Rename to RequestAttributeAuthenticationFilter

Rename EnvironmentVariableAuthenticationFilter to RequestAttributeAuthenticationFilterTests Polish gh-3978
2016-09-22 16:44:10 -05:00 · 2016-09-22 16:44:10 -05:00 · 9ae163e92d
parent a8120e74a7
commit 9ae163e92d
2 changed files with 46 additions and 38 deletions
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/EnvironmentVariableAuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/EnvironmentVariableAuthenticationFilter.java
@ -20,52 +20,53 @@ import javax.servlet.http.HttpServletRequest;
 import org.springframework.util.Assert;
 /**
- * A simple pre-authenticated filter which obtains the username from an environment variable, for
+ * A simple pre-authenticated filter which obtains the username from request attributes,
- * use with SSO systems such as Stanford WebAuth or Shibboleth.
+ * for use with SSO systems such as Stanford WebAuth or Shibboleth.
 * <p>
 * As with most pre-authenticated scenarios, it is essential that the external
 * authentication system is set up correctly as this filter does no authentication
 * whatsoever.
 * <p>
- * The property {@code principalEnvironmentVariable} is the name of the request environment variable
+ * The property {@code principalEnvironmentVariable} is the name of the request attribute
- * that contains the username. It defaults to "REMOTE_USER" for compatibility with WebAuth and Shibboleth.
+ * that contains the username. It defaults to "REMOTE_USER" for compatibility with WebAuth
 * and Shibboleth.
 * <p>
- * If the environment variable is missing from the request, {@code getPreAuthenticatedPrincipal} will
+ * If the environment variable is missing from the request,
- * throw an exception. You can override this behaviour by setting the
+ * {@code getPreAuthenticatedPrincipal} will throw an exception. You can override this
- * {@code exceptionIfVariableMissing} property.
+ * behaviour by setting the {@code exceptionIfVariableMissing} property.
 *
 *
 * @author Milan Sevcik
 * @since 4.2
 */
-public class EnvironmentVariableAuthenticationFilter extends
+public class RequestAttributeAuthenticationFilter
-	AbstractPreAuthenticatedProcessingFilter {
+		extends AbstractPreAuthenticatedProcessingFilter {
 	private String principalEnvironmentVariable = "REMOTE_USER";
 	private String credentialsEnvironmentVariable;
 	private boolean exceptionIfVariableMissing = true;
 	/**
-	 * Read and returns the variable named by {@code principalEnvironmentVariable} from the
+	 * Read and returns the variable named by {@code principalEnvironmentVariable} from
-	 * request.
+	 * the request.
 	 *
-	 * @throws PreAuthenticatedCredentialsNotFoundException if the environment variable
+	 * @throws PreAuthenticatedCredentialsNotFoundException if the environment variable is
-	 * is missing and {@code exceptionIfVariableMissing} is set to {@code true}.
+	 * missing and {@code exceptionIfVariableMissing} is set to {@code true}.
 	 */
 	protected Object getPreAuthenticatedPrincipal(HttpServletRequest request) {
-		String principal = (String)request.getAttribute(principalEnvironmentVariable);
+		String principal = (String) request.getAttribute(principalEnvironmentVariable);
 		if (principal == null && exceptionIfVariableMissing) {
-			throw new PreAuthenticatedCredentialsNotFoundException(principalEnvironmentVariable
+			throw new PreAuthenticatedCredentialsNotFoundException(
-				+ " variable not found in request.");
+					principalEnvironmentVariable + " variable not found in request.");
 		}
 		return principal;
 	}
 	/**
-	 * Credentials aren't usually applicable, but if a {@code credentialsEnvironmentVariable} is
+	 * Credentials aren't usually applicable, but if a
-	 * set, this will be read and used as the credentials value. Otherwise a dummy value
+	 * {@code credentialsEnvironmentVariable} is set, this will be read and used as the
-	 * will be used.
