-
Notifications
You must be signed in to change notification settings - Fork 614
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Refactor StrongboxAuthenticationFilter extend Spring's AuthenticationFilter interface and related re-workings #1866
base: master
Are you sure you want to change the base?
Conversation
…Filter interface and related re workings
...ngbox-web-core/src/main/java/org/carlspring/strongbox/controllers/login/LoginController.java
Outdated
Show resolved
Hide resolved
...ain/java/org/carlspring/strongbox/security/authentication/StrongboxAuthenticationFilter.java
Outdated
Show resolved
Hide resolved
...rg/carlspring/strongbox/security/authentication/strategy/NpmLoginAuthenticationStrategy.java
Outdated
Show resolved
Hide resolved
...java/org/carlspring/strongbox/security/authentication/StrongboxAuthenticationFilterTest.java
Outdated
Show resolved
Hide resolved
...java/org/carlspring/strongbox/security/authentication/StrongboxAuthenticationFilterTest.java
Outdated
Show resolved
Hide resolved
...java/org/carlspring/strongbox/security/authentication/StrongboxAuthenticationFilterTest.java
Outdated
Show resolved
Hide resolved
...java/org/carlspring/strongbox/security/authentication/StrongboxAuthenticationFilterTest.java
Outdated
Show resolved
Hide resolved
...java/org/carlspring/strongbox/security/authentication/StrongboxAuthenticationFilterTest.java
Outdated
Show resolved
Hide resolved
...java/org/carlspring/strongbox/security/authentication/StrongboxAuthenticationFilterTest.java
Outdated
Show resolved
Hide resolved
@@ -20,28 +20,23 @@ | |||
*/ | |||
@Component | |||
@Order(4) | |||
class BasicAuthenticationSupplier implements AuthenticationSupplier | |||
class BasicAuthenticationStrategy implements AuthenticationStrategy |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1 for the naming! :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
not sure that *AuthenticationStrategy
is good naming here, because this interface do not authenticate by itself, it just supplies the Authentication
object based on HttpServletRequest
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry, I read it too fast before bed. You're right.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@soapdogg thanks for the PR. It's seems that task requirements was not really clear for you so the main point was not to use custom StrongboxAuthenticationFilter
implementation and make it use original AuthenticationFilter
instead. Would you be able to do it as it was assumed to be done? Also if you have any question please ask.
@@ -1,4 +1,6 @@ | |||
# ![strongbox-logo][strongbox-logo] | |||
<p align="center" width="100%"> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@soapdogg these changes seems not related with the PR. Where does it come from?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
He probably merged from upstream where I applied them.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, that is my mistake. I can make another pull request with just my changes.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we can stay with this PR, just force push new commits here without merge commits
import org.slf4j.Logger; | ||
import org.slf4j.LoggerFactory; | ||
import org.springframework.security.authentication.AuthenticationManager; | ||
import org.springframework.security.core.Authentication; | ||
import org.springframework.security.core.context.SecurityContextHolder; | ||
import org.springframework.web.filter.OncePerRequestFilter; | ||
import org.springframework.security.web.authentication.AuthenticationFilter; | ||
|
||
/** | ||
* @author Przemyslaw Fusik | ||
*/ | ||
public class StrongboxAuthenticationFilter |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@soapdogg you shouldn't override doFilterInternal
method here. The point of this task was to use original AuthenticationFilter
implementation to work same way as it was before with StrongboxAuthenticationFilter
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Make org.carlspring.strongbox.security.authentication.StrongboxAuthenticationFilter extend the org.springframework.security.web.authentication.AuthenticationFilter
is in the issue description.
It seems like what you are saying an this is contradicting each other. Which implementation is preferred?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I mean that you can extend but shouldn't just override everything, obviously it doesn't make sense.
sorry if it was not clear :)
@@ -20,28 +20,23 @@ | |||
*/ | |||
@Component | |||
@Order(4) | |||
class BasicAuthenticationSupplier implements AuthenticationSupplier | |||
class BasicAuthenticationStrategy implements AuthenticationStrategy |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
not sure that *AuthenticationStrategy
is good naming here, because this interface do not authenticate by itself, it just supplies the Authentication
object based on HttpServletRequest
.
import javax.servlet.http.HttpServletResponse; | ||
import java.io.IOException; | ||
|
||
class StrongboxAuthenticationFilterTest |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why not public
class?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
habit from using junit jupiter in other projects. I can add public
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it should be public
How are things going with this pull request? Is it clear for you what still needs to be done? |
Hi, Not necessarily -- it does seem like some of the comments on the pull request are contradicting to what is in the task description so it's unclear what direction needs to be taken with this. Feel free to unassign the task from me if someone else wants to take a look. |
Pull Request Description
This pull request makes progress on #1552
This satisfies the following
org.carlspring.strongbox.security.authentication.StrongboxAuthenticationFilter
extend theorg.springframework.security.web.authentication.AuthenticationFilter
AuthenticationSupplier
implementations toAuthenticationConverter
implementationsAuthenticationSuppliers
implementation toDelegatingAuthenticationConverter
(it should delegate to firstAuthenticationConverter
that will return not null Authentication object)StrongboxAuthenticationFilter
implementation consistent with logic that we currently haveAcceptance Test
mvn clean install -Dintegration.tests
still works.mvn spring-boot:run
in thestrongbox-web-core
still starts up the application correctly.strongbox-distribution
from azip
ortar.gz
still works.strongbox-web-integration-tests
still run properly.Questions
Does this pull request break backward compatibility?
Does this pull request require other pull requests to be merged first?
Does this require an update of the documentation?