From 055ed9c543d1866dd7ab49a3263a2cc02e6cf101 Mon Sep 17 00:00:00 2001 From: Josh Cummings Date: Fri, 14 Dec 2018 13:33:28 -0700 Subject: [PATCH 1/4] AuthenticationSupplier implementation --- .../cas/web/CasAuthenticationFilter.java | 10 +- .../cas/web/CasAuthenticationFilterTests.java | 6 +- ...bstractAuthenticationProcessingFilter.java | 5 +- .../supply/AuthenticationSupplier.java | 39 ++++ .../supply/AuthenticationSupplierMap.java | 29 +++ .../AuthenticationSupplierRegistry.java | 14 ++ .../supply/AuthenticationTokenSupplier.java | 62 ++++++ .../supply/GenericAuthenticationFilter.java | 131 ++++++++++++ .../www/AuthenticationType.java | 45 +++++ .../www/AuthenticationTypeParser.java | 32 +++ .../www/BasicAuthenticationSupplier.java | 67 ++++++ ...ctAuthenticationProcessingFilterTests.java | 2 +- .../GenericAuthenticationFilterTests.java | 191 ++++++++++++++++++ 13 files changed, 625 insertions(+), 8 deletions(-) create mode 100644 web/src/main/java/org/springframework/security/web/authentication/supply/AuthenticationSupplier.java create mode 100644 web/src/main/java/org/springframework/security/web/authentication/supply/AuthenticationSupplierMap.java create mode 100644 web/src/main/java/org/springframework/security/web/authentication/supply/AuthenticationSupplierRegistry.java create mode 100644 web/src/main/java/org/springframework/security/web/authentication/supply/AuthenticationTokenSupplier.java create mode 100644 web/src/main/java/org/springframework/security/web/authentication/supply/GenericAuthenticationFilter.java create mode 100644 web/src/main/java/org/springframework/security/web/authentication/www/AuthenticationType.java create mode 100644 web/src/main/java/org/springframework/security/web/authentication/www/AuthenticationTypeParser.java create mode 100644 web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationSupplier.java create mode 100644 web/src/test/java/org/springframework/security/web/authentication/suply/GenericAuthenticationFilterTests.java diff --git a/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java b/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java index 730814eb956..2ebfd80c558 100644 --- a/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java +++ b/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java @@ -242,7 +242,7 @@ protected final void successfulAuthentication(HttpServletRequest request, @Override public Authentication attemptAuthentication(final HttpServletRequest request, final HttpServletResponse response) throws AuthenticationException, - IOException { + IOException, ServletException { // if the request is a proxy request process it and return null to indicate the // request has been processed if (proxyReceptorRequest(request)) { @@ -281,9 +281,11 @@ protected String obtainArtifact(HttpServletRequest request) { /** * Overridden to provide proxying capabilities. + * @throws ServletException + * @throws IOException */ protected boolean requiresAuthentication(final HttpServletRequest request, - final HttpServletResponse response) { + final HttpServletResponse response) throws IOException, ServletException { final boolean serviceTicketRequest = serviceTicketRequest(request, response); final boolean result = serviceTicketRequest || proxyReceptorRequest(request) || (proxyTicketRequest(serviceTicketRequest, request)); @@ -334,9 +336,11 @@ public final void setServiceProperties(final ServiceProperties serviceProperties * @param request * @param response * @return + * @throws ServletException + * @throws IOException */ private boolean serviceTicketRequest(final HttpServletRequest request, - final HttpServletResponse response) { + final HttpServletResponse response) throws IOException, ServletException { boolean result = super.requiresAuthentication(request, response); if (logger.isDebugEnabled()) { logger.debug("serviceTicketRequest = " + result); diff --git a/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java b/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java index ee58a437c3e..3f56607f8bb 100644 --- a/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java +++ b/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java @@ -94,7 +94,7 @@ public Authentication authenticate(Authentication a) { } @Test - public void testRequiresAuthenticationFilterProcessUrl() { + public void testRequiresAuthenticationFilterProcessUrl() throws Exception { String url = "/login/cas"; CasAuthenticationFilter filter = new CasAuthenticationFilter(); filter.setFilterProcessesUrl(url); @@ -106,7 +106,7 @@ public void testRequiresAuthenticationFilterProcessUrl() { } @Test - public void testRequiresAuthenticationProxyRequest() { + public void testRequiresAuthenticationProxyRequest() throws Exception { CasAuthenticationFilter filter = new CasAuthenticationFilter(); MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); @@ -122,7 +122,7 @@ public void testRequiresAuthenticationProxyRequest() { } @Test - public void testRequiresAuthenticationAuthAll() { + public void testRequiresAuthenticationAuthAll() throws Exception { ServiceProperties properties = new ServiceProperties(); properties.setAuthenticateAllArtifacts(true); diff --git a/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java index e9ee21536f6..29b94e0d5d8 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java +++ b/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java @@ -252,9 +252,12 @@ public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) * * @return true if the filter should attempt authentication, * false otherwise. + * + * @throws ServletException + * @throws IOException */ protected boolean requiresAuthentication(HttpServletRequest request, - HttpServletResponse response) { + HttpServletResponse response) throws IOException, ServletException { return requiresAuthenticationRequestMatcher.matches(request); } diff --git a/web/src/main/java/org/springframework/security/web/authentication/supply/AuthenticationSupplier.java b/web/src/main/java/org/springframework/security/web/authentication/supply/AuthenticationSupplier.java new file mode 100644 index 00000000000..1b20a9ef870 --- /dev/null +++ b/web/src/main/java/org/springframework/security/web/authentication/supply/AuthenticationSupplier.java @@ -0,0 +1,39 @@ +package org.springframework.security.web.authentication.supply; + +import javax.servlet.http.HttpServletRequest; + +import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.AuthenticationException; +import org.springframework.security.web.AuthenticationEntryPoint; +import org.springframework.security.web.authentication.www.AuthenticationType; + +/** + * Used in {@link GenericAuthenticationFilter} to provide requested + * {@link Authentication} object, which is further used by + * {@link AuthenticationManager} to authenticate user. + * + * @author Sergey Bespalov + * + * @see GenericAuthenticationFilter + * @see AuthenticationSupplierRegistry + */ +public interface AuthenticationSupplier extends AuthenticationEntryPoint { + + /** + * Supplies requested {@link Authentication}. + * + * @param request + * @return + * @throws AuthenticationException + */ + T supply(HttpServletRequest request) throws AuthenticationException; + + /** + * Provides supported {@link AuthenticationType}. + * + * @return + */ + AuthenticationType getAuthenticationType(); + +} diff --git a/web/src/main/java/org/springframework/security/web/authentication/supply/AuthenticationSupplierMap.java b/web/src/main/java/org/springframework/security/web/authentication/supply/AuthenticationSupplierMap.java new file mode 100644 index 00000000000..78b9faad576 --- /dev/null +++ b/web/src/main/java/org/springframework/security/web/authentication/supply/AuthenticationSupplierMap.java @@ -0,0 +1,29 @@ +package org.springframework.security.web.authentication.supply; + +import java.util.Map; +import java.util.Set; +import java.util.concurrent.ConcurrentHashMap; + +import org.springframework.security.core.Authentication; +import org.springframework.security.web.authentication.www.AuthenticationType; + +/** + * @author Sergey Bespalov + * + */ +public class AuthenticationSupplierMap implements AuthenticationSupplierRegistry { + + private Map> authenticationSupplierMap = new ConcurrentHashMap<>(); + + public AuthenticationSupplierMap(Set> authenticationSuppliers) { + super(); + authenticationSuppliers.stream().forEach(s -> authenticationSupplierMap.put(s.getAuthenticationType(), s)); + } + + @Override + public AuthenticationSupplier lookupSupplierByAuthenticationType( + AuthenticationType authenticationType) { + return (AuthenticationSupplier) authenticationSupplierMap.get(authenticationType); + } + +} diff --git a/web/src/main/java/org/springframework/security/web/authentication/supply/AuthenticationSupplierRegistry.java b/web/src/main/java/org/springframework/security/web/authentication/supply/AuthenticationSupplierRegistry.java new file mode 100644 index 00000000000..f594b1c2495 --- /dev/null +++ b/web/src/main/java/org/springframework/security/web/authentication/supply/AuthenticationSupplierRegistry.java @@ -0,0 +1,14 @@ +package org.springframework.security.web.authentication.supply; + +import org.springframework.security.core.Authentication; +import org.springframework.security.web.authentication.www.AuthenticationType; + +/** + * @author Sergey Bespalov + * + */ +public interface AuthenticationSupplierRegistry { + + public AuthenticationSupplier lookupSupplierByAuthenticationType(AuthenticationType authenticationType); + +} diff --git a/web/src/main/java/org/springframework/security/web/authentication/supply/AuthenticationTokenSupplier.java b/web/src/main/java/org/springframework/security/web/authentication/supply/AuthenticationTokenSupplier.java new file mode 100644 index 00000000000..f6aa2cda491 --- /dev/null +++ b/web/src/main/java/org/springframework/security/web/authentication/supply/AuthenticationTokenSupplier.java @@ -0,0 +1,62 @@ +package org.springframework.security.web.authentication.supply; + +import java.io.IOException; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.security.authentication.AbstractAuthenticationToken; +import org.springframework.security.authentication.AuthenticationDetailsSource; +import org.springframework.security.core.AuthenticationException; +import org.springframework.security.web.authentication.WebAuthenticationDetailsSource; +import org.springframework.security.web.authentication.www.AuthenticationType; + +/** + * This class decorates a underlying {@link AuthenticationSupplier} with common + * logic needed for {@link AbstractAuthenticationToken}. + * + * @author Sergey Bespalov + * + * @param + */ +public class AuthenticationTokenSupplier implements AuthenticationSupplier { + + private AuthenticationDetailsSource authenticationDetailsSource = new WebAuthenticationDetailsSource(); + + private final AuthenticationSupplier delegate; + + public AuthenticationTokenSupplier(AuthenticationSupplier delegate) { + super(); + this.delegate = delegate; + } + + public AuthenticationDetailsSource getAuthenticationDetailsSource() { + return authenticationDetailsSource; + } + + public void setAuthenticationDetailsSource( + AuthenticationDetailsSource authenticationDetailsSource) { + this.authenticationDetailsSource = authenticationDetailsSource; + } + + @Override + public T supply(HttpServletRequest request) throws AuthenticationException { + T authentication = delegate.supply(request); + + Object authenticationDetails = getAuthenticationDetailsSource().buildDetails(request); + authentication.setDetails(authenticationDetails); + + return authentication; + } + + public AuthenticationType getAuthenticationType() { + return delegate.getAuthenticationType(); + } + + public