From 8b3a05757e2cff92464953d6c343e83d4023df3f Mon Sep 17 00:00:00 2001 From: Tadayoshi Sato Date: Tue, 28 Nov 2023 20:59:24 +0900 Subject: [PATCH] fix(system): stabilise Spring Security authentication Fix #2953 --- .../io/hawt/web/auth/AuthenticationFilter.java | 2 +- .../main/java/io/hawt/web/auth/LoginServlet.java | 2 ++ .../main/java/io/hawt/web/auth/UserServlet.java | 14 ++++++++++---- 3 files changed, 13 insertions(+), 5 deletions(-) diff --git a/hawtio-system/src/main/java/io/hawt/web/auth/AuthenticationFilter.java b/hawtio-system/src/main/java/io/hawt/web/auth/AuthenticationFilter.java index 1493cdd41a..a07f14157a 100644 --- a/hawtio-system/src/main/java/io/hawt/web/auth/AuthenticationFilter.java +++ b/hawtio-system/src/main/java/io/hawt/web/auth/AuthenticationFilter.java @@ -48,7 +48,7 @@ public void doFilter(final ServletRequest request, final ServletResponse respons LOG.debug("Handling request for path: {}", path); - if (authConfiguration.getRealm() == null || authConfiguration.getRealm().equals("") || !authConfiguration.isEnabled()) { + if (authConfiguration.getRealm() == null || authConfiguration.getRealm().isEmpty() || !authConfiguration.isEnabled()) { LOG.debug("No authentication needed for path: {}", path); chain.doFilter(request, response); return; diff --git a/hawtio-system/src/main/java/io/hawt/web/auth/LoginServlet.java b/hawtio-system/src/main/java/io/hawt/web/auth/LoginServlet.java index 832ccb4b98..67442b8918 100644 --- a/hawtio-system/src/main/java/io/hawt/web/auth/LoginServlet.java +++ b/hawtio-system/src/main/java/io/hawt/web/auth/LoginServlet.java @@ -2,6 +2,7 @@ import java.io.IOException; import java.io.PrintWriter; +import java.io.Serial; import java.security.Principal; import java.util.ArrayList; import java.util.HashMap; @@ -26,6 +27,7 @@ */ public class LoginServlet extends HttpServlet { + @Serial private static final long serialVersionUID = 187076436862364207L; private static final Logger LOG = LoggerFactory.getLogger(LoginServlet.class); diff --git a/hawtio-system/src/main/java/io/hawt/web/auth/UserServlet.java b/hawtio-system/src/main/java/io/hawt/web/auth/UserServlet.java index 6521e20b5f..dbd0b21fc8 100644 --- a/hawtio-system/src/main/java/io/hawt/web/auth/UserServlet.java +++ b/hawtio-system/src/main/java/io/hawt/web/auth/UserServlet.java @@ -1,6 +1,7 @@ package io.hawt.web.auth; import java.io.IOException; +import java.io.Serial; import jakarta.servlet.ServletException; import jakarta.servlet.http.HttpServlet; @@ -16,6 +17,7 @@ */ public class UserServlet extends HttpServlet { + @Serial private static final long serialVersionUID = -1239510748236245667L; private static final String DEFAULT_USER = "public"; @@ -58,11 +60,15 @@ private String wrapQuote(String str) { protected String getUsername(HttpServletRequest request, HttpServletResponse response) { HttpSession session = request.getSession(false); - - if (session != null) { - return (String) session.getAttribute("user"); - } else { + if (session == null) { return null; } + + // For Spring Security + if (AuthSessionHelpers.isSpringSecurityEnabled()) { + return request.getRemoteUser(); + } + + return (String) session.getAttribute("user"); } }