From 80eb47c6fe8312cf41f88edd66fddcee10d8b801 Mon Sep 17 00:00:00 2001 From: Luke Taylor Date: Thu, 8 Oct 2009 13:18:32 +0000 Subject: [PATCH] SEC-1261: Convert FilterChainOrder to an enum (SecurityFilters). --- .../http/AuthenticationConfigBuilder.java | 8 +- .../config/http/FilterChainOrder.java | 78 ------------------- .../config/http/HttpConfigurationBuilder.java | 6 +- .../HttpSecurityBeanDefinitionParser.java | 26 +++++-- .../security/config/http/SecurityFilters.java | 49 ++++++++++++ .../security/config/spring-security-3.0.rnc | 2 +- .../security/config/spring-security-3.0.xsd | 12 +-- ...HttpSecurityBeanDefinitionParserTests.java | 2 +- 8 files changed, 82 insertions(+), 101 deletions(-) delete mode 100644 config/src/main/java/org/springframework/security/config/http/FilterChainOrder.java create mode 100644 config/src/main/java/org/springframework/security/config/http/SecurityFilters.java diff --git a/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java b/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java index 31c145f4f8..69d7bf34cb 100644 --- a/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java +++ b/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java @@ -1,6 +1,6 @@ package org.springframework.security.config.http; -import static org.springframework.security.config.http.FilterChainOrder.*; +import static org.springframework.security.config.http.SecurityFilters.*; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; @@ -565,11 +565,11 @@ final class AuthenticationConfigBuilder { } if (formFilter != null) { - filters.add(new OrderDecorator(formFilter, AUTHENTICATION_PROCESSING_FILTER)); + filters.add(new OrderDecorator(formFilter, FORM_LOGIN_FILTER)); } if (openIDFilter != null) { - filters.add(new OrderDecorator(openIDFilter, OPENID_PROCESSING_FILTER)); + filters.add(new OrderDecorator(openIDFilter, OPENID_FILTER)); } if (loginPageGenerationFilter != null) { @@ -577,7 +577,7 @@ final class AuthenticationConfigBuilder { } if (basicFilter != null) { - filters.add(new OrderDecorator(basicFilter, BASIC_PROCESSING_FILTER)); + filters.add(new OrderDecorator(basicFilter, BASIC_AUTH_FILTER)); } filters.add(new OrderDecorator(etf, EXCEPTION_TRANSLATION_FILTER)); diff --git a/config/src/main/java/org/springframework/security/config/http/FilterChainOrder.java b/config/src/main/java/org/springframework/security/config/http/FilterChainOrder.java deleted file mode 100644 index 94aeda9a65..0000000000 --- a/config/src/main/java/org/springframework/security/config/http/FilterChainOrder.java +++ /dev/null @@ -1,78 +0,0 @@ -package org.springframework.security.config.http; - -import org.springframework.util.Assert; - -import java.util.Map; -import java.util.LinkedHashMap; - -/** - * Stores the default order numbers of all Spring Security filters for use in configuration. - * - * @author Luke Taylor - * @version $Id$ - */ -abstract class FilterChainOrder { - /** - * The first position at which a Spring Security filter will be found. Any filter with an order less than this will - * be guaranteed to be placed before the Spring Security filters in the stack. - */ - public static final int FILTER_CHAIN_FIRST = 0; - private static final int INTERVAL = 100; - private static int i = 1; - - public static final int CHANNEL_FILTER = FILTER_CHAIN_FIRST; - public static final int CONCURRENT_SESSION_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++; - public static final int SECURITY_CONTEXT_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++; - public static final int HTTP_SESSION_CONTEXT_FILTER = SECURITY_CONTEXT_FILTER; - public static final int LOGOUT_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++; - public static final int X509_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++; - public static final int PRE_AUTH_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++; - public static final int CAS_PROCESSING_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++; - public static final int AUTHENTICATION_PROCESSING_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++; - public static final int OPENID_PROCESSING_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++; - public static final int LOGIN_PAGE_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++; - public static final int DIGEST_PROCESSING_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++; - public static final int BASIC_PROCESSING_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++; - public static final int REQUEST_CACHE_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++; - public static