GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

SEC-1202: Removed SpringSecurityFilter and replaced with use of GenericFilterBean from spring-web

3.0.x
Luke Taylor 17 years ago
parent
b807f7cbdd
commit
f536c80020
36 changed files with 225 additions and 251 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      cas/src/test/java/org/springframework/security/cas/web/CasProcessingFilterTests.java
  2. 1
      config/pom.xml
  3. 35
      config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java
  4. 8
      config/src/test/java/org/springframework/security/config/FilterChainProxyConfigTests.java
  5. 16
      ntlm/src/main/java/org/springframework/security/ui/ntlm/NtlmProcessingFilter.java
  6. 10
      openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationProcessingFilter.java
  7. 43
      web/src/main/java/org/springframework/security/web/FilterChainProxy.java
  8. 61
      web/src/main/java/org/springframework/security/web/SpringSecurityFilter.java
  9. 16
      web/src/main/java/org/springframework/security/web/access/ExceptionTranslationFilter.java
  10. 14
      web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessingFilter.java
  11. 15
      web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java
  12. 15
      web/src/main/java/org/springframework/security/web/authentication/AnonymousProcessingFilter.java
  13. 14
      web/src/main/java/org/springframework/security/web/authentication/concurrent/ConcurrentSessionFilter.java
  14. 12
      web/src/main/java/org/springframework/security/web/authentication/logout/LogoutFilter.java
  15. 43
      web/src/main/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.java
  16. 17
      web/src/main/java/org/springframework/security/web/authentication/rememberme/RememberMeProcessingFilter.java
  17. 16
      web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserProcessingFilter.java
  18. 12
      web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java
  19. 14
      web/src/main/java/org/springframework/security/web/authentication/www/BasicProcessingFilter.java
  20. 16
      web/src/main/java/org/springframework/security/web/authentication/www/DigestProcessingFilter.java
  21. 2
      web/src/main/java/org/springframework/security/web/context/HttpSessionContextIntegrationFilter.java
  22. 12
      web/src/main/java/org/springframework/security/web/context/SecurityContextPersistenceFilter.java
  23. 12
      web/src/main/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilter.java
  24. 10
      web/src/main/java/org/springframework/security/web/session/SessionManagementFilter.java
  25. 11
      web/src/main/java/org/springframework/security/web/wrapper/SecurityContextHolderAwareRequestFilter.java
  26. 2
      web/src/test/java/org/springframework/security/web/access/channel/ChannelProcessingFilterTests.java
  27. 7
      web/src/test/java/org/springframework/security/web/authentication/AnonymousProcessingFilterTests.java
  28. 2
      web/src/test/java/org/springframework/security/web/authentication/AuthenticationProcessingFilterTests.java
  29. 1
      web/src/test/java/org/springframework/security/web/authentication/preauth/header/RequestHeaderPreAuthenticatedProcessingFilterTests.java
  30. 7
      web/src/test/java/org/springframework/security/web/authentication/rememberme/RememberMeProcessingFilterTests.java
  31. 4
      web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserProcessingFilterTests.java
  32. 5
      web/src/test/java/org/springframework/security/web/authentication/www/BasicProcessingFilterTests.java
  33. 4
      web/src/test/java/org/springframework/security/web/authentication/www/DigestProcessingFilterTests.java
  34. 4
      web/src/test/java/org/springframework/security/web/context/HttpSessionContextIntegrationFilterTests.java
  35. 2
      web/src/test/java/org/springframework/security/web/wrapper/SecurityContextHolderAwareRequestFilterTests.java
  36. 11
      web/template.mf

2
cas/src/test/java/org/springframework/security/cas/web/CasProcessingFilterTests.java
Unescape View File

@ -48,7 +48,6 @@ public class CasProcessingFilterTests extends TestCase { @@ -48,7 +48,6 @@ public class CasProcessingFilterTests extends TestCase {
CasProcessingFilter filter = new CasProcessingFilter();
filter.setAuthenticationManager(authMgr);
filter.init(null);
Authentication result = filter.attemptAuthentication(request, new MockHttpServletResponse());
assertTrue(result != null);
@ -62,7 +61,6 @@ public class CasProcessingFilterTests extends TestCase { @@ -62,7 +61,6 @@ public class CasProcessingFilterTests extends TestCase {
CasProcessingFilter filter = new CasProcessingFilter();
filter.setAuthenticationManager(authMgr);
filter.init(null);
try {
filter.attemptAuthentication(request, new MockHttpServletResponse());

1
config/pom.xml
Unescape View File

@ -58,7 +58,6 @@ @@ -58,7 +58,6 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.directory.server</groupId>

35
config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java
Unescape View File

@ -22,28 +22,28 @@ import org.springframework.security.web.context.SecurityContextPersistenceFilter @@ -22,28 +22,28 @@ import org.springframework.security.web.context.SecurityContextPersistenceFilter
import org.springframework.security.web.session.SessionManagementFilter;
import org.springframework.security.web.wrapper.SecurityContextHolderAwareRequestFilter;
public class DefaultFilterChainValidator implements FilterChainProxy.FilterChainValidator{
public class DefaultFilterChainValidator implements FilterChainProxy.FilterChainValidator {
private Log logger = LogFactory.getLog(getClass());
public void validate(FilterChainProxy fcp) {
Map<String, List<Filter>> filterChainMap = fcp.getFilterChainMap();
for(String pattern : fcp.getFilterChainMap().keySet()) {
List<Filter> filters = filterChainMap.get(pattern);
checkFilterStack(filters);
}
public void validate(FilterChainProxy fcp) {
Map<String, List<Filter>> filterChainMap = fcp.getFilterChainMap();
for(String pattern : fcp.getFilterChainMap().keySet()) {
List<Filter> filters = filterChainMap.get(pattern);
checkFilterStack(filters);
}
checkLoginPageIsntProtected(fcp, filterChainMap.get(fcp.getMatcher().getUniversalMatchPattern()));
}
checkLoginPageIsntProtected(fcp, filterChainMap.get(fcp.getMatcher().getUniversalMatchPattern()));
}
private Object getFilter(Class<?> type, List<Filter> filters) {
for (Filter f : filters) {
if (type.isAssignableFrom(f.getClass())) {
return f;
}
}
for (Filter f : filters) {
if (type.isAssignableFrom(f.getClass())) {
return f;
}
}
return null;
return null;
}
/**
@ -78,7 +78,7 @@ public class DefaultFilterChainValidator implements FilterChainProxy.FilterChain @@ -78,7 +78,7 @@ public class DefaultFilterChainValidator implements FilterChainProxy.FilterChain
/* Checks for the common error of having a login page URL protected by the security interceptor */
private void checkLoginPageIsntProtected(FilterChainProxy fcp, List<Filter> defaultFilters) {
ExceptionTranslationFilter etf = (ExceptionTranslationFilter)getFilter(ExceptionTranslationFilter.class, defaultFilters);
ExceptionTranslationFilter etf = (ExceptionTranslationFilter)getFilter(ExceptionTranslationFilter.class, defaultFilters);
if (etf.getAuthenticationEntryPoint() instanceof LoginUrlAuthenticationEntryPoint) {
String loginPage =
@ -129,7 +129,4 @@ public class DefaultFilterChainValidator implements FilterChainProxy.FilterChain @@ -129,7 +129,4 @@ public class DefaultFilterChainValidator implements FilterChainProxy.FilterChain
}
}
}
}

