diff --git a/cas/src/main/java/org/springframework/security/ui/cas/CasProcessingFilterEntryPoint.java b/cas/src/main/java/org/springframework/security/ui/cas/CasProcessingFilterEntryPoint.java index 52a2857c07..5c9b0d17cb 100644 --- a/cas/src/main/java/org/springframework/security/ui/cas/CasProcessingFilterEntryPoint.java +++ b/cas/src/main/java/org/springframework/security/ui/cas/CasProcessingFilterEntryPoint.java @@ -18,8 +18,7 @@ package org.springframework.security.ui.cas; import java.io.IOException; import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.jasig.cas.client.util.CommonUtils; @@ -66,7 +65,7 @@ public class CasProcessingFilterEntryPoint implements AuthenticationEntryPoint, Assert.notNull(this.serviceProperties, "serviceProperties must be specified"); } - public void commence(final ServletRequest servletRequest, final ServletResponse servletResponse, + public void commence(final HttpServletRequest servletRequest, final HttpServletResponse servletResponse, final AuthenticationException authenticationException) throws IOException, ServletException { final HttpServletResponse response = (HttpServletResponse) servletResponse; diff --git a/core/src/main/java/org/springframework/security/intercept/web/FilterInvocation.java b/core/src/main/java/org/springframework/security/intercept/web/FilterInvocation.java index 2708809fc3..f2de9b39b8 100644 --- a/core/src/main/java/org/springframework/security/intercept/web/FilterInvocation.java +++ b/core/src/main/java/org/springframework/security/intercept/web/FilterInvocation.java @@ -27,9 +27,10 @@ import javax.servlet.http.HttpServletResponse; /** * Holds objects associated with a HTTP filter.

Guarantees the request and response are instances of * HttpServletRequest and HttpServletResponse, and that there are no null - * objects.

- *

Required so that security system classes can obtain access to the filter environment, as well as the request - * and response.

+ * objects. + *

+ * Required so that security system classes can obtain access to the filter environment, as well as the request + * and response. * * @author Ben Alex * @author colin sampaleanu @@ -39,8 +40,8 @@ public class FilterInvocation { //~ Instance fields ================================================================================================ private FilterChain chain; - private ServletRequest request; - private ServletResponse response; + private HttpServletRequest request; + private HttpServletResponse response; //~ Constructors =================================================================================================== @@ -49,16 +50,8 @@ public class FilterInvocation { throw new IllegalArgumentException("Cannot pass null values to constructor"); } - if (!(request instanceof HttpServletRequest)) { - throw new IllegalArgumentException("Can only process HttpServletRequest"); - } - - if (!(response instanceof HttpServletResponse)) { - throw new IllegalArgumentException("Can only process HttpServletResponse"); - } - - this.request = request; - this.response = response; + this.request = (HttpServletRequest) request; + this.response = (HttpServletResponse) response; this.chain = chain; } @@ -69,8 +62,10 @@ public class FilterInvocation { } /** - * Indicates the URL that the user agent used for this request.

The returned URL does not reflect - * the port number determined from a {@link org.springframework.security.util.PortResolver}.

+ * Indicates the URL that the user agent used for this request. + *

+ * The returned URL does not reflect the port number determined from a + * {@link org.springframework.security.util.PortResolver}. * * @return the full URL of this request */ @@ -79,17 +74,13 @@ public class FilterInvocation { } public HttpServletRequest getHttpRequest() { - return (HttpServletRequest) request; + return request; } public HttpServletResponse getHttpResponse() { return (HttpServletResponse) response; } - public ServletRequest getRequest() { - return request; - } - /** * Obtains the web application-specific fragment of the URL. * @@ -99,8 +90,12 @@ public class FilterInvocation { return UrlUtils.getRequestUrl(this); } - public ServletResponse getResponse() { - return response; + public HttpServletRequest getRequest() { + return getHttpRequest(); + } + + public HttpServletResponse getResponse() { + return getHttpResponse(); } public String toString() { diff --git a/core/src/main/java/org/springframework/security/intercept/web/FilterSecurityInterceptor.java b/core/src/main/java/org/springframework/security/intercept/web/FilterSecurityInterceptor.java index 1a3466921d..c05c74742c 100644 --- a/core/src/main/java/org/springframework/security/intercept/web/FilterSecurityInterceptor.java +++ b/core/src/main/java/org/springframework/security/intercept/web/FilterSecurityInterceptor.java @@ -32,10 +32,12 @@ import javax.servlet.ServletResponse; /** - * Performs security handling of HTTP resources via a filter implementation.

The - * ObjectDefinitionSource required by this security interceptor is of type {@link - * FilterInvocationDefinitionSource}.

- *

Refer to {@link AbstractSecurityInterceptor} for details on the workflow.

+ * Performs security handling of HTTP resources via a filter implementation. + *

+ * The ObjectDefinitionSource required by this security interceptor is of type {@link + * FilterInvocationDefinitionSource}. + *

+ * Refer to {@link AbstractSecurityInterceptor} for details on the workflow.

* * @author Ben Alex * @version $Id$ @@ -78,7 +80,7 @@ public class FilterSecurityInterceptor extends AbstractSecurityInterceptor imple * @throws ServletException if the filter chain fails */ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) - throws IOException, ServletException { + throws IOException, ServletException { FilterInvocation fi = new FilterInvocation(request, response, chain); invoke(fi); } @@ -93,7 +95,7 @@ public class FilterSecurityInterceptor extends AbstractSecurityInterceptor imple public void invoke(FilterInvocation fi) throws IOException, ServletException { if ((fi.getRequest() != null) && (fi.getRequest().getAttribute(FILTER_APPLIED) != null) - && observeOncePerRequest) { + && observeOncePerRequest) { // filter already applied to this request and user wants us to observce // once-per-request handling, so don't re-do security checking fi.getChain().doFilter(fi.getRequest(), fi.getResponse()); diff --git a/core/src/main/java/org/springframework/security/securechannel/AbstractRetryEntryPoint.java b/core/src/main/java/org/springframework/security/securechannel/AbstractRetryEntryPoint.java index d779e23882..bcabc68ba0 100644 --- a/core/src/main/java/org/springframework/security/securechannel/AbstractRetryEntryPoint.java +++ b/core/src/main/java/org/springframework/security/securechannel/AbstractRetryEntryPoint.java @@ -9,8 +9,6 @@ import org.springframework.util.Assert; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -42,7 +40,7 @@ public abstract class AbstractRetryEntryPoint implements ChannelEntryPoint { //~ Methods ======================================================================================================== - public void commence(ServletRequest req, ServletResponse res) throws IOException, ServletException { + public void commence(HttpServletRequest req, HttpServletResponse res) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) req; String pathInfo = request.getPathInfo(); diff --git a/core/src/main/java/org/springframework/security/securechannel/ChannelEntryPoint.java b/core/src/main/java/org/springframework/security/securechannel/ChannelEntryPoint.java index 824888b504..9ee0de7b0e 100644 --- a/core/src/main/java/org/springframework/security/securechannel/ChannelEntryPoint.java +++ b/core/src/main/java/org/springframework/security/securechannel/ChannelEntryPoint.java @@ -18,19 +18,17 @@ package org.springframework.security.securechannel; import java.io.IOException; import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; /** * May be used by a {@link ChannelProcessor} to launch a web channel. * - *

