Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SEC-1909: Namespace configuration no longer uses deprecated API's 

Previously the namespace configuration used deprecated API's
causing warnings to show up in Spring Tool suite when editing
Spring configuration files.

Now the namespace configuration uses the replacement API's for
those that have been deprecated. The tests have also been updated
to ensure the new constructors are used and that the updates did
not break anything.
This commit is contained in:
Rob Winch 2012-07-17 14:07:16 -05:00
parent b196d70f99
commit 06638db289
8 changed files with 222 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java
View File

@ -1,3 +1,18 @@
/*
* Copyright 2002-2012 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.config.http;
import static org.springframework.security.config.http.SecurityFilters.*;
@ -5,10 +20,10 @@ import static org.springframework.security.config.http.SecurityFilters.*;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.BeanMetadataElement;
import org.springframework.beans.PropertyValue;
import org.springframework.beans.PropertyValues;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.beans.factory.config.BeanReference;
import org.springframework.beans.factory.config.ConstructorArgumentValues;
import org.springframework.beans.factory.config.ConstructorArgumentValues.ValueHolder;
import org.springframework.beans.factory.config.RuntimeBeanReference;
import org.springframework.beans.factory.parsing.BeanComponentDefinition;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
@ -20,6 +35,7 @@ import org.springframework.security.authentication.AnonymousAuthenticationProvid
import org.springframework.security.authentication.RememberMeAuthenticationProvider;
import org.springframework.security.config.BeanIds;
import org.springframework.security.config.Elements;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.authority.mapping.SimpleAttributes2GrantedAuthoritiesMapper;
import org.springframework.security.core.authority.mapping.SimpleMappableAttributesRetriever;
import org.springframework.security.web.access.AccessDeniedHandlerImpl;
@ -143,9 +159,9 @@ final class AuthenticationConfigBuilder {
key = createKey();
}
rememberMeFilter = new RememberMeBeanDefinitionParser(key).parse(rememberMeElt, pc);
rememberMeFilter.getPropertyValues().addPropertyValue("authenticationManager", authenticationManager);
rememberMeServicesId = ((RuntimeBeanReference) rememberMeFilter.getPropertyValues().getPropertyValue("rememberMeServices").getValue()).getBeanName();
RememberMeBeanDefinitionParser rememberMeParser = new RememberMeBeanDefinitionParser(key, authenticationManager);
rememberMeFilter = rememberMeParser.parse(rememberMeElt, pc);
rememberMeServicesId = rememberMeParser.getRememberMeServicesId();
createRememberMeProvider(key);
}
}
@ -154,7 +170,7 @@ final class AuthenticationConfigBuilder {
RootBeanDefinition provider = new RootBeanDefinition(RememberMeAuthenticationProvider.class);
provider.setSource(rememberMeFilter.getSource());
provider.getPropertyValues().addPropertyValue("key", key);
provider.getConstructorArgumentValues().addGenericArgumentValue(key);
String id = pc.getReaderContext().generateBeanName(provider);
pc.registerBeanComponent(new BeanComponentDefinition(provider, id));
@ -320,8 +336,8 @@ final class AuthenticationConfigBuilder {
basicEntryPoint = new RuntimeBeanReference(entryPointId);
}
filterBuilder.addPropertyValue("authenticationManager", authManager);
filterBuilder.addPropertyValue("authenticationEntryPoint", basicEntryPoint);
filterBuilder.addConstructorArgValue(authManager);
filterBuilder.addConstructorArgValue(basicEntryPoint);
basicFilter = filterBuilder.getBeanDefinition();
}
@ -500,15 +516,14 @@ final class AuthenticationConfigBuilder {
}
anonymousFilter = new RootBeanDefinition(AnonymousAuthenticationFilter.class);
PropertyValue keyPV = new PropertyValue("key", key);
anonymousFilter.getConstructorArgumentValues().addIndexedArgumentValue(0, key);
anonymousFilter.getConstructorArgumentValues().addIndexedArgumentValue(1, username);
anonymousFilter.getConstructorArgumentValues().addIndexedArgumentValue(2, AuthorityUtils.createAuthorityList(grantedAuthority));
anonymousFilter.setSource(source);
anonymousFilter.getPropertyValues().addPropertyValue("userAttribute", username + "," + grantedAuthority);
anonymousFilter.getPropertyValues().addPropertyValue(keyPV);
RootBeanDefinition anonymousProviderBean = new RootBeanDefinition(AnonymousAuthenticationProvider.class);
anonymousProviderBean.getConstructorArgumentValues().addIndexedArgumentValue(0, key);
anonymousProviderBean.setSource(anonymousFilter.getSource());
anonymousProviderBean.getPropertyValues().addPropertyValue(keyPV);
String id = pc.getReaderContext().generateBeanName(anonymousProviderBean);
pc.registerBeanComponent(new BeanComponentDefinition(anonymousProviderBean, id));
@ -525,8 +540,8 @@ final class AuthenticationConfigBuilder {
BeanDefinitionBuilder etfBuilder = BeanDefinitionBuilder.rootBeanDefinition(ExceptionTranslationFilter.class);
etfBuilder.addPropertyValue("accessDeniedHandler", createAccessDeniedHandler(httpElt, pc));
assert requestCache != null;
etfBuilder.addPropertyValue("requestCache", requestCache);
etfBuilder.addPropertyValue("authenticationEntryPoint", selectEntryPoint());
etfBuilder.addConstructorArgValue(selectEntryPoint());
etfBuilder.addConstructorArgValue(requestCache);
etf = etfBuilder.getBeanDefinition();
}
@ -620,18 +635,18 @@ final class AuthenticationConfigBuilder {
return null;
}
PropertyValues pvs = entryPoint.getPropertyValues();
PropertyValue pv = pvs.getPropertyValue("loginFormUrl");
if (pv == null) {
ConstructorArgumentValues cavs = entryPoint.getConstructorArgumentValues();
ValueHolder vh = cavs.getIndexedArgumentValue(0, String.class);
if (vh == null) {
return null;
}
// If the login URL is the default one, then it is assumed not to have been set explicitly
if (DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL.equals(pv.getValue())) {
if (DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL.equals(vh.getValue())) {
return null;
}
return (String) pv.getValue();
return (String) vh.getValue();
}
private void createUserDetailsServiceFactory() {

