SEC-1202: Removed SpringSecurityFilter and replaced with use of GenericFilterBean from spring-web

This commit is contained in:
Luke Taylor 2009-08-10 14:18:18 +00:00
parent b807f7cbdd
commit f536c80020
36 changed files with 225 additions and 251 deletions

View File

@ -48,7 +48,6 @@ public class CasProcessingFilterTests extends TestCase {
CasProcessingFilter filter = new CasProcessingFilter(); CasProcessingFilter filter = new CasProcessingFilter();
filter.setAuthenticationManager(authMgr); filter.setAuthenticationManager(authMgr);
filter.init(null);
Authentication result = filter.attemptAuthentication(request, new MockHttpServletResponse()); Authentication result = filter.attemptAuthentication(request, new MockHttpServletResponse());
assertTrue(result != null); assertTrue(result != null);
@ -62,7 +61,6 @@ public class CasProcessingFilterTests extends TestCase {
CasProcessingFilter filter = new CasProcessingFilter(); CasProcessingFilter filter = new CasProcessingFilter();
filter.setAuthenticationManager(authMgr); filter.setAuthenticationManager(authMgr);
filter.init(null);
try { try {
filter.attemptAuthentication(request, new MockHttpServletResponse()); filter.attemptAuthentication(request, new MockHttpServletResponse());

View File

@ -58,7 +58,6 @@
<dependency> <dependency>
<groupId>org.springframework</groupId> <groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId> <artifactId>spring-web</artifactId>
<scope>test</scope>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.apache.directory.server</groupId> <groupId>org.apache.directory.server</groupId>

View File

@ -22,28 +22,28 @@ import org.springframework.security.web.context.SecurityContextPersistenceFilter
import org.springframework.security.web.session.SessionManagementFilter; import org.springframework.security.web.session.SessionManagementFilter;
import org.springframework.security.web.wrapper.SecurityContextHolderAwareRequestFilter; import org.springframework.security.web.wrapper.SecurityContextHolderAwareRequestFilter;
public class DefaultFilterChainValidator implements FilterChainProxy.FilterChainValidator{ public class DefaultFilterChainValidator implements FilterChainProxy.FilterChainValidator {
private Log logger = LogFactory.getLog(getClass()); private Log logger = LogFactory.getLog(getClass());
public void validate(FilterChainProxy fcp) { public void validate(FilterChainProxy fcp) {
Map<String, List<Filter>> filterChainMap = fcp.getFilterChainMap(); Map<String, List<Filter>> filterChainMap = fcp.getFilterChainMap();
for(String pattern : fcp.getFilterChainMap().keySet()) { for(String pattern : fcp.getFilterChainMap().keySet()) {
List<Filter> filters = filterChainMap.get(pattern); List<Filter> filters = filterChainMap.get(pattern);
checkFilterStack(filters); checkFilterStack(filters);
} }
checkLoginPageIsntProtected(fcp, filterChainMap.get(fcp.getMatcher().getUniversalMatchPattern())); checkLoginPageIsntProtected(fcp, filterChainMap.get(fcp.getMatcher().getUniversalMatchPattern()));
} }
private Object getFilter(Class<?> type, List<Filter> filters) { private Object getFilter(Class<?> type, List<Filter> filters) {
for (Filter f : filters) { for (Filter f : filters) {
if (type.isAssignableFrom(f.getClass())) { if (type.isAssignableFrom(f.getClass())) {
return f; return f;
} }
} }
return null; return null;
} }
/** /**
@ -78,7 +78,7 @@ public class DefaultFilterChainValidator implements FilterChainProxy.FilterChain
/* Checks for the common error of having a login page URL protected by the security interceptor */ /* Checks for the common error of having a login page URL protected by the security interceptor */
private void checkLoginPageIsntProtected(FilterChainProxy fcp, List<Filter> defaultFilters) { private void checkLoginPageIsntProtected(FilterChainProxy fcp, List<Filter> defaultFilters) {
ExceptionTranslationFilter etf = (ExceptionTranslationFilter)getFilter(ExceptionTranslationFilter.class, defaultFilters); ExceptionTranslationFilter etf = (ExceptionTranslationFilter)getFilter(ExceptionTranslationFilter.class, defaultFilters);
if (etf.getAuthenticationEntryPoint() instanceof LoginUrlAuthenticationEntryPoint) { if (etf.getAuthenticationEntryPoint() instanceof LoginUrlAuthenticationEntryPoint) {
String loginPage = String loginPage =
@ -129,7 +129,4 @@ public class DefaultFilterChainValidator implements FilterChainProxy.FilterChain
} }
} }
} }
} }

View File

@ -17,13 +17,13 @@ package org.springframework.security.config;
import static org.junit.Assert.*; import static org.junit.Assert.*;
import static org.mockito.Matchers.any; import static org.mockito.Matchers.any;
import static org.mockito.Mockito.*; import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.verify;
import java.util.List; import java.util.List;
import javax.servlet.Filter; import javax.servlet.Filter;
import javax.servlet.FilterChain; import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
@ -136,8 +136,6 @@ public class FilterChainProxyConfigTests {
} }
private void doNormalOperation(FilterChainProxy filterChainProxy) throws Exception { private void doNormalOperation(FilterChainProxy filterChainProxy) throws Exception {
filterChainProxy.init(mock(FilterConfig.class));
MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletRequest request = new MockHttpServletRequest();
request.setServletPath("/foo/secure/super/somefile.html"); request.setServletPath("/foo/secure/super/somefile.html");
@ -151,7 +149,5 @@ public class FilterChainProxyConfigTests {
chain = mock(FilterChain.class); chain = mock(FilterChain.class);
filterChainProxy.doFilter(request, response, chain); filterChainProxy.doFilter(request, response, chain);
verify(chain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); verify(chain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
filterChainProxy.destroy();
} }
} }

View File

@ -22,6 +22,8 @@ import java.util.Properties;
import javax.servlet.FilterChain; import javax.servlet.FilterChain;
import javax.servlet.ServletException; import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession; import javax.servlet.http.HttpSession;
@ -40,7 +42,6 @@ import jcifs.util.Base64;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.authentication.AnonymousAuthenticationToken; import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException; import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
import org.springframework.security.authentication.AuthenticationDetailsSource; import org.springframework.security.authentication.AuthenticationDetailsSource;
@ -51,10 +52,10 @@ import org.springframework.security.authentication.UsernamePasswordAuthenticatio
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.SpringSecurityFilter;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationProcessingFilter; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationProcessingFilter;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource; import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.util.Assert; import org.springframework.util.Assert;
import org.springframework.web.filter.GenericFilterBean;
/** /**
* A clean-room implementation for Spring Security of an NTLM HTTP filter * A clean-room implementation for Spring Security of an NTLM HTTP filter
@ -81,7 +82,7 @@ import org.springframework.util.Assert;
* @author Edward Smith * @author Edward Smith
* @version $Id$ * @version $Id$
*/ */
public class NtlmProcessingFilter extends SpringSecurityFilter implements InitializingBean { public class NtlmProcessingFilter extends GenericFilterBean {
//~ Static fields/initializers ===================================================================================== //~ Static fields/initializers =====================================================================================
private static Log logger = LogFactory.getLog(NtlmProcessingFilter.class); private static Log logger = LogFactory.getLog(NtlmProcessingFilter.class);
@ -120,7 +121,8 @@ public class NtlmProcessingFilter extends SpringSecurityFilter implements Initia
* Ensures an <code>AuthenticationManager</code> and authentication failure * Ensures an <code>AuthenticationManager</code> and authentication failure
* URL have been provided in the bean configuration file. * URL have been provided in the bean configuration file.
*/ */
public void afterPropertiesSet() throws Exception { @Override
public void afterPropertiesSet() {
Assert.notNull(this.authenticationManager, "An AuthenticationManager is required"); Assert.notNull(this.authenticationManager, "An AuthenticationManager is required");
// Default to 5 minutes if not already specified // Default to 5 minutes if not already specified
@ -304,8 +306,10 @@ public class NtlmProcessingFilter extends SpringSecurityFilter implements Initia
this.authenticationDetailsSource = authenticationDetailsSource; this.authenticationDetailsSource = authenticationDetailsSource;
} }
protected void doFilterHttp(final HttpServletRequest request, public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
final HttpServletResponse response, final FilterChain chain) throws IOException, ServletException { throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
final HttpSession session = request.getSession(); final HttpSession session = request.getSession();
Integer ntlmState = (Integer) session.getAttribute(STATE_ATTR); Integer ntlmState = (Integer) session.getAttribute(STATE_ATTR);

