SEC-1250: RequestHeaderPreAuthenticatedProcessingFilter cannot be use to fail back to another authentication type. Added exceptionIfHeaderMissing property.

This commit is contained in:
Luke Taylor
2009-10-08 16:37:53 +00:00
parent e398922f85
commit 0da99171da
2 changed files with 44 additions and 6 deletions

View File

@@ -23,7 +23,7 @@ import org.springframework.security.web.authentication.preauth.RequestHeaderAuth
* @author Luke Taylor
* @version $Id$
*/
public class RequestHeaderPreAuthenticatedProcessingFilterTests {
public class RequestHeaderAuthenticationFilterTests {
@After
@Before
@@ -108,6 +108,28 @@ public class RequestHeaderPreAuthenticatedProcessingFilterTests {
assertSame(dog, SecurityContextHolder.getContext().getAuthentication());
}
@Test(expected=PreAuthenticatedCredentialsNotFoundException.class)
public void missingHeaderCausesException() throws Exception {
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
MockFilterChain chain = new MockFilterChain();
RequestHeaderAuthenticationFilter filter = new RequestHeaderAuthenticationFilter();
filter.setAuthenticationManager(createAuthenticationManager());
filter.doFilter(request, response, chain);
}
@Test
public void missingHeaderIsIgnoredIfExceptionIfHeaderMissingIsFalse() throws Exception {
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
MockFilterChain chain = new MockFilterChain();
RequestHeaderAuthenticationFilter filter = new RequestHeaderAuthenticationFilter();
filter.setExceptionIfHeaderMissing(false);
filter.setAuthenticationManager(createAuthenticationManager());
filter.doFilter(request, response, chain);
}
/**
* Create an authentication manager which returns the passed in object.
*/