1158 - Fixed issue with StormpathWrapperFilter and two failing ITs

Author: Mario

extensions/spring/boot/stormpath-spring-security-webmvc-spring-boot-starter/src/test/groovy/com/stormpath/spring/boot/autoconfigure/StormpathWebSecurityAutoConfigurationIT.groovy

@@ -20,12 +20,14 @@
 import com.stormpath.sdk.authc.AuthenticationResult;
 import com.stormpath.sdk.client.Client;
 import com.stormpath.sdk.idsite.IdSiteResultListener;
+import com.stormpath.sdk.lang.Assert;
 import com.stormpath.sdk.lang.Strings;
 import com.stormpath.sdk.saml.SamlResultListener;
 import com.stormpath.sdk.servlet.csrf.CsrfTokenManager;
 import com.stormpath.sdk.servlet.csrf.DisabledCsrfTokenManager;
 import com.stormpath.sdk.servlet.event.RequestEvent;
 import com.stormpath.sdk.servlet.event.impl.Publisher;
+import com.stormpath.sdk.servlet.filter.WrappedServletRequestFactory;
 import com.stormpath.sdk.servlet.filter.account.AccountResolverFilter;
 import com.stormpath.sdk.servlet.http.MediaType;
 import com.stormpath.sdk.servlet.http.Resolver;
@@ -59,9 +61,9 @@
 
 import java.util.Arrays;
 import java.util.Collections;
+import java.util.LinkedHashSet;
 import java.util.List;
 
-
 /**
  * @since 1.0.RC5
  */
@@ -141,6 +143,17 @@ public abstract class AbstractStormpathWebSecurityConfiguration {
     @Value("#{ @environment['stormpath.web.oauth2.uri'] ?: '/oauth/token' }")
     protected String accessTokenUri;
 
+    @Value("#{ @environment['stormpath.web.request.client.attributeNames'] ?: 'client' }")
+    protected String clientRequestAttributeNames;
+
+    @Value("#{ @environment['stormpath.web.request.application.attributeNames'] ?: 'application' }")
+    protected String applicationRequestAttributeNames;
+
+    @Autowired
+    @Qualifier("stormpathWrappedServletRequestFactory")
+    private WrappedServletRequestFactory wrappedServletRequestFactory;
+
+
     public StormpathWebSecurityConfigurer stormpathWebSecurityConfigurer() {
         return new StormpathWebSecurityConfigurer();
     }
@@ -278,7 +291,15 @@ public CorsConfigurationSource corsConfigurationSource() {
      * @since 1.3.0
      */
     public StormpathWrapperFilter stormpathWrapperFilter() {
-        return new StormpathWrapperFilter();
+        Assert.notNull(clientRequestAttributeNames, "clientRequestAttributeNames cannot be null.");
+        Assert.notNull(applicationRequestAttributeNames, "applicationRequestAttributeNames cannot be null.");
+        StormpathWrapperFilter filter = new StormpathWrapperFilter();
+        filter.setClientRequestAttributeNames(Strings.split(clientRequestAttributeNames) != null ? new LinkedHashSet<>(Arrays.asList(Strings.split(clientRequestAttributeNames))) : Collections.<String>emptySet());
+        filter.setApplicationRequestAttributeNames(Strings.split(applicationRequestAttributeNames) != null ? new LinkedHashSet<>(Arrays.asList(Strings.split(applicationRequestAttributeNames))) : Collections.<String>emptySet());
+        filter.setClient(client);
+        filter.setApplication(application);
+        filter.setWrappedServletRequestFactory(wrappedServletRequestFactory);
+        return filter;
     }
 
 }

extensions/spring/stormpath-spring-security-webmvc/src/main/java/com/stormpath/spring/config/AbstractStormpathWebSecurityConfiguration.java

@@ -20,10 +20,7 @@
 import com.stormpath.sdk.servlet.filter.account.AccountResolverFilter;
 import com.stormpath.sdk.servlet.mvc.ErrorModelFactory;
 import com.stormpath.spring.filter.ContentNegotiationSpringSecurityAuthenticationFilter;
-//import com.stormpath.spring.filter.SpringSecurityResolvedAccountFilter;
 import com.stormpath.spring.filter.StormpathSecurityContextPersistenceFilter;
-//import com.stormpath.spring.oauth.OAuthAuthenticationSpringSecurityProcessingFilter;
-//import com.stormpath.spring.filter.StormpathWrapperFilter;
 import com.stormpath.spring.filter.StormpathWrapperFilter;
 import com.stormpath.spring.security.provider.SocialCallbackSpringSecurityProcessingFilter;
 import org.springframework.context.annotation.Bean;
@@ -35,8 +32,6 @@
 import org.springframework.security.web.csrf.CsrfTokenRepository;
 import org.springframework.web.cors.CorsConfigurationSource;
 