8
config/src/test/java/org/springframework/security/config/FilterChainProxyConfigTests.java
Unescape View File

@ -17,13 +17,13 @@ package org.springframework.security.config; @@ -17,13 +17,13 @@ package org.springframework.security.config;
import static org.junit.Assert.*;
import static org.mockito.Matchers.any;
import static org.mockito.Mockito.*;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.verify;
import java.util.List;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@ -136,8 +136,6 @@ public class FilterChainProxyConfigTests { @@ -136,8 +136,6 @@ public class FilterChainProxyConfigTests {
}
private void doNormalOperation(FilterChainProxy filterChainProxy) throws Exception {
filterChainProxy.init(mock(FilterConfig.class));
MockHttpServletRequest request = new MockHttpServletRequest();
request.setServletPath("/foo/secure/super/somefile.html");
@ -151,7 +149,5 @@ public class FilterChainProxyConfigTests { @@ -151,7 +149,5 @@ public class FilterChainProxyConfigTests {
chain = mock(FilterChain.class);
filterChainProxy.doFilter(request, response, chain);
verify(chain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
filterChainProxy.destroy();
}
}

16
ntlm/src/main/java/org/springframework/security/ui/ntlm/NtlmProcessingFilter.java
Unescape View File

@ -22,6 +22,8 @@ import java.util.Properties; @@ -22,6 +22,8 @@ import java.util.Properties;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
@ -40,7 +42,6 @@ import jcifs.util.Base64; @@ -40,7 +42,6 @@ import jcifs.util.Base64;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
import org.springframework.security.authentication.AuthenticationDetailsSource;
@ -51,10 +52,10 @@ import org.springframework.security.authentication.UsernamePasswordAuthenticatio @@ -51,10 +52,10 @@ import org.springframework.security.authentication.UsernamePasswordAuthenticatio
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.SpringSecurityFilter;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationProcessingFilter;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.util.Assert;
import org.springframework.web.filter.GenericFilterBean;
/**
* A clean-room implementation for Spring Security of an NTLM HTTP filter
@ -81,7 +82,7 @@ import org.springframework.util.Assert; @@ -81,7 +82,7 @@ import org.springframework.util.Assert;
* @author Edward Smith
* @version $Id$
*/
public class NtlmProcessingFilter extends SpringSecurityFilter implements InitializingBean {
public class NtlmProcessingFilter extends GenericFilterBean {
//~ Static fields/initializers =====================================================================================
private static Log logger = LogFactory.getLog(NtlmProcessingFilter.class);
@ -120,7 +121,8 @@ public class NtlmProcessingFilter extends SpringSecurityFilter implements Initia @@ -120,7 +121,8 @@ public class NtlmProcessingFilter extends SpringSecurityFilter implements Initia
* Ensures an <code>AuthenticationManager</code> and authentication failure
* URL have been provided in the bean configuration file.
*/
public void afterPropertiesSet() throws Exception {
@Override
public void afterPropertiesSet() {
Assert.notNull(this.authenticationManager, "An AuthenticationManager is required");
// Default to 5 minutes if not already specified
@ -304,8 +306,10 @@ public class NtlmProcessingFilter extends SpringSecurityFilter implements Initia @@ -304,8 +306,10 @@ public class NtlmProcessingFilter extends SpringSecurityFilter implements Initia
this.authenticationDetailsSource = authenticationDetailsSource;
}
protected void doFilterHttp(final HttpServletRequest request,
final HttpServletResponse response, final FilterChain chain) throws IOException, ServletException {
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
final HttpSession session = request.getSession();
Integer ntlmState = (Integer) session.getAttribute(STATE_ATTR);

10
openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationProcessingFilter.java
Unescape View File

@ -25,6 +25,7 @@ import javax.servlet.http.HttpServletRequest; @@ -25,6 +25,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.openid4java.consumer.ConsumerException;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
@ -81,10 +82,15 @@ public class OpenIDAuthenticationProcessingFilter extends AbstractAuthentication @@ -81,10 +82,15 @@ public class OpenIDAuthenticationProcessingFilter extends AbstractAuthentication
//~ Methods ========================================================================================================
public void afterPropertiesSet() throws Exception {
@Override
public void afterPropertiesSet() {
super.afterPropertiesSet();
if (consumer == null) {
consumer = new OpenID4JavaConsumer();
try {
consumer = new OpenID4JavaConsumer();
} catch (ConsumerException e) {
throw new IllegalArgumentException("Failed to initialize OpenID", e);
}
}
}

43
web/src/main/java/org/springframework/security/web/FilterChainProxy.java
Unescape View File

@ -33,12 +33,12 @@ import javax.servlet.ServletResponse; @@ -33,12 +33,12 @@ import javax.servlet.ServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.security.web.util.AntUrlPathMatcher;
import org.springframework.security.web.util.UrlMatcher;
import org.springframework.util.Assert;
import org.springframework.web.filter.DelegatingFilterProxy;
import org.springframework.web.filter.GenericFilterBean;
/**
@ -104,7 +104,7 @@ import org.springframework.web.filter.DelegatingFilterProxy; @@ -104,7 +104,7 @@ import org.springframework.web.filter.DelegatingFilterProxy;
*
* @version $Id$
*/
public class FilterChainProxy implements Filter, InitializingBean {
public class FilterChainProxy extends GenericFilterBean {
//~ Static fields/initializers =====================================================================================
private static final Log logger = LogFactory.getLog(FilterChainProxy.class);
@ -123,35 +123,12 @@ public class FilterChainProxy implements Filter, InitializingBean { @@ -123,35 +123,12 @@ public class FilterChainProxy implements Filter, InitializingBean {
//~ Methods ========================================================================================================
public void afterPropertiesSet() throws Exception {
@Override
public void afterPropertiesSet() {
Assert.notNull(uncompiledFilterChainMap, "filterChainMap must be set");
filterChainValidator.validate(this);
}
public void init(FilterConfig filterConfig) throws ServletException {
for (Filter filter : obtainAllDefinedFilters()) {
if (filter != null) {
if (logger.isDebugEnabled()) {
logger.debug("Initializing Filter defined in ApplicationContext: '" + filter + "'");
}
filter.init(filterConfig);
}
}
}
public void destroy() {
for (Filter filter : obtainAllDefinedFilters()) {
if (filter != null) {
if (logger.isDebugEnabled()) {
logger.debug("Destroying Filter defined in ApplicationContext: '" + filter + "'");
}
filter.destroy();
}
}
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
@ -324,10 +301,10 @@ public class FilterChainProxy implements Filter, InitializingBean { @@ -324,10 +301,10 @@ public class FilterChainProxy implements Filter, InitializingBean {
* @param filterChainValidator
*/
public void setFilterChainValidator(FilterChainValidator filterChainValidator) {
this.filterChainValidator = filterChainValidator;
}
this.filterChainValidator = filterChainValidator;
}
public String toString() {
public String toString() {
StringBuffer sb = new StringBuffer();
sb.append("FilterChainProxy[");
sb.append(" UrlMatcher = ").append(matcher);
@ -382,12 +359,12 @@ public class FilterChainProxy implements Filter, InitializingBean { @@ -382,12 +359,12 @@ public class FilterChainProxy implements Filter, InitializingBean {
}
public interface FilterChainValidator {
void validate(FilterChainProxy filterChainProxy);
void validate(FilterChainProxy filterChainProxy);
}
private class NullFilterChainValidator implements FilterChainValidator {
public void validate(FilterChainProxy filterChainProxy) {
}
public void validate(FilterChainProxy filterChainProxy) {
}
}
}