View File

@ -25,6 +25,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession; import javax.servlet.http.HttpSession;
import org.openid4java.consumer.ConsumerException;
import org.springframework.security.authentication.AuthenticationServiceException; import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.AuthenticationException;
@ -81,10 +82,15 @@ public class OpenIDAuthenticationProcessingFilter extends AbstractAuthentication
//~ Methods ======================================================================================================== //~ Methods ========================================================================================================
public void afterPropertiesSet() throws Exception { @Override
public void afterPropertiesSet() {
super.afterPropertiesSet(); super.afterPropertiesSet();
if (consumer == null) { if (consumer == null) {
consumer = new OpenID4JavaConsumer(); try {
consumer = new OpenID4JavaConsumer();
} catch (ConsumerException e) {
throw new IllegalArgumentException("Failed to initialize OpenID", e);
}
} }
} }

View File

@ -33,12 +33,12 @@ import javax.servlet.ServletResponse;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource; import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.security.web.util.AntUrlPathMatcher; import org.springframework.security.web.util.AntUrlPathMatcher;
import org.springframework.security.web.util.UrlMatcher; import org.springframework.security.web.util.UrlMatcher;
import org.springframework.util.Assert; import org.springframework.util.Assert;
import org.springframework.web.filter.DelegatingFilterProxy; import org.springframework.web.filter.DelegatingFilterProxy;
import org.springframework.web.filter.GenericFilterBean;
/** /**
@ -104,7 +104,7 @@ import org.springframework.web.filter.DelegatingFilterProxy;
* *
* @version $Id$ * @version $Id$
*/ */
public class FilterChainProxy implements Filter, InitializingBean { public class FilterChainProxy extends GenericFilterBean {
//~ Static fields/initializers ===================================================================================== //~ Static fields/initializers =====================================================================================
private static final Log logger = LogFactory.getLog(FilterChainProxy.class); private static final Log logger = LogFactory.getLog(FilterChainProxy.class);
@ -123,35 +123,12 @@ public class FilterChainProxy implements Filter, InitializingBean {
//~ Methods ======================================================================================================== //~ Methods ========================================================================================================
public void afterPropertiesSet() throws Exception { @Override
public void afterPropertiesSet() {
Assert.notNull(uncompiledFilterChainMap, "filterChainMap must be set"); Assert.notNull(uncompiledFilterChainMap, "filterChainMap must be set");
filterChainValidator.validate(this); filterChainValidator.validate(this);
} }
public void init(FilterConfig filterConfig) throws ServletException {
for (Filter filter : obtainAllDefinedFilters()) {
if (filter != null) {
if (logger.isDebugEnabled()) {
logger.debug("Initializing Filter defined in ApplicationContext: '" + filter + "'");
}
filter.init(filterConfig);
}
}
}
public void destroy() {
for (Filter filter : obtainAllDefinedFilters()) {
if (filter != null) {
if (logger.isDebugEnabled()) {
logger.debug("Destroying Filter defined in ApplicationContext: '" + filter + "'");
}
filter.destroy();
}
}
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException { throws IOException, ServletException {
@ -324,10 +301,10 @@ public class FilterChainProxy implements Filter, InitializingBean {
* @param filterChainValidator * @param filterChainValidator
*/ */
public void setFilterChainValidator(FilterChainValidator filterChainValidator) { public void setFilterChainValidator(FilterChainValidator filterChainValidator) {
this.filterChainValidator = filterChainValidator; this.filterChainValidator = filterChainValidator;
} }
public String toString() { public String toString() {
StringBuffer sb = new StringBuffer(); StringBuffer sb = new StringBuffer();
sb.append("FilterChainProxy["); sb.append("FilterChainProxy[");
sb.append(" UrlMatcher = ").append(matcher); sb.append(" UrlMatcher = ").append(matcher);
@ -382,12 +359,12 @@ public class FilterChainProxy implements Filter, InitializingBean {
} }
public interface FilterChainValidator { public interface FilterChainValidator {
void validate(FilterChainProxy filterChainProxy); void validate(FilterChainProxy filterChainProxy);
} }
private class NullFilterChainValidator implements FilterChainValidator { private class NullFilterChainValidator implements FilterChainValidator {
public void validate(FilterChainProxy filterChainProxy) { public void validate(FilterChainProxy filterChainProxy) {
} }
} }
} }

View File

@ -1,61 +0,0 @@
package org.springframework.security.web;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.core.Ordered;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.ServletException;
import javax.servlet.FilterChain;
import javax.servlet.ServletResponse;
import javax.servlet.FilterConfig;
import javax.servlet.ServletRequest;
import javax.servlet.Filter;
import java.io.IOException;
/**
* Implements Ordered interface as required by security namespace configuration and implements unused filter
* lifecycle methods and performs casting of request and response to http versions in doFilter method.
*
* @author Luke Taylor
* @version $Id$
*/
public abstract class SpringSecurityFilter implements Filter, Ordered {
protected final Log logger = LogFactory.getLog(this.getClass());
private int order;
/**
* Does nothing. We use IoC container lifecycle services instead.
*
* @param filterConfig ignored
* @throws ServletException ignored
*/
public final void init(FilterConfig filterConfig) throws ServletException {
}
/**
* Does nothing. We use IoC container lifecycle services instead.
*/
public final void destroy() {
}
public final void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
doFilterHttp((HttpServletRequest)request, (HttpServletResponse)response, chain);
}
protected abstract void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException;
public final int getOrder() {
return order;
}
public void setOrder(int order) {
this.order = order;
}
public String toString() {
return getClass().getName() + "[ order=" + getOrder() + "; ]";
}
}

View File

@ -19,10 +19,11 @@ import java.io.IOException;
import javax.servlet.FilterChain; import javax.servlet.FilterChain;
import javax.servlet.ServletException; import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.access.AccessDeniedException; import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.authentication.AuthenticationTrustResolver; import org.springframework.security.authentication.AuthenticationTrustResolver;
import org.springframework.security.authentication.AuthenticationTrustResolverImpl; import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
@ -30,12 +31,12 @@ import org.springframework.security.authentication.InsufficientAuthenticationExc
import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.AuthenticationEntryPoint; import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.SpringSecurityFilter;
import org.springframework.security.web.savedrequest.HttpSessionRequestCache; import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
import org.springframework.security.web.savedrequest.RequestCache; import org.springframework.security.web.savedrequest.RequestCache;
import org.springframework.security.web.util.ThrowableAnalyzer; import org.springframework.security.web.util.ThrowableAnalyzer;
import org.springframework.security.web.util.ThrowableCauseExtractor; import org.springframework.security.web.util.ThrowableCauseExtractor;
import org.springframework.util.Assert; import org.springframework.util.Assert;
import org.springframework.web.filter.GenericFilterBean;
/** /**
* Handles any <code>AccessDeniedException</code> and <code>AuthenticationException</code> thrown within the * Handles any <code>AccessDeniedException</code> and <code>AuthenticationException</code> thrown within the
@ -68,7 +69,7 @@ import org.springframework.util.Assert;
* @author colin sampaleanu * @author colin sampaleanu
* @version $Id$ * @version $Id$
*/ */
public class ExceptionTranslationFilter extends SpringSecurityFilter implements InitializingBean { public class ExceptionTranslationFilter extends GenericFilterBean {
//~ Instance fields ================================================================================================ //~ Instance fields ================================================================================================
@ -82,13 +83,16 @@ public class ExceptionTranslationFilter extends SpringSecurityFilter implements
//~ Methods ======================================================================================================== //~ Methods ========================================================================================================
public void afterPropertiesSet() throws Exception { @Override
public void afterPropertiesSet() {
Assert.notNull(authenticationEntryPoint, "authenticationEntryPoint must be specified"); Assert.notNull(authenticationEntryPoint, "authenticationEntryPoint must be specified");
// Assert.notNull(portResolver, "portResolver must be specified"); // Assert.notNull(portResolver, "portResolver must be specified");
} }
public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
ServletException { throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
try { try {
chain.doFilter(request, response); chain.doFilter(request, response);