- * ChannelProcessors can elect to launch a new web channel - * directly, or they can delegate to another class. The - * ChannelEntryPoint is a pluggable interface to assist - * ChannelProcessors in performing this delegation. - *

+ *

+ * ChannelProcessors can elect to launch a new web channel directly, or they can delegate to another class. + * The ChannelEntryPoint is a pluggable interface to assist ChannelProcessors in performing + * this delegation. * * @author Ben Alex * @version $Id$ @@ -39,16 +37,14 @@ public interface ChannelEntryPoint { //~ Methods ======================================================================================================== /** - * Commences a secure channel.

Implementations should modify the headers on the - * ServletResponse as necessary to commence the user agent using the implementation's supported - * channel type.

+ * Commences a secure channel. + *

+ * Implementations should modify the headers on the ServletResponse as necessary to commence the user + * agent using the implementation's supported channel type. * * @param request that a ChannelProcessor has rejected * @param response so that the user agent can begin using a new channel * - * @throws IOException DOCUMENT ME! - * @throws ServletException DOCUMENT ME! */ - void commence(ServletRequest request, ServletResponse response) - throws IOException, ServletException; + void commence(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException; } diff --git a/core/src/main/java/org/springframework/security/ui/AccessDeniedHandler.java b/core/src/main/java/org/springframework/security/ui/AccessDeniedHandler.java index 0a0a62bd1c..a5716cce84 100644 --- a/core/src/main/java/org/springframework/security/ui/AccessDeniedHandler.java +++ b/core/src/main/java/org/springframework/security/ui/AccessDeniedHandler.java @@ -20,8 +20,8 @@ import org.springframework.security.AccessDeniedException; import java.io.IOException; import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; /** @@ -44,6 +44,6 @@ public interface AccessDeniedHandler { * @throws IOException in the event of an IOException * @throws ServletException in the event of a ServletException */ - void handle(ServletRequest request, ServletResponse response, AccessDeniedException accessDeniedException) + void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException; } diff --git a/core/src/main/java/org/springframework/security/ui/AccessDeniedHandlerImpl.java b/core/src/main/java/org/springframework/security/ui/AccessDeniedHandlerImpl.java index 2af0a9fc10..b76927311f 100644 --- a/core/src/main/java/org/springframework/security/ui/AccessDeniedHandlerImpl.java +++ b/core/src/main/java/org/springframework/security/ui/AccessDeniedHandlerImpl.java @@ -15,28 +15,27 @@ package org.springframework.security.ui; -import org.springframework.security.AccessDeniedException; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - import java.io.IOException; import javax.servlet.RequestDispatcher; import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.springframework.security.AccessDeniedException; + /** - * Base implementation of {@link AccessDeniedHandler}.

This implementation sends a 403 (SC_FORBIDDEN) HTTP error - * code. In addition, if a {@link #errorPage} is defined, the implementation will perform a request dispatcher - * "forward" to the specified error page view. Being a "forward", the SecurityContextHolder will remain + * Base implementation of {@link AccessDeniedHandler}. + *

+ * This implementation sends a 403 (SC_FORBIDDEN) HTTP error code. In addition, if an {@link #errorPage} is defined, + * the implementation will perform a request dispatcher "forward" to the specified error page view. + * Being a "forward", the SecurityContextHolder will remain * populated. This is of benefit if the view (or a tag library or macro) wishes to access the * SecurityContextHolder. The request scope will also be populated with the exception itself, available - * from the key {@link #SPRING_SECURITY_ACCESS_DENIED_EXCEPTION_KEY}.

+ * from the key {@link #SPRING_SECURITY_ACCESS_DENIED_EXCEPTION_KEY}. * * @author Ben Alex * @version $Id$ @@ -53,7 +52,7 @@ public class AccessDeniedHandlerImpl implements AccessDeniedHandler { //~ Methods ======================================================================================================== - public void handle(ServletRequest request, ServletResponse response, AccessDeniedException accessDeniedException) + public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException { if (!response.isCommitted()) { if (errorPage != null) { @@ -61,15 +60,13 @@ public class AccessDeniedHandlerImpl implements AccessDeniedHandler { request.setAttribute(SPRING_SECURITY_ACCESS_DENIED_EXCEPTION_KEY, accessDeniedException); // Set the 403 status code. - HttpServletResponse resp = (HttpServletResponse) response; - resp.setStatus(HttpServletResponse.SC_FORBIDDEN); + response.setStatus(HttpServletResponse.SC_FORBIDDEN); // forward to error page. RequestDispatcher dispatcher = request.getRequestDispatcher(errorPage); dispatcher.forward(request, response); } else { - HttpServletResponse resp = (HttpServletResponse) response; - resp.sendError(HttpServletResponse.SC_FORBIDDEN, accessDeniedException.getMessage()); + response.sendError(HttpServletResponse.SC_FORBIDDEN, accessDeniedException.getMessage()); } } } diff --git a/core/src/main/java/org/springframework/security/ui/AuthenticationEntryPoint.java b/core/src/main/java/org/springframework/security/ui/AuthenticationEntryPoint.java index afa0f08dbb..9ec372e5f2 100644 --- a/core/src/main/java/org/springframework/security/ui/AuthenticationEntryPoint.java +++ b/core/src/main/java/org/springframework/security/ui/AuthenticationEntryPoint.java @@ -20,13 +20,12 @@ import org.springframework.security.AuthenticationException; import java.io.IOException; import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; /** - * Used by {@link ExceptionTranslationFilter} to commence an authentication - * scheme. + * Used by {@link ExceptionTranslationFilter} to commence an authentication scheme. * * @author Ben Alex * @version $Id$ @@ -39,16 +38,16 @@ public interface AuthenticationEntryPoint { *

* ExceptionTranslationFilter will populate the HttpSession attribute named * AbstractProcessingFilter.SPRING_SECURITY_SAVED_REQUEST_KEY with the requested target URL before - * calling this method.

