1
0
mirror of synced 2026-07-08 20:30:04 +00:00

Compare commits

...

43 Commits

Author SHA1 Message Date
Luke Taylor 55fbfc5285 Updated site index page 2008-04-15 15:53:38 +00:00
Luke Taylor b75ea4e622 [maven-release-plugin] copy for tag acegi-security-parent-1.0.7 2008-04-15 11:38:16 +00:00
Luke Taylor f626d5ec47 SEC-678: Merged changes from trunk. 2008-02-18 20:44:09 +00:00
Luke Taylor 1b07b5e616 SEC-537: Merged changes from trunk. 2008-02-18 12:21:29 +00:00
Luke Taylor 22aaf34499 SEC-577: Correct javadocs for switch user 2008-02-15 14:35:16 +00:00
Luke Taylor 62093067cb SEC-581: Copy authentication details to CAS result token 2008-02-15 14:03:52 +00:00
Ben Alex be3d309905 SEC-656: Provide ability to dependency inject additional exception to event mappings, rather than require subclassing. 2008-02-15 11:56:36 +00:00
Luke Taylor 065e2b6fa2 SEC-575: Added getter/setter for LdapUserDetailsMapper 2008-02-14 18:58:08 +00:00
Luke Taylor b253510127 SEC-418: Applied patch from issue. 2008-01-28 19:24:45 +00:00
Luke Taylor e41860d944 [maven-release-plugin] prepare for next development iteration 2007-12-24 17:13:29 +00:00
Luke Taylor e9b5ada0c4 [maven-release-plugin] prepare release release_1_0_6 2007-12-24 17:12:43 +00:00
Luke Taylor 0a7d6225f7 Corrected tagBase url 2007-12-24 17:08:52 +00:00
Luke Taylor 75360d1358 Corrected tagBase url 2007-12-24 17:06:50 +00:00
Luke Taylor a84b405744 [maven-release-plugin] rollback the release of release_1_0_6 2007-12-24 16:54:36 +00:00
Luke Taylor 4c8f61ec90 [maven-release-plugin] prepare release release_1_0_6 2007-12-24 16:41:24 +00:00
Luke Taylor c2a13b0aa8 [maven-release-plugin] rollback the release of release_1_0_6 2007-12-24 16:32:46 +00:00
Luke Taylor ad45967cef [maven-release-plugin] prepare release release_1_0_6 2007-12-24 16:26:44 +00:00
Luke Taylor bdd78ced7f Corrected scm element 2007-12-24 16:15:11 +00:00
Luke Taylor 9174fb7746 Removed scm element from core and core-tiger 2007-12-24 16:10:34 +00:00
Luke Taylor b5ac6e42e3 Reinstated version as 1.0.6-SNAPSHOT after mvn release plugin failure 2007-12-24 16:07:24 +00:00
Luke Taylor e3247231d7 [maven-release-plugin] prepare release release_1_0_6 2007-12-24 16:00:00 +00:00
Luke Taylor ab022a5ed3 testing svn commit 2007-12-24 15:56:53 +00:00
Luke Taylor 18d8084744 Fix jetty plugin version at 6.1.6. 2007-12-24 14:51:50 +00:00
Luke Taylor 1216673deb Fix jetty plugin version at 6.1.6. 2007-12-24 14:48:45 +00:00
Luke Taylor 8e6e373a3b Removed unused import. 2007-12-07 16:20:31 +00:00
Luke Taylor 2b0ee23396 SEC-618: Move copyDetails method into ProviderManager and call it before checking with ConcurrentSessionController. 2007-12-07 16:17:59 +00:00
Luke Taylor 89cde2507d SEC-594: Set password on UserDetails object returned by BindAuthenticator. 2007-12-07 16:04:43 +00:00
Luke Taylor ac0e308354 Updated spring and acegi version numbers in petclinic tutorial file. 2007-12-03 23:15:29 +00:00
Ben Alex 724b9e23ba Remove OrderedUtils (was used for old namespace testing). 2007-12-03 05:05:30 +00:00
Ben Alex 99c5479f9a SEC-584: Require user to explicitly set SessionRegistry, so the implementation can benefit from application context services. 2007-12-02 03:00:26 +00:00
Ben Alex c3dc3a3a4f SEC-610: Reauthenticate even if AnonymousAuthenticationToken is present. 2007-12-02 02:15:18 +00:00
Ben Alex 859ce607cd Now using mvn eclipse:eclipse instead; do not check these back in. 2007-12-02 00:47:38 +00:00
Ben Alex d6fd9980bd Remove configuration from sandbox; this support exists in 2.0 trunk. 2007-12-01 23:52:52 +00:00
Luke Taylor 831981ac69 Changed forum description. 2007-11-20 16:50:12 +00:00
Scott Battaglia 7b981d3e84 SEC-592
implemented NullStatelessTicketCache and test cases and made it the default for CasAuthenticationProvider.
2007-11-07 21:55:59 +00:00
Luke Taylor 38a0bf7ca4 SEC-564: Documented checkout of 1.0.x branch and trunk separately. 2007-11-07 00:24:02 +00:00
Luke Taylor e243855822 SEC-557: Reinstated default AccessDeniedHandler (AccessDeniedHandlerImpl) which had been removed by mistake. 2007-09-19 16:41:06 +00:00
Luke Taylor e6e461d9a0 SEC-549: Merged fix from trunk (trim space from username). 2007-09-14 14:32:19 +00:00
Luke Taylor 0ff8662f12 SEC-556: Removed namespace meta-inf file from 1.0 branch. 2007-09-12 21:37:07 +00:00
Luke Taylor 0878d7d563 Changed release notes to include deployment in tomcat *and* Jetty (after jstl issues with tutorial). 2007-09-12 21:19:02 +00:00
Luke Taylor ae4b5907b9 Merged website style changes from trunk. 2007-09-12 21:12:29 +00:00
Luke Taylor 5da9a0c0c0 Removed unnecessary repository declarations. 2007-09-12 21:10:29 +00:00
Luke Taylor 95d5c61115 SEC-554: Added jstl jars to tutorial pom. 2007-09-12 21:04:17 +00:00
131 changed files with 595 additions and 6764 deletions
-91
View File
@@ -1,91 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<classpath>
<classpathentry kind="src" path="core/src/main/java"/>
<classpathentry kind="src" path="core/src/main/resources"/>
<classpathentry kind="src" path="core/src/test/java"/>
<classpathentry kind="src" path="core/src/test/resources"/>
<classpathentry kind="src" path="samples/dms/src/test/java"/>
<classpathentry kind="src" path="samples/dms/src/main/resources"/>
<classpathentry kind="src" path="samples/dms/src/main/java"/>
<classpathentry kind="src" path="samples/dms/src/test/resources"/>
<classpathentry kind="src" path="samples/contacts/src/main/java"/>
<classpathentry kind="src" path="samples/contacts/src/main/resources"/>
<classpathentry kind="src" path="samples/contacts/src/test/java"/>
<classpathentry kind="src" path="samples/contacts/src/test/resources"/>
<classpathentry kind="src" path="samples/attributes/src/main/java"/>
<classpathentry kind="src" path="samples/attributes/src/main/resources"/>
<classpathentry kind="src" path="samples/attributes/src/test/java"/>
<classpathentry kind="src" path="adapters/cas/src/test/resources"/>
<classpathentry kind="src" path="adapters/cas/src/main/resources"/>
<classpathentry kind="src" path="adapters/cas/src/main/java"/>
<classpathentry kind="src" path="adapters/cas/src/test/java"/>
<classpathentry kind="src" path="adapters/catalina/src/main/java"/>
<classpathentry kind="src" path="adapters/catalina/src/main/resources"/>
<classpathentry kind="src" path="adapters/catalina/src/test/java"/>
<classpathentry kind="src" path="adapters/jboss/src/main/java"/>
<classpathentry kind="src" path="adapters/jboss/src/test/java"/>
<classpathentry kind="src" path="adapters/jetty/src/main/java"/>
<classpathentry kind="src" path="adapters/jetty/src/test/java"/>
<classpathentry kind="src" path="adapters/resin/src/main/java"/>
<classpathentry kind="src" path="adapters/resin/src/test/java"/>
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
<classpathentry kind="var" path="M2_REPO/com/caucho/resin/3.0.9/resin-3.0.9.jar"/>
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-core/1.2.9/spring-core-1.2.9.jar" sourcepath="/M2_REPO/org.springframework/src/spring-1.2.9-sources.jar"/>
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-mock/1.2.9/spring-mock-1.2.9.jar"/>
<classpathentry kind="var" path="M2_REPO/aopalliance/aopalliance/1.0/aopalliance-1.0.jar"/>
<classpathentry kind="var" path="M2_REPO/aspectj/aspectjrt/1.2/aspectjrt-1.2.jar"/>
<classpathentry kind="var" path="M2_REPO/cas/casclient/2.0.11/casclient-2.0.11.jar"/>
<classpathentry kind="var" path="M2_REPO/cas/cas/2.0.12/cas-2.0.12.jar"/>
<classpathentry kind="var" path="M2_REPO/commons-codec/commons-codec/1.3/commons-codec-1.3.jar"/>
<classpathentry kind="var" path="M2_REPO/commons-collections/commons-collections/3.1/commons-collections-3.1.jar"/>
<classpathentry kind="var" path="M2_REPO/hsqldb/hsqldb/1.8.0.4/hsqldb-1.8.0.4.jar"/>
<classpathentry kind="var" path="M2_REPO/oro/oro/2.0.8/oro-2.0.8.jar"/>
<classpathentry kind="var" path="M2_REPO/javax/servlet/servlet-api/2.4/servlet-api-2.4.jar"/>
<classpathentry kind="var" path="M2_REPO/tomcat/catalina/4.1.9/catalina-4.1.9.jar"/>
<classpathentry kind="var" path="M2_REPO/jetty/org.mortbay.jetty/4.2.22/org.mortbay.jetty-4.2.22.jar"/>
<classpathentry kind="var" path="M2_REPO/jboss/jboss-common/3.2.3/jboss-common-3.2.3.jar"/>
<classpathentry kind="var" path="M2_REPO/jboss/jbosssx/3.2.3/jbosssx-3.2.3.jar"/>
<classpathentry kind="var" path="M2_REPO/junit/junit/3.8.1/junit-3.8.1.jar"/>
<classpathentry kind="var" path="M2_REPO/net/sf/ehcache/ehcache/1.2.4/ehcache-1.2.4.jar"/>
<classpathentry kind="var" path="M2_REPO/javax/servlet/jsp-api/2.0/jsp-api-2.0.jar"/>
<classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate/3.2.2.ga/hibernate-3.2.2.ga.jar"/>
<classpathentry kind="var" path="M2_REPO/commons-beanutils/commons-beanutils/1.7.0/commons-beanutils-1.7.0.jar" sourcepath="DIST_BASE/commons-beanutils-1.6.1-src/src/java"/>
<classpathentry kind="src" path="samples/contacts-tiger/src/main/java"/>
<classpathentry kind="src" path="core-tiger/src/main/java"/>
<classpathentry kind="src" path="core-tiger/src/main/resources"/>
<classpathentry kind="src" path="core-tiger/src/test/java"/>
<classpathentry kind="src" path="core-tiger/src/test/resources"/>
<classpathentry kind="src" path="samples/annotations/src/main/java"/>
<classpathentry kind="src" path="samples/annotations/src/main/resources"/>
<classpathentry kind="src" path="samples/annotations/src/test/java"/>
<classpathentry kind="var" path="M2_REPO/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar"/>
<classpathentry kind="var" path="M2_REPO/xerces/xercesImpl/2.6.2/xercesImpl-2.6.2.jar"/>
<classpathentry kind="var" path="M2_REPO/jmock/jmock/1.0.1/jmock-1.0.1.jar" sourcepath="M2_REPO/jmock/distributions/jmock-1.0.1-src.jar"/>
<classpathentry kind="var" path="M2_REPO/jdbm/jdbm/1.0/jdbm-1.0.jar"/>
<classpathentry kind="var" path="M2_REPO/regexp/regexp/1.3/regexp-1.3.jar"/>
<classpathentry kind="var" path="M2_REPO/org/slf4j/jcl104-over-slf4j/1.1.0/jcl104-over-slf4j-1.1.0.jar"/>
<classpathentry kind="var" path="M2_REPO/org/apache/directory/server/apacheds-core/1.0.0/apacheds-core-1.0.0.jar"/>
<classpathentry kind="var" path="M2_REPO/org/apache/directory/server/apacheds-core-shared/1.0.0/apacheds-core-shared-1.0.0.jar"/>
<classpathentry kind="var" path="M2_REPO/org/apache/directory/shared/shared-asn1/0.9.5.3/shared-asn1-0.9.5.3.jar"/>
<classpathentry kind="var" path="M2_REPO/org/apache/directory/shared/shared-ldap/0.9.5.3/shared-ldap-0.9.5.3.jar"/>
<classpathentry kind="var" path="M2_REPO/antlr/antlr/2.7.2/antlr-2.7.2.jar"/>
<classpathentry kind="var" path="M2_REPO/cas/cas-server/3.0.4/cas-server-3.0.4.jar"/>
<classpathentry kind="var" path="M2_REPO/net/sourceforge/retroweaver/retroweaver/1.0fcs/retroweaver-1.0fcs.jar"/>
<classpathentry kind="var" path="M2_REPO/taglibs/standard/1.0.6/standard-1.0.6.jar"/>
<classpathentry kind="var" path="M2_REPO/commons-attributes/commons-attributes-api/2.1/commons-attributes-api-2.1.jar"/>
<classpathentry kind="var" path="M2_REPO/log4j/log4j/1.2.9/log4j-1.2.9.jar"/>
<classpathentry kind="var" path="M2_REPO/postgresql/postgresql/8.1-407.jdbc3/postgresql-8.1-407.jdbc3.jar"/>
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-ldap/1.1.2/spring-ldap-1.1.2.jar"/>
<classpathentry kind="var" path="M2_REPO/org/slf4j/slf4j-api/1.1.0/slf4j-api-1.1.0.jar"/>
<classpathentry kind="var" path="M2_REPO/org/slf4j/slf4j-log4j12/1.1.0/slf4j-log4j12-1.1.0.jar"/>
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-dao/1.2.9/spring-dao-1.2.9.jar"/>
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-jdbc/1.2.9/spring-jdbc-1.2.9.jar"/>
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-remoting/1.2.9/spring-remoting-1.2.9.jar"/>
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-support/1.2.9/spring-support-1.2.9.jar"/>
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-web/1.2.9/spring-web-1.2.9.jar"/>
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-context/1.2.9/spring-context-1.2.9.jar"/>
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-aop/1.2.9/spring-aop-1.2.9.jar"/>
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-beans/1.2.9/spring-beans-1.2.9.jar"/>
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-webmvc/1.2.9/spring-webmvc-1.2.9.jar"/>
<classpathentry kind="output" path="target/eclipseclasses"/>
</classpath>
-17
View File
@@ -1,17 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<projectDescription>
<name>acegisecurity</name>
<comment></comment>
<projects>
</projects>
<buildSpec>
<buildCommand>
<name>org.eclipse.jdt.core.javabuilder</name>
<arguments>
</arguments>
</buildCommand>
</buildSpec>
<natures>
<nature>org.eclipse.jdt.core.javanature</nature>
</natures>
</projectDescription>
+1 -1
View File
@@ -3,7 +3,7 @@
<parent>
<groupId>org.acegisecurity</groupId>
<artifactId>acegi-security-adapters</artifactId>
<version>1.0.6-SNAPSHOT</version>
<version>1.0.7</version>
</parent>
<artifactId>acegi-security-cas</artifactId>
<name>Acegi Security System for Spring - CAS adapter</name>
+1 -1
View File
@@ -3,7 +3,7 @@
<parent>
<groupId>org.acegisecurity</groupId>
<artifactId>acegi-security-adapters</artifactId>
<version>1.0.6-SNAPSHOT</version>
<version>1.0.7</version>
</parent>
<artifactId>acegi-security-catalina</artifactId>
<name>Acegi Security System for Spring - Catalina adapter</name>
+1 -1
View File
@@ -3,7 +3,7 @@
<parent>
<groupId>org.acegisecurity</groupId>
<artifactId>acegi-security-adapters</artifactId>
<version>1.0.6-SNAPSHOT</version>
<version>1.0.7</version>
</parent>
<artifactId>acegi-security-jboss</artifactId>
<name>Acegi Security System for Spring - JBoss adapter</name>
+1 -1
View File
@@ -3,7 +3,7 @@
<parent>
<groupId>org.acegisecurity</groupId>
<artifactId>acegi-security-adapters</artifactId>
<version>1.0.6-SNAPSHOT</version>
<version>1.0.7</version>
</parent>
<artifactId>acegi-security-jetty</artifactId>
<name>Acegi Security System for Spring - Jetty adapter</name>
+1 -1
View File
@@ -3,7 +3,7 @@
<parent>
<groupId>org.acegisecurity</groupId>
<artifactId>acegi-security-parent</artifactId>
<version>1.0.6-SNAPSHOT</version>
<version>1.0.7</version>
</parent>
<artifactId>acegi-security-adapters</artifactId>
<name>Acegi Security System for Spring - Adapters</name>
+1 -1
View File
@@ -3,7 +3,7 @@
<parent>
<groupId>org.acegisecurity</groupId>
<artifactId>acegi-security-adapters</artifactId>
<version>1.0.6-SNAPSHOT</version>
<version>1.0.7</version>
</parent>
<artifactId>acegi-security-resin</artifactId>
<name>Acegi Security System for Spring - Resin adapter</name>
+1 -7
View File
@@ -3,17 +3,11 @@
<parent>
<groupId>org.acegisecurity</groupId>
<artifactId>acegi-security-parent</artifactId>
<version>1.0.6-SNAPSHOT</version>
<version>1.0.7</version>
</parent>
<artifactId>acegi-security-tiger</artifactId>
<name>Acegi Security System for Spring - Java 5 (Tiger)</name>
<scm>
<connection>scm:svn:https://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity/core-tiger</connection>
<developerConnection>scm:svn:https://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity/core-tiger</developerConnection>
<url>http://acegisecurity.svn.sourceforge.net/viewcvs.cgi/acegisecurity/trunk/acegisecurity/core-tiger/</url>
</scm>
<dependencies>
<dependency>
<groupId>org.acegisecurity</groupId>
+1 -7
View File
@@ -3,18 +3,12 @@
<parent>
<groupId>org.acegisecurity</groupId>
<artifactId>acegi-security-parent</artifactId>
<version>1.0.6-SNAPSHOT</version>
<version>1.0.7</version>
</parent>
<packaging>jar</packaging>
<artifactId>acegi-security</artifactId>
<name>Acegi Security Core</name>
<scm>
<connection>scm:svn:https://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity/core</connection>
<developerConnection>scm:svn:https://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity/core</developerConnection>
<url>http://acegisecurity.svn.sourceforge.net/viewcvs.cgi/acegisecurity/trunk/acegisecurity/core/</url>
</scm>
<dependencies>
<dependency>
<groupId>org.springframework</groupId>
@@ -15,8 +15,6 @@
package org.acegisecurity;
import org.acegisecurity.providers.AbstractAuthenticationToken;
/**
* An abstract implementation of the {@link AuthenticationManager}.
@@ -25,6 +23,10 @@ import org.acegisecurity.providers.AbstractAuthenticationToken;
* @version $Id$
*/
public abstract class AbstractAuthenticationManager implements AuthenticationManager {
//~ Instance fields ================================================================================================
private boolean clearExtraInformation = true;
//~ Methods ========================================================================================================
/**
@@ -42,35 +44,22 @@ public abstract class AbstractAuthenticationManager implements AuthenticationMan
public final Authentication authenticate(Authentication authRequest)
throws AuthenticationException {
try {
Authentication authResult = doAuthentication(authRequest);
copyDetails(authRequest, authResult);
return authResult;
return doAuthentication(authRequest);
} catch (AuthenticationException e) {
e.setAuthentication(authRequest);
if (clearExtraInformation) {
e.clearExtraInformation();
}
throw e;
}
}
/**
* Copies the authentication details from a source Authentication object to a destination one, provided the
* latter does not already have one set.
*
* @param source source authentication
* @param dest the destination authentication object
*/
private void copyDetails(Authentication source, Authentication dest) {
if ((dest instanceof AbstractAuthenticationToken) && (dest.getDetails() == null)) {
AbstractAuthenticationToken token = (AbstractAuthenticationToken) dest;
token.setDetails(source.getDetails());
}
}
/**
* <p>Concrete implementations of this class override this method to provide the authentication service.</p>
* <p>The contract for this method is documented in the {@link
* AuthenticationManager#authenticate(org.acegisecurity.Authentication)}.</p>
* AuthenticationManager#authenticate(Authentication)}.</p>
*
* @param authentication the authentication request object
*
@@ -80,4 +69,15 @@ public abstract class AbstractAuthenticationManager implements AuthenticationMan
*/
protected abstract Authentication doAuthentication(Authentication authentication)
throws AuthenticationException;
/**
* If set to true, the <tt>extraInformation</tt> set on an <tt>AuthenticationException</tt> will be cleared
* before rethrowing it. This is useful for use with remoting protocols where the information shouldn't
* be serialized to the client. Defaults to 'false'.
*
* @see AuthenticationException#getExtraInformation()
*/
public void setClearExtraInformation(boolean clearExtraInformation) {
this.clearExtraInformation = clearExtraInformation;
}
}
@@ -25,7 +25,7 @@ package org.acegisecurity;
public class AccountExpiredException extends AuthenticationException {
//~ Constructors ===================================================================================================
/**
/**
* Constructs a <code>AccountExpiredException</code> with the specified
* message.
*
@@ -35,7 +35,7 @@ public class AccountExpiredException extends AuthenticationException {
super(msg);
}
/**
/**
* Constructs a <code>AccountExpiredException</code> with the specified
* message and root cause.
*
@@ -45,4 +45,8 @@ public class AccountExpiredException extends AuthenticationException {
public AccountExpiredException(String msg, Throwable t) {
super(msg, t);
}
public AccountExpiredException(String msg, Object extraInformation) {
super(msg, extraInformation);
}
}
@@ -25,12 +25,12 @@ package org.acegisecurity;
public abstract class AuthenticationException extends AcegiSecurityException {
//~ Instance fields ================================================================================================
/** The authentication that related to this exception (may be <code>null</code>) */
private Authentication authentication;
private Object extraInformation;
//~ Constructors ===================================================================================================
/**
/**
* Constructs an <code>AuthenticationException</code> with the specified
* message and root cause.
*
@@ -41,7 +41,7 @@ public abstract class AuthenticationException extends AcegiSecurityException {
super(msg, t);
}
/**
/**
* Constructs an <code>AuthenticationException</code> with the specified
* message and no root cause.
*
@@ -51,8 +51,16 @@ public abstract class AuthenticationException extends AcegiSecurityException {
super(msg);
}
public AuthenticationException(String msg, Object extraInformation) {
super(msg);
this.extraInformation = extraInformation;
}
//~ Methods ========================================================================================================
/**
* The authentication request which this exception corresponds to (may be <code>null</code>)
*/
public Authentication getAuthentication() {
return authentication;
}
@@ -60,4 +68,17 @@ public abstract class AuthenticationException extends AcegiSecurityException {
void setAuthentication(Authentication authentication) {
this.authentication = authentication;
}
/**
* Any additional information about the exception. Generally a <code>UserDetails</code> object.
*
* @return extra information or <code>null</code>
*/
public Object getExtraInformation() {
return extraInformation;
}
void clearExtraInformation() {
this.extraInformation = null;
}
}
@@ -23,10 +23,6 @@ package org.acegisecurity;
* @version $Id$
*/
public class BadCredentialsException extends AuthenticationException {
//~ Instance fields ================================================================================================
private Object extraInformation;
//~ Constructors ===================================================================================================
/**
@@ -40,8 +36,7 @@ public class BadCredentialsException extends AuthenticationException {
}
public BadCredentialsException(String msg, Object extraInformation) {
super(msg);
this.extraInformation = extraInformation;
super(msg, extraInformation);
}
/**
@@ -57,12 +52,4 @@ public class BadCredentialsException extends AuthenticationException {
//~ Methods ========================================================================================================
/**
* Any additional information about the exception. Generally a <code>UserDetails</code> object.
*
* @return extra information or <code>null</code>
*/
public Object getExtraInformation() {
return extraInformation;
}
}
@@ -45,4 +45,8 @@ public class CredentialsExpiredException extends AuthenticationException {
public CredentialsExpiredException(String msg, Throwable t) {
super(msg, t);
}
public CredentialsExpiredException(String msg, Object extraInformation) {
super(msg, extraInformation);
}
}
@@ -44,4 +44,8 @@ public class DisabledException extends AuthenticationException {
public DisabledException(String msg, Throwable t) {
super(msg, t);
}
public DisabledException(String msg, Object extraInformation) {
super(msg, extraInformation);
}
}
@@ -44,4 +44,8 @@ public class LockedException extends AuthenticationException {
public LockedException(String msg, Throwable t) {
super(msg, t);
}
public LockedException(String msg, Object extraInformation) {
super(msg, extraInformation);
}
}
@@ -40,7 +40,7 @@ public class ConcurrentSessionControllerImpl implements ConcurrentSessionControl
//~ Instance fields ================================================================================================
protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
private SessionRegistry sessionRegistry = new SessionRegistryImpl();
private SessionRegistry sessionRegistry;
private boolean exceptionIfMaximumExceeded = false;
private int maximumSessions = 1;
@@ -159,6 +159,14 @@ public class FilterBasedLdapUserSearch implements LdapUserSearch {
searchControls.setTimeLimit(searchTimeLimit);
}
protected LdapUserDetailsMapper getUserDetailsMapper() {
return userDetailsMapper;
}
public void setUserDetailsMapper(LdapUserDetailsMapper userDetailsMapper) {
this.userDetailsMapper = userDetailsMapper;
}
public String toString() {
StringBuffer sb = new StringBuffer();
@@ -110,6 +110,7 @@ public class ProviderManager extends AbstractAuthenticationManager implements In
private List providers;
protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
private Properties exceptionMappings = new Properties();
private Properties additionalExceptionMappings = new Properties();
static {
DEFAULT_EXCEPTION_MAPPINGS.put(AccountExpiredException.class.getName(),
@@ -143,6 +144,7 @@ public class ProviderManager extends AbstractAuthenticationManager implements In
public void afterPropertiesSet() throws Exception {
checkIfValidList(this.providers);
Assert.notNull(this.messages, "A message source must be set");
exceptionMappings.putAll(additionalExceptionMappings);
doAddExtraDefaultExceptionMappings(exceptionMappings);
}
@@ -157,6 +159,9 @@ public class ProviderManager extends AbstractAuthenticationManager implements In
* injected by the IoC container.
*
* @param exceptionMappings the properties object, which already has entries in it
* @deprecated This method has been removed from the 2.0 series; please use the
* {@link #additionalExceptionMappings} property instead to inject additional exception
* to event mappings
*/
protected void doAddExtraDefaultExceptionMappings(Properties exceptionMappings) {}
@@ -193,6 +198,7 @@ public class ProviderManager extends AbstractAuthenticationManager implements In
try {
result = provider.authenticate(authentication);
copyDetails(authentication, result);
sessionController.checkAuthenticationAllowed(result);
} catch (AuthenticationException ae) {
lastException = ae;
@@ -245,6 +251,21 @@ public class ProviderManager extends AbstractAuthenticationManager implements In
throw lastException;
}
/**
* Copies the authentication details from a source Authentication object to a destination one, provided the
* latter does not already have one set.
*
* @param source source authentication
* @param dest the destination authentication object
*/
private void copyDetails(Authentication source, Authentication dest) {
if ((dest instanceof AbstractAuthenticationToken) && (dest.getDetails() == null)) {
AbstractAuthenticationToken token = (AbstractAuthenticationToken) dest;
token.setDetails(source.getDetails());
}
}
public List getProviders() {
return this.providers;
}
@@ -303,4 +324,17 @@ public class ProviderManager extends AbstractAuthenticationManager implements In
applicationEventPublisher.publishEvent(event);
}
}
}
/**
* Sets additional exception to event mappings. These are automatically merged with the default
* exception to event mappings that <code>ProviderManager</code> defines.
