Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SEC-562: More changes of Acegi name in comments, docs etc.

This commit is contained in:
Luke Taylor 2007-10-03 14:02:39 +00:00
parent 9dbeda1c85
commit 3f2b9cd6fb
115 changed files with 729 additions and 739 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
adapters/cas/src/main/java/org/springframework/security/adapters/cas/CasPasswordHandlerProxy.java
View File

@ -32,13 +32,13 @@ import javax.servlet.http.HttpServletRequest;
/**
* Enables CAS to use the Acegi Security System for authentication.<P>This class works along with {@link
* CasPasswordHandler} to enable users to easily migrate from stand-alone Acegi Security System deployments to
* Enables CAS to use the Spring Security for authentication.<P>This class works along with {@link
* CasPasswordHandler} to enable users to easily migrate from stand-alone Spring Security deployments to
* enterprise-wide CAS deployments.</p>
* <p>It should be noted that the Acegi Security System will operate as a CAS client irrespective of the
* <p>It should be noted that Spring Security will operate as a CAS client irrespective of the
* <code>PasswordHandler</code> used on the CAS server. In other words, this class need <B>not</B> be used on the CAS
* server if not desired. It exists solely for the convenience of users wishing have CAS delegate to an Acegi Security
* System-based <code>AuthenticationManager</code>.</p>
* server if not desired. It exists solely for the convenience of users wishing have CAS delegate to a Spring Security-based
* <code>AuthenticationManager</code>.</p>
* <p>This class works requires a properly configured <code>CasPasswordHandler</code>. On the first authentication
* request, the class will use Spring's {@link WebApplicationContextUtils#getRequiredWebApplicationContext(ServletContext)}
* method to obtain an <code>ApplicationContext</code> instance, inside which must be a configured
@ -49,7 +49,7 @@ import javax.servlet.http.HttpServletRequest;
* <code>org.springframework.security.adapters.cas.CasPasswordHandlerProxy</code>.</p>
*
* @author Ben Alex
* @version $Id$
* @version $Id:CasPasswordHandlerProxy.java 2151 2007-09-22 11:54:13Z luke_t $
*/
public class CasPasswordHandlerProxy implements PasswordHandler {
//~ Static fields/initializers =====================================================================================

8
adapters/cas/src/main/java/org/springframework/security/adapters/cas3/CasAuthenticationHandler.java
View File

@ -32,12 +32,12 @@ import org.springframework.util.Assert;
/**
* <p>Provides JA-SIG CAS 3 authentication by delegating to the Acegi <code>AuthenticationManager</code>.</p>
* <p>Provides JA-SIG CAS 3 authentication by delegating to the Spring Security <code>AuthenticationManager</code>.</p>
* <p>This class would be configured in the <code>webapp/WEB-INF/deployerConfigContext.xml</code> file in the CAS
* distribution.</p>
*
* @author Scott Battaglia
* @version $Id$
* @version $Id:CasAuthenticationHandler.java 2151 2007-09-22 11:54:13Z luke_t $
*
* @see AuthenticationHandler
* @see AuthenticationManager
@ -81,9 +81,9 @@ public final class CasAuthenticationHandler extends AbstractUsernamePasswordAuth
}
/**
* Method to set the Acegi <code>AuthenticationManager</code> to delegate to.
* Method to set the Spring Security <code>AuthenticationManager</code> to delegate to.
*
* @param authenticationManager the Acegi AuthenticationManager that knows how to authenticate users.
* @param authenticationManager the Spring Security AuthenticationManager that knows how to authenticate users.
*/
public void setAuthenticationManager(final AuthenticationManager authenticationManager) {
this.authenticationManager = authenticationManager;

4
adapters/cas/src/main/resources/org/springframework/security/adapters/cas3/applicationContext.xml
View File

@ -20,9 +20,9 @@
* The example CAS AuthenticationHandler should be placed within CAS's
* AuthenticationManager's authenticationHandler list property.
*
* The Acegi-specific beans can just be placed in the context file.
* The Spring Security-specific beans can just be placed in the context file.
*
* $Id$
* $Id:applicationContext.xml 2151 2007-09-22 11:54:13Z luke_t $
-->
<beans>

2
adapters/cas/src/main/site/site.xml
View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="ISO-8859-1"?>
<project name="Acegi Security CAS Adapter">
<project name="Spring Security CAS Adapter">
<body>
<menu ref="parent"/>
<menu ref="reports"/>

24
adapters/catalina/src/main/java/org/springframework/security/adapters/catalina/CatalinaAcegiUserRealm.java → adapters/catalina/src/main/java/org/springframework/security/adapters/catalina/CatalinaSpringSecurityUserRealm.java
View File

