From 37810a19c4bf831705b6ba7fc898eeaad09bac9d Mon Sep 17 00:00:00 2001 From: Luke Taylor Date: Wed, 10 Nov 2010 15:37:42 +0000 Subject: [PATCH] SEC-1619: Added check in GAE sample for change of Google user while still logged into the app. Also updated GAE version and build script. Uploading to GAE now works when run from the gradle build file using the command 'gradle gaeDeploy'. --- buildSrc/build.gradle | 2 +- buildSrc/src/main/groovy/gae/GaePlugin.groovy | 2 +- samples/gae/gae.gradle | 7 +++-- .../gae/security/GaeAuthenticationFilter.java | 28 +++++++++++++++++-- 4 files changed, 32 insertions(+), 7 deletions(-) diff --git a/buildSrc/build.gradle b/buildSrc/build.gradle index ac78628d27..af9cd4b2b4 100644 --- a/buildSrc/build.gradle +++ b/buildSrc/build.gradle @@ -30,7 +30,7 @@ dependencies { // GAE dependencies { - compile 'com.google.appengine:appengine-tools-api:1.3.5' + compile 'com.google.appengine:appengine-tools-api:1.3.7' } task ide(type: Copy) { diff --git a/buildSrc/src/main/groovy/gae/GaePlugin.groovy b/buildSrc/src/main/groovy/gae/GaePlugin.groovy index e028d01b03..b131c8c316 100644 --- a/buildSrc/src/main/groovy/gae/GaePlugin.groovy +++ b/buildSrc/src/main/groovy/gae/GaePlugin.groovy @@ -20,7 +20,7 @@ class GaePlugin implements Plugin { project.gaeDeploy.dependsOn project.war project.war.doLast { - ant.unzip(src: project.war.archivePath, dest: explodedWar) + ant.unzip(src: project.war.archivePath, dest: explodedWar) } } } diff --git a/samples/gae/gae.gradle b/samples/gae/gae.gradle index 6c5bf73a48..06eee6e93d 100644 --- a/samples/gae/gae.gradle +++ b/samples/gae/gae.gradle @@ -2,7 +2,7 @@ apply plugin: 'war' apply plugin: 'jetty' apply plugin: 'gae' -gaeVersion="1.3.5" +gaeVersion="1.3.7" repositories { // Hibernate Validator @@ -15,8 +15,7 @@ repositories { configurations.runtime.exclude(group: 'ch.qos.logback') dependencies { - providedCompile 'javax.servlet:servlet-api:2.5@jar', - "com.google.appengine:appengine-api-1.0-sdk:$gaeVersion" + providedCompile 'javax.servlet:servlet-api:2.5@jar' compile project(':spring-security-core'), project(':spring-security-web'), @@ -25,11 +24,13 @@ dependencies { "org.springframework:spring-webmvc:$springVersion", "org.springframework:spring-context:$springVersion", "org.springframework:spring-context-support:$springVersion", + "com.google.appengine:appengine-api-1.0-sdk:$gaeVersion", 'javax.validation:validation-api:1.0.0.GA', 'org.hibernate:hibernate-validator:4.1.0.Final', "org.slf4j:slf4j-api:$slf4jVersion" runtime project(':spring-security-config'), + project(':spring-security-taglibs'), "org.slf4j:jcl-over-slf4j:$slf4jVersion", "org.slf4j:slf4j-jdk14:$slf4jVersion" testCompile "com.google.appengine:appengine-testing:$gaeVersion" diff --git a/samples/gae/src/main/java/samples/gae/security/GaeAuthenticationFilter.java b/samples/gae/src/main/java/samples/gae/security/GaeAuthenticationFilter.java index f8edd5e009..48d35fa3b4 100644 --- a/samples/gae/src/main/java/samples/gae/security/GaeAuthenticationFilter.java +++ b/samples/gae/src/main/java/samples/gae/security/GaeAuthenticationFilter.java @@ -24,6 +24,7 @@ import org.springframework.security.web.authentication.WebAuthenticationDetailsS import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken; import org.springframework.util.Assert; import org.springframework.web.filter.GenericFilterBean; +import samples.gae.users.GaeUser; /** * @author Luke Taylor @@ -39,10 +40,15 @@ public class GaeAuthenticationFilter extends GenericFilterBean { public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); + User googleUser = UserServiceFactory.getUserService().getCurrentUser(); + + if (authentication != null && !loggedInUserMatchesGaeUser(authentication, googleUser)) { + SecurityContextHolder.clearContext(); + authentication = null; + ((HttpServletRequest)request).getSession().invalidate(); + } if (authentication == null) { - User googleUser = UserServiceFactory.getUserService().getCurrentUser(); - if (googleUser != null) { logger.debug("Currently logged on to GAE as user " + googleUser); logger.debug("Authenticating to Spring Security"); @@ -72,6 +78,24 @@ public class GaeAuthenticationFilter extends GenericFilterBean { chain.doFilter(request, response); } + private boolean loggedInUserMatchesGaeUser(Authentication authentication, User googleUser) { + assert authentication != null; + + if (googleUser == null) { + // User has logged out of GAE but is still logged into application + return false; + } + + GaeUser gaeUser = (GaeUser)authentication.getPrincipal(); + + if (!gaeUser.getEmail().equals(googleUser.getEmail())) { + return false; + } + + return true; + + } + @Override public void afterPropertiesSet() throws ServletException { Assert.notNull(authenticationManager, "AuthenticationManager must be set");