17
config/src/main/java/org/springframework/security/config/http/FormLoginBeanDefinitionParser.java
View File

@ -1,3 +1,18 @@
/*
* Copyright 2002-2012 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.config.http;
import org.apache.commons.logging.Log;
@ -115,7 +130,7 @@ public class FormLoginBeanDefinitionParser {
BeanDefinitionBuilder entryPointBuilder =
BeanDefinitionBuilder.rootBeanDefinition(LoginUrlAuthenticationEntryPoint.class);
entryPointBuilder.getRawBeanDefinition().setSource(source);
entryPointBuilder.addPropertyValue("loginFormUrl", loginPage != null ? loginPage : DEF_LOGIN_PAGE);
entryPointBuilder.addConstructorArgValue(loginPage != null ? loginPage : DEF_LOGIN_PAGE);
entryPointBuilder.addPropertyValue("portMapper", portMapper);
entryPointBuilder.addPropertyValue("portResolver", portResolver);
entryPointBean = (RootBeanDefinition) entryPointBuilder.getBeanDefinition();

26
config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java
View File

@ -1,3 +1,18 @@
/*
* Copyright 2002-2012 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.config.http;
import static org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.*;
@ -22,7 +37,6 @@ import org.springframework.security.access.vote.AuthenticatedVoter;
import org.springframework.security.access.vote.RoleVoter;
import org.springframework.security.config.Elements;
import org.springframework.security.core.session.SessionRegistryImpl;
import org.springframework.security.web.PortResolverImpl;
import org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator;
import org.springframework.security.web.access.channel.ChannelDecisionManagerImpl;
import org.springframework.security.web.access.channel.ChannelProcessingFilter;
@ -179,7 +193,7 @@ class HttpConfigurationBuilder {
}
contextRepoRef = new RuntimeBeanReference(repoRef);
scpf.addPropertyValue("securityContextRepository", contextRepoRef);
scpf.addConstructorArgValue(contextRepoRef);
securityContextPersistenceFilter = scpf.getBeanDefinition();
}
@ -277,7 +291,7 @@ class HttpConfigurationBuilder {
sessionMgmtFilter.addPropertyValue("invalidSessionStrategy", new SimpleRedirectInvalidSessionStrategy(invalidSessionUrl));
}
sessionMgmtFilter.addPropertyReference("sessionAuthenticationStrategy", sessionAuthStratRef);
sessionMgmtFilter.addConstructorArgReference(sessionAuthStratRef);
sfpf = (RootBeanDefinition) sessionMgmtFilter.getBeanDefinition();
sessionStrategyRef = new RuntimeBeanReference(sessionAuthStratRef);
@ -310,7 +324,7 @@ class HttpConfigurationBuilder {
BeanDefinitionBuilder filterBuilder =
BeanDefinitionBuilder.rootBeanDefinition(ConcurrentSessionFilter.class);
filterBuilder.addPropertyReference("sessionRegistry", sessionRegistryId);
filterBuilder.addConstructorArgReference(sessionRegistryId);
Object source = pc.extractSource(element);
filterBuilder.getRawBeanDefinition().setSource(source);
@ -320,7 +334,7 @@ class HttpConfigurationBuilder {
if (StringUtils.hasText(expiryUrl)) {
WebConfigUtils.validateHttpRedirect(expiryUrl, pc, source);
filterBuilder.addPropertyValue("expiredUrl", expiryUrl);
filterBuilder.addConstructorArgValue(expiryUrl);
}
pc.popAndRegisterContainingComponent();
@ -450,7 +464,7 @@ class HttpConfigurationBuilder {
}
requestCacheAwareFilter = new RootBeanDefinition(RequestCacheAwareFilter.class);
requestCacheAwareFilter.getPropertyValues().addPropertyValue("requestCache", requestCache);
requestCacheAwareFilter.getConstructorArgumentValues().addGenericArgumentValue(requestCache);
}
private void createFilterSecurityInterceptor(BeanReference authManager) {

