From cff9ba4988d803e19b2d84b7f79376e9bad366ce Mon Sep 17 00:00:00 2001 From: Ben Alex Date: Thu, 21 Apr 2005 23:02:58 +0000 Subject: [PATCH] AnonymousProcessingFilter offers protected method to control when it should execute as per http://forum.springframework.org/viewtopic.php?p=19766. --- .../anonymous/AnonymousProcessingFilter.java | 43 ++++++++++++++----- doc/xdocs/changes.xml | 1 + 2 files changed, 33 insertions(+), 11 deletions(-) diff --git a/core/src/main/java/org/acegisecurity/providers/anonymous/AnonymousProcessingFilter.java b/core/src/main/java/org/acegisecurity/providers/anonymous/AnonymousProcessingFilter.java index 6542dcebdb..5ce187484b 100644 --- a/core/src/main/java/org/acegisecurity/providers/anonymous/AnonymousProcessingFilter.java +++ b/core/src/main/java/org/acegisecurity/providers/anonymous/AnonymousProcessingFilter.java @@ -135,18 +135,21 @@ public class AnonymousProcessingFilter implements Filter, InitializingBean { FilterChain chain) throws IOException, ServletException { SecureContext sc = SecureContextUtils.getSecureContext(); - if (sc.getAuthentication() == null) { - sc.setAuthentication(createAuthentication(request)); + if (applyAnonymousForThisRequest(request)) { + if (sc.getAuthentication() == null) { + sc.setAuthentication(createAuthentication(request)); - if (logger.isDebugEnabled()) { - logger.debug("Replaced ContextHolder with anonymous token: '" - + sc.getAuthentication() + "'"); - } - } else { - if (logger.isDebugEnabled()) { - logger.debug( - "ContextHolder not replaced with anonymous token, as ContextHolder already contained: '" - + sc.getAuthentication() + "'"); + if (logger.isDebugEnabled()) { + logger.debug( + "Replaced ContextHolder with anonymous token: '" + + sc.getAuthentication() + "'"); + } + } else { + if (logger.isDebugEnabled()) { + logger.debug( + "ContextHolder not replaced with anonymous token, as ContextHolder already contained: '" + + sc.getAuthentication() + "'"); + } } } @@ -162,6 +165,24 @@ public class AnonymousProcessingFilter implements Filter, InitializingBean { */ public void init(FilterConfig arg0) throws ServletException {} + /** + * Enables subclasses to determine whether or not an anonymous + * authentication token should be setup for this request. This is useful + * if anonymous authentication should be allowed only for specific IP + * subnet ranges etc. + * + * @param request to assist the method determine request details + * + * @return true if the anonymous token should be setup for + * this request (provided that the request doesn't already have + * some other Authentication inside it), or + * false if no anonymous token should be setup for + * this request + */ + protected boolean applyAnonymousForThisRequest(ServletRequest request) { + return true; + } + protected Authentication createAuthentication(ServletRequest request) { return new AnonymousAuthenticationToken(key, userAttribute.getPassword(), userAttribute.getAuthorities()); diff --git a/doc/xdocs/changes.xml b/doc/xdocs/changes.xml index 434f6bdbf0..bb2a347825 100644 --- a/doc/xdocs/changes.xml +++ b/doc/xdocs/changes.xml @@ -26,6 +26,7 @@ + AnonymousProcessingFilter offers protected method to control when it should execute Correct location of AuthenticationSimpleHttpInvokerRequestExecutor in clientContext.xml