1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16 package org.springframework.security.providers.anonymous;
17
18 import org.springframework.security.Authentication;
19
20 import org.springframework.security.context.SecurityContextHolder;
21
22 import org.springframework.security.ui.AuthenticationDetailsSource;
23 import org.springframework.security.ui.WebAuthenticationDetailsSource;
24 import org.springframework.security.ui.FilterChainOrder;
25 import org.springframework.security.ui.SpringSecurityFilter;
26 import org.springframework.security.userdetails.memory.UserAttribute;
27 import org.springframework.beans.factory.InitializingBean;
28 import org.springframework.util.Assert;
29
30 import java.io.IOException;
31
32 import javax.servlet.FilterChain;
33 import javax.servlet.ServletException;
34 import javax.servlet.http.HttpServletRequest;
35 import javax.servlet.http.HttpServletResponse;
36
37
38
39
40
41
42
43
44
45 public class AnonymousProcessingFilter extends SpringSecurityFilter implements InitializingBean {
46
47
48
49 private AuthenticationDetailsSource authenticationDetailsSource = new WebAuthenticationDetailsSource();
50 private String key;
51 private UserAttribute userAttribute;
52 private boolean removeAfterRequest = true;
53
54
55
56 public void afterPropertiesSet() throws Exception {
57 Assert.notNull(userAttribute);
58 Assert.hasLength(key);
59 }
60
61
62
63
64
65
66
67
68
69
70
71
72 protected boolean applyAnonymousForThisRequest(HttpServletRequest request) {
73 return true;
74 }
75
76 protected Authentication createAuthentication(HttpServletRequest request) {
77 AnonymousAuthenticationToken auth = new AnonymousAuthenticationToken(key, userAttribute.getPassword(),
78 userAttribute.getAuthorities());
79 auth.setDetails(authenticationDetailsSource.buildDetails((HttpServletRequest) request));
80
81 return auth;
82 }
83
84 protected void doFilterHttp(HttpServletRequest request,HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
85 boolean addedToken = false;
86
87 if (applyAnonymousForThisRequest(request)) {
88 if (SecurityContextHolder.getContext().getAuthentication() == null) {
89 SecurityContextHolder.getContext().setAuthentication(createAuthentication(request));
90 addedToken = true;
91
92 if (logger.isDebugEnabled()) {
93 logger.debug("Populated SecurityContextHolder with anonymous token: '"
94 + SecurityContextHolder.getContext().getAuthentication() + "'");
95 }
96 } else {
97 if (logger.isDebugEnabled()) {
98 logger.debug("SecurityContextHolder not populated with anonymous token, as it already contained: '"
99 + SecurityContextHolder.getContext().getAuthentication() + "'");
100 }
101 }
102 }
103
104 try {
105 chain.doFilter(request, response);
106 } finally {
107 if (addedToken && removeAfterRequest
108 && createAuthentication(request).equals(SecurityContextHolder.getContext().getAuthentication())) {
109 SecurityContextHolder.getContext().setAuthentication(null);
110 }
111 }
112 }
113
114 public int getOrder() {
115 return FilterChainOrder.ANONYMOUS_FILTER;
116 }
117
118 public String getKey() {
119 return key;
120 }
121
122 public UserAttribute getUserAttribute() {
123 return userAttribute;
124 }
125
126 public boolean isRemoveAfterRequest() {
127 return removeAfterRequest;
128 }
129
130 public void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource) {
131 Assert.notNull(authenticationDetailsSource, "AuthenticationDetailsSource required");
132 this.authenticationDetailsSource = authenticationDetailsSource;
133 }
134
135 public void setKey(String key) {
136 this.key = key;
137 }
138
139
140
141
142
143
144
145
146
147
148
149 public void setRemoveAfterRequest(boolean removeAfterRequest) {
150 this.removeAfterRequest = removeAfterRequest;
151 }
152
153 public void setUserAttribute(UserAttribute userAttributeDefinition) {
154 this.userAttribute = userAttributeDefinition;
155 }
156 }