View File

@ -23,15 +23,16 @@ import java.util.Set;
import javax.servlet.FilterChain; import javax.servlet.FilterChain;
import javax.servlet.ServletException; import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.access.ConfigAttribute; import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.web.FilterInvocation; import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.SpringSecurityFilter;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource; import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.util.Assert; import org.springframework.util.Assert;
import org.springframework.web.filter.GenericFilterBean;
/** /**
@ -45,7 +46,7 @@ import org.springframework.util.Assert;
* @author Ben Alex * @author Ben Alex
* @version $Id$ * @version $Id$
*/ */
public class ChannelProcessingFilter extends SpringSecurityFilter implements InitializingBean { public class ChannelProcessingFilter extends GenericFilterBean {
//~ Instance fields ================================================================================================ //~ Instance fields ================================================================================================
@ -54,7 +55,8 @@ public class ChannelProcessingFilter extends SpringSecurityFilter implements Ini
//~ Methods ======================================================================================================== //~ Methods ========================================================================================================
public void afterPropertiesSet() throws Exception { @Override
public void afterPropertiesSet() {
Assert.notNull(securityMetadataSource, "securityMetadataSource must be specified"); Assert.notNull(securityMetadataSource, "securityMetadataSource must be specified");
Assert.notNull(channelDecisionManager, "channelDecisionManager must be specified"); Assert.notNull(channelDecisionManager, "channelDecisionManager must be specified");
@ -86,8 +88,10 @@ public class ChannelProcessingFilter extends SpringSecurityFilter implements Ini
} }
} }
public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException { throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
FilterInvocation fi = new FilterInvocation(request, response, chain); FilterInvocation fi = new FilterInvocation(request, response, chain);
List<ConfigAttribute> attr = this.securityMetadataSource.getAttributes(fi); List<ConfigAttribute> attr = this.securityMetadataSource.getAttributes(fi);

View File

@ -19,11 +19,12 @@ import java.io.IOException;
import javax.servlet.FilterChain; import javax.servlet.FilterChain;
import javax.servlet.ServletException; import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession; import javax.servlet.http.HttpSession;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.ApplicationEventPublisher; import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.ApplicationEventPublisherAware; import org.springframework.context.ApplicationEventPublisherAware;
import org.springframework.context.MessageSource; import org.springframework.context.MessageSource;
@ -36,11 +37,11 @@ import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.SpringSecurityMessageSource; import org.springframework.security.core.SpringSecurityMessageSource;
import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.SpringSecurityFilter;
import org.springframework.security.web.session.AuthenticatedSessionStrategy; import org.springframework.security.web.session.AuthenticatedSessionStrategy;
import org.springframework.security.web.session.NullAuthenticatedSessionStrategy; import org.springframework.security.web.session.NullAuthenticatedSessionStrategy;
import org.springframework.security.web.util.UrlUtils; import org.springframework.security.web.util.UrlUtils;
import org.springframework.util.Assert; import org.springframework.util.Assert;
import org.springframework.web.filter.GenericFilterBean;
/** /**
* Abstract processor of browser-based HTTP-based authentication requests. * Abstract processor of browser-based HTTP-based authentication requests.
@ -102,7 +103,7 @@ import org.springframework.util.Assert;
* @author Ben Alex * @author Ben Alex
* @version $Id$ * @version $Id$
*/ */
public abstract class AbstractAuthenticationProcessingFilter extends SpringSecurityFilter implements InitializingBean, public abstract class AbstractAuthenticationProcessingFilter extends GenericFilterBean implements
ApplicationEventPublisherAware, MessageSourceAware { ApplicationEventPublisherAware, MessageSourceAware {
//~ Static fields/initializers ===================================================================================== //~ Static fields/initializers =====================================================================================
@ -147,7 +148,8 @@ public abstract class AbstractAuthenticationProcessingFilter extends SpringSecur
//~ Methods ======================================================================================================== //~ Methods ========================================================================================================
public void afterPropertiesSet() throws Exception { @Override
public void afterPropertiesSet() {
Assert.hasLength(filterProcessesUrl, "filterProcessesUrl must be specified"); Assert.hasLength(filterProcessesUrl, "filterProcessesUrl must be specified");
Assert.isTrue(UrlUtils.isValidRedirectUrl(filterProcessesUrl), filterProcessesUrl + " isn't a valid redirect URL"); Assert.isTrue(UrlUtils.isValidRedirectUrl(filterProcessesUrl), filterProcessesUrl + " isn't a valid redirect URL");
Assert.notNull(authenticationManager, "authenticationManager must be specified"); Assert.notNull(authenticationManager, "authenticationManager must be specified");
@ -176,9 +178,12 @@ public abstract class AbstractAuthenticationProcessingFilter extends SpringSecur
* by this method where the returned <tt>Authentication</tt> object is not null. * by this method where the returned <tt>Authentication</tt> object is not null.
* </ol> * </ol>
*/ */
public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException { throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
if (!requiresAuthentication(request, response)) { if (!requiresAuthentication(request, response)) {
chain.doFilter(request, response); chain.doFilter(request, response);

View File

@ -20,6 +20,8 @@ import java.io.IOException;
import javax.servlet.FilterChain; import javax.servlet.FilterChain;
import javax.servlet.ServletException; import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
@ -29,8 +31,8 @@ import org.springframework.security.authentication.AuthenticationDetailsSource;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.memory.UserAttribute; import org.springframework.security.core.userdetails.memory.UserAttribute;
import org.springframework.security.web.SpringSecurityFilter;
import org.springframework.util.Assert; import org.springframework.util.Assert;
import org.springframework.web.filter.GenericFilterBean;
/** /**
@ -40,7 +42,7 @@ import org.springframework.util.Assert;
* @author Ben Alex * @author Ben Alex
* @version $Id$ * @version $Id$
*/ */
public class AnonymousProcessingFilter extends SpringSecurityFilter implements InitializingBean { public class AnonymousProcessingFilter extends GenericFilterBean implements InitializingBean {
//~ Instance fields ================================================================================================ //~ Instance fields ================================================================================================
@ -51,7 +53,8 @@ public class AnonymousProcessingFilter extends SpringSecurityFilter implements
//~ Methods ======================================================================================================== //~ Methods ========================================================================================================
public void afterPropertiesSet() throws Exception { @Override
public void afterPropertiesSet() {
Assert.notNull(userAttribute); Assert.notNull(userAttribute);
Assert.hasLength(key); Assert.hasLength(key);
} }
@ -79,7 +82,11 @@ public class AnonymousProcessingFilter extends SpringSecurityFilter implements
return auth; return auth;
} }
protected void doFilterHttp(HttpServletRequest request,HttpServletResponse response, FilterChain chain) throws IOException, ServletException { public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
boolean addedToken = false; boolean addedToken = false;
if (applyAnonymousForThisRequest(request)) { if (applyAnonymousForThisRequest(request)) {

