Coverage Report

Coverage Report - org.acegisecurity.ui.webapp.AuthenticationProcessingFilter

Classes in this File

100%

1.333

 /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 
 package org.acegisecurity.ui.webapp;
 
 import org.acegisecurity.Authentication;
 import org.acegisecurity.AuthenticationException;
 
 import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
 
 import org.acegisecurity.ui.AbstractProcessingFilter;
 
 import javax.servlet.FilterConfig;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 
 
 /**
  * Processes an authentication form.
  * <p>Login forms must present two parameters to this filter: a username and
  * password. The parameter names to use are contained in the static fields {@link #ACEGI_SECURITY_FORM_USERNAME_KEY}
  * and {@link #ACEGI_SECURITY_FORM_PASSWORD_KEY}.</p>
  *
  * <p><b>Do not use this class directly.</b> Instead configure <code>web.xml</code> to use the {@link
  * org.acegisecurity.util.FilterToBeanProxy}.</p>
  *
  * @author Ben Alex
  * @author Colin Sampaleanu
  * @version $Id: AuthenticationProcessingFilter.java 2110 2007-09-14 14:32:19Z luke_t $
  */
 public class AuthenticationProcessingFilter extends AbstractProcessingFilter {
     //~ Static fields/initializers =====================================================================================
 
     public static final String ACEGI_SECURITY_FORM_USERNAME_KEY = "j_username";
     public static final String ACEGI_SECURITY_FORM_PASSWORD_KEY = "j_password";
     public static final String ACEGI_SECURITY_LAST_USERNAME_KEY = "ACEGI_SECURITY_LAST_USERNAME";
 
     //~ Methods ========================================================================================================
 
     public Authentication attemptAuthentication(HttpServletRequest request) throws AuthenticationException {
         String username = obtainUsername(request);
         String password = obtainPassword(request);
 
         if (username == null) {
             username = "";
         }
 
         if (password == null) {
             password = "";
         }
 
         username = username.trim();
 
         UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);
 
         // Place the last username attempted into HttpSession for views
         request.getSession().setAttribute(ACEGI_SECURITY_LAST_USERNAME_KEY, username);
 
         // Allow subclasses to set the "details" property
         setDetails(request, authRequest);
 
         return this.getAuthenticationManager().authenticate(authRequest);
     }
 
     /**
      * This filter by default responds to <code>/j_acegi_security_check</code>.
      *
      * @return the default
      */
     public String getDefaultFilterProcessesUrl() {
         return "/j_acegi_security_check";
     }
 
     public void init(FilterConfig filterConfig) throws ServletException {}
 
     /**
      * Enables subclasses to override the composition of the password, such as by including additional values
      * and a separator.<p>This might be used for example if a postcode/zipcode was required in addition to the
      * password. A delimiter such as a pipe (|) should be used to separate the password and extended value(s). The
      * <code>AuthenticationDao</code> will need to generate the expected password in a corresponding manner.</p>
      *
      * @param request so that request attributes can be retrieved
      *
      * @return the password that will be presented in the <code>Authentication</code> request token to the
      *         <code>AuthenticationManager</code>
      */
     protected String obtainPassword(HttpServletRequest request) {
         return request.getParameter(ACEGI_SECURITY_FORM_PASSWORD_KEY);
     }
 
     /**
      * Enables subclasses to override the composition of the username, such as by including additional values
      * and a separator.
      *
      * @param request so that request attributes can be retrieved
      *
      * @return the username that will be presented in the <code>Authentication</code> request token to the
      *         <code>AuthenticationManager</code>
      */
     protected String obtainUsername(HttpServletRequest request) {
         return request.getParameter(ACEGI_SECURITY_FORM_USERNAME_KEY);
     }
 
     /**
      * Provided so that subclasses may configure what is put into the authentication request's details
      * property.
      *
      * @param request that an authentication request is being created for
      * @param authRequest the authentication request object that should have its details set
      */
     protected void setDetails(HttpServletRequest request, UsernamePasswordAuthenticationToken authRequest) {
         authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
     }
 }

