1
0
mirror of synced 2026-07-12 22:30:33 +00:00

Compare commits

...

115 Commits

Author SHA1 Message Date
Ben Alex 6833b1c348 Clarify build prerequisites. 2007-05-25 05:48:22 +00:00
Ben Alex 6e95397bc9 Clarify use of parameters for site target. 2007-05-25 05:47:08 +00:00
Ben Alex 451ba4dad0 Prepare for 1.0.4 release using Maven 1.0.2 as build system. 2007-05-25 05:33:44 +00:00
Ben Alex 4561c3a1f1 Remove unused imports that were causing warnings. 2007-05-25 05:33:06 +00:00
Ben Alex e252f4a497 Make compatible with Assert static class in Spring 1.2.9. 2007-05-25 05:32:32 +00:00
Vishal Puri 5b97b3458c utility class added required to copy ordering information from one object to another 2007-05-25 03:25:28 +00:00
Vishal Puri 5f42387915 Security namespaces 2007-05-25 03:22:06 +00:00
Ben Alex 10bf40fc03 SEC-472: Provide support for subclasses to select the login form URL to use for a given request. 2007-05-25 03:21:17 +00:00
Vishal Puri b30162191e SEC-271: Moved spring security namespaces cnfig code to sandbox 2007-05-25 03:17:12 +00:00
Ben Alex a8b402462e SEC-470: Provide flexibility to customize cookie name. 2007-05-25 03:12:49 +00:00
Vishal Puri 5c5b0d2020 SEC-271: Rolled back new namespaces changes from 1.0.4 release 2007-05-25 03:03:12 +00:00
Ben Alex 24b31c0c57 SEC-443: Provide useRelativeContext property. 2007-05-25 02:55:25 +00:00
Ben Alex c8d5374602 SEC-436: Add hashCode() methods. 2007-05-25 02:28:40 +00:00
Ben Alex 95735017e6 SEC-421: MutableAcl.setParent(MutableAcl) method to accept Acl parameter, not MutableAcl. 2007-05-25 02:22:18 +00:00
Ben Alex d0d645788a SEC-405: Extract out target URL determination method. 2007-05-25 02:07:44 +00:00
Ben Alex 998fc938df SEC-403: Add support for Chinese. 2007-05-25 02:04:44 +00:00
Ben Alex 296d235135 SEC-343: Make obtainAllDefinedFilters() protected. 2007-05-25 02:03:12 +00:00
Ben Alex 1fa89e99c4 SEC-307: Preserve result of AuthenticationManager.authenticate(Authentication). 2007-05-25 02:00:37 +00:00
Ben Alex 3b9a8dc53e SEC-444: Handle synchronization issues if multiple authentications taking place for same session ID concurrently. 2007-05-25 01:38:42 +00:00
Ben Alex 4f13db5552 SEC-398: Delay sending of redirect until after HttpSession updated with revised SecurityContextHolder contents. 2007-05-25 01:24:07 +00:00
Vishal Puri 4c6d132ead SEC-411: fixed broken unit tests as a consequence of adding anoter constructor argument 2007-05-24 23:35:01 +00:00
Vishal Puri 220ba29fc6 SEC-411: another constructor argument added as required in SecurityContextHolderAwareRequestWrapper 2007-05-24 23:20:40 +00:00
Ben Alex 0736f4ffa0 SEC-305: Retain SecurityContext when rendering error pages. 2007-05-24 02:04:47 +00:00
Ben Alex 6ea8899134 2007-05-24 00:47:12 +00:00
Ben Alex 07b2a5c673 SEC-447: Use EL tags. 2007-05-24 00:30:15 +00:00
Ben Alex 5b3c633790 SEC-451: Correctly handle an empty context path. 2007-05-24 00:18:09 +00:00
Ben Alex ee994839fa Add OpenNMS. 2007-05-23 23:44:43 +00:00
Ben Alex c8c37c8935 SEC-439: Do not modify the object (ie replace it with null) unless the provider is supposed to fire according to the processDomainObjectClass property. 2007-05-23 07:04:22 +00:00
Ben Alex b690c3e1d3 SEC-453: Log root cause of exception. 2007-05-23 06:59:20 +00:00
Ben Alex a3c992113e SEC-459: Provide local argument to the message source accessor. 2007-05-23 06:57:07 +00:00
Ben Alex a18bd9100c SEC-474: Gracefully abort if username and password non-retrievable. 2007-05-23 06:48:42 +00:00
Ben Alex f45c0944ef SEC-478: Handle incorrect Base64 cookie encoding. 2007-05-23 06:45:45 +00:00
Ben Alex 5b8898c750 SEC-298: Ensure returned cookies have a maximum age equal to the TokenBasedRememberMeServices.tokenValiditySeconds property. 2007-05-23 06:43:47 +00:00
Ben Alex ac3b142e4f SEC-438: Made afterPropertiesSet() use instance variable instead of static variable. 2007-05-23 06:35:03 +00:00
Ben Alex b52cb3d736 SEC-431: Remove copyFiles.bat. 2007-05-23 06:32:26 +00:00
Ben Alex 72a7d06ad1 SEC-476: Provide support for not logging interactive authentication events. 2007-05-23 06:31:32 +00:00
Carlos Sanchez 9864ef0a4a Make dockbook generation work using latest plugin 2007-05-23 05:30:24 +00:00
Ben Alex f7e714b9da Maven 2 polishing. 2007-05-23 04:20:54 +00:00
Vishal Puri acb9e427df deleted redundant file 2007-05-18 03:29:50 +00:00
Vishal Puri c3c4978e4f changed spring-security schema location 2007-05-18 03:29:02 +00:00
Vishal Puri a6135c61c7 incorporated maven 2 in dms sample 2007-05-18 03:23:16 +00:00
Vishal Puri 3f7e00c796 SEC-271: removed autowiring by type and explicity introspected the applicationContext to detect the required dependencies of userDetailsService 2007-05-18 03:21:21 +00:00
Vishal Puri e3435da9ae SEC-271: removed autowiring by type and explicity introspected the applicationContext to detect the required dependencies of userDetailsService 2007-05-18 03:20:28 +00:00
Vishal Puri 803c687b5d Added pom 2007-05-17 23:11:57 +00:00
Vishal Puri 0bdadaac09 Incorporated maven 2 2007-05-17 23:10:12 +00:00
Vishal Puri ff02aa7932 Added maven 2 suport 2007-05-17 23:08:10 +00:00
Vishal Puri ec02a3458f SEC-271: Replaced legacy bean definitions with the new namespace elements 2007-05-17 23:06:46 +00:00
Vishal Puri 1444f1087d new security namespaces added 2007-05-17 14:22:03 +00:00
Vishal Puri a934f82af4 SEC-271: Fixed IllegalStateException being thrown by LogoutHandlerOrdereResolver and add an assert statement in the unit test 2007-05-17 13:42:51 +00:00
Vishal Puri a01bb3bbee Added more bean definition parsers 2007-05-17 12:57:16 +00:00
Vishal Puri 1a06723404 fixed broken test in build 47 2007-05-17 12:49:58 +00:00
Vishal Puri 3eb9870162 SEC-271: Added more security elements 2007-05-17 12:30:36 +00:00
Vishal Puri e7d87275e0 SEC-271: Fixed Acegi version 2007-05-17 12:28:19 +00:00
Vishal Puri b072748999 SEC-271: Fixed spring and acegi versions 2007-05-17 12:26:11 +00:00
Vishal Puri d7e86c4bae SEC-271: Fixed Acegi and Spring versions 2007-05-17 12:24:04 +00:00
Vishal Puri 26b0d4d1cb SEC-271: uncommented copy of resources in META-INF directory 2007-05-17 12:23:07 +00:00
Vishal Puri e43439ba44 implemented Ordered interface 2007-05-17 12:21:02 +00:00
Vishal Puri 001dc0b1d9 SEC-271: implemented Orderd interface in all the entrypoints 2007-05-17 12:20:16 +00:00
Ray Krueger 8b1cc05518 Updated Assertion message 2007-05-17 03:18:35 +00:00
Vishal Puri 84a3c87ea4 SEC-271: Replaced Java 5 specific code with pre Java 5 2007-05-17 03:04:07 +00:00
Vishal Puri e67bff61a0 Explicity specified version 2.3 for surefire-plugin 2007-05-17 01:14:07 +00:00
Vishal Puri 74123cd234 Replace resource property with location for PropertyFactoryBean 2007-05-16 00:31:31 +00:00
Vishal Puri ee2eac5a51 SEC-271: added LogoutFilterBeanDefinitionParserTests 2007-05-15 13:54:43 +00:00
Vishal Puri 1203e9858a SEC-271: Added BeanDefitnitionParser for principal-repository, extended security schema and added unit tests 2007-05-15 13:32:06 +00:00
Vishal Puri 51f306a19a SEC-271: Added more BeanDefinitionParsers and extend spring-security.xsd to have more elements 2007-05-15 13:26:05 +00:00
Vishal Puri ced5cb4f85 added new security element in the spring-security schema and wrote a parser for the element 2007-05-13 13:33:33 +00:00
Vishal Puri 20e21811f0 xml formatting 2007-05-13 12:59:19 +00:00
Vishal Puri b57b63ad0e xml formatting 2007-05-13 12:47:35 +00:00
Vishal Puri e73421d7b2 Spring version upgrade to 2.0.4, changed svn urls in project.xml and poms 2007-05-13 12:30:53 +00:00
Vishal Puri 95e0fd9ffe changed spring version 2007-05-13 12:29:11 +00:00
Vishal Puri 9794c518d6 SEC-271: Spring 2-based configuration simplification of Acegi Security 2007-05-11 00:09:56 +00:00
Vishal Puri 566314dae5 SEC-271: Spring 2-based configuration simplification of Acegi Security 2007-05-10 02:32:30 +00:00
Vishal Puri 09fd79bc64 SEC-419: Added the right logger class in CollectionFilterer 2007-05-10 02:25:15 +00:00
Vishal Puri 82f215700b changed svn url to https://acegisecurity.svn..... 2007-05-10 02:11:54 +00:00
Carlos Sanchez 2df7036632 Migrate site to Maven2 2007-05-03 23:00:18 +00:00
Carlos Sanchez 711421d218 Lock down versions of plugins 2007-05-01 23:33:45 +00:00
Carlos Sanchez 1139424b39 Add dockbook sample (doesn't work yet) 2007-05-01 22:48:41 +00:00
Vishal Puri 048ee65f4a changed ehcache version to 1.2.4 as a part of creating 1.1.0 rlease 2007-04-30 06:17:05 +00:00
Vishal Puri f56771b214 SEC-376: moved switchUserProcessingFilter after filterInvocationInterceptor in contacts/filter applicationContext-acegi-security.xml file 2007-04-27 07:38:02 +00:00
Vishal Puri 62c832e366 SEC-423: Fixed IllegalArguemntException being thrown by checking for null contextFromSessionObject 2007-04-27 07:35:11 +00:00
Ben Alex af4479670e Add a few new articles. 2007-04-27 02:19:50 +00:00
Vishal Puri 35250c48e3 SEC-376: Moved SwitchUserProcessingFilter to AFTER the FilterSecurityInterceptor in acegi.xml 2007-04-25 23:04:24 +00:00
Ray Krueger a6079cd3d6 Updated apache DS dependencies to fix unit tests 2007-04-24 13:43:48 +00:00
Ray Krueger 0f7e19dc77 Added repo1.maven.org/maven as a remote repository to fix ibiblio 301 errors 2007-04-24 13:24:53 +00:00
Vishal Puri c2d1405f44 SEC-357: Added testIfSwitchUserWithNullUsernameThrowsException 2007-04-24 06:35:15 +00:00
Ray Krueger fe0c99c816 Fixed http://opensource.atlassian.com/projects/spring/browse/SEC-445
Import servlet-api 2.4 in order to bring in the correct PageContext class
2007-04-23 18:25:01 +00:00
Ray Krueger d81a806405 OpenID support contributed by Robin Bramley
Todo:
* Improve Test Coverage
* Replace Servlet with Filter
* Add support for providers other than JanRain as it may be dead
2007-04-20 14:47:04 +00:00
Luke Taylor 6bfff55da3 Corrected Javadoc for setRejectPublicInvocations (s/true/false) and tidied up code for validation of attributes 2007-03-30 18:27:19 +00:00
Luke Taylor 993f7e4af0 Refactored to pull "public invocation" behaviour (attr==null) into a single guard clause. 2007-03-30 18:02:08 +00:00
Luke Taylor 6e5f5e15ad Refactored to introduce constants for number of ops and number of threads for tuning. 2007-03-10 21:34:53 +00:00
Luke Taylor 7a3a90c0f1 Added a blank name for the footer menu. 2007-03-06 19:54:46 +00:00
Luke Taylor 14b05c40b4 Change reference manual link to point to docbook output. 2007-02-24 22:47:30 +00:00
Luke Taylor 48add40538 Docbook source and resources copied for Maven 2 docbook plugin. 2007-02-24 22:40:46 +00:00
Luke Taylor fabca162a7 Added a customized checkstyle configuration file to tame the Maven 2 checkstyle report to the extent that it gives some useful infomation. Tidied up comments, excessively long lines, use of tabs etc. to match. 2007-02-24 21:00:24 +00:00
Luke Taylor bd2d4b013a Extracted a method to evaluate the conditions for whether basic authentication is required. 2007-02-23 19:21:44 +00:00
Luke Taylor a1886bd1e0 Made string constant RECIPIENT_FOR_CACHE_EMPTY final. 2007-02-22 23:57:49 +00:00
Luke Taylor b8a0f97fde Removed irrelevant CAS stuff from equalsWhenEqual test. 2007-02-22 23:29:01 +00:00
Scott Battaglia cce36df79e SEC-437
added note about acegi-security-cas.jar needing to be copied in also.
2007-02-19 02:35:38 +00:00
Luke Taylor 25bc67885d Uncommented tests which now work due to apache-ds bugfixes 2007-02-06 18:21:31 +00:00
Luke Taylor 0d9cae43bf Corrected mistake in reading java.io.tmpdir. 2007-02-06 18:20:14 +00:00
Luke Taylor 5464678355 Pass apache-ds temp working directory as a system property through the surefire plugin. 2007-02-06 18:18:14 +00:00
Luke Taylor 8b98a9d27c Added code to delete the previous contents of the ldap test server working directory as these aren't always compatible if the apache-ds version has changed. 2007-02-05 00:35:42 +00:00
Luke Taylor 1686fd0bd2 Updated ldap tests to apache directory 1.0.0 release version. 2007-02-04 20:06:36 +00:00
Ben Alex e169e63e1b SEC-404: Correct previous SEC-404 commit. 2007-01-02 23:36:38 +00:00
Ben Alex 3f62a5c868 SEC-404: NPE when logging out if user not already logged in. 2006-12-28 21:23:35 +00:00
Ben Alex 17cc70a3cd SEC-415: Add document management system ACL sample. 2006-12-17 00:54:13 +00:00
Luke Taylor 93509dc999 Reformatted X.509 certificate in comment. 2006-11-29 01:40:14 +00:00
Luke Taylor 6a440f816c removed monkeymachine.co.uk email addresses. 2006-11-28 21:37:37 +00:00
Carlos Sanchez 4ade7e2221 Use m2 ibiblio repo for downloads 2006-11-28 20:47:11 +00:00
Ben Alex 1fe3beff8e Add entry. 2006-11-26 05:04:56 +00:00
Ben Alex 1805ab8ec4 SEC-401: internalMethod handling fixes, plus correct issue with startsWith(String) usage. 2006-11-26 04:47:43 +00:00
Ben Alex e79a28875f SEC-400: Clarify exception if getter returns null. 2006-11-26 03:24:11 +00:00
Ray Krueger 1a486e584b HttpSessionEventPublisher need not implement ServletContextListener any longer 2006-11-20 19:35:11 +00:00
Ray Krueger 74e8efc4e9 Fixed SEC-395 2006-11-20 19:09:45 +00:00
Ben Alex 9d2fe0e037 Switch release to 1.0.4. 2006-11-17 04:42:05 +00:00
426 changed files with 18000 additions and 3680 deletions
+12 -9
View File
@@ -4,8 +4,10 @@
<classpathentry kind="src" path="core/src/main/resources"/>
<classpathentry kind="src" path="core/src/test/java"/>
<classpathentry kind="src" path="core/src/test/resources"/>
<classpathentry kind="src" path="sandbox/other/src/main/java"/>
<classpathentry kind="src" path="sandbox/other/src/test/java"/>
<classpathentry kind="src" path="samples/dms/src/test/java"/>
<classpathentry kind="src" path="samples/dms/src/main/resources"/>
<classpathentry kind="src" path="samples/dms/src/main/java"/>
<classpathentry kind="src" path="samples/dms/src/test/resources"/>
<classpathentry kind="src" path="samples/contacts/src/main/java"/>
<classpathentry kind="src" path="samples/contacts/src/main/resources"/>
<classpathentry kind="src" path="samples/contacts/src/test/java"/>
@@ -32,8 +34,8 @@
<classpathentry kind="src" path="adapters/resin/src/test/java"/>
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
<classpathentry kind="var" path="MAVEN_REPO/com.caucho/jars/resin-3.0.9.jar"/>
<classpathentry kind="var" path="MAVEN_REPO/org.springframework/jars/spring-1.2.8.jar"/>
<classpathentry kind="var" path="MAVEN_REPO/org.springframework/jars/spring-mock-1.2.8.jar"/>
<classpathentry kind="var" path="MAVEN_REPO/org.springframework/jars/spring-1.2.9.jar" sourcepath="/MAVEN_REPO/org.springframework/src/spring-1.2.9-sources.jar"/>
<classpathentry kind="var" path="MAVEN_REPO/org.springframework/jars/spring-mock-1.2.9.jar"/>
<classpathentry kind="var" path="MAVEN_REPO/aopalliance/jars/aopalliance-1.0.jar"/>
<classpathentry kind="var" path="MAVEN_REPO/aspectj/jars/aspectjrt-1.2.jar"/>
<classpathentry kind="var" path="MAVEN_REPO/cas/jars/casclient-2.0.11.jar"/>
@@ -49,10 +51,10 @@
<classpathentry kind="var" path="MAVEN_REPO/jboss/jars/jboss-common-3.2.3.jar"/>
<classpathentry kind="var" path="MAVEN_REPO/jboss/jars/jbosssx-3.2.3.jar"/>
<classpathentry kind="var" path="MAVEN_REPO/junit/jars/junit-3.8.1.jar"/>
<classpathentry kind="var" path="MAVEN_REPO/ehcache/jars/ehcache-1.1.jar"/>
<classpathentry kind="var" path="MAVEN_REPO/net.sf.ehcache/jars/ehcache-1.2.4.jar"/>
<classpathentry kind="var" path="MAVEN_REPO/javax.servlet/jars/jsp-api-2.0.jar"/>
<classpathentry kind="var" path="MAVEN_REPO/hibernate/jars/hibernate-3.0.3.jar"/>
<classpathentry sourcepath="DIST_BASE/commons-beanutils-1.6.1-src/src/java" kind="var" path="MAVEN_REPO/commons-beanutils/jars/commons-beanutils-1.6.1.jar"/>
<classpathentry kind="var" path="MAVEN_REPO/commons-beanutils/jars/commons-beanutils-1.6.1.jar" sourcepath="DIST_BASE/commons-beanutils-1.6.1-src/src/java"/>
<classpathentry kind="src" path="samples/contacts-tiger/src/main/java"/>
<classpathentry kind="src" path="core-tiger/src/main/java"/>
<classpathentry kind="src" path="core-tiger/src/main/resources"/>
@@ -64,12 +66,12 @@
<classpathentry kind="var" path="MAVEN_REPO/org.samba.jcifs/jars/jcifs-1.2.6.jar"/>
<classpathentry kind="var" path="MAVEN_REPO/dom4j/jars/dom4j-1.6.jar"/>
<classpathentry kind="var" path="MAVEN_REPO/xerces/jars/xercesImpl-2.6.2.jar"/>
<classpathentry sourcepath="MAVEN_REPO/jmock/distributions/jmock-1.0.1-src.jar" kind="var" path="MAVEN_REPO/jmock/jars/jmock-1.0.1.jar"/>
<classpathentry kind="var" path="MAVEN_REPO/jmock/jars/jmock-1.0.1.jar" sourcepath="MAVEN_REPO/jmock/distributions/jmock-1.0.1-src.jar"/>
<classpathentry kind="var" path="MAVEN_REPO/jdbm/jars/jdbm-1.0.jar"/>
<classpathentry kind="var" path="MAVEN_REPO/regexp/jars/regexp-1.2.jar"/>
<classpathentry kind="var" path="MAVEN_REPO/org.slf4j/jars/slf4j-log4j12-1.0-rc5.jar"/>
<classpathentry kind="var" path="MAVEN_REPO/org.apache.directory.server/jars/apacheds-core-1.0-RC1.jar"/>
<classpathentry kind="var" path="MAVEN_REPO/org.apache.directory.server/jars/apacheds-core-shared-1.0-RC1.jar"/>
<classpathentry kind="var" path="MAVEN_REPO/org.apache.directory.server/jars/apacheds-core-1.0.0.jar"/>
<classpathentry kind="var" path="MAVEN_REPO/org.apache.directory.server/jars/apacheds-core-shared-1.0.0.jar"/>
<classpathentry kind="var" path="MAVEN_REPO/org.apache.directory.shared/jars/shared-asn1-0.9.5.jar"/>
<classpathentry kind="var" path="MAVEN_REPO/org.apache.directory.shared/jars/shared-ldap-0.9.5.jar"/>
<classpathentry kind="var" path="MAVEN_REPO/antlr/jars/antlr-2.7.2.jar"/>
@@ -79,5 +81,6 @@
<classpathentry kind="var" path="MAVEN_REPO/taglibs/jars/standard-1.0.6.jar"/>
<classpathentry kind="var" path="MAVEN_REPO/commons-attributes/jars/commons-attributes-api-2.1.jar"/>
<classpathentry kind="var" path="MAVEN_REPO/log4j/jars/log4j-1.2.9.jar"/>
<classpathentry kind="var" path="M2_REPO/postgresql/postgresql/8.1-407.jdbc3/postgresql-8.1-407.jdbc3.jar"/>
<classpathentry kind="output" path="target/eclipseclasses"/>
</classpath>
+205
View File
@@ -0,0 +1,205 @@
<?xml version="1.0"?>
<!--
/*
* Copyright 2001-2004 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-->
<!DOCTYPE module PUBLIC
"-//Puppy Crawl//DTD Check Configuration 1.2//EN"
"http://www.puppycrawl.com/dtds/configuration_1_2.dtd">
<!--
Checkstyle is very configurable. Be sure to read the documentation at
http://checkstyle.sf.net (or in your downloaded distribution).
