Move port mapping functionality into separate classes to allow reuse. Permit implementations to override the source port (required given some browsers do not respond to HTTP redirects correctly).

core/src/main/java/org/acegisecurity/intercept/web/SecurityEnforcementFilter.java

@@ -18,6 +18,7 @@ package net.sf.acegisecurity.intercept.web;
 import net.sf.acegisecurity.AccessDeniedException;
 import net.sf.acegisecurity.AuthenticationException;
 import net.sf.acegisecurity.ui.AbstractProcessingFilter;
+import net.sf.acegisecurity.util.PortResolver;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
@@ -74,6 +75,10 @@ import javax.servlet.http.HttpServletResponse;
  * <code>AuthenticationException</code> is detected. Note that this may also
  * switch the current protocol from http to https for a an SSL login.
  * </li>
+ * <li>
+ * <code>portResolver</code> is used to determine the "real" port that a
+ * request was received on.
+ * </li>
  * </ul>
  * 
  * <P>
@@ -95,6 +100,7 @@ public class SecurityEnforcementFilter implements Filter, InitializingBean {
 
     private AuthenticationEntryPoint authenticationEntryPoint;
     private FilterSecurityInterceptor filterSecurityInterceptor;
+    private PortResolver portResolver;
 
     //~ Methods ================================================================
 
@@ -116,6 +122,14 @@ public class SecurityEnforcementFilter implements Filter, InitializingBean {
         return filterSecurityInterceptor;
     }
 
+    public void setPortResolver(PortResolver portResolver) {
+        this.portResolver = portResolver;
+    }
+
+    public PortResolver getPortResolver() {
+        return portResolver;
+    }
+
     public void afterPropertiesSet() throws Exception {
         if (authenticationEntryPoint == null) {
             throw new IllegalArgumentException(
@@ -126,6 +140,10 @@ public class SecurityEnforcementFilter implements Filter, InitializingBean {
             throw new IllegalArgumentException(
                 "filterSecurityInterceptor must be specified");
         }
+
+        if (portResolver == null) {
+            throw new IllegalArgumentException("portResolver must be specified");
+        }
     }
 
     public void destroy() {}
@@ -151,14 +169,31 @@ public class SecurityEnforcementFilter implements Filter, InitializingBean {
         } catch (AuthenticationException authentication) {
             HttpServletRequest httpRequest = (HttpServletRequest) request;
 
+            int port = portResolver.getServerPort(request);
+            boolean includePort = true;
+
+            if ("http".equals(request.getScheme().toLowerCase())
+                && (port == 80)) {
+                includePort = false;
+            }
+
+            if ("https".equals(request.getScheme().toLowerCase())
+                && (port == 443)) {
+                includePort = false;
+            }
+
+            String targetUrl = request.getScheme() + "://"
+                + request.getServerName() + ((includePort) ? (":" + port) : "")
+                + httpRequest.getContextPath() + fi.getRequestUrl();
+
             if (logger.isDebugEnabled()) {
                 logger.debug(
                     "Authentication failed - adding target URL to Session: "
-                    + fi.getFullRequestUrl());
+                    + targetUrl);
             }
 
             ((HttpServletRequest) request).getSession().setAttribute(AbstractProcessingFilter.ACEGI_SECURITY_TARGET_URL_KEY,
-                fi.getFullRequestUrl());
+                targetUrl);
             authenticationEntryPoint.commence(request, response);
         } catch (AccessDeniedException accessDenied) {
             if (logger.isDebugEnabled()) {

core/src/main/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilterEntryPoint.java

@@ -16,15 +16,16 @@
 package net.sf.acegisecurity.ui.webapp;
 
 import net.sf.acegisecurity.intercept.web.AuthenticationEntryPoint;
+import net.sf.acegisecurity.util.PortMapper;
+import net.sf.acegisecurity.util.PortResolver;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
 
 import org.springframework.beans.factory.InitializingBean;
 
 import java.io.IOException;
 
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.Map;
-
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
@@ -43,20 +44,11 @@ import javax.servlet.http.HttpServletResponse;
  * <p>
  * By setting the <em>forceHttps</em> property to true, you may configure the
  * class to force the protocol used for the login form to be
- * <code>https</code>, even if the original intercepted request for a resource
- * used the <code>http</code> protocol. When this happens, after a successful
- * login (via https), the original resource will still be accessed as http,
- * via the original request URL. For the forced https feature to work, the
- * class must have a valid mapping from an http port in the original request
- * to an https port for the login page (the same server name will be used,
- * only the scheme and port will be changed). By default, http requests to
- * port 80 will be mapped to login page https requests on port 443 (standard
- * https port), and port 8080 will be mapped to port 8443. These mappings may
- * be customized by setting the <em>httpsPortMappings</em> property. Any
- * intercepted http request on a port which does not have a mapping will
- * result in the protocol remaining as http. Any intercepted request which is
- * already https will always result in the login page being accessed as https,
- * regardless of the state of the  <em>forceHttps</em> property.
+ * <code>HTTPS</code>, even if the original intercepted request for a resource
+ * used the <code>HTTP</code> protocol. When this happens, after a successful
+ * login (via HTTPS), the original resource will still be accessed as HTTP,
+ * via the original request URL. For the forced HTTPS feature to work, the
+ * {@link PortMapper} is consulted to determine the HTTP:HTTPS pairs.
  * </p>
  *
  * @author Ben Alex
@@ -65,20 +57,17 @@ import javax.servlet.http.HttpServletResponse;
  */
 public class AuthenticationProcessingFilterEntryPoint
     implements AuthenticationEntryPoint, InitializingBean {
+    //~ Static fields/initializers =============================================
+
+    private static final Log logger = LogFactory.getLog(AuthenticationProcessingFilterEntryPoint.class);
+
     //~ Instance fields ========================================================
 
