|
|
|
@ -130,8 +130,8 @@ public class HttpSecurityConfigPostProcessor implements BeanFactoryPostProcessor |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
/** |
|
|
|
* Sets the authentication manager, (and remember-me services, if required) on any instances of |
|
|
|
* Sets the remember-me services, if required, on any instances of AbstractProcessingFilter and |
|
|
|
* AbstractProcessingFilter |
|
|
|
* BasicProcessingFilter. |
|
|
|
*/ |
|
|
|
*/ |
|
|
|
private void injectRememberMeServicesIntoFiltersRequiringIt(ConfigurableListableBeanFactory beanFactory) { |
|
|
|
private void injectRememberMeServicesIntoFiltersRequiringIt(ConfigurableListableBeanFactory beanFactory) { |
|
|
|
Map beans = beanFactory.getBeansOfType(RememberMeServices.class); |
|
|
|
Map beans = beanFactory.getBeansOfType(RememberMeServices.class); |
|
|
|
@ -148,6 +148,10 @@ public class HttpSecurityConfigPostProcessor implements BeanFactoryPostProcessor |
|
|
|
} else { |
|
|
|
} else { |
|
|
|
throw new SecurityConfigurationException("More than one RememberMeServices bean found."); |
|
|
|
throw new SecurityConfigurationException("More than one RememberMeServices bean found."); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if (rememberMeServices == null) { |
|
|
|
|
|
|
|
return; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
// Address AbstractProcessingFilter instances
|
|
|
|
// Address AbstractProcessingFilter instances
|
|
|
|
Iterator filters = beanFactory.getBeansOfType(AbstractProcessingFilter.class).values().iterator(); |
|
|
|
Iterator filters = beanFactory.getBeansOfType(AbstractProcessingFilter.class).values().iterator(); |
|
|
|
@ -155,10 +159,8 @@ public class HttpSecurityConfigPostProcessor implements BeanFactoryPostProcessor |
|
|
|
while (filters.hasNext()) { |
|
|
|
while (filters.hasNext()) { |
|
|
|
AbstractProcessingFilter filter = (AbstractProcessingFilter) filters.next(); |
|
|
|
AbstractProcessingFilter filter = (AbstractProcessingFilter) filters.next(); |
|
|
|
|
|
|
|
|
|
|
|
if (rememberMeServices != null) { |
|
|
|
logger.info("Using RememberMeServices " + rememberMeServices + " with filter " + filter); |
|
|
|
logger.info("Using RememberMeServices " + rememberMeServices + " with filter " + filter); |
|
|
|
filter.setRememberMeServices(rememberMeServices); |
|
|
|
filter.setRememberMeServices(rememberMeServices); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
// Address BasicProcessingFilter instance, if it exists
|
|
|
|
// Address BasicProcessingFilter instance, if it exists
|
|
|
|
@ -166,13 +168,12 @@ public class HttpSecurityConfigPostProcessor implements BeanFactoryPostProcessor |
|
|
|
// Most of the time a user won't present such a parameter with their BASIC authentication request.
|
|
|
|
// Most of the time a user won't present such a parameter with their BASIC authentication request.
|
|
|
|
// In the future we might support setting the AbstractRememberMeServices.alwaysRemember = true, but I am reluctant to
|
|
|
|
// In the future we might support setting the AbstractRememberMeServices.alwaysRemember = true, but I am reluctant to
|
|
|
|
// do so because it seems likely to lead to lower security for 99.99% of users if they set the property to true.
|
|
|
|
// do so because it seems likely to lead to lower security for 99.99% of users if they set the property to true.
|
|
|
|
BasicProcessingFilter filter = (BasicProcessingFilter) getBeanOfType(BasicProcessingFilter.class, beanFactory); |
|
|
|
if (beanFactory.containsBean(BeanIds.BASIC_AUTHENTICATION_FILTER)) { |
|
|
|
|
|
|
|
BasicProcessingFilter filter = (BasicProcessingFilter) beanFactory.getBean(BeanIds.BASIC_AUTHENTICATION_FILTER); |
|
|
|
|
|
|
|
|
|
|
|
if (filter != null && rememberMeServices != null) { |
|
|
|
|
|
|
|
logger.info("Using RememberMeServices " + rememberMeServices + " with filter " + filter); |
|
|
|
logger.info("Using RememberMeServices " + rememberMeServices + " with filter " + filter); |
|
|
|
filter.setRememberMeServices(rememberMeServices); |
|
|
|
filter.setRememberMeServices(rememberMeServices); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
/** |
|
|
|
@ -281,14 +282,6 @@ public class HttpSecurityConfigPostProcessor implements BeanFactoryPostProcessor |
|
|
|
return orderedFilters; |
|
|
|
return orderedFilters; |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
private Object getBeanOfType(Class clazz, ConfigurableListableBeanFactory beanFactory) { |
|
|
|
|
|
|
|
Map beans = beanFactory.getBeansOfType(clazz); |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Assert.isTrue(beans.size() == 1, "Required a single bean of type " + clazz + " but found " + beans.size()); |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
return beans.values().toArray()[0]; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public int getOrder() { |
|
|
|
public int getOrder() { |
|
|
|
return HIGHEST_PRECEDENCE + 1; |
|
|
|
return HIGHEST_PRECEDENCE + 1; |
|
|
|
} |
|
|
|
} |
|
|
|
|
Luke Taylor
18 years ago