@ -19,7 +19,7 @@ import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationException;
import org.springframework.security.AuthenticationManager;
import org.springframework.security.adapters.PrincipalAcegiUserToken;
import org.springframework.security.adapters.PrincipalSpringSecurityUserToken;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
@ -41,17 +41,17 @@ import java.util.Map;
/**
* Adapter to enable Catalina (Tomcat) to authenticate via the Acegi Security System for Spring.<p>Returns a {@link
* PrincipalAcegiUserToken} to Catalina's authentication system, which is subsequently available via
* Adapter to enable Catalina (Tomcat) to authenticate via the Spring Security.<p>Returns a {@link
* PrincipalSpringSecurityUserToken} to Catalina's authentication system, which is subsequently available via
* <code>HttpServletRequest.getUserPrincipal()</code>.</p>
*
* @author Ben Alex
* @version $Id$
* @version $Id:CatalinaSpringSecurityUserRealm.java 2151 2007-09-22 11:54:13Z luke_t $
*/
public class CatalinaAcegiUserRealm extends RealmBase {
public class CatalinaSpringSecurityUserRealm extends RealmBase {
//~ Static fields/initializers =====================================================================================
private static final Log logger = LogFactory.getLog(CatalinaAcegiUserRealm.class);
private static final Log logger = LogFactory.getLog(CatalinaSpringSecurityUserRealm.class);
//~ Instance fields ================================================================================================
@ -59,7 +59,7 @@ public class CatalinaAcegiUserRealm extends RealmBase {
private Container container;
private String appContextLocation;
private String key;
protected final String name = "CatalinaSpringUserRealm / $Id$";
protected final String name = "CatalinaSpringUserRealm / $Id:CatalinaSpringSecurityUserRealm.java 2151 2007-09-22 11:54:13Z luke_t $";
//~ Methods ========================================================================================================
@ -85,7 +85,7 @@ public class CatalinaAcegiUserRealm extends RealmBase {
return null;
}
return new PrincipalAcegiUserToken(this.key, response.getPrincipal().toString(),
return new PrincipalSpringSecurityUserToken(this.key, response.getPrincipal().toString(),
response.getCredentials().toString(), response.getAuthorities(), response.getPrincipal());
}
@ -163,14 +163,14 @@ public class CatalinaAcegiUserRealm extends RealmBase {
return false;
}
if (!(principal instanceof PrincipalAcegiUserToken)) {
logger.warn("Expected passed principal to be of type PrincipalAcegiUserToken but was "
if (!(principal instanceof PrincipalSpringSecurityUserToken)) {
logger.warn("Expected passed principal to be of type PrincipalSpringSecurityUserToken but was "
+ principal.getClass().getName());
return false;
}
PrincipalAcegiUserToken test = (PrincipalAcegiUserToken) principal;
PrincipalSpringSecurityUserToken test = (PrincipalSpringSecurityUserToken) principal;
return test.isUserInRole(role);
}
@ -221,7 +221,7 @@ public class CatalinaAcegiUserRealm extends RealmBase {
String beanName = (String) beans.keySet().iterator().next();
authenticationManager = (AuthenticationManager) beans.get(beanName);
logger.info("CatalinaAcegiUserRealm Started");
logger.info("CatalinaSpringSecurityUserRealm Started");
}
/**

72
adapters/catalina/src/test/java/org/springframework/security/adapters/catalina/CatalinaAcegiUserRealmTests.java → adapters/catalina/src/test/java/org/springframework/security/adapters/catalina/CatalinaSpringSecurityUserRealmTests.java
View File

