Tidied up getters/setters in AbstractProcessingFilter. Removed unused getters and reduced the scope of others where possible.

2025-07-14 22:33:31 +00:00 · 2008-01-07 16:10:50 +00:00 · 2008-01-07 16:10:50 +00:00 · 99b7510482
commit 99b7510482
parent c5bc0fc683
3 changed files with 107 additions and 151 deletions
--- a/core/src/main/java/org/springframework/security/ui/AbstractProcessingFilter.java
+++ b/core/src/main/java/org/springframework/security/ui/AbstractProcessingFilter.java
@ -63,15 +63,12 @@ import javax.servlet.http.HttpSession;
 * authentication is successful, the resulting {@link Authentication} object
 * will be placed into the <code>SecurityContext</code>, which is guaranteed
 * to have already been created by an earlier filter.
 * </p>
 * <p>
 * If authentication fails, the <code>AuthenticationException</code> will be
 * placed into the <code>HttpSession</code> with the attribute defined by
 * {@link #SPRING_SECURITY_LAST_EXCEPTION_KEY}.
 * </p>
 * <p>
 * To use this filter, it is necessary to specify the following properties:
 * </p>
 * <ul>
 * <li><code>defaultTargetUrl</code> indicates the URL that should be used
 * for redirection if the <code>HttpSession</code> attribute named
@ -110,26 +107,24 @@ import javax.servlet.http.HttpSession;
 * The example above would redirect all
 * {@link org.springframework.security.BadCredentialsException}s thrown, to a page in the
 * web-application called /bad_credentials.jsp.
 * </p>
 * <p>
 * Any {@link AuthenticationException} thrown that cannot be matched in the
 * <code>exceptionMappings</code> will be redirected to the
 * <code>authenticationFailureUrl</code>
 * </p>
 * <p>
 * If authentication is successful, an {@link
 * org.springframework.security.event.authentication.InteractiveAuthenticationSuccessEvent}
 * will be published to the application context. No events will be published if
 * authentication was unsuccessful, because this would generally be recorded via
 * an <code>AuthenticationManager</code>-specific application event.
- * </p>
+ * <p>
- *  <p>The filter has an optional attribute <tt>invalidateSessionOnSuccessfulAuthentication</tt> that will invalidate
+ * The filter has an optional attribute <tt>invalidateSessionOnSuccessfulAuthentication</tt> that will invalidate
 * the current session on successful authentication. This is to protect against session fixation attacks (see
 * <a href="http://en.wikipedia.org/wiki/Session_fixation">this Wikipedia article</a> for more information).
 * The behaviour is turned off by default. Additionally there is a property <tt>migrateInvalidatedSessionAttributes</tt>
 * which tells if on session invalidation we are to migrate all session attributes from the old session to a newly
 * created one. This is turned on by default, but not used unless <tt>invalidateSessionOnSuccessfulAuthentication</tt>
- * is true.</p>
+ * is true.
 *
 * @author Ben Alex
 * @version $Id: AbstractProcessingFilter.java 1909 2007-06-19 04:08:19Z
@ -269,55 +264,6 @@ public abstract class AbstractProcessingFilter extends SpringSecurityFilter impl
 		chain.doFilter(request, response);
 	}
 	public String getAuthenticationFailureUrl() {
 		return authenticationFailureUrl;
 	}
 	public AuthenticationManager getAuthenticationManager() {
 		return authenticationManager;
 	}
 	/**
 	 * Specifies the default <code>filterProcessesUrl</code> for the
 	 * implementation.
 	 *
 	 * @return the default <code>filterProcessesUrl</code>
 	 */
 	public abstract String getDefaultFilterProcessesUrl();
 	/**
 	 * Supplies the default target Url that will be used if no saved request is
 	 * found or the <tt>alwaysUseDefaultTargetUrl</tt> propert is set to true.
 	 * Override this method of you want to provide a customized default Url (for
 	 * example if you want different Urls depending on the authorities of the
 	 * user who has just logged in).
