From 7854e36029fcabde030d2fa2ad76fd8df86bc024 Mon Sep 17 00:00:00 2001
From: Luke Taylor <luke.taylor@springsource.com>
Date: Tue, 22 Jan 2008 15:07:37 +0000
Subject: [PATCH] SEC-576: Tidying.

---
 ...reAuthenticatedAuthenticationProvider.java |  9 ++-
 .../security/ui/FilterChainOrder.java         | 32 +++++-----
 ...tractPreAuthenticatedProcessingFilter.java | 64 +++++--------------
 .../J2eePreAuthenticatedProcessingFilter.java |  4 ++
 ...PreAuthenticatedProcessingFilterTests.java | 38 ++++-------
 5 files changed, 54 insertions(+), 93 deletions(-)

diff --git a/core/src/main/java/org/springframework/security/providers/preauth/PreAuthenticatedAuthenticationProvider.java b/core/src/main/java/org/springframework/security/providers/preauth/PreAuthenticatedAuthenticationProvider.java
index 5f25d3c8c8..9300af47da 100755
--- a/core/src/main/java/org/springframework/security/providers/preauth/PreAuthenticatedAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/providers/preauth/PreAuthenticatedAuthenticationProvider.java
@@ -14,7 +14,7 @@ import org.springframework.util.Assert;
 /**
  * <p>
  * Processes a pre-authenticated authentication request. The request will
- * typically originate from a {@link AbstractPreAuthenticatedProcessingFilter}
+ * typically originate from a {@link org.springframework.security.ui.preauth.AbstractPreAuthenticatedProcessingFilter}
  * subclass.
  * </p>
  * 
@@ -55,8 +55,8 @@ public class PreAuthenticatedAuthenticationProvider implements AuthenticationPro
 		if (ud == null) {
 			return null;
 		}
-		PreAuthenticatedAuthenticationToken result = new PreAuthenticatedAuthenticationToken(ud, authentication.getCredentials(), ud
-				.getAuthorities());
+		PreAuthenticatedAuthenticationToken result =
+                new PreAuthenticatedAuthenticationToken(ud, authentication.getCredentials(), ud.getAuthorities());
 		result.setDetails(authentication.getDetails());
 
 		return result;
@@ -64,8 +64,7 @@ public class PreAuthenticatedAuthenticationProvider implements AuthenticationPro
 	}
 
 	/**
-	 * Indicate that this provider only supports
-	 * PreAuthenticatedAuthenticationToken (sub)classes.
+	 * Indicate that this provider only supports PreAuthenticatedAuthenticationToken (sub)classes.
 	 */
 	public boolean supports(Class authentication) {
 		return PreAuthenticatedAuthenticationToken.class.isAssignableFrom(authentication);
diff --git a/core/src/main/java/org/springframework/security/ui/FilterChainOrder.java b/core/src/main/java/org/springframework/security/ui/FilterChainOrder.java
index 5234c93e20..05c0087ed8 100644
--- a/core/src/main/java/org/springframework/security/ui/FilterChainOrder.java
+++ b/core/src/main/java/org/springframework/security/ui/FilterChainOrder.java
@@ -15,20 +15,22 @@ public abstract class FilterChainOrder {
      */
     public static final int FILTER_CHAIN_FIRST = Ordered.HIGHEST_PRECEDENCE + 1000;
     private static final int INTERVAL = 100;
+    private static int i = 1;
 
