Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Removed AutoIntegrationFilter

This commit is contained in:
Carlos Sanchez 2004-10-30 22:45:35 +00:00
parent b25a6e002b
commit 928498b53d
2 changed files with 0 additions and 375 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

137
core/src/main/java/org/acegisecurity/ui/AutoIntegrationFilter.java
View File

@ -1,137 +0,0 @@
/* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.ui;
import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.adapters.HttpRequestIntegrationFilter;
import net.sf.acegisecurity.adapters.jboss.JbossIntegrationFilter;
import net.sf.acegisecurity.ui.webapp.HttpSessionIntegrationFilter;
import javax.servlet.ServletRequest;
import javax.servlet.http.HttpServletRequest;
/**
* Detects the container and delegates to the appropriate {@link
* AbstractIntegrationFilter}.
*
* <p>
* This eases the creation of portable, secure applications, as the
* <code>web.xml</code> will not need to refer to a specific integration
* filter.
* </p>
*
* <P>
* The filter automatically delegates to {@link HttpRequestIntegrationFilter}
* if any <code>Authentication</code> object is detected in the
* <code>ServletRequest</code>. Failing this, it will delegate to {@link
* HttpSessionIntegrationFilter} if the session object contains an
* <code>Authentication</code> object. Finally, this filter will delegate to
* {@link JbossIntegrationFilter} if the <code>ServletRequest</code> contains
* an instance of JBoss' <code>SimplePrincipal</code>.
* </p>
*
* <P>
* If no location can be found containing the <code>Authentication</code>
* object, it will return <code>null</code>.
* </p>
*
* @author Ben Alex
* @version $Id$
*
* @see AbstractIntegrationFilter
*/
public class AutoIntegrationFilter extends AbstractIntegrationFilter {
//~ Methods ================================================================
public void commitToContainer(ServletRequest request,
Authentication authentication) {
if (request instanceof HttpServletRequest) {
HttpServletRequest httpRequest = (HttpServletRequest) request;
if (getHttpSessionIntegrationFilter().extractFromContainer(request) != null) {
getHttpSessionIntegrationFilter().commitToContainer(request,
authentication);
return;
}
// Do not try JbossIntegrationFilter, as commit is unsupported.
// Do not try HttpRequestIntegrationFilter, as commit is unsupported.
}
}
public Object extractFromContainer(ServletRequest request) {
if (request instanceof HttpServletRequest) {
HttpServletRequest httpRequest = (HttpServletRequest) request;
if (httpRequest.getUserPrincipal() instanceof Authentication) {
return getHttpServletRequest().extractFromContainer(request);
}
if (getHttpSessionIntegrationFilter().extractFromContainer(request) != null) {
return getHttpSessionIntegrationFilter().extractFromContainer(request);
}
try {
Class simplePrincipalClass = Class.forName(
"org.jboss.security.SimplePrincipal");
if (null != httpRequest.getUserPrincipal()) {
if (simplePrincipalClass.isAssignableFrom(
httpRequest.getUserPrincipal().getClass())) {
return getJbossIntegrationFilter().extractFromContainer(request);
}
}
} catch (ClassNotFoundException e) {
// Can't be JBoss principal
// Expected, and normal - fall through
}
}
return null;
}
/**
* Allows test case to override the source of
* <code>HttpRequestIntegrationFilter</code>.
*
* @return the <code>HttpRequestIntegrationFilter</code> to use
*/
protected HttpRequestIntegrationFilter getHttpServletRequest() {
return new HttpRequestIntegrationFilter();
}
/**
* Allows test case to override the source of
* <code>HttpSessionIntegrationFilter</code>.
*
* @return the <code>HttpRequestIntegrationFilter</code> to use
*/
protected HttpSessionIntegrationFilter getHttpSessionIntegrationFilter() {
return new HttpSessionIntegrationFilter();
}
/**
* Allows test case to override the source of
* <code>JbossIntegrationFilter</code>.
*
* @return the <code>JbossIntegrationFilter</code> to use
*/
protected JbossIntegrationFilter getJbossIntegrationFilter() {
return new JbossIntegrationFilter();
}
}