void commence(HttpServletRequest request, HttpServletResponse response, + AuthenticationException authException) throws IOException, ServletException { + delegate.commence(request, response, authException); + } + +} diff --git a/web/src/main/java/org/springframework/security/web/authentication/supply/GenericAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/supply/GenericAuthenticationFilter.java new file mode 100644 index 00000000000..3d05b458200 --- /dev/null +++ b/web/src/main/java/org/springframework/security/web/authentication/supply/GenericAuthenticationFilter.java @@ -0,0 +1,131 @@ +package org.springframework.security.web.authentication.supply; + +import java.io.IOException; + +import javax.servlet.FilterChain; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.security.core.Authentication; +import org.springframework.security.core.AuthenticationException; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter; +import org.springframework.security.web.authentication.AuthenticationFailureHandler; +import org.springframework.security.web.authentication.www.AuthenticationType; +import org.springframework.security.web.authentication.www.AuthenticationTypeParser; +import org.springframework.security.web.util.matcher.RequestMatcher; +import org.springframework.util.Assert; + +/** + * @author Sergey Bespalov + * + */ +public class GenericAuthenticationFilter extends AbstractAuthenticationProcessingFilter + implements AuthenticationFailureHandler { + + public static final String ATTRIBUTE_NAME_AUTHENTICATION_TYPE = GenericAuthenticationFilter.class.getName() + + ".authenticationTypeName"; + + private AuthenticationSupplierRegistry authenticationSupplierRegistry; + private AuthenticationTypeParser authenticationTypeParser = new AuthenticationTypeParser(); + + public GenericAuthenticationFilter(RequestMatcher requiresAuthenticationRequestMatcher) { + super(requiresAuthenticationRequestMatcher); + setAuthenticationFailureHandler(this); + } + + public GenericAuthenticationFilter(String defaultFilterProcessesUrl) { + super(defaultFilterProcessesUrl); + setAuthenticationFailureHandler(this); + } + + public AuthenticationTypeParser getAuthenticationTypeParser() { + return authenticationTypeParser; + } + + public void setAuthenticationTypeParser(AuthenticationTypeParser authenticationTypeParser) { + this.authenticationTypeParser = authenticationTypeParser; + } + + public AuthenticationSupplierRegistry getAuthenticationSupplierRegistry() { + return authenticationSupplierRegistry; + } + + public void setAuthenticationSupplierRegistry(AuthenticationSupplierRegistry authenticationSupplierRegistry) { + this.authenticationSupplierRegistry = authenticationSupplierRegistry; + } + + @Override + public void afterPropertiesSet() { + super.afterPropertiesSet(); + Assert.notNull(authenticationSupplierRegistry, "authenticationSupplierRegistry must not be null"); + } + + @Override + protected boolean requiresAuthentication(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { + if (!super.requiresAuthentication(request, response)) { + return false; + } + + AuthenticationType authenticationType = getAuthenticationTypeParser().parseAuthenticationType(request); + if (authenticationType == null) { + return false; + } + + request.setAttribute(ATTRIBUTE_NAME_AUTHENTICATION_TYPE, authenticationType); + + AuthenticationSupplier authenticationSupplier = getAuthenticationSupplierRegistry() + .lookupSupplierByAuthenticationType(authenticationType); + if (authenticationSupplier == null) { + return false; + } + + Authentication authentication; + try { + authentication = authenticationSupplier.supply(request); + } catch (AuthenticationException e) { + onAuthenticationFailure(request, response, e); + + return true; + } + SecurityContextHolder.getContext().setAuthentication(authentication); + + return true; + } + + @Override + public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) + throws AuthenticationException, IOException, ServletException { + Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); + if (authentication == null) { + return null; + } + + if (authentication.isAuthenticated()) { + return authentication; + } + + return getAuthenticationManager().authenticate(authentication); + } + + @Override + public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, + AuthenticationException exception) throws IOException, ServletException { + AuthenticationType authenticationType = (AuthenticationType) request.getAttribute(ATTRIBUTE_NAME_AUTHENTICATION_TYPE); + + AuthenticationSupplier authenticationSupplier = getAuthenticationSupplierRegistry() + .lookupSupplierByAuthenticationType(authenticationType); + authenticationSupplier.commence(request, response, exception); + } + + @Override + protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, + Authentication authResult) throws IOException, ServletException { + super.successfulAuthentication(request, response, chain, authResult); + + chain.doFilter(request, response); + } + + +} diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/AuthenticationType.java b/web/src/main/java/org/springframework/security/web/authentication/www/AuthenticationType.java new file mode 100644 index 00000000000..df21577ca4c --- /dev/null +++ b/web/src/main/java/org/springframework/security/web/authentication/www/AuthenticationType.java @@ -0,0 +1,45 @@ +package org.springframework.security.web.authentication.www; + +/** + * This class represents a supported Authentication type, which can be `Basic`, `Digest` etc. + * + * @author Sergey Bespalov + * + * @see AuthenticationTypeParser + */ +public class AuthenticationType { + + private final String name; + + public AuthenticationType(String name) { + if (name == null) { + throw new NullPointerException("Authentication type name can not be null."); + } + + this.name = name; + } + + public String getName() { + return name; + } + + @Override + public int hashCode() { + return name.hashCode(); + } + + @Override + public boolean equals(Object obj) { + if (!