SEC-1125: Further refactoring of web packages following creation of web module. Fixing samples.
This commit is contained in:
Luke Taylor
+13
-7
@@ -20,6 +20,13 @@
|
||||
<artifactId>spring-security-web</artifactId>
|
||||
<version>${project.version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-core</artifactId>
|
||||
<version>${project.version}</version>
|
||||
<classifier>tests</classifier>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-web</artifactId>
|
||||
@@ -28,15 +35,14 @@
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>commons-logging</groupId>
|
||||
<artifactId>commons-logging</artifactId>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-openid</artifactId>
|
||||
<version>${project.version}</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-core</artifactId>
|
||||
<version>${project.version}</version>
|
||||
<classifier>tests</classifier>
|
||||
<scope>test</scope>
|
||||
<groupId>commons-logging</groupId>
|
||||
<artifactId>commons-logging</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
|
||||
+2
-2
@@ -8,8 +8,8 @@ import org.springframework.beans.factory.parsing.BeanComponentDefinition;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.beans.factory.xml.BeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
import org.springframework.security.providers.anonymous.AnonymousAuthenticationProvider;
|
||||
import org.springframework.security.ui.anonymous.AnonymousProcessingFilter;
|
||||
import org.springframework.security.providers.AnonymousAuthenticationProvider;
|
||||
import org.springframework.security.web.authentication.AnonymousProcessingFilter;
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.w3c.dom.Element;
|
||||
|
||||
|
||||
+2
-2
@@ -7,8 +7,8 @@ import org.springframework.beans.factory.support.BeanDefinitionBuilder;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.beans.factory.xml.BeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
import org.springframework.security.ui.basicauth.BasicProcessingFilter;
|
||||
import org.springframework.security.ui.basicauth.BasicProcessingFilterEntryPoint;
|
||||
import org.springframework.security.web.authentication.www.BasicProcessingFilter;
|
||||
import org.springframework.security.web.authentication.www.BasicProcessingFilterEntryPoint;
|
||||
import org.w3c.dom.Element;
|
||||
|
||||
/**
|
||||
|
||||
+2
-2
@@ -1,9 +1,9 @@
|
||||
package org.springframework.security.config;
|
||||
|
||||
import org.springframework.security.providers.dao.UserCache;
|
||||
import org.springframework.security.providers.dao.cache.NullUserCache;
|
||||
import org.springframework.security.userdetails.UserCache;
|
||||
import org.springframework.security.userdetails.UserDetailsService;
|
||||
import org.springframework.security.userdetails.UserDetails;
|
||||
import org.springframework.security.userdetails.cache.NullUserCache;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
/**
|
||||
|
||||
+2
-2
@@ -10,9 +10,9 @@ import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.beans.factory.xml.BeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
import org.springframework.security.concurrent.ConcurrentSessionControllerImpl;
|
||||
import org.springframework.security.concurrent.ConcurrentSessionFilter;
|
||||
import org.springframework.security.concurrent.SessionRegistryImpl;
|
||||
import org.springframework.security.providers.ProviderManager;
|
||||
import org.springframework.security.web.concurrent.ConcurrentSessionFilter;
|
||||
import org.springframework.security.web.concurrent.SessionRegistryImpl;
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.w3c.dom.Element;
|
||||
|
||||
|
||||
+2
-2
@@ -9,8 +9,8 @@ import org.springframework.beans.factory.BeanFactory;
|
||||
import org.springframework.beans.factory.BeanFactoryAware;
|
||||
import org.springframework.beans.factory.config.BeanPostProcessor;
|
||||
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
|
||||
import org.springframework.security.ui.AuthenticationEntryPoint;
|
||||
import org.springframework.security.ui.ExceptionTranslationFilter;
|
||||
import org.springframework.security.web.AuthenticationEntryPoint;
|
||||
import org.springframework.security.web.ExceptionTranslationFilter;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
/**
|
||||
|
||||
+13
-13
@@ -18,19 +18,19 @@ import org.springframework.core.OrderComparator;
|
||||
import org.springframework.core.Ordered;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.config.ConfigUtils.FilterChainList;
|
||||
import org.springframework.security.context.web.SecurityContextPersistenceFilter;
|
||||
import org.springframework.security.intercept.web.DefaultFilterInvocationSecurityMetadataSource;
|
||||
import org.springframework.security.intercept.web.FilterSecurityInterceptor;
|
||||
import org.springframework.security.providers.anonymous.AnonymousAuthenticationToken;
|
||||
import org.springframework.security.ui.ExceptionTranslationFilter;
|
||||
import org.springframework.security.ui.SessionFixationProtectionFilter;
|
||||
import org.springframework.security.ui.anonymous.AnonymousProcessingFilter;
|
||||
import org.springframework.security.ui.basicauth.BasicProcessingFilter;
|
||||
import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;
|
||||
import org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint;
|
||||
import org.springframework.security.ui.webapp.DefaultLoginPageGeneratingFilter;
|
||||
import org.springframework.security.web.util.FilterChainProxy;
|
||||
import org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter;
|
||||
import org.springframework.security.providers.AnonymousAuthenticationToken;
|
||||
import org.springframework.security.web.ExceptionTranslationFilter;
|
||||
import org.springframework.security.web.FilterChainProxy;
|
||||
import org.springframework.security.web.SessionFixationProtectionFilter;
|
||||
import org.springframework.security.web.authentication.AnonymousProcessingFilter;
|
||||
import org.springframework.security.web.authentication.AuthenticationProcessingFilter;
|
||||
import org.springframework.security.web.authentication.AuthenticationProcessingFilterEntryPoint;
|
||||
import org.springframework.security.web.authentication.DefaultLoginPageGeneratingFilter;
|
||||
import org.springframework.security.web.authentication.www.BasicProcessingFilter;
|
||||
import org.springframework.security.web.context.SecurityContextPersistenceFilter;
|
||||
