SEC-271: implemented Orderd interface in all the entrypoints

core/src/main/java/org/acegisecurity/ui/basicauth/BasicProcessingFilterEntryPoint.java

@@ -15,12 +15,6 @@
 
 package org.acegisecurity.ui.basicauth;
 
-import org.acegisecurity.AuthenticationException;
-
-import org.acegisecurity.ui.AuthenticationEntryPoint;
-
-import org.springframework.beans.factory.InitializingBean;
-
 import java.io.IOException;
 
 import javax.servlet.ServletException;
@@ -28,6 +22,11 @@ import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletResponse;
 
+import org.acegisecurity.AuthenticationException;
+import org.acegisecurity.ui.AuthenticationEntryPoint;
+import org.springframework.beans.factory.InitializingBean;
+import org.springframework.core.Ordered;
+
 
 /**
  * Used by the <code>SecurityEnforcementFilter</code> to commence authentication via the {@link
@@ -39,14 +38,23 @@ import javax.servlet.http.HttpServletResponse;
  * @author Ben Alex
  * @version $Id$
  */
-public class BasicProcessingFilterEntryPoint implements AuthenticationEntryPoint, InitializingBean {
+public class BasicProcessingFilterEntryPoint implements AuthenticationEntryPoint, InitializingBean, Ordered {
     //~ Instance fields ================================================================================================
 
     private String realmName;
+    private int order = Integer.MAX_VALUE; // ~ default
 
     //~ Methods ========================================================================================================
 
-    public void afterPropertiesSet() throws Exception {
+    public int getOrder() {
+		return order;
+	}
+
+	public void setOrder(int order) {
+		this.order = order;
+	}
+
+	public void afterPropertiesSet() throws Exception {
         if ((realmName == null) || "".equals(realmName)) {
             throw new IllegalArgumentException("realmName must be specified");
         }

core/src/main/java/org/acegisecurity/ui/cas/CasProcessingFilterEntryPoint.java

@@ -15,16 +15,7 @@
 
 package org.acegisecurity.ui.cas;
 
-import org.acegisecurity.AuthenticationException;
-
-import org.acegisecurity.ui.AuthenticationEntryPoint;
-
-import org.springframework.beans.factory.InitializingBean;
-
-import org.springframework.util.Assert;
-
 import java.io.IOException;
-
 import java.net.URLEncoder;
 
 import javax.servlet.ServletException;
@@ -33,6 +24,12 @@ import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.acegisecurity.AuthenticationException;
+import org.acegisecurity.ui.AuthenticationEntryPoint;
+import org.springframework.beans.factory.InitializingBean;
+import org.springframework.core.Ordered;
+import org.springframework.util.Assert;
+
 
 /**
  * Used by the <code>SecurityEnforcementFilter</code> to commence authentication via the JA-SIG Central
@@ -45,15 +42,24 @@ import javax.servlet.http.HttpServletResponse;
  * @author Ben Alex
  * @version $Id$
  */
-public class CasProcessingFilterEntryPoint implements AuthenticationEntryPoint, InitializingBean {
+public class CasProcessingFilterEntryPoint implements AuthenticationEntryPoint, InitializingBean, Ordered{
     //~ Instance fields ================================================================================================
 
     private ServiceProperties serviceProperties;
     private String loginUrl;
+    private int order = Integer.MAX_VALUE; // ~ default
 
     //~ Methods ========================================================================================================
 
-    public void afterPropertiesSet() throws Exception {
+    public int getOrder() {
+		return order;
+	}
+
+	public void setOrder(int order) {
+		this.order = order;
+	}
+
+	public void afterPropertiesSet() throws Exception {
         Assert.hasLength(this.loginUrl, "loginUrl must be specified");
         Assert.notNull(this.serviceProperties, "serviceProperties must be specified");
     }

core/src/main/java/org/acegisecurity/ui/digestauth/DigestProcessingFilterEntryPoint.java

@@ -15,23 +15,21 @@
 
 package org.acegisecurity.ui.digestauth;
 
