From 026517f6743ba0bb7c51cf9dc3f2a1c762348ca1 Mon Sep 17 00:00:00 2001 From: Luke Taylor Date: Sat, 26 Jun 2010 16:23:42 +0100 Subject: [PATCH] Removal of deprecated methods and classes. --- ...SecurityInterceptorWithAopConfigTests.java | 10 +- .../MethodSecurityInterceptor.java | 8 +- .../MethodSecurityMetadataSourceAdvisor.java | 11 - .../MethodSecurityMetadataSourceEditor.java | 75 ------ .../AnonymousAuthenticationToken.java | 13 +- .../UsernamePasswordAuthenticationToken.java | 8 - .../security/util/EncryptionUtils.java | 165 ------------- ...ethodDefinitionSourceEditorTigerTests.java | 87 ------- ...hodSecurityMetadataSourceAdvisorTests.java | 43 +--- ...thodSecurityMetadataSourceEditorTests.java | 224 ------------------ .../security/util/EncryptionUtilsTests.java | 120 ---------- .../java/sample/dms/DataSourcePopulator.java | 218 ++++++++--------- .../secured/SecureDataSourcePopulator.java | 5 +- .../applicationContext-dms-insecure.xml | 1 - .../applicationContext-dms-secure.xml | 37 +-- .../intercept/FilterSecurityInterceptor.java | 24 +- .../AbstractProcessingFilter.java | 17 -- .../AuthenticationProcessingFilter.java | 14 -- ...henticationProcessingFilterEntryPoint.java | 13 - ...thenticatedProcessingFilterEntryPoint.java | 15 -- .../HttpSessionSecurityContextRepository.java | 34 --- ...SessionSecurityContextRepositoryTests.java | 38 --- 22 files changed, 162 insertions(+), 1018 deletions(-) delete mode 100644 core/src/main/java/org/springframework/security/access/method/MethodSecurityMetadataSourceEditor.java delete mode 100644 core/src/main/java/org/springframework/security/util/EncryptionUtils.java delete mode 100644 core/src/test/java/org/springframework/security/access/annotation/MethodDefinitionSourceEditorTigerTests.java delete mode 100644 core/src/test/java/org/springframework/security/access/intercept/method/MethodSecurityMetadataSourceEditorTests.java delete mode 100644 core/src/test/java/org/springframework/security/util/EncryptionUtilsTests.java delete mode 100644 web/src/main/java/org/springframework/security/web/authentication/AbstractProcessingFilter.java delete mode 100644 web/src/main/java/org/springframework/security/web/authentication/AuthenticationProcessingFilter.java delete mode 100644 web/src/main/java/org/springframework/security/web/authentication/AuthenticationProcessingFilterEntryPoint.java delete mode 100644 web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedProcessingFilterEntryPoint.java diff --git a/config/src/test/java/org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptorWithAopConfigTests.java b/config/src/test/java/org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptorWithAopConfigTests.java index a4648554a5..56989a7c40 100644 --- a/config/src/test/java/org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptorWithAopConfigTests.java +++ b/config/src/test/java/org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptorWithAopConfigTests.java @@ -39,11 +39,11 @@ public class MethodSecurityInterceptorWithAopConfigTests { "" + "" + " " + - " " + - "org.springframework.security.ITargetObject.makeLower*=ROLE_A\n" + - "org.springframework.security.TargetObject.makeUpper*=ROLE_A\n" + - "org.springframework.security.ITargetObject.computeHashCode*=ROLE_B\n" + - " " + + " " + + " " + + " " + + " " + + " " + " " + ""; diff --git a/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptor.java b/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptor.java index 9705820494..e6eeb20b80 100644 --- a/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptor.java +++ b/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptor.java @@ -42,10 +42,6 @@ public class MethodSecurityInterceptor extends AbstractSecurityInterceptor imple //~ Methods ======================================================================================================== - public MethodSecurityMetadataSource getSecurityMetadataSource() { - return this.securityMetadataSource; - } - public Class getSecureObjectClass() { return MethodInvocation.class; } @@ -72,6 +68,10 @@ public class MethodSecurityInterceptor extends AbstractSecurityInterceptor imple return result; } + public MethodSecurityMetadataSource getSecurityMetadataSource() { + return this.securityMetadataSource; + } + public SecurityMetadataSource obtainSecurityMetadataSource() { return this.securityMetadataSource; } diff --git a/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisor.java b/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisor.java index 7399bd01b8..488de126ed 100644 --- a/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisor.java +++ b/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisor.java @@ -60,17 +60,6 @@ public class MethodSecurityMetadataSourceAdvisor extends AbstractPointcutAdvisor //~ Constructors =================================================================================================== - /** - * @deprecated use the decoupled approach instead - */ - MethodSecurityMetadataSourceAdvisor(MethodSecurityInterceptor advice) { - Assert.notNull(advice.getSecurityMetadataSource(), "Cannot construct a MethodSecurityMetadataSourceAdvisor using a " + - "MethodSecurityInterceptor that has no SecurityMetadataSource configured"); - - this.interceptor = advice; - this.attributeSource = advice.getSecurityMetadataSource(); - } - /** * Alternative constructor for situations where we want the advisor decoupled from the advice. Instead the advice * bean name should be set. This prevents eager instantiation of the interceptor diff --git a/core/src/main/java/org/springframework/security/access/method/MethodSecurityMetadataSourceEditor.java b/core/src/main/java/org/springframework/security/access/method/MethodSecurityMetadataSourceEditor.java deleted file mode 100644 index 7856ba8316..0000000000 --- a/core/src/main/java/org/springframework/security/access/method/MethodSecurityMetadataSourceEditor.java +++ /dev/null @@ -1,75 +0,0 @@ -/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.access.method; - -import java.beans.PropertyEditorSupport; -import java.util.ArrayList; -import java.util.Iterator; -import java.util.LinkedHashMap; -import java.util.List; -import java.util.Map; -import java.util.Properties; - -import org.springframework.beans.propertyeditors.PropertiesEditor; -import org.springframework.security.access.ConfigAttribute; -import org.springframework.security.access.SecurityConfig; -import org.springframework.util.StringUtils; - - -/** - * Property editor to assist with the setup of a {@link MethodSecurityMetadataSource}. - *

- * The class creates and populates a {@link MapBasedMethodSecurityMetadataSource}. - * - * @author Ben Alex - * @deprecated use method annotations or the protect-pointcut support from the namespace - */ -public class MethodSecurityMetadataSourceEditor extends PropertyEditorSupport { - //~ Methods ======================================================================================================== - - @SuppressWarnings("unchecked") - public void setAsText(String s) throws IllegalArgumentException { - if ((s == null) || "".equals(s)) { - setValue(new MapBasedMethodSecurityMetadataSource()); - return; - } - - // Use properties editor to tokenize the string - PropertiesEditor propertiesEditor = new PropertiesEditor(); - propertiesEditor.setAsText(s); - - Properties props = (Properties) propertiesEditor.getValue(); - - // Now we have properties, process each one individually - Map> mappings = new LinkedHashMap>(); - - for (Iterator iter = props.keySet().iterator(); iter.hasNext();) { - String name = (String) iter.next(); - String value = props.getProperty(name); - - String[] tokens = StringUtils.commaDelimitedListToStringArray(value); - List attributes = new ArrayList(tokens.length); - - for(String token : tokens) { - attributes.add(new SecurityConfig(token)); - } - - mappings.put(name, attributes); - } - - setValue(new MapBasedMethodSecurityMetadataSource(mappings)); - } -} diff --git a/core/src/main/java/org/springframework/security/authentication/AnonymousAuthenticationToken.java b/core/src/main/java/org/springframework/security/authentication/AnonymousAuthenticationToken.java