1
0
mirror of synced 2026-07-08 20:30:04 +00:00

Compare commits

..

43 Commits

Author SHA1 Message Date
Luke Taylor 55fbfc5285 Updated site index page 2008-04-15 15:53:38 +00:00
Luke Taylor b75ea4e622 [maven-release-plugin] copy for tag acegi-security-parent-1.0.7 2008-04-15 11:38:16 +00:00
Luke Taylor f626d5ec47 SEC-678: Merged changes from trunk. 2008-02-18 20:44:09 +00:00
Luke Taylor 1b07b5e616 SEC-537: Merged changes from trunk. 2008-02-18 12:21:29 +00:00
Luke Taylor 22aaf34499 SEC-577: Correct javadocs for switch user 2008-02-15 14:35:16 +00:00
Luke Taylor 62093067cb SEC-581: Copy authentication details to CAS result token 2008-02-15 14:03:52 +00:00
Ben Alex be3d309905 SEC-656: Provide ability to dependency inject additional exception to event mappings, rather than require subclassing. 2008-02-15 11:56:36 +00:00
Luke Taylor 065e2b6fa2 SEC-575: Added getter/setter for LdapUserDetailsMapper 2008-02-14 18:58:08 +00:00
Luke Taylor b253510127 SEC-418: Applied patch from issue. 2008-01-28 19:24:45 +00:00
Luke Taylor e41860d944 [maven-release-plugin] prepare for next development iteration 2007-12-24 17:13:29 +00:00
Luke Taylor e9b5ada0c4 [maven-release-plugin] prepare release release_1_0_6 2007-12-24 17:12:43 +00:00
Luke Taylor 0a7d6225f7 Corrected tagBase url 2007-12-24 17:08:52 +00:00
Luke Taylor 75360d1358 Corrected tagBase url 2007-12-24 17:06:50 +00:00
Luke Taylor a84b405744 [maven-release-plugin] rollback the release of release_1_0_6 2007-12-24 16:54:36 +00:00
Luke Taylor 4c8f61ec90 [maven-release-plugin] prepare release release_1_0_6 2007-12-24 16:41:24 +00:00
Luke Taylor c2a13b0aa8 [maven-release-plugin] rollback the release of release_1_0_6 2007-12-24 16:32:46 +00:00
Luke Taylor ad45967cef [maven-release-plugin] prepare release release_1_0_6 2007-12-24 16:26:44 +00:00
Luke Taylor bdd78ced7f Corrected scm element 2007-12-24 16:15:11 +00:00
Luke Taylor 9174fb7746 Removed scm element from core and core-tiger 2007-12-24 16:10:34 +00:00
Luke Taylor b5ac6e42e3 Reinstated version as 1.0.6-SNAPSHOT after mvn release plugin failure 2007-12-24 16:07:24 +00:00
Luke Taylor e3247231d7 [maven-release-plugin] prepare release release_1_0_6 2007-12-24 16:00:00 +00:00
Luke Taylor ab022a5ed3 testing svn commit 2007-12-24 15:56:53 +00:00
Luke Taylor 18d8084744 Fix jetty plugin version at 6.1.6. 2007-12-24 14:51:50 +00:00
Luke Taylor 1216673deb Fix jetty plugin version at 6.1.6. 2007-12-24 14:48:45 +00:00
Luke Taylor 8e6e373a3b Removed unused import. 2007-12-07 16:20:31 +00:00
Luke Taylor 2b0ee23396 SEC-618: Move copyDetails method into ProviderManager and call it before checking with ConcurrentSessionController. 2007-12-07 16:17:59 +00:00
Luke Taylor 89cde2507d SEC-594: Set password on UserDetails object returned by BindAuthenticator. 2007-12-07 16:04:43 +00:00
Luke Taylor ac0e308354 Updated spring and acegi version numbers in petclinic tutorial file. 2007-12-03 23:15:29 +00:00
Ben Alex 724b9e23ba Remove OrderedUtils (was used for old namespace testing). 2007-12-03 05:05:30 +00:00
Ben Alex 99c5479f9a SEC-584: Require user to explicitly set SessionRegistry, so the implementation can benefit from application context services. 2007-12-02 03:00:26 +00:00
Ben Alex c3dc3a3a4f SEC-610: Reauthenticate even if AnonymousAuthenticationToken is present. 2007-12-02 02:15:18 +00:00
Ben Alex 859ce607cd Now using mvn eclipse:eclipse instead; do not check these back in. 2007-12-02 00:47:38 +00:00
Ben Alex d6fd9980bd Remove configuration from sandbox; this support exists in 2.0 trunk. 2007-12-01 23:52:52 +00:00
Luke Taylor 831981ac69 Changed forum description. 2007-11-20 16:50:12 +00:00
Scott Battaglia 7b981d3e84 SEC-592
implemented NullStatelessTicketCache and test cases and made it the default for CasAuthenticationProvider.
2007-11-07 21:55:59 +00:00
Luke Taylor 38a0bf7ca4 SEC-564: Documented checkout of 1.0.x branch and trunk separately. 2007-11-07 00:24:02 +00:00
Luke Taylor e243855822 SEC-557: Reinstated default AccessDeniedHandler (AccessDeniedHandlerImpl) which had been removed by mistake. 2007-09-19 16:41:06 +00:00
Luke Taylor e6e461d9a0 SEC-549: Merged fix from trunk (trim space from username). 2007-09-14 14:32:19 +00:00
Luke Taylor 0ff8662f12 SEC-556: Removed namespace meta-inf file from 1.0 branch. 2007-09-12 21:37:07 +00:00
Luke Taylor 0878d7d563 Changed release notes to include deployment in tomcat *and* Jetty (after jstl issues with tutorial). 2007-09-12 21:19:02 +00:00
Luke Taylor ae4b5907b9 Merged website style changes from trunk. 2007-09-12 21:12:29 +00:00
Luke Taylor 5da9a0c0c0 Removed unnecessary repository declarations. 2007-09-12 21:10:29 +00:00
Luke Taylor 95d5c61115 SEC-554: Added jstl jars to tutorial pom. 2007-09-12 21:04:17 +00:00
1349 changed files with 35171 additions and 50157 deletions
+57
View File
@@ -0,0 +1,57 @@
#Mon Nov 07 22:01:53 EST 2005
eclipse.preferences.version=1
org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled
org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5
org.eclipse.jdt.core.compiler.codegen.unusedLocal=preserve
org.eclipse.jdt.core.compiler.compliance=1.5
org.eclipse.jdt.core.compiler.debug.lineNumber=generate
org.eclipse.jdt.core.compiler.debug.localVariable=generate
org.eclipse.jdt.core.compiler.debug.sourceFile=generate
org.eclipse.jdt.core.compiler.problem.annotationSuperInterface=warning
org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
org.eclipse.jdt.core.compiler.problem.autoboxing=warning
org.eclipse.jdt.core.compiler.problem.deprecation=ignore
org.eclipse.jdt.core.compiler.problem.deprecationInDeprecatedCode=disabled
org.eclipse.jdt.core.compiler.problem.deprecationWhenOverridingDeprecatedMethod=disabled
org.eclipse.jdt.core.compiler.problem.discouragedReference=warning
org.eclipse.jdt.core.compiler.problem.emptyStatement=ignore
org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
org.eclipse.jdt.core.compiler.problem.fieldHiding=ignore
org.eclipse.jdt.core.compiler.problem.finalParameterBound=warning
org.eclipse.jdt.core.compiler.problem.finallyBlockNotCompletingNormally=warning
org.eclipse.jdt.core.compiler.problem.forbiddenReference=error
org.eclipse.jdt.core.compiler.problem.hiddenCatchBlock=warning
org.eclipse.jdt.core.compiler.problem.incompatibleNonInheritedInterfaceMethod=warning
org.eclipse.jdt.core.compiler.problem.incompleteEnumSwitch=warning
org.eclipse.jdt.core.compiler.problem.indirectStaticAccess=ignore
org.eclipse.jdt.core.compiler.problem.localVariableHiding=ignore
org.eclipse.jdt.core.compiler.problem.methodWithConstructorName=warning
org.eclipse.jdt.core.compiler.problem.missingDeprecatedAnnotation=ignore
org.eclipse.jdt.core.compiler.problem.missingOverrideAnnotation=ignore
org.eclipse.jdt.core.compiler.problem.missingSerialVersion=ignore
org.eclipse.jdt.core.compiler.problem.noEffectAssignment=warning
org.eclipse.jdt.core.compiler.problem.noImplicitStringConversion=warning
org.eclipse.jdt.core.compiler.problem.nonExternalizedStringLiteral=ignore
org.eclipse.jdt.core.compiler.problem.overridingPackageDefaultMethod=warning
org.eclipse.jdt.core.compiler.problem.possibleAccidentalBooleanAssignment=ignore
org.eclipse.jdt.core.compiler.problem.specialParameterHidingField=disabled
org.eclipse.jdt.core.compiler.problem.staticAccessReceiver=warning
org.eclipse.jdt.core.compiler.problem.suppressWarnings=enabled
org.eclipse.jdt.core.compiler.problem.syntheticAccessEmulation=ignore
org.eclipse.jdt.core.compiler.problem.typeParameterHiding=warning
org.eclipse.jdt.core.compiler.problem.uncheckedTypeOperation=ignore
org.eclipse.jdt.core.compiler.problem.undocumentedEmptyBlock=ignore
org.eclipse.jdt.core.compiler.problem.unhandledWarningToken=warning
org.eclipse.jdt.core.compiler.problem.unnecessaryElse=ignore
org.eclipse.jdt.core.compiler.problem.unnecessaryTypeCheck=ignore
org.eclipse.jdt.core.compiler.problem.unqualifiedFieldAccess=ignore
org.eclipse.jdt.core.compiler.problem.unusedDeclaredThrownException=ignore
org.eclipse.jdt.core.compiler.problem.unusedDeclaredThrownExceptionWhenOverriding=disabled
org.eclipse.jdt.core.compiler.problem.unusedImport=warning
org.eclipse.jdt.core.compiler.problem.unusedLocal=ignore
org.eclipse.jdt.core.compiler.problem.unusedParameter=ignore
org.eclipse.jdt.core.compiler.problem.unusedParameterWhenImplementingAbstract=disabled
org.eclipse.jdt.core.compiler.problem.unusedParameterWhenOverridingConcrete=disabled
org.eclipse.jdt.core.compiler.problem.unusedPrivateMember=ignore
org.eclipse.jdt.core.compiler.problem.varargsArgumentNeedCast=warning
org.eclipse.jdt.core.compiler.source=1.5
+3
View File
@@ -0,0 +1,3 @@
#Mon Nov 07 21:58:48 EST 2005
eclipse.preferences.version=1
internal.default.compliance=default
-47
View File
@@ -1,47 +0,0 @@
<?xml version="1.0"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<parent>
<artifactId>spring-security-parent</artifactId>
<groupId>org.springframework.security</groupId>
<version>2.0.0</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-acl</artifactId>
<name>Spring Security - ACL module</name>
<version>2.0.0</version>
<dependencies>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>${project.version}</version>
<classifier>tests</classifier>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-mock</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>net.sf.ehcache</groupId>
<artifactId>ehcache</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>hsqldb</groupId>
<artifactId>hsqldb</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
</project>
@@ -1,170 +0,0 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.acls;
import org.springframework.security.acls.objectidentity.ObjectIdentity;
import org.springframework.security.acls.sid.Sid;
import java.io.Serializable;
/**
* Represents an access control list (ACL) for a domain object.
*
* <p>
* An <tt>Acl</tt> represents all ACL entries for a given domain object. In
* order to avoid needing references to the domain object itself, this
* interface handles indirection between a domain object and an ACL object
* identity via the {@link
* org.springframework.security.acls.objectidentity.ObjectIdentity} interface.
* </p>
*
* <p>
* Implementing classes may elect to return instances that represent
* {@link org.springframework.security.acls.Permission} information for either
* some OR all {@link org.springframework.security.acls.sid.Sid}
* instances. Therefore, an instance may NOT necessarily contain ALL <tt>Sid</tt>s
* for a given domain object.
* </p>
*
* @author Ben Alex
* @version $Id$
*/
public interface Acl extends Serializable {
/**
* Returns all of the entries represented by the present <tt>Acl</tt>. Entries associated with
* the <tt>Acl</tt> parents are not returned.
*
* <p>This method is typically used for administrative purposes.</p>
*
* <p>The order that entries appear in the array is important for methods declared in the
* {@link MutableAcl} interface. Furthermore, some implementations MAY use ordering as
* part of advanced permission checking.</p>
*
* <p>Do <em>NOT</em> use this method for making authorization decisions. Instead use {@link
* #isGranted(Permission[], Sid[], boolean)}.</p>
*
* <p>This method must operate correctly even if the <tt>Acl</tt> only represents a subset of
* <tt>Sid</tt>s. The caller is responsible for correctly handling the result if only a subset of
* <tt>Sid</tt>s is represented.</p>
*
* @return the list of entries represented by the <tt>Acl</tt>, or <tt>null</tt> if there are
* no entries presently associated with this <tt>Acl</tt>.
*/
AccessControlEntry[] getEntries();
/**
* Obtains the domain object this <tt>Acl</tt> provides entries for. This is immutable once an
* <tt>Acl</tt> is created.
*
* @return the object identity (never <tt>null</tt>)
*/
ObjectIdentity getObjectIdentity();
/**
* Determines the owner of the <tt>Acl</tt>. The meaning of ownership varies by implementation and is
* unspecified.
*
* @return the owner (may be <tt>null</tt> if the implementation does not use ownership concepts)
*/
Sid getOwner();
/**
* A domain object may have a parent for the purpose of ACL inheritance. If there is a parent, its ACL can
* be accessed via this method. In turn, the parent's parent (grandparent) can be accessed and so on.
*
* <p>This method solely represents the presence of a navigation hierarchy between the parent <tt>Acl</tt> and this
* <tt>Acl</tt>. For actual inheritance to take place, the {@link #isEntriesInheriting()} must also be
* <tt>true</tt>.</p>
*
* <p>This method must operate correctly even if the <tt>Acl</tt> only represents a subset of
* <tt>Sid</tt>s. The caller is responsible for correctly handling the result if only a subset of
* <tt>Sid</tt>s is represented.</p>
*
* @return the parent <tt>Acl</tt> (may be <tt>null</tt> if this <tt>Acl</tt> does not have a parent)
*/
Acl getParentAcl();
/**
* Indicates whether the ACL entries from the {@link #getParentAcl()} should flow down into the current
* <tt>Acl</tt>.<p>The mere link between an <tt>Acl</tt> and a parent <tt>Acl</tt> on its own
* is insufficient to cause ACL entries to inherit down. This is because a domain object may wish to have entirely
* independent entries, but maintain the link with the parent for navigation purposes. Thus, this method denotes
* whether or not the navigation relationship also extends to the actual inheritance of entries.</p>
*
* @return <tt>true</tt> if parent ACL entries inherit into the current <tt>Acl</tt>
*/
boolean isEntriesInheriting();
/**
* This is the actual authorization logic method, and must be used whenever ACL authorization decisions are
* required.
*
* <p>An array of <tt>Sid</tt>s are presented, representing security identifies of the current
* principal. In addition, an array of <tt>Permission</tt>s is presented which will have one or more bits set
* in order to indicate the permissions needed for an affirmative authorization decision. An array is presented
* because holding <em>any</em> of the <tt>Permission</tt>s inside the array will be sufficient for an
* affirmative authorization.</p>
*
* <p>The actual approach used to make authorization decisions is left to the implementation and is not
* specified by this interface. For example, an implementation <em>MAY</em> search the current ACL in the order
* the ACL entries have been stored. If a single entry is found that has the same active bits as are shown in a
* passed <tt>Permission</tt>, that entry's grant or deny state may determine the authorization decision. If
* the case of a deny state, the deny decision will only be relevant if all other <tt>Permission</tt>s passed
* in the array have also been unsuccessfully searched. If no entry is found that match the bits in the current
* ACL, provided that {@link #isEntriesInheriting()} is <tt>true</tt>, the authorization decision may be
* passed to the parent ACL. If there is no matching entry, the implementation MAY throw an exception, or make a
* predefined authorization decision.</p>
*
* <p>This method must operate correctly even if the <tt>Acl</tt> only represents a subset of <tt>Sid</tt>s,
* although the implementation is permitted to throw one of the signature-defined exceptions if the method
* is called requesting an authorization decision for a {@link Sid} that was never loaded in this <tt>Acl</tt>.
* </p>
*
* @param permission the permission or permissions required (at least one entry required)
* @param sids the security identities held by the principal (at least one entry required)
* @param administrativeMode if <tt>true</tt> denotes the query is for administrative purposes and no logging
* or auditing (if supported by the implementation) should be undertaken
*
* @return <tt>true</tt> if authorization is granted
*
* @throws NotFoundException MUST be thrown if an implementation cannot make an authoritative authorization
* decision, usually because there is no ACL information for this particular permission and/or SID
* @throws UnloadedSidException thrown if the <tt>Acl</tt> does not have details for one or more of the
* <tt>Sid</tt>s passed as arguments
*/
boolean isGranted(Permission[] permission, Sid[] sids, boolean administrativeMode)
throws NotFoundException, UnloadedSidException;
/**
* For efficiency reasons an <tt>Acl</tt> may be loaded and <em>not</em> contain entries for every
* <tt>Sid</tt> in the system. If an <tt>Acl</tt> has been loaded and does not represent every
* <tt>Sid</tt>, all methods of the <tt>Acl</tt> can only be used within the limited scope of the
* <tt>Sid</tt> instances it actually represents.
* <p>
* It is normal to load an <tt>Acl</tt> for only particular <tt>Sid</tt>s if read-only authorization
* decisions are being made. However, if user interface reporting or modification of <tt>Acl</tt>s are
* desired, an <tt>Acl</tt> should be loaded with all <tt>Sid</tt>s. This method denotes whether or
* not the specified <tt>Sid</tt>s have been loaded or not.
* </p>
*
* @param sids one or more security identities the caller is interest in knowing whether this <tt>Sid</tt>
* supports
*
* @return <tt>true</tt> if every passed <tt>Sid</tt> is represented by this <tt>Acl</tt> instance
*/
boolean isSidLoaded(Sid[] sids);
}
@@ -1,72 +0,0 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.acls.objectidentity;
import java.io.Serializable;
/**
* Represents the identity of an individual domain object instance.
*
* <p>
* As implementations of <tt>ObjectIdentity</tt> are used as the key to represent
* domain objects in the ACL subsystem, it is essential that implementations provide
* methods so that object-equality rather than reference-equality can be relied upon
* reliably. In other words, the ACL subsystem can consider two
* <tt>ObjectIdentity</tt>s equal if <tt>identity1.equals(identity2)</tt>, rather than
* reference-equality of <tt>identity1==identity2</tt>.
* </p>
*
* @author Ben Alex
* @version $Id$
*/
public interface ObjectIdentity extends Serializable {
//~ Methods ========================================================================================================
/**
* @param obj to be compared
*
* @return <tt>true</tt> if the objects are equal, <tt>false</tt> otherwise
* @see Object#equals(Object)
*/
boolean equals(Object obj);
/**
* Obtains the actual identifier. This identifier must not be reused to represent other domain objects with
* the same <tt>javaType</tt>.
*
* <p>Because ACLs are largely immutable, it is strongly recommended to use
* a synthetic identifier (such as a database sequence number for the primary key). Do not use an identifier with
* business meaning, as that business meaning may change in the future such change will cascade to the ACL
* subsystem data.</p>
*
* @return the identifier (unique within this <tt>javaType</tt>; never <tt>null</tt>)
*/
Serializable getIdentifier();
/**
* Obtains the Java type represented by the domain object. The Java type can be an interface or a class, but is
* most often the domain object implementation class.
*
* @return the Java type of the domain object (never <tt>null</tt>)
*/
Class getJavaType();
/**
* @return a hash code representation of the <tt>ObjectIdentity</tt>
* @see Object#hashCode()
*/
int hashCode();
}
@@ -1,135 +0,0 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.afterinvocation;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.Authentication;
import org.springframework.security.AuthorizationServiceException;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.acls.AclService;
import org.springframework.security.acls.Permission;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import java.util.Collection;
import java.util.Iterator;
/**
* <p>
* Given a <code>Collection</code> of domain object instances returned from a secure object invocation, remove
* any <code>Collection</code> elements the principal does not have appropriate permission to access as defined by the
* {@link AclService}.
* <p>
* The <code>AclService</code> is used to retrieve the access control list (ACL) permissions associated with
* each <code>Collection</code> domain object instance element for the current <code>Authentication</code> object.
* <p>
* This after invocation provider will fire if any {@link ConfigAttribute#getAttribute()} matches the {@link
* #processConfigAttribute}. The provider will then lookup the ACLs from the <code>AclService</code> and ensure the
* principal is {@link org.springframework.security.acls.Acl#isGranted(org.springframework.security.acls.Permission[],
* org.springframework.security.acls.sid.Sid[], boolean) Acl.isGranted(Permission[], Sid[], boolean)}
* when presenting the {@link #requirePermission} array to that method.
* <p>
* If the principal does not have permission, that element will not be included in the returned
* <code>Collection</code>.
* <p>
* Often users will setup a <code>BasicAclEntryAfterInvocationProvider</code> with a {@link
* #processConfigAttribute} of <code>AFTER_ACL_COLLECTION_READ</code> and a {@link #requirePermission} of
* <code>BasePermission.READ</code>. These are also the defaults.
* <p>
* If the provided <code>returnObject</code> is <code>null</code>, a <code>null</code><code>Collection</code>
* will be returned. If the provided <code>returnObject</code> is not a <code>Collection</code>, an {@link
* AuthorizationServiceException} will be thrown.
* <p>
* All comparisons and prefixes are case sensitive.
*
* @author Ben Alex
* @author Paulo Neves
* @version $Id$
*/
public class AclEntryAfterInvocationCollectionFilteringProvider extends AbstractAclProvider {
//~ Static fields/initializers =====================================================================================
protected static final Log logger = LogFactory.getLog(AclEntryAfterInvocationCollectionFilteringProvider.class);
//~ Constructors ===================================================================================================
public AclEntryAfterInvocationCollectionFilteringProvider(AclService aclService, Permission[] requirePermission) {
super(aclService, "AFTER_ACL_COLLECTION_READ", requirePermission);
}
//~ Methods ========================================================================================================
public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
Object returnedObject) throws AccessDeniedException {
if (returnedObject == null) {
if (logger.isDebugEnabled()) {
logger.debug("Return object is null, skipping");
}
return null;
}
Iterator iter = config.getConfigAttributes().iterator();
while (iter.hasNext()) {
ConfigAttribute attr = (ConfigAttribute) iter.next();
if (!this.supports(attr)) {
continue;
}
// Need to process the Collection for this invocation
Filterer filterer;
if (returnedObject instanceof Collection) {
filterer = new CollectionFilterer((Collection) returnedObject);
} else if (returnedObject.getClass().isArray()) {
filterer = new ArrayFilterer((Object[]) returnedObject);
} else {
throw new AuthorizationServiceException("A Collection or an array (or null) was required as the "
+ "returnedObject, but the returnedObject was: " + returnedObject);
}
// Locate unauthorised Collection elements
Iterator collectionIter = filterer.iterator();
while (collectionIter.hasNext()) {
Object domainObject = collectionIter.next();
// Ignore nulls or entries which aren't instances of the configured domain object class
if (domainObject == null || !getProcessDomainObjectClass().isAssignableFrom(domainObject.getClass())) {
continue;
}
if(!hasPermission(authentication, domainObject)) {
filterer.remove(domainObject);
if (logger.isDebugEnabled()) {
logger.debug("Principal is NOT authorised for element: " + domainObject);
}
}
}
return filterer.getFilteredObject();
}
return returnedObject;
}
}
@@ -1,125 +0,0 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.afterinvocation;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.SpringSecurityMessageSource;
import org.springframework.security.Authentication;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.acls.AclService;
import org.springframework.security.acls.Permission;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.context.MessageSource;
import org.springframework.context.MessageSourceAware;
import org.springframework.context.support.MessageSourceAccessor;
import java.util.Iterator;
/**
* Given a domain object instance returned from a secure object invocation, ensures the principal has
* appropriate permission as defined by the {@link AclService}.
* <p>
* The <code>AclService</code> is used to retrieve the access control list (ACL) permissions associated with a
* domain object instance for the current <code>Authentication</code> object.
* <p>
* This after invocation provider will fire if any {@link ConfigAttribute#getAttribute()} matches the {@link
* #processConfigAttribute}. The provider will then lookup the ACLs from the <tt>AclService</tt> and ensure the
* principal is {@link org.springframework.security.acls.Acl#isGranted(org.springframework.security.acls.Permission[],
org.springframework.security.acls.sid.Sid[], boolean) Acl.isGranted(Permission[], Sid[], boolean)}
* when presenting the {@link #requirePermission} array to that method.
* <p>
* Often users will setup an <code>AclEntryAfterInvocationProvider</code> with a {@link
* #processConfigAttribute} of <code>AFTER_ACL_READ</code> and a {@link #requirePermission} of
* <code>BasePermission.READ</code>. These are also the defaults.
* <p>
* If the principal does not have sufficient permissions, an <code>AccessDeniedException</code> will be thrown.
* <p>
* If the provided <tt>returnedObject</tt> is <code>null</code>, permission will always be granted and
* <code>null</code> will be returned.
* <p>
* All comparisons and prefixes are case sensitive.
*/
public class AclEntryAfterInvocationProvider extends AbstractAclProvider implements MessageSourceAware {
//~ Static fields/initializers =====================================================================================
protected static final Log logger = LogFactory.getLog(AclEntryAfterInvocationProvider.class);
//~ Instance fields ================================================================================================
protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
//~ Constructors ===================================================================================================
public AclEntryAfterInvocationProvider(AclService aclService, Permission[] requirePermission) {
super(aclService, "AFTER_ACL_READ", requirePermission);
}
//~ Methods ========================================================================================================
public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
Object returnedObject) throws AccessDeniedException {
Iterator iter = config.getConfigAttributes().iterator();
if (returnedObject == null) {
// AclManager interface contract prohibits nulls
// As they have permission to null/nothing, grant access
if (logger.isDebugEnabled()) {
logger.debug("Return object is null, skipping");
}
return null;
}
if (!getProcessDomainObjectClass().isAssignableFrom(returnedObject.getClass())) {
if (logger.isDebugEnabled()) {
logger.debug("Return object is not applicable for this provider, skipping");
}
return returnedObject;
}
while (iter.hasNext()) {
ConfigAttribute attr = (ConfigAttribute) iter.next();
if (!this.supports(attr)) {
continue;
}
// Need to make an access decision on this invocation
if (hasPermission(authentication, returnedObject)) {
return returnedObject;
}
logger.debug("Denying access");
throw new AccessDeniedException(messages.getMessage("BasicAclEntryAfterInvocationProvider.noPermission",
new Object[] {authentication.getName(), returnedObject},
"Authentication {0} has NO permissions to the domain object {1}"));
}
return returnedObject;
}
public void setMessageSource(MessageSource messageSource) {
this.messages = new MessageSourceAccessor(messageSource);
}
}
@@ -1,69 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
<!--
- Application context containing business beans.
-
- Used by all artifacts.
-
- $Id:applicationContext-test.xml 1754 2006-11-17 02:01:21Z benalex $
-->
<beans>
<bean id="databaseSeeder" class="org.springframework.security.acls.jdbc.DatabaseSeeder">
<constructor-arg ref="dataSource"/>
<constructor-arg value="classpath:org/springframework/security/acls/jdbc/testData.sql"/>
</bean>
<bean id="transactionManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
<property name="dataSource" ref="dataSource"/>
</bean>
<bean id="aclCache" class="org.springframework.security.acls.jdbc.EhCacheBasedAclCache">
<constructor-arg>
<bean class="org.springframework.cache.ehcache.EhCacheFactoryBean">
<property name="cacheManager">
<bean class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>
</property>
<property name="cacheName" value="aclCache"/>
</bean>
</constructor-arg>
</bean>
<bean id="lookupStrategy" class="org.springframework.security.acls.jdbc.BasicLookupStrategy">
<constructor-arg ref="dataSource"/>
<constructor-arg ref="aclCache"/>
<constructor-arg ref="aclAuthorizationStrategy"/>
<constructor-arg>
<bean class="org.springframework.security.acls.domain.ConsoleAuditLogger"/>
</constructor-arg>
</bean>
<bean id="aclAuthorizationStrategy" class="org.springframework.security.acls.domain.AclAuthorizationStrategyImpl">
<constructor-arg>
<list>
<bean class="org.springframework.security.GrantedAuthorityImpl">
<constructor-arg value="ROLE_ADMINISTRATOR"/>
</bean>
<bean class="org.springframework.security.GrantedAuthorityImpl">
<constructor-arg value="ROLE_ADMINISTRATOR"/>
</bean>
<bean class="org.springframework.security.GrantedAuthorityImpl">
<constructor-arg value="ROLE_ADMINISTRATOR"/>
</bean>
</list>
</constructor-arg>
</bean>
<bean id="aclService" class="org.springframework.security.acls.jdbc.JdbcMutableAclService">
<constructor-arg ref="dataSource"/>
<constructor-arg ref="lookupStrategy"/>
<constructor-arg ref="aclCache"/>
</bean>
<bean id="dataSource" class="org.springframework.security.TestDataSource">
<constructor-arg value="acltest" />
</bean>
</beans>
@@ -1,124 +0,0 @@
package org.springframework.security.acls;
import junit.framework.Assert;
import junit.framework.TestCase;
/**
* Tests for {@link AclFormattingUtils}.
*
* @author Andrei Stefan
*/
public class AclFormattingUtilsTests extends TestCase {
//~ Methods ========================================================================================================
public final void testDemergePatternsParametersConstraints() throws Exception {
try {
AclFormattingUtils.demergePatterns(null, "SOME STRING");
Assert.fail("It should have thrown IllegalArgumentException");
}
catch (IllegalArgumentException expected) {
Assert.assertTrue(true);
}
try {
AclFormattingUtils.demergePatterns("SOME STRING", null);
Assert.fail("It should have thrown IllegalArgumentException");
}
catch (IllegalArgumentException expected) {
Assert.assertTrue(true);
}
try {
AclFormattingUtils.demergePatterns("SOME STRING", "LONGER SOME STRING");
Assert.fail("It should have thrown IllegalArgumentException");
}
catch (IllegalArgumentException expected) {
Assert.assertTrue(true);
}
try {
AclFormattingUtils.demergePatterns("SOME STRING", "SAME LENGTH");
Assert.assertTrue(true);
}
catch (IllegalArgumentException notExpected) {
Assert.fail("It shouldn't have thrown IllegalArgumentException");
}
}
public final void testDemergePatterns() throws Exception {
String original = "...........................A...R";
String removeBits = "...............................R";
Assert.assertEquals("...........................A....", AclFormattingUtils
.demergePatterns(original, removeBits));
Assert.assertEquals("ABCDEF", AclFormattingUtils.demergePatterns("ABCDEF", "......"));
Assert.assertEquals("......", AclFormattingUtils.demergePatterns("ABCDEF", "GHIJKL"));
}
public final void testMergePatternsParametersConstraints() throws Exception {
try {
AclFormattingUtils.mergePatterns(null, "SOME STRING");
Assert.fail("It should have thrown IllegalArgumentException");
}
catch (IllegalArgumentException expected) {
Assert.assertTrue(true);
}
try {
AclFormattingUtils.mergePatterns("SOME STRING", null);
Assert.fail("It should have thrown IllegalArgumentException");
}
catch (IllegalArgumentException expected) {
Assert.assertTrue(true);
}
try {
AclFormattingUtils.mergePatterns("SOME STRING", "LONGER SOME STRING");
Assert.fail("It should have thrown IllegalArgumentException");
}
catch (IllegalArgumentException expected) {
Assert.assertTrue(true);
}
try {
AclFormattingUtils.mergePatterns("SOME STRING", "SAME LENGTH");
Assert.assertTrue(true);
}
catch (IllegalArgumentException notExpected) {
Assert.fail("It shouldn't have thrown IllegalArgumentException");
}
}
public final void testMergePatterns() throws Exception {
String original = "...............................R";
String extraBits = "...........................A....";
Assert.assertEquals("...........................A...R", AclFormattingUtils
.mergePatterns(original, extraBits));
Assert.assertEquals("ABCDEF", AclFormattingUtils.mergePatterns("ABCDEF", "......"));
Assert.assertEquals("GHIJKL", AclFormattingUtils.mergePatterns("ABCDEF", "GHIJKL"));
}
public final void testBinaryPrints() throws Exception {
Assert.assertEquals("............................****", AclFormattingUtils.printBinary(15));
try {
AclFormattingUtils.printBinary(15, Permission.RESERVED_ON);
Assert.fail("It should have thrown IllegalArgumentException");
}
catch (IllegalArgumentException notExpected) {
Assert.assertTrue(true);
}
try {
AclFormattingUtils.printBinary(15, Permission.RESERVED_OFF);
Assert.fail("It should have thrown IllegalArgumentException");
}
catch (IllegalArgumentException notExpected) {
Assert.assertTrue(true);
}
Assert.assertEquals("............................xxxx", AclFormattingUtils.printBinary(15, 'x'));
}
}
@@ -1,136 +0,0 @@
package org.springframework.security.acls.domain;
import junit.framework.Assert;
import junit.framework.TestCase;
import org.springframework.security.acls.AccessControlEntry;
import org.springframework.security.acls.Acl;
import org.springframework.security.acls.AuditableAccessControlEntry;
import org.springframework.security.acls.NotFoundException;
import org.springframework.security.acls.Permission;
import org.springframework.security.acls.UnloadedSidException;
import org.springframework.security.acls.objectidentity.ObjectIdentity;
import org.springframework.security.acls.sid.PrincipalSid;
import org.springframework.security.acls.sid.Sid;
/**
* Test class for {@link AccessControlEntryImpl}
*
* @author Andrei Stefan
*/
public class AccessControlEntryTests extends TestCase {
//~ Methods ========================================================================================================
public void testConstructorRequiredFields() throws Exception {
// Check Acl field is present
try {
AccessControlEntry ace = new AccessControlEntryImpl(null, null, new PrincipalSid("johndoe"),
BasePermission.ADMINISTRATION, true, true, true);
Assert.fail("It should have thrown IllegalArgumentException");
}
catch (IllegalArgumentException expected) {
Assert.assertTrue(true);
}
// Check Sid field is present
try {
AccessControlEntry ace = new AccessControlEntryImpl(null, new MockAcl(), null,
BasePermission.ADMINISTRATION, true, true, true);
Assert.fail("It should have thrown IllegalArgumentException");
}
catch (IllegalArgumentException expected) {
Assert.assertTrue(true);
}
// Check Permission field is present
try {
AccessControlEntry ace = new AccessControlEntryImpl(null, new MockAcl(), new PrincipalSid("johndoe"), null,
true, true, true);
Assert.fail("It should have thrown IllegalArgumentException");
}
catch (IllegalArgumentException expected) {
Assert.assertTrue(true);
}
}
public void testAccessControlEntryImplGetters() throws Exception {
Acl mockAcl = new MockAcl();
Sid sid = new PrincipalSid("johndoe");
// Create a sample entry
AccessControlEntry ace = new AccessControlEntryImpl(new Long(1), mockAcl, sid, BasePermission.ADMINISTRATION,
true, true, true);
// and check every get() method
Assert.assertEquals(new Long(1), ace.getId());
Assert.assertEquals(mockAcl, ace.getAcl());
Assert.assertEquals(sid, ace.getSid());
Assert.assertTrue(ace.isGranting());
Assert.assertEquals(BasePermission.ADMINISTRATION, ace.getPermission());
Assert.assertTrue(((AuditableAccessControlEntry) ace).isAuditFailure());
Assert.assertTrue(((AuditableAccessControlEntry) ace).isAuditSuccess());
}
public void testEquals() throws Exception {
Acl mockAcl = new MockAcl();
Sid sid = new PrincipalSid("johndoe");
AccessControlEntry ace = new AccessControlEntryImpl(new Long(1), mockAcl, sid, BasePermission.ADMINISTRATION,
true, true, true);
Assert.assertFalse(ace.equals(null));
Assert.assertFalse(ace.equals(new Long(100)));
Assert.assertTrue(ace.equals(ace));
Assert.assertTrue(ace.equals(new AccessControlEntryImpl(new Long(1), mockAcl, sid,
BasePermission.ADMINISTRATION, true, true, true)));
Assert.assertFalse(ace.equals(new AccessControlEntryImpl(new Long(2), mockAcl, sid,
BasePermission.ADMINISTRATION, true, true, true)));
Assert.assertFalse(ace.equals(new AccessControlEntryImpl(new Long(1), mockAcl, new PrincipalSid("scott"),
BasePermission.ADMINISTRATION, true, true, true)));
Assert.assertFalse(ace.equals(new AccessControlEntryImpl(new Long(1), mockAcl, sid, BasePermission.WRITE, true,
true, true)));
Assert.assertFalse(ace.equals(new AccessControlEntryImpl(new Long(1), mockAcl, sid,
BasePermission.ADMINISTRATION, false, true, true)));
Assert.assertFalse(ace.equals(new AccessControlEntryImpl(new Long(1), mockAcl, sid,
BasePermission.ADMINISTRATION, true, false, true)));
Assert.assertFalse(ace.equals(new AccessControlEntryImpl(new Long(1), mockAcl, sid,
BasePermission.ADMINISTRATION, true, true, false)));
}
//~ Inner Classes ==================================================================================================
private class MockAcl implements Acl {
public AccessControlEntry[] getEntries() {
return null;
}
public ObjectIdentity getObjectIdentity() {
return null;
}
public Sid getOwner() {
return null;
}
public Acl getParentAcl() {
return null;
}
public boolean isEntriesInheriting() {
return false;
}
public boolean isGranted(Permission[] permission, Sid[] sids, boolean administrativeMode)
throws NotFoundException, UnloadedSidException {
return false;
}
public boolean isSidLoaded(Sid[] sids) {
return false;
}
}
}
@@ -1,638 +0,0 @@
package org.springframework.security.acls.domain;
import java.lang.reflect.Field;
import java.util.List;
import java.util.Map;
import junit.framework.TestCase;
import org.springframework.security.Authentication;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.acls.AccessControlEntry;
import org.springframework.security.acls.Acl;
import org.springframework.security.acls.AlreadyExistsException;
import org.springframework.security.acls.AuditableAccessControlEntry;
import org.springframework.security.acls.AuditableAcl;
import org.springframework.security.acls.ChildrenExistException;
import org.springframework.security.acls.MutableAcl;
import org.springframework.security.acls.MutableAclService;
import org.springframework.security.acls.NotFoundException;
import org.springframework.security.acls.OwnershipAcl;
import org.springframework.security.acls.Permission;
import org.springframework.security.acls.objectidentity.ObjectIdentity;
import org.springframework.security.acls.objectidentity.ObjectIdentityImpl;
import org.springframework.security.acls.sid.GrantedAuthoritySid;
import org.springframework.security.acls.sid.PrincipalSid;
import org.springframework.security.acls.sid.Sid;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.providers.TestingAuthenticationToken;
import org.springframework.security.util.FieldUtils;
/**
* Tests for {@link AclImpl}.
