Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-07-12 05:13:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

Move port mapping functionality into separate classes to allow reuse. Permit implementations to override the source port (required given some browsers do not respond to HTTP redirects correctly).

Browse Source
This commit is contained in:
Ben Alex 2004-04-27 06:17:53 +00:00
parent c6a1b2b608
commit e555d77d4e
12 changed files with 908 additions and 140 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
core/src/main/java/org/acegisecurity/intercept/web/SecurityEnforcementFilter.java
View File

@ -18,6 +18,7 @@ package net.sf.acegisecurity.intercept.web;
import net.sf.acegisecurity.AccessDeniedException;
import net.sf.acegisecurity.AuthenticationException;
import net.sf.acegisecurity.ui.AbstractProcessingFilter;
import net.sf.acegisecurity.util.PortResolver;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@ -74,6 +75,10 @@ import javax.servlet.http.HttpServletResponse;
* <code>AuthenticationException</code> is detected. Note that this may also
* switch the current protocol from http to https for a an SSL login.
* </li>
* <li>
* <code>portResolver</code> is used to determine the "real" port that a
* request was received on.
* </li>
* </ul>
*
* <P>
@ -95,6 +100,7 @@ public class SecurityEnforcementFilter implements Filter, InitializingBean {
private AuthenticationEntryPoint authenticationEntryPoint;
private FilterSecurityInterceptor filterSecurityInterceptor;
private PortResolver portResolver;
//~ Methods ================================================================
@ -116,6 +122,14 @@ public class SecurityEnforcementFilter implements Filter, InitializingBean {
return filterSecurityInterceptor;
}
public void setPortResolver(PortResolver portResolver) {
this.portResolver = portResolver;
}
public PortResolver getPortResolver() {
return portResolver;
}
public void afterPropertiesSet() throws Exception {
if (authenticationEntryPoint == null) {
throw new IllegalArgumentException(
@ -126,6 +140,10 @@ public class SecurityEnforcementFilter implements Filter, InitializingBean {
throw new IllegalArgumentException(
"filterSecurityInterceptor must be specified");
}
if (portResolver == null) {
throw new IllegalArgumentException("portResolver must be specified");
}
}
public void destroy() {}
@ -151,14 +169,31 @@ public class SecurityEnforcementFilter implements Filter, InitializingBean {
} catch (AuthenticationException authentication) {
HttpServletRequest httpRequest = (HttpServletRequest) request;
int port = portResolver.getServerPort(request);
boolean includePort = true;
if ("http".equals(request.getScheme().toLowerCase())
&& (port == 80)) {
includePort = false;
}
if ("https".equals(request.getScheme().toLowerCase())
&& (port == 443)) {
includePort = false;
}
String targetUrl = request.getScheme() + "://"
+ request.getServerName() + ((includePort) ? (":" + port) : "")
+ httpRequest.getContextPath() + fi.getRequestUrl();
if (logger.isDebugEnabled()) {
logger.debug(
"Authentication failed - adding target URL to Session: "
+ fi.getFullRequestUrl());
+ targetUrl);
}
((HttpServletRequest) request).getSession().setAttribute(AbstractProcessingFilter.ACEGI_SECURITY_TARGET_URL_KEY,
fi.getFullRequestUrl());
targetUrl);
authenticationEntryPoint.commence(request, response);
} catch (AccessDeniedException accessDenied) {
if (logger.isDebugEnabled()) {

166
core/src/main/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilterEntryPoint.java
View File

