From c857e4610b613fcb1154681456a22bbee6abdd02 Mon Sep 17 00:00:00 2001 From: Misagh Moayyed Date: Thu, 27 Feb 2014 22:02:19 -0700 Subject: [PATCH 01/13] CAS-219: Provide support for certain urls to be excluded from CAS filters. --- .../authentication/AuthenticationFilter.java | 8 ++++ .../cas/client/util/AbstractCasFilter.java | 33 +++++++++++++ .../AbstractTicketValidationFilter.java | 14 ++++-- .../AuthenticationFilterTests.java | 42 +++++++++++++---- .../Cas10TicketValidationFilterTests.java | 46 +++++++++++++++++++ .../Saml11TicketValidationFilterTests.java | 46 +++++++++++++++++++ .../Saml11TicketValidatorTests.java | 15 +++++- 7 files changed, 191 insertions(+), 13 deletions(-) diff --git a/cas-client-core/src/main/java/org/jasig/cas/client/authentication/AuthenticationFilter.java b/cas-client-core/src/main/java/org/jasig/cas/client/authentication/AuthenticationFilter.java index 2e73556..c00be68 100644 --- a/cas-client-core/src/main/java/org/jasig/cas/client/authentication/AuthenticationFilter.java +++ b/cas-client-core/src/main/java/org/jasig/cas/client/authentication/AuthenticationFilter.java @@ -98,8 +98,16 @@ public class AuthenticationFilter extends AbstractCasFilter { public final void doFilter(final ServletRequest servletRequest, final ServletResponse servletResponse, final FilterChain filterChain) throws IOException, ServletException { + final HttpServletRequest request = (HttpServletRequest) servletRequest; final HttpServletResponse response = (HttpServletResponse) servletResponse; + + if (isRequestUrlExcluded(request)) { + logger.debug("Request is ignored."); + filterChain.doFilter(request, response); + return; + } + final HttpSession session = request.getSession(false); final Assertion assertion = session != null ? (Assertion) session.getAttribute(CONST_CAS_ASSERTION) : null; diff --git a/cas-client-core/src/main/java/org/jasig/cas/client/util/AbstractCasFilter.java b/cas-client-core/src/main/java/org/jasig/cas/client/util/AbstractCasFilter.java index 78f5f7b..7b4d5cf 100644 --- a/cas-client-core/src/main/java/org/jasig/cas/client/util/AbstractCasFilter.java +++ b/cas-client-core/src/main/java/org/jasig/cas/client/util/AbstractCasFilter.java @@ -18,6 +18,10 @@ */ package org.jasig.cas.client.util; +import java.util.Collections; +import java.util.List; +import java.util.regex.Pattern; + import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; @@ -48,6 +52,9 @@ public abstract class AbstractCasFilter extends AbstractConfigurationFilter { /** Defines the parameter to look for for the service. */ private String serviceParameterName = "service"; + /** Url pattern for this filter to exclude and ignore. **/ + private Pattern ignorePattern = null; + /** Sets where response.encodeUrl should be called on service urls when constructed. */ private boolean encodeServiceUrl = true; @@ -72,6 +79,12 @@ public abstract class AbstractCasFilter extends AbstractConfigurationFilter { setEncodeServiceUrl(parseBoolean(getPropertyFromInitParams(filterConfig, "encodeServiceUrl", "true"))); logger.trace("Loading encodeServiceUrl property: {}", this.encodeServiceUrl); + final String ignorePattern = getPropertyFromInitParams(filterConfig, "ignorePattern", null); + if (ignorePattern != null) { + setIgnorePattern(Pattern.compile(ignorePattern)); + logger.trace("Loading ignorePattern property: {}", this.ignorePattern.pattern()); + } + initInternal(filterConfig); } init(); @@ -148,6 +161,10 @@ public abstract class AbstractCasFilter extends AbstractConfigurationFilter { return this.serviceParameterName; } + public final void setIgnorePattern(final Pattern patternToIgnore) { + this.ignorePattern = patternToIgnore; + } + /** * Template method to allow you to change how you retrieve the ticket. * @@ -157,4 +174,20 @@ public abstract class AbstractCasFilter extends AbstractConfigurationFilter { protected String retrieveTicketFromRequest(final HttpServletRequest request) { return CommonUtils.safeGetParameter(request, getArtifactParameterName()); } + + protected boolean isRequestUrlExcluded(final HttpServletRequest request) { + boolean result = false; + if (this.ignorePattern != null) { + final StringBuffer urlBuffer = request.getRequestURL(); + if (request.getQueryString() != null) { + urlBuffer.append("?").append(request.getQueryString()); + } + final String requestUri = urlBuffer.toString(); + logger.debug("Checking [{}] against pattern [{}]", requestUri, this.ignorePattern.pattern()); + result = this.ignorePattern.matcher(requestUri).find(); + } else { + logger.debug("Ignore pattern is not defined"); + } + return result; + } } diff --git a/cas-client-core/src/main/java/org/jasig/cas/client/validation/AbstractTicketValidationFilter.java b/cas-client-core/src/main/java/org/jasig/cas/client/validation/AbstractTicketValidationFilter.java index 58f57c4..836b63a 100644 --- a/cas-client-core/src/main/java/org/jasig/cas/client/validation/AbstractTicketValidationFilter.java +++ b/cas-client-core/src/main/java/org/jasig/cas/client/validation/AbstractTicketValidationFilter.java @@ -190,13 +190,19 @@ public abstract class AbstractTicketValidationFilter extends AbstractCasFilter { public final void doFilter(final ServletRequest servletRequest, final ServletResponse servletResponse, final FilterChain filterChain) throws IOException, ServletException { - + final HttpServletRequest request = (HttpServletRequest) servletRequest; + final HttpServletResponse response = (HttpServletResponse) servletResponse; + + if (isRequestUrlExcluded(request)) { + logger.debug("Request is ignored."); + filterChain.doFilter(request, response); + return; + } + if (!preFilter(servletRequest, servletResponse, filterChain)) { return; } - - final HttpServletRequest request = (HttpServletRequest) servletRequest; - final HttpServletResponse response = (HttpServletResponse) servletResponse; + final String ticket = retrieveTicketFromRequest(request); if (CommonUtils.isNotBlank(ticket)) { diff --git a/cas-client-core/src/test/java/org/jasig/cas/client/authentication/AuthenticationFilterTests.java b/cas-client-core/src/test/java/org/jasig/cas/client/authentication/AuthenticationFilterTests.java index 396c536..34d6686 100644 --- a/cas-client-core/src/test/java/org/jasig/cas/client/authentication/AuthenticationFilterTests.java +++ b/cas-client-core/src/test/java/org/jasig/cas/client/authentication/AuthenticationFilterTests.java @@ -37,7 +37,6 @@ import org.springframework.mock.web.*; * Tests for the AuthenticationFilter. * * @author Scott Battaglia - * @version $Revision: 11753 $ $Date: 2007-01-03 13:37:26 -0500 (Wed, 03 Jan 2007) $ * @since 3.0 */ public final class AuthenticationFilterTests { @@ -50,11 +49,10 @@ public final class AuthenticationFilterTests { @Before public void setUp() throws Exception { - // TODO CAS_SERVICE_URL, false, CAS_LOGIN_URL this.filter = new AuthenticationFilter(); final MockFilterConfig config = new MockFilterConfig(); config.addInitParameter("casServerLoginUrl", CAS_LOGIN_URL); - config.addInitParameter("service", "https://localhost:8443/service"); + config.addInitParameter("service", CAS_SERVICE_URL); this.filter.init(config); } @@ -184,7 +182,7 @@ public final class AuthenticationFilterTests { final AuthenticationFilter f = new AuthenticationFilter(); final MockFilterConfig config = new MockFilterConfig(); config.addInitParameter("casServerLoginUrl", CAS_LOGIN_URL); - config.addInitParameter("service", "https://localhost:8443/service"); + config.addInitParameter("service", CAS_SERVICE_URL); config.addInitParameter("renew", "true"); try { f.init(config); @@ -198,8 +196,8 @@ public final class AuthenticationFilterTests { public void testAllowsRenewContextParam() throws Exception { final AuthenticationFilter f = new AuthenticationFilter(); final MockServletContext context = new MockServletContext(); - context.addInitParameter("casServerLoginUrl", "https://cas.example.com/login"); - context.addInitParameter("service", "https://localhost:8443/service"); + context.addInitParameter("casServerLoginUrl", CAS_LOGIN_URL); + context.addInitParameter("service", CAS_SERVICE_URL); context.addInitParameter("renew", "true"); f.init(new MockFilterConfig(context)); final Field renewField = AuthenticationFilter.class.getDeclaredField("renew"); @@ -211,10 +209,38 @@ public final class AuthenticationFilterTests { public void customRedirectStrategy() throws Exception { final AuthenticationFilter f = new AuthenticationFilter(); final MockServletContext context = new MockServletContext(); - context.addInitParameter("casServerLoginUrl", "https://cas.example.com/login"); - context.addInitParameter("service", "https://localhost:8443/service"); + context.addInitParameter("casServerLoginUrl", CAS_LOGIN_URL); + context.addInitParameter("service", CAS_SERVICE_URL); context.addInitParameter("authenticationRedirectStrategyClass", "org.jasig.cas.client.authentication.FacesCompatibleAuthenticationRedirectStrategy"); f.init(new MockFilterConfig(context)); } + + @Test + public void testIgnorePatterns() throws Exception { + final AuthenticationFilter f = new AuthenticationFilter(); + final MockServletContext context = new MockServletContext(); + context.addInitParameter("casServerLoginUrl", CAS_LOGIN_URL); + + context.addInitParameter("ignorePattern", "=valueTo(\\w+)"); + context.addInitParameter("service", CAS_SERVICE_URL); + f.init(new MockFilterConfig(context)); + + final MockHttpServletRequest request = new MockHttpServletRequest(); + final String URL = CAS_SERVICE_URL + "?param=valueToIgnore"; + request.setRequestURI(URL); + + final MockHttpSession session = new MockHttpSession(); + request.setSession(session); + + final MockHttpServletResponse response = new MockHttpServletResponse(); + + final FilterChain filterChain = new FilterChain() { + public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException { + } + }; + + f.doFilter(request, response, filterChain); + assertNull(response.getRedirectedUrl()); + } } diff --git a/cas-client-core/src/test/java/org/jasig/cas/client/validation/Cas10TicketValidationFilterTests.java b/cas-client-core/src/test/java/org/jasig/cas/client/validation/Cas10TicketValidationFilterTests.java index e8daab4..174b9f7 100644 --- a/cas-client-core/src/test/java/org/jasig/cas/client/validation/Cas10TicketValidationFilterTests.java +++ b/cas-client-core/src/test/java/org/jasig/cas/client/validation/Cas10TicketValidationFilterTests.java @@ -20,8 +20,19 @@ package org.jasig.cas.client.validation; import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; + +import java.io.IOException; + +import javax.servlet.FilterChain; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; + import org.junit.Test; import org.springframework.mock.web.MockFilterConfig; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.mock.web.MockHttpSession; import org.springframework.mock.web.MockServletContext; /** @@ -54,4 +65,39 @@ public class Cas10TicketValidationFilterTests { assertTrue(validator instanceof Cas10TicketValidator); assertTrue(((Cas10TicketValidator) validator).isRenew()); } + + @Test + public void testIgnorePatterns() throws Exception { + final Cas10TicketValidationFilter f = new Cas10TicketValidationFilter(); + + final MockServletContext context = new MockServletContext(); + context.addInitParameter("casServerUrlPrefix", "https://cas.example.com"); + context.addInitParameter("serverName", "https://localhost:8443"); + + context.addInitParameter("ignorePattern", "=valueTo(\\w+)"); + f.init(new MockFilterConfig(context)); + + final MockHttpServletRequest request = new MockHttpServletRequest(); + final String URL = "https://localhost:8443/?param=valueToIgnore"; + request.setRequestURI(URL); + request.setQueryString("ticket=ST-1234"); + request.setParameter("ticket", "ST-1234"); + + final MockHttpSession session = new MockHttpSession(); + request.setSession(session); + + final MockHttpServletResponse response = new MockHttpServletResponse(); + + final FilterChain filterChain = new FilterChain() { + public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException { + } + }; + + try { + f.doFilter(request, response, filterChain); + } catch (final Exception e) { + fail("The validation request should have been ignored"); + } + + } } diff --git a/cas-client-core/src/test/java/org/jasig/cas/client/validation/Saml11TicketValidationFilterTests.java b/cas-client-core/src/test/java/org/jasig/cas/client/validation/Saml11TicketValidationFilterTests.java index 804b46f..c0e267e 100644 --- a/cas-client-core/src/test/java/org/jasig/cas/client/validation/Saml11TicketValidationFilterTests.java +++ b/cas-client-core/src/test/java/org/jasig/cas/client/validation/Saml11TicketValidationFilterTests.java @@ -20,8 +20,19 @@ package org.jasig.cas.client.validation; import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; + +import java.io.IOException; + +import javax.servlet.FilterChain; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; + import org.junit.Test; import org.springframework.mock.web.MockFilterConfig; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.mock.web.MockHttpSession; import org.springframework.mock.web.MockServletContext; /** @@ -54,4 +65,39 @@ public class Saml11TicketValidationFilterTests { assertTrue(validator instanceof Saml11TicketValidator); assertTrue(((Saml11TicketValidator) validator).isRenew()); } + + @Test + public void testIgnorePatterns() throws Exception { + final Saml11TicketValidationFilter f = new Saml11TicketValidationFilter(); + + final MockServletContext context = new MockServletContext(); + context.addInitParameter("casServerUrlPrefix", "https://cas.example.com"); + context.addInitParameter("serverName", "https://localhost:8443"); + + context.addInitParameter("ignorePattern", "=valueTo(\\w+)"); + f.init(new MockFilterConfig(context)); + + final MockHttpServletRequest request = new MockHttpServletRequest(); + final String URL = "https://localhost:8443/?param=valueToIgnore"; + request.setRequestURI(URL); + request.setQueryString("SAMLart=ST-1234"); + request.setParameter("SAMLart", "ST-1234"); + + final MockHttpSession session = new MockHttpSession(); + request.setSession(session); + + final MockHttpServletResponse response = new MockHttpServletResponse(); + + final FilterChain filterChain = new FilterChain() { + public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException { + } + }; + + try { + f.doFilter(request, response, filterChain); + } catch (final Exception e) { + fail("The validation request should have been ignored"); + } + + } } diff --git a/cas-client-core/src/test/java/org/jasig/cas/client/validation/Saml11TicketValidatorTests.java b/cas-client-core/src/test/java/org/jasig/cas/client/validation/Saml11TicketValidatorTests.java index 951e610..9e90749 100644 --- a/cas-client-core/src/test/java/org/jasig/cas/client/validation/Saml11TicketValidatorTests.java +++ b/cas-client-core/src/test/java/org/jasig/cas/client/validation/Saml11TicketValidatorTests.java @@ -20,8 +20,16 @@ package org.jasig.cas.client.validation; import static org.junit.Assert.assertEquals; import static org.junit.Assert.fail; + +import java.io.IOException; import java.io.UnsupportedEncodingException; import java.util.Date; + +import javax.servlet.FilterChain; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; + import org.jasig.cas.client.PublicTestHttpServer; import org.jasig.cas.client.util.CommonUtils; import org.joda.time.DateTime; @@ -30,6 +38,11 @@ import org.joda.time.Interval; import org.junit.Before; import org.junit.Ignore; import org.junit.Test; +import org.springframework.mock.web.MockFilterConfig; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.mock.web.MockHttpSession; +import org.springframework.mock.web.MockServletContext; /** * @author Scott Battaglia @@ -137,7 +150,7 @@ public final class Saml11TicketValidatorTests extends AbstractTicketValidatorTes fail(e.toString()); } } - + private Interval currentTimeRangeInterval() { return new Interval(new DateTime(DateTimeZone.UTC).minus(5000), new DateTime(DateTimeZone.UTC).plus(200000000)); } From 44d1413fa706f8b923a3e9a345ab5aee2f016fd5 Mon Sep 17 00:00:00 2001 From: Misagh Moayyed Date: Sun, 2 Mar 2014 03:03:24 -0700 Subject: [PATCH 02/13] CAS-219: Provide support for certain urls to be excluded from CAS filters. --- .../org/jasig/cas/client/util/AbstractCasFilter.java | 2 -- .../client/validation/Saml11TicketValidatorTests.java | 11 ----------- 2 files changed, 13 deletions(-) diff --git a/cas-client-core/src/main/java/org/jasig/cas/client/util/AbstractCasFilter.java b/cas-client-core/src/main/java/org/jasig/cas/client/util/AbstractCasFilter.java index 7b4d5cf..558cefb 100644 --- a/cas-client-core/src/main/java/org/jasig/cas/client/util/AbstractCasFilter.java +++ b/cas-client-core/src/main/java/org/jasig/cas/client/util/AbstractCasFilter.java @@ -185,8 +185,6 @@ public abstract class AbstractCasFilter extends AbstractConfigurationFilter { final String requestUri = urlBuffer.toString(); logger.debug("Checking [{}] against pattern [{}]", requestUri, this.ignorePattern.pattern()); result = this.ignorePattern.matcher(requestUri).find(); - } else { - logger.debug("Ignore pattern is not defined"); } return result; } diff --git a/cas-client-core/src/test/java/org/jasig/cas/client/validation/Saml11TicketValidatorTests.java b/cas-client-core/src/test/java/org/jasig/cas/client/validation/Saml11TicketValidatorTests.java index 9e90749..41b58ec 100644 --- a/cas-client-core/src/test/java/org/jasig/cas/client/validation/Saml11TicketValidatorTests.java +++ b/cas-client-core/src/test/java/org/jasig/cas/client/validation/Saml11TicketValidatorTests.java @@ -21,15 +21,9 @@ package org.jasig.cas.client.validation; import static org.junit.Assert.assertEquals; import static org.junit.Assert.fail; -import java.io.IOException; import java.io.UnsupportedEncodingException; import java.util.Date; -import javax.servlet.FilterChain; -import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; - import org.jasig.cas.client.PublicTestHttpServer; import org.jasig.cas.client.util.CommonUtils; import org.joda.time.DateTime; @@ -38,11 +32,6 @@ import org.joda.time.Interval; import org.junit.Before; import org.junit.Ignore; import org.junit.Test; -import org.springframework.mock.web.MockFilterConfig; -import org.springframework.mock.web.MockHttpServletRequest; -import org.springframework.mock.web.MockHttpServletResponse; -import org.springframework.mock.web.MockHttpSession; -import org.springframework.mock.web.MockServletContext; /** * @author Scott Battaglia From b9ac92cf255d767cae937ef468ef6e20d20b980e Mon Sep 17 00:00:00 2001 From: Misagh Moayyed Date: Fri, 7 Mar 2014 01:52:50 -0700 Subject: [PATCH 03/13] CASC-219: Provide support for certain urls to be excluded from CAS filters. --- .../cas/client/util/AbstractCasFilter.java | 53 +++++++++++++++---- .../AbstractTicketValidationFilter.java | 8 +-- .../AuthenticationFilterTests.java | 29 ++++++++++ .../Cas10TicketValidationFilterTests.java | 35 ------------ .../Saml11TicketValidationFilterTests.java | 34 ------------ 5 files changed, 73 insertions(+), 86 deletions(-) diff --git a/cas-client-core/src/main/java/org/jasig/cas/client/util/AbstractCasFilter.java b/cas-client-core/src/main/java/org/jasig/cas/client/util/AbstractCasFilter.java index 558cefb..70a5a43 100644 --- a/cas-client-core/src/main/java/org/jasig/cas/client/util/AbstractCasFilter.java +++ b/cas-client-core/src/main/java/org/jasig/cas/client/util/AbstractCasFilter.java @@ -18,8 +18,6 @@ */ package org.jasig.cas.client.util; -import java.util.Collections; -import java.util.List; import java.util.regex.Pattern; import javax.servlet.FilterConfig; @@ -38,11 +36,20 @@ import javax.servlet.http.HttpServletResponse; *

Please note that one of the two above parameters must be set.

