Merge pull request #1771 from BroadleafCommerce/resource-filter-fix

Ensure all Filter implementations do not use @resource for standalone Tomcat
BroadleafCommerce · Jan 17, 2018 · 6b6cd8d · 6b6cd8d
2 parents 2b5175c + 4c00a00
commit 6b6cd8d
Show file tree

Hide file tree

Showing 11 changed files with 128 additions and 93 deletions.
diff --git a/.gitignore b/.gitignore
@@ -11,3 +11,4 @@ test-output
 bin/
 **/*maven-eclipse.xml
 **/*externalToolBuilders
+.sts4-cache
diff --git a/...agement-module/src/main/java/org/broadleafcommerce/cms/web/BroadleafProcessURLFilter.java b/...agement-module/src/main/java/org/broadleafcommerce/cms/web/BroadleafProcessURLFilter.java
@@ -10,7 +10,7 @@
  * the Broadleaf End User License Agreement (EULA), Version 1.1
  * (the "Commercial License" located at http://license.broadleafcommerce.org/commercial_license-1.1.txt)
  * shall apply.
- * 
+ *
  * Alternatively, the Commercial License may be replaced with a mutually agreed upon license (the "Custom License")
  * between you and Broadleaf Commerce. You may not use this file except in compliance with the applicable license.
  * #L%
@@ -31,6 +31,8 @@
 import org.broadleafcommerce.common.time.SystemTime;
 import org.broadleafcommerce.common.web.BroadleafRequestContext;
 import org.broadleafcommerce.common.web.util.StatusExposingServletResponse;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.web.filter.OncePerRequestFilter;
 
 import com.google.common.cache.Cache;
@@ -52,7 +54,6 @@
 import java.util.concurrent.ExecutionException;
 import java.util.concurrent.TimeUnit;
 
-import javax.annotation.Resource;
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
@@ -63,7 +64,7 @@
 /**
  * @deprecated In favor of org.broadleafcommerce.common.web.BroadleafRequestFilter.
  * formally component name "blProcessURLFilter"
- * 
+ *
  * This filter sets up the CMS system by setting the current sandbox, locale, time of day, and languageCode
  * that used by content items.
  * <p/>
@@ -93,10 +94,12 @@ public class BroadleafProcessURLFilter extends OncePerRequestFilter {
     private Cache<String, URLProcessor> urlCache;
 
 
-    @Resource(name = "blSandBoxService")
+    @Autowired
+    @Qualifier("blSandBoxService")
     private SandBoxService sandBoxService;
 
-    @Resource(name = "blLocaleService")
+    @Autowired
+    @Qualifier("blLocaleService")
     private LocaleService localeService;
 
     protected Boolean sandBoxPreviewEnabled = true;
@@ -216,7 +219,7 @@ public void doFilterInternal(HttpServletRequest request, HttpServletResponse res
             } else {
                 if (LOG.isTraceEnabled()) {
                     LOG.trace("URL about to be processed by a Broadleaf URLProcessor " + requestURIWithoutContext);
-                }                
+                }
                 urlProcessor.processURL(requestURIWithoutContext);
             }
         } finally {
@@ -288,7 +291,7 @@ private URLProcessor determineURLProcessor(String requestURI) {
      * @return true if the {@code HttpServletRequest} should be processed
      */
     protected boolean shouldProcessURL(HttpServletRequest request, String requestURI) {
-        if (requestURI.contains(BLC_ADMIN_GWT) || 
+        if (requestURI.contains(BLC_ADMIN_GWT) ||
             requestURI.endsWith(BLC_ADMIN_SERVICE) ||
             requestURI.contains(BLC_ADMIN_PREFIX)) {
             if (LOG.isTraceEnabled()) {

diff --git a/...in-platform/src/main/java/org/broadleafcommerce/openadmin/web/filter/AdminCsrfFilter.java b/...in-platform/src/main/java/org/broadleafcommerce/openadmin/web/filter/AdminCsrfFilter.java
@@ -10,7 +10,7 @@
  * the Broadleaf End User License Agreement (EULA), Version 1.1
  * (the "Commercial License" located at http://license.broadleafcommerce.org/commercial_license-1.1.txt)
  * shall apply.
- * 
+ *
  * Alternatively, the Commercial License may be replaced with a mutually agreed upon license (the "Custom License")
  * between you and Broadleaf Commerce. You may not use this file except in compliance with the applicable license.
  * #L%
@@ -20,13 +20,14 @@
 
 import org.broadleafcommerce.common.exception.ServiceException;
 import org.broadleafcommerce.common.security.handler.CsrfFilter;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.web.authentication.AuthenticationFailureHandler;
 import org.springframework.security.web.authentication.session.SessionAuthenticationException;
 
 import java.io.IOException;
 
-import javax.annotation.Resource;
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
@@ -35,23 +36,25 @@
 import javax.servlet.http.HttpServletResponse;
 
 /**
- * This class attempts the work flow of the CsrfFilter, but in the event of a Csrf token mismatch 
+ * This class attempts the work flow of the CsrfFilter, but in the event of a Csrf token mismatch
  * (Session reset for example) the User will be redirected to login, if not session reset User is sent to previous location.
- * 
+ *
  * The "blCsrfFilter' from applicationContext-admin-security should reference this class (org.broadleafcommerce.openadmin.web.filter.AdminCsrfFilter)
  * instead of the CsrfFilter
- * 
+ *
  *     <bean id="blCsrfFilter" class="org.broadleafcommerce.openadmin.web.filter.AdminCsrfFilter" />
  *
  * @deprecated Use {@link AdminSecurityFilter} instead
  * @author trevorleffert
  */
 @Deprecated
 public class AdminCsrfFilter extends CsrfFilter {
-
-    @Resource(name = "blAdminAuthenticationFailureHandler")
+
+    @Autowired
+    @Qualifier("blAdminAuthenticationFailureHandler")
     protected AuthenticationFailureHandler failureHandler;
-
+
+    @Override
     public void doFilter(ServletRequest baseRequest, ServletResponse baseResponse, FilterChain chain) throws IOException, ServletException {
         try {
             super.doFilter(baseRequest, baseResponse, chain);

diff --git a/...c/main/java/org/broadleafcommerce/openadmin/web/filter/AdminExternalLoginStateFilter.java b/...c/main/java/org/broadleafcommerce/openadmin/web/filter/AdminExternalLoginStateFilter.java
@@ -10,7 +10,7 @@
  * the Broadleaf End User License Agreement (EULA), Version 1.1
  * (the "Commercial License" located at http://license.broadleafcommerce.org/commercial_license-1.1.txt)
  * shall apply.
- * 
+ *
  * Alternatively, the Commercial License may be replaced with a mutually agreed upon license (the "Custom License")
  * between you and Broadleaf Commerce. You may not use this file except in compliance with the applicable license.
  * #L%
@@ -22,6 +22,8 @@
 import org.broadleafcommerce.openadmin.server.security.domain.AdminRole;
 import org.broadleafcommerce.openadmin.server.security.domain.AdminUser;
 import org.broadleafcommerce.openadmin.server.security.service.AdminSecurityService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
@@ -35,7 +37,6 @@
 import java.util.List;
 import java.util.Set;
 
-import javax.annotation.Resource;
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
@@ -48,7 +49,7 @@
  * This class checks to see if a user exists and if not, creates one.  It also replaces all roles associated with a user with roles that
  * match their Authentication credentials.  DO NOT USE THIS FILTER UNLESS YOU ARE AUTHENTICATING AGAINST AN EXTERNAL
  * SOURCE SUCH AS LDAP.
- * 
+ *
  * @deprecated NO LONGER REQUIRED AND SHOULD NOT BE USED. SEE BroadleafAdminLdapUserDetailsMapper.
  *
  * <p/>
@@ -57,13 +58,15 @@
  */
 @Deprecated
 public class AdminExternalLoginStateFilter extends GenericFilterBean {
-    
+
     protected static final String BLC_ADMIN_PROVISION_USER_CHECK = "BLC_ADMIN_PROVISION_USER_CHECK";
 
-    @Resource(name="blAdminSecurityService")
+    @Autowired
+    @Qualifier("blAdminSecurityService")
     private AdminSecurityService adminSecurityService;
-
-    @Resource(name="blEntityConfiguration")
+
+    @Autowired
+    @Qualifier("blEntityConfiguration")
     private EntityConfiguration entityConfiguration;
 
