SEC-1261: Convert FilterChainOrder to an enum (SecurityFilters).

config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java

@@ -1,6 +1,6 @@
 package org.springframework.security.config.http;
 
-import static org.springframework.security.config.http.FilterChainOrder.*;
+import static org.springframework.security.config.http.SecurityFilters.*;
 
 import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
@@ -565,11 +565,11 @@ final class AuthenticationConfigBuilder {
         }
 
         if (formFilter != null) {
-            filters.add(new OrderDecorator(formFilter, AUTHENTICATION_PROCESSING_FILTER));
+            filters.add(new OrderDecorator(formFilter, FORM_LOGIN_FILTER));
         }
 
         if (openIDFilter != null) {
-            filters.add(new OrderDecorator(openIDFilter, OPENID_PROCESSING_FILTER));
+            filters.add(new OrderDecorator(openIDFilter, OPENID_FILTER));
         }
 
         if (loginPageGenerationFilter != null) {
@@ -577,7 +577,7 @@ final class AuthenticationConfigBuilder {
         }
 
         if (basicFilter != null) {
-            filters.add(new OrderDecorator(basicFilter, BASIC_PROCESSING_FILTER));
+            filters.add(new OrderDecorator(basicFilter, BASIC_AUTH_FILTER));
         }
 
         filters.add(new OrderDecorator(etf, EXCEPTION_TRANSLATION_FILTER));

config/src/main/java/org/springframework/security/config/http/FilterChainOrder.java

