Compare commits
43 Commits
3.2.10.RELEASE
...
1.0.7
| Author | SHA1 | Date | |
|---|---|---|---|
| 55fbfc5285 | |||
| b75ea4e622 | |||
| f626d5ec47 | |||
| 1b07b5e616 | |||
| 22aaf34499 | |||
| 62093067cb | |||
| be3d309905 | |||
| 065e2b6fa2 | |||
| b253510127 | |||
| e41860d944 | |||
| e9b5ada0c4 | |||
| 0a7d6225f7 | |||
| 75360d1358 | |||
| a84b405744 | |||
| 4c8f61ec90 | |||
| c2a13b0aa8 | |||
| ad45967cef | |||
| bdd78ced7f | |||
| 9174fb7746 | |||
| b5ac6e42e3 | |||
| e3247231d7 | |||
| ab022a5ed3 | |||
| 18d8084744 | |||
| 1216673deb | |||
| 8e6e373a3b | |||
| 2b0ee23396 | |||
| 89cde2507d | |||
| ac0e308354 | |||
| 724b9e23ba | |||
| 99c5479f9a | |||
| c3dc3a3a4f | |||
| 859ce607cd | |||
| d6fd9980bd | |||
| 831981ac69 | |||
| 7b981d3e84 | |||
| 38a0bf7ca4 | |||
| e243855822 | |||
| e6e461d9a0 | |||
| 0ff8662f12 | |||
| 0878d7d563 | |||
| ae4b5907b9 | |||
| 5da9a0c0c0 | |||
| 95d5c61115 |
-91
@@ -1,91 +0,0 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<classpath>
|
||||
<classpathentry kind="src" path="core/src/main/java"/>
|
||||
<classpathentry kind="src" path="core/src/main/resources"/>
|
||||
<classpathentry kind="src" path="core/src/test/java"/>
|
||||
<classpathentry kind="src" path="core/src/test/resources"/>
|
||||
<classpathentry kind="src" path="samples/dms/src/test/java"/>
|
||||
<classpathentry kind="src" path="samples/dms/src/main/resources"/>
|
||||
<classpathentry kind="src" path="samples/dms/src/main/java"/>
|
||||
<classpathentry kind="src" path="samples/dms/src/test/resources"/>
|
||||
<classpathentry kind="src" path="samples/contacts/src/main/java"/>
|
||||
<classpathentry kind="src" path="samples/contacts/src/main/resources"/>
|
||||
<classpathentry kind="src" path="samples/contacts/src/test/java"/>
|
||||
<classpathentry kind="src" path="samples/contacts/src/test/resources"/>
|
||||
<classpathentry kind="src" path="samples/attributes/src/main/java"/>
|
||||
<classpathentry kind="src" path="samples/attributes/src/main/resources"/>
|
||||
<classpathentry kind="src" path="samples/attributes/src/test/java"/>
|
||||
<classpathentry kind="src" path="adapters/cas/src/test/resources"/>
|
||||
<classpathentry kind="src" path="adapters/cas/src/main/resources"/>
|
||||
<classpathentry kind="src" path="adapters/cas/src/main/java"/>
|
||||
<classpathentry kind="src" path="adapters/cas/src/test/java"/>
|
||||
<classpathentry kind="src" path="adapters/catalina/src/main/java"/>
|
||||
<classpathentry kind="src" path="adapters/catalina/src/main/resources"/>
|
||||
<classpathentry kind="src" path="adapters/catalina/src/test/java"/>
|
||||
<classpathentry kind="src" path="adapters/jboss/src/main/java"/>
|
||||
<classpathentry kind="src" path="adapters/jboss/src/test/java"/>
|
||||
<classpathentry kind="src" path="adapters/jetty/src/main/java"/>
|
||||
<classpathentry kind="src" path="adapters/jetty/src/test/java"/>
|
||||
<classpathentry kind="src" path="adapters/resin/src/main/java"/>
|
||||
<classpathentry kind="src" path="adapters/resin/src/test/java"/>
|
||||
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
|
||||
<classpathentry kind="var" path="M2_REPO/com/caucho/resin/3.0.9/resin-3.0.9.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-core/1.2.9/spring-core-1.2.9.jar" sourcepath="/M2_REPO/org.springframework/src/spring-1.2.9-sources.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-mock/1.2.9/spring-mock-1.2.9.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/aopalliance/aopalliance/1.0/aopalliance-1.0.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/aspectj/aspectjrt/1.2/aspectjrt-1.2.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/cas/casclient/2.0.11/casclient-2.0.11.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/cas/cas/2.0.12/cas-2.0.12.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/commons-codec/commons-codec/1.3/commons-codec-1.3.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/commons-collections/commons-collections/3.1/commons-collections-3.1.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/hsqldb/hsqldb/1.8.0.4/hsqldb-1.8.0.4.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/oro/oro/2.0.8/oro-2.0.8.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/javax/servlet/servlet-api/2.4/servlet-api-2.4.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/tomcat/catalina/4.1.9/catalina-4.1.9.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/jetty/org.mortbay.jetty/4.2.22/org.mortbay.jetty-4.2.22.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/jboss/jboss-common/3.2.3/jboss-common-3.2.3.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/jboss/jbosssx/3.2.3/jbosssx-3.2.3.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/junit/junit/3.8.1/junit-3.8.1.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/net/sf/ehcache/ehcache/1.2.4/ehcache-1.2.4.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/javax/servlet/jsp-api/2.0/jsp-api-2.0.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate/3.2.2.ga/hibernate-3.2.2.ga.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/commons-beanutils/commons-beanutils/1.7.0/commons-beanutils-1.7.0.jar" sourcepath="DIST_BASE/commons-beanutils-1.6.1-src/src/java"/>
|
||||
<classpathentry kind="src" path="samples/contacts-tiger/src/main/java"/>
|
||||
<classpathentry kind="src" path="core-tiger/src/main/java"/>
|
||||
<classpathentry kind="src" path="core-tiger/src/main/resources"/>
|
||||
<classpathentry kind="src" path="core-tiger/src/test/java"/>
|
||||
<classpathentry kind="src" path="core-tiger/src/test/resources"/>
|
||||
<classpathentry kind="src" path="samples/annotations/src/main/java"/>
|
||||
<classpathentry kind="src" path="samples/annotations/src/main/resources"/>
|
||||
<classpathentry kind="src" path="samples/annotations/src/test/java"/>
|
||||
<classpathentry kind="var" path="M2_REPO/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/xerces/xercesImpl/2.6.2/xercesImpl-2.6.2.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/jmock/jmock/1.0.1/jmock-1.0.1.jar" sourcepath="M2_REPO/jmock/distributions/jmock-1.0.1-src.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/jdbm/jdbm/1.0/jdbm-1.0.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/regexp/regexp/1.3/regexp-1.3.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/slf4j/jcl104-over-slf4j/1.1.0/jcl104-over-slf4j-1.1.0.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/apache/directory/server/apacheds-core/1.0.0/apacheds-core-1.0.0.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/apache/directory/server/apacheds-core-shared/1.0.0/apacheds-core-shared-1.0.0.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/apache/directory/shared/shared-asn1/0.9.5.3/shared-asn1-0.9.5.3.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/apache/directory/shared/shared-ldap/0.9.5.3/shared-ldap-0.9.5.3.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/antlr/antlr/2.7.2/antlr-2.7.2.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/cas/cas-server/3.0.4/cas-server-3.0.4.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/net/sourceforge/retroweaver/retroweaver/1.0fcs/retroweaver-1.0fcs.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/taglibs/standard/1.0.6/standard-1.0.6.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/commons-attributes/commons-attributes-api/2.1/commons-attributes-api-2.1.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/log4j/log4j/1.2.9/log4j-1.2.9.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/postgresql/postgresql/8.1-407.jdbc3/postgresql-8.1-407.jdbc3.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-ldap/1.1.2/spring-ldap-1.1.2.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/slf4j/slf4j-api/1.1.0/slf4j-api-1.1.0.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/slf4j/slf4j-log4j12/1.1.0/slf4j-log4j12-1.1.0.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-dao/1.2.9/spring-dao-1.2.9.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-jdbc/1.2.9/spring-jdbc-1.2.9.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-remoting/1.2.9/spring-remoting-1.2.9.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-support/1.2.9/spring-support-1.2.9.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-web/1.2.9/spring-web-1.2.9.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-context/1.2.9/spring-context-1.2.9.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-aop/1.2.9/spring-aop-1.2.9.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-beans/1.2.9/spring-beans-1.2.9.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-webmvc/1.2.9/spring-webmvc-1.2.9.jar"/>
|
||||
<classpathentry kind="output" path="target/eclipseclasses"/>
|
||||
</classpath>
|
||||
@@ -1,17 +0,0 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<projectDescription>
|
||||
<name>acegisecurity</name>
|
||||
<comment></comment>
|
||||
<projects>
|
||||
</projects>
|
||||
<buildSpec>
|
||||
<buildCommand>
|
||||
<name>org.eclipse.jdt.core.javabuilder</name>
|
||||
<arguments>
|
||||
</arguments>
|
||||
</buildCommand>
|
||||
</buildSpec>
|
||||
<natures>
|
||||
<nature>org.eclipse.jdt.core.javanature</nature>
|
||||
</natures>
|
||||
</projectDescription>
|
||||
@@ -3,7 +3,7 @@
|
||||
<parent>
|
||||
<groupId>org.acegisecurity</groupId>
|
||||
<artifactId>acegi-security-adapters</artifactId>
|
||||
<version>1.0.6-SNAPSHOT</version>
|
||||
<version>1.0.7</version>
|
||||
</parent>
|
||||
<artifactId>acegi-security-cas</artifactId>
|
||||
<name>Acegi Security System for Spring - CAS adapter</name>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<parent>
|
||||
<groupId>org.acegisecurity</groupId>
|
||||
<artifactId>acegi-security-adapters</artifactId>
|
||||
<version>1.0.6-SNAPSHOT</version>
|
||||
<version>1.0.7</version>
|
||||
</parent>
|
||||
<artifactId>acegi-security-catalina</artifactId>
|
||||
<name>Acegi Security System for Spring - Catalina adapter</name>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<parent>
|
||||
<groupId>org.acegisecurity</groupId>
|
||||
<artifactId>acegi-security-adapters</artifactId>
|
||||
<version>1.0.6-SNAPSHOT</version>
|
||||
<version>1.0.7</version>
|
||||
</parent>
|
||||
<artifactId>acegi-security-jboss</artifactId>
|
||||
<name>Acegi Security System for Spring - JBoss adapter</name>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<parent>
|
||||
<groupId>org.acegisecurity</groupId>
|
||||
<artifactId>acegi-security-adapters</artifactId>
|
||||
<version>1.0.6-SNAPSHOT</version>
|
||||
<version>1.0.7</version>
|
||||
</parent>
|
||||
<artifactId>acegi-security-jetty</artifactId>
|
||||
<name>Acegi Security System for Spring - Jetty adapter</name>
|
||||
|
||||
+1
-1
@@ -3,7 +3,7 @@
|
||||
<parent>
|
||||
<groupId>org.acegisecurity</groupId>
|
||||
<artifactId>acegi-security-parent</artifactId>
|
||||
<version>1.0.6-SNAPSHOT</version>
|
||||
<version>1.0.7</version>
|
||||
</parent>
|
||||
<artifactId>acegi-security-adapters</artifactId>
|
||||
<name>Acegi Security System for Spring - Adapters</name>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<parent>
|
||||
<groupId>org.acegisecurity</groupId>
|
||||
<artifactId>acegi-security-adapters</artifactId>
|
||||
<version>1.0.6-SNAPSHOT</version>
|
||||
<version>1.0.7</version>
|
||||
</parent>
|
||||
<artifactId>acegi-security-resin</artifactId>
|
||||
<name>Acegi Security System for Spring - Resin adapter</name>
|
||||
|
||||
+1
-7
@@ -3,17 +3,11 @@
|
||||
<parent>
|
||||
<groupId>org.acegisecurity</groupId>
|
||||
<artifactId>acegi-security-parent</artifactId>
|
||||
<version>1.0.6-SNAPSHOT</version>
|
||||
<version>1.0.7</version>
|
||||
</parent>
|
||||
<artifactId>acegi-security-tiger</artifactId>
|
||||
<name>Acegi Security System for Spring - Java 5 (Tiger)</name>
|
||||
|
||||
<scm>
|
||||
<connection>scm:svn:https://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity/core-tiger</connection>
|
||||
<developerConnection>scm:svn:https://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity/core-tiger</developerConnection>
|
||||
<url>http://acegisecurity.svn.sourceforge.net/viewcvs.cgi/acegisecurity/trunk/acegisecurity/core-tiger/</url>
|
||||
</scm>
|
||||
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.acegisecurity</groupId>
|
||||
|
||||
+1
-7
@@ -3,18 +3,12 @@
|
||||
<parent>
|
||||
<groupId>org.acegisecurity</groupId>
|
||||
<artifactId>acegi-security-parent</artifactId>
|
||||
<version>1.0.6-SNAPSHOT</version>
|
||||
<version>1.0.7</version>
|
||||
</parent>
|
||||
<packaging>jar</packaging>
|
||||
<artifactId>acegi-security</artifactId>
|
||||
<name>Acegi Security Core</name>
|
||||
|
||||
<scm>
|
||||
<connection>scm:svn:https://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity/core</connection>
|
||||
<developerConnection>scm:svn:https://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity/core</developerConnection>
|
||||
<url>http://acegisecurity.svn.sourceforge.net/viewcvs.cgi/acegisecurity/trunk/acegisecurity/core/</url>
|
||||
</scm>
|
||||
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.springframework</groupId>
|
||||
|
||||
@@ -15,8 +15,6 @@
|
||||
|
||||
package org.acegisecurity;
|
||||
|
||||
import org.acegisecurity.providers.AbstractAuthenticationToken;
|
||||
|
||||
|
||||
/**
|
||||
* An abstract implementation of the {@link AuthenticationManager}.
|
||||
@@ -25,6 +23,10 @@ import org.acegisecurity.providers.AbstractAuthenticationToken;
|
||||
* @version $Id$
|
||||
*/
|
||||
public abstract class AbstractAuthenticationManager implements AuthenticationManager {
|
||||
|
||||
//~ Instance fields ================================================================================================
|
||||
private boolean clearExtraInformation = true;
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
/**
|
||||
@@ -42,35 +44,22 @@ public abstract class AbstractAuthenticationManager implements AuthenticationMan
|
||||
public final Authentication authenticate(Authentication authRequest)
|
||||
throws AuthenticationException {
|
||||
try {
|
||||
Authentication authResult = doAuthentication(authRequest);
|
||||
copyDetails(authRequest, authResult);
|
||||
|
||||
return authResult;
|
||||
return doAuthentication(authRequest);
|
||||
} catch (AuthenticationException e) {
|
||||
e.setAuthentication(authRequest);
|
||||
|
||||
if (clearExtraInformation) {
|
||||
e.clearExtraInformation();
|
||||
}
|
||||
|
||||
throw e;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Copies the authentication details from a source Authentication object to a destination one, provided the
|
||||
* latter does not already have one set.
|
||||
*
|
||||
* @param source source authentication
|
||||
* @param dest the destination authentication object
|
||||
*/
|
||||
private void copyDetails(Authentication source, Authentication dest) {
|
||||
if ((dest instanceof AbstractAuthenticationToken) && (dest.getDetails() == null)) {
|
||||
AbstractAuthenticationToken token = (AbstractAuthenticationToken) dest;
|
||||
|
||||
token.setDetails(source.getDetails());
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* <p>Concrete implementations of this class override this method to provide the authentication service.</p>
|
||||
* <p>The contract for this method is documented in the {@link
|
||||
* AuthenticationManager#authenticate(org.acegisecurity.Authentication)}.</p>
|
||||
* AuthenticationManager#authenticate(Authentication)}.</p>
|
||||
*
|
||||
* @param authentication the authentication request object
|
||||
*
|
||||
@@ -80,4 +69,15 @@ public abstract class AbstractAuthenticationManager implements AuthenticationMan
|
||||
*/
|
||||
protected abstract Authentication doAuthentication(Authentication authentication)
|
||||
throws AuthenticationException;
|
||||
|
||||
/**
|
||||
* If set to true, the <tt>extraInformation</tt> set on an <tt>AuthenticationException</tt> will be cleared
|
||||
* before rethrowing it. This is useful for use with remoting protocols where the information shouldn't
|
||||
* be serialized to the client. Defaults to 'false'.
|
||||
*
|
||||
* @see AuthenticationException#getExtraInformation()
|
||||
*/
|
||||
public void setClearExtraInformation(boolean clearExtraInformation) {
|
||||
this.clearExtraInformation = clearExtraInformation;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -25,7 +25,7 @@ package org.acegisecurity;
|
||||
public class AccountExpiredException extends AuthenticationException {
|
||||
//~ Constructors ===================================================================================================
|
||||
|
||||
/**
|
||||
/**
|
||||
* Constructs a <code>AccountExpiredException</code> with the specified
|
||||
* message.
|
||||
*
|
||||
@@ -35,7 +35,7 @@ public class AccountExpiredException extends AuthenticationException {
|
||||
super(msg);
|
||||
}
|
||||
|
||||
/**
|
||||
/**
|
||||
* Constructs a <code>AccountExpiredException</code> with the specified
|
||||
* message and root cause.
|
||||
*
|
||||
@@ -45,4 +45,8 @@ public class AccountExpiredException extends AuthenticationException {
|
||||
public AccountExpiredException(String msg, Throwable t) {
|
||||
super(msg, t);
|
||||
}
|
||||
|
||||
public AccountExpiredException(String msg, Object extraInformation) {
|
||||
super(msg, extraInformation);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -25,12 +25,12 @@ package org.acegisecurity;
|
||||
public abstract class AuthenticationException extends AcegiSecurityException {
|
||||
//~ Instance fields ================================================================================================
|
||||
|
||||
/** The authentication that related to this exception (may be <code>null</code>) */
|
||||
private Authentication authentication;
|
||||
private Object extraInformation;
|
||||
|
||||
//~ Constructors ===================================================================================================
|
||||
|
||||
/**
|
||||
/**
|
||||
* Constructs an <code>AuthenticationException</code> with the specified
|
||||
* message and root cause.
|
||||
*
|
||||
@@ -41,7 +41,7 @@ public abstract class AuthenticationException extends AcegiSecurityException {
|
||||
super(msg, t);
|
||||
}
|
||||
|
||||
/**
|
||||
/**
|
||||
* Constructs an <code>AuthenticationException</code> with the specified
|
||||
* message and no root cause.
|
||||
*
|
||||
@@ -51,8 +51,16 @@ public abstract class AuthenticationException extends AcegiSecurityException {
|
||||
super(msg);
|
||||
}
|
||||
|
||||
public AuthenticationException(String msg, Object extraInformation) {
|
||||
super(msg);
|
||||
this.extraInformation = extraInformation;
|
||||
}
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
/**
|
||||
* The authentication request which this exception corresponds to (may be <code>null</code>)
|
||||
*/
|
||||
public Authentication getAuthentication() {
|
||||
return authentication;
|
||||
}
|
||||
@@ -60,4 +68,17 @@ public abstract class AuthenticationException extends AcegiSecurityException {
|
||||
void setAuthentication(Authentication authentication) {
|
||||
this.authentication = authentication;
|
||||
}
|
||||
|
||||
/**
|
||||
* Any additional information about the exception. Generally a <code>UserDetails</code> object.
|
||||
*
|
||||
* @return extra information or <code>null</code>
|
||||
*/
|
||||
public Object getExtraInformation() {
|
||||
return extraInformation;
|
||||
}
|
||||
|
||||
void clearExtraInformation() {
|
||||
this.extraInformation = null;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -23,10 +23,6 @@ package org.acegisecurity;
|
||||
* @version $Id$
|
||||
*/
|
||||
public class BadCredentialsException extends AuthenticationException {
|
||||
//~ Instance fields ================================================================================================
|
||||
|
||||
private Object extraInformation;
|
||||
|
||||
//~ Constructors ===================================================================================================
|
||||
|
||||
/**
|
||||
@@ -40,8 +36,7 @@ public class BadCredentialsException extends AuthenticationException {
|
||||
}
|
||||
|
||||
public BadCredentialsException(String msg, Object extraInformation) {
|
||||
super(msg);
|
||||
this.extraInformation = extraInformation;
|
||||
super(msg, extraInformation);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -57,12 +52,4 @@ public class BadCredentialsException extends AuthenticationException {
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
/**
|
||||
* Any additional information about the exception. Generally a <code>UserDetails</code> object.
|
||||
*
|
||||
* @return extra information or <code>null</code>
|
||||
*/
|
||||
public Object getExtraInformation() {
|
||||
return extraInformation;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -45,4 +45,8 @@ public class CredentialsExpiredException extends AuthenticationException {
|
||||
public CredentialsExpiredException(String msg, Throwable t) {
|
||||
super(msg, t);
|
||||
}
|
||||
|
||||
public CredentialsExpiredException(String msg, Object extraInformation) {
|
||||
super(msg, extraInformation);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -44,4 +44,8 @@ public class DisabledException extends AuthenticationException {
|
||||
public DisabledException(String msg, Throwable t) {
|
||||
super(msg, t);
|
||||
}
|
||||
|
||||
public DisabledException(String msg, Object extraInformation) {
|
||||
super(msg, extraInformation);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -44,4 +44,8 @@ public class LockedException extends AuthenticationException {
|
||||
public LockedException(String msg, Throwable t) {
|
||||
super(msg, t);
|
||||
}
|
||||
|
||||
public LockedException(String msg, Object extraInformation) {
|
||||
super(msg, extraInformation);
|
||||
}
|
||||
}
|
||||
|
||||
+1
-1
@@ -40,7 +40,7 @@ public class ConcurrentSessionControllerImpl implements ConcurrentSessionControl
|
||||
//~ Instance fields ================================================================================================
|
||||
|
||||
protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
|
||||
private SessionRegistry sessionRegistry = new SessionRegistryImpl();
|
||||
private SessionRegistry sessionRegistry;
|
||||
private boolean exceptionIfMaximumExceeded = false;
|
||||
private int maximumSessions = 1;
|
||||
|
||||
|
||||
@@ -159,6 +159,14 @@ public class FilterBasedLdapUserSearch implements LdapUserSearch {
|
||||
searchControls.setTimeLimit(searchTimeLimit);
|
||||
}
|
||||
|
||||
protected LdapUserDetailsMapper getUserDetailsMapper() {
|
||||
return userDetailsMapper;
|
||||
}
|
||||
|
||||
public void setUserDetailsMapper(LdapUserDetailsMapper userDetailsMapper) {
|
||||
this.userDetailsMapper = userDetailsMapper;
|
||||
}
|
||||
|
||||
public String toString() {
|
||||
StringBuffer sb = new StringBuffer();
|
||||
|
||||
|
||||
@@ -110,6 +110,7 @@ public class ProviderManager extends AbstractAuthenticationManager implements In
|
||||
private List providers;
|
||||
protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
|
||||
private Properties exceptionMappings = new Properties();
|
||||
private Properties additionalExceptionMappings = new Properties();
|
||||
|
||||
static {
|
||||
DEFAULT_EXCEPTION_MAPPINGS.put(AccountExpiredException.class.getName(),
|
||||
@@ -143,6 +144,7 @@ public class ProviderManager extends AbstractAuthenticationManager implements In
|
||||
public void afterPropertiesSet() throws Exception {
|
||||
checkIfValidList(this.providers);
|
||||
Assert.notNull(this.messages, "A message source must be set");
|
||||
exceptionMappings.putAll(additionalExceptionMappings);
|
||||
doAddExtraDefaultExceptionMappings(exceptionMappings);
|
||||
}
|
||||
|
||||
@@ -157,6 +159,9 @@ public class ProviderManager extends AbstractAuthenticationManager implements In
|
||||
* injected by the IoC container.
|
||||
*
|
||||
* @param exceptionMappings the properties object, which already has entries in it
|
||||
* @deprecated This method has been removed from the 2.0 series; please use the
|
||||
* {@link #additionalExceptionMappings} property instead to inject additional exception
|
||||
* to event mappings
|
||||
*/
|
||||
protected void doAddExtraDefaultExceptionMappings(Properties exceptionMappings) {}
|
||||
|
||||
@@ -193,6 +198,7 @@ public class ProviderManager extends AbstractAuthenticationManager implements In
|
||||
|
||||
try {
|
||||
result = provider.authenticate(authentication);
|
||||
copyDetails(authentication, result);
|
||||
sessionController.checkAuthenticationAllowed(result);
|
||||
} catch (AuthenticationException ae) {
|
||||
lastException = ae;
|
||||
@@ -245,6 +251,21 @@ public class ProviderManager extends AbstractAuthenticationManager implements In
|
||||
throw lastException;
|
||||
}
|
||||
|
||||
/**
|
||||
* Copies the authentication details from a source Authentication object to a destination one, provided the
|
||||
* latter does not already have one set.
|
||||
*
|
||||
* @param source source authentication
|
||||
* @param dest the destination authentication object
|
||||
*/
|
||||
private void copyDetails(Authentication source, Authentication dest) {
|
||||
if ((dest instanceof AbstractAuthenticationToken) && (dest.getDetails() == null)) {
|
||||
AbstractAuthenticationToken token = (AbstractAuthenticationToken) dest;
|
||||
|
||||
token.setDetails(source.getDetails());
|
||||
}
|
||||
}
|
||||
|
||||
public List getProviders() {
|
||||
return this.providers;
|
||||
}
|
||||
@@ -303,4 +324,17 @@ public class ProviderManager extends AbstractAuthenticationManager implements In
|
||||
applicationEventPublisher.publishEvent(event);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets additional exception to event mappings. These are automatically merged with the default
|
||||
* exception to event mappings that <code>ProviderManager</code> defines.
|
||||
*
|
||||
* @param additionalExceptionMappings where keys are the fully-qualified string name of the
|
||||
* exception class and the values are the fully-qualified string name of the event class to fire
|
||||
*/
|
||||
public void setAdditionalExceptionMappings(
|
||||
Properties additionalExceptionMappings) {
|
||||
this.additionalExceptionMappings = additionalExceptionMappings;
|
||||
}
|
||||
|
||||
}
|
||||
@@ -22,6 +22,7 @@ import org.acegisecurity.BadCredentialsException;
|
||||
|
||||
import org.acegisecurity.providers.AuthenticationProvider;
|
||||
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
|
||||
import org.acegisecurity.providers.cas.cache.NullStatelessTicketCache;
|
||||
|
||||
import org.acegisecurity.ui.cas.CasProcessingFilter;
|
||||
|
||||
@@ -59,7 +60,7 @@ public class CasAuthenticationProvider implements AuthenticationProvider, Initia
|
||||
private CasAuthoritiesPopulator casAuthoritiesPopulator;
|
||||
private CasProxyDecider casProxyDecider;
|
||||
protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
|
||||
private StatelessTicketCache statelessTicketCache;
|
||||
private StatelessTicketCache statelessTicketCache = new NullStatelessTicketCache();
|
||||
private String key;
|
||||
private TicketValidator ticketValidator;
|
||||
|
||||
@@ -119,6 +120,7 @@ public class CasAuthenticationProvider implements AuthenticationProvider, Initia
|
||||
|
||||
if (result == null) {
|
||||
result = this.authenticateNow(authentication);
|
||||
result.setDetails(authentication.getDetails());
|
||||
}
|
||||
|
||||
if (stateless) {
|
||||
|
||||
+63
@@ -0,0 +1,63 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.acegisecurity.providers.cas.cache;
|
||||
|
||||
import org.acegisecurity.providers.cas.CasAuthenticationProvider;
|
||||
import org.acegisecurity.providers.cas.CasAuthenticationToken;
|
||||
import org.acegisecurity.providers.cas.StatelessTicketCache;
|
||||
|
||||
/**
|
||||
* Implementation of @link {@link StatelessTicketCache} that has no backing cache. Useful
|
||||
* in instances where storing of tickets for stateless session management is not required.
|
||||
* <p>
|
||||
* This is the default StatelessTicketCache of the @link {@link CasAuthenticationProvider} to
|
||||
* eliminate the unnecessary dependency on EhCache that applications have even if they are not using
|
||||
* the stateless session management.
|
||||
*
|
||||
* @author Scott Battaglia
|
||||
* @version $Id$
|
||||
*
|
||||
*@see CasAuthenticationProvider
|
||||
*/
|
||||
public final class NullStatelessTicketCache implements StatelessTicketCache {
|
||||
|
||||
/**
|
||||
* @return null since we are not storing any tickets.
|
||||
*/
|
||||
public CasAuthenticationToken getByTicketId(final String serviceTicket) {
|
||||
return null;
|
||||
}
|
||||
|
||||
/**
|
||||
* This is a no-op since we are not storing tickets.
|
||||
*/
|
||||
public void putTicketInCache(final CasAuthenticationToken token) {
|
||||
// nothing to do
|
||||
}
|
||||
|
||||
/**
|
||||
* This is a no-op since we are not storing tickets.
|
||||
*/
|
||||
public void removeTicketFromCache(final CasAuthenticationToken token) {
|
||||
// nothing to do
|
||||
}
|
||||
|
||||
/**
|
||||
* This is a no-op since we are not storing tickets.
|
||||
*/
|
||||
public void removeTicketFromCache(final String serviceTicket) {
|
||||
// nothing to do
|
||||
}
|
||||
}
|
||||
+57
-19
@@ -31,6 +31,7 @@ import org.acegisecurity.providers.dao.cache.NullUserCache;
|
||||
import org.acegisecurity.userdetails.UserDetails;
|
||||
import org.acegisecurity.userdetails.UserDetailsService;
|
||||
import org.acegisecurity.userdetails.UsernameNotFoundException;
|
||||
import org.acegisecurity.userdetails.UserDetailsChecker;
|
||||
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
|
||||
@@ -66,13 +67,15 @@ import org.springframework.util.Assert;
|
||||
* @version $Id$
|
||||
*/
|
||||
public abstract class AbstractUserDetailsAuthenticationProvider implements AuthenticationProvider, InitializingBean,
|
||||
MessageSourceAware {
|
||||
MessageSourceAware {
|
||||
//~ Instance fields ================================================================================================
|
||||
|
||||
protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
|
||||
private UserCache userCache = new NullUserCache();
|
||||
private boolean forcePrincipalAsString = false;
|
||||
protected boolean hideUserNotFoundExceptions = true;
|
||||
private UserDetailsChecker preAuthenticationChecks = new DefaultPreAuthenticationChecks();
|
||||
private UserDetailsChecker postAuthenticationChecks = new DefaultPostAuthenticationChecks();
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
@@ -129,20 +132,7 @@ public abstract class AbstractUserDetailsAuthenticationProvider implements Authe
|
||||
Assert.notNull(user, "retrieveUser returned null - a violation of the interface contract");
|
||||
}
|
||||
|
||||
if (!user.isAccountNonLocked()) {
|
||||
throw new LockedException(messages.getMessage("AbstractUserDetailsAuthenticationProvider.locked",
|
||||
"User account is locked"));
|
||||
}
|
||||
|
||||
if (!user.isEnabled()) {
|
||||
throw new DisabledException(messages.getMessage("AbstractUserDetailsAuthenticationProvider.disabled",
|
||||
"User is disabled"));
|
||||
}
|
||||
|
||||
if (!user.isAccountNonExpired()) {
|
||||
throw new AccountExpiredException(messages.getMessage("AbstractUserDetailsAuthenticationProvider.expired",
|
||||
"User account has expired"));
|
||||
}
|
||||
preAuthenticationChecks.check(user);
|
||||
|
||||
// This check must come here, as we don't want to tell users
|
||||
// about account status unless they presented the correct credentials
|
||||
@@ -160,10 +150,7 @@ public abstract class AbstractUserDetailsAuthenticationProvider implements Authe
|
||||
}
|
||||
}
|
||||
|
||||
if (!user.isCredentialsNonExpired()) {
|
||||
throw new CredentialsExpiredException(messages.getMessage(
|
||||
"AbstractUserDetailsAuthenticationProvider.credentialsExpired", "User credentials have expired"));
|
||||
}
|
||||
postAuthenticationChecks.check(user);
|
||||
|
||||
if (!cacheWasUsed) {
|
||||
this.userCache.putUserInCache(user);
|
||||
@@ -275,7 +262,58 @@ public abstract class AbstractUserDetailsAuthenticationProvider implements Authe
|
||||
this.userCache = userCache;
|
||||
}
|
||||
|
||||
protected UserDetailsChecker getPreAuthenticationChecks() {
|
||||
return preAuthenticationChecks;
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets the policy will be used to verify the status of the loaded <tt>UserDetails</tt> <em>before</em>
|
||||
* validation of the credentials takes place.
|
||||
*
|
||||
* @param preAuthenticationChecks strategy to be invoked prior to authentication.
|
||||
*/
|
||||
public void setPreAuthenticationChecks(UserDetailsChecker preAuthenticationChecks) {
|
||||
this.preAuthenticationChecks = preAuthenticationChecks;
|
||||
}
|
||||
|
||||
protected UserDetailsChecker getPostAuthenticationChecks() {
|
||||
return postAuthenticationChecks;
|
||||
}
|
||||
|
||||
public void setPostAuthenticationChecks(UserDetailsChecker postAuthenticationChecks) {
|
||||
this.postAuthenticationChecks = postAuthenticationChecks;
|
||||
}
|
||||
|
||||
public boolean supports(Class authentication) {
|
||||
return (UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication));
|
||||
}
|
||||
|
||||
private class DefaultPreAuthenticationChecks implements UserDetailsChecker {
|
||||
public void check(UserDetails user) {
|
||||
if (!user.isAccountNonLocked()) {
|
||||
throw new LockedException(messages.getMessage("AbstractUserDetailsAuthenticationProvider.locked",
|
||||
"User account is locked"), user);
|
||||
}
|
||||
|
||||
if (!user.isEnabled()) {
|
||||
throw new DisabledException(messages.getMessage("AbstractUserDetailsAuthenticationProvider.disabled",
|
||||
"User is disabled"), user);
|
||||
}
|
||||
|
||||
if (!user.isAccountNonExpired()) {
|
||||
throw new AccountExpiredException(messages.getMessage("AbstractUserDetailsAuthenticationProvider.expired",
|
||||
"User account has expired"), user);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
private class DefaultPostAuthenticationChecks implements UserDetailsChecker {
|
||||
public void check(UserDetails user) {
|
||||
if (!user.isCredentialsNonExpired()) {
|
||||
throw new CredentialsExpiredException(messages.getMessage(
|
||||
"AbstractUserDetailsAuthenticationProvider.credentialsExpired",
|
||||
"User credentials have expired"), user);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -15,8 +15,6 @@
|
||||
|
||||
package org.acegisecurity.providers.dao;
|
||||
|
||||
import java.util.Map;
|
||||
|
||||
import org.acegisecurity.AuthenticationException;
|
||||
import org.acegisecurity.AuthenticationServiceException;
|
||||
import org.acegisecurity.BadCredentialsException;
|
||||
@@ -26,7 +24,6 @@ import org.acegisecurity.providers.encoding.PasswordEncoder;
|
||||
import org.acegisecurity.providers.encoding.PlaintextPasswordEncoder;
|
||||
import org.acegisecurity.userdetails.UserDetails;
|
||||
import org.acegisecurity.userdetails.UserDetailsService;
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.dao.DataAccessException;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
@@ -82,31 +79,6 @@ public class DaoAuthenticationProvider extends AbstractUserDetailsAuthentication
|
||||
Assert.notNull(this.userDetailsService, "A UserDetailsService must be set");
|
||||
}
|
||||
|
||||
/**
|
||||
* Introspects the <code>Applicationcontext</code> for the single instance
|
||||
* of {@link AccessDeniedHandler}. If found invoke
|
||||
* setAccessDeniedHandler(AccessDeniedHandler accessDeniedHandler) method by
|
||||
* providing the found instance of accessDeniedHandler as a method
|
||||
* parameter. If more than one instance of <code>AccessDeniedHandler</code>
|
||||
* is found, the method throws <code>IllegalStateException</code>.