     @Override
@@ -86,15 +89,15 @@ public void doFilter(ServletRequest servletRequest, ServletResponse servletRespo
                             saveAdminUser(broadleafUser, user);
                             request.getSession().setAttribute(BLC_ADMIN_PROVISION_USER_CHECK, Boolean.TRUE);
                         }
-                        
+
                     }
                 }
             }
         }
 
         filterChain.doFilter(servletRequest, servletResponse);
     }
-    
+
     protected void saveAdminUser(BroadleafExternalAuthenticationUserDetails broadleafUser, AdminUser user) {
         //Name, login, password, email are required.
         user.setLogin(broadleafUser.getUsername());
@@ -127,7 +130,7 @@ protected void saveAdminUser(BroadleafExternalAuthenticationUserDetails broadlea
             roleSet = new HashSet<AdminRole>();
             user.setAllRoles(roleSet);
         }
-        
+
         //Now add the appropriate roles back in
         List<AdminRole> availableRoles = adminSecurityService.readAllAdminRoles();
         if (availableRoles != null) {

diff --git a/common/src/main/java/org/broadleafcommerce/common/security/handler/CsrfFilter.java b/common/src/main/java/org/broadleafcommerce/common/security/handler/CsrfFilter.java
@@ -10,7 +10,7 @@
  * the Broadleaf End User License Agreement (EULA), Version 1.1
  * (the "Commercial License" located at http://license.broadleafcommerce.org/commercial_license-1.1.txt)
  * shall apply.
- * 
+ *
  * Alternatively, the Commercial License may be replaced with a mutually agreed upon license (the "Custom License")
  * between you and Broadleaf Commerce. You may not use this file except in compliance with the applicable license.
  * #L%
@@ -21,14 +21,15 @@
 import org.apache.commons.logging.LogFactory;
 import org.broadleafcommerce.common.exception.ServiceException;
 import org.broadleafcommerce.common.security.service.ExploitProtectionService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.web.filter.GenericFilterBean;
 
 import java.io.IOException;
 import java.util.List;
 
-import javax.annotation.Resource;
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
@@ -50,8 +51,9 @@
 @Deprecated
 public class CsrfFilter extends GenericFilterBean {
     protected static final Log LOG = LogFactory.getLog(CsrfFilter.class);
-
-    @Resource(name="blExploitProtectionService")
+
+    @Autowired
+    @Qualifier("blExploitProtectionService")
     protected ExploitProtectionService exploitProtectionService;
 
     protected List<String> excludedRequestPatterns;
@@ -81,7 +83,7 @@ public void doFilter(ServletRequest baseRequest, ServletResponse baseResponse, F
                 throw new ServletException(e);
             }
         }
-        
+
         chain.doFilter(request, response);
     }
 

diff --git a/common/src/main/java/org/broadleafcommerce/common/security/handler/SecurityFilter.java b/common/src/main/java/org/broadleafcommerce/common/security/handler/SecurityFilter.java
@@ -10,7 +10,7 @@
  * the Broadleaf End User License Agreement (EULA), Version 1.1
  * (the "Commercial License" located at http://license.broadleafcommerce.org/commercial_license-1.1.txt)
  * shall apply.
- * 
+ *
  * Alternatively, the Commercial License may be replaced with a mutually agreed upon license (the "Custom License")
  * between you and Broadleaf Commerce. You may not use this file except in compliance with the applicable license.
  * #L%
@@ -23,14 +23,15 @@
 import org.broadleafcommerce.common.security.service.ExploitProtectionService;
 import org.broadleafcommerce.common.security.service.StaleStateProtectionService;
 import org.broadleafcommerce.common.security.service.StaleStateServiceException;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.web.filter.GenericFilterBean;
 
 import java.io.IOException;
 import java.util.List;
 
-import javax.annotation.Resource;
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
@@ -56,11 +57,13 @@
 public class SecurityFilter extends GenericFilterBean {
 
     protected static final Log LOG = LogFactory.getLog(SecurityFilter.class);
-
-    @Resource(name="blStaleStateProtectionService")
+
+    @Autowired
+    @Qualifier("blStaleStateProtectionService")
     protected StaleStateProtectionService staleStateProtectionService;
 