-    private HashMap httpsPortMappings;
+    private PortMapper portMapper;
+    private PortResolver portResolver;
     private String loginFormUrl;
     private boolean forceHttps = false;
 
-    //~ Constructors ===========================================================
-
-    public AuthenticationProcessingFilterEntryPoint() {
-        httpsPortMappings = new HashMap();
-        httpsPortMappings.put(new Integer(80), new Integer(443));
-        httpsPortMappings.put(new Integer(8080), new Integer(8443));
-    }
-
     //~ Methods ================================================================
 
     /**
@@ -88,8 +77,6 @@ public class AuthenticationProcessingFilterEntryPoint
      * <code>https</code>, then
      *
      * @param forceHttps
-     *
-     * @todo Generated comment
      */
     public void setForceHttps(boolean forceHttps) {
         this.forceHttps = forceHttps;
@@ -99,56 +86,6 @@ public class AuthenticationProcessingFilterEntryPoint
         return forceHttps;
     }
 
-    /**
-     * <p>
-     * Set to override the default http port to https port mappings of 80:443,
-     * and  8080:8443.
-     * </p>
-     * In a Spring XML ApplicationContext, a definition would look something
-     * like this:
-     * <pre>
-     *   &lt;property name="httpsPortMapping">
-     *     &lt;map>
-     *       &lt;entry key="80">&lt;value>443&lt;/value>&lt;/entry>
-     *       &lt;entry key="8080">&lt;value>8443&lt;/value>&lt;/entry>
-     *     &lt;/map>
-     *   &lt;/property>
-     * </pre>
-     *
-     * @param newMappings A Map consisting of String keys and String values,
-     *        where for each entry the key is the string representation of an
-     *        integer http port number, and the value is the string
-     *        representation of the corresponding integer https port number.
-     *
-     * @throws IllegalArgumentException if input map does not consist of String
-     *         keys and values, each representing an integer port number in
-     *         the range 1-65535 for that mapping.
-     */
-    public void setHttpsPortMappings(HashMap newMappings) {
-        httpsPortMappings.clear();
-
-        Iterator it = newMappings.entrySet().iterator();
-
-        while (it.hasNext()) {
-            Map.Entry entry = (Map.Entry) it.next();
-            Integer httpPort = new Integer((String) entry.getKey());
-            Integer httpsPort = new Integer((String) entry.getValue());
-
-            if ((httpPort.intValue() < 1) || (httpPort.intValue() > 65535)
-                || (httpsPort.intValue() < 1) || (httpsPort.intValue() > 65535)) {
-                throw new IllegalArgumentException(
-                    "one or both ports out of legal range: " + httpPort + ", "
-                    + httpsPort);
-            }
-
-            httpsPortMappings.put(httpPort, httpsPort);
-
-            if (httpsPortMappings.size() < 1) {
-                throw new IllegalArgumentException("must map at least one port");
-            }
-        }
-    }
-
     /**
      * The URL where the <code>AuthenticationProcessingFilter</code> login page
      * can be found. Should be relative to the web-app context path, and
@@ -164,40 +101,79 @@ public class AuthenticationProcessingFilterEntryPoint
         return loginFormUrl;
     }
 
+    public void setPortMapper(PortMapper portMapper) {
+        this.portMapper = portMapper;
+    }
+
+    public PortMapper getPortMapper() {
+        return portMapper;
+    }
+
+    public void setPortResolver(PortResolver portResolver) {
+        this.portResolver = portResolver;
+    }
+
+    public PortResolver getPortResolver() {
+        return portResolver;
+    }
+
     public void afterPropertiesSet() throws Exception {
         if ((loginFormUrl == null) || "".equals(loginFormUrl)) {
             throw new IllegalArgumentException("loginFormUrl must be specified");
         }
+
+        if (portMapper == null) {
+            throw new IllegalArgumentException("portMapper must be specified");
+        }
+
+        if (portResolver == null) {
+            throw new IllegalArgumentException("portResolver must be specified");
+        }
     }
 
     public void commence(ServletRequest request, ServletResponse response)
         throws IOException, ServletException {
         HttpServletRequest req = (HttpServletRequest) request;
+        String scheme = request.getScheme();
+        String serverName = request.getServerName();
+        int serverPort = portResolver.getServerPort(request);
         String contextPath = req.getContextPath();
 
-        String redirectUrl = contextPath + loginFormUrl;
+        boolean includePort = true;
+
+        if ("http".equals(scheme.toLowerCase()) && (serverPort == 80)) {
+            includePort = false;
+        }
+
+        if ("https".equals(scheme.toLowerCase()) && (serverPort == 443)) {
+            includePort = false;
+        }
+
+        String redirectUrl = scheme + "://" + serverName
+            + ((includePort) ? (":" + serverPort) : "") + contextPath
+            + loginFormUrl;
 
         if (forceHttps && req.getScheme().equals("http")) {
-            Integer httpPort = new Integer(req.getServerPort());
-            Integer httpsPort = (Integer) httpsPortMappings.get(httpPort);
+            Integer httpPort = new Integer(portResolver.getServerPort(request));
+            Integer httpsPort = (Integer) portMapper.lookupHttpsPort(httpPort);
 
             if (httpsPort != null) {
-                String serverName = req.getServerName();
-                redirectUrl = "https://" + serverName + ":" + httpsPort
-                    + contextPath + loginFormUrl;
+                if (httpsPort.intValue() == 443) {
+                    includePort = false;
+                } else {
+                    includePort = true;
+                }
+
+                redirectUrl = "https://" + serverName
+                    + ((includePort) ? (":" + httpsPort) : "") + contextPath
+                    + loginFormUrl;
             }
         }
 
