SEC-1429: Move logic for saving of AuthenticationException into the SimpleUrlAuthenticationFailurehandler from AbstractAuthenticationProcessingFilter. It will also now use request scope if configured to do a forward instead of a redirect.
This commit is contained in:
@@ -41,6 +41,7 @@ import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.core.authority.AuthorityUtils;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.web.AuthenticationEntryPoint;
|
||||
import org.springframework.security.web.WebAttributes;
|
||||
import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
|
||||
import org.springframework.security.web.savedrequest.DefaultSavedRequest;
|
||||
import org.springframework.security.web.util.ThrowableAnalyzer;
|
||||
@@ -65,7 +66,7 @@ public class ExceptionTranslationFilterTests {
|
||||
return null;
|
||||
}
|
||||
|
||||
DefaultSavedRequest savedRequest = (DefaultSavedRequest) session.getAttribute(DefaultSavedRequest.SPRING_SECURITY_SAVED_REQUEST_KEY);
|
||||
DefaultSavedRequest savedRequest = (DefaultSavedRequest) session.getAttribute(WebAttributes.SAVED_REQUEST);
|
||||
|
||||
return savedRequest.getRedirectUrl();
|
||||
}
|
||||
@@ -127,8 +128,7 @@ public class ExceptionTranslationFilterTests {
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
filter.doFilter(request, response, fc);
|
||||
assertEquals(403, response.getStatus());
|
||||
assertEquals(AccessDeniedException.class, request.getAttribute(
|
||||
AccessDeniedHandlerImpl.SPRING_SECURITY_ACCESS_DENIED_EXCEPTION_KEY).getClass());
|
||||
assertEquals(AccessDeniedException.class, request.getAttribute(WebAttributes.ACCESS_DENIED_403).getClass());
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -198,7 +198,7 @@ public class ExceptionTranslationFilterTests {
|
||||
doThrow(new BadCredentialsException("")).when(fc).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
|
||||
request.setMethod("POST");
|
||||
filter.doFilter(request, new MockHttpServletResponse(), fc);
|
||||
assertTrue(request.getSession().getAttribute(DefaultSavedRequest.SPRING_SECURITY_SAVED_REQUEST_KEY) == null);
|
||||
assertTrue(request.getSession().getAttribute(WebAttributes.SAVED_REQUEST) == null);
|
||||
}
|
||||
|
||||
@Test(expected=IllegalArgumentException.class)
|
||||
|
||||
@@ -58,6 +58,7 @@ import org.springframework.security.web.savedrequest.DefaultSavedRequest;
|
||||
*
|
||||
* @author Ben Alex
|
||||
*/
|
||||
@SuppressWarnings("deprecation")
|
||||
public class AbstractAuthenticationProcessingFilterTests extends TestCase {
|
||||
SavedRequestAwareAuthenticationSuccessHandler successHandler;
|
||||
SimpleUrlAuthenticationFailureHandler failureHandler;
|
||||
|
||||
@@ -16,6 +16,7 @@ import org.springframework.security.authentication.BadCredentialsException;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.core.SpringSecurityMessageSource;
|
||||
import org.springframework.security.web.WebAttributes;
|
||||
import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;
|
||||
|
||||
/**
|
||||
@@ -67,7 +68,7 @@ public class DefaultLoginPageGeneratingFilterTests {
|
||||
String message = messages.getMessage(
|
||||
"AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials", Locale.KOREA);
|
||||
System.out.println("Message: " + message);
|
||||
request.getSession().setAttribute(AbstractAuthenticationProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY, new BadCredentialsException(message));
|
||||
request.getSession().setAttribute(WebAttributes.AUTHENTICATION_EXCEPTION, new BadCredentialsException(message));
|
||||
|
||||
filter.doFilter(request, new MockHttpServletResponse(), chain);
|
||||
}
|
||||
|
||||
@@ -5,6 +5,7 @@ import static org.junit.Assert.*;
|
||||
import org.junit.Test;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.security.web.WebAttributes;
|
||||
|
||||
/**
|
||||
*
|
||||
@@ -20,7 +21,7 @@ public class HttpSessionRequestCacheTests {
|
||||
MockHttpServletRequest request = new MockHttpServletRequest("GET", "/destination");
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
cache.saveRequest(request, response);
|
||||
assertNotNull(request.getSession().getAttribute(DefaultSavedRequest.SPRING_SECURITY_SAVED_REQUEST_KEY));
|
||||
assertNotNull(request.getSession().getAttribute(WebAttributes.SAVED_REQUEST));
|
||||
assertNotNull(cache.getRequest(request, response));
|
||||
|
||||
MockHttpServletRequest newRequest = new MockHttpServletRequest("POST", "/destination");
|
||||
|
||||
@@ -6,6 +6,7 @@ import org.junit.Test;
|
||||
import org.springframework.mock.web.MockFilterChain;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.security.web.WebAttributes;
|
||||
|
||||
public class RequestCacheAwareFilterTests {
|
||||
|
||||
@@ -17,9 +18,9 @@ public class RequestCacheAwareFilterTests {
|
||||
MockHttpServletRequest request = new MockHttpServletRequest("POST", "/destination");
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
cache.saveRequest(request, response);
|
||||
assertNotNull(request.getSession().getAttribute(DefaultSavedRequest.SPRING_SECURITY_SAVED_REQUEST_KEY));
|
||||
assertNotNull(request.getSession().getAttribute(WebAttributes.SAVED_REQUEST));
|
||||
|
||||
filter.doFilter(request, response, new MockFilterChain());
|
||||
assertNull(request.getSession().getAttribute(DefaultSavedRequest.SPRING_SECURITY_SAVED_REQUEST_KEY));
|
||||
assertNull(request.getSession().getAttribute(WebAttributes.SAVED_REQUEST));
|
||||
}
|
||||
}
|
||||
|
||||
@@ -10,8 +10,8 @@ import org.junit.Test;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.web.WebAttributes;
|
||||
import org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy;
|
||||
import org.springframework.security.web.savedrequest.DefaultSavedRequest;
|
||||
|
||||
/**
|
||||
*
|
||||
@@ -48,12 +48,12 @@ public class DefaultSessionAuthenticationStrategyTests {
|
||||
HttpServletRequest request = new MockHttpServletRequest();
|
||||
HttpSession session = request.getSession();
|
||||
session.setAttribute("blah", "blah");
|
||||
session.setAttribute(DefaultSavedRequest.SPRING_SECURITY_SAVED_REQUEST_KEY, "DefaultSavedRequest");
|
||||
session.setAttribute(WebAttributes.SAVED_REQUEST, "DefaultSavedRequest");
|
||||
|
||||
strategy.onAuthentication(mock(Authentication.class), request, new MockHttpServletResponse());
|
||||
|
||||
assertNull(request.getSession().getAttribute("blah"));
|
||||
assertNotNull(request.getSession().getAttribute(DefaultSavedRequest.SPRING_SECURITY_SAVED_REQUEST_KEY));
|
||||
assertNotNull(request.getSession().getAttribute(WebAttributes.SAVED_REQUEST));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
||||
Reference in New Issue
Block a user