@ -16,15 +16,16 @@
package net.sf.acegisecurity.ui.webapp;
import net.sf.acegisecurity.intercept.web.AuthenticationEntryPoint;
import net.sf.acegisecurity.util.PortMapper;
import net.sf.acegisecurity.util.PortResolver;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import java.io.IOException;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
@ -43,20 +44,11 @@ import javax.servlet.http.HttpServletResponse;
* <p>
* By setting the <em>forceHttps</em> property to true, you may configure the
* class to force the protocol used for the login form to be
* <code>https</code>, even if the original intercepted request for a resource
* used the <code>http</code> protocol. When this happens, after a successful
* login (via https), the original resource will still be accessed as http,
* via the original request URL. For the forced https feature to work, the
* class must have a valid mapping from an http port in the original request
* to an https port for the login page (the same server name will be used,
* only the scheme and port will be changed). By default, http requests to
* port 80 will be mapped to login page https requests on port 443 (standard
* https port), and port 8080 will be mapped to port 8443. These mappings may
* be customized by setting the <em>httpsPortMappings</em> property. Any
* intercepted http request on a port which does not have a mapping will
* result in the protocol remaining as http. Any intercepted request which is
* already https will always result in the login page being accessed as https,
* regardless of the state of the <em>forceHttps</em> property.
* <code>HTTPS</code>, even if the original intercepted request for a resource
* used the <code>HTTP</code> protocol. When this happens, after a successful
* login (via HTTPS), the original resource will still be accessed as HTTP,
* via the original request URL. For the forced HTTPS feature to work, the
* {@link PortMapper} is consulted to determine the HTTP:HTTPS pairs.
* </p>
*
* @author Ben Alex
@ -65,20 +57,17 @@ import javax.servlet.http.HttpServletResponse;
*/
public class AuthenticationProcessingFilterEntryPoint
implements AuthenticationEntryPoint, InitializingBean {
//~ Static fields/initializers =============================================
private static final Log logger = LogFactory.getLog(AuthenticationProcessingFilterEntryPoint.class);
//~ Instance fields ========================================================
private HashMap httpsPortMappings;
private PortMapper portMapper;
private PortResolver portResolver;
private String loginFormUrl;
private boolean forceHttps = false;
//~ Constructors ===========================================================
public AuthenticationProcessingFilterEntryPoint() {
httpsPortMappings = new HashMap();
httpsPortMappings.put(new Integer(80), new Integer(443));
httpsPortMappings.put(new Integer(8080), new Integer(8443));
}
//~ Methods ================================================================
/**
@ -88,8 +77,6 @@ public class AuthenticationProcessingFilterEntryPoint
* <code>https</code>, then
*
* @param forceHttps
*
* @todo Generated comment
*/
public void setForceHttps(boolean forceHttps) {
this.forceHttps = forceHttps;
@ -99,56 +86,6 @@ public class AuthenticationProcessingFilterEntryPoint
return forceHttps;
}
/**
* <p>
* Set to override the default http port to https port mappings of 80:443,
* and 8080:8443.
* </p>
* In a Spring XML ApplicationContext, a definition would look something
* like this:
* <pre>
* &lt;property name="httpsPortMapping">
* &lt;map>
* &lt;entry key="80">&lt;value>443&lt;/value>&lt;/entry>
* &lt;entry key="8080">&lt;value>8443&lt;/value>&lt;/entry>
* &lt;/map>
* &lt;/property>
* </pre>
*
* @param newMappings A Map consisting of String keys and String values,
* where for each entry the key is the string representation of an
* integer http port number, and the value is the string
* representation of the corresponding integer https port number.
*
* @throws IllegalArgumentException if input map does not consist of String
* keys and values, each representing an integer port number in
* the range 1-65535 for that mapping.
*/
public void setHttpsPortMappings(HashMap newMappings) {
httpsPortMappings.clear();
Iterator it = newMappings.entrySet().iterator();
while (it.hasNext()) {
Map.Entry entry = (Map.Entry) it.next();
Integer httpPort = new Integer((String) entry.getKey());
Integer httpsPort = new Integer((String) entry.getValue());
if ((httpPort.intValue() < 1) || (httpPort.intValue() > 65535)
|| (httpsPort.intValue() < 1) || (httpsPort.intValue() > 65535)) {
throw new IllegalArgumentException(
"one or both ports out of legal range: " + httpPort + ", "
+ httpsPort);
}
httpsPortMappings.put(httpPort, httpsPort);
if (httpsPortMappings.size() < 1) {
throw new IllegalArgumentException("must map at least one port");
}
}
}
/**
* The URL where the <code>AuthenticationProcessingFilter</code> login page
* can be found. Should be relative to the web-app context path, and
@ -164,40 +101,79 @@ public class AuthenticationProcessingFilterEntryPoint
return loginFormUrl;
}
public void setPortMapper(PortMapper portMapper) {
this.portMapper = portMapper;
}
public PortMapper getPortMapper() {
return portMapper;
}
public void setPortResolver(PortResolver portResolver) {
this.portResolver = portResolver;
}
public PortResolver getPortResolver() {
return portResolver;
}
public void afterPropertiesSet() throws Exception {
if ((loginFormUrl == null) || "".equals(loginFormUrl)) {
throw new IllegalArgumentException("loginFormUrl must be specified");
}
if (portMapper == null) {
throw new IllegalArgumentException("portMapper must be specified");
}
if (portResolver == null) {
throw new IllegalArgumentException("portResolver must be specified");
}
}
public void commence(ServletRequest request, ServletResponse response)
throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
String scheme = request.getScheme();
String serverName = request.getServerName();
int serverPort = portResolver.getServerPort(request);
String contextPath = req.getContextPath();
String redirectUrl = contextPath + loginFormUrl;
boolean includePort = true;
if ("http".equals(scheme.toLowerCase()) && (serverPort == 80)) {
includePort = false;
}
if ("https".equals(scheme.toLowerCase()) && (serverPort == 443)) {
includePort = false;
}
String redirectUrl = scheme + "://" + serverName
+ ((includePort) ? (":" + serverPort) : "") + contextPath
+ loginFormUrl;
if (forceHttps && req.getScheme().equals("http")) {
Integer httpPort = new Integer(req.getServerPort());
Integer httpsPort = (Integer) httpsPortMappings.get(httpPort);
Integer httpPort = new Integer(portResolver.getServerPort(request));
Integer httpsPort = (Integer) portMapper.lookupHttpsPort(httpPort);
if (httpsPort != null) {
String serverName = req.getServerName();
redirectUrl = "https://" + serverName + ":" + httpsPort
+ contextPath + loginFormUrl;
if (httpsPort.intValue() == 443) {
includePort = false;
} else {
includePort = true;
}
redirectUrl = "https://" + serverName
+ ((includePort) ? (":" + httpsPort) : "") + contextPath
+ loginFormUrl;
}
}
if (logger.isDebugEnabled()) {
logger.debug("Redirecting to: " + redirectUrl);
}
((HttpServletResponse) response).sendRedirect(redirectUrl);
}
/**
* Returns the translated (Integer -> Integer) version of the original port
* mapping specified via setHttpsPortMapping()
*
* @return DOCUMENT ME!
*/
protected HashMap getTranslatedHttpsPortMappings() {
return httpsPortMappings;
}
}

