SEC-2783: XML Configuration Defaults Should Match JavaConfig

* j_username -> username * j_password -> password * j_spring_security_check -> login * j_spring_cas_security_check -> login/cas * j_spring_cas_security_proxyreceptor -> login/cas/proxyreceptor * j_spring_openid_security_login -> login/openid * j_spring_security_switch_user -> login/impersonate * j_spring_security_exit_user -> logout/impersonate * login_error -> error * use-expressions=true by default
2026-05-22 21:33:16 +00:00 · 2014-12-05 09:52:29 -06:00
parent b56e5edbbd
commit c67ff42b8a
125 changed files with 8122 additions and 395 deletions
@@ -60,7 +60,7 @@ public class ServiceProperties implements InitializingBean {
     * This service is the callback URL belonging to the local Spring Security System for Spring secured application.
     * For example,
     * <pre>
-     * https://www.mycompany.com/application/j_spring_cas_security_check
+     * https://www.mycompany.com/application/login/cas
     * </pre>
     *
     * @return the URL of the service the user is authenticating to
@@ -51,7 +51,7 @@ import org.springframework.util.Assert;
 * presented in the <code>ticket</code> request parameter.
 * <p>
 * This filter monitors the <code>service</code> URL so it can
- * receive the service ticket and process it. By default this filter processes the URL <tt>/j_spring_cas_security_check</tt>.
+ * receive the service ticket and process it. By default this filter processes the URL <tt>/login/cas</tt>.
 * When processing this URL, the value of {@link ServiceProperties#getService()} is used as the <tt>service</tt> when validating
 * the <code>ticket</code>. This means that it is important that {@link ServiceProperties#getService()} specifies the same value
 * as the <tt>filterProcessesUrl</tt>.
@@ -92,7 +92,7 @@ import org.springframework.util.Assert;
 * <pre>
 * &lt;b:bean id=&quot;serviceProperties&quot;
 *     class=&quot;org.springframework.security.cas.ServiceProperties&quot;
- *     p:service=&quot;https://service.example.com/cas-sample/j_spring_cas_security_check&quot;
+ *     p:service=&quot;https://service.example.com/cas-sample/login/cas&quot;
 *     p:authenticateAllArtifacts=&quot;true&quot;/&gt;
 * &lt;b:bean id=&quot;casEntryPoint&quot;
 *     class=&quot;org.springframework.security.cas.web.CasAuthenticationEntryPoint&quot;
@@ -102,7 +102,7 @@ import org.springframework.util.Assert;
 *     p:authenticationManager-ref=&quot;authManager&quot;
 *     p:serviceProperties-ref=&quot;serviceProperties&quot;
 *     p:proxyGrantingTicketStorage-ref=&quot;pgtStorage&quot;
- *     p:proxyReceptorUrl=&quot;/j_spring_cas_security_proxyreceptor&quot;&gt;
+ *     p:proxyReceptorUrl=&quot;/login/cas/proxyreceptor&quot;&gt;
 *     &lt;b:property name=&quot;authenticationDetailsSource&quot;&gt;
 *         &lt;b:bean class=&quot;org.springframework.security.cas.web.authentication.ServiceAuthenticationDetailsSource&quot;/&gt;
 *     &lt;/b:property&gt;
@@ -129,7 +129,7 @@ import org.springframework.util.Assert;
 *         &lt;b:bean
 *             class=&quot;org.jasig.cas.client.validation.Cas20ProxyTicketValidator&quot;
 *             p:acceptAnyProxy=&quot;true&quot;
- *             p:proxyCallbackUrl=&quot;https://service.example.com/cas-sample/j_spring_cas_security_proxyreceptor&quot;
+ *             p:proxyCallbackUrl=&quot;https://service.example.com/cas-sample/login/cas/proxyreceptor&quot;
 *             p:proxyGrantingTicketStorage-ref=&quot;pgtStorage&quot;&gt;
 *             &lt;b:constructor-arg value=&quot;https://login.example.org/cas&quot; /&gt;
 *         &lt;/b:bean&gt;
@@ -188,7 +188,7 @@ public class CasAuthenticationFilter extends AbstractAuthenticationProcessingFil
    //~ Constructors ===================================================================================================

    public CasAuthenticationFilter() {
-        super("/j_spring_cas_security_check");
+        super("/login/cas");
        setAuthenticationFailureHandler(new SimpleUrlAuthenticationFailureHandler());
    }