*
* @param additionalExceptionMappings where keys are the fully-qualified string name of the
* exception class and the values are the fully-qualified string name of the event class to fire
*/
public void setAdditionalExceptionMappings(
Properties additionalExceptionMappings) {
this.additionalExceptionMappings = additionalExceptionMappings;
}
}
@@ -22,6 +22,7 @@ import org.acegisecurity.BadCredentialsException;
import org.acegisecurity.providers.AuthenticationProvider;
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.acegisecurity.providers.cas.cache.NullStatelessTicketCache;
import org.acegisecurity.ui.cas.CasProcessingFilter;
@@ -59,7 +60,7 @@ public class CasAuthenticationProvider implements AuthenticationProvider, Initia
private CasAuthoritiesPopulator casAuthoritiesPopulator;
private CasProxyDecider casProxyDecider;
protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
private StatelessTicketCache statelessTicketCache;
private StatelessTicketCache statelessTicketCache = new NullStatelessTicketCache();
private String key;
private TicketValidator ticketValidator;
@@ -119,6 +120,7 @@ public class CasAuthenticationProvider implements AuthenticationProvider, Initia
if (result == null) {
result = this.authenticateNow(authentication);
result.setDetails(authentication.getDetails());
}
if (stateless) {
@@ -0,0 +1,63 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.acegisecurity.providers.cas.cache;
import org.acegisecurity.providers.cas.CasAuthenticationProvider;
import org.acegisecurity.providers.cas.CasAuthenticationToken;
import org.acegisecurity.providers.cas.StatelessTicketCache;
/**
* Implementation of @link {@link StatelessTicketCache} that has no backing cache. Useful
* in instances where storing of tickets for stateless session management is not required.
* <p>
* This is the default StatelessTicketCache of the @link {@link CasAuthenticationProvider} to
* eliminate the unnecessary dependency on EhCache that applications have even if they are not using
* the stateless session management.
*
* @author Scott Battaglia
* @version $Id$
*
*@see CasAuthenticationProvider
*/
public final class NullStatelessTicketCache implements StatelessTicketCache {
/**
* @return null since we are not storing any tickets.
*/
public CasAuthenticationToken getByTicketId(final String serviceTicket) {
return null;
}
/**
* This is a no-op since we are not storing tickets.
*/
public void putTicketInCache(final CasAuthenticationToken token) {
// nothing to do
}
/**
* This is a no-op since we are not storing tickets.
*/
public void removeTicketFromCache(final CasAuthenticationToken token) {
// nothing to do
}
/**
* This is a no-op since we are not storing tickets.
*/
public void removeTicketFromCache(final String serviceTicket) {
// nothing to do
}
}
@@ -31,6 +31,7 @@ import org.acegisecurity.providers.dao.cache.NullUserCache;
import org.acegisecurity.userdetails.UserDetails;
import org.acegisecurity.userdetails.UserDetailsService;
import org.acegisecurity.userdetails.UsernameNotFoundException;
import org.acegisecurity.userdetails.UserDetailsChecker;
import org.springframework.beans.factory.InitializingBean;
@@ -66,13 +67,15 @@ import org.springframework.util.Assert;
* @version $Id$
*/
public abstract class AbstractUserDetailsAuthenticationProvider implements AuthenticationProvider, InitializingBean,
MessageSourceAware {
MessageSourceAware {
//~ Instance fields ================================================================================================
protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
private UserCache userCache = new NullUserCache();
private boolean forcePrincipalAsString = false;
protected boolean hideUserNotFoundExceptions = true;
private UserDetailsChecker preAuthenticationChecks = new DefaultPreAuthenticationChecks();
private UserDetailsChecker postAuthenticationChecks = new DefaultPostAuthenticationChecks();
//~ Methods ========================================================================================================
@@ -129,20 +132,7 @@ public abstract class AbstractUserDetailsAuthenticationProvider implements Authe
Assert.notNull(user, "retrieveUser returned null - a violation of the interface contract");
}
if (!user.isAccountNonLocked()) {
throw new LockedException(messages.getMessage("AbstractUserDetailsAuthenticationProvider.locked",
"User account is locked"));
}
if (!user.isEnabled()) {
throw new DisabledException(messages.getMessage("AbstractUserDetailsAuthenticationProvider.disabled",
"User is disabled"));
}
if (!user.isAccountNonExpired()) {
throw new AccountExpiredException(messages.getMessage("AbstractUserDetailsAuthenticationProvider.expired",
"User account has expired"));
}
preAuthenticationChecks.check(user);
// This check must come here, as we don't want to tell users
// about account status unless they presented the correct credentials
@@ -160,10 +150,7 @@ public abstract class AbstractUserDetailsAuthenticationProvider implements Authe
}
}
if (!user.isCredentialsNonExpired()) {
throw new CredentialsExpiredException(messages.getMessage(
"AbstractUserDetailsAuthenticationProvider.credentialsExpired", "User credentials have expired"));
}
postAuthenticationChecks.check(user);
if (!cacheWasUsed) {
this.userCache.putUserInCache(user);
@@ -275,7 +262,58 @@ public abstract class AbstractUserDetailsAuthenticationProvider implements Authe
this.userCache = userCache;
}
protected UserDetailsChecker getPreAuthenticationChecks() {
return preAuthenticationChecks;
}
/**
* Sets the policy will be used to verify the status of the loaded <tt>UserDetails</tt> <em>before</em>
* validation of the credentials takes place.
*
* @param preAuthenticationChecks strategy to be invoked prior to authentication.
*/
public void setPreAuthenticationChecks(UserDetailsChecker preAuthenticationChecks) {
this.preAuthenticationChecks = preAuthenticationChecks;
}
protected UserDetailsChecker getPostAuthenticationChecks() {
return postAuthenticationChecks;
}
public void setPostAuthenticationChecks(UserDetailsChecker postAuthenticationChecks) {
this.postAuthenticationChecks = postAuthenticationChecks;
}
public boolean supports(Class authentication) {
return (UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication));
}
private class DefaultPreAuthenticationChecks implements UserDetailsChecker {
public void check(UserDetails user) {
if (!user.isAccountNonLocked()) {
throw new LockedException(messages.getMessage("AbstractUserDetailsAuthenticationProvider.locked",
"User account is locked"), user);
}
if (!user.isEnabled()) {
throw new DisabledException(messages.getMessage("AbstractUserDetailsAuthenticationProvider.disabled",
"User is disabled"), user);
}
if (!user.isAccountNonExpired()) {
throw new AccountExpiredException(messages.getMessage("AbstractUserDetailsAuthenticationProvider.expired",
"User account has expired"), user);
}
}
}
private class DefaultPostAuthenticationChecks implements UserDetailsChecker {
public void check(UserDetails user) {
if (!user.isCredentialsNonExpired()) {
throw new CredentialsExpiredException(messages.getMessage(
"AbstractUserDetailsAuthenticationProvider.credentialsExpired",
"User credentials have expired"), user);
}
}
}
}
@@ -15,8 +15,6 @@
package org.acegisecurity.providers.dao;
import java.util.Map;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.AuthenticationServiceException;
import org.acegisecurity.BadCredentialsException;
@@ -26,7 +24,6 @@ import org.acegisecurity.providers.encoding.PasswordEncoder;
import org.acegisecurity.providers.encoding.PlaintextPasswordEncoder;
import org.acegisecurity.userdetails.UserDetails;
import org.acegisecurity.userdetails.UserDetailsService;
import org.springframework.context.ApplicationContext;
import org.springframework.dao.DataAccessException;
import org.springframework.util.Assert;
@@ -82,31 +79,6 @@ public class DaoAuthenticationProvider extends AbstractUserDetailsAuthentication
Assert.notNull(this.userDetailsService, "A UserDetailsService must be set");
}
/**
* Introspects the <code>Applicationcontext</code> for the single instance
* of {@link AccessDeniedHandler}. If found invoke
* setAccessDeniedHandler(AccessDeniedHandler accessDeniedHandler) method by
* providing the found instance of accessDeniedHandler as a method
* parameter. If more than one instance of <code>AccessDeniedHandler</code>
* is found, the method throws <code>IllegalStateException</code>.
*
* @param applicationContext to locate the instance
*/
private void autoDetectAnyUserDetailsServiceAndUseIt(ApplicationContext applicationContext) {
if (applicationContext != null) {
Map map = applicationContext.getBeansOfType(UserDetailsService.class);
if (map.size() > 1) {
throw new IllegalArgumentException(
"More than one UserDetailsService beans detected please refer to the one using "
+ " [ principalRepositoryBeanRef ] " + "attribute");
}
else if (map.size() == 1) {
setUserDetailsService((UserDetailsService) map.values().iterator().next());
}
}
}
public PasswordEncoder getPasswordEncoder() {
return passwordEncoder;
}
@@ -172,5 +144,4 @@ public class DaoAuthenticationProvider extends AbstractUserDetailsAuthentication
public void setIncludeDetailsObject(boolean includeDetailsObject) {
this.includeDetailsObject = includeDetailsObject;
}
}
@@ -87,6 +87,7 @@ public class BindAuthenticator extends AbstractLdapAuthenticator {
LdapUserDetailsImpl.Essence user = (LdapUserDetailsImpl.Essence) template.retrieveEntry(userDn,
getUserDetailsMapper(), getUserAttributes());
user.setUsername(username);
user.setPassword(password);
return user.createUserDetails();
} catch (BadCredentialsException e) {
@@ -50,26 +50,22 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* Handles any <code>AccessDeniedException</code> and
* <code>AuthenticationException</code> thrown within the filter chain.
* Handles any <code>AccessDeniedException</code> and <code>AuthenticationException</code> thrown within the
* filter chain.
* <p>
* This filter is necessary because it provides the bridge between Java
* exceptions and HTTP responses. It is solely concerned with maintaining the
* user interface. This filter does not do any actual security enforcement.
* This filter is necessary because it provides the bridge between Java exceptions and HTTP responses.
* It is solely concerned with maintaining the user interface. This filter does not do any actual security enforcement.
* </p>
* <p>
* If an {@link AuthenticationException} is detected, the filter will launch the
* <code>authenticationEntryPoint</code>. This allows common handling of
* authentication failures originating from any subclass of
* If an {@link AuthenticationException} is detected, the filter will launch the <code>authenticationEntryPoint</code>.
* This allows common handling of authentication failures originating from any subclass of
* {@link org.acegisecurity.intercept.AbstractSecurityInterceptor}.
* </p>
* <p>
* If an {@link AccessDeniedException} is detected, the filter will determine
* whether or not the user is an anonymous user. If they are an anonymous user,
* the <code>authenticationEntryPoint</code> will be launched. If they are not
* an anonymous user, the filter will delegate to the
* {@link org.acegisecurity.ui.AccessDeniedHandler}. By default the filter will
* use {@link org.acegisecurity.ui.AccessDeniedHandlerImpl}.
* If an {@link AccessDeniedException} is detected, the filter will determine whether or not the user is an anonymous
* user. If they are an anonymous user, the <code>authenticationEntryPoint</code> will be launched. If they are not
* an anonymous user, the filter will delegate to the {@link org.acegisecurity.ui.AccessDeniedHandler}.
* By default the filter will use {@link org.acegisecurity.ui.AccessDeniedHandlerImpl}.
* </p>
* <p>
* To use this filter, it is necessary to specify the following properties:
@@ -87,33 +83,26 @@ import javax.servlet.http.HttpServletResponse;
* <code>web.xml</code> to use the {@link
* org.acegisecurity.util.FilterToBeanProxy}.
* </p>
*
*
* @author Ben Alex
* @author colin sampaleanu
* @version $Id: ExceptionTranslationFilter.java 1496 2006-05-23 13:38:33Z
* benalex $
* @version $Id$
*/
public class ExceptionTranslationFilter implements Filter, InitializingBean {
// ~ Static fields/initializers
// =====================================================================================
//~ Static fields/initializers =====================================================================================
private static final Log logger = LogFactory.getLog(ExceptionTranslationFilter.class);
// ~ Instance fields
// ================================================================================================
private AccessDeniedHandler accessDeniedHandler;
//~ Instance fields ================================================================================================
private AccessDeniedHandler accessDeniedHandler = new AccessDeniedHandlerImpl();
private AuthenticationEntryPoint authenticationEntryPoint;
private AuthenticationTrustResolver authenticationTrustResolver = new AuthenticationTrustResolverImpl();
private PortResolver portResolver = new PortResolverImpl();
private boolean createSessionAllowed = true;
// ~ Methods
// ========================================================================================================
//~ Methods ========================================================================================================
public void afterPropertiesSet() throws Exception {
Assert.notNull(authenticationEntryPoint, "authenticationEntryPoint must be specified");
@@ -121,37 +110,6 @@ public class ExceptionTranslationFilter implements Filter, InitializingBean {
Assert.notNull(authenticationTrustResolver, "authenticationTrustResolver must be specified");
}
/**
* Introspects the <code>Applicationcontext</code> for the single instance
* of {@link AccessDeniedHandler}. If found invoke
* setAccessDeniedHandler(AccessDeniedHandler accessDeniedHandler) method by
* providing the found instance of accessDeniedHandler as a method
* parameter. If more than one instance of <code>AccessDeniedHandler</code>
* is found, the method throws <code>IllegalStateException</code>.
*
* @param applicationContext to locate the instance
*/
private void autoDetectAnyAccessDeniedHandlerAndUseIt(ApplicationContext applicationContext) {
Map map = applicationContext.getBeansOfType(AccessDeniedHandler.class);
if (map.size() > 1) {
throw new IllegalArgumentException(
"More than one AccessDeniedHandler beans detected please refer to the one using "
+ " [ accessDeniedBeanRef ] " + "attribute");
}
else if (map.size() == 1) {
AccessDeniedHandler handler = (AccessDeniedHandlerImpl) map.values().iterator().next();
setAccessDeniedHandler(handler);
}
else {
// create and use the default one specified as an instance variable.
accessDeniedHandler = new AccessDeniedHandlerImpl();
}
}
public void destroy() {
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
ServletException {
if (!(request instanceof HttpServletRequest)) {
@@ -231,20 +189,15 @@ public class ExceptionTranslationFilter implements Filter, InitializingBean {
}
}
public void init(FilterConfig filterConfig) throws ServletException {
}
/**
* If <code>true</code>, indicates that
* <code>SecurityEnforcementFilter</code> is permitted to store the target
* URL and exception information in the <code>HttpSession</code> (the
* default). In situations where you do not wish to unnecessarily create
* <code>HttpSession</code>s - because the user agent will know the
* failed URL, such as with BASIC or Digest authentication - you may wish to
* If <code>true</code>, indicates that <code>SecurityEnforcementFilter</code> is permitted to store the target
* URL and exception information in the <code>HttpSession</code> (the default).
* In situations where you do not wish to unnecessarily create <code>HttpSession</code>s - because the user agent
* will know the failed URL, such as with BASIC or Digest authentication - you may wish to
* set this property to <code>false</code>. Remember to also set the
* {@link org.acegisecurity.context.HttpSessionContextIntegrationFilter#allowSessionCreation}
* to <code>false</code> if you set this property to <code>false</code>.
*
*
* @return <code>true</code> if the <code>HttpSession</code> will be
* used to store information about the failed request, <code>false</code>
* if the <code>HttpSession</code> will not be used
@@ -296,4 +249,10 @@ public class ExceptionTranslationFilter implements Filter, InitializingBean {
public void setPortResolver(PortResolver portResolver) {
this.portResolver = portResolver;
}
public void init(FilterConfig filterConfig) throws ServletException {
}
public void destroy() {
}
}
@@ -31,6 +31,7 @@ import org.acegisecurity.AuthenticationException;
import org.acegisecurity.AuthenticationManager;
import org.acegisecurity.context.SecurityContextHolder;
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken;
import org.acegisecurity.ui.AuthenticationDetailsSource;
import org.acegisecurity.ui.AuthenticationDetailsSourceImpl;
import org.acegisecurity.ui.AuthenticationEntryPoint;
@@ -188,6 +189,17 @@ public class BasicProcessingFilter implements Filter, InitializingBean {
if (existingAuth instanceof UsernamePasswordAuthenticationToken && !existingAuth.getName().equals(username)) {
return true;
}
// Handle unusual condition where an AnonymousAuthenticationToken is already present
// This shouldn't happen very often, as BasicProcessingFitler is meant to be earlier in the filter
// chain than AnonymousProcessingFilter. Nevertheless, presence of both an AnonymousAuthenticationToken
// together with a BASIC authentication request header should indicate reauthentication using the
// BASIC protocol is desirable. This behaviour is also consistent with that provided by form and digest,
// both of which force re-authentication if the respective header is detected (and in doing so replace
// any existing AnonymousAuthenticationToken). See SEC-610.
if (existingAuth instanceof AnonymousAuthenticationToken) {
return true;
}
return false;
}
@@ -55,7 +55,6 @@ import org.springframework.util.Assert;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.servlet.Filter;
@@ -81,7 +80,7 @@ import javax.servlet.http.HttpServletResponse;
* specified user and will also contain an additinal {@link org.acegisecurity.ui.switchuser.SwitchUserGrantedAuthority
* } which contains the original user.</p>
* <p>To 'exit' from a user context, the user will then need to access a URL (see <code>exitUserUrl</code>) that
* will switch back to the original user as identified by the <code>SWITCH_USER_GRANTED_AUTHORITY</code>.</p>
* will switch back to the original user as identified by the <code>ROLE_PREVIOUS_ADMINISTRATOR</code>.</p>
* <p>To configure the Switch User Processing Filter, create a bean definition for the Switch User processing
* filter and add to the filterChainProxy. <br>
* Example:<pre>
@@ -102,8 +101,6 @@ public class SwitchUserProcessingFilter implements Filter, InitializingBean, App
private static final Log logger = LogFactory.getLog(SwitchUserProcessingFilter.class);
// ~ Static fields/initializers
// =============================================
public static final String ACEGI_SECURITY_SWITCH_USERNAME_KEY = "j_username";
public static final String ROLE_PREVIOUS_ADMINISTRATOR = "ROLE_PREVIOUS_ADMINISTRATOR";
@@ -116,9 +113,6 @@ public class SwitchUserProcessingFilter implements Filter, InitializingBean, App
private String switchUserUrl = "/j_acegi_switch_user";
private String targetUrl;
private SwitchUserAuthorityChanger switchUserAuthorityChanger;
// ~ Instance fields
// ========================================================
private UserDetailsService userDetailsService;
//~ Methods ========================================================================================================
@@ -275,8 +269,11 @@ public class SwitchUserProcessingFilter implements Filter, InitializingBean, App
Authentication currentAuth = SecurityContextHolder.getContext().getAuthentication();
GrantedAuthority switchAuthority = new SwitchUserGrantedAuthority(ROLE_PREVIOUS_ADMINISTRATOR, currentAuth);
// get the original authorities
List orig = Arrays.asList(targetUser.getAuthorities());
// get the original authorities
ArrayList orig = new ArrayList();
for (int i = 0; i < targetUser.getAuthorities().length; i++) {
orig.add(targetUser.getAuthorities()[i]);
}
// Allow subclasses to change the authorities to be granted
if (switchUserAuthorityChanger != null) {
@@ -443,7 +440,7 @@ public class SwitchUserProcessingFilter implements Filter, InitializingBean, App
/**
* Sets the authentication data access object.
*
* @param authenticationDao The authentication dao
* @param userDetailsService The UserDetailsService to use
*/
public void setUserDetailsService(UserDetailsService userDetailsService) {
this.userDetailsService = userDetailsService;
@@ -28,10 +28,12 @@ import javax.servlet.http.HttpServletRequest;
/**
* Processes an authentication form.<p>Login forms must present two parameters to this filter: a username and
* Processes an authentication form.
* <p>Login forms must present two parameters to this filter: a username and
* password. The parameter names to use are contained in the static fields {@link #ACEGI_SECURITY_FORM_USERNAME_KEY}
* and {@link #ACEGI_SECURITY_FORM_PASSWORD_KEY}.</p>
* <P><B>Do not use this class directly.</B> Instead configure <code>web.xml</code> to use the {@link
*
* <p><b>Do not use this class directly.</b> Instead configure <code>web.xml</code> to use the {@link
* org.acegisecurity.util.FilterToBeanProxy}.</p>
*
* @author Ben Alex
@@ -47,8 +49,7 @@ public class AuthenticationProcessingFilter extends AbstractProcessingFilter {
//~ Methods ========================================================================================================
public Authentication attemptAuthentication(HttpServletRequest request)
throws AuthenticationException {
public Authentication attemptAuthentication(HttpServletRequest request) throws AuthenticationException {
String username = obtainUsername(request);
String password = obtainPassword(request);
@@ -60,6 +61,8 @@ public class AuthenticationProcessingFilter extends AbstractProcessingFilter {
password = "";
}
username = username.trim();
UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);
// Place the last username attempted into HttpSession for views
@@ -0,0 +1,10 @@
package org.acegisecurity.userdetails;
/**
* @author Luke Taylor
* @version $Id$
* @since 1.0.7
*/
public interface UserDetailsChecker {
void check(UserDetails toCheck);
}
@@ -0,0 +1,42 @@
package org.acegisecurity.userdetails.checker;
import org.springframework.context.support.MessageSourceAccessor;
import org.acegisecurity.LockedException;
import org.acegisecurity.CredentialsExpiredException;
import org.acegisecurity.AccountExpiredException;
import org.acegisecurity.DisabledException;
import org.acegisecurity.AcegiMessageSource;
import org.acegisecurity.userdetails.UserDetailsChecker;
import org.acegisecurity.userdetails.UserDetails;
/**
* @author Luke Taylor
* @version $Id$
* @since 1.0.7
*/
public class AccountStatusUserDetailsChecker implements UserDetailsChecker {
protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
public void check(UserDetails user) {
if (!user.isAccountNonLocked()) {
throw new LockedException(messages.getMessage("UserDetailsService.locked", "User account is locked"), user);
}
if (!user.isEnabled()) {
throw new DisabledException(messages.getMessage("UserDetailsService.disabled", "User is disabled"), user);
}
if (!user.isAccountNonExpired()) {
throw new AccountExpiredException(messages.getMessage("UserDetailsService.expired",
"User account has expired"), user);
}
if (!user.isCredentialsNonExpired()) {
throw new CredentialsExpiredException(messages.getMessage("UserDetailsService.credentialsExpired",
"User credentials have expired"), user);
}
}
}
@@ -1,65 +0,0 @@
package org.acegisecurity.util;
import java.lang.reflect.Method;
import java.util.Map;
import org.springframework.context.ApplicationContext;
import org.springframework.core.Ordered;
import org.springframework.util.Assert;
import org.springframework.util.ReflectionUtils;
/**
* Proivdes common logic for manipulating classes implementing the Spring
* {@link Ordered} interface.
*
* @author Ben Alex
*/
public abstract class OrderedUtils {
/**
* Introspects the application context for a single instance of <code>sourceClass</code>. If found, the order from the source
* class instance is copied into the <code>destinationObject</code>. If more than one instance of <code>sourceClass</code>
* is found, the method throws <code>IllegalStateException</code>.
*
* <p>The <code>destinationObject</code> is required to provide a public <code>setOrder(int)</code> method to permit
* mutation of the order property.
*
* @param sourceClass to locate in the application context (must be assignable to Ordered)
* @param applicationContext to locate the class
* @param destinationObject to copy the order into (must provide public setOrder(int) method)
* @param skipIfMoreThanOneCandidateSourceClassInstance if the application context provides more than one potential source, skip modifications (if false, the first located matching source will be used)
* @return whether or not the destination class was updated
*/
public static boolean copyOrderFromOtherClass(Class sourceClass, ApplicationContext applicationContext, Object destinationObject, boolean skipIfMoreThanOneCandidateSourceClassInstance) {
Assert.notNull(sourceClass, "Source class required");
Assert.notNull(applicationContext, "ApplicationContext required");
Assert.notNull(destinationObject, "Destination object required");
Assert.isTrue(Ordered.class.isAssignableFrom(sourceClass), "Source class " + sourceClass + " must be assignable to Ordered");
Map map = applicationContext.getBeansOfType(sourceClass);
if (map.size() == 0) {
return false;
} else if (map.size() > 1 && skipIfMoreThanOneCandidateSourceClassInstance) {
return false;
} else {
copyOrderFromOtherObject((Ordered)map.values().iterator().next(), destinationObject);
return true;
}
}
/**
* Copies the order property from the <code>sourceObject</code> into the <code>destinationObject</code>.
*
* <p>The <code>destinationObject</code> is required to provide a public <code>setOrder(int)</code> method to permit
* mutation of the order property.
*
* @param sourceObject to copy the order from
* @param destinationObject to copy the order into (must provide public setOrder(int) method)
*/
public static void copyOrderFromOtherObject(Ordered sourceObject, Object destinationObject) {
Assert.notNull(sourceObject, "Source object required");
Assert.notNull(destinationObject, "Destination object required");
Method m = ReflectionUtils.findMethod(destinationObject.getClass(), "setOrder", new Class[] {int.class});
Assert.notNull(m, "Method setOrder(int) not found on " + destinationObject.getClass());
ReflectionUtils.invokeMethod(m, destinationObject, new Object[] {new Integer(sourceObject.getOrder())});
}
}
@@ -1 +0,0 @@
http\://www.springframework.org/schema/security=org.acegisecurity.config.SecurityNamespaceHandler
@@ -1,2 +0,0 @@
http\://www.springframework.org/schema/security/spring-security-2.0.xsd=org/acegisecurity/config/spring-security-2.0.xsd
@@ -246,6 +246,8 @@ public class CasAuthenticationProviderTests extends TestCase {
public void testDetectsMissingStatelessTicketCache()
throws Exception {
CasAuthenticationProvider cap = new CasAuthenticationProvider();
// set this explicitly to null to test failure
cap.setStatelessTicketCache(null);
cap.setCasAuthoritiesPopulator(new MockAuthoritiesPopulator());
cap.setCasProxyDecider(new MockProxyDecider());
cap.setKey("qwerty");
@@ -0,0 +1,61 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.acegisecurity.providers.cas.cache;
import java.util.ArrayList;
import java.util.List;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.GrantedAuthorityImpl;
import org.acegisecurity.providers.cas.CasAuthenticationToken;
import org.acegisecurity.providers.cas.StatelessTicketCache;
import org.acegisecurity.userdetails.User;
import junit.framework.TestCase;
/**
* Test cases for the @link {@link NullStatelessTicketCache}
*
* @author Scott Battaglia
* @version $Id$
*
*/
public class NullStatelessTicketCacheTests extends TestCase {
private StatelessTicketCache cache = new NullStatelessTicketCache();
public void testGetter() {
assertNull(cache.getByTicketId(null));
assertNull(cache.getByTicketId("test"));
}
public void testInsertAndGet() {
final CasAuthenticationToken token = getToken();
cache.putTicketInCache(token);
assertNull(cache.getByTicketId((String) token.getCredentials()));
}
private CasAuthenticationToken getToken() {
List proxyList = new ArrayList();
proxyList.add("https://localhost/newPortal/j_spring_cas_security_check");
User user = new User("marissa", "password", true, true, true, true,
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO")});
return new CasAuthenticationToken("key", user, "ST-0-ER94xMJmn6pha35CQRoZ",
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO")}, user,
proxyList, "PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt");
}
}
@@ -41,6 +41,8 @@ import org.springframework.dao.DataAccessException;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import java.util.List;
/**
* Tests {@link org.acegisecurity.ui.switchuser.SwitchUserProcessingFilter}.
@@ -377,6 +379,28 @@ public class SwitchUserProcessingFilterTests extends TestCase {
assertEquals("jacklord", ((User) targetAuth.getPrincipal()).getUsername());
}
public void testModificationOfAuthoritiesWorks() {
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("dano", "hawaii50");
SecurityContextHolder.getContext().setAuthentication(auth);
MockHttpServletRequest request = new MockHttpServletRequest();
request.addParameter(SwitchUserProcessingFilter.ACEGI_SECURITY_SWITCH_USERNAME_KEY, "jacklord");
SwitchUserProcessingFilter filter = new SwitchUserProcessingFilter();
filter.setUserDetailsService(new MockAuthenticationDaoUserJackLord());
filter.setSwitchUserAuthorityChanger(new SwitchUserAuthorityChanger() {
public void modifyGrantedAuthorities(UserDetails targetUser, Authentication currentAuthentication, List authoritiesToBeGranted) {
authoritiesToBeGranted.clear();
authoritiesToBeGranted.add(new GrantedAuthorityImpl("ROLE_NEW"));
}
});
Authentication result = filter.attemptSwitchUser(request);
assertTrue(result != null);
assertEquals(2, result.getAuthorities().length);
assertEquals("ROLE_NEW", result.getAuthorities()[0].getAuthority());
}
//~ Inner Classes ==================================================================================================
private class MockAuthenticationDaoUserJackLord implements UserDetailsService {
+9 -30
View File
@@ -2,7 +2,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.acegisecurity</groupId>
<artifactId>acegi-security-parent</artifactId>
<version>1.0.6-SNAPSHOT</version>
<version>1.0.7</version>
<name>Acegi Security</name>
<packaging>pom</packaging>
@@ -32,9 +32,9 @@
</licenses>
<scm>
<connection>scm:svn:https://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity</connection>
<developerConnection>scm:svn:https://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity</developerConnection>
<url>http://acegisecurity.svn.sourceforge.net/viewcvs.cgi/acegisecurity/trunk/acegisecurity/</url>
<connection>scm:svn:https://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/spring-security/tags/acegi-security-parent-1.0.7</connection>
<developerConnection>scm:svn:https://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/spring-security/tags/acegi-security-parent-1.0.7</developerConnection>
<url>http://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/spring-security/tags/acegi-security-parent-1.0.7</url>
</scm>
<issueManagement>
@@ -79,29 +79,8 @@
<enabled>false</enabled>
</releases>
</repository>
<repository>
<id>apache.org</id>
<name>Apache snapshot repository</name>
<url>http://svn.apache.org/maven-snapshot-repository</url>
<releases>
<enabled>false</enabled>
</releases>
</repository>
</repositories>
<pluginRepositories>
<pluginRepository>
<id>agilejava.com</id>
<url>http://agilejava.com/maven/</url>
<releases>
<enabled>true</enabled>
</releases>
<snapshots>
<enabled>false</enabled>
</snapshots>
</pluginRepository>
</pluginRepositories>
<mailingLists>
<mailingList>
<name>Acegi Developer List</name>
@@ -350,10 +329,10 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-release-plugin</artifactId>
<version>2.0-beta-5</version>
<version>2.0-beta-7</version>
<configuration>
<tagBase>
https://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/tags
https://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/spring-security/tags
</tagBase>
</configuration>
</plugin>
@@ -411,9 +390,9 @@
<postProcess>
<copy todir="${docbook.target}/images">
<fileset dir="${docbook.source}/images">
<include name="*.png"/>
<include name="*.gif"/>
<include name="*.jpg"/>
<include name="*.png" />
<include name="*.gif" />
<include name="*.jpg" />
</fileset>
</copy>
</postProcess>
+1
View File
@@ -66,4 +66,5 @@ Links to mailing list archives, the forums, and other useful resources are
available from http://acegisecurity.org.
