SEC-144: Separate SecurityEnforcementFilter from FilterSecurityInterceptor.
This commit is contained in:
Ben Alex
parent
fa4c2a6ade
commit
9771b7817a
|
|
@ -24,7 +24,7 @@ package org.acegisecurity;
|
|||
* this exception if they are dissatisfied with the level of the
|
||||
* authentication, such as if performed using a remember-me mechanism or
|
||||
* anonymously. The commonly used {@link
|
||||
* org.acegisecurity.intercept.web.SecurityEnforcementFilter} will thus
|
||||
* org.acegisecurity.ui.ExceptionTranslationFilter} will thus
|
||||
* cause the <code>AuthenticationEntryPoint</code> to be called, allowing the
|
||||
* principal to authenticate with a stronger level of authentication.
|
||||
* </p>
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* Copyright 2004, 2005 Acegi Technology Pty Limited
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -19,18 +19,19 @@ import org.acegisecurity.intercept.AbstractSecurityInterceptor;
|
|||
import org.acegisecurity.intercept.InterceptorStatusToken;
|
||||
import org.acegisecurity.intercept.ObjectDefinitionSource;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import javax.servlet.Filter;
|
||||
import javax.servlet.FilterChain;
|
||||
import javax.servlet.FilterConfig;
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.ServletRequest;
|
||||
import javax.servlet.ServletResponse;
|
||||
|
||||
|
||||
/**
|
||||
* Performs security handling of HTTP resources via a filter implementation.
|
||||
*
|
||||
* <P>
|
||||
* End users should <B>only</B> use this class to configure their HTTP security
|
||||
* configuration in an application context. They should <B>not</B> attempt to
|
||||
* invoke the <code>FilterSecurityInterceptor</code> except as a standard bean
|
||||
* registration in an application context. At runtime, this class will provide
|
||||
* services to web applications via the {@link SecurityEnforcementFilter}.
|
||||
* </p>
|
||||
*
|
||||
* <p>
|
||||
* The <code>ObjectDefinitionSource</code> required by this security
|
||||
* interceptor is of type {@link FilterInvocationDefinitionSource}.
|
||||
|
|
@ -43,7 +44,8 @@ import org.acegisecurity.intercept.ObjectDefinitionSource;
|
|||
* @author Ben Alex
|
||||
* @version $Id$
|
||||
*/
|
||||
public class FilterSecurityInterceptor extends AbstractSecurityInterceptor {
|
||||
public class FilterSecurityInterceptor extends AbstractSecurityInterceptor
|
||||
implements Filter {
|
||||
//~ Static fields/initializers =============================================
|
||||
|
||||
private static final String FILTER_APPLIED = "__acegi_filterSecurityInterceptor_filterApplied";
|
||||
|
|
@ -55,41 +57,47 @@ public class FilterSecurityInterceptor extends AbstractSecurityInterceptor {
|
|||
|
||||
//~ Methods ================================================================
|
||||
|
||||
public void setObjectDefinitionSource(
|
||||
FilterInvocationDefinitionSource newSource) {
|
||||
this.objectDefinitionSource = newSource;
|
||||
/**
|
||||
* Not used (we rely on IoC container lifecycle services instead)
|
||||
*/
|
||||
public void destroy() {}
|
||||
|
||||
/**
|
||||
* Method that is actually called by the filter chain. Simply delegates to
|
||||
* the {@link #invoke(FilterInvocation)} method.
|
||||
*
|
||||
* @param request the servlet request
|
||||
* @param response the servlet response
|
||||
* @param chain the filter chain
|
||||
*
|
||||
* @throws IOException if the filter chain fails
|
||||
* @throws ServletException if the filter chain fails
|
||||
*/
|
||||
public void doFilter(ServletRequest request, ServletResponse response,
|
||||
FilterChain chain) throws IOException, ServletException {
|
||||
FilterInvocation fi = new FilterInvocation(request, response, chain);
|
||||
invoke(fi);
|
||||
}
|
||||
|
||||
public FilterInvocationDefinitionSource getObjectDefinitionSource() {
|
||||
return this.objectDefinitionSource;
|
||||
}
|
||||
|
||||
public void setObserveOncePerRequest(boolean observeOncePerRequest) {
|
||||
this.observeOncePerRequest = observeOncePerRequest;
|
||||
}
|
||||
|
||||
/**
|
||||
* Indicates whether once-per-request handling will be observed. By default
|
||||
* this is <code>true</code>, meaning the
|
||||
* <code>FilterSecurityInterceptor</code> will only execute
|
||||
* once-per-request. Sometimes users may wish it to execute more than once
|
||||
* per request, such as when JSP forwards are being used and filter
|
||||
* security is desired on each included fragment of the HTTP request.
|
||||
*
|
||||
* @return <code>true</code> (the default) if once-per-request is honoured,
|
||||
* otherwise <code>false</code> if
|
||||
* <code>FilterSecurityInterceptor</code> will enforce
|
||||
* authorizations for each and every fragment of the HTTP request.
|
||||
*/
|
||||
public boolean isObserveOncePerRequest() {
|
||||
return observeOncePerRequest;
|
||||
}
|
||||
|
||||
public Class getSecureObjectClass() {
|
||||
return FilterInvocation.class;
|
||||
}
|
||||
|
||||
public void invoke(FilterInvocation fi) throws Throwable {
|
||||
/**
|
||||
* Not used (we rely on IoC container lifecycle services instead)
|
||||
*
|
||||
* @param arg0 ignored
|
||||
*
|
||||
* @throws ServletException never thrown
|
||||
*/
|
||||
public void init(FilterConfig arg0) throws ServletException {}
|
||||
|
||||
public void invoke(FilterInvocation fi)
|
||||
throws IOException, ServletException {
|
||||
if ((fi.getRequest() != null)
|
||||
&& (fi.getRequest().getAttribute(FILTER_APPLIED) != null)
|
||||
&& observeOncePerRequest) {
|
||||
|
|
@ -112,7 +120,33 @@ public class FilterSecurityInterceptor extends AbstractSecurityInterceptor {
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Indicates whether once-per-request handling will be observed. By default
|
||||
* this is <code>true</code>, meaning the
|
||||
* <code>FilterSecurityInterceptor</code> will only execute
|
||||
* once-per-request. Sometimes users may wish it to execute more than once
|
||||
* per request, such as when JSP forwards are being used and filter
|
||||
* security is desired on each included fragment of the HTTP request.
|
||||
*
|
||||
* @return <code>true</code> (the default) if once-per-request is honoured,
|
||||
* otherwise <code>false</code> if
|
||||
* <code>FilterSecurityInterceptor</code> will enforce
|
||||
* authorizations for each and every fragment of the HTTP request.
|
||||
*/
|
||||
public boolean isObserveOncePerRequest() {
|
||||
return observeOncePerRequest;
|
||||
}
|
||||
|
||||
public ObjectDefinitionSource obtainObjectDefinitionSource() {
|
||||
return this.objectDefinitionSource;
|
||||
}
|
||||
|
||||
public void setObjectDefinitionSource(
|
||||
FilterInvocationDefinitionSource newSource) {
|
||||
this.objectDefinitionSource = newSource;
|
||||
}
|
||||
|
||||
public void setObserveOncePerRequest(boolean observeOncePerRequest) {
|
||||
this.observeOncePerRequest = observeOncePerRequest;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.acegisecurity.intercept.web;
|
||||
package org.acegisecurity.ui;
|
||||
|
||||
import org.acegisecurity.AuthenticationException;
|
||||
|
||||
|
|
@ -25,7 +25,7 @@ import javax.servlet.ServletResponse;
|
|||
|
||||
|
||||
/**
|
||||
* Used by {@link SecurityEnforcementFilter} to commence an authentication
|
||||
* Used by {@link ExceptionTranslationFilter} to commence an authentication
|
||||
* scheme.
|
||||
*
|
||||
* @author Ben Alex
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
/* Copyright 2004, 2005 Acegi Technology Pty Limited
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -12,15 +12,19 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.acegisecurity.intercept.web;
|
||||
|
||||
package org.acegisecurity.ui;
|
||||
|
||||
import org.acegisecurity.AccessDeniedException;
|
||||
import org.acegisecurity.AuthenticationException;
|
||||
import org.acegisecurity.AuthenticationTrustResolver;
|
||||
import org.acegisecurity.AuthenticationTrustResolverImpl;
|
||||
import org.acegisecurity.InsufficientAuthenticationException;
|
||||
|
||||
import org.acegisecurity.context.SecurityContextHolder;
|
||||
import org.acegisecurity.ui.AbstractProcessingFilter;
|
||||
|
||||
import org.acegisecurity.intercept.web.FilterInvocation;
|
||||
|
||||
import org.acegisecurity.util.PortResolver;
|
||||
import org.acegisecurity.util.PortResolverImpl;
|
||||
|
||||
|
|
@ -44,11 +48,13 @@ import javax.servlet.http.HttpServletResponse;
|
|||
|
||||
|
||||
/**
|
||||
* Wraps requests to the {@link FilterSecurityInterceptor}.
