenticationEntryPoint = authenticationEntryPoint;
@ -240,4 +262,8 @@ public class BasicProcessingFilter implements Filter, InitializingBean {
public void setIgnoreFailure(boolean ignoreFailure) { public void setIgnoreFailure(boolean ignoreFailure) {
this.ignoreFailure = ignoreFailure; this.ignoreFailure = ignoreFailure;
} }
public void setRememberMeServices(RememberMeServices rememberMeServices) {
this.rememberMeServices = rememberMeServices;
}
} }