Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SEC-2045: AbstractPreAuthenticationFilter afterPropertiesSet invokes super

This commit is contained in:
Rob Winch 2012-09-19 09:35:16 -05:00
parent 0e97e67083
commit c53fd99430
2 changed files with 23 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
web/src/main/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.java
View File

@ -68,6 +68,12 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends GenericFi
*/
@Override
public void afterPropertiesSet() {
try {
super.afterPropertiesSet();
} catch(ServletException e) {
// convert to RuntimeException for passivity on afterPropertiesSet signature
throw new RuntimeException(e);
}
Assert.notNull(authenticationManager, "An AuthenticationManager must be set");
}

17
web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java
View File

@ -5,6 +5,7 @@ import static org.mockito.Matchers.any;
import static org.mockito.Mockito.*;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import org.junit.After;
@ -77,6 +78,16 @@ public class AbstractPreAuthenticatedProcessingFilterTests {
}
}
// SEC-2045
@Test
public void testAfterPropertiesSetInvokesSuper() throws Exception {
ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter();
AuthenticationManager am = mock(AuthenticationManager.class);
filter.setAuthenticationManager(am);
filter.afterPropertiesSet();
assertTrue(filter.initFilterBeanInvoked);
}
@Test
public void testDoFilterAuthenticated() throws Exception {
testDoFilter(true);
@ -140,12 +151,18 @@ public class AbstractPreAuthenticatedProcessingFilterTests {
private static class ConcretePreAuthenticatedProcessingFilter extends AbstractPreAuthenticatedProcessingFilter {
private String principal = "testPrincipal";
private boolean initFilterBeanInvoked;
protected Object getPreAuthenticatedPrincipal(HttpServletRequest httpRequest) {
return principal;
}
protected Object getPreAuthenticatedCredentials(HttpServletRequest httpRequest) {
return "testCredentials";
}
@Override
protected void initFilterBean() throws ServletException {
super.initFilterBean();
initFilterBeanInvoked = true;
}
}
}