View File

@ -19,20 +19,21 @@ import java.io.IOException;
import javax.servlet.FilterChain; import javax.servlet.FilterChain;
import javax.servlet.ServletException; import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession; import javax.servlet.http.HttpSession;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.authentication.concurrent.SessionInformation; import org.springframework.security.authentication.concurrent.SessionInformation;
import org.springframework.security.authentication.concurrent.SessionRegistry; import org.springframework.security.authentication.concurrent.SessionRegistry;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.SpringSecurityFilter;
import org.springframework.security.web.authentication.logout.LogoutHandler; import org.springframework.security.web.authentication.logout.LogoutHandler;
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler; import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
import org.springframework.security.web.util.UrlUtils; import org.springframework.security.web.util.UrlUtils;
import org.springframework.util.Assert; import org.springframework.util.Assert;
import org.springframework.web.filter.GenericFilterBean;
/** /**
@ -52,7 +53,7 @@ import org.springframework.util.Assert;
* @author Ben Alex * @author Ben Alex
* @version $Id$ * @version $Id$
*/ */
public class ConcurrentSessionFilter extends SpringSecurityFilter implements InitializingBean { public class ConcurrentSessionFilter extends GenericFilterBean {
//~ Instance fields ================================================================================================ //~ Instance fields ================================================================================================
private SessionRegistry sessionRegistry; private SessionRegistry sessionRegistry;
@ -61,14 +62,17 @@ public class ConcurrentSessionFilter extends SpringSecurityFilter implements Ini
//~ Methods ======================================================================================================== //~ Methods ========================================================================================================
public void afterPropertiesSet() throws Exception { @Override
public void afterPropertiesSet() {
Assert.notNull(sessionRegistry, "SessionRegistry required"); Assert.notNull(sessionRegistry, "SessionRegistry required");
Assert.isTrue(expiredUrl == null || UrlUtils.isValidRedirectUrl(expiredUrl), Assert.isTrue(expiredUrl == null || UrlUtils.isValidRedirectUrl(expiredUrl),
expiredUrl + " isn't a valid redirect URL"); expiredUrl + " isn't a valid redirect URL");
} }
public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException { throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
HttpSession session = request.getSession(false); HttpSession session = request.getSession(false);

View File

@ -21,15 +21,17 @@ import java.util.List;
import javax.servlet.FilterChain; import javax.servlet.FilterChain;
import javax.servlet.ServletException; import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.SpringSecurityFilter;
import org.springframework.security.web.util.UrlUtils; import org.springframework.security.web.util.UrlUtils;
import org.springframework.util.Assert; import org.springframework.util.Assert;
import org.springframework.util.StringUtils; import org.springframework.util.StringUtils;
import org.springframework.web.filter.GenericFilterBean;
/** /**
* Logs a principal out. * Logs a principal out.
@ -44,7 +46,7 @@ import org.springframework.util.StringUtils;
* @author Ben Alex * @author Ben Alex
* @version $Id$ * @version $Id$
*/ */
public class LogoutFilter extends SpringSecurityFilter { public class LogoutFilter extends GenericFilterBean {
//~ Instance fields ================================================================================================ //~ Instance fields ================================================================================================
@ -79,8 +81,10 @@ public class LogoutFilter extends SpringSecurityFilter {
//~ Methods ======================================================================================================== //~ Methods ========================================================================================================
public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
ServletException { throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
if (requiresLogout(request, response)) { if (requiresLogout(request, response)) {
Authentication auth = SecurityContextHolder.getContext().getAuthentication(); Authentication auth = SecurityContextHolder.getContext().getAuthentication();

View File

@ -4,39 +4,41 @@ import java.io.IOException;
import javax.servlet.FilterChain; import javax.servlet.FilterChain;
import javax.servlet.ServletException; import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import org.springframework.security.web.SpringSecurityFilter; import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter; import org.springframework.context.ApplicationEventPublisher;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource; import org.springframework.context.ApplicationEventPublisherAware;
import org.springframework.security.authentication.AuthenticationDetailsSource; import org.springframework.security.authentication.AuthenticationDetailsSource;
import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.event.InteractiveAuthenticationSuccessEvent; import org.springframework.security.authentication.event.InteractiveAuthenticationSuccessEvent;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.beans.factory.InitializingBean; import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.context.ApplicationEventPublisher; import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.context.ApplicationEventPublisherAware;
import org.springframework.util.Assert; import org.springframework.util.Assert;
import org.springframework.web.filter.GenericFilterBean;
/** /**
* Base class for processing filters that handle pre-authenticated authentication requests. Subclasses must implement * Base class for processing filters that handle pre-authenticated authentication requests. Subclasses must implement
* the getPreAuthenticatedPrincipal() and getPreAuthenticatedCredentials() methods. * the getPreAuthenticatedPrincipal() and getPreAuthenticatedCredentials() methods.
* <p> * <p>
* By default, the filter chain will proceed when an authentication attempt fails in order to allow other * By default, the filter chain will proceed when an authentication attempt fails in order to allow other
* authentication mechanisms to process the request. To reject the credentials immediately, set the * authentication mechanisms to process the request. To reject the credentials immediately, set the
* <tt>continueFilterChainOnUnsuccessfulAuthentication</tt> flag to false. The exception raised by the * <tt>continueFilterChainOnUnsuccessfulAuthentication</tt> flag to false. The exception raised by the
* <tt>AuthenticationManager</tt> will the be re-thrown. Note that this will not affect cases where the principal * <tt>AuthenticationManager</tt> will the be re-thrown. Note that this will not affect cases where the principal
* returned by {@link #getPreAuthenticatedPrincipal} is null, when the chain will still proceed as normal. * returned by {@link #getPreAuthenticatedPrincipal} is null, when the chain will still proceed as normal.
* *
* *
* @author Luke Taylor * @author Luke Taylor
* @author Ruud Senden * @author Ruud Senden
* @since 2.0 * @since 2.0
*/ */
public abstract class AbstractPreAuthenticatedProcessingFilter extends SpringSecurityFilter implements public abstract class AbstractPreAuthenticatedProcessingFilter extends GenericFilterBean implements
InitializingBean, ApplicationEventPublisherAware { InitializingBean, ApplicationEventPublisherAware {
private ApplicationEventPublisher eventPublisher = null; private ApplicationEventPublisher eventPublisher = null;
@ -44,28 +46,31 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends SpringSec
private AuthenticationDetailsSource authenticationDetailsSource = new WebAuthenticationDetailsSource(); private AuthenticationDetailsSource authenticationDetailsSource = new WebAuthenticationDetailsSource();
private AuthenticationManager authenticationManager = null; private AuthenticationManager authenticationManager = null;
private boolean continueFilterChainOnUnsuccessfulAuthentication = true; private boolean continueFilterChainOnUnsuccessfulAuthentication = true;
/** /**
* Check whether all required properties have been set. * Check whether all required properties have been set.
*/ */
public void afterPropertiesSet() throws Exception { @Override
public void afterPropertiesSet() {
Assert.notNull(authenticationManager, "An AuthenticationManager must be set"); Assert.notNull(authenticationManager, "An AuthenticationManager must be set");
} }
/** /**
* Try to authenticate a pre-authenticated user with Spring Security if the user has not yet been authenticated. * Try to authenticate a pre-authenticated user with Spring Security if the user has not yet been authenticated.
*/ */
public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException { public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
if (logger.isDebugEnabled()) { if (logger.isDebugEnabled()) {
logger.debug("Checking secure context token: " + SecurityContextHolder.getContext().getAuthentication()); logger.debug("Checking secure context token: " + SecurityContextHolder.getContext().getAuthentication());
} }
if (SecurityContextHolder.getContext().getAuthentication() == null) { if (SecurityContextHolder.getContext().getAuthentication() == null) {
doAuthenticate(request, response); doAuthenticate((HttpServletRequest) request, (HttpServletResponse) response);
} }
filterChain.doFilter(request, response); chain.doFilter(request, response);
} }
/** /**
@ -82,7 +87,7 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends SpringSec
logger.debug("No pre-authenticated principal found in request"); logger.debug("No pre-authenticated principal found in request");
} }
return; return;
} }
if (logger.isDebugEnabled()) { if (logger.isDebugEnabled()) {
@ -96,7 +101,7 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends SpringSec
successfulAuthentication(request, response, authResult); successfulAuthentication(request, response, authResult);
} catch (AuthenticationException failed) { } catch (AuthenticationException failed) {
unsuccessfulAuthentication(request, response, failed); unsuccessfulAuthentication(request, response, failed);
if (!continueFilterChainOnUnsuccessfulAuthentication) { if (!continueFilterChainOnUnsuccessfulAuthentication) {
throw failed; throw failed;
} }
@ -155,19 +160,19 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends SpringSec
public void setAuthenticationManager(AuthenticationManager authenticationManager) { public void setAuthenticationManager(AuthenticationManager authenticationManager) {
this.authenticationManager = authenticationManager; this.authenticationManager = authenticationManager;
} }
public void setContinueFilterChainOnUnsuccessfulAuthentication(boolean shouldContinue) { public void setContinueFilterChainOnUnsuccessfulAuthentication(boolean shouldContinue) {
continueFilterChainOnUnsuccessfulAuthentication = shouldContinue; continueFilterChainOnUnsuccessfulAuthentication = shouldContinue;
} }
/** /**
* Override to extract the principal information from the current request * Override to extract the principal information from the current request
*/ */
protected abstract Object getPreAuthenticatedPrincipal(HttpServletRequest request); protected abstract Object getPreAuthenticatedPrincipal(HttpServletRequest request);
/** /**
* Override to extract the credentials (if applicable) from the current request. Some implementations * Override to extract the credentials (if applicable) from the current request. Some implementations
* may return a dummy value. * may return a dummy value.
*/ */
protected abstract Object getPreAuthenticatedCredentials(HttpServletRequest request); protected abstract Object getPreAuthenticatedCredentials(HttpServletRequest request);
} }