@@ -1,78 +0,0 @@
-package org.springframework.security.config.http;
-
-import org.springframework.util.Assert;
-
-import java.util.Map;
-import java.util.LinkedHashMap;
-
-/**
- * Stores the default order numbers of all Spring Security filters for use in configuration.
- *
- * @author Luke Taylor
- * @version $Id$
- */
-abstract class FilterChainOrder {
-    /**
-     * The first position at which a Spring Security filter will be found. Any filter with an order less than this will
-     * be guaranteed to be placed before the Spring Security filters in the stack.
-     */
-    public static final int FILTER_CHAIN_FIRST = 0;
-    private static final int INTERVAL = 100;
-    private static int i = 1;
-
-    public static final int CHANNEL_FILTER              = FILTER_CHAIN_FIRST;
-    public static final int CONCURRENT_SESSION_FILTER   = FILTER_CHAIN_FIRST + INTERVAL * i++;
-    public static final int SECURITY_CONTEXT_FILTER     = FILTER_CHAIN_FIRST + INTERVAL * i++;
-    public static final int HTTP_SESSION_CONTEXT_FILTER = SECURITY_CONTEXT_FILTER;
-    public static final int LOGOUT_FILTER               = FILTER_CHAIN_FIRST + INTERVAL * i++;
-    public static final int X509_FILTER                 = FILTER_CHAIN_FIRST + INTERVAL * i++;
-    public static final int PRE_AUTH_FILTER             = FILTER_CHAIN_FIRST + INTERVAL * i++;
-    public static final int CAS_PROCESSING_FILTER       = FILTER_CHAIN_FIRST + INTERVAL * i++;
-    public static final int AUTHENTICATION_PROCESSING_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++;
-    public static final int OPENID_PROCESSING_FILTER    = FILTER_CHAIN_FIRST + INTERVAL * i++;
-    public static final int LOGIN_PAGE_FILTER           = FILTER_CHAIN_FIRST + INTERVAL * i++;
-    public static final int DIGEST_PROCESSING_FILTER     = FILTER_CHAIN_FIRST + INTERVAL * i++;
-    public static final int BASIC_PROCESSING_FILTER     = FILTER_CHAIN_FIRST + INTERVAL * i++;
-    public static final int REQUEST_CACHE_FILTER        = FILTER_CHAIN_FIRST + INTERVAL * i++;
-    public static final int SERVLET_API_SUPPORT_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++;
-    public static final int REMEMBER_ME_FILTER          = FILTER_CHAIN_FIRST + INTERVAL * i++;
-    public static final int ANONYMOUS_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++;
-    public static final int SESSION_FIXATION_FILTER     = FILTER_CHAIN_FIRST + INTERVAL * i++;
-    public static final int EXCEPTION_TRANSLATION_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++;
-    public static final int NTLM_FILTER                 = FILTER_CHAIN_FIRST + INTERVAL * i++;
-    public static final int FILTER_SECURITY_INTERCEPTOR = FILTER_CHAIN_FIRST + INTERVAL * i++;
-    public static final int SWITCH_USER_FILTER          = FILTER_CHAIN_FIRST + INTERVAL * i++;
-
-    private static final Map<String, Integer> filterNameToOrder = new LinkedHashMap<String, Integer>();
-
-    static {
-        filterNameToOrder.put("FIRST", new Integer(Integer.MIN_VALUE));
-        filterNameToOrder.put("CHANNEL_FILTER", new Integer(CHANNEL_FILTER));
-        filterNameToOrder.put("CONCURRENT_SESSION_FILTER", new Integer(CONCURRENT_SESSION_FILTER));
-        filterNameToOrder.put("LOGOUT_FILTER", new Integer(LOGOUT_FILTER));
-        filterNameToOrder.put("X509_FILTER", new Integer(X509_FILTER));
-        filterNameToOrder.put("PRE_AUTH_FILTER", new Integer(PRE_AUTH_FILTER));
-        filterNameToOrder.put("CAS_PROCESSING_FILTER", new Integer(CAS_PROCESSING_FILTER));
-        filterNameToOrder.put("AUTHENTICATION_PROCESSING_FILTER", new Integer(AUTHENTICATION_PROCESSING_FILTER));
-        filterNameToOrder.put("OPENID_PROCESSING_FILTER", new Integer(OPENID_PROCESSING_FILTER));
-        filterNameToOrder.put("BASIC_PROCESSING_FILTER", new Integer(BASIC_PROCESSING_FILTER));
-        filterNameToOrder.put("SERVLET_API_SUPPORT_FILTER", new Integer(SERVLET_API_SUPPORT_FILTER));
-        filterNameToOrder.put("REMEMBER_ME_FILTER", new Integer(REMEMBER_ME_FILTER));
-        filterNameToOrder.put("ANONYMOUS_FILTER", new Integer(ANONYMOUS_FILTER));
-        filterNameToOrder.put("EXCEPTION_TRANSLATION_FILTER", new Integer(EXCEPTION_TRANSLATION_FILTER));
-        filterNameToOrder.put("NTLM_FILTER", new Integer(NTLM_FILTER));
-        filterNameToOrder.put("SESSION_CONTEXT_INTEGRATION_FILTER", new Integer(HTTP_SESSION_CONTEXT_FILTER));
-        filterNameToOrder.put("FILTER_SECURITY_INTERCEPTOR", new Integer(FILTER_SECURITY_INTERCEPTOR));
-        filterNameToOrder.put("SWITCH_USER_FILTER", new Integer(SWITCH_USER_FILTER));
-        filterNameToOrder.put("LAST", new Integer(Integer.MAX_VALUE));
-    }
-
-    /** Allows filters to be used by name in the XSD file without explicit reference to Java constants */
-    public static int getOrder(String filterName) {
-        Integer order = filterNameToOrder.get(filterName);
-
-        Assert.notNull(order, "Unable to match filter name " + filterName);
-
-        return order.intValue();
-    }
-}

config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java

@@ -1,6 +1,6 @@
 package org.springframework.security.config.http;
 
-import static org.springframework.security.config.http.FilterChainOrder.*;
+import static org.springframework.security.config.http.SecurityFilters.*;
 import static org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.*;
 
 import java.util.ArrayList;
@@ -488,13 +488,11 @@ class HttpConfigurationBuilder {
         }
 
         if (sfpf != null) {
-            filters.add(new OrderDecorator(sfpf, SESSION_FIXATION_FILTER));
+            filters.add(new OrderDecorator(sfpf, SESSION_MANAGEMENT_FILTER));
         }
 
         filters.add(new OrderDecorator(fsi, FILTER_SECURITY_INTERCEPTOR));
 
         return filters;
     }
-
-
 }

config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java

@@ -1,6 +1,6 @@
 package org.springframework.security.config.http;
 
