From e53a00371cbfac9e853873298d172359f1522faf Mon Sep 17 00:00:00 2001 From: Ben Alex Date: Sat, 26 Nov 2005 04:10:05 +0000 Subject: [PATCH] Use logger instead of System.out.println(). --- ...eminderAuthenticationProcessingFilter.java | 443 +++++++++--------- 1 file changed, 224 insertions(+), 219 deletions(-) diff --git a/core/src/main/java/org/acegisecurity/ui/webapp/SiteminderAuthenticationProcessingFilter.java b/core/src/main/java/org/acegisecurity/ui/webapp/SiteminderAuthenticationProcessingFilter.java index 14b50c6bc6..4c83ead8f8 100644 --- a/core/src/main/java/org/acegisecurity/ui/webapp/SiteminderAuthenticationProcessingFilter.java +++ b/core/src/main/java/org/acegisecurity/ui/webapp/SiteminderAuthenticationProcessingFilter.java @@ -1,13 +1,31 @@ +/* Copyright 2004, 2005 Acegi Technology Pty Limited + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + package org.acegisecurity.ui.webapp; +import org.acegisecurity.Authentication; +import org.acegisecurity.AuthenticationException; + +import org.acegisecurity.providers.UsernamePasswordAuthenticationToken; + +import org.acegisecurity.ui.WebAuthenticationDetails; + import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; -import org.acegisecurity.Authentication; -import org.acegisecurity.AuthenticationException; -import org.acegisecurity.providers.UsernamePasswordAuthenticationToken; -import org.acegisecurity.ui.WebAuthenticationDetails; /** * Extends Acegi's AuthenticationProcessingFilter to pick up Netegrity @@ -16,261 +34,248 @@ import org.acegisecurity.ui.WebAuthenticationDetails; *

* Also provides a backup form-based authentication and the ability set source * key names. - *

+ *

* *

- * Siteminder must present two headers to this filter, a - * username and password. You must set the header keys before this filter is - * used for authentication, otherwise Siteminder checks will be skipped. If the + * Siteminder must present two headers to this filter, a username + * and password. You must set the header keys before this filter is used for + * authentication, otherwise Siteminder checks will be skipped. If the * Siteminder check is unsuccessful (i.e. if the headers are not found), then * the form parameters will be checked (see next paragraph). This allows - * applications to optionally function even when their Siteminder infrastructure - * is unavailable, as is often the case during development. - *

+ * applications to optionally function even when their Siteminder + * infrastructure is unavailable, as is often the case during development. + *

* *

* Login forms must present two parameters to this filter: a * username and password. If not specified, the parameter names to use are - * contained in the static fields {@link #ACEGI_SECURITY_FORM_USERNAME_KEY} and - * {@link #ACEGI_SECURITY_FORM_PASSWORD_KEY}. - *

+ * contained in the static fields {@link #ACEGI_SECURITY_FORM_USERNAME_KEY} + * and {@link #ACEGI_SECURITY_FORM_PASSWORD_KEY}. + *

* *

* Do not use this class directly. Instead, configure - * web.xml to use the - * {@link org.acegisecurity.util.FilterToBeanProxy}. - *

- * - * @author Scott McCrory - * @version CVS $Id$ + * web.xml to use the {@link + * org.acegisecurity.util.FilterToBeanProxy}. + *