- * - *

Implementations should modify the headers on the ServletResponse as necessary to - * commence the authentication process.

+ * calling this method. + *

+ * Implementations should modify the headers on the ServletResponse as necessary to + * commence the authentication process. * * @param request that resulted in an AuthenticationException * @param response so that the user agent can begin authentication * @param authException that caused the invocation * */ - void commence(ServletRequest request, ServletResponse response, AuthenticationException authException) + void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException; } diff --git a/core/src/main/java/org/springframework/security/ui/ExceptionTranslationFilter.java b/core/src/main/java/org/springframework/security/ui/ExceptionTranslationFilter.java index a318874dfe..90f26b30c9 100644 --- a/core/src/main/java/org/springframework/security/ui/ExceptionTranslationFilter.java +++ b/core/src/main/java/org/springframework/security/ui/ExceptionTranslationFilter.java @@ -35,8 +35,6 @@ import java.io.IOException; import javax.servlet.FilterChain; import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -139,7 +137,7 @@ public class ExceptionTranslationFilter extends SpringSecurityFilter implements return portResolver; } - private void handleException(ServletRequest request, ServletResponse response, FilterChain chain, + private void handleException(HttpServletRequest request, HttpServletResponse response, FilterChain chain, SpringSecurityException exception) throws IOException, ServletException { if (exception instanceof AuthenticationException) { if (logger.isDebugEnabled()) { @@ -188,7 +186,7 @@ public class ExceptionTranslationFilter extends SpringSecurityFilter implements return createSessionAllowed; } - protected void sendStartAuthentication(ServletRequest request, ServletResponse response, FilterChain chain, + protected void sendStartAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, AuthenticationException reason) throws ServletException, IOException { HttpServletRequest httpRequest = (HttpServletRequest) request; diff --git a/core/src/main/java/org/springframework/security/ui/FilterChainOrder.java b/core/src/main/java/org/springframework/security/ui/FilterChainOrder.java index c1fab4c66a..62f748d30d 100644 --- a/core/src/main/java/org/springframework/security/ui/FilterChainOrder.java +++ b/core/src/main/java/org/springframework/security/ui/FilterChainOrder.java @@ -31,6 +31,7 @@ public abstract class FilterChainOrder { public static final int AUTHENTICATION_PROCESSING_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++; public static final int OPENID_PROCESSING_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++; public static final int LOGIN_PAGE_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++; + public static final int DIGEST_PROCESSING_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++; public static final int BASIC_PROCESSING_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++; public static final int SERVLET_API_SUPPORT_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++; public static final int REMEMBER_ME_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++; diff --git a/core/src/main/java/org/springframework/security/ui/SpringSecurityFilter.java b/core/src/main/java/org/springframework/security/ui/SpringSecurityFilter.java index 17810ab648..4fa9beb539 100644 --- a/core/src/main/java/org/springframework/security/ui/SpringSecurityFilter.java +++ b/core/src/main/java/org/springframework/security/ui/SpringSecurityFilter.java @@ -24,7 +24,7 @@ import java.io.IOException; */ public abstract class SpringSecurityFilter implements Filter, Ordered { protected final Log logger = LogFactory.getLog(this.getClass()); - + /** * Does nothing. We use IoC container lifecycle services instead. * @@ -41,15 +41,6 @@ public abstract class SpringSecurityFilter implements Filter, Ordered { } public final void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { - // Do we really need the checks on the types in practice ? - if (!(request instanceof HttpServletRequest)) { - throw new ServletException("Can only process HttpServletRequest"); - } - - if (!(response instanceof HttpServletResponse)) { - throw new ServletException("Can only process HttpServletResponse"); - } - doFilterHttp((HttpServletRequest)request, (HttpServletResponse)response, chain); } @@ -58,4 +49,4 @@ public abstract class SpringSecurityFilter implements Filter, Ordered { public String toString() { return getClass().getName() + "[ order=" + getOrder() + "; ]"; } -} \ No newline at end of file +} diff --git a/core/src/main/java/org/springframework/security/ui/basicauth/BasicProcessingFilterEntryPoint.java b/core/src/main/java/org/springframework/security/ui/basicauth/BasicProcessingFilterEntryPoint.java index 59185e3c1a..9aecf7606e 100644 --- a/core/src/main/java/org/springframework/security/ui/basicauth/BasicProcessingFilterEntryPoint.java +++ b/core/src/main/java/org/springframework/security/ui/basicauth/BasicProcessingFilterEntryPoint.java @@ -18,8 +18,7 @@ package org.springframework.security.ui.basicauth; import java.io.IOException; import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.springframework.security.AuthenticationException; @@ -32,7 +31,7 @@ import org.springframework.util.Assert; * Used by the SecurityEnforcementFilter to commence authentication via the {@link * BasicProcessingFilter}.

Once a user agent is authenticated using BASIC authentication, logout requires that * the browser be closed or an unauthorized (401) header be sent. The simplest way of achieving the latter is to call - * the {@link #commence(ServletRequest, ServletResponse, AuthenticationException)} method below. This will indicate to + * the {@link #commence(HttpServletRequest, HttpServletResponse, AuthenticationException)} method below. This will indicate to * the browser its credentials are no longer authorized, causing it to prompt the user to login again.

