Compare commits
16 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 3243a7cde2 | |||
| 07848a1060 | |||
| 8207a29e52 | |||
| 1c22ec19e6 | |||
| 56e41df964 | |||
| f232f5ef05 | |||
| d467146e49 | |||
| c64b80564e | |||
| 90f230cbfa | |||
| 4cc2ffaa2d | |||
| a24065c361 | |||
| 789d29b26b | |||
| 29632ee9ea | |||
| 37aacc5e02 | |||
| 0284845289 | |||
| e6231584c8 |
+3
-9
@@ -4,7 +4,7 @@
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-acl</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<name>spring-security-acl</name>
|
||||
<description>spring-security-acl</description>
|
||||
<url>http://spring.io/spring-security</url>
|
||||
@@ -42,12 +42,6 @@
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
<repositories>
|
||||
<repository>
|
||||
<id>spring-snasphot</id>
|
||||
<url>https://repo.spring.io/snapshot</url>
|
||||
</repository>
|
||||
</repositories>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>aopalliance</groupId>
|
||||
@@ -58,7 +52,7 @@
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-core</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
@@ -138,7 +132,7 @@
|
||||
<dependency>
|
||||
<groupId>org.mockito</groupId>
|
||||
<artifactId>mockito-core</artifactId>
|
||||
<version>1.9.5</version>
|
||||
<version>1.10.19</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
|
||||
+3
-9
@@ -4,7 +4,7 @@
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-aspects</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<name>spring-security-aspects</name>
|
||||
<description>spring-security-aspects</description>
|
||||
<url>http://spring.io/spring-security</url>
|
||||
@@ -42,17 +42,11 @@
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
<repositories>
|
||||
<repository>
|
||||
<id>spring-snasphot</id>
|
||||
<url>https://repo.spring.io/snapshot</url>
|
||||
</repository>
|
||||
</repositories>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-core</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
@@ -120,7 +114,7 @@
|
||||
<dependency>
|
||||
<groupId>org.mockito</groupId>
|
||||
<artifactId>mockito-core</artifactId>
|
||||
<version>1.9.5</version>
|
||||
<version>1.10.19</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
|
||||
@@ -146,6 +146,7 @@ task dist(type: Zip) {
|
||||
into(zipRootDir) {
|
||||
from(rootDir) {
|
||||
include '*.adoc'
|
||||
include '*.txt'
|
||||
}
|
||||
into('docs') {
|
||||
with(project(':docs').apiSpec)
|
||||
|
||||
+4
-10
@@ -4,7 +4,7 @@
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-cas</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<name>spring-security-cas</name>
|
||||
<description>spring-security-cas</description>
|
||||
<url>http://spring.io/spring-security</url>
|
||||
@@ -42,12 +42,6 @@
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
<repositories>
|
||||
<repository>
|
||||
<id>spring-snasphot</id>
|
||||
<url>https://repo.spring.io/snapshot</url>
|
||||
</repository>
|
||||
</repositories>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.jasig.cas.client</groupId>
|
||||
@@ -58,13 +52,13 @@
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-core</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-web</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
@@ -138,7 +132,7 @@
|
||||
<dependency>
|
||||
<groupId>org.mockito</groupId>
|
||||
<artifactId>mockito-core</artifactId>
|
||||
<version>1.9.5</version>
|
||||
<version>1.10.19</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
|
||||
+14
-20
@@ -4,7 +4,7 @@
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-config</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<name>spring-security-config</name>
|
||||
<description>spring-security-config</description>
|
||||
<url>http://spring.io/spring-security</url>
|
||||
@@ -42,12 +42,6 @@
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
<repositories>
|
||||
<repository>
|
||||
<id>spring-snasphot</id>
|
||||
<url>https://repo.spring.io/snapshot</url>
|
||||
</repository>
|
||||
</repositories>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>aopalliance</groupId>
|
||||
@@ -58,7 +52,7 @@
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-core</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
@@ -108,28 +102,28 @@
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-aspects</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
<optional>true</optional>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-ldap</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
<optional>true</optional>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-openid</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
<optional>true</optional>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-web</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
<optional>true</optional>
|
||||
</dependency>
|
||||
@@ -278,7 +272,7 @@
|
||||
<dependency>
|
||||
<groupId>org.mockito</groupId>
|
||||
<artifactId>mockito-core</artifactId>
|
||||
<version>1.9.5</version>
|
||||
<version>1.10.19</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
@@ -296,7 +290,7 @@
|
||||
<dependency>
|
||||
<groupId>org.powermock</groupId>
|
||||
<artifactId>powermock-api-mockito</artifactId>
|
||||
<version>1.6.1</version>
|
||||
<version>1.6.2</version>
|
||||
<scope>test</scope>
|
||||
<exclusions>
|
||||
<exclusion>
|
||||
@@ -308,31 +302,31 @@
|
||||
<dependency>
|
||||
<groupId>org.powermock</groupId>
|
||||
<artifactId>powermock-api-support</artifactId>
|
||||
<version>1.6.1</version>
|
||||
<version>1.6.2</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.powermock</groupId>
|
||||
<artifactId>powermock-core</artifactId>
|
||||
<version>1.6.1</version>
|
||||
<version>1.6.2</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.powermock</groupId>
|
||||
<artifactId>powermock-module-junit4</artifactId>
|
||||
<version>1.6.1</version>
|
||||
<version>1.6.2</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.powermock</groupId>
|
||||
<artifactId>powermock-module-junit4-common</artifactId>
|
||||
<version>1.6.1</version>
|
||||
<version>1.6.2</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.powermock</groupId>
|
||||
<artifactId>powermock-reflect</artifactId>
|
||||
<version>1.6.1</version>
|
||||
<version>1.6.2</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
@@ -386,7 +380,7 @@
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-cas</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
|
||||
+9
-3
@@ -56,6 +56,8 @@ public abstract class AbstractConfiguredSecurityBuilder<O, B extends SecurityBui
|
||||
private final LinkedHashMap<Class<? extends SecurityConfigurer<O, B>>, List<SecurityConfigurer<O, B>>> configurers =
|
||||
new LinkedHashMap<Class<? extends SecurityConfigurer<O, B>>, List<SecurityConfigurer<O, B>>>();
|
||||
|
||||
private final List<SecurityConfigurer<O, B>> configurersAddedInInitializing = new ArrayList<SecurityConfigurer<O, B>>();
|
||||
|
||||
private final Map<Class<Object>,Object> sharedObjects = new HashMap<Class<Object>,Object>();
|
||||
|
||||
private final boolean allowConfigurersOfSameType;
|
||||
@@ -122,9 +124,9 @@ public abstract class AbstractConfiguredSecurityBuilder<O, B extends SecurityBui
|
||||
@SuppressWarnings("unchecked")
|
||||
public <C extends SecurityConfigurerAdapter<O, B>> C apply(C configurer)
|
||||
throws Exception {
|
||||
add(configurer);
|
||||
configurer.addObjectPostProcessor(objectPostProcessor);
|
||||
configurer.setBuilder((B) this);
|
||||
add(configurer);
|
||||
return configurer;
|
||||
}
|
||||
|
||||
@@ -198,7 +200,7 @@ public abstract class AbstractConfiguredSecurityBuilder<O, B extends SecurityBui
|
||||
configs.add(configurer);
|
||||
this.configurers.put(clazz, configs);
|
||||
if(buildState.isInitializing()) {
|
||||
configurer.init((B)this);
|
||||
this.configurersAddedInInitializing.add(configurer);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -363,7 +365,11 @@ public abstract class AbstractConfiguredSecurityBuilder<O, B extends SecurityBui
|
||||
private void init() throws Exception {
|
||||
Collection<SecurityConfigurer<O,B>> configurers = getConfigurers();
|
||||
|
||||
for(SecurityConfigurer<O,B> configurer : configurers ) {
|
||||
for (SecurityConfigurer<O, B> configurer : configurers) {
|
||||
configurer.init((B) this);
|
||||
}
|
||||
|
||||
for (SecurityConfigurer<O, B> configurer : configurersAddedInInitializing) {
|
||||
configurer.init((B) this);
|
||||
}
|
||||
}
|
||||
|
||||
+15
@@ -25,6 +25,7 @@ import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
||||
import org.springframework.security.web.util.matcher.AnyRequestMatcher;
|
||||
import org.springframework.security.web.util.matcher.RegexRequestMatcher;
|
||||
import org.springframework.security.web.util.matcher.RequestMatcher;
|
||||
import org.springframework.util.ObjectUtils;
|
||||
|
||||
/**
|
||||
* A base class for registering {@link RequestMatcher}'s. For example, it might allow for specifying which
|
||||
@@ -51,6 +52,20 @@ public abstract class AbstractRequestMatcherRegistry<C> {
|
||||
return requestMatchers(ANY_REQUEST);
|
||||
}
|
||||
|
||||
/**
|
||||
* Maps a {@link List} of
|
||||
* {@link org.springframework.security.web.util.matcher.AntPathRequestMatcher}
|
||||
* instances.
|
||||
*
|
||||
* @param method the {@link HttpMethod} to use for any
|
||||
* {@link HttpMethod}.
|
||||
*
|
||||
* @return the object that is chained after creating the {@link RequestMatcher}
|
||||
*/
|
||||
public C antMatchers(HttpMethod method) {
|
||||
return antMatchers(method, new String[] { "/**" });
|
||||
}
|
||||
|
||||
/**
|
||||
* Maps a {@link List} of {@link org.springframework.security.web.util.matcher.AntPathRequestMatcher} instances.
|
||||
*
|
||||
|
||||
+11
@@ -23,6 +23,7 @@ import javax.servlet.http.HttpSession;
|
||||
import org.springframework.security.config.annotation.SecurityConfigurer;
|
||||
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.web.authentication.logout.CookieClearingLogoutHandler;
|
||||
import org.springframework.security.web.authentication.logout.LogoutFilter;
|
||||
import org.springframework.security.web.authentication.logout.LogoutHandler;
|
||||
@@ -98,6 +99,16 @@ public final class LogoutConfigurer<H extends HttpSecurityBuilder<H>> extends Ab
|
||||
return this;
|
||||
}
|
||||
|
||||
/**
|
||||
* Specifies if {@link SecurityContextLogoutHandler} should clear the {@link Authentication} at the time of logout.
|
||||
* @param clearAuthentication true {@link SecurityContextLogoutHandler} should clear the {@link Authentication} (default), or false otherwise.
|
||||
* @return the {@link LogoutConfigurer} for further customization
|
||||
*/
|
||||
public LogoutConfigurer<H> clearAuthentication(boolean clearAuthentication) {
|
||||
contextLogoutHandler.setClearAuthentication(clearAuthentication);
|
||||
return this;
|
||||
}
|
||||
|
||||
/**
|
||||
* The URL that triggers log out to occur (default is "/logout"). If CSRF
|
||||
* protection is enabled (default), then the request must also be a POST.
|
||||
|
||||
+100
@@ -0,0 +1,100 @@
|
||||
/*
|
||||
* Copyright 2002-2015 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.config.annotation.web.configurers;
|
||||
|
||||
import static org.fest.assertions.Assertions.assertThat;
|
||||
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.junit.After;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.http.HttpMethod;
|
||||
import org.springframework.mock.web.MockFilterChain;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.web.FilterChainProxy;
|
||||
import org.springframework.web.context.support.AnnotationConfigWebApplicationContext;
|
||||
|
||||
/**
|
||||
* @author Rob Winch
|
||||
*
|
||||
*/
|
||||
public class AuthorizeRequestsTests {
|
||||
AnnotationConfigWebApplicationContext context;
|
||||
|
||||
MockHttpServletRequest request;
|
||||
MockHttpServletResponse response;
|
||||
MockFilterChain chain;
|
||||
|
||||
@Autowired
|
||||
FilterChainProxy springSecurityFilterChain;
|
||||
|
||||
@Before
|
||||
public void setup() {
|
||||
request = new MockHttpServletRequest();
|
||||
response = new MockHttpServletResponse();
|
||||
chain = new MockFilterChain();
|
||||
}
|
||||
|
||||
@After
|
||||
public void cleanup() {
|
||||
if(context != null) {
|
||||
context.close();
|
||||
}
|
||||
}
|
||||
|
||||
// SEC-3135
|
||||
@Test
|
||||
public void antMatchersMethodAndNoPatterns() throws Exception {
|
||||
loadConfig(AntMatchersNoPatternsConfig.class);
|
||||
request.setMethod("POST");
|
||||
|
||||
springSecurityFilterChain.doFilter(request, response, chain);
|
||||
|
||||
assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN);
|
||||
}
|
||||
|
||||
@EnableWebSecurity
|
||||
@Configuration
|
||||
static class AntMatchersNoPatternsConfig extends WebSecurityConfigurerAdapter {
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.authorizeRequests()
|
||||
.antMatchers(HttpMethod.POST).denyAll();
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
|
||||
auth
|
||||
.inMemoryAuthentication();
|
||||
}
|
||||
}
|
||||
|
||||
public void loadConfig(Class<?>... configs) {
|
||||
context = new AnnotationConfigWebApplicationContext();
|
||||
context.register(configs);
|
||||
context.refresh();
|
||||
|
||||
context.getAutowireCapableBeanFactory().autowireBean(this);
|
||||
}
|
||||
}
|
||||
+105
@@ -0,0 +1,105 @@
|
||||
/*
|
||||
* Copyright 2002-2015 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.config.annotation.web.configurers;
|
||||
|
||||
import static org.fest.assertions.Assertions.assertThat;
|
||||
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.junit.After;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.http.HttpMethod;
|
||||
import org.springframework.mock.web.MockFilterChain;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.web.FilterChainProxy;
|
||||
import org.springframework.web.context.support.AnnotationConfigWebApplicationContext;
|
||||
|
||||
/**
|
||||
* @author Rob Winch
|
||||
*
|
||||
*/
|
||||
public class HttpSecurityAntMatchersTests {
|
||||
AnnotationConfigWebApplicationContext context;
|
||||
|
||||
MockHttpServletRequest request;
|
||||
MockHttpServletResponse response;
|
||||
MockFilterChain chain;
|
||||
|
||||
@Autowired
|
||||
FilterChainProxy springSecurityFilterChain;
|
||||
|
||||
@Before
|
||||
public void setup() {
|
||||
request = new MockHttpServletRequest();
|
||||
response = new MockHttpServletResponse();
|
||||
chain = new MockFilterChain();
|
||||
}
|
||||
|
||||
@After
|
||||
public void cleanup() {
|
||||
if(context != null) {
|
||||
context.close();
|
||||
}
|
||||
}
|
||||
|
||||
// SEC-3135
|
||||
@Test
|
||||
public void antMatchersMethodAndNoPatterns() throws Exception {
|
||||
loadConfig(AntMatchersNoPatternsConfig.class);
|
||||
request.setMethod("POST");
|
||||
|
||||
springSecurityFilterChain.doFilter(request, response, chain);
|
||||
|
||||
assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN);
|
||||
}
|
||||
|
||||
@EnableWebSecurity
|
||||
@Configuration
|
||||
static class AntMatchersNoPatternsConfig extends WebSecurityConfigurerAdapter {
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.requestMatchers()
|
||||
.antMatchers(HttpMethod.POST)
|
||||
.and()
|
||||
.authorizeRequests()
|
||||
.anyRequest().denyAll();
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
|
||||
auth
|
||||
.inMemoryAuthentication();
|
||||
}
|
||||
}
|
||||
|
||||
public void loadConfig(Class<?>... configs) {
|
||||
context = new AnnotationConfigWebApplicationContext();
|
||||
context.register(configs);
|
||||
context.refresh();
|
||||
|
||||
context.getAutowireCapableBeanFactory().autowireBean(this);
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
+110
@@ -0,0 +1,110 @@
|
||||
/*
|
||||
* Copyright 2002-2015 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.config.annotation.web.configurers;
|
||||
|
||||
import static org.fest.assertions.Assertions.assertThat;
|
||||
|
||||
import org.junit.After;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.mock.web.MockFilterChain;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.security.authentication.TestingAuthenticationToken;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.core.context.SecurityContext;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.web.FilterChainProxy;
|
||||
import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
|
||||
import org.springframework.web.context.support.AnnotationConfigWebApplicationContext;
|
||||
|
||||
/**
|
||||
* @author Rob Winch
|
||||
*
|
||||
*/
|
||||
public class HttpSecurityLogoutTests {
|
||||
AnnotationConfigWebApplicationContext context;
|
||||
|
||||
MockHttpServletRequest request;
|
||||
MockHttpServletResponse response;
|
||||
MockFilterChain chain;
|
||||
|
||||
@Autowired
|
||||
FilterChainProxy springSecurityFilterChain;
|
||||
|
||||
@Before
|
||||
public void setup() {
|
||||
request = new MockHttpServletRequest();
|
||||
response = new MockHttpServletResponse();
|
||||
chain = new MockFilterChain();
|
||||
}
|
||||
|
||||
@After
|
||||
public void cleanup() {
|
||||
if(context != null) {
|
||||
context.close();
|
||||
}
|
||||
}
|
||||
|
||||
// SEC-2848
|
||||
@Test
|
||||
public void clearAuthenticationFalse() throws Exception {
|
||||
loadConfig(ClearAuthenticationFalseConfig.class);
|
||||
|
||||
SecurityContext currentContext = SecurityContextHolder.createEmptyContext();
|
||||
currentContext.setAuthentication(new TestingAuthenticationToken("user", "password","ROLE_USER"));
|
||||
|
||||
request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, currentContext);
|
||||
request.setMethod("POST");
|
||||
request.setServletPath("/logout");
|
||||
|
||||
springSecurityFilterChain.doFilter(request, response, chain);
|
||||
|
||||
assertThat(currentContext.getAuthentication()).isNotNull();
|
||||
}
|
||||
|
||||
@EnableWebSecurity
|
||||
@Configuration
|
||||
static class ClearAuthenticationFalseConfig extends WebSecurityConfigurerAdapter {
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.csrf().disable()
|
||||
.logout()
|
||||
.clearAuthentication(false);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
|
||||
auth
|
||||
.inMemoryAuthentication();
|
||||
}
|
||||
}
|
||||
|
||||
public void loadConfig(Class<?>... configs) {
|
||||
context = new AnnotationConfigWebApplicationContext();
|
||||
context.register(configs);
|
||||
context.refresh();
|
||||
|
||||