@@ -1,12 +1,12 @@
 /*
 * Copyright 2011 the original author or authors.
- * 
+ *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
- * 
+ *
 *      http://www.apache.org/licenses/LICENSE-2.0
- * 
+ *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -135,7 +135,7 @@ final class DefaultServiceAuthenticationDetails extends WebAuthenticationDetails

    /**
     * Gets the port from the casServiceURL ensuring to return the proper value if the default port is being used.
-     * @param casServiceUrl the casServerUrl to be used (i.e. "https://example.com/context/j_spring_security_cas_check")
+     * @param casServiceUrl the casServerUrl to be used (i.e. "https://example.com/context/login/cas")
     * @return the port that is configured for the casServerUrl
     */
    private static int getServicePort(URL casServiceUrl) {
@@ -19,7 +19,7 @@ public abstract class AbstractStatelessTicketCacheTests {

    protected CasAuthenticationToken getToken() {
        List<String> proxyList = new ArrayList<String>();
-        proxyList.add("https://localhost/newPortal/j_spring_cas_security_check");
+        proxyList.add("https://localhost/newPortal/login/cas");

        User user = new User("rod", "password", true, true, true, true, AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"));
        final Assertion assertion = new AssertionImpl("rod");
@@ -69,7 +69,7 @@ public class CasAuthenticationEntryPointTests extends TestCase {
    public void testNormalOperationWithRenewFalse() throws Exception {
        ServiceProperties sp = new ServiceProperties();
        sp.setSendRenew(false);
-        sp.setService("https://mycompany.com/bigWebApp/j_spring_cas_security_check");
+        sp.setService("https://mycompany.com/bigWebApp/login/cas");

        CasAuthenticationEntryPoint ep = new CasAuthenticationEntryPoint();
        ep.setLoginUrl("https://cas/login");
@@ -84,14 +84,14 @@ public class CasAuthenticationEntryPointTests extends TestCase {
        ep.commence(request, response, null);

        assertEquals("https://cas/login?service="
-            + URLEncoder.encode("https://mycompany.com/bigWebApp/j_spring_cas_security_check", "UTF-8"),
+            + URLEncoder.encode("https://mycompany.com/bigWebApp/login/cas", "UTF-8"),
            response.getRedirectedUrl());
    }

    public void testNormalOperationWithRenewTrue() throws Exception {
        ServiceProperties sp = new ServiceProperties();
        sp.setSendRenew(true);
-        sp.setService("https://mycompany.com/bigWebApp/j_spring_cas_security_check");
+        sp.setService("https://mycompany.com/bigWebApp/login/cas");

        CasAuthenticationEntryPoint ep = new CasAuthenticationEntryPoint();
        ep.setLoginUrl("https://cas/login");
@@ -105,7 +105,7 @@ public class CasAuthenticationEntryPointTests extends TestCase {
        ep.afterPropertiesSet();
        ep.commence(request, response, null);
        assertEquals("https://cas/login?service="
-            + URLEncoder.encode("https://mycompany.com/bigWebApp/j_spring_cas_security_check", "UTF-8") + "&renew=true",
+            + URLEncoder.encode("https://mycompany.com/bigWebApp/login/cas", "UTF-8") + "&renew=true",
            response.getRedirectedUrl());
    }
 }
@@ -71,7 +71,7 @@ public class CasAuthenticationFilterTests {
    @Test
    public void testNormalOperation() throws Exception {
        MockHttpServletRequest request = new MockHttpServletRequest();
-        request.setServletPath("/j_spring_cas_security_check");
+        request.setServletPath("/login/cas");
        request.addParameter("ticket", "ST-0-ER94xMJmn6pha35CQRoZ");

        CasAuthenticationFilter filter = new CasAuthenticationFilter();