$Id$
+3 -3
View File
@@ -16,7 +16,7 @@
# 7. The archives are tar archives. Create zip versions from the contents and check the internal paths are Ok.
# 8. Check the site looks Ok.
# 9. Check the reference guide links in the site are valid and that images are shown and paths in HTML are relative.
# 10. Deploy the contacts and tutorial sample apps in a web container and check they work.
# 10. Deploy the contacts and tutorial sample apps in Jetty and Tomcat and check they work.
# 11. Check there have been no further commits since checkout (svn update). If there have, go to 1.
# 12. Commit the source with the changed version numbers and note the revision number (should be 'build revision' + 1).
# 13. Update the pom file versions to the appropriate snapshot version, do a grep to make sure none have been missed
@@ -120,12 +120,12 @@ fi
pushd $SITE_DIR
find . -maxdepth 2 -mindepth 2 -name "*.html" | xargs perl -i -p -e 's#\./css/#\.\./css/#;' \
find . -maxdepth 2 -mindepth 2 -name "*.html" | xargs perl -i -p -e 's#"\./css/#"\.\./css/#;' \
-e 's/Maven Surefire Report/Unit Tests/;' \
-e 's/Cobertura Test Coverage/Test Coverage/;' \
-e 's/A successful project.*greatly appreciated\.//;'
find . -maxdepth 3 -mindepth 3 -name "*.html" | xargs perl -i -p -e 's#\./css/#\.\./\.\./css/#;'
find . -maxdepth 3 -mindepth 3 -name "*.html" | xargs perl -i -p -e 's#"\./css/#"\.\./\.\./css/#;'
popd
+4 -6
View File
@@ -1,12 +1,9 @@
<?xml version="1.0" encoding="ISO-8859-1"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.acegisecurity</groupId>
<artifactId>acegi-security-samples</artifactId>
<version>1.0.6-SNAPSHOT</version>
<version>1.0.7</version>
</parent>
<artifactId>acegi-security-samples-contacts</artifactId>
<name>Acegi Security System for Spring - Contacts sample</name>
@@ -83,6 +80,7 @@
<plugin>
<groupId>org.mortbay.jetty</groupId>
<artifactId>maven-jetty-plugin</artifactId>
<version>6.1.6</version>
<configuration>
<contextPath>/contacts</contextPath>
<!--jettyConfig>${basedir}/src/test/resources/jetty.xml</jettyConfig-->
@@ -95,4 +93,4 @@
</plugins>
</build>
</project>
</project>
+1 -1
View File
@@ -3,7 +3,7 @@
<parent>
<groupId>org.acegisecurity</groupId>
<artifactId>acegi-security-parent</artifactId>
<version>1.0.6-SNAPSHOT</version>
<version>1.0.7</version>
</parent>
<groupId>org.acegisecurity</groupId>
<artifactId>acegi-security-samples</artifactId>
+49 -36
View File
@@ -1,36 +1,49 @@
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.acegisecurity</groupId>
<artifactId>acegi-security-samples</artifactId>
<version>1.0.6-SNAPSHOT</version>
</parent>
<groupId>org.acegisecurity</groupId>
<artifactId>acegi-security-samples-tutorial</artifactId>
<name>Acegi Security Samples - Tutorial</name>
<packaging>war</packaging>
<dependencies>
<dependency>
<groupId>org.acegisecurity</groupId>
<artifactId>acegi-security</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.mortbay.jetty</groupId>
<artifactId>maven-jetty-plugin</artifactId>
<configuration>
<contextPath>/tutorial</contextPath>
</configuration>
</plugin>
</plugins>
</build>
</project>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.acegisecurity</groupId>
<artifactId>acegi-security-samples</artifactId>
<version>1.0.7</version>
</parent>
<groupId>org.acegisecurity</groupId>
<artifactId>acegi-security-samples-tutorial</artifactId>
<name>Acegi Security Samples - Tutorial</name>
<packaging>war</packaging>
<dependencies>
<dependency>
<groupId>org.acegisecurity</groupId>
<artifactId>acegi-security</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>jstl</artifactId>
<version>1.0</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>taglibs</groupId>
<artifactId>standard</artifactId>
<version>1.0.6</version>
<scope>runtime</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.mortbay.jetty</groupId>
<artifactId>maven-jetty-plugin</artifactId>
<version>6.1.6</version>
<configuration>
<contextPath>/tutorial</contextPath>
</configuration>
</plugin>
</plugins>
</build>
</project>
-47
View File
@@ -1,47 +0,0 @@
<classpath>
<classpathentry kind="src" path="src/main/java"/>
<classpathentry kind="src" path="src/main/resources" excluding="**/*.java"/>
<classpathentry kind="src" path="src/test/java" output="target/test-classes"/>
<classpathentry kind="src" path="src/test/resources" output="target/test-classes" excluding="**/*.java"/>
<classpathentry kind="output" path="target/classes"/>
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
<classpathentry kind="var" path="M2_REPO/commons-collections/commons-collections/3.1/commons-collections-3.1.jar" sourcepath="M2_REPO/commons-collections/commons-collections/3.1/commons-collections-3.1-sources.jar"/>
<classpathentry kind="var" path="M2_REPO/org/apache/directory/server/apacheds-core-shared/1.0.0/apacheds-core-shared-1.0.0.jar"/>
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-context/2.0.4/spring-context-2.0.4.jar"/>
<classpathentry kind="var" path="M2_REPO/commons-codec/commons-codec/1.3/commons-codec-1.3.jar" sourcepath="M2_REPO/commons-codec/commons-codec/1.3/commons-codec-1.3-sources.jar"/>
<classpathentry kind="var" path="M2_REPO/commons-attributes/commons-attributes-api/2.1/commons-attributes-api-2.1.jar" sourcepath="M2_REPO/commons-attributes/commons-attributes-api/2.1/commons-attributes-api-2.1-sources.jar"/>
<classpathentry kind="var" path="M2_REPO/javax/servlet/servlet-api/2.4/servlet-api-2.4.jar" sourcepath="M2_REPO/javax/servlet/servlet-api/2.4/servlet-api-2.4-sources.jar"/>
<classpathentry kind="var" path="M2_REPO/junit/junit/3.8.1/junit-3.8.1.jar" sourcepath="M2_REPO/junit/junit/3.8.1/junit-3.8.1-sources.jar"/>
<classpathentry kind="var" path="M2_REPO/cas/casclient/2.0.11/casclient-2.0.11.jar"/>
<classpathentry kind="var" path="M2_REPO/hsqldb/hsqldb/1.8.0.4/hsqldb-1.8.0.4.jar"/>
<classpathentry kind="var" path="M2_REPO/qdox/qdox/1.5/qdox-1.5.jar"/>
<classpathentry kind="var" path="M2_REPO/org/apache/directory/shared/shared-ldap/0.9.5.3/shared-ldap-0.9.5.3.jar"/>
<classpathentry kind="var" path="M2_REPO/taglibs/standard/1.0.6/standard-1.0.6.jar" sourcepath="M2_REPO/taglibs/standard/1.0.6/standard-1.0.6-sources.jar"/>
<classpathentry kind="var" path="M2_REPO/jmock/jmock/1.0.1/jmock-1.0.1.jar" sourcepath="M2_REPO/jmock/jmock/1.0.1/jmock-1.0.1-sources.jar"/>
<classpathentry kind="var" path="M2_REPO/org/apache/directory/server/apacheds-core/1.0.0/apacheds-core-1.0.0.jar"/>
<classpathentry kind="var" path="M2_REPO/org/apache/directory/shared/shared-asn1/0.9.5.3/shared-asn1-0.9.5.3.jar"/>
<classpathentry kind="var" path="M2_REPO/javax/servlet/jsp-api/2.0/jsp-api-2.0.jar"/>
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-web/2.0.4/spring-web-2.0.4.jar"/>
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-support/2.0.4/spring-support-2.0.4.jar"/>
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-dao/2.0.4/spring-dao-2.0.4.jar"/>
<classpathentry kind="var" path="M2_REPO/org/acegisecurity/acegi-security/1.0.5-SNAPSHOT/acegi-security-1.0.5-SNAPSHOT.jar" sourcepath="M2_REPO/org/acegisecurity/acegi-security/1.0.5-SNAPSHOT/acegi-security-1.0.5-SNAPSHOT-sources.jar"/>
<classpathentry kind="var" path="M2_REPO/log4j/log4j/1.2.9/log4j-1.2.9.jar" sourcepath="M2_REPO/log4j/log4j/1.2.9/log4j-1.2.9-sources.jar"/>
<classpathentry kind="var" path="M2_REPO/commons-attributes/commons-attributes-compiler/2.1/commons-attributes-compiler-2.1.jar"/>
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-remoting/2.0.4/spring-remoting-2.0.4.jar"/>
<classpathentry kind="var" path="M2_REPO/antlr/antlr/2.7.6/antlr-2.7.6.jar" sourcepath="M2_REPO/antlr/antlr/2.7.6/antlr-2.7.6-sources.jar"/>
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-mock/2.0.4/spring-mock-2.0.4.jar"/>
<classpathentry kind="var" path="M2_REPO/jdbm/jdbm/1.0/jdbm-1.0.jar"/>
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-aop/2.0.4/spring-aop-2.0.4.jar"/>
<classpathentry kind="var" path="M2_REPO/org/slf4j/slf4j-log4j12/1.0.1/slf4j-log4j12-1.0.1.jar" sourcepath="M2_REPO/org/slf4j/slf4j-log4j12/1.0.1/slf4j-log4j12-1.0.1-sources.jar"/>
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-jdbc/2.0.4/spring-jdbc-2.0.4.jar"/>
<classpathentry kind="var" path="M2_REPO/commons-lang/commons-lang/2.1/commons-lang-2.1.jar" sourcepath="M2_REPO/commons-lang/commons-lang/2.1/commons-lang-2.1-sources.jar"/>
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-beans/2.0.4/spring-beans-2.0.4.jar"/>
<classpathentry kind="var" path="M2_REPO/oro/oro/2.0.8/oro-2.0.8.jar" sourcepath="M2_REPO/oro/oro/2.0.8/oro-2.0.8-sources.jar"/>
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-core/2.0.4/spring-core-2.0.4.jar"/>
<classpathentry kind="var" path="M2_REPO/commons-logging/commons-logging/1.0.4/commons-logging-1.0.4.jar" sourcepath="M2_REPO/commons-logging/commons-logging/1.0.4/commons-logging-1.0.4-sources.jar"/>
<classpathentry kind="var" path="M2_REPO/aspectj/aspectjrt/1.2/aspectjrt-1.2.jar"/>
<classpathentry kind="var" path="M2_REPO/ant/ant/1.5/ant-1.5.jar"/>
<classpathentry kind="var" path="M2_REPO/aopalliance/aopalliance/1.0/aopalliance-1.0.jar" sourcepath="M2_REPO/aopalliance/aopalliance/1.0/aopalliance-1.0-sources.jar"/>
<classpathentry kind="var" path="M2_REPO/net/sf/ehcache/ehcache/1.2.4/ehcache-1.2.4.jar" sourcepath="M2_REPO/net/sf/ehcache/ehcache/1.2.4/ehcache-1.2.4-sources.jar"/>
<classpathentry kind="var" path="M2_REPO/org/acegisecurity/acegi-security-tiger/1.0.5-SNAPSHOT/acegi-security-tiger-1.0.5-SNAPSHOT.jar" sourcepath="M2_REPO/org/acegisecurity/acegi-security-tiger/1.0.5-SNAPSHOT/acegi-security-tiger-1.0.5-SNAPSHOT-sources.jar"/>
</classpath>
-19
View File
@@ -1,19 +0,0 @@
<projectDescription>
<name>spring-security-config</name>
<comment>Acegi Security System for Spring</comment>
<projects/>
<buildSpec>
<buildCommand>
<name>org.eclipse.jdt.core.javabuilder</name>
</buildCommand>
<buildCommand>
<name>org.eclipse.wst.validation.validationbuilder</name>
</buildCommand>
</buildSpec>
<natures>
<nature>org.eclipse.wst.common.project.facet.core.nature</nature>
<nature>org.eclipse.jdt.core.javanature</nature>
<nature>org.eclipse.wst.common.modulecore.ModuleCoreNature</nature>
<nature>org.eclipse.jem.workbench.JavaEMFNature</nature>
</natures>
</projectDescription>
@@ -1,6 +0,0 @@
<project-modules id="moduleCoreId">
<wb-module deploy-name="spring-security-config">
<wb-resource deploy-path="/" source-path="src/main/java"/>
<wb-resource deploy-path="/" source-path="src/main/resources"/>
</wb-module>
</project-modules>
@@ -1,7 +0,0 @@
#Sun Jun 17 10:48:58 EST 2007
eclipse.preferences.version=1
org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5
org.eclipse.jdt.core.compiler.compliance=1.5
org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
org.eclipse.jdt.core.compiler.source=1.5
@@ -1,6 +0,0 @@
<faceted-project>
<fixed facet="jst.java"/>
<fixed facet="jst.utility"/>
<installed facet="jst.utility" version="1.0"/>
<installed facet="jst.java" version="5.0"/>
</faceted-project>
@@ -1,239 +0,0 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.acegisecurity.ui.basicauth;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.acegisecurity.Authentication;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.AuthenticationManager;
import org.acegisecurity.context.SecurityContextHolder;
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.acegisecurity.ui.AuthenticationDetailsSource;
import org.acegisecurity.ui.AuthenticationDetailsSourceImpl;
import org.acegisecurity.ui.AuthenticationEntryPoint;
import org.acegisecurity.ui.rememberme.RememberMeServices;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.core.Ordered;
import org.springframework.util.Assert;
/**
* Processes a HTTP request's BASIC authorization headers, putting the result into the
* <code>SecurityContextHolder</code>.<p>For a detailed background on what this filter is designed to process,
* refer to <A HREF="http://www.faqs.org/rfcs/rfc1945.html">RFC 1945, Section 11.1</A>. Any realm name presented in
* the HTTP request is ignored.</p>
* <p>In summary, this filter is responsible for processing any request that has a HTTP request header of
* <code>Authorization</code> with an authentication scheme of <code>Basic</code> and a Base64-encoded
* <code>username:password</code> token. For example, to authenticate user "Aladdin" with password "open sesame" the
* following header would be presented:</p>
* <p><code>Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==</code>.</p>
* <p>This filter can be used to provide BASIC authentication services to both remoting protocol clients (such as
* Hessian and SOAP) as well as standard user agents (such as Internet Explorer and Netscape).</p>
* <P>If authentication is successful, the resulting {@link Authentication} object will be placed into the
* <code>SecurityContextHolder</code>.</p>
* <p>If authentication fails and <code>ignoreFailure</code> is <code>false</code> (the default), an {@link
* AuthenticationEntryPoint} implementation is called. Usually this should be {@link BasicProcessingFilterEntryPoint},
* which will prompt the user to authenticate again via BASIC authentication.</p>
* <p>Basic authentication is an attractive protocol because it is simple and widely deployed. However, it still
* transmits a password in clear text and as such is undesirable in many situations. Digest authentication is also
* provided by Acegi Security and should be used instead of Basic authentication wherever possible. See {@link
* org.acegisecurity.ui.digestauth.DigestProcessingFilter}.</p>
* <p>Note that if a {@link #rememberMeServices} is set, this filter will automatically send back remember-me
* details to the client. Therefore, subsequent requests will not need to present a BASIC authentication header as
* they will be authenticated using the remember-me mechanism.</p>
* <p><b>Do not use this class directly.</b> Instead configure <code>web.xml</code> to use the {@link
* org.acegisecurity.util.FilterToBeanProxy}.</p>
*
* @author Ben Alex
* @version $Id: BasicProcessingFilter.java 1783 2007-02-23 19:21:44Z luke_t $
*/
public class BasicProcessingFilter implements Filter, InitializingBean, Ordered {
//~ Static fields/initializers =====================================================================================
private static final Log logger = LogFactory.getLog(BasicProcessingFilter.class);
//~ Instance fields ================================================================================================
private AuthenticationDetailsSource authenticationDetailsSource = new AuthenticationDetailsSourceImpl();
private AuthenticationEntryPoint authenticationEntryPoint;
private AuthenticationManager authenticationManager;
private RememberMeServices rememberMeServices;
private boolean ignoreFailure = false;
private int order;
//~ Methods ========================================================================================================
public void afterPropertiesSet() throws Exception {
Assert.notNull(this.authenticationManager, "An AuthenticationManager is required");
Assert.notNull(this.authenticationEntryPoint, "An AuthenticationEntryPoint is required");
}
public void destroy() {}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
if (!(request instanceof HttpServletRequest)) {
throw new ServletException("Can only process HttpServletRequest");
}
if (!(response instanceof HttpServletResponse)) {
throw new ServletException("Can only process HttpServletResponse");
}
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
String header = httpRequest.getHeader("Authorization");
if (logger.isDebugEnabled()) {
logger.debug("Authorization header: " + header);
}
if ((header != null) && header.startsWith("Basic ")) {
String base64Token = header.substring(6);
String token = new String(Base64.decodeBase64(base64Token.getBytes()));
String username = "";
String password = "";
int delim = token.indexOf(":");
if (delim != -1) {
username = token.substring(0, delim);
password = token.substring(delim + 1);
}
if (authenticationIsRequired(username)) {
UsernamePasswordAuthenticationToken authRequest =
new UsernamePasswordAuthenticationToken(username, password);
authRequest.setDetails(authenticationDetailsSource.buildDetails((HttpServletRequest) request));
Authentication authResult;
try {
authResult = authenticationManager.authenticate(authRequest);
} catch (AuthenticationException failed) {
// Authentication failed
if (logger.isDebugEnabled()) {
logger.debug("Authentication request for user: " + username + " failed: " + failed.toString());
}
SecurityContextHolder.getContext().setAuthentication(null);
if (rememberMeServices != null) {
rememberMeServices.loginFail(httpRequest, httpResponse);
}
if (ignoreFailure) {
chain.doFilter(request, response);
} else {
authenticationEntryPoint.commence(request, response, failed);
}
return;
}
// Authentication success
if (logger.isDebugEnabled()) {
logger.debug("Authentication success: " + authResult.toString());
}
SecurityContextHolder.getContext().setAuthentication(authResult);
if (rememberMeServices != null) {
rememberMeServices.loginSuccess(httpRequest, httpResponse, authResult);
}
}
}
chain.doFilter(request, response);
}
private boolean authenticationIsRequired(String username) {
// Only reauthenticate if username doesn't match SecurityContextHolder and user isn't authenticated
// (see SEC-53)
Authentication existingAuth = SecurityContextHolder.getContext().getAuthentication();
if(existingAuth == null || !existingAuth.isAuthenticated()) {
return true;
}
// Limit username comparison to providers which use usernames (ie UsernamePasswordAuthenticationToken)
// (see SEC-348)
if (existingAuth instanceof UsernamePasswordAuthenticationToken && !existingAuth.getName().equals(username)) {
return true;
}
return false;
}
public AuthenticationEntryPoint getAuthenticationEntryPoint() {
return authenticationEntryPoint;
}
public AuthenticationManager getAuthenticationManager() {
return authenticationManager;
}
public void init(FilterConfig arg0) throws ServletException {}
public boolean isIgnoreFailure() {
return ignoreFailure;
}
public void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource) {
Assert.notNull(authenticationDetailsSource, "AuthenticationDetailsSource required");
this.authenticationDetailsSource = authenticationDetailsSource;
}
public void setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint) {
this.authenticationEntryPoint = authenticationEntryPoint;
}
public void setAuthenticationManager(AuthenticationManager authenticationManager) {
this.authenticationManager = authenticationManager;
}
public void setIgnoreFailure(boolean ignoreFailure) {
this.ignoreFailure = ignoreFailure;
}
public void setRememberMeServices(RememberMeServices rememberMeServices) {
this.rememberMeServices = rememberMeServices;
}
public int getOrder() {
return order;
}
public void setOrder(int order) {
this.order = order;
}
}
@@ -1,102 +0,0 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.acegisecurity.ui.basicauth;
import java.io.IOException;
import java.util.Map;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.ui.AuthenticationEntryPoint;
import org.acegisecurity.util.OrderedUtils;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import org.springframework.core.Ordered;
import org.springframework.util.Assert;
/**
* Used by the <code>SecurityEnforcementFilter</code> to commence
* authentication via the {@link BasicProcessingFilter}.
* <P>
* Once a user agent is authenticated using BASIC authentication, logout
* requires that the browser be closed or an unauthorized (401) header be sent.
* The simplest way of achieving the latter is to call the
* {@link #commence(ServletRequest, ServletResponse, AuthenticationException)}
* method below. This will indicate to the browser its credentials are no longer
* authorized, causing it to prompt the user to login again.
* </p>
*
* @author Ben Alex
* @version $Id: BasicProcessingFilterEntryPoint.java 1822 2007-05-17 12:20:16Z
* vishalpuri $
*/
public class BasicProcessingFilterEntryPoint implements AuthenticationEntryPoint, InitializingBean, Ordered,
ApplicationContextAware {
// ~ Static fields/initializers
// =====================================================================================
private static final int DEFAULT_ORDER = Integer.MAX_VALUE;
// ~ Instance fields
// ================================================================================================
private String realmName;
private int order = DEFAULT_ORDER;
private ApplicationContext applicationContext;
// ~ Methods
// ========================================================================================================
public int getOrder() {
return order;
}
public void setOrder(int order) {
this.order = order;
}
public void afterPropertiesSet() throws Exception {
Assert.hasText(realmName, "realmName must be specified");
if (order == DEFAULT_ORDER) {
OrderedUtils.copyOrderFromOtherClass(BasicProcessingFilter.class, applicationContext, this, true);
}
}
public void commence(ServletRequest request, ServletResponse response, AuthenticationException authException)
throws IOException, ServletException {
HttpServletResponse httpResponse = (HttpServletResponse) response;
httpResponse.addHeader("WWW-Authenticate", "Basic realm=\"" + realmName + "\"");
httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, authException.getMessage());
}
public String getRealmName() {
return realmName;
}
public void setRealmName(String realmName) {
this.realmName = realmName;
}
public void setApplicationContext(ApplicationContext applicationContext) {
this.applicationContext = applicationContext;
}
}
@@ -1,5 +0,0 @@
<html>
<body>
Authenticates HTTP BASIC authentication requests.
</body>
</html>
-169
View File
@@ -1,169 +0,0 @@
<?xml version="1.0"?>
<project>
<parent>
<artifactId>acegi-security-sandbox</artifactId>
<groupId>org.acegisecurity</groupId>
<version>1.0.6-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<groupId>org.acegisecurity</groupId>
<artifactId>spring-security-config</artifactId>
<name>spring-security-config</name>
<version>2.0.0-SNAPSHOT</version>
<url>http://maven.apache.org</url>
<dependencies>
<dependency>
<groupId>org.acegisecurity</groupId>
<artifactId>acegi-security-tiger</artifactId>
<version>1.0.6-SNAPSHOT</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-remoting</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-support</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-mock</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>net.sf.ehcache</groupId>
<artifactId>ehcache</artifactId>
<version>1.2.4</version>
<optional>true</optional>
</dependency>
<dependency>
<groupId>cas</groupId>
<artifactId>casclient</artifactId>
<version>2.0.11</version>
<optional>true</optional>
</dependency>
<dependency>
<groupId>commons-lang</groupId>
<artifactId>commons-lang</artifactId>
<version>2.1</version>
</dependency>
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>1.0.4</version>
</dependency>
<dependency>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
<version>1.3</version>
</dependency>
<dependency>
<groupId>oro</groupId>
<artifactId>oro</artifactId>
<version>2.0.8</version>
</dependency>
<dependency>
<groupId>commons-collections</groupId>
<artifactId>commons-collections</artifactId>
<version>3.1</version>
</dependency>
<dependency>
<groupId>commons-attributes</groupId>
<artifactId>commons-attributes-compiler</artifactId>
<version>2.1</version>
</dependency>
<dependency>
<groupId>commons-attributes</groupId>
<artifactId>commons-attributes-api</artifactId>
<version>2.1</version>
</dependency>
<dependency>
<groupId>commons-attributes</groupId>
<artifactId>commons-attributes-plugin</artifactId>
<version>2.1</version>
<type>plugin</type>
</dependency>
<dependency>
<groupId>aspectj</groupId>
<artifactId>aspectjrt</artifactId>
<version>1.2</version>
<optional>true</optional>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>jsp-api</artifactId>
<version>2.0</version>
<optional>true</optional>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
<version>2.4</version>
<optional>true</optional>
</dependency>
<dependency>
<groupId>taglibs</groupId>
<artifactId>standard</artifactId>
<version>1.0.6</version>
<optional>true</optional>
</dependency>
<dependency>
<groupId>hsqldb</groupId>
<artifactId>hsqldb</artifactId>
<version>1.8.0.4</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.directory.server</groupId>
<artifactId>apacheds-core</artifactId>
<version>1.0.0</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
<version>1.0.1</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>jmock</groupId>
<artifactId>jmock</artifactId>
<version>1.0.1</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<source>1.5</source>
<target>1.5</target>
</configuration>
</plugin>
</plugins>
</build>
<reporting>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-pmd-plugin</artifactId>
<configuration>
<targetJdk>1.5</targetJdk>
</configuration>
</plugin>
</plugins>
</reporting>
</project>
@@ -1,13 +0,0 @@
package org.acegisecurity;
/**
* Hello world!
*
*/
public class App
{
public static void main( String[] args )
{
System.out.println( "Hello World!" );
}
}
@@ -1,50 +0,0 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.acegisecurity;
import org.acegisecurity.annotation.Secured;
/**
* <code>BankService</code> sample using Java 5 Annotations.
*
* @author Mark St.Godard
* @version $Id: BankService.java 1496 2006-05-23 13:38:33Z benalex $
*
* @see org.acegisecurity.annotation.Secured
*/
@Secured({"ROLE_TELLER"})
public interface BankService {
//~ Methods ========================================================================================================
/**
* Get the account balance.
*
* @param accountNumber The account number
*
* @return The balance
*/
@Secured({"ROLE_PERMISSION_BALANCE"})
public float balance(String accountNumber);
/**
* List accounts
*
* @return The list of accounts
*/
@Secured({"ROLE_PERMISSION_LIST"})
public String[] listAccounts();
}
@@ -1,34 +0,0 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.acegisecurity;
/**
* <code>BankService</code> sample implementation.
*
* @author Mark St.Godard
* @version $Id: BankServiceImpl.java 1496 2006-05-23 13:38:33Z benalex $
*/
public class BankServiceImpl implements BankService {
//~ Methods ========================================================================================================
public float balance(String accountNumber) {
return 42000000;
}
public String[] listAccounts() {
return new String[] {"1", "2", "3"};
}
}
@@ -1,77 +0,0 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.acegisecurity;
import org.acegisecurity.AccessDeniedException;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.GrantedAuthorityImpl;
import org.acegisecurity.context.SecurityContextHolder;
import org.acegisecurity.context.SecurityContextImpl;
import org.acegisecurity.providers.TestingAuthenticationToken;
import org.springframework.context.support.ClassPathXmlApplicationContext;
/**
*
DOCUMENT ME!
*
* @author Mark St.Godard
* @version $Id: Main.java 1496 2006-05-23 13:38:33Z benalex $
*/
public class Main {
//~ Methods ========================================================================================================
/**
* This can be done in a web app by using a filter or <code>SpringMvcIntegrationInterceptor</code>.