|
||||
*
|
||||
* @param applicationContext to locate the instance
|
||||
*/
|
||||
private void autoDetectAnyUserDetailsServiceAndUseIt(ApplicationContext applicationContext) {
|
||||
if (applicationContext != null) {
|
||||
Map map = applicationContext.getBeansOfType(UserDetailsService.class);
|
||||
|
||||
if (map.size() > 1) {
|
||||
throw new IllegalArgumentException(
|
||||
"More than one UserDetailsService beans detected please refer to the one using "
|
||||
+ " [ principalRepositoryBeanRef ] " + "attribute");
|
||||
}
|
||||
else if (map.size() == 1) {
|
||||
setUserDetailsService((UserDetailsService) map.values().iterator().next());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public PasswordEncoder getPasswordEncoder() {
|
||||
return passwordEncoder;
|
||||
}
|
||||
@@ -172,5 +144,4 @@ public class DaoAuthenticationProvider extends AbstractUserDetailsAuthentication
|
||||
public void setIncludeDetailsObject(boolean includeDetailsObject) {
|
||||
this.includeDetailsObject = includeDetailsObject;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
+1
@@ -87,6 +87,7 @@ public class BindAuthenticator extends AbstractLdapAuthenticator {
|
||||
LdapUserDetailsImpl.Essence user = (LdapUserDetailsImpl.Essence) template.retrieveEntry(userDn,
|
||||
getUserDetailsMapper(), getUserAttributes());
|
||||
user.setUsername(username);
|
||||
user.setPassword(password);
|
||||
|
||||
return user.createUserDetails();
|
||||
} catch (BadCredentialsException e) {
|
||||
|
||||
@@ -50,26 +50,22 @@ import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
/**
|
||||
* Handles any <code>AccessDeniedException</code> and
|
||||
* <code>AuthenticationException</code> thrown within the filter chain.
|
||||
* Handles any <code>AccessDeniedException</code> and <code>AuthenticationException</code> thrown within the
|
||||
* filter chain.
|
||||
* <p>
|
||||
* This filter is necessary because it provides the bridge between Java
|
||||
* exceptions and HTTP responses. It is solely concerned with maintaining the
|
||||
* user interface. This filter does not do any actual security enforcement.
|
||||
* This filter is necessary because it provides the bridge between Java exceptions and HTTP responses.
|
||||
* It is solely concerned with maintaining the user interface. This filter does not do any actual security enforcement.
|
||||
* </p>
|
||||
* <p>
|
||||
* If an {@link AuthenticationException} is detected, the filter will launch the
|
||||
* <code>authenticationEntryPoint</code>. This allows common handling of
|
||||
* authentication failures originating from any subclass of
|
||||
* If an {@link AuthenticationException} is detected, the filter will launch the <code>authenticationEntryPoint</code>.
|
||||
* This allows common handling of authentication failures originating from any subclass of
|
||||
* {@link org.acegisecurity.intercept.AbstractSecurityInterceptor}.
|
||||
* </p>
|
||||
* <p>
|
||||
* If an {@link AccessDeniedException} is detected, the filter will determine
|
||||
* whether or not the user is an anonymous user. If they are an anonymous user,
|
||||
* the <code>authenticationEntryPoint</code> will be launched. If they are not
|
||||
* an anonymous user, the filter will delegate to the
|
||||
* {@link org.acegisecurity.ui.AccessDeniedHandler}. By default the filter will
|
||||
* use {@link org.acegisecurity.ui.AccessDeniedHandlerImpl}.
|
||||
* If an {@link AccessDeniedException} is detected, the filter will determine whether or not the user is an anonymous
|
||||
* user. If they are an anonymous user, the <code>authenticationEntryPoint</code> will be launched. If they are not
|
||||
* an anonymous user, the filter will delegate to the {@link org.acegisecurity.ui.AccessDeniedHandler}.
|
||||
* By default the filter will use {@link org.acegisecurity.ui.AccessDeniedHandlerImpl}.
|
||||
* </p>
|
||||
* <p>
|
||||
* To use this filter, it is necessary to specify the following properties:
|
||||
@@ -87,33 +83,26 @@ import javax.servlet.http.HttpServletResponse;
|
||||
* <code>web.xml</code> to use the {@link
|
||||
* org.acegisecurity.util.FilterToBeanProxy}.
|
||||
* </p>
|
||||
*
|
||||
*
|
||||
* @author Ben Alex
|
||||
* @author colin sampaleanu
|
||||
* @version $Id: ExceptionTranslationFilter.java 1496 2006-05-23 13:38:33Z
|
||||
* benalex $
|
||||
* @version $Id$
|
||||
*/
|
||||
public class ExceptionTranslationFilter implements Filter, InitializingBean {
|
||||
// ~ Static fields/initializers
|
||||
// =====================================================================================
|
||||
|
||||
//~ Static fields/initializers =====================================================================================
|
||||
|
||||
private static final Log logger = LogFactory.getLog(ExceptionTranslationFilter.class);
|
||||
|
||||
// ~ Instance fields
|
||||
// ================================================================================================
|
||||
|
||||
private AccessDeniedHandler accessDeniedHandler;
|
||||
//~ Instance fields ================================================================================================
|
||||
|
||||
private AccessDeniedHandler accessDeniedHandler = new AccessDeniedHandlerImpl();
|
||||
private AuthenticationEntryPoint authenticationEntryPoint;
|
||||
|
||||
private AuthenticationTrustResolver authenticationTrustResolver = new AuthenticationTrustResolverImpl();
|
||||
|
||||
private PortResolver portResolver = new PortResolverImpl();
|
||||
|
||||
private boolean createSessionAllowed = true;
|
||||
|
||||
// ~ Methods
|
||||
// ========================================================================================================
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
public void afterPropertiesSet() throws Exception {
|
||||
Assert.notNull(authenticationEntryPoint, "authenticationEntryPoint must be specified");
|
||||
@@ -121,37 +110,6 @@ public class ExceptionTranslationFilter implements Filter, InitializingBean {
|
||||
Assert.notNull(authenticationTrustResolver, "authenticationTrustResolver must be specified");
|
||||
}
|
||||
|
||||
/**
|
||||
* Introspects the <code>Applicationcontext</code> for the single instance
|
||||
* of {@link AccessDeniedHandler}. If found invoke
|
||||
* setAccessDeniedHandler(AccessDeniedHandler accessDeniedHandler) method by
|
||||
* providing the found instance of accessDeniedHandler as a method
|
||||
* parameter. If more than one instance of <code>AccessDeniedHandler</code>
|
||||
* is found, the method throws <code>IllegalStateException</code>.
|
||||
*
|
||||
* @param applicationContext to locate the instance
|
||||
*/
|
||||
private void autoDetectAnyAccessDeniedHandlerAndUseIt(ApplicationContext applicationContext) {
|
||||
Map map = applicationContext.getBeansOfType(AccessDeniedHandler.class);
|
||||
if (map.size() > 1) {
|
||||
throw new IllegalArgumentException(
|
||||
"More than one AccessDeniedHandler beans detected please refer to the one using "
|
||||
+ " [ accessDeniedBeanRef ] " + "attribute");
|
||||
}
|
||||
else if (map.size() == 1) {
|
||||
AccessDeniedHandler handler = (AccessDeniedHandlerImpl) map.values().iterator().next();
|
||||
setAccessDeniedHandler(handler);
|
||||
}
|
||||
else {
|
||||
// create and use the default one specified as an instance variable.
|
||||
accessDeniedHandler = new AccessDeniedHandlerImpl();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
public void destroy() {
|
||||
}
|
||||
|
||||
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
|
||||
ServletException {
|
||||
if (!(request instanceof HttpServletRequest)) {
|
||||
@@ -231,20 +189,15 @@ public class ExceptionTranslationFilter implements Filter, InitializingBean {
|
||||
}
|
||||
}
|
||||
|
||||
public void init(FilterConfig filterConfig) throws ServletException {
|
||||
}
|
||||
|
||||
/**
|
||||
* If <code>true</code>, indicates that
|
||||
* <code>SecurityEnforcementFilter</code> is permitted to store the target
|
||||
* URL and exception information in the <code>HttpSession</code> (the
|
||||
* default). In situations where you do not wish to unnecessarily create
|
||||
* <code>HttpSession</code>s - because the user agent will know the
|
||||
* failed URL, such as with BASIC or Digest authentication - you may wish to
|
||||
* If <code>true</code>, indicates that <code>SecurityEnforcementFilter</code> is permitted to store the target
|
||||
* URL and exception information in the <code>HttpSession</code> (the default).
|
||||
* In situations where you do not wish to unnecessarily create <code>HttpSession</code>s - because the user agent
|
||||
* will know the failed URL, such as with BASIC or Digest authentication - you may wish to
|
||||
* set this property to <code>false</code>. Remember to also set the
|
||||
* {@link org.acegisecurity.context.HttpSessionContextIntegrationFilter#allowSessionCreation}
|
||||
* to <code>false</code> if you set this property to <code>false</code>.
|
||||
*
|
||||
*
|
||||
* @return <code>true</code> if the <code>HttpSession</code> will be
|
||||
* used to store information about the failed request, <code>false</code>
|
||||
* if the <code>HttpSession</code> will not be used
|
||||
@@ -296,4 +249,10 @@ public class ExceptionTranslationFilter implements Filter, InitializingBean {
|
||||
public void setPortResolver(PortResolver portResolver) {
|
||||
this.portResolver = portResolver;
|
||||
}
|
||||
|
||||
public void init(FilterConfig filterConfig) throws ServletException {
|
||||
}
|
||||
|
||||
public void destroy() {
|
||||
}
|
||||
}
|
||||
|
||||
@@ -31,6 +31,7 @@ import org.acegisecurity.AuthenticationException;
|
||||
import org.acegisecurity.AuthenticationManager;
|
||||
import org.acegisecurity.context.SecurityContextHolder;
|
||||
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
|
||||
import org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken;
|
||||
import org.acegisecurity.ui.AuthenticationDetailsSource;
|
||||
import org.acegisecurity.ui.AuthenticationDetailsSourceImpl;
|
||||
import org.acegisecurity.ui.AuthenticationEntryPoint;
|
||||
@@ -188,6 +189,17 @@ public class BasicProcessingFilter implements Filter, InitializingBean {
|
||||
if (existingAuth instanceof UsernamePasswordAuthenticationToken && !existingAuth.getName().equals(username)) {
|
||||
return true;
|
||||
}
|
||||
|
||||
// Handle unusual condition where an AnonymousAuthenticationToken is already present
|
||||
// This shouldn't happen very often, as BasicProcessingFitler is meant to be earlier in the filter
|
||||
// chain than AnonymousProcessingFilter. Nevertheless, presence of both an AnonymousAuthenticationToken
|
||||
// together with a BASIC authentication request header should indicate reauthentication using the
|
||||
// BASIC protocol is desirable. This behaviour is also consistent with that provided by form and digest,
|
||||
// both of which force re-authentication if the respective header is detected (and in doing so replace
|
||||
// any existing AnonymousAuthenticationToken). See SEC-610.
|
||||
if (existingAuth instanceof AnonymousAuthenticationToken) {
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -55,7 +55,6 @@ import org.springframework.util.Assert;
|
||||
import java.io.IOException;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Arrays;
|
||||
import java.util.List;
|
||||
|
||||
import javax.servlet.Filter;
|
||||
@@ -81,7 +80,7 @@ import javax.servlet.http.HttpServletResponse;
|
||||
* specified user and will also contain an additinal {@link org.acegisecurity.ui.switchuser.SwitchUserGrantedAuthority
|
||||
* } which contains the original user.</p>
|
||||
* <p>To 'exit' from a user context, the user will then need to access a URL (see <code>exitUserUrl</code>) that
|
||||
* will switch back to the original user as identified by the <code>SWITCH_USER_GRANTED_AUTHORITY</code>.</p>
|
||||
* will switch back to the original user as identified by the <code>ROLE_PREVIOUS_ADMINISTRATOR</code>.</p>
|
||||
* <p>To configure the Switch User Processing Filter, create a bean definition for the Switch User processing
|
||||
* filter and add to the filterChainProxy. <br>
|
||||
* Example:<pre>
|
||||
@@ -102,8 +101,6 @@ public class SwitchUserProcessingFilter implements Filter, InitializingBean, App
|
||||
|
||||
private static final Log logger = LogFactory.getLog(SwitchUserProcessingFilter.class);
|
||||
|
||||
// ~ Static fields/initializers
|
||||
// =============================================
|
||||
public static final String ACEGI_SECURITY_SWITCH_USERNAME_KEY = "j_username";
|
||||
public static final String ROLE_PREVIOUS_ADMINISTRATOR = "ROLE_PREVIOUS_ADMINISTRATOR";
|
||||
|
||||
@@ -116,9 +113,6 @@ public class SwitchUserProcessingFilter implements Filter, InitializingBean, App
|
||||
private String switchUserUrl = "/j_acegi_switch_user";
|
||||
private String targetUrl;
|
||||
private SwitchUserAuthorityChanger switchUserAuthorityChanger;
|
||||
|
||||
// ~ Instance fields
|
||||
// ========================================================
|
||||
private UserDetailsService userDetailsService;
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
@@ -275,8 +269,11 @@ public class SwitchUserProcessingFilter implements Filter, InitializingBean, App
|
||||
Authentication currentAuth = SecurityContextHolder.getContext().getAuthentication();
|
||||
GrantedAuthority switchAuthority = new SwitchUserGrantedAuthority(ROLE_PREVIOUS_ADMINISTRATOR, currentAuth);
|
||||
|
||||
// get the original authorities
|
||||
List orig = Arrays.asList(targetUser.getAuthorities());
|
||||
// get the original authorities
|
||||
ArrayList orig = new ArrayList();
|
||||
for (int i = 0; i < targetUser.getAuthorities().length; i++) {
|
||||
orig.add(targetUser.getAuthorities()[i]);
|
||||
}
|
||||
|
||||
// Allow subclasses to change the authorities to be granted
|
||||
if (switchUserAuthorityChanger != null) {
|
||||
@@ -443,7 +440,7 @@ public class SwitchUserProcessingFilter implements Filter, InitializingBean, App
|
||||
/**
|
||||
* Sets the authentication data access object.
|
||||
*
|
||||
* @param authenticationDao The authentication dao
|
||||
* @param userDetailsService The UserDetailsService to use
|
||||
*/
|
||||
public void setUserDetailsService(UserDetailsService userDetailsService) {
|
||||
this.userDetailsService = userDetailsService;
|
||||
|
||||
@@ -28,10 +28,12 @@ import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
|
||||
/**
|
||||
* Processes an authentication form.<p>Login forms must present two parameters to this filter: a username and
|
||||
* Processes an authentication form.
|
||||
* <p>Login forms must present two parameters to this filter: a username and
|
||||
* password. The parameter names to use are contained in the static fields {@link #ACEGI_SECURITY_FORM_USERNAME_KEY}
|
||||
* and {@link #ACEGI_SECURITY_FORM_PASSWORD_KEY}.</p>
|
||||
* <P><B>Do not use this class directly.</B> Instead configure <code>web.xml</code> to use the {@link
|
||||
*
|
||||
* <p><b>Do not use this class directly.</b> Instead configure <code>web.xml</code> to use the {@link
|
||||
* org.acegisecurity.util.FilterToBeanProxy}.</p>
|
||||
*
|
||||
* @author Ben Alex
|
||||
@@ -47,8 +49,7 @@ public class AuthenticationProcessingFilter extends AbstractProcessingFilter {
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
public Authentication attemptAuthentication(HttpServletRequest request)
|
||||
throws AuthenticationException {
|
||||
public Authentication attemptAuthentication(HttpServletRequest request) throws AuthenticationException {
|
||||
String username = obtainUsername(request);
|
||||
String password = obtainPassword(request);
|
||||
|
||||
@@ -60,6 +61,8 @@ public class AuthenticationProcessingFilter extends AbstractProcessingFilter {
|
||||
password = "";
|
||||
}
|
||||
|
||||
username = username.trim();
|
||||
|
||||
UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);
|
||||
|
||||
// Place the last username attempted into HttpSession for views
|
||||
|
||||
@@ -0,0 +1,10 @@
|
||||
package org.acegisecurity.userdetails;
|
||||
|
||||
/**
|
||||
* @author Luke Taylor
|
||||
* @version $Id$
|
||||
* @since 1.0.7
|
||||
*/
|
||||
public interface UserDetailsChecker {
|
||||
void check(UserDetails toCheck);
|
||||
}
|
||||
+42
@@ -0,0 +1,42 @@
|
||||
package org.acegisecurity.userdetails.checker;
|
||||
|
||||
|
||||
import org.springframework.context.support.MessageSourceAccessor;
|
||||
|
||||
import org.acegisecurity.LockedException;
|
||||
import org.acegisecurity.CredentialsExpiredException;
|
||||
import org.acegisecurity.AccountExpiredException;
|
||||
import org.acegisecurity.DisabledException;
|
||||
import org.acegisecurity.AcegiMessageSource;
|
||||
import org.acegisecurity.userdetails.UserDetailsChecker;
|
||||
import org.acegisecurity.userdetails.UserDetails;
|
||||
|
||||
/**
|
||||
* @author Luke Taylor
|
||||
* @version $Id$
|
||||
* @since 1.0.7
|
||||
*/
|
||||
public class AccountStatusUserDetailsChecker implements UserDetailsChecker {
|
||||
|
||||
protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
|
||||
|
||||
public void check(UserDetails user) {
|
||||
if (!user.isAccountNonLocked()) {
|
||||
throw new LockedException(messages.getMessage("UserDetailsService.locked", "User account is locked"), user);
|
||||
}
|
||||
|
||||
if (!user.isEnabled()) {
|
||||
throw new DisabledException(messages.getMessage("UserDetailsService.disabled", "User is disabled"), user);
|
||||
}
|
||||
|
||||
if (!user.isAccountNonExpired()) {
|
||||
throw new AccountExpiredException(messages.getMessage("UserDetailsService.expired",
|
||||
"User account has expired"), user);
|
||||
}
|
||||
|
||||
if (!user.isCredentialsNonExpired()) {
|
||||
throw new CredentialsExpiredException(messages.getMessage("UserDetailsService.credentialsExpired",
|
||||
"User credentials have expired"), user);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1,65 +0,0 @@
|
||||
package org.acegisecurity.util;
|
||||
|
||||
import java.lang.reflect.Method;
|
||||
import java.util.Map;
|
||||
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.core.Ordered;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.util.ReflectionUtils;
|
||||
|
||||
/**
|
||||
* Proivdes common logic for manipulating classes implementing the Spring
|
||||
* {@link Ordered} interface.
|
||||
*
|
||||
* @author Ben Alex
|
||||
*/
|
||||
public abstract class OrderedUtils {
|
||||
/**
|
||||
* Introspects the application context for a single instance of <code>sourceClass</code>. If found, the order from the source
|
||||
* class instance is copied into the <code>destinationObject</code>. If more than one instance of <code>sourceClass</code>
|
||||
* is found, the method throws <code>IllegalStateException</code>.
|
||||
*
|
||||
* <p>The <code>destinationObject</code> is required to provide a public <code>setOrder(int)</code> method to permit
|
||||
* mutation of the order property.
|
||||
*
|
||||
* @param sourceClass to locate in the application context (must be assignable to Ordered)
|
||||
* @param applicationContext to locate the class
|
||||
* @param destinationObject to copy the order into (must provide public setOrder(int) method)
|
||||
* @param skipIfMoreThanOneCandidateSourceClassInstance if the application context provides more than one potential source, skip modifications (if false, the first located matching source will be used)
|
||||
* @return whether or not the destination class was updated
|
||||
*/
|
||||
public static boolean copyOrderFromOtherClass(Class sourceClass, ApplicationContext applicationContext, Object destinationObject, boolean skipIfMoreThanOneCandidateSourceClassInstance) {
|
||||
Assert.notNull(sourceClass, "Source class required");
|
||||
Assert.notNull(applicationContext, "ApplicationContext required");
|
||||
Assert.notNull(destinationObject, "Destination object required");
|
||||
Assert.isTrue(Ordered.class.isAssignableFrom(sourceClass), "Source class " + sourceClass + " must be assignable to Ordered");
|
||||
Map map = applicationContext.getBeansOfType(sourceClass);
|
||||
if (map.size() == 0) {
|
||||
return false;
|
||||
} else if (map.size() > 1 && skipIfMoreThanOneCandidateSourceClassInstance) {
|
||||
return false;
|
||||
} else {
|
||||
copyOrderFromOtherObject((Ordered)map.values().iterator().next(), destinationObject);
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Copies the order property from the <code>sourceObject</code> into the <code>destinationObject</code>.
|
||||
*
|
||||
* <p>The <code>destinationObject</code> is required to provide a public <code>setOrder(int)</code> method to permit
|
||||
* mutation of the order property.
|
||||
*
|
||||
* @param sourceObject to copy the order from
|
||||
* @param destinationObject to copy the order into (must provide public setOrder(int) method)
|
||||
*/
|
||||
public static void copyOrderFromOtherObject(Ordered sourceObject, Object destinationObject) {
|
||||
Assert.notNull(sourceObject, "Source object required");
|
||||
Assert.notNull(destinationObject, "Destination object required");
|
||||
Method m = ReflectionUtils.findMethod(destinationObject.getClass(), "setOrder", new Class[] {int.class});
|
||||
Assert.notNull(m, "Method setOrder(int) not found on " + destinationObject.getClass());
|
||||
ReflectionUtils.invokeMethod(m, destinationObject, new Object[] {new Integer(sourceObject.getOrder())});
|
||||
}
|
||||
|
||||
}
|
||||
@@ -1 +0,0 @@
|
||||
http\://www.springframework.org/schema/security=org.acegisecurity.config.SecurityNamespaceHandler
|
||||
@@ -1,2 +0,0 @@
|
||||
http\://www.springframework.org/schema/security/spring-security-2.0.xsd=org/acegisecurity/config/spring-security-2.0.xsd
|
||||
|
||||
@@ -246,6 +246,8 @@ public class CasAuthenticationProviderTests extends TestCase {
|
||||
public void testDetectsMissingStatelessTicketCache()
|
||||
throws Exception {
|
||||
CasAuthenticationProvider cap = new CasAuthenticationProvider();
|
||||
// set this explicitly to null to test failure
|
||||
cap.setStatelessTicketCache(null);
|
||||
cap.setCasAuthoritiesPopulator(new MockAuthoritiesPopulator());
|
||||
cap.setCasProxyDecider(new MockProxyDecider());
|
||||
cap.setKey("qwerty");
|
||||
|
||||
Vendored
+61
@@ -0,0 +1,61 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.acegisecurity.providers.cas.cache;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
import org.acegisecurity.GrantedAuthority;
|
||||
import org.acegisecurity.GrantedAuthorityImpl;
|
||||
import org.acegisecurity.providers.cas.CasAuthenticationToken;
|
||||
import org.acegisecurity.providers.cas.StatelessTicketCache;
|
||||
import org.acegisecurity.userdetails.User;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
/**
|
||||
* Test cases for the @link {@link NullStatelessTicketCache}
|
||||
*
|
||||
* @author Scott Battaglia
|
||||
* @version $Id$
|
||||
*
|
||||
*/
|
||||
public class NullStatelessTicketCacheTests extends TestCase {
|
||||
|
||||
private StatelessTicketCache cache = new NullStatelessTicketCache();
|
||||
|
||||
public void testGetter() {
|
||||
assertNull(cache.getByTicketId(null));
|
||||
assertNull(cache.getByTicketId("test"));
|
||||
}
|
||||
|
||||
public void testInsertAndGet() {
|
||||
final CasAuthenticationToken token = getToken();
|
||||
cache.putTicketInCache(token);
|
||||
assertNull(cache.getByTicketId((String) token.getCredentials()));
|
||||
}
|
||||
|
||||
private CasAuthenticationToken getToken() {
|
||||
List proxyList = new ArrayList();
|
||||
proxyList.add("https://localhost/newPortal/j_spring_cas_security_check");
|
||||
|
||||
User user = new User("marissa", "password", true, true, true, true,
|
||||
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO")});
|
||||
|
||||
return new CasAuthenticationToken("key", user, "ST-0-ER94xMJmn6pha35CQRoZ",
|
||||
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO")}, user,
|
||||
proxyList, "PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt");
|
||||
}
|
||||
}
|
||||
+24
@@ -41,6 +41,8 @@ import org.springframework.dao.DataAccessException;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
|
||||
/**
|
||||
* Tests {@link org.acegisecurity.ui.switchuser.SwitchUserProcessingFilter}.
|
||||
@@ -377,6 +379,28 @@ public class SwitchUserProcessingFilterTests extends TestCase {
|
||||
assertEquals("jacklord", ((User) targetAuth.getPrincipal()).getUsername());
|
||||
}
|
||||
|
||||
public void testModificationOfAuthoritiesWorks() {
|
||||
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("dano", "hawaii50");
|
||||
SecurityContextHolder.getContext().setAuthentication(auth);
|
||||
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
request.addParameter(SwitchUserProcessingFilter.ACEGI_SECURITY_SWITCH_USERNAME_KEY, "jacklord");
|
||||
|
||||
SwitchUserProcessingFilter filter = new SwitchUserProcessingFilter();
|
||||
filter.setUserDetailsService(new MockAuthenticationDaoUserJackLord());
|
||||
filter.setSwitchUserAuthorityChanger(new SwitchUserAuthorityChanger() {
|
||||
public void modifyGrantedAuthorities(UserDetails targetUser, Authentication currentAuthentication, List authoritiesToBeGranted) {
|
||||
authoritiesToBeGranted.clear();
|
||||
authoritiesToBeGranted.add(new GrantedAuthorityImpl("ROLE_NEW"));
|
||||
}
|
||||
});
|
||||
|
||||
Authentication result = filter.attemptSwitchUser(request);
|
||||
assertTrue(result != null);
|
||||
assertEquals(2, result.getAuthorities().length);
|
||||
assertEquals("ROLE_NEW", result.getAuthorities()[0].getAuthority());
|
||||
}
|
||||
|
||||
//~ Inner Classes ==================================================================================================
|
||||
|
||||
private class MockAuthenticationDaoUserJackLord implements UserDetailsService {
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<groupId>org.acegisecurity</groupId>
|
||||
<artifactId>acegi-security-parent</artifactId>
|
||||
<version>1.0.6-SNAPSHOT</version>
|
||||
<version>1.0.7</version>
|
||||
<name>Acegi Security</name>
|
||||
<packaging>pom</packaging>
|
||||
|
||||
@@ -32,9 +32,9 @@
|
||||
</licenses>
|
||||
|
||||
<scm>
|
||||
<connection>scm:svn:https://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity</connection>
|
||||
<developerConnection>scm:svn:https://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity</developerConnection>
|
||||
<url>http://acegisecurity.svn.sourceforge.net/viewcvs.cgi/acegisecurity/trunk/acegisecurity/</url>
|
||||
<connection>scm:svn:https://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/spring-security/tags/acegi-security-parent-1.0.7</connection>
|
||||
<developerConnection>scm:svn:https://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/spring-security/tags/acegi-security-parent-1.0.7</developerConnection>
|
||||
<url>http://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/spring-security/tags/acegi-security-parent-1.0.7</url>
|
||||
</scm>
|
||||
|
||||
<issueManagement>
|
||||
@@ -79,29 +79,8 @@
|
||||
<enabled>false</enabled>
|
||||
</releases>
|
||||
</repository>
|
||||
<repository>
|
||||
<id>apache.org</id>
|
||||
<name>Apache snapshot repository</name>
|
||||
<url>http://svn.apache.org/maven-snapshot-repository</url>
|
||||
<releases>
|
||||
<enabled>false</enabled>
|
||||
</releases>
|
||||
</repository>
|
||||
</repositories>
|
||||
|
||||
<pluginRepositories>
|
||||
<pluginRepository>
|
||||
<id>agilejava.com</id>
|
||||
<url>http://agilejava.com/maven/</url>
|
||||
<releases>
|
||||
<enabled>true</enabled>
|
||||
</releases>
|
||||
<snapshots>
|
||||
<enabled>false</enabled>
|
||||
</snapshots>
|
||||
</pluginRepository>
|
||||
</pluginRepositories>
|
||||
|
||||
<mailingLists>
|
||||
<mailingList>
|
||||
<name>Acegi Developer List</name>
|
||||
@@ -350,10 +329,10 @@
|
||||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-release-plugin</artifactId>
|
||||
<version>2.0-beta-5</version>
|
||||
<version>2.0-beta-7</version>
|
||||
<configuration>
|
||||
<tagBase>
|
||||
https://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/tags
|
||||
https://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/spring-security/tags
|
||||
</tagBase>
|
||||
</configuration>
|
||||
</plugin>
|
||||
@@ -411,9 +390,9 @@
|
||||
<postProcess>
|
||||
<copy todir="${docbook.target}/images">
|
||||
<fileset dir="${docbook.source}/images">
|
||||
<include name="*.png"/>
|
||||
<include name="*.gif"/>
|
||||
<include name="*.jpg"/>
|
||||
<include name="*.png" />
|
||||
<include name="*.gif" />
|
||||
<include name="*.jpg" />
|
||||
</fileset>
|
||||
</copy>
|
||||
</postProcess>
|
||||
|
||||
@@ -66,4 +66,5 @@ Links to mailing list archives, the forums, and other useful resources are
|
||||
available from http://acegisecurity.org.
