Sākums Izpētīt Palīdzība
Reģistrēties Pierakstīties
github
/
spring-security
spogulis no https://github.com/spring-projects/spring-security
2
0
Atdalīts 0
Faili Problēmas 0 Vikivietne
Pārlūkot izejas kodu

SEC-726: Added entry-point-ref to <http> namespace element to allow customization of authentication process.

Luke Taylor 17 gadi atpakaļ
vecāks
f523cef578
revīzija
b1ae4922d2
2 mainītis faili ar 49 papildinājumiem un 25 dzēšanām
Dalītais skats Rādīt salīdzināšanas statistiku
  1. 11 0
      core/src/main/java/org/springframework/security/config/HttpSecurityBeanDefinitionParser.java
  2. 38 25
      core/src/test/java/org/springframework/security/config/HttpSecurityBeanDefinitionParserTests.java

+ 11 - 0
core/src/main/java/org/springframework/security/config/HttpSecurityBeanDefinitionParser.java
Parādīt failu 

@@ -45,6 +45,7 @@ import org.w3c.dom.Element;
 
  *
 
  * @author Luke Taylor
 
  * @author Ben Alex
 
+ * @since 2.0
 
  * @version $Id$
 
  */
 
 public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
 
@@ -91,6 +92,8 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
 
 
     static final String ATT_ACCESS_MGR = "access-decision-manager-ref";    
     static final String ATT_USER_SERVICE_REF = "user-service-ref";
 
+    
+    static final String ATT_ENTRY_POINT_REF = "entry-point-ref";
 
 
     public BeanDefinition parse(Element element, ParserContext parserContext) {
 
         BeanDefinitionRegistry registry = parserContext.getRegistry();
 
@@ -357,6 +360,14 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
 
         }
 
         
         // We need to establish the main entry point.
 
+        // First check if a custom entry point bean is set
 
+        String customEntryPoint = element.getAttribute(ATT_ENTRY_POINT_REF);
 
+        
+        if (StringUtils.hasText(customEntryPoint)) {
 
+            parserContext.getRegistry().registerAlias(customEntryPoint, BeanIds.MAIN_ENTRY_POINT);
 
+            return;
 
+        }
 
+        
         // Basic takes precedence if explicit element is used and no others are configured
 
         if (basicAuthElt != null && formLoginElt == null && openIDLoginElt == null) {
 
         	parserContext.getRegistry().registerAlias(BeanIds.BASIC_AUTHENTICATION_ENTRY_POINT, BeanIds.MAIN_ENTRY_POINT);

+ 38 - 25
core/src/test/java/org/springframework/security/config/HttpSecurityBeanDefinitionParserTests.java
Parādīt failu 

@@ -1,47 +1,48 @@
 
 package org.springframework.security.config;
 
 
+import static org.junit.Assert.assertEquals;
 
+import static org.junit.Assert.assertFalse;
 
+import static org.junit.Assert.assertNotNull;
 
+import static org.junit.Assert.assertTrue;
 
+import static org.junit.Assert.fail;
 
+
 
+import java.util.Iterator;
 
+import java.util.List;
 
+
 
+import org.junit.After;
 
+import org.junit.Test;
 
+import org.springframework.context.support.AbstractXmlApplicationContext;
 
+import org.springframework.mock.web.MockHttpServletRequest;
 
+import org.springframework.mock.web.MockHttpServletResponse;
 
+import org.springframework.mock.web.MockHttpSession;
 
+import org.springframework.security.ConfigAttributeDefinition;
 
+import org.springframework.security.MockAuthenticationEntryPoint;
 
+import org.springframework.security.MockFilterChain;
 
+import org.springframework.security.SecurityConfig;
 
 import org.springframework.security.concurrent.ConcurrentLoginException;
 
-import org.springframework.security.concurrent.ConcurrentSessionController;
 
 import org.springframework.security.concurrent.ConcurrentSessionControllerImpl;
 
 import org.springframework.security.concurrent.ConcurrentSessionFilter;
 