View File

@ -19,10 +19,11 @@ import java.io.IOException;
import javax.servlet.FilterChain; import javax.servlet.FilterChain;
import javax.servlet.ServletException; import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.ApplicationEventPublisher; import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.ApplicationEventPublisherAware; import org.springframework.context.ApplicationEventPublisherAware;
import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.AuthenticationManager;
@ -30,9 +31,9 @@ import org.springframework.security.authentication.event.InteractiveAuthenticati
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.SpringSecurityFilter;
import org.springframework.security.web.authentication.RememberMeServices; import org.springframework.security.web.authentication.RememberMeServices;
import org.springframework.util.Assert; import org.springframework.util.Assert;
import org.springframework.web.filter.GenericFilterBean;
/** /**
@ -52,8 +53,7 @@ import org.springframework.util.Assert;
* @author Ben Alex * @author Ben Alex
* @version $Id$ * @version $Id$
*/ */
public class RememberMeProcessingFilter extends SpringSecurityFilter implements InitializingBean, public class RememberMeProcessingFilter extends GenericFilterBean implements ApplicationEventPublisherAware {
ApplicationEventPublisherAware {
//~ Instance fields ================================================================================================ //~ Instance fields ================================================================================================
@ -63,13 +63,16 @@ public class RememberMeProcessingFilter extends SpringSecurityFilter implements
//~ Methods ======================================================================================================== //~ Methods ========================================================================================================
public void afterPropertiesSet() throws Exception { @Override
public void afterPropertiesSet() {
Assert.notNull(authenticationManager, "authenticationManager must be specified"); Assert.notNull(authenticationManager, "authenticationManager must be specified");
Assert.notNull(rememberMeServices, "rememberMeServices must be specified"); Assert.notNull(rememberMeServices, "rememberMeServices must be specified");
} }
public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException { throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
if (SecurityContextHolder.getContext().getAuthentication() == null) { if (SecurityContextHolder.getContext().getAuthentication() == null) {
Authentication rememberMeAuth = rememberMeServices.autoLogin(request, response); Authentication rememberMeAuth = rememberMeServices.autoLogin(request, response);

View File

@ -21,11 +21,12 @@ import java.util.List;
import javax.servlet.FilterChain; import javax.servlet.FilterChain;
import javax.servlet.ServletException; import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.BeansException; import org.springframework.beans.BeansException;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.ApplicationEventPublisher; import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.ApplicationEventPublisherAware; import org.springframework.context.ApplicationEventPublisherAware;
import org.springframework.context.MessageSource; import org.springframework.context.MessageSource;
@ -48,7 +49,6 @@ import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsChecker; import org.springframework.security.core.userdetails.UserDetailsChecker;
import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.web.SpringSecurityFilter;
import org.springframework.security.web.authentication.AuthenticationFailureHandler; import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler; import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler; import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
@ -57,6 +57,7 @@ import org.springframework.security.web.authentication.WebAuthenticationDetailsS
import org.springframework.security.web.util.UrlUtils; import org.springframework.security.web.util.UrlUtils;
import org.springframework.util.Assert; import org.springframework.util.Assert;
import org.springframework.util.StringUtils; import org.springframework.util.StringUtils;
import org.springframework.web.filter.GenericFilterBean;
/** /**
@ -97,8 +98,8 @@ import org.springframework.util.StringUtils;
* *
* @see org.springframework.security.web.authentication.switchuser.SwitchUserGrantedAuthority * @see org.springframework.security.web.authentication.switchuser.SwitchUserGrantedAuthority
*/ */
public class SwitchUserProcessingFilter extends SpringSecurityFilter implements InitializingBean, public class SwitchUserProcessingFilter extends GenericFilterBean implements ApplicationEventPublisherAware,
ApplicationEventPublisherAware, MessageSourceAware { MessageSourceAware {
//~ Static fields/initializers ===================================================================================== //~ Static fields/initializers =====================================================================================
public static final String SPRING_SECURITY_SWITCH_USERNAME_KEY = "j_username"; public static final String SPRING_SECURITY_SWITCH_USERNAME_KEY = "j_username";
@ -121,7 +122,8 @@ public class SwitchUserProcessingFilter extends SpringSecurityFilter implements
//~ Methods ======================================================================================================== //~ Methods ========================================================================================================
public void afterPropertiesSet() throws Exception { @Override
public void afterPropertiesSet() {
Assert.notNull(userDetailsService, "userDetailsService must be specified"); Assert.notNull(userDetailsService, "userDetailsService must be specified");
Assert.isTrue(successHandler != null || targetUrl != null, "You must set either a successHandler or the targetUrl"); Assert.isTrue(successHandler != null || targetUrl != null, "You must set either a successHandler or the targetUrl");
if (targetUrl != null) { if (targetUrl != null) {
@ -137,8 +139,10 @@ public class SwitchUserProcessingFilter extends SpringSecurityFilter implements
} }
} }
public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException { throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
// check for switch or exit request // check for switch or exit request
if (requiresSwitchUser(request)) { if (requiresSwitchUser(request)) {