-    public static final int CHANNEL_PROCESSING_FILTER   = FILTER_CHAIN_FIRST + INTERVAL;
-    public static final int CONCURRENT_SESSION_FILTER   = FILTER_CHAIN_FIRST + INTERVAL * 2;
-    public static final int HTTP_SESSION_CONTEXT_FILTER = FILTER_CHAIN_FIRST + INTERVAL * 3;
-    public static final int LOGOUT_FILTER               = FILTER_CHAIN_FIRST + INTERVAL * 4;
-    public static final int AUTH_PROCESSING_FILTER      = FILTER_CHAIN_FIRST + INTERVAL * 5;
-    public static final int CAS_PROCESSING_FILTER       = FILTER_CHAIN_FIRST + INTERVAL * 5;
-    public static final int LOGIN_PAGE_FILTER           = FILTER_CHAIN_FIRST + INTERVAL * 6;
-    public static final int BASIC_PROCESSING_FILTER     = FILTER_CHAIN_FIRST + INTERVAL * 7;
-    public static final int SECURITY_CONTEXT_HOLDER_AWARE_FILTER = FILTER_CHAIN_FIRST + INTERVAL * 8;
-    public static final int REMEMBER_ME_FILTER          = FILTER_CHAIN_FIRST + INTERVAL * 9;
-    public static final int ANON_PROCESSING_FILTER      = FILTER_CHAIN_FIRST + INTERVAL * 10;
-    public static final int EXCEPTION_TRANSLATION_FILTER = FILTER_CHAIN_FIRST + INTERVAL * 11;
-    public static final int NTLM_FILTER                 = FILTER_CHAIN_FIRST + INTERVAL * 12;
-    public static final int FILTER_SECURITY_INTERCEPTOR = FILTER_CHAIN_FIRST + INTERVAL * 13;
-    public static final int SWITCH_USER_FILTER          = FILTER_CHAIN_FIRST + INTERVAL * 14;
+    public static final int CHANNEL_PROCESSING_FILTER   = FILTER_CHAIN_FIRST;
+    public static final int CONCURRENT_SESSION_FILTER   = FILTER_CHAIN_FIRST + INTERVAL * i++;
+    public static final int HTTP_SESSION_CONTEXT_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++;
+    public static final int LOGOUT_FILTER               = FILTER_CHAIN_FIRST + INTERVAL * i++;
+    public static final int PRE_AUTH_FILTER             = FILTER_CHAIN_FIRST + INTERVAL * i++;
+    public static final int CAS_PROCESSING_FILTER       = FILTER_CHAIN_FIRST + INTERVAL * i++;
+    public static final int AUTH_PROCESSING_FILTER      = FILTER_CHAIN_FIRST + INTERVAL * i++;
+    public static final int LOGIN_PAGE_FILTER           = FILTER_CHAIN_FIRST + INTERVAL * i++;
+    public static final int BASIC_PROCESSING_FILTER     = FILTER_CHAIN_FIRST + INTERVAL * i++;
+    public static final int SECURITY_CONTEXT_HOLDER_AWARE_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++;
+    public static final int REMEMBER_ME_FILTER          = FILTER_CHAIN_FIRST + INTERVAL * i++;
+    public static final int ANON_PROCESSING_FILTER      = FILTER_CHAIN_FIRST + INTERVAL * i++;
+    public static final int EXCEPTION_TRANSLATION_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++;
+    public static final int NTLM_FILTER                 = FILTER_CHAIN_FIRST + INTERVAL * i++;
+    public static final int FILTER_SECURITY_INTERCEPTOR = FILTER_CHAIN_FIRST + INTERVAL * i++;
+    public static final int SWITCH_USER_FILTER          = FILTER_CHAIN_FIRST + INTERVAL * i++;
 }
diff --git a/core/src/main/java/org/springframework/security/ui/preauth/AbstractPreAuthenticatedProcessingFilter.java b/core/src/main/java/org/springframework/security/ui/preauth/AbstractPreAuthenticatedProcessingFilter.java
index fb6e114ada..d8fd3ac115 100755
--- a/core/src/main/java/org/springframework/security/ui/preauth/AbstractPreAuthenticatedProcessingFilter.java
+++ b/core/src/main/java/org/springframework/security/ui/preauth/AbstractPreAuthenticatedProcessingFilter.java
@@ -2,12 +2,8 @@ package org.springframework.security.ui.preauth;
 
 import java.io.IOException;
 
-import javax.servlet.Filter;
 import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
 import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
@@ -19,6 +15,7 @@ import org.springframework.security.event.authentication.InteractiveAuthenticati
 import org.springframework.security.ui.AuthenticationDetailsSource;
 import org.springframework.security.ui.AuthenticationDetailsSourceImpl;
 import org.springframework.security.ui.AbstractProcessingFilter;
+import org.springframework.security.ui.SpringSecurityFilter;
 import org.springframework.security.context.SecurityContextHolder;
 
 import org.apache.commons.logging.Log;
@@ -29,16 +26,16 @@ import org.springframework.context.ApplicationEventPublisherAware;
 import org.springframework.util.Assert;
 