|
||||
* Handles any <code>AccessDeniedException</code> and
|
||||
* <code>AuthenticationException</code> thrown within the filter chain.
|
||||
*
|
||||
* <p>
|
||||
* This filter is necessary because it provides the bridge between incoming
|
||||
* requests and the <code>FilterSecurityInterceptor</code> instance.
|
||||
* This filter is necessary because it provides the bridge between Java
|
||||
* exceptions and HTTP responses. It is solely concerned with maintaining the
|
||||
* user interface. This filter does not do any actual security enforcement.
|
||||
* </p>
|
||||
*
|
||||
* <p>
|
||||
|
|
@ -77,11 +83,6 @@ import javax.servlet.http.HttpServletResponse;
|
|||
*
|
||||
* <ul>
|
||||
* <li>
|
||||
* <code>filterSecurityInterceptor</code> indicates the
|
||||
* <code>FilterSecurityInterceptor</code> to delegate HTTP security decisions
|
||||
* to.
|
||||
* </li>
|
||||
* <li>
|
||||
* <code>authenticationEntryPoint</code> indicates the handler that should
|
||||
* commence the authentication process if an
|
||||
* <code>AuthenticationException</code> is detected. Note that this may also
|
||||
|
|
@ -103,83 +104,30 @@ import javax.servlet.http.HttpServletResponse;
|
|||
* @author colin sampaleanu
|
||||
* @version $Id$
|
||||
*/
|
||||
public class SecurityEnforcementFilter implements Filter, InitializingBean {
|
||||
private static final Log logger = LogFactory.getLog(SecurityEnforcementFilter.class);
|
||||
public class ExceptionTranslationFilter implements Filter, InitializingBean {
|
||||
//~ Static fields/initializers =============================================
|
||||
|
||||
private static final Log logger = LogFactory.getLog(ExceptionTranslationFilter.class);
|
||||
public static final String ACEGI_SECURITY_ACCESS_DENIED_EXCEPTION_KEY = "ACEGI_SECURITY_403_EXCEPTION";
|
||||
|
||||
//~ Instance fields ========================================================
|
||||
|
||||
private AuthenticationEntryPoint authenticationEntryPoint;
|
||||
private AuthenticationTrustResolver authenticationTrustResolver = new AuthenticationTrustResolverImpl();
|
||||
private FilterSecurityInterceptor filterSecurityInterceptor;
|
||||
private PortResolver portResolver = new PortResolverImpl();
|
||||
private boolean createSessionAllowed = true;
|
||||
|
||||
public void setAuthenticationEntryPoint(
|
||||
AuthenticationEntryPoint authenticationEntryPoint) {
|
||||
this.authenticationEntryPoint = authenticationEntryPoint;
|
||||
}
|
||||
|
||||
public AuthenticationEntryPoint getAuthenticationEntryPoint() {
|
||||
return authenticationEntryPoint;
|
||||
}
|
||||
|
||||
public void setAuthenticationTrustResolver(
|
||||
AuthenticationTrustResolver authenticationTrustResolver) {
|
||||
this.authenticationTrustResolver = authenticationTrustResolver;
|
||||
}
|
||||
|
||||
/**
|
||||
* If <code>true</code>, indicates that <code>SecurityEnforcementFilter</code> is permitted
|
||||
* to store the target URL and exception information in the <code>HttpSession</code> (the
|
||||
* default). In situations where you do not wish to unnecessarily create <code>HttpSession</code>s
|
||||
* - because the user agent will know the failed URL, such as with BASIC or Digest authentication
|
||||
* - you may wish to set this property to <code>false</code>. Remember to also set the
|
||||
* {@link org.acegisecurity.context.HttpSessionContextIntegrationFilter#allowSessionCreation}
|
||||
* to <code>false</code> if you set this property to <code>false</code>.
|
||||
*
|
||||
* @return <code>true</code> if the <code>HttpSession</code> will be used to store information
|
||||
* about the failed request, <code>false</code> if the <code>HttpSession</code> will not be
|
||||
* used
|
||||
*/
|
||||
public boolean isCreateSessionAllowed() {
|
||||
return createSessionAllowed;
|
||||
}
|
||||
|
||||
public void setCreateSessionAllowed(boolean createSessionAllowed) {
|
||||
this.createSessionAllowed = createSessionAllowed;
|
||||
}
|
||||
|
||||
public AuthenticationTrustResolver getAuthenticationTrustResolver() {
|
||||
return authenticationTrustResolver;
|
||||
}
|
||||
|
||||
public void setFilterSecurityInterceptor(
|
||||
FilterSecurityInterceptor filterSecurityInterceptor) {
|
||||
this.filterSecurityInterceptor = filterSecurityInterceptor;
|
||||
}
|
||||
|
||||
public FilterSecurityInterceptor getFilterSecurityInterceptor() {
|
||||
return filterSecurityInterceptor;
|
||||
}
|
||||
|
||||
public void setPortResolver(PortResolver portResolver) {
|
||||
this.portResolver = portResolver;
|
||||
}
|
||||
|
||||
public PortResolver getPortResolver() {
|
||||
return portResolver;
|
||||
}
|
||||
//~ Methods ================================================================
|
||||
|
||||
public void afterPropertiesSet() throws Exception {
|
||||
Assert.notNull(authenticationEntryPoint,
|
||||
"authenticationEntryPoint must be specified");
|
||||
Assert.notNull(filterSecurityInterceptor,
|
||||
"filterSecurityInterceptor must be specified");
|
||||
Assert.notNull(portResolver, "portResolver must be specified");
|
||||
Assert.notNull(authenticationTrustResolver,
|
||||
"authenticationTrustResolver must be specified");
|
||||
}
|
||||
|
||||
public void destroy() {
|
||||
}
|
||||
public void destroy() {}
|
||||
|
||||
public void doFilter(ServletRequest request, ServletResponse response,
|
||||
FilterChain chain) throws IOException, ServletException {
|
||||
|
|
@ -191,10 +139,8 @@ public class SecurityEnforcementFilter implements Filter, InitializingBean {
|
|||
throw new ServletException("HttpServletResponse required");
|
||||
}
|
||||
|
||||
FilterInvocation fi = new FilterInvocation(request, response, chain);
|
||||
|
||||
try {
|
||||
filterSecurityInterceptor.invoke(fi);
|
||||
chain.doFilter(request, response);
|
||||
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Chain processed normally");
|
||||
|
|
@ -205,7 +151,7 @@ public class SecurityEnforcementFilter implements Filter, InitializingBean {
|
|||
authentication);
|
||||
}
|
||||
|
||||
sendStartAuthentication(fi, authentication);
|
||||
sendStartAuthentication(request, response, chain, authentication);
|
||||
} catch (AccessDeniedException accessDenied) {
|
||||
if (authenticationTrustResolver.isAnonymous(
|
||||
SecurityContextHolder.getContext().getAuthentication())) {
|
||||
|
|
@ -214,7 +160,7 @@ public class SecurityEnforcementFilter implements Filter, InitializingBean {
|
|||
accessDenied);
|
||||
}
|
||||
|
||||
sendStartAuthentication(fi,
|
||||
sendStartAuthentication(request, response, chain,
|
||||
new InsufficientAuthenticationException(
|
||||
"Full authentication is required to access this resource"));
|
||||
} else {
|
||||
|
|
@ -223,7 +169,7 @@ public class SecurityEnforcementFilter implements Filter, InitializingBean {
|
|||
accessDenied);
|
||||
}
|
||||
|
||||
sendAccessDeniedError(fi, accessDenied);
|
||||
sendAccessDeniedError(request, response, chain, accessDenied);
|
||||
}
|
||||
} catch (ServletException e) {
|
||||
throw e;
|
||||
|
|
@ -234,48 +180,86 @@ public class SecurityEnforcementFilter implements Filter, InitializingBean {
|
|||
}
|
||||
}
|
||||
|
||||
public void init(FilterConfig filterConfig) throws ServletException {
|
||||
public AuthenticationEntryPoint getAuthenticationEntryPoint() {
|
||||
return authenticationEntryPoint;
|
||||
}
|
||||
|
||||
protected void sendAccessDeniedError(FilterInvocation fi,
|
||||
public AuthenticationTrustResolver getAuthenticationTrustResolver() {
|
||||
return authenticationTrustResolver;
|
||||
}
|
||||
|
||||
public PortResolver getPortResolver() {
|
||||
return portResolver;
|
||||
}
|
||||
|
||||
public void init(FilterConfig filterConfig) throws ServletException {}
|
||||
|
||||
/**
|
||||
* If <code>true</code>, indicates that
|
||||
* <code>SecurityEnforcementFilter</code> is permitted to store the target
|
||||
* URL and exception information in the <code>HttpSession</code> (the
|
||||
* default). In situations where you do not wish to unnecessarily create
|
||||
* <code>HttpSession</code>s - because the user agent will know the failed
|
||||
* URL, such as with BASIC or Digest authentication - you may wish to set
|
||||
* this property to <code>false</code>. Remember to also set the {@link
|
||||
* org.acegisecurity.context.HttpSessionContextIntegrationFilter#allowSessionCreation}
|
||||
* to <code>false</code> if you set this property to <code>false</code>.