*
* @author Andrei Stefan
*/
public class AclImplTests extends TestCase {
// ~ Methods ========================================================================================================
@Override
protected void setUp() throws Exception {
super.setUp();
}
@Override
protected void tearDown() throws Exception {
SecurityContextHolder.clearContext();
super.tearDown();
}
public void testConstructorsRejectNullParameters() throws Exception {
Authentication auth = new TestingAuthenticationToken("johndoe", "ignored",
new GrantedAuthority[] { new GrantedAuthorityImpl("ROLE_ADMINISTRATOR") });
auth.setAuthenticated(true);
SecurityContextHolder.getContext().setAuthentication(auth);
AclAuthorizationStrategyImpl strategy = new AclAuthorizationStrategyImpl(new GrantedAuthority[] {
new GrantedAuthorityImpl("ROLE_OWNERSHIP"), new GrantedAuthorityImpl("ROLE_AUDITING"),
new GrantedAuthorityImpl("ROLE_GENERAL") });
AuditLogger auditLogger = new ConsoleAuditLogger();
ObjectIdentity identity = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(100));
try {
Acl acl = new AclImpl(null, new Long(1), strategy, auditLogger);
fail("It should have thrown IllegalArgumentException");
}
catch (IllegalArgumentException expected) {
assertTrue(true);
}
try {
Acl acl = new AclImpl(identity, null, strategy, auditLogger);
fail("It should have thrown IllegalArgumentException");
}
catch (IllegalArgumentException expected) {
assertTrue(true);
}
try {
Acl acl = new AclImpl(identity, new Long(1), null, auditLogger);
fail("It should have thrown IllegalArgumentException");
}
catch (IllegalArgumentException expected) {
assertTrue(true);
}
try {
Acl acl = new AclImpl(identity, new Long(1), strategy, null);
fail("It should have thrown IllegalArgumentException");
}
catch (IllegalArgumentException expected) {
assertTrue(true);
}
try {
Acl acl = new AclImpl(null, new Long(1), strategy, auditLogger, null, null, true, new PrincipalSid("johndoe"));
fail("It should have thrown IllegalArgumentException");
}
catch (IllegalArgumentException expected) {
assertTrue(true);
}
try {
Acl acl = new AclImpl(identity, null, strategy, auditLogger, null, null, true, new PrincipalSid("johndoe"));
fail("It should have thrown IllegalArgumentException");
}
catch (IllegalArgumentException expected) {
assertTrue(true);
}
try {
Acl acl = new AclImpl(identity, new Long(1), null, auditLogger, null, null, true, new PrincipalSid("johndoe"));
fail("It should have thrown IllegalArgumentException");
}
catch (IllegalArgumentException expected) {
assertTrue(true);
}
try {
Acl acl = new AclImpl(identity, new Long(1), strategy, null, null, null, true, new PrincipalSid("johndoe"));
fail("It should have thrown IllegalArgumentException");
}
catch (IllegalArgumentException expected) {
assertTrue(true);
}
try {
Acl acl = new AclImpl(identity, new Long(1), strategy, auditLogger, null, null, true, null);
fail("It should have thrown IllegalArgumentException");
}
catch (IllegalArgumentException expected) {
assertTrue(true);
}
}
public void testInsertAceRejectsNullParameters() throws Exception {
Authentication auth = new TestingAuthenticationToken("johndoe", "ignored",
new GrantedAuthority[] { new GrantedAuthorityImpl("ROLE_ADMINISTRATOR") });
auth.setAuthenticated(true);
SecurityContextHolder.getContext().setAuthentication(auth);
AclAuthorizationStrategyImpl strategy = new AclAuthorizationStrategyImpl(new GrantedAuthority[] {
new GrantedAuthorityImpl("ROLE_OWNERSHIP"), new GrantedAuthorityImpl("ROLE_AUDITING"),
new GrantedAuthorityImpl("ROLE_GENERAL") });
AuditLogger auditLogger = new ConsoleAuditLogger();
ObjectIdentity identity = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(100));
MutableAcl acl = new AclImpl(identity, new Long(1), strategy, auditLogger, null, null, true, new PrincipalSid(
"johndoe"));
try {
acl.insertAce(0, null, new GrantedAuthoritySid("ROLE_IGNORED"), true);
fail("It should have thrown IllegalArgumentException");
}
catch (IllegalArgumentException expected) {
assertTrue(true);
}
try {
acl.insertAce(0, BasePermission.READ, null, true);
fail("It should have thrown IllegalArgumentException");
}
catch (IllegalArgumentException expected) {
assertTrue(true);
}
}
public void testInsertAceAddsElementAtCorrectIndex() throws Exception {
Authentication auth = new TestingAuthenticationToken("johndoe", "ignored",
new GrantedAuthority[] { new GrantedAuthorityImpl("ROLE_ADMINISTRATOR") });
auth.setAuthenticated(true);
SecurityContextHolder.getContext().setAuthentication(auth);
AclAuthorizationStrategyImpl strategy = new AclAuthorizationStrategyImpl(new GrantedAuthority[] {
new GrantedAuthorityImpl("ROLE_OWNERSHIP"), new GrantedAuthorityImpl("ROLE_AUDITING"),
new GrantedAuthorityImpl("ROLE_GENERAL") });
AuditLogger auditLogger = new ConsoleAuditLogger();
ObjectIdentity identity = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(100));
MutableAcl acl = new AclImpl(identity, new Long(1), strategy, auditLogger, null, null, true, new PrincipalSid(
"johndoe"));
MockAclService service = new MockAclService();
// Insert one permission
acl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST1"), true);
service.updateAcl(acl);
// Check it was successfully added
assertEquals(1, acl.getEntries().length);
assertEquals(acl.getEntries()[0].getAcl(), acl);
assertEquals(acl.getEntries()[0].getPermission(), BasePermission.READ);
assertEquals(acl.getEntries()[0].getSid(), new GrantedAuthoritySid("ROLE_TEST1"));
// Add a second permission
acl.insertAce(1, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST2"), true);
service.updateAcl(acl);
// Check it was added on the last position
assertEquals(2, acl.getEntries().length);
assertEquals(acl.getEntries()[1].getAcl(), acl);
assertEquals(acl.getEntries()[1].getPermission(), BasePermission.READ);
assertEquals(acl.getEntries()[1].getSid(), new GrantedAuthoritySid("ROLE_TEST2"));
// Add a third permission, after the first one
acl.insertAce(1, BasePermission.WRITE, new GrantedAuthoritySid("ROLE_TEST3"), false);
service.updateAcl(acl);
assertEquals(3, acl.getEntries().length);
// Check the third entry was added between the two existent ones
assertEquals(acl.getEntries()[0].getPermission(), BasePermission.READ);
assertEquals(acl.getEntries()[0].getSid(), new GrantedAuthoritySid("ROLE_TEST1"));
assertEquals(acl.getEntries()[1].getPermission(), BasePermission.WRITE);
assertEquals(acl.getEntries()[1].getSid(), new GrantedAuthoritySid("ROLE_TEST3"));
assertEquals(acl.getEntries()[2].getPermission(), BasePermission.READ);
assertEquals(acl.getEntries()[2].getSid(), new GrantedAuthoritySid("ROLE_TEST2"));
}
public void testInsertAceFailsForInexistentElement() throws Exception {
Authentication auth = new TestingAuthenticationToken("johndoe", "ignored",
new GrantedAuthority[] { new GrantedAuthorityImpl("ROLE_ADMINISTRATOR") });
auth.setAuthenticated(true);
SecurityContextHolder.getContext().setAuthentication(auth);
AclAuthorizationStrategyImpl strategy = new AclAuthorizationStrategyImpl(new GrantedAuthority[] {
new GrantedAuthorityImpl("ROLE_OWNERSHIP"), new GrantedAuthorityImpl("ROLE_AUDITING"),
new GrantedAuthorityImpl("ROLE_GENERAL") });
AuditLogger auditLogger = new ConsoleAuditLogger();
ObjectIdentity identity = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(100));
MutableAcl acl = new AclImpl(identity, new Long(1), strategy, auditLogger, null, null, true, new PrincipalSid(
"johndoe"));
MockAclService service = new MockAclService();
// Insert one permission
acl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST1"), true);
service.updateAcl(acl);
try {
acl.insertAce(55, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST2"), true);
fail("It should have thrown NotFoundException");
}
catch (NotFoundException expected) {
assertTrue(true);
}
}
public void testDeleteAceKeepsInitialOrdering() throws Exception {
Authentication auth = new TestingAuthenticationToken("johndoe", "ignored",
new GrantedAuthority[] { new GrantedAuthorityImpl("ROLE_ADMINISTRATOR") });
auth.setAuthenticated(true);
SecurityContextHolder.getContext().setAuthentication(auth);
AclAuthorizationStrategyImpl strategy = new AclAuthorizationStrategyImpl(new GrantedAuthority[] {
new GrantedAuthorityImpl("ROLE_OWNERSHIP"), new GrantedAuthorityImpl("ROLE_AUDITING"),
new GrantedAuthorityImpl("ROLE_GENERAL") });
AuditLogger auditLogger = new ConsoleAuditLogger();
ObjectIdentity identity = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(100));
MutableAcl acl = new AclImpl(identity, new Long(1), strategy, auditLogger, null, null, true, new PrincipalSid(
"johndoe"));
MockAclService service = new MockAclService();
// Add several permissions
acl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST1"), true);
acl.insertAce(1, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST2"), true);
acl.insertAce(2, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST3"), true);
service.updateAcl(acl);
// Delete first permission and check the order of the remaining permissions is kept
acl.deleteAce(0);
assertEquals(2, acl.getEntries().length);
assertEquals(acl.getEntries()[0].getSid(), new GrantedAuthoritySid("ROLE_TEST2"));
assertEquals(acl.getEntries()[1].getSid(), new GrantedAuthoritySid("ROLE_TEST3"));
// Add one more permission and remove the permission in the middle
acl.insertAce(2, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST4"), true);
service.updateAcl(acl);
acl.deleteAce(1);
assertEquals(2, acl.getEntries().length);
assertEquals(acl.getEntries()[0].getSid(), new GrantedAuthoritySid("ROLE_TEST2"));
assertEquals(acl.getEntries()[1].getSid(), new GrantedAuthoritySid("ROLE_TEST4"));
// Remove remaining permissions
acl.deleteAce(1);
acl.deleteAce(0);
assertEquals(0, acl.getEntries().length);
}
public void testDeleteAceFailsForInexistentElement() throws Exception {
Authentication auth = new TestingAuthenticationToken("johndoe", "ignored",
new GrantedAuthority[] { new GrantedAuthorityImpl("ROLE_ADMINISTRATOR") });
auth.setAuthenticated(true);
SecurityContextHolder.getContext().setAuthentication(auth);
AclAuthorizationStrategyImpl strategy = new AclAuthorizationStrategyImpl(new GrantedAuthority[] {
new GrantedAuthorityImpl("ROLE_OWNERSHIP"), new GrantedAuthorityImpl("ROLE_AUDITING"),
new GrantedAuthorityImpl("ROLE_GENERAL") });
AuditLogger auditLogger = new ConsoleAuditLogger();
ObjectIdentity identity = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(100));
MutableAcl acl = new AclImpl(identity, new Long(1), strategy, auditLogger, null, null, true, new PrincipalSid(
"johndoe"));
try {
acl.deleteAce(99);
fail("It should have thrown NotFoundException");
}
catch (NotFoundException expected) {
assertTrue(true);
}
}
public void testIsGrantingRejectsEmptyParameters() throws Exception {
AclAuthorizationStrategyImpl strategy = new AclAuthorizationStrategyImpl(new GrantedAuthority[] {
new GrantedAuthorityImpl("ROLE_OWNERSHIP"), new GrantedAuthorityImpl("ROLE_AUDITING"),
new GrantedAuthorityImpl("ROLE_GENERAL") });
AuditLogger auditLogger = new ConsoleAuditLogger();
ObjectIdentity identity = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(100));
MutableAcl acl = new AclImpl(identity, new Long(1), strategy, auditLogger, null, null, true, new PrincipalSid(
"johndoe"));
try {
acl.isGranted(new Permission[] {}, new Sid[] { new PrincipalSid("ben") }, false);
fail("It should have thrown IllegalArgumentException");
}
catch (IllegalArgumentException expected) {
assertTrue(true);
}
try {
acl.isGranted(new Permission[] { BasePermission.READ }, new Sid[] {}, false);
fail("It should have thrown IllegalArgumentException");
}
catch (IllegalArgumentException expected) {
assertTrue(true);
}
}
public void testIsGrantingGrantsAccessForAclWithNoParent() throws Exception {
Authentication auth = new TestingAuthenticationToken("ben", "ignored", new GrantedAuthority[] {
new GrantedAuthorityImpl("ROLE_GENERAL"), new GrantedAuthorityImpl("ROLE_GUEST") });
auth.setAuthenticated(true);
SecurityContextHolder.getContext().setAuthentication(auth);
AclAuthorizationStrategyImpl strategy = new AclAuthorizationStrategyImpl(new GrantedAuthority[] {
new GrantedAuthorityImpl("ROLE_OWNERSHIP"), new GrantedAuthorityImpl("ROLE_AUDITING"),
new GrantedAuthorityImpl("ROLE_GENERAL") });
AuditLogger auditLogger = new ConsoleAuditLogger();
ObjectIdentity rootOid = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(100));
// Create an ACL which owner is not the authenticated principal
MutableAcl rootAcl = new AclImpl(rootOid, new Long(1), strategy, auditLogger, null, null, false, new PrincipalSid(
"johndoe"));
// Grant some permissions
rootAcl.insertAce(0, BasePermission.READ, new PrincipalSid("ben"), false);
rootAcl.insertAce(1, BasePermission.WRITE, new PrincipalSid("scott"), true);
rootAcl.insertAce(2, BasePermission.WRITE, new PrincipalSid("rod"), false);
rootAcl.insertAce(3, BasePermission.WRITE, new GrantedAuthoritySid("WRITE_ACCESS_ROLE"), true);
// Check permissions granting
Permission[] permissions = new Permission[] { BasePermission.READ, BasePermission.CREATE };
Sid[] sids = new Sid[] { new PrincipalSid("ben"), new GrantedAuthoritySid("ROLE_GUEST") };
assertFalse(rootAcl.isGranted(permissions, sids, false));
try {
rootAcl.isGranted(permissions, new Sid[] { new PrincipalSid("scott") }, false);
fail("It should have thrown NotFoundException");
}
catch (NotFoundException expected) {
assertTrue(true);
}
assertTrue(rootAcl.isGranted(new Permission[] { BasePermission.WRITE }, new Sid[] { new PrincipalSid("scott") },
false));
assertFalse(rootAcl.isGranted(new Permission[] { BasePermission.WRITE }, new Sid[] { new PrincipalSid("rod"),
new GrantedAuthoritySid("WRITE_ACCESS_ROLE") }, false));
assertTrue(rootAcl.isGranted(new Permission[] { BasePermission.WRITE }, new Sid[] {
new GrantedAuthoritySid("WRITE_ACCESS_ROLE"), new PrincipalSid("rod") }, false));
try {
// Change the type of the Sid and check the granting process
rootAcl.isGranted(new Permission[] { BasePermission.WRITE }, new Sid[] { new GrantedAuthoritySid("rod"),
new PrincipalSid("WRITE_ACCESS_ROLE") }, false);
fail("It should have thrown NotFoundException");
}
catch (NotFoundException expected) {
assertTrue(true);
}
}
public void testIsGrantingGrantsAccessForInheritableAcls() throws Exception {
Authentication auth = new TestingAuthenticationToken("ben", "ignored",
new GrantedAuthority[] { new GrantedAuthorityImpl("ROLE_GENERAL") });
auth.setAuthenticated(true);
SecurityContextHolder.getContext().setAuthentication(auth);
AclAuthorizationStrategyImpl strategy = new AclAuthorizationStrategyImpl(new GrantedAuthority[] {
new GrantedAuthorityImpl("ROLE_OWNERSHIP"), new GrantedAuthorityImpl("ROLE_AUDITING"),
new GrantedAuthorityImpl("ROLE_GENERAL") });
AuditLogger auditLogger = new ConsoleAuditLogger();
ObjectIdentity grandParentOid = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(100));
ObjectIdentity parentOid1 = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(101));
ObjectIdentity parentOid2 = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(102));
ObjectIdentity childOid1 = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(103));
ObjectIdentity childOid2 = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(104));
// Create ACLs
MutableAcl grandParentAcl = new AclImpl(grandParentOid, new Long(1), strategy, auditLogger, null, null, false,
new PrincipalSid("johndoe"));
MutableAcl parentAcl1 = new AclImpl(parentOid1, new Long(2), strategy, auditLogger, null, null, true,
new PrincipalSid("johndoe"));
MutableAcl parentAcl2 = new AclImpl(parentOid2, new Long(3), strategy, auditLogger, null, null, true,
new PrincipalSid("johndoe"));
MutableAcl childAcl1 = new AclImpl(childOid1, new Long(4), strategy, auditLogger, null, null, true,
new PrincipalSid("johndoe"));
MutableAcl childAcl2 = new AclImpl(childOid2, new Long(4), strategy, auditLogger, null, null, false,
new PrincipalSid("johndoe"));
// Create hierarchies
childAcl2.setParent(childAcl1);
childAcl1.setParent(parentAcl1);
parentAcl2.setParent(grandParentAcl);
parentAcl1.setParent(grandParentAcl);
// Add some permissions
grandParentAcl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_USER_READ"), true);
grandParentAcl.insertAce(1, BasePermission.WRITE, new PrincipalSid("ben"), true);
grandParentAcl.insertAce(2, BasePermission.DELETE, new PrincipalSid("ben"), false);
grandParentAcl.insertAce(3, BasePermission.DELETE, new PrincipalSid("scott"), true);
parentAcl1.insertAce(0, BasePermission.READ, new PrincipalSid("scott"), true);
parentAcl1.insertAce(1, BasePermission.DELETE, new PrincipalSid("scott"), false);
parentAcl2.insertAce(0, BasePermission.CREATE, new PrincipalSid("ben"), true);
childAcl1.insertAce(0, BasePermission.CREATE, new PrincipalSid("scott"), true);
// Check granting process for parent1
assertTrue(parentAcl1.isGranted(new Permission[] { BasePermission.READ }, new Sid[] { new PrincipalSid("scott") },
false));
assertTrue(parentAcl1.isGranted(new Permission[] { BasePermission.READ }, new Sid[] { new GrantedAuthoritySid(
"ROLE_USER_READ") }, false));
assertTrue(parentAcl1.isGranted(new Permission[] { BasePermission.WRITE }, new Sid[] { new PrincipalSid("ben") },
false));
assertFalse(parentAcl1.isGranted(new Permission[] { BasePermission.DELETE }, new Sid[] { new PrincipalSid("ben") },
false));
assertFalse(parentAcl1.isGranted(new Permission[] { BasePermission.DELETE },
new Sid[] { new PrincipalSid("scott") }, false));
// Check granting process for parent2
assertTrue(parentAcl2.isGranted(new Permission[] { BasePermission.CREATE }, new Sid[] { new PrincipalSid("ben") },
false));
assertTrue(parentAcl2.isGranted(new Permission[] { BasePermission.WRITE }, new Sid[] { new PrincipalSid("ben") },
false));
assertFalse(parentAcl2.isGranted(new Permission[] { BasePermission.DELETE }, new Sid[] { new PrincipalSid("ben") },
false));
// Check granting process for child1
assertTrue(childAcl1.isGranted(new Permission[] { BasePermission.CREATE }, new Sid[] { new PrincipalSid("scott") },
false));
assertTrue(childAcl1.isGranted(new Permission[] { BasePermission.READ }, new Sid[] { new GrantedAuthoritySid(
"ROLE_USER_READ") }, false));
assertFalse(childAcl1.isGranted(new Permission[] { BasePermission.DELETE }, new Sid[] { new PrincipalSid("ben") },
false));
// Check granting process for child2 (doesn't inherit the permissions from its parent)
try {
assertTrue(childAcl2.isGranted(new Permission[] { BasePermission.CREATE },
new Sid[] { new PrincipalSid("scott") }, false));
fail("It should have thrown NotFoundException");
}
catch (NotFoundException expected) {
assertTrue(true);
}
try {
assertTrue(childAcl2.isGranted(new Permission[] { BasePermission.CREATE }, new Sid[] { new PrincipalSid(
"johndoe") }, false));
fail("It should have thrown NotFoundException");
}
catch (NotFoundException expected) {
assertTrue(true);
}
}
public void testUpdateAce() throws Exception {
Authentication auth = new TestingAuthenticationToken("ben", "ignored",
new GrantedAuthority[] { new GrantedAuthorityImpl("ROLE_GENERAL") });
auth.setAuthenticated(true);
SecurityContextHolder.getContext().setAuthentication(auth);
AclAuthorizationStrategyImpl strategy = new AclAuthorizationStrategyImpl(new GrantedAuthority[] {
new GrantedAuthorityImpl("ROLE_OWNERSHIP"), new GrantedAuthorityImpl("ROLE_AUDITING"),
new GrantedAuthorityImpl("ROLE_GENERAL") });
AuditLogger auditLogger = new ConsoleAuditLogger();
ObjectIdentity identity = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(100));
MutableAcl acl = new AclImpl(identity, new Long(1), strategy, auditLogger, null, null, false, new PrincipalSid(
"johndoe"));
MockAclService service = new MockAclService();
acl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_USER_READ"), true);
acl.insertAce(1, BasePermission.WRITE, new GrantedAuthoritySid("ROLE_USER_READ"), true);
acl.insertAce(2, BasePermission.CREATE, new PrincipalSid("ben"), true);
service.updateAcl(acl);
assertEquals(acl.getEntries()[0].getPermission(), BasePermission.READ);
assertEquals(acl.getEntries()[1].getPermission(), BasePermission.WRITE);
assertEquals(acl.getEntries()[2].getPermission(), BasePermission.CREATE);
// Change each permission
acl.updateAce(0, BasePermission.CREATE);
acl.updateAce(1, BasePermission.DELETE);
acl.updateAce(2, BasePermission.READ);
// Check the change was successfuly made
assertEquals(acl.getEntries()[0].getPermission(), BasePermission.CREATE);
assertEquals(acl.getEntries()[1].getPermission(), BasePermission.DELETE);
assertEquals(acl.getEntries()[2].getPermission(), BasePermission.READ);
}
public void testUpdateAuditing() throws Exception {
Authentication auth = new TestingAuthenticationToken("ben", "ignored", new GrantedAuthority[] {
new GrantedAuthorityImpl("ROLE_AUDITING"), new GrantedAuthorityImpl("ROLE_GENERAL") });
auth.setAuthenticated(true);
SecurityContextHolder.getContext().setAuthentication(auth);
AclAuthorizationStrategyImpl strategy = new AclAuthorizationStrategyImpl(new GrantedAuthority[] {
new GrantedAuthorityImpl("ROLE_OWNERSHIP"), new GrantedAuthorityImpl("ROLE_AUDITING"),
new GrantedAuthorityImpl("ROLE_GENERAL") });
AuditLogger auditLogger = new ConsoleAuditLogger();
ObjectIdentity identity = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(100));
MutableAcl acl = new AclImpl(identity, new Long(1), strategy, auditLogger, null, null, false, new PrincipalSid(
"johndoe"));
MockAclService service = new MockAclService();
acl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_USER_READ"), true);
acl.insertAce(1, BasePermission.WRITE, new GrantedAuthoritySid("ROLE_USER_READ"), true);
service.updateAcl(acl);
assertFalse(((AuditableAccessControlEntry) acl.getEntries()[0]).isAuditFailure());
assertFalse(((AuditableAccessControlEntry) acl.getEntries()[1]).isAuditFailure());
assertFalse(((AuditableAccessControlEntry) acl.getEntries()[0]).isAuditSuccess());
assertFalse(((AuditableAccessControlEntry) acl.getEntries()[1]).isAuditSuccess());
// Change each permission
((AuditableAcl) acl).updateAuditing(0, true, true);
((AuditableAcl) acl).updateAuditing(1, true, true);
// Check the change was successfuly made
assertTrue(((AuditableAccessControlEntry) acl.getEntries()[0]).isAuditFailure());
assertTrue(((AuditableAccessControlEntry) acl.getEntries()[1]).isAuditFailure());
assertTrue(((AuditableAccessControlEntry) acl.getEntries()[0]).isAuditSuccess());
assertTrue(((AuditableAccessControlEntry) acl.getEntries()[1]).isAuditSuccess());
}
public void testGettersSetters() throws Exception {
Authentication auth = new TestingAuthenticationToken("ben", "ignored", new GrantedAuthority[] {
new GrantedAuthorityImpl("ROLE_GENERAL") });
auth.setAuthenticated(true);
SecurityContextHolder.getContext().setAuthentication(auth);
AclAuthorizationStrategyImpl strategy = new AclAuthorizationStrategyImpl(new GrantedAuthority[] {
new GrantedAuthorityImpl("ROLE_GENERAL"), new GrantedAuthorityImpl("ROLE_GENERAL"),
new GrantedAuthorityImpl("ROLE_GENERAL") });
AuditLogger auditLogger = new ConsoleAuditLogger();
ObjectIdentity identity = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(100));
ObjectIdentity identity2 = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(101));
MutableAcl acl = new AclImpl(identity, new Long(1), strategy, auditLogger, null, null, true, new PrincipalSid(
"johndoe"));
MutableAcl parentAcl = new AclImpl(identity2, new Long(2), strategy, auditLogger, null, null, true, new PrincipalSid(
"johndoe"));
MockAclService service = new MockAclService();
acl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_USER_READ"), true);
acl.insertAce(1, BasePermission.WRITE, new GrantedAuthoritySid("ROLE_USER_READ"), true);
service.updateAcl(acl);
assertEquals(acl.getId(), new Long(1));
assertEquals(acl.getObjectIdentity(), identity);
assertEquals(acl.getOwner(), new PrincipalSid("johndoe"));
assertNull(acl.getParentAcl());
assertTrue(acl.isEntriesInheriting());
assertEquals(2, acl.getEntries().length);
acl.setParent(parentAcl);
assertEquals(acl.getParentAcl(), parentAcl);
acl.setEntriesInheriting(false);
assertFalse(acl.isEntriesInheriting());
((OwnershipAcl) acl).setOwner(new PrincipalSid("ben"));
assertEquals(acl.getOwner(), new PrincipalSid("ben"));
}
public void testIsSidLoaded() throws Exception {
AclAuthorizationStrategyImpl strategy = new AclAuthorizationStrategyImpl(new GrantedAuthority[] {
new GrantedAuthorityImpl("ROLE_GENERAL"), new GrantedAuthorityImpl("ROLE_GENERAL"),
new GrantedAuthorityImpl("ROLE_GENERAL") });
AuditLogger auditLogger = new ConsoleAuditLogger();
ObjectIdentity identity = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(100));
Sid[] loadedSids = new Sid[] { new PrincipalSid("ben"), new GrantedAuthoritySid("ROLE_IGNORED") };
MutableAcl acl = new AclImpl(identity, new Long(1), strategy, auditLogger, null, loadedSids, true, new PrincipalSid(
"johndoe"));
assertTrue(acl.isSidLoaded(loadedSids));
assertTrue(acl.isSidLoaded(new Sid[] { new GrantedAuthoritySid("ROLE_IGNORED"), new PrincipalSid("ben") }));
assertTrue(acl.isSidLoaded(new Sid[] { new GrantedAuthoritySid("ROLE_IGNORED")}));
assertTrue(acl.isSidLoaded(new Sid[] { new PrincipalSid("ben") }));
assertTrue(acl.isSidLoaded(null));
assertTrue(acl.isSidLoaded(new Sid[] { }));
assertTrue(acl.isSidLoaded(new Sid[] { new GrantedAuthoritySid("ROLE_IGNORED"), new GrantedAuthoritySid("ROLE_IGNORED") }));
assertFalse(acl.isSidLoaded(new Sid[] { new GrantedAuthoritySid("ROLE_GENERAL"), new GrantedAuthoritySid("ROLE_IGNORED") }));
assertFalse(acl.isSidLoaded(new Sid[] { new GrantedAuthoritySid("ROLE_IGNORED"), new GrantedAuthoritySid("ROLE_GENERAL") }));
}
// ~ Inner Classes ==================================================================================================
private class MockAclService implements MutableAclService {
public MutableAcl createAcl(ObjectIdentity objectIdentity) throws AlreadyExistsException {
return null;
}
public void deleteAcl(ObjectIdentity objectIdentity, boolean deleteChildren) throws ChildrenExistException {
}
/*
* Mock implementation that populates the aces list with fully initialized AccessControlEntries
* @see org.springframework.security.acls.MutableAclService#updateAcl(org.springframework.security.acls.MutableAcl)
*/
public MutableAcl updateAcl(MutableAcl acl) throws NotFoundException {
AccessControlEntry[] oldAces = acl.getEntries();
Field acesField = FieldUtils.getField(AclImpl.class, "aces");
acesField.setAccessible(true);
List newAces;
try {
newAces = (List) acesField.get(acl);
newAces.clear();
for (int i = 0; i < oldAces.length; i++) {
AccessControlEntry ac = oldAces[i];
// Just give an ID to all this acl's aces, rest of the fields are just copied
newAces.add(new AccessControlEntryImpl(new Long(i + 1), ac.getAcl(), ac.getSid(), ac.getPermission(), ac
.isGranting(), ((AuditableAccessControlEntry) ac).isAuditSuccess(),
((AuditableAccessControlEntry) ac).isAuditFailure()));
}
}
catch (IllegalAccessException e) {
e.printStackTrace();
}
return acl;
}
public ObjectIdentity[] findChildren(ObjectIdentity parentIdentity) {
return null;
}
public Acl readAclById(ObjectIdentity object) throws NotFoundException {
return null;
}
public Acl readAclById(ObjectIdentity object, Sid[] sids) throws NotFoundException {
return null;
}
public Map readAclsById(ObjectIdentity[] objects) throws NotFoundException {
return null;
}
public Map readAclsById(ObjectIdentity[] objects, Sid[] sids) throws NotFoundException {
return null;
}
}
}
@@ -1,296 +0,0 @@
package org.springframework.security.acls.domain;
import junit.framework.Assert;
import junit.framework.TestCase;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.Authentication;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.acls.Acl;
import org.springframework.security.acls.MutableAcl;
import org.springframework.security.acls.NotFoundException;
import org.springframework.security.acls.objectidentity.ObjectIdentity;
import org.springframework.security.acls.objectidentity.ObjectIdentityImpl;
import org.springframework.security.acls.sid.PrincipalSid;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.providers.TestingAuthenticationToken;
/**
* Test class for {@link AclAuthorizationStrategyImpl} and {@link AclImpl}
* security checks.
