From eb0307bcd9486e662185b7d0186605c03e624d26 Mon Sep 17 00:00:00 2001 From: Luke Taylor Date: Wed, 19 Sep 2007 16:49:18 +0000 Subject: [PATCH] SEC-557: Reinstate use of default AccessDeniedHandlerImpl for the time being (2.0 branch). --- .../ui/ExceptionTranslationFilter.java | 104 ++++++------------ 1 file changed, 31 insertions(+), 73 deletions(-) diff --git a/core/src/main/java/org/acegisecurity/ui/ExceptionTranslationFilter.java b/core/src/main/java/org/acegisecurity/ui/ExceptionTranslationFilter.java index 85074dc90d..88ed5f6787 100644 --- a/core/src/main/java/org/acegisecurity/ui/ExceptionTranslationFilter.java +++ b/core/src/main/java/org/acegisecurity/ui/ExceptionTranslationFilter.java @@ -50,26 +50,22 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; /** - * Handles any AccessDeniedException and - * AuthenticationException thrown within the filter chain. + * Handles any AccessDeniedException and AuthenticationException thrown within the + * filter chain. *

- * This filter is necessary because it provides the bridge between Java - * exceptions and HTTP responses. It is solely concerned with maintaining the - * user interface. This filter does not do any actual security enforcement. + * This filter is necessary because it provides the bridge between Java exceptions and HTTP responses. + * It is solely concerned with maintaining the user interface. This filter does not do any actual security enforcement. *

*

- * If an {@link AuthenticationException} is detected, the filter will launch the - * authenticationEntryPoint. This allows common handling of - * authentication failures originating from any subclass of + * If an {@link AuthenticationException} is detected, the filter will launch the authenticationEntryPoint. + * This allows common handling of authentication failures originating from any subclass of * {@link org.acegisecurity.intercept.AbstractSecurityInterceptor}. *

*

- * If an {@link AccessDeniedException} is detected, the filter will determine - * whether or not the user is an anonymous user. If they are an anonymous user, - * the authenticationEntryPoint will be launched. If they are not - * an anonymous user, the filter will delegate to the - * {@link org.acegisecurity.ui.AccessDeniedHandler}. By default the filter will - * use {@link org.acegisecurity.ui.AccessDeniedHandlerImpl}. + * If an {@link AccessDeniedException} is detected, the filter will determine whether or not the user is an anonymous + * user. If they are an anonymous user, the authenticationEntryPoint will be launched. If they are not + * an anonymous user, the filter will delegate to the {@link org.acegisecurity.ui.AccessDeniedHandler}. + * By default the filter will use {@link org.acegisecurity.ui.AccessDeniedHandlerImpl}. *

*

* To use this filter, it is necessary to specify the following properties: @@ -82,38 +78,30 @@ import javax.servlet.http.HttpServletResponse; *

  • portResolver is used to determine the "real" port that a * request was received on.
    • * - *

    - * Do not use this class directly. Instead configure - * web.xml to use the {@link - * org.acegisecurity.util.FilterToBeanProxy}. + *

    + * Do not use this class directly. Instead configure web.xml to use the + * {@link org.acegisecurity.util.FilterToBeanProxy}. *

    - * + * * @author Ben Alex * @author colin sampaleanu - * @version $Id: ExceptionTranslationFilter.java 1496 2006-05-23 13:38:33Z - * benalex $ + * @version $Id$ */ public class ExceptionTranslationFilter implements Filter, InitializingBean { - // ~ Static fields/initializers - // ===================================================================================== + + //~ Static fields/initializers ===================================================================================== private static final Log logger = LogFactory.getLog(ExceptionTranslationFilter.class); - // ~ Instance fields - // ================================================================================================ - - private AccessDeniedHandler accessDeniedHandler; + //~ Instance fields ================================================================================================ + private AccessDeniedHandler accessDeniedHandler = new AccessDeniedHandlerImpl(); private AuthenticationEntryPoint authenticationEntryPoint; - private AuthenticationTrustResolver authenticationTrustResolver = new AuthenticationTrustResolverImpl(); - private PortResolver portResolver = new PortResolverImpl(); - private boolean createSessionAllowed = true; - // ~ Methods - // ======================================================================================================== + //~ Methods ======================================================================================================== public void afterPropertiesSet() throws Exception { Assert.notNull(authenticationEntryPoint, "authenticationEntryPoint must be specified"); @@ -121,37 +109,6 @@ public class ExceptionTranslationFilter implements Filter, InitializingBean { Assert.notNull(authenticationTrustResolver, "authenticationTrustResolver must be specified"); } - /** - * Introspects the Applicationcontext for the single instance - * of {@link AccessDeniedHandler}. If found invoke - * setAccessDeniedHandler(AccessDeniedHandler accessDeniedHandler) method by - * providing the found instance of accessDeniedHandler as a method - * parameter. If more than one instance of AccessDeniedHandler - * is found, the method throws IllegalStateException. - * - * @param applicationContext to locate the instance - */ - private void autoDetectAnyAccessDeniedHandlerAndUseIt(ApplicationContext applicationContext) { - Map map = applicationContext.getBeansOfType(AccessDeniedHandler.class); - if (map.size() > 1) { - throw new IllegalArgumentException( - "More than one AccessDeniedHandler beans detected please refer to the one using " - + " [ accessDeniedBeanRef ] " + "attribute"); - } - else if (map.size() == 1) { - AccessDeniedHandler handler = (AccessDeniedHandlerImpl) map.values().iterator().next(); - setAccessDeniedHandler(handler); - } - else { - // create and use the default one specified as an instance variable. - accessDeniedHandler = new AccessDeniedHandlerImpl(); - } - - } - - public void destroy() { - } - public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { if (!(request instanceof HttpServletRequest)) { @@ -231,20 +188,15 @@ public class ExceptionTranslationFilter implements Filter, InitializingBean { } } - public void init(FilterConfig filterConfig) throws ServletException { - } - /** - * If true, indicates that - * SecurityEnforcementFilter is permitted to store the target - * URL and exception information in the HttpSession (the - * default). In situations where you do not wish to unnecessarily create - * HttpSessions - because the user agent will know the - * failed URL, such as with BASIC or Digest authentication - you may wish to + * If true, indicates that SecurityEnforcementFilter is permitted to store the target + * URL and exception information in the HttpSession (the default). + * In situations where you do not wish to unnecessarily create HttpSessions - because the user agent + * will know the failed URL, such as with BASIC or Digest authentication - you may wish to * set this property to false. Remember to also set the * {@link org.acegisecurity.context.HttpSessionContextIntegrationFilter#allowSessionCreation} * to false if you set this property to false. - * + * * @return true if the HttpSession will be * used to store information about the failed request, false * if the HttpSession will not be used @@ -296,4 +248,10 @@ public class ExceptionTranslationFilter implements Filter, InitializingBean { public void setPortResolver(PortResolver portResolver) { this.portResolver = portResolver; } + + public void init(FilterConfig filterConfig) throws ServletException { + } + + public void destroy() { + } }