context.getAutowireCapableBeanFactory().autowireBean(this);
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
+67
@@ -0,0 +1,67 @@
|
||||
/*
|
||||
* Copyright 2002-2015 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.config.http.customconfigurer;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer;
|
||||
import org.springframework.security.web.DefaultSecurityFilterChain;
|
||||
|
||||
/**
|
||||
* @author Rob Winch
|
||||
*
|
||||
*/
|
||||
public class CustomConfigurer extends SecurityConfigurerAdapter<DefaultSecurityFilterChain,HttpSecurity> {
|
||||
|
||||
@Value("${permitAllPattern}")
|
||||
private String permitAllPattern;
|
||||
|
||||
private String loginPage = "/login";
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.springframework.security.config.annotation.SecurityConfigurerAdapter#init(org.springframework.security.config.annotation.SecurityBuilder)
|
||||
*/
|
||||
@SuppressWarnings("unchecked")
|
||||
@Override
|
||||
public void init(HttpSecurity http) throws Exception {
|
||||
// autowire this bean
|
||||
ApplicationContext context = http.getSharedObject(ApplicationContext.class);
|
||||
context.getAutowireCapableBeanFactory().autowireBean(this);
|
||||
|
||||
http
|
||||
.authorizeRequests()
|
||||
.antMatchers(permitAllPattern).permitAll()
|
||||
.anyRequest().authenticated();
|
||||
|
||||
if(http.getConfigurer(FormLoginConfigurer.class) == null) {
|
||||
// only apply if formLogin() was not invoked by the user
|
||||
http
|
||||
.formLogin()
|
||||
.loginPage(loginPage);
|
||||
}
|
||||
}
|
||||
|
||||
public CustomConfigurer loginPage(String loginPage) {
|
||||
this.loginPage = loginPage;
|
||||
return this;
|
||||
}
|
||||
|
||||
public static CustomConfigurer customConfigurer() {
|
||||
return new CustomConfigurer();
|
||||
}
|
||||
}
|
||||
+164
@@ -0,0 +1,164 @@
|
||||
/*
|
||||
* Copyright 2002-2015 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.config.http.customconfigurer;
|
||||
|
||||
import static org.fest.assertions.Assertions.assertThat;
|
||||
import static org.springframework.security.config.http.customconfigurer.CustomConfigurer.customConfigurer;
|
||||
|
||||
import java.util.Properties;
|
||||
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.junit.After;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.beans.factory.config.PropertyPlaceholderConfigurer;
|
||||
import org.springframework.context.ConfigurableApplicationContext;
|
||||
import org.springframework.context.annotation.AnnotationConfigApplicationContext;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.mock.web.MockFilterChain;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.web.FilterChainProxy;
|
||||
|
||||
/**
|
||||
* @author Rob Winch
|
||||
*
|
||||
*/
|
||||
public class CustomHttpSecurityConfigurerTests {
|
||||
@Autowired
|
||||
ConfigurableApplicationContext context;
|
||||
|
||||
@Autowired
|
||||
FilterChainProxy springSecurityFilterChain;
|
||||
|
||||
MockHttpServletRequest request;
|
||||
MockHttpServletResponse response;
|
||||
MockFilterChain chain;
|
||||
|
||||
@Before
|
||||
public void setup() {
|
||||
request = new MockHttpServletRequest();
|
||||
response = new MockHttpServletResponse();
|
||||
chain = new MockFilterChain();
|
||||
request.setMethod("GET");
|
||||
}
|
||||
|
||||
@After
|
||||
public void cleanup() {
|
||||
if(context != null) {
|
||||
context.close();
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void customConfiguerPermitAll() throws Exception {
|
||||
loadContext(Config.class);
|
||||
|
||||
request.setPathInfo("/public/something");
|
||||
|
||||
springSecurityFilterChain.doFilter(request, response, chain);
|
||||
|
||||
assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void customConfiguerFormLogin() throws Exception {
|
||||
loadContext(Config.class);
|
||||
request.setPathInfo("/requires-authentication");
|
||||
|
||||
springSecurityFilterChain.doFilter(request, response, chain);
|
||||
|
||||
assertThat(response.getRedirectedUrl()).endsWith("/custom");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void customConfiguerCustomizeDisablesCsrf() throws Exception {
|
||||
loadContext(ConfigCustomize.class);
|
||||
request.setPathInfo("/public/something");
|
||||
request.setMethod("POST");
|
||||
|
||||
springSecurityFilterChain.doFilter(request, response, chain);
|
||||
|
||||
assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void customConfiguerCustomizeFormLogin() throws Exception {
|
||||
loadContext(ConfigCustomize.class);
|
||||
request.setPathInfo("/requires-authentication");
|
||||
|
||||
springSecurityFilterChain.doFilter(request, response, chain);
|
||||
|
||||
assertThat(response.getRedirectedUrl()).endsWith("/other");
|
||||
}
|
||||
|
||||
private void loadContext(Class<?> clazz) {
|
||||
AnnotationConfigApplicationContext context = new AnnotationConfigApplicationContext(clazz);
|
||||
context.getAutowireCapableBeanFactory().autowireBean(this);
|
||||
}
|
||||
|
||||
@EnableWebSecurity
|
||||
static class Config extends WebSecurityConfigurerAdapter {
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.apply(customConfigurer())
|
||||
.loginPage("/custom");
|
||||
}
|
||||
|
||||
@Bean
|
||||
public static PropertyPlaceholderConfigurer propertyPlaceholderConfigurer() {
|
||||
// Typically externalize this as a properties file
|
||||
Properties properties = new Properties();
|
||||
properties.setProperty("permitAllPattern", "/public/**");
|
||||
|
||||
PropertyPlaceholderConfigurer propertyPlaceholderConfigurer = new PropertyPlaceholderConfigurer();
|
||||
propertyPlaceholderConfigurer.setProperties(properties);
|
||||
return propertyPlaceholderConfigurer;
|
||||
}
|
||||
}
|
||||
|
||||
@EnableWebSecurity
|
||||
static class ConfigCustomize extends WebSecurityConfigurerAdapter {
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.apply(customConfigurer())
|
||||
.and()
|
||||
.csrf().disable()
|
||||
.formLogin()
|
||||
.loginPage("/other");
|
||||
}
|
||||
|
||||
@Bean
|
||||
public static PropertyPlaceholderConfigurer propertyPlaceholderConfigurer() {
|
||||
// Typically externalize this as a properties file
|
||||
Properties properties = new Properties();
|
||||
properties.setProperty("permitAllPattern", "/public/**");
|
||||
|
||||
PropertyPlaceholderConfigurer propertyPlaceholderConfigurer = new PropertyPlaceholderConfigurer();
|
||||
propertyPlaceholderConfigurer.setProperties(properties);
|
||||
return propertyPlaceholderConfigurer;
|
||||
}
|
||||
}
|
||||
}
|
||||
+8
-14
@@ -4,7 +4,7 @@
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-core</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<name>spring-security-core</name>
|
||||
<description>spring-security-core</description>
|
||||
<url>http://spring.io/spring-security</url>
|
||||
@@ -42,12 +42,6 @@
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
<repositories>
|
||||
<repository>
|
||||
<id>spring-snasphot</id>
|
||||
<url>https://repo.spring.io/snapshot</url>
|
||||
</repository>
|
||||
</repositories>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>aopalliance</groupId>
|
||||
@@ -184,7 +178,7 @@
|
||||
<dependency>
|
||||
<groupId>org.mockito</groupId>
|
||||
<artifactId>mockito-core</artifactId>
|
||||
<version>1.9.5</version>
|
||||
<version>1.10.19</version>
|
||||
<scope>test</scope>
|
||||
<exclusions>
|
||||
<exclusion>
|
||||
@@ -196,7 +190,7 @@
|
||||
<dependency>
|
||||
<groupId>org.powermock</groupId>
|
||||
<artifactId>powermock-api-mockito</artifactId>
|
||||
<version>1.6.1</version>
|
||||
<version>1.6.2</version>
|
||||
<scope>test</scope>
|
||||
<exclusions>
|
||||
<exclusion>
|
||||
@@ -208,7 +202,7 @@
|
||||
<dependency>
|
||||
<groupId>org.powermock</groupId>
|
||||
<artifactId>powermock-api-support</artifactId>
|
||||
<version>1.6.1</version>
|
||||
<version>1.6.2</version>
|
||||
<scope>test</scope>
|
||||
<exclusions>
|
||||
<exclusion>
|
||||
@@ -220,7 +214,7 @@
|
||||
<dependency>
|
||||
<groupId>org.powermock</groupId>
|
||||
<artifactId>powermock-core</artifactId>
|
||||
<version>1.6.1</version>
|
||||
<version>1.6.2</version>
|
||||
<scope>test</scope>
|
||||
<exclusions>
|
||||
<exclusion>
|
||||
@@ -232,7 +226,7 @@
|
||||
<dependency>
|
||||
<groupId>org.powermock</groupId>
|
||||
<artifactId>powermock-module-junit4</artifactId>
|
||||
<version>1.6.1</version>
|
||||
<version>1.6.2</version>
|
||||
<scope>test</scope>
|
||||
<exclusions>
|
||||
<exclusion>
|
||||
@@ -244,7 +238,7 @@
|
||||
<dependency>
|
||||
<groupId>org.powermock</groupId>
|
||||
<artifactId>powermock-module-junit4-common</artifactId>
|
||||
<version>1.6.1</version>
|
||||
<version>1.6.2</version>
|
||||
<scope>test</scope>
|
||||
<exclusions>
|
||||
<exclusion>
|
||||
@@ -256,7 +250,7 @@
|
||||
<dependency>
|
||||
<groupId>org.powermock</groupId>
|
||||
<artifactId>powermock-reflect</artifactId>
|
||||
<version>1.6.1</version>
|
||||
<version>1.6.2</version>
|
||||
<scope>test</scope>
|
||||
<exclusions>
|
||||
<exclusion>
|
||||
|
||||
@@ -92,6 +92,9 @@ public class RoleVoter implements AccessDecisionVoter<Object> {
|
||||
}
|
||||
|
||||
public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) {
|
||||
if(authentication == null) {
|
||||
return ACCESS_DENIED;
|
||||
}
|
||||
int result = ACCESS_ABSTAIN;
|
||||
Collection<? extends GrantedAuthority> authorities = extractAuthorities(authentication);
|
||||
|
||||
|
||||
+37
-42
@@ -25,10 +25,8 @@ import org.springframework.util.Assert;
|
||||
* then removing the {@link SecurityContext} after the delegate has completed.
|
||||
* </p>
|
||||
* <p>
|
||||
* By default the {@link SecurityContext} is only setup if {@link #call()} is
|
||||
* invoked on a separate {@link Thread} than the
|
||||
* {@link DelegatingSecurityContextCallable} was created on. This can be
|
||||
* overridden by setting {@link #setEnableOnOriginalThread(boolean)} to true.
|
||||
* If there is a {@link SecurityContext} that already exists, it will be
|
||||
* restored after the {@link #call()} method is invoked.
|
||||
* </p>
|
||||
*
|
||||
* @author Rob Winch
|
||||
@@ -38,63 +36,60 @@ public final class DelegatingSecurityContextCallable<V> implements Callable<V> {
|
||||
|
||||
private final Callable<V> delegate;
|
||||
|
||||
private final SecurityContext securityContext;
|
||||
|
||||
private final Thread originalThread;
|
||||
|
||||
private boolean enableOnOriginalThread;
|
||||
|
||||
/**
|
||||
* Creates a new {@link DelegatingSecurityContextCallable} with a specific {@link SecurityContext}.
|
||||
* @param delegate the delegate {@link DelegatingSecurityContextCallable} to run with the specified
|
||||
* {@link SecurityContext}. Cannot be null.
|
||||
* @param securityContext the {@link SecurityContext} to establish for the delegate {@link Callable}. Cannot be
|
||||
* null.
|
||||
* The {@link SecurityContext} that the delegate {@link Callable} will be
|
||||
* ran as.
|
||||
*/
|
||||
public DelegatingSecurityContextCallable(Callable<V> delegate, SecurityContext securityContext) {
|
||||
private final SecurityContext delegateSecurityContext;
|
||||
|
||||
/**
|
||||
* The {@link SecurityContext} that was on the {@link SecurityContextHolder}
|
||||
* prior to being set to the delegateSecurityContext.
|
||||
*/
|
||||
private SecurityContext originalSecurityContext;
|
||||
|
||||
/**
|
||||
* Creates a new {@link DelegatingSecurityContextCallable} with a specific
|
||||
* {@link SecurityContext}.
|
||||
* @param delegate the delegate {@link DelegatingSecurityContextCallable} to run with
|
||||
* the specified {@link SecurityContext}. Cannot be null.
|
||||
* @param securityContext the {@link SecurityContext} to establish for the delegate
|
||||
* {@link Callable}. Cannot be null.
|
||||
*/
|
||||
public DelegatingSecurityContextCallable(Callable<V> delegate,
|
||||
SecurityContext securityContext) {
|
||||
Assert.notNull(delegate, "delegate cannot be null");
|
||||
Assert.notNull(securityContext, "securityContext cannot be null");
|
||||
this.delegate = delegate;
|
||||
this.securityContext = securityContext;
|
||||
this.originalThread = Thread.currentThread();
|
||||
this.delegateSecurityContext = securityContext;
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a new {@link DelegatingSecurityContextCallable} with the {@link SecurityContext} from the
|
||||
* {@link SecurityContextHolder}.
|
||||
* @param delegate the delegate {@link Callable} to run under the current {@link SecurityContext}. Cannot be null.
|
||||
* Creates a new {@link DelegatingSecurityContextCallable} with the
|
||||
* {@link SecurityContext} from the {@link SecurityContextHolder}.
|
||||
* @param delegate the delegate {@link Callable} to run under the current
|
||||
* {@link SecurityContext}. Cannot be null.
|
||||
*/
|
||||
public DelegatingSecurityContextCallable(Callable<V> delegate) {
|
||||
this(delegate, SecurityContextHolder.getContext());
|
||||
}
|
||||
|
||||
/**
|
||||
* Determines if the SecurityContext should be transfered if {@link #call()}
|
||||
* is invoked on the same {@link Thread} the
|
||||
* {@link DelegatingSecurityContextCallable} was created on.
|
||||
*
|
||||
* @param enableOnOriginalThread
|
||||
* if false (default), will only transfer the
|
||||
* {@link SecurityContext} if {@link #call()} is invoked on a
|
||||
* different {@link Thread} than the
|
||||
* {@link DelegatingSecurityContextCallable} was created on.
|
||||
*
|
||||
* @since 4.0.2
|
||||
*/
|
||||
public void setEnableOnOriginalThread(boolean enableOnOriginalThread) {
|
||||
this.enableOnOriginalThread = enableOnOriginalThread;
|
||||
}
|
||||
|
||||
public V call() throws Exception {
|
||||
if(!enableOnOriginalThread && originalThread == Thread.currentThread()) {
|
||||
return delegate.call();
|
||||
}
|
||||
this.originalSecurityContext = SecurityContextHolder.getContext();
|
||||
|
||||
try {
|
||||
SecurityContextHolder.setContext(securityContext);
|
||||
SecurityContextHolder.setContext(delegateSecurityContext);
|
||||
return delegate.call();
|
||||
}
|
||||
finally {
|
||||
SecurityContextHolder.clearContext();
|
||||
SecurityContext emptyContext = SecurityContextHolder.createEmptyContext();
|
||||
if(emptyContext.equals(originalSecurityContext)) {
|
||||
SecurityContextHolder.clearContext();
|
||||
} else {
|
||||
SecurityContextHolder.setContext(originalSecurityContext);
|
||||
}
|
||||
this.originalSecurityContext = null;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
+37
-41
@@ -22,11 +22,10 @@ import org.springframework.util.Assert;
|
||||
* before invoking the delegate {@link Runnable} and then removing the
|
||||
* {@link SecurityContext} after the delegate has completed.
|
||||
* </p>
|
||||
*
|
||||
* <p>
|
||||
* By default the {@link SecurityContext} is only setup if {@link #run()} is
|
||||
* invoked on a separate {@link Thread} than the
|
||||
* {@link DelegatingSecurityContextRunnable} was created on. This can be
|
||||
* overridden by setting {@link #setEnableOnOriginalThread(boolean)} to true.
|
||||
* If there is a {@link SecurityContext} that already exists, it will be
|
||||
* restored after the {@link #run()} method is invoked.
|
||||
* </p>
|
||||
*
|
||||
* @author Rob Winch
|
||||
@@ -36,62 +35,59 @@ public final class DelegatingSecurityContextRunnable implements Runnable {
|
||||
|
||||
private final Runnable delegate;
|
||||
|
||||
private final SecurityContext securityContext;
|
||||
|
||||
private final Thread originalThread;
|
||||
|
||||
private boolean enableOnOriginalThread;
|
||||
/**
|
||||
* The {@link SecurityContext} that the delegate {@link Runnable} will be
|
||||
* ran as.
|
||||
*/
|
||||
private final SecurityContext delegateSecurityContext;
|
||||
|
||||
/**
|
||||
* Creates a new {@link DelegatingSecurityContextRunnable} with a specific {@link SecurityContext}.
|
||||
* @param delegate the delegate {@link Runnable} to run with the specified {@link SecurityContext}. Cannot be null.
|
||||
* @param securityContext the {@link SecurityContext} to establish for the delegate {@link Runnable}. Cannot be
|
||||
* null.
|
||||
* The {@link SecurityContext} that was on the {@link SecurityContextHolder}
|
||||
* prior to being set to the delegateSecurityContext.
|
||||
*/
|
||||
public DelegatingSecurityContextRunnable(Runnable delegate, SecurityContext securityContext) {
|
||||
private SecurityContext originalSecurityContext;
|
||||
|
||||
/**
|
||||
* Creates a new {@link DelegatingSecurityContextRunnable} with a specific
|
||||
* {@link SecurityContext}.
|
||||
* @param delegate the delegate {@link Runnable} to run with the specified
|
||||
* {@link SecurityContext}. Cannot be null.
|
||||
* @param securityContext the {@link SecurityContext} to establish for the delegate
|
||||
* {@link Runnable}. Cannot be null.
|
||||
*/
|
||||
public DelegatingSecurityContextRunnable(Runnable delegate,
|
||||
SecurityContext securityContext) {
|
||||
Assert.notNull(delegate, "delegate cannot be null");
|
||||
Assert.notNull(securityContext, "securityContext cannot be null");
|
||||
this.delegate = delegate;
|
||||
this.securityContext = securityContext;
|
||||
this.originalThread = Thread.currentThread();
|
||||
this.delegateSecurityContext = securityContext;
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a new {@link DelegatingSecurityContextRunnable} with the {@link SecurityContext} from the
|
||||
* {@link SecurityContextHolder}.
|
||||
* @param delegate the delegate {@link Runnable} to run under the current {@link SecurityContext}. Cannot be null.
|
||||
* Creates a new {@link DelegatingSecurityContextRunnable} with the
|
||||
* {@link SecurityContext} from the {@link SecurityContextHolder}.
|
||||
* @param delegate the delegate {@link Runnable} to run under the current
|
||||
* {@link SecurityContext}. Cannot be null.
|
||||
*/
|
||||
public DelegatingSecurityContextRunnable(Runnable delegate) {
|
||||
this(delegate, SecurityContextHolder.getContext());
|
||||
}
|
||||
|
||||
/**
|
||||
* Determines if the SecurityContext should be transfered if {@link #call()}
|
||||
* is invoked on the same {@link Thread} the
|
||||
* {@link DelegatingSecurityContextCallable} was created on.
|
||||
*
|
||||
* @param enableOnOriginalThread
|
||||
* if false (default), will only transfer the
|
||||
* {@link SecurityContext} if {@link #call()} is invoked on a
|
||||
* different {@link Thread} than the
|
||||
* {@link DelegatingSecurityContextCallable} was created on.
