diff --git a/cas/src/test/java/org/springframework/security/cas/web/CasProcessingFilterTests.java b/cas/src/test/java/org/springframework/security/cas/web/CasProcessingFilterTests.java index f074444e9f..7e0a6e36de 100644 --- a/cas/src/test/java/org/springframework/security/cas/web/CasProcessingFilterTests.java +++ b/cas/src/test/java/org/springframework/security/cas/web/CasProcessingFilterTests.java @@ -48,7 +48,6 @@ public class CasProcessingFilterTests extends TestCase { CasProcessingFilter filter = new CasProcessingFilter(); filter.setAuthenticationManager(authMgr); - filter.init(null); Authentication result = filter.attemptAuthentication(request, new MockHttpServletResponse()); assertTrue(result != null); @@ -62,7 +61,6 @@ public class CasProcessingFilterTests extends TestCase { CasProcessingFilter filter = new CasProcessingFilter(); filter.setAuthenticationManager(authMgr); - filter.init(null); try { filter.attemptAuthentication(request, new MockHttpServletResponse()); diff --git a/config/pom.xml b/config/pom.xml index 2fed32272b..91c7ef7170 100644 --- a/config/pom.xml +++ b/config/pom.xml @@ -58,7 +58,6 @@ org.springframework spring-web - test org.apache.directory.server diff --git a/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java b/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java index c0a1ba5450..e8b5d50028 100644 --- a/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java +++ b/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java @@ -22,28 +22,28 @@ import org.springframework.security.web.context.SecurityContextPersistenceFilter import org.springframework.security.web.session.SessionManagementFilter; import org.springframework.security.web.wrapper.SecurityContextHolderAwareRequestFilter; -public class DefaultFilterChainValidator implements FilterChainProxy.FilterChainValidator{ +public class DefaultFilterChainValidator implements FilterChainProxy.FilterChainValidator { private Log logger = LogFactory.getLog(getClass()); - public void validate(FilterChainProxy fcp) { - Map> filterChainMap = fcp.getFilterChainMap(); - for(String pattern : fcp.getFilterChainMap().keySet()) { - List filters = filterChainMap.get(pattern); - checkFilterStack(filters); - } + public void validate(FilterChainProxy fcp) { + Map> filterChainMap = fcp.getFilterChainMap(); + for(String pattern : fcp.getFilterChainMap().keySet()) { + List filters = filterChainMap.get(pattern); + checkFilterStack(filters); + } - checkLoginPageIsntProtected(fcp, filterChainMap.get(fcp.getMatcher().getUniversalMatchPattern())); - } + checkLoginPageIsntProtected(fcp, filterChainMap.get(fcp.getMatcher().getUniversalMatchPattern())); + } private Object getFilter(Class type, List filters) { - for (Filter f : filters) { - if (type.isAssignableFrom(f.getClass())) { - return f; - } - } + for (Filter f : filters) { + if (type.isAssignableFrom(f.getClass())) { + return f; + } + } - return null; + return null; } /** @@ -78,7 +78,7 @@ public class DefaultFilterChainValidator implements FilterChainProxy.FilterChain /* Checks for the common error of having a login page URL protected by the security interceptor */ private void checkLoginPageIsntProtected(FilterChainProxy fcp, List defaultFilters) { - ExceptionTranslationFilter etf = (ExceptionTranslationFilter)getFilter(ExceptionTranslationFilter.class, defaultFilters); + ExceptionTranslationFilter etf = (ExceptionTranslationFilter)getFilter(ExceptionTranslationFilter.class, defaultFilters); if (etf.getAuthenticationEntryPoint() instanceof LoginUrlAuthenticationEntryPoint) { String loginPage = @@ -129,7 +129,4 @@ public class DefaultFilterChainValidator implements FilterChainProxy.FilterChain } } } - - - } diff --git a/config/src/test/java/org/springframework/security/config/FilterChainProxyConfigTests.java b/config/src/test/java/org/springframework/security/config/FilterChainProxyConfigTests.java index 1850afdced..610b52e1a1 100644 --- a/config/src/test/java/org/springframework/security/config/FilterChainProxyConfigTests.java +++ b/config/src/test/java/org/springframework/security/config/FilterChainProxyConfigTests.java @@ -17,13 +17,13 @@ package org.springframework.security.config; import static org.junit.Assert.*; import static org.mockito.Matchers.any; -import static org.mockito.Mockito.*; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.verify; import java.util.List; import javax.servlet.Filter; import javax.servlet.FilterChain; -import javax.servlet.FilterConfig; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -136,8 +136,6 @@ public class FilterChainProxyConfigTests { } private void doNormalOperation(FilterChainProxy filterChainProxy) throws Exception { - filterChainProxy.init(mock(FilterConfig.class)); - MockHttpServletRequest request = new MockHttpServletRequest(); request.setServletPath("/foo/secure/super/somefile.html"); @@ -151,7 +149,5 @@ public class FilterChainProxyConfigTests { chain = mock(FilterChain.class); filterChainProxy.doFilter(request, response, chain); verify(chain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); - - filterChainProxy.destroy(); } } diff --git a/ntlm/src/main/java/org/springframework/security/ui/ntlm/NtlmProcessingFilter.java b/ntlm/src/main/java/org/springframework/security/ui/ntlm/NtlmProcessingFilter.java index 79cfc5e5e6..3f45676ae0 100755 --- a/ntlm/src/main/java/org/springframework/security/ui/ntlm/NtlmProcessingFilter.java +++ b/ntlm/src/main/java/org/springframework/security/ui/ntlm/NtlmProcessingFilter.java @@ -22,6 +22,8 @@ import java.util.Properties; import javax.servlet.FilterChain; import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; @@ -40,7 +42,6 @@ import jcifs.util.Base64; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.springframework.beans.factory.InitializingBean; import org.springframework.security.authentication.AnonymousAuthenticationToken; import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException; import org.springframework.security.authentication.AuthenticationDetailsSource; @@ -51,10 +52,10 @@ import org.springframework.security.authentication.UsernamePasswordAuthenticatio import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.security.web.SpringSecurityFilter; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationProcessingFilter; import org.springframework.security.web.authentication.WebAuthenticationDetailsSource; import org.springframework.util.Assert; +import org.springframework.web.filter.GenericFilterBean; /** * A clean-room implementation for Spring Security of an NTLM HTTP filter @@ -81,7 +82,7 @@ import org.springframework.util.Assert; * @author Edward Smith * @version $Id$ */ -public class NtlmProcessingFilter extends SpringSecurityFilter implements InitializingBean { +public class NtlmProcessingFilter extends GenericFilterBean { //~ Static fields/initializers ===================================================================================== private static Log logger = LogFactory.getLog(NtlmProcessingFilter.class); @@ -120,7 +121,8 @@ public class NtlmProcessingFilter extends SpringSecurityFilter implements Initia * Ensures an AuthenticationManager and authentication failure * URL have been provided in the bean configuration file. */ - public void afterPropertiesSet() throws Exception { + @Override + public void afterPropertiesSet() { Assert.notNull(this.authenticationManager, "An AuthenticationManager is required"); // Default to 5 minutes if not already specified @@ -304,8 +306,10 @@ public class NtlmProcessingFilter extends SpringSecurityFilter implements Initia this.authenticationDetailsSource = authenticationDetailsSource; } - protected void doFilterHttp(final HttpServletRequest request, - final HttpServletResponse response, final FilterChain chain) throws IOException, ServletException { + public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) + throws IOException, ServletException { + HttpServletRequest request = (HttpServletRequest) req; + HttpServletResponse response = (HttpServletResponse) res; final HttpSession session = request.getSession(); Integer ntlmState = (Integer) session.getAttribute(STATE_ATTR); diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationProcessingFilter.java