*/
private static void createSecureContext() {
TestingAuthenticationToken auth = new TestingAuthenticationToken("test", "test",
new GrantedAuthority[] {
new GrantedAuthorityImpl("ROLE_TELLER"), new GrantedAuthorityImpl("ROLE_PERMISSION_LIST")
});
SecurityContextHolder.getContext().setAuthentication(auth);
}
private static void destroySecureContext() {
SecurityContextHolder.setContext(new SecurityContextImpl());
}
public static void main(String[] args) throws Exception {
createSecureContext();
ClassPathXmlApplicationContext context = new ClassPathXmlApplicationContext(
"org/acegisecurity/config/auto-config.xml");
BankService service = (BankService) context.getBean("bankService");
// will succeed
service.listAccounts();
// will fail
try {
System.out.println(
"We expect an AccessDeniedException now, as we do not hold the ROLE_PERMISSION_BALANCE granted authority, and we're using a unanimous access decision manager... ");
service.balance("1");
} catch (AccessDeniedException e) {
e.printStackTrace();
}
destroySecureContext();
}
}
@@ -1,145 +0,0 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.acegisecurity.config;
import org.acegisecurity.ldap.DefaultInitialDirContextFactory;
import org.acegisecurity.providers.ProviderManager;
import org.acegisecurity.providers.ldap.LdapAuthenticationProvider;
import org.acegisecurity.providers.ldap.authenticator.BindAuthenticator;
import org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator;
import org.acegisecurity.util.BeanDefinitionParserUtils;
import org.springframework.beans.factory.config.RuntimeBeanReference;
import org.springframework.beans.factory.support.AbstractBeanDefinition;
import org.springframework.beans.factory.support.ManagedList;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
import org.springframework.beans.factory.xml.BeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import org.springframework.util.xml.DomUtils;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
/**
* * {@link BeanDefinitionParser} for the <code>authentication-mechanism</code>
* tag, resolves to {@link org.acegisecurity.providers.ProviderManager} </br>
*
* @author vpuri
* @see {@link org.springframework.beans.factory.BeanFactory}
* @see {@link org.acegisecurity.providers.ProviderManager}
*
*/
public class AuthenticationMechanismBeanDefinitionParser extends AbstractBeanDefinitionParser implements
BeanDefinitionParser {
// ~ Instance fields
// ================================================================================================
private static final String AUTHENTICATION_JDBC = "authentication-jdbc";
private static final String AUTHENTICATION_LDAP = "authentication-ldap";
private static final String REF = "ref";
// ~ Methods
// ========================================================================================================
protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
ManagedList providers = new ManagedList();
Assert.notNull(parserContext, "ParserContext must not be null");
RootBeanDefinition authMechanismBeanDef = new RootBeanDefinition(ProviderManager.class);
NodeList childNodes = element.getChildNodes();
for (int i = 0, n = childNodes.getLength(); i < n; i++) {
Node node = childNodes.item(i);
if (node.getNodeType() == Node.ELEMENT_NODE) {
Element childElement = (Element) node;
// this.providerExists = true;
if (AUTHENTICATION_JDBC.equals(node.getLocalName())) {
String attribute = childElement.getAttribute(REF);
if (StringUtils.hasLength(attribute)) {
// create a beandefinition
providers.add(new RuntimeBeanReference(attribute));
}
}
else if (AUTHENTICATION_LDAP.equals(node.getLocalName())) {
providers.add(createLdapAuthencticationProviderBeanDefinition(childElement, parserContext));
}
}
authMechanismBeanDef.getPropertyValues().addPropertyValue("providers", providers);
}
return authMechanismBeanDef;
}
/**
* Creates a default bean definition.
* @return
*/
protected static RootBeanDefinition createAndRegisterBeanDefinitionWithDefaults(ParserContext parserContext) {
RootBeanDefinition beanDefinition = new RootBeanDefinition(ProviderManager.class);
ManagedList providers = new ManagedList();
// create authentication-repository (DaoAuthenticationProvider) and add
// that to list
RootBeanDefinition authRepo = AuthenticationRepositoryBeanDefinitionParser.createBeanDefinitionWithDefaults();
providers.add(authRepo);
beanDefinition.getPropertyValues().addPropertyValue("providers", providers);
parserContext.getReaderContext().registerWithGeneratedName(beanDefinition);
return beanDefinition;
}
protected static RootBeanDefinition createLdapAuthencticationProviderBeanDefinition(Element element,
ParserContext parserContext) {
// element ldap
RootBeanDefinition ldapAuthProvider = new RootBeanDefinition(LdapAuthenticationProvider.class);
RootBeanDefinition initialDirContextFactory = createInitialDirContextFactoryBeanDefinition(element);
RootBeanDefinition ldapAuthoritiesPopulator = new RootBeanDefinition(DefaultLdapAuthoritiesPopulator.class);
RootBeanDefinition bindAuthenticator = new RootBeanDefinition(BindAuthenticator.class);
Element property = DomUtils.getChildElementByTagName(element, "property");
Assert.notNull(property);
parserContext.getDelegate().parsePropertyElement(property, bindAuthenticator);
bindAuthenticator.getConstructorArgumentValues().addIndexedArgumentValue(0, initialDirContextFactory);
// LdapAuthenticator
ldapAuthProvider.getConstructorArgumentValues().addIndexedArgumentValue(0, bindAuthenticator);
ldapAuthoritiesPopulator.getConstructorArgumentValues().addIndexedArgumentValue(0, initialDirContextFactory);
BeanDefinitionParserUtils.setConstructorArgumentIfAvailable(1, element, "groupSearchBase", false,
ldapAuthoritiesPopulator);
BeanDefinitionParserUtils.setPropertyIfAvailable(element, "groupRoleAttribute", "groupRoleAttribute", false,
ldapAuthoritiesPopulator);
// LdapAuthoritiesPopulator
ldapAuthProvider.getConstructorArgumentValues().addIndexedArgumentValue(1, ldapAuthoritiesPopulator);
return ldapAuthProvider;
}
private static RootBeanDefinition createInitialDirContextFactoryBeanDefinition(Element element) {
RootBeanDefinition initialDirContextFactory = new RootBeanDefinition(DefaultInitialDirContextFactory.class);
BeanDefinitionParserUtils.setConstructorArgumentIfAvailable(0, element, "ldapUrl", false,
initialDirContextFactory);
BeanDefinitionParserUtils.setPropertyIfAvailable(element, "managerDn", "managerDn", false,
initialDirContextFactory);
BeanDefinitionParserUtils.setPropertyIfAvailable(element, "managerPassword", "managerPassword", false,
initialDirContextFactory);
return initialDirContextFactory;
}
}
@@ -1,71 +0,0 @@
/**
*
*/
package org.acegisecurity.config;
import org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices;
import org.acegisecurity.ui.webapp.AuthenticationProcessingFilter;
import org.springframework.beans.factory.config.BeanDefinitionHolder;
import org.springframework.beans.factory.support.AbstractBeanDefinition;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
import org.springframework.beans.factory.xml.BeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.util.StringUtils;
import org.w3c.dom.Element;
/**
* @author vpuri
*
*/
public class AuthenticationProcessingFilterBeanDefinitionParser extends AbstractBeanDefinitionParser implements
BeanDefinitionParser {
// ~ Instance fields
// ================================================================================================
private static final String AUTHENTICATION_URL = "authenticationUrl";
private static final String ERROR_FORM_URL = "errorFormUrl";
private static final String DEFAULT_TARGET_URL = "defaultTargetUrl";
// ~ Methods
// ================================================================================================
protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
RootBeanDefinition definition = new RootBeanDefinition(AuthenticationProcessingFilter.class);
setPropertyIfAvailable(element, AUTHENTICATION_URL, "filterProcessesUrl", definition);
setPropertyIfAvailable(element, ERROR_FORM_URL, "authenticationFailureUrl", definition);
setPropertyIfAvailable(element, DEFAULT_TARGET_URL, "defaultTargetUrl", definition);
return definition;
}
private void setPropertyIfAvailable(Element element, String attribute, String property,
RootBeanDefinition definition) {
String propertyValue = element.getAttribute(attribute);
if (StringUtils.hasText(propertyValue)) {
definition.getPropertyValues().addPropertyValue(property, propertyValue);
}
}
protected static RootBeanDefinition createBeandefinitionWithDefaults(ParserContext parserContext, RootBeanDefinition authenticationManager, RootBeanDefinition rememberMeServices) {
RootBeanDefinition definition = new RootBeanDefinition(AuthenticationProcessingFilter.class);
definition.getPropertyValues().addPropertyValue("authenticationManager",authenticationManager);
definition.getPropertyValues().addPropertyValue("rememberMeServices",rememberMeServices);
// RootBeanDefinition beanDefinition = AuthenticationMechanismBeanDefinitionParser.createAndRegisterBeanDefinitionWithDefaults(parserContext);
// definition.getPropertyValues().addPropertyValue("authenticationManager",
// parserContext.getReaderContext().getRegistry().getBeanDefinition(beanDefinition.getBeanClassName()));
// definition.getPropertyValues().addPropertyValue("rememberMeServices",
// RememberMeServicesBeanDefinitionParser.createAndRegisterBeanDefintionWithDefaults(parserContext));
/* TODO: There should not be any defaults for these urls ?!?! */
definition.getPropertyValues().addPropertyValue("authenticationFailureUrl", "/acegilogin.jsp?login_error=1");
definition.getPropertyValues().addPropertyValue("defaultTargetUrl", "/");
return definition;
}
}
@@ -1,43 +0,0 @@
package org.acegisecurity.config;
import java.util.Collections;
import org.acegisecurity.AuthenticationManager;
import org.acegisecurity.providers.AuthenticationProvider;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.config.BeanFactoryPostProcessor;
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
import org.springframework.beans.factory.support.ManagedList;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.core.OrderComparator;
public class AuthenticationProviderOrderResolver implements BeanFactoryPostProcessor {
/**
*
*/
public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) throws BeansException {
// retrieve all the AuthenticationProvider instances
ManagedList providers = retrieveAllAuthenticationProviders(beanFactory);
String[] names = beanFactory.getBeanNamesForType(AuthenticationManager.class);
RootBeanDefinition definition = (RootBeanDefinition)beanFactory.getBeanDefinition(names[0]);
definition.getPropertyValues().addPropertyValue("providers",providers);
}
/**
*
* @param beanFactory
* @return
*/
private ManagedList retrieveAllAuthenticationProviders(ConfigurableListableBeanFactory beanFactory) {
String[] m = beanFactory.getBeanNamesForType(AuthenticationProvider.class);
ManagedList l = new ManagedList();
for(int i=0;i<m.length;i++){
RootBeanDefinition def = (RootBeanDefinition)beanFactory.getBeanDefinition(m[i]);
l.add(def);
}
Collections.sort(l, new OrderComparator());
return l;
}
}
@@ -1,193 +0,0 @@
/**
*
*/
package org.acegisecurity.config;
import org.acegisecurity.providers.dao.DaoAuthenticationProvider;
import org.acegisecurity.providers.dao.salt.ReflectionSaltSource;
import org.acegisecurity.providers.dao.salt.SystemWideSaltSource;
import org.acegisecurity.providers.encoding.Md5PasswordEncoder;
import org.springframework.beans.factory.config.BeanDefinitionHolder;
import org.springframework.beans.factory.config.RuntimeBeanReference;
import org.springframework.beans.factory.support.AbstractBeanDefinition;
import org.springframework.beans.factory.support.ManagedList;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import org.springframework.util.xml.DomUtils;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
/**
* @author vpuri
*
*/
public class AuthenticationRepositoryBeanDefinitionParser extends AbstractBeanDefinitionParser {
// ~ Static fields
// =====================================================================================
private static final String REPOSITORY_BEAN_REF = "repositoryBeanRef";
private static final String USER_DETAILS_SERVICE = "userDetailsService";
private static final String SALT_SOURCE_ELEMENT = "salt-source";
private static final String SALT_SOURCE_REF = "saltSourceBeanRef";
private static final String SYSTEM_WIDE_SALT_SOURCE = "system-wide";
private static final String REFLECTION_SALT_SOURCE = "reflection";
private static final String PASSWORD_ENCODER_ELEMENT = "password-encoder";
private static final String PASSWORD_ENCODER_REF = "encoderBeanRef";
private static final String PASSWORD_ENCODER = "encoder";
// ~ Method
// ================================================================================================
public AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
Assert.notNull(parserContext, "ParserContext must not be null");
RootBeanDefinition repositoryBeanDef = new RootBeanDefinition(DaoAuthenticationProvider.class);
// check if saltSource is defined
Element saltSourceEle = DomUtils.getChildElementByTagName(element, SALT_SOURCE_ELEMENT);
setSaltSourceProperty(repositoryBeanDef, saltSourceEle);
Element passwordEncoderEle = DomUtils.getChildElementByTagName(element, PASSWORD_ENCODER_ELEMENT);
setPasswordEncoderProperty(repositoryBeanDef, passwordEncoderEle);
// if repositoryBeanRef is specified use its referred bean
String userDetailsRef = element.getAttribute(REPOSITORY_BEAN_REF);
if (StringUtils.hasLength(userDetailsRef)) {
repositoryBeanDef.getPropertyValues().addPropertyValue(USER_DETAILS_SERVICE,
new RuntimeBeanReference(userDetailsRef));
}
return repositoryBeanDef;
}
/**
*
* @param repositoryBeanDef
* @param element
*/
private void setSaltSourceProperty(RootBeanDefinition repositoryBeanDef, Element element) {
if (element != null) {
setBeanReferenceOrInnerBeanDefinitions(repositoryBeanDef, element, "saltSource", element
.getAttribute(SALT_SOURCE_REF));
}
}
/**
*
* @param repositoryBeanDef
* @param element
*/
private void setPasswordEncoderProperty(RootBeanDefinition repositoryBeanDef, Element element) {
if (element != null) {
setBeanReferenceOrInnerBeanDefinitions(repositoryBeanDef, element, "passwordEncoder", element
.getAttribute(PASSWORD_ENCODER_REF));
}
}
/**
*
* @param repositoryBeanDef
* @param element
* @param property
* @param reference
*/
private void setBeanReferenceOrInnerBeanDefinitions(RootBeanDefinition repositoryBeanDef, Element element,
String property, String reference) {
// check for encoderBeanRef attribute
if (StringUtils.hasLength(reference)) {
repositoryBeanDef.getPropertyValues().addPropertyValue(property, new RuntimeBeanReference(reference));
}
else {
doSetInnerBeanDefinitions(repositoryBeanDef, element, property);
}
}
/**
*
* @param repositoryBeanDef
* @param element
* @param property
*/
private void doSetInnerBeanDefinitions(RootBeanDefinition repositoryBeanDef, Element element, String property) {
NodeList children = element.getChildNodes();
for (int i = 0, n = children.getLength(); i < n; i++) {
Node node = children.item(i);
if (node.getNodeType() == Node.ELEMENT_NODE) {
Element childElement = (Element) node;
RootBeanDefinition innerBeanDefinition = null;
if (SYSTEM_WIDE_SALT_SOURCE.equals(node.getLocalName())) {
innerBeanDefinition = createSystemWideSaltSource(childElement);
repositoryBeanDef.getPropertyValues().addPropertyValue(property, innerBeanDefinition);
}
else if (REFLECTION_SALT_SOURCE.equals(node.getLocalName())) {
innerBeanDefinition = createReflectionSaltSource(childElement);
repositoryBeanDef.getPropertyValues().addPropertyValue(property, innerBeanDefinition);
}
if (PASSWORD_ENCODER.equals(node.getLocalName())) {
RootBeanDefinition passwordEncoderInnerBeanDefinition = createPasswordEncoder(childElement);
repositoryBeanDef.getPropertyValues()
.addPropertyValue(property, passwordEncoderInnerBeanDefinition);
}
}
}
}
/**
*
* @param childElement
* @return
*/
private RootBeanDefinition createPasswordEncoder(Element childElement) {
String attributeValue = childElement.getAttribute("method");
RootBeanDefinition definition = null;
// TODO: add other encoders support
if (attributeValue.equals("md5")) {
definition = new RootBeanDefinition(Md5PasswordEncoder.class);
}
return definition;
}
/**
*
* @param saltSourceTypeElement
* @return
*/
private RootBeanDefinition createReflectionSaltSource(Element saltSourceTypeElement) {
RootBeanDefinition definition = new RootBeanDefinition(ReflectionSaltSource.class);
definition.getPropertyValues().addPropertyValue("userPropertyToUse",
saltSourceTypeElement.getAttribute("userPropertyToUse"));
return definition;
}
/**
*
* @param saltSourceTypeElement
* @return
*/
private RootBeanDefinition createSystemWideSaltSource(Element saltSourceTypeElement) {
RootBeanDefinition definition = new RootBeanDefinition(SystemWideSaltSource.class);
definition.getPropertyValues().addPropertyValue("systemWideSalt",
saltSourceTypeElement.getAttribute("systemWideSalt"));
return definition;
}
protected static RootBeanDefinition createBeanDefinitionWithDefaults() {
RootBeanDefinition repositoryBeanDef = new RootBeanDefinition(DaoAuthenticationProvider.class);
return repositoryBeanDef;
}
}
@@ -1,84 +0,0 @@
package org.acegisecurity.config;
import org.acegisecurity.AccessDecisionManager;
import org.acegisecurity.vote.AffirmativeBased;
import org.acegisecurity.vote.AuthenticatedVoter;
import org.acegisecurity.vote.ConsensusBased;
import org.acegisecurity.vote.RoleVoter;
import org.acegisecurity.vote.UnanimousBased;
import org.springframework.beans.factory.support.AbstractBeanDefinition;
import org.springframework.beans.factory.support.ManagedList;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
import org.springframework.beans.factory.xml.BeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.util.StringUtils;
import org.springframework.util.xml.DomUtils;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
public class AuthorizationManagerBeanDefinitionParser extends AbstractBeanDefinitionParser implements
BeanDefinitionParser {
// ~ static initializers
// ================================================================================================
public static final String ROLE_VOTER_ELE = "role-voter";
public static final String AUTHENTICATED_VOTER_ELE = "authenticated-voter";
public static final String STRATEGY_ATTRIBUTE = "strategy";
// ~ Method
// ================================================================================================
protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
return createBeanDefinition(element, parserContext);
}
private RootBeanDefinition createBeanDefinition(Element element, ParserContext parserContext) {
ManagedList decisionVoters = new ManagedList();
Element roleVoterEle = DomUtils.getChildElementByTagName(element, ROLE_VOTER_ELE);
Element authVoterEle = DomUtils.getChildElementByTagName(element, AUTHENTICATED_VOTER_ELE);
if(roleVoterEle!=null && roleVoterEle.getLocalName().equals(ROLE_VOTER_ELE)) {
decisionVoters.add(new RootBeanDefinition(RoleVoter.class));
}
if (authVoterEle!=null && authVoterEle.getLocalName().equals(AUTHENTICATED_VOTER_ELE)) {
decisionVoters.add(new RootBeanDefinition(AuthenticatedVoter.class));
}
String strategy = element.getAttribute(STRATEGY_ATTRIBUTE);
if (StringUtils.hasLength(strategy)) {
if (strategy.equals("affirmative")) {
return createAccessDecisionManager(AffirmativeBased.class, decisionVoters);
}
else if (strategy.equals("consensus")) {
return createAccessDecisionManager(ConsensusBased.class, decisionVoters);
}
else if (strategy.equals("unanimous")) {
return createAccessDecisionManager(UnanimousBased.class, decisionVoters);
}
}
else {
return createAccessDecisionManagerAffirmativeBased();
}
return null;
}
protected static RootBeanDefinition createAccessDecisionManagerAffirmativeBased() {
ManagedList decisionVoters = new ManagedList();
decisionVoters.add(new RootBeanDefinition(AuthenticatedVoter.class));
decisionVoters.add(new RootBeanDefinition(RoleVoter.class));
return createAccessDecisionManager(AffirmativeBased.class, decisionVoters);
}
protected static RootBeanDefinition createAccessDecisionManager(Class clazz, ManagedList decisionVoters) {
RootBeanDefinition accessDecisionManager = new RootBeanDefinition(clazz);
accessDecisionManager.getPropertyValues().addPropertyValue("allowIfAllAbstainDecisions", Boolean.FALSE);
accessDecisionManager.getPropertyValues().addPropertyValue("decisionVoters", decisionVoters);
return accessDecisionManager;
}
}
@@ -1,217 +0,0 @@
package org.acegisecurity.config;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.acegisecurity.annotation.SecurityAnnotationAttributes;
import org.acegisecurity.intercept.method.MethodDefinitionAttributes;
import org.acegisecurity.intercept.method.MethodDefinitionMap;
import org.acegisecurity.intercept.method.MethodDefinitionSource;
import org.acegisecurity.intercept.method.MethodDefinitionSourceMapping;
import org.acegisecurity.intercept.method.aopalliance.MethodDefinitionSourceAdvisor;
import org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor;
import org.acegisecurity.intercept.method.aspectj.AspectJSecurityInterceptor;
import org.acegisecurity.runas.RunAsManagerImpl;
import org.acegisecurity.util.BeanDefinitionParserUtils;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.beans.factory.BeanDefinitionStoreException;
import org.springframework.beans.factory.config.RuntimeBeanReference;
import org.springframework.beans.factory.support.AbstractBeanDefinition;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
import org.springframework.beans.factory.xml.BeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.metadata.commons.CommonsAttributes;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import org.springframework.util.xml.DomUtils;
import org.w3c.dom.Element;
/**
*
* @author Vishal Puri
*
*/
public class AuthorizationMethodBeanDefinitionParser extends AbstractBeanDefinitionParser implements
BeanDefinitionParser {
// ~ static initializers
// ================================================================================================
public static final String ASPECTJ_ATTRIBUTE = "aspectj";
public static final String SPRING_AOP_ATTRIBUTE = "springAop";
public static final String SOURCE_ATTRIBUTE = "source";
public static final String SOURCE_BEAN_REF = "sourceBeanId";
public static final String ATTRIBUTE = "attribute";
private static final String CONFIGURATION_ATTRIBUTE = "configuration-attribute";
private static final String TYPE_ATTRIBUTE = "type";
// ~ Method
// ================================================================================================
protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
// <security:authorization-joinpoint aspectj="false|true"
// springAop="true|false">
// one attribute allowed, aspectj or springAop
Assert.isTrue(!(element.hasAttribute(SPRING_AOP_ATTRIBUTE) && element.hasAttribute(ASPECTJ_ATTRIBUTE)),
"only one attribute (springAop or aspectj) is allowed");
Element urlMappingEle = DomUtils.getChildElementByTagName(element, "url-mapping");
String sourceBeanId = urlMappingEle.getAttribute(SOURCE_BEAN_REF);
boolean isSourceBeanIdDefined = StringUtils.hasLength(sourceBeanId);
if (!isValidConfiguration(urlMappingEle, isSourceBeanIdDefined)) {
throw new IllegalArgumentException(
" 'custom' value provided by 'source' attribute need to be selected when referring to a bean by 'sourceBeanId' attribute ");
}
if ((element.hasAttribute(ASPECTJ_ATTRIBUTE)) && element.getAttribute(ASPECTJ_ATTRIBUTE).equals("true")) {
// create AspectJSecurityInterceptor
if (isSourceBeanIdDefined)
return createMethodSecurityInterceptor(AspectJSecurityInterceptor.class, new RuntimeBeanReference(
sourceBeanId));
return createMethodSecurityInterceptor(AspectJSecurityInterceptor.class, createObjectDefinitionSource(
parserContext, urlMappingEle));
}
else if ((element.hasAttribute(SPRING_AOP_ATTRIBUTE))
&& element.getAttribute(SPRING_AOP_ATTRIBUTE).equals("true")) {
// create MethodSecurityInterceptor and
// MethodDefinitionSourceAdvisor
if (isSourceBeanIdDefined)
return createMethodSecurityInterceptor(MethodSecurityInterceptor.class, new RuntimeBeanReference(
sourceBeanId));
return createMethodSecurityInterceptor(MethodSecurityInterceptor.class, createObjectDefinitionSource(
parserContext, urlMappingEle));
}
return null;
}
/**
* @param parserContext
* @param firstChild
* @param sourceValue
* @throws BeanDefinitionStoreException
*/
private MethodDefinitionSource createObjectDefinitionSource(ParserContext parserContext, Element element)
throws BeanDefinitionStoreException {
String sourceValue = element.getAttribute(SOURCE_ATTRIBUTE);
if (sourceValue.equals("xml")) {
// create MethodDefinitionSourceEditor
Element methodPattern = DomUtils.getChildElementByTagName(element, "method-pattern");
String methodToProtect = methodPattern.getAttribute(TYPE_ATTRIBUTE);
MethodDefinitionSourceMapping mapping = new MethodDefinitionSourceMapping();
MethodDefinitionMap source = new MethodDefinitionMap();
List<MethodDefinitionSourceMapping> mappings = new ArrayList<MethodDefinitionSourceMapping>();
mapping.setMethodName(methodToProtect);
List configAttributes = DomUtils.getChildElementsByTagName(methodPattern, CONFIGURATION_ATTRIBUTE);
for (Iterator iter = configAttributes.iterator(); iter.hasNext();) {
Element configAttribute = (Element) iter.next();
String configAttributeValue = configAttribute.getAttribute(ATTRIBUTE);
mapping.addConfigAttribute(configAttributeValue);
}
mappings.add(mapping);
source.setMappings(mappings);
return source;
}
else if (sourceValue.equals("annotations")) {
BeanDefinitionParserUtils.registerBeanDefinition(parserContext, new RootBeanDefinition(
DefaultAdvisorAutoProxyCreator.class));
MethodDefinitionAttributes source = new MethodDefinitionAttributes();
SecurityAnnotationAttributes attributes = new SecurityAnnotationAttributes();
source.setAttributes(attributes);
return source;
}
else if (sourceValue.equals("attributes")) {
// create CommonsAttributes
CommonsAttributes attributes = new CommonsAttributes();
// objectDefinitionSource and inject attributes
MethodDefinitionAttributes source = new MethodDefinitionAttributes();
source.setAttributes(attributes);
// register DefaultAdvisorAutoProxyCreator with parseContext
BeanDefinitionParserUtils.registerBeanDefinition(parserContext, new RootBeanDefinition(
DefaultAdvisorAutoProxyCreator.class));
// register MethodDefinitionSourceAdvisor autowire="constructor"
registerMethodDefinitionSourceAdvisor(parserContext);
return source;
}
return null;
}
/**
* @param parserContext
* @throws BeanDefinitionStoreException
*/
private void registerMethodDefinitionSourceAdvisor(ParserContext parserContext) throws BeanDefinitionStoreException {
RootBeanDefinition methodSecurityAdvisor = new RootBeanDefinition(MethodDefinitionSourceAdvisor.class);
methodSecurityAdvisor.setAutowireMode(AbstractBeanDefinition.AUTOWIRE_CONSTRUCTOR);
BeanDefinitionParserUtils.registerBeanDefinition(parserContext, methodSecurityAdvisor);
}
/**
* Creates BeanDefinition for MethodSecurityInterceptor
* MethodSecurityInterceptor autodetects 'authenticationManager' and
* 'accessDecisionManager'
* @param name
*
* @return
*/
private RootBeanDefinition createMethodSecurityInterceptor(Class interceptorType, Object object) {
Assert.notNull(object, "objectDefinitionSource required");
RootBeanDefinition securityInterceptor = new RootBeanDefinition(interceptorType);
if (RuntimeBeanReference.class.isAssignableFrom(object.getClass())) {
RuntimeBeanReference source = (RuntimeBeanReference) object;
securityInterceptor.getPropertyValues().addPropertyValue("objectDefinitionSource", source);
}
else if (MethodDefinitionSource.class.isAssignableFrom(object.getClass())) {
MethodDefinitionSource source = (MethodDefinitionSource) object;
securityInterceptor.getPropertyValues().addPropertyValue("objectDefinitionSource", source);
}
securityInterceptor.getPropertyValues().addPropertyValue("validateConfigAttributes", Boolean.FALSE);
RootBeanDefinition runAsManager = createRunAsManager();
securityInterceptor.getPropertyValues().addPropertyValue("runAsManager", runAsManager);
return securityInterceptor;
}
private RootBeanDefinition createRunAsManager() {
RootBeanDefinition runAsManager = new RootBeanDefinition(RunAsManagerImpl.class);
runAsManager.getPropertyValues().addPropertyValue("key", "my_run_as_password");
return runAsManager;
}
/**
* Checks if 'custom' option is picked for 'source' attribute when
* 'sourceBeanId' attribute is provided.
