SEC-632: Changed user-filter to custom-filter to avoid confusion with system "users".
This commit is contained in:
Luke Taylor
parent
cd16dac290
commit
ae71e9a5bd
|
|
@ -29,5 +29,5 @@ abstract class Elements {
|
||||||
public static final String SALT_SOURCE = "salt-source";
|
public static final String SALT_SOURCE = "salt-source";
|
||||||
public static final String PORT_MAPPINGS = "port-mappings";
|
public static final String PORT_MAPPINGS = "port-mappings";
|
||||||
public static final String PORT_MAPPING = "port-mapping";
|
public static final String PORT_MAPPING = "port-mapping";
|
||||||
public static final String USER_FILTER = "user-filter";
|
public static final String CUSTOM_FILTER = "custom-filter";
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -188,7 +188,7 @@ public class HttpSecurityConfigPostProcessor implements BeanFactoryPostProcessor
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Filters must be Spring security filters or wrapped using <user-filter>
|
// Filters must be Spring security filters or wrapped using <custom-filter>
|
||||||
if (!filter.getClass().getName().startsWith("org.springframework.security")) {
|
if (!filter.getClass().getName().startsWith("org.springframework.security")) {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -95,7 +95,8 @@ public class OrderedFilterBeanDefinitionDecorator implements BeanDefinitionDecor
|
||||||
public final int getOrder() {
|
public final int getOrder() {
|
||||||
if(order == null) {
|
if(order == null) {
|
||||||
Assert.isInstanceOf(Ordered.class, "Filter '"+ beanName +"' must implement the 'Ordered' interface " +
|
Assert.isInstanceOf(Ordered.class, "Filter '"+ beanName +"' must implement the 'Ordered' interface " +
|
||||||
" or you must specify one of the attributes 'after' or 'before' in <user-filter>");
|
" or you must specify one of the attributes '" + ATT_AFTER + "' or '" +
|
||||||
|
ATT_BEFORE + "' in <" + Elements.CUSTOM_FILTER +">");
|
||||||
|
|
||||||
return ((Ordered)delegate).getOrder();
|
return ((Ordered)delegate).getOrder();
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -24,6 +24,6 @@ public class SecurityNamespaceHandler extends NamespaceHandlerSupport {
|
||||||
// Decorators
|
// Decorators
|
||||||
registerBeanDefinitionDecorator(Elements.INTERCEPT_METHODS, new InterceptMethodsBeanDefinitionDecorator());
|
registerBeanDefinitionDecorator(Elements.INTERCEPT_METHODS, new InterceptMethodsBeanDefinitionDecorator());
|
||||||
registerBeanDefinitionDecorator(Elements.FILTER_CHAIN_MAP, new FilterChainMapBeanDefinitionDecorator());
|
registerBeanDefinitionDecorator(Elements.FILTER_CHAIN_MAP, new FilterChainMapBeanDefinitionDecorator());
|
||||||
registerBeanDefinitionDecorator(Elements.USER_FILTER, new OrderedFilterBeanDefinitionDecorator());
|
registerBeanDefinitionDecorator(Elements.CUSTOM_FILTER, new OrderedFilterBeanDefinitionDecorator());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -270,14 +270,14 @@ jdbc-user-service.attlist &=
|
||||||
attribute data-source-ref {xsd:string}
|
attribute data-source-ref {xsd:string}
|
||||||
|
|
||||||
|
|
||||||
user-filter =
|
custom-filter =
|
||||||
## Used to indicate that a filter bean declaration should be incorporated into the security filter chain. If neither the 'after' or 'before' options are supplied, then the filter must implement the Ordered interface directly.
|
## Used to indicate that a filter bean declaration should be incorporated into the security filter chain. If neither the 'after' or 'before' options are supplied, then the filter must implement the Ordered interface directly.
|
||||||
element user-filter {after | before}?
|
element custom-filter {after | before}?
|
||||||
after =
|
after =
|
||||||
## The filter immediately after which the user-filter should be placed in the chain. This feature will only be needed by advanced users who wish to mix their own filters into the security filter chain and have some knowledge of the standard Spring Security filters. The filter names map to specific Spring Security implementation filters.
|
## The filter immediately after which the custom-filter should be placed in the chain. This feature will only be needed by advanced users who wish to mix their own filters into the security filter chain and have some knowledge of the standard Spring Security filters. The filter names map to specific Spring Security implementation filters.
