AuthenticationSupplier feature for Web Security

cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java

@@ -242,7 +242,7 @@ protected final void successfulAuthentication(HttpServletRequest request,
 	@Override
 	public Authentication attemptAuthentication(final HttpServletRequest request,
 			final HttpServletResponse response) throws AuthenticationException,
-			IOException {
+			IOException, ServletException {
 		// if the request is a proxy request process it and return null to indicate the
 		// request has been processed
 		if (proxyReceptorRequest(request)) {
@@ -281,9 +281,11 @@ protected String obtainArtifact(HttpServletRequest request) {
 
 	/**
 	 * Overridden to provide proxying capabilities.
+	 * @throws ServletException
+	 * @throws IOException
 	 */
 	protected boolean requiresAuthentication(final HttpServletRequest request,
-			final HttpServletResponse response) {
+			final HttpServletResponse response) throws IOException, ServletException {
 		final boolean serviceTicketRequest = serviceTicketRequest(request, response);
 		final boolean result = serviceTicketRequest || proxyReceptorRequest(request)
 				|| (proxyTicketRequest(serviceTicketRequest, request));
@@ -334,9 +336,11 @@ public final void setServiceProperties(final ServiceProperties serviceProperties
 	 * @param request
 	 * @param response
 	 * @return
+	 * @throws ServletException
+	 * @throws IOException
 	 */
 	private boolean serviceTicketRequest(final HttpServletRequest request,
-			final HttpServletResponse response) {
+			final HttpServletResponse response) throws IOException, ServletException {
 		boolean result = super.requiresAuthentication(request, response);
 		if (logger.isDebugEnabled()) {
 			logger.debug("serviceTicketRequest = " + result);

cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java

@@ -94,7 +94,7 @@ public Authentication authenticate(Authentication a) {
 	}
 
 	@Test
-	public void testRequiresAuthenticationFilterProcessUrl() {
+	public void testRequiresAuthenticationFilterProcessUrl() throws Exception {
 		String url = "/login/cas";
 		CasAuthenticationFilter filter = new CasAuthenticationFilter();
 		filter.setFilterProcessesUrl(url);
@@ -106,7 +106,7 @@ public void testRequiresAuthenticationFilterProcessUrl() {
 	}
 
 	@Test
-	public void testRequiresAuthenticationProxyRequest() {
+	public void testRequiresAuthenticationProxyRequest() throws Exception {
 		CasAuthenticationFilter filter = new CasAuthenticationFilter();
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
@@ -122,7 +122,7 @@ public void testRequiresAuthenticationProxyRequest() {
 	}
 
 	@Test
-	public void testRequiresAuthenticationAuthAll() {
+	public void testRequiresAuthenticationAuthAll() throws Exception {
 		ServiceProperties properties = new ServiceProperties();
 		properties.setAuthenticateAllArtifacts(true);
 

web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java

@@ -252,9 +252,12 @@ public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
 	 *
 	 * @return <code>true</code> if the filter should attempt authentication,
 	 * <code>false</code> otherwise.
+	 *
+	 * @throws ServletException
+	 * @throws IOException
 	 */
 	protected boolean requiresAuthentication(HttpServletRequest request,
-			HttpServletResponse response) {
+			HttpServletResponse response) throws IOException, ServletException {
 		return requiresAuthenticationRequestMatcher.matches(request);
 	}
 

web/src/main/java/org/springframework/security/web/authentication/supply/AuthenticationSupplier.java

@@ -0,0 +1,54 @@
+/*
+ * Copyright 2002-2019 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.web.authentication.supply;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.security.web.authentication.www.AuthenticationType;
+
+/**
+ * Used in {@link GenericAuthenticationFilter} to provide requested
+ * {@link Authentication} object, which is further used by
+ * {@link AuthenticationManager} to authenticate user.
+ *
+ * @author Sergey Bespalov
+ *
+ * @see GenericAuthenticationFilter
+ * @see AuthenticationSupplierRegistry
+ */
+public interface AuthenticationSupplier<T extends Authentication> extends AuthenticationEntryPoint {
+
+	/**
+	 * Supplies requested {@link Authentication}.
+	 *
+	 * @param request
+	 * @return
+	 * @throws AuthenticationException
+	 */
+	T supply(HttpServletRequest request) throws AuthenticationException;
+
+	/**
+	 * Provides supported {@link AuthenticationType}.
+	 *
+	 * @return
+	 */
+	AuthenticationType getAuthenticationType();
+
+}

web/src/main/java/org/springframework/security/web/authentication/supply/AuthenticationSupplierMap.java