|
||||
*
|
||||
* @return <code>true</code> if the <code>HttpSession</code> will be used
|
||||
* to store information about the failed request,
|
||||
* <code>false</code> if the <code>HttpSession</code> will not be
|
||||
* used
|
||||
*/
|
||||
public boolean isCreateSessionAllowed() {
|
||||
return createSessionAllowed;
|
||||
}
|
||||
|
||||
protected void sendAccessDeniedError(ServletRequest request,
|
||||
ServletResponse response, FilterChain chain,
|
||||
AccessDeniedException accessDenied)
|
||||
throws ServletException, IOException {
|
||||
if (createSessionAllowed) {
|
||||
((HttpServletRequest) fi.getRequest()).getSession().setAttribute(ACEGI_SECURITY_ACCESS_DENIED_EXCEPTION_KEY,
|
||||
((HttpServletRequest) request).getSession()
|
||||
.setAttribute(ACEGI_SECURITY_ACCESS_DENIED_EXCEPTION_KEY,
|
||||
accessDenied);
|
||||
}
|
||||
|
||||
((HttpServletResponse) fi.getResponse()).sendError(HttpServletResponse.SC_FORBIDDEN,
|
||||
((HttpServletResponse) response).sendError(HttpServletResponse.SC_FORBIDDEN,
|
||||
accessDenied.getMessage()); // 403
|
||||
}
|
||||
|
||||
protected void sendStartAuthentication(FilterInvocation fi,
|
||||
protected void sendStartAuthentication(ServletRequest request,
|
||||
ServletResponse response, FilterChain chain,
|
||||
AuthenticationException reason) throws ServletException, IOException {
|
||||
HttpServletRequest request = (HttpServletRequest) fi.getRequest();
|
||||
HttpServletRequest httpRequest = (HttpServletRequest) request;
|
||||
|
||||
int port = portResolver.getServerPort(request);
|
||||
int port = portResolver.getServerPort(httpRequest);
|
||||
boolean includePort = true;
|
||||
|
||||
if ("http".equals(request.getScheme().toLowerCase()) && (port == 80)) {
|
||||
if ("http".equals(httpRequest.getScheme().toLowerCase())
|
||||
&& (port == 80)) {
|
||||
includePort = false;
|
||||
}
|
||||
|
||||
if ("https".equals(request.getScheme().toLowerCase()) && (port == 443)) {
|
||||
if ("https".equals(httpRequest.getScheme().toLowerCase())
|
||||
&& (port == 443)) {
|
||||
includePort = false;
|
||||
}
|
||||
|
||||
String targetUrl = request.getScheme() + "://" +
|
||||
request.getServerName() + ((includePort) ? (":" + port) : "") +
|
||||
request.getContextPath() + fi.getRequestUrl();
|
||||
String targetUrl = httpRequest.getScheme() + "://"
|
||||
+ httpRequest.getServerName() + ((includePort) ? (":" + port) : "")
|
||||
+ httpRequest.getContextPath()
|
||||
+ new FilterInvocation(request, response, chain).getRequestUrl();
|
||||
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug(
|
||||
"Authentication entry point being called; target URL added to Session: " +
|
||||
targetUrl);
|
||||
"Authentication entry point being called; target URL added to Session: "
|
||||
+ targetUrl);
|
||||
}
|
||||
|
||||
if (createSessionAllowed) {
|
||||
((HttpServletRequest) request).getSession().setAttribute(AbstractProcessingFilter.ACEGI_SECURITY_TARGET_URL_KEY,
|
||||
httpRequest.getSession()
|
||||
.setAttribute(AbstractProcessingFilter.ACEGI_SECURITY_TARGET_URL_KEY,
|
||||
targetUrl);
|
||||
}
|
||||
|
||||
|
|
@ -283,7 +267,25 @@ public class SecurityEnforcementFilter implements Filter, InitializingBean {
|
|||
// existing Authentication is no longer considered valid
|
||||
SecurityContextHolder.getContext().setAuthentication(null);
|
||||
|
||||
authenticationEntryPoint.commence(request,
|
||||
(HttpServletResponse) fi.getResponse(), reason);
|
||||
authenticationEntryPoint.commence(httpRequest,
|
||||
(HttpServletResponse) response, reason);
|
||||
}
|
||||
|
||||
public void setAuthenticationEntryPoint(
|
||||
AuthenticationEntryPoint authenticationEntryPoint) {
|
||||
this.authenticationEntryPoint = authenticationEntryPoint;
|
||||
}
|
||||
|
||||
public void setAuthenticationTrustResolver(
|
||||
AuthenticationTrustResolver authenticationTrustResolver) {
|
||||
this.authenticationTrustResolver = authenticationTrustResolver;
|
||||
}
|
||||
|
||||
public void setCreateSessionAllowed(boolean createSessionAllowed) {
|
||||
this.createSessionAllowed = createSessionAllowed;
|
||||
}
|
||||
|
||||
public void setPortResolver(PortResolver portResolver) {
|
||||
this.portResolver = portResolver;
|
||||
}
|
||||
}
|
||||
|
|
@ -19,8 +19,8 @@ import org.acegisecurity.Authentication;
|
|||
import org.acegisecurity.AuthenticationException;
|
||||
import org.acegisecurity.AuthenticationManager;
|
||||
import org.acegisecurity.context.SecurityContextHolder;
|
||||
import org.acegisecurity.intercept.web.AuthenticationEntryPoint;
|
||||
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
|
||||
import org.acegisecurity.ui.AuthenticationEntryPoint;
|
||||
import org.acegisecurity.ui.WebAuthenticationDetails;
|
||||
|
||||
import org.apache.commons.codec.binary.Base64;
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@
|
|||
package org.acegisecurity.ui.basicauth;
|
||||
|
||||
import org.acegisecurity.AuthenticationException;
|
||||
import org.acegisecurity.intercept.web.AuthenticationEntryPoint;
|
||||
import org.acegisecurity.ui.AuthenticationEntryPoint;
|
||||
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@
|
|||
package org.acegisecurity.ui.cas;
|
||||
|
||||
import org.acegisecurity.AuthenticationException;
|
||||
import org.acegisecurity.intercept.web.AuthenticationEntryPoint;
|
||||
import org.acegisecurity.ui.AuthenticationEntryPoint;
|
||||
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
import org.springframework.util.Assert;
|
||||
|
|
|
|||
|
|
@ -84,7 +84,7 @@ import org.springframework.util.StringUtils;
|
|||
*
|
||||
* <p>
|
||||
* If authentication fails, an {@link
|
||||
* org.acegisecurity.intercept.web.AuthenticationEntryPoint
|
||||
* org.acegisecurity.ui.AuthenticationEntryPoint
|
||||
* AuthenticationEntryPoint} implementation is called. This must always be
|
||||
* {@link DigestProcessingFilterEntryPoint}, which will prompt the user to
|
||||
* authenticate again via Digest authentication.