+	 * credentials value. Otherwise a dummy value will be used.
 	 */
 	protected Object getPreAuthenticatedCredentials(HttpServletRequest request) {
 		if (credentialsEnvironmentVariable != null) {
@ -77,13 +78,13 @@ public class EnvironmentVariableAuthenticationFilter extends
 	public void setPrincipalEnvironmentVariable(String principalEnvironmentVariable) {
 		Assert.hasText(principalEnvironmentVariable,
-			"principalEnvironmentVariable must not be empty or null");
+				"principalEnvironmentVariable must not be empty or null");
 		this.principalEnvironmentVariable = principalEnvironmentVariable;
 	}
 	public void setCredentialsEnvironmentVariable(String credentialsEnvironmentVariable) {
 		Assert.hasText(credentialsEnvironmentVariable,
-			"credentialsEnvironmentVariable must not be empty or null");
+				"credentialsEnvironmentVariable must not be empty or null");
 		this.credentialsEnvironmentVariable = credentialsEnvironmentVariable;
 	}
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/envvariable/EnvironmentVariableAuthenticationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/envvariable/EnvironmentVariableAuthenticationFilterTests.java
@ -13,7 +13,7 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
-package org.springframework.security.web.authentication.preauth.envvariable;
+package org.springframework.security.web.authentication.preauth;
 import static org.assertj.core.api.Assertions.*;
 import static org.mockito.Mockito.*;
@ -30,13 +30,13 @@ import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.web.authentication.preauth.PreAuthenticatedCredentialsNotFoundException;
-import org.springframework.security.web.authentication.preauth.EnvironmentVariableAuthenticationFilter;
+import org.springframework.security.web.authentication.preauth.RequestAttributeAuthenticationFilter;
 /**
 *
 * @author Milan Sevcik
 */
-public class EnvironmentVariableAuthenticationFilterTests {
+public class RequestAttributeAuthenticationFilterTests {
 	@After
 	@Before
@ -49,7 +49,7 @@ public class EnvironmentVariableAuthenticationFilterTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		MockFilterChain chain = new MockFilterChain();
-		EnvironmentVariableAuthenticationFilter filter = new EnvironmentVariableAuthenticationFilter();
+		RequestAttributeAuthenticationFilter filter = new RequestAttributeAuthenticationFilter();
 		filter.doFilter(request, response, chain);
 	}
@ -60,13 +60,16 @@ public class EnvironmentVariableAuthenticationFilterTests {
 		request.setAttribute("REMOTE_USER", "cat");
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		MockFilterChain chain = new MockFilterChain();
-		EnvironmentVariableAuthenticationFilter filter = new EnvironmentVariableAuthenticationFilter();
+		RequestAttributeAuthenticationFilter filter = new RequestAttributeAuthenticationFilter();
 		filter.setAuthenticationManager(createAuthenticationManager());
 		filter.doFilter(request, response, chain);
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
-		assertThat(SecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo("cat");
+		assertThat(SecurityContextHolder.getContext().getAuthentication().getName())
-		assertThat(SecurityContextHolder.getContext().getAuthentication().getCredentials()).isEqualTo("N/A");
+				.isEqualTo("cat");
 		assertThat(
 				SecurityContextHolder.getContext().getAuthentication().getCredentials())
 						.isEqualTo("N/A");
 	}
 	@Test
@ -75,13 +78,14 @@ public class EnvironmentVariableAuthenticationFilterTests {
 		request.setAttribute("myUsernameVariable", "wolfman");
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		MockFilterChain chain = new MockFilterChain();
-		EnvironmentVariableAuthenticationFilter filter = new EnvironmentVariableAuthenticationFilter();
+		RequestAttributeAuthenticationFilter filter = new RequestAttributeAuthenticationFilter();
 		filter.setAuthenticationManager(createAuthenticationManager());
 		filter.setPrincipalEnvironmentVariable("myUsernameVariable");