final int SERVLET_API_SUPPORT_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++; - public static final int REMEMBER_ME_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++; - public static final int ANONYMOUS_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++; - public static final int SESSION_FIXATION_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++; - public static final int EXCEPTION_TRANSLATION_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++; - public static final int NTLM_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++; - public static final int FILTER_SECURITY_INTERCEPTOR = FILTER_CHAIN_FIRST + INTERVAL * i++; - public static final int SWITCH_USER_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++; - - private static final Map filterNameToOrder = new LinkedHashMap(); - - static { - filterNameToOrder.put("FIRST", new Integer(Integer.MIN_VALUE)); - filterNameToOrder.put("CHANNEL_FILTER", new Integer(CHANNEL_FILTER)); - filterNameToOrder.put("CONCURRENT_SESSION_FILTER", new Integer(CONCURRENT_SESSION_FILTER)); - filterNameToOrder.put("LOGOUT_FILTER", new Integer(LOGOUT_FILTER)); - filterNameToOrder.put("X509_FILTER", new Integer(X509_FILTER)); - filterNameToOrder.put("PRE_AUTH_FILTER", new Integer(PRE_AUTH_FILTER)); - filterNameToOrder.put("CAS_PROCESSING_FILTER", new Integer(CAS_PROCESSING_FILTER)); - filterNameToOrder.put("AUTHENTICATION_PROCESSING_FILTER", new Integer(AUTHENTICATION_PROCESSING_FILTER)); - filterNameToOrder.put("OPENID_PROCESSING_FILTER", new Integer(OPENID_PROCESSING_FILTER)); - filterNameToOrder.put("BASIC_PROCESSING_FILTER", new Integer(BASIC_PROCESSING_FILTER)); - filterNameToOrder.put("SERVLET_API_SUPPORT_FILTER", new Integer(SERVLET_API_SUPPORT_FILTER)); - filterNameToOrder.put("REMEMBER_ME_FILTER", new Integer(REMEMBER_ME_FILTER)); - filterNameToOrder.put("ANONYMOUS_FILTER", new Integer(ANONYMOUS_FILTER)); - filterNameToOrder.put("EXCEPTION_TRANSLATION_FILTER", new Integer(EXCEPTION_TRANSLATION_FILTER)); - filterNameToOrder.put("NTLM_FILTER", new Integer(NTLM_FILTER)); - filterNameToOrder.put("SESSION_CONTEXT_INTEGRATION_FILTER", new Integer(HTTP_SESSION_CONTEXT_FILTER)); - filterNameToOrder.put("FILTER_SECURITY_INTERCEPTOR", new Integer(FILTER_SECURITY_INTERCEPTOR)); - filterNameToOrder.put("SWITCH_USER_FILTER", new Integer(SWITCH_USER_FILTER)); - filterNameToOrder.put("LAST", new Integer(Integer.MAX_VALUE)); - } - - /** Allows filters to be used by name in the XSD file without explicit reference to Java constants */ - public static int getOrder(String filterName) { - Integer order = filterNameToOrder.get(filterName); - - Assert.notNull(order, "Unable to match filter name " + filterName); - - return order.intValue(); - } -} diff --git a/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java b/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java index 2648510db5..2541f7f186 100644 --- a/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java +++ b/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java @@ -1,6 +1,6 @@ package org.springframework.security.config.http; -import static org.springframework.security.config.http.FilterChainOrder.*; +import static org.springframework.security.config.http.SecurityFilters.*; import static org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.*; import java.util.ArrayList; @@ -488,13 +488,11 @@ class HttpConfigurationBuilder { } if (sfpf != null) { - filters.add(new OrderDecorator(sfpf, SESSION_FIXATION_FILTER)); + filters.add(new OrderDecorator(sfpf, SESSION_MANAGEMENT_FILTER)); } filters.add(new OrderDecorator(fsi, FILTER_SECURITY_INTERCEPTOR)); return filters; } - - } diff --git a/config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java index af8d989e2a..570f9e28d5 100644 --- a/config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java @@ -1,6 +1,6 @@ package org.springframework.security.config.http; -import static org.springframework.security.config.http.FilterChainOrder.REQUEST_CACHE_FILTER; +import static org.springframework.security.config.http.SecurityFilters.REQUEST_CACHE_FILTER; import java.util.ArrayList; import java.util.Collections; @@ -231,13 +231,21 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser { } if (StringUtils.hasText(position)) { - customFilters.add(new OrderDecorator(bean, FilterChainOrder.getOrder(position))); + customFilters.add(new OrderDecorator(bean, SecurityFilters.valueOf(position))); } else if (StringUtils.hasText(after)) { - int order = FilterChainOrder.getOrder(after); - customFilters.add(new OrderDecorator(bean, order == Integer.MAX_VALUE ? order : order + 1)); + SecurityFilters order = SecurityFilters.valueOf(after); + if (order == SecurityFilters.LAST) { + customFilters.add(new OrderDecorator(bean, SecurityFilters.LAST)); + } else { + customFilters.add(new OrderDecorator(bean, order.getOrder() + 1)); + } } else if (StringUtils.hasText(before)) { - int order = FilterChainOrder.getOrder(before); - customFilters.add(new OrderDecorator(bean, order == Integer.MIN_VALUE ? order : order - 1)); + SecurityFilters order = SecurityFilters.valueOf(before); + if (order == SecurityFilters.FIRST) { + customFilters.add(new OrderDecorator(bean, SecurityFilters.FIRST)); + } else { + customFilters.add(new OrderDecorator(bean, order.getOrder() - 1)); + } } } @@ -302,8 +310,12 @@ class OrderDecorator implements Ordered { BeanMetadataElement bean; int order; + public OrderDecorator(BeanMetadataElement bean, SecurityFilters filterOrder) { + this.bean = bean; + this.order = filterOrder.getOrder(); + } + public OrderDecorator(BeanMetadataElement bean, int order) { - super(); this.bean = bean; this.order = order; } diff --git a/config/src/main/java/org/springframework/security/config/http/SecurityFilters.java b/config/src/main/java/org/springframework/security/config/http/SecurityFilters.java new file mode 100644 index 0000000000..0adeb8c461 --- /dev/null +++ b/config/src/main/java/org/springframework/security/config/http/SecurityFilters.java @@ -0,0 +1,49 @@ +package org.springframework.security.config.http; + + +/** + * Stores the default order numbers of all Spring Security filters for use in configuration. + * + * @author Luke Taylor + * @version $Id$ + */ + +enum SecurityFilters { + FIRST (Integer.MIN_VALUE), + CHANNEL_FILTER, + CONCURRENT_SESSION_FILTER, + SECURITY_CONTEXT_FILTER, + LOGOUT_FILTER, + X509_FILTER, + PRE_AUTH_FILTER, + CAS_FILTER, + FORM_LOGIN_FILTER, + OPENID_FILTER, + LOGIN_PAGE_FILTER, + DIGEST_AUTH_FILTER, + BASIC_AUTH_FILTER, + REQUEST_CACHE_FILTER, + SERVLET_API_SUPPORT_FILTER, + REMEMBER_ME_FILTER, + ANONYMOUS_FILTER, + SESSION_MANAGEMENT_FILTER, + EXCEPTION_TRANSLATION_FILTER, + FILTER_SECURITY_INTERCEPTOR, + SWITCH_USER_FILTER, + LAST (Integer.MAX_VALUE); + + private static final int INTERVAL = 100; + private final int order; + + private SecurityFilters() { + order = ordinal() * INTERVAL; + } + + private SecurityFilters(int order) { + this.order = order; + } + + public int getOrder() { + return order; + } +} diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-3.0.rnc b/config/src/main/resources/org/springframework/security/config/spring-security-3.0.rnc index 676ec5d289..b9eb7bfc78 100644 --- a/config/src/main/resources/org/springframework/security/config/spring-security-3.0.rnc +++ b/config/src/main/resources/org/springframework/security/config/spring-security-3.0.rnc @@ -616,6 +616,6 @@ position = attribute position {named-security-filter} -named-security-filter = "FIRST" | "CHANNEL_FILTER" | "CONCURRENT_SESSION_FILTER" | "SESSION_CONTEXT_INTEGRATION_FILTER" | "LOGOUT_FILTER" | "X509_FILTER" | "PRE_AUTH_FILTER" | "CAS_PROCESSING_FILTER" | "AUTHENTICATION_PROCESSING_FILTER" | "OPENID_PROCESSING_FILTER" |"BASIC_PROCESSING_FILTER" | "SERVLET_API_SUPPORT_FILTER" | "REMEMBER_ME_FILTER" | "ANONYMOUS_FILTER" | "EXCEPTION_TRANSLATION_FILTER" | "NTLM_FILTER" | "FILTER_SECURITY_INTERCEPTOR" | "SWITCH_USER_FILTER" | "LAST" +named-security-filter = "FIRST" | "CHANNEL_FILTER" | "CONCURRENT_SESSION_FILTER" | "SECURITY_CONTEXT_FILTER" | "LOGOUT_FILTER" | "X509_FILTER" | "PRE_AUTH_FILTER" | "CAS_FILTER" | "FORM_LOGIN_FILTER" | "OPENID_FILTER" |"BASIC_AUTH_FILTER" | "SERVLET_API_SUPPORT_FILTER" | "REMEMBER_ME_FILTER" | "ANONYMOUS_FILTER" | "EXCEPTION_TRANSLATION_FILTER" | "SESSION_MANAGEMENT_FILTER" | "FILTER_SECURITY_INTERCEPTOR" | "SWITCH_USER_FILTER" | "LAST" diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-3.0.xsd b/config/src/main/resources/org/springframework/security/config/spring-security-3.0.xsd index e792ce6748..cd29869139 100644 --- a/config/src/main/resources/org/springframework/security/config/spring-security-3.0.xsd +++ b/config/src/main/resources/org/springframework/security/config/spring-security-3.0.xsd @@ -1333,19 +1333,19 @@ - + - - - - + + + + - + diff --git a/config/src/test/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParserTests.java index 95f9b6fccd..24f8220e4c 100644 --- a/config/src/test/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParserTests.java @@ -507,7 +507,7 @@ public class HttpSecurityBeanDefinitionParserTests { "" + " " + " " + - " " + + " " + "" + AUTH_PROVIDER_XML + "" + "" +