238
core/src/test/java/org/acegisecurity/ui/AutoIntegrationFilterTests.java
View File

@ -1,238 +0,0 @@
/* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.ui;
import junit.framework.TestCase;
import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.GrantedAuthority;
import net.sf.acegisecurity.GrantedAuthorityImpl;
import net.sf.acegisecurity.MockHttpServletRequest;
import net.sf.acegisecurity.adapters.MockPrincipal;
import net.sf.acegisecurity.adapters.PrincipalAcegiUserToken;
import net.sf.acegisecurity.adapters.jboss.JbossIntegrationFilter;
import net.sf.acegisecurity.adapters.jboss.MockInitialContext;
import net.sf.acegisecurity.adapters.jboss.MockJbossIntegrationFilter;
import net.sf.acegisecurity.ui.webapp.HttpSessionIntegrationFilter;
import org.jboss.security.SimplePrincipal;
import java.security.Principal;
import java.util.HashSet;
import java.util.Set;
import javax.naming.Context;
import javax.security.auth.Subject;
import javax.servlet.ServletRequest;
/**
* Tests {@link AutoIntegrationFilter}.
*
* @author Ben Alex
* @version $Id$
*/
public class AutoIntegrationFilterTests extends TestCase {
//~ Constructors ===========================================================
public AutoIntegrationFilterTests() {
super();
}
public AutoIntegrationFilterTests(String arg0) {
super(arg0);
}
//~ Methods ================================================================
public final void setUp() throws Exception {
super.setUp();
}
public static void main(String[] args) {
junit.textui.TestRunner.run(AutoIntegrationFilterTests.class);
}
public void testCommitForHttpSession() {
// This is the object we want to commit
PrincipalAcegiUserToken principal = new PrincipalAcegiUserToken("key",
"someone", "password",
new GrantedAuthority[] {new GrantedAuthorityImpl("SOME_ROLE")});
// Setup the mock so AutoIntegrationFilter detects HttpSessionIntegrationFilter should be used
MockHttpSessionIntegrationFilter mockHttpSessionIntegrationFilter = new MockHttpSessionIntegrationFilter(new PrincipalAcegiUserToken(
"x", "x", "x",
new GrantedAuthority[] {new GrantedAuthorityImpl("x")}));
// Setup the AutoIntegrationFilter to use our mock HttpSessionIntegrationFilter object
AutoIntegrationFilter filter = new MockAutoIntegrationFilterHttpSession(mockHttpSessionIntegrationFilter);
// Test we can commit the new object (this will override the principal with "x" in its properties)
filter.commitToContainer(new MockHttpServletRequest("ignored"),
principal);
// Test the object was indeed committed and overwrote the principal with "x" in its properties
assertEquals(principal,
mockHttpSessionIntegrationFilter.extractFromContainer(
new MockHttpServletRequest("ignored")));
}
public void testDetectsAuthenticationObjectInHttpRequest() {
AutoIntegrationFilter filter = new AutoIntegrationFilter();
PrincipalAcegiUserToken principal = new PrincipalAcegiUserToken("key",
"someone", "password",
new GrantedAuthority[] {new GrantedAuthorityImpl("SOME_ROLE")});
Object result = filter.extractFromContainer(new MockHttpServletRequest(
principal, null));
if (!(result instanceof PrincipalAcegiUserToken)) {
fail("Should have returned PrincipalAcegiUserToken");
}
PrincipalAcegiUserToken castResult = (PrincipalAcegiUserToken) result;
assertEquals(principal, result);
}
public void testDetectsAuthenticationObjectInHttpSession() {
PrincipalAcegiUserToken principal = new PrincipalAcegiUserToken("key",
"someone", "password",
new GrantedAuthority[] {new GrantedAuthorityImpl("SOME_ROLE")});