54
core/src/main/java/org/acegisecurity/util/PortMapper.java Normal file
View File

@ -0,0 +1,54 @@
/* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.util;
/**
* <code>PortMapper</code> implementations provide callers with information
* about which HTTP ports are associated with which HTTPS ports on the system,
* and vice versa.
*
* @author Ben Alex
* @version $Id$
*/
public interface PortMapper {
//~ Methods ================================================================
/**
* Locates the HTTP port associated with the specified HTTPS port.
*
* <P>
* Returns <code>null</code> if unknown.
* </p>
*
* @param httpsPort
*
* @return the HTTP port or <code>null</code> if unknown
*/
public Integer lookupHttpPort(Integer httpsPort);
/**
* Locates the HTTPS port associated with the specified HTTP port.
*
* <P>
* Returns <code>null</code> if unknown.
* </p>
*
* @param httpPort
*
* @return the HTTPS port or <code>null</code> if unknown
*/
public Integer lookupHttpsPort(Integer httpPort);
}

134
core/src/main/java/org/acegisecurity/util/PortMapperImpl.java Normal file
View File

@ -0,0 +1,134 @@
/* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.util;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
/**
* Concrete implementation of {@link PortMapper} that obtains HTTP:HTTPS pairs
* from the application context.
*
* <P>
* By default the implementation will assume 80:443 and 8080:8443 are
* HTTP:HTTPS pairs respectively. If different pairs are required, use {@link
* #setPortMappings(Map)}.
* </p>
*
* @author Ben Alex
* @author colin sampaleanu
* @version $Id$
*/
public class PortMapperImpl implements PortMapper {
//~ Instance fields ========================================================
private Map httpsPortMappings;
//~ Constructors ===========================================================
public PortMapperImpl() {
httpsPortMappings = new HashMap();
httpsPortMappings.put(new Integer(80), new Integer(443));
httpsPortMappings.put(new Integer(8080), new Integer(8443));
}
//~ Methods ================================================================
/**
* <p>
* Set to override the default HTTP port to HTTPS port mappings of 80:443,
* and 8080:8443.
* </p>
* In a Spring XML ApplicationContext, a definition would look something
* like this:
* <pre>
* &lt;property name="httpsPortMapping">
* &lt;map>
* &lt;entry key="80">&lt;value>443&lt;/value>&lt;/entry>
* &lt;entry key="8080">&lt;value>8443&lt;/value>&lt;/entry>
* &lt;/map>
* &lt;/property>
* </pre>
*
* @param newMappings A Map consisting of String keys and String values,
* where for each entry the key is the string representation of an
* integer HTTP port number, and the value is the string
* representation of the corresponding integer HTTPS port number.
*
* @throws IllegalArgumentException if input map does not consist of String
* keys and values, each representing an integer port number in
* the range 1-65535 for that mapping.
*/
public void setPortMappings(Map newMappings) {
if (newMappings == null) {
throw new IllegalArgumentException(
"A valid list of HTTPS port mappings must be provided");
}
httpsPortMappings.clear();
Iterator it = newMappings.entrySet().iterator();
while (it.hasNext()) {
Map.Entry entry = (Map.Entry) it.next();
Integer httpPort = new Integer((String) entry.getKey());
Integer httpsPort = new Integer((String) entry.getValue());
if ((httpPort.intValue() < 1) || (httpPort.intValue() > 65535)
|| (httpsPort.intValue() < 1) || (httpsPort.intValue() > 65535)) {
throw new IllegalArgumentException(
"one or both ports out of legal range: " + httpPort + ", "
+ httpsPort);
}
httpsPortMappings.put(httpPort, httpsPort);
}
if (httpsPortMappings.size() < 1) {
throw new IllegalArgumentException("must map at least one port");
}
}
/**
* Returns the translated (Integer -> Integer) version of the original port
* mapping specified via setHttpsPortMapping()
*
* @return DOCUMENT ME!
*/
public Map getTranslatedPortMappings() {
return httpsPortMappings;
}
public Integer lookupHttpPort(Integer httpsPort) {
Iterator iter = httpsPortMappings.keySet().iterator();
while (iter.hasNext()) {
Integer httpPort = (Integer) iter.next();
if (httpsPortMappings.get(httpPort).equals(httpsPort)) {
return httpPort;
}
}
return null;
}
public Integer lookupHttpsPort(Integer httpPort) {
return (Integer) httpsPortMappings.get(httpPort);
}
}