-import static org.springframework.security.config.http.FilterChainOrder.REQUEST_CACHE_FILTER;
+import static org.springframework.security.config.http.SecurityFilters.REQUEST_CACHE_FILTER;
 
 import java.util.ArrayList;
 import java.util.Collections;
@@ -231,13 +231,21 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
             }
 
             if (StringUtils.hasText(position)) {
-                customFilters.add(new OrderDecorator(bean, FilterChainOrder.getOrder(position)));
+                customFilters.add(new OrderDecorator(bean, SecurityFilters.valueOf(position)));
             } else if (StringUtils.hasText(after)) {
-                int order = FilterChainOrder.getOrder(after);
-                customFilters.add(new OrderDecorator(bean, order == Integer.MAX_VALUE ? order : order + 1));
+                SecurityFilters order = SecurityFilters.valueOf(after);
+                if (order == SecurityFilters.LAST) {
+                    customFilters.add(new OrderDecorator(bean, SecurityFilters.LAST));
+                } else {
+                    customFilters.add(new OrderDecorator(bean, order.getOrder() + 1));
+                }
             } else if (StringUtils.hasText(before)) {
-                int order = FilterChainOrder.getOrder(before);
-                customFilters.add(new OrderDecorator(bean, order == Integer.MIN_VALUE ? order : order - 1));
+                SecurityFilters order = SecurityFilters.valueOf(before);
+                if (order == SecurityFilters.FIRST) {
+                    customFilters.add(new OrderDecorator(bean, SecurityFilters.FIRST));
+                } else {
+                    customFilters.add(new OrderDecorator(bean, order.getOrder() - 1));
+                }
             }
         }
 
@@ -302,8 +310,12 @@ class OrderDecorator implements Ordered {
     BeanMetadataElement bean;
     int order;
 
+    public OrderDecorator(BeanMetadataElement bean, SecurityFilters filterOrder) {
+        this.bean = bean;
+        this.order = filterOrder.getOrder();
+    }
+
     public OrderDecorator(BeanMetadataElement bean, int order) {
-        super();
         this.bean = bean;
         this.order = order;
     }

config/src/main/java/org/springframework/security/config/http/SecurityFilters.java

@@ -0,0 +1,49 @@
+package org.springframework.security.config.http;
+
+
+/**
+ * Stores the default order numbers of all Spring Security filters for use in configuration.
+ *
+ * @author Luke Taylor
+ * @version $Id$
+ */
+
+enum SecurityFilters {
+    FIRST (Integer.MIN_VALUE),
+    CHANNEL_FILTER,
+    CONCURRENT_SESSION_FILTER,
+    SECURITY_CONTEXT_FILTER,
+    LOGOUT_FILTER,
+    X509_FILTER,
+    PRE_AUTH_FILTER,
+    CAS_FILTER,
+    FORM_LOGIN_FILTER,
+    OPENID_FILTER,
+    LOGIN_PAGE_FILTER,
+    DIGEST_AUTH_FILTER,
+    BASIC_AUTH_FILTER,
+    REQUEST_CACHE_FILTER,
+    SERVLET_API_SUPPORT_FILTER,
+    REMEMBER_ME_FILTER,
+    ANONYMOUS_FILTER,
+    SESSION_MANAGEMENT_FILTER,
+    EXCEPTION_TRANSLATION_FILTER,
+    FILTER_SECURITY_INTERCEPTOR,
+    SWITCH_USER_FILTER,
+    LAST (Integer.MAX_VALUE);
+
+    private static final int INTERVAL = 100;
+    private final int order;
+
+    private SecurityFilters() {
+        order = ordinal() * INTERVAL;
+    }
+
+    private SecurityFilters(int order) {
+        this.order = order;
+    }
+
+    public int getOrder() {
+       return order;
+    }
+}

config/src/main/resources/org/springframework/security/config/spring-security-3.0.rnc