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@
|
|||
package org.acegisecurity.ui.digestauth;
|
||||
|
||||
import org.acegisecurity.AuthenticationException;
|
||||
import org.acegisecurity.intercept.web.AuthenticationEntryPoint;
|
||||
import org.acegisecurity.ui.AuthenticationEntryPoint;
|
||||
|
||||
import org.apache.commons.codec.binary.Base64;
|
||||
import org.apache.commons.codec.digest.DigestUtils;
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@
|
|||
package org.acegisecurity.ui.webapp;
|
||||
|
||||
import org.acegisecurity.AuthenticationException;
|
||||
import org.acegisecurity.intercept.web.AuthenticationEntryPoint;
|
||||
import org.acegisecurity.ui.AuthenticationEntryPoint;
|
||||
import org.acegisecurity.util.PortMapper;
|
||||
import org.acegisecurity.util.PortMapperImpl;
|
||||
import org.acegisecurity.util.PortResolver;
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@
|
|||
|
||||
package org.acegisecurity.ui.x509;
|
||||
|
||||
import org.acegisecurity.intercept.web.AuthenticationEntryPoint;
|
||||
import org.acegisecurity.ui.AuthenticationEntryPoint;
|
||||
import org.acegisecurity.AuthenticationException;
|
||||
|
||||
import javax.servlet.ServletRequest;
|
||||
|
|
@ -42,7 +42,7 @@ import org.apache.commons.logging.LogFactory;
|
|||
*
|
||||
* @author Luke Taylor
|
||||
* @version $Id$
|
||||
* @see org.acegisecurity.intercept.web.SecurityEnforcementFilter
|
||||
* @see org.acegisecurity.ui.ExceptionTranslationFilter
|
||||
*/
|
||||
public class X509ProcessingFilterEntryPoint implements AuthenticationEntryPoint {
|
||||
//~ Static fields/initializers =============================================
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@
|
|||
|
||||
package org.acegisecurity;
|
||||
|
||||
import org.acegisecurity.intercept.web.AuthenticationEntryPoint;
|
||||
import org.acegisecurity.ui.AuthenticationEntryPoint;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* Copyright 2004, 2005 Acegi Technology Pty Limited
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -13,7 +13,14 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.acegisecurity.intercept.web;
|
||||
package org.acegisecurity.ui;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import javax.servlet.FilterChain;
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.ServletRequest;
|
||||
import javax.servlet.ServletResponse;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
|
|
@ -27,43 +34,40 @@ import org.acegisecurity.context.SecurityContextHolder;
|
|||
import org.acegisecurity.context.SecurityContextImpl;
|
||||
import org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken;
|
||||
import org.acegisecurity.ui.webapp.AuthenticationProcessingFilter;
|
||||
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import javax.servlet.FilterChain;
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.ServletRequest;
|
||||
import javax.servlet.ServletResponse;
|
||||
|
||||
|
||||
/**
|
||||
* Tests {@link SecurityEnforcementFilter}.
|
||||
* Tests {@link ExceptionTranslationFilter}.
|
||||
*
|
||||
* @author Ben Alex
|
||||
* @version $Id$
|
||||
*/
|
||||
public class SecurityEnforcementFilterTests extends TestCase {
|
||||
public class ExceptionTranslationFilterTests extends TestCase {
|
||||
//~ Constructors ===========================================================
|
||||
|
||||
public SecurityEnforcementFilterTests() {
|
||||
public ExceptionTranslationFilterTests() {
|
||||
super();
|
||||
}
|
||||
|
||||
public SecurityEnforcementFilterTests(String arg0) {
|
||||
public ExceptionTranslationFilterTests(String arg0) {
|
||||
super(arg0);
|
||||
}
|
||||
|
||||
//~ Methods ================================================================
|
||||
|
||||
public static void main(String[] args) {
|
||||
junit.textui.TestRunner.run(ExceptionTranslationFilterTests.class);
|
||||
}
|
||||
|
||||
public final void setUp() throws Exception {
|
||||
super.setUp();
|
||||
}
|
||||
|
||||
public static void main(String[] args) {
|
||||
junit.textui.TestRunner.run(SecurityEnforcementFilterTests.class);
|
||||
protected void tearDown() throws Exception {
|
||||
super.tearDown();
|
||||
SecurityContextHolder.setContext(new SecurityContextImpl());
|
||||
}
|
||||
|
||||
public void testAccessDeniedWhenAnonymous() throws Exception {
|
||||
|
|
@ -76,21 +80,17 @@ public class SecurityEnforcementFilterTests extends TestCase {
|
|||
request.setContextPath("/mycontext");
|
||||
request.setRequestURI("/mycontext/secure/page.html");
|
||||
|
||||
// Setup our expectation that the filter chain will not be invoked, as access is denied
|
||||
MockFilterChain chain = new MockFilterChain(false);
|
||||
|
||||
// Setup the FilterSecurityInterceptor thrown an access denied exception
|
||||
MockFilterSecurityInterceptor interceptor = new MockFilterSecurityInterceptor(true,
|
||||
false, false, false);
|
||||
// Setup the FilterChain to thrown an access denied exception
|
||||
MockFilterChain chain = new MockFilterChain(true, false, false, false);
|
||||
|
||||
// Setup SecurityContextHolder, as filter needs to check if user is anonymous
|
||||
SecurityContextHolder.getContext().setAuthentication(new AnonymousAuthenticationToken(
|
||||
SecurityContextHolder.getContext()
|
||||
.setAuthentication(new AnonymousAuthenticationToken(
|
||||
"ignored", "ignored",
|
||||
new GrantedAuthority[] {new GrantedAuthorityImpl("IGNORED")}));
|
||||
|
||||
// Test
|
||||
SecurityEnforcementFilter filter = new SecurityEnforcementFilter();
|
||||
filter.setFilterSecurityInterceptor(interceptor);
|
||||
ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
|
||||
filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint(
|
||||
"/login.jsp"));
|
||||
|
||||
|
|
@ -98,7 +98,8 @@ public class SecurityEnforcementFilterTests extends TestCase {
|
|||
filter.doFilter(request, response, chain);
|
||||
assertEquals("/mycontext/login.jsp", response.getRedirectedUrl());
|
||||
assertEquals("http://www.example.com/mycontext/secure/page.html",
|
||||
request.getSession().getAttribute(AuthenticationProcessingFilter.ACEGI_SECURITY_TARGET_URL_KEY));
|
||||
request.getSession()
|
||||
.getAttribute(AuthenticationProcessingFilter.ACEGI_SECURITY_TARGET_URL_KEY));
|
||||
}
|
||||
|
||||
public void testAccessDeniedWhenNonAnonymous() throws Exception {
|
||||
|
|
@ -106,19 +107,14 @@ public class SecurityEnforcementFilterTests extends TestCase {
|
|||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
request.setServletPath("/secure/page.html");
|
||||
|
||||
// Setup our expectation that the filter chain will not be invoked, as access is denied
|
||||
MockFilterChain chain = new MockFilterChain(false);
|
||||
|
||||
// Setup the FilterSecurityInterceptor thrown an access denied exception
|
||||
MockFilterSecurityInterceptor interceptor = new MockFilterSecurityInterceptor(true,
|
||||
false, false, false);
|
||||
// Setup the FilterChain to thrown an access denied exception
|
||||
MockFilterChain chain = new MockFilterChain(true, false, false, false);
|
||||
|
||||
// Setup SecurityContextHolder, as filter needs to check if user is anonymous
|
||||
SecurityContextHolder.getContext().setAuthentication(null);
|
||||
|
||||
// Test
|
||||
SecurityEnforcementFilter filter = new SecurityEnforcementFilter();
|
||||
filter.setFilterSecurityInterceptor(interceptor);
|
||||
ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
|
||||
filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint(
|
||||
"/login.jsp"));
|
||||
|
||||
|
|
@ -127,17 +123,17 @@ public class SecurityEnforcementFilterTests extends TestCase {
|
|||
assertEquals(403, response.getStatus());
|
||||
assertEquals(AccessDeniedException.class,
|
||||
request.getSession()
|
||||
.getAttribute(SecurityEnforcementFilter.ACEGI_SECURITY_ACCESS_DENIED_EXCEPTION_KEY)
|
||||
.getAttribute(ExceptionTranslationFilter.ACEGI_SECURITY_ACCESS_DENIED_EXCEPTION_KEY)
|
||||
.getClass());
|
||||
}
|
||||
|
||||
public void testDoFilterWithNonHttpServletRequestDetected()
|
||||
throws Exception {
|
||||
SecurityEnforcementFilter filter = new SecurityEnforcementFilter();
|
||||
ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
|
||||
|
||||
try {
|
||||
filter.doFilter(null, new MockHttpServletResponse(),
|
||||
new MockFilterChain());
|
||||
new MockFilterChain(false, false, false, false));
|
||||
fail("Should have thrown ServletException");
|
||||
} catch (ServletException expected) {
|
||||
assertEquals("HttpServletRequest required", expected.getMessage());
|
||||
|
|
@ -146,11 +142,11 @@ public class SecurityEnforcementFilterTests extends TestCase {
|
|||
|
||||
public void testDoFilterWithNonHttpServletResponseDetected()
|
||||
throws Exception {
|
||||
SecurityEnforcementFilter filter = new SecurityEnforcementFilter();
|
||||
ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
|
||||
|
||||
try {
|
||||
filter.doFilter(new MockHttpServletRequest(null, null), null,
|
||||
new MockFilterChain());
|
||||
new MockFilterChain(false, false, false, false));
|
||||
fail("Should have thrown ServletException");
|
||||
} catch (ServletException expected) {
|
||||
assertEquals("HttpServletResponse required", expected.getMessage());
|
||||
|
|
@ -158,10 +154,7 @@ public class SecurityEnforcementFilterTests extends TestCase {
|
|||
}
|
||||
|
||||
public void testGettersSetters() {
|
||||
SecurityEnforcementFilter filter = new SecurityEnforcementFilter();
|
||||
filter.setFilterSecurityInterceptor(new MockFilterSecurityInterceptor(
|
||||
false, false, false, false));
|
||||
assertTrue(filter.getFilterSecurityInterceptor() != null);
|
||||
ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
|
||||
|
||||
filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint(
|
||||
"/login.jsp"));
|
||||
|
|
@ -182,16 +175,11 @@ public class SecurityEnforcementFilterTests extends TestCase {
|
|||
request.setContextPath("/mycontext");
|
||||
request.setRequestURI("/mycontext/secure/page.html");
|
||||
|
||||
// Setup our expectation that the filter chain will not be invoked, as access is denied
|
||||
MockFilterChain chain = new MockFilterChain(false);
|
||||
|
||||
// Setup the FilterSecurityInterceptor thrown an authentication failure exceptions
|
||||
MockFilterSecurityInterceptor interceptor = new MockFilterSecurityInterceptor(false,
|
||||
true, false, false);
|
||||
// Setup the FilterChain to thrown an authentication failure exception
|
||||
MockFilterChain chain = new MockFilterChain(false, true, false, false);
|
||||
|
||||
// Test
|
||||
SecurityEnforcementFilter filter = new SecurityEnforcementFilter();
|
||||
filter.setFilterSecurityInterceptor(interceptor);
|
||||
ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
|
||||
filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint(
|
||||
"/login.jsp"));
|
||||
filter.setPortResolver(new MockPortResolver(80, 443));
|
||||
|
|
@ -201,7 +189,8 @@ public class SecurityEnforcementFilterTests extends TestCase {
|
|||
filter.doFilter(request, response, chain);
|
||||
assertEquals("/mycontext/login.jsp", response.getRedirectedUrl());
|
||||
assertEquals("http://www.example.com/mycontext/secure/page.html",
|
||||
request.getSession().getAttribute(AuthenticationProcessingFilter.ACEGI_SECURITY_TARGET_URL_KEY));
|
||||
request.getSession()
|
||||
.getAttribute(AuthenticationProcessingFilter.ACEGI_SECURITY_TARGET_URL_KEY));
|
||||
}
|
||||
|
||||
public void testRedirectedToLoginFormAndSessionShowsOriginalTargetWithExoticPortWhenAuthenticationException()
|
||||
|
|
@ -215,16 +204,11 @@ public class SecurityEnforcementFilterTests extends TestCase {
|
|||
request.setContextPath("/mycontext");
|
||||
request.setRequestURI("/mycontext/secure/page.html");
|
||||
|
||||
// Setup our expectation that the filter chain will not be invoked, as access is denied
|
||||
MockFilterChain chain = new MockFilterChain(false);
|
||||
|
||||
// Setup the FilterSecurityInterceptor thrown an authentication failure exceptions
|
||||
MockFilterSecurityInterceptor interceptor = new MockFilterSecurityInterceptor(false,
|
||||
true, false, false);
|
||||
// Setup the FilterChain to thrown an authentication failure exception
|
||||
MockFilterChain chain = new MockFilterChain(false, true, false, false);
|
||||
|
||||
// Test
|
||||
SecurityEnforcementFilter filter = new SecurityEnforcementFilter();
|
||||
filter.setFilterSecurityInterceptor(interceptor);
|
||||
ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
|
||||
filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint(
|
||||
"/login.jsp"));
|
||||
filter.setPortResolver(new MockPortResolver(8080, 8443));
|
||||
|
|
@ -234,14 +218,13 @@ public class SecurityEnforcementFilterTests extends TestCase {
|
|||
filter.doFilter(request, response, chain);
|
||||
assertEquals("/mycontext/login.jsp", response.getRedirectedUrl());
|
||||
assertEquals("http://www.example.com:8080/mycontext/secure/page.html",
|
||||
request.getSession().getAttribute(AuthenticationProcessingFilter.ACEGI_SECURITY_TARGET_URL_KEY));
|
||||
request.getSession()
|
||||
.getAttribute(AuthenticationProcessingFilter.ACEGI_SECURITY_TARGET_URL_KEY));
|
||||
}
|
||||
|
||||
public void testStartupDetectsMissingAuthenticationEntryPoint()
|
||||
throws Exception {
|
||||
SecurityEnforcementFilter filter = new SecurityEnforcementFilter();
|
||||
filter.setFilterSecurityInterceptor(new MockFilterSecurityInterceptor(
|
||||
false, false, false, false));
|
||||
ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
|
||||
|
||||
try {
|
||||
filter.afterPropertiesSet();
|
||||
|
|
@ -252,26 +235,9 @@ public class SecurityEnforcementFilterTests extends TestCase {
|
|||
}
|
||||
}
|
||||
|
||||
public void testStartupDetectsMissingFilterSecurityInterceptor()
|
||||
throws Exception {
|
||||
SecurityEnforcementFilter filter = new SecurityEnforcementFilter();
|
||||
filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint(
|
||||
"/login.jsp"));
|
||||
|
||||
try {
|
||||
filter.afterPropertiesSet();
|
||||
fail("Should have thrown IllegalArgumentException");
|
||||
} catch (IllegalArgumentException expected) {
|
||||
assertEquals("filterSecurityInterceptor must be specified",
|
||||
expected.getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
public void testStartupDetectsMissingPortResolver()
|
||||
throws Exception {
|
||||
SecurityEnforcementFilter filter = new SecurityEnforcementFilter();
|
||||
filter.setFilterSecurityInterceptor(new MockFilterSecurityInterceptor(
|
||||
false, false, false, false));
|
||||
ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
|
||||
filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint(
|
||||
"/login.jsp"));
|
||||
filter.setPortResolver(null);
|
||||
|
|
@ -289,16 +255,11 @@ public class SecurityEnforcementFilterTests extends TestCase {
|
|||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
request.setServletPath("/secure/page.html");
|
||||
|
||||
// Setup our expectation that the filter chain will be invoked, as access is granted