(obj instanceof AuthenticationType)) { + return false; + } + AuthenticationType other = (AuthenticationType) obj; + return name.equals(other.name); + } + + @Override + public String toString() { + return name; + } + +} diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/AuthenticationTypeParser.java b/web/src/main/java/org/springframework/security/web/authentication/www/AuthenticationTypeParser.java new file mode 100644 index 00000000000..7af711c56f0 --- /dev/null +++ b/web/src/main/java/org/springframework/security/web/authentication/www/AuthenticationTypeParser.java @@ -0,0 +1,32 @@ +package org.springframework.security.web.authentication.www; + +import javax.servlet.http.HttpServletRequest; + +/** + * This class targets to parse Authentication type from `Authorization` HTTP header. + *
+ * Supported `Authorization` header syntax: + * 
+ * Authorization: <type> <credentials>
+ *
+ * + * @author Sergey Bespalov + * + */ +public class AuthenticationTypeParser { + + public static final String AUTHORIZATION_HEADER_NAME = "Authorization"; + + public AuthenticationType parseAuthenticationType(HttpServletRequest request) { + String header = request.getHeader(AUTHORIZATION_HEADER_NAME); + if (header == null) { + return null; + } + + header = header.trim(); + String authenticationType = header.substring(0, header.indexOf(" ") + 1); + + return new AuthenticationType(authenticationType.trim()); + } + +} diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationSupplier.java b/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationSupplier.java new file mode 100644 index 00000000000..7a51d33a39c --- /dev/null +++ b/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationSupplier.java @@ -0,0 +1,67 @@ +package org.springframework.security.web.authentication.www; + +import java.io.UnsupportedEncodingException; +import java.util.Base64; + +import javax.servlet.http.HttpServletRequest; + +import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException; +import org.springframework.security.authentication.BadCredentialsException; +import org.springframework.security.authentication.InternalAuthenticationServiceException; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.AuthenticationException; +import org.springframework.security.web.authentication.supply.AuthenticationSupplier; + +/** + * @author Sergey Bespalov + * + */ +public class BasicAuthenticationSupplier extends BasicAuthenticationEntryPoint + implements AuthenticationSupplier { + + public static final String AUTHENTICATION_TYPE_BASIC_NAME = "Basic"; + public static final AuthenticationType AUTHENTICATION_TYPE_BASIC = new AuthenticationType(AUTHENTICATION_TYPE_BASIC_NAME); + + private String credentialsCharset = "UTF-8"; + + @Override + public UsernamePasswordAuthenticationToken supply(HttpServletRequest request) throws AuthenticationException { + String header = request.getHeader(AuthenticationTypeParser.AUTHORIZATION_HEADER_NAME); + + if (header == null || !header.contains(AUTHENTICATION_TYPE_BASIC_NAME)) { + throw new AuthenticationCredentialsNotFoundException( + String.format("%s authentication header required.", AUTHENTICATION_TYPE_BASIC_NAME)); + } + + byte[] base64Token = header.substring(6).getBytes(); + byte[] decoded; + try { + decoded = Base64.getDecoder().decode(base64Token); + } catch (IllegalArgumentException e) { + throw new BadCredentialsException("Failed to decode basic authentication token"); + } + + String token; + try { + token = new String(decoded, getCredentialsCharset(request)); + } catch (UnsupportedEncodingException e) { + throw new InternalAuthenticationServiceException(e.getMessage(), e); + } + + String[] tokens = token.split(":"); + if (tokens.length != 2) { + throw new BadCredentialsException("Invalid basic authentication token"); + } + return new UsernamePasswordAuthenticationToken(tokens[0], tokens[1]); + } + + private String getCredentialsCharset(HttpServletRequest request) { + return credentialsCharset; + } + + @Override + public AuthenticationType getAuthenticationType() { + return AUTHENTICATION_TYPE_BASIC; + } + +} diff --git a/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java index a8a258595d8..29cb9891fa2 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java @@ -99,7 +99,7 @@ public void tearDown() throws Exception { } @Test - public void testDefaultProcessesFilterUrlMatchesWithPathParameter() { + public void testDefaultProcessesFilterUrlMatchesWithPathParameter() throws Exception { MockHttpServletRequest request = createMockAuthenticationRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); MockAuthenticationFilter filter = new MockAuthenticationFilter(); diff --git a/web/src/test/java/org/springframework/security/web/authentication/suply/GenericAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/suply/GenericAuthenticationFilterTests.java new file mode 100644 index 00000000000..80d2c60f6d4 --- /dev/null +++ b/web/src/test/java/org/springframework/security/web/authentication/suply/GenericAuthenticationFilterTests.java @@ -0,0 +1,191 @@ +package org.springframework.security.web.authentication.suply; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.mockito.AdditionalMatchers.not; +import static org.mockito.ArgumentMatchers.any; +import static org.mockito.ArgumentMatchers.eq; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.never; +import static org.mockito.Mockito.verify; +import static org.mockito.Mockito.when; + +import javax.servlet.FilterChain; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; + +import org.apache.commons.codec.binary.Base64; +import org.junit.After; +import org.junit.Before; +import org.junit.Test; +import