@ -20,7 +20,7 @@ import junit.framework.TestCase;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.adapters.PrincipalAcegiUserToken;
import org.springframework.security.adapters.PrincipalSpringSecurityUserToken;
import org.apache.catalina.LifecycleException;
@ -32,35 +32,35 @@ import java.security.Principal;
/**
* Tests {@link CatalinaAcegiUserRealm}.
* Tests {@link CatalinaSpringSecurityUserRealm}.
*
* @author Ben Alex
* @version $Id$
* @version $Id:CatalinaSpringSecurityUserRealmTests.java 2151 2007-09-22 11:54:13Z luke_t $
*/
public class CatalinaAcegiUserRealmTests extends TestCase {
public class CatalinaSpringSecurityUserRealmTests extends TestCase {
//~ Instance fields ================================================================================================
private final String ADAPTER_KEY = "my_key";
//~ Constructors ===================================================================================================
public CatalinaAcegiUserRealmTests() {
public CatalinaSpringSecurityUserRealmTests() {
super();
}
public CatalinaAcegiUserRealmTests(String arg0) {
public CatalinaSpringSecurityUserRealmTests(String arg0) {
super(arg0);
}
//~ Methods ========================================================================================================
public static void main(String[] args) {
junit.textui.TestRunner.run(CatalinaAcegiUserRealmTests.class);
junit.textui.TestRunner.run(CatalinaSpringSecurityUserRealmTests.class);
}
private CatalinaAcegiUserRealm makeAdapter(String fileName)
private CatalinaSpringSecurityUserRealm makeAdapter(String fileName)
throws Exception {
CatalinaAcegiUserRealm adapter = new CatalinaAcegiUserRealm();
CatalinaSpringSecurityUserRealm adapter = new CatalinaSpringSecurityUserRealm();
URL url = Thread.currentThread().getContextClassLoader().getResource("org/springframework/security/adapters/" + fileName);
@ -86,7 +86,7 @@ public class CatalinaAcegiUserRealmTests extends TestCase {
public void testAdapterAbortsIfAppContextDoesNotContainAnAuthenticationBean()
throws Exception {
try {
CatalinaAcegiUserRealm adapter = makeAdapter("catalinaAdapterTest-invalid.xml");
CatalinaSpringSecurityUserRealm adapter = makeAdapter("catalinaAdapterTest-invalid.xml");
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertTrue(true);
@ -95,7 +95,7 @@ public class CatalinaAcegiUserRealmTests extends TestCase {
public void testAdapterAbortsIfNoAppContextSpecified()
throws Exception {
CatalinaAcegiUserRealm adapter = new CatalinaAcegiUserRealm();
CatalinaSpringSecurityUserRealm adapter = new CatalinaSpringSecurityUserRealm();
adapter.setKey("KEY");
@ -117,7 +117,7 @@ public class CatalinaAcegiUserRealmTests extends TestCase {
}
public void testAdapterAbortsIfNoKeySpecified() throws Exception {
CatalinaAcegiUserRealm adapter = new CatalinaAcegiUserRealm();
CatalinaSpringSecurityUserRealm adapter = new CatalinaSpringSecurityUserRealm();
adapter.setAppContextLocation("SOMETHING");
@ -140,7 +140,7 @@ public class CatalinaAcegiUserRealmTests extends TestCase {
public void testAdapterAbortsWithIncorrectApplicationContextLocation()
throws Exception {
CatalinaAcegiUserRealm adapter = new CatalinaAcegiUserRealm();
CatalinaSpringSecurityUserRealm adapter = new CatalinaSpringSecurityUserRealm();
adapter.setAppContextLocation("SOME_INVALID_PATH");
adapter.setKey("KEY");
@ -153,48 +153,48 @@ public class CatalinaAcegiUserRealmTests extends TestCase {
}
public void testAdapterIdentifiesItself() throws Exception {
CatalinaAcegiUserRealm adapter = new CatalinaAcegiUserRealm();
CatalinaSpringSecurityUserRealm adapter = new CatalinaSpringSecurityUserRealm();
assertTrue(adapter.getName().lastIndexOf("CatalinaSpringUserRealm") != -1);
}
public void testAdapterStartsUpSuccess() throws Exception {
CatalinaAcegiUserRealm adapter = makeAdapter("catalinaAdapterTest-valid.xml");
CatalinaSpringSecurityUserRealm adapter = makeAdapter("catalinaAdapterTest-valid.xml");
assertTrue(true);
}
public void testAuthenticateManyParamsReturnsNull() {
CatalinaAcegiUserRealm adapter = new CatalinaAcegiUserRealm();
CatalinaSpringSecurityUserRealm adapter = new CatalinaSpringSecurityUserRealm();
assertEquals(null, adapter.authenticate(null, null, null, null, null, null, null, null));
}
public void testAuthenticateX509ReturnsNull() {
CatalinaAcegiUserRealm adapter = new CatalinaAcegiUserRealm();
CatalinaSpringSecurityUserRealm adapter = new CatalinaSpringSecurityUserRealm();
assertEquals(null, adapter.authenticate(null));
}
public void testAuthenticationFailsForIncorrectPassword()
throws Exception {
CatalinaAcegiUserRealm adapter = makeAdapter("catalinaAdapterTest-valid.xml");
CatalinaSpringSecurityUserRealm adapter = makeAdapter("catalinaAdapterTest-valid.xml");
assertEquals(null, adapter.authenticate("marissa", "kangaroo"));
}
public void testAuthenticationFailsForIncorrectUserName()
throws Exception {