46
core/src/main/java/org/acegisecurity/util/PortResolver.java Normal file
View File

@ -0,0 +1,46 @@
/* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.util;
import javax.servlet.ServletRequest;
/**
* A <code>PortResolver</code> determines the port a web request was received
* on.
*
* <P>
* This interface is necessary because
* <code>ServletRequest.getServerPort()</code> may not return the correct port
* in certain circumstances. For example, if the browser does not construct
* the URL correctly after a redirect.
* </p>
*
* @author Ben Alex
* @version $Id$
*/
public interface PortResolver {
//~ Methods ================================================================
/**
* Indicates the port the <code>ServletRequest</code> was received on.
*
* @param request that the method should lookup the port for
*
* @return the port the request was received on
*/
public int getServerPort(ServletRequest request);
}

92
core/src/main/java/org/acegisecurity/util/PortResolverImpl.java Normal file
View File

@ -0,0 +1,92 @@
/* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.util;
import org.springframework.beans.factory.InitializingBean;
import javax.servlet.ServletRequest;
/**
* Concrete implementation of {@link PortResolver} that obtains the port from
* <code>ServletRequest.getServerPort()</code>.
*
* <P>
* If either the <code>alwaysHttpPort</code> or <code>alwaysHttpsPort</code>
* properties are set, these ports will be used <B>instead of</B> those
* obtained from the <code>ServletRequest.getServerPort()</code> method.
* Setting these properties will cause the
* <code>ServletRequest.getScheme()</code> method to be used to determine
* whether a request was HTTP or HTTPS, and then return the port defined by
* the <code>always[Scheme]Port</code> property. You can configure zero, one
* or both of these properties.
* </p>
*
* @author Ben Alex
* @version $Id$
*/
public class PortResolverImpl implements InitializingBean, PortResolver {
//~ Instance fields ========================================================
private int alwaysHttpPort = 0;
private int alwaysHttpsPort = 0;
//~ Methods ================================================================
public void setAlwaysHttpPort(int alwaysHttpPort) {
this.alwaysHttpPort = alwaysHttpPort;
}
public int getAlwaysHttpPort() {
return alwaysHttpPort;
}
public void setAlwaysHttpsPort(int alwaysHttpsPort) {
this.alwaysHttpsPort = alwaysHttpsPort;
}
public int getAlwaysHttpsPort() {
return alwaysHttpsPort;
}
public int getServerPort(ServletRequest request) {
if ("http".equals(request.getScheme().toLowerCase())
&& (alwaysHttpPort != 0)) {
return alwaysHttpPort;
}
if ("https".equals(request.getScheme().toLowerCase())
&& (alwaysHttpsPort != 0)) {
return alwaysHttpsPort;
}
return request.getServerPort();
}
public void afterPropertiesSet() throws Exception {
if ((alwaysHttpPort != 0)
&& ((alwaysHttpPort > 65535) || (alwaysHttpPort < 0))) {
throw new IllegalArgumentException(
"alwaysHttpPort must be between 1 and 65535");
}
if ((alwaysHttpsPort != 0)
&& ((alwaysHttpsPort > 65535) || (alwaysHttpsPort < 0))) {
throw new IllegalArgumentException(
"alwaysHttpsPort must be between 1 and 65535");
}
}
}

9
core/src/test/java/org/acegisecurity/MockHttpServletRequest.java
View File

@ -53,13 +53,13 @@ public class MockHttpServletRequest implements HttpServletRequest {
private Map paramMap = new HashMap();
private Principal principal;
private String contextPath = "";
private String pathInfo; // null for no extra path
private String queryString = null;
private String requestURL;
private String scheme;
private String serverName;
private String servletPath;
private int serverPort;
private String pathInfo; // null for no extra path
//~ Constructors ===========================================================
@ -197,7 +197,6 @@ public class MockHttpServletRequest implements HttpServletRequest {
throw new UnsupportedOperationException("mock method not implemented");
}
public void setPathInfo(String pathInfo) {
this.pathInfo = pathInfo;
}
@ -283,7 +282,11 @@ public class MockHttpServletRequest implements HttpServletRequest {
}
public boolean isSecure() {
throw new UnsupportedOperationException("mock method not implemented");
if ("https".equals(scheme)) {
return true;
} else {
return false;
}
}
public void setServerName(String serverName) {