 		filter.doFilter(request, response, chain);
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
-		assertThat(SecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo("wolfman");
+		assertThat(SecurityContextHolder.getContext().getAuthentication().getName())
 				.isEqualTo("wolfman");
 	}
 	@Test
@ -89,7 +93,7 @@ public class EnvironmentVariableAuthenticationFilterTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		MockFilterChain chain = new MockFilterChain();
-		EnvironmentVariableAuthenticationFilter filter = new EnvironmentVariableAuthenticationFilter();
+		RequestAttributeAuthenticationFilter filter = new RequestAttributeAuthenticationFilter();
 		filter.setAuthenticationManager(createAuthenticationManager());
 		filter.setCredentialsEnvironmentVariable("myCredentialsVariable");
 		request.setAttribute("REMOTE_USER", "cat");
@ -97,7 +101,9 @@ public class EnvironmentVariableAuthenticationFilterTests {
 		filter.doFilter(request, response, chain);
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
-		assertThat(SecurityContextHolder.getContext().getAuthentication().getCredentials()).isEqualTo("catspassword");
+		assertThat(
 				SecurityContextHolder.getContext().getAuthentication().getCredentials())
 						.isEqualTo("catspassword");
 	}
 	@Test
@ -105,7 +111,7 @@ public class EnvironmentVariableAuthenticationFilterTests {
 			throws Exception {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		EnvironmentVariableAuthenticationFilter filter = new EnvironmentVariableAuthenticationFilter();
+		RequestAttributeAuthenticationFilter filter = new RequestAttributeAuthenticationFilter();
 		filter.setAuthenticationManager(createAuthenticationManager());
 		filter.setCheckForPrincipalChanges(true);
 		request.setAttribute("REMOTE_USER", "cat");
@ -116,7 +122,8 @@ public class EnvironmentVariableAuthenticationFilterTests {
 		Authentication dog = SecurityContextHolder.getContext().getAuthentication();
 		assertThat(dog).isNotNull();
 		assertThat(dog.getName()).isEqualTo("dog");
-		// Make sure authentication doesn't occur every time (i.e. if the variable *doesn't*
+		// Make sure authentication doesn't occur every time (i.e. if the variable
 		// *doesn't*
 		// change)
 		filter.setAuthenticationManager(mock(AuthenticationManager.class));
 		filter.doFilter(request, response, new MockFilterChain());
@ -128,7 +135,7 @@ public class EnvironmentVariableAuthenticationFilterTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		MockFilterChain chain = new MockFilterChain();
-		EnvironmentVariableAuthenticationFilter filter = new EnvironmentVariableAuthenticationFilter();
+		RequestAttributeAuthenticationFilter filter = new RequestAttributeAuthenticationFilter();
 		filter.setAuthenticationManager(createAuthenticationManager());
 		filter.doFilter(request, response, chain);
@ -140,7 +147,7 @@ public class EnvironmentVariableAuthenticationFilterTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		MockFilterChain chain = new MockFilterChain();
-		EnvironmentVariableAuthenticationFilter filter = new EnvironmentVariableAuthenticationFilter();
+		RequestAttributeAuthenticationFilter filter = new RequestAttributeAuthenticationFilter();
 		filter.setExceptionIfVariableMissing(false);
 		filter.setAuthenticationManager(createAuthenticationManager());
 		filter.doFilter(request, response, chain);
@ -151,8 +158,8 @@ public class EnvironmentVariableAuthenticationFilterTests {
 	 */
 	private AuthenticationManager createAuthenticationManager() {
 		AuthenticationManager am = mock(AuthenticationManager.class);
-		when(am.authenticate(any(Authentication.class))).thenAnswer(
+		when(am.authenticate(any(Authentication.class)))
-				new Answer<Authentication>() {
+				.thenAnswer(new Answer<Authentication>() {
 					public Authentication answer(InvocationOnMock invocation)
 							throws Throwable {
 						return (Authentication) invocation.getArguments()[0];