From 298546014a70361fabaaefdb6aff03f5f17487b0 Mon Sep 17 00:00:00 2001
From: Luke Taylor <luke.taylor@springsource.com>
Date: Fri, 1 Feb 2008 14:25:07 +0000
Subject: [PATCH] SEC-659: Added authentication-manager element to allow users
 to define an alias for the internal authentication manager.

---
 ...enticationManagerBeanDefinitionParser.java | 32 +++++++++++++++++++
 .../security/config/BeanIds.java              |  5 ++-
 .../security/config/Elements.java             |  3 +-
 .../config/SecurityNamespaceHandler.java      |  1 +
 .../security/config/spring-security-2.0.rnc   |  7 ++++
 .../security/config/spring-security-2.0.xsd   | 14 ++++++++
 6 files changed, 60 insertions(+), 2 deletions(-)
 create mode 100644 core/src/main/java/org/springframework/security/config/AuthenticationManagerBeanDefinitionParser.java

diff --git a/core/src/main/java/org/springframework/security/config/AuthenticationManagerBeanDefinitionParser.java b/core/src/main/java/org/springframework/security/config/AuthenticationManagerBeanDefinitionParser.java
new file mode 100644
index 0000000000..e5ac443430
--- /dev/null
+++ b/core/src/main/java/org/springframework/security/config/AuthenticationManagerBeanDefinitionParser.java
@@ -0,0 +1,32 @@
+package org.springframework.security.config;
+
+import org.springframework.beans.factory.xml.BeanDefinitionParser;
+import org.springframework.beans.factory.xml.ParserContext;
+import org.springframework.beans.factory.config.BeanDefinition;
+import org.springframework.util.StringUtils;
+
+import org.w3c.dom.Element;
+
+/**
+ * Just registers an alias name for the default ProviderManager used by the namespace
+ * configuration, allowing users to reference it in their beans and clearly see where the name is
+ * coming from.
+ *
+ * @author Luke Taylor
+ * @version $Id$
+ */
+public class AuthenticationManagerBeanDefinitionParser implements BeanDefinitionParser {
+    private static final String ATT_ALIAS = "alias";
+
+    public BeanDefinition parse(Element element, ParserContext parserContext) {
+        String alias = element.getAttribute(ATT_ALIAS);
+
+        if (!StringUtils.hasText(alias)) {
+            parserContext.getReaderContext().error(ATT_ALIAS + " is required.", element );
+        }
+
+        parserContext.getRegistry().registerAlias(BeanIds.AUTHENTICATION_MANAGER, alias);
+
+        return null;
+    }
+}
diff --git a/core/src/main/java/org/springframework/security/config/BeanIds.java b/core/src/main/java/org/springframework/security/config/BeanIds.java
index 961a7c70e8..6665d6d551 100644
--- a/core/src/main/java/org/springframework/security/config/BeanIds.java
+++ b/core/src/main/java/org/springframework/security/config/BeanIds.java
@@ -10,7 +10,10 @@ package org.springframework.security.config;
  */
 public abstract class BeanIds {
 
-	/** Package protected as end users shouldn't really be using this BFPP directly */
+    /** External alias for FilterChainProxy bean, for use in web.xml files */
+    public static final String SPRING_SECURITY_FILTER_CHAIN = "springSecurityFilterChain";  
+
+    /** Package protected as end users shouldn't really be using this BFPP directly */
 	static final String INTERCEPT_METHODS_BEAN_FACTORY_POST_PROCESSOR = "_interceptMethodsBeanfactoryPP";
     static final String CONTEXT_SOURCE_SETTING_POST_PROCESSOR = "_contextSettingPostProcessor";
     static final String HTTP_POST_PROCESSOR = "_httpConfigBeanFactoryPostProcessor";
diff --git a/core/src/main/java/org/springframework/security/config/Elements.java b/core/src/main/java/org/springframework/security/config/Elements.java
index 2099d52c92..00b0e2e4ca 100644
--- a/core/src/main/java/org/springframework/security/config/Elements.java
+++ b/core/src/main/java/org/springframework/security/config/Elements.java
@@ -8,7 +8,8 @@ package org.springframework.security.config;
  */
 abstract class Elements {
 