CatalinaAcegiUserRealm adapter = makeAdapter("catalinaAdapterTest-valid.xml");
CatalinaSpringSecurityUserRealm adapter = makeAdapter("catalinaAdapterTest-valid.xml");
assertEquals(null, adapter.authenticate("melissa", "koala"));
}
public void testAuthenticationUsingByteArrayForCredentials()
throws Exception {
CatalinaAcegiUserRealm adapter = makeAdapter("catalinaAdapterTest-valid.xml");
CatalinaSpringSecurityUserRealm adapter = makeAdapter("catalinaAdapterTest-valid.xml");
byte[] credentials = {'k', 'o', 'a', 'l', 'a'};
Principal result = adapter.authenticate("marissa", credentials);
if (!(result instanceof PrincipalAcegiUserToken)) {
fail("Should have returned PrincipalAcegiUserToken");
if (!(result instanceof PrincipalSpringSecurityUserToken)) {
fail("Should have returned PrincipalSpringSecurityUserToken");
}
PrincipalAcegiUserToken castResult = (PrincipalAcegiUserToken) result;
PrincipalSpringSecurityUserToken castResult = (PrincipalSpringSecurityUserToken) result;
assertEquals("marissa", castResult.getPrincipal());
assertEquals("koala", castResult.getCredentials());
assertEquals("ROLE_TELLER", castResult.getAuthorities()[0].getAuthority());
@ -204,14 +204,14 @@ public class CatalinaAcegiUserRealmTests extends TestCase {
public void testAuthenticationUsingStringForCredentials()
throws Exception {
CatalinaAcegiUserRealm adapter = makeAdapter("catalinaAdapterTest-valid.xml");
CatalinaSpringSecurityUserRealm adapter = makeAdapter("catalinaAdapterTest-valid.xml");
Principal result = adapter.authenticate("marissa", "koala");
if (!(result instanceof PrincipalAcegiUserToken)) {
fail("Should have returned PrincipalAcegiUserToken");
if (!(result instanceof PrincipalSpringSecurityUserToken)) {
fail("Should have returned PrincipalSpringSecurityUserToken");
}
PrincipalAcegiUserToken castResult = (PrincipalAcegiUserToken) result;
PrincipalSpringSecurityUserToken castResult = (PrincipalSpringSecurityUserToken) result;
assertEquals("marissa", castResult.getPrincipal());
assertEquals("koala", castResult.getCredentials());
assertEquals("ROLE_TELLER", castResult.getAuthorities()[0].getAuthority());
@ -221,28 +221,28 @@ public class CatalinaAcegiUserRealmTests extends TestCase {
public void testAuthenticationWithNullPasswordHandledGracefully()
throws Exception {
CatalinaAcegiUserRealm adapter = makeAdapter("catalinaAdapterTest-valid.xml");
CatalinaSpringSecurityUserRealm adapter = makeAdapter("catalinaAdapterTest-valid.xml");
assertEquals(null, adapter.authenticate("marissa", (String) null));
}
public void testAuthenticationWithNullUserNameHandledGracefully()
throws Exception {
CatalinaAcegiUserRealm adapter = makeAdapter("catalinaAdapterTest-valid.xml");
CatalinaSpringSecurityUserRealm adapter = makeAdapter("catalinaAdapterTest-valid.xml");
assertEquals(null, adapter.authenticate(null, "koala"));
}
public void testGetPasswordReturnsNull() {
CatalinaAcegiUserRealm adapter = new CatalinaAcegiUserRealm();
CatalinaSpringSecurityUserRealm adapter = new CatalinaSpringSecurityUserRealm();
assertEquals(null, adapter.getPassword(null));
}
public void testGetPrincipalReturnsNull() {
CatalinaAcegiUserRealm adapter = new CatalinaAcegiUserRealm();
CatalinaSpringSecurityUserRealm adapter = new CatalinaSpringSecurityUserRealm();
assertEquals(null, adapter.getPrincipal(null));
}
public void testGetters() {
CatalinaAcegiUserRealm adapter = new CatalinaAcegiUserRealm();
CatalinaSpringSecurityUserRealm adapter = new CatalinaSpringSecurityUserRealm();
adapter.setKey("KEY");
assertEquals("KEY", adapter.getKey());
adapter.setAppContextLocation("SOME_LOCATION");
@ -250,12 +250,12 @@ public class CatalinaAcegiUserRealmTests extends TestCase {
}
public void testHasRoleWithANullPrincipalFails() {
CatalinaAcegiUserRealm adapter = new CatalinaAcegiUserRealm();
CatalinaSpringSecurityUserRealm adapter = new CatalinaSpringSecurityUserRealm();
assertTrue(!adapter.hasRole(null, "ROLE_ONE"));
}
public void testHasRoleWithAPrincipalTheAdapterDidNotCreateFails() {
CatalinaAcegiUserRealm adapter = new CatalinaAcegiUserRealm();
CatalinaSpringSecurityUserRealm adapter = new CatalinaSpringSecurityUserRealm();
assertTrue(!adapter.hasRole(new Principal() {
public String getName() {
return "MockPrincipal";
@ -264,10 +264,10 @@ public class CatalinaAcegiUserRealmTests extends TestCase {
}
public void testHasRoleWithPrincipalAcegiUserToken() {
PrincipalAcegiUserToken token = new PrincipalAcegiUserToken("KEY", "Test", "Password",
PrincipalSpringSecurityUserToken token = new PrincipalSpringSecurityUserToken("KEY", "Test", "Password",
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO")},
null);
CatalinaAcegiUserRealm adapter = new CatalinaAcegiUserRealm();
CatalinaSpringSecurityUserRealm adapter = new CatalinaSpringSecurityUserRealm();
assertTrue(adapter.hasRole(token, "ROLE_ONE"));
assertTrue(adapter.hasRole(token, "ROLE_TWO"));
assertTrue(!adapter.hasRole(token, "ROLE_WE_DO_NOT_HAVE"));

