mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-07-12 21:33:30 +00:00
SEC-368: Extra spelling corrections in captcha. Also general tidying up of comments and corrections of log messages
This commit is contained in:
Luke Taylor
parent
4586183f17
commit
bd5172ffbc
@ -19,8 +19,11 @@
|
||||
package org.springframework.security.captcha;
|
||||
|
||||
/**
|
||||
* <p>return false if ny CaptchaChannelProcessorTemplate of mapped urls has been requested more than thresold; <br>
|
||||
* Default keyword : REQUIRES_CAPTCHA_ABOVE_THRESOLD_REQUESTS</p>
|
||||
* Return false if the number of requests for captcha protcted URLs for the user
|
||||
* exceeds the threshold value.
|
||||
*
|
||||
* <br/>
|
||||
* Default keyword : <tt>REQUIRES_CAPTCHA_ABOVE_THRESHOLD_REQUESTS</tt>
|
||||
*
|
||||
* @author Marc-Antoine Garrigue
|
||||
* @version $Id$
|
||||
@ -33,9 +36,6 @@ public class AlwaysTestAfterMaxRequestsCaptchaChannelProcessor extends CaptchaCh
|
||||
|
||||
//~ Constructors ===================================================================================================
|
||||
|
||||
/**
|
||||
* Constructor
|
||||
*/
|
||||
public AlwaysTestAfterMaxRequestsCaptchaChannelProcessor() {
|
||||
this.setKeyword(DEFAULT_KEYWORD);
|
||||
}
|
||||
@ -43,11 +43,8 @@ public class AlwaysTestAfterMaxRequestsCaptchaChannelProcessor extends CaptchaCh
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
/**
|
||||
* Verify whether the context is valid concerning humanity
|
||||
*
|
||||
* @param context
|
||||
*
|
||||
* @return true if valid, false otherwise
|
||||
* @return false if the number of requests for captcha protected URLs exceeds the threshold.
|
||||
*/
|
||||
boolean isContextValidConcerningHumanity(CaptchaSecurityContext context) {
|
||||
if (context.getHumanRestrictedResourcesRequestsCount() < getThreshold()) {
|
||||
|
||||
@ -16,8 +16,8 @@
|
||||
package org.springframework.security.captcha;
|
||||
|
||||
/**
|
||||
* <p>return false if thresold is greater than millis since last captcha test has occured;<br>
|
||||
* Default keyword : REQUIRES_CAPTCHA_AFTER_THRESOLD_IN_MILLIS</p>
|
||||
* Return false if the time in millis since the last captcha test is less than the threshold;<br/>
|
||||
* Default keyword : <tt>REQUIRES_CAPTCHA_AFTER_THRESHOLD_IN_MILLIS</tt>.
|
||||
*
|
||||
* @author Marc-Antoine Garrigue
|
||||
* @version $Id$
|
||||
@ -30,9 +30,6 @@ public class AlwaysTestAfterTimeInMillisCaptchaChannelProcessor extends CaptchaC
|
||||
|
||||
//~ Constructors ===================================================================================================
|
||||
|
||||
/**
|
||||
* Constructor
|
||||
*/
|
||||
public AlwaysTestAfterTimeInMillisCaptchaChannelProcessor() {
|
||||
|
||||
this.setKeyword(DEFAULT_KEYWORD);
|
||||
@ -41,19 +38,19 @@ public class AlwaysTestAfterTimeInMillisCaptchaChannelProcessor extends CaptchaC
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
/**
|
||||
* Verify wheter the context is valid concerning humanity
|
||||
* Returns false if the time (in milliseconds) since the last captcha validation is greater than the
|
||||
* threshold value.