Most Checks are configurable, be sure to consult the documentation.
To completely disable a check, just comment it out or delete it from the file.
Finally, it is worth reading the documentation.
-->
<module name="Checker">
<!-- Checks that a package.html file exists for each package. -->
<!-- See http://checkstyle.sf.net/config_javadoc.html#PackageHtml -->
<!-- module name="PackageHtml"/ -->
<!-- Checks whether files end with a new line. -->
<!-- See http://checkstyle.sf.net/config_misc.html#NewlineAtEndOfFile -->
<module name="NewlineAtEndOfFile"/>
<!-- Checks that property files contain the same keys. -->
<!-- See http://checkstyle.sf.net/config_misc.html#Translation -->
<module name="Translation"/>
<module name="TreeWalker">
<property name="cacheFile" value="${checkstyle.cache.file}"/>
<!-- Checks for Javadoc comments. -->
<!-- See http://checkstyle.sf.net/config_javadoc.html -->
<!--
<module name="JavadocMethod"/>
<module name="JavadocType"/>
<module name="JavadocVariable"/>
<module name="JavadocStyle"/>
-->
<!-- Checks for Naming Conventions. -->
<!-- See http://checkstyle.sf.net/config_naming.html -->
<module name="ConstantName">
<!-- logger variables break normal constant syntax. We need to allow lower case too -->
<property name="format" value="^[a-zA-Z][a-zA-Z0-9]*(_[A-Z0-9]+)*$"/>
</module>
<module name="LocalFinalVariableName"/>
<module name="LocalVariableName"/>
<module name="MemberName"/>
<module name="MethodName"/>
<module name="PackageName"/>
<module name="ParameterName"/>
<module name="StaticVariableName"/>
<module name="TypeName"/>
<!-- Checks for Headers -->
<!-- See http://checkstyle.sf.net/config_header.html -->
<!-- <module name="Header"> -->
<!-- The follow property value demonstrates the ability -->
<!-- to have access to ANT properties. In this case it uses -->
<!-- the ${basedir} property to allow Checkstyle to be run -->
<!-- from any directory within a project. See property -->
<!-- expansion, -->
<!-- http://checkstyle.sf.net/config.html#properties -->
<!-- <property -->
<!-- name="headerFile" -->
<!-- value="${basedir}/java.header"/> -->
<!-- </module> -->
<!-- Following interprets the header file as regular expressions. -->
<!-- <module name="RegexpHeader"/> -->
<!-- Checks for imports -->
<!-- See http://checkstyle.sf.net/config_imports.html -->
<module name="AvoidStarImport">
<property name="excludes" value="javax.servlet,java.util"/>
</module>
<module name="IllegalImport"/> <!-- defaults to sun.* packages -->
<module name="RedundantImport"/>
<!--module name="UnusedImports"/ -->
<!-- Checks for Size Violations. -->
<!-- See http://checkstyle.sf.net/config_sizes.html -->
<module name="FileLength"/>
<module name="LineLength">
<property name="max" value="125"/>
</module>
<module name="MethodLength"/>
<module name="ParameterNumber"/>
<!-- Checks for whitespace -->
<!-- See http://checkstyle.sf.net/config_whitespace.html -->
<module name="EmptyForIteratorPad"/>
<module name="MethodParamPad"/>
<module name="NoWhitespaceAfter"/>
<module name="NoWhitespaceBefore"/>
<module name="OperatorWrap"/>
<module name="ParenPad"/>
<module name="TypecastParenPad"/>
<module name="TabCharacter"/>
<module name="WhitespaceAfter"/>
<!--
<module name="WhitespaceAround">
<property name="allowEmptyMethods" value="true"/>
<property name="allowEmptyConstructors" value="true"/>
</module>
-->
<!-- Modifier Checks -->
<!-- See http://checkstyle.sf.net/config_modifiers.html -->
<module name="ModifierOrder"/>
<module name="RedundantModifier"/>
<!-- Checks for blocks. You know, those {}'s -->
<!-- See http://checkstyle.sf.net/config_blocks.html -->
<module name="AvoidNestedBlocks"/>
<!-- module name="EmptyBlock"/ -->
<module name="LeftCurly"/>
<module name="NeedBraces"/>
<module name="RightCurly"/>
<!-- Checks for common coding problems -->
<!-- See http://checkstyle.sf.net/config_coding.html -->
<!-- module name="AvoidInlineConditionals"/ -->
<module name="DoubleCheckedLocking"/> <!-- MY FAVOURITE -->
<module name="EmptyStatement"/>
<!-- module name="EqualsHashCode"/ -->
<!--
<module name="HiddenField">
<property name="ignoreConstructorParameter" value="true"/>
<property name="ignoreSetter" value="true"/>
</module>
-->
<module name="IllegalInstantiation"/>
<module name="InnerAssignment"/>
<!-- module name="MagicNumber"/ -->
<module name="MissingSwitchDefault"/>
<!--
<module name="RedundantThrows">
<property name="allowUnchecked" value="true"/>
</module>
-->
<!--
<module name="SimplifyBooleanExpression"/>
<module name="SimplifyBooleanReturn"/>
-->
<!-- Checks for class design -->
<!-- See http://checkstyle.sf.net/config_design.html -->
<!-- module name="DesignForExtension"/ -->
<module name="FinalClass"/>
<module name="HideUtilityClassConstructor"/>
<module name="InterfaceIsType"/>
<module name="VisibilityModifier">
<!-- logger variables are often protected -->
<property name="protectedAllowed" value="true"/>
</module>
<!-- Miscellaneous other checks. -->
<!-- See http://checkstyle.sf.net/config_misc.html -->
<module name="ArrayTypeStyle"/>
<!-- module name="FinalParameters"/ -->
<!--
<module name="GenericIllegalRegexp">
<property name="format" value="\s+$"/>
<property name="message" value="Line has trailing spaces."/>
</module>
-->
<!-- module name="TrailingComment"/ -->
<!-- module name="TodoComment"/ -->
<module name="UpperEll"/>
</module>
</module>
+1 -1
View File
@@ -3,7 +3,7 @@
<parent>
<groupId>org.acegisecurity</groupId>
<artifactId>acegi-security-adapters</artifactId>
<version>1.1-SNAPSHOT</version>
<version>1.0.4-SNAPSHOT</version>
</parent>
<artifactId>acegi-security-cas</artifactId>
<name>Acegi Security System for Spring - CAS adapter</name>
+3 -3
View File
@@ -6,9 +6,9 @@
<name>Acegi Security System for Spring - CAS adapter</name>
<siteDirectory>/home/groups/a/ac/acegisecurity/htdocs/multiproject/acegi-security-cas</siteDirectory>
<repository>
<connection>scm:svn:https://svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity</connection>
<developerConnection>scm:svn:https://svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity</developerConnection>
<url>http://svn.sourceforge.net/viewcvs.cgi/acegisecurity/trunk/acegisecurity/adapters/cas/</url>
<connection>scm:svn:https://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity</connection>
<developerConnection>scm:svn:https://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity</developerConnection>
<url>http://acegisecurity.svn.sourceforge.net/viewcvs.cgi/acegisecurity/trunk/acegisecurity/adapters/cas/</url>
</repository>
<dependencies>
<dependency>
@@ -67,7 +67,7 @@ public final class CasAuthenticationHandler extends AbstractUsernamePasswordAuth
this.authenticationManager.authenticate(authenticationRequest);
} catch (final org.acegisecurity.AuthenticationException e) {
if (log.isDebugEnabled()) {
log.debug("Authentication request for " + credentials.getUsername() + "failed: " + e.toString());
log.debug("Authentication request for " + credentials.getUsername() + " failed: " + e.toString(), e);
}
return false;
+1 -1
View File
@@ -3,7 +3,7 @@
<parent>
<groupId>org.acegisecurity</groupId>
<artifactId>acegi-security-adapters</artifactId>
<version>1.1-SNAPSHOT</version>
<version>1.0.4-SNAPSHOT</version>
</parent>
<artifactId>acegi-security-catalina</artifactId>
<name>Acegi Security System for Spring - Catalina adapter</name>
+3 -3
View File
@@ -6,9 +6,9 @@
<name>Acegi Security System for Spring - Catalina adapter</name>
<siteDirectory>/home/groups/a/ac/acegisecurity/htdocs/multiproject/acegi-security-catalina</siteDirectory>
<repository>
<connection>scm:svn:https://svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity</connection>
<developerConnection>scm:svn:https://svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity</developerConnection>
<url>http://svn.sourceforge.net/viewcvs.cgi/acegisecurity/trunk/acegisecurity/adapters/catalina/</url>
<connection>scm:svn:https://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity</connection>
<developerConnection>scm:svn:https://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity</developerConnection>
<url>http://acegisecurity.svn.sourceforge.net/viewcvs.cgi/acegisecurity/trunk/acegisecurity/adapters/catalina/</url>
</repository>
<dependencies>
<dependency>
+1 -1
View File
@@ -3,7 +3,7 @@
<parent>
<groupId>org.acegisecurity</groupId>
<artifactId>acegi-security-adapters</artifactId>
<version>1.1-SNAPSHOT</version>
<version>1.0.4-SNAPSHOT</version>
</parent>
<artifactId>acegi-security-jboss</artifactId>
<name>Acegi Security System for Spring - JBoss adapter</name>
+3 -3
View File
@@ -6,9 +6,9 @@
<name>Acegi Security System for Spring - JBoss adapter</name>
<siteDirectory>/home/groups/a/ac/acegisecurity/htdocs/multiproject/acegi-security-jboss</siteDirectory>
<repository>
<connection>scm:svn:https://svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity</connection>
<developerConnection>scm:svn:https://svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity</developerConnection>
<url>http://svn.sourceforge.net/viewcvs.cgi/acegisecurity/trunk/acegisecurity/adapters/jboss/</url>
<connection>scm:svn:https://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity</connection>
<developerConnection>scm:svn:https://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity</developerConnection>
<url>http://acegisecurity.svn.sourceforge.net/viewcvs.cgi/acegisecurity/trunk/acegisecurity/adapters/jboss/</url>
</repository>
<dependencies>
<dependency>
+1 -1
View File
@@ -3,7 +3,7 @@
<parent>
<groupId>org.acegisecurity</groupId>
<artifactId>acegi-security-adapters</artifactId>
<version>1.1-SNAPSHOT</version>
<version>1.0.4-SNAPSHOT</version>
</parent>
<artifactId>acegi-security-jetty</artifactId>
<name>Acegi Security System for Spring - Jetty adapter</name>
+3 -3
View File
@@ -6,9 +6,9 @@
<name>Acegi Security System for Spring - Jetty adapter</name>
<siteDirectory>/home/groups/a/ac/acegisecurity/htdocs/multiproject/acegi-security-jetty</siteDirectory>
<repository>
<connection>scm:svn:https://svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity</connection>
<developerConnection>scm:svn:https://svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity</developerConnection>
<url>http://svn.sourceforge.net/viewcvs.cgi/acegisecurity/trunk/acegisecurity/adapters/jetty/</url>
<connection>scm:svn:https://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity</connection>
<developerConnection>scm:svn:https://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity</developerConnection>
<url>http://acegisecurity.svn.sourceforge.net/viewcvs.cgi/acegisecurity/trunk/acegisecurity/adapters/jetty/</url>
</repository>
<dependencies>
<dependency>
+1 -1
View File
@@ -3,7 +3,7 @@
<parent>
<groupId>org.acegisecurity</groupId>
<artifactId>acegi-security-parent</artifactId>
<version>1.1-SNAPSHOT</version>
<version>1.0.4-SNAPSHOT</version>
</parent>
<artifactId>acegi-security-adapters</artifactId>
<name>Acegi Security System for Spring - Adapters</name>
+4 -4
View File
@@ -5,15 +5,15 @@
<artifactId>acegi-security-adapters</artifactId>
<name>Acegi Security System for Spring - Adapters</name>
<repository>
<connection>scm:svn:https://svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity</connection>
<developerConnection>scm:svn:https://svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity</developerConnection>
<url>http://svn.sourceforge.net/viewcvs.cgi/acegisecurity/trunk/acegisecurity/adapters/</url>
<connection>scm:svn:https://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity</connection>
<developerConnection>scm:svn:https://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity</developerConnection>
<url>http://acegisecurity.svn.sourceforge.net/viewcvs.cgi/acegisecurity/trunk/acegisecurity/adapters/</url>
</repository>
<dependencies>
<dependency>
<groupId>org.acegisecurity</groupId>
<artifactId>acegi-security</artifactId>
<version>1.0.3</version>
<version>1.0.4</version>
<type>jar</type>
<url>http://acegisecurity.org</url>
<properties>
+1 -1
View File
@@ -3,7 +3,7 @@
<parent>
<groupId>org.acegisecurity</groupId>
<artifactId>acegi-security-adapters</artifactId>
<version>1.1-SNAPSHOT</version>
<version>1.0.4-SNAPSHOT</version>
</parent>
<artifactId>acegi-security-resin</artifactId>
<name>Acegi Security System for Spring - Resin adapter</name>
+3 -3
View File
@@ -6,9 +6,9 @@
<name>Acegi Security System for Spring - Resin adapter</name>
<siteDirectory>/home/groups/a/ac/acegisecurity/htdocs/multiproject/acegi-security-resin</siteDirectory>
<repository>
<connection>scm:svn:https://svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity</connection>
<developerConnection>scm:svn:https://svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity</developerConnection>
<url>http://svn.sourceforge.net/viewcvs.cgi/acegisecurity/trunk/acegisecurity/adapters/resin/</url>
<connection>scm:svn:https://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity</connection>
<developerConnection>scm:svn:https://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity</developerConnection>
<url>http://acegisecurity.svn.sourceforge.net/viewcvs.cgi/acegisecurity/trunk/acegisecurity/adapters/resin/</url>
</repository>
<dependencies>
<dependency>
+6 -6
View File
@@ -3,15 +3,15 @@
<parent>
<groupId>org.acegisecurity</groupId>
<artifactId>acegi-security-parent</artifactId>
<version>1.1-SNAPSHOT</version>
<version>1.0.4-SNAPSHOT</version>
</parent>
<artifactId>acegi-security-tiger</artifactId>
<name>Acegi Security System for Spring - Java 5 (Tiger)</name>
<scm>
<connection>scm:svn:https://svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity/core-tiger</connection>
<developerConnection>scm:svn:https://svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity/core-tiger</developerConnection>
<url>http://svn.sourceforge.net/viewcvs.cgi/acegisecurity/trunk/acegisecurity/core-tiger/</url>
<connection>scm:svn:https://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity/core-tiger</connection>
<developerConnection>scm:svn:https://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity/core-tiger</developerConnection>
<url>http://acegisecurity.svn.sourceforge.net/viewcvs.cgi/acegisecurity/trunk/acegisecurity/core-tiger/</url>
</scm>
<dependencies>
@@ -23,7 +23,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-aop</artifactId>
<version>1.2.7</version>
<version>2.0.4</version>
</dependency>
</dependencies>
@@ -50,4 +50,4 @@
</plugin>
</plugins>
</reporting>
</project>
</project>
+4 -4
View File
@@ -6,15 +6,15 @@
<name>Acegi Security System for Spring - Java 5 (Tiger)</name>
<siteDirectory>/home/groups/a/ac/acegisecurity/htdocs/multiproject/acegi-security-tiger</siteDirectory>
<repository>
<connection>scm:svn:https://svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity</connection>
<developerConnection>scm:svn:https://svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity</developerConnection>
<url>http://svn.sourceforge.net/viewcvs.cgi/acegisecurity/trunk/acegisecurity/core-tiger/</url>
<connection>scm:svn:https://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity</connection>
<developerConnection>scm:svn:https://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity</developerConnection>
<url>http://acegisecurity.svn.sourceforge.net/viewcvs.cgi/acegisecurity/trunk/acegisecurity/core-tiger/</url>
</repository>
<dependencies>
<dependency>
<groupId>org.acegisecurity</groupId>
<artifactId>acegi-security</artifactId>
<version>1.0.3</version>
<version>1.0.4</version>
<type>jar</type>
</dependency>
</dependencies>
+161 -146
View File
@@ -1,152 +1,167 @@
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.acegisecurity</groupId>
<artifactId>acegi-security-parent</artifactId>
<version>1.1-SNAPSHOT</version>
</parent>
<artifactId>acegi-security</artifactId>
<name>Acegi Security System for Spring</name>
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.acegisecurity</groupId>
<artifactId>acegi-security-parent</artifactId>
<version>1.0.4-SNAPSHOT</version>
</parent>
<packaging>jar</packaging>
<artifactId>acegi-security</artifactId>
<name>Acegi Security System for Spring</name>
<scm>
<connection>scm:svn:https://svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity/core</connection>
<developerConnection>scm:svn:https://svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity/core</developerConnection>
<url>http://svn.sourceforge.net/viewcvs.cgi/acegisecurity/trunk/acegisecurity/core/</url>
</scm>
<scm>
<connection>
scm:svn:https://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity/core
</connection>
<developerConnection>
scm:svn:https://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity/core
</developerConnection>
<url>
http://acegisecurity.svn.sourceforge.net/viewcvs.cgi/acegisecurity/trunk/acegisecurity/core/
</url>
</scm>
<dependencies>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-remoting</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-support</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-mock</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>ehcache</groupId>
<artifactId>ehcache</artifactId>
<version>1.1</version>
<optional>true</optional>
</dependency>
<dependency>
<groupId>cas</groupId>
<artifactId>casclient</artifactId>
<version>2.0.11</version>
<optional>true</optional>
</dependency>
<dependency>
<groupId>commons-lang</groupId>
<artifactId>commons-lang</artifactId>
<version>2.1</version>
</dependency>
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>1.0.4</version>
</dependency>
<dependency>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
<version>1.3</version>
</dependency>
<dependency>
<groupId>oro</groupId>
<artifactId>oro</artifactId>
<version>2.0.8</version>
</dependency>
<dependency>
<groupId>commons-collections</groupId>
<artifactId>commons-collections</artifactId>
<version>3.1</version>
</dependency>
<dependency>
<groupId>aspectj</groupId>
<artifactId>aspectjrt</artifactId>
<version>1.2</version>
<optional>true</optional>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>jsp-api</artifactId>
<version>2.0</version>
<optional>true</optional>
</dependency>
<dependency>
<groupId>taglibs</groupId>
<artifactId>standard</artifactId>
<version>1.0.6</version>
<optional>true</optional>
</dependency>
<dependency>
<groupId>hsqldb</groupId>
<artifactId>hsqldb</artifactId>
<version>1.8.0.4</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.directory.server</groupId>
<artifactId>apacheds-core</artifactId>
<version>1.0-RC3</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
<version>1.0.1</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>jmock</groupId>
<artifactId>jmock</artifactId>
<version>1.0.1</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
</dependency>
</dependencies>
<dependencies>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-remoting</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-support</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-mock</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>net.sf.ehcache</groupId>
<artifactId>ehcache</artifactId>
<version>1.2.4</version>
<optional>true</optional>
</dependency>
<dependency>
<groupId>cas</groupId>
<artifactId>casclient</artifactId>
<version>2.0.11</version>
<optional>true</optional>
</dependency>
<dependency>
<groupId>commons-lang</groupId>
<artifactId>commons-lang</artifactId>
<version>2.1</version>
</dependency>
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>1.0.4</version>
</dependency>
<dependency>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
<version>1.3</version>
</dependency>
<dependency>
<groupId>oro</groupId>
<artifactId>oro</artifactId>
<version>2.0.8</version>
</dependency>
<dependency>
<groupId>commons-collections</groupId>
<artifactId>commons-collections</artifactId>
<version>3.1</version>
</dependency>
<dependency>
<groupId>aspectj</groupId>
<artifactId>aspectjrt</artifactId>
<version>1.2</version>
<optional>true</optional>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>jsp-api</artifactId>
<version>2.0</version>
<optional>true</optional>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
<version>2.4</version>
<optional>true</optional>
</dependency>
<dependency>
<groupId>taglibs</groupId>
<artifactId>standard</artifactId>
<version>1.0.6</version>
<optional>true</optional>
</dependency>
<dependency>
<groupId>hsqldb</groupId>
<artifactId>hsqldb</artifactId>
<version>1.8.0.4</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.directory.server</groupId>
<artifactId>apacheds-core</artifactId>
<version>1.0.0</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
<version>1.0.1</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>jmock</groupId>
<artifactId>jmock</artifactId>
<version>1.0.1</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
</dependency>
</dependencies>
<build>
<resources>
<resource>
<directory>${basedir}/../</directory>
<targetPath>META-INF</targetPath>
<includes>
<include>notice.txt</include>
</includes>
<filtering>false</filtering>
</resource>
<resource>
<directory>${basedir}/src/main/resources/org/acegisecurity/taglibs</directory>
<targetPath>META-INF</targetPath>
<includes>
<include>*.tld</include>
</includes>
<filtering>false</filtering>
</resource>
<resource>
<directory>${basedir}/src/main/resources</directory>
<targetPath>/</targetPath>
<includes>
<include>**/*</include>
</includes>
<filtering>false</filtering>
</resource>
</resources>
</build>
<build>
<resources>
<resource>
<directory>${basedir}/../</directory>
<targetPath>META-INF</targetPath>
<includes>
<include>notice.txt</include>
</includes>
<filtering>false</filtering>
</resource>
<resource>
<directory>
${basedir}/src/main/resources/org/acegisecurity/taglibs
</directory>
<targetPath>META-INF</targetPath>
<includes>
<include>*.tld</include>
</includes>
<filtering>false</filtering>
</resource>
<resource>
<directory>${basedir}/src/main/resources</directory>
<targetPath>/</targetPath>
<includes>
<include>**/*</include>
</includes>
<filtering>false</filtering>
</resource>
</resources>
</build>
</project>
+3 -3
View File
@@ -7,9 +7,9 @@
<name>Acegi Security System for Spring</name>
<siteDirectory>/home/groups/a/ac/acegisecurity/htdocs/multiproject/acegi-security</siteDirectory>
<repository>
<connection>scm:svn:https://svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity</connection>
<developerConnection>scm:svn:https://svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity</developerConnection>
<url>http://svn.sourceforge.net/viewcvs.cgi/acegisecurity/trunk/acegisecurity/core/</url>
<connection>scm:svn:https://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity</connection>
<developerConnection>scm:svn:https://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity</developerConnection>
<url>http://acegisecurity.svn.sourceforge.net/viewcvs.cgi/acegisecurity/trunk/acegisecurity/core/</url>
</repository>
<build>
<resources>
@@ -36,7 +36,7 @@ public interface AccessDecisionManager {
* @throws InsufficientAuthenticationException if access is denied as the authentication does not provide a
* sufficient level of trust
*/
public void decide(Authentication authentication, Object object, ConfigAttributeDefinition config)
void decide(Authentication authentication, Object object, ConfigAttributeDefinition config)
throws AccessDeniedException, InsufficientAuthenticationException;
/**
@@ -51,7 +51,7 @@ public interface AccessDecisionManager {
*
* @return true if this <code>AccessDecisionManager</code> can support the passed configuration attribute
*/
public boolean supports(ConfigAttribute attribute);
boolean supports(ConfigAttribute attribute);
/**
* Indicates whether the <code>AccessDecisionManager</code> implementation is able to provide access
@@ -61,5 +61,5 @@ public interface AccessDecisionManager {
*
* @return <code>true</code> if the implementation can process the indicated class
*/
public boolean supports(Class clazz);
boolean supports(Class clazz);
}
@@ -19,7 +19,7 @@ package org.acegisecurity;
* Reviews the <code>Object</code> returned from a secure object invocation,
* being able to modify the <code>Object</code> or throw an {@link
* AccessDeniedException}.