61
web/src/main/java/org/springframework/security/web/SpringSecurityFilter.java
Unescape View File

@ -1,61 +0,0 @@ @@ -1,61 +0,0 @@
package org.springframework.security.web;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.core.Ordered;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.ServletException;
import javax.servlet.FilterChain;
import javax.servlet.ServletResponse;
import javax.servlet.FilterConfig;
import javax.servlet.ServletRequest;
import javax.servlet.Filter;
import java.io.IOException;
/**
* Implements Ordered interface as required by security namespace configuration and implements unused filter
* lifecycle methods and performs casting of request and response to http versions in doFilter method.
*
* @author Luke Taylor
* @version $Id$
*/
public abstract class SpringSecurityFilter implements Filter, Ordered {
protected final Log logger = LogFactory.getLog(this.getClass());
private int order;
/**
* Does nothing. We use IoC container lifecycle services instead.
*
* @param filterConfig ignored
* @throws ServletException ignored
*/
public final void init(FilterConfig filterConfig) throws ServletException {
}
/**
* Does nothing. We use IoC container lifecycle services instead.
*/
public final void destroy() {
}
public final void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
doFilterHttp((HttpServletRequest)request, (HttpServletResponse)response, chain);
}
protected abstract void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException;
public final int getOrder() {
return order;
}
public void setOrder(int order) {
this.order = order;
}
public String toString() {
return getClass().getName() + "[ order=" + getOrder() + "; ]";
}
}

16
web/src/main/java/org/springframework/security/web/access/ExceptionTranslationFilter.java
Unescape View File

@ -19,10 +19,11 @@ import java.io.IOException; @@ -19,10 +19,11 @@ import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.authentication.AuthenticationTrustResolver;
import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
@ -30,12 +31,12 @@ import org.springframework.security.authentication.InsufficientAuthenticationExc @@ -30,12 +31,12 @@ import org.springframework.security.authentication.InsufficientAuthenticationExc
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.SpringSecurityFilter;
import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
import org.springframework.security.web.savedrequest.RequestCache;
import org.springframework.security.web.util.ThrowableAnalyzer;
import org.springframework.security.web.util.ThrowableCauseExtractor;
import org.springframework.util.Assert;
import org.springframework.web.filter.GenericFilterBean;
/**
* Handles any <code>AccessDeniedException</code> and <code>AuthenticationException</code> thrown within the
@ -68,7 +69,7 @@ import org.springframework.util.Assert; @@ -68,7 +69,7 @@ import org.springframework.util.Assert;
* @author colin sampaleanu
* @version $Id$
*/
public class ExceptionTranslationFilter extends SpringSecurityFilter implements InitializingBean {
public class ExceptionTranslationFilter extends GenericFilterBean {
//~ Instance fields ================================================================================================
@ -82,13 +83,16 @@ public class ExceptionTranslationFilter extends SpringSecurityFilter implements @@ -82,13 +83,16 @@ public class ExceptionTranslationFilter extends SpringSecurityFilter implements
//~ Methods ========================================================================================================
public void afterPropertiesSet() throws Exception {
@Override
public void afterPropertiesSet() {
Assert.notNull(authenticationEntryPoint, "authenticationEntryPoint must be specified");
// Assert.notNull(portResolver, "portResolver must be specified");
}
public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException,
ServletException {
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
try {
chain.doFilter(request, response);

14
web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessingFilter.java
Unescape View File

@ -23,15 +23,16 @@ import java.util.Set; @@ -23,15 +23,16 @@ import java.util.Set;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.SpringSecurityFilter;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.util.Assert;
import org.springframework.web.filter.GenericFilterBean;
/**
@ -45,7 +46,7 @@ import org.springframework.util.Assert; @@ -45,7 +46,7 @@ import org.springframework.util.Assert;
* @author Ben Alex
* @version $Id$
*/
public class ChannelProcessingFilter extends SpringSecurityFilter implements InitializingBean {
public class ChannelProcessingFilter extends GenericFilterBean {
//~ Instance fields ================================================================================================
@ -54,7 +55,8 @@ public class ChannelProcessingFilter extends SpringSecurityFilter implements Ini @@ -54,7 +55,8 @@ public class ChannelProcessingFilter extends SpringSecurityFilter implements Ini
//~ Methods ========================================================================================================
public void afterPropertiesSet() throws Exception {
@Override
public void afterPropertiesSet() {
Assert.notNull(securityMetadataSource, "securityMetadataSource must be specified");
Assert.notNull(channelDecisionManager, "channelDecisionManager must be specified");
@ -86,8 +88,10 @@ public class ChannelProcessingFilter extends SpringSecurityFilter implements Ini @@ -86,8 +88,10 @@ public class ChannelProcessingFilter extends SpringSecurityFilter implements Ini
}
}
public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
FilterInvocation fi = new FilterInvocation(request, response, chain);
List<ConfigAttribute> attr = this.securityMetadataSource.getAttributes(fi);

15
web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java
Unescape View File