b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationProcessingFilter.java index ecd9c5ba9e..7eb6208841 100644 --- a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationProcessingFilter.java +++ b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationProcessingFilter.java @@ -25,6 +25,7 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; +import org.openid4java.consumer.ConsumerException; import org.springframework.security.authentication.AuthenticationServiceException; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; @@ -81,10 +82,15 @@ public class OpenIDAuthenticationProcessingFilter extends AbstractAuthentication //~ Methods ======================================================================================================== - public void afterPropertiesSet() throws Exception { + @Override + public void afterPropertiesSet() { super.afterPropertiesSet(); if (consumer == null) { - consumer = new OpenID4JavaConsumer(); + try { + consumer = new OpenID4JavaConsumer(); + } catch (ConsumerException e) { + throw new IllegalArgumentException("Failed to initialize OpenID", e); + } } } diff --git a/web/src/main/java/org/springframework/security/web/FilterChainProxy.java b/web/src/main/java/org/springframework/security/web/FilterChainProxy.java index 64ca5f049b..5f104c9c22 100644 --- a/web/src/main/java/org/springframework/security/web/FilterChainProxy.java +++ b/web/src/main/java/org/springframework/security/web/FilterChainProxy.java @@ -33,12 +33,12 @@ import javax.servlet.ServletResponse; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.springframework.beans.factory.InitializingBean; import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource; import org.springframework.security.web.util.AntUrlPathMatcher; import org.springframework.security.web.util.UrlMatcher; import org.springframework.util.Assert; import org.springframework.web.filter.DelegatingFilterProxy; +import org.springframework.web.filter.GenericFilterBean; /** @@ -104,7 +104,7 @@ import org.springframework.web.filter.DelegatingFilterProxy; * * @version $Id$ */ -public class FilterChainProxy implements Filter, InitializingBean { +public class FilterChainProxy extends GenericFilterBean { //~ Static fields/initializers ===================================================================================== private static final Log logger = LogFactory.getLog(FilterChainProxy.class); @@ -123,35 +123,12 @@ public class FilterChainProxy implements Filter, InitializingBean { //~ Methods ======================================================================================================== - public void afterPropertiesSet() throws Exception { + @Override + public void afterPropertiesSet() { Assert.notNull(uncompiledFilterChainMap, "filterChainMap must be set"); filterChainValidator.validate(this); } - public void init(FilterConfig filterConfig) throws ServletException { - for (Filter filter : obtainAllDefinedFilters()) { - if (filter != null) { - if (logger.isDebugEnabled()) { - logger.debug("Initializing Filter defined in ApplicationContext: '" + filter + "'"); - } - - filter.init(filterConfig); - } - } - } - - public void destroy() { - for (Filter filter : obtainAllDefinedFilters()) { - if (filter != null) { - if (logger.isDebugEnabled()) { - logger.debug("Destroying Filter defined in ApplicationContext: '" + filter + "'"); - } - - filter.destroy(); - } - } - } - public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { @@ -324,10 +301,10 @@ public class FilterChainProxy implements Filter, InitializingBean { * @param filterChainValidator */ public void setFilterChainValidator(FilterChainValidator filterChainValidator) { - this.filterChainValidator = filterChainValidator; - } + this.filterChainValidator = filterChainValidator; + } - public String toString() { + public String toString() { StringBuffer sb = new StringBuffer(); sb.append("FilterChainProxy["); sb.append(" UrlMatcher = ").append(matcher); @@ -382,12 +359,12 @@ public class FilterChainProxy implements Filter, InitializingBean { } public interface FilterChainValidator { - void validate(FilterChainProxy filterChainProxy); + void validate(FilterChainProxy filterChainProxy); } private class NullFilterChainValidator implements FilterChainValidator { - public void validate(FilterChainProxy filterChainProxy) { - } + public void validate(FilterChainProxy filterChainProxy) { + } } } diff --git a/web/src/main/java/org/springframework/security/web/SpringSecurityFilter.java b/web/src/main/java/org/springframework/security/web/SpringSecurityFilter.java deleted file mode 100644 index d57c99d7e9..0000000000 --- a/web/src/main/java/org/springframework/security/web/SpringSecurityFilter.java +++ /dev/null @@ -1,61 +0,0 @@ -package org.springframework.security.web; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.springframework.core.Ordered; - - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.ServletException; -import javax.servlet.FilterChain; -import javax.servlet.ServletResponse; -import javax.servlet.FilterConfig; -import javax.servlet.ServletRequest; -import javax.servlet.Filter; -import java.io.IOException; - -/** - * Implements Ordered interface as required by security namespace configuration and implements unused filter - * lifecycle methods and performs casting of request and response to http versions in doFilter method. - * - * @author Luke Taylor - * @version $Id$ - */ -public abstract class SpringSecurityFilter implements Filter, Ordered { - protected final Log logger = LogFactory.getLog(this.getClass()); - private int order; - - /** - * Does nothing. We use IoC container lifecycle services instead. - * - * @param filterConfig ignored - * @throws ServletException ignored - */ - public final void init(FilterConfig filterConfig) throws ServletException { - } - - /** - * Does nothing. We use IoC container lifecycle services instead. - */ - public final void destroy() { - } - - public final void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { - doFilterHttp((HttpServletRequest)request, (HttpServletResponse)response, chain); - } - - protected abstract void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException; - - public final int getOrder() { - return order; - } - - public void setOrder(int order) { - this.order = order; - } - - public String toString() { - return getClass().getName() + "[ order=" + getOrder() + "; ]"; - } -} diff --git a/web/src/main/java/org/springframework/security/web/access/ExceptionTranslationFilter.java b/web/src/main/java/org/springframework/security/web/access/ExceptionTranslationFilter.java index bebfd96b91..5e71abada3 100644 --- a/web/src/main/java/org/springframework/security/web/access/ExceptionTranslationFilter.java +++ b/web/src/main/java/org/springframework/security/web/access/ExceptionTranslationFilter.java @@ -19,10 +19,11 @@ import java.io.IOException; import javax.servlet.FilterChain; import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.springframework.beans.factory.InitializingBean; import org.springframework.security.access.AccessDeniedException; import org.springframework.security.authentication.AuthenticationTrustResolver; import org.springframework.security.authentication.AuthenticationTrustResolverImpl; @@ -30,12 +31,12 @@ import org.springframework.security.authentication.InsufficientAuthenticationExc import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.web.AuthenticationEntryPoint; -import org.springframework.security.web.SpringSecurityFilter; import org.springframework.security.web.savedrequest.HttpSessionRequestCache; import org.springframework.security.web.savedrequest.RequestCache; import org.springframework.security.web.util.ThrowableAnalyzer; import org.springframework.security.web.util.ThrowableCauseExtractor; import org.springframework.util.Assert; +import org.springframework.web.filter.GenericFilterBean; /** * Handles any AccessDeniedException and AuthenticationException thrown within the @@ -68,7 +69,7 @@ import org.springframework.util.Assert; * @author colin sampaleanu * @version $Id$ */ -public class ExceptionTranslationFilter extends SpringSecurityFilter implements InitializingBean { +public class ExceptionTranslationFilter extends GenericFilterBean { //~ Instance fields ================================================================================================ @@ -82,13 +83,16 @@ public class ExceptionTranslationFilter extends SpringSecurityFilter implements //~ Methods ======================================================================================================== - public void afterPropertiesSet() throws Exception { + @Override + public void afterPropertiesSet() { Assert.notNull(authenticationEntryPoint, "authenticationEntryPoint must be specified"); // Assert.notNull(portResolver, "portResolver must be specified"); } - public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, - ServletException { + public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) + throws IOException, ServletException { + HttpServletRequest request = (HttpServletRequest) req; + HttpServletResponse response = (HttpServletResponse) res; try { chain.doFilter(request, response); diff --git a/web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessingFilter.java b/web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessingFilter.java index b43ee300dc..c1c585b4ef 100644 --- a/web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessingFilter.java +++ b/web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessingFilter.java @@ -23,15 +23,16 @@ import java.util.Set; import javax.servlet.FilterChain; import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.springframework.beans.factory.InitializingBean; import org.springframework.security.access.ConfigAttribute; import org.springframework.security.web.FilterInvocation; -import org.springframework.security.web.SpringSecurityFilter; import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource; import org.springframework.util.Assert; +import org.springframework.web.filter.GenericFilterBean; /** @@ -45,7 +46,7 @@ import org.springframework.util.Assert; * @author Ben Alex * @version $Id$ */ -public class ChannelProcessingFilter extends SpringSecurityFilter implements InitializingBean { +public class ChannelProcessingFilter extends GenericFilterBean { //~ Instance fields ================================================================================================ @@ -54,7 +55,8 @@ public class ChannelProcessingFilter extends SpringSecurityFilter implements Ini //~ Methods ======================================================================================================== - public void afterPropertiesSet() throws Exception { + @Override + public void afterPropertiesSet() { Assert.notNull(securityMetadataSource, "securityMetadataSource must be specified"); Assert.notNull(channelDecisionManager, "channelDecisionManager must be specified"); @@ -86,8 +88,10 @@ public class ChannelProcessingFilter extends SpringSecurityFilter implements Ini } } - public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) + public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { + HttpServletRequest request = (HttpServletRequest) req; + HttpServletResponse response = (HttpServletResponse) res; FilterInvocation fi = new FilterInvocation(request, response, chain); List attr = this.securityMetadataSource.getAttributes(fi); diff --git a/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java index df056722a9..9a12e552e4 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java +++ b/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java @@ -19,11 +19,12 @@ import java.io.IOException; import javax.servlet.FilterChain; import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; -import org.springframework.beans.factory.InitializingBean; import org.springframework.context.ApplicationEventPublisher; import org.springframework.context.ApplicationEventPublisherAware; import org.springframework.context.MessageSource; @@ -36,11 +37,11 @@ import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.SpringSecurityMessageSource; import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.security.web.SpringSecurityFilter; import org.springframework.security.web.session.AuthenticatedSessionStrategy; import org.springframework.security.web.session.NullAuthenticatedSessionStrategy; import org.springframework.security.web.util.UrlUtils; import org.springframework.util.Assert; +import org.springframework.web.filter.GenericFilterBean; /** * Abstract processor of browser-based HTTP-based authentication requests. @@ -102,7 +103,7 @@ import org.springframework.util.Assert; * @author Ben Alex * @version $Id$ */ -public abstract class AbstractAuthenticationProcessingFilter extends SpringSecurityFilter implements InitializingBean, +public abstract class AbstractAuthenticationProcessingFilter extends GenericFilterBean implements ApplicationEventPublisherAware, MessageSourceAware { //~ Static fields/initializers ===================================================================================== @@ -147,7 +148,8 @@ public abstract class AbstractAuthenticationProcessingFilter extends SpringSecur //~ Methods ======================================================================================================== - public void afterPropertiesSet() throws Exception { + @Override + public void afterPropertiesSet() { Assert.hasLength(filterProcessesUrl, "filterProcessesUrl must be specified"); Assert.isTrue(UrlUtils.isValidRedirectUrl(filterProcessesUrl), filterProcessesUrl + " isn't a valid redirect URL"); Assert.notNull(authenticationManager, "authenticationManager must be specified"); @@ -176,9 +178,12 @@ public abstract class AbstractAuthenticationProcessingFilter extends SpringSecur * by this method where the returned Authentication object is not null. * */ - public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) + public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { + HttpServletRequest request = (HttpServletRequest) req; + HttpServletResponse response = (HttpServletResponse) res; + if (!requiresAuthentication(request, response)) { chain.doFilter(request, response); diff --git a/web/src/main/java/org/springframework/security/web/authentication/AnonymousProcessingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/AnonymousProcessingFilter.java index 2437e6fb25..e0354476ca 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/AnonymousProcessingFilter.java +++ b/web/src/main/java/org/springframework/security/web/authentication/AnonymousProcessingFilter.java @@ -20,6 +20,8 @@ import java.io.IOException; import javax.servlet.FilterChain; import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -29,8 +31,8 @@ import org.springframework.security.authentication.AuthenticationDetailsSource; import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.userdetails.memory.UserAttribute; -import org.springframework.security.web.SpringSecurityFilter; import org.springframework.util.Assert; +import org.springframework.web.filter.GenericFilterBean; /** @@ -40,7 +42,7 @@ import org.springframework.util.Assert; * @author Ben Alex * @version $Id$ */ -public class AnonymousProcessingFilter extends SpringSecurityFilter implements InitializingBean { +public class AnonymousProcessingFilter extends GenericFilterBean implements InitializingBean { //~ Instance fields ================================================================================================ @@ -51,7 +53,8 @@ public class AnonymousProcessingFilter extends SpringSecurityFilter implements //~ Methods ======================================================================================================== - public void afterPropertiesSet() throws Exception { + @Override + public void afterPropertiesSet() { Assert.notNull(userAttribute); Assert.hasLength(key); } @@ -79,7 +82,11 @@ public class AnonymousProcessingFilter extends SpringSecurityFilter implements return auth; } - protected void doFilterHttp(HttpServletRequest request,HttpServletResponse response, FilterChain chain) throws IOException, ServletException { + public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) + throws IOException, ServletException { + HttpServletRequest request = (HttpServletRequest) req; + HttpServletResponse response = (HttpServletResponse) res; + boolean addedToken = false; if (applyAnonymousForThisRequest(request)) { diff --git a/web/src/main/java/org/springframework/security/web/authentication/concurrent/ConcurrentSessionFilter.java