@@ -616,6 +616,6 @@ position =
     attribute position {named-security-filter}
 
 
-named-security-filter = "FIRST" | "CHANNEL_FILTER" | "CONCURRENT_SESSION_FILTER" | "SESSION_CONTEXT_INTEGRATION_FILTER" | "LOGOUT_FILTER" | "X509_FILTER" | "PRE_AUTH_FILTER" | "CAS_PROCESSING_FILTER" | "AUTHENTICATION_PROCESSING_FILTER" | "OPENID_PROCESSING_FILTER" |"BASIC_PROCESSING_FILTER" | "SERVLET_API_SUPPORT_FILTER" | "REMEMBER_ME_FILTER" | "ANONYMOUS_FILTER" | "EXCEPTION_TRANSLATION_FILTER" | "NTLM_FILTER" | "FILTER_SECURITY_INTERCEPTOR" | "SWITCH_USER_FILTER" | "LAST"
+named-security-filter = "FIRST" | "CHANNEL_FILTER" | "CONCURRENT_SESSION_FILTER" | "SECURITY_CONTEXT_FILTER" | "LOGOUT_FILTER" | "X509_FILTER" | "PRE_AUTH_FILTER" | "CAS_FILTER" | "FORM_LOGIN_FILTER" | "OPENID_FILTER" |"BASIC_AUTH_FILTER" | "SERVLET_API_SUPPORT_FILTER" | "REMEMBER_ME_FILTER" | "ANONYMOUS_FILTER" | "EXCEPTION_TRANSLATION_FILTER" | "SESSION_MANAGEMENT_FILTER" | "FILTER_SECURITY_INTERCEPTOR" | "SWITCH_USER_FILTER" | "LAST"
     
     

config/src/main/resources/org/springframework/security/config/spring-security-3.0.xsd

@@ -1333,19 +1333,19 @@
       <xs:enumeration value="FIRST"/>
       <xs:enumeration value="CHANNEL_FILTER"/>
       <xs:enumeration value="CONCURRENT_SESSION_FILTER"/>
-      <xs:enumeration value="SESSION_CONTEXT_INTEGRATION_FILTER"/>
+      <xs:enumeration value="SECURITY_CONTEXT_FILTER"/>
       <xs:enumeration value="LOGOUT_FILTER"/>
       <xs:enumeration value="X509_FILTER"/>
       <xs:enumeration value="PRE_AUTH_FILTER"/>
-      <xs:enumeration value="CAS_PROCESSING_FILTER"/>
-      <xs:enumeration value="AUTHENTICATION_PROCESSING_FILTER"/>
-      <xs:enumeration value="OPENID_PROCESSING_FILTER"/>
-      <xs:enumeration value="BASIC_PROCESSING_FILTER"/>
+      <xs:enumeration value="CAS_FILTER"/>
+      <xs:enumeration value="FORM_LOGIN_FILTER"/>
+      <xs:enumeration value="OPENID_FILTER"/>
+      <xs:enumeration value="BASIC_AUTH_FILTER"/>
       <xs:enumeration value="SERVLET_API_SUPPORT_FILTER"/>
       <xs:enumeration value="REMEMBER_ME_FILTER"/>
       <xs:enumeration value="ANONYMOUS_FILTER"/>
       <xs:enumeration value="EXCEPTION_TRANSLATION_FILTER"/>
-      <xs:enumeration value="NTLM_FILTER"/>
+      <xs:enumeration value="SESSION_MANAGEMENT_FILTER"/>
       <xs:enumeration value="FILTER_SECURITY_INTERCEPTOR"/>
       <xs:enumeration value="SWITCH_USER_FILTER"/>
       <xs:enumeration value="LAST"/>

config/src/test/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParserTests.java

@@ -507,7 +507,7 @@ public class HttpSecurityBeanDefinitionParserTests {
                 "<http auto-config='true'>" +
                 "    <custom-filter position='FIRST' ref='userFilter1' />" +
                 "    <custom-filter after='LOGOUT_FILTER' ref='userFilter' />" +
-                "    <custom-filter before='SESSION_CONTEXT_INTEGRATION_FILTER' ref='userFilter3'/>" +
+                "    <custom-filter before='SECURITY_CONTEXT_FILTER' ref='userFilter3'/>" +
                 "</http>" + AUTH_PROVIDER_XML +
                 "<b:bean id='userFilter' class='"+ contextHolderFilterClass +"'/>" +
                 "<b:bean id='userFilter1' class='" + contextPersistenceFilterClass + "'/>" +