|
||||
|
||||
|
||||
|
||||
$Id$
|
||||
|
||||
+3
-3
@@ -16,7 +16,7 @@
|
||||
# 7. The archives are tar archives. Create zip versions from the contents and check the internal paths are Ok.
|
||||
# 8. Check the site looks Ok.
|
||||
# 9. Check the reference guide links in the site are valid and that images are shown and paths in HTML are relative.
|
||||
# 10. Deploy the contacts and tutorial sample apps in a web container and check they work.
|
||||
# 10. Deploy the contacts and tutorial sample apps in Jetty and Tomcat and check they work.
|
||||
# 11. Check there have been no further commits since checkout (svn update). If there have, go to 1.
|
||||
# 12. Commit the source with the changed version numbers and note the revision number (should be 'build revision' + 1).
|
||||
# 13. Update the pom file versions to the appropriate snapshot version, do a grep to make sure none have been missed
|
||||
@@ -120,12 +120,12 @@ fi
|
||||
|
||||
pushd $SITE_DIR
|
||||
|
||||
find . -maxdepth 2 -mindepth 2 -name "*.html" | xargs perl -i -p -e 's#\./css/#\.\./css/#;' \
|
||||
find . -maxdepth 2 -mindepth 2 -name "*.html" | xargs perl -i -p -e 's#"\./css/#"\.\./css/#;' \
|
||||
-e 's/Maven Surefire Report/Unit Tests/;' \
|
||||
-e 's/Cobertura Test Coverage/Test Coverage/;' \
|
||||
-e 's/A successful project.*greatly appreciated\.//;'
|
||||
|
||||
find . -maxdepth 3 -mindepth 3 -name "*.html" | xargs perl -i -p -e 's#\./css/#\.\./\.\./css/#;'
|
||||
find . -maxdepth 3 -mindepth 3 -name "*.html" | xargs perl -i -p -e 's#"\./css/#"\.\./\.\./css/#;'
|
||||
|
||||
popd
|
||||
|
||||
|
||||
@@ -1,12 +1,9 @@
|
||||
<?xml version="1.0" encoding="ISO-8859-1"?>
|
||||
<project xmlns="http://maven.apache.org/POM/4.0.0"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
|
||||
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<parent>
|
||||
<groupId>org.acegisecurity</groupId>
|
||||
<artifactId>acegi-security-samples</artifactId>
|
||||
<version>1.0.6-SNAPSHOT</version>
|
||||
<version>1.0.7</version>
|
||||
</parent>
|
||||
<artifactId>acegi-security-samples-contacts</artifactId>
|
||||
<name>Acegi Security System for Spring - Contacts sample</name>
|
||||
@@ -83,6 +80,7 @@
|
||||
<plugin>
|
||||
<groupId>org.mortbay.jetty</groupId>
|
||||
<artifactId>maven-jetty-plugin</artifactId>
|
||||
<version>6.1.6</version>
|
||||
<configuration>
|
||||
<contextPath>/contacts</contextPath>
|
||||
<!--jettyConfig>${basedir}/src/test/resources/jetty.xml</jettyConfig-->
|
||||
@@ -95,4 +93,4 @@
|
||||
</plugins>
|
||||
</build>
|
||||
|
||||
</project>
|
||||
</project>
|
||||
+1
-1
@@ -3,7 +3,7 @@
|
||||
<parent>
|
||||
<groupId>org.acegisecurity</groupId>
|
||||
<artifactId>acegi-security-parent</artifactId>
|
||||
<version>1.0.6-SNAPSHOT</version>
|
||||
<version>1.0.7</version>
|
||||
</parent>
|
||||
<groupId>org.acegisecurity</groupId>
|
||||
<artifactId>acegi-security-samples</artifactId>
|
||||
|
||||
+49
-36
@@ -1,36 +1,49 @@
|
||||
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<parent>
|
||||
<groupId>org.acegisecurity</groupId>
|
||||
<artifactId>acegi-security-samples</artifactId>
|
||||
<version>1.0.6-SNAPSHOT</version>
|
||||
</parent>
|
||||
<groupId>org.acegisecurity</groupId>
|
||||
<artifactId>acegi-security-samples-tutorial</artifactId>
|
||||
<name>Acegi Security Samples - Tutorial</name>
|
||||
<packaging>war</packaging>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.acegisecurity</groupId>
|
||||
<artifactId>acegi-security</artifactId>
|
||||
<version>${project.version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework</groupId>
|
||||
<artifactId>spring-web</artifactId>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
|
||||
<build>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<groupId>org.mortbay.jetty</groupId>
|
||||
<artifactId>maven-jetty-plugin</artifactId>
|
||||
<configuration>
|
||||
<contextPath>/tutorial</contextPath>
|
||||
</configuration>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
|
||||
</project>
|
||||
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<parent>
|
||||
<groupId>org.acegisecurity</groupId>
|
||||
<artifactId>acegi-security-samples</artifactId>
|
||||
<version>1.0.7</version>
|
||||
</parent>
|
||||
<groupId>org.acegisecurity</groupId>
|
||||
<artifactId>acegi-security-samples-tutorial</artifactId>
|
||||
<name>Acegi Security Samples - Tutorial</name>
|
||||
<packaging>war</packaging>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.acegisecurity</groupId>
|
||||
<artifactId>acegi-security</artifactId>
|
||||
<version>${project.version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework</groupId>
|
||||
<artifactId>spring-web</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>javax.servlet</groupId>
|
||||
<artifactId>jstl</artifactId>
|
||||
<version>1.0</version>
|
||||
<scope>runtime</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>taglibs</groupId>
|
||||
<artifactId>standard</artifactId>
|
||||
<version>1.0.6</version>
|
||||
<scope>runtime</scope>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
|
||||
<build>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<groupId>org.mortbay.jetty</groupId>
|
||||
<artifactId>maven-jetty-plugin</artifactId>
|
||||
<version>6.1.6</version>
|
||||
<configuration>
|
||||
<contextPath>/tutorial</contextPath>
|
||||
</configuration>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
|
||||
</project>
|
||||
@@ -1,47 +0,0 @@
|
||||
<classpath>
|
||||
<classpathentry kind="src" path="src/main/java"/>
|
||||
<classpathentry kind="src" path="src/main/resources" excluding="**/*.java"/>
|
||||
<classpathentry kind="src" path="src/test/java" output="target/test-classes"/>
|
||||
<classpathentry kind="src" path="src/test/resources" output="target/test-classes" excluding="**/*.java"/>
|
||||
<classpathentry kind="output" path="target/classes"/>
|
||||
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
|
||||
<classpathentry kind="var" path="M2_REPO/commons-collections/commons-collections/3.1/commons-collections-3.1.jar" sourcepath="M2_REPO/commons-collections/commons-collections/3.1/commons-collections-3.1-sources.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/apache/directory/server/apacheds-core-shared/1.0.0/apacheds-core-shared-1.0.0.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-context/2.0.4/spring-context-2.0.4.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/commons-codec/commons-codec/1.3/commons-codec-1.3.jar" sourcepath="M2_REPO/commons-codec/commons-codec/1.3/commons-codec-1.3-sources.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/commons-attributes/commons-attributes-api/2.1/commons-attributes-api-2.1.jar" sourcepath="M2_REPO/commons-attributes/commons-attributes-api/2.1/commons-attributes-api-2.1-sources.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/javax/servlet/servlet-api/2.4/servlet-api-2.4.jar" sourcepath="M2_REPO/javax/servlet/servlet-api/2.4/servlet-api-2.4-sources.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/junit/junit/3.8.1/junit-3.8.1.jar" sourcepath="M2_REPO/junit/junit/3.8.1/junit-3.8.1-sources.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/cas/casclient/2.0.11/casclient-2.0.11.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/hsqldb/hsqldb/1.8.0.4/hsqldb-1.8.0.4.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/qdox/qdox/1.5/qdox-1.5.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/apache/directory/shared/shared-ldap/0.9.5.3/shared-ldap-0.9.5.3.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/taglibs/standard/1.0.6/standard-1.0.6.jar" sourcepath="M2_REPO/taglibs/standard/1.0.6/standard-1.0.6-sources.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/jmock/jmock/1.0.1/jmock-1.0.1.jar" sourcepath="M2_REPO/jmock/jmock/1.0.1/jmock-1.0.1-sources.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/apache/directory/server/apacheds-core/1.0.0/apacheds-core-1.0.0.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/apache/directory/shared/shared-asn1/0.9.5.3/shared-asn1-0.9.5.3.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/javax/servlet/jsp-api/2.0/jsp-api-2.0.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-web/2.0.4/spring-web-2.0.4.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-support/2.0.4/spring-support-2.0.4.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-dao/2.0.4/spring-dao-2.0.4.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/acegisecurity/acegi-security/1.0.5-SNAPSHOT/acegi-security-1.0.5-SNAPSHOT.jar" sourcepath="M2_REPO/org/acegisecurity/acegi-security/1.0.5-SNAPSHOT/acegi-security-1.0.5-SNAPSHOT-sources.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/log4j/log4j/1.2.9/log4j-1.2.9.jar" sourcepath="M2_REPO/log4j/log4j/1.2.9/log4j-1.2.9-sources.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/commons-attributes/commons-attributes-compiler/2.1/commons-attributes-compiler-2.1.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-remoting/2.0.4/spring-remoting-2.0.4.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/antlr/antlr/2.7.6/antlr-2.7.6.jar" sourcepath="M2_REPO/antlr/antlr/2.7.6/antlr-2.7.6-sources.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-mock/2.0.4/spring-mock-2.0.4.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/jdbm/jdbm/1.0/jdbm-1.0.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-aop/2.0.4/spring-aop-2.0.4.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/slf4j/slf4j-log4j12/1.0.1/slf4j-log4j12-1.0.1.jar" sourcepath="M2_REPO/org/slf4j/slf4j-log4j12/1.0.1/slf4j-log4j12-1.0.1-sources.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-jdbc/2.0.4/spring-jdbc-2.0.4.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/commons-lang/commons-lang/2.1/commons-lang-2.1.jar" sourcepath="M2_REPO/commons-lang/commons-lang/2.1/commons-lang-2.1-sources.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-beans/2.0.4/spring-beans-2.0.4.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/oro/oro/2.0.8/oro-2.0.8.jar" sourcepath="M2_REPO/oro/oro/2.0.8/oro-2.0.8-sources.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-core/2.0.4/spring-core-2.0.4.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/commons-logging/commons-logging/1.0.4/commons-logging-1.0.4.jar" sourcepath="M2_REPO/commons-logging/commons-logging/1.0.4/commons-logging-1.0.4-sources.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/aspectj/aspectjrt/1.2/aspectjrt-1.2.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/ant/ant/1.5/ant-1.5.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/aopalliance/aopalliance/1.0/aopalliance-1.0.jar" sourcepath="M2_REPO/aopalliance/aopalliance/1.0/aopalliance-1.0-sources.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/net/sf/ehcache/ehcache/1.2.4/ehcache-1.2.4.jar" sourcepath="M2_REPO/net/sf/ehcache/ehcache/1.2.4/ehcache-1.2.4-sources.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/acegisecurity/acegi-security-tiger/1.0.5-SNAPSHOT/acegi-security-tiger-1.0.5-SNAPSHOT.jar" sourcepath="M2_REPO/org/acegisecurity/acegi-security-tiger/1.0.5-SNAPSHOT/acegi-security-tiger-1.0.5-SNAPSHOT-sources.jar"/>
|
||||
</classpath>
|
||||
@@ -1,19 +0,0 @@
|
||||
<projectDescription>
|
||||
<name>spring-security-config</name>
|
||||
<comment>Acegi Security System for Spring</comment>
|
||||
<projects/>
|
||||
<buildSpec>
|
||||
<buildCommand>
|
||||
<name>org.eclipse.jdt.core.javabuilder</name>
|
||||
</buildCommand>
|
||||
<buildCommand>
|
||||
<name>org.eclipse.wst.validation.validationbuilder</name>
|
||||
</buildCommand>
|
||||
</buildSpec>
|
||||
<natures>
|
||||
<nature>org.eclipse.wst.common.project.facet.core.nature</nature>
|
||||
<nature>org.eclipse.jdt.core.javanature</nature>
|
||||
<nature>org.eclipse.wst.common.modulecore.ModuleCoreNature</nature>
|
||||
<nature>org.eclipse.jem.workbench.JavaEMFNature</nature>
|
||||
</natures>
|
||||
</projectDescription>
|
||||
@@ -1,6 +0,0 @@
|
||||
<project-modules id="moduleCoreId">
|
||||
<wb-module deploy-name="spring-security-config">
|
||||
<wb-resource deploy-path="/" source-path="src/main/java"/>
|
||||
<wb-resource deploy-path="/" source-path="src/main/resources"/>
|
||||
</wb-module>
|
||||
</project-modules>
|
||||
@@ -1,7 +0,0 @@
|
||||
#Sun Jun 17 10:48:58 EST 2007
|
||||
eclipse.preferences.version=1
|
||||
org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5
|
||||
org.eclipse.jdt.core.compiler.compliance=1.5
|
||||
org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
|
||||
org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
|
||||
org.eclipse.jdt.core.compiler.source=1.5
|
||||
@@ -1,6 +0,0 @@
|
||||
<faceted-project>
|
||||
<fixed facet="jst.java"/>
|
||||
<fixed facet="jst.utility"/>
|
||||
<installed facet="jst.utility" version="1.0"/>
|
||||
<installed facet="jst.java" version="5.0"/>
|
||||
</faceted-project>
|
||||
@@ -1,239 +0,0 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.acegisecurity.ui.basicauth;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import javax.servlet.Filter;
|
||||
import javax.servlet.FilterChain;
|
||||
import javax.servlet.FilterConfig;
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.ServletRequest;
|
||||
import javax.servlet.ServletResponse;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.acegisecurity.Authentication;
|
||||
import org.acegisecurity.AuthenticationException;
|
||||
import org.acegisecurity.AuthenticationManager;
|
||||
import org.acegisecurity.context.SecurityContextHolder;
|
||||
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
|
||||
import org.acegisecurity.ui.AuthenticationDetailsSource;
|
||||
import org.acegisecurity.ui.AuthenticationDetailsSourceImpl;
|
||||
import org.acegisecurity.ui.AuthenticationEntryPoint;
|
||||
import org.acegisecurity.ui.rememberme.RememberMeServices;
|
||||
import org.apache.commons.codec.binary.Base64;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
import org.springframework.core.Ordered;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
|
||||
/**
|
||||
* Processes a HTTP request's BASIC authorization headers, putting the result into the
|
||||
* <code>SecurityContextHolder</code>.<p>For a detailed background on what this filter is designed to process,
|
||||
* refer to <A HREF="http://www.faqs.org/rfcs/rfc1945.html">RFC 1945, Section 11.1</A>. Any realm name presented in
|
||||
* the HTTP request is ignored.</p>
|
||||
* <p>In summary, this filter is responsible for processing any request that has a HTTP request header of
|
||||
* <code>Authorization</code> with an authentication scheme of <code>Basic</code> and a Base64-encoded
|
||||
* <code>username:password</code> token. For example, to authenticate user "Aladdin" with password "open sesame" the
|
||||
* following header would be presented:</p>
|
||||
* <p><code>Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==</code>.</p>
|
||||
* <p>This filter can be used to provide BASIC authentication services to both remoting protocol clients (such as
|
||||
* Hessian and SOAP) as well as standard user agents (such as Internet Explorer and Netscape).</p>
|
||||
* <P>If authentication is successful, the resulting {@link Authentication} object will be placed into the
|
||||
* <code>SecurityContextHolder</code>.</p>
|
||||
* <p>If authentication fails and <code>ignoreFailure</code> is <code>false</code> (the default), an {@link
|
||||
* AuthenticationEntryPoint} implementation is called. Usually this should be {@link BasicProcessingFilterEntryPoint},
|
||||
* which will prompt the user to authenticate again via BASIC authentication.</p>
|
||||
* <p>Basic authentication is an attractive protocol because it is simple and widely deployed. However, it still
|
||||
* transmits a password in clear text and as such is undesirable in many situations. Digest authentication is also
|
||||
* provided by Acegi Security and should be used instead of Basic authentication wherever possible. See {@link
|
||||
* org.acegisecurity.ui.digestauth.DigestProcessingFilter}.</p>
|
||||
* <p>Note that if a {@link #rememberMeServices} is set, this filter will automatically send back remember-me
|
||||
* details to the client. Therefore, subsequent requests will not need to present a BASIC authentication header as
|
||||
* they will be authenticated using the remember-me mechanism.</p>
|
||||
* <p><b>Do not use this class directly.</b> Instead configure <code>web.xml</code> to use the {@link
|
||||
* org.acegisecurity.util.FilterToBeanProxy}.</p>
|
||||
*
|
||||
* @author Ben Alex
|
||||
* @version $Id: BasicProcessingFilter.java 1783 2007-02-23 19:21:44Z luke_t $
|
||||
*/
|
||||
public class BasicProcessingFilter implements Filter, InitializingBean, Ordered {
|
||||
//~ Static fields/initializers =====================================================================================
|
||||
|
||||
private static final Log logger = LogFactory.getLog(BasicProcessingFilter.class);
|
||||
|
||||
//~ Instance fields ================================================================================================
|
||||
|
||||
private AuthenticationDetailsSource authenticationDetailsSource = new AuthenticationDetailsSourceImpl();
|
||||
private AuthenticationEntryPoint authenticationEntryPoint;
|
||||
private AuthenticationManager authenticationManager;
|
||||
private RememberMeServices rememberMeServices;
|
||||
private boolean ignoreFailure = false;
|
||||
private int order;
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
public void afterPropertiesSet() throws Exception {
|
||||
Assert.notNull(this.authenticationManager, "An AuthenticationManager is required");
|
||||
Assert.notNull(this.authenticationEntryPoint, "An AuthenticationEntryPoint is required");
|
||||
}
|
||||
|
||||
public void destroy() {}
|
||||
|
||||
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
|
||||
throws IOException, ServletException {
|
||||
|
||||
if (!(request instanceof HttpServletRequest)) {
|
||||
throw new ServletException("Can only process HttpServletRequest");
|
||||
}
|
||||
|
||||
if (!(response instanceof HttpServletResponse)) {
|
||||
throw new ServletException("Can only process HttpServletResponse");
|
||||
}
|
||||
|
||||
HttpServletRequest httpRequest = (HttpServletRequest) request;
|
||||
HttpServletResponse httpResponse = (HttpServletResponse) response;
|
||||
|
||||
String header = httpRequest.getHeader("Authorization");
|
||||
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Authorization header: " + header);
|
||||
}
|
||||
|
||||
if ((header != null) && header.startsWith("Basic ")) {
|
||||
String base64Token = header.substring(6);
|
||||
String token = new String(Base64.decodeBase64(base64Token.getBytes()));
|
||||
|
||||
String username = "";
|
||||
String password = "";
|
||||
int delim = token.indexOf(":");
|
||||
|
||||
if (delim != -1) {
|
||||
username = token.substring(0, delim);
|
||||
password = token.substring(delim + 1);
|
||||
}
|
||||
|
||||
if (authenticationIsRequired(username)) {
|
||||
UsernamePasswordAuthenticationToken authRequest =
|
||||
new UsernamePasswordAuthenticationToken(username, password);
|
||||
authRequest.setDetails(authenticationDetailsSource.buildDetails((HttpServletRequest) request));
|
||||
|
||||
Authentication authResult;
|
||||
|
||||
try {
|
||||
authResult = authenticationManager.authenticate(authRequest);
|
||||
} catch (AuthenticationException failed) {
|
||||
// Authentication failed
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Authentication request for user: " + username + " failed: " + failed.toString());
|
||||
}
|
||||
|
||||
SecurityContextHolder.getContext().setAuthentication(null);
|
||||
|
||||
if (rememberMeServices != null) {
|
||||
rememberMeServices.loginFail(httpRequest, httpResponse);
|
||||
}
|
||||
|
||||
if (ignoreFailure) {
|
||||
chain.doFilter(request, response);
|
||||
} else {
|
||||
authenticationEntryPoint.commence(request, response, failed);
|
||||
}
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
// Authentication success
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Authentication success: " + authResult.toString());
|
||||
}
|
||||
|
||||
SecurityContextHolder.getContext().setAuthentication(authResult);
|
||||
|
||||
if (rememberMeServices != null) {
|
||||
rememberMeServices.loginSuccess(httpRequest, httpResponse, authResult);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
chain.doFilter(request, response);
|
||||
}
|
||||
|
||||
private boolean authenticationIsRequired(String username) {
|
||||
// Only reauthenticate if username doesn't match SecurityContextHolder and user isn't authenticated
|
||||
// (see SEC-53)
|
||||
Authentication existingAuth = SecurityContextHolder.getContext().getAuthentication();
|
||||
|
||||
if(existingAuth == null || !existingAuth.isAuthenticated()) {
|
||||
return true;
|
||||
}
|
||||
|
||||
// Limit username comparison to providers which use usernames (ie UsernamePasswordAuthenticationToken)
|
||||
// (see SEC-348)
|
||||
|
||||
if (existingAuth instanceof UsernamePasswordAuthenticationToken && !existingAuth.getName().equals(username)) {
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
public AuthenticationEntryPoint getAuthenticationEntryPoint() {
|
||||
return authenticationEntryPoint;
|
||||
}
|
||||
|
||||
public AuthenticationManager getAuthenticationManager() {
|
||||
return authenticationManager;
|
||||
}
|
||||
|
||||
public void init(FilterConfig arg0) throws ServletException {}
|
||||
|
||||
public boolean isIgnoreFailure() {
|
||||
return ignoreFailure;
|
||||
}
|
||||
|
||||
public void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource) {
|
||||
Assert.notNull(authenticationDetailsSource, "AuthenticationDetailsSource required");
|
||||
this.authenticationDetailsSource = authenticationDetailsSource;
|
||||
}
|
||||
|
||||
public void setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint) {
|
||||
this.authenticationEntryPoint = authenticationEntryPoint;
|
||||
}
|
||||
|
||||
public void setAuthenticationManager(AuthenticationManager authenticationManager) {
|
||||
this.authenticationManager = authenticationManager;
|
||||
}
|
||||
|
||||
public void setIgnoreFailure(boolean ignoreFailure) {
|
||||
this.ignoreFailure = ignoreFailure;
|
||||
}
|
||||
|
||||
public void setRememberMeServices(RememberMeServices rememberMeServices) {
|
||||
this.rememberMeServices = rememberMeServices;
|
||||
}
|
||||
|
||||
public int getOrder() {
|
||||
return order;
|
||||
}
|
||||
|
||||
public void setOrder(int order) {
|
||||
this.order = order;
|
||||
}
|
||||
}
|
||||
@@ -1,102 +0,0 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.acegisecurity.ui.basicauth;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.Map;
|
||||
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.ServletRequest;
|
||||
import javax.servlet.ServletResponse;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.acegisecurity.AuthenticationException;
|
||||
import org.acegisecurity.ui.AuthenticationEntryPoint;
|
||||
import org.acegisecurity.util.OrderedUtils;
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.context.ApplicationContextAware;
|
||||
import org.springframework.core.Ordered;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
/**
|
||||
* Used by the <code>SecurityEnforcementFilter</code> to commence
|
||||
* authentication via the {@link BasicProcessingFilter}.
|
||||
* <P>
|
||||
* Once a user agent is authenticated using BASIC authentication, logout
|
||||
* requires that the browser be closed or an unauthorized (401) header be sent.
|
||||
* The simplest way of achieving the latter is to call the
|
||||
* {@link #commence(ServletRequest, ServletResponse, AuthenticationException)}
|
||||
* method below. This will indicate to the browser its credentials are no longer
|
||||
* authorized, causing it to prompt the user to login again.
|
||||
* </p>
|
||||
*
|
||||
* @author Ben Alex
|
||||
* @version $Id: BasicProcessingFilterEntryPoint.java 1822 2007-05-17 12:20:16Z
|
||||
* vishalpuri $
|
||||
*/
|
||||
public class BasicProcessingFilterEntryPoint implements AuthenticationEntryPoint, InitializingBean, Ordered,
|
||||
ApplicationContextAware {
|
||||
// ~ Static fields/initializers
|
||||
// =====================================================================================
|
||||
private static final int DEFAULT_ORDER = Integer.MAX_VALUE;
|
||||
|
||||
// ~ Instance fields
|
||||
// ================================================================================================
|
||||
|
||||
private String realmName;
|
||||
|
||||
private int order = DEFAULT_ORDER;
|
||||
|
||||
private ApplicationContext applicationContext;
|
||||
|
||||
// ~ Methods
|
||||
// ========================================================================================================
|
||||
|
||||
public int getOrder() {
|
||||
return order;
|
||||
}
|
||||
|
||||
public void setOrder(int order) {
|
||||
this.order = order;
|
||||
}
|
||||
|
||||
public void afterPropertiesSet() throws Exception {
|
||||
Assert.hasText(realmName, "realmName must be specified");
|
||||
if (order == DEFAULT_ORDER) {
|
||||
OrderedUtils.copyOrderFromOtherClass(BasicProcessingFilter.class, applicationContext, this, true);
|
||||
}
|
||||
}
|
||||
|
||||
public void commence(ServletRequest request, ServletResponse response, AuthenticationException authException)
|
||||
throws IOException, ServletException {
|
||||
HttpServletResponse httpResponse = (HttpServletResponse) response;
|
||||
httpResponse.addHeader("WWW-Authenticate", "Basic realm=\"" + realmName + "\"");
|
||||
httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, authException.getMessage());
|
||||
}
|
||||
|
||||
public String getRealmName() {
|
||||
return realmName;
|
||||
}
|
||||
|
||||
public void setRealmName(String realmName) {
|
||||
this.realmName = realmName;
|
||||
}
|
||||
|
||||
public void setApplicationContext(ApplicationContext applicationContext) {
|
||||
this.applicationContext = applicationContext;
|
||||
}
|
||||
}
|
||||
@@ -1,5 +0,0 @@
|
||||
<html>
|
||||
<body>
|
||||
Authenticates HTTP BASIC authentication requests.
|
||||
</body>
|
||||
</html>
|
||||
@@ -1,169 +0,0 @@
|
||||
<?xml version="1.0"?>
|
||||
<project>
|
||||
<parent>
|
||||
<artifactId>acegi-security-sandbox</artifactId>
|
||||
<groupId>org.acegisecurity</groupId>
|
||||
<version>1.0.6-SNAPSHOT</version>
|
||||
</parent>
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<groupId>org.acegisecurity</groupId>
|
||||
<artifactId>spring-security-config</artifactId>
|
||||
<name>spring-security-config</name>
|
||||
<version>2.0.0-SNAPSHOT</version>
|
||||
<url>http://maven.apache.org</url>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.acegisecurity</groupId>
|
||||
<artifactId>acegi-security-tiger</artifactId>
|
||||
<version>1.0.6-SNAPSHOT</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework</groupId>
|
||||
<artifactId>spring-remoting</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework</groupId>
|
||||
<artifactId>spring-jdbc</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework</groupId>
|
||||
<artifactId>spring-support</artifactId>
|
||||
<scope>runtime</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework</groupId>
|
||||
<artifactId>spring-mock</artifactId>
|
||||
<optional>true</optional>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>net.sf.ehcache</groupId>
|
||||
<artifactId>ehcache</artifactId>
|
||||
<version>1.2.4</version>
|
||||
<optional>true</optional>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>cas</groupId>
|
||||
<artifactId>casclient</artifactId>
|
||||
<version>2.0.11</version>
|
||||
<optional>true</optional>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>commons-lang</groupId>
|
||||
<artifactId>commons-lang</artifactId>
|
||||
<version>2.1</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>commons-logging</groupId>
|
||||
<artifactId>commons-logging</artifactId>
|
||||
<version>1.0.4</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>commons-codec</groupId>
|
||||
<artifactId>commons-codec</artifactId>
|
||||
<version>1.3</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>oro</groupId>
|
||||
<artifactId>oro</artifactId>
|
||||
<version>2.0.8</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>commons-collections</groupId>
|
||||
<artifactId>commons-collections</artifactId>
|
||||
<version>3.1</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>commons-attributes</groupId>
|
||||
<artifactId>commons-attributes-compiler</artifactId>
|
||||
<version>2.1</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>commons-attributes</groupId>
|
||||
<artifactId>commons-attributes-api</artifactId>
|
||||
<version>2.1</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>commons-attributes</groupId>
|
||||
<artifactId>commons-attributes-plugin</artifactId>
|
||||
<version>2.1</version>
|
||||
<type>plugin</type>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>aspectj</groupId>
|
||||
<artifactId>aspectjrt</artifactId>
|
||||
<version>1.2</version>
|
||||
<optional>true</optional>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>javax.servlet</groupId>
|
||||
<artifactId>jsp-api</artifactId>
|
||||
<version>2.0</version>
|
||||
<optional>true</optional>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>javax.servlet</groupId>
|
||||
<artifactId>servlet-api</artifactId>
|
||||
<version>2.4</version>
|
||||
<optional>true</optional>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>taglibs</groupId>
|
||||
<artifactId>standard</artifactId>
|
||||
<version>1.0.6</version>
|
||||
<optional>true</optional>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>hsqldb</groupId>
|
||||
<artifactId>hsqldb</artifactId>
|
||||
<version>1.8.0.4</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.apache.directory.server</groupId>
|
||||
<artifactId>apacheds-core</artifactId>
|
||||
<version>1.0.0</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.slf4j</groupId>
|
||||
<artifactId>slf4j-log4j12</artifactId>
|
||||
<version>1.0.1</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>jmock</groupId>
|
||||
<artifactId>jmock</artifactId>
|
||||
<version>1.0.1</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>log4j</groupId>
|
||||
<artifactId>log4j</artifactId>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
<build>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-compiler-plugin</artifactId>
|
||||
<configuration>
|
||||
<source>1.5</source>
|
||||
<target>1.5</target>
|
||||
</configuration>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
<reporting>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-pmd-plugin</artifactId>
|
||||
<configuration>
|
||||
<targetJdk>1.5</targetJdk>
|
||||
</configuration>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</reporting>
|
||||
|
||||
</project>
|
||||
@@ -1,13 +0,0 @@
|
||||
package org.acegisecurity;
|
||||
|
||||
/**
|
||||
* Hello world!
|
||||
*
|
||||
*/
|
||||
public class App
|
||||
{
|
||||
public static void main( String[] args )
|
||||
{
|
||||
System.out.println( "Hello World!" );
|
||||
}
|
||||
}
|
||||
@@ -1,50 +0,0 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.acegisecurity;
|
||||
|
||||
import org.acegisecurity.annotation.Secured;
|
||||
|
||||
|
||||
/**
|
||||
* <code>BankService</code> sample using Java 5 Annotations.
|
||||
*
|
||||
* @author Mark St.Godard
|
||||
* @version $Id: BankService.java 1496 2006-05-23 13:38:33Z benalex $
|
||||
*
|
||||
* @see org.acegisecurity.annotation.Secured
|
||||
*/
|
||||
@Secured({"ROLE_TELLER"})
|
||||
public interface BankService {
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
/**
|
||||
* Get the account balance.
|
||||
*
|
||||
* @param accountNumber The account number
|
||||
*
|
||||
* @return The balance
|
||||
*/
|
||||
@Secured({"ROLE_PERMISSION_BALANCE"})
|
||||
public float balance(String accountNumber);
|
||||
|
||||
/**
|
||||
* List accounts
|
||||
*
|
||||
* @return The list of accounts
|
||||
*/
|
||||
@Secured({"ROLE_PERMISSION_LIST"})
|
||||
public String[] listAccounts();
|
||||
}
|
||||
@@ -1,34 +0,0 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.acegisecurity;
|
||||
|
||||
/**
|
||||
* <code>BankService</code> sample implementation.
|
||||
*
|
||||
* @author Mark St.Godard
|
||||
* @version $Id: BankServiceImpl.java 1496 2006-05-23 13:38:33Z benalex $
|
||||
*/
|
||||
public class BankServiceImpl implements BankService {
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
public float balance(String accountNumber) {
|
||||
return 42000000;
|
||||
}
|
||||
|
||||
public String[] listAccounts() {
|
||||
return new String[] {"1", "2", "3"};
|
||||
}
|
||||
}
|
||||
@@ -1,77 +0,0 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.acegisecurity;
|
||||
|
||||
import org.acegisecurity.AccessDeniedException;
|
||||
import org.acegisecurity.GrantedAuthority;
|
||||
import org.acegisecurity.GrantedAuthorityImpl;
|
||||
|
||||
import org.acegisecurity.context.SecurityContextHolder;
|
||||
import org.acegisecurity.context.SecurityContextImpl;
|
||||
|
||||
import org.acegisecurity.providers.TestingAuthenticationToken;
|
||||
|
||||
import org.springframework.context.support.ClassPathXmlApplicationContext;
|
||||
|
||||
|
||||
/**
|
||||
*
|
||||
DOCUMENT ME!
|
||||
*
|
||||
* @author Mark St.Godard
|
||||
* @version $Id: Main.java 1496 2006-05-23 13:38:33Z benalex $
|
||||
*/
|
||||
public class Main {
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
/**
|
||||
* This can be done in a web app by using a filter or <code>SpringMvcIntegrationInterceptor</code>.
|
||||
*/
|
||||
private static void createSecureContext() {
|
||||
TestingAuthenticationToken auth = new TestingAuthenticationToken("test", "test",
|
||||
new GrantedAuthority[] {
|
||||
new GrantedAuthorityImpl("ROLE_TELLER"), new GrantedAuthorityImpl("ROLE_PERMISSION_LIST")
|
||||
});
|
||||
|
||||
SecurityContextHolder.getContext().setAuthentication(auth);
|
||||
}
|
||||
|
||||
private static void destroySecureContext() {
|
||||
SecurityContextHolder.setContext(new SecurityContextImpl());
|
||||
}
|
||||
|
||||
public static void main(String[] args) throws Exception {
|
||||
createSecureContext();
|
||||
|
||||
ClassPathXmlApplicationContext context = new ClassPathXmlApplicationContext(
|
||||
"org/acegisecurity/config/auto-config.xml");
|
||||
BankService service = (BankService) context.getBean("bankService");
|
||||
|
||||
// will succeed
|
||||
service.listAccounts();
|
||||
|
||||
// will fail
|
||||
try {
|
||||
System.out.println(
|
||||
"We expect an AccessDeniedException now, as we do not hold the ROLE_PERMISSION_BALANCE granted authority, and we're using a unanimous access decision manager... ");
|
||||
service.balance("1");
|
||||
} catch (AccessDeniedException e) {
|
||||
e.printStackTrace();
|
||||
}
|
||||
|
||||
destroySecureContext();
|
||||
}
|
||||
}
|
||||
-145
@@ -1,145 +0,0 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.acegisecurity.config;
|
||||
|
||||
import org.acegisecurity.ldap.DefaultInitialDirContextFactory;
|
||||
import org.acegisecurity.providers.ProviderManager;
|
||||
import org.acegisecurity.providers.ldap.LdapAuthenticationProvider;
|
||||
import org.acegisecurity.providers.ldap.authenticator.BindAuthenticator;
|
||||
import org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator;
|
||||
import org.acegisecurity.util.BeanDefinitionParserUtils;
|
||||
import org.springframework.beans.factory.config.RuntimeBeanReference;
|
||||
import org.springframework.beans.factory.support.AbstractBeanDefinition;
|
||||
import org.springframework.beans.factory.support.ManagedList;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.BeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.springframework.util.xml.DomUtils;
|
||||
import org.w3c.dom.Element;
|
||||
import org.w3c.dom.Node;
|
||||
import org.w3c.dom.NodeList;
|
||||
|
||||
/**
|
||||
* * {@link BeanDefinitionParser} for the <code>authentication-mechanism</code>
|
||||
* tag, resolves to {@link org.acegisecurity.providers.ProviderManager} </br>
|
||||
*
|
||||
* @author vpuri
|
||||
* @see {@link org.springframework.beans.factory.BeanFactory}
|
||||
* @see {@link org.acegisecurity.providers.ProviderManager}
|
||||
*
|
||||
*/
|
||||
public class AuthenticationMechanismBeanDefinitionParser extends AbstractBeanDefinitionParser implements
|
||||
BeanDefinitionParser {
|
||||
// ~ Instance fields
|
||||
// ================================================================================================
|
||||
|
||||
private static final String AUTHENTICATION_JDBC = "authentication-jdbc";
|
||||
|
||||
private static final String AUTHENTICATION_LDAP = "authentication-ldap";
|
||||
|
||||
private static final String REF = "ref";
|
||||
|
||||
// ~ Methods
|
||||
// ========================================================================================================
|
||||
protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
|
||||
|
||||
ManagedList providers = new ManagedList();
|
||||
Assert.notNull(parserContext, "ParserContext must not be null");
|
||||
RootBeanDefinition authMechanismBeanDef = new RootBeanDefinition(ProviderManager.class);
|
||||
NodeList childNodes = element.getChildNodes();
|
||||
|
||||
for (int i = 0, n = childNodes.getLength(); i < n; i++) {
|
||||
Node node = childNodes.item(i);
|
||||
|
||||
if (node.getNodeType() == Node.ELEMENT_NODE) {
|
||||
Element childElement = (Element) node;
|
||||
// this.providerExists = true;
|
||||
|
||||
if (AUTHENTICATION_JDBC.equals(node.getLocalName())) {
|
||||
String attribute = childElement.getAttribute(REF);
|
||||
if (StringUtils.hasLength(attribute)) {
|
||||
// create a beandefinition
|
||||
providers.add(new RuntimeBeanReference(attribute));
|
||||
}
|
||||
}
|
||||
else if (AUTHENTICATION_LDAP.equals(node.getLocalName())) {
|
||||
providers.add(createLdapAuthencticationProviderBeanDefinition(childElement, parserContext));
|
||||
}
|
||||
}
|
||||
authMechanismBeanDef.getPropertyValues().addPropertyValue("providers", providers);
|
||||
|
||||
}
|
||||
return authMechanismBeanDef;
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a default bean definition.
