Add alwaysUseDefaultTargetUrl feature to AbstractProcessingFilter.

2004-11-22 21:38:14 +00:00 · 2004-11-22 21:38:14 +00:00 · 89eed486e2
parent 3b7453d243
commit 89eed486e2
3 changed files with 55 additions and 0 deletions
--- a/core/src/main/java/org/acegisecurity/ui/AbstractProcessingFilter.java
+++ b/core/src/main/java/org/acegisecurity/ui/AbstractProcessingFilter.java
@ -81,6 +81,12 @@ import javax.servlet.http.HttpServletResponse;
 * <code>filterProcessesUrl</code> indicates the URL that this filter will
 * respond to. This parameter varies by subclass.
 * </li>
+ * <li>
+ * <code>alwaysUseDefaultTargetUrl</code> causes successful authentication to
+ * always redirect to the <code>defaultTargetUrl</code>, even if the
+ * <code>HttpSession</code> attribute named {@link
+ * #ACEGI_SECURITY_TARGET_URL_KEY} defines the intended target URL.
+ * </li>
 * </ul>
 * 
 *
@ -145,8 +151,23 @@ public abstract class AbstractProcessingFilter implements Filter,
     */
    private String filterProcessesUrl = getDefaultFilterProcessesUrl();

+    /**
+     * If <code>true</code>, will always redirect to {@link #defaultTargetUrl}
+     * upon successful authentication, irrespective of the page that caused
+     * the authentication request (defualts to <code>false</code>).
+     */
+    private boolean alwaysUseDefaultTargetUrl = false;
+
    //~ Methods ================================================================

+    public void setAlwaysUseDefaultTargetUrl(boolean alwaysUseDefaultTargetUrl) {
+        this.alwaysUseDefaultTargetUrl = alwaysUseDefaultTargetUrl;
+    }
+
+    public boolean isAlwaysUseDefaultTargetUrl() {
+        return alwaysUseDefaultTargetUrl;
+    }
+
    /**
     * Specifies the default <code>filterProcessesUrl</code> for the
     * implementation.
@ -348,6 +369,10 @@ public abstract class AbstractProcessingFilter implements Filter,
            String targetUrl = (String) httpRequest.getSession().getAttribute(ACEGI_SECURITY_TARGET_URL_KEY);
            httpRequest.getSession().removeAttribute(ACEGI_SECURITY_TARGET_URL_KEY);

+            if (alwaysUseDefaultTargetUrl == true) {
+                targetUrl = null;
+            }
+
            if (targetUrl == null) {
                targetUrl = httpRequest.getContextPath() + defaultTargetUrl;
            }
--- a/core/src/test/java/org/acegisecurity/ui/AbstractProcessingFilterTests.java
+++ b/core/src/test/java/org/acegisecurity/ui/AbstractProcessingFilterTests.java
@ -345,6 +345,35 @@ public class AbstractProcessingFilterTests extends TestCase {
        assertTrue(request.getSession().getAttribute(HttpSessionIntegrationFilter.ACEGI_SECURITY_AUTHENTICATION_KEY) == null);
    }

+    public void testSuccessfulAuthenticationButWithAlwaysUseDefaultTargetUrlCausesRedirectToDefaultTargetUrl()
+        throws Exception {
+        // Setup our HTTP request
+        MockHttpServletRequest request = new MockHttpServletRequest("");
+        request.setServletPath("/j_mock_post");
+        request.setRequestURL("http://www.example.com/mycontext/j_mock_post");
+        request.getSession().setAttribute(AbstractProcessingFilter.ACEGI_SECURITY_TARGET_URL_KEY,
+            "/my-destination");
+
+        // Setup our filter configuration
+        MockFilterConfig config = new MockFilterConfig();
+
+        // Setup our expectation that the filter chain will be invoked, as we want to go to the location requested in the session
+        MockFilterChain chain = new MockFilterChain(true);
+        MockHttpServletResponse response = new MockHttpServletResponse();
+
+        // Setup our test object, to grant access
+        MockAbstractProcessingFilter filter = new MockAbstractProcessingFilter(true);
+        filter.setFilterProcessesUrl("/j_mock_post");
+        filter.setDefaultTargetUrl("/foobar");
+        filter.setAlwaysUseDefaultTargetUrl(true);
+
+        // Test
+        executeFilterInContainerSimulator(config, filter, request, response,
+            chain);
+        assertEquals("/foobar", response.getRedirect());
+        assertTrue(request.getSession().getAttribute(HttpSessionIntegrationFilter.ACEGI_SECURITY_AUTHENTICATION_KEY) != null);
+    }
+
    public void testSuccessfulAuthenticationCausesRedirectToSessionSpecifiedUrl()
        throws Exception {
        // Setup our HTTP request
--- a/doc/xdocs/changes.xml
+++ b/doc/xdocs/changes.xml
@ -42,6 +42,7 @@
      <action dev="benalex" type="add">Added net.sf.acegisecurity.intercept.event package</action>
      <action dev="benalex" type="add">Added BasicAclExtendedDao interface and JdbcExtendedDaoImpl for ACL CRUD</action>
      <action dev="benalex" type="add">Added additional remoting protocol demonstrations to Contacts sample</action>
+      <action dev="benalex" type="add">Added AbstractProcessingFilter property to always use defaultTargetUrl</action>
      <action dev="benalex" type="update">Improved BasicAclProvider to only respond to specified ACL object requests</action>
      <action dev="benalex" type="update">Refactored MethodDefinitionSource to work with Method, not MethodInvocation</action>
      <action dev="benalex" type="update">Refactored AbstractSecurityInterceptor to better support other AOP libraries</action>