-import org.springframework.security.concurrent.SessionRegistryImpl;
 
 import org.springframework.security.context.HttpSessionContextIntegrationFilter;
 
-import org.springframework.security.intercept.web.FilterSecurityInterceptor;
 
-import org.springframework.security.intercept.web.FilterInvocationDefinitionSource;
 
 import org.springframework.security.intercept.web.FilterInvocation;
 
+import org.springframework.security.intercept.web.FilterInvocationDefinitionSource;
 
+import org.springframework.security.intercept.web.FilterSecurityInterceptor;
 
+import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
 
+import org.springframework.security.providers.anonymous.AnonymousProcessingFilter;
 
 import org.springframework.security.securechannel.ChannelProcessingFilter;
 
 import org.springframework.security.ui.ExceptionTranslationFilter;
 
 import org.springframework.security.ui.SessionFixationProtectionFilter;
 
 import org.springframework.security.ui.WebAuthenticationDetails;
 
-import org.springframework.security.ui.preauth.x509.X509PreAuthenticatedProcessingFilter;
 
 import org.springframework.security.ui.basicauth.BasicProcessingFilter;
 
 import org.springframework.security.ui.logout.LogoutFilter;
 
-import org.springframework.security.ui.rememberme.RememberMeProcessingFilter;
 
+import org.springframework.security.ui.preauth.x509.X509PreAuthenticatedProcessingFilter;
 
 import org.springframework.security.ui.rememberme.PersistentTokenBasedRememberMeServices;
 
+import org.springframework.security.ui.rememberme.RememberMeProcessingFilter;
 
 import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;
 
 import org.springframework.security.ui.webapp.DefaultLoginPageGeneratingFilter;
 
 import org.springframework.security.util.FilterChainProxy;
 
-import org.springframework.security.util.PortMapperImpl;
 
 import org.springframework.security.util.InMemoryXmlApplicationContext;
 
+import org.springframework.security.util.PortMapperImpl;
 
 import org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter;
 
-import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
 
-import org.springframework.security.providers.anonymous.AnonymousProcessingFilter;
 
-import org.springframework.security.Authentication;
 
-import org.springframework.security.MockFilterChain;
 
-import org.springframework.security.ConfigAttributeDefinition;
 
-import org.springframework.security.SecurityConfig;
 
-import org.springframework.beans.BeanUtils;
 
-import org.springframework.context.support.AbstractXmlApplicationContext;
 
-import org.springframework.mock.web.MockHttpServletRequest;
 
-import org.springframework.mock.web.MockHttpServletResponse;
 
-import org.springframework.mock.web.MockHttpSession;
 
-
 
-import static org.junit.Assert.*;
 
-import org.junit.Test;
 
-import org.junit.After;
 
-
 
-import java.util.Iterator;
 
-import java.util.List;
 
 
 /**
 
  * @author Luke Taylor
 
@@ -300,6 +301,18 @@ public class HttpSecurityBeanDefinitionParserTests {
 
         auth.setDetails(new WebAuthenticationDetails(req));
 
         seshController.checkAuthenticationAllowed(auth);
 
     }
 
+    
+    @Test
 
+    public void customEntryPointIsSupported() {
 
+        setContext(
 
+                "<http auto-config='true' entry-point-ref='entryPoint'/>" +
 
+                "<b:bean id='entryPoint' class='org.springframework.security.MockAuthenticationEntryPoint'>" +
 
+                "    <b:constructor-arg value='/customlogin'/>" +
 
+                "</b:bean>" + AUTH_PROVIDER_XML);
 
+        ExceptionTranslationFilter etf = (ExceptionTranslationFilter) getFilterChainProxy().getFilters("/someurl").get(9);
 
+        assertTrue("ExceptionTranslationFilter should be configured with custom entry point", 
+                etf.getAuthenticationEntryPoint() instanceof MockAuthenticationEntryPoint);
 
+    }
 
 
     @Test
 
     public void disablingSessionProtectionRemovesFilter() throws Exception {