-import javax.servlet.Filter;
-
 /**
  * @since 1.0.RC5
  */

extensions/spring/stormpath-spring-security-webmvc/src/main/java/com/stormpath/spring/config/StormpathWebSecurityConfiguration.java

@@ -84,6 +84,15 @@ public class StormpathWebSecurityConfigurer extends SecurityConfigurerAdapter<De
     @Autowired
     StormpathSecurityContextPersistenceFilter stormpathSecurityContextPersistenceFilter;
 
+    /**
+     * This filter adds Client and Application as attributes to every request in order for subsequent Filters to have access to them.
+     * For example, a filter trying to validate an access token will need to have access to the Application (see AuthorizationHeaderAccountResolver)
+     *
+     * @since 1.3.0
+     */
+    @Autowired
+    protected StormpathWrapperFilter stormpathWrapperFilter;
+
     @Autowired
     AuthenticationEntryPoint stormpathAuthenticationEntryPoint;
 
@@ -227,9 +236,6 @@ public class StormpathWebSecurityConfigurer extends SecurityConfigurerAdapter<De
     @Qualifier("loginPostHandler")
     protected WebHandler loginPostHandler;
 
-    @Autowired
-    protected StormpathWrapperFilter stormpathWrapperFilter;
-
     /**
      * Extend WebSecurityConfigurerAdapter and configure the {@code HttpSecurity} object using
      * the {@link com.stormpath.spring.config.StormpathWebSecurityConfigurer#stormpath stormpath()} utility method.

extensions/spring/stormpath-spring-security-webmvc/src/main/java/com/stormpath/spring/config/StormpathWebSecurityConfigurer.java

@@ -19,73 +19,50 @@
 import com.stormpath.sdk.client.Client;
 import com.stormpath.sdk.impl.http.HttpHeadersHolder;
 import com.stormpath.sdk.lang.Assert;
-import com.stormpath.sdk.lang.Strings;
 import com.stormpath.sdk.servlet.filter.HttpFilter;
 import com.stormpath.sdk.servlet.filter.WrappedServletRequestFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Qualifier;
-import org.springframework.beans.factory.annotation.Value;
 
 import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-import java.util.Arrays;
 import java.util.Collections;
 import java.util.Enumeration;
 import java.util.LinkedHashMap;
+import java.util.LinkedHashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
 
+/**
+ * This filter adds Client and Application as attributes to every request in order for subsequent Filters to have access to them.
+ * For example, a filter trying to validate an access token will need to have access to the Application (see AuthorizationHeaderAccountResolver)
+ *
+ * @since 1.3.0
+ */
 public class StormpathWrapperFilter extends HttpFilter {
 
-//    private Set<String> clientRequestAttributeNames;
-//    private Set<String> applicationRequestAttributeNames;
-    @Autowired
-    @Qualifier("stormpathWrappedServletRequestFactory")
-    private WrappedServletRequestFactory factory;
-
-    @Autowired
     protected Client client;
 
-    @Autowired
     protected Application application;
 
-    @Value("#{ @environment['stormpath.web.request.client.attributeNames'] ?: 'client' }")
-    protected String clientRequestAttributeNames;
+    protected Set<String> clientRequestAttributeNameList;
 
-    @Value("#{ @environment['stormpath.web.request.application.attributeNames'] ?: 'application' }")
-    protected String applicationRequestAttributeNames;
+    protected Set<String> applicationRequestAttributeNameList;
 
-    private List<String> clientRequestAttributeNamesList;
-
-    private List<String> applicationRequestAttributeNameList;
+    protected WrappedServletRequestFactory wrappedServletRequestFactory;
 
     public StormpathWrapperFilter() {
-        this.clientRequestAttributeNamesList = Strings.split(clientRequestAttributeNames) != null ? Arrays.asList(Strings.split(clientRequestAttributeNames)) : Collections.<String>emptyList();
-        this.applicationRequestAttributeNameList = Strings.split(applicationRequestAttributeNames) != null ? Arrays.asList(Strings.split(applicationRequestAttributeNames)) : Collections.<String>emptyList();
     }
 