|
||||
* @return
|
||||
*/
|
||||
protected static RootBeanDefinition createAndRegisterBeanDefinitionWithDefaults(ParserContext parserContext) {
|
||||
RootBeanDefinition beanDefinition = new RootBeanDefinition(ProviderManager.class);
|
||||
ManagedList providers = new ManagedList();
|
||||
// create authentication-repository (DaoAuthenticationProvider) and add
|
||||
// that to list
|
||||
RootBeanDefinition authRepo = AuthenticationRepositoryBeanDefinitionParser.createBeanDefinitionWithDefaults();
|
||||
providers.add(authRepo);
|
||||
beanDefinition.getPropertyValues().addPropertyValue("providers", providers);
|
||||
parserContext.getReaderContext().registerWithGeneratedName(beanDefinition);
|
||||
return beanDefinition;
|
||||
}
|
||||
|
||||
protected static RootBeanDefinition createLdapAuthencticationProviderBeanDefinition(Element element,
|
||||
ParserContext parserContext) {
|
||||
// element ldap
|
||||
RootBeanDefinition ldapAuthProvider = new RootBeanDefinition(LdapAuthenticationProvider.class);
|
||||
RootBeanDefinition initialDirContextFactory = createInitialDirContextFactoryBeanDefinition(element);
|
||||
RootBeanDefinition ldapAuthoritiesPopulator = new RootBeanDefinition(DefaultLdapAuthoritiesPopulator.class);
|
||||
|
||||
RootBeanDefinition bindAuthenticator = new RootBeanDefinition(BindAuthenticator.class);
|
||||
Element property = DomUtils.getChildElementByTagName(element, "property");
|
||||
Assert.notNull(property);
|
||||
parserContext.getDelegate().parsePropertyElement(property, bindAuthenticator);
|
||||
bindAuthenticator.getConstructorArgumentValues().addIndexedArgumentValue(0, initialDirContextFactory);
|
||||
|
||||
// LdapAuthenticator
|
||||
ldapAuthProvider.getConstructorArgumentValues().addIndexedArgumentValue(0, bindAuthenticator);
|
||||
|
||||
ldapAuthoritiesPopulator.getConstructorArgumentValues().addIndexedArgumentValue(0, initialDirContextFactory);
|
||||
BeanDefinitionParserUtils.setConstructorArgumentIfAvailable(1, element, "groupSearchBase", false,
|
||||
ldapAuthoritiesPopulator);
|
||||
BeanDefinitionParserUtils.setPropertyIfAvailable(element, "groupRoleAttribute", "groupRoleAttribute", false,
|
||||
ldapAuthoritiesPopulator);
|
||||
|
||||
// LdapAuthoritiesPopulator
|
||||
ldapAuthProvider.getConstructorArgumentValues().addIndexedArgumentValue(1, ldapAuthoritiesPopulator);
|
||||
|
||||
return ldapAuthProvider;
|
||||
|
||||
}
|
||||
|
||||
private static RootBeanDefinition createInitialDirContextFactoryBeanDefinition(Element element) {
|
||||
RootBeanDefinition initialDirContextFactory = new RootBeanDefinition(DefaultInitialDirContextFactory.class);
|
||||
BeanDefinitionParserUtils.setConstructorArgumentIfAvailable(0, element, "ldapUrl", false,
|
||||
initialDirContextFactory);
|
||||
BeanDefinitionParserUtils.setPropertyIfAvailable(element, "managerDn", "managerDn", false,
|
||||
initialDirContextFactory);
|
||||
BeanDefinitionParserUtils.setPropertyIfAvailable(element, "managerPassword", "managerPassword", false,
|
||||
initialDirContextFactory);
|
||||
return initialDirContextFactory;
|
||||
}
|
||||
}
|
||||
-71
@@ -1,71 +0,0 @@
|
||||
/**
|
||||
*
|
||||
*/
|
||||
package org.acegisecurity.config;
|
||||
|
||||
import org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices;
|
||||
import org.acegisecurity.ui.webapp.AuthenticationProcessingFilter;
|
||||
import org.springframework.beans.factory.config.BeanDefinitionHolder;
|
||||
import org.springframework.beans.factory.support.AbstractBeanDefinition;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.BeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.w3c.dom.Element;
|
||||
|
||||
/**
|
||||
* @author vpuri
|
||||
*
|
||||
*/
|
||||
public class AuthenticationProcessingFilterBeanDefinitionParser extends AbstractBeanDefinitionParser implements
|
||||
BeanDefinitionParser {
|
||||
|
||||
// ~ Instance fields
|
||||
// ================================================================================================
|
||||
|
||||
private static final String AUTHENTICATION_URL = "authenticationUrl";
|
||||
|
||||
private static final String ERROR_FORM_URL = "errorFormUrl";
|
||||
|
||||
private static final String DEFAULT_TARGET_URL = "defaultTargetUrl";
|
||||
|
||||
// ~ Methods
|
||||
// ================================================================================================
|
||||
|
||||
protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
|
||||
|
||||
RootBeanDefinition definition = new RootBeanDefinition(AuthenticationProcessingFilter.class);
|
||||
|
||||
setPropertyIfAvailable(element, AUTHENTICATION_URL, "filterProcessesUrl", definition);
|
||||
setPropertyIfAvailable(element, ERROR_FORM_URL, "authenticationFailureUrl", definition);
|
||||
setPropertyIfAvailable(element, DEFAULT_TARGET_URL, "defaultTargetUrl", definition);
|
||||
|
||||
return definition;
|
||||
}
|
||||
|
||||
private void setPropertyIfAvailable(Element element, String attribute, String property,
|
||||
RootBeanDefinition definition) {
|
||||
String propertyValue = element.getAttribute(attribute);
|
||||
if (StringUtils.hasText(propertyValue)) {
|
||||
definition.getPropertyValues().addPropertyValue(property, propertyValue);
|
||||
}
|
||||
}
|
||||
|
||||
protected static RootBeanDefinition createBeandefinitionWithDefaults(ParserContext parserContext, RootBeanDefinition authenticationManager, RootBeanDefinition rememberMeServices) {
|
||||
RootBeanDefinition definition = new RootBeanDefinition(AuthenticationProcessingFilter.class);
|
||||
definition.getPropertyValues().addPropertyValue("authenticationManager",authenticationManager);
|
||||
definition.getPropertyValues().addPropertyValue("rememberMeServices",rememberMeServices);
|
||||
// RootBeanDefinition beanDefinition = AuthenticationMechanismBeanDefinitionParser.createAndRegisterBeanDefinitionWithDefaults(parserContext);
|
||||
// definition.getPropertyValues().addPropertyValue("authenticationManager",
|
||||
// parserContext.getReaderContext().getRegistry().getBeanDefinition(beanDefinition.getBeanClassName()));
|
||||
// definition.getPropertyValues().addPropertyValue("rememberMeServices",
|
||||
// RememberMeServicesBeanDefinitionParser.createAndRegisterBeanDefintionWithDefaults(parserContext));
|
||||
/* TODO: There should not be any defaults for these urls ?!?! */
|
||||
definition.getPropertyValues().addPropertyValue("authenticationFailureUrl", "/acegilogin.jsp?login_error=1");
|
||||
definition.getPropertyValues().addPropertyValue("defaultTargetUrl", "/");
|
||||
|
||||
return definition;
|
||||
}
|
||||
|
||||
}
|
||||
-43
@@ -1,43 +0,0 @@
|
||||
package org.acegisecurity.config;
|
||||
|
||||
import java.util.Collections;
|
||||
|
||||
import org.acegisecurity.AuthenticationManager;
|
||||
import org.acegisecurity.providers.AuthenticationProvider;
|
||||
import org.springframework.beans.BeansException;
|
||||
import org.springframework.beans.factory.config.BeanFactoryPostProcessor;
|
||||
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
|
||||
import org.springframework.beans.factory.support.ManagedList;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.core.OrderComparator;
|
||||
|
||||
public class AuthenticationProviderOrderResolver implements BeanFactoryPostProcessor {
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) throws BeansException {
|
||||
// retrieve all the AuthenticationProvider instances
|
||||
ManagedList providers = retrieveAllAuthenticationProviders(beanFactory);
|
||||
String[] names = beanFactory.getBeanNamesForType(AuthenticationManager.class);
|
||||
RootBeanDefinition definition = (RootBeanDefinition)beanFactory.getBeanDefinition(names[0]);
|
||||
definition.getPropertyValues().addPropertyValue("providers",providers);
|
||||
}
|
||||
/**
|
||||
*
|
||||
* @param beanFactory
|
||||
* @return
|
||||
*/
|
||||
private ManagedList retrieveAllAuthenticationProviders(ConfigurableListableBeanFactory beanFactory) {
|
||||
String[] m = beanFactory.getBeanNamesForType(AuthenticationProvider.class);
|
||||
ManagedList l = new ManagedList();
|
||||
for(int i=0;i<m.length;i++){
|
||||
RootBeanDefinition def = (RootBeanDefinition)beanFactory.getBeanDefinition(m[i]);
|
||||
l.add(def);
|
||||
}
|
||||
Collections.sort(l, new OrderComparator());
|
||||
return l;
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
-193
@@ -1,193 +0,0 @@
|
||||
/**
|
||||
*
|
||||
*/
|
||||
package org.acegisecurity.config;
|
||||
|
||||
import org.acegisecurity.providers.dao.DaoAuthenticationProvider;
|
||||
import org.acegisecurity.providers.dao.salt.ReflectionSaltSource;
|
||||
import org.acegisecurity.providers.dao.salt.SystemWideSaltSource;
|
||||
import org.acegisecurity.providers.encoding.Md5PasswordEncoder;
|
||||
import org.springframework.beans.factory.config.BeanDefinitionHolder;
|
||||
import org.springframework.beans.factory.config.RuntimeBeanReference;
|
||||
import org.springframework.beans.factory.support.AbstractBeanDefinition;
|
||||
import org.springframework.beans.factory.support.ManagedList;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.springframework.util.xml.DomUtils;
|
||||
import org.w3c.dom.Element;
|
||||
import org.w3c.dom.Node;
|
||||
import org.w3c.dom.NodeList;
|
||||
|
||||
/**
|
||||
* @author vpuri
|
||||
*
|
||||
*/
|
||||
public class AuthenticationRepositoryBeanDefinitionParser extends AbstractBeanDefinitionParser {
|
||||
|
||||
// ~ Static fields
|
||||
// =====================================================================================
|
||||
|
||||
private static final String REPOSITORY_BEAN_REF = "repositoryBeanRef";
|
||||
|
||||
private static final String USER_DETAILS_SERVICE = "userDetailsService";
|
||||
|
||||
private static final String SALT_SOURCE_ELEMENT = "salt-source";
|
||||
|
||||
private static final String SALT_SOURCE_REF = "saltSourceBeanRef";
|
||||
|
||||
private static final String SYSTEM_WIDE_SALT_SOURCE = "system-wide";
|
||||
|
||||
private static final String REFLECTION_SALT_SOURCE = "reflection";
|
||||
|
||||
private static final String PASSWORD_ENCODER_ELEMENT = "password-encoder";
|
||||
|
||||
private static final String PASSWORD_ENCODER_REF = "encoderBeanRef";
|
||||
|
||||
private static final String PASSWORD_ENCODER = "encoder";
|
||||
|
||||
// ~ Method
|
||||
// ================================================================================================
|
||||
|
||||
public AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
|
||||
Assert.notNull(parserContext, "ParserContext must not be null");
|
||||
|
||||
RootBeanDefinition repositoryBeanDef = new RootBeanDefinition(DaoAuthenticationProvider.class);
|
||||
|
||||
// check if saltSource is defined
|
||||
Element saltSourceEle = DomUtils.getChildElementByTagName(element, SALT_SOURCE_ELEMENT);
|
||||
setSaltSourceProperty(repositoryBeanDef, saltSourceEle);
|
||||
|
||||
Element passwordEncoderEle = DomUtils.getChildElementByTagName(element, PASSWORD_ENCODER_ELEMENT);
|
||||
setPasswordEncoderProperty(repositoryBeanDef, passwordEncoderEle);
|
||||
|
||||
// if repositoryBeanRef is specified use its referred bean
|
||||
String userDetailsRef = element.getAttribute(REPOSITORY_BEAN_REF);
|
||||
if (StringUtils.hasLength(userDetailsRef)) {
|
||||
repositoryBeanDef.getPropertyValues().addPropertyValue(USER_DETAILS_SERVICE,
|
||||
new RuntimeBeanReference(userDetailsRef));
|
||||
}
|
||||
return repositoryBeanDef;
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @param repositoryBeanDef
|
||||
* @param element
|
||||
*/
|
||||
private void setSaltSourceProperty(RootBeanDefinition repositoryBeanDef, Element element) {
|
||||
if (element != null) {
|
||||
setBeanReferenceOrInnerBeanDefinitions(repositoryBeanDef, element, "saltSource", element
|
||||
.getAttribute(SALT_SOURCE_REF));
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @param repositoryBeanDef
|
||||
* @param element
|
||||
*/
|
||||
private void setPasswordEncoderProperty(RootBeanDefinition repositoryBeanDef, Element element) {
|
||||
if (element != null) {
|
||||
setBeanReferenceOrInnerBeanDefinitions(repositoryBeanDef, element, "passwordEncoder", element
|
||||
.getAttribute(PASSWORD_ENCODER_REF));
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @param repositoryBeanDef
|
||||
* @param element
|
||||
* @param property
|
||||
* @param reference
|
||||
*/
|
||||
private void setBeanReferenceOrInnerBeanDefinitions(RootBeanDefinition repositoryBeanDef, Element element,
|
||||
String property, String reference) {
|
||||
// check for encoderBeanRef attribute
|
||||
if (StringUtils.hasLength(reference)) {
|
||||
repositoryBeanDef.getPropertyValues().addPropertyValue(property, new RuntimeBeanReference(reference));
|
||||
}
|
||||
else {
|
||||
doSetInnerBeanDefinitions(repositoryBeanDef, element, property);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @param repositoryBeanDef
|
||||
* @param element
|
||||
* @param property
|
||||
*/
|
||||
private void doSetInnerBeanDefinitions(RootBeanDefinition repositoryBeanDef, Element element, String property) {
|
||||
NodeList children = element.getChildNodes();
|
||||
for (int i = 0, n = children.getLength(); i < n; i++) {
|
||||
Node node = children.item(i);
|
||||
|
||||
if (node.getNodeType() == Node.ELEMENT_NODE) {
|
||||
Element childElement = (Element) node;
|
||||
RootBeanDefinition innerBeanDefinition = null;
|
||||
|
||||
if (SYSTEM_WIDE_SALT_SOURCE.equals(node.getLocalName())) {
|
||||
innerBeanDefinition = createSystemWideSaltSource(childElement);
|
||||
repositoryBeanDef.getPropertyValues().addPropertyValue(property, innerBeanDefinition);
|
||||
}
|
||||
else if (REFLECTION_SALT_SOURCE.equals(node.getLocalName())) {
|
||||
innerBeanDefinition = createReflectionSaltSource(childElement);
|
||||
repositoryBeanDef.getPropertyValues().addPropertyValue(property, innerBeanDefinition);
|
||||
}
|
||||
if (PASSWORD_ENCODER.equals(node.getLocalName())) {
|
||||
RootBeanDefinition passwordEncoderInnerBeanDefinition = createPasswordEncoder(childElement);
|
||||
repositoryBeanDef.getPropertyValues()
|
||||
.addPropertyValue(property, passwordEncoderInnerBeanDefinition);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @param childElement
|
||||
* @return
|
||||
*/
|
||||
private RootBeanDefinition createPasswordEncoder(Element childElement) {
|
||||
String attributeValue = childElement.getAttribute("method");
|
||||
RootBeanDefinition definition = null;
|
||||
// TODO: add other encoders support
|
||||
if (attributeValue.equals("md5")) {
|
||||
definition = new RootBeanDefinition(Md5PasswordEncoder.class);
|
||||
}
|
||||
return definition;
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @param saltSourceTypeElement
|
||||
* @return
|
||||
*/
|
||||
private RootBeanDefinition createReflectionSaltSource(Element saltSourceTypeElement) {
|
||||
RootBeanDefinition definition = new RootBeanDefinition(ReflectionSaltSource.class);
|
||||
definition.getPropertyValues().addPropertyValue("userPropertyToUse",
|
||||
saltSourceTypeElement.getAttribute("userPropertyToUse"));
|
||||
return definition;
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @param saltSourceTypeElement
|
||||
* @return
|
||||
*/
|
||||
private RootBeanDefinition createSystemWideSaltSource(Element saltSourceTypeElement) {
|
||||
RootBeanDefinition definition = new RootBeanDefinition(SystemWideSaltSource.class);
|
||||
definition.getPropertyValues().addPropertyValue("systemWideSalt",
|
||||
saltSourceTypeElement.getAttribute("systemWideSalt"));
|
||||
return definition;
|
||||
}
|
||||
|
||||
protected static RootBeanDefinition createBeanDefinitionWithDefaults() {
|
||||
RootBeanDefinition repositoryBeanDef = new RootBeanDefinition(DaoAuthenticationProvider.class);
|
||||
return repositoryBeanDef;
|
||||
}
|
||||
|
||||
}
|
||||
-84
@@ -1,84 +0,0 @@
|
||||
package org.acegisecurity.config;
|
||||
|
||||
import org.acegisecurity.AccessDecisionManager;
|
||||
import org.acegisecurity.vote.AffirmativeBased;
|
||||
import org.acegisecurity.vote.AuthenticatedVoter;
|
||||
import org.acegisecurity.vote.ConsensusBased;
|
||||
import org.acegisecurity.vote.RoleVoter;
|
||||
import org.acegisecurity.vote.UnanimousBased;
|
||||
import org.springframework.beans.factory.support.AbstractBeanDefinition;
|
||||
import org.springframework.beans.factory.support.ManagedList;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.BeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.springframework.util.xml.DomUtils;
|
||||
import org.w3c.dom.Element;
|
||||
import org.w3c.dom.Node;
|
||||
import org.w3c.dom.NodeList;
|
||||
|
||||
public class AuthorizationManagerBeanDefinitionParser extends AbstractBeanDefinitionParser implements
|
||||
BeanDefinitionParser {
|
||||
// ~ static initializers
|
||||
// ================================================================================================
|
||||
|
||||
public static final String ROLE_VOTER_ELE = "role-voter";
|
||||
|
||||
public static final String AUTHENTICATED_VOTER_ELE = "authenticated-voter";
|
||||
|
||||
public static final String STRATEGY_ATTRIBUTE = "strategy";
|
||||
|
||||
// ~ Method
|
||||
// ================================================================================================
|
||||
|
||||
protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
|
||||
return createBeanDefinition(element, parserContext);
|
||||
}
|
||||
|
||||
private RootBeanDefinition createBeanDefinition(Element element, ParserContext parserContext) {
|
||||
ManagedList decisionVoters = new ManagedList();
|
||||
|
||||
Element roleVoterEle = DomUtils.getChildElementByTagName(element, ROLE_VOTER_ELE);
|
||||
Element authVoterEle = DomUtils.getChildElementByTagName(element, AUTHENTICATED_VOTER_ELE);
|
||||
|
||||
if(roleVoterEle!=null && roleVoterEle.getLocalName().equals(ROLE_VOTER_ELE)) {
|
||||
decisionVoters.add(new RootBeanDefinition(RoleVoter.class));
|
||||
}
|
||||
if (authVoterEle!=null && authVoterEle.getLocalName().equals(AUTHENTICATED_VOTER_ELE)) {
|
||||
decisionVoters.add(new RootBeanDefinition(AuthenticatedVoter.class));
|
||||
}
|
||||
|
||||
String strategy = element.getAttribute(STRATEGY_ATTRIBUTE);
|
||||
if (StringUtils.hasLength(strategy)) {
|
||||
if (strategy.equals("affirmative")) {
|
||||
return createAccessDecisionManager(AffirmativeBased.class, decisionVoters);
|
||||
}
|
||||
else if (strategy.equals("consensus")) {
|
||||
return createAccessDecisionManager(ConsensusBased.class, decisionVoters);
|
||||
}
|
||||
else if (strategy.equals("unanimous")) {
|
||||
return createAccessDecisionManager(UnanimousBased.class, decisionVoters);
|
||||
}
|
||||
}
|
||||
else {
|
||||
return createAccessDecisionManagerAffirmativeBased();
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
protected static RootBeanDefinition createAccessDecisionManagerAffirmativeBased() {
|
||||
ManagedList decisionVoters = new ManagedList();
|
||||
decisionVoters.add(new RootBeanDefinition(AuthenticatedVoter.class));
|
||||
decisionVoters.add(new RootBeanDefinition(RoleVoter.class));
|
||||
return createAccessDecisionManager(AffirmativeBased.class, decisionVoters);
|
||||
}
|
||||
|
||||
protected static RootBeanDefinition createAccessDecisionManager(Class clazz, ManagedList decisionVoters) {
|
||||
RootBeanDefinition accessDecisionManager = new RootBeanDefinition(clazz);
|
||||
accessDecisionManager.getPropertyValues().addPropertyValue("allowIfAllAbstainDecisions", Boolean.FALSE);
|
||||
accessDecisionManager.getPropertyValues().addPropertyValue("decisionVoters", decisionVoters);
|
||||
return accessDecisionManager;
|
||||
}
|
||||
|
||||
}
|
||||
-217
@@ -1,217 +0,0 @@
|
||||
package org.acegisecurity.config;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
|
||||
import org.acegisecurity.annotation.SecurityAnnotationAttributes;
|
||||
import org.acegisecurity.intercept.method.MethodDefinitionAttributes;
|
||||
import org.acegisecurity.intercept.method.MethodDefinitionMap;
|
||||
import org.acegisecurity.intercept.method.MethodDefinitionSource;
|
||||
import org.acegisecurity.intercept.method.MethodDefinitionSourceMapping;
|
||||
import org.acegisecurity.intercept.method.aopalliance.MethodDefinitionSourceAdvisor;
|
||||
import org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor;
|
||||
import org.acegisecurity.intercept.method.aspectj.AspectJSecurityInterceptor;
|
||||
import org.acegisecurity.runas.RunAsManagerImpl;
|
||||
import org.acegisecurity.util.BeanDefinitionParserUtils;
|
||||
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
|
||||
import org.springframework.beans.factory.BeanDefinitionStoreException;
|
||||
import org.springframework.beans.factory.config.RuntimeBeanReference;
|
||||
import org.springframework.beans.factory.support.AbstractBeanDefinition;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.BeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
import org.springframework.metadata.commons.CommonsAttributes;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.springframework.util.xml.DomUtils;
|
||||
import org.w3c.dom.Element;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Vishal Puri
|
||||
*
|
||||
*/
|
||||
|
||||
public class AuthorizationMethodBeanDefinitionParser extends AbstractBeanDefinitionParser implements
|
||||
BeanDefinitionParser {
|
||||
// ~ static initializers
|
||||
// ================================================================================================
|
||||
|
||||
public static final String ASPECTJ_ATTRIBUTE = "aspectj";
|
||||
|
||||
public static final String SPRING_AOP_ATTRIBUTE = "springAop";
|
||||
|
||||
public static final String SOURCE_ATTRIBUTE = "source";
|
||||
|
||||
public static final String SOURCE_BEAN_REF = "sourceBeanId";
|
||||
|
||||
public static final String ATTRIBUTE = "attribute";
|
||||
|
||||
private static final String CONFIGURATION_ATTRIBUTE = "configuration-attribute";
|
||||
|
||||
private static final String TYPE_ATTRIBUTE = "type";
|
||||
|
||||
// ~ Method
|
||||
// ================================================================================================
|
||||
|
||||
protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
|
||||
// <security:authorization-joinpoint aspectj="false|true"
|
||||
// springAop="true|false">
|
||||
// one attribute allowed, aspectj or springAop
|
||||
Assert.isTrue(!(element.hasAttribute(SPRING_AOP_ATTRIBUTE) && element.hasAttribute(ASPECTJ_ATTRIBUTE)),
|
||||
"only one attribute (springAop or aspectj) is allowed");
|
||||
|
||||
Element urlMappingEle = DomUtils.getChildElementByTagName(element, "url-mapping");
|
||||
|
||||
String sourceBeanId = urlMappingEle.getAttribute(SOURCE_BEAN_REF);
|
||||
boolean isSourceBeanIdDefined = StringUtils.hasLength(sourceBeanId);
|
||||
|
||||
if (!isValidConfiguration(urlMappingEle, isSourceBeanIdDefined)) {
|
||||
throw new IllegalArgumentException(
|
||||
" 'custom' value provided by 'source' attribute need to be selected when referring to a bean by 'sourceBeanId' attribute ");
|
||||
}
|
||||
|
||||
if ((element.hasAttribute(ASPECTJ_ATTRIBUTE)) && element.getAttribute(ASPECTJ_ATTRIBUTE).equals("true")) {
|
||||
// create AspectJSecurityInterceptor
|
||||
if (isSourceBeanIdDefined)
|
||||
return createMethodSecurityInterceptor(AspectJSecurityInterceptor.class, new RuntimeBeanReference(
|
||||
sourceBeanId));
|
||||
|
||||
return createMethodSecurityInterceptor(AspectJSecurityInterceptor.class, createObjectDefinitionSource(
|
||||
parserContext, urlMappingEle));
|
||||
}
|
||||
else if ((element.hasAttribute(SPRING_AOP_ATTRIBUTE))
|
||||
&& element.getAttribute(SPRING_AOP_ATTRIBUTE).equals("true")) {
|
||||
// create MethodSecurityInterceptor and
|
||||
// MethodDefinitionSourceAdvisor
|
||||
if (isSourceBeanIdDefined)
|
||||
return createMethodSecurityInterceptor(MethodSecurityInterceptor.class, new RuntimeBeanReference(
|
||||
sourceBeanId));
|
||||
|
||||
return createMethodSecurityInterceptor(MethodSecurityInterceptor.class, createObjectDefinitionSource(
|
||||
parserContext, urlMappingEle));
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param parserContext
|
||||
* @param firstChild
|
||||
* @param sourceValue
|
||||
* @throws BeanDefinitionStoreException
|
||||
*/
|
||||
private MethodDefinitionSource createObjectDefinitionSource(ParserContext parserContext, Element element)
|
||||
throws BeanDefinitionStoreException {
|
||||
String sourceValue = element.getAttribute(SOURCE_ATTRIBUTE);
|
||||
if (sourceValue.equals("xml")) {
|
||||
// create MethodDefinitionSourceEditor
|
||||
Element methodPattern = DomUtils.getChildElementByTagName(element, "method-pattern");
|
||||
String methodToProtect = methodPattern.getAttribute(TYPE_ATTRIBUTE);
|
||||
|
||||
MethodDefinitionSourceMapping mapping = new MethodDefinitionSourceMapping();
|
||||
MethodDefinitionMap source = new MethodDefinitionMap();
|
||||
List<MethodDefinitionSourceMapping> mappings = new ArrayList<MethodDefinitionSourceMapping>();
|
||||
|
||||
mapping.setMethodName(methodToProtect);
|
||||
|
||||
List configAttributes = DomUtils.getChildElementsByTagName(methodPattern, CONFIGURATION_ATTRIBUTE);
|
||||
|
||||
for (Iterator iter = configAttributes.iterator(); iter.hasNext();) {
|
||||
Element configAttribute = (Element) iter.next();
|
||||
String configAttributeValue = configAttribute.getAttribute(ATTRIBUTE);
|
||||
mapping.addConfigAttribute(configAttributeValue);
|
||||
}
|
||||
mappings.add(mapping);
|
||||
source.setMappings(mappings);
|
||||
return source;
|
||||
}
|
||||
else if (sourceValue.equals("annotations")) {
|
||||
BeanDefinitionParserUtils.registerBeanDefinition(parserContext, new RootBeanDefinition(
|
||||
DefaultAdvisorAutoProxyCreator.class));
|
||||
|
||||
MethodDefinitionAttributes source = new MethodDefinitionAttributes();
|
||||
SecurityAnnotationAttributes attributes = new SecurityAnnotationAttributes();
|
||||
source.setAttributes(attributes);
|
||||
return source;
|
||||
}
|
||||
else if (sourceValue.equals("attributes")) {
|
||||
// create CommonsAttributes
|
||||
CommonsAttributes attributes = new CommonsAttributes();
|
||||
// objectDefinitionSource and inject attributes
|
||||
MethodDefinitionAttributes source = new MethodDefinitionAttributes();
|
||||
source.setAttributes(attributes);
|
||||
|
||||
// register DefaultAdvisorAutoProxyCreator with parseContext
|
||||
BeanDefinitionParserUtils.registerBeanDefinition(parserContext, new RootBeanDefinition(
|
||||
DefaultAdvisorAutoProxyCreator.class));
|
||||
|
||||
// register MethodDefinitionSourceAdvisor autowire="constructor"
|
||||
registerMethodDefinitionSourceAdvisor(parserContext);
|
||||
return source;
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param parserContext
|
||||
* @throws BeanDefinitionStoreException
|
||||
*/
|
||||
private void registerMethodDefinitionSourceAdvisor(ParserContext parserContext) throws BeanDefinitionStoreException {
|
||||
RootBeanDefinition methodSecurityAdvisor = new RootBeanDefinition(MethodDefinitionSourceAdvisor.class);
|
||||
methodSecurityAdvisor.setAutowireMode(AbstractBeanDefinition.AUTOWIRE_CONSTRUCTOR);
|
||||
BeanDefinitionParserUtils.registerBeanDefinition(parserContext, methodSecurityAdvisor);
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates BeanDefinition for MethodSecurityInterceptor
|
||||
* MethodSecurityInterceptor autodetects 'authenticationManager' and
|
||||
* 'accessDecisionManager'
|
||||
* @param name
|
||||
*
|
||||
* @return
|
||||
*/
|
||||
private RootBeanDefinition createMethodSecurityInterceptor(Class interceptorType, Object object) {
|
||||
Assert.notNull(object, "objectDefinitionSource required");
|
||||
RootBeanDefinition securityInterceptor = new RootBeanDefinition(interceptorType);
|
||||
if (RuntimeBeanReference.class.isAssignableFrom(object.getClass())) {
|
||||
RuntimeBeanReference source = (RuntimeBeanReference) object;
|
||||
securityInterceptor.getPropertyValues().addPropertyValue("objectDefinitionSource", source);
|
||||
}
|
||||
else if (MethodDefinitionSource.class.isAssignableFrom(object.getClass())) {
|
||||
MethodDefinitionSource source = (MethodDefinitionSource) object;
|
||||
securityInterceptor.getPropertyValues().addPropertyValue("objectDefinitionSource", source);
|
||||
}
|
||||
securityInterceptor.getPropertyValues().addPropertyValue("validateConfigAttributes", Boolean.FALSE);
|
||||
RootBeanDefinition runAsManager = createRunAsManager();
|
||||
securityInterceptor.getPropertyValues().addPropertyValue("runAsManager", runAsManager);
|
||||
return securityInterceptor;
|
||||
}
|
||||
|
||||
private RootBeanDefinition createRunAsManager() {
|
||||
RootBeanDefinition runAsManager = new RootBeanDefinition(RunAsManagerImpl.class);
|
||||
runAsManager.getPropertyValues().addPropertyValue("key", "my_run_as_password");
|
||||
return runAsManager;
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks if 'custom' option is picked for 'source' attribute when
|
||||
* 'sourceBeanId' attribute is provided.
|
||||
* <p>
|
||||
* The valid configuration example:<br/> <security:url-mapping
|
||||
* source="custom" sourceBeanId="referenceToObjectDefinitionSource"/>
|
||||
* </p>
|
||||
* @param urlMappingElement
|
||||
* @return boolean Returns 'true' if configuration is accepted otherwise
|
||||
* returns 'false'
|
||||
*/
|
||||
private boolean isValidConfiguration(Element urlMappingElement, boolean isRefDefined) {
|
||||
Assert.notNull(urlMappingElement, "invalid tag - expected 'url-mapping' ");
|
||||
Assert.isTrue(urlMappingElement.getLocalName().equals("url-mapping"), "invalid tag - expected 'url-mapping' ");
|
||||
if (isRefDefined && (urlMappingElement.getAttribute(SOURCE_ATTRIBUTE).compareTo("custom") != 0)) {
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
}
|
||||
-243
@@ -1,243 +0,0 @@
|
||||
/**
|
||||
*
|
||||
*/
|
||||
package org.acegisecurity.config;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import org.acegisecurity.annotation.SecurityAnnotationAttributes;
|
||||
import org.acegisecurity.intercept.method.MethodDefinitionAttributes;
|
||||
import org.acegisecurity.intercept.method.aopalliance.MethodDefinitionSourceAdvisor;
|
||||
import org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor;
|
||||
import org.acegisecurity.intercept.web.FilterInvocationDefinitionDecorator;
|
||||
import org.acegisecurity.intercept.web.FilterInvocationDefinitionSourceMapping;
|
||||
import org.acegisecurity.intercept.web.FilterSecurityInterceptor;
|
||||
import org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap;
|
||||
import org.acegisecurity.runas.RunAsManagerImpl;
|
||||
import org.acegisecurity.userdetails.memory.InMemoryDaoImpl;
|
||||
import org.acegisecurity.util.BeanDefinitionParserUtils;
|
||||
import org.acegisecurity.vote.AffirmativeBased;
|
||||
import org.acegisecurity.vote.AuthenticatedVoter;
|
||||
import org.acegisecurity.vote.RoleVoter;
|
||||
import org.acegisecurity.vote.UnanimousBased;
|
||||
import org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter;
|
||||
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
|
||||
import org.springframework.beans.factory.config.BeanDefinition;
|
||||
import org.springframework.beans.factory.support.ManagedList;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.beans.factory.xml.BeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
import org.springframework.util.xml.DomUtils;
|
||||
import org.w3c.dom.Element;
|
||||
|
||||
/**
|
||||
* Parses 'autoconfig' tag and creates all the required
|
||||
* <code>BeanDefinition</code>s with their default configurations. It also
|
||||
* resolves their dependencies and wire them together.
|
||||
*
|
||||
* @author Vishal Puri
|
||||
*
|
||||
*/
|
||||
public class AutoConfigBeanDefinitionParser implements BeanDefinitionParser {
|
||||
|
||||
// ~ instance fields
|
||||
// ================================================================================================
|
||||
|
||||
private RootBeanDefinition authenticationManager;
|
||||
|
||||
private RootBeanDefinition rememberMeServices;
|
||||
|
||||
private ManagedList decisionVoters = new ManagedList();
|
||||
|
||||
// ~ Method
|
||||
// ================================================================================================
|
||||
|
||||
public BeanDefinition parse(Element element, ParserContext parserContext) {
|
||||
// authentication manager
|
||||
this.authenticationManager = AuthenticationMechanismBeanDefinitionParser
|
||||
.createAndRegisterBeanDefinitionWithDefaults(parserContext);
|
||||
// remembermeServices
|
||||
this.rememberMeServices = RememberMeServicesBeanDefinitionParser
|
||||
.createAndRegisterBeanDefintionWithDefaults(parserContext);
|
||||
// flters
|
||||
createAndRegisterBeanDefinitionForHttpSessionContextIntegrationFilter(parserContext);
|
||||
createAndRegisterBeanDefinitionForLogoutFilter(parserContext, rememberMeServices);
|
||||
createAndRegisterBeanDefinitionForAuthenticationProcessingFilter(parserContext, authenticationManager,
|
||||
rememberMeServices);
|
||||
createAndRegisterBeanDefinitionForRememberMeProcessingFilter(parserContext, authenticationManager);
|
||||
createAndRegisterBeanDefinitionForExceptionTranslationFilter(parserContext);
|
||||
createAndRegisterBeanDefintionForSecurityContextHolderAwareRequestFilter(parserContext);
|
||||
|
||||
// method interceptor
|
||||
createAndRegisterBeanDefinitinoForMethodDefinitionSourceAdvisor(parserContext, authenticationManager);
|
||||
createAndRegisterDefaultAdvisorAutoProxyCreator(parserContext);
|
||||
|
||||
// filter security interceptor
|
||||
createAndRegisterBeanDefinitionForFilterSecurityInterceptor(parserContext, authenticationManager);
|
||||
|
||||
// create userDetailsService
|
||||
return null;
|
||||
}
|
||||
|
||||
private void createAndRegisterBeanDefintionForSecurityContextHolderAwareRequestFilter(ParserContext parserContext) {
|
||||
RootBeanDefinition beanDefinition = new RootBeanDefinition(SecurityContextHolderAwareRequestFilter.class);
|
||||
BeanDefinitionParserUtils.registerBeanDefinition(parserContext, beanDefinition);
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates <code>FilterSecurityInterceptor</code> bean definition and
|
||||
* register it with the <code>ParserContext</code>
|
||||
*
|
||||
* @param parserContext To register the bean definition with
|
||||
* @param authenticationManager The <code>AuthenticationManager</code> to
|
||||
* set as a property in the bean definition
|
||||
*/
|
||||
private void createAndRegisterBeanDefinitionForFilterSecurityInterceptor(ParserContext parserContext,
|
||||
RootBeanDefinition authenticationManager) {
|
||||
RootBeanDefinition filterInvocationInterceptor = new RootBeanDefinition(FilterSecurityInterceptor.class);
|
||||
filterInvocationInterceptor.getPropertyValues()
|
||||
.addPropertyValue("authenticationManager", authenticationManager);
|
||||
RootBeanDefinition accessDecisionManager = createAccessDecisionManagerAffirmativeBased();
|
||||
filterInvocationInterceptor.getPropertyValues()
|
||||
.addPropertyValue("accessDecisionManager", accessDecisionManager);
|
||||
|
||||
FilterInvocationDefinitionDecorator source = new FilterInvocationDefinitionDecorator();
|
||||
source.setDecorated(new PathBasedFilterInvocationDefinitionMap());
|
||||
|
||||
FilterInvocationDefinitionSourceMapping mapping = new FilterInvocationDefinitionSourceMapping();
|
||||
|
||||
String url1 = "/acegilogin.jsp";
|
||||
String value1 = "IS_AUTHENTICATED_ANONYMOUSLY";
|
||||
|
||||
String url2 = "/**";
|
||||
String value2 = "IS_AUTHENTICATED_REMEMBERED";
|
||||
|
||||
mapping.setUrl(url1);
|
||||
mapping.addConfigAttribute(value1);
|
||||
|
||||
mapping.setUrl(url2);
|
||||
mapping.addConfigAttribute(value2);
|
||||
|
||||
List mappings = new ArrayList();
|
||||
mappings.add(mapping);
|
||||
source.setMappings(mappings);
|
||||
filterInvocationInterceptor.getPropertyValues().addPropertyValue("objectDefinitionSource",
|
||||
source.getDecorated());
|
||||
BeanDefinitionParserUtils.registerBeanDefinition(parserContext, filterInvocationInterceptor);
|
||||
}
|
||||
|
||||
private RootBeanDefinition createAccessDecisionManagerAffirmativeBased() {
|
||||
RootBeanDefinition accessDecisionManager = new RootBeanDefinition(AffirmativeBased.class);
|
||||
accessDecisionManager.getPropertyValues().addPropertyValue("allowIfAllAbstainDecisions", Boolean.FALSE);
|
||||
RootBeanDefinition authenticatedVoter = new RootBeanDefinition(AuthenticatedVoter.class);
|
||||
this.decisionVoters.add(authenticatedVoter);
|
||||
accessDecisionManager.getPropertyValues().addPropertyValue("decisionVoters", decisionVoters);
|
||||
return accessDecisionManager;
|
||||
}
|
||||
|
||||
private void createAndRegisterDefaultAdvisorAutoProxyCreator(ParserContext parserContext) {
|
||||
BeanDefinitionParserUtils.registerBeanDefinition(parserContext, new RootBeanDefinition(
|
||||
DefaultAdvisorAutoProxyCreator.class));
|
||||
}
|
||||
|
||||
private void createAndRegisterBeanDefinitinoForMethodDefinitionSourceAdvisor(ParserContext parserContext,
|
||||
RootBeanDefinition authenticationManager) {
|
||||
RootBeanDefinition methodSecurityAdvisor = new RootBeanDefinition(MethodDefinitionSourceAdvisor.class);
|
||||
|
||||
RootBeanDefinition securityInterceptor = createMethodSecurityInterceptor(authenticationManager);
|
||||
methodSecurityAdvisor.getConstructorArgumentValues().addIndexedArgumentValue(0, securityInterceptor);
|
||||
BeanDefinitionParserUtils.registerBeanDefinition(parserContext, methodSecurityAdvisor);
|
||||
|
||||
}
|
||||
|
||||
private RootBeanDefinition createAccessDecisionManagerUnanimousBased() {
|
||||
RootBeanDefinition accessDecisionManager = new RootBeanDefinition(UnanimousBased.class);
|
||||
accessDecisionManager.getPropertyValues().addPropertyValue("allowIfAllAbstainDecisions", Boolean.FALSE);
|
||||
decisionVoters.add(new RootBeanDefinition(RoleVoter.class));
|
||||
accessDecisionManager.getPropertyValues().addPropertyValue("decisionVoters", decisionVoters);
|
||||
return accessDecisionManager;
|
||||
}
|
||||
|
||||
private RootBeanDefinition createMethodSecurityInterceptor(RootBeanDefinition authenticationManager) {
|
||||
RootBeanDefinition securityInterceptor = new RootBeanDefinition(MethodSecurityInterceptor.class);
|
||||
securityInterceptor.getPropertyValues().addPropertyValue("authenticationManager", authenticationManager);
|
||||
RootBeanDefinition accessDecisionManager = createAccessDecisionManagerUnanimousBased();
|
||||
securityInterceptor.getPropertyValues().addPropertyValue("accessDecisionManager", accessDecisionManager);
|
||||
securityInterceptor.getPropertyValues().addPropertyValue("validateConfigAttributes", Boolean.FALSE);
|
||||
RootBeanDefinition runAsManager = createRunAsManager();
|
||||
securityInterceptor.getPropertyValues().addPropertyValue("runAsManager", runAsManager);
|
||||
RootBeanDefinition objectDefinitionSource = createMethodDefinitionAttributes();
|
||||
securityInterceptor.getPropertyValues().addPropertyValue("objectDefinitionSource", objectDefinitionSource);
|
||||
return securityInterceptor;
|
||||
}
|
||||
|
||||
private RootBeanDefinition createMethodDefinitionAttributes() {
|
||||
RootBeanDefinition objectDefinitionSource = new RootBeanDefinition(MethodDefinitionAttributes.class);
|
||||
RootBeanDefinition attributes = createSecurityAnnotationAttributes();
|
||||
objectDefinitionSource.getPropertyValues().addPropertyValue("attributes", attributes);
|
||||
return objectDefinitionSource;
|
||||
}
|
||||
|
||||
private RootBeanDefinition createSecurityAnnotationAttributes() {
|
||||
return new RootBeanDefinition(SecurityAnnotationAttributes.class);
|
||||
}
|
||||
|
||||
private RootBeanDefinition createRunAsManager() {
|
||||
RootBeanDefinition runAsManager = new RootBeanDefinition(RunAsManagerImpl.class);
|
||||
runAsManager.getPropertyValues().addPropertyValue("key", "my_run_as_password");
|
||||
return runAsManager;
|
||||
}
|
||||
|
||||
private void createAndRegisterBeanDefinitionForExceptionTranslationFilter(ParserContext parserContext) {
|
||||
BeanDefinitionParserUtils.registerBeanDefinition(parserContext, ExceptionTranslationFilterBeanDefinitionParser
|
||||
.createBeanDefinitionWithDefaults());
|
||||
}
|
||||
|
||||
private void createAndRegisterBeanDefinitionForRememberMeProcessingFilter(ParserContext parserContext,
|
||||
RootBeanDefinition authenticationManager) {
|
||||
BeanDefinitionParserUtils.registerBeanDefinition(parserContext, RememberMeFilterBeanDefinitionParser
|
||||
.createBeanDefinitionWithDefaults(parserContext, authenticationManager));
|
||||
}
|
||||
|
||||
private void createAndRegisterBeanDefinitionForAuthenticationProcessingFilter(ParserContext parserContext,
|
||||
RootBeanDefinition authenticationManager, RootBeanDefinition rememberMeServices) {
|
||||
RootBeanDefinition defintion = AuthenticationProcessingFilterBeanDefinitionParser
|
||||
.createBeandefinitionWithDefaults(parserContext, authenticationManager, rememberMeServices);
|
||||
BeanDefinitionParserUtils.registerBeanDefinition(parserContext, defintion);
|
||||
}
|
||||
|
||||
private void createAndRegisterBeanDefinitionForLogoutFilter(ParserContext parserContext,
|
||||
RootBeanDefinition rememberMeServices) {
|
||||
RootBeanDefinition defintion = LogoutFilterBeanDefinitionParser
|
||||
.createBeanDefinitionWithDefaults(rememberMeServices);
|
||||
BeanDefinitionParserUtils.registerBeanDefinition(parserContext, defintion);
|
||||
}
|
||||
|
||||
private void createAndRegisterBeanDefinitionForHttpSessionContextIntegrationFilter(ParserContext parserContext) {
|
||||
RootBeanDefinition defintion = ContextIntegrationBeanDefinitionParser.createBeanDefinitionWithDefaults();
|
||||
BeanDefinitionParserUtils.registerBeanDefinition(parserContext, defintion);
|
||||
// retrieveBeanDefinition(parserContext, o)
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a <code>BeanDefinition</code> of the specified type.