-        ((HttpServletResponse) response).sendRedirect(redirectUrl);
-    }
+        if (logger.isDebugEnabled()) {
+            logger.debug("Redirecting to: " + redirectUrl);
+        }
 
-    /**
-     * Returns the translated (Integer -> Integer) version of the original port
-     * mapping specified via setHttpsPortMapping()
-     *
-     * @return DOCUMENT ME!
-     */
-    protected HashMap getTranslatedHttpsPortMappings() {
-        return httpsPortMappings;
+        ((HttpServletResponse) response).sendRedirect(redirectUrl);
     }
 }

core/src/main/java/org/acegisecurity/util/PortMapper.java

@@ -0,0 +1,54 @@
+/* Copyright 2004 Acegi Technology Pty Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package net.sf.acegisecurity.util;
+
+/**
+ * <code>PortMapper</code> implementations provide callers with information
+ * about which HTTP ports are associated with which HTTPS ports on the system,
+ * and vice versa.
+ *
+ * @author Ben Alex
+ * @version $Id$
+ */
+public interface PortMapper {
+    //~ Methods ================================================================
+
+    /**
+     * Locates the HTTP port associated with the specified HTTPS port.
+     * 
+     * <P>
+     * Returns <code>null</code> if unknown.
+     * </p>
+     *
+     * @param httpsPort
+     *
+     * @return the HTTP port or <code>null</code> if unknown
+     */
+    public Integer lookupHttpPort(Integer httpsPort);
+
+    /**
+     * Locates the HTTPS port associated with the specified HTTP port.
+     * 
+     * <P>
+     * Returns <code>null</code> if unknown.
+     * </p>
+     *
+     * @param httpPort
+     *
+     * @return the HTTPS port or <code>null</code> if unknown
+     */
+    public Integer lookupHttpsPort(Integer httpPort);
+}

core/src/main/java/org/acegisecurity/util/PortMapperImpl.java

@@ -0,0 +1,134 @@
+/* Copyright 2004 Acegi Technology Pty Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package net.sf.acegisecurity.util;
+
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Map;
+
+
+/**
+ * Concrete implementation of {@link PortMapper} that obtains HTTP:HTTPS pairs
+ * from the application context.
+ * 
+ * <P>
+ * By default the implementation will assume 80:443 and 8080:8443 are
+ * HTTP:HTTPS pairs respectively. If different pairs are required, use {@link
+ * #setPortMappings(Map)}.
+ * </p>
+ *
+ * @author Ben Alex
+ * @author colin sampaleanu
+ * @version $Id$
+ */
+public class PortMapperImpl implements PortMapper {
+    //~ Instance fields ========================================================
+
+    private Map httpsPortMappings;
+
+    //~ Constructors ===========================================================
+
+    public PortMapperImpl() {
+        httpsPortMappings = new HashMap();
+        httpsPortMappings.put(new Integer(80), new Integer(443));
+        httpsPortMappings.put(new Integer(8080), new Integer(8443));
+    }
+
+    //~ Methods ================================================================
+
+    /**
+     * <p>
+     * Set to override the default HTTP port to HTTPS port mappings of 80:443,
+     * and  8080:8443.
+     * </p>
+     * In a Spring XML ApplicationContext, a definition would look something
+     * like this:
+     * <pre>
+     *   &lt;property name="httpsPortMapping">
+     *     &lt;map>
+     *       &lt;entry key="80">&lt;value>443&lt;/value>&lt;/entry>
+     *       &lt;entry key="8080">&lt;value>8443&lt;/value>&lt;/entry>
+     *     &lt;/map>
+     *   &lt;/property>
+     * </pre>
+     *
+     * @param newMappings A Map consisting of String keys and String values,
+     *        where for each entry the key is the string representation of an
+     *        integer HTTP port number, and the value is the string
+     *        representation of the corresponding integer HTTPS port number.
+     *
+     * @throws IllegalArgumentException if input map does not consist of String
+     *         keys and values, each representing an integer port number in
+     *         the range 1-65535 for that mapping.
+     */
+    public void setPortMappings(Map newMappings) {
+        if (newMappings == null) {
+            throw new IllegalArgumentException(
+                "A valid list of HTTPS port mappings must be provided");
+        }
+
+        httpsPortMappings.clear();
+
+        Iterator it = newMappings.entrySet().iterator();
+
+        while (it.hasNext()) {
+            Map.Entry entry = (Map.Entry) it.next();
+            Integer httpPort = new Integer((String) entry.getKey());
+            Integer httpsPort = new Integer((String) entry.getValue());
+
+            if ((httpPort.intValue() < 1) || (httpPort.intValue() > 65535)
+                || (httpsPort.intValue() < 1) || (httpsPort.intValue() > 65535)) {
+                throw new IllegalArgumentException(
+                    "one or both ports out of legal range: " + httpPort + ", "
+                    + httpsPort);
+            }
+
+            httpsPortMappings.put(httpPort, httpsPort);
+        }
+
+        if (httpsPortMappings.size() < 1) {
+            throw new IllegalArgumentException("must map at least one port");
+        }
+    }
+
+    /**
+     * Returns the translated (Integer -> Integer) version of the original port
+     * mapping specified via setHttpsPortMapping()
+     *
+     * @return DOCUMENT ME!
+     */
+    public Map getTranslatedPortMappings() {
+        return httpsPortMappings;
+    }
+
+    public Integer lookupHttpPort(Integer httpsPort) {
+        Iterator iter = httpsPortMappings.keySet().iterator();
+
+        while (iter.hasNext()) {
+            Integer httpPort = (Integer) iter.next();
+
+            if (httpsPortMappings.get(httpPort).equals(httpsPort)) {
+                return httpPort;
+            }
+        }
+
+        return null;
+    }
+
+    public Integer lookupHttpsPort(Integer httpPort) {
+        return (Integer) httpsPortMappings.get(httpPort);
+    }
+}