index 6d42b33ba2..e7bb69e897 100644 --- a/core/src/main/java/org/springframework/security/authentication/AnonymousAuthenticationToken.java +++ b/core/src/main/java/org/springframework/security/authentication/AnonymousAuthenticationToken.java @@ -15,13 +15,11 @@ package org.springframework.security.authentication; -import org.springframework.security.core.GrantedAuthority; - - import java.io.Serializable; -import java.util.Arrays; import java.util.List; +import org.springframework.security.core.GrantedAuthority; + /** * Represents an anonymous Authentication. @@ -37,13 +35,6 @@ public class AnonymousAuthenticationToken extends AbstractAuthenticationToken im //~ Constructors =================================================================================================== - /** - * @deprecated use the second constructor - */ - public AnonymousAuthenticationToken(String key, Object principal, GrantedAuthority[] authorities) { - this(key, principal, Arrays.asList(authorities)); - } - /** * Constructor. * diff --git a/core/src/main/java/org/springframework/security/authentication/UsernamePasswordAuthenticationToken.java b/core/src/main/java/org/springframework/security/authentication/UsernamePasswordAuthenticationToken.java index 75fa959a24..b1956d784e 100644 --- a/core/src/main/java/org/springframework/security/authentication/UsernamePasswordAuthenticationToken.java +++ b/core/src/main/java/org/springframework/security/authentication/UsernamePasswordAuthenticationToken.java @@ -15,7 +15,6 @@ package org.springframework.security.authentication; -import java.util.Arrays; import java.util.Collection; import org.springframework.security.core.GrantedAuthority; @@ -52,13 +51,6 @@ public class UsernamePasswordAuthenticationToken extends AbstractAuthenticationT setAuthenticated(false); } - /** - * @deprecated use the list of authorities version - */ - public UsernamePasswordAuthenticationToken(Object principal, Object credentials, GrantedAuthority[] authorities) { - this(principal, credentials, Arrays.asList(authorities)); - } - /** * This constructor should only be used by AuthenticationManager or AuthenticationProvider * implementations that are satisfied with producing a trusted (i.e. {@link #isAuthenticated()} = true) diff --git a/core/src/main/java/org/springframework/security/util/EncryptionUtils.java b/core/src/main/java/org/springframework/security/util/EncryptionUtils.java deleted file mode 100644 index 0d6da09ff2..0000000000 --- a/core/src/main/java/org/springframework/security/util/EncryptionUtils.java +++ /dev/null @@ -1,165 +0,0 @@ -/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.util; - -import java.io.UnsupportedEncodingException; -import java.security.spec.KeySpec; - -import javax.crypto.Cipher; -import javax.crypto.SecretKey; -import javax.crypto.SecretKeyFactory; -import javax.crypto.spec.DESedeKeySpec; - -import org.springframework.core.NestedRuntimeException; -import org.springframework.security.core.codec.Base64; -import org.springframework.util.Assert; - -/** - * A static utility class that can encrypt and decrypt text. - * - *

This class is useful if you have simple needs and wish to use the DESede - * encryption cipher. More sophisticated requirements will need to use the - * Java crypto libraries directly. - * - * @author Alan Stewart - * @author Ben Alex - * @deprecated Use a dedicated encryption library instead. - */ -@Deprecated -public final class EncryptionUtils { - - /** - * This is a static class that should not be instantiated. - */ - private EncryptionUtils() {} - - /** - * Converts a String into a byte array using UTF-8, falling back to the - * platform's default character set if UTF-8 fails. - * - * @param input the input (required) - * @return a byte array representation of the input string - */ - public static byte[] stringToByteArray(String input) { - Assert.hasLength(input, "Input required"); - try { - return input.getBytes("UTF-8"); - } catch (UnsupportedEncodingException fallbackToDefault) { - return input.getBytes(); - } - } - - /** - * Converts a byte array into a String using UTF-8, falling back to the - * platform's default character set if UTF-8 fails. - * - * @param byteArray the byte array to convert (required) - * @return a string representation of the byte array - */ - public static String byteArrayToString(byte[] byteArray) { - Assert.notNull(byteArray, "ByteArray required"); - Assert.isTrue(byteArray.length > 0, "ByteArray cannot be empty"); - try { - return new String(byteArray, "UTF8"); - } catch (final UnsupportedEncodingException e) { - return new String(byteArray); - } - } - - private static byte[] cipher(String key, byte[] passedBytes, int cipherMode) throws EncryptionException { - try { - final KeySpec keySpec = new DESedeKeySpec(stringToByteArray(key)); - final SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DESede"); - final Cipher cipher = Cipher.getInstance("DESede/ECB/PKCS5Padding"); - final SecretKey secretKey = keyFactory.generateSecret(keySpec); - cipher.init(cipherMode, secretKey); - return cipher.doFinal(passedBytes); - } catch (final Exception e) { - throw new EncryptionException(e.getMessage(), e); - } - } - - /** - * Encrypts the inputString using the key. - * - * @param key at least 24 character long key (required) - * @param inputString the string to encrypt (required) - * @return the encrypted version of the inputString - * @throws EncryptionException in the event of an encryption failure - */ - public static String encrypt(String key, String inputString) throws EncryptionException { - isValidKey(key); - final byte[] cipherText = cipher(key, stringToByteArray(inputString), Cipher.ENCRYPT_MODE); - return byteArrayToString(Base64.encode(cipherText)); - } - - /** - * Encrypts the inputBytes using the key. - * - * @param key at least 24 character long key (required) - * @param inputBytes the bytes to encrypt (required) - * @return the encrypted version of the inputBytes - * @throws EncryptionException in the event of an encryption failure - */ - public static byte[] encrypt(String key, byte[] inputBytes) throws EncryptionException { - isValidKey(key); - return Base64.encode(cipher(key, inputBytes, Cipher.ENCRYPT_MODE)); - } - - /** - * Decrypts the inputString using the key. - * - * @param key the key used to originally encrypt the string (required) - * @param inputString the encrypted string (required) - * @return the decrypted version of inputString - * @throws EncryptionException in the event of an encryption failure - */ - public static String decrypt(String key, String inputString) throws EncryptionException { - Assert.hasText(key, "A key is required to attempt decryption"); - final byte[] cipherText = cipher(key, Base64.decode(stringToByteArray(inputString)), Cipher.DECRYPT_MODE); - return byteArrayToString(cipherText); - } - - /** - * Decrypts the inputBytes using the key. - * - * @param key the key used to originally encrypt the string (required) - * @param inputBytes the encrypted bytes (required) - * @return the decrypted version of inputBytes - * @throws EncryptionException in the event of an encryption failure - */ - public static byte[] decrypt(String key, byte[] inputBytes) throws EncryptionException { - Assert.hasText(key, "A key is required to attempt decryption"); - return cipher(key, Base64.decode(inputBytes), Cipher.DECRYPT_MODE); - } - - private static void isValidKey(String key) { - Assert.hasText(key, "A key to perform the encryption is required"); - Assert.isTrue(key.length() >= 24, "Key must be at least 24 characters long"); - } - - public static class EncryptionException extends NestedRuntimeException { - private static final long serialVersionUID = 1L; - - public EncryptionException(String message, Throwable t) { - super(message, t); - } - - public EncryptionException(String message) { - super(message); - } - } -} diff --git a/core/src/test/java/org/springframework/security/access/annotation/MethodDefinitionSourceEditorTigerTests.java b/core/src/test/java/org/springframework/security/access/annotation/MethodDefinitionSourceEditorTigerTests.java deleted file mode 100644 index d278176586..0000000000 --- a/core/src/test/java/org/springframework/security/access/annotation/MethodDefinitionSourceEditorTigerTests.java +++ /dev/null @@ -1,87 +0,0 @@ -/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.access.annotation; - -import static org.junit.Assert.assertEquals; - -import java.util.Collection; -import java.util.List; - -import org.junit.Before; -import org.junit.Test; -import org.springframework.security.access.ConfigAttribute; -import org.springframework.security.access.SecurityConfig; -import org.springframework.security.access.annotation.test.Entity; -import org.springframework.security.access.annotation.test.PersonServiceImpl; -import org.springframework.security.access.annotation.test.Service; -import org.springframework.security.access.intercept.method.MockMethodInvocation; -import org.springframework.security.access.method.MapBasedMethodSecurityMetadataSource; -import org.springframework.security.access.method.MethodSecurityMetadataSourceEditor; - - -/** - * Extra tests to demonstrate generics behaviour with MapBasedMethodDefinitionSource. - * - * @author Ben Alex - */ -@SuppressWarnings("deprecation") -public class MethodDefinitionSourceEditorTigerTests { - private MockMethodInvocation makeUpper; - private MockMethodInvocation makeLower; - - @Before - public void createMethodInvocations() throws Exception { - makeUpper = new MockMethodInvocation(new PersonServiceImpl(), Service.class,"makeUpperCase", Entity.class); - makeLower = new MockMethodInvocation(new PersonServiceImpl(), Service.class,"makeLowerCase", Entity.class); - } - - @Test - public void testConcreteClassInvocations() throws Exception { - MethodSecurityMetadataSourceEditor editor = new MethodSecurityMetadataSourceEditor(); - editor.setAsText( - "org.springframework.security.access.annotation.test.Service.makeLower*=ROLE_FROM_INTERFACE\r\n" + - "org.springframework.security.access.annotation.test.Service.makeUpper*=ROLE_FROM_INTERFACE\r\n" + - "org.springframework.security.access.annotation.test.ServiceImpl.makeUpper*=ROLE_FROM_IMPLEMENTATION"); - - MapBasedMethodSecurityMetadataSource map = (MapBasedMethodSecurityMetadataSource) editor.getValue(); - assertEquals(3, map.getMethodMapSize()); - - Collection returnedMakeLower = map.getAttributes(makeLower); - List expectedMakeLower = SecurityConfig.createList("ROLE_FROM_INTERFACE"); - assertEquals(expectedMakeLower, returnedMakeLower); - - Collection returnedMakeUpper = map.getAttributes(makeUpper); - List expectedMakeUpper = SecurityConfig.createList(new String[]{"ROLE_FROM_IMPLEMENTATION"}); - assertEquals(expectedMakeUpper, returnedMakeUpper); - } - - @Test - public void testBridgeMethodResolution() throws Exception { - MethodSecurityMetadataSourceEditor editor = new MethodSecurityMetadataSourceEditor(); - editor.setAsText( - "org.springframework.security.access.annotation.test.PersonService.makeUpper*=ROLE_FROM_INTERFACE\r\n" + - "org.springframework.security.access.annotation.test.ServiceImpl.makeUpper*=ROLE_FROM_ABSTRACT\r\n" + - "org.springframework.security.access.annotation.test.PersonServiceImpl.makeUpper*=ROLE_FROM_PSI"); - - MapBasedMethodSecurityMetadataSource map = (MapBasedMethodSecurityMetadataSource) editor.getValue(); - assertEquals(3, map.getMethodMapSize()); - - Collection returnedMakeUpper = map.getAttributes(makeUpper); - List expectedMakeUpper = SecurityConfig.createList("ROLE_FROM_PSI"); - assertEquals(expectedMakeUpper, returnedMakeUpper); - } - -} diff --git a/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisorTests.java b/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisorTests.java index c7bd4cd35a..9f73922f6e 100644 --- a/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisorTests.java +++ b/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisorTests.java @@ -15,43 +15,31 @@ package org.springframework.security.access.intercept.aopalliance; +import static org.mockito.Mockito.*; + import java.lang.reflect.Method; import junit.framework.TestCase; import org.springframework.security.TargetObject; -import org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor; -import org.springframework.security.access.intercept.aopalliance.MethodSecurityMetadataSourceAdvisor; -import org.springframework.security.access.method.MapBasedMethodSecurityMetadataSource; -import org.springframework.security.access.method.MethodSecurityMetadataSourceEditor; +import org.springframework.security.access.SecurityConfig; +import org.springframework.security.access.method.MethodSecurityMetadataSource; /** * Tests {@link MethodSecurityMetadataSourceAdvisor}. * * @author Ben Alex */ -@SuppressWarnings("deprecation") public class MethodSecurityMetadataSourceAdvisorTests extends TestCase { //~ Methods ======================================================================================================== - private MethodSecurityInterceptor getInterceptor() { - MethodSecurityMetadataSourceEditor editor = new MethodSecurityMetadataSourceEditor(); - editor.setAsText("org.springframework.security.TargetObject.countLength=ROLE_NOT_USED"); - - MapBasedMethodSecurityMetadataSource map = (MapBasedMethodSecurityMetadataSource) editor.getValue(); - - MethodSecurityInterceptor msi = new MethodSecurityInterceptor(); - msi.setSecurityMetadataSource(map); - - return msi; - } - - public void testAdvisorReturnsFalseWhenMethodInvocationNotDefined() - throws Exception { + public void testAdvisorReturnsFalseWhenMethodInvocationNotDefined() throws Exception { Class clazz = TargetObject.class; Method method = clazz.getMethod("makeLowerCase", new Class[] {String.class}); - MethodSecurityMetadataSourceAdvisor advisor = new MethodSecurityMetadataSourceAdvisor(getInterceptor()); + MethodSecurityMetadataSource mds = mock(MethodSecurityMetadataSource.class); + when(mds.getAttributes(method, clazz)).thenReturn(null); + MethodSecurityMetadataSourceAdvisor advisor = new MethodSecurityMetadataSourceAdvisor("", mds ,""); assertFalse(advisor.getPointcut().getMethodMatcher().matches(method, clazz)); } @@ -60,18 +48,9 @@ public class MethodSecurityMetadataSourceAdvisorTests extends TestCase { Class clazz = TargetObject.class; Method method = clazz.getMethod("countLength", new Class[] {String.class}); - MethodSecurityMetadataSourceAdvisor advisor = new MethodSecurityMetadataSourceAdvisor(getInterceptor()); + MethodSecurityMetadataSource mds = mock(MethodSecurityMetadataSource.class); + when(mds.getAttributes(method, clazz)).thenReturn(SecurityConfig.createList("ROLE_A")); + MethodSecurityMetadataSourceAdvisor advisor = new MethodSecurityMetadataSourceAdvisor("", mds ,""); assertTrue(advisor.getPointcut().getMethodMatcher().matches(method, clazz)); } - - public void testDetectsImproperlyConfiguredAdvice() { - MethodSecurityInterceptor msi = new MethodSecurityInterceptor(); - - try { - new MethodSecurityMetadataSourceAdvisor(msi); - fail("Should have detected null SecurityMetadataSource and thrown AopConfigException"); - } catch (IllegalArgumentException expected) { - assertTrue(true); - } - } } diff --git a/core/src/test/java/org/springframework/security/access/intercept/method/MethodSecurityMetadataSourceEditorTests.java b/core/src/test/java/org/springframework/security/access/intercept/method/MethodSecurityMetadataSourceEditorTests.java deleted file mode 100644 index 0d84dc52a3..0000000000 --- a/core/src/test/java/org/springframework/security/access/intercept/method/MethodSecurityMetadataSourceEditorTests.java +++ /dev/null @@ -1,224 +0,0 @@ -/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.access.intercept.method; - -import java.lang.reflect.AccessibleObject; -import java.lang.reflect.Method; -import java.util.Collection; -import java.util.List; - -import junit.framework.TestCase; - -import org.aopalliance.intercept.MethodInvocation; -import org.springframework.security.ITargetObject; -import org.springframework.security.OtherTargetObject; -import org.springframework.security.TargetObject; -import org.springframework.security.access.ConfigAttribute; -import org.springframework.security.access.SecurityConfig; -import org.springframework.security.access.method.MapBasedMethodSecurityMetadataSource; -import