|
||||
* @since 4.0.2
|
||||
*/
|
||||
public void setEnableOnOriginalThread(boolean enableOnOriginalThread) {
|
||||
this.enableOnOriginalThread = enableOnOriginalThread;
|
||||
}
|
||||
|
||||
public void run() {
|
||||
if(!enableOnOriginalThread && originalThread == Thread.currentThread()) {
|
||||
delegate.run();
|
||||
return;
|
||||
}
|
||||
this.originalSecurityContext = SecurityContextHolder.getContext();
|
||||
|
||||
try {
|
||||
SecurityContextHolder.setContext(securityContext);
|
||||
SecurityContextHolder.setContext(delegateSecurityContext);
|
||||
delegate.run();
|
||||
}
|
||||
finally {
|
||||
SecurityContextHolder.clearContext();
|
||||
SecurityContext emptyContext = SecurityContextHolder.createEmptyContext();
|
||||
if(emptyContext.equals(originalSecurityContext)) {
|
||||
SecurityContextHolder.clearContext();
|
||||
} else {
|
||||
SecurityContextHolder.setContext(originalSecurityContext);
|
||||
}
|
||||
this.originalSecurityContext = null;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
package org.springframework.security.access.vote;
|
||||
|
||||
import static org.junit.Assert.*;
|
||||
import static org.fest.assertions.Assertions.*;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.springframework.security.access.AccessDecisionVoter;
|
||||
@@ -21,4 +22,13 @@ public class RoleVoterTests {
|
||||
// Vote on attribute list that has two attributes A and C (i.e. only one matching)
|
||||
assertEquals(AccessDecisionVoter.ACCESS_GRANTED, voter.vote(userAB, this, SecurityConfig.createList("A","C")));
|
||||
}
|
||||
|
||||
// SEC-3128
|
||||
@Test
|
||||
public void nullAuthenticationDenies() {
|
||||
RoleVoter voter = new RoleVoter();
|
||||
voter.setRolePrefix("");
|
||||
Authentication notAuthenitcated = null;
|
||||
assertThat(voter.vote(notAuthenitcated, this, SecurityConfig.createList("A"))).isEqualTo(AccessDecisionVoter.ACCESS_DENIED);
|
||||
}
|
||||
}
|
||||
|
||||
+6
-10
@@ -50,9 +50,12 @@ public class DelegatingSecurityContextCallableTests {
|
||||
|
||||
private ExecutorService executor;
|
||||
|
||||
private SecurityContext originalSecurityContext;
|
||||
|
||||
@Before
|
||||
@SuppressWarnings("serial")
|
||||
public void setUp() throws Exception {
|
||||
originalSecurityContext = SecurityContextHolder.createEmptyContext();
|
||||
when(delegate.call()).thenAnswer(new Returns(callableResult) {
|
||||
@Override
|
||||
public Object answer(InvocationOnMock invocation) throws Throwable {
|
||||
@@ -111,17 +114,10 @@ public class DelegatingSecurityContextCallableTests {
|
||||
// SEC-3031
|
||||
@Test
|
||||
public void callOnSameThread() throws Exception {
|
||||
originalSecurityContext = securityContext;
|
||||
SecurityContextHolder.setContext(originalSecurityContext);
|
||||
callable = new DelegatingSecurityContextCallable<Object>(delegate,
|
||||
securityContext);
|
||||
securityContext = SecurityContextHolder.createEmptyContext();
|
||||
assertWrapped(callable.call());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void callOnSameThreadExplicitlyEnabled() throws Exception {
|
||||
DelegatingSecurityContextCallable<Object> callable = new DelegatingSecurityContextCallable<Object>(delegate,
|
||||
securityContext);
|
||||
callable.setEnableOnOriginalThread(true);
|
||||
assertWrapped(callable.call());
|
||||
}
|
||||
|
||||
@@ -170,6 +166,6 @@ public class DelegatingSecurityContextCallableTests {
|
||||
private void assertWrapped(Object callableResult) throws Exception {
|
||||
verify(delegate).call();
|
||||
assertThat(SecurityContextHolder.getContext()).isEqualTo(
|
||||
SecurityContextHolder.createEmptyContext());
|
||||
originalSecurityContext);
|
||||
}
|
||||
}
|
||||
+6
-11
@@ -51,8 +51,11 @@ public class DelegatingSecurityContextRunnableTests {
|
||||
|
||||
private ExecutorService executor;
|
||||
|
||||
private SecurityContext originalSecurityContext;
|
||||
|
||||
@Before
|
||||
public void setUp() throws Exception {
|
||||
originalSecurityContext = SecurityContextHolder.createEmptyContext();
|
||||
doAnswer(new Answer<Object>() {
|
||||
public Object answer(InvocationOnMock invocation) throws Throwable {
|
||||
assertThat(SecurityContextHolder.getContext()).isEqualTo(securityContext);
|
||||
@@ -110,19 +113,11 @@ public class DelegatingSecurityContextRunnableTests {
|
||||
// SEC-3031
|
||||
@Test
|
||||
public void callOnSameThread() throws Exception {
|
||||
originalSecurityContext = securityContext;
|
||||
SecurityContextHolder.setContext(originalSecurityContext);
|
||||
executor = synchronousExecutor();
|
||||
runnable = new DelegatingSecurityContextRunnable(delegate,
|
||||
securityContext);
|
||||
securityContext = SecurityContextHolder.createEmptyContext();
|
||||
assertWrapped(runnable);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void callOnSameThreadExplicitlyEnabled() throws Exception {
|
||||
executor = synchronousExecutor();
|
||||
DelegatingSecurityContextRunnable runnable = new DelegatingSecurityContextRunnable(delegate,
|
||||
securityContext);
|
||||
runnable.setEnableOnOriginalThread(true);
|
||||
assertWrapped(runnable);
|
||||
}
|
||||
|
||||
@@ -167,7 +162,7 @@ public class DelegatingSecurityContextRunnableTests {
|
||||
submit.get();
|
||||
verify(delegate).run();
|
||||
assertThat(SecurityContextHolder.getContext()).isEqualTo(
|
||||
SecurityContextHolder.createEmptyContext());
|
||||
originalSecurityContext);
|
||||
}
|
||||
|
||||
private static ExecutorService synchronousExecutor() {
|
||||
|
||||
+2
-8
@@ -4,7 +4,7 @@
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-crypto</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<name>spring-security-crypto</name>
|
||||
<description>spring-security-crypto</description>
|
||||
<url>http://spring.io/spring-security</url>
|
||||
@@ -42,12 +42,6 @@
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
<repositories>
|
||||
<repository>
|
||||
<id>spring-snasphot</id>
|
||||
<url>https://repo.spring.io/snapshot</url>
|
||||
</repository>
|
||||
</repositories>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>commons-logging</groupId>
|
||||
@@ -77,7 +71,7 @@
|
||||
<dependency>
|
||||
<groupId>org.mockito</groupId>
|
||||
<artifactId>mockito-core</artifactId>
|
||||
<version>1.9.5</version>
|
||||
<version>1.10.19</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
|
||||
@@ -17,19 +17,19 @@ package org.springframework.security.crypto.password;
|
||||
|
||||
import java.security.MessageDigest;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.security.NoSuchProviderException;
|
||||
|
||||
/**
|
||||
* Helper for working with the MessageDigest API.
|
||||
*
|
||||
* Performs the configured number of iterations of the hashing algorithm per digest to aid in protecting against brute force attacks.
|
||||
* Performs the configured number of iterations of the hashing algorithm per digest to aid
|
||||
* in protecting against brute force attacks.
|
||||
*
|
||||
* @author Keith Donald
|
||||
* @author Luke Taylor
|
||||
*/
|
||||
final class Digester {
|
||||
|
||||
private final MessageDigest messageDigest;
|
||||
private final String algorithm;
|
||||
|
||||
private final int iterations;
|
||||
|
||||
@@ -39,21 +39,26 @@ final class Digester {
|
||||
* @param iterations the number of times to apply the digest algorithm to the input
|
||||
*/
|
||||
public Digester(String algorithm, int iterations) {
|
||||
try {
|
||||
messageDigest = MessageDigest.getInstance(algorithm);
|
||||
} catch (NoSuchAlgorithmException e) {
|
||||
throw new IllegalStateException("No such hashing algorithm", e);
|
||||
}
|
||||
|
||||
// eagerly validate the algorithm
|
||||
createDigest(algorithm);
|
||||
this.algorithm = algorithm;
|
||||
this.iterations = iterations;
|
||||
}
|
||||
|
||||
public byte[] digest(byte[] value) {
|
||||
synchronized (messageDigest) {
|
||||
for (int i = 0; i < iterations; i++) {
|
||||
value = messageDigest.digest(value);
|
||||
}
|
||||
return value;
|
||||
MessageDigest messageDigest = createDigest(algorithm);
|
||||
for (int i = 0; i < iterations; i++) {
|
||||
value = messageDigest.digest(value);
|
||||
}
|
||||
return value;
|
||||
}
|
||||
|
||||
private static MessageDigest createDigest(String algorithm) {
|
||||
try {
|
||||
return MessageDigest.getInstance(algorithm);
|
||||
}
|
||||
catch (NoSuchAlgorithmException e) {
|
||||
throw new IllegalStateException("No such hashing algorithm", e);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
+1
-1
@@ -1 +1 @@
|
||||
version=3.2.8.CI-SNAPSHOT
|
||||
version=3.2.9.RELEASE
|
||||
|
||||
@@ -21,7 +21,7 @@ ext.hsqlVersion = '2.3.1'
|
||||
ext.slf4jVersion = '1.7.5'
|
||||
ext.logbackVersion = '0.9.29'
|
||||
ext.cglibVersion = '2.2'
|
||||
ext.powerMockVersion = '1.6.1'
|
||||
ext.powerMockVersion = '1.6.2'
|
||||
ext.servletApiVersion = '3.0.1'
|
||||
ext.seleniumVersion = '2.33.0'
|
||||
ext.groovyVersion = '2.0.5'
|
||||
@@ -123,7 +123,7 @@ dependencies {
|
||||
optional 'commons-logging:commons-logging:1.1.1'
|
||||
|
||||
testCompile 'junit:junit:4.11',
|
||||
'org.mockito:mockito-core:1.9.5',
|
||||
'org.mockito:mockito-core:1.10.19',
|
||||
"org.springframework:spring-test:$springVersion",
|
||||
'org.easytesting:fest-assert:1.4'
|
||||
|
||||
|
||||
+5
-11
@@ -4,7 +4,7 @@
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>itest-context</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<name>itest-context</name>
|
||||
<description>itest-context</description>
|
||||
<url>http://spring.io/spring-security</url>
|
||||
@@ -42,12 +42,6 @@
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
<repositories>
|
||||
<repository>
|
||||
<id>spring-snasphot</id>
|
||||
<url>https://repo.spring.io/snapshot</url>
|
||||
</repository>
|
||||
</repositories>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>aopalliance</groupId>
|
||||
@@ -64,7 +58,7 @@
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-core</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
@@ -131,7 +125,7 @@
|
||||
<dependency>
|
||||
<groupId>org.mockito</groupId>
|
||||
<artifactId>mockito-core</artifactId>
|
||||
<version>1.9.5</version>
|
||||
<version>1.10.19</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
@@ -143,13 +137,13 @@
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-config</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-web</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
|
||||
+7
-13
@@ -4,7 +4,7 @@
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>itest-web</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<name>itest-web</name>
|
||||
<description>itest-web</description>
|
||||
<url>http://spring.io/spring-security</url>
|
||||
@@ -42,12 +42,6 @@
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
<repositories>
|
||||
<repository>
|
||||
<id>spring-snasphot</id>
|
||||
<url>https://repo.spring.io/snapshot</url>
|
||||
</repository>
|
||||
</repositories>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.springframework</groupId>
|
||||
@@ -123,7 +117,7 @@
|
||||
<dependency>
|
||||
<groupId>org.mockito</groupId>
|
||||
<artifactId>mockito-core</artifactId>
|
||||
<version>1.9.5</version>
|
||||
<version>1.10.19</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
@@ -159,31 +153,31 @@
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-config</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-core</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-ldap</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-taglibs</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-web</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
|
||||
+3
-9
@@ -4,7 +4,7 @@
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-ldap</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<name>spring-security-ldap</name>
|
||||
<description>spring-security-ldap</description>
|
||||
<url>http://spring.io/spring-security</url>
|
||||
@@ -42,12 +42,6 @@
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
<repositories>
|
||||
<repository>
|
||||
<id>spring-snasphot</id>
|
||||
<url>https://repo.spring.io/snapshot</url>
|
||||
</repository>
|
||||
</repositories>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.springframework.ldap</groupId>
|
||||
@@ -76,7 +70,7 @@
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-core</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
@@ -186,7 +180,7 @@
|
||||
<dependency>
|
||||
<groupId>org.mockito</groupId>
|
||||
<artifactId>mockito-core</artifactId>
|
||||
<version>1.9.5</version>
|
||||
<version>1.10.19</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
|
||||
+4
-10
@@ -4,7 +4,7 @@
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-openid</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<name>spring-security-openid</name>
|
||||
<description>spring-security-openid</description>
|
||||
<url>http://spring.io/spring-security</url>
|
||||
@@ -42,12 +42,6 @@
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
<repositories>
|
||||
<repository>
|
||||
<id>spring-snasphot</id>
|
||||
<url>https://repo.spring.io/snapshot</url>
|
||||
</repository>
|
||||
</repositories>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>com.google.inject</groupId>
|
||||
@@ -70,13 +64,13 @@
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-core</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-web</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
@@ -161,7 +155,7 @@
|
||||
<dependency>
|
||||
<groupId>org.mockito</groupId>
|
||||
<artifactId>mockito-core</artifactId>
|
||||
<version>1.9.5</version>
|
||||
<version>1.10.19</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
|
||||
+3
-9
@@ -4,7 +4,7 @@
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-remoting</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<name>spring-security-remoting</name>
|
||||
<description>spring-security-remoting</description>
|
||||
<url>http://spring.io/spring-security</url>
|
||||
@@ -42,12 +42,6 @@
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
<repositories>
|
||||
<repository>
|
||||
<id>spring-snasphot</id>
|
||||
<url>https://repo.spring.io/snapshot</url>
|
||||
</repository>
|
||||
</repositories>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>aopalliance</groupId>
|
||||
@@ -58,7 +52,7 @@
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-core</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
@@ -119,7 +113,7 @@
|
||||
<dependency>
|
||||
<groupId>org.mockito</groupId>
|
||||
<artifactId>mockito-core</artifactId>
|
||||
<version>1.9.5</version>
|
||||
<version>1.10.19</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-samples-aspectj-jc</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<name>spring-security-samples-aspectj-jc</name>
|
||||
<description>spring-security-samples-aspectj-jc</description>
|
||||
<url>http://spring.io/spring-security</url>
|
||||
@@ -42,23 +42,17 @@
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
<repositories>
|
||||
<repository>
|
||||
<id>spring-snasphot</id>
|
||||
<url>https://repo.spring.io/snapshot</url>
|
||||
</repository>
|
||||
</repositories>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-config</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-core</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
@@ -78,7 +72,7 @@
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-aspects</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>runtime</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
@@ -102,7 +96,7 @@
|
||||
<dependency>
|
||||
<groupId>org.mockito</groupId>
|
||||
<artifactId>mockito-core</artifactId>
|
||||
<version>1.9.5</version>
|
||||
<version>1.10.19</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-samples-aspectj-xml</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<name>spring-security-samples-aspectj-xml</name>
|
||||
<description>spring-security-samples-aspectj-xml</description>
|
||||
<url>http://spring.io/spring-security</url>
|
||||
@@ -42,17 +42,11 @@
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
<repositories>
|
||||
<repository>
|
||||
<id>spring-snasphot</id>
|
||||
<url>https://repo.spring.io/snapshot</url>
|
||||
</repository>
|
||||
</repositories>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-core</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
@@ -72,13 +66,13 @@
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-aspects</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>runtime</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-config</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>runtime</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
@@ -102,7 +96,7 @@
|
||||
<dependency>
|
||||
<groupId>org.mockito</groupId>
|
||||
<artifactId>mockito-core</artifactId>
|
||||
<version>1.9.5</version>
|
||||
<version>1.10.19</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-samples-cassample-xml</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<packaging>war</packaging>
|
||||
<name>spring-security-samples-cassample-xml</name>
|
||||
<description>spring-security-samples-cassample-xml</description>
|
||||
@@ -50,12 +50,6 @@
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
<repositories>
|
||||
<repository>
|
||||
<id>spring-snasphot</id>
|
||||
<url>https://repo.spring.io/snapshot</url>
|
||||
</repository>
|
||||
</repositories>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.jasig.cas.client</groupId>
|
||||
@@ -66,13 +60,13 @@
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-cas</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-core</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
@@ -109,13 +103,13 @@
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-config</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>runtime</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-web</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>runtime</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
@@ -163,7 +157,7 @@
|
||||
<dependency>
|
||||
<groupId>org.mockito</groupId>
|
||||
<artifactId>mockito-core</artifactId>
|
||||
<version>1.9.5</version>
|
||||
<version>1.10.19</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-samples-casserver</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<packaging>war</packaging>
|
||||
<name>spring-security-samples-casserver</name>
|
||||
<description>spring-security-samples-casserver</description>
|
||||
@@ -50,12 +50,6 @@
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
<repositories>
|
||||
<repository>
|
||||
<id>spring-snasphot</id>
|
||||
<url>https://repo.spring.io/snapshot</url>
|
||||
</repository>
|
||||
</repositories>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>commons-logging</groupId>
|
||||
@@ -85,7 +79,7 @@
|
||||
<dependency>
|
||||
<groupId>org.mockito</groupId>
|
||||
<artifactId>mockito-core</artifactId>
|
||||
<version>1.9.5</version>
|
||||
<version>1.10.19</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-samples-concurrency-jc</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<packaging>war</packaging>
|
||||
<name>spring-security-samples-concurrency-jc</name>
|
||||
<description>spring-security-samples-concurrency-jc</description>
|
||||
@@ -50,12 +50,6 @@
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
<repositories>
|
||||
<repository>
|
||||
<id>spring-snasphot</id>
|
||||
<url>https://repo.spring.io/snapshot</url>
|
||||
</repository>
|
||||
</repositories>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>javax.servlet.jsp.jstl</groupId>
|
||||
@@ -102,25 +96,25 @@
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-config</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-core</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-samples-messages-jc</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-web</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
@@ -193,7 +187,7 @@
|
||||
<dependency>
|
||||
<groupId>org.mockito</groupId>
|
||||
<artifactId>mockito-core</artifactId>
|
||||
<version>1.9.5</version>
|
||||
<version>1.10.19</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-samples-contacts-xml</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<packaging>war</packaging>
|
||||
<name>spring-security-samples-contacts-xml</name>
|
||||
<description>spring-security-samples-contacts-xml</description>
|
||||
@@ -50,23 +50,17 @@
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
<repositories>
|
||||
<repository>
|
||||
<id>spring-snasphot</id>
|
||||
<url>https://repo.spring.io/snapshot</url>
|
||||
</repository>
|
||||
</repositories>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-acl</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-core</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
@@ -163,19 +157,19 @@
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-config</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>runtime</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-taglibs</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>runtime</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-web</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>runtime</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
@@ -199,7 +193,7 @@
|
||||
<dependency>
|
||||
<groupId>org.mockito</groupId>
|
||||
<artifactId>mockito-core</artifactId>
|
||||
<version>1.9.5</version>
|
||||
<version>1.10.19</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
|
||||
+5
-11
@@ -4,7 +4,7 @@
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-samples-dms-xml</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<name>spring-security-samples-dms-xml</name>