*
*
* <p>
* Typically used to ensure the principal is permitted to access the domain
* object instance returned by a service layer bean. Can also be used to
@@ -28,7 +28,7 @@ package org.acegisecurity;
* in conjunction with an {@link org.acegisecurity.acl.AclManager} to
* obtain the access control list applicable for the domain object instance.
* </p>
*
*
* <p>
* Special consideration should be given to using an
* <code>AfterInvocationManager</code> on bean methods that modify a database.
@@ -60,7 +60,7 @@ public interface AfterInvocationManager {
*
* @throws AccessDeniedException if access is denied
*/
public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
Object returnedObject) throws AccessDeniedException;
/**
@@ -75,7 +75,7 @@ public interface AfterInvocationManager {
*
* @return true if this <code>AfterInvocationManager</code> can support the passed configuration attribute
*/
public boolean supports(ConfigAttribute attribute);
boolean supports(ConfigAttribute attribute);
/**
* Indicates whether the <code>AfterInvocationManager</code> implementation is able to provide access
@@ -85,5 +85,5 @@ public interface AfterInvocationManager {
*
* @return <code>true</code> if the implementation can process the indicated class
*/
public boolean supports(Class clazz);
boolean supports(Class clazz);
}
@@ -22,12 +22,12 @@ import java.security.Principal;
/**
* Represents an authentication request.
*
*
* <p>
* An <code>Authentication</code> object is not considered authenticated until
* it is processed by an {@link AuthenticationManager}.
* </p>
*
*
* <p>
* Stored in a request {@link org.acegisecurity.context.SecurityContext}.
* </p>
@@ -46,7 +46,7 @@ public interface Authentication extends Principal, Serializable {
*
* @return the authorities granted to the principal, or <code>null</code> if authentication has not been completed
*/
public GrantedAuthority[] getAuthorities();
GrantedAuthority[] getAuthorities();
/**
* The credentials that prove the principal is correct. This is usually a password, but could be anything
@@ -54,7 +54,7 @@ public interface Authentication extends Principal, Serializable {
*
* @return the credentials that prove the identity of the <code>Principal</code>
*/
public Object getCredentials();
Object getCredentials();
/**
* Stores additional details about the authentication request. These might be an IP address, certificate
@@ -62,7 +62,7 @@ public interface Authentication extends Principal, Serializable {
*
* @return additional details about the authentication request, or <code>null</code> if not used
*/
public Object getDetails();
Object getDetails();
/**
* The identity of the principal being authenticated. This is usually a username. Callers are expected to
@@ -70,7 +70,7 @@ public interface Authentication extends Principal, Serializable {
*
* @return the <code>Principal</code> being authenticated
*/
public Object getPrincipal();
Object getPrincipal();
/**
* Used to indicate to <code>AbstractSecurityInterceptor</code> whether it should present the
@@ -85,7 +85,7 @@ public interface Authentication extends Principal, Serializable {
* @return true if the token has been authenticated and the <code>AbstractSecurityInterceptor</code> does not need
* to represent the token for re-authentication to the <code>AuthenticationManager</code>
*/
public boolean isAuthenticated();
boolean isAuthenticated();
/**
* See {@link #isAuthenticated()} for a full description.<p>Implementations should <b>always</b> allow this
@@ -101,6 +101,6 @@ public interface Authentication extends Principal, Serializable {
* <code>true</code> as the argument) is rejected due to the implementation being immutable or
* implementing its own alternative approach to {@link #isAuthenticated()}
*/
public void setAuthenticated(boolean isAuthenticated)
void setAuthenticated(boolean isAuthenticated)
throws IllegalArgumentException;
}
@@ -44,6 +44,6 @@ public interface AuthenticationManager {
*
* @throws AuthenticationException if authentication fails
*/
public Authentication authenticate(Authentication authentication)
Authentication authenticate(Authentication authentication)
throws AuthenticationException;
}
@@ -37,7 +37,7 @@ public interface AuthenticationTrustResolver {
* @return <code>true</code> the passed authentication token represented an anonymous principal, <code>false</code>
* otherwise
*/
public boolean isAnonymous(Authentication authentication);
boolean isAnonymous(Authentication authentication);
/**
* Indicates whether the passed <code>Authentication</code> token represents user that has been remembered
@@ -52,5 +52,5 @@ public interface AuthenticationTrustResolver {
* @return <code>true</code> the passed authentication token represented a principal authenticated using a
* remember-me token, <code>false</code> otherwise
*/
public boolean isRememberMe(Authentication authentication);
boolean isRememberMe(Authentication authentication);
}
@@ -20,7 +20,7 @@ import java.io.Serializable;
/**
* Stores a security system related configuration attribute.
*
*
* <p>
* When an {@link org.acegisecurity.intercept.AbstractSecurityInterceptor}
* is setup, a list of configuration attributes is defined for secure object
@@ -28,7 +28,7 @@ import java.io.Serializable;
* RunAsManager}, {@link AccessDecisionManager} or
* <code>AccessDecisionManager</code> delegate.
* </p>
*
*
* <P>
* Stored at runtime with other <code>ConfigAttribute</code>s for the same
* secure object target within a {@link ConfigAttributeDefinition}.
@@ -52,5 +52,5 @@ public interface ConfigAttribute extends Serializable {
* @return a representation of the configuration attribute (or <code>null</code> if the configuration attribute
* cannot be expressed as a <code>String</code> with sufficient precision).
*/
public String getAttribute();
String getAttribute();
}
@@ -19,7 +19,7 @@ import java.io.Serializable;
/**
* Represents an authority granted to an {@link Authentication} object.
*
*
* <p>
* A <code>GrantedAuthority</code> must either represent itself as a
* <code>String</code> or be specifically supported by an {@link
@@ -44,5 +44,5 @@ public interface GrantedAuthority extends Serializable {
* @return a representation of the granted authority (or <code>null</code> if the granted authority cannot be
* expressed as a <code>String</code> with sufficient precision).
*/
public String getAuthority();
String getAuthority();
}
@@ -28,7 +28,7 @@ import java.io.Serializable;
public class GrantedAuthorityImpl implements GrantedAuthority, Serializable {
//~ Instance fields ================================================================================================
private static final long serialVersionUID = 1L;
private static final long serialVersionUID = 1L;
private String role;
//~ Constructors ===================================================================================================
@@ -18,7 +18,7 @@ package org.acegisecurity;
/**
* Creates a new temporary {@link Authentication} object for the current secure
* object invocation only.
*
*
* <p>
* This interface permits implementations to replace the
* <code>Authentication</code> object that applies to the current secure
@@ -29,7 +29,7 @@ package org.acegisecurity;
* for the duration of the secure object callback only, returning it to
* the original <code>Authentication</code> object when the callback ends.
* </p>
*
*
* <p>
* This is provided so that systems with two layers of objects can be
* established. One layer is public facing and has normal secure methods with
@@ -43,7 +43,7 @@ package org.acegisecurity;
* <code>RunAsManager</code> interface provides a mechanism to elevate
* security in this manner.
* </p>
*
*
* <p>
* It is expected implementations will provide a corresponding concrete
* <code>Authentication</code> and <code>AuthenticationProvider</code> so that
@@ -71,7 +71,7 @@ public interface RunAsManager {
* @return a replacement object to be used for duration of the secure object invocation, or <code>null</code> if
* the <code>Authentication</code> should be left as is
*/
public Authentication buildRunAs(Authentication authentication, Object object, ConfigAttributeDefinition config);
Authentication buildRunAs(Authentication authentication, Object object, ConfigAttributeDefinition config);
/**
* Indicates whether this <code>RunAsManager</code> is able to process the passed
@@ -84,7 +84,7 @@ public interface RunAsManager {
*
* @return <code>true</code> if this <code>RunAsManager</code> can support the passed configuration attribute
*/
public boolean supports(ConfigAttribute attribute);
boolean supports(ConfigAttribute attribute);
/**
* Indicates whether the <code>RunAsManager</code> implementation is able to provide run-as replacement for
@@ -94,5 +94,5 @@ public interface RunAsManager {
*
* @return true if the implementation can process the indicated class
*/
public boolean supports(Class clazz);
boolean supports(Class clazz);
}
@@ -21,7 +21,7 @@ import java.io.Serializable;
/**
* Marker interface representing an access control list entry associated with a
* specific domain object instance.
*
*
* @author Ben Alex
* @version $Id$
*/
@@ -35,7 +35,7 @@ public interface AclManager {
*
* @return the ACLs that apply, or <code>null</code> if no ACLs apply to the specified domain instance
*/
public AclEntry[] getAcls(Object domainInstance);
AclEntry[] getAcls(Object domainInstance);
/**
* Obtains the ACLs that apply to the specified domain instance, but only including those ACLs which have
@@ -47,5 +47,5 @@ public interface AclManager {
* @return only those ACLs applying to the domain instance that have been granted to the principal (or
* <code>null</code>) if no such ACLs are found
*/
public AclEntry[] getAcls(Object domainInstance, Authentication authentication);
AclEntry[] getAcls(Object domainInstance, Authentication authentication);
}
@@ -21,7 +21,7 @@ import org.acegisecurity.Authentication;
/**
* Indicates a class can process a given domain object instance and
* authoritatively return the ACLs that apply.
*
*
* <P>
* Implementations are typically called from the {@link AclProviderManager}.
* </p>
@@ -40,7 +40,7 @@ public interface AclProvider {
*
* @return the ACLs that apply, or <code>null</code> if no ACLs apply to the specified domain instance
*/
public AclEntry[] getAcls(Object domainInstance);
AclEntry[] getAcls(Object domainInstance);
/**
* Obtains the ACLs that apply to the specified domain instance and presented <code>Authentication</code>
@@ -52,7 +52,7 @@ public interface AclProvider {
* @return only those ACLs applying to the domain instance that have been granted to the principal (or
* <code>null</code>) if no such ACLs are found
*/
public AclEntry[] getAcls(Object domainInstance, Authentication authentication);
AclEntry[] getAcls(Object domainInstance, Authentication authentication);
/**
* Indicates whether this <code>AclProvider</code> can authoritatively return ACL information for the
@@ -63,5 +63,5 @@ public interface AclProvider {
* @return <code>true</code> if this provider is authoritative for the specified domain object instance,
* <code>false</code> otherwise
*/
public boolean supports(Object domainInstance);
boolean supports(Object domainInstance);
}
@@ -20,7 +20,7 @@ import java.io.Serializable;
/**
* Interface representing the identity of an individual domain object instance.
*
*
* <P>
* It should be noted that <code>AclObjectIdentity</code> instances are created
* in various locations throughout the package. As
@@ -31,7 +31,7 @@ import java.io.Serializable;
* <code>identity1.equals(identity2)</code>, rather than reference-equality of
* <code>identity1==identity2</code>.
* </p>
*
*
* <P>
* In practical terms this means you must implement the standard
* <code>java.lang.Object</code> methods shown below. Depending on your
@@ -53,12 +53,12 @@ public interface AclObjectIdentity extends Serializable {
*
* @return <code>true</code> if the objects are equal, <code>false</code> otherwise
*/
public boolean equals(Object obj);
boolean equals(Object obj);
/**
* Refer to the <code>java.lang.Object</code> documentation for the interface contract.
*
* @return a hash code representation of this object
*/
public int hashCode();
int hashCode();
}
@@ -18,7 +18,7 @@ package org.acegisecurity.acl.basic;
/**
* Indicates a domain object instance is able to provide {@link
* AclObjectIdentity} information.
*
*
* <P>
* Domain objects must implement this interface if they wish to provide an
* <code>AclObjectIdentity</code> rather than it being determined by relying
@@ -37,5 +37,5 @@ public interface AclObjectIdentityAware {
*
* @return the ACL object identity for this instance (can never be <code>null</code>)
*/
public AclObjectIdentity getAclObjectIdentity();
AclObjectIdentity getAclObjectIdentity();
}
@@ -18,13 +18,13 @@ package org.acegisecurity.acl.basic;
/**
* Represents a data access object that can return the {@link BasicAclEntry}s
* applying to a given ACL object identity.
*
*
* <P>
* <code>BasicAclDao</code> implementations are responsible for interpreting a
* given {@link AclObjectIdentity} and being able to lookup and return the
* corresponding {@link BasicAclEntry}[]s.
* </p>
*
*
* <P>
* <code>BasicAclDao</code>s many, but are not required to, allow the backend
* ACL repository to specify the class of <code>BasicAclEntry</code>
@@ -48,5 +48,5 @@ public interface BasicAclDao {
* @return the ACLs that apply (no <code>null</code>s are permitted in the array), or <code>null</code> if no ACLs
* could be found for the specified ACL object identity
*/
public BasicAclEntry[] getAcls(AclObjectIdentity aclObjectIdentity);
BasicAclEntry[] getAcls(AclObjectIdentity aclObjectIdentity);
}
@@ -35,7 +35,7 @@ public interface BasicAclEntry extends AclEntry {
*
* @return the ACL object identity that is subject of this ACL entry (never <code>null</code>)
*/
public AclObjectIdentity getAclObjectIdentity();
AclObjectIdentity getAclObjectIdentity();
/**
* Indicates any ACL parent of the domain object instance. This is used by <code>BasicAclProvider</code> to
@@ -44,7 +44,7 @@ public interface BasicAclEntry extends AclEntry {
* @return the ACL object identity that is the parent of this ACL entry (may be <code>null</code> if no parent
* should be consulted)
*/
public AclObjectIdentity getAclObjectParentIdentity();
AclObjectIdentity getAclObjectParentIdentity();
/**
* Access control lists in this package are based on bit masking. The integer value of the bit mask can be
@@ -53,7 +53,7 @@ public interface BasicAclEntry extends AclEntry {
* @return the bit mask applicable to this ACL entry (zero indicates a bit mask where no permissions have been
* granted)
*/
public int getMask();
int getMask();
/**
* A domain object instance will usually have multiple <code>BasicAclEntry</code>s. Each separate
@@ -65,12 +65,12 @@ public interface BasicAclEntry extends AclEntry {
* object type will vary depending on the type of recipient. For instance, it might be a <code>String</code>
* containing a username, or a <code>GrantedAuthorityImpl</code> containing a complex granted authority that is
* being granted the permissions contained in this access control entry. The {@link EffectiveAclsResolver} and
* {@link BasicAclProvider#getAcls(Object, Authentication)} can process the different recipient types and return
* only those that apply to a specified <code>Authentication</code> object.</p>
* {@link BasicAclProvider#getAcls(Object,org.acegisecurity.Authentication)} can process the different recipient
* types and return only those that apply to a specified <code>Authentication</code> object.</p>
*
* @return the recipient of this access control list entry (never <code>null</code>)
*/
public Object getRecipient();
Object getRecipient();
/**
* Determine if the mask of this entry includes this permission or not
@@ -79,7 +79,7 @@ public interface BasicAclEntry extends AclEntry {
*
* @return if the entry's mask includes this permission
*/
public boolean isPermitted(int permissionToCheck);
boolean isPermitted(int permissionToCheck);
/**
* This setter should <B>only</B> be used by DAO implementations.
@@ -87,7 +87,7 @@ public interface BasicAclEntry extends AclEntry {
* @param aclObjectIdentity an object which can be used to uniquely identify the domain object instance subject of
* this ACL entry
*/
public void setAclObjectIdentity(AclObjectIdentity aclObjectIdentity);
void setAclObjectIdentity(AclObjectIdentity aclObjectIdentity);
/**
* This setter should <B>only</B> be used by DAO implementations.
@@ -96,14 +96,14 @@ public interface BasicAclEntry extends AclEntry {
* this ACL entry, or <code>null</code> if either the domain object instance has no parent or its parent
* should be not used to compute an inheritance hierarchy
*/
public void setAclObjectParentIdentity(AclObjectIdentity aclObjectParentIdentity);
void setAclObjectParentIdentity(AclObjectIdentity aclObjectParentIdentity);
/**
* This setter should <B>only</B> be used by DAO implementations.
*
* @param mask the integer representing the permissions bit mask
*/
public void setMask(int mask);
void setMask(int mask);
/**
* This setter should <B>only</B> be used by DAO implementations.
@@ -111,5 +111,5 @@ public interface BasicAclEntry extends AclEntry {
* @param recipient a representation of the recipient of this ACL entry that makes sense to an
* <code>EffectiveAclsResolver</code> implementation
*/
public void setRecipient(Object recipient);
void setRecipient(Object recipient);
}
@@ -17,7 +17,7 @@ package org.acegisecurity.acl.basic;
/**
* Provides a cache of {@link BasicAclEntry} objects.
*
*
* <P>
* Implementations should provide appropriate methods to set their cache
* parameters (eg time-to-live) and/or force removal of entities before their
@@ -41,7 +41,7 @@ public interface BasicAclEntryCache {
* @return any applicable <code>BasicAclEntry</code>s (no <code>null</code>s are permitted in the returned array)
* or <code>null</code> if the object identity could not be found or if the cache entry has expired
*/
public BasicAclEntry[] getEntriesFromCache(AclObjectIdentity aclObjectIdentity);
BasicAclEntry[] getEntriesFromCache(AclObjectIdentity aclObjectIdentity);
/**
* Places an array of {@link BasicAclEntry}s in the cache.<P>No <code>null</code>s are allowed in the
@@ -50,12 +50,12 @@ public interface BasicAclEntryCache {
* @param basicAclEntry the ACL entries to cache (the key will be extracted from the {@link
* BasicAclEntry#getAclObjectIdentity()} method
*/
public void putEntriesInCache(BasicAclEntry[] basicAclEntry);
void putEntriesInCache(BasicAclEntry[] basicAclEntry);
/**
* Removes all ACL entries related to an {@link AclObjectIdentity} from the cache.
*
* @param aclObjectIdentity which should be removed from the cache
*/
public void removeEntriesFromCache(AclObjectIdentity aclObjectIdentity);
void removeEntriesFromCache(AclObjectIdentity aclObjectIdentity);
}
@@ -21,12 +21,12 @@ import org.springframework.dao.DataAccessException;
/**
* Represents a more extensive data access object
* for {@link BasicAclEntry}s.
*
* <P>
*
* <p>
* <code>BasicAclExtendedDao</code> implementations are responsible for interpreting a
* a given {@link AclObjectIdentity}.
* </p>
*
*
* @author Ben Alex
* @version $Id$
*/
@@ -43,10 +43,10 @@ public interface BasicAclExtendedDao extends BasicAclDao {
*
* @throws DataAccessException DOCUMENT ME!
*/
public void changeMask(AclObjectIdentity aclObjectIdentity, Object recipient, Integer newMask)
void changeMask(AclObjectIdentity aclObjectIdentity, Object recipient, Integer newMask)
throws DataAccessException;
public void create(BasicAclEntry basicAclEntry) throws DataAccessException;
void create(BasicAclEntry basicAclEntry) throws DataAccessException;
/**
* Deletes <b>all</b> entries associated with the specified <code>AclObjectIdentity</code>.
@@ -55,7 +55,7 @@ public interface BasicAclExtendedDao extends BasicAclDao {
*
* @throws DataAccessException DOCUMENT ME!
*/
public void delete(AclObjectIdentity aclObjectIdentity)
void delete(AclObjectIdentity aclObjectIdentity)
throws DataAccessException;
/**
@@ -67,6 +67,6 @@ public interface BasicAclExtendedDao extends BasicAclDao {
*
* @throws DataAccessException DOCUMENT ME!
