diff --git a/core/src/main/java/org/springframework/security/authentication/AuthenticationDetails.java b/core/src/main/java/org/springframework/security/authentication/AuthenticationDetails.java index f1fc7f4791..97afee1215 100755 --- a/core/src/main/java/org/springframework/security/authentication/AuthenticationDetails.java +++ b/core/src/main/java/org/springframework/security/authentication/AuthenticationDetails.java @@ -8,6 +8,7 @@ import java.io.Serializable; * @author Ruud Senden * @since 2.0 */ +@Deprecated public class AuthenticationDetails implements Serializable { //~ Instance fields ================================================================================================ diff --git a/core/src/main/java/org/springframework/security/authentication/AuthenticationDetailsSource.java b/core/src/main/java/org/springframework/security/authentication/AuthenticationDetailsSource.java index 0b01c41f37..b8865e078e 100644 --- a/core/src/main/java/org/springframework/security/authentication/AuthenticationDetailsSource.java +++ b/core/src/main/java/org/springframework/security/authentication/AuthenticationDetailsSource.java @@ -21,7 +21,7 @@ package org.springframework.security.authentication; * * @author Ben Alex */ -public interface AuthenticationDetailsSource { +public interface AuthenticationDetailsSource { //~ Methods ======================================================================================================== /** @@ -31,5 +31,5 @@ public interface AuthenticationDetailsSource { * * @return a fully-configured authentication details instance */ - Object buildDetails(Object context); + T buildDetails(C context); } diff --git a/core/src/main/java/org/springframework/security/authentication/AuthenticationDetailsSourceImpl.java b/core/src/main/java/org/springframework/security/authentication/AuthenticationDetailsSourceImpl.java index 6e44590d82..a6380329ba 100755 --- a/core/src/main/java/org/springframework/security/authentication/AuthenticationDetailsSourceImpl.java +++ b/core/src/main/java/org/springframework/security/authentication/AuthenticationDetailsSourceImpl.java @@ -1,11 +1,10 @@ package org.springframework.security.authentication; -import java.lang.reflect.Constructor; - -import org.springframework.security.authentication.AuthenticationDetailsSource; import org.springframework.util.Assert; import org.springframework.util.ReflectionUtils; +import java.lang.reflect.Constructor; + /** * Base implementation of {@link AuthenticationDetailsSource}. *

@@ -16,7 +15,9 @@ import org.springframework.util.ReflectionUtils; * * @author Ruud Senden * @since 2.0 + * @deprecated Write an implementation of AuthenticationDetailsSource which returns the desired type directly. */ +@Deprecated public class AuthenticationDetailsSourceImpl implements AuthenticationDetailsSource { //~ Instance fields ================================================================================================ diff --git a/core/src/main/java/org/springframework/security/core/authority/GrantedAuthoritiesContainerImpl.java b/core/src/main/java/org/springframework/security/core/authority/GrantedAuthoritiesContainerImpl.java index bb898a9d1c..bf3e5a1117 100644 --- a/core/src/main/java/org/springframework/security/core/authority/GrantedAuthoritiesContainerImpl.java +++ b/core/src/main/java/org/springframework/security/core/authority/GrantedAuthoritiesContainerImpl.java @@ -6,6 +6,7 @@ import java.util.List; import org.springframework.security.core.GrantedAuthority; import org.springframework.util.Assert; +@Deprecated public class GrantedAuthoritiesContainerImpl implements MutableGrantedAuthoritiesContainer { private List authorities; diff --git a/core/src/main/java/org/springframework/security/core/authority/MutableGrantedAuthoritiesContainer.java b/core/src/main/java/org/springframework/security/core/authority/MutableGrantedAuthoritiesContainer.java index 30d9cd1dcb..224f5de890 100644 --- a/core/src/main/java/org/springframework/security/core/authority/MutableGrantedAuthoritiesContainer.java +++ b/core/src/main/java/org/springframework/security/core/authority/MutableGrantedAuthoritiesContainer.java @@ -14,6 +14,7 @@ import org.springframework.security.core.GrantedAuthority; * @author Luke Taylor * @since 2.0 */ +@Deprecated public interface MutableGrantedAuthoritiesContainer extends GrantedAuthoritiesContainer { /** * Used to store authorities in the containing object. diff --git a/core/src/main/java/org/springframework/security/core/session/SessionIdentifierAware.java b/core/src/main/java/org/springframework/security/core/session/SessionIdentifierAware.java index b61f519032..18ed0ac548 100644 --- a/core/src/main/java/org/springframework/security/core/session/SessionIdentifierAware.java +++ b/core/src/main/java/org/springframework/security/core/session/SessionIdentifierAware.java @@ -22,7 +22,9 @@ package org.springframework.security.core.session; * Used to extract the session ID from an Authentication object. * * @author Ben Alex + * @deprecated Legacy of former concurrency control implementation. Will be removed in a future version. */ +@Deprecated public interface SessionIdentifierAware { //~ Methods ======================================================================================================== diff --git