|
||||||
attribute after {"FIRST" | "CHANNEL_FILTER" | "CONCURRENT_SESSION_FILTER" | "SESSION_CONTEXT_INTEGRATION_FILTER" | "LOGOUT_FILTER" | "X509_FILTER" | "PRE_AUTH_FILTER" | "CAS_PROCESSING_FILTER" | "AUTHENTICATION_PROCESSING_FILTER" | "BASIC_PROCESSING_FILTER" | "SERVLET_API_SUPPORT_FILTER" | "REMEMBER_ME_FILTER" | "ANONYMOUS_FILTER" | "EXCEPTION_TRANSLATION_FILTER" | "NTLM_FILTER" | "FILTER_SECURITY_INTERCEPTOR" | "SWITCH_USER_FILTER"}
|
attribute after {"FIRST" | "CHANNEL_FILTER" | "CONCURRENT_SESSION_FILTER" | "SESSION_CONTEXT_INTEGRATION_FILTER" | "LOGOUT_FILTER" | "X509_FILTER" | "PRE_AUTH_FILTER" | "CAS_PROCESSING_FILTER" | "AUTHENTICATION_PROCESSING_FILTER" | "BASIC_PROCESSING_FILTER" | "SERVLET_API_SUPPORT_FILTER" | "REMEMBER_ME_FILTER" | "ANONYMOUS_FILTER" | "EXCEPTION_TRANSLATION_FILTER" | "NTLM_FILTER" | "FILTER_SECURITY_INTERCEPTOR" | "SWITCH_USER_FILTER"}
|
||||||
before =
|
before =
|
||||||
## The filter immediately before which the user-filter should be placed in the chain
|
## The filter immediately before which the custom-filter should be placed in the chain
|
||||||
attribute before {"FIRST" | "CHANNEL_FILTER" | "CONCURRENT_SESSION_FILTER" | "SESSION_CONTEXT_INTEGRATION_FILTER" | "LOGOUT_FILTER" | "X509_FILTER" | "PRE_AUTH_FILTER" | "CAS_PROCESSING_FILTER" | "AUTHENTICATION_PROCESSING_FILTER" | "BASIC_PROCESSING_FILTER" | "SERVLET_API_SUPPORT_FILTER" | "REMEMBER_ME_FILTER" | "ANONYMOUS_FILTER" | "EXCEPTION_TRANSLATION_FILTER" | "NTLM_FILTER" | "FILTER_SECURITY_INTERCEPTOR" | "SWITCH_USER_FILTER"}
|
attribute before {"FIRST" | "CHANNEL_FILTER" | "CONCURRENT_SESSION_FILTER" | "SESSION_CONTEXT_INTEGRATION_FILTER" | "LOGOUT_FILTER" | "X509_FILTER" | "PRE_AUTH_FILTER" | "CAS_PROCESSING_FILTER" | "AUTHENTICATION_PROCESSING_FILTER" | "BASIC_PROCESSING_FILTER" | "SERVLET_API_SUPPORT_FILTER" | "REMEMBER_ME_FILTER" | "ANONYMOUS_FILTER" | "EXCEPTION_TRANSLATION_FILTER" | "NTLM_FILTER" | "FILTER_SECURITY_INTERCEPTOR" | "SWITCH_USER_FILTER"}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -650,19 +650,19 @@
|
||||||
</xs:annotation>
|
</xs:annotation>
|
||||||
</xs:attribute>
|
</xs:attribute>
|
||||||
</xs:attributeGroup>
|
</xs:attributeGroup>
|
||||||
<xs:group name="user-filter">
|
<xs:group name="custom-filter">
|
||||||
<xs:sequence>
|
<xs:sequence>
|
||||||
<xs:element minOccurs="0" ref="security:user-filter"/>
|
<xs:element minOccurs="0" ref="security:custom-filter"/>
|
||||||
</xs:sequence>
|
</xs:sequence>
|
||||||
</xs:group>
|
</xs:group>
|
||||||
<xs:element name="user-filter">
|
<xs:element name="custom-filter">
|
||||||
<xs:annotation>
|
<xs:annotation>
|
||||||
<xs:documentation>Used to indicate that a filter bean declaration should be incorporated into the security filter chain. If neither the 'after' or 'before' options are supplied, then the filter must implement the Ordered interface directly. </xs:documentation>
|
<xs:documentation>Used to indicate that a filter bean declaration should be incorporated into the security filter chain. If neither the 'after' or 'before' options are supplied, then the filter must implement the Ordered interface directly. </xs:documentation>
|
||||||
</xs:annotation>
|
</xs:annotation>
|
||||||
<xs:complexType>
|
<xs:complexType>
|
||||||
<xs:attribute name="after">
|
<xs:attribute name="after">
|
||||||
<xs:annotation>
|
<xs:annotation>
|
||||||
<xs:documentation>The filter immediately after which the user-filter should be placed in the chain. This feature will only be needed by advanced users who wish to mix their own filters into the security filter chain and have some knowledge of the standard Spring Security filters. The filter names map to specific Spring Security implementation filters. </xs:documentation>
|