b/web/src/main/java/org/springframework/security/web/authentication/concurrent/ConcurrentSessionFilter.java index 82c9f03619..4fd3c2642f 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/concurrent/ConcurrentSessionFilter.java +++ b/web/src/main/java/org/springframework/security/web/authentication/concurrent/ConcurrentSessionFilter.java @@ -19,20 +19,21 @@ import java.io.IOException; import javax.servlet.FilterChain; import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; -import org.springframework.beans.factory.InitializingBean; import org.springframework.security.authentication.concurrent.SessionInformation; import org.springframework.security.authentication.concurrent.SessionRegistry; import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.security.web.SpringSecurityFilter; import org.springframework.security.web.authentication.logout.LogoutHandler; import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler; import org.springframework.security.web.util.UrlUtils; import org.springframework.util.Assert; +import org.springframework.web.filter.GenericFilterBean; /** @@ -52,7 +53,7 @@ import org.springframework.util.Assert; * @author Ben Alex * @version $Id$ */ -public class ConcurrentSessionFilter extends SpringSecurityFilter implements InitializingBean { +public class ConcurrentSessionFilter extends GenericFilterBean { //~ Instance fields ================================================================================================ private SessionRegistry sessionRegistry; @@ -61,14 +62,17 @@ public class ConcurrentSessionFilter extends SpringSecurityFilter implements Ini //~ Methods ======================================================================================================== - public void afterPropertiesSet() throws Exception { + @Override + public void afterPropertiesSet() { Assert.notNull(sessionRegistry, "SessionRegistry required"); Assert.isTrue(expiredUrl == null || UrlUtils.isValidRedirectUrl(expiredUrl), expiredUrl + " isn't a valid redirect URL"); } - public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) + public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { + HttpServletRequest request = (HttpServletRequest) req; + HttpServletResponse response = (HttpServletResponse) res; HttpSession session = request.getSession(false); diff --git a/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutFilter.java b/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutFilter.java index d47caf7cf2..8765fe3de8 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutFilter.java +++ b/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutFilter.java @@ -21,15 +21,17 @@ import java.util.List; import javax.servlet.FilterChain; import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.security.web.SpringSecurityFilter; import org.springframework.security.web.util.UrlUtils; import org.springframework.util.Assert; import org.springframework.util.StringUtils; +import org.springframework.web.filter.GenericFilterBean; /** * Logs a principal out. @@ -44,7 +46,7 @@ import org.springframework.util.StringUtils; * @author Ben Alex * @version $Id$ */ -public class LogoutFilter extends SpringSecurityFilter { +public class LogoutFilter extends GenericFilterBean { //~ Instance fields ================================================================================================ @@ -79,8 +81,10 @@ public class LogoutFilter extends SpringSecurityFilter { //~ Methods ======================================================================================================== - public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, - ServletException { + public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) + throws IOException, ServletException { + HttpServletRequest request = (HttpServletRequest) req; + HttpServletResponse response = (HttpServletResponse) res; if (requiresLogout(request, response)) { Authentication auth = SecurityContextHolder.getContext().getAuthentication(); diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.java index 6b2a48a06e..14127c135a 100755 --- a/web/src/main/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.java +++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.java @@ -4,39 +4,41 @@ import java.io.IOException; import javax.servlet.FilterChain; import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.springframework.security.web.SpringSecurityFilter; -import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter; -import org.springframework.security.web.authentication.WebAuthenticationDetailsSource; +import org.springframework.beans.factory.InitializingBean; +import org.springframework.context.ApplicationEventPublisher; +import org.springframework.context.ApplicationEventPublisherAware; import org.springframework.security.authentication.AuthenticationDetailsSource; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.event.InteractiveAuthenticationSuccessEvent; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.beans.factory.InitializingBean; -import org.springframework.context.ApplicationEventPublisher; -import org.springframework.context.ApplicationEventPublisherAware; +import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter; +import org.springframework.security.web.authentication.WebAuthenticationDetailsSource; import org.springframework.util.Assert; +import org.springframework.web.filter.GenericFilterBean; /** * Base class for processing filters that handle pre-authenticated authentication requests. Subclasses must implement * the getPreAuthenticatedPrincipal() and getPreAuthenticatedCredentials() methods. *

- * By default, the filter chain will proceed when an authentication attempt fails in order to allow other + * By default, the filter chain will proceed when an authentication attempt fails in order to allow other * authentication mechanisms to process the request. To reject the credentials immediately, set the * continueFilterChainOnUnsuccessfulAuthentication flag to false. The exception raised by the * AuthenticationManager will the be re-thrown. Note that this will not affect cases where the principal * returned by {@link #getPreAuthenticatedPrincipal} is null, when the chain will still proceed as normal. - * + * * * @author Luke Taylor * @author Ruud Senden * @since 2.0 */ -public abstract class AbstractPreAuthenticatedProcessingFilter extends SpringSecurityFilter implements +public abstract class AbstractPreAuthenticatedProcessingFilter extends GenericFilterBean implements InitializingBean, ApplicationEventPublisherAware { private ApplicationEventPublisher eventPublisher = null; @@ -44,28 +46,31 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends SpringSec private AuthenticationDetailsSource authenticationDetailsSource = new WebAuthenticationDetailsSource(); private AuthenticationManager authenticationManager = null; - + private boolean continueFilterChainOnUnsuccessfulAuthentication = true; /** * Check whether all required properties have been set. */ - public void afterPropertiesSet() throws Exception { + @Override + public void afterPropertiesSet() { Assert.notNull(authenticationManager, "An AuthenticationManager must be set"); } /** * Try to authenticate a pre-authenticated user with Spring Security if the user has not yet been authenticated. */ - public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException { + public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) + throws IOException, ServletException { + if (logger.isDebugEnabled()) { logger.debug("Checking secure context token: " + SecurityContextHolder.getContext().getAuthentication()); } if (SecurityContextHolder.getContext().getAuthentication() == null) { - doAuthenticate(request, response); + doAuthenticate((HttpServletRequest) request, (HttpServletResponse) response); } - filterChain.doFilter(request, response); + chain.doFilter(request, response); } /** @@ -82,7 +87,7 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends SpringSec logger.debug("No pre-authenticated principal found in request"); } - return; + return; } if (logger.isDebugEnabled()) { @@ -96,7 +101,7 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends SpringSec successfulAuthentication(request, response, authResult); } catch (AuthenticationException failed) { unsuccessfulAuthentication(request, response, failed); - + if (!continueFilterChainOnUnsuccessfulAuthentication) { throw failed; } @@ -155,19 +160,19 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends SpringSec public void setAuthenticationManager(AuthenticationManager authenticationManager) { this.authenticationManager = authenticationManager; } - + public void setContinueFilterChainOnUnsuccessfulAuthentication(boolean shouldContinue) { continueFilterChainOnUnsuccessfulAuthentication = shouldContinue; } /** - * Override to extract the principal information from the current request + * Override to extract the principal information from the current request */ protected abstract Object getPreAuthenticatedPrincipal(HttpServletRequest request); /** * Override to extract the credentials (if applicable) from the current request. Some implementations * may return a dummy value. - */ + */ protected abstract Object getPreAuthenticatedCredentials(HttpServletRequest request); } diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/RememberMeProcessingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/RememberMeProcessingFilter.java index b17f860047..11341c1400 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/RememberMeProcessingFilter.java +++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/RememberMeProcessingFilter.java @@ -19,10 +19,11 @@ import java.io.IOException; import javax.servlet.FilterChain; import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.springframework.beans.factory.InitializingBean; import org.springframework.context.ApplicationEventPublisher; import org.springframework.context.ApplicationEventPublisherAware; import org.springframework.security.authentication.AuthenticationManager; @@ -30,9 +31,9 @@ import org.springframework.security.authentication.event.InteractiveAuthenticati import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.security.web.SpringSecurityFilter; import org.springframework.security.web.authentication.RememberMeServices; import org.springframework.util.Assert; +import org.springframework.web.filter.GenericFilterBean; /** @@ -52,8 +53,7 @@ import org.springframework.util.Assert; * @author Ben Alex * @version $Id$ */ -public class RememberMeProcessingFilter extends SpringSecurityFilter implements InitializingBean, - ApplicationEventPublisherAware { +public class RememberMeProcessingFilter extends GenericFilterBean implements ApplicationEventPublisherAware { //~ Instance fields ================================================================================================ @@ -63,13 +63,16 @@ public class RememberMeProcessingFilter extends SpringSecurityFilter implements //~ Methods ======================================================================================================== - public void afterPropertiesSet() throws Exception { + @Override + public void afterPropertiesSet() { Assert.notNull(authenticationManager, "authenticationManager must be specified"); Assert.notNull(rememberMeServices, "rememberMeServices must be specified"); } - public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) - throws IOException, ServletException { + public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) + throws IOException, ServletException { + HttpServletRequest request = (HttpServletRequest) req; + HttpServletResponse response = (HttpServletResponse) res; if (SecurityContextHolder.getContext().getAuthentication() == null) { Authentication rememberMeAuth = rememberMeServices.autoLogin(request, response); diff --git a/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserProcessingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserProcessingFilter.java index 05a219d79c..d5908093b0 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserProcessingFilter.java +++ b/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserProcessingFilter.java @@ -21,11 +21,12 @@ import java.util.List; import javax.servlet.FilterChain; import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.springframework.beans.BeansException; -import org.springframework.beans.factory.InitializingBean; import org.springframework.context.ApplicationEventPublisher; import org.springframework.context.ApplicationEventPublisherAware; import org.springframework.context.MessageSource; @@ -48,7 +49,6 @@ import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsChecker; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; -import org.springframework.security.web.SpringSecurityFilter; import org.springframework.security.web.authentication.AuthenticationFailureHandler; import org.springframework.security.web.authentication.AuthenticationSuccessHandler; import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler; @@ -57,6 +57,7 @@ import org.springframework.security.web.authentication.WebAuthenticationDetailsS import org.springframework.security.web.util.UrlUtils; import org.springframework.util.Assert; import org.springframework.util.StringUtils; +import org.springframework.web.filter.GenericFilterBean; /** @@ -97,8 +98,8 @@ import org.springframework.util.StringUtils; * * @see org.springframework.security.web.authentication.switchuser.SwitchUserGrantedAuthority */ -public class SwitchUserProcessingFilter extends SpringSecurityFilter implements InitializingBean, - ApplicationEventPublisherAware, MessageSourceAware { +public class SwitchUserProcessingFilter extends GenericFilterBean implements ApplicationEventPublisherAware, + MessageSourceAware { //~ Static fields/initializers ===================================================================================== public static final String SPRING_SECURITY_SWITCH_USERNAME_KEY = "j_username"; @@ -121,7 +122,8 @@ public class SwitchUserProcessingFilter extends SpringSecurityFilter implements //~ Methods ======================================================================================================== - public void afterPropertiesSet() throws Exception { + @Override + public void afterPropertiesSet() { Assert.notNull(userDetailsService, "userDetailsService must be specified"); Assert.isTrue(successHandler != null || targetUrl != null, "You must set either a successHandler or the targetUrl"); if (targetUrl != null) { @@ -137,8 +139,10 @@ public class SwitchUserProcessingFilter extends SpringSecurityFilter implements } } - public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) + public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { + HttpServletRequest request = (HttpServletRequest) req; + HttpServletResponse response = (HttpServletResponse) res; // check for switch or exit request if (requiresSwitchUser(request)) { diff --git a/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java index 40cb32dc67..836637b9d8 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java +++ b/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java @@ -4,16 +4,18 @@ import java.io.IOException; import javax.servlet.FilterChain; import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import org.springframework.beans.BeanWrapperImpl; import org.springframework.security.core.AuthenticationException; -import org.springframework.security.web.SpringSecurityFilter; import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationProcessingFilter; import org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices; +import org.springframework.web.filter.GenericFilterBean; /** * For internal use with namespace configuration in the case where a user doesn't configure a login page. @@ -25,7 +27,7 @@ import org.springframework.security.web.authentication.rememberme.AbstractRememb * @version $Id$ * @since 2.0 */ -public class DefaultLoginPageGeneratingFilter extends SpringSecurityFilter { +public class DefaultLoginPageGeneratingFilter extends GenericFilterBean { public static final String DEFAULT_LOGIN_PAGE_URL = "/spring_security_login"; public static final String ERROR_PARAMETER_NAME = "login_error"; boolean formLoginEnabled; @@ -73,7 +75,11 @@ public class DefaultLoginPageGeneratingFilter extends SpringSecurityFilter { } } - protected void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException { + public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) + throws IOException, ServletException { + HttpServletRequest request = (HttpServletRequest) req; + HttpServletResponse response = (HttpServletResponse) res; + if (isLoginUrlRequest(request)) { String loginPageHtml = generateLoginPageHtml(request); response.setContentType("text/html;charset=UTF-8"); diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/BasicProcessingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/www/BasicProcessingFilter.java index a5cb098c3d..938f47836f 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/www/BasicProcessingFilter.java +++ b/web/src/main/java/org/springframework/security/web/authentication/www/BasicProcessingFilter.java @@ -19,11 +19,12 @@ import java.io.IOException; import javax.servlet.FilterChain; import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.codec.binary.Base64; -import org.springframework.beans.factory.InitializingBean; import org.springframework.security.authentication.AnonymousAuthenticationToken; import org.springframework.security.authentication.AuthenticationDetailsSource; import org.springframework.security.authentication.AuthenticationManager; @@ -32,11 +33,11 @@ import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.web.AuthenticationEntryPoint; -import org.springframework.security.web.SpringSecurityFilter; import org.springframework.security.web.authentication.NullRememberMeServices; import org.springframework.security.web.authentication.RememberMeServices; import org.springframework.security.web.authentication.WebAuthenticationDetailsSource; import org.springframework.util.Assert; +import org.springframework.web.filter.GenericFilterBean; /** @@ -84,7 +85,7 @@ import org.springframework.util.Assert; * @author Ben Alex * @version $Id$ */ -public class BasicProcessingFilter extends SpringSecurityFilter implements InitializingBean { +public class BasicProcessingFilter extends GenericFilterBean { //~ Instance fields ================================================================================================ @@ -97,7 +98,8 @@ public class BasicProcessingFilter extends SpringSecurityFilter implements Initi //~ Methods ======================================================================================================== - public void afterPropertiesSet() throws Exception { + @Override + public void afterPropertiesSet() { Assert.notNull(this.authenticationManager, "An AuthenticationManager is required"); if(!isIgnoreFailure()) { @@ -105,8 +107,10 @@ public class BasicProcessingFilter extends SpringSecurityFilter implements Initi } } - public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) + public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { + HttpServletRequest request = (HttpServletRequest) req; + HttpServletResponse response = (HttpServletResponse) res; String header = request.getHeader("Authorization"); diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/DigestProcessingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/www/DigestProcessingFilter.java index 5ccdea43c7..01ed6a7304 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/www/DigestProcessingFilter.java +++ b/web/src/main/java/org/springframework/security/web/authentication/www/DigestProcessingFilter.java @@ -18,9 +18,10 @@ package org.springframework.security.web.authentication.www; import java.io.IOException; import java.util.Map; -import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -28,7 +29,6 @@ import org.apache.commons.codec.binary.Base64; import org.apache.commons.codec.digest.DigestUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.springframework.beans.factory.InitializingBean; import org.springframework.context.MessageSource; import org.springframework.context.MessageSourceAware; import org.springframework.context.support.MessageSourceAccessor; @@ -44,10 +44,10 @@ import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.security.core.userdetails.cache.NullUserCache; -import org.springframework.security.web.SpringSecurityFilter; import org.springframework.security.web.authentication.WebAuthenticationDetailsSource; import org.springframework.util.Assert; import org.springframework.util.StringUtils; +import org.springframework.web.filter.GenericFilterBean; /** @@ -76,7 +76,7 @@ import org.springframework.util.StringUtils; * than Basic authentication. Please see RFC 2617 section 4 for a full discussion on the advantages of Digest * authentication over Basic authentication, including commentary on the limitations that it still imposes. */ -public class DigestProcessingFilter extends SpringSecurityFilter implements Filter, InitializingBean, MessageSourceAware { +public class DigestProcessingFilter extends GenericFilterBean implements MessageSourceAware { //~ Static fields/initializers ===================================================================================== @@ -93,13 +93,17 @@ public class DigestProcessingFilter extends SpringSecurityFilter implements Filt //~ Methods ======================================================================================================== - public void afterPropertiesSet() throws Exception { + @Override + public void afterPropertiesSet() { Assert.notNull(userDetailsService, "A UserDetailsService is required"); Assert.notNull(authenticationEntryPoint, "A DigestProcessingFilterEntryPoint is required"); } - public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) + public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { + HttpServletRequest request = (HttpServletRequest) req; + HttpServletResponse response = (HttpServletResponse) res; + String header = request.getHeader("Authorization"); if (logger.isDebugEnabled()) { diff --git a/web/src/main/java/org/springframework/security/web/context/HttpSessionContextIntegrationFilter.java b/web/src/main/java/org/springframework/security/web/context/HttpSessionContextIntegrationFilter.java index 060594aa49..725782632b 100644 --- a/web/src/main/java/org/springframework/security/web/context/HttpSessionContextIntegrationFilter.java +++ b/web/src/main/java/org/springframework/security/web/context/HttpSessionContextIntegrationFilter.java @@ -186,7 +186,7 @@ public class HttpSessionContextIntegrationFilter extends SecurityContextPersiste //~ Methods ======================================================================================================== - public void afterPropertiesSet() throws Exception { + public void afterPropertiesSet() { if (forceEagerSessionCreation && !allowSessionCreation) { throw new IllegalArgumentException( "If using forceEagerSessionCreation, you must set allowSessionCreation to also be true"); diff --git a/web/src/main/java/org/springframework/security/web/context/SecurityContextPersistenceFilter.java b/web/src/main/java/org/springframework/security/web/context/SecurityContextPersistenceFilter.java index bb2fa08ea2..b9958a6148 100644 --- a/web/src/main/java/org/springframework/security/web/context/SecurityContextPersistenceFilter.java +++ b/web/src/main/java/org/springframework/security/web/context/SecurityContextPersistenceFilter.java @@ -4,13 +4,15 @@ import java.io.IOException; import javax.servlet.FilterChain; import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import org.springframework.security.core.context.SecurityContext; import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.security.web.SpringSecurityFilter; +import org.springframework.web.filter.GenericFilterBean; /** * Populates the {@link SecurityContextHolder} with information obtained from @@ -37,7 +39,7 @@ import org.springframework.security.web.SpringSecurityFilter; * @version $Id$ * @since 3.0 */ -public class SecurityContextPersistenceFilter extends SpringSecurityFilter { +public class SecurityContextPersistenceFilter extends GenericFilterBean { static final String FILTER_APPLIED = "__spring_security_scpf_applied"; @@ -45,9 +47,11 @@ public class SecurityContextPersistenceFilter extends SpringSecurityFilter { private boolean forceEagerSessionCreation = false; - @Override - protected void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) + + public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { + HttpServletRequest request = (HttpServletRequest) req; + HttpServletResponse