-import org.acegisecurity.AuthenticationException;
+import java.io.IOException;
 
-import org.acegisecurity.ui.AuthenticationEntryPoint;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletResponse;
 
+import org.acegisecurity.AuthenticationException;
+import org.acegisecurity.ui.AuthenticationEntryPoint;
 import org.apache.commons.codec.binary.Base64;
 import org.apache.commons.codec.digest.DigestUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-
 import org.springframework.beans.factory.InitializingBean;
-
-import java.io.IOException;
-
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletResponse;
+import org.springframework.core.Ordered;
 
 
 /**
@@ -45,7 +43,7 @@ import javax.servlet.http.HttpServletResponse;
  * @author Ben Alex
  * @version $Id$
  */
-public class DigestProcessingFilterEntryPoint implements AuthenticationEntryPoint, InitializingBean {
+public class DigestProcessingFilterEntryPoint implements AuthenticationEntryPoint, InitializingBean, Ordered {
     //~ Static fields/initializers =====================================================================================
 
     private static final Log logger = LogFactory.getLog(DigestProcessingFilterEntryPoint.class);
@@ -55,10 +53,19 @@ public class DigestProcessingFilterEntryPoint implements AuthenticationEntryPoin
     private String key;
     private String realmName;
     private int nonceValiditySeconds = 300;
+    private int order = Integer.MAX_VALUE; // ~ default
 
     //~ Methods ========================================================================================================
 
-    public void afterPropertiesSet() throws Exception {
+    public int getOrder() {
+		return order;
+	}
+
+	public void setOrder(int order) {
+		this.order = order;
+	}
+
+	public void afterPropertiesSet() throws Exception {
         if ((realmName == null) || "".equals(realmName)) {
             throw new IllegalArgumentException("realmName must be specified");
         }

core/src/main/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilterEntryPoint.java

@@ -28,6 +28,7 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
 import org.springframework.beans.factory.InitializingBean;
+import org.springframework.core.Ordered;
 
 import org.springframework.util.Assert;
 
@@ -56,7 +57,7 @@ import javax.servlet.http.HttpServletResponse;
  * @author Omri Spector
  * @version $Id$
  */
-public class AuthenticationProcessingFilterEntryPoint implements AuthenticationEntryPoint, InitializingBean {
+public class AuthenticationProcessingFilterEntryPoint implements AuthenticationEntryPoint, InitializingBean, Ordered {
     //~ Static fields/initializers =====================================================================================
 
     private static final Log logger = LogFactory.getLog(AuthenticationProcessingFilterEntryPoint.class);
@@ -68,10 +69,11 @@ public class AuthenticationProcessingFilterEntryPoint implements AuthenticationE
     private String loginFormUrl;
     private boolean forceHttps = false;
     private boolean serverSideRedirect = false;
+    private int order = Integer.MAX_VALUE; // ~ default
 
     //~ Methods ========================================================================================================
 
-    public void afterPropertiesSet() throws Exception {
+	public void afterPropertiesSet() throws Exception {
         Assert.hasLength(loginFormUrl, "loginFormUrl must be specified");
         Assert.notNull(portMapper, "portMapper must be specified");
         Assert.notNull(portResolver, "portResolver must be specified");
@@ -221,5 +223,14 @@ public class AuthenticationProcessingFilterEntryPoint implements AuthenticationE
     public void setServerSideRedirect(boolean serverSideRedirect) {
         this.serverSideRedirect = serverSideRedirect;
     }
+    
+
+    public int getOrder() {
+		return order;
+	}
+
+	public void setOrder(int order) {
+		this.order = order;
+	}
 
 }

core/src/main/java/org/acegisecurity/ui/x509/X509ProcessingFilterEntryPoint.java

@@ -15,13 +15,6 @@
 
 package org.acegisecurity.ui.x509;
 
-import org.acegisecurity.AuthenticationException;
-
-import org.acegisecurity.ui.AuthenticationEntryPoint;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
 import java.io.IOException;
 
 import javax.servlet.ServletException;
@@ -29,45 +22,70 @@ import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletResponse;
 