* * @author Scott Battaglia - * @version $Revision$ $Date$ + * @author Misagh Moayyed * @since 3.1 */ public abstract class AbstractCasFilter extends AbstractConfigurationFilter { + /** + * Enumeration that defines pattern types. + * @since 3.3.1 + */ + public enum IgnorePatternTypes { + NONE, + REGEX; + } + /** Represents the constant for where the assertion will be located in memory. */ public static final String CONST_CAS_ASSERTION = "_const_cas_assertion_"; @@ -52,8 +59,15 @@ public abstract class AbstractCasFilter extends AbstractConfigurationFilter { /** Defines the parameter to look for for the service. */ private String serviceParameterName = "service"; - /** Url pattern for this filter to exclude and ignore. **/ - private Pattern ignorePattern = null; + /** Url pattern for this filter to exclude and ignore. + * @since 3.3.1 + **/ + private String ignorePattern = null; + + /** Denotes the pattern type. + * @since 3.3.1 + */ + private IgnorePatternTypes ignorePatternType = null; /** Sets where response.encodeUrl should be called on service urls when constructed. */ private boolean encodeServiceUrl = true; @@ -81,15 +95,20 @@ public abstract class AbstractCasFilter extends AbstractConfigurationFilter { final String ignorePattern = getPropertyFromInitParams(filterConfig, "ignorePattern", null); if (ignorePattern != null) { - setIgnorePattern(Pattern.compile(ignorePattern)); - logger.trace("Loading ignorePattern property: {}", this.ignorePattern.pattern()); + setIgnorePattern(ignorePattern); + logger.trace("Loading ignorePattern property: {}", ignorePattern); } + setIgnorePatternType(Enum.valueOf(IgnorePatternTypes.class, getPropertyFromInitParams(filterConfig, "ignorePatternType", + IgnorePatternTypes.REGEX.name()))); + logger.trace("Loading ignorePatternType property: {}", ignorePatternType); + initInternal(filterConfig); } init(); } + /** Controls the ordering of filter initialization and checking by defining a method that runs before the init. * @param filterConfig the original filter configuration. * @throws ServletException if there is a problem. @@ -161,10 +180,14 @@ public abstract class AbstractCasFilter extends AbstractConfigurationFilter { return this.serviceParameterName; } - public final void setIgnorePattern(final Pattern patternToIgnore) { + public final void setIgnorePattern(final String patternToIgnore) { this.ignorePattern = patternToIgnore; } + public final void setIgnorePatternType(final IgnorePatternTypes patternType) { + this.ignorePatternType = patternType; + } + /** * Template method to allow you to change how you retrieve the ticket. * @@ -183,8 +206,18 @@ public abstract class AbstractCasFilter extends AbstractConfigurationFilter { urlBuffer.append("?").append(request.getQueryString()); } final String requestUri = urlBuffer.toString(); - logger.debug("Checking [{}] against pattern [{}]", requestUri, this.ignorePattern.pattern()); - result = this.ignorePattern.matcher(requestUri).find(); + logger.debug("Checking [{}] against pattern [{}]", requestUri, this.ignorePattern); + + + switch (this.ignorePatternType) { + case NONE: + result = requestUri.contains(this.ignorePattern); + break; + case REGEX: + result = Pattern.compile(this.ignorePattern).matcher(requestUri).find(); + break; + } + } return result; } diff --git a/cas-client-core/src/main/java/org/jasig/cas/client/validation/AbstractTicketValidationFilter.java b/cas-client-core/src/main/java/org/jasig/cas/client/validation/AbstractTicketValidationFilter.java index 836b63a..ac5c7af 100644 --- a/cas-client-core/src/main/java/org/jasig/cas/client/validation/AbstractTicketValidationFilter.java +++ b/cas-client-core/src/main/java/org/jasig/cas/client/validation/AbstractTicketValidationFilter.java @@ -192,13 +192,7 @@ public abstract class AbstractTicketValidationFilter extends AbstractCasFilter { final FilterChain filterChain) throws IOException, ServletException { final HttpServletRequest request = (HttpServletRequest) servletRequest; final HttpServletResponse response = (HttpServletResponse) servletResponse; - - if (isRequestUrlExcluded(request)) { - logger.debug("Request is ignored."); - filterChain.doFilter(request, response); - return; - } - + if (!preFilter(servletRequest, servletResponse, filterChain)) { return; } diff --git a/cas-client-core/src/test/java/org/jasig/cas/client/authentication/AuthenticationFilterTests.java b/cas-client-core/src/test/java/org/jasig/cas/client/authentication/AuthenticationFilterTests.java index 34d6686..b8c1bfe 100644 --- a/cas-client-core/src/test/java/org/jasig/cas/client/authentication/AuthenticationFilterTests.java +++ b/cas-client-core/src/test/java/org/jasig/cas/client/authentication/AuthenticationFilterTests.java @@ -243,4 +243,33 @@ public final class AuthenticationFilterTests { f.doFilter(request, response, filterChain); assertNull(response.getRedirectedUrl()); } + + @Test + public void testIgnorePatternsWithNoRegex() throws Exception { + final AuthenticationFilter f = new AuthenticationFilter(); + final MockServletContext context = new MockServletContext(); + context.addInitParameter("casServerLoginUrl", CAS_LOGIN_URL); + + context.addInitParameter("ignorePattern", "=valueToIgnore"); + context.addInitParameter("ignorePatternType", "NONE"); + context.addInitParameter("service", CAS_SERVICE_URL); + f.init(new MockFilterConfig(context)); + + final MockHttpServletRequest request = new MockHttpServletRequest(); + final String URL = CAS_SERVICE_URL + "?param=valueToIgnore"; + request.setRequestURI(URL); + + final MockHttpSession session = new MockHttpSession(); + request.setSession(session); + + final MockHttpServletResponse response = new MockHttpServletResponse(); + + final FilterChain filterChain = new FilterChain() { + public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException { + } + }; + + f.doFilter(request, response, filterChain); + assertNull(response.getRedirectedUrl()); + } } diff --git a/cas-client-core/src/test/java/org/jasig/cas/client/validation/Cas10TicketValidationFilterTests.java b/cas-client-core/src/test/java/org/jasig/cas/client/validation/Cas10TicketValidationFilterTests.java index 174b9f7..74e6d7a 100644 --- a/cas-client-core/src/test/java/org/jasig/cas/client/validation/Cas10TicketValidationFilterTests.java +++ b/cas-client-core/src/test/java/org/jasig/cas/client/validation/Cas10TicketValidationFilterTests.java @@ -65,39 +65,4 @@ public class Cas10TicketValidationFilterTests { assertTrue(validator instanceof Cas10TicketValidator); assertTrue(((Cas10TicketValidator) validator).isRenew()); } - - @Test - public void testIgnorePatterns() throws Exception { - final Cas10TicketValidationFilter f = new Cas10TicketValidationFilter(); - - final MockServletContext context = new MockServletContext(); - context.addInitParameter("casServerUrlPrefix", "https://cas.example.com"); - context.addInitParameter("serverName", "https://localhost:8443"); - - context.addInitParameter("ignorePattern", "=valueTo(\\w+)"); - f.init(new MockFilterConfig(context)); - - final MockHttpServletRequest request = new MockHttpServletRequest(); - final String URL = "https://localhost:8443/?param=valueToIgnore"; - request.setRequestURI(URL); - request.setQueryString("ticket=ST-1234"); - request.setParameter("ticket", "ST-1234"); - - final MockHttpSession session = new MockHttpSession(); - request.setSession(session); - - final MockHttpServletResponse response = new MockHttpServletResponse(); - - final FilterChain filterChain = new FilterChain() { - public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException { - } - }; - - try { - f.doFilter(request, response, filterChain); - } catch (final Exception e) { - fail("The validation request should have been ignored"); - } - - } } diff --git a/cas-client-core/src/test/java/org/jasig/cas/client/validation/Saml11TicketValidationFilterTests.java b/cas-client-core/src/test/java/org/jasig/cas/client/validation/Saml11TicketValidationFilterTests.java index c0e267e..4ba6a36 100644 --- a/cas-client-core/src/test/java/org/jasig/cas/client/validation/Saml11TicketValidationFilterTests.java +++ b/cas-client-core/src/test/java/org/jasig/cas/client/validation/Saml11TicketValidationFilterTests.java @@ -66,38 +66,4 @@ public class Saml11TicketValidationFilterTests { assertTrue(((Saml11TicketValidator) validator).isRenew()); } - @Test - public void testIgnorePatterns() throws Exception { - final Saml11TicketValidationFilter f = new Saml11TicketValidationFilter(); - - final MockServletContext context = new MockServletContext(); - context.addInitParameter("casServerUrlPrefix", "https://cas.example.com"); - context.addInitParameter("serverName", "https://localhost:8443"); - - context.addInitParameter("ignorePattern", "=valueTo(\\w+)"); - f.init(new MockFilterConfig(context)); - - final MockHttpServletRequest request = new MockHttpServletRequest(); - final String URL = "https://localhost:8443/?param=valueToIgnore"; - request.setRequestURI(URL); - request.setQueryString("SAMLart=ST-1234"); - request.setParameter("SAMLart", "ST-1234"); - - final MockHttpSession session = new MockHttpSession(); - request.setSession(session); - - final MockHttpServletResponse response = new MockHttpServletResponse(); - - final FilterChain filterChain = new FilterChain() { - public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException { - } - }; - - try { - f.doFilter(request, response, filterChain); - } catch (final Exception e) { - fail("The validation request should have been ignored"); - } - - } } From 71b366cbf367a8b989c532c82b5b0ff663ec7179 Mon Sep 17 00:00:00 2001 From: Misagh Moayyed Date: Fri, 7 Mar 2014 11:17:14 -0700 Subject: [PATCH 04/13] CASC-219: Provide support for certain urls to be excluded from CAS filters. --- .../authentication/AuthenticationFilter.java | 39 +++++++++++- .../ExactUrlPatternMatcherStrategy.java | 38 +++++++++++ .../RegexUrlPatternMatcherStrategy.java | 41 ++++++++++++ .../UrlPatternMatcherStrategy.java | 39 ++++++++++++ .../cas/client/util/AbstractCasFilter.java | 63 ------------------- .../AbstractTicketValidationFilter.java | 10 +-- .../AuthenticationFilterTests.java | 2 +- .../Cas10TicketValidationFilterTests.java | 13 +--- .../Saml11TicketValidationFilterTests.java | 14 +---- .../Saml11TicketValidatorTests.java | 6 +- 10 files changed, 164 insertions(+), 101 deletions(-) create mode 100644 cas-client-core/src/main/java/org/jasig/cas/client/authentication/ExactUrlPatternMatcherStrategy.java create mode 100644 cas-client-core/src/main/java/org/jasig/cas/client/authentication/RegexUrlPatternMatcherStrategy.java create mode 100644 cas-client-core/src/main/java/org/jasig/cas/client/authentication/UrlPatternMatcherStrategy.java diff --git a/cas-client-core/src/main/java/org/jasig/cas/client/authentication/AuthenticationFilter.java b/cas-client-core/src/main/java/org/jasig/cas/client/authentication/AuthenticationFilter.java index c00be68..c175442 100644 --- a/cas-client-core/src/main/java/org/jasig/cas/client/authentication/AuthenticationFilter.java +++ b/cas-client-core/src/main/java/org/jasig/cas/client/authentication/AuthenticationFilter.java @@ -19,10 +19,12 @@ package org.jasig.cas.client.authentication; import java.io.IOException; + import javax.servlet.*; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; + import org.jasig.cas.client.util.AbstractCasFilter; import org.jasig.cas.client.util.CommonUtils; import org.jasig.cas.client.util.ReflectUtils; @@ -42,11 +44,11 @@ import org.jasig.cas.client.validation.Assertion; *

Please see AbstractCasFilter for additional properties.

