Rename to RequestAttributeAuthenticationFilter

Rename EnvironmentVariableAuthenticationFilter to
RequestAttributeAuthenticationFilterTests

Polish gh-3978

web/src/main/java/org/springframework/security/web/authentication/preauth/EnvironmentVariableAuthenticationFilter.java → web/src/main/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilter.java

@@ -20,52 +20,53 @@ import javax.servlet.http.HttpServletRequest;
 import org.springframework.util.Assert;
 
 /**
- * A simple pre-authenticated filter which obtains the username from an environment variable, for
- * use with SSO systems such as Stanford WebAuth or Shibboleth.
+ * A simple pre-authenticated filter which obtains the username from request attributes,
+ * for use with SSO systems such as Stanford WebAuth or Shibboleth.
  * <p>
  * As with most pre-authenticated scenarios, it is essential that the external
  * authentication system is set up correctly as this filter does no authentication
  * whatsoever.
  * <p>
- * The property {@code principalEnvironmentVariable} is the name of the request environment variable
- * that contains the username. It defaults to "REMOTE_USER" for compatibility with WebAuth and Shibboleth.
+ * The property {@code principalEnvironmentVariable} is the name of the request attribute
+ * that contains the username. It defaults to "REMOTE_USER" for compatibility with WebAuth
+ * and Shibboleth.
  * <p>
- * If the environment variable is missing from the request, {@code getPreAuthenticatedPrincipal} will
- * throw an exception. You can override this behaviour by setting the
- * {@code exceptionIfVariableMissing} property.
+ * If the environment variable is missing from the request,
+ * {@code getPreAuthenticatedPrincipal} will throw an exception. You can override this
+ * behaviour by setting the {@code exceptionIfVariableMissing} property.
  *
  *
  * @author Milan Sevcik
  * @since 4.2
  */
-public class EnvironmentVariableAuthenticationFilter extends
-	AbstractPreAuthenticatedProcessingFilter {
+public class RequestAttributeAuthenticationFilter
+		extends AbstractPreAuthenticatedProcessingFilter {
 	private String principalEnvironmentVariable = "REMOTE_USER";
 	private String credentialsEnvironmentVariable;
 	private boolean exceptionIfVariableMissing = true;
 
 	/**
-	 * Read and returns the variable named by {@code principalEnvironmentVariable} from the
-	 * request.
+	 * Read and returns the variable named by {@code principalEnvironmentVariable} from
+	 * the request.
 	 *
-	 * @throws PreAuthenticatedCredentialsNotFoundException if the environment variable
-	 * is missing and {@code exceptionIfVariableMissing} is set to {@code true}.
+	 * @throws PreAuthenticatedCredentialsNotFoundException if the environment variable is
+	 * missing and {@code exceptionIfVariableMissing} is set to {@code true}.
 	 */
 	protected Object getPreAuthenticatedPrincipal(HttpServletRequest request) {
-		String principal = (String)request.getAttribute(principalEnvironmentVariable);
+		String principal = (String) request.getAttribute(principalEnvironmentVariable);
 
 		if (principal == null && exceptionIfVariableMissing) {
-			throw new PreAuthenticatedCredentialsNotFoundException(principalEnvironmentVariable
-				+ " variable not found in request.");
+			throw new PreAuthenticatedCredentialsNotFoundException(
+					principalEnvironmentVariable + " variable not found in request.");
 		}
 
 		return principal;
 	}
 
 	/**
-	 * Credentials aren't usually applicable, but if a {@code credentialsEnvironmentVariable} is
-	 * set, this will be read and used as the credentials value. Otherwise a dummy value
-	 * will be used.
+	 * Credentials aren't usually applicable, but if a
+	 * {@code credentialsEnvironmentVariable} is set, this will be read and used as the
+	 * credentials value. Otherwise a dummy value will be used.
 	 */
 	protected Object getPreAuthenticatedCredentials(HttpServletRequest request) {
 		if (credentialsEnvironmentVariable != null) {
@@ -77,13 +78,13 @@ public class EnvironmentVariableAuthenticationFilter extends
 