AutoIntegrationFilter filter = new MockAutoIntegrationFilterHttpSession(new MockHttpSessionIntegrationFilter(
principal));
Object result = filter.extractFromContainer(new MockHttpServletRequest(
null, null));
if (!(result instanceof PrincipalAcegiUserToken)) {
fail("Should have returned PrincipalAcegiUserToken");
}
PrincipalAcegiUserToken castResult = (PrincipalAcegiUserToken) result;
assertEquals(principal, result);
}
public void testDetectsAuthenticationObjectInJboss() {
// Prepare a mock Jboss environment reflecting completed authentication
PrincipalAcegiUserToken principal = new PrincipalAcegiUserToken("key",
"someone", "password",
new GrantedAuthority[] {new GrantedAuthorityImpl("SOME_ROLE")});
Context context = new MockInitialContext(makeIntoSubject(principal));
JbossIntegrationFilter jbossFilter = new MockJbossIntegrationFilter(context);
// Create a SimplePrincipal, which is what JBoss places into HttpRequest
SimplePrincipal simplePrincipal = new SimplePrincipal("TEST");
// Now try to extract authentication information via our mock AutoIntegrationFilter
AutoIntegrationFilter filter = new MockAutoIntegrationFilterJboss(jbossFilter);
Object result = filter.extractFromContainer(new MockHttpServletRequest(
simplePrincipal, null));
System.out.println(result);
if (!(result instanceof PrincipalAcegiUserToken)) {
fail("Should have returned PrincipalAcegiUserToken");
}
PrincipalAcegiUserToken castResult = (PrincipalAcegiUserToken) result;
assertEquals(principal, result);
}
public void testHandlesIfHttpRequestIsNullForSomeReason() {
AutoIntegrationFilter filter = new AutoIntegrationFilter();
assertEquals(null, filter.extractFromContainer(null));
}
public void testHandlesIfThereIsNoPrincipal() {
AutoIntegrationFilter filter = new AutoIntegrationFilter();
assertEquals(null,
filter.extractFromContainer(new MockHttpServletRequest(null, null)));
}
public void testReturnsNullIfNonAuthenticationObjectInHttpRequest() {
AutoIntegrationFilter filter = new AutoIntegrationFilter();
assertEquals(null,
filter.extractFromContainer(
new MockHttpServletRequest(new MockPrincipal(), null)));
}
private Subject makeIntoSubject(Principal principal) {
Set principals = new HashSet();
principals.add(principal);
return new Subject(false, principals, new HashSet(), new HashSet());
}
//~ Inner Classes ==========================================================
private class MockAutoIntegrationFilterHttpSession
extends AutoIntegrationFilter {
private HttpSessionIntegrationFilter filter;
public MockAutoIntegrationFilterHttpSession(
HttpSessionIntegrationFilter filter) {
this.filter = filter;
}
private MockAutoIntegrationFilterHttpSession() {
super();
}
protected HttpSessionIntegrationFilter getHttpSessionIntegrationFilter() {
return this.filter;
}
}
private class MockAutoIntegrationFilterJboss extends AutoIntegrationFilter {
private JbossIntegrationFilter filter;
public MockAutoIntegrationFilterJboss(JbossIntegrationFilter filter) {
this.filter = filter;
}
private MockAutoIntegrationFilterJboss() {
super();
}
protected JbossIntegrationFilter getJbossIntegrationFilter() {
return this.filter;
}
}
private class MockHttpSessionIntegrationFilter
extends HttpSessionIntegrationFilter {
private Object toReturn;
public MockHttpSessionIntegrationFilter(Object toReturn) {
this.toReturn = toReturn;
}
private MockHttpSessionIntegrationFilter() {
super();
}
public void commitToContainer(ServletRequest request,
Authentication authentication) {
this.toReturn = authentication;
}
public Object extractFromContainer(ServletRequest request) {
return this.toReturn;
}
}
}