@ -19,11 +19,12 @@ import java.io.IOException; @@ -19,11 +19,12 @@ import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.ApplicationEventPublisherAware;
import org.springframework.context.MessageSource;
@ -36,11 +37,11 @@ import org.springframework.security.core.Authentication; @@ -36,11 +37,11 @@ import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.SpringSecurityMessageSource;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.SpringSecurityFilter;
import org.springframework.security.web.session.AuthenticatedSessionStrategy;
import org.springframework.security.web.session.NullAuthenticatedSessionStrategy;
import org.springframework.security.web.util.UrlUtils;
import org.springframework.util.Assert;
import org.springframework.web.filter.GenericFilterBean;
/**
* Abstract processor of browser-based HTTP-based authentication requests.
@ -102,7 +103,7 @@ import org.springframework.util.Assert; @@ -102,7 +103,7 @@ import org.springframework.util.Assert;
* @author Ben Alex
* @version $Id$
*/
public abstract class AbstractAuthenticationProcessingFilter extends SpringSecurityFilter implements InitializingBean,
public abstract class AbstractAuthenticationProcessingFilter extends GenericFilterBean implements
ApplicationEventPublisherAware, MessageSourceAware {
//~ Static fields/initializers =====================================================================================
@ -147,7 +148,8 @@ public abstract class AbstractAuthenticationProcessingFilter extends SpringSecur @@ -147,7 +148,8 @@ public abstract class AbstractAuthenticationProcessingFilter extends SpringSecur
//~ Methods ========================================================================================================
public void afterPropertiesSet() throws Exception {
@Override
public void afterPropertiesSet() {
Assert.hasLength(filterProcessesUrl, "filterProcessesUrl must be specified");
Assert.isTrue(UrlUtils.isValidRedirectUrl(filterProcessesUrl), filterProcessesUrl + " isn't a valid redirect URL");
Assert.notNull(authenticationManager, "authenticationManager must be specified");
@ -176,9 +178,12 @@ public abstract class AbstractAuthenticationProcessingFilter extends SpringSecur @@ -176,9 +178,12 @@ public abstract class AbstractAuthenticationProcessingFilter extends SpringSecur
* by this method where the returned <tt>Authentication</tt> object is not null.
* </ol>
*/
public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
if (!requiresAuthentication(request, response)) {
chain.doFilter(request, response);

15
web/src/main/java/org/springframework/security/web/authentication/AnonymousProcessingFilter.java
Unescape View File

@ -20,6 +20,8 @@ import java.io.IOException; @@ -20,6 +20,8 @@ import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@ -29,8 +31,8 @@ import org.springframework.security.authentication.AuthenticationDetailsSource; @@ -29,8 +31,8 @@ import org.springframework.security.authentication.AuthenticationDetailsSource;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.memory.UserAttribute;
import org.springframework.security.web.SpringSecurityFilter;
import org.springframework.util.Assert;
import org.springframework.web.filter.GenericFilterBean;
/**
@ -40,7 +42,7 @@ import org.springframework.util.Assert; @@ -40,7 +42,7 @@ import org.springframework.util.Assert;
* @author Ben Alex
* @version $Id$
*/
public class AnonymousProcessingFilter extends SpringSecurityFilter implements InitializingBean {
public class AnonymousProcessingFilter extends GenericFilterBean implements InitializingBean {
//~ Instance fields ================================================================================================
@ -51,7 +53,8 @@ public class AnonymousProcessingFilter extends SpringSecurityFilter implements @@ -51,7 +53,8 @@ public class AnonymousProcessingFilter extends SpringSecurityFilter implements
//~ Methods ========================================================================================================
public void afterPropertiesSet() throws Exception {
@Override
public void afterPropertiesSet() {
Assert.notNull(userAttribute);
Assert.hasLength(key);
}
@ -79,7 +82,11 @@ public class AnonymousProcessingFilter extends SpringSecurityFilter implements @@ -79,7 +82,11 @@ public class AnonymousProcessingFilter extends SpringSecurityFilter implements
return auth;
}
protected void doFilterHttp(HttpServletRequest request,HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
boolean addedToken = false;
if (applyAnonymousForThisRequest(request)) {

14
web/src/main/java/org/springframework/security/web/authentication/concurrent/ConcurrentSessionFilter.java
Unescape View File

@ -19,20 +19,21 @@ import java.io.IOException; @@ -19,20 +19,21 @@ import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.authentication.concurrent.SessionInformation;
import org.springframework.security.authentication.concurrent.SessionRegistry;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.SpringSecurityFilter;
import org.springframework.security.web.authentication.logout.LogoutHandler;
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
import org.springframework.security.web.util.UrlUtils;
import org.springframework.util.Assert;
import org.springframework.web.filter.GenericFilterBean;
/**
@ -52,7 +53,7 @@ import org.springframework.util.Assert; @@ -52,7 +53,7 @@ import org.springframework.util.Assert;
* @author Ben Alex
* @version $Id$
*/
public class ConcurrentSessionFilter extends SpringSecurityFilter implements InitializingBean {
public class ConcurrentSessionFilter extends GenericFilterBean {
//~ Instance fields ================================================================================================
private SessionRegistry sessionRegistry;
@ -61,14 +62,17 @@ public class ConcurrentSessionFilter extends SpringSecurityFilter implements Ini @@ -61,14 +62,17 @@ public class ConcurrentSessionFilter extends SpringSecurityFilter implements Ini
//~ Methods ========================================================================================================
public void afterPropertiesSet() throws Exception {
@Override
public void afterPropertiesSet() {
Assert.notNull(sessionRegistry, "SessionRegistry required");
Assert.isTrue(expiredUrl == null || UrlUtils.isValidRedirectUrl(expiredUrl),
expiredUrl + " isn't a valid redirect URL");
}
public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
HttpSession session = request.getSession(false);

12
web/src/main/java/org/springframework/security/web/authentication/logout/LogoutFilter.java
Unescape View File

@ -21,15 +21,17 @@ import java.util.List; @@ -21,15 +21,17 @@ import java.util.List;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.SpringSecurityFilter;
import org.springframework.security.web.util.UrlUtils;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import org.springframework.web.filter.GenericFilterBean;
/**
* Logs a principal out.
@ -44,7 +46,7 @@ import org.springframework.util.StringUtils; @@ -44,7 +46,7 @@ import org.springframework.util.StringUtils;
* @author Ben Alex
* @version $Id$
*/
public class LogoutFilter extends SpringSecurityFilter {
public class LogoutFilter extends GenericFilterBean {
//~ Instance fields ================================================================================================
@ -79,8 +81,10 @@ public class LogoutFilter extends SpringSecurityFilter { @@ -79,8 +81,10 @@ public class LogoutFilter extends SpringSecurityFilter {
//~ Methods ========================================================================================================
public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException,
ServletException {
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
if (requiresLogout(request, response)) {
Authentication auth = SecurityContextHolder.getContext().getAuthentication();

43
web/src/main/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.java
Unescape View File