* <p>
* The valid configuration example:<br/> &lt;security:url-mapping
* source="custom" sourceBeanId="referenceToObjectDefinitionSource"/&gt;
* </p>
* @param urlMappingElement
* @return boolean Returns 'true' if configuration is accepted otherwise
* returns 'false'
*/
private boolean isValidConfiguration(Element urlMappingElement, boolean isRefDefined) {
Assert.notNull(urlMappingElement, "invalid tag - expected 'url-mapping' ");
Assert.isTrue(urlMappingElement.getLocalName().equals("url-mapping"), "invalid tag - expected 'url-mapping' ");
if (isRefDefined && (urlMappingElement.getAttribute(SOURCE_ATTRIBUTE).compareTo("custom") != 0)) {
return false;
}
return true;
}
}
@@ -1,243 +0,0 @@
/**
*
*/
package org.acegisecurity.config;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.acegisecurity.annotation.SecurityAnnotationAttributes;
import org.acegisecurity.intercept.method.MethodDefinitionAttributes;
import org.acegisecurity.intercept.method.aopalliance.MethodDefinitionSourceAdvisor;
import org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor;
import org.acegisecurity.intercept.web.FilterInvocationDefinitionDecorator;
import org.acegisecurity.intercept.web.FilterInvocationDefinitionSourceMapping;
import org.acegisecurity.intercept.web.FilterSecurityInterceptor;
import org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap;
import org.acegisecurity.runas.RunAsManagerImpl;
import org.acegisecurity.userdetails.memory.InMemoryDaoImpl;
import org.acegisecurity.util.BeanDefinitionParserUtils;
import org.acegisecurity.vote.AffirmativeBased;
import org.acegisecurity.vote.AuthenticatedVoter;
import org.acegisecurity.vote.RoleVoter;
import org.acegisecurity.vote.UnanimousBased;
import org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.beans.factory.support.ManagedList;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.beans.factory.xml.BeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.util.xml.DomUtils;
import org.w3c.dom.Element;
/**
* Parses 'autoconfig' tag and creates all the required
* <code>BeanDefinition</code>s with their default configurations. It also
* resolves their dependencies and wire them together.
*
* @author Vishal Puri
*
*/
public class AutoConfigBeanDefinitionParser implements BeanDefinitionParser {
// ~ instance fields
// ================================================================================================
private RootBeanDefinition authenticationManager;
private RootBeanDefinition rememberMeServices;
private ManagedList decisionVoters = new ManagedList();
// ~ Method
// ================================================================================================
public BeanDefinition parse(Element element, ParserContext parserContext) {
// authentication manager
this.authenticationManager = AuthenticationMechanismBeanDefinitionParser
.createAndRegisterBeanDefinitionWithDefaults(parserContext);
// remembermeServices
this.rememberMeServices = RememberMeServicesBeanDefinitionParser
.createAndRegisterBeanDefintionWithDefaults(parserContext);
// flters
createAndRegisterBeanDefinitionForHttpSessionContextIntegrationFilter(parserContext);
createAndRegisterBeanDefinitionForLogoutFilter(parserContext, rememberMeServices);
createAndRegisterBeanDefinitionForAuthenticationProcessingFilter(parserContext, authenticationManager,
rememberMeServices);
createAndRegisterBeanDefinitionForRememberMeProcessingFilter(parserContext, authenticationManager);
createAndRegisterBeanDefinitionForExceptionTranslationFilter(parserContext);
createAndRegisterBeanDefintionForSecurityContextHolderAwareRequestFilter(parserContext);
// method interceptor
createAndRegisterBeanDefinitinoForMethodDefinitionSourceAdvisor(parserContext, authenticationManager);
createAndRegisterDefaultAdvisorAutoProxyCreator(parserContext);
// filter security interceptor
createAndRegisterBeanDefinitionForFilterSecurityInterceptor(parserContext, authenticationManager);
// create userDetailsService
return null;
}
private void createAndRegisterBeanDefintionForSecurityContextHolderAwareRequestFilter(ParserContext parserContext) {
RootBeanDefinition beanDefinition = new RootBeanDefinition(SecurityContextHolderAwareRequestFilter.class);
BeanDefinitionParserUtils.registerBeanDefinition(parserContext, beanDefinition);
}
/**
* Creates <code>FilterSecurityInterceptor</code> bean definition and
* register it with the <code>ParserContext</code>
*
* @param parserContext To register the bean definition with
* @param authenticationManager The <code>AuthenticationManager</code> to
* set as a property in the bean definition
*/
private void createAndRegisterBeanDefinitionForFilterSecurityInterceptor(ParserContext parserContext,
RootBeanDefinition authenticationManager) {
RootBeanDefinition filterInvocationInterceptor = new RootBeanDefinition(FilterSecurityInterceptor.class);
filterInvocationInterceptor.getPropertyValues()
.addPropertyValue("authenticationManager", authenticationManager);
RootBeanDefinition accessDecisionManager = createAccessDecisionManagerAffirmativeBased();
filterInvocationInterceptor.getPropertyValues()
.addPropertyValue("accessDecisionManager", accessDecisionManager);
FilterInvocationDefinitionDecorator source = new FilterInvocationDefinitionDecorator();
source.setDecorated(new PathBasedFilterInvocationDefinitionMap());
FilterInvocationDefinitionSourceMapping mapping = new FilterInvocationDefinitionSourceMapping();
String url1 = "/acegilogin.jsp";
String value1 = "IS_AUTHENTICATED_ANONYMOUSLY";
String url2 = "/**";
String value2 = "IS_AUTHENTICATED_REMEMBERED";
mapping.setUrl(url1);
mapping.addConfigAttribute(value1);
mapping.setUrl(url2);
mapping.addConfigAttribute(value2);
List mappings = new ArrayList();
mappings.add(mapping);
source.setMappings(mappings);
filterInvocationInterceptor.getPropertyValues().addPropertyValue("objectDefinitionSource",
source.getDecorated());
BeanDefinitionParserUtils.registerBeanDefinition(parserContext, filterInvocationInterceptor);
}
private RootBeanDefinition createAccessDecisionManagerAffirmativeBased() {
RootBeanDefinition accessDecisionManager = new RootBeanDefinition(AffirmativeBased.class);
accessDecisionManager.getPropertyValues().addPropertyValue("allowIfAllAbstainDecisions", Boolean.FALSE);
RootBeanDefinition authenticatedVoter = new RootBeanDefinition(AuthenticatedVoter.class);
this.decisionVoters.add(authenticatedVoter);
accessDecisionManager.getPropertyValues().addPropertyValue("decisionVoters", decisionVoters);
return accessDecisionManager;
}
private void createAndRegisterDefaultAdvisorAutoProxyCreator(ParserContext parserContext) {
BeanDefinitionParserUtils.registerBeanDefinition(parserContext, new RootBeanDefinition(
DefaultAdvisorAutoProxyCreator.class));
}
private void createAndRegisterBeanDefinitinoForMethodDefinitionSourceAdvisor(ParserContext parserContext,
RootBeanDefinition authenticationManager) {
RootBeanDefinition methodSecurityAdvisor = new RootBeanDefinition(MethodDefinitionSourceAdvisor.class);
RootBeanDefinition securityInterceptor = createMethodSecurityInterceptor(authenticationManager);
methodSecurityAdvisor.getConstructorArgumentValues().addIndexedArgumentValue(0, securityInterceptor);
BeanDefinitionParserUtils.registerBeanDefinition(parserContext, methodSecurityAdvisor);
}
private RootBeanDefinition createAccessDecisionManagerUnanimousBased() {
RootBeanDefinition accessDecisionManager = new RootBeanDefinition(UnanimousBased.class);
accessDecisionManager.getPropertyValues().addPropertyValue("allowIfAllAbstainDecisions", Boolean.FALSE);
decisionVoters.add(new RootBeanDefinition(RoleVoter.class));
accessDecisionManager.getPropertyValues().addPropertyValue("decisionVoters", decisionVoters);
return accessDecisionManager;
}
private RootBeanDefinition createMethodSecurityInterceptor(RootBeanDefinition authenticationManager) {
RootBeanDefinition securityInterceptor = new RootBeanDefinition(MethodSecurityInterceptor.class);
securityInterceptor.getPropertyValues().addPropertyValue("authenticationManager", authenticationManager);
RootBeanDefinition accessDecisionManager = createAccessDecisionManagerUnanimousBased();
securityInterceptor.getPropertyValues().addPropertyValue("accessDecisionManager", accessDecisionManager);
securityInterceptor.getPropertyValues().addPropertyValue("validateConfigAttributes", Boolean.FALSE);
RootBeanDefinition runAsManager = createRunAsManager();
securityInterceptor.getPropertyValues().addPropertyValue("runAsManager", runAsManager);
RootBeanDefinition objectDefinitionSource = createMethodDefinitionAttributes();
securityInterceptor.getPropertyValues().addPropertyValue("objectDefinitionSource", objectDefinitionSource);
return securityInterceptor;
}
private RootBeanDefinition createMethodDefinitionAttributes() {
RootBeanDefinition objectDefinitionSource = new RootBeanDefinition(MethodDefinitionAttributes.class);
RootBeanDefinition attributes = createSecurityAnnotationAttributes();
objectDefinitionSource.getPropertyValues().addPropertyValue("attributes", attributes);
return objectDefinitionSource;
}
private RootBeanDefinition createSecurityAnnotationAttributes() {
return new RootBeanDefinition(SecurityAnnotationAttributes.class);
}
private RootBeanDefinition createRunAsManager() {
RootBeanDefinition runAsManager = new RootBeanDefinition(RunAsManagerImpl.class);
runAsManager.getPropertyValues().addPropertyValue("key", "my_run_as_password");
return runAsManager;
}
private void createAndRegisterBeanDefinitionForExceptionTranslationFilter(ParserContext parserContext) {
BeanDefinitionParserUtils.registerBeanDefinition(parserContext, ExceptionTranslationFilterBeanDefinitionParser
.createBeanDefinitionWithDefaults());
}
private void createAndRegisterBeanDefinitionForRememberMeProcessingFilter(ParserContext parserContext,
RootBeanDefinition authenticationManager) {
BeanDefinitionParserUtils.registerBeanDefinition(parserContext, RememberMeFilterBeanDefinitionParser
.createBeanDefinitionWithDefaults(parserContext, authenticationManager));
}
private void createAndRegisterBeanDefinitionForAuthenticationProcessingFilter(ParserContext parserContext,
RootBeanDefinition authenticationManager, RootBeanDefinition rememberMeServices) {
RootBeanDefinition defintion = AuthenticationProcessingFilterBeanDefinitionParser
.createBeandefinitionWithDefaults(parserContext, authenticationManager, rememberMeServices);
BeanDefinitionParserUtils.registerBeanDefinition(parserContext, defintion);
}
private void createAndRegisterBeanDefinitionForLogoutFilter(ParserContext parserContext,
RootBeanDefinition rememberMeServices) {
RootBeanDefinition defintion = LogoutFilterBeanDefinitionParser
.createBeanDefinitionWithDefaults(rememberMeServices);
BeanDefinitionParserUtils.registerBeanDefinition(parserContext, defintion);
}
private void createAndRegisterBeanDefinitionForHttpSessionContextIntegrationFilter(ParserContext parserContext) {
RootBeanDefinition defintion = ContextIntegrationBeanDefinitionParser.createBeanDefinitionWithDefaults();
BeanDefinitionParserUtils.registerBeanDefinition(parserContext, defintion);
// retrieveBeanDefinition(parserContext, o)
}
/**
* Returns a <code>BeanDefinition</code> of the specified type.
*
* @param parserContext
* @param type
* @return
*/
private RootBeanDefinition retrieveBeanDefinition(ParserContext parserContext, Class type) {
String[] names = parserContext.getRegistry().getBeanDefinitionNames();
for (String name : names) {
BeanDefinition beanDefinition = parserContext.getRegistry().getBeanDefinition(name);
if (type.isInstance(beanDefinition)) {
return (RootBeanDefinition) beanDefinition;
}
}
return null;
}
}
@@ -1,91 +0,0 @@
/**
*
*/
package org.acegisecurity.config;
import org.acegisecurity.context.HttpSessionContextIntegrationFilter;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.beans.factory.xml.AbstractSingleBeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.core.Conventions;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import org.w3c.dom.Attr;
import org.w3c.dom.Element;
import org.w3c.dom.NamedNodeMap;
/**
*
* @author vpuri
*
*/
public class ContextIntegrationBeanDefinitionParser extends AbstractSingleBeanDefinitionParser {
// ~ Static fields/initializers
// =====================================================================================
private static final String HTTP_SESSION_CONTEXT_INTEGRATION = "session-context-integration";
private static final String SESSION_CREATION = "sessionCreation";
private static final String IF_REQUIRED = "ifRequired";
private static final String ALWAYS = "always";
private static final String NEVER = "never";
private static final String ALLOW_SESSION_CREATION = "allowSessionCreation";
// ~ Methods
// ========================================================================================================
protected Class getBeanClass(Element element) {
return HttpSessionContextIntegrationFilter.class;
}
protected void doParse(Element element, ParserContext parserContext, BeanDefinitionBuilder builder) {
NamedNodeMap attributes = element.getAttributes();
for (int x = 0; x < attributes.getLength(); x++) {
Attr attribute = (Attr) attributes.item(x);
String attributeName = attribute.getLocalName();
if (!ID_ATTRIBUTE.equals(attributeName)) {
if (attributeName.equals(SESSION_CREATION)) {
String sessionCreation = element.getAttribute(SESSION_CREATION);
createBeanDefinition(builder, sessionCreation);
}
else {
String propertyName = Conventions.attributeNameToPropertyName(attributeName);
Assert
.state(StringUtils.hasText(propertyName),
"Illegal property name returned from 'extractPropertyName(String)': cannot be null or empty.");
builder.addPropertyValue(propertyName, attribute.getValue());
}
}
}
}
private void createBeanDefinition(BeanDefinitionBuilder builder, String attribute) {
if (attribute.equals(IF_REQUIRED)) {
builder.addPropertyValue(ALLOW_SESSION_CREATION, Boolean.TRUE);
}
else if (attribute.equals(ALWAYS)) {
builder.addPropertyValue(ALLOW_SESSION_CREATION, Boolean.TRUE);
}
else if (attribute.equals(NEVER)) {
builder.addPropertyValue(ALLOW_SESSION_CREATION, Boolean.FALSE);
}
else {
createBeanDefinitionWithDefaults();
}
}
protected static RootBeanDefinition createBeanDefinitionWithDefaults() {
RootBeanDefinition definition = new RootBeanDefinition(HttpSessionContextIntegrationFilter.class);
definition.getPropertyValues().addPropertyValue(ALLOW_SESSION_CREATION, Boolean.TRUE);
return definition;
}
}
@@ -1,183 +0,0 @@
/**
*
*/
package org.acegisecurity.config;
import org.acegisecurity.ui.AccessDeniedHandlerImpl;
import org.acegisecurity.ui.ExceptionTranslationFilter;
import org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint;
import org.springframework.beans.factory.config.RuntimeBeanReference;
import org.springframework.beans.factory.support.AbstractBeanDefinition;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.util.StringUtils;
import org.springframework.util.xml.DomUtils;
import org.w3c.dom.Element;
/**
* <p>
* This class parses the <security:exception-translation /> tag and creates the
* bean defintion for <code>ExceptionTranslationFilter</code>.</br> The
* '&lt;security:access-denied .. /&gt;' tag is optional and if not specified
* <code>ExceptionTranslationFilter</code> <br/> will autodetect the instance
* of <code>AccessDeniedHandler</code>; alternately if there are > 1 such
* handlers, <br/>we can nominate the one to use via 'accessDeniedBeanRef'.
* </p>
*
* <p>
* The 'entryPointBeanRef' and 'accessDeniedBeanRef' can be specified as
* attributes or inner bean definitions. <br/> See following sample showing both
* ways.
* </p>
*
* <p>
* Sample: <d1>
* <dt> &lt;security:exception-translation id="exceptionTranslationFilter"&gt;
* </dt>
* <dd> &lt;security:entry-point
* entryPointBeanRef="authenticationProcessingFilterEntryPoint" /&gt; </dd>
* <dd> &lt;security:access-denied accessDeniedBeanRef="theBeanToUse" /&gt;
* </dd>
* <dt>&lt;/security:exception-translation&gt;</dt>
* </d1> or <d1>
* <dt> &lt;security:exception-translation id="exceptionTranslationFilter"
* entryPointBeanRef="ref" accessDeniedBeanRef="ref" /&gt;</dt>
* </d1>
* </p>
*
* @author Vishal Puri
* @version
* @see {@link org.acegisecurity.ui.ExceptionTranslationFilter}
* @see {@link org.acegisecurity.ui.AccessDeniedHandler}
*/
public class ExceptionTranslationFilterBeanDefinitionParser extends AbstractBeanDefinitionParser {
// ~ Static fields
// =====================================================================================
private static final String ACCESS_DENIED = "access-denied";
private static final String ACCESS_DENIED_REF = "accessDeniedBeanRef";
private static final String ACCESS_DENIED_URL = "accessDeniedUrl";
private static final String ENTRY_POINT = "entry-point";
private static final String ENTRY_POINT_REF = "entryPointBeanRef";
private static final String LOGIN_FORM_URL = "loginFormUrl";
private static final String LOGIN_FORM_URL_VALUE = "/acegilogin.jsp";
// ~ Method
// ================================================================================================
protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
RootBeanDefinition exceptionFilterDef = new RootBeanDefinition(ExceptionTranslationFilter.class);
// add handler
Element accessDeniedElement = DomUtils.getChildElementByTagName(element, ACCESS_DENIED);
setAccessDeniedHandlerProperty(parserContext, exceptionFilterDef, accessDeniedElement);
Element entryPointElement = DomUtils.getChildElementByTagName(element, ENTRY_POINT);
setEntryPointProperty(exceptionFilterDef, entryPointElement);
return exceptionFilterDef;
}
private void setEntryPointProperty(RootBeanDefinition exceptionFilterDef, Element entryPointElement) {
if (entryPointElement != null) {
setBeanReferenceOrInnerBeanDefinitions(exceptionFilterDef, entryPointElement, "authenticationEntryPoint",
entryPointElement.getAttribute(ENTRY_POINT_REF));
}
}
/**
* Resolves are reference to 'accessDeniedHandler' property.
* @param parserContext
* @param exceptionFilterDef The ExceptionFilter BeanDefinition
* @param accessDeniedElement The inner tag for accessDeniedHandler
* property.
*/
private void setAccessDeniedHandlerProperty(ParserContext parserContext, RootBeanDefinition exceptionFilterDef,
Element accessDeniedElement) {
if (accessDeniedElement != null) {
setBeanReferenceOrInnerBeanDefinitions(exceptionFilterDef, accessDeniedElement, "accessDeniedHandler",
accessDeniedElement.getAttribute(ACCESS_DENIED_REF));
}
}
/**
* Add property if it's specified as an attribute or inner tag.
*
* @param exceptionFilterDef The ExceptionFilter BeanDefinition
* @param element The inner bean element
* @param property The property to add
* @param beanRef The bean reference to resolve.
*/
private void setBeanReferenceOrInnerBeanDefinitions(RootBeanDefinition exceptionFilterDef, Element element,
String property, String beanRef) {
// check for encoderBeanRef attribute
if (StringUtils.hasLength(beanRef)) {
exceptionFilterDef.getPropertyValues().addPropertyValue(property, new RuntimeBeanReference(beanRef));
}
else {
doSetInnerBeanDefinitions(exceptionFilterDef, element, property);
}
}
/**
* Add property specified as an inner bean definition.
* @param exceptionFilterDef The ExceptionFilter BeanDefinition
* @param element The inner bean element
* @param property The property to add
*/
private void doSetInnerBeanDefinitions(RootBeanDefinition exceptionFilterDef, Element accessDeniedElement,
String property) {
RootBeanDefinition accessDeniedHandlerBeanDef = new RootBeanDefinition(AccessDeniedHandlerImpl.class);
setPropertyIfAvailable(accessDeniedElement, ACCESS_DENIED_URL, "errorPage", accessDeniedHandlerBeanDef);
exceptionFilterDef.getPropertyValues().addPropertyValue(property, accessDeniedHandlerBeanDef);
}
/**
* @param element
* @param attribute
* @param property
* @param definition
*/
private void setPropertyIfAvailable(Element element, String attribute, String property,
RootBeanDefinition definition) {
String propertyValue = element.getAttribute(attribute);
if (StringUtils.hasText(propertyValue)) {
definition.getPropertyValues().addPropertyValue(property, propertyValue);
}
}
/**
* Creates <code>BeanDefintion</code> for
* <code>ExceptionTranslationFilter</code> with it's default properties.
* @return beanDefinition The bean defintion configured with default
* properties
*/
protected static RootBeanDefinition createBeanDefinitionWithDefaults() {
RootBeanDefinition beanDefinition = new RootBeanDefinition(ExceptionTranslationFilter.class);
beanDefinition.getPropertyValues().addPropertyValue("authenticationEntryPoint",
createBeanDefintionForAuthenticationProcessingFilterEntryPoint());
return beanDefinition;
}
/**
* Creates <code>BeanDefintion</code> for
* <code>AuthenticationProcessingFilterEntryPoint</code> with it's default
* properties.