import org.springframework.security.web.intercept.DefaultFilterInvocationSecurityMetadataSource;
|
||||
import org.springframework.security.web.intercept.FilterSecurityInterceptor;
|
||||
import org.springframework.security.web.wrapper.SecurityContextHolderAwareRequestFilter;
|
||||
|
||||
/**
|
||||
*
|
||||
|
||||
+3
-3
@@ -7,10 +7,10 @@ import org.springframework.beans.factory.support.BeanDefinitionBuilder;
|
||||
import org.springframework.beans.factory.xml.AbstractSingleBeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.intercept.web.FilterInvocationSecurityMetadataSource;
|
||||
import org.springframework.security.intercept.web.RequestKey;
|
||||
import org.springframework.security.util.AntUrlPathMatcher;
|
||||
import org.springframework.security.util.UrlMatcher;
|
||||
import org.springframework.security.web.intercept.FilterInvocationSecurityMetadataSource;
|
||||
import org.springframework.security.web.intercept.RequestKey;
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.springframework.util.xml.DomUtils;
|
||||
import org.w3c.dom.Element;
|
||||
@@ -24,7 +24,7 @@ import org.w3c.dom.Element;
|
||||
public class FilterInvocationSecurityMetadataSourceBeanDefinitionParser extends AbstractSingleBeanDefinitionParser {
|
||||
|
||||
protected String getBeanClassName(Element element) {
|
||||
return "org.springframework.security.intercept.web.DefaultFilterInvocationSecurityMetadataSource";
|
||||
return "org.springframework.security.web.intercept.DefaultFilterInvocationSecurityMetadataSource";
|
||||
}
|
||||
|
||||
protected void doParse(Element element, ParserContext parserContext, BeanDefinitionBuilder builder) {
|
||||
|
||||
+4
-4
@@ -7,10 +7,10 @@ import org.springframework.beans.factory.support.BeanDefinitionBuilder;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.beans.factory.xml.BeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
import org.springframework.security.ui.SavedRequestAwareAuthenticationSuccessHandler;
|
||||
import org.springframework.security.ui.SimpleUrlAuthenticationFailureHandler;
|
||||
import org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint;
|
||||
import org.springframework.security.ui.webapp.DefaultLoginPageGeneratingFilter;
|
||||
import org.springframework.security.web.authentication.AuthenticationProcessingFilterEntryPoint;
|
||||
import org.springframework.security.web.authentication.DefaultLoginPageGeneratingFilter;
|
||||
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
|
||||
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
|
||||
import org.springframework.util.StringUtils;
|
||||
|
||||
import org.w3c.dom.Element;
|
||||
|
||||
+4
-4
@@ -45,10 +45,10 @@ class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionParser {
|
||||
|
||||
private final Log logger = LogFactory.getLog(getClass());
|
||||
|
||||
private static final String SECURED_METHOD_DEFINITION_SOURCE_CLASS = "org.springframework.security.annotation.SecuredMethodSecurityMetadataSource";
|
||||
private static final String EXPRESSION_METHOD_DEFINITION_SOURCE_CLASS = "org.springframework.security.expression.method.ExpressionAnnotationMethodSecurityMetadataSource";
|
||||
private static final String JSR_250_SECURITY_METHOD_DEFINITION_SOURCE_CLASS = "org.springframework.security.annotation.Jsr250MethodSecurityMetadataSource";
|
||||
private static final String JSR_250_VOTER_CLASS = "org.springframework.security.annotation.Jsr250Voter";
|
||||
static final String SECURED_METHOD_DEFINITION_SOURCE_CLASS = "org.springframework.security.annotation.SecuredMethodSecurityMetadataSource";
|
||||
static final String EXPRESSION_METHOD_DEFINITION_SOURCE_CLASS = "org.springframework.security.expression.method.ExpressionAnnotationMethodSecurityMetadataSource";
|
||||
static final String JSR_250_SECURITY_METHOD_DEFINITION_SOURCE_CLASS = "org.springframework.security.annotation.Jsr250MethodSecurityMetadataSource";
|
||||
static final String JSR_250_VOTER_CLASS = "org.springframework.security.annotation.Jsr250Voter";
|
||||
|
||||
/*
|
||||
* Internal Bean IDs which are only used within this class
|
||||
|
||||
+28
-24
@@ -19,30 +19,30 @@ import org.springframework.beans.factory.xml.ParserContext;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.ConfigAttributeEditor;
|
||||
import org.springframework.security.SecurityConfig;
|
||||
import org.springframework.security.context.web.HttpSessionSecurityContextRepository;
|
||||
import org.springframework.security.context.web.SecurityContextPersistenceFilter;
|
||||
import org.springframework.security.expression.web.WebExpressionVoter;
|
||||
import org.springframework.security.intercept.web.DefaultFilterInvocationSecurityMetadataSource;
|
||||
import org.springframework.security.intercept.web.FilterSecurityInterceptor;
|
||||
import org.springframework.security.intercept.web.RequestKey;
|
||||
import org.springframework.security.securechannel.ChannelDecisionManagerImpl;
|
||||
import org.springframework.security.securechannel.ChannelProcessingFilter;
|
||||
import org.springframework.security.securechannel.InsecureChannelProcessor;
|
||||
import org.springframework.security.securechannel.RetryWithHttpEntryPoint;
|
||||
import org.springframework.security.securechannel.RetryWithHttpsEntryPoint;
|
||||
import org.springframework.security.securechannel.SecureChannelProcessor;
|
||||
import org.springframework.security.ui.AccessDeniedHandlerImpl;
|
||||
import org.springframework.security.ui.ExceptionTranslationFilter;
|
||||
import org.springframework.security.ui.SessionFixationProtectionFilter;
|
||||
import org.springframework.security.ui.webapp.DefaultLoginPageGeneratingFilter;
|
||||
import org.springframework.security.util.AntUrlPathMatcher;
|
||||
import org.springframework.security.util.RegexUrlPathMatcher;
|
||||
import org.springframework.security.util.UrlMatcher;
|
||||
import org.springframework.security.vote.AccessDecisionVoter;
|
||||
import org.springframework.security.vote.AuthenticatedVoter;
|
||||
import org.springframework.security.vote.RoleVoter;
|
||||
import org.springframework.security.web.util.FilterChainProxy;
|
||||
import org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter;
|
||||
import org.springframework.security.web.AccessDeniedHandlerImpl;
|
||||
import org.springframework.security.web.ExceptionTranslationFilter;
|
||||
import org.springframework.security.web.FilterChainProxy;
|
||||
import org.springframework.security.web.SessionFixationProtectionFilter;
|
||||