a/samples/gae/src/main/java/samples/gae/security/GaeAuthenticationFilter.java b/samples/gae/src/main/java/samples/gae/security/GaeAuthenticationFilter.java index 5077bff947..f8edd5e009 100644 --- a/samples/gae/src/main/java/samples/gae/security/GaeAuthenticationFilter.java +++ b/samples/gae/src/main/java/samples/gae/security/GaeAuthenticationFilter.java @@ -19,6 +19,7 @@ import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.web.authentication.AuthenticationFailureHandler; import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler; +import org.springframework.security.web.authentication.WebAuthenticationDetails; import org.springframework.security.web.authentication.WebAuthenticationDetailsSource; import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken; import org.springframework.util.Assert; @@ -32,7 +33,7 @@ public class GaeAuthenticationFilter extends GenericFilterBean { private final Logger logger = LoggerFactory.getLogger(getClass()); - private final AuthenticationDetailsSource ads = new WebAuthenticationDetailsSource(); + private final AuthenticationDetailsSource ads = new WebAuthenticationDetailsSource(); private AuthenticationManager authenticationManager; private AuthenticationFailureHandler failureHandler = new SimpleUrlAuthenticationFailureHandler(); @@ -47,7 +48,7 @@ public class GaeAuthenticationFilter extends GenericFilterBean { logger.debug("Authenticating to Spring Security"); // User has returned after authenticating via GAE. Need to authenticate through Spring Security. PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken(googleUser, null); - token.setDetails(ads.buildDetails(request)); + token.setDetails(ads.buildDetails((HttpServletRequest) request)); try { authentication = authenticationManager.authenticate(token); diff --git a/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java index 8539aefa86..ddb6af3e47 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java +++ b/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java @@ -110,7 +110,7 @@ public abstract class AbstractAuthenticationProcessingFilter extends GenericFilt //~ Instance fields ================================================================================================ protected ApplicationEventPublisher eventPublisher; - protected AuthenticationDetailsSource authenticationDetailsSource = new WebAuthenticationDetailsSource(); + protected AuthenticationDetailsSource authenticationDetailsSource = new WebAuthenticationDetailsSource(); private AuthenticationManager authenticationManager; protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor(); @@ -363,7 +363,7 @@ public abstract class AbstractAuthenticationProcessingFilter extends GenericFilt this.eventPublisher = eventPublisher; } - public void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource) { + public void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource) { Assert.notNull(authenticationDetailsSource, "AuthenticationDetailsSource required"); this.authenticationDetailsSource = authenticationDetailsSource; } @@ -372,11 +372,6 @@ public abstract class AbstractAuthenticationProcessingFilter extends GenericFilt this.messages = new MessageSourceAccessor(messageSource); } - public AuthenticationDetailsSource getAuthenticationDetailsSource() { - // Required due to SEC-310 - return authenticationDetailsSource; - } - protected boolean getAllowSessionCreation() { return allowSessionCreation; } diff --git a/web/src/main/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilter.java index d5cfd1dec4..623a3a32de 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilter.java +++ b/web/src/main/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilter.java @@ -44,7 +44,8 @@ public class AnonymousAuthenticationFilter extends GenericFilterBean implements //~ Instance fields ================================================================================================ - private AuthenticationDetailsSource authenticationDetailsSource = new WebAuthenticationDetailsSource(); + private AuthenticationDetailsSource authenticationDetailsSource + = new WebAuthenticationDetailsSource(); private String key; private UserAttribute userAttribute; @@ -109,7 +110,7 @@ public class AnonymousAuthenticationFilter extends GenericFilterBean implements return userAttribute; } - public void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource) { + public void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource) { Assert.notNull(authenticationDetailsSource, "AuthenticationDetailsSource required"); this.authenticationDetailsSource = authenticationDetailsSource; } diff --git a/web/src/main/java/org/springframework/security/web/authentication/WebAuthenticationDetails.java b/web/src/main/java/org/springframework/security/web/authentication/WebAuthenticationDetails.java index f4aa8cf05c..ca4699fe5d 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/WebAuthenticationDetails.java +++ b/web/src/main/java/org/springframework/security/web/authentication/WebAuthenticationDetails.java @@ -15,10 +15,6 @@ package org.springframework.security.web.authentication; -import org.springframework.security.core.session.SessionIdentifierAware; - -import java.io.Serializable; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; @@ -28,7 +24,7 @@ import javax.servlet.http.HttpSession; * * @author Ben Alex */ -public class WebAuthenticationDetails implements SessionIdentifierAware, Serializable { +public class WebAuthenticationDetails { //~ Instance fields ================================================================================================ private final String remoteAddress; @@ -132,9 +128,9 @@ public class WebAuthenticationDetails implements SessionIdentifierAware, Seriali public String toString() { StringBuilder sb = new StringBuilder(); - sb.append(super.toString() + ": "); - sb.append("RemoteIpAddress: " + this.getRemoteAddress() + "; "); - sb.append("SessionId: " + this.getSessionId()); + sb.append(super.toString()).append(": "); + sb.append("RemoteIpAddress: ").append(this.getRemoteAddress()).append("; "); + sb.append("SessionId: ").append(this.getSessionId()); return sb.toString(); } diff --git a/web/src/main/java/org/springframework/security/web/authentication/WebAuthenticationDetailsSource.java b/web/src/main/java/org/springframework/security/web/authentication/WebAuthenticationDetailsSource.java index a538a51d1d..7c3b1ade91 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/WebAuthenticationDetailsSource.java +++ b/web/src/main/java/org/springframework/security/web/authentication/WebAuthenticationDetailsSource.java @@ -27,44 +27,19 @@ import javax.servlet.http.HttpServletRequest; /** * Implementation of {@link AuthenticationDetailsSource} which builds the details object from - * an HttpServletRequest object. - *

- * By default will create an instance of WebAuthenticationDetails. Any object that accepts a - * HttpServletRequest as its sole constructor can be used instead of this default. + * an HttpServletRequest object, creating a {@code WebAuthenticationDetails}. * * @author Ben Alex */ -public class WebAuthenticationDetailsSource implements AuthenticationDetailsSource { - //~ Instance fields ================================================================================================ - - private Class clazz = WebAuthenticationDetails.class; +public class WebAuthenticationDetailsSource implements AuthenticationDetailsSource { //~ Methods ======================================================================================================== /** - * @param context the HttpServletRequest object. + * @param context the {@code HttpServletRequest} object. + * @return the {@code WebAuthenticationDetails} containing information about the current request */ - public Object buildDetails(Object context) { - Assert.isInstanceOf(HttpServletRequest.class, context); - try { - Constructor constructor = clazz.getConstructor(HttpServletRequest.class); - - return constructor.newInstance(context); - } catch (NoSuchMethodException ex) { - ReflectionUtils.handleReflectionException(ex); - } catch (InvocationTargetException ex) { - ReflectionUtils.handleReflectionException(ex); - } catch (InstantiationException ex) { - ReflectionUtils.handleReflectionException(ex); - } catch (IllegalAccessException ex) { - ReflectionUtils.handleReflectionException(ex); - } - - return null; - } - - public void setClazz(Class clazz) { - Assert.notNull(clazz, "Class required"); - this.clazz = clazz; + public WebAuthenticationDetails buildDetails(HttpServletRequest context) { + return new WebAuthenticationDetails(context); } } diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.java index a1d82f2049..7b3e2c3ac1 100755 --- a/web/src/main/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.java +++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.java @@ -56,7 +56,8 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends GenericFi ApplicationEventPublisherAware { private ApplicationEventPublisher eventPublisher = null; - private AuthenticationDetailsSource authenticationDetailsSource = new WebAuthenticationDetailsSource(); + private AuthenticationDetailsSource authenticationDetailsSource + = new WebAuthenticationDetailsSource(); private AuthenticationManager authenticationManager = null; private boolean continueFilterChainOnUnsuccessfulAuthentication = true; private boolean checkForPrincipalChanges; @@ -190,7 +191,7 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends GenericFi * @param authenticationDetailsSource * The AuthenticationDetailsSource to use */ - public void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource) { + public void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource) { Assert.notNull(authenticationDetailsSource, "AuthenticationDetailsSource required"); this.authenticationDetailsSource = authenticationDetailsSource; } diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails.java index 371677e861..9702f6e97b 100755 --- a/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails.java +++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails.java @@ -1,13 +1,13 @@ package org.springframework.security.web.authentication.preauth; -import java.util.List; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.authority.GrantedAuthoritiesContainer; +import org.springframework.security.web.authentication.WebAuthenticationDetails; import javax.servlet.http.HttpServletRequest; - -import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.core.authority.GrantedAuthoritiesContainerImpl; -import org.springframework.security.core.authority.MutableGrantedAuthoritiesContainer; -import