*/
public void delete(AclObjectIdentity aclObjectIdentity, Object recipient)
void delete(AclObjectIdentity aclObjectIdentity, Object recipient)
throws DataAccessException;
}
@@ -36,18 +36,24 @@ import java.util.Map;
/**
* <P>Retrieves access control lists (ACL) entries for domain object instances from a data access object (DAO).</p>
* <P>This implementation will provide ACL lookup services for any object that it can determine the {@link
* Retrieves access control lists (ACL) entries for domain object instances from a data access object (DAO).
* <p>
* This implementation will provide ACL lookup services for any object that it can determine the {@link
* AclObjectIdentity} for by calling the {@link #obtainIdentity(Object)} method. Subclasses can override this method
* if they only want the <code>BasicAclProvider</code> responding to particular domain object instances.</p>
* <P><code>BasicAclProvider</code> will walk an inheritance hierarchy if a <code>BasicAclEntry</code> returned by
* the DAO indicates it has a parent. NB: inheritance occurs at a <I>domain instance object</I> level. It does not
* occur at an ACL recipient level. This means <B>all</B><code>BasicAclEntry</code>s for a given domain instance
* object <B>must</B> have the <B>same</B> parent identity, or <B>all</B><code>BasicAclEntry</code>s must have
* <code>null</code> as their parent identity.</p>
* <P>A cache should be used. This is provided by the {@link BasicAclEntryCache}. <code>BasicAclProvider</code> by
* default is setup to use the {@link NullAclEntryCache}, which performs no caching.</p>
* <P>To implement the {@link #getAcls(Object, Authentication)} method, <code>BasicAclProvider</code> requires a
* if they only want the <code>BasicAclProvider</code> responding to particular domain object instances.
* </p>
* <p>
* <code>BasicAclProvider</code> will walk an inheritance hierarchy if a <code>BasicAclEntry</code> returned by
* the DAO indicates it has a parent. NB: inheritance occurs at a <i>domain instance object</i> level. It does not
* occur at an ACL recipient level. This means <b>all</b><code>BasicAclEntry</code>s for a given domain instance
* object <b>must</b> have the <b>same</b> parent identity, or <b>all</b><code>BasicAclEntry</code>s must have
* <code>null</code> as their parent identity.
* </p>
* <p>
* A cache should be used. This is provided by the {@link BasicAclEntryCache}. <code>BasicAclProvider</code> by
* default is setup to use the {@link NullAclEntryCache}, which performs no caching.
* </p>
* <p>To implement the {@link #getAcls(Object, Authentication)} method, <code>BasicAclProvider</code> requires a
* {@link EffectiveAclsResolver} to be configured against it. By default the {@link
* GrantedAuthorityEffectiveAclsResolver} is used.</p>
*
@@ -60,7 +66,7 @@ public class BasicAclProvider implements AclProvider, InitializingBean {
private static final Log logger = LogFactory.getLog(BasicAclProvider.class);
/** Marker added to the cache to indicate an AclObjectIdentity has no corresponding BasicAclEntry[]s */
private static String RECIPIENT_FOR_CACHE_EMPTY = "RESERVED_RECIPIENT_NOBODY";
private static final String RECIPIENT_FOR_CACHE_EMPTY = "RESERVED_RECIPIENT_NOBODY";
//~ Instance fields ================================================================================================
@@ -237,7 +243,8 @@ public class BasicAclProvider implements AclProvider, InitializingBean {
Constructor constructor = defaultAclObjectIdentityClass.getConstructor(new Class[] {Object.class});
if (logger.isDebugEnabled()) {
logger.debug("domainInstance: " + domainInstance + " attempting to pass to constructor: " + constructor);
logger.debug("domainInstance: " + domainInstance
+ " attempting to pass to constructor: " + constructor);
}
return (AclObjectIdentity) constructor.newInstance(new Object[] {domainInstance});
@@ -23,14 +23,14 @@ import org.acegisecurity.acl.AclEntry;
/**
* Determines the ACLs that are effective for a given
* <code>Authentication</code> object.
*
*
* <P>
* Implementations will vary depending on their ability to interpret the
* "recipient" object types contained in {@link BasicAclEntry} instances, and
* how those recipient object types correspond to
* <code>Authentication</code>-presented principals and granted authorities.
* </p>
*
*
* <P>
* Implementations should not filter the resulting ACL list from lower-order
* permissions. So if a resulting ACL list grants a "read" permission, an
@@ -57,5 +57,5 @@ public interface EffectiveAclsResolver {
*
* @return the ACLs that apply to the presented principal, or <code>null</code> if there are none after filtering
*/
public AclEntry[] resolveEffectiveAcls(AclEntry[] allAcls, Authentication filteredBy);
AclEntry[] resolveEffectiveAcls(AclEntry[] allAcls, Authentication filteredBy);
}
@@ -96,9 +96,8 @@ public class GrantedAuthorityEffectiveAclsResolver implements EffectiveAclsResol
if ((authorities == null) || (authorities.length == 0)) {
if (logger.isDebugEnabled()) {
logger.debug(
"Did not match principal and there are no granted authorities, so cannot compare with recipient: "
+ recipient);
logger.debug("Did not match principal and there are no granted authorities, "
+ "so cannot compare with recipient: " + recipient);
}
continue;
@@ -50,15 +50,15 @@ public class SimpleAclEntry extends AbstractBasicAclEntry {
};
private static final String[] VALID_PERMISSIONS_AS_STRING = {
"NOTHING", "ADMINISTRATION", "READ", "WRITE", "CREATE", "DELETE", "READ_WRITE_CREATE_DELETE", "READ_WRITE_CREATE",
"READ_WRITE", "READ_WRITE_DELETE" };
"NOTHING", "ADMINISTRATION", "READ", "WRITE", "CREATE", "DELETE", "READ_WRITE_CREATE_DELETE",
"READ_WRITE_CREATE", "READ_WRITE", "READ_WRITE_DELETE" };
//~ Constructors ===================================================================================================
/**
* Allows {@link BasicAclDao} implementations to construct this object
* using <code>newInstance()</code>.
*
*
* <P>
* Normal classes should <B>not</B> use this default constructor.
* </p>
@@ -119,7 +119,7 @@ public class SimpleAclEntry extends AbstractBasicAclEntry {
/**
* Parse a permission {@link String} literal and return associated value.
*
*
* @param permission one of the field names that represent a permission: <code>ADMINISTRATION</code>,
* <code>READ</code>, <code>WRITE</code>,...
* @return the value associated to that permission
@@ -136,7 +136,7 @@ public class SimpleAclEntry extends AbstractBasicAclEntry {
/**
* Parse a list of permission {@link String} literals and return associated values.
*
*
* @param permissions array with permissions as {@link String}
* @see #parsePermission(String) for valid values
*/
@@ -42,17 +42,27 @@ import javax.sql.DataSource;
/**
* <p>Retrieves ACL details from a JDBC location.</p>
* <p>A default database structure is assumed. This may be overridden by setting the default query strings to use.
* Retrieves ACL details from a JDBC location.
* <p>
* A default database structure is assumed. This may be overridden by setting the default query strings to use.
* If this does not provide enough flexibility, another strategy would be to subclass this class and override the
* {@link MappingSqlQuery} instance used, via the {@link #initMappingSqlQueries()} extension point.</p>
* {@link MappingSqlQuery} instance used, via the {@link #initMappingSqlQueries()} extension point.
* </p>
*/
public class JdbcDaoImpl extends JdbcDaoSupport implements BasicAclDao {
//~ Static fields/initializers =====================================================================================
public static final String RECIPIENT_USED_FOR_INHERITENCE_MARKER = "___INHERITENCE_MARKER_ONLY___";
public static final String DEF_ACLS_BY_OBJECT_IDENTITY_QUERY = "SELECT RECIPIENT, MASK FROM acl_permission WHERE acl_object_identity = ?";
public static final String DEF_OBJECT_PROPERTIES_QUERY = "SELECT CHILD.ID, CHILD.OBJECT_IDENTITY, CHILD.ACL_CLASS, PARENT.OBJECT_IDENTITY as PARENT_OBJECT_IDENTITY FROM acl_object_identity as CHILD LEFT OUTER JOIN acl_object_identity as PARENT ON CHILD.parent_object=PARENT.id WHERE CHILD.object_identity = ?";
public static final String DEF_ACLS_BY_OBJECT_IDENTITY_QUERY =
"SELECT RECIPIENT, MASK FROM acl_permission WHERE acl_object_identity = ?";
public static final String DEF_OBJECT_PROPERTIES_QUERY =
"SELECT CHILD.ID, "
+ "CHILD.OBJECT_IDENTITY, "
+ "CHILD.ACL_CLASS, "
+ "PARENT.OBJECT_IDENTITY as PARENT_OBJECT_IDENTITY "
+ "FROM acl_object_identity as CHILD "
+ "LEFT OUTER JOIN acl_object_identity as PARENT ON CHILD.parent_object=PARENT.id "
+ "WHERE CHILD.object_identity = ?";
private static final Log logger = LogFactory.getLog(JdbcDaoImpl.class);
//~ Instance fields ================================================================================================
@@ -382,7 +392,8 @@ public class JdbcDaoImpl extends JdbcDaoSupport implements BasicAclDao {
throw new IllegalArgumentException(cnf.getMessage());
}
return new AclDetailsHolder(id, buildIdentity(objectIdentity), buildIdentity(parentObjectIdentity), aclClazz);
return new AclDetailsHolder(id,
buildIdentity(objectIdentity), buildIdentity(parentObjectIdentity), aclClazz);
}
}
}
@@ -48,8 +48,8 @@ import javax.sql.DataSource;
/**
* <p>Extension of the base {@link JdbcDaoImpl}, which implements {@link BasicAclExtendedDao}.</p>
* <p>A default database structure is assumed. This may be overridden by setting the default query strings to use.</p>
* <p>If you are using a cache with <code>BasicAclProvider</code>, you should specify that cache via {@link
* <p>A default database structure is assumed. This may be overridden by setting the default query strings to use.</p>
* <p>If you are using a cache with <code>BasicAclProvider</code>, you should specify that cache via {@link
* #setBasicAclEntryCache(BasicAclEntryCache)}. This will cause cache evictions (removals) to take place whenever a
* DAO mutator method is called.</p>
* <p>This implementation works with <code>String</code> based recipients and {@link
@@ -63,12 +63,18 @@ public class JdbcExtendedDaoImpl extends JdbcDaoImpl implements BasicAclExtended
//~ Static fields/initializers =====================================================================================
private static final Log logger = LogFactory.getLog(JdbcExtendedDaoImpl.class);
public static final String DEF_ACL_OBJECT_IDENTITY_DELETE_STATEMENT = "DELETE FROM acl_object_identity WHERE id = ?";
public static final String DEF_ACL_OBJECT_IDENTITY_INSERT_STATEMENT = "INSERT INTO acl_object_identity (object_identity, parent_object, acl_class) VALUES (?, ?, ?)";
public static final String DEF_ACL_PERMISSION_DELETE_STATEMENT = "DELETE FROM acl_permission WHERE acl_object_identity = ? AND recipient = ?";
public static final String DEF_ACL_PERMISSION_INSERT_STATEMENT = "INSERT INTO acl_permission (acl_object_identity, recipient, mask) VALUES (?, ?, ?)";
public static final String DEF_ACL_PERMISSION_UPDATE_STATEMENT = "UPDATE acl_permission SET mask = ? WHERE id = ?";
public static final String DEF_LOOKUP_PERMISSION_ID_QUERY = "SELECT id FROM acl_permission WHERE acl_object_identity = ? AND recipient = ?";
public static final String DEF_ACL_OBJECT_IDENTITY_DELETE_STATEMENT =
"DELETE FROM acl_object_identity WHERE id = ?";
public static final String DEF_ACL_OBJECT_IDENTITY_INSERT_STATEMENT =
"INSERT INTO acl_object_identity (object_identity, parent_object, acl_class) VALUES (?, ?, ?)";
public static final String DEF_ACL_PERMISSION_DELETE_STATEMENT =
"DELETE FROM acl_permission WHERE acl_object_identity = ? AND recipient = ?";
public static final String DEF_ACL_PERMISSION_INSERT_STATEMENT =
"INSERT INTO acl_permission (acl_object_identity, recipient, mask) VALUES (?, ?, ?)";
public static final String DEF_ACL_PERMISSION_UPDATE_STATEMENT =
"UPDATE acl_permission SET mask = ? WHERE id = ?";
public static final String DEF_LOOKUP_PERMISSION_ID_QUERY =
"SELECT id FROM acl_permission WHERE acl_object_identity = ? AND recipient = ?";
//~ Instance fields ================================================================================================
@@ -19,32 +19,33 @@ import org.acegisecurity.acls.sid.Sid;
import java.io.Serializable;
/**
* Represents an individual permission assignment within an {@link Acl}.
*
* <p>
* Instances MUST be immutable, as they are returned by <code>Acl</code>
* and should not allow client modification.
*
* @author Ben Alex
* @version $Id$
*
/**
* Represents an individual permission assignment within an {@link Acl}.
*
* <p>
* Instances MUST be immutable, as they are returned by <code>Acl</code>
* and should not allow client modification.
* </p>
*
* @author Ben Alex
* @version $Id$
*
*/
public interface AccessControlEntry {
//~ Methods ========================================================================================================
public Acl getAcl();
Acl getAcl();
/**
* Obtains an identifier that represents this ACE.
*
* @return the identifier, or <code>null</code> if unsaved
*/
public Serializable getId();
Serializable getId();
public Permission getPermission();
Permission getPermission();
public Sid getSid();
Sid getSid();
/**
* Indicates the a Permission is being granted to the relevant Sid. If false, indicates the permission is
@@ -52,5 +53,5 @@ public interface AccessControlEntry {
*
* @return true if being granted, false otherwise
*/
public boolean isGranting();
boolean isGranting();
}
@@ -20,25 +20,25 @@ import org.acegisecurity.acls.sid.Sid;
import java.io.Serializable;
/**
* Represents an access control list (ACL) for a domain object.
*
* <p>
* An <code>Acl</code> represents all ACL entries for a given domain object. In
* order to avoid needing references to the domain object itself, this
* interface handles indirection between a domain object and an ACL object
* identity via the {@link
* org.acegisecurity.acls.objectidentity.ObjectIdentity} interface.
* </p>
*
* <p>
* An implementation represents the {@link org.acegisecurity.acls.Permission}
* list applicable for some or all {@link org.acegisecurity.acls.sid.Sid}
* instances.
* </p>
*
* @author Ben Alex
* @version $Id$
/**
* Represents an access control list (ACL) for a domain object.
*
* <p>
* An <code>Acl</code> represents all ACL entries for a given domain object. In
* order to avoid needing references to the domain object itself, this
* interface handles indirection between a domain object and an ACL object
* identity via the {@link
* org.acegisecurity.acls.objectidentity.ObjectIdentity} interface.
* </p>
*
* <p>
* An implementation represents the {@link org.acegisecurity.acls.Permission}
* list applicable for some or all {@link org.acegisecurity.acls.sid.Sid}
* instances.
* </p>
*
* @author Ben Alex
* @version $Id$
*/
public interface Acl extends Serializable {
//~ Methods ========================================================================================================
@@ -50,14 +50,14 @@ public interface Acl extends Serializable {
* particular ordering logic in authorization decisions, the entries returned by this method <em>MUST</em> be
* ordered in that manner.</p>
* <p>Do <em>NOT</em> use this method for making authorization decisions. Instead use {@link
* #isGranted(Permission[], Sid[])}.</p>
* #isGranted(Permission[], Sid[], boolean)}.</p>
* <p>This method must operate correctly even if the <code>Acl</code> only represents a subset of
* <code>Sid</code>s. The caller is responsible for correctly handling the result if only a subset of
* <code>Sid</code>s is represented.</p>
*
* @return the list of entries represented by the <code>Acl</code>
*/
public AccessControlEntry[] getEntries();
AccessControlEntry[] getEntries();
/**
* Obtains the domain object this <code>Acl</code> provides entries for. This is immutable once an
@@ -65,7 +65,7 @@ public interface Acl extends Serializable {
*
* @return the object identity
*/
public ObjectIdentity getObjectIdentity();
ObjectIdentity getObjectIdentity();
/**
* Determines the owner of the <code>Acl</code>. The meaning of ownership varies by implementation and is
@@ -73,7 +73,7 @@ public interface Acl extends Serializable {
*
* @return the owner (may be null if the implementation does not use ownership concepts)
*/
public Sid getOwner();
Sid getOwner();
/**
* A domain object may have a parent for the purpose of ACL inheritance. If there is a parent, its ACL can
@@ -87,7 +87,7 @@ public interface Acl extends Serializable {
*
* @return the parent <code>Acl</code>
*/
public Acl getParentAcl();
Acl getParentAcl();
/**
* Indicates whether the ACL entries from the {@link #getParentAcl()} should flow down into the current
@@ -98,7 +98,7 @@ public interface Acl extends Serializable {
*
* @return <code>true</code> if parent ACL entries inherit into the current <code>Acl</code>
*/
public boolean isEntriesInheriting();
boolean isEntriesInheriting();
/**
* This is the actual authorization logic method, and must be used whenever ACL authorization decisions are
@@ -131,22 +131,25 @@ public interface Acl extends Serializable {
* @throws UnloadedSidException thrown if the <code>Acl</code> does not have details for one or more of the
* <code>Sid</code>s passed as arguments
*/
public boolean isGranted(Permission[] permission, Sid[] sids, boolean administrativeMode)
boolean isGranted(Permission[] permission, Sid[] sids, boolean administrativeMode)
throws NotFoundException, UnloadedSidException;
/**
* For efficiency reasons an <code>Acl</code> may be loaded and <em>not</em> contain entries for every
* <code>Sid</code> in the system. If an <code>Acl</code> has been loaded and does not represent every
* <code>Sid</code>, all methods of the <code>Sid</code> can only be used within the limited scope of the
* <code>Sid</code> instances it actually represents.<p>It is normal to load an <code>Acl</code> for only
* particular <code>Sid</code>s if read-only authorization decisions are being made. However, if user interface
* reporting or modification of <code>Acl</code>s are desired, an <code>Acl</code> should be loaded with all
* <code>Sid</code>s. This method denotes whether or not the specified <code>Sid</code>s have been loaded or not.</p>
* <code>Sid</code> instances it actually represents.
* <p>
* It is normal to load an <code>Acl</code> for only particular <code>Sid</code>s if read-only authorization
* decisions are being made. However, if user interface reporting or modification of <code>Acl</code>s are
* desired, an <code>Acl</code> should be loaded with all <code>Sid</code>s. This method denotes whether or
* not the specified <code>Sid</code>s have been loaded or not.
* </p>
*
* @param sids one or more security identities the caller is interest in knowing whether this <code>Sid</code>
* supports
*
* @return <code>true</code> if every passed <code>Sid</code> is represented by this <code>Acl</code> instance
*/
public boolean isSidLoaded(Sid[] sids);
boolean isSidLoaded(Sid[] sids);
}
@@ -23,7 +23,12 @@ import org.springframework.util.Assert;
* @author Ben Alex
* @version $Id$
*/
public class AclFormattingUtils {
public final class AclFormattingUtils {
//~ Constructors ===================================================================================================
private AclFormattingUtils() {
}
//~ Methods ========================================================================================================
public static String demergePatterns(String original, String removeBits) {
@@ -20,11 +20,11 @@ import org.acegisecurity.acls.sid.Sid;
import java.util.Map;
/**
* Provides retrieval of {@link Acl} instances.
*
* @author Ben Alex
* @version $Id$
/**
* Provides retrieval of {@link Acl} instances.
*
* @author Ben Alex
* @version $Id$
*/
public interface AclService {
//~ Methods ========================================================================================================
@@ -36,7 +36,7 @@ public interface AclService {
*
* @return the children (or <code>null</code> if none were found)
*/
public ObjectIdentity[] findChildren(ObjectIdentity parentIdentity);
ObjectIdentity[] findChildren(ObjectIdentity parentIdentity);
/**
* Same as {@link #readAclsById(ObjectIdentity[])} except it returns only a single Acl.<p>This method
@@ -49,7 +49,7 @@ public interface AclService {
*
* @throws NotFoundException DOCUMENT ME!
*/
public Acl readAclById(ObjectIdentity object) throws NotFoundException;
Acl readAclById(ObjectIdentity object) throws NotFoundException;
/**
* Same as {@link #readAclsById(ObjectIdentity[], Sid[])} except it returns only a single Acl.
@@ -61,7 +61,7 @@ public interface AclService {
*
* @throws NotFoundException DOCUMENT ME!
*/
public Acl readAclById(ObjectIdentity object, Sid[] sids)
Acl readAclById(ObjectIdentity object, Sid[] sids)
throws NotFoundException;
/**
@@ -75,7 +75,7 @@ public interface AclService {
*
* @throws NotFoundException DOCUMENT ME!
*/
public Map readAclsById(ObjectIdentity[] objects) throws NotFoundException;
Map readAclsById(ObjectIdentity[] objects) throws NotFoundException;
/**
* Obtains all the <code>Acl</code>s that apply for the passed <code>Object</code>s, but only for the
@@ -95,6 +95,6 @@ public interface AclService {
*
* @throws NotFoundException DOCUMENT ME!
*/
public Map readAclsById(ObjectIdentity[] objects, Sid[] sids)
Map readAclsById(ObjectIdentity[] objects, Sid[] sids)
throws NotFoundException;
}
@@ -14,17 +14,17 @@
*/
package org.acegisecurity.acls;
/**
* Represents an ACE that provides auditing information.
*
* @author Ben Alex
* @version $Id$
*
/**
* Represents an ACE that provides auditing information.
*
* @author Ben Alex
* @version $Id$
*
*/
public interface AuditableAccessControlEntry extends AccessControlEntry {
//~ Methods ========================================================================================================
public boolean isAuditFailure();
boolean isAuditFailure();
public boolean isAuditSuccess();
boolean isAuditSuccess();
}
@@ -17,15 +17,15 @@ package org.acegisecurity.acls;
import java.io.Serializable;
/**
* A mutable ACL that provides audit capabilities.
*
* @author Ben Alex
* @version $Id$
*
/**
* A mutable ACL that provides audit capabilities.
