Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow AuthenticationConverter to be settable in BasicAuthenticationFilter #13989

Closed
wants to merge 4 commits into from
Closed

Allow AuthenticationConverter to be settable in BasicAuthenticationFilter #13989

wants to merge 4 commits into from

Conversation

mmoayyed
Copy link

Closes #13988

@mmoayyed mmoayyed mentioned this pull request Oct 10, 2023
Closed
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Oct 10, 2023
@marcusdacoregio marcusdacoregio self-assigned this Oct 10, 2023
@marcusdacoregio marcusdacoregio added type: enhancement A general enhancement in: web An issue in web modules (web, webmvc) and removed status: waiting-for-triage An issue we've not yet triaged labels Oct 10, 2023
marcusdacoregio
marcusdacoregio suggested changes Oct 10, 2023
View reviewed changes
Copy link
Contributor

@marcusdacoregio marcusdacoregio left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @mmoayyed, I've left some feedback inline.

When you are done, can you please squash your commits? Thanks!

...main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java Outdated
Comment on lines 98 to 100
protected AuthenticationEntryPoint authenticationEntryPoint;

private AuthenticationManager authenticationManager;
protected final AuthenticationManager authenticationManager;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you please leave the PR with changes related only to the AuthenticationConverter?

...java/org/springframework/security/web/authentication/www/BasicAuthenticationFilterTests.java Outdated
Comment on lines 85 to 93
this.filter.setAuthenticationConverter(new BasicAuthenticationConverter() {
@Override
public UsernamePasswordAuthenticationToken convert(final HttpServletRequest request) {
if (request.getServletPath().equalsIgnoreCase("/ignored-request")) {
return null;
}
return super.convert(request);
}
});
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can set the AuthenticationConverter into the filter in a specific test, there is no need to add it for every test method in @BeforeEach.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In addition to that, we recommend using a delegate than extend the existing BasicAuthenticationConverter, something like:

static class MyAuthenticationConverter implements AuthenticationConverter {

    private final BasicAuthenticationConverter delegate = new BasicAuthenticationConverter();

    @Override
	public UsernamePasswordAuthenticationToken convert(final HttpServletRequest request) {
		// check if request matches, maybe use RequestMatcher here
		return this.delegate.convert(request);
	}

}

Sometimes people refer to the tests as implementation examples, so it is better to align with what the team recommends and uses.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A delegate is not possible here because the setter is:

public void setAuthenticationConverter(BasicAuthenticationConverter authenticationConverter) {}

It's not possible to switch to:

public void setAuthenticationConverter(AuthenticationConverter authenticationConverter) {}

...and change the field type to AuthenticationConverter because that breaks other things in the filter.

How would you like to proceed?

@mmoayyed
Copy link
Author

Thank you for the feedback. I will try to get to this tomorrow but if that is too late for the release you are more than welcome to take over from here or otherwise I was see what I can do in the coming days.

@marcusdacoregio
Copy link
Contributor

Closed via 7e9d707

@marcusdacoregio marcusdacoregio added this to the 6.2.0-RC1 milestone Oct 11, 2023
@marcusdacoregio
Copy link
Contributor

Thanks, @mmoayyed. I took over from where you left it and added the support into main.

@mmoayyed mmoayyed deleted the issue-13988 branch October 11, 2023 13:08
@mmoayyed
Copy link
Author

Thank you very much!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marcusdacoregio marcusdacoregio marcusdacoregio requested changes

Assignees

@marcusdacoregio marcusdacoregio

Labels
in: web An issue in web modules (web, webmvc) type: enhancement A general enhancement
Projects
None yet
Milestone
6.2.0-RC1
Development

Successfully merging this pull request may close these issues.

Allow one to customize the AuthenticationConverter in BasicAuthenticationFilter
3 participants
@mmoayyed @marcusdacoregio @spring-projects-issues