*
* @author Andrei Stefan
*/
public class AclImplementationSecurityCheckTests extends TestCase {
//~ Methods ========================================================================================================
protected void setUp() throws Exception {
SecurityContextHolder.clearContext();
}
protected void tearDown() throws Exception {
SecurityContextHolder.clearContext();
}
public void testSecurityCheckNoACEs() throws Exception {
Authentication auth = new TestingAuthenticationToken("user", "password", new GrantedAuthority[] {
new GrantedAuthorityImpl("ROLE_GENERAL"), new GrantedAuthorityImpl("ROLE_AUDITING"),
new GrantedAuthorityImpl("ROLE_OWNERSHIP") });
auth.setAuthenticated(true);
SecurityContextHolder.getContext().setAuthentication(auth);
ObjectIdentity identity = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(100));
AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl(new GrantedAuthority[] {
new GrantedAuthorityImpl("ROLE_OWNERSHIP"), new GrantedAuthorityImpl("ROLE_AUDITING"),
new GrantedAuthorityImpl("ROLE_GENERAL") });
Acl acl = new AclImpl(identity, new Long(1), aclAuthorizationStrategy, new ConsoleAuditLogger());
try {
aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_GENERAL);
Assert.assertTrue(true);
}
catch (AccessDeniedException notExpected) {
Assert.fail("It shouldn't have thrown AccessDeniedException");
}
try {
aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_AUDITING);
Assert.assertTrue(true);
}
catch (AccessDeniedException notExpected) {
Assert.fail("It shouldn't have thrown AccessDeniedException");
}
try {
aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_OWNERSHIP);
Assert.assertTrue(true);
}
catch (AccessDeniedException notExpected) {
Assert.fail("It shouldn't have thrown AccessDeniedException");
}
// Create another authorization strategy
AclAuthorizationStrategy aclAuthorizationStrategy2 = new AclAuthorizationStrategyImpl(new GrantedAuthority[] {
new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO"),
new GrantedAuthorityImpl("ROLE_THREE") });
Acl acl2 = new AclImpl(identity, new Long(1), aclAuthorizationStrategy2, new ConsoleAuditLogger());
// Check access in case the principal has no authorization rights
try {
aclAuthorizationStrategy2.securityCheck(acl2, AclAuthorizationStrategy.CHANGE_GENERAL);
Assert.fail("It should have thrown NotFoundException");
}
catch (NotFoundException expected) {
Assert.assertTrue(true);
}
try {
aclAuthorizationStrategy2.securityCheck(acl2, AclAuthorizationStrategy.CHANGE_AUDITING);
Assert.fail("It should have thrown NotFoundException");
}
catch (NotFoundException expected) {
Assert.assertTrue(true);
}
try {
aclAuthorizationStrategy2.securityCheck(acl2, AclAuthorizationStrategy.CHANGE_OWNERSHIP);
Assert.fail("It should have thrown NotFoundException");
}
catch (NotFoundException expected) {
Assert.assertTrue(true);
}
}
public void testSecurityCheckWithMultipleACEs() throws Exception {
// Create a simple authentication with ROLE_GENERAL
Authentication auth = new TestingAuthenticationToken("user", "password",
new GrantedAuthority[] { new GrantedAuthorityImpl("ROLE_GENERAL") });
auth.setAuthenticated(true);
SecurityContextHolder.getContext().setAuthentication(auth);
ObjectIdentity identity = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(100));
// Authorization strategy will require a different role for each access
AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl(new GrantedAuthority[] {
new GrantedAuthorityImpl("ROLE_OWNERSHIP"), new GrantedAuthorityImpl("ROLE_AUDITING"),
new GrantedAuthorityImpl("ROLE_GENERAL") });
// Let's give the principal the ADMINISTRATION permission, without
// granting access
MutableAcl aclFirstDeny = new AclImpl(identity, new Long(1), aclAuthorizationStrategy, new ConsoleAuditLogger());
aclFirstDeny.insertAce(0, BasePermission.ADMINISTRATION, new PrincipalSid(auth), false);
// The CHANGE_GENERAL test should pass as the principal has ROLE_GENERAL
try {
aclAuthorizationStrategy.securityCheck(aclFirstDeny, AclAuthorizationStrategy.CHANGE_GENERAL);
Assert.assertTrue(true);
}
catch (AccessDeniedException notExpected) {
Assert.fail("It shouldn't have thrown AccessDeniedException");
}
// The CHANGE_AUDITING and CHANGE_OWNERSHIP should fail since the
// principal doesn't have these authorities,
// nor granting access
try {
aclAuthorizationStrategy.securityCheck(aclFirstDeny, AclAuthorizationStrategy.CHANGE_AUDITING);
Assert.fail("It should have thrown AccessDeniedException");
}
catch (AccessDeniedException expected) {
Assert.assertTrue(true);
}
try {
aclAuthorizationStrategy.securityCheck(aclFirstDeny, AclAuthorizationStrategy.CHANGE_OWNERSHIP);
Assert.fail("It should have thrown AccessDeniedException");
}
catch (AccessDeniedException expected) {
Assert.assertTrue(true);
}
// Add granting access to this principal
aclFirstDeny.insertAce(1, BasePermission.ADMINISTRATION, new PrincipalSid(auth), true);
// and try again for CHANGE_AUDITING - the first ACE's granting flag
// (false) will deny this access
try {
aclAuthorizationStrategy.securityCheck(aclFirstDeny, AclAuthorizationStrategy.CHANGE_AUDITING);
Assert.fail("It should have thrown AccessDeniedException");
}
catch (AccessDeniedException expected) {
Assert.assertTrue(true);
}
// Create another ACL and give the principal the ADMINISTRATION
// permission, with granting access
MutableAcl aclFirstAllow = new AclImpl(identity, new Long(1), aclAuthorizationStrategy,
new ConsoleAuditLogger());
aclFirstAllow.insertAce(0, BasePermission.ADMINISTRATION, new PrincipalSid(auth), true);
// The CHANGE_AUDITING test should pass as there is one ACE with
// granting access
try {
aclAuthorizationStrategy.securityCheck(aclFirstAllow, AclAuthorizationStrategy.CHANGE_AUDITING);
Assert.assertTrue(true);
}
catch (AccessDeniedException notExpected) {
Assert.fail("It shouldn't have thrown AccessDeniedException");
}
// Add a deny ACE and test again for CHANGE_AUDITING
aclFirstAllow.insertAce(1, BasePermission.ADMINISTRATION, new PrincipalSid(auth), false);
try {
aclAuthorizationStrategy.securityCheck(aclFirstAllow, AclAuthorizationStrategy.CHANGE_AUDITING);
Assert.assertTrue(true);
}
catch (AccessDeniedException notExpected) {
Assert.fail("It shouldn't have thrown AccessDeniedException");
}
// Create an ACL with no ACE
MutableAcl aclNoACE = new AclImpl(identity, new Long(1), aclAuthorizationStrategy, new ConsoleAuditLogger());
try {
aclAuthorizationStrategy.securityCheck(aclNoACE, AclAuthorizationStrategy.CHANGE_AUDITING);
Assert.fail("It should have thrown NotFoundException");
}
catch (NotFoundException expected) {
Assert.assertTrue(true);
}
// and still grant access for CHANGE_GENERAL
try {
aclAuthorizationStrategy.securityCheck(aclNoACE, AclAuthorizationStrategy.CHANGE_GENERAL);
Assert.assertTrue(true);
}
catch (NotFoundException expected) {
Assert.fail("It shouldn't have thrown NotFoundException");
}
}
public void testSecurityCheckWithInheritableACEs() throws Exception {
// Create a simple authentication with ROLE_GENERAL
Authentication auth = new TestingAuthenticationToken("user", "password",
new GrantedAuthority[] { new GrantedAuthorityImpl("ROLE_GENERAL") });
auth.setAuthenticated(true);
SecurityContextHolder.getContext().setAuthentication(auth);
ObjectIdentity identity = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(100));
// Authorization strategy will require a different role for each access
AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl(new GrantedAuthority[] {
new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO"),
new GrantedAuthorityImpl("ROLE_GENERAL") });
// Let's give the principal an ADMINISTRATION permission, with granting
// access
MutableAcl parentAcl = new AclImpl(identity, new Long(1), aclAuthorizationStrategy, new ConsoleAuditLogger());
parentAcl.insertAce(0, BasePermission.ADMINISTRATION, new PrincipalSid(auth), true);
MutableAcl childAcl = new AclImpl(identity, new Long(2), aclAuthorizationStrategy, new ConsoleAuditLogger());
// Check against the 'child' acl, which doesn't offer any authorization
// rights on CHANGE_OWNERSHIP
try {
aclAuthorizationStrategy.securityCheck(childAcl, AclAuthorizationStrategy.CHANGE_OWNERSHIP);
Assert.fail("It should have thrown NotFoundException");
}
catch (NotFoundException expected) {
Assert.assertTrue(true);
}
// Link the child with its parent and test again against the
// CHANGE_OWNERSHIP right
childAcl.setParent(parentAcl);
childAcl.setEntriesInheriting(true);
try {
aclAuthorizationStrategy.securityCheck(childAcl, AclAuthorizationStrategy.CHANGE_OWNERSHIP);
Assert.assertTrue(true);
}
catch (NotFoundException expected) {
Assert.fail("It shouldn't have thrown NotFoundException");
}
// Create a root parent and link it to the middle parent
MutableAcl rootParentAcl = new AclImpl(identity, new Long(1), aclAuthorizationStrategy,
new ConsoleAuditLogger());
parentAcl = new AclImpl(identity, new Long(1), aclAuthorizationStrategy, new ConsoleAuditLogger());
rootParentAcl.insertAce(0, BasePermission.ADMINISTRATION, new PrincipalSid(auth), true);
parentAcl.setEntriesInheriting(true);
parentAcl.setParent(rootParentAcl);
childAcl.setParent(parentAcl);
try {
aclAuthorizationStrategy.securityCheck(childAcl, AclAuthorizationStrategy.CHANGE_OWNERSHIP);
Assert.assertTrue(true);
}
catch (NotFoundException expected) {
Assert.fail("It shouldn't have thrown NotFoundException");
}
}
public void testSecurityCheckPrincipalOwner() throws Exception {
Authentication auth = new TestingAuthenticationToken("user", "password", new GrantedAuthority[] {
new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_ONE"),
new GrantedAuthorityImpl("ROLE_ONE") });
auth.setAuthenticated(true);
SecurityContextHolder.getContext().setAuthentication(auth);
ObjectIdentity identity = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(100));
AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl(new GrantedAuthority[] {
new GrantedAuthorityImpl("ROLE_OWNERSHIP"), new GrantedAuthorityImpl("ROLE_AUDITING"),
new GrantedAuthorityImpl("ROLE_GENERAL") });
Acl acl = new AclImpl(identity, new Long(1), aclAuthorizationStrategy, new ConsoleAuditLogger(), null, null,
false, new PrincipalSid(auth));
try {
aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_GENERAL);
Assert.assertTrue(true);
}
catch (AccessDeniedException notExpected) {
Assert.fail("It shouldn't have thrown AccessDeniedException");
}
try {
aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_AUDITING);
Assert.fail("It shouldn't have thrown AccessDeniedException");
}
catch (NotFoundException expected) {
Assert.assertTrue(true);
}
try {
aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_OWNERSHIP);
Assert.assertTrue(true);
}
catch (AccessDeniedException notExpected) {
Assert.fail("It shouldn't have thrown AccessDeniedException");
}
}
}
@@ -1,137 +0,0 @@
package org.springframework.security.acls.domain;
import java.io.ByteArrayOutputStream;
import java.io.PrintStream;
import java.io.Serializable;
import junit.framework.Assert;
import junit.framework.TestCase;
import org.springframework.security.acls.AccessControlEntry;
import org.springframework.security.acls.Acl;
import org.springframework.security.acls.AuditableAccessControlEntry;
import org.springframework.security.acls.Permission;
import org.springframework.security.acls.sid.Sid;
/**
* Test class for {@link ConsoleAuditLogger}.
*
* @author Andrei Stefan
*/
public class AuditLoggerTests extends TestCase {
//~ Instance fields ================================================================================================
private PrintStream console;
private ByteArrayOutputStream bytes = new ByteArrayOutputStream();
//~ Methods ========================================================================================================
public void setUp() throws Exception {
console = System.out;
System.setOut(new PrintStream(bytes));
}
public void tearDown() throws Exception {
System.setOut(console);
}
public void testLoggingTests() throws Exception {
ConsoleAuditLogger logger = new ConsoleAuditLogger();
MockAccessControlEntryImpl auditableAccessControlEntry = new MockAccessControlEntryImpl();
logger.logIfNeeded(true, auditableAccessControlEntry);
Assert.assertTrue(bytes.size() == 0);
bytes.reset();
logger.logIfNeeded(false, auditableAccessControlEntry);
Assert.assertTrue(bytes.size() == 0);
auditableAccessControlEntry.setAuditSuccess(true);
bytes.reset();
logger.logIfNeeded(true, auditableAccessControlEntry);
Assert.assertTrue(bytes.toString().length() > 0);
Assert.assertTrue(bytes.toString().startsWith("GRANTED due to ACE"));
auditableAccessControlEntry.setAuditFailure(true);
bytes.reset();
logger.logIfNeeded(false, auditableAccessControlEntry);
Assert.assertTrue(bytes.toString().length() > 0);
Assert.assertTrue(bytes.toString().startsWith("DENIED due to ACE"));
MockAccessControlEntry accessControlEntry = new MockAccessControlEntry();
bytes.reset();
logger.logIfNeeded(true, accessControlEntry);
Assert.assertTrue(bytes.size() == 0);
}
//~ Inner Classes ==================================================================================================
private class MockAccessControlEntryImpl implements AuditableAccessControlEntry {
private boolean auditFailure = false;
private boolean auditSuccess = false;
public boolean isAuditFailure() {
return auditFailure;
}
public boolean isAuditSuccess() {
return auditSuccess;
}
public Acl getAcl() {
return null;
}
public Serializable getId() {
return null;
}
public Permission getPermission() {
return null;
}
public Sid getSid() {
return null;
}
public boolean isGranting() {
return false;
}
public void setAuditFailure(boolean auditFailure) {
this.auditFailure = auditFailure;
}
public void setAuditSuccess(boolean auditSuccess) {
this.auditSuccess = auditSuccess;
}
}
private class MockAccessControlEntry implements AccessControlEntry {
public Acl getAcl() {
return null;
}
public Serializable getId() {
return null;
}
public Permission getPermission() {
return null;
}
public Sid getSid() {
return null;
}
public boolean isGranting() {
return false;
}
}
}
@@ -1,209 +0,0 @@
package org.springframework.security.acls.jdbc;
import java.io.IOException;
import junit.framework.TestCase;
import net.sf.ehcache.CacheManager;
import net.sf.ehcache.Ehcache;
import org.springframework.cache.ehcache.EhCacheFactoryBean;
import org.springframework.cache.ehcache.EhCacheManagerFactoryBean;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.jdbc.datasource.DataSourceTransactionManager;
import org.springframework.jdbc.datasource.DriverManagerDataSource;
import org.springframework.security.Authentication;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.acls.MutableAcl;
import org.springframework.security.acls.domain.AclAuthorizationStrategyImpl;
import org.springframework.security.acls.domain.AclImpl;
import org.springframework.security.acls.domain.BasePermission;
import org.springframework.security.acls.domain.ConsoleAuditLogger;
import org.springframework.security.acls.objectidentity.ObjectIdentityImpl;
import org.springframework.security.acls.sid.GrantedAuthoritySid;
import org.springframework.security.acls.sid.PrincipalSid;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
import org.springframework.transaction.TransactionStatus;
import org.springframework.transaction.support.DefaultTransactionDefinition;
public class AclPermissionInheritanceTests extends TestCase {
private JdbcMutableAclService aclService;
private JdbcTemplate jdbcTemplate;
private DriverManagerDataSource dataSource;
private DataSourceTransactionManager txManager;
private TransactionStatus txStatus;
protected void setUp() throws Exception {
dataSource = new DriverManagerDataSource();
dataSource.setDriverClassName("org.hsqldb.jdbcDriver");
dataSource.setUrl("jdbc:hsqldb:mem:permissiontest");
dataSource.setUsername("sa");
dataSource.setPassword("");
jdbcTemplate = new JdbcTemplate(dataSource);
txManager = new DataSourceTransactionManager();
txManager.setDataSource(dataSource);
txStatus = txManager.getTransaction(new DefaultTransactionDefinition());
aclService = createAclService(dataSource);
Authentication auth = new UsernamePasswordAuthenticationToken(
"system", "secret", new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_IGNORED")});
SecurityContextHolder.getContext().setAuthentication(auth);
}
protected void tearDown() throws Exception {
txManager.rollback(txStatus);
SecurityContextHolder.clearContext();
}
public void test1() throws Exception {
createAclSchema(jdbcTemplate);
ObjectIdentityImpl rootObject =
new ObjectIdentityImpl(TestDomainObject.class, new Long(1));
MutableAcl parent = aclService.createAcl(rootObject);
MutableAcl child = aclService.createAcl(new ObjectIdentityImpl(TestDomainObject.class, new Long(2)));
child.setParent(parent);
aclService.updateAcl(child);
parent = (AclImpl) aclService.readAclById(rootObject);
parent.insertAce(0, BasePermission.READ,
new PrincipalSid("john"), true);
aclService.updateAcl(parent);
parent = (AclImpl) aclService.readAclById(rootObject);
parent.insertAce(1, BasePermission.READ,
new PrincipalSid("joe"), true);
aclService.updateAcl(parent);
child = (MutableAcl) aclService.readAclById(
new ObjectIdentityImpl(TestDomainObject.class, new Long(2)));
parent = (MutableAcl) child.getParentAcl();
assertEquals("Fails because child has a stale reference to its parent",
2, parent.getEntries().length);
assertEquals(1, parent.getEntries()[0].getPermission().getMask());
assertEquals(new PrincipalSid("john"), parent.getEntries()[0].getSid());
assertEquals(1, parent.getEntries()[1].getPermission().getMask());
assertEquals(new PrincipalSid("joe"), parent.getEntries()[1].getSid());
}
public void test2() throws Exception {
createAclSchema(jdbcTemplate);
ObjectIdentityImpl rootObject =
new ObjectIdentityImpl(TestDomainObject.class, new Long(1));
MutableAcl parent = aclService.createAcl(rootObject);
MutableAcl child = aclService.createAcl(new ObjectIdentityImpl(TestDomainObject.class, new Long(2)));
child.setParent(parent);
aclService.updateAcl(child);
parent.insertAce(0, BasePermission.ADMINISTRATION,
new GrantedAuthoritySid("ROLE_ADMINISTRATOR"), true);
aclService.updateAcl(parent);
parent.insertAce(1, BasePermission.DELETE, new PrincipalSid("terry"), true);
aclService.updateAcl(parent);
child = (MutableAcl) aclService.readAclById(
new ObjectIdentityImpl(TestDomainObject.class, new Long(2)));
parent = (MutableAcl) child.getParentAcl();
assertEquals(2, parent.getEntries().length);
assertEquals(16, parent.getEntries()[0].getPermission().getMask());
assertEquals(new GrantedAuthoritySid("ROLE_ADMINISTRATOR"), parent.getEntries()[0].getSid());
assertEquals(8, parent.getEntries()[1].getPermission().getMask());
assertEquals(new PrincipalSid("terry"), parent.getEntries()[1].getSid());
}
private JdbcMutableAclService createAclService(DriverManagerDataSource ds)
throws IOException {
GrantedAuthorityImpl adminAuthority = new GrantedAuthorityImpl("ROLE_ADMINISTRATOR");
AclAuthorizationStrategyImpl authStrategy = new AclAuthorizationStrategyImpl(
new GrantedAuthorityImpl[]{adminAuthority,adminAuthority,adminAuthority});
EhCacheManagerFactoryBean ehCacheManagerFactoryBean = new EhCacheManagerFactoryBean();
ehCacheManagerFactoryBean.afterPropertiesSet();
CacheManager cacheManager = (CacheManager) ehCacheManagerFactoryBean.getObject();
EhCacheFactoryBean ehCacheFactoryBean = new EhCacheFactoryBean();
ehCacheFactoryBean.setCacheName("aclAche");
ehCacheFactoryBean.setCacheManager(cacheManager);
ehCacheFactoryBean.afterPropertiesSet();
Ehcache ehCache = (Ehcache) ehCacheFactoryBean.getObject();
AclCache aclAche = new EhCacheBasedAclCache(ehCache);
BasicLookupStrategy lookupStrategy =
new BasicLookupStrategy(ds, aclAche, authStrategy, new ConsoleAuditLogger());
return new JdbcMutableAclService(ds,lookupStrategy, aclAche);
}
private void createAclSchema(JdbcTemplate jdbcTemplate) {
jdbcTemplate.execute("DROP TABLE ACL_ENTRY IF EXISTS;");
jdbcTemplate.execute("DROP TABLE ACL_OBJECT_IDENTITY IF EXISTS;");
jdbcTemplate.execute("DROP TABLE ACL_CLASS IF EXISTS");
jdbcTemplate.execute("DROP TABLE ACL_SID IF EXISTS");
jdbcTemplate.execute(
"CREATE TABLE ACL_SID(" +
"ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 100) NOT NULL PRIMARY KEY," +
"PRINCIPAL BOOLEAN NOT NULL," +
"SID VARCHAR_IGNORECASE(100) NOT NULL," +
"CONSTRAINT UNIQUE_UK_1 UNIQUE(SID,PRINCIPAL));");
jdbcTemplate.execute(
"CREATE TABLE ACL_CLASS(" +
"ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 100) NOT NULL PRIMARY KEY," +
"CLASS VARCHAR_IGNORECASE(100) NOT NULL," +
"CONSTRAINT UNIQUE_UK_2 UNIQUE(CLASS));");
jdbcTemplate.execute(
"CREATE TABLE ACL_OBJECT_IDENTITY(" +
"ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 100) NOT NULL PRIMARY KEY," +
"OBJECT_ID_CLASS BIGINT NOT NULL," +
"OBJECT_ID_IDENTITY BIGINT NOT NULL," +
"PARENT_OBJECT BIGINT," +
"OWNER_SID BIGINT," +
"ENTRIES_INHERITING BOOLEAN NOT NULL," +
"CONSTRAINT UNIQUE_UK_3 UNIQUE(OBJECT_ID_CLASS,OBJECT_ID_IDENTITY)," +
"CONSTRAINT FOREIGN_FK_1 FOREIGN KEY(PARENT_OBJECT)REFERENCES ACL_OBJECT_IDENTITY(ID)," +
"CONSTRAINT FOREIGN_FK_2 FOREIGN KEY(OBJECT_ID_CLASS)REFERENCES ACL_CLASS(ID)," +
"CONSTRAINT FOREIGN_FK_3 FOREIGN KEY(OWNER_SID)REFERENCES ACL_SID(ID));");
jdbcTemplate.execute(
"CREATE TABLE ACL_ENTRY(" +
"ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 100) NOT NULL PRIMARY KEY," +
"ACL_OBJECT_IDENTITY BIGINT NOT NULL,ACE_ORDER INT NOT NULL,SID BIGINT NOT NULL," +
"MASK INTEGER NOT NULL,GRANTING BOOLEAN NOT NULL,AUDIT_SUCCESS BOOLEAN NOT NULL," +
"AUDIT_FAILURE BOOLEAN NOT NULL,CONSTRAINT UNIQUE_UK_4 UNIQUE(ACL_OBJECT_IDENTITY,ACE_ORDER)," +
"CONSTRAINT FOREIGN_FK_4 FOREIGN KEY(ACL_OBJECT_IDENTITY) REFERENCES ACL_OBJECT_IDENTITY(ID)," +
"CONSTRAINT FOREIGN_FK_5 FOREIGN KEY(SID) REFERENCES ACL_SID(ID));");
}
public static class TestDomainObject {
private Long id;
public Long getId() {
return id;
}
public void setId(Long id) {
this.id = id;
}
}
}
@@ -1,310 +0,0 @@
package org.springframework.security.acls.jdbc;
import java.util.Map;
import junit.framework.Assert;
import net.sf.ehcache.Cache;
import net.sf.ehcache.CacheManager;
import net.sf.ehcache.Ehcache;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import org.springframework.core.io.ClassPathResource;
import org.springframework.core.io.Resource;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.TestDataSource;
import org.springframework.security.acls.Acl;
import org.springframework.security.acls.AuditableAccessControlEntry;
import org.springframework.security.acls.MutableAcl;
import org.springframework.security.acls.NotFoundException;
import org.springframework.security.acls.Permission;
import org.springframework.security.acls.domain.AclAuthorizationStrategy;
import org.springframework.security.acls.domain.AclAuthorizationStrategyImpl;
import org.springframework.security.acls.domain.BasePermission;
import org.springframework.security.acls.domain.ConsoleAuditLogger;
import org.springframework.security.acls.objectidentity.ObjectIdentity;
import org.springframework.security.acls.objectidentity.ObjectIdentityImpl;
import org.springframework.security.acls.sid.PrincipalSid;
import org.springframework.security.acls.sid.Sid;
import org.springframework.util.FileCopyUtils;
/**
* Tests {@link BasicLookupStrategy}
*
* @author Andrei Stefan
*/
public class BasicLookupStrategyTests {
//~ Instance fields ================================================================================================
private static JdbcTemplate jdbcTemplate;
private LookupStrategy strategy;
private static TestDataSource dataSource;
private static CacheManager cacheManager;
//~ Methods ========================================================================================================
@BeforeClass
public static void initCacheManaer() {
cacheManager = new CacheManager();
cacheManager.addCache(new Cache("basiclookuptestcache", 500, false, false, 30, 30));
}
@BeforeClass
public static void createDatabase() throws Exception {
dataSource = new TestDataSource("lookupstrategytest");
jdbcTemplate = new JdbcTemplate(dataSource);
Resource resource = new ClassPathResource("org/springframework/security/acls/jdbc/testData.sql");
String sql = new String(FileCopyUtils.copyToByteArray(resource.getInputStream()));
jdbcTemplate.execute(sql);
}
@AfterClass
public static void dropDatabase() throws Exception {
dataSource.destroy();
}
@AfterClass
public static void shutdownCacheManager() {
cacheManager.removalAll();
cacheManager.shutdown();
}
@Before
public void populateDatabase() {
String query = "INSERT INTO acl_sid(ID,PRINCIPAL,SID) VALUES (1,1,'ben');"
+ "INSERT INTO acl_class(ID,CLASS) VALUES (2,'org.springframework.security.TargetObject');"
+ "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (1,2,100,null,1,1);"
+ "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (2,2,101,1,1,1);"
+ "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (3,2,102,2,1,1);"
+ "INSERT INTO acl_entry(ID,ACL_OBJECT_IDENTITY,ACE_ORDER,SID,MASK,GRANTING,AUDIT_SUCCESS,AUDIT_FAILURE) VALUES (1,1,0,1,1,1,0,0);"
+ "INSERT INTO acl_entry(ID,ACL_OBJECT_IDENTITY,ACE_ORDER,SID,MASK,GRANTING,AUDIT_SUCCESS,AUDIT_FAILURE) VALUES (2,1,1,1,2,0,0,0);"
+ "INSERT INTO acl_entry(ID,ACL_OBJECT_IDENTITY,ACE_ORDER,SID,MASK,GRANTING,AUDIT_SUCCESS,AUDIT_FAILURE) VALUES (3,2,0,1,8,1,0,0);"
+ "INSERT INTO acl_entry(ID,ACL_OBJECT_IDENTITY,ACE_ORDER,SID,MASK,GRANTING,AUDIT_SUCCESS,AUDIT_FAILURE) VALUES (4,3,0,1,8,0,0,0);";
jdbcTemplate.execute(query);
}
@Before
public void initializeBeans() {
EhCacheBasedAclCache cache = new EhCacheBasedAclCache(getCache());
AclAuthorizationStrategy authorizationStrategy = new AclAuthorizationStrategyImpl(new GrantedAuthority[] {
new GrantedAuthorityImpl("ROLE_ADMINISTRATOR"), new GrantedAuthorityImpl("ROLE_ADMINISTRATOR"),
new GrantedAuthorityImpl("ROLE_ADMINISTRATOR") });
strategy = new BasicLookupStrategy(dataSource, cache, authorizationStrategy, new ConsoleAuditLogger());
}
@After
public void emptyDatabase() {
String query = "DELETE FROM acl_entry;" + "DELETE FROM acl_object_identity WHERE ID = 7;"
+ "DELETE FROM acl_object_identity WHERE ID = 6;" + "DELETE FROM acl_object_identity WHERE ID = 5;"
+ "DELETE FROM acl_object_identity WHERE ID = 4;" + "DELETE FROM acl_object_identity WHERE ID = 3;"
+ "DELETE FROM acl_object_identity WHERE ID = 2;" + "DELETE FROM acl_object_identity WHERE ID = 1;"
+ "DELETE FROM acl_class;" + "DELETE FROM acl_sid;";
jdbcTemplate.execute(query);
}
private Ehcache getCache() {
Ehcache cache = cacheManager.getCache("basiclookuptestcache");
cache.removeAll();
return cache;
}
@Test
public void testAclsRetrievalWithDefaultBatchSize() throws Exception {
ObjectIdentity topParentOid = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(100));
ObjectIdentity middleParentOid = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(101));
ObjectIdentity childOid = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(102));
Map map = this.strategy.readAclsById(new ObjectIdentity[] { topParentOid, middleParentOid, childOid }, null);
checkEntries(topParentOid, middleParentOid, childOid, map);
}
@Test
public void testAclsRetrievalFromCacheOnly() throws Exception {
ObjectIdentity topParentOid = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(100));
ObjectIdentity middleParentOid = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(101));
ObjectIdentity childOid = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(102));
// Objects were put in cache
strategy.readAclsById(new ObjectIdentity[] { topParentOid, middleParentOid, childOid }, null);
// Let's empty the database to force acls retrieval from cache
emptyDatabase();
Map map = this.strategy.readAclsById(new ObjectIdentity[] { topParentOid, middleParentOid, childOid }, null);
checkEntries(topParentOid, middleParentOid, childOid, map);
}
@Test
public void testAclsRetrievalWithCustomBatchSize() throws Exception {
ObjectIdentity topParentOid = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(100));
ObjectIdentity middleParentOid = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(101));
ObjectIdentity childOid = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(102));
// Set a batch size to allow multiple database queries in order to retrieve all acls
((BasicLookupStrategy) this.strategy).setBatchSize(1);
Map map = this.strategy.readAclsById(new ObjectIdentity[] { topParentOid, middleParentOid, childOid }, null);
checkEntries(topParentOid, middleParentOid, childOid, map);
}
private void checkEntries(ObjectIdentity topParentOid, ObjectIdentity middleParentOid, ObjectIdentity childOid, Map map)
throws Exception {
Assert.assertEquals(3, map.size());
MutableAcl topParent = (MutableAcl) map.get(topParentOid);
MutableAcl middleParent = (MutableAcl) map.get(middleParentOid);
MutableAcl child = (MutableAcl) map.get(childOid);
// Check the retrieved versions has IDs
Assert.assertNotNull(topParent.getId());
Assert.assertNotNull(middleParent.getId());
Assert.assertNotNull(child.getId());
// Check their parents were correctly retrieved
Assert.assertNull(topParent.getParentAcl());
Assert.assertEquals(topParentOid, middleParent.getParentAcl().getObjectIdentity());
Assert.assertEquals(middleParentOid, child.getParentAcl().getObjectIdentity());
// Check their ACEs were correctly retrieved
Assert.assertEquals(2, topParent.getEntries().length);
Assert.assertEquals(1, middleParent.getEntries().length);
Assert.assertEquals(1, child.getEntries().length);
// Check object identities were correctly retrieved
Assert.assertEquals(topParentOid, topParent.getObjectIdentity());
Assert.assertEquals(middleParentOid, middleParent.getObjectIdentity());
Assert.assertEquals(childOid, child.getObjectIdentity());
// Check each entry
Assert.assertTrue(topParent.isEntriesInheriting());
Assert.assertEquals(topParent.getId(), new Long(1));
Assert.assertEquals(topParent.getOwner(), new PrincipalSid("ben"));
Assert.assertEquals(topParent.getEntries()[0].getId(), new Long(1));
Assert.assertEquals(topParent.getEntries()[0].getPermission(), BasePermission.READ);
Assert.assertEquals(topParent.getEntries()[0].getSid(), new PrincipalSid("ben"));
Assert.assertFalse(((AuditableAccessControlEntry) topParent.getEntries()[0]).isAuditFailure());
Assert.assertFalse(((AuditableAccessControlEntry) topParent.getEntries()[0]).isAuditSuccess());
Assert.assertTrue(((AuditableAccessControlEntry) topParent.getEntries()[0]).isGranting());
Assert.assertEquals(topParent.getEntries()[1].getId(), new Long(2));
Assert.assertEquals(topParent.getEntries()[1].getPermission(), BasePermission.WRITE);
Assert.assertEquals(topParent.getEntries()[1].getSid(), new PrincipalSid("ben"));
Assert.assertFalse(((AuditableAccessControlEntry) topParent.getEntries()[1]).isAuditFailure());
Assert.assertFalse(((AuditableAccessControlEntry) topParent.getEntries()[1]).isAuditSuccess());
Assert.assertFalse(((AuditableAccessControlEntry) topParent.getEntries()[1]).isGranting());
Assert.assertTrue(middleParent.isEntriesInheriting());
Assert.assertEquals(middleParent.getId(), new Long(2));
Assert.assertEquals(middleParent.getOwner(), new PrincipalSid("ben"));
Assert.assertEquals(middleParent.getEntries()[0].getId(), new Long(3));
Assert.assertEquals(middleParent.getEntries()[0].getPermission(), BasePermission.DELETE);
Assert.assertEquals(middleParent.getEntries()[0].getSid(), new PrincipalSid("ben"));
Assert.assertFalse(((AuditableAccessControlEntry) middleParent.getEntries()[0]).isAuditFailure());
Assert.assertFalse(((AuditableAccessControlEntry) middleParent.getEntries()[0]).isAuditSuccess());
Assert.assertTrue(((AuditableAccessControlEntry) middleParent.getEntries()[0]).isGranting());
Assert.assertTrue(child.isEntriesInheriting());
Assert.assertEquals(child.getId(), new Long(3));
Assert.assertEquals(child.getOwner(), new PrincipalSid("ben"));
Assert.assertEquals(child.getEntries()[0].getId(), new Long(4));
Assert.assertEquals(child.getEntries()[0].getPermission(), BasePermission.DELETE);
Assert.assertEquals(child.getEntries()[0].getSid(), new PrincipalSid("ben"));
Assert.assertFalse(((AuditableAccessControlEntry) child.getEntries()[0]).isAuditFailure());
Assert.assertFalse(((AuditableAccessControlEntry) child.getEntries()[0]).isAuditSuccess());
Assert.assertFalse((child.getEntries()[0]).isGranting());
}
@Test
public void testAllParentsAreRetrievedWhenChildIsLoaded() throws Exception {
String query = "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (4,2,103,1,1,1);";
jdbcTemplate.execute(query);
ObjectIdentity topParentOid = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(100));
ObjectIdentity middleParentOid = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(101));
ObjectIdentity childOid = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(102));
ObjectIdentity middleParent2Oid = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(103));
// Retrieve the child
Map map = this.strategy.readAclsById(new ObjectIdentity[] { childOid }, null);
// Check that the child and all its parents were retrieved
Assert.assertNotNull(map.get(childOid));
Assert.assertEquals(childOid, ((Acl) map.get(childOid)).getObjectIdentity());
Assert.assertNotNull(map.get(middleParentOid));
Assert.assertEquals(middleParentOid, ((Acl) map.get(middleParentOid)).getObjectIdentity());
Assert.assertNotNull(map.get(topParentOid));
Assert.assertEquals(topParentOid, ((Acl) map.get(topParentOid)).getObjectIdentity());
// The second parent shouldn't have been retrieved
Assert.assertNull(map.get(middleParent2Oid));
}
/**
* Test created from SEC-590.
