SEC-1406: Create a DelegatingAuthenticationEntryPoint
This commit is contained in:
Mike Wiesner
parent
d32b078a8c
commit
90d6ff1fde
|
|
@ -26,13 +26,32 @@ import javax.servlet.http.HttpServletResponse;
|
|||
import org.springframework.beans.factory.InitializingBean;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.web.AuthenticationEntryPoint;
|
||||
import org.springframework.security.web.util.ELRequestMatcher;
|
||||
import org.springframework.security.web.util.RequestMatcher;
|
||||
import org.springframework.security.web.util.RequestMatcherEditor;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
/**
|
||||
* An AuthenticationEntryPoint which selects a concrete EntryPoint based on a
|
||||
* RequestMatcher evaluation.
|
||||
*
|
||||
* <p>A configuration might look like this:</p>
|
||||
*
|
||||
* <pre>
|
||||
* <bean id="daep" class="org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint">
|
||||
* <constructor-arg>
|
||||
* <map>
|
||||
* <entry key="hasIpAddress('192.168.1.0/24') and hasHeader('User-Agent','Mozilla')" value-ref="firstAEP" />
|
||||
* <entry key="hasHeader('User-Agent','MSIE')" value-ref="secondAEP" />
|
||||
* </map>
|
||||
* </constructor-arg>
|
||||
* <property name="defaultEntryPoint" ref="defaultAEP"/>
|
||||
* </bean>
|
||||
* </pre>
|
||||
*
|
||||
* This example uses the {@link RequestMatcherEditor} which creates {@link ELRequestMatcher} instances for the map keys.
|
||||
*
|
||||
*
|
||||
* @author Mike Wiesner
|
||||
* @since 3.0.2
|
||||
* @version $Id:$
|
||||
|
|
|
|||
|
|
@ -23,8 +23,17 @@ import org.springframework.expression.Expression;
|
|||
import org.springframework.expression.spel.standard.SpelExpressionParser;
|
||||
import org.springframework.expression.spel.support.StandardEvaluationContext;
|
||||
import org.springframework.security.access.expression.ExpressionUtils;
|
||||
import org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint;
|
||||
|
||||
/**
|
||||
* A RequestMatcher implementation which uses a SpEL expression
|
||||
*
|
||||
* <p>With the default EvalutationContext ({@link ELRequestMatcherContext}) you can use
|
||||
* <code>hasIpAdress()</code> and <code>hasHeader()</code></p>
|
||||
*
|
||||
* <p>See {@link DelegatingAuthenticationEntryPoint} for a example configuration.</p>
|
||||
*
|
||||
*
|
||||
* @author Mike Wiesner
|
||||
* @since 3.0.2
|
||||
* @version $Id:$
|
||||
|
|
|
|||
|
|
@ -16,8 +16,6 @@
|
|||
package org.springframework.security.web.util;
|
||||
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
import org.springframework.util.StringUtils;
|
||||
|
|
|
|||
|
|
@ -0,0 +1,39 @@
|
|||
/*
|
||||
* Copyright 2010 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.web.util;
|
||||
|
||||
import java.beans.PropertyEditorSupport;
|
||||
|
||||
import org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint;
|
||||
|
||||
/**
|
||||
* PropertyEditor which creates ELRequestMatcher instances from Strings
|
||||
*
|
||||
* This allows to use a String in a BeanDefinition instead of an (inner) bean
|
||||
* if a RequestMatcher is required, e.g. in {@link DelegatingAuthenticationEntryPoint}
|
||||
*
|
||||
* @author Mike Wiesner
|
||||
* @since 3.0.2
|
||||
*/
|
||||
public class RequestMatcherEditor extends PropertyEditorSupport {
|
||||
|
||||
@Override
|
||||
public void setAsText(String text) throws IllegalArgumentException {
|
||||
setValue(new ELRequestMatcher(text));
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -0,0 +1,62 @@
|
|||
package org.springframework.security.web.authentication;
|
||||
|
||||
import static org.junit.Assert.*;
|
||||
import static org.mockito.Mockito.*;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.beans.factory.annotation.Qualifier;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.web.AuthenticationEntryPoint;
|
||||
import org.springframework.test.annotation.DirtiesContext;
|
||||
import org.springframework.test.context.ContextConfiguration;
|
||||
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
|
||||
|
||||
@RunWith(SpringJUnit4ClassRunner.class)
|
||||
@ContextConfiguration(locations = "classpath:org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointTest-context.xml")
|
||||
public class DelegatinAuthenticationEntryPointContextTest {
|
||||
|
||||
@Autowired
|
||||
private DelegatingAuthenticationEntryPoint daep;
|
||||
|
||||
@Autowired
|
||||
@Qualifier("firstAEP")
|
||||
private AuthenticationEntryPoint firstAEP;
|
||||
|
||||
@Autowired
|
||||
@Qualifier("defaultAEP")
|
||||
private AuthenticationEntryPoint defaultAEP;
|
||||
|
||||
@Test
|
||||
@DirtiesContext
|
||||
public void testFirstAEP() throws Exception {
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
request.setRemoteAddr("192.168.1.10");
|
||||
request.addHeader("User-Agent", "Mozilla/5.0");
|
||||
daep.commence(request, null, null);
|
||||
verify(firstAEP).commence(request, null, null);
|
||||
verify(defaultAEP, never()).commence(any(HttpServletRequest.class),
|
||||
any(HttpServletResponse.class),
|
||||
any(AuthenticationException.class));
|
||||
|
||||
}
|
||||
|
||||
@Test
|
||||
@DirtiesContext
|
||||
public void testDefaultAEP() throws Exception {
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
request.setRemoteAddr("192.168.1.10");
|
||||
daep.commence(request, null, null);
|
||||
verify(defaultAEP).commence(request, null, null);
|
||||
verify(firstAEP, never()).commence(any(HttpServletRequest.class),
|
||||
any(HttpServletResponse.class),
|
||||
any(AuthenticationException.class));
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -0,0 +1,25 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<beans xmlns="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd">
|
||||
|
||||
<bean id="daep" class="org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint">
|
||||
<constructor-arg>
|
||||
<map>
|
||||
<entry key="hasIpAddress('192.168.1.0/24') and hasHeader('User-Agent','Mozilla')" value-ref="firstAEP" />
|
||||
</map>
|
||||
</constructor-arg>
|
||||
<property name="defaultEntryPoint" ref="defaultAEP"/>
|
||||
</bean>
|
||||
|
||||
<bean id="firstAEP" class="org.mockito.Mockito" factory-method="mock">
|
||||
<constructor-arg value="org.springframework.security.web.AuthenticationEntryPoint"/>
|
||||
</bean>
|
||||
|
||||
|
||||
<bean id="defaultAEP" class="org.mockito.Mockito" factory-method="mock">
|
||||
<constructor-arg value="org.springframework.security.web.AuthenticationEntryPoint"/>
|
||||
</bean>
|
||||
|
||||
|
||||
</beans>
|
||||
Loading…
Reference in New Issue