From a935c319c0a0e6bea1bca8bb035d106008952ada Mon Sep 17 00:00:00 2001 From: anoncvs_webpanels Date: Mon, 26 Jan 2004 07:11:30 +0000 Subject: [PATCH] added isLogoutRequest method --- .../authenticator/Authenticator.java | 16 ++++++-- .../authenticator/BasicAuthenticator.java | 43 +++++++++++++-------- .../authenticator/FormAuthenticator.java | 45 +++++++++++++++------- 3 files changed, 71 insertions(+), 33 deletions(-) diff --git a/src/share/org/securityfilter/authenticator/Authenticator.java b/src/share/org/securityfilter/authenticator/Authenticator.java index 05b7150..efd3943 100644 --- a/src/share/org/securityfilter/authenticator/Authenticator.java +++ b/src/share/org/securityfilter/authenticator/Authenticator.java @@ -1,7 +1,7 @@ /* - * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/authenticator/Authenticator.java,v 1.1 2003/07/07 13:12:56 maxcooper Exp $ - * $Revision: 1.1 $ - * $Date: 2003/07/07 13:12:56 $ + * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/authenticator/Authenticator.java,v 1.2 2004/01/26 07:11:30 anoncvs_webpanels Exp $ + * $Revision: 1.2 $ + * $Date: 2004/01/26 07:11:30 $ * * ==================================================================== * The SecurityFilter Software License, Version 1.1 @@ -67,7 +67,7 @@ import java.io.IOException; * method, such as FORM or BASIC (others are possible). * * @author Max Cooper (max@maxcooper.com) - * @version $Revision: 1.1 $ $Date: 2003/07/07 13:12:56 $ + * @version $Revision: 1.2 $ $Date: 2004/01/26 07:11:30 $ */ public interface Authenticator { @@ -106,6 +106,14 @@ public interface Authenticator { public void showLogin(HttpServletRequest request, HttpServletResponse response) throws IOException; /** + * Return true if this is a logout request. + * + * @param request + * @return true if this is a logout request, false otherwise + */ + public boolean isLogoutRequest(SecurityRequestWrapper request, URLPatternMatcher patternMatcher) throws Exception; + + /** * Return true if security checks should be bypassed for this request. * * Example: for FORM based authentication, the login and error pages should always be viewable without being diff --git a/src/share/org/securityfilter/authenticator/BasicAuthenticator.java b/src/share/org/securityfilter/authenticator/BasicAuthenticator.java index 529dcaa..9c51424 100644 --- a/src/share/org/securityfilter/authenticator/BasicAuthenticator.java +++ b/src/share/org/securityfilter/authenticator/BasicAuthenticator.java @@ -1,7 +1,7 @@ /* - * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/authenticator/BasicAuthenticator.java,v 1.2 2003/07/14 18:55:14 maxcooper Exp $ - * $Revision: 1.2 $ - * $Date: 2003/07/14 18:55:14 $ + * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/authenticator/BasicAuthenticator.java,v 1.3 2004/01/26 07:11:30 anoncvs_webpanels Exp $ + * $Revision: 1.3 $ + * $Date: 2004/01/26 07:11:30 $ * * ==================================================================== * The SecurityFilter Software License, Version 1.1 @@ -70,7 +70,7 @@ import java.security.Principal; * * @author Daya Sharma (iamdaya@yahoo.com, billydaya@sbcglobal.net) * @author Max Cooper (max@maxcooper.com) - * @version $Revision: 1.2 $ $Date: 2003/07/14 18:55:14 $ + * @version $Revision: 1.3 $ $Date: 2004/01/26 07:11:30 $ */ public class BasicAuthenticator implements Authenticator { public static final String LOGIN_ATTEMPTS = BasicAuthenticator.class.getName() + ".LOGIN_ATTEMPTS"; @@ -83,7 +83,6 @@ public class BasicAuthenticator implements Authenticator { protected String realmName; protected Base64 base64Helper; - /** * Initialize this Authenticator. * @@ -140,16 +139,6 @@ public class BasicAuthenticator implements Authenticator { } /** - * All requests should be subject to security checking for BASIC authentication. - * - * @param request - * @return always false -- check all requests - */ - public boolean bypassSecurityForThisRequest(SecurityRequestWrapper request, URLPatternMatcher patternMatcher) { - return false; - } - - /** * Show the login page. * * @param request the current request @@ -179,6 +168,30 @@ public class BasicAuthenticator implements Authenticator { } /** + * Return true if security checks