*/
@Test
public void testReadAllObjectIdentitiesWhenLastElementIsAlreadyCached() throws Exception {
String query = "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (4,2,104,null,1,1);"
+ "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (5,2,105,4,1,1);"
+ "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (6,2,106,4,1,1);"
+ "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (7,2,107,5,1,1);"
+ "INSERT INTO acl_entry(ID,ACL_OBJECT_IDENTITY,ACE_ORDER,SID,MASK,GRANTING,AUDIT_SUCCESS,AUDIT_FAILURE) VALUES (5,4,0,1,1,1,0,0)";
jdbcTemplate.execute(query);
ObjectIdentity grandParentOid = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(104));
ObjectIdentity parent1Oid = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(105));
ObjectIdentity parent2Oid = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(106));
ObjectIdentity childOid = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(107));
// First lookup only child, thus populating the cache with grandParent, parent1 and child
Permission[] checkPermission = new Permission[] { BasePermission.READ };
Sid[] sids = new Sid[] { new PrincipalSid("ben") };
ObjectIdentity[] childOids = new ObjectIdentity[] { childOid };
((BasicLookupStrategy) this.strategy).setBatchSize(6);
Map foundAcls = strategy.readAclsById(childOids, sids);
Acl foundChildAcl = (Acl) foundAcls.get(childOid);
Assert.assertNotNull(foundChildAcl);
Assert.assertTrue(foundChildAcl.isGranted(checkPermission, sids, false));
// Search for object identities has to be done in the following order: last element have to be one which
// is already in cache and the element before it must not be stored in cache
ObjectIdentity[] allOids = new ObjectIdentity[] { grandParentOid, parent1Oid, parent2Oid, childOid };
try {
foundAcls = strategy.readAclsById(allOids, sids);
Assert.assertTrue(true);
} catch (NotFoundException notExpected) {
Assert.fail("It shouldn't have thrown NotFoundException");
}
Acl foundParent2Acl = (Acl) foundAcls.get(parent2Oid);
Assert.assertNotNull(foundParent2Acl);
Assert.assertTrue(foundParent2Acl.isGranted(checkPermission, sids, false));
}
@Test
public void testAclsWithDifferentSerializableTypesAsObjectIdentities() throws Exception {
String query = "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (4,2,104,null,1,1);"
+ "INSERT INTO acl_entry(ID,ACL_OBJECT_IDENTITY,ACE_ORDER,SID,MASK,GRANTING,AUDIT_SUCCESS,AUDIT_FAILURE) VALUES (5,4,0,1,1,1,0,0)";
jdbcTemplate.execute(query);
ObjectIdentity oid = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Integer(104));
Sid[] sids = new Sid[] { new PrincipalSid("ben") };
ObjectIdentity[] childOids = new ObjectIdentity[] { oid };
try {
Map foundAcls = strategy.readAclsById(childOids, sids);
Assert.fail("It should have thrown IllegalArgumentException");
} catch(IllegalArgumentException expected) {
Assert.assertTrue(true);
}
}
}
@@ -1,248 +0,0 @@
package org.springframework.security.acls.jdbc;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.Serializable;
import net.sf.ehcache.Cache;
import net.sf.ehcache.CacheManager;
import net.sf.ehcache.Ehcache;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.BeforeClass;
import org.junit.Test;
import org.springframework.security.Authentication;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.acls.MutableAcl;
import org.springframework.security.acls.domain.AclAuthorizationStrategy;
import org.springframework.security.acls.domain.AclAuthorizationStrategyImpl;
import org.springframework.security.acls.domain.AclImpl;
import org.springframework.security.acls.domain.ConsoleAuditLogger;
import org.springframework.security.acls.objectidentity.ObjectIdentity;
import org.springframework.security.acls.objectidentity.ObjectIdentityImpl;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.providers.TestingAuthenticationToken;
import org.springframework.security.util.FieldUtils;
/**
* Tests {@link EhCacheBasedAclCache}
*
* @author Andrei Stefan
*/
public class EhCacheBasedAclCacheTests {
//~ Instance fields ================================================================================================
private static CacheManager cacheManager;
//~ Methods ========================================================================================================
@BeforeClass
public static void initCacheManaer() {
cacheManager = new CacheManager();
// Use disk caching immediately (to test for serialization issue reported in SEC-527)
cacheManager.addCache(new Cache("ehcachebasedacltests", 0, true, false, 30, 30));
}
@AfterClass
public static void shutdownCacheManager() {
cacheManager.removalAll();
cacheManager.shutdown();
}
@After
public void clearContext() {
SecurityContextHolder.clearContext();
}
private Ehcache getCache() {
Ehcache cache = cacheManager.getCache("ehcachebasedacltests");
cache.removeAll();
return cache;
}
@Test(expected=IllegalArgumentException.class)
public void constructorRejectsNullParameters() throws Exception {
AclCache aclCache = new EhCacheBasedAclCache(null);
fail("It should have thrown IllegalArgumentException");
}
@Test
public void methodsRejectNullParameters() throws Exception {
Ehcache cache = new MockEhcache();
EhCacheBasedAclCache myCache = new EhCacheBasedAclCache(cache);
try {
Serializable id = null;
myCache.evictFromCache(id);
fail("It should have thrown IllegalArgumentException");
}
catch (IllegalArgumentException expected) {
assertTrue(true);
}
try {
ObjectIdentity obj = null;
myCache.evictFromCache(obj);
fail("It should have thrown IllegalArgumentException");
}
catch (IllegalArgumentException expected) {
assertTrue(true);
}
try {
Serializable id = null;
myCache.getFromCache(id);
fail("It should have thrown IllegalArgumentException");
}
catch (IllegalArgumentException expected) {
assertTrue(true);
}
try {
ObjectIdentity obj = null;
myCache.getFromCache(obj);
fail("It should have thrown IllegalArgumentException");
}
catch (IllegalArgumentException expected) {
assertTrue(true);
}
try {
MutableAcl acl = null;
myCache.putInCache(acl);
fail("It should have thrown IllegalArgumentException");
}
catch (IllegalArgumentException expected) {
assertTrue(true);
}
}
// SEC-527
@Test
public void testDiskSerializationOfMutableAclObjectInstance() throws Exception {
ObjectIdentity identity = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(100));
AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl(new GrantedAuthority[] {
new GrantedAuthorityImpl("ROLE_OWNERSHIP"), new GrantedAuthorityImpl("ROLE_AUDITING"),
new GrantedAuthorityImpl("ROLE_GENERAL") });
MutableAcl acl = new AclImpl(identity, new Long(1), aclAuthorizationStrategy, new ConsoleAuditLogger());
// Serialization test
File file = File.createTempFile("SEC_TEST", ".object");
FileOutputStream fos = new FileOutputStream(file);
ObjectOutputStream oos = new ObjectOutputStream(fos);
oos.writeObject(acl);
oos.close();
FileInputStream fis = new FileInputStream(file);
ObjectInputStream ois = new ObjectInputStream(fis);
MutableAcl retrieved = (MutableAcl) ois.readObject();
ois.close();
assertEquals(acl, retrieved);
Object retrieved1 = FieldUtils.getProtectedFieldValue("aclAuthorizationStrategy", retrieved);
assertEquals(null, retrieved1);
Object retrieved2 = FieldUtils.getProtectedFieldValue("auditLogger", retrieved);
assertEquals(null, retrieved2);
}
@Test
public void cacheOperationsAclWithoutParent() throws Exception {
Ehcache cache = getCache();
EhCacheBasedAclCache myCache = new EhCacheBasedAclCache(cache);
ObjectIdentity identity = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(100));
AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl(new GrantedAuthority[] {
new GrantedAuthorityImpl("ROLE_OWNERSHIP"), new GrantedAuthorityImpl("ROLE_AUDITING"),
new GrantedAuthorityImpl("ROLE_GENERAL") });
MutableAcl acl = new AclImpl(identity, new Long(1), aclAuthorizationStrategy, new ConsoleAuditLogger());
assertEquals(0, cache.getDiskStoreSize());
myCache.putInCache(acl);
assertEquals(cache.getSize(), 2);
assertEquals(2, cache.getDiskStoreSize());
assertTrue(cache.isElementOnDisk(acl.getObjectIdentity()));
assertFalse(cache.isElementInMemory(acl.getObjectIdentity()));
// Check we can get from cache the same objects we put in
assertEquals(myCache.getFromCache(new Long(1)), acl);
assertEquals(myCache.getFromCache(identity), acl);
// Put another object in cache
ObjectIdentity identity2 = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(101));
MutableAcl acl2 = new AclImpl(identity2, new Long(2), aclAuthorizationStrategy, new ConsoleAuditLogger());
myCache.putInCache(acl2);
assertEquals(cache.getSize(), 4);
assertEquals(4, cache.getDiskStoreSize());
// Try to evict an entry that doesn't exist
myCache.evictFromCache(new Long(3));
myCache.evictFromCache(new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(102)));
assertEquals(cache.getSize(), 4);
assertEquals(4, cache.getDiskStoreSize());
myCache.evictFromCache(new Long(1));
assertEquals(cache.getSize(), 2);
assertEquals(2, cache.getDiskStoreSize());
// Check the second object inserted
assertEquals(myCache.getFromCache(new Long(2)), acl2);
assertEquals(myCache.getFromCache(identity2), acl2);
myCache.evictFromCache(identity2);
assertEquals(cache.getSize(), 0);
}
@Test
public void cacheOperationsAclWithParent() throws Exception {
Ehcache cache = getCache();
EhCacheBasedAclCache myCache = new EhCacheBasedAclCache(cache);
Authentication auth = new TestingAuthenticationToken("user", "password", new GrantedAuthority[] {
new GrantedAuthorityImpl("ROLE_GENERAL") });
auth.setAuthenticated(true);
SecurityContextHolder.getContext().setAuthentication(auth);
ObjectIdentity identity = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(100));
ObjectIdentity identityParent = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(101));
AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl(new GrantedAuthority[] {
new GrantedAuthorityImpl("ROLE_OWNERSHIP"), new GrantedAuthorityImpl("ROLE_AUDITING"),
new GrantedAuthorityImpl("ROLE_GENERAL") });
MutableAcl acl = new AclImpl(identity, new Long(1), aclAuthorizationStrategy, new ConsoleAuditLogger());
MutableAcl parentAcl = new AclImpl(identityParent, new Long(2), aclAuthorizationStrategy, new ConsoleAuditLogger());
acl.setParent(parentAcl);
assertEquals(0, cache.getDiskStoreSize());
myCache.putInCache(acl);
assertEquals(cache.getSize(), 4);
assertEquals(4, cache.getDiskStoreSize());
assertTrue(cache.isElementOnDisk(acl.getObjectIdentity()));
assertFalse(cache.isElementInMemory(acl.getObjectIdentity()));
// Check we can get from cache the same objects we put in
assertEquals(myCache.getFromCache(new Long(1)), acl);
assertEquals(myCache.getFromCache(identity), acl);
assertEquals(myCache.getFromCache(new Long(2)), parentAcl);
assertEquals(myCache.getFromCache(identityParent), parentAcl);
}
//~ Inner Classes ==================================================================================================
private class MockEhcache extends Cache {
public MockEhcache() {
super("cache", 0, true, true, 0, 0);
}
}
}
@@ -1,415 +0,0 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.acls.jdbc;
import java.util.Map;
import org.springframework.security.Authentication;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.acls.AccessControlEntry;
import org.springframework.security.acls.Acl;
import org.springframework.security.acls.AlreadyExistsException;
import org.springframework.security.acls.ChildrenExistException;
import org.springframework.security.acls.MutableAcl;
import org.springframework.security.acls.NotFoundException;
import org.springframework.security.acls.Permission;
import org.springframework.security.acls.domain.BasePermission;
import org.springframework.security.acls.objectidentity.ObjectIdentity;
import org.springframework.security.acls.objectidentity.ObjectIdentityImpl;
import org.springframework.security.acls.sid.PrincipalSid;
import org.springframework.security.acls.sid.Sid;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.providers.TestingAuthenticationToken;
import org.springframework.test.AbstractTransactionalDataSourceSpringContextTests;
/**
* Integration tests the ACL system using an in-memory database.
*
* @author Ben Alex
* @author Andrei Stefan
* @version $Id:JdbcAclServiceTests.java 1754 2006-11-17 02:01:21Z benalex $
*/
public class JdbcAclServiceTests extends AbstractTransactionalDataSourceSpringContextTests {
//~ Constant fields ================================================================================================
public static final String SELECT_ALL_CLASSES = "SELECT * FROM acl_class WHERE class = ?";
public static final String SELECT_ALL_OBJECT_IDENTITIES = "SELECT * FROM acl_object_identity";
public static final String SELECT_OBJECT_IDENTITY = "SELECT * FROM acl_object_identity WHERE object_id_identity = ?";
public static final String SELECT_ACL_ENTRY = "SELECT * FROM acl_entry, acl_object_identity WHERE " +
"acl_object_identity.id = acl_entry.acl_object_identity " +
"AND acl_object_identity.object_id_identity <= ?";
//~ Instance fields ================================================================================================
private JdbcMutableAclService jdbcMutableAclService;
private AclCache aclCache;
private LookupStrategy lookupStrategy;
//~ Methods ========================================================================================================
protected String[] getConfigLocations() {
return new String[] {"classpath:org/springframework/security/acls/jdbc/applicationContext-test.xml"};
}
public void setJdbcMutableAclService(JdbcMutableAclService jdbcAclService) {
this.jdbcMutableAclService = jdbcAclService;
}
public void setAclCache(AclCache aclCache) {
this.aclCache = aclCache;
}
public void setLookupStrategy(LookupStrategy lookupStrategy) {
this.lookupStrategy = lookupStrategy;
}
protected void onTearDown() throws Exception {
super.onTearDown();
SecurityContextHolder.clearContext();
}
public void testLifecycle() {
setComplete();
Authentication auth = new TestingAuthenticationToken("ben", "ignored",
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ADMINISTRATOR")});
auth.setAuthenticated(true);
SecurityContextHolder.getContext().setAuthentication(auth);
ObjectIdentity topParentOid = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(100));
ObjectIdentity middleParentOid = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(101));
ObjectIdentity childOid = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(102));
MutableAcl topParent = jdbcMutableAclService.createAcl(topParentOid);
MutableAcl middleParent = jdbcMutableAclService.createAcl(middleParentOid);
MutableAcl child = jdbcMutableAclService.createAcl(childOid);
// Specify the inheritence hierarchy
middleParent.setParent(topParent);
child.setParent(middleParent);
// Now let's add a couple of permissions
topParent.insertAce(0, BasePermission.READ, new PrincipalSid(auth), true);
topParent.insertAce(1, BasePermission.WRITE, new PrincipalSid(auth), false);
middleParent.insertAce(0, BasePermission.DELETE, new PrincipalSid(auth), true);
child.insertAce(0, BasePermission.DELETE, new PrincipalSid(auth), false);
// Explictly save the changed ACL
jdbcMutableAclService.updateAcl(topParent);
jdbcMutableAclService.updateAcl(middleParent);
jdbcMutableAclService.updateAcl(child);
// Let's check if we can read them back correctly
Map map = jdbcMutableAclService.readAclsById(new ObjectIdentity[] {topParentOid, middleParentOid, childOid});
assertEquals(3, map.size());
// Replace our current objects with their retrieved versions
topParent = (MutableAcl) map.get(topParentOid);
middleParent = (MutableAcl) map.get(middleParentOid);
child = (MutableAcl) map.get(childOid);
// Check the retrieved versions has IDs
assertNotNull(topParent.getId());
assertNotNull(middleParent.getId());
assertNotNull(child.getId());
// Check their parents were correctly persisted
assertNull(topParent.getParentAcl());
assertEquals(topParentOid, middleParent.getParentAcl().getObjectIdentity());
assertEquals(middleParentOid, child.getParentAcl().getObjectIdentity());
// Check their ACEs were correctly persisted
assertEquals(2, topParent.getEntries().length);
assertEquals(1, middleParent.getEntries().length);
assertEquals(1, child.getEntries().length);
// Check the retrieved rights are correct
assertTrue(topParent.isGranted(new Permission[] {BasePermission.READ}, new Sid[] {new PrincipalSid(auth)}, false));
assertFalse(topParent.isGranted(new Permission[] {BasePermission.WRITE}, new Sid[] {new PrincipalSid(auth)}, false));
assertTrue(middleParent.isGranted(new Permission[] {BasePermission.DELETE}, new Sid[] {new PrincipalSid(auth)}, false));
assertFalse(child.isGranted(new Permission[] {BasePermission.DELETE}, new Sid[] {new PrincipalSid(auth)}, false));
try {
child.isGranted(new Permission[] {BasePermission.ADMINISTRATION}, new Sid[] {new PrincipalSid(auth)}, false);
fail("Should have thrown NotFoundException");
} catch (NotFoundException expected) {
assertTrue(true);
}
// Now check the inherited rights (when not explicitly overridden) also look OK
assertTrue(child.isGranted(new Permission[] {BasePermission.READ}, new Sid[] {new PrincipalSid(auth)}, false));
assertFalse(child.isGranted(new Permission[] {BasePermission.WRITE}, new Sid[] {new PrincipalSid(auth)}, false));
assertFalse(child.isGranted(new Permission[] {BasePermission.DELETE}, new Sid[] {new PrincipalSid(auth)}, false));
// Next change the child so it doesn't inherit permissions from above
child.setEntriesInheriting(false);
jdbcMutableAclService.updateAcl(child);
child = (MutableAcl) jdbcMutableAclService.readAclById(childOid);
assertFalse(child.isEntriesInheriting());
// Check the child permissions no longer inherit
assertFalse(child.isGranted(new Permission[] {BasePermission.DELETE}, new Sid[] {new PrincipalSid(auth)}, true));
try {
child.isGranted(new Permission[] {BasePermission.READ}, new Sid[] {new PrincipalSid(auth)}, true);
fail("Should have thrown NotFoundException");
} catch (NotFoundException expected) {
assertTrue(true);
}
try {
child.isGranted(new Permission[] {BasePermission.WRITE}, new Sid[] {new PrincipalSid(auth)}, true);
fail("Should have thrown NotFoundException");
} catch (NotFoundException expected) {
assertTrue(true);
}
// Let's add an identical permission to the child, but it'll appear AFTER the current permission, so has no impact
child.insertAce(1, BasePermission.DELETE, new PrincipalSid(auth), true);
// Let's also add another permission to the child
child.insertAce(2, BasePermission.CREATE, new PrincipalSid(auth), true);
// Save the changed child
jdbcMutableAclService.updateAcl(child);
child = (MutableAcl) jdbcMutableAclService.readAclById(childOid);
assertEquals(3, child.getEntries().length);
// Output permissions
for (int i = 0; i < child.getEntries().length; i++) {
System.out.println(child.getEntries()[i]);
}
// Check the permissions are as they should be
assertFalse(child.isGranted(new Permission[] {BasePermission.DELETE}, new Sid[] {new PrincipalSid(auth)}, true)); // as earlier permission overrode
assertTrue(child.isGranted(new Permission[] {BasePermission.CREATE}, new Sid[] {new PrincipalSid(auth)}, true));
// Now check the first ACE (index 0) really is DELETE for our Sid and is non-granting
AccessControlEntry entry = child.getEntries()[0];
assertEquals(BasePermission.DELETE.getMask(), entry.getPermission().getMask());
assertEquals(new PrincipalSid(auth), entry.getSid());
assertFalse(entry.isGranting());
assertNotNull(entry.getId());
// Now delete that first ACE
child.deleteAce(0);
// Save and check it worked
child = jdbcMutableAclService.updateAcl(child);
assertEquals(2, child.getEntries().length);
assertTrue(child.isGranted(new Permission[] {BasePermission.DELETE}, new Sid[] {new PrincipalSid(auth)}, false));
SecurityContextHolder.clearContext();
}
/**
* Test method that demonstrates eviction failure from cache - SEC-676
*/
public void testDeleteAclAlsoDeletesChildren() throws Exception {
ObjectIdentity topParentOid = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(100));
ObjectIdentity middleParentOid = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(101));
ObjectIdentity childOid = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(102));
// Check the childOid really is a child of middleParentOid
Acl childAcl = jdbcMutableAclService.readAclById(childOid);
assertEquals(middleParentOid, childAcl.getParentAcl().getObjectIdentity());
// Delete the mid-parent and test if the child was deleted, as well
jdbcMutableAclService.deleteAcl(middleParentOid, true);
try {
Acl acl = jdbcMutableAclService.readAclById(middleParentOid);
fail("It should have thrown NotFoundException");
}
catch (NotFoundException expected) {
assertTrue(true);
}
try {
Acl acl = jdbcMutableAclService.readAclById(childOid);
fail("It should have thrown NotFoundException");
}
catch (NotFoundException expected) {
assertTrue(true);
}
Acl acl = jdbcMutableAclService.readAclById(topParentOid);
assertNotNull(acl);
assertEquals(((MutableAcl) acl).getObjectIdentity(), topParentOid);
}
public void testConstructorRejectsNullParameters() throws Exception {
try {
JdbcAclService service = new JdbcMutableAclService(null, lookupStrategy, aclCache);
fail("It should have thrown IllegalArgumentException");
}
catch (IllegalArgumentException expected) {
assertTrue(true);
}
try {
JdbcAclService service = new JdbcMutableAclService(this.getJdbcTemplate().getDataSource(), null, aclCache);
fail("It should have thrown IllegalArgumentException");
}
catch (IllegalArgumentException expected) {
assertTrue(true);
}
try {
JdbcAclService service = new JdbcMutableAclService(this.getJdbcTemplate().getDataSource(), lookupStrategy, null);
fail("It should have thrown IllegalArgumentException");
}
catch (IllegalArgumentException expected) {
assertTrue(true);
}
}
public void testCreateAclRejectsNullParameter() throws Exception {
try {
jdbcMutableAclService.createAcl(null);
fail("It should have thrown IllegalArgumentException");
}
catch (IllegalArgumentException expected) {
assertTrue(true);
}
}
public void testCreateAclForADuplicateDomainObject() throws Exception {
ObjectIdentity duplicateOid = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(100));
// Try to add the same object second time
try {
jdbcMutableAclService.createAcl(duplicateOid);
fail("It should have thrown AlreadyExistsException");
}
catch (AlreadyExistsException expected) {
assertTrue(true);
}
}
public void testDeleteAclRejectsNullParameters() throws Exception {
try {
jdbcMutableAclService.deleteAcl(null, true);
fail("It should have thrown IllegalArgumentException");
}
catch (IllegalArgumentException expected) {
assertTrue(true);
}
}
public void testDeleteAclWithChildrenThrowsException() throws Exception {
try {
ObjectIdentity topParentOid = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(100));
jdbcMutableAclService.setForeignKeysInDatabase(false); // switch on FK checking in the class, not database
jdbcMutableAclService.deleteAcl(topParentOid, false);
fail("It should have thrown ChildrenExistException");
}
catch (ChildrenExistException expected) {
assertTrue(true);
} finally {
jdbcMutableAclService.setForeignKeysInDatabase(true); // restore to the default
}
}
public void testDeleteAclRemovesRowsFromDatabase() throws Exception {
Authentication auth = new TestingAuthenticationToken("ben", "ignored",
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ADMINISTRATOR")});
auth.setAuthenticated(true);
SecurityContextHolder.getContext().setAuthentication(auth);
ObjectIdentity topParentOid = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(100));
ObjectIdentity middleParentOid = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(101));
ObjectIdentity childOid = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(102));
// Remove the child and check all related database rows were removed accordingly
jdbcMutableAclService.deleteAcl(childOid, false);
assertEquals(1, getJdbcTemplate().queryForList(SELECT_ALL_CLASSES, new Object[] {"org.springframework.security.TargetObject"} ).size());
assertEquals(0, getJdbcTemplate().queryForList(SELECT_OBJECT_IDENTITY, new Object[] {new Long(102)}).size());
assertEquals(2, getJdbcTemplate().queryForList(SELECT_ALL_OBJECT_IDENTITIES).size());
assertEquals(3, getJdbcTemplate().queryForList(SELECT_ACL_ENTRY, new Object[] {new Long(103)} ).size());
// Check the cache
assertNull(aclCache.getFromCache(childOid));
assertNull(aclCache.getFromCache(new Long(102)));
}
/**
* SEC-655
*/
/* public void testClearChildrenFromCacheWhenParentIsUpdated() throws Exception {
Authentication auth = new TestingAuthenticationToken("ben", "ignored",
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ADMINISTRATOR")});
auth.setAuthenticated(true);
SecurityContextHolder.getContext().setAuthentication(auth);
ObjectIdentity parentOid = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(104));
ObjectIdentity childOid = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(105));
MutableAcl parent = jdbcMutableAclService.createAcl(parentOid);
MutableAcl child = jdbcMutableAclService.createAcl(childOid);
child.setParent(parent);
jdbcMutableAclService.updateAcl(child);
parent = (AclImpl) jdbcMutableAclService.readAclById(parentOid);
parent.insertAce(null, BasePermission.READ, new PrincipalSid("ben"), true);
jdbcMutableAclService.updateAcl(parent);
parent = (AclImpl) jdbcMutableAclService.readAclById(parentOid);
parent.insertAce(null, BasePermission.READ, new PrincipalSid("scott"), true);
jdbcMutableAclService.updateAcl(parent);
child = (MutableAcl) jdbcMutableAclService.readAclById(childOid);
parent = (MutableAcl) child.getParentAcl();
assertEquals("Fails because child has a stale reference to its parent", 2, parent.getEntries().length);
assertEquals(1, parent.getEntries()[0].getPermission().getMask());
assertEquals(new PrincipalSid("ben"), parent.getEntries()[0].getSid());
assertEquals(1, parent.getEntries()[1].getPermission().getMask());
assertEquals(new PrincipalSid("scott"), parent.getEntries()[1].getSid());
}*/
/* public void testCumulativePermissions() {
setComplete();
Authentication auth = new TestingAuthenticationToken("ben", "ignored", new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ADMINISTRATOR")});
auth.setAuthenticated(true);
SecurityContextHolder.getContext().setAuthentication(auth);
ObjectIdentity topParentOid = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(110));
MutableAcl topParent = jdbcMutableAclService.createAcl(topParentOid);
// Add an ACE permission entry
CumulativePermission cm = new CumulativePermission().set(BasePermission.READ).set(BasePermission.ADMINISTRATION);
assertEquals(17, cm.getMask());
topParent.insertAce(null, cm, new PrincipalSid(auth), true);
assertEquals(1, topParent.getEntries().length);
// Explictly save the changed ACL
topParent = jdbcMutableAclService.updateAcl(topParent);
// Check the mask was retrieved correctly
assertEquals(17, topParent.getEntries()[0].getPermission().getMask());
assertTrue(topParent.isGranted(new Permission[] {cm}, new Sid[] {new PrincipalSid(auth)}, true));
SecurityContextHolder.clearContext();
}
*/
}
@@ -1,37 +0,0 @@
package org.springframework.security.acls.objectidentity;
import junit.framework.TestCase;
/**
* Tests for {@link ObjectIdentityRetrievalStrategyImpl}
*
* @author Andrei Stefan
*/
public class ObjectIdentityRetrievalStrategyImplTests extends TestCase {
//~ Methods ========================================================================================================
public void testObjectIdentityCreation() throws Exception {
MockIdDomainObject domain = new MockIdDomainObject();
domain.setId(new Integer(1));
ObjectIdentityRetrievalStrategy retStrategy = new ObjectIdentityRetrievalStrategyImpl();
ObjectIdentity identity = retStrategy.getObjectIdentity(domain);
assertNotNull(identity);
assertEquals(identity, new ObjectIdentityImpl(domain));
}
//~ Inner Classes ==================================================================================================
private class MockIdDomainObject {
private Object id;
public Object getId() {
return id;
}
public void setId(Object id) {
this.id = id;
}
}
}
@@ -1,204 +0,0 @@
package org.springframework.security.acls.objectidentity;
import junit.framework.Assert;
import junit.framework.TestCase;
import org.springframework.security.acls.IdentityUnavailableException;
/**
* Tests for {@link ObjectIdentityImpl}.
*
* @author Andrei Stefan
*/
public class ObjectIdentityTests extends TestCase {
//~ Methods ========================================================================================================
public void testConstructorsRequiredFields() throws Exception {
// Check one-argument constructor required field
try {
ObjectIdentity obj = new ObjectIdentityImpl(null);
Assert.fail("It should have thrown IllegalArgumentException");
}
catch (IllegalArgumentException expected) {
Assert.assertTrue(true);
}
// Check String-Serializable constructor required field
try {
ObjectIdentity obj = new ObjectIdentityImpl("", new Long(1));
Assert.fail("It should have thrown IllegalArgumentException");
}
catch (IllegalArgumentException expected) {
Assert.assertTrue(true);
}
// Check Serializable parameter is not null
try {
ObjectIdentity obj = new ObjectIdentityImpl(
"org.springframework.security.acls.objectidentity.ObjectIdentityTests$MockIdDomainObject", null);
Assert.fail("It should have thrown IllegalArgumentException");
}
catch (IllegalArgumentException expected) {
Assert.assertTrue(true);
}
// The correct way of using String-Serializable constructor
try {
ObjectIdentity obj = new ObjectIdentityImpl(
"org.springframework.security.acls.objectidentity.ObjectIdentityTests$MockIdDomainObject",
new Long(1));
Assert.assertTrue(true);
}
catch (IllegalArgumentException notExpected) {
Assert.fail("It shouldn't have thrown IllegalArgumentException");
}
// Check the Class-Serializable constructor
try {
ObjectIdentity obj = new ObjectIdentityImpl(MockIdDomainObject.class, null);
Assert.fail("It should have thrown IllegalArgumentException");
}
catch (IllegalArgumentException expected) {
Assert.assertTrue(true);
}
}
public void testGetIdMethodConstraints() throws Exception {
// Check the getId() method is present
try {
ObjectIdentity obj = new ObjectIdentityImpl("A_STRING_OBJECT");
Assert.fail("It should have thrown IdentityUnavailableException");
}
catch (IdentityUnavailableException expected) {
Assert.assertTrue(true);
}
// getId() should return a non-null value
MockIdDomainObject mockId = new MockIdDomainObject();
try {
ObjectIdentity obj = new ObjectIdentityImpl(mockId);
Assert.fail("It should have thrown IllegalArgumentException");
}
catch (IllegalArgumentException expected) {
Assert.assertTrue(true);
}
// getId() should return a Serializable object
mockId.setId(new MockIdDomainObject());
try {
ObjectIdentity obj = new ObjectIdentityImpl(mockId);
Assert.fail("It should have thrown IllegalArgumentException");
}
catch (IllegalArgumentException expected) {
Assert.assertTrue(true);
}
// getId() should return a Serializable object
mockId.setId(new Long(100));
try {
ObjectIdentity obj = new ObjectIdentityImpl(mockId);
Assert.assertTrue(true);
}
catch (IllegalArgumentException expected) {
Assert.fail("It shouldn't have thrown IllegalArgumentException");
}
}
public void testConstructorInvalidClassParameter() throws Exception {
try {
ObjectIdentity obj = new ObjectIdentityImpl("not.a.Class", new Long(1));
}
catch (IllegalStateException expected) {
return;
}
Assert.fail("It should have thrown IllegalStateException");
}
public void testEquals() throws Exception {
ObjectIdentity obj = new ObjectIdentityImpl(
"org.springframework.security.acls.objectidentity.ObjectIdentityTests$MockIdDomainObject", new Long(1));
MockIdDomainObject mockObj = new MockIdDomainObject();
mockObj.setId(new Long(1));
String string = "SOME_STRING";
Assert.assertNotSame(obj, string);
Assert.assertTrue(!obj.equals(null));
Assert.assertTrue(!obj.equals("DIFFERENT_OBJECT_TYPE"));
Assert.assertTrue(!obj
.equals(new ObjectIdentityImpl(
"org.springframework.security.acls.objectidentity.ObjectIdentityTests$MockIdDomainObject",
new Long(2))));
Assert.assertTrue(!obj.equals(new ObjectIdentityImpl(
"org.springframework.security.acls.objectidentity.ObjectIdentityTests$MockOtherIdDomainObject",
new Long(1))));
Assert.assertEquals(
new ObjectIdentityImpl(
"org.springframework.security.acls.objectidentity.ObjectIdentityTests$MockIdDomainObject",
new Long(1)), obj);
Assert.assertTrue(new ObjectIdentityImpl(
"org.springframework.security.acls.objectidentity.ObjectIdentityTests$MockIdDomainObject", new Long(1))
.equals(obj));
Assert.assertTrue(new ObjectIdentityImpl(
"org.springframework.security.acls.objectidentity.ObjectIdentityTests$MockIdDomainObject", new Long(1))
.equals(new ObjectIdentityImpl(mockObj)));
}
public void testHashCode() throws Exception {
ObjectIdentity obj = new ObjectIdentityImpl(
"org.springframework.security.acls.objectidentity.ObjectIdentityTests$MockIdDomainObject", new Long(1));
Assert.assertEquals(new ObjectIdentityImpl(
"org.springframework.security.acls.objectidentity.ObjectIdentityTests$MockIdDomainObject", new Long(1))
.hashCode(), obj.hashCode());
Assert.assertTrue(new ObjectIdentityImpl(
"org.springframework.security.acls.objectidentity.ObjectIdentityTests$MockOtherIdDomainObject",
new Long(1)).hashCode() != obj.hashCode());
Assert.assertTrue(new ObjectIdentityImpl(
"org.springframework.security.acls.objectidentity.ObjectIdentityTests$MockIdDomainObject", new Long(2))
.hashCode() != obj.hashCode());
}
/* public void testHashCodeDifferentSerializableTypes() throws Exception {
ObjectIdentity obj = new ObjectIdentityImpl(
"org.springframework.security.acls.objectidentity.ObjectIdentityTests$MockIdDomainObject", new Long(1));
Assert.assertEquals(new ObjectIdentityImpl(
"org.springframework.security.acls.objectidentity.ObjectIdentityTests$MockIdDomainObject", "1")
.hashCode(), obj.hashCode());
Assert.assertEquals(new ObjectIdentityImpl(
"org.springframework.security.acls.objectidentity.ObjectIdentityTests$MockIdDomainObject",
new Integer(1)).hashCode(), obj.hashCode());
}*/
public void testGetters() throws Exception {
ObjectIdentity obj = new ObjectIdentityImpl(
"org.springframework.security.acls.objectidentity.ObjectIdentityTests$MockIdDomainObject", new Long(1));
Assert.assertEquals(new Long(1), obj.getIdentifier());
Assert.assertEquals(MockIdDomainObject.class, obj.getJavaType());
}
//~ Inner Classes ==================================================================================================
private class MockIdDomainObject {
private Object id;
public Object getId() {
return id;
}
public void setId(Object id) {
this.id = id;
}
}
private class MockOtherIdDomainObject {
private Object id;
public Object getId() {
return id;
}
public void setId(Object id) {
this.id = id;
}
}
}
@@ -1,40 +0,0 @@
package org.springframework.security.acls.sid;
import junit.framework.Assert;
import junit.framework.TestCase;
import org.springframework.security.Authentication;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.providers.TestingAuthenticationToken;
/**
* Tests for {@link SidRetrievalStrategyImpl}
*
* @author Andrei Stefan
*/
public class SidRetrievalStrategyTests extends TestCase {
//~ Methods ========================================================================================================
public void testSidsRetrieval() throws Exception {
Authentication authentication = new TestingAuthenticationToken("scott", "password", new GrantedAuthority[] {
new GrantedAuthorityImpl("ROLE_1"), new GrantedAuthorityImpl("ROLE_2"), new GrantedAuthorityImpl("ROLE_3") });
SidRetrievalStrategy retrStrategy = new SidRetrievalStrategyImpl();
Sid[] sids = retrStrategy.getSids(authentication);
assertNotNull(sids);
assertEquals(4, sids.length);
assertNotNull(sids[0]);
assertTrue(sids[0] instanceof PrincipalSid);
for (int i = 1; i < sids.length; i++) {
assertTrue(sids[i] instanceof GrantedAuthoritySid);
}
Assert.assertEquals("scott", ((PrincipalSid) sids[0]).getPrincipal());
Assert.assertEquals("ROLE_1", ((GrantedAuthoritySid) sids[1]).getGrantedAuthority());
Assert.assertEquals("ROLE_2", ((GrantedAuthoritySid) sids[2]).getGrantedAuthority());
Assert.assertEquals("ROLE_3", ((GrantedAuthoritySid) sids[3]).getGrantedAuthority());
}
}
@@ -1,191 +0,0 @@
package org.springframework.security.acls.sid;
import junit.framework.Assert;
import junit.framework.TestCase;
import org.springframework.security.Authentication;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.acls.sid.GrantedAuthoritySid;
import org.springframework.security.acls.sid.PrincipalSid;
import org.springframework.security.acls.sid.Sid;
import org.springframework.security.providers.TestingAuthenticationToken;
public class SidTests extends TestCase {
//~ Methods ========================================================================================================
public void testPrincipalSidConstructorsRequiredFields() throws Exception {
// Check one String-argument constructor
try {
String string = null;
Sid principalSid = new PrincipalSid(string);
Assert.fail("It should have thrown IllegalArgumentException");
}
catch (IllegalArgumentException expected) {
Assert.assertTrue(true);
}
try {
Sid principalSid = new PrincipalSid("");
Assert.fail("It should have thrown IllegalArgumentException");
}
catch (IllegalArgumentException expected) {
Assert.assertTrue(true);
}
try {
Sid principalSid = new PrincipalSid("johndoe");
Assert.assertTrue(true);
}
catch (IllegalArgumentException notExpected) {
Assert.fail("It shouldn't have thrown IllegalArgumentException");
}
// Check one Authentication-argument constructor
try {
Authentication authentication = null;
Sid principalSid = new PrincipalSid(authentication);
Assert.fail("It should have thrown IllegalArgumentException");
}
catch (IllegalArgumentException expected) {
Assert.assertTrue(true);
}
try {
Authentication authentication = new TestingAuthenticationToken(null, "password", null);
Sid principalSid = new PrincipalSid(authentication);
Assert.fail("It should have thrown IllegalArgumentException");
}
catch (IllegalArgumentException expected) {
Assert.assertTrue(true);
}
try {
Authentication authentication = new TestingAuthenticationToken("johndoe", "password", null);
Sid principalSid = new PrincipalSid(authentication);
Assert.assertTrue(true);
}
catch (IllegalArgumentException notExpected) {
Assert.fail("It shouldn't have thrown IllegalArgumentException");
}
}
public void testGrantedAuthoritySidConstructorsRequiredFields() throws Exception {
// Check one String-argument constructor
try {
String string = null;
Sid gaSid = new GrantedAuthoritySid(string);
Assert.fail("It should have thrown IllegalArgumentException");
}
catch (IllegalArgumentException expected) {
Assert.assertTrue(true);
}
try {
Sid gaSid = new GrantedAuthoritySid("");
Assert.fail("It should have thrown IllegalArgumentException");
}
catch (IllegalArgumentException expected) {
Assert.assertTrue(true);
}
try {
Sid gaSid = new GrantedAuthoritySid("ROLE_TEST");
Assert.assertTrue(true);
}
catch (IllegalArgumentException notExpected) {
Assert.fail("It shouldn't have thrown IllegalArgumentException");
}
// Check one GrantedAuthority-argument constructor
try {
GrantedAuthority ga = null;
Sid gaSid = new GrantedAuthoritySid(ga);
Assert.fail("It should have thrown IllegalArgumentException");
}
catch (IllegalArgumentException expected) {
Assert.assertTrue(true);
}
try {
GrantedAuthority ga = new GrantedAuthorityImpl(null);
Sid gaSid = new GrantedAuthoritySid(ga);
Assert.fail("It should have thrown IllegalArgumentException");
}
catch (IllegalArgumentException expected) {
Assert.assertTrue(true);
}
try {
GrantedAuthority ga = new GrantedAuthorityImpl("ROLE_TEST");
Sid gaSid = new GrantedAuthoritySid(ga);
Assert.assertTrue(true);
}
catch (IllegalArgumentException notExpected) {
Assert.fail("It shouldn't have thrown IllegalArgumentException");
}
}
public void testPrincipalSidEquals() throws Exception {
Authentication authentication = new TestingAuthenticationToken("johndoe", "password", null);
Sid principalSid = new PrincipalSid(authentication);
Assert.assertFalse(principalSid.equals(null));
Assert.assertFalse(principalSid.equals("DIFFERENT_TYPE_OBJECT"));
Assert.assertTrue(principalSid.equals(principalSid));
Assert.assertTrue(principalSid.equals(new PrincipalSid(authentication)));
Assert.assertTrue(principalSid.equals(new PrincipalSid(new TestingAuthenticationToken("johndoe", null, null))));
Assert.assertFalse(principalSid.equals(new PrincipalSid(new TestingAuthenticationToken("scott", null, null))));
Assert.assertTrue(principalSid.equals(new PrincipalSid("johndoe")));
Assert.assertFalse(principalSid.equals(new PrincipalSid("scott")));
}
public void testGrantedAuthoritySidEquals() throws Exception {
GrantedAuthority ga = new GrantedAuthorityImpl("ROLE_TEST");
Sid gaSid = new GrantedAuthoritySid(ga);
Assert.assertFalse(gaSid.equals(null));
Assert.assertFalse(gaSid.equals("DIFFERENT_TYPE_OBJECT"));
Assert.assertTrue(gaSid.equals(gaSid));
Assert.assertTrue(gaSid.equals(new GrantedAuthoritySid(ga)));
Assert.assertTrue(gaSid.equals(new GrantedAuthoritySid(new GrantedAuthorityImpl("ROLE_TEST"))));
Assert.assertFalse(gaSid.equals(new GrantedAuthoritySid(new GrantedAuthorityImpl("ROLE_NOT_EQUAL"))));
Assert.assertTrue(gaSid.equals(new GrantedAuthoritySid("ROLE_TEST")));
Assert.assertFalse(gaSid.equals(new GrantedAuthoritySid("ROLE_NOT_EQUAL")));
}
public void testPrincipalSidHashCode() throws Exception {
Authentication authentication = new TestingAuthenticationToken("johndoe", "password", null);
Sid principalSid = new PrincipalSid(authentication);
Assert.assertTrue(principalSid.hashCode() == new String("johndoe").hashCode());
Assert.assertTrue(principalSid.hashCode() == new PrincipalSid("johndoe").hashCode());
Assert.assertTrue(principalSid.hashCode() != new PrincipalSid("scott").hashCode());
Assert.assertTrue(principalSid.hashCode() != new PrincipalSid(new TestingAuthenticationToken("scott", "password",
null)).hashCode());
}
public void testGrantedAuthoritySidHashCode() throws Exception {
GrantedAuthority ga = new GrantedAuthorityImpl("ROLE_TEST");
Sid gaSid = new GrantedAuthoritySid(ga);
Assert.assertTrue(gaSid.hashCode() == new String("ROLE_TEST").hashCode());
Assert.assertTrue(gaSid.hashCode() == new GrantedAuthoritySid("ROLE_TEST").hashCode());
Assert.assertTrue(gaSid.hashCode() != new GrantedAuthoritySid("ROLE_TEST_2").hashCode());
Assert.assertTrue(gaSid.hashCode() != new GrantedAuthoritySid(new GrantedAuthorityImpl("ROLE_TEST_2")).hashCode());
}
public void testGetters() throws Exception {
Authentication authentication = new TestingAuthenticationToken("johndoe", "password", null);
PrincipalSid principalSid = new PrincipalSid(authentication);
GrantedAuthority ga = new GrantedAuthorityImpl("ROLE_TEST");
GrantedAuthoritySid gaSid = new GrantedAuthoritySid(ga);
Assert.assertTrue("johndoe".equals(principalSid.getPrincipal()));
Assert.assertFalse("scott".equals(principalSid.getPrincipal()));
Assert.assertTrue("ROLE_TEST".equals(gaSid.getGrantedAuthority()));
Assert.assertFalse("ROLE_TEST2".equals(gaSid.getGrantedAuthority()));
}
}
+5
View File
@@ -0,0 +1,5 @@
target
.settings
.classpath
.project
.wtpmodules
+26
View File
@@ -0,0 +1,26 @@
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.acegisecurity</groupId>
<artifactId>acegi-security-adapters</artifactId>
<version>1.0.7</version>
</parent>
<artifactId>acegi-security-cas</artifactId>
<name>Acegi Security System for Spring - CAS adapter</name>
<dependencies>
<dependency>
<groupId>cas</groupId>
<artifactId>cas-server</artifactId>
<version>3.0.4</version>
</dependency>
<dependency>
<groupId>cas</groupId>
<artifactId>cas</artifactId>
<version>2.0.12</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
</dependency>
</dependencies>
</project>
@@ -0,0 +1,102 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.acegisecurity.adapters.cas;
import org.acegisecurity.Authentication;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.AuthenticationManager;
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import javax.servlet.ServletRequest;
/**
* Provides actual CAS authentication by delegation to an <code>AuthenticationManager</code>.<P>Do not use this
* class directly. Instead configure CAS to use the {@link CasPasswordHandlerProxy}.</p>
*
* @author Ben Alex
* @version $Id$
*/
public final class CasPasswordHandler implements InitializingBean {
//~ Static fields/initializers =====================================================================================
private static final Log logger = LogFactory.getLog(CasPasswordHandler.class);
//~ Instance fields ================================================================================================
private AuthenticationManager authenticationManager;
//~ Methods ========================================================================================================
public void afterPropertiesSet() throws Exception {
if (this.authenticationManager == null) {
throw new IllegalArgumentException("An AuthenticationManager is required");
}
}
/**
* Called by <code>CasPasswordHandlerProxy</code> for individual authentication requests.<P>Delegates to
* the configured <code>AuthenticationManager</code>.</p>
*
* @param servletRequest as provided by CAS
* @param username provided to CAS
* @param password provided to CAS
*
* @return whether authentication was successful or not
*/
public boolean authenticate(ServletRequest servletRequest, String username, String password) {
if ((username == null) || "".equals(username)) {
return false;
}
if (password == null) {
password = "";
}
Authentication request = new UsernamePasswordAuthenticationToken(username.toString(), password.toString());
Authentication response = null;
try {
response = authenticationManager.authenticate(request);
} catch (AuthenticationException failed) {
if (logger.isDebugEnabled()) {
logger.debug("Authentication request for user: " + username + " failed: " + failed.toString());
}
return false;
}
if (logger.isDebugEnabled()) {
logger.debug("Authentication request for user: " + username + " successful");
}
return true;
}
public AuthenticationManager getAuthenticationManager() {
return authenticationManager;
}
public void setAuthenticationManager(AuthenticationManager authenticationManager) {
this.authenticationManager = authenticationManager;
}
}
@@ -0,0 +1,113 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.acegisecurity.adapters.cas;
import edu.yale.its.tp.cas.auth.PasswordHandler;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.context.ApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;
import java.util.Map;
import javax.servlet.ServletRequest;
import javax.servlet.http.HttpServletRequest;
/**
* Enables CAS to use the Acegi Security System for authentication.<P>This class works along with {@link
* CasPasswordHandler} to enable users to easily migrate from stand-alone Acegi Security System deployments to
* enterprise-wide CAS deployments.</p>
* <p>It should be noted that the Acegi Security System will operate as a CAS client irrespective of the
* <code>PasswordHandler</code> used on the CAS server. In other words, this class need <B>not</B> be used on the CAS
* server if not desired. It exists solely for the convenience of users wishing have CAS delegate to an Acegi Security
* System-based <code>AuthenticationManager</code>.</p>
* <p>This class works requires a properly configured <code>CasPasswordHandler</code>. On the first authentication
* request, the class will use Spring's {@link WebApplicationContextUtils#getWebApplicationContext(ServletContext sc)}
* method to obtain an <code>ApplicationContext</code> instance, inside which must be a configured
* <code>CasPasswordHandler</code> instance. The <code>CasPasswordHandlerProxy</code> will then delegate
* authentication requests to that instance.</p>
* <p>To configure CAS to use this class, edit CAS' <code>web.xml</code> and define the
* <code>edu.yale.its.tp.cas.authHandler</code> context parameter with the value
* <code>org.acegisecurity.adapters.cas.CasPasswordHandlerProxy</code>.</p>
*
* @author Ben Alex
* @version $Id$
*/
public class CasPasswordHandlerProxy implements PasswordHandler {
//~ Static fields/initializers =====================================================================================
private static final Log logger = LogFactory.getLog(CasPasswordHandlerProxy.class);
//~ Instance fields ================================================================================================
private ApplicationContext ctx;
private CasPasswordHandler handler;
//~ Methods ========================================================================================================
/**
* Called by CAS when authentication is required.<P>Delegates to the <code>CasPasswordHandler</code>.</p>
*
* @param request as provided by CAS
* @param username provided to CAS
* @param password provided to CAS
*
* @return whether authentication was successful or not
*
* @throws IllegalArgumentException if the application context does not contain a <code>CasPasswordHandler</code>
* or the <code>ServletRequest</code> was not of type <code>HttpServletRequest</code>
*/
public boolean authenticate(ServletRequest request, String username, String password) {
if (ctx == null) {
if (!(request instanceof HttpServletRequest)) {
throw new IllegalArgumentException("Can only process HttpServletRequest");
}
HttpServletRequest httpRequest = (HttpServletRequest) request;
ctx = this.getContext(httpRequest);
}
if (handler == null) {
Map beans = ctx.getBeansOfType(CasPasswordHandler.class, true, true);
if (beans.size() == 0) {
throw new IllegalArgumentException(
"Bean context must contain at least one bean of type CasPasswordHandler");
}
String beanName = (String) beans.keySet().iterator().next();
handler = (CasPasswordHandler) beans.get(beanName);
}
return handler.authenticate(request, username, password);
}
/**
* Allows test cases to override where application context obtained from.