org.springframework.security.web.authentication.WebAuthenticationDetails; +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; /** * This WebAuthenticationDetails implementation allows for storing a list of @@ -18,27 +18,27 @@ import org.springframework.security.web.authentication.WebAuthenticationDetails; * @since 2.0 */ public class PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails extends WebAuthenticationDetails implements - MutableGrantedAuthoritiesContainer { - public static final long serialVersionUID = 1L; + GrantedAuthoritiesContainer { - private final MutableGrantedAuthoritiesContainer authoritiesContainer = new GrantedAuthoritiesContainerImpl(); + private final List authorities; - public PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails(HttpServletRequest request) { + public PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails(HttpServletRequest request, + List authorities) { super(request); + + List temp = new ArrayList(authorities.size()); + temp.addAll(authorities); + this.authorities = Collections.unmodifiableList(temp); } public List getGrantedAuthorities() { - return authoritiesContainer.getGrantedAuthorities(); - } - - public void setGrantedAuthorities(List authorities) { - this.authoritiesContainer.setGrantedAuthorities(authorities); + return authorities; } public String toString() { StringBuilder sb = new StringBuilder(); - sb.append(super.toString() + "; "); - sb.append(authoritiesContainer); + sb.append(super.toString()).append("; "); + sb.append(authorities); return sb.toString(); } } diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/AbstractPreAuthenticatedAuthenticationDetailsSource.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/AbstractPreAuthenticatedAuthenticationDetailsSource.java deleted file mode 100644 index b217f9e36a..0000000000 --- a/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/AbstractPreAuthenticatedAuthenticationDetailsSource.java +++ /dev/null @@ -1,92 +0,0 @@ -package org.springframework.security.web.authentication.preauth.j2ee; - -import java.util.Collection; -import java.util.List; -import java.util.Set; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.springframework.security.authentication.AuthenticationDetailsSourceImpl; -import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.core.authority.MutableGrantedAuthoritiesContainer; -import org.springframework.security.core.authority.mapping.Attributes2GrantedAuthoritiesMapper; -import org.springframework.security.core.authority.mapping.MappableAttributesRetriever; -import org.springframework.security.core.authority.mapping.SimpleAttributes2GrantedAuthoritiesMapper; -import org.springframework.util.Assert; - -/** - * Base implementation for classes scenarios where the authentication details object is used - * to store a list of authorities obtained from the context object (such as an HttpServletRequest) - * passed to {@link #buildDetails(Object)}. - *

- * - * - * @author Luke Taylor - * @since 2.0 - */ -public abstract class AbstractPreAuthenticatedAuthenticationDetailsSource extends AuthenticationDetailsSourceImpl { - protected final Log logger = LogFactory.getLog(getClass()); - protected Set j2eeMappableRoles; - protected Attributes2GrantedAuthoritiesMapper j2eeUserRoles2GrantedAuthoritiesMapper = - new SimpleAttributes2GrantedAuthoritiesMapper(); - - public AbstractPreAuthenticatedAuthenticationDetailsSource() { - } - - /** - * Check that all required properties have been set. - */ - public void afterPropertiesSet() throws Exception { - Assert.notNull(j2eeMappableRoles, "No mappable roles available"); - Assert.notNull(j2eeUserRoles2GrantedAuthoritiesMapper, "Roles to granted authorities mapper not set"); - } - - /** - * Build the authentication details object. If the specified authentication - * details class implements {@link MutableGrantedAuthoritiesContainer}, a - * list of pre-authenticated Granted Authorities will be set based on the - * roles for the current user. - * - * @see org.springframework.security.authentication.AuthenticationDetailsSource#buildDetails(Object) - */ - public Object buildDetails(Object context) { - Object result = super.buildDetails(context); - - if (result instanceof MutableGrantedAuthoritiesContainer) { - Collection j2eeUserRoles = getUserRoles(context, j2eeMappableRoles); - List userGas = j2eeUserRoles2GrantedAuthoritiesMapper.getGrantedAuthorities(j2eeUserRoles); - - if (logger.isDebugEnabled()) { - logger.debug("J2EE roles [" + j2eeUserRoles + "] mapped to Granted Authorities: [" + userGas + "]"); - } - - ((MutableGrantedAuthoritiesContainer) result).setGrantedAuthorities(userGas); - } - return result; - } - - /** - * Allows the roles of the current user to be determined from the context object - * - * @param context the context object (an HttpRequest, PortletRequest etc) - * @param mappableRoles the possible roles as determined by the MappableAttributesRetriever - * @return the subset of mappable roles which the current user has. - */ - protected abstract Collection getUserRoles(Object context, Set mappableRoles); - - /** - * @param aJ2eeMappableRolesRetriever - * The MappableAttributesRetriever to use - */ - public void setMappableRolesRetriever(MappableAttributesRetriever aJ2eeMappableRolesRetriever) { - this.j2eeMappableRoles = aJ2eeMappableRolesRetriever.getMappableAttributes(); - } - - /** - * @param