*/ -public class SiteminderAuthenticationProcessingFilter extends - AuthenticationProcessingFilter { +public class SiteminderAuthenticationProcessingFilter + extends AuthenticationProcessingFilter { + //~ Instance fields ======================================================== - /** - * Siteminder username header key. - */ - private String siteminderUsernameHeaderKey = null; + /** Form password request key. */ + private String formPasswordParameterKey = null; - /** - * Siteminder password header key. - */ - private String siteminderPasswordHeaderKey = null; + /** Form username request key. */ + private String formUsernameParameterKey = null; - /** - * Form username request key. - */ - private String formUsernameParameterKey = null; + /** Siteminder password header key. */ + private String siteminderPasswordHeaderKey = null; - /** - * Form password request key. - */ - private String formPasswordParameterKey = null; + /** Siteminder username header key. */ + private String siteminderUsernameHeaderKey = null; - /** - * Basic constructor. - */ - public SiteminderAuthenticationProcessingFilter() { - super(); - } + //~ Constructors =========================================================== - /*************************************************************************** - * This filter by default responds to /j_acegi_security_check. - * - * @return the default - */ - public String getDefaultFilterProcessesUrl() { - return "/j_acegi_security_check"; - } + /** + * Basic constructor. + */ + public SiteminderAuthenticationProcessingFilter() { + super(); + } - /** - * @see org.acegisecurity.ui.AbstractProcessingFilter#attemptAuthentication(javax.servlet.http.HttpServletRequest) - */ - public Authentication attemptAuthentication(HttpServletRequest request) - throws AuthenticationException { + //~ Methods ================================================================ - String username = null; - String password = null; + /** + * @see org.acegisecurity.ui.AbstractProcessingFilter#attemptAuthentication(javax.servlet.http.HttpServletRequest) + */ + public Authentication attemptAuthentication(HttpServletRequest request) + throws AuthenticationException { + String username = null; + String password = null; - // Check the Siteminder headers for authentication info - if (siteminderUsernameHeaderKey != null - && siteminderUsernameHeaderKey.length() > 0 - && siteminderPasswordHeaderKey != null - && siteminderPasswordHeaderKey.length() > 0) { + // Check the Siteminder headers for authentication info + if ((siteminderUsernameHeaderKey != null) + && (siteminderUsernameHeaderKey.length() > 0) + && (siteminderPasswordHeaderKey != null) + && (siteminderPasswordHeaderKey.length() > 0)) { + username = request.getHeader(siteminderUsernameHeaderKey); + password = request.getHeader(siteminderPasswordHeaderKey); + } - username = request.getHeader(siteminderUsernameHeaderKey); - password = request.getHeader(siteminderPasswordHeaderKey); + // If the Siteminder authentication info wasn't available, then get it + // from the form parameters + if ((username == null) || (username.length() == 0) + || (password == null) || (password.length() == 0)) { + if (logger.isDebugEnabled()) { + logger.debug( + "Siteminder headers not found for authentication, so trying to use form values"); + } - } + if ((formUsernameParameterKey != null) + && (formUsernameParameterKey.length() > 0)) { + username = request.getParameter(formUsernameParameterKey); + } else { + username = request.getParameter(ACEGI_SECURITY_FORM_USERNAME_KEY); + } - // If the Siteminder authentication info wasn't available, then get it - // from the form parameters - if (username == null || username.length() == 0 || password == null - || password.length() == 0) { + password = obtainPassword(request); + } - System.out - .println("Siteminder headers not found for authentication, so trying to use form values"); + // Convert username and password to upper case. This is normally not a + // good practice but we do it here because Siteminder gives us the username + // in lower case, while most backing systems store it in upper case. + if (username != null) { + username = username.toUpperCase(); + } else { + // If username is null, set to blank to avoid a NPE. + username = ""; + } - if (formUsernameParameterKey != null - && formUsernameParameterKey.length() > 0) { - username = request.getParameter(formUsernameParameterKey); - } else { - username = request - .getParameter(ACEGI_SECURITY_FORM_USERNAME_KEY); - } + if (password != null) { + password = password.toUpperCase(); + } else { + // If password is null, set to blank to avoid a NPE. + password = ""; + } - password = obtainPassword(request); + UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, + password); - } + // Allow subclasses to set the "details" property + setDetails(request, authRequest); - // Convert username and password to upper case. This is normally not a - // good practice but we do it here because Siteminder gives us the username - // in lower case, while most backing systems store it in upper case. - if (username != null) { - username = username.toUpperCase(); - } else { - // If username is null, set to blank to avoid a NPE. - username = ""; - } - if (password != null) { - password = password.toUpperCase(); - } else { - // If password is null, set to blank to avoid a NPE. - password = ""; - } + // Place the last username attempted into HttpSession for views + request.getSession() + .setAttribute(ACEGI_SECURITY_LAST_USERNAME_KEY, username); - UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken( - username, password); + return this.getAuthenticationManager().authenticate(authRequest); + } - // Allow subclasses to set the "details" property - setDetails(request, authRequest); + /** + * This filter by default responds to /j_acegi_security_check. + * + * @return the default + */ + public String getDefaultFilterProcessesUrl() { + return "/j_acegi_security_check"; + } - // Place the last username attempted into HttpSession for views - request.getSession().setAttribute(ACEGI_SECURITY_LAST_USERNAME_KEY, - username); + /** + * Returns the form password parameter key. + * + * @return The form password parameter key. + */ + public String getFormPasswordParameterKey() { + return formPasswordParameterKey; + } - return this.getAuthenticationManager().authenticate(authRequest); + /** + * Returns the form username parameter key. + * + * @return The form username parameter key. + */ + public String getFormUsernameParameterKey() { + return formUsernameParameterKey; + } - } + /** + * Returns the Siteminder password header key. + * + * @return The Siteminder password header key. + */ + public String getSiteminderPasswordHeaderKey() { + return siteminderPasswordHeaderKey; + } - /** - * @see javax.servlet.Filter#init(javax.servlet.FilterConfig) - */ - public void init(FilterConfig filterConfig) throws ServletException { - } + /** + * Returns the Siteminder username header key. + * + * @return The Siteminder username header key. + */ + public String getSiteminderUsernameHeaderKey() { + return siteminderUsernameHeaderKey; + } - /*************************************************************************** - * Provided so that subclasses may configure what is put into the - * authentication request's details property. The default implementation - * simply constructs {@link WebAuthenticationDetails}. - * - * @param request that an authentication request is being created for - * @param authRequest the authentication request object that should have its details set - */ - protected void setDetails(HttpServletRequest request, - UsernamePasswordAuthenticationToken authRequest) { - authRequest.setDetails(new WebAuthenticationDetails(request)); - } + /** + * @see javax.servlet.Filter#init(javax.servlet.FilterConfig) + */ + public void init(FilterConfig filterConfig) throws ServletException {} - /*************************************************************************** - * Enables subclasses to override the composition of the password, such as - * by including additional values and a separator. - * - *