*
* @param httpRequest which can be used to find the <code>ServletContext</code>
*
* @return the Spring application context
*/
protected ApplicationContext getContext(HttpServletRequest httpRequest) {
return WebApplicationContextUtils.getRequiredWebApplicationContext(httpRequest.getSession().getServletContext());
}
}
@@ -0,0 +1,7 @@
<html>
<body>
Adapter to Yale Central Authentication Service (CAS).
<p>
</body>
</html>
@@ -0,0 +1,91 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.acegisecurity.adapters.cas3;
import org.acegisecurity.Authentication;
import org.acegisecurity.AuthenticationManager;
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.jasig.cas.authentication.handler.AuthenticationException;
import org.jasig.cas.authentication.handler.AuthenticationHandler;
import org.jasig.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler;
import org.jasig.cas.authentication.principal.UsernamePasswordCredentials;
import org.springframework.util.Assert;
/**
* <p>Provides JA-SIG CAS 3 authentication by delegating to the Acegi <code>AuthenticationManager</code>.</p>
* <p>This class would be configured in the <code>webapp/WEB-INF/deployerConfigContext.xml</code> file in the CAS
* distribution.</p>
*
* @author Scott Battaglia
* @version $Id$
*
* @see AuthenticationHandler
* @see AuthenticationManager
*/
public final class CasAuthenticationHandler extends AbstractUsernamePasswordAuthenticationHandler {
//~ Instance fields ================================================================================================
private AuthenticationManager authenticationManager;
private Log log = LogFactory.getLog(this.getClass());
//~ Methods ========================================================================================================
protected void afterPropertiesSetInternal() throws Exception {
Assert.notNull(this.authenticationManager, "authenticationManager cannot be null.");
}
protected boolean authenticateUsernamePasswordInternal(final UsernamePasswordCredentials credentials)
throws AuthenticationException {
final Authentication authenticationRequest = new UsernamePasswordAuthenticationToken(credentials.getUsername(),
credentials.getPassword());
if (log.isDebugEnabled()) {
log.debug("Attempting to authenticate for user: " + credentials.getUsername());
}
try {
this.authenticationManager.authenticate(authenticationRequest);
} catch (final org.acegisecurity.AuthenticationException e) {
if (log.isDebugEnabled()) {
log.debug("Authentication request for " + credentials.getUsername() + " failed: " + e.toString(), e);
}
return false;
}
if (log.isDebugEnabled()) {
log.debug("Authentication request for " + credentials.getUsername() + " successful.");
}
return true;
}
/**
* Method to set the Acegi <code>AuthenticationManager</code> to delegate to.
*
* @param authenticationManager the Acegi AuthenticationManager that knows how to authenticate users.
*/
public void setAuthenticationManager(final AuthenticationManager authenticationManager) {
this.authenticationManager = authenticationManager;
}
}
@@ -0,0 +1,53 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
<!--
* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* Demonstration of the applicationContext.xml that should be placed in
* CAS' WEB-INF directory. Note the CasPasswordHandler bean.
*
* $Id$
-->
<beans>
<!-- Data access object which stores authentication information -->
<bean id="inMemoryDaoImpl" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
<property name="userMap">
<value>
marissa=koala,ROLES_IGNORED_BY_CAS
dianne=emu,ROLES_IGNORED_BY_CAS
scott=wombat,ROLES_IGNORED_BY_CAS
peter=opal,disabled,ROLES_IGNORED_BY_CAS
</value>
</property>
</bean>
<bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
<property name="userDetailsService"><ref bean="inMemoryDaoImpl"/></property>
</bean>
<bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
<property name="providers">
<list>
<ref bean="daoAuthenticationProvider"/>
</list>
</property>
</bean>
<bean id="casPasswordHandler" class="org.acegisecurity.adapters.cas.CasPasswordHandler">
<property name="authenticationManager"><ref bean="authenticationManager"/></property>
</bean>
</beans>
@@ -0,0 +1,56 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
<!--
* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* Demonstration of the applicationContext.xml that should be copied into
* JA-SIG CAS's webapp/WEB-INF/deployerConfigContext.xml
* The example CAS AuthenticationHandler should be placed within CAS's
* AuthenticationManager's authenticationHandler list property.
*
* The Acegi-specific beans can just be placed in the context file.
*
* $Id$
-->
<beans>
<!-- Data access object which stores authentication information -->
<bean id="inMemoryDaoImpl" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
<property name="userMap">
<value>
marissa=koala,ROLES_IGNORED_BY_CAS
dianne=emu,ROLES_IGNORED_BY_CAS
scott=wombat,ROLES_IGNORED_BY_CAS
peter=opal,disabled,ROLES_IGNORED_BY_CAS
</value>
</property>
</bean>
<bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
<property name="userDetailsService"><ref bean="inMemoryDaoImpl"/></property>
</bean>
<bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
<property name="providers">
<list>
<ref bean="daoAuthenticationProvider"/>
</list>
</property>
</bean>
<bean id="casAuthenticationHandler" class="org.acegisecurity.adapters.cas3.CasAuthenticationHandler">
<property name="authenticationManager" ref="authenticationManager" />
</bean>
</beans>
+11
View File
@@ -0,0 +1,11 @@
<?xml version="1.0" encoding="ISO-8859-1"?>
<project name="Acegi Security CAS Adapter">
<body>
<menu ref="parent"/>
<menu ref="reports"/>
</body>
</project>
@@ -0,0 +1,107 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.acegisecurity.adapters.cas;
import junit.framework.TestCase;
import org.springframework.context.ApplicationContext;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import org.springframework.mock.web.MockHttpServletRequest;
import javax.servlet.http.HttpServletRequest;
/**
* Tests {@link CasPasswordHandlerProxy}.
*
* @author Ben Alex
* @version $Id$
*/
public class CasPasswordHandlerProxyTests extends TestCase {
//~ Constructors ===================================================================================================
public CasPasswordHandlerProxyTests() {
super();
}
public CasPasswordHandlerProxyTests(String arg0) {
super(arg0);
}
//~ Methods ========================================================================================================
public static void main(String[] args) {
junit.textui.TestRunner.run(CasPasswordHandlerProxyTests.class);
}
public final void setUp() throws Exception {
super.setUp();
}
public void testDetectsIfHttpServletRequestNotPassed() {
CasPasswordHandlerProxy proxy = new MockCasPasswordHandlerProxy(
"org/acegisecurity/adapters/cas/applicationContext-valid.xml");
try {
proxy.authenticate(null, "x", "y");
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertEquals("Can only process HttpServletRequest", expected.getMessage());
}
}
public void testDetectsMissingDelegate() {
CasPasswordHandlerProxy proxy = new MockCasPasswordHandlerProxy(
"org/acegisecurity/adapters/cas/applicationContext-invalid.xml");
try {
proxy.authenticate(new MockHttpServletRequest(), "x", "y");
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertEquals("Bean context must contain at least one bean of type CasPasswordHandler", expected.getMessage());
}
}
public void testNormalOperation() {
CasPasswordHandlerProxy proxy = new MockCasPasswordHandlerProxy(
"org/acegisecurity/adapters/cas/applicationContext-valid.xml");
assertTrue(proxy.authenticate(new MockHttpServletRequest(), "marissa", "koala"));
assertFalse(proxy.authenticate(new MockHttpServletRequest(), "marissa", "WRONG_PASSWORD"));
assertFalse(proxy.authenticate(new MockHttpServletRequest(), "INVALID_USER_NAME", "WRONG_PASSWORD"));
}
//~ Inner Classes ==================================================================================================
/**
* Mock object so that application context source can be specified.
*/
private class MockCasPasswordHandlerProxy extends CasPasswordHandlerProxy {
private ApplicationContext ctx;
public MockCasPasswordHandlerProxy(String appContextLocation) {
ctx = new ClassPathXmlApplicationContext(appContextLocation);
}
private MockCasPasswordHandlerProxy() {
super();
}
protected ApplicationContext getContext(HttpServletRequest httpRequest) {
return ctx;
}
}
}
@@ -0,0 +1,101 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.acegisecurity.adapters.cas;
import junit.framework.TestCase;
import org.acegisecurity.MockAuthenticationManager;
import org.springframework.mock.web.MockHttpServletRequest;
/**
* Tests {@link CasPasswordHandler}.
*
* @author Ben Alex
* @version $Id$
*/
public class CasPasswordHandlerTests extends TestCase {
//~ Constructors ===================================================================================================
public CasPasswordHandlerTests() {
super();
}
public CasPasswordHandlerTests(String arg0) {
super(arg0);
}
//~ Methods ========================================================================================================
public static void main(String[] args) {
junit.textui.TestRunner.run(CasPasswordHandlerTests.class);
}
public final void setUp() throws Exception {
super.setUp();
}
public void testDeniesAccessWhenAuthenticationManagerThrowsException()
throws Exception {
CasPasswordHandler handler = new CasPasswordHandler();
handler.setAuthenticationManager(new MockAuthenticationManager(false));
handler.afterPropertiesSet();
assertFalse(handler.authenticate(new MockHttpServletRequest(), "username", "password"));
}
public void testDetectsEmptyAuthenticationManager()
throws Exception {
CasPasswordHandler handler = new CasPasswordHandler();
try {
handler.afterPropertiesSet();
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertEquals("An AuthenticationManager is required", expected.getMessage());
}
}
public void testGettersSetters() {
CasPasswordHandler handler = new CasPasswordHandler();
handler.setAuthenticationManager(new MockAuthenticationManager(false));
assertTrue(handler.getAuthenticationManager() != null);
}
public void testGracefullyHandlesEmptyUsernamesAndPassword()
throws Exception {
CasPasswordHandler handler = new CasPasswordHandler();
handler.setAuthenticationManager(new MockAuthenticationManager(true));
handler.afterPropertiesSet();
// If empty or null username we return false
assertFalse(handler.authenticate(new MockHttpServletRequest(), "", "password"));
assertFalse(handler.authenticate(new MockHttpServletRequest(), null, "password"));
// We authenticate with null passwords (they might not have one)
assertTrue(handler.authenticate(new MockHttpServletRequest(), "user", null));
assertTrue(handler.authenticate(new MockHttpServletRequest(), "user", ""));
}
public void testNormalOperation() throws Exception {
CasPasswordHandler handler = new CasPasswordHandler();
handler.setAuthenticationManager(new MockAuthenticationManager(true));
handler.afterPropertiesSet();
assertTrue(handler.authenticate(new MockHttpServletRequest(), "username", "password"));
}
}
@@ -0,0 +1,97 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.acegisecurity.adapters.cas3;
import org.acegisecurity.AuthenticationManager;
import org.jasig.cas.authentication.handler.AuthenticationException;
import org.jasig.cas.authentication.principal.UsernamePasswordCredentials;
import org.springframework.test.AbstractDependencyInjectionSpringContextTests;
/**
* Tests {@link CasAuthenticationHandler}
*
* @author Scott Battaglia
* @version $Id$
*/
public class CasAuthenticationHandlerTests extends AbstractDependencyInjectionSpringContextTests {
//~ Instance fields ================================================================================================
private AuthenticationManager authenticationManager;
private CasAuthenticationHandler casAuthenticationHandler;
//~ Methods ========================================================================================================
protected String[] getConfigLocations() {
return new String[] {"/org/acegisecurity/adapters/cas/applicationContext-valid.xml"};
}
private UsernamePasswordCredentials getCredentialsFor(final String username, final String password) {
final UsernamePasswordCredentials credentials = new UsernamePasswordCredentials();
credentials.setUsername(username);
credentials.setPassword(password);
return credentials;
}
protected void onSetUp() throws Exception {
this.casAuthenticationHandler = new CasAuthenticationHandler();
this.casAuthenticationHandler.setAuthenticationManager(authenticationManager);
this.casAuthenticationHandler.afterPropertiesSet();
}
public void setAuthenticationManager(final AuthenticationManager authenticationManager) {
this.authenticationManager = authenticationManager;
}
public void testAfterPropertiesSet() throws Exception {
this.casAuthenticationHandler.setAuthenticationManager(null);
try {
this.casAuthenticationHandler.afterPropertiesSet();
fail("IllegalArgumenException expected when no AuthenticationManager is set.");
} catch (final IllegalArgumentException e) {
// this is okay
}
}
public void testGracefullyHandlesInvalidInput() {
try {
assertFalse(this.casAuthenticationHandler.authenticate(getCredentialsFor("", "")));
assertFalse(this.casAuthenticationHandler.authenticate(getCredentialsFor(null, null)));
} catch (final AuthenticationException e) {
fail("AuthenticationException not expected.");
}
}
public void testInvalidUsernamePasswordCombination() {
try {
assertFalse(this.casAuthenticationHandler.authenticate(getCredentialsFor("scott", "scott")));
} catch (final AuthenticationException e) {
fail("AuthenticationException not expected.");
}
}
public void testValidUsernamePasswordCombination() {
try {
assertTrue(this.casAuthenticationHandler.authenticate(getCredentialsFor("scott", "wombat")));
} catch (final AuthenticationException e) {
fail("AuthenticationException not expected.");
}
}
}
@@ -0,0 +1,47 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
<!--
* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* $Id$
-->
<beans>
<bean id="inMemoryDaoImpl" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
<property name="userMap">
<value>
marissa=koala,ROLE_TELLER,ROLE_SUPERVISOR
dianne=emu,ROLE_TELLER
scott=wombat,ROLE_TELLER
peter=opal,disabled,ROLE_TELLER
</value>
</property>
</bean>
<bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
<property name="userDetailsService"><ref bean="inMemoryDaoImpl"/></property>
</bean>
<bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
<property name="providers">
<list>
<ref bean="daoAuthenticationProvider"/>
</list>
</property>
</bean>
<!-- No CasPasswordHandler -->
</beans>
@@ -0,0 +1,49 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
<!--
* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* $Id$
-->
<beans>
<bean id="inMemoryDaoImpl" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
<property name="userMap">
<value>
marissa=koala,ROLE_TELLER,ROLE_SUPERVISOR
dianne=emu,ROLE_TELLER
scott=wombat,ROLE_TELLER
peter=opal,disabled,ROLE_TELLER
</value>
</property>
</bean>
<bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
<property name="userDetailsService"><ref bean="inMemoryDaoImpl"/></property>
</bean>
<bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
<property name="providers">
<list>
<ref bean="daoAuthenticationProvider"/>
</list>
</property>
</bean>
<bean id="casPasswordHandler" class="org.acegisecurity.adapters.cas.CasPasswordHandler">
<property name="authenticationManager"><ref bean="authenticationManager"/></property>
</bean>
</beans>
+5 -10
View File
@@ -1,22 +1,17 @@
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-adapters</artifactId>
<version>2.0.0</version>
<groupId>org.acegisecurity</groupId>
<artifactId>acegi-security-adapters</artifactId>
<version>1.0.7</version>
</parent>
<artifactId>spring-security-catalina</artifactId>
<name>Spring Security - Catalina adapter</name>
<artifactId>acegi-security-catalina</artifactId>
<name>Acegi Security System for Spring - Catalina adapter</name>
<dependencies>
<dependency>
<groupId>tomcat</groupId>
<artifactId>catalina</artifactId>
<version>4.1.9</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
</project>
@@ -13,15 +13,15 @@
* limitations under the License.
*/
package org.springframework.security.adapters.catalina;
package org.acegisecurity.adapters.catalina;
import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationException;
import org.springframework.security.AuthenticationManager;
import org.acegisecurity.Authentication;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.AuthenticationManager;
import org.springframework.security.adapters.PrincipalSpringSecurityUserToken;
import org.acegisecurity.adapters.PrincipalAcegiUserToken;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.apache.catalina.Container;
import org.apache.catalina.LifecycleException;
@@ -41,17 +41,17 @@ import java.util.Map;
/**
* Adapter to enable Catalina (Tomcat) to authenticate via the Spring Security.<p>Returns a {@link
* PrincipalSpringSecurityUserToken} to Catalina's authentication system, which is subsequently available via
* Adapter to enable Catalina (Tomcat) to authenticate via the Acegi Security System for Spring.<p>Returns a {@link
* PrincipalAcegiUserToken} to Catalina's authentication system, which is subsequently available via
* <code>HttpServletRequest.getUserPrincipal()</code>.</p>
*
* @author Ben Alex
* @version $Id:CatalinaSpringSecurityUserRealm.java 2151 2007-09-22 11:54:13Z luke_t $
* @version $Id$
*/
public class CatalinaSpringSecurityUserRealm extends RealmBase {
public class CatalinaAcegiUserRealm extends RealmBase {
//~ Static fields/initializers =====================================================================================
private static final Log logger = LogFactory.getLog(CatalinaSpringSecurityUserRealm.class);
private static final Log logger = LogFactory.getLog(CatalinaAcegiUserRealm.class);
//~ Instance fields ================================================================================================
@@ -59,7 +59,7 @@ public class CatalinaSpringSecurityUserRealm extends RealmBase {
private Container container;
private String appContextLocation;
private String key;
protected final String name = "CatalinaSpringUserRealm / $Id:CatalinaSpringSecurityUserRealm.java 2151 2007-09-22 11:54:13Z luke_t $";
protected final String name = "CatalinaSpringUserRealm / $Id$";
//~ Methods ========================================================================================================
@@ -85,7 +85,7 @@ public class CatalinaSpringSecurityUserRealm extends RealmBase {
return null;
}
return new PrincipalSpringSecurityUserToken(this.key, response.getPrincipal().toString(),
return new PrincipalAcegiUserToken(this.key, response.getPrincipal().toString(),
response.getCredentials().toString(), response.getAuthorities(), response.getPrincipal());
}
@@ -163,14 +163,14 @@ public class CatalinaSpringSecurityUserRealm extends RealmBase {
return false;
}
if (!(principal instanceof PrincipalSpringSecurityUserToken)) {
logger.warn("Expected passed principal to be of type PrincipalSpringSecurityUserToken but was "
if (!(principal instanceof PrincipalAcegiUserToken)) {
logger.warn("Expected passed principal to be of type PrincipalAcegiUserToken but was "
+ principal.getClass().getName());
return false;
}
PrincipalSpringSecurityUserToken test = (PrincipalSpringSecurityUserToken) principal;
PrincipalAcegiUserToken test = (PrincipalAcegiUserToken) principal;
return test.isUserInRole(role);
}
@@ -221,7 +221,7 @@ public class CatalinaSpringSecurityUserRealm extends RealmBase {
String beanName = (String) beans.keySet().iterator().next();
authenticationManager = (AuthenticationManager) beans.get(beanName);
logger.info("CatalinaSpringSecurityUserRealm Started");
logger.info("CatalinaAcegiUserRealm Started");
}
/**
@@ -22,10 +22,10 @@
<beans>
<!-- Data access object which stores authentication information -->
<bean id="inMemoryDaoImpl" class="org.springframework.security.userdetails.memory.InMemoryDaoImpl">
<bean id="inMemoryDaoImpl" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
<property name="userMap">
<value>
rod=koala,ROLE_TELLER,ROLE_SUPERVISOR
marissa=koala,ROLE_TELLER,ROLE_SUPERVISOR
dianne=emu,ROLE_TELLER
scott=wombat,ROLE_TELLER
peter=opal,disabled,ROLE_TELLER
@@ -22,10 +22,10 @@
<beans>
<!-- Data access object which stores authentication information -->
<bean id="inMemoryDaoImpl" class="org.springframework.security.userdetails.memory.InMemoryDaoImpl">
<bean id="inMemoryDaoImpl" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
<property name="userMap">
<value>
rod=koala,ROLE_TELLER,ROLE_SUPERVISOR
marissa=koala,ROLE_TELLER,ROLE_SUPERVISOR
dianne=emu,ROLE_TELLER
scott=wombat,ROLE_TELLER
peter=opal,disabled,ROLE_TELLER
@@ -34,13 +34,13 @@
</bean>
<!-- Authentication provider that queries our data access object -->
<bean id="daoAuthenticationProvider" class="org.springframework.security.providers.dao.DaoAuthenticationProvider">
<bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
<property name="userDetailsService"><ref bean="inMemoryDaoImpl"/></property>
<property name="forcePrincipalAsString"><value>true</value></property>
</bean>
<!-- The authentication manager that iterates through our only authentication provider -->
<bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
<bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
<property name="providers">
<list>
<ref bean="daoAuthenticationProvider"/>
@@ -13,14 +13,14 @@
* limitations under the License.
*/
package org.springframework.security.adapters.catalina;
package org.acegisecurity.adapters.catalina;
import junit.framework.TestCase;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.GrantedAuthorityImpl;
import org.springframework.security.adapters.PrincipalSpringSecurityUserToken;
import org.acegisecurity.adapters.PrincipalAcegiUserToken;
import org.apache.catalina.LifecycleException;
@@ -32,37 +32,37 @@ import java.security.Principal;
/**
* Tests {@link CatalinaSpringSecurityUserRealm}.
* Tests {@link CatalinaAcegiUserRealm}.
*
* @author Ben Alex
* @version $Id:CatalinaSpringSecurityUserRealmTests.java 2151 2007-09-22 11:54:13Z luke_t $
* @version $Id$
*/
public class CatalinaSpringSecurityUserRealmTests extends TestCase {
public class CatalinaAcegiUserRealmTests extends TestCase {
//~ Instance fields ================================================================================================
private final String ADAPTER_KEY = "my_key";
//~ Constructors ===================================================================================================
public CatalinaSpringSecurityUserRealmTests() {
public CatalinaAcegiUserRealmTests() {
super();
}
public CatalinaSpringSecurityUserRealmTests(String arg0) {
public CatalinaAcegiUserRealmTests(String arg0) {
super(arg0);
}
//~ Methods ========================================================================================================
public static void main(String[] args) {
junit.textui.TestRunner.run(CatalinaSpringSecurityUserRealmTests.class);
junit.textui.TestRunner.run(CatalinaAcegiUserRealmTests.class);
}
private CatalinaSpringSecurityUserRealm makeAdapter(String fileName)
private CatalinaAcegiUserRealm makeAdapter(String fileName)
throws Exception {
CatalinaSpringSecurityUserRealm adapter = new CatalinaSpringSecurityUserRealm();
CatalinaAcegiUserRealm adapter = new CatalinaAcegiUserRealm();
URL url = Thread.currentThread().getContextClassLoader().getResource("org/springframework/security/adapters/" + fileName);
URL url = Thread.currentThread().getContextClassLoader().getResource("org/acegisecurity/adapters/" + fileName);
if (url == null) {
throw new Exception("Could not find " + fileName + " - cannot continue");
@@ -86,7 +86,7 @@ public class CatalinaSpringSecurityUserRealmTests extends TestCase {
public void testAdapterAbortsIfAppContextDoesNotContainAnAuthenticationBean()
throws Exception {
try {
CatalinaSpringSecurityUserRealm adapter = makeAdapter("catalinaAdapterTest-invalid.xml");
CatalinaAcegiUserRealm adapter = makeAdapter("catalinaAdapterTest-invalid.xml");
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertTrue(true);
@@ -95,7 +95,7 @@ public class CatalinaSpringSecurityUserRealmTests extends TestCase {
public void testAdapterAbortsIfNoAppContextSpecified()
throws Exception {
CatalinaSpringSecurityUserRealm adapter = new CatalinaSpringSecurityUserRealm();
CatalinaAcegiUserRealm adapter = new CatalinaAcegiUserRealm();
adapter.setKey("KEY");
@@ -117,7 +117,7 @@ public class CatalinaSpringSecurityUserRealmTests extends TestCase {
}
public void testAdapterAbortsIfNoKeySpecified() throws Exception {
CatalinaSpringSecurityUserRealm adapter = new CatalinaSpringSecurityUserRealm();
CatalinaAcegiUserRealm adapter = new CatalinaAcegiUserRealm();
adapter.setAppContextLocation("SOMETHING");
@@ -140,7 +140,7 @@ public class CatalinaSpringSecurityUserRealmTests extends TestCase {
public void testAdapterAbortsWithIncorrectApplicationContextLocation()
throws Exception {
CatalinaSpringSecurityUserRealm adapter = new CatalinaSpringSecurityUserRealm();
CatalinaAcegiUserRealm adapter = new CatalinaAcegiUserRealm();
adapter.setAppContextLocation("SOME_INVALID_PATH");
adapter.setKey("KEY");
@@ -153,96 +153,96 @@ public class CatalinaSpringSecurityUserRealmTests extends TestCase {
}
public void testAdapterIdentifiesItself() throws Exception {
CatalinaSpringSecurityUserRealm adapter = new CatalinaSpringSecurityUserRealm();
CatalinaAcegiUserRealm adapter = new CatalinaAcegiUserRealm();
assertTrue(adapter.getName().lastIndexOf("CatalinaSpringUserRealm") != -1);
}
public void testAdapterStartsUpSuccess() throws Exception {
CatalinaSpringSecurityUserRealm adapter = makeAdapter("catalinaAdapterTest-valid.xml");
CatalinaAcegiUserRealm adapter = makeAdapter("catalinaAdapterTest-valid.xml");
assertTrue(true);
}
public void testAuthenticateManyParamsReturnsNull() {
CatalinaSpringSecurityUserRealm adapter = new CatalinaSpringSecurityUserRealm();
CatalinaAcegiUserRealm adapter = new CatalinaAcegiUserRealm();
assertEquals(null, adapter.authenticate(null, null, null, null, null, null, null, null));
}
public void testAuthenticateX509ReturnsNull() {
CatalinaSpringSecurityUserRealm adapter = new CatalinaSpringSecurityUserRealm();
CatalinaAcegiUserRealm adapter = new CatalinaAcegiUserRealm();
assertEquals(null, adapter.authenticate(null));
}
public void testAuthenticationFailsForIncorrectPassword()
throws Exception {
CatalinaSpringSecurityUserRealm adapter = makeAdapter("catalinaAdapterTest-valid.xml");
assertEquals(null, adapter.authenticate("rod", "kangaroo"));
CatalinaAcegiUserRealm adapter = makeAdapter("catalinaAdapterTest-valid.xml");
assertEquals(null, adapter.authenticate("marissa", "kangaroo"));
}
public void testAuthenticationFailsForIncorrectUserName()
throws Exception {
CatalinaSpringSecurityUserRealm adapter = makeAdapter("catalinaAdapterTest-valid.xml");
CatalinaAcegiUserRealm adapter = makeAdapter("catalinaAdapterTest-valid.xml");
assertEquals(null, adapter.authenticate("melissa", "koala"));
}
public void testAuthenticationUsingByteArrayForCredentials()
throws Exception {
CatalinaSpringSecurityUserRealm adapter = makeAdapter("catalinaAdapterTest-valid.xml");
CatalinaAcegiUserRealm adapter = makeAdapter("catalinaAdapterTest-valid.xml");
byte[] credentials = {'k', 'o', 'a', 'l', 'a'};
Principal result = adapter.authenticate("rod", credentials);
Principal result = adapter.authenticate("marissa", credentials);
if (!(result instanceof PrincipalSpringSecurityUserToken)) {
fail("Should have returned PrincipalSpringSecurityUserToken");
if (!(result instanceof PrincipalAcegiUserToken)) {
fail("Should have returned PrincipalAcegiUserToken");
}
PrincipalSpringSecurityUserToken castResult = (PrincipalSpringSecurityUserToken) result;
assertEquals("rod", castResult.getPrincipal());
PrincipalAcegiUserToken castResult = (PrincipalAcegiUserToken) result;
assertEquals("marissa", castResult.getPrincipal());
assertEquals("koala", castResult.getCredentials());
assertEquals("ROLE_TELLER", castResult.getAuthorities()[1].getAuthority());
assertEquals("ROLE_SUPERVISOR", castResult.getAuthorities()[0].getAuthority());
assertEquals("ROLE_TELLER", castResult.getAuthorities()[0].getAuthority());
assertEquals("ROLE_SUPERVISOR", castResult.getAuthorities()[1].getAuthority());
assertEquals(ADAPTER_KEY.hashCode(), castResult.getKeyHash());
}
public void testAuthenticationUsingStringForCredentials()
throws Exception {
CatalinaSpringSecurityUserRealm adapter = makeAdapter("catalinaAdapterTest-valid.xml");
Principal result = adapter.authenticate("rod", "koala");
CatalinaAcegiUserRealm adapter = makeAdapter("catalinaAdapterTest-valid.xml");
Principal result = adapter.authenticate("marissa", "koala");
if (!(result instanceof PrincipalSpringSecurityUserToken)) {
fail("Should have returned PrincipalSpringSecurityUserToken");
if (!(result instanceof PrincipalAcegiUserToken)) {
fail("Should have returned PrincipalAcegiUserToken");
}
PrincipalSpringSecurityUserToken castResult = (PrincipalSpringSecurityUserToken) result;
assertEquals("rod", castResult.getPrincipal());
PrincipalAcegiUserToken castResult = (PrincipalAcegiUserToken) result;
assertEquals("marissa", castResult.getPrincipal());
assertEquals("koala", castResult.getCredentials());
assertEquals("ROLE_TELLER", castResult.getAuthorities()[1].getAuthority());
assertEquals("ROLE_SUPERVISOR", castResult.getAuthorities()[0].getAuthority());
assertEquals("ROLE_TELLER", castResult.getAuthorities()[0].getAuthority());
assertEquals("ROLE_SUPERVISOR", castResult.getAuthorities()[1].getAuthority());
assertEquals(ADAPTER_KEY.hashCode(), castResult.getKeyHash());
}
public void testAuthenticationWithNullPasswordHandledGracefully()
throws Exception {
CatalinaSpringSecurityUserRealm adapter = makeAdapter("catalinaAdapterTest-valid.xml");
assertEquals(null, adapter.authenticate("rod", (String) null));
CatalinaAcegiUserRealm adapter = makeAdapter("catalinaAdapterTest-valid.xml");
assertEquals(null, adapter.authenticate("marissa", (String) null));
}
public void testAuthenticationWithNullUserNameHandledGracefully()
throws Exception {
CatalinaSpringSecurityUserRealm adapter = makeAdapter("catalinaAdapterTest-valid.xml");
CatalinaAcegiUserRealm adapter = makeAdapter("catalinaAdapterTest-valid.xml");
assertEquals(null, adapter.authenticate(null, "koala"));
}
public void testGetPasswordReturnsNull() {
CatalinaSpringSecurityUserRealm adapter = new CatalinaSpringSecurityUserRealm();
CatalinaAcegiUserRealm adapter = new CatalinaAcegiUserRealm();
assertEquals(null, adapter.getPassword(null));
}
public void testGetPrincipalReturnsNull() {
CatalinaSpringSecurityUserRealm adapter = new CatalinaSpringSecurityUserRealm();
CatalinaAcegiUserRealm adapter = new CatalinaAcegiUserRealm();
assertEquals(null, adapter.getPrincipal(null));
}
public void testGetters() {
CatalinaSpringSecurityUserRealm adapter = new CatalinaSpringSecurityUserRealm();
CatalinaAcegiUserRealm adapter = new CatalinaAcegiUserRealm();
adapter.setKey("KEY");
assertEquals("KEY", adapter.getKey());
adapter.setAppContextLocation("SOME_LOCATION");
@@ -250,12 +250,12 @@ public class CatalinaSpringSecurityUserRealmTests extends TestCase {
}
public void testHasRoleWithANullPrincipalFails() {
CatalinaSpringSecurityUserRealm adapter = new CatalinaSpringSecurityUserRealm();
CatalinaAcegiUserRealm adapter = new CatalinaAcegiUserRealm();
assertTrue(!adapter.hasRole(null, "ROLE_ONE"));
}
public void testHasRoleWithAPrincipalTheAdapterDidNotCreateFails() {
CatalinaSpringSecurityUserRealm adapter = new CatalinaSpringSecurityUserRealm();
CatalinaAcegiUserRealm adapter = new CatalinaAcegiUserRealm();
assertTrue(!adapter.hasRole(new Principal() {
public String getName() {
return "MockPrincipal";
@@ -264,10 +264,10 @@ public class CatalinaSpringSecurityUserRealmTests extends TestCase {
}
public void testHasRoleWithPrincipalAcegiUserToken() {
PrincipalSpringSecurityUserToken token = new PrincipalSpringSecurityUserToken("KEY", "Test", "Password",
PrincipalAcegiUserToken token = new PrincipalAcegiUserToken("KEY", "Test", "Password",
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO")},
null);
CatalinaSpringSecurityUserRealm adapter = new CatalinaSpringSecurityUserRealm();
CatalinaAcegiUserRealm adapter = new CatalinaAcegiUserRealm();
assertTrue(adapter.hasRole(token, "ROLE_ONE"));
assertTrue(adapter.hasRole(token, "ROLE_TWO"));
assertTrue(!adapter.hasRole(token, "ROLE_WE_DO_NOT_HAVE"));
+10 -13
View File
@@ -1,12 +1,12 @@
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-adapters</artifactId>
<version>2.0.0</version>
<groupId>org.acegisecurity</groupId>
<artifactId>acegi-security-adapters</artifactId>
<version>1.0.7</version>
</parent>
<artifactId>spring-security-jboss</artifactId>
<name>Spring Security - JBoss adapter</name>
<artifactId>acegi-security-jboss</artifactId>
<name>Acegi Security System for Spring - JBoss adapter</name>
<dependencies>
<dependency>
<groupId>jboss</groupId>
@@ -14,13 +14,10 @@
<version>3.2.3</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId>
<scope>test</scope>
</dependency>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
<version>2.3</version>
<scope>provided</scope>
</dependency>
</dependencies>
</project>
@@ -13,17 +13,17 @@
* limitations under the License.
*/
package org.springframework.security.adapters.jboss;
package org.acegisecurity.adapters.jboss;
import org.springframework.security.AccountExpiredException;
import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationException;
import org.springframework.security.AuthenticationManager;
import org.springframework.security.CredentialsExpiredException;
import org.acegisecurity.AccountExpiredException;
import org.acegisecurity.Authentication;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.AuthenticationManager;
import org.acegisecurity.CredentialsExpiredException;
import org.springframework.security.adapters.PrincipalSpringSecurityUserToken;
import org.acegisecurity.adapters.PrincipalAcegiUserToken;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.jboss.security.SimpleGroup;
import org.jboss.security.SimplePrincipal;
@@ -52,15 +52,15 @@ import javax.security.auth.login.LoginException;
/**
* Adapter to enable JBoss to authenticate via the Spring Security System for Spring.
* <p>Returns a {@link PrincipalSpringSecurityUserToken} to JBoss' authentication system,
* which is subsequently available from <code>java:comp/env/security/subject</code>.</p>
* Adapter to enable JBoss to authenticate via the Acegi Security System for Spring.<p>Returns a {@link
* PrincipalAcegiUserToken} to JBoss' authentication system, which is subsequently available from
* <code>java:comp/env/security/subject</code>.</p>
*
* @author Ben Alex
* @author Sergio Bern
* @version $Id:JbossSpringSecurityLoginModule.java 2151 2007-09-22 11:54:13Z luke_t $
* @version $Id$
*/
public class JbossSpringSecurityLoginModule extends AbstractServerLoginModule {
public class JbossAcegiLoginModule extends AbstractServerLoginModule {
//~ Instance fields ================================================================================================
private AuthenticationManager authenticationManager;
@@ -284,7 +284,7 @@ public class JbossSpringSecurityLoginModule extends AbstractServerLoginModule {
super.log.debug("user is logged. redirecting to jaas classes");
identity = new PrincipalSpringSecurityUserToken(this.key, response.getName(), response.getCredentials().toString(),
identity = new PrincipalAcegiUserToken(this.key, response.getName(), response.getCredentials().toString(),
response.getAuthorities(), response.getPrincipal());
}
@@ -13,13 +13,13 @@
* limitations under the License.
*/
package org.springframework.security.adapters.jboss;
package org.acegisecurity.adapters.jboss;
import org.springframework.security.Authentication;
import org.acegisecurity.Authentication;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.context.HttpSessionContextIntegrationFilter;
import org.springframework.security.context.SecurityContext;
import org.acegisecurity.context.SecurityContextHolder;
import org.acegisecurity.context.HttpSessionContextIntegrationFilter;
import org.acegisecurity.context.SecurityContext;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -13,13 +13,14 @@
* limitations under the License.
*/
package org.springframework.security.adapters.jboss;
package org.acegisecurity.adapters.jboss;
import junit.framework.TestCase;
import org.springframework.security.adapters.PrincipalSpringSecurityUserToken;
import org.acegisecurity.adapters.PrincipalAcegiUserToken;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.SimpleGroup;
import java.io.IOException;
@@ -27,6 +28,7 @@ import java.security.Principal;
import java.security.acl.Group;
import java.util.Properties;
import java.util.Enumeration;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
@@ -39,30 +41,30 @@ import javax.security.auth.login.LoginException;
/**
* Tests {@link JbossSpringSecurityLoginModule}.
* Tests {@link JbossAcegiLoginModule}.
*
* @author Ben Alex
* @version $Id:JbossSpringSecurityLoginModuleTests.java 2151 2007-09-22 11:54:13Z luke_t $
* @version $Id$
*/
public class JbossSpringSecurityLoginModuleTests extends TestCase {
public class JbossAcegiLoginModuleTests extends TestCase {
//~ Instance fields ================================================================================================
private final String ADAPTER_KEY = "my_key";
//~ Constructors ===================================================================================================
public JbossSpringSecurityLoginModuleTests() {
public JbossAcegiLoginModuleTests() {
super();
}
public JbossSpringSecurityLoginModuleTests(String arg0) {
public JbossAcegiLoginModuleTests(String arg0) {
super(arg0);
}
//~ Methods ========================================================================================================
public static void main(String[] args) {
junit.textui.TestRunner.run(JbossSpringSecurityLoginModuleTests.class);
junit.textui.TestRunner.run(JbossAcegiLoginModuleTests.class);
}
public final void setUp() throws Exception {
@@ -71,10 +73,10 @@ public class JbossSpringSecurityLoginModuleTests extends TestCase {
public void testAdapterAbortsIfAppContextDoesNotContainAnAuthenticationBean()
throws Exception {
JbossSpringSecurityLoginModule adapter = new JbossSpringSecurityLoginModule();
JbossAcegiLoginModule adapter = new JbossAcegiLoginModule();
Properties props = new Properties();
props.put("key", ADAPTER_KEY);
props.put("appContextLocation", "org/springframework/security/adapters/adaptertest-invalid.xml");
props.put("appContextLocation", "org/acegisecurity/adapters/adaptertest-invalid.xml");
try {
adapter.initialize(null, null, null, props);
@@ -86,7 +88,7 @@ public class JbossSpringSecurityLoginModuleTests extends TestCase {
public void testAdapterAbortsIfNoAppContextSpecified()
throws Exception {
JbossSpringSecurityLoginModule adapter = new JbossSpringSecurityLoginModule();
JbossAcegiLoginModule adapter = new JbossAcegiLoginModule();
Properties props = new Properties();
props.put("key", ADAPTER_KEY);
@@ -111,10 +113,10 @@ public class JbossSpringSecurityLoginModuleTests extends TestCase {
}
public void testAdapterAbortsIfNoKeySpecified() throws Exception {
JbossSpringSecurityLoginModule adapter = new JbossSpringSecurityLoginModule();
JbossAcegiLoginModule adapter = new JbossAcegiLoginModule();
Properties props = new Properties();
props.put("appContextLocation", "org/springframework/security/adapters/adaptertest-valid.xml");
props.put("appContextLocation", "org/acegisecurity/adapters/adaptertest-valid.xml");
try {
adapter.initialize(null, null, null, props);
@@ -125,7 +127,7 @@ public class JbossSpringSecurityLoginModuleTests extends TestCase {
props = new Properties();
props.put("key", "");
props.put("appContextLocation", "org/springframework/security/adapters/adaptertest-valid.xml");
props.put("appContextLocation", "org/acegisecurity/adapters/adaptertest-valid.xml");
try {
adapter.initialize(null, null, null, props);
@@ -137,7 +139,7 @@ public class JbossSpringSecurityLoginModuleTests extends TestCase {
public void testAdapterAbortsWithIncorrectApplicationContextLocation()
throws Exception {
JbossSpringSecurityLoginModule adapter = new JbossSpringSecurityLoginModule();
JbossAcegiLoginModule adapter = new JbossAcegiLoginModule();
Properties props = new Properties();
props.put("key", ADAPTER_KEY);
@@ -153,10 +155,10 @@ public class JbossSpringSecurityLoginModuleTests extends TestCase {
public void testAdapterFailsToAuthenticateIfNoCallbackHandlerAvailable()
throws Exception {
JbossSpringSecurityLoginModule adapter = new JbossSpringSecurityLoginModule();
JbossAcegiLoginModule adapter = new JbossAcegiLoginModule();
Properties props = new Properties();
props.put("key", ADAPTER_KEY);
props.put("appContextLocation", "org/springframework/security/adapters/adaptertest-valid.xml");
props.put("appContextLocation", "org/acegisecurity/adapters/adaptertest-valid.xml");
Subject subject = new Subject();
@@ -171,23 +173,23 @@ public class JbossSpringSecurityLoginModuleTests extends TestCase {
}
public void testAdapterStartsUpSuccess() throws Exception {
JbossSpringSecurityLoginModule adapter = new JbossSpringSecurityLoginModule();
JbossAcegiLoginModule adapter = new JbossAcegiLoginModule();
Properties props = new Properties();
props.put("key", ADAPTER_KEY);
props.put("appContextLocation", "org/springframework/security/adapters/adaptertest-valid.xml");
props.put("appContextLocation", "org/acegisecurity/adapters/adaptertest-valid.xml");
adapter.initialize(null, null, null, props);
assertTrue(true);
}
public void testAuthenticationFailsForIncorrectPassword()
throws Exception {
JbossSpringSecurityLoginModule adapter = new JbossSpringSecurityLoginModule();
JbossAcegiLoginModule adapter = new JbossAcegiLoginModule();
Properties props = new Properties();
props.put("key", ADAPTER_KEY);
props.put("appContextLocation", "org/springframework/security/adapters/adaptertest-valid.xml");
props.put("appContextLocation", "org/acegisecurity/adapters/adaptertest-valid.xml");
Subject subject = new Subject();
CallbackHandler callback = new MockCallbackHandler("rod", "kangaroo");
CallbackHandler callback = new MockCallbackHandler("marissa", "kangaroo");
adapter.initialize(subject, callback, null, props);
@@ -201,10 +203,10 @@ public class JbossSpringSecurityLoginModuleTests extends TestCase {
public void testAuthenticationFailsForIncorrectUserName()
throws Exception {
JbossSpringSecurityLoginModule adapter = new JbossSpringSecurityLoginModule();
JbossAcegiLoginModule adapter = new JbossAcegiLoginModule();
Properties props = new Properties();
props.put("key", ADAPTER_KEY);
props.put("appContextLocation", "org/springframework/security/adapters/adaptertest-valid.xml");
props.put("appContextLocation", "org/acegisecurity/adapters/adaptertest-valid.xml");
Subject subject = new Subject();
CallbackHandler callback = new MockCallbackHandler("melissa", "koala");
@@ -220,40 +222,40 @@ public class JbossSpringSecurityLoginModuleTests extends TestCase {
}
public void testAuthenticationSuccess() throws Exception {
JbossSpringSecurityLoginModule adapter = new JbossSpringSecurityLoginModule();
JbossAcegiLoginModule adapter = new JbossAcegiLoginModule();
Properties props = new Properties();
props.put("key", ADAPTER_KEY);
props.put("appContextLocation", "org/springframework/security/adapters/adaptertest-valid.xml");
props.put("appContextLocation", "org/acegisecurity/adapters/adaptertest-valid.xml");
Subject subject = new Subject();
CallbackHandler callback = new MockCallbackHandler("rod", "koala");
CallbackHandler callback = new MockCallbackHandler("marissa", "koala");
adapter.initialize(subject, callback, null, props);
assertTrue(adapter.login());
Principal result = adapter.getIdentity();
if (!(result instanceof PrincipalSpringSecurityUserToken)) {
fail("Should have returned PrincipalSpringSecurityUserToken");
if (!(result instanceof PrincipalAcegiUserToken)) {
fail("Should have returned PrincipalAcegiUserToken");
}
PrincipalSpringSecurityUserToken castResult = (PrincipalSpringSecurityUserToken) result;
assertEquals("rod", castResult.getPrincipal());
PrincipalAcegiUserToken castResult = (PrincipalAcegiUserToken) result;
assertEquals("marissa", castResult.getPrincipal());
assertEquals("koala", castResult.getCredentials());
assertEquals("ROLE_TELLER", castResult.getAuthorities()[1].getAuthority());
assertEquals("ROLE_SUPERVISOR", castResult.getAuthorities()[0].getAuthority());
assertEquals("ROLE_TELLER", castResult.getAuthorities()[0].getAuthority());
assertEquals("ROLE_SUPERVISOR", castResult.getAuthorities()[1].getAuthority());
assertEquals(ADAPTER_KEY.hashCode(), castResult.getKeyHash());
}
public void testAuthenticationWithNullPasswordHandledGracefully()
throws Exception {
JbossSpringSecurityLoginModule adapter = new JbossSpringSecurityLoginModule();
JbossAcegiLoginModule adapter = new JbossAcegiLoginModule();
Properties props = new Properties();
props.put("key", ADAPTER_KEY);
props.put("appContextLocation", "org/springframework/security/adapters/adaptertest-valid.xml");
props.put("appContextLocation", "org/acegisecurity/adapters/adaptertest-valid.xml");
Subject subject = new Subject();
CallbackHandler callback = new MockCallbackHandler("rod", null);
CallbackHandler callback = new MockCallbackHandler("marissa", null);
adapter.initialize(subject, callback, null, props);
@@ -267,10 +269,10 @@ public class JbossSpringSecurityLoginModuleTests extends TestCase {
public void testAuthenticationWithNullUserNameAndNullPasswordHandledGracefully()
throws Exception {
JbossSpringSecurityLoginModule adapter = new JbossSpringSecurityLoginModule();
JbossAcegiLoginModule adapter = new JbossAcegiLoginModule();
Properties props = new Properties();
props.put("key", ADAPTER_KEY);
props.put("appContextLocation", "org/springframework/security/adapters/adaptertest-valid.xml");
props.put("appContextLocation", "org/acegisecurity/adapters/adaptertest-valid.xml");
Subject subject = new Subject();
CallbackHandler callback = new MockCallbackHandler(null, null);
@@ -287,10 +289,10 @@ public class JbossSpringSecurityLoginModuleTests extends TestCase {
public void testAuthenticationWithNullUserNameHandledGracefully()
throws Exception {
JbossSpringSecurityLoginModule adapter = new JbossSpringSecurityLoginModule();
JbossAcegiLoginModule adapter = new JbossAcegiLoginModule();
Properties props = new Properties();
props.put("key", ADAPTER_KEY);
props.put("appContextLocation", "org/springframework/security/adapters/adaptertest-valid.xml");
props.put("appContextLocation", "org/acegisecurity/adapters/adaptertest-valid.xml");
Subject subject = new Subject();
CallbackHandler callback = new MockCallbackHandler(null, "kangaroo");
@@ -306,13 +308,13 @@ public class JbossSpringSecurityLoginModuleTests extends TestCase {
}
public void testGetRoleSets() throws Exception {
JbossSpringSecurityLoginModule adapter = new JbossSpringSecurityLoginModule();
JbossAcegiLoginModule adapter = new JbossAcegiLoginModule();
Properties props = new Properties();
props.put("key", ADAPTER_KEY);
props.put("appContextLocation", "org/springframework/security/adapters/adaptertest-valid.xml");
props.put("appContextLocation", "org/acegisecurity/adapters/adaptertest-valid.xml");
Subject subject = new Subject();
CallbackHandler callback = new MockCallbackHandler("rod", "koala");
CallbackHandler callback = new MockCallbackHandler("marissa", "koala");
adapter.initialize(subject, callback, null, props);
assertTrue(adapter.login());
@@ -13,17 +13,17 @@
* limitations under the License.
*/
package org.springframework.security.adapters.jboss;
package org.acegisecurity.adapters.jboss;
import junit.framework.TestCase;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.GrantedAuthorityImpl;
import org.springframework.security.adapters.PrincipalSpringSecurityUserToken;
import org.acegisecurity.adapters.PrincipalAcegiUserToken;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.context.SecurityContextImpl;
import org.acegisecurity.context.SecurityContextHolder;
import org.acegisecurity.context.SecurityContextImpl;
import org.springframework.mock.web.MockHttpServletRequest;
@@ -50,7 +50,7 @@ import javax.servlet.ServletResponse;
* Tests {@link JbossIntegrationFilter}.
*
* @author Ben Alex
* @version $Id:JbossIntegrationFilterTests.java 2151 2007-09-22 11:54:13Z luke_t $
* @version $Id$
*/
public class JbossIntegrationFilterTests extends TestCase {
//~ Constructors ===================================================================================================
@@ -95,7 +95,7 @@ public class JbossIntegrationFilterTests extends TestCase {
}
public void testCorrectOperation() throws Exception {
PrincipalSpringSecurityUserToken principal = new PrincipalSpringSecurityUserToken("key", "someone", "password",
PrincipalAcegiUserToken principal = new PrincipalAcegiUserToken("key", "someone", "password",
new GrantedAuthority[] {new GrantedAuthorityImpl("SOME_ROLE")}, null);
JbossIntegrationFilter filter = new MockJbossIntegrationFilter(new MockInitialContext(makeIntoSubject(principal)));
@@ -13,7 +13,7 @@
* limitations under the License.
*/
package org.springframework.security.adapters.jboss;
package org.acegisecurity.adapters.jboss;
import java.util.Hashtable;
@@ -29,7 +29,7 @@ import javax.naming.NamingException;
* <code>java:comp/env/security/subject</code>.
*
* @author Ben Alex
* @version $Id:MockInitialContext.java 2151 2007-09-22 11:54:13Z luke_t $
* @version $Id$
*/
public class MockInitialContext implements Context {
//~ Instance fields ================================================================================================
@@ -42,6 +42,10 @@ public class MockInitialContext implements Context {
this.object = object;
}
private MockInitialContext() {
super();
}
//~ Methods ========================================================================================================
public Object addToEnvironment(String propName, Object propVal)
@@ -13,7 +13,7 @@
* limitations under the License.
*/
package org.springframework.security.adapters.jboss;
package org.acegisecurity.adapters.jboss;
import javax.naming.Context;
import javax.naming.NamingException;
@@ -24,7 +24,7 @@ import javax.naming.NamingException;
* constructor.
*
* @author Ben Alex
* @version $Id:MockJbossIntegrationFilter.java 2151 2007-09-22 11:54:13Z luke_t $
* @version $Id$
*/
public class MockJbossIntegrationFilter extends JbossIntegrationFilter {
//~ Instance fields ================================================================================================
@@ -37,6 +37,10 @@ public class MockJbossIntegrationFilter extends JbossIntegrationFilter {
this.context = context;
}
private MockJbossIntegrationFilter() {
super();
}
//~ Methods ========================================================================================================
protected Context getLookupContext() throws NamingException {
+5 -10
View File
@@ -1,22 +1,17 @@
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-adapters</artifactId>
<version>2.0.0</version>
<groupId>org.acegisecurity</groupId>
<artifactId>acegi-security-adapters</artifactId>
<version>1.0.7</version>
</parent>
<artifactId>spring-security-jetty</artifactId>
<name>Spring Security - Jetty adapter</name>
<artifactId>acegi-security-jetty</artifactId>
<name>Acegi Security System for Spring - Jetty adapter</name>
<dependencies>
<dependency>
<groupId>jetty</groupId>
<artifactId>org.mortbay.jetty</artifactId>
<version>4.2.22</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
</project>
@@ -13,13 +13,13 @@
* limitations under the License.
*/
package org.springframework.security.adapters.jetty;
package org.acegisecurity.adapters.jetty;
import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationException;
import org.springframework.security.AuthenticationManager;
import org.acegisecurity.Authentication;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.AuthenticationManager;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -34,17 +34,17 @@ import java.util.Map;
/**
* Adapter to enable Jetty to authenticate via Spring Security.<p>Returns a {@link
* JettySpringSecurityUserToken} to Jetty's authentication system, which is subsequently available via
* Adapter to enable Jetty to authenticate via the Acegi Security System for Spring.<p>Returns a {@link
* JettyAcegiUserToken} to Jetty's authentication system, which is subsequently available via
* <code>HttpServletRequest.getUserPrincipal()</code>.</p>
*
* @author Ben Alex
* @version $Id:JettySpringSecurityUserRealm.java 2151 2007-09-22 11:54:13Z luke_t $
* @version $Id$
*/
public final class JettySpringSecurityUserRealm implements UserRealm {
public final class JettyAcegiUserRealm implements UserRealm {
//~ Static fields/initializers =====================================================================================
private static final Log logger = LogFactory.getLog(JettySpringSecurityUserRealm.class);
private static final Log logger = LogFactory.getLog(JettyAcegiUserRealm.class);
//~ Instance fields ================================================================================================
@@ -64,7 +64,7 @@ public final class JettySpringSecurityUserRealm implements UserRealm {
*
* @throws IllegalArgumentException DOCUMENT ME!
*/
public JettySpringSecurityUserRealm(String realm, String providerKey, String appContextLocation) {
public JettyAcegiUserRealm(String realm, String providerKey, String appContextLocation) {
this.realm = realm;
this.key = providerKey;
@@ -96,7 +96,7 @@ public final class JettySpringSecurityUserRealm implements UserRealm {
authenticationManager = (AuthenticationManager) beans.get(beanName);
}
protected JettySpringSecurityUserRealm() {
protected JettyAcegiUserRealm() {
throw new IllegalArgumentException("Cannot use default constructor");
}
@@ -124,7 +124,7 @@ public final class JettySpringSecurityUserRealm implements UserRealm {
return null;
}
return new JettySpringSecurityUserToken(this.key, response.getPrincipal().toString(),
return new JettyAcegiUserToken(this.key, response.getPrincipal().toString(),
response.getCredentials().toString(), response.getAuthorities());
}
@@ -13,22 +13,22 @@
* limitations under the License.
*/
package org.springframework.security.adapters.jetty;
package org.acegisecurity.adapters.jetty;
import org.springframework.security.GrantedAuthority;
import org.acegisecurity.GrantedAuthority;
import org.springframework.security.adapters.AbstractAdapterAuthenticationToken;
import org.acegisecurity.adapters.AbstractAdapterAuthenticationToken;
import org.mortbay.http.UserPrincipal;
/**
* A Jetty compatible {@link org.springframework.security.Authentication} object.
* A Jetty compatible {@link org.acegisecurity.Authentication} object.
*
* @author Ben Alex
* @version $Id:JettySpringSecurityUserToken.java 2151 2007-09-22 11:54:13Z luke_t $
* @version $Id$
*/
public class JettySpringSecurityUserToken extends AbstractAdapterAuthenticationToken implements UserPrincipal {
public class JettyAcegiUserToken extends AbstractAdapterAuthenticationToken implements UserPrincipal {
//~ Instance fields ================================================================================================
private static final long serialVersionUID = 1L;
@@ -37,13 +37,13 @@ public class JettySpringSecurityUserToken extends AbstractAdapterAuthenticationT
//~ Constructors ===================================================================================================
public JettySpringSecurityUserToken(String key, String username, String password, GrantedAuthority[] authorities) {
public JettyAcegiUserToken(String key, String username, String password, GrantedAuthority[] authorities) {
super(key, authorities);
this.username = username;
this.password = password;
}
protected JettySpringSecurityUserToken() {
protected JettyAcegiUserToken() {
throw new IllegalArgumentException("Cannot use default constructor");
}
@@ -13,7 +13,7 @@
* limitations under the License.
*/
package org.springframework.security.adapters.jetty;
package org.acegisecurity.adapters.jetty;
import junit.framework.TestCase;
@@ -21,10 +21,10 @@ import org.mortbay.http.UserPrincipal;
/**
* Tests {@link JettySpringSecurityUserRealm}.
* Tests {@link JettyAcegiUserRealm}.
*
* @author Ben Alex
* @version $Id:JettyAcegiUserRealmTests.java 2151 2007-09-22 11:54:13Z luke_t $
* @version $Id$
*/
public class JettyAcegiUserRealmTests extends TestCase {
//~ Instance fields ================================================================================================
@@ -48,11 +48,11 @@ public class JettyAcegiUserRealmTests extends TestCase {
junit.textui.TestRunner.run(JettyAcegiUserRealmTests.class);
}
private JettySpringSecurityUserRealm makeAdapter(String fileName)
private JettyAcegiUserRealm makeAdapter(String fileName)
throws Exception {
String useFile = "org/springframework/security/adapters/" + fileName;
String useFile = "org/acegisecurity/adapters/" + fileName;
return new JettySpringSecurityUserRealm(REALM_NAME, ADAPTER_KEY, useFile);
return new JettyAcegiUserRealm(REALM_NAME, ADAPTER_KEY, useFile);
}
public final void setUp() throws Exception {
@@ -62,7 +62,7 @@ public class JettyAcegiUserRealmTests extends TestCase {
public void testAdapterAbortsIfAppContextDoesNotContainAnAuthenticationBean()
throws Exception {
try {
JettySpringSecurityUserRealm adapter = makeAdapter("adaptertest-invalid.xml");
JettyAcegiUserRealm adapter = makeAdapter("adaptertest-invalid.xml");
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertEquals("Bean context must contain at least one bean of type AuthenticationManager",
@@ -73,14 +73,14 @@ public class JettyAcegiUserRealmTests extends TestCase {
public void testAdapterAbortsIfNoAppContextSpecified()
throws Exception {
try {
new JettySpringSecurityUserRealm(REALM_NAME, ADAPTER_KEY, null);
new JettyAcegiUserRealm(REALM_NAME, ADAPTER_KEY, null);
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertEquals("appContextLocation must be specified", expected.getMessage());
}
try {
new JettySpringSecurityUserRealm(REALM_NAME, ADAPTER_KEY, "");
new JettyAcegiUserRealm(REALM_NAME, ADAPTER_KEY, "");
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertEquals("appContextLocation must be specified", expected.getMessage());
@@ -89,14 +89,14 @@ public class JettyAcegiUserRealmTests extends TestCase {
public void testAdapterAbortsIfNoKeySpecified() throws Exception {
try {
new JettySpringSecurityUserRealm(REALM_NAME, null, "SOME_PATH");
new JettyAcegiUserRealm(REALM_NAME, null, "SOME_PATH");
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertEquals("key must be specified", expected.getMessage());
}
try {
new JettySpringSecurityUserRealm(REALM_NAME, "", "SOME_PATH");
new JettyAcegiUserRealm(REALM_NAME, "", "SOME_PATH");
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertEquals("key must be specified", expected.getMessage());
@@ -106,14 +106,14 @@ public class JettyAcegiUserRealmTests extends TestCase {
public void testAdapterAbortsIfNoRealmNameSpecified()
throws Exception {
try {
new JettySpringSecurityUserRealm(null, ADAPTER_KEY, "SOME_PATH");
new JettyAcegiUserRealm(null, ADAPTER_KEY, "SOME_PATH");
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertEquals("realm must be specified", expected.getMessage());
}
try {
new JettySpringSecurityUserRealm(null, ADAPTER_KEY, "SOME_PATH");
new JettyAcegiUserRealm(null, ADAPTER_KEY, "SOME_PATH");
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertEquals("realm must be specified", expected.getMessage());
@@ -123,7 +123,7 @@ public class JettyAcegiUserRealmTests extends TestCase {
public void testAdapterAbortsWithIncorrectApplicationContextLocation()
throws Exception {
try {
new JettySpringSecurityUserRealm(REALM_NAME, ADAPTER_KEY, "SOME_INVALID_LOCATION");
new JettyAcegiUserRealm(REALM_NAME, ADAPTER_KEY, "SOME_INVALID_LOCATION");
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertTrue(expected.getMessage().startsWith("Cannot locate"));
@@ -132,75 +132,75 @@ public class JettyAcegiUserRealmTests extends TestCase {
public void testAdapterIdentifiesTheRealmItManages()
throws Exception {
JettySpringSecurityUserRealm adapter = makeAdapter("adaptertest-valid.xml");
JettyAcegiUserRealm adapter = makeAdapter("adaptertest-valid.xml");
assertEquals(REALM_NAME, adapter.getName());
}
public void testAdapterStartsUpSuccess() throws Exception {
JettySpringSecurityUserRealm adapter = makeAdapter("adaptertest-valid.xml");
JettyAcegiUserRealm adapter = makeAdapter("adaptertest-valid.xml");
assertTrue(true);
}
public void testAuthenticationFailsForIncorrectPassword()
throws Exception {
JettySpringSecurityUserRealm adapter = makeAdapter("adaptertest-valid.xml");
assertEquals(null, adapter.authenticate("rod", "kangaroo", null));
JettyAcegiUserRealm adapter = makeAdapter("adaptertest-valid.xml");
assertEquals(null, adapter.authenticate("marissa", "kangaroo", null));
}
public void testAuthenticationFailsForIncorrectUserName()
throws Exception {
JettySpringSecurityUserRealm adapter = makeAdapter("adaptertest-valid.xml");
JettyAcegiUserRealm adapter = makeAdapter("adaptertest-valid.xml");
assertEquals(null, adapter.authenticate("melissa", "koala", null));
}
public void testAuthenticationSuccess() throws Exception {
JettySpringSecurityUserRealm adapter = makeAdapter("adaptertest-valid.xml");
UserPrincipal result = adapter.authenticate("rod", "koala", null);
JettyAcegiUserRealm adapter = makeAdapter("adaptertest-valid.xml");
UserPrincipal result = adapter.authenticate("marissa", "koala", null);
if (!(result instanceof JettySpringSecurityUserToken)) {
fail("Should have returned JettySpringSecurityUserToken");
if (!(result instanceof JettyAcegiUserToken)) {
fail("Should have returned JettyAcegiUserToken");
}
JettySpringSecurityUserToken castResult = (JettySpringSecurityUserToken) result;
assertEquals("rod", castResult.getPrincipal());
JettyAcegiUserToken castResult = (JettyAcegiUserToken) result;
assertEquals("marissa", castResult.getPrincipal());
assertEquals("koala", castResult.getCredentials());
assertEquals("ROLE_TELLER", castResult.getAuthorities()[1].getAuthority());
assertEquals("ROLE_SUPERVISOR", castResult.getAuthorities()[0].getAuthority());
assertEquals("ROLE_TELLER", castResult.getAuthorities()[0].getAuthority());
assertEquals("ROLE_SUPERVISOR", castResult.getAuthorities()[1].getAuthority());
assertEquals(ADAPTER_KEY.hashCode(), castResult.getKeyHash());
}
public void testAuthenticationWithNullPasswordHandledGracefully()
throws Exception {
JettySpringSecurityUserRealm adapter = makeAdapter("adaptertest-valid.xml");
assertEquals(null, adapter.authenticate("rod", null, null));
JettyAcegiUserRealm adapter = makeAdapter("adaptertest-valid.xml");
assertEquals(null, adapter.authenticate("marissa", null, null));
}
public void testAuthenticationWithNullUserNameHandledGracefully()
throws Exception {
JettySpringSecurityUserRealm adapter = makeAdapter("adaptertest-valid.xml");
JettyAcegiUserRealm adapter = makeAdapter("adaptertest-valid.xml");
assertEquals(null, adapter.authenticate(null, "koala", null));
}
public void testDisassociateImplemented() throws Exception {
JettySpringSecurityUserRealm adapter = makeAdapter("adaptertest-valid.xml");
JettyAcegiUserRealm adapter = makeAdapter("adaptertest-valid.xml");
adapter.disassociate(new MockUserPrincipal());
assertTrue(true);
}
public void testGetAuthenticationManager() throws Exception {
JettySpringSecurityUserRealm adapter = makeAdapter("adaptertest-valid.xml");
JettyAcegiUserRealm adapter = makeAdapter("adaptertest-valid.xml");
assertTrue(adapter.getAuthenticationManager() != null);
}
public void testLogoutImplemented() throws Exception {
JettySpringSecurityUserRealm adapter = makeAdapter("adaptertest-valid.xml");
JettyAcegiUserRealm adapter = makeAdapter("adaptertest-valid.xml");
adapter.logout(new MockUserPrincipal());
assertTrue(true);
}
public void testNoArgsConstructor() {
try {
new JettySpringSecurityUserRealm();
new JettyAcegiUserRealm();
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertTrue(true);
@@ -208,13 +208,13 @@ public class JettyAcegiUserRealmTests extends TestCase {
}
public void testPopRoleImplemented() throws Exception {
JettySpringSecurityUserRealm adapter = makeAdapter("adaptertest-valid.xml");
JettyAcegiUserRealm adapter = makeAdapter("adaptertest-valid.xml");
MockUserPrincipal user = new MockUserPrincipal();
assertEquals(user, adapter.popRole(user));
}
public void testPushRoleImplemented() throws Exception {
JettySpringSecurityUserRealm adapter = makeAdapter("adaptertest-valid.xml");
JettyAcegiUserRealm adapter = makeAdapter("adaptertest-valid.xml");
MockUserPrincipal user = new MockUserPrincipal();
assertEquals(user, adapter.pushRole(user, "SOME_ROLE"));
}
@@ -13,34 +13,43 @@
* limitations under the License.