37
config/src/main/java/org/springframework/security/config/http/RememberMeBeanDefinitionParser.java
View File

@ -1,8 +1,24 @@
/*
* Copyright 2002-2012 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.config.http;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.beans.factory.config.BeanReference;
import org.springframework.beans.factory.config.RuntimeBeanReference;
import org.springframework.beans.factory.parsing.BeanComponentDefinition;
import org.springframework.beans.factory.parsing.CompositeComponentDefinition;
@ -21,6 +37,7 @@ import org.w3c.dom.Element;
/**
* @author Luke Taylor
* @author Ben Alex
* @author Rob Winch
*/
class RememberMeBeanDefinitionParser implements BeanDefinitionParser {
static final String ATT_DATA_SOURCE = "data-source-ref";
@ -34,9 +51,12 @@ class RememberMeBeanDefinitionParser implements BeanDefinitionParser {
protected final Log logger = LogFactory.getLog(getClass());
private final String key;
private final BeanReference authenticationManager;
private String rememberMeServicesId;
RememberMeBeanDefinitionParser(String key) {
RememberMeBeanDefinitionParser(String key, BeanReference authenticationManager) {
this.key = key;
this.authenticationManager = authenticationManager;
}
public BeanDefinition parse(Element element, ParserContext pc) {
@ -83,7 +103,7 @@ class RememberMeBeanDefinitionParser implements BeanDefinitionParser {
((BeanDefinition)tokenRepo).getPropertyValues().addPropertyValue("dataSource",
new RuntimeBeanReference(dataSource));
}
services.getPropertyValues().addPropertyValue("tokenRepository", tokenRepo);
services.getConstructorArgumentValues().addIndexedArgumentValue(2, tokenRepo);
} else if (!servicesRefSet) {
services = new RootBeanDefinition(TokenBasedRememberMeServices.class);
}
@ -96,7 +116,9 @@ class RememberMeBeanDefinitionParser implements BeanDefinitionParser {
uds.setFactoryMethodName("cachingUserDetailsService");
uds.getConstructorArgumentValues().addGenericArgumentValue(userServiceRef);
services.getPropertyValues().addPropertyValue("userDetailsService", uds);
services.getConstructorArgumentValues().addGenericArgumentValue(key);
services.getConstructorArgumentValues().addGenericArgumentValue(uds);
// tokenRepo is already added if it is a PersistentTokenBasedRememberMeServices
String useSecureCookie = element.getAttribute(ATT_SECURE_COOKIE);
if (StringUtils.hasText(useSecureCookie)) {
@ -112,7 +134,6 @@ class RememberMeBeanDefinitionParser implements BeanDefinitionParser {
services.getPropertyValues().addPropertyValue("tokenValiditySeconds", tokenValidity);
}
services.setSource(source);
services.getPropertyValues().addPropertyValue("key", key);
servicesName = pc.getReaderContext().generateBeanName(services);
pc.registerBeanComponent(new BeanComponentDefinition(services, servicesName));
} else {
@ -123,6 +144,8 @@ class RememberMeBeanDefinitionParser implements BeanDefinitionParser {
pc.getRegistry().registerAlias(servicesName, element.getAttribute(ATT_SERVICES_ALIAS));
}
this.rememberMeServicesId = servicesName;
BeanDefinitionBuilder filter = BeanDefinitionBuilder.rootBeanDefinition(RememberMeAuthenticationFilter.class);
filter.getRawBeanDefinition().setSource(source);
@ -130,11 +153,15 @@ class RememberMeBeanDefinitionParser implements BeanDefinitionParser {
filter.addPropertyReference("authenticationSuccessHandler", successHandlerRef);
}
filter.addPropertyReference("rememberMeServices", servicesName);
filter.addConstructorArgValue(authenticationManager);
filter.addConstructorArgReference(servicesName);
pc.popAndRegisterContainingComponent();
return filter.getBeanDefinition();
}
String getRememberMeServicesId() {
return this.rememberMeServicesId;
}
}

