SEC-1160: Renaming of authentication filters and entry points and associated doc changes
This commit is contained in:
Luke Taylor
+5
-5
@@ -24,8 +24,8 @@ import org.springframework.security.web.access.ExceptionTranslationFilter;
|
||||
import org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource;
|
||||
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
|
||||
import org.springframework.security.web.authentication.AnonymousProcessingFilter;
|
||||
import org.springframework.security.web.authentication.AuthenticationProcessingFilter;
|
||||
import org.springframework.security.web.authentication.AuthenticationProcessingFilterEntryPoint;
|
||||
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationProcessingFilter;
|
||||
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
|
||||
import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;
|
||||
import org.springframework.security.web.authentication.www.BasicProcessingFilter;
|
||||
import org.springframework.security.web.context.SecurityContextPersistenceFilter;
|
||||
@@ -99,7 +99,7 @@ public class FilterChainProxyPostProcessor implements BeanPostProcessor, BeanFac
|
||||
*/
|
||||
private void checkFilterStack(List<Filter> filters) {
|
||||
checkForDuplicates(SecurityContextPersistenceFilter.class, filters);
|
||||
checkForDuplicates(AuthenticationProcessingFilter.class, filters);
|
||||
checkForDuplicates(UsernamePasswordAuthenticationProcessingFilter.class, filters);
|
||||
checkForDuplicates(SessionFixationProtectionFilter.class, filters);
|
||||
checkForDuplicates(BasicProcessingFilter.class, filters);
|
||||
checkForDuplicates(SecurityContextHolderAwareRequestFilter.class, filters);
|
||||
@@ -128,9 +128,9 @@ public class FilterChainProxyPostProcessor implements BeanPostProcessor, BeanFac
|
||||
private void checkLoginPageIsntProtected(FilterChainProxy fcp) {
|
||||
ExceptionTranslationFilter etf = (ExceptionTranslationFilter) beanFactory.getBean(BeanIds.EXCEPTION_TRANSLATION_FILTER);
|
||||
|
||||
if (etf.getAuthenticationEntryPoint() instanceof AuthenticationProcessingFilterEntryPoint) {
|
||||
if (etf.getAuthenticationEntryPoint() instanceof LoginUrlAuthenticationEntryPoint) {
|
||||
String loginPage =
|
||||
((AuthenticationProcessingFilterEntryPoint)etf.getAuthenticationEntryPoint()).getLoginFormUrl();
|
||||
((LoginUrlAuthenticationEntryPoint)etf.getAuthenticationEntryPoint()).getLoginFormUrl();
|
||||
List<Filter> filters = fcp.getFilters(loginPage);
|
||||
logger.info("Checking whether login URL '" + loginPage + "' is accessible with your configuration");
|
||||
|
||||
|
||||
+2
-2
@@ -7,7 +7,7 @@ import org.springframework.beans.factory.support.BeanDefinitionBuilder;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.beans.factory.xml.BeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
import org.springframework.security.web.authentication.AuthenticationProcessingFilterEntryPoint;
|
||||
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
|
||||
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
|
||||
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
|
||||
import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;
|
||||
@@ -117,7 +117,7 @@ public class FormLoginBeanDefinitionParser implements BeanDefinitionParser {
|
||||
}
|
||||
|
||||
BeanDefinitionBuilder entryPointBuilder =
|
||||
BeanDefinitionBuilder.rootBeanDefinition(AuthenticationProcessingFilterEntryPoint.class);
|
||||
BeanDefinitionBuilder.rootBeanDefinition(LoginUrlAuthenticationEntryPoint.class);
|
||||
entryPointBuilder.getRawBeanDefinition().setSource(source);
|
||||
entryPointBuilder.addPropertyValue("loginFormUrl", loginPage != null ? loginPage : DEF_LOGIN_PAGE);
|
||||
entryPointBean = (RootBeanDefinition) entryPointBuilder.getBeanDefinition();
|
||||
|
||||
+1
-1
@@ -110,7 +110,7 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
|
||||
|
||||
static final String OPEN_ID_AUTHENTICATION_PROCESSING_FILTER_CLASS = "org.springframework.security.openid.OpenIDAuthenticationProcessingFilter";
|
||||
static final String OPEN_ID_AUTHENTICATION_PROVIDER_CLASS = "org.springframework.security.openid.OpenIDAuthenticationProvider";