14
adapters/jboss/src/main/java/org/springframework/security/adapters/jboss/JbossAcegiLoginModule.java → adapters/jboss/src/main/java/org/springframework/security/adapters/jboss/JbossSpringSecurityLoginModule.java
View File

@ -21,7 +21,7 @@ import org.springframework.security.AuthenticationException;
import org.springframework.security.AuthenticationManager;
import org.springframework.security.CredentialsExpiredException;
import org.springframework.security.adapters.PrincipalAcegiUserToken;
import org.springframework.security.adapters.PrincipalSpringSecurityUserToken;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
@ -52,15 +52,15 @@ import javax.security.auth.login.LoginException;
/**
* Adapter to enable JBoss to authenticate via the Acegi Security System for Spring.<p>Returns a {@link
* PrincipalAcegiUserToken} to JBoss' authentication system, which is subsequently available from
* <code>java:comp/env/security/subject</code>.</p>
* Adapter to enable JBoss to authenticate via the Spring Security System for Spring.
* <p>Returns a {@link PrincipalSpringSecurityUserToken} to JBoss' authentication system,
* which is subsequently available from <code>java:comp/env/security/subject</code>.</p>
*
* @author Ben Alex
* @author Sergio Bern<EFBFBD>
* @version $Id$
* @version $Id:JbossSpringSecurityLoginModule.java 2151 2007-09-22 11:54:13Z luke_t $
*/
public class JbossAcegiLoginModule extends AbstractServerLoginModule {
public class JbossSpringSecurityLoginModule extends AbstractServerLoginModule {
//~ Instance fields ================================================================================================
private AuthenticationManager authenticationManager;
@ -284,7 +284,7 @@ public class JbossAcegiLoginModule extends AbstractServerLoginModule {
super.log.debug("user is logged. redirecting to jaas classes");
identity = new PrincipalAcegiUserToken(this.key, response.getName(), response.getCredentials().toString(),
identity = new PrincipalSpringSecurityUserToken(this.key, response.getName(), response.getCredentials().toString(),
response.getAuthorities(), response.getPrincipal());
}

6
adapters/jboss/src/test/java/org/springframework/security/adapters/jboss/JbossIntegrationFilterTests.java
View File

@ -20,7 +20,7 @@ import junit.framework.TestCase;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.adapters.PrincipalAcegiUserToken;
import org.springframework.security.adapters.PrincipalSpringSecurityUserToken;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.context.SecurityContextImpl;
@ -50,7 +50,7 @@ import javax.servlet.ServletResponse;
* Tests {@link JbossIntegrationFilter}.
*
* @author Ben Alex
* @version $Id$
* @version $Id:JbossIntegrationFilterTests.java 2151 2007-09-22 11:54:13Z luke_t $
*/
public class JbossIntegrationFilterTests extends TestCase {
//~ Constructors ===================================================================================================
@ -95,7 +95,7 @@ public class JbossIntegrationFilterTests extends TestCase {
}
public void testCorrectOperation() throws Exception {
PrincipalAcegiUserToken principal = new PrincipalAcegiUserToken("key", "someone", "password",
PrincipalSpringSecurityUserToken principal = new PrincipalSpringSecurityUserToken("key", "someone", "password",
new GrantedAuthority[] {new GrantedAuthorityImpl("SOME_ROLE")}, null);
JbossIntegrationFilter filter = new MockJbossIntegrationFilter(new MockInitialContext(makeIntoSubject(principal)));

48
adapters/jboss/src/test/java/org/springframework/security/adapters/jboss/JbossAcegiLoginModuleTests.java → adapters/jboss/src/test/java/org/springframework/security/adapters/jboss/JbossSpringSecurityLoginModuleTests.java
View File