|
||||
*
|
||||
* @param context the CaptchaSecurityContext
|
||||
*
|
||||
* @return true if valid, false otherwise
|
||||
*/
|
||||
boolean isContextValidConcerningHumanity(CaptchaSecurityContext context) {
|
||||
if ((System.currentTimeMillis() - context.getLastPassedCaptchaDateInMillis()) < getThreshold()) {
|
||||
logger.debug("context is valid : last passed captcha date - current time < thresold");
|
||||
logger.debug("context is valid : current time - last passed captcha date < threshold");
|
||||
|
||||
return true;
|
||||
} else {
|
||||
logger.debug("context is not valid : last passed captcha date - current time > thresold");
|
||||
logger.debug("context is not valid : current time - last passed captcha date > threshold");
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
@ -19,10 +19,10 @@ import org.springframework.util.Assert;
|
||||
|
||||
|
||||
/**
|
||||
* <p>return false if thresold is lower than average time millis between any CaptchaChannelProcessorTemplate mapped
|
||||
* urls requests and is human;<br>
|
||||
* Default keyword : REQUIRES_CAPTCHA_BELOW_AVERAGE_TIME_IN_MILLIS_REQUESTS <br>
|
||||
* Note : before first humanity check</p>
|
||||
* Return false if the average time in millis between any CaptchaChannelProcessorTemplate mapped
|
||||
* urls requests is greater than the threshold value or the context is not human;<br />
|
||||
* Default keyword : <tt>REQUIRES_CAPTCHA_BELOW_AVERAGE_TIME_IN_MILLIS_REQUESTS</tt> <br>
|
||||
* Note : before first humanity check
|
||||
*
|
||||
* @author Marc-Antoine Garrigue
|
||||
* @version $Id$
|
||||
@ -35,9 +35,6 @@ public class AlwaysTestBelowAverageTimeInMillisBetweenRequestsChannelProcessor e
|
||||
|
||||
//~ Constructors ===================================================================================================
|
||||
|
||||
/**
|
||||
* Constructor
|
||||
*/
|
||||
public AlwaysTestBelowAverageTimeInMillisBetweenRequestsChannelProcessor() {
|
||||
this.setKeyword(DEFAULT_KEYWORD);
|
||||
}
|
||||
@ -45,7 +42,7 @@ public class AlwaysTestBelowAverageTimeInMillisBetweenRequestsChannelProcessor e
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
/**
|
||||
* Verify if thresold is > 0
|
||||
* Verify that threshold is > 0
|
||||
*
|
||||
* @throws Exception if false
|
||||
*/
|
||||
@ -55,11 +52,7 @@ public class AlwaysTestBelowAverageTimeInMillisBetweenRequestsChannelProcessor e
|
||||
}
|
||||
|
||||
/**
|
||||
* Verify wheter the context is valid concerning humanity
|
||||
*
|
||||
* @param context
|
||||
*
|
||||
* @return true if valid, false otherwise
|
||||
*
|
||||
*/
|
||||
boolean isContextValidConcerningHumanity(CaptchaSecurityContext context) {
|
||||
int req = context.getHumanRestrictedResourcesRequestsCount();
|
||||
@ -74,11 +67,11 @@ public class AlwaysTestBelowAverageTimeInMillisBetweenRequestsChannelProcessor e
|
||||
}
|
||||
|
||||
if (context.isHuman() && (average > thresold)) {
|
||||
logger.debug("context is valid : average time between requests < thresold && is human");
|
||||
logger.debug("context is valid : average time between requests < threshold && is human");
|
||||
|
||||
return true;
|
||||
} else {
|
||||
logger.debug("context is not valid : request count > thresold or is not human");
|
||||
logger.debug("context is not valid : average time between requests > threshold or is not human");
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
@ -40,21 +40,21 @@ import javax.servlet.ServletException;
|
||||
|
||||
|
||||
/**
|
||||
* <p>CaptchaChannel template : Ensures the user has enough human privileges by review of the {@link
|
||||