@@ -0,0 +1,44 @@
+/*
+ * Copyright 2002-2019 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.web.authentication.supply;
+
+import java.util.Map;
+import java.util.Set;
+import java.util.concurrent.ConcurrentHashMap;
+
+import org.springframework.security.core.Authentication;
+import org.springframework.security.web.authentication.www.AuthenticationType;
+
+/**
+ * @author Sergey Bespalov
+ *
+ */
+public class AuthenticationSupplierMap implements AuthenticationSupplierRegistry {
+
+	private Map<AuthenticationType, AuthenticationSupplier<?>> authenticationSupplierMap = new ConcurrentHashMap<>();
+
+	public AuthenticationSupplierMap(Set<AuthenticationSupplier<?>> authenticationSuppliers) {
+		super();
+		authenticationSuppliers.stream().forEach(s -> authenticationSupplierMap.put(s.getAuthenticationType(), s));
+	}
+
+	@Override
+	public <T extends Authentication> AuthenticationSupplier<T> lookupSupplierByAuthenticationType(
+			AuthenticationType authenticationType) {
+		return (AuthenticationSupplier<T>) authenticationSupplierMap.get(authenticationType);
+	}
+
+}

web/src/main/java/org/springframework/security/web/authentication/supply/AuthenticationSupplierRegistry.java

@@ -0,0 +1,29 @@
+/*
+ * Copyright 2002-2019 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.web.authentication.supply;
+
+import org.springframework.security.core.Authentication;
+import org.springframework.security.web.authentication.www.AuthenticationType;
+
+/**
+ * @author Sergey Bespalov
+ *
+ */
+public interface AuthenticationSupplierRegistry {
+
+	public <T extends Authentication> AuthenticationSupplier<T> lookupSupplierByAuthenticationType(AuthenticationType authenticationType);
+
+}

web/src/main/java/org/springframework/security/web/authentication/supply/AuthenticationTokenSupplier.java

@@ -0,0 +1,77 @@
+/*
+ * Copyright 2002-2019 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.web.authentication.supply;
+
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.security.authentication.AbstractAuthenticationToken;
+import org.springframework.security.authentication.AuthenticationDetailsSource;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
+import org.springframework.security.web.authentication.www.AuthenticationType;
+
+/**
+ * This class decorates a underlying {@link AuthenticationSupplier} with common
+ * logic needed for {@link AbstractAuthenticationToken}.
+ *
+ * @author Sergey Bespalov
+ *
+ * @param <T>
+ */
+public class AuthenticationTokenSupplier<T extends AbstractAuthenticationToken> implements AuthenticationSupplier<T> {
+
+	private AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource = new WebAuthenticationDetailsSource();
+
+	private final AuthenticationSupplier<T> delegate;
+
+	public AuthenticationTokenSupplier(AuthenticationSupplier<T> delegate) {
+		super();
+		this.delegate = delegate;
+	}
+
+	public AuthenticationDetailsSource<HttpServletRequest, ?> getAuthenticationDetailsSource() {
+		return authenticationDetailsSource;
+	}
+
+	public void setAuthenticationDetailsSource(
+			AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource) {
+		this.authenticationDetailsSource = authenticationDetailsSource;
+	}
+
+	@Override
+	public T supply(HttpServletRequest request) throws AuthenticationException {
+		T authentication = delegate.supply(request);
+
+		Object authenticationDetails = getAuthenticationDetailsSource().buildDetails(request);
+		authentication.setDetails(authenticationDetails);
+
+		return authentication;
+	}
+
+	public AuthenticationType getAuthenticationType() {
+		return delegate.getAuthenticationType();
+	}
+
+	public void commence(HttpServletRequest request, HttpServletResponse response,
+			AuthenticationException authException) throws IOException, ServletException {
+		delegate.commence(request, response, authException);
+	}
+
+}