GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Added event for user context switching and updated switch user filter

1.0.x
Mark St. Godard 21 years ago
parent
55f5c3397a
commit
20ebb668a6
4 changed files with 102 additions and 91 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 43
      core/src/main/java/org/acegisecurity/providers/dao/event/AuthenticationSwitchUserEvent.java
  2. 99
      core/src/main/java/org/acegisecurity/ui/switchuser/SwitchUserProcessingFilter.java
  3. 11
      core/src/test/java/org/acegisecurity/providers/dao/event/AuthenticationEventTests.java
  4. 40
      core/src/test/java/org/acegisecurity/ui/switchuser/SwitchUserProcessingFilterTests.java

43
core/src/main/java/org/acegisecurity/providers/dao/event/AuthenticationSwitchUserEvent.java
Unescape View File

@ -0,0 +1,43 @@ @@ -0,0 +1,43 @@
/* Copyright 2004, 2005 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.providers.dao.event;
import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.UserDetails;
/**
* Application event which indicates that a user context switch.
*
* @author Mark St.Godard
* @version $Id$
*/
public class AuthenticationSwitchUserEvent extends AuthenticationEvent {
//~ Constructors ===========================================================
/**
* Switch user context event constructor
*
* @param authentication The current <code>Authentication</code> object
* @param sourceUser The original user
* @param targetUser The target user
*/
public AuthenticationSwitchUserEvent(Authentication authentication,
UserDetails targetUser) {
super(authentication, targetUser);
}
}

99
core/src/main/java/org/acegisecurity/ui/switchuser/SwitchUserProcessingFilter.java
Unescape View File