|
||||
static final String AUTHENTICATION_PROCESSING_FILTER_CLASS = "org.springframework.security.web.authentication.AuthenticationProcessingFilter";
|
||||
static final String AUTHENTICATION_PROCESSING_FILTER_CLASS = "org.springframework.security.web.authentication.UsernamePasswordAuthenticationProcessingFilter";
|
||||
|
||||
static final String EXPRESSION_FIMDS_CLASS = "org.springframework.security.web.access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource";
|
||||
static final String EXPRESSION_HANDLER_CLASS = "org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler";
|
||||
|
||||
+3
-3
@@ -9,7 +9,7 @@ import org.springframework.beans.factory.BeanFactory;
|
||||
import org.springframework.beans.factory.BeanFactoryAware;
|
||||
import org.springframework.beans.factory.ListableBeanFactory;
|
||||
import org.springframework.beans.factory.config.BeanPostProcessor;
|
||||
import org.springframework.security.web.authentication.AbstractProcessingFilter;
|
||||
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
|
||||
import org.springframework.security.web.authentication.RememberMeServices;
|
||||
import org.springframework.security.web.authentication.www.BasicProcessingFilter;
|
||||
import org.springframework.util.Assert;
|
||||
@@ -26,8 +26,8 @@ public class RememberMeServicesInjectionBeanPostProcessor implements BeanPostPro
|
||||
private ListableBeanFactory beanFactory;
|
||||
|
||||
public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException {
|
||||
if (bean instanceof AbstractProcessingFilter) {
|
||||
AbstractProcessingFilter pf = (AbstractProcessingFilter) bean;
|
||||
if (bean instanceof AbstractAuthenticationProcessingFilter) {
|
||||
AbstractAuthenticationProcessingFilter pf = (AbstractAuthenticationProcessingFilter) bean;
|
||||
|
||||
if (pf.getRememberMeServices() == null) {
|
||||
logger.info("Setting RememberMeServices on bean " + beanName);
|
||||
|
||||
+2
-2
@@ -11,7 +11,7 @@ import org.springframework.beans.factory.config.BeanPostProcessor;
|
||||
import org.springframework.security.authentication.concurrent.ConcurrentSessionController;
|
||||
import org.springframework.security.authentication.concurrent.ConcurrentSessionControllerImpl;
|
||||
import org.springframework.security.authentication.concurrent.SessionRegistry;
|
||||
import org.springframework.security.web.authentication.AbstractProcessingFilter;
|
||||
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
|
||||
import org.springframework.security.web.session.SessionFixationProtectionFilter;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
@@ -44,7 +44,7 @@ class SessionRegistryInjectionBeanPostProcessor implements BeanPostProcessor, Be
|
||||
public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException {
|
||||
if (BeanIds.FORM_LOGIN_FILTER.equals(beanName) ||
|
||||
BeanIds.OPEN_ID_FILTER.equals(beanName)) {
|
||||
((AbstractProcessingFilter) bean).setSessionRegistry(getSessionRegistry());
|
||||
((AbstractAuthenticationProcessingFilter) bean).setSessionRegistry(getSessionRegistry());
|
||||
} else if (BeanIds.SESSION_FIXATION_PROTECTION_FILTER.equals(beanName)) {
|
||||
((SessionFixationProtectionFilter)bean).setSessionRegistry(getSessionRegistry());
|
||||
}
|
||||
|
||||
+3
-3
@@ -1,7 +1,7 @@
|
||||
package org.springframework.security.config;
|
||||
|
||||
import org.springframework.security.web.authentication.Http403ForbiddenEntryPoint;
|
||||
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider;
|
||||
import org.springframework.security.web.authentication.preauth.PreAuthenticatedProcessingFilterEntryPoint;
|
||||
import org.springframework.security.web.authentication.preauth.x509.SubjectDnX509PrincipalExtractor;
|
||||
import org.springframework.security.web.authentication.preauth.x509.X509PreAuthenticatedProcessingFilter;
|
||||
import org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper;
|
||||
@@ -17,7 +17,7 @@ import org.w3c.dom.Element;
|
||||
|
||||
/**
|
||||
* Parses x509 element in namespace, registering an {@link X509PreAuthenticatedProcessingFilter} instance and a
|
||||
* {@link PreAuthenticatedProcessingFilterEntryPoint}.
|
||||
* {@link Http403ForbiddenEntryPoint}.
|
||||
*
|
||||
* @author Luke Taylor
|
||||
* @version $Id$
|
||||
@@ -29,7 +29,7 @@ public class X509BeanDefinitionParser implements BeanDefinitionParser {
|
||||
|
||||
public BeanDefinition parse(Element element, ParserContext parserContext) {
|
||||
BeanDefinitionBuilder filterBuilder = BeanDefinitionBuilder.rootBeanDefinition(X509PreAuthenticatedProcessingFilter.class);
|
||||
RootBeanDefinition entryPoint = new RootBeanDefinition(PreAuthenticatedProcessingFilterEntryPoint.class);
|
||||
RootBeanDefinition entryPoint = new RootBeanDefinition(Http403ForbiddenEntryPoint.class);
|
||||
|
||||
Object source = parserContext.extractSource(element);
|
||||
filterBuilder.getRawBeanDefinition().setSource(source);
|
||||
|
||||
+2
-2
@@ -35,7 +35,7 @@ import org.springframework.context.support.ClassPathXmlApplicationContext;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.security.web.FilterChainProxy;
|
||||
import org.springframework.security.web.authentication.AuthenticationProcessingFilter;
|
||||
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationProcessingFilter;
|
||||
import org.springframework.security.web.context.SecurityContextPersistenceFilter;
|
||||
import org.springframework.security.web.wrapper.SecurityContextHolderAwareRequestFilter;
|
||||
|
||||
@@ -131,7 +131,7 @@ public class FilterChainProxyConfigTests {
|
||||
filters = filterChainProxy.getFilters("/another/nonspecificmatch");
|
||||
assertEquals(3, filters.size());
|
||||
assertTrue(filters.get(0) instanceof SecurityContextPersistenceFilter);
|
||||
assertTrue(filters.get(1) instanceof AuthenticationProcessingFilter);
|
||||
assertTrue(filters.get(1) instanceof UsernamePasswordAuthenticationProcessingFilter);
|
||||
assertTrue(filters.get(2) instanceof SecurityContextHolderAwareRequestFilter);
|
||||
}
|
||||
|
||||
|
||||
+7
-7
@@ -45,8 +45,8 @@ import org.springframework.security.web.access.intercept.FilterInvocationSecurit
|
||||
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
|
||||
import org.springframework.security.web.authentication.AnonymousProcessingFilter;
|
||||
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
|
||||
import org.springframework.security.web.authentication.AuthenticationProcessingFilter;
|
||||
import org.springframework.security.web.authentication.AuthenticationProcessingFilterEntryPoint;
|
||||
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationProcessingFilter;
|
||||
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
|
||||
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
|
||||
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
|
||||
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
|
||||
@@ -92,7 +92,7 @@ public class HttpSecurityBeanDefinitionParserTests {
|
||||
public void beanClassNamesAreCorrect() throws Exception {
|
||||
assertEquals(DefaultWebSecurityExpressionHandler.class.getName(), EXPRESSION_HANDLER_CLASS);
|
||||
assertEquals(ExpressionBasedFilterInvocationSecurityMetadataSource.class.getName(), EXPRESSION_FIMDS_CLASS);
|
||||
assertEquals(AuthenticationProcessingFilter.class.getName(), AUTHENTICATION_PROCESSING_FILTER_CLASS);
|
||||
assertEquals(UsernamePasswordAuthenticationProcessingFilter.class.getName(), AUTHENTICATION_PROCESSING_FILTER_CLASS);
|
||||
assertEquals(OpenIDAuthenticationProcessingFilter.class.getName(), OPEN_ID_AUTHENTICATION_PROCESSING_FILTER_CLASS);
|
||||
assertEquals(OpenIDAuthenticationProvider.class.getName(), OPEN_ID_AUTHENTICATION_PROVIDER_CLASS);
|
||||
}
|
||||
@@ -122,7 +122,7 @@ public class HttpSecurityBeanDefinitionParserTests {
|
||||
assertTrue(filters.next() instanceof SecurityContextPersistenceFilter);
|
||||
assertTrue(filters.next() instanceof LogoutFilter);
|
||||
Object authProcFilter = filters.next();
|
||||
assertTrue(authProcFilter instanceof AuthenticationProcessingFilter);
|
||||
assertTrue(authProcFilter instanceof UsernamePasswordAuthenticationProcessingFilter);
|
||||
assertTrue(filters.next() instanceof DefaultLoginPageGeneratingFilter);
|
||||
assertTrue(filters.next() instanceof BasicProcessingFilter);
|
||||
assertTrue(filters.next() instanceof SecurityContextHolderAwareRequestFilter);
|
||||
@@ -190,7 +190,7 @@ public class HttpSecurityBeanDefinitionParserTests {
|
||||
" <form-login default-target-url='/default' always-use-default-target='true' />" +
|
||||
"</http>" + AUTH_PROVIDER_XML);
|
||||
// These will be matched by the default pattern "/**"
|
||||
AuthenticationProcessingFilter filter = (AuthenticationProcessingFilter) getFilters("/anything").get(1);
|
||||
UsernamePasswordAuthenticationProcessingFilter filter = (UsernamePasswordAuthenticationProcessingFilter) getFilters("/anything").get(1);
|
||||
assertEquals("/default", FieldUtils.getFieldValue(filter, "successHandler.defaultTargetUrl"));
|
||||
assertEquals(Boolean.TRUE, FieldUtils.getFieldValue(filter, "successHandler.alwaysUseDefaultTargetUrl"));
|
||||
}
|
||||
@@ -657,7 +657,7 @@ public class HttpSecurityBeanDefinitionParserTests {
|
||||
etf.getAuthenticationEntryPoint() instanceof MockEntryPoint);
|
||||
}
|
||||
|
||||
private static class MockEntryPoint extends AuthenticationProcessingFilterEntryPoint {
|
||||
private static class MockEntryPoint extends LoginUrlAuthenticationEntryPoint {
|
||||
public MockEntryPoint() {
|
||||
super.setLoginFormUrl("/notused");
|
||||
}
|
||||
@@ -861,7 +861,7 @@ public class HttpSecurityBeanDefinitionParserTests {
|
||||
"<b:bean id='sh' class='" + SavedRequestAwareAuthenticationSuccessHandler.class.getName() +"'/>" +
|
||||
"<b:bean id='fh' class='" + SimpleUrlAuthenticationFailureHandler.class.getName() + "'/>" +
|
||||
AUTH_PROVIDER_XML);
|
||||
AuthenticationProcessingFilter apf = (AuthenticationProcessingFilter) appContext.getBean(BeanIds.FORM_LOGIN_FILTER);
|
||||
UsernamePasswordAuthenticationProcessingFilter apf = (UsernamePasswordAuthenticationProcessingFilter) appContext.getBean(BeanIds.FORM_LOGIN_FILTER);
|
||||
AuthenticationSuccessHandler sh = (AuthenticationSuccessHandler) appContext.getBean("sh");
|
||||
AuthenticationFailureHandler fh = (AuthenticationFailureHandler) appContext.getBean("fh");
|
||||
assertSame(sh, FieldUtils.getFieldValue(apf, "successHandler"));
|
||||
|
||||
@@ -31,7 +31,7 @@ http://www.springframework.org/schema/security http://www.springframework.org/sc
|
||||
<!-- These are just here so we have filters of a specific type to check the ordering is as expected -->
|
||||
<bean id="sif" class="org.springframework.security.web.context.SecurityContextPersistenceFilter"/>
|
||||
|
||||
<bean id="apf" class="org.springframework.security.web.authentication.AuthenticationProcessingFilter">
|
||||
<bean id="apf" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationProcessingFilter">
|
||||
<property name="authenticationManager">
|
||||
<bean class="org.springframework.security.MockAuthenticationManager"/>
|
||||
</property>
|
||||
|
||||
Reference in New Issue
Block a user