* @return beanDefinition The bean defintion configured with default
*/
protected static RootBeanDefinition createBeanDefintionForAuthenticationProcessingFilterEntryPoint() {
RootBeanDefinition beanDefinition = new RootBeanDefinition(AuthenticationProcessingFilterEntryPoint.class);
beanDefinition.getPropertyValues().addPropertyValue(LOGIN_FORM_URL, LOGIN_FORM_URL_VALUE);
return beanDefinition;
}
}
@@ -1,163 +0,0 @@
package org.acegisecurity.config;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.acegisecurity.AccessDecisionManager;
import org.acegisecurity.intercept.web.FilterInvocationDefinitionDecorator;
import org.acegisecurity.intercept.web.FilterInvocationDefinitionSourceMapping;
import org.acegisecurity.intercept.web.FilterSecurityInterceptor;
import org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap;
import org.acegisecurity.intercept.web.RegExpBasedFilterInvocationDefinitionMap;
import org.acegisecurity.util.BeanDefinitionParserUtils;
import org.springframework.beans.factory.support.AbstractBeanDefinition;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.util.Assert;
import org.springframework.util.xml.DomUtils;
import org.w3c.dom.Element;
import org.w3c.dom.NamedNodeMap;
import org.w3c.dom.Node;
/**
* @author Vishal Puri
*
*/
public class FilterSecurityInterceptorBeanDefinitionParser extends AbstractBeanDefinitionParser {
// ~ static initializers
// ================================================================================================
private static final String OBJECT_DEFINITION_SOURCE_PROPERTY = "objectDefinitionSource";
private static final String OBJECT_DEFINITION_SOURCE_REF_ATTRIBUTE = "sourceBeanId";
private static final String PATH_ATTRIBUTE = "path";
private static final String REG_EX_ATTRIBUTE = "regularExpression";
private static final String CONFIGURATION_ATTRIB_ATTRIBUTE = "attribute";
// ~ Methods
// ================================================================================================
protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
return createBeanDefinitionForFilterSecurityInterceptor(element, parserContext);
}
protected static RootBeanDefinition createBeanDefinitionForFilterSecurityInterceptor(Element element,
ParserContext parserContext) {
RootBeanDefinition filterInvocationInterceptor = new RootBeanDefinition(FilterSecurityInterceptor.class);
RootBeanDefinition accessDecisionManager = AuthorizationManagerBeanDefinitionParser
.createAccessDecisionManagerAffirmativeBased();
filterInvocationInterceptor.getPropertyValues()
.addPropertyValue("accessDecisionManager", accessDecisionManager);
FilterInvocationDefinitionDecorator source = new FilterInvocationDefinitionDecorator();
FilterInvocationDefinitionSourceMapping mapping = new FilterInvocationDefinitionSourceMapping();
List<FilterInvocationDefinitionSourceMapping> mappings = new ArrayList<FilterInvocationDefinitionSourceMapping>();
Element firstChild = DomUtils.getChildElementByTagName(element, "url-mapping");
// if 'url-mapping' element is defined
if (firstChild != null) {
if (BeanDefinitionParserUtils.setPropertyIfAvailable(firstChild, OBJECT_DEFINITION_SOURCE_REF_ATTRIBUTE,
OBJECT_DEFINITION_SOURCE_PROPERTY, true/* RuntimeBeanReference */, filterInvocationInterceptor)) {
return filterInvocationInterceptor;
}
// get 'uri-pattern' or 'path' attribute. not both can be specified
// together
List uriPatternElements = DomUtils.getChildElementsByTagName(firstChild, "uri-pattern");
boolean patternToMatchCreated = false;
Node patternAttribute = null;
String url = "";
boolean isPathFound = false;
for (Iterator it = uriPatternElements.iterator(); it.hasNext();) {
Element uriPattern = (Element) it.next();
/* path or pattern - only one attribute is allowed */
NamedNodeMap map = uriPattern.getAttributes();
Assert.isTrue(map.getLength() == 1,
"only 'path' or 'regularExperssion' attribute allowed with 'uri-pattern' tag");
// check if typecreated variable is false then create a type and
// store it somewhere and set typecreated variable to true
if (!patternToMatchCreated) {
// should only be one attribute "path" or
// "regularExpression"
patternAttribute = map.item(0);
// set this variable to true
patternToMatchCreated = true;
// get the attributes and set the decoratd type
// appropriately
if (uriPattern.hasAttribute(PATH_ATTRIBUTE)) {
isPathFound = true;
url = uriPattern.getAttribute(PATH_ATTRIBUTE);
source.setDecorated(new PathBasedFilterInvocationDefinitionMap());
}
else if (uriPattern.hasAttribute(REG_EX_ATTRIBUTE)) {
url = uriPattern.getAttribute(REG_EX_ATTRIBUTE);
source.setDecorated(new RegExpBasedFilterInvocationDefinitionMap());
}
}
else {
// type created already so check if it matches with the
// current element
// if it matches get the one attribute "path" or
// "regularExpression" and apply as property
uriPattern.getAttribute(patternAttribute.getLocalName());
Assert
.hasLength(uriPattern.getAttribute(patternAttribute.getLocalName()),
" ALL uri-pattern tags in the url-mapping must be of the same type (ie cannot mix a regular expression and Ant Path)");
if (isPathFound) {
url = uriPattern.getAttribute(PATH_ATTRIBUTE);
}
else {
url = uriPattern.getAttribute(REG_EX_ATTRIBUTE);
}
}
mapping.setUrl(url);
// get child elements 'configuration-attribute'
List configAttributes = DomUtils.getChildElementsByTagName(uriPattern, "configuration-attribute");
for (Iterator iter = configAttributes.iterator(); iter.hasNext();) {
Element configAttribute = (Element) iter.next();
String configAttributeValue = configAttribute.getAttribute(CONFIGURATION_ATTRIB_ATTRIBUTE);
mapping.addConfigAttribute(configAttributeValue);
}
}
}
// default properties
else {
String url1 = "/acegilogin.jsp";
String value1 = "IS_AUTHENTICATED_ANONYMOUSLY";
String url2 = "/**";
String value2 = "IS_AUTHENTICATED_REMEMBERED";
mapping.setUrl(url1);
mapping.addConfigAttribute(value1);
mapping.setUrl(url2);
mapping.addConfigAttribute(value2);
}
mappings.add(mapping);
source.setMappings(mappings);
filterInvocationInterceptor.getPropertyValues().addPropertyValue(OBJECT_DEFINITION_SOURCE_PROPERTY,
source.getDecorated());
return filterInvocationInterceptor;
}
}
@@ -1,108 +0,0 @@
/**
*
*/
package org.acegisecurity.config;
import org.acegisecurity.ui.logout.LogoutFilter;
import org.acegisecurity.ui.logout.SecurityContextLogoutHandler;
import org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.beans.factory.support.AbstractBeanDefinition;
import org.springframework.beans.factory.support.ManagedList;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.util.StringUtils;
import org.w3c.dom.Element;
/**
* @author vpuri
* @since
*/
public class LogoutFilterBeanDefinitionParser extends AbstractBeanDefinitionParser {
// ~ Instance fields
// ================================================================================================
private static final String REDIRECT_AFTER_LOGOUT_URL = "redirectAfterLogoutUrl";
private static final String LOGOUT_URL = "logoutUrl";
private static final String REDIRECT_AFTER_LOGOUT_URL_VALUE = "/";
// ~ Methods
// ================================================================================================
protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
// add the properties
RootBeanDefinition definition = new RootBeanDefinition(LogoutFilter.class);
doCreateBeanDefinition(definition, element, parserContext, false);
return definition;
}
/**
*
* @param definition
* @param element
* @param parserContext
* @param isAutoconfig
* @see {@link AutoConfigBeanDefinitionParser}
*/
private void doCreateBeanDefinition(RootBeanDefinition definition, Element element, ParserContext parserContext,
boolean isAutoconfig) {
setConstructorArgumentIfAvailable(0, element, REDIRECT_AFTER_LOGOUT_URL, "logoutSuccessUrl", definition);
setPropertyIfAvailable(element, LOGOUT_URL, "filterProcessesUrl", definition);
/* TODO: Move this logic to LogoutFilter itlself */
// register BFPP to check if LogoutFilter does not have setHandlers
// populated, introspect app ctx for LogoutHandlers, using Ordered
// (if
// present, otherwise assume Integer.MAX_VALUE)
RootBeanDefinition bfpp = new RootBeanDefinition(LogoutHandlerOrderResolver.class);
parserContext.getReaderContext().registerWithGeneratedName(bfpp);
}
private void setConstructorArgumentIfAvailable(int index, Element element, String attribute, String property,
RootBeanDefinition definition) {
String propertyValue = element.getAttribute(attribute);
if (StringUtils.hasText(propertyValue)) {
addConstructorArgument(index, definition, propertyValue);
}
}
private void addConstructorArgument(int index, RootBeanDefinition definition, String propertyValue) {
definition.getConstructorArgumentValues().addIndexedArgumentValue(index, propertyValue);
}
private void setPropertyIfAvailable(Element element, String attribute, String property,
RootBeanDefinition definition) {
String propertyValue = element.getAttribute(attribute);
if (StringUtils.hasText(propertyValue)) {
definition.getPropertyValues().addPropertyValue(property, propertyValue);
}
}
/**
* Creates <code>BeanDefintion</code> as required by 'autoconfig' tag
*
* @param definition The BeanDefinition for Logoutfilter
* @param element
* @param parserContext
* @param isAutoconfig
* @return definition
*/
protected static RootBeanDefinition createBeanDefinitionWithDefaults(RootBeanDefinition rememberMeServices) {
RootBeanDefinition definition = new RootBeanDefinition(LogoutFilter.class);
definition.getConstructorArgumentValues().addIndexedArgumentValue(0, REDIRECT_AFTER_LOGOUT_URL_VALUE);
// create BeanDefinitions for LogoutHandlers
// (TokenBasedRememberMeServices) and (SecuritycontextLogoutHandler)
ManagedList handlers = new ManagedList();
//RootBeanDefinition rememberMeServices = RememberMeServicesBeanDefinitionParser.doCreateBeanDefintionWithDefaults();
handlers.add(rememberMeServices);
handlers.add(new RootBeanDefinition(SecurityContextLogoutHandler.class));
definition.getConstructorArgumentValues().addIndexedArgumentValue(1, handlers);
return definition;
}
}
@@ -1,95 +0,0 @@
/**
*
*/
package org.acegisecurity.config;
import java.util.Collections;
import java.util.List;
import org.acegisecurity.ui.logout.LogoutFilter;
import org.acegisecurity.ui.logout.LogoutHandler;
import org.acegisecurity.ui.logout.SecurityContextLogoutHandler;
import org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.config.BeanFactoryPostProcessor;
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
import org.springframework.beans.factory.config.ConstructorArgumentValues.ValueHolder;
import org.springframework.beans.factory.support.ManagedList;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.core.OrderComparator;
import org.springframework.core.Ordered;
/**
* @author vpuri
* @since
*/
public class LogoutHandlerOrderResolver implements BeanFactoryPostProcessor {
// ~ Methods
// ================================================================================================
public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) throws BeansException {
// If LogoutFilter does not have setHandlers populated, introspect app
// ctx for LogoutHandlers, using Ordered (if present, otherwise assume
// Integer.MAX_VALUE)
String[] names = beanFactory.getBeanNamesForType(LogoutFilter.class);
RootBeanDefinition definition = (RootBeanDefinition) beanFactory.getBeanDefinition(names[0]);
ValueHolder holder = getHandlersIfConfigured(beanFactory, definition);
if (holder == null) {
// intropect the appcontext for registerd LogoutHandler
List logoutHandlers = retrieveAllLogoutHandlers(beanFactory);
definition.getConstructorArgumentValues().addIndexedArgumentValue(1, logoutHandlers);
}
}
/**
*
* @param beanFactory
* @param definition
* @return
*/
private ValueHolder getHandlersIfConfigured(ConfigurableListableBeanFactory beanFactory,
RootBeanDefinition definition) {
// there should be only one LogoutFilter
return definition.getConstructorArgumentValues().getArgumentValue(1, null);
}
/**
*
* @param beanFactory
* @return
*/
private List retrieveAllLogoutHandlers(ConfigurableListableBeanFactory beanFactory) {
String[] names = beanFactory.getBeanNamesForType(LogoutHandler.class);
ManagedList list = new ManagedList();
for (int i = 0, n = names.length; i < n; i++) {
RootBeanDefinition definition = (RootBeanDefinition) beanFactory.getBeanDefinition(names[i]);
if (definition.hasBeanClass()) {
if (Ordered.class.isAssignableFrom(definition.getBeanClass())) {
definition.getPropertyValues().addPropertyValue("order",
Integer.valueOf(getOrder(definition.getBeanClass())));
}
else {
definition.getPropertyValues().addPropertyValue("order", Integer.valueOf(Integer.MAX_VALUE));
}
}
list.add(definition);
}
Collections.sort(list, new OrderComparator());
return list;
}
private int getOrder(Class clazz) {
if (clazz.getName().equals(TokenBasedRememberMeServices.class.getName())) {
return 100;
}
if (clazz.getName().equals(SecurityContextLogoutHandler.class.getName())) {
return 200;
}
return Integer.MAX_VALUE;
}
}
@@ -1,247 +0,0 @@
/**
*
*/
package org.acegisecurity.config;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.GrantedAuthorityImpl;
import org.acegisecurity.userdetails.User;
import org.acegisecurity.userdetails.UserDetails;
import org.acegisecurity.userdetails.jdbc.JdbcDaoImpl;
import org.acegisecurity.userdetails.memory.InMemoryDaoImpl;
import org.acegisecurity.userdetails.memory.UserAttribute;
import org.acegisecurity.userdetails.memory.UserMap;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.config.PropertiesFactoryBean;
import org.springframework.beans.factory.config.RuntimeBeanReference;
import org.springframework.beans.factory.support.AbstractBeanDefinition;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.springframework.beans.factory.support.ManagedList;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
import org.springframework.beans.factory.xml.BeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.util.StringUtils;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
/**
* @author vpuri
*
*/
public class PrincipalRepositoryBeanDefinitionParser extends AbstractBeanDefinitionParser implements
BeanDefinitionParser {
// ~ Static fields/initializers
// =====================================================================================
private static final Log logger = LogFactory.getLog(PrincipalRepositoryBeanDefinitionParser.class);
// ~ Instance fields
// ================================================================================================
private static final String JDBC = "jdbc";
private static final String DATASOURCE_REF = "dataSourceBeanRef";
private static final String DATASOURCE = "dataSource";
private static final String JDBCTEMPLATE_REF = "jdbcTemplateBeanRef";
private static final String JDBCTEMPLATE = "jdbcTemplate";
private static final String AUTHORITIES_BY_USERNAME_QUERY = "authoritiesByUsernameQuery";
private static final String ROLE_PREFIX = "rolePrefix";
private static final String USERNAME_BASED_PRIMARY_KEY = "usernameBasedPrimaryKey";
private static final String PROPERTIES = "properties";
private static final String RESOURCE = "resource";
private static final String USER_PROPERTIES = "userProperties";
private static final String USER_DEFINITION = "user-definition";
private static final Object GRANTED_AUTHORITY = "granted-authority";
private static final String USERNAME = "username";
private static final String PASSWORD = "password";
private static final String ENABLED = "enabled";
private static final String GRANTED_AUTHORITY_REF = "granted-authority-ref";
private static final String AUTHORITY = "authority";
private static final String AUTHORITY_BEAN_REF = "authorityBeanRef";
// ~ Method
// ================================================================================================
/**
*
*/
protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
NodeList userDetailsServiceChildren = element.getChildNodes();
RootBeanDefinition userDetailsServiceDefinition = null;
for (int i = 0, n = userDetailsServiceChildren.getLength(); i < n; i++) {
Node userDetailsService = userDetailsServiceChildren.item(i);
if (JDBC.equals(userDetailsService.getLocalName()) && userDetailsService.getNodeType() == Node.ELEMENT_NODE) {
Element ele = (Element) userDetailsService;
userDetailsServiceDefinition = parseUserDetailsServiceJdbcDefinition(ele);
userDetailsServiceDefinition.setSource(parserContext.extractSource(element));
}
if (PROPERTIES.equals(userDetailsService.getLocalName())
&& userDetailsService.getNodeType() == Node.ELEMENT_NODE) {
Element ele = (Element) userDetailsService;
userDetailsServiceDefinition = new RootBeanDefinition(InMemoryDaoImpl.class);
userDetailsServiceDefinition.getPropertyValues().addPropertyValue(USER_PROPERTIES,
new RuntimeBeanReference(createPropertiesBeanDefinition(ele, parserContext)));
userDetailsServiceDefinition.setSource(parserContext.extractSource(element));
}
if (USER_DEFINITION.equals(userDetailsService.getLocalName())
&& userDetailsService.getNodeType() == Node.ELEMENT_NODE) {
Element ele = (Element) userDetailsService;
// create a UserMap which interns uses UserMapEditor
userDetailsServiceDefinition = createUserDefinition(ele, parserContext);
}
}
return userDetailsServiceDefinition;
}
private RootBeanDefinition createUserDefinition(Element ele, ParserContext parserContext) {
RootBeanDefinition definition = new RootBeanDefinition(InMemoryDaoImpl.class);
UserAttribute userAttribute = new UserAttribute();
UserMap userMap = new UserMap();
setPassword(ele, userAttribute);
setEnabled(ele, userAttribute);
setAuthorities(ele, userAttribute);
UserDetails user = new User(ele.getAttribute(USERNAME), userAttribute.getPassword(), userAttribute.isEnabled(),
true, true, true, userAttribute.getAuthorities());
userMap.addUser(user);
definition.getPropertyValues().addPropertyValue("userMap", userMap);
return definition;
}
private String createPropertiesBeanDefinition(Element ele, ParserContext parserContext) {
// properties element
RootBeanDefinition defintion = new RootBeanDefinition(PropertiesFactoryBean.class);
String propertyValue = ele.getAttribute(RESOURCE);
defintion.getPropertyValues().addPropertyValue("location", propertyValue);
defintion.setSource(parserContext.extractSource(ele));
return parserContext.getReaderContext().registerWithGeneratedName(defintion);
}
protected static RootBeanDefinition createSampleUsersUsingProperties() {
// properties element
RootBeanDefinition defintion = new RootBeanDefinition(PropertiesFactoryBean.class);
String location = "classpath:org/acegisecurity/config/user.properties";
defintion.getPropertyValues().addPropertyValue("location", location);
return defintion;
}
/**
*
* @param elementToParse
* @return
*/
private RootBeanDefinition parseUserDetailsServiceJdbcDefinition(Element elementToParse) {
// parse attributes
RootBeanDefinition definition = new RootBeanDefinition(JdbcDaoImpl.class);
setPropertyIfAvailable(elementToParse, DATASOURCE_REF, DATASOURCE, definition);
setPropertyIfAvailable(elementToParse, JDBCTEMPLATE_REF, JDBCTEMPLATE, definition);
setPropertyIfAvailable(elementToParse, AUTHORITIES_BY_USERNAME_QUERY, AUTHORITIES_BY_USERNAME_QUERY, definition);
setPropertyIfAvailable(elementToParse, ROLE_PREFIX, ROLE_PREFIX, definition);
setPropertyIfAvailable(elementToParse, USERNAME_BASED_PRIMARY_KEY, USERNAME_BASED_PRIMARY_KEY, definition);
return definition;
}
protected void doParseProperties(Element element, ParserContext parserContext, BeanDefinitionBuilder builder) {
Properties parsedProps = parserContext.getDelegate().parsePropsElement(element);
builder.addPropertyValue(PROPERTIES, parsedProps);
}
/**
*
* @param element
* @param attribute
* @param property
* @param definition
*/
private void setPropertyIfAvailable(Element element, String attribute, String property,
RootBeanDefinition definition) {
String propertyValue = element.getAttribute(attribute);
if (StringUtils.hasText(propertyValue)) {
if (propertyValue.equals(DATASOURCE_REF) || propertyValue.equals(JDBCTEMPLATE_REF)) {
definition.getPropertyValues().addPropertyValue(property, new RuntimeBeanReference(propertyValue));
}
else {
definition.getPropertyValues().addPropertyValue(property, propertyValue);
}
}
}
private void setPassword(Element element, UserAttribute userAttribute) {
String propertyValue = element.getAttribute(PASSWORD);
if (StringUtils.hasText(propertyValue)) {
userAttribute.setPassword(propertyValue);
}
}
private void setEnabled(Element element, UserAttribute userAttribute) {
String propertyValue = element.getAttribute(ENABLED);
if (StringUtils.hasText(propertyValue)) {
if (propertyValue.equals("true")) {
userAttribute.setEnabled(true);
}
else {
userAttribute.setEnabled(false);
}
}
}
private void setAuthorities(Element ele, UserAttribute userAttribute) {
// get authorities
NodeList childNodes = ele.getChildNodes();
ManagedList authorities = new ManagedList();
for (int i = 0, n = childNodes.getLength(); i < n; i++) {
Node authorityNode = childNodes.item(i);
if (GRANTED_AUTHORITY.equals(authorityNode.getLocalName())
&& authorityNode.getNodeType() == Element.ELEMENT_NODE) {
Element propertyValue = (Element) authorityNode;
authorities.add(new GrantedAuthorityImpl(propertyValue.getAttribute(AUTHORITY)));
}
if (GRANTED_AUTHORITY_REF.equals(authorityNode.getLocalName())
&& authorityNode.getNodeType() == Element.ELEMENT_NODE) {
Element propertyValue = (Element) authorityNode;
String attribute = propertyValue.getAttribute(AUTHORITY_BEAN_REF);
if (StringUtils.hasLength(attribute)) {
authorities.add(new RuntimeBeanReference(attribute));
}
}
}
userAttribute.setAuthorities(authorities);
}
}
@@ -1,46 +0,0 @@
/**
*
*/
package org.acegisecurity.config;
import org.acegisecurity.ui.rememberme.RememberMeProcessingFilter;
import org.springframework.beans.factory.config.RuntimeBeanReference;
import org.springframework.beans.factory.support.AbstractBeanDefinition;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import org.w3c.dom.Element;
/**
* @author vpuri
*
*@since
*/
public class RememberMeFilterBeanDefinitionParser extends AbstractBeanDefinitionParser {
private static final String REMEMBER_ME_SERVICES_REF = "rememberMeServicesBeanRef";
private static final String REMEMBER_ME_SERVICES = "rememberMeServices";
protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
Assert.notNull(parserContext, "ParserContext must not be null");
RootBeanDefinition rememberMeFilterBeanDef = new RootBeanDefinition(RememberMeProcessingFilter.class);
// check if rememberMeServicesBeanRef is defined and if it's specified use its referred bean
String rememberMeServicesRef = element.getAttribute(REMEMBER_ME_SERVICES_REF);
if (StringUtils.hasLength(rememberMeServicesRef)) {
rememberMeFilterBeanDef.getPropertyValues().addPropertyValue(REMEMBER_ME_SERVICES,
new RuntimeBeanReference(rememberMeServicesRef));
}
return rememberMeFilterBeanDef;
}
protected static RootBeanDefinition createBeanDefinitionWithDefaults(ParserContext parserContext, RootBeanDefinition authenticationManager) {
RootBeanDefinition definition= new RootBeanDefinition(RememberMeProcessingFilter.class);
definition.getPropertyValues().addPropertyValue("authenticationManager",authenticationManager);
return definition;
}
}
@@ -1,82 +0,0 @@
/**
*
*/
package org.acegisecurity.config;
import org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices;
import org.springframework.beans.factory.config.RuntimeBeanReference;
import org.springframework.beans.factory.support.AbstractBeanDefinition;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
import org.springframework.beans.factory.xml.BeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import org.w3c.dom.Element;
/**
* Parses
* @author vpuri
*
*/
public class RememberMeServicesBeanDefinitionParser extends AbstractBeanDefinitionParser implements
BeanDefinitionParser {
private static final String PRINCIPAL_REPOSITORY_BEAN_REF = "principalRepositoryBeanRef";
private static final String USER_DETAILS_SERVICE_PROPERTY = "userDetailsService";
/*
* key is optional; if unspecified, pick a rnd int and use for all
* unspecified key properties for acegi beans
*/
private static final String KEY = "key";
protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
RootBeanDefinition rememberMeServicesBeanDef = createBeanDefinition(element, parserContext);
return rememberMeServicesBeanDef;
}
private RootBeanDefinition createBeanDefinition(Element element, ParserContext parserContext) {
Assert.notNull(parserContext, "ParserContext must not be null");
RootBeanDefinition rememberMeServicesBeanDef = new RootBeanDefinition(TokenBasedRememberMeServices.class);
String keyValue = "";
String rememberMeServicesRef = "";
if (element != null) {
keyValue = element.getAttribute(KEY);
if (StringUtils.hasLength(keyValue)) {
rememberMeServicesBeanDef.getPropertyValues().addPropertyValue(KEY, keyValue);
}
else {
/*
* TODO: pick a rnd int and apply it whenver required in
* applicationcontext
*/
}
// check if rememberMeServicesBeanRef is defined and if it's
// specified
// use its referred bean
rememberMeServicesRef = element.getAttribute(PRINCIPAL_REPOSITORY_BEAN_REF);
if (StringUtils.hasLength(rememberMeServicesRef)) {
rememberMeServicesBeanDef.getPropertyValues().addPropertyValue(USER_DETAILS_SERVICE_PROPERTY,
new RuntimeBeanReference(rememberMeServicesRef));
}
}
return rememberMeServicesBeanDef;
}
protected static RootBeanDefinition createAndRegisterBeanDefintionWithDefaults(ParserContext parserContext){
RootBeanDefinition beanDefinition = new RootBeanDefinition(TokenBasedRememberMeServices.class);
beanDefinition.getPropertyValues().addPropertyValue(KEY, "key");
parserContext.getReaderContext().registerWithGeneratedName(beanDefinition);
return beanDefinition;
}
}
@@ -1,21 +0,0 @@
/**
*
*/
package org.acegisecurity.config;
import org.springframework.beans.factory.xml.NamespaceHandlerSupport;
/**
* @author Vishal Puri
*
*/
public class SecurityAutoDetectNamepsaceHandler extends NamespaceHandlerSupport {
/* (non-Javadoc)
* @see org.springframework.beans.factory.xml.NamespaceHandler#init()
*/
public void init() {
registerBeanDefinitionParser("autoconfig", new AutoConfigBeanDefinitionParser());
}
}
@@ -1,37 +0,0 @@
/**
*
*/
package org.acegisecurity.config;
import org.springframework.beans.factory.xml.BeanDefinitionParser;
import org.springframework.beans.factory.xml.NamespaceHandlerSupport;
/**
* {@link org.springframework.beans.factory.xml.NamespaceHandler} for the '<code>security</code>' namespace.
* @author vpuri
*
* @since
*/
public class SecurityNamespaceHandler extends NamespaceHandlerSupport {
/**
* Register the {@link BeanDefinitionParser BeanDefinitionParsers} for the
* '<code>context-integration</code>', ' and '<code></code>' elements.
*/
public void init() {
registerBeanDefinitionParser("principal-repository", new PrincipalRepositoryBeanDefinitionParser());
registerBeanDefinitionParser("session-context-integration", new ContextIntegrationBeanDefinitionParser());
registerBeanDefinitionParser("authentication-repository", new AuthenticationRepositoryBeanDefinitionParser());
registerBeanDefinitionParser("authentication-mechanism", new AuthenticationMechanismBeanDefinitionParser());
registerBeanDefinitionParser("authentication-remember-me-services", new RememberMeServicesBeanDefinitionParser());
registerBeanDefinitionParser("authentication-remember-me-filter", new RememberMeFilterBeanDefinitionParser());
registerBeanDefinitionParser("logout-support", new LogoutFilterBeanDefinitionParser());
registerBeanDefinitionParser("exception-translation", new ExceptionTranslationFilterBeanDefinitionParser());
registerBeanDefinitionParser("authentication-form", new AuthenticationProcessingFilterBeanDefinitionParser());
registerBeanDefinitionParser("authorization-manager", new AuthorizationManagerBeanDefinitionParser());
registerBeanDefinitionParser("authorization-http-url", new FilterSecurityInterceptorBeanDefinitionParser());
registerBeanDefinitionParser("authorization-joinpoint", new AuthorizationMethodBeanDefinitionParser());
registerBeanDefinitionParser("autoconfig", new AutoConfigBeanDefinitionParser());
}
}
@@ -1,239 +0,0 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.acegisecurity.ui.basicauth;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.acegisecurity.Authentication;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.AuthenticationManager;
import org.acegisecurity.context.SecurityContextHolder;
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.acegisecurity.ui.AuthenticationDetailsSource;
import org.acegisecurity.ui.AuthenticationDetailsSourceImpl;
import org.acegisecurity.ui.AuthenticationEntryPoint;
import org.acegisecurity.ui.rememberme.RememberMeServices;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.core.Ordered;
import org.springframework.util.Assert;
/**
* Processes a HTTP request's BASIC authorization headers, putting the result into the
* <code>SecurityContextHolder</code>.<p>For a detailed background on what this filter is designed to process,
* refer to <A HREF="http://www.faqs.org/rfcs/rfc1945.html">RFC 1945, Section 11.1</A>. Any realm name presented in
* the HTTP request is ignored.</p>
* <p>In summary, this filter is responsible for processing any request that has a HTTP request header of
* <code>Authorization</code> with an authentication scheme of <code>Basic</code> and a Base64-encoded
* <code>username:password</code> token. For example, to authenticate user "Aladdin" with password "open sesame" the
* following header would be presented:</p>
* <p><code>Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==</code>.</p>
* <p>This filter can be used to provide BASIC authentication services to both remoting protocol clients (such as
* Hessian and SOAP) as well as standard user agents (such as Internet Explorer and Netscape).</p>
* <P>If authentication is successful, the resulting {@link Authentication} object will be placed into the
* <code>SecurityContextHolder</code>.</p>
* <p>If authentication fails and <code>ignoreFailure</code> is <code>false</code> (the default), an {@link
* AuthenticationEntryPoint} implementation is called. Usually this should be {@link BasicProcessingFilterEntryPoint},
* which will prompt the user to authenticate again via BASIC authentication.</p>
* <p>Basic authentication is an attractive protocol because it is simple and widely deployed. However, it still
* transmits a password in clear text and as such is undesirable in many situations. Digest authentication is also
* provided by Acegi Security and should be used instead of Basic authentication wherever possible. See {@link
* org.acegisecurity.ui.digestauth.DigestProcessingFilter}.</p>
* <p>Note that if a {@link #rememberMeServices} is set, this filter will automatically send back remember-me
* details to the client. Therefore, subsequent requests will not need to present a BASIC authentication header as
* they will be authenticated using the remember-me mechanism.</p>
* <p><b>Do not use this class directly.</b> Instead configure <code>web.xml</code> to use the {@link
* org.acegisecurity.util.FilterToBeanProxy}.</p>
*
* @author Ben Alex
* @version $Id: BasicProcessingFilter.java 1783 2007-02-23 19:21:44Z luke_t $
*/
public class BasicProcessingFilter implements Filter, InitializingBean, Ordered {
//~ Static fields/initializers =====================================================================================
private static final Log logger = LogFactory.getLog(BasicProcessingFilter.class);
//~ Instance fields ================================================================================================
private AuthenticationDetailsSource authenticationDetailsSource = new AuthenticationDetailsSourceImpl();
private AuthenticationEntryPoint authenticationEntryPoint;
private AuthenticationManager authenticationManager;
private RememberMeServices rememberMeServices;
private boolean ignoreFailure = false;
private int order;
//~ Methods ========================================================================================================
public void afterPropertiesSet() throws Exception {
Assert.notNull(this.authenticationManager, "An AuthenticationManager is required");
Assert.notNull(this.authenticationEntryPoint, "An AuthenticationEntryPoint is required");
}
public void destroy() {}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
if (!(request instanceof HttpServletRequest)) {
throw new ServletException("Can only process HttpServletRequest");
}
if (!(response instanceof HttpServletResponse)) {
throw new ServletException("Can only process HttpServletResponse");
}
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
String header = httpRequest.getHeader("Authorization");
if (logger.isDebugEnabled()) {
logger.debug("Authorization header: " + header);
}
if ((header != null) && header.startsWith("Basic ")) {
String base64Token = header.substring(6);
String token = new String(Base64.decodeBase64(base64Token.getBytes()));
String username = "";
String password = "";
int delim = token.indexOf(":");
if (delim != -1) {
username = token.substring(0, delim);
password = token.substring(delim + 1);
}
if (authenticationIsRequired(username)) {
UsernamePasswordAuthenticationToken authRequest =
new UsernamePasswordAuthenticationToken(username, password);
authRequest.setDetails(authenticationDetailsSource.buildDetails((HttpServletRequest) request));
Authentication authResult;
try {
authResult = authenticationManager.authenticate(authRequest);
} catch (AuthenticationException failed) {
// Authentication failed
if (logger.isDebugEnabled()) {
logger.debug("Authentication request for user: " + username + " failed: " + failed.toString());
}
SecurityContextHolder.getContext().setAuthentication(null);
if (rememberMeServices != null) {
rememberMeServices.loginFail(httpRequest, httpResponse);
}
if (ignoreFailure) {
chain.doFilter(request, response);
} else {
authenticationEntryPoint.commence(request, response, failed);
}
return;
}
// Authentication success
if (logger.isDebugEnabled()) {
logger.debug("Authentication success: " + authResult.toString());
}
SecurityContextHolder.getContext().setAuthentication(authResult);
if (rememberMeServices != null) {
rememberMeServices.loginSuccess(httpRequest, httpResponse, authResult);
}
}
}
chain.doFilter(request, response);
}
private boolean authenticationIsRequired(String username) {
// Only reauthenticate if username doesn't match SecurityContextHolder and user isn't authenticated
// (see SEC-53)
Authentication existingAuth = SecurityContextHolder.getContext().getAuthentication();
if(existingAuth == null || !existingAuth.isAuthenticated()) {
return true;
}
// Limit username comparison to providers which use usernames (ie UsernamePasswordAuthenticationToken)
// (see SEC-348)
if (existingAuth instanceof UsernamePasswordAuthenticationToken && !existingAuth.getName().equals(username)) {
return true;
}
return false;
}
public AuthenticationEntryPoint getAuthenticationEntryPoint() {
return authenticationEntryPoint;
}
public AuthenticationManager getAuthenticationManager() {
return authenticationManager;
}
public void init(FilterConfig arg0) throws ServletException {}
public boolean isIgnoreFailure() {
return ignoreFailure;
}
public void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource) {
Assert.notNull(authenticationDetailsSource, "AuthenticationDetailsSource required");
this.authenticationDetailsSource = authenticationDetailsSource;
}
public void setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint) {
this.authenticationEntryPoint = authenticationEntryPoint;
}
public void setAuthenticationManager(AuthenticationManager authenticationManager) {
this.authenticationManager = authenticationManager;
}
public void setIgnoreFailure(boolean ignoreFailure) {
this.ignoreFailure = ignoreFailure;
}
public void setRememberMeServices(RememberMeServices rememberMeServices) {
this.rememberMeServices = rememberMeServices;
}
public int getOrder() {
return order;
}
public void setOrder(int order) {
this.order = order;
}
}
@@ -1,89 +0,0 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.acegisecurity.ui.basicauth;
import java.io.IOException;
import java.util.Map;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.ui.AuthenticationEntryPoint;
import org.acegisecurity.util.OrderedUtils;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import org.springframework.core.Ordered;
import org.springframework.util.Assert;
/**
* Used by the <code>SecurityEnforcementFilter</code> to commence authentication via the {@link
* BasicProcessingFilter}.<P>Once a user agent is authenticated using BASIC authentication, logout requires that
* the browser be closed or an unauthorized (401) header be sent. The simplest way of achieving the latter is to call
* the {@link #commence(ServletRequest, ServletResponse, AuthenticationException)} method below. This will indicate to
* the browser its credentials are no longer authorized, causing it to prompt the user to login again.</p>
*
* @author Ben Alex
* @version $Id: BasicProcessingFilterEntryPoint.java 1822 2007-05-17 12:20:16Z vishalpuri $
*/
public class BasicProcessingFilterEntryPoint implements AuthenticationEntryPoint, InitializingBean, Ordered, ApplicationContextAware {
//~ Instance fields ================================================================================================
private static final int DEFAULT_ORDER = Integer.MAX_VALUE;
private String realmName;
private int order = DEFAULT_ORDER;
private ApplicationContext applicationContext;
//~ Methods ========================================================================================================
public int getOrder() {
return order;
}
public void setOrder(int order) {
this.order = order;
}
public void afterPropertiesSet() throws Exception {
Assert.hasText(realmName, "realmName must be specified");
if (order == DEFAULT_ORDER) {
OrderedUtils.copyOrderFromOtherClass(BasicProcessingFilter.class, applicationContext, this, true);
}
}
public void commence(ServletRequest request, ServletResponse response, AuthenticationException authException)
throws IOException, ServletException {
HttpServletResponse httpResponse = (HttpServletResponse) response;
httpResponse.addHeader("WWW-Authenticate", "Basic realm=\"" + realmName + "\"");
httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, authException.getMessage());
}
public String getRealmName() {
return realmName;
}
public void setRealmName(String realmName) {
this.realmName = realmName;
}
public void setApplicationContext(ApplicationContext applicationContext) {
this.applicationContext = applicationContext;
}
}
@@ -1,5 +0,0 @@
<html>
<body>
Authenticates HTTP BASIC authentication requests.