18
config/src/main/java/org/springframework/security/config/method/MethodConfigUtils.java
View File

@ -1,3 +1,18 @@
/*
* Copyright 2002-2012 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.config.method;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
@ -15,6 +30,7 @@ import org.springframework.security.config.BeanIds;
*
* @author Luke Taylor
* @author Ben Alex
* @author Rob Winch
*/
abstract class MethodConfigUtils {
@SuppressWarnings("unchecked")
@ -34,7 +50,7 @@ abstract class MethodConfigUtils {
}
BeanDefinitionBuilder accessMgrBuilder = BeanDefinitionBuilder.rootBeanDefinition(AffirmativeBased.class);
accessMgrBuilder.addPropertyValue("decisionVoters", defaultVoters);
accessMgrBuilder.addConstructorArgValue(defaultVoters);
return (RootBeanDefinition) accessMgrBuilder.getBeanDefinition();
}
}

28
config/src/test/groovy/org/springframework/security/config/http/MiscHttpConfigTests.groovy
View File

@ -1,3 +1,18 @@
/*
* Copyright 2002-2012 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.config.http;
@ -12,6 +27,7 @@ import org.springframework.mock.web.MockHttpServletRequest
import org.springframework.mock.web.MockHttpServletResponse
import org.springframework.security.access.AccessDeniedException
import org.springframework.security.access.SecurityConfig
import org.springframework.security.authentication.AnonymousAuthenticationProvider;
import org.springframework.security.authentication.TestingAuthenticationToken
import org.springframework.security.config.BeanIds
import org.springframework.security.config.MockUserServiceBeanPostProcessor
@ -56,6 +72,12 @@ import org.springframework.security.web.access.expression.DefaultWebSecurityExpr
import org.springframework.security.web.util.AntPathRequestMatcher
import org.springframework.security.authentication.AuthenticationManager
/**
*
* @author Luke Taylor
* @author Rob Winch
*/
class MiscHttpConfigTests extends AbstractHttpConfigTests {
def 'Minimal configuration parses'() {
setup:
@ -181,8 +203,10 @@ class MiscHttpConfigTests extends AbstractHttpConfigTests {
createAppContext()
AnonymousAuthenticationFilter filter = getFilter(AnonymousAuthenticationFilter);
def providers = appContext.getBeansOfType(AuthenticationManager).values()*.providers.flatten()
expect:
'customKey' == providers.find { it instanceof AnonymousAuthenticationProvider }.key
'customKey' == filter.key
'joe' == filter.principal
'anonymity' == filter.authorities[0].authority
@ -667,7 +691,7 @@ class MiscHttpConfigTests extends AbstractHttpConfigTests {
def customAccessDecisionManagerIsSupported() {
xml.http('auto-config': 'true', 'access-decision-manager-ref': 'adm')
xml.'b:bean'(id: 'adm', 'class': AffirmativeBased.class.name) {
'b:property'(name: 'decisionVoters') {
'b:constructor-arg' {
'b:list'() {
'b:bean'('class': RoleVoter.class.name)
'b:bean'('class': RoleVoter.class.name)
@ -736,6 +760,6 @@ class MockPermissionEvaluator implements PermissionEvaluator {
class MockEntryPoint extends LoginUrlAuthenticationEntryPoint {
public MockEntryPoint() {
super.setLoginFormUrl("/notused");
super("/notused");
}
}

53
config/src/test/groovy/org/springframework/security/config/http/RememberMeConfigTests.groovy
View File

