Allow PrincipalExtractor to be customized.

Signed-off-by: Sola <dev@sola.love>
7 years ago · 2980f96b55
1 changed files with 27 additions and 15 deletions
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/X509Configurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/X509Configurer.java
@ -1,5 +1,5 @@
				@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2013 the original author or authors.
+ * Copyright 2002-2018 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -15,8 +15,6 @@
				@@ -15,8 +15,6 @@
 */
 package org.springframework.security.config.annotation.web.configurers;

-import javax.servlet.http.HttpServletRequest;
-
 import org.springframework.security.authentication.AuthenticationDetailsSource;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
@ -32,6 +30,9 @@ import org.springframework.security.web.authentication.preauth.PreAuthenticatedA
				@@ -32,6 +30,9 @@ import org.springframework.security.web.authentication.preauth.PreAuthenticatedA
 import org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails;
 import org.springframework.security.web.authentication.preauth.x509.SubjectDnX509PrincipalExtractor;
 import org.springframework.security.web.authentication.preauth.x509.X509AuthenticationFilter;
+import org.springframework.security.web.authentication.preauth.x509.X509PrincipalExtractor;
+
+import javax.servlet.http.HttpServletRequest;

 /**
 * Adds X509 based pre authentication to an application. Since validating the certificate
@ -40,7 +41,7 @@ import org.springframework.security.web.authentication.preauth.x509.X509Authenti
				@@ -40,7 +41,7 @@ import org.springframework.security.web.authentication.preauth.x509.X509Authenti
 * certificate to look up the {@link Authentication} for the user.
 *
 * <h2>Security Filters</h2>
- *
+ * <p>
 * The following Filters are populated
 *
 * <ul>
@ -48,7 +49,7 @@ import org.springframework.security.web.authentication.preauth.x509.X509Authenti
				@@ -48,7 +49,7 @@ import org.springframework.security.web.authentication.preauth.x509.X509Authenti
 * </ul>
 *
 * <h2>Shared Objects Created</h2>
- *
+ * <p>
 * The following shared objects are created
 *
 * <ul>
@ -61,7 +62,7 @@ import org.springframework.security.web.authentication.preauth.x509.X509Authenti
				@@ -61,7 +62,7 @@ import org.springframework.security.web.authentication.preauth.x509.X509Authenti
 * </ul>
 *
 * <h2>Shared Objects Used</h2>
- *
+ * <p>
 * The following shared objects are used:
 *
 * <ul>
@ -75,12 +76,13 @@ import org.springframework.security.web.authentication.preauth.x509.X509Authenti
				@@ -75,12 +76,13 @@ import org.springframework.security.web.authentication.preauth.x509.X509Authenti
 public final class X509Configurer<H extends HttpSecurityBuilder<H>> extends
 		AbstractHttpConfigurer<X509Configurer<H>, H> {
 	private X509AuthenticationFilter x509AuthenticationFilter;
+	private X509PrincipalExtractor x509PrincipalExtractor;
 	private AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken> authenticationUserDetailsService;
-	private String subjectPrincipalRegex;
 	private AuthenticationDetailsSource<HttpServletRequest, PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails> authenticationDetailsSource;

 	/**
 	 * Creates a new instance
+	 *
 	 * @see HttpSecurity#x509()
 	 */
 	public X509Configurer() {
@ -100,6 +102,17 @@ public final class X509Configurer<H extends HttpSecurityBuilder<H>> extends
				@@ -100,6 +102,17 @@ public final class X509Configurer<H extends HttpSecurityBuilder<H>> extends
 		return this;
 	}

+	/**
+	 * Specifies the {@link X509PrincipalExtractor}
+	 *
+	 * @param x509PrincipalExtractor the {@link X509PrincipalExtractor} to use
+	 * @return the {@link X509Configurer} to use
+	 */
+	public X509Configurer<H> x509PrincipalExtractor(X509PrincipalExtractor x509PrincipalExtractor) {
+		this.x509PrincipalExtractor = x509PrincipalExtractor;
+		return this;
+	}
+
 	/**
 	 * Specifies the {@link AuthenticationDetailsSource}
 	 *
@ -131,8 +144,7 @@ public final class X509Configurer<H extends HttpSecurityBuilder<H>> extends
				@@ -131,8 +144,7 @@ public final class X509Configurer<H extends HttpSecurityBuilder<H>> extends
 	 * the shared {@link UserDetailsService} will be used to create a
 	 * {@link UserDetailsByNameServiceWrapper}.
 	 *
-	 * @param authenticationUserDetailsService the
-	 * {@link AuthenticationUserDetailsService} to use
+	 * @param authenticationUserDetailsService the {@link AuthenticationUserDetailsService} to use
 	 * @return the {@link X509Configurer} for further customizations
 	 */
 	public X509Configurer<H> authenticationUserDetailsService(
@ -147,11 +159,13 @@ public final class X509Configurer<H extends HttpSecurityBuilder<H>> extends
				@@ -147,11 +159,13 @@ public final class X509Configurer<H extends HttpSecurityBuilder<H>> extends
 	 * used.
 	 *
 	 * @param subjectPrincipalRegex the regex to extract the user principal from the
-	 * certificate (i.e. "CN=(.*?)(?:,|$)").
+	 *                              certificate (i.e. "CN=(.*?)(?:,|$)").
 	 * @return the {@link X509Configurer} for further customizations
 	 */
 	public X509Configurer<H> subjectPrincipalRegex(String subjectPrincipalRegex) {
-		this.subjectPrincipalRegex = subjectPrincipalRegex;
+		SubjectDnX509PrincipalExtractor principalExtractor = new SubjectDnX509PrincipalExtractor();
+		principalExtractor.setSubjectDnRegex(subjectPrincipalRegex);
+		this.x509PrincipalExtractor = principalExtractor;
 		return this;
 	}

@ -178,10 +192,8 @@ public final class X509Configurer<H extends HttpSecurityBuilder<H>> extends
				@@ -178,10 +192,8 @@ public final class X509Configurer<H extends HttpSecurityBuilder<H>> extends
 		if (x509AuthenticationFilter == null) {
 			x509AuthenticationFilter = new X509AuthenticationFilter();
 			x509AuthenticationFilter.setAuthenticationManager(authenticationManager);
-			if (subjectPrincipalRegex != null) {
-				SubjectDnX509PrincipalExtractor principalExtractor = new SubjectDnX509PrincipalExtractor();
-				principalExtractor.setSubjectDnRegex(subjectPrincipalRegex);
-				x509AuthenticationFilter.setPrincipalExtractor(principalExtractor);
+			if (x509PrincipalExtractor != null) {
+				x509AuthenticationFilter.setPrincipalExtractor(x509PrincipalExtractor);
 			}
 			if (authenticationDetailsSource != null) {
 				x509AuthenticationFilter