diff --git a/sandbox/spring-security-config/basicauth/BasicProcessingFilterEntryPoint.java b/sandbox/spring-security-config/basicauth/BasicProcessingFilterEntryPoint.java
index 83f14c5fb3..ad02d21362 100644
--- a/sandbox/spring-security-config/basicauth/BasicProcessingFilterEntryPoint.java
+++ b/sandbox/spring-security-config/basicauth/BasicProcessingFilterEntryPoint.java
@@ -32,28 +32,41 @@ import org.springframework.context.ApplicationContextAware;
import org.springframework.core.Ordered;
import org.springframework.util.Assert;
-
/**
- * Used by the SecurityEnforcementFilter
to commence authentication via the {@link
- * BasicProcessingFilter}.
Once a user agent is authenticated using BASIC authentication, logout requires that - * the browser be closed or an unauthorized (401) header be sent. The simplest way of achieving the latter is to call - * the {@link #commence(ServletRequest, ServletResponse, AuthenticationException)} method below. This will indicate to - * the browser its credentials are no longer authorized, causing it to prompt the user to login again.
- * + * Used by theSecurityEnforcementFilter
to commence
+ * authentication via the {@link BasicProcessingFilter}.
+ * + * Once a user agent is authenticated using BASIC authentication, logout + * requires that the browser be closed or an unauthorized (401) header be sent. + * The simplest way of achieving the latter is to call the + * {@link #commence(ServletRequest, ServletResponse, AuthenticationException)} + * method below. This will indicate to the browser its credentials are no longer + * authorized, causing it to prompt the user to login again. + *
+ * * @author Ben Alex - * @version $Id: BasicProcessingFilterEntryPoint.java 1822 2007-05-17 12:20:16Z vishalpuri $ + * @version $Id: BasicProcessingFilterEntryPoint.java 1822 2007-05-17 12:20:16Z + * vishalpuri $ */ -public class BasicProcessingFilterEntryPoint implements AuthenticationEntryPoint, InitializingBean, Ordered, ApplicationContextAware { - //~ Instance fields ================================================================================================ - +public class BasicProcessingFilterEntryPoint implements AuthenticationEntryPoint, InitializingBean, Ordered, + ApplicationContextAware { + // ~ Static fields/initializers + // ===================================================================================== private static final int DEFAULT_ORDER = Integer.MAX_VALUE; - private String realmName; - private int order = DEFAULT_ORDER; - private ApplicationContext applicationContext; - //~ Methods ======================================================================================================== + // ~ Instance fields + // ================================================================================================ - public int getOrder() { + private String realmName; + + private int order = DEFAULT_ORDER; + + private ApplicationContext applicationContext; + + // ~ Methods + // ======================================================================================================== + + public int getOrder() { return order; } @@ -66,22 +79,22 @@ public class BasicProcessingFilterEntryPoint implements AuthenticationEntryPoint if (order == DEFAULT_ORDER) { OrderedUtils.copyOrderFromOtherClass(BasicProcessingFilter.class, applicationContext, this, true); } - } + } - public void commence(ServletRequest request, ServletResponse response, AuthenticationException authException) - throws IOException, ServletException { - HttpServletResponse httpResponse = (HttpServletResponse) response; - httpResponse.addHeader("WWW-Authenticate", "Basic realm=\"" + realmName + "\""); - httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, authException.getMessage()); - } + public void commence(ServletRequest request, ServletResponse response, AuthenticationException authException) + throws IOException, ServletException { + HttpServletResponse httpResponse = (HttpServletResponse) response; + httpResponse.addHeader("WWW-Authenticate", "Basic realm=\"" + realmName + "\""); + httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, authException.getMessage()); + } - public String getRealmName() { - return realmName; - } + public String getRealmName() { + return realmName; + } - public void setRealmName(String realmName) { - this.realmName = realmName; - } + public void setRealmName(String realmName) { + this.realmName = realmName; + } public void setApplicationContext(ApplicationContext applicationContext) { this.applicationContext = applicationContext; diff --git