@ -4,39 +4,41 @@ import java.io.IOException; @@ -4,39 +4,41 @@ import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.web.SpringSecurityFilter;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.ApplicationEventPublisherAware;
import org.springframework.security.authentication.AuthenticationDetailsSource;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.event.InteractiveAuthenticationSuccessEvent;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.ApplicationEventPublisherAware;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.util.Assert;
import org.springframework.web.filter.GenericFilterBean;
/**
* Base class for processing filters that handle pre-authenticated authentication requests. Subclasses must implement
* the getPreAuthenticatedPrincipal() and getPreAuthenticatedCredentials() methods.
* <p>
* By default, the filter chain will proceed when an authentication attempt fails in order to allow other
* By default, the filter chain will proceed when an authentication attempt fails in order to allow other
* authentication mechanisms to process the request. To reject the credentials immediately, set the
* <tt>continueFilterChainOnUnsuccessfulAuthentication</tt> flag to false. The exception raised by the
* <tt>AuthenticationManager</tt> will the be re-thrown. Note that this will not affect cases where the principal
* returned by {@link #getPreAuthenticatedPrincipal} is null, when the chain will still proceed as normal.
*
*
*
* @author Luke Taylor
* @author Ruud Senden
* @since 2.0
*/
public abstract class AbstractPreAuthenticatedProcessingFilter extends SpringSecurityFilter implements
public abstract class AbstractPreAuthenticatedProcessingFilter extends GenericFilterBean implements
InitializingBean, ApplicationEventPublisherAware {
private ApplicationEventPublisher eventPublisher = null;
@ -44,28 +46,31 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends SpringSec @@ -44,28 +46,31 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends SpringSec
private AuthenticationDetailsSource authenticationDetailsSource = new WebAuthenticationDetailsSource();
private AuthenticationManager authenticationManager = null;
private boolean continueFilterChainOnUnsuccessfulAuthentication = true;
/**
* Check whether all required properties have been set.
*/
public void afterPropertiesSet() throws Exception {
@Override
public void afterPropertiesSet() {
Assert.notNull(authenticationManager, "An AuthenticationManager must be set");
}
/**
* Try to authenticate a pre-authenticated user with Spring Security if the user has not yet been authenticated.
*/
public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException {
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
if (logger.isDebugEnabled()) {
logger.debug("Checking secure context token: " + SecurityContextHolder.getContext().getAuthentication());
}
if (SecurityContextHolder.getContext().getAuthentication() == null) {
doAuthenticate(request, response);
doAuthenticate((HttpServletRequest) request, (HttpServletResponse) response);
}
filterChain.doFilter(request, response);
chain.doFilter(request, response);
}
/**
@ -82,7 +87,7 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends SpringSec @@ -82,7 +87,7 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends SpringSec
logger.debug("No pre-authenticated principal found in request");
}
return;
return;
}
if (logger.isDebugEnabled()) {
@ -96,7 +101,7 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends SpringSec @@ -96,7 +101,7 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends SpringSec
successfulAuthentication(request, response, authResult);
} catch (AuthenticationException failed) {
unsuccessfulAuthentication(request, response, failed);
if (!continueFilterChainOnUnsuccessfulAuthentication) {
throw failed;
}
@ -155,19 +160,19 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends SpringSec @@ -155,19 +160,19 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends SpringSec
public void setAuthenticationManager(AuthenticationManager authenticationManager) {
this.authenticationManager = authenticationManager;
}
public void setContinueFilterChainOnUnsuccessfulAuthentication(boolean shouldContinue) {
continueFilterChainOnUnsuccessfulAuthentication = shouldContinue;
}
/**
* Override to extract the principal information from the current request
* Override to extract the principal information from the current request
*/
protected abstract Object getPreAuthenticatedPrincipal(HttpServletRequest request);
/**
* Override to extract the credentials (if applicable) from the current request. Some implementations
* may return a dummy value.
*/
*/
protected abstract Object getPreAuthenticatedCredentials(HttpServletRequest request);
}

17
web/src/main/java/org/springframework/security/web/authentication/rememberme/RememberMeProcessingFilter.java
Unescape View File

@ -19,10 +19,11 @@ import java.io.IOException; @@ -19,10 +19,11 @@ import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.ApplicationEventPublisherAware;
import org.springframework.security.authentication.AuthenticationManager;
@ -30,9 +31,9 @@ import org.springframework.security.authentication.event.InteractiveAuthenticati @@ -30,9 +31,9 @@ import org.springframework.security.authentication.event.InteractiveAuthenticati
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.SpringSecurityFilter;
import org.springframework.security.web.authentication.RememberMeServices;
import org.springframework.util.Assert;
import org.springframework.web.filter.GenericFilterBean;
/**
@ -52,8 +53,7 @@ import org.springframework.util.Assert; @@ -52,8 +53,7 @@ import org.springframework.util.Assert;
* @author Ben Alex
* @version $Id$
*/
public class RememberMeProcessingFilter extends SpringSecurityFilter implements InitializingBean,
ApplicationEventPublisherAware {
public class RememberMeProcessingFilter extends GenericFilterBean implements ApplicationEventPublisherAware {
//~ Instance fields ================================================================================================
@ -63,13 +63,16 @@ public class RememberMeProcessingFilter extends SpringSecurityFilter implements @@ -63,13 +63,16 @@ public class RememberMeProcessingFilter extends SpringSecurityFilter implements
//~ Methods ========================================================================================================
public void afterPropertiesSet() throws Exception {
@Override
public void afterPropertiesSet() {
Assert.notNull(authenticationManager, "authenticationManager must be specified");
Assert.notNull(rememberMeServices, "rememberMeServices must be specified");
}
public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
throws IOException, ServletException {
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
if (SecurityContextHolder.getContext().getAuthentication() == null) {
Authentication rememberMeAuth = rememberMeServices.autoLogin(request, response);

16
web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserProcessingFilter.java
Unescape View File

@ -21,11 +21,12 @@ import java.util.List; @@ -21,11 +21,12 @@ import java.util.List;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.ApplicationEventPublisherAware;
import org.springframework.context.MessageSource;
@ -48,7 +49,6 @@ import org.springframework.security.core.userdetails.UserDetails; @@ -48,7 +49,6 @@ import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsChecker;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.web.SpringSecurityFilter;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
@ -57,6 +57,7 @@ import org.springframework.security.web.authentication.WebAuthenticationDetailsS @@ -57,6 +57,7 @@ import org.springframework.security.web.authentication.WebAuthenticationDetailsS
import org.springframework.security.web.util.UrlUtils;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import org.springframework.web.filter.GenericFilterBean;
/**
@ -97,8 +98,8 @@ import org.springframework.util.StringUtils; @@ -97,8 +98,8 @@ import org.springframework.util.StringUtils;
*
* @see org.springframework.security.web.authentication.switchuser.SwitchUserGrantedAuthority
*/
public class SwitchUserProcessingFilter extends SpringSecurityFilter implements InitializingBean,
ApplicationEventPublisherAware, MessageSourceAware {
public class SwitchUserProcessingFilter extends GenericFilterBean implements ApplicationEventPublisherAware,
MessageSourceAware {
//~ Static fields/initializers =====================================================================================
public static final String SPRING_SECURITY_SWITCH_USERNAME_KEY = "j_username";
@ -121,7 +122,8 @@ public class SwitchUserProcessingFilter extends SpringSecurityFilter implements @@ -121,7 +122,8 @@ public class SwitchUserProcessingFilter extends SpringSecurityFilter implements
//~ Methods ========================================================================================================
public void afterPropertiesSet() throws Exception {
@Override
public void afterPropertiesSet() {
Assert.notNull(userDetailsService, "userDetailsService must be specified");
Assert.isTrue(successHandler != null || targetUrl != null, "You must set either a successHandler or the targetUrl");
if (targetUrl != null) {
@ -137,8 +139,10 @@ public class SwitchUserProcessingFilter extends SpringSecurityFilter implements @@ -137,8 +139,10 @@ public class SwitchUserProcessingFilter extends SpringSecurityFilter implements
}
}
public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
// check for switch or exit request
if (requiresSwitchUser(request)) {

