From 10e4d1fe1a4e16bf73307270cd1398999a855bb3 Mon Sep 17 00:00:00 2001 From: Luke Taylor Date: Fri, 12 Dec 2008 22:30:57 +0000 Subject: [PATCH] SEC-1058: Partial refactoring of AbstractProcessingFilter. It now uses the injected SuccssfulAuthenticationHandler strategy instead of managing everything itself. The default implementation is SavedRequestAwareSuccessfulAuthenticationHandler which encapsulates most of the filter's success logic along with the code which was previously in TargetUrlResolver. Removed TargetUrlResolver. --- .../config/FormLoginBeanDefinitionParser.java | 51 ++-- .../security/ui/AbstractProcessingFilter.java | 175 ++++---------- .../ui/AuthenticationSuccessHandler.java | 6 +- ...uestAwareAuthenticationSuccessHandler.java | 219 ++++++++++++++++++ .../security/ui/TargetUrlResolver.java | 40 ---- .../security/ui/TargetUrlResolverImpl.java | 120 ---------- ...HttpSecurityBeanDefinitionParserTests.java | 4 +- .../ui/AbstractProcessingFilterTests.java | 99 +++----- ...wareAuthenticationSuccessHandlerTests.java | 22 ++ .../security/util/filtertest-valid.xml | 3 +- .../OpenIDAuthenticationProcessingFilter.java | 3 +- ...IDAuthenticationProcessingFilterTests.java | 5 +- 12 files changed, 361 insertions(+), 386 deletions(-) create mode 100644 core/src/main/java/org/springframework/security/ui/SavedRequestAwareAuthenticationSuccessHandler.java delete mode 100644 core/src/main/java/org/springframework/security/ui/TargetUrlResolver.java delete mode 100644 core/src/main/java/org/springframework/security/ui/TargetUrlResolverImpl.java create mode 100644 core/src/test/java/org/springframework/security/ui/SavedRequestAwareAuthenticationSuccessHandlerTests.java diff --git a/core/src/main/java/org/springframework/security/config/FormLoginBeanDefinitionParser.java b/core/src/main/java/org/springframework/security/config/FormLoginBeanDefinitionParser.java index 06a8bad3f8..622640c0be 100644 --- a/core/src/main/java/org/springframework/security/config/FormLoginBeanDefinitionParser.java +++ b/core/src/main/java/org/springframework/security/config/FormLoginBeanDefinitionParser.java @@ -7,6 +7,7 @@ import org.springframework.beans.factory.support.BeanDefinitionBuilder; import org.springframework.beans.factory.support.RootBeanDefinition; import org.springframework.beans.factory.xml.BeanDefinitionParser; import org.springframework.beans.factory.xml.ParserContext; +import org.springframework.security.ui.SavedRequestAwareAuthenticationSuccessHandler; import org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint; import org.springframework.security.ui.webapp.DefaultLoginPageGeneratingFilter; import org.springframework.util.StringUtils; @@ -23,24 +24,26 @@ import org.apache.commons.logging.LogFactory; public class FormLoginBeanDefinitionParser implements BeanDefinitionParser { protected final Log logger = LogFactory.getLog(getClass()); - static final String ATT_LOGIN_URL = "login-processing-url"; + private static final String ATT_LOGIN_URL = "login-processing-url"; static final String ATT_LOGIN_PAGE = "login-page"; - static final String DEF_LOGIN_PAGE = DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL; + private static final String DEF_LOGIN_PAGE = DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL; - static final String ATT_FORM_LOGIN_TARGET_URL = "default-target-url"; - static final String ATT_ALWAYS_USE_DEFAULT_TARGET_URL = "always-use-default-target"; - static final String DEF_FORM_LOGIN_TARGET_URL = "/"; + private static final String ATT_FORM_LOGIN_TARGET_URL = "default-target-url"; + private static final String ATT_ALWAYS_USE_DEFAULT_TARGET_URL = "always-use-default-target"; + private static final String DEF_FORM_LOGIN_TARGET_URL = "/"; - static final String ATT_FORM_LOGIN_AUTHENTICATION_FAILURE_URL = "authentication-failure-url"; - static final String DEF_FORM_LOGIN_AUTHENTICATION_FAILURE_URL = DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL + "?" + DefaultLoginPageGeneratingFilter.ERROR_PARAMETER_NAME; + private static final String ATT_FORM_LOGIN_AUTHENTICATION_FAILURE_URL = "authentication-failure-url"; + private static final String DEF_FORM_LOGIN_AUTHENTICATION_FAILURE_URL = DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL + "?" + DefaultLoginPageGeneratingFilter.ERROR_PARAMETER_NAME; - String defaultLoginProcessingUrl; - String filterClassName; + private static final String ATT_SUCCESS_HANDLER_REF = "authentication-success-handler-ref"; - RootBeanDefinition filterBean; - RootBeanDefinition entryPointBean; - String loginPage; + private String defaultLoginProcessingUrl; + private String filterClassName; + + private RootBeanDefinition filterBean; + private RootBeanDefinition entryPointBean; + private String loginPage; FormLoginBeanDefinitionParser(String defaultLoginProcessingUrl, String filterClassName) { this.defaultLoginProcessingUrl = defaultLoginProcessingUrl; @@ -52,6 +55,7 @@ public class FormLoginBeanDefinitionParser implements BeanDefinitionParser { String defaultTargetUrl = null; String authenticationFailureUrl = null; String alwaysUseDefault = null; + String successHandlerRef = null; Object source = null; @@ -77,6 +81,7 @@ public class FormLoginBeanDefinitionParser implements BeanDefinitionParser { ConfigUtils.validateHttpRedirect(authenticationFailureUrl, pc, source); alwaysUseDefault = elt.getAttribute(ATT_ALWAYS_USE_DEFAULT_TARGET_URL); loginPage = elt.getAttribute(ATT_LOGIN_PAGE); + successHandlerRef = elt.getAttribute(ATT_SUCCESS_HANDLER_REF); if (!StringUtils.hasText(loginPage)) { loginPage = null; @@ -87,7 +92,8 @@ public class FormLoginBeanDefinitionParser implements BeanDefinitionParser { ConfigUtils.registerProviderManagerIfNecessary(pc); - filterBean = createFilterBean(loginUrl, defaultTargetUrl, alwaysUseDefault, loginPage, authenticationFailureUrl); + filterBean = createFilterBean(loginUrl, defaultTargetUrl, alwaysUseDefault, loginPage, authenticationFailureUrl, + successHandlerRef); filterBean.setSource(source); filterBean.getPropertyValues().addPropertyValue("authenticationManager", new RuntimeBeanReference(BeanIds.AUTHENTICATION_MANAGER)); @@ -117,7 +123,7 @@ public class FormLoginBeanDefinitionParser implements BeanDefinitionParser { } private RootBeanDefinition createFilterBean(String loginUrl, String defaultTargetUrl, String alwaysUseDefault, - String loginPage, String authenticationFailureUrl) { + String loginPage, String authenticationFailureUrl, String successHandlerRef) { BeanDefinitionBuilder filterBuilder = BeanDefinitionBuilder.rootBeanDefinition(filterClassName); @@ -125,18 +131,19 @@ public class FormLoginBeanDefinitionParser implements BeanDefinitionParser { loginUrl = defaultLoginProcessingUrl; } - if ("true".equals(alwaysUseDefault)) { - filterBuilder.addPropertyValue("alwaysUseDefaultTargetUrl", Boolean.TRUE); - } - filterBuilder.addPropertyValue("filterProcessesUrl", loginUrl); - if (!StringUtils.hasText(defaultTargetUrl)) { - defaultTargetUrl = DEF_FORM_LOGIN_TARGET_URL; + if (StringUtils.hasText(successHandlerRef)) { + filterBuilder.addPropertyReference("successHandler", successHandlerRef); + } else { + BeanDefinitionBuilder successHandler = BeanDefinitionBuilder.rootBeanDefinition(SavedRequestAwareAuthenticationSuccessHandler.class); + if ("true".equals(alwaysUseDefault)) { + successHandler.addPropertyValue("alwaysUseDefaultTargetUrl", Boolean.TRUE); + } + successHandler.addPropertyValue("defaultTargetUrl", StringUtils.hasText(defaultTargetUrl) ? defaultTargetUrl : DEF_FORM_LOGIN_TARGET_URL); + filterBuilder.addPropertyValue("successHandler", successHandler.getBeanDefinition()); } - filterBuilder.addPropertyValue("defaultTargetUrl", defaultTargetUrl); - if (!StringUtils.hasText(authenticationFailureUrl)) { // Fallback to redisplaying the custom login page, if one was specified if (StringUtils.hasText(loginPage)) { diff --git a/core/src/main/java/org/springframework/security/ui/AbstractProcessingFilter.java b/core/src/main/java/org/springframework/security/ui/AbstractProcessingFilter.java index 5d67feb6a2..5c487839c5 100644 --- a/core/src/main/java/org/springframework/security/ui/AbstractProcessingFilter.java +++ b/core/src/main/java/org/springframework/security/ui/AbstractProcessingFilter.java @@ -66,15 +66,6 @@ import javax.servlet.http.HttpSession; *

* To use this filter, it is necessary to specify the following properties: *