SEC-1125: Created separate web module spring-security-web

This commit is contained in:
Luke Taylor
2009-03-25 06:28:18 +00:00
parent 2c985a1c36
commit 2a9a8a41db
247 changed files with 611 additions and 506 deletions

View File

@@ -26,21 +26,21 @@ import org.springframework.security.concurrent.ConcurrentLoginException;
import org.springframework.security.concurrent.ConcurrentSessionControllerImpl;
import org.springframework.security.concurrent.ConcurrentSessionFilter;
import org.springframework.security.config.util.InMemoryXmlApplicationContext;
import org.springframework.security.context.HttpSessionSecurityContextRepository;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.context.SecurityContextPersistenceFilter;
import org.springframework.security.context.web.HttpSessionSecurityContextRepository;
import org.springframework.security.context.web.SecurityContextPersistenceFilter;
import org.springframework.security.intercept.web.FilterInvocation;
import org.springframework.security.intercept.web.FilterInvocationSecurityMetadataSource;
import org.springframework.security.intercept.web.FilterSecurityInterceptor;
import org.springframework.security.providers.TestingAuthenticationToken;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
import org.springframework.security.providers.anonymous.AnonymousProcessingFilter;
import org.springframework.security.securechannel.ChannelProcessingFilter;
import org.springframework.security.ui.AuthenticationFailureHandler;
import org.springframework.security.ui.AuthenticationSuccessHandler;
import org.springframework.security.ui.ExceptionTranslationFilter;
import org.springframework.security.ui.SessionFixationProtectionFilter;
import org.springframework.security.ui.WebAuthenticationDetails;
import org.springframework.security.ui.anonymous.AnonymousProcessingFilter;
import org.springframework.security.ui.basicauth.BasicProcessingFilter;
import org.springframework.security.ui.logout.LogoutFilter;
import org.springframework.security.ui.logout.LogoutHandler;
@@ -49,9 +49,8 @@ import org.springframework.security.ui.rememberme.PersistentTokenBasedRememberMe
import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;
import org.springframework.security.ui.webapp.DefaultLoginPageGeneratingFilter;
import org.springframework.security.util.FieldUtils;
import org.springframework.security.util.FilterChainProxy;
import org.springframework.security.util.MockFilter;
import org.springframework.security.util.PortMapperImpl;
import org.springframework.security.web.util.FilterChainProxy;
import org.springframework.security.web.util.PortMapperImpl;
import org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter;
import org.springframework.util.ReflectionUtils;
@@ -341,20 +340,20 @@ public class HttpSecurityBeanDefinitionParserTests {
"<b:bean id='userFilter' class='org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter'>" +
" <custom-filter after='LOGOUT_FILTER'/>" +
"</b:bean>" +
"<b:bean id='userFilter1' class='org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter'>" +
"<b:bean id='userFilter1' class='org.springframework.security.context.web.SecurityContextPersistenceFilter'>" +
" <custom-filter before='SESSION_CONTEXT_INTEGRATION_FILTER'/>" +
"</b:bean>" +
"<b:bean id='userFilter2' class='org.springframework.security.util.MockFilter'>" +
"<b:bean id='userFilter2' class='org.springframework.security.context.web.SecurityContextPersistenceFilter'>" +
" <custom-filter position='FIRST'/>" +
"</b:bean>" +
"<b:bean id='userFilter3' class='org.springframework.security.util.MockFilter'/>" +
"<b:bean id='userFilter3' class='org.springframework.security.context.web.SecurityContextPersistenceFilter'/>" +
"<b:bean id='userFilter4' class='org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter'/>"
);
List<Filter> filters = getFilters("/someurl");
assertEquals(AUTO_CONFIG_FILTERS + 3, filters.size());
assertTrue(filters.get(0) instanceof MockFilter);
assertTrue(filters.get(1) instanceof SecurityContextHolderAwareRequestFilter);
assertTrue(filters.get(0) instanceof SecurityContextPersistenceFilter);
assertTrue(filters.get(1) instanceof SecurityContextPersistenceFilter);
assertTrue(filters.get(4) instanceof SecurityContextHolderAwareRequestFilter);
}
@@ -694,7 +693,7 @@ public class HttpSecurityBeanDefinitionParserTests {
@Test
public void supportsExternallyDefinedSecurityContextRepository() throws Exception {
setContext(
"<b:bean id='repo' class='org.springframework.security.context.HttpSessionSecurityContextRepository'/>" +
"<b:bean id='repo' class='org.springframework.security.context.web.HttpSessionSecurityContextRepository'/>" +
"<http create-session='always' security-context-repository-ref='repo'>" +
" <http-basic />" +
"</http>" + AUTH_PROVIDER_XML);
@@ -707,7 +706,7 @@ public class HttpSecurityBeanDefinitionParserTests {
@Test(expected=BeanDefinitionParsingException.class)
public void cantUseUnsupportedSessionCreationAttributeWithExternallyDefinedSecurityContextRepository() throws Exception {
setContext(
"<b:bean id='repo' class='org.springframework.security.context.HttpSessionSecurityContextRepository'/>" +
"<b:bean id='repo' class='org.springframework.security.context.web.HttpSessionSecurityContextRepository'/>" +
"<http create-session='never' security-context-repository-ref='repo'>" +
" <http-basic />" +
"</http>" + AUTH_PROVIDER_XML);

