Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-21 11:32:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

AnonymousProcessingFilter offers protected method to control when it should execute as per http://forum.springframework.org/viewtopic.php?p=19766.

Browse Source
This commit is contained in:
Ben Alex 2005-04-21 23:02:58 +00:00
parent a68d720e88
commit cff9ba4988
2 changed files with 33 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
core/src/main/java/org/acegisecurity/providers/anonymous/AnonymousProcessingFilter.java
View File

@ -135,11 +135,13 @@ public class AnonymousProcessingFilter implements Filter, InitializingBean {
FilterChain chain) throws IOException, ServletException { FilterChain chain) throws IOException, ServletException {
SecureContext sc = SecureContextUtils.getSecureContext(); SecureContext sc = SecureContextUtils.getSecureContext();
if (applyAnonymousForThisRequest(request)) {
if (sc.getAuthentication() == null) { if (sc.getAuthentication() == null) {
sc.setAuthentication(createAuthentication(request)); sc.setAuthentication(createAuthentication(request));
if (logger.isDebugEnabled()) { if (logger.isDebugEnabled()) {
logger.debug("Replaced ContextHolder with anonymous token: '" logger.debug(
"Replaced ContextHolder with anonymous token: '"
+ sc.getAuthentication() + "'"); + sc.getAuthentication() + "'");
} }
} else { } else {
@ -149,6 +151,7 @@ public class AnonymousProcessingFilter implements Filter, InitializingBean {
+ sc.getAuthentication() + "'"); + sc.getAuthentication() + "'");
} }
} }
}
chain.doFilter(request, response); chain.doFilter(request, response);
} }
@ -162,6 +165,24 @@ public class AnonymousProcessingFilter implements Filter, InitializingBean {
*/ */
public void init(FilterConfig arg0) throws ServletException {} public void init(FilterConfig arg0) throws ServletException {}
/**
* Enables subclasses to determine whether or not an anonymous
* authentication token should be setup for this request. This is useful
* if anonymous authentication should be allowed only for specific IP
* subnet ranges etc.
*
* @param request to assist the method determine request details
*
* @return <code>true</code> if the anonymous token should be setup for
* this request (provided that the request doesn't already have
* some other <code>Authentication</code> inside it), or
* <code>false</code> if no anonymous token should be setup for
* this request
*/
protected boolean applyAnonymousForThisRequest(ServletRequest request) {
return true;
}
protected Authentication createAuthentication(ServletRequest request) { protected Authentication createAuthentication(ServletRequest request) {
return new AnonymousAuthenticationToken(key, return new AnonymousAuthenticationToken(key,
userAttribute.getPassword(), userAttribute.getAuthorities()); userAttribute.getPassword(), userAttribute.getAuthorities());

1
doc/xdocs/changes.xml
View File

@ -26,6 +26,7 @@
</properties> </properties>
<body> <body>
<release version="0.9.0" date="In CVS"> <release version="0.9.0" date="In CVS">
<action dev="benalex" type="update">AnonymousProcessingFilter offers protected method to control when it should execute</action>
</release> </release>
<release version="0.8.2" date="2005-04-20"> <release version="0.8.2" date="2005-04-20">
<action dev="benalex" type="fix">Correct location of AuthenticationSimpleHttpInvokerRequestExecutor in clientContext.xml</action> <action dev="benalex" type="fix">Correct location of AuthenticationSimpleHttpInvokerRequestExecutor in clientContext.xml</action>