import org.springframework.security.web.authentication.DefaultLoginPageGeneratingFilter;
|
||||
import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
|
||||
import org.springframework.security.web.context.SecurityContextPersistenceFilter;
|
||||
import org.springframework.security.web.expression.WebExpressionVoter;
|
||||
import org.springframework.security.web.intercept.DefaultFilterInvocationSecurityMetadataSource;
|
||||
import org.springframework.security.web.intercept.FilterSecurityInterceptor;
|
||||
import org.springframework.security.web.intercept.RequestKey;
|
||||
import org.springframework.security.web.securechannel.ChannelDecisionManagerImpl;
|
||||
import org.springframework.security.web.securechannel.ChannelProcessingFilter;
|
||||
import org.springframework.security.web.securechannel.InsecureChannelProcessor;
|
||||
import org.springframework.security.web.securechannel.RetryWithHttpEntryPoint;
|
||||
import org.springframework.security.web.securechannel.RetryWithHttpsEntryPoint;
|
||||
import org.springframework.security.web.securechannel.SecureChannelProcessor;
|
||||
import org.springframework.security.web.wrapper.SecurityContextHolderAwareRequestFilter;
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.springframework.util.xml.DomUtils;
|
||||
import org.w3c.dom.Element;
|
||||
@@ -106,8 +106,12 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
|
||||
|
||||
private static final String ATT_DISABLE_URL_REWRITING = "disable-url-rewriting";
|
||||
|
||||
private static final String EXPRESSION_FIDS_CLASS = "org.springframework.security.expression.web.ExpressionBasedFilterInvocationSecurityMetadataSource";
|
||||
private static final String EXPRESSION_HANDLER_CLASS = "org.springframework.security.expression.web.support.DefaultWebSecurityExpressionHandler";
|
||||
static final String OPEN_ID_AUTHENTICATION_PROCESSING_FILTER_CLASS = "org.springframework.security.openid.OpenIDAuthenticationProcessingFilter";
|
||||
static final String OPEN_ID_AUTHENTICATION_PROVIDER_CLASS = "org.springframework.security.openid.OpenIDAuthenticationProvider";
|
||||
static final String AUTHENTICATION_PROCESSING_FILTER_CLASS = "org.springframework.security.web.authentication.AuthenticationProcessingFilter";
|
||||
|
||||
static final String EXPRESSION_FIMDS_CLASS = "org.springframework.security.web.expression.ExpressionBasedFilterInvocationSecurityMetadataSource";
|
||||
static final String EXPRESSION_HANDLER_CLASS = "org.springframework.security.web.expression.DefaultWebSecurityExpressionHandler";
|
||||
private static final String EXPRESSION_HANDLER_ID = "_webExpressionHandler";
|
||||
|
||||
@SuppressWarnings("unchecked")
|
||||
@@ -166,7 +170,7 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
|
||||
expressionHandlerRef = EXPRESSION_HANDLER_ID;
|
||||
}
|
||||
|
||||
fidsBuilder = BeanDefinitionBuilder.rootBeanDefinition(EXPRESSION_FIDS_CLASS);
|
||||
fidsBuilder = BeanDefinitionBuilder.rootBeanDefinition(EXPRESSION_FIMDS_CLASS);
|
||||
fidsBuilder.addConstructorArgValue(matcher);
|
||||
fidsBuilder.addConstructorArgValue(requestToAttributesMap);
|
||||
fidsBuilder.addConstructorArgReference(expressionHandlerRef);
|
||||
@@ -437,7 +441,7 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
|
||||
|
||||
if (formLoginElt != null || autoConfig) {
|
||||
FormLoginBeanDefinitionParser parser = new FormLoginBeanDefinitionParser("/j_spring_security_check",
|
||||
"org.springframework.security.ui.webapp.AuthenticationProcessingFilter");
|
||||
AUTHENTICATION_PROCESSING_FILTER_CLASS);
|
||||
|
||||
parser.parse(formLoginElt, pc);
|
||||
formLoginFilter = parser.getFilterBean();
|
||||
@@ -449,7 +453,7 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
|
||||
|
||||
if (openIDLoginElt != null) {
|
||||
FormLoginBeanDefinitionParser parser = new FormLoginBeanDefinitionParser("/j_spring_openid_security_check",
|
||||
"org.springframework.security.ui.openid.OpenIDAuthenticationProcessingFilter");
|
||||
OPEN_ID_AUTHENTICATION_PROCESSING_FILTER_CLASS);
|
||||
|
||||
parser.parse(openIDLoginElt, pc);
|
||||
openIDFilter = parser.getFilterBean();
|
||||
@@ -457,7 +461,7 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
|
||||
openIDLoginPage = parser.getLoginPage();
|
||||
|
||||
BeanDefinitionBuilder openIDProviderBuilder =
|
||||
BeanDefinitionBuilder.rootBeanDefinition("org.springframework.security.providers.openid.OpenIDAuthenticationProvider");
|
||||
BeanDefinitionBuilder.rootBeanDefinition(OPEN_ID_AUTHENTICATION_PROVIDER_CLASS);
|
||||
|
||||
String userService = openIDLoginElt.getAttribute(ATT_USER_SERVICE_REF);
|
||||
|
||||
|
||||
+2
-2
@@ -6,8 +6,8 @@ import org.springframework.beans.factory.support.BeanDefinitionBuilder;
|
||||
import org.springframework.beans.factory.support.ManagedList;
|
||||
import org.springframework.beans.factory.xml.BeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
import org.springframework.security.ui.logout.LogoutFilter;
|
||||
import org.springframework.security.ui.logout.SecurityContextLogoutHandler;
|
||||
import org.springframework.security.web.logout.LogoutFilter;
|
||||
import org.springframework.security.web.logout.SecurityContextLogoutHandler;
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.w3c.dom.Element;
|
||||
|
||||
|
||||
+1
-1
@@ -15,7 +15,7 @@ import org.springframework.beans.factory.support.BeanDefinitionBuilder;
|
||||
import org.springframework.beans.factory.xml.BeanDefinitionDecorator;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
import org.springframework.core.Ordered;
|
||||
import org.springframework.security.ui.FilterChainOrder;
|
||||
import org.springframework.security.web.FilterChainOrder;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.w3c.dom.Element;
|
||||
|
||||
+2
-2
@@ -1,6 +1,6 @@
|
||||
package org.springframework.security.config;
|
||||
|
||||
import org.springframework.security.web.util.PortMapperImpl;
|
||||
import org.springframework.security.web.PortMapperImpl;
|
||||
import org.springframework.beans.factory.xml.BeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
import org.springframework.beans.factory.config.BeanDefinition;
|
||||
@@ -15,7 +15,7 @@ import java.util.Map;
|
||||
import java.util.HashMap;
|
||||
|
||||
/**
|
||||
* Parses a port-mappings element, producing a single {@link org.springframework.security.web.util.PortMapperImpl}
|
||||
* Parses a port-mappings element, producing a single {@link org.springframework.security.web.PortMapperImpl}
|
||||
* bean.