 	 *
 	 * @return the defaultTargetUrl property
 	 */
 	public String getDefaultTargetUrl() {
 		return defaultTargetUrl;
 	}
 	public Properties getExceptionMappings() {
 		return new Properties(exceptionMappings);
 	}
 	public String getFilterProcessesUrl() {
 		return filterProcessesUrl;
 	}
 	public RememberMeServices getRememberMeServices() {
 		return rememberMeServices;
 	}
 	public boolean isAlwaysUseDefaultTargetUrl() {
 		return alwaysUseDefaultTargetUrl;
 	}
 	public boolean isContinueChainBeforeSuccessfulAuthentication() {
 		return continueChainBeforeSuccessfulAuthentication;
 	}
 	public static String obtainFullRequestUrl(HttpServletRequest request) {
 		SavedRequest savedRequest = (SavedRequest) request.getSession().getAttribute(SPRING_SECURITY_SAVED_REQUEST_KEY);
@ -380,63 +326,6 @@ public abstract class AbstractProcessingFilter extends SpringSecurityFilter impl
        RedirectUtils.sendRedirect(request, response, url, useRelativeContext);
 	}
 	public void setAlwaysUseDefaultTargetUrl(boolean alwaysUseDefaultTargetUrl) {
 		this.alwaysUseDefaultTargetUrl = alwaysUseDefaultTargetUrl;
 	}
 	public void setApplicationEventPublisher(ApplicationEventPublisher eventPublisher) {
 		this.eventPublisher = eventPublisher;
 	}
 	public void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource) {
 		Assert.notNull(authenticationDetailsSource, "AuthenticationDetailsSource required");
 		this.authenticationDetailsSource = authenticationDetailsSource;
 	}
 	public void setAuthenticationFailureUrl(String authenticationFailureUrl) {
 		this.authenticationFailureUrl = authenticationFailureUrl;
 	}
 	public void setAuthenticationManager(AuthenticationManager authenticationManager) {
 		this.authenticationManager = authenticationManager;
 	}
 	public void setContinueChainBeforeSuccessfulAuthentication(boolean continueChainBeforeSuccessfulAuthentication) {
 		this.continueChainBeforeSuccessfulAuthentication = continueChainBeforeSuccessfulAuthentication;
 	}
 	public void setDefaultTargetUrl(String defaultTargetUrl) {
 		Assert.isTrue(defaultTargetUrl.startsWith("/") | defaultTargetUrl.startsWith("http"),
 				"defaultTarget must start with '/' or with 'http(s)'");
 		this.defaultTargetUrl = defaultTargetUrl;
 	}
 	public void setExceptionMappings(Properties exceptionMappings) {
 		this.exceptionMappings = exceptionMappings;
 	}
 	public void setFilterProcessesUrl(String filterProcessesUrl) {
 		this.filterProcessesUrl = filterProcessesUrl;
 	}
 	public void setMessageSource(MessageSource messageSource) {
 		this.messages = new MessageSourceAccessor(messageSource);
 	}
 	public void setRememberMeServices(RememberMeServices rememberMeServices) {
 		this.rememberMeServices = rememberMeServices;
 	}
    public void setInvalidateSessionOnSuccessfulAuthentication(boolean invalidateSessionOnSuccessfulAuthentication) {
        this.invalidateSessionOnSuccessfulAuthentication = invalidateSessionOnSuccessfulAuthentication;
    }
    public void setMigrateInvalidatedSessionAttributes(boolean migrateInvalidatedSessionAttributes) {
        this.migrateInvalidatedSessionAttributes = migrateInvalidatedSessionAttributes;
    }
    protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response,
 			Authentication authResult) throws IOException {
 		if (logger.isDebugEnabled()) {
@ -561,6 +450,106 @@ public abstract class AbstractProcessingFilter extends SpringSecurityFilter impl
        return exceptionMappings.getProperty(failed.getClass().getName(), authenticationFailureUrl);
    }
    public String getAuthenticationFailureUrl() {
        return authenticationFailureUrl;
    }
    public void setAuthenticationFailureUrl(String authenticationFailureUrl) {
        this.authenticationFailureUrl = authenticationFailureUrl;
    }
    protected AuthenticationManager getAuthenticationManager() {
        return authenticationManager;
    }
    public void setAuthenticationManager(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }
    /**
     * Specifies the default <code>filterProcessesUrl</code> for the
     * implementation.
     *
     * @return the default <code>filterProcessesUrl</code>
     */
    public abstract String getDefaultFilterProcessesUrl();
    /**
     * Supplies the default target Url that will be used if no saved request is
     * found or the <tt>alwaysUseDefaultTargetUrl</tt> propert is set to true.
     * Override this method of you want to provide a customized default Url (for
     * example if you want different Urls depending on the authorities of the
     * user who has just logged in).