+import org.acegisecurity.AuthenticationException;
+import org.acegisecurity.ui.AuthenticationEntryPoint;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.springframework.core.Ordered;
 
 /**
- * In the X.509 authentication case (unlike CAS, for example) the certificate will already have been extracted from
- * the request and a secure context established by the time the security-enforcement filter is invoked.<p>Therefore
- * this class isn't actually responsible for the commencement of authentication, as it is in the case of other
- * providers. It will be called if the certificate was rejected by Acegi's X509AuthenticationProvider, resulting in a
- * null authentication.</p>
- *  The <code>commence</code> method will always return an <code>HttpServletResponse.SC_FORBIDDEN</code> (403
- * error).
- *
+ * In the X.509 authentication case (unlike CAS, for example) the certificate
+ * will already have been extracted from the request and a secure context
+ * established by the time the security-enforcement filter is invoked.
+ * <p>
+ * Therefore this class isn't actually responsible for the commencement of
+ * authentication, as it is in the case of other providers. It will be called if
+ * the certificate was rejected by Acegi's X509AuthenticationProvider, resulting
+ * in a null authentication.
+ * </p>
+ * The <code>commence</code> method will always return an
+ * <code>HttpServletResponse.SC_FORBIDDEN</code> (403 error).
+ * 
  * @author Luke Taylor
- * @version $Id$
- *
+ * @version $Id: X509ProcessingFilterEntryPoint.java 1496 2006-05-23 13:38:33Z
+ * benalex $
+ * 
  * @see org.acegisecurity.ui.ExceptionTranslationFilter
  */
-public class X509ProcessingFilterEntryPoint implements AuthenticationEntryPoint {
-    //~ Static fields/initializers =====================================================================================
+public class X509ProcessingFilterEntryPoint implements AuthenticationEntryPoint, Ordered {
+	// ~ Static fields/initializers
+	// =====================================================================================
+
+	private static final Log logger = LogFactory.getLog(X509ProcessingFilterEntryPoint.class);
+
+	// ~ instance fields
+	// =====================================================================================
+	
+	private int order = Integer.MAX_VALUE; // ~ default
+
+	// ~ Methods
+	// ========================================================================================================
 
-    private static final Log logger = LogFactory.getLog(X509ProcessingFilterEntryPoint.class);
+	public int getOrder() {
+		return order;
+	}
 
-    //~ Methods ========================================================================================================
+	public void setOrder(int order) {
+		this.order = order;
+	}
 
-    /**
-     * Returns a 403 error code to the client.
-     *
-     * @param request DOCUMENT ME!
-     * @param response DOCUMENT ME!
-     * @param authException DOCUMENT ME!
-     *
-     * @throws IOException DOCUMENT ME!
-     * @throws ServletException DOCUMENT ME!
-     */
-    public void commence(ServletRequest request, ServletResponse response, AuthenticationException authException)
-        throws IOException, ServletException {
-        if (logger.isDebugEnabled()) {
-            logger.debug("X509 entry point called. Rejecting access");
-        }
+	/**
+	 * Returns a 403 error code to the client.
+	 * 
+	 * @param request DOCUMENT ME!
+	 * @param response DOCUMENT ME!
+	 * @param authException DOCUMENT ME!
+	 * 
+	 * @throws IOException DOCUMENT ME!
+	 * @throws ServletException DOCUMENT ME!
+	 */
+	public void commence(ServletRequest request, ServletResponse response, AuthenticationException authException)
+			throws IOException, ServletException {
+		if (logger.isDebugEnabled()) {
+			logger.debug("X509 entry point called. Rejecting access");
+		}
 
-        HttpServletResponse httpResponse = (HttpServletResponse) response;
-        httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN, "Access Denied");
-    }
+		HttpServletResponse httpResponse = (HttpServletResponse) response;
+		httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN, "Access Denied");
+	}
 }