*
* @author Ben Alex
* @version $Id$
*
*/
public interface AuditableAcl extends MutableAcl {
//~ Methods ========================================================================================================
public void updateAuditing(Serializable aceId, boolean auditSuccess, boolean auditFailure);
void updateAuditing(Serializable aceId, boolean auditSuccess, boolean auditFailure);
}
@@ -19,21 +19,21 @@ import org.acegisecurity.acls.sid.Sid;
import java.io.Serializable;
/**
* A mutable <code>Acl</code>.
*
* <p>
* A mutable ACL must ensure that appropriate security checks are performed
* before allowing access to its methods.
* </p>
*
* @author Ben Alex
* @version $Id$
/**
* A mutable <code>Acl</code>.
*
* <p>
* A mutable ACL must ensure that appropriate security checks are performed
* before allowing access to its methods.
* </p>
*
* @author Ben Alex
* @version $Id$
*/
public interface MutableAcl extends Acl {
//~ Methods ========================================================================================================
public void deleteAce(Serializable aceId) throws NotFoundException;
void deleteAce(Serializable aceId) throws NotFoundException;
/**
* Retrieves all of the non-deleted {@link AccessControlEntry} instances currently stored by the
@@ -44,16 +44,16 @@ public interface MutableAcl extends Acl {
*
* @return DOCUMENT ME!
*/
public AccessControlEntry[] getEntries();
AccessControlEntry[] getEntries();
/**
* Obtains an identifier that represents this <code>MutableAcl</code>.
*
* @return the identifier, or <code>null</code> if unsaved
*/
public Serializable getId();
Serializable getId();
public void insertAce(Serializable afterAceId, Permission permission, Sid sid, boolean granting)
void insertAce(Serializable afterAceId, Permission permission, Sid sid, boolean granting)
throws NotFoundException;
/**
@@ -61,15 +61,15 @@ public interface MutableAcl extends Acl {
*
* @param entriesInheriting the new value
*/
public void setEntriesInheriting(boolean entriesInheriting);
void setEntriesInheriting(boolean entriesInheriting);
/**
* Changes the parent of this ACL.
*
* @param newParent the new parent
*/
public void setParent(MutableAcl newParent);
void setParent(Acl newParent);
public void updateAce(Serializable aceId, Permission permission)
void updateAce(Serializable aceId, Permission permission)
throws NotFoundException;
}
@@ -17,11 +17,11 @@ package org.acegisecurity.acls;
import org.acegisecurity.acls.objectidentity.ObjectIdentity;
/**
* Provides support for creating and storing <code>Acl</code> instances.
*
* @author Ben Alex
* @version $Id$
/**
* Provides support for creating and storing <code>Acl</code> instances.
*
* @author Ben Alex
* @version $Id$
*/
public interface MutableAclService extends AclService {
//~ Methods ========================================================================================================
@@ -36,7 +36,7 @@ public interface MutableAclService extends AclService {
*
* @throws AlreadyExistsException if the passed object identity already has a record
*/
public MutableAcl createAcl(ObjectIdentity objectIdentity)
MutableAcl createAcl(ObjectIdentity objectIdentity)
throws AlreadyExistsException;
/**
@@ -47,7 +47,7 @@ public interface MutableAclService extends AclService {
*
* @throws ChildrenExistException if the deleteChildren argument was <code>false</code> but children exist
*/
public void deleteAcl(ObjectIdentity objectIdentity, boolean deleteChildren)
void deleteAcl(ObjectIdentity objectIdentity, boolean deleteChildren)
throws ChildrenExistException;
/**
@@ -61,5 +61,5 @@ public interface MutableAclService extends AclService {
* #createAcl(ObjectIdentity)} to create the object, rather than creating it with the <code>new</code>
* keyword?)
*/
public MutableAcl updateAcl(MutableAcl acl) throws NotFoundException;
MutableAcl updateAcl(MutableAcl acl) throws NotFoundException;
}
@@ -17,19 +17,19 @@ package org.acegisecurity.acls;
import org.acegisecurity.acls.sid.Sid;
/**
* A mutable ACL that provides ownership capabilities.
*
* <p>
* Generally the owner of an ACL is able to call any ACL mutator method, as
* well as assign a new owner.
* </p>
*
* @author Ben Alex
* @version $Id$
/**
* A mutable ACL that provides ownership capabilities.
*
* <p>
* Generally the owner of an ACL is able to call any ACL mutator method, as
* well as assign a new owner.
* </p>
*
* @author Ben Alex
* @version $Id$
*/
public interface OwnershipAcl extends MutableAcl {
//~ Methods ========================================================================================================
public void setOwner(Sid newOwner);
void setOwner(Sid newOwner);
}
@@ -14,21 +14,18 @@
*/
package org.acegisecurity.acls;
import org.acegisecurity.acls.sid.Sid;
/**
* Represents a permission granted to a {@link Sid} for a given domain object.
*
* @author Ben Alex
* @version $Id$
/**
* Represents a permission granted to a {@link org.acegisecurity.acls.sid.Sid Sid} for a given domain object.
*
* @author Ben Alex
* @version $Id$
*/
public interface Permission {
//~ Static fields/initializers =====================================================================================
public static final char RESERVED_ON = '~';
public static final char RESERVED_OFF = '.';
public static final String THIRTY_TWO_RESERVED_OFF = "................................";
char RESERVED_ON = '~';
char RESERVED_OFF = '.';
String THIRTY_TWO_RESERVED_OFF = "................................";
//~ Methods ========================================================================================================
@@ -37,20 +34,22 @@ public interface Permission {
*
* @return the bits that represent the permission
*/
public int getMask();
int getMask();
/**
* Returns a 32-character long bit pattern <code>String</code> representing this permission.<p>Implementations
* are free to format the pattern as they see fit, although under no circumstances may {@link #RESERVED_OFF} or
* {@link #RESERVED_ON} be used within the pattern. An exemption is in the case of {@link #RESERVED_OFF} which is
* used to denote a bit that is off (clear). Implementations may also elect to use {@link #RESERVED_ON} internally
* for computation purposes, although this method may not return any <code>String</code> containing {@link
* #RESERVED_ON}.</p>
* Returns a 32-character long bit pattern <code>String</code> representing this permission.
* <p>
* Implementations are free to format the pattern as they see fit, although under no circumstances may
* {@link #RESERVED_OFF} or {@link #RESERVED_ON} be used within the pattern. An exemption is in the case of
* {@link #RESERVED_OFF} which is used to denote a bit that is off (clear).
* Implementations may also elect to use {@link #RESERVED_ON} internally for computation purposes,
* although this method may not return any <code>String</code> containing {@link #RESERVED_ON}.
* </p>
* <p>The returned String must be 32 characters in length.</p>
* <p>This method is only used for user interface and logging purposes. It is not used in any permission
* calculations. Therefore, duplication of characters within the output is permitted.</p>
*
* @return a 32-character bit pattern
*/
public String getPattern();
String getPattern();
}
@@ -21,18 +21,18 @@ import org.acegisecurity.acls.Acl;
/**
* Strategy used by {@link AclImpl} to determine whether a principal is permitted to call
* adminstrative methods on the <code>AclImpl</code>.
*
*
* @author Ben Alex
* @version $Id$
*/
public interface AclAuthorizationStrategy {
//~ Static fields/initializers =====================================================================================
public static final int CHANGE_OWNERSHIP = 0;
public static final int CHANGE_AUDITING = 1;
public static final int CHANGE_GENERAL = 2;
int CHANGE_OWNERSHIP = 0;
int CHANGE_AUDITING = 1;
int CHANGE_GENERAL = 2;
//~ Methods ========================================================================================================
public void securityCheck(Acl acl, int changeType);
void securityCheck(Acl acl, int changeType);
}
@@ -53,7 +53,7 @@ public class AclAuthorizationStrategyImpl implements AclAuthorizationStrategy {
/**
* Constructor. The only mandatory parameter relates to the system-wide {@link GrantedAuthority} instances that
* can be held to always permit ACL changes.
*
*
* @param auths an array of <code>GrantedAuthority</code>s that have
* special permissions (index 0 is the authority needed to change
* ownership, index 1 is the authority needed to modify auditing details,
@@ -81,7 +81,8 @@ public class AclAuthorizationStrategyImpl implements AclAuthorizationStrategy {
// Check if authorized by virtue of ACL ownership
Sid currentUser = new PrincipalSid(authentication);
if (currentUser.equals(acl.getOwner()) && ((changeType == CHANGE_GENERAL) || (changeType == CHANGE_OWNERSHIP))) {
if (currentUser.equals(acl.getOwner())
&& ((changeType == CHANGE_GENERAL) || (changeType == CHANGE_OWNERSHIP))) {
return;
}
@@ -335,7 +335,7 @@ public class AclImpl implements Acl, MutableAcl, AuditableAcl, OwnershipAcl {
this.owner = newOwner;
}
public void setParent(MutableAcl newParent) {
public void setParent(Acl newParent) {
aclAuthorizationStrategy.securityCheck(this, AclAuthorizationStrategy.CHANGE_GENERAL);
Assert.notNull(newParent, "New Parent required");
Assert.isTrue(!newParent.equals(this), "Cannot be the parent of yourself");
@@ -17,15 +17,15 @@ package org.acegisecurity.acls.domain;
import org.acegisecurity.acls.AccessControlEntry;
/**
* Used by <code>AclImpl</code> to log audit events.
*
* @author Ben Alex
* @version $Id$
*
/**
* Used by <code>AclImpl</code> to log audit events.
*
* @author Ben Alex
* @version $Id$
*
*/
public interface AuditLogger {
//~ Methods ========================================================================================================
public void logIfNeeded(boolean granted, AccessControlEntry ace);
void logIfNeeded(boolean granted, AccessControlEntry ace);
}
@@ -33,7 +33,7 @@ import java.util.Vector;
* @author Ben Alex
* @version $Id$
*/
public class BasePermission implements Permission {
public final class BasePermission implements Permission {
//~ Static fields/initializers =====================================================================================
public static final Permission READ = new BasePermission(1 << 0, 'R'); // 1
@@ -161,4 +161,8 @@ public class BasePermission implements Permission {
public String toString() {
return "BasePermission[" + getPattern() + "=" + mask + "]";
}
public int hashCode() {
return this.mask;
}
}
@@ -31,9 +31,9 @@ public class ConsoleAuditLogger implements AuditLogger {
public void logIfNeeded(boolean granted, AccessControlEntry ace) {
Assert.notNull(ace, "AccessControlEntry required");
if (ace instanceof AuditableAccessControlEntry) {
AuditableAccessControlEntry auditableAce = (AuditableAccessControlEntry) ace;
AuditableAccessControlEntry auditableAce = (AuditableAccessControlEntry) ace;
if (granted && auditableAce.isAuditSuccess()) {
System.out.println("GRANTED due to ACE: " + ace);
@@ -56,8 +56,12 @@ public class CumulativePermission implements Permission {
return (this.mask == rhs.getMask());
}
public int hashCode() {
return this.mask;
}
public int getMask() {
public int getMask() {
return this.mask;
}
@@ -20,23 +20,23 @@ import org.acegisecurity.acls.objectidentity.ObjectIdentity;
import java.io.Serializable;
/**
* A caching layer for {@link JdbcAclService}.
*
* @author Ben Alex
* @version $Id$
*
/**
* A caching layer for {@link JdbcAclService}.
*
* @author Ben Alex
* @version $Id$
*
*/
public interface AclCache {
//~ Methods ========================================================================================================
public void evictFromCache(Serializable pk);
void evictFromCache(Serializable pk);
public void evictFromCache(ObjectIdentity objectIdentity);
void evictFromCache(ObjectIdentity objectIdentity);
public MutableAcl getFromCache(ObjectIdentity objectIdentity);
MutableAcl getFromCache(ObjectIdentity objectIdentity);
public MutableAcl getFromCache(Serializable pk);
MutableAcl getFromCache(Serializable pk);
public void putInCache(MutableAcl acl);
void putInCache(MutableAcl acl);
}
@@ -79,12 +79,12 @@ public final class BasicLookupStrategy implements LookupStrategy {
//~ Constructors ===================================================================================================
/**
* Constructor accepting mandatory arguments
*
* @param dataSource to access the database
* @param aclCache the cache where fully-loaded elements can be stored
* @param aclAuthorizationStrategy authorization strategy (required)
/**
* Constructor accepting mandatory arguments
*
* @param dataSource to access the database
* @param aclCache the cache where fully-loaded elements can be stored
* @param aclAuthorizationStrategy authorization strategy (required)
*/
public BasicLookupStrategy(DataSource dataSource, AclCache aclCache,
AclAuthorizationStrategy aclAuthorizationStrategy, AuditLogger auditLogger) {
@@ -106,7 +106,8 @@ public final class BasicLookupStrategy implements LookupStrategy {
String startSql = "select ACL_OBJECT_IDENTITY.OBJECT_ID_IDENTITY, ACL_ENTRY.ACE_ORDER, "
+ "ACL_OBJECT_IDENTITY.ID as ACL_ID, " + "ACL_OBJECT_IDENTITY.PARENT_OBJECT, "
+ "ACL_OBJECT_IDENTITY,ENTRIES_INHERITING, "
+ "ACL_ENTRY.ID as ACE_ID, ACL_ENTRY.MASK, ACL_ENTRY.GRANTING, ACL_ENTRY.AUDIT_SUCCESS, ACL_ENTRY.AUDIT_FAILURE, "
+ "ACL_ENTRY.ID as ACE_ID, ACL_ENTRY.MASK, ACL_ENTRY.GRANTING, "
+ "ACL_ENTRY.AUDIT_SUCCESS, ACL_ENTRY.AUDIT_FAILURE, "
+ "ACL_SID.PRINCIPAL as ACE_PRINCIPAL, ACL_SID.SID as ACE_SID, "
+ "ACLI_SID.PRINCIPAL as ACL_PRINCIPAL, ACLI_SID.SID as ACL_SID, " + "ACL_CLASS.CLASS "
+ "from ACL_OBJECT_IDENTITY, ACL_SID ACLI_SID, ACL_CLASS "
@@ -387,7 +388,8 @@ public final class BasicLookupStrategy implements LookupStrategy {
continue; // now in results, so move to next element
} else {
throw new IllegalStateException(
"Error: SID-filtered element detected when implementation does not perform SID filtering - have you added something to the cache manually?");
"Error: SID-filtered element detected when implementation does not perform SID filtering "
+ "- have you added something to the cache manually?");
}
}
@@ -128,7 +128,7 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
}
public void setValues(PreparedStatement stmt, int i)
throws SQLException {
throws SQLException {
AccessControlEntry entry_ = (AccessControlEntry) Array.get(acl.getEntries(), i);
Assert.isTrue(entry_ instanceof AccessControlEntryImpl, "Unknown ACE class");
@@ -176,7 +176,8 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
if (allowCreate) {
classId = null;
jdbcTemplate.update(insertClass, new Object[] {clazz.getName()});
Assert.isTrue(TransactionSynchronizationManager.isSynchronizationActive(), "Transaction must be running");
Assert.isTrue(TransactionSynchronizationManager.isSynchronizationActive(),
"Transaction must be running");
classId = new Long(jdbcTemplate.queryForLong(identityQuery));
}
} else {
@@ -220,7 +221,8 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
if (allowCreate) {
sidId = null;
jdbcTemplate.update(insertSid, new Object[] {new Boolean(principal), sidName});
Assert.isTrue(TransactionSynchronizationManager.isSynchronizationActive(), "Transaction must be running");
Assert.isTrue(TransactionSynchronizationManager.isSynchronizationActive(),
"Transaction must be running");
sidId = new Long(jdbcTemplate.queryForLong(identityQuery));
}
} else {
@@ -263,7 +265,8 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
* @param oid the rows in acl_entry to delete
*/
protected void deleteEntries(ObjectIdentity oid) {
jdbcTemplate.update(deleteEntryByObjectIdentityForeignKey, new Object[] {retrieveObjectIdentityPrimaryKey(oid)});
jdbcTemplate.update(deleteEntryByObjectIdentityForeignKey,
new Object[] {retrieveObjectIdentityPrimaryKey(oid)});
}
/**
@@ -20,11 +20,11 @@ import org.acegisecurity.acls.sid.Sid;
import java.util.Map;
/**
* Performs optimised lookups for {@link JdbcAclService}.
*
* @author Ben Alex
* @version $Id$
/**
* Performs optimised lookups for {@link JdbcAclService}.
*
* @author Ben Alex
* @version $Id$
*/
public interface LookupStrategy {
//~ Methods ========================================================================================================
@@ -39,5 +39,5 @@ public interface LookupStrategy {
* @return the <code>Map</code> pursuant to the interface contract for {@link
* org.acegisecurity.acls.AclService#readAclsById(ObjectIdentity[], Sid[])}
*/
public Map readAclsById(ObjectIdentity[] objects, Sid[] sids);
Map readAclsById(ObjectIdentity[] objects, Sid[] sids);
}
@@ -17,20 +17,20 @@ package org.acegisecurity.acls.objectidentity;
import java.io.Serializable;
/**
* Interface representing the identity of an individual domain object instance.
*
* <P>
* As implementations are used as the key for caching and lookup, it is
* essential that implementations provide methods so that object-equality
* rather than reference-equality can be relied upon by caches. In other
* words, a cache can consider two <code>ObjectIdentity</code>s equal if
* <code>identity1.equals(identity2)</code>, rather than reference-equality of
* <code>identity1==identity2</code>.
* </p>
*
* @author Ben Alex
* @version $Id$
/**
* Interface representing the identity of an individual domain object instance.
*
* <P>
* As implementations are used as the key for caching and lookup, it is
* essential that implementations provide methods so that object-equality
* rather than reference-equality can be relied upon by caches. In other
* words, a cache can consider two <code>ObjectIdentity</code>s equal if
* <code>identity1.equals(identity2)</code>, rather than reference-equality of
* <code>identity1==identity2</code>.
* </p>
*
* @author Ben Alex
* @version $Id$
*/
public interface ObjectIdentity extends Serializable {
//~ Methods ========================================================================================================
@@ -42,7 +42,7 @@ public interface ObjectIdentity extends Serializable {
*
* @return <code>true</code> if the objects are equal, <code>false</code> otherwise
*/
public boolean equals(Object obj);
boolean equals(Object obj);
/**
* Obtains the actual identifier. This identifier must not be reused to represent other domain objects with
@@ -52,19 +52,19 @@ public interface ObjectIdentity extends Serializable {
*
* @return the identifier (unique within this <code>javaType</code>
*/
public Serializable getIdentifier();
Serializable getIdentifier();
/**
* Obtains the Java type represented by the domain object.
*
* @return the Java type of the domain object
*/
public Class getJavaType();
Class getJavaType();
/**
* Refer to the <code>java.lang.Object</code> documentation for the interface contract.
*
* @return a hash code representation of this object
*/
public int hashCode();
int hashCode();
}
@@ -14,8 +14,6 @@
*/
package org.acegisecurity.acls.objectidentity;
import org.acegisecurity.acl.basic.AclObjectIdentity;
import org.acegisecurity.acls.IdentityUnavailableException;
import org.springframework.util.Assert;
@@ -27,8 +25,11 @@ import java.lang.reflect.Method;
/**
* Simple implementation of {@link AclObjectIdentity}.<P>Uses <code>String</code>s to store the identity of the
* domain object instance. Also offers a constructor that uses reflection to build the identity information.</p>
* Simple implementation of {@link org.acegisecurity.acl.basic.AclObjectIdentity AclObjectIdentity}.
* <p>
* Uses <code>String</code>s to store the identity of the domain object instance. Also offers a constructor that uses
* reflection to build the identity information.
* </p>
*/
public class ObjectIdentityImpl implements ObjectIdentity {
//~ Instance fields ================================================================================================
@@ -58,16 +59,16 @@ public class ObjectIdentityImpl implements ObjectIdentity {
this.identifier = identifier;
}
/**
* Creates the <code>ObjectIdentityImpl</code> based on the passed
* object instance. The passed object must provide a <code>getId()</code>
* method, otherwise an exception will be thrown. The object passed will
* be considered the {@link #javaType}, so if more control is required,
* an alternate constructor should be used instead.
*
* @param object the domain object instance to create an identity for
*
* @throws IdentityUnavailableException if identity could not be extracted
/**
* Creates the <code>ObjectIdentityImpl</code> based on the passed
* object instance. The passed object must provide a <code>getId()</code>
* method, otherwise an exception will be thrown. The object passed will
* be considered the {@link #javaType}, so if more control is required,
* an alternate constructor should be used instead.
*
* @param object the domain object instance to create an identity for
*
* @throws IdentityUnavailableException if identity could not be extracted
*/
public ObjectIdentityImpl(Object object) throws IdentityUnavailableException {
Assert.notNull(object, "object cannot be null");
@@ -83,6 +84,7 @@ public class ObjectIdentityImpl implements ObjectIdentity {
throw new IdentityUnavailableException("Could not extract identity from object " + object, e);
}
Assert.notNull(result, "getId() is required to return a non-null value");
Assert.isInstanceOf(Serializable.class, result, "Getter must provide a return value of type Serializable");
this.identifier = (Serializable) result;
}
@@ -18,7 +18,7 @@ package org.acegisecurity.acls.objectidentity;
/**
* Strategy interface that provides the ability to determine which {@link ObjectIdentity}
* will be returned for a particular domain object
*
*
* @author Ben Alex
* @version $Id$
*
@@ -26,5 +26,5 @@ package org.acegisecurity.acls.objectidentity;
public interface ObjectIdentityRetrievalStrategy {
//~ Methods ========================================================================================================
public ObjectIdentity getObjectIdentity(Object domainObject);
ObjectIdentity getObjectIdentity(Object domainObject);
}
@@ -14,20 +14,20 @@
*/
package org.acegisecurity.acls.sid;
/**
* A security identity recognised by the ACL system.
*
* <p>
* This interface provides indirection between actual security objects (eg
* principals, roles, groups etc) and what is stored inside an
* <code>Acl</code>. This is because an <code>Acl</code> will not store an
* entire security object, but only an abstraction of it. This interface
* therefore provides a simple way to compare these abstracted security
* identities with other security identities and actual security objects.