mapper - * The Attributes2GrantedAuthoritiesMapper to use - */ - public void setUserRoles2GrantedAuthoritiesMapper(Attributes2GrantedAuthoritiesMapper mapper) { - j2eeUserRoles2GrantedAuthoritiesMapper = mapper; - } -} diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.java index 9fffbc69ba..beb4393155 100755 --- a/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.java +++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.java @@ -1,13 +1,18 @@ package org.springframework.security.web.authentication.preauth.j2ee; -import org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.springframework.beans.factory.InitializingBean; +import org.springframework.security.authentication.AuthenticationDetailsSource; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.authority.mapping.Attributes2GrantedAuthoritiesMapper; +import org.springframework.security.core.authority.mapping.MappableAttributesRetriever; import org.springframework.security.core.authority.mapping.SimpleAttributes2GrantedAuthoritiesMapper; - -import java.util.ArrayList; -import java.util.Collection; -import java.util.Set; +import org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails; +import org.springframework.util.Assert; import javax.servlet.http.HttpServletRequest; +import java.util.*; /** * Implementation of AuthenticationDetailsSource which converts the user's J2EE roles (as obtained by calling @@ -17,29 +22,77 @@ import javax.servlet.http.HttpServletRequest; * @author Ruud Senden * @since 2.0 */ -public class J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource extends AbstractPreAuthenticatedAuthenticationDetailsSource { - /** - * Public constructor which overrides the default {@code WebAuthenticationDetails} - * class to be used. - */ - public J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource() { - super.setClazz(PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails.class); +public class J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource + implements AuthenticationDetailsSource, + InitializingBean { - j2eeUserRoles2GrantedAuthoritiesMapper = new SimpleAttributes2GrantedAuthoritiesMapper(); + protected final Log logger = LogFactory.getLog(getClass()); + /** The role attributes returned by the configured {@code MappableAttributesRetriever} */ + protected Set j2eeMappableRoles; + protected Attributes2GrantedAuthoritiesMapper j2eeUserRoles2GrantedAuthoritiesMapper = + new SimpleAttributes2GrantedAuthoritiesMapper(); + + /** + * Check that all required properties have been set. + */ + public void afterPropertiesSet() throws Exception { + Assert.notNull(j2eeMappableRoles, "No mappable roles available"); + Assert.notNull(j2eeUserRoles2GrantedAuthoritiesMapper, "Roles to granted authorities mapper not set"); } /** - * Obtains the list of user roles based on the current user's J2EE roles. + * Obtains the list of user roles based on the current user's JEE roles. The + * {@link javax.servlet.http.HttpServletRequest#isUserInRole(String)} method is called for each of the values + * in the {@code j2eeMappableRoles} set to determine if that role should be assigned to the user. + * + * @param request the request which should be used to extract the user's roles. + * @return The subset of {@code j2eeMappableRoles} which applies to the current user making the request. */ - protected Collection getUserRoles(Object context, Set mappableRoles) { + protected Collection getUserRoles(HttpServletRequest request) { ArrayList j2eeUserRolesList = new ArrayList(); - for (String role : mappableRoles) { - if (((HttpServletRequest)context).isUserInRole(role)) { + for (String role : j2eeMappableRoles) { + if (request.isUserInRole(role)) { j2eeUserRolesList.add(role); } } return j2eeUserRolesList; } + + /** + * Builds the authentication details object. + * + * @see org.springframework.security.authentication.AuthenticationDetailsSource#buildDetails(Object) + */ + public PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails buildDetails(HttpServletRequest context) { + + Collection j2eeUserRoles = getUserRoles(context); + List userGas = j2eeUserRoles2GrantedAuthoritiesMapper.getGrantedAuthorities(j2eeUserRoles); + + if (logger.isDebugEnabled()) { + logger.debug("J2EE roles [" + j2eeUserRoles + "] mapped to Granted Authorities: [" + userGas + "]"); + } + + PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails result = + new PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails(context, userGas); + + return result; + } + + /** + * @param aJ2eeMappableRolesRetriever + * The MappableAttributesRetriever to use + */ + public void setMappableRolesRetriever(MappableAttributesRetriever aJ2eeMappableRolesRetriever) { + this.j2eeMappableRoles = Collections.unmodifiableSet(aJ2eeMappableRolesRetriever.getMappableAttributes()); + } + + /** + * @param mapper + * The Attributes2GrantedAuthoritiesMapper to use + */ + public void setUserRoles2GrantedAuthoritiesMapper(Attributes2GrantedAuthoritiesMapper mapper) { + j2eeUserRoles2GrantedAuthoritiesMapper = mapper; + } } diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSphere2SpringSecurityPropagationInterceptor.