|
||||
MockFilterChain chain = new MockFilterChain(true);
|
||||
|
||||
// Setup the FilterSecurityInterceptor to not thrown any exceptions
|
||||
MockFilterSecurityInterceptor interceptor = new MockFilterSecurityInterceptor(false,
|
||||
false, false, false);
|
||||
// Setup the FilterChain to thrown no exceptions
|
||||
MockFilterChain chain = new MockFilterChain(false, false, false, false);
|
||||
|
||||
// Test
|
||||
SecurityEnforcementFilter filter = new SecurityEnforcementFilter();
|
||||
filter.setFilterSecurityInterceptor(interceptor);
|
||||
ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
|
||||
filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint(
|
||||
"/login.jsp"));
|
||||
|
||||
|
|
@ -308,7 +269,7 @@ public class SecurityEnforcementFilterTests extends TestCase {
|
|||
|
||||
public void testSuccessfulStartupAndShutdownDown()
|
||||
throws Exception {
|
||||
SecurityEnforcementFilter filter = new SecurityEnforcementFilter();
|
||||
ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
|
||||
|
||||
filter.init(null);
|
||||
filter.destroy();
|
||||
|
|
@ -316,10 +277,7 @@ public class SecurityEnforcementFilterTests extends TestCase {
|
|||
}
|
||||
|
||||
public void testThrowIOException() throws Exception {
|
||||
SecurityEnforcementFilter filter = new SecurityEnforcementFilter();
|
||||
|
||||
filter.setFilterSecurityInterceptor(new MockFilterSecurityInterceptor(
|
||||
false, false, false, true));
|
||||
ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
|
||||
|
||||
filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint(""));
|
||||
|
||||
|
|
@ -327,7 +285,8 @@ public class SecurityEnforcementFilterTests extends TestCase {
|
|||
|
||||
try {
|
||||
filter.doFilter(new MockHttpServletRequest(),
|
||||
new MockHttpServletResponse(), new MockFilterChain(false));
|
||||
new MockHttpServletResponse(),
|
||||
new MockFilterChain(false, false, false, true));
|
||||
fail("Should have thrown IOException");
|
||||
} catch (IOException e) {
|
||||
assertNull("The IOException thrown should not have been wrapped",
|
||||
|
|
@ -336,10 +295,7 @@ public class SecurityEnforcementFilterTests extends TestCase {
|
|||
}
|
||||
|
||||
public void testThrowServletException() throws Exception {
|
||||
SecurityEnforcementFilter filter = new SecurityEnforcementFilter();
|
||||
|
||||
filter.setFilterSecurityInterceptor(new MockFilterSecurityInterceptor(
|
||||
false, false, true, false));
|
||||
ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
|
||||
|
||||
filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint(""));
|
||||
|
||||
|
|
@ -347,7 +303,8 @@ public class SecurityEnforcementFilterTests extends TestCase {
|
|||
|
||||
try {
|
||||
filter.doFilter(new MockHttpServletRequest(),
|
||||
new MockHttpServletResponse(), new MockFilterChain(false));
|
||||
new MockHttpServletResponse(),
|
||||
new MockFilterChain(false, false, true, false));
|
||||
fail("Should have thrown ServletException");
|
||||
} catch (ServletException e) {
|
||||
assertNull("The ServletException thrown should not have been wrapped",
|
||||
|
|
@ -355,42 +312,15 @@ public class SecurityEnforcementFilterTests extends TestCase {
|
|||
}
|
||||
}
|
||||
|
||||
protected void tearDown() throws Exception {
|
||||
super.tearDown();
|
||||
SecurityContextHolder.setContext(new SecurityContextImpl());
|
||||
}
|
||||
|
||||
//~ Inner Classes ==========================================================
|
||||
|
||||
private class MockFilterChain implements FilterChain {
|
||||
private boolean expectToProceed;
|
||||
|
||||
public MockFilterChain(boolean expectToProceed) {
|
||||
this.expectToProceed = expectToProceed;
|
||||
}
|
||||
|
||||
private MockFilterChain() {
|
||||
super();
|
||||
}
|
||||
|
||||
public void doFilter(ServletRequest request, ServletResponse response)
|
||||
throws IOException, ServletException {
|
||||
if (expectToProceed) {
|
||||
assertTrue(true);
|
||||
} else {
|
||||
fail("Did not expect filter chain to proceed");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
private class MockFilterSecurityInterceptor
|
||||
extends FilterSecurityInterceptor {
|
||||
private boolean throwAccessDenied;
|
||||
private boolean throwAuthenticationFailure;
|
||||
private boolean throwIOException;
|
||||
private boolean throwServletException;
|
||||
|
||||
public MockFilterSecurityInterceptor(boolean throwAccessDenied,
|
||||
public MockFilterChain(boolean throwAccessDenied,
|
||||
boolean throwAuthenticationFailure, boolean throwServletException,
|
||||
boolean throwIOException) {
|
||||
this.throwAccessDenied = throwAccessDenied;
|
||||
|
|
@ -399,7 +329,8 @@ public class SecurityEnforcementFilterTests extends TestCase {
|
|||
this.throwIOException = throwIOException;
|
||||
}
|
||||
|
||||
public void invoke(FilterInvocation fi) throws Throwable {
|
||||
public void doFilter(ServletRequest request, ServletResponse response)
|
||||
throws IOException, ServletException {
|
||||
if (throwAccessDenied) {
|
||||
throw new AccessDeniedException("As requested");
|
||||
}
|
||||
|
|
@ -415,8 +346,6 @@ public class SecurityEnforcementFilterTests extends TestCase {
|
|||
if (throwIOException) {
|
||||
throw new IOException("As requested");
|
||||
}
|
||||
|
||||
fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -48,6 +48,24 @@ applications:
|
|||
point to an implementation of org.acegisecurity.providers.ProviderManager.
|
||||
</li>
|
||||
|
||||
<li>
|
||||
org.acegisecurity.intercept.web.AuthenticationEntryPoint has moved to a new location,
|
||||
org.acegisecurity.ui.AuthenticationEntryPoint.
|
||||
</li>
|
||||
|
||||
<li>
|
||||
org.acegisecurity.intercept.web.SecurityEnforcementFilter has moved to a new location and name,
|
||||
org.acegisecurity.ui.ExceptionTranslationFilter. In addition, the "filterSecurityInterceptor"
|
||||
property on the old SecurityEnforcementFilter class has been removed. This is because
|
||||
SecurityEnforcementFilter will no longer delegate to FilterSecurityInterceptor as it has in the
|
||||
past. Because this delegation feature has been removed (see SEC-144 for a background as to why),
|
||||
please add a new filter definition for FilterSecurityInterceptor to the end of your
|
||||
FilterChainProxy. Generally you'll also rename the old SecurityEnforcementFilter entry in your
|
||||
FilterChainProxy to ExceptionTranslationFilter, more accurately reflecting its purpose.
|
||||
If you are not using FilterChainProxy (although we recommend that you do), you will need to add
|
||||
an additional filter entry to web.xml and use FilterToBeanProxy to access the FilterSecurityInterceptor.
|
||||
</li>
|
||||
|
||||
</ul>
|
||||
|
||||
</body>
|
||||
|
|
|
|||
|
|
@ -48,7 +48,7 @@
|
|||
<xsl:message terminate="yes">Unsupported auth-method in web.xml, must be FORM or BASIC</xsl:message>
|
||||
</xsl:otherwise>
|
||||
</xsl:choose>
|
||||
<xsl:text>,rememberMeProcessingFilter,anonymousProcessingFilter,securityEnforcementFilter</xsl:text>
|
||||
<xsl:text>,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor</xsl:text>
|
||||
</xsl:variable>
|
||||
|
||||
<!--
|
||||
|
|
@ -137,13 +137,12 @@
|
|||
</xsl:template>
|
||||
|
||||
<!--
|
||||
| Processes the login-config definition and inserts the SecurityEnforcementFilter with
|
||||
| Processes the login-config definition and inserts the ExceptionTranslationFilter with
|
||||
| the appropriate beans for either form or basic authentication.