should be bypassed for this request. + * Always returns false for BASIC authenticator. + * + * @param request + * @param patternMatcher + * @return always returns false + */ + public boolean bypassSecurityForThisRequest(SecurityRequestWrapper request, URLPatternMatcher patternMatcher) { + return false; + } + + /** + * Return true if this is a logout request. + * Always returns false for BASIC authenticator. + * + * @param request + * @param patternMatcher + * @return always returns false + */ + public boolean isLogoutRequest(SecurityRequestWrapper request, URLPatternMatcher patternMatcher) { + return false; + } + + /** * Parse the username out of the BASIC authorization header string. * @param decoded * @return username parsed out of decoded string diff --git a/src/share/org/securityfilter/authenticator/FormAuthenticator.java b/src/share/org/securityfilter/authenticator/FormAuthenticator.java index c5a6c72..3fb22d2 100644 --- a/src/share/org/securityfilter/authenticator/FormAuthenticator.java +++ b/src/share/org/securityfilter/authenticator/FormAuthenticator.java @@ -1,7 +1,7 @@ /* - * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/authenticator/FormAuthenticator.java,v 1.4 2003/10/27 10:32:05 maxcooper Exp $ - * $Revision: 1.4 $ - * $Date: 2003/10/27 10:32:05 $ + * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/authenticator/FormAuthenticator.java,v 1.5 2004/01/26 07:11:30 anoncvs_webpanels Exp $ + * $Revision: 1.5 $ + * $Date: 2004/01/26 07:11:30 $ * * ==================================================================== * The SecurityFilter Software License, Version 1.1 @@ -68,7 +68,7 @@ import java.security.Principal; * FormAuthenticator - authenticator implementation for the FORM auth method. * * @author Max Cooper (max@maxcooper.com) - * @version $Revision: 1.4 $ $Date: 2003/10/27 10:32:05 $ + * @version $Revision: 1.5 $ $Date: 2004/01/26 07:11:30 $ */ public class FormAuthenticator implements Authenticator { @@ -85,6 +85,8 @@ public class FormAuthenticator implements Authenticator { protected String errorPage; protected URLPattern errorPagePattern; + protected URLPattern logoutPagePattern; + protected String defaultPage; protected SecurityRealmInterface realm; @@ -117,6 +119,10 @@ public class FormAuthenticator implements Authenticator { // error page errorPage = securityConfig.getErrorPage(); errorPagePattern = patternFactory.createURLPattern(stripQueryString(errorPage), null, null, 0); + + // error page + String logoutPage = securityConfig.getLogoutPage(); + logoutPagePattern = patternFactory.createURLPattern(stripQueryString(logoutPage), null, null, 0); } /** @@ -184,19 +190,14 @@ public class FormAuthenticator implements Authenticator { } /** - * FormAuthenticator has a special case where the user should be sent to a default page if the user - * spontaneously submits a login request. + * Return true if this is a logout request. Always returns false for this Authenticator. * * @param request - * @return a URL to send the user to after logging in + * @return true if this is a logout request, false otherwise */ - private String getContinueToURL(HttpServletRequest request) { - String savedURL = SecurityFilter.getContinueToURL(request); - if (savedURL != null) { - return savedURL; - } else { - return request.getContextPath() + defaultPage; - } + public boolean isLogoutRequest(SecurityRequestWrapper request, URLPatternMatcher patternMatcher) throws Exception { + String requestURL = request.getMatchableURL(); + return patternMatcher.match(requestURL, logoutPagePattern); } /** @@ -214,6 +215,22 @@ public class FormAuthenticator implements Authenticator { } /** + * FormAuthenticator has a special case where the user should be sent to a default page if the user + * spontaneously submits a login request. + * + * @param request + * @return a URL to send the user to after logging in + */ + private String getContinueToURL(HttpServletRequest request) { + String savedURL = SecurityFilter.getContinueToURL(request); + if (savedURL != null) { + return savedURL; + } else { + return request.getContextPath() + defaultPage; + } + } + + /** * Utility method to strip the query string from a uri. * * @param uri -- 2.11.0