org.springframework.http.HttpStatus; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.mock.web.MockHttpSession; +import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.authentication.BadCredentialsException; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.authority.AuthorityUtils; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.security.web.authentication.WebAuthenticationDetails; +import org.springframework.security.web.authentication.supply.AuthenticationSupplier; +import org.springframework.security.web.authentication.supply.AuthenticationSupplierRegistry; +import org.springframework.security.web.authentication.supply.AuthenticationTokenSupplier; +import org.springframework.security.web.authentication.supply.GenericAuthenticationFilter; +import org.springframework.security.web.authentication.www.BasicAuthenticationSupplier; +import org.springframework.security.web.util.matcher.RequestMatcher; + +/** + * Tests {@link GenericAuthenticationFilter}. + * + * @author Sergey Bespalov + */ +public class GenericAuthenticationFilterTests { + + private GenericAuthenticationFilter filter; + private AuthenticationManager manager; + private AuthenticationSupplier basicAuthenticationSupplier; + + @Before + public void setUp() throws Exception { + SecurityContextHolder.clearContext(); + + UsernamePasswordAuthenticationToken requestedAuthentication = new UsernamePasswordAuthenticationToken( + "vasya", "pupkin"); + requestedAuthentication.setDetails(new WebAuthenticationDetails(new MockHttpServletRequest())); + Authentication authenticatedAuthentication = new UsernamePasswordAuthenticationToken("vasya", "pupkin", + AuthorityUtils.createAuthorityList("ROLE_1")); + + RequestMatcher requestMatcher = mock(RequestMatcher.class); + when(requestMatcher.matches(any(HttpServletRequest.class))).thenReturn(true); + filter = new GenericAuthenticationFilter(requestMatcher); + + manager = mock(AuthenticationManager.class); + when(manager.authenticate(requestedAuthentication)).thenReturn(authenticatedAuthentication); + when(manager.authenticate(not(eq(requestedAuthentication)))).thenThrow( + new BadCredentialsException("")); + filter.setAuthenticationManager(manager); + + BasicAuthenticationSupplier basicAuthenticationSupplier = new BasicAuthenticationSupplier(); + basicAuthenticationSupplier.setRealmName("springframework.com"); + AuthenticationTokenSupplier authenticationTokenSupplier = new AuthenticationTokenSupplier<>(basicAuthenticationSupplier); + AuthenticationSupplierRegistry authenticationSupplierRegistry = mock(AuthenticationSupplierRegistry.class); + when(authenticationSupplierRegistry.lookupSupplierByAuthenticationType( + eq(BasicAuthenticationSupplier.AUTHENTICATION_TYPE_BASIC))).thenReturn(authenticationTokenSupplier); + when(authenticationSupplierRegistry + .lookupSupplierByAuthenticationType(not(eq(BasicAuthenticationSupplier.AUTHENTICATION_TYPE_BASIC)))) + .thenReturn(null); + + filter.setAuthenticationSupplierRegistry(authenticationSupplierRegistry); + } + + @After + public void clearContext() throws Exception { + SecurityContextHolder.clearContext(); + } + + @Test + public void testFilterIgnoresRequestsContainingNoAuthorizationHeader() + throws Exception { + + MockHttpServletRequest request = new MockHttpServletRequest(); + request.setServletPath("/some_file.html"); + final MockHttpServletResponse response = new MockHttpServletResponse(); + + FilterChain chain = mock(FilterChain.class); + filter.doFilter(request, response, chain); + + verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class)); + assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); + } + + @Test + public void testInvalidBasicAuthorizationTokenIsIgnored() throws Exception { + String token = "NOT_A_VALID_TOKEN_AS_MISSING_COLON"; + MockHttpServletRequest request = new MockHttpServletRequest(); + request.addHeader("Authorization", + "Basic " + new String(Base64.encodeBase64(token.getBytes()))); + request.setServletPath("/some_file.html"); + request.setSession(new MockHttpSession()); + final MockHttpServletResponse response = new MockHttpServletResponse(); + + FilterChain chain = mock(FilterChain.class); + filter.doFilter(request, response, chain); + + verify(chain, never()).doFilter(any(ServletRequest.class), + any(ServletResponse.class)); + assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); + assertThat(response.getStatus()).isEqualTo(401); + } + + @Test + public void invalidBase64IsIgnored() throws Exception { + MockHttpServletRequest request = new MockHttpServletRequest(); + request.addHeader("Authorization", "Basic NOT_VALID_BASE64"); + request.setServletPath("/some_file.html"); + request.setSession(new MockHttpSession()); + final MockHttpServletResponse response = new MockHttpServletResponse(); + + FilterChain chain = mock(FilterChain.class); + filter.doFilter(request, response, chain); + + verify(chain, never()).doFilter(any(ServletRequest.class), + any(ServletResponse.class)); + assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); + assertThat(response.getStatus()).isEqualTo(401); + } + + @Test + public void testAuthenticationPassed() throws Exception { + String token = "vasya:pupkin"; + MockHttpServletRequest request = new MockHttpServletRequest(); + request.addHeader("Authorization", + "Basic " + new String(Base64.encodeBase64(token.getBytes()))); + request.setServletPath("/some_file.html"); + + assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); + FilterChain chain = mock(FilterChain.class); + filter.doFilter(request, new MockHttpServletResponse(), chain); + + verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class)); + assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull(); + assertThat(SecurityContextHolder.getContext().getAuthentication().getName()) + .isEqualTo("vasya"); + } + + @Test + public void testUnsupportedAuthenticationTypeIsIgnored() throws