|
||||
-->
|
||||
<xsl:template match="login-config">
|
||||
|
||||
<bean id="securityEnforcementFilter" class="org.acegisecurity.intercept.web.SecurityEnforcementFilter">
|
||||
<property name="filterSecurityInterceptor"><ref local="filterInvocationInterceptor"/></property>
|
||||
<bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">
|
||||
<property name="authenticationEntryPoint">
|
||||
<xsl:choose>
|
||||
<xsl:when test="$auth-method = 'FORM'">
|
||||
|
|
|
|||
|
|
@ -7,10 +7,9 @@ import javax.xml.transform.TransformerFactoryConfigurationError;
|
|||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import org.acegisecurity.intercept.web.FilterSecurityInterceptor;
|
||||
import org.acegisecurity.intercept.web.SecurityEnforcementFilter;
|
||||
import org.acegisecurity.providers.ProviderManager;
|
||||
import org.acegisecurity.providers.dao.DaoAuthenticationProvider;
|
||||
import org.acegisecurity.ui.ExceptionTranslationFilter;
|
||||
import org.acegisecurity.userdetails.UserDetails;
|
||||
import org.acegisecurity.userdetails.memory.InMemoryDaoImpl;
|
||||
import org.acegisecurity.util.InMemoryResource;
|
||||
|
|
@ -73,11 +72,10 @@ public class WebXmlConverterTests extends TestCase {
|
|||
assertNotNull(bf.getBean("rememberMeProcessingFilter"));
|
||||
assertNotNull(bf.getBean("rememberMeAuthenticationProvider"));
|
||||
|
||||
SecurityEnforcementFilter sef =
|
||||
(SecurityEnforcementFilter) bf.getBean("securityEnforcementFilter");
|
||||
assertNotNull(sef);
|
||||
assertNotNull(sef.getAuthenticationEntryPoint());
|
||||
FilterSecurityInterceptor fsi = sef.getFilterSecurityInterceptor();
|
||||
ExceptionTranslationFilter etf =
|
||||
(ExceptionTranslationFilter) bf.getBean("exceptionTranslationFilter");
|
||||
assertNotNull(etf);
|
||||
assertNotNull(etf.getAuthenticationEntryPoint());
|
||||
System.out.println(prettyPrint(converter.getNewWebXml()));
|
||||
System.out.println(prettyPrint(converter.getAcegiBeans()));
|
||||
|
||||
|
|
|
|||
|
|
@ -16,19 +16,19 @@
|
|||
|
||||
<!-- if you wish to use channel security, add "channelProcessingFilter," in front
|
||||
of "httpSessionContextIntegrationFilter" in the list below -->
|
||||
<bean id="filterChainProxy" class="net.sf.acegisecurity.util.FilterChainProxy">
|
||||
<bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
|
||||
<property name="filterInvocationDefinitionSource">
|
||||
<value>
|
||||
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
|
||||
PATTERN_TYPE_APACHE_ANT
|
||||
/**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,basicProcessingFilter,rememberMeProcessingFilter,anonymousProcessingFilter,securityEnforcementFilter
|
||||
/**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,basicProcessingFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
|
||||
</value>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<!-- ======================== AUTHENTICATION ======================= -->
|
||||
|
||||
<bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager">
|
||||
<bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
|
||||
<property name="providers">
|
||||
<list>
|
||||
<ref local="daoAuthenticationProvider"/>
|
||||
|
|
@ -38,13 +38,13 @@
|
|||
</property>
|
||||
</bean>
|
||||
|
||||
<bean id="jdbcDaoImpl" class="net.sf.acegisecurity.providers.dao.jdbc.JdbcDaoImpl">
|
||||
<bean id="jdbcDaoImpl" class="org.acegisecurity.providers.dao.jdbc.JdbcDaoImpl">
|
||||
<property name="dataSource"><ref bean="dataSource"/></property>
|
||||
</bean>
|
||||
|
||||
<bean id="passwordEncoder" class="net.sf.acegisecurity.providers.encoding.Md5PasswordEncoder"/>
|
||||
<bean id="passwordEncoder" class="org.acegisecurity.providers.encoding.Md5PasswordEncoder"/>
|
||||
|
||||
<bean id="daoAuthenticationProvider" class="net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider">
|
||||
<bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
|
||||
<property name="userDetailsService"><ref local="jdbcDaoImpl"/></property>
|
||||
<property name="userCache"><ref local="userCache"/></property>
|
||||
<property name="passwordEncoder"><ref local="passwordEncoder"/></property>
|
||||
|
|
@ -61,44 +61,44 @@
|
|||
</property>
|
||||
</bean>
|
||||
|
||||
<bean id="userCache" class="net.sf.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
|
||||
<bean id="userCache" class="org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
|
||||
<property name="cache"><ref local="userCacheBackend"/></property>
|
||||
</bean>
|
||||
|
||||
<!-- Automatically receives AuthenticationEvent messages -->
|
||||
<bean id="loggerListener" class="net.sf.acegisecurity.event.authentication.LoggerListener"/>
|
||||
<bean id="loggerListener" class="org.acegisecurity.event.authentication.LoggerListener"/>
|
||||
|
||||
<bean id="basicProcessingFilter" class="net.sf.acegisecurity.ui.basicauth.BasicProcessingFilter">
|
||||
<bean id="basicProcessingFilter" class="org.acegisecurity.ui.basicauth.BasicProcessingFilter">
|
||||
<property name="authenticationManager"><ref local="authenticationManager"/></property>
|
||||
<property name="authenticationEntryPoint"><ref local="basicProcessingFilterEntryPoint"/></property>
|
||||
</bean>
|
||||
|
||||
<bean id="basicProcessingFilterEntryPoint" class="net.sf.acegisecurity.ui.basicauth.BasicProcessingFilterEntryPoint">
|
||||
<bean id="basicProcessingFilterEntryPoint" class="org.acegisecurity.ui.basicauth.BasicProcessingFilterEntryPoint">
|
||||
<property name="realmName"><value>Contacts Realm</value></property>
|
||||
</bean>
|
||||
|
||||
<bean id="anonymousProcessingFilter" class="net.sf.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
|
||||
<bean id="anonymousProcessingFilter" class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
|
||||
<property name="key"><value>foobar</value></property>
|
||||
<property name="userAttribute"><value>anonymousUser,ROLE_ANONYMOUS</value></property>
|
||||
</bean>
|
||||
|
||||
<bean id="anonymousAuthenticationProvider" class="net.sf.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
|
||||
<bean id="anonymousAuthenticationProvider" class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
|
||||
<property name="key"><value>foobar</value></property>
|
||||
</bean>
|
||||
|
||||
<bean id="httpSessionContextIntegrationFilter" class="net.sf.acegisecurity.context.HttpSessionContextIntegrationFilter">
|
||||
<bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContextIntegrationFilter">
|
||||
</bean>
|
||||
|
||||
<bean id="rememberMeProcessingFilter" class="net.sf.acegisecurity.ui.rememberme.RememberMeProcessingFilter">
|
||||
<bean id="rememberMeProcessingFilter" class="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter">
|
||||
<property name="rememberMeServices"><ref local="rememberMeServices"/></property>
|
||||
</bean>
|
||||
|
||||
<bean id="rememberMeServices" class="net.sf.acegisecurity.ui.rememberme.TokenBasedRememberMeServices">
|
||||
<bean id="rememberMeServices" class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices">
|
||||
<property name="userDetailsService"><ref local="jdbcDaoImpl"/></property>
|
||||
<property name="key"><value>springRocks</value></property>
|
||||
</bean>
|
||||
|
||||
<bean id="rememberMeAuthenticationProvider" class="net.sf.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">
|
||||
<bean id="rememberMeAuthenticationProvider" class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">
|
||||
<property name="key"><value>springRocks</value></property>
|
||||
</bean>
|
||||
|
||||
|
|
@ -107,7 +107,7 @@
|
|||
<!-- You will need to uncomment the "Acegi Channel Processing Filter"
|
||||
<filter-mapping> in web.xml for the following beans to be used -->
|
||||
|
||||
<bean id="channelProcessingFilter" class="net.sf.acegisecurity.securechannel.ChannelProcessingFilter">
|
||||
<bean id="channelProcessingFilter" class="org.acegisecurity.securechannel.ChannelProcessingFilter">
|
||||
<property name="channelDecisionManager"><ref local="channelDecisionManager"/></property>
|
||||
<property name="filterInvocationDefinitionSource">
|
||||
<value>
|
||||
|
|
@ -120,7 +120,7 @@
|
|||
</property>
|
||||
</bean>
|
||||
|
||||
<bean id="channelDecisionManager" class="net.sf.acegisecurity.securechannel.ChannelDecisionManagerImpl">
|
||||
<bean id="channelDecisionManager" class="org.acegisecurity.securechannel.ChannelDecisionManagerImpl">
|
||||
<property name="channelProcessors">
|
||||
<list>
|
||||
<ref local="secureChannelProcessor"/>
|
||||
|
|
@ -129,17 +129,16 @@
|
|||
</property>
|
||||
</bean>
|
||||
|
||||
<bean id="secureChannelProcessor" class="net.sf.acegisecurity.securechannel.SecureChannelProcessor"/>
|
||||
<bean id="insecureChannelProcessor" class="net.sf.acegisecurity.securechannel.InsecureChannelProcessor"/>
|
||||
<bean id="secureChannelProcessor" class="org.acegisecurity.securechannel.SecureChannelProcessor"/>
|
||||
<bean id="insecureChannelProcessor" class="org.acegisecurity.securechannel.InsecureChannelProcessor"/>
|
||||
|
||||
<!-- ===================== HTTP REQUEST SECURITY ==================== -->
|
||||
|
||||
<bean id="securityEnforcementFilter" class="net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter">
|
||||
<property name="filterSecurityInterceptor"><ref local="filterInvocationInterceptor"/></property>
|
||||
<bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">
|
||||
<property name="authenticationEntryPoint"><ref local="authenticationProcessingFilterEntryPoint"/></property>
|
||||
</bean>
|
||||
|
||||
<bean id="authenticationProcessingFilter" class="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
|
||||
<bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
|
||||
<property name="authenticationManager"><ref bean="authenticationManager"/></property>
|
||||
<property name="authenticationFailureUrl"><value>/acegilogin.jsp?login_error=1</value></property>
|
||||
<property name="defaultTargetUrl"><value>/</value></property>
|
||||
|
|
@ -147,12 +146,12 @@
|
|||
<property name="rememberMeServices"><ref local="rememberMeServices"/></property>
|
||||
</bean>
|
||||
|
||||
<bean id="authenticationProcessingFilterEntryPoint" class="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
|
||||
<bean id="authenticationProcessingFilterEntryPoint" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
|
||||
<property name="loginFormUrl"><value>/acegilogin.jsp</value></property>
|
||||
<property name="forceHttps"><value>false</value></property>
|
||||
</bean>
|
||||
|
||||
<bean id="httpRequestAccessDecisionManager" class="net.sf.acegisecurity.vote.AffirmativeBased">
|
||||
<bean id="httpRequestAccessDecisionManager" class="org.acegisecurity.vote.AffirmativeBased">
|
||||
<property name="allowIfAllAbstainDecisions"><value>false</value></property>
|
||||
<property name="decisionVoters">
|
||||
<list>
|
||||
|
|
@ -164,7 +163,7 @@
|
|||
<!-- Note the order that entries are placed against the objectDefinitionSource is critical.