core/src/main/java/org/acegisecurity/util/PortResolver.java

@@ -0,0 +1,46 @@
+/* Copyright 2004 Acegi Technology Pty Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package net.sf.acegisecurity.util;
+
+import javax.servlet.ServletRequest;
+
+
+/**
+ * A <code>PortResolver</code> determines the port a web request was received
+ * on.
+ * 
+ * <P>
+ * This interface is necessary because
+ * <code>ServletRequest.getServerPort()</code> may not return the correct port
+ * in certain circumstances. For example, if the browser does not construct
+ * the URL correctly after a redirect.
+ * </p>
+ *
+ * @author Ben Alex
+ * @version $Id$
+ */
+public interface PortResolver {
+    //~ Methods ================================================================
+
+    /**
+     * Indicates the port the <code>ServletRequest</code> was received on.
+     *
+     * @param request that the method should lookup the port for
+     *
+     * @return the port the request was received on
+     */
+    public int getServerPort(ServletRequest request);
+}

core/src/main/java/org/acegisecurity/util/PortResolverImpl.java

@@ -0,0 +1,92 @@
+/* Copyright 2004 Acegi Technology Pty Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package net.sf.acegisecurity.util;
+
+import org.springframework.beans.factory.InitializingBean;
+
+import javax.servlet.ServletRequest;
+
+
+/**
+ * Concrete implementation of {@link PortResolver} that obtains the port from
+ * <code>ServletRequest.getServerPort()</code>.
+ * 
+ * <P>
+ * If either the <code>alwaysHttpPort</code> or <code>alwaysHttpsPort</code>
+ * properties are set, these ports will be used <B>instead of</B> those
+ * obtained from the <code>ServletRequest.getServerPort()</code> method.
+ * Setting these properties will cause the
+ * <code>ServletRequest.getScheme()</code> method to be used to determine
+ * whether a request was HTTP or HTTPS, and then return the port defined by
+ * the <code>always[Scheme]Port</code> property. You can configure zero, one
+ * or both of these properties.
+ * </p>
+ *
+ * @author Ben Alex
+ * @version $Id$
+ */
+public class PortResolverImpl implements InitializingBean, PortResolver {
+    //~ Instance fields ========================================================
+
+    private int alwaysHttpPort = 0;
+    private int alwaysHttpsPort = 0;
+
+    //~ Methods ================================================================
+
+    public void setAlwaysHttpPort(int alwaysHttpPort) {
+        this.alwaysHttpPort = alwaysHttpPort;
+    }
+
+    public int getAlwaysHttpPort() {
+        return alwaysHttpPort;
+    }
+
+    public void setAlwaysHttpsPort(int alwaysHttpsPort) {
+        this.alwaysHttpsPort = alwaysHttpsPort;
+    }
+
+    public int getAlwaysHttpsPort() {
+        return alwaysHttpsPort;
+    }
+
+    public int getServerPort(ServletRequest request) {
+        if ("http".equals(request.getScheme().toLowerCase())
+            && (alwaysHttpPort != 0)) {
+            return alwaysHttpPort;
+        }
+
+        if ("https".equals(request.getScheme().toLowerCase())
+            && (alwaysHttpsPort != 0)) {
+            return alwaysHttpsPort;
+        }
+
+        return request.getServerPort();
+    }
+
+    public void afterPropertiesSet() throws Exception {
+        if ((alwaysHttpPort != 0)
+            && ((alwaysHttpPort > 65535) || (alwaysHttpPort < 0))) {
+            throw new IllegalArgumentException(
+                "alwaysHttpPort must be between 1 and 65535");
+        }
+
+        if ((alwaysHttpsPort != 0)
+            && ((alwaysHttpsPort > 65535) || (alwaysHttpsPort < 0))) {
+            throw new IllegalArgumentException(
+                "alwaysHttpsPort must be between 1 and 65535");
+        }
+    }
+}

core/src/test/java/org/acegisecurity/MockHttpServletRequest.java

@@ -53,13 +53,13 @@ public class MockHttpServletRequest implements HttpServletRequest {
     private Map paramMap = new HashMap();
     private Principal principal;
     private String contextPath = "";
+    private String pathInfo; // null for no extra path
     private String queryString = null;
     private String requestURL;
     private String scheme;
     private String serverName;
     private String servletPath;
     private int serverPort;
-    private String pathInfo;   // null for no extra path
 
     //~ Constructors ===========================================================
 
@@ -197,11 +197,10 @@ public class MockHttpServletRequest implements HttpServletRequest {
         throw new UnsupportedOperationException("mock method not implemented");
     }
 