* * @author Scott Battaglia - * @version $Revision: 11768 $ $Date: 2007-02-07 15:44:16 -0500 (Wed, 07 Feb 2007) $ + * @author Misagh Moayyed * @since 3.0 */ public class AuthenticationFilter extends AbstractCasFilter { - + /** * The URL to the CAS Server login. */ @@ -64,6 +66,8 @@ public class AuthenticationFilter extends AbstractCasFilter { private GatewayResolver gatewayStorage = new DefaultGatewayResolverImpl(); + private UrlPatternMatcherStrategy ignoreUrlPatternMatcherStrategyClass = null; + private AuthenticationRedirectStrategy authenticationRedirectStrategy = new DefaultAuthenticationRedirectStrategy(); protected void initInternal(final FilterConfig filterConfig) throws ServletException { @@ -75,7 +79,22 @@ public class AuthenticationFilter extends AbstractCasFilter { logger.trace("Loaded renew parameter: {}", this.renew); setGateway(parseBoolean(getPropertyFromInitParams(filterConfig, "gateway", "false"))); logger.trace("Loaded gateway parameter: {}", this.gateway); - + + final String ignorePattern = getPropertyFromInitParams(filterConfig, "ignorePattern", null); + logger.trace("Loaded ignorePattern parameter: {}", ignorePattern); + + final String ignoreUrlMatcherClass = getPropertyFromInitParams(filterConfig, "ignoreUrlPatternMatcherStrategyClass", null); + logger.trace("Loaded ignoreUrlPatternMatcherStrategyClass parameter: {}", ignoreUrlMatcherClass); + + if (ignorePattern != null ) { + if (ignoreUrlMatcherClass != null) { + this.ignoreUrlPatternMatcherStrategyClass = ReflectUtils.newInstance(ignoreUrlMatcherClass); + } else { + this.ignoreUrlPatternMatcherStrategyClass = new RegexUrlPatternMatcherStrategy(); + } + this.ignoreUrlPatternMatcherStrategyClass.setPattern(ignorePattern); + } + final String gatewayStorageClass = getPropertyFromInitParams(filterConfig, "gatewayStorageClass", null); if (gatewayStorageClass != null) { @@ -159,4 +178,18 @@ public class AuthenticationFilter extends AbstractCasFilter { public final void setGatewayStorage(final GatewayResolver gatewayStorage) { this.gatewayStorage = gatewayStorage; } + + private boolean isRequestUrlExcluded(final HttpServletRequest request) { + + if (this.ignoreUrlPatternMatcherStrategyClass == null) { + return false; + } + + final StringBuffer urlBuffer = request.getRequestURL(); + if (request.getQueryString() != null) { + urlBuffer.append("?").append(request.getQueryString()); + } + final String requestUri = urlBuffer.toString(); + return this.ignoreUrlPatternMatcherStrategyClass.matches(requestUri); + } } diff --git a/cas-client-core/src/main/java/org/jasig/cas/client/authentication/ExactUrlPatternMatcherStrategy.java b/cas-client-core/src/main/java/org/jasig/cas/client/authentication/ExactUrlPatternMatcherStrategy.java new file mode 100644 index 0000000..befe6ee --- /dev/null +++ b/cas-client-core/src/main/java/org/jasig/cas/client/authentication/ExactUrlPatternMatcherStrategy.java @@ -0,0 +1,38 @@ +/* + * Licensed to Jasig under one or more contributor license + * agreements. See the NOTICE file distributed with this work + * for additional information regarding copyright ownership. + * Jasig licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a + * copy of the License at the following location: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.jasig.cas.client.authentication; + +/** + * A pattern matcher that looks inside the url to find the exact pattern specified. + * + * @author Misagh Moayyed + * @since 3.3.1 + */ +public class ExactUrlPatternMatcherStrategy implements UrlPatternMatcherStrategy { + + private String pattern; + + public boolean matches(final String url) { + return url.contains(this.pattern); + } + + public void setPattern(final String pattern) { + this.pattern = pattern; + } +} diff --git a/cas-client-core/src/main/java/org/jasig/cas/client/authentication/RegexUrlPatternMatcherStrategy.java b/cas-client-core/src/main/java/org/jasig/cas/client/authentication/RegexUrlPatternMatcherStrategy.java new file mode 100644 index 0000000..7bb54e8 --- /dev/null +++ b/cas-client-core/src/main/java/org/jasig/cas/client/authentication/RegexUrlPatternMatcherStrategy.java @@ -0,0 +1,41 @@ +/* + * Licensed to Jasig under one or more contributor license + * agreements. See the NOTICE file distributed with this work + * for additional information regarding copyright ownership. + * Jasig licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a + * copy of the License at the following location: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.jasig.cas.client.authentication; + +import java.util.regex.Pattern; + +/** + * A pattern matcher that looks inside the url to find the pattern,. that + * is assumed to have been specified via regular expressions syntax. + * + * @author Misagh Moayyed + * @since 3.3.1 + */ +public class RegexUrlPatternMatcherStrategy implements UrlPatternMatcherStrategy { + + private Pattern pattern; + + public boolean matches(final String url) { + return this.pattern.matcher(url).find(); + } + + public void setPattern(final String pattern) { + this.pattern = Pattern.compile(pattern); + } +} diff --git a/cas-client-core/src/main/java/org/jasig/cas/client/authentication/UrlPatternMatcherStrategy.java b/cas-client-core/src/main/java/org/jasig/cas/client/authentication/UrlPatternMatcherStrategy.java new file mode 100644 index 0000000..e72470e --- /dev/null +++ b/cas-client-core/src/main/java/org/jasig/cas/client/authentication/UrlPatternMatcherStrategy.java @@ -0,0 +1,39 @@ +/* + * Licensed to Jasig under one or more contributor license + * agreements. See the NOTICE file distributed with this work + * for additional information regarding copyright ownership. + * Jasig licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a + * copy of the License at the following location: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.jasig.cas.client.authentication; +/** + * Defines an abstraction by which request urls can be matches against a given pattern. + * + * @author Misagh Moayyed + * @since 3.3.1 + */ +public interface UrlPatternMatcherStrategy { + /** + * Execute the match between the given pattern and the url + * @param url the request url typically with query strings included + * @return true if match is successful + */ + boolean matches(final String url); + + /** + * The pattern against which the url is compared + * @param pattern + */ + void setPattern(final String pattern); +} diff --git a/cas-client-core/src/main/java/org/jasig/cas/client/util/AbstractCasFilter.java b/cas-client-core/src/main/java/org/jasig/cas/client/util/AbstractCasFilter.java index 70a5a43..8cf47ef 100644 --- a/cas-client-core/src/main/java/org/jasig/cas/client/util/AbstractCasFilter.java +++ b/cas-client-core/src/main/java/org/jasig/cas/client/util/AbstractCasFilter.java @@ -18,8 +18,6 @@ */ package org.jasig.cas.client.util; -import java.util.regex.Pattern; - import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; @@ -40,15 +38,6 @@ import javax.servlet.http.HttpServletResponse; * @since 3.1 */ public abstract class AbstractCasFilter extends AbstractConfigurationFilter { - - /** - * Enumeration that defines pattern types. - * @since 3.3.1 - */ - public enum IgnorePatternTypes { - NONE, - REGEX; - } /** Represents the constant for where the assertion will be located in memory. */ public static final String CONST_CAS_ASSERTION = "_const_cas_assertion_"; @@ -58,16 +47,6 @@ public abstract class AbstractCasFilter extends AbstractConfigurationFilter { /** Defines the parameter to look for for the service. */ private String serviceParameterName = "service"; - - /** Url pattern for this filter to exclude and ignore. - * @since 3.3.1 - **/ - private String ignorePattern = null; - - /** Denotes the pattern type. - * @since 3.3.1 - */ - private IgnorePatternTypes ignorePatternType = null; /** Sets where response.encodeUrl should be called on service urls when constructed. */ private boolean encodeServiceUrl = true; @@ -92,16 +71,6 @@ public abstract class AbstractCasFilter extends AbstractConfigurationFilter { logger.trace("Loading serviceParameterName property: {} ", this.serviceParameterName); setEncodeServiceUrl(parseBoolean(getPropertyFromInitParams(filterConfig, "encodeServiceUrl", "true"))); logger.trace("Loading encodeServiceUrl property: {}", this.encodeServiceUrl); - - final String ignorePattern = getPropertyFromInitParams(filterConfig, "ignorePattern", null); - if (ignorePattern != null) { - setIgnorePattern(ignorePattern); - logger.trace("Loading ignorePattern property: {}", ignorePattern); - } - - setIgnorePatternType(Enum.valueOf(IgnorePatternTypes.class, getPropertyFromInitParams(filterConfig, "ignorePatternType", - IgnorePatternTypes.REGEX.name()))); - logger.trace("Loading ignorePatternType property: {}", ignorePatternType); initInternal(filterConfig); } @@ -179,14 +148,6 @@ public abstract class AbstractCasFilter extends AbstractConfigurationFilter { public final String getServiceParameterName() { return this.serviceParameterName; } - - public final void setIgnorePattern(final String patternToIgnore) { - this.ignorePattern = patternToIgnore; - } - - public final void setIgnorePatternType(final IgnorePatternTypes patternType) { - this.ignorePatternType = patternType; - } /** * Template method to allow you to change how you retrieve the ticket. @@ -197,28 +158,4 @@ public abstract class AbstractCasFilter extends AbstractConfigurationFilter { protected String retrieveTicketFromRequest(final HttpServletRequest request) { return CommonUtils.safeGetParameter(request, getArtifactParameterName()); } - - protected boolean isRequestUrlExcluded(final HttpServletRequest request) { - boolean result = false; - if (this.ignorePattern != null) { - final StringBuffer urlBuffer = request.getRequestURL(); - if (request.getQueryString() != null) { - urlBuffer.append("?").append(request.getQueryString()); - } - final String requestUri = urlBuffer.toString(); - logger.debug("Checking [{}] against pattern [{}]", requestUri, this.ignorePattern); - - - switch (this.ignorePatternType) { - case NONE: - result = requestUri.contains(this.ignorePattern); - break; - case REGEX: - result = Pattern.compile(this.ignorePattern).matcher(requestUri).find(); - break; - } - - } - return result; - } } diff --git a/cas-client-core/src/main/java/org/jasig/cas/client/validation/AbstractTicketValidationFilter.java b/cas-client-core/src/main/java/org/jasig/cas/client/validation/AbstractTicketValidationFilter.java index ac5c7af..1d27314 100644 --- a/cas-client-core/src/main/java/org/jasig/cas/client/validation/AbstractTicketValidationFilter.java +++ b/cas-client-core/src/main/java/org/jasig/cas/client/validation/AbstractTicketValidationFilter.java @@ -190,13 +190,13 @@ public abstract class AbstractTicketValidationFilter extends AbstractCasFilter { public final void doFilter(final ServletRequest servletRequest, final ServletResponse servletResponse, final FilterChain filterChain) throws IOException, ServletException { - final HttpServletRequest request = (HttpServletRequest) servletRequest; - final HttpServletResponse response = (HttpServletResponse) servletResponse; - + if (!preFilter(servletRequest, servletResponse, filterChain)) { return; } - + + final HttpServletRequest request = (HttpServletRequest) servletRequest; + final HttpServletResponse response = (HttpServletResponse) servletResponse; final String ticket = retrieveTicketFromRequest(request); if (CommonUtils.isNotBlank(ticket)) { @@ -254,4 +254,4 @@ public abstract class AbstractTicketValidationFilter extends AbstractCasFilter { public final void setUseSession(final boolean useSession) { this.useSession = useSession; } -} +} \ No newline at end of file diff --git a/cas-client-core/src/test/java/org/jasig/cas/client/authentication/AuthenticationFilterTests.java b/cas-client-core/src/test/java/org/jasig/cas/client/authentication/AuthenticationFilterTests.java index b8c1bfe..f9b8b8f 100644 --- a/cas-client-core/src/test/java/org/jasig/cas/client/authentication/AuthenticationFilterTests.java +++ b/cas-client-core/src/test/java/org/jasig/cas/client/authentication/AuthenticationFilterTests.java @@ -251,7 +251,7 @@ public final class AuthenticationFilterTests { context.addInitParameter("casServerLoginUrl", CAS_LOGIN_URL); context.addInitParameter("ignorePattern", "=valueToIgnore"); - context.addInitParameter("ignorePatternType", "NONE"); + context.addInitParameter("ignoreUrlPatternMatcherStrategyClass", ExactUrlPatternMatcherStrategy.class.getName()); context.addInitParameter("service", CAS_SERVICE_URL); f.init(new MockFilterConfig(context)); diff --git a/cas-client-core/src/test/java/org/jasig/cas/client/validation/Cas10TicketValidationFilterTests.java b/cas-client-core/src/test/java/org/jasig/cas/client/validation/Cas10TicketValidationFilterTests.java index 74e6d7a..8ccdb2f 100644 --- a/cas-client-core/src/test/java/org/jasig/cas/client/validation/Cas10TicketValidationFilterTests.java +++ b/cas-client-core/src/test/java/org/jasig/cas/client/validation/Cas10TicketValidationFilterTests.java @@ -20,19 +20,8 @@ package org.jasig.cas.client.validation; import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; - -import java.io.IOException; - -import javax.servlet.FilterChain; -import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; - import org.junit.Test; import org.springframework.mock.web.MockFilterConfig; -import org.springframework.mock.web.MockHttpServletRequest; -import org.springframework.mock.web.MockHttpServletResponse; -import org.springframework.mock.web.MockHttpSession; import org.springframework.mock.web.MockServletContext; /** @@ -65,4 +54,4 @@ public class Cas10TicketValidationFilterTests { assertTrue(validator instanceof Cas10TicketValidator); assertTrue(((Cas10TicketValidator) validator).isRenew()); } -} +} \ No newline at end of file diff --git a/cas-client-core/src/test/java/org/jasig/cas/client/validation/Saml11TicketValidationFilterTests.java b/cas-client-core/src/test/java/org/jasig/cas/client/validation/Saml11TicketValidationFilterTests.java index 4ba6a36..53d1875 100644 --- a/cas-client-core/src/test/java/org/jasig/cas/client/validation/Saml11TicketValidationFilterTests.java +++ b/cas-client-core/src/test/java/org/jasig/cas/client/validation/Saml11TicketValidationFilterTests.java @@ -20,19 +20,8 @@ package org.jasig.cas.client.validation; import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; - -import java.io.IOException; - -import javax.servlet.FilterChain; -import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; - import org.junit.Test; import org.springframework.mock.web.MockFilterConfig; -import org.springframework.mock.web.MockHttpServletRequest; -import org.springframework.mock.web.MockHttpServletResponse; -import org.springframework.mock.web.MockHttpSession; import org.springframework.mock.web.MockServletContext; /** @@ -65,5 +54,4 @@ public class Saml11TicketValidationFilterTests { assertTrue(validator instanceof Saml11TicketValidator); assertTrue(((Saml11TicketValidator) validator).isRenew()); } - -} +} \ No newline at end of file diff --git a/cas-client-core/src/test/java/org/jasig/cas/client/validation/Saml11TicketValidatorTests.java b/cas-client-core/src/test/java/org/jasig/cas/client/validation/Saml11TicketValidatorTests.java index 41b58ec..417db57 100644 --- a/cas-client-core/src/test/java/org/jasig/cas/client/validation/Saml11TicketValidatorTests.java +++ b/cas-client-core/src/test/java/org/jasig/cas/client/validation/Saml11TicketValidatorTests.java @@ -20,10 +20,8 @@ package org.jasig.cas.client.validation; import static org.junit.Assert.assertEquals; import static org.junit.Assert.fail; - import java.io.UnsupportedEncodingException; import java.util.Date; - import org.jasig.cas.client.PublicTestHttpServer; import org.jasig.cas.client.util.CommonUtils; import org.joda.time.DateTime; @@ -139,8 +137,8 @@ public final class Saml11TicketValidatorTests extends AbstractTicketValidatorTes fail(e.toString()); } } - + private Interval currentTimeRangeInterval() { return new Interval(new DateTime(DateTimeZone.UTC).minus(5000), new DateTime(DateTimeZone.UTC).plus(200000000)); } -} +} \ No newline at end of file From b97d03d12647491d70b08490db70b44323488b9a Mon Sep 17 00:00:00 2001 From: Misagh Moayyed Date: Mon, 10 Mar 2014 05:22:44 -0700 Subject: [PATCH 05/13] CASC-219: Cleaned up formatting issues --- .../jasig/cas/client/authentication/AuthenticationFilter.java | 1 - .../cas/client/authentication/UrlPatternMatcherStrategy.java | 4 ++-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/cas-client-core/src/main/java/org/jasig/cas/client/authentication/AuthenticationFilter.java b/cas-client-core/src/main/java/org/jasig/cas/client/authentication/AuthenticationFilter.java index c175442..9a6f084 100644 --- a/cas-client-core/src/main/java/org/jasig/cas/client/authentication/AuthenticationFilter.java +++ b/cas-client-core/src/main/java/org/jasig/cas/client/authentication/AuthenticationFilter.java @@ -180,7 +180,6 @@ public class AuthenticationFilter extends AbstractCasFilter { } private boolean isRequestUrlExcluded(final HttpServletRequest request) { - if (this.ignoreUrlPatternMatcherStrategyClass == null) { return false; } diff --git a/cas-client-core/src/main/java/org/jasig/cas/client/authentication/UrlPatternMatcherStrategy.java b/cas-client-core/src/main/java/org/jasig/cas/client/authentication/UrlPatternMatcherStrategy.java index e72470e..2117a2a 100644 --- a/cas-client-core/src/main/java/org/jasig/cas/client/authentication/UrlPatternMatcherStrategy.java +++ b/cas-client-core/src/main/java/org/jasig/cas/client/authentication/UrlPatternMatcherStrategy.java @@ -29,11 +29,11 @@ public interface UrlPatternMatcherStrategy { * @param url the request url typically with query strings included * @return true if match is successful */ - boolean matches(final String url); + boolean matches(String url); /** * The pattern against which the url is compared * @param pattern */ - void setPattern(final String pattern); + void setPattern(String pattern); } From 3773fc9e54919512997450dadefb5a33e3bc847b Mon Sep 17 00:00:00 2001 From: Misagh Moayyed Date: Tue, 11 Mar 2014 04:24:27 -0700 Subject: [PATCH 06/13] CASC-219: updated javadocs and added map to keep track of pattern matchers --- .../authentication/AuthenticationFilter.java | 32 +++++++++++-------- .../UrlPatternMatcherStrategy.java | 5 ++- .../AuthenticationFilterTests.java | 4 +-- 3 files changed, 24 insertions(+), 17 deletions(-) diff --git a/cas-client-core/src/main/java/org/jasig/cas/client/authentication/AuthenticationFilter.java b/cas-client-core/src/main/java/org/jasig/cas/client/authentication/AuthenticationFilter.java index 9a6f084..900342c 100644 --- a/cas-client-core/src/main/java/org/jasig/cas/client/authentication/AuthenticationFilter.java +++ b/cas-client-core/src/main/java/org/jasig/cas/client/authentication/AuthenticationFilter.java @@ -19,6 +19,8 @@ package org.jasig.cas.client.authentication; import java.io.IOException; +import java.util.HashMap; +import java.util.Map; import javax.servlet.