Support <repository> and JbcUserDetailsManager.
This commit is contained in:
Ben Alex
parent
8cf46ad0f8
commit
0b0b174eda
|
|
@ -1,11 +1,8 @@
|
|||
package org.springframework.security.config;
|
||||
|
||||
import org.springframework.beans.factory.config.BeanDefinition;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.beans.factory.xml.BeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
import org.springframework.security.providers.dao.DaoAuthenticationProvider;
|
||||
import org.springframework.util.xml.DomUtils;
|
||||
import org.w3c.dom.Element;
|
||||
|
||||
/**
|
||||
|
|
@ -15,23 +12,7 @@ import org.w3c.dom.Element;
|
|||
class AuthenticationProviderBeanDefinitionParser implements BeanDefinitionParser {
|
||||
|
||||
public BeanDefinition parse(Element element, ParserContext parserContext) {
|
||||
ConfigUtils.registerProviderManagerIfNecessary(parserContext);
|
||||
|
||||
RootBeanDefinition authProvider;
|
||||
|
||||
// TODO: Proper implementation
|
||||
Element userServiceElt = DomUtils.getChildElementByTagName(element, "user-service");
|
||||
|
||||
if (userServiceElt != null) {
|
||||
authProvider = new RootBeanDefinition(DaoAuthenticationProvider.class);
|
||||
BeanDefinition userDetailsService = new UserServiceBeanDefinitionParser().parse(userServiceElt, parserContext);
|
||||
authProvider.getPropertyValues().addPropertyValue("userDetailsService", userDetailsService);
|
||||
} else {
|
||||
throw new IllegalArgumentException("Only support user-service provider at the moment.");
|
||||
}
|
||||
|
||||
ConfigUtils.getRegisteredProviders(parserContext).add(authProvider);
|
||||
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -14,7 +14,8 @@ public class SecurityNamespaceHandler extends NamespaceHandlerSupport {
|
|||
registerBeanDefinitionParser("ldap", new LdapBeanDefinitionParser());
|
||||
registerBeanDefinitionParser("http", new HttpSecurityBeanDefinitionParser());
|
||||
registerBeanDefinitionParser("user-service", new UserServiceBeanDefinitionParser());
|
||||
registerBeanDefinitionParser("authentication-provider", new AuthenticationProviderBeanDefinitionParser());
|
||||
registerBeanDefinitionParser("repository", new RepositoryBeanDefinitionParser());
|
||||
//registerBeanDefinitionParser("authentication-provider", new AuthenticationProviderBeanDefinitionParser());
|
||||
registerBeanDefinitionDecorator("intercept-methods", new InterceptMethodsBeanDefinitionDecorator());
|
||||
registerBeanDefinitionDecorator("filter-chain-map", new FilterChainMapBeanDefinitionDecorator());
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ datatypes xsd = "http://www.w3.org/2001/XMLSchema-datatypes"
|
|||
|
||||
default namespace = "http://www.springframework.org/schema/security"
|
||||
|
||||
start = http | ldap
|
||||
start = http | ldap | repository
|
||||
|
||||
# targetNamespace="http://www.springframework.org/schema/security"
|
||||
|
||||
|
|
@ -156,12 +156,14 @@ anonymous.attlist &=
|
|||
## The granted authority that should be assigned to the anonymous request. Commonly this is used to assign the anonymous request particular roles, which can subsequently be used in authorization decisions.
|
||||
[ a:defaultValue = "ROLE_ANONYMOUS" ] attribute grantedAuthority {xsd:string}?
|
||||
|
||||
authentication-provider =
|
||||
element authentication-provider {authentication-provider.attlist, (user-service | jdbc-user-service)}
|
||||
authentication-provider.attlist &= empty
|
||||
repository =
|
||||
element repository {repository.attlist, (user-service | jdbc-user-service | custom-user-service)}
|
||||
repository.attlist &=
|
||||
## Indicates the repository should have an authentication provider created. If unspecified, defaults to true.
|
||||
attribute createProvider {"true" | "false"}?