|
||||
*
|
||||
* @author Luke Taylor
|
||||
|
||||
+5
-5
@@ -7,11 +7,11 @@ import org.springframework.beans.factory.config.RuntimeBeanReference;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.beans.factory.xml.BeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
import org.springframework.security.ui.rememberme.JdbcTokenRepositoryImpl;
|
||||
import org.springframework.security.ui.rememberme.PersistentTokenBasedRememberMeServices;
|
||||
import org.springframework.security.ui.rememberme.RememberMeProcessingFilter;
|
||||
import org.springframework.security.ui.rememberme.TokenBasedRememberMeServices;
|
||||
import org.springframework.security.providers.rememberme.RememberMeAuthenticationProvider;
|
||||
import org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl;
|
||||
import org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices;
|
||||
import org.springframework.security.web.authentication.rememberme.RememberMeProcessingFilter;
|
||||
import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;
|
||||
import org.springframework.security.providers.RememberMeAuthenticationProvider;
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.w3c.dom.Element;
|
||||
|
||||
|
||||
+3
-3
@@ -9,9 +9,9 @@ import org.springframework.beans.factory.BeanFactory;
|
||||
import org.springframework.beans.factory.BeanFactoryAware;
|
||||
import org.springframework.beans.factory.ListableBeanFactory;
|
||||
import org.springframework.beans.factory.config.BeanPostProcessor;
|
||||
import org.springframework.security.ui.AbstractProcessingFilter;
|
||||
import org.springframework.security.ui.basicauth.BasicProcessingFilter;
|
||||
import org.springframework.security.ui.rememberme.RememberMeServices;
|
||||
import org.springframework.security.web.authentication.AbstractProcessingFilter;
|
||||
import org.springframework.security.web.authentication.rememberme.RememberMeServices;
|
||||
import org.springframework.security.web.authentication.www.BasicProcessingFilter;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
/**
|
||||
|
||||
+2
-2
@@ -11,8 +11,8 @@ import org.springframework.beans.factory.config.BeanPostProcessor;
|
||||
import org.springframework.security.concurrent.ConcurrentSessionController;
|
||||
import org.springframework.security.concurrent.ConcurrentSessionControllerImpl;
|
||||
import org.springframework.security.concurrent.SessionRegistry;
|
||||
import org.springframework.security.ui.AbstractProcessingFilter;
|
||||
import org.springframework.security.ui.SessionFixationProtectionFilter;
|
||||
import org.springframework.security.web.SessionFixationProtectionFilter;
|
||||
import org.springframework.security.web.authentication.AbstractProcessingFilter;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
|
||||
+1
-1
@@ -13,9 +13,9 @@ import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
|
||||
import org.springframework.beans.factory.config.RuntimeBeanReference;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationProvider;
|
||||
import org.springframework.security.ui.rememberme.AbstractRememberMeServices;
|
||||
import org.springframework.security.userdetails.UserDetailsByNameServiceWrapper;
|
||||
import org.springframework.security.userdetails.UserDetailsService;
|
||||
import org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
/**
|
||||
|
||||
+3
-3
@@ -1,9 +1,9 @@
|
||||
package org.springframework.security.config;
|
||||
|
||||
import org.springframework.security.ui.preauth.PreAuthenticatedProcessingFilterEntryPoint;
|
||||
import org.springframework.security.ui.preauth.x509.X509PreAuthenticatedProcessingFilter;
|
||||
import org.springframework.security.ui.preauth.x509.SubjectDnX509PrincipalExtractor;
|
||||
import org.springframework.security.userdetails.UserDetailsByNameServiceWrapper;
|
||||
import org.springframework.security.web.authentication.preauth.PreAuthenticatedProcessingFilterEntryPoint;
|
||||
import org.springframework.security.web.authentication.preauth.x509.SubjectDnX509PrincipalExtractor;
|
||||
import org.springframework.security.web.authentication.preauth.x509.X509PreAuthenticatedProcessingFilter;
|
||||
import org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationProvider;
|
||||
import org.springframework.beans.factory.xml.BeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
|
||||
+12
-5
@@ -1,6 +1,7 @@
|
||||
package org.springframework.security.config;
|
||||
|
||||
import static org.junit.Assert.*;
|
||||
import static org.mockito.Mockito.*;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
@@ -13,15 +14,16 @@ import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.SecurityConfig;
|
||||
import org.springframework.security.config.util.InMemoryXmlApplicationContext;
|
||||
import org.springframework.security.intercept.web.DefaultFilterInvocationSecurityMetadataSource;
|
||||
import org.springframework.security.intercept.web.FilterInvocation;
|
||||
import org.springframework.security.web.intercept.DefaultFilterInvocationSecurityMetadataSource;
|
||||
import org.springframework.security.web.intercept.FilterInvocation;
|
||||
import org.w3c.dom.Element;
|
||||
|
||||
/**
|
||||
*
|
||||
* Tests for {@link FilterInvocationSecurityMetadataSourceBeanDefinitionParser}.
|
||||
* @author Luke Taylor
|
||||
* @version $Id$
|
||||
*/
|
||||
public class FilterInvocationDefinitionSourceParserTests {
|
||||
public class FilterInvocationSecurityMetadataSourceBeanDefinitionParserTests {
|
||||
private AbstractXmlApplicationContext appContext;
|
||||
|
||||
@After
|
||||
@@ -36,6 +38,11 @@ public class FilterInvocationDefinitionSourceParserTests {
|
||||
appContext = new InMemoryXmlApplicationContext(context);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void beanClassNameIsCorrect() throws Exception {
|
||||
assertEquals(DefaultFilterInvocationSecurityMetadataSource.class.getName(), new FilterInvocationSecurityMetadataSourceBeanDefinitionParser().getBeanClassName(mock(Element.class)));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void parsingMinimalConfigurationIsSuccessful() {
|
||||
setContext(
|
||||
@@ -52,7 +59,7 @@ public class FilterInvocationDefinitionSourceParserTests {
|
||||
public void parsingWithinFilterSecurityInterceptorIsSuccessful() {
|
||||
setContext(
|
||||
"<http auto-config='true'/>" +
|
||||
"<b:bean id='fsi' class='org.springframework.security.intercept.web.FilterSecurityInterceptor' autowire='byType'>" +
|
||||
"<b:bean id='fsi' class='org.springframework.security.web.intercept.FilterSecurityInterceptor' autowire='byType'>" +
|
||||
" <b:property name='securityMetadataSource'>" +
|
||||
" <filter-invocation-definition-source>" +
|
||||
" <intercept-url pattern='/secure/extreme/**' access='ROLE_SUPERVISOR'/>" +
|
||||
+13
@@ -1,6 +1,7 @@
|
||||
package org.springframework.security.config;
|
||||
|
||||
import static org.junit.Assert.*;
|
||||
import static org.springframework.security.config.GlobalMethodSecurityBeanDefinitionParser.*;
|
||||
import static org.springframework.security.config.ConfigTestUtils.AUTH_PROVIDER_XML;
|
||||
|
||||
import java.util.ArrayList;
|
||||
@@ -14,8 +15,12 @@ import org.springframework.security.AccessDeniedException;
|
||||
import org.springframework.security.AuthenticationCredentialsNotFoundException;
|
||||
import org.springframework.security.afterinvocation.AfterInvocationProviderManager;
|
||||
import org.springframework.security.annotation.BusinessService;
|
||||
import org.springframework.security.annotation.Jsr250MethodSecurityMetadataSource;
|
||||
import org.springframework.security.annotation.Jsr250Voter;
|
||||
import org.springframework.security.annotation.SecuredMethodSecurityMetadataSource;
|
||||
import org.springframework.security.config.util.InMemoryXmlApplicationContext;
|
||||
import org.springframework.security.context.SecurityContextHolder;
|
||||
import org.springframework.security.expression.method.ExpressionAnnotationMethodSecurityMetadataSource;
|
||||
import org.springframework.security.expression.method.MethodExpressionAfterInvocationProvider;
|
||||
import org.springframework.security.expression.method.MethodExpressionVoter;
|
||||
import org.springframework.security.providers.TestingAuthenticationToken;
|
||||