View File

@ -4,16 +4,18 @@ import java.io.IOException;
import javax.servlet.FilterChain; import javax.servlet.FilterChain;
import javax.servlet.ServletException; import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession; import javax.servlet.http.HttpSession;
import org.springframework.beans.BeanWrapperImpl; import org.springframework.beans.BeanWrapperImpl;
import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.SpringSecurityFilter;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter; import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationProcessingFilter; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationProcessingFilter;
import org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices; import org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices;
import org.springframework.web.filter.GenericFilterBean;
/** /**
* For internal use with namespace configuration in the case where a user doesn't configure a login page. * For internal use with namespace configuration in the case where a user doesn't configure a login page.
@ -25,7 +27,7 @@ import org.springframework.security.web.authentication.rememberme.AbstractRememb
* @version $Id$ * @version $Id$
* @since 2.0 * @since 2.0
*/ */
public class DefaultLoginPageGeneratingFilter extends SpringSecurityFilter { public class DefaultLoginPageGeneratingFilter extends GenericFilterBean {
public static final String DEFAULT_LOGIN_PAGE_URL = "/spring_security_login"; public static final String DEFAULT_LOGIN_PAGE_URL = "/spring_security_login";
public static final String ERROR_PARAMETER_NAME = "login_error"; public static final String ERROR_PARAMETER_NAME = "login_error";
boolean formLoginEnabled; boolean formLoginEnabled;
@ -73,7 +75,11 @@ public class DefaultLoginPageGeneratingFilter extends SpringSecurityFilter {
} }
} }
protected void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException { public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
if (isLoginUrlRequest(request)) { if (isLoginUrlRequest(request)) {
String loginPageHtml = generateLoginPageHtml(request); String loginPageHtml = generateLoginPageHtml(request);
response.setContentType("text/html;charset=UTF-8"); response.setContentType("text/html;charset=UTF-8");

View File

@ -19,11 +19,12 @@ import java.io.IOException;
import javax.servlet.FilterChain; import javax.servlet.FilterChain;
import javax.servlet.ServletException; import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import org.apache.commons.codec.binary.Base64; import org.apache.commons.codec.binary.Base64;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.authentication.AnonymousAuthenticationToken; import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.authentication.AuthenticationDetailsSource; import org.springframework.security.authentication.AuthenticationDetailsSource;
import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.AuthenticationManager;
@ -32,11 +33,11 @@ import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.AuthenticationEntryPoint; import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.SpringSecurityFilter;
import org.springframework.security.web.authentication.NullRememberMeServices; import org.springframework.security.web.authentication.NullRememberMeServices;
import org.springframework.security.web.authentication.RememberMeServices; import org.springframework.security.web.authentication.RememberMeServices;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource; import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.util.Assert; import org.springframework.util.Assert;
import org.springframework.web.filter.GenericFilterBean;
/** /**
@ -84,7 +85,7 @@ import org.springframework.util.Assert;
* @author Ben Alex * @author Ben Alex
* @version $Id$ * @version $Id$
*/ */
public class BasicProcessingFilter extends SpringSecurityFilter implements InitializingBean { public class BasicProcessingFilter extends GenericFilterBean {
//~ Instance fields ================================================================================================ //~ Instance fields ================================================================================================
@ -97,7 +98,8 @@ public class BasicProcessingFilter extends SpringSecurityFilter implements Initi
//~ Methods ======================================================================================================== //~ Methods ========================================================================================================
public void afterPropertiesSet() throws Exception { @Override
public void afterPropertiesSet() {
Assert.notNull(this.authenticationManager, "An AuthenticationManager is required"); Assert.notNull(this.authenticationManager, "An AuthenticationManager is required");
if(!isIgnoreFailure()) { if(!isIgnoreFailure()) {
@ -105,8 +107,10 @@ public class BasicProcessingFilter extends SpringSecurityFilter implements Initi
} }
} }
public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException { throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
String header = request.getHeader("Authorization"); String header = request.getHeader("Authorization");

View File

@ -18,9 +18,10 @@ package org.springframework.security.web.authentication.www;
import java.io.IOException; import java.io.IOException;
import java.util.Map; import java.util.Map;
import javax.servlet.Filter;
import javax.servlet.FilterChain; import javax.servlet.FilterChain;
import javax.servlet.ServletException; import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
@ -28,7 +29,6 @@ import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.digest.DigestUtils; import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.MessageSource; import org.springframework.context.MessageSource;
import org.springframework.context.MessageSourceAware; import org.springframework.context.MessageSourceAware;
import org.springframework.context.support.MessageSourceAccessor; import org.springframework.context.support.MessageSourceAccessor;
@ -44,10 +44,10 @@ import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.core.userdetails.cache.NullUserCache; import org.springframework.security.core.userdetails.cache.NullUserCache;
import org.springframework.security.web.SpringSecurityFilter;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource; import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.util.Assert; import org.springframework.util.Assert;
import org.springframework.util.StringUtils; import org.springframework.util.StringUtils;
import org.springframework.web.filter.GenericFilterBean;
/** /**
@ -76,7 +76,7 @@ import org.springframework.util.StringUtils;
* than Basic authentication. Please see RFC 2617 section 4 for a full discussion on the advantages of Digest * than Basic authentication. Please see RFC 2617 section 4 for a full discussion on the advantages of Digest
* authentication over Basic authentication, including commentary on the limitations that it still imposes. * authentication over Basic authentication, including commentary on the limitations that it still imposes.
*/ */
public class DigestProcessingFilter extends SpringSecurityFilter implements Filter, InitializingBean, MessageSourceAware { public class DigestProcessingFilter extends GenericFilterBean implements MessageSourceAware {
//~ Static fields/initializers ===================================================================================== //~ Static fields/initializers =====================================================================================
@ -93,13 +93,17 @@ public class DigestProcessingFilter extends SpringSecurityFilter implements Filt
//~ Methods ======================================================================================================== //~ Methods ========================================================================================================
public void afterPropertiesSet() throws Exception { @Override
public void afterPropertiesSet() {
Assert.notNull(userDetailsService, "A UserDetailsService is required"); Assert.notNull(userDetailsService, "A UserDetailsService is required");
Assert.notNull(authenticationEntryPoint, "A DigestProcessingFilterEntryPoint is required"); Assert.notNull(authenticationEntryPoint, "A DigestProcessingFilterEntryPoint is required");
} }
public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException { throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
String header = request.getHeader("Authorization"); String header = request.getHeader("Authorization");
if (logger.isDebugEnabled()) { if (logger.isDebugEnabled()) {

View File

@ -186,7 +186,7 @@ public class HttpSessionContextIntegrationFilter extends SecurityContextPersiste
//~ Methods ======================================================================================================== //~ Methods ========================================================================================================
public void afterPropertiesSet() throws Exception { public void afterPropertiesSet() {
if (forceEagerSessionCreation && !allowSessionCreation) { if (forceEagerSessionCreation && !allowSessionCreation) {
throw new IllegalArgumentException( throw new IllegalArgumentException(
"If using forceEagerSessionCreation, you must set allowSessionCreation to also be true"); "If using forceEagerSessionCreation, you must set allowSessionCreation to also be true");

View File

@ -4,13 +4,15 @@ import java.io.IOException;
import javax.servlet.FilterChain; import javax.servlet.FilterChain;
import javax.servlet.ServletException; import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession; import javax.servlet.http.HttpSession;
import org.springframework.security.core.context.SecurityContext; import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.SpringSecurityFilter; import org.springframework.web.filter.GenericFilterBean;
/** /**
* Populates the {@link SecurityContextHolder} with information obtained from * Populates the {@link SecurityContextHolder} with information obtained from
@ -37,7 +39,7 @@ import org.springframework.security.web.SpringSecurityFilter;
* @version $Id$ * @version $Id$
* @since 3.0 * @since 3.0
*/ */
public class SecurityContextPersistenceFilter extends SpringSecurityFilter { public class SecurityContextPersistenceFilter extends GenericFilterBean {
static final String FILTER_APPLIED = "__spring_security_scpf_applied"; static final String FILTER_APPLIED = "__spring_security_scpf_applied";
@ -45,9 +47,11 @@ public class SecurityContextPersistenceFilter extends SpringSecurityFilter {
private boolean forceEagerSessionCreation = false; private boolean forceEagerSessionCreation = false;
@Override
protected void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException { throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
if (request.getAttribute(FILTER_APPLIED) != null) { if (request.getAttribute(FILTER_APPLIED) != null) {
// ensure that filter is only applied once per request // ensure that filter is only applied once per request