*; import javax.servlet.http.HttpServletRequest; @@ -66,10 +68,18 @@ public class AuthenticationFilter extends AbstractCasFilter { private GatewayResolver gatewayStorage = new DefaultGatewayResolverImpl(); + private AuthenticationRedirectStrategy authenticationRedirectStrategy = new DefaultAuthenticationRedirectStrategy(); + private UrlPatternMatcherStrategy ignoreUrlPatternMatcherStrategyClass = null; - private AuthenticationRedirectStrategy authenticationRedirectStrategy = new DefaultAuthenticationRedirectStrategy(); - + private final Map> PATTERN_MATCHER_TYPES = + new HashMap>(); + + public AuthenticationFilter() { + this.PATTERN_MATCHER_TYPES.put("EXACT", ExactUrlPatternMatcherStrategy.class); + this.PATTERN_MATCHER_TYPES.put("REGEX", RegexUrlPatternMatcherStrategy.class); + } + protected void initInternal(final FilterConfig filterConfig) throws ServletException { if (!isIgnoreInitConfiguration()) { super.initInternal(filterConfig); @@ -83,16 +93,17 @@ public class AuthenticationFilter extends AbstractCasFilter { final String ignorePattern = getPropertyFromInitParams(filterConfig, "ignorePattern", null); logger.trace("Loaded ignorePattern parameter: {}", ignorePattern); - final String ignoreUrlMatcherClass = getPropertyFromInitParams(filterConfig, "ignoreUrlPatternMatcherStrategyClass", null); - logger.trace("Loaded ignoreUrlPatternMatcherStrategyClass parameter: {}", ignoreUrlMatcherClass); + final String ignoreUrlPatternType = getPropertyFromInitParams(filterConfig, "ignoreUrlPatternType", "REGEX"); + logger.trace("Loaded ignoreUrlPatternType parameter: {}", ignoreUrlPatternType); if (ignorePattern != null ) { + final Class ignoreUrlMatcherClass = this.PATTERN_MATCHER_TYPES.get(ignoreUrlPatternType); if (ignoreUrlMatcherClass != null) { - this.ignoreUrlPatternMatcherStrategyClass = ReflectUtils.newInstance(ignoreUrlMatcherClass); + this.ignoreUrlPatternMatcherStrategyClass = ReflectUtils.newInstance(ignoreUrlMatcherClass.getName()); + this.ignoreUrlPatternMatcherStrategyClass.setPattern(ignorePattern); } else { - this.ignoreUrlPatternMatcherStrategyClass = new RegexUrlPatternMatcherStrategy(); + logger.trace("Could not find and load: {}", ignoreUrlMatcherClass); } - this.ignoreUrlPatternMatcherStrategyClass.setPattern(ignorePattern); } final String gatewayStorageClass = getPropertyFromInitParams(filterConfig, "gatewayStorageClass", null); @@ -100,13 +111,6 @@ public class AuthenticationFilter extends AbstractCasFilter { if (gatewayStorageClass != null) { this.gatewayStorage = ReflectUtils.newInstance(gatewayStorageClass); } - - final String authenticationRedirectStrategyClass = getPropertyFromInitParams(filterConfig, - "authenticationRedirectStrategyClass", null); - - if (authenticationRedirectStrategyClass != null) { - this.authenticationRedirectStrategy = ReflectUtils.newInstance(authenticationRedirectStrategyClass); - } } } diff --git a/cas-client-core/src/main/java/org/jasig/cas/client/authentication/UrlPatternMatcherStrategy.java b/cas-client-core/src/main/java/org/jasig/cas/client/authentication/UrlPatternMatcherStrategy.java index 2117a2a..a2e70e9 100644 --- a/cas-client-core/src/main/java/org/jasig/cas/client/authentication/UrlPatternMatcherStrategy.java +++ b/cas-client-core/src/main/java/org/jasig/cas/client/authentication/UrlPatternMatcherStrategy.java @@ -19,7 +19,10 @@ package org.jasig.cas.client.authentication; /** * Defines an abstraction by which request urls can be matches against a given pattern. - * + * New instances for all extensions for this strategy interface will be created per + * each request. The client will ultimately invoke the {@link #matches(String)} method + * having already applied and set the pattern via the {@link #setPattern(String)} method. + * The pattern itself will be retrieved via the client configuration. * @author Misagh Moayyed * @since 3.3.1 */ diff --git a/cas-client-core/src/test/java/org/jasig/cas/client/authentication/AuthenticationFilterTests.java b/cas-client-core/src/test/java/org/jasig/cas/client/authentication/AuthenticationFilterTests.java index f9b8b8f..d52e18e 100644 --- a/cas-client-core/src/test/java/org/jasig/cas/client/authentication/AuthenticationFilterTests.java +++ b/cas-client-core/src/test/java/org/jasig/cas/client/authentication/AuthenticationFilterTests.java @@ -245,13 +245,13 @@ public final class AuthenticationFilterTests { } @Test - public void testIgnorePatternsWithNoRegex() throws Exception { + public void testIgnorePatternsWithExactMatching() throws Exception { final AuthenticationFilter f = new AuthenticationFilter(); final MockServletContext context = new MockServletContext(); context.addInitParameter("casServerLoginUrl", CAS_LOGIN_URL); context.addInitParameter("ignorePattern", "=valueToIgnore"); - context.addInitParameter("ignoreUrlPatternMatcherStrategyClass", ExactUrlPatternMatcherStrategy.class.getName()); + context.addInitParameter("ignoreUrlPatternType", "EXACT"); context.addInitParameter("service", CAS_SERVICE_URL); f.init(new MockFilterConfig(context)); From 511bce24711a91dc47c8a2e71b44efdce9f66b80 Mon Sep 17 00:00:00 2001 From: Misagh Moayyed Date: Tue, 11 Mar 2014 05:04:59 -0700 Subject: [PATCH 07/13] CASC-219: allowed extensions for ignoring urls --- .../authentication/AuthenticationFilter.java | 20 ++++++- .../AuthenticationFilterTests.java | 58 +++++++++++++++++++ 2 files changed, 75 insertions(+), 3 deletions(-) diff --git a/cas-client-core/src/main/java/org/jasig/cas/client/authentication/AuthenticationFilter.java b/cas-client-core/src/main/java/org/jasig/cas/client/authentication/AuthenticationFilter.java index 900342c..d2fa5ef 100644 --- a/cas-client-core/src/main/java/org/jasig/cas/client/authentication/AuthenticationFilter.java +++ b/cas-client-core/src/main/java/org/jasig/cas/client/authentication/AuthenticationFilter.java @@ -96,13 +96,20 @@ public class AuthenticationFilter extends AbstractCasFilter { final String ignoreUrlPatternType = getPropertyFromInitParams(filterConfig, "ignoreUrlPatternType", "REGEX"); logger.trace("Loaded ignoreUrlPatternType parameter: {}", ignoreUrlPatternType); - if (ignorePattern != null ) { + if (ignorePattern != null) { final Class ignoreUrlMatcherClass = this.PATTERN_MATCHER_TYPES.get(ignoreUrlPatternType); if (ignoreUrlMatcherClass != null) { this.ignoreUrlPatternMatcherStrategyClass = ReflectUtils.newInstance(ignoreUrlMatcherClass.getName()); - this.ignoreUrlPatternMatcherStrategyClass.setPattern(ignorePattern); } else { - logger.trace("Could not find and load: {}", ignoreUrlMatcherClass); + try { + logger.trace("Assuming {} is a qualfiied class name...", ignoreUrlPatternType); + this.ignoreUrlPatternMatcherStrategyClass = ReflectUtils.newInstance(ignoreUrlPatternType); + } catch (final IllegalArgumentException e) { + logger.warn("Could not instantiate class [{}]: [{}]", ignoreUrlPatternType, e.getMessage()); + } + } + if (this.ignoreUrlPatternMatcherStrategyClass != null) { + this.ignoreUrlPatternMatcherStrategyClass.setPattern(ignorePattern); } } @@ -111,6 +118,13 @@ public class AuthenticationFilter extends AbstractCasFilter { if (gatewayStorageClass != null) { this.gatewayStorage = ReflectUtils.newInstance(gatewayStorageClass); } + + final String authenticationRedirectStrategyClass = getPropertyFromInitParams(filterConfig, + "authenticationRedirectStrategyClass", null); + + if (authenticationRedirectStrategyClass != null) { + this.authenticationRedirectStrategy = ReflectUtils.newInstance(authenticationRedirectStrategyClass); + } } } diff --git a/cas-client-core/src/test/java/org/jasig/cas/client/authentication/AuthenticationFilterTests.java b/cas-client-core/src/test/java/org/jasig/cas/client/authentication/AuthenticationFilterTests.java index d52e18e..d006188 100644 --- a/cas-client-core/src/test/java/org/jasig/cas/client/authentication/AuthenticationFilterTests.java +++ b/cas-client-core/src/test/java/org/jasig/cas/client/authentication/AuthenticationFilterTests.java @@ -272,4 +272,62 @@ public final class AuthenticationFilterTests { f.doFilter(request, response, filterChain); assertNull(response.getRedirectedUrl()); } + + @Test + public void testIgnorePatternsWithExactClassname() throws Exception { + final AuthenticationFilter f = new AuthenticationFilter(); + final MockServletContext context = new MockServletContext(); + context.addInitParameter("casServerLoginUrl", CAS_LOGIN_URL); + + context.addInitParameter("ignorePattern", "=valueToIgnore"); + context.addInitParameter("ignoreUrlPatternType", ExactUrlPatternMatcherStrategy.class.getName()); + context.addInitParameter("service", CAS_SERVICE_URL); + f.init(new