a/sandbox/spring-security-config/src/main/java/org/acegisecurity/config/FilterSecurityInterceptorBeanDefinitionParser.java b/sandbox/spring-security-config/src/main/java/org/acegisecurity/config/FilterSecurityInterceptorBeanDefinitionParser.java index 577ac2eafb..4e6bc5041b 100644 --- a/sandbox/spring-security-config/src/main/java/org/acegisecurity/config/FilterSecurityInterceptorBeanDefinitionParser.java +++ b/sandbox/spring-security-config/src/main/java/org/acegisecurity/config/FilterSecurityInterceptorBeanDefinitionParser.java @@ -1,22 +1,17 @@ package org.acegisecurity.config; import java.util.ArrayList; -import java.util.HashMap; import java.util.Iterator; import java.util.List; -import java.util.Map; +import org.acegisecurity.AccessDecisionManager; import org.acegisecurity.intercept.web.FilterInvocationDefinitionDecorator; import org.acegisecurity.intercept.web.FilterInvocationDefinitionSourceMapping; import org.acegisecurity.intercept.web.FilterSecurityInterceptor; import org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap; import org.acegisecurity.intercept.web.RegExpBasedFilterInvocationDefinitionMap; import org.acegisecurity.util.BeanDefinitionParserUtils; -import org.acegisecurity.vote.AffirmativeBased; -import org.acegisecurity.vote.AuthenticatedVoter; -import org.acegisecurity.vote.RoleVoter; import org.springframework.beans.factory.support.AbstractBeanDefinition; -import org.springframework.beans.factory.support.ManagedList; import org.springframework.beans.factory.support.RootBeanDefinition; import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser; import org.springframework.beans.factory.xml.ParserContext; @@ -50,7 +45,7 @@ public class FilterSecurityInterceptorBeanDefinitionParser extends AbstractBeanD ParserContext parserContext) { RootBeanDefinition filterInvocationInterceptor = new RootBeanDefinition(FilterSecurityInterceptor.class); - RootBeanDefinition accessDecisionManager = createAccessDecisionManagerAffirmativeBased(); + RootBeanDefinition accessDecisionManager = AuthorizationManagerBeanDefinitionParser.createAccessDecisionManagerAffirmativeBased(); filterInvocationInterceptor.getPropertyValues() .addPropertyValue("accessDecisionManager", accessDecisionManager); @@ -155,16 +150,6 @@ public class FilterSecurityInterceptorBeanDefinitionParser extends AbstractBeanD return filterInvocationInterceptor; } - protected static RootBeanDefinition createAccessDecisionManagerAffirmativeBased() { - ManagedList decisionVoters = new ManagedList(); - RootBeanDefinition accessDecisionManager = new RootBeanDefinition(AffirmativeBased.class); - accessDecisionManager.getPropertyValues().addPropertyValue("allowIfAllAbstainDecisions", Boolean.FALSE); - RootBeanDefinition authenticatedVoter = new RootBeanDefinition(AuthenticatedVoter.class); - RootBeanDefinition roleVoter = new RootBeanDefinition(RoleVoter.class); - decisionVoters.add(authenticatedVoter); - decisionVoters.add(roleVoter); - accessDecisionManager.getPropertyValues().addPropertyValue("decisionVoters", decisionVoters); - return accessDecisionManager; - } + } diff --git a/sandbox/spring-security-config/src/main/java/org/acegisecurity/config/SecurityNamespaceHandler.java b/sandbox/spring-security-config/src/main/java/org/acegisecurity/config/SecurityNamespaceHandler.java index a7bd459ce7..d56ea98b29 100644 --- a/sandbox/spring-security-config/src/main/java/org/acegisecurity/config/SecurityNamespaceHandler.java +++ b/sandbox/spring-security-config/src/main/java/org/acegisecurity/config/SecurityNamespaceHandler.java @@ -28,6 +28,7 @@ public class SecurityNamespaceHandler extends NamespaceHandlerSupport { registerBeanDefinitionParser("logout-support", new LogoutFilterBeanDefinitionParser()); registerBeanDefinitionParser("exception-translation", new ExceptionTranslationFilterBeanDefinitionParser()); registerBeanDefinitionParser("authentication-form", new AuthenticationProcessingFilterBeanDefinitionParser()); + registerBeanDefinitionParser("authorization-manager", new AuthorizationManagerBeanDefinitionParser()); registerBeanDefinitionParser("authorization-http-url", new FilterSecurityInterceptorBeanDefinitionParser()); registerBeanDefinitionParser("autoconfig", new AutoConfigBeanDefinitionParser()); } diff --git a/sandbox/spring-security-config/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd b/sandbox/spring-security-config/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd index 25a8848d40..1dd2273768 100644 --- a/sandbox/spring-security-config/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd +++ b/sandbox/spring-security-config/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd @@ -560,7 +560,33 @@