org.springframework.security.access.method.MethodSecurityMetadataSourceEditor; - - -/** - * Tests {@link MethodSecurityMetadataSourceEditor} and its associated {@link MapBasedMethodSecurityMetadataSource}. - * - * @author Ben Alex - */ -@SuppressWarnings("deprecation") -public class MethodSecurityMetadataSourceEditorTests extends TestCase { - //~ Methods ======================================================================================================== - - public final void setUp() throws Exception { - super.setUp(); - } - - public void testClassNameNotFoundResultsInException() { - MethodSecurityMetadataSourceEditor editor = new MethodSecurityMetadataSourceEditor(); - - try { - editor.setAsText("org.springframework.security.DOES_NOT_EXIST_NAME=FOO,BAR"); - fail("Should have given IllegalArgumentException"); - } catch (IllegalArgumentException expected) { - assertTrue(true); - } - } - - public void testClassNameNotInProperFormatResultsInException() { - MethodSecurityMetadataSourceEditor editor = new MethodSecurityMetadataSourceEditor(); - - try { - editor.setAsText("DOES_NOT_EXIST_NAME=FOO,BAR"); - fail("Should have given IllegalArgumentException"); - } catch (IllegalArgumentException expected) { - assertTrue(true); - } - } - - public void testClassNameValidButMethodNameInvalidResultsInException() { - MethodSecurityMetadataSourceEditor editor = new MethodSecurityMetadataSourceEditor(); - - try { - editor.setAsText("org.springframework.security.TargetObject.INVALID_METHOD=FOO,BAR"); - fail("Should have given IllegalArgumentException"); - } catch (IllegalArgumentException expected) { - assertTrue(true); - } - } - - public void testConcreteClassInvocationsAlsoReturnDefinitionsAgainstInterface() throws Exception { - MethodSecurityMetadataSourceEditor editor = new MethodSecurityMetadataSourceEditor(); - editor.setAsText( - "org.springframework.security.ITargetObject.computeHashCode*=ROLE_FROM_INTERFACE\r\n" + - "org.springframework.security.ITargetObject.makeLower*=ROLE_FROM_INTERFACE\r\n" + - "org.springframework.security.ITargetObject.makeUpper*=ROLE_FROM_INTERFACE\r\n" + - "org.springframework.security.TargetObject.computeHashCode*=ROLE_FROM_TO\r\n" + - "org.springframework.security.OtherTargetObject.computeHashCode*=ROLE_FROM_OTO\r\n" + - "org.springframework.security.OtherTargetObject.makeUpper*=ROLE_FROM_IMPLEMENTATION"); - - MapBasedMethodSecurityMetadataSource map = (MapBasedMethodSecurityMetadataSource) editor.getValue(); - assertEquals(6, map.getMethodMapSize()); - - Collection returnedMakeLower = map.getAttributes(new MockMethodInvocation(ITargetObject.class, "makeLowerCase", new Class[] {String.class}, new OtherTargetObject())); - List expectedMakeLower = SecurityConfig.createList("ROLE_FROM_INTERFACE"); - assertEquals(expectedMakeLower, returnedMakeLower); - - Collection returnedMakeUpper = map.getAttributes(new MockMethodInvocation(ITargetObject.class, "makeUpperCase", new Class[] {String.class}, new OtherTargetObject())); - List expectedMakeUpper = SecurityConfig.createList("ROLE_FROM_IMPLEMENTATION"); - assertEquals(expectedMakeUpper, returnedMakeUpper); - - Collection returnedComputeHashCode = map.getAttributes(new MockMethodInvocation(ITargetObject.class, "computeHashCode", new Class[] {String.class}, new OtherTargetObject())); - List expectedComputeHashCode = SecurityConfig.createList("ROLE_FROM_OTO"); - assertEquals(expectedComputeHashCode, returnedComputeHashCode); - - returnedComputeHashCode = map.getAttributes(new MockMethodInvocation(ITargetObject.class, "computeHashCode", new Class[] {String.class}, new TargetObject())); - expectedComputeHashCode = SecurityConfig.createList("ROLE_FROM_TO"); - assertEquals(expectedComputeHashCode, returnedComputeHashCode); - } - - public void testEmptyStringReturnsEmptyMap() { - MethodSecurityMetadataSourceEditor editor = new MethodSecurityMetadataSourceEditor(); - editor.setAsText(""); - - MapBasedMethodSecurityMetadataSource map = (MapBasedMethodSecurityMetadataSource) editor.getValue(); - assertEquals(0, map.getMethodMapSize()); - } - - public void testIterator() { - MethodSecurityMetadataSourceEditor editor = new MethodSecurityMetadataSourceEditor(); - editor.setAsText( - "org.springframework.security.TargetObject.countLength=ROLE_ONE,ROLE_TWO,RUN_AS_ENTRY\r\norg.springframework.security.TargetObject.make*=ROLE_NINE,ROLE_SUPERVISOR"); - - MapBasedMethodSecurityMetadataSource map = (MapBasedMethodSecurityMetadataSource) editor.getValue(); - - assertEquals(5, map.getAllConfigAttributes().size()); - } - - public void testMultiMethodParsing() { - MethodSecurityMetadataSourceEditor editor = new MethodSecurityMetadataSourceEditor(); - editor.setAsText( - "org.springframework.security.TargetObject.countLength=ROLE_ONE,ROLE_TWO,RUN_AS_ENTRY\r\norg.springframework.security.TargetObject.make*=ROLE_NINE,ROLE_SUPERVISOR"); - - MapBasedMethodSecurityMetadataSource map = (MapBasedMethodSecurityMetadataSource) editor.getValue(); - assertEquals(3, map.getMethodMapSize()); - } - - public void testMultiMethodParsingWhereLaterMethodsOverrideEarlierMethods() throws Exception { - MethodSecurityMetadataSourceEditor editor = new MethodSecurityMetadataSourceEditor(); - editor.setAsText( - "org.springframework.security.TargetObject.*=ROLE_GENERAL\r\norg.springframework.security.TargetObject.makeLower*=ROLE_LOWER\r\norg.springframework.security.TargetObject.make*=ROLE_MAKE\r\norg.springframework.security.TargetObject.makeUpper*=ROLE_UPPER"); - - MapBasedMethodSecurityMetadataSource map = (MapBasedMethodSecurityMetadataSource) editor.getValue(); - assertEquals(14, map.getMethodMapSize()); - - Collection returnedMakeLower = map.getAttributes(new MockMethodInvocation(ITargetObject.class, - "makeLowerCase", new Class[] {String.class}, new TargetObject())); - List expectedMakeLower = SecurityConfig.createList("ROLE_LOWER"); - assertEquals(expectedMakeLower, returnedMakeLower); - - Collection returnedMakeUpper = map.getAttributes(new MockMethodInvocation(ITargetObject.class, - "makeUpperCase", new Class[] {String.class}, new TargetObject())); - List expectedMakeUpper = SecurityConfig.createList("ROLE_UPPER"); - assertEquals(expectedMakeUpper, returnedMakeUpper); - - Collection returnedCountLength = map.getAttributes(new MockMethodInvocation(ITargetObject.class, - "countLength", new Class[] {String.class}, new TargetObject())); - List expectedCountLength = SecurityConfig.createList("ROLE_GENERAL"); - assertEquals(expectedCountLength, returnedCountLength); - } - - public void testNullIsReturnedByMethodSecurityMetadataSourceWhenMethodInvocationNotDefined() throws Exception { - MethodSecurityMetadataSourceEditor editor = new MethodSecurityMetadataSourceEditor(); - editor.setAsText("org.springframework.security.TargetObject.countLength=ROLE_ONE,ROLE_TWO,RUN_AS_ENTRY"); - - MapBasedMethodSecurityMetadataSource map = (MapBasedMethodSecurityMetadataSource) editor.getValue(); - - Collection configAttributeDefinition = map.getAttributes(new MockMethodInvocation( - ITargetObject.class, "makeLowerCase", new Class[] {String.class}, new TargetObject())); - assertNull(configAttributeDefinition); - } - - public void testNullReturnsEmptyMap() { - MethodSecurityMetadataSourceEditor editor = new MethodSecurityMetadataSourceEditor(); - editor.setAsText(null); - - MapBasedMethodSecurityMetadataSource map = (MapBasedMethodSecurityMetadataSource) editor.getValue(); - assertEquals(0, map.getMethodMapSize()); - } - - public void testSingleMethodParsing() throws Exception { - MethodSecurityMetadataSourceEditor editor = new MethodSecurityMetadataSourceEditor(); - editor.setAsText("org.springframework.security.TargetObject.countLength=ROLE_ONE,ROLE_TWO,RUN_AS_ENTRY"); - - MapBasedMethodSecurityMetadataSource map = (MapBasedMethodSecurityMetadataSource) editor.getValue(); - - Collection returnedCountLength = map.getAttributes(new MockMethodInvocation(ITargetObject.class, - "countLength", new Class[] {String.class}, new TargetObject())); - assertEquals(SecurityConfig.createList("ROLE_ONE", "ROLE_TWO", "RUN_AS_ENTRY"), returnedCountLength); - } - - //~ Inner Classes ================================================================================================== - - private class MockMethodInvocation implements MethodInvocation { - private Method method; - private Object targetObject; - - public MockMethodInvocation(Class clazz, String methodName, Class[] parameterTypes, Object targetObject) - throws NoSuchMethodException { - this.method = clazz.getMethod(methodName, parameterTypes); - this.targetObject = targetObject; - } - - public Object[] getArguments() { - return null; - } - - public Method getMethod() { - return method; - } - - public AccessibleObject getStaticPart() { - return null; - } - - public Object getThis() { - return targetObject; - } - - public Object proceed() throws Throwable { - return null; - } - } -} diff --git a/core/src/test/java/org/springframework/security/util/EncryptionUtilsTests.java b/core/src/test/java/org/springframework/security/util/EncryptionUtilsTests.java deleted file mode 100644 index f47f46662d..0000000000 --- a/core/src/test/java/org/springframework/security/util/EncryptionUtilsTests.java +++ /dev/null @@ -1,120 +0,0 @@ -/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.util; - -import junit.framework.TestCase; - -import org.springframework.security.util.EncryptionUtils.EncryptionException; - -/** - * JUnit tests for EncryptionUtils. - * - * @author Alan Stewart - * @author Ben Alex - */ -@SuppressWarnings("deprecation") -public class EncryptionUtilsTests extends TestCase { - private final static String STRING_TO_ENCRYPT = "Alan K Stewart"; - private final static String ENCRYPTION_KEY = "123456789012345678901234567890"; - - public void testEncryptsUsingDESEde() throws EncryptionException { - final String encryptedString = EncryptionUtils.encrypt(ENCRYPTION_KEY, STRING_TO_ENCRYPT); - assertEquals("3YIE8sIbaEoqGZZrHamFGQ==", encryptedString); - } - - public void testEncryptByteArrayUsingDESEde() { - final byte[] encryptedArray = EncryptionUtils.encrypt(ENCRYPTION_KEY, EncryptionUtils.stringToByteArray(STRING_TO_ENCRYPT)); - assertEquals("3YIE8sIbaEoqGZZrHamFGQ==", EncryptionUtils.byteArrayToString(encryptedArray)); - } - - public void testEncryptionKeyCanContainLetters() throws EncryptionException { - final String encryptedString = EncryptionUtils.encrypt("ASDF asdf 1234 8983 jklasdf J2Jaf8", STRING_TO_ENCRYPT); - assertEquals("v4+DQoClx6qm5tJwBcRrkw==", encryptedString); - } - - public void testDecryptsUsingDESEde() throws EncryptionException { - final String encryptedString = "3YIE8sIbaEoqGZZrHamFGQ=="; - final String decryptedString = EncryptionUtils.decrypt(ENCRYPTION_KEY, encryptedString); - assertEquals(STRING_TO_ENCRYPT, decryptedString); - } - - public void testDecryptByteArrayUsingDESEde() { - final byte[] encrypted = EncryptionUtils.stringToByteArray("3YIE8sIbaEoqGZZrHamFGQ=="); - final byte[] decrypted = EncryptionUtils.decrypt(ENCRYPTION_KEY, encrypted); - assertEquals(STRING_TO_ENCRYPT, EncryptionUtils.byteArrayToString(decrypted)); - } - - public void testFailEncryptWithNullEncryptionKey() { - try { - EncryptionUtils.encrypt(null, STRING_TO_ENCRYPT); - fail(); - } catch (IllegalArgumentException e) { - assertTrue(true); - } - } - - public void testFailEncryptWithEmptyEncryptionKey() { - try { - EncryptionUtils.encrypt("", STRING_TO_ENCRYPT); - fail(); - } catch (IllegalArgumentException e) { - assertTrue(true); - } - } - - public void teastFailEncryptWithShortEncryptionKey() { - try { - EncryptionUtils.encrypt("01234567890123456789012", STRING_TO_ENCRYPT); - fail(); - } catch (IllegalArgumentException e) { - assertTrue(true); - } - } - - public void testFailDecryptWithEmptyString() { - try { - EncryptionUtils.decrypt(ENCRYPTION_KEY, ""); - fail(); - } catch (IllegalArgumentException e) { - assertTrue(true); - } - } - - public void testFailEncryptWithEmptyString() { - try { - EncryptionUtils.encrypt(ENCRYPTION_KEY, ""); - fail(); - } catch (IllegalArgumentException e) { - assertTrue(true); - } - } - - public void testFailEncryptWithNullString() { - try { - EncryptionUtils.encrypt(ENCRYPTION_KEY, (String) null); - fail(); - } catch (IllegalArgumentException e) { - assertTrue(true); - } - } - - public void testEncryptAndDecrypt() throws EncryptionException { - final String stringToEncrypt = "Alan Stewart"; - final String encryptedString = EncryptionUtils.encrypt(ENCRYPTION_KEY, stringToEncrypt); - final String decryptedString = EncryptionUtils.decrypt(ENCRYPTION_KEY, encryptedString); - assertEquals(stringToEncrypt, decryptedString); - } -} diff --git a/samples/dms/src/main/java/sample/dms/DataSourcePopulator.java b/samples/dms/src/main/java/sample/dms/DataSourcePopulator.java index 976add5790..4e80c8ef4d 100755 --- a/samples/dms/src/main/java/sample/dms/DataSourcePopulator.java +++ b/samples/dms/src/main/java/sample/dms/DataSourcePopulator.java @@ -8,10 +8,6 @@ import org.springframework.security.authentication.UsernamePasswordAuthenticatio import org.springframework.security.core.Authentication; import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.transaction.PlatformTransactionManager; -import org.springframework.transaction.TransactionStatus; -import org.springframework.transaction.support.TransactionCallback; -import org.springframework.transaction.support.TransactionTemplate; import org.springframework.util.Assert; @@ -27,122 +23,128 @@ public class DataSourcePopulator implements InitializingBean { protected static final int LEVEL_GRANT_ADMIN = 3; protected JdbcTemplate template; protected DocumentDao documentDao; - protected TransactionTemplate tt; - public DataSourcePopulator(DataSource dataSource, DocumentDao documentDao, PlatformTransactionManager platformTransactionManager) { + public DataSourcePopulator(DataSource dataSource, DocumentDao documentDao) { Assert.notNull(dataSource, "DataSource required"); Assert.notNull(documentDao, "DocumentDao required"); - Assert.notNull(platformTransactionManager, "PlatformTransactionManager required"); this.template = new JdbcTemplate(dataSource); this.documentDao = documentDao; - this.tt = new TransactionTemplate(platformTransactionManager); - } - - public void afterPropertiesSet() throws Exception { - // ACL tables - template.execute("CREATE TABLE ACL_SID(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 100) NOT NULL PRIMARY KEY,PRINCIPAL BOOLEAN NOT NULL,SID VARCHAR_IGNORECASE(100) NOT NULL,CONSTRAINT UNIQUE_UK_1 UNIQUE(SID,PRINCIPAL));"); - template.execute("CREATE TABLE ACL_CLASS(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 100) NOT NULL PRIMARY KEY,CLASS VARCHAR_IGNORECASE(100) NOT NULL,CONSTRAINT UNIQUE_UK_2 UNIQUE(CLASS));"); - template.execute("CREATE TABLE ACL_OBJECT_IDENTITY(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 100) NOT NULL PRIMARY KEY,OBJECT_ID_CLASS BIGINT NOT NULL,OBJECT_ID_IDENTITY BIGINT NOT NULL,PARENT_OBJECT BIGINT,OWNER_SID BIGINT,ENTRIES_INHERITING BOOLEAN NOT NULL,CONSTRAINT UNIQUE_UK_3 UNIQUE(OBJECT_ID_CLASS,OBJECT_ID_IDENTITY),CONSTRAINT FOREIGN_FK_1 FOREIGN KEY(PARENT_OBJECT)REFERENCES ACL_OBJECT_IDENTITY(ID),CONSTRAINT FOREIGN_FK_2 FOREIGN KEY(OBJECT_ID_CLASS)REFERENCES ACL_CLASS(ID),CONSTRAINT FOREIGN_FK_3 FOREIGN KEY(OWNER_SID)REFERENCES ACL_SID(ID));"); - template.execute("CREATE TABLE ACL_ENTRY(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 100) NOT NULL PRIMARY KEY,ACL_OBJECT_IDENTITY BIGINT NOT NULL,ACE_ORDER INT NOT NULL,SID BIGINT NOT NULL,MASK INTEGER NOT NULL,GRANTING BOOLEAN NOT NULL,AUDIT_SUCCESS BOOLEAN NOT NULL,AUDIT_FAILURE BOOLEAN NOT NULL,CONSTRAINT UNIQUE_UK_4 UNIQUE(ACL_OBJECT_IDENTITY,ACE_ORDER),CONSTRAINT FOREIGN_FK_4 FOREIGN KEY(ACL_OBJECT_IDENTITY) REFERENCES ACL_OBJECT_IDENTITY(ID),CONSTRAINT FOREIGN_FK_5 FOREIGN KEY(SID) REFERENCES ACL_SID(ID));"); - - // Normal authentication tables - template.execute("CREATE TABLE USERS(USERNAME VARCHAR_IGNORECASE(50) NOT NULL PRIMARY KEY,PASSWORD VARCHAR_IGNORECASE(50) NOT NULL,ENABLED BOOLEAN NOT NULL);"); - template.execute("CREATE TABLE AUTHORITIES(USERNAME VARCHAR_IGNORECASE(50) NOT NULL,AUTHORITY VARCHAR_IGNORECASE(50) NOT NULL,CONSTRAINT FK_AUTHORITIES_USERS FOREIGN KEY(USERNAME) REFERENCES USERS(USERNAME));"); - template.execute("CREATE UNIQUE INDEX IX_AUTH_USERNAME