@@ -56,6 +61,14 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
|
||||
target = null;
|
||||
}
|
||||
|
||||
@Test
|
||||
public void beanClassNamesAreCorrect() throws Exception {
|
||||
assertEquals(SecuredMethodSecurityMetadataSource.class.getName(), SECURED_METHOD_DEFINITION_SOURCE_CLASS);
|
||||
assertEquals(ExpressionAnnotationMethodSecurityMetadataSource.class.getName(), EXPRESSION_METHOD_DEFINITION_SOURCE_CLASS);
|
||||
assertEquals(Jsr250MethodSecurityMetadataSource.class.getName(), JSR_250_SECURITY_METHOD_DEFINITION_SOURCE_CLASS);
|
||||
assertEquals(Jsr250Voter.class.getName(), JSR_250_VOTER_CLASS);
|
||||
}
|
||||
|
||||
@Test(expected=AuthenticationCredentialsNotFoundException.class)
|
||||
public void targetShouldPreventProtectedMethodInvocationWithNoContext() {
|
||||
loadContext();
|
||||
|
||||
+63
-41
@@ -2,6 +2,7 @@ package org.springframework.security.config;
|
||||
|
||||
import static org.junit.Assert.*;
|
||||
import static org.springframework.security.config.ConfigTestUtils.AUTH_PROVIDER_XML;
|
||||
import static org.springframework.security.config.HttpSecurityBeanDefinitionParser.*;
|
||||
|
||||
import java.lang.reflect.Method;
|
||||
import java.util.Iterator;
|
||||
@@ -24,34 +25,43 @@ import org.springframework.security.MockAuthenticationEntryPoint;
|
||||
import org.springframework.security.SecurityConfig;
|
||||
import org.springframework.security.concurrent.ConcurrentLoginException;
|
||||
import org.springframework.security.concurrent.ConcurrentSessionControllerImpl;
|
||||
import org.springframework.security.concurrent.ConcurrentSessionFilter;
|
||||
import org.springframework.security.config.util.InMemoryXmlApplicationContext;
|
||||
import org.springframework.security.context.SecurityContextHolder;
|
||||
import org.springframework.security.context.web.HttpSessionSecurityContextRepository;
|
||||
import org.springframework.security.context.web.SecurityContextPersistenceFilter;
|
||||
import org.springframework.security.intercept.web.FilterInvocation;
|
||||
import org.springframework.security.intercept.web.FilterInvocationSecurityMetadataSource;
|
||||
import org.springframework.security.intercept.web.FilterSecurityInterceptor;
|
||||
import org.springframework.security.openid.OpenIDAuthenticationProcessingFilter;
|
||||
import org.springframework.security.openid.OpenIDAuthenticationProvider;
|
||||
import org.springframework.security.providers.TestingAuthenticationToken;
|
||||
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.securechannel.ChannelProcessingFilter;
|
||||
import org.springframework.security.ui.AuthenticationFailureHandler;
|
||||
import org.springframework.security.ui.AuthenticationSuccessHandler;
|
||||
import org.springframework.security.ui.ExceptionTranslationFilter;
|
||||
import org.springframework.security.ui.SessionFixationProtectionFilter;
|
||||
import org.springframework.security.ui.WebAuthenticationDetails;
|
||||
import org.springframework.security.ui.anonymous.AnonymousProcessingFilter;
|
||||
import org.springframework.security.ui.basicauth.BasicProcessingFilter;
|
||||
import org.springframework.security.ui.logout.LogoutFilter;
|
||||
import org.springframework.security.ui.logout.LogoutHandler;
|
||||
import org.springframework.security.ui.preauth.x509.X509PreAuthenticatedProcessingFilter;
|
||||
import org.springframework.security.ui.rememberme.PersistentTokenBasedRememberMeServices;
|
||||
import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;
|
||||
import org.springframework.security.ui.webapp.DefaultLoginPageGeneratingFilter;
|
||||
import org.springframework.security.util.FieldUtils;
|
||||
import org.springframework.security.web.util.FilterChainProxy;
|
||||
import org.springframework.security.web.util.PortMapperImpl;
|
||||
import org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter;
|
||||
import org.springframework.security.web.ExceptionTranslationFilter;
|
||||
import org.springframework.security.web.FilterChainProxy;
|
||||
import org.springframework.security.web.PortMapperImpl;
|
||||
import org.springframework.security.web.SessionFixationProtectionFilter;
|
||||
import org.springframework.security.web.WebAuthenticationDetails;
|
||||
import org.springframework.security.web.authentication.AnonymousProcessingFilter;
|
||||
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
|
||||
import org.springframework.security.web.authentication.AuthenticationProcessingFilter;
|
||||
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
|
||||
import org.springframework.security.web.authentication.DefaultLoginPageGeneratingFilter;
|
||||
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
|
||||
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
|
||||
import org.springframework.security.web.authentication.preauth.x509.X509PreAuthenticatedProcessingFilter;
|
||||
import org.springframework.security.web.authentication.rememberme.InMemoryTokenRepositoryImpl;
|
||||
import org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices;
|
||||
import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;
|
||||
import org.springframework.security.web.authentication.www.BasicProcessingFilter;
|
||||
import org.springframework.security.web.concurrent.ConcurrentSessionFilter;
|
||||
import org.springframework.security.web.concurrent.SessionRegistryImpl;
|
||||
import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
|
||||
import org.springframework.security.web.context.SecurityContextPersistenceFilter;
|
||||
import org.springframework.security.web.expression.DefaultWebSecurityExpressionHandler;
|
||||
import org.springframework.security.web.expression.ExpressionBasedFilterInvocationSecurityMetadataSource;
|
||||
import org.springframework.security.web.intercept.FilterInvocation;
|
||||
import org.springframework.security.web.intercept.FilterInvocationSecurityMetadataSource;
|
||||
import org.springframework.security.web.intercept.FilterSecurityInterceptor;
|
||||
import org.springframework.security.web.logout.LogoutFilter;
|
||||
import org.springframework.security.web.logout.LogoutHandler;
|
||||
import org.springframework.security.web.securechannel.ChannelProcessingFilter;
|
||||
import org.springframework.security.web.wrapper.SecurityContextHolderAwareRequestFilter;
|
||||
import org.springframework.util.ReflectionUtils;
|
||||
|
||||
/**
|
||||
@@ -76,6 +86,15 @@ public class HttpSecurityBeanDefinitionParserTests {
|
||||
setContext("<http><http-basic /></http>" + AUTH_PROVIDER_XML);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void beanClassNamesAreCorrect() throws Exception {
|
||||
assertEquals(DefaultWebSecurityExpressionHandler.class.getName(), EXPRESSION_HANDLER_CLASS);
|
||||
assertEquals(ExpressionBasedFilterInvocationSecurityMetadataSource.class.getName(), EXPRESSION_FIMDS_CLASS);
|
||||
assertEquals(AuthenticationProcessingFilter.class.getName(), AUTHENTICATION_PROCESSING_FILTER_CLASS);
|
||||
assertEquals(OpenIDAuthenticationProcessingFilter.class.getName(), OPEN_ID_AUTHENTICATION_PROCESSING_FILTER_CLASS);
|
||||
assertEquals(OpenIDAuthenticationProvider.class.getName(), OPEN_ID_AUTHENTICATION_PROVIDER_CLASS);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void httpAutoConfigSetsUpCorrectFilterList() throws Exception {
|
||||
setContext("<http auto-config='true' />" + AUTH_PROVIDER_XML);
|
||||
@@ -142,7 +161,7 @@ public class HttpSecurityBeanDefinitionParserTests {
|
||||
// This will be matched by the default pattern ".*"
|
||||
List<Filter> allFilters = getFilters("/ImCaughtByTheUniversalMatchPattern");
|
||||
checkAutoConfigFilters(allFilters);
|
||||
assertEquals(false, FieldUtils.getFieldValue(appContext.getBean("_filterChainProxy"), "stripQueryStringFromUrls"));
|
||||
assertEquals(false, FieldUtils.getFieldValue(appContext.getBean(BeanIds.FILTER_CHAIN_PROXY), "stripQueryStringFromUrls"));
|
||||
assertEquals(false, FieldUtils.getFieldValue(allFilters.get(AUTO_CONFIG_FILTERS-1), "securityMetadataSource.stripQueryStringFromUrls"));
|
||||
}
|
||||
|
||||
@@ -335,19 +354,22 @@ public class HttpSecurityBeanDefinitionParserTests {
|
||||
@Test
|
||||
public void externalFiltersAreTreatedCorrectly() throws Exception {
|
||||
// Decorated user-filters should be added to stack. The others should be ignored.