 /**
- * Base class for processing filters that handle pre-authenticated
- * authentication requests. Subclasses must implement the
- * getPreAuthenticatedPrincipal() and getPreAuthenticatedCredentials() methods.
- * <p>
- * This code is partly based on
- * {@link org.springframework.security.ui.x509.X509ProcessingFilter}.
- * </p>
+ * Base class for processing filters that handle pre-authenticated authentication requests. Subclasses must implement
+ * the getPreAuthenticatedPrincipal() and getPreAuthenticatedCredentials() methods.
+ *
+ * @author Ruud Senden
+ * @since 2.0
  */
-public abstract class AbstractPreAuthenticatedProcessingFilter implements Filter, InitializingBean, ApplicationEventPublisherAware {
-	private static final Log LOG = LogFactory.getLog(AbstractPreAuthenticatedProcessingFilter.class);
+public abstract class AbstractPreAuthenticatedProcessingFilter extends SpringSecurityFilter implements
+        InitializingBean, ApplicationEventPublisherAware {
+
+    private static final Log LOG = LogFactory.getLog(AbstractPreAuthenticatedProcessingFilter.class);
 
 	private ApplicationEventPublisher eventPublisher = null;
 
@@ -54,37 +51,21 @@ public abstract class AbstractPreAuthenticatedProcessingFilter implements Filter
 	}
 
 	/**
-	 * Try to authenticate a pre-authenticated user with Acegi if the user has
-	 * not yet been authenticated.
+	 * Try to authenticate a pre-authenticated user with Spring Security if the user has not yet been authenticated.
 	 */
-	public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException {
-		if (!(request instanceof HttpServletRequest)) {
-			throw new ServletException("Can only process HttpServletRequest");
-		}
-		if (!(response instanceof HttpServletResponse)) {
-			throw new ServletException("Can only process HttpServletResponse");
-		}
-
-		HttpServletRequest httpRequest = (HttpServletRequest) request;
-		HttpServletResponse httpResponse = (HttpServletResponse) response;
-
+	public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException {
 		if (LOG.isDebugEnabled()) {
 			LOG.debug("Checking secure context token: " + SecurityContextHolder.getContext().getAuthentication());
 		}
 
 		if (SecurityContextHolder.getContext().getAuthentication() == null) {
-			doAuthenticate(httpRequest, httpResponse);
+			doAuthenticate(request, response);
 		}
 		filterChain.doFilter(request, response);
 	}
 
 	/**
 	 * Do the actual authentication for a pre-authenticated user.
-	 * 
-	 * @param httpRequest
-	 *            The HttpServletRequest object
-	 * @param httpResponse
-	 *            The HttpServletResponse object
 	 */
 	private void doAuthenticate(HttpServletRequest httpRequest, HttpServletResponse httpResponse) {
 		Authentication authResult = null;
@@ -126,9 +107,10 @@ public abstract class AbstractPreAuthenticatedProcessingFilter implements Filter
 	 * when authentication fails.
 	 */
 	protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed) {
-		SecurityContextHolder.getContext().setAuthentication(null);
-		if (LOG.isDebugEnabled()) {
-			LOG.debug("Updated SecurityContextHolder to contain null Authentication due to exception", failed);
+		SecurityContextHolder.clearContext();
+
+        if (LOG.isDebugEnabled()) {
+			LOG.debug("Cleared security context due to exception", failed);
 		}
 		request.getSession().setAttribute(AbstractProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY, failed);
 	}
@@ -158,18 +140,6 @@ public abstract class AbstractPreAuthenticatedProcessingFilter implements Filter
 		this.authenticationManager = authenticationManager;
 	}
 
-	/**
-	 * Required method, does nothing.
-	 */
-	public void init(FilterConfig filterConfig) {
-	}
-
-	/**
-	 * Required method, does nothing.
-	 */
-	public void destroy() {
-	}
-
 	protected abstract Object getPreAuthenticatedPrincipal(HttpServletRequest httpRequest);
 