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSphere2SpringSecurityPropagationInterceptor.java index 401522a1e6..049f29de8c 100755 --- a/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSphere2SpringSecurityPropagationInterceptor.java +++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSphere2SpringSecurityPropagationInterceptor.java @@ -18,10 +18,11 @@ import org.springframework.util.Assert; * @author Ruud Senden * @since 1.0 */ +@Deprecated public class WebSphere2SpringSecurityPropagationInterceptor implements MethodInterceptor { private static final Log logger = LogFactory.getLog(WebSphere2SpringSecurityPropagationInterceptor.class); private AuthenticationManager authenticationManager = null; - private AuthenticationDetailsSource authenticationDetailsSource = new WebSpherePreAuthenticatedAuthenticationDetailsSource(); + private AuthenticationDetailsSource authenticationDetailsSource = new WebSpherePreAuthenticatedAuthenticationDetailsSource(); private final WASUsernameAndGroupsExtractor wasHelper; public WebSphere2SpringSecurityPropagationInterceptor() { @@ -40,7 +41,7 @@ public class WebSphere2SpringSecurityPropagationInterceptor implements MethodInt public Object invoke(MethodInvocation methodInvocation) throws Throwable { try { logger.debug("Performing Spring Security authentication with WebSphere credentials"); - authenticateSpringSecurityWithWASCredentials(this); + authenticateSpringSecurityWithWASCredentials(); logger.debug("Proceeding with method invocation"); return methodInvocation.proceed(); } finally { @@ -52,9 +53,8 @@ public class WebSphere2SpringSecurityPropagationInterceptor implements MethodInt /** * Retrieve the current WebSphere credentials and authenticate them with Spring Security * using the pre-authenticated authentication provider. - * @param aContext The context to use for building the authentication details. */ - private void authenticateSpringSecurityWithWASCredentials(Object aContext) { + private void authenticateSpringSecurityWithWASCredentials() { Assert.notNull(authenticationManager); Assert.notNull(authenticationDetailsSource); diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedAuthenticationDetailsSource.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedAuthenticationDetailsSource.java index 56bc633695..b5616edefe 100755 --- a/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedAuthenticationDetailsSource.java +++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedAuthenticationDetailsSource.java @@ -23,6 +23,7 @@ import org.springframework.util.Assert; * * @author Ruud Senden */ +@Deprecated public class WebSpherePreAuthenticatedAuthenticationDetailsSource extends AuthenticationDetailsSourceImpl implements InitializingBean { private final Log logger = LogFactory.getLog(getClass()); diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilter.java index 46ee077390..31da5cc075 100755 --- a/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilter.java +++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilter.java @@ -25,6 +25,7 @@ public class WebSpherePreAuthenticatedProcessingFilter extends AbstractPreAuthen WebSpherePreAuthenticatedProcessingFilter(WASUsernameAndGroupsExtractor wasHelper) { this.wasHelper = wasHelper; + setAuthenticationDetailsSource(new WebSpherePreAuthenticatedWebAuthenticationDetailsSource()); } diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedWebAuthenticationDetailsSource.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedWebAuthenticationDetailsSource.java index ed3b668432..17032c6ee3 100755 --- a/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedWebAuthenticationDetailsSource.java +++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedWebAuthenticationDetailsSource.java @@ -1,24 +1,62 @@ package org.springframework.security.web.authentication.preauth.websphere; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.springframework.security.authentication.AuthenticationDetailsSource; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.authority.mapping.Attributes2GrantedAuthoritiesMapper; +import org.springframework.security.core.authority.mapping.SimpleAttributes2GrantedAuthoritiesMapper; import org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails; +import javax.servlet.http.HttpServletRequest; +import java.util.List; + /** - * This AuthenticationDetailsSource implementation, when configured with a MutableGrantedAuthoritiesContainer, - * will set the pre-authenticated granted authorities based on the WebSphere groups for the current WebSphere - * user, mapped using the configured Attributes2GrantedAuthoritiesMapper. - * - * By default, this class is configured to build instances of the - * PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails class. + * This AuthenticationDetailsSource implementation will set the pre-authenticated granted + * authorities based on the WebSphere groups for the current WebSphere user, mapped using the + * configured Attributes2GrantedAuthoritiesMapper. * * @author Ruud Senden */ -public class WebSpherePreAuthenticatedWebAuthenticationDetailsSource extends WebSpherePreAuthenticatedAuthenticationDetailsSource { - /** - * Public constructor which overrides the default AuthenticationDetails - * class to be used. - */ +public class WebSpherePreAuthenticatedWebAuthenticationDetailsSource implements + AuthenticationDetailsSource { + private final Log logger = LogFactory.getLog(getClass()); + + private Attributes2GrantedAuthoritiesMapper