ON AUTHORITIES(USERNAME,AUTHORITY);"); - - // Document management system business tables - template.execute("CREATE TABLE DIRECTORY(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 100) NOT NULL PRIMARY KEY, DIRECTORY_NAME VARCHAR_IGNORECASE(50) NOT NULL, PARENT_DIRECTORY_ID BIGINT)"); - template.execute("CREATE TABLE FILE(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 100) NOT NULL PRIMARY KEY, FILE_NAME VARCHAR_IGNORECASE(50) NOT NULL, CONTENT VARCHAR_IGNORECASE(1024), PARENT_DIRECTORY_ID BIGINT)"); - - // Populate the authentication and role tables - template.execute("INSERT INTO USERS VALUES('rod','a564de63c2d0da68cf47586ee05984d7',TRUE);"); - template.execute("INSERT INTO USERS VALUES('dianne','65d15fe9156f9c4bbffd98085992a44e',TRUE);"); - template.execute("INSERT INTO USERS VALUES('scott','2b58af6dddbd072ed27ffc86725d7d3a',TRUE);"); - template.execute("INSERT INTO USERS VALUES('peter','22b5c9accc6e1ba628cedc63a72d57f8',FALSE);"); - template.execute("INSERT INTO USERS VALUES('bill','2b58af6dddbd072ed27ffc86725d7d3a',TRUE);"); - template.execute("INSERT INTO USERS VALUES('bob','2b58af6dddbd072ed27ffc86725d7d3a',TRUE);"); - template.execute("INSERT INTO USERS VALUES('jane','2b58af6dddbd072ed27ffc86725d7d3a',TRUE);"); - template.execute("INSERT INTO AUTHORITIES VALUES('rod','ROLE_USER');"); - template.execute("INSERT INTO AUTHORITIES VALUES('rod','ROLE_SUPERVISOR');"); - template.execute("INSERT INTO AUTHORITIES VALUES('dianne','ROLE_USER');"); - template.execute("INSERT INTO AUTHORITIES VALUES('scott','ROLE_USER');"); - template.execute("INSERT INTO AUTHORITIES VALUES('peter','ROLE_USER');"); - template.execute("INSERT INTO AUTHORITIES VALUES('bill','ROLE_USER');"); - template.execute("INSERT INTO AUTHORITIES VALUES('bob','ROLE_USER');"); - template.execute("INSERT INTO AUTHORITIES VALUES('jane','ROLE_USER');"); - - // Now create an ACL entry for the root directory - SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken("rod", "ignored", AuthorityUtils.createAuthorityList(("ROLE_IGNORED")))); - tt.execute(new TransactionCallback() { - public Object doInTransaction(TransactionStatus arg0) { - addPermission(documentDao, Directory.ROOT_DIRECTORY, "ROLE_USER", LEVEL_GRANT_WRITE); - return null; - } - }); - - // Now go off and create some directories and files for our users - createSampleData("rod", "koala"); - createSampleData("dianne", "emu"); - createSampleData("scott", "wombat"); } - /** - * Creates a directory for the user, and a series of sub-directories. The root directory is the parent for the user directory. The sub-directories - * are "confidential" and "shared". The ROLE_USER will be given read and write access to "shared". - */ - private void createSampleData(String username, String password) { - Assert.notNull(documentDao, "DocumentDao required"); - Assert.hasText(username, "Username required"); + public void afterPropertiesSet() throws Exception { + // ACL tables + template.execute("CREATE TABLE ACL_SID(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 100) NOT NULL PRIMARY KEY,PRINCIPAL BOOLEAN NOT NULL,SID VARCHAR_IGNORECASE(100) NOT NULL,CONSTRAINT UNIQUE_UK_1 UNIQUE(SID,PRINCIPAL));"); + template.execute("CREATE TABLE ACL_CLASS(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 100) NOT NULL PRIMARY KEY,CLASS VARCHAR_IGNORECASE(100) NOT NULL,CONSTRAINT UNIQUE_UK_2 UNIQUE(CLASS));"); + template.execute("CREATE TABLE ACL_OBJECT_IDENTITY(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 100) NOT NULL PRIMARY KEY,OBJECT_ID_CLASS BIGINT NOT NULL,OBJECT_ID_IDENTITY BIGINT NOT NULL,PARENT_OBJECT BIGINT,OWNER_SID BIGINT,ENTRIES_INHERITING BOOLEAN NOT NULL,CONSTRAINT UNIQUE_UK_3 UNIQUE(OBJECT_ID_CLASS,OBJECT_ID_IDENTITY),CONSTRAINT FOREIGN_FK_1 FOREIGN KEY(PARENT_OBJECT)REFERENCES ACL_OBJECT_IDENTITY(ID),CONSTRAINT FOREIGN_FK_2 FOREIGN KEY(OBJECT_ID_CLASS)REFERENCES ACL_CLASS(ID),CONSTRAINT FOREIGN_FK_3 FOREIGN KEY(OWNER_SID)REFERENCES ACL_SID(ID));"); + template.execute("CREATE TABLE ACL_ENTRY(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 100) NOT NULL PRIMARY KEY,ACL_OBJECT_IDENTITY BIGINT NOT NULL,ACE_ORDER INT NOT NULL,SID BIGINT NOT NULL,MASK INTEGER NOT NULL,GRANTING BOOLEAN NOT NULL,AUDIT_SUCCESS BOOLEAN NOT NULL,AUDIT_FAILURE BOOLEAN NOT NULL,CONSTRAINT UNIQUE_UK_4 UNIQUE(ACL_OBJECT_IDENTITY,ACE_ORDER),CONSTRAINT FOREIGN_FK_4 FOREIGN KEY(ACL_OBJECT_IDENTITY) REFERENCES ACL_OBJECT_IDENTITY(ID),CONSTRAINT FOREIGN_FK_5 FOREIGN KEY(SID) REFERENCES ACL_SID(ID));"); - Authentication auth = new UsernamePasswordAuthenticationToken(username, password); + // Normal authentication tables + template.execute("CREATE TABLE USERS(USERNAME VARCHAR_IGNORECASE(50) NOT NULL PRIMARY KEY,PASSWORD VARCHAR_IGNORECASE(50) NOT NULL,ENABLED BOOLEAN NOT NULL);"); + template.execute("CREATE TABLE AUTHORITIES(USERNAME VARCHAR_IGNORECASE(50) NOT NULL,AUTHORITY VARCHAR_IGNORECASE(50) NOT NULL,CONSTRAINT FK_AUTHORITIES_USERS FOREIGN KEY(USERNAME) REFERENCES USERS(USERNAME));"); + template.execute("CREATE UNIQUE INDEX IX_AUTH_USERNAME ON AUTHORITIES(USERNAME,AUTHORITY);"); - try { - // Set the SecurityContextHolder ThreadLocal so any subclasses automatically know which user is operating - SecurityContextHolder.getContext().setAuthentication(auth); + // Document management system business tables + template.execute("CREATE TABLE DIRECTORY(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 100) NOT NULL PRIMARY KEY, DIRECTORY_NAME VARCHAR_IGNORECASE(50) NOT NULL, PARENT_DIRECTORY_ID BIGINT)"); + template.execute("CREATE TABLE FILE(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 100) NOT NULL PRIMARY KEY, FILE_NAME VARCHAR_IGNORECASE(50) NOT NULL, CONTENT VARCHAR_IGNORECASE(1024), PARENT_DIRECTORY_ID BIGINT)"); - // Create the home directory first - Directory home = new Directory(username, Directory.ROOT_DIRECTORY); - documentDao.create(home); - addPermission(documentDao, home, username, LEVEL_GRANT_ADMIN); - addPermission(documentDao, home, "ROLE_USER", LEVEL_GRANT_READ); - createFiles(documentDao, home); + // Populate the authentication and role tables + template.execute("INSERT INTO USERS VALUES('rod','a564de63c2d0da68cf47586ee05984d7',TRUE);"); + template.execute("INSERT INTO USERS VALUES('dianne','65d15fe9156f9c4bbffd98085992a44e',TRUE);"); + template.execute("INSERT INTO USERS VALUES('scott','2b58af6dddbd072ed27ffc86725d7d3a',TRUE);"); + template.execute("INSERT INTO USERS VALUES('peter','22b5c9accc6e1ba628cedc63a72d57f8',FALSE);"); + template.execute("INSERT INTO USERS VALUES('bill','2b58af6dddbd072ed27ffc86725d7d3a',TRUE);"); + template.execute("INSERT INTO USERS VALUES('bob','2b58af6dddbd072ed27ffc86725d7d3a',TRUE);"); + template.execute("INSERT INTO USERS VALUES('jane','2b58af6dddbd072ed27ffc86725d7d3a',TRUE);"); + template.execute("INSERT INTO AUTHORITIES VALUES('rod','ROLE_USER');"); + template.execute("INSERT INTO AUTHORITIES VALUES('rod','ROLE_SUPERVISOR');"); + template.execute("INSERT INTO AUTHORITIES VALUES('dianne','ROLE_USER');"); + template.execute("INSERT INTO AUTHORITIES VALUES('scott','ROLE_USER');"); + template.execute("INSERT INTO AUTHORITIES VALUES('peter','ROLE_USER');"); + template.execute("INSERT INTO AUTHORITIES VALUES('bill','ROLE_USER');"); + template.execute("INSERT INTO AUTHORITIES VALUES('bob','ROLE_USER');"); + template.execute("INSERT INTO AUTHORITIES VALUES('jane','ROLE_USER');"); - // Now create the confidential directory - Directory confid = new Directory("confidential", home); - documentDao.create(confid); - addPermission(documentDao, confid, "ROLE_USER", LEVEL_NEGATE_READ); - createFiles(documentDao, confid); + // Now create an ACL entry for the root directory + SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken("rod", "ignored", AuthorityUtils.createAuthorityList(("ROLE_IGNORED")))); - // Now create the shared directory - Directory shared = new Directory("shared", home); - documentDao.create(shared); - addPermission(documentDao, shared, "ROLE_USER", LEVEL_GRANT_READ); - addPermission(documentDao, shared, "ROLE_USER", LEVEL_GRANT_WRITE); - createFiles(documentDao, shared); - } finally { - // Clear the SecurityContextHolder ThreadLocal