* * @author Ben Alex @@ -49,7 +48,7 @@ public class BasicProcessingFilterEntryPoint implements AuthenticationEntryPoint Assert.hasText(realmName, "realmName must be specified"); } - public void commence(ServletRequest request, ServletResponse response, AuthenticationException authException) + public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException { HttpServletResponse httpResponse = (HttpServletResponse) response; httpResponse.addHeader("WWW-Authenticate", "Basic realm=\"" + realmName + "\""); diff --git a/core/src/main/java/org/springframework/security/ui/digestauth/DigestProcessingFilter.java b/core/src/main/java/org/springframework/security/ui/digestauth/DigestProcessingFilter.java index 420b8a4ecf..8fad3ed660 100644 --- a/core/src/main/java/org/springframework/security/ui/digestauth/DigestProcessingFilter.java +++ b/core/src/main/java/org/springframework/security/ui/digestauth/DigestProcessingFilter.java @@ -20,11 +20,9 @@ import java.util.Map; import javax.servlet.Filter; import javax.servlet.FilterChain; -import javax.servlet.FilterConfig; import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; import org.apache.commons.codec.binary.Base64; import org.apache.commons.codec.digest.DigestUtils; @@ -43,6 +41,8 @@ import org.springframework.security.providers.UsernamePasswordAuthenticationToke import org.springframework.security.providers.dao.UserCache; import org.springframework.security.providers.dao.cache.NullUserCache; import org.springframework.security.ui.AuthenticationDetailsSource; +import org.springframework.security.ui.FilterChainOrder; +import org.springframework.security.ui.SpringSecurityFilter; import org.springframework.security.ui.WebAuthenticationDetailsSource; import org.springframework.security.userdetails.UserDetails; import org.springframework.security.userdetails.UserDetailsService; @@ -78,7 +78,7 @@ import org.springframework.util.StringUtils; * than Basic authentication. Please see RFC 2617 section 4 for a full discussion on the advantages of Digest * authentication over Basic authentication, including commentary on the limitations that it still imposes. */ -public class DigestProcessingFilter implements Filter, InitializingBean, MessageSourceAware { +public class DigestProcessingFilter extends SpringSecurityFilter implements Filter, InitializingBean, MessageSourceAware { //~ Static fields/initializers ===================================================================================== private static final Log logger = LogFactory.getLog(DigestProcessingFilter.class); @@ -99,15 +99,9 @@ public class DigestProcessingFilter implements Filter, InitializingBean, Message Assert.notNull(authenticationEntryPoint, "A DigestProcessingFilterEntryPoint is required"); } - public void destroy() { - } - - public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) + public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException { - - HttpServletRequest httpRequest = (HttpServletRequest) request; - - String header = httpRequest.getHeader("Authorization"); + String header = request.getHeader("Authorization"); if (logger.isDebugEnabled()) { logger.debug("Authorization header received from user agent: " + header); @@ -322,7 +316,7 @@ public class DigestProcessingFilter implements Filter, InitializingBean, Message return a1Md5; } - private void fail(ServletRequest request, ServletResponse response, AuthenticationException failed) + private void fail(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed) throws IOException, ServletException { SecurityContextHolder.getContext().setAuthentication(null); @@ -394,9 +388,6 @@ public class DigestProcessingFilter implements Filter, InitializingBean, Message return userDetailsService; } - public void init(FilterConfig ignored) throws ServletException { - } - public void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource) { Assert.notNull(authenticationDetailsSource, "AuthenticationDetailsSource required"); this.authenticationDetailsSource = authenticationDetailsSource; @@ -421,4 +412,8 @@ public class DigestProcessingFilter implements Filter, InitializingBean, Message public void setUserDetailsService(UserDetailsService userDetailsService) { this.userDetailsService = userDetailsService; } + + public int getOrder() { + return FilterChainOrder.DIGEST_PROCESSING_FILTER; + } } diff --git a/core/src/main/java/org/springframework/security/ui/digestauth/DigestProcessingFilterEntryPoint.java b/core/src/main/java/org/springframework/security/ui/digestauth/DigestProcessingFilterEntryPoint.java index 79ec0c8aab..422f31b26f 100644 --- a/core/src/main/java/org/springframework/security/ui/digestauth/DigestProcessingFilterEntryPoint.java +++ b/core/src/main/java/org/springframework/security/ui/digestauth/DigestProcessingFilterEntryPoint.java @@ -18,8 +18,7 @@ package org.springframework.security.ui.digestauth; import java.io.IOException; import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.springframework.security.AuthenticationException; @@ -75,7 +74,7 @@ public class DigestProcessingFilterEntryPoint implements AuthenticationEntryPoin } } - public void commence(ServletRequest request, ServletResponse response, AuthenticationException authException) + public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException { HttpServletResponse httpResponse = (HttpServletResponse) response; diff --git a/core/src/main/java/org/springframework/security/ui/preauth/PreAuthenticatedProcessingFilterEntryPoint.java b/core/src/main/java/org/springframework/security/ui/preauth/PreAuthenticatedProcessingFilterEntryPoint.java index 741376a27b..0fa1bc430e 100755 --- a/core/src/main/java/org/springframework/security/ui/preauth/PreAuthenticatedProcessingFilterEntryPoint.java +++ b/core/src/main/java/org/springframework/security/ui/preauth/PreAuthenticatedProcessingFilterEntryPoint.java @@ -6,8 +6,7 @@ import org.springframework.security.ui.AuthenticationEntryPoint; import java.io.IOException; import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.logging.Log; @@ -46,7 +45,7 @@ public class PreAuthenticatedProcessingFilterEntryPoint implements Authenticatio /** * Always returns a 403 error code to the client. */ - public void commence(ServletRequest request, ServletResponse response, AuthenticationException arg2) throws IOException, + public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException arg2) throws IOException, ServletException { if (logger.isDebugEnabled()) { logger.debug("Pre-authenticated entry point called. Rejecting access"); diff --git a/core/src/main/java/org/springframework/security/ui/webapp/AuthenticationProcessingFilterEntryPoint.java b/core/src/main/java/org/springframework/security/ui/webapp/AuthenticationProcessingFilterEntryPoint.java index b83ca68b93..fa34febf56 100644 --- a/core/src/main/java/org/springframework/security/ui/webapp/AuthenticationProcessingFilterEntryPoint.java +++ b/core/src/main/java/org/springframework/security/ui/webapp/AuthenticationProcessingFilterEntryPoint.java @@ -36,8 +36,6 @@ import java.io.IOException; import javax.servlet.RequestDispatcher; import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -103,7 +101,7 @@ public class AuthenticationProcessingFilterEntryPoint implements AuthenticationE /** * Performs the redirect (or forward) to the login form URL. */ - public void commence(ServletRequest request, ServletResponse response, AuthenticationException authException) + public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException { HttpServletRequest httpRequest = (HttpServletRequest) request; diff --git a/core/src/main/java/org/springframework/security/util/FilterToBeanProxy.java b/core/src/main/java/org/springframework/security/util/FilterToBeanProxy.java index 7b621a55ad..5e24eb9ab2 100644 --- a/core/src/main/java/org/springframework/security/util/FilterToBeanProxy.java +++ b/core/src/main/java/org/springframework/security/util/FilterToBeanProxy.java @@ -92,7 +92,7 @@ public class FilterToBeanProxy implements Filter { } public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) - throws IOException, ServletException { + throws IOException, ServletException { if (!initialized) { doInit(); } diff --git a/core/src/test/java/org/springframework/security/MockAuthenticationEntryPoint.java b/core/src/test/java/org/springframework/security/MockAuthenticationEntryPoint.java index 6f7c6d4c11..1eb92d8c7b 100644 --- a/core/src/test/java/org/springframework/security/MockAuthenticationEntryPoint.java +++ b/core/src/test/java/org/springframework/security/MockAuthenticationEntryPoint.java @@ -18,8 +18,6 @@ package org.springframework.security; import java.io.IOException; import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -39,15 +37,14 @@ public class MockAuthenticationEntryPoint implements AuthenticationEntryPoint { //~ Constructors =================================================================================================== - public MockAuthenticationEntryPoint(String url) { + public MockAuthenticationEntryPoint(String url) { this.url = url; } //~ Methods ======================================================================================================== - public void commence(ServletRequest request, ServletResponse response, - AuthenticationException authenticationException) - throws IOException, ServletException { - ((HttpServletResponse) response).sendRedirect(((HttpServletRequest) request).getContextPath() + url); + public void commence(HttpServletRequest request, HttpServletResponse response, + AuthenticationException authenticationException) throws IOException, ServletException { + response.sendRedirect(request.getContextPath() + url); } } diff --git a/core/src/test/java/org/springframework/security/securechannel/ChannelProcessingFilterTests.java b/core/src/test/java/org/springframework/security/securechannel/ChannelProcessingFilterTests.java index 1044f68381..40c65fda4b 100644 --- a/core/src/test/java/org/springframework/security/securechannel/ChannelProcessingFilterTests.java +++ b/core/src/test/java/org/springframework/security/securechannel/ChannelProcessingFilterTests.java @@ -157,26 +157,6 @@ public class ChannelProcessingFilterTests extends TestCase { assertTrue(true); } - public void testDoFilterWithNonHttpServletRequestDetected() throws Exception { - ChannelProcessingFilter filter = new ChannelProcessingFilter(); - - try { - filter.doFilter(null, new MockHttpServletResponse(), new MockFilterChain()); - fail("Should have thrown ServletException"); - } catch (ServletException expected) { - } - } - - public void testDoFilterWithNonHttpServletResponseDetected() throws Exception { - ChannelProcessingFilter filter = new ChannelProcessingFilter(); - - try { - filter.doFilter(new MockHttpServletRequest(null, null), null, new MockFilterChain()); - fail("Should have thrown ServletException"); - } catch (ServletException expected) { - } - } - public void testGetterSetters() throws Exception { ChannelProcessingFilter filter = new ChannelProcessingFilter(); filter.setChannelDecisionManager(new MockChannelDecisionManager(false, "MOCK")); diff --git a/core/src/test/java/org/springframework/security/ui/ExceptionTranslationFilterTests.java b/core/src/test/java/org/springframework/security/ui/ExceptionTranslationFilterTests.java index f8404ebbb7..fa46b08021 100644 --- a/core/src/test/java/org/springframework/security/ui/ExceptionTranslationFilterTests.java +++ b/core/src/test/java/org/springframework/security/ui/ExceptionTranslationFilterTests.java @@ -27,6 +27,7 @@ import org.springframework.security.MockPortResolver; import org.springframework.security.context.SecurityContextHolder; import org.springframework.security.providers.anonymous.AnonymousAuthenticationToken; +import org.springframework.security.util.AuthorityUtils; import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; @@ -46,296 +47,270 @@ import javax.servlet.ServletResponse; * benalex $ */ public class ExceptionTranslationFilterTests extends TestCase { - //~ Methods ======================================================================================================== - - protected void tearDown() throws Exception { - super.tearDown(); - SecurityContextHolder.clearContext(); - } - - public void testAccessDeniedWhenAnonymous() throws Exception { - // Setup our HTTP request - MockHttpServletRequest request = new MockHttpServletRequest(); - request.setServletPath("/secure/page.html"); - request.setServerPort(80); - request.setScheme("http"); - request.setServerName("www.example.com"); - request.setContextPath("/mycontext"); - request.setRequestURI("/mycontext/secure/page.html"); - - // Setup the FilterChain to thrown an access denied exception - MockFilterChain chain = new MockFilterChain(true, false, false, false); - - // Setup SecurityContextHolder, as filter needs to check if user is - // anonymous - SecurityContextHolder.getContext().setAuthentication( - new AnonymousAuthenticationToken("ignored", "ignored", - new GrantedAuthority[] { new GrantedAuthorityImpl("IGNORED") })); - - // Test - ExceptionTranslationFilter filter = new ExceptionTranslationFilter(); - filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint("/login.jsp")); - - MockHttpServletResponse response = new MockHttpServletResponse(); - filter.doFilter(request, response, chain); - assertEquals("/mycontext/login.jsp", response.getRedirectedUrl()); - assertEquals("http://www.example.com/mycontext/secure/page.html", AbstractProcessingFilter - .obtainFullSavedRequestUrl(request)); - } - - public void testAccessDeniedWhenNonAnonymous() throws Exception { - // Setup our HTTP request - MockHttpServletRequest request = new MockHttpServletRequest(); - request.setServletPath("/secure/page.html"); - - // Setup the FilterChain to thrown an access denied exception - MockFilterChain chain = new MockFilterChain(true, false, false, false); - - // Setup SecurityContextHolder, as filter needs to check if user is - // anonymous - SecurityContextHolder.getContext().setAuthentication(null); - - // Setup a new AccessDeniedHandlerImpl that will do a "forward" - AccessDeniedHandlerImpl adh = new AccessDeniedHandlerImpl(); - adh.setErrorPage("/error.jsp"); - - // Test - ExceptionTranslationFilter filter = new ExceptionTranslationFilter(); - filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint("/login.jsp")); - filter.setAccessDeniedHandler(adh); - - MockHttpServletResponse response = new MockHttpServletResponse(); - filter.doFilter(request, response, chain); - assertEquals(403, response.getStatus()); - assertEquals(AccessDeniedException.class, request.getAttribute( - AccessDeniedHandlerImpl.SPRING_SECURITY_ACCESS_DENIED_EXCEPTION_KEY).getClass()); - } - - public void testDoFilterWithNonHttpServletRequestDetected() throws Exception { - ExceptionTranslationFilter filter = new ExceptionTranslationFilter(); - - try { - filter.doFilter(null, new MockHttpServletResponse(), new MockFilterChain(false, false, false, false)); - fail("Should have thrown ServletException"); - } - catch (ServletException expected) { - assertEquals("Can only process HttpServletRequest", expected.getMessage()); - } - } - - public void testDoFilterWithNonHttpServletResponseDetected() throws Exception { - ExceptionTranslationFilter filter = new ExceptionTranslationFilter(); - - try { - filter.doFilter(new MockHttpServletRequest(null, null), null, new MockFilterChain(false, false, false, - false)); - fail("Should have thrown ServletException"); - } - catch (ServletException expected) { - assertEquals("Can only process HttpServletResponse", expected.getMessage()); - } - } - - public void testGettersSetters() { - ExceptionTranslationFilter filter = new ExceptionTranslationFilter(); - - filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint("/login.jsp")); - assertTrue(filter.getAuthenticationEntryPoint() != null); - - filter.setPortResolver(new MockPortResolver(80, 443)); - assertTrue(filter.getPortResolver() != null); - } - - public void testRedirectedToLoginFormAndSessionShowsOriginalTargetWhenAuthenticationException() throws Exception { - // Setup our HTTP request - MockHttpServletRequest request = new MockHttpServletRequest(); - request.setServletPath("/secure/page.html"); - request.setServerPort(80); - request.setScheme("http"); - request.setServerName("www.example.com"); - request.setContextPath("/mycontext"); - request.setRequestURI("/mycontext/secure/page.html"); - - // Setup the FilterChain to thrown an authentication failure exception - MockFilterChain chain = new MockFilterChain(false, true, false, false); - - // Test - ExceptionTranslationFilter filter = new ExceptionTranslationFilter(); - filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint("/login.jsp")); - filter.setPortResolver(new MockPortResolver(80, 443)); - /* - * Disabled the call to afterPropertiesSet as it requires - * applicationContext to be injected before it is invoked. We do not - * have this filter configured in IOC for this test hence no - * ApplicationContext - */ - // filter.afterPropertiesSet(); - MockHttpServletResponse response = new MockHttpServletResponse(); - filter.doFilter(request, response, chain); - assertEquals("/mycontext/login.jsp", response.getRedirectedUrl()); - assertEquals("http://www.example.com/mycontext/secure/page.html", AbstractProcessingFilter - .obtainFullSavedRequestUrl(request)); - } - - public void testRedirectedToLoginFormAndSessionShowsOriginalTargetWithExoticPortWhenAuthenticationException() - throws Exception { - // Setup our HTTP request - MockHttpServletRequest request = new MockHttpServletRequest(); - request.setServletPath("/secure/page.html"); - request.setServerPort(8080); - request.setScheme("http"); - request.setServerName("www.example.com"); - request.setContextPath("/mycontext"); - request.setRequestURI("/mycontext/secure/page.html"); - - // Setup the FilterChain to thrown an authentication failure exception - MockFilterChain chain = new MockFilterChain(false, true, false, false); - - // Test - ExceptionTranslationFilter filter = new ExceptionTranslationFilter(); - filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint("/login.jsp")); - filter.setPortResolver(new MockPortResolver(8080, 8443)); - /* - * Disabled the call to afterPropertiesSet as it requires - * applicationContext to be injected before it is invoked. We do not - * have this filter configured in IOC for this test hence no - * ApplicationContext - */ - // filter.afterPropertiesSet(); - MockHttpServletResponse response = new MockHttpServletResponse(); - filter.doFilter(request, response, chain); - assertEquals("/mycontext/login.jsp", response.getRedirectedUrl()); - assertEquals("http://www.example.com:8080/mycontext/secure/page.html", AbstractProcessingFilter - .obtainFullSavedRequestUrl(request)); - } - - public void testStartupDetectsMissingAuthenticationEntryPoint() throws Exception { - ExceptionTranslationFilter filter = new ExceptionTranslationFilter(); - - try { - filter.afterPropertiesSet(); - fail("Should have thrown IllegalArgumentException"); - } - catch (IllegalArgumentException expected) { - assertEquals("authenticationEntryPoint must be specified", expected.getMessage()); - } - } - - public void testStartupDetectsMissingPortResolver() throws Exception { - ExceptionTranslationFilter filter = new ExceptionTranslationFilter(); - filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint("/login.jsp")); - filter.setPortResolver(null); - - try { - filter.afterPropertiesSet(); - fail("Should have thrown IllegalArgumentException"); - } - catch (IllegalArgumentException expected) { - assertEquals("portResolver must be specified", expected.getMessage()); - } - } - - public void testSuccessfulAccessGrant() throws Exception { - // Setup our HTTP request - MockHttpServletRequest request = new MockHttpServletRequest(); - request.setServletPath("/secure/page.html"); - - // Setup the FilterChain to thrown no exceptions - MockFilterChain chain = new MockFilterChain(false, false, false, false); - - // Test - ExceptionTranslationFilter filter = new ExceptionTranslationFilter(); - filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint("/login.jsp")); - - MockHttpServletResponse response = new MockHttpServletResponse(); - filter.doFilter(request, response, chain); - } - - public void testSuccessfulStartupAndShutdownDown() throws Exception { - ExceptionTranslationFilter filter = new ExceptionTranslationFilter(); - - filter.init(null); - filter.destroy(); - assertTrue(true); - } - - public void testThrowIOException() throws Exception { - ExceptionTranslationFilter filter = new ExceptionTranslationFilter(); - - filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint("")); - /* - * Disabled the call to