</body>
</html>
@@ -1,88 +0,0 @@
/**
*
*/
package org.acegisecurity.util;
import org.springframework.beans.factory.config.RuntimeBeanNameReference;
import org.springframework.beans.factory.config.RuntimeBeanReference;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.util.StringUtils;
import org.w3c.dom.Element;
/**
* The convenience methods for the parsing of bean definition xml file.
*
* @author Vishal Puri
*
*/
public class BeanDefinitionParserUtils {
// ~ Constructor
// ================================================================================================
/**
* Prevents instantiation
*/
private BeanDefinitionParserUtils() {
}
// ~ Method
// ================================================================================================
public static void setConstructorArgumentIfAvailable(int index, Element element, String attribute,
boolean isRunTimeBeanReference, RootBeanDefinition definition) {
String propertyValue = element.getAttribute(attribute);
if (StringUtils.hasText(propertyValue)) {
if (!isRunTimeBeanReference) {
definition.getConstructorArgumentValues().addIndexedArgumentValue(index, propertyValue);
}
else {
definition.getConstructorArgumentValues().addIndexedArgumentValue(index,
new RuntimeBeanNameReference(propertyValue));
}
}
}
/**
* <p>
* Configure a <code>BeanDefinition</code>with the property value
* retrieved from xml attribute. If the attribute is like a standard spring
* 'ref' attribute as indicated by 'isRunTimeBeanReference', the property
* will be resolved as a reference to the spring bean.
* </p>
*
* @param element The parent element.
* @param attribute The child attribute.
* @param property The configuration property for the BeanDefinition
* @param isRunTimeBeanReference Indicates if the property is like a
* standard spring 'ref' attribute.
* @param definition The BeanDefinition to configure with the property
* provided.
* @return boolean To indicate if BeanDefinition was configured with a
* property.
*/
public static boolean setPropertyIfAvailable(Element element, String attribute, String property,
boolean isRunTimeBeanReference, RootBeanDefinition definition) {
String propertyValue = element.getAttribute(attribute);
if (StringUtils.hasText(propertyValue)) {
if (!isRunTimeBeanReference) {
definition.getPropertyValues().addPropertyValue(property, propertyValue);
return true;
}
else {
definition.getPropertyValues().addPropertyValue(property, new RuntimeBeanReference(propertyValue));
return true;
}
}
return false;
}
/**
* @param parserContext
* @param defintion
*/
public static void registerBeanDefinition(ParserContext parserContext, RootBeanDefinition defintion) {
parserContext.getRegistry().registerBeanDefinition(
parserContext.getReaderContext().generateBeanName(defintion), defintion);
}
}
@@ -1,66 +0,0 @@
package org.acegisecurity.util;
import java.lang.reflect.Method;
import java.util.Map;
import org.springframework.context.ApplicationContext;
import org.springframework.core.Ordered;
import org.springframework.util.Assert;
import org.springframework.util.ReflectionUtils;
/**
* Proivdes common logic for manipulating classes implementing the Spring
* {@link Ordered} interface.
*
* @author Ben Alex
* @author Vishal Puri
*/
public abstract class OrderedUtils {
/**
* Introspects the application context for a single instance of <code>sourceClass</code>. If found, the order from the source
* class instance is copied into the <code>destinationObject</code>. If more than one instance of <code>sourceClass</code>
* is found, the method throws <code>IllegalStateException</code>.
*
* <p>The <code>destinationObject</code> is required to provide a public <code>setOrder(int)</code> method to permit
* mutation of the order property.
*
* @param sourceClass to locate in the application context (must be assignable to Ordered)
* @param applicationContext to locate the class
* @param destinationObject to copy the order into (must provide public setOrder(int) method)
* @param skipIfMoreThanOneCandidateSourceClassInstance if the application context provides more than one potential source, skip modifications (if false, the first located matching source will be used)
* @return whether or not the destination class was updated
*/
public static boolean copyOrderFromOtherClass(Class sourceClass, ApplicationContext applicationContext, Object destinationObject, boolean skipIfMoreThanOneCandidateSourceClassInstance) {
Assert.notNull(sourceClass, "Source class required");
Assert.notNull(applicationContext, "ApplicationContext required");
Assert.notNull(destinationObject, "Destination object required");
Assert.isAssignable(Ordered.class, sourceClass, "Source class " + sourceClass + " must be assignable to Ordered");
Map map = applicationContext.getBeansOfType(sourceClass);
if (map.size() == 0) {
return false;
} else if (map.size() > 1 && skipIfMoreThanOneCandidateSourceClassInstance) {
return false;
} else {
copyOrderFromOtherObject((Ordered)map.values().iterator().next(), destinationObject);
return true;
}
}
/**
* Copies the order property from the <code>sourceObject</code> into the <code>destinationObject</code>.
*
* <p>The <code>destinationObject</code> is required to provide a public <code>setOrder(int)</code> method to permit
* mutation of the order property.
*
* @param sourceObject to copy the order from
* @param destinationObject to copy the order into (must provide public setOrder(int) method)
*/
public static void copyOrderFromOtherObject(Ordered sourceObject, Object destinationObject) {
Assert.notNull(sourceObject, "Source object required");
Assert.notNull(destinationObject, "Destination object required");
Method m = ReflectionUtils.findMethod(destinationObject.getClass(), "setOrder", new Class[] {int.class});
Assert.notNull(m, "Method setOrder(int) not found on " + destinationObject.getClass());
ReflectionUtils.invokeMethod(m, destinationObject, new Object[] { Integer.valueOf((sourceObject.getOrder()))});
}
}
@@ -1,5 +0,0 @@
<html>
<body>
General utility classes used throughout the Acegi Security System.
</body>
</html>
@@ -1,4 +0,0 @@
angelina=black,ROLE_ADMIN
brad=grey,ROLE_TELLER,ROLE_PERMISSION_LIST
paris=pink,ROLE_TELLER
bono=sunny,ROLE_PERMISSION_LIST
@@ -1,686 +0,0 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<xsd:schema xmlns="http://www.springframework.org/schema/security"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
targetNamespace="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
elementFormDefault="qualified" attributeFormDefault="unqualified">
<xsd:import namespace="http://www.springframework.org/schema/beans" />
<xsd:element name="autoconfig" />
<xsd:element name="session-context-integration">
<xsd:complexType>
<xsd:attribute name="id" type="xsd:ID">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
The unique identifier for a bean.
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="sessionCreation"
default="ifRequired">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
Indicates if this filter can create a HttpSession if
needed (sessions are always created sparingly, but setting this value to
false will prohibit sessions from ever being created).
Defaults to true. Do not set to false if
you have set forceEagerSessionCreation to true ,
as the properties would be in conflict.
]]>
</xsd:documentation>
</xsd:annotation>
<xsd:simpleType>
<xsd:restriction base="xsd:string">
<xsd:enumeration value="ifRequired" />
<xsd:enumeration value="never" />
<xsd:enumeration value="always" />
</xsd:restriction>
</xsd:simpleType>
</xsd:attribute>
<xsd:attribute name="forceEagerSessionCreation"
default="false" type="defaultable-boolean" use="optional">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
Indicates if this filter is required to create a 'HttpSession'
for every request before proceeding through the filter chain, even if the
'HttpSession' would not ordinarily have been created. By
default this is 'false', which is entirely appropriate for
most circumstances as you do not want a 'HttpSession'
created unless the filter actually needs one. It is envisaged the main
situation in which this property would be set to 'true' is
if using other filters that depend on a 'HttpSession'
already existing, such as those which need to obtain a session ID. This
is only required in specialised cases, so leave it set to
'false' unless you have an actual requirement and are
conscious of the session creation overhead.
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="cloneFromHttpSession" default="false"
type="defaultable-boolean" use="optional">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
Indicates whether the <code>SecurityContext</code> will be cloned from
the HttpSession. The default is to simply reference (ie
the default is 'false'. The default may cause issues if
concurrent threads need to have a different security identity from other
threads being concurrently processed that share the same
<code>HttpSession</code>. In most normal environments this does not
represent an issue, as changes to the security identity in one thread is
allowed to affect the security identitiy in other threads associated with
the same 'HttpSession'.
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
</xsd:complexType>
</xsd:element>
<xsd:element name="authentication-remember-me-filter"
type="RememberMeFilter">
<xsd:annotation>
<xsd:documentation
source="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter">
<![CDATA[
makes the filter, but does little else, as it auto-detects everything
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:element>
<xsd:complexType name="RememberMeFilter">
<xsd:attribute name="id" type="xsd:ID">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
The unique identifier for a bean.
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="rememberMeServicesBeanRef"
type="xsd:string" use="optional" />
</xsd:complexType>
<xsd:element name="authentication-remember-me-services"
type="RememberMeServices" />
<xsd:complexType name="RememberMeServices">
<xsd:attribute name="id" type="xsd:ID">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
The unique identifier for a bean.
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="key" type="xsd:string" use="optional" />
<xsd:attribute name="principalRepositoryBeanRef"
type="xsd:string" use="optional" />
</xsd:complexType>
<!-- Logout Filter -->
<xsd:element name="logout-support">
<xsd:complexType>
<!-- Write other attributes -->
<xsd:attribute name="id" type="xsd:ID">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
The unique identifier for a bean.
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="redirectAfterLogoutUrl"
type="xsd:string" default="/" />
<xsd:attribute name="logoutUrl" type="xsd:string"
default="/logout" />
<xsd:anyAttribute namespace="##other" processContents="lax" />
</xsd:complexType>
</xsd:element>
<!-- Exception Translation Filter -->
<xsd:element name="exception-translation"
type="ExceptionTranslation" />
<xsd:complexType name="ExceptionTranslation">
<xsd:all>
<xsd:element ref="entry-point" maxOccurs="1" />
<xsd:element ref="access-denied" maxOccurs="1"
minOccurs="0" />
</xsd:all>
<xsd:attribute name="id" type="xsd:ID">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
The unique identifier for a bean.
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
</xsd:complexType>
<xsd:element name="entry-point">
<xsd:complexType>
<xsd:attribute name="entryPointBeanRef" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="access-denied">
<xsd:complexType>
<xsd:attribute name="accessDeniedUrl" type="xsd:string"
use="optional" />
<xsd:attribute name="accessDeniedBeanRef" type="xsd:string"
use="optional" />
</xsd:complexType>
</xsd:element>
<!-- AuthenticationProcessigFilter -->
<xsd:element name="authentication-form"
type="AuthenticationProcessingFilter" />
<xsd:complexType name="AuthenticationProcessingFilter">
<xsd:attribute name="id" type="xsd:ID">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
The unique identifier for a bean.
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="authenticationUrl" type="xsd:string"
use="required">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
The URL destination that this filter intercepts and processes (usually something like
/login)
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="defaultTargetUrl" type="xsd:string"
use="required">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
Where to redirect the browser to if authentication is successful but ACEGI_SAVED_REQUEST_KEY is
null
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="errorFormUrl" type="xsd:string"
use="required">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
Where to redirect the browser to if authentication fails.
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
</xsd:complexType>
<xsd:element name="authentication-mechanism"
type="AuthenticationManager">
<xsd:annotation>
<xsd:documentation
source="org.acegisecurity.providers.ProviderManager">
<![CDATA[
Resolves to 'org.acegisecurity.providers.ProviderManager'
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:element>
<xsd:complexType name="AuthenticationManager">
<xsd:sequence>
<xsd:element ref="authentication-jdbc" minOccurs="0"
maxOccurs="1" />
<xsd:element ref="authentication-ldap" minOccurs="0"
maxOccurs="1" />
</xsd:sequence>
<xsd:attribute name="id" type="xsd:ID">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
The unique identifier for a bean.
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
</xsd:complexType>
<xsd:element name="authentication-jdbc">
<xsd:annotation>
<xsd:documentation
source="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
<![CDATA[
if not specified will be auto-tetected from the ApplicationContext and tried in order
]]>
</xsd:documentation>
</xsd:annotation>
<xsd:complexType>
<xsd:attribute name="ref" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="authentication-ldap">
<xsd:annotation>
<xsd:documentation
source="org.acegisecurity.providers.ldap.LdapAuthenticationProvider">
<![CDATA[
if not specified will be auto-tetected from the ApplicationContext and tried in order
]]>
</xsd:documentation>
</xsd:annotation>
<xsd:complexType>
<xsd:sequence>
<xsd:element name="property">
<xsd:complexType>
<xsd:complexContent>
<xsd:extension base="beans:propertyType"></xsd:extension>
</xsd:complexContent>
</xsd:complexType>
</xsd:element>
</xsd:sequence>
<xsd:attribute name="ldapUrl" type="xsd:string">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
The LDAP url of the server (and root context) to connect to.
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="managerDn" type="xsd:string">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
The LDAP url of the server (and root context) to connect to.
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="managerPassword" type="xsd:string">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
The manager user's password.
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="groupSearchBase" type="xsd:string">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="groupRoleAttribute"
type="xsd:string">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
</xsd:complexType>
</xsd:element>
<xsd:element name="principal-repository" type="PrincipalRepository" />
<xsd:complexType name="PrincipalRepository">
<xsd:choice>
<xsd:element ref="jdbc" minOccurs="0" maxOccurs="1" />
<xsd:element ref="ldap" minOccurs="0" maxOccurs="1" />
<xsd:element ref="properties" minOccurs="0" maxOccurs="1" />
<xsd:element ref="user-definition" minOccurs="0"
maxOccurs="unbounded" />
</xsd:choice>
<xsd:attribute name="id" type="xsd:ID">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
The unique identifier for a bean.
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
</xsd:complexType>
<xsd:element name="jdbc">
<xsd:complexType>
<xsd:attribute name="dataSourceBeanRef" type="xsd:string" />
<xsd:attribute name="authoritiesByUsernameQuery"
type="xsd:string" use="optional" />
<xsd:attribute name="jdbcTemplateBeanRef" type="xsd:string"
use="optional" />
<xsd:attribute name="rolePrefix" type="xsd:string"
use="optional" />
<xsd:attribute name="usernameBasedPrimaryKey"
type="xsd:boolean" use="optional" />
<xsd:attribute name="usersByUsernameQuery" type="xsd:string"
use="optional" />
</xsd:complexType>
</xsd:element>
<xsd:element name="ldap">
<xsd:complexType>
<xsd:attribute name="not-yet-defined" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="properties">
<xsd:complexType>
<xsd:attribute name="resource" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="user-definition">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="granted-authority" minOccurs="0"
maxOccurs="unbounded">
<xsd:complexType>
<xsd:attribute name="authority"
type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
<xsd:element name="granted-authority-ref" minOccurs="0"
maxOccurs="unbounded">
<xsd:complexType>
<xsd:attribute name="authorityBeanRef"
type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:sequence>
<xsd:attribute name="username" type="xsd:string"
use="required" />
<xsd:attribute name="password" type="xsd:string" />
<xsd:attribute name="enabled" type="xsd:boolean" />
<xsd:anyAttribute namespace="##local"
processContents="strict" />
</xsd:complexType>
</xsd:element>
<xsd:element name="authentication-repository"
type="AuthenticationRepositoryType" />
<xsd:complexType name="AuthenticationRepositoryType">
<xsd:sequence>
<xsd:element name="salt-source" type="SaltSource"
minOccurs="0" maxOccurs="1" />
<xsd:element name="password-encoder" type="PasswordEncoder"
minOccurs="0" maxOccurs="1" />
</xsd:sequence>
<xsd:attributeGroup ref="AuthenticationRepositoryAttributes" />
</xsd:complexType>
<!-- <security:salt-source source="systemwide|reflection" salt="salt"/> -->
<xsd:complexType name="SaltSource">
<xsd:sequence>
<xsd:choice minOccurs="0" maxOccurs="1">
<xsd:element name="system-wide">
<xsd:complexType>
<xsd:attribute name="systemWideSalt"
type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="reflection">
<xsd:complexType>
<xsd:attribute name="userPropertyToUse"
type="xsd:string" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:sequence>
<xsd:attribute name="saltSourceBeanRef" type="xsd:string"
use="optional" />
</xsd:complexType>
<xsd:complexType name="PasswordEncoder">
<xsd:sequence>
<xsd:choice minOccurs="0" maxOccurs="1">
<xsd:element name="encoder">
<xsd:complexType>
<xsd:attribute name="method" type="encoders" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:sequence>
<xsd:attribute name="encoderBeanRef" type="xsd:string"
use="optional" />
</xsd:complexType>
<xsd:attributeGroup name="AuthenticationRepositoryAttributes">
<xsd:attribute name="id" type="xsd:ID">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
The unique identifier for a bean.
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="repositoryBeanRef" type="xsd:string">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
Reference of a bean.
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
</xsd:attributeGroup>
<xsd:element name="authorization-http-url"
type="AuthorizationHttpUrlType">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
Specify security:uri-patterns in order of processing; each pattern must specify EITHER a
regularExpression OR a path, but not both and ALL patterns in the url-mapping MUST be of the
SAME type (ie cannot mix a regular expression and Ant Path) - exception will be thrown if tried
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:element>
<xsd:complexType name="AuthorizationHttpUrlType">
<xsd:sequence minOccurs="1" maxOccurs="1">
<xsd:element name="url-mapping" type="UrlMappingType"></xsd:element>
</xsd:sequence>
<xsd:attribute name="id" type="xsd:ID">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
The unique identifier for a bean.
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
</xsd:complexType>
<xsd:complexType name="UrlMappingType">
<xsd:sequence minOccurs="1" maxOccurs="unbounded">
<xsd:element name="uri-pattern" type="UriPatternType" />
</xsd:sequence>
<xsd:attribute name="source" type="xsd:string" default="xml" />
<xsd:attribute name="sourceBeanId" type="xsd:string">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
Reference to an external ObjectDefinitionSource.
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
</xsd:complexType>
<xsd:complexType name="UriPatternType">
<xsd:sequence minOccurs="1" maxOccurs="unbounded">
<xsd:element name="configuration-attribute"
type="ConfigurationAttributeType" />
</xsd:sequence>
<xsd:attribute name="path" type="xsd:string" use="optional" />
<xsd:attribute name="regularExpression" type="xsd:string"
use="optional" />
</xsd:complexType>
<xsd:complexType name="ConfigurationAttributeType">
<xsd:attribute name="attribute" type="xsd:string" />
</xsd:complexType>
<xsd:element name="authorization-manager"
type="AuthorizationManagerType" />
<xsd:complexType name="AuthorizationManagerType">
<xsd:sequence>
<xsd:element name="role-voter" type="xsd:string"
minOccurs="0" maxOccurs="1" />
<xsd:element name="authenticated-voter" type="xsd:string"
minOccurs="0" maxOccurs="1" />
</xsd:sequence>
<xsd:attribute name="id" type="xsd:ID">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
The unique identifier for a bean.
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="strategy" type="response"
default="affirmative" />
</xsd:complexType>
<!-- Authorization JointPoint -->
<xsd:element name="authorization-joinpoint"
type="AuthorizationJointPointType">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:element>
<xsd:complexType name="AuthorizationJointPointType">
<xsd:sequence minOccurs="1" maxOccurs="1">
<xsd:element name="url-mapping"
type="JointPointMappingType">
</xsd:element>
</xsd:sequence>
<xsd:attribute name="id" type="xsd:ID">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
The unique identifier for a bean.
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="springAop" type="xsd:boolean"
use="optional" />
<xsd:attribute name="aspectj" type="xsd:boolean" use="optional" />
</xsd:complexType>
<xsd:complexType name="JointPointMappingType">
<xsd:sequence minOccurs="1" maxOccurs="unbounded">
<xsd:element name="method-pattern" type="MethodPatternType" />
</xsd:sequence>
<xsd:attribute name="source" type="MethodInterceptorType"
default="xml" />
<xsd:attribute name="sourceBeanId" type="xsd:string">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
Reference to an external ObjectDefinitionSource.
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
</xsd:complexType>
<xsd:complexType name="MethodPatternType">
<xsd:sequence minOccurs="1" maxOccurs="unbounded">
<xsd:element name="configuration-attribute"
type="ConfigurationAttributeType" />
</xsd:sequence>
<xsd:attribute name="type" type="xsd:string" />
</xsd:complexType>
<xsd:simpleType name="response">
<xsd:restriction base="xsd:NMTOKEN">
<xsd:enumeration value="consensus" />
<xsd:enumeration value="unanimous" />
<xsd:enumeration value="affirmative" />
</xsd:restriction>
</xsd:simpleType>
<xsd:simpleType name="MethodInterceptorType">
<xsd:restriction base="xsd:NMTOKEN">
<xsd:enumeration value="xml" />
<xsd:enumeration value="attributes" />
<xsd:enumeration value="annotations" />
<xsd:enumeration value="custom" />
</xsd:restriction>
</xsd:simpleType>
<!-- simple internal types -->
<xsd:simpleType name="defaultable-boolean">
<xsd:restriction base="xsd:NMTOKEN">
<xsd:enumeration value="true" />
<xsd:enumeration value="false" />
</xsd:restriction>
</xsd:simpleType>
<xsd:simpleType name="encoders">
<xsd:restriction base="xsd:NMTOKEN">
<xsd:enumeration value="md5" />
<xsd:enumeration value="md5Hex" />
<xsd:enumeration value="sha" />
<xsd:enumeration value="shaHex" />
<xsd:enumeration value="custom" />
</xsd:restriction>
</xsd:simpleType>
</xsd:schema>
@@ -1,38 +0,0 @@
package org.acegisecurity;
import junit.framework.Test;
import junit.framework.TestCase;
import junit.framework.TestSuite;
/**
* Unit test for simple App.
*/
public class AppTest
extends TestCase
{
/**
* Create the test case
*
* @param testName name of the test case
*/
public AppTest( String testName )
{
super( testName );
}
/**
* @return the suite of tests being tested
*/
public static Test suite()
{
return new TestSuite( AppTest.class );
}
/**
* Rigourous Test :-)
*/
public void testApp()
{
assertTrue( true );
}
}
@@ -1,99 +0,0 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.acegisecurity;
import junit.framework.TestCase;
import org.acegisecurity.AccessDeniedException;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.GrantedAuthorityImpl;
import org.acegisecurity.context.SecurityContextHolder;
import org.acegisecurity.context.SecurityContextImpl;
import org.acegisecurity.providers.TestingAuthenticationToken;
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.springframework.context.support.ClassPathXmlApplicationContext;
/**
* Tests security objects.
