Strona główna Odkrywaj Pomoc
Zarejestruj się Zaloguj się
github
/
spring-security
kopia lustrzana https://github.com/spring-projects/spring-security
2
0
Forkuj 0
Pliki Problemy 0 Wiki
Przeglądaj źródła

Encapsulate extractPrincipalNameFromEmail property

This simplifies the logic when extracting the principal and allows
more flexibility in the future by allowing the format and regex to be
added as setters.
Rob Winch 2 miesięcy temu
rodzic
5f2efbea6a
commit
f690a7f3df
1 zmienionych plików z 18 dodań i 9 usunięć
Widok podzielony Pokaż statystyki zmian
  1. 18 9
      web/src/main/java/org/springframework/security/web/authentication/preauth/x509/SubjectX500PrincipalExtractor.java

+ 18 - 9
web/src/main/java/org/springframework/security/web/authentication/preauth/x509/SubjectX500PrincipalExtractor.java
Wyświetl plik 

@@ -39,29 +39,31 @@ import org.springframework.util.Assert;
 
  * format RFC1779 will be used: DN is extracted from EMAIlADDRESS.
 
  *
 
  * @author Max Batischev
 
+ * @author Rob Winch
 
  * @since 7.0
 
  */
 
 public final class SubjectX500PrincipalExtractor implements X509PrincipalExtractor, MessageSourceAware {
 
 
 	private final Log logger = LogFactory.getLog(getClass());
 
 
-	private MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
 
+	private static final Pattern EMAIL_SUBJECT_DN_PATTERN = Pattern.compile("OID.1.2.840.113549.1.9.1=(.*?)(?:,|$)",
 
+			Pattern.CASE_INSENSITIVE);
 
 
-	private boolean extractPrincipalNameFromEmail = false;
 
+	private static final Pattern CN_SUBJECT_DN_PATTERN = Pattern.compile("CN=(.*?)(?:,|$)", Pattern.CASE_INSENSITIVE);
 
 
-	private final Pattern cnSubjectDnPattern = Pattern.compile("CN=(.*?)(?:,|$)", Pattern.CASE_INSENSITIVE);
 
+	private MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
 
 
-	private final Pattern emailSubjectDnPattern = Pattern.compile("OID.1.2.840.113549.1.9.1=(.*?)(?:,|$)",
 
-			Pattern.CASE_INSENSITIVE);
 
+	private Pattern subjectDnPattern = CN_SUBJECT_DN_PATTERN;
 
+
 
+	private String x500PrincipalFormat = X500Principal.RFC2253;
 
 
 	@Override
 
 	public Object extractPrincipal(X509Certificate clientCert) {
 
 		Assert.notNull(clientCert, "clientCert cannot be null");
 
 		X500Principal principal = clientCert.getSubjectX500Principal();
 
-		String subjectDN = this.extractPrincipalNameFromEmail ? principal.getName("RFC1779") : principal.getName();
 
+		String subjectDN = principal.getName(this.x500PrincipalFormat);
 
 		this.logger.debug(LogMessage.format("Subject DN is '%s'", subjectDN));
 
-		Matcher matcher = this.extractPrincipalNameFromEmail ? this.emailSubjectDnPattern.matcher(subjectDN)
 
-				: this.cnSubjectDnPattern.matcher(subjectDN);
 
+		Matcher matcher = this.subjectDnPattern.matcher(subjectDN);
 
 		if (!matcher.find()) {
 
 			throw new BadCredentialsException(this.messages.getMessage("SubjectX500PrincipalExtractor.noMatching",
 
 					new Object[] { subjectDN }, "No matching pattern was found in subject DN: {0}"));
 
@@ -82,7 +84,14 @@ public final class SubjectX500PrincipalExtractor implements X509PrincipalExtract
 
 	 * @param extractPrincipalNameFromEmail whether to extract DN from EMAIlADDRESS
 
 	 */
 
 	public void setExtractPrincipalNameFromEmail(boolean extractPrincipalNameFromEmail) {
 
-		this.extractPrincipalNameFromEmail = extractPrincipalNameFromEmail;
 
+		if (extractPrincipalNameFromEmail) {
 
+			this.subjectDnPattern = EMAIL_SUBJECT_DN_PATTERN;
 
+			this.x500PrincipalFormat = X500Principal.RFC1779;
 
+		}
 
+		else {
 
+			this.subjectDnPattern = CN_SUBJECT_DN_PATTERN;
 
+			this.x500PrincipalFormat = X500Principal.RFC2253;
 
+		}
 
 	}
 
 
 }