AnonymousProcessingFilter offers protected method to control when it should execute as per http://forum.springframework.org/viewtopic.php?p=19766.

2025-06-14 08:02:22 +00:00 · 2005-04-21 23:02:58 +00:00 · 2005-04-21 23:02:58 +00:00 · cff9ba4988
commit cff9ba4988
parent a68d720e88
2 changed files with 33 additions and 11 deletions
--- a/core/src/main/java/org/acegisecurity/providers/anonymous/AnonymousProcessingFilter.java
+++ b/core/src/main/java/org/acegisecurity/providers/anonymous/AnonymousProcessingFilter.java
@ -135,18 +135,21 @@ public class AnonymousProcessingFilter implements Filter, InitializingBean {
        FilterChain chain) throws IOException, ServletException {
        SecureContext sc = SecureContextUtils.getSecureContext();

-        if (sc.getAuthentication() == null) {
-            sc.setAuthentication(createAuthentication(request));
+        if (applyAnonymousForThisRequest(request)) {
+            if (sc.getAuthentication() == null) {
+                sc.setAuthentication(createAuthentication(request));

-            if (logger.isDebugEnabled()) {
-                logger.debug("Replaced ContextHolder with anonymous token: '"
-                    + sc.getAuthentication() + "'");
-            }
-        } else {
-            if (logger.isDebugEnabled()) {
-                logger.debug(
-                    "ContextHolder not replaced with anonymous token, as ContextHolder already contained: '"
-                    + sc.getAuthentication() + "'");
+                if (logger.isDebugEnabled()) {
+                    logger.debug(
+                        "Replaced ContextHolder with anonymous token: '"
+                        + sc.getAuthentication() + "'");
+                }
+            } else {
+                if (logger.isDebugEnabled()) {
+                    logger.debug(
+                        "ContextHolder not replaced with anonymous token, as ContextHolder already contained: '"
+                        + sc.getAuthentication() + "'");
+                }
            }
        }

@ -162,6 +165,24 @@ public class AnonymousProcessingFilter implements Filter, InitializingBean {
     */
    public void init(FilterConfig arg0) throws ServletException {}

+    /**
+     * Enables subclasses to determine whether or not an anonymous
+     * authentication token should be setup for this request. This is useful
+     * if anonymous authentication should be allowed only for specific IP
+     * subnet ranges etc.
+     *
+     * @param request to assist the method determine request details
+     *
+     * @return <code>true</code> if the anonymous token should be setup for
+     *         this request (provided that the request doesn't already have
+     *         some other <code>Authentication</code> inside it), or
+     *         <code>false</code> if no anonymous token should be setup for
+     *         this request
+     */
+    protected boolean applyAnonymousForThisRequest(ServletRequest request) {
+        return true;
+    }
+
    protected Authentication createAuthentication(ServletRequest request) {
        return new AnonymousAuthenticationToken(key,
            userAttribute.getPassword(), userAttribute.getAuthorities());
--- a/doc/xdocs/changes.xml
+++ b/doc/xdocs/changes.xml
@ -26,6 +26,7 @@
  </properties>
  <body>
    <release version="0.9.0" date="In CVS">
+      <action dev="benalex" type="update">AnonymousProcessingFilter offers protected method to control when it should execute</action>
    </release>
    <release version="0.8.2" date="2005-04-20">
      <action dev="benalex" type="fix">Correct location of AuthenticationSimpleHttpInvokerRequestExecutor in clientContext.xml</action>