webSphereGroups2GrantedAuthoritiesMapper = new SimpleAttributes2GrantedAuthoritiesMapper(); + + private final WASUsernameAndGroupsExtractor wasHelper; + public WebSpherePreAuthenticatedWebAuthenticationDetailsSource() { - super(); - super.setClazz(PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails.class); + this(new DefaultWASUsernameAndGroupsExtractor()); } + + public WebSpherePreAuthenticatedWebAuthenticationDetailsSource(WASUsernameAndGroupsExtractor wasHelper) { + this.wasHelper = wasHelper; + } + + public PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails buildDetails(HttpServletRequest context) { + return new PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails(context, getWebSphereGroupsBasedGrantedAuthorities()); + } + + /** + * Get a list of Granted Authorities based on the current user's WebSphere groups. + * + * @return authorities mapped from the user's WebSphere groups. + */ + private List getWebSphereGroupsBasedGrantedAuthorities() { + List webSphereGroups = wasHelper.getGroupsForCurrentUser(); + List userGas = webSphereGroups2GrantedAuthoritiesMapper.getGrantedAuthorities(webSphereGroups); + if (logger.isDebugEnabled()) { + logger.debug("WebSphere groups: " + webSphereGroups + " mapped to Granted Authorities: " + userGas); + } + return userGas; + } + + /** + * @param mapper The Attributes2GrantedAuthoritiesMapper to use for converting the WAS groups to authorities + */ + public void setWebSphereGroups2GrantedAuthoritiesMapper(Attributes2GrantedAuthoritiesMapper mapper) { + webSphereGroups2GrantedAuthoritiesMapper = mapper; + } + } diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java index a33b2426b0..95abbe9438 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java +++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java @@ -47,7 +47,7 @@ public abstract class AbstractRememberMeServices implements RememberMeServices, private UserDetailsService userDetailsService; private final UserDetailsChecker userDetailsChecker = new AccountStatusUserDetailsChecker(); - private AuthenticationDetailsSource authenticationDetailsSource = new WebAuthenticationDetailsSource(); + private AuthenticationDetailsSource authenticationDetailsSource = new WebAuthenticationDetailsSource(); private String cookieName = SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY; private String parameter = DEFAULT_PARAMETER; @@ -395,11 +395,11 @@ public abstract class AbstractRememberMeServices implements RememberMeServices, this.useSecureCookie = useSecureCookie; } - protected AuthenticationDetailsSource getAuthenticationDetailsSource() { + protected AuthenticationDetailsSource getAuthenticationDetailsSource() { return authenticationDetailsSource; } - public void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource) { + public void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource) { Assert.notNull(authenticationDetailsSource, "AuthenticationDetailsSource cannot be null"); this.authenticationDetailsSource = authenticationDetailsSource; } diff --git a/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilter.java b/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilter.java index 531d9ce8ac..4ea541fede 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilter.java +++ b/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilter.java @@ -109,7 +109,7 @@ public class SwitchUserFilter extends GenericFilterBean implements ApplicationEv //~ Instance fields ================================================================================================ private ApplicationEventPublisher eventPublisher; - private AuthenticationDetailsSource authenticationDetailsSource = new WebAuthenticationDetailsSource(); + private AuthenticationDetailsSource authenticationDetailsSource = new WebAuthenticationDetailsSource(); protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor(); private String exitUserUrl = "/j_spring_security_exit_user"; private String switchUserUrl = "/j_spring_security_switch_user"; diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java index 866e6e3487..c32451e873 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java +++ b/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java @@ -89,7 +89,7 @@ public class BasicAuthenticationFilter extends GenericFilterBean { //~ Instance fields ================================================================================================ - private AuthenticationDetailsSource authenticationDetailsSource = new WebAuthenticationDetailsSource(); + private AuthenticationDetailsSource authenticationDetailsSource = new WebAuthenticationDetailsSource(); private AuthenticationEntryPoint authenticationEntryPoint; private AuthenticationManager authenticationManager; private RememberMeServices rememberMeServices = new NullRememberMeServices(); @@ -257,7 +257,7 @@ public class BasicAuthenticationFilter extends GenericFilterBean { this.ignoreFailure = ignoreFailure; } - public void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource) { + public void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource) { Assert.notNull(authenticationDetailsSource, "AuthenticationDetailsSource required"); this.authenticationDetailsSource = authenticationDetailsSource; } diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilter.java index