MockFilterConfig(context)); + + final MockHttpServletRequest request = new MockHttpServletRequest(); + final String URL = CAS_SERVICE_URL + "?param=valueToIgnore"; + request.setRequestURI(URL); + + final MockHttpSession session = new MockHttpSession(); + request.setSession(session); + + final MockHttpServletResponse response = new MockHttpServletResponse(); + + final FilterChain filterChain = new FilterChain() { + public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException { + } + }; + + f.doFilter(request, response, filterChain); + assertNull(response.getRedirectedUrl()); + } + + @Test + public void testIgnorePatternsWithInvalidClassname() throws Exception { + final AuthenticationFilter f = new AuthenticationFilter(); + final MockServletContext context = new MockServletContext(); + context.addInitParameter("casServerLoginUrl", CAS_LOGIN_URL); + + context.addInitParameter("ignorePattern", "=valueToIgnore"); + context.addInitParameter("ignoreUrlPatternType", "unknown.class.name"); + context.addInitParameter("service", CAS_SERVICE_URL); + f.init(new MockFilterConfig(context)); + + final MockHttpServletRequest request = new MockHttpServletRequest(); + final String URL = CAS_SERVICE_URL + "?param=valueToIgnore"; + request.setRequestURI(URL); + + final MockHttpSession session = new MockHttpSession(); + request.setSession(session); + + final MockHttpServletResponse response = new MockHttpServletResponse(); + + final FilterChain filterChain = new FilterChain() { + public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException { + } + }; + + f.doFilter(request, response, filterChain); + System.out.println(response.getRedirectedUrl()); + } } From dfb3629dc2f65f47a7c4ac616979f99e7a060e40 Mon Sep 17 00:00:00 2001 From: Misagh Moayyed Date: Tue, 11 Mar 2014 07:11:53 -0700 Subject: [PATCH 08/13] CASC-219: updated internal map to be a static ref instead --- .../cas/client/authentication/AuthenticationFilter.java | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/cas-client-core/src/main/java/org/jasig/cas/client/authentication/AuthenticationFilter.java b/cas-client-core/src/main/java/org/jasig/cas/client/authentication/AuthenticationFilter.java index d2fa5ef..25d525b 100644 --- a/cas-client-core/src/main/java/org/jasig/cas/client/authentication/AuthenticationFilter.java +++ b/cas-client-core/src/main/java/org/jasig/cas/client/authentication/AuthenticationFilter.java @@ -72,12 +72,12 @@ public class AuthenticationFilter extends AbstractCasFilter { private UrlPatternMatcherStrategy ignoreUrlPatternMatcherStrategyClass = null; - private final Map> PATTERN_MATCHER_TYPES = + private static final Map> PATTERN_MATCHER_TYPES = new HashMap>(); - public AuthenticationFilter() { - this.PATTERN_MATCHER_TYPES.put("EXACT", ExactUrlPatternMatcherStrategy.class); - this.PATTERN_MATCHER_TYPES.put("REGEX", RegexUrlPatternMatcherStrategy.class); + static { + PATTERN_MATCHER_TYPES.put("EXACT", ExactUrlPatternMatcherStrategy.class); + PATTERN_MATCHER_TYPES.put("REGEX", RegexUrlPatternMatcherStrategy.class); } protected void initInternal(final FilterConfig filterConfig) throws ServletException { From 248643cf309bc4b2daf838ad5f108c83705d49ab Mon Sep 17 00:00:00 2001 From: Misagh Moayyed Date: Tue, 11 Mar 2014 08:46:00 -0700 Subject: [PATCH 09/13] CASC-219: switched warn to error, fixed typo and this refs --- .../cas/client/authentication/AuthenticationFilter.java | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/cas-client-core/src/main/java/org/jasig/cas/client/authentication/AuthenticationFilter.java b/cas-client-core/src/main/java/org/jasig/cas/client/authentication/AuthenticationFilter.java index 25d525b..c7e225d 100644 --- a/cas-client-core/src/main/java/org/jasig/cas/client/authentication/AuthenticationFilter.java +++ b/cas-client-core/src/main/java/org/jasig/cas/client/authentication/AuthenticationFilter.java @@ -50,7 +50,6 @@ import org.jasig.cas.client.validation.Assertion; * @since 3.0 */ public class AuthenticationFilter extends AbstractCasFilter { - /** * The URL to the CAS Server login. */ @@ -97,15 +96,15 @@ public class AuthenticationFilter extends AbstractCasFilter { logger.trace("Loaded ignoreUrlPatternType parameter: {}", ignoreUrlPatternType); if (ignorePattern != null) { - final Class ignoreUrlMatcherClass = this.PATTERN_MATCHER_TYPES.get(ignoreUrlPatternType); + final Class ignoreUrlMatcherClass = PATTERN_MATCHER_TYPES.get(ignoreUrlPatternType); if (ignoreUrlMatcherClass != null) { this.ignoreUrlPatternMatcherStrategyClass = ReflectUtils.newInstance(ignoreUrlMatcherClass.getName()); } else { try { - logger.trace("Assuming {} is a qualfiied class name...", ignoreUrlPatternType); + logger.trace("Assuming {} is a qualified class name...", ignoreUrlPatternType); this.ignoreUrlPatternMatcherStrategyClass = ReflectUtils.newInstance(ignoreUrlPatternType); } catch (final IllegalArgumentException e) { - logger.warn("Could not instantiate class [{}]: [{}]", ignoreUrlPatternType, e.getMessage()); + logger.error("Could not instantiate class [{}]", ignoreUrlPatternType, e); } } if (this.ignoreUrlPatternMatcherStrategyClass != null) { From 00ee9e378dfaa89557b1eb74c0bfd76681b670dd Mon Sep 17 00:00:00 2001 From: Misagh Moayyed Date: Wed, 12 Mar 2014 07:37:59 -0700 Subject: [PATCH 10/13] CASC-219: renamed matcher class to match behavior --- .../jasig/cas/client/authentication/AuthenticationFilter.java | 2 +- ...ategy.java => ContainsPatternUrlPatternMatcherStrategy.java} | 2 +- .../cas/client/authentication/AuthenticationFilterTests.java | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) rename cas-client-core/src/main/java/org/jasig/cas/client/authentication/{ExactUrlPatternMatcherStrategy.java => ContainsPatternUrlPatternMatcherStrategy.java} (92%) diff --git a/cas-client-core/src/main/java/org/jasig/cas/client/authentication/AuthenticationFilter.java b/cas-client-core/src/main/java/org/jasig/cas/client/authentication/AuthenticationFilter.java index c7e225d..8ab5d81 100644 --- a/cas-client-core/src/main/java/org/jasig/cas/client/authentication/AuthenticationFilter.java +++ b/cas-client-core/src/main/java/org/jasig/cas/client/authentication/AuthenticationFilter.java @@ -75,7 +75,7 @@ public class AuthenticationFilter extends AbstractCasFilter { new HashMap>(); static { - PATTERN_MATCHER_TYPES.put("EXACT", ExactUrlPatternMatcherStrategy.class); + PATTERN_MATCHER_TYPES.put("EXACT", ContainsPatternUrlPatternMatcherStrategy.class); PATTERN_MATCHER_TYPES.put("REGEX", RegexUrlPatternMatcherStrategy.class); } diff --git a/cas-client-core/src/main/java/org/jasig/cas/client/authentication/ExactUrlPatternMatcherStrategy.java b/cas-client-core/src/main/java/org/jasig/cas/client/authentication/ContainsPatternUrlPatternMatcherStrategy.java similarity index 92% rename from cas-client-core/src/main/java/org/jasig/cas/client/authentication/ExactUrlPatternMatcherStrategy.java rename to cas-client-core/src/main/java/org/jasig/cas/client/authentication/ContainsPatternUrlPatternMatcherStrategy.java index befe6ee..1532481 100644 --- a/cas-client-core/src/main/java/org/jasig/cas/client/authentication/ExactUrlPatternMatcherStrategy.java +++ b/cas-client-core/src/main/java/org/jasig/cas/client/authentication/ContainsPatternUrlPatternMatcherStrategy.java @@ -24,7 +24,7 @@ package org.jasig.cas.client.authentication; * @author Misagh Moayyed * @since 3.3.1 */ -public class ExactUrlPatternMatcherStrategy implements UrlPatternMatcherStrategy { +public class ContainsPatternUrlPatternMatcherStrategy implements UrlPatternMatcherStrategy { private String pattern; diff --git a/cas-client-core/src/test/java/org/jasig/cas/client/authentication/AuthenticationFilterTests.java b/cas-client-core/src/test/java/org/jasig/cas/client/authentication/AuthenticationFilterTests.java index d006188..d5cffe6 100644 --- a/cas-client-core/src/test/java/org/jasig/cas/client/authentication/AuthenticationFilterTests.java +++ b/cas-client-core/src/test/java/org/jasig/cas/client/authentication/AuthenticationFilterTests.java @@ -280,7 +280,7 @@ public final class AuthenticationFilterTests { context.addInitParameter("casServerLoginUrl", CAS_LOGIN_URL); context.addInitParameter("ignorePattern", "=valueToIgnore"); - context.addInitParameter("ignoreUrlPatternType", ExactUrlPatternMatcherStrategy.class.getName()); + context.addInitParameter("ignoreUrlPatternType", ContainsPatternUrlPatternMatcherStrategy.class.getName()); context.addInitParameter("service", CAS_SERVICE_URL); f.init(new MockFilterConfig(context)); From 0a8fd79a442e5a6106546fbec74a1c6edad544fa Mon Sep 17 00:00:00 2001 From: Misagh Moayyed Date: Thu, 13 Mar 2014 03:20:39 -0700 Subject: [PATCH 11/13] CASC-219: changed exact to contains --- .../jasig/cas/client/authentication/AuthenticationFilter.java | 2 +- .../cas/client/authentication/AuthenticationFilterTests.