|
||||
|
||||
user-service =
|
||||
element user-service {user-service.attlist, (user* | jdbc-user-service)}
|
||||
element user-service {user-service.attlist, (user*)}
|
||||
user-service.attlist &=
|
||||
attribute properties {xsd:string}*
|
||||
|
||||
|
|
@ -175,6 +177,15 @@ user.attlist &=
|
|||
attribute authorities {xsd:string}
|
||||
|
||||
jdbc-user-service =
|
||||
element jdbc-user-service {jdbc-users.attlist, empty}
|
||||
jdbc-users.attlist &= empty
|
||||
## Causes creation of a JDBC-based UserDetailsService.
|
||||
element jdbc-user-service {jdbc-user-service.attlist}
|
||||
jdbc-user-service.attlist &=
|
||||
## The bean ID of the DataSource which provides the required tables.
|
||||
attribute dataSource {xsd:string}
|
||||
|
||||
custom-user-service =
|
||||
element custom-user-service {custom-user-service.attlist}
|
||||
custom-user-service.attlist &=
|
||||
## The bean ID of your custom UserDetailsService implementation.
|
||||
attribute id {xsd:string}
|
||||
|
||||
|
|
|
|||
|
|
@ -317,20 +317,34 @@
|
|||
</xs:annotation>
|
||||
</xs:attribute>
|
||||
</xs:attributeGroup>
|
||||
<xs:element name="authentication-provider">
|
||||
<xs:element name="repository">
|
||||
<xs:complexType>
|
||||
<xs:choice>
|
||||
<xs:element ref="security:user-service"/>
|
||||
<xs:element ref="security:jdbc-user-service"/>
|
||||
<xs:element ref="security:custom-user-service"/>
|
||||
</xs:choice>
|
||||
<xs:attributeGroup ref="security:repository.attlist"/>
|
||||
</xs:complexType>
|
||||
</xs:element>
|
||||
<xs:attributeGroup name="repository.attlist">
|
||||
<xs:attribute name="createProvider">
|
||||
<xs:annotation>
|
||||
<xs:documentation>Indicates the repository should have an authentication provider created. If unspecified, defaults to true.</xs:documentation>
|
||||
</xs:annotation>
|
||||
<xs:simpleType>
|
||||
<xs:restriction base="xs:token">
|
||||
<xs:enumeration value="true"/>
|
||||
<xs:enumeration value="false"/>
|
||||
</xs:restriction>
|
||||
</xs:simpleType>
|
||||
</xs:attribute>
|
||||
</xs:attributeGroup>
|
||||
<xs:element name="user-service">
|
||||
<xs:complexType>
|
||||
<xs:choice>
|
||||
<xs:sequence>
|
||||
<xs:element minOccurs="0" maxOccurs="unbounded" ref="security:user"/>
|
||||
<xs:element ref="security:jdbc-user-service"/>
|
||||
</xs:choice>
|
||||
</xs:sequence>
|
||||
<xs:attributeGroup ref="security:user-service.attlist"/>
|
||||
</xs:complexType>
|
||||
</xs:element>
|
||||
|
|
@ -348,6 +362,30 @@
|
|||
<xs:attribute name="authorities" use="required" type="xs:string"/>
|
||||
</xs:attributeGroup>
|
||||
<xs:element name="jdbc-user-service">
|
||||
<xs:complexType/>
|
||||
<xs:annotation>
|
||||
<xs:documentation>Causes creation of a JDBC-based UserDetailsService.</xs:documentation>
|
||||
</xs:annotation>
|
||||
<xs:complexType>
|
||||
<xs:attributeGroup ref="security:jdbc-user-service.attlist"/>
|
||||
</xs:complexType>
|
||||
</xs:element>
|
||||
<xs:attributeGroup name="jdbc-user-service.attlist">
|
||||
<xs:attribute name="dataSource" use="required" type="xs:string">
|
||||
<xs:annotation>
|
||||
<xs:documentation>The bean ID of the DataSource which provides the required tables.</xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:attribute>
|
||||
</xs:attributeGroup>
|
||||
<xs:element name="custom-user-service">
|
||||
<xs:complexType>
|
||||
<xs:attributeGroup ref="security:custom-user-service.attlist"/>
|
||||
</xs:complexType>
|
||||
</xs:element>
|
||||
<xs:attributeGroup name="custom-user-service.attlist">
|
||||
<xs:attribute name="id" use="required" type="xs:string">
|
||||
<xs:annotation>
|
||||
<xs:documentation>The bean ID of your custom UserDetailsService implementation.</xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:attribute>
|
||||
</xs:attributeGroup>
|
||||
</xs:schema>
|
||||
|
|
|
|||
|
|
@ -25,12 +25,12 @@ http://www.springframework.org/schema/security http://www.springframework.org/sc
|
|||
<remember-me key="doesntmatter" tokenRepository="tokenRepo"/>
|
||||
</http>
|
||||
|
||||
<authentication-provider>
|
||||
<repository>
|
||||
<user-service>
|
||||
<user name="bob" password="bobspassword" authorities="ROLE_A,ROLE_B" />
|
||||
<user name="bill" password="billspassword" authorities="ROLE_A,ROLE_B,AUTH_OTHER" />
|
||||
</user-service>
|
||||
</authentication-provider>
|
||||
</repository>
|
||||
|
||||
<beans:bean name="tokenRepo" class="org.springframework.security.ui.rememberme.InMemoryTokenRepositoryImpl"/>
|
||||
|
||||
|
|
|
|||
|
|
@ -16,11 +16,11 @@ http://www.springframework.org/schema/security http://www.springframework.org/sc
|
|||
</intercept-methods>
|
||||
</b:bean>
|
||||
|
||||
<authentication-provider>
|
||||
<repository>
|
||||
<user-service>
|
||||
<user name="bob" password="bobspassword" authorities="ROLE_A,ROLE_B" />
|
||||
<user name="bill" password="billspassword" authorities="ROLE_A,ROLE_B,AUTH_OTHER" />
|
||||
</user-service>
|
||||
</authentication-provider>
|
||||
</repository>
|
||||
|
||||
</b:beans>
|
||||
|
|
@ -23,16 +23,18 @@
|
|||
<logout />
|
||||
<concurrent-session-control maxSessions="1" exceptionIfMaximumExceeded="true"/>
|
||||
|
||||
<remember-me key="doesntmatter" tokenRepository="tokenRepo"/>
|
||||
<remember-me key="doesntmatter"/>
|
||||
</http>
|
||||
|
||||
<!--
|
||||
<beans:bean name="tokenRepo" class="org.springframework.security.ui.rememberme.InMemoryTokenRepositoryImpl"/>
|
||||
|
||||
<authentication-provider>
|
||||
<user-service>
|
||||
<user name="bob" password="bobspassword" authorities="ROLE_SUPERVISOR" />
|
||||
<user name="bill" password="billspassword" authorities="ROLE_A,ROLE_B" />
|
||||
</user-service>
|
||||
</authentication-provider>
|
||||
-->
|
||||
<repository>
|
||||
<user-service>
|
||||
<user name="bob" password="bobspassword" authorities="ROLE_SUPERVISOR" />
|
||||
<user name="bill" password="billspassword" authorities="ROLE_A,ROLE_B" />
|
||||
</user-service>
|
||||
</repository>
|
||||
|
||||
|
||||
|
||||
</beans:beans>
|
||||
Loading…
Reference in New Issue