|
|
@@ -12,7 +12,6 @@
|
|
|
* See the License for the specific language governing permissions and
|
|
|
* limitations under the License.
|
|
|
*/
|
|
|
-
|
|
|
package net.sf.acegisecurity.ui.basicauth;
|
|
|
|
|
|
import net.sf.acegisecurity.Authentication;
|
|
|
@@ -46,13 +45,13 @@ import javax.servlet.http.HttpServletResponse;
|
|
|
/**
|
|
|
* Processes a HTTP request's BASIC authorization headers, putting the result
|
|
|
* into the <code>ContextHolder</code>.
|
|
|
- *
|
|
|
+ *
|
|
|
* <P>
|
|
|
* For a detailed background on what this filter is designed to process, refer
|
|
|
* to <A HREF="http://www.faqs.org/rfcs/rfc1945.html">RFC 1945, Section
|
|
|
* 11.1</A>. Any realm name presented in the HTTP request is ignored.
|
|
|
* </p>
|
|
|
- *
|
|
|
+ *
|
|
|
* <p>
|
|
|
* In summary, this filter is responsible for processing any request that has a
|
|
|
* HTTP request header of <code>Authorization</code> with an authentication
|
|
|
@@ -61,28 +60,28 @@ import javax.servlet.http.HttpServletResponse;
|
|
|
* "Aladdin" with password "open sesame" the following header would be
|
|
|
* presented:
|
|
|
* </p>
|
|
|
- *
|
|
|
+ *
|
|
|
* <p>
|
|
|
* <code>Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==</code>.
|
|
|
* </p>
|
|
|
- *
|
|
|
+ *
|
|
|
* <p>
|
|
|
* This filter can be used to provide BASIC authentication services to both
|
|
|
* remoting protocol clients (such as Hessian and SOAP) as well as standard
|
|
|
* user agents (such as Internet Explorer and Netscape).
|
|
|
* </p>
|
|
|
- *
|
|
|
+ *
|
|
|
* <P>
|
|
|
* If authentication is successful, the resulting {@link Authentication} object
|
|
|
* will be placed into the <code>ContextHolder</code>.
|
|
|
* </p>
|
|
|
- *
|
|
|
+ *
|
|
|
* <p>
|
|
|
* If authentication fails, an {@link AuthenticationEntryPoint} implementation
|
|
|
* is called. Usually this should be {@link BasicProcessingFilterEntryPoint},
|
|
|
* which will prompt the user to authenticate again via BASIC authentication.
|
|
|
* </p>
|
|
|
- *
|
|
|
+ *
|
|
|
* <P>
|
|
|
* Basic authentication is an attractive protocol because it is simple and
|
|
|
* widely deployed. However, it still transmits a password in clear text and
|
|
|
@@ -91,7 +90,7 @@ import javax.servlet.http.HttpServletResponse;
|
|
|
* authentication wherever possible. See {@link
|
|
|
* net.sf.acegisecurity.ui.digestauth.DigestProcessingFilter}.
|
|
|
* </p>
|
|
|
- *
|
|
|
+ *
|
|
|
* <P>
|
|
|
* <B>Do not use this class directly.</B> Instead configure
|
|
|
* <code>web.xml</code> to use the {@link
|
|
|
@@ -102,17 +101,10 @@ import javax.servlet.http.HttpServletResponse;
|
|
|
* @version $Id$
|
|
|
*/
|
|
|
public class BasicProcessingFilter implements Filter, InitializingBean {
|
|
|
- //~ Static fields/initializers =============================================
|
|
|
-
|
|
|
private static final Log logger = LogFactory.getLog(BasicProcessingFilter.class);
|
|
|
-
|
|
|
- //~ Instance fields ========================================================
|
|
|
-
|
|
|
private AuthenticationEntryPoint authenticationEntryPoint;
|
|
|
private AuthenticationManager authenticationManager;
|
|
|
|
|
|
- //~ Methods ================================================================
|
|
|
-
|
|
|
public void setAuthenticationEntryPoint(
|
|
|
AuthenticationEntryPoint authenticationEntryPoint) {
|
|
|
this.authenticationEntryPoint = authenticationEntryPoint;
|
|
|
@@ -138,7 +130,8 @@ public class BasicProcessingFilter implements Filter, InitializingBean {
|
|
|
"An AuthenticationEntryPoint is required");
|
|
|
}
|
|
|
|
|
|
- public void destroy() {}
|
|
|
+ public void destroy() {
|
|
|
+ }
|
|
|
|
|
|
public void doFilter(ServletRequest request, ServletResponse response,
|
|
|
FilterChain chain) throws IOException, ServletException {
|
|
|
@@ -174,7 +167,8 @@ public class BasicProcessingFilter implements Filter, InitializingBean {
|
|
|
|
|
|
UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username,
|
|
|
password);
|
|
|
- authRequest.setDetails(new WebAuthenticationDetails(httpRequest));
|
|
|
+ authRequest.setDetails(new WebAuthenticationDetails(httpRequest,
|
|
|
+ false));
|
|
|
|
|
|
Authentication authResult;
|
|
|
|
|
|
@@ -183,8 +177,8 @@ public class BasicProcessingFilter implements Filter, InitializingBean {
|
|
|
} catch (AuthenticationException failed) {
|
|
|
// Authentication failed
|
|
|
if (logger.isDebugEnabled()) {
|
|
|
- logger.debug("Authentication request for user: " + username
|
|
|
- + " failed: " + failed.toString());
|
|
|
+ logger.debug("Authentication request for user: " +
|
|
|
+ username + " failed: " + failed.toString());
|
|
|
}
|
|
|
|
|
|
SecurityContextHolder.getContext().setAuthentication(null);
|
|
|
@@ -195,7 +189,8 @@ public class BasicProcessingFilter implements Filter, InitializingBean {
|
|
|
|
|
|
// Authentication success
|
|
|
if (logger.isDebugEnabled()) {
|
|
|
- logger.debug("Authentication success: " + authResult.toString());
|
|
|
+ logger.debug("Authentication success: " +
|
|
|
+ authResult.toString());
|
|
|
}
|
|
|
|
|
|
SecurityContextHolder.getContext().setAuthentication(authResult);
|
|
|
@@ -204,5 +199,6 @@ public class BasicProcessingFilter implements Filter, InitializingBean {
|
|
|
chain.doFilter(request, response);
|
|
|
}
|
|
|
|
|
|
- public void init(FilterConfig arg0) throws ServletException {}
|
|
|
+ public void init(FilterConfig arg0) throws ServletException {
|
|
|
+ }
|
|
|
}
|
Ben Alex