6364

Committed 01 Feb 2026 02:07AM UTC coverage: 46.217%. Remained the same

Build # 6364

Build Type

push

github

Committed by

web-flow

Commit Message

Merge pull request #3206 from Waffle/renovate/checkstyle.version

Update dependency com.puppycrawl.tools:checkstyle to v13.1.0

Coverage Stats

276 of 734 branches covered (37.6%)

Branch coverage included in aggregate %.

1019 of 2068 relevant lines covered (49.27%)

1.0 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

59.26

/Source/JNA/waffle-shiro/src/main/java/waffle/shiro/dynamic/DynamicAuthenticationFilter.java

/*
 * SPDX-License-Identifier: MIT
 * See LICENSE file for details.
 *
 * Copyright 2010-2026 The Waffle Project Contributors: https://github.com/Waffle/waffle/graphs/contributors
 */
package waffle.shiro.dynamic;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import waffle.shiro.negotiate.NegotiateAuthenticationFilter;

/**
 * When combined with the {@link waffle.shiro.negotiate.NegotiateAuthenticationStrategy}, this filter can be used to
 * allow a client to choose which authentication filter is used at runtime. This filter assumes the shiro.ini is
 * configured with both the {@link waffle.shiro.negotiate.NegotiateAuthenticationRealm} and some User/Password Realm
 * like: {@link waffle.shiro.GroupMappingWaffleRealm}.
 * <p>
 * Requires use of {@link waffle.shiro.negotiate.NegotiateAuthenticationStrategy} when more than one realm is configured
 * in shiro.ini (which should be the case for multiple authentication type options).
 * <p>
 * To use {@link waffle.shiro.negotiate.NegotiateAuthenticationRealm}, the client must pass the parameter
 * {@link #PARAM_NAME_AUTHTYPE} with a value of {@link #PARAM_VAL_AUTHTYPE_NEGOTIATE}.
 * <p>
 * Example shiro.ini snippet below:
 *
 * <pre>
 *  # =======================
 *  # Shiro INI configuration
 *  # =======================
 *
 *  [main]
 *
 *  # Setup custom AuthenticationRealm
 *  waffleRealmSSO = waffle.shiro.negotiate.NegotiateAuthenticationRealm
 *  waffleUserPass = waffle.shiro.GroupMappingWaffleRealm
 *  securityManager.realms = $waffleRealmSSO, $waffleUserPass
 *
 *
 *  # Use the configured native session manager:
 *  sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
 *  securityManager.sessionManager = $sessionManager
 *
 *  # the following call is only necessary in a web-configured ShiroFilter (otherwise
 *  # a native session manager is already enabled):
 *  securityManager.sessionMode = native
 *
 *
 *  # cookie for single sign on
 *  cookie = org.apache.shiro.web.servlet.SimpleCookie
 *  cookie.name = SSOcookie
 *  cookie.path = /
 *  securityManager.sessionManager.sessionIdCookie = $cookie
 *
 *
 *  authcStrategy = waffle.shiro.negotiate.NegotiateAuthenticationStrategy
 *  securityManager.authenticator.authenticationStrategy = $authcStrategy
 *
 *  # Waffle filter
 *  waffleFilter = waffle.shiro.dynamic.DynamicAuthenticationFilter
 *
 *  #Configure filter chains and filter parameters
 *  authc.loginUrl = /login.jsp
 *  waffleFilter.loginUrl = /login.jsp
 *  logout.redirectUrl = login.jsp
 *
 *  ...
 *
 *  [urls]
 *  # The 'urls' section is used for url-based security
 *  /logout = logout
 *  /* = waffleFilter
 * </pre>
 */
public class DynamicAuthenticationFilter extends FormAuthenticationFilter {

    /** The Constant LOGGER. */
    private static final Logger LOGGER = LoggerFactory.getLogger(DynamicAuthenticationFilter.class);

    /** The Constant PARAM_NAME_AUTHTYPE. */
    public static final String PARAM_NAME_AUTHTYPE = "authType";

    /** The Constant PARAM_VAL_AUTHTYPE_NEGOTIATE. */
    public static final String PARAM_VAL_AUTHTYPE_NEGOTIATE = "j_negotiate";

    /**
     * Wrapper to make protected methods in different package callable from here.
     */
    private static final class WrapNegotiateAuthenticationFilter extends NegotiateAuthenticationFilter {

        /** The parent. */
        private final DynamicAuthenticationFilter parent;

        /**
         * Instantiates a new wrap negotiate authentication filter.
         *
         * @param newParent
         *            the new parent
         */
        WrapNegotiateAuthenticationFilter(final DynamicAuthenticationFilter newParent) {
            this.parent = newParent;
        }

        @Override
        public boolean onAccessDenied(final ServletRequest request, final ServletResponse response) throws Exception {
            return super.onAccessDenied(request, response);
        }

        @Override
        protected boolean onLoginSuccess(final AuthenticationToken token, final Subject subject,
                final ServletRequest request, final ServletResponse response) throws Exception {
            return this.parent.onLoginSuccess(token, subject, request, response);
        }
    }

