Compare commits
35 Commits
6.0.7
...
2.0.7.RELEASE
| Author | SHA1 | Date | |
|---|---|---|---|
| d5e6f0b575 | |||
| 76dc21469e | |||
| 22b7c9b905 | |||
| 0cdf202b10 | |||
| a507e3612a | |||
| f5fbda42e5 | |||
| d5b72275e5 | |||
| 08a933f930 | |||
| 54ffc98bb4 | |||
| 1c3d530b60 | |||
| beb0ec4ba9 | |||
| dec2e59fba | |||
| ed7f589998 | |||
| 8f6ddb0f17 | |||
| 62a8aca853 | |||
| 9c6a5135a3 | |||
| 0acf262546 | |||
| 6ad652ae97 | |||
| 068b3d48ec | |||
| d6f6a54455 | |||
| 4361211c21 | |||
| 71adc26b0f | |||
| eb3288ca34 | |||
| f3f4cfe804 | |||
| 40fa884860 | |||
| 3e393c9df6 | |||
| a61aca1abf | |||
| 52d2c904f9 | |||
| 149fd5d8de | |||
| f3f02d8aed | |||
| 781c99f257 | |||
| b77f780993 | |||
| 22964837e9 | |||
| 7566802a08 | |||
| 4c3867718e |
+15
@@ -0,0 +1,15 @@
|
||||
target
|
||||
.gradle
|
||||
build/
|
||||
.idea
|
||||
out/
|
||||
*.ipr
|
||||
*.iml
|
||||
*.iws
|
||||
*.log
|
||||
intellij/
|
||||
.settings
|
||||
.classpath
|
||||
.project
|
||||
.DS_Store
|
||||
atlassian-ide-plugin.xml
|
||||
+12
-27
@@ -3,13 +3,13 @@
|
||||
<parent>
|
||||
<artifactId>spring-security-parent</artifactId>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<version>2.0.5-SNAPSHOT</version>
|
||||
<version>2.0.7.RELEASE</version>
|
||||
</parent>
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-acl</artifactId>
|
||||
<name>Spring Security - ACL module</name>
|
||||
<packaging>bundle</packaging>
|
||||
<packaging>jar</packaging>
|
||||
|
||||
<dependencies>
|
||||
<dependency>
|
||||
@@ -51,29 +51,14 @@
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
|
||||
<properties>
|
||||
<spring.osgi.export>
|
||||
org.springframework.security.*;version=${pom.version.osgi}
|
||||
</spring.osgi.export>
|
||||
|
||||
<spring.osgi.import>
|
||||
net.sf.ehcache.*;version="[1.4.1, 2.0.0)";resolution:=optional,
|
||||
org.springframework.security.*;version="[${pom.version.osgi},${pom.version.osgi}]",
|
||||
org.springframework.context.*;version="${spring.version.osgi}",
|
||||
org.springframework.dao.*;version="${spring.version.osgi}";resolution:=optional,
|
||||
org.springframework.jdbc.*;version="${spring.version.osgi}";resolution:=optional,
|
||||
org.springframework.transaction.support.*;version="${spring.version.osgi}";resolution:=optional,
|
||||
org.springframework.util.*;version="${spring.version.osgi}",
|
||||
org.apache.commons.logging.*;version="[1.1.1, 2.0.0)",
|
||||
javax.sql.*
|
||||
</spring.osgi.import>
|
||||
|
||||
<spring.osgi.private.pkg>
|
||||
!org.springframework.security.*
|
||||
</spring.osgi.private.pkg>
|
||||
|
||||
<spring.osgi.symbolic.name>org.springframework.security.acls</spring.osgi.symbolic.name>
|
||||
</properties>
|
||||
|
||||
<!--
|
||||
<build>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<groupId>com.springsource.bundlor</groupId>
|
||||
<artifactId>com.springsource.bundlor.maven</artifactId>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
-->
|
||||
</project>
|
||||
@@ -0,0 +1,19 @@
|
||||
Bundle-SymbolicName: org.springframework.security.acls
|
||||
Bundle-Name: Spring Security Acls
|
||||
Bundle-Vendor: SpringSource
|
||||
Bundle-Version: ${version}
|
||||
Bundle-ManifestVersion: 2
|
||||
Ignored-Existing-Headers:
|
||||
Import-Package,
|
||||
Export-Package
|
||||
Import-Template:
|
||||
org.apache.commons.logging.*;version="[1.0.4, 2.0.0)",
|
||||
org.springframework.security.*;version="[${version}, ${version}]",
|
||||
org.springframework.context.*;version="[2.0.8, 3.1.0)";resolution:=optional,
|
||||
org.springframework.dao.*;version="[2.0.8, 3.1.0)";resolution:=optional,
|
||||
org.springframework.jdbc.core.*;version="[2.0.8, 3.1.0)";resolution:=optional,
|
||||
org.springframework.transaction.support.*;version="[2.0.8, 3.1.0)";resolution:=optional,
|
||||
org.springframework.util.*;version="[2.0.8, 3.1.0)";resolution:=optional,
|
||||
net.sf.ehcache.*;version="[1.4.1, 2.0.0)";resolution:=optional,
|
||||
javax.sql.*;version="0";resolution:=optional
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<parent>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-adapters</artifactId>
|
||||
<version>2.0.5-SNAPSHOT</version>
|
||||
<version>2.0.5.CI-SNAPSHOT</version>
|
||||
</parent>
|
||||
<artifactId>spring-security-catalina</artifactId>
|
||||
<name>Spring Security - Catalina adapter</name>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<parent>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-adapters</artifactId>
|
||||
<version>2.0.5-SNAPSHOT</version>
|
||||
<version>2.0.5.CI-SNAPSHOT</version>
|
||||
</parent>
|
||||
<artifactId>spring-security-jboss</artifactId>
|
||||
<name>Spring Security - JBoss adapter</name>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<parent>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-adapters</artifactId>
|
||||
<version>2.0.5-SNAPSHOT</version>
|
||||
<version>2.0.5.CI-SNAPSHOT</version>
|
||||
</parent>
|
||||
<artifactId>spring-security-jetty</artifactId>
|
||||
<name>Spring Security - Jetty adapter</name>
|
||||
|
||||
+1
-1
@@ -3,7 +3,7 @@
|
||||
<parent>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-parent</artifactId>
|
||||
<version>2.0.5-SNAPSHOT</version>
|
||||
<version>2.0.5.CI-SNAPSHOT</version>
|
||||
</parent>
|
||||
<artifactId>spring-security-adapters</artifactId>
|
||||
<name>Spring Security - Adapters</name>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<parent>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-adapters</artifactId>
|
||||
<version>2.0.5-SNAPSHOT</version>
|
||||
<version>2.0.5.CI-SNAPSHOT</version>
|
||||
</parent>
|
||||
<artifactId>spring-security-resin</artifactId>
|
||||
<name>Spring Security - Resin adapter</name>
|
||||
|
||||
+11
-27
@@ -3,11 +3,11 @@
|
||||
<parent>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-parent</artifactId>
|
||||
<version>2.0.5-SNAPSHOT</version>
|
||||
<version>2.0.7.RELEASE</version>
|
||||
</parent>
|
||||
<artifactId>spring-security-cas-client</artifactId>
|
||||
<name>Spring Security - CAS support</name>
|
||||
<packaging>bundle</packaging>
|
||||
<packaging>jar</packaging>
|
||||
|
||||
<dependencies>
|
||||
<dependency>
|
||||
@@ -38,7 +38,7 @@
|
||||
<dependency>
|
||||
<groupId>org.jasig.cas</groupId>
|
||||
<artifactId>cas-client-core</artifactId>
|
||||
<version>3.1.3</version>
|
||||
<version>3.1.5</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>net.sf.ehcache</groupId>
|
||||
@@ -47,28 +47,12 @@
|
||||
</dependency>
|
||||
</dependencies>
|
||||
|
||||
<properties>
|
||||
<spring.osgi.export>
|
||||
org.springframework.security.*;version=${pom.version.osgi}
|
||||
</spring.osgi.export>
|
||||
|
||||
<spring.osgi.import>
|
||||
org.springframework.security.*;version="[${pom.version.osgi},${pom.version.osgi}]",
|
||||
org.springframework.beans.*;version="${spring.version.osgi}",
|
||||
org.springframework.context.*;version="${spring.version.osgi}",
|
||||
org.springframework.dao.*;version="${spring.version.osgi}";resolution:=optional,
|
||||
org.springframework.util.*;version="${spring.version.osgi}",
|
||||
javax.servlet.*;version="[2.4.0, 3.0.0)";resolution:=optional,
|
||||
net.sf.ehcache.*;version="[1.4.1, 2.0.0)";resolution:=optional,
|
||||
org.apache.commons.logging.*;version="[1.1.1, 2.0.0)",
|
||||
org.jasig.cas.client.*;version="[3.1.3, 4.0.0)"
|
||||
</spring.osgi.import>
|
||||
|
||||
<spring.osgi.private.pkg>
|
||||
!org.springframework.security.*
|
||||
</spring.osgi.private.pkg>
|
||||
|
||||
<spring.osgi.symbolic.name>org.springframework.security.cas</spring.osgi.symbolic.name>
|
||||
</properties>
|
||||
|
||||
<build>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<groupId>com.springsource.bundlor</groupId>
|
||||
<artifactId>com.springsource.bundlor.maven</artifactId>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
</project>
|
||||
@@ -0,0 +1,19 @@
|
||||
Bundle-SymbolicName: org.springframework.security.cas
|
||||
Bundle-Name: Spring Security CAS
|
||||
Bundle-Vendor: SpringSource
|
||||
Bundle-Version: ${version}
|
||||
Bundle-ManifestVersion: 2
|
||||
Ignored-Existing-Headers:
|
||||
Import-Package,
|
||||
Export-Package
|
||||
Import-Template:
|
||||
org.apache.commons.logging.*;version="[1.0.4, 2.0.0)",
|
||||
org.jasig.cas.client.*;version="[3.1.1,3.2)",
|
||||
org.springframework.security.*;version="[${version}, ${version}]",
|
||||
org.springframework.beans.factory;version="[2.0.8, 3.1.0)",
|
||||
org.springframework.context.*;version="[2.0.8, 3.1.0)",
|
||||
org.springframework.dao;version="[2.0.8, 3.1.0)",
|
||||
org.springframework.util;version="[2.0.8, 3.1.0)",
|
||||
net.sf.ehcache.*;version="[1.4.1, 2.0.0)";resolution:=optional,
|
||||
javax.servlet.*;version="0"
|
||||
|
||||
+6
-35
@@ -3,9 +3,9 @@
|
||||
<parent>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-parent</artifactId>
|
||||
<version>2.0.5-SNAPSHOT</version>
|
||||
<version>2.0.7.RELEASE</version>
|
||||
</parent>
|
||||
<packaging>bundle</packaging>
|
||||
<packaging>jar</packaging>
|
||||
<artifactId>spring-security-core-tiger</artifactId>
|
||||
<name>Spring Security - Java 5 (Tiger)</name>
|
||||
|
||||
@@ -59,39 +59,10 @@
|
||||
<target>1.5</target>
|
||||
</configuration>
|
||||
</plugin>
|
||||
<plugin>
|
||||
<groupId>com.springsource.bundlor</groupId>
|
||||
<artifactId>com.springsource.bundlor.maven</artifactId>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
<reporting>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-pmd-plugin</artifactId>
|
||||
<configuration>
|
||||
<targetJdk>1.5</targetJdk>
|
||||
</configuration>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</reporting>
|
||||
|
||||
<properties>
|
||||
<spring.osgi.export>
|
||||
org.springframework.security.*;version=${pom.version}
|
||||
</spring.osgi.export>
|
||||
|
||||
<spring.osgi.import>
|
||||
javax.annotation.*;version="[1.0.0, 2.0.0)",
|
||||
org.springframework.security.*;version="[${pom.version.osgi},${pom.version.osgi}]",
|
||||
org.springframework.core.*;version="${spring.version.osgi}"
|
||||
</spring.osgi.import>
|
||||
|
||||
<spring.osgi.private.pkg>
|
||||
!org.springframework.security.*
|
||||
</spring.osgi.private.pkg>
|
||||
|
||||
<spring.osgi.include.res>
|
||||
src/main/resources
|
||||
</spring.osgi.include.res>
|
||||
|
||||
<spring.osgi.symbolic.name>org.springframework.security.annotation</spring.osgi.symbolic.name>
|
||||
</properties>
|
||||
</project>
|
||||
|
||||
@@ -0,0 +1,12 @@
|
||||
Bundle-SymbolicName: org.springframework.security.annotation
|
||||
Bundle-Name: Spring Security Annotations
|
||||
Bundle-Vendor: SpringSource
|
||||
Bundle-Version: ${version}
|
||||
Bundle-ManifestVersion: 2
|
||||
Ignored-Existing-Headers:
|
||||
Import-Package,
|
||||
Export-Package
|
||||
Import-Template:
|
||||
javax.annotation.security.*;version="0";resolution:=optional,
|
||||
org.springframework.security.*;version="[${version},${version}]",
|
||||
org.springframework.core.*;version="[2.0.8, 3.1.0)"
|
||||
Executable
+11
@@ -0,0 +1,11 @@
|
||||
#! /bin/sh
|
||||
|
||||
pushd src/main/resources/org/springframework/security/config/
|
||||
|
||||
echo "Converting rnc file to xsd ..."
|
||||
java -jar ~/bin/trang.jar spring-security-2.0.6.rnc spring-security-2.0.6.xsd
|
||||
|
||||
echo "Applying XSL transformation to xsd ..."
|
||||
xsltproc --output spring-security-2.0.6.xsd spring-security.xsl spring-security-2.0.6.xsd
|
||||
|
||||
popd
|
||||
+33
-72
@@ -3,9 +3,9 @@
|
||||
<parent>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-parent</artifactId>
|
||||
<version>2.0.5-SNAPSHOT</version>
|
||||
<version>2.0.7.RELEASE</version>
|
||||
</parent>
|
||||
<packaging>bundle</packaging>
|
||||
<packaging>jar</packaging>
|
||||
<artifactId>spring-security-core</artifactId>
|
||||
<name>Spring Security - Core</name>
|
||||
|
||||
@@ -47,27 +47,27 @@
|
||||
<artifactId>spring-mock</artifactId>
|
||||
<optional>true</optional>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.aspectj</groupId>
|
||||
<artifactId>aspectjrt</artifactId>
|
||||
<optional>true</optional>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.aspectj</groupId>
|
||||
<artifactId>aspectjweaver</artifactId>
|
||||
<optional>true</optional>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.aspectj</groupId>
|
||||
<artifactId>aspectjrt</artifactId>
|
||||
<optional>true</optional>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.aspectj</groupId>
|
||||
<artifactId>aspectjweaver</artifactId>
|
||||
<optional>true</optional>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.ldap</groupId>
|
||||
<artifactId>spring-ldap</artifactId>
|
||||
<optional>true</optional>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>cglib</groupId>
|
||||
<artifactId>cglib-nodep</artifactId>
|
||||
<scope>test</scope>
|
||||
<optional>true</optional>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>cglib</groupId>
|
||||
<artifactId>cglib-nodep</artifactId>
|
||||
<scope>test</scope>
|
||||
<optional>true</optional>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>net.sf.ehcache</groupId>
|
||||
<artifactId>ehcache</artifactId>
|
||||
@@ -95,7 +95,7 @@
|
||||
<artifactId>jaxen</artifactId>
|
||||
<version>1.1.1</version>
|
||||
<optional>true</optional>
|
||||
</dependency>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>javax.servlet</groupId>
|
||||
<artifactId>servlet-api</artifactId>
|
||||
@@ -135,64 +135,25 @@
|
||||
<version>1.0.1</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.mockito</groupId>
|
||||
<artifactId>mockito-all</artifactId>
|
||||
<version>1.8.5</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>log4j</groupId>
|
||||
<artifactId>log4j</artifactId>
|
||||
<optional>true</optional>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
|
||||
<properties>
|
||||
<spring.osgi.export>
|
||||
org.springframework.security.*;version=${pom.version}
|
||||
</spring.osgi.export>
|
||||
|
||||
<spring.osgi.import>
|
||||
!com.ibm.websphere.security,
|
||||
javax.servlet.*;version="[2.4.0, 3.0.0)";resolution:=optional,
|
||||
net.sf.ehcache.*;version="[1.4.1, 2.0.0)";resolution:=optional,
|
||||
org.aopalliance.*;version="[1.0.0, 2.0.0)",
|
||||
org.apache.commons.codec.*;version="[1.3.0, 2.0.0)",
|
||||
org.apache.commons.collections.*;version="[3.2.0, 4.0.0)",
|
||||
org.apache.commons.lang.*;version="[2.1.0, 3.0.0)",
|
||||
org.apache.commons.logging.*;version="[1.1.1, 2.0.0)",
|
||||
org.apache.directory.server.configuration.*;version="[1.0.2, 2.0.0)";resolution:=optional,
|
||||
org.apache.directory.server.core.*;version="[1.0.2, 2.0.0)";resolution:=optional,
|
||||
org.apache.directory.server.protocol.*;version="[1.0.2, 2.0.0)";resolution:=optional,
|
||||
org.aspectj.*;version="[1.5.4, 2.0.0)";resolution:=optional,
|
||||
org.jaxen.*;version="[1.1.1, 2.0.0)";resolution:=optional,
|
||||
org.springframework.aop.*;version="${spring.version.osgi}",
|
||||
org.springframework.beans.*;version="${spring.version.osgi}",
|
||||
org.springframework.context.*;version="${spring.version.osgi}",
|
||||
org.springframework.core.*;version="${spring.version.osgi}",
|
||||
org.springframework.dao.*;version="${spring.version.osgi}";resolution:=optional,
|
||||
org.springframework.jdbc.*;version="${spring.version.osgi}";resolution:=optional,
|
||||
org.springframework.ldap.*;version="[1.2.1.A, 2.0.0)";resolution:=optional,
|
||||
org.springframework.metadata.*;version="${spring.version.osgi}",
|
||||
org.springframework.mock.*;version="${spring.version.osgi}";resolution:=optional,
|
||||
org.springframework.remoting.*;version="${spring.version.osgi}";resolution:=optional,
|
||||
org.springframework.util.*;version="${spring.version.osgi}",
|
||||
org.springframework.web.*;version="${spring.version.osgi}";resolution:=optional,
|
||||
javax.crypto.*,
|
||||
javax.naming.*,
|
||||
javax.rmi.*,
|
||||
javax.security.*,
|
||||
javax.sql.*,
|
||||
javax.xml.parsers.*,
|
||||
org.w3c.dom.*,
|
||||
org.xml.sax.*,
|
||||
*;resolution:=optional
|
||||
</spring.osgi.import>
|
||||
|
||||
<spring.osgi.private.pkg>
|
||||
!org.springframework.security.*
|
||||
</spring.osgi.private.pkg>
|
||||
<!--
|
||||
<spring.osgi.include.res>
|
||||
src/main/resources
|
||||
</spring.osgi.include.res>
|
||||
-->
|
||||
<spring.osgi.symbolic.name>org.springframework.security.core</spring.osgi.symbolic.name>
|
||||
</properties>
|
||||
|
||||
<build>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<groupId>com.springsource.bundlor</groupId>
|
||||
<artifactId>com.springsource.bundlor.maven</artifactId>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
</project>
|
||||
|
||||
@@ -26,7 +26,7 @@ public abstract class AuthenticationException extends SpringSecurityException {
|
||||
//~ Instance fields ================================================================================================
|
||||
|
||||
private Authentication authentication;
|
||||
private Object extraInformation;
|
||||
private transient Object extraInformation;
|
||||
|
||||
//~ Constructors ===================================================================================================
|
||||
|
||||
|
||||
@@ -10,34 +10,35 @@ abstract class Elements {
|
||||
|
||||
public static final String AUTHENTICATION_MANAGER = "authentication-manager";
|
||||
public static final String USER_SERVICE = "user-service";
|
||||
public static final String JDBC_USER_SERVICE = "jdbc-user-service";
|
||||
public static final String FILTER_CHAIN_MAP = "filter-chain-map";
|
||||
public static final String INTERCEPT_METHODS = "intercept-methods";
|
||||
public static final String INTERCEPT_URL = "intercept-url";
|
||||
public static final String AUTHENTICATION_PROVIDER = "authentication-provider";
|
||||
public static final String HTTP = "http";
|
||||
public static final String LDAP_PROVIDER = "ldap-authentication-provider";
|
||||
public static final String LDAP_SERVER = "ldap-server";
|
||||
public static final String JDBC_USER_SERVICE = "jdbc-user-service";
|
||||
public static final String FILTER_CHAIN_MAP = "filter-chain-map";
|
||||
public static final String INTERCEPT_METHODS = "intercept-methods";
|
||||
public static final String INTERCEPT_URL = "intercept-url";
|
||||
public static final String AUTHENTICATION_PROVIDER = "authentication-provider";
|
||||
public static final String HTTP = "http";
|
||||
public static final String LDAP_PROVIDER = "ldap-authentication-provider";
|
||||
public static final String LDAP_SERVER = "ldap-server";
|
||||
public static final String LDAP_USER_SERVICE = "ldap-user-service";
|
||||
public static final String PROTECT_POINTCUT = "protect-pointcut";
|
||||
public static final String PROTECT = "protect";
|
||||
public static final String CONCURRENT_SESSIONS = "concurrent-session-control";
|
||||
public static final String LOGOUT = "logout";
|
||||
public static final String FORM_LOGIN = "form-login";
|
||||
public static final String OPENID_LOGIN = "openid-login";
|
||||
public static final String BASIC_AUTH = "http-basic";
|
||||
public static final String REMEMBER_ME = "remember-me";
|
||||
public static final String ANONYMOUS = "anonymous";
|
||||
public static final String FILTER_CHAIN = "filter-chain";
|
||||
public static final String GLOBAL_METHOD_SECURITY = "global-method-security";
|
||||
public static final String PASSWORD_ENCODER = "password-encoder";
|
||||
public static final String SALT_SOURCE = "salt-source";
|
||||
public static final String PORT_MAPPINGS = "port-mappings";
|
||||
public static final String CONCURRENT_SESSIONS = "concurrent-session-control";
|
||||
public static final String LOGOUT = "logout";
|
||||
public static final String FORM_LOGIN = "form-login";
|
||||
public static final String OPENID_LOGIN = "openid-login";
|
||||
public static final String BASIC_AUTH = "http-basic";
|
||||
public static final String REMEMBER_ME = "remember-me";
|
||||
public static final String ANONYMOUS = "anonymous";
|
||||
public static final String FILTER_CHAIN = "filter-chain";
|
||||
public static final String GLOBAL_METHOD_SECURITY = "global-method-security";
|
||||
public static final String PASSWORD_ENCODER = "password-encoder";
|
||||
public static final String SALT_SOURCE = "salt-source";
|
||||
public static final String PORT_MAPPINGS = "port-mappings";
|
||||
public static final String PORT_MAPPING = "port-mapping";
|
||||
public static final String CUSTOM_FILTER = "custom-filter";
|
||||
public static final String CUSTOM_AUTH_PROVIDER = "custom-authentication-provider";
|
||||
public static final String CUSTOM_AFTER_INVOCATION_PROVIDER = "custom-after-invocation-provider";
|
||||
public static final String CUSTOM_AFTER_INVOCATION_PROVIDER = "custom-after-invocation-provider";
|
||||
public static final String X509 = "x509";
|
||||
public static final String FILTER_INVOCATION_DEFINITION_SOURCE = "filter-invocation-definition-source";
|
||||
public static final String FILTER_INVOCATION_DEFINITION_SOURCE = "filter-invocation-definition-source";
|
||||
public static final String LDAP_PASSWORD_COMPARE = "password-compare";
|
||||
public static final String HTTP_FIREWALL = "http-firewall";
|
||||
}
|
||||
|
||||
+31
@@ -0,0 +1,31 @@
|
||||
package org.springframework.security.config;
|
||||
|
||||
import org.springframework.beans.factory.config.BeanDefinition;
|
||||
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
|
||||
import org.springframework.beans.factory.xml.BeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.w3c.dom.Element;
|
||||
|
||||
/**
|
||||
* Injects the supplied {@code HttpFirewall} bean reference into the {@code FilterChainProxy}.