response = (HttpServletResponse) res; if (request.getAttribute(FILTER_APPLIED) != null) { // ensure that filter is only applied once per request diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilter.java b/web/src/main/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilter.java index a049857428..6ca1d2cb9a 100644 --- a/web/src/main/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilter.java +++ b/web/src/main/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilter.java @@ -4,10 +4,12 @@ import java.io.IOException; import javax.servlet.FilterChain; import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.springframework.security.web.SpringSecurityFilter; +import org.springframework.web.filter.GenericFilterBean; /** * Responsible for reconstituting the saved request if one is cached and it matches the current request. @@ -21,15 +23,15 @@ import org.springframework.security.web.SpringSecurityFilter; * @version $Id$ * @since 3.0 */ -public class RequestCacheAwareFilter extends SpringSecurityFilter { +public class RequestCacheAwareFilter extends GenericFilterBean { private RequestCache requestCache = new HttpSessionRequestCache(); - @Override - protected void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) + public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { - HttpServletRequest wrappedSavedRequest = requestCache.getMatchingRequest(request, response); + HttpServletRequest wrappedSavedRequest = + requestCache.getMatchingRequest((HttpServletRequest)request, (HttpServletResponse)response); chain.doFilter(wrappedSavedRequest == null ? request : wrappedSavedRequest, response); } diff --git a/web/src/main/java/org/springframework/security/web/session/SessionManagementFilter.java b/web/src/main/java/org/springframework/security/web/session/SessionManagementFilter.java index 120db85082..082fb3bcd1 100644 --- a/web/src/main/java/org/springframework/security/web/session/SessionManagementFilter.java +++ b/web/src/main/java/org/springframework/security/web/session/SessionManagementFilter.java @@ -4,6 +4,8 @@ import java.io.IOException; import javax.servlet.FilterChain; import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -11,9 +13,9 @@ import org.springframework.security.authentication.AuthenticationTrustResolver; import org.springframework.security.authentication.AuthenticationTrustResolverImpl; import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.security.web.SpringSecurityFilter; import org.springframework.security.web.context.SecurityContextRepository; import org.springframework.util.Assert; +import org.springframework.web.filter.GenericFilterBean; /** * Detects that a user has been authenticated since the start of the request and, if they have, calls the @@ -27,7 +29,7 @@ import org.springframework.util.Assert; * @version $Id$ * @since 2.0 */ -public class SessionManagementFilter extends SpringSecurityFilter { +public class SessionManagementFilter extends GenericFilterBean { //~ Static fields/initializers ===================================================================================== static final String FILTER_APPLIED = "__spring_security_session_fixation_filter_applied"; @@ -46,8 +48,10 @@ public class SessionManagementFilter extends SpringSecurityFilter { this.securityContextRepository = securityContextRepository; } - protected void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) + public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { + HttpServletRequest request = (HttpServletRequest) req; + HttpServletResponse response = (HttpServletResponse) res; if (request.getAttribute(FILTER_APPLIED) != null) { chain.doFilter(request, response); diff --git a/web/src/main/java/org/springframework/security/web/wrapper/SecurityContextHolderAwareRequestFilter.java b/web/src/main/java/org/springframework/security/web/wrapper/SecurityContextHolderAwareRequestFilter.java index 1d181df0c5..e266b6fd3e 100644 --- a/web/src/main/java/org/springframework/security/web/wrapper/SecurityContextHolderAwareRequestFilter.java +++ b/web/src/main/java/org/springframework/security/web/wrapper/SecurityContextHolderAwareRequestFilter.java @@ -19,11 +19,12 @@ import java.io.IOException; import javax.servlet.FilterChain; import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import org.springframework.security.web.SpringSecurityFilter; import org.springframework.util.Assert; +import org.springframework.web.filter.GenericFilterBean; /** @@ -37,7 +38,7 @@ import org.springframework.util.Assert; * @author Luke Taylor * @version $Id$ */ -public class SecurityContextHolderAwareRequestFilter extends SpringSecurityFilter { +public class SecurityContextHolderAwareRequestFilter extends GenericFilterBean { //~ Instance fields ================================================================================================ private String rolePrefix; @@ -49,8 +50,8 @@ public class SecurityContextHolderAwareRequestFilter extends SpringSecurityFilte this.rolePrefix = rolePrefix.trim(); } - protected void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) + public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { - chain.doFilter(new SecurityContextHolderAwareRequestWrapper(request, rolePrefix), response); + chain.doFilter(new SecurityContextHolderAwareRequestWrapper((HttpServletRequest) req, rolePrefix), res); } } diff --git a/web/src/test/java/org/springframework/security/web/access/channel/ChannelProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/access/channel/ChannelProcessingFilterTests.java index 3a54239af7..50f163a16d 100644 --- a/web/src/test/java/org/springframework/security/web/access/channel/ChannelProcessingFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/access/channel/ChannelProcessingFilterTests.java @@ -149,9 +149,7 @@ public class ChannelProcessingFilterTests { filter.setSecurityMetadataSource(fids); assertSame(fids, filter.getSecurityMetadataSource()); - filter.init(null); filter.afterPropertiesSet(); - filter.destroy(); } //~ Inner Classes ================================================================================================== diff --git a/web/src/test/java/org/springframework/security/web/authentication/AnonymousProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/AnonymousProcessingFilterTests.java index f770a64ac6..3ff8b4a0f6 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/AnonymousProcessingFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/AnonymousProcessingFilterTests.java @@ -58,11 +58,10 @@ public class AnonymousProcessingFilterTests extends TestCase { //~ Methods ======================================================================================================== private void executeFilterInContainerSimulator(FilterConfig filterConfig, Filter filter, ServletRequest request, - ServletResponse response, FilterChain filterChain) - throws ServletException, IOException { - filter.init(filterConfig); + ServletResponse response, FilterChain filterChain) throws ServletException, IOException { +// filter.init(filterConfig); filter.doFilter(request, response, filterChain); - filter.destroy(); +// filter.destroy(); } protected void setUp() throws Exception { diff --git a/web/src/test/java/org/springframework/security/web/authentication/AuthenticationProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/AuthenticationProcessingFilterTests.java index e435cb9e64..30a5ac50d5 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/AuthenticationProcessingFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/AuthenticationProcessingFilterTests.java @@ -52,7 +52,7 @@ public class AuthenticationProcessingFilterTests extends TestCase { UsernamePasswordAuthenticationProcessingFilter filter = new UsernamePasswordAuthenticationProcessingFilter(); assertEquals("/j_spring_security_check", filter.getFilterProcessesUrl()); filter.setAuthenticationManager(createAuthenticationManager()); - filter.init(null); +// filter.init(null); Authentication result = filter.attemptAuthentication(request, new MockHttpServletResponse()); assertTrue(result != null); diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/header/RequestHeaderPreAuthenticatedProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/header/RequestHeaderPreAuthenticatedProcessingFilterTests.java