|
||||
*
|
||||
* @param parserContext
|
||||
* @param type
|
||||
* @return
|
||||
*/
|
||||
private RootBeanDefinition retrieveBeanDefinition(ParserContext parserContext, Class type) {
|
||||
String[] names = parserContext.getRegistry().getBeanDefinitionNames();
|
||||
for (String name : names) {
|
||||
BeanDefinition beanDefinition = parserContext.getRegistry().getBeanDefinition(name);
|
||||
if (type.isInstance(beanDefinition)) {
|
||||
return (RootBeanDefinition) beanDefinition;
|
||||
}
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
}
|
||||
-91
@@ -1,91 +0,0 @@
|
||||
/**
|
||||
*
|
||||
*/
|
||||
package org.acegisecurity.config;
|
||||
|
||||
import org.acegisecurity.context.HttpSessionContextIntegrationFilter;
|
||||
import org.springframework.beans.factory.config.BeanDefinition;
|
||||
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.beans.factory.xml.AbstractSingleBeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
import org.springframework.core.Conventions;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.w3c.dom.Attr;
|
||||
import org.w3c.dom.Element;
|
||||
import org.w3c.dom.NamedNodeMap;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author vpuri
|
||||
*
|
||||
*/
|
||||
public class ContextIntegrationBeanDefinitionParser extends AbstractSingleBeanDefinitionParser {
|
||||
|
||||
// ~ Static fields/initializers
|
||||
// =====================================================================================
|
||||
|
||||
private static final String HTTP_SESSION_CONTEXT_INTEGRATION = "session-context-integration";
|
||||
|
||||
private static final String SESSION_CREATION = "sessionCreation";
|
||||
|
||||
private static final String IF_REQUIRED = "ifRequired";
|
||||
|
||||
private static final String ALWAYS = "always";
|
||||
|
||||
private static final String NEVER = "never";
|
||||
|
||||
private static final String ALLOW_SESSION_CREATION = "allowSessionCreation";
|
||||
|
||||
// ~ Methods
|
||||
// ========================================================================================================
|
||||
|
||||
protected Class getBeanClass(Element element) {
|
||||
return HttpSessionContextIntegrationFilter.class;
|
||||
}
|
||||
|
||||
protected void doParse(Element element, ParserContext parserContext, BeanDefinitionBuilder builder) {
|
||||
|
||||
NamedNodeMap attributes = element.getAttributes();
|
||||
|
||||
for (int x = 0; x < attributes.getLength(); x++) {
|
||||
Attr attribute = (Attr) attributes.item(x);
|
||||
String attributeName = attribute.getLocalName();
|
||||
if (!ID_ATTRIBUTE.equals(attributeName)) {
|
||||
if (attributeName.equals(SESSION_CREATION)) {
|
||||
String sessionCreation = element.getAttribute(SESSION_CREATION);
|
||||
createBeanDefinition(builder, sessionCreation);
|
||||
}
|
||||
else {
|
||||
String propertyName = Conventions.attributeNameToPropertyName(attributeName);
|
||||
Assert
|
||||
.state(StringUtils.hasText(propertyName),
|
||||
"Illegal property name returned from 'extractPropertyName(String)': cannot be null or empty.");
|
||||
builder.addPropertyValue(propertyName, attribute.getValue());
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
private void createBeanDefinition(BeanDefinitionBuilder builder, String attribute) {
|
||||
if (attribute.equals(IF_REQUIRED)) {
|
||||
builder.addPropertyValue(ALLOW_SESSION_CREATION, Boolean.TRUE);
|
||||
}
|
||||
else if (attribute.equals(ALWAYS)) {
|
||||
builder.addPropertyValue(ALLOW_SESSION_CREATION, Boolean.TRUE);
|
||||
}
|
||||
else if (attribute.equals(NEVER)) {
|
||||
builder.addPropertyValue(ALLOW_SESSION_CREATION, Boolean.FALSE);
|
||||
}
|
||||
else {
|
||||
createBeanDefinitionWithDefaults();
|
||||
}
|
||||
}
|
||||
|
||||
protected static RootBeanDefinition createBeanDefinitionWithDefaults() {
|
||||
RootBeanDefinition definition = new RootBeanDefinition(HttpSessionContextIntegrationFilter.class);
|
||||
definition.getPropertyValues().addPropertyValue(ALLOW_SESSION_CREATION, Boolean.TRUE);
|
||||
return definition;
|
||||
}
|
||||
}
|
||||
-183
@@ -1,183 +0,0 @@
|
||||
/**
|
||||
*
|
||||
*/
|
||||
package org.acegisecurity.config;
|
||||
|
||||
import org.acegisecurity.ui.AccessDeniedHandlerImpl;
|
||||
import org.acegisecurity.ui.ExceptionTranslationFilter;
|
||||
import org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint;
|
||||
import org.springframework.beans.factory.config.RuntimeBeanReference;
|
||||
import org.springframework.beans.factory.support.AbstractBeanDefinition;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.springframework.util.xml.DomUtils;
|
||||
import org.w3c.dom.Element;
|
||||
|
||||
/**
|
||||
* <p>
|
||||
* This class parses the <security:exception-translation /> tag and creates the
|
||||
* bean defintion for <code>ExceptionTranslationFilter</code>.</br> The
|
||||
* '<security:access-denied .. />' tag is optional and if not specified
|
||||
* <code>ExceptionTranslationFilter</code> <br/> will autodetect the instance
|
||||
* of <code>AccessDeniedHandler</code>; alternately if there are > 1 such
|
||||
* handlers, <br/>we can nominate the one to use via 'accessDeniedBeanRef'.
|
||||
* </p>
|
||||
*
|
||||
* <p>
|
||||
* The 'entryPointBeanRef' and 'accessDeniedBeanRef' can be specified as
|
||||
* attributes or inner bean definitions. <br/> See following sample showing both
|
||||
* ways.
|
||||
* </p>
|
||||
*
|
||||
* <p>
|
||||
* Sample: <d1>
|
||||
* <dt> <security:exception-translation id="exceptionTranslationFilter">
|
||||
* </dt>
|
||||
* <dd> <security:entry-point
|
||||
* entryPointBeanRef="authenticationProcessingFilterEntryPoint" /> </dd>
|
||||
* <dd> <security:access-denied accessDeniedBeanRef="theBeanToUse" />
|
||||
* </dd>
|
||||
* <dt></security:exception-translation></dt>
|
||||
* </d1> or <d1>
|
||||
* <dt> <security:exception-translation id="exceptionTranslationFilter"
|
||||
* entryPointBeanRef="ref" accessDeniedBeanRef="ref" /></dt>
|
||||
* </d1>
|
||||
* </p>
|
||||
*
|
||||
* @author Vishal Puri
|
||||
* @version
|
||||
* @see {@link org.acegisecurity.ui.ExceptionTranslationFilter}
|
||||
* @see {@link org.acegisecurity.ui.AccessDeniedHandler}
|
||||
*/
|
||||
public class ExceptionTranslationFilterBeanDefinitionParser extends AbstractBeanDefinitionParser {
|
||||
|
||||
// ~ Static fields
|
||||
// =====================================================================================
|
||||
|
||||
private static final String ACCESS_DENIED = "access-denied";
|
||||
|
||||
private static final String ACCESS_DENIED_REF = "accessDeniedBeanRef";
|
||||
|
||||
private static final String ACCESS_DENIED_URL = "accessDeniedUrl";
|
||||
|
||||
private static final String ENTRY_POINT = "entry-point";
|
||||
|
||||
private static final String ENTRY_POINT_REF = "entryPointBeanRef";
|
||||
|
||||
private static final String LOGIN_FORM_URL = "loginFormUrl";
|
||||
|
||||
private static final String LOGIN_FORM_URL_VALUE = "/acegilogin.jsp";
|
||||
|
||||
// ~ Method
|
||||
// ================================================================================================
|
||||
|
||||
protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
|
||||
|
||||
RootBeanDefinition exceptionFilterDef = new RootBeanDefinition(ExceptionTranslationFilter.class);
|
||||
|
||||
// add handler
|
||||
Element accessDeniedElement = DomUtils.getChildElementByTagName(element, ACCESS_DENIED);
|
||||
setAccessDeniedHandlerProperty(parserContext, exceptionFilterDef, accessDeniedElement);
|
||||
|
||||
Element entryPointElement = DomUtils.getChildElementByTagName(element, ENTRY_POINT);
|
||||
setEntryPointProperty(exceptionFilterDef, entryPointElement);
|
||||
|
||||
return exceptionFilterDef;
|
||||
}
|
||||
|
||||
private void setEntryPointProperty(RootBeanDefinition exceptionFilterDef, Element entryPointElement) {
|
||||
if (entryPointElement != null) {
|
||||
setBeanReferenceOrInnerBeanDefinitions(exceptionFilterDef, entryPointElement, "authenticationEntryPoint",
|
||||
entryPointElement.getAttribute(ENTRY_POINT_REF));
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Resolves are reference to 'accessDeniedHandler' property.
|
||||
* @param parserContext
|
||||
* @param exceptionFilterDef The ExceptionFilter BeanDefinition
|
||||
* @param accessDeniedElement The inner tag for accessDeniedHandler
|
||||
* property.
|
||||
*/
|
||||
private void setAccessDeniedHandlerProperty(ParserContext parserContext, RootBeanDefinition exceptionFilterDef,
|
||||
Element accessDeniedElement) {
|
||||
if (accessDeniedElement != null) {
|
||||
setBeanReferenceOrInnerBeanDefinitions(exceptionFilterDef, accessDeniedElement, "accessDeniedHandler",
|
||||
accessDeniedElement.getAttribute(ACCESS_DENIED_REF));
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Add property if it's specified as an attribute or inner tag.
|
||||
*
|
||||
* @param exceptionFilterDef The ExceptionFilter BeanDefinition
|
||||
* @param element The inner bean element
|
||||
* @param property The property to add
|
||||
* @param beanRef The bean reference to resolve.
|
||||
*/
|
||||
private void setBeanReferenceOrInnerBeanDefinitions(RootBeanDefinition exceptionFilterDef, Element element,
|
||||
String property, String beanRef) {
|
||||
// check for encoderBeanRef attribute
|
||||
if (StringUtils.hasLength(beanRef)) {
|
||||
exceptionFilterDef.getPropertyValues().addPropertyValue(property, new RuntimeBeanReference(beanRef));
|
||||
}
|
||||
else {
|
||||
doSetInnerBeanDefinitions(exceptionFilterDef, element, property);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Add property specified as an inner bean definition.
|
||||
* @param exceptionFilterDef The ExceptionFilter BeanDefinition
|
||||
* @param element The inner bean element
|
||||
* @param property The property to add
|
||||
*/
|
||||
private void doSetInnerBeanDefinitions(RootBeanDefinition exceptionFilterDef, Element accessDeniedElement,
|
||||
String property) {
|
||||
RootBeanDefinition accessDeniedHandlerBeanDef = new RootBeanDefinition(AccessDeniedHandlerImpl.class);
|
||||
setPropertyIfAvailable(accessDeniedElement, ACCESS_DENIED_URL, "errorPage", accessDeniedHandlerBeanDef);
|
||||
exceptionFilterDef.getPropertyValues().addPropertyValue(property, accessDeniedHandlerBeanDef);
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* @param element
|
||||
* @param attribute
|
||||
* @param property
|
||||
* @param definition
|
||||
*/
|
||||
private void setPropertyIfAvailable(Element element, String attribute, String property,
|
||||
RootBeanDefinition definition) {
|
||||
String propertyValue = element.getAttribute(attribute);
|
||||
if (StringUtils.hasText(propertyValue)) {
|
||||
definition.getPropertyValues().addPropertyValue(property, propertyValue);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates <code>BeanDefintion</code> for
|
||||
* <code>ExceptionTranslationFilter</code> with it's default properties.
|
||||
* @return beanDefinition The bean defintion configured with default
|
||||
* properties
|
||||
*/
|
||||
protected static RootBeanDefinition createBeanDefinitionWithDefaults() {
|
||||
RootBeanDefinition beanDefinition = new RootBeanDefinition(ExceptionTranslationFilter.class);
|
||||
beanDefinition.getPropertyValues().addPropertyValue("authenticationEntryPoint",
|
||||
createBeanDefintionForAuthenticationProcessingFilterEntryPoint());
|
||||
return beanDefinition;
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates <code>BeanDefintion</code> for
|
||||
* <code>AuthenticationProcessingFilterEntryPoint</code> with it's default
|
||||
* properties.
|
||||
* @return beanDefinition The bean defintion configured with default
|
||||
*/
|
||||
protected static RootBeanDefinition createBeanDefintionForAuthenticationProcessingFilterEntryPoint() {
|
||||
RootBeanDefinition beanDefinition = new RootBeanDefinition(AuthenticationProcessingFilterEntryPoint.class);
|
||||
beanDefinition.getPropertyValues().addPropertyValue(LOGIN_FORM_URL, LOGIN_FORM_URL_VALUE);
|
||||
return beanDefinition;
|
||||
}
|
||||
}
|
||||
-163
@@ -1,163 +0,0 @@
|
||||
package org.acegisecurity.config;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
|
||||
import org.acegisecurity.AccessDecisionManager;
|
||||
import org.acegisecurity.intercept.web.FilterInvocationDefinitionDecorator;
|
||||
import org.acegisecurity.intercept.web.FilterInvocationDefinitionSourceMapping;
|
||||
import org.acegisecurity.intercept.web.FilterSecurityInterceptor;
|
||||
import org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap;
|
||||
import org.acegisecurity.intercept.web.RegExpBasedFilterInvocationDefinitionMap;
|
||||
import org.acegisecurity.util.BeanDefinitionParserUtils;
|
||||
import org.springframework.beans.factory.support.AbstractBeanDefinition;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.util.xml.DomUtils;
|
||||
import org.w3c.dom.Element;
|
||||
import org.w3c.dom.NamedNodeMap;
|
||||
import org.w3c.dom.Node;
|
||||
|
||||
/**
|
||||
* @author Vishal Puri
|
||||
*
|
||||
*/
|
||||
public class FilterSecurityInterceptorBeanDefinitionParser extends AbstractBeanDefinitionParser {
|
||||
// ~ static initializers
|
||||
// ================================================================================================
|
||||
|
||||
private static final String OBJECT_DEFINITION_SOURCE_PROPERTY = "objectDefinitionSource";
|
||||
|
||||
private static final String OBJECT_DEFINITION_SOURCE_REF_ATTRIBUTE = "sourceBeanId";
|
||||
|
||||
private static final String PATH_ATTRIBUTE = "path";
|
||||
|
||||
private static final String REG_EX_ATTRIBUTE = "regularExpression";
|
||||
|
||||
private static final String CONFIGURATION_ATTRIB_ATTRIBUTE = "attribute";
|
||||
|
||||
// ~ Methods
|
||||
// ================================================================================================
|
||||
|
||||
protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
|
||||
return createBeanDefinitionForFilterSecurityInterceptor(element, parserContext);
|
||||
}
|
||||
|
||||
protected static RootBeanDefinition createBeanDefinitionForFilterSecurityInterceptor(Element element,
|
||||
ParserContext parserContext) {
|
||||
RootBeanDefinition filterInvocationInterceptor = new RootBeanDefinition(FilterSecurityInterceptor.class);
|
||||
|
||||
RootBeanDefinition accessDecisionManager = AuthorizationManagerBeanDefinitionParser
|
||||
.createAccessDecisionManagerAffirmativeBased();
|
||||
filterInvocationInterceptor.getPropertyValues()
|
||||
.addPropertyValue("accessDecisionManager", accessDecisionManager);
|
||||
|
||||
FilterInvocationDefinitionDecorator source = new FilterInvocationDefinitionDecorator();
|
||||
FilterInvocationDefinitionSourceMapping mapping = new FilterInvocationDefinitionSourceMapping();
|
||||
List<FilterInvocationDefinitionSourceMapping> mappings = new ArrayList<FilterInvocationDefinitionSourceMapping>();
|
||||
|
||||
Element firstChild = DomUtils.getChildElementByTagName(element, "url-mapping");
|
||||
// if 'url-mapping' element is defined
|
||||
if (firstChild != null) {
|
||||
|
||||
if (BeanDefinitionParserUtils.setPropertyIfAvailable(firstChild, OBJECT_DEFINITION_SOURCE_REF_ATTRIBUTE,
|
||||
OBJECT_DEFINITION_SOURCE_PROPERTY, true/* RuntimeBeanReference */, filterInvocationInterceptor)) {
|
||||
return filterInvocationInterceptor;
|
||||
}
|
||||
|
||||
// get 'uri-pattern' or 'path' attribute. not both can be specified
|
||||
// together
|
||||
List uriPatternElements = DomUtils.getChildElementsByTagName(firstChild, "uri-pattern");
|
||||
boolean patternToMatchCreated = false;
|
||||
|
||||
Node patternAttribute = null;
|
||||
|
||||
String url = "";
|
||||
|
||||
boolean isPathFound = false;
|
||||
for (Iterator it = uriPatternElements.iterator(); it.hasNext();) {
|
||||
Element uriPattern = (Element) it.next();
|
||||
|
||||
/* path or pattern - only one attribute is allowed */
|
||||
NamedNodeMap map = uriPattern.getAttributes();
|
||||
|
||||
Assert.isTrue(map.getLength() == 1,
|
||||
"only 'path' or 'regularExperssion' attribute allowed with 'uri-pattern' tag");
|
||||
|
||||
// check if typecreated variable is false then create a type and
|
||||
// store it somewhere and set typecreated variable to true
|
||||
if (!patternToMatchCreated) {
|
||||
// should only be one attribute "path" or
|
||||
// "regularExpression"
|
||||
patternAttribute = map.item(0);
|
||||
// set this variable to true
|
||||
patternToMatchCreated = true;
|
||||
// get the attributes and set the decoratd type
|
||||
// appropriately
|
||||
if (uriPattern.hasAttribute(PATH_ATTRIBUTE)) {
|
||||
isPathFound = true;
|
||||
url = uriPattern.getAttribute(PATH_ATTRIBUTE);
|
||||
source.setDecorated(new PathBasedFilterInvocationDefinitionMap());
|
||||
}
|
||||
else if (uriPattern.hasAttribute(REG_EX_ATTRIBUTE)) {
|
||||
url = uriPattern.getAttribute(REG_EX_ATTRIBUTE);
|
||||
source.setDecorated(new RegExpBasedFilterInvocationDefinitionMap());
|
||||
}
|
||||
}
|
||||
else {
|
||||
// type created already so check if it matches with the
|
||||
// current element
|
||||
// if it matches get the one attribute "path" or
|
||||
// "regularExpression" and apply as property
|
||||
uriPattern.getAttribute(patternAttribute.getLocalName());
|
||||
Assert
|
||||
.hasLength(uriPattern.getAttribute(patternAttribute.getLocalName()),
|
||||
" ALL uri-pattern tags in the url-mapping must be of the same type (ie cannot mix a regular expression and Ant Path)");
|
||||
|
||||
if (isPathFound) {
|
||||
url = uriPattern.getAttribute(PATH_ATTRIBUTE);
|
||||
}
|
||||
else {
|
||||
url = uriPattern.getAttribute(REG_EX_ATTRIBUTE);
|
||||
}
|
||||
|
||||
}
|
||||
mapping.setUrl(url);
|
||||
// get child elements 'configuration-attribute'
|
||||
List configAttributes = DomUtils.getChildElementsByTagName(uriPattern, "configuration-attribute");
|
||||
|
||||
for (Iterator iter = configAttributes.iterator(); iter.hasNext();) {
|
||||
Element configAttribute = (Element) iter.next();
|
||||
String configAttributeValue = configAttribute.getAttribute(CONFIGURATION_ATTRIB_ATTRIBUTE);
|
||||
mapping.addConfigAttribute(configAttributeValue);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
// default properties
|
||||
else {
|
||||
String url1 = "/acegilogin.jsp";
|
||||
String value1 = "IS_AUTHENTICATED_ANONYMOUSLY";
|
||||
|
||||
String url2 = "/**";
|
||||
String value2 = "IS_AUTHENTICATED_REMEMBERED";
|
||||
|
||||
mapping.setUrl(url1);
|
||||
mapping.addConfigAttribute(value1);
|
||||
|
||||
mapping.setUrl(url2);
|
||||
mapping.addConfigAttribute(value2);
|
||||
}
|
||||
|
||||
mappings.add(mapping);
|
||||
source.setMappings(mappings);
|
||||
filterInvocationInterceptor.getPropertyValues().addPropertyValue(OBJECT_DEFINITION_SOURCE_PROPERTY,
|
||||
source.getDecorated());
|
||||
return filterInvocationInterceptor;
|
||||
}
|
||||
|
||||
}
|
||||
-108
@@ -1,108 +0,0 @@
|
||||
/**
|
||||
*
|
||||
*/
|
||||
package org.acegisecurity.config;
|
||||
|
||||
import org.acegisecurity.ui.logout.LogoutFilter;
|
||||
import org.acegisecurity.ui.logout.SecurityContextLogoutHandler;
|
||||
import org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices;
|
||||
import org.springframework.beans.factory.config.BeanDefinition;
|
||||
import org.springframework.beans.factory.support.AbstractBeanDefinition;
|
||||
import org.springframework.beans.factory.support.ManagedList;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.w3c.dom.Element;
|
||||
|
||||
/**
|
||||
* @author vpuri
|
||||
* @since
|
||||
*/
|
||||
public class LogoutFilterBeanDefinitionParser extends AbstractBeanDefinitionParser {
|
||||
|
||||
// ~ Instance fields
|
||||
// ================================================================================================
|
||||
private static final String REDIRECT_AFTER_LOGOUT_URL = "redirectAfterLogoutUrl";
|
||||
|
||||
private static final String LOGOUT_URL = "logoutUrl";
|
||||
|
||||
private static final String REDIRECT_AFTER_LOGOUT_URL_VALUE = "/";
|
||||
|
||||
// ~ Methods
|
||||
// ================================================================================================
|
||||
|
||||
protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
|
||||
|
||||
// add the properties
|
||||
RootBeanDefinition definition = new RootBeanDefinition(LogoutFilter.class);
|
||||
doCreateBeanDefinition(definition, element, parserContext, false);
|
||||
return definition;
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @param definition
|
||||
* @param element
|
||||
* @param parserContext
|
||||
* @param isAutoconfig
|
||||
* @see {@link AutoConfigBeanDefinitionParser}
|
||||
*/
|
||||
private void doCreateBeanDefinition(RootBeanDefinition definition, Element element, ParserContext parserContext,
|
||||
boolean isAutoconfig) {
|
||||
|
||||
setConstructorArgumentIfAvailable(0, element, REDIRECT_AFTER_LOGOUT_URL, "logoutSuccessUrl", definition);
|
||||
setPropertyIfAvailable(element, LOGOUT_URL, "filterProcessesUrl", definition);
|
||||
/* TODO: Move this logic to LogoutFilter itlself */
|
||||
// register BFPP to check if LogoutFilter does not have setHandlers
|
||||
// populated, introspect app ctx for LogoutHandlers, using Ordered
|
||||
// (if
|
||||
// present, otherwise assume Integer.MAX_VALUE)
|
||||
RootBeanDefinition bfpp = new RootBeanDefinition(LogoutHandlerOrderResolver.class);
|
||||
parserContext.getReaderContext().registerWithGeneratedName(bfpp);
|
||||
|
||||
}
|
||||
|
||||
private void setConstructorArgumentIfAvailable(int index, Element element, String attribute, String property,
|
||||
RootBeanDefinition definition) {
|
||||
String propertyValue = element.getAttribute(attribute);
|
||||
if (StringUtils.hasText(propertyValue)) {
|
||||
addConstructorArgument(index, definition, propertyValue);
|
||||
}
|
||||
}
|
||||
|
||||
private void addConstructorArgument(int index, RootBeanDefinition definition, String propertyValue) {
|
||||
definition.getConstructorArgumentValues().addIndexedArgumentValue(index, propertyValue);
|
||||
}
|
||||
|
||||
private void setPropertyIfAvailable(Element element, String attribute, String property,
|
||||
RootBeanDefinition definition) {
|
||||
String propertyValue = element.getAttribute(attribute);
|
||||
if (StringUtils.hasText(propertyValue)) {
|
||||
definition.getPropertyValues().addPropertyValue(property, propertyValue);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates <code>BeanDefintion</code> as required by 'autoconfig' tag
|
||||
*
|
||||
* @param definition The BeanDefinition for Logoutfilter
|
||||
* @param element
|
||||
* @param parserContext
|
||||
* @param isAutoconfig
|
||||
* @return definition
|
||||
*/
|
||||
protected static RootBeanDefinition createBeanDefinitionWithDefaults(RootBeanDefinition rememberMeServices) {
|
||||
RootBeanDefinition definition = new RootBeanDefinition(LogoutFilter.class);
|
||||
definition.getConstructorArgumentValues().addIndexedArgumentValue(0, REDIRECT_AFTER_LOGOUT_URL_VALUE);
|
||||
// create BeanDefinitions for LogoutHandlers
|
||||
// (TokenBasedRememberMeServices) and (SecuritycontextLogoutHandler)
|
||||
ManagedList handlers = new ManagedList();
|
||||
//RootBeanDefinition rememberMeServices = RememberMeServicesBeanDefinitionParser.doCreateBeanDefintionWithDefaults();
|
||||
handlers.add(rememberMeServices);
|
||||
handlers.add(new RootBeanDefinition(SecurityContextLogoutHandler.class));
|
||||
definition.getConstructorArgumentValues().addIndexedArgumentValue(1, handlers);
|
||||
return definition;
|
||||
}
|
||||
|
||||
}
|
||||
-95
@@ -1,95 +0,0 @@
|
||||
/**
|
||||
*
|
||||
*/
|
||||
package org.acegisecurity.config;
|
||||
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
|
||||
import org.acegisecurity.ui.logout.LogoutFilter;
|
||||
import org.acegisecurity.ui.logout.LogoutHandler;
|
||||
import org.acegisecurity.ui.logout.SecurityContextLogoutHandler;
|
||||
import org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices;
|
||||
import org.springframework.beans.BeansException;
|
||||
import org.springframework.beans.factory.config.BeanFactoryPostProcessor;
|
||||
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
|
||||
import org.springframework.beans.factory.config.ConstructorArgumentValues.ValueHolder;
|
||||
import org.springframework.beans.factory.support.ManagedList;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.core.OrderComparator;
|
||||
import org.springframework.core.Ordered;
|
||||
|
||||
/**
|
||||
* @author vpuri
|
||||
* @since
|
||||
*/
|
||||
public class LogoutHandlerOrderResolver implements BeanFactoryPostProcessor {
|
||||
|
||||
// ~ Methods
|
||||
// ================================================================================================
|
||||
|
||||
public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) throws BeansException {
|
||||
// If LogoutFilter does not have setHandlers populated, introspect app
|
||||
// ctx for LogoutHandlers, using Ordered (if present, otherwise assume
|
||||
// Integer.MAX_VALUE)
|
||||
String[] names = beanFactory.getBeanNamesForType(LogoutFilter.class);
|
||||
RootBeanDefinition definition = (RootBeanDefinition) beanFactory.getBeanDefinition(names[0]);
|
||||
ValueHolder holder = getHandlersIfConfigured(beanFactory, definition);
|
||||
if (holder == null) {
|
||||
// intropect the appcontext for registerd LogoutHandler
|
||||
List logoutHandlers = retrieveAllLogoutHandlers(beanFactory);
|
||||
definition.getConstructorArgumentValues().addIndexedArgumentValue(1, logoutHandlers);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @param beanFactory
|
||||
* @param definition
|
||||
* @return
|
||||
*/
|
||||
private ValueHolder getHandlersIfConfigured(ConfigurableListableBeanFactory beanFactory,
|
||||
RootBeanDefinition definition) {
|
||||
// there should be only one LogoutFilter
|
||||
return definition.getConstructorArgumentValues().getArgumentValue(1, null);
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @param beanFactory
|
||||
* @return
|
||||
*/
|
||||
private List retrieveAllLogoutHandlers(ConfigurableListableBeanFactory beanFactory) {
|
||||
String[] names = beanFactory.getBeanNamesForType(LogoutHandler.class);
|
||||
ManagedList list = new ManagedList();
|
||||
|
||||
for (int i = 0, n = names.length; i < n; i++) {
|
||||
RootBeanDefinition definition = (RootBeanDefinition) beanFactory.getBeanDefinition(names[i]);
|
||||
|
||||
if (definition.hasBeanClass()) {
|
||||
if (Ordered.class.isAssignableFrom(definition.getBeanClass())) {
|
||||
definition.getPropertyValues().addPropertyValue("order",
|
||||
Integer.valueOf(getOrder(definition.getBeanClass())));
|
||||
}
|
||||
else {
|
||||
definition.getPropertyValues().addPropertyValue("order", Integer.valueOf(Integer.MAX_VALUE));
|
||||
}
|
||||
}
|
||||
list.add(definition);
|
||||
}
|
||||
Collections.sort(list, new OrderComparator());
|
||||
return list;
|
||||
}
|
||||
|
||||
private int getOrder(Class clazz) {
|
||||
if (clazz.getName().equals(TokenBasedRememberMeServices.class.getName())) {
|
||||
return 100;
|
||||
}
|
||||
if (clazz.getName().equals(SecurityContextLogoutHandler.class.getName())) {
|
||||
return 200;
|
||||
}
|
||||
return Integer.MAX_VALUE;
|
||||
}
|
||||
|
||||
}
|
||||
-247
@@ -1,247 +0,0 @@
|
||||
/**
|
||||
*
|
||||
*/
|
||||
package org.acegisecurity.config;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Properties;
|
||||
|
||||
import org.acegisecurity.GrantedAuthority;
|
||||
import org.acegisecurity.GrantedAuthorityImpl;
|
||||
import org.acegisecurity.userdetails.User;
|
||||
import org.acegisecurity.userdetails.UserDetails;
|
||||
import org.acegisecurity.userdetails.jdbc.JdbcDaoImpl;
|
||||
import org.acegisecurity.userdetails.memory.InMemoryDaoImpl;
|
||||
import org.acegisecurity.userdetails.memory.UserAttribute;
|
||||
import org.acegisecurity.userdetails.memory.UserMap;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.springframework.beans.factory.config.PropertiesFactoryBean;
|
||||
import org.springframework.beans.factory.config.RuntimeBeanReference;
|
||||
import org.springframework.beans.factory.support.AbstractBeanDefinition;
|
||||
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
|
||||
import org.springframework.beans.factory.support.ManagedList;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.BeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.w3c.dom.Element;
|
||||
import org.w3c.dom.Node;
|
||||
import org.w3c.dom.NodeList;
|
||||
|
||||
/**
|
||||
* @author vpuri
|
||||
*
|
||||
*/
|
||||
public class PrincipalRepositoryBeanDefinitionParser extends AbstractBeanDefinitionParser implements
|
||||
BeanDefinitionParser {
|
||||
|
||||
// ~ Static fields/initializers
|
||||
// =====================================================================================
|
||||
|
||||
private static final Log logger = LogFactory.getLog(PrincipalRepositoryBeanDefinitionParser.class);
|
||||
|
||||
// ~ Instance fields
|
||||
// ================================================================================================
|
||||
private static final String JDBC = "jdbc";
|
||||
|
||||
private static final String DATASOURCE_REF = "dataSourceBeanRef";
|
||||
|
||||
private static final String DATASOURCE = "dataSource";
|
||||
|
||||
private static final String JDBCTEMPLATE_REF = "jdbcTemplateBeanRef";
|
||||
|
||||
private static final String JDBCTEMPLATE = "jdbcTemplate";
|
||||
|
||||
private static final String AUTHORITIES_BY_USERNAME_QUERY = "authoritiesByUsernameQuery";
|
||||
|
||||
private static final String ROLE_PREFIX = "rolePrefix";
|
||||
|
||||
private static final String USERNAME_BASED_PRIMARY_KEY = "usernameBasedPrimaryKey";
|
||||
|
||||
private static final String PROPERTIES = "properties";
|
||||
|
||||
private static final String RESOURCE = "resource";
|
||||
|
||||
private static final String USER_PROPERTIES = "userProperties";
|
||||
|
||||
private static final String USER_DEFINITION = "user-definition";
|
||||
|
||||
private static final Object GRANTED_AUTHORITY = "granted-authority";
|
||||
|
||||
private static final String USERNAME = "username";
|
||||
|
||||
private static final String PASSWORD = "password";
|
||||
|
||||
private static final String ENABLED = "enabled";
|
||||
|
||||
private static final String GRANTED_AUTHORITY_REF = "granted-authority-ref";
|
||||
|
||||
private static final String AUTHORITY = "authority";
|
||||
|
||||
private static final String AUTHORITY_BEAN_REF = "authorityBeanRef";
|
||||
|
||||
// ~ Method
|
||||
// ================================================================================================
|
||||
/**
|
||||
*
|
||||
*/
|
||||
|
||||
protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
|
||||
NodeList userDetailsServiceChildren = element.getChildNodes();
|
||||
RootBeanDefinition userDetailsServiceDefinition = null;
|
||||
for (int i = 0, n = userDetailsServiceChildren.getLength(); i < n; i++) {
|
||||
Node userDetailsService = userDetailsServiceChildren.item(i);
|
||||
|
||||
if (JDBC.equals(userDetailsService.getLocalName()) && userDetailsService.getNodeType() == Node.ELEMENT_NODE) {
|
||||
Element ele = (Element) userDetailsService;
|
||||
userDetailsServiceDefinition = parseUserDetailsServiceJdbcDefinition(ele);
|
||||
userDetailsServiceDefinition.setSource(parserContext.extractSource(element));
|
||||
}
|
||||
if (PROPERTIES.equals(userDetailsService.getLocalName())
|
||||
&& userDetailsService.getNodeType() == Node.ELEMENT_NODE) {
|
||||
Element ele = (Element) userDetailsService;
|
||||
|
||||
userDetailsServiceDefinition = new RootBeanDefinition(InMemoryDaoImpl.class);
|
||||
userDetailsServiceDefinition.getPropertyValues().addPropertyValue(USER_PROPERTIES,
|
||||
new RuntimeBeanReference(createPropertiesBeanDefinition(ele, parserContext)));
|
||||
userDetailsServiceDefinition.setSource(parserContext.extractSource(element));
|
||||
}
|
||||
if (USER_DEFINITION.equals(userDetailsService.getLocalName())
|
||||
&& userDetailsService.getNodeType() == Node.ELEMENT_NODE) {
|
||||
Element ele = (Element) userDetailsService;
|
||||
|
||||
// create a UserMap which interns uses UserMapEditor
|
||||