54
core/src/test/java/org/acegisecurity/MockPortResolver.java Normal file
View File

@ -0,0 +1,54 @@
/* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity;
import net.sf.acegisecurity.util.PortResolver;
import javax.servlet.ServletRequest;
/**
* Always returns the constructor-specified HTTP and HTTPS ports.
*
* @author Ben Alex
* @version $Id$
*/
public class MockPortResolver implements PortResolver {
//~ Instance fields ========================================================
private int http = 80;
private int https = 443;
//~ Constructors ===========================================================
public MockPortResolver(int http, int https) {
this.http = http;
this.https = https;
}
private MockPortResolver() {}
//~ Methods ================================================================
public int getServerPort(ServletRequest request) {
if ((request.getScheme() != null)
&& request.getScheme().equals("https")) {
return https;
} else {
return http;
}
}
}

62
core/src/test/java/org/acegisecurity/intercept/web/SecurityEnforcementFilterTests.java
View File

@ -23,6 +23,7 @@ import net.sf.acegisecurity.MockAuthenticationEntryPoint;
import net.sf.acegisecurity.MockHttpServletRequest;
import net.sf.acegisecurity.MockHttpServletResponse;
import net.sf.acegisecurity.MockHttpSession;
import net.sf.acegisecurity.MockPortResolver;
import net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilter;
import java.io.IOException;
@ -120,6 +121,9 @@ public class SecurityEnforcementFilterTests extends TestCase {
filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint(
"/login.jsp"));
assertTrue(filter.getAuthenticationEntryPoint() != null);
filter.setPortResolver(new MockPortResolver(80, 443));
assertTrue(filter.getPortResolver() != null);
}
public void testRedirectedToLoginFormAndSessionShowsOriginalTargetWhenAuthenticationException()
@ -128,6 +132,10 @@ public class SecurityEnforcementFilterTests extends TestCase {
MockHttpServletRequest request = new MockHttpServletRequest(null,
new MockHttpSession());
request.setServletPath("/secure/page.html");
request.setServerPort(80);
request.setScheme("http");
request.setServerName("www.example.com");
request.setContextPath("/mycontext");
request.setRequestURL(
"http://www.example.com/mycontext/secure/page.html");
@ -143,15 +151,51 @@ public class SecurityEnforcementFilterTests extends TestCase {
filter.setFilterSecurityInterceptor(interceptor);
filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint(
"/login.jsp"));
filter.setPortResolver(new MockPortResolver(80, 443));
filter.afterPropertiesSet();
MockHttpServletResponse response = new MockHttpServletResponse();
filter.doFilter(request, response, chain);
assertEquals("/login.jsp", response.getRedirect());
assertEquals("/mycontext/login.jsp", response.getRedirect());
assertEquals("http://www.example.com/mycontext/secure/page.html",
request.getSession().getAttribute(AuthenticationProcessingFilter.ACEGI_SECURITY_TARGET_URL_KEY));
}
public void testRedirectedToLoginFormAndSessionShowsOriginalTargetWithExoticPortWhenAuthenticationException()
throws Exception {
// Setup our HTTP request
MockHttpServletRequest request = new MockHttpServletRequest(null,
new MockHttpSession());
request.setServletPath("/secure/page.html");
request.setServerPort(8080);
request.setScheme("http");
request.setServerName("www.example.com");
request.setContextPath("/mycontext");
request.setRequestURL(
"http://www.example.com:8080/mycontext/secure/page.html");
// Setup our expectation that the filter chain will not be invoked, as access is denied
MockFilterChain chain = new MockFilterChain(false);
// Setup the FilterSecurityInterceptor thrown an authentication failure exceptions
MockFilterSecurityInterceptor interceptor = new MockFilterSecurityInterceptor(false,
true);
// Test
SecurityEnforcementFilter filter = new SecurityEnforcementFilter();
filter.setFilterSecurityInterceptor(interceptor);
filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint(
"/login.jsp"));
filter.setPortResolver(new MockPortResolver(8080, 8443));
filter.afterPropertiesSet();
MockHttpServletResponse response = new MockHttpServletResponse();
filter.doFilter(request, response, chain);
assertEquals("/mycontext/login.jsp", response.getRedirect());
assertEquals("http://www.example.com:8080/mycontext/secure/page.html",
request.getSession().getAttribute(AuthenticationProcessingFilter.ACEGI_SECURITY_TARGET_URL_KEY));
}
public void testStartupDetectsMissingAuthenticationEntryPoint()
throws Exception {
SecurityEnforcementFilter filter = new SecurityEnforcementFilter();
@ -182,6 +226,22 @@ public class SecurityEnforcementFilterTests extends TestCase {
}
}
public void testStartupDetectsMissingPortResolver()
throws Exception {
SecurityEnforcementFilter filter = new SecurityEnforcementFilter();
filter.setFilterSecurityInterceptor(new MockFilterSecurityInterceptor(
false, false));
filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint(
"/login.jsp"));
try {
filter.afterPropertiesSet();
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertEquals("portResolver must be specified", expected.getMessage());
}
}
public void testSuccessfulAccessGrant() throws Exception {
// Setup our HTTP request
MockHttpServletRequest request = new MockHttpServletRequest(null,