    /** The filter negotiate. */
    private final WrapNegotiateAuthenticationFilter filterNegotiate = new WrapNegotiateAuthenticationFilter(this);

    /**
     * Wrapper to make protected methods in different package callable from here.
     */
    private static final class WrapFormAuthenticationFilter extends FormAuthenticationFilter {

        /** The parent. */
        private final DynamicAuthenticationFilter parent;

        /**
         * Instantiates a new wrap form authentication filter.
         *
         * @param newParent
         *            the new parent
         */
        WrapFormAuthenticationFilter(final DynamicAuthenticationFilter newParent) {
            this.parent = newParent;
        }

        @Override
        public boolean onAccessDenied(final ServletRequest request, final ServletResponse response) throws Exception {
            return super.onAccessDenied(request, response);
        }

        @Override
        protected boolean onLoginSuccess(final AuthenticationToken token, final Subject subject,
                final ServletRequest request, final ServletResponse response) throws Exception {
            return this.parent.onLoginSuccess(token, subject, request, response);
        }
    }

    /** The filter form authc. */
    private final WrapFormAuthenticationFilter filterFormAuthc = new WrapFormAuthenticationFilter(this);

    /**
     * Call
     * {@link org.apache.shiro.web.filter.AccessControlFilter#onAccessDenied(javax.servlet.ServletRequest, javax.servlet.ServletResponse)}
     * for the user selected authentication type, which performs login logic.
     * <p>
     * {@inheritDoc}
     */
    @Override
    protected boolean executeLogin(final ServletRequest request, final ServletResponse response) throws Exception {
        if (this.isAuthTypeNegotiate(request)) {
            DynamicAuthenticationFilter.LOGGER.debug("using filterNegotiate");
            return this.filterNegotiate.onAccessDenied(request, response);
        }
        DynamicAuthenticationFilter.LOGGER.debug("using filterFormAuthc");
        return this.filterFormAuthc.onAccessDenied(request, response);
    }

    /**
     * Checks if is auth type negotiate.
     *
     * @param request
     *            the request
     *
     * @return true, if is auth type negotiate
     */
    boolean isAuthTypeNegotiate(final ServletRequest request) {
        final String authType = request.getParameter(DynamicAuthenticationFilter.PARAM_NAME_AUTHTYPE);
        return authType != null && DynamicAuthenticationFilter.PARAM_VAL_AUTHTYPE_NEGOTIATE.equalsIgnoreCase(authType);
    }