@ -17,10 +17,9 @@ package org.springframework.security.adapters.jboss;
import junit.framework.TestCase;
import org.springframework.security.adapters.PrincipalAcegiUserToken;
import org.springframework.security.adapters.PrincipalSpringSecurityUserToken;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.SimpleGroup;
import java.io.IOException;
@ -28,7 +27,6 @@ import java.security.Principal;
import java.security.acl.Group;
import java.util.Properties;
import java.util.Enumeration;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
@ -41,30 +39,30 @@ import javax.security.auth.login.LoginException;
/**
* Tests {@link JbossAcegiLoginModule}.
* Tests {@link JbossSpringSecurityLoginModule}.
*
* @author Ben Alex
* @version $Id$
* @version $Id:JbossSpringSecurityLoginModuleTests.java 2151 2007-09-22 11:54:13Z luke_t $
*/
public class JbossAcegiLoginModuleTests extends TestCase {
public class JbossSpringSecurityLoginModuleTests extends TestCase {
//~ Instance fields ================================================================================================
private final String ADAPTER_KEY = "my_key";
//~ Constructors ===================================================================================================
public JbossAcegiLoginModuleTests() {
public JbossSpringSecurityLoginModuleTests() {
super();
}
public JbossAcegiLoginModuleTests(String arg0) {
public JbossSpringSecurityLoginModuleTests(String arg0) {
super(arg0);
}
//~ Methods ========================================================================================================
public static void main(String[] args) {
junit.textui.TestRunner.run(JbossAcegiLoginModuleTests.class);
junit.textui.TestRunner.run(JbossSpringSecurityLoginModuleTests.class);
}
public final void setUp() throws Exception {
@ -73,7 +71,7 @@ public class JbossAcegiLoginModuleTests extends TestCase {
public void testAdapterAbortsIfAppContextDoesNotContainAnAuthenticationBean()
throws Exception {
JbossAcegiLoginModule adapter = new JbossAcegiLoginModule();
JbossSpringSecurityLoginModule adapter = new JbossSpringSecurityLoginModule();
Properties props = new Properties();
props.put("key", ADAPTER_KEY);
props.put("appContextLocation", "org/springframework/security/adapters/adaptertest-invalid.xml");
@ -88,7 +86,7 @@ public class JbossAcegiLoginModuleTests extends TestCase {
public void testAdapterAbortsIfNoAppContextSpecified()
throws Exception {
JbossAcegiLoginModule adapter = new JbossAcegiLoginModule();
JbossSpringSecurityLoginModule adapter = new JbossSpringSecurityLoginModule();
Properties props = new Properties();
props.put("key", ADAPTER_KEY);
@ -113,7 +111,7 @@ public class JbossAcegiLoginModuleTests extends TestCase {
}
public void testAdapterAbortsIfNoKeySpecified() throws Exception {
JbossAcegiLoginModule adapter = new JbossAcegiLoginModule();
JbossSpringSecurityLoginModule adapter = new JbossSpringSecurityLoginModule();
Properties props = new Properties();
props.put("appContextLocation", "org/springframework/security/adapters/adaptertest-valid.xml");
@ -139,7 +137,7 @@ public class JbossAcegiLoginModuleTests extends TestCase {
public void testAdapterAbortsWithIncorrectApplicationContextLocation()
throws Exception {
JbossAcegiLoginModule adapter = new JbossAcegiLoginModule();
JbossSpringSecurityLoginModule adapter = new JbossSpringSecurityLoginModule();
Properties props = new Properties();
props.put("key", ADAPTER_KEY);
@ -155,7 +153,7 @@ public class JbossAcegiLoginModuleTests extends TestCase {
public void testAdapterFailsToAuthenticateIfNoCallbackHandlerAvailable()
throws Exception {
JbossAcegiLoginModule adapter = new JbossAcegiLoginModule();
JbossSpringSecurityLoginModule adapter = new JbossSpringSecurityLoginModule();
Properties props = new Properties();
props.put("key", ADAPTER_KEY);
props.put("appContextLocation", "org/springframework/security/adapters/adaptertest-valid.xml");
@ -173,7 +171,7 @@ public class JbossAcegiLoginModuleTests extends TestCase {
}
public void testAdapterStartsUpSuccess() throws Exception {
JbossAcegiLoginModule adapter = new JbossAcegiLoginModule();
JbossSpringSecurityLoginModule adapter = new JbossSpringSecurityLoginModule();
Properties props = new Properties();
props.put("key", ADAPTER_KEY);
props.put("appContextLocation", "org/springframework/security/adapters/adaptertest-valid.xml");
@ -183,7 +181,7 @@ public class JbossAcegiLoginModuleTests extends TestCase {
public void testAuthenticationFailsForIncorrectPassword()
throws Exception {
JbossAcegiLoginModule adapter = new JbossAcegiLoginModule();
JbossSpringSecurityLoginModule adapter = new JbossSpringSecurityLoginModule();
Properties props = new Properties();
props.put("key", ADAPTER_KEY);
props.put("appContextLocation", "org/springframework/security/adapters/adaptertest-valid.xml");
@ -203,7 +201,7 @@ public class JbossAcegiLoginModuleTests extends TestCase {
public void testAuthenticationFailsForIncorrectUserName()
throws Exception {
JbossAcegiLoginModule adapter = new JbossAcegiLoginModule();
JbossSpringSecurityLoginModule adapter = new JbossSpringSecurityLoginModule();
Properties props = new Properties();
props.put("key", ADAPTER_KEY);
props.put("appContextLocation", "org/springframework/security/adapters/adaptertest-valid.xml");
@ -222,7 +220,7 @@ public class JbossAcegiLoginModuleTests extends TestCase {
}
public void testAuthenticationSuccess() throws Exception {
JbossAcegiLoginModule adapter = new JbossAcegiLoginModule();
JbossSpringSecurityLoginModule adapter = new JbossSpringSecurityLoginModule();
Properties props = new Properties();
props.put("key", ADAPTER_KEY);
props.put("appContextLocation", "org/springframework/security/adapters/adaptertest-valid.xml");
@ -235,11 +233,11 @@ public class JbossAcegiLoginModuleTests extends TestCase {
Principal result = adapter.getIdentity();
if (!(result instanceof PrincipalAcegiUserToken)) {
fail("Should have returned PrincipalAcegiUserToken");
if (!(result instanceof PrincipalSpringSecurityUserToken)) {
fail("Should have returned PrincipalSpringSecurityUserToken");
}
PrincipalAcegiUserToken castResult = (PrincipalAcegiUserToken) result;
PrincipalSpringSecurityUserToken castResult = (PrincipalSpringSecurityUserToken) result;
assertEquals("marissa", castResult.getPrincipal());
assertEquals("koala", castResult.getCredentials());
assertEquals("ROLE_TELLER", castResult.getAuthorities()[0].getAuthority());
@ -249,7 +247,7 @@ public class JbossAcegiLoginModuleTests extends TestCase {
public void testAuthenticationWithNullPasswordHandledGracefully()
throws Exception {
JbossAcegiLoginModule adapter = new JbossAcegiLoginModule();
JbossSpringSecurityLoginModule adapter = new JbossSpringSecurityLoginModule();
Properties props = new Properties();
props.put("key", ADAPTER_KEY);
props.put("appContextLocation", "org/springframework/security/adapters/adaptertest-valid.xml");
@ -269,7 +267,7 @@ public class JbossAcegiLoginModuleTests extends TestCase {
public void testAuthenticationWithNullUserNameAndNullPasswordHandledGracefully()
throws Exception {
JbossAcegiLoginModule adapter = new JbossAcegiLoginModule();
JbossSpringSecurityLoginModule adapter = new JbossSpringSecurityLoginModule();
Properties props = new Properties();
props.put("key", ADAPTER_KEY);
props.put("appContextLocation", "org/springframework/security/adapters/adaptertest-valid.xml");
@ -289,7 +287,7 @@ public class JbossAcegiLoginModuleTests extends TestCase {
public void testAuthenticationWithNullUserNameHandledGracefully()
throws Exception {
JbossAcegiLoginModule adapter = new JbossAcegiLoginModule();
JbossSpringSecurityLoginModule adapter = new JbossSpringSecurityLoginModule();
Properties props = new Properties();
props.put("key", ADAPTER_KEY);
props.put("appContextLocation", "org/springframework/security/adapters/adaptertest-valid.xml");
@ -308,7 +306,7 @@ public class JbossAcegiLoginModuleTests extends TestCase {
}
public void testGetRoleSets() throws Exception {
JbossAcegiLoginModule adapter = new JbossAcegiLoginModule();
JbossSpringSecurityLoginModule adapter = new JbossSpringSecurityLoginModule();
Properties props = new Properties();
props.put("key", ADAPTER_KEY);
props.put("appContextLocation", "org/springframework/security/adapters/adaptertest-valid.xml");