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cas-client-core/src/main/java/org/jasig/cas/client/authentication/AuthenticationFilter.java b/cas-client-core/src/main/java/org/jasig/cas/client/authentication/AuthenticationFilter.java index 8ab5d81..42b6817 100644 --- a/cas-client-core/src/main/java/org/jasig/cas/client/authentication/AuthenticationFilter.java +++ b/cas-client-core/src/main/java/org/jasig/cas/client/authentication/AuthenticationFilter.java @@ -75,7 +75,7 @@ public class AuthenticationFilter extends AbstractCasFilter { new HashMap>(); static { - PATTERN_MATCHER_TYPES.put("EXACT", ContainsPatternUrlPatternMatcherStrategy.class); + PATTERN_MATCHER_TYPES.put("CONTAINS", ContainsPatternUrlPatternMatcherStrategy.class); PATTERN_MATCHER_TYPES.put("REGEX", RegexUrlPatternMatcherStrategy.class); } diff --git a/cas-client-core/src/test/java/org/jasig/cas/client/authentication/AuthenticationFilterTests.java b/cas-client-core/src/test/java/org/jasig/cas/client/authentication/AuthenticationFilterTests.java index d5cffe6..3320a0d 100644 --- a/cas-client-core/src/test/java/org/jasig/cas/client/authentication/AuthenticationFilterTests.java +++ b/cas-client-core/src/test/java/org/jasig/cas/client/authentication/AuthenticationFilterTests.java @@ -251,7 +251,7 @@ public final class AuthenticationFilterTests { context.addInitParameter("casServerLoginUrl", CAS_LOGIN_URL); context.addInitParameter("ignorePattern", "=valueToIgnore"); - context.addInitParameter("ignoreUrlPatternType", "EXACT"); + context.addInitParameter("ignoreUrlPatternType", "CONTAINS"); context.addInitParameter("service", CAS_SERVICE_URL); f.init(new MockFilterConfig(context)); From d2b93a237f61725b4bc78eb34ffccfe90713124c Mon Sep 17 00:00:00 2001 From: Misagh Moayyed Date: Thu, 13 Mar 2014 08:26:22 -0700 Subject: [PATCH 12/13] CASC-219: added exact-matcher strategy --- .../authentication/AuthenticationFilter.java | 1 + .../ExactUrlPatternMatcherStrategy.java | 22 ++++++++++ .../AuthenticationFilterTests.java | 40 ++++++++++++++++++- 3 files changed, 62 insertions(+), 1 deletion(-) create mode 100644 cas-client-core/src/main/java/org/jasig/cas/client/authentication/ExactUrlPatternMatcherStrategy.java diff --git a/cas-client-core/src/main/java/org/jasig/cas/client/authentication/AuthenticationFilter.java b/cas-client-core/src/main/java/org/jasig/cas/client/authentication/AuthenticationFilter.java index 42b6817..b77c64c 100644 --- a/cas-client-core/src/main/java/org/jasig/cas/client/authentication/AuthenticationFilter.java +++ b/cas-client-core/src/main/java/org/jasig/cas/client/authentication/AuthenticationFilter.java @@ -77,6 +77,7 @@ public class AuthenticationFilter extends AbstractCasFilter { static { PATTERN_MATCHER_TYPES.put("CONTAINS", ContainsPatternUrlPatternMatcherStrategy.class); PATTERN_MATCHER_TYPES.put("REGEX", RegexUrlPatternMatcherStrategy.class); + PATTERN_MATCHER_TYPES.put("EXACT", ExactUrlPatternMatcherStrategy.class); } protected void initInternal(final FilterConfig filterConfig) throws ServletException { diff --git a/cas-client-core/src/main/java/org/jasig/cas/client/authentication/ExactUrlPatternMatcherStrategy.java b/cas-client-core/src/main/java/org/jasig/cas/client/authentication/ExactUrlPatternMatcherStrategy.java new file mode 100644 index 0000000..0a5b42f --- /dev/null +++ b/cas-client-core/src/main/java/org/jasig/cas/client/authentication/ExactUrlPatternMatcherStrategy.java @@ -0,0 +1,22 @@ +package org.jasig.cas.client.authentication; + +/** + * A pattern matcher that produces a successful match if the pattern + * specified matches the given url exactly and equally. + * + * @author Misagh Moayyed + * @since 3.3.1 + */ +public class ExactUrlPatternMatcherStrategy implements UrlPatternMatcherStrategy { + + private String pattern; + + public boolean matches(final String url) { + return url.equals(this.pattern); + } + + public void setPattern(final String pattern) { + this.pattern = pattern; + } + +} diff --git a/cas-client-core/src/test/java/org/jasig/cas/client/authentication/AuthenticationFilterTests.java b/cas-client-core/src/test/java/org/jasig/cas/client/authentication/AuthenticationFilterTests.java index 3320a0d..48479a5 100644 --- a/cas-client-core/src/test/java/org/jasig/cas/client/authentication/AuthenticationFilterTests.java +++ b/cas-client-core/src/test/java/org/jasig/cas/client/authentication/AuthenticationFilterTests.java @@ -19,13 +19,17 @@ package org.jasig.cas.client.authentication; import static org.junit.Assert.*; + import java.io.IOException; import java.lang.reflect.Field; +import java.net.URL; import java.net.URLEncoder; + import javax.servlet.FilterChain; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; + import org.jasig.cas.client.util.AbstractCasFilter; import org.jasig.cas.client.validation.AssertionImpl; import org.junit.After; @@ -245,7 +249,7 @@ public final class AuthenticationFilterTests { } @Test - public void testIgnorePatternsWithExactMatching() throws Exception { + public void testIgnorePatternsWithContainsMatching() throws Exception { final AuthenticationFilter f = new AuthenticationFilter(); final MockServletContext context = new MockServletContext(); context.addInitParameter("casServerLoginUrl", CAS_LOGIN_URL); @@ -273,6 +277,40 @@ public final class AuthenticationFilterTests { assertNull(response.getRedirectedUrl()); } + @Test + public void testIgnorePatternsWithExactMatching() throws Exception { + final AuthenticationFilter f = new AuthenticationFilter(); + final MockServletContext context = new MockServletContext(); + context.addInitParameter("casServerLoginUrl", CAS_LOGIN_URL); + + final URL url = new URL(CAS_SERVICE_URL + "?param=valueToIgnore"); + + context.addInitParameter("ignorePattern", url.toExternalForm()); + context.addInitParameter("ignoreUrlPatternType", "EXACT"); + context.addInitParameter("service", CAS_SERVICE_URL); + f.init(new MockFilterConfig(context)); + + final MockHttpServletRequest request = new MockHttpServletRequest(); + request.setScheme(url.getProtocol()); + request.setServerName(url.getHost()); + request.setServerPort(url.getPort()); + request.setQueryString(url.getQuery()); + request.setRequestURI(url.getPath()); + + final MockHttpSession session = new MockHttpSession(); + request.setSession(session); + + final MockHttpServletResponse response = new MockHttpServletResponse(); + + final FilterChain filterChain = new FilterChain() { + public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException { + } + }; + + f.doFilter(request, response, filterChain); + assertNull(response.getRedirectedUrl()); + } + @Test public void testIgnorePatternsWithExactClassname() throws Exception { final AuthenticationFilter f = new AuthenticationFilter(); From ed4802f9432812ab2fe2f5ae5864131d57f6a20e Mon Sep 17 00:00:00 2001 From: Misagh Moayyed Date: Mon, 17 Mar 2014 00:18:56 -0700 Subject: [PATCH 13/13] CASC-219: added final --- .../ContainsPatternUrlPatternMatcherStrategy.java | 2 +- .../client/authentication/ExactUrlPatternMatcherStrategy.java | 2 +- .../client/authentication/RegexUrlPatternMatcherStrategy.java | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/cas-client-core/src/main/java/org/jasig/cas/client/authentication/ContainsPatternUrlPatternMatcherStrategy.java b/cas-client-core/src/main/java/org/jasig/cas/client/authentication/ContainsPatternUrlPatternMatcherStrategy.java index 1532481..48c9f5f 100644 --- a/cas-client-core/src/main/java/org/jasig/cas/client/authentication/ContainsPatternUrlPatternMatcherStrategy.java +++ b/cas-client-core/src/main/java/org/jasig/cas/client/authentication/ContainsPatternUrlPatternMatcherStrategy.java @@ -24,7 +24,7 @@ package org.jasig.cas.client.authentication; * @author Misagh Moayyed * @since 3.3.1 */ -public class ContainsPatternUrlPatternMatcherStrategy implements UrlPatternMatcherStrategy { +public final class ContainsPatternUrlPatternMatcherStrategy implements UrlPatternMatcherStrategy { private String pattern; diff --git a/cas-client-core/src/main/java/org/jasig/cas/client/authentication/ExactUrlPatternMatcherStrategy.java b/cas-client-core/src/main/java/org/jasig/cas/client/authentication/ExactUrlPatternMatcherStrategy.java index 0a5b42f..b476a30 100644 --- a/cas-client-core/src/main/java/org/jasig/cas/client/authentication/ExactUrlPatternMatcherStrategy.java +++ b/cas-client-core/src/main/java/org/jasig/cas/client/authentication/ExactUrlPatternMatcherStrategy.java @@ -7,7 +7,7 @@ package org.jasig.cas.client.authentication; * @author Misagh Moayyed * @since 3.3.1 */ -public class ExactUrlPatternMatcherStrategy implements UrlPatternMatcherStrategy { +public final class ExactUrlPatternMatcherStrategy implements UrlPatternMatcherStrategy { private String pattern; diff --git a/cas-client-core/src/main/java/org/jasig/cas/client/authentication/RegexUrlPatternMatcherStrategy.java b/cas-client-core/src/main/java/org/jasig/cas/client/authentication/RegexUrlPatternMatcherStrategy.java index 7bb54e8..a941459 100644 --- a/cas-client-core/src/main/java/org/jasig/cas/client/authentication/RegexUrlPatternMatcherStrategy.java +++ b/cas-client-core/src/main/java/org/jasig/cas/client/authentication/RegexUrlPatternMatcherStrategy.java @@ -27,7 +27,7 @@ import java.util.regex.Pattern; * @author Misagh Moayyed * @since 3.3.1 */ -public class RegexUrlPatternMatcherStrategy implements UrlPatternMatcherStrategy { +public final class RegexUrlPatternMatcherStrategy implements UrlPatternMatcherStrategy { private Pattern pattern;