* </p>
*
* @author Ben Alex
* @version $Id$
/**
* A security identity recognised by the ACL system.
*
* <p>
* This interface provides indirection between actual security objects (eg
* principals, roles, groups etc) and what is stored inside an
* <code>Acl</code>. This is because an <code>Acl</code> will not store an
* entire security object, but only an abstraction of it. This interface
* therefore provides a simple way to compare these abstracted security
* identities with other security identities and actual security objects.
* </p>
*
* @author Ben Alex
* @version $Id$
*/
public interface Sid {
//~ Methods ========================================================================================================
@@ -39,12 +39,12 @@ public interface Sid {
*
* @return <code>true</code> if the objects are equal, <code>false</code> otherwise
*/
public boolean equals(Object obj);
boolean equals(Object obj);
/**
* Refer to the <code>java.lang.Object</code> documentation for the interface contract.
*
* @return a hash code representation of this object
*/
public int hashCode();
int hashCode();
}
@@ -21,12 +21,12 @@ import org.acegisecurity.Authentication;
/**
* Strategy interface that provides an ability to determine the {@link Sid} instances applicable
* for an {@link Authentication}.
*
*
* @author Ben Alex
* @version $Id$
*/
public interface SidRetrievalStrategy {
//~ Methods ========================================================================================================
public Sid[] getSids(Authentication authentication);
Sid[] getSids(Authentication authentication);
}
@@ -21,7 +21,7 @@ import org.acegisecurity.Authentication;
/**
* Indicates a specialized, immutable, server-side only {@link Authentication}
* class.
*
*
* <P>
* Automatically considered valid by the {@link AuthByAdapterProvider},
* provided the hash code presented by the implementation objects matches that
@@ -41,5 +41,5 @@ public interface AuthByAdapter extends Authentication {
*
* @return the hash code of the key used when the object was created.
*/
public int getKeyHash();
int getKeyHash();
}
@@ -27,6 +27,7 @@ import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.MessageSource;
import org.springframework.context.MessageSourceAware;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.core.Ordered;
import org.springframework.util.Assert;
@@ -38,15 +39,24 @@ import org.springframework.util.Assert;
* <code>AuthByAdapterProvider</code>-configured key.</p>
* <P>If the key does not match, a <code>BadCredentialsException</code> is thrown.</p>
*/
public class AuthByAdapterProvider implements InitializingBean, AuthenticationProvider, MessageSourceAware {
public class AuthByAdapterProvider implements InitializingBean, AuthenticationProvider, MessageSourceAware, Ordered {
//~ Instance fields ================================================================================================
protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
private String key;
private int order = -1; // default: same as non-Ordered
//~ Methods ========================================================================================================
public void afterPropertiesSet() throws Exception {
public int getOrder() {
return order;
}
public void setOrder(int order) {
this.order = order;
}
public void afterPropertiesSet() throws Exception {
Assert.notNull(key, "A Key is required and should match that configured for the adapters");
Assert.notNull(messages, "A message source must be set");
}
@@ -29,7 +29,7 @@ import java.security.Principal;
public class PrincipalAcegiUserToken extends AbstractAdapterAuthenticationToken implements Principal {
//~ Instance fields ================================================================================================
private static final long serialVersionUID = 1L;
private static final long serialVersionUID = 1L;
private Object principal;
private String password;
private String username;
@@ -20,7 +20,6 @@ import org.acegisecurity.AuthorizationServiceException;
import org.acegisecurity.ConfigAttribute;
import org.acegisecurity.ConfigAttributeDefinition;
import org.acegisecurity.acls.Acl;
import org.acegisecurity.acls.AclService;
import org.acegisecurity.acls.Permission;
@@ -39,7 +38,9 @@ import java.util.Iterator;
* each <code>Collection</code> domain object instance element for the current <code>Authentication</code> object.</p>
* <p>This after invocation provider will fire if any {@link ConfigAttribute#getAttribute()} matches the {@link
* #processConfigAttribute}. The provider will then lookup the ACLs from the <code>AclService</code> and ensure the
* principal is {@link Acl#isGranted(org.acegisecurity.acls.Permission[], org.acegisecurity.acls.sid.Sid[], boolean)}
* principal is
* {@link org.acegisecurity.acls.Acl#isGranted(org.acegisecurity.acls.Permission[],
* org.acegisecurity.acls.sid.Sid[], boolean) Acl.isGranted(Permission[], Sid[], boolean)}
* when presenting the {@link #requirePermission} array to that method.</p>
* <p>If the principal does not have permission, that element will not be included in the returned
* <code>Collection</code>.</p>
@@ -94,9 +95,8 @@ public class AclEntryAfterInvocationCollectionFilteringProvider extends Abstract
Object[] array = (Object[]) returnedObject;
filterer = new ArrayFilterer(array);
} else {
throw new AuthorizationServiceException(
"A Collection or an array (or null) was required as the returnedObject, but the returnedObject was: "
+ returnedObject);
throw new AuthorizationServiceException("A Collection or an array (or null) was required as the "
+ "returnedObject, but the returnedObject was: " + returnedObject);
}
// Locate unauthorised Collection elements
@@ -20,7 +20,6 @@ import org.acegisecurity.Authentication;
import org.acegisecurity.ConfigAttribute;
import org.acegisecurity.ConfigAttributeDefinition;
import org.acegisecurity.acls.Acl;
import org.acegisecurity.acls.AclService;
import org.acegisecurity.acls.Permission;
@@ -37,19 +36,20 @@ import java.util.Iterator;
/**
* <p>Given a domain object instance returned from a secure object invocation, ensures the principal has
* appropriate permission as defined by the {@link AclService}.</p>
* <p>The <code>AclService</code> is used to retrieve the access control list (ACL) permissions associated with a
* <p>The <code>AclService</code> is used to retrieve the access control list (ACL) permissions associated with a
* domain object instance for the current <code>Authentication</code> object.</p>
* <p>This after invocation provider will fire if any {@link ConfigAttribute#getAttribute()} matches the {@link
* <p>This after invocation provider will fire if any {@link ConfigAttribute#getAttribute()} matches the {@link
* #processConfigAttribute}. The provider will then lookup the ACLs from the <code>AclService</code> and ensure the
* principal is {@link Acl#isGranted(org.acegisecurity.acls.Permission[], org.acegisecurity.acls.sid.Sid[], boolean)}
* principal is {@link org.acegisecurity.acls.Acl#isGranted(org.acegisecurity.acls.Permission[],
org.acegisecurity.acls.sid.Sid[], boolean) Acl.isGranted(Permission[], Sid[], boolean)}
* when presenting the {@link #requirePermission} array to that method.</p>
* <p>Often users will setup an <code>AclEntryAfterInvocationProvider</code> with a {@link
* <p>Often users will setup an <code>AclEntryAfterInvocationProvider</code> with a {@link
* #processConfigAttribute} of <code>AFTER_ACL_READ</code> and a {@link #requirePermission} of
* <code>BasePermission.READ</code>. These are also the defaults.</p>
* <p>If the principal does not have sufficient permissions, an <code>AccessDeniedException</code> will be thrown.</p>
* <p>If the provided <code>returnObject</code> is <code>null</code>, permission will always be granted and
* <p>If the principal does not have sufficient permissions, an <code>AccessDeniedException</code> will be thrown.</p>
* <p>If the provided <code>returnObject</code> is <code>null</code>, permission will always be granted and
* <code>null</code> will be returned.</p>
* <p>All comparisons and prefixes are case sensitive.</p>
* <p>All comparisons and prefixes are case sensitive.</p>
*/
public class AclEntryAfterInvocationProvider extends AbstractAclProvider implements MessageSourceAware {
//~ Static fields/initializers =====================================================================================
@@ -92,7 +92,7 @@ public class AclEntryAfterInvocationProvider extends AbstractAclProvider impleme
logger.debug("Return object is not applicable for this provider, skipping");
}
return null;
return returnedObject;
}
if (hasPermission(authentication, returnedObject)) {
@@ -113,7 +113,7 @@ public class AclEntryAfterInvocationProvider extends AbstractAclProvider impleme
return returnedObject;
}
public void setMessageSource(MessageSource messages) {
this.messages = new MessageSourceAccessor(messages);
public void setMessageSource(MessageSource messageSource) {
this.messages = new MessageSourceAccessor(messageSource);
}
}
@@ -31,7 +31,7 @@ import org.acegisecurity.ConfigAttributeDefinition;
public interface AfterInvocationProvider {
//~ Methods ========================================================================================================
public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
Object returnedObject) throws AccessDeniedException;
/**
@@ -46,7 +46,7 @@ public interface AfterInvocationProvider {
*
* @return true if this <code>AfterInvocationProvider</code> can support the passed configuration attribute
*/
public boolean supports(ConfigAttribute attribute);
boolean supports(ConfigAttribute attribute);
/**
* Indicates whether the <code>AfterInvocationProvider</code> is able to provide "after invocation"
@@ -56,5 +56,5 @@ public interface AfterInvocationProvider {
*
* @return true if the implementation can process the indicated class
*/
public boolean supports(Class clazz);
boolean supports(Class clazz);
}
@@ -36,7 +36,8 @@ import java.util.Set;
class ArrayFilterer implements Filterer {
//~ Static fields/initializers =====================================================================================
protected static final Log logger = LogFactory.getLog(BasicAclEntryAfterInvocationCollectionFilteringProvider.class);
protected static final Log logger =
LogFactory.getLog(BasicAclEntryAfterInvocationCollectionFilteringProvider.class);
//~ Instance fields ================================================================================================
@@ -57,7 +58,7 @@ class ArrayFilterer implements Filterer {
//~ Methods ========================================================================================================
/**
*
*
* @see org.acegisecurity.afterinvocation.Filterer#getFilteredObject()
*/
public Object getFilteredObject() {
@@ -84,7 +85,7 @@ class ArrayFilterer implements Filterer {
}
/**
*
*
* @see org.acegisecurity.afterinvocation.Filterer#iterator()
*/
public Iterator iterator() {
@@ -92,7 +93,7 @@ class ArrayFilterer implements Filterer {
}
/**
*
*
* @see org.acegisecurity.afterinvocation.Filterer#remove(java.lang.Object)
*/
public void remove(Object object) {
@@ -116,9 +116,8 @@ public class BasicAclEntryAfterInvocationCollectionFilteringProvider implements
Object[] array = (Object[]) returnedObject;
filterer = new ArrayFilterer(array);
} else {
throw new AuthorizationServiceException(
"A Collection or an array (or null) was required as the returnedObject, but the returnedObject was: "
+ returnedObject);
throw new AuthorizationServiceException("A Collection or an array (or null) was required as the "
+ "returnedObject, but the returnedObject was: " + returnedObject);
}
// Locate unauthorised Collection elements
@@ -207,12 +206,12 @@ public class BasicAclEntryAfterInvocationCollectionFilteringProvider implements
* Allow setting permissions with String literals instead of integers as {@link
* #setRequirePermission(int[])}
*
* @param requirePermission permission literals
* @param requiredPermissions permission literals
*
* @see SimpleAclEntry#parsePermissions(String[]) for valid values
*/
public void setRequirePermissionFromString(String[] requirePermission) {
setRequirePermission(SimpleAclEntry.parsePermissions(requirePermission));
public void setRequirePermissionFromString(String[] requiredPermissions) {
setRequirePermission(SimpleAclEntry.parsePermissions(requiredPermissions));
}
public boolean supports(ConfigAttribute attribute) {
@@ -33,6 +33,7 @@ import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.MessageSource;
import org.springframework.context.MessageSourceAware;
import org.springframework.context.i18n.LocaleContextHolder;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.util.Assert;
@@ -120,7 +121,7 @@ public class BasicAclEntryAfterInvocationProvider implements AfterInvocationProv
throw new AccessDeniedException(messages.getMessage(
"BasicAclEntryAfterInvocationProvider.noPermission",
new Object[] {authentication.getName(), returnedObject},
"Authentication {0} has NO permissions at all to the domain object {1}"));
"Authentication {0} has NO permissions at all to the domain object {1}", LocaleContextHolder.getLocale()));
}
for (int i = 0; i < acls.length; i++) {
@@ -146,7 +147,8 @@ public class BasicAclEntryAfterInvocationProvider implements AfterInvocationProv
throw new AccessDeniedException(messages.getMessage(
"BasicAclEntryAfterInvocationProvider.insufficientPermission",
new Object[] {authentication.getName(), returnedObject},
"Authentication {0} has ACL permissions to the domain object, but not the required ACL permission to the domain object {1}"));
"Authentication {0} has ACL permissions to the domain object, "
+ "but not the required ACL permission to the domain object {1}", LocaleContextHolder.getLocale()));
}
}
@@ -188,12 +190,12 @@ public class BasicAclEntryAfterInvocationProvider implements AfterInvocationProv
/**
* Allow setting permissions with String literals instead of integers as {@link #setRequirePermission(int[])}
*
* @param requirePermission Permission literals
*
* @param requiredPermissions Permission literals
* @see SimpleAclEntry#parsePermissions(String[]) for valid values
*/
public void setRequirePermissionFromString(String[] requirePermission) {
setRequirePermission(SimpleAclEntry.parsePermissions(requirePermission));
public void setRequirePermissionFromString(String[] requiredPermissions) {
setRequirePermission(SimpleAclEntry.parsePermissions(requiredPermissions));
}
public boolean supports(ConfigAttribute attribute) {
@@ -34,7 +34,7 @@ import java.util.Set;
class CollectionFilterer implements Filterer {
//~ Static fields/initializers =====================================================================================
protected static final Log logger = LogFactory.getLog(BasicAclEntryAfterInvocationCollectionFilteringProvider.class);
protected static final Log logger = LogFactory.getLog(CollectionFilterer.class);
//~ Instance fields ================================================================================================
@@ -20,7 +20,7 @@ import java.util.Iterator;
/**
* Filter strategy interface.
*
*
* @author Ben Alex
* @author Paulo Neves
* @version $Id$
@@ -33,19 +33,19 @@ interface Filterer {
*
* @return the filtered collection or array
*/
public Object getFilteredObject();
Object getFilteredObject();
/**
* Returns an iterator over the filtered collection or array.
*
* @return an Iterator
*/
public Iterator iterator();
Iterator iterator();
/**
* Removes the the given object from the resulting list.
*
* @param object the object to be removed
*/
public void remove(Object object);
void remove(Object object);
}
@@ -44,11 +44,15 @@ import javax.servlet.http.HttpServletResponse;
/**
* The captcha entry point : redirect to the captcha test page. <br><p>This entry point can force the use of SSL :
* see {@link #getForceHttps()}<br></p>
* This entry point allows internal OR external redirect : see {@link #setOutsideWebApp(boolean)}<br>
* / Original request can be added to the redirect path using a custom translation : see {@link #setIncludeOriginalRequest(boolean)}<br>
* Original request is translated using URLEncoding and the following translation mapping in the redirect url :
* The captcha entry point : redirect to the captcha test page.
* <p>
* This entry point can force the use of SSL : see {@link #getForceHttps()}
* </p>
* <p>
* This entry point allows internal OR external redirect : see {@link #setOutsideWebApp(boolean)}<br />
* / Original request can be added to the redirect path using a custom translation : see
* {@link #setIncludeOriginalRequest(boolean)}<br />
* The original request is translated using URLEncoding and the following translation mapping in the redirect url :
* <ul>
* <li>original url => {@link #getOriginalRequestUrlParameterName()}</li>
* <li>If {@link #isIncludeOriginalParameters()}</li>
@@ -63,17 +67,20 @@ import javax.servlet.http.HttpServletResponse;
* </li>
* </ul>
* <br><br>
* Default values :<br>
* forceHttps = false<br>
* includesOriginalRequest = true<br>
* includesOriginalParameters = false<br>
* isOutsideWebApp=false<br>
* originalRequestUrlParameterName =original_requestUrl <br>
* originalRequestParametersParameterName = original_request_parameters<br>
* originalRequestParametersNameValueSeparator = __ <br>
* originalRequestParametersSeparator = ;; <br>
* originalRequestMethodParameterName = original_request_method <br>
* urlEncodingCharset = UTF-8<br>
* Default values :
* <pre>
* forceHttps = false
* includesOriginalRequest = true
* includesOriginalParameters = false
* isOutsideWebApp = false
* originalRequestUrlParameterName = original_requestUrl
* originalRequestParametersParameterName = original_request_parameters
* originalRequestParametersNameValueSeparator = __
* originalRequestParametersSeparator = ;;
* originalRequestMethodParameterName = original_request_method
* urlEncodingCharset = UTF-8
* </pre>
* </p>
*
* @author marc antoine Garrigue
* @version $Id$
@@ -81,8 +88,6 @@ import javax.servlet.http.HttpServletResponse;
public class CaptchaEntryPoint implements ChannelEntryPoint, InitializingBean {
//~ Static fields/initializers =====================================================================================
// ~ Static fields/initializers
// =============================================
private static final Log logger = LogFactory.getLog(CaptchaEntryPoint.class);
//~ Instance fields ================================================================================================
@@ -44,14 +44,10 @@ import javax.servlet.http.HttpSession;
public class CaptchaValidationProcessingFilter implements InitializingBean, Filter {
//~ Static fields/initializers =====================================================================================
// ~ Static fields/initializers
// =============================================
protected static final Log logger = LogFactory.getLog(CaptchaValidationProcessingFilter.class);
//~ Instance fields ================================================================================================
// ~ Instance fields
// ========================================================
private CaptchaServiceProxy captchaService;
private String captchaValidationParameter = "_captcha_parameter";
@@ -74,9 +70,9 @@ public class CaptchaValidationProcessingFilter implements InitializingBean, Filt
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
String captcha_reponse = request.getParameter(captchaValidationParameter);
String captchaResponse = request.getParameter(captchaValidationParameter);
if ((request != null) && request instanceof HttpServletRequest && (captcha_reponse != null)) {
if ((request != null) && request instanceof HttpServletRequest && (captchaResponse != null)) {
logger.debug("captcha validation parameter found");
// validate the request against CaptchaServiceProxy
@@ -89,7 +85,7 @@ public class CaptchaValidationProcessingFilter implements InitializingBean, Filt
if (session != null) {
String id = session.getId();
valid = this.captchaService.validateReponseForId(id, captcha_reponse);
valid = this.captchaService.validateReponseForId(id, captchaResponse);
logger.debug("captchaServiceProxy says : request is valid = " + valid);
if (valid) {
@@ -114,8 +110,6 @@ public class CaptchaValidationProcessingFilter implements InitializingBean, Filt
chain.doFilter(request, response);
}
// ~ Methods
// ================================================================
public CaptchaServiceProxy getCaptchaService() {
return captchaService;
}
@@ -41,7 +41,7 @@ public interface ConcurrentSessionController {
*
* @throws AuthenticationException if the user has exceeded their maximum allowed current sessions
*/
public void checkAuthenticationAllowed(Authentication request)
void checkAuthenticationAllowed(Authentication request)
throws AuthenticationException;
/**
@@ -51,5 +51,5 @@ public interface ConcurrentSessionController {
*
* @param authentication the successfully authenticated user (never <code>null</code>)
*/
public void registerSuccessfulAuthentication(Authentication authentication);
void registerSuccessfulAuthentication(Authentication authentication);
}
@@ -67,14 +67,16 @@ public class ConcurrentSessionControllerImpl implements ConcurrentSessionControl
SessionRegistry registry) {
if (exceptionIfMaximumExceeded || (sessions == null)) {
throw new ConcurrentLoginException(messages.getMessage("ConcurrentSessionControllerImpl.exceededAllowed",
new Object[] {new Integer(allowableSessions)}, "Maximum sessions of {0} for this principal exceeded"));
new Object[] {new Integer(allowableSessions)},
"Maximum sessions of {0} for this principal exceeded"));
}
// Determine least recently used session, and mark it for invalidation
SessionInformation leastRecentlyUsed = null;
for (int i = 0; i < sessions.length; i++) {
if ((leastRecentlyUsed == null) || sessions[i].getLastRequest().before(leastRecentlyUsed.getLastRequest())) {
if ((leastRecentlyUsed == null)
|| sessions[i].getLastRequest().before(leastRecentlyUsed.getLastRequest())) {
leastRecentlyUsed = sessions[i];
}
}
@@ -98,8 +100,8 @@ public class ConcurrentSessionControllerImpl implements ConcurrentSessionControl
}
int allowableSessions = getMaximumSessionsForThisUser(request);
Assert.isTrue(allowableSessions != 0,
"getMaximumSessionsForThisUser() must return either -1 to allow unlimited logins, or a positive integer to specify a maximum");
Assert.isTrue(allowableSessions != 0, "getMaximumSessionsForThisUser() must return either -1 to allow "
+ "unlimited logins, or a positive integer to specify a maximum");
if (sessionCount < allowableSessions) {
// They haven't got too many login sessions running at present
@@ -138,7 +140,6 @@ public class ConcurrentSessionControllerImpl implements ConcurrentSessionControl
Object principal = SessionRegistryUtils.obtainPrincipalFromAuthentication(authentication);
String sessionId = SessionRegistryUtils.obtainSessionIdFromAuthentication(authentication);
sessionRegistry.removeSessionInformation(sessionId);
sessionRegistry.registerNewSession(sessionId, principal);
}
@@ -18,7 +18,7 @@ package org.acegisecurity.concurrent;
/**
* Implemented by {@link org.acegisecurity.Authentication#getDetails()}
* implementations that are capable of returning a session ID.
*
*
* <p>
* This interface is used by {@link
* org.acegisecurity.concurrent.SessionRegistryUtils} to extract the session
@@ -40,5 +40,5 @@ public interface SessionIdentifierAware {
*
* @return the session ID, or <code>null</code> if not known.
*/
public String getSessionId();
String getSessionId();
}
@@ -29,7 +29,7 @@ public interface SessionRegistry {
*
* @return each of the unique principals, which can then be presented to {@link #getAllSessions(Object, boolean)}.