so future calls are guaranteed to be clean - SecurityContextHolder.clearContext(); - } - } + addPermission(documentDao, Directory.ROOT_DIRECTORY, "ROLE_USER", LEVEL_GRANT_WRITE); - private void createFiles(DocumentDao documentDao, Directory parent) { - Assert.notNull(documentDao, "DocumentDao required"); - Assert.notNull(parent, "Parent required"); - int countBeforeInsert = documentDao.findElements(parent).length; - for (int i = 0; i < 10; i++) { - File file = new File("file_" + i + ".txt", parent); - documentDao.create(file); - } - Assert.isTrue(countBeforeInsert + 10 == documentDao.findElements(parent).length, "Failed to increase count by 10"); - } + // Now go off and create some directories and files for our users + createSampleData("rod", "koala"); + createSampleData("dianne", "emu"); + createSampleData("scott", "wombat"); - /** - * Allows subclass to add permissions. - * - * @param documentDao that will presumably offer methods to enable the operation to be completed - * @param element to the subject of the new permissions - * @param recipient to receive permission (if it starts with ROLE_ it is assumed to be a GrantedAuthority, else it is a username) - * @param level based on the static final integer fields on this class - */ - protected void addPermission(DocumentDao documentDao, AbstractElement element, String recipient, int level) {} + } + + /** + * Creates a directory for the user, and a series of sub-directories. The + * root directory is the parent for the user directory. The sub-directories + * are "confidential" and "shared". The ROLE_USER will be given read and + * write access to "shared". + */ + private void createSampleData(String username, String password) { + Assert.notNull(documentDao, "DocumentDao required"); + Assert.hasText(username, "Username required"); + + Authentication auth = new UsernamePasswordAuthenticationToken(username, password); + + try { + // Set the SecurityContextHolder ThreadLocal so any subclasses + // automatically know which user is operating + SecurityContextHolder.getContext().setAuthentication(auth); + + // Create the home directory first + Directory home = new Directory(username, Directory.ROOT_DIRECTORY); + documentDao.create(home); + addPermission(documentDao, home, username, LEVEL_GRANT_ADMIN); + addPermission(documentDao, home, "ROLE_USER", LEVEL_GRANT_READ); + createFiles(documentDao, home); + + // Now create the confidential directory + Directory confid = new Directory("confidential", home); + documentDao.create(confid); + addPermission(documentDao, confid, "ROLE_USER", LEVEL_NEGATE_READ); + createFiles(documentDao, confid); + + // Now create the shared directory + Directory shared = new Directory("shared", home); + documentDao.create(shared); + addPermission(documentDao, shared, "ROLE_USER", LEVEL_GRANT_READ); + addPermission(documentDao, shared, "ROLE_USER", LEVEL_GRANT_WRITE); + createFiles(documentDao, shared); + } finally { + // Clear the SecurityContextHolder ThreadLocal so future calls are + // guaranteed to be clean + SecurityContextHolder.clearContext(); + } + } + + private void createFiles(DocumentDao documentDao, Directory parent) { + Assert.notNull(documentDao, "DocumentDao required"); + Assert.notNull(parent, "Parent required"); + int countBeforeInsert = documentDao.findElements(parent).length; + for (int i = 0; i < 10; i++) { + File file = new File("file_" + i + ".txt", parent); + documentDao.create(file); + } + Assert.isTrue(countBeforeInsert + 10 == documentDao.findElements(parent).length, + "Failed to increase count by 10"); + } + + /** + * Allows subclass to add permissions. + * + * @param documentDao + * that will presumably offer methods to enable the operation to + * be completed + * @param element + * to the subject of the new permissions + * @param recipient + * to receive permission (if it starts with ROLE_ it is assumed + * to be a GrantedAuthority, else it is a username) + * @param level + * based on the static final integer fields on this class + */ + protected void addPermission(DocumentDao documentDao, AbstractElement element, String recipient, int level) { + } } diff --git a/samples/dms/src/main/java/sample/dms/secured/SecureDataSourcePopulator.java b/samples/dms/src/main/java/sample/dms/secured/SecureDataSourcePopulator.java index e927c5b07f..d21e301a59 100755 --- a/samples/dms/src/main/java/sample/dms/secured/SecureDataSourcePopulator.java +++ b/samples/dms/src/main/java/sample/dms/secured/SecureDataSourcePopulator.java @@ -13,7 +13,6 @@ import org.springframework.security.acls.model.ObjectIdentity; import org.springframework.security.acls.model.Permission; import org.springframework.security.acls.model.Sid; import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.transaction.PlatformTransactionManager; import org.springframework.util.Assert; import sample.dms.AbstractElement; @@ -24,8 +23,8 @@ public class SecureDataSourcePopulator extends DataSourcePopulator { private MutableAclService aclService; - public SecureDataSourcePopulator(DataSource dataSource, SecureDocumentDao documentDao, PlatformTransactionManager platformTransactionManager, MutableAclService aclService) { - super(dataSource, documentDao, platformTransactionManager); + public SecureDataSourcePopulator(DataSource dataSource, SecureDocumentDao documentDao, MutableAclService aclService) { + super(dataSource, documentDao); Assert.notNull(aclService, "MutableAclService required"); this.aclService = aclService; } diff --git a/samples/dms/src/main/resources/applicationContext-dms-insecure.xml b/samples/dms/src/main/resources/applicationContext-dms-insecure.xml index f5750bdf8f..0cba9c2f76 100755 --- a/samples/dms/src/main/resources/applicationContext-dms-insecure.xml +++ b/samples/dms/src/main/resources/applicationContext-dms-insecure.xml @@ -35,7 +35,6 @@ - diff --git a/samples/dms/src/main/resources/applicationContext-dms-secure.xml b/samples/dms/src/main/resources/applicationContext-dms-secure.xml index 33252041fa..457d261170 100755 --- a/samples/dms/src/main/resources/applicationContext-dms-secure.xml +++ b/samples/dms/src/main/resources/applicationContext-dms-secure.xml @@ -9,7 +9,7 @@ xmlns:s="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd - http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"> + http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd"> @@ -44,7 +44,6 @@ - @@ -206,21 +205,25 @@ - - - - - - - - - sample.dms.DocumentDao.create=ACL_ABSTRACT_ELEMENT_WRITE_PARENT - sample.dms.DocumentDao.delete=ACL_ABSTRACT_ELEMENT_WRITE - sample.dms.DocumentDao.update=ACL_ABSTRACT_ELEMENT_WRITE - sample.dms.DocumentDao.findElements=AFTER_ACL_COLLECTION_READ - sample.dms.secured.SecureDocumentDao.getUsers=ROLE_USER - - + + + + + + + + + + + + + + + + + + + diff --git a/web/src/main/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptor.java b/web/src/main/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptor.java index 139549ee0a..c039dd6ccd 100644 --- a/web/src/main/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptor.java +++ b/web/src/main/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptor.java @@ -87,6 +87,14 @@ public class FilterSecurityInterceptor extends AbstractSecurityInterceptor imple return this.securityMetadataSource; } + public SecurityMetadataSource obtainSecurityMetadataSource() { + return this.securityMetadataSource; + } + + public void setSecurityMetadataSource(FilterInvocationSecurityMetadataSource newSource) { + this.securityMetadataSource = newSource; + } + public Class getSecureObjectClass() { return FilterInvocation.class; } @@ -127,22 +135,6 @@ public class FilterSecurityInterceptor extends AbstractSecurityInterceptor imple return observeOncePerRequest; } - public SecurityMetadataSource obtainSecurityMetadataSource() { - return this.securityMetadataSource; - } - - /** - * @deprecated use setSecurityMetadataSource instead - */ - public void setObjectDefinitionSource(FilterInvocationSecurityMetadataSource newSource) { - logger.warn("The property 'objectDefinitionSource' is deprecated. Please use 'securityMetadataSource' instead"); - this.securityMetadataSource = newSource; - } - - public void setSecurityMetadataSource(FilterInvocationSecurityMetadataSource newSource) { - this.securityMetadataSource = newSource; - } - public void setObserveOncePerRequest(boolean observeOncePerRequest) { this.observeOncePerRequest = observeOncePerRequest; } diff --git a/web/src/main/java/org/springframework/security/web/authentication/AbstractProcessingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/AbstractProcessingFilter.java deleted file mode 100644 index b75cb7a108..0000000000 --- a/web/src/main/java/org/springframework/security/web/authentication/AbstractProcessingFilter.java +++ /dev/null @@ -1,17 +0,0 @@ -package org.springframework.security.web.authentication; - -/** - * Renamed class, retained for backwards compatibility. - *