@ -1,3 +1,18 @@
/*
* Copyright 2002-2012 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.config.http
import org.springframework.beans.factory.parsing.BeanDefinitionParsingException
@ -9,15 +24,19 @@ import org.springframework.security.core.userdetails.MockUserDetailsService
import org.springframework.security.util.FieldUtils
import org.springframework.security.web.authentication.logout.LogoutFilter
import org.springframework.security.web.authentication.rememberme.InMemoryTokenRepositoryImpl
import org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl;
import org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices
import org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter
import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices
import static org.springframework.security.config.ConfigTestUtils.AUTH_PROVIDER_XML
import org.springframework.security.web.authentication.RememberMeServices;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler
/**
*
* @author Luke Taylor
* @author Rob Winch
*/
class RememberMeConfigTests extends AbstractHttpConfigTests {
@ -25,13 +44,16 @@ class RememberMeConfigTests extends AbstractHttpConfigTests {
httpAutoConfig () {
'remember-me'('token-repository-ref': 'tokenRepo')
}
bean('tokenRepo', InMemoryTokenRepositoryImpl.class.name)
bean('tokenRepo', CustomTokenRepository.class.name)
createAppContext(AUTH_PROVIDER_XML)
def rememberMeServices = rememberMeServices()
expect:
rememberMeServices() instanceof PersistentTokenBasedRememberMeServices
FieldUtils.getFieldValue(rememberMeServices(), "useSecureCookie") == null
rememberMeServices instanceof PersistentTokenBasedRememberMeServices
rememberMeServices.tokenRepository instanceof CustomTokenRepository
FieldUtils.getFieldValue(rememberMeServices, "useSecureCookie") == null
}
def rememberMeServiceWorksWithDataSourceRef() {
@ -42,8 +64,11 @@ class RememberMeConfigTests extends AbstractHttpConfigTests {
createAppContext(AUTH_PROVIDER_XML)
def rememberMeServices = rememberMeServices()
expect:
rememberMeServices() instanceof PersistentTokenBasedRememberMeServices
rememberMeServices instanceof PersistentTokenBasedRememberMeServices
rememberMeServices.tokenRepository instanceof JdbcTokenRepositoryImpl
}
def rememberMeServiceWorksWithAuthenticationSuccessHandlerRef() {
@ -62,8 +87,11 @@ class RememberMeConfigTests extends AbstractHttpConfigTests {
httpAutoConfig () {
'remember-me'('key': "#{'our' + 'key'}", 'services-ref': 'rms')
}
bean('rms', TokenBasedRememberMeServices.class.name,
['key':'ourKey', 'tokenValiditySeconds':'5000'], ['userDetailsService':'us'])
xml.'b:bean'(id: 'rms', 'class': TokenBasedRememberMeServices.class.name) {
'b:constructor-arg'(value: 'ourKey')
'b:constructor-arg'(ref: 'us')
'b:property'(name: 'tokenValiditySeconds', value: '5000')
}
createAppContext(AUTH_PROVIDER_XML)
@ -88,8 +116,15 @@ class RememberMeConfigTests extends AbstractHttpConfigTests {
}
createAppContext(AUTH_PROVIDER_XML)
def rememberMeServices = rememberMeServices()
def rememberMeFilter = getFilter(RememberMeAuthenticationFilter.class)
expect:
rememberMeServices().tokenValiditySeconds == 10000
rememberMeFilter.authenticationManager
rememberMeServices.key == 'ourkey'
rememberMeServices.tokenValiditySeconds == 10000
rememberMeServices.userDetailsService
}
def 'Remember-me token validity allows negative value for non-persistent implementation'() {
@ -165,4 +200,8 @@ class RememberMeConfigTests extends AbstractHttpConfigTests {
def rememberMeServices() {
getFilter(RememberMeAuthenticationFilter.class).getRememberMeServices()
}
static class CustomTokenRepository extends InMemoryTokenRepositoryImpl {
}
}

30
config/src/test/groovy/org/springframework/security/config/http/SessionManagementConfigTests.groovy
View File

@ -1,3 +1,18 @@
/*
* Copyright 2002-2012 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.config.http
import org.springframework.mock.web.MockFilterChain
@ -22,6 +37,7 @@ import static org.junit.Assert.assertSame
* Tests session-related functionality for the <http> namespace element and <session-management>
*
* @author Luke Taylor
* @author Rob Winch
*/
class SessionManagementConfigTests extends AbstractHttpConfigTests {
@ -87,11 +103,25 @@ class SessionManagementConfigTests extends AbstractHttpConfigTests {
expect:
filters.get(0) instanceof ConcurrentSessionFilter
filters.get(0).expiredUrl == '/expired'
appContext.getBean("sr") != null
getFilter(SessionManagementFilter.class) != null
sessionRegistryIsValid();
}
def 'concurrency-control handles default expired-url as null'() {
httpAutoConfig {
'session-management'() {
'concurrency-control'('session-registry-alias':'sr')
}
}
createAppContext();
List filters = getFilters("/someurl");
expect:
filters.get(0).expiredUrl == null
}
def externalSessionStrategyIsSupported() {
when:
httpAutoConfig {