|
||||
<description>spring-security-samples-dms-xml</description>
|
||||
<url>http://spring.io/spring-security</url>
|
||||
@@ -42,23 +42,17 @@
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
<repositories>
|
||||
<repository>
|
||||
<id>spring-snasphot</id>
|
||||
<url>https://repo.spring.io/snapshot</url>
|
||||
</repository>
|
||||
</repositories>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-acl</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-core</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
@@ -102,7 +96,7 @@
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-config</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>runtime</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
@@ -132,7 +126,7 @@
|
||||
<dependency>
|
||||
<groupId>org.mockito</groupId>
|
||||
<artifactId>mockito-core</artifactId>
|
||||
<version>1.9.5</version>
|
||||
<version>1.10.19</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
|
||||
+6
-12
@@ -4,7 +4,7 @@
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-samples-form-jc</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<packaging>war</packaging>
|
||||
<name>spring-security-samples-form-jc</name>
|
||||
<description>spring-security-samples-form-jc</description>
|
||||
@@ -50,12 +50,6 @@
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
<repositories>
|
||||
<repository>
|
||||
<id>spring-snasphot</id>
|
||||
<url>https://repo.spring.io/snapshot</url>
|
||||
</repository>
|
||||
</repositories>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>javax.servlet.jsp.jstl</groupId>
|
||||
@@ -102,25 +96,25 @@
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-config</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-core</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-samples-messages-jc</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-web</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
@@ -193,7 +187,7 @@
|
||||
<dependency>
|
||||
<groupId>org.mockito</groupId>
|
||||
<artifactId>mockito-core</artifactId>
|
||||
<version>1.9.5</version>
|
||||
<version>1.10.19</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
|
||||
+6
-12
@@ -4,7 +4,7 @@
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-samples-gae-xml</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<packaging>war</packaging>
|
||||
<name>spring-security-samples-gae-xml</name>
|
||||
<description>spring-security-samples-gae-xml</description>
|
||||
@@ -50,12 +50,6 @@
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
<repositories>
|
||||
<repository>
|
||||
<id>spring-snasphot</id>
|
||||
<url>https://repo.spring.io/snapshot</url>
|
||||
</repository>
|
||||
</repositories>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>com.google.appengine</groupId>
|
||||
@@ -84,13 +78,13 @@
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-core</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-web</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
@@ -151,13 +145,13 @@
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-config</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>runtime</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-taglibs</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>runtime</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
@@ -199,7 +193,7 @@
|
||||
<dependency>
|
||||
<groupId>org.mockito</groupId>
|
||||
<artifactId>mockito-core</artifactId>
|
||||
<version>1.9.5</version>
|
||||
<version>1.10.19</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-samples-hellojs-jc</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<packaging>war</packaging>
|
||||
<name>spring-security-samples-hellojs-jc</name>
|
||||
<description>spring-security-samples-hellojs-jc</description>
|
||||
@@ -50,12 +50,6 @@
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
<repositories>
|
||||
<repository>
|
||||
<id>spring-snasphot</id>
|
||||
<url>https://repo.spring.io/snapshot</url>
|
||||
</repository>
|
||||
</repositories>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>com.fasterxml.jackson.core</groupId>
|
||||
@@ -108,25 +102,25 @@
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-config</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-core</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-samples-messages-jc</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-web</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
@@ -199,7 +193,7 @@
|
||||
<dependency>
|
||||
<groupId>org.mockito</groupId>
|
||||
<artifactId>mockito-core</artifactId>
|
||||
<version>1.9.5</version>
|
||||
<version>1.10.19</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-samples-hellomvc-jc</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<packaging>war</packaging>
|
||||
<name>spring-security-samples-hellomvc-jc</name>
|
||||
<description>spring-security-samples-hellomvc-jc</description>
|
||||
@@ -50,12 +50,6 @@
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
<repositories>
|
||||
<repository>
|
||||
<id>spring-snasphot</id>
|
||||
<url>https://repo.spring.io/snapshot</url>
|
||||
</repository>
|
||||
</repositories>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>javax.servlet.jsp.jstl</groupId>
|
||||
@@ -102,25 +96,25 @@
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-config</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-core</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-samples-messages-jc</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-web</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
@@ -193,7 +187,7 @@
|
||||
<dependency>
|
||||
<groupId>org.mockito</groupId>
|
||||
<artifactId>mockito-core</artifactId>
|
||||
<version>1.9.5</version>
|
||||
<version>1.10.19</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-samples-helloworld-jc</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<packaging>war</packaging>
|
||||
<name>spring-security-samples-helloworld-jc</name>
|
||||
<description>spring-security-samples-helloworld-jc</description>
|
||||
@@ -50,12 +50,6 @@
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
<repositories>
|
||||
<repository>
|
||||
<id>spring-snasphot</id>
|
||||
<url>https://repo.spring.io/snapshot</url>
|
||||
</repository>
|
||||
</repositories>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>javax.servlet.jsp.jstl</groupId>
|
||||
@@ -78,13 +72,13 @@
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-config</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-web</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
@@ -127,7 +121,7 @@
|
||||
<dependency>
|
||||
<groupId>org.mockito</groupId>
|
||||
<artifactId>mockito-core</artifactId>
|
||||
<version>1.9.5</version>
|
||||
<version>1.10.19</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-samples-inmemory-jc</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<packaging>war</packaging>
|
||||
<name>spring-security-samples-inmemory-jc</name>
|
||||
<description>spring-security-samples-inmemory-jc</description>
|
||||
@@ -50,12 +50,6 @@
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
<repositories>
|
||||
<repository>
|
||||
<id>spring-snasphot</id>
|
||||
<url>https://repo.spring.io/snapshot</url>
|
||||
</repository>
|
||||
</repositories>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>javax.servlet.jsp.jstl</groupId>
|
||||
@@ -102,25 +96,25 @@
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-config</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-core</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-samples-messages-jc</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-web</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
@@ -193,7 +187,7 @@
|
||||
<dependency>
|
||||
<groupId>org.mockito</groupId>
|
||||
<artifactId>mockito-core</artifactId>
|
||||
<version>1.9.5</version>
|
||||
<version>1.10.19</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-samples-insecure</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<packaging>war</packaging>
|
||||
<name>spring-security-samples-insecure</name>
|
||||
<description>spring-security-samples-insecure</description>
|
||||
@@ -50,12 +50,6 @@
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
<repositories>
|
||||
<repository>
|
||||
<id>spring-snasphot</id>
|
||||
<url>https://repo.spring.io/snapshot</url>
|
||||
</repository>
|
||||
</repositories>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>javax.servlet.jsp.jstl</groupId>
|
||||
@@ -115,7 +109,7 @@
|
||||
<dependency>
|
||||
<groupId>org.mockito</groupId>
|
||||
<artifactId>mockito-core</artifactId>
|
||||
<version>1.9.5</version>
|
||||
<version>1.10.19</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-samples-insecuremvc</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<packaging>war</packaging>
|
||||
<name>spring-security-samples-insecuremvc</name>
|
||||
<description>spring-security-samples-insecuremvc</description>
|
||||
@@ -50,12 +50,6 @@
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
<repositories>
|
||||
<repository>
|
||||
<id>spring-snasphot</id>
|
||||
<url>https://repo.spring.io/snapshot</url>
|
||||
</repository>
|
||||
</repositories>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>javax.servlet.jsp.jstl</groupId>
|
||||
@@ -102,7 +96,7 @@
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-samples-messages-jc</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
@@ -175,7 +169,7 @@
|
||||
<dependency>
|
||||
<groupId>org.mockito</groupId>
|
||||
<artifactId>mockito-core</artifactId>
|
||||
<version>1.9.5</version>
|
||||
<version>1.10.19</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-samples-jaas-xml</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<packaging>war</packaging>
|
||||
<name>spring-security-samples-jaas-xml</name>
|
||||
<description>spring-security-samples-jaas-xml</description>
|
||||
@@ -50,17 +50,11 @@
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
<repositories>
|
||||
<repository>
|
||||
<id>spring-snasphot</id>
|
||||
<url>https://repo.spring.io/snapshot</url>
|
||||
</repository>
|
||||
</repositories>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-core</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
@@ -121,19 +115,19 @@
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-config</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>runtime</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-taglibs</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>runtime</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-web</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>runtime</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
@@ -157,7 +151,7 @@
|
||||
<dependency>
|
||||
<groupId>org.mockito</groupId>
|
||||
<artifactId>mockito-core</artifactId>
|
||||
<version>1.9.5</version>
|
||||
<version>1.10.19</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
|
||||
+6
-12
@@ -4,7 +4,7 @@
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-samples-jdbc-jc</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<packaging>war</packaging>
|
||||
<name>spring-security-samples-jdbc-jc</name>
|
||||
<description>spring-security-samples-jdbc-jc</description>
|
||||
@@ -50,12 +50,6 @@
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
<repositories>
|
||||
<repository>
|
||||
<id>spring-snasphot</id>
|
||||
<url>https://repo.spring.io/snapshot</url>
|
||||
</repository>
|
||||
</repositories>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>javax.servlet.jsp.jstl</groupId>
|
||||
@@ -102,25 +96,25 @@
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-config</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-core</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-samples-messages-jc</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-web</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
@@ -193,7 +187,7 @@
|
||||
<dependency>
|
||||
<groupId>org.mockito</groupId>
|
||||
<artifactId>mockito-core</artifactId>
|
||||
<version>1.9.5</version>
|
||||
<version>1.10.19</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
|
||||
+7
-13
@@ -4,7 +4,7 @@
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-samples-ldap-jc</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<packaging>war</packaging>
|
||||
<name>spring-security-samples-ldap-jc</name>
|
||||
<description>spring-security-samples-ldap-jc</description>
|
||||
@@ -50,12 +50,6 @@
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
<repositories>
|
||||
<repository>
|
||||
<id>spring-snasphot</id>
|
||||
<url>https://repo.spring.io/snapshot</url>
|
||||
</repository>
|
||||
</repositories>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>javax.servlet.jsp.jstl</groupId>
|
||||
@@ -138,31 +132,31 @@
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-config</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-core</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-ldap</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-samples-messages-jc</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-web</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
@@ -235,7 +229,7 @@
|
||||
<dependency>
|
||||
<groupId>org.mockito</groupId>
|
||||
<artifactId>mockito-core</artifactId>
|
||||
<version>1.9.5</version>
|
||||
<version>1.10.19</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-samples-ldap-xml</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<packaging>war</packaging>
|
||||
<name>spring-security-samples-ldap-xml</name>
|
||||
<description>spring-security-samples-ldap-xml</description>
|
||||
@@ -50,12 +50,6 @@
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
<repositories>
|
||||
<repository>
|
||||
<id>spring-snasphot</id>
|
||||
<url>https://repo.spring.io/snapshot</url>
|
||||
</repository>
|
||||
</repositories>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>commons-logging</groupId>
|
||||
@@ -115,19 +109,19 @@
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-config</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>runtime</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-ldap</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>runtime</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-web</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>runtime</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
@@ -145,7 +139,7 @@
|
||||
<dependency>
|
||||
<groupId>org.mockito</groupId>
|
||||
<artifactId>mockito-core</artifactId>
|
||||
<version>1.9.5</version>
|
||||
<version>1.10.19</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-samples-messages-jc</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<name>spring-security-samples-messages-jc</name>
|
||||
<description>spring-security-samples-messages-jc</description>
|
||||
<url>http://spring.io/spring-security</url>
|
||||
@@ -42,12 +42,6 @@
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
<repositories>
|
||||
<repository>
|
||||
<id>spring-snasphot</id>
|
||||
<url>https://repo.spring.io/snapshot</url>
|
||||
</repository>
|
||||
</repositories>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>javax.validation</groupId>
|
||||
@@ -100,13 +94,13 @@
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-config</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-web</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
@@ -209,7 +203,7 @@
|
||||
<dependency>
|
||||
<groupId>org.mockito</groupId>
|
||||
<artifactId>mockito-core</artifactId>
|
||||
<version>1.9.5</version>
|
||||
<version>1.10.19</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-samples-openid-jc</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<packaging>war</packaging>
|
||||
<name>spring-security-samples-openid-jc</name>
|
||||
<description>spring-security-samples-openid-jc</description>
|
||||
@@ -50,12 +50,6 @@
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
<repositories>
|
||||
<repository>
|
||||
<id>spring-snasphot</id>
|
||||
<url>https://repo.spring.io/snapshot</url>
|
||||
</repository>
|
||||
</repositories>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>javax.servlet.jsp.jstl</groupId>
|
||||
@@ -102,31 +96,31 @@
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-config</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-core</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-openid</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-samples-messages-jc</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-web</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
@@ -205,7 +199,7 @@
|
||||
<dependency>
|
||||
<groupId>org.mockito</groupId>
|
||||
<artifactId>mockito-core</artifactId>
|
||||
<version>1.9.5</version>
|
||||
<version>1.10.19</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-samples-openid-xml</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<packaging>war</packaging>
|
||||
<name>spring-security-samples-openid-xml</name>
|
||||
<description>spring-security-samples-openid-xml</description>
|
||||
@@ -50,23 +50,17 @@
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
<repositories>
|
||||
<repository>
|
||||
<id>spring-snasphot</id>
|
||||
<url>https://repo.spring.io/snapshot</url>
|
||||
</repository>
|
||||
</repositories>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-core</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-openid</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
@@ -109,13 +103,13 @@
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-config</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>runtime</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-taglibs</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>runtime</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
@@ -133,7 +127,7 @@
|
||||
<dependency>
|
||||
<groupId>org.mockito</groupId>
|
||||
<artifactId>mockito-core</artifactId>
|
||||
<version>1.9.5</version>
|
||||
<version>1.10.19</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-samples-preauth-jc</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<packaging>war</packaging>
|
||||
<name>spring-security-samples-preauth-jc</name>
|
||||
<description>spring-security-samples-preauth-jc</description>
|
||||
@@ -50,12 +50,6 @@
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
<repositories>
|
||||
<repository>
|
||||
<id>spring-snasphot</id>
|
||||
<url>https://repo.spring.io/snapshot</url>
|
||||
</repository>
|
||||
</repositories>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>javax.servlet.jsp.jstl</groupId>
|
||||
@@ -102,25 +96,25 @@
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-config</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-core</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-samples-messages-jc</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-web</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
@@ -193,7 +187,7 @@
|
||||
<dependency>
|
||||
<groupId>org.mockito</groupId>
|
||||
<artifactId>mockito-core</artifactId>
|
||||
<version>1.9.5</version>
|
||||
<version>1.10.19</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-samples-preauth-xml</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<packaging>war</packaging>
|
||||
<name>spring-security-samples-preauth-xml</name>
|
||||
<description>spring-security-samples-preauth-xml</description>
|
||||
@@ -50,12 +50,6 @@
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
<repositories>
|
||||
<repository>
|
||||
<id>spring-snasphot</id>
|
||||
<url>https://repo.spring.io/snapshot</url>
|
||||
</repository>
|
||||
</repositories>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>commons-logging</groupId>
|
||||
@@ -79,13 +73,13 @@
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-config</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>runtime</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-web</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>runtime</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
@@ -103,7 +97,7 @@
|
||||
<dependency>
|
||||
<groupId>org.mockito</groupId>
|
||||
<artifactId>mockito-core</artifactId>
|
||||
<version>1.9.5</version>
|
||||
<version>1.10.19</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-samples-rememberme-jc</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<packaging>war</packaging>
|
||||
<name>spring-security-samples-rememberme-jc</name>
|
||||
<description>spring-security-samples-rememberme-jc</description>
|
||||
@@ -50,12 +50,6 @@
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
<repositories>
|
||||
<repository>
|
||||
<id>spring-snasphot</id>
|
||||
<url>https://repo.spring.io/snapshot</url>
|
||||
</repository>
|
||||
</repositories>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>javax.servlet.jsp.jstl</groupId>
|
||||
@@ -102,25 +96,25 @@
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-config</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-core</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-samples-messages-jc</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-web</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
@@ -193,7 +187,7 @@
|
||||
<dependency>
|
||||
<groupId>org.mockito</groupId>
|
||||
<artifactId>mockito-core</artifactId>
|
||||
<version>1.9.5</version>
|
||||
<version>1.10.19</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-samples-servletapi-xml</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<packaging>war</packaging>
|
||||
<name>spring-security-samples-servletapi-xml</name>
