Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-29 15:22:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-644: Fix broken NtlmProcessingFilter and add AuthenticationDetailsSource to it.

Browse Source
This commit is contained in:
Luke Taylor 2008-01-27 00:31:55 +00:00
parent 619c7b0dbf
commit e852cf53a8
1 changed files with 16 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
ntlm/src/main/java/org/springframework/security/ui/ntlm/NtlmProcessingFilter.java
View File

@ -27,6 +27,8 @@ import org.springframework.security.providers.anonymous.AnonymousAuthenticationT
import org.springframework.security.ui.SpringSecurityFilter; import org.springframework.security.ui.SpringSecurityFilter;
import org.springframework.security.ui.WebAuthenticationDetails; import org.springframework.security.ui.WebAuthenticationDetails;
import org.springframework.security.ui.FilterChainOrder; import org.springframework.security.ui.FilterChainOrder;
import org.springframework.security.ui.AuthenticationDetailsSource;
import org.springframework.security.ui.AuthenticationDetailsSourceImpl;
import org.springframework.security.ui.webapp.AuthenticationProcessingFilter; import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;
import org.springframework.beans.factory.InitializingBean; import org.springframework.beans.factory.InitializingBean;
import org.springframework.util.Assert; import org.springframework.util.Assert;
@ -46,6 +48,7 @@ import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import javax.servlet.FilterChain; import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession; import javax.servlet.http.HttpSession;
@ -110,6 +113,7 @@ public class NtlmProcessingFilter extends SpringSecurityFilter implements Initia
private String defaultDomain; private String defaultDomain;
private String domainController; private String domainController;
private AuthenticationManager authenticationManager; private AuthenticationManager authenticationManager;
private AuthenticationDetailsSource authenticationDetailsSource = new AuthenticationDetailsSourceImpl();
//~ Methods ======================================================================================================== //~ Methods ========================================================================================================
@ -295,7 +299,13 @@ public class NtlmProcessingFilter extends SpringSecurityFilter implements Initia
this.retryOnAuthFailure = retryOnFailure; this.retryOnAuthFailure = retryOnFailure;
} }
protected void doFilterHttp(final HttpServletRequest request, final HttpServletResponse response, final FilterChain chain) throws IOException { public void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource) {
Assert.notNull(authenticationDetailsSource, "authenticationDetailsSource cannot be null");
this.authenticationDetailsSource = authenticationDetailsSource;
}
protected void doFilterHttp(final HttpServletRequest request,
final HttpServletResponse response, final FilterChain chain) throws IOException, ServletException {
final HttpSession session = request.getSession(); final HttpSession session = request.getSession();
Integer ntlmState = (Integer) session.getAttribute(STATE_ATTR); Integer ntlmState = (Integer) session.getAttribute(STATE_ATTR);
@ -337,6 +347,8 @@ public class NtlmProcessingFilter extends SpringSecurityFilter implements Initia
} }
} }
} }
chain.doFilter(request, response);
} }
/** /**
@ -424,7 +436,7 @@ public class NtlmProcessingFilter extends SpringSecurityFilter implements Initia
final Authentication backupAuth; final Authentication backupAuth;
authRequest = new NtlmUsernamePasswordAuthenticationToken(auth, stripDomain); authRequest = new NtlmUsernamePasswordAuthenticationToken(auth, stripDomain);
authRequest.setDetails(new WebAuthenticationDetails(request)); authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
// Place the last username attempted into HttpSession for views // Place the last username attempted into HttpSession for views
session.setAttribute(AuthenticationProcessingFilter.SPRING_SECURITY_LAST_USERNAME_KEY, authRequest.getName()); session.setAttribute(AuthenticationProcessingFilter.SPRING_SECURITY_LAST_USERNAME_KEY, authRequest.getName());