126
core/src/test/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilterEntryPointTests.java
View File

@ -19,8 +19,11 @@ import junit.framework.TestCase;
import net.sf.acegisecurity.MockHttpServletRequest;
import net.sf.acegisecurity.MockHttpServletResponse;
import net.sf.acegisecurity.MockPortResolver;
import net.sf.acegisecurity.util.PortMapperImpl;
import java.util.HashMap;
import java.util.Map;
/**
@ -43,6 +46,8 @@ public class AuthenticationProcessingFilterEntryPointTests extends TestCase {
public void testDetectsMissingLoginFormUrl() throws Exception {
AuthenticationProcessingFilterEntryPoint ep = new AuthenticationProcessingFilterEntryPoint();
ep.setPortMapper(new PortMapperImpl());
ep.setPortResolver(new MockPortResolver(80, 443));
try {
ep.afterPropertiesSet();
@ -52,10 +57,45 @@ public class AuthenticationProcessingFilterEntryPointTests extends TestCase {
}
}
public void testDetectsMissingPortMapper() throws Exception {
AuthenticationProcessingFilterEntryPoint ep = new AuthenticationProcessingFilterEntryPoint();
ep.setLoginFormUrl("xxx");
ep.setPortResolver(new MockPortResolver(80, 443));
try {
ep.afterPropertiesSet();
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertEquals("portMapper must be specified", expected.getMessage());
}
}
public void testDetectsMissingPortResolver() throws Exception {
AuthenticationProcessingFilterEntryPoint ep = new AuthenticationProcessingFilterEntryPoint();
ep.setLoginFormUrl("xxx");
ep.setPortMapper(new PortMapperImpl());
try {
ep.afterPropertiesSet();
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertEquals("portResolver must be specified", expected.getMessage());
}
}
public void testGettersSetters() {
AuthenticationProcessingFilterEntryPoint ep = new AuthenticationProcessingFilterEntryPoint();
ep.setLoginFormUrl("/hello");
ep.setPortMapper(new PortMapperImpl());
ep.setPortResolver(new MockPortResolver(8080, 8443));
assertEquals("/hello", ep.getLoginFormUrl());
assertTrue(ep.getPortMapper() != null);
assertTrue(ep.getPortResolver() != null);
ep.setForceHttps(false);
assertFalse(ep.getForceHttps());
ep.setForceHttps(true);
assertTrue(ep.getForceHttps());
}
public void testHttpsOperation() throws Exception {
@ -70,30 +110,40 @@ public class AuthenticationProcessingFilterEntryPointTests extends TestCase {
AuthenticationProcessingFilterEntryPoint ep = new AuthenticationProcessingFilterEntryPoint();
ep.setLoginFormUrl("/hello");
ep.setPortMapper(new PortMapperImpl());
ep.setForceHttps(true);
ep.setPortMapper(new PortMapperImpl());
ep.setPortResolver(new MockPortResolver(80, 443));
ep.afterPropertiesSet();
ep.commence(request, response);
assertEquals("https://www.example.com:443/bigWebApp/hello",
assertEquals("https://www.example.com/bigWebApp/hello",
response.getRedirect());
request.setServerPort(8080);
ep.setPortResolver(new MockPortResolver(8080, 8443));
ep.commence(request, response);
System.out.println(response.getRedirect());
assertEquals("https://www.example.com:8443/bigWebApp/hello",
response.getRedirect());
// Now test an unusual custom HTTP:HTTPS is handled properly
request.setServerPort(8888);
ep.commence(request, response);
assertEquals("https://www.example.com:8443/bigWebApp/hello",
response.getRedirect());
// check that unknown port leaves things as-is
request.setServerPort(8888);
ep.commence(request, response);