16
adapters/jetty/src/main/java/org/springframework/security/adapters/jetty/JettyAcegiUserRealm.java → adapters/jetty/src/main/java/org/springframework/security/adapters/jetty/JettySpringSecurityUserRealm.java
View File

@ -34,17 +34,17 @@ import java.util.Map;
/**
* Adapter to enable Jetty to authenticate via the Acegi Security System for Spring.<p>Returns a {@link
* JettyAcegiUserToken} to Jetty's authentication system, which is subsequently available via
* Adapter to enable Jetty to authenticate via Spring Security.<p>Returns a {@link
* JettySpringSecurityUserToken} to Jetty's authentication system, which is subsequently available via
* <code>HttpServletRequest.getUserPrincipal()</code>.</p>
*
* @author Ben Alex
* @version $Id$
* @version $Id:JettySpringSecurityUserRealm.java 2151 2007-09-22 11:54:13Z luke_t $
*/
public final class JettyAcegiUserRealm implements UserRealm {
public final class JettySpringSecurityUserRealm implements UserRealm {
//~ Static fields/initializers =====================================================================================
private static final Log logger = LogFactory.getLog(JettyAcegiUserRealm.class);
private static final Log logger = LogFactory.getLog(JettySpringSecurityUserRealm.class);
//~ Instance fields ================================================================================================
@ -64,7 +64,7 @@ public final class JettyAcegiUserRealm implements UserRealm {
*
* @throws IllegalArgumentException DOCUMENT ME!
*/
public JettyAcegiUserRealm(String realm, String providerKey, String appContextLocation) {
public JettySpringSecurityUserRealm(String realm, String providerKey, String appContextLocation) {
this.realm = realm;
this.key = providerKey;
@ -96,7 +96,7 @@ public final class JettyAcegiUserRealm implements UserRealm {
authenticationManager = (AuthenticationManager) beans.get(beanName);
}
protected JettyAcegiUserRealm() {
protected JettySpringSecurityUserRealm() {
throw new IllegalArgumentException("Cannot use default constructor");
}
@ -124,7 +124,7 @@ public final class JettyAcegiUserRealm implements UserRealm {
return null;
}
return new JettyAcegiUserToken(this.key, response.getPrincipal().toString(),
return new JettySpringSecurityUserToken(this.key, response.getPrincipal().toString(),
response.getCredentials().toString(), response.getAuthorities());
}

8
adapters/jetty/src/main/java/org/springframework/security/adapters/jetty/JettyAcegiUserToken.java → adapters/jetty/src/main/java/org/springframework/security/adapters/jetty/JettySpringSecurityUserToken.java
View File

@ -26,9 +26,9 @@ import org.mortbay.http.UserPrincipal;
* A Jetty compatible {@link org.springframework.security.Authentication} object.
*
* @author Ben Alex
* @version $Id$
* @version $Id:JettySpringSecurityUserToken.java 2151 2007-09-22 11:54:13Z luke_t $
*/
public class JettyAcegiUserToken extends AbstractAdapterAuthenticationToken implements UserPrincipal {
public class JettySpringSecurityUserToken extends AbstractAdapterAuthenticationToken implements UserPrincipal {
//~ Instance fields ================================================================================================
private static final long serialVersionUID = 1L;
@ -37,13 +37,13 @@ public class JettyAcegiUserToken extends AbstractAdapterAuthenticationToken impl
//~ Constructors ===================================================================================================
public JettyAcegiUserToken(String key, String username, String password, GrantedAuthority[] authorities) {
public JettySpringSecurityUserToken(String key, String username, String password, GrantedAuthority[] authorities) {
super(key, authorities);
this.username = username;
this.password = password;
}
protected JettyAcegiUserToken() {
protected JettySpringSecurityUserToken() {
throw new IllegalArgumentException("Cannot use default constructor");
}