<xs:documentation>The filter immediately after which the custom-filter should be placed in the chain. This feature will only be needed by advanced users who wish to mix their own filters into the security filter chain and have some knowledge of the standard Spring Security filters. The filter names map to specific Spring Security implementation filters. </xs:documentation>
|
||||||
</xs:annotation>
|
</xs:annotation>
|
||||||
<xs:simpleType>
|
<xs:simpleType>
|
||||||
<xs:restriction base="xs:token">
|
<xs:restriction base="xs:token">
|
||||||
|
|
@ -688,7 +688,7 @@
|
||||||
</xs:attribute>
|
</xs:attribute>
|
||||||
<xs:attribute name="before">
|
<xs:attribute name="before">
|
||||||
<xs:annotation>
|
<xs:annotation>
|
||||||
<xs:documentation>The filter immediately before which the user-filter should be placed in the chain</xs:documentation>
|
<xs:documentation>The filter immediately before which the custom-filter should be placed in the chain</xs:documentation>
|
||||||
</xs:annotation>
|
</xs:annotation>
|
||||||
<xs:simpleType>
|
<xs:simpleType>
|
||||||
<xs:restriction base="xs:token">
|
<xs:restriction base="xs:token">
|
||||||
|
|
@ -717,7 +717,7 @@
|
||||||
<xs:attributeGroup name="after">
|
<xs:attributeGroup name="after">
|
||||||
<xs:attribute name="after" use="required">
|
<xs:attribute name="after" use="required">
|
||||||
<xs:annotation>
|
<xs:annotation>
|
||||||
<xs:documentation>The filter immediately after which the user-filter should be placed in the chain. This feature will only be needed by advanced users who wish to mix their own filters into the security filter chain and have some knowledge of the standard Spring Security filters. The filter names map to specific Spring Security implementation filters. </xs:documentation>
|
<xs:documentation>The filter immediately after which the custom-filter should be placed in the chain. This feature will only be needed by advanced users who wish to mix their own filters into the security filter chain and have some knowledge of the standard Spring Security filters. The filter names map to specific Spring Security implementation filters. </xs:documentation>
|
||||||
</xs:annotation>
|
</xs:annotation>
|
||||||
<xs:simpleType>
|
<xs:simpleType>
|
||||||
<xs:restriction base="xs:token">
|
<xs:restriction base="xs:token">
|
||||||
|
|
@ -745,7 +745,7 @@
|
||||||
<xs:attributeGroup name="before">
|
<xs:attributeGroup name="before">
|
||||||
<xs:attribute name="before" use="required">
|
<xs:attribute name="before" use="required">
|
||||||
<xs:annotation>
|
<xs:annotation>
|
||||||
<xs:documentation>The filter immediately before which the user-filter should be placed in the chain</xs:documentation>
|
<xs:documentation>The filter immediately before which the custom-filter should be placed in the chain</xs:documentation>
|
||||||
</xs:annotation>
|
</xs:annotation>
|
||||||
<xs:simpleType>
|
<xs:simpleType>
|
||||||
<xs:restriction base="xs:token">
|
<xs:restriction base="xs:token">
|
||||||
|
|
|
||||||
|
|
@ -199,7 +199,7 @@ public class HttpSecurityBeanDefinitionParserTests {
|
||||||
setContext(
|
setContext(
|
||||||
"<http auto-config='true'/>" + AUTH_PROVIDER_XML +
|
"<http auto-config='true'/>" + AUTH_PROVIDER_XML +
|
||||||
"<b:bean id='userFilter' class='org.springframework.security.util.MockFilter'>" +
|
"<b:bean id='userFilter' class='org.springframework.security.util.MockFilter'>" +
|
||||||
" <user-filter after='SESSION_CONTEXT_INTEGRATION_FILTER'/>" +
|
" <custom-filter after='SESSION_CONTEXT_INTEGRATION_FILTER'/>" +
|
||||||
"</b:bean>" +
|
"</b:bean>" +
|
||||||
"<b:bean id='userFilter2' class='org.springframework.security.util.MockFilter'/>");
|
"<b:bean id='userFilter2' class='org.springframework.security.util.MockFilter'/>");
|
||||||
List filters = getFilterChainProxy().getFilters("/someurl");
|
List filters = getFilterChainProxy().getFilters("/someurl");
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue