Compare commits
11 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 55fbfc5285 | |||
| b75ea4e622 | |||
| f626d5ec47 | |||
| 1b07b5e616 | |||
| 22aaf34499 | |||
| 62093067cb | |||
| be3d309905 | |||
| 065e2b6fa2 | |||
| b253510127 | |||
| e41860d944 | |||
| e9b5ada0c4 |
@@ -3,7 +3,7 @@
|
||||
<parent>
|
||||
<groupId>org.acegisecurity</groupId>
|
||||
<artifactId>acegi-security-adapters</artifactId>
|
||||
<version>1.0.6</version>
|
||||
<version>1.0.7</version>
|
||||
</parent>
|
||||
<artifactId>acegi-security-cas</artifactId>
|
||||
<name>Acegi Security System for Spring - CAS adapter</name>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<parent>
|
||||
<groupId>org.acegisecurity</groupId>
|
||||
<artifactId>acegi-security-adapters</artifactId>
|
||||
<version>1.0.6</version>
|
||||
<version>1.0.7</version>
|
||||
</parent>
|
||||
<artifactId>acegi-security-catalina</artifactId>
|
||||
<name>Acegi Security System for Spring - Catalina adapter</name>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<parent>
|
||||
<groupId>org.acegisecurity</groupId>
|
||||
<artifactId>acegi-security-adapters</artifactId>
|
||||
<version>1.0.6</version>
|
||||
<version>1.0.7</version>
|
||||
</parent>
|
||||
<artifactId>acegi-security-jboss</artifactId>
|
||||
<name>Acegi Security System for Spring - JBoss adapter</name>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<parent>
|
||||
<groupId>org.acegisecurity</groupId>
|
||||
<artifactId>acegi-security-adapters</artifactId>
|
||||
<version>1.0.6</version>
|
||||
<version>1.0.7</version>
|
||||
</parent>
|
||||
<artifactId>acegi-security-jetty</artifactId>
|
||||
<name>Acegi Security System for Spring - Jetty adapter</name>
|
||||
|
||||
+1
-1
@@ -3,7 +3,7 @@
|
||||
<parent>
|
||||
<groupId>org.acegisecurity</groupId>
|
||||
<artifactId>acegi-security-parent</artifactId>
|
||||
<version>1.0.6</version>
|
||||
<version>1.0.7</version>
|
||||
</parent>
|
||||
<artifactId>acegi-security-adapters</artifactId>
|
||||
<name>Acegi Security System for Spring - Adapters</name>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<parent>
|
||||
<groupId>org.acegisecurity</groupId>
|
||||
<artifactId>acegi-security-adapters</artifactId>
|
||||
<version>1.0.6</version>
|
||||
<version>1.0.7</version>
|
||||
</parent>
|
||||
<artifactId>acegi-security-resin</artifactId>
|
||||
<name>Acegi Security System for Spring - Resin adapter</name>
|
||||
|
||||
+1
-1
@@ -3,7 +3,7 @@
|
||||
<parent>
|
||||
<groupId>org.acegisecurity</groupId>
|
||||
<artifactId>acegi-security-parent</artifactId>
|
||||
<version>1.0.6</version>
|
||||
<version>1.0.7</version>
|
||||
</parent>
|
||||
<artifactId>acegi-security-tiger</artifactId>
|
||||
<name>Acegi Security System for Spring - Java 5 (Tiger)</name>
|
||||
|
||||
+1
-1
@@ -3,7 +3,7 @@
|
||||
<parent>
|
||||
<groupId>org.acegisecurity</groupId>
|
||||
<artifactId>acegi-security-parent</artifactId>
|
||||
<version>1.0.6</version>
|
||||
<version>1.0.7</version>
|
||||
</parent>
|
||||
<packaging>jar</packaging>
|
||||
<artifactId>acegi-security</artifactId>
|
||||
|
||||
@@ -23,6 +23,10 @@ package org.acegisecurity;
|
||||
* @version $Id$
|
||||
*/
|
||||
public abstract class AbstractAuthenticationManager implements AuthenticationManager {
|
||||
|
||||
//~ Instance fields ================================================================================================
|
||||
private boolean clearExtraInformation = true;
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
/**
|
||||
@@ -43,6 +47,11 @@ public abstract class AbstractAuthenticationManager implements AuthenticationMan
|
||||
return doAuthentication(authRequest);
|
||||
} catch (AuthenticationException e) {
|
||||
e.setAuthentication(authRequest);
|
||||
|
||||
if (clearExtraInformation) {
|
||||
e.clearExtraInformation();
|
||||
}
|
||||
|
||||
throw e;
|
||||
}
|
||||
}
|
||||
@@ -60,4 +69,15 @@ public abstract class AbstractAuthenticationManager implements AuthenticationMan
|
||||
*/
|
||||
protected abstract Authentication doAuthentication(Authentication authentication)
|
||||
throws AuthenticationException;
|
||||
|
||||
/**
|
||||
* If set to true, the <tt>extraInformation</tt> set on an <tt>AuthenticationException</tt> will be cleared
|
||||
* before rethrowing it. This is useful for use with remoting protocols where the information shouldn't
|
||||
* be serialized to the client. Defaults to 'false'.
|
||||
*
|
||||
* @see AuthenticationException#getExtraInformation()
|
||||
*/
|
||||
public void setClearExtraInformation(boolean clearExtraInformation) {
|
||||
this.clearExtraInformation = clearExtraInformation;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -25,7 +25,7 @@ package org.acegisecurity;
|
||||
public class AccountExpiredException extends AuthenticationException {
|
||||
//~ Constructors ===================================================================================================
|
||||
|
||||
/**
|
||||
/**
|
||||
* Constructs a <code>AccountExpiredException</code> with the specified
|
||||
* message.
|
||||
*
|
||||
@@ -35,7 +35,7 @@ public class AccountExpiredException extends AuthenticationException {
|
||||
super(msg);
|
||||
}
|
||||
|
||||
/**
|
||||
/**
|
||||
* Constructs a <code>AccountExpiredException</code> with the specified
|
||||
* message and root cause.
|
||||
*
|
||||
@@ -45,4 +45,8 @@ public class AccountExpiredException extends AuthenticationException {
|
||||
public AccountExpiredException(String msg, Throwable t) {
|
||||
super(msg, t);
|
||||
}
|
||||
|
||||
public AccountExpiredException(String msg, Object extraInformation) {
|
||||
super(msg, extraInformation);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -25,12 +25,12 @@ package org.acegisecurity;
|
||||
public abstract class AuthenticationException extends AcegiSecurityException {
|
||||
//~ Instance fields ================================================================================================
|
||||
|
||||
/** The authentication that related to this exception (may be <code>null</code>) */
|
||||
private Authentication authentication;
|
||||
private Object extraInformation;
|
||||
|
||||
//~ Constructors ===================================================================================================
|
||||
|
||||
/**
|
||||
/**
|
||||
* Constructs an <code>AuthenticationException</code> with the specified
|
||||
* message and root cause.
|
||||
*
|
||||
@@ -41,7 +41,7 @@ public abstract class AuthenticationException extends AcegiSecurityException {
|
||||
super(msg, t);
|
||||
}
|
||||
|
||||
/**
|
||||
/**
|
||||
* Constructs an <code>AuthenticationException</code> with the specified
|
||||
* message and no root cause.
|
||||
*
|
||||
@@ -51,8 +51,16 @@ public abstract class AuthenticationException extends AcegiSecurityException {
|
||||
super(msg);
|
||||
}
|
||||
|
||||
public AuthenticationException(String msg, Object extraInformation) {
|
||||
super(msg);
|
||||
this.extraInformation = extraInformation;
|
||||
}
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
/**
|
||||
* The authentication request which this exception corresponds to (may be <code>null</code>)
|
||||
*/
|
||||
public Authentication getAuthentication() {
|
||||
return authentication;
|
||||
}
|
||||
@@ -60,4 +68,17 @@ public abstract class AuthenticationException extends AcegiSecurityException {
|
||||
void setAuthentication(Authentication authentication) {
|
||||
this.authentication = authentication;
|
||||
}
|
||||
|
||||
/**
|
||||
* Any additional information about the exception. Generally a <code>UserDetails</code> object.
|
||||
*
|
||||
* @return extra information or <code>null</code>
|
||||
*/
|
||||
public Object getExtraInformation() {
|
||||
return extraInformation;
|
||||
}
|
||||
|
||||
void clearExtraInformation() {
|
||||
this.extraInformation = null;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -23,10 +23,6 @@ package org.acegisecurity;
|
||||
* @version $Id$
|
||||
*/
|
||||
public class BadCredentialsException extends AuthenticationException {
|
||||
//~ Instance fields ================================================================================================
|
||||
|
||||
private Object extraInformation;
|
||||
|
||||
//~ Constructors ===================================================================================================
|
||||
|
||||
/**
|
||||
@@ -40,8 +36,7 @@ public class BadCredentialsException extends AuthenticationException {
|
||||
}
|
||||
|
||||
public BadCredentialsException(String msg, Object extraInformation) {
|
||||
super(msg);
|
||||
this.extraInformation = extraInformation;
|
||||
super(msg, extraInformation);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -57,12 +52,4 @@ public class BadCredentialsException extends AuthenticationException {
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
/**
|
||||
* Any additional information about the exception. Generally a <code>UserDetails</code> object.
|
||||
*
|
||||
* @return extra information or <code>null</code>
|
||||
*/
|
||||
public Object getExtraInformation() {
|
||||
return extraInformation;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -45,4 +45,8 @@ public class CredentialsExpiredException extends AuthenticationException {
|
||||
public CredentialsExpiredException(String msg, Throwable t) {
|
||||
super(msg, t);
|
||||
}
|
||||
|
||||
public CredentialsExpiredException(String msg, Object extraInformation) {
|
||||
super(msg, extraInformation);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -44,4 +44,8 @@ public class DisabledException extends AuthenticationException {
|
||||
public DisabledException(String msg, Throwable t) {
|
||||
super(msg, t);
|
||||
}
|
||||
|
||||
public DisabledException(String msg, Object extraInformation) {
|
||||
super(msg, extraInformation);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -44,4 +44,8 @@ public class LockedException extends AuthenticationException {
|
||||
public LockedException(String msg, Throwable t) {
|
||||
super(msg, t);
|
||||
}
|
||||
|
||||
public LockedException(String msg, Object extraInformation) {
|
||||
super(msg, extraInformation);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -159,6 +159,14 @@ public class FilterBasedLdapUserSearch implements LdapUserSearch {
|
||||
searchControls.setTimeLimit(searchTimeLimit);
|
||||
}
|
||||
|
||||
protected LdapUserDetailsMapper getUserDetailsMapper() {
|
||||
return userDetailsMapper;
|
||||
}
|
||||
|
||||
public void setUserDetailsMapper(LdapUserDetailsMapper userDetailsMapper) {
|
||||
this.userDetailsMapper = userDetailsMapper;
|
||||
}
|
||||
|
||||
public String toString() {
|
||||
StringBuffer sb = new StringBuffer();
|
||||
|
||||
|
||||
@@ -110,6 +110,7 @@ public class ProviderManager extends AbstractAuthenticationManager implements In
|
||||
private List providers;
|
||||
protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
|
||||
private Properties exceptionMappings = new Properties();
|
||||
private Properties additionalExceptionMappings = new Properties();
|
||||
|
||||
static {
|
||||
DEFAULT_EXCEPTION_MAPPINGS.put(AccountExpiredException.class.getName(),
|
||||
@@ -143,6 +144,7 @@ public class ProviderManager extends AbstractAuthenticationManager implements In
|
||||
public void afterPropertiesSet() throws Exception {
|
||||
checkIfValidList(this.providers);
|
||||
Assert.notNull(this.messages, "A message source must be set");
|
||||
exceptionMappings.putAll(additionalExceptionMappings);
|
||||
doAddExtraDefaultExceptionMappings(exceptionMappings);
|
||||
}
|
||||
|
||||
@@ -157,6 +159,9 @@ public class ProviderManager extends AbstractAuthenticationManager implements In
|
||||
* injected by the IoC container.
|
||||
*
|
||||
* @param exceptionMappings the properties object, which already has entries in it
|
||||
* @deprecated This method has been removed from the 2.0 series; please use the
|
||||
* {@link #additionalExceptionMappings} property instead to inject additional exception
|
||||
* to event mappings
|
||||
*/
|
||||
protected void doAddExtraDefaultExceptionMappings(Properties exceptionMappings) {}
|
||||
|
||||
@@ -319,4 +324,17 @@ public class ProviderManager extends AbstractAuthenticationManager implements In
|
||||
applicationEventPublisher.publishEvent(event);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets additional exception to event mappings. These are automatically merged with the default
|
||||
* exception to event mappings that <code>ProviderManager</code> defines.
|
||||
*
|
||||
* @param additionalExceptionMappings where keys are the fully-qualified string name of the
|
||||
* exception class and the values are the fully-qualified string name of the event class to fire
|
||||
*/
|
||||
public void setAdditionalExceptionMappings(
|
||||
Properties additionalExceptionMappings) {
|
||||
this.additionalExceptionMappings = additionalExceptionMappings;
|
||||
}
|
||||
|
||||
}
|
||||
@@ -120,6 +120,7 @@ public class CasAuthenticationProvider implements AuthenticationProvider, Initia
|
||||
|
||||
if (result == null) {
|
||||
result = this.authenticateNow(authentication);
|
||||
result.setDetails(authentication.getDetails());
|
||||
}
|
||||
|
||||
if (stateless) {
|
||||
|
||||
+57
-19
@@ -31,6 +31,7 @@ import org.acegisecurity.providers.dao.cache.NullUserCache;
|
||||
import org.acegisecurity.userdetails.UserDetails;
|
||||
import org.acegisecurity.userdetails.UserDetailsService;
|
||||
import org.acegisecurity.userdetails.UsernameNotFoundException;
|
||||
import org.acegisecurity.userdetails.UserDetailsChecker;
|
||||
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
|
||||
@@ -66,13 +67,15 @@ import org.springframework.util.Assert;
|
||||
* @version $Id$
|
||||
*/
|
||||
public abstract class AbstractUserDetailsAuthenticationProvider implements AuthenticationProvider, InitializingBean,
|
||||
MessageSourceAware {
|
||||
MessageSourceAware {
|
||||
//~ Instance fields ================================================================================================
|
||||
|
||||
protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
|
||||
private UserCache userCache = new NullUserCache();
|
||||
private boolean forcePrincipalAsString = false;
|
||||
protected boolean hideUserNotFoundExceptions = true;
|
||||
private UserDetailsChecker preAuthenticationChecks = new DefaultPreAuthenticationChecks();
|
||||
private UserDetailsChecker postAuthenticationChecks = new DefaultPostAuthenticationChecks();
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
@@ -129,20 +132,7 @@ public abstract class AbstractUserDetailsAuthenticationProvider implements Authe
|
||||
Assert.notNull(user, "retrieveUser returned null - a violation of the interface contract");
|
||||
}
|
||||
|
||||
if (!user.isAccountNonLocked()) {
|
||||
throw new LockedException(messages.getMessage("AbstractUserDetailsAuthenticationProvider.locked",
|
||||
"User account is locked"));
|
||||
}
|
||||
|
||||
if (!user.isEnabled()) {
|
||||
throw new DisabledException(messages.getMessage("AbstractUserDetailsAuthenticationProvider.disabled",
|
||||
"User is disabled"));
|
||||
}
|
||||
|
||||
if (!user.isAccountNonExpired()) {
|
||||
throw new AccountExpiredException(messages.getMessage("AbstractUserDetailsAuthenticationProvider.expired",
|
||||
"User account has expired"));
|
||||
}
|
||||
preAuthenticationChecks.check(user);
|
||||
|
||||
// This check must come here, as we don't want to tell users
|
||||
// about account status unless they presented the correct credentials
|
||||
@@ -160,10 +150,7 @@ public abstract class AbstractUserDetailsAuthenticationProvider implements Authe
|
||||
}
|
||||
}
|
||||
|
||||
if (!user.isCredentialsNonExpired()) {
|
||||
throw new CredentialsExpiredException(messages.getMessage(
|
||||
"AbstractUserDetailsAuthenticationProvider.credentialsExpired", "User credentials have expired"));
|
||||
}
|
||||
postAuthenticationChecks.check(user);
|
||||
|
||||
if (!cacheWasUsed) {
|
||||
this.userCache.putUserInCache(user);
|
||||
@@ -275,7 +262,58 @@ public abstract class AbstractUserDetailsAuthenticationProvider implements Authe
|
||||
this.userCache = userCache;
|
||||
}
|
||||
|
||||
protected UserDetailsChecker getPreAuthenticationChecks() {
|
||||
return preAuthenticationChecks;
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets the policy will be used to verify the status of the loaded <tt>UserDetails</tt> <em>before</em>
|
||||
* validation of the credentials takes place.
|
||||
*
|
||||
* @param preAuthenticationChecks strategy to be invoked prior to authentication.
|
||||
*/
|
||||
public void setPreAuthenticationChecks(UserDetailsChecker preAuthenticationChecks) {
|
||||
this.preAuthenticationChecks = preAuthenticationChecks;
|
||||
}
|
||||
|
||||
protected UserDetailsChecker getPostAuthenticationChecks() {
|
||||
return postAuthenticationChecks;
|
||||
}
|
||||
|
||||
public void setPostAuthenticationChecks(UserDetailsChecker postAuthenticationChecks) {
|
||||
this.postAuthenticationChecks = postAuthenticationChecks;
|
||||
}
|
||||
|
||||
public boolean supports(Class authentication) {
|
||||
return (UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication));
|
||||
}
|
||||
|
||||
private class DefaultPreAuthenticationChecks implements UserDetailsChecker {
|
||||
public void check(UserDetails user) {
|
||||
if (!user.isAccountNonLocked()) {
|
||||
throw new LockedException(messages.getMessage("AbstractUserDetailsAuthenticationProvider.locked",
|
||||
"User account is locked"), user);
|
||||
}
|
||||
|
||||
if (!user.isEnabled()) {
|
||||
throw new DisabledException(messages.getMessage("AbstractUserDetailsAuthenticationProvider.disabled",
|
||||
"User is disabled"), user);
|
||||
}
|
||||
|
||||
if (!user.isAccountNonExpired()) {
|
||||
throw new AccountExpiredException(messages.getMessage("AbstractUserDetailsAuthenticationProvider.expired",
|
||||
"User account has expired"), user);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
private class DefaultPostAuthenticationChecks implements UserDetailsChecker {
|
||||
public void check(UserDetails user) {
|
||||
if (!user.isCredentialsNonExpired()) {
|
||||
throw new CredentialsExpiredException(messages.getMessage(
|
||||
"AbstractUserDetailsAuthenticationProvider.credentialsExpired",
|
||||
"User credentials have expired"), user);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -15,8 +15,6 @@
|
||||
|
||||
package org.acegisecurity.providers.dao;
|
||||
|
||||
import java.util.Map;
|
||||
|
||||
import org.acegisecurity.AuthenticationException;
|
||||
import org.acegisecurity.AuthenticationServiceException;
|
||||
import org.acegisecurity.BadCredentialsException;
|
||||
@@ -26,7 +24,6 @@ import org.acegisecurity.providers.encoding.PasswordEncoder;
|
||||
import org.acegisecurity.providers.encoding.PlaintextPasswordEncoder;
|
||||
import org.acegisecurity.userdetails.UserDetails;
|
||||
import org.acegisecurity.userdetails.UserDetailsService;
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.dao.DataAccessException;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
@@ -82,31 +79,6 @@ public class DaoAuthenticationProvider extends AbstractUserDetailsAuthentication
|
||||
Assert.notNull(this.userDetailsService, "A UserDetailsService must be set");
|
||||
}
|
||||
|
||||
/**
|
||||
* Introspects the <code>Applicationcontext</code> for the single instance
|
||||
* of {@link AccessDeniedHandler}. If found invoke
|
||||
* setAccessDeniedHandler(AccessDeniedHandler accessDeniedHandler) method by
|
||||
* providing the found instance of accessDeniedHandler as a method
|
||||
* parameter. If more than one instance of <code>AccessDeniedHandler</code>
|
||||
* is found, the method throws <code>IllegalStateException</code>.
|
||||
*
|
||||
* @param applicationContext to locate the instance
|
||||
*/
|
||||
private void autoDetectAnyUserDetailsServiceAndUseIt(ApplicationContext applicationContext) {
|
||||
if (applicationContext != null) {
|
||||
Map map = applicationContext.getBeansOfType(UserDetailsService.class);
|
||||
|
||||
if (map.size() > 1) {
|
||||
throw new IllegalArgumentException(
|
||||
"More than one UserDetailsService beans detected please refer to the one using "
|
||||
+ " [ principalRepositoryBeanRef ] " + "attribute");
|
||||
}
|
||||
else if (map.size() == 1) {
|
||||
setUserDetailsService((UserDetailsService) map.values().iterator().next());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public PasswordEncoder getPasswordEncoder() {
|
||||
return passwordEncoder;
|
||||
}
|
||||
@@ -172,5 +144,4 @@ public class DaoAuthenticationProvider extends AbstractUserDetailsAuthentication
|
||||
public void setIncludeDetailsObject(boolean includeDetailsObject) {
|
||||
this.includeDetailsObject = includeDetailsObject;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -55,7 +55,6 @@ import org.springframework.util.Assert;
|
||||
import java.io.IOException;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Arrays;
|
||||
import java.util.List;
|
||||
|
||||
import javax.servlet.Filter;
|
||||
@@ -81,7 +80,7 @@ import javax.servlet.http.HttpServletResponse;
|
||||
* specified user and will also contain an additinal {@link org.acegisecurity.ui.switchuser.SwitchUserGrantedAuthority
|
||||
* } which contains the original user.</p>
|
||||
* <p>To 'exit' from a user context, the user will then need to access a URL (see <code>exitUserUrl</code>) that
|
||||
* will switch back to the original user as identified by the <code>SWITCH_USER_GRANTED_AUTHORITY</code>.</p>
|
||||
* will switch back to the original user as identified by the <code>ROLE_PREVIOUS_ADMINISTRATOR</code>.</p>
|
||||
* <p>To configure the Switch User Processing Filter, create a bean definition for the Switch User processing
|
||||
* filter and add to the filterChainProxy. <br>
|
||||
* Example:<pre>
|
||||
@@ -102,8 +101,6 @@ public class SwitchUserProcessingFilter implements Filter, InitializingBean, App
|
||||
|
||||
private static final Log logger = LogFactory.getLog(SwitchUserProcessingFilter.class);
|
||||
|
||||
// ~ Static fields/initializers
|
||||
// =============================================
|
||||
public static final String ACEGI_SECURITY_SWITCH_USERNAME_KEY = "j_username";
|
||||
public static final String ROLE_PREVIOUS_ADMINISTRATOR = "ROLE_PREVIOUS_ADMINISTRATOR";
|
||||
|
||||
@@ -116,9 +113,6 @@ public class SwitchUserProcessingFilter implements Filter, InitializingBean, App
|
||||
private String switchUserUrl = "/j_acegi_switch_user";
|
||||
private String targetUrl;
|
||||
private SwitchUserAuthorityChanger switchUserAuthorityChanger;
|
||||
|
||||
// ~ Instance fields
|
||||
// ========================================================
|
||||
private UserDetailsService userDetailsService;
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
@@ -275,8 +269,11 @@ public class SwitchUserProcessingFilter implements Filter, InitializingBean, App
|
||||
Authentication currentAuth = SecurityContextHolder.getContext().getAuthentication();
|
||||
GrantedAuthority switchAuthority = new SwitchUserGrantedAuthority(ROLE_PREVIOUS_ADMINISTRATOR, currentAuth);
|
||||
|
||||
// get the original authorities
|
||||
List orig = Arrays.asList(targetUser.getAuthorities());
|
||||
// get the original authorities
|
||||
ArrayList orig = new ArrayList();
|
||||
for (int i = 0; i < targetUser.getAuthorities().length; i++) {
|
||||
orig.add(targetUser.getAuthorities()[i]);
|
||||
}
|
||||
|
||||
// Allow subclasses to change the authorities to be granted
|
||||
if (switchUserAuthorityChanger != null) {
|
||||
@@ -443,7 +440,7 @@ public class SwitchUserProcessingFilter implements Filter, InitializingBean, App
|
||||
/**
|
||||
* Sets the authentication data access object.
|
||||
*
|
||||
* @param authenticationDao The authentication dao
|
||||
* @param userDetailsService The UserDetailsService to use
|
||||
*/
|
||||
public void setUserDetailsService(UserDetailsService userDetailsService) {
|
||||
this.userDetailsService = userDetailsService;
|
||||
|
||||
@@ -0,0 +1,10 @@
|
||||
package org.acegisecurity.userdetails;
|
||||
|
||||
/**
|
||||
* @author Luke Taylor
|
||||
* @version $Id$
|
||||
* @since 1.0.7
|
||||
*/
|
||||
public interface UserDetailsChecker {
|
||||
void check(UserDetails toCheck);
|
||||
}
|
||||
+42
@@ -0,0 +1,42 @@
|
||||
package org.acegisecurity.userdetails.checker;
|
||||
|
||||
|
||||
import org.springframework.context.support.MessageSourceAccessor;
|
||||
|
||||
import org.acegisecurity.LockedException;
|
||||
import org.acegisecurity.CredentialsExpiredException;
|
||||
import org.acegisecurity.AccountExpiredException;
|
||||
import org.acegisecurity.DisabledException;
|
||||
import org.acegisecurity.AcegiMessageSource;
|
||||
import org.acegisecurity.userdetails.UserDetailsChecker;
|
||||
import org.acegisecurity.userdetails.UserDetails;
|
||||
|
||||
/**
|
||||
* @author Luke Taylor
|
||||
* @version $Id$
|
||||
* @since 1.0.7
|
||||
*/
|
||||
public class AccountStatusUserDetailsChecker implements UserDetailsChecker {
|
||||
|
||||
protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
|
||||
|
||||
public void check(UserDetails user) {
|
||||
if (!user.isAccountNonLocked()) {
|
||||
throw new LockedException(messages.getMessage("UserDetailsService.locked", "User account is locked"), user);
|
||||
}
|
||||
|
||||
if (!user.isEnabled()) {
|
||||
throw new DisabledException(messages.getMessage("UserDetailsService.disabled", "User is disabled"), user);
|
||||
}
|
||||
|
||||
if (!user.isAccountNonExpired()) {
|
||||
throw new AccountExpiredException(messages.getMessage("UserDetailsService.expired",
|
||||
"User account has expired"), user);
|
||||
}
|
||||
|
||||
if (!user.isCredentialsNonExpired()) {
|
||||
throw new CredentialsExpiredException(messages.getMessage("UserDetailsService.credentialsExpired",
|
||||
"User credentials have expired"), user);
|
||||
}
|
||||
}
|
||||
}
|
||||
+24
@@ -41,6 +41,8 @@ import org.springframework.dao.DataAccessException;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
|
||||
/**
|
||||
* Tests {@link org.acegisecurity.ui.switchuser.SwitchUserProcessingFilter}.
|
||||
@@ -377,6 +379,28 @@ public class SwitchUserProcessingFilterTests extends TestCase {
|
||||
assertEquals("jacklord", ((User) targetAuth.getPrincipal()).getUsername());
|
||||
}
|
||||
|
||||
public void testModificationOfAuthoritiesWorks() {
|
||||
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("dano", "hawaii50");
|
||||
SecurityContextHolder.getContext().setAuthentication(auth);
|
||||
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
request.addParameter(SwitchUserProcessingFilter.ACEGI_SECURITY_SWITCH_USERNAME_KEY, "jacklord");
|
||||
|
||||
SwitchUserProcessingFilter filter = new SwitchUserProcessingFilter();
|
||||
filter.setUserDetailsService(new MockAuthenticationDaoUserJackLord());
|
||||
filter.setSwitchUserAuthorityChanger(new SwitchUserAuthorityChanger() {
|
||||
public void modifyGrantedAuthorities(UserDetails targetUser, Authentication currentAuthentication, List authoritiesToBeGranted) {
|
||||
authoritiesToBeGranted.clear();
|
||||
authoritiesToBeGranted.add(new GrantedAuthorityImpl("ROLE_NEW"));
|
||||
}
|
||||
});
|
||||
|
||||
Authentication result = filter.attemptSwitchUser(request);
|
||||
assertTrue(result != null);
|
||||
assertEquals(2, result.getAuthorities().length);
|
||||
assertEquals("ROLE_NEW", result.getAuthorities()[0].getAuthority());
|
||||
}
|
||||
|
||||
//~ Inner Classes ==================================================================================================
|
||||
|
||||
private class MockAuthenticationDaoUserJackLord implements UserDetailsService {
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<groupId>org.acegisecurity</groupId>
|
||||
<artifactId>acegi-security-parent</artifactId>
|
||||
<version>1.0.6</version>
|
||||
<version>1.0.7</version>
|
||||
<name>Acegi Security</name>
|
||||
<packaging>pom</packaging>
|
||||
|
||||
@@ -32,9 +32,9 @@
|
||||
</licenses>
|
||||
|
||||
<scm>
|
||||
<connection>scm:svn:https://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/spring-security/tags/release_1_0_6</connection>
|
||||
<developerConnection>scm:svn:https://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/spring-security/tags/release_1_0_6</developerConnection>
|
||||
<url>http://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/spring-security/tags/release_1_0_6</url>
|
||||
<connection>scm:svn:https://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/spring-security/tags/acegi-security-parent-1.0.7</connection>
|
||||
<developerConnection>scm:svn:https://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/spring-security/tags/acegi-security-parent-1.0.7</developerConnection>
|
||||
<url>http://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/spring-security/tags/acegi-security-parent-1.0.7</url>
|
||||
</scm>
|
||||
|
||||
<issueManagement>
|
||||
|
||||
+2
-2
@@ -120,12 +120,12 @@ fi
|
||||
|
||||
pushd $SITE_DIR
|
||||
|
||||
find . -maxdepth 2 -mindepth 2 -name "*.html" | xargs perl -i -p -e 's#\./css/#\.\./css/#;' \
|
||||
find . -maxdepth 2 -mindepth 2 -name "*.html" | xargs perl -i -p -e 's#"\./css/#"\.\./css/#;' \
|
||||
-e 's/Maven Surefire Report/Unit Tests/;' \
|
||||
-e 's/Cobertura Test Coverage/Test Coverage/;' \
|
||||
-e 's/A successful project.*greatly appreciated\.//;'
|
||||
|
||||
find . -maxdepth 3 -mindepth 3 -name "*.html" | xargs perl -i -p -e 's#\./css/#\.\./\.\./css/#;'
|
||||
find . -maxdepth 3 -mindepth 3 -name "*.html" | xargs perl -i -p -e 's#"\./css/#"\.\./\.\./css/#;'
|
||||
|
||||
popd
|
||||
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<parent>
|
||||
<groupId>org.acegisecurity</groupId>
|
||||
<artifactId>acegi-security-samples</artifactId>
|
||||
<version>1.0.6</version>
|
||||
<version>1.0.7</version>
|
||||
</parent>
|
||||
<artifactId>acegi-security-samples-contacts</artifactId>
|
||||
<name>Acegi Security System for Spring - Contacts sample</name>
|
||||
|
||||
+1
-1
@@ -3,7 +3,7 @@
|
||||
<parent>
|
||||
<groupId>org.acegisecurity</groupId>
|
||||
<artifactId>acegi-security-parent</artifactId>
|
||||
<version>1.0.6</version>
|
||||
<version>1.0.7</version>
|
||||
</parent>
|
||||
<groupId>org.acegisecurity</groupId>
|
||||
<artifactId>acegi-security-samples</artifactId>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<parent>
|
||||
<groupId>org.acegisecurity</groupId>
|
||||
<artifactId>acegi-security-samples</artifactId>
|
||||
<version>1.0.6</version>
|
||||
<version>1.0.7</version>
|
||||
</parent>
|
||||
<groupId>org.acegisecurity</groupId>
|
||||
<artifactId>acegi-security-samples-tutorial</artifactId>
|
||||
|
||||
+56
-7
@@ -1,16 +1,65 @@
|
||||
--------------------------------
|
||||
Acegi Security System for Spring
|
||||
--------------------------------
|
||||
|
||||
|
||||
What is Acegi Security?
