Clarify variable names

Issue gh-11327
This commit is contained in:
Josh Cummings 2022-07-07 13:24:01 -06:00
parent 696da87478
commit ec8c13392c
No known key found for this signature in database
GPG Key ID: A306A51F43B8E5A5
2 changed files with 23 additions and 21 deletions

View File

@ -133,11 +133,13 @@ public class DefaultFilterChainValidator implements FilterChainProxy.FilterChain
* interceptor
*/
private void checkLoginPageIsntProtected(FilterChainProxy fcp, List<Filter> filterStack) {
ExceptionTranslationFilter etf = getFilter(ExceptionTranslationFilter.class, filterStack);
if (etf == null || !(etf.getAuthenticationEntryPoint() instanceof LoginUrlAuthenticationEntryPoint)) {
ExceptionTranslationFilter exceptions = getFilter(ExceptionTranslationFilter.class, filterStack);
if (exceptions == null
|| !(exceptions.getAuthenticationEntryPoint() instanceof LoginUrlAuthenticationEntryPoint)) {
return;
}
String loginPage = ((LoginUrlAuthenticationEntryPoint) etf.getAuthenticationEntryPoint()).getLoginFormUrl();
String loginPage = ((LoginUrlAuthenticationEntryPoint) exceptions.getAuthenticationEntryPoint())
.getLoginFormUrl();
this.logger.info("Checking whether login URL '" + loginPage + "' is accessible with your configuration");
FilterInvocation loginRequest = new FilterInvocation(loginPage, "POST");
List<Filter> filters = null;
@ -158,28 +160,28 @@ public class DefaultFilterChainValidator implements FilterChainProxy.FilterChain
this.logger.debug("Default generated login page is in use");
return;
}
FilterSecurityInterceptor fsi = getFilter(FilterSecurityInterceptor.class, filters);
FilterInvocationSecurityMetadataSource fids = fsi.getSecurityMetadataSource();
FilterSecurityInterceptor authorizationInterceptor = getFilter(FilterSecurityInterceptor.class, filters);
FilterInvocationSecurityMetadataSource fids = authorizationInterceptor.getSecurityMetadataSource();
Collection<ConfigAttribute> attributes = fids.getAttributes(loginRequest);
if (attributes == null) {
this.logger.debug("No access attributes defined for login page URL");
if (fsi.isRejectPublicInvocations()) {
if (authorizationInterceptor.isRejectPublicInvocations()) {
this.logger.warn("FilterSecurityInterceptor is configured to reject public invocations."
+ " Your login page may not be accessible.");
}
return;
}
AnonymousAuthenticationFilter anonPF = getFilter(AnonymousAuthenticationFilter.class, filters);
if (anonPF == null) {
AnonymousAuthenticationFilter anonymous = getFilter(AnonymousAuthenticationFilter.class, filters);
if (anonymous == null) {
this.logger.warn("The login page is being protected by the filter chain, but you don't appear to have"
+ " anonymous authentication enabled. This is almost certainly an error.");
return;
}
// Simulate an anonymous access with the supplied attributes.
AnonymousAuthenticationToken token = new AnonymousAuthenticationToken("key", anonPF.getPrincipal(),
anonPF.getAuthorities());
AnonymousAuthenticationToken token = new AnonymousAuthenticationToken("key", anonymous.getPrincipal(),
anonymous.getAuthorities());
try {
fsi.getAccessDecisionManager().decide(token, loginRequest, attributes);
authorizationInterceptor.getAccessDecisionManager().decide(token, loginRequest, attributes);
}
catch (AccessDeniedException ex) {
this.logger.warn("Anonymous access to the login page doesn't appear to be enabled. "

View File

@ -53,7 +53,7 @@ public class DefaultFilterChainValidatorTests {
private DefaultFilterChainValidator validator;
private FilterChainProxy fcp;
private FilterChainProxy chain;
@Mock
private Log logger;
@ -64,19 +64,19 @@ public class DefaultFilterChainValidatorTests {
@Mock
private AccessDecisionManager accessDecisionManager;
private FilterSecurityInterceptor fsi;
private FilterSecurityInterceptor authorizationInterceptor;
@BeforeEach
public void setUp() {
AnonymousAuthenticationFilter aaf = new AnonymousAuthenticationFilter("anonymous");
this.fsi = new FilterSecurityInterceptor();
this.fsi.setAccessDecisionManager(this.accessDecisionManager);
this.fsi.setSecurityMetadataSource(this.metadataSource);
this.authorizationInterceptor = new FilterSecurityInterceptor();
this.authorizationInterceptor.setAccessDecisionManager(this.accessDecisionManager);
this.authorizationInterceptor.setSecurityMetadataSource(this.metadataSource);
AuthenticationEntryPoint authenticationEntryPoint = new LoginUrlAuthenticationEntryPoint("/login");
ExceptionTranslationFilter etf = new ExceptionTranslationFilter(authenticationEntryPoint);
DefaultSecurityFilterChain securityChain = new DefaultSecurityFilterChain(AnyRequestMatcher.INSTANCE, aaf, etf,
this.fsi);
this.fcp = new FilterChainProxy(securityChain);
this.authorizationInterceptor);
this.chain = new FilterChainProxy(securityChain);
this.validator = new DefaultFilterChainValidator();
ReflectionTestUtils.setField(this.validator, "logger", this.logger);
}
@ -88,7 +88,7 @@ public class DefaultFilterChainValidatorTests {
IllegalArgumentException toBeThrown = new IllegalArgumentException("failed to eval expression");
willThrow(toBeThrown).given(this.accessDecisionManager).decide(any(Authentication.class), anyObject(),
any(Collection.class));
this.validator.validate(this.fcp);
this.validator.validate(this.chain);
verify(this.logger).info(
"Unable to check access to the login page to determine if anonymous access is allowed. This might be an error, but can happen under normal circumstances.",
toBeThrown);
@ -99,8 +99,8 @@ public class DefaultFilterChainValidatorTests {
public void validateCustomMetadataSource() {
FilterInvocationSecurityMetadataSource customMetaDataSource = mock(
FilterInvocationSecurityMetadataSource.class);
this.fsi.setSecurityMetadataSource(customMetaDataSource);
this.validator.validate(this.fcp);
this.authorizationInterceptor.setSecurityMetadataSource(customMetaDataSource);
this.validator.validate(this.chain);
verify(customMetaDataSource).getAttributes(any());
}