     *
     * @return the defaultTargetUrl property
     */
    public String getDefaultTargetUrl() {
        return defaultTargetUrl;
    }
 	public void setDefaultTargetUrl(String defaultTargetUrl) {
 		Assert.isTrue(defaultTargetUrl.startsWith("/") | defaultTargetUrl.startsWith("http"),
 				"defaultTarget must start with '/' or with 'http(s)'");
 		this.defaultTargetUrl = defaultTargetUrl;
 	}
    Properties getExceptionMappings() {
        return new Properties(exceptionMappings);
    }
    public void setExceptionMappings(Properties exceptionMappings) {
 		this.exceptionMappings = exceptionMappings;
 	}
    public String getFilterProcessesUrl() {
        return filterProcessesUrl;
    }
    public void setFilterProcessesUrl(String filterProcessesUrl) {
        this.filterProcessesUrl = filterProcessesUrl;
    }
    public RememberMeServices getRememberMeServices() {
        return rememberMeServices;
    }
    public void setRememberMeServices(RememberMeServices rememberMeServices) {
        this.rememberMeServices = rememberMeServices;
    }
    boolean isAlwaysUseDefaultTargetUrl() {
        return alwaysUseDefaultTargetUrl;
    }
    public void setAlwaysUseDefaultTargetUrl(boolean alwaysUseDefaultTargetUrl) {
 		this.alwaysUseDefaultTargetUrl = alwaysUseDefaultTargetUrl;
 	}
    public void setContinueChainBeforeSuccessfulAuthentication(boolean continueChainBeforeSuccessfulAuthentication) {
        this.continueChainBeforeSuccessfulAuthentication = continueChainBeforeSuccessfulAuthentication;
    }
    public void setApplicationEventPublisher(ApplicationEventPublisher eventPublisher) {
 		this.eventPublisher = eventPublisher;
 	}
 	public void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource) {
 		Assert.notNull(authenticationDetailsSource, "AuthenticationDetailsSource required");
 		this.authenticationDetailsSource = authenticationDetailsSource;
 	}
    public void setMessageSource(MessageSource messageSource) {
 		this.messages = new MessageSourceAccessor(messageSource);
 	}
    public void setInvalidateSessionOnSuccessfulAuthentication(boolean invalidateSessionOnSuccessfulAuthentication) {
        this.invalidateSessionOnSuccessfulAuthentication = invalidateSessionOnSuccessfulAuthentication;
    }
    public void setMigrateInvalidatedSessionAttributes(boolean migrateInvalidatedSessionAttributes) {
        this.migrateInvalidatedSessionAttributes = migrateInvalidatedSessionAttributes;
    }
    public AuthenticationDetailsSource getAuthenticationDetailsSource() {
 		// Required due to SEC-310
 		return authenticationDetailsSource;
--- a/core/src/test/java/org/springframework/security/context/SecurityContextHolderTests.java
+++ b/core/src/test/java/org/springframework/security/context/SecurityContextHolderTests.java
@ -34,8 +34,8 @@ public class SecurityContextHolderTests extends TestCase {
    private static int errors = 0;
-    private static final int NUM_OPS = 25;
+    private static final int NUM_OPS = 5;
-    private static final int NUM_THREADS = 10;
+    private static final int NUM_THREADS = 5;
    //~ Constructors ===================================================================================================
--- a/core/src/test/java/org/springframework/security/ui/webapp/SiteminderAuthenticationProcessingFilterTests.java
+++ b/core/src/test/java/org/springframework/security/ui/webapp/SiteminderAuthenticationProcessingFilterTests.java
@ -28,7 +28,7 @@ import org.springframework.mock.web.MockHttpServletResponse;
 *
 * @author Ben Alex
 * @author <a href="mailto:scott@mccrory.us">Scott McCrory</a>
- * @version CVS $Id$
+ * @version $Id$
 */
 public class SiteminderAuthenticationProcessingFilterTests extends TestCase {
    //~ Constructors ===================================================================================================
@ -37,7 +37,6 @@ public class SiteminderAuthenticationProcessingFilterTests extends TestCase {
     * Basic constructor.
     */
    public SiteminderAuthenticationProcessingFilterTests() {
        super();
    }
    /**
@ -51,44 +50,12 @@ public class SiteminderAuthenticationProcessingFilterTests extends TestCase {
    //~ Methods ========================================================================================================
    /**
     * Runs the tests as a command-line program.
     *
     * @param args
     */
    public static void main(String[] args) {
        junit.textui.TestRunner.run(SiteminderAuthenticationProcessingFilterTests.class);
    }
    /**
     *
     * @see junit.framework.TestCase#setUp()
     */
    public final void setUp() throws Exception {
        super.setUp();
    }
    /**
     * Tests the class' getters.
     */
    public void testAccessors() {
        SiteminderAuthenticationProcessingFilter filter = new SiteminderAuthenticationProcessingFilter();
        filter.setAlwaysUseDefaultTargetUrl(true);
        assertTrue(filter.isAlwaysUseDefaultTargetUrl());
        filter.setAuthenticationFailureUrl("foo");
        assertEquals("foo", filter.getAuthenticationFailureUrl());
        filter.setContinueChainBeforeSuccessfulAuthentication(true);
        assertTrue(filter.isContinueChainBeforeSuccessfulAuthentication());
        filter.setDefaultTargetUrl("/bar");
        assertEquals("/bar", filter.getDefaultTargetUrl());
        filter.setFilterProcessesUrl("foobar");
        assertEquals("foobar", filter.getFilterProcessesUrl());
        filter.setFormUsernameParameterKey("usernameParamKey");
        assertEquals("usernameParamKey", filter.getFormUsernameParameterKey());
@ -184,7 +151,7 @@ public class SiteminderAuthenticationProcessingFilterTests extends TestCase {
        assertFalse(requiresAuthentication);
        // Requests for the filter processing URI SHOULD require (re)authentication
-        request.setRequestURI(request.getContextPath() + filter.getFilterProcessesUrl());
+        request.setRequestURI(request.getContextPath() + "/j_spring_security_check");
        requiresAuthentication = filter.requiresAuthentication(request, response);
        assertTrue(requiresAuthentication);