Acasă Explorează Ajutor
Înregistrare Autentificare
github
/
spring-security
oglindă de https://github.com/spring-projects/spring-security
2
0
Bifurcare 0
Fisiere Probleme 0 Wiki
Răsfoiți Sursa

SEC-902: Changed Ntlm entry point to send 403 if no failure URL set

Luke Taylor 17 ani în urmă
părinte
130e70373f
comite
6409f140e0
1 a modificat fișierele cu 10 adăugiri și 9 ștergeri
Vizualizare divizată Arată Statisticile Diff
  1. 10 9
      ntlm/src/main/java/org/springframework/security/ui/ntlm/NtlmProcessingFilterEntryPoint.java

+ 10 - 9
ntlm/src/main/java/org/springframework/security/ui/ntlm/NtlmProcessingFilterEntryPoint.java
Vizualizați fișierul 

@@ -40,7 +40,7 @@ import javax.servlet.http.HttpServletResponse;
 
  * @author Edward Smith

  * @version $Id$

  */

-public class NtlmProcessingFilterEntryPoint implements AuthenticationEntryPoint, InitializingBean {

+public class NtlmProcessingFilterEntryPoint implements AuthenticationEntryPoint {

     //~ Static fields/initializers =====================================================================================

 

     private static final Log logger = LogFactory.getLog(NtlmProcessingFilterEntryPoint.class);

@@ -52,20 +52,13 @@ public class NtlmProcessingFilterEntryPoint implements AuthenticationEntryPoint,
 
 

 	//~ Methods ========================================================================================================

 

-	/**

-	 * Ensures an authentication failure URL has been provided in the bean

-	 * configuration file.

-	 */

-	public void afterPropertiesSet() throws Exception {

-		Assert.hasLength(authenticationFailureUrl, "authenticationFailureUrl must be specified");

-	}

-

 	/**

 	 * Sets the authentication failure URL.

 	 *

 	 * @param authenticationFailureUrl the authentication failure URL.

 	 */

 	public void setAuthenticationFailureUrl(String authenticationFailureUrl) {

+		Assert.hasLength(authenticationFailureUrl, "authenticationFailureUrl must be specified");

 		this.authenticationFailureUrl = authenticationFailureUrl;

 	}

 

@@ -102,6 +95,14 @@ public class NtlmProcessingFilterEntryPoint implements AuthenticationEntryPoint,
 
 			resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);

 			resp.setContentLength(0);

 			resp.flushBuffer();

+			

+			return;

+		}

+		

+		if (authenticationFailureUrl == null) {

+	        if (!response.isCommitted()) {

+	            ((HttpServletResponse) response).sendError(HttpServletResponse.SC_FORBIDDEN, authException.getMessage());

+	        }

 		} else {

 			String url = authenticationFailureUrl;

 			if (!url.startsWith("http://") && !url.startsWith("https://")) {