Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SEC-557: Reinstate use of default AccessDeniedHandlerImpl for the time being (2.0 branch).

This commit is contained in:
Luke Taylor 2007-09-19 16:49:18 +00:00
parent 477dc308f8
commit eb0307bcd9
1 changed files with 31 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

100
core/src/main/java/org/acegisecurity/ui/ExceptionTranslationFilter.java
View File

@ -50,26 +50,22 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
/** /**
* Handles any <code>AccessDeniedException</code> and * Handles any <code>AccessDeniedException</code> and <code>AuthenticationException</code> thrown within the
* <code>AuthenticationException</code> thrown within the filter chain. * filter chain.
* <p> * <p>
* This filter is necessary because it provides the bridge between Java * This filter is necessary because it provides the bridge between Java exceptions and HTTP responses.
* exceptions and HTTP responses. It is solely concerned with maintaining the * It is solely concerned with maintaining the user interface. This filter does not do any actual security enforcement.
* user interface. This filter does not do any actual security enforcement.
* </p> * </p>
* <p> * <p>
* If an {@link AuthenticationException} is detected, the filter will launch the * If an {@link AuthenticationException} is detected, the filter will launch the <code>authenticationEntryPoint</code>.
* <code>authenticationEntryPoint</code>. This allows common handling of * This allows common handling of authentication failures originating from any subclass of
* authentication failures originating from any subclass of
* {@link org.acegisecurity.intercept.AbstractSecurityInterceptor}. * {@link org.acegisecurity.intercept.AbstractSecurityInterceptor}.
* </p> * </p>
* <p> * <p>
* If an {@link AccessDeniedException} is detected, the filter will determine * If an {@link AccessDeniedException} is detected, the filter will determine whether or not the user is an anonymous
* whether or not the user is an anonymous user. If they are an anonymous user, * user. If they are an anonymous user, the <code>authenticationEntryPoint</code> will be launched. If they are not
* the <code>authenticationEntryPoint</code> will be launched. If they are not * an anonymous user, the filter will delegate to the {@link org.acegisecurity.ui.AccessDeniedHandler}.
* an anonymous user, the filter will delegate to the * By default the filter will use {@link org.acegisecurity.ui.AccessDeniedHandlerImpl}.
* {@link org.acegisecurity.ui.AccessDeniedHandler}. By default the filter will
* use {@link org.acegisecurity.ui.AccessDeniedHandlerImpl}.
* </p> * </p>
* <p> * <p>
* To use this filter, it is necessary to specify the following properties: * To use this filter, it is necessary to specify the following properties:
@ -82,38 +78,30 @@ import javax.servlet.http.HttpServletResponse;
* <li><code>portResolver</code> is used to determine the "real" port that a * <li><code>portResolver</code> is used to determine the "real" port that a
* request was received on.</li> * request was received on.</li>
* </ul> * </ul>
* <P> * <p>
* <B>Do not use this class directly.</B> Instead configure * <b>Do not use this class directly.</b> Instead configure <code>web.xml</code> to use the
* <code>web.xml</code> to use the {@link * {@link org.acegisecurity.util.FilterToBeanProxy}.
* org.acegisecurity.util.FilterToBeanProxy}.
* </p> * </p>
* *
* @author Ben Alex * @author Ben Alex
* @author colin sampaleanu * @author colin sampaleanu
* @version $Id: ExceptionTranslationFilter.java 1496 2006-05-23 13:38:33Z * @version $Id$
* benalex $
*/ */
public class ExceptionTranslationFilter implements Filter, InitializingBean { public class ExceptionTranslationFilter implements Filter, InitializingBean {
// ~ Static fields/initializers
// ===================================================================================== //~ Static fields/initializers =====================================================================================
private static final Log logger = LogFactory.getLog(ExceptionTranslationFilter.class); private static final Log logger = LogFactory.getLog(ExceptionTranslationFilter.class);
// ~ Instance fields //~ Instance fields ================================================================================================
// ================================================================================================
private AccessDeniedHandler accessDeniedHandler;