* CaptchaChannel template : Ensures the user has enough human privileges by review of the {@link
|
||||
* CaptchaSecurityContext} and using an abstract routine {@link
|
||||
* #isContextValidConcerningHumanity(CaptchaSecurityContext)} (implemented by sub classes)</p>
|
||||
* <P>The component uses 2 main parameters for its configuration :
|
||||
* #isContextValidConcerningHumanity(CaptchaSecurityContext)} (implemented by sub classes)
|
||||
* <p>The component uses 2 main parameters for its configuration :
|
||||
* <ul>
|
||||
* <li>a keyword to be mapped to urls in the {@link
|
||||
* org.springframework.security.securechannel.ChannelProcessingFilter} configuration<br>
|
||||
* default value provided by sub classes.</li>
|
||||
* <li>and a thresold : used by the routine {@link
|
||||
* <li>and a threshold : used by the routine {@link
|
||||
* #isContextValidConcerningHumanity(CaptchaSecurityContext)} to evaluate whether the {@link
|
||||
* CaptchaSecurityContext} is valid default value = 0</li>
|
||||
* </ul>
|
||||
* </p>
|
||||
*
|
||||
* @author marc antoine Garrigue
|
||||
* @author Marc-Antoine Garrigue
|
||||
* @version $Id$
|
||||
*/
|
||||
public abstract class CaptchaChannelProcessorTemplate implements ChannelProcessor, InitializingBean {
|
||||
|
||||
@ -47,7 +47,6 @@ import javax.servlet.http.HttpServletResponse;
|
||||
* The captcha entry point : redirect to the captcha test page.
|
||||
* <p>
|
||||
* This entry point can force the use of SSL : see {@link #getForceHttps()}
|
||||
* </p>
|
||||
* <p>
|
||||
* This entry point allows internal OR external redirect : see {@link #setOutsideWebApp(boolean)}<br />
|
||||
* / Original request can be added to the redirect path using a custom translation : see
|
||||
@ -82,7 +81,7 @@ import javax.servlet.http.HttpServletResponse;
|
||||
* </pre>
|
||||
* </p>
|
||||
*
|
||||
* @author marc antoine Garrigue
|
||||
* @author Marc-Antoine Garrigue
|
||||
* @version $Id$
|
||||
*/
|
||||
public class CaptchaEntryPoint implements ChannelEntryPoint, InitializingBean {
|
||||
@ -326,10 +325,8 @@ public class CaptchaEntryPoint implements ChannelEntryPoint, InitializingBean {
|
||||
this.captchaFormUrl = captchaFormUrl;
|
||||
}
|
||||
|
||||
// ~ Methods
|
||||
// ================================================================
|
||||
/**
|
||||
* Set to true to force captcha form access to be via https. If this value is ture (the default is false),
|
||||
* Set to true to force captcha form access to be via https. If this value is true (the default is false),
|
||||
* and the incoming request for the protected resource which triggered the interceptor was not already
|
||||
* <code>https</code>, then
|
||||
*
|
||||
|
||||
@ -19,41 +19,39 @@ import org.springframework.security.context.SecurityContext;
|
||||
|
||||
|
||||
/**
|
||||
* Interface that add humanity concerns to the SecurityContext
|
||||
* Interface that adds humanity concerns to the SecurityContext
|
||||
*
|
||||
* @author marc antoine garrigue
|
||||
* @author Marc-Antoine Garrigue
|
||||
* @version $Id$
|
||||
*/
|
||||
public interface CaptchaSecurityContext extends SecurityContext {
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
/**
|
||||
* DOCUMENT ME!
|
||||
*
|
||||
* @return number of human restricted resources requests since the last passed captcha.
|
||||
* @return the number of human restricted resources requested since the last passed captcha.
|
||||
*/
|
||||
int getHumanRestrictedResourcesRequestsCount();
|
||||
|
||||
/**
|
||||
* DOCUMENT ME!
|
||||
*
|
||||
* @return the date of the last passed Captcha in millis, 0 if the user never passed captcha.