Exception { + MockHttpServletRequest request = new MockHttpServletRequest(); + request.addHeader("Authorization", "Unsupported auth"); + request.setServletPath("/some_file.html"); + FilterChain chain = mock(FilterChain.class); + filter.doFilter(request, new MockHttpServletResponse(), chain); + + verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class)); + assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); + } + + @Test + public void testInvalidAuthenticationReturnsUnauthorized() + throws Exception { + String token = "vasya:WRONG_PASSWORD"; + MockHttpServletRequest request = new MockHttpServletRequest(); + request.addHeader("Authorization", + "Basic " + new String(Base64.encodeBase64(token.getBytes()))); + request.setServletPath("/some_file.html"); + request.setSession(new MockHttpSession()); + MockHttpServletResponse response = new MockHttpServletResponse(); + + FilterChain chain = mock(FilterChain.class); + filter.doFilter(request, response, chain); + + verify(chain, never()).doFilter(any(ServletRequest.class), + any(ServletResponse.class)); + assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); + assertThat(response.getStatus()).isEqualTo(HttpStatus.UNAUTHORIZED.value()); + assertThat(response.getHeader("WWW-Authenticate")).isNotNull(); + assertThat(response.getHeader("WWW-Authenticate")).isEqualTo("Basic realm=\"springframework.com\""); + } + +} From 49a3bd0868d7340081820d1873bdbf168ed0adc8 Mon Sep 17 00:00:00 2001 From: sbespalov Date: Fri, 1 Feb 2019 12:08:46 +0700 Subject: [PATCH 2/4] AuthenticationSupplier implementation (CR) --- .../supply/AuthenticationTokenSupplier.java | 2 +- .../supply/GenericAuthenticationFilter.java | 10 +++++----- .../authentication/www/AuthenticationType.java | 4 ++-- .../www/AuthenticationTypeParser.java | 2 +- .../www/BasicAuthenticationSupplier.java | 17 ++++++++++++++++- .../suply/GenericAuthenticationFilterTests.java | 14 +++++++------- 6 files changed, 32 insertions(+), 17 deletions(-) diff --git a/web/src/main/java/org/springframework/security/web/authentication/supply/AuthenticationTokenSupplier.java b/web/src/main/java/org/springframework/security/web/authentication/supply/AuthenticationTokenSupplier.java index f6aa2cda491..bc67aa77271 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/supply/AuthenticationTokenSupplier.java +++ b/web/src/main/java/org/springframework/security/web/authentication/supply/AuthenticationTokenSupplier.java @@ -15,7 +15,7 @@ /** * This class decorates a underlying {@link AuthenticationSupplier} with common * logic needed for {@link AbstractAuthenticationToken}. - * + * * @author Sergey Bespalov * * @param diff --git a/web/src/main/java/org/springframework/security/web/authentication/supply/GenericAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/supply/GenericAuthenticationFilter.java index 3d05b458200..dd315c632d2 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/supply/GenericAuthenticationFilter.java +++ b/web/src/main/java/org/springframework/security/web/authentication/supply/GenericAuthenticationFilter.java @@ -55,7 +55,7 @@ public AuthenticationSupplierRegistry getAuthenticationSupplierRegistry() { public void setAuthenticationSupplierRegistry(AuthenticationSupplierRegistry authenticationSupplierRegistry) { this.authenticationSupplierRegistry = authenticationSupplierRegistry; } - + @Override public void afterPropertiesSet() { super.afterPropertiesSet(); @@ -74,7 +74,7 @@ protected boolean requiresAuthentication(HttpServletRequest request, HttpServlet } request.setAttribute(ATTRIBUTE_NAME_AUTHENTICATION_TYPE, authenticationType); - + AuthenticationSupplier authenticationSupplier = getAuthenticationSupplierRegistry() .lookupSupplierByAuthenticationType(authenticationType); if (authenticationSupplier == null) { @@ -86,7 +86,7 @@ protected boolean requiresAuthentication(HttpServletRequest request, HttpServlet authentication = authenticationSupplier.supply(request); } catch (AuthenticationException e) { onAuthenticationFailure(request, response, e); - + return true; } SecurityContextHolder.getContext().setAuthentication(authentication); @@ -123,9 +123,9 @@ public void onAuthenticationFailure(HttpServletRequest request, HttpServletRespo protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Authentication authResult) throws IOException, ServletException { super.successfulAuthentication(request, response, chain, authResult); - + chain.doFilter(request, response); } - + } diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/AuthenticationType.java b/web/src/main/java/org/springframework/security/web/authentication/www/AuthenticationType.java index df21577ca4c..220b4e15ddc 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/www/AuthenticationType.java +++ b/web/src/main/java/org/springframework/security/web/authentication/www/AuthenticationType.java @@ -2,9 +2,9 @@ /** * This class represents a supported Authentication type, which can be `Basic`, `Digest` etc. - * + * * @author Sergey Bespalov - * + * * @see AuthenticationTypeParser */ public class AuthenticationType { diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/AuthenticationTypeParser.java b/web/src/main/java/org/springframework/security/web/authentication/www/AuthenticationTypeParser.java index 7af711c56f0..f796e46c409 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/www/AuthenticationTypeParser.java +++ b/web/src/main/java/org/springframework/security/web/authentication/www/AuthenticationTypeParser.java @@ -9,7 +9,7 @@ * 
  * Authorization: <type> <credentials>
  *