*/
package org.springframework.security.adapters.jetty;
package org.acegisecurity.adapters.jetty;
import junit.framework.TestCase;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.GrantedAuthorityImpl;
/**
* Tests {@link JettySpringSecurityUserToken}.
* Tests {@link JettyAcegiUserToken}.
*
* @author Ben Alex
* @version $Id:JettySpringSecurityUserTokenTests.java 2151 2007-09-22 11:54:13Z luke_t $
* @version $Id$
*/
public class JettySpringSecurityUserTokenTests extends TestCase {
public class JettyAcegiUserTokenTests extends TestCase {
//~ Constructors ===================================================================================================
public JettySpringSecurityUserTokenTests() {
public JettyAcegiUserTokenTests() {
super();
}
public JettySpringSecurityUserTokenTests(String arg0) {
public JettyAcegiUserTokenTests(String arg0) {
super(arg0);
}
//~ Methods ========================================================================================================
public static void main(String[] args) {
junit.textui.TestRunner.run(JettyAcegiUserTokenTests.class);
}
public final void setUp() throws Exception {
super.setUp();
}
public void testGetters() throws Exception {
JettySpringSecurityUserToken token = new JettySpringSecurityUserToken("my_password", "Test", "Password",
JettyAcegiUserToken token = new JettyAcegiUserToken("my_password", "Test", "Password",
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO")});
assertEquals("Test", token.getPrincipal());
assertEquals("Password", token.getCredentials());
@@ -50,7 +59,7 @@ public class JettySpringSecurityUserTokenTests extends TestCase {
public void testNoArgsConstructor() {
try {
new JettySpringSecurityUserToken();
new JettyAcegiUserToken();
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertTrue(true);
+8 -7
View File
@@ -1,17 +1,17 @@
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-parent</artifactId>
<version>2.0.0</version>
<groupId>org.acegisecurity</groupId>
<artifactId>acegi-security-parent</artifactId>
<version>1.0.7</version>
</parent>
<artifactId>spring-security-adapters</artifactId>
<name>Spring Security - Adapters</name>
<artifactId>acegi-security-adapters</artifactId>
<name>Acegi Security System for Spring - Adapters</name>
<packaging>pom</packaging>
<dependencies>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<groupId>org.acegisecurity</groupId>
<artifactId>acegi-security</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
@@ -21,6 +21,7 @@
</dependency>
</dependencies>
<modules>
<module>cas</module>
<module>catalina</module>
<module>jboss</module>
<module>jetty</module>
+10 -13
View File
@@ -1,12 +1,12 @@
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-adapters</artifactId>
<version>2.0.0</version>
<groupId>org.acegisecurity</groupId>
<artifactId>acegi-security-adapters</artifactId>
<version>1.0.7</version>
</parent>
<artifactId>spring-security-resin</artifactId>
<name>Spring Security - Resin adapter</name>
<artifactId>acegi-security-resin</artifactId>
<name>Acegi Security System for Spring - Resin adapter</name>
<dependencies>
<dependency>
<groupId>com.caucho</groupId>
@@ -14,13 +14,10 @@
<version>3.0.9</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId>
<scope>test</scope>
</dependency>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
<version>2.3</version>
<scope>provided</scope>
</dependency>
</dependencies>
</project>
@@ -13,17 +13,17 @@
* limitations under the License.
*/
package org.springframework.security.adapters.resin;
package org.acegisecurity.adapters.resin;
import com.caucho.http.security.AbstractAuthenticator;
import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationException;
import org.springframework.security.AuthenticationManager;
import org.acegisecurity.Authentication;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.AuthenticationManager;
import org.springframework.security.adapters.PrincipalSpringSecurityUserToken;
import org.acegisecurity.adapters.PrincipalAcegiUserToken;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -41,12 +41,12 @@ import javax.servlet.http.HttpServletResponse;
/**
* Adapter to enable Resin to authenticate via Spring Security.<p>Returns a {@link
* PrincipalSpringSecurityUserToken} to Resin's authentication system, which is subsequently available via
* Adapter to enable Resin to authenticate via the Acegi Security System for Spring.<p>Returns a {@link
* PrincipalAcegiUserToken} to Resin's authentication system, which is subsequently available via
* <code>HttpServletRequest.getUserPrincipal()</code>.</p>
*
* @author Ben Alex
* @version $Id:ResinAcegiAuthenticator.java 2151 2007-09-22 11:54:13Z luke_t $
* @version $Id$
*/
public class ResinAcegiAuthenticator extends AbstractAuthenticator {
//~ Static fields/initializers =====================================================================================
@@ -98,15 +98,15 @@ public class ResinAcegiAuthenticator extends AbstractAuthenticator {
public boolean isUserInRole(HttpServletRequest request, HttpServletResponse response, ServletContext application,
Principal principal, String role) {
if (!(principal instanceof PrincipalSpringSecurityUserToken)) {
if (!(principal instanceof PrincipalAcegiUserToken)) {
if (logger.isWarnEnabled()) {
logger.warn("Expected passed principal to be of type PrincipalSpringSecurityUserToken");
logger.warn("Expected passed principal to be of type PrincipalAcegiUserToken");
}
return false;
}
PrincipalSpringSecurityUserToken test = (PrincipalSpringSecurityUserToken) principal;
PrincipalAcegiUserToken test = (PrincipalAcegiUserToken) principal;
return test.isUserInRole(role);
}
@@ -133,7 +133,7 @@ public class ResinAcegiAuthenticator extends AbstractAuthenticator {
return null;
}
return new PrincipalSpringSecurityUserToken(this.key, response.getPrincipal().toString(),
return new PrincipalAcegiUserToken(this.key, response.getPrincipal().toString(),
response.getCredentials().toString(), response.getAuthorities(), response.getPrincipal());
}
@@ -13,14 +13,14 @@
* limitations under the License.
*/
package org.springframework.security.adapters.resin;
package org.acegisecurity.adapters.resin;
import junit.framework.TestCase;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.GrantedAuthorityImpl;
import org.springframework.security.adapters.PrincipalSpringSecurityUserToken;
import org.acegisecurity.adapters.PrincipalAcegiUserToken;
import java.security.Principal;
@@ -31,7 +31,7 @@ import javax.servlet.ServletException;
* Tests {@link ResinAcegiAuthenticator}.
*
* @author Ben Alex
* @version $Id:ResinAcegiAuthenticatorTests.java 2151 2007-09-22 11:54:13Z luke_t $
* @version $Id$
*/
public class ResinAcegiAuthenticatorTests extends TestCase {
//~ Instance fields ================================================================================================
@@ -61,7 +61,7 @@ public class ResinAcegiAuthenticatorTests extends TestCase {
public void testAdapterAbortsIfAppContextDoesNotContainAnAuthenticationBean()
throws Exception {
ResinAcegiAuthenticator adapter = new ResinAcegiAuthenticator();
adapter.setAppContextLocation("org/springframework/security/adapters/adaptertest-invalid.xml");
adapter.setAppContextLocation("org/acegisecurity/adapters/adaptertest-invalid.xml");
adapter.setKey(ADAPTER_KEY);
try {
@@ -97,7 +97,7 @@ public class ResinAcegiAuthenticatorTests extends TestCase {
public void testAdapterAbortsIfNoKeySpecified() throws Exception {
ResinAcegiAuthenticator adapter = new ResinAcegiAuthenticator();
adapter.setAppContextLocation("org/springframework/security/adapters/adaptertest-valid.xml");
adapter.setAppContextLocation("org/acegisecurity/adapters/adaptertest-valid.xml");
try {
adapter.init();
@@ -132,7 +132,7 @@ public class ResinAcegiAuthenticatorTests extends TestCase {
public void testAdapterStartsUpSuccess() throws Exception {
ResinAcegiAuthenticator adapter = new ResinAcegiAuthenticator();
adapter.setAppContextLocation("org/springframework/security/adapters/adaptertest-valid.xml");
adapter.setAppContextLocation("org/acegisecurity/adapters/adaptertest-valid.xml");
adapter.setKey(ADAPTER_KEY);
adapter.init();
assertTrue(true);
@@ -141,16 +141,16 @@ public class ResinAcegiAuthenticatorTests extends TestCase {
public void testAuthenticationFailsForIncorrectPassword()
throws Exception {
ResinAcegiAuthenticator adapter = new ResinAcegiAuthenticator();
adapter.setAppContextLocation("org/springframework/security/adapters/adaptertest-valid.xml");
adapter.setAppContextLocation("org/acegisecurity/adapters/adaptertest-valid.xml");
adapter.setKey(ADAPTER_KEY);
adapter.init();
assertEquals(null, adapter.loginImpl("rod", "kangaroo"));
assertEquals(null, adapter.loginImpl("marissa", "kangaroo"));
}
public void testAuthenticationFailsForIncorrectUserName()
throws Exception {
ResinAcegiAuthenticator adapter = new ResinAcegiAuthenticator();
adapter.setAppContextLocation("org/springframework/security/adapters/adaptertest-valid.xml");
adapter.setAppContextLocation("org/acegisecurity/adapters/adaptertest-valid.xml");
adapter.setKey(ADAPTER_KEY);
adapter.init();
assertEquals(null, adapter.loginImpl("melissa", "koala"));
@@ -158,58 +158,58 @@ public class ResinAcegiAuthenticatorTests extends TestCase {
public void testAuthenticationSuccess() throws Exception {
ResinAcegiAuthenticator adapter = new ResinAcegiAuthenticator();
adapter.setAppContextLocation("org/springframework/security/adapters/adaptertest-valid.xml");
adapter.setAppContextLocation("org/acegisecurity/adapters/adaptertest-valid.xml");
adapter.setKey(ADAPTER_KEY);
adapter.init();
Principal result = adapter.loginImpl("rod", "koala");
Principal result = adapter.loginImpl("marissa", "koala");
if (!(result instanceof PrincipalSpringSecurityUserToken)) {
fail("Should have returned PrincipalSpringSecurityUserToken");
if (!(result instanceof PrincipalAcegiUserToken)) {
fail("Should have returned PrincipalAcegiUserToken");
}
PrincipalSpringSecurityUserToken castResult = (PrincipalSpringSecurityUserToken) result;
assertEquals("rod", castResult.getPrincipal());
PrincipalAcegiUserToken castResult = (PrincipalAcegiUserToken) result;
assertEquals("marissa", castResult.getPrincipal());
assertEquals("koala", castResult.getCredentials());
assertEquals("ROLE_TELLER", castResult.getAuthorities()[1].getAuthority());
assertEquals("ROLE_SUPERVISOR", castResult.getAuthorities()[0].getAuthority());
assertEquals("ROLE_TELLER", castResult.getAuthorities()[0].getAuthority());
assertEquals("ROLE_SUPERVISOR", castResult.getAuthorities()[1].getAuthority());
assertEquals(ADAPTER_KEY.hashCode(), castResult.getKeyHash());
}
public void testAuthenticationSuccessUsingAlternateMethod()
throws Exception {
ResinAcegiAuthenticator adapter = new ResinAcegiAuthenticator();
adapter.setAppContextLocation("org/springframework/security/adapters/adaptertest-valid.xml");
adapter.setAppContextLocation("org/acegisecurity/adapters/adaptertest-valid.xml");
adapter.setKey(ADAPTER_KEY);
adapter.init();
Principal result = adapter.loginImpl(null, null, null, "rod", "koala");
Principal result = adapter.loginImpl(null, null, null, "marissa", "koala");
if (!(result instanceof PrincipalSpringSecurityUserToken)) {
fail("Should have returned PrincipalSpringSecurityUserToken");
if (!(result instanceof PrincipalAcegiUserToken)) {
fail("Should have returned PrincipalAcegiUserToken");
}
PrincipalSpringSecurityUserToken castResult = (PrincipalSpringSecurityUserToken) result;
assertEquals("rod", castResult.getPrincipal());
PrincipalAcegiUserToken castResult = (PrincipalAcegiUserToken) result;
assertEquals("marissa", castResult.getPrincipal());
assertEquals("koala", castResult.getCredentials());
assertEquals("ROLE_TELLER", castResult.getAuthorities()[1].getAuthority());
assertEquals("ROLE_SUPERVISOR", castResult.getAuthorities()[0].getAuthority());
assertEquals("ROLE_TELLER", castResult.getAuthorities()[0].getAuthority());
assertEquals("ROLE_SUPERVISOR", castResult.getAuthorities()[1].getAuthority());
assertEquals(ADAPTER_KEY.hashCode(), castResult.getKeyHash());
}
public void testAuthenticationWithNullPasswordHandledGracefully()
throws Exception {
ResinAcegiAuthenticator adapter = new ResinAcegiAuthenticator();
adapter.setAppContextLocation("org/springframework/security/adapters/adaptertest-valid.xml");
adapter.setAppContextLocation("org/acegisecurity/adapters/adaptertest-valid.xml");
adapter.setKey(ADAPTER_KEY);
adapter.init();
assertEquals(null, adapter.loginImpl("rod", null));
assertEquals(null, adapter.loginImpl("marissa", null));
}
public void testAuthenticationWithNullUserNameHandledGracefully()
throws Exception {
ResinAcegiAuthenticator adapter = new ResinAcegiAuthenticator();
adapter.setAppContextLocation("org/springframework/security/adapters/adaptertest-valid.xml");
adapter.setAppContextLocation("org/acegisecurity/adapters/adaptertest-valid.xml");
adapter.setKey(ADAPTER_KEY);
adapter.init();
assertEquals(null, adapter.loginImpl(null, "koala"));
@@ -217,15 +217,15 @@ public class ResinAcegiAuthenticatorTests extends TestCase {
public void testGetters() throws Exception {
ResinAcegiAuthenticator adapter = new ResinAcegiAuthenticator();
adapter.setAppContextLocation("org/springframework/security/adapters/adaptertest-valid.xml");
adapter.setAppContextLocation("org/acegisecurity/adapters/adaptertest-valid.xml");
adapter.setKey(ADAPTER_KEY);
assertEquals(ADAPTER_KEY, adapter.getKey());
assertEquals("org/springframework/security/adapters/adaptertest-valid.xml", adapter.getAppContextLocation());
assertEquals("org/acegisecurity/adapters/adaptertest-valid.xml", adapter.getAppContextLocation());
}
public void testHasRoleWithANullPrincipalFails() throws Exception {
ResinAcegiAuthenticator adapter = new ResinAcegiAuthenticator();
adapter.setAppContextLocation("org/springframework/security/adapters/adaptertest-valid.xml");
adapter.setAppContextLocation("org/acegisecurity/adapters/adaptertest-valid.xml");
adapter.setKey(ADAPTER_KEY);
adapter.init();
assertTrue(!adapter.isUserInRole(null, null, null, null, "ROLE_ONE"));
@@ -234,7 +234,7 @@ public class ResinAcegiAuthenticatorTests extends TestCase {
public void testHasRoleWithAPrincipalTheAdapterDidNotCreateFails()
throws Exception {
ResinAcegiAuthenticator adapter = new ResinAcegiAuthenticator();
adapter.setAppContextLocation("org/springframework/security/adapters/adaptertest-valid.xml");
adapter.setAppContextLocation("org/acegisecurity/adapters/adaptertest-valid.xml");
adapter.setKey(ADAPTER_KEY);
adapter.init();
assertTrue(!adapter.isUserInRole(null, null, null,
@@ -247,11 +247,11 @@ public class ResinAcegiAuthenticatorTests extends TestCase {
public void testHasRoleWithPrincipalAcegiUserToken()
throws Exception {
PrincipalSpringSecurityUserToken token = new PrincipalSpringSecurityUserToken("KEY", "Test", "Password",
PrincipalAcegiUserToken token = new PrincipalAcegiUserToken("KEY", "Test", "Password",
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO")},
null);
ResinAcegiAuthenticator adapter = new ResinAcegiAuthenticator();
adapter.setAppContextLocation("org/springframework/security/adapters/adaptertest-valid.xml");
adapter.setAppContextLocation("org/acegisecurity/adapters/adaptertest-valid.xml");
adapter.setKey(ADAPTER_KEY);
adapter.init();
assertTrue(adapter.isUserInRole(null, null, null, token, "ROLE_ONE"));
-42
View File
@@ -1,42 +0,0 @@
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-parent</artifactId>
<version>2.0.0</version>
</parent>
<artifactId>spring-security-cas-client</artifactId>
<name>Spring Security - CAS support</name>
<packaging>jar</packaging>
<dependencies>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-dao</artifactId>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-mock</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.jasig.cas</groupId>
<artifactId>cas-client-core</artifactId>
<version>3.1.1</version>
</dependency>
<dependency>
<groupId>net.sf.ehcache</groupId>
<artifactId>ehcache</artifactId>
<optional>true</optional>
</dependency>
</dependencies>
</project>
@@ -1,35 +0,0 @@
package org.springframework.security.providers.cas.cache;
import java.util.ArrayList;
import java.util.List;
import org.jasig.cas.client.validation.Assertion;
import org.jasig.cas.client.validation.AssertionImpl;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.providers.cas.CasAuthenticationToken;
import org.springframework.security.userdetails.User;
/**
*
* @author Scott Battaglia
* @version $Revision$ $Date$
* @since 2.0
*
*/
public abstract class AbstractStatelessTicketCacheTests {
protected CasAuthenticationToken getToken() {
List<String> proxyList = new ArrayList<String>();
proxyList.add("https://localhost/newPortal/j_spring_cas_security_check");
User user = new User("rod", "password", true, true, true, true,
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO")});
final Assertion assertion = new AssertionImpl("rod");
return new CasAuthenticationToken("key", user, "ST-0-ER94xMJmn6pha35CQRoZ",
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO")}, user,
assertion);
}
}
@@ -1,47 +0,0 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.providers.cas.cache;
import org.junit.Test;
import org.springframework.security.providers.cas.CasAuthenticationToken;
import org.springframework.security.providers.cas.StatelessTicketCache;
import static org.junit.Assert.*;
/**
* Test cases for the @link {@link NullStatelessTicketCache}
*
* @author Scott Battaglia
* @version $Id$
*
*/
public class NullStatelessTicketCacheTests extends AbstractStatelessTicketCacheTests {
private StatelessTicketCache cache = new NullStatelessTicketCache();
@Test
public void testGetter() {
assertNull(cache.getByTicketId(null));
assertNull(cache.getByTicketId("test"));
}
@Test
public void testInsertAndGet() {
final CasAuthenticationToken token = getToken();
cache.putTicketInCache(token);
assertNull(cache.getByTicketId((String) token.getCredentials()));
}
}
+44 -94
View File
@@ -1,97 +1,47 @@
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-parent</artifactId>
<version>2.0.0</version>
</parent>
<packaging>bundle</packaging>
<artifactId>spring-security-core-tiger</artifactId>
<name>Spring Security - Java 5 (Tiger)</name>
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.acegisecurity</groupId>
<artifactId>acegi-security-parent</artifactId>
<version>1.0.7</version>
</parent>
<artifactId>acegi-security-tiger</artifactId>
<name>Acegi Security System for Spring - Java 5 (Tiger)</name>
<dependencies>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.aspectj</groupId>
<artifactId>aspectjrt</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.aspectj</groupId>
<artifactId>aspectjweaver</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-aop</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-support</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.apache.tomcat</groupId>
<artifactId>annotations-api</artifactId>
<version>6.0.14</version>
<optional>true</optional>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<source>1.5</source>
<target>1.5</target>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.felix</groupId>
<artifactId>maven-bundle-plugin</artifactId>
<version>${felix.version}</version>
<extensions>true</extensions>
<configuration>
<instructions>
<Bundle-SymbolicName>org.springframework.bundle.security.core.tiger</Bundle-SymbolicName>
<Export-Package>org.springframework.security.*;version=${pom.version}</Export-Package>
<Private-Package>!org.springframework.security.*</Private-Package>
<Implementation-Title>${pom.name}</Implementation-Title>
<Implementation-Version>${pom.version}</Implementation-Version>
<Import-Package>
org.springframework*;resolution:=optional;version="[2.0,2.6)",
*;resolution:=optional
</Import-Package>
</instructions>
<excludeDependencies>true</excludeDependencies>
</configuration>
</plugin>
</plugins>
</build>
<reporting>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-pmd-plugin</artifactId>
<configuration>
<targetJdk>1.5</targetJdk>
</configuration>
</plugin>
</plugins>
</reporting>
<dependencies>
<dependency>
<groupId>org.acegisecurity</groupId>
<artifactId>acegi-security</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-aop</artifactId>
<version>${spring.version}</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<source>1.5</source>
<target>1.5</target>
</configuration>
</plugin>
</plugins>
</build>
<reporting>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-pmd-plugin</artifactId>
<configuration>
<targetJdk>1.5</targetJdk>
</configuration>
</plugin>
</plugins>
</reporting>
</project>
@@ -13,7 +13,7 @@
* limitations under the License.
*/
package org.springframework.security.annotation;
package org.acegisecurity.annotation;
import java.lang.annotation.Documented;
import java.lang.annotation.ElementType;
@@ -24,21 +24,21 @@ import java.lang.annotation.Target;
/**
* Java 5 annotation for describing service layer security attributes.
*
* <p>The <code>Secured</code> annotation is used to define a list of security
* configuration attributes for business methods. This annotation can be used
*
* <p>The <code>Secured</code> annotation is used to define a list of security
* configuration attributes for business methods. This annotation can be used
* as a Java 5 alternative to XML configuration.
* <p>For example:
* <pre>
* &#64;Secured ({"ROLE_USER"})
* public void create(Contact contact);
*
*
* &#64;Secured ({"ROLE_USER", "ROLE_ADMIN"})
* public void update(Contact contact);
*
*
* &#64;Secured ({"ROLE_ADMIN"})
* public void delete(Contact contact);
* </pre>
* </pre>
* @author Mark St.Godard
* @version $Id$
*/
@@ -48,9 +48,9 @@ import java.lang.annotation.Target;
@Documented
public @interface Secured {
/**
* Returns the list of security configuration attributes.
* Returns the list of security configuration attributes.
* (i.e. ROLE_USER, ROLE_ADMIN etc.)
* @return String[] The secure method attributes
* @return String[] The secure method attributes
*/
public String[] value();
}
@@ -0,0 +1,141 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.acegisecurity.annotation;
import org.acegisecurity.SecurityConfig;
import org.springframework.metadata.Attributes;
import org.springframework.util.ClassUtils;
import java.lang.annotation.Annotation;
import java.lang.reflect.Field;
import java.lang.reflect.Method;
import java.util.Collection;
import java.util.HashSet;
import java.util.Set;
/**
* Java 5 Annotation <code>Attributes</code> metadata implementation used for secure method interception.<p>This
* <code>Attributes</code> implementation will return security configuration for classes described using the
* <code>Secured</code> Java 5 annotation.</p>
* <p>The <code>SecurityAnnotationAttributes</code> implementation can be used to configure a
* <code>MethodDefinitionAttributes</code> and <code>MethodSecurityInterceptor</code> bean definition (see below).</p>
* <p>For example:<pre>&lt;bean id="attributes"
* class="org.acegisecurity.annotation.SecurityAnnotationAttributes"/>&lt;bean id="objectDefinitionSource"
* class="org.acegisecurity.intercept.method.MethodDefinitionAttributes"> &lt;property name="attributes">
* &lt;ref local="attributes"/> &lt;/property>&lt;/bean>&lt;bean id="securityInterceptor"
* class="org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor"> . . .
* &lt;property name="objectDefinitionSource"> &lt;ref local="objectDefinitionSource"/> &lt;/property>
* &lt;/bean></pre></p>
* <p>These security annotations are similiar to the Commons Attributes approach, however they are using Java 5
* language-level metadata support.</p>
* <p>This class should be used with Spring 2.0 or above, as it relies upon utility classes in Spring 2.0 for
* correct introspection of annotations on bridge methods.</p>
*
* @author Mark St.Godard
* @version $Id$
*
* @see org.acegisecurity.annotation.Secured
*/
public class SecurityAnnotationAttributes implements Attributes {
//~ Methods ========================================================================================================
/**
* Get the <code>Secured</code> attributes for a given target class.
*
* @param target The target method
*
* @return Collection of <code>SecurityConfig</code>
*
* @see Attributes#getAttributes
*/
public Collection getAttributes(Class target) {
Set<SecurityConfig> attributes = new HashSet<SecurityConfig>();
for (Annotation annotation : target.getAnnotations()) {
// check for Secured annotations
if (annotation instanceof Secured) {
Secured attr = (Secured) annotation;
for (String auth : attr.value()) {
attributes.add(new SecurityConfig(auth));
}
break;
}
}
return attributes;
}
public Collection getAttributes(Class clazz, Class filter) {
throw new UnsupportedOperationException("Unsupported operation");
}
/**
* Get the <code>Secured</code> attributes for a given target method.
*
* @param method The target method
*
* @return Collection of <code>SecurityConfig</code>
*
* @see Attributes#getAttributes
*/
public Collection getAttributes(Method method) {
Set<SecurityConfig> attributes = new HashSet<SecurityConfig>();
Annotation[] annotations = null;
// Use AnnotationUtils if in classpath (ie Spring 1.2.9+ deployment)
try {
Class clazz = ClassUtils.forName("org.springframework.core.annotation.AnnotationUtils");
Method m = clazz.getMethod("getAnnotations", new Class[] {Method.class});
annotations = (Annotation[]) m.invoke(null, new Object[] {method});
} catch (Exception ex) {
// Fallback to manual retrieval if no AnnotationUtils available
annotations = method.getAnnotations();
}
for (Annotation annotation : annotations) {
// check for Secured annotations
if (annotation instanceof Secured) {
Secured attr = (Secured) annotation;
for (String auth : attr.value()) {
attributes.add(new SecurityConfig(auth));
}
break;
}
}
return attributes;
}
public Collection getAttributes(Method method, Class clazz) {
throw new UnsupportedOperationException("Unsupported operation");
}
public Collection getAttributes(Field field) {
throw new UnsupportedOperationException("Unsupported operation");
}
public Collection getAttributes(Field field, Class clazz) {
throw new UnsupportedOperationException("Unsupported operation");
}
}
@@ -1,76 +0,0 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.annotation;
import java.lang.annotation.Annotation;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import javax.annotation.security.DenyAll;
import javax.annotation.security.PermitAll;
import javax.annotation.security.RolesAllowed;
import org.springframework.core.annotation.AnnotationUtils;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.intercept.method.AbstractFallbackMethodDefinitionSource;
/**
* Sources method security metadata from major JSR 250 security annotations.
*
* @author Ben Alex
* @version $Id$
* @since 2.0
*/
public class Jsr250MethodDefinitionSource extends AbstractFallbackMethodDefinitionSource {
protected ConfigAttributeDefinition findAttributes(Class clazz) {
return processAnnotations(clazz.getAnnotations());
}
protected ConfigAttributeDefinition findAttributes(Method method, Class targetClass) {
return processAnnotations(AnnotationUtils.getAnnotations(method));
}
public Collection getConfigAttributeDefinitions() {
return null;
}
private ConfigAttributeDefinition processAnnotations(Annotation[] annotations) {
if (annotations == null || annotations.length == 0) {
return null;
}
for (Annotation a: annotations) {
if (a instanceof DenyAll) {
return new ConfigAttributeDefinition(Jsr250SecurityConfig.DENY_ALL_ATTRIBUTE);
}
if (a instanceof PermitAll) {
return new ConfigAttributeDefinition(Jsr250SecurityConfig.PERMIT_ALL_ATTRIBUTE);
}
if (a instanceof RolesAllowed) {
RolesAllowed ra = (RolesAllowed) a;
List attributes = new ArrayList();
for (String allowed : ra.value()) {
attributes.add(new Jsr250SecurityConfig(allowed));
}
return new ConfigAttributeDefinition(attributes);
}
}
return null;
}
}
@@ -1,22 +0,0 @@
package org.springframework.security.annotation;
import org.springframework.security.SecurityConfig;
import javax.annotation.security.PermitAll;
import javax.annotation.security.DenyAll;
/**
* Security config applicable as a JSR 250 annotation attribute.
*
* @author Ryan Heaton
* @since 2.0
*/
public class Jsr250SecurityConfig extends SecurityConfig {
public static final Jsr250SecurityConfig PERMIT_ALL_ATTRIBUTE = new Jsr250SecurityConfig(PermitAll.class.getName());
public static final Jsr250SecurityConfig DENY_ALL_ATTRIBUTE = new Jsr250SecurityConfig(DenyAll.class.getName());
public Jsr250SecurityConfig(String role) {
super(role);
}
}
@@ -1,77 +0,0 @@
package org.springframework.security.annotation;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.Authentication;
import org.springframework.security.vote.AccessDecisionVoter;
import java.util.Iterator;
/**
* Voter on JSR-250 configuration attributes.
*
* @author Ryan Heaton
* @since 2.0
*/
public class Jsr250Voter implements AccessDecisionVoter {
/**
* The specified config attribute is supported if its an instance of a {@link Jsr250SecurityConfig}.
*
* @param configAttribute The config attribute.
* @return whether the config attribute is supported.
*/
public boolean supports(ConfigAttribute configAttribute) {
return configAttribute instanceof Jsr250SecurityConfig;
}
/**
* All classes are supported.
*
* @param clazz the class.
* @return true
*/
public boolean supports(Class clazz) {
return true;
}
/**
* Votes according to JSR 250.
*
* @param authentication The authentication object.
* @param object The access object.
* @param definition The configuration definition.
* @return The vote.
*/
public int vote(Authentication authentication, Object object, ConfigAttributeDefinition definition) {
int result = ACCESS_ABSTAIN;
Iterator iter = definition.getConfigAttributes().iterator();
while (iter.hasNext()) {
ConfigAttribute attribute = (ConfigAttribute) iter.next();
if (Jsr250SecurityConfig.PERMIT_ALL_ATTRIBUTE.equals(attribute)) {
return ACCESS_GRANTED;
}
if (Jsr250SecurityConfig.DENY_ALL_ATTRIBUTE.equals(attribute)) {
return ACCESS_DENIED;
}
if (supports(attribute)) {
result = ACCESS_DENIED;
// Attempt to find a matching granted authority
for (GrantedAuthority authority : authentication.getAuthorities()) {
if (attribute.getAttribute().equals(authority.getAuthority())) {
return ACCESS_GRANTED;
}
}
}
}
return result;
}
}
@@ -1,54 +0,0 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.annotation;
import java.lang.annotation.Annotation;
import java.lang.reflect.Method;
import java.util.Collection;
import org.springframework.core.annotation.AnnotationUtils;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.intercept.method.AbstractFallbackMethodDefinitionSource;
/**
* Sources method security metadata from Spring Security's {@link Secured} annotation.
*
* @author Ben Alex
* @version $Id$
*/
public class SecuredMethodDefinitionSource extends AbstractFallbackMethodDefinitionSource {
protected ConfigAttributeDefinition findAttributes(Class clazz) {
return processAnnotation(clazz.getAnnotation(Secured.class));
}
protected ConfigAttributeDefinition findAttributes(Method method, Class targetClass) {
return processAnnotation(AnnotationUtils.findAnnotation(method, Secured.class));
}
public Collection getConfigAttributeDefinitions() {
return null;
}
private ConfigAttributeDefinition processAnnotation(Annotation a) {
if (a == null || !(a instanceof Secured)) {
return null;
}
Secured secured = (Secured) a;
return new ConfigAttributeDefinition(secured.value());
}
}
@@ -13,34 +13,27 @@
* limitations under the License.
*/
package org.springframework.security.annotation;
import javax.annotation.security.RolesAllowed;
import javax.annotation.security.PermitAll;
package org.acegisecurity.annotation;
/**
* @version $Id$
*/
* DOCUMENT ME!
*
* @author $author$
* @version $Revision$
*/
@Secured({"ROLE_USER"})
@PermitAll
public interface BusinessService {
//~ Methods ========================================================================================================
@Secured({"ROLE_ADMIN"})
@RolesAllowed({"ROLE_ADMIN"})
public void someAdminMethod();
@Secured({"ROLE_USER", "ROLE_ADMIN"})
@RolesAllowed({"ROLE_USER", "ROLE_ADMIN"})
public void someUserAndAdminMethod();
@Secured({"ROLE_USER"})
@RolesAllowed({"ROLE_USER"})
public void someUserMethod1();
@Secured({"ROLE_USER"})
@RolesAllowed({"ROLE_USER"})
public void someUserMethod2();
public int someOther(int input);
}
@@ -1,4 +1,4 @@
package org.springframework.security.annotation;
package org.acegisecurity.annotation;
/**
*
@@ -25,8 +25,4 @@ public class BusinessServiceImpl<E extends Entity> implements BusinessService {
public E someUserMethod3(final E entity) {
return entity;
}
public int someOther(int input) {
return input;
}
}
@@ -1,4 +1,4 @@
package org.springframework.security.annotation;
package org.acegisecurity.annotation;
/**
*
@@ -1,4 +1,4 @@
package org.springframework.security.annotation;
package org.acegisecurity.annotation;
/**
*
@@ -1,4 +1,4 @@
package org.springframework.security.annotation;
package org.acegisecurity.annotation;
/**
* @author Joe Scalise
@@ -1,8 +1,8 @@
package org.springframework.security.annotation;
package org.acegisecurity.annotation;
/**
* Class to act as a superclass for annotations testing.
*
*
* @author Ben Alex
*
*/
@@ -0,0 +1,150 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.acegisecurity.annotation;
import java.lang.reflect.AccessibleObject;
import java.lang.reflect.Method;
import junit.framework.TestCase;
import org.acegisecurity.ConfigAttributeDefinition;
import org.acegisecurity.SecurityConfig;
import org.acegisecurity.annotation.test.Entity;
import org.acegisecurity.annotation.test.OrganisationService;
import org.acegisecurity.annotation.test.PersonService;
import org.acegisecurity.annotation.test.PersonServiceImpl;
import org.acegisecurity.annotation.test.Service;
import org.acegisecurity.annotation.test.ServiceImpl;
import org.acegisecurity.intercept.method.MethodDefinitionMap;
import org.acegisecurity.intercept.method.MethodDefinitionSourceEditor;
import org.aopalliance.intercept.MethodInvocation;
/**
* Extra tests to demonstrate generics behaviour with <code>MethodDefinitionMap</code>.
