Coverage Report - org.trails.security.RememberMeProcessingFilter
 
Classes in this File Line Coverage Branch Coverage Complexity
RememberMeProcessingFilter
0% 
0% 
2.375
 
 1   
 /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
 2   
  *
 3   
  * Licensed under the Apache License, Version 2.0 (the "License");
 4   
  * you may not use this file except in compliance with the License.
 5   
  * You may obtain a copy of the License at
 6   
  *
 7   
  *     http://www.apache.org/licenses/LICENSE-2.0
 8   
  *
 9   
  * Unless required by applicable law or agreed to in writing, software
 10   
  * distributed under the License is distributed on an "AS IS" BASIS,
 11   
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 12   
  * See the License for the specific language governing permissions and
 13   
  * limitations under the License.
 14   
  */
 15   
 
 16   
 // Copy of original org.acegisecurity.ui.rememberme.RememberMeProcessingFilter
 17   
 // with a call to RememberMeServices.loginSuccess added
 18   
 // Opened issue http://opensource.atlassian.com/projects/spring/browse/SEC-517 on it
 19   
 
 20   
 //package org.acegisecurity.ui.rememberme;
 21   
 package org.trails.security;
 22   
 
 23   
 import org.acegisecurity.Authentication;
 24   
 import org.acegisecurity.AuthenticationException;
 25   
 import org.acegisecurity.AuthenticationManager;
 26   
 
 27   
 import org.acegisecurity.context.SecurityContextHolder;
 28   
 
 29   
 import org.acegisecurity.event.authentication.InteractiveAuthenticationSuccessEvent;
 30   
 import org.acegisecurity.ui.rememberme.NullRememberMeServices;
 31   
 import org.acegisecurity.ui.rememberme.RememberMeServices;
 32   
 
 33   
 import org.apache.commons.logging.Log;
 34   
 import org.apache.commons.logging.LogFactory;
 35   
 
 36   
 import org.springframework.beans.factory.InitializingBean;
 37   
 
 38   
 import org.springframework.context.ApplicationEventPublisher;
 39   
 import org.springframework.context.ApplicationEventPublisherAware;
 40   
 
 41   
 import org.springframework.util.Assert;
 42   
 
 43   
 import java.io.IOException;
 44   
 
 45   
 import javax.servlet.Filter;
 46   
 import javax.servlet.FilterChain;
 47   
 import javax.servlet.FilterConfig;
 48   
 import javax.servlet.ServletException;
 49   
 import javax.servlet.ServletRequest;
 50   
 import javax.servlet.ServletResponse;
 51   
 import javax.servlet.http.HttpServletRequest;
 52   
 import javax.servlet.http.HttpServletResponse;
 53   
 
 54   
 
 55   
 /**
 56   
  * Detects if there is no <code>Authentication</code> object in the <code>SecurityContext</code>, and populates it
 57   
  * with a remember-me authentication token if a {@link org.acegisecurity.ui.rememberme.RememberMeServices}
 58   
  * implementation so requests.<p>Concrete <code>RememberMeServices</code> implementations will have their {@link
 59   
  * org.acegisecurity.ui.rememberme.RememberMeServices#autoLogin(HttpServletRequest, HttpServletResponse)} method
 60   
  * called by this filter. The <code>Authentication</code> or <code>null</code> returned by that method will be placed
 61   
  * into the <code>SecurityContext</code>. The <code>AuthenticationManager</code> will be used, so that any concurrent
 62   
  * session management or other authentication-specific behaviour can be achieved. This is the same pattern as with
 63   
  * other authentication mechanisms, which call the <code>AuthenticationManager</code> as part of their contract.</p>
 64   
  *  <p>If authentication is successful, an {@link
 65   
  * org.acegisecurity.event.authentication.InteractiveAuthenticationSuccessEvent} will be published to the application
 66   
  * context. No events will be published if authentication was unsuccessful, because this would generally be recorded
 67   
  * via an <code>AuthenticationManager</code>-specific application event.</p>
 68   
  *  <p><b>Do not use this class directly.</b> Instead configure <code>web.xml</code> to use the {@link
 69   
  * org.acegisecurity.util.FilterToBeanProxy}.</p>
 70   
  *
 71   
  * @author Ben Alex
 72   
  * @version $Id: RememberMeProcessingFilter.java 1496 2006-05-23 13:38:33Z benalex $
 73   
  */
 74  0 
  public class RememberMeProcessingFilter implements Filter, InitializingBean, ApplicationEventPublisherAware {
 75   
     //~ Static fields/initializers =====================================================================================
 76   
 
 77  0 
     private static final Log logger = LogFactory.getLog(RememberMeProcessingFilter.class);
 78   
 
 79   
     //~ Instance fields ================================================================================================
 80   
 
 81   
     private ApplicationEventPublisher eventPublisher;
 82   
     private AuthenticationManager authenticationManager;
 83  0 
     private RememberMeServices rememberMeServices = new NullRememberMeServices();
 84   
 
 85   
     //~ Methods ========================================================================================================
 86   
 
 87   
     public void afterPropertiesSet() throws Exception {
 88  0 
         Assert.notNull(rememberMeServices, "RememberMeServices required");
 89  0 
         Assert.notNull(authenticationManager, "AuthenticationManager required");
 90  0 
     }
 91   
 
 92   
     /**
 93   
      * Does nothing - we rely on IoC lifecycle services instead.
 94   
      */
 95  0 
     public void destroy() {}
 96   
 
 97   
     public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
 98   
         throws IOException, ServletException {
 99  0 
         if (!(request instanceof HttpServletRequest)) {
 100  0 
             throw new ServletException("Can only process HttpServletRequest");
 101   
         }
 102   
 
 103  0 
         if (!(response instanceof HttpServletResponse)) {
 104  0 
             throw new ServletException("Can only process HttpServletResponse");
 105   
         }
 106   
 
 107  0 
         HttpServletRequest httpRequest = (HttpServletRequest) request;
 108  0 
         HttpServletResponse httpResponse = (HttpServletResponse) response;
 109   
 
 110  0 
         Authentication rememberMeAuth = null;
 111  0 
         if (SecurityContextHolder.getContext().getAuthentication() == null) {
 112  0 
             rememberMeAuth = rememberMeServices.autoLogin(httpRequest, httpResponse);
 113   
 
 114  0 
             if (rememberMeAuth != null) {
 115   
                 // Attempt authenticaton via AuthenticationManager
 116   
                 try {
 117  0 
                     authenticationManager.authenticate(rememberMeAuth);
 118   
 
 119   
                     // Store to SecurityContextHolder
 120  0 
                     SecurityContextHolder.getContext().setAuthentication(rememberMeAuth);
 121   
 
 122  0 
                     if (logger.isDebugEnabled()) {
 123  0 
                       logger.debug("SecurityContextHolder populated with remember-me token: '"
 124   
                           + SecurityContextHolder.getContext().getAuthentication() + "'");
 125   
                   }
 126   
 
 127   
                     // Fire event
 128  0 
                     if (this.eventPublisher != null) {
 129  0 
                         eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(
 130   
                                 SecurityContextHolder.getContext().getAuthentication(), this.getClass()));
 131   
                     }
 132   
                     // Notify RememberMeServices so it can for example do rolling cookies
 133  0 
                     rememberMeServices.loginSuccess(httpRequest, httpResponse, rememberMeAuth);
 134   
 
 135  0 
                 } catch (AuthenticationException authenticationException) {
 136  0 
                     if (logger.isDebugEnabled()) {
 137  0 
                         logger.debug(
 138   
                             "SecurityContextHolder not populated with remember-me token, as AuthenticationManager rejected Authentication returned by RememberMeServices: '"
 139   
                             + rememberMeAuth + "'; invalidating remember-me token", authenticationException);
 140   
                     }
 141   
 
 142  0 
                     rememberMeServices.loginFail(httpRequest, httpResponse);
 143  0 
                 }
 144   
             }
 145  0 
             chain.doFilter(request, response);
 146   
         } else {
 147  0 
             if (logger.isDebugEnabled()) {
 148  0 
                 logger.debug("SecurityContextHolder not populated with remember-me token, as it already contained: '"
 149   
                     + SecurityContextHolder.getContext().getAuthentication() + "'");
 150   
             }
 151   
 
 152  0 
             chain.doFilter(request, response);
 153   
         }
 154  0 
     }
 155   
 
 156   
     public RememberMeServices getRememberMeServices() {
 157  0 
         return rememberMeServices;
 158   
     }
 159   
 
 160   
     /**
 161   
      * Does nothing - we rely on IoC lifecycle services instead.
 162   
      *
 163   
      * @param ignored not used
 164   
      *
 165   
      * @throws ServletException DOCUMENT ME!
 166   
      */
 167  0 
     public void init(FilterConfig ignored) throws ServletException {}
 168   
 
 169   
     public void setApplicationEventPublisher(ApplicationEventPublisher eventPublisher) {
 170  0 
         this.eventPublisher = eventPublisher;
 171  0 
     }
 172   
 
 173   
     public void setAuthenticationManager(AuthenticationManager authenticationManager) {
 174  0 
         this.authenticationManager = authenticationManager;
 175  0 
     }
 176   
 
 177   
     public void setRememberMeServices(RememberMeServices rememberMeServices) {
 178  0 
         this.rememberMeServices = rememberMeServices;
 179  0 
     }
 180   
 }
Reports generated by Cobertura.