 	public void setPrincipalEnvironmentVariable(String principalEnvironmentVariable) {
 		Assert.hasText(principalEnvironmentVariable,
-			"principalEnvironmentVariable must not be empty or null");
+				"principalEnvironmentVariable must not be empty or null");
 		this.principalEnvironmentVariable = principalEnvironmentVariable;
 	}
 
 	public void setCredentialsEnvironmentVariable(String credentialsEnvironmentVariable) {
 		Assert.hasText(credentialsEnvironmentVariable,
-			"credentialsEnvironmentVariable must not be empty or null");
+				"credentialsEnvironmentVariable must not be empty or null");
 		this.credentialsEnvironmentVariable = credentialsEnvironmentVariable;
 	}
 

web/src/test/java/org/springframework/security/web/authentication/preauth/envvariable/EnvironmentVariableAuthenticationFilterTests.java → web/src/test/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilterTests.java

@@ -13,7 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.springframework.security.web.authentication.preauth.envvariable;
+package org.springframework.security.web.authentication.preauth;
 
 import static org.assertj.core.api.Assertions.*;
 import static org.mockito.Mockito.*;
@@ -30,13 +30,13 @@ import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.web.authentication.preauth.PreAuthenticatedCredentialsNotFoundException;
-import org.springframework.security.web.authentication.preauth.EnvironmentVariableAuthenticationFilter;
+import org.springframework.security.web.authentication.preauth.RequestAttributeAuthenticationFilter;
 
 /**
  *
  * @author Milan Sevcik
  */
-public class EnvironmentVariableAuthenticationFilterTests {
+public class RequestAttributeAuthenticationFilterTests {
 
 	@After
 	@Before
@@ -49,7 +49,7 @@ public class EnvironmentVariableAuthenticationFilterTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		MockFilterChain chain = new MockFilterChain();
-		EnvironmentVariableAuthenticationFilter filter = new EnvironmentVariableAuthenticationFilter();
+		RequestAttributeAuthenticationFilter filter = new RequestAttributeAuthenticationFilter();
 
 		filter.doFilter(request, response, chain);
 	}
@@ -60,13 +60,16 @@ public class EnvironmentVariableAuthenticationFilterTests {
 		request.setAttribute("REMOTE_USER", "cat");
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		MockFilterChain chain = new MockFilterChain();
-		EnvironmentVariableAuthenticationFilter filter = new EnvironmentVariableAuthenticationFilter();
+		RequestAttributeAuthenticationFilter filter = new RequestAttributeAuthenticationFilter();
 		filter.setAuthenticationManager(createAuthenticationManager());
 
 		filter.doFilter(request, response, chain);
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
-		assertThat(SecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo("cat");
-		assertThat(SecurityContextHolder.getContext().getAuthentication().getCredentials()).isEqualTo("N/A");
+		assertThat(SecurityContextHolder.getContext().getAuthentication().getName())
+				.isEqualTo("cat");
+		assertThat(
+				SecurityContextHolder.getContext().getAuthentication().getCredentials())
+						.isEqualTo("N/A");
 	}
 
 	@Test
@@ -75,13 +78,14 @@ public class EnvironmentVariableAuthenticationFilterTests {
 		request.setAttribute("myUsernameVariable", "wolfman");
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		MockFilterChain chain = new MockFilterChain();
-		EnvironmentVariableAuthenticationFilter filter = new EnvironmentVariableAuthenticationFilter();
+		RequestAttributeAuthenticationFilter filter = new RequestAttributeAuthenticationFilter();
 		filter.setAuthenticationManager(createAuthenticationManager());
 		filter.setPrincipalEnvironmentVariable("myUsernameVariable");
 
 		filter.doFilter(request, response, chain);
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
-		assertThat(SecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo("wolfman");
+		assertThat(SecurityContextHolder.getContext().getAuthentication().getName())
+				.isEqualTo("wolfman");
 	}
 