 	protected abstract Object getPreAuthenticatedCredentials(HttpServletRequest httpRequest);
diff --git a/core/src/main/java/org/springframework/security/ui/preauth/j2ee/J2eePreAuthenticatedProcessingFilter.java b/core/src/main/java/org/springframework/security/ui/preauth/j2ee/J2eePreAuthenticatedProcessingFilter.java
index b85cddb22e..5c433a4af2 100755
--- a/core/src/main/java/org/springframework/security/ui/preauth/j2ee/J2eePreAuthenticatedProcessingFilter.java
+++ b/core/src/main/java/org/springframework/security/ui/preauth/j2ee/J2eePreAuthenticatedProcessingFilter.java
@@ -33,4 +33,8 @@ public class J2eePreAuthenticatedProcessingFilter extends AbstractPreAuthenticat
 	protected Object getPreAuthenticatedCredentials(HttpServletRequest httpRequest) {
 		return "N/A";
 	}
+
+    public int getOrder() {
+        return 0;
+    }
 }
diff --git a/core/src/test/java/org/springframework/security/ui/preauth/PreAuthenticatedProcessingFilterTests.java b/core/src/test/java/org/springframework/security/ui/preauth/PreAuthenticatedProcessingFilterTests.java
index 25a8760425..bae394069d 100755
--- a/core/src/test/java/org/springframework/security/ui/preauth/PreAuthenticatedProcessingFilterTests.java
+++ b/core/src/test/java/org/springframework/security/ui/preauth/PreAuthenticatedProcessingFilterTests.java
@@ -2,13 +2,13 @@ package org.springframework.security.ui.preauth;
 
 import org.springframework.security.context.SecurityContextHolder;
 import org.springframework.security.MockAuthenticationManager;
+import org.springframework.security.ui.FilterChainOrder;
 
 import javax.servlet.http.HttpServletRequest;
 
 import junit.framework.TestCase;
 
 import org.springframework.mock.web.MockFilterChain;
-import org.springframework.mock.web.MockFilterConfig;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 
@@ -17,8 +17,7 @@ public class PreAuthenticatedProcessingFilterTests extends TestCase {
 		SecurityContextHolder.clearContext();
 	}
 	
-	public void testAfterPropertiesSet()
-	{
+	public void testAfterPropertiesSet() {
 		ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter();
 		try {
 			filter.afterPropertiesSet();
@@ -28,52 +27,39 @@ public class PreAuthenticatedProcessingFilterTests extends TestCase {
 			fail("AfterPropertiesSet throws unexpected exception");
 		}
 	}
-	
-	public void testInit() throws Exception
-	{
-		getFilter(true).init(new MockFilterConfig());
-		// Init doesn't do anything, so nothing to test
-	}
-	
-	public void testDestroy() throws Exception
-	{
-		getFilter(true).destroy();
-		// Destroy doesn't do anything, so nothing to test
-	}
 
-	public final void testDoFilterAuthenticated() throws Exception
-	{
+	public final void testDoFilterAuthenticated() throws Exception {
 		testDoFilter(true);
 	}
 
-	public final void testDoFilterUnauthenticated() throws Exception
-	{
+	public final void testDoFilterUnauthenticated() throws Exception {
 		testDoFilter(false);
 	}
 	
-	private final void testDoFilter(boolean grantAccess) throws Exception
-	{
+	private final void testDoFilter(boolean grantAccess) throws Exception {
 		MockHttpServletRequest req = new MockHttpServletRequest();
 		MockHttpServletResponse res = new MockHttpServletResponse();
 		getFilter(grantAccess).doFilter(req,res,new MockFilterChain());
 		assertEquals(grantAccess,null!= SecurityContextHolder.getContext().getAuthentication());
 	}
 	
-	private static final ConcretePreAuthenticatedProcessingFilter getFilter(boolean grantAccess) throws Exception
-	{
+	private static final ConcretePreAuthenticatedProcessingFilter getFilter(boolean grantAccess) throws Exception {
 		ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter();
 		filter.setAuthenticationManager(new MockAuthenticationManager(grantAccess));
 		filter.afterPropertiesSet();
 		return filter;
 	}
 	
-	private static final class ConcretePreAuthenticatedProcessingFilter extends AbstractPreAuthenticatedProcessingFilter
-	{
+	private static final class ConcretePreAuthenticatedProcessingFilter extends AbstractPreAuthenticatedProcessingFilter {
 		protected Object getPreAuthenticatedPrincipal(HttpServletRequest httpRequest) {
 			return "testPrincipal";
 		}
 		protected Object getPreAuthenticatedCredentials(HttpServletRequest httpRequest) {
 			return "testCredentials";
 		}
-	}
+
+        public int getOrder() {
+            return FilterChainOrder.PRE_AUTH_FILTER;
+        }
+    }
 }