|
||||
<description>spring-security-samples-servletapi-xml</description>
|
||||
@@ -50,12 +50,6 @@
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
<repositories>
|
||||
<repository>
|
||||
<id>spring-snasphot</id>
|
||||
<url>https://repo.spring.io/snapshot</url>
|
||||
</repository>
|
||||
</repositories>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>javax.servlet.jsp.jstl</groupId>
|
||||
@@ -66,13 +60,13 @@
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-core</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-web</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
@@ -133,13 +127,13 @@
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-config</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>runtime</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-taglibs</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>runtime</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
@@ -163,7 +157,7 @@
|
||||
<dependency>
|
||||
<groupId>org.mockito</groupId>
|
||||
<artifactId>mockito-core</artifactId>
|
||||
<version>1.9.5</version>
|
||||
<version>1.10.19</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-samples-tutorial-xml</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<packaging>war</packaging>
|
||||
<name>spring-security-samples-tutorial-xml</name>
|
||||
<description>spring-security-samples-tutorial-xml</description>
|
||||
@@ -50,12 +50,6 @@
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
<repositories>
|
||||
<repository>
|
||||
<id>spring-snasphot</id>
|
||||
<url>https://repo.spring.io/snapshot</url>
|
||||
</repository>
|
||||
</repositories>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.slf4j</groupId>
|
||||
@@ -66,7 +60,7 @@
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-core</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
@@ -133,19 +127,19 @@
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-config</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>runtime</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-taglibs</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>runtime</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-web</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>runtime</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
@@ -163,7 +157,7 @@
|
||||
<dependency>
|
||||
<groupId>org.mockito</groupId>
|
||||
<artifactId>mockito-core</artifactId>
|
||||
<version>1.9.5</version>
|
||||
<version>1.10.19</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
|
||||
+6
-12
@@ -4,7 +4,7 @@
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-samples-x509-jc</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<packaging>war</packaging>
|
||||
<name>spring-security-samples-x509-jc</name>
|
||||
<description>spring-security-samples-x509-jc</description>
|
||||
@@ -50,12 +50,6 @@
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
<repositories>
|
||||
<repository>
|
||||
<id>spring-snasphot</id>
|
||||
<url>https://repo.spring.io/snapshot</url>
|
||||
</repository>
|
||||
</repositories>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>javax.servlet.jsp.jstl</groupId>
|
||||
@@ -102,25 +96,25 @@
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-config</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-core</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-samples-messages-jc</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-web</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
@@ -193,7 +187,7 @@
|
||||
<dependency>
|
||||
<groupId>org.mockito</groupId>
|
||||
<artifactId>mockito-core</artifactId>
|
||||
<version>1.9.5</version>
|
||||
<version>1.10.19</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
|
||||
+5
-11
@@ -4,7 +4,7 @@
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-taglibs</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<name>spring-security-taglibs</name>
|
||||
<description>spring-security-taglibs</description>
|
||||
<url>http://spring.io/spring-security</url>
|
||||
@@ -42,29 +42,23 @@
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
<repositories>
|
||||
<repository>
|
||||
<id>spring-snasphot</id>
|
||||
<url>https://repo.spring.io/snapshot</url>
|
||||
</repository>
|
||||
</repositories>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-acl</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-core</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-web</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
@@ -161,7 +155,7 @@
|
||||
<dependency>
|
||||
<groupId>org.mockito</groupId>
|
||||
<artifactId>mockito-core</artifactId>
|
||||
<version>1.9.5</version>
|
||||
<version>1.10.19</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
|
||||
+5
-4
@@ -42,6 +42,7 @@ import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.web.FilterInvocation;
|
||||
import org.springframework.security.web.WebAttributes;
|
||||
import org.springframework.security.web.access.WebInvocationPrivilegeEvaluator;
|
||||
import org.springframework.security.web.context.support.SecurityWebApplicationContextUtils;
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.springframework.web.context.support.WebApplicationContextUtils;
|
||||
|
||||
@@ -312,8 +313,7 @@ public abstract class AbstractAuthorizeTag {
|
||||
|
||||
@SuppressWarnings({ "unchecked", "rawtypes" })
|
||||
private SecurityExpressionHandler<FilterInvocation> getExpressionHandler() throws IOException {
|
||||
ApplicationContext appContext = WebApplicationContextUtils
|
||||
.getRequiredWebApplicationContext(getServletContext());
|
||||
ApplicationContext appContext = SecurityWebApplicationContextUtils.findRequiredWebApplicationContext(getServletContext());
|
||||
Map<String, SecurityExpressionHandler> handlers = appContext
|
||||
.getBeansOfType(SecurityExpressionHandler.class);
|
||||
|
||||
@@ -335,8 +335,9 @@ public abstract class AbstractAuthorizeTag {
|
||||
return privEvaluatorFromRequest;
|
||||
}
|
||||
|
||||
ApplicationContext ctx = WebApplicationContextUtils.getRequiredWebApplicationContext(getServletContext());
|
||||
Map<String, WebInvocationPrivilegeEvaluator> wipes = ctx.getBeansOfType(WebInvocationPrivilegeEvaluator.class);
|
||||
ApplicationContext ctx = SecurityWebApplicationContextUtils.findRequiredWebApplicationContext(getServletContext());
|
||||
Map<String, WebInvocationPrivilegeEvaluator> wipes = ctx
|
||||
.getBeansOfType(WebInvocationPrivilegeEvaluator.class);
|
||||
|
||||
if (wipes.size() == 0) {
|
||||
throw new IOException(
|
||||
|
||||
+2
-1
@@ -21,6 +21,7 @@ import org.springframework.security.access.PermissionEvaluator;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.taglibs.TagLibConfig;
|
||||
import org.springframework.security.web.context.support.SecurityWebApplicationContextUtils;
|
||||
import org.springframework.web.context.support.WebApplicationContextUtils;
|
||||
|
||||
import javax.servlet.ServletContext;
|
||||
@@ -136,7 +137,7 @@ public class AccessControlListTag extends TagSupport {
|
||||
protected ApplicationContext getContext(PageContext pageContext) {
|
||||
ServletContext servletContext = pageContext.getServletContext();
|
||||
|
||||
return WebApplicationContextUtils.getRequiredWebApplicationContext(servletContext);
|
||||
return SecurityWebApplicationContextUtils.findRequiredWebApplicationContext(servletContext);
|
||||
}
|
||||
|
||||
public Object getDomainObject() {
|
||||
|
||||
+37
-1
@@ -12,12 +12,16 @@
|
||||
*/
|
||||
package org.springframework.security.taglibs.authz;
|
||||
|
||||
import static org.fest.assertions.Assertions.*;
|
||||
|
||||
import static org.mockito.Matchers.any;
|
||||
import static org.mockito.Matchers.eq;
|
||||
import static org.mockito.Mockito.mock;
|
||||
import static org.mockito.Mockito.verify;
|
||||
import static org.mockito.Mockito.when;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.Collections;
|
||||
|
||||
import javax.servlet.ServletContext;
|
||||
import javax.servlet.ServletRequest;
|
||||
@@ -29,10 +33,14 @@ import org.junit.Test;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.mock.web.MockServletContext;
|
||||
import org.springframework.security.access.expression.SecurityExpressionHandler;
|
||||
import org.springframework.security.authentication.TestingAuthenticationToken;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.web.WebAttributes;
|
||||
import org.springframework.security.web.access.WebInvocationPrivilegeEvaluator;
|
||||
import org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler;
|
||||
import org.springframework.web.context.WebApplicationContext;
|
||||
|
||||
/**
|
||||
*
|
||||
@@ -63,13 +71,41 @@ public class AbstractAuthorizeTagTests {
|
||||
String uri = "/something";
|
||||
WebInvocationPrivilegeEvaluator expected = mock(WebInvocationPrivilegeEvaluator.class);
|
||||
tag.setUrl(uri);
|
||||
request.setAttribute(WebAttributes.WEB_INVOCATION_PRIVILEGE_EVALUATOR_ATTRIBUTE, expected);
|
||||
request.setAttribute(WebAttributes.WEB_INVOCATION_PRIVILEGE_EVALUATOR_ATTRIBUTE,
|
||||
expected);
|
||||
|
||||
tag.authorizeUsingUrlCheck();
|
||||
|
||||
verify(expected).isAllowed(eq(""), eq(uri), eq("GET"), any(Authentication.class));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void privilegeEvaluatorFromChildContext() throws IOException {
|
||||
String uri = "/something";
|
||||
WebInvocationPrivilegeEvaluator expected = mock(WebInvocationPrivilegeEvaluator.class);
|
||||
tag.setUrl(uri);
|
||||
WebApplicationContext wac = mock(WebApplicationContext.class);
|
||||
when(wac.getBeansOfType(WebInvocationPrivilegeEvaluator.class)).thenReturn(Collections.singletonMap("wipe", expected));
|
||||
servletContext.setAttribute("org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher", wac);
|
||||
|
||||
tag.authorizeUsingUrlCheck();
|
||||
|
||||
verify(expected).isAllowed(eq(""), eq(uri), eq("GET"), any(Authentication.class));
|
||||
}
|
||||
|
||||
@Test
|
||||
@SuppressWarnings("rawtypes")
|
||||
public void expressionFromChildContext() throws IOException {
|
||||
SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("user", "pass","USER"));
|
||||
DefaultWebSecurityExpressionHandler expected = new DefaultWebSecurityExpressionHandler();
|
||||
tag.setAccess("permitAll");
|
||||
WebApplicationContext wac = mock(WebApplicationContext.class);
|
||||
when(wac.getBeansOfType(SecurityExpressionHandler.class)).thenReturn(Collections.<String,SecurityExpressionHandler>singletonMap("wipe", expected));
|
||||
servletContext.setAttribute("org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher", wac);
|
||||
|
||||
assertThat(tag.authorize()).isTrue();
|
||||
}
|
||||
|
||||
private class AuthzTag extends AbstractAuthorizeTag {
|
||||
|
||||
@Override
|
||||
|
||||
+32
-8
@@ -26,6 +26,7 @@ import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.web.context.WebApplicationContext;
|
||||
|
||||
import javax.servlet.ServletContext;
|
||||
import javax.servlet.jsp.tagext.Tag;
|
||||
import java.util.*;
|
||||
|
||||
@@ -40,7 +41,7 @@ public class AccessControlListTagTests {
|
||||
AccessControlListTag tag;
|
||||
PermissionEvaluator pe;
|
||||
MockPageContext pageContext;
|
||||
Authentication bob = new TestingAuthenticationToken("bob","bobspass","A");
|
||||
Authentication bob = new TestingAuthenticationToken("bob", "bobspass", "A");
|
||||
|
||||
@Before
|
||||
@SuppressWarnings("rawtypes")
|
||||
@@ -56,8 +57,10 @@ public class AccessControlListTagTests {
|
||||
when(ctx.getBeansOfType(PermissionEvaluator.class)).thenReturn(beanMap);
|
||||
|
||||
MockServletContext servletCtx = new MockServletContext();
|
||||
servletCtx.setAttribute(WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE, ctx);
|
||||
pageContext = new MockPageContext(servletCtx, new MockHttpServletRequest(), new MockHttpServletResponse());
|
||||
servletCtx.setAttribute(
|
||||
WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE, ctx);
|
||||
pageContext = new MockPageContext(servletCtx, new MockHttpServletRequest(),
|
||||
new MockHttpServletResponse());
|
||||
tag.setPageContext(pageContext);
|
||||
}
|
||||
|
||||
@@ -78,7 +81,28 @@ public class AccessControlListTagTests {
|
||||
assertEquals("READ", tag.getHasPermission());
|
||||
|
||||
assertEquals(Tag.EVAL_BODY_INCLUDE, tag.doStartTag());
|
||||
assertTrue((Boolean)pageContext.getAttribute("allowed"));
|
||||
assertTrue((Boolean) pageContext.getAttribute("allowed"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void childContext() throws Exception {
|
||||
ServletContext servletContext = pageContext.getServletContext();
|
||||
WebApplicationContext wac = (WebApplicationContext) servletContext
|
||||
.getAttribute(WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE);
|
||||
servletContext.removeAttribute(WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE);
|
||||
servletContext.setAttribute("org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher", wac);
|
||||
|
||||
Object domainObject = new Object();
|
||||
when(pe.hasPermission(bob, domainObject, "READ")).thenReturn(true);
|
||||
|
||||
tag.setDomainObject(domainObject);
|
||||
tag.setHasPermission("READ");
|
||||
tag.setVar("allowed");
|
||||
assertSame(domainObject, tag.getDomainObject());
|
||||
assertEquals("READ", tag.getHasPermission());
|
||||
|
||||
assertEquals(Tag.EVAL_BODY_INCLUDE, tag.doStartTag());
|
||||
assertTrue((Boolean) pageContext.getAttribute("allowed"));
|
||||
}
|
||||
|
||||
// SEC-2022
|
||||
@@ -95,7 +119,7 @@ public class AccessControlListTagTests {
|
||||
assertEquals("READ,WRITE", tag.getHasPermission());
|
||||
|
||||
assertEquals(Tag.EVAL_BODY_INCLUDE, tag.doStartTag());
|
||||
assertTrue((Boolean)pageContext.getAttribute("allowed"));
|
||||
assertTrue((Boolean) pageContext.getAttribute("allowed"));
|
||||
verify(pe).hasPermission(bob, domainObject, "READ");
|
||||
verify(pe).hasPermission(bob, domainObject, "WRITE");
|
||||
verifyNoMoreInteractions(pe);
|
||||
@@ -115,7 +139,7 @@ public class AccessControlListTagTests {
|
||||
assertEquals("1,2", tag.getHasPermission());
|
||||
|
||||
assertEquals(Tag.EVAL_BODY_INCLUDE, tag.doStartTag());
|
||||
assertTrue((Boolean)pageContext.getAttribute("allowed"));
|
||||
assertTrue((Boolean) pageContext.getAttribute("allowed"));
|
||||
verify(pe).hasPermission(bob, domainObject, 1);
|
||||
verify(pe).hasPermission(bob, domainObject, 2);
|
||||
verifyNoMoreInteractions(pe);
|
||||
@@ -134,7 +158,7 @@ public class AccessControlListTagTests {
|
||||
assertEquals("1,WRITE", tag.getHasPermission());
|
||||
|
||||
assertEquals(Tag.EVAL_BODY_INCLUDE, tag.doStartTag());
|
||||
assertTrue((Boolean)pageContext.getAttribute("allowed"));
|
||||
assertTrue((Boolean) pageContext.getAttribute("allowed"));
|
||||
verify(pe).hasPermission(bob, domainObject, 1);
|
||||
verify(pe).hasPermission(bob, domainObject, "WRITE");
|
||||
verifyNoMoreInteractions(pe);
|
||||
@@ -150,6 +174,6 @@ public class AccessControlListTagTests {
|
||||
tag.setVar("allowed");
|
||||
|
||||
assertEquals(Tag.SKIP_BODY, tag.doStartTag());
|
||||
assertFalse((Boolean)pageContext.getAttribute("allowed"));
|
||||
assertFalse((Boolean) pageContext.getAttribute("allowed"));
|
||||
}
|
||||
}
|
||||
|
||||
+9
-15
@@ -4,7 +4,7 @@
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-web</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<name>spring-security-web</name>
|
||||
<description>spring-security-web</description>
|
||||
<url>http://spring.io/spring-security</url>
|
||||
@@ -42,12 +42,6 @@
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
<repositories>
|
||||
<repository>
|
||||
<id>spring-snasphot</id>
|
||||
<url>https://repo.spring.io/snapshot</url>
|
||||
</repository>
|
||||
</repositories>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>aopalliance</groupId>
|
||||
@@ -58,7 +52,7 @@
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-core</artifactId>
|
||||
<version>3.2.7.CI-SNAPSHOT</version>
|
||||
<version>3.2.9.RELEASE</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
@@ -170,13 +164,13 @@
|
||||
<dependency>
|
||||
<groupId>org.mockito</groupId>
|
||||
<artifactId>mockito-core</artifactId>
|
||||
<version>1.9.5</version>
|
||||
<version>1.10.19</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.powermock</groupId>
|
||||
<artifactId>powermock-api-mockito</artifactId>
|
||||
<version>1.6.1</version>
|
||||
<version>1.6.2</version>
|
||||
<scope>test</scope>
|
||||
<exclusions>
|
||||
<exclusion>
|
||||
@@ -188,31 +182,31 @@
|
||||
<dependency>
|
||||
<groupId>org.powermock</groupId>
|
||||
<artifactId>powermock-api-support</artifactId>
|
||||
<version>1.6.1</version>
|
||||
<version>1.6.2</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.powermock</groupId>
|
||||
<artifactId>powermock-core</artifactId>
|
||||
<version>1.6.1</version>
|
||||
<version>1.6.2</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.powermock</groupId>
|
||||
<artifactId>powermock-module-junit4</artifactId>
|
||||
<version>1.6.1</version>
|
||||
<version>1.6.2</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.powermock</groupId>
|
||||
<artifactId>powermock-module-junit4-common</artifactId>
|
||||
<version>1.6.1</version>
|
||||
<version>1.6.2</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.powermock</groupId>
|
||||
<artifactId>powermock-reflect</artifactId>
|
||||
<version>1.6.1</version>
|
||||
<version>1.6.2</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
|
||||
+137
-88
@@ -38,6 +38,7 @@ import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.core.SpringSecurityMessageSource;
|
||||
import org.springframework.security.crypto.codec.Base64;
|
||||
import org.springframework.security.core.context.SecurityContext;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.core.userdetails.UserCache;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
@@ -49,46 +50,52 @@ import org.springframework.util.Assert;
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.springframework.web.filter.GenericFilterBean;
|
||||
|
||||
|
||||
/**
|
||||
* Processes a HTTP request's Digest authorization headers, putting the result into the
|
||||
* <code>SecurityContextHolder</code>.
|
||||
* <p>
|
||||
* For a detailed background on what this filter is designed to process, refer to
|
||||
* <a href="http://www.ietf.org/rfc/rfc2617.txt">RFC 2617</a> (which superseded RFC 2069, although this
|
||||
* filter support clients that implement either RFC 2617 or RFC 2069).
|
||||
* For a detailed background on what this filter is designed to process, refer to <a
|
||||
* href="http://www.ietf.org/rfc/rfc2617.txt">RFC 2617</a> (which superseded RFC 2069,
|
||||
* although this filter support clients that implement either RFC 2617 or RFC 2069).
|
||||
* <p>
|
||||
* This filter can be used to provide Digest authentication services to both remoting protocol clients (such as
|
||||
* Hessian and SOAP) as well as standard user agents (such as Internet Explorer and FireFox).
|
||||
* This filter can be used to provide Digest authentication services to both remoting
|
||||
* protocol clients (such as Hessian and SOAP) as well as standard user agents (such as
|
||||
* Internet Explorer and FireFox).
|
||||
* <p>
|
||||
* This Digest implementation has been designed to avoid needing to store session state between invocations.
|
||||
* All session management information is stored in the "nonce" that is sent to the client by the {@link
|
||||
* DigestAuthenticationEntryPoint}.
|
||||
* This Digest implementation has been designed to avoid needing to store session state
|
||||
* between invocations. All session management information is stored in the "nonce" that
|
||||
* is sent to the client by the {@link DigestAuthenticationEntryPoint}.
|
||||
* <p>
|
||||
* If authentication is successful, the resulting {@link org.springframework.security.core.Authentication Authentication}
|
||||
* object will be placed into the <code>SecurityContextHolder</code>.
|
||||
* If authentication is successful, the resulting
|
||||
* {@link org.springframework.security.core.Authentication Authentication} object will be
|
||||
* placed into the <code>SecurityContextHolder</code>.
|
||||
* <p>
|
||||
* If authentication fails, an {@link org.springframework.security.web.AuthenticationEntryPoint AuthenticationEntryPoint}
|
||||
* implementation is called. This must always be {@link DigestAuthenticationEntryPoint}, which will prompt the user
|
||||
* to authenticate again via Digest authentication.
|
||||
* If authentication fails, an
|
||||
* {@link org.springframework.security.web.AuthenticationEntryPoint
|
||||
* AuthenticationEntryPoint} implementation is called. This must always be
|
||||
* {@link DigestAuthenticationEntryPoint}, which will prompt the user to authenticate
|
||||
* again via Digest authentication.
|
||||
* <p>
|
||||
* Note there are limitations to Digest authentication, although it is a more comprehensive and secure solution
|
||||
* than Basic authentication. Please see RFC 2617 section 4 for a full discussion on the advantages of Digest
|
||||
* authentication over Basic authentication, including commentary on the limitations that it still imposes.
|
||||
* Note there are limitations to Digest authentication, although it is a more
|
||||
* comprehensive and secure solution than Basic authentication. Please see RFC 2617
|
||||
* section 4 for a full discussion on the advantages of Digest authentication over Basic
|
||||
* authentication, including commentary on the limitations that it still imposes.
