root
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Actions 4 Packages Projects Releases Wiki Activity

SEC-723: Change PreAuthenticatedAuthenticationProvider to reject authentication tokens with null credentials. Also introduced a property "throwExceptionWhenTokenIsRejected" which raises a BadCredentialsException when the toke is invalid.

This commit is contained in:
Luke Taylor 2008-03-18 18:29:48 +00:00
parent 163fb1052f
commit c9ff912b2f
1 changed files with 27 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
core/src/main/java/org/springframework/security/providers/preauth/PreAuthenticatedAuthenticationProvider.java
View File

@ -3,6 +3,7 @@ package org.springframework.security.providers.preauth;
import org.springframework.security.providers.AuthenticationProvider; import org.springframework.security.providers.AuthenticationProvider;
import org.springframework.security.Authentication; import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationException; import org.springframework.security.AuthenticationException;
import org.springframework.security.BadCredentialsException;
import org.springframework.security.userdetails.UserDetails; import org.springframework.security.userdetails.UserDetails;
import org.springframework.security.userdetails.UserDetailsChecker; import org.springframework.security.userdetails.UserDetailsChecker;
import org.springframework.security.userdetails.checker.AccountStatusUserDetailsChecker; import org.springframework.security.userdetails.checker.AccountStatusUserDetailsChecker;
@ -33,6 +34,7 @@ public class PreAuthenticatedAuthenticationProvider implements AuthenticationPro
private AuthenticationUserDetailsService preAuthenticatedUserDetailsService = null; private AuthenticationUserDetailsService preAuthenticatedUserDetailsService = null;
private UserDetailsChecker userDetailsChecker = new AccountStatusUserDetailsChecker(); private UserDetailsChecker userDetailsChecker = new AccountStatusUserDetailsChecker();
private boolean throwExceptionWhenTokenRejected = false;
private int order = -1; // default: same as non-ordered private int order = -1; // default: same as non-ordered
@ -40,7 +42,7 @@ public class PreAuthenticatedAuthenticationProvider implements AuthenticationPro
* Check whether all required properties have been set. * Check whether all required properties have been set.
*/ */
public void afterPropertiesSet() { public void afterPropertiesSet() {
Assert.notNull(preAuthenticatedUserDetailsService, "A AuthenticationUserDetailsService must be set"); Assert.notNull(preAuthenticatedUserDetailsService, "An AuthenticationUserDetailsService must be set");
} }
/** /**
@ -60,6 +62,19 @@ public class PreAuthenticatedAuthenticationProvider implements AuthenticationPro
if (authentication.getPrincipal() == null) { if (authentication.getPrincipal() == null) {
logger.debug("No pre-authenticated principal found in request."); logger.debug("No pre-authenticated principal found in request.");
if (throwExceptionWhenTokenRejected) {
throw new BadCredentialsException("No pre-authenticated principal found in request.");
}
return null;
}
if (authentication.getCredentials() == null) {
logger.debug("No pre-authenticated credentials found in request.");
if (throwExceptionWhenTokenRejected) {
throw new BadCredentialsException("No pre-authenticated credentials found in request.");
}
return null; return null;
} }
@ -98,4 +113,13 @@ public class PreAuthenticatedAuthenticationProvider implements AuthenticationPro
public void setOrder(int i) { public void setOrder(int i) {
order = i; order = i;
} }
/**
* If true, causes the provider to throw a BadCredentialsException if the presented authentication
* request is invalid (contains a null principal or credentials). Otherwise it will just return
* null.
*/
public void setThrowExceptionWhenTokenRejected(boolean throwExceptionWhenTokenRejected) {
this.throwExceptionWhenTokenRejected = throwExceptionWhenTokenRejected;
}
} }