|
||||
*
|
||||
* @author Luke Taylor
|
||||
*/
|
||||
public class HttpFirewallBeanDefinitionParser implements BeanDefinitionParser {
|
||||
|
||||
public BeanDefinition parse(Element element, ParserContext pc) {
|
||||
String ref = element.getAttribute("ref");
|
||||
|
||||
if (!StringUtils.hasText(ref)) {
|
||||
pc.getReaderContext().error("ref attribute is required", pc.extractSource(element));
|
||||
}
|
||||
|
||||
BeanDefinitionBuilder injector = BeanDefinitionBuilder.rootBeanDefinition(HttpFirewallInjectionBeanPostProcessor.class);
|
||||
injector.addConstructorArg(ref);
|
||||
|
||||
pc.getReaderContext().registerWithGeneratedName(injector.getBeanDefinition());
|
||||
|
||||
return null;
|
||||
}
|
||||
}
|
||||
+40
@@ -0,0 +1,40 @@
|
||||
package org.springframework.security.config;
|
||||
|
||||
import org.springframework.beans.BeansException;
|
||||
import org.springframework.beans.factory.BeanFactory;
|
||||
import org.springframework.beans.factory.BeanFactoryAware;
|
||||
import org.springframework.beans.factory.config.BeanPostProcessor;
|
||||
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
|
||||
import org.springframework.security.config.BeanIds;
|
||||
import org.springframework.security.util.FilterChainProxy;
|
||||
import org.springframework.security.firewall.HttpFirewall;
|
||||
|
||||
/**
|
||||
* @author Luke Taylor
|
||||
*/
|
||||
public class HttpFirewallInjectionBeanPostProcessor implements BeanPostProcessor, BeanFactoryAware {
|
||||
private ConfigurableListableBeanFactory beanFactory;
|
||||
private String ref;
|
||||
|
||||
public HttpFirewallInjectionBeanPostProcessor(String ref) {
|
||||
this.ref = ref;
|
||||
}
|
||||
|
||||
public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException {
|
||||
if (BeanIds.FILTER_CHAIN_PROXY.equals(beanName)) {
|
||||
HttpFirewall fw = (HttpFirewall) beanFactory.getBean(ref);
|
||||
((FilterChainProxy)bean).setFirewall(fw);
|
||||
}
|
||||
|
||||
return bean;
|
||||
}
|
||||
|
||||
public Object postProcessAfterInitialization(Object bean, String beanName) throws BeansException {
|
||||
return bean;
|
||||
}
|
||||
|
||||
|
||||
public void setBeanFactory(BeanFactory beanFactory) throws BeansException {
|
||||
this.beanFactory = (ConfigurableListableBeanFactory) beanFactory;
|
||||
}
|
||||
}
|
||||
@@ -24,6 +24,7 @@ public class SecurityNamespaceHandler extends NamespaceHandlerSupport {
|
||||
registerBeanDefinitionParser(Elements.GLOBAL_METHOD_SECURITY, new GlobalMethodSecurityBeanDefinitionParser());
|
||||
registerBeanDefinitionParser(Elements.AUTHENTICATION_MANAGER, new AuthenticationManagerBeanDefinitionParser());
|
||||
registerBeanDefinitionParser(Elements.FILTER_INVOCATION_DEFINITION_SOURCE, new FilterInvocationDefinitionSourceBeanDefinitionParser());
|
||||
registerBeanDefinitionParser(Elements.HTTP_FIREWALL, new HttpFirewallBeanDefinitionParser());
|
||||
|
||||
// Decorators
|
||||
registerBeanDefinitionDecorator(Elements.INTERCEPT_METHODS, new InterceptMethodsBeanDefinitionDecorator());
|
||||
|
||||
+46
-35
@@ -15,33 +15,30 @@
|
||||
|
||||
package org.springframework.security.context.rmi;
|
||||
|
||||
import org.springframework.security.context.SecurityContext;
|
||||
import org.springframework.security.context.SecurityContextHolder;
|
||||
|
||||
import org.aopalliance.intercept.MethodInvocation;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
|
||||
import org.springframework.remoting.support.RemoteInvocation;
|
||||
import org.springframework.security.Authentication;
|
||||
import org.springframework.security.context.SecurityContextHolder;
|
||||
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
|
||||
|
||||
import java.lang.reflect.InvocationTargetException;
|
||||
|
||||
|
||||
/**
|
||||
* The actual <code>RemoteInvocation</code> that is passed from the client to the server, which contains the
|
||||
* contents of {@link SecurityContextHolder}, being a {@link SecurityContext} object.<p>When constructed on the
|
||||
* client via {@link org.springframework.security.context.rmi.ContextPropagatingRemoteInvocationFactory}, the contents of the
|
||||
* <code>SecurityContext</code> are stored inside the object. The object is then passed to the server that is
|
||||
* processing the remote invocation. Upon the server invoking the remote invocation, it will retrieve the passed
|
||||
* contents of the <code>SecurityContextHolder</code> and set them to the server-side
|
||||
* <code>SecurityContextHolder</code> whilst the target object is invoked. When the target invocation has been
|
||||
* completed, the server-side <code>SecurityContextHolder</code> will be reset to a new instance of
|
||||
* <code>SecurityContextImpl</code>.</p>
|
||||
* The actual {@code RemoteInvocation} that is passed from the client to the server.
|
||||
* <p>
|
||||
* The principal and credentials information will be extracted from the current
|
||||
* security context and passed to the server as part of the invocation object.
|
||||
* <p>
|
||||
* To avoid potential serialization-based attacks, this implementation interprets the values as {@code String}s
|
||||
* and creates a {@code UsernamePasswordAuthenticationToken} on the server side to hold them. If a different
|
||||
* token type is required you can override the {@code createAuthenticationRequest} method.
|
||||
*
|
||||
* @author James Monaghan
|
||||
* @author Ben Alex
|
||||
* @version $Id$
|
||||
* @author Luke Taylor
|
||||
*/
|
||||
public class ContextPropagatingRemoteInvocation extends RemoteInvocation {
|
||||
//~ Static fields/initializers =====================================================================================
|
||||
@@ -50,33 +47,40 @@ public class ContextPropagatingRemoteInvocation extends RemoteInvocation {
|
||||
|
||||
//~ Instance fields ================================================================================================
|
||||
|
||||
private SecurityContext securityContext;
|
||||
private final String principal;
|
||||
private final String credentials;
|
||||
|
||||
//~ Constructors ===================================================================================================
|
||||
|
||||
/**
|
||||
* Constructs the object, storing the value of the client-side
|
||||
* <code>SecurityContextHolder</code> inside the object.
|
||||
/**
|
||||
* Constructs the object, storing the principal and credentials extracted from the client-side
|
||||
* security context.
|
||||
*
|
||||
* @param methodInvocation the method to invoke
|
||||
*/
|
||||
public ContextPropagatingRemoteInvocation(MethodInvocation methodInvocation) {
|
||||
super(methodInvocation);
|
||||
securityContext = SecurityContextHolder.getContext();
|
||||
Authentication currentUser = SecurityContextHolder.getContext().getAuthentication();
|
||||
|
||||
if (currentUser != null) {
|
||||
principal = currentUser.getPrincipal().toString();
|
||||
credentials = currentUser.getCredentials().toString();
|
||||
} else {
|
||||
principal = credentials = null;
|
||||
}
|
||||
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("RemoteInvocation now has SecurityContext: " + securityContext);
|
||||
logger.debug("RemoteInvocation now has principal: " + principal);
|
||||
}
|
||||
}
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
/**
|
||||
* Invoked on the server-side as described in the class JavaDocs.<p>Invocations will always have their
|
||||
* {@link org.springframework.security.Authentication#setAuthenticated(boolean)} set to <code>false</code>, which is
|
||||
* guaranteed to always be accepted by <code>Authentication</code> implementations. This ensures that even
|
||||
* remotely authenticated <code>Authentication</code>s will be untrusted by the server-side, which is an
|
||||
* appropriate security measure.</p>
|
||||
* Invoked on the server-side.
|
||||
* <p>
|
||||
* The transmitted principal and credentials will be used to create an unauthenticated {@code Authentication}
|
||||
* instance for processing by the {@code AuthenticationManager}.
|
||||
*
|
||||
* @param targetObject the target object to apply the invocation to
|
||||
*
|
||||
@@ -87,16 +91,16 @@ public class ContextPropagatingRemoteInvocation extends RemoteInvocation {
|
||||
* @throws InvocationTargetException if the method invocation resulted in an exception
|
||||
*/
|
||||
public Object invoke(Object targetObject)
|
||||
throws NoSuchMethodException, IllegalAccessException, InvocationTargetException {
|
||||
SecurityContextHolder.setContext(securityContext);
|
||||
throws NoSuchMethodException, IllegalAccessException, InvocationTargetException {
|
||||
|
||||
if ((SecurityContextHolder.getContext() != null)
|
||||
&& (SecurityContextHolder.getContext().getAuthentication() != null)) {
|
||||
SecurityContextHolder.getContext().getAuthentication().setAuthenticated(false);
|
||||
}
|
||||
if (principal != null) {
|
||||
Authentication request = createAuthenticationRequest(principal, credentials);
|
||||
request.setAuthenticated(false);
|
||||
SecurityContextHolder.getContext().setAuthentication(request);
|
||||
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Set SecurityContextHolder to contain: " + securityContext);
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Set SecurityContextHolder to contain: " + request);
|
||||
}
|
||||
}
|
||||
|
||||
try {
|
||||
@@ -105,8 +109,15 @@ public class ContextPropagatingRemoteInvocation extends RemoteInvocation {
|
||||
SecurityContextHolder.clearContext();
|
||||
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Set SecurityContext to new instance of SecurityContextImpl");
|
||||
logger.debug("Cleared SecurityContextHolder.");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates the server-side authentication request object.
|
||||
*/
|
||||
protected Authentication createAuthenticationRequest(String principal, String credentials) {
|
||||
return new UsernamePasswordAuthenticationToken(principal, credentials);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -0,0 +1,67 @@
|
||||
package org.springframework.security.firewall;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
/**
|
||||
* Default implementation which wraps requests in order to provide consistent values of the {@code servletPath} and
|
||||
* {@code pathInfo}, which do not contain path parameters (as defined in
|
||||
* <a href="http://www.ietf.org/rfc/rfc2396.txt">RFC 2396</a>). Different servlet containers
|
||||
* interpret the servlet spec differently as to how path parameters are treated and it is possible they might be added
|
||||
* in order to bypass particular security constraints. When using this implementation, they will be removed for all
|
||||
* requests as the request passes through the security filter chain. Note that this means that any segments in the
|
||||
* decoded path which contain a semi-colon, will have the part following the semi-colon removed for
|
||||
* request matching. Your application should not contain any valid paths which contain semi-colons.
|
||||
* <p>
|
||||
* If any un-normalized paths are found (containing directory-traversal character sequences), the request will be
|
||||
* rejected immediately. Most containers normalize the paths before performing the servlet-mapping, but again this is
|
||||
* not guaranteed by the servlet spec.
|
||||
*
|
||||
* @author Luke Taylor
|
||||
*/
|
||||
public class DefaultHttpFirewall implements HttpFirewall {
|
||||
|
||||
public FirewalledRequest getFirewalledRequest(HttpServletRequest request) throws RequestRejectedException {
|
||||
FirewalledRequest fwr = new RequestWrapper(request);
|
||||
|
||||
if (!isNormalized(fwr.getServletPath()) || !isNormalized(fwr.getPathInfo())) {
|
||||
throw new RequestRejectedException("Un-normalized paths are not supported: " + fwr.getServletPath() +
|
||||
(fwr.getPathInfo() != null ? fwr.getPathInfo() : ""));
|
||||
}
|
||||
|
||||
return fwr;
|
||||
}
|
||||
|
||||
public HttpServletResponse getFirewalledResponse(HttpServletResponse response) {
|
||||
return new FirewalledResponse(response);
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks whether a path is normalized (doesn't contain path traversal sequences like "./", "/../" or "/.")
|
||||
*
|
||||
* @param path the path to test
|
||||
* @return true if the path doesn't contain any path-traversal character sequences.
|
||||
*/
|
||||
private boolean isNormalized(String path) {
|
||||
if (path == null) {
|
||||
return true;
|
||||
}
|
||||
|
||||
for (int j = path.length(); j > 0;) {
|
||||
int i = path.lastIndexOf('/', j - 1);
|
||||
int gap = j - i;
|
||||
|
||||
if (gap == 2 && path.charAt(i+1) == '.') {
|
||||
// ".", "/./" or "/."
|
||||
return false;
|
||||
} else if (gap == 3 && path.charAt(i+1) == '.'&& path.charAt(i+2) == '.') {
|
||||
return false;
|
||||
}
|
||||
|
||||
j = i;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,34 @@
|
||||
package org.springframework.security.firewall;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletRequestWrapper;
|
||||
|
||||
/**
|
||||
* Request wrapper which is returned by the {@code HttpFirewall} interface.
|
||||
* <p>
|
||||
* The only difference is the {@code reset} method which allows some
|
||||
* or all of the state to be reset by the {@code FilterChainProxy} when the
|
||||
* request leaves the security filter chain.
|
||||
*
|
||||
* @author Luke Taylor
|
||||
*/
|
||||
public abstract class FirewalledRequest extends HttpServletRequestWrapper {
|
||||
/**
|
||||
* Constructs a request object wrapping the given request.
|
||||
*
|
||||
* @throws IllegalArgumentException if the request is null
|
||||
*/
|
||||
public FirewalledRequest(HttpServletRequest request) {
|
||||
super(request);
|
||||
}
|
||||
|
||||
/**
|
||||
* This method will be called once the request has passed through the
|
||||
* security filter chain, when it is about to proceed to the application
|
||||
* proper.
|
||||
* <p>
|
||||
* An implementation can thus choose to modify the state of the request
|
||||
* for the security infrastructure, while still maintaining the
|
||||
*/
|
||||
public abstract void reset();
|
||||
}
|
||||
@@ -0,0 +1,26 @@
|
||||
package org.springframework.security.firewall;
|
||||
|
||||
import javax.servlet.http.HttpServletResponseWrapper;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import java.io.IOException;
|
||||
import java.util.regex.Pattern;
|
||||
|
||||
/**
|
||||
* @author Luke Taylor
|
||||
*/
|
||||
class FirewalledResponse extends HttpServletResponseWrapper {
|
||||
Pattern CR_OR_LF = Pattern.compile("\\r|\\n");
|
||||
|
||||
public FirewalledResponse(HttpServletResponse response) {
|
||||
super(response);
|
||||
}
|
||||
|
||||
public void sendRedirect(String location) throws IOException {
|
||||
// TODO: implement pluggable validation, instead of simple blacklisting.
|
||||
// SEC-1790. Prevent redirects containing CRLF
|
||||
if (CR_OR_LF.matcher(location).find()) {
|
||||
throw new IllegalArgumentException("Invalid characters (CR/LF) in redirect location");
|
||||
}
|
||||
super.sendRedirect(location);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,32 @@
|
||||
package org.springframework.security.firewall;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
/**
|
||||
* Interface which can be used to reject potentially dangerous requests and/or wrap them to
|
||||
* control their behaviour.
|
||||
* <p>
|
||||
* The implementation is injected into the {@code FilterChainProxy} and will be invoked before
|
||||
* sending any request through the filter chain. It can also provide a response wrapper if the response
|
||||
* behaviour should also be restricted.
|
||||
*
|
||||
* @author Luke Taylor
|
||||
*/
|
||||
public interface HttpFirewall {
|
||||
|
||||
/**
|
||||
* Provides the request object which will be passed through the filter chain.
|
||||
*
|
||||
* @throws RequestRejectedException if the request should be rejected immediately
|
||||
*/
|
||||
FirewalledRequest getFirewalledRequest(HttpServletRequest request) throws RequestRejectedException;
|
||||
|
||||
/**
|
||||
* Provides the response which will be passed through the filter chain.
|
||||
*
|
||||
* @param response the original response
|
||||
* @return either the original response or a replacement/wrapper.
|
||||
*/
|
||||
HttpServletResponse getFirewalledResponse(HttpServletResponse response);
|
||||
}
|
||||
+10
@@ -0,0 +1,10 @@
|
||||
package org.springframework.security.firewall;
|
||||
|
||||
/**
|
||||
* @author Luke Taylor
|
||||
*/
|
||||
public class RequestRejectedException extends RuntimeException {
|
||||
public RequestRejectedException(String message) {
|
||||
super(message);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,140 @@
|
||||
package org.springframework.security.firewall;
|
||||
|
||||
import javax.servlet.RequestDispatcher;
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.ServletRequest;
|
||||
import javax.servlet.ServletResponse;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.*;
|
||||
|
||||
/**
|
||||
* Request wrapper which ensures values of {@code servletPath} and {@code pathInfo} are returned which are suitable for
|
||||
* pattern matching against. It strips out path parameters and extra consecutive '/' characters.
|
||||
*
|
||||
* <h3>Path Parameters</h3>
|
||||
* Parameters (as defined in <a href="http://www.ietf.org/rfc/rfc2396.txt">RFC 2396</a>) are stripped from the path
|
||||
* segments of the {@code servletPath} and {@code pathInfo} values of the request.
|
||||
* <p>
|
||||
* The parameter sequence is demarcated by a semi-colon, so each segment is checked for the occurrence of a ";"
|
||||
* character and truncated at that point if it is present.
|
||||
* <p>
|
||||
* The behaviour differs between servlet containers in how they interpret the servlet spec, which
|
||||
* does not clearly state what the behaviour should be. For consistency, we make sure they are always removed, to
|
||||
* avoid the risk of URL matching rules being bypassed by the malicious addition of parameters to the path component.
|
||||
*
|
||||
* @author Luke Taylor
|
||||
*/
|
||||
final class RequestWrapper extends FirewalledRequest {
|
||||
private final String strippedServletPath;
|
||||
private final String strippedPathInfo;
|
||||
private boolean stripPaths = true;
|
||||
|
||||
public RequestWrapper(HttpServletRequest request) {
|
||||
super(request);
|
||||
strippedServletPath = strip(request.getServletPath());
|
||||
String pathInfo = strip(request.getPathInfo());
|
||||
if (pathInfo != null && pathInfo.length() == 0) {
|
||||
pathInfo = null;
|
||||
}
|
||||
strippedPathInfo = pathInfo;
|
||||
}
|
||||
|
||||
/**
|
||||
* Removes path parameters from each path segment in the supplied path and truncates sequences of multiple '/'
|
||||
* characters to a single '/'.
|
||||
*
|
||||
* @param path either the {@code servletPath} and {@code pathInfo} from the original request
|
||||
*
|
||||
* @return the supplied value, with path parameters removed and sequences of multiple '/' characters truncated,
|
||||
* or null if the supplied path was null.
|
||||
*/
|
||||
private String strip(String path) {
|
||||
if (path == null) {
|
||||
return null;
|
||||
}
|
||||
|
||||
int scIndex = path.indexOf(';');
|
||||
|
||||
if (scIndex < 0) {
|
||||
int doubleSlashIndex = path.indexOf("//");
|
||||
if (doubleSlashIndex < 0) {
|
||||
// Most likely case, no parameters in any segment and no '//', so no stripping required
|
||||
return path;
|
||||
}
|
||||
}
|
||||
|
||||
StringTokenizer st = new StringTokenizer(path, "/");
|
||||
StringBuilder stripped = new StringBuilder(path.length());
|
||||
|
||||
if (path.charAt(0) == '/') {
|
||||
stripped.append('/');
|
||||
}
|
||||
|
||||
while(st.hasMoreTokens()) {
|
||||
String segment = st.nextToken();
|
||||
scIndex = segment.indexOf(';');
|
||||
|
||||
if (scIndex >= 0) {
|
||||
segment = segment.substring(0, scIndex);
|
||||
}
|
||||
stripped.append(segment).append('/');
|
||||
}
|
||||
|
||||
// Remove the trailing slash if the original path didn't have one
|
||||
if (path.charAt(path.length() - 1) != '/') {
|
||||
stripped.deleteCharAt(stripped.length() - 1);
|
||||
}
|
||||
|
||||
return stripped.toString();
|
||||
}
|
||||
|
||||
public String getPathInfo() {
|
||||
return stripPaths ? strippedPathInfo : super.getPathInfo();
|
||||
}
|
||||
|
||||
public String getServletPath() {
|
||||
return stripPaths ? strippedServletPath : super.getServletPath();
|
||||
}
|
||||
|
||||
public RequestDispatcher getRequestDispatcher(String path) {
|
||||
return this.stripPaths ? new FirewalledRequestAwareRequestDispatcher(path) : super.getRequestDispatcher(path);
|
||||
}
|
||||
|
||||
public void reset() {
|
||||
this.stripPaths = false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Ensures {@link FirewalledRequest#reset()} is called prior to performing a forward. It then delegates work to the
|
||||
* {@link RequestDispatcher} from the original {@link HttpServletRequest}.
|
||||
*
|
||||
* @author Rob Winch
|
||||
*/
|
||||
private class FirewalledRequestAwareRequestDispatcher implements RequestDispatcher {
|
||||
private final String path;
|
||||
|
||||
/**
|
||||
*
|
||||
* @param path the {@code path} that will be used to obtain the delegate {@link RequestDispatcher} from the
|
||||
* original {@link HttpServletRequest}.
|
||||
*/
|
||||
public FirewalledRequestAwareRequestDispatcher(String path) {
|
||||
this.path = path;
|
||||
}
|
||||
|
||||
public void forward(ServletRequest request, ServletResponse response) throws ServletException, IOException {
|
||||
reset();
|
||||
getDelegateDispatcher().forward(request, response);
|
||||
}
|
||||
|
||||
public void include(ServletRequest request, ServletResponse response) throws ServletException, IOException {
|
||||
getDelegateDispatcher().include(request, response);
|
||||
}
|
||||
|
||||
private RequestDispatcher getDelegateDispatcher() {
|
||||
return RequestWrapper.super.getRequestDispatcher(path);
|
||||
}
|
||||
}
|
||||
}
|
||||
+16
-9
@@ -26,8 +26,10 @@ import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
import org.springframework.security.RunAsManager;
|
||||
|
||||
import org.springframework.security.context.SecurityContext;
|
||||
import org.springframework.security.context.SecurityContextHolder;
|
||||
|
||||
import org.springframework.security.context.SecurityContextImpl;
|
||||
import org.springframework.security.event.authorization.AuthenticationCredentialsNotFoundEvent;
|
||||
import org.springframework.security.event.authorization.AuthorizationFailureEvent;
|
||||
import org.springframework.security.event.authorization.AuthorizedEvent;
|
||||
@@ -110,7 +112,7 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
|
||||
protected static final Log logger = LogFactory.getLog(AbstractSecurityInterceptor.class);
|
||||
|
||||
//~ Instance fields ================================================================================================
|
||||
|
||||
|
||||
protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
|
||||
private ApplicationEventPublisher eventPublisher;
|
||||
private AccessDecisionManager accessDecisionManager;
|
||||
@@ -140,21 +142,22 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
|
||||
|
||||
if (token.isContextHolderRefreshRequired()) {
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Reverting to original Authentication: " + token.getAuthentication().toString());
|
||||
logger.debug("Reverting to original Authentication: " + token.getSecurityContext().getAuthentication());
|
||||
}
|
||||
|
||||
SecurityContextHolder.getContext().setAuthentication(token.getAuthentication());
|
||||
SecurityContextHolder.setContext(token.getSecurityContext());
|
||||
}
|
||||
|
||||
if (afterInvocationManager != null) {
|
||||
// Attempt after invocation handling
|
||||
try {
|
||||
returnedObject = afterInvocationManager.decide(token.getAuthentication(), token.getSecureObject(),
|
||||
returnedObject = afterInvocationManager.decide(token.getSecurityContext().getAuthentication(),
|
||||
token.getSecureObject(),
|
||||
token.getAttr(), returnedObject);
|
||||
}
|
||||
catch (AccessDeniedException accessDeniedException) {
|
||||
AuthorizationFailureEvent event = new AuthorizationFailureEvent(token.getSecureObject(), token
|
||||
.getAttr(), token.getAuthentication(), accessDeniedException);
|
||||
.getAttr(), token.getSecurityContext().getAuthentication(), accessDeniedException);
|
||||
publishEvent(event);
|
||||
|
||||
throw accessDeniedException;
|
||||
@@ -285,16 +288,20 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
|
||||
}
|
||||
|
||||
// no further work post-invocation
|
||||
return new InterceptorStatusToken(authenticated, false, attr, object);
|
||||
return new InterceptorStatusToken(SecurityContextHolder.getContext(), false, attr, object);
|
||||
} else {
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Switching to RunAs Authentication: " + runAs);
|
||||
}
|
||||
|
||||
SecurityContextHolder.getContext().setAuthentication(runAs);
|
||||
SecurityContext originalContext = SecurityContextHolder.getContext();
|
||||
SecurityContext runAsContext = new SecurityContextImpl();
|
||||
runAsContext.setAuthentication(runAs);
|
||||
|
||||
// revert to token.Authenticated post-invocation
|
||||
return new InterceptorStatusToken(authenticated, true, attr, object);
|
||||
SecurityContextHolder.setContext(runAsContext);
|
||||
|
||||
// revert to original context post-invocation
|
||||
return new InterceptorStatusToken(originalContext, true, attr, object);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
+6
-5
@@ -17,6 +17,7 @@ package org.springframework.security.intercept;
|
||||
|
||||
import org.springframework.security.Authentication;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
import org.springframework.security.context.SecurityContext;
|
||||
|
||||
|
||||
/**
|
||||
@@ -32,16 +33,16 @@ import org.springframework.security.ConfigAttributeDefinition;
|
||||
public class InterceptorStatusToken {
|
||||
//~ Instance fields ================================================================================================
|
||||
|
||||
private Authentication authentication;
|
||||
private SecurityContext context;
|
||||
private ConfigAttributeDefinition attr;
|
||||
private Object secureObject;
|
||||
private boolean contextHolderRefreshRequired;
|
||||
|
||||
//~ Constructors ===================================================================================================
|
||||
|
||||
public InterceptorStatusToken(Authentication authentication, boolean contextHolderRefreshRequired,
|
||||
public InterceptorStatusToken(SecurityContext context, boolean contextHolderRefreshRequired,
|
||||
ConfigAttributeDefinition attr, Object secureObject) {
|
||||
this.authentication = authentication;
|
||||
this.context = context;
|
||||
this.contextHolderRefreshRequired = contextHolderRefreshRequired;
|
||||
this.attr = attr;
|
||||
this.secureObject = secureObject;
|
||||
@@ -53,8 +54,8 @@ public class InterceptorStatusToken {
|
||||
return attr;
|
||||
}
|
||||
|
||||
public Authentication getAuthentication() {
|
||||
return authentication;
|
||||
public SecurityContext getSecurityContext() {
|
||||
return context;
|
||||
}
|
||||
|
||||
public Object getSecureObject() {
|
||||
|
||||
+8
@@ -60,6 +60,7 @@ public final class ProtectPointcutPostProcessor implements BeanPostProcessor {
|
||||
private Map pointcutMap = new LinkedHashMap(); /** Key: string-based pointcut, value: ConfigAttributeDefinition */
|
||||
private MapBasedMethodDefinitionSource mapBasedMethodDefinitionSource;
|
||||
private PointcutParser parser;
|
||||
private final Set processedBeans = new HashSet();
|
||||
|
||||
public ProtectPointcutPostProcessor(MapBasedMethodDefinitionSource mapBasedMethodDefinitionSource) {
|
||||
Assert.notNull(mapBasedMethodDefinitionSource, "MapBasedMethodDefinitionSource to populate is required");
|
||||
@@ -85,6 +86,11 @@ public final class ProtectPointcutPostProcessor implements BeanPostProcessor {
|
||||
}
|
||||
|
||||
public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException {
|
||||
if (processedBeans.contains(beanName)) {
|
||||
// We already have the metadata for this bean
|
||||
return bean;
|
||||
}
|
||||
|
||||
// Obtain methods for the present bean
|
||||
Method[] methods;
|
||||
try {
|
||||
@@ -110,6 +116,8 @@ public final class ProtectPointcutPostProcessor implements BeanPostProcessor {
|
||||
}
|
||||
}
|
||||
|
||||
processedBeans.add(beanName);
|
||||
|
||||
return bean;
|
||||
}
|
||||
|
||||
|
||||
+1
@@ -71,6 +71,7 @@ public class DefaultSpringSecurityContextSource extends LdapContextSource implem
|
||||
|
||||
env.put(Context.SECURITY_PRINCIPAL, userDn);
|
||||
env.put(Context.SECURITY_CREDENTIALS, credentials);
|
||||
env.remove(SUN_LDAP_POOLING_FLAG);
|
||||
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Creating context with principal: '" + userDn + "'");
|
||||
|
||||
+11
-6
@@ -193,22 +193,27 @@ public class SpringSecurityLdapTemplate extends LdapTemplate {
|
||||
return (DirContextOperations) executeReadOnly(new ContextExecutor() {
|
||||
public Object executeWithContext(DirContext ctx) throws NamingException {
|
||||
DistinguishedName ctxBaseDn = new DistinguishedName(ctx.getNameInNamespace());
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Searching for entry in under DN '" + ctxBaseDn
|
||||
+ "', base = '" + base + "', filter = '" + filter + "'");
|
||||
}
|
||||
|
||||
NamingEnumeration resultsEnum = ctx.search(base, filter, params, searchControls);
|
||||
Set results = new HashSet();
|
||||
try {
|
||||
while (resultsEnum.hasMore()) {
|
||||
|
||||
SearchResult searchResult = (SearchResult) resultsEnum.next();
|
||||
// Work out the DN of the matched entry
|
||||
StringBuffer dn = new StringBuffer(searchResult.getName());
|
||||
DistinguishedName dn = new DistinguishedName(searchResult.getName());
|
||||
|
||||
if (base.length() > 0) {
|
||||
dn.append(",");
|
||||
dn.append(base);
|
||||
dn.prepend(new DistinguishedName(base));
|
||||
}
|
||||
|
||||
results.add(new DirContextAdapter(searchResult.getAttributes(),
|
||||
new DistinguishedName(dn.toString()), ctxBaseDn));
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Found DN: " + dn);
|
||||
}
|
||||
results.add(new DirContextAdapter(searchResult.getAttributes(), dn, ctxBaseDn));
|
||||
}
|
||||
} catch (PartialResultException e) {
|
||||
logger.info("Ignoring PartialResultException");
|
||||
|
||||
+2
-6
@@ -158,7 +158,7 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, Appli
|
||||
Assert.hasLength(loginContextName, "loginContextName must be set on " + getClass());
|
||||
|
||||
configureJaas(loginConfig);
|
||||
|
||||
|
||||
Assert.notNull(Configuration.getConfiguration(),
|
||||
"As per http://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/Configuration.html "
|
||||
+ "\"If a Configuration object was set via the Configuration.setConfiguration method, then that object is "
|
||||
@@ -189,13 +189,9 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, Appli
|
||||
//Attempt to login the user, the LoginContext will call our InternalCallbackHandler at this point.
|
||||
loginContext.login();
|
||||
|
||||
//create a set to hold the authorities, and add any that have already been applied.
|
||||
//create a set to hold the authorities
|
||||
Set authorities = new HashSet();
|
||||
|
||||
if (request.getAuthorities() != null) {
|
||||
authorities.addAll(Arrays.asList(request.getAuthorities()));
|
||||
}
|
||||
|
||||
//get the subject principals and pass them to each of the AuthorityGranters
|
||||
Set principals = loginContext.getSubject().getPrincipals();
|
||||
|
||||
|
||||
+53
-29
@@ -15,22 +15,26 @@
|
||||
|
||||
package org.springframework.security.providers.ldap.authenticator;
|
||||
|
||||
import org.springframework.security.Authentication;
|
||||
import org.springframework.security.BadCredentialsException;
|
||||
import org.springframework.security.ldap.SpringSecurityContextSource;
|
||||
import org.springframework.security.ldap.SpringSecurityLdapTemplate;
|
||||
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.dao.DataAccessException;
|
||||
import org.springframework.ldap.core.ContextSource;
|
||||
import org.springframework.ldap.core.DirContextOperations;
|
||||
import org.springframework.ldap.core.DistinguishedName;
|
||||
import org.springframework.util.Assert;
|
||||
import java.util.Iterator;
|
||||
|
||||
import javax.naming.directory.Attributes;
|
||||
import javax.naming.directory.DirContext;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
|
||||
import javax.naming.directory.DirContext;
|
||||
import java.util.Iterator;
|
||||
import org.springframework.dao.DataAccessException;
|
||||
import org.springframework.ldap.NamingException;
|
||||
import org.springframework.ldap.core.ContextSource;
|
||||
import org.springframework.ldap.core.DirContextAdapter;
|
||||
import org.springframework.ldap.core.DirContextOperations;
|
||||
import org.springframework.ldap.core.DistinguishedName;
|
||||
import org.springframework.ldap.core.support.BaseLdapPathContextSource;
|
||||
import org.springframework.ldap.support.LdapUtils;
|
||||
import org.springframework.security.Authentication;
|
||||
import org.springframework.security.BadCredentialsException;
|
||||
import org.springframework.security.ldap.SpringSecurityContextSource;
|
||||
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
|
||||
/**
|
||||
@@ -91,21 +95,42 @@ public class BindAuthenticator extends AbstractLdapAuthenticator {
|
||||
return user;
|
||||
}
|
||||
|
||||
private DirContextOperations bindWithDn(String userDn, String username, String password) {
|
||||
SpringSecurityLdapTemplate template = new SpringSecurityLdapTemplate(
|
||||
new BindWithSpecificDnContextSource((SpringSecurityContextSource) getContextSource(), userDn, password));
|
||||
private DirContextOperations bindWithDn(String userDnStr, String username, String password) {
|
||||
BaseLdapPathContextSource ctxSource = (BaseLdapPathContextSource) getContextSource();
|
||||
DistinguishedName userDn = new DistinguishedName(userDnStr);
|
||||
DistinguishedName fullDn = new DistinguishedName(userDn);
|
||||
fullDn.prepend(ctxSource.getBaseLdapPath());
|
||||
BindWithSpecificDnContextSource specificDnContextSource = new BindWithSpecificDnContextSource(
|
||||
(SpringSecurityContextSource) getContextSource(), fullDn,
|
||||
password);
|
||||
logger.debug("Attemptimg to bind as " + fullDn);
|
||||
DirContext ctx = null;
|
||||
try {
|
||||
ctx = specificDnContextSource.getReadOnlyContext();
|
||||
|
||||
try {
|
||||
return template.retrieveEntry(userDn, getUserAttributes());
|
||||
Attributes attrs = ctx.getAttributes(userDn, getUserAttributes());
|
||||
|
||||
} catch (BadCredentialsException e) {
|
||||
// This will be thrown if an invalid user name is used and the method may
|
||||
// be called multiple times to try different names, so we trap the exception
|
||||
// unless a subclass wishes to implement more specialized behaviour.
|
||||
handleBindException(userDn, username, e.getCause());
|
||||
}
|
||||
DirContextAdapter result = new DirContextAdapter(attrs, userDn, ctxSource.getBaseLdapPath());
|
||||
|
||||
return result;
|
||||
} catch (NamingException e) {
|
||||
// This will be thrown if an invalid user name is used and the method may
|
||||
// be called multiple times to try different names, so we trap the exception
|
||||
// unless a subclass wishes to implement more specialized behaviour.
|
||||
if ((e instanceof org.springframework.ldap.AuthenticationException)
|
||||
|| (e instanceof org.springframework.ldap.OperationNotSupportedException)) {
|
||||
handleBindException(userDnStr, username, e);
|
||||
} else {
|
||||
throw e;
|
||||
}
|
||||
} catch (javax.naming.NamingException e) {
|
||||
throw LdapUtils.convertLdapException(e);
|
||||
} finally {
|
||||
LdapUtils.closeContext(ctx);
|
||||
}
|
||||
|
||||
return null;
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -120,13 +145,12 @@ public class BindAuthenticator extends AbstractLdapAuthenticator {
|
||||
|
||||
private class BindWithSpecificDnContextSource implements ContextSource {
|
||||
private SpringSecurityContextSource ctxFactory;
|
||||
DistinguishedName userDn;
|
||||
private DistinguishedName userDn;
|
||||
private String password;
|
||||
|
||||
public BindWithSpecificDnContextSource(SpringSecurityContextSource ctxFactory, String userDn, String password) {
|
||||
public BindWithSpecificDnContextSource(SpringSecurityContextSource ctxFactory, DistinguishedName userDn, String password) {
|
||||
this.ctxFactory = ctxFactory;
|
||||
this.userDn = new DistinguishedName(userDn);
|
||||
this.userDn.prepend(ctxFactory.getBaseLdapPath());
|
||||
this.userDn = userDn;
|
||||
this.password = password;
|
||||
}
|
||||
|
||||
|
||||
+19
-19
@@ -86,9 +86,9 @@ public class LdapShaPasswordEncoder implements PasswordEncoder {
|
||||
sha.update(rawPass.getBytes("UTF-8"));
|
||||
} catch (java.security.NoSuchAlgorithmException e) {
|
||||
throw new IllegalStateException("No SHA implementation available!");
|
||||
} catch (UnsupportedEncodingException ue) {
|
||||
throw new IllegalStateException("UTF-8 not supported!");
|
||||
}
|
||||
} catch (UnsupportedEncodingException ue) {
|
||||
throw new IllegalStateException("UTF-8 not supported!");
|
||||
}
|
||||
|
||||
if (salt != null) {
|
||||
Assert.isInstanceOf(byte[].class, salt, "Salt value must be a byte array");
|
||||
@@ -131,7 +131,7 @@ public class LdapShaPasswordEncoder implements PasswordEncoder {
|
||||
*/
|
||||
public boolean isPasswordValid(final String encPass, final String rawPass, Object salt) {
|
||||
String prefix = extractPrefix(encPass);
|
||||
|
||||
|
||||
if (prefix == null) {
|
||||
return encPass.equals(rawPass);
|
||||
}
|
||||
@@ -141,32 +141,32 @@ public class LdapShaPasswordEncoder implements PasswordEncoder {
|
||||
} else if (!prefix.equals(SHA_PREFIX) && !prefix.equals(SHA_PREFIX_LC)) {
|
||||
throw new IllegalArgumentException("Unsupported password prefix '" + prefix + "'");
|
||||
} else {
|
||||
// Standard SHA
|
||||
salt = null;
|
||||
// Standard SHA
|
||||
salt = null;
|
||||
}
|
||||
|
||||
int startOfHash = prefix.length() + 1;
|
||||
|
||||
int startOfHash = prefix.length();
|
||||
|
||||
String encodedRawPass = encodePassword(rawPass, salt).substring(startOfHash);
|
||||
|
||||
|
||||
return encodedRawPass.equals(encPass.substring(startOfHash));
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Returns the hash prefix or null if there isn't one.
|
||||
* Returns the hash prefix or null if there isn't one.
|
||||
*/
|
||||
private String extractPrefix(String encPass) {
|
||||
if (!encPass.startsWith("{")) {
|
||||
return null;
|
||||
return null;
|
||||
}
|
||||
|
||||
int secondBrace = encPass.lastIndexOf('}');
|
||||
|
||||
if (secondBrace < 0) {
|
||||
throw new IllegalArgumentException("Couldn't find closing brace for SHA prefix");
|
||||
}
|
||||
|
||||
return encPass.substring(0, secondBrace + 1);
|
||||
int secondBrace = encPass.lastIndexOf('}');
|
||||
|
||||
if (secondBrace < 0) {
|
||||
throw new IllegalArgumentException("Couldn't find closing brace for SHA prefix");
|
||||
}
|
||||
|
||||
return encPass.substring(0, secondBrace + 1);
|
||||
}
|
||||
|
||||
public void setForceLowerCasePrefix(boolean forceLowerCasePrefix) {
|
||||
|
||||
+1
-1
@@ -48,7 +48,7 @@ public class SessionFixationProtectionFilter extends SpringSecurityFilter {
|
||||
protected void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
|
||||
throws IOException, ServletException {
|
||||
// Session fixation isn't a problem if there's no session
|
||||
if(request.getSession(false) == null || request.getAttribute(FILTER_APPLIED) != null) {
|
||||
if(request.getSession(false) == null || request.getAttribute(FILTER_APPLIED) != null || !request.isRequestedSessionIdValid()) {
|
||||
chain.doFilter(request, response);
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -28,38 +28,37 @@ import org.springframework.util.StringUtils;
|
||||
|
||||
/**
|
||||
* Default implementation for {@link TargetUrlResolver}
|
||||
* <p>
|
||||
* Returns a target URL based from the contents of the configured <tt>targetUrlParameter</tt> if present on
|
||||
* the current request. Failing that, the SavedRequest in the session will be used.
|
||||
*
|
||||
* <p/>
|
||||
* Returns a target URL based from the contents of the configured <tt>targetUrlParameter</tt> if present on
|
||||
* the current request. Failing that, the SavedRequest in the session will be used.
|
||||
*
|
||||
* @author Martino Piccinato
|
||||
* @author Luke Taylor
|
||||
* @version $Id$
|
||||
* @since 2.0
|
||||
*
|
||||
*/
|
||||
public class TargetUrlResolverImpl implements TargetUrlResolver {
|
||||
public static String DEFAULT_TARGET_PARAMETER = "spring-security-redirect";
|
||||
|
||||
|
||||
/* SEC-213 */
|
||||
private String targetUrlParameter = DEFAULT_TARGET_PARAMETER;
|
||||
|
||||
/**
|
||||
* If <code>true</code>, will only use <code>SavedRequest</code> to determine the target URL on successful
|
||||
|
||||
/**
|
||||
* If <code>true</code>, will only use <code>SavedRequest</code> to determine the target URL on successful
|
||||
* authentication if the request that caused the authentication request was a GET.
|
||||
* It will then return null for a POST/PUT request.
|
||||
* Defaults to false.
|
||||
*/
|
||||
private boolean justUseSavedRequestOnGet = false;
|
||||
*/
|
||||
private boolean justUseSavedRequestOnGet = false;
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.acegisecurity.ui.TargetUrlResolver#determineTargetUrl(org.acegisecurity.ui.savedrequest.SavedRequest, javax.servlet.http.HttpServletRequest, org.acegisecurity.Authentication)
|
||||
*/
|
||||
public String determineTargetUrl(SavedRequest savedRequest, HttpServletRequest currentRequest,
|
||||
Authentication auth) {
|
||||
* @see org.acegisecurity.ui.TargetUrlResolver#determineTargetUrl(org.acegisecurity.ui.savedrequest.SavedRequest, javax.servlet.http.HttpServletRequest, org.acegisecurity.Authentication)
|
||||
*/
|
||||
public String determineTargetUrl(SavedRequest savedRequest, HttpServletRequest currentRequest,
|
||||
Authentication auth) {
|
||||
|
||||
String targetUrl = currentRequest.getParameter(targetUrlParameter);
|
||||
|
||||
|
||||
if (StringUtils.hasText(targetUrl)) {
|
||||
try {
|
||||
return URLDecoder.decode(targetUrl, "UTF-8");
|
||||
@@ -75,35 +74,34 @@ public class TargetUrlResolverImpl implements TargetUrlResolver {
|
||||
}
|
||||
|
||||
return targetUrl;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @return <code>true</code> if just GET request will be used
|
||||
* to determine target URLs, <code>false</code> otherwise.
|
||||
*/
|
||||
protected boolean isJustUseSavedRequestOnGet() {
|
||||
return justUseSavedRequestOnGet;
|
||||
}
|
||||
/**
|
||||
* @return <code>true</code> if just GET request will be used
|
||||
* to determine target URLs, <code>false</code> otherwise.
|
||||
*/
|
||||
protected boolean isJustUseSavedRequestOnGet() {
|
||||
return justUseSavedRequestOnGet;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param justUseSavedRequestOnGet set to <code>true</code> if
|
||||
* just GET request will be used to determine target URLs,
|
||||
* <code>false</code> otherwise.
|
||||
*/
|
||||
public void setJustUseSavedRequestOnGet(boolean justUseSavedRequestOnGet) {
|
||||
this.justUseSavedRequestOnGet = justUseSavedRequestOnGet;
|
||||
}
|
||||
/**
|
||||
* @param justUseSavedRequestOnGet set to <code>true</code> if
|
||||
* just GET request will be used to determine target URLs,
|
||||
* <code>false</code> otherwise.
|
||||
*/
|
||||
public void setJustUseSavedRequestOnGet(boolean justUseSavedRequestOnGet) {
|
||||
this.justUseSavedRequestOnGet = justUseSavedRequestOnGet;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Before checking the SavedRequest, the current request will be checked for this parameter
|
||||
* and the value used as the target URL if resent.
|
||||
*
|
||||
* @param targetUrlParameter the name of the parameter containing the encoded target URL. Defaults
|
||||
* to "redirect".
|
||||
*/
|
||||
public void setTargetUrlParameter(String targetUrlParameter) {
|
||||
Assert.hasText("targetUrlParamete canot be null or empty");
|
||||
/**
|
||||
* Before checking the SavedRequest, the current request will be checked for this parameter
|
||||
* and the value used as the target URL if resent.
|
||||
*
|
||||
* @param targetUrlParameter the name of the parameter containing the encoded target URL. Defaults
|
||||
* to "redirect".
|
||||
*/
|
||||
public void setTargetUrlParameter(String targetUrlParameter) {
|
||||
Assert.hasText("targetUrlParameter cannot be null or empty");
|
||||
this.targetUrlParameter = targetUrlParameter;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -21,11 +21,17 @@ import org.springframework.beans.BeansException;
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.context.ApplicationContextAware;
|
||||
import org.springframework.security.firewall.DefaultHttpFirewall;
|
||||
import org.springframework.security.firewall.FirewalledRequest;
|
||||
import org.springframework.security.firewall.HttpFirewall;
|
||||
import org.springframework.security.intercept.web.*;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.web.filter.DelegatingFilterProxy;
|
||||
|
||||
import javax.servlet.*;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.*;
|
||||
|
||||
@@ -34,7 +40,7 @@ import java.util.*;
|
||||
* Delegates <code>Filter</code> requests to a list of Spring-managed beans.
|
||||
* As of version 2.0, you shouldn't need to explicitly configure a <tt>FilterChainProxy</tt> bean in your application
|
||||
* context unless you need very fine control over the filter chain contents. Most cases should be adequately covered
|
||||
* by the default <tt><security:http /></tt> namespace configuration options.
|
||||
* by the default <tt><security:http /></tt> namespace configuration options.
|
||||
*
|
||||
* <p>The <code>FilterChainProxy</code> is loaded via a standard Spring {@link DelegatingFilterProxy} declaration in
|
||||
* <code>web.xml</code>. <code>FilterChainProxy</code> will then pass {@link #init(FilterConfig)}, {@link #destroy()}
|
||||
@@ -90,6 +96,7 @@ import java.util.*;
|
||||
* @author Carlos Sanchez
|
||||
* @author Ben Alex
|
||||
* @author Luke Taylor
|
||||
* @author Rob Winch
|
||||
*
|
||||
* @version $Id$
|
||||
*/
|
||||
@@ -109,6 +116,7 @@ public class FilterChainProxy implements Filter, InitializingBean, ApplicationCo
|
||||
private UrlMatcher matcher = new AntUrlPathMatcher();
|
||||
private boolean stripQueryStringFromUrls = true;
|
||||
private DefaultFilterInvocationDefinitionSource fids;
|
||||
private HttpFirewall firewall = new DefaultHttpFirewall();
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
@@ -154,10 +162,13 @@ public class FilterChainProxy implements Filter, InitializingBean, ApplicationCo
|
||||
}
|
||||
}
|
||||
|
||||
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
|
||||
public void doFilter(ServletRequest servletRequest, ServletResponse response, FilterChain chain)
|
||||
throws IOException, ServletException {
|
||||
|
||||
FilterInvocation fi = new FilterInvocation(request, response, chain);
|
||||
FirewalledRequest fwRequest = firewall.getFirewalledRequest((HttpServletRequest) servletRequest);
|
||||
HttpServletResponse fwResponse = firewall.getFirewalledResponse((HttpServletResponse) response);
|
||||
|
||||
FilterInvocation fi = new FilterInvocation(fwRequest, fwResponse, chain);
|
||||
List filters = getFilters(fi.getRequestUrl());
|
||||
|
||||
if (filters == null || filters.size() == 0) {
|
||||
@@ -166,12 +177,14 @@ public class FilterChainProxy implements Filter, InitializingBean, ApplicationCo
|
||||
filters == null ? " has no matching filters" : " has an empty filter list");
|
||||
}
|
||||
|
||||
chain.doFilter(request, response);
|
||||
fwRequest.reset();
|
||||
|
||||
chain.doFilter(fwRequest, response);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
VirtualFilterChain virtualFilterChain = new VirtualFilterChain(fi, filters);
|
||||
VirtualFilterChain virtualFilterChain = new VirtualFilterChain(fi, filters, fwRequest);
|
||||
virtualFilterChain.doFilter(fi.getRequest(), fi.getResponse());
|
||||
}
|
||||
|
||||
@@ -330,6 +343,10 @@ public class FilterChainProxy implements Filter, InitializingBean, ApplicationCo
|
||||
return matcher;
|
||||
}
|
||||
|
||||
public void setFirewall(HttpFirewall firewall) {
|
||||
this.firewall = firewall;
|
||||
}
|
||||
|
||||
/**
|
||||
* If set to 'true', the query string will be stripped from the request URL before
|
||||
* attempting to find a matching filter chain. This is the default value.
|
||||
@@ -360,11 +377,13 @@ public class FilterChainProxy implements Filter, InitializingBean, ApplicationCo
|
||||
private static class VirtualFilterChain implements FilterChain {
|
||||
private FilterInvocation fi;
|
||||
private List additionalFilters;
|
||||
private FirewalledRequest firewalledRequest;
|
||||
private int currentPosition = 0;
|
||||
|
||||
private VirtualFilterChain(FilterInvocation filterInvocation, List additionalFilters) {
|
||||
private VirtualFilterChain(FilterInvocation filterInvocation, List additionalFilters, FirewalledRequest firewalledRequest) {
|
||||
this.fi = filterInvocation;
|
||||
this.additionalFilters = additionalFilters;
|
||||
this.firewalledRequest = firewalledRequest;
|
||||
}
|
||||
|
||||
public void doFilter(ServletRequest request, ServletResponse response)
|
||||
@@ -374,6 +393,8 @@ public class FilterChainProxy implements Filter, InitializingBean, ApplicationCo
|
||||
logger.debug(fi.getRequestUrl()
|
||||
+ " reached end of additional filter chain; proceeding with original chain");
|
||||
}
|
||||
// Deactivate path stripping as we exit the security filter chain
|
||||
this.firewalledRequest.reset();
|
||||
|
||||
fi.getChain().doFilter(request, response);
|
||||
} else {
|
||||
|
||||
+1
-1
@@ -15,7 +15,7 @@ public class InMemoryXmlApplicationContext extends AbstractXmlApplicationContext
|
||||
" xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'\n" +
|
||||
" xsi:schemaLocation='http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd\n" +
|
||||
"http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-2.0.xsd\n" +
|
||||
"http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.2.xsd'>\n";
|
||||
"http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.6.xsd'>\n";
|
||||
private static final String BEANS_CLOSE = "</b:beans>\n";
|
||||
|
||||
Resource inMemoryXml;
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
http\://www.springframework.org/schema/security/spring-security.xsd=org/springframework/security/config/spring-security-2.0.4.xsd
|
||||
http\://www.springframework.org/schema/security/spring-security.xsd=org/springframework/security/config/spring-security-2.0.6.xsd
|
||||
http\://www.springframework.org/schema/security/spring-security-2.0.xsd=org/springframework/security/config/spring-security-2.0.xsd
|
||||
http\://www.springframework.org/schema/security/spring-security-2.0.1.xsd=org/springframework/security/config/spring-security-2.0.1.xsd
|
||||
http\://www.springframework.org/schema/security/spring-security-2.0.2.xsd=org/springframework/security/config/spring-security-2.0.2.xsd
|
||||
http\://www.springframework.org/schema/security/spring-security-2.0.4.xsd=org/springframework/security/config/spring-security-2.0.4.xsd
|
||||
http\://www.springframework.org/schema/security/spring-security-2.0.6.xsd=org/springframework/security/config/spring-security-2.0.6.xsd
|
||||
|
||||
+68
-67
@@ -8,7 +8,7 @@ start = http | ldap-server | authentication-provider | ldap-authentication-provi
|
||||
hash =
|
||||
## Defines the hashing algorithm used on user passwords. We recommend strongly against using MD4, as it is a very weak hashing algorithm.
|
||||
attribute hash {"plaintext" | "sha" | "sha-256" | "md5" | "md4" | "{sha}" | "{ssha}"}
|
||||
base64 =
|
||||
base64 =
|
||||
## Whether a string should be base64 encoded
|
||||
attribute base64 {"true" | "false"}
|
||||
path-type =
|
||||
@@ -20,9 +20,9 @@ port =
|
||||
url =
|
||||
## Specifies a URL.
|
||||
attribute url { xsd:string }
|
||||
id =
|
||||
id =
|
||||
## A bean identifier, used for referring to the bean elsewhere in the context.
|
||||
attribute id {xsd:ID}
|
||||
attribute id {xsd:ID}
|
||||
ref =
|
||||
## Defines a reference to a Spring bean Id.
|
||||
attribute ref {xsd:string}
|
||||
@@ -35,26 +35,26 @@ user-service-ref =
|
||||
## A reference to a user-service (or UserDetailsService bean) Id
|
||||
attribute user-service-ref {xsd:string}
|
||||
|
||||
data-source-ref =
|
||||
data-source-ref =
|
||||
## A reference to a DataSource bean
|
||||
attribute data-source-ref {xsd:string}
|
||||
|
||||
password-encoder =
|
||||
attribute data-source-ref {xsd:string}
|
||||
|
||||
password-encoder =
|
||||
## element which defines a password encoding strategy. Used by an authentication provider to convert submitted passwords to hashed versions, for example.
|
||||
element password-encoder {password-encoder.attlist, salt-source?}
|
||||
element password-encoder {password-encoder.attlist, salt-source?}
|
||||
password-encoder.attlist &=
|
||||
ref | (hash? & base64?)
|
||||
|
||||
|
||||
salt-source =
|
||||
## Password salting strategy. A system-wide constant or a property from the UserDetails object can be used.
|
||||
element salt-source {user-property | system-wide}
|
||||
user-property =
|
||||
## A property of the UserDetails object which will be used as salt by a password encoder. Typically something like "username" might be used.
|
||||
## A property of the UserDetails object which will be used as salt by a password encoder. Typically something like "username" might be used.
|
||||
attribute user-property {xsd:string}
|
||||
system-wide =
|
||||
## A single value that will be used as the salt for a password encoder.
|
||||
## A single value that will be used as the salt for a password encoder.
|
||||
attribute system-wide {xsd:string}
|
||||
|
||||
|
||||
boolean = "true" | "false"
|
||||
|
||||
role-prefix =
|
||||
@@ -63,16 +63,16 @@ role-prefix =
|
||||
|
||||
|
||||
ldap-server =
|
||||
## Defines an LDAP server location or starts an embedded server. The url indicates the location of a remote server. If no url is given, an embedded server will be started, listening on the supplied port number. The port is optional and defaults to 33389. A Spring LDAP ContextSource bean will be registered for the server with the id supplied.
|
||||
## Defines an LDAP server location or starts an embedded server. The url indicates the location of a remote server. If no url is given, an embedded server will be started, listening on the supplied port number. The port is optional and defaults to 33389. A Spring LDAP ContextSource bean will be registered for the server with the id supplied.
|
||||
element ldap-server {ldap-server.attlist}
|
||||
ldap-server.attlist &= id?
|
||||
ldap-server.attlist &= (url | port)?
|
||||
ldap-server.attlist &=
|
||||
## Username (DN) of the "manager" user identity which will be used to authenticate to a (non-embedded) LDAP server. If omitted, anonymous access will be used.
|
||||
## Username (DN) of the "manager" user identity which will be used to authenticate to a (non-embedded) LDAP server. If omitted, anonymous access will be used.
|
||||
attribute manager-dn {xsd:string}?
|
||||
ldap-server.attlist &=
|
||||
## The password for the manager DN.
|
||||
attribute manager-password {xsd:string}?
|
||||
attribute manager-password {xsd:string}?
|
||||
ldap-server.attlist &=
|
||||
## Explicitly specifies an ldif file resource to load into an embedded LDAP server
|
||||
attribute ldif { xsd:string }?
|
||||
@@ -81,14 +81,14 @@ ldap-server.attlist &=
|
||||
attribute root { xsd:string }?
|
||||
|
||||
ldap-server-ref-attribute =
|
||||
## The optional server to use. If omitted, and a default LDAP server is registered (using <ldap-server> with no Id), that server will be used.
|
||||
## The optional server to use. If omitted, and a default LDAP server is registered (using <ldap-server> with no Id), that server will be used.
|
||||
attribute server-ref {xsd:string}
|
||||
|
||||
|
||||
group-search-filter-attribute =
|
||||
group-search-filter-attribute =
|
||||
## Group search filter. Defaults to (uniqueMember={0}). The substituted parameter is the DN of the user.
|
||||
attribute group-search-filter {xsd:string}
|
||||
group-search-base-attribute =
|
||||
group-search-base-attribute =
|
||||
## Search base for group membership searches. Defaults to "" (searching from the root).
|
||||
attribute group-search-base {xsd:string}
|
||||
user-search-filter-attribute =
|
||||
@@ -100,14 +100,14 @@ user-search-base-attribute =
|
||||
group-role-attribute-attribute =
|
||||
## The LDAP attribute name which contains the role name which will be used within Spring Security. Defaults to "cn".
|
||||
attribute group-role-attribute {xsd:string}
|
||||
user-details-class-attribute =
|
||||
user-details-class-attribute =
|
||||
## Allows the objectClass of the user entry to be specified. If set, the framework will attempt to load standard attributes for the defined class into the returned UserDetails object
|
||||
attribute user-details-class {"person" | "inetOrgPerson"}
|
||||
|
||||
|
||||
ldap-user-service =
|
||||
element ldap-user-service {ldap-us.attlist}
|
||||
ldap-us.attlist &= id?
|
||||
ldap-us.attlist &= id?
|
||||
ldap-us.attlist &=
|
||||
ldap-server-ref-attribute?
|
||||
ldap-us.attlist &=
|
||||
@@ -138,7 +138,7 @@ ldap-ap.attlist &=
|
||||
user-search-filter-attribute?
|
||||
ldap-ap.attlist &=
|
||||
group-search-base-attribute?
|
||||
ldap-ap.attlist &=
|
||||
ldap-ap.attlist &=
|
||||
group-search-filter-attribute?
|
||||
ldap-ap.attlist &=
|
||||
group-role-attribute-attribute?
|
||||
@@ -153,7 +153,7 @@ ldap-ap.attlist &=
|
||||
password-compare-element =
|
||||
## Specifies that an LDAP provider should use an LDAP compare operation of the user's password to authenticate the user
|
||||
element password-compare {password-compare.attlist, password-encoder?}
|
||||
|
||||
|
||||
password-compare.attlist &=
|
||||
## The attribute in the directory which contains the user password. Defaults to "userPassword".
|
||||
attribute password-attribute {xsd:string}?
|
||||
@@ -181,7 +181,7 @@ protect.attlist &=
|
||||
|
||||
global-method-security =
|
||||
## Provides method security for all beans registered in the Spring application context. Specifically, beans will be scanned for Spring Security annotations and/or matches with the ordered list of "protect-pointcut" sub-elements. Where there is a match, the beans will automatically be proxied and security authorization applied to the methods accordingly. If you use and enable all three sources of method security metadata (ie "protect-pointcut" declarations, @Secured and also JSR 250 security annotations), the metadata sources will be queried in that order. In practical terms, this enables you to use XML to override method security metadata expressed by way of @Secured annotations, with @Secured annotations overriding method security metadata expressed by JSR 250 annotations. It is perfectly acceptable to mix and match, with a given Java type using a combination of XML, @Secured and JSR 250 to express method security metadata (albeit on different methods).
|
||||
element global-method-security {global-method-security.attlist, protect-pointcut*}
|
||||
element global-method-security {global-method-security.attlist, protect-pointcut*}
|
||||
global-method-security.attlist &=
|
||||
## Specifies whether the use of Spring Security's @Secured annotations should be enabled for this application context. Please ensure you have the spring-security-tiger-xxx.jar on the classpath. Defaults to "disabled".
|
||||
attribute secured-annotations {"disabled" | "enabled" }?
|
||||
@@ -206,6 +206,9 @@ protect-pointcut.attlist &=
|
||||
## Access configuration attributes list that applies to all methods matching the pointcut, e.g. "ROLE_A,ROLE_B"
|
||||
attribute access {xsd:string}
|
||||
|
||||
http-firewall =
|
||||
## Allows a custom instance of HttpFirewall to be injected into the FilterChainProxy created by the namespace.
|
||||
element http-firewall {ref}
|
||||
|
||||
http =
|
||||
## Container element for HTTP security configuration
|
||||
@@ -265,16 +268,16 @@ intercept-url.attlist &=
|
||||
attribute requires-channel {"http" | "https" | "any"}?
|
||||
|
||||
logout =
|
||||
## Incorporates a logout processing filter. Most web applications require a logout filter, although you may not require one if you write a controller to provider similar logic.
|
||||
## Incorporates a logout processing filter. Most web applications require a logout filter, although you may not require one if you write a controller to provider similar logic.
|
||||
element logout {logout.attlist, empty}
|
||||
logout.attlist &=
|
||||
## Specifies the URL that will cause a logout. Spring Security will initialize a filter that responds to this particular URL. Defaults to /j_spring_security_logout if unspecified.
|
||||
## Specifies the URL that will cause a logout. Spring Security will initialize a filter that responds to this particular URL. Defaults to /j_spring_security_logout if unspecified.
|
||||
attribute logout-url {xsd:string}?
|
||||
logout.attlist &=
|
||||
## Specifies the URL to display once the user has logged out. If not specified, defaults to /.
|
||||
## Specifies the URL to display once the user has logged out. If not specified, defaults to /.
|
||||
attribute logout-success-url {xsd:string}?
|
||||
logout.attlist &=
|
||||
## Specifies whether a logout also causes HttpSession invalidation, which is generally desirable. If unspecified, defaults to true.
|
||||
## Specifies whether a logout also causes HttpSession invalidation, which is generally desirable. If unspecified, defaults to true.
|
||||
attribute invalidate-session {boolean}?
|
||||
|
||||
form-login =
|
||||
@@ -287,8 +290,8 @@ form-login.attlist &=
|
||||
## The URL that will be redirected to after successful authentication, if the user's previous action could not be resumed. This generally happens if the user visits a login page without having first requested a secured operation that triggers authentication. If unspecified, defaults to the root of the application.
|
||||
attribute default-target-url {xsd:string}?
|
||||
form-login.attlist &=
|
||||
## Whether the user should always be redirected to the default-target-url after login.
|
||||
attribute always-use-default-target {boolean}?
|
||||
## Whether the user should always be redirected to the default-target-url after login.
|
||||
attribute always-use-default-target {boolean}?
|
||||
form-login.attlist &=
|
||||
## The URL for the login page. If no login URL is specified, Spring Security will automatically create a login URL at /spring_security_login and a corresponding filter to render that login URL when requested.
|
||||
attribute login-page {xsd:string}?
|
||||
@@ -296,7 +299,7 @@ form-login.attlist &=
|
||||
## The URL for the login failure page. If no login failure URL is specified, Spring Security will automatically create a failure login URL at /spring_security_login?login_error and a corresponding filter to render that login failure URL when requested.
|
||||
attribute authentication-failure-url {xsd:string}?
|
||||
|
||||
openid-login =
|
||||
openid-login =
|
||||
## Sets up form login for authentication with an Open ID identity
|
||||
element openid-login {form-login.attlist, user-service-ref?, empty}
|
||||
|
||||
@@ -316,7 +319,7 @@ filter-chain.attlist &=
|
||||
attribute filters {xsd:string}
|
||||
|
||||
filter-invocation-definition-source =
|
||||
## Used to explicitly configure a FilterInvocationDefinitionSource bean for use with a FilterSecurityInterceptor. Usually only needed if you are configuring a FilterChainProxy explicitly, rather than using the <http> element. The intercept-url elements used should only contain pattern, method and access attributes. Any others will result in a configuration error.
|
||||
## Used to explicitly configure a FilterInvocationDefinitionSource bean for use with a FilterSecurityInterceptor. Usually only needed if you are configuring a FilterChainProxy explicitly, rather than using the <http> element. The intercept-url elements used should only contain pattern, method and access attributes. Any others will result in a configuration error.
|
||||
element filter-invocation-definition-source {fids.attlist, intercept-url+}
|
||||
fids.attlist &=
|
||||
id?
|
||||
@@ -348,34 +351,34 @@ concurrent-sessions.attlist &=
|
||||
## Allows you to define an alias for the SessionRegistry bean in order to access it in your own configuration
|
||||
attribute session-registry-alias {xsd:string}?
|
||||
concurrent-sessions.attlist &=
|
||||
## A reference to an external SessionRegistry implementation which will be used in place of the standard one.
|
||||
## A reference to an external SessionRegistry implementation which will be used in place of the standard one.
|
||||
attribute session-registry-ref {xsd:string}?
|
||||
|
||||
remember-me =
|
||||
## Sets up remember-me authentication. If used with the "key" attribute (or no attributes) the cookie-only implementation will be used. Specifying "token-repository-ref" or "remember-me-data-source-ref" will use the more secure, persisten token approach.
|
||||
## Sets up remember-me authentication. If used with the "key" attribute (or no attributes) the cookie-only implementation will be used. Specifying "token-repository-ref" or "remember-me-data-source-ref" will use the more secure, persisten token approach.
|
||||
element remember-me {remember-me.attlist}
|
||||
remember-me.attlist &=
|
||||
## The "key" used to identify cookies from a specific token-based remember-me application. You should set this to a unique value for your application.
|
||||
attribute key {xsd:string}?
|
||||
|
||||
|
||||
remember-me.attlist &=
|
||||
(token-repository-ref | remember-me-data-source-ref | remember-me-services-ref)
|
||||
|
||||
remember-me.attlist &=
|
||||
user-service-ref?
|
||||
|
||||
|
||||
remember-me.attlist &=
|
||||
## The period (in seconds) for which the remember-me cookie should be valid.
|
||||
## The period (in seconds) for which the remember-me cookie should be valid.
|
||||
attribute token-validity-seconds {xsd:positiveInteger}?
|
||||
|
||||
|
||||
token-repository-ref =
|
||||
## Reference to a PersistentTokenRepository bean for use with the persistent token remember-me implementation.
|
||||
## Reference to a PersistentTokenRepository bean for use with the persistent token remember-me implementation.
|
||||
attribute token-repository-ref {xsd:string}
|
||||
remember-me-services-ref =
|
||||
## Allows a custom implementation of RememberMeServices to be used. Note that this implementation should return RememberMeAuthenticationToken instances with the same "key" value as specified in the remember-me element. Alternatively it should register its own AuthenticationProvider.
|
||||
remember-me-services-ref =
|
||||
## Allows a custom implementation of RememberMeServices to be used. Note that this implementation should return RememberMeAuthenticationToken instances with the same "key" value as specified in the remember-me element. Alternatively it should register its own AuthenticationProvider.
|
||||
attribute services-ref {xsd:string}?
|
||||
remember-me-data-source-ref =
|
||||
## DataSource bean for the database that contains the token repository schema.
|
||||
## DataSource bean for the database that contains the token repository schema.
|
||||
data-source-ref
|
||||
|
||||
anonymous =
|
||||
@@ -384,39 +387,39 @@ anonymous =
|
||||
anonymous.attlist &=
|
||||
## The key shared between the provider and filter. This generally does not need to be set. If unset, it will default to "doesNotMatter".
|
||||
attribute key {xsd:string}?
|
||||
anonymous.attlist &=
|
||||
anonymous.attlist &=
|
||||
## The username that should be assigned to the anonymous request. This allows the principal to be identified, which may be important for logging and auditing. if unset, defaults to "anonymousUser".
|
||||
attribute username {xsd:string}?
|
||||
anonymous.attlist &=
|
||||
## The granted authority that should be assigned to the anonymous request. Commonly this is used to assign the anonymous request particular roles, which can subsequently be used in authorization decisions. If unset, defaults to "ROLE_ANONYMOUS".
|
||||
attribute granted-authority {xsd:string}?
|
||||
|
||||
port-mappings =
|
||||
port-mappings =
|
||||
## Defines the list of mappings between http and https ports for use in redirects
|
||||
element port-mappings {port-mappings.attlist, port-mapping+}
|
||||
|
||||
port-mappings.attlist &= empty
|
||||
|
||||
port-mapping =
|
||||
port-mapping =
|
||||
element port-mapping {http-port, https-port}
|
||||
|
||||
|
||||
http-port = attribute http {xsd:string}
|
||||
|
||||
https-port = attribute https {xsd:string}
|
||||
|
||||
|
||||
x509 =
|
||||
x509 =
|
||||
## Adds support for X.509 client authentication.
|
||||
element x509 {x509.attlist}
|
||||
x509.attlist &=
|
||||
x509.attlist &=
|
||||
## The regular expression used to obtain the username from the certificate's subject. Defaults to matching on the common name using the pattern "CN=(.*?),".
|
||||
attribute subject-principal-regex {xsd:string}?
|
||||
x509.attlist &=
|
||||
## Explicitly specifies which user-service should be used to load user data for X.509 authenticated clients. If ommitted, the default user-service will be used.
|
||||
## Explicitly specifies which user-service should be used to load user data for X.509 authenticated clients. If ommitted, the default user-service will be used.
|
||||
user-service-ref?
|
||||
|
||||
authentication-manager =
|
||||
## If you are using namespace configuration with Spring Security, an AuthenticationManager will automatically be registered. This element allows you to define an alias to allow you to reference the authentication-manager in your own beans.
|
||||
## If you are using namespace configuration with Spring Security, an AuthenticationManager will automatically be registered. This element allows you to define an alias to allow you to reference the authentication-manager in your own beans.
|
||||
element authentication-manager {authman.attlist}
|
||||
authman.attlist &=
|
||||
## The alias you wish to use for the AuthenticationManager bean
|
||||
@@ -427,10 +430,10 @@ authman.attlist &=
|
||||
|
||||
|
||||
authentication-provider =
|
||||
## Indicates that the contained user-service should be used as an authentication source.
|
||||
## Indicates that the contained user-service should be used as an authentication source.
|
||||
element authentication-provider {ap.attlist & any-user-service & password-encoder?}
|
||||
ap.attlist &=
|
||||
## Specifies a reference to a separately configured UserDetailsService from which to obtain authentication data.
|
||||
## Specifies a reference to a separately configured UserDetailsService from which to obtain authentication data.
|
||||
user-service-ref?
|
||||
|
||||
custom-authentication-provider =
|
||||
@@ -443,31 +446,31 @@ user-service =
|
||||
element user-service {id? & (properties-file | (user*))}
|
||||
properties-file =
|
||||
attribute properties {xsd:string}?
|
||||
|
||||
|
||||
user =
|
||||
## Represents a user in the application.
|
||||
## Represents a user in the application.
|
||||
element user {user.attlist, empty}
|
||||
user.attlist &=
|
||||
## The username assigned to the user.
|
||||
## The username assigned to the user.
|
||||
attribute name {xsd:string}
|
||||
user.attlist &=
|
||||
## The password assigned to the user. This may be hashed if the corresponding authentication provider supports hashing (remember to set the "hash" attribute of the "user-service" element).
|
||||
## The password assigned to the user. This may be hashed if the corresponding authentication provider supports hashing (remember to set the "hash" attribute of the "user-service" element).
|
||||
attribute password {xsd:string}
|
||||
user.attlist &=
|
||||
## One of more authorities granted to the user. Separate authorities with a comma (but no space). For example, "ROLE_USER,ROLE_ADMINISTRATOR"
|
||||
## One of more authorities granted to the user. Separate authorities with a comma (but no space). For example, "ROLE_USER,ROLE_ADMINISTRATOR"
|
||||
attribute authorities {xsd:string}
|
||||
user.attlist &=
|
||||
## Can be set to "true" to mark an account as locked and unusable.
|
||||
## Can be set to "true" to mark an account as locked and unusable.
|
||||
attribute locked {boolean}?
|
||||
user.attlist &=
|
||||
## Can be set to "true" to mark an account as disabled and unusable.
|
||||
## Can be set to "true" to mark an account as disabled and unusable.
|
||||
attribute disabled {boolean}?
|
||||
|
||||
jdbc-user-service =
|
||||
## Causes creation of a JDBC-based UserDetailsService.
|
||||
element jdbc-user-service {id? & jdbc-user-service.attlist}
|
||||
## Causes creation of a JDBC-based UserDetailsService.
|
||||
element jdbc-user-service {id? & jdbc-user-service.attlist}
|
||||
jdbc-user-service.attlist &=
|
||||
## The bean ID of the DataSource which provides the required tables.
|
||||
## The bean ID of the DataSource which provides the required tables.
|
||||
attribute data-source-ref {xsd:string}
|
||||
jdbc-user-service.attlist &=
|
||||
cache-ref?
|
||||
@@ -482,15 +485,15 @@ jdbc-user-service.attlist &=
|
||||
attribute group-authorities-by-username-query {xsd:string}?
|
||||
jdbc-user-service.attlist &=
|
||||
role-prefix?
|
||||
|
||||
|
||||
|
||||
any-user-service = user-service | jdbc-user-service | ldap-user-service
|
||||
|
||||
|
||||
custom-filter =
|
||||
## Used to indicate that a filter bean declaration should be incorporated into the security filter chain. If neither the 'after' or 'before' options are supplied, then the filter must implement the Ordered interface directly.
|
||||
## Used to indicate that a filter bean declaration should be incorporated into the security filter chain. If neither the 'after' or 'before' options are supplied, then the filter must implement the Ordered interface directly.
|
||||
element custom-filter {after | before | position}?
|
||||
after =
|
||||
## The filter immediately after which the custom-filter should be placed in the chain. This feature will only be needed by advanced users who wish to mix their own filters into the security filter chain and have some knowledge of the standard Spring Security filters. The filter names map to specific Spring Security implementation filters.
|
||||
## The filter immediately after which the custom-filter should be placed in the chain. This feature will only be needed by advanced users who wish to mix their own filters into the security filter chain and have some knowledge of the standard Spring Security filters. The filter names map to specific Spring Security implementation filters.
|
||||
attribute after {named-security-filter}
|
||||
before =
|
||||
## The filter immediately before which the custom-filter should be placed in the chain
|
||||
@@ -502,5 +505,3 @@ position =
|
||||
|
||||
|
||||
named-security-filter = "FIRST" | "CHANNEL_FILTER" | "CONCURRENT_SESSION_FILTER" | "SESSION_CONTEXT_INTEGRATION_FILTER" | "LOGOUT_FILTER" | "X509_FILTER" | "PRE_AUTH_FILTER" | "CAS_PROCESSING_FILTER" | "AUTHENTICATION_PROCESSING_FILTER" | "OPENID_PROCESSING_FILTER" |"BASIC_PROCESSING_FILTER" | "SERVLET_API_SUPPORT_FILTER" | "REMEMBER_ME_FILTER" | "ANONYMOUS_FILTER" | "EXCEPTION_TRANSLATION_FILTER" | "NTLM_FILTER" | "FILTER_SECURITY_INTERCEPTOR" | "SWITCH_USER_FILTER" | "LAST"
|
||||
|
||||
|
||||
+1147
File diff suppressed because it is too large
Load Diff
+14
@@ -24,6 +24,7 @@ import org.springframework.security.concurrent.ConcurrentLoginException;
|
||||
import org.springframework.security.concurrent.ConcurrentSessionControllerImpl;
|
||||
import org.springframework.security.concurrent.ConcurrentSessionFilter;
|
||||
import org.springframework.security.context.HttpSessionContextIntegrationFilter;
|
||||
import org.springframework.security.firewall.DefaultHttpFirewall;
|
||||
import org.springframework.security.intercept.web.FilterInvocation;
|
||||
import org.springframework.security.intercept.web.FilterInvocationDefinitionSource;
|
||||
import org.springframework.security.intercept.web.FilterSecurityInterceptor;
|
||||
@@ -661,6 +662,19 @@ public class HttpSecurityBeanDefinitionParserTests {
|
||||
assertTrue(attrDef.contains(new SecurityConfig("ROLE_B")));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void httpFirewallInjectionIsSupported() throws Exception {
|
||||
setContext(
|
||||
"<http-firewall ref='fw'/>" +
|
||||
"<http>" +
|
||||
" <form-login />" +
|
||||
"</http>" +
|
||||
"<b:bean id='fw' class='" + DefaultHttpFirewall.class.getName() +"'/>" +
|
||||
AUTH_PROVIDER_XML);
|
||||
FilterChainProxy fcp = (FilterChainProxy) appContext.getBean(BeanIds.FILTER_CHAIN_PROXY);
|
||||
assertSame(appContext.getBean("fw"), FieldUtils.getFieldValue(fcp, "firewall"));
|
||||
}
|
||||
|
||||
private void setContext(String context) {
|
||||
appContext = new InMemoryXmlApplicationContext(context);
|
||||
}
|
||||
|
||||
+44
@@ -0,0 +1,44 @@
|
||||
package org.springframework.security.firewall;
|
||||
|
||||
import static org.junit.Assert.fail;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
|
||||
/**
|
||||
* @author Luke Taylor
|
||||
*/
|
||||
public class DefaultHttpFirewallTests {
|
||||
public String[] unnormalizedPaths = {
|
||||
"/..",
|
||||
"/./path/",
|
||||
"/path/path/.",
|
||||
"/path/path//.",
|
||||
"./path/../path//.",
|
||||
"./path",
|
||||
".//path",
|
||||
"."
|
||||
};
|
||||
|
||||
@Test
|
||||
public void unnormalizedPathsAreRejected() throws Exception {
|
||||
DefaultHttpFirewall fw = new DefaultHttpFirewall();
|
||||
|
||||
MockHttpServletRequest request;
|
||||
for (String path : unnormalizedPaths) {
|
||||
request = new MockHttpServletRequest();
|
||||
request.setServletPath(path);
|
||||
try {
|
||||
fw.getFirewalledRequest(request);
|
||||
fail(path + " is un-normalized");
|
||||
} catch (RequestRejectedException expected) {
|
||||
}
|
||||
request.setPathInfo(path);
|
||||
try {
|
||||
fw.getFirewalledRequest(request);
|
||||
fail(path + " is un-normalized");
|
||||
} catch (RequestRejectedException expected) {
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,104 @@
|
||||
package org.springframework.security.firewall;
|
||||
|
||||
import static org.junit.Assert.*;
|
||||
import static org.mockito.Mockito.*;
|
||||
|
||||
import java.util.LinkedHashMap;
|
||||
import java.util.Map;
|
||||
|
||||
import javax.servlet.RequestDispatcher;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.junit.BeforeClass;
|
||||
import org.junit.Test;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
|
||||
/**
|
||||
* @author Luke Taylor
|
||||
*/
|
||||
public class RequestWrapperTests {
|
||||
private static Map<String, String> testPaths = new LinkedHashMap<String,String>();
|
||||
|
||||
@BeforeClass
|
||||
// Some of these may be unrealistic values, but we can't be sure because of the
|
||||
// inconsistency in the spec.
|
||||
public static void createTestMap() {
|
||||
testPaths.put("/path1;x=y;z=w/path2;x=y/path3;x=y", "/path1/path2/path3");
|
||||
testPaths.put("/path1;x=y/path2;x=y/", "/path1/path2/");
|
||||
testPaths.put("/path1//path2/", "/path1/path2/");
|
||||
testPaths.put("//path1/path2//", "/path1/path2/");
|
||||
testPaths.put(";x=y;z=w", "");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void pathParametersAreRemovedFromServletPath() {
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
|
||||
for (Map.Entry<String,String> entry : testPaths.entrySet()) {
|
||||
String path = entry.getKey();
|
||||
String expectedResult = entry.getValue();
|
||||
request.setServletPath(path);
|
||||
RequestWrapper wrapper = new RequestWrapper(request);
|
||||
assertEquals(expectedResult, wrapper.getServletPath());
|
||||
wrapper.reset();
|
||||
assertEquals(path, wrapper.getServletPath());
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void pathParametersAreRemovedFromPathInfo() {
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
|
||||
for (Map.Entry<String,String> entry : testPaths.entrySet()) {
|
||||
String path = entry.getKey();
|
||||
String expectedResult = entry.getValue();
|
||||
// Should be null when stripped value is empty
|
||||
if (expectedResult.length() == 0) {
|
||||
expectedResult = null;
|
||||
}
|
||||
request.setPathInfo(path);
|
||||
RequestWrapper wrapper = new RequestWrapper(request);
|
||||
assertEquals(expectedResult, wrapper.getPathInfo());
|
||||
wrapper.reset();
|
||||
assertEquals(path, wrapper.getPathInfo());
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void resetWhenForward() throws Exception {
|
||||
String denormalizedPath = testPaths.keySet().iterator().next();
|
||||
String forwardPath = "/forward/path";
|
||||
HttpServletRequest mockRequest = mock(HttpServletRequest.class);
|
||||
HttpServletResponse mockResponse = mock(HttpServletResponse.class);
|
||||
RequestDispatcher mockDispatcher = mock(RequestDispatcher.class);
|
||||
when(mockRequest.getServletPath()).thenReturn("");
|
||||
when(mockRequest.getPathInfo()).thenReturn(denormalizedPath);
|
||||
when(mockRequest.getRequestDispatcher(forwardPath)).thenReturn(mockDispatcher);
|
||||
|
||||
RequestWrapper wrapper = new RequestWrapper(mockRequest);
|
||||
RequestDispatcher dispatcher = wrapper.getRequestDispatcher(forwardPath);
|
||||
dispatcher.forward(mockRequest, mockResponse);
|
||||
|
||||
verify(mockRequest).getRequestDispatcher(forwardPath);
|
||||
verify(mockDispatcher).forward(mockRequest, mockResponse);
|
||||
assertEquals(denormalizedPath,wrapper.getPathInfo());
|
||||
verify(mockRequest,times(2)).getPathInfo();
|
||||
// validate wrapper.getServletPath() delegates to the mock
|
||||
wrapper.getServletPath();
|
||||
verify(mockRequest,times(2)).getServletPath();
|
||||
verifyNoMoreInteractions(mockRequest,mockResponse,mockDispatcher);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void requestDispatcherNotWrappedAfterReset() {
|
||||
String path = "/forward/path";
|
||||
HttpServletRequest request = mock(HttpServletRequest.class);
|
||||
RequestDispatcher dispatcher = mock(RequestDispatcher.class);
|
||||
when(request.getRequestDispatcher(path)).thenReturn(dispatcher);
|
||||
RequestWrapper wrapper = new RequestWrapper(request);
|
||||
wrapper.reset();
|
||||
assertSame(dispatcher, wrapper.getRequestDispatcher(path));
|
||||
}
|
||||
|
||||
}
|
||||
+6
-3
@@ -18,6 +18,8 @@ package org.springframework.security.intercept;
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
import org.springframework.security.context.SecurityContext;
|
||||
import org.springframework.security.context.SecurityContextImpl;
|
||||
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.util.SimpleMethodInvocation;
|
||||
|
||||
@@ -58,12 +60,13 @@ public class InterceptorStatusTokenTests extends TestCase {
|
||||
ConfigAttributeDefinition attr = new ConfigAttributeDefinition("FOO");
|
||||
MethodInvocation mi = new SimpleMethodInvocation();
|
||||
|
||||
InterceptorStatusToken token = new InterceptorStatusToken(new UsernamePasswordAuthenticationToken("rod",
|
||||
"koala"), true, attr, mi);
|
||||
SecurityContext ctx = new SecurityContextImpl();
|
||||
|
||||
InterceptorStatusToken token = new InterceptorStatusToken(ctx, true, attr, mi);
|
||||
|
||||
assertTrue(token.isContextHolderRefreshRequired());
|
||||
assertEquals(attr, token.getAttr());
|
||||
assertEquals(mi, token.getSecureObject());
|
||||
assertEquals("rod", token.getAuthentication().getPrincipal());
|
||||
assertSame(ctx, token.getSecurityContext());
|
||||
}
|
||||
}
|
||||
|
||||
+6
-1
@@ -34,6 +34,7 @@ import org.springframework.security.MockAuthenticationManager;
|
||||
import org.springframework.security.MockRunAsManager;
|
||||
import org.springframework.security.RunAsManager;
|
||||
|
||||
import org.springframework.security.context.SecurityContext;
|
||||
import org.springframework.security.context.SecurityContextHolder;
|
||||
|
||||
import org.springframework.security.intercept.method.MethodDefinitionSource;
|
||||
@@ -166,11 +167,15 @@ public class MethodSecurityInterceptorTests extends TestCase {
|
||||
public void testMethodCallWithRunAsReplacement() throws Exception {
|
||||
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
|
||||
new GrantedAuthority[] {new GrantedAuthorityImpl("MOCK_UPPER")});
|
||||
SecurityContextHolder.getContext().setAuthentication(token);
|
||||
SecurityContext ctx = SecurityContextHolder.getContext();
|
||||
ctx.setAuthentication(token);
|
||||
|
||||
ITargetObject target = makeInterceptedTarget();
|
||||
String result = target.makeUpperCase("hello");
|
||||
assertEquals("HELLO org.springframework.security.MockRunAsAuthenticationToken true", result);
|
||||
// Check reset afterwards
|
||||
assertSame(ctx, SecurityContextHolder.getContext());
|
||||
assertSame(token, SecurityContextHolder.getContext().getAuthentication());
|
||||
}
|
||||
|
||||
public void testMethodCallWithoutRunAsReplacement()
|
||||
|
||||
+28
-3
@@ -1,12 +1,17 @@
|
||||
package org.springframework.security.ldap;
|
||||
|
||||
import static org.junit.Assert.assertNull;
|
||||
|
||||
import javax.naming.directory.DirContext;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.springframework.security.BadCredentialsException;
|
||||
|
||||
/**
|
||||
* @author Luke Taylor
|
||||
* @version $Id$
|
||||
*/
|
||||
public class DefaultSpringSecurityContextSourceTests {
|
||||
public class DefaultSpringSecurityContextSourceTests extends AbstractLdapIntegrationTests {
|
||||
|
||||
@Test
|
||||
public void instantiationSucceeds() {
|
||||
@@ -15,7 +20,27 @@ public class DefaultSpringSecurityContextSourceTests {
|
||||
|
||||
@Test
|
||||
public void supportsSpacesInUrl() {
|
||||
new DefaultSpringSecurityContextSource("ldap://myhost:10389/dc=spring%20framework,dc=org");
|
||||
new DefaultSpringSecurityContextSource("ldap://myhost:10389/dc=spring%20framework,dc=org");
|
||||
}
|
||||
|
||||
|
||||
@Test
|
||||
public void poolingIsntUsedForSingleUser() throws Exception {
|
||||
DirContext ctx = getContextSource().getReadWriteContext("uid=Bob,ou=people,dc=springframework,dc=org", "bobspassword");
|
||||
//com.sun.jndi.ldap.LdapPoolManager.showStats(System.out);
|
||||
assertNull(ctx.getEnvironment().get("com.sun.jndi.ldap.connect.pool"));
|
||||
ctx.close();
|
||||
}
|
||||
|
||||
@Test(expected=BadCredentialsException.class)
|
||||
public void poolingIsntUsedForSingleUser2() throws Exception {
|
||||
DirContext ctx = getContextSource().getReadWriteContext("uid=Bob,ou=people,dc=springframework,dc=org", "bobspassword");
|
||||
com.sun.jndi.ldap.LdapPoolManager.showStats(System.out);
|
||||
ctx.close();
|
||||
com.sun.jndi.ldap.LdapPoolManager.showStats(System.out);
|
||||
// Now get it gain, with wrong password
|
||||
ctx = getContextSource().getReadWriteContext("uid=Bob,ou=people,dc=springframework,dc=org", "wrongpassword");
|
||||
com.sun.jndi.ldap.LdapPoolManager.showStats(System.out);
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
+1
-3
@@ -71,13 +71,11 @@ public class FilterBasedLdapUserSearchTests extends AbstractLdapIntegrationTests
|
||||
@Test
|
||||
public void extraFilterPartToExcludeBob() throws Exception {
|
||||
FilterBasedLdapUserSearch locator = new FilterBasedLdapUserSearch("ou=people",
|
||||
"(&(cn=*)(!(|(uid={0})(uid=rod)(uid=jerry))))", dirCtxFactory);
|
||||
"(&(cn=*)(!(|(uid={0})(uid=rod)(uid=jerry)(uid=slashguy))))", dirCtxFactory);
|
||||
|
||||
// Search for bob, get back ben...
|
||||
DirContextOperations ben = locator.searchForUser("bob");
|
||||
assertEquals("Ben Alex", ben.getStringAttribute("cn"));
|
||||
|
||||
// assertEquals("uid=ben,ou=people,"+ROOT_DN, ben.getDn());
|
||||
}
|
||||
|
||||
@Test(expected=IncorrectResultSizeDataAccessException.class)
|
||||
|
||||
+1
-11
@@ -138,13 +138,7 @@ public class JaasAuthenticationProviderTests extends TestCase {
|
||||
}
|
||||
|
||||
public void testFull() throws Exception {
|
||||
GrantedAuthorityImpl role1 = new GrantedAuthorityImpl("ROLE_1");
|
||||
GrantedAuthorityImpl role2 = new GrantedAuthorityImpl("ROLE_2");
|
||||
|
||||
GrantedAuthority[] defaultAuths = new GrantedAuthority[] {role1, role2,};
|
||||
|
||||
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password",
|
||||
defaultAuths);
|
||||
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password");
|
||||
|
||||
assertTrue(jaasProvider.supports(UsernamePasswordAuthenticationToken.class));
|
||||
|
||||
@@ -161,10 +155,6 @@ public class JaasAuthenticationProviderTests extends TestCase {
|
||||
|
||||
assertTrue("GrantedAuthorities should contain ROLE_TEST2", list.contains(new GrantedAuthorityImpl("ROLE_TEST2")));
|
||||
|
||||
assertTrue("GrantedAuthorities should contain ROLE_1", list.contains(role1));
|
||||
|
||||
assertTrue("GrantedAuthorities should contain ROLE_2", list.contains(role2));
|
||||
|
||||
boolean foundit = false;
|
||||
|
||||
for (int i = 0; i < list.size(); i++) {
|
||||
|
||||
+14
-14
@@ -15,18 +15,17 @@
|
||||
|
||||
package org.springframework.security.providers.ldap.authenticator;
|
||||
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.fail;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.springframework.ldap.core.DirContextOperations;
|
||||
import org.springframework.security.Authentication;
|
||||
import org.springframework.security.BadCredentialsException;
|
||||
import org.springframework.security.SpringSecurityMessageSource;
|
||||
import org.springframework.security.ldap.AbstractLdapIntegrationTests;
|
||||
import org.springframework.security.ldap.search.FilterBasedLdapUserSearch;
|
||||
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.ldap.core.DirContextAdapter;
|
||||
import org.springframework.ldap.core.DirContextOperations;
|
||||
import org.springframework.ldap.core.DistinguishedName;
|
||||
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.fail;
|
||||
import org.junit.Test;
|
||||
|
||||
/**
|
||||
* Tests for {@link BindAuthenticator}.
|
||||
@@ -39,7 +38,6 @@ public class BindAuthenticatorTests extends AbstractLdapIntegrationTests {
|
||||
|
||||
private BindAuthenticator authenticator;
|
||||
private Authentication bob;
|
||||
// private Authentication ben;
|
||||
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
@@ -48,7 +46,6 @@ public class BindAuthenticatorTests extends AbstractLdapIntegrationTests {
|
||||
authenticator = new BindAuthenticator(getContextSource());
|
||||
authenticator.setMessageSource(new SpringSecurityMessageSource());
|
||||
bob = new UsernamePasswordAuthenticationToken("bob", "bobspassword");
|
||||
// ben = new UsernamePasswordAuthenticationToken("ben", "benspassword");
|
||||
|
||||
}
|
||||
|
||||
@@ -72,11 +69,14 @@ public class BindAuthenticatorTests extends AbstractLdapIntegrationTests {
|
||||
|
||||
@Test
|
||||
public void testAuthenticationWithUserSearch() throws Exception {
|
||||
DirContextAdapter ctx = new DirContextAdapter(new DistinguishedName("uid=bob,ou=people"));
|
||||
|
||||
authenticator.setUserSearch(new MockUserSearch(ctx));
|
||||
authenticator.afterPropertiesSet();
|
||||
authenticator.authenticate(bob);
|
||||
// DirContextAdapter ctx = new DirContextAdapter(new DistinguishedName("uid=bob,ou=people"));
|
||||
authenticator.setUserSearch(new FilterBasedLdapUserSearch("ou=people", "(uid={0})", getContextSource()));
|
||||
authenticator.afterPropertiesSet();
|
||||
authenticator.authenticate(bob);
|
||||
// SEC-1444
|
||||
authenticator.setUserSearch(new FilterBasedLdapUserSearch("ou=people", "(cn={0})", getContextSource()));
|
||||
authenticator.authenticate(new UsernamePasswordAuthenticationToken("mouse, jerry", "jerryspassword"));
|
||||
authenticator.authenticate(new UsernamePasswordAuthenticationToken("slash/guy", "slashguyspassword"));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
||||
+237
@@ -0,0 +1,237 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.util;
|
||||
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
import org.springframework.security.MockFilterConfig;
|
||||
import org.springframework.security.context.HttpSessionContextIntegrationFilter;
|
||||
import org.springframework.security.intercept.web.MockFilterInvocationDefinitionSource;
|
||||
import org.springframework.security.intercept.web.DefaultFilterInvocationDefinitionSource;
|
||||
import org.springframework.security.intercept.web.RequestKey;
|
||||
import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;
|
||||
|
||||
import org.springframework.beans.factory.BeanCreationException;
|
||||
import org.springframework.context.support.ClassPathXmlApplicationContext;
|
||||
import org.springframework.context.support.StaticApplicationContext;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
|
||||
import org.junit.After;
|
||||
import static org.junit.Assert.*;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
|
||||
import java.util.LinkedHashMap;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* Tests {@link FilterChainProxy}.
|
||||
*
|
||||
* @author Carlos Sanchez
|
||||
* @author Ben Alex
|
||||
* @version $Id$
|
||||
*/
|
||||
public class FilterChainProxyConfigTests {
|
||||
private ClassPathXmlApplicationContext appCtx;
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
@Before
|
||||
public void loadContext() {
|
||||
appCtx = new ClassPathXmlApplicationContext("org/springframework/security/util/filtertest-valid.xml");
|
||||
}
|
||||
|
||||
@After
|
||||
public void closeContext() {
|
||||
if (appCtx != null) {
|
||||
appCtx.close();
|
||||
}
|
||||
}
|
||||
|
||||
@Test(expected=IllegalArgumentException.class)
|
||||
public void testDetectsFilterInvocationDefinitionSourceThatDoesNotReturnAllConfigAttributes() throws Exception {
|
||||
FilterChainProxy filterChainProxy = new FilterChainProxy();
|
||||
filterChainProxy.setApplicationContext(new StaticApplicationContext());
|
||||
|
||||
filterChainProxy.setFilterInvocationDefinitionSource(new MockFilterInvocationDefinitionSource(false, false));
|
||||
filterChainProxy.afterPropertiesSet();
|
||||
}
|
||||
|
||||
@Test(expected=IllegalArgumentException.class)
|
||||
public void testDetectsIfConfigAttributeDoesNotReturnValueForGetAttributeMethod() throws Exception {
|
||||
FilterChainProxy filterChainProxy = new FilterChainProxy();
|
||||
filterChainProxy.setApplicationContext(new StaticApplicationContext());
|
||||
|
||||
ConfigAttributeDefinition cad = new ConfigAttributeDefinition(new MockConfigAttribute());
|
||||
|
||||
LinkedHashMap map = new LinkedHashMap();
|
||||
map.put(new RequestKey("/**"), cad);
|
||||
DefaultFilterInvocationDefinitionSource fids =
|
||||
new DefaultFilterInvocationDefinitionSource(new AntUrlPathMatcher(), map);
|
||||
|
||||
filterChainProxy.setFilterInvocationDefinitionSource(fids);
|
||||
|
||||
filterChainProxy.afterPropertiesSet();
|
||||
filterChainProxy.init(new MockFilterConfig());
|
||||
}
|
||||
|
||||
@Test(expected = IllegalArgumentException.class)
|
||||
public void testDetectsMissingFilterInvocationDefinitionSource() throws Exception {
|
||||
FilterChainProxy filterChainProxy = new FilterChainProxy();
|
||||
filterChainProxy.setApplicationContext(new StaticApplicationContext());
|
||||
|
||||
filterChainProxy.afterPropertiesSet();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testDoNotFilter() throws Exception {
|
||||
FilterChainProxy filterChainProxy = (FilterChainProxy) appCtx.getBean("filterChain", FilterChainProxy.class);
|
||||
MockFilter filter = (MockFilter) appCtx.getBean("mockFilter", MockFilter.class);
|
||||
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
request.setServletPath("/do/not/filter/somefile.html");
|
||||
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
MockFilterChain chain = new MockFilterChain(true);
|
||||
|
||||
filterChainProxy.doFilter(request, response, chain);
|
||||
assertFalse(filter.isWasInitialized());
|
||||
assertFalse(filter.isWasDoFiltered());
|
||||
assertFalse(filter.isWasDestroyed());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void misplacedUniversalPathShouldBeDetected() throws Exception {
|
||||
try {
|
||||
appCtx.getBean("newFilterChainProxyWrongPathOrder", FilterChainProxy.class);
|
||||
fail("Expected BeanCreationException");
|
||||
} catch (BeanCreationException expected) {
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void normalOperation() throws Exception {
|
||||
FilterChainProxy filterChainProxy = (FilterChainProxy) appCtx.getBean("filterChain", FilterChainProxy.class);
|
||||
doNormalOperation(filterChainProxy);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void proxyPathWithoutLowerCaseConversionShouldntMatchDifferentCasePath() throws Exception {
|
||||
FilterChainProxy filterChainProxy = (FilterChainProxy) appCtx.getBean("filterChainNonLowerCase", FilterChainProxy.class);
|
||||
assertNull(filterChainProxy.getFilters("/some/other/path/blah"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void normalOperationWithNewConfig() throws Exception {
|
||||
FilterChainProxy filterChainProxy = (FilterChainProxy) appCtx.getBean("newFilterChainProxy", FilterChainProxy.class);
|
||||
checkPathAndFilterOrder(filterChainProxy);
|
||||
doNormalOperation(filterChainProxy);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void normalOperationWithNewConfigRegex() throws Exception {
|
||||
FilterChainProxy filterChainProxy = (FilterChainProxy) appCtx.getBean("newFilterChainProxyRegex", FilterChainProxy.class);
|
||||
checkPathAndFilterOrder(filterChainProxy);
|
||||
doNormalOperation(filterChainProxy);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void normalOperationWithNewConfigNonNamespace() throws Exception {
|
||||
FilterChainProxy filterChainProxy = (FilterChainProxy) appCtx.getBean("newFilterChainProxyNonNamespace", FilterChainProxy.class);
|
||||
checkPathAndFilterOrder(filterChainProxy);
|
||||
doNormalOperation(filterChainProxy);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void pathWithNoMatchHasNoFilters() throws Exception {
|
||||
FilterChainProxy filterChainProxy = (FilterChainProxy) appCtx.getBean("newFilterChainProxyNoDefaultPath", FilterChainProxy.class);
|
||||
assertEquals(null, filterChainProxy.getFilters("/nomatch"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void urlStrippingPropertyIsRespected() throws Exception {
|
||||
FilterChainProxy filterChainProxy = (FilterChainProxy) appCtx.getBean("newFilterChainProxyNoDefaultPath", FilterChainProxy.class);
|
||||
|
||||
// Should only match if we are stripping the query string
|
||||
String url = "/blah.bar?x=something";
|
||||
assertNotNull(filterChainProxy.getFilters(url));
|
||||
assertEquals(2, filterChainProxy.getFilters(url).size());
|
||||
filterChainProxy.setStripQueryStringFromUrls(false);
|
||||
assertNull(filterChainProxy.getFilters(url));
|
||||
}
|
||||
|
||||
private void checkPathAndFilterOrder(FilterChainProxy filterChainProxy) throws Exception {
|
||||
List filters = filterChainProxy.getFilters("/foo/blah");
|
||||
assertEquals(1, filters.size());
|
||||
assertTrue(filters.get(0) instanceof MockFilter);
|
||||
|
||||
filters = filterChainProxy.getFilters("/some/other/path/blah");
|
||||
assertNotNull(filters);
|
||||
assertEquals(3, filters.size());
|
||||
assertTrue(filters.get(0) instanceof HttpSessionContextIntegrationFilter);
|
||||
assertTrue(filters.get(1) instanceof MockFilter);
|
||||
assertTrue(filters.get(2) instanceof MockFilter);
|
||||
|
||||
filters = filterChainProxy.getFilters("/do/not/filter");
|
||||
assertEquals(0, filters.size());
|
||||
|
||||
filters = filterChainProxy.getFilters("/another/nonspecificmatch");
|
||||
assertEquals(3, filters.size());
|
||||
assertTrue(filters.get(0) instanceof HttpSessionContextIntegrationFilter);
|
||||
assertTrue(filters.get(1) instanceof AuthenticationProcessingFilter);
|
||||
assertTrue(filters.get(2) instanceof MockFilter);
|
||||
}
|
||||
|
||||
private void doNormalOperation(FilterChainProxy filterChainProxy) throws Exception {
|
||||
MockFilter filter = (MockFilter) appCtx.getBean("mockFilter", MockFilter.class);
|
||||
assertFalse(filter.isWasInitialized());
|
||||
assertFalse(filter.isWasDoFiltered());
|
||||
assertFalse(filter.isWasDestroyed());
|
||||
|
||||
filterChainProxy.init(new MockFilterConfig());
|
||||
assertTrue(filter.isWasInitialized());
|
||||
assertFalse(filter.isWasDoFiltered());
|
||||
assertFalse(filter.isWasDestroyed());
|
||||
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
request.setServletPath("/foo/secure/super/somefile.html");
|
||||
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
MockFilterChain chain = new MockFilterChain(true);
|
||||
|
||||
filterChainProxy.doFilter(request, response, chain);
|
||||
assertTrue(filter.isWasInitialized());
|
||||
assertTrue(filter.isWasDoFiltered());
|
||||
assertFalse(filter.isWasDestroyed());
|
||||
|
||||
request.setServletPath("/a/path/which/doesnt/match/any/filter.html");
|
||||
filterChainProxy.doFilter(request, response, chain);
|
||||
|
||||
filterChainProxy.destroy();
|
||||
assertTrue(filter.isWasInitialized());
|
||||
assertTrue(filter.isWasDoFiltered());
|
||||
assertTrue(filter.isWasDestroyed());
|
||||
}
|
||||
|
||||
//~ Inner Classes ==================================================================================================
|
||||
|
||||
private class MockConfigAttribute implements ConfigAttribute {
|
||||
public String getAttribute() {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1,237 +1,130 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.util;
|
||||
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
import org.springframework.security.MockFilterConfig;
|
||||
import org.springframework.security.context.HttpSessionContextIntegrationFilter;
|
||||
import org.springframework.security.intercept.web.MockFilterInvocationDefinitionSource;
|
||||
import org.springframework.security.intercept.web.DefaultFilterInvocationDefinitionSource;
|
||||
import org.springframework.security.intercept.web.RequestKey;
|
||||
import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.mockito.Mockito.*;
|
||||
|
||||
import org.springframework.beans.factory.BeanCreationException;
|
||||
import org.springframework.context.support.ClassPathXmlApplicationContext;
|
||||
import org.springframework.context.support.StaticApplicationContext;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
|
||||
import org.junit.After;
|
||||
import static org.junit.Assert.*;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.mockito.invocation.InvocationOnMock;
|
||||
import org.mockito.stubbing.Answer;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.security.firewall.FirewalledRequest;
|
||||
import org.springframework.security.firewall.HttpFirewall;
|
||||
|
||||
import java.util.LinkedHashMap;
|
||||
import java.util.List;
|
||||
import javax.servlet.Filter;
|
||||
import javax.servlet.FilterChain;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import java.util.*;
|
||||
|
||||
/**
|
||||
* Tests {@link FilterChainProxy}.
|
||||
*
|
||||
* @author Carlos Sanchez
|
||||
* @author Ben Alex
|
||||
* @version $Id$
|
||||
* @author Luke Taylor
|
||||
* @author Rob Winch
|
||||
*/
|
||||
@SuppressWarnings({"unchecked"})
|
||||
public class FilterChainProxyTests {
|
||||
private ClassPathXmlApplicationContext appCtx;
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
private FilterChainProxy fcp;
|
||||
private MockHttpServletRequest request;
|
||||
private MockHttpServletResponse response;
|
||||
private FilterChain chain;
|
||||
private Filter filter;
|
||||
|
||||
@Before
|
||||
public void loadContext() {
|
||||
appCtx = new ClassPathXmlApplicationContext("org/springframework/security/util/filtertest-valid.xml");
|
||||
}
|
||||
|
||||
@After
|
||||
public void closeContext() {
|
||||
if (appCtx != null) {
|
||||
appCtx.close();
|
||||
}
|
||||
}
|
||||
|
||||
@Test(expected=IllegalArgumentException.class)
|
||||
public void testDetectsFilterInvocationDefinitionSourceThatDoesNotReturnAllConfigAttributes() throws Exception {
|
||||
FilterChainProxy filterChainProxy = new FilterChainProxy();
|
||||
filterChainProxy.setApplicationContext(new StaticApplicationContext());
|
||||
|
||||
filterChainProxy.setFilterInvocationDefinitionSource(new MockFilterInvocationDefinitionSource(false, false));
|
||||
filterChainProxy.afterPropertiesSet();
|
||||
}
|
||||
|
||||
@Test(expected=IllegalArgumentException.class)
|
||||
public void testDetectsIfConfigAttributeDoesNotReturnValueForGetAttributeMethod() throws Exception {
|
||||
FilterChainProxy filterChainProxy = new FilterChainProxy();
|
||||
filterChainProxy.setApplicationContext(new StaticApplicationContext());
|
||||
|
||||
ConfigAttributeDefinition cad = new ConfigAttributeDefinition(new MockConfigAttribute());
|
||||
|
||||
public void setup() throws Exception {
|
||||
fcp = new FilterChainProxy();
|
||||
filter = mock(Filter.class);
|
||||
doAnswer(new Answer() {
|
||||
public Object answer(InvocationOnMock inv) throws Throwable {
|
||||
Object[] args = inv.getArguments();
|
||||
FilterChain fc = (FilterChain) args[2];
|
||||
fc.doFilter((HttpServletRequest) args[0], (HttpServletResponse) args[1]);
|
||||
return null;
|
||||
}
|
||||
}).when(filter).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class), any(FilterChain.class));
|
||||
LinkedHashMap map = new LinkedHashMap();
|
||||
map.put(new RequestKey("/**"), cad);
|
||||
DefaultFilterInvocationDefinitionSource fids =
|
||||
new DefaultFilterInvocationDefinitionSource(new AntUrlPathMatcher(), map);
|
||||
|
||||
filterChainProxy.setFilterInvocationDefinitionSource(fids);
|
||||
|
||||
filterChainProxy.afterPropertiesSet();
|
||||
filterChainProxy.init(new MockFilterConfig());
|
||||
}
|
||||
|
||||
@Test(expected = IllegalArgumentException.class)
|
||||
public void testDetectsMissingFilterInvocationDefinitionSource() throws Exception {
|
||||
FilterChainProxy filterChainProxy = new FilterChainProxy();
|
||||
filterChainProxy.setApplicationContext(new StaticApplicationContext());
|
||||
|
||||
filterChainProxy.afterPropertiesSet();
|
||||
map.put("/match", Arrays.asList(filter));
|
||||
fcp.setFilterChainMap(map);
|
||||
request = new MockHttpServletRequest();
|
||||
request.setServletPath("/match");
|
||||
response = new MockHttpServletResponse();
|
||||
chain = mock(FilterChain.class);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testDoNotFilter() throws Exception {
|
||||
FilterChainProxy filterChainProxy = (FilterChainProxy) appCtx.getBean("filterChain", FilterChainProxy.class);
|
||||
MockFilter filter = (MockFilter) appCtx.getBean("mockFilter", MockFilter.class);
|
||||
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
request.setServletPath("/do/not/filter/somefile.html");
|
||||
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
MockFilterChain chain = new MockFilterChain(true);
|
||||
|
||||
filterChainProxy.doFilter(request, response, chain);
|
||||
assertFalse(filter.isWasInitialized());
|
||||
assertFalse(filter.isWasDoFiltered());
|
||||
assertFalse(filter.isWasDestroyed());
|
||||
public void toStringCallSucceeds() throws Exception {
|
||||
fcp.afterPropertiesSet();
|
||||
fcp.toString();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void misplacedUniversalPathShouldBeDetected() throws Exception {
|
||||
try {
|
||||
appCtx.getBean("newFilterChainProxyWrongPathOrder", FilterChainProxy.class);
|
||||
fail("Expected BeanCreationException");
|
||||
} catch (BeanCreationException expected) {
|
||||
}
|
||||
public void securityFilterChainIsNotInvokedIfMatchFails() throws Exception {
|
||||
request.setServletPath("/nomatch");
|
||||
fcp.doFilter(request, response, chain);
|
||||
assertEquals(1, fcp.getFilterChainMap().size());
|
||||
|
||||
verifyZeroInteractions(filter);
|
||||
// The actual filter chain should be invoked though
|
||||
verify(chain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void normalOperation() throws Exception {
|
||||
FilterChainProxy filterChainProxy = (FilterChainProxy) appCtx.getBean("filterChain", FilterChainProxy.class);
|
||||
doNormalOperation(filterChainProxy);
|
||||
public void originalChainIsInvokedAfterSecurityChainIfMatchSucceeds() throws Exception {
|
||||
fcp.doFilter(request, response, chain);
|
||||
|
||||
verify(filter).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class), any(FilterChain.class));
|
||||
verify(chain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void proxyPathWithoutLowerCaseConversionShouldntMatchDifferentCasePath() throws Exception {
|
||||
FilterChainProxy filterChainProxy = (FilterChainProxy) appCtx.getBean("filterChainNonLowerCase", FilterChainProxy.class);
|
||||
assertNull(filterChainProxy.getFilters("/some/other/path/blah"));
|
||||
public void originalFilterChainIsInvokedIfMatchingSecurityChainIsEmpty() throws Exception {
|
||||
LinkedHashMap map = new LinkedHashMap();
|
||||
map.put("/match", Collections.emptyList());
|
||||
fcp.setFilterChainMap(map);
|
||||
|
||||
fcp.doFilter(request, response, chain);
|
||||
|
||||
verify(chain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void normalOperationWithNewConfig() throws Exception {
|
||||
FilterChainProxy filterChainProxy = (FilterChainProxy) appCtx.getBean("newFilterChainProxy", FilterChainProxy.class);
|
||||
checkPathAndFilterOrder(filterChainProxy);
|
||||
doNormalOperation(filterChainProxy);
|
||||
public void requestIsWrappedForFilteringWhenMatchIsFound() throws Exception {
|
||||
fcp.doFilter(request, response, chain);
|
||||
verify(filter).doFilter(any(FirewalledRequest.class), any(HttpServletResponse.class), any(FilterChain.class));
|
||||
verify(chain).doFilter(any(FirewalledRequest.class), any(HttpServletResponse.class));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void normalOperationWithNewConfigRegex() throws Exception {
|
||||
FilterChainProxy filterChainProxy = (FilterChainProxy) appCtx.getBean("newFilterChainProxyRegex", FilterChainProxy.class);
|
||||
checkPathAndFilterOrder(filterChainProxy);
|
||||
doNormalOperation(filterChainProxy);
|
||||
public void requestIsWrappedForFilteringWhenMatchIsNotFound() throws Exception {
|
||||
request.setServletPath("/nomatch");
|
||||
fcp.doFilter(request, response, chain);
|
||||
verifyZeroInteractions(filter);
|
||||
verify(chain).doFilter(any(FirewalledRequest.class), any(HttpServletResponse.class));
|
||||
}
|
||||
|
||||
// SEC-1639
|
||||
@Test
|
||||
public void normalOperationWithNewConfigNonNamespace() throws Exception {
|
||||
FilterChainProxy filterChainProxy = (FilterChainProxy) appCtx.getBean("newFilterChainProxyNonNamespace", FilterChainProxy.class);
|
||||
checkPathAndFilterOrder(filterChainProxy);
|
||||
doNormalOperation(filterChainProxy);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void pathWithNoMatchHasNoFilters() throws Exception {
|
||||
FilterChainProxy filterChainProxy = (FilterChainProxy) appCtx.getBean("newFilterChainProxyNoDefaultPath", FilterChainProxy.class);
|
||||
assertEquals(null, filterChainProxy.getFilters("/nomatch"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void urlStrippingPropertyIsRespected() throws Exception {
|
||||
FilterChainProxy filterChainProxy = (FilterChainProxy) appCtx.getBean("newFilterChainProxyNoDefaultPath", FilterChainProxy.class);
|
||||
|
||||
// Should only match if we are stripping the query string
|
||||
String url = "/blah.bar?x=something";
|
||||
assertNotNull(filterChainProxy.getFilters(url));
|
||||
assertEquals(2, filterChainProxy.getFilters(url).size());
|
||||
filterChainProxy.setStripQueryStringFromUrls(false);
|
||||
assertNull(filterChainProxy.getFilters(url));
|
||||
}
|
||||
|
||||
private void checkPathAndFilterOrder(FilterChainProxy filterChainProxy) throws Exception {
|
||||
List filters = filterChainProxy.getFilters("/foo/blah");
|
||||
assertEquals(1, filters.size());
|
||||
assertTrue(filters.get(0) instanceof MockFilter);
|
||||
|
||||
filters = filterChainProxy.getFilters("/some/other/path/blah");
|
||||
assertNotNull(filters);
|
||||
assertEquals(3, filters.size());
|
||||
assertTrue(filters.get(0) instanceof HttpSessionContextIntegrationFilter);
|
||||
assertTrue(filters.get(1) instanceof MockFilter);
|
||||
assertTrue(filters.get(2) instanceof MockFilter);
|
||||
|
||||
filters = filterChainProxy.getFilters("/do/not/filter");
|
||||
assertEquals(0, filters.size());
|
||||
|
||||
filters = filterChainProxy.getFilters("/another/nonspecificmatch");
|
||||
assertEquals(3, filters.size());
|
||||
assertTrue(filters.get(0) instanceof HttpSessionContextIntegrationFilter);
|
||||
assertTrue(filters.get(1) instanceof AuthenticationProcessingFilter);
|
||||
assertTrue(filters.get(2) instanceof MockFilter);
|
||||
}
|
||||
|
||||
private void doNormalOperation(FilterChainProxy filterChainProxy) throws Exception {
|
||||
MockFilter filter = (MockFilter) appCtx.getBean("mockFilter", MockFilter.class);
|
||||
assertFalse(filter.isWasInitialized());
|
||||
assertFalse(filter.isWasDoFiltered());
|
||||
assertFalse(filter.isWasDestroyed());
|
||||
|
||||
filterChainProxy.init(new MockFilterConfig());
|
||||
assertTrue(filter.isWasInitialized());
|
||||
assertFalse(filter.isWasDoFiltered());
|
||||
assertFalse(filter.isWasDestroyed());
|
||||
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
request.setServletPath("/foo/secure/super/somefile.html");
|
||||
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
MockFilterChain chain = new MockFilterChain(true);
|
||||
|
||||
filterChainProxy.doFilter(request, response, chain);
|
||||
assertTrue(filter.isWasInitialized());
|
||||
assertTrue(filter.isWasDoFiltered());
|
||||
assertFalse(filter.isWasDestroyed());
|
||||
|
||||
request.setServletPath("/a/path/which/doesnt/match/any/filter.html");
|
||||
filterChainProxy.doFilter(request, response, chain);
|
||||
|
||||
filterChainProxy.destroy();
|
||||
assertTrue(filter.isWasInitialized());
|
||||
assertTrue(filter.isWasDoFiltered());
|
||||
assertTrue(filter.isWasDestroyed());
|
||||
}
|
||||
|
||||
//~ Inner Classes ==================================================================================================
|
||||
|
||||
private class MockConfigAttribute implements ConfigAttribute {
|
||||
public String getAttribute() {
|
||||
return null;
|
||||
}
|
||||
public void bothWrappersAreResetWithNestedFcps() throws Exception {
|
||||
HttpFirewall fw = mock(HttpFirewall.class);
|
||||
FilterChainProxy firstFcp = new FilterChainProxy();
|
||||
LinkedHashMap fcm = new LinkedHashMap();
|
||||
fcm.put("/match", Arrays.asList(fcp));
|
||||
firstFcp.setFilterChainMap(fcm);
|
||||
firstFcp.setFirewall(fw);
|
||||
fcp.setFirewall(fw);
|
||||
FirewalledRequest firstFwr = mock(FirewalledRequest.class, "firstFwr");
|
||||
when(firstFwr.getRequestURI()).thenReturn("/match");
|
||||
when(firstFwr.getContextPath()).thenReturn("");
|
||||
FirewalledRequest fwr = mock(FirewalledRequest.class, "fwr");
|
||||
when(fwr.getRequestURI()).thenReturn("/match");
|
||||
when(fwr.getContextPath()).thenReturn("");
|
||||
when(fw.getFirewalledResponse(any(HttpServletResponse.class))).thenReturn(response);
|
||||
when(fw.getFirewalledRequest(request)).thenReturn(firstFwr);
|
||||
when(fw.getFirewalledRequest(firstFwr)).thenReturn(fwr);
|
||||
when(fwr.getRequest()).thenReturn(firstFwr);
|
||||
when(firstFwr.getRequest()).thenReturn(request);
|
||||
firstFcp.doFilter(request, response, chain);
|
||||
verify(firstFwr).reset();
|
||||
verify(fwr).reset();
|
||||
}
|
||||
}
|
||||
|
||||
@@ -35,15 +35,6 @@ import java.util.Vector;
|
||||
* @version $Id$
|
||||
*/
|
||||
public class AffirmativeBasedTests extends TestCase {
|
||||
//~ Constructors ===================================================================================================
|
||||
|
||||
public AffirmativeBasedTests() {
|
||||
super();
|
||||
}
|
||||
|
||||
public AffirmativeBasedTests(String arg0) {
|
||||
super(arg0);
|
||||
}
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
@@ -53,25 +44,24 @@ public class AffirmativeBasedTests extends TestCase {
|
||||
|
||||
private AffirmativeBased makeDecisionManager() {
|
||||
AffirmativeBased decisionManager = new AffirmativeBased();
|
||||
RoleVoter roleVoter = new RoleVoter();
|
||||
DenyVoter denyForSureVoter = new DenyVoter();
|
||||
DenyAgainVoter denyAgainForSureVoter = new DenyAgainVoter();
|
||||
List voters = new Vector();
|
||||
voters.add(roleVoter);
|
||||
voters.add(denyForSureVoter);
|
||||
voters.add(denyAgainForSureVoter);
|
||||
voters.add(new RoleVoter());
|
||||
voters.add(new DenyVoter());
|
||||
voters.add(new DenyAgainVoter());
|
||||
decisionManager.setDecisionVoters(voters);
|
||||
|
||||
return decisionManager;
|
||||
}
|
||||
|
||||
private TestingAuthenticationToken makeTestToken() {
|
||||
return new TestingAuthenticationToken("somebody", "password",
|
||||
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_1"), new GrantedAuthorityImpl("ROLE_2")});
|
||||
return new TestingAuthenticationToken("somebody", "password", "ROLE_1","ROLE_2");
|
||||
}
|
||||
|
||||
public final void setUp() throws Exception {
|
||||
super.setUp();
|
||||
public void testOneAffirmativeGrantsAccess(){
|
||||
AffirmativeBased mgr = makeDecisionManager();
|
||||
|
||||
ConfigAttributeDefinition config = new ConfigAttributeDefinition(new String[]{"ROLE_1", "ROLE_2"});
|
||||
mgr.decide(new TestingAuthenticationToken("somebody", "password", "ROLE_1"), new Object(), config);
|
||||
}
|
||||
|
||||
public void testOneAffirmativeVoteOneDenyVoteOneAbstainVoteGrantsAccess()
|
||||
@@ -82,7 +72,6 @@ public class AffirmativeBasedTests extends TestCase {
|
||||
ConfigAttributeDefinition config = new ConfigAttributeDefinition(new String[]{"ROLE_1", "DENY_FOR_SURE"});
|
||||
|
||||
mgr.decide(auth, new Object(), config);
|
||||
assertTrue(true);
|
||||
}
|
||||
|
||||
public void testOneAffirmativeVoteTwoAbstainVotesGrantsAccess()
|
||||
@@ -93,7 +82,6 @@ public class AffirmativeBasedTests extends TestCase {
|
||||
ConfigAttributeDefinition config = new ConfigAttributeDefinition("ROLE_2");
|
||||
|
||||
mgr.decide(auth, new Object(), config);
|
||||
assertTrue(true);
|
||||
}
|
||||
|
||||
public void testOneDenyVoteTwoAbstainVotesDeniesAccess()
|
||||
@@ -107,7 +95,6 @@ public class AffirmativeBasedTests extends TestCase {
|
||||
mgr.decide(auth, new Object(), config);
|
||||
fail("Should have thrown AccessDeniedException");
|
||||
} catch (AccessDeniedException expected) {
|
||||
assertTrue(true);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -124,7 +111,6 @@ public class AffirmativeBasedTests extends TestCase {
|
||||
mgr.decide(auth, new Object(), config);
|
||||
fail("Should have thrown AccessDeniedException");
|
||||
} catch (AccessDeniedException expected) {
|
||||
assertTrue(true);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -138,10 +124,9 @@ public class AffirmativeBasedTests extends TestCase {
|
||||
ConfigAttributeDefinition config = new ConfigAttributeDefinition("IGNORED_BY_ALL");
|
||||
|
||||
mgr.decide(auth, new Object(), config);
|
||||
assertTrue(true);
|
||||
}
|
||||
|
||||
public void testTwoAffirmativeVotesTwoAbstainVotesGrantsAccess()
|
||||
public void testOneAffirmativeVotesTwoAbstainVotesGrantsAccess()
|
||||
throws Exception {
|
||||
TestingAuthenticationToken auth = makeTestToken();
|
||||
AffirmativeBased mgr = makeDecisionManager();
|
||||
@@ -149,6 +134,5 @@ public class AffirmativeBasedTests extends TestCase {
|
||||
ConfigAttributeDefinition config = new ConfigAttributeDefinition(new String[]{"ROLE_1", "ROLE_2"});
|
||||
|
||||
mgr.decide(auth, new Object(), config);
|
||||
assertTrue(true);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -58,6 +58,16 @@ sn: Mouse
|
||||
uid: jerry
|
||||
userPassword: jerryspassword
|
||||
|
||||
dn: cn=slash/guy,ou=people,dc=springframework,dc=org
|
||||
objectclass: top
|
||||
objectclass: person
|
||||
objectclass: organizationalPerson
|
||||
objectclass: inetOrgPerson
|
||||
cn: slash/guy
|
||||
sn: Slash
|
||||
uid: slashguy
|
||||
userPassword: slashguyspassword
|
||||
|
||||
dn: cn=developers,ou=groups,dc=springframework,dc=org
|
||||
objectclass: top
|
||||
objectclass: groupOfNames
|
||||
|
||||
@@ -0,0 +1,41 @@
|
||||
Bundle-SymbolicName: org.springframework.security.core
|
||||
Bundle-Name: Spring Security Core
|
||||
Bundle-Vendor: SpringSource
|
||||
Bundle-Version: ${version}
|
||||
Bundle-ManifestVersion: 2
|
||||
Ignored-Existing-Headers:
|
||||
Import-Package,
|
||||
Export-Package
|
||||
Import-Template:
|
||||
org.aopalliance.*;version="[1.0.0, 2.0.0)",
|
||||
org.aspectj.*;version="[1.5.2, 1.7.0)";resolution:=optional,
|
||||
org.apache.commons.codec.*;version="[1.3, 2.0)";resolution:=optional,
|
||||
org.apache.commons.logging.*;version="[1.0.4, 2.0.0)",
|
||||
org.apache.commons.collections.*;version="[3.2.0, 4.0.0)",
|
||||
org.jaxen.*;version="[1.1.1, 1.2.0)";resolution:=optional,
|
||||
org.springframework.aop.*;version="[2.0.8, 3.1.0)";resolution:=optional,
|
||||
org.springframework.beans.*;version="[2.0.8, 3.1.0)",
|
||||
org.springframework.context.*;version="[2.0.8, 3.1.0)",
|
||||
org.springframework.core.*;version="[2.0.8, 3.1.0)",
|
||||
org.springframework.metadata.*;version="[2.0.8, 3.1.0)";resolution:=optional,
|
||||
org.springframework.expression.*;version="[2.0.8, 3.1.0)";resolution:=optional,
|
||||
org.springframework.remoting.*;version="[2.0.8, 3.1.0)";resolution:=optional,
|
||||
org.springframework.dao.*;version="[2.0.8, 3.1.0)";resolution:=optional,
|
||||
org.springframework.jdbc.*;version="[2.0.8, 3.1.0)";resolution:=optional,
|
||||
org.springframework.transaction.*;version="[2.0.8, 3.1.0)";resolution:=optional,
|
||||
org.springframework.web.context.*;version="[2.0.8, 3.1.0)";resolution:=optional,
|
||||
org.springframework.util;version="[2.0.8, 3.1.0)",
|
||||
org.springframework.mock.web;version="[2.0.8, 3.1.0)";resolution:=optional,
|
||||
org.springframework.util.xml;version="[2.0.8, 3.1.0)";resolution:=optional,
|
||||
org.springframework.ldap.*;version="[1.2.1.A, 1.3.0)";resolution:=optional,
|
||||
org.apache.directory.server.*;version="[1.0.2, 1.5)";resolution:=optional,
|
||||
net.sf.ehcache.*;version="[1.4.1, 2.0.0)";resolution:=optional,
|
||||
javax.crypto.*;version="0";resolution:=optional,
|
||||
javax.security.auth.*;version="0";resolution:=optional,
|
||||
javax.servlet.*;version="[2.4.0, 3.0.0)";resolution:=optional,
|
||||
javax.naming.*;version="0";resolution:=optional,
|
||||
javax.rmi.*;version="0";resolution:=optional,
|
||||
javax.sql.*;version="0";resolution:=optional,
|
||||
javax.xml.parsers;version="0";resolution:=optional,
|
||||
org.w3c.dom.*;version="0";resolution:=optional,
|
||||
org.xml.sax.*;version="0";resolution:=optional
|
||||
@@ -5,13 +5,18 @@
|
||||
<parent>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-itest</artifactId>
|
||||
<version>2.0.4-SNAPSHOT</version>
|
||||
<version>2.0.7.RELEASE</version>
|
||||
</parent>
|
||||
<artifactId>spring-security-itest-context</artifactId>
|
||||
<name>Spring Security - Miscellaneous Application Context Integration Tests</name>
|
||||
<packaging>jar</packaging>
|
||||
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>javax.servlet</groupId>
|
||||
<artifactId>servlet-api</artifactId>
|
||||
<version>2.5</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>junit</groupId>
|
||||
<artifactId>junit</artifactId>
|
||||
|
||||
+67
@@ -0,0 +1,67 @@
|
||||
package org.springframework.security.integration;
|
||||
|
||||
import static org.junit.Assert.assertEquals;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.mock.web.MockFilterChain;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.mock.web.MockHttpSession;
|
||||
import org.springframework.security.context.HttpSessionContextIntegrationFilter;
|
||||
import org.springframework.security.context.SecurityContextHolder;
|
||||
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.util.AuthorityUtils;
|
||||
import org.springframework.security.util.FilterChainProxy;
|
||||
import org.springframework.test.context.ContextConfiguration;
|
||||
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
|
||||
|
||||
import javax.servlet.http.HttpSession;
|
||||
|
||||
@ContextConfiguration(locations={"/http-path-param-stripping-app-context.xml"})
|
||||
@RunWith(SpringJUnit4ClassRunner.class)
|
||||
public class HttpPathParameterStrippingTests {
|
||||
|
||||
@Autowired
|
||||
private FilterChainProxy fcp;
|
||||
|
||||
@Test
|
||||
public void securedFilterChainCannotBeBypassedByAddingPathParameters() throws Exception {
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
request.setPathInfo("/secured;x=y/admin.html");
|
||||
request.setSession(createAuthenticatedSession("ROLE_USER"));
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
fcp.doFilter(request, response, new MockFilterChain());
|
||||
assertEquals(403, response.getStatus());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void adminFilePatternCannotBeBypassedByAddingPathParameters() throws Exception {
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
request.setServletPath("/secured/admin.html;x=user.html");
|
||||
request.setSession(createAuthenticatedSession("ROLE_USER"));
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
fcp.doFilter(request, response, new MockFilterChain());
|
||||
assertEquals(403, response.getStatus());
|
||||
|
||||
// Try with pathInfo
|
||||
request = new MockHttpServletRequest();
|
||||
request.setServletPath("/secured");
|
||||
request.setPathInfo("/admin.html;x=user.html");
|
||||
request.setSession(createAuthenticatedSession("ROLE_USER"));
|
||||
response = new MockHttpServletResponse();
|
||||
fcp.doFilter(request, response, new MockFilterChain());
|
||||
assertEquals(403, response.getStatus());
|
||||
}
|
||||
|
||||
public HttpSession createAuthenticatedSession(String... roles) {
|
||||
MockHttpSession session = new MockHttpSession();
|
||||
SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken("bob", "bobspassword",
|
||||
AuthorityUtils.stringArrayToAuthorityArray(roles)));
|
||||
session.setAttribute(HttpSessionContextIntegrationFilter.SPRING_SECURITY_CONTEXT_KEY, SecurityContextHolder.getContext());
|
||||
SecurityContextHolder.clearContext();
|
||||
return session;
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,28 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<!--
|
||||
-
|
||||
-->
|
||||
|
||||
<b:beans xmlns="http://www.springframework.org/schema/security"
|
||||
xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
|
||||
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">
|
||||
|
||||
<http>
|
||||
<intercept-url pattern="/secured/*user.html" access="ROLE_USER" />
|
||||
<intercept-url pattern="/secured/admin.html" access="ROLE_ADMIN" />
|
||||
<intercept-url pattern="/secured/user/**" access="ROLE_USER" />
|
||||
<intercept-url pattern="/secured/admin/*" access="ROLE_ADMIN" />
|
||||
<intercept-url pattern="/**" filters="none" />
|
||||
<form-login />
|
||||
</http>
|
||||
|
||||
<authentication-provider>
|
||||
<user-service id="userService">
|
||||
<user name="notused" password="notused" authorities="ROLE_0,ROLE_1"/>
|
||||
</user-service>
|
||||
</authentication-provider>
|
||||
|
||||
</b:beans>
|
||||
+24
-24
@@ -1,20 +1,20 @@
|
||||
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-itest</artifactId>
|
||||
<name>Spring Security - Integration Tests</name>
|
||||
<packaging>pom</packaging>
|
||||
<version>2.0.4-SNAPSHOT</version>
|
||||
<version>2.0.7.RELEASE</version>
|
||||
<modules>
|
||||
<module>web</module>
|
||||
<!-- module>webflow</module-->
|
||||
<module>context</module>
|
||||
</modules>
|
||||
<dependencies>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.springframework</groupId>
|
||||
<artifactId>spring</artifactId>
|
||||
<version>2.5.5</version>
|
||||
<version>2.5.6.SEC02</version>
|
||||
<exclusions>
|
||||
<exclusion>
|
||||
<groupId>commons-logging</groupId>
|
||||
@@ -25,14 +25,14 @@
|
||||
<dependency>
|
||||
<groupId>org.springframework</groupId>
|
||||
<artifactId>spring-test</artifactId>
|
||||
<version>2.5.5</version>
|
||||
<version>2.5.6.SEC02</version>
|
||||
<exclusions>
|
||||
<exclusion>
|
||||
<groupId>commons-logging</groupId>
|
||||
<artifactId>commons-logging</artifactId>
|
||||
</exclusion>
|
||||
</exclusions>
|
||||
</dependency>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-core</artifactId>
|
||||
@@ -58,7 +58,7 @@
|
||||
<groupId>commons-logging</groupId>
|
||||
<artifactId>commons-logging</artifactId>
|
||||
</exclusion>
|
||||
</exclusions>
|
||||
</exclusions>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
@@ -69,18 +69,18 @@
|
||||
<groupId>commons-logging</groupId>
|
||||
<artifactId>commons-logging</artifactId>
|
||||
</exclusion>
|
||||
</exclusions>
|
||||
</exclusions>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.aspectj</groupId>
|
||||
<artifactId>aspectjrt</artifactId>
|
||||
<version>1.6.1</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.aspectj</groupId>
|
||||
<artifactId>aspectjweaver</artifactId>
|
||||
<version>1.6.1</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.aspectj</groupId>
|
||||
<artifactId>aspectjrt</artifactId>
|
||||
<version>1.6.1</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.aspectj</groupId>
|
||||
<artifactId>aspectjweaver</artifactId>
|
||||
<version>1.6.1</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.slf4j</groupId>
|
||||
<artifactId>slf4j-api</artifactId>
|
||||
@@ -97,7 +97,7 @@
|
||||
<groupId>commons-logging</groupId>
|
||||
<artifactId>commons-logging</artifactId>
|
||||
</exclusion>
|
||||
</exclusions>
|
||||
</exclusions>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.apache.directory.server</groupId>
|
||||
@@ -128,9 +128,9 @@
|
||||
<exclusion>
|
||||
<groupId>commons-logging</groupId>
|
||||
<artifactId>commons-logging</artifactId>
|
||||
</exclusion>
|
||||
</exclusions>
|
||||
</dependency>
|
||||
</exclusion>
|
||||
</exclusions>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.slf4j</groupId>
|
||||
<artifactId>slf4j-log4j12</artifactId>
|
||||
@@ -195,10 +195,10 @@
|
||||
</property>
|
||||
</systemProperties>
|
||||
</configuration>
|
||||
</plugin>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
<properties>
|
||||
<jetty.version>6.1.11</jetty.version>
|
||||
</properties>
|
||||
</properties>
|
||||
</project>
|
||||
|
||||
+8
-8
@@ -5,7 +5,7 @@
|
||||
<parent>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-itest</artifactId>
|
||||
<version>2.0.4-SNAPSHOT</version>
|
||||
<version>2.0.7.RELEASE</version>
|
||||
</parent>
|
||||
<artifactId>spring-security-itest-web</artifactId>
|
||||
<name>Spring Security - Web Integration Tests</name>
|
||||
@@ -36,7 +36,7 @@
|
||||
<artifactId>jetty-naming</artifactId>
|
||||
<version>${jetty.version}</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.mortbay.jetty</groupId>
|
||||
<artifactId>jetty-plus</artifactId>
|
||||
@@ -53,8 +53,8 @@
|
||||
<groupId>org.mortbay.jetty</groupId>
|
||||
<artifactId>jsp-api-2.1</artifactId>
|
||||
<version>${jetty.version}</version>
|
||||
</dependency>
|
||||
<!--
|
||||
</dependency>
|
||||
<!--
|
||||
<dependency>
|
||||
<groupId>javax.servlet</groupId>
|
||||
<artifactId>jstl</artifactId>
|
||||
@@ -67,10 +67,10 @@
|
||||
<scope>runtime</scope>
|
||||
<version>1.1.2</version>
|
||||
</dependency>
|
||||
-->
|
||||
-->
|
||||
</dependencies>
|
||||
|
||||
<!--
|
||||
<!--
|
||||
<build>
|
||||
<plugins>
|
||||
<plugin>
|
||||
@@ -88,7 +88,7 @@
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
</plugins>
|
||||
</build>
|
||||
-->
|
||||
</project>
|
||||
|
||||
+1
-1
@@ -3,7 +3,7 @@
|
||||
<parent>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-parent</artifactId>
|
||||
<version>2.0.5-SNAPSHOT</version>
|
||||
<version>2.0.7.RELEASE</version>
|
||||
</parent>
|
||||
<packaging>jar</packaging>
|
||||
<artifactId>spring-security-ntlm</artifactId>
|
||||
|
||||
+12
-24
@@ -3,13 +3,13 @@
|
||||
<parent>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-parent</artifactId>
|
||||
<version>2.0.5-SNAPSHOT</version>
|
||||
<version>2.0.7.RELEASE</version>
|
||||
</parent>
|
||||
<artifactId>spring-security-openid</artifactId>
|
||||
<name>Spring Security - OpenID support</name>
|
||||
<description>Spring Security - Support for OpenID</description>
|
||||
<version>2.0.5-SNAPSHOT</version>
|
||||
<packaging>bundle</packaging>
|
||||
<version>2.0.7.RELEASE</version>
|
||||
<packaging>jar</packaging>
|
||||
|
||||
<dependencies>
|
||||
<dependency>
|
||||
@@ -45,26 +45,14 @@
|
||||
<version>0.9.3</version>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
|
||||
<properties>
|
||||
<spring.osgi.export>
|
||||
org.springframework.security.*;version=${pom.version.osgi}
|
||||
</spring.osgi.export>
|
||||
|
||||
<spring.osgi.import>
|
||||
javax.servlet.*;version="[2.4.0, 3.0.0)",
|
||||
org.apache.commons.logging.*;version="[1.1.1, 2.0.0)",
|
||||
org.openid4java.*;version="[0.9.3, 1.0.0)",
|
||||
org.springframework.security.*;version="[${pom.version.osgi},${pom.version.osgi}]",
|
||||
org.springframework.beans.*;version="${spring.version.osgi}",
|
||||
org.springframework.util.*;version="${spring.version.osgi}"
|
||||
</spring.osgi.import>
|
||||
|
||||
<spring.osgi.private.pkg>
|
||||
!org.springframework.security.*
|
||||
</spring.osgi.private.pkg>
|
||||
|
||||
<spring.osgi.symbolic.name>org.springframework.security.openid</spring.osgi.symbolic.name>
|
||||
</properties>
|
||||
|
||||
<build>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<groupId>com.springsource.bundlor</groupId>
|
||||
<artifactId>com.springsource.bundlor.maven</artifactId>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
|
||||
</project>
|
||||
|
||||
@@ -0,0 +1,15 @@
|
||||
Bundle-SymbolicName: org.springframework.security.openid
|
||||
Bundle-Name: Spring Security OpenID Support
|
||||
Bundle-Vendor: SpringSource
|
||||
Bundle-Version: ${version}
|
||||
Bundle-ManifestVersion: 2
|
||||
Ignored-Existing-Headers:
|
||||
Import-Package,
|
||||
Export-Package
|
||||
Import-Template:
|
||||
javax.servlet.*;version="[2.4.0, 3.0.0)",
|
||||
org.apache.commons.logging.*;version="[1.0.4, 2.0.0)",
|
||||
org.openid4java.*;version="[0.9.3, 1.0.0)",
|
||||
org.springframework.security.*;version="[${version},${version}]",
|
||||
org.springframework.beans.*;version="[2.0.8, 3.1.0)",
|
||||
org.springframework.util.*;version="[2.0.8, 3.1.0)"
|
||||
@@ -3,18 +3,17 @@
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-parent</artifactId>
|
||||
<version>2.0.5-SNAPSHOT</version>
|
||||
<version>2.0.7.RELEASE</version>
|
||||
<name>Spring Security</name>
|
||||
<packaging>pom</packaging>
|
||||
|
||||
<modules>
|
||||
<module>core</module>
|
||||
<module>core-tiger</module>
|
||||
<module>adapters</module>
|
||||
<module>core</module>
|
||||
<module>core-tiger</module>
|
||||
<module>portlet</module>
|
||||
<module>ntlm</module>
|
||||
<module>openid</module>
|
||||
<module>samples</module>
|
||||
<!--module>samples</module-->
|
||||
<module>cas</module>
|
||||
<module>acl</module>
|
||||
<module>taglibs</module>
|
||||
@@ -36,13 +35,6 @@
|
||||
</license>
|
||||
</licenses>
|
||||
|
||||
<!-- Note when doing releases: tagBase is set in release plugin configuration below -->
|
||||
<scm>
|
||||
<connection>scm:svn:https://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/spring-security/trunk</connection>
|
||||
<developerConnection>scm:svn:https://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/spring-security/trunk</developerConnection>
|
||||
<url>http://acegisecurity.svn.sourceforge.net/viewcvs.cgi/acegisecurity/spring-security/trunk/</url>
|
||||
</scm>
|
||||
|
||||
<issueManagement>
|
||||
<system>jira</system>
|
||||
<url>http://jira.springframework.org/browse/SEC</url>
|
||||
@@ -50,13 +42,13 @@
|
||||
<ciManagement>
|
||||
<system>bamboo</system>
|
||||
<url>https://build.springframework.org/browse/SEC</url>
|
||||
</ciManagement>
|
||||
</ciManagement>
|
||||
|
||||
<distributionManagement>
|
||||
<distributionManagement>
|
||||
<repository>
|
||||
<id>spring-milestone</id>
|
||||
<name>Spring Milestone Repository</name>
|
||||
<url>s3://maven.springframework.org/milestone</url>
|
||||
<id>spring-release</id>
|
||||
<name>Spring Release Repository</name>
|
||||
<url>s3://maven.springframework.org/release</url>
|
||||
</repository>
|
||||
|
||||
<snapshotRepository>
|
||||
@@ -64,49 +56,15 @@
|
||||
<name>Spring Snapshot Repository</name>
|
||||
<url>s3://maven.springframework.org/snapshot</url>
|
||||
</snapshotRepository>
|
||||
|
||||
<site>
|
||||
<id>local</id>
|
||||
<name>Local Site Directory</name>
|
||||
<!--
|
||||
This variable is set by the build release script. You can also set it on the command line if
|
||||
you are running maven directly. e.g. mvn site -DsiteDirectory=file:///home/joe/mysite
|
||||
-->
|
||||
<url>${siteDirectory}</url>
|
||||
</site>
|
||||
</distributionManagement>
|
||||
|
||||
<repositories>
|
||||
<repository>
|
||||
<id>spring-external</id>
|
||||
<name>Spring Portfolio Release Repository</name>
|
||||
<url>http://s3.amazonaws.com/maven.springframework.org/external</url>
|
||||
</repository>
|
||||
</repositories>
|
||||
|
||||
<mailingLists>
|
||||
<mailingList>
|
||||
<name>Acegi Developer List</name>
|
||||
<subscribe>
|
||||
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
|
||||
</subscribe>
|
||||
<!--
|
||||
<unsubscribe>https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer</unsubscribe>
|
||||
<post>acegisecurity-developer@lists.sourceforge.net</post>
|
||||
-->
|
||||
<archive>
|
||||
http://sourceforge.net/mailarchive/forum.php?forum_id=40659
|
||||
</archive>
|
||||
<otherArchives>
|
||||
<otherArchive>
|
||||
http://news.gmane.org/gmane.comp.java.springframework.acegisecurity.devel/
|
||||
</otherArchive>
|
||||
<otherArchive>
|
||||
http://www.mail-archive.com/acegisecurity-developer@lists.sourceforge.net/
|
||||
</otherArchive>
|
||||
</otherArchives>
|
||||
</mailingList>
|
||||
</mailingLists>
|
||||
<pluginRepositories>
|
||||
<pluginRepository>
|
||||
<id>com.springsource.repository.maven.milestone</id>
|
||||
<name>SpringSource Enterprise Bundle Repository - SpringSource Milestone Releases</name>
|
||||
<url>http://repository.springsource.com/maven/bundles/milestone</url>
|
||||
</pluginRepository>
|
||||
</pluginRepositories>
|
||||
|
||||
<developers>
|
||||
<developer>
|
||||
@@ -218,10 +176,10 @@
|
||||
</contributor>
|
||||
<contributor>
|
||||
<name>Ruud Senden</name>
|
||||
</contributor>
|
||||
</contributor>
|
||||
<contributor>
|
||||
<name>Michael Mayr</name>
|
||||
</contributor>
|
||||
</contributor>
|
||||
</contributors>
|
||||
|
||||
<dependencies>
|
||||
@@ -236,12 +194,30 @@
|
||||
<build>
|
||||
<extensions>
|
||||
<extension>
|
||||
<groupId>org.springframework.aws</groupId>
|
||||
<artifactId>spring-aws-maven</artifactId>
|
||||
<version>1.2.2</version>
|
||||
<groupId>org.springframework.build.aws</groupId>
|
||||
<artifactId>org.springframework.build.aws.maven</artifactId>
|
||||
<version>2.0.0.RELEASE</version>
|
||||
</extension>
|
||||
</extensions>
|
||||
<plugins>
|
||||
<pluginManagement>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<groupId>com.springsource.bundlor</groupId>
|
||||
<artifactId>com.springsource.bundlor.maven</artifactId>
|
||||
<version>1.0.0.M6</version>
|
||||
<executions>
|
||||
<execution>
|
||||
<id>bundlor</id>
|
||||
<phase>package</phase>
|
||||
<goals>
|
||||
<goal>transform</goal>
|
||||
</goals>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</pluginManagement>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-help-plugin</artifactId>
|
||||
@@ -361,10 +337,10 @@
|
||||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-release-plugin</artifactId>
|
||||
<version>2.0-beta-7</version>
|
||||
<version>2.0-beta-9</version>
|
||||
<configuration>
|
||||
<tagBase>
|
||||
https://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/spring-security/tags
|
||||
https://src.springframework.org/svn/spring-security/tags
|
||||
</tagBase>
|
||||
</configuration>
|
||||
</plugin>
|
||||
@@ -449,35 +425,6 @@
|
||||
</postProcess>
|
||||
</configuration>
|
||||
</plugin>
|
||||
<!-- OSGi Felix bundle plugin -->
|
||||
<plugin>
|
||||
<groupId>org.apache.felix</groupId>
|
||||
<artifactId>maven-bundle-plugin</artifactId>
|
||||
<version>1.4.0</version>
|
||||
<extensions>true</extensions>
|
||||
|
||||
<configuration>
|
||||
<obrRepository>NONE</obrRepository>
|
||||
<instructions>
|
||||
<!-- bundle specific conf -->
|
||||
<Bundle-Name>${artifactId}</Bundle-Name>
|
||||
<Bundle-SymbolicName>${spring.osgi.symbolic.name}</Bundle-SymbolicName>
|
||||
<Bundle-Vendor>SpringSource</Bundle-Vendor>
|
||||
<Export-Package>${spring.osgi.export}</Export-Package>
|
||||
<Import-Package>${spring.osgi.import}</Import-Package>
|
||||
<Private-Package>${spring.osgi.private.pkg}</Private-Package>
|
||||
<!--Include-Resource>${spring.osgi.include.res}</Include-Resource-->
|
||||
<!-- jar entries -->
|
||||
<Implementation-Title>Spring Security</Implementation-Title>
|
||||
<Implementation-Version>${pom.version}</Implementation-Version>
|
||||
<Implementation-Vendor>SpringSource</Implementation-Vendor>
|
||||
<Implementation-Vendor-Id>org.springframework.security</Implementation-Vendor-Id>
|
||||
<!-- Spring specific entries -->
|
||||
<!--Spring-Version>${spring.maven.artifact.version}</Spring-Version-->
|
||||
</instructions>
|
||||
<excludeDependencies>true</excludeDependencies>
|
||||
</configuration>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
|
||||
@@ -487,11 +434,11 @@
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-surefire-report-plugin</artifactId>
|
||||
<version>2.4.2</version>
|
||||
<!--
|
||||
<!--
|
||||
<configuration>
|
||||
<aggregate>true</aggregate>
|
||||
</configuration>
|
||||
-->
|
||||
</configuration>
|
||||
-->
|
||||
</plugin>
|
||||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
@@ -501,7 +448,7 @@
|
||||
<excludes>
|
||||
<exclude>bigbank/**</exclude>
|
||||
</excludes>
|
||||
</configuration>
|
||||
</configuration>
|
||||
</plugin>
|
||||
<!--
|
||||
<plugin>
|
||||
@@ -521,14 +468,14 @@
|
||||
</plugin>
|
||||
|
||||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-javadoc-plugin</artifactId>
|
||||
<version>2.4</version>
|
||||
<configuration>
|
||||
<aggregate>true</aggregate>
|
||||
<header>Spring Security Framework</header>
|
||||
<quiet>true</quiet>
|
||||
<excludePackageNames>sample,bigbank,zzz</excludePackageNames>
|
||||
<excludePackageNames>sample,bigbank,zzz</excludePackageNames>
|
||||
<links>
|
||||
<link>
|
||||
http://java.sun.com/j2se/1.5.0/docs/api
|
||||
@@ -572,7 +519,7 @@
|
||||
<!--<report>test-javadoc</report> -->
|
||||
</reports>
|
||||
</reportSet>
|
||||
</reportSets>
|
||||
</reportSets>
|
||||
</plugin>
|
||||
<plugin>
|
||||
<groupId>org.codehaus.mojo</groupId>
|
||||
@@ -582,7 +529,7 @@
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-project-info-reports-plugin</artifactId>
|
||||
<version>2.0.1</version>
|
||||
<!--
|
||||
<!--
|
||||
<reportSets>
|
||||
<reportSet>
|
||||
<reports>
|
||||
@@ -594,8 +541,8 @@
|
||||
</reports>
|
||||
</reportSet>
|
||||
</reportSets>
|
||||
-->
|
||||
</plugin>
|
||||
-->
|
||||
</plugin>
|
||||
</plugins>
|
||||
</reporting>
|
||||
|
||||
@@ -656,7 +603,7 @@
|
||||
<artifactId>aspectjweaver</artifactId>
|
||||
<optional>true</optional>
|
||||
<version>1.5.4</version>
|
||||
</dependency>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.aspectj</groupId>
|
||||
<artifactId>aspectjrt</artifactId>
|
||||
@@ -665,15 +612,15 @@
|
||||
<dependency>
|
||||
<groupId>org.springframework</groupId>
|
||||
<artifactId>spring-webmvc</artifactId>
|
||||
<version>${spring.version}</version>
|
||||
</dependency>
|
||||
<version>${spring.version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>cglib</groupId>
|
||||
<artifactId>cglib-nodep</artifactId>
|
||||
<scope>test</scope>
|
||||
<optional>true</optional>
|
||||
<version>2.1_3</version>
|
||||
</dependency>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>log4j</groupId>
|
||||
<artifactId>log4j</artifactId>
|
||||
@@ -723,17 +670,15 @@
|
||||
<artifactId>standard</artifactId>
|
||||
<version>${jstl.version}</version>
|
||||
<scope>runtime</scope>
|
||||
</dependency>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
</dependencyManagement>
|
||||
<properties>
|
||||
<pom.version.osgi>2.0.3.RELEASE</pom.version.osgi>
|
||||
<spring.version>2.0.8</spring.version>
|
||||
<spring.version.osgi>[2.0.8, 3.0.0)</spring.version.osgi>
|
||||
<jstl.version>1.1.2</jstl.version>
|
||||
|
||||
<docbook.source>${basedir}/src/docbkx</docbook.source>
|
||||
<docbook.target>${basedir}/target/site/guide</docbook.target>
|
||||
<docbook.target>${basedir}/target/site/guide</docbook.target>
|
||||
</properties>
|
||||
|
||||
</project>
|
||||
|
||||
+1
-1
@@ -3,7 +3,7 @@
|
||||
<parent>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-parent</artifactId>
|
||||
<version>2.0.5-SNAPSHOT</version>
|
||||
<version>2.0.7.RELEASE</version>
|
||||
</parent>
|
||||
<artifactId>spring-security-portlet</artifactId>
|
||||
<name>Spring Security - Portlet support</name>
|
||||
|
||||
+2
-9
@@ -44,7 +44,7 @@ Release jars for the project are available from the central maven repository
|
||||
http://repo1.maven.org/maven2/org/springframework/security/
|
||||
|
||||
Note that milestone releases and snapshots are not uploaded to the central
|
||||
repository, but can be obtained from te Spring milestone repository.
|
||||
repository, but can be obtained from the Spring milestone repository.
|
||||
This blog article has full details on how to download milestone or snapshot
|
||||
jars or use them in a Maven-based project build:
|
||||
|
||||
@@ -64,14 +64,7 @@ people who wrote Spring Security, and lead the development of the project:
|
||||
For peer help and assistance, please use the Spring Security forum
|
||||
located at the Spring Community's forum site:
|
||||
|
||||
http://forum.springframework.org
|
||||
|
||||
If you start using Spring Security in your project, please consider joining
|
||||
the acegisecurity-developer mailing list. This is currently the best way to
|
||||
keep informed about the project's status and provide feedback in design
|
||||
discussions. You can join at:
|
||||
|
||||
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer.
|
||||
http://forum.springsource.org
|
||||
|
||||
Links to mailing list archives, the forums, and other useful resources are
|
||||
available from the web site.
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<parent>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-samples-cas</artifactId>
|
||||
<version>2.0.5-SNAPSHOT</version>
|
||||
<version>2.0.7.RELEASE</version>
|
||||
</parent>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-samples-cas-client</artifactId>
|
||||
|
||||
+1
-1
@@ -3,7 +3,7 @@
|
||||
<parent>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-samples</artifactId>
|
||||
<version>2.0.5-SNAPSHOT</version>
|
||||
<version>2.0.7.RELEASE</version>
|
||||
</parent>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-samples-cas</artifactId>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<parent>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-samples-cas</artifactId>
|
||||
<version>2.0.5-SNAPSHOT</version>
|
||||
<version>2.0.7.RELEASE</version>
|
||||
</parent>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-samples-cas-server</artifactId>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<parent>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-samples</artifactId>
|
||||
<version>2.0.5-SNAPSHOT</version>
|
||||
<version>2.0.7.RELEASE</version>
|
||||
</parent>
|
||||
<artifactId>spring-security-samples-contacts</artifactId>
|
||||
<name>Spring Security - Contacts sample</name>
|
||||
|
||||
+1
-1
@@ -3,7 +3,7 @@
|
||||
<parent>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-samples</artifactId>
|
||||
<version>2.0.5-SNAPSHOT</version>
|
||||
<version>2.0.7.RELEASE</version>
|
||||
</parent>
|
||||
<artifactId>spring-security-samples-dms</artifactId>
|
||||
<name>Spring Security - DMS sample</name>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<parent>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-samples</artifactId>
|
||||
<version>2.0.5-SNAPSHOT</version>
|
||||
<version>2.0.7.RELEASE</version>
|
||||
</parent>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-samples-ldap</artifactId>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<parent>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-samples</artifactId>
|
||||
<version>2.0.5-SNAPSHOT</version>
|
||||
<version>2.0.7.RELEASE</version>
|
||||
</parent>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-samples-openid</artifactId>
|
||||
|
||||
+1
-1
@@ -3,7 +3,7 @@
|
||||
<parent>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-parent</artifactId>
|
||||
<version>2.0.5-SNAPSHOT</version>
|
||||
<version>2.0.7.RELEASE</version>
|
||||
</parent>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-samples</artifactId>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<parent>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-samples</artifactId>
|
||||
<version>2.0.5-SNAPSHOT</version>
|
||||
<version>2.0.7.RELEASE</version>
|
||||
</parent>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-samples-portlet</artifactId>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<parent>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-samples</artifactId>
|
||||
<version>2.0.5-SNAPSHOT</version>
|
||||
<version>2.0.7.RELEASE</version>
|
||||
</parent>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-samples-preauth</artifactId>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<parent>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-samples</artifactId>
|
||||
<version>2.0.5-SNAPSHOT</version>
|
||||
<version>2.0.7.RELEASE</version>
|
||||
</parent>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-samples-tutorial</artifactId>
|
||||
|
||||
@@ -10,23 +10,23 @@
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-samples-webflow</artifactId>
|
||||
<name>Spring Security - Webflow sample</name>
|
||||
<version>2.0.5-SNAPSHOT</version>
|
||||
<version>2.0.5.CI-SNAPSHOT</version>
|
||||
<packaging>war</packaging>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-core</artifactId>
|
||||
<version>2.0.4</version>
|
||||
<version>2.0.5.CI-SNAPSHOT</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-core-tiger</artifactId>
|
||||
<version>2.0.4</version>
|
||||
<version>2.0.5.CI-SNAPSHOT</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-taglibs</artifactId>
|
||||
<version>2.0.4</version>
|
||||
<version>2.0.5.CI-SNAPSHOT</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.webflow</groupId>
|
||||
|
||||
+8
-2
@@ -3,13 +3,13 @@
|
||||
<parent>
|
||||
<artifactId>spring-security-parent</artifactId>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<version>2.0.5-SNAPSHOT</version>
|
||||
<version>2.0.7.RELEASE</version>
|
||||
</parent>
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-taglibs</artifactId>
|
||||
<name>Spring Security - JSP taglibs</name>
|
||||
<version>2.0.5-SNAPSHOT</version>
|
||||
<version>2.0.7.RELEASE</version>
|
||||
<packaging>jar</packaging>
|
||||
|
||||
<dependencies>
|
||||
@@ -64,5 +64,11 @@
|
||||
<filtering>false</filtering>
|
||||
</resource>
|
||||
</resources>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<groupId>com.springsource.bundlor</groupId>
|
||||
<artifactId>com.springsource.bundlor.maven</artifactId>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
</project>
|
||||
|
||||
@@ -0,0 +1,18 @@
|
||||
Bundle-SymbolicName: org.springframework.security.taglibs
|
||||
Bundle-Name: Spring Security Taglibs
|
||||
Bundle-Vendor: SpringSource
|
||||
Bundle-Version: ${version}
|
||||
Bundle-ManifestVersion: 2
|
||||
Ignored-Existing-Headers:
|
||||
Import-Package,
|
||||
Export-Package
|
||||
Import-Template:
|
||||
org.apache.commons.logging.*;version="[1.0.4, 2.0.0)",
|
||||
org.springframework.security.*;version="[${version}, ${version}]",
|
||||
org.springframework.beans.*;version="[2.0.8, 3.1.0)",
|
||||
org.springframework.context.*;version="[2.0.8, 3.1.0)",
|
||||
org.springframework.web.*;version="[2.0.8, 3.1.0)",
|
||||
org.springframework.util;version="[2.0.8, 3.1.0)",
|
||||
net.sf.ehcache.*;version="[1.4.1, 2.0.0)";resolution:=optional,
|
||||
javax.servlet.*;version="0"
|
||||
|
||||
Reference in New Issue
Block a user