-    
     public void setPathInfo(String pathInfo) {
         this.pathInfo = pathInfo;
     }
-    
+
     public String getPathInfo() {
         return pathInfo;
     }
@@ -283,7 +282,11 @@ public class MockHttpServletRequest implements HttpServletRequest {
     }
 
     public boolean isSecure() {
-        throw new UnsupportedOperationException("mock method not implemented");
+        if ("https".equals(scheme)) {
+            return true;
+        } else {
+            return false;
+        }
     }
 
     public void setServerName(String serverName) {

core/src/test/java/org/acegisecurity/MockPortResolver.java

@@ -0,0 +1,54 @@
+/* Copyright 2004 Acegi Technology Pty Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package net.sf.acegisecurity;
+
+import net.sf.acegisecurity.util.PortResolver;
+
+import javax.servlet.ServletRequest;
+
+
+/**
+ * Always returns the constructor-specified HTTP and HTTPS ports.
+ *
+ * @author Ben Alex
+ * @version $Id$
+ */
+public class MockPortResolver implements PortResolver {
+    //~ Instance fields ========================================================
+
+    private int http = 80;
+    private int https = 443;
+
+    //~ Constructors ===========================================================
+
+    public MockPortResolver(int http, int https) {
+        this.http = http;
+        this.https = https;
+    }
+
+    private MockPortResolver() {}
+
+    //~ Methods ================================================================
+
+    public int getServerPort(ServletRequest request) {
+        if ((request.getScheme() != null)
+            && request.getScheme().equals("https")) {
+            return https;
+        } else {
+            return http;
+        }
+    }
+}

core/src/test/java/org/acegisecurity/intercept/web/SecurityEnforcementFilterTests.java

@@ -23,6 +23,7 @@ import net.sf.acegisecurity.MockAuthenticationEntryPoint;
 import net.sf.acegisecurity.MockHttpServletRequest;
 import net.sf.acegisecurity.MockHttpServletResponse;
 import net.sf.acegisecurity.MockHttpSession;
+import net.sf.acegisecurity.MockPortResolver;
 import net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilter;
 
 import java.io.IOException;
@@ -120,6 +121,9 @@ public class SecurityEnforcementFilterTests extends TestCase {
         filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint(
                 "/login.jsp"));
         assertTrue(filter.getAuthenticationEntryPoint() != null);
+
+        filter.setPortResolver(new MockPortResolver(80, 443));
+        assertTrue(filter.getPortResolver() != null);
     }
 
     public void testRedirectedToLoginFormAndSessionShowsOriginalTargetWhenAuthenticationException()
@@ -128,6 +132,10 @@ public class SecurityEnforcementFilterTests extends TestCase {
         MockHttpServletRequest request = new MockHttpServletRequest(null,
                 new MockHttpSession());
         request.setServletPath("/secure/page.html");
+        request.setServerPort(80);
+        request.setScheme("http");
+        request.setServerName("www.example.com");
+        request.setContextPath("/mycontext");
         request.setRequestURL(
             "http://www.example.com/mycontext/secure/page.html");
 
@@ -143,15 +151,51 @@ public class SecurityEnforcementFilterTests extends TestCase {
         filter.setFilterSecurityInterceptor(interceptor);
         filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint(
                 "/login.jsp"));
+        filter.setPortResolver(new MockPortResolver(80, 443));
         filter.afterPropertiesSet();
 
         MockHttpServletResponse response = new MockHttpServletResponse();
         filter.doFilter(request, response, chain);
-        assertEquals("/login.jsp", response.getRedirect());
+        assertEquals("/mycontext/login.jsp", response.getRedirect());
         assertEquals("http://www.example.com/mycontext/secure/page.html",
             request.getSession().getAttribute(AuthenticationProcessingFilter.ACEGI_SECURITY_TARGET_URL_KEY));
     }
 
+    public void testRedirectedToLoginFormAndSessionShowsOriginalTargetWithExoticPortWhenAuthenticationException()
+        throws Exception {
+        // Setup our HTTP request
+        MockHttpServletRequest request = new MockHttpServletRequest(null,
+                new MockHttpSession());
+        request.setServletPath("/secure/page.html");
+        request.setServerPort(8080);
+        request.setScheme("http");
+        request.setServerName("www.example.com");
+        request.setContextPath("/mycontext");
+        request.setRequestURL(
+            "http://www.example.com:8080/mycontext/secure/page.html");
+
+        // Setup our expectation that the filter chain will not be invoked, as access is denied
+        MockFilterChain chain = new MockFilterChain(false);
+
+        // Setup the FilterSecurityInterceptor thrown an authentication failure exceptions
+        MockFilterSecurityInterceptor interceptor = new MockFilterSecurityInterceptor(false,
+                true);
+
+        // Test
+        SecurityEnforcementFilter filter = new SecurityEnforcementFilter();
+        filter.setFilterSecurityInterceptor(interceptor);
+        filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint(
+                "/login.jsp"));
+        filter.setPortResolver(new MockPortResolver(8080, 8443));
+        filter.afterPropertiesSet();
+
+        MockHttpServletResponse response = new MockHttpServletResponse();
+        filter.doFilter(request, response, chain);
+        assertEquals("/mycontext/login.jsp", response.getRedirect());
+        assertEquals("http://www.example.com:8080/mycontext/secure/page.html",
+            request.getSession().getAttribute(AuthenticationProcessingFilter.ACEGI_SECURITY_TARGET_URL_KEY));
+    }
+
     public void testStartupDetectsMissingAuthenticationEntryPoint()
         throws Exception {
         SecurityEnforcementFilter filter = new SecurityEnforcementFilter();
@@ -182,6 +226,22 @@ public class SecurityEnforcementFilterTests extends TestCase {
         }
     }
 
+    public void testStartupDetectsMissingPortResolver()
+        throws Exception {
+        SecurityEnforcementFilter filter = new SecurityEnforcementFilter();
+        filter.setFilterSecurityInterceptor(new MockFilterSecurityInterceptor(
+                false, false));
+        filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint(
+                "/login.jsp"));
+
+        try {
+            filter.afterPropertiesSet();
+            fail("Should have thrown IllegalArgumentException");
+        } catch (IllegalArgumentException expected) {
+            assertEquals("portResolver must be specified", expected.getMessage());
+        }
+    }
+
     public void testSuccessfulAccessGrant() throws Exception {
         // Setup our HTTP request
         MockHttpServletRequest request = new MockHttpServletRequest(null,

core/src/test/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilterEntryPointTests.java

@@ -19,8 +19,11 @@ import junit.framework.TestCase;
 
 import net.sf.acegisecurity.MockHttpServletRequest;
 import net.sf.acegisecurity.MockHttpServletResponse;
+import net.sf.acegisecurity.MockPortResolver;
+import net.sf.acegisecurity.util.PortMapperImpl;
 
 import java.util.HashMap;
+import java.util.Map;
 
 
 /**
@@ -43,6 +46,8 @@ public class AuthenticationProcessingFilterEntryPointTests extends TestCase {
 
     public void testDetectsMissingLoginFormUrl() throws Exception {
         AuthenticationProcessingFilterEntryPoint ep = new AuthenticationProcessingFilterEntryPoint();
+        ep.setPortMapper(new PortMapperImpl());
+        ep.setPortResolver(new MockPortResolver(80, 443));
 
         try {
             ep.afterPropertiesSet();
@@ -52,10 +57,45 @@ public class AuthenticationProcessingFilterEntryPointTests extends TestCase {
         }
     }
 
+    public void testDetectsMissingPortMapper() throws Exception {
+        AuthenticationProcessingFilterEntryPoint ep = new AuthenticationProcessingFilterEntryPoint();
+        ep.setLoginFormUrl("xxx");
+        ep.setPortResolver(new MockPortResolver(80, 443));
+
+        try {
+            ep.afterPropertiesSet();
+            fail("Should have thrown IllegalArgumentException");
+        } catch (IllegalArgumentException expected) {
+            assertEquals("portMapper must be specified", expected.getMessage());
+        }
+    }
+
+    public void testDetectsMissingPortResolver() throws Exception {
+        AuthenticationProcessingFilterEntryPoint ep = new AuthenticationProcessingFilterEntryPoint();
+        ep.setLoginFormUrl("xxx");
+        ep.setPortMapper(new PortMapperImpl());
+
+        try {
+            ep.afterPropertiesSet();
+            fail("Should have thrown IllegalArgumentException");
+        } catch (IllegalArgumentException expected) {
+            assertEquals("portResolver must be specified", expected.getMessage());
+        }
+    }
+
     public void testGettersSetters() {
         AuthenticationProcessingFilterEntryPoint ep = new AuthenticationProcessingFilterEntryPoint();
         ep.setLoginFormUrl("/hello");
+        ep.setPortMapper(new PortMapperImpl());
+        ep.setPortResolver(new MockPortResolver(8080, 8443));
         assertEquals("/hello", ep.getLoginFormUrl());
+        assertTrue(ep.getPortMapper() != null);
+        assertTrue(ep.getPortResolver() != null);
+
+        ep.setForceHttps(false);
+        assertFalse(ep.getForceHttps());
+        ep.setForceHttps(true);
+        assertTrue(ep.getForceHttps());
     }
 
     public void testHttpsOperation() throws Exception {
@@ -70,30 +110,40 @@ public class AuthenticationProcessingFilterEntryPointTests extends TestCase {
 
         AuthenticationProcessingFilterEntryPoint ep = new AuthenticationProcessingFilterEntryPoint();
         ep.setLoginFormUrl("/hello");
+        ep.setPortMapper(new PortMapperImpl());
         ep.setForceHttps(true);
+        ep.setPortMapper(new PortMapperImpl());
+        ep.setPortResolver(new MockPortResolver(80, 443));
         ep.afterPropertiesSet();
 
         ep.commence(request, response);
-        assertEquals("https://www.example.com:443/bigWebApp/hello",
+        assertEquals("https://www.example.com/bigWebApp/hello",
             response.getRedirect());
 
         request.setServerPort(8080);
+        ep.setPortResolver(new MockPortResolver(8080, 8443));
         ep.commence(request, response);
+        System.out.println(response.getRedirect());
         assertEquals("https://www.example.com:8443/bigWebApp/hello",
             response.getRedirect());
 
-        // check that unknown port leaves things as-is
+        // Now test an unusual custom HTTP:HTTPS is handled properly
         request.setServerPort(8888);
         ep.commence(request, response);
-        assertEquals("/bigWebApp/hello", response.getRedirect());
+        assertEquals("https://www.example.com:8443/bigWebApp/hello",
+            response.getRedirect());
+
+        PortMapperImpl portMapper = new PortMapperImpl();
+        Map map = new HashMap();
+        map.put("8888", "9999");
+        portMapper.setPortMappings(map);
 
         ep = new AuthenticationProcessingFilterEntryPoint();
         ep.setLoginFormUrl("/hello");
+        ep.setPortMapper(new PortMapperImpl());
         ep.setForceHttps(true);
-
-        HashMap map = new HashMap();
-        map.put("8888", "9999");
-        ep.setHttpsPortMappings(map);
+        ep.setPortMapper(portMapper);
+        ep.setPortResolver(new MockPortResolver(8888, 9999));
         ep.afterPropertiesSet();
 
         ep.commence(request, response);
@@ -104,50 +154,50 @@ public class AuthenticationProcessingFilterEntryPointTests extends TestCase {
     public void testNormalOperation() throws Exception {
         AuthenticationProcessingFilterEntryPoint ep = new AuthenticationProcessingFilterEntryPoint();
         ep.setLoginFormUrl("/hello");
+        ep.setPortMapper(new PortMapperImpl());
+        ep.setPortResolver(new MockPortResolver(80, 443));
+        ep.afterPropertiesSet();
 