-	public static final String USER_SERVICE = "user-service";
+    public static final String AUTHENTICATION_MANAGER = "authentication-manager";
+    public static final String USER_SERVICE = "user-service";
 	public static final String JDBC_USER_SERVICE = "jdbc-user-service";
 	public static final String FILTER_CHAIN_MAP = "filter-chain-map";
 	public static final String INTERCEPT_METHODS = "intercept-methods";
diff --git a/core/src/main/java/org/springframework/security/config/SecurityNamespaceHandler.java b/core/src/main/java/org/springframework/security/config/SecurityNamespaceHandler.java
index a53a8119a2..2122750101 100644
--- a/core/src/main/java/org/springframework/security/config/SecurityNamespaceHandler.java
+++ b/core/src/main/java/org/springframework/security/config/SecurityNamespaceHandler.java
@@ -22,6 +22,7 @@ public class SecurityNamespaceHandler extends NamespaceHandlerSupport {
         registerBeanDefinitionParser(Elements.JDBC_USER_SERVICE, new JdbcUserServiceBeanDefinitionParser());
         registerBeanDefinitionParser(Elements.AUTHENTICATION_PROVIDER, new AuthenticationProviderBeanDefinitionParser());
         registerBeanDefinitionParser(Elements.ANNOTATION_DRIVEN, new AnnotationDrivenBeanDefinitionParser());
+        registerBeanDefinitionParser(Elements.AUTHENTICATION_MANAGER, new AuthenticationManagerBeanDefinitionParser());
 
         // Decorators
         registerBeanDefinitionDecorator(Elements.INTERCEPT_METHODS, new InterceptMethodsBeanDefinitionDecorator());
diff --git a/core/src/main/resources/org/springframework/security/config/spring-security-2.0.rnc b/core/src/main/resources/org/springframework/security/config/spring-security-2.0.rnc
index 7d4ee361c0..f74cb88fe2 100644
--- a/core/src/main/resources/org/springframework/security/config/spring-security-2.0.rnc
+++ b/core/src/main/resources/org/springframework/security/config/spring-security-2.0.rnc
@@ -266,6 +266,13 @@ x509.attlist &=
     ## Explicitly specifies which user-service should be used to load user data for X.509 authenticated clients. If ommitted, the default user-service will be used.  
     user-service-ref?
 
+authentication-manager =
+    ## If you are using namespace configuration with Spring Security, an AuthenticationManager will automatically be registered. This element simple allows you to define an alias to allow you to reference the authentication-manager in your own beans. 
+    element authentication-manager {authman.attlist}
+    ## The alias you wish to use for the AuthenticationManager bean
+authman.attlist &=
+    attribute alias {xsd:ID}
+
 authentication-provider =
     ## Indicates that the contained user-service should be used as an authentication source. 
     element authentication-provider {ap.attlist & (user-service | jdbc-user-service | ldap-user-service) & password-encoder}
diff --git a/core/src/main/resources/org/springframework/security/config/spring-security-2.0.xsd b/core/src/main/resources/org/springframework/security/config/spring-security-2.0.xsd
index d43310a612..dadbf1f28c 100644
--- a/core/src/main/resources/org/springframework/security/config/spring-security-2.0.xsd
+++ b/core/src/main/resources/org/springframework/security/config/spring-security-2.0.xsd
@@ -622,6 +622,20 @@
       </xs:annotation>
     </xs:attribute>
   </xs:attributeGroup>
+  <xs:element name="authentication-manager">
+    <xs:annotation>
+      <xs:documentation>If you are using namespace configuration with Spring Security, an AuthenticationManager will automatically be registered. This element simple allows you to define an alias to allow you to reference the authentication-manager in your own beans. </xs:documentation>
+    </xs:annotation>
+    <xs:complexType>
+      <xs:attributeGroup ref="security:authman.attlist"/>
+    </xs:complexType>
+  </xs:element>
+  <xs:attributeGroup name="authman.attlist">
+    <xs:annotation>
+      <xs:documentation>The alias you wish to use for the AuthenticationManager bean</xs:documentation>
+    </xs:annotation>
+    <xs:attribute name="alias" use="required" type="xs:ID"/>
+  </xs:attributeGroup>
   <xs:element name="authentication-provider">
     <xs:annotation>
       <xs:documentation>Indicates that the contained user-service should be used as an authentication source. </xs:documentation>