*/
public Object[] getAllPrincipals();
Object[] getAllPrincipals();
/**
* Obtains all the known sessions for the specified principal. Sessions that have been destroyed are not
@@ -41,7 +41,7 @@ public interface SessionRegistry {
*
* @return the matching sessions for this principal, or <code>null</code> if none were found
*/
public SessionInformation[] getAllSessions(Object principal, boolean includeExpiredSessions);
SessionInformation[] getAllSessions(Object principal, boolean includeExpiredSessions);
/**
* Obtains the session information for the specified <code>sessionId</code>. Even expired sessions are
@@ -51,7 +51,7 @@ public interface SessionRegistry {
*
* @return the session information, or <code>null</code> if not found
*/
public SessionInformation getSessionInformation(String sessionId);
SessionInformation getSessionInformation(String sessionId);
/**
* Updates the given <code>sessionId</code> so its last request time is equal to the present date and time.
@@ -59,7 +59,7 @@ public interface SessionRegistry {
*
* @param sessionId for which to update the date and time of the last request (should never be <code>null</code>)
*/
public void refreshLastRequest(String sessionId);
void refreshLastRequest(String sessionId);
/**
* Registers a new session for the specified principal. The newly registered session will not be marked for
@@ -70,7 +70,7 @@ public interface SessionRegistry {
*
* @throws SessionAlreadyUsedException DOCUMENT ME!
*/
public void registerNewSession(String sessionId, Object principal)
void registerNewSession(String sessionId, Object principal)
throws SessionAlreadyUsedException;
/**
@@ -79,5 +79,5 @@ public interface SessionRegistry {
*
* @param sessionId to delete information for (should never be <code>null</code>)
*/
public void removeSessionInformation(String sessionId);
void removeSessionInformation(String sessionId);
}
@@ -112,14 +112,12 @@ public class SessionRegistryImpl implements SessionRegistry,
}
}
public void registerNewSession(String sessionId, Object principal)
throws SessionAlreadyUsedException {
public synchronized void registerNewSession(String sessionId, Object principal) {
Assert.hasText(sessionId, "SessionId required as per interface contract");
Assert.notNull(principal, "Principal required as per interface contract");
if (getSessionInformation(sessionId) != null) {
throw new SessionAlreadyUsedException("Session " + sessionId
+ " is already is use");
removeSessionInformation(sessionId);
}
sessionIds.put(sessionId,
@@ -28,7 +28,12 @@ import org.springframework.util.Assert;
* @author Ben Alex
* @version $Id$
*/
public class SessionRegistryUtils {
public final class SessionRegistryUtils {
//~ Constructors ===================================================================================================
private SessionRegistryUtils() {
}
//~ Methods ========================================================================================================
public static Object obtainPrincipalFromAuthentication(Authentication auth) {
@@ -33,88 +33,130 @@ import org.springframework.beans.factory.InitializingBean;
import org.springframework.util.Assert;
import org.springframework.util.ReflectionUtils;
/**
* <p>Populates the {@link SecurityContextHolder} with information obtained from the <code>HttpSession</code>.</p>
* <p>The <code>HttpSession</code> will be queried to retrieve the <code>SecurityContext</code> that should be
* stored against the <code>SecurityContextHolder</code> for the duration of the web request. At the end of the web
* request, any updates made to the <code>SecurityContextHolder</code> will be persisted back to the
* <code>HttpSession</code> by this filter.</p>
* <p>If a valid <code>SecurityContext</code> cannot be obtained from the <code>HttpSession</code> for whatever
* reason, a fresh <code>SecurityContext</code> will be created and used instead. The created object will be of the
* instance defined by the {@link #setContext(Class)} method (which defaults to {@link
* org.acegisecurity.context.SecurityContextImpl}.</p>
* <p>No <code>HttpSession</code> will be created by this filter if one does not already exist. If at the end of
* the web request the <code>HttpSession</code> does not exist, a <code>HttpSession</code> will <b>only</b> be created
* if the current contents of the <code>SecurityContextHolder</code> are not {@link
* java.lang.Object#equals(java.lang.Object)} to a <code>new</code> instance of {@link #setContext(Class)}. This
* avoids needless <code>HttpSession</code> creation, but automates the storage of changes made to the
* <code>SecurityContextHolder</code>. There is one exception to this rule, that is if the {@link
* #forceEagerSessionCreation} property is <code>true</code>, in which case sessions will always be created
* irrespective of normal session-minimisation logic (the default is <code>false</code>, as this is resource intensive
* and not recommended).</p>
* <p>This filter will only execute once per request, to resolve servlet container (specifically Weblogic)
* incompatibilities.</p>
* <p>If for whatever reason no <code>HttpSession</code> should <b>ever</b> be created (eg this filter is only
* being used with Basic authentication or similar clients that will never present the same <code>jsessionid</code>
* etc), the {@link #setAllowSessionCreation(boolean)} should be set to <code>false</code>. Only do this if you really
* need to conserve server memory and ensure all classes using the <code>SecurityContextHolder</code> are designed to
* have no persistence of the <code>SecurityContext</code> between web requests. Please note that if {@link
* #forceEagerSessionCreation} is <code>true</code>, the <code>allowSessionCreation</code> must also be
* <code>true</code> (setting it to <code>false</code> will cause a startup time error).</p>
* <p>This filter MUST be executed BEFORE any authentication processing mechanisms. Authentication processing
* mechanisms (eg BASIC, CAS processing filters etc) expect the <code>SecurityContextHolder</code> to contain a valid
* <code>SecurityContext</code> by the time they execute.</p>
*
* Populates the {@link SecurityContextHolder} with information obtained from
* the <code>HttpSession</code>.
*
* <p>
* The <code>HttpSession</code> will be queried to retrieve the
* <code>SecurityContext</code> that should be stored against the
* <code>SecurityContextHolder</code> for the duration of the web request. At
* the end of the web request, any updates made to the
* <code>SecurityContextHolder</code> will be persisted back to the
* <code>HttpSession</code> by this filter.
* </p>
* <p>
* If a valid <code>SecurityContext</code> cannot be obtained from the
* <code>HttpSession</code> for whatever reason, a fresh
* <code>SecurityContext</code> will be created and used instead. The created
* object will be of the instance defined by the {@link #setContext(Class)}
* method (which defaults to {@link
* org.acegisecurity.context.SecurityContextImpl}.
* </p>
* <p>
* No <code>HttpSession</code> will be created by this filter if one does not
* already exist. If at the end of the web request the <code>HttpSession</code>
* does not exist, a <code>HttpSession</code> will <b>only</b> be created if
* the current contents of the <code>SecurityContextHolder</code> are not
* {@link java.lang.Object#equals(java.lang.Object)} to a <code>new</code>
* instance of {@link #setContext(Class)}. This avoids needless
* <code>HttpSession</code> creation, but automates the storage of changes
* made to the <code>SecurityContextHolder</code>. There is one exception to
* this rule, that is if the {@link #forceEagerSessionCreation} property is
* <code>true</code>, in which case sessions will always be created
* irrespective of normal session-minimisation logic (the default is
* <code>false</code>, as this is resource intensive and not recommended).
* </p>
* <p>
* This filter will only execute once per request, to resolve servlet container
* (specifically Weblogic) incompatibilities.
* </p>
* <p>
* If for whatever reason no <code>HttpSession</code> should <b>ever</b> be
* created (eg this filter is only being used with Basic authentication or
* similar clients that will never present the same <code>jsessionid</code>
* etc), the {@link #setAllowSessionCreation(boolean)} should be set to
* <code>false</code>. Only do this if you really need to conserve server
* memory and ensure all classes using the <code>SecurityContextHolder</code>
* are designed to have no persistence of the <code>SecurityContext</code>
* between web requests. Please note that if {@link #forceEagerSessionCreation}
* is <code>true</code>, the <code>allowSessionCreation</code> must also be
* <code>true</code> (setting it to <code>false</code> will cause a startup
* time error).
* </p>
* <p>
* This filter MUST be executed BEFORE any authentication processing mechanisms.
* Authentication processing mechanisms (eg BASIC, CAS processing filters etc)
* expect the <code>SecurityContextHolder</code> to contain a valid
* <code>SecurityContext</code> by the time they execute.
* </p>
*
* @author Ben Alex
* @author Patrick Burleson
* @version $Id$
* @version $Id: HttpSessionContextIntegrationFilter.java 1784 2007-02-24
* 21:00:24Z luke_t $
*/
public class HttpSessionContextIntegrationFilter implements InitializingBean, Filter {
//~ Static fields/initializers =====================================================================================
// ~ Static fields/initializers
// =====================================================================================
protected static final Log logger = LogFactory.getLog(HttpSessionContextIntegrationFilter.class);
private static final String FILTER_APPLIED = "__acegi_session_integration_filter_applied";
public static final String ACEGI_SECURITY_CONTEXT_KEY = "ACEGI_SECURITY_CONTEXT";
protected static final Log logger = LogFactory.getLog(HttpSessionContextIntegrationFilter.class);
//~ Instance fields ================================================================================================
static final String FILTER_APPLIED = "__acegi_session_integration_filter_applied";
private Class context = SecurityContextImpl.class;
private Object contextObject;
public static final String ACEGI_SECURITY_CONTEXT_KEY = "ACEGI_SECURITY_CONTEXT";
/**
* Indicates if this filter can create a <code>HttpSession</code> if needed (sessions are always created
* sparingly, but setting this value to <code>false</code> will prohibit sessions from ever being created).
* Defaults to <code>true</code>. Do not set to <code>false</code> if you are have set {@link
* #forceEagerSessionCreation} to <code>true</code>, as the properties would be in conflict.
*/
private boolean allowSessionCreation = true;
// ~ Instance fields
// ================================================================================================
/**
* Indicates if this filter is required to create a <code>HttpSession</code> for every request before
* proceeding through the filter chain, even if the <code>HttpSession</code> would not ordinarily have been
* created. By default this is <code>false</code>, which is entirely appropriate for most circumstances as you do
* not want a <code>HttpSession</code> created unless the filter actually needs one. It is envisaged the main
* situation in which this property would be set to <code>true</code> is if using other filters that depend on a
* <code>HttpSession</code> already existing, such as those which need to obtain a session ID. This is only
* required in specialised cases, so leave it set to <code>false</code> unless you have an actual requirement and
* are conscious of the session creation overhead.
*/
private boolean forceEagerSessionCreation = false;
/**
* Indicates whether the <code>SecurityContext</code> will be cloned from the <code>HttpSession</code>. The
* default is to simply reference (ie the default is <code>false</code>). The default may cause issues if
* concurrent threads need to have a different security identity from other threads being concurrently processed
* that share the same <code>HttpSession</code>. In most normal environments this does not represent an issue,
* as changes to the security identity in one thread is allowed to affect the security identitiy in other
* threads associated with the same <code>HttpSession</code>. For unusual cases where this is not permitted,
* change this value to <code>true</code> and ensure the {@link #context} is set to a <code>SecurityContext</code>
* that implements {@link Cloneable} and overrides the <code>clone()</code> method.
*/
private boolean cloneFromHttpSession = false;
private Class context = SecurityContextImpl.class;
public boolean isCloneFromHttpSession() {
private Object contextObject;
/**
* Indicates if this filter can create a <code>HttpSession</code> if
* needed (sessions are always created sparingly, but setting this value to
* <code>false</code> will prohibit sessions from ever being created).
* Defaults to <code>true</code>. Do not set to <code>false</code> if
* you are have set {@link #forceEagerSessionCreation} to <code>true</code>,
* as the properties would be in conflict.
*/
private boolean allowSessionCreation = true;
/**
* Indicates if this filter is required to create a <code>HttpSession</code>
* for every request before proceeding through the filter chain, even if the
* <code>HttpSession</code> would not ordinarily have been created. By
* default this is <code>false</code>, which is entirely appropriate for
* most circumstances as you do not want a <code>HttpSession</code>
* created unless the filter actually needs one. It is envisaged the main
* situation in which this property would be set to <code>true</code> is
* if using other filters that depend on a <code>HttpSession</code>
* already existing, such as those which need to obtain a session ID. This
* is only required in specialised cases, so leave it set to
* <code>false</code> unless you have an actual requirement and are
* conscious of the session creation overhead.
*/
private boolean forceEagerSessionCreation = false;
/**
* Indicates whether the <code>SecurityContext</code> will be cloned from
* the <code>HttpSession</code>. The default is to simply reference (ie
* the default is <code>false</code>). The default may cause issues if
* concurrent threads need to have a different security identity from other
* threads being concurrently processed that share the same
* <code>HttpSession</code>. In most normal environments this does not
* represent an issue, as changes to the security identity in one thread is
* allowed to affect the security identitiy in other threads associated with
* the same <code>HttpSession</code>. For unusual cases where this is not
* permitted, change this value to <code>true</code> and ensure the
* {@link #context} is set to a <code>SecurityContext</code> that
* implements {@link Cloneable} and overrides the <code>clone()</code>
* method.
*/
private boolean cloneFromHttpSession = false;
public boolean isCloneFromHttpSession() {
return cloneFromHttpSession;
}
@@ -123,217 +165,251 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi
}
public HttpSessionContextIntegrationFilter() throws ServletException {
this.contextObject = generateNewContext();
}
this.contextObject = generateNewContext();
}
//~ Methods ========================================================================================================
// ~ Methods
// ========================================================================================================
public void afterPropertiesSet() throws Exception {
if ((this.context == null) || (!SecurityContext.class.isAssignableFrom(this.context))) {
throw new IllegalArgumentException(
"context must be defined and implement SecurityContext (typically use org.acegisecurity.context.SecurityContextImpl; existing class is "
+ this.context + ")");
}
public void afterPropertiesSet() throws Exception {
if ((this.context == null) || (!SecurityContext.class.isAssignableFrom(this.context))) {
throw new IllegalArgumentException("context must be defined and implement SecurityContext "
+ "(typically use org.acegisecurity.context.SecurityContextImpl; existing class is " + this.context
+ ")");
}
if ((forceEagerSessionCreation == true) && (allowSessionCreation == false)) {
throw new IllegalArgumentException(
"If using forceEagerSessionCreation, you must set allowSessionCreation to also be true");
}
}
if ((forceEagerSessionCreation == true) && (allowSessionCreation == false)) {
throw new IllegalArgumentException(
"If using forceEagerSessionCreation, you must set allowSessionCreation to also be true");
}
}
/**
* Does nothing. We use IoC container lifecycle services instead.
*/
public void destroy() {}
/**
* Does nothing. We use IoC container lifecycle services instead.
*/
public void destroy() {
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
if ((request != null) && (request.getAttribute(FILTER_APPLIED) != null)) {
// ensure that filter is only applied once per request
chain.doFilter(request, response);
} else {
if (request != null) {
request.setAttribute(FILTER_APPLIED, Boolean.TRUE);
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
ServletException {
boolean filterApplied = false;
if ((request != null) && (request.getAttribute(FILTER_APPLIED) != null)) {
// ensure that filter is only applied once per request
chain.doFilter(request, response);
}
else {
if (request != null) {
filterApplied = true;
request.setAttribute(FILTER_APPLIED, Boolean.TRUE);
}
HttpSession httpSession = null;
boolean httpSessionExistedAtStartOfRequest = false;
HttpSession httpSession = null;
boolean httpSessionExistedAtStartOfRequest = false;
try {
httpSession = ((HttpServletRequest) request).getSession(forceEagerSessionCreation);
} catch (IllegalStateException ignored) {}
try {
httpSession = ((HttpServletRequest) request).getSession(forceEagerSessionCreation);
}
catch (IllegalStateException ignored) {
}
if (httpSession != null) {
httpSessionExistedAtStartOfRequest = true;
if (httpSession != null) {
httpSessionExistedAtStartOfRequest = true;
Object contextFromSessionObject = httpSession.getAttribute(ACEGI_SECURITY_CONTEXT_KEY);
// Clone if required (see SEC-356)
if (cloneFromHttpSession) {
Assert.isInstanceOf(Cloneable.class, contextFromSessionObject, "Context must implement Clonable and provide a Object.clone() method");
try {
Method m = contextFromSessionObject.getClass().getMethod("clone", new Class[] {});
if (!m.isAccessible()) {
m.setAccessible(true);
}
contextFromSessionObject = m.invoke(contextFromSessionObject, new Object[] {});
} catch (Exception ex) {
ReflectionUtils.handleReflectionException(ex);
}
}
if (contextFromSessionObject != null) {
if (contextFromSessionObject instanceof SecurityContext) {
if (logger.isDebugEnabled()) {
logger.debug(
"Obtained from ACEGI_SECURITY_CONTEXT a valid SecurityContext and set to SecurityContextHolder: '"
+ contextFromSessionObject + "'");
}
Object contextFromSessionObject = httpSession.getAttribute(ACEGI_SECURITY_CONTEXT_KEY);
SecurityContextHolder.setContext((SecurityContext) contextFromSessionObject);
} else {
if (logger.isWarnEnabled()) {
logger.warn("ACEGI_SECURITY_CONTEXT did not contain a SecurityContext but contained: '"
+ contextFromSessionObject
+ "'; are you improperly modifying the HttpSession directly (you should always use SecurityContextHolder) or using the HttpSession attribute reserved for this class? - new SecurityContext instance associated with SecurityContextHolder");
}
if (contextFromSessionObject != null) {
// Clone if required (see SEC-356)
if (cloneFromHttpSession) {
Assert.isInstanceOf(Cloneable.class, contextFromSessionObject,
"Context must implement Clonable and provide a Object.clone() method");
try {
Method m = contextFromSessionObject.getClass().getMethod("clone", new Class[] {});
if (!m.isAccessible()) {
m.setAccessible(true);
}
contextFromSessionObject = m.invoke(contextFromSessionObject, new Object[] {});
}
catch (Exception ex) {
ReflectionUtils.handleReflectionException(ex);
}
}
SecurityContextHolder.setContext(generateNewContext());
}
} else {
if (logger.isDebugEnabled()) {
logger.debug(
"HttpSession returned null object for ACEGI_SECURITY_CONTEXT - new SecurityContext instance associated with SecurityContextHolder");
}
if (contextFromSessionObject instanceof SecurityContext) {
if (logger.isDebugEnabled()) {
logger.debug("Obtained from ACEGI_SECURITY_CONTEXT a valid SecurityContext and "
+ "set to SecurityContextHolder: '" + contextFromSessionObject + "'");
}
SecurityContextHolder.setContext(generateNewContext());
}
} else {
if (logger.isDebugEnabled()) {
logger.debug(
"No HttpSession currently exists - new SecurityContext instance associated with SecurityContextHolder");
}
SecurityContextHolder.setContext((SecurityContext) contextFromSessionObject);
}
else {
if (logger.isWarnEnabled()) {
logger
.warn("ACEGI_SECURITY_CONTEXT did not contain a SecurityContext but contained: '"
+ contextFromSessionObject
+ "'; are you improperly modifying the HttpSession directly "
+ "(you should always use SecurityContextHolder) or using the HttpSession attribute "
+ "reserved for this class? - new SecurityContext instance associated with "
+ "SecurityContextHolder");
}
SecurityContextHolder.setContext(generateNewContext());
}
SecurityContextHolder.setContext(generateNewContext());
}
}
else {
if (logger.isDebugEnabled()) {
logger.debug("HttpSession returned null object for ACEGI_SECURITY_CONTEXT - new "
+ "SecurityContext instance associated with SecurityContextHolder");
}
// Make the HttpSession null, as we want to ensure we don't keep
// a reference to the HttpSession laying around in case the
// chain.doFilter() invalidates it.
httpSession = null;
SecurityContextHolder.setContext(generateNewContext());
}
}
else {
if (logger.isDebugEnabled()) {
logger.debug("No HttpSession currently exists - new SecurityContext instance "
+ "associated with SecurityContextHolder");
}
// Proceed with chain
int contextWhenChainProceeded = SecurityContextHolder.getContext().hashCode();
SecurityContextHolder.setContext(generateNewContext());
}
try {
chain.doFilter(request, response);
} catch (IOException ioe) {
throw ioe;
} catch (ServletException se) {
throw se;
} finally {
// do clean up, even if there was an exception
// Store context back to HttpSession
try {
httpSession = ((HttpServletRequest) request).getSession(false);
} catch (IllegalStateException ignored) {}
// Make the HttpSession null, as we want to ensure we don't keep
// a reference to the HttpSession laying around in case the
// chain.doFilter() invalidates it.
httpSession = null;
if ((httpSession == null) && httpSessionExistedAtStartOfRequest) {
if (logger.isDebugEnabled()) {
logger.debug(
"HttpSession is now null, but was not null at start of request; session was invalidated, so do not create a new session");
}
}
// Proceed with chain
int contextWhenChainProceeded = SecurityContextHolder.getContext().hashCode();
// Generate a HttpSession only if we need to
if ((httpSession == null) && !httpSessionExistedAtStartOfRequest) {
if (!allowSessionCreation) {
if (logger.isDebugEnabled()) {
logger.debug(
"The HttpSession is currently null, and the HttpSessionContextIntegrationFilter is prohibited from creating a HttpSession (because the allowSessionCreation property is false) - SecurityContext thus not stored for next request");
}
} else if (!contextObject.equals(SecurityContextHolder.getContext())) {
if (logger.isDebugEnabled()) {
logger.debug("HttpSession being created as SecurityContextHolder contents are non-default");
}
try {
chain.doFilter(request, response);
}
catch (IOException ioe) {
throw ioe;
}
catch (ServletException se) {
throw se;
}
finally {
// do clean up, even if there was an exception
// Store context back to HttpSession
try {
httpSession = ((HttpServletRequest) request).getSession(false);
}
catch (IllegalStateException ignored) {
}
try {
httpSession = ((HttpServletRequest) request).getSession(true);
} catch (IllegalStateException ignored) {}
} else {
if (logger.isDebugEnabled()) {
logger.debug(
"HttpSession is null, but SecurityContextHolder has not changed from default: ' "
+ SecurityContextHolder.getContext()
+ "'; not creating HttpSession or storing SecurityContextHolder contents");
}
}
}
if ((httpSession == null) && httpSessionExistedAtStartOfRequest) {
if (logger.isDebugEnabled()) {
logger.debug("HttpSession is now null, but was not null at start of request; "
+ "session was invalidated, so do not create a new session");
}
}
// If HttpSession exists, store current SecurityContextHolder
// contents
// but only if SecurityContext has actually changed (see JIRA
// SEC-37)
if ((httpSession != null)
&& (SecurityContextHolder.getContext().hashCode() != contextWhenChainProceeded)) {
httpSession.setAttribute(ACEGI_SECURITY_CONTEXT_KEY, SecurityContextHolder.getContext());
// Generate a HttpSession only if we need to
if ((httpSession == null) && !httpSessionExistedAtStartOfRequest) {
if (!allowSessionCreation) {
if (logger.isDebugEnabled()) {
logger
.debug("The HttpSession is currently null, and the "
+ "HttpSessionContextIntegrationFilter is prohibited from creating an HttpSession "
+ "(because the allowSessionCreation property is false) - SecurityContext thus not "
+ "stored for next request");
}
}
else if (!contextObject.equals(SecurityContextHolder.getContext())) {
if (logger.isDebugEnabled()) {
logger.debug("HttpSession being created as SecurityContextHolder contents are non-default");
}
if (logger.isDebugEnabled()) {
logger.debug("SecurityContext stored to HttpSession: '" + SecurityContextHolder.getContext()
+ "'");
}
}
try {
httpSession = ((HttpServletRequest) request).getSession(true);
}
catch (IllegalStateException ignored) {
}
}
else {
if (logger.isDebugEnabled()) {
logger
.debug("HttpSession is null, but SecurityContextHolder has not changed from default: ' "
+ SecurityContextHolder.getContext()
+ "'; not creating HttpSession or storing SecurityContextHolder contents");
}
}
}
// Remove SecurityContextHolder contents
SecurityContextHolder.clearContext();
// If HttpSession exists, store current
// SecurityContextHolder contents but only if
// SecurityContext has
// actually changed (see JIRA SEC-37)
if ((httpSession != null)
&& (SecurityContextHolder.getContext().hashCode() != contextWhenChainProceeded)) {
httpSession.setAttribute(ACEGI_SECURITY_CONTEXT_KEY, SecurityContextHolder.getContext());
if (logger.isDebugEnabled()) {
logger.debug("SecurityContextHolder set to new context, as request processing completed");
}
}
}
}
if (logger.isDebugEnabled()) {
logger.debug("SecurityContext stored to HttpSession: '" + SecurityContextHolder.getContext()
+ "'");
}
}
public SecurityContext generateNewContext() throws ServletException {
try {
return (SecurityContext) this.context.newInstance();
} catch (InstantiationException ie) {
throw new ServletException(ie);
} catch (IllegalAccessException iae) {
throw new ServletException(iae);
}
}
if (filterApplied) {
request.removeAttribute(FILTER_APPLIED);
}
// Remove SecurityContextHolder contents
SecurityContextHolder.clearContext();
public Class getContext() {
return context;
}
if (logger.isDebugEnabled()) {
logger.debug("SecurityContextHolder set to new context, as request processing completed");
}
}
}
}
/**
* Does nothing. We use IoC container lifecycle services instead.