         MockHttpServletRequest request = new MockHttpServletRequest(
                 "/some_path");
         request.setContextPath("/bigWebApp");
+        request.setScheme("http");
+        request.setServerName("www.example.com");
+        request.setContextPath("/bigWebApp");
+        request.setServerPort(80);
 
         MockHttpServletResponse response = new MockHttpServletResponse();
 
         ep.afterPropertiesSet();
         ep.commence(request, response);
-        assertEquals("/bigWebApp/hello", response.getRedirect());
+        assertEquals("http://www.example.com/bigWebApp/hello",
+            response.getRedirect());
     }
 
-    public void testSetSslPortMapping() {
+    public void testOperationWhenHttpsRequestsButHttpsPortUnknown()
+        throws Exception {
         AuthenticationProcessingFilterEntryPoint ep = new AuthenticationProcessingFilterEntryPoint();
-        HashMap map = new HashMap();
-
-        try {
-            ep.setHttpsPortMappings(map);
-        } catch (IllegalArgumentException expected) {
-            assertEquals("must map at least one port", expected.getMessage());
-        }
-
-        map.put(new Integer(0).toString(), new Integer(443).toString());
+        ep.setLoginFormUrl("/hello");
+        ep.setPortMapper(new PortMapperImpl());
+        ep.setPortResolver(new MockPortResolver(8888, 1234));
+        ep.setForceHttps(true);
+        ep.afterPropertiesSet();
 
-        try {
-            ep.setHttpsPortMappings(map);
-        } catch (IllegalArgumentException expected) {
-            assertTrue(expected.getMessage().startsWith("one or both ports out of legal range"));
-        }
+        MockHttpServletRequest request = new MockHttpServletRequest(
+                "/some_path");
+        request.setContextPath("/bigWebApp");
+        request.setScheme("http");
+        request.setServerName("www.example.com");
+        request.setContextPath("/bigWebApp");
+        request.setServerPort(8888); // NB: Port we can't resolve
 
-        map.clear();
-        map.put(new Integer(80).toString(), new Integer(100000).toString());
+        MockHttpServletResponse response = new MockHttpServletResponse();
 
-        try {
-            ep.setHttpsPortMappings(map);
-        } catch (IllegalArgumentException expected) {
-            assertTrue(expected.getMessage().startsWith("one or both ports out of legal range"));
-        }
+        ep.afterPropertiesSet();
+        ep.commence(request, response);
 
-        map.clear();
-        map.put(new Integer(80).toString(), new Integer(443).toString());
-        ep.setHttpsPortMappings(map);
-        map = ep.getTranslatedHttpsPortMappings();
-        assertTrue(map.size() == 1);
-        assertTrue(((Integer) map.get(new Integer(80))).equals(new Integer(443)));
+        // Response doesn't switch to HTTPS, as we didn't know HTTP port 8888 to HTTP port mapping
+        assertEquals("http://www.example.com:8888/bigWebApp/hello",
+            response.getRedirect());
     }
 }

core/src/test/java/org/acegisecurity/util/PortMapperImplTests.java

@@ -0,0 +1,120 @@
+/* Copyright 2004 Acegi Technology Pty Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package net.sf.acegisecurity.util;
+
+import junit.framework.TestCase;
+
+import java.util.HashMap;
+import java.util.Map;
+
+
+/**
+ * Tests {@link PortMapperImpl}.
+ *
+ * @author Ben Alex
+ * @version $Id$
+ */
+public class PortMapperImplTests extends TestCase {
+    //~ Constructors ===========================================================
+
+    public PortMapperImplTests() {
+        super();
+    }
+
+    public PortMapperImplTests(String arg0) {
+        super(arg0);
+    }
+
+    //~ Methods ================================================================
+
+    public final void setUp() throws Exception {
+        super.setUp();
+    }
+
+    public static void main(String[] args) {
+        junit.textui.TestRunner.run(PortMapperImplTests.class);
+    }
+
+    public void testDefaultMappingsAreKnown() throws Exception {
+        PortMapperImpl portMapper = new PortMapperImpl();
+        assertEquals(new Integer(80),
+            portMapper.lookupHttpPort(new Integer(443)));
+        assertEquals(new Integer(8080),
+            portMapper.lookupHttpPort(new Integer(8443)));
+        assertEquals(new Integer(443),
+            portMapper.lookupHttpsPort(new Integer(80)));
+        assertEquals(new Integer(8443),
+            portMapper.lookupHttpsPort(new Integer(8080)));
+    }
+
+    public void testDetectsEmptyMap() throws Exception {
+        PortMapperImpl portMapper = new PortMapperImpl();
+
+        try {
+            portMapper.setPortMappings(new HashMap());
+            fail("Should have thrown IllegalArgumentException");
+        } catch (IllegalArgumentException expected) {
+            assertTrue(true);
+        }
+    }
+
+    public void testDetectsNullMap() throws Exception {
+        PortMapperImpl portMapper = new PortMapperImpl();
+
+        try {
+            portMapper.setPortMappings(null);
+            fail("Should have thrown IllegalArgumentException");
+        } catch (IllegalArgumentException expected) {
+            assertTrue(true);
+        }
+    }
+
+    public void testGetTranslatedPortMappings() {
+        PortMapperImpl portMapper = new PortMapperImpl();
+        assertEquals(2, portMapper.getTranslatedPortMappings().size());
+    }
+
+    public void testRejectsOutOfRangeMappings() {
+        PortMapperImpl portMapper = new PortMapperImpl();
+        Map map = new HashMap();
+        map.put("79", "80559");
+
+        try {
+            portMapper.setPortMappings(map);
+            fail("Should have thrown IllegalArgumentException");
+        } catch (IllegalArgumentException expected) {
+            assertTrue(true);
+        }
+    }
+
+    public void testReturnsNullIfHttpPortCannotBeFound() {
+        PortMapperImpl portMapper = new PortMapperImpl();
+        assertTrue(portMapper.lookupHttpPort(new Integer("34343")) == null);
+    }
+
+    public void testSupportsCustomMappings() {
+        PortMapperImpl portMapper = new PortMapperImpl();
+        Map map = new HashMap();
+        map.put("79", "442");
+
+        portMapper.setPortMappings(map);
+
+        assertEquals(new Integer(79),
+            portMapper.lookupHttpPort(new Integer(442)));
+        assertEquals(new Integer(442),
+            portMapper.lookupHttpsPort(new Integer(79)));
+    }
+}