@ -15,6 +15,20 @@ @@ -15,6 +15,20 @@
package net.sf.acegisecurity.ui.switchuser;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.sf.acegisecurity.AccountExpiredException;
import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.AuthenticationCredentialsNotFoundException;
@ -27,30 +41,17 @@ import net.sf.acegisecurity.context.SecurityContextHolder; @@ -27,30 +41,17 @@ import net.sf.acegisecurity.context.SecurityContextHolder;
import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import net.sf.acegisecurity.providers.dao.AuthenticationDao;
import net.sf.acegisecurity.providers.dao.UsernameNotFoundException;
import net.sf.acegisecurity.providers.dao.event.AuthenticationSwitchUserEvent;
import net.sf.acegisecurity.ui.WebAuthenticationDetails;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import org.springframework.util.Assert;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* Switch User processing filter responsible for user context switching.
@ -104,7 +105,8 @@ import javax.servlet.http.HttpServletResponse; @@ -104,7 +105,8 @@ import javax.servlet.http.HttpServletResponse;
*
* @see net.sf.acegisecurity.ui.switchuser.SwitchUserGrantedAuthority
*/
public class SwitchUserProcessingFilter implements InitializingBean, Filter {
public class SwitchUserProcessingFilter implements Filter, InitializingBean,
ApplicationContextAware {
//~ Static fields/initializers =============================================
private static final Log logger = LogFactory.getLog(SwitchUserProcessingFilter.class);
@ -112,19 +114,26 @@ public class SwitchUserProcessingFilter implements InitializingBean, Filter { @@ -112,19 +114,26 @@ public class SwitchUserProcessingFilter implements InitializingBean, Filter {
// ~ Static fields/initializers
// =============================================
public static final String ACEGI_SECURITY_SWITCH_USERNAME_KEY = "j_username";
public static final String SWITCH_USER_GRANTED_AUTHORITY = "PREVIOUS_ADMINISTRATOR";
public static final String ROLE_PREVIOUS_ADMINISTRATOR = "ROLE_PREVIOUS_ADMINISTRATOR";
//~ Instance fields ========================================================
private ApplicationContext context;
// ~ Instance fields
// ========================================================
private AuthenticationDao authenticationDao;
private String exitUserUrl;
private String switchUserUrl;
private String exitUserUrl = "/j_acegi_exit_user";
private String switchUserUrl = "/j_acegi_switch_user";
private String targetUrl;
//~ Methods ================================================================
public void setApplicationContext(ApplicationContext context)
throws BeansException {
this.context = context;
}
/**
* Sets the authentication data access object.
*
@ -134,27 +143,6 @@ public class SwitchUserProcessingFilter implements InitializingBean, Filter { @@ -134,27 +143,6 @@ public class SwitchUserProcessingFilter implements InitializingBean, Filter {
this.authenticationDao = authenticationDao;
}
/**
* This filter by default responds to <code>/j_acegi_exit_user</code>.
*
* @return the default exit user url
*/
public String getDefaultExitUserUrl() {
return "/j_acegi_exit_user";
}
// ~ Methods
// ================================================================
/**
* This filter by default responds to <code>/j_acegi_switch_user</code>.
*
* @return the default switch user url
*/
public String getDefaultSwitchUserUrl() {
return "/j_acegi_switch_user";
}
/**
* Set the URL to respond to exit user processing.
*
@ -196,13 +184,9 @@ public class SwitchUserProcessingFilter implements InitializingBean, Filter { @@ -196,13 +184,9 @@ public class SwitchUserProcessingFilter implements InitializingBean, Filter {
*/
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
if (!(request instanceof HttpServletRequest)) {
throw new ServletException("Can only process HttpServletRequest");
}
if (!(response instanceof HttpServletResponse)) {
throw new ServletException("Can only process HttpServletResponse");
}
Assert.isInstanceOf(HttpServletRequest.class,request);
Assert.isInstanceOf(HttpServletResponse.class,response);
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
@ -214,7 +198,7 @@ public class SwitchUserProcessingFilter implements InitializingBean, Filter { @@ -214,7 +198,7 @@ public class SwitchUserProcessingFilter implements InitializingBean, Filter {
// update the current context to the new target user
SecurityContextHolder.getContext().setAuthentication(targetUser);
// redirect to target url
httpResponse.sendRedirect(httpResponse.encodeRedirectURL(targetUrl));
@ -268,6 +252,12 @@ public class SwitchUserProcessingFilter implements InitializingBean, Filter { @@ -268,6 +252,12 @@ public class SwitchUserProcessingFilter implements InitializingBean, Filter {
throw new AuthenticationCredentialsNotFoundException(
"Could not find original Authentication object!");
}
// TODO: fix target user on exit
if (this.context != null) {
context.publishEvent(new AuthenticationSwitchUserEvent(
current, null) );
}
return original;
}
@ -333,6 +323,13 @@ public class SwitchUserProcessingFilter implements InitializingBean, Filter { @@ -333,6 +323,13 @@ public class SwitchUserProcessingFilter implements InitializingBean, Filter {
logger.debug("Switch User Token [" + targetUserRequest + "]");
}
// publish event
if (this.context != null) {
context.publishEvent(new AuthenticationSwitchUserEvent(
SecurityContextHolder.getContext().getAuthentication(),
targetUser) );
}
return targetUserRequest;
}
@ -437,7 +434,7 @@ public class SwitchUserProcessingFilter implements InitializingBean, Filter { @@ -437,7 +434,7 @@ public class SwitchUserProcessingFilter implements InitializingBean, Filter {
// which will be used to 'exit' from the current switched user.
Authentication currentAuth = SecurityContextHolder.getContext()
.getAuthentication();
GrantedAuthority switchAuthority = new SwitchUserGrantedAuthority(SWITCH_USER_GRANTED_AUTHORITY,
GrantedAuthority switchAuthority = new SwitchUserGrantedAuthority(ROLE_PREVIOUS_ADMINISTRATOR,
currentAuth);
// get the original authorities

11
core/src/test/java/org/acegisecurity/providers/dao/event/AuthenticationEventTests.java
Unescape View File

