Rename to RequestAttributeAuthenticationFilter
Rename EnvironmentVariableAuthenticationFilter to RequestAttributeAuthenticationFilterTests Polish gh-3978
This commit is contained in:
Rob Winch
parent
a8120e74a7
commit
9ae163e92d
|
|
@ -20,52 +20,53 @@ import javax.servlet.http.HttpServletRequest;
|
|||
import org.springframework.util.Assert;
|
||||
|
||||
/**
|
||||
* A simple pre-authenticated filter which obtains the username from an environment variable, for
|
||||
* use with SSO systems such as Stanford WebAuth or Shibboleth.
|
||||
* A simple pre-authenticated filter which obtains the username from request attributes,
|
||||
* for use with SSO systems such as Stanford WebAuth or Shibboleth.
|
||||
* <p>
|
||||
* As with most pre-authenticated scenarios, it is essential that the external
|
||||
* authentication system is set up correctly as this filter does no authentication
|
||||
* whatsoever.
|
||||
* <p>
|
||||
* The property {@code principalEnvironmentVariable} is the name of the request environment variable
|
||||
* that contains the username. It defaults to "REMOTE_USER" for compatibility with WebAuth and Shibboleth.
|
||||
* The property {@code principalEnvironmentVariable} is the name of the request attribute
|
||||
* that contains the username. It defaults to "REMOTE_USER" for compatibility with WebAuth
|
||||
* and Shibboleth.
|
||||
* <p>
|
||||
* If the environment variable is missing from the request, {@code getPreAuthenticatedPrincipal} will
|
||||
* throw an exception. You can override this behaviour by setting the
|
||||
* {@code exceptionIfVariableMissing} property.
|
||||
* If the environment variable is missing from the request,
|
||||
* {@code getPreAuthenticatedPrincipal} will throw an exception. You can override this
|
||||
* behaviour by setting the {@code exceptionIfVariableMissing} property.
|
||||
*
|
||||
*
|
||||
* @author Milan Sevcik
|
||||
* @since 4.2
|
||||
*/
|
||||
public class EnvironmentVariableAuthenticationFilter extends
|
||||
AbstractPreAuthenticatedProcessingFilter {
|
||||
public class RequestAttributeAuthenticationFilter
|
||||
extends AbstractPreAuthenticatedProcessingFilter {
|
||||
private String principalEnvironmentVariable = "REMOTE_USER";
|
||||
private String credentialsEnvironmentVariable;
|
||||
private boolean exceptionIfVariableMissing = true;
|
||||
|
||||
/**
|
||||
* Read and returns the variable named by {@code principalEnvironmentVariable} from the
|
||||
* request.
|
||||
* Read and returns the variable named by {@code principalEnvironmentVariable} from
|
||||
* the request.
|
||||
*
|
||||
* @throws PreAuthenticatedCredentialsNotFoundException if the environment variable
|
||||
* is missing and {@code exceptionIfVariableMissing} is set to {@code true}.
|
||||
* @throws PreAuthenticatedCredentialsNotFoundException if the environment variable is
|
||||
* missing and {@code exceptionIfVariableMissing} is set to {@code true}.
|
||||
*/
|
||||
protected Object getPreAuthenticatedPrincipal(HttpServletRequest request) {
|
||||
String principal = (String)request.getAttribute(principalEnvironmentVariable);
|
||||
String principal = (String) request.getAttribute(principalEnvironmentVariable);
|
||||
|
||||
if (principal == null && exceptionIfVariableMissing) {
|
||||
throw new PreAuthenticatedCredentialsNotFoundException(principalEnvironmentVariable
|
||||
+ " variable not found in request.");
|
||||
throw new PreAuthenticatedCredentialsNotFoundException(
|
||||
principalEnvironmentVariable + " variable not found in request.");
|
||||
}
|
||||
|
||||
return principal;
|
||||
}
|
||||
|
||||
/**
|
||||
* Credentials aren't usually applicable, but if a {@code credentialsEnvironmentVariable} is
|
||||
* set, this will be read and used as the credentials value. Otherwise a dummy value
|
||||
* will be used.
|
||||
* Credentials aren't usually applicable, but if a
|
||||
* {@code credentialsEnvironmentVariable} is set, this will be read and used as the
|
||||
* credentials value. Otherwise a dummy value will be used.