|
||||
*
|
||||
* @author Ben Alex
|
||||
* @author Luke Taylor
|
||||
* @since 1.0.0
|
||||
*/
|
||||
public class DigestAuthenticationFilter extends GenericFilterBean implements MessageSourceAware {
|
||||
//~ Static fields/initializers =====================================================================================
|
||||
|
||||
public class DigestAuthenticationFilter extends GenericFilterBean implements
|
||||
MessageSourceAware {
|
||||
// ~ Static fields/initializers
|
||||
// =====================================================================================
|
||||
|
||||
private static final Log logger = LogFactory.getLog(DigestAuthenticationFilter.class);
|
||||
|
||||
//~ Instance fields ================================================================================================
|
||||
// ~ Instance fields
|
||||
// ================================================================================================
|
||||
|
||||
private AuthenticationDetailsSource<HttpServletRequest,?> authenticationDetailsSource = new WebAuthenticationDetailsSource();
|
||||
private AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource = new WebAuthenticationDetailsSource();
|
||||
private DigestAuthenticationEntryPoint authenticationEntryPoint;
|
||||
protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
|
||||
private UserCache userCache = new NullUserCache();
|
||||
@@ -96,12 +103,14 @@ public class DigestAuthenticationFilter extends GenericFilterBean implements Mes
|
||||
private boolean passwordAlreadyEncoded = false;
|
||||
private boolean createAuthenticatedToken = false;
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
// ~ Methods
|
||||
// ========================================================================================================
|
||||
|
||||
@Override
|
||||
public void afterPropertiesSet() {
|
||||
Assert.notNull(userDetailsService, "A UserDetailsService is required");
|
||||
Assert.notNull(authenticationEntryPoint, "A DigestAuthenticationEntryPoint is required");
|
||||
Assert.notNull(authenticationEntryPoint,
|
||||
"A DigestAuthenticationEntryPoint is required");
|
||||
}
|
||||
|
||||
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
|
||||
@@ -118,14 +127,17 @@ public class DigestAuthenticationFilter extends GenericFilterBean implements Mes
|
||||
}
|
||||
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Digest Authorization header received from user agent: " + header);
|
||||
logger.debug("Digest Authorization header received from user agent: "
|
||||
+ header);
|
||||
}
|
||||
|
||||
DigestData digestAuth = new DigestData(header);
|
||||
|
||||
try {
|
||||
digestAuth.validateAndDecode(authenticationEntryPoint.getKey(), authenticationEntryPoint.getRealmName());
|
||||
} catch (BadCredentialsException e) {
|
||||
digestAuth.validateAndDecode(authenticationEntryPoint.getKey(),
|
||||
authenticationEntryPoint.getRealmName());
|
||||
}
|
||||
catch (BadCredentialsException e) {
|
||||
fail(request, response, e);
|
||||
|
||||
return;
|
||||
@@ -151,38 +163,45 @@ public class DigestAuthenticationFilter extends GenericFilterBean implements Mes
|
||||
userCache.putUserInCache(user);
|
||||
}
|
||||
|
||||
serverDigestMd5 = digestAuth.calculateServerDigest(user.getPassword(), request.getMethod());
|
||||
serverDigestMd5 = digestAuth.calculateServerDigest(user.getPassword(),
|
||||
request.getMethod());
|
||||
|
||||
// If digest is incorrect, try refreshing from backend and recomputing
|
||||
if (!serverDigestMd5.equals(digestAuth.getResponse()) && cacheWasUsed) {
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug(
|
||||
"Digest comparison failure; trying to refresh user from DAO in case password had changed");
|
||||
logger.debug("Digest comparison failure; trying to refresh user from DAO in case password had changed");
|
||||
}
|
||||
|
||||
user = userDetailsService.loadUserByUsername(digestAuth.getUsername());
|
||||
userCache.putUserInCache(user);
|
||||
serverDigestMd5 = digestAuth.calculateServerDigest(user.getPassword(), request.getMethod());
|
||||
serverDigestMd5 = digestAuth.calculateServerDigest(user.getPassword(),
|
||||
request.getMethod());
|
||||
}
|
||||
|
||||
} catch (UsernameNotFoundException notFound) {
|
||||
fail(request, response,
|
||||
new BadCredentialsException(messages.getMessage("DigestAuthenticationFilter.usernameNotFound",
|
||||
new Object[]{digestAuth.getUsername()}, "Username {0} not found")));
|
||||
}
|
||||
catch (UsernameNotFoundException notFound) {
|
||||
fail(request,
|
||||
response,
|
||||
new BadCredentialsException(messages.getMessage(
|
||||
"DigestAuthenticationFilter.usernameNotFound",
|
||||
new Object[] { digestAuth.getUsername() },
|
||||
"Username {0} not found")));
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
// If digest is still incorrect, definitely reject authentication attempt
|
||||
if (!serverDigestMd5.equals(digestAuth.getResponse())) {
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Expected response: '" + serverDigestMd5 + "' but received: '" + digestAuth.getResponse()
|
||||
logger.debug("Expected response: '" + serverDigestMd5
|
||||
+ "' but received: '" + digestAuth.getResponse()
|
||||
+ "'; is AuthenticationDao returning clear text passwords?");
|
||||
}
|
||||
|
||||
fail(request, response,
|
||||
new BadCredentialsException(messages.getMessage("DigestAuthenticationFilter.incorrectResponse",
|
||||
fail(request,
|
||||
response,
|
||||
new BadCredentialsException(messages.getMessage(
|
||||
"DigestAuthenticationFilter.incorrectResponse",
|
||||
"Incorrect response")));
|
||||
return;
|
||||
}
|
||||
@@ -192,8 +211,10 @@ public class DigestAuthenticationFilter extends GenericFilterBean implements Mes
|
||||
// We do this last so we can direct the user agent its nonce is stale
|
||||
// but the request was otherwise appearing to be valid
|
||||
if (digestAuth.isNonceExpired()) {
|
||||
fail(request, response,
|
||||
new NonceExpiredException(messages.getMessage("DigestAuthenticationFilter.nonceExpired",
|
||||
fail(request,
|
||||
response,
|
||||
new NonceExpiredException(messages.getMessage(
|
||||
"DigestAuthenticationFilter.nonceExpired",
|
||||
"Nonce has expired/timed out")));
|
||||
|
||||
return;
|
||||
@@ -204,27 +225,34 @@ public class DigestAuthenticationFilter extends GenericFilterBean implements Mes
|
||||
+ "' with response: '" + digestAuth.getResponse() + "'");
|
||||
}
|
||||
|
||||
SecurityContextHolder.getContext().setAuthentication(createSuccessfulAuthentication(request, user));
|
||||
Authentication authentication = createSuccessfulAuthentication(request, user);
|
||||
SecurityContext context = SecurityContextHolder.createEmptyContext();
|
||||
context.setAuthentication(authentication);
|
||||
SecurityContextHolder.setContext(context);
|
||||
|
||||
chain.doFilter(request, response);
|
||||
}
|
||||
|
||||
private Authentication createSuccessfulAuthentication(HttpServletRequest request, UserDetails user) {
|
||||
private Authentication createSuccessfulAuthentication(HttpServletRequest request,
|
||||
UserDetails user) {
|
||||
UsernamePasswordAuthenticationToken authRequest;
|
||||
if (createAuthenticatedToken) {
|
||||
authRequest = new UsernamePasswordAuthenticationToken(user, user.getPassword(), user.getAuthorities());
|
||||
authRequest = new UsernamePasswordAuthenticationToken(user,
|
||||
user.getPassword(), user.getAuthorities());
|
||||
}
|
||||
else {
|
||||
authRequest = new UsernamePasswordAuthenticationToken(user, user.getPassword());
|
||||
authRequest = new UsernamePasswordAuthenticationToken(user,
|
||||
user.getPassword());
|
||||
}
|
||||
|
||||
authRequest.setDetails(authenticationDetailsSource.buildDetails((HttpServletRequest) request));
|
||||
authRequest.setDetails(authenticationDetailsSource
|
||||
.buildDetails((HttpServletRequest) request));
|
||||
|
||||
return authRequest;
|
||||
}
|
||||
|
||||
private void fail(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed)
|
||||
throws IOException, ServletException {
|
||||
private void fail(HttpServletRequest request, HttpServletResponse response,
|
||||
AuthenticationException failed) throws IOException, ServletException {
|
||||
SecurityContextHolder.getContext().setAuthentication(null);
|
||||
|
||||
if (logger.isDebugEnabled()) {
|
||||
@@ -246,12 +274,15 @@ public class DigestAuthenticationFilter extends GenericFilterBean implements Mes
|
||||
return userDetailsService;
|
||||
}
|
||||
|
||||
public void setAuthenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest,?> authenticationDetailsSource) {
|
||||
Assert.notNull(authenticationDetailsSource, "AuthenticationDetailsSource required");
|
||||
public void setAuthenticationDetailsSource(
|
||||
AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource) {
|
||||
Assert.notNull(authenticationDetailsSource,
|
||||
"AuthenticationDetailsSource required");
|
||||
this.authenticationDetailsSource = authenticationDetailsSource;
|
||||
}
|
||||
|
||||
public void setAuthenticationEntryPoint(DigestAuthenticationEntryPoint authenticationEntryPoint) {
|
||||
public void setAuthenticationEntryPoint(
|
||||
DigestAuthenticationEntryPoint authenticationEntryPoint) {
|
||||
this.authenticationEntryPoint = authenticationEntryPoint;
|
||||
}
|
||||
|
||||
@@ -271,18 +302,16 @@ public class DigestAuthenticationFilter extends GenericFilterBean implements Mes
|
||||
this.userDetailsService = userDetailsService;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* If you set this property, the Authentication object, which is
|
||||
* created after the successful digest authentication will be marked
|
||||
* as <b>authenticated</b> and filled with the authorities loaded by
|
||||
* the UserDetailsService. It therefore will not be re-authenticated
|
||||
* by your AuthenticationProvider. This means, that only the password
|
||||
* If you set this property, the Authentication object, which is created after the
|
||||
* successful digest authentication will be marked as <b>authenticated</b> and filled
|
||||
* with the authorities loaded by the UserDetailsService. It therefore will not be
|
||||
* re-authenticated by your AuthenticationProvider. This means, that only the password
|
||||
* of the user is checked, but not the flags like isEnabled() or
|
||||
* isAccountNonExpired(). You will save some time by enabling this flag,
|
||||
* as otherwise your UserDetailsService will be called twice. A more secure
|
||||
* option would be to introduce a cache around your UserDetailsService, but
|
||||
* if you don't use these flags, you can also safely enable this option.
|
||||
* isAccountNonExpired(). You will save some time by enabling this flag, as otherwise
|
||||
* your UserDetailsService will be called twice. A more secure option would be to
|
||||
* introduce a cache around your UserDetailsService, but if you don't use these flags,
|
||||
* you can also safely enable this option.
|
||||
*
|
||||
* @param createAuthenticatedToken default is false
|
||||
*/
|
||||
@@ -304,8 +333,10 @@ public class DigestAuthenticationFilter extends GenericFilterBean implements Mes
|
||||
|
||||
DigestData(String header) {
|
||||
section212response = header.substring(7);
|
||||
String[] headerEntries = DigestAuthUtils.splitIgnoringQuotes(section212response, ',');
|
||||
Map<String,String> headerMap = DigestAuthUtils.splitEachArrayElementAndCreateMap(headerEntries, "=", "\"");
|
||||
String[] headerEntries = DigestAuthUtils.splitIgnoringQuotes(
|
||||
section212response, ',');
|
||||
Map<String, String> headerMap = DigestAuthUtils
|
||||
.splitEachArrayElementAndCreateMap(headerEntries, "=", "\"");
|
||||
|
||||
username = headerMap.get("username");
|
||||
realm = headerMap.get("realm");
|
||||
@@ -317,69 +348,87 @@ public class DigestAuthenticationFilter extends GenericFilterBean implements Mes
|
||||
cnonce = headerMap.get("cnonce"); // RFC 2617 extension
|
||||
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Extracted username: '" + username + "'; realm: '" + realm + "'; nonce: '"
|
||||
+ nonce + "'; uri: '" + uri + "'; response: '" + response + "'");
|
||||
logger.debug("Extracted username: '" + username + "'; realm: '" + realm
|
||||
+ "'; nonce: '" + nonce + "'; uri: '" + uri + "'; response: '"
|
||||
+ response + "'");
|
||||
}
|
||||
}
|
||||
|
||||
void validateAndDecode(String entryPointKey, String expectedRealm) throws BadCredentialsException {
|
||||
void validateAndDecode(String entryPointKey, String expectedRealm)
|
||||
throws BadCredentialsException {
|
||||
// Check all required parameters were supplied (ie RFC 2069)
|
||||
if ((username == null) || (realm == null) || (nonce == null) || (uri == null) || (response == null)) {
|
||||
throw new BadCredentialsException(messages.getMessage("DigestAuthenticationFilter.missingMandatory",
|
||||
new Object[]{section212response}, "Missing mandatory digest value; received header {0}"));
|
||||
if ((username == null) || (realm == null) || (nonce == null) || (uri == null)
|
||||
|| (response == null)) {
|
||||
throw new BadCredentialsException(messages.getMessage(
|
||||
"DigestAuthenticationFilter.missingMandatory",
|
||||
new Object[] { section212response },
|
||||
"Missing mandatory digest value; received header {0}"));
|
||||
}
|
||||
// Check all required parameters for an "auth" qop were supplied (ie RFC 2617)
|
||||
if ("auth".equals(qop)) {
|
||||
if ((nc == null) || (cnonce == null)) {
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("extracted nc: '" + nc + "'; cnonce: '" + cnonce + "'");
|
||||
logger.debug("extracted nc: '" + nc + "'; cnonce: '" + cnonce
|
||||
+ "'");
|
||||
}
|
||||
|
||||
throw new BadCredentialsException(messages.getMessage("DigestAuthenticationFilter.missingAuth",
|
||||
new Object[]{section212response}, "Missing mandatory digest value; received header {0}"));
|
||||
throw new BadCredentialsException(messages.getMessage(
|
||||
"DigestAuthenticationFilter.missingAuth",
|
||||
new Object[] { section212response },
|
||||
"Missing mandatory digest value; received header {0}"));
|
||||
}
|
||||
}
|
||||
|
||||
// Check realm name equals what we expected
|
||||
if (!expectedRealm.equals(realm)) {
|
||||
throw new BadCredentialsException(messages.getMessage("DigestAuthenticationFilter.incorrectRealm",
|
||||
new Object[]{realm, expectedRealm},
|
||||
"Response realm name '{0}' does not match system realm name of '{1}'"));
|
||||
throw new BadCredentialsException(
|
||||
messages.getMessage("DigestAuthenticationFilter.incorrectRealm",
|
||||
new Object[] { realm, expectedRealm },
|
||||
"Response realm name '{0}' does not match system realm name of '{1}'"));
|
||||
}
|
||||
|
||||
// Check nonce was Base64 encoded (as sent by DigestAuthenticationEntryPoint)
|
||||
if (!Base64.isBase64(nonce.getBytes())) {
|
||||
throw new BadCredentialsException(messages.getMessage("DigestAuthenticationFilter.nonceEncoding",
|
||||
new Object[]{nonce}, "Nonce is not encoded in Base64; received nonce {0}"));
|
||||
throw new BadCredentialsException(messages.getMessage(
|
||||
"DigestAuthenticationFilter.nonceEncoding",
|
||||
new Object[] { nonce },
|
||||
"Nonce is not encoded in Base64; received nonce {0}"));
|
||||
}
|
||||
|
||||
// Decode nonce from Base64
|
||||
// format of nonce is:
|
||||
// base64(expirationTime + ":" + md5Hex(expirationTime + ":" + key))
|
||||
String nonceAsPlainText = new String(Base64.decode(nonce.getBytes()));
|
||||
String[] nonceTokens = StringUtils.delimitedListToStringArray(nonceAsPlainText, ":");
|
||||
String[] nonceTokens = StringUtils.delimitedListToStringArray(
|
||||
nonceAsPlainText, ":");
|
||||
|
||||
if (nonceTokens.length != 2) {
|
||||
throw new BadCredentialsException(messages.getMessage("DigestAuthenticationFilter.nonceNotTwoTokens",
|
||||
new Object[]{nonceAsPlainText}, "Nonce should have yielded two tokens but was {0}"));
|
||||
throw new BadCredentialsException(messages.getMessage(
|
||||
"DigestAuthenticationFilter.nonceNotTwoTokens",
|
||||
new Object[] { nonceAsPlainText },
|
||||
"Nonce should have yielded two tokens but was {0}"));
|
||||
}
|
||||
|
||||
// Extract expiry time from nonce
|
||||
|
||||
try {
|
||||
nonceExpiryTime = new Long(nonceTokens[0]).longValue();
|
||||
} catch (NumberFormatException nfe) {
|
||||
throw new BadCredentialsException(messages.getMessage("DigestAuthenticationFilter.nonceNotNumeric",
|
||||
new Object[]{nonceAsPlainText},
|
||||
}
|
||||
catch (NumberFormatException nfe) {
|
||||
throw new BadCredentialsException(
|
||||
messages.getMessage("DigestAuthenticationFilter.nonceNotNumeric",
|
||||
new Object[] { nonceAsPlainText },
|
||||
"Nonce token should have yielded a numeric first token, but was {0}"));
|
||||
}
|
||||
|
||||
// Check signature of nonce matches this expiry time
|
||||
String expectedNonceSignature = DigestAuthUtils.md5Hex(nonceExpiryTime + ":" + entryPointKey);
|
||||
String expectedNonceSignature = DigestAuthUtils.md5Hex(nonceExpiryTime + ":"
|
||||
+ entryPointKey);
|
||||
|
||||
if (!expectedNonceSignature.equals(nonceTokens[1])) {
|
||||
new BadCredentialsException(messages.getMessage("DigestAuthenticationFilter.nonceCompromised",
|
||||
new Object[]{nonceAsPlainText}, "Nonce token compromised {0}"));
|
||||
new BadCredentialsException(messages.getMessage(
|
||||
"DigestAuthenticationFilter.nonceCompromised",
|
||||
new Object[] { nonceAsPlainText }, "Nonce token compromised {0}"));
|
||||
}
|
||||
}
|
||||
|
||||
@@ -387,8 +436,8 @@ public class DigestAuthenticationFilter extends GenericFilterBean implements Mes
|
||||
// Compute the expected response-digest (will be in hex form)
|
||||
|
||||
// Don't catch IllegalArgumentException (already checked validity)
|
||||
return DigestAuthUtils.generateDigest(passwordAlreadyEncoded, username, realm, password,
|
||||
httpMethod, uri, qop, nonce, nc, cnonce);
|
||||
return DigestAuthUtils.generateDigest(passwordAlreadyEncoded, username,
|
||||
realm, password, httpMethod, uri, qop, nonce, nc, cnonce);
|
||||
}
|
||||
|
||||
boolean isNonceExpired() {
|
||||
|
||||
+1
-1
@@ -304,7 +304,7 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
|
||||
logger.debug("SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.");
|
||||
}
|
||||
|
||||
if (httpSession != null && !contextObject.equals(contextBeforeExecution)) {
|
||||
if (httpSession != null && authBeforeExecution != null) {
|
||||
// SEC-1587 A non-anonymous context may still be in the session
|
||||
// SEC-1735 remove if the contextBeforeExecution was not anonymous
|
||||
httpSession.removeAttribute(springSecurityContextKey);
|
||||
|
||||
+88
@@ -0,0 +1,88 @@
|
||||
/*
|
||||
* Copyright 2002-2015 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.web.context.support;
|
||||
|
||||
import java.util.Enumeration;
|
||||
|
||||
import javax.servlet.ServletContext;
|
||||
|
||||
import org.springframework.web.context.WebApplicationContext;
|
||||
import org.springframework.web.context.support.WebApplicationContextUtils;
|
||||
|
||||
/**
|
||||
* Spring Security extension to Spring's {@link WebApplicationContextUtils}.