*
* @param filterConfig ignored
*
* @throws ServletException ignored
*/
public void init(FilterConfig filterConfig) throws ServletException {}
public SecurityContext generateNewContext() throws ServletException {
try {
return (SecurityContext) this.context.newInstance();
}
catch (InstantiationException ie) {
throw new ServletException(ie);
}
catch (IllegalAccessException iae) {
throw new ServletException(iae);
}
}
public boolean isAllowSessionCreation() {
return allowSessionCreation;
}
public Class getContext() {
return context;
}
public boolean isForceEagerSessionCreation() {
return forceEagerSessionCreation;
}
/**
* Does nothing. We use IoC container lifecycle services instead.
*
* @param filterConfig ignored
*
* @throws ServletException ignored
*/
public void init(FilterConfig filterConfig) throws ServletException {
}
public void setAllowSessionCreation(boolean allowSessionCreation) {
this.allowSessionCreation = allowSessionCreation;
}
public boolean isAllowSessionCreation() {
return allowSessionCreation;
}
public void setContext(Class secureContext) {
this.context = secureContext;
}
public boolean isForceEagerSessionCreation() {
return forceEagerSessionCreation;
}
public void setForceEagerSessionCreation(boolean forceEagerSessionCreation) {
this.forceEagerSessionCreation = forceEagerSessionCreation;
}
public void setAllowSessionCreation(boolean allowSessionCreation) {
this.allowSessionCreation = allowSessionCreation;
}
public void setContext(Class secureContext) {
this.context = secureContext;
}
public void setForceEagerSessionCreation(boolean forceEagerSessionCreation) {
this.forceEagerSessionCreation = forceEagerSessionCreation;
}
}
@@ -23,7 +23,7 @@ import java.io.Serializable;
/**
* Interface defining the minimum security information associated with the
* current thread of execution.
*
*
* <p>
* The security context is stored in a {@link SecurityContextHolder}.
* </p>
@@ -39,7 +39,7 @@ public interface SecurityContext extends Serializable {
*
* @return the <code>Authentication</code> or <code>null</code> if no authentication information is available
*/
public Authentication getAuthentication();
Authentication getAuthentication();
/**
* Changes the currently authenticated principal, or removes the authentication information.
@@ -47,5 +47,5 @@ public interface SecurityContext extends Serializable {
* @param authentication the new <code>Authentication</code> token, or <code>null</code> if no further
* authentication information should be stored
*/
public void setAuthentication(Authentication authentication);
void setAuthentication(Authentication authentication);
}
@@ -17,7 +17,7 @@ package org.acegisecurity.context;
/**
* A strategy for storing security context information against a thread.
*
*
* <p>
* The preferred strategy is loaded by {@link
* org.acegisecurity.context.SecurityContextHolder}.
@@ -32,14 +32,14 @@ public interface SecurityContextHolderStrategy {
/**
* Clears the current context.
*/
public void clearContext();
void clearContext();
/**
* Obtains the current context.
*
* @return a context (never <code>null</code> - create a default implementation if necessary)
*/
public SecurityContext getContext();
SecurityContext getContext();
/**
* Sets the current context.
@@ -47,5 +47,5 @@ public interface SecurityContextHolderStrategy {
* @param context to the new argument (should never be <code>null</code>, although implementations must check if
* <code>null</code> has been passed and throw an <code>IllegalArgumentException</code> in such cases)
*/
public void setContext(SecurityContext context);
void setContext(SecurityContext context);
}
@@ -85,9 +85,8 @@ public class AuthenticationSimpleHttpInvokerRequestExecutor extends SimpleHttpIn
}
} else {
if (logger.isDebugEnabled()) {
logger.debug(
"Unable to set BASIC authentication header as SecurityContext did not provide valid Authentication: "
+ auth);
logger.debug("Unable to set BASIC authentication header as SecurityContext did not provide "
+ "valid Authentication: " + auth);
}
}
@@ -17,10 +17,8 @@ package org.acegisecurity.event.authentication;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.context.ApplicationEvent;
import org.springframework.context.ApplicationListener;
import org.springframework.util.ClassUtils;
@@ -35,12 +33,19 @@ public class LoggerListener implements ApplicationListener {
//~ Static fields/initializers =====================================================================================
private static final Log logger = LogFactory.getLog(LoggerListener.class);
/** If set to true, {@link InteractiveAuthenticationSuccessEvent} will be logged (defaults to true) */
private boolean logInteractiveAuthenticationSuccessEvents = true;
//~ Methods ========================================================================================================
public void onApplicationEvent(ApplicationEvent event) {
if (event instanceof AbstractAuthenticationEvent) {
AbstractAuthenticationEvent authEvent = (AbstractAuthenticationEvent) event;
if (!logInteractiveAuthenticationSuccessEvents && authEvent instanceof InteractiveAuthenticationSuccessEvent) {
return;
}
if (logger.isWarnEnabled()) {
String message = "Authentication event " + ClassUtils.getShortName(authEvent.getClass()) + ": "
@@ -56,4 +61,13 @@ public class LoggerListener implements ApplicationListener {
}
}
}
public boolean isLogInteractiveAuthenticationSuccessEvents() {
return logInteractiveAuthenticationSuccessEvents;
}
public void setLogInteractiveAuthenticationSuccessEvents(
boolean logInteractiveAuthenticationSuccessEvents) {
this.logInteractiveAuthenticationSuccessEvents = logInteractiveAuthenticationSuccessEvents;
}
}
@@ -15,9 +15,7 @@
package org.acegisecurity.event.authorization;
import org.acegisecurity.AccessDecisionManager;
import org.acegisecurity.AccessDeniedException;
import org.acegisecurity.AfterInvocationManager;
import org.acegisecurity.Authentication;
import org.acegisecurity.ConfigAttributeDefinition;
@@ -27,7 +25,8 @@ import org.acegisecurity.ConfigAttributeDefinition;
* be authorized for the request.
*
* <p>This event might be thrown as a result of either an
* {@link AccessDecisionManager} or an {@link AfterInvocationManager}.
* {@link org.acegisecurity.AccessDecisionManager AccessDecisionManager} or an
* {@link org.acegisecurity.AfterInvocationManager AfterInvocationManager}.
*
* @author Ben Alex
* @version $Id$
@@ -41,7 +40,7 @@ public class AuthorizationFailureEvent extends AbstractAuthorizationEvent {
//~ Constructors ===================================================================================================
/**
/**
* Construct the event.
*
* @param secureObject the secure object
@@ -23,8 +23,11 @@ import org.springframework.context.ApplicationListener;
/**
* Outputs interceptor-related application events to Commons Logging.<P>All failures are logged at the warning
* level, with success events logged at the information level, and public invocation events logged at the debug level.</p>
* Outputs interceptor-related application events to Commons Logging.
* <p>
* All failures are logged at the warning level, with success events logged at the information level,
* and public invocation events logged at the debug level.
* </p>
*
* @author Ben Alex
* @version $Id$
@@ -52,8 +55,9 @@ public class LoggerListener implements ApplicationListener {
if (logger.isWarnEnabled()) {
logger.warn("Security authorization failed due to: " + authEvent.getAccessDeniedException()
+ "; authenticated principal: " + authEvent.getAuthentication() + "; secure object: "
+ authEvent.getSource() + "; configuration attributes: " + authEvent.getConfigAttributeDefinition());
+ "; authenticated principal: " + authEvent.getAuthentication()
+ "; secure object: " + authEvent.getSource()
+ "; configuration attributes: " + authEvent.getConfigAttributeDefinition());
}
}
@@ -154,7 +154,7 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
token.getAttr(), returnedObject);
} catch (AccessDeniedException accessDeniedException) {
AuthorizationFailureEvent event = new AuthorizationFailureEvent(token.getSecureObject(),
token.getAttr(), token.getAuthentication(), accessDeniedException);
token.getAttr(), token.getAuthentication(), accessDeniedException);
publishEvent(event);
throw accessDeniedException;
@@ -194,35 +194,32 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
Iterator iter = this.obtainObjectDefinitionSource().getConfigAttributeDefinitions();
if (iter == null) {
if (logger.isWarnEnabled()) {
logger.warn(
"Could not validate configuration attributes as the MethodDefinitionSource did not return a ConfigAttributeDefinition Iterator");
}
} else {
Set set = new HashSet();
logger.warn("Could not validate configuration attributes as the MethodDefinitionSource did not return "
+ "a ConfigAttributeDefinition Iterator");
return;
}
while (iter.hasNext()) {
ConfigAttributeDefinition def = (ConfigAttributeDefinition) iter.next();
Iterator attributes = def.getConfigAttributes();
Set unsupportedAttrs = new HashSet();
while (attributes.hasNext()) {
ConfigAttribute attr = (ConfigAttribute) attributes.next();
while (iter.hasNext()) {
ConfigAttributeDefinition def = (ConfigAttributeDefinition) iter.next();
Iterator attributes = def.getConfigAttributes();
if (!this.runAsManager.supports(attr) && !this.accessDecisionManager.supports(attr)
&& ((this.afterInvocationManager == null) || !this.afterInvocationManager.supports(attr))) {
set.add(attr);
}
while (attributes.hasNext()) {
ConfigAttribute attr = (ConfigAttribute) attributes.next();
if (!this.runAsManager.supports(attr) && !this.accessDecisionManager.supports(attr)
&& ((this.afterInvocationManager == null) || !this.afterInvocationManager.supports(attr))) {
unsupportedAttrs.add(attr);
}
}
if (set.size() == 0) {
if (logger.isInfoEnabled()) {
logger.info("Validated configuration attributes");
}
} else {
throw new IllegalArgumentException("Unsupported configuration attributes: " + set.toString());
}
}
if (unsupportedAttrs.size() != 0) {
throw new IllegalArgumentException("Unsupported configuration attributes: " + unsupportedAttrs);
}
logger.info("Validated configuration attributes");
}
}
@@ -238,85 +235,14 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
ConfigAttributeDefinition attr = this.obtainObjectDefinitionSource().getAttributes(object);
if ((attr == null) && rejectPublicInvocations) {
throw new IllegalArgumentException(
"No public invocations are allowed via this AbstractSecurityInterceptor. This indicates a configuration error because the AbstractSecurityInterceptor.rejectPublicInvocations property is set to 'true'");
}
if (attr != null) {
if (logger.isDebugEnabled()) {
logger.debug("Secure object: " + object.toString() + "; ConfigAttributes: " + attr.toString());
if (attr == null) {
if(rejectPublicInvocations) {
throw new IllegalArgumentException(
"No public invocations are allowed via this AbstractSecurityInterceptor. "
+ "This indicates a configuration error because the "
+ "AbstractSecurityInterceptor.rejectPublicInvocations property is set to 'true'");
}
// We check for just the property we're interested in (we do
// not call Context.validate() like the ContextInterceptor)
if (SecurityContextHolder.getContext().getAuthentication() == null) {
credentialsNotFound(messages.getMessage("AbstractSecurityInterceptor.authenticationNotFound",
"An Authentication object was not found in the SecurityContext"), object, attr);
}
// Attempt authentication if not already authenticated, or user always wants reauthentication
Authentication authenticated;
if (!SecurityContextHolder.getContext().getAuthentication().isAuthenticated() || alwaysReauthenticate) {
try {
authenticated = this.authenticationManager.authenticate(SecurityContextHolder.getContext()
.getAuthentication());
} catch (AuthenticationException authenticationException) {
throw authenticationException;
}
// We don't authenticated.setAuthentication(true), because each provider should do that
if (logger.isDebugEnabled()) {
logger.debug("Successfully Authenticated: " + authenticated.toString());
}
SecurityContextHolder.getContext().setAuthentication(authenticated);
} else {
authenticated = SecurityContextHolder.getContext().getAuthentication();
if (logger.isDebugEnabled()) {
logger.debug("Previously Authenticated: " + authenticated.toString());
}
}
// Attempt authorization
try {
this.accessDecisionManager.decide(authenticated, object, attr);
} catch (AccessDeniedException accessDeniedException) {
AuthorizationFailureEvent event = new AuthorizationFailureEvent(object, attr, authenticated,
accessDeniedException);
publishEvent(event);
throw accessDeniedException;
}
if (logger.isDebugEnabled()) {
logger.debug("Authorization successful");
}
AuthorizedEvent event = new AuthorizedEvent(object, attr, authenticated);
publishEvent(event);
// Attempt to run as a different user
Authentication runAs = this.runAsManager.buildRunAs(authenticated, object, attr);
if (runAs == null) {
if (logger.isDebugEnabled()) {
logger.debug("RunAsManager did not change Authentication object");
}
return new InterceptorStatusToken(authenticated, false, attr, object); // no further work post-invocation
} else {
if (logger.isDebugEnabled()) {
logger.debug("Switching to RunAs Authentication: " + runAs.toString());
}
SecurityContextHolder.getContext().setAuthentication(runAs);
return new InterceptorStatusToken(authenticated, true, attr, object); // revert to token.Authenticated post-invocation
}
} else {
if (logger.isDebugEnabled()) {
logger.debug("Public object - authentication not attempted");
}
@@ -325,6 +251,80 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
return null; // no further work post-invocation
}
if (logger.isDebugEnabled()) {
logger.debug("Secure object: " + object.toString() + "; ConfigAttributes: " + attr.toString());
}
if (SecurityContextHolder.getContext().getAuthentication() == null) {
credentialsNotFound(messages.getMessage("AbstractSecurityInterceptor.authenticationNotFound",
"An Authentication object was not found in the SecurityContext"), object, attr);
}
// Attempt authentication if not already authenticated, or user always wants reauthentication
Authentication authenticated;
if (!SecurityContextHolder.getContext().getAuthentication().isAuthenticated() || alwaysReauthenticate) {
try {
authenticated = this.authenticationManager.authenticate(SecurityContextHolder.getContext()
.getAuthentication());
} catch (AuthenticationException authenticationException) {
throw authenticationException;
}
// We don't authenticated.setAuthentication(true), because each provider should do that
if (logger.isDebugEnabled()) {
logger.debug("Successfully Authenticated: " + authenticated.toString());
}
SecurityContextHolder.getContext().setAuthentication(authenticated);
} else {
authenticated = SecurityContextHolder.getContext().getAuthentication();
if (logger.isDebugEnabled()) {
logger.debug("Previously Authenticated: " + authenticated.toString());
}
}
// Attempt authorization
try {
this.accessDecisionManager.decide(authenticated, object, attr);
} catch (AccessDeniedException accessDeniedException) {
AuthorizationFailureEvent event = new AuthorizationFailureEvent(object, attr, authenticated,
accessDeniedException);
publishEvent(event);
throw accessDeniedException;
}
if (logger.isDebugEnabled()) {
logger.debug("Authorization successful");
}
AuthorizedEvent event = new AuthorizedEvent(object, attr, authenticated);
publishEvent(event);
// Attempt to run as a different user
Authentication runAs = this.runAsManager.buildRunAs(authenticated, object, attr);
if (runAs == null) {
if (logger.isDebugEnabled()) {
logger.debug("RunAsManager did not change Authentication object");
}
// no further work post-invocation
return new InterceptorStatusToken(authenticated, false, attr, object);
} else {
if (logger.isDebugEnabled()) {
logger.debug("Switching to RunAs Authentication: " + runAs.toString());
}
SecurityContextHolder.getContext().setAuthentication(runAs);
// revert to token.Authenticated post-invocation
return new InterceptorStatusToken(authenticated, true, attr, object);
}
}
/**
@@ -406,8 +406,8 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
this.alwaysReauthenticate = alwaysReauthenticate;
}
public void setApplicationEventPublisher(ApplicationEventPublisher eventPublisher) {
this.eventPublisher = eventPublisher;
public void setApplicationEventPublisher(ApplicationEventPublisher applicationEventPublisher) {
this.eventPublisher = applicationEventPublisher;
}
public void setAuthenticationManager(AuthenticationManager newManager) {
@@ -427,7 +427,7 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
* attempt is made to invoke a secure object that has no configuration attributes.
*
* @param rejectPublicInvocations set to <code>true</code> to reject invocations of secure objects that have no
* configuration attributes (by default it is <code>true</code> which treats undeclared secure objects as
* configuration attributes (by default it is <code>false</code> which treats undeclared secure objects as
* "public" or unauthorized)
*/
public void setRejectPublicInvocations(boolean rejectPublicInvocations) {
@@ -42,7 +42,7 @@ public interface ObjectDefinitionSource {
* @throws IllegalArgumentException if the passed object is not of a type supported by the
* <code>ObjectDefinitionSource</code> implementation
*/
public ConfigAttributeDefinition getAttributes(Object object)
ConfigAttributeDefinition getAttributes(Object object)
throws IllegalArgumentException;
/**
@@ -52,7 +52,7 @@ public interface ObjectDefinitionSource {
*
* @return an iterator over all the <code>ConfigAttributeDefinition</code>s or <code>null</code> if unsupported
*/
public Iterator getConfigAttributeDefinitions();
Iterator getConfigAttributeDefinitions();
/**
* Indicates whether the <code>ObjectDefinitionSource</code> implementation is able to provide
@@ -62,5 +62,5 @@ public interface ObjectDefinitionSource {
*
* @return true if the implementation can process the indicated class
*/
public boolean supports(Class clazz);
boolean supports(Class clazz);
}
@@ -86,7 +86,7 @@ public class MethodDefinitionAttributes extends AbstractMethodDefinitionSource {
Method m = clazz.getDeclaredMethod(method.getName(), (Class[]) method.getParameterTypes());
addMethodAttributes(definition, m);
} catch (Exception e) {
// this won't happen since we are getting a method from an interface that
// this won't happen since we are getting a method from an interface that
// the declaring class implements
}
}
@@ -207,7 +207,8 @@ public class MethodDefinitionMap extends AbstractMethodDefinitionSource {
try {
// Look for the method on the current interface
Method interfaceMethod = clazz.getDeclaredMethod(method.getName(), (Class[]) method.getParameterTypes());
ConfigAttributeDefinition interfaceAssigned = (ConfigAttributeDefinition) this.methodMap.get(interfaceMethod);
ConfigAttributeDefinition interfaceAssigned =
(ConfigAttributeDefinition) this.methodMap.get(interfaceMethod);
merge(definition, interfaceAssigned);
} catch (Exception e) {
// skip this interface
@@ -236,7 +237,7 @@ public class MethodDefinitionMap extends AbstractMethodDefinitionSource {
/**
* Easier configuration of the instance, using {@link MethodDefinitionSourceMapping}.
*
*
* @param mappings {@link List} of {@link MethodDefinitionSourceMapping} objects.
*/
public void setMappings(List mappings) {
@@ -30,8 +30,8 @@ import java.util.Properties;
/**
* Property editor to assist with the setup of a {@link MethodDefinitionSource}.<p>The class creates and populates
* a {@link MethodDefinitionMap}.</p>
* Property editor to assist with the setup of a {@link MethodDefinitionSource}.
* <p>The class creates and populates a {@link MethodDefinitionMap}.</p>
*
* @author Ben Alex
* @version $Id$

Some files were not shown because too many files have changed in this diff Show More