View File

@ -4,10 +4,12 @@ import java.io.IOException;
import javax.servlet.FilterChain; import javax.servlet.FilterChain;
import javax.servlet.ServletException; import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import org.springframework.security.web.SpringSecurityFilter; import org.springframework.web.filter.GenericFilterBean;
/** /**
* Responsible for reconstituting the saved request if one is cached and it matches the current request. * Responsible for reconstituting the saved request if one is cached and it matches the current request.
@ -21,15 +23,15 @@ import org.springframework.security.web.SpringSecurityFilter;
* @version $Id$ * @version $Id$
* @since 3.0 * @since 3.0
*/ */
public class RequestCacheAwareFilter extends SpringSecurityFilter { public class RequestCacheAwareFilter extends GenericFilterBean {
private RequestCache requestCache = new HttpSessionRequestCache(); private RequestCache requestCache = new HttpSessionRequestCache();
@Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
protected void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
throws IOException, ServletException { throws IOException, ServletException {
HttpServletRequest wrappedSavedRequest = requestCache.getMatchingRequest(request, response); HttpServletRequest wrappedSavedRequest =
requestCache.getMatchingRequest((HttpServletRequest)request, (HttpServletResponse)response);
chain.doFilter(wrappedSavedRequest == null ? request : wrappedSavedRequest, response); chain.doFilter(wrappedSavedRequest == null ? request : wrappedSavedRequest, response);
} }

View File

@ -4,6 +4,8 @@ import java.io.IOException;
import javax.servlet.FilterChain; import javax.servlet.FilterChain;
import javax.servlet.ServletException; import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
@ -11,9 +13,9 @@ import org.springframework.security.authentication.AuthenticationTrustResolver;
import org.springframework.security.authentication.AuthenticationTrustResolverImpl; import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.SpringSecurityFilter;
import org.springframework.security.web.context.SecurityContextRepository; import org.springframework.security.web.context.SecurityContextRepository;
import org.springframework.util.Assert; import org.springframework.util.Assert;
import org.springframework.web.filter.GenericFilterBean;
/** /**
* Detects that a user has been authenticated since the start of the request and, if they have, calls the * Detects that a user has been authenticated since the start of the request and, if they have, calls the
@ -27,7 +29,7 @@ import org.springframework.util.Assert;
* @version $Id$ * @version $Id$
* @since 2.0 * @since 2.0
*/ */
public class SessionManagementFilter extends SpringSecurityFilter { public class SessionManagementFilter extends GenericFilterBean {
//~ Static fields/initializers ===================================================================================== //~ Static fields/initializers =====================================================================================
static final String FILTER_APPLIED = "__spring_security_session_fixation_filter_applied"; static final String FILTER_APPLIED = "__spring_security_session_fixation_filter_applied";
@ -46,8 +48,10 @@ public class SessionManagementFilter extends SpringSecurityFilter {
this.securityContextRepository = securityContextRepository; this.securityContextRepository = securityContextRepository;
} }
protected void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException { throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
if (request.getAttribute(FILTER_APPLIED) != null) { if (request.getAttribute(FILTER_APPLIED) != null) {
chain.doFilter(request, response); chain.doFilter(request, response);

View File

@ -19,11 +19,12 @@ import java.io.IOException;
import javax.servlet.FilterChain; import javax.servlet.FilterChain;
import javax.servlet.ServletException; import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.web.SpringSecurityFilter;
import org.springframework.util.Assert; import org.springframework.util.Assert;
import org.springframework.web.filter.GenericFilterBean;
/** /**
@ -37,7 +38,7 @@ import org.springframework.util.Assert;
* @author Luke Taylor * @author Luke Taylor
* @version $Id$ * @version $Id$
*/ */
public class SecurityContextHolderAwareRequestFilter extends SpringSecurityFilter { public class SecurityContextHolderAwareRequestFilter extends GenericFilterBean {
//~ Instance fields ================================================================================================ //~ Instance fields ================================================================================================
private String rolePrefix; private String rolePrefix;
@ -49,8 +50,8 @@ public class SecurityContextHolderAwareRequestFilter extends SpringSecurityFilte
this.rolePrefix = rolePrefix.trim(); this.rolePrefix = rolePrefix.trim();
} }
protected void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException { throws IOException, ServletException {
chain.doFilter(new SecurityContextHolderAwareRequestWrapper(request, rolePrefix), response); chain.doFilter(new SecurityContextHolderAwareRequestWrapper((HttpServletRequest) req, rolePrefix), res);
} }
} }

View File

@ -149,9 +149,7 @@ public class ChannelProcessingFilterTests {
filter.setSecurityMetadataSource(fids); filter.setSecurityMetadataSource(fids);
assertSame(fids, filter.getSecurityMetadataSource()); assertSame(fids, filter.getSecurityMetadataSource());
filter.init(null);
filter.afterPropertiesSet(); filter.afterPropertiesSet();
filter.destroy();
} }
//~ Inner Classes ================================================================================================== //~ Inner Classes ==================================================================================================

View File

@ -58,11 +58,10 @@ public class AnonymousProcessingFilterTests extends TestCase {
//~ Methods ======================================================================================================== //~ Methods ========================================================================================================
private void executeFilterInContainerSimulator(FilterConfig filterConfig, Filter filter, ServletRequest request, private void executeFilterInContainerSimulator(FilterConfig filterConfig, Filter filter, ServletRequest request,
ServletResponse response, FilterChain filterChain) ServletResponse response, FilterChain filterChain) throws ServletException, IOException {
throws ServletException, IOException { // filter.init(filterConfig);
filter.init(filterConfig);
filter.doFilter(request, response, filterChain); filter.doFilter(request, response, filterChain);
filter.destroy(); // filter.destroy();
} }
protected void setUp() throws Exception { protected void setUp() throws Exception {

View File

@ -52,7 +52,7 @@ public class AuthenticationProcessingFilterTests extends TestCase {
UsernamePasswordAuthenticationProcessingFilter filter = new UsernamePasswordAuthenticationProcessingFilter(); UsernamePasswordAuthenticationProcessingFilter filter = new UsernamePasswordAuthenticationProcessingFilter();
assertEquals("/j_spring_security_check", filter.getFilterProcessesUrl()); assertEquals("/j_spring_security_check", filter.getFilterProcessesUrl());
filter.setAuthenticationManager(createAuthenticationManager()); filter.setAuthenticationManager(createAuthenticationManager());
filter.init(null); // filter.init(null);
Authentication result = filter.attemptAuthentication(request, new MockHttpServletResponse()); Authentication result = filter.attemptAuthentication(request, new MockHttpServletResponse());
assertTrue(result != null); assertTrue(result != null);

View File

@ -37,7 +37,6 @@ public class RequestHeaderPreAuthenticatedProcessingFilterTests {
MockHttpServletResponse response = new MockHttpServletResponse(); MockHttpServletResponse response = new MockHttpServletResponse();
MockFilterChain chain = new MockFilterChain(); MockFilterChain chain = new MockFilterChain();
RequestHeaderPreAuthenticatedProcessingFilter filter = new RequestHeaderPreAuthenticatedProcessingFilter(); RequestHeaderPreAuthenticatedProcessingFilter filter = new RequestHeaderPreAuthenticatedProcessingFilter();
filter.getOrder();
filter.doFilter(request, response, chain); filter.doFilter(request, response, chain);
} }

View File

@ -56,11 +56,10 @@ public class RememberMeProcessingFilterTests extends TestCase {
//~ Methods ======================================================================================================== //~ Methods ========================================================================================================
private void executeFilterInContainerSimulator(FilterConfig filterConfig, Filter filter, ServletRequest request, private void executeFilterInContainerSimulator(FilterConfig filterConfig, Filter filter, ServletRequest request,
ServletResponse response, FilterChain filterChain) ServletResponse response, FilterChain filterChain) throws ServletException, IOException {
throws ServletException, IOException { // filter.init(filterConfig);
filter.init(filterConfig);
filter.doFilter(request, response, filterChain); filter.doFilter(request, response, filterChain);
filter.destroy(); // filter.destroy();
} }
protected void setUp() throws Exception { protected void setUp() throws Exception {

