SEC-1406: Create a DelegatingAuthenticationEntryPoint

web/src/main/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPoint.java

@@ -26,13 +26,32 @@ import javax.servlet.http.HttpServletResponse;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.security.web.util.ELRequestMatcher;
 import org.springframework.security.web.util.RequestMatcher;
+import org.springframework.security.web.util.RequestMatcherEditor;
 import org.springframework.util.Assert;
 
 /**
  * An AuthenticationEntryPoint which selects a concrete EntryPoint based on a
  * RequestMatcher evaluation.
  * 
+ * <p>A configuration might look like this:</p>
+ * 
+ * <pre>
+ * &lt;bean id=&quot;daep&quot; class=&quot;org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint&quot;&gt;
+ *     &lt;constructor-arg&gt;
+ *         &lt;map&gt;
+ *             &lt;entry key=&quot;hasIpAddress('192.168.1.0/24') and hasHeader('User-Agent','Mozilla')&quot; value-ref=&quot;firstAEP&quot; /&gt;
+ *             &lt;entry key=&quot;hasHeader('User-Agent','MSIE')&quot; value-ref=&quot;secondAEP&quot; /&gt; 
+ *         &lt;/map&gt;
+ *     &lt;/constructor-arg&gt;
+ *     &lt;property name=&quot;defaultEntryPoint&quot; ref=&quot;defaultAEP&quot;/&gt;
+ * &lt;/bean&gt;
+ * </pre>
+ * 
+ * This example uses the {@link RequestMatcherEditor} which creates {@link ELRequestMatcher} instances for the map keys.
+ * 
+ * 
  * @author Mike Wiesner
  * @since 3.0.2
  * @version $Id:$

web/src/main/java/org/springframework/security/web/util/ELRequestMatcher.java

@@ -23,8 +23,17 @@ import org.springframework.expression.Expression;
 import org.springframework.expression.spel.standard.SpelExpressionParser;
 import org.springframework.expression.spel.support.StandardEvaluationContext;
 import org.springframework.security.access.expression.ExpressionUtils;
+import org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint;
 
 /**
+ * A RequestMatcher implementation which uses a SpEL expression
+ * 
+ * <p>With the default EvalutationContext ({@link ELRequestMatcherContext}) you can use 
+ * <code>hasIpAdress()</code> and <code>hasHeader()</code></p> 
+ *   
+ * <p>See {@link DelegatingAuthenticationEntryPoint} for a example configuration.</p>
+ * 
+ * 
  * @author Mike Wiesner
  * @since 3.0.2
  * @version $Id:$

web/src/main/java/org/springframework/security/web/util/ELRequestMatcherContext.java

@@ -16,8 +16,6 @@
 package org.springframework.security.web.util;
 
 
-import java.util.List;
-
 import javax.servlet.http.HttpServletRequest;
 
 import org.springframework.util.StringUtils;

web/src/main/java/org/springframework/security/web/util/RequestMatcherEditor.java

@@ -0,0 +1,39 @@
+/*
+ * Copyright 2010 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.web.util;
+
+import java.beans.PropertyEditorSupport;
+
+import org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint;
+
+/**
+ * PropertyEditor which creates ELRequestMatcher instances from Strings
+ * 
+ * This allows to use a String in a BeanDefinition instead of an (inner) bean
+ * if a RequestMatcher is required, e.g. in {@link DelegatingAuthenticationEntryPoint}  
+ * 
+ * @author Mike Wiesner
+ * @since 3.0.2
+ */
+public class RequestMatcherEditor extends PropertyEditorSupport {
+    
+    @Override
+    public void setAsText(String text) throws IllegalArgumentException {
+        setValue(new ELRequestMatcher(text));
+    }
+
+}

web/src/test/java/org/springframework/security/web/authentication/DelegatinAuthenticationEntryPointContextTest.java

@@ -0,0 +1,62 @@
+package org.springframework.security.web.authentication;
+
+import static org.junit.Assert.*;
+import static org.mockito.Mockito.*;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.test.annotation.DirtiesContext;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration(locations = "classpath:org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointTest-context.xml")
+public class DelegatinAuthenticationEntryPointContextTest {
+
+    @Autowired
+    private DelegatingAuthenticationEntryPoint daep;
+
+    @Autowired
+    @Qualifier("firstAEP")
+    private AuthenticationEntryPoint firstAEP;
+
+    @Autowired
+    @Qualifier("defaultAEP")
+    private AuthenticationEntryPoint defaultAEP;
+
+    @Test
+    @DirtiesContext
+    public void testFirstAEP() throws Exception {
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        request.setRemoteAddr("192.168.1.10");
+        request.addHeader("User-Agent", "Mozilla/5.0");
+        daep.commence(request, null, null);
+        verify(firstAEP).commence(request, null, null);
+        verify(defaultAEP, never()).commence(any(HttpServletRequest.class), 
+                any(HttpServletResponse.class),
+                any(AuthenticationException.class));
+
+    }
+
+    @Test
+    @DirtiesContext
+    public void testDefaultAEP() throws Exception {
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        request.setRemoteAddr("192.168.1.10");
+        daep.commence(request, null, null);
+        verify(defaultAEP).commence(request, null, null);
+        verify(firstAEP, never()).commence(any(HttpServletRequest.class), 
+                any(HttpServletResponse.class),
+                any(AuthenticationException.class));
+
+    }
+
+}

web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointTest-context.xml

@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd">
+
+	<bean id="daep" class="org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint">
+		<constructor-arg>
+			<map>
+				<entry key="hasIpAddress('192.168.1.0/24') and hasHeader('User-Agent','Mozilla')" value-ref="firstAEP" />
+			</map>
+		</constructor-arg>
+		<property name="defaultEntryPoint" ref="defaultAEP"/>
+	</bean>
+	
+	<bean id="firstAEP" class="org.mockito.Mockito" factory-method="mock">
+		<constructor-arg value="org.springframework.security.web.AuthenticationEntryPoint"/>
+	</bean>
+	
+		
+	<bean id="defaultAEP" class="org.mockito.Mockito" factory-method="mock">
+		<constructor-arg value="org.springframework.security.web.AuthenticationEntryPoint"/>
+	</bean>
+
+	
+</beans>