*
* @author Ben Alex
* @version $Id$
*/
public class MethodDefinitionSourceEditorTigerTests extends TestCase {
//~ Constructors ===================================================================================================
public MethodDefinitionSourceEditorTigerTests() {
super();
}
public MethodDefinitionSourceEditorTigerTests(String arg0) {
super(arg0);
}
//~ Methods ========================================================================================================
public static void main(String[] args) {
junit.textui.TestRunner.run(MethodDefinitionSourceEditorTigerTests.class);
}
public final void setUp() throws Exception {
super.setUp();
}
public void testConcreteClassInvocationsAlsoReturnDefinitionsAgainstInterface()
throws Exception {
MethodDefinitionSourceEditor editor = new MethodDefinitionSourceEditor();
editor.setAsText(
"org.acegisecurity.annotation.test.Service.makeLower*=ROLE_FROM_INTERFACE\r\norg.acegisecurity.annotation.test.Service.makeUpper*=ROLE_FROM_INTERFACE\r\norg.acegisecurity.annotation.test.ServiceImpl.makeUpper*=ROLE_FROM_IMPLEMENTATION");
MethodDefinitionMap map = (MethodDefinitionMap) editor.getValue();
assertEquals(3, map.getMethodMapSize());
ConfigAttributeDefinition returnedMakeLower = map.getAttributes(new MockMethodInvocation(Service.class,
"makeLowerCase", new Class[] {Entity.class}));
ConfigAttributeDefinition expectedMakeLower = new ConfigAttributeDefinition();
expectedMakeLower.addConfigAttribute(new SecurityConfig("ROLE_FROM_INTERFACE"));
assertEquals(expectedMakeLower, returnedMakeLower);
ConfigAttributeDefinition returnedMakeUpper = map.getAttributes(new MockMethodInvocation(ServiceImpl.class,
"makeUpperCase", new Class[] {Entity.class}));
ConfigAttributeDefinition expectedMakeUpper = new ConfigAttributeDefinition();
expectedMakeUpper.addConfigAttribute(new SecurityConfig("ROLE_FROM_IMPLEMENTATION"));
expectedMakeUpper.addConfigAttribute(new SecurityConfig("ROLE_FROM_INTERFACE"));
assertEquals(expectedMakeUpper, returnedMakeUpper);
}
public void testGenericsSuperclassDeclarationsAreIncludedWhenSubclassesOverride()
throws Exception {
MethodDefinitionSourceEditor editor = new MethodDefinitionSourceEditor();
editor.setAsText(
"org.acegisecurity.annotation.test.Service.makeLower*=ROLE_FROM_INTERFACE\r\norg.acegisecurity.annotation.test.Service.makeUpper*=ROLE_FROM_INTERFACE\r\norg.acegisecurity.annotation.test.ServiceImpl.makeUpper*=ROLE_FROM_IMPLEMENTATION");
MethodDefinitionMap map = (MethodDefinitionMap) editor.getValue();
assertEquals(3, map.getMethodMapSize());
ConfigAttributeDefinition returnedMakeLower = map.getAttributes(new MockMethodInvocation(PersonService.class,
"makeLowerCase", new Class[] {Entity.class}));
ConfigAttributeDefinition expectedMakeLower = new ConfigAttributeDefinition();
expectedMakeLower.addConfigAttribute(new SecurityConfig("ROLE_FROM_INTERFACE"));
assertEquals(expectedMakeLower, returnedMakeLower);
ConfigAttributeDefinition returnedMakeLower2 = map.getAttributes(new MockMethodInvocation(
OrganisationService.class, "makeLowerCase", new Class[] {Entity.class}));
ConfigAttributeDefinition expectedMakeLower2 = new ConfigAttributeDefinition();
expectedMakeLower2.addConfigAttribute(new SecurityConfig("ROLE_FROM_INTERFACE"));
assertEquals(expectedMakeLower2, returnedMakeLower2);
ConfigAttributeDefinition returnedMakeUpper = map.getAttributes(new MockMethodInvocation(
PersonServiceImpl.class, "makeUpperCase", new Class[] {Entity.class}));
ConfigAttributeDefinition expectedMakeUpper = new ConfigAttributeDefinition();
expectedMakeUpper.addConfigAttribute(new SecurityConfig("ROLE_FROM_IMPLEMENTATION"));
expectedMakeUpper.addConfigAttribute(new SecurityConfig("ROLE_FROM_INTERFACE"));
assertEquals(expectedMakeUpper, returnedMakeUpper);
}
//~ Inner Classes ==================================================================================================
private class MockMethodInvocation implements MethodInvocation {
Method method;
private MockMethodInvocation() {
super();
}
public MockMethodInvocation(Class clazz, String methodName, Class[] parameterTypes)
throws NoSuchMethodException {
System.out.println(clazz + " " + methodName + " " + parameterTypes[0]);
method = clazz.getMethod(methodName, parameterTypes);
}
public Object[] getArguments() {
return null;
}
public Method getMethod() {
return method;
}
public AccessibleObject getStaticPart() {
return null;
}
public Object getThis() {
return null;
}
public Object proceed() throws Throwable {
return null;
}
}
}
@@ -0,0 +1,200 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.acegisecurity.annotation;
import junit.framework.TestCase;
import org.acegisecurity.SecurityConfig;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.metadata.Attributes;
import java.lang.reflect.Field;
import java.lang.reflect.Method;
import java.util.Collection;
/**
* Tests for {@link org.acegisecurity.annotation.SecurityAnnotationAttributes}
*
* @author Mark St.Godard
* @author Joe Scalise
* @version $Id$
*/
public class SecurityAnnotationAttributesTests extends TestCase {
//~ Instance fields ================================================================================================
private Attributes attributes;
private Log logger = LogFactory.getLog(SecurityAnnotationAttributesTests.class);
//~ Methods ========================================================================================================
protected void setUp() throws Exception {
// create the Annotations impl
this.attributes = new SecurityAnnotationAttributes();
}
public void testGenericsSuperclassDeclarationsAreIncludedWhenSubclassesOverride() {
Method method = null;
try {
method = DepartmentServiceImpl.class.getMethod("someUserMethod3", new Class[] {Department.class});
} catch (NoSuchMethodException unexpected) {
fail("Should be a superMethod called 'someUserMethod3' on class!");
}
Collection attrs = this.attributes.getAttributes(method);
if (logger.isDebugEnabled()) {
logger.debug("attrs: ");
logger.debug(attrs);
}
assertNotNull(attrs);
// expect 1 attribute
assertTrue("Did not find 1 attribute", attrs.size() == 1);
// should have 1 SecurityConfig
for (Object obj : attrs) {
assertTrue(obj instanceof SecurityConfig);
SecurityConfig sc = (SecurityConfig) obj;
assertEquals("Found an incorrect role", "ROLE_ADMIN", sc.getAttribute());
}
Method superMethod = null;
try {
superMethod = DepartmentServiceImpl.class.getMethod("someUserMethod3", new Class[] {Entity.class});
} catch (NoSuchMethodException unexpected) {
fail("Should be a superMethod called 'someUserMethod3' on class!");
}
System.out.println(superMethod);
Collection superAttrs = this.attributes.getAttributes(superMethod);
if (logger.isDebugEnabled()) {
logger.debug("superAttrs: ");
logger.debug(superAttrs);
}
assertNotNull(superAttrs);
// TODO: Enable this part of the test once we can build against Spring 2.0+ and above only (SEC-274)
/*
// expect 1 attribute
assertTrue("Did not find 1 attribute", superAttrs.size() == 1);
// should have 1 SecurityConfig
for (Object obj : superAttrs) {
assertTrue(obj instanceof SecurityConfig);
SecurityConfig sc = (SecurityConfig) obj;
assertEquals("Found an incorrect role", "ROLE_ADMIN", sc.getAttribute());
}
*/
}
public void testGetAttributesClass() {
Collection attrs = this.attributes.getAttributes(BusinessService.class);
assertNotNull(attrs);
// expect 1 annotation
assertTrue(attrs.size() == 1);
// should have 1 SecurityConfig
SecurityConfig sc = (SecurityConfig) attrs.iterator().next();
assertTrue(sc.getAttribute().equals("ROLE_USER"));
}
public void testGetAttributesClassClass() {
try {
this.attributes.getAttributes(BusinessService.class, null);
fail("Unsupported method should have thrown an exception!");
} catch (UnsupportedOperationException expected) {}
}
public void testGetAttributesField() {
try {
Field field = null;
this.attributes.getAttributes(field);
fail("Unsupported method should have thrown an exception!");
} catch (UnsupportedOperationException expected) {}
}
public void testGetAttributesFieldClass() {
try {
Field field = null;
this.attributes.getAttributes(field, null);
fail("Unsupported method should have thrown an exception!");
} catch (UnsupportedOperationException expected) {}
}
public void testGetAttributesMethod() {
Method method = null;
try {
method = BusinessService.class.getMethod("someUserAndAdminMethod", new Class[] {});
} catch (NoSuchMethodException unexpected) {
fail("Should be a method called 'someUserAndAdminMethod' on class!");
}
Collection attrs = this.attributes.getAttributes(method);
assertNotNull(attrs);
// expect 2 attributes
assertTrue(attrs.size() == 2);
boolean user = false;
boolean admin = false;
// should have 2 SecurityConfigs
for (Object obj : attrs) {
assertTrue(obj instanceof SecurityConfig);
SecurityConfig sc = (SecurityConfig) obj;
if (sc.getAttribute().equals("ROLE_USER")) {
user = true;
} else if (sc.getAttribute().equals("ROLE_ADMIN")) {
admin = true;
}
}
// expect to have ROLE_USER and ROLE_ADMIN
assertTrue(user && admin);
}
public void testGetAttributesMethodClass() {
Method method = null;
try {
method = BusinessService.class.getMethod("someUserAndAdminMethod", new Class[] {});
} catch (NoSuchMethodException unexpected) {
fail("Should be a method called 'someUserAndAdminMethod' on class!");
}
try {
this.attributes.getAttributes(method, null);
fail("Unsupported method should have thrown an exception!");
} catch (UnsupportedOperationException expected) {}
}
}
@@ -13,7 +13,7 @@
* limitations under the License.
*/
package org.springframework.security.annotation.test;
package org.acegisecurity.annotation.test;
import org.springframework.util.Assert;
@@ -13,7 +13,7 @@
* limitations under the License.
*/
package org.springframework.security.annotation.test;
package org.acegisecurity.annotation.test;
/**
* An extended version of <code>Entity</code>.
@@ -13,7 +13,7 @@
* limitations under the License.
*/
package org.springframework.security.annotation.test;
package org.acegisecurity.annotation.test;
/**
* DOCUMENT ME!
@@ -13,7 +13,7 @@
* limitations under the License.
*/
package org.springframework.security.annotation.test;
package org.acegisecurity.annotation.test;
/**
* DOCUMENT ME!
@@ -13,7 +13,7 @@
* limitations under the License.
*/
package org.springframework.security.annotation.test;
package org.acegisecurity.annotation.test;
/**
* An extended version of <code>Entity</code>.
@@ -13,7 +13,7 @@
* limitations under the License.
*/
package org.springframework.security.annotation.test;
package org.acegisecurity.annotation.test;
/**
* DOCUMENT ME!
@@ -13,7 +13,7 @@
* limitations under the License.
*/
package org.springframework.security.annotation.test;
package org.acegisecurity.annotation.test;
/**
* DOCUMENT ME!
@@ -13,7 +13,7 @@
* limitations under the License.
*/
package org.springframework.security.annotation.test;
package org.acegisecurity.annotation.test;
import java.util.Collection;
@@ -13,7 +13,7 @@
* limitations under the License.
*/
package org.springframework.security.annotation.test;
package org.acegisecurity.annotation.test;
import java.util.Collection;
@@ -1,33 +0,0 @@
package org.springframework.security.annotation;
import javax.annotation.security.RolesAllowed;
import javax.annotation.security.PermitAll;
/**
*
* @author Luke Taylor
* @version $Id$
*/
@PermitAll
public class Jsr250BusinessServiceImpl implements BusinessService {
@RolesAllowed("ROLE_USER")
public void someUserMethod1() {
}
@RolesAllowed("ROLE_USER")
public void someUserMethod2() {
}
@RolesAllowed({"ROLE_USER", "ROLE_ADMIN"})
public void someUserAndAdminMethod() {
}
@RolesAllowed("ROLE_ADMIN")
public void someAdminMethod() {
}
public int someOther(int input) {
return input;
}
}
@@ -1,104 +0,0 @@
package org.springframework.security.annotation;
import static org.junit.Assert.assertEquals;
import javax.annotation.security.DenyAll;
import javax.annotation.security.PermitAll;
import javax.annotation.security.RolesAllowed;
import junit.framework.Assert;
import org.junit.Test;
import org.springframework.security.ConfigAttributeDefinition;
/**
* @author Luke Taylor
* @author Ben Alex
* @version $Id$
*/
public class Jsr250MethodDefinitionSourceTests {
Jsr250MethodDefinitionSource mds = new Jsr250MethodDefinitionSource();
A a = new A();
UserAllowedClass userAllowed = new UserAllowedClass();
DenyAllClass denyAll = new DenyAllClass();
@Test
public void methodWithRolesAllowedHasCorrectAttribute() throws Exception {
ConfigAttributeDefinition accessAttributes = mds.findAttributes(a.getClass().getMethod("adminMethod"), null);
assertEquals(1, accessAttributes.getConfigAttributes().size());
assertEquals("ADMIN", accessAttributes.getConfigAttributes().iterator().next().toString());
}
@Test
public void permitAllMethodHasPermitAllAttribute() throws Exception {
ConfigAttributeDefinition accessAttributes = mds.findAttributes(a.getClass().getMethod("permitAllMethod"), null);
assertEquals(1, accessAttributes.getConfigAttributes().size());
assertEquals("javax.annotation.security.PermitAll", accessAttributes.getConfigAttributes().iterator().next().toString());
}
@Test
public void noRoleMethodHasDenyAllAttributeWithDenyAllClass() throws Exception {
ConfigAttributeDefinition accessAttributes = mds.findAttributes(denyAll.getClass());
assertEquals(1, accessAttributes.getConfigAttributes().size());
assertEquals("javax.annotation.security.DenyAll", accessAttributes.getConfigAttributes().iterator().next().toString());
}
@Test
public void adminMethodHasAdminAttributeWithDenyAllClass() throws Exception {
ConfigAttributeDefinition accessAttributes = mds.findAttributes(denyAll.getClass().getMethod("adminMethod"), null);
assertEquals(1, accessAttributes.getConfigAttributes().size());
assertEquals("ADMIN", accessAttributes.getConfigAttributes().iterator().next().toString());
}
@Test
public void noRoleMethodHasNoAttributes() throws Exception {
ConfigAttributeDefinition accessAttributes = mds.findAttributes(a.getClass().getMethod("noRoleMethod"), null);
Assert.assertNull(accessAttributes);
}
@Test
public void classRoleIsAppliedToNoRoleMethod() throws Exception {
ConfigAttributeDefinition accessAttributes = mds.findAttributes(userAllowed.getClass().getMethod("noRoleMethod"), null);
Assert.assertNull(accessAttributes);
}
@Test
public void methodRoleOverridesClassRole() throws Exception {
ConfigAttributeDefinition accessAttributes = mds.findAttributes(userAllowed.getClass().getMethod("adminMethod"), null);
assertEquals(1, accessAttributes.getConfigAttributes().size());
assertEquals("ADMIN", accessAttributes.getConfigAttributes().iterator().next().toString());
}
//~ Inner Classes ======================================================================================================
public static class A {
public void noRoleMethod() {}
@RolesAllowed("ADMIN")
public void adminMethod() {}
@PermitAll
public void permitAllMethod() {}
}
@RolesAllowed("USER")
public static class UserAllowedClass {
public void noRoleMethod() {}
@RolesAllowed("ADMIN")
public void adminMethod() {}
}
@DenyAll
public static class DenyAllClass {
public void noRoleMethod() {}
@RolesAllowed("ADMIN")
public void adminMethod() {}
}
}
@@ -1,111 +0,0 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.annotation;
import java.lang.reflect.AccessibleObject;
import java.lang.reflect.Method;
import junit.framework.TestCase;
import org.aopalliance.intercept.MethodInvocation;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.annotation.test.Entity;
import org.springframework.security.annotation.test.PersonServiceImpl;
import org.springframework.security.annotation.test.Service;
import org.springframework.security.intercept.method.MapBasedMethodDefinitionSource;
import org.springframework.security.intercept.method.MethodDefinitionSourceEditor;
/**
* Extra tests to demonstrate generics behaviour with <code>MapBasedMethodDefinitionSource</code>.
*
* @author Ben Alex
* @version $Id$
*/
public class MethodDefinitionSourceEditorTigerTests extends TestCase {
//~ Methods ========================================================================================================
public void testConcreteClassInvocations() throws Exception {
MethodDefinitionSourceEditor editor = new MethodDefinitionSourceEditor();
editor.setAsText(
"org.springframework.security.annotation.test.Service.makeLower*=ROLE_FROM_INTERFACE\r\n" +
"org.springframework.security.annotation.test.Service.makeUpper*=ROLE_FROM_INTERFACE\r\n" +
"org.springframework.security.annotation.test.ServiceImpl.makeUpper*=ROLE_FROM_IMPLEMENTATION");
MapBasedMethodDefinitionSource map = (MapBasedMethodDefinitionSource) editor.getValue();
assertEquals(3, map.getMethodMapSize());
ConfigAttributeDefinition returnedMakeLower = map.getAttributes(new MockMethodInvocation(Service.class,
"makeLowerCase", new Class[]{Entity.class}, new PersonServiceImpl()));
ConfigAttributeDefinition expectedMakeLower = new ConfigAttributeDefinition("ROLE_FROM_INTERFACE");
assertEquals(expectedMakeLower, returnedMakeLower);
ConfigAttributeDefinition returnedMakeUpper = map.getAttributes(new MockMethodInvocation(Service.class,
"makeUpperCase", new Class[]{Entity.class}, new PersonServiceImpl()));
ConfigAttributeDefinition expectedMakeUpper = new ConfigAttributeDefinition(new String[]{"ROLE_FROM_IMPLEMENTATION"});
assertEquals(expectedMakeUpper, returnedMakeUpper);
}
public void testBridgeMethodResolution() throws Exception {
MethodDefinitionSourceEditor editor = new MethodDefinitionSourceEditor();
editor.setAsText(
"org.springframework.security.annotation.test.PersonService.makeUpper*=ROLE_FROM_INTERFACE\r\n" +
"org.springframework.security.annotation.test.ServiceImpl.makeUpper*=ROLE_FROM_ABSTRACT\r\n" +
"org.springframework.security.annotation.test.PersonServiceImpl.makeUpper*=ROLE_FROM_PSI");
MapBasedMethodDefinitionSource map = (MapBasedMethodDefinitionSource) editor.getValue();
assertEquals(3, map.getMethodMapSize());
ConfigAttributeDefinition returnedMakeUpper = map.getAttributes(new MockMethodInvocation(Service.class,
"makeUpperCase", new Class[]{Entity.class}, new PersonServiceImpl()));
ConfigAttributeDefinition expectedMakeUpper = new ConfigAttributeDefinition(new String[]{"ROLE_FROM_PSI"});
assertEquals(expectedMakeUpper, returnedMakeUpper);
}
//~ Inner Classes ==================================================================================================
private class MockMethodInvocation implements MethodInvocation {
private Method method;
private Object targetObject;
public MockMethodInvocation(Class clazz, String methodName, Class[] parameterTypes, Object targetObject)
throws NoSuchMethodException {
this.method = clazz.getMethod(methodName, parameterTypes);
this.targetObject = targetObject;
}
public Object[] getArguments() {
return null;
}
public Method getMethod() {
return method;
}
public AccessibleObject getStaticPart() {
return null;
}
public Object getThis() {
return targetObject;
}
public Object proceed() throws Throwable {
return null;
}
}
}
@@ -1,149 +0,0 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.annotation;
import java.lang.reflect.Method;
import junit.framework.TestCase;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.SecurityConfig;
import org.springframework.util.StringUtils;
/**
* Tests for {@link org.springframework.security.annotation.SecuredMethodDefinitionSource}
*
* @author Mark St.Godard
* @author Joe Scalise
* @author Ben Alex
* @version $Id$
*/
public class SecuredMethodDefinitionSourceTests extends TestCase {
//~ Instance fields ================================================================================================
private SecuredMethodDefinitionSource mds = new SecuredMethodDefinitionSource();;
private Log logger = LogFactory.getLog(SecuredMethodDefinitionSourceTests.class);
//~ Methods ========================================================================================================
public void testGenericsSuperclassDeclarationsAreIncludedWhenSubclassesOverride() {
Method method = null;
try {
method = DepartmentServiceImpl.class.getMethod("someUserMethod3", new Class[] {Department.class});
} catch (NoSuchMethodException unexpected) {
fail("Should be a superMethod called 'someUserMethod3' on class!");
}
ConfigAttributeDefinition attrs = this.mds.findAttributes(method, DepartmentServiceImpl.class);
assertNotNull(attrs);
if (logger.isDebugEnabled()) {
logger.debug("attrs: " + StringUtils.collectionToCommaDelimitedString(attrs.getConfigAttributes()));
}
// expect 1 attribute
assertTrue("Did not find 1 attribute", attrs.getConfigAttributes().size() == 1);
// should have 1 SecurityConfig
for (Object obj : attrs.getConfigAttributes()) {
assertTrue(obj instanceof SecurityConfig);
SecurityConfig sc = (SecurityConfig) obj;
assertEquals("Found an incorrect role", "ROLE_ADMIN", sc.getAttribute());
}
Method superMethod = null;
try {
superMethod = DepartmentServiceImpl.class.getMethod("someUserMethod3", new Class[] {Entity.class});
} catch (NoSuchMethodException unexpected) {
fail("Should be a superMethod called 'someUserMethod3' on class!");
}
ConfigAttributeDefinition superAttrs = this.mds.findAttributes(superMethod, DepartmentServiceImpl.class);
assertNotNull(superAttrs);
if (logger.isDebugEnabled()) {
logger.debug("superAttrs: " + StringUtils.collectionToCommaDelimitedString(superAttrs.getConfigAttributes()));
}
// This part of the test relates to SEC-274
// expect 1 attribute
assertTrue("Did not find 1 attribute", superAttrs.getConfigAttributes().size() == 1);
// should have 1 SecurityConfig
for (Object obj : superAttrs.getConfigAttributes()) {
assertTrue(obj instanceof SecurityConfig);
SecurityConfig sc = (SecurityConfig) obj;
assertEquals("Found an incorrect role", "ROLE_ADMIN", sc.getAttribute());
}
}
public void testGetAttributesClass() {
ConfigAttributeDefinition attrs = this.mds.findAttributes(BusinessService.class);
assertNotNull(attrs);
// expect 1 annotation
assertTrue(attrs.getConfigAttributes().size() == 1);
// should have 1 SecurityConfig
SecurityConfig sc = (SecurityConfig) attrs.getConfigAttributes().iterator().next();
assertTrue(sc.getAttribute().equals("ROLE_USER"));
}
public void testGetAttributesMethod() {
Method method = null;
try {
method = BusinessService.class.getMethod("someUserAndAdminMethod", new Class[] {});
} catch (NoSuchMethodException unexpected) {
fail("Should be a method called 'someUserAndAdminMethod' on class!");
}
ConfigAttributeDefinition attrs = this.mds.findAttributes(method, BusinessService.class);
assertNotNull(attrs);
// expect 2 attributes
assertTrue(attrs.getConfigAttributes().size() == 2);
boolean user = false;
boolean admin = false;
// should have 2 SecurityConfigs
for (Object obj : attrs.getConfigAttributes()) {
assertTrue(obj instanceof SecurityConfig);
SecurityConfig sc = (SecurityConfig) obj;
if (sc.getAttribute().equals("ROLE_USER")) {
user = true;
} else if (sc.getAttribute().equals("ROLE_ADMIN")) {
admin = true;
}
}
// expect to have ROLE_USER and ROLE_ADMIN
assertTrue(user && admin);
}
}
@@ -1,60 +0,0 @@
package org.springframework.security.config;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.AuthenticationCredentialsNotFoundException;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.annotation.BusinessService;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
/**
* @author Ben Alex
* @version $Id$
*/
public class GlobalMethodSecurityBeanDefinitionParserTests {
private ClassPathXmlApplicationContext appContext;
private BusinessService target;
@Before
public void loadContext() {
appContext = new ClassPathXmlApplicationContext("org/springframework/security/config/global-method-security.xml");
target = (BusinessService) appContext.getBean("target");
}
@After
public void closeAppContext() {
if (appContext != null) {
appContext.close();
}
SecurityContextHolder.clearContext();
}
@Test(expected=AuthenticationCredentialsNotFoundException.class)
public void targetShouldPreventProtectedMethodInvocationWithNoContext() {
target.someUserMethod1();
}
@Test
public void targetShouldAllowProtectedMethodInvocationWithCorrectRole() {
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_USER")});
SecurityContextHolder.getContext().setAuthentication(token);
target.someUserMethod1();
}
@Test(expected=AccessDeniedException.class)
public void targetShouldPreventProtectedMethodInvocationWithIncorrectRole() {
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_SOMEOTHERROLE")});
SecurityContextHolder.getContext().setAuthentication(token);
target.someAdminMethod();
}
}
@@ -1,69 +0,0 @@
package org.springframework.security.config;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.AuthenticationCredentialsNotFoundException;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.annotation.BusinessService;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
/**
* @author Luke Taylor
* @version $Id$
*/
public class Jsr250AnnotationDrivenBeanDefinitionParserTests {
private ClassPathXmlApplicationContext appContext;
private BusinessService target;
@Before
public void loadContext() {
appContext = new ClassPathXmlApplicationContext("/org/springframework/security/config/jsr250-annotated-method-security.xml");
target = (BusinessService) appContext.getBean("target");
}
@After
public void closeAppContext() {
if (appContext != null) {
appContext.close();
}
SecurityContextHolder.clearContext();
}
@Test(expected=AuthenticationCredentialsNotFoundException.class)
public void targetShouldPreventProtectedMethodInvocationWithNoContext() {
target.someUserMethod1();
}
@Test
public void permitAllShouldBeDefaultAttribute() {
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_USER")});
SecurityContextHolder.getContext().setAuthentication(token);
target.someOther(0);
}
@Test
public void targetShouldAllowProtectedMethodInvocationWithCorrectRole() {
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_USER")});
SecurityContextHolder.getContext().setAuthentication(token);
target.someUserMethod1();
}
@Test(expected=AccessDeniedException.class)
public void targetShouldPreventProtectedMethodInvocationWithIncorrectRole() {
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_SOMEOTHERROLE")});
SecurityContextHolder.getContext().setAuthentication(token);
target.someAdminMethod();
}
}
@@ -1,60 +0,0 @@
package org.springframework.security.config;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.AuthenticationCredentialsNotFoundException;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.annotation.BusinessService;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
/**
* @author Ben Alex
* @version $Id$
*/
public class SecuredAnnotationDrivenBeanDefinitionParserTests {
private ClassPathXmlApplicationContext appContext;
private BusinessService target;
@Before
public void loadContext() {
appContext = new ClassPathXmlApplicationContext("org/springframework/security/config/secured-annotated-method-security.xml");
target = (BusinessService) appContext.getBean("target");
}
@After
public void closeAppContext() {
if (appContext != null) {
appContext.close();
}
SecurityContextHolder.clearContext();
}
@Test(expected=AuthenticationCredentialsNotFoundException.class)
public void targetShouldPreventProtectedMethodInvocationWithNoContext() {
target.someUserMethod1();
}
@Test
public void targetShouldAllowProtectedMethodInvocationWithCorrectRole() {
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_USER")});
SecurityContextHolder.getContext().setAuthentication(token);
target.someUserMethod1();
}
@Test(expected=AccessDeniedException.class)
public void targetShouldPreventProtectedMethodInvocationWithIncorrectRole() {
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_SOMEOTHERROLE")});
SecurityContextHolder.getContext().setAuthentication(token);
target.someAdminMethod();
}
}
@@ -1,23 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<b:beans xmlns="http://www.springframework.org/schema/security"
xmlns:b="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
<b:bean id="target" class="org.springframework.security.annotation.BusinessServiceImpl"/>
<global-method-security>
<protect-pointcut expression="execution(* *.someUser*(..))" access="ROLE_USER"/>
<protect-pointcut expression="execution(* *.someAdmin*(..))" access="ROLE_ADMIN"/>
</global-method-security>
<authentication-provider>
<user-service>
<user name="bob" password="bobspassword" authorities="ROLE_A,ROLE_B" />
<user name="bill" password="billspassword" authorities="ROLE_A,ROLE_B,AUTH_OTHER" />
</user-service>
</authentication-provider>
</b:beans>
@@ -1,20 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<b:beans xmlns="http://www.springframework.org/schema/security"
xmlns:b="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
<b:bean id="target" class="org.springframework.security.annotation.Jsr250BusinessServiceImpl"/>
<global-method-security jsr250-annotations="enabled"/>
<authentication-provider>
<user-service>
<user name="bob" password="bobspassword" authorities="ROLE_A,ROLE_B" />
<user name="bill" password="billspassword" authorities="ROLE_A,ROLE_B,AUTH_OTHER" />
</user-service>
</authentication-provider>
</b:beans>
@@ -1,20 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<b:beans xmlns="http://www.springframework.org/schema/security"
xmlns:b="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
<b:bean id="target" class="org.springframework.security.annotation.Jsr250BusinessServiceImpl"/>
<global-method-security secured-annotations="enabled"/>
<authentication-provider>
<user-service>
<user name="bob" password="bobspassword" authorities="ROLE_A,ROLE_B" />
<user name="bill" password="billspassword" authorities="ROLE_A,ROLE_B,AUTH_OTHER" />
</user-service>
</authentication-provider>
</b:beans>
+158 -163
View File
@@ -1,174 +1,169 @@
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-parent</artifactId>
<version>2.0.0</version>
</parent>
<packaging>bundle</packaging>
<artifactId>spring-security-core</artifactId>
<name>Spring Security - Core</name>
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.acegisecurity</groupId>
<artifactId>acegi-security-parent</artifactId>
<version>1.0.7</version>
</parent>
<packaging>jar</packaging>
<artifactId>acegi-security</artifactId>
<name>Acegi Security Core</name>
<dependencies>
<dependencies>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-remoting</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-support</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-mock</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<!-- TODO: Upgrade to 1.2 before 2.0 release -->
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-aop</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-remoting</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-support</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-mock</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.aspectj</groupId>
<artifactId>aspectjrt</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.aspectj</groupId>
<artifactId>aspectjweaver</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.ldap</groupId>
<artifactId>spring-ldap</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>cglib</groupId>
<artifactId>cglib-nodep</artifactId>
<scope>test</scope>
<optional>true</optional>
</dependency>
<dependency>
<groupId>net.sf.ehcache</groupId>
<artifactId>ehcache</artifactId>
<version>1.1.2</version>
<optional>true</optional>
</dependency>
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
</dependency>
<dependency>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
</dependency>
<dependency>
<groupId>commons-collections</groupId>
<artifactId>commons-collections</artifactId>
</dependency>
<dependency>
<groupId>hsqldb</groupId>
<artifactId>hsqldb</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>jaxen</groupId>
<artifactId>jaxen</artifactId>
<version>1.1.1</version>
<optional>true</optional>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.apache.directory.server</groupId>
<artifactId>apacheds-core</artifactId>
<version>1.0.2</version>
<scope>compile</scope>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.apache.directory.server</groupId>
<artifactId>apacheds-server-jndi</artifactId>
<version>1.0.2</version>
<scope>compile</scope>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.apache.mina</groupId>
<artifactId>mina-core</artifactId>
<version>1.0.5</version>
<scope>compile</scope>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
<version>1.4.3</version>
<scope>runtime</scope>
<optional>true</optional>
</dependency>
<dependency>
<groupId>jmock</groupId>
<artifactId>jmock</artifactId>
<version>1.0.1</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<optional>true</optional>
</dependency>
</dependencies>
<groupId>net.sf.ehcache</groupId>
<artifactId>ehcache</artifactId>
<version>1.2.4</version>
<optional>true</optional>
</dependency>
<dependency>
<groupId>cas</groupId>
<artifactId>casclient</artifactId>
<version>2.0.11</version>
<optional>true</optional>
</dependency>
<dependency>
<groupId>commons-lang</groupId>
<artifactId>commons-lang</artifactId>
<version>2.1</version>
</dependency>
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>1.0.4</version>
</dependency>
<dependency>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
<version>1.3</version>
</dependency>
<dependency>
<groupId>oro</groupId>
<artifactId>oro</artifactId>
<version>2.0.8</version>
</dependency>
<dependency>
<groupId>commons-collections</groupId>
<artifactId>commons-collections</artifactId>
<version>3.1</version>
</dependency>
<dependency>
<groupId>aspectj</groupId>
<artifactId>aspectjrt</artifactId>
<version>1.2</version>
<optional>true</optional>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>jsp-api</artifactId>
<version>2.0</version>
<optional>true</optional>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
<version>2.4</version>
<optional>true</optional>
</dependency>
<dependency>
<groupId>taglibs</groupId>
<artifactId>standard</artifactId>
<version>1.0.6</version>
<optional>true</optional>
</dependency>
<dependency>
<groupId>hsqldb</groupId>
<artifactId>hsqldb</artifactId>
<version>1.8.0.4</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.directory.server</groupId>
<artifactId>apacheds-core</artifactId>
<version>1.0.0</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
<version>1.0.1</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>jmock</groupId>
<artifactId>jmock</artifactId>
<version>1.0.1</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.felix</groupId>
<artifactId>maven-bundle-plugin</artifactId>
<version>${felix.version}</version>
<extensions>true</extensions>
<configuration>
<instructions>
<Bundle-SymbolicName>org.springframework.bundle.security.core</Bundle-SymbolicName>
<Export-Package>org.springframework.security.*;version=${pom.version}</Export-Package>
<Private-Package>!org.springframework.security.*</Private-Package>
<Implementation-Title>${pom.name}</Implementation-Title>
<Implementation-Version>${pom.version}</Implementation-Version>
<Import-Package>
org.springframework*;resolution:=optional;version="[2.0,2.6)",
*;resolution:=optional
</Import-Package>
<!--
<Embed-Dependency>
*;scope=compile|runtime;inline=true
</Embed-Dependency>
-->
</instructions>
</configuration>
</plugin>
</plugins>
</build>
<build>
<resources>
<resource>
<directory>${basedir}/../</directory>
<targetPath>META-INF</targetPath>
<includes>
<include>notice.txt</include>
</includes>
<filtering>false</filtering>
</resource>
<resource>
<directory>
${basedir}/src/main/resources/org/acegisecurity/taglibs
</directory>
<targetPath>META-INF</targetPath>
<includes>
<include>*.tld</include>
</includes>
<filtering>false</filtering>
</resource>
<resource>
<directory>${basedir}/src/main/resources</directory>
<targetPath>/</targetPath>
<includes>
<include>**/*</include>
</includes>
<filtering>false</filtering>
</resource>
</resources>
</build>
</project>
@@ -13,7 +13,8 @@
* limitations under the License.
*/
package org.springframework.security;
package org.acegisecurity;
/**
* An abstract implementation of the {@link AuthenticationManager}.
@@ -24,16 +25,15 @@ package org.springframework.security;
public abstract class AbstractAuthenticationManager implements AuthenticationManager {
//~ Instance fields ================================================================================================
private boolean clearExtraInformation = false;
private boolean clearExtraInformation = true;
//~ Methods ========================================================================================================
/**
* An implementation of the <code>authenticate</code> method that calls the abstract method
* <code>doAuthenticatation</code> to do its work.
* <p>
* If doAuthenticate throws an <code>AuthenticationException</code> then the exception is populated
* with the failed <code>Authentication</code> object that failed.
* <p>An implementation of the <code>authenticate</code> method that calls the abstract method
* <code>doAuthenticatation</code> to do its work.</p>
* <p>If doAuthenticate throws an <code>AuthenticationException</code> then the exception is populated
* with the failed <code>Authentication</code> object that failed.</p>
*
* @param authRequest the authentication request object
*
@@ -41,7 +41,8 @@ public abstract class AbstractAuthenticationManager implements AuthenticationMan
*
* @throws AuthenticationException if authentication fails
*/
public final Authentication authenticate(Authentication authRequest) throws AuthenticationException {
public final Authentication authenticate(Authentication authRequest)
throws AuthenticationException {
try {
return doAuthentication(authRequest);
} catch (AuthenticationException e) {
@@ -56,10 +57,9 @@ public abstract class AbstractAuthenticationManager implements AuthenticationMan
}
/**
* Concrete implementations of this class override this method to provide the authentication service.
* <p>
* The contract for this method is documented in the
* {@link AuthenticationManager#authenticate(Authentication)}.
* <p>Concrete implementations of this class override this method to provide the authentication service.</p>
* <p>The contract for this method is documented in the {@link
* AuthenticationManager#authenticate(Authentication)}.</p>
*
* @param authentication the authentication request object
*
@@ -67,14 +67,15 @@ public abstract class AbstractAuthenticationManager implements AuthenticationMan
*
* @throws AuthenticationException if authentication fails
*/
protected abstract Authentication doAuthentication(Authentication authentication) throws AuthenticationException;
protected abstract Authentication doAuthentication(Authentication authentication)
throws AuthenticationException;
/**
* If set to true, the <tt>extraInformation</tt> set on an <tt>AuthenticationException</tt> will be cleared
* before rethrowing it. This is useful for use with remoting protocols where the information shouldn't
* be serialized to the client. Defaults to 'false'.
*
* @see org.springframework.security.AuthenticationException#getExtraInformation()
* @see AuthenticationException#getExtraInformation()
*/
public void setClearExtraInformation(boolean clearExtraInformation) {
this.clearExtraInformation = clearExtraInformation;
@@ -13,7 +13,7 @@
* limitations under the License.
*/
package org.springframework.security;
package org.acegisecurity;
/**
* Makes a final access control (authorization) decision.

Some files were not shown because too many files have changed in this diff Show More