userDetailsServiceDefinition = createUserDefinition(ele, parserContext);
|
||||
}
|
||||
}
|
||||
return userDetailsServiceDefinition;
|
||||
}
|
||||
|
||||
private RootBeanDefinition createUserDefinition(Element ele, ParserContext parserContext) {
|
||||
RootBeanDefinition definition = new RootBeanDefinition(InMemoryDaoImpl.class);
|
||||
|
||||
UserAttribute userAttribute = new UserAttribute();
|
||||
UserMap userMap = new UserMap();
|
||||
|
||||
setPassword(ele, userAttribute);
|
||||
setEnabled(ele, userAttribute);
|
||||
setAuthorities(ele, userAttribute);
|
||||
|
||||
UserDetails user = new User(ele.getAttribute(USERNAME), userAttribute.getPassword(), userAttribute.isEnabled(),
|
||||
true, true, true, userAttribute.getAuthorities());
|
||||
userMap.addUser(user);
|
||||
definition.getPropertyValues().addPropertyValue("userMap", userMap);
|
||||
return definition;
|
||||
}
|
||||
|
||||
private String createPropertiesBeanDefinition(Element ele, ParserContext parserContext) {
|
||||
// properties element
|
||||
RootBeanDefinition defintion = new RootBeanDefinition(PropertiesFactoryBean.class);
|
||||
String propertyValue = ele.getAttribute(RESOURCE);
|
||||
defintion.getPropertyValues().addPropertyValue("location", propertyValue);
|
||||
defintion.setSource(parserContext.extractSource(ele));
|
||||
return parserContext.getReaderContext().registerWithGeneratedName(defintion);
|
||||
}
|
||||
|
||||
protected static RootBeanDefinition createSampleUsersUsingProperties() {
|
||||
// properties element
|
||||
RootBeanDefinition defintion = new RootBeanDefinition(PropertiesFactoryBean.class);
|
||||
String location = "classpath:org/acegisecurity/config/user.properties";
|
||||
defintion.getPropertyValues().addPropertyValue("location", location);
|
||||
return defintion;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
*
|
||||
* @param elementToParse
|
||||
* @return
|
||||
*/
|
||||
private RootBeanDefinition parseUserDetailsServiceJdbcDefinition(Element elementToParse) {
|
||||
// parse attributes
|
||||
RootBeanDefinition definition = new RootBeanDefinition(JdbcDaoImpl.class);
|
||||
setPropertyIfAvailable(elementToParse, DATASOURCE_REF, DATASOURCE, definition);
|
||||
setPropertyIfAvailable(elementToParse, JDBCTEMPLATE_REF, JDBCTEMPLATE, definition);
|
||||
setPropertyIfAvailable(elementToParse, AUTHORITIES_BY_USERNAME_QUERY, AUTHORITIES_BY_USERNAME_QUERY, definition);
|
||||
setPropertyIfAvailable(elementToParse, ROLE_PREFIX, ROLE_PREFIX, definition);
|
||||
setPropertyIfAvailable(elementToParse, USERNAME_BASED_PRIMARY_KEY, USERNAME_BASED_PRIMARY_KEY, definition);
|
||||
return definition;
|
||||
}
|
||||
|
||||
protected void doParseProperties(Element element, ParserContext parserContext, BeanDefinitionBuilder builder) {
|
||||
Properties parsedProps = parserContext.getDelegate().parsePropsElement(element);
|
||||
builder.addPropertyValue(PROPERTIES, parsedProps);
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @param element
|
||||
* @param attribute
|
||||
* @param property
|
||||
* @param definition
|
||||
*/
|
||||
private void setPropertyIfAvailable(Element element, String attribute, String property,
|
||||
RootBeanDefinition definition) {
|
||||
String propertyValue = element.getAttribute(attribute);
|
||||
if (StringUtils.hasText(propertyValue)) {
|
||||
if (propertyValue.equals(DATASOURCE_REF) || propertyValue.equals(JDBCTEMPLATE_REF)) {
|
||||
definition.getPropertyValues().addPropertyValue(property, new RuntimeBeanReference(propertyValue));
|
||||
}
|
||||
else {
|
||||
definition.getPropertyValues().addPropertyValue(property, propertyValue);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
private void setPassword(Element element, UserAttribute userAttribute) {
|
||||
String propertyValue = element.getAttribute(PASSWORD);
|
||||
if (StringUtils.hasText(propertyValue)) {
|
||||
userAttribute.setPassword(propertyValue);
|
||||
}
|
||||
}
|
||||
|
||||
private void setEnabled(Element element, UserAttribute userAttribute) {
|
||||
String propertyValue = element.getAttribute(ENABLED);
|
||||
if (StringUtils.hasText(propertyValue)) {
|
||||
if (propertyValue.equals("true")) {
|
||||
userAttribute.setEnabled(true);
|
||||
}
|
||||
else {
|
||||
userAttribute.setEnabled(false);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
private void setAuthorities(Element ele, UserAttribute userAttribute) {
|
||||
// get authorities
|
||||
NodeList childNodes = ele.getChildNodes();
|
||||
|
||||
ManagedList authorities = new ManagedList();
|
||||
|
||||
for (int i = 0, n = childNodes.getLength(); i < n; i++) {
|
||||
Node authorityNode = childNodes.item(i);
|
||||
|
||||
if (GRANTED_AUTHORITY.equals(authorityNode.getLocalName())
|
||||
&& authorityNode.getNodeType() == Element.ELEMENT_NODE) {
|
||||
Element propertyValue = (Element) authorityNode;
|
||||
authorities.add(new GrantedAuthorityImpl(propertyValue.getAttribute(AUTHORITY)));
|
||||
}
|
||||
|
||||
if (GRANTED_AUTHORITY_REF.equals(authorityNode.getLocalName())
|
||||
&& authorityNode.getNodeType() == Element.ELEMENT_NODE) {
|
||||
Element propertyValue = (Element) authorityNode;
|
||||
String attribute = propertyValue.getAttribute(AUTHORITY_BEAN_REF);
|
||||
if (StringUtils.hasLength(attribute)) {
|
||||
authorities.add(new RuntimeBeanReference(attribute));
|
||||
}
|
||||
}
|
||||
}
|
||||
userAttribute.setAuthorities(authorities);
|
||||
}
|
||||
|
||||
}
|
||||
-46
@@ -1,46 +0,0 @@
|
||||
/**
|
||||
*
|
||||
*/
|
||||
package org.acegisecurity.config;
|
||||
|
||||
import org.acegisecurity.ui.rememberme.RememberMeProcessingFilter;
|
||||
import org.springframework.beans.factory.config.RuntimeBeanReference;
|
||||
import org.springframework.beans.factory.support.AbstractBeanDefinition;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.w3c.dom.Element;
|
||||
|
||||
/**
|
||||
* @author vpuri
|
||||
*
|
||||
*@since
|
||||
*/
|
||||
public class RememberMeFilterBeanDefinitionParser extends AbstractBeanDefinitionParser {
|
||||
|
||||
private static final String REMEMBER_ME_SERVICES_REF = "rememberMeServicesBeanRef";
|
||||
|
||||
private static final String REMEMBER_ME_SERVICES = "rememberMeServices";
|
||||
|
||||
|
||||
protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
|
||||
Assert.notNull(parserContext, "ParserContext must not be null");
|
||||
|
||||
RootBeanDefinition rememberMeFilterBeanDef = new RootBeanDefinition(RememberMeProcessingFilter.class);
|
||||
// check if rememberMeServicesBeanRef is defined and if it's specified use its referred bean
|
||||
String rememberMeServicesRef = element.getAttribute(REMEMBER_ME_SERVICES_REF);
|
||||
if (StringUtils.hasLength(rememberMeServicesRef)) {
|
||||
rememberMeFilterBeanDef.getPropertyValues().addPropertyValue(REMEMBER_ME_SERVICES,
|
||||
new RuntimeBeanReference(rememberMeServicesRef));
|
||||
}
|
||||
return rememberMeFilterBeanDef;
|
||||
}
|
||||
|
||||
protected static RootBeanDefinition createBeanDefinitionWithDefaults(ParserContext parserContext, RootBeanDefinition authenticationManager) {
|
||||
RootBeanDefinition definition= new RootBeanDefinition(RememberMeProcessingFilter.class);
|
||||
definition.getPropertyValues().addPropertyValue("authenticationManager",authenticationManager);
|
||||
return definition;
|
||||
}
|
||||
}
|
||||
-82
@@ -1,82 +0,0 @@
|
||||
/**
|
||||
*
|
||||
*/
|
||||
package org.acegisecurity.config;
|
||||
|
||||
import org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices;
|
||||
import org.springframework.beans.factory.config.RuntimeBeanReference;
|
||||
import org.springframework.beans.factory.support.AbstractBeanDefinition;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.BeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.w3c.dom.Element;
|
||||
|
||||
/**
|
||||
* Parses
|
||||
* @author vpuri
|
||||
*
|
||||
*/
|
||||
public class RememberMeServicesBeanDefinitionParser extends AbstractBeanDefinitionParser implements
|
||||
BeanDefinitionParser {
|
||||
|
||||
private static final String PRINCIPAL_REPOSITORY_BEAN_REF = "principalRepositoryBeanRef";
|
||||
|
||||
private static final String USER_DETAILS_SERVICE_PROPERTY = "userDetailsService";
|
||||
|
||||
/*
|
||||
* key is optional; if unspecified, pick a rnd int and use for all
|
||||
* unspecified key properties for acegi beans
|
||||
*/
|
||||
private static final String KEY = "key";
|
||||
|
||||
protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
|
||||
RootBeanDefinition rememberMeServicesBeanDef = createBeanDefinition(element, parserContext);
|
||||
return rememberMeServicesBeanDef;
|
||||
}
|
||||
|
||||
private RootBeanDefinition createBeanDefinition(Element element, ParserContext parserContext) {
|
||||
Assert.notNull(parserContext, "ParserContext must not be null");
|
||||
|
||||
RootBeanDefinition rememberMeServicesBeanDef = new RootBeanDefinition(TokenBasedRememberMeServices.class);
|
||||
|
||||
String keyValue = "";
|
||||
String rememberMeServicesRef = "";
|
||||
|
||||
if (element != null) {
|
||||
keyValue = element.getAttribute(KEY);
|
||||
|
||||
if (StringUtils.hasLength(keyValue)) {
|
||||
rememberMeServicesBeanDef.getPropertyValues().addPropertyValue(KEY, keyValue);
|
||||
}
|
||||
else {
|
||||
/*
|
||||
* TODO: pick a rnd int and apply it whenver required in
|
||||
* applicationcontext
|
||||
*/
|
||||
|
||||
}
|
||||
|
||||
// check if rememberMeServicesBeanRef is defined and if it's
|
||||
// specified
|
||||
// use its referred bean
|
||||
rememberMeServicesRef = element.getAttribute(PRINCIPAL_REPOSITORY_BEAN_REF);
|
||||
if (StringUtils.hasLength(rememberMeServicesRef)) {
|
||||
rememberMeServicesBeanDef.getPropertyValues().addPropertyValue(USER_DETAILS_SERVICE_PROPERTY,
|
||||
new RuntimeBeanReference(rememberMeServicesRef));
|
||||
}
|
||||
}
|
||||
|
||||
return rememberMeServicesBeanDef;
|
||||
}
|
||||
|
||||
protected static RootBeanDefinition createAndRegisterBeanDefintionWithDefaults(ParserContext parserContext){
|
||||
RootBeanDefinition beanDefinition = new RootBeanDefinition(TokenBasedRememberMeServices.class);
|
||||
beanDefinition.getPropertyValues().addPropertyValue(KEY, "key");
|
||||
parserContext.getReaderContext().registerWithGeneratedName(beanDefinition);
|
||||
return beanDefinition;
|
||||
}
|
||||
|
||||
}
|
||||
-21
@@ -1,21 +0,0 @@
|
||||
/**
|
||||
*
|
||||
*/
|
||||
package org.acegisecurity.config;
|
||||
|
||||
import org.springframework.beans.factory.xml.NamespaceHandlerSupport;
|
||||
|
||||
/**
|
||||
* @author Vishal Puri
|
||||
*
|
||||
*/
|
||||
public class SecurityAutoDetectNamepsaceHandler extends NamespaceHandlerSupport {
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.springframework.beans.factory.xml.NamespaceHandler#init()
|
||||
*/
|
||||
public void init() {
|
||||
registerBeanDefinitionParser("autoconfig", new AutoConfigBeanDefinitionParser());
|
||||
}
|
||||
|
||||
}
|
||||
-37
@@ -1,37 +0,0 @@
|
||||
/**
|
||||
*
|
||||
*/
|
||||
package org.acegisecurity.config;
|
||||
|
||||
import org.springframework.beans.factory.xml.BeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.NamespaceHandlerSupport;
|
||||
|
||||
/**
|
||||
* {@link org.springframework.beans.factory.xml.NamespaceHandler} for the '<code>security</code>' namespace.
|
||||
* @author vpuri
|
||||
*
|
||||
* @since
|
||||
*/
|
||||
public class SecurityNamespaceHandler extends NamespaceHandlerSupport {
|
||||
|
||||
/**
|
||||
* Register the {@link BeanDefinitionParser BeanDefinitionParsers} for the
|
||||
* '<code>context-integration</code>', ' and '<code></code>' elements.
|
||||
*/
|
||||
public void init() {
|
||||
registerBeanDefinitionParser("principal-repository", new PrincipalRepositoryBeanDefinitionParser());
|
||||
registerBeanDefinitionParser("session-context-integration", new ContextIntegrationBeanDefinitionParser());
|
||||
registerBeanDefinitionParser("authentication-repository", new AuthenticationRepositoryBeanDefinitionParser());
|
||||
registerBeanDefinitionParser("authentication-mechanism", new AuthenticationMechanismBeanDefinitionParser());
|
||||
registerBeanDefinitionParser("authentication-remember-me-services", new RememberMeServicesBeanDefinitionParser());
|
||||
registerBeanDefinitionParser("authentication-remember-me-filter", new RememberMeFilterBeanDefinitionParser());
|
||||
registerBeanDefinitionParser("logout-support", new LogoutFilterBeanDefinitionParser());
|
||||
registerBeanDefinitionParser("exception-translation", new ExceptionTranslationFilterBeanDefinitionParser());
|
||||
registerBeanDefinitionParser("authentication-form", new AuthenticationProcessingFilterBeanDefinitionParser());
|
||||
registerBeanDefinitionParser("authorization-manager", new AuthorizationManagerBeanDefinitionParser());
|
||||
registerBeanDefinitionParser("authorization-http-url", new FilterSecurityInterceptorBeanDefinitionParser());
|
||||
registerBeanDefinitionParser("authorization-joinpoint", new AuthorizationMethodBeanDefinitionParser());
|
||||
registerBeanDefinitionParser("autoconfig", new AutoConfigBeanDefinitionParser());
|
||||
}
|
||||
|
||||
}
|
||||
-239
@@ -1,239 +0,0 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.acegisecurity.ui.basicauth;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import javax.servlet.Filter;
|
||||
import javax.servlet.FilterChain;
|
||||
import javax.servlet.FilterConfig;
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.ServletRequest;
|
||||
import javax.servlet.ServletResponse;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.acegisecurity.Authentication;
|
||||
import org.acegisecurity.AuthenticationException;
|
||||
import org.acegisecurity.AuthenticationManager;
|
||||
import org.acegisecurity.context.SecurityContextHolder;
|
||||
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
|
||||
import org.acegisecurity.ui.AuthenticationDetailsSource;
|
||||
import org.acegisecurity.ui.AuthenticationDetailsSourceImpl;
|
||||
import org.acegisecurity.ui.AuthenticationEntryPoint;
|
||||
import org.acegisecurity.ui.rememberme.RememberMeServices;
|
||||
import org.apache.commons.codec.binary.Base64;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
import org.springframework.core.Ordered;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
|
||||
/**
|
||||
* Processes a HTTP request's BASIC authorization headers, putting the result into the
|
||||
* <code>SecurityContextHolder</code>.<p>For a detailed background on what this filter is designed to process,
|
||||
* refer to <A HREF="http://www.faqs.org/rfcs/rfc1945.html">RFC 1945, Section 11.1</A>. Any realm name presented in
|
||||
* the HTTP request is ignored.</p>
|
||||
* <p>In summary, this filter is responsible for processing any request that has a HTTP request header of
|
||||
* <code>Authorization</code> with an authentication scheme of <code>Basic</code> and a Base64-encoded
|
||||
* <code>username:password</code> token. For example, to authenticate user "Aladdin" with password "open sesame" the
|
||||
* following header would be presented:</p>
|
||||
* <p><code>Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==</code>.</p>
|
||||
* <p>This filter can be used to provide BASIC authentication services to both remoting protocol clients (such as
|
||||
* Hessian and SOAP) as well as standard user agents (such as Internet Explorer and Netscape).</p>
|
||||
* <P>If authentication is successful, the resulting {@link Authentication} object will be placed into the
|
||||
* <code>SecurityContextHolder</code>.</p>
|
||||
* <p>If authentication fails and <code>ignoreFailure</code> is <code>false</code> (the default), an {@link
|
||||
* AuthenticationEntryPoint} implementation is called. Usually this should be {@link BasicProcessingFilterEntryPoint},
|
||||
* which will prompt the user to authenticate again via BASIC authentication.</p>
|
||||
* <p>Basic authentication is an attractive protocol because it is simple and widely deployed. However, it still
|
||||
* transmits a password in clear text and as such is undesirable in many situations. Digest authentication is also
|
||||
* provided by Acegi Security and should be used instead of Basic authentication wherever possible. See {@link
|
||||
* org.acegisecurity.ui.digestauth.DigestProcessingFilter}.</p>
|
||||
* <p>Note that if a {@link #rememberMeServices} is set, this filter will automatically send back remember-me
|
||||
* details to the client. Therefore, subsequent requests will not need to present a BASIC authentication header as
|
||||
* they will be authenticated using the remember-me mechanism.</p>
|
||||
* <p><b>Do not use this class directly.</b> Instead configure <code>web.xml</code> to use the {@link
|
||||
* org.acegisecurity.util.FilterToBeanProxy}.</p>
|
||||
*
|
||||
* @author Ben Alex
|
||||
* @version $Id: BasicProcessingFilter.java 1783 2007-02-23 19:21:44Z luke_t $
|
||||
*/
|
||||
public class BasicProcessingFilter implements Filter, InitializingBean, Ordered {
|
||||
//~ Static fields/initializers =====================================================================================
|
||||
|
||||
private static final Log logger = LogFactory.getLog(BasicProcessingFilter.class);
|
||||
|
||||
//~ Instance fields ================================================================================================
|
||||
|
||||
private AuthenticationDetailsSource authenticationDetailsSource = new AuthenticationDetailsSourceImpl();
|
||||
private AuthenticationEntryPoint authenticationEntryPoint;
|
||||
private AuthenticationManager authenticationManager;
|
||||
private RememberMeServices rememberMeServices;
|
||||
private boolean ignoreFailure = false;
|
||||
private int order;
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
public void afterPropertiesSet() throws Exception {
|
||||
Assert.notNull(this.authenticationManager, "An AuthenticationManager is required");
|
||||
Assert.notNull(this.authenticationEntryPoint, "An AuthenticationEntryPoint is required");
|
||||
}
|
||||
|
||||
public void destroy() {}
|
||||
|
||||
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
|
||||
throws IOException, ServletException {
|
||||
|
||||
if (!(request instanceof HttpServletRequest)) {
|
||||
throw new ServletException("Can only process HttpServletRequest");
|
||||
}
|
||||
|
||||
if (!(response instanceof HttpServletResponse)) {
|
||||
throw new ServletException("Can only process HttpServletResponse");
|
||||
}
|
||||
|
||||
HttpServletRequest httpRequest = (HttpServletRequest) request;
|
||||
HttpServletResponse httpResponse = (HttpServletResponse) response;
|
||||
|
||||
String header = httpRequest.getHeader("Authorization");
|
||||
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Authorization header: " + header);
|
||||
}
|
||||
|
||||
if ((header != null) && header.startsWith("Basic ")) {
|
||||
String base64Token = header.substring(6);
|
||||
String token = new String(Base64.decodeBase64(base64Token.getBytes()));
|
||||
|
||||
String username = "";
|
||||
String password = "";
|
||||
int delim = token.indexOf(":");
|
||||
|
||||
if (delim != -1) {
|
||||
username = token.substring(0, delim);
|
||||
password = token.substring(delim + 1);
|
||||
}
|
||||
|
||||
if (authenticationIsRequired(username)) {
|
||||
UsernamePasswordAuthenticationToken authRequest =
|
||||
new UsernamePasswordAuthenticationToken(username, password);
|
||||
authRequest.setDetails(authenticationDetailsSource.buildDetails((HttpServletRequest) request));
|
||||
|
||||
Authentication authResult;
|
||||
|
||||
try {
|
||||
authResult = authenticationManager.authenticate(authRequest);
|
||||
} catch (AuthenticationException failed) {
|
||||
// Authentication failed
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Authentication request for user: " + username + " failed: " + failed.toString());
|
||||
}
|
||||
|
||||
SecurityContextHolder.getContext().setAuthentication(null);
|
||||
|
||||
if (rememberMeServices != null) {
|
||||
rememberMeServices.loginFail(httpRequest, httpResponse);
|
||||
}
|
||||
|
||||
if (ignoreFailure) {
|
||||
chain.doFilter(request, response);
|
||||
} else {
|
||||
authenticationEntryPoint.commence(request, response, failed);
|
||||
}
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
// Authentication success
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Authentication success: " + authResult.toString());
|
||||
}
|
||||
|
||||
SecurityContextHolder.getContext().setAuthentication(authResult);
|
||||
|
||||
if (rememberMeServices != null) {
|
||||
rememberMeServices.loginSuccess(httpRequest, httpResponse, authResult);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
chain.doFilter(request, response);
|
||||
}
|
||||
|
||||
private boolean authenticationIsRequired(String username) {
|
||||
// Only reauthenticate if username doesn't match SecurityContextHolder and user isn't authenticated
|
||||
// (see SEC-53)
|
||||
Authentication existingAuth = SecurityContextHolder.getContext().getAuthentication();
|
||||
|
||||
if(existingAuth == null || !existingAuth.isAuthenticated()) {
|
||||
return true;
|
||||
}
|
||||
|
||||
// Limit username comparison to providers which use usernames (ie UsernamePasswordAuthenticationToken)
|
||||
// (see SEC-348)
|
||||
|
||||
if (existingAuth instanceof UsernamePasswordAuthenticationToken && !existingAuth.getName().equals(username)) {
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
public AuthenticationEntryPoint getAuthenticationEntryPoint() {
|
||||
return authenticationEntryPoint;
|
||||
}
|
||||
|
||||
public AuthenticationManager getAuthenticationManager() {
|
||||
return authenticationManager;
|
||||
}
|
||||
|
||||
public void init(FilterConfig arg0) throws ServletException {}
|
||||
|
||||
public boolean isIgnoreFailure() {
|
||||
return ignoreFailure;
|
||||
}
|
||||
|
||||
public void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource) {
|
||||
Assert.notNull(authenticationDetailsSource, "AuthenticationDetailsSource required");
|
||||
this.authenticationDetailsSource = authenticationDetailsSource;
|
||||
}
|
||||
|
||||
public void setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint) {
|
||||
this.authenticationEntryPoint = authenticationEntryPoint;
|
||||
}
|
||||
|
||||
public void setAuthenticationManager(AuthenticationManager authenticationManager) {
|
||||
this.authenticationManager = authenticationManager;
|
||||
}
|
||||
|
||||
public void setIgnoreFailure(boolean ignoreFailure) {
|
||||
this.ignoreFailure = ignoreFailure;
|
||||
}
|
||||
|
||||
public void setRememberMeServices(RememberMeServices rememberMeServices) {
|
||||
this.rememberMeServices = rememberMeServices;
|
||||
}
|
||||
|
||||
public int getOrder() {
|
||||
return order;
|
||||
}
|
||||
|
||||
public void setOrder(int order) {
|
||||
this.order = order;
|
||||
}
|
||||
}
|
||||
-89
@@ -1,89 +0,0 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.acegisecurity.ui.basicauth;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.Map;
|
||||
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.ServletRequest;
|
||||
import javax.servlet.ServletResponse;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.acegisecurity.AuthenticationException;
|
||||
import org.acegisecurity.ui.AuthenticationEntryPoint;
|
||||
import org.acegisecurity.util.OrderedUtils;
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.context.ApplicationContextAware;
|
||||
import org.springframework.core.Ordered;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
|
||||
/**
|
||||
* Used by the <code>SecurityEnforcementFilter</code> to commence authentication via the {@link
|
||||
* BasicProcessingFilter}.<P>Once a user agent is authenticated using BASIC authentication, logout requires that
|
||||
* the browser be closed or an unauthorized (401) header be sent. The simplest way of achieving the latter is to call
|
||||
* the {@link #commence(ServletRequest, ServletResponse, AuthenticationException)} method below. This will indicate to
|
||||
* the browser its credentials are no longer authorized, causing it to prompt the user to login again.</p>
|
||||
*
|
||||
* @author Ben Alex
|
||||
* @version $Id: BasicProcessingFilterEntryPoint.java 1822 2007-05-17 12:20:16Z vishalpuri $
|
||||
*/
|
||||
public class BasicProcessingFilterEntryPoint implements AuthenticationEntryPoint, InitializingBean, Ordered, ApplicationContextAware {
|
||||
//~ Instance fields ================================================================================================
|
||||
|
||||
private static final int DEFAULT_ORDER = Integer.MAX_VALUE;
|
||||
private String realmName;
|
||||
private int order = DEFAULT_ORDER;
|
||||
private ApplicationContext applicationContext;
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
public int getOrder() {
|
||||
return order;
|
||||
}
|
||||
|
||||
public void setOrder(int order) {
|
||||
this.order = order;
|
||||
}
|
||||
|
||||
public void afterPropertiesSet() throws Exception {
|
||||
Assert.hasText(realmName, "realmName must be specified");
|
||||
if (order == DEFAULT_ORDER) {
|
||||
OrderedUtils.copyOrderFromOtherClass(BasicProcessingFilter.class, applicationContext, this, true);
|
||||
}
|
||||
}
|
||||
|
||||
public void commence(ServletRequest request, ServletResponse response, AuthenticationException authException)
|
||||
throws IOException, ServletException {
|
||||
HttpServletResponse httpResponse = (HttpServletResponse) response;
|
||||
httpResponse.addHeader("WWW-Authenticate", "Basic realm=\"" + realmName + "\"");
|
||||
httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, authException.getMessage());
|
||||
}
|
||||
|
||||
public String getRealmName() {
|
||||
return realmName;
|
||||
}
|
||||
|
||||
public void setRealmName(String realmName) {
|
||||
this.realmName = realmName;
|
||||
}
|
||||
|
||||
public void setApplicationContext(ApplicationContext applicationContext) {
|
||||
this.applicationContext = applicationContext;
|
||||
}
|
||||
}
|
||||
-5
@@ -1,5 +0,0 @@
|
||||
<html>
|
||||
<body>
|
||||
Authenticates HTTP BASIC authentication requests.
|
||||
</body>
|
||||
</html>
|
||||
-88
@@ -1,88 +0,0 @@
|
||||
/**
|
||||
*
|
||||
*/
|
||||
package org.acegisecurity.util;
|
||||
|
||||
import org.springframework.beans.factory.config.RuntimeBeanNameReference;
|
||||
import org.springframework.beans.factory.config.RuntimeBeanReference;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.w3c.dom.Element;
|
||||
|
||||
/**
|
||||
* The convenience methods for the parsing of bean definition xml file.
|
||||
*
|
||||
* @author Vishal Puri
|
||||
*
|
||||
*/
|
||||
public class BeanDefinitionParserUtils {
|
||||
// ~ Constructor
|
||||
// ================================================================================================
|
||||
|
||||
/**
|
||||
* Prevents instantiation
|
||||
*/
|
||||
private BeanDefinitionParserUtils() {
|
||||
}
|
||||
|
||||
// ~ Method
|
||||
// ================================================================================================
|
||||
|
||||
public static void setConstructorArgumentIfAvailable(int index, Element element, String attribute,
|
||||
boolean isRunTimeBeanReference, RootBeanDefinition definition) {
|
||||
String propertyValue = element.getAttribute(attribute);
|
||||
if (StringUtils.hasText(propertyValue)) {
|
||||
if (!isRunTimeBeanReference) {
|
||||
definition.getConstructorArgumentValues().addIndexedArgumentValue(index, propertyValue);
|
||||
}
|
||||
else {
|
||||
definition.getConstructorArgumentValues().addIndexedArgumentValue(index,
|
||||
new RuntimeBeanNameReference(propertyValue));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* <p>
|
||||
* Configure a <code>BeanDefinition</code>with the property value
|
||||
* retrieved from xml attribute. If the attribute is like a standard spring
|
||||
* 'ref' attribute as indicated by 'isRunTimeBeanReference', the property
|
||||
* will be resolved as a reference to the spring bean.
|
||||
* </p>
|
||||
*
|
||||
* @param element The parent element.
|
||||
* @param attribute The child attribute.
|
||||
* @param property The configuration property for the BeanDefinition
|
||||
* @param isRunTimeBeanReference Indicates if the property is like a
|
||||
* standard spring 'ref' attribute.
|
||||
* @param definition The BeanDefinition to configure with the property
|
||||
* provided.
|
||||
* @return boolean To indicate if BeanDefinition was configured with a
|
||||
* property.
|
||||
*/
|
||||
public static boolean setPropertyIfAvailable(Element element, String attribute, String property,
|
||||
boolean isRunTimeBeanReference, RootBeanDefinition definition) {
|
||||
String propertyValue = element.getAttribute(attribute);
|
||||
if (StringUtils.hasText(propertyValue)) {
|
||||
if (!isRunTimeBeanReference) {
|
||||
definition.getPropertyValues().addPropertyValue(property, propertyValue);
|
||||
return true;
|
||||
}
|
||||
else {
|
||||
definition.getPropertyValues().addPropertyValue(property, new RuntimeBeanReference(propertyValue));
|
||||
return true;
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param parserContext
|
||||
* @param defintion
|
||||
*/
|
||||
public static void registerBeanDefinition(ParserContext parserContext, RootBeanDefinition defintion) {
|
||||
parserContext.getRegistry().registerBeanDefinition(
|
||||
parserContext.getReaderContext().generateBeanName(defintion), defintion);
|
||||
}
|
||||
}
|
||||
@@ -1,66 +0,0 @@
|
||||
package org.acegisecurity.util;
|
||||
|
||||
import java.lang.reflect.Method;
|
||||
import java.util.Map;
|
||||
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.core.Ordered;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.util.ReflectionUtils;
|
||||
|
||||
/**
|
||||
* Proivdes common logic for manipulating classes implementing the Spring
|
||||
* {@link Ordered} interface.
|
||||
*
|
||||
* @author Ben Alex
|
||||
* @author Vishal Puri
|
||||
*/
|
||||
public abstract class OrderedUtils {
|
||||
/**
|
||||
* Introspects the application context for a single instance of <code>sourceClass</code>. If found, the order from the source
|
||||
* class instance is copied into the <code>destinationObject</code>. If more than one instance of <code>sourceClass</code>
|
||||
* is found, the method throws <code>IllegalStateException</code>.
|
||||
*
|
||||
* <p>The <code>destinationObject</code> is required to provide a public <code>setOrder(int)</code> method to permit
|
||||
* mutation of the order property.
|
||||
*
|
||||
* @param sourceClass to locate in the application context (must be assignable to Ordered)
|
||||
* @param applicationContext to locate the class
|
||||
* @param destinationObject to copy the order into (must provide public setOrder(int) method)
|
||||
* @param skipIfMoreThanOneCandidateSourceClassInstance if the application context provides more than one potential source, skip modifications (if false, the first located matching source will be used)
|
||||
* @return whether or not the destination class was updated
|
||||
*/
|
||||
public static boolean copyOrderFromOtherClass(Class sourceClass, ApplicationContext applicationContext, Object destinationObject, boolean skipIfMoreThanOneCandidateSourceClassInstance) {
|
||||
Assert.notNull(sourceClass, "Source class required");
|
||||
Assert.notNull(applicationContext, "ApplicationContext required");
|
||||
Assert.notNull(destinationObject, "Destination object required");
|
||||
Assert.isAssignable(Ordered.class, sourceClass, "Source class " + sourceClass + " must be assignable to Ordered");
|
||||
Map map = applicationContext.getBeansOfType(sourceClass);
|
||||
if (map.size() == 0) {
|
||||
return false;
|
||||
} else if (map.size() > 1 && skipIfMoreThanOneCandidateSourceClassInstance) {
|
||||
return false;
|
||||
} else {
|
||||
copyOrderFromOtherObject((Ordered)map.values().iterator().next(), destinationObject);
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Copies the order property from the <code>sourceObject</code> into the <code>destinationObject</code>.
|
||||
*
|
||||
* <p>The <code>destinationObject</code> is required to provide a public <code>setOrder(int)</code> method to permit
|
||||
* mutation of the order property.
|
||||
*
|
||||
* @param sourceObject to copy the order from
|
||||
* @param destinationObject to copy the order into (must provide public setOrder(int) method)
|
||||
*/
|
||||
public static void copyOrderFromOtherObject(Ordered sourceObject, Object destinationObject) {
|
||||
Assert.notNull(sourceObject, "Source object required");
|
||||
Assert.notNull(destinationObject, "Destination object required");
|
||||
Method m = ReflectionUtils.findMethod(destinationObject.getClass(), "setOrder", new Class[] {int.class});
|
||||
Assert.notNull(m, "Method setOrder(int) not found on " + destinationObject.getClass());
|
||||
ReflectionUtils.invokeMethod(m, destinationObject, new Object[] { Integer.valueOf((sourceObject.getOrder()))});
|
||||
}
|
||||
|
||||
}
|
||||
@@ -1,5 +0,0 @@
|
||||
<html>
|
||||
<body>
|
||||
General utility classes used throughout the Acegi Security System.
|
||||
</body>
|
||||
</html>
|
||||
-4
@@ -1,4 +0,0 @@
|
||||
angelina=black,ROLE_ADMIN
|
||||
brad=grey,ROLE_TELLER,ROLE_PERMISSION_LIST
|
||||
paris=pink,ROLE_TELLER
|
||||
bono=sunny,ROLE_PERMISSION_LIST
|
||||
-686
@@ -1,686 +0,0 @@
|
||||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||
|
||||
<xsd:schema xmlns="http://www.springframework.org/schema/security"
|
||||
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
|
||||
targetNamespace="http://www.springframework.org/schema/security"
|
||||
xmlns:beans="http://www.springframework.org/schema/beans"
|
||||
elementFormDefault="qualified" attributeFormDefault="unqualified">
|
||||
|
||||
<xsd:import namespace="http://www.springframework.org/schema/beans" />
|
||||
|
||||
<xsd:element name="autoconfig" />
|
||||
|
||||
<xsd:element name="session-context-integration">
|
||||
<xsd:complexType>
|
||||
<xsd:attribute name="id" type="xsd:ID">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
<![CDATA[
|
||||
The unique identifier for a bean.
|
||||
]]>
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:attribute>
|
||||
|
||||
<xsd:attribute name="sessionCreation"
|
||||
default="ifRequired">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
<![CDATA[
|
||||
Indicates if this filter can create a HttpSession if
|
||||
needed (sessions are always created sparingly, but setting this value to
|
||||
false will prohibit sessions from ever being created).
|
||||
Defaults to true. Do not set to false if
|
||||
you have set forceEagerSessionCreation to true ,
|
||||
as the properties would be in conflict.
|
||||
]]>
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
<xsd:simpleType>
|
||||
<xsd:restriction base="xsd:string">
|
||||
<xsd:enumeration value="ifRequired" />
|
||||
<xsd:enumeration value="never" />
|
||||
<xsd:enumeration value="always" />
|
||||
</xsd:restriction>
|
||||
</xsd:simpleType>
|
||||
</xsd:attribute>
|
||||
|
||||
<xsd:attribute name="forceEagerSessionCreation"
|
||||
default="false" type="defaultable-boolean" use="optional">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
<![CDATA[
|
||||
Indicates if this filter is required to create a 'HttpSession'
|
||||
for every request before proceeding through the filter chain, even if the
|
||||
'HttpSession' would not ordinarily have been created. By
|
||||
default this is 'false', which is entirely appropriate for
|
||||
most circumstances as you do not want a 'HttpSession'
|
||||
created unless the filter actually needs one. It is envisaged the main
|
||||
situation in which this property would be set to 'true' is
|
||||
if using other filters that depend on a 'HttpSession'
|
||||
already existing, such as those which need to obtain a session ID. This
|
||||
is only required in specialised cases, so leave it set to
|
||||
'false' unless you have an actual requirement and are
|
||||
conscious of the session creation overhead.
|
||||
]]>
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:attribute>
|
||||
<xsd:attribute name="cloneFromHttpSession" default="false"
|
||||
type="defaultable-boolean" use="optional">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
<![CDATA[
|
||||
Indicates whether the <code>SecurityContext</code> will be cloned from
|
||||
the HttpSession. The default is to simply reference (ie
|
||||
the default is 'false'. The default may cause issues if
|
||||
concurrent threads need to have a different security identity from other
|
||||
threads being concurrently processed that share the same
|
||||
<code>HttpSession</code>. In most normal environments this does not
|
||||
represent an issue, as changes to the security identity in one thread is
|
||||
allowed to affect the security identitiy in other threads associated with
|
||||
the same 'HttpSession'.
|
||||
]]>
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:attribute>
|
||||
</xsd:complexType>
|
||||
</xsd:element>
|
||||
|
||||
<xsd:element name="authentication-remember-me-filter"
|
||||
type="RememberMeFilter">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation
|
||||
source="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter">
|
||||
<![CDATA[
|
||||
makes the filter, but does little else, as it auto-detects everything
|
||||
]]>
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:element>
|
||||
|
||||
<xsd:complexType name="RememberMeFilter">
|
||||
<xsd:attribute name="id" type="xsd:ID">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
<![CDATA[
|
||||
The unique identifier for a bean.
|
||||
]]>
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:attribute>
|
||||
<xsd:attribute name="rememberMeServicesBeanRef"
|
||||
type="xsd:string" use="optional" />
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:element name="authentication-remember-me-services"
|
||||
type="RememberMeServices" />
|
||||
|
||||
<xsd:complexType name="RememberMeServices">
|
||||
<xsd:attribute name="id" type="xsd:ID">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
<![CDATA[
|
||||
The unique identifier for a bean.
|
||||
]]>
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:attribute>
|
||||
<xsd:attribute name="key" type="xsd:string" use="optional" />
|
||||
<xsd:attribute name="principalRepositoryBeanRef"
|
||||
type="xsd:string" use="optional" />
|
||||
</xsd:complexType>
|
||||
|
||||
<!-- Logout Filter -->
|
||||
<xsd:element name="logout-support">
|
||||
<xsd:complexType>
|
||||
<!-- Write other attributes -->
|
||||
<xsd:attribute name="id" type="xsd:ID">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
<![CDATA[
|
||||
The unique identifier for a bean.
|
||||
]]>
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:attribute>
|
||||
<xsd:attribute name="redirectAfterLogoutUrl"
|
||||
type="xsd:string" default="/" />
|
||||
<xsd:attribute name="logoutUrl" type="xsd:string"
|
||||
default="/logout" />
|
||||
<xsd:anyAttribute namespace="##other" processContents="lax" />
|
||||
</xsd:complexType>
|
||||
</xsd:element>
|
||||
|
||||
|
||||
<!-- Exception Translation Filter -->
|
||||
<xsd:element name="exception-translation"
|
||||
type="ExceptionTranslation" />
|
||||
|
||||
<xsd:complexType name="ExceptionTranslation">
|
||||
<xsd:all>
|
||||
<xsd:element ref="entry-point" maxOccurs="1" />
|
||||
<xsd:element ref="access-denied" maxOccurs="1"
|
||||
minOccurs="0" />
|
||||
</xsd:all>
|
||||
<xsd:attribute name="id" type="xsd:ID">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
<![CDATA[
|
||||
The unique identifier for a bean.
|
||||
]]>
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:attribute>
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:element name="entry-point">
|
||||
<xsd:complexType>
|
||||
<xsd:attribute name="entryPointBeanRef" type="xsd:string" />
|
||||
</xsd:complexType>
|
||||
</xsd:element>
|
||||
|
||||
<xsd:element name="access-denied">
|
||||
<xsd:complexType>
|
||||
<xsd:attribute name="accessDeniedUrl" type="xsd:string"
|
||||
use="optional" />
|
||||
<xsd:attribute name="accessDeniedBeanRef" type="xsd:string"
|
||||
use="optional" />
|
||||
</xsd:complexType>
|
||||
</xsd:element>
|
||||
|
||||
<!-- AuthenticationProcessigFilter -->
|
||||
<xsd:element name="authentication-form"
|
||||
type="AuthenticationProcessingFilter" />
|
||||
|
||||
<xsd:complexType name="AuthenticationProcessingFilter">
|
||||
<xsd:attribute name="id" type="xsd:ID">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
<![CDATA[
|
||||
The unique identifier for a bean.
|
||||
]]>
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:attribute>
|
||||
<xsd:attribute name="authenticationUrl" type="xsd:string"
|
||||
use="required">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
<![CDATA[
|
||||
The URL destination that this filter intercepts and processes (usually something like
|
||||
/login)
|
||||
]]>
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:attribute>
|
||||
<xsd:attribute name="defaultTargetUrl" type="xsd:string"
|
||||
use="required">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
<![CDATA[
|
||||
Where to redirect the browser to if authentication is successful but ACEGI_SAVED_REQUEST_KEY is
|
||||
null
|
||||
]]>
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:attribute>
|
||||
<xsd:attribute name="errorFormUrl" type="xsd:string"
|
||||
use="required">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
<![CDATA[
|
||||
Where to redirect the browser to if authentication fails.
|
||||
]]>
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:attribute>
|
||||
</xsd:complexType>
|
||||
|
||||
|
||||
|
||||
<xsd:element name="authentication-mechanism"
|
||||
type="AuthenticationManager">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation
|
||||
source="org.acegisecurity.providers.ProviderManager">
|
||||
<![CDATA[
|
||||
Resolves to 'org.acegisecurity.providers.ProviderManager'
|
||||
]]>
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:element>
|
||||
|
||||
<xsd:complexType name="AuthenticationManager">
|
||||
<xsd:sequence>
|
||||
<xsd:element ref="authentication-jdbc" minOccurs="0"
|
||||
maxOccurs="1" />
|
||||
<xsd:element ref="authentication-ldap" minOccurs="0"
|
||||
maxOccurs="1" />
|
||||
</xsd:sequence>
|
||||
<xsd:attribute name="id" type="xsd:ID">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
<![CDATA[
|
||||
The unique identifier for a bean.
|
||||
]]>
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:attribute>
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:element name="authentication-jdbc">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation
|
||||
source="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
|
||||
<![CDATA[
|
||||
if not specified will be auto-tetected from the ApplicationContext and tried in order
|
||||
]]>
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
<xsd:complexType>
|
||||
<xsd:attribute name="ref" type="xsd:string" />
|
||||
</xsd:complexType>
|
||||
</xsd:element>
|
||||
|
||||
<xsd:element name="authentication-ldap">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation
|
||||
source="org.acegisecurity.providers.ldap.LdapAuthenticationProvider">
|
||||
<![CDATA[
|
||||
if not specified will be auto-tetected from the ApplicationContext and tried in order
|
||||
]]>
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
|
||||
<xsd:complexType>
|
||||
|
||||
<xsd:sequence>
|
||||
<xsd:element name="property">
|
||||
<xsd:complexType>
|
||||
<xsd:complexContent>
|
||||
<xsd:extension base="beans:propertyType"></xsd:extension>
|
||||
</xsd:complexContent>
|
||||
</xsd:complexType>
|
||||
</xsd:element>
|
||||
</xsd:sequence>
|
||||
|
||||
<xsd:attribute name="ldapUrl" type="xsd:string">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
<![CDATA[
|
||||
The LDAP url of the server (and root context) to connect to.
|
||||
]]>
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:attribute>
|
||||
<xsd:attribute name="managerDn" type="xsd:string">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
<![CDATA[
|
||||
The LDAP url of the server (and root context) to connect to.
|
||||
]]>
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:attribute>
|
||||
<xsd:attribute name="managerPassword" type="xsd:string">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
<![CDATA[
|
||||
The manager user's password.
|
||||
]]>
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:attribute>
|
||||
<xsd:attribute name="groupSearchBase" type="xsd:string">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
<![CDATA[
|
||||
|
||||
]]>
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:attribute>
|
||||
<xsd:attribute name="groupRoleAttribute"
|
||||
type="xsd:string">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
<![CDATA[
|
||||
|
||||
]]>
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:attribute>
|
||||
</xsd:complexType>
|
||||
</xsd:element>
|
||||
|
||||
|
||||
|
||||
<xsd:element name="principal-repository" type="PrincipalRepository" />
|
||||
|
||||
<xsd:complexType name="PrincipalRepository">
|
||||
<xsd:choice>
|
||||
<xsd:element ref="jdbc" minOccurs="0" maxOccurs="1" />
|
||||
<xsd:element ref="ldap" minOccurs="0" maxOccurs="1" />
|
||||
<xsd:element ref="properties" minOccurs="0" maxOccurs="1" />
|
||||
<xsd:element ref="user-definition" minOccurs="0"
|
||||
maxOccurs="unbounded" />
|
||||
</xsd:choice>
|
||||
<xsd:attribute name="id" type="xsd:ID">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
<![CDATA[
|
||||
The unique identifier for a bean.
|
||||
]]>
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:attribute>
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:element name="jdbc">
|
||||
<xsd:complexType>
|
||||
<xsd:attribute name="dataSourceBeanRef" type="xsd:string" />
|
||||
<xsd:attribute name="authoritiesByUsernameQuery"
|
||||
type="xsd:string" use="optional" />
|
||||
<xsd:attribute name="jdbcTemplateBeanRef" type="xsd:string"
|
||||
use="optional" />
|
||||
<xsd:attribute name="rolePrefix" type="xsd:string"
|
||||
use="optional" />
|
||||
<xsd:attribute name="usernameBasedPrimaryKey"
|
||||
type="xsd:boolean" use="optional" />
|
||||
<xsd:attribute name="usersByUsernameQuery" type="xsd:string"
|
||||
use="optional" />
|
||||
</xsd:complexType>
|
||||
</xsd:element>
|
||||
|
||||
|
||||
<xsd:element name="ldap">
|
||||
<xsd:complexType>
|
||||
<xsd:attribute name="not-yet-defined" type="xsd:string" />
|
||||
</xsd:complexType>
|
||||
</xsd:element>
|
||||
|
||||
<xsd:element name="properties">
|
||||
<xsd:complexType>
|
||||
<xsd:attribute name="resource" type="xsd:string" />
|
||||
</xsd:complexType>
|
||||
</xsd:element>
|
||||
|
||||
<xsd:element name="user-definition">
|
||||
<xsd:complexType>
|
||||
<xsd:sequence>
|
||||
<xsd:element name="granted-authority" minOccurs="0"
|
||||
maxOccurs="unbounded">
|
||||
<xsd:complexType>
|
||||
<xsd:attribute name="authority"
|
||||
type="xsd:string" use="required" />
|
||||
</xsd:complexType>
|
||||
</xsd:element>
|
||||
<xsd:element name="granted-authority-ref" minOccurs="0"
|
||||
maxOccurs="unbounded">
|
||||
<xsd:complexType>
|
||||
<xsd:attribute name="authorityBeanRef"
|
||||
type="xsd:string" use="required" />
|
||||
</xsd:complexType>
|
||||
</xsd:element>
|
||||
</xsd:sequence>
|
||||
<xsd:attribute name="username" type="xsd:string"
|
||||
use="required" />
|
||||
<xsd:attribute name="password" type="xsd:string" />
|
||||
<xsd:attribute name="enabled" type="xsd:boolean" />
|
||||
<xsd:anyAttribute namespace="##local"
|
||||
processContents="strict" />
|
||||
</xsd:complexType>
|
||||
</xsd:element>
|
||||
|
||||
|
||||
<xsd:element name="authentication-repository"
|
||||
type="AuthenticationRepositoryType" />
|
||||
|
||||
<xsd:complexType name="AuthenticationRepositoryType">
|
||||
<xsd:sequence>
|
||||
<xsd:element name="salt-source" type="SaltSource"
|
||||
minOccurs="0" maxOccurs="1" />
|
||||
<xsd:element name="password-encoder" type="PasswordEncoder"
|
||||
minOccurs="0" maxOccurs="1" />
|
||||
</xsd:sequence>
|
||||
<xsd:attributeGroup ref="AuthenticationRepositoryAttributes" />
|
||||
</xsd:complexType>
|
||||
|
||||
<!-- <security:salt-source source="systemwide|reflection" salt="salt"/> -->
|
||||
<xsd:complexType name="SaltSource">
|
||||
<xsd:sequence>
|
||||
<xsd:choice minOccurs="0" maxOccurs="1">
|
||||
<xsd:element name="system-wide">
|
||||
<xsd:complexType>
|
||||
<xsd:attribute name="systemWideSalt"
|
||||
type="xsd:string" />
|
||||
</xsd:complexType>
|
||||
</xsd:element>
|
||||
<xsd:element name="reflection">
|
||||
<xsd:complexType>
|
||||
<xsd:attribute name="userPropertyToUse"
|
||||
type="xsd:string" />
|
||||
</xsd:complexType>
|
||||
</xsd:element>
|
||||
</xsd:choice>
|
||||
</xsd:sequence>
|
||||
<xsd:attribute name="saltSourceBeanRef" type="xsd:string"
|
||||
use="optional" />
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:complexType name="PasswordEncoder">
|
||||
<xsd:sequence>
|
||||
<xsd:choice minOccurs="0" maxOccurs="1">
|
||||
<xsd:element name="encoder">
|
||||
<xsd:complexType>
|
||||
<xsd:attribute name="method" type="encoders" />
|
||||
</xsd:complexType>
|
||||
</xsd:element>
|
||||
</xsd:choice>
|
||||
</xsd:sequence>
|
||||
<xsd:attribute name="encoderBeanRef" type="xsd:string"
|
||||
use="optional" />
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:attributeGroup name="AuthenticationRepositoryAttributes">
|
||||
<xsd:attribute name="id" type="xsd:ID">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
<![CDATA[
|
||||
The unique identifier for a bean.
|
||||
]]>
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:attribute>
|
||||
<xsd:attribute name="repositoryBeanRef" type="xsd:string">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
<![CDATA[
|
||||
Reference of a bean.
|
||||
]]>
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:attribute>
|
||||
</xsd:attributeGroup>
|
||||
|
||||
<xsd:element name="authorization-http-url"
|
||||
type="AuthorizationHttpUrlType">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
<![CDATA[
|
||||
Specify security:uri-patterns in order of processing; each pattern must specify EITHER a
|
||||
regularExpression OR a path, but not both and ALL patterns in the url-mapping MUST be of the
|
||||
SAME type (ie cannot mix a regular expression and Ant Path) - exception will be thrown if tried
|
||||
]]>
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:element>
|
||||
|
||||
<xsd:complexType name="AuthorizationHttpUrlType">
|
||||
<xsd:sequence minOccurs="1" maxOccurs="1">
|
||||
<xsd:element name="url-mapping" type="UrlMappingType"></xsd:element>
|
||||
</xsd:sequence>
|
||||
<xsd:attribute name="id" type="xsd:ID">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
<![CDATA[
|
||||
The unique identifier for a bean.
|
||||
]]>
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:attribute>
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:complexType name="UrlMappingType">
|
||||
<xsd:sequence minOccurs="1" maxOccurs="unbounded">
|
||||
<xsd:element name="uri-pattern" type="UriPatternType" />
|
||||
</xsd:sequence>
|
||||
<xsd:attribute name="source" type="xsd:string" default="xml" />
|
||||
<xsd:attribute name="sourceBeanId" type="xsd:string">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
<![CDATA[
|
||||
Reference to an external ObjectDefinitionSource.
|
||||
]]>
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:attribute>
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:complexType name="UriPatternType">
|
||||
<xsd:sequence minOccurs="1" maxOccurs="unbounded">
|
||||
<xsd:element name="configuration-attribute"
|
||||
type="ConfigurationAttributeType" />
|
||||
</xsd:sequence>
|
||||
<xsd:attribute name="path" type="xsd:string" use="optional" />
|
||||
<xsd:attribute name="regularExpression" type="xsd:string"
|
||||
use="optional" />
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:complexType name="ConfigurationAttributeType">
|
||||
<xsd:attribute name="attribute" type="xsd:string" />
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:element name="authorization-manager"
|
||||
type="AuthorizationManagerType" />
|
||||
|
||||
<xsd:complexType name="AuthorizationManagerType">
|
||||
<xsd:sequence>
|
||||
<xsd:element name="role-voter" type="xsd:string"
|
||||
minOccurs="0" maxOccurs="1" />
|
||||
<xsd:element name="authenticated-voter" type="xsd:string"
|
||||
minOccurs="0" maxOccurs="1" />
|
||||
</xsd:sequence>
|
||||
<xsd:attribute name="id" type="xsd:ID">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
<![CDATA[
|
||||
The unique identifier for a bean.
|
||||
]]>
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:attribute>
|
||||
<xsd:attribute name="strategy" type="response"
|
||||
default="affirmative" />
|
||||
</xsd:complexType>
|
||||
|
||||
<!-- Authorization JointPoint -->
|
||||
<xsd:element name="authorization-joinpoint"
|
||||
type="AuthorizationJointPointType">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
<![CDATA[
|
||||
|
||||
]]>
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:element>
|
||||
|
||||
<xsd:complexType name="AuthorizationJointPointType">
|
||||
<xsd:sequence minOccurs="1" maxOccurs="1">
|
||||
<xsd:element name="url-mapping"
|
||||
type="JointPointMappingType">
|
||||
</xsd:element>
|
||||
</xsd:sequence>
|
||||
<xsd:attribute name="id" type="xsd:ID">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
<![CDATA[
|
||||
The unique identifier for a bean.
|
||||
]]>
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:attribute>
|
||||
<xsd:attribute name="springAop" type="xsd:boolean"
|
||||
use="optional" />
|
||||
<xsd:attribute name="aspectj" type="xsd:boolean" use="optional" />
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:complexType name="JointPointMappingType">
|
||||
<xsd:sequence minOccurs="1" maxOccurs="unbounded">
|
||||
<xsd:element name="method-pattern" type="MethodPatternType" />
|
||||
</xsd:sequence>
|
||||
<xsd:attribute name="source" type="MethodInterceptorType"
|
||||
default="xml" />
|
||||
<xsd:attribute name="sourceBeanId" type="xsd:string">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
<![CDATA[
|
||||
Reference to an external ObjectDefinitionSource.
|
||||
]]>
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:attribute>
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:complexType name="MethodPatternType">
|
||||
<xsd:sequence minOccurs="1" maxOccurs="unbounded">
|
||||
<xsd:element name="configuration-attribute"
|
||||
type="ConfigurationAttributeType" />
|
||||
</xsd:sequence>
|
||||
<xsd:attribute name="type" type="xsd:string" />
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:simpleType name="response">
|
||||
<xsd:restriction base="xsd:NMTOKEN">
|
||||
<xsd:enumeration value="consensus" />
|
||||
<xsd:enumeration value="unanimous" />
|
||||
<xsd:enumeration value="affirmative" />
|
||||
</xsd:restriction>
|
||||
</xsd:simpleType>
|
||||
|
||||
<xsd:simpleType name="MethodInterceptorType">
|
||||
<xsd:restriction base="xsd:NMTOKEN">
|
||||
<xsd:enumeration value="xml" />
|
||||
<xsd:enumeration value="attributes" />
|
||||
<xsd:enumeration value="annotations" />
|
||||
<xsd:enumeration value="custom" />
|
||||
</xsd:restriction>
|
||||
</xsd:simpleType>
|
||||
|
||||
<!-- simple internal types -->
|
||||
<xsd:simpleType name="defaultable-boolean">
|
||||
<xsd:restriction base="xsd:NMTOKEN">
|
||||
<xsd:enumeration value="true" />
|
||||
<xsd:enumeration value="false" />
|
||||
</xsd:restriction>
|
||||
</xsd:simpleType>
|
||||
|
||||
|
||||
|
||||
<xsd:simpleType name="encoders">
|
||||
<xsd:restriction base="xsd:NMTOKEN">
|
||||
<xsd:enumeration value="md5" />
|
||||
<xsd:enumeration value="md5Hex" />
|
||||
<xsd:enumeration value="sha" />
|
||||
<xsd:enumeration value="shaHex" />
|
||||
<xsd:enumeration value="custom" />
|
||||
</xsd:restriction>
|
||||
</xsd:simpleType>
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
</xsd:schema>
|
||||
@@ -1,38 +0,0 @@
|
||||
package org.acegisecurity;
|
||||
|
||||
import junit.framework.Test;
|
||||
import junit.framework.TestCase;
|
||||
import junit.framework.TestSuite;
|
||||
|
||||
/**
|
||||
* Unit test for simple App.
|
||||
*/
|
||||
public class AppTest
|
||||
extends TestCase
|
||||
{
|
||||
/**
|
||||
* Create the test case
|
||||
*
|
||||
* @param testName name of the test case
|
||||
*/
|
||||
public AppTest( String testName )
|
||||
{
|
||||
super( testName );
|
||||
}
|
||||
|
||||
/**
|
||||
* @return the suite of tests being tested
|
||||
*/
|
||||
public static Test suite()
|
||||
{
|
||||
return new TestSuite( AppTest.class );
|
||||
}
|
||||
|
||||
/**
|
||||
* Rigourous Test :-)
|
||||
*/
|
||||
public void testApp()
|
||||
{
|
||||
assertTrue( true );
|
||||
}
|
||||
}
|
||||
@@ -1,99 +0,0 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.acegisecurity;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import org.acegisecurity.AccessDeniedException;
|
||||
import org.acegisecurity.GrantedAuthority;
|
||||
import org.acegisecurity.GrantedAuthorityImpl;
|
||||
|
||||
import org.acegisecurity.context.SecurityContextHolder;
|
||||
import org.acegisecurity.context.SecurityContextImpl;
|
||||
|
||||
import org.acegisecurity.providers.TestingAuthenticationToken;
|
||||
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
|
||||
|
||||
import org.springframework.context.support.ClassPathXmlApplicationContext;
|
||||
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* Tests security objects.