 	@Test
@@ -89,7 +93,7 @@ public class EnvironmentVariableAuthenticationFilterTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		MockFilterChain chain = new MockFilterChain();
-		EnvironmentVariableAuthenticationFilter filter = new EnvironmentVariableAuthenticationFilter();
+		RequestAttributeAuthenticationFilter filter = new RequestAttributeAuthenticationFilter();
 		filter.setAuthenticationManager(createAuthenticationManager());
 		filter.setCredentialsEnvironmentVariable("myCredentialsVariable");
 		request.setAttribute("REMOTE_USER", "cat");
@@ -97,7 +101,9 @@ public class EnvironmentVariableAuthenticationFilterTests {
 
 		filter.doFilter(request, response, chain);
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
-		assertThat(SecurityContextHolder.getContext().getAuthentication().getCredentials()).isEqualTo("catspassword");
+		assertThat(
+				SecurityContextHolder.getContext().getAuthentication().getCredentials())
+						.isEqualTo("catspassword");
 	}
 
 	@Test
@@ -105,7 +111,7 @@ public class EnvironmentVariableAuthenticationFilterTests {
 			throws Exception {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		EnvironmentVariableAuthenticationFilter filter = new EnvironmentVariableAuthenticationFilter();
+		RequestAttributeAuthenticationFilter filter = new RequestAttributeAuthenticationFilter();
 		filter.setAuthenticationManager(createAuthenticationManager());
 		filter.setCheckForPrincipalChanges(true);
 		request.setAttribute("REMOTE_USER", "cat");
@@ -116,7 +122,8 @@ public class EnvironmentVariableAuthenticationFilterTests {
 		Authentication dog = SecurityContextHolder.getContext().getAuthentication();
 		assertThat(dog).isNotNull();
 		assertThat(dog.getName()).isEqualTo("dog");
-		// Make sure authentication doesn't occur every time (i.e. if the variable *doesn't*
+		// Make sure authentication doesn't occur every time (i.e. if the variable
+		// *doesn't*
 		// change)
 		filter.setAuthenticationManager(mock(AuthenticationManager.class));
 		filter.doFilter(request, response, new MockFilterChain());
@@ -128,7 +135,7 @@ public class EnvironmentVariableAuthenticationFilterTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		MockFilterChain chain = new MockFilterChain();
-		EnvironmentVariableAuthenticationFilter filter = new EnvironmentVariableAuthenticationFilter();
+		RequestAttributeAuthenticationFilter filter = new RequestAttributeAuthenticationFilter();
 		filter.setAuthenticationManager(createAuthenticationManager());
 
 		filter.doFilter(request, response, chain);
@@ -140,7 +147,7 @@ public class EnvironmentVariableAuthenticationFilterTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		MockFilterChain chain = new MockFilterChain();
-		EnvironmentVariableAuthenticationFilter filter = new EnvironmentVariableAuthenticationFilter();
+		RequestAttributeAuthenticationFilter filter = new RequestAttributeAuthenticationFilter();
 		filter.setExceptionIfVariableMissing(false);
 		filter.setAuthenticationManager(createAuthenticationManager());
 		filter.doFilter(request, response, chain);
@@ -151,8 +158,8 @@ public class EnvironmentVariableAuthenticationFilterTests {
 	 */
 	private AuthenticationManager createAuthenticationManager() {
 		AuthenticationManager am = mock(AuthenticationManager.class);
-		when(am.authenticate(any(Authentication.class))).thenAnswer(
-				new Answer<Authentication>() {
+		when(am.authenticate(any(Authentication.class)))
+				.thenAnswer(new Answer<Authentication>() {
 					public Authentication answer(InvocationOnMock invocation)
 							throws Throwable {
 						return (Authentication) invocation.getArguments()[0];