index 8598de62f6..c860fd9012 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/preauth/header/RequestHeaderPreAuthenticatedProcessingFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/header/RequestHeaderPreAuthenticatedProcessingFilterTests.java @@ -37,7 +37,6 @@ public class RequestHeaderPreAuthenticatedProcessingFilterTests { MockHttpServletResponse response = new MockHttpServletResponse(); MockFilterChain chain = new MockFilterChain(); RequestHeaderPreAuthenticatedProcessingFilter filter = new RequestHeaderPreAuthenticatedProcessingFilter(); - filter.getOrder(); filter.doFilter(request, response, chain); } diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/RememberMeProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/RememberMeProcessingFilterTests.java index ba4108ed80..eaf8ffbc74 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/RememberMeProcessingFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/RememberMeProcessingFilterTests.java @@ -56,11 +56,10 @@ public class RememberMeProcessingFilterTests extends TestCase { //~ Methods ======================================================================================================== private void executeFilterInContainerSimulator(FilterConfig filterConfig, Filter filter, ServletRequest request, - ServletResponse response, FilterChain filterChain) - throws ServletException, IOException { - filter.init(filterConfig); + ServletResponse response, FilterChain filterChain) throws ServletException, IOException { +// filter.init(filterConfig); filter.doFilter(request, response, filterChain); - filter.destroy(); +// filter.destroy(); } protected void setUp() throws Exception { diff --git a/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserProcessingFilterTests.java index 86a3524aa4..1c4a96918e 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserProcessingFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserProcessingFilterTests.java @@ -161,7 +161,7 @@ public class SwitchUserProcessingFilterTests { // Check it with no url set (should get a text response) FilterChain chain = mock(FilterChain.class); - filter.doFilterHttp(request, response, chain); + filter.doFilter(request, response, chain); verify(chain, never()).doFilter(request, response); assertEquals("Authentication Failed: User is disabled", response.getErrorMessage()); @@ -177,7 +177,7 @@ public class SwitchUserProcessingFilterTests { response = new MockHttpServletResponse(); chain = mock(FilterChain.class); - filter.doFilterHttp(request, response, chain); + filter.doFilter(request, response, chain); verify(chain, never()).doFilter(request, response); assertEquals("/mywebapp/switchfailed", response.getRedirectedUrl()); diff --git a/web/src/test/java/org/springframework/security/web/authentication/www/BasicProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/www/BasicProcessingFilterTests.java index 80216aa16d..4b5013a69e 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/www/BasicProcessingFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/www/BasicProcessingFilterTests.java @@ -24,7 +24,6 @@ import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; -import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; @@ -63,13 +62,13 @@ public class BasicProcessingFilterTests { private MockHttpServletResponse executeFilterInContainerSimulator(Filter filter, final ServletRequest request, final boolean expectChainToProceed) throws ServletException, IOException { - filter.init(mock(FilterConfig.class)); +// filter.init(mock(FilterConfig.class)); final MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain chain = mock(FilterChain.class); filter.doFilter(request, response, chain); - filter.destroy(); +// filter.destroy(); verify(chain, expectChainToProceed ? times(1) : never()).doFilter(any(ServletRequest.class), any(ServletResponse.class)); return response; diff --git a/web/src/test/java/org/springframework/security/web/authentication/www/DigestProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/www/DigestProcessingFilterTests.java index 3a3941aaf1..68431d9968 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/www/DigestProcessingFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/www/DigestProcessingFilterTests.java @@ -87,8 +87,6 @@ public class DigestProcessingFilterTests { private MockHttpServletResponse executeFilterInContainerSimulator(Filter filter, final ServletRequest request, final boolean expectChainToProceed) throws ServletException, IOException { - filter.init(mock(FilterConfig.class)); - final MockHttpServletResponse response = new MockHttpServletResponse(); Mockery jmockContext = new JUnit4Mockery(); @@ -99,7 +97,7 @@ public class DigestProcessingFilterTests { }}); filter.doFilter(request, response, chain); - filter.destroy(); + jmockContext.assertIsSatisfied(); return response; } diff --git a/web/src/test/java/org/springframework/security/web/context/HttpSessionContextIntegrationFilterTests.java b/web/src/test/java/org/springframework/security/web/context/HttpSessionContextIntegrationFilterTests.java index 8cd36bdf27..0c7d55a066 100644 --- a/web/src/test/java/org/springframework/security/web/context/HttpSessionContextIntegrationFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/context/HttpSessionContextIntegrationFilterTests.java @@ -59,9 +59,9 @@ public class HttpSessionContextIntegrationFilterTests extends TestCase { FilterConfig filterConfig, Filter filter, ServletRequest request, ServletResponse response, FilterChain filterChain) throws ServletException, IOException { - filter.init(filterConfig); +// filter.init(filterConfig); filter.doFilter(request, response, filterChain); - filter.destroy(); +// filter.destroy(); } public void testDetectsIncompatibleSessionProperties() throws Exception { diff --git a/web/src/test/java/org/springframework/security/web/wrapper/SecurityContextHolderAwareRequestFilterTests.java b/web/src/test/java/org/springframework/security/web/wrapper/SecurityContextHolderAwareRequestFilterTests.java index ceafd84b91..55b9d6603d 100644 --- a/web/src/test/java/org/springframework/security/web/wrapper/SecurityContextHolderAwareRequestFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/wrapper/SecurityContextHolderAwareRequestFilterTests.java @@ -42,7 +42,7 @@ public class SecurityContextHolderAwareRequestFilterTests { public void expectedRequestWrapperClassIsUsed() throws Exception { SecurityContextHolderAwareRequestFilter filter = new SecurityContextHolderAwareRequestFilter(); filter.setRolePrefix("ROLE_"); - filter.init(jmock.mock(FilterConfig.class)); +// filter.init(jmock.mock(FilterConfig.class)); final FilterChain filterChain = jmock.mock(FilterChain.class); jmock.checking(new Expectations() {{ diff --git a/web/template.mf b/web/template.mf index 49e35008c3..81319ad241 100644 --- a/web/template.mf +++ b/web/template.mf @@ -3,18 +3,18 @@ Bundle-Name: Spring Security Web Bundle-Vendor: SpringSource Bundle-Version: ${version} Bundle-ManifestVersion: 2 -Excluded-Exports: +Excluded-Exports: org.springframework.security.web.authentication.preauth.websphere -Excluded-Imports: +Excluded-Imports: javax.naming.*, javax.rmi.*, javax.sql.*, javax.security.auth.*, org.aopalliance.* -Ignored-Existing-Headers: +Ignored-Existing-Headers: Import-Package, Export-Package -Import-Template: +Import-Template: org.apache.commons.logging.*;version="[1.0.4, 2.0.0)", org.apache.commons.codec.*;version="[1.3, 2.0)";resolution:=optional, org.springframework.security.core.*;version="[${version}, 3.1.0)", @@ -31,8 +31,9 @@ Import-Template: org.springframework.jdbc.*;version="[3.0.0, 3.1.0)";resolution:=optional, org.springframework.mock.web;version="[3.0.0, 3.1.0)";resolution:=optional, org.springframework.web.context.*;version="[3.0.0, 3.1.0)";resolution:=optional, + org.springframework.web.filter.*;version="[3.0.0, 3.1.0)", org.springframework.util;version="[3.0.0, 3.1.0)";resolution:=optional, org.w3c.dom;version="0";resolution:=optional, org.xml.sax;version="0";resolution:=optional, javax.servlet.*;version="0", - javax.xml.parsers.*;version="0";resolution:=optional \ No newline at end of file + javax.xml.parsers.*;version="0";resolution:=optional