assertEquals("/bigWebApp/hello", response.getRedirect());
PortMapperImpl portMapper = new PortMapperImpl();
Map map = new HashMap();
map.put("8888", "9999");
portMapper.setPortMappings(map);
ep = new AuthenticationProcessingFilterEntryPoint();
ep.setLoginFormUrl("/hello");
ep.setPortMapper(new PortMapperImpl());
ep.setForceHttps(true);
HashMap map = new HashMap();
map.put("8888", "9999");
ep.setHttpsPortMappings(map);
ep.setPortMapper(portMapper);
ep.setPortResolver(new MockPortResolver(8888, 9999));
ep.afterPropertiesSet();
ep.commence(request, response);
@ -104,50 +154,50 @@ public class AuthenticationProcessingFilterEntryPointTests extends TestCase {
public void testNormalOperation() throws Exception {
AuthenticationProcessingFilterEntryPoint ep = new AuthenticationProcessingFilterEntryPoint();
ep.setLoginFormUrl("/hello");
ep.setPortMapper(new PortMapperImpl());
ep.setPortResolver(new MockPortResolver(80, 443));
ep.afterPropertiesSet();
MockHttpServletRequest request = new MockHttpServletRequest(
"/some_path");
request.setContextPath("/bigWebApp");
request.setScheme("http");
request.setServerName("www.example.com");
request.setContextPath("/bigWebApp");
request.setServerPort(80);
MockHttpServletResponse response = new MockHttpServletResponse();
ep.afterPropertiesSet();
ep.commence(request, response);
assertEquals("/bigWebApp/hello", response.getRedirect());
assertEquals("http://www.example.com/bigWebApp/hello",
response.getRedirect());
}
public void testSetSslPortMapping() {
public void testOperationWhenHttpsRequestsButHttpsPortUnknown()
throws Exception {
AuthenticationProcessingFilterEntryPoint ep = new AuthenticationProcessingFilterEntryPoint();
HashMap map = new HashMap();
ep.setLoginFormUrl("/hello");
ep.setPortMapper(new PortMapperImpl());
ep.setPortResolver(new MockPortResolver(8888, 1234));
ep.setForceHttps(true);
ep.afterPropertiesSet();
try {
ep.setHttpsPortMappings(map);
} catch (IllegalArgumentException expected) {
assertEquals("must map at least one port", expected.getMessage());
}
MockHttpServletRequest request = new MockHttpServletRequest(
"/some_path");
request.setContextPath("/bigWebApp");
request.setScheme("http");
request.setServerName("www.example.com");
request.setContextPath("/bigWebApp");
request.setServerPort(8888); // NB: Port we can't resolve
map.put(new Integer(0).toString(), new Integer(443).toString());
MockHttpServletResponse response = new MockHttpServletResponse();
try {
ep.setHttpsPortMappings(map);
} catch (IllegalArgumentException expected) {
assertTrue(expected.getMessage().startsWith("one or both ports out of legal range"));
}
ep.afterPropertiesSet();
ep.commence(request, response);
map.clear();
map.put(new Integer(80).toString(), new Integer(100000).toString());
try {
ep.setHttpsPortMappings(map);
} catch (IllegalArgumentException expected) {
assertTrue(expected.getMessage().startsWith("one or both ports out of legal range"));
}
map.clear();
map.put(new Integer(80).toString(), new Integer(443).toString());
ep.setHttpsPortMappings(map);
map = ep.getTranslatedHttpsPortMappings();
assertTrue(map.size() == 1);
assertTrue(((Integer) map.get(new Integer(80))).equals(new Integer(443)));
// Response doesn't switch to HTTPS, as we didn't know HTTP port 8888 to HTTP port mapping
assertEquals("http://www.example.com:8888/bigWebApp/hello",
response.getRedirect());
}
}

