Home Explore Help
Register Sign In
github
/
spring-security
mirror of https://github.com/spring-projects/spring-security
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

SEC-618: Move copyDetails method into ProviderManager and call it before checking with ConcurrentSessionController.

Luke Taylor 17 years ago
parent
89cde2507d
commit
2b0ee23396
2 changed files with 17 additions and 19 deletions
Split View Show Diff Stats
  1. 1 19
      core/src/main/java/org/acegisecurity/AbstractAuthenticationManager.java
  2. 16 0
      core/src/main/java/org/acegisecurity/providers/ProviderManager.java

+ 1 - 19
core/src/main/java/org/acegisecurity/AbstractAuthenticationManager.java
View File 

@@ -42,31 +42,13 @@ public abstract class AbstractAuthenticationManager implements AuthenticationMan
 
     public final Authentication authenticate(Authentication authRequest)
 
         throws AuthenticationException {
 
         try {
 
-            Authentication authResult = doAuthentication(authRequest);
 
-            copyDetails(authRequest, authResult);
 
-
 
-            return authResult;
 
+            return doAuthentication(authRequest);
 
         } catch (AuthenticationException e) {
 
             e.setAuthentication(authRequest);
 
             throw e;
 
         }
 
     }
 
 
-    /**
 
-     * Copies the authentication details from a source Authentication object to a destination one, provided the
 
-     * latter does not already have one set.
 
-     *
 
-     * @param source source authentication
 
-     * @param dest the destination authentication object
 
-     */
 
-    private void copyDetails(Authentication source, Authentication dest) {
 
-        if ((dest instanceof AbstractAuthenticationToken) && (dest.getDetails() == null)) {
 
-            AbstractAuthenticationToken token = (AbstractAuthenticationToken) dest;
 
-
 
-            token.setDetails(source.getDetails());
 
-        }
 
-    }
 
-
 
     /**
 
      * <p>Concrete implementations of this class override this method to provide the authentication service.</p>
 
      *  <p>The contract for this method is documented in the {@link

+ 16 - 0
core/src/main/java/org/acegisecurity/providers/ProviderManager.java
View File 

@@ -193,6 +193,7 @@ public class ProviderManager extends AbstractAuthenticationManager implements In
 
 
                 try {
 
                     result = provider.authenticate(authentication);
 
+                    copyDetails(authentication, result);
 
                     sessionController.checkAuthenticationAllowed(result);
 
                 } catch (AuthenticationException ae) {
 
                     lastException = ae;
 
@@ -245,6 +246,21 @@ public class ProviderManager extends AbstractAuthenticationManager implements In
 
         throw lastException;
 
     }
 
 
+    /**
 
+     * Copies the authentication details from a source Authentication object to a destination one, provided the
 
+     * latter does not already have one set.
 
+     *
 
+     * @param source source authentication
 
+     * @param dest the destination authentication object
 
+     */
 
+    private void copyDetails(Authentication source, Authentication dest) {
 
+        if ((dest instanceof AbstractAuthenticationToken) && (dest.getDetails() == null)) {
 
+            AbstractAuthenticationToken token = (AbstractAuthenticationToken) dest;
 
+
 
+            token.setDetails(source.getDetails());
 
+        }
 
+    }
 
+
 
     public List getProviders() {
 
         return this.providers;
 
     }