12
web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java
Unescape View File

@ -4,16 +4,18 @@ import java.io.IOException; @@ -4,16 +4,18 @@ import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.springframework.beans.BeanWrapperImpl;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.SpringSecurityFilter;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationProcessingFilter;
import org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices;
import org.springframework.web.filter.GenericFilterBean;
/**
* For internal use with namespace configuration in the case where a user doesn't configure a login page.
@ -25,7 +27,7 @@ import org.springframework.security.web.authentication.rememberme.AbstractRememb @@ -25,7 +27,7 @@ import org.springframework.security.web.authentication.rememberme.AbstractRememb
* @version $Id$
* @since 2.0
*/
public class DefaultLoginPageGeneratingFilter extends SpringSecurityFilter {
public class DefaultLoginPageGeneratingFilter extends GenericFilterBean {
public static final String DEFAULT_LOGIN_PAGE_URL = "/spring_security_login";
public static final String ERROR_PARAMETER_NAME = "login_error";
boolean formLoginEnabled;
@ -73,7 +75,11 @@ public class DefaultLoginPageGeneratingFilter extends SpringSecurityFilter { @@ -73,7 +75,11 @@ public class DefaultLoginPageGeneratingFilter extends SpringSecurityFilter {
}
}
protected void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
if (isLoginUrlRequest(request)) {
String loginPageHtml = generateLoginPageHtml(request);
response.setContentType("text/html;charset=UTF-8");

14
web/src/main/java/org/springframework/security/web/authentication/www/BasicProcessingFilter.java
Unescape View File

@ -19,11 +19,12 @@ import java.io.IOException; @@ -19,11 +19,12 @@ import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.codec.binary.Base64;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.authentication.AuthenticationDetailsSource;
import org.springframework.security.authentication.AuthenticationManager;
@ -32,11 +33,11 @@ import org.springframework.security.core.Authentication; @@ -32,11 +33,11 @@ import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.SpringSecurityFilter;
import org.springframework.security.web.authentication.NullRememberMeServices;
import org.springframework.security.web.authentication.RememberMeServices;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.util.Assert;
import org.springframework.web.filter.GenericFilterBean;
/**
@ -84,7 +85,7 @@ import org.springframework.util.Assert; @@ -84,7 +85,7 @@ import org.springframework.util.Assert;
* @author Ben Alex
* @version $Id$
*/
public class BasicProcessingFilter extends SpringSecurityFilter implements InitializingBean {
public class BasicProcessingFilter extends GenericFilterBean {
//~ Instance fields ================================================================================================
@ -97,7 +98,8 @@ public class BasicProcessingFilter extends SpringSecurityFilter implements Initi @@ -97,7 +98,8 @@ public class BasicProcessingFilter extends SpringSecurityFilter implements Initi
//~ Methods ========================================================================================================
public void afterPropertiesSet() throws Exception {
@Override
public void afterPropertiesSet() {
Assert.notNull(this.authenticationManager, "An AuthenticationManager is required");
if(!isIgnoreFailure()) {
@ -105,8 +107,10 @@ public class BasicProcessingFilter extends SpringSecurityFilter implements Initi @@ -105,8 +107,10 @@ public class BasicProcessingFilter extends SpringSecurityFilter implements Initi
}
}
public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
String header = request.getHeader("Authorization");

16
web/src/main/java/org/springframework/security/web/authentication/www/DigestProcessingFilter.java
Unescape View File

@ -18,9 +18,10 @@ package org.springframework.security.web.authentication.www; @@ -18,9 +18,10 @@ package org.springframework.security.web.authentication.www;
import java.io.IOException;
import java.util.Map;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@ -28,7 +29,6 @@ import org.apache.commons.codec.binary.Base64; @@ -28,7 +29,6 @@ import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.MessageSource;
import org.springframework.context.MessageSourceAware;
import org.springframework.context.support.MessageSourceAccessor;
@ -44,10 +44,10 @@ import org.springframework.security.core.userdetails.UserDetails; @@ -44,10 +44,10 @@ import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.core.userdetails.cache.NullUserCache;
import org.springframework.security.web.SpringSecurityFilter;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import org.springframework.web.filter.GenericFilterBean;
/**
@ -76,7 +76,7 @@ import org.springframework.util.StringUtils; @@ -76,7 +76,7 @@ import org.springframework.util.StringUtils;
* than Basic authentication. Please see RFC 2617 section 4 for a full discussion on the advantages of Digest
* authentication over Basic authentication, including commentary on the limitations that it still imposes.
*/
public class DigestProcessingFilter extends SpringSecurityFilter implements Filter, InitializingBean, MessageSourceAware {
public class DigestProcessingFilter extends GenericFilterBean implements MessageSourceAware {
//~ Static fields/initializers =====================================================================================
@ -93,13 +93,17 @@ public class DigestProcessingFilter extends SpringSecurityFilter implements Filt @@ -93,13 +93,17 @@ public class DigestProcessingFilter extends SpringSecurityFilter implements Filt
//~ Methods ========================================================================================================
public void afterPropertiesSet() throws Exception {
@Override
public void afterPropertiesSet() {
Assert.notNull(userDetailsService, "A UserDetailsService is required");
Assert.notNull(authenticationEntryPoint, "A DigestProcessingFilterEntryPoint is required");
}
public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
String header = request.getHeader("Authorization");
if (logger.isDebugEnabled()) {

2
web/src/main/java/org/springframework/security/web/context/HttpSessionContextIntegrationFilter.java
Unescape View File

@ -186,7 +186,7 @@ public class HttpSessionContextIntegrationFilter extends SecurityContextPersiste @@ -186,7 +186,7 @@ public class HttpSessionContextIntegrationFilter extends SecurityContextPersiste
//~ Methods ========================================================================================================
public void afterPropertiesSet() throws Exception {
public void afterPropertiesSet() {
if (forceEagerSessionCreation && !allowSessionCreation) {
throw new IllegalArgumentException(
"If using forceEagerSessionCreation, you must set allowSessionCreation to also be true");

12
web/src/main/java/org/springframework/security/web/context/SecurityContextPersistenceFilter.java
Unescape View File

@ -4,13 +4,15 @@ import java.io.IOException; @@ -4,13 +4,15 @@ import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.SpringSecurityFilter;
import org.springframework.web.filter.GenericFilterBean;
/**
* Populates the {@link SecurityContextHolder} with information obtained from
@ -37,7 +39,7 @@ import org.springframework.security.web.SpringSecurityFilter; @@ -37,7 +39,7 @@ import org.springframework.security.web.SpringSecurityFilter;
* @version $Id$
* @since 3.0
*/
public class SecurityContextPersistenceFilter extends SpringSecurityFilter {
public class SecurityContextPersistenceFilter extends GenericFilterBean {
static final String FILTER_APPLIED = "__spring_security_scpf_applied";
@ -45,9 +47,11 @@ public class SecurityContextPersistenceFilter extends SpringSecurityFilter { @@ -45,9 +47,11 @@ public class SecurityContextPersistenceFilter extends SpringSecurityFilter {
private boolean forceEagerSessionCreation = false;
@Override
protected void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
if (request.getAttribute(FILTER_APPLIED) != null) {
// ensure that filter is only applied once per request