View File

@ -161,7 +161,7 @@ public class SwitchUserProcessingFilterTests {
// Check it with no url set (should get a text response) // Check it with no url set (should get a text response)
FilterChain chain = mock(FilterChain.class); FilterChain chain = mock(FilterChain.class);
filter.doFilterHttp(request, response, chain); filter.doFilter(request, response, chain);
verify(chain, never()).doFilter(request, response); verify(chain, never()).doFilter(request, response);
assertEquals("Authentication Failed: User is disabled", response.getErrorMessage()); assertEquals("Authentication Failed: User is disabled", response.getErrorMessage());
@ -177,7 +177,7 @@ public class SwitchUserProcessingFilterTests {
response = new MockHttpServletResponse(); response = new MockHttpServletResponse();
chain = mock(FilterChain.class); chain = mock(FilterChain.class);
filter.doFilterHttp(request, response, chain); filter.doFilter(request, response, chain);
verify(chain, never()).doFilter(request, response); verify(chain, never()).doFilter(request, response);
assertEquals("/mywebapp/switchfailed", response.getRedirectedUrl()); assertEquals("/mywebapp/switchfailed", response.getRedirectedUrl());

View File

@ -24,7 +24,6 @@ import java.io.IOException;
import javax.servlet.Filter; import javax.servlet.Filter;
import javax.servlet.FilterChain; import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException; import javax.servlet.ServletException;
import javax.servlet.ServletRequest; import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse; import javax.servlet.ServletResponse;
@ -63,13 +62,13 @@ public class BasicProcessingFilterTests {
private MockHttpServletResponse executeFilterInContainerSimulator(Filter filter, final ServletRequest request, private MockHttpServletResponse executeFilterInContainerSimulator(Filter filter, final ServletRequest request,
final boolean expectChainToProceed) throws ServletException, IOException { final boolean expectChainToProceed) throws ServletException, IOException {
filter.init(mock(FilterConfig.class)); // filter.init(mock(FilterConfig.class));
final MockHttpServletResponse response = new MockHttpServletResponse(); final MockHttpServletResponse response = new MockHttpServletResponse();
FilterChain chain = mock(FilterChain.class); FilterChain chain = mock(FilterChain.class);
filter.doFilter(request, response, chain); filter.doFilter(request, response, chain);
filter.destroy(); // filter.destroy();
verify(chain, expectChainToProceed ? times(1) : never()).doFilter(any(ServletRequest.class), any(ServletResponse.class)); verify(chain, expectChainToProceed ? times(1) : never()).doFilter(any(ServletRequest.class), any(ServletResponse.class));
return response; return response;

View File

@ -87,8 +87,6 @@ public class DigestProcessingFilterTests {
private MockHttpServletResponse executeFilterInContainerSimulator(Filter filter, final ServletRequest request, private MockHttpServletResponse executeFilterInContainerSimulator(Filter filter, final ServletRequest request,
final boolean expectChainToProceed) throws ServletException, IOException { final boolean expectChainToProceed) throws ServletException, IOException {
filter.init(mock(FilterConfig.class));
final MockHttpServletResponse response = new MockHttpServletResponse(); final MockHttpServletResponse response = new MockHttpServletResponse();
Mockery jmockContext = new JUnit4Mockery(); Mockery jmockContext = new JUnit4Mockery();
@ -99,7 +97,7 @@ public class DigestProcessingFilterTests {
}}); }});
filter.doFilter(request, response, chain); filter.doFilter(request, response, chain);
filter.destroy();
jmockContext.assertIsSatisfied(); jmockContext.assertIsSatisfied();
return response; return response;
} }

View File

@ -59,9 +59,9 @@ public class HttpSessionContextIntegrationFilterTests extends TestCase {
FilterConfig filterConfig, Filter filter, ServletRequest request, FilterConfig filterConfig, Filter filter, ServletRequest request,
ServletResponse response, FilterChain filterChain) ServletResponse response, FilterChain filterChain)
throws ServletException, IOException { throws ServletException, IOException {
filter.init(filterConfig); // filter.init(filterConfig);
filter.doFilter(request, response, filterChain); filter.doFilter(request, response, filterChain);
filter.destroy(); // filter.destroy();
} }
public void testDetectsIncompatibleSessionProperties() throws Exception { public void testDetectsIncompatibleSessionProperties() throws Exception {

View File

@ -42,7 +42,7 @@ public class SecurityContextHolderAwareRequestFilterTests {
public void expectedRequestWrapperClassIsUsed() throws Exception { public void expectedRequestWrapperClassIsUsed() throws Exception {
SecurityContextHolderAwareRequestFilter filter = new SecurityContextHolderAwareRequestFilter(); SecurityContextHolderAwareRequestFilter filter = new SecurityContextHolderAwareRequestFilter();
filter.setRolePrefix("ROLE_"); filter.setRolePrefix("ROLE_");
filter.init(jmock.mock(FilterConfig.class)); // filter.init(jmock.mock(FilterConfig.class));
final FilterChain filterChain = jmock.mock(FilterChain.class); final FilterChain filterChain = jmock.mock(FilterChain.class);
jmock.checking(new Expectations() {{ jmock.checking(new Expectations() {{

View File

@ -3,18 +3,18 @@ Bundle-Name: Spring Security Web
Bundle-Vendor: SpringSource Bundle-Vendor: SpringSource
Bundle-Version: ${version} Bundle-Version: ${version}
Bundle-ManifestVersion: 2 Bundle-ManifestVersion: 2
Excluded-Exports: Excluded-Exports:
org.springframework.security.web.authentication.preauth.websphere org.springframework.security.web.authentication.preauth.websphere
Excluded-Imports: Excluded-Imports:
javax.naming.*, javax.naming.*,
javax.rmi.*, javax.rmi.*,
javax.sql.*, javax.sql.*,
javax.security.auth.*, javax.security.auth.*,
org.aopalliance.* org.aopalliance.*
Ignored-Existing-Headers: Ignored-Existing-Headers:
Import-Package, Import-Package,
Export-Package Export-Package
Import-Template: Import-Template:
org.apache.commons.logging.*;version="[1.0.4, 2.0.0)", org.apache.commons.logging.*;version="[1.0.4, 2.0.0)",
org.apache.commons.codec.*;version="[1.3, 2.0)";resolution:=optional, org.apache.commons.codec.*;version="[1.3, 2.0)";resolution:=optional,
org.springframework.security.core.*;version="[${version}, 3.1.0)", org.springframework.security.core.*;version="[${version}, 3.1.0)",
@ -31,8 +31,9 @@ Import-Template:
org.springframework.jdbc.*;version="[3.0.0, 3.1.0)";resolution:=optional, org.springframework.jdbc.*;version="[3.0.0, 3.1.0)";resolution:=optional,
org.springframework.mock.web;version="[3.0.0, 3.1.0)";resolution:=optional, org.springframework.mock.web;version="[3.0.0, 3.1.0)";resolution:=optional,
org.springframework.web.context.*;version="[3.0.0, 3.1.0)";resolution:=optional, org.springframework.web.context.*;version="[3.0.0, 3.1.0)";resolution:=optional,
org.springframework.web.filter.*;version="[3.0.0, 3.1.0)",
org.springframework.util;version="[3.0.0, 3.1.0)";resolution:=optional, org.springframework.util;version="[3.0.0, 3.1.0)";resolution:=optional,
org.w3c.dom;version="0";resolution:=optional, org.w3c.dom;version="0";resolution:=optional,
org.xml.sax;version="0";resolution:=optional, org.xml.sax;version="0";resolution:=optional,
javax.servlet.*;version="0", javax.servlet.*;version="0",
javax.xml.parsers.*;version="0";resolution:=optional javax.xml.parsers.*;version="0";resolution:=optional