- * See {@link AbstractAuthenticationProcessingFilter}. - * - * @author Luke Taylor - * @deprecated Use AbstractAuthenticationProcessingFilter instead. - */ -@Deprecated -public abstract class AbstractProcessingFilter extends AbstractAuthenticationProcessingFilter { - - protected AbstractProcessingFilter(String defaultFilterProcessesUrl) { - super(defaultFilterProcessesUrl); - } -} diff --git a/web/src/main/java/org/springframework/security/web/authentication/AuthenticationProcessingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/AuthenticationProcessingFilter.java deleted file mode 100644 index 06dcd8bca0..0000000000 --- a/web/src/main/java/org/springframework/security/web/authentication/AuthenticationProcessingFilter.java +++ /dev/null @@ -1,14 +0,0 @@ -package org.springframework.security.web.authentication; - -/** - * Renamed class, retained for backwards compatibility. - *

- * See {@link UsernamePasswordAuthenticationFilter}. - * - * @author Luke Taylor - * @deprecated Use UsernamePasswordAuthenticationFilter instead. - */ - -public class AuthenticationProcessingFilter extends UsernamePasswordAuthenticationFilter { - -} diff --git a/web/src/main/java/org/springframework/security/web/authentication/AuthenticationProcessingFilterEntryPoint.java b/web/src/main/java/org/springframework/security/web/authentication/AuthenticationProcessingFilterEntryPoint.java deleted file mode 100644 index 02bc133d76..0000000000 --- a/web/src/main/java/org/springframework/security/web/authentication/AuthenticationProcessingFilterEntryPoint.java +++ /dev/null @@ -1,13 +0,0 @@ -package org.springframework.security.web.authentication; - -/** - * Renamed class, retained for backwards compatibility. - *

- * See {@link LoginUrlAuthenticationEntryPoint}. - * - * @author Luke Taylor - * @deprecated Use LoginUrlAuthenticationEntryPoint instead. - */ -public class AuthenticationProcessingFilterEntryPoint extends LoginUrlAuthenticationEntryPoint{ - -} diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedProcessingFilterEntryPoint.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedProcessingFilterEntryPoint.java deleted file mode 100644 index 7ff50147cb..0000000000 --- a/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedProcessingFilterEntryPoint.java +++ /dev/null @@ -1,15 +0,0 @@ -package org.springframework.security.web.authentication.preauth; - -import org.springframework.security.web.authentication.Http403ForbiddenEntryPoint; - -/** - * Renamed class, retained for backwards compatibility. - *

- * See {@link Http403ForbiddenEntryPoint}. - * - * @author Luke Taylor - * @deprecated Use Http403ForbiddenEntryPoint instead. - */ -public class PreAuthenticatedProcessingFilterEntryPoint extends Http403ForbiddenEntryPoint { - -} diff --git a/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java b/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java index 227d8b76f5..e0bda53964 100644 --- a/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java +++ b/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java @@ -222,40 +222,6 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo return context; } - @SuppressWarnings("unchecked") - @Deprecated - /** - * Sets the {@code SecurityContext} implementation class. - * - * @deprecated use a custom {@code SecurityContextHolderStrategy} where the {@code createEmptyContext} method - * returns the correct implementation. - */ - public void setSecurityContextClass(Class contextClass) { - if (contextClass == null || (!SecurityContext.class.isAssignableFrom(contextClass))) { - throw new IllegalArgumentException("securityContextClass must implement SecurityContext " - + "(typically use org.springframework.security.core.context.SecurityContextImpl; existing class is " - + contextClass + ")"); - } - - this.securityContextClass = contextClass; - contextObject = generateNewContext(); - } - - /** - * Normally, the {@code SecurityContext} retrieved from the session is stored directly in the - * {@code SecurityContextHolder}, meaning that it is shared between concurrent threads. - * In this case, if one thread modifies the contents of the context, all threads will see the same - * change. - * - * @param cloneFromHttpSession set to true to clone the security context retrieved from the session. - * Defaults to false. - * @deprecated Override the {@code loadContext} method and copy the created context instead. - */ - @Deprecated - public void setCloneFromHttpSession(boolean cloneFromHttpSession) { - this.cloneFromHttpSession = cloneFromHttpSession; - } - /** * If set to true (the default), a session will be created (if required) to store the security context if it is * determined that its contents are different from the default empty context value. diff --git a/web/src/test/java/org/springframework/security/web/context/HttpSessionSecurityContextRepositoryTests.java b/web/src/test/java/org/springframework/security/web/context/HttpSessionSecurityContextRepositoryTests.java index 21580bb59c..62c450ab0c 100644 --- a/web/src/test/java/org/springframework/security/web/context/HttpSessionSecurityContextRepositoryTests.java +++ b/web/src/test/java/org/springframework/security/web/context/HttpSessionSecurityContextRepositoryTests.java @@ -18,20 +18,6 @@ import org.springframework.security.web.context.SaveContextOnUpdateOrErrorRespon public class HttpSessionSecurityContextRepositoryTests { private final TestingAuthenticationToken testToken = new TestingAuthenticationToken("someone", "passwd", "ROLE_A"); - @Test(expected=IllegalArgumentException.class) - @Deprecated - public void detectsInvalidContextClass() throws Exception { - HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository(); - repo.setSecurityContextClass(String.class); - } - - @Deprecated - @Test(expected=IllegalArgumentException.class) - public void cannotSetNullContextClass() throws Exception { - HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository(); - repo.setSecurityContextClass(null); - } - @Test public void sessionIsntCreatedIfContextDoesntChange() throws Exception { HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository(); @@ -162,30 +148,6 @@ public class HttpSessionSecurityContextRepositoryTests { assertNull(request.getSession(false)); } - @Test - @Deprecated - public void settingCloneFromContextLoadsClonedContextObject() throws Exception { - HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository(); - repo.setCloneFromHttpSession(true); - MockHttpServletRequest request = new MockHttpServletRequest(); - MockContext contextBefore = new MockContext(); - request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, contextBefore); - contextBefore.setAuthentication(testToken); - MockHttpServletResponse response = new MockHttpServletResponse(); - HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response); - SecurityContext loadedContext = repo.loadContext(holder); - assertTrue(loadedContext instanceof MockContext); - assertFalse(loadedContext == contextBefore); - } - - @Test - @Deprecated - public void generateNewContextWorksWithContextClass() throws Exception { - HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository(); - repo.setSecurityContextClass(MockContext.class); - assertTrue(repo.generateNewContext() instanceof MockContext); - } - @Test @SuppressWarnings("deprecation") public void sessionDisableUrlRewritingPreventsSessionIdBeingWrittenToUrl() throws Exception {