|
||||
String contextHolderFilterClass = SecurityContextHolderAwareRequestFilter.class.getName();
|
||||
String contextPersistenceFilterClass = SecurityContextPersistenceFilter.class.getName();
|
||||
|
||||
setContext(
|
||||
"<http auto-config='true'/>" + AUTH_PROVIDER_XML +
|
||||
"<b:bean id='userFilter' class='org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter'>" +
|
||||
"<b:bean id='userFilter' class='"+ contextHolderFilterClass +"'>" +
|
||||
" <custom-filter after='LOGOUT_FILTER'/>" +
|
||||
"</b:bean>" +
|
||||
"<b:bean id='userFilter1' class='org.springframework.security.context.web.SecurityContextPersistenceFilter'>" +
|
||||
"<b:bean id='userFilter1' class='" + contextPersistenceFilterClass + "'>" +
|
||||
" <custom-filter before='SESSION_CONTEXT_INTEGRATION_FILTER'/>" +
|
||||
"</b:bean>" +
|
||||
"<b:bean id='userFilter2' class='org.springframework.security.context.web.SecurityContextPersistenceFilter'>" +
|
||||
"<b:bean id='userFilter2' class='" + contextPersistenceFilterClass + "'>" +
|
||||
" <custom-filter position='FIRST'/>" +
|
||||
"</b:bean>" +
|
||||
"<b:bean id='userFilter3' class='org.springframework.security.context.web.SecurityContextPersistenceFilter'/>" +
|
||||
"<b:bean id='userFilter4' class='org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter'/>"
|
||||
"<b:bean id='userFilter3' class='" + contextPersistenceFilterClass + "'/>" +
|
||||
"<b:bean id='userFilter4' class='"+ contextHolderFilterClass +"'/>"
|
||||
);
|
||||
List<Filter> filters = getFilters("/someurl");
|
||||
|
||||
@@ -361,7 +383,7 @@ public class HttpSecurityBeanDefinitionParserTests {
|
||||
public void twoFiltersWithSameOrderAreRejected() {
|
||||
setContext(
|
||||
"<http auto-config='true'/>" + AUTH_PROVIDER_XML +
|
||||
"<b:bean id='userFilter' class='org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter'>" +
|
||||
"<b:bean id='userFilter' class='" + SecurityContextHolderAwareRequestFilter.class.getName() + "'>" +
|
||||
" <custom-filter position='LOGOUT_FILTER'/>" +
|
||||
"</b:bean>");
|
||||
}
|
||||
@@ -373,7 +395,7 @@ public class HttpSecurityBeanDefinitionParserTests {
|
||||
" <remember-me token-repository-ref='tokenRepo'/>" +
|
||||
"</http>" +
|
||||
"<b:bean id='tokenRepo' " +
|
||||
"class='org.springframework.security.ui.rememberme.InMemoryTokenRepositoryImpl'/> " + AUTH_PROVIDER_XML);
|
||||
"class='" + InMemoryTokenRepositoryImpl.class.getName() + "'/> " + AUTH_PROVIDER_XML);
|
||||
Object rememberMeServices = appContext.getBean(BeanIds.REMEMBER_ME_SERVICES);
|
||||
|
||||
assertTrue(rememberMeServices instanceof PersistentTokenBasedRememberMeServices);
|
||||
@@ -400,7 +422,7 @@ public class HttpSecurityBeanDefinitionParserTests {
|
||||
"<http auto-config='true'>" +
|
||||
" <remember-me key='ourkey' services-ref='rms'/>" +
|
||||
"</http>" +
|
||||
"<b:bean id='rms' class='org.springframework.security.ui.rememberme.TokenBasedRememberMeServices'> " +
|
||||
"<b:bean id='rms' class='"+ TokenBasedRememberMeServices.class.getName() +"'> " +
|
||||
" <b:property name='userDetailsService' ref='us'/>" +
|
||||
" <b:property name='key' value='ourkey'/>" +
|
||||
" <b:property name='tokenValiditySeconds' value='5000'/>" +
|
||||
@@ -486,7 +508,7 @@ public class HttpSecurityBeanDefinitionParserTests {
|
||||
"<http auto-config='true'>" +
|
||||
" <concurrent-session-control session-registry-ref='seshRegistry' />" +
|
||||
"</http>" +
|
||||
"<b:bean id='seshRegistry' class='org.springframework.security.concurrent.SessionRegistryImpl'/>" +
|
||||
"<b:bean id='seshRegistry' class='" + SessionRegistryImpl.class.getName() + "'/>" +
|
||||
AUTH_PROVIDER_XML);
|
||||
Object sessionRegistry = appContext.getBean("seshRegistry");
|
||||
Object sessionRegistryFromFilter = FieldUtils.getFieldValue(
|
||||
@@ -508,9 +530,9 @@ public class HttpSecurityBeanDefinitionParserTests {
|
||||
"<http auto-config='true'>" +
|
||||
" <concurrent-session-control session-registry-alias='seshRegistry' expired-url='/expired'/>" +
|
||||
"</http>" +
|
||||
"<b:bean id='sc' class='org.springframework.security.concurrent.ConcurrentSessionControllerImpl'>" +
|
||||
"<b:bean id='sc' class='" + ConcurrentSessionControllerImpl.class.getName() +"'>" +
|
||||
" <b:property name='sessionRegistry'>" +
|
||||
" <b:bean class='org.springframework.security.concurrent.SessionRegistryImpl'/>" +
|
||||
" <b:bean class='"+ SessionRegistryImpl.class.getName() + "'/>" +
|
||||
" </b:property>" +
|
||||
"</b:bean>" + AUTH_PROVIDER_XML);
|
||||
}
|
||||
@@ -523,7 +545,7 @@ public class HttpSecurityBeanDefinitionParserTests {
|
||||
"</http>" +
|
||||
"<b:bean id='sc' class='org.springframework.security.concurrent.ConcurrentSessionControllerImpl'>" +
|
||||
" <b:property name='sessionRegistry'>" +
|
||||
" <b:bean class='org.springframework.security.concurrent.SessionRegistryImpl'/>" +
|
||||
" <b:bean class='" + SessionRegistryImpl.class.getName() + "'/>" +
|
||||
" </b:property>" +
|
||||
"</b:bean>" +
|
||||
"<authentication-manager alias='authManager' session-controller-ref='sc'/>" + AUTH_PROVIDER_XML);
|
||||
@@ -564,7 +586,7 @@ public class HttpSecurityBeanDefinitionParserTests {
|
||||
public void customEntryPointIsSupported() throws Exception {
|
||||
setContext(
|
||||
"<http auto-config='true' entry-point-ref='entryPoint'/>" +
|
||||
"<b:bean id='entryPoint' class='org.springframework.security.MockAuthenticationEntryPoint'>" +
|
||||
"<b:bean id='entryPoint' class='" + MockAuthenticationEntryPoint.class.getName() + "'>" +