|
||||
Spring Security 2.0.0 Released
|
||||
|
||||
Acegi Security is now {{{http://www.springframework.org/projects/}Spring Security}},
|
||||
the official security project of the {{{http://www.springframework.org/projects/}Spring Portfolio}}.
|
||||
If you are planning a new project, we'd recommend you consider using Spring Security.
|
||||
Acegi Security 1.0.7 will be the last non-critical release of the 1.0.x series.
|
||||
|
||||
Spring Security 2.0.0 builds on Acegi Security's solid foundations, adding many new features:
|
||||
|
||||
Acegi Security is a powerful, flexible security solution for enterprise software,
|
||||
with a particular emphasis on applications that use
|
||||
{{{http://www.springframework.org/}Spring}}. Using Acegi Security provides your
|
||||
applications with comprehensive authentication, authorization, instance-based access control,
|
||||
channel security and human user detection capabilities.
|
||||
* Simplified namespace-based configuration syntax. Old configurations
|
||||
could require hundreds of lines of XML but our new convention over configuration
|
||||
approach ensures that many deployments will now require less than 10 lines.
|
||||
|
||||
Key Features
|
||||
* OpenID integration, which is the web's emerging single sign on
|
||||
standard (supported by Google, IBM, Sun, Yahoo and others)
|
||||
|
||||
* Windows NTLM support, providing easy enterprise-wide single sign on
|
||||
against Windows corporate networks
|
||||
|
||||
* Support for JSR 250 ("EJB 3") security annotations, delivering a
|
||||
standards-based model for authorization metadata
|
||||
|
||||
* AspectJ pointcut expression language support, allowing developers to
|
||||
apply cross-cutting security logic across their Spring managed objects
|
||||
|
||||
* Substantial improvements to the high-performance domain object
|
||||
instance security ("ACL") capabilities
|
||||
|
||||
* Comprehensive support for RESTful web request authorization, which
|
||||
works well with Spring 2.5's @MVC model for building RESTful systems
|
||||
|
||||
* Long-requested support for groups, hierarchical roles and a user
|
||||
management API, which all combine to reduce development time and
|
||||
significantly improve system administration
|
||||
|
||||
* An improved, database-backed "remember me" implementation
|
||||
|
||||
* Support for portlet authentication out-of-the-box
|
||||
|
||||
* Support for additional languages
|
||||
|
||||
* Numerous other general improvements, documentation and new samples
|
||||
|
||||
* New support for web state and flow transition authorization through
|
||||
the Spring Web Flow 2.0 release
|
||||
|
||||
* New support for visualizing secured methods, plus configuration
|
||||
auto-completion support in Spring IDE
|
||||
|
||||
* Enhanced WSS (formerly WS-Security) support through the Spring Web
|
||||
Services 1.5 release
|
||||
|
||||
Please visit {{{http://www.springframework.org/download}http://www.springframework.org/download}}
|
||||
to download the latest release and access the change log.
|
||||
|
||||
|
||||
Acegi Security - Key Features
|
||||
|
||||
* <<Stable and mature:>> Acegi Security 1.0.0 was released in May 2006 after
|
||||
more than two and a half years of use in large production software projects, 70,000+ downloads
|
||||
|
||||
Reference in New Issue
Block a user