|
||||
The FilterSecurityInterceptor will work from the top of the list down to the FIRST pattern that matches the request URL.
|
||||
Accordingly, you should place MOST SPECIFIC (ie a/b/c/d.*) expressions first, with LEAST SPECIFIC (ie a/.*) expressions last -->
|
||||
<bean id="filterInvocationInterceptor" class="net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor">
|
||||
<bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
|
||||
<property name="authenticationManager"><ref bean="authenticationManager"/></property>
|
||||
<property name="accessDecisionManager"><ref local="httpRequestAccessDecisionManager"/></property>
|
||||
<property name="objectDefinitionSource">
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@
|
|||
<value>
|
||||
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
|
||||
PATTERN_TYPE_APACHE_ANT
|
||||
/**=channelProcessingFilter,httpSessionContextIntegrationFilter,casProcessingFilter,basicProcessingFilter,securityEnforcementFilter
|
||||
/**=channelProcessingFilter,httpSessionContextIntegrationFilter,casProcessingFilter,basicProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
|
||||
</value>
|
||||
</property>
|
||||
</bean>
|
||||
|
|
@ -121,8 +121,7 @@
|
|||
|
||||
<!-- ===================== HTTP REQUEST SECURITY ==================== -->
|
||||
|
||||
<bean id="securityEnforcementFilter" class="org.acegisecurity.intercept.web.SecurityEnforcementFilter">
|
||||
<property name="filterSecurityInterceptor"><ref local="filterInvocationInterceptor"/></property>
|
||||
<bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">
|
||||
<property name="authenticationEntryPoint"><ref local="casProcessingFilterEntryPoint"/></property>
|
||||
</bean>
|
||||
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@
|
|||
<value>
|
||||
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
|
||||
PATTERN_TYPE_APACHE_ANT
|
||||
/**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,basicProcessingFilter,rememberMeProcessingFilter,anonymousProcessingFilter,securityEnforcementFilter,switchUserProcessingFilter
|
||||
/**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,basicProcessingFilter,rememberMeProcessingFilter,anonymousProcessingFilter,switchUserProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
|
||||
</value>
|
||||
</property>
|
||||
</bean>
|
||||
|
|
@ -135,8 +135,7 @@
|
|||
|
||||
<!-- ===================== HTTP REQUEST SECURITY ==================== -->
|
||||
|
||||
<bean id="securityEnforcementFilter" class="org.acegisecurity.intercept.web.SecurityEnforcementFilter">
|
||||
<property name="filterSecurityInterceptor"><ref local="filterInvocationInterceptor"/></property>
|
||||
<bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">
|
||||
<property name="authenticationEntryPoint"><ref local="authenticationProcessingFilterEntryPoint"/></property>
|
||||
</bean>
|
||||
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@
|
|||
<value>
|
||||
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
|
||||
PATTERN_TYPE_APACHE_ANT
|
||||
/**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,securityEnforcementFilter
|
||||
/**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
|
||||
</value>
|
||||
</property>
|
||||
</bean>
|
||||
|
|
@ -66,8 +66,7 @@
|
|||
|
||||
<!-- ===================== HTTP REQUEST SECURITY ==================== -->
|
||||
|
||||
<bean id="securityEnforcementFilter" class="org.acegisecurity.intercept.web.SecurityEnforcementFilter">
|
||||
<property name="filterSecurityInterceptor"><ref local="filterInvocationInterceptor"/></property>
|
||||
<bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">
|
||||
<property name="authenticationEntryPoint"><ref local="authenticationProcessingFilterEntryPoint"/></property>
|
||||
</bean>
|
||||
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@
|
|||
<value>
|
||||
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
|
||||
PATTERN_TYPE_APACHE_ANT
|
||||
/**=channelProcessingFilter,httpSessionContextIntegrationFilter,x509ProcessingFilter,securityEnforcementFilter
|
||||
/**=channelProcessingFilter,httpSessionContextIntegrationFilter,x509ProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
|
||||
</value>
|
||||
</property>
|
||||
</bean>
|
||||
|
|
@ -103,8 +103,7 @@
|
|||
|
||||
<!-- ===================== HTTP REQUEST SECURITY ==================== -->
|
||||
|
||||
<bean id="securityEnforcementFilter" class="org.acegisecurity.intercept.web.SecurityEnforcementFilter">
|
||||
<property name="filterSecurityInterceptor"><ref local="filterInvocationInterceptor"/></property>
|
||||
<bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">
|
||||
<property name="authenticationEntryPoint"><ref local="x509ProcessingFilterEntryPoint"/></property>
|
||||
</bean>
|
||||
|
||||
|
|
|
|||
|
|
@ -32,6 +32,8 @@ import org.acegisecurity.AuthenticationTrustResolverImpl;
|
|||
import org.acegisecurity.InsufficientAuthenticationException;
|
||||
import org.acegisecurity.context.SecurityContextHolder;
|
||||
import org.acegisecurity.ui.AbstractProcessingFilter;
|
||||
import org.acegisecurity.ui.AuthenticationEntryPoint;
|
||||
import org.acegisecurity.ui.ExceptionTranslationFilter;
|
||||
import org.acegisecurity.util.PortResolver;
|
||||
import org.acegisecurity.util.PortResolverImpl;
|
||||
import org.acegisecurity.wrapper.redirect.SavedHttpServletRequest;
|
||||
|
|
@ -104,7 +106,7 @@ import org.springframework.util.Assert;
|
|||
*/
|
||||
public class SandboxSecurityEnforcementFilter implements Filter, InitializingBean {
|
||||
|
||||
private static final Log logger = LogFactory.getLog(SecurityEnforcementFilter.class);
|
||||
private static final Log logger = LogFactory.getLog(ExceptionTranslationFilter.class);
|
||||
|
||||
public static final String ACEGI_SECURITY_ACCESS_DENIED_EXCEPTION_KEY = "ACEGI_SECURITY_403_EXCEPTION";
|
||||
public static final String SAVED_REQUEST_SESSION_ATTRIBUTE = "org.acegisecurity.intercept.web.SAVED_REQUEST_SESSION_ATTRIBUTE";
|
||||
|
|
|
|||
|
|
@ -17,8 +17,8 @@ import org.acegisecurity.AuthenticationException;
|
|||
import org.acegisecurity.AuthenticationManager;
|
||||
import org.acegisecurity.BadCredentialsException;
|
||||
import org.acegisecurity.context.SecurityContextHolder;
|
||||
import org.acegisecurity.intercept.web.AuthenticationEntryPoint;
|
||||
import org.acegisecurity.providers.smb.NtlmAuthenticationToken;
|
||||
import org.acegisecurity.ui.AuthenticationEntryPoint;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@
|
|||
package org.acegisecurity.ui.ntlm;
|
||||
|
||||
import org.acegisecurity.AuthenticationException;
|
||||
import org.acegisecurity.intercept.web.AuthenticationEntryPoint;
|
||||
import org.acegisecurity.ui.AuthenticationEntryPoint;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ import java.util.Map;
|
|||
import javax.servlet.http.Cookie;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
import org.acegisecurity.intercept.web.SecurityEnforcementFilter;
|
||||
import org.acegisecurity.ui.ExceptionTranslationFilter;
|
||||
import org.acegisecurity.wrapper.SecurityContextHolderAwareRequestWrapper;
|
||||
|
||||
/**
|
||||
|
|
@ -47,7 +47,7 @@ import org.acegisecurity.wrapper.SecurityContextHolderAwareRequestWrapper;
|
|||
* </p>
|
||||
* <p>The original source code from Apache Tomcat<p>
|
||||
*
|
||||
* @see SecurityEnforcementFilter
|
||||
* @see ExceptionTranslationFilter
|
||||
* @see SecurityContextHolderAwareRequestWrapper
|
||||
* @author Craig R. McClanahan
|
||||
* @author Andrey Grebnev <a href="mailto:andrey.grebnev@blandware.com"><andrey.grebnev@blandware.com></a>
|
||||
|
|
|
|||
Loading…
Reference in New Issue