Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SEC-1705: Make sure a single OpenIDAuthenticationFilter bean is created by the namespace. Likewise for UsernamePasswordAuthenticationFilter.

This commit is contained in:
Luke Taylor 2011-03-31 21:04:32 +01:00
parent 79e17e22bc
commit ddaf9eb64f
2 changed files with 15 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java
View File

@ -87,9 +87,7 @@ final class AuthenticationConfigBuilder {
private BeanReference rememberMeProviderRef; private BeanReference rememberMeProviderRef;
private BeanDefinition basicFilter; private BeanDefinition basicFilter;
private RuntimeBeanReference basicEntryPoint; private RuntimeBeanReference basicEntryPoint;
private RootBeanDefinition formFilter;
private BeanDefinition formEntryPoint; private BeanDefinition formEntryPoint;
private RootBeanDefinition openIDFilter;
private BeanDefinition openIDEntryPoint; private BeanDefinition openIDEntryPoint;
private BeanReference openIDProviderRef; private BeanReference openIDProviderRef;
private String formFilterId = null; private String formFilterId = null;
@ -162,6 +160,7 @@ final class AuthenticationConfigBuilder {
void createFormLoginFilter(BeanReference sessionStrategy, BeanReference authManager) { void createFormLoginFilter(BeanReference sessionStrategy, BeanReference authManager) {
Element formLoginElt = DomUtils.getChildElementByTagName(httpElt, Elements.FORM_LOGIN); Element formLoginElt = DomUtils.getChildElementByTagName(httpElt, Elements.FORM_LOGIN);
RootBeanDefinition formFilter = null;
if (formLoginElt != null || autoConfig) { if (formLoginElt != null || autoConfig) {
FormLoginBeanDefinitionParser parser = new FormLoginBeanDefinitionParser("/j_spring_security_check", FormLoginBeanDefinitionParser parser = new FormLoginBeanDefinitionParser("/j_spring_security_check",
@ -185,6 +184,7 @@ final class AuthenticationConfigBuilder {
void createOpenIDLoginFilter(BeanReference sessionStrategy, BeanReference authManager) { void createOpenIDLoginFilter(BeanReference sessionStrategy, BeanReference authManager) {
Element openIDLoginElt = DomUtils.getChildElementByTagName(httpElt, Elements.OPENID_LOGIN); Element openIDLoginElt = DomUtils.getChildElementByTagName(httpElt, Elements.OPENID_LOGIN);
RootBeanDefinition openIDFilter = null;
if (openIDLoginElt != null) { if (openIDLoginElt != null) {
FormLoginBeanDefinitionParser parser = new FormLoginBeanDefinitionParser("/j_spring_openid_security_check", FormLoginBeanDefinitionParser parser = new FormLoginBeanDefinitionParser("/j_spring_openid_security_check",
@ -432,7 +432,7 @@ final class AuthenticationConfigBuilder {
} }
void createLoginPageFilterIfNeeded() { void createLoginPageFilterIfNeeded() {
boolean needLoginPage = formFilter != null || openIDFilter != null; boolean needLoginPage = formFilterId != null || openIDFilterId != null;
String formLoginPage = getLoginFormUrl(formEntryPoint); String formLoginPage = getLoginFormUrl(formEntryPoint);
String openIDLoginPage = getLoginFormUrl(openIDEntryPoint); String openIDLoginPage = getLoginFormUrl(openIDEntryPoint);
@ -443,11 +443,11 @@ final class AuthenticationConfigBuilder {
BeanDefinitionBuilder loginPageFilter = BeanDefinitionBuilder loginPageFilter =
BeanDefinitionBuilder.rootBeanDefinition(DefaultLoginPageGeneratingFilter.class); BeanDefinitionBuilder.rootBeanDefinition(DefaultLoginPageGeneratingFilter.class);
if (formFilter != null) { if (formFilterId != null) {
loginPageFilter.addConstructorArgReference(formFilterId); loginPageFilter.addConstructorArgReference(formFilterId);
} }
if (openIDFilter != null) { if (openIDFilterId != null) {
loginPageFilter.addConstructorArgReference(openIDFilterId); loginPageFilter.addConstructorArgReference(openIDFilterId);
} }
@ -589,12 +589,12 @@ final class AuthenticationConfigBuilder {
"but not both.", pc.extractSource(openIDLoginElt)); "but not both.", pc.extractSource(openIDLoginElt));
} }
if (formFilter != null && openIDLoginPage == null) { if (formFilterId != null && openIDLoginPage == null) {
return formEntryPoint; return formEntryPoint;
} }
// Otherwise use OpenID if enabled // Otherwise use OpenID if enabled
if (openIDFilter != null) { if (openIDFilterId != null) {
return openIDEntryPoint; return openIDEntryPoint;
} }
@ -662,12 +662,12 @@ final class AuthenticationConfigBuilder {
filters.add(new OrderDecorator(jeeFilter, PRE_AUTH_FILTER)); filters.add(new OrderDecorator(jeeFilter, PRE_AUTH_FILTER));
} }
if (formFilter != null) { if (formFilterId != null) {
filters.add(new OrderDecorator(formFilter, FORM_LOGIN_FILTER)); filters.add(new OrderDecorator(new RuntimeBeanReference(formFilterId), FORM_LOGIN_FILTER));
} }
if (openIDFilter != null) { if (openIDFilterId != null) {
filters.add(new OrderDecorator(openIDFilter, OPENID_FILTER)); filters.add(new OrderDecorator(new RuntimeBeanReference(openIDFilterId), OPENID_FILTER));
} }
if (loginPageGenerationFilter != null) { if (loginPageGenerationFilter != null) {

9
samples/openid/openid.gradle
View File

@ -9,14 +9,13 @@ dependencies {
providedCompile 'javax.servlet:servlet-api:2.5@jar' providedCompile 'javax.servlet:servlet-api:2.5@jar'
runtime project(':spring-security-web'), runtime project(':spring-security-config'),
project(':spring-security-config'),
project(':spring-security-taglibs'), project(':spring-security-taglibs'),
// 'xerces:xercesImpl:2.9.1',
// 'net.sourceforge.nekohtml:nekohtml:1.9.7',
"javax.servlet:jstl:$jstlVersion", "javax.servlet:jstl:$jstlVersion",
"org.slf4j:jcl-over-slf4j:$slf4jVersion", "org.slf4j:jcl-over-slf4j:$slf4jVersion",
"ch.qos.logback:logback-classic:$logbackVersion" "ch.qos.logback:logback-classic:$logbackVersion"
} }
jettyRun { [jettyRun, jettyRunWar]*.contextPath = "/openid"
contextPath = "/openid"
}