SEC-2045: AbstractPreAuthenticationFilter afterPropertiesSet invokes super

This commit is contained in:
Rob Winch 2012-09-19 09:35:16 -05:00
parent 0e97e67083
commit c53fd99430
2 changed files with 23 additions and 0 deletions

View File

@ -68,6 +68,12 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends GenericFi
*/
@Override
public void afterPropertiesSet() {
try {
super.afterPropertiesSet();
} catch(ServletException e) {
// convert to RuntimeException for passivity on afterPropertiesSet signature
throw new RuntimeException(e);
}
Assert.notNull(authenticationManager, "An AuthenticationManager must be set");
}

View File

@ -5,6 +5,7 @@ import static org.mockito.Matchers.any;
import static org.mockito.Mockito.*;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import org.junit.After;
@ -77,6 +78,16 @@ public class AbstractPreAuthenticatedProcessingFilterTests {
}
}
// SEC-2045
@Test
public void testAfterPropertiesSetInvokesSuper() throws Exception {
ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter();
AuthenticationManager am = mock(AuthenticationManager.class);
filter.setAuthenticationManager(am);
filter.afterPropertiesSet();
assertTrue(filter.initFilterBeanInvoked);
}
@Test
public void testDoFilterAuthenticated() throws Exception {
testDoFilter(true);
@ -140,12 +151,18 @@ public class AbstractPreAuthenticatedProcessingFilterTests {
private static class ConcretePreAuthenticatedProcessingFilter extends AbstractPreAuthenticatedProcessingFilter {
private String principal = "testPrincipal";
private boolean initFilterBeanInvoked;
protected Object getPreAuthenticatedPrincipal(HttpServletRequest httpRequest) {
return principal;
}
protected Object getPreAuthenticatedCredentials(HttpServletRequest httpRequest) {
return "testCredentials";
}
@Override
protected void initFilterBean() throws ServletException {
super.initFilterBean();
initFilterBeanInvoked = true;
}
}
}