|
||||
*/
|
||||
long getLastPassedCaptchaDateInMillis();
|
||||
|
||||
/**
|
||||
* Method to increment the human Restricted Resrouces Requests Count;
|
||||
* Increments the human Restricted Resources Requests Count.
|
||||
*/
|
||||
void incrementHumanRestrictedResourcesRequestsCount();
|
||||
|
||||
/**
|
||||
* DOCUMENT ME!
|
||||
*
|
||||
* @return true if the current user has already passed a captcha.
|
||||
*/
|
||||
boolean isHuman();
|
||||
|
||||
/**
|
||||
* set human attribute, should called after captcha validation.
|
||||
* set human attribute, should be called after captcha validation.
|
||||
*/
|
||||
void setHuman();
|
||||
}
|
||||
|
||||
@ -21,7 +21,8 @@ import org.springframework.security.context.SecurityContextImpl;
|
||||
/**
|
||||
* Default CaptchaSecurityContext implementation
|
||||
*
|
||||
* @author mag
|
||||
* @author Marc-Antoine Garrigue
|
||||
* @version $Id$
|
||||
*/
|
||||
public class CaptchaSecurityContextImpl extends SecurityContextImpl implements CaptchaSecurityContext {
|
||||
//~ Instance fields ================================================================================================
|
||||
@ -33,7 +34,6 @@ public class CaptchaSecurityContextImpl extends SecurityContextImpl implements C
|
||||
//~ Constructors ===================================================================================================
|
||||
|
||||
public CaptchaSecurityContextImpl() {
|
||||
super();
|
||||
human = false;
|
||||
lastPassedCaptchaDate = 0;
|
||||
humanRestrictedResourcesRequestsCount = 0;
|
||||
@ -84,7 +84,7 @@ public class CaptchaSecurityContextImpl extends SecurityContextImpl implements C
|
||||
}
|
||||
|
||||
/**
|
||||
* Method to increment the human Restricted Resrouces Requests Count;
|
||||
* Method to increment the human Restricted Resources Requests Count;
|
||||
*/
|
||||
public void incrementHumanRestrictedResourcesRequestsCount() {
|
||||
humanRestrictedResourcesRequestsCount++;
|
||||
|
||||
@ -18,14 +18,13 @@ package org.springframework.security.captcha;
|
||||
/**
|
||||
* Provide a common interface for captcha validation.
|
||||
*
|
||||
* @author marc antoine Garrigue
|
||||
* @author Marc-Antoine Garrigue
|
||||
* @version $Id$
|
||||
*/
|
||||
public interface CaptchaServiceProxy {
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
/**
|
||||
* DOCUMENT ME!
|
||||
*
|
||||
* @param id the id token
|
||||
* @param captchaResponse the user response
|
||||
|
||||
@ -30,12 +30,15 @@ import javax.servlet.http.HttpSession;
|
||||
|
||||
|
||||
/**
|
||||
* Filter for web integration of the {@link CaptchaServiceProxy}. <br>
|
||||
* It basically intercept calls containing the specific validation parameter, use the {@link CaptchaServiceProxy} to
|
||||
* validate the request, and update the {@link CaptchaSecurityContext} if the request passed the validation. <br>
|
||||
* Filter for web integration of the {@link CaptchaServiceProxy}.
|
||||
* <p>
|
||||
* It basically intercept calls containing the specific validation parameter, uses the {@link CaptchaServiceProxy} to
|
||||
* validate the request, and update the {@link CaptchaSecurityContext} if the request passed the validation.
|
||||
* <p>
|
||||
* This Filter should be placed after the ContextIntegration filter and before the {@link
|
||||
* CaptchaChannelProcessorTemplate} filter in the filter stack in order to update the {@link CaptchaSecurityContext}
|
||||
* before the humanity verification routine occurs. <br>
|
||||
* before the humanity verification routine occurs.