*
* @author Ben Alex
* @version $Id: BankTests.java 1496 2006-05-23 13:38:33Z benalex $
*/
public class BankTests extends TestCase {
//~ Instance fields ================================================================================================
private BankService service;
private ClassPathXmlApplicationContext ctx;
//~ Constructors ===================================================================================================
public BankTests() {
super();
}
public BankTests(String arg0) {
super(arg0);
}
//~ Methods ========================================================================================================
private static void createSecureContext() {
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("test", "test",
new GrantedAuthority[] {
new GrantedAuthorityImpl("ROLE_TELLER"), new GrantedAuthorityImpl("ROLE_PERMISSION_LIST")
});
SecurityContextHolder.getContext().setAuthentication(auth);
}
private static void destroySecureContext() {
SecurityContextHolder.setContext(new SecurityContextImpl());
}
public static void main(String[] args) {
junit.textui.TestRunner.run(BankTests.class);
}
public final void setUp() throws Exception {
super.setUp();
ctx = new ClassPathXmlApplicationContext("org/acegisecurity/config/auto-config.xml");
service = (BankService) ctx.getBean("bankService");
}
public void testDeniedAccess() throws Exception {
createSecureContext();
try {
service.balance("1");
fail("Should have thrown AccessDeniedException");
} catch (AccessDeniedException expected) {
assertTrue(true);
}
destroySecureContext();
}
public void testListAccounts() throws Exception {
createSecureContext();
service.listAccounts();
destroySecureContext();
}
}
@@ -1,25 +0,0 @@
/**
*
*/
package org.acegisecurity.config;
import org.acegisecurity.providers.ProviderManager;
import org.acegisecurity.providers.dao.DaoAuthenticationProvider;
import org.springframework.context.ApplicationContext;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import junit.framework.TestCase;
/**
* @author vpuri
*
*/
public class AuthenticationMechanismNamespaceTests extends TestCase {
public void testParserDefaults() {
ApplicationContext context = new ClassPathXmlApplicationContext(
"org/acegisecurity/config/remember-me-defaults.xml");
ProviderManager mgr = (ProviderManager) context.getBean("authenticationManager");
assertEquals(1, mgr.getProviders().size());
assertTrue(mgr.getProviders().get(0) instanceof DaoAuthenticationProvider);
}
}
@@ -1,25 +0,0 @@
/**
*
*/
package org.acegisecurity.config;
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
import org.springframework.context.ApplicationContext;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import junit.framework.TestCase;
/**
* @author vpuri
*
*/
public class AuthenticationProcessingFilterNamespaceTests extends TestCase {
public void testAuthenticationFilterBeanDefinition() {
ApplicationContext context = new ClassPathXmlApplicationContext(
"org/acegisecurity/config/authentication-form-filter.xml");
ConfigurableListableBeanFactory factory = (ConfigurableListableBeanFactory) context
.getAutowireCapableBeanFactory();
}
}
@@ -1,120 +0,0 @@
/**
*
*/
package org.acegisecurity.config;
import junit.framework.TestCase;
import org.acegisecurity.providers.AuthenticationProvider;
import org.acegisecurity.providers.dao.DaoAuthenticationProvider;
import org.acegisecurity.providers.dao.SaltSource;
import org.acegisecurity.providers.encoding.Md5PasswordEncoder;
import org.acegisecurity.providers.encoding.PasswordEncoder;
import org.acegisecurity.providers.encoding.PlaintextPasswordEncoder;
import org.acegisecurity.userdetails.jdbc.JdbcDaoImpl;
import org.springframework.beans.PropertyValue;
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
import org.springframework.beans.factory.config.RuntimeBeanReference;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.context.ApplicationContext;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import org.springframework.util.Assert;
/**
* @author vpuri
*
*/
public class AuthenticationRepositoryParserTest extends TestCase {
public void testAuthenticationRepositoryDefaultWithAutoUserdetails() {
ApplicationContext context = new ClassPathXmlApplicationContext(
"org/acegisecurity/config/authentication-dao-defaults.xml");
ConfigurableListableBeanFactory clbf = (ConfigurableListableBeanFactory) context
.getAutowireCapableBeanFactory();
String[] names = clbf.getBeanNamesForType(AuthenticationProvider.class);
assertEquals(1, names.length);
// check bean class
RootBeanDefinition definition = (RootBeanDefinition) clbf.getBeanDefinition(names[0]);
assertEquals(DaoAuthenticationProvider.class, definition.getBeanClass());
DaoAuthenticationProvider provider = (DaoAuthenticationProvider) context.getBean("authenticationRepository");
Assert.isAssignable(JdbcDaoImpl.class, provider.getUserDetailsService().getClass());
}
public void testCollaboratorsAsInnerBeans() {
ApplicationContext context = new ClassPathXmlApplicationContext(
"org/acegisecurity/config/authentication-innerbeans.xml");
ConfigurableListableBeanFactory clbf = (ConfigurableListableBeanFactory) context
.getAutowireCapableBeanFactory();
// get the main bean definition, there should be only one
String[] names = clbf.getBeanNamesForType(AuthenticationProvider.class);
assertEquals(1, names.length);
RootBeanDefinition definition = (RootBeanDefinition) clbf.getBeanDefinition(names[0]);
assertEquals(DaoAuthenticationProvider.class, definition.getBeanClass());
// get the 2 inner beans
PropertyValue saltSourceBean = definition.getPropertyValues().getPropertyValue("saltSource");
assertEquals("saltSource", saltSourceBean.getName());
// get the BeanDefinition
RootBeanDefinition saltsourceDef = (RootBeanDefinition) saltSourceBean.getValue();
Assert.isAssignable(SaltSource.class, saltsourceDef.getBeanClass());
PropertyValue encoder = definition.getPropertyValues().getPropertyValue("passwordEncoder");
assertEquals("passwordEncoder", encoder.getName());
// get the BeanDefinition
RootBeanDefinition encoderDef = (RootBeanDefinition) encoder.getValue();
Assert.isAssignable(PasswordEncoder.class, encoderDef.getBeanClass());
assertEquals("incorrect bean class name", encoderDef.getBeanClassName(), Md5PasswordEncoder.class.getName());
}
public void testCollaboratorsAsBeanRef() {
ApplicationContext context = new ClassPathXmlApplicationContext(
"org/acegisecurity/config/authentication-beanRef-attributes.xml");
ConfigurableListableBeanFactory clbf = (ConfigurableListableBeanFactory) context
.getAutowireCapableBeanFactory();
// get the main bean definition, there should be only one
String[] names = clbf.getBeanNamesForType(AuthenticationProvider.class);
assertEquals(1, names.length);
RootBeanDefinition definition = (RootBeanDefinition) clbf.getBeanDefinition(names[0]);
assertEquals(DaoAuthenticationProvider.class, definition.getBeanClass());
// get the referred collaborators
PropertyValue userDetailsBean = definition.getPropertyValues().getPropertyValue("userDetailsService");
assertEquals("userDetailsService", userDetailsBean.getName());
PropertyValue saltSourceBean = definition.getPropertyValues().getPropertyValue("saltSource");
assertEquals("saltSource", saltSourceBean.getName());
// get the BeanDefinition
RuntimeBeanReference saltsourceDef = (RuntimeBeanReference) saltSourceBean.getValue();
assertEquals("refToSaltSource", saltsourceDef.getBeanName());
PropertyValue encoder = definition.getPropertyValues().getPropertyValue("passwordEncoder");
assertEquals("passwordEncoder", encoder.getName());
// get the BeanDefinition
RuntimeBeanReference encoderDef = (RuntimeBeanReference) encoder.getValue();
assertEquals("refToPasswordEncoder", encoderDef.getBeanName());
DaoAuthenticationProvider provider = (DaoAuthenticationProvider) context.getBean("authenticationRepository");
assertTrue(provider.getPasswordEncoder() instanceof PasswordEncoder);
assertEquals(Md5PasswordEncoder.class, provider.getPasswordEncoder().getClass());
}
public void testAutodetectionOfUserDetailsService() {
ApplicationContext context = new ClassPathXmlApplicationContext(
"org/acegisecurity/config/authentication-defaults.xml");
DaoAuthenticationProvider provider = (DaoAuthenticationProvider) context.getBean("authenticationRepository");
assertNotNull(provider.getUserDetailsService());
assertNull(provider.getSaltSource());
assertEquals(PlaintextPasswordEncoder.class, provider.getPasswordEncoder().getClass());
}
}
@@ -1,31 +0,0 @@
package org.acegisecurity.config;
import java.util.List;
import junit.framework.TestCase;
import org.acegisecurity.AccessDecisionManager;
import org.acegisecurity.vote.AuthenticatedVoter;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
import org.springframework.beans.factory.support.ManagedList;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.context.ApplicationContext;
import org.springframework.context.support.ClassPathXmlApplicationContext;
public class AuthorizationManagerBeanDefinitionParserTests extends TestCase {
public void testParsingBeanDefinition() {
ApplicationContext context = new ClassPathXmlApplicationContext(
"org/acegisecurity/config/authorization-manager.xml");
ConfigurableListableBeanFactory bf = (ConfigurableListableBeanFactory) context.getAutowireCapableBeanFactory();
String[] beanNames = bf.getBeanNamesForType(AccessDecisionManager.class);
assertEquals(1, beanNames.length);
BeanDefinition def = (RootBeanDefinition) bf.getBeanDefinition(beanNames[0]);
assertNotNull(def);
List decisionVoters = (ManagedList) def.getPropertyValues().getPropertyValue("decisionVoters").getValue();
assertEquals(2, decisionVoters.size());
assertEquals("org.acegisecurity.vote.RoleVoter", ((BeanDefinition) decisionVoters.get(0)).getBeanClassName());
assertEquals("org.acegisecurity.vote.AuthenticatedVoter", ((BeanDefinition) decisionVoters.get(1)).getBeanClassName());
}
}
@@ -1,105 +0,0 @@
/**
*
*/
package org.acegisecurity.config;
import java.lang.reflect.Field;
import java.util.Map;
import junit.framework.TestCase;
import org.acegisecurity.AuthenticationManager;
import org.acegisecurity.context.HttpSessionContextIntegrationFilter;
import org.acegisecurity.intercept.method.MethodDefinitionSource;
import org.acegisecurity.intercept.method.aopalliance.MethodDefinitionSourceAdvisor;
import org.acegisecurity.ui.logout.LogoutFilter;
import org.acegisecurity.ui.logout.LogoutHandler;
import org.acegisecurity.ui.rememberme.RememberMeProcessingFilter;
import org.acegisecurity.ui.rememberme.RememberMeServices;
import org.acegisecurity.ui.webapp.AuthenticationProcessingFilter;
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
import org.springframework.context.ApplicationContext;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import org.springframework.util.ReflectionUtils;
/**
* @author Vishal Puri
*
*/
public class AutoConfigBeanDefinitionParserTests extends TestCase {
private ApplicationContext context;
private ConfigurableListableBeanFactory bf;
// ~ Methods
// ========================================================================================================
public void setUp() {
this.context = new ClassPathXmlApplicationContext("org/acegisecurity/config/auto-config.xml");
this.bf = (ConfigurableListableBeanFactory) context.getAutowireCapableBeanFactory();
}
public void testContextBeanDefinitionCreated() {
String[] names = bf.getBeanNamesForType(HttpSessionContextIntegrationFilter.class);
assertEquals(1, names.length);
HttpSessionContextIntegrationFilter filter = (HttpSessionContextIntegrationFilter) bf.getBean(names[0]);
// check properties
// get the bean
assertTrue(filter.isAllowSessionCreation());
assertFalse(filter.isForceEagerSessionCreation());
assertFalse(filter.isCloneFromHttpSession());
}
public void testLogoutFilterDefinitionCreatedWithDefaults() throws Exception {
String[] names = bf.getBeanNamesForType(LogoutFilter.class);
assertEquals(1, names.length);
LogoutFilter filter = (LogoutFilter) context.getBean(names[0]);
assertNotNull(filter);
Field logoutSuccessUrl = makeAccessibleAndGetFieldByName(filter.getClass().getDeclaredFields(),
"logoutSuccessUrl");
String value = (String) logoutSuccessUrl.get(filter);
assertEquals("/", value);
Field handlers = makeAccessibleAndGetFieldByName(filter.getClass().getDeclaredFields(), "handlers");
assertNotNull(handlers);
LogoutHandler[] handlersArray = (LogoutHandler[]) handlers.get(filter);
assertEquals(2, handlersArray.length);
}
public void testExceptionTranslationFilterCreatedwithDefaults() throws Exception {
Map map = bf.getBeansOfType(AuthenticationProcessingFilter.class);
AuthenticationProcessingFilter filter = (AuthenticationProcessingFilter) map.values().iterator().next();
AuthenticationManager authMgr = filter.getAuthenticationManager();
assertNotNull(authMgr);
RememberMeServices remMeServices = filter.getRememberMeServices();
assertNotNull(remMeServices);
assertEquals("/acegilogin.jsp?login_error=1", filter.getAuthenticationFailureUrl());
assertEquals("/", filter.getDefaultTargetUrl());
}
public void testRememberMePRocessingFilterCreatedWithDefaults() {
Map map = bf.getBeansOfType(RememberMeProcessingFilter.class);
RememberMeProcessingFilter filter = (RememberMeProcessingFilter) map.values().iterator().next();
}
public void testMethodDefinitionSourceAdvisorCreatedWithDefaults() throws Exception {
Map map = bf.getBeansOfType(MethodDefinitionSourceAdvisor.class);
assertEquals(1, map.size());
MethodDefinitionSourceAdvisor advisor = (MethodDefinitionSourceAdvisor) map.values().iterator().next();
Field transactionAttributeSource = makeAccessibleAndGetFieldByName(advisor.getClass().getDeclaredFields(), "transactionAttributeSource");
assertNotNull(transactionAttributeSource);
assertTrue(transactionAttributeSource.get(advisor) instanceof MethodDefinitionSource);
}
private Field makeAccessibleAndGetFieldByName(Field[] declaredFields, String name) {
Field field = null;
for (int i = 0, n = declaredFields.length; i < n; i++) {
ReflectionUtils.makeAccessible(declaredFields[i]);
if (declaredFields[i].getName().equals(name)) {
return declaredFields[i];
}
}
return field;
}
}
@@ -1,79 +0,0 @@
package org.acegisecurity.config;
import java.beans.FeatureDescriptor;
import java.lang.reflect.Field;
import java.util.Arrays;
import javax.servlet.Filter;
import junit.framework.TestCase;
import org.acegisecurity.ui.AccessDeniedHandler;
import org.acegisecurity.ui.AccessDeniedHandlerImpl;
import org.acegisecurity.ui.ExceptionTranslationFilter;
import org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint;
import org.springframework.beans.PropertyValue;
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
import org.springframework.beans.factory.config.RuntimeBeanReference;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.context.ApplicationContext;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import org.springframework.util.ReflectionUtils;
public class ExceptionTranslationParserTests extends TestCase {
public void testParsingBeanReferences() {
ApplicationContext context = new ClassPathXmlApplicationContext(
"org/acegisecurity/config/exception-translation-beanref.xml");
ConfigurableListableBeanFactory factory = (ConfigurableListableBeanFactory) context
.getAutowireCapableBeanFactory();
String[] beanNames = factory.getBeanNamesForType(ExceptionTranslationFilter.class);
assertEquals(1, beanNames.length);
RootBeanDefinition def = (RootBeanDefinition) factory.getBeanDefinition(beanNames[0]);
assertEquals(ExceptionTranslationFilter.class.getName(), def.getBeanClassName());
// check collaborators
PropertyValue accessDeniedHandler = def.getPropertyValues().getPropertyValue("accessDeniedHandler");
assertNotNull(accessDeniedHandler);
assertEquals(accessDeniedHandler.getValue(), new RuntimeBeanReference("theBeanToUse"));
PropertyValue entryPoint = def.getPropertyValues().getPropertyValue("authenticationEntryPoint");
assertNotNull(entryPoint);
assertEquals(entryPoint.getValue(), new RuntimeBeanReference("authenticationProcessingFilterEntryPoint"));
}
public void testRuntimeBeanDependencies() {
ApplicationContext context = new ClassPathXmlApplicationContext(
"org/acegisecurity/config/exception-translation-beanref.xml");
ExceptionTranslationFilter filter = (ExceptionTranslationFilter) context.getBean("exceptionTranslationFilter");
AuthenticationProcessingFilterEntryPoint entryPoint = (AuthenticationProcessingFilterEntryPoint) filter
.getAuthenticationEntryPoint();
assertEquals("/acegilogin.jsp", entryPoint.getLoginFormUrl());
assertFalse(entryPoint.getForceHttps());
}
public void testAutoDetectionOfDefaultDependencies() throws Exception {
ApplicationContext context = new ClassPathXmlApplicationContext(
"org/acegisecurity/config/exception-translation-autodetect-handler.xml");
ExceptionTranslationFilter filter = (ExceptionTranslationFilter) context.getBean("exceptionTranslationFilter");
Field field = makeAccessibleAndGetFieldByName(filter.getClass().getDeclaredFields(), "accessDeniedHandler");
assertTrue(field.get(filter) instanceof AccessDeniedHandler);
AccessDeniedHandlerImpl accessDeniedHandler = (AccessDeniedHandlerImpl) field
.get(filter);
Field f = makeAccessibleAndGetFieldByName(accessDeniedHandler.getClass().getDeclaredFields(), "errorPage");
assertEquals("errorPage",f.getName());
String value = (String) f.get(accessDeniedHandler);
assertEquals("/accessDenied.jsp", value);
}
private Field makeAccessibleAndGetFieldByName(Field[] fields, String name) {
Field field = null;
for (int i = 0, n = fields.length; i < n; i++) {
ReflectionUtils.makeAccessible(fields[i]);
if (fields[i].getName().equals(name)) {
return fields[i];
}
}
return field;
}
}
@@ -1,35 +0,0 @@
package org.acegisecurity.config;
import junit.framework.TestCase;
import org.acegisecurity.AccessDecisionManager;
import org.acegisecurity.intercept.web.FilterSecurityInterceptor;
import org.acegisecurity.intercept.web.RegExpBasedFilterInvocationDefinitionMap;
import org.acegisecurity.vote.AffirmativeBased;
import org.springframework.beans.PropertyValue;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.context.ApplicationContext;
import org.springframework.context.support.ClassPathXmlApplicationContext;
/**
* @author Vishal Puri
*/
public class FilterSecurityInterceptorBeanDefinitionParserTests extends TestCase {
public void testParsingBeanDefinition() {
ApplicationContext context = new ClassPathXmlApplicationContext(
"org/acegisecurity/config/authorization-http-config.xml");
ConfigurableListableBeanFactory bf = (ConfigurableListableBeanFactory) context.getAutowireCapableBeanFactory();
String[] beanNames = bf.getBeanNamesForType(FilterSecurityInterceptor.class);
assertEquals(1, beanNames.length);
BeanDefinition def = bf.getBeanDefinition(beanNames[0]);
assertEquals(2, def.getPropertyValues().size());
PropertyValue objectDefinitionSource = def.getPropertyValues().getPropertyValue("objectDefinitionSource");
assertTrue(objectDefinitionSource.getValue() instanceof RegExpBasedFilterInvocationDefinitionMap);
PropertyValue accessDecisionManager = def.getPropertyValues().getPropertyValue("accessDecisionManager");
BeanDefinition definition = (RootBeanDefinition) accessDecisionManager.getValue() ;
assertEquals("org.acegisecurity.vote.AffirmativeBased" , definition.getBeanClassName());
}
}
@@ -1,44 +0,0 @@
/**
*
*/
package org.acegisecurity.config;
import javax.servlet.Filter;
import org.acegisecurity.context.HttpSessionContextIntegrationFilter;
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.context.ApplicationContext;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import junit.framework.TestCase;
/**
* @author vpuri
*
*/
public class HttpSessionContextIntegrationParserTest extends TestCase {
public void testApplicationContext() {
ApplicationContext context = new ClassPathXmlApplicationContext("org/acegisecurity/config/session-context-integration-defaults.xml");
ConfigurableListableBeanFactory clbf =
(ConfigurableListableBeanFactory)context.getAutowireCapableBeanFactory();
String[] names = clbf.getBeanNamesForType(Filter.class);
assertEquals(1, names.length);
// check bean name
RootBeanDefinition definition = (RootBeanDefinition)clbf.getBeanDefinition(names[0]);
assertEquals(HttpSessionContextIntegrationFilter.class, definition.getBeanClass());
// check properties
//get the bean
HttpSessionContextIntegrationFilter filter = (HttpSessionContextIntegrationFilter)context.getBean("httpSessionContextIntegrationFilter");
assertFalse(filter.isAllowSessionCreation());
assertNotNull(definition.getPropertyValues().getPropertyValue("allowSessionCreation"));
assertFalse(filter.isForceEagerSessionCreation());
assertFalse(filter.isCloneFromHttpSession());
}
}
@@ -1,52 +0,0 @@
package org.acegisecurity.config;
import junit.framework.TestCase;
import org.acegisecurity.ldap.InitialDirContextFactory;
import org.acegisecurity.providers.ldap.LdapAuthenticationProvider;
import org.acegisecurity.providers.ldap.authenticator.BindAuthenticator;
import org.springframework.beans.PropertyValue;
import org.springframework.beans.PropertyValues;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
import org.springframework.beans.factory.config.ConstructorArgumentValues.ValueHolder;
import org.springframework.beans.factory.support.ManagedList;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.context.ApplicationContext;
import org.springframework.context.support.ClassPathXmlApplicationContext;
/**
* @author Vishal Puri
*
*/
public class LdapAuthenticationProviderBeanDefinitionParserTests extends TestCase {
public void testBeanDefinitionCreation() {
ApplicationContext context = new ClassPathXmlApplicationContext("org/acegisecurity/config/ldap-config.xml");
ConfigurableListableBeanFactory bf = (ConfigurableListableBeanFactory) context.getAutowireCapableBeanFactory();
BeanDefinition def = (RootBeanDefinition) bf.getBeanDefinition("authenticationManager");
assertNotNull(def);
PropertyValues values = def.getPropertyValues();
PropertyValue value = values.getPropertyValue("providers");
assertNotNull(value);
ManagedList list = (ManagedList) value.getValue();
assertEquals(1, list.size());
RootBeanDefinition definition = (RootBeanDefinition) list.get(0);
assertEquals(LdapAuthenticationProvider.class, definition.getBeanClass());
assertEquals(2, definition.getConstructorArgumentValues().getArgumentCount());
ValueHolder holder = definition.getConstructorArgumentValues().getArgumentValue(0, BindAuthenticator.class);
assertNotNull(holder.getConvertedValue() instanceof BindAuthenticator);
RootBeanDefinition authenticatorDefinition = (RootBeanDefinition) holder.getValue();
assertEquals(1, authenticatorDefinition.getConstructorArgumentValues().getArgumentCount());
RootBeanDefinition initialContextDir = (RootBeanDefinition) authenticatorDefinition
.getConstructorArgumentValues().getArgumentValue(0, InitialDirContextFactory.class).getValue();
assertEquals("cn=manager,dc=acegisecurity,dc=org", initialContextDir.getPropertyValues().getPropertyValue(
"managerDn").getValue());
assertEquals("ldap://monkeymachine:389/dc=acegisecurity,dc=org", initialContextDir.getConstructorArgumentValues()
.getArgumentValue(0, String.class).getValue());
}
}
@@ -1,29 +0,0 @@
/**
*
*/
package org.acegisecurity.config;
import java.util.Map;
import junit.framework.TestCase;
import org.acegisecurity.ui.logout.LogoutHandler;
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
import org.springframework.context.ApplicationContext;
import org.springframework.context.support.ClassPathXmlApplicationContext;
/**
* @author vpuri
*
*/
public class LogoutFilterBeanDefinitionParserTests extends TestCase {
public void testLogoutFilter() {
ApplicationContext context = new ClassPathXmlApplicationContext(
"org/acegisecurity/config/logout-filter-with-handlers.xml");
ConfigurableListableBeanFactory bf = (ConfigurableListableBeanFactory) context.getAutowireCapableBeanFactory();
Map m = bf.getBeansOfType(LogoutHandler.class);
assertEquals(2, m.size());
}
}
@@ -1,22 +0,0 @@
/**
*
*/
package org.acegisecurity.config;
import junit.framework.TestCase;
import org.springframework.context.ApplicationContext;
import org.springframework.context.support.ClassPathXmlApplicationContext;
/**
* @author vpuri
*
*/
public class NamespaceTests extends TestCase {
public void testPass() {
ApplicationContext c = new ClassPathXmlApplicationContext("org/acegisecurity/config/applicationContext-acegi-security.xml");
}
}
@@ -1,65 +0,0 @@
package org.acegisecurity.config;
import junit.framework.TestCase;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.GrantedAuthorityImpl;
import org.acegisecurity.userdetails.User;
import org.acegisecurity.userdetails.UserDetailsService;
import org.acegisecurity.userdetails.memory.InMemoryDaoImpl;
import org.acegisecurity.userdetails.memory.UserMap;
import org.springframework.beans.PropertyValue;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.context.ApplicationContext;
import org.springframework.context.support.ClassPathXmlApplicationContext;
/**
* @author Vishal Puri
*
*/
public class PrincipalRepositoryNamespaceTests extends TestCase {
public void testParserWithUserDefinition() {
ApplicationContext context = new ClassPathXmlApplicationContext(
"org/acegisecurity/config/principal-repository-user-map.xml");
ConfigurableListableBeanFactory clbf = (ConfigurableListableBeanFactory) context
.getAutowireCapableBeanFactory();
String[] names = clbf.getBeanNamesForType(UserDetailsService.class);
assertEquals(1, names.length);
RootBeanDefinition definition = (RootBeanDefinition) clbf.getBeanDefinition(names[0]);
assertEquals(InMemoryDaoImpl.class, definition.getBeanClass());
UserMap map = new UserMap();
GrantedAuthority[] authotities = { new GrantedAuthorityImpl("ROLE_YO"), new GrantedAuthorityImpl("ROLE_YOYO") };
User user = new User("vishal", "nottellingya", true, true, true, true, authotities);
map.addUser(user);
assertPropertyValues(map, definition, "userMap");
}
private void assertPropertyValues(UserMap assertionValue, RootBeanDefinition definition, String property) {
PropertyValue propertyValue = definition.getPropertyValues().getPropertyValue(property);
assertNotNull(propertyValue);
assertTrue(propertyValue.getValue() instanceof UserMap);
UserMap users = (UserMap) propertyValue.getValue();
assertTrue(assertionValue.getUserCount() == users.getUserCount());
assertEquals(assertionValue.getUser("vishal"), users.getUser("vishal"));
assertTrue(users.getUser("vishal").isEnabled());
assertTrue(users.getUser("vishal").isAccountNonExpired());
assertTrue(users.getUser("vishal").isAccountNonLocked());
assertTrue(users.getUser("vishal").isCredentialsNonExpired());
assertEquals(2, users.getUser("vishal").getAuthorities().length);
assertEquals(new GrantedAuthorityImpl("ROLE_YO"), users.getUser("vishal").getAuthorities()[0]);
assertEquals(new GrantedAuthorityImpl("ROLE_YOYO"), users.getUser("vishal").getAuthorities()[1]);
}
}
@@ -1,19 +0,0 @@
package org.acegisecurity.config;
import junit.framework.TestCase;
import org.acegisecurity.providers.ProviderManager;
import org.acegisecurity.providers.dao.DaoAuthenticationProvider;
import org.springframework.context.ApplicationContext;
import org.springframework.context.support.ClassPathXmlApplicationContext;
//TODO: fix test name
public class RememberMeBeanDefinitionParserTest extends TestCase {
public void testParserDefaults() {
ApplicationContext context = new ClassPathXmlApplicationContext("org/acegisecurity/config/remember-me-defaults.xml");
ProviderManager mgr = (ProviderManager)context.getBean("authenticationManager");
assertEquals(1, mgr.getProviders().size());
assertTrue(mgr.getProviders().get(0) instanceof DaoAuthenticationProvider);
}
}
@@ -1,56 +0,0 @@
/**
*
*/
package org.acegisecurity.config;
import java.lang.reflect.Field;
import java.util.Map;
import junit.framework.TestCase;
import org.acegisecurity.AuthenticationManager;
import org.acegisecurity.ui.rememberme.RememberMeProcessingFilter;
import org.acegisecurity.ui.rememberme.RememberMeServices;
import org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices;
import org.acegisecurity.userdetails.UserDetailsService;
import org.springframework.beans.PropertyValue;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.context.ApplicationContext;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import org.springframework.util.ReflectionUtils;
/**
* @author Vishal Puri
*
*/
public class RememberMeServicesBeanDefinitionParserTests extends TestCase {
public void testFilterConfiguration() {
ApplicationContext context = new ClassPathXmlApplicationContext("org/acegisecurity/config/remember-me-defaults.xml");
ConfigurableListableBeanFactory bf = (ConfigurableListableBeanFactory)context.getAutowireCapableBeanFactory();
String[] names = bf.getBeanNamesForType(RememberMeProcessingFilter.class);
assertEquals(1, names.length);
RootBeanDefinition definition = (RootBeanDefinition)bf.getBeanDefinition(names[0]);
assertEquals(definition.getBeanClass(), RememberMeProcessingFilter.class);
}
public void testRuntimeAutoDetectionOfDependencies() throws Exception {
ApplicationContext context = new ClassPathXmlApplicationContext("org/acegisecurity/config/remember-me-autodetect.xml");
ConfigurableListableBeanFactory factory = (ConfigurableListableBeanFactory) context.getAutowireCapableBeanFactory();
Map map = factory.getBeansOfType(RememberMeProcessingFilter.class);
RememberMeProcessingFilter filter = (RememberMeProcessingFilter)map.values().iterator().next();
RememberMeServices services = filter.getRememberMeServices();
assertNotNull(services);
TokenBasedRememberMeServices rememberMeServices = (TokenBasedRememberMeServices)services;
UserDetailsService ud = rememberMeServices.getUserDetailsService();
assertNotNull(ud);
Field field = filter.getClass().getDeclaredField("authenticationManager");
ReflectionUtils.makeAccessible(field);
Object obj = field.get(filter);
assertNotNull("authentication manager should not have been null", obj);
assertTrue(obj instanceof AuthenticationManager);
}
}
@@ -1,12 +0,0 @@
# Logging
#
log4j.rootCategory=WARN, stdout
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.ConversionPattern=%d %p %c - %m%n
log4j.category.org.acegisecurity=DEBUG
log4j.category.org.springframework=INFO
@@ -1,174 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
<!--
- A simple "base bones" Acegi Security configuration.
-
- The sample includes the "popular" features that people tend to use.
- Specifically, form authentication, remember-me, and anonymous processing.
- Other features aren't setup, as these can be added later by inserting
- the relevant XML fragments as specified in the Reference Guide.
-
- To assist new users, the filters specified in the FilterChainProxy are
- declared in the application context in the same order. Collaborators
- required by those filters are placed at the end of the file.
-
- $Id: applicationContext-acegi-security.xml 1833 2007-05-17 23:06:46Z vishalpuri $
-->
<bean id="filterChainProxy"
class="org.acegisecurity.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
</value>
</property>
</bean>
<!-- sessionCreation defaults to ifRequired(true) always(true) never(false) . -->
<security:session-context-integration
id="httpSessionContextIntegrationFilter" sessionCreation="ifRequired" />
<!-- If LogoutFilter does not have setHandlers populated, introspect app ctx for LogoutHandlers, using Ordered (if present, otherwise assume Integer.MAX_VALUE) -->
<!-- The logoutUrl and redirectAfterLogout are both optional and default to that shown -->
<security:logout-support id="logoutFilter"
redirectAfterLogoutUrl="/index.jsp" logoutUrl="/j_acegi_logout" />
<security:authentication-remember-me-services
id="rememberMeServices" key="someValue" />
<bean id="securityContextLogoutHandler"
class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler" />
<!-- the URLs are all mandatory and have no defaults (well, except authenticationUrl) -->
<security:authentication-form id="authenticationProcessingFilter"
authenticationUrl="/j_acegi_security_check" defaultTargetUrl="/"
errorFormUrl="/acegilogin.jsp?login_error=1" />
<!-- make it optional, if not supplied autodetect all auth-providers from app ctx, using Ordered to resolve their order -->
<security:authentication-mechanism id="authenticationManager">
<security:authentication-jdbc ref="daoAuthenticationProvider" />
</security:authentication-mechanism>
<!-- UserDetailsService is the most commonly frequently Acegi Security interface implemented by end users -->
<security:principal-repository id="userDetailsService">
<security:properties
resource="classpath:org/acegisecurity/config/user.properties" />
</security:principal-repository>
<!-- dao authentication provider "authenticationRepository" -->
<security:authentication-repository id="daoAuthenticationProvider" />
<bean id="securityContextHolderAwareRequestFilter"
class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter" />
<!-- makes the filter, but does little else, as it auto-detects everything -->
<security:authentication-remember-me-filter
id="rememberMeProcessingFilter" />
<bean id="anonymousProcessingFilter"
class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
<property name="key" value="changeThis" />
<property name="userAttribute"
value="anonymousUser,ROLE_ANONYMOUS" />
</bean>
<!-- Basically accessDeniedUrl is optional, we if unspecified impl will auto-detect any AccessDeniedHandler in ctx and use it;
alternately if there are > 1 such handlers, we can nominate the one to use via accessDeniedBeanRef; provide nested elements for
other props; i do not mind if you move the access denied stuff to a sub-element -->
<security:exception-translation id="exceptionTranslationFilter">
<security:entry-point
entryPointBeanRef="authenticationEntryPoint" />
</security:exception-translation>
<bean id="authenticationEntryPoint"
class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<property name="loginFormUrl" value="/acegilogin.jsp" />
<property name="forceHttps" value="false" />
</bean>
<bean id="accessDeniedHandler"
class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
<property name="errorPage" value="/accessDenied.jsp" />
</bean>
<bean id="filterInvocationInterceptor"
class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager"
ref="authenticationManager" />
<property name="accessDecisionManager">
<bean class="org.acegisecurity.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions"
value="false" />
<property name="decisionVoters">
<list>
<bean class="org.acegisecurity.vote.RoleVoter" />
<bean
class="org.acegisecurity.vote.AuthenticatedVoter" />
</list>
</property>
</bean>
</property>
<property name="objectDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/acegilogin.jsp=IS_AUTHENTICATED_ANONYMOUSLY
/**=IS_AUTHENTICATED_REMEMBERED
</value>
</property>
</bean>
<!--<bean id="authenticationManager"
class="org.acegisecurity.providers.ProviderManager">
<property name="providers">
<list>
<ref local="daoAuthenticationProvider" />
<bean
class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
<property name="key" value="changeThis" />
</bean>
<bean
class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">
<property name="key" value="changeThis" />
</bean>
</list>
</property>
</bean>-->
<bean id="userCache"
class="org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
<property name="cache">
<bean
class="org.springframework.cache.ehcache.EhCacheFactoryBean">
<property name="cacheManager">
<bean
class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean" />
</property>
<property name="cacheName" value="userCache" />
</bean>
</property>
</bean>
<!-- This bean is optional; it isn't used by any other bean as it only listens and logs -->
<bean id="loggerListener"
class="org.acegisecurity.event.authentication.LoggerListener" />
</beans>
@@ -1,19 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
<!-- AuthenticationEntryPoints handled across the system via Ordered interface; every Acegi entry point has an order; the highest order wins and
is used as the entry point by ExceptionTranslationFilter; for things like BasicAuthenticationfilter, they're smart enough to know they need a
BasicAuthenticationProcessingFilterEntryPoint, so they use that one; here we have an entryPointOrder to say when we make the BasicEntryPoint,
we will call setOrder(2) such that this app effectively will use somehing with a higher order as the app-wide default -->
<security:authentication-basic id="id"
realmName="Spring Security Application" entryPointOrder="2" />
</beans>

Some files were not shown because too many files have changed in this diff Show More