|
||||
*
|
||||
* @author Rob Winch
|
||||
*/
|
||||
public abstract class SecurityWebApplicationContextUtils extends WebApplicationContextUtils {
|
||||
|
||||
/**
|
||||
* Find a unique {@code WebApplicationContext} for this web app: either the
|
||||
* root web app context (preferred) or a unique {@code WebApplicationContext}
|
||||
* among the registered {@code ServletContext} attributes (typically coming
|
||||
* from a single {@code DispatcherServlet} in the current web application).
|
||||
* <p>Note that {@code DispatcherServlet}'s exposure of its context can be
|
||||
* controlled through its {@code publishContext} property, which is {@code true}
|
||||
* by default but can be selectively switched to only publish a single context
|
||||
* despite multiple {@code DispatcherServlet} registrations in the web app.
|
||||
* @param sc ServletContext to find the web application context for
|
||||
* @return the desired WebApplicationContext for this web app
|
||||
* @see #getWebApplicationContext(ServletContext)
|
||||
* @see ServletContext#getAttributeNames()
|
||||
* @throws IllegalStateException if no WebApplicationContext can be found
|
||||
*/
|
||||
public static WebApplicationContext findRequiredWebApplicationContext(ServletContext servletContext) {
|
||||
WebApplicationContext wac = findWebApplicationContext(servletContext);
|
||||
if (wac == null) {
|
||||
throw new IllegalStateException("No WebApplicationContext found: no ContextLoaderListener registered?");
|
||||
}
|
||||
return wac;
|
||||
}
|
||||
|
||||
/**
|
||||
* Find a unique {@code WebApplicationContext} for this web app: either the
|
||||
* root web app context (preferred) or a unique {@code WebApplicationContext}
|
||||
* among the registered {@code ServletContext} attributes (typically coming
|
||||
* from a single {@code DispatcherServlet} in the current web application).
|
||||
* <p>Note that {@code DispatcherServlet}'s exposure of its context can be
|
||||
* controlled through its {@code publishContext} property, which is {@code true}
|
||||
* by default but can be selectively switched to only publish a single context
|
||||
* despite multiple {@code DispatcherServlet} registrations in the web app.
|
||||
* @param sc ServletContext to find the web application context for
|
||||
* @return the desired WebApplicationContext for this web app, or {@code null} if none
|
||||
* @see #getWebApplicationContext(ServletContext)
|
||||
* @see ServletContext#getAttributeNames()
|
||||
*/
|
||||
private static WebApplicationContext findWebApplicationContext(ServletContext sc) {
|
||||
WebApplicationContext wac = getWebApplicationContext(sc);
|
||||
if (wac == null) {
|
||||
Enumeration<String> attrNames = sc.getAttributeNames();
|
||||
while (attrNames.hasMoreElements()) {
|
||||
String attrName = attrNames.nextElement();
|
||||
Object attrValue = sc.getAttribute(attrName);
|
||||
if (attrValue instanceof WebApplicationContext) {
|
||||
if (wac != null) {
|
||||
throw new IllegalStateException("No unique WebApplicationContext found: more than one " +
|
||||
"DispatcherServlet registered with publishContext=true?");
|
||||
}
|
||||
wac = (WebApplicationContext) attrValue;
|
||||
}
|
||||
}
|
||||
}
|
||||
return wac;
|
||||
}
|
||||
|
||||
}
|
||||
+1
-1
@@ -57,7 +57,7 @@ public class DefaultSavedRequest implements SavedRequest {
|
||||
private final ArrayList<SavedCookie> cookies = new ArrayList<SavedCookie>();
|
||||
private final ArrayList<Locale> locales = new ArrayList<Locale>();
|
||||
private final Map<String, List<String>> headers = new TreeMap<String, List<String>>(String.CASE_INSENSITIVE_ORDER);
|
||||
private final Map<String, String[]> parameters = new TreeMap<String, String[]>(String.CASE_INSENSITIVE_ORDER);
|
||||
private final Map<String, String[]> parameters = new TreeMap<String, String[]>();
|
||||
private final String contextPath;
|
||||
private final String method;
|
||||
private final String pathInfo;
|
||||
|
||||
+2
-1
@@ -19,6 +19,7 @@ import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.security.web.context.support.SecurityWebApplicationContextUtils;
|
||||
|
||||
import org.springframework.web.context.support.WebApplicationContextUtils;
|
||||
|
||||
@@ -49,7 +50,7 @@ public class HttpSessionEventPublisher implements HttpSessionListener {
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
ApplicationContext getContext(ServletContext servletContext) {
|
||||
return WebApplicationContextUtils.getRequiredWebApplicationContext(servletContext);
|
||||
return SecurityWebApplicationContextUtils.findRequiredWebApplicationContext(servletContext);
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
+200
-112
@@ -15,11 +15,20 @@
|
||||
|
||||
package org.springframework.security.web.authentication.www;
|
||||
|
||||
import static org.junit.Assert.*;
|
||||
import static org.mockito.Mockito.*;
|
||||
import static org.fest.assertions.Assertions.*;
|
||||
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertFalse;
|
||||
import static org.junit.Assert.assertNotNull;
|
||||
import static org.junit.Assert.assertNull;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
import static org.mockito.Mockito.mock;
|
||||
import static org.mockito.Mockito.times;
|
||||
import static org.mockito.Mockito.verify;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.*;
|
||||
import java.util.Map;
|
||||
|
||||
import javax.servlet.Filter;
|
||||
import javax.servlet.FilterChain;
|
||||
import javax.servlet.ServletException;
|
||||
@@ -32,7 +41,9 @@ import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.security.authentication.TestingAuthenticationToken;
|
||||
import org.springframework.security.core.authority.AuthorityUtils;
|
||||
import org.springframework.security.core.context.SecurityContext;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
@@ -41,7 +52,6 @@ import org.springframework.security.core.userdetails.UsernameNotFoundException;
|
||||
import org.springframework.security.core.userdetails.cache.NullUserCache;
|
||||
import org.springframework.util.StringUtils;
|
||||
|
||||
|
||||
/**
|
||||
* Tests {@link DigestAuthenticationFilter}.
|
||||
*
|
||||
@@ -49,7 +59,8 @@ import org.springframework.util.StringUtils;
|
||||
* @author Luke Taylor
|
||||
*/
|
||||
public class DigestAuthenticationFilterTests {
|
||||
//~ Static fields/initializers =====================================================================================
|
||||
// ~ Static fields/initializers
|
||||
// =====================================================================================
|
||||
|
||||
private static final String NC = "00000002";
|
||||
private static final String CNONCE = "c822c727a648aba7";
|
||||
@@ -65,23 +76,26 @@ public class DigestAuthenticationFilterTests {
|
||||
*/
|
||||
private static final String NONCE = generateNonce(60);
|
||||
|
||||
//~ Instance fields ================================================================================================
|
||||
// ~ Instance fields
|
||||
// ================================================================================================
|
||||
|
||||
// private ApplicationContext ctx;
|
||||
// private ApplicationContext ctx;
|
||||
private DigestAuthenticationFilter filter;
|
||||
private MockHttpServletRequest request;
|
||||
|
||||
// ~ Methods
|
||||
// ========================================================================================================
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
private String createAuthorizationHeader(String username, String realm, String nonce, String uri,
|
||||
String responseDigest, String qop, String nc, String cnonce) {
|
||||
return "Digest username=\"" + username + "\", realm=\"" + realm + "\", nonce=\"" + nonce + "\", uri=\"" + uri
|
||||
+ "\", response=\"" + responseDigest + "\", qop=" + qop + ", nc=" + nc + ", cnonce=\"" + cnonce + "\"";
|
||||
private String createAuthorizationHeader(String username, String realm, String nonce,
|
||||
String uri, String responseDigest, String qop, String nc, String cnonce) {
|
||||
return "Digest username=\"" + username + "\", realm=\"" + realm + "\", nonce=\""
|
||||
+ nonce + "\", uri=\"" + uri + "\", response=\"" + responseDigest
|
||||
+ "\", qop=" + qop + ", nc=" + nc + ", cnonce=\"" + cnonce + "\"";
|
||||
}
|
||||
|
||||
private MockHttpServletResponse executeFilterInContainerSimulator(Filter filter, final ServletRequest request,
|
||||
final boolean expectChainToProceed) throws ServletException, IOException {
|
||||
private MockHttpServletResponse executeFilterInContainerSimulator(Filter filter,
|
||||
final ServletRequest request, final boolean expectChainToProceed)
|
||||
throws ServletException, IOException {
|
||||
final MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
|
||||
final FilterChain chain = mock(FilterChain.class);
|
||||
@@ -111,8 +125,10 @@ public class DigestAuthenticationFilterTests {
|
||||
|
||||
// Create User Details Service
|
||||
UserDetailsService uds = new UserDetailsService() {
|
||||
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
|
||||
return new User("rod,ok", "koala", AuthorityUtils.createAuthorityList("ROLE_ONE","ROLE_TWO"));
|
||||
public UserDetails loadUserByUsername(String username)
|
||||
throws UsernameNotFoundException {
|
||||
return new User("rod,ok", "koala", AuthorityUtils.createAuthorityList(
|
||||
"ROLE_ONE", "ROLE_TWO"));
|
||||
}
|
||||
};
|
||||
|
||||
@@ -129,25 +145,28 @@ public class DigestAuthenticationFilterTests {
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testExpiredNonceReturnsForbiddenWithStaleHeader()
|
||||
throws Exception {
|
||||
public void testExpiredNonceReturnsForbiddenWithStaleHeader() throws Exception {
|
||||
String nonce = generateNonce(0);
|
||||
String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET",
|
||||
REQUEST_URI, QOP, nonce, NC, CNONCE);
|
||||
String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM,
|
||||
PASSWORD, "GET", REQUEST_URI, QOP, nonce, NC, CNONCE);
|
||||
|
||||
request.addHeader("Authorization",
|
||||
createAuthorizationHeader(USERNAME, REALM, nonce, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
|
||||
request.addHeader(
|
||||
"Authorization",
|
||||
createAuthorizationHeader(USERNAME, REALM, nonce, REQUEST_URI,
|
||||
responseDigest, QOP, NC, CNONCE));
|
||||
|
||||
Thread.sleep(1000); // ensures token expired
|
||||
|
||||
MockHttpServletResponse response = executeFilterInContainerSimulator(filter, request, false);
|
||||
MockHttpServletResponse response = executeFilterInContainerSimulator(filter,
|
||||
request, false);
|
||||
|
||||
assertNull(SecurityContextHolder.getContext().getAuthentication());
|
||||
assertEquals(401, response.getStatus());
|
||||
|
||||
String header = response.getHeader("WWW-Authenticate").toString().substring(7);
|
||||
String[] headerEntries = StringUtils.commaDelimitedListToStringArray(header);
|
||||
Map<String,String> headerMap = DigestAuthUtils.splitEachArrayElementAndCreateMap(headerEntries, "=", "\"");
|
||||
Map<String, String> headerMap = DigestAuthUtils
|
||||
.splitEachArrayElementAndCreateMap(headerEntries, "=", "\"");
|
||||
assertEquals("true", headerMap.get("stale"));
|
||||
}
|
||||
|
||||
@@ -175,13 +194,14 @@ public class DigestAuthenticationFilterTests {
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testInvalidDigestAuthorizationTokenGeneratesError()
|
||||
throws Exception {
|
||||
public void testInvalidDigestAuthorizationTokenGeneratesError() throws Exception {
|
||||
String token = "NOT_A_VALID_TOKEN_AS_MISSING_COLON";
|
||||
|
||||
request.addHeader("Authorization", "Digest " + new String(Base64.encodeBase64(token.getBytes())));
|
||||
request.addHeader("Authorization",
|
||||
"Digest " + new String(Base64.encodeBase64(token.getBytes())));
|
||||
|
||||
MockHttpServletResponse response = executeFilterInContainerSimulator(filter, request, false);
|
||||
MockHttpServletResponse response = executeFilterInContainerSimulator(filter,
|
||||
request, false);
|
||||
|
||||
assertEquals(401, response.getStatus());
|
||||
assertNull(SecurityContextHolder.getContext().getAuthentication());
|
||||
@@ -191,7 +211,8 @@ public class DigestAuthenticationFilterTests {
|
||||
public void testMalformedHeaderReturnsForbidden() throws Exception {
|
||||
request.addHeader("Authorization", "Digest scsdcsdc");
|
||||
|
||||
MockHttpServletResponse response = executeFilterInContainerSimulator(filter, request, false);
|
||||
MockHttpServletResponse response = executeFilterInContainerSimulator(filter,
|
||||
request, false);
|
||||
|
||||
assertNull(SecurityContextHolder.getContext().getAuthentication());
|
||||
assertEquals(401, response.getStatus());
|
||||
@@ -201,28 +222,36 @@ public class DigestAuthenticationFilterTests {
|
||||
public void testNonBase64EncodedNonceReturnsForbidden() throws Exception {
|
||||
String nonce = "NOT_BASE_64_ENCODED";
|
||||
|
||||
String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET",
|
||||
REQUEST_URI, QOP, nonce, NC, CNONCE);
|
||||
String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM,
|
||||
PASSWORD, "GET", REQUEST_URI, QOP, nonce, NC, CNONCE);
|
||||
|
||||
request.addHeader("Authorization",
|
||||
createAuthorizationHeader(USERNAME, REALM, nonce, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
|
||||
request.addHeader(
|
||||
"Authorization",
|
||||
createAuthorizationHeader(USERNAME, REALM, nonce, REQUEST_URI,
|
||||
responseDigest, QOP, NC, CNONCE));
|
||||
|
||||
MockHttpServletResponse response = executeFilterInContainerSimulator(filter, request, false);
|
||||
MockHttpServletResponse response = executeFilterInContainerSimulator(filter,
|
||||
request, false);
|
||||
|
||||
assertNull(SecurityContextHolder.getContext().getAuthentication());
|
||||
assertEquals(401, response.getStatus());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testNonceWithIncorrectSignatureForNumericFieldReturnsForbidden() throws Exception {
|
||||
String nonce = new String(Base64.encodeBase64("123456:incorrectStringPassword".getBytes()));
|
||||
String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET",
|
||||
REQUEST_URI, QOP, nonce, NC, CNONCE);
|
||||
public void testNonceWithIncorrectSignatureForNumericFieldReturnsForbidden()
|
||||
throws Exception {
|
||||
String nonce = new String(Base64.encodeBase64("123456:incorrectStringPassword"
|
||||
.getBytes()));
|
||||
String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM,
|
||||
PASSWORD, "GET", REQUEST_URI, QOP, nonce, NC, CNONCE);
|
||||
|
||||
request.addHeader("Authorization",
|
||||
createAuthorizationHeader(USERNAME, REALM, nonce, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
|
||||
request.addHeader(
|
||||
"Authorization",
|
||||
createAuthorizationHeader(USERNAME, REALM, nonce, REQUEST_URI,
|
||||
responseDigest, QOP, NC, CNONCE));
|
||||
|
||||
MockHttpServletResponse response = executeFilterInContainerSimulator(filter, request, false);
|
||||
MockHttpServletResponse response = executeFilterInContainerSimulator(filter,
|
||||
request, false);
|
||||
|
||||
assertNull(SecurityContextHolder.getContext().getAuthentication());
|
||||
assertEquals(401, response.getStatus());
|
||||
@@ -230,29 +259,38 @@ public class DigestAuthenticationFilterTests {
|
||||
|
||||
@Test
|
||||
public void testNonceWithNonNumericFirstElementReturnsForbidden() throws Exception {
|
||||
String nonce = new String(Base64.encodeBase64("hello:ignoredSecondElement".getBytes()));
|
||||
String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET",
|
||||
REQUEST_URI, QOP, nonce, NC, CNONCE);
|
||||
String nonce = new String(Base64.encodeBase64("hello:ignoredSecondElement"
|
||||
.getBytes()));
|
||||
String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM,
|
||||
PASSWORD, "GET", REQUEST_URI, QOP, nonce, NC, CNONCE);
|
||||
|
||||
request.addHeader("Authorization",
|
||||
createAuthorizationHeader(USERNAME, REALM, nonce, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
|
||||
request.addHeader(
|
||||
"Authorization",
|
||||
createAuthorizationHeader(USERNAME, REALM, nonce, REQUEST_URI,
|
||||
responseDigest, QOP, NC, CNONCE));
|
||||
|
||||
MockHttpServletResponse response = executeFilterInContainerSimulator(filter, request, false);
|
||||
MockHttpServletResponse response = executeFilterInContainerSimulator(filter,
|
||||
request, false);
|
||||
|
||||
assertNull(SecurityContextHolder.getContext().getAuthentication());
|
||||
assertEquals(401, response.getStatus());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testNonceWithoutTwoColonSeparatedElementsReturnsForbidden() throws Exception {
|
||||
String nonce = new String(Base64.encodeBase64("a base 64 string without a colon".getBytes()));
|
||||
String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET",
|
||||
REQUEST_URI, QOP, nonce, NC, CNONCE);
|
||||
public void testNonceWithoutTwoColonSeparatedElementsReturnsForbidden()
|
||||
throws Exception {
|
||||
String nonce = new String(Base64.encodeBase64("a base 64 string without a colon"
|
||||
.getBytes()));
|
||||
String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM,
|
||||
PASSWORD, "GET", REQUEST_URI, QOP, nonce, NC, CNONCE);
|
||||
|
||||
request.addHeader("Authorization",
|
||||
createAuthorizationHeader(USERNAME, REALM, nonce, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
|
||||
request.addHeader(
|
||||
"Authorization",
|
||||
createAuthorizationHeader(USERNAME, REALM, nonce, REQUEST_URI,
|
||||
responseDigest, QOP, NC, CNONCE));
|
||||
|
||||
MockHttpServletResponse response = executeFilterInContainerSimulator(filter, request, false);
|
||||
MockHttpServletResponse response = executeFilterInContainerSimulator(filter,
|
||||
request, false);
|
||||
|
||||
assertNull(SecurityContextHolder.getContext().getAuthentication());
|
||||
assertEquals(401, response.getStatus());
|
||||
@@ -260,58 +298,67 @@ public class DigestAuthenticationFilterTests {
|
||||
|
||||
@Test
|
||||
public void testNormalOperationWhenPasswordIsAlreadyEncoded() throws Exception {
|
||||
String encodedPassword = DigestAuthUtils.encodePasswordInA1Format(USERNAME, REALM, PASSWORD);
|
||||
String responseDigest = DigestAuthUtils.generateDigest(true, USERNAME, REALM, encodedPassword, "GET",
|
||||
REQUEST_URI, QOP, NONCE, NC, CNONCE);
|
||||
String encodedPassword = DigestAuthUtils.encodePasswordInA1Format(USERNAME,
|
||||
REALM, PASSWORD);
|
||||