private AccessDeniedHandler accessDeniedHandler = new AccessDeniedHandlerImpl();
private AuthenticationEntryPoint authenticationEntryPoint; private AuthenticationEntryPoint authenticationEntryPoint;
private AuthenticationTrustResolver authenticationTrustResolver = new AuthenticationTrustResolverImpl(); private AuthenticationTrustResolver authenticationTrustResolver = new AuthenticationTrustResolverImpl();
private PortResolver portResolver = new PortResolverImpl(); private PortResolver portResolver = new PortResolverImpl();
private boolean createSessionAllowed = true; private boolean createSessionAllowed = true;
// ~ Methods //~ Methods ========================================================================================================
// ========================================================================================================
public void afterPropertiesSet() throws Exception { public void afterPropertiesSet() throws Exception {
Assert.notNull(authenticationEntryPoint, "authenticationEntryPoint must be specified"); Assert.notNull(authenticationEntryPoint, "authenticationEntryPoint must be specified");
@ -121,37 +109,6 @@ public class ExceptionTranslationFilter implements Filter, InitializingBean {
Assert.notNull(authenticationTrustResolver, "authenticationTrustResolver must be specified"); Assert.notNull(authenticationTrustResolver, "authenticationTrustResolver must be specified");
} }
/**
* Introspects the <code>Applicationcontext</code> for the single instance
* of {@link AccessDeniedHandler}. If found invoke
* setAccessDeniedHandler(AccessDeniedHandler accessDeniedHandler) method by
* providing the found instance of accessDeniedHandler as a method
* parameter. If more than one instance of <code>AccessDeniedHandler</code>
* is found, the method throws <code>IllegalStateException</code>.
*
* @param applicationContext to locate the instance
*/
private void autoDetectAnyAccessDeniedHandlerAndUseIt(ApplicationContext applicationContext) {
Map map = applicationContext.getBeansOfType(AccessDeniedHandler.class);
if (map.size() > 1) {
throw new IllegalArgumentException(
"More than one AccessDeniedHandler beans detected please refer to the one using "
+ " [ accessDeniedBeanRef ] " + "attribute");
}
else if (map.size() == 1) {
AccessDeniedHandler handler = (AccessDeniedHandlerImpl) map.values().iterator().next();
setAccessDeniedHandler(handler);
}
else {
// create and use the default one specified as an instance variable.
accessDeniedHandler = new AccessDeniedHandlerImpl();
}
}
public void destroy() {
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
ServletException { ServletException {
if (!(request instanceof HttpServletRequest)) { if (!(request instanceof HttpServletRequest)) {
@ -231,16 +188,11 @@ public class ExceptionTranslationFilter implements Filter, InitializingBean {
} }
} }
public void init(FilterConfig filterConfig) throws ServletException {
}
/** /**
* If <code>true</code>, indicates that * If <code>true</code>, indicates that <code>SecurityEnforcementFilter</code> is permitted to store the target
* <code>SecurityEnforcementFilter</code> is permitted to store the target * URL and exception information in the <code>HttpSession</code> (the default).
* URL and exception information in the <code>HttpSession</code> (the * In situations where you do not wish to unnecessarily create <code>HttpSession</code>s - because the user agent
* default). In situations where you do not wish to unnecessarily create * will know the failed URL, such as with BASIC or Digest authentication - you may wish to
* <code>HttpSession</code>s - because the user agent will know the
* failed URL, such as with BASIC or Digest authentication - you may wish to
* set this property to <code>false</code>. Remember to also set the * set this property to <code>false</code>. Remember to also set the
* {@link org.acegisecurity.context.HttpSessionContextIntegrationFilter#allowSessionCreation} * {@link org.acegisecurity.context.HttpSessionContextIntegrationFilter#allowSessionCreation}
* to <code>false</code> if you set this property to <code>false</code>. * to <code>false</code> if you set this property to <code>false</code>.
@ -296,4 +248,10 @@ public class ExceptionTranslationFilter implements Filter, InitializingBean {
public void setPortResolver(PortResolver portResolver) { public void setPortResolver(PortResolver portResolver) {
this.portResolver = portResolver; this.portResolver = portResolver;
} }
public void init(FilterConfig filterConfig) throws ServletException {
}
public void destroy() {
}
} }