@ -22,6 +22,7 @@ import net.sf.acegisecurity.GrantedAuthority; @@ -22,6 +22,7 @@ import net.sf.acegisecurity.GrantedAuthority;
import net.sf.acegisecurity.GrantedAuthorityImpl;
import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import net.sf.acegisecurity.providers.dao.User;
import net.sf.acegisecurity.ui.switchuser.SwitchUserGrantedAuthority;
/**
@ -88,6 +89,16 @@ public class AuthenticationEventTests extends TestCase { @@ -88,6 +89,16 @@ public class AuthenticationEventTests extends TestCase {
assertEquals(user, event.getUser());
}
public void testSwitchUserContextEvent() {
Authentication auth = getAuthentication();
User targetUser = getUser();
AuthenticationSwitchUserEvent event = new AuthenticationSwitchUserEvent(auth,
targetUser);
assertEquals(auth, event.getAuthentication());
assertEquals(targetUser, event.getUser());
}
private Authentication getAuthentication() {
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken("Principal",
"Credentials");

40
core/src/test/java/org/acegisecurity/ui/switchuser/SwitchUserProcessingFilterTests.java
Unescape View File

@ -16,7 +16,6 @@ @@ -16,7 +16,6 @@
package net.sf.acegisecurity.ui.switchuser;
import junit.framework.TestCase;
import net.sf.acegisecurity.AccountExpiredException;
import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.AuthenticationException;
@ -33,7 +32,6 @@ import net.sf.acegisecurity.providers.dao.UsernameNotFoundException; @@ -33,7 +32,6 @@ import net.sf.acegisecurity.providers.dao.UsernameNotFoundException;
import net.sf.acegisecurity.util.MockFilterChain;
import org.springframework.dao.DataAccessException;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
@ -191,34 +189,6 @@ public class SwitchUserProcessingFilterTests extends TestCase { @@ -191,34 +189,6 @@ public class SwitchUserProcessingFilterTests extends TestCase {
}
}
public void testBadConfigMissingExitUserUrl() {
SwitchUserProcessingFilter filter = new SwitchUserProcessingFilter();
filter.setAuthenticationDao(new MockAuthenticationDaoUserJackLord());
filter.setSwitchUserUrl("/j_acegi_switch_user");
filter.setTargetUrl("/main.jsp");
try {
filter.afterPropertiesSet();
fail("Expect to fail due to missing 'exitUserUrl'");
} catch (Exception expected) {
// expected exception
}
}
public void testBadConfigMissingSwitchUserUrl() {
SwitchUserProcessingFilter filter = new SwitchUserProcessingFilter();
filter.setAuthenticationDao(new MockAuthenticationDaoUserJackLord());
filter.setExitUserUrl("/j_acegi_exit_user");
filter.setTargetUrl("/main.jsp");
try {
filter.afterPropertiesSet();
fail("Expect to fail due to missing 'switchUserUrl'");
} catch (Exception expected) {
// expected exception
}
}
public void testBadConfigMissingTargetUrl() {
SwitchUserProcessingFilter filter = new SwitchUserProcessingFilter();
filter.setAuthenticationDao(new MockAuthenticationDaoUserJackLord());
@ -233,11 +203,6 @@ public class SwitchUserProcessingFilterTests extends TestCase { @@ -233,11 +203,6 @@ public class SwitchUserProcessingFilterTests extends TestCase {
}
}
public void testDefaultExitProcessUrl() {
SwitchUserProcessingFilter filter = new SwitchUserProcessingFilter();
assertEquals("/j_acegi_exit_user", filter.getDefaultExitUserUrl());
}
public void testDefaultProcessesFilterUrlWithPathParameter() {
MockHttpServletRequest request = createMockSwitchRequest();
SwitchUserProcessingFilter filter = new SwitchUserProcessingFilter();
@ -248,11 +213,6 @@ public class SwitchUserProcessingFilterTests extends TestCase { @@ -248,11 +213,6 @@ public class SwitchUserProcessingFilterTests extends TestCase {
assertTrue(filter.requiresSwitchUser(request));
}
public void testDefaultSwitchProcessUrl() {
SwitchUserProcessingFilter filter = new SwitchUserProcessingFilter();
assertEquals("/j_acegi_switch_user", filter.getDefaultSwitchUserUrl());
}
public void testExitRequestUserJackLordToDano() throws Exception {
// original user
GrantedAuthority[] auths = {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(

Write Preview
Loading…
Cancel
Save