View File

@@ -16,10 +16,15 @@
package org.springframework.security.util;
import static org.junit.Assert.*;
import static org.mockito.Mockito.*;
import static org.mockito.Matchers.*;
import java.util.List;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.junit.After;
import org.junit.Before;
@@ -29,8 +34,10 @@ import org.springframework.context.support.ClassPathXmlApplicationContext;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.MockFilterConfig;
import org.springframework.security.context.SecurityContextPersistenceFilter;
import org.springframework.security.context.web.SecurityContextPersistenceFilter;
import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;
import org.springframework.security.web.util.FilterChainProxy;
import org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter;
/**
* Tests {@link FilterChainProxy}.
@@ -56,23 +63,6 @@ public class FilterChainProxyConfigTests {
}
}
@Test
public void testDoNotFilter() throws Exception {
FilterChainProxy filterChainProxy = (FilterChainProxy) appCtx.getBean("filterChain", FilterChainProxy.class);
MockFilter filter = (MockFilter) appCtx.getBean("mockFilter", MockFilter.class);
MockHttpServletRequest request = new MockHttpServletRequest();
request.setServletPath("/do/not/filter/somefile.html");
MockHttpServletResponse response = new MockHttpServletResponse();
MockFilterChain chain = new MockFilterChain(true);
filterChainProxy.doFilter(request, response, chain);
assertFalse(filter.isWasInitialized());
assertFalse(filter.isWasDoFiltered());
assertFalse(filter.isWasDestroyed());
}
@Test(expected=BeanCreationException.class)
public void misplacedUniversalPathShouldBeDetected() throws Exception {
appCtx.getBean("newFilterChainProxyWrongPathOrder", FilterChainProxy.class);
@@ -126,14 +116,14 @@ public class FilterChainProxyConfigTests {
private void checkPathAndFilterOrder(FilterChainProxy filterChainProxy) throws Exception {
List<Filter> filters = filterChainProxy.getFilters("/foo/blah");
assertEquals(1, filters.size());
assertTrue(filters.get(0) instanceof MockFilter);
assertTrue(filters.get(0) instanceof SecurityContextHolderAwareRequestFilter);
filters = filterChainProxy.getFilters("/some/other/path/blah");
assertNotNull(filters);
assertEquals(3, filters.size());
assertTrue(filters.get(0) instanceof SecurityContextPersistenceFilter);
assertTrue(filters.get(1) instanceof MockFilter);
assertTrue(filters.get(2) instanceof MockFilter);
assertTrue(filters.get(1) instanceof SecurityContextHolderAwareRequestFilter);
assertTrue(filters.get(2) instanceof SecurityContextHolderAwareRequestFilter);
filters = filterChainProxy.getFilters("/do/not/filter");
assertEquals(0, filters.size());
@@ -142,37 +132,26 @@ public class FilterChainProxyConfigTests {
assertEquals(3, filters.size());
assertTrue(filters.get(0) instanceof SecurityContextPersistenceFilter);
assertTrue(filters.get(1) instanceof AuthenticationProcessingFilter);
assertTrue(filters.get(2) instanceof MockFilter);
assertTrue(filters.get(2) instanceof SecurityContextHolderAwareRequestFilter);
}
private void doNormalOperation(FilterChainProxy filterChainProxy) throws Exception {
MockFilter filter = (MockFilter) appCtx.getBean("mockFilter", MockFilter.class);
assertFalse(filter.isWasInitialized());
assertFalse(filter.isWasDoFiltered());
assertFalse(filter.isWasDestroyed());
filterChainProxy.init(new MockFilterConfig());
assertTrue(filter.isWasInitialized());
assertFalse(filter.isWasDoFiltered());
assertFalse(filter.isWasDestroyed());
MockHttpServletRequest request = new MockHttpServletRequest();
request.setServletPath("/foo/secure/super/somefile.html");
MockHttpServletResponse response = new MockHttpServletResponse();
MockFilterChain chain = new MockFilterChain(true);
FilterChain chain = mock(FilterChain.class);
filterChainProxy.doFilter(request, response, chain);
assertTrue(filter.isWasInitialized());
assertTrue(filter.isWasDoFiltered());
assertFalse(filter.isWasDestroyed());
verify(chain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
request.setServletPath("/a/path/which/doesnt/match/any/filter.html");
chain = mock(FilterChain.class);
filterChainProxy.doFilter(request, response, chain);
verify(chain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
filterChainProxy.destroy();
assertTrue(filter.isWasInitialized());
assertTrue(filter.isWasDoFiltered());
assertTrue(filter.isWasDestroyed());
}
}