|
||||
* <p>
|
||||
* This filter should only be used in conjunction with the {@link CaptchaSecurityContext}<br>
|
||||
*
|
||||
* @author marc antoine Garrigue
|
||||
|
||||
@ -16,9 +16,9 @@
|
||||
package org.springframework.security.captcha;
|
||||
|
||||
/**
|
||||
* <p>return false if ny CaptchaChannelProcessorTemplate mapped urls has been requested more than thresold and
|
||||
* Return false if any CaptchaChannelProcessorTemplate mapped urls have been requested more than threshold and
|
||||
* humanity is false; <br>
|
||||
* Default keyword : REQUIRES_CAPTCHA_ONCE_ABOVE_THRESOLD_REQUESTS</p>
|
||||
* Default keyword : REQUIRES_CAPTCHA_ONCE_ABOVE_THRESHOLD_REQUESTS</p>
|
||||
*
|
||||
* @author Marc-Antoine Garrigue
|
||||
* @version $Id$
|
||||
@ -26,7 +26,7 @@ package org.springframework.security.captcha;
|
||||
public class TestOnceAfterMaxRequestsCaptchaChannelProcessor extends CaptchaChannelProcessorTemplate {
|
||||
//~ Static fields/initializers =====================================================================================
|
||||
|
||||
public static final String DEFAULT_KEYWORD = "REQUIRES_CAPTCHA_ONCE_ABOVE_THRESOLD_REQUESTS";
|
||||
public static final String DEFAULT_KEYWORD = "REQUIRES_CAPTCHA_ONCE_ABOVE_THRESHOLD_REQUESTS";
|
||||
|
||||
//~ Constructors ===================================================================================================
|
||||
|
||||
@ -38,11 +38,11 @@ public class TestOnceAfterMaxRequestsCaptchaChannelProcessor extends CaptchaChan
|
||||
|
||||
boolean isContextValidConcerningHumanity(CaptchaSecurityContext context) {
|
||||
if (context.isHuman() || (context.getHumanRestrictedResourcesRequestsCount() < getThreshold())) {
|
||||
logger.debug("context is valid concerning humanity or request count < thresold");
|
||||
logger.debug("context is valid concerning humanity or request count < threshold");
|
||||
|
||||
return true;
|
||||
} else {
|
||||
logger.debug("context is not valid concerning humanity and request count > thresold");
|
||||
logger.debug("context is not valid concerning humanity and request count > threshold");
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
@ -19,9 +19,7 @@ import junit.framework.TestCase;
|
||||
|
||||
|
||||
/**
|
||||
*
|
||||
* @author $author$
|
||||
* @version $Revision: 2142 $
|
||||
* @author Marc-Antoine Garrigue
|
||||
*/
|
||||
public class AlwaysTestAfterMaxRequestsCaptchaChannelProcessorTests extends TestCase {
|
||||
//~ Instance fields ================================================================================================
|
||||
|
||||
@ -16,9 +16,7 @@
|
||||
package org.springframework.security.captcha;
|
||||
|
||||
/**
|
||||
* DOCUMENT ME!
|
||||
*
|
||||
* @author marc antoine Garrigue
|
||||
* @author Marc-Antoine Garrigue
|
||||
* @version $Id$
|
||||
*/
|
||||
public class MockCaptchaServiceProxy implements CaptchaServiceProxy {
|
||||
|
||||
@ -21,9 +21,8 @@ import org.springframework.security.captcha.TestOnceAfterMaxRequestsCaptchaChann
|
||||
|
||||
|
||||
/**
|
||||
* DOCUMENT ME!
|
||||
*
|
||||
* @author $author$
|
||||
* @author Marc-Antoine Garrigue
|
||||
* @version $Revision: 2142 $
|
||||
*/
|
||||
public class TestOnceAfterMaxRequestsCaptchaChannelProcessorTests extends TestCase {
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user