String responseDigest = DigestAuthUtils.generateDigest(true, USERNAME, REALM,
|
||||
encodedPassword, "GET", REQUEST_URI, QOP, NONCE, NC, CNONCE);
|
||||
|
||||
request.addHeader("Authorization",
|
||||
createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
|
||||
request.addHeader(
|
||||
"Authorization",
|
||||
createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI,
|
||||
responseDigest, QOP, NC, CNONCE));
|
||||
|
||||
executeFilterInContainerSimulator(filter, request, true);
|
||||
|
||||
assertNotNull(SecurityContextHolder.getContext().getAuthentication());
|
||||
assertEquals(USERNAME,
|
||||
((UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername());
|
||||
assertEquals(USERNAME, ((UserDetails) SecurityContextHolder.getContext()
|
||||
.getAuthentication().getPrincipal()).getUsername());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testNormalOperationWhenPasswordNotAlreadyEncoded() throws Exception {
|
||||
String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET",
|
||||
REQUEST_URI, QOP, NONCE, NC, CNONCE);
|
||||
String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM,
|
||||
PASSWORD, "GET", REQUEST_URI, QOP, NONCE, NC, CNONCE);
|
||||
|
||||
request.addHeader("Authorization",
|
||||
createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
|
||||
request.addHeader(
|
||||
"Authorization",
|
||||
createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI,
|
||||
responseDigest, QOP, NC, CNONCE));
|
||||
|
||||
executeFilterInContainerSimulator(filter, request, true);
|
||||
|
||||
assertNotNull(SecurityContextHolder.getContext().getAuthentication());
|
||||
assertEquals(USERNAME,
|
||||
((UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername());
|
||||
assertFalse(SecurityContextHolder.getContext().getAuthentication().isAuthenticated());
|
||||
assertEquals(USERNAME, ((UserDetails) SecurityContextHolder.getContext()
|
||||
.getAuthentication().getPrincipal()).getUsername());
|
||||
assertFalse(SecurityContextHolder.getContext().getAuthentication()
|
||||
.isAuthenticated());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testNormalOperationWhenPasswordNotAlreadyEncodedAndWithoutReAuthentication() throws Exception {
|
||||
String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET",
|
||||
REQUEST_URI, QOP, NONCE, NC, CNONCE);
|
||||
public void testNormalOperationWhenPasswordNotAlreadyEncodedAndWithoutReAuthentication()
|
||||
throws Exception {
|
||||
String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM,
|
||||
PASSWORD, "GET", REQUEST_URI, QOP, NONCE, NC, CNONCE);
|
||||
|
||||
request.addHeader("Authorization",
|
||||
createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
|
||||
request.addHeader(
|
||||
"Authorization",
|
||||
createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI,
|
||||
responseDigest, QOP, NC, CNONCE));
|
||||
|
||||
filter.setCreateAuthenticatedToken(true);
|
||||
executeFilterInContainerSimulator(filter, request, true);
|
||||
|
||||
assertNotNull(SecurityContextHolder.getContext().getAuthentication());
|
||||
assertEquals(USERNAME,
|
||||
((UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername());
|
||||
assertTrue(SecurityContextHolder.getContext().getAuthentication().isAuthenticated());
|
||||
assertEquals(AuthorityUtils.createAuthorityList("ROLE_ONE","ROLE_TWO"),
|
||||
assertEquals(USERNAME, ((UserDetails) SecurityContextHolder.getContext()
|
||||
.getAuthentication().getPrincipal()).getUsername());
|
||||
assertTrue(SecurityContextHolder.getContext().getAuthentication()
|
||||
.isAuthenticated());
|
||||
assertEquals(AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"),
|
||||
SecurityContextHolder.getContext().getAuthentication().getAuthorities());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void otherAuthorizationSchemeIsIgnored()
|
||||
throws Exception {
|
||||
public void otherAuthorizationSchemeIsIgnored() throws Exception {
|
||||
request.addHeader("Authorization", "SOME_OTHER_AUTHENTICATION_SCHEME");
|
||||
|
||||
executeFilterInContainerSimulator(filter, request, true);
|
||||
@@ -319,14 +366,14 @@ public class DigestAuthenticationFilterTests {
|
||||
assertNull(SecurityContextHolder.getContext().getAuthentication());
|
||||
}
|
||||
|
||||
@Test(expected=IllegalArgumentException.class)
|
||||
@Test(expected = IllegalArgumentException.class)
|
||||
public void startupDetectsMissingAuthenticationEntryPoint() throws Exception {
|
||||
DigestAuthenticationFilter filter = new DigestAuthenticationFilter();
|
||||
filter.setUserDetailsService(mock(UserDetailsService.class));
|
||||
filter.afterPropertiesSet();
|
||||
}
|
||||
|
||||
@Test(expected=IllegalArgumentException.class)
|
||||
@Test(expected = IllegalArgumentException.class)
|
||||
public void startupDetectsMissingUserDetailsService() throws Exception {
|
||||
DigestAuthenticationFilter filter = new DigestAuthenticationFilter();
|
||||
filter.setAuthenticationEntryPoint(new DigestAuthenticationEntryPoint());
|
||||
@@ -334,26 +381,32 @@ public class DigestAuthenticationFilterTests {
|
||||
}
|
||||
|
||||
@Test
|
||||
public void successfulLoginThenFailedLoginResultsInSessionLosingToken() throws Exception {
|
||||
String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET",
|
||||
REQUEST_URI, QOP, NONCE, NC, CNONCE);
|
||||
public void successfulLoginThenFailedLoginResultsInSessionLosingToken()
|
||||
throws Exception {
|
||||
String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM,
|
||||
PASSWORD, "GET", REQUEST_URI, QOP, NONCE, NC, CNONCE);
|
||||
|
||||
request.addHeader("Authorization",
|
||||
createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
|
||||
request.addHeader(
|
||||
"Authorization",
|
||||
createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI,
|
||||
responseDigest, QOP, NC, CNONCE));
|
||||
|
||||
executeFilterInContainerSimulator(filter, request, true);
|
||||
|
||||
assertNotNull(SecurityContextHolder.getContext().getAuthentication());
|
||||
|
||||
// Now retry, giving an invalid nonce
|
||||
responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, "WRONG_PASSWORD", "GET",
|
||||
REQUEST_URI, QOP, NONCE, NC, CNONCE);
|
||||
responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM,
|
||||
"WRONG_PASSWORD", "GET", REQUEST_URI, QOP, NONCE, NC, CNONCE);
|
||||
|
||||
request = new MockHttpServletRequest();
|
||||
request.addHeader("Authorization",
|
||||
createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
|
||||
request.addHeader(
|
||||
"Authorization",
|
||||
createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI,
|
||||
responseDigest, QOP, NC, CNONCE));
|
||||
|
||||
MockHttpServletResponse response = executeFilterInContainerSimulator(filter, request, false);
|
||||
MockHttpServletResponse response = executeFilterInContainerSimulator(filter,
|
||||
request, false);
|
||||
|
||||
// Check we lost our previous authentication
|
||||
assertNull(SecurityContextHolder.getContext().getAuthentication());
|
||||
@@ -364,13 +417,16 @@ public class DigestAuthenticationFilterTests {
|
||||
public void wrongCnonceBasedOnDigestReturnsForbidden() throws Exception {
|
||||
String cnonce = "NOT_SAME_AS_USED_FOR_DIGEST_COMPUTATION";
|
||||
|
||||
String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET",
|
||||
REQUEST_URI, QOP, NONCE, NC, "DIFFERENT_CNONCE");
|
||||
String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM,
|
||||
PASSWORD, "GET", REQUEST_URI, QOP, NONCE, NC, "DIFFERENT_CNONCE");
|
||||
|
||||
request.addHeader("Authorization",
|
||||
createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, responseDigest, QOP, NC, cnonce));
|
||||
request.addHeader(
|
||||
"Authorization",
|
||||
createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI,
|
||||
responseDigest, QOP, NC, cnonce));
|
||||
|
||||
MockHttpServletResponse response = executeFilterInContainerSimulator(filter, request, false);
|
||||
MockHttpServletResponse response = executeFilterInContainerSimulator(filter,
|
||||
request, false);
|
||||
|
||||
assertNull(SecurityContextHolder.getContext().getAuthentication());
|
||||
assertEquals(401, response.getStatus());
|
||||
@@ -379,13 +435,16 @@ public class DigestAuthenticationFilterTests {
|
||||
@Test
|
||||
public void wrongDigestReturnsForbidden() throws Exception {
|
||||
String password = "WRONG_PASSWORD";
|
||||
String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, password, "GET",
|
||||
REQUEST_URI, QOP, NONCE, NC, CNONCE);
|
||||
String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM,
|
||||
password, "GET", REQUEST_URI, QOP, NONCE, NC, CNONCE);
|
||||
|
||||
request.addHeader("Authorization",
|
||||
createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
|
||||
request.addHeader(
|
||||
"Authorization",
|
||||
createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI,
|
||||
responseDigest, QOP, NC, CNONCE));
|
||||
|
||||
MockHttpServletResponse response = executeFilterInContainerSimulator(filter, request, false);
|
||||
MockHttpServletResponse response = executeFilterInContainerSimulator(filter,
|
||||
request, false);
|
||||
|
||||
assertNull(SecurityContextHolder.getContext().getAuthentication());
|
||||
assertEquals(401, response.getStatus());
|
||||
@@ -394,13 +453,16 @@ public class DigestAuthenticationFilterTests {
|
||||
@Test
|
||||
public void wrongRealmReturnsForbidden() throws Exception {
|
||||
String realm = "WRONG_REALM";
|
||||
String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, realm, PASSWORD, "GET",
|
||||
REQUEST_URI, QOP, NONCE, NC, CNONCE);
|
||||
String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, realm,
|
||||
PASSWORD, "GET", REQUEST_URI, QOP, NONCE, NC, CNONCE);
|
||||
|
||||
request.addHeader("Authorization",
|
||||
createAuthorizationHeader(USERNAME, realm, NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
|
||||
request.addHeader(
|
||||
"Authorization",
|
||||
createAuthorizationHeader(USERNAME, realm, NONCE, REQUEST_URI,
|
||||
responseDigest, QOP, NC, CNONCE));
|
||||
|
||||
MockHttpServletResponse response = executeFilterInContainerSimulator(filter, request, false);
|
||||
MockHttpServletResponse response = executeFilterInContainerSimulator(filter,
|
||||
request, false);
|
||||
|
||||
assertNull(SecurityContextHolder.getContext().getAuthentication());
|
||||
assertEquals(401, response.getStatus());
|
||||
@@ -408,15 +470,41 @@ public class DigestAuthenticationFilterTests {
|
||||
|
||||
@Test
|
||||
public void wrongUsernameReturnsForbidden() throws Exception {
|
||||
String responseDigest = DigestAuthUtils.generateDigest(false, "NOT_A_KNOWN_USER", REALM, PASSWORD,
|
||||
"GET", REQUEST_URI, QOP, NONCE, NC, CNONCE);
|
||||
String responseDigest = DigestAuthUtils.generateDigest(false, "NOT_A_KNOWN_USER",
|
||||
REALM, PASSWORD, "GET", REQUEST_URI, QOP, NONCE, NC, CNONCE);
|
||||
|
||||
request.addHeader("Authorization",
|
||||
createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
|
||||
request.addHeader(
|
||||
"Authorization",
|
||||
createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI,
|
||||
responseDigest, QOP, NC, CNONCE));
|
||||
|
||||
MockHttpServletResponse response = executeFilterInContainerSimulator(filter, request, false);
|
||||
MockHttpServletResponse response = executeFilterInContainerSimulator(filter,
|
||||
request, false);
|
||||
|
||||
assertNull(SecurityContextHolder.getContext().getAuthentication());
|
||||
assertEquals(401, response.getStatus());
|
||||
}
|
||||
|
||||
// SEC-3108
|
||||
@Test
|
||||
public void authenticationCreatesEmptyContext() throws Exception {
|
||||
SecurityContext existingContext = SecurityContextHolder.createEmptyContext();
|
||||
TestingAuthenticationToken existingAuthentication = new TestingAuthenticationToken("existingauthenitcated", "pass", "ROLE_USER");
|
||||
existingContext.setAuthentication(existingAuthentication);
|
||||
|
||||
SecurityContextHolder.setContext(existingContext);
|
||||
|
||||
String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM,
|
||||
PASSWORD, "GET", REQUEST_URI, QOP, NONCE, NC, CNONCE);
|
||||
|
||||
request.addHeader(
|
||||
"Authorization",
|
||||
createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI,
|
||||
responseDigest, QOP, NC, CNONCE));
|
||||
|
||||
filter.setCreateAuthenticatedToken(true);
|
||||
executeFilterInContainerSimulator(filter, request, true);
|
||||
|
||||
assertThat(existingAuthentication).isSameAs(existingContext.getAuthentication());
|
||||
}
|
||||
}
|
||||
|
||||
+19
@@ -429,6 +429,25 @@ public class HttpSessionSecurityContextRepositoryTests {
|
||||
assertSame(ctxInSession,request.getSession().getAttribute(SPRING_SECURITY_CONTEXT_KEY));
|
||||
}
|
||||
|
||||
|
||||
// SEC-3070
|
||||
@Test
|
||||
public void logoutInvalidateSessionFalseFails() throws Exception {
|
||||
HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
SecurityContext ctxInSession = SecurityContextHolder.createEmptyContext();
|
||||
ctxInSession.setAuthentication(testToken);
|
||||
request.getSession().setAttribute(SPRING_SECURITY_CONTEXT_KEY, ctxInSession);
|
||||
|
||||
HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, new MockHttpServletResponse());
|
||||
repo.loadContext(holder);
|
||||
|
||||
ctxInSession.setAuthentication(null);
|
||||
repo.saveContext(ctxInSession, holder.getRequest(), holder.getResponse());
|
||||
|
||||
assertNull(request.getSession().getAttribute(SPRING_SECURITY_CONTEXT_KEY));
|
||||
}
|
||||
|
||||
@Test
|
||||
@SuppressWarnings("deprecation")
|
||||
public void sessionDisableUrlRewritingPreventsSessionIdBeingWrittenToUrl() throws Exception {
|
||||
|
||||
+7
-4
@@ -30,12 +30,15 @@ public class DefaultSavedRequestTests {
|
||||
assertTrue(saved.getHeaderValues("if-none-match").isEmpty());
|
||||
}
|
||||
|
||||
// TODO: Why are parameters case insensitive. I think this is a mistake
|
||||
// SEC-3082
|
||||
@Test
|
||||
public void parametersAreCaseInsensitive() throws Exception {
|
||||
public void parametersAreCaseSensitive() throws Exception {
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
request.addParameter("ThisIsATest", "Hi mom");
|
||||
DefaultSavedRequest saved = new DefaultSavedRequest(request, new MockPortResolver(8080, 8443));
|
||||
request.addParameter("AnotHerTest", "Hi dad");
|
||||
request.addParameter("thisisatest", "Hi mom");
|
||||
DefaultSavedRequest saved = new DefaultSavedRequest(request,
|
||||
new MockPortResolver(8080, 8443));
|
||||
assertEquals("Hi mom", saved.getParameterValues("thisisatest")[0]);
|
||||
assertNull(saved.getParameterValues("anothertest"));
|
||||
}
|
||||
}
|
||||
|
||||
+3
-3
@@ -319,7 +319,7 @@ public class SecurityContextHolderAwareRequestFilterTests {
|
||||
verify(asyncContext).start(runnableCaptor.capture());
|
||||
DelegatingSecurityContextRunnable wrappedRunnable = (DelegatingSecurityContextRunnable) runnableCaptor
|
||||
.getValue();
|
||||
assertThat(WhiteboxImpl.getInternalState(wrappedRunnable, SecurityContext.class))
|
||||
assertThat(WhiteboxImpl.getInternalState(wrappedRunnable, "delegateSecurityContext"))
|
||||
.isEqualTo(context);
|
||||
assertThat(WhiteboxImpl.getInternalState(wrappedRunnable, "delegate"))
|
||||
.isEqualTo(runnable);
|
||||
@@ -346,7 +346,7 @@ public class SecurityContextHolderAwareRequestFilterTests {
|
||||
verify(asyncContext).start(runnableCaptor.capture());
|
||||
DelegatingSecurityContextRunnable wrappedRunnable = (DelegatingSecurityContextRunnable) runnableCaptor
|
||||
.getValue();
|
||||
assertThat(WhiteboxImpl.getInternalState(wrappedRunnable, SecurityContext.class))
|
||||
assertThat(WhiteboxImpl.getInternalState(wrappedRunnable, "delegateSecurityContext"))
|
||||
.isEqualTo(context);
|
||||
assertThat(WhiteboxImpl.getInternalState(wrappedRunnable, "delegate"))
|
||||
.isEqualTo(runnable);
|
||||
@@ -373,7 +373,7 @@ public class SecurityContextHolderAwareRequestFilterTests {
|
||||
verify(asyncContext).start(runnableCaptor.capture());
|
||||
DelegatingSecurityContextRunnable wrappedRunnable = (DelegatingSecurityContextRunnable) runnableCaptor
|
||||
.getValue();
|
||||
assertThat(WhiteboxImpl.getInternalState(wrappedRunnable, SecurityContext.class))
|
||||
assertThat(WhiteboxImpl.getInternalState(wrappedRunnable, "delegateSecurityContext"))
|
||||
.isEqualTo(context);
|
||||
assertThat(WhiteboxImpl.getInternalState(wrappedRunnable, "delegate"))
|
||||
.isEqualTo(runnable);
|
||||
|
||||
+39
-1
@@ -44,7 +44,45 @@ public class HttpSessionEventPublisherTests {
|
||||
StaticWebApplicationContext context = new StaticWebApplicationContext();
|
||||
|
||||
MockServletContext servletContext = new MockServletContext();
|
||||
servletContext.setAttribute(StaticWebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE, context);
|
||||
servletContext.setAttribute(
|
||||
StaticWebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE,
|
||||
context);
|
||||
|
||||
context.setServletContext(servletContext);
|
||||
context.registerSingleton("listener", MockApplicationListener.class, null);
|
||||
context.refresh();
|
||||
|
||||
MockHttpSession session = new MockHttpSession(servletContext);
|
||||
MockApplicationListener listener = (MockApplicationListener) context
|
||||
.getBean("listener");
|
||||
|
||||
HttpSessionEvent event = new HttpSessionEvent(session);
|
||||
|
||||
publisher.sessionCreated(event);
|
||||
|
||||
assertNotNull(listener.getCreatedEvent());
|
||||
assertNull(listener.getDestroyedEvent());
|
||||
assertEquals(session, listener.getCreatedEvent().getSession());
|
||||
|
||||
listener.setCreatedEvent(null);
|
||||
listener.setDestroyedEvent(null);
|
||||
|
||||
publisher.sessionDestroyed(event);
|
||||
assertNotNull(listener.getDestroyedEvent());
|
||||
assertNull(listener.getCreatedEvent());
|
||||
assertEquals(session, listener.getDestroyedEvent().getSession());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void publishedEventIsReceivedbyListenerChildContext() {
|
||||
HttpSessionEventPublisher publisher = new HttpSessionEventPublisher();
|
||||
|
||||
StaticWebApplicationContext context = new StaticWebApplicationContext();
|
||||
|
||||
MockServletContext servletContext = new MockServletContext();
|
||||
servletContext.setAttribute(
|
||||
"org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher",
|
||||
context);
|
||||
|
||||
context.setServletContext(servletContext);
|
||||
context.registerSingleton("listener", MockApplicationListener.class, null);
|
||||
|
||||
Reference in New Issue
Block a user