-//    public void setFilterChainResolver(FilterChainResolver filterChainResolver) {
-//        Assert.notNull(filterChainResolver, "FilterChainResolver cannot be null.");
-//        //this.filterChainResolver = filterChainResolver;
-//    }
-
-//    public void setClientRequestAttributeNames(Set<String> clientRequestAttributeNames) {
-//        this.clientRequestAttributeNames =
-//                clientRequestAttributeNames != null ? clientRequestAttributeNames : new LinkedHashSet<>();
-//    }
-//
-//    public void setApplicationRequestAttributeNames(Set<String> applicationRequestAttributeNames) {
-//        this.applicationRequestAttributeNames =
-//                applicationRequestAttributeNames != null ? applicationRequestAttributeNames : new LinkedHashSet<String>();
-//    }
-//
-//    public void setWrappedServletRequestFactory(WrappedServletRequestFactory factory) {
-//        Assert.notNull(factory, "WrappedServletRequestFactory cannot be null.");
-//        this.factory = factory;
-//    }
+    public void setClientRequestAttributeNames(Set<String> clientRequestAttributeNames) {
+        this.clientRequestAttributeNameList =
+                clientRequestAttributeNames != null ? clientRequestAttributeNames : new LinkedHashSet<String>();
+    }
+
+    public void setApplicationRequestAttributeNames(Set<String> applicationRequestAttributeNames) {
+        this.applicationRequestAttributeNameList =
+                applicationRequestAttributeNames != null ? applicationRequestAttributeNames : new LinkedHashSet<String>();
+    }
 
     public void setClient(Client client) {
         this.client = client;
@@ -95,35 +72,15 @@ public void setApplication(Application application) {
         this.application = application;
     }
 
-    @Override
-    protected void onInit() throws ServletException {
-        //Assert.notNull(filterChainResolver, "FilterChainResolver cannot be null.");
-        Assert.notNull(clientRequestAttributeNames, "clientRequestAttributeNames cannot be null.");
-        Assert.notNull(applicationRequestAttributeNames, "applicationRequestAttributeNames cannot be null.");
-        Assert.notNull(factory, "WrappedServletRequestFactory cannot be null.");
-        Assert.notNull(client, "Client instance cannot be null.");
-        Assert.notNull(application, "Application instance cannot be null.");
-    }
-
-//    protected FilterChainResolver getFilterChainResolver() {
-//        return this.filterChainResolver;
-//    }
-
     @Override
     public void filter(HttpServletRequest request, HttpServletResponse response, final FilterChain chain)
             throws Exception {
 
-//        FilterChainResolver resolver = getFilterChainResolver();
-//        Assert.notNull(resolver, "Filter has not yet been configured. Explicitly call setFilterChainResolver or " +
-//                "init(FilterConfig).");
-
         setRequestAttributes(request);
 
         //wrap:
         request = wrapRequest(request, response);
 
-        //FilterChain target = resolver.getChain(request, response, chain);
-
         //continue:
         chain.doFilter(request, response);
 
@@ -148,13 +105,18 @@ protected void setRequestAttributes(HttpServletRequest request) {
         HttpHeadersHolder.set(headersMap);
     }
 
+    public void setWrappedServletRequestFactory(WrappedServletRequestFactory factory) {
+        Assert.notNull(factory, "WrappedServletRequestFactory cannot be null.");
+        this.wrappedServletRequestFactory = factory;
+    }
+
     protected void setClientRequestAttributes(HttpServletRequest request) {
         String name = Client.class.getName();
         //value must always be set:
         request.setAttribute(name, client);
 
         //user customized values:
-        for (String aName : applicationRequestAttributeNameList) {
+        for (String aName : clientRequestAttributeNameList) {
             request.setAttribute(aName, client);
         }
     }
@@ -171,7 +133,7 @@ protected void setApplicationRequestAttributes(HttpServletRequest request) {
     }
 
     protected HttpServletRequest wrapRequest(HttpServletRequest request, HttpServletResponse response) {
-        return this.factory.wrapHttpServletRequest(request, response);
+        return this.wrappedServletRequestFactory.wrapHttpServletRequest(request, response);
     }
 
 }