120
core/src/test/java/org/acegisecurity/util/PortMapperImplTests.java Normal file
View File

@ -0,0 +1,120 @@
/* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.util;
import junit.framework.TestCase;
import java.util.HashMap;
import java.util.Map;
/**
* Tests {@link PortMapperImpl}.
*
* @author Ben Alex
* @version $Id$
*/
public class PortMapperImplTests extends TestCase {
//~ Constructors ===========================================================
public PortMapperImplTests() {
super();
}
public PortMapperImplTests(String arg0) {
super(arg0);
}
//~ Methods ================================================================
public final void setUp() throws Exception {
super.setUp();
}
public static void main(String[] args) {
junit.textui.TestRunner.run(PortMapperImplTests.class);
}
public void testDefaultMappingsAreKnown() throws Exception {
PortMapperImpl portMapper = new PortMapperImpl();
assertEquals(new Integer(80),
portMapper.lookupHttpPort(new Integer(443)));
assertEquals(new Integer(8080),
portMapper.lookupHttpPort(new Integer(8443)));
assertEquals(new Integer(443),
portMapper.lookupHttpsPort(new Integer(80)));
assertEquals(new Integer(8443),
portMapper.lookupHttpsPort(new Integer(8080)));
}
public void testDetectsEmptyMap() throws Exception {
PortMapperImpl portMapper = new PortMapperImpl();
try {
portMapper.setPortMappings(new HashMap());
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertTrue(true);
}
}
public void testDetectsNullMap() throws Exception {
PortMapperImpl portMapper = new PortMapperImpl();
try {
portMapper.setPortMappings(null);
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertTrue(true);
}
}
public void testGetTranslatedPortMappings() {
PortMapperImpl portMapper = new PortMapperImpl();
assertEquals(2, portMapper.getTranslatedPortMappings().size());
}
public void testRejectsOutOfRangeMappings() {
PortMapperImpl portMapper = new PortMapperImpl();
Map map = new HashMap();
map.put("79", "80559");
try {
portMapper.setPortMappings(map);
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertTrue(true);
}
}
public void testReturnsNullIfHttpPortCannotBeFound() {
PortMapperImpl portMapper = new PortMapperImpl();
assertTrue(portMapper.lookupHttpPort(new Integer("34343")) == null);
}
public void testSupportsCustomMappings() {
PortMapperImpl portMapper = new PortMapperImpl();
Map map = new HashMap();
map.put("79", "442");
portMapper.setPortMappings(map);
assertEquals(new Integer(79),
portMapper.lookupHttpPort(new Integer(442)));
assertEquals(new Integer(442),
portMapper.lookupHttpsPort(new Integer(79)));
}
}

144
core/src/test/java/org/acegisecurity/util/PortResolverImplTests.java Normal file
View File

@ -0,0 +1,144 @@
/* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.util;
import junit.framework.TestCase;
import net.sf.acegisecurity.MockHttpServletRequest;
/**
* Tests {@link PortResolverImpl}.
*
* @author Ben Alex
* @version $Id$
*/
public class PortResolverImplTests extends TestCase {
//~ Constructors ===========================================================
public PortResolverImplTests() {
super();
}
public PortResolverImplTests(String arg0) {
super(arg0);
}
//~ Methods ================================================================
public final void setUp() throws Exception {
super.setUp();
}
public static void main(String[] args) {
junit.textui.TestRunner.run(PortResolverImplTests.class);
}
public void testGettersSetters() throws Exception {
PortResolverImpl pr = new PortResolverImpl();
assertEquals(0, pr.getAlwaysHttpPort());
assertEquals(0, pr.getAlwaysHttpsPort());
pr.setAlwaysHttpPort(80);
pr.setAlwaysHttpsPort(443);
assertEquals(80, pr.getAlwaysHttpPort());
assertEquals(443, pr.getAlwaysHttpsPort());
}
public void testNormalOperation() throws Exception {
PortResolverImpl pr = new PortResolverImpl();
pr.afterPropertiesSet();
MockHttpServletRequest request = new MockHttpServletRequest("X");
request.setScheme("http");
request.setServerPort(1021);
assertEquals(1021, pr.getServerPort(request));
}
public void testOverridesHttp() throws Exception {
PortResolverImpl pr = new PortResolverImpl();
pr.setAlwaysHttpPort(495);
pr.afterPropertiesSet();
MockHttpServletRequest request = new MockHttpServletRequest("X");
request.setServerPort(7676);
request.setScheme("HTtP"); // proves case insensitive handling
assertEquals(495, pr.getServerPort(request));
request.setScheme("https");
assertEquals(7676, pr.getServerPort(request));
}
public void testOverridesHttps() throws Exception {
PortResolverImpl pr = new PortResolverImpl();
pr.setAlwaysHttpsPort(987);
pr.afterPropertiesSet();
MockHttpServletRequest request = new MockHttpServletRequest("X");
request.setServerPort(6949);
request.setScheme("HTtPs"); // proves case insensitive handling
assertEquals(987, pr.getServerPort(request));
request.setScheme("http");
assertEquals(6949, pr.getServerPort(request));
}
public void testRejectsOutOfRangeHttp() throws Exception {
PortResolverImpl pr = new PortResolverImpl();
pr.setAlwaysHttpPort(9999999);
try {
pr.afterPropertiesSet();
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertEquals("alwaysHttpPort must be between 1 and 65535",
expected.getMessage());
}
pr.setAlwaysHttpPort(-49);
try {
pr.afterPropertiesSet();
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertEquals("alwaysHttpPort must be between 1 and 65535",
expected.getMessage());
}
}
public void testRejectsOutOfRangeHttps() throws Exception {
PortResolverImpl pr = new PortResolverImpl();
pr.setAlwaysHttpsPort(9999999);
try {
pr.afterPropertiesSet();
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertEquals("alwaysHttpsPort must be between 1 and 65535",
expected.getMessage());
}
pr.setAlwaysHttpsPort(-49);
try {
pr.afterPropertiesSet();
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertEquals("alwaysHttpsPort must be between 1 and 65535",
expected.getMessage());
}
}
}