|
||||
*/
|
||||
protected Object getPreAuthenticatedCredentials(HttpServletRequest request) {
|
||||
if (credentialsEnvironmentVariable != null) {
|
||||
|
|
@ -77,13 +78,13 @@ public class EnvironmentVariableAuthenticationFilter extends
|
|||
|
||||
public void setPrincipalEnvironmentVariable(String principalEnvironmentVariable) {
|
||||
Assert.hasText(principalEnvironmentVariable,
|
||||
"principalEnvironmentVariable must not be empty or null");
|
||||
"principalEnvironmentVariable must not be empty or null");
|
||||
this.principalEnvironmentVariable = principalEnvironmentVariable;
|
||||
}
|
||||
|
||||
public void setCredentialsEnvironmentVariable(String credentialsEnvironmentVariable) {
|
||||
Assert.hasText(credentialsEnvironmentVariable,
|
||||
"credentialsEnvironmentVariable must not be empty or null");
|
||||
"credentialsEnvironmentVariable must not be empty or null");
|
||||
this.credentialsEnvironmentVariable = credentialsEnvironmentVariable;
|
||||
}
|
||||
|
||||
|
|
@ -13,7 +13,7 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.web.authentication.preauth.envvariable;
|
||||
package org.springframework.security.web.authentication.preauth;
|
||||
|
||||
import static org.assertj.core.api.Assertions.*;
|
||||
import static org.mockito.Mockito.*;
|
||||
|
|
@ -30,13 +30,13 @@ import org.springframework.security.authentication.AuthenticationManager;
|
|||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.web.authentication.preauth.PreAuthenticatedCredentialsNotFoundException;
|
||||
import org.springframework.security.web.authentication.preauth.EnvironmentVariableAuthenticationFilter;
|
||||
import org.springframework.security.web.authentication.preauth.RequestAttributeAuthenticationFilter;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Milan Sevcik
|
||||
*/
|
||||
public class EnvironmentVariableAuthenticationFilterTests {
|
||||
public class RequestAttributeAuthenticationFilterTests {
|
||||
|
||||
@After
|
||||
@Before
|
||||
|
|
@ -49,7 +49,7 @@ public class EnvironmentVariableAuthenticationFilterTests {
|
|||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
MockFilterChain chain = new MockFilterChain();
|
||||
EnvironmentVariableAuthenticationFilter filter = new EnvironmentVariableAuthenticationFilter();
|
||||
RequestAttributeAuthenticationFilter filter = new RequestAttributeAuthenticationFilter();
|
||||
|
||||
filter.doFilter(request, response, chain);
|
||||
}
|
||||
|
|
@ -60,13 +60,16 @@ public class EnvironmentVariableAuthenticationFilterTests {
|
|||
request.setAttribute("REMOTE_USER", "cat");
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
MockFilterChain chain = new MockFilterChain();
|
||||
EnvironmentVariableAuthenticationFilter filter = new EnvironmentVariableAuthenticationFilter();
|
||||
RequestAttributeAuthenticationFilter filter = new RequestAttributeAuthenticationFilter();
|
||||
filter.setAuthenticationManager(createAuthenticationManager());
|
||||
|
||||
filter.doFilter(request, response, chain);
|
||||
assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
|
||||
assertThat(SecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo("cat");
|
||||
assertThat(SecurityContextHolder.getContext().getAuthentication().getCredentials()).isEqualTo("N/A");
|
||||
assertThat(SecurityContextHolder.getContext().getAuthentication().getName())
|
||||
.isEqualTo("cat");
|
||||
assertThat(
|
||||
SecurityContextHolder.getContext().getAuthentication().getCredentials())
|
||||
.isEqualTo("N/A");
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -75,13 +78,14 @@ public class EnvironmentVariableAuthenticationFilterTests {
|
|||
request.setAttribute("myUsernameVariable", "wolfman");
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
MockFilterChain chain = new MockFilterChain();
|
||||
EnvironmentVariableAuthenticationFilter filter = new EnvironmentVariableAuthenticationFilter();
|
||||
RequestAttributeAuthenticationFilter filter = new RequestAttributeAuthenticationFilter();
|
||||
filter.setAuthenticationManager(createAuthenticationManager());
|
||||
filter.setPrincipalEnvironmentVariable("myUsernameVariable");
|
||||
|
||||
filter.doFilter(request, response, chain);
|
||||
assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