|
||||
" <b:constructor-arg value='/customlogin'/>" +
|
||||
"</b:bean>" + AUTH_PROVIDER_XML);
|
||||
ExceptionTranslationFilter etf = (ExceptionTranslationFilter) getFilters("/someurl").get(AUTO_CONFIG_FILTERS-3);
|
||||
@@ -693,7 +715,7 @@ public class HttpSecurityBeanDefinitionParserTests {
|
||||
@Test
|
||||
public void supportsExternallyDefinedSecurityContextRepository() throws Exception {
|
||||
setContext(
|
||||
"<b:bean id='repo' class='org.springframework.security.context.web.HttpSessionSecurityContextRepository'/>" +
|
||||
"<b:bean id='repo' class='" + HttpSessionSecurityContextRepository.class.getName() + "'/>" +
|
||||
"<http create-session='always' security-context-repository-ref='repo'>" +
|
||||
" <http-basic />" +
|
||||
"</http>" + AUTH_PROVIDER_XML);
|
||||
@@ -706,7 +728,7 @@ public class HttpSecurityBeanDefinitionParserTests {
|
||||
@Test(expected=BeanDefinitionParsingException.class)
|
||||
public void cantUseUnsupportedSessionCreationAttributeWithExternallyDefinedSecurityContextRepository() throws Exception {
|
||||
setContext(
|
||||
"<b:bean id='repo' class='org.springframework.security.context.web.HttpSessionSecurityContextRepository'/>" +
|
||||
"<b:bean id='repo' class='" + HttpSessionSecurityContextRepository.class.getName() + "'/>" +
|
||||
"<http create-session='never' security-context-repository-ref='repo'>" +
|
||||
" <http-basic />" +
|
||||
"</http>" + AUTH_PROVIDER_XML);
|
||||
@@ -746,8 +768,8 @@ public class HttpSecurityBeanDefinitionParserTests {
|
||||
"<http>" +
|
||||
" <form-login authentication-success-handler-ref='sh' authentication-failure-handler-ref='fh'/>" +
|
||||
"</http>" +
|
||||
"<b:bean id='sh' class='org.springframework.security.ui.SavedRequestAwareAuthenticationSuccessHandler'/>" +
|
||||
"<b:bean id='fh' class='org.springframework.security.ui.SimpleUrlAuthenticationFailureHandler'/>" +
|
||||
"<b:bean id='sh' class='" + SavedRequestAwareAuthenticationSuccessHandler.class.getName() +"'/>" +
|
||||
"<b:bean id='fh' class='" + SimpleUrlAuthenticationFailureHandler.class.getName() + "'/>" +
|
||||
AUTH_PROVIDER_XML);
|
||||
AuthenticationProcessingFilter apf = (AuthenticationProcessingFilter) appContext.getBean(BeanIds.FORM_LOGIN_FILTER);
|
||||
AuthenticationSuccessHandler sh = (AuthenticationSuccessHandler) appContext.getBean("sh");
|
||||
|
||||
+5
-3
@@ -8,8 +8,10 @@ import org.springframework.context.support.AbstractXmlApplicationContext;
|
||||
import org.springframework.security.Authentication;
|
||||
import org.springframework.security.AuthenticationException;
|
||||
import org.springframework.security.concurrent.ConcurrentSessionController;
|
||||
import org.springframework.security.concurrent.ConcurrentSessionControllerImpl;
|
||||
import org.springframework.security.config.util.InMemoryXmlApplicationContext;
|
||||
import org.springframework.security.util.FieldUtils;
|
||||
import org.springframework.security.web.concurrent.SessionRegistryImpl;
|
||||
|
||||
/**
|
||||
*
|
||||
@@ -35,9 +37,9 @@ public class SessionRegistryInjectionBeanPostProcessorTests {
|
||||
public void sessionRegistryIsSetOnFiltersWhenUsingCustomControllerWithInternalRegistryBean() throws Exception {
|
||||
setContext(
|
||||
"<http auto-config='true'/>" +
|
||||
"<b:bean id='sc' class='org.springframework.security.concurrent.ConcurrentSessionControllerImpl'>" +
|
||||
"<b:bean id='sc' class='" + ConcurrentSessionControllerImpl.class.getName() + "'>" +
|
||||
" <b:property name='sessionRegistry'>" +
|
||||
" <b:bean class='org.springframework.security.concurrent.SessionRegistryImpl'/>" +
|
||||
" <b:bean class='" + SessionRegistryImpl.class.getName() + "'/>" +
|
||||
" </b:property>" +
|
||||
"</b:bean>" +
|
||||
"<authentication-manager alias='authManager' session-controller-ref='sc'/>" +
|
||||
@@ -51,7 +53,7 @@ public class SessionRegistryInjectionBeanPostProcessorTests {
|
||||
setContext(
|
||||
"<http auto-config='true'/>" +
|
||||
"<b:bean id='sc' class='org.springframework.security.config.SessionRegistryInjectionBeanPostProcessorTests$MockConcurrentSessionController'/>" +
|
||||
"<b:bean id='sessionRegistry' class='org.springframework.security.concurrent.SessionRegistryImpl'/>" +
|
||||
"<b:bean id='sessionRegistry' class='" + SessionRegistryImpl.class.getName() + "'/>" +
|
||||
"<authentication-manager alias='authManager' session-controller-ref='sc'/>" +
|
||||
ConfigTestUtils.AUTH_PROVIDER_XML);
|
||||
assertNotNull(FieldUtils.getFieldValue(appContext.getBean(BeanIds.SESSION_FIXATION_PROTECTION_FILTER), "sessionRegistry"));
|
||||
|
||||
+4
-4
@@ -34,10 +34,10 @@ import org.springframework.context.support.ClassPathXmlApplicationContext;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.security.MockFilterConfig;
|
||||
import org.springframework.security.context.web.SecurityContextPersistenceFilter;
|
||||
import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;
|
||||
import org.springframework.security.web.util.FilterChainProxy;
|
||||
import org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter;
|
||||
import org.springframework.security.web.FilterChainProxy;
|
||||
import org.springframework.security.web.authentication.AuthenticationProcessingFilter;
|
||||
import org.springframework.security.web.context.SecurityContextPersistenceFilter;
|
||||
import org.springframework.security.web.wrapper.SecurityContextHolderAwareRequestFilter;
|
||||
|
||||
/**
|
||||
* Tests {@link FilterChainProxy}.