afterPropertiesSet as it requires - * applicationContext to be injected before it is invoked. We do not - * have this filter configured in IOC for this test hence no - * ApplicationContext - */ - // filter.afterPropertiesSet(); - try { - filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), new MockFilterChain(false, - false, false, true)); - fail("Should have thrown IOException"); - } - catch (IOException e) { - assertNull("The IOException thrown should not have been wrapped", e.getCause()); - } - } - - public void testThrowServletException() throws Exception { - ExceptionTranslationFilter filter = new ExceptionTranslationFilter(); - - filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint("")); - /* - * Disabled the call to afterPropertiesSet as it requires - * applicationContext to be injected before it is invoked. We do not - * have this filter configured in IOC for this test hence no - * ApplicationContext - */ - // filter.afterPropertiesSet(); - try { - filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), new MockFilterChain(false, - false, true, false)); - fail("Should have thrown ServletException"); - } - catch (ServletException e) { - assertNull("The ServletException thrown should not have been wrapped", e.getCause()); - } - } - - // ~ Inner Classes ================================================================================================= - - private class MockFilterChain implements FilterChain { - private boolean throwAccessDenied; - - private boolean throwAuthenticationFailure; - - private boolean throwIOException; - - private boolean throwServletException; - - public MockFilterChain(boolean throwAccessDenied, boolean throwAuthenticationFailure, - boolean throwServletException, boolean throwIOException) { - this.throwAccessDenied = throwAccessDenied; - this.throwAuthenticationFailure = throwAuthenticationFailure; - this.throwServletException = throwServletException; - this.throwIOException = throwIOException; - } - - public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException { - if (throwAccessDenied) { - throw new AccessDeniedException("As requested"); - } - - if (throwAuthenticationFailure) { - throw new BadCredentialsException("As requested"); - } - - if (throwServletException) { - throw new ServletException("As requested"); - } - - if (throwIOException) { - throw new IOException("As requested"); - } - } - } + //~ Methods ======================================================================================================== + + protected void tearDown() throws Exception { + super.tearDown(); + SecurityContextHolder.clearContext(); + } + + public void testAccessDeniedWhenAnonymous() throws Exception { + // Setup our HTTP request + MockHttpServletRequest request = new MockHttpServletRequest(); + request.setServletPath("/secure/page.html"); + request.setServerPort(80); + request.setScheme("http"); + request.setServerName("www.example.com"); + request.setContextPath("/mycontext"); + request.setRequestURI("/mycontext/secure/page.html"); + + // Setup the FilterChain to thrown an access denied exception + MockFilterChain chain = new MockFilterChain(true, false, false, false); + + // Setup SecurityContextHolder, as filter needs to check if user is + // anonymous + SecurityContextHolder.getContext().setAuthentication( + new AnonymousAuthenticationToken("ignored", "ignored", AuthorityUtils.createAuthorityList("IGNORED"))); + + // Test + ExceptionTranslationFilter filter = new ExceptionTranslationFilter(); + filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint("/login.jsp")); + + MockHttpServletResponse response = new MockHttpServletResponse(); + filter.doFilter(request, response, chain); + assertEquals("/mycontext/login.jsp", response.getRedirectedUrl()); + assertEquals("http://www.example.com/mycontext/secure/page.html", AbstractProcessingFilter + .obtainFullSavedRequestUrl(request)); + } + + public void testAccessDeniedWhenNonAnonymous() throws Exception { + // Setup our HTTP request + MockHttpServletRequest request = new MockHttpServletRequest(); + request.setServletPath("/secure/page.html"); + + // Setup the FilterChain to thrown an access denied exception + MockFilterChain chain = new MockFilterChain(true, false, false, false); + + // Setup SecurityContextHolder, as filter needs to check if user is + // anonymous + SecurityContextHolder.getContext().setAuthentication(null); + + // Setup a new AccessDeniedHandlerImpl that will do a "forward" + AccessDeniedHandlerImpl adh = new AccessDeniedHandlerImpl(); + adh.setErrorPage("/error.jsp"); + + // Test + ExceptionTranslationFilter filter = new ExceptionTranslationFilter(); + filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint("/login.jsp")); + filter.setAccessDeniedHandler(adh); + + MockHttpServletResponse response = new MockHttpServletResponse(); + filter.doFilter(request, response, chain); + assertEquals(403, response.getStatus()); + assertEquals(AccessDeniedException.class, request.getAttribute( + AccessDeniedHandlerImpl.SPRING_SECURITY_ACCESS_DENIED_EXCEPTION_KEY).getClass()); + } + + public void testGettersSetters() { + ExceptionTranslationFilter filter = new ExceptionTranslationFilter(); + + filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint("/login.jsp")); + assertTrue(filter.getAuthenticationEntryPoint() != null); + + filter.setPortResolver(new MockPortResolver(80, 443)); + assertTrue(filter.getPortResolver() != null); + } + + public void testRedirectedToLoginFormAndSessionShowsOriginalTargetWhenAuthenticationException() throws Exception { + // Setup our HTTP request + MockHttpServletRequest request = new MockHttpServletRequest(); + request.setServletPath("/secure/page.html"); + request.setServerPort(80); + request.setScheme("http"); + request.setServerName("www.example.com"); + request.setContextPath("/mycontext"); + request.setRequestURI("/mycontext/secure/page.html"); + + // Setup the FilterChain to thrown an authentication failure exception + MockFilterChain chain = new MockFilterChain(false, true, false, false); + + // Test + ExceptionTranslationFilter filter = new ExceptionTranslationFilter(); + filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint("/login.jsp")); + filter.setPortResolver(new MockPortResolver(80, 443)); + /* + * Disabled the call to afterPropertiesSet as it requires + * applicationContext to be injected before it is invoked. We do not + * have this filter configured in IOC for this test hence no + * ApplicationContext + */ + // filter.afterPropertiesSet(); + MockHttpServletResponse response = new MockHttpServletResponse(); + filter.doFilter(request, response, chain); + assertEquals("/mycontext/login.jsp", response.getRedirectedUrl()); + assertEquals("http://www.example.com/mycontext/secure/page.html", AbstractProcessingFilter + .obtainFullSavedRequestUrl(request)); + } + + public void testRedirectedToLoginFormAndSessionShowsOriginalTargetWithExoticPortWhenAuthenticationException() + throws Exception { + // Setup our HTTP request + MockHttpServletRequest request = new MockHttpServletRequest(); + request.setServletPath("/secure/page.html"); + request.setServerPort(8080); + request.setScheme("http"); + request.setServerName("www.example.com"); + request.setContextPath("/mycontext"); + request.setRequestURI("/mycontext/secure/page.html"); + + // Setup the FilterChain to thrown an authentication failure exception + MockFilterChain chain = new MockFilterChain(false, true, false, false); + + // Test + ExceptionTranslationFilter filter = new ExceptionTranslationFilter(); + filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint("/login.jsp")); + filter.setPortResolver(new MockPortResolver(8080, 8443)); + /* + * Disabled the call to afterPropertiesSet as it requires + * applicationContext to be injected before it is invoked. We do not + * have this filter configured in IOC for this test hence no + * ApplicationContext + */ + // filter.afterPropertiesSet(); + MockHttpServletResponse response = new MockHttpServletResponse(); + filter.doFilter(request, response, chain); + assertEquals("/mycontext/login.jsp", response.getRedirectedUrl()); + assertEquals("http://www.example.com:8080/mycontext/secure/page.html", AbstractProcessingFilter + .obtainFullSavedRequestUrl(request)); + } + + public void testStartupDetectsMissingAuthenticationEntryPoint() throws Exception { + ExceptionTranslationFilter filter = new ExceptionTranslationFilter(); + + try { + filter.afterPropertiesSet(); + fail("Should have thrown IllegalArgumentException"); + } + catch (IllegalArgumentException expected) { + assertEquals("authenticationEntryPoint must be specified", expected.getMessage()); + } + } + + public void testStartupDetectsMissingPortResolver() throws Exception { + ExceptionTranslationFilter filter = new ExceptionTranslationFilter(); + filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint("/login.jsp")); + filter.setPortResolver(null); + + try { + filter.afterPropertiesSet(); + fail("Should have thrown IllegalArgumentException"); + } + catch (IllegalArgumentException expected) { + assertEquals("portResolver must be specified", expected.getMessage()); + } + } + + public void testSuccessfulAccessGrant() throws Exception { + // Setup our HTTP request + MockHttpServletRequest request = new MockHttpServletRequest(); + request.setServletPath("/secure/page.html"); + + // Setup the FilterChain to thrown no exceptions + MockFilterChain chain = new MockFilterChain(false, false, false, false); + + // Test + ExceptionTranslationFilter filter = new ExceptionTranslationFilter(); + filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint("/login.jsp")); + + MockHttpServletResponse response = new MockHttpServletResponse(); + filter.doFilter(request, response, chain); + } + + public void testSuccessfulStartupAndShutdownDown() throws Exception { + ExceptionTranslationFilter filter = new ExceptionTranslationFilter(); + + filter.init(null); + filter.destroy(); + assertTrue(true); + } + + public void testThrowIOException() throws Exception { + ExceptionTranslationFilter filter = new ExceptionTranslationFilter(); + + filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint("")); + /* + * Disabled the call to afterPropertiesSet as it requires + * applicationContext to be injected before it is invoked. We do not + * have this filter configured in IOC for this test hence no + * ApplicationContext + */ + // filter.afterPropertiesSet(); + try { + filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), new MockFilterChain(false, + false, false, true)); + fail("Should have thrown IOException"); + } + catch (IOException e) { + assertNull("The IOException thrown should not have been wrapped", e.getCause()); + } + } + + public void testThrowServletException() throws Exception { + ExceptionTranslationFilter filter = new ExceptionTranslationFilter(); + + filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint("")); + /* + * Disabled the call to afterPropertiesSet as it requires + * applicationContext to be injected before it is invoked. We do not + * have this filter configured in IOC for this test hence no + * ApplicationContext + */ + // filter.afterPropertiesSet(); + try { + filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), new MockFilterChain(false, + false, true, false)); + fail("Should have thrown ServletException"); + } + catch (ServletException e) { + assertNull("The ServletException thrown should not have been wrapped", e.getCause()); + } + } + + // ~ Inner Classes ================================================================================================= + + private class MockFilterChain implements FilterChain { + private boolean throwAccessDenied; + + private boolean throwAuthenticationFailure; + + private boolean throwIOException; + + private boolean throwServletException; + + public MockFilterChain(boolean throwAccessDenied, boolean throwAuthenticationFailure, + boolean throwServletException, boolean throwIOException) { + this.throwAccessDenied = throwAccessDenied; + this.throwAuthenticationFailure = throwAuthenticationFailure; + this.throwServletException = throwServletException; + this.throwIOException = throwIOException; + } + + public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException { + if (throwAccessDenied) { + throw new AccessDeniedException("As requested"); + } + + if (throwAuthenticationFailure) { + throw new BadCredentialsException("As requested"); + } + + if (throwServletException) { + throw new ServletException("As requested"); + } + + if (throwIOException) { + throw new IOException("As requested"); + } + } + } } diff --git a/ntlm/src/main/java/org/springframework/security/ui/ntlm/NtlmProcessingFilterEntryPoint.java b/ntlm/src/main/java/org/springframework/security/ui/ntlm/NtlmProcessingFilterEntryPoint.java index 1361053d6f..1fda0ff8ed 100755 --- a/ntlm/src/main/java/org/springframework/security/ui/ntlm/NtlmProcessingFilterEntryPoint.java +++ b/ntlm/src/main/java/org/springframework/security/ui/ntlm/NtlmProcessingFilterEntryPoint.java @@ -25,8 +25,6 @@ import org.springframework.util.Assert; import java.io.IOException; import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -83,7 +81,7 @@ public class NtlmProcessingFilterEntryPoint implements AuthenticationEntryPoint * {@link NtlmType2MessageException}, or * {@link AuthenticationException} */ - public void commence(final ServletRequest request, final ServletResponse response, final AuthenticationException authException) throws IOException, ServletException { + public void commence(final HttpServletRequest request, final HttpServletResponse response, final AuthenticationException authException) throws IOException, ServletException { final HttpServletResponse resp = (HttpServletResponse) response; if (authException instanceof NtlmBaseException) {