}

1	/*
2	* SPDX-License-Identifier: MIT
3	* See LICENSE file for details.
4	*
5	* Copyright 2010-2026 The Waffle Project Contributors: https://github.com/Waffle/waffle/graphs/contributors
6	*/
7	package waffle.shiro.dynamic;
8
9	import javax.servlet.ServletRequest;
10	import javax.servlet.ServletResponse;
11
12	import org.apache.shiro.authc.AuthenticationToken;
13	import org.apache.shiro.subject.Subject;
14	import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;
15	import org.slf4j.Logger;
16	import org.slf4j.LoggerFactory;
17
18	import waffle.shiro.negotiate.NegotiateAuthenticationFilter;
19
20	/**
21	* When combined with the {@link waffle.shiro.negotiate.NegotiateAuthenticationStrategy}, this filter can be used to
22	* allow a client to choose which authentication filter is used at runtime. This filter assumes the shiro.ini is
23	* configured with both the {@link waffle.shiro.negotiate.NegotiateAuthenticationRealm} and some User/Password Realm
24	* like: {@link waffle.shiro.GroupMappingWaffleRealm}.
25	* <p>
26	* Requires use of {@link waffle.shiro.negotiate.NegotiateAuthenticationStrategy} when more than one realm is configured
27	* in shiro.ini (which should be the case for multiple authentication type options).
28	* <p>
29	* To use {@link waffle.shiro.negotiate.NegotiateAuthenticationRealm}, the client must pass the parameter
30	* {@link #PARAM_NAME_AUTHTYPE} with a value of {@link #PARAM_VAL_AUTHTYPE_NEGOTIATE}.
31	* <p>
32	* Example shiro.ini snippet below:
33	*
34	* <pre>
35	* # =======================
36	* # Shiro INI configuration
37	* # =======================
38	*
39	* [main]
40	*
41	* # Setup custom AuthenticationRealm
42	* waffleRealmSSO = waffle.shiro.negotiate.NegotiateAuthenticationRealm
43	* waffleUserPass = waffle.shiro.GroupMappingWaffleRealm
44	* securityManager.realms = $waffleRealmSSO, $waffleUserPass
45	*
46	*
47	* # Use the configured native session manager:
48	* sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
49	* securityManager.sessionManager = $sessionManager
50	*
51	* # the following call is only necessary in a web-configured ShiroFilter (otherwise
52	* # a native session manager is already enabled):
53	* securityManager.sessionMode = native
54	*
55	*
56	* # cookie for single sign on
57	* cookie = org.apache.shiro.web.servlet.SimpleCookie
58	* cookie.name = SSOcookie
59	* cookie.path = /
60	* securityManager.sessionManager.sessionIdCookie = $cookie
61	*
62	*
63	* authcStrategy = waffle.shiro.negotiate.NegotiateAuthenticationStrategy
64	* securityManager.authenticator.authenticationStrategy = $authcStrategy
65	*
66	* # Waffle filter
67	* waffleFilter = waffle.shiro.dynamic.DynamicAuthenticationFilter
68	*
69	* #Configure filter chains and filter parameters
70	* authc.loginUrl = /login.jsp
71	* waffleFilter.loginUrl = /login.jsp
72	* logout.redirectUrl = login.jsp
73	*
74	* ...
75	*
76	* [urls]
77	* # The 'urls' section is used for url-based security
78	* /logout = logout
79	* /* = waffleFilter
80	* </pre>
81	*/
82	public class DynamicAuthenticationFilter extends FormAuthenticationFilter {	2✔
83
84	/** The Constant LOGGER. */
85	private static final Logger LOGGER = LoggerFactory.getLogger(DynamicAuthenticationFilter.class);	2✔
86
87	/** The Constant PARAM_NAME_AUTHTYPE. */
88	public static final String PARAM_NAME_AUTHTYPE = "authType";
89
90	/** The Constant PARAM_VAL_AUTHTYPE_NEGOTIATE. */
91	public static final String PARAM_VAL_AUTHTYPE_NEGOTIATE = "j_negotiate";
92
93	/**
94	* Wrapper to make protected methods in different package callable from here.
95	*/
96	private static final class WrapNegotiateAuthenticationFilter extends NegotiateAuthenticationFilter {
97
98	/** The parent. */
99	private final DynamicAuthenticationFilter parent;
100
101	/**
102	* Instantiates a new wrap negotiate authentication filter.
103	*
104	* @param newParent
105	* the new parent
106	*/
107	WrapNegotiateAuthenticationFilter(final DynamicAuthenticationFilter newParent) {	2✔
108	this.parent = newParent;	2✔
109	}	2✔
110
111	@Override
112	public boolean onAccessDenied(final ServletRequest request, final ServletResponse response) throws Exception {
113	return super.onAccessDenied(request, response);	×
114	}
115
116	@Override
117	protected boolean onLoginSuccess(final AuthenticationToken token, final Subject subject,
118	final ServletRequest request, final ServletResponse response) throws Exception {
119	return this.parent.onLoginSuccess(token, subject, request, response);	×
120	}
121	}
122
123	/** The filter negotiate. */
124	private final WrapNegotiateAuthenticationFilter filterNegotiate = new WrapNegotiateAuthenticationFilter(this);	2✔
125
126	/**
127	* Wrapper to make protected methods in different package callable from here.
128	*/
129	private static final class WrapFormAuthenticationFilter extends FormAuthenticationFilter {
130
131	/** The parent. */
132	private final DynamicAuthenticationFilter parent;
133
134	/**
135	* Instantiates a new wrap form authentication filter.
136	*
137	* @param newParent
138	* the new parent
139	*/
140	WrapFormAuthenticationFilter(final DynamicAuthenticationFilter newParent) {	2✔
141	this.parent = newParent;	2✔
142	}	2✔
143
144	@Override
145	public boolean onAccessDenied(final ServletRequest request, final ServletResponse response) throws Exception {
146	return super.onAccessDenied(request, response);	×
147	}
148
149	@Override
150	protected boolean onLoginSuccess(final AuthenticationToken token, final Subject subject,
151	final ServletRequest request, final ServletResponse response) throws Exception {
152	return this.parent.onLoginSuccess(token, subject, request, response);	×
153	}
154	}
155
156	/** The filter form authc. */
157	private final WrapFormAuthenticationFilter filterFormAuthc = new WrapFormAuthenticationFilter(this);	2✔
158
159	/**
160	* Call
161	* {@link org.apache.shiro.web.filter.AccessControlFilter#onAccessDenied(javax.servlet.ServletRequest, javax.servlet.ServletResponse)}
162	* for the user selected authentication type, which performs login logic.
163	* <p>
164	* {@inheritDoc}
165	*/
166	@Override
167	protected boolean executeLogin(final ServletRequest request, final ServletResponse response) throws Exception {
168	if (this.isAuthTypeNegotiate(request)) {	×
169	DynamicAuthenticationFilter.LOGGER.debug("using filterNegotiate");	×
170	return this.filterNegotiate.onAccessDenied(request, response);	×
171	}
172	DynamicAuthenticationFilter.LOGGER.debug("using filterFormAuthc");	×
173	return this.filterFormAuthc.onAccessDenied(request, response);	×
174	}
175
176	/**
177	* Checks if is auth type negotiate.
178	*
179	* @param request
180	* the request
181	*
182	* @return true, if is auth type negotiate
183	*/
184	boolean isAuthTypeNegotiate(final ServletRequest request) {
185	final String authType = request.getParameter(DynamicAuthenticationFilter.PARAM_NAME_AUTHTYPE);	2✔
186	return authType != null && DynamicAuthenticationFilter.PARAM_VAL_AUTHTYPE_NEGOTIATE.equalsIgnoreCase(authType);	2✔
187	}
188
189	}

Waffle / waffle / 6364

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous