root
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Actions 5 Packages Projects Releases Wiki Activity

SEC-221: AbstractProcessingFilter.onPreAuthentication() should have exceptions caught.

This commit is contained in:
Ben Alex 2006-04-26 03:40:24 +00:00
parent 6bae43d380
commit 185d63f23c
1 changed files with 35 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
core/src/main/java/org/acegisecurity/ui/AbstractProcessingFilter.java
View File

@ -1,4 +1,4 @@
/* Copyright 2004, 2005 Acegi Technology Pty Limited /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -15,7 +15,33 @@
package org.acegisecurity.ui; package org.acegisecurity.ui;
import org.acegisecurity.AcegiMessageSource;
import org.acegisecurity.Authentication;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.AuthenticationManager;
import org.acegisecurity.context.SecurityContextHolder;
import org.acegisecurity.event.authentication.InteractiveAuthenticationSuccessEvent;
import org.acegisecurity.ui.rememberme.NullRememberMeServices;
import org.acegisecurity.ui.rememberme.RememberMeServices;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.ApplicationEventPublisherAware;
import org.springframework.context.MessageSource;
import org.springframework.context.MessageSourceAware;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.util.Assert;
import java.io.IOException; import java.io.IOException;
import java.util.Properties; import java.util.Properties;
import javax.servlet.Filter; import javax.servlet.Filter;
@ -27,24 +53,6 @@ import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import org.acegisecurity.AcegiMessageSource;
import org.acegisecurity.Authentication;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.AuthenticationManager;
import org.acegisecurity.context.SecurityContextHolder;
import org.acegisecurity.event.authentication.InteractiveAuthenticationSuccessEvent;
import org.acegisecurity.ui.rememberme.NullRememberMeServices;
import org.acegisecurity.ui.rememberme.RememberMeServices;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.ApplicationEventPublisherAware;
import org.springframework.context.MessageSource;
import org.springframework.context.MessageSourceAware;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.util.Assert;
/** /**
* Abstract processor of browser-based HTTP-based authentication requests. * Abstract processor of browser-based HTTP-based authentication requests.
@ -100,11 +108,11 @@ import org.springframework.util.Assert;
* fully-qualified exception class name to a redirection url target.<br> * fully-qualified exception class name to a redirection url target.<br>
* For example:<br> * For example:<br>
* <code> &lt;property name="exceptionMappings"&gt;<br> * <code> &lt;property name="exceptionMappings"&gt;<br>
* &nbsp;&nbsp;&lt;props&gt;<br> * * &nbsp;&nbsp;&lt;props&gt;<br>
* &nbsp;&nbsp;&nbsp;&nbsp;&lt;prop&gt; key="org.acegisecurity.BadCredentialsException"&gt;/bad_credentials.jsp&lt;/prop&gt;<br> * * &nbsp;&nbsp;&nbsp;&nbsp;&lt;prop&gt; key="org.acegisecurity.BadCredentialsException"&gt;/bad_credentials.jsp&lt;/prop&gt;<br>
* &nbsp;&nbsp;&lt;/props&gt;<br> * * &nbsp;&nbsp;&lt;/props&gt;<br>
* &lt;/property&gt;<br> * * &lt;/property&gt;<br>
* </code><br> * * </code><br>
* The example above would redirect all {@link * The example above would redirect all {@link
* org.acegisecurity.BadCredentialsException}s thrown, to a page in the * org.acegisecurity.BadCredentialsException}s thrown, to a page in the
* web-application called /bad_credentials.jsp. * web-application called /bad_credentials.jsp.
@ -220,11 +228,10 @@ public abstract class AbstractProcessingFilter implements Filter,
logger.debug("Request is to process authentication"); logger.debug("Request is to process authentication");
} }
onPreAuthentication(httpRequest, httpResponse);
Authentication authResult; Authentication authResult;
try { try {
onPreAuthentication(httpRequest, httpResponse);
authResult = attemptAuthentication(httpRequest); authResult = attemptAuthentication(httpRequest);
} catch (AuthenticationException failed) { } catch (AuthenticationException failed) {
// Authentication failed // Authentication failed
@ -296,7 +303,8 @@ public abstract class AbstractProcessingFilter implements Filter,
} }
protected void onPreAuthentication(HttpServletRequest request, protected void onPreAuthentication(HttpServletRequest request,
HttpServletResponse response) throws IOException {} HttpServletResponse response)
throws AuthenticationException, IOException {}
protected void onSuccessfulAuthentication(HttpServletRequest request, protected void onSuccessfulAuthentication(HttpServletRequest request,
HttpServletResponse response, Authentication authResult) HttpServletResponse response, Authentication authResult)