1		/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
2		*
3		* Licensed under the Apache License, Version 2.0 (the "License");
4		* you may not use this file except in compliance with the License.
5		* You may obtain a copy of the License at
6		*
7		* http://www.apache.org/licenses/LICENSE-2.0
8		*
9		* Unless required by applicable law or agreed to in writing, software
10		* distributed under the License is distributed on an "AS IS" BASIS,
11		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12		* See the License for the specific language governing permissions and
13		* limitations under the License.
14		*/
15
16		package org.acegisecurity.ui.webapp;
17
18		import org.acegisecurity.Authentication;
19		import org.acegisecurity.AuthenticationException;
20
21		import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
22
23		import org.acegisecurity.ui.AbstractProcessingFilter;
24
25		import javax.servlet.FilterConfig;
26		import javax.servlet.ServletException;
27		import javax.servlet.http.HttpServletRequest;
28
29
30		/**
31		* Processes an authentication form.
32		* <p>Login forms must present two parameters to this filter: a username and
33		* password. The parameter names to use are contained in the static fields {@link #ACEGI_SECURITY_FORM_USERNAME_KEY}
34		* and {@link #ACEGI_SECURITY_FORM_PASSWORD_KEY}.</p>
35		*
36		* <p><b>Do not use this class directly.</b> Instead configure <code>web.xml</code> to use the {@link
37		* org.acegisecurity.util.FilterToBeanProxy}.</p>
38		*
39		* @author Ben Alex
40		* @author Colin Sampaleanu
41		* @version $Id: AuthenticationProcessingFilter.java 2110 2007-09-14 14:32:19Z luke_t $
42		*/
43	10	public class AuthenticationProcessingFilter extends AbstractProcessingFilter {
44		//~ Static fields/initializers =====================================================================================
45
46		public static final String ACEGI_SECURITY_FORM_USERNAME_KEY = "j_username";
47		public static final String ACEGI_SECURITY_FORM_PASSWORD_KEY = "j_password";
48		public static final String ACEGI_SECURITY_LAST_USERNAME_KEY = "ACEGI_SECURITY_LAST_USERNAME";
49
50		//~ Methods ========================================================================================================
51
52		public Authentication attemptAuthentication(HttpServletRequest request) throws AuthenticationException {
53	3	String username = obtainUsername(request);
54	3	String password = obtainPassword(request);
55
56	3	if (username == null) {
57	1	username = "";
58		}
59
60	3	if (password == null) {
61	1	password = "";
62		}
63
64	3	username = username.trim();
65
66	3	UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);
67
68		// Place the last username attempted into HttpSession for views
69	3	request.getSession().setAttribute(ACEGI_SECURITY_LAST_USERNAME_KEY, username);
70
71		// Allow subclasses to set the "details" property
72	3	setDetails(request, authRequest);
73
74	3	return this.getAuthenticationManager().authenticate(authRequest);
75		}
76
77		/**
78		* This filter by default responds to <code>/j_acegi_security_check</code>.
79		*
80		* @return the default
81		*/
82		public String getDefaultFilterProcessesUrl() {
83	11	return "/j_acegi_security_check";
84		}
85
86	8	public void init(FilterConfig filterConfig) throws ServletException {}
87
88		/**
89		* Enables subclasses to override the composition of the password, such as by including additional values
90		* and a separator.<p>This might be used for example if a postcode/zipcode was required in addition to the
91		* password. A delimiter such as a pipe (\|) should be used to separate the password and extended value(s). The
92		* <code>AuthenticationDao</code> will need to generate the expected password in a corresponding manner.</p>
93		*
94		* @param request so that request attributes can be retrieved
95		*
96		* @return the password that will be presented in the <code>Authentication</code> request token to the
97		* <code>AuthenticationManager</code>
98		*/
99		protected String obtainPassword(HttpServletRequest request) {
100	3	return request.getParameter(ACEGI_SECURITY_FORM_PASSWORD_KEY);
101		}
102
103		/**
104		* Enables subclasses to override the composition of the username, such as by including additional values
105		* and a separator.
106		*
107		* @param request so that request attributes can be retrieved
108		*
109		* @return the username that will be presented in the <code>Authentication</code> request token to the
110		* <code>AuthenticationManager</code>
111		*/
112		protected String obtainUsername(HttpServletRequest request) {
113	3	return request.getParameter(ACEGI_SECURITY_FORM_USERNAME_KEY);
114		}
115
116		/**
117		* Provided so that subclasses may configure what is put into the authentication request's details
118		* property.
119		*
120		* @param request that an authentication request is being created for
121		* @param authRequest the authentication request object that should have its details set
122		*/
123		protected void setDetails(HttpServletRequest request, UsernamePasswordAuthenticationToken authRequest) {
124	7	authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
125	7	}
126		}