- * + * * @author Sergey Bespalov * */ diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationSupplier.java b/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationSupplier.java index 7a51d33a39c..f29233a904f 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationSupplier.java +++ b/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationSupplier.java @@ -1,3 +1,18 @@ +/* + * Copyright 2002-2019 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package org.springframework.security.web.authentication.www; import java.io.UnsupportedEncodingException; @@ -21,7 +36,7 @@ public class BasicAuthenticationSupplier extends BasicAuthenticationEntryPoint public static final String AUTHENTICATION_TYPE_BASIC_NAME = "Basic"; public static final AuthenticationType AUTHENTICATION_TYPE_BASIC = new AuthenticationType(AUTHENTICATION_TYPE_BASIC_NAME); - + private String credentialsCharset = "UTF-8"; @Override diff --git a/web/src/test/java/org/springframework/security/web/authentication/suply/GenericAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/suply/GenericAuthenticationFilterTests.java index 80d2c60f6d4..2b6ce034522 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/suply/GenericAuthenticationFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/suply/GenericAuthenticationFilterTests.java @@ -46,11 +46,11 @@ public class GenericAuthenticationFilterTests { private GenericAuthenticationFilter filter; private AuthenticationManager manager; private AuthenticationSupplier basicAuthenticationSupplier; - + @Before public void setUp() throws Exception { SecurityContextHolder.clearContext(); - + UsernamePasswordAuthenticationToken requestedAuthentication = new UsernamePasswordAuthenticationToken( "vasya", "pupkin"); requestedAuthentication.setDetails(new WebAuthenticationDetails(new MockHttpServletRequest())); @@ -60,13 +60,13 @@ public void setUp() throws Exception { RequestMatcher requestMatcher = mock(RequestMatcher.class); when(requestMatcher.matches(any(HttpServletRequest.class))).thenReturn(true); filter = new GenericAuthenticationFilter(requestMatcher); - + manager = mock(AuthenticationManager.class); when(manager.authenticate(requestedAuthentication)).thenReturn(authenticatedAuthentication); when(manager.authenticate(not(eq(requestedAuthentication)))).thenThrow( new BadCredentialsException("")); filter.setAuthenticationManager(manager); - + BasicAuthenticationSupplier basicAuthenticationSupplier = new BasicAuthenticationSupplier(); basicAuthenticationSupplier.setRealmName("springframework.com"); AuthenticationTokenSupplier authenticationTokenSupplier = new AuthenticationTokenSupplier<>(basicAuthenticationSupplier); @@ -76,7 +76,7 @@ public void setUp() throws Exception { when(authenticationSupplierRegistry .lookupSupplierByAuthenticationType(not(eq(BasicAuthenticationSupplier.AUTHENTICATION_TYPE_BASIC)))) .thenReturn(null); - + filter.setAuthenticationSupplierRegistry(authenticationSupplierRegistry); } @@ -165,7 +165,7 @@ public void testUnsupportedAuthenticationTypeIsIgnored() throws Exception { verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class)); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); } - + @Test public void testInvalidAuthenticationReturnsUnauthorized() throws Exception { @@ -187,5 +187,5 @@ public void testInvalidAuthenticationReturnsUnauthorized() assertThat(response.getHeader("WWW-Authenticate")).isNotNull(); assertThat(response.getHeader("WWW-Authenticate")).isEqualTo("Basic realm=\"springframework.com\""); } - + } From 700360213e8851a73e5ad9de9e0a697cd058629d Mon Sep 17 00:00:00 2001 From: sbespalov Date: Fri, 1 Feb 2019 13:10:21 +0700 Subject: [PATCH 3/4] AuthenticationSupplier implementation (CR) --- ...bstractAuthenticationProcessingFilter.java | 6 ++--- .../supply/AuthenticationSupplier.java | 23 +++++++++++++++---- .../supply/AuthenticationSupplierMap.java | 15 ++++++++++++ .../AuthenticationSupplierRegistry.java | 15 ++++++++++++ .../supply/AuthenticationTokenSupplier.java | 15 ++++++++++++ .../supply/GenericAuthenticationFilter.java | 15 ++++++++++++ .../www/AuthenticationType.java | 15 ++++++++++++ .../www/AuthenticationTypeParser.java | 15 ++++++++++++ .../GenericAuthenticationFilterTests.java | 15 ++++++++++++ 9 files changed, 127 insertions(+), 7 deletions(-) diff --git a/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java index 29b94e0d5d8..32e6d068e7a 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java +++ b/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java @@ -252,9 +252,9 @@ public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) * * @return true if the filter should attempt authentication, * false otherwise. - * - * @throws ServletException - * @throws IOException + * + * @throws ServletException + * @throws IOException */ protected boolean requiresAuthentication(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { diff --git a/web/src/main/java/org/springframework/security/web/authentication/supply/AuthenticationSupplier.java b/web/src/main/java/org/springframework/security/web/authentication/supply/AuthenticationSupplier.java index 1b20a9ef870..d1a02335ba6 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/supply/AuthenticationSupplier.java +++ b/web/src/main/java/org/springframework/security/web/authentication/supply/AuthenticationSupplier.java @@ -1,3 +1,18 @@ +/* + * Copyright 2002-2019 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package org.springframework.security.web.authentication.supply; import javax.servlet.http.HttpServletRequest; @@ -12,7 +27,7 @@ * Used in {@link GenericAuthenticationFilter} to provide requested * {@link Authentication} object, which is further used by * {@link AuthenticationManager} to authenticate user. - * + * * @author Sergey Bespalov * * @see GenericAuthenticationFilter @@ -22,7 +37,7 @@ public interface AuthenticationSupplier extends Authen /** * Supplies requested {@link Authentication}. - * + * * @param request * @return * @throws AuthenticationException @@ -30,8 +45,8 @@ public interface AuthenticationSupplier extends Authen T supply(HttpServletRequest request) throws AuthenticationException; /** - * Provides supported {@link AuthenticationType}. - * + * Provides supported {@link AuthenticationType}. + * * @return */ AuthenticationType getAuthenticationType(); diff --git a/web/src/main/java/org/springframework/security/web/authentication/supply/AuthenticationSupplierMap.java b/web/src/main/java/org/springframework/security/web/authentication/supply/AuthenticationSupplierMap.java index 78b9faad576..11014fc58c2 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/supply/AuthenticationSupplierMap.java +++ b/web/src/main/java/org/springframework/security/web/authentication/supply/AuthenticationSupplierMap.java @@ -1,3 +1,18 @@ +/* + * Copyright 2002-2019 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package org.springframework.security.web.authentication.supply; import java.util.Map; diff --git a/web/src/main/java/org/springframework/security/web/authentication/supply/AuthenticationSupplierRegistry.java b/web/src/main/java/org/springframework/security/web/authentication/supply/AuthenticationSupplierRegistry.java index f594b1c2495..e11071ad257 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/supply/AuthenticationSupplierRegistry.java +++ b/web/src/main/java/org/springframework/security/web/authentication/supply/AuthenticationSupplierRegistry.java @@ -1,3 +1,18 @@ +/* + * Copyright 2002-2019 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package org.springframework.security.web.authentication.supply; import org.springframework.security.core.Authentication; diff --git a/web/src/main/java/org/springframework/security/web/authentication/supply/AuthenticationTokenSupplier.java b/web/src/main/java/org/springframework/security/web/authentication/supply/AuthenticationTokenSupplier.java index bc67aa77271..9ba60efab78 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/supply/AuthenticationTokenSupplier.java +++ b/web/src/main/java/org/springframework/security/web/authentication/supply/AuthenticationTokenSupplier.java @@ -1,3 +1,18 @@ +/* + * Copyright 2002-2019 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package org.springframework.security.web.authentication.supply; import java.io.IOException; diff --git a/web/src/main/java/org/springframework/security/web/authentication/supply/GenericAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/supply/GenericAuthenticationFilter.java index dd315c632d2..7398a610246 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/supply/GenericAuthenticationFilter.java +++ b/web/src/main/java/org/springframework/security/web/authentication/supply/GenericAuthenticationFilter.java @@ -1,3 +1,18 @@ +/* + * Copyright 2002-2019 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package org.springframework.security.web.authentication.supply; import java.io.IOException; diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/AuthenticationType.java b/web/src/main/java/org/springframework/security/web/authentication/www/AuthenticationType.java index 220b4e15ddc..420dbeb619e 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/www/AuthenticationType.java +++ b/web/src/main/java/org/springframework/security/web/authentication/www/AuthenticationType.java @@ -1,3 +1,18 @@ +/* + * Copyright 2002-2019 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package org.springframework.security.web.authentication.www; /** diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/AuthenticationTypeParser.java b/web/src/main/java/org/springframework/security/web/authentication/www/AuthenticationTypeParser.java index f796e46c409..28ccb72d1af 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/www/AuthenticationTypeParser.java +++ b/web/src/main/java/org/springframework/security/web/authentication/www/AuthenticationTypeParser.java @@ -1,3 +1,18 @@ +/* + * Copyright 2002-2019 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package org.springframework.security.web.authentication.www; import javax.servlet.http.HttpServletRequest; diff --git a/web/src/test/java/org/springframework/security/web/authentication/suply/GenericAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/suply/GenericAuthenticationFilterTests.java index 2b6ce034522..94b38b356a3 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/suply/GenericAuthenticationFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/suply/GenericAuthenticationFilterTests.java @@ -1,3 +1,18 @@ +/* + * Copyright 2002-2019 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package org.springframework.security.web.authentication.suply; import static org.assertj.core.api.Assertions.assertThat; From 17d3ff82388f835f58b6a85543cb94390c3e957d Mon Sep 17 00:00:00 2001 From: sbespalov Date: Fri, 1 Feb 2019 13:47:00 +0700 Subject: [PATCH 4/4] AuthenticationSupplier implementation (CR) --- .../security/cas/web/CasAuthenticationFilter.java | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java b/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java index 2ebfd80c558..03b5320c658 100644 --- a/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java +++ b/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java @@ -281,8 +281,8 @@ protected String obtainArtifact(HttpServletRequest request) { /** * Overridden to provide proxying capabilities. - * @throws ServletException - * @throws IOException + * @throws ServletException + * @throws IOException */ protected boolean requiresAuthentication(final HttpServletRequest request, final HttpServletResponse response) throws IOException, ServletException { @@ -336,8 +336,8 @@ public final void setServiceProperties(final ServiceProperties serviceProperties * @param request * @param response * @return - * @throws ServletException - * @throws IOException + * @throws ServletException + * @throws IOException */ private boolean serviceTicketRequest(final HttpServletRequest request, final HttpServletResponse response) throws IOException, ServletException {