|
||||
*
|
||||
* @author Ben Alex
|
||||
* @version $Id: BankTests.java 1496 2006-05-23 13:38:33Z benalex $
|
||||
*/
|
||||
public class BankTests extends TestCase {
|
||||
//~ Instance fields ================================================================================================
|
||||
|
||||
private BankService service;
|
||||
private ClassPathXmlApplicationContext ctx;
|
||||
|
||||
//~ Constructors ===================================================================================================
|
||||
|
||||
public BankTests() {
|
||||
super();
|
||||
}
|
||||
|
||||
public BankTests(String arg0) {
|
||||
super(arg0);
|
||||
}
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
private static void createSecureContext() {
|
||||
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("test", "test",
|
||||
new GrantedAuthority[] {
|
||||
new GrantedAuthorityImpl("ROLE_TELLER"), new GrantedAuthorityImpl("ROLE_PERMISSION_LIST")
|
||||
});
|
||||
|
||||
SecurityContextHolder.getContext().setAuthentication(auth);
|
||||
}
|
||||
|
||||
private static void destroySecureContext() {
|
||||
SecurityContextHolder.setContext(new SecurityContextImpl());
|
||||
}
|
||||
|
||||
public static void main(String[] args) {
|
||||
junit.textui.TestRunner.run(BankTests.class);
|
||||
}
|
||||
|
||||
public final void setUp() throws Exception {
|
||||
super.setUp();
|
||||
ctx = new ClassPathXmlApplicationContext("org/acegisecurity/config/auto-config.xml");
|
||||
service = (BankService) ctx.getBean("bankService");
|
||||
}
|
||||
|
||||
public void testDeniedAccess() throws Exception {
|
||||
createSecureContext();
|
||||
|
||||
try {
|
||||
service.balance("1");
|
||||
fail("Should have thrown AccessDeniedException");
|
||||
} catch (AccessDeniedException expected) {
|
||||
assertTrue(true);
|
||||
}
|
||||
destroySecureContext();
|
||||
}
|
||||
|
||||
public void testListAccounts() throws Exception {
|
||||
createSecureContext();
|
||||
service.listAccounts();
|
||||
destroySecureContext();
|
||||
}
|
||||
}
|
||||
-25
@@ -1,25 +0,0 @@
|
||||
/**
|
||||
*
|
||||
*/
|
||||
package org.acegisecurity.config;
|
||||
|
||||
import org.acegisecurity.providers.ProviderManager;
|
||||
import org.acegisecurity.providers.dao.DaoAuthenticationProvider;
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.context.support.ClassPathXmlApplicationContext;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
/**
|
||||
* @author vpuri
|
||||
*
|
||||
*/
|
||||
public class AuthenticationMechanismNamespaceTests extends TestCase {
|
||||
public void testParserDefaults() {
|
||||
ApplicationContext context = new ClassPathXmlApplicationContext(
|
||||
"org/acegisecurity/config/remember-me-defaults.xml");
|
||||
ProviderManager mgr = (ProviderManager) context.getBean("authenticationManager");
|
||||
assertEquals(1, mgr.getProviders().size());
|
||||
assertTrue(mgr.getProviders().get(0) instanceof DaoAuthenticationProvider);
|
||||
}
|
||||
}
|
||||
-25
@@ -1,25 +0,0 @@
|
||||
/**
|
||||
*
|
||||
*/
|
||||
package org.acegisecurity.config;
|
||||
|
||||
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.context.support.ClassPathXmlApplicationContext;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
/**
|
||||
* @author vpuri
|
||||
*
|
||||
*/
|
||||
public class AuthenticationProcessingFilterNamespaceTests extends TestCase {
|
||||
|
||||
public void testAuthenticationFilterBeanDefinition() {
|
||||
ApplicationContext context = new ClassPathXmlApplicationContext(
|
||||
"org/acegisecurity/config/authentication-form-filter.xml");
|
||||
ConfigurableListableBeanFactory factory = (ConfigurableListableBeanFactory) context
|
||||
.getAutowireCapableBeanFactory();
|
||||
}
|
||||
|
||||
}
|
||||
-120
@@ -1,120 +0,0 @@
|
||||
/**
|
||||
*
|
||||
*/
|
||||
package org.acegisecurity.config;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import org.acegisecurity.providers.AuthenticationProvider;
|
||||
import org.acegisecurity.providers.dao.DaoAuthenticationProvider;
|
||||
import org.acegisecurity.providers.dao.SaltSource;
|
||||
import org.acegisecurity.providers.encoding.Md5PasswordEncoder;
|
||||
import org.acegisecurity.providers.encoding.PasswordEncoder;
|
||||
import org.acegisecurity.providers.encoding.PlaintextPasswordEncoder;
|
||||
import org.acegisecurity.userdetails.jdbc.JdbcDaoImpl;
|
||||
import org.springframework.beans.PropertyValue;
|
||||
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
|
||||
import org.springframework.beans.factory.config.RuntimeBeanReference;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.context.support.ClassPathXmlApplicationContext;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
/**
|
||||
* @author vpuri
|
||||
*
|
||||
*/
|
||||
public class AuthenticationRepositoryParserTest extends TestCase {
|
||||
|
||||
public void testAuthenticationRepositoryDefaultWithAutoUserdetails() {
|
||||
ApplicationContext context = new ClassPathXmlApplicationContext(
|
||||
"org/acegisecurity/config/authentication-dao-defaults.xml");
|
||||
ConfigurableListableBeanFactory clbf = (ConfigurableListableBeanFactory) context
|
||||
.getAutowireCapableBeanFactory();
|
||||
|
||||
String[] names = clbf.getBeanNamesForType(AuthenticationProvider.class);
|
||||
assertEquals(1, names.length);
|
||||
|
||||
// check bean class
|
||||
RootBeanDefinition definition = (RootBeanDefinition) clbf.getBeanDefinition(names[0]);
|
||||
assertEquals(DaoAuthenticationProvider.class, definition.getBeanClass());
|
||||
|
||||
DaoAuthenticationProvider provider = (DaoAuthenticationProvider) context.getBean("authenticationRepository");
|
||||
Assert.isAssignable(JdbcDaoImpl.class, provider.getUserDetailsService().getClass());
|
||||
|
||||
}
|
||||
|
||||
public void testCollaboratorsAsInnerBeans() {
|
||||
ApplicationContext context = new ClassPathXmlApplicationContext(
|
||||
"org/acegisecurity/config/authentication-innerbeans.xml");
|
||||
ConfigurableListableBeanFactory clbf = (ConfigurableListableBeanFactory) context
|
||||
.getAutowireCapableBeanFactory();
|
||||
// get the main bean definition, there should be only one
|
||||
String[] names = clbf.getBeanNamesForType(AuthenticationProvider.class);
|
||||
assertEquals(1, names.length);
|
||||
RootBeanDefinition definition = (RootBeanDefinition) clbf.getBeanDefinition(names[0]);
|
||||
assertEquals(DaoAuthenticationProvider.class, definition.getBeanClass());
|
||||
|
||||
// get the 2 inner beans
|
||||
PropertyValue saltSourceBean = definition.getPropertyValues().getPropertyValue("saltSource");
|
||||
assertEquals("saltSource", saltSourceBean.getName());
|
||||
|
||||
// get the BeanDefinition
|
||||
RootBeanDefinition saltsourceDef = (RootBeanDefinition) saltSourceBean.getValue();
|
||||
Assert.isAssignable(SaltSource.class, saltsourceDef.getBeanClass());
|
||||
|
||||
PropertyValue encoder = definition.getPropertyValues().getPropertyValue("passwordEncoder");
|
||||
assertEquals("passwordEncoder", encoder.getName());
|
||||
|
||||
// get the BeanDefinition
|
||||
RootBeanDefinition encoderDef = (RootBeanDefinition) encoder.getValue();
|
||||
Assert.isAssignable(PasswordEncoder.class, encoderDef.getBeanClass());
|
||||
|
||||
assertEquals("incorrect bean class name", encoderDef.getBeanClassName(), Md5PasswordEncoder.class.getName());
|
||||
}
|
||||
|
||||
public void testCollaboratorsAsBeanRef() {
|
||||
ApplicationContext context = new ClassPathXmlApplicationContext(
|
||||
"org/acegisecurity/config/authentication-beanRef-attributes.xml");
|
||||
ConfigurableListableBeanFactory clbf = (ConfigurableListableBeanFactory) context
|
||||
.getAutowireCapableBeanFactory();
|
||||
// get the main bean definition, there should be only one
|
||||
String[] names = clbf.getBeanNamesForType(AuthenticationProvider.class);
|
||||
assertEquals(1, names.length);
|
||||
RootBeanDefinition definition = (RootBeanDefinition) clbf.getBeanDefinition(names[0]);
|
||||
assertEquals(DaoAuthenticationProvider.class, definition.getBeanClass());
|
||||
|
||||
// get the referred collaborators
|
||||
|
||||
PropertyValue userDetailsBean = definition.getPropertyValues().getPropertyValue("userDetailsService");
|
||||
assertEquals("userDetailsService", userDetailsBean.getName());
|
||||
|
||||
PropertyValue saltSourceBean = definition.getPropertyValues().getPropertyValue("saltSource");
|
||||
assertEquals("saltSource", saltSourceBean.getName());
|
||||
|
||||
// get the BeanDefinition
|
||||
RuntimeBeanReference saltsourceDef = (RuntimeBeanReference) saltSourceBean.getValue();
|
||||
assertEquals("refToSaltSource", saltsourceDef.getBeanName());
|
||||
|
||||
PropertyValue encoder = definition.getPropertyValues().getPropertyValue("passwordEncoder");
|
||||
assertEquals("passwordEncoder", encoder.getName());
|
||||
|
||||
// get the BeanDefinition
|
||||
RuntimeBeanReference encoderDef = (RuntimeBeanReference) encoder.getValue();
|
||||
assertEquals("refToPasswordEncoder", encoderDef.getBeanName());
|
||||
|
||||
DaoAuthenticationProvider provider = (DaoAuthenticationProvider) context.getBean("authenticationRepository");
|
||||
assertTrue(provider.getPasswordEncoder() instanceof PasswordEncoder);
|
||||
assertEquals(Md5PasswordEncoder.class, provider.getPasswordEncoder().getClass());
|
||||
}
|
||||
|
||||
public void testAutodetectionOfUserDetailsService() {
|
||||
ApplicationContext context = new ClassPathXmlApplicationContext(
|
||||
"org/acegisecurity/config/authentication-defaults.xml");
|
||||
DaoAuthenticationProvider provider = (DaoAuthenticationProvider) context.getBean("authenticationRepository");
|
||||
assertNotNull(provider.getUserDetailsService());
|
||||
assertNull(provider.getSaltSource());
|
||||
assertEquals(PlaintextPasswordEncoder.class, provider.getPasswordEncoder().getClass());
|
||||
|
||||
}
|
||||
}
|
||||
-31
@@ -1,31 +0,0 @@
|
||||
package org.acegisecurity.config;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import org.acegisecurity.AccessDecisionManager;
|
||||
import org.acegisecurity.vote.AuthenticatedVoter;
|
||||
import org.springframework.beans.factory.config.BeanDefinition;
|
||||
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
|
||||
import org.springframework.beans.factory.support.ManagedList;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.context.support.ClassPathXmlApplicationContext;
|
||||
|
||||
public class AuthorizationManagerBeanDefinitionParserTests extends TestCase {
|
||||
|
||||
public void testParsingBeanDefinition() {
|
||||
ApplicationContext context = new ClassPathXmlApplicationContext(
|
||||
"org/acegisecurity/config/authorization-manager.xml");
|
||||
ConfigurableListableBeanFactory bf = (ConfigurableListableBeanFactory) context.getAutowireCapableBeanFactory();
|
||||
String[] beanNames = bf.getBeanNamesForType(AccessDecisionManager.class);
|
||||
assertEquals(1, beanNames.length);
|
||||
BeanDefinition def = (RootBeanDefinition) bf.getBeanDefinition(beanNames[0]);
|
||||
assertNotNull(def);
|
||||
List decisionVoters = (ManagedList) def.getPropertyValues().getPropertyValue("decisionVoters").getValue();
|
||||
assertEquals(2, decisionVoters.size());
|
||||
assertEquals("org.acegisecurity.vote.RoleVoter", ((BeanDefinition) decisionVoters.get(0)).getBeanClassName());
|
||||
assertEquals("org.acegisecurity.vote.AuthenticatedVoter", ((BeanDefinition) decisionVoters.get(1)).getBeanClassName());
|
||||
}
|
||||
}
|
||||
-105
@@ -1,105 +0,0 @@
|
||||
/**
|
||||
*
|
||||
*/
|
||||
package org.acegisecurity.config;
|
||||
|
||||
import java.lang.reflect.Field;
|
||||
import java.util.Map;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import org.acegisecurity.AuthenticationManager;
|
||||
import org.acegisecurity.context.HttpSessionContextIntegrationFilter;
|
||||
import org.acegisecurity.intercept.method.MethodDefinitionSource;
|
||||
import org.acegisecurity.intercept.method.aopalliance.MethodDefinitionSourceAdvisor;
|
||||
import org.acegisecurity.ui.logout.LogoutFilter;
|
||||
import org.acegisecurity.ui.logout.LogoutHandler;
|
||||
import org.acegisecurity.ui.rememberme.RememberMeProcessingFilter;
|
||||
import org.acegisecurity.ui.rememberme.RememberMeServices;
|
||||
import org.acegisecurity.ui.webapp.AuthenticationProcessingFilter;
|
||||
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.context.support.ClassPathXmlApplicationContext;
|
||||
import org.springframework.util.ReflectionUtils;
|
||||
|
||||
/**
|
||||
* @author Vishal Puri
|
||||
*
|
||||
*/
|
||||
public class AutoConfigBeanDefinitionParserTests extends TestCase {
|
||||
|
||||
private ApplicationContext context;
|
||||
|
||||
private ConfigurableListableBeanFactory bf;
|
||||
|
||||
// ~ Methods
|
||||
// ========================================================================================================
|
||||
|
||||
public void setUp() {
|
||||
this.context = new ClassPathXmlApplicationContext("org/acegisecurity/config/auto-config.xml");
|
||||
this.bf = (ConfigurableListableBeanFactory) context.getAutowireCapableBeanFactory();
|
||||
}
|
||||
|
||||
public void testContextBeanDefinitionCreated() {
|
||||
String[] names = bf.getBeanNamesForType(HttpSessionContextIntegrationFilter.class);
|
||||
assertEquals(1, names.length);
|
||||
HttpSessionContextIntegrationFilter filter = (HttpSessionContextIntegrationFilter) bf.getBean(names[0]);
|
||||
// check properties
|
||||
// get the bean
|
||||
assertTrue(filter.isAllowSessionCreation());
|
||||
assertFalse(filter.isForceEagerSessionCreation());
|
||||
assertFalse(filter.isCloneFromHttpSession());
|
||||
}
|
||||
|
||||
public void testLogoutFilterDefinitionCreatedWithDefaults() throws Exception {
|
||||
String[] names = bf.getBeanNamesForType(LogoutFilter.class);
|
||||
assertEquals(1, names.length);
|
||||
LogoutFilter filter = (LogoutFilter) context.getBean(names[0]);
|
||||
assertNotNull(filter);
|
||||
Field logoutSuccessUrl = makeAccessibleAndGetFieldByName(filter.getClass().getDeclaredFields(),
|
||||
"logoutSuccessUrl");
|
||||
String value = (String) logoutSuccessUrl.get(filter);
|
||||
assertEquals("/", value);
|
||||
Field handlers = makeAccessibleAndGetFieldByName(filter.getClass().getDeclaredFields(), "handlers");
|
||||
assertNotNull(handlers);
|
||||
LogoutHandler[] handlersArray = (LogoutHandler[]) handlers.get(filter);
|
||||
assertEquals(2, handlersArray.length);
|
||||
}
|
||||
|
||||
public void testExceptionTranslationFilterCreatedwithDefaults() throws Exception {
|
||||
Map map = bf.getBeansOfType(AuthenticationProcessingFilter.class);
|
||||
AuthenticationProcessingFilter filter = (AuthenticationProcessingFilter) map.values().iterator().next();
|
||||
AuthenticationManager authMgr = filter.getAuthenticationManager();
|
||||
assertNotNull(authMgr);
|
||||
RememberMeServices remMeServices = filter.getRememberMeServices();
|
||||
assertNotNull(remMeServices);
|
||||
assertEquals("/acegilogin.jsp?login_error=1", filter.getAuthenticationFailureUrl());
|
||||
assertEquals("/", filter.getDefaultTargetUrl());
|
||||
}
|
||||
|
||||
public void testRememberMePRocessingFilterCreatedWithDefaults() {
|
||||
Map map = bf.getBeansOfType(RememberMeProcessingFilter.class);
|
||||
RememberMeProcessingFilter filter = (RememberMeProcessingFilter) map.values().iterator().next();
|
||||
}
|
||||
|
||||
public void testMethodDefinitionSourceAdvisorCreatedWithDefaults() throws Exception {
|
||||
Map map = bf.getBeansOfType(MethodDefinitionSourceAdvisor.class);
|
||||
assertEquals(1, map.size());
|
||||
MethodDefinitionSourceAdvisor advisor = (MethodDefinitionSourceAdvisor) map.values().iterator().next();
|
||||
Field transactionAttributeSource = makeAccessibleAndGetFieldByName(advisor.getClass().getDeclaredFields(), "transactionAttributeSource");
|
||||
assertNotNull(transactionAttributeSource);
|
||||
assertTrue(transactionAttributeSource.get(advisor) instanceof MethodDefinitionSource);
|
||||
}
|
||||
|
||||
private Field makeAccessibleAndGetFieldByName(Field[] declaredFields, String name) {
|
||||
Field field = null;
|
||||
for (int i = 0, n = declaredFields.length; i < n; i++) {
|
||||
ReflectionUtils.makeAccessible(declaredFields[i]);
|
||||
if (declaredFields[i].getName().equals(name)) {
|
||||
return declaredFields[i];
|
||||
}
|
||||
}
|
||||
return field;
|
||||
}
|
||||
|
||||
}
|
||||
-79
@@ -1,79 +0,0 @@
|
||||
package org.acegisecurity.config;
|
||||
|
||||
import java.beans.FeatureDescriptor;
|
||||
import java.lang.reflect.Field;
|
||||
import java.util.Arrays;
|
||||
|
||||
import javax.servlet.Filter;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import org.acegisecurity.ui.AccessDeniedHandler;
|
||||
import org.acegisecurity.ui.AccessDeniedHandlerImpl;
|
||||
import org.acegisecurity.ui.ExceptionTranslationFilter;
|
||||
import org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint;
|
||||
import org.springframework.beans.PropertyValue;
|
||||
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
|
||||
import org.springframework.beans.factory.config.RuntimeBeanReference;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.context.support.ClassPathXmlApplicationContext;
|
||||
import org.springframework.util.ReflectionUtils;
|
||||
|
||||
public class ExceptionTranslationParserTests extends TestCase {
|
||||
|
||||
public void testParsingBeanReferences() {
|
||||
ApplicationContext context = new ClassPathXmlApplicationContext(
|
||||
"org/acegisecurity/config/exception-translation-beanref.xml");
|
||||
ConfigurableListableBeanFactory factory = (ConfigurableListableBeanFactory) context
|
||||
.getAutowireCapableBeanFactory();
|
||||
String[] beanNames = factory.getBeanNamesForType(ExceptionTranslationFilter.class);
|
||||
assertEquals(1, beanNames.length);
|
||||
RootBeanDefinition def = (RootBeanDefinition) factory.getBeanDefinition(beanNames[0]);
|
||||
assertEquals(ExceptionTranslationFilter.class.getName(), def.getBeanClassName());
|
||||
// check collaborators
|
||||
PropertyValue accessDeniedHandler = def.getPropertyValues().getPropertyValue("accessDeniedHandler");
|
||||
assertNotNull(accessDeniedHandler);
|
||||
assertEquals(accessDeniedHandler.getValue(), new RuntimeBeanReference("theBeanToUse"));
|
||||
PropertyValue entryPoint = def.getPropertyValues().getPropertyValue("authenticationEntryPoint");
|
||||
assertNotNull(entryPoint);
|
||||
assertEquals(entryPoint.getValue(), new RuntimeBeanReference("authenticationProcessingFilterEntryPoint"));
|
||||
}
|
||||
|
||||
public void testRuntimeBeanDependencies() {
|
||||
ApplicationContext context = new ClassPathXmlApplicationContext(
|
||||
"org/acegisecurity/config/exception-translation-beanref.xml");
|
||||
ExceptionTranslationFilter filter = (ExceptionTranslationFilter) context.getBean("exceptionTranslationFilter");
|
||||
AuthenticationProcessingFilterEntryPoint entryPoint = (AuthenticationProcessingFilterEntryPoint) filter
|
||||
.getAuthenticationEntryPoint();
|
||||
assertEquals("/acegilogin.jsp", entryPoint.getLoginFormUrl());
|
||||
assertFalse(entryPoint.getForceHttps());
|
||||
|
||||
}
|
||||
|
||||
public void testAutoDetectionOfDefaultDependencies() throws Exception {
|
||||
ApplicationContext context = new ClassPathXmlApplicationContext(
|
||||
"org/acegisecurity/config/exception-translation-autodetect-handler.xml");
|
||||
ExceptionTranslationFilter filter = (ExceptionTranslationFilter) context.getBean("exceptionTranslationFilter");
|
||||
Field field = makeAccessibleAndGetFieldByName(filter.getClass().getDeclaredFields(), "accessDeniedHandler");
|
||||
assertTrue(field.get(filter) instanceof AccessDeniedHandler);
|
||||
AccessDeniedHandlerImpl accessDeniedHandler = (AccessDeniedHandlerImpl) field
|
||||
.get(filter);
|
||||
Field f = makeAccessibleAndGetFieldByName(accessDeniedHandler.getClass().getDeclaredFields(), "errorPage");
|
||||
assertEquals("errorPage",f.getName());
|
||||
String value = (String) f.get(accessDeniedHandler);
|
||||
assertEquals("/accessDenied.jsp", value);
|
||||
}
|
||||
|
||||
private Field makeAccessibleAndGetFieldByName(Field[] fields, String name) {
|
||||
Field field = null;
|
||||
for (int i = 0, n = fields.length; i < n; i++) {
|
||||
ReflectionUtils.makeAccessible(fields[i]);
|
||||
if (fields[i].getName().equals(name)) {
|
||||
return fields[i];
|
||||
}
|
||||
}
|
||||
return field;
|
||||
}
|
||||
|
||||
}
|
||||
-35
@@ -1,35 +0,0 @@
|
||||
package org.acegisecurity.config;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import org.acegisecurity.AccessDecisionManager;
|
||||
import org.acegisecurity.intercept.web.FilterSecurityInterceptor;
|
||||
import org.acegisecurity.intercept.web.RegExpBasedFilterInvocationDefinitionMap;
|
||||
import org.acegisecurity.vote.AffirmativeBased;
|
||||
import org.springframework.beans.PropertyValue;
|
||||
import org.springframework.beans.factory.config.BeanDefinition;
|
||||
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.context.support.ClassPathXmlApplicationContext;
|
||||
|
||||
/**
|
||||
* @author Vishal Puri
|
||||
*/
|
||||
public class FilterSecurityInterceptorBeanDefinitionParserTests extends TestCase {
|
||||
|
||||
public void testParsingBeanDefinition() {
|
||||
ApplicationContext context = new ClassPathXmlApplicationContext(
|
||||
"org/acegisecurity/config/authorization-http-config.xml");
|
||||
ConfigurableListableBeanFactory bf = (ConfigurableListableBeanFactory) context.getAutowireCapableBeanFactory();
|
||||
String[] beanNames = bf.getBeanNamesForType(FilterSecurityInterceptor.class);
|
||||
assertEquals(1, beanNames.length);
|
||||
BeanDefinition def = bf.getBeanDefinition(beanNames[0]);
|
||||
assertEquals(2, def.getPropertyValues().size());
|
||||
PropertyValue objectDefinitionSource = def.getPropertyValues().getPropertyValue("objectDefinitionSource");
|
||||
assertTrue(objectDefinitionSource.getValue() instanceof RegExpBasedFilterInvocationDefinitionMap);
|
||||
PropertyValue accessDecisionManager = def.getPropertyValues().getPropertyValue("accessDecisionManager");
|
||||
BeanDefinition definition = (RootBeanDefinition) accessDecisionManager.getValue() ;
|
||||
assertEquals("org.acegisecurity.vote.AffirmativeBased" , definition.getBeanClassName());
|
||||
}
|
||||
}
|
||||
-44
@@ -1,44 +0,0 @@
|
||||
/**
|
||||
*
|
||||
*/
|
||||
package org.acegisecurity.config;
|
||||
|
||||
import javax.servlet.Filter;
|
||||
|
||||
import org.acegisecurity.context.HttpSessionContextIntegrationFilter;
|
||||
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.context.support.ClassPathXmlApplicationContext;
|
||||
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
/**
|
||||
* @author vpuri
|
||||
*
|
||||
*/
|
||||
public class HttpSessionContextIntegrationParserTest extends TestCase {
|
||||
|
||||
public void testApplicationContext() {
|
||||
ApplicationContext context = new ClassPathXmlApplicationContext("org/acegisecurity/config/session-context-integration-defaults.xml");
|
||||
ConfigurableListableBeanFactory clbf =
|
||||
(ConfigurableListableBeanFactory)context.getAutowireCapableBeanFactory();
|
||||
|
||||
String[] names = clbf.getBeanNamesForType(Filter.class);
|
||||
assertEquals(1, names.length);
|
||||
|
||||
// check bean name
|
||||
RootBeanDefinition definition = (RootBeanDefinition)clbf.getBeanDefinition(names[0]);
|
||||
assertEquals(HttpSessionContextIntegrationFilter.class, definition.getBeanClass());
|
||||
|
||||
// check properties
|
||||
//get the bean
|
||||
HttpSessionContextIntegrationFilter filter = (HttpSessionContextIntegrationFilter)context.getBean("httpSessionContextIntegrationFilter");
|
||||
assertFalse(filter.isAllowSessionCreation());
|
||||
assertNotNull(definition.getPropertyValues().getPropertyValue("allowSessionCreation"));
|
||||
assertFalse(filter.isForceEagerSessionCreation());
|
||||
assertFalse(filter.isCloneFromHttpSession());
|
||||
}
|
||||
|
||||
}
|
||||
-52
@@ -1,52 +0,0 @@
|
||||
package org.acegisecurity.config;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import org.acegisecurity.ldap.InitialDirContextFactory;
|
||||
import org.acegisecurity.providers.ldap.LdapAuthenticationProvider;
|
||||
import org.acegisecurity.providers.ldap.authenticator.BindAuthenticator;
|
||||
import org.springframework.beans.PropertyValue;
|
||||
import org.springframework.beans.PropertyValues;
|
||||
import org.springframework.beans.factory.config.BeanDefinition;
|
||||
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
|
||||
import org.springframework.beans.factory.config.ConstructorArgumentValues.ValueHolder;
|
||||
import org.springframework.beans.factory.support.ManagedList;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.context.support.ClassPathXmlApplicationContext;
|
||||
|
||||
/**
|
||||
* @author Vishal Puri
|
||||
*
|
||||
*/
|
||||
public class LdapAuthenticationProviderBeanDefinitionParserTests extends TestCase {
|
||||
|
||||
public void testBeanDefinitionCreation() {
|
||||
ApplicationContext context = new ClassPathXmlApplicationContext("org/acegisecurity/config/ldap-config.xml");
|
||||
ConfigurableListableBeanFactory bf = (ConfigurableListableBeanFactory) context.getAutowireCapableBeanFactory();
|
||||
BeanDefinition def = (RootBeanDefinition) bf.getBeanDefinition("authenticationManager");
|
||||
assertNotNull(def);
|
||||
PropertyValues values = def.getPropertyValues();
|
||||
PropertyValue value = values.getPropertyValue("providers");
|
||||
assertNotNull(value);
|
||||
ManagedList list = (ManagedList) value.getValue();
|
||||
assertEquals(1, list.size());
|
||||
|
||||
RootBeanDefinition definition = (RootBeanDefinition) list.get(0);
|
||||
assertEquals(LdapAuthenticationProvider.class, definition.getBeanClass());
|
||||
|
||||
assertEquals(2, definition.getConstructorArgumentValues().getArgumentCount());
|
||||
|
||||
ValueHolder holder = definition.getConstructorArgumentValues().getArgumentValue(0, BindAuthenticator.class);
|
||||
assertNotNull(holder.getConvertedValue() instanceof BindAuthenticator);
|
||||
RootBeanDefinition authenticatorDefinition = (RootBeanDefinition) holder.getValue();
|
||||
assertEquals(1, authenticatorDefinition.getConstructorArgumentValues().getArgumentCount());
|
||||
|
||||
RootBeanDefinition initialContextDir = (RootBeanDefinition) authenticatorDefinition
|
||||
.getConstructorArgumentValues().getArgumentValue(0, InitialDirContextFactory.class).getValue();
|
||||
assertEquals("cn=manager,dc=acegisecurity,dc=org", initialContextDir.getPropertyValues().getPropertyValue(
|
||||
"managerDn").getValue());
|
||||
assertEquals("ldap://monkeymachine:389/dc=acegisecurity,dc=org", initialContextDir.getConstructorArgumentValues()
|
||||
.getArgumentValue(0, String.class).getValue());
|
||||
}
|
||||
}
|
||||
-29
@@ -1,29 +0,0 @@
|
||||
/**
|
||||
*
|
||||
*/
|
||||
package org.acegisecurity.config;
|
||||
|
||||
import java.util.Map;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import org.acegisecurity.ui.logout.LogoutHandler;
|
||||
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.context.support.ClassPathXmlApplicationContext;
|
||||
|
||||
/**
|
||||
* @author vpuri
|
||||
*
|
||||
*/
|
||||
public class LogoutFilterBeanDefinitionParserTests extends TestCase {
|
||||
|
||||
public void testLogoutFilter() {
|
||||
ApplicationContext context = new ClassPathXmlApplicationContext(
|
||||
"org/acegisecurity/config/logout-filter-with-handlers.xml");
|
||||
ConfigurableListableBeanFactory bf = (ConfigurableListableBeanFactory) context.getAutowireCapableBeanFactory();
|
||||
Map m = bf.getBeansOfType(LogoutHandler.class);
|
||||
assertEquals(2, m.size());
|
||||
}
|
||||
|
||||
}
|
||||
-22
@@ -1,22 +0,0 @@
|
||||
/**
|
||||
*
|
||||
*/
|
||||
package org.acegisecurity.config;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.context.support.ClassPathXmlApplicationContext;
|
||||
|
||||
/**
|
||||
* @author vpuri
|
||||
*
|
||||
*/
|
||||
public class NamespaceTests extends TestCase {
|
||||
|
||||
|
||||
public void testPass() {
|
||||
ApplicationContext c = new ClassPathXmlApplicationContext("org/acegisecurity/config/applicationContext-acegi-security.xml");
|
||||
}
|
||||
|
||||
}
|
||||
-65
@@ -1,65 +0,0 @@
|
||||
package org.acegisecurity.config;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import org.acegisecurity.GrantedAuthority;
|
||||
import org.acegisecurity.GrantedAuthorityImpl;
|
||||
import org.acegisecurity.userdetails.User;
|
||||
import org.acegisecurity.userdetails.UserDetailsService;
|
||||
import org.acegisecurity.userdetails.memory.InMemoryDaoImpl;
|
||||
import org.acegisecurity.userdetails.memory.UserMap;
|
||||
import org.springframework.beans.PropertyValue;
|
||||
import org.springframework.beans.factory.config.BeanDefinition;
|
||||
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.context.support.ClassPathXmlApplicationContext;
|
||||
|
||||
/**
|
||||
* @author Vishal Puri
|
||||
*
|
||||
*/
|
||||
public class PrincipalRepositoryNamespaceTests extends TestCase {
|
||||
|
||||
public void testParserWithUserDefinition() {
|
||||
ApplicationContext context = new ClassPathXmlApplicationContext(
|
||||
"org/acegisecurity/config/principal-repository-user-map.xml");
|
||||
|
||||
ConfigurableListableBeanFactory clbf = (ConfigurableListableBeanFactory) context
|
||||
.getAutowireCapableBeanFactory();
|
||||
|
||||
String[] names = clbf.getBeanNamesForType(UserDetailsService.class);
|
||||
assertEquals(1, names.length);
|
||||
|
||||
RootBeanDefinition definition = (RootBeanDefinition) clbf.getBeanDefinition(names[0]);
|
||||
assertEquals(InMemoryDaoImpl.class, definition.getBeanClass());
|
||||
|
||||
UserMap map = new UserMap();
|
||||
|
||||
GrantedAuthority[] authotities = { new GrantedAuthorityImpl("ROLE_YO"), new GrantedAuthorityImpl("ROLE_YOYO") };
|
||||
|
||||
User user = new User("vishal", "nottellingya", true, true, true, true, authotities);
|
||||
|
||||
map.addUser(user);
|
||||
|
||||
assertPropertyValues(map, definition, "userMap");
|
||||
|
||||
}
|
||||
|
||||
private void assertPropertyValues(UserMap assertionValue, RootBeanDefinition definition, String property) {
|
||||
PropertyValue propertyValue = definition.getPropertyValues().getPropertyValue(property);
|
||||
assertNotNull(propertyValue);
|
||||
assertTrue(propertyValue.getValue() instanceof UserMap);
|
||||
UserMap users = (UserMap) propertyValue.getValue();
|
||||
assertTrue(assertionValue.getUserCount() == users.getUserCount());
|
||||
assertEquals(assertionValue.getUser("vishal"), users.getUser("vishal"));
|
||||
assertTrue(users.getUser("vishal").isEnabled());
|
||||
assertTrue(users.getUser("vishal").isAccountNonExpired());
|
||||
assertTrue(users.getUser("vishal").isAccountNonLocked());
|
||||
assertTrue(users.getUser("vishal").isCredentialsNonExpired());
|
||||
assertEquals(2, users.getUser("vishal").getAuthorities().length);
|
||||
assertEquals(new GrantedAuthorityImpl("ROLE_YO"), users.getUser("vishal").getAuthorities()[0]);
|
||||
assertEquals(new GrantedAuthorityImpl("ROLE_YOYO"), users.getUser("vishal").getAuthorities()[1]);
|
||||
}
|
||||
|
||||
}
|
||||
-19
@@ -1,19 +0,0 @@
|
||||
package org.acegisecurity.config;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import org.acegisecurity.providers.ProviderManager;
|
||||
import org.acegisecurity.providers.dao.DaoAuthenticationProvider;
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.context.support.ClassPathXmlApplicationContext;
|
||||
|
||||
//TODO: fix test name
|
||||
public class RememberMeBeanDefinitionParserTest extends TestCase {
|
||||
|
||||
public void testParserDefaults() {
|
||||
ApplicationContext context = new ClassPathXmlApplicationContext("org/acegisecurity/config/remember-me-defaults.xml");
|
||||
ProviderManager mgr = (ProviderManager)context.getBean("authenticationManager");
|
||||
assertEquals(1, mgr.getProviders().size());
|
||||
assertTrue(mgr.getProviders().get(0) instanceof DaoAuthenticationProvider);
|
||||
}
|
||||
}
|
||||
-56
@@ -1,56 +0,0 @@
|
||||
/**
|
||||
*
|
||||
*/
|
||||
package org.acegisecurity.config;
|
||||
|
||||
import java.lang.reflect.Field;
|
||||
import java.util.Map;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import org.acegisecurity.AuthenticationManager;
|
||||
import org.acegisecurity.ui.rememberme.RememberMeProcessingFilter;
|
||||
import org.acegisecurity.ui.rememberme.RememberMeServices;
|
||||
import org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices;
|
||||
import org.acegisecurity.userdetails.UserDetailsService;
|
||||
import org.springframework.beans.PropertyValue;
|
||||
import org.springframework.beans.factory.config.BeanDefinition;
|
||||
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.context.support.ClassPathXmlApplicationContext;
|
||||
import org.springframework.util.ReflectionUtils;
|
||||
|
||||
/**
|
||||
* @author Vishal Puri
|
||||
*
|
||||
*/
|
||||
public class RememberMeServicesBeanDefinitionParserTests extends TestCase {
|
||||
|
||||
public void testFilterConfiguration() {
|
||||
ApplicationContext context = new ClassPathXmlApplicationContext("org/acegisecurity/config/remember-me-defaults.xml");
|
||||
ConfigurableListableBeanFactory bf = (ConfigurableListableBeanFactory)context.getAutowireCapableBeanFactory();
|
||||
String[] names = bf.getBeanNamesForType(RememberMeProcessingFilter.class);
|
||||
assertEquals(1, names.length);
|
||||
RootBeanDefinition definition = (RootBeanDefinition)bf.getBeanDefinition(names[0]);
|
||||
assertEquals(definition.getBeanClass(), RememberMeProcessingFilter.class);
|
||||
}
|
||||
|
||||
public void testRuntimeAutoDetectionOfDependencies() throws Exception {
|
||||
ApplicationContext context = new ClassPathXmlApplicationContext("org/acegisecurity/config/remember-me-autodetect.xml");
|
||||
ConfigurableListableBeanFactory factory = (ConfigurableListableBeanFactory) context.getAutowireCapableBeanFactory();
|
||||
Map map = factory.getBeansOfType(RememberMeProcessingFilter.class);
|
||||
RememberMeProcessingFilter filter = (RememberMeProcessingFilter)map.values().iterator().next();
|
||||
RememberMeServices services = filter.getRememberMeServices();
|
||||
assertNotNull(services);
|
||||
TokenBasedRememberMeServices rememberMeServices = (TokenBasedRememberMeServices)services;
|
||||
UserDetailsService ud = rememberMeServices.getUserDetailsService();
|
||||
assertNotNull(ud);
|
||||
Field field = filter.getClass().getDeclaredField("authenticationManager");
|
||||
ReflectionUtils.makeAccessible(field);
|
||||
Object obj = field.get(filter);
|
||||
assertNotNull("authentication manager should not have been null", obj);
|
||||
assertTrue(obj instanceof AuthenticationManager);
|
||||
}
|
||||
|
||||
}
|
||||
@@ -1,12 +0,0 @@
|
||||
# Logging
|
||||
#
|
||||
|
||||
|
||||
log4j.rootCategory=WARN, stdout
|
||||
|
||||
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
|
||||
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
|
||||
log4j.appender.stdout.layout.ConversionPattern=%d %p %c - %m%n
|
||||
|
||||
log4j.category.org.acegisecurity=DEBUG
|
||||
log4j.category.org.springframework=INFO
|
||||
-174
@@ -1,174 +0,0 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<beans xmlns="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns:security="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
|
||||
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
|
||||
|
||||
<!--
|
||||
- A simple "base bones" Acegi Security configuration.
|
||||
-
|
||||
- The sample includes the "popular" features that people tend to use.
|
||||
- Specifically, form authentication, remember-me, and anonymous processing.
|
||||
- Other features aren't setup, as these can be added later by inserting
|
||||
- the relevant XML fragments as specified in the Reference Guide.
|
||||
-
|
||||
- To assist new users, the filters specified in the FilterChainProxy are
|
||||
- declared in the application context in the same order. Collaborators
|
||||
- required by those filters are placed at the end of the file.
|
||||
-
|
||||
- $Id: applicationContext-acegi-security.xml 1833 2007-05-17 23:06:46Z vishalpuri $
|
||||
-->
|
||||
|
||||
|
||||
<bean id="filterChainProxy"
|
||||
class="org.acegisecurity.util.FilterChainProxy">
|
||||
<property name="filterInvocationDefinitionSource">
|
||||
<value>
|
||||
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
|
||||
PATTERN_TYPE_APACHE_ANT
|
||||
/**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
|
||||
</value>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<!-- sessionCreation defaults to ifRequired(true) always(true) never(false) . -->
|
||||
<security:session-context-integration
|
||||
id="httpSessionContextIntegrationFilter" sessionCreation="ifRequired" />
|
||||
|
||||
|
||||
<!-- If LogoutFilter does not have setHandlers populated, introspect app ctx for LogoutHandlers, using Ordered (if present, otherwise assume Integer.MAX_VALUE) -->
|
||||
<!-- The logoutUrl and redirectAfterLogout are both optional and default to that shown -->
|
||||
<security:logout-support id="logoutFilter"
|
||||
redirectAfterLogoutUrl="/index.jsp" logoutUrl="/j_acegi_logout" />
|
||||
|
||||
<security:authentication-remember-me-services
|
||||
id="rememberMeServices" key="someValue" />
|
||||
|
||||
|
||||
<bean id="securityContextLogoutHandler"
|
||||
class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler" />
|
||||
|
||||
<!-- the URLs are all mandatory and have no defaults (well, except authenticationUrl) -->
|
||||
<security:authentication-form id="authenticationProcessingFilter"
|
||||
authenticationUrl="/j_acegi_security_check" defaultTargetUrl="/"
|
||||
errorFormUrl="/acegilogin.jsp?login_error=1" />
|
||||
|
||||
<!-- make it optional, if not supplied autodetect all auth-providers from app ctx, using Ordered to resolve their order -->
|
||||
<security:authentication-mechanism id="authenticationManager">
|
||||
<security:authentication-jdbc ref="daoAuthenticationProvider" />
|
||||
</security:authentication-mechanism>
|
||||
|
||||
|
||||
<!-- UserDetailsService is the most commonly frequently Acegi Security interface implemented by end users -->
|
||||
<security:principal-repository id="userDetailsService">
|
||||
<security:properties
|
||||
resource="classpath:org/acegisecurity/config/user.properties" />
|
||||
</security:principal-repository>
|
||||
|
||||
<!-- dao authentication provider "authenticationRepository" -->
|
||||
<security:authentication-repository id="daoAuthenticationProvider" />
|
||||
|
||||
|
||||
<bean id="securityContextHolderAwareRequestFilter"
|
||||
class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter" />
|
||||
|
||||
<!-- makes the filter, but does little else, as it auto-detects everything -->
|
||||
<security:authentication-remember-me-filter
|
||||
id="rememberMeProcessingFilter" />
|
||||
|
||||
<bean id="anonymousProcessingFilter"
|
||||
class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
|
||||
<property name="key" value="changeThis" />
|
||||
<property name="userAttribute"
|
||||
value="anonymousUser,ROLE_ANONYMOUS" />
|
||||
</bean>
|
||||
|
||||
<!-- Basically accessDeniedUrl is optional, we if unspecified impl will auto-detect any AccessDeniedHandler in ctx and use it;
|
||||
alternately if there are > 1 such handlers, we can nominate the one to use via accessDeniedBeanRef; provide nested elements for
|
||||
other props; i do not mind if you move the access denied stuff to a sub-element -->
|
||||
<security:exception-translation id="exceptionTranslationFilter">
|
||||
<security:entry-point
|
||||
entryPointBeanRef="authenticationEntryPoint" />
|
||||
</security:exception-translation>
|
||||
|
||||
|
||||
<bean id="authenticationEntryPoint"
|
||||
class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
|
||||
<property name="loginFormUrl" value="/acegilogin.jsp" />
|
||||
<property name="forceHttps" value="false" />
|
||||
</bean>
|
||||
|
||||
|
||||
<bean id="accessDeniedHandler"
|
||||
class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
|
||||
<property name="errorPage" value="/accessDenied.jsp" />
|
||||
</bean>
|
||||
|
||||
|
||||
<bean id="filterInvocationInterceptor"
|
||||
class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
|
||||
<property name="authenticationManager"
|
||||
ref="authenticationManager" />
|
||||
<property name="accessDecisionManager">
|
||||
<bean class="org.acegisecurity.vote.AffirmativeBased">
|
||||
<property name="allowIfAllAbstainDecisions"
|
||||
value="false" />
|
||||
<property name="decisionVoters">
|
||||
<list>
|
||||
<bean class="org.acegisecurity.vote.RoleVoter" />
|
||||
<bean
|
||||
class="org.acegisecurity.vote.AuthenticatedVoter" />
|
||||
</list>
|
||||
</property>
|
||||
</bean>
|
||||
</property>
|
||||
<property name="objectDefinitionSource">
|
||||
<value>
|
||||
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
|
||||
PATTERN_TYPE_APACHE_ANT
|
||||
/acegilogin.jsp=IS_AUTHENTICATED_ANONYMOUSLY
|
||||
/**=IS_AUTHENTICATED_REMEMBERED
|
||||
|
||||
</value>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
|
||||
<!--<bean id="authenticationManager"
|
||||
class="org.acegisecurity.providers.ProviderManager">
|
||||
<property name="providers">
|
||||
<list>
|
||||
<ref local="daoAuthenticationProvider" />
|
||||
<bean
|
||||
class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
|
||||
<property name="key" value="changeThis" />
|
||||
</bean>
|
||||
<bean
|
||||
class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">
|
||||
<property name="key" value="changeThis" />
|
||||
</bean>
|
||||
</list>
|
||||
</property>
|
||||
</bean>-->
|
||||
|
||||
<bean id="userCache"
|
||||
class="org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
|
||||
<property name="cache">
|
||||
<bean
|
||||
class="org.springframework.cache.ehcache.EhCacheFactoryBean">
|
||||
<property name="cacheManager">
|
||||
<bean
|
||||
class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean" />
|
||||
</property>
|
||||
<property name="cacheName" value="userCache" />
|
||||
</bean>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<!-- This bean is optional; it isn't used by any other bean as it only listens and logs -->
|
||||
<bean id="loggerListener"
|
||||
class="org.acegisecurity.event.authentication.LoggerListener" />
|
||||
|
||||
</beans>
|
||||
-19
@@ -1,19 +0,0 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<beans xmlns="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns:security="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
|
||||
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
|
||||
|
||||
<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
|
||||
<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
|
||||
|
||||
<!-- AuthenticationEntryPoints handled across the system via Ordered interface; every Acegi entry point has an order; the highest order wins and
|
||||
is used as the entry point by ExceptionTranslationFilter; for things like BasicAuthenticationfilter, they're smart enough to know they need a
|
||||
BasicAuthenticationProcessingFilterEntryPoint, so they use that one; here we have an entryPointOrder to say when we make the BasicEntryPoint,
|
||||
we will call setOrder(2) such that this app effectively will use somehing with a higher order as the app-wide default -->
|
||||
<security:authentication-basic id="id"
|
||||
realmName="Spring Security Application" entryPointOrder="2" />
|
||||
|
||||
</beans>
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user