eb88cdcb86..b37297ce4a 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilter.java +++ b/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilter.java @@ -88,7 +88,7 @@ public class DigestAuthenticationFilter extends GenericFilterBean implements Mes //~ Instance fields ================================================================================================ - private AuthenticationDetailsSource authenticationDetailsSource = new WebAuthenticationDetailsSource(); + private AuthenticationDetailsSource authenticationDetailsSource = new WebAuthenticationDetailsSource(); private DigestAuthenticationEntryPoint authenticationEntryPoint; protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor(); private UserCache userCache = new NullUserCache(); @@ -246,7 +246,7 @@ public class DigestAuthenticationFilter extends GenericFilterBean implements Mes return userDetailsService; } - public void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource) { + public void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource) { Assert.notNull(authenticationDetailsSource, "AuthenticationDetailsSource required"); this.authenticationDetailsSource = authenticationDetailsSource; } diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetailsTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetailsTests.java index 39bc801887..8b4fa7a870 100755 --- a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetailsTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetailsTests.java @@ -2,18 +2,16 @@ package org.springframework.security.web.authentication.preauth; import static org.junit.Assert.assertTrue; -import java.util.Arrays; -import java.util.HashSet; -import java.util.List; -import java.util.Set; - -import javax.servlet.http.HttpServletRequest; - import org.junit.Test; import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.AuthorityUtils; -import org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails; + +import javax.servlet.http.HttpServletRequest; +import java.util.Arrays; +import java.util.HashSet; +import java.util.List; +import java.util.Set; /** * @author TSARDD @@ -24,8 +22,7 @@ public class PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetailsTests { @Test public void testToString() { PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails details = new PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails( - getRequest("testUser", new String[] {})); - details.setGrantedAuthorities(gas); + getRequest("testUser", new String[] {}), gas); String toString = details.toString(); assertTrue("toString should contain Role1", toString.contains("Role1")); assertTrue("toString should contain Role2", toString.contains("Role2")); @@ -34,20 +31,12 @@ public class PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetailsTests { @Test public void testGetSetPreAuthenticatedGrantedAuthorities() { PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails details = new PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails( - getRequest("testUser", new String[] {})); - details.setGrantedAuthorities(gas); + getRequest("testUser", new String[] {}), gas); List returnedGas = details.getGrantedAuthorities(); assertTrue("Collections do not contain same elements; expected: " + gas + ", returned: " + returnedGas, gas.containsAll(returnedGas) && returnedGas.containsAll(gas)); } - @Test(expected=IllegalArgumentException.class) - public void testGetWithoutSetPreAuthenticatedGrantedAuthorities() { - PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails details = new PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails( - getRequest("testUser", new String[] {})); - details.getGrantedAuthorities(); - } - private HttpServletRequest getRequest(final String userName,final String[] aRoles) { MockHttpServletRequest req = new MockHttpServletRequest() { private Set roles = new HashSet(Arrays.asList(aRoles)); diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests.java index ceb0310327..ed57ac4d0f 100755 --- a/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests.java @@ -104,12 +104,11 @@ public class J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests extend && gasRolesSet.containsAll(expectedRolesColl)); } - private final J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource getJ2eeBasedPreAuthenticatedWebAuthenticationDetailsSource( + private J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource getJ2eeBasedPreAuthenticatedWebAuthenticationDetailsSource( String[] mappedRoles) { J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource result = new J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource(); result.setMappableRolesRetriever(getMappableRolesRetriever(mappedRoles)); result.setUserRoles2GrantedAuthoritiesMapper(getJ2eeUserRoles2GrantedAuthoritiesMapper()); - result.setClazz(PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails.class); try { result.afterPropertiesSet(); @@ -134,7 +133,7 @@ public class J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests extend return result; } - private final HttpServletRequest getRequest(final String userName,final String[] aRoles) + private HttpServletRequest getRequest(final String userName,final String[] aRoles) { MockHttpServletRequest req = new MockHttpServletRequest() { private Set roles = new HashSet(Arrays.asList(aRoles));