-    @Resource(name="blExploitProtectionService")
+    @Autowired
+    @Qualifier("blExploitProtectionService")
     protected ExploitProtectionService exploitProtectionService;
 
     protected List<String> excludedRequestPatterns;

diff --git a/common/src/main/java/org/broadleafcommerce/common/web/util/PrecompressedArtifactFilter.java b/common/src/main/java/org/broadleafcommerce/common/web/util/PrecompressedArtifactFilter.java
@@ -10,14 +10,16 @@
  * the Broadleaf End User License Agreement (EULA), Version 1.1
  * (the "Commercial License" located at http://license.broadleafcommerce.org/commercial_license-1.1.txt)
  * shall apply.
- * 
+ *
  * Alternatively, the Commercial License may be replaced with a mutually agreed upon license (the "Custom License")
  * between you and Broadleaf Commerce. You may not use this file except in compliance with the applicable license.
  * #L%
  */
 package org.broadleafcommerce.common.web.util;
 
 import org.apache.commons.lang.ArrayUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.core.env.Environment;
 import org.springframework.web.filter.GenericFilterBean;
 
@@ -45,7 +47,8 @@ public class PrecompressedArtifactFilter extends GenericFilterBean {
 
     private boolean useWhileInDefaultEnvironment = true;
 
-    @Resource(name = "blPrecompressedArtifactFileExtensionWhitelist")
+    @Autowired
+    @Qualifier("blPrecompressedArtifactFileExtensionWhitelist")
     List<String> fileExtensionWhitelist;
 
     @Resource

diff --git a/.../src/main/java/org/broadleafcommerce/core/web/catalog/DefaultDynamicSkuPricingFilter.java b/.../src/main/java/org/broadleafcommerce/core/web/catalog/DefaultDynamicSkuPricingFilter.java
@@ -10,7 +10,7 @@
  * the Broadleaf End User License Agreement (EULA), Version 1.1
  * (the "Commercial License" located at http://license.broadleafcommerce.org/commercial_license-1.1.txt)
  * shall apply.
- * 
+ *
  * Alternatively, the Commercial License may be replaced with a mutually agreed upon license (the "Custom License")
  * between you and Broadleaf Commerce. You may not use this file except in compliance with the applicable license.
  * #L%
@@ -20,38 +20,44 @@
 import org.broadleafcommerce.core.catalog.service.dynamic.DynamicSkuPricingService;
 import org.broadleafcommerce.profile.core.domain.Customer;
 import org.broadleafcommerce.profile.web.core.CustomerState;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
+
+import java.util.HashMap;
 
-import javax.annotation.Resource;
 import javax.servlet.ServletRequest;
 import javax.servlet.http.HttpServletRequest;
-import java.util.HashMap;
 
 /**
  * Register this filter via Spring DelegatingFilterProxy, or register your own implementation
  * that provides additional, desirable members to the pricingConsiderations Map
  * that is generated from the getPricingConsiderations method.
- * 
+ *
  * @author jfischer
  *
  */
 public class DefaultDynamicSkuPricingFilter extends AbstractDynamicSkuPricingFilter {
-
-    @Resource(name="blDynamicSkuPricingService")
+
+    @Autowired
+    @Qualifier("blDynamicSkuPricingService")
     protected DynamicSkuPricingService skuPricingService;
-
-    @Resource(name="blCustomerState")
+
+    @Autowired
+    @Qualifier("blCustomerState")
     protected CustomerState customerState;
 
+    @Override
     public DynamicSkuPricingService getDynamicSkuPricingService(ServletRequest request) {
         return skuPricingService;
     }
 
+    @Override
     @SuppressWarnings({ "rawtypes", "unchecked" })
     public HashMap getPricingConsiderations(ServletRequest request) {
         HashMap pricingConsiderations = new HashMap();
         Customer customer = customerState.getCustomer((HttpServletRequest)  request);
         pricingConsiderations.put("customer", customer);
-        
+
         return pricingConsiderations;
     }