SEC-1705: Make sure a single OpenIDAuthenticationFilter bean is created by the namespace. Likewise for UsernamePasswordAuthenticationFilter.

2011-03-31 21:04:32 +01:00 · 2011-03-31 21:04:32 +01:00 · ddaf9eb64f
parent 79e17e22bc
commit ddaf9eb64f
2 changed files with 15 additions and 16 deletions
--- a/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java
+++ b/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java
@ -87,9 +87,7 @@ final class AuthenticationConfigBuilder {
    private BeanReference rememberMeProviderRef;
    private BeanDefinition basicFilter;
    private RuntimeBeanReference basicEntryPoint;
-    private RootBeanDefinition formFilter;
    private BeanDefinition formEntryPoint;
-    private RootBeanDefinition openIDFilter;
    private BeanDefinition openIDEntryPoint;
    private BeanReference openIDProviderRef;
    private String formFilterId = null;
@ -162,6 +160,7 @@ final class AuthenticationConfigBuilder {
    void createFormLoginFilter(BeanReference sessionStrategy, BeanReference authManager) {

        Element formLoginElt = DomUtils.getChildElementByTagName(httpElt, Elements.FORM_LOGIN);
+        RootBeanDefinition formFilter = null;

        if (formLoginElt != null || autoConfig) {
            FormLoginBeanDefinitionParser parser = new FormLoginBeanDefinitionParser("/j_spring_security_check",
@ -185,6 +184,7 @@ final class AuthenticationConfigBuilder {

    void createOpenIDLoginFilter(BeanReference sessionStrategy, BeanReference authManager) {
        Element openIDLoginElt = DomUtils.getChildElementByTagName(httpElt, Elements.OPENID_LOGIN);
+        RootBeanDefinition openIDFilter = null;

        if (openIDLoginElt != null) {
            FormLoginBeanDefinitionParser parser = new FormLoginBeanDefinitionParser("/j_spring_openid_security_check",
@ -432,7 +432,7 @@ final class AuthenticationConfigBuilder {
    }

    void createLoginPageFilterIfNeeded() {
-        boolean needLoginPage = formFilter != null || openIDFilter != null;
+        boolean needLoginPage = formFilterId != null || openIDFilterId != null;
        String formLoginPage = getLoginFormUrl(formEntryPoint);
        String openIDLoginPage = getLoginFormUrl(openIDEntryPoint);

@ -443,11 +443,11 @@ final class AuthenticationConfigBuilder {
            BeanDefinitionBuilder loginPageFilter =
                BeanDefinitionBuilder.rootBeanDefinition(DefaultLoginPageGeneratingFilter.class);

-            if (formFilter != null) {
+            if (formFilterId != null) {
                loginPageFilter.addConstructorArgReference(formFilterId);
            }

-            if (openIDFilter != null) {
+            if (openIDFilterId != null) {
                loginPageFilter.addConstructorArgReference(openIDFilterId);
            }

@ -589,12 +589,12 @@ final class AuthenticationConfigBuilder {
                    "but not both.", pc.extractSource(openIDLoginElt));
        }

-        if (formFilter != null && openIDLoginPage == null) {
+        if (formFilterId != null && openIDLoginPage == null) {
            return formEntryPoint;
        }

        // Otherwise use OpenID if enabled
-        if (openIDFilter != null) {
+        if (openIDFilterId != null) {
            return openIDEntryPoint;
        }

@ -662,12 +662,12 @@ final class AuthenticationConfigBuilder {
            filters.add(new OrderDecorator(jeeFilter, PRE_AUTH_FILTER));
        }

-        if (formFilter != null) {
-            filters.add(new OrderDecorator(formFilter, FORM_LOGIN_FILTER));
+        if (formFilterId != null) {
+            filters.add(new OrderDecorator(new RuntimeBeanReference(formFilterId), FORM_LOGIN_FILTER));
        }

-        if (openIDFilter != null) {
-            filters.add(new OrderDecorator(openIDFilter, OPENID_FILTER));
+        if (openIDFilterId != null) {
+            filters.add(new OrderDecorator(new RuntimeBeanReference(openIDFilterId), OPENID_FILTER));
        }

        if (loginPageGenerationFilter != null) {
--- a/samples/openid/openid.gradle
+++ b/samples/openid/openid.gradle
@ -9,14 +9,13 @@ dependencies {

    providedCompile 'javax.servlet:servlet-api:2.5@jar'

-    runtime project(':spring-security-web'),
-            project(':spring-security-config'),
+    runtime project(':spring-security-config'),
            project(':spring-security-taglibs'),
+//            'xerces:xercesImpl:2.9.1',
+//            'net.sourceforge.nekohtml:nekohtml:1.9.7',
            "javax.servlet:jstl:$jstlVersion",
            "org.slf4j:jcl-over-slf4j:$slf4jVersion",
            "ch.qos.logback:logback-classic:$logbackVersion"
 }

-jettyRun {
-    contextPath = "/openid"
-}
+[jettyRun, jettyRunWar]*.contextPath = "/openid"