core/src/test/java/org/acegisecurity/util/PortResolverImplTests.java

@@ -0,0 +1,144 @@
+/* Copyright 2004 Acegi Technology Pty Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package net.sf.acegisecurity.util;
+
+import junit.framework.TestCase;
+
+import net.sf.acegisecurity.MockHttpServletRequest;
+
+
+/**
+ * Tests {@link PortResolverImpl}.
+ *
+ * @author Ben Alex
+ * @version $Id$
+ */
+public class PortResolverImplTests extends TestCase {
+    //~ Constructors ===========================================================
+
+    public PortResolverImplTests() {
+        super();
+    }
+
+    public PortResolverImplTests(String arg0) {
+        super(arg0);
+    }
+
+    //~ Methods ================================================================
+
+    public final void setUp() throws Exception {
+        super.setUp();
+    }
+
+    public static void main(String[] args) {
+        junit.textui.TestRunner.run(PortResolverImplTests.class);
+    }
+
+    public void testGettersSetters() throws Exception {
+        PortResolverImpl pr = new PortResolverImpl();
+        assertEquals(0, pr.getAlwaysHttpPort());
+        assertEquals(0, pr.getAlwaysHttpsPort());
+
+        pr.setAlwaysHttpPort(80);
+        pr.setAlwaysHttpsPort(443);
+        assertEquals(80, pr.getAlwaysHttpPort());
+        assertEquals(443, pr.getAlwaysHttpsPort());
+    }
+
+    public void testNormalOperation() throws Exception {
+        PortResolverImpl pr = new PortResolverImpl();
+        pr.afterPropertiesSet();
+
+        MockHttpServletRequest request = new MockHttpServletRequest("X");
+        request.setScheme("http");
+        request.setServerPort(1021);
+        assertEquals(1021, pr.getServerPort(request));
+    }
+
+    public void testOverridesHttp() throws Exception {
+        PortResolverImpl pr = new PortResolverImpl();
+        pr.setAlwaysHttpPort(495);
+        pr.afterPropertiesSet();
+
+        MockHttpServletRequest request = new MockHttpServletRequest("X");
+        request.setServerPort(7676);
+        request.setScheme("HTtP"); // proves case insensitive handling
+        assertEquals(495, pr.getServerPort(request));
+
+        request.setScheme("https");
+        assertEquals(7676, pr.getServerPort(request));
+    }
+
+    public void testOverridesHttps() throws Exception {
+        PortResolverImpl pr = new PortResolverImpl();
+        pr.setAlwaysHttpsPort(987);
+        pr.afterPropertiesSet();
+
+        MockHttpServletRequest request = new MockHttpServletRequest("X");
+        request.setServerPort(6949);
+        request.setScheme("HTtPs"); // proves case insensitive handling
+        assertEquals(987, pr.getServerPort(request));
+
+        request.setScheme("http");
+        assertEquals(6949, pr.getServerPort(request));
+    }
+
+    public void testRejectsOutOfRangeHttp() throws Exception {
+        PortResolverImpl pr = new PortResolverImpl();
+        pr.setAlwaysHttpPort(9999999);
+
+        try {
+            pr.afterPropertiesSet();
+            fail("Should have thrown IllegalArgumentException");
+        } catch (IllegalArgumentException expected) {
+            assertEquals("alwaysHttpPort must be between 1 and 65535",
+                expected.getMessage());
+        }
+
+        pr.setAlwaysHttpPort(-49);
+
+        try {
+            pr.afterPropertiesSet();
+            fail("Should have thrown IllegalArgumentException");
+        } catch (IllegalArgumentException expected) {
+            assertEquals("alwaysHttpPort must be between 1 and 65535",
+                expected.getMessage());
+        }
+    }
+
+    public void testRejectsOutOfRangeHttps() throws Exception {
+        PortResolverImpl pr = new PortResolverImpl();
+        pr.setAlwaysHttpsPort(9999999);
+
+        try {
+            pr.afterPropertiesSet();
+            fail("Should have thrown IllegalArgumentException");
+        } catch (IllegalArgumentException expected) {
+            assertEquals("alwaysHttpsPort must be between 1 and 65535",
+                expected.getMessage());
+        }
+
+        pr.setAlwaysHttpsPort(-49);
+
+        try {
+            pr.afterPropertiesSet();
+            fail("Should have thrown IllegalArgumentException");
+        } catch (IllegalArgumentException expected) {
+            assertEquals("alwaysHttpsPort must be between 1 and 65535",
+                expected.getMessage());
+        }
+    }
+}