- * This might be used for example if a postcode/zipcode was required in - * addition to the password. A delimiter such as a pipe (|) should be used - * to separate the password and extended value(s). The - * AuthenticationDao will need to generate the expected - * password in a corresponding manner. - *

- * - * @param request so that request attributes can be retrieved - * - * @return the password that will be presented in the - * Authentication request token to the - * AuthenticationManager - */ - protected String obtainPassword(HttpServletRequest request) { + /** + * Enables subclasses to override the composition of the password, such as + * by including additional values and a separator. + * + *

+ * This might be used for example if a postcode/zipcode was required in + * addition to the password. A delimiter such as a pipe (|) should be used + * to separate the password and extended value(s). The + * AuthenticationDao will need to generate the expected + * password in a corresponding manner. + *

+ * + * @param request so that request attributes can be retrieved + * + * @return the password that will be presented in the + * Authentication request token to the + * AuthenticationManager + */ + protected String obtainPassword(HttpServletRequest request) { + if ((formPasswordParameterKey != null) + && (formPasswordParameterKey.length() > 0)) { + return request.getParameter(formPasswordParameterKey); + } else { + return request.getParameter(ACEGI_SECURITY_FORM_PASSWORD_KEY); + } + } - if (formPasswordParameterKey != null - && formPasswordParameterKey.length() > 0) { - return request.getParameter(formPasswordParameterKey); - } else { - return request.getParameter(ACEGI_SECURITY_FORM_PASSWORD_KEY); - } + /** + * Provided so that subclasses may configure what is put into the + * authentication request's details property. The default implementation + * simply constructs {@link WebAuthenticationDetails}. + * + * @param request that an authentication request is being created for + * @param authRequest the authentication request object that should have + * its details set + */ + protected void setDetails(HttpServletRequest request, + UsernamePasswordAuthenticationToken authRequest) { + authRequest.setDetails(new WebAuthenticationDetails(request)); + } - } + /** + * Sets the form password parameter key. + * + * @param key The form password parameter key. + */ + public void setFormPasswordParameterKey(final String key) { + this.formPasswordParameterKey = key; + } - /** - * Returns the form password parameter key. - * - * @return The form password parameter key. - */ - public String getFormPasswordParameterKey() { - return formPasswordParameterKey; - } + /** + * Sets the form username parameter key. + * + * @param key The form username parameter key. + */ + public void setFormUsernameParameterKey(final String key) { + this.formUsernameParameterKey = key; + } - /** - * Returns the form username parameter key. - * - * @return The form username parameter key. - */ - public String getFormUsernameParameterKey() { - return formUsernameParameterKey; - } - - /** - * Returns the Siteminder password header key. - * - * @return The Siteminder password header key. - */ - public String getSiteminderPasswordHeaderKey() { - return siteminderPasswordHeaderKey; - } - - /** - * Returns the Siteminder username header key. - * - * @return The Siteminder username header key. - */ - public String getSiteminderUsernameHeaderKey() { - return siteminderUsernameHeaderKey; - } - - /** - * Sets the form password parameter key. - * - * @param key The form password parameter key. - */ - public void setFormPasswordParameterKey(final String key) { - this.formPasswordParameterKey = key; - } - - /** - * Sets the form username parameter key. - * - * @param key The form username parameter key. - */ - public void setFormUsernameParameterKey(final String key) { - this.formUsernameParameterKey = key; - } - - /** - * Sets the Siteminder password header key. - * - * @param key The Siteminder password header key. - */ - public void setSiteminderPasswordHeaderKey(final String key) { - this.siteminderPasswordHeaderKey = key; - } - - /** - * Sets the Siteminder username header key. - * - * @param key The Siteminder username header key. - */ - public void setSiteminderUsernameHeaderKey(final String key) { - this.siteminderUsernameHeaderKey = key; - } + /** + * Sets the Siteminder password header key. + * + * @param key The Siteminder password header key. + */ + public void setSiteminderPasswordHeaderKey(final String key) { + this.siteminderPasswordHeaderKey = key; + } + /** + * Sets the Siteminder username header key. + * + * @param key The Siteminder username header key. + */ + public void setSiteminderUsernameHeaderKey(final String key) { + this.siteminderUsernameHeaderKey = key; + } }