12
web/src/main/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilter.java
Unescape View File

@ -4,10 +4,12 @@ import java.io.IOException; @@ -4,10 +4,12 @@ import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.web.SpringSecurityFilter;
import org.springframework.web.filter.GenericFilterBean;
/**
* Responsible for reconstituting the saved request if one is cached and it matches the current request.
@ -21,15 +23,15 @@ import org.springframework.security.web.SpringSecurityFilter; @@ -21,15 +23,15 @@ import org.springframework.security.web.SpringSecurityFilter;
* @version $Id$
* @since 3.0
*/
public class RequestCacheAwareFilter extends SpringSecurityFilter {
public class RequestCacheAwareFilter extends GenericFilterBean {
private RequestCache requestCache = new HttpSessionRequestCache();
@Override
protected void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest wrappedSavedRequest = requestCache.getMatchingRequest(request, response);
HttpServletRequest wrappedSavedRequest =
requestCache.getMatchingRequest((HttpServletRequest)request, (HttpServletResponse)response);
chain.doFilter(wrappedSavedRequest == null ? request : wrappedSavedRequest, response);
}

10
web/src/main/java/org/springframework/security/web/session/SessionManagementFilter.java
Unescape View File

@ -4,6 +4,8 @@ import java.io.IOException; @@ -4,6 +4,8 @@ import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@ -11,9 +13,9 @@ import org.springframework.security.authentication.AuthenticationTrustResolver; @@ -11,9 +13,9 @@ import org.springframework.security.authentication.AuthenticationTrustResolver;
import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.SpringSecurityFilter;
import org.springframework.security.web.context.SecurityContextRepository;
import org.springframework.util.Assert;
import org.springframework.web.filter.GenericFilterBean;
/**
* Detects that a user has been authenticated since the start of the request and, if they have, calls the
@ -27,7 +29,7 @@ import org.springframework.util.Assert; @@ -27,7 +29,7 @@ import org.springframework.util.Assert;
* @version $Id$
* @since 2.0
*/
public class SessionManagementFilter extends SpringSecurityFilter {
public class SessionManagementFilter extends GenericFilterBean {
//~ Static fields/initializers =====================================================================================
static final String FILTER_APPLIED = "__spring_security_session_fixation_filter_applied";
@ -46,8 +48,10 @@ public class SessionManagementFilter extends SpringSecurityFilter { @@ -46,8 +48,10 @@ public class SessionManagementFilter extends SpringSecurityFilter {
this.securityContextRepository = securityContextRepository;
}
protected void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
if (request.getAttribute(FILTER_APPLIED) != null) {
chain.doFilter(request, response);

11
web/src/main/java/org/springframework/security/web/wrapper/SecurityContextHolderAwareRequestFilter.java
Unescape View File

@ -19,11 +19,12 @@ import java.io.IOException; @@ -19,11 +19,12 @@ import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.web.SpringSecurityFilter;
import org.springframework.util.Assert;
import org.springframework.web.filter.GenericFilterBean;
/**
@ -37,7 +38,7 @@ import org.springframework.util.Assert; @@ -37,7 +38,7 @@ import org.springframework.util.Assert;
* @author Luke Taylor
* @version $Id$
*/
public class SecurityContextHolderAwareRequestFilter extends SpringSecurityFilter {
public class SecurityContextHolderAwareRequestFilter extends GenericFilterBean {
//~ Instance fields ================================================================================================
private String rolePrefix;
@ -49,8 +50,8 @@ public class SecurityContextHolderAwareRequestFilter extends SpringSecurityFilte @@ -49,8 +50,8 @@ public class SecurityContextHolderAwareRequestFilter extends SpringSecurityFilte
this.rolePrefix = rolePrefix.trim();
}
protected void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
chain.doFilter(new SecurityContextHolderAwareRequestWrapper(request, rolePrefix), response);
chain.doFilter(new SecurityContextHolderAwareRequestWrapper((HttpServletRequest) req, rolePrefix), res);
}
}

2
web/src/test/java/org/springframework/security/web/access/channel/ChannelProcessingFilterTests.java
Unescape View File

@ -149,9 +149,7 @@ public class ChannelProcessingFilterTests { @@ -149,9 +149,7 @@ public class ChannelProcessingFilterTests {
filter.setSecurityMetadataSource(fids);
assertSame(fids, filter.getSecurityMetadataSource());
filter.init(null);
filter.afterPropertiesSet();
filter.destroy();
}
//~ Inner Classes ==================================================================================================

7
web/src/test/java/org/springframework/security/web/authentication/AnonymousProcessingFilterTests.java
Unescape View File

@ -58,11 +58,10 @@ public class AnonymousProcessingFilterTests extends TestCase { @@ -58,11 +58,10 @@ public class AnonymousProcessingFilterTests extends TestCase {
//~ Methods ========================================================================================================
private void executeFilterInContainerSimulator(FilterConfig filterConfig, Filter filter, ServletRequest request,
ServletResponse response, FilterChain filterChain)
throws ServletException, IOException {
filter.init(filterConfig);
ServletResponse response, FilterChain filterChain) throws ServletException, IOException {
// filter.init(filterConfig);
filter.doFilter(request, response, filterChain);
filter.destroy();
// filter.destroy();
}
protected void setUp() throws Exception {

2
web/src/test/java/org/springframework/security/web/authentication/AuthenticationProcessingFilterTests.java
Unescape View File

@ -52,7 +52,7 @@ public class AuthenticationProcessingFilterTests extends TestCase { @@ -52,7 +52,7 @@ public class AuthenticationProcessingFilterTests extends TestCase {
UsernamePasswordAuthenticationProcessingFilter filter = new UsernamePasswordAuthenticationProcessingFilter();
assertEquals("/j_spring_security_check", filter.getFilterProcessesUrl());
filter.setAuthenticationManager(createAuthenticationManager());
filter.init(null);
// filter.init(null);
Authentication result = filter.attemptAuthentication(request, new MockHttpServletResponse());
assertTrue(result != null);

1
web/src/test/java/org/springframework/security/web/authentication/preauth/header/RequestHeaderPreAuthenticatedProcessingFilterTests.java
Unescape View File

@ -37,7 +37,6 @@ public class RequestHeaderPreAuthenticatedProcessingFilterTests { @@ -37,7 +37,6 @@ public class RequestHeaderPreAuthenticatedProcessingFilterTests {
MockHttpServletResponse response = new MockHttpServletResponse();
MockFilterChain chain = new MockFilterChain();
RequestHeaderPreAuthenticatedProcessingFilter filter = new RequestHeaderPreAuthenticatedProcessingFilter();
filter.getOrder();
filter.doFilter(request, response, chain);
}