|
||||
assertThat(SecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo("wolfman");
|
||||
assertThat(SecurityContextHolder.getContext().getAuthentication().getName())
|
||||
.isEqualTo("wolfman");
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -89,7 +93,7 @@ public class EnvironmentVariableAuthenticationFilterTests {
|
|||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
MockFilterChain chain = new MockFilterChain();
|
||||
EnvironmentVariableAuthenticationFilter filter = new EnvironmentVariableAuthenticationFilter();
|
||||
RequestAttributeAuthenticationFilter filter = new RequestAttributeAuthenticationFilter();
|
||||
filter.setAuthenticationManager(createAuthenticationManager());
|
||||
filter.setCredentialsEnvironmentVariable("myCredentialsVariable");
|
||||
request.setAttribute("REMOTE_USER", "cat");
|
||||
|
|
@ -97,7 +101,9 @@ public class EnvironmentVariableAuthenticationFilterTests {
|
|||
|
||||
filter.doFilter(request, response, chain);
|
||||
assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
|
||||
assertThat(SecurityContextHolder.getContext().getAuthentication().getCredentials()).isEqualTo("catspassword");
|
||||
assertThat(
|
||||
SecurityContextHolder.getContext().getAuthentication().getCredentials())
|
||||
.isEqualTo("catspassword");
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -105,7 +111,7 @@ public class EnvironmentVariableAuthenticationFilterTests {
|
|||
throws Exception {
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
EnvironmentVariableAuthenticationFilter filter = new EnvironmentVariableAuthenticationFilter();
|
||||
RequestAttributeAuthenticationFilter filter = new RequestAttributeAuthenticationFilter();
|
||||
filter.setAuthenticationManager(createAuthenticationManager());
|
||||
filter.setCheckForPrincipalChanges(true);
|
||||
request.setAttribute("REMOTE_USER", "cat");
|
||||
|
|
@ -116,7 +122,8 @@ public class EnvironmentVariableAuthenticationFilterTests {
|
|||
Authentication dog = SecurityContextHolder.getContext().getAuthentication();
|
||||
assertThat(dog).isNotNull();
|
||||
assertThat(dog.getName()).isEqualTo("dog");
|
||||
// Make sure authentication doesn't occur every time (i.e. if the variable *doesn't*
|
||||
// Make sure authentication doesn't occur every time (i.e. if the variable
|
||||
// *doesn't*
|
||||
// change)
|
||||
filter.setAuthenticationManager(mock(AuthenticationManager.class));
|
||||
filter.doFilter(request, response, new MockFilterChain());
|
||||
|
|
@ -128,7 +135,7 @@ public class EnvironmentVariableAuthenticationFilterTests {
|
|||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
MockFilterChain chain = new MockFilterChain();
|
||||
EnvironmentVariableAuthenticationFilter filter = new EnvironmentVariableAuthenticationFilter();
|
||||
RequestAttributeAuthenticationFilter filter = new RequestAttributeAuthenticationFilter();
|
||||
filter.setAuthenticationManager(createAuthenticationManager());
|
||||
|
||||
filter.doFilter(request, response, chain);
|
||||
|
|
@ -140,7 +147,7 @@ public class EnvironmentVariableAuthenticationFilterTests {
|
|||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
MockFilterChain chain = new MockFilterChain();
|
||||
EnvironmentVariableAuthenticationFilter filter = new EnvironmentVariableAuthenticationFilter();
|
||||
RequestAttributeAuthenticationFilter filter = new RequestAttributeAuthenticationFilter();
|
||||
filter.setExceptionIfVariableMissing(false);
|
||||
filter.setAuthenticationManager(createAuthenticationManager());
|
||||
filter.doFilter(request, response, chain);
|
||||
|
|
@ -151,8 +158,8 @@ public class EnvironmentVariableAuthenticationFilterTests {
|
|||
*/
|
||||
private AuthenticationManager createAuthenticationManager() {
|
||||
AuthenticationManager am = mock(AuthenticationManager.class);
|
||||
when(am.authenticate(any(Authentication.class))).thenAnswer(
|
||||
new Answer<Authentication>() {
|
||||
when(am.authenticate(any(Authentication.class)))
|
||||
.thenAnswer(new Answer<Authentication>() {
|
||||
public Authentication answer(InvocationOnMock invocation)
|
||||
throws Throwable {
|
||||
return (Authentication) invocation.getArguments()[0];
|
||||
Loading…
Reference in New Issue