|
||||
|
||||
@@ -24,14 +24,14 @@
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
|
||||
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
|
||||
|
||||
<bean id="mockFilter" class="org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter"/>
|
||||
<bean id="mockFilter" class="org.springframework.security.web.wrapper.SecurityContextHolderAwareRequestFilter"/>
|
||||
|
||||
<bean id="mockFilter2" class="org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter"/>
|
||||
<bean id="mockFilter2" class="org.springframework.security.web.wrapper.SecurityContextHolderAwareRequestFilter"/>
|
||||
|
||||
<!-- These are just here so we have filters of a specific type to check the ordering is as expected -->
|
||||
<bean id="sif" class="org.springframework.security.context.web.SecurityContextPersistenceFilter"/>
|
||||
<bean id="sif" class="org.springframework.security.web.context.SecurityContextPersistenceFilter"/>
|
||||
|
||||
<bean id="apf" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter">
|
||||
<bean id="apf" class="org.springframework.security.web.authentication.AuthenticationProcessingFilter">
|
||||
<property name="authenticationManager">
|
||||
<bean class="org.springframework.security.MockAuthenticationManager"/>
|
||||
</property>
|
||||
@@ -39,7 +39,7 @@ http://www.springframework.org/schema/security http://www.springframework.org/sc
|
||||
|
||||
<bean id="mockNotAFilter" class="org.springframework.security.util.MockNotAFilter"/>
|
||||
|
||||
<bean id="filterChain" class="org.springframework.security.web.util.FilterChainProxy">
|
||||
<bean id="filterChain" class="org.springframework.security.web.FilterChainProxy">
|
||||
<sec:filter-chain-map path-type="ant">
|
||||
<sec:filter-chain pattern="/foo/**" filters="mockFilter"/>
|
||||
<sec:filter-chain pattern="/some/other/path/**" filters="mockFilter"/>
|
||||
@@ -48,7 +48,7 @@ http://www.springframework.org/schema/security http://www.springframework.org/sc
|
||||
</bean>
|
||||
|
||||
<!-- TODO: Refactor to replace the above (SEC-1034: 'new' is now the only valid syntax) -->
|
||||
<bean id="newFilterChainProxy" class="org.springframework.security.web.util.FilterChainProxy">
|
||||
<bean id="newFilterChainProxy" class="org.springframework.security.web.FilterChainProxy">
|
||||
<sec:filter-chain-map path-type="ant">
|
||||
<sec:filter-chain pattern="/foo/**" filters="mockFilter"/>
|
||||
<sec:filter-chain pattern="/some/other/path/**" filters="sif,mockFilter,mockFilter2"/>
|
||||
@@ -57,14 +57,14 @@ http://www.springframework.org/schema/security http://www.springframework.org/sc
|
||||
</sec:filter-chain-map>
|
||||
</bean>
|
||||
|
||||
<bean id="newFilterChainProxyNoDefaultPath" class="org.springframework.security.web.util.FilterChainProxy">
|
||||
<bean id="newFilterChainProxyNoDefaultPath" class="org.springframework.security.web.FilterChainProxy">
|
||||
<sec:filter-chain-map path-type="ant">
|
||||
<sec:filter-chain pattern="/foo/**" filters="mockFilter"/>
|
||||
<sec:filter-chain pattern="/*.bar" filters="mockFilter,mockFilter2"/>
|
||||
</sec:filter-chain-map>
|
||||
</bean>
|
||||
|
||||
<bean id="newFilterChainProxyWrongPathOrder" class="org.springframework.security.web.util.FilterChainProxy">
|
||||
<bean id="newFilterChainProxyWrongPathOrder" class="org.springframework.security.web.FilterChainProxy">
|
||||
<sec:filter-chain-map path-type="ant">
|
||||
<sec:filter-chain pattern="/foo/**" filters="mockFilter"/>
|
||||
<sec:filter-chain pattern="/**" filters="sif,apf,mockFilter"/>
|
||||
@@ -72,7 +72,7 @@ http://www.springframework.org/schema/security http://www.springframework.org/sc
|
||||
</sec:filter-chain-map>
|
||||
</bean>
|
||||
|
||||
<bean id="newFilterChainProxyRegex" class="org.springframework.security.web.util.FilterChainProxy">
|
||||
<bean id="newFilterChainProxyRegex" class="org.springframework.security.web.FilterChainProxy">
|
||||
<sec:filter-chain-map path-type="regex">
|
||||
<sec:filter-chain pattern="\A/foo/.*\Z" filters="mockFilter"/>
|
||||
<sec:filter-chain pattern="\A/s[oO]me/other/path/.*\Z" filters="sif,mockFilter,mockFilter2"/>
|
||||
@@ -81,7 +81,7 @@ http://www.springframework.org/schema/security http://www.springframework.org/sc
|
||||
</sec:filter-chain-map>
|
||||
</bean>
|
||||
|
||||
<bean id="newFilterChainProxyNonNamespace" class="org.springframework.security.web.util.FilterChainProxy">
|
||||
<bean id="newFilterChainProxyNonNamespace" class="org.springframework.security.web.FilterChainProxy">
|
||||
<property name="matcher">
|
||||
<bean class="org.springframework.security.util.AntUrlPathMatcher"/>
|
||||
</property>
|
||||
|
||||
Reference in New Issue
Block a user