7
web/src/test/java/org/springframework/security/web/authentication/rememberme/RememberMeProcessingFilterTests.java
Unescape View File

@ -56,11 +56,10 @@ public class RememberMeProcessingFilterTests extends TestCase { @@ -56,11 +56,10 @@ public class RememberMeProcessingFilterTests extends TestCase {
//~ Methods ========================================================================================================
private void executeFilterInContainerSimulator(FilterConfig filterConfig, Filter filter, ServletRequest request,
ServletResponse response, FilterChain filterChain)
throws ServletException, IOException {
filter.init(filterConfig);
ServletResponse response, FilterChain filterChain) throws ServletException, IOException {
// filter.init(filterConfig);
filter.doFilter(request, response, filterChain);
filter.destroy();
// filter.destroy();
}
protected void setUp() throws Exception {

4
web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserProcessingFilterTests.java
Unescape View File

@ -161,7 +161,7 @@ public class SwitchUserProcessingFilterTests { @@ -161,7 +161,7 @@ public class SwitchUserProcessingFilterTests {
// Check it with no url set (should get a text response)
FilterChain chain = mock(FilterChain.class);
filter.doFilterHttp(request, response, chain);
filter.doFilter(request, response, chain);
verify(chain, never()).doFilter(request, response);
assertEquals("Authentication Failed: User is disabled", response.getErrorMessage());
@ -177,7 +177,7 @@ public class SwitchUserProcessingFilterTests { @@ -177,7 +177,7 @@ public class SwitchUserProcessingFilterTests {
response = new MockHttpServletResponse();
chain = mock(FilterChain.class);
filter.doFilterHttp(request, response, chain);
filter.doFilter(request, response, chain);
verify(chain, never()).doFilter(request, response);
assertEquals("/mywebapp/switchfailed", response.getRedirectedUrl());

5
web/src/test/java/org/springframework/security/web/authentication/www/BasicProcessingFilterTests.java
Unescape View File

@ -24,7 +24,6 @@ import java.io.IOException; @@ -24,7 +24,6 @@ import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
@ -63,13 +62,13 @@ public class BasicProcessingFilterTests { @@ -63,13 +62,13 @@ public class BasicProcessingFilterTests {
private MockHttpServletResponse executeFilterInContainerSimulator(Filter filter, final ServletRequest request,
final boolean expectChainToProceed) throws ServletException, IOException {
filter.init(mock(FilterConfig.class));
// filter.init(mock(FilterConfig.class));
final MockHttpServletResponse response = new MockHttpServletResponse();
FilterChain chain = mock(FilterChain.class);
filter.doFilter(request, response, chain);
filter.destroy();
// filter.destroy();
verify(chain, expectChainToProceed ? times(1) : never()).doFilter(any(ServletRequest.class), any(ServletResponse.class));
return response;

4
web/src/test/java/org/springframework/security/web/authentication/www/DigestProcessingFilterTests.java
Unescape View File

@ -87,8 +87,6 @@ public class DigestProcessingFilterTests { @@ -87,8 +87,6 @@ public class DigestProcessingFilterTests {
private MockHttpServletResponse executeFilterInContainerSimulator(Filter filter, final ServletRequest request,
final boolean expectChainToProceed) throws ServletException, IOException {
filter.init(mock(FilterConfig.class));
final MockHttpServletResponse response = new MockHttpServletResponse();
Mockery jmockContext = new JUnit4Mockery();
@ -99,7 +97,7 @@ public class DigestProcessingFilterTests { @@ -99,7 +97,7 @@ public class DigestProcessingFilterTests {
}});
filter.doFilter(request, response, chain);
filter.destroy();
jmockContext.assertIsSatisfied();
return response;
}

4
web/src/test/java/org/springframework/security/web/context/HttpSessionContextIntegrationFilterTests.java
Unescape View File

@ -59,9 +59,9 @@ public class HttpSessionContextIntegrationFilterTests extends TestCase { @@ -59,9 +59,9 @@ public class HttpSessionContextIntegrationFilterTests extends TestCase {
FilterConfig filterConfig, Filter filter, ServletRequest request,
ServletResponse response, FilterChain filterChain)
throws ServletException, IOException {
filter.init(filterConfig);
// filter.init(filterConfig);
filter.doFilter(request, response, filterChain);
filter.destroy();
// filter.destroy();
}
public void testDetectsIncompatibleSessionProperties() throws Exception {

2
web/src/test/java/org/springframework/security/web/wrapper/SecurityContextHolderAwareRequestFilterTests.java
Unescape View File

@ -42,7 +42,7 @@ public class SecurityContextHolderAwareRequestFilterTests { @@ -42,7 +42,7 @@ public class SecurityContextHolderAwareRequestFilterTests {
public void expectedRequestWrapperClassIsUsed() throws Exception {
SecurityContextHolderAwareRequestFilter filter = new SecurityContextHolderAwareRequestFilter();
filter.setRolePrefix("ROLE_");
filter.init(jmock.mock(FilterConfig.class));
// filter.init(jmock.mock(FilterConfig.class));
final FilterChain filterChain = jmock.mock(FilterChain.class);
jmock.checking(new Expectations() {{

11
web/template.mf
Unescape View File

@ -3,18 +3,18 @@ Bundle-Name: Spring Security Web @@ -3,18 +3,18 @@ Bundle-Name: Spring Security Web
Bundle-Vendor: SpringSource
Bundle-Version: ${version}
Bundle-ManifestVersion: 2
Excluded-Exports:
Excluded-Exports:
org.springframework.security.web.authentication.preauth.websphere
Excluded-Imports:
Excluded-Imports:
javax.naming.*,
javax.rmi.*,
javax.sql.*,
javax.security.auth.*,
org.aopalliance.*
Ignored-Existing-Headers:
Ignored-Existing-Headers:
Import-Package,
Export-Package
Import-Template:
Import-Template:
org.apache.commons.logging.*;version="[1.0.4, 2.0.0)",
org.apache.commons.codec.*;version="[1.3, 2.0)";resolution:=optional,
org.springframework.security.core.*;version="[${version}, 3.1.0)",
@ -31,8 +31,9 @@ Import-Template: @@ -31,8 +31,9 @@ Import-Template:
org.springframework.jdbc.*;version="[3.0.0, 3.1.0)";resolution:=optional,
org.springframework.mock.web;version="[3.0.0, 3.1.0)";resolution:=optional,
org.springframework.web.context.*;version="[3.0.0, 3.1.0)";resolution:=optional,
org.springframework.web.filter.*;version="[3.0.0, 3.1.0)",
org.springframework.util;version="[3.0.0, 3.1.0)";resolution:=optional,
org.w3c.dom;version="0";resolution:=optional,
org.xml.sax;version="0";resolution:=optional,
javax.servlet.*;version="0",
javax.xml.parsers.*;version="0";resolution:=optional
javax.xml.parsers.*;version="0";resolution:=optional

Write Preview
Loading…
Cancel
Save