Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-28 14:52:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-2803: Add HttpStatusEntryPoint

Browse Source
This commit is contained in:
Rob Winch 2015-03-11 14:45:59 -05:00
parent 1da1b8b12f
commit e776a1fd35
3 changed files with 118 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
config/src/main/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurer.java
View File

@ -15,13 +15,10 @@
*/ */
package org.springframework.security.config.annotation.web.configurers; package org.springframework.security.config.annotation.web.configurers;
import java.io.IOException;
import java.util.Collections; import java.util.Collections;
import java.util.LinkedHashMap; import java.util.LinkedHashMap;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.http.HttpStatus; import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType; import org.springframework.http.MediaType;
@ -29,15 +26,15 @@ import org.springframework.security.authentication.AuthenticationDetailsSource;
import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.web.HttpSecurityBuilder; import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.AuthenticationEntryPoint; import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint; import org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint;
import org.springframework.security.web.authentication.HttpStatusEntryPoint;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource; import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint; import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.security.web.util.matcher.MediaTypeRequestMatcher; import org.springframework.security.web.util.matcher.MediaTypeRequestMatcher;
import org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher; import org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.web.accept.ContentNegotiationStrategy; import org.springframework.web.accept.ContentNegotiationStrategy;
import org.springframework.web.accept.HeaderContentNegotiationStrategy; import org.springframework.web.accept.HeaderContentNegotiationStrategy;
@ -170,20 +167,4 @@ public final class HttpBasicConfigurer<B extends HttpSecurityBuilder<B>> extends
basicAuthenticationFilter = postProcess(basicAuthenticationFilter); basicAuthenticationFilter = postProcess(basicAuthenticationFilter);
http.addFilter(basicAuthenticationFilter); http.addFilter(basicAuthenticationFilter);
} }
private static class HttpStatusEntryPoint implements AuthenticationEntryPoint {
private final HttpStatus httpStatus;
public HttpStatusEntryPoint(HttpStatus httpStatus) {
super();
this.httpStatus = httpStatus;
}
public void commence(HttpServletRequest request,
HttpServletResponse response,
AuthenticationException authException) throws IOException,
ServletException {
response.setStatus(httpStatus.value());
}
}
} }

56
web/src/main/java/org/springframework/security/web/authentication/HttpStatusEntryPoint.java Normal file
View File

@ -0,0 +1,56 @@
/*
* Copyright 2002-2015 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
package org.springframework.security.web.authentication;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.http.HttpStatus;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.util.Assert;
/**
* An {@link AuthenticationEntryPoint} that sends a generic {@link HttpStatus}
* as a response. Useful for JavaScript clients which cannot use Basic
* authentication since the browser intercepts the response.
*
* @author Rob Winch
* @since 4.0
*/
public final class HttpStatusEntryPoint implements AuthenticationEntryPoint {
private final HttpStatus httpStatus;
/**
* Creates a new instance.
*
* @param httpStatus the HttpSatus to set
*/
public HttpStatusEntryPoint(HttpStatus httpStatus) {
Assert.notNull(httpStatus, "httpStatus cannot be null");
this.httpStatus = httpStatus;
}
public void commence(HttpServletRequest request,
HttpServletResponse response,
AuthenticationException authException) throws IOException,
ServletException {
response.setStatus(httpStatus.value());
}
}

60
web/src/test/java/org/springframework/security/web/authentication/HttpStatusEntryPointTests.java Normal file
View File

@ -0,0 +1,60 @@
/*
* Copyright 2002-2015 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
package org.springframework.security.web.authentication;
import static org.fest.assertions.Assertions.assertThat;
import org.junit.Before;
import org.junit.Test;
import org.springframework.http.HttpStatus;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.core.AuthenticationException;
/**
*
* @author Rob Winch
* @since 4.0
*/
public class HttpStatusEntryPointTests {
MockHttpServletRequest request;
MockHttpServletResponse response;
AuthenticationException authException;
HttpStatusEntryPoint entryPoint;
@SuppressWarnings("serial")
@Before
public void setup() {
request = new MockHttpServletRequest();
response = new MockHttpServletResponse();
authException = new AuthenticationException("") {};
entryPoint = new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED);
}
@Test(expected = IllegalArgumentException.class)
public void constructorNullStatus() {
new HttpStatusEntryPoint(null);
}
@Test
public void unauthorized() throws Exception {
entryPoint.commence(request, response, authException);
assertThat(response.getStatus()).isEqualTo(HttpStatus.UNAUTHORIZED.value());
}
}