Refactor StrongboxAuthenticationFilter extend Spring's AuthenticationFilter interface and related re-workings

[soapdogg]

Pull Request Description

This pull request makes progress on #1552

This satisfies the following

• Make org.carlspring.strongbox.security.authentication.StrongboxAuthenticationFilter extend the org.springframework.security.web.authentication.AuthenticationFilter
• Re-work AuthenticationSupplier implementations to AuthenticationConverter implementations
• Re-work AuthenticationSuppliers implementation to DelegatingAuthenticationConverter (it should delegate to first AuthenticationConverter that will return not null Authentication object)
• Check that new StrongboxAuthenticationFilter implementation consistent with logic that we currently have
• Provide unit tests that check different authentication scenarios with few mocked AuthenticationConverter implementations

Acceptance Test

• Building the code with mvn clean install -Dintegration.tests still works.
• Running mvn spring-boot:run in the strongbox-web-core still starts up the application correctly.
• Building the code and running the strongbox-distribution from a zip or tar.gz still works.
• The tests in the strongbox-web-integration-tests still run properly.

Questions

• Does this pull request break backward compatibility?

  • Yes
  • No

• Does this pull request require other pull requests to be merged first?

  • Yes, please see #...
  • No

• Does this require an update of the documentation?

  • Yes, please see strongbox/strongbox-docs#{PR_NUMBER}
  • No

[steve-todorov]

+1 for the naming! :)

[sbespalov]

not sure that *AuthenticationStrategy is good naming here, because this interface do not authenticate by itself, it just supplies the Authentication object based on HttpServletRequest.

[steve-todorov]

Sorry, I read it too fast before bed. You're right.

[sbespalov]

@soapdogg thanks for the PR. It's seems that task requirements was not really clear for you so the main point was not to use custom StrongboxAuthenticationFilter implementation and make it use original AuthenticationFilter instead. Would you be able to do it as it was assumed to be done? Also if you have any question please ask.

[sbespalov]

@soapdogg these changes seems not related with the PR. Where does it come from?

[steve-todorov]

He probably merged from upstream where I applied them.

[soapdogg]

Yes, that is my mistake. I can make another pull request with just my changes.

[sbespalov]

we can stay with this PR, just force push new commits here without merge commits

[sbespalov]

@soapdogg you shouldn't override doFilterInternal method here. The point of this task was to use original AuthenticationFilter implementation to work same way as it was before with StrongboxAuthenticationFilter.

[soapdogg]

Make org.carlspring.strongbox.security.authentication.StrongboxAuthenticationFilter extend the org.springframework.security.web.authentication.AuthenticationFilter is in the issue description.

It seems like what you are saying an this is contradicting each other. Which implementation is preferred?

[sbespalov]

I mean that you can extend but shouldn't just override everything, obviously it doesn't make sense.
sorry if it was not clear :)

[sbespalov]

not sure that *AuthenticationStrategy is good naming here, because this interface do not authenticate by itself, it just supplies the Authentication object based on HttpServletRequest.

[sbespalov]

why not public class?

[soapdogg]

habit from using junit jupiter in other projects. I can add public

[sbespalov]

I think it should be public

[carlspring]

@soapdogg ,

How are things going with this pull request? Is it clear for you what still needs to be done?

[soapdogg]

@carlspring

Hi,

Not necessarily -- it does seem like some of the comments on the pull request are contradicting to what is in the task description so it's unclear what direction needs to be taken with this.

Feel free to unassign the task from me if someone else wants to take a look.