56
adapters/jetty/src/test/java/org/springframework/security/adapters/jetty/JettyAcegiUserRealmTests.java
View File

@ -21,10 +21,10 @@ import org.mortbay.http.UserPrincipal;
/**
* Tests {@link JettyAcegiUserRealm}.
* Tests {@link JettySpringSecurityUserRealm}.
*
* @author Ben Alex
* @version $Id$
* @version $Id:JettyAcegiUserRealmTests.java 2151 2007-09-22 11:54:13Z luke_t $
*/
public class JettyAcegiUserRealmTests extends TestCase {
//~ Instance fields ================================================================================================
@ -48,11 +48,11 @@ public class JettyAcegiUserRealmTests extends TestCase {
junit.textui.TestRunner.run(JettyAcegiUserRealmTests.class);
}
private JettyAcegiUserRealm makeAdapter(String fileName)
private JettySpringSecurityUserRealm makeAdapter(String fileName)
throws Exception {
String useFile = "org/springframework/security/adapters/" + fileName;
return new JettyAcegiUserRealm(REALM_NAME, ADAPTER_KEY, useFile);
return new JettySpringSecurityUserRealm(REALM_NAME, ADAPTER_KEY, useFile);
}
public final void setUp() throws Exception {
@ -62,7 +62,7 @@ public class JettyAcegiUserRealmTests extends TestCase {
public void testAdapterAbortsIfAppContextDoesNotContainAnAuthenticationBean()
throws Exception {
try {
JettyAcegiUserRealm adapter = makeAdapter("adaptertest-invalid.xml");
JettySpringSecurityUserRealm adapter = makeAdapter("adaptertest-invalid.xml");
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertEquals("Bean context must contain at least one bean of type AuthenticationManager",
@ -73,14 +73,14 @@ public class JettyAcegiUserRealmTests extends TestCase {
public void testAdapterAbortsIfNoAppContextSpecified()
throws Exception {
try {
new JettyAcegiUserRealm(REALM_NAME, ADAPTER_KEY, null);
new JettySpringSecurityUserRealm(REALM_NAME, ADAPTER_KEY, null);
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertEquals("appContextLocation must be specified", expected.getMessage());
}
try {
new JettyAcegiUserRealm(REALM_NAME, ADAPTER_KEY, "");
new JettySpringSecurityUserRealm(REALM_NAME, ADAPTER_KEY, "");
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertEquals("appContextLocation must be specified", expected.getMessage());
@ -89,14 +89,14 @@ public class JettyAcegiUserRealmTests extends TestCase {
public void testAdapterAbortsIfNoKeySpecified() throws Exception {
try {
new JettyAcegiUserRealm(REALM_NAME, null, "SOME_PATH");
new JettySpringSecurityUserRealm(REALM_NAME, null, "SOME_PATH");
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertEquals("key must be specified", expected.getMessage());
}
try {
new JettyAcegiUserRealm(REALM_NAME, "", "SOME_PATH");
new JettySpringSecurityUserRealm(REALM_NAME, "", "SOME_PATH");
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertEquals("key must be specified", expected.getMessage());
@ -106,14 +106,14 @@ public class JettyAcegiUserRealmTests extends TestCase {
public void testAdapterAbortsIfNoRealmNameSpecified()
throws Exception {
try {
new JettyAcegiUserRealm(null, ADAPTER_KEY, "SOME_PATH");
new JettySpringSecurityUserRealm(null, ADAPTER_KEY, "SOME_PATH");
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertEquals("realm must be specified", expected.getMessage());
}
try {
new JettyAcegiUserRealm(null, ADAPTER_KEY, "SOME_PATH");
new JettySpringSecurityUserRealm(null, ADAPTER_KEY, "SOME_PATH");
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertEquals("realm must be specified", expected.getMessage());
@ -123,7 +123,7 @@ public class JettyAcegiUserRealmTests extends TestCase {
public void testAdapterAbortsWithIncorrectApplicationContextLocation()
throws Exception {
try {
new JettyAcegiUserRealm(REALM_NAME, ADAPTER_KEY, "SOME_INVALID_LOCATION");
new JettySpringSecurityUserRealm(REALM_NAME, ADAPTER_KEY, "SOME_INVALID_LOCATION");
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertTrue(expected.getMessage().startsWith("Cannot locate"));
@ -132,36 +132,36 @@ public class JettyAcegiUserRealmTests extends TestCase {
public void testAdapterIdentifiesTheRealmItManages()
throws Exception {
JettyAcegiUserRealm adapter = makeAdapter("adaptertest-valid.xml");
JettySpringSecurityUserRealm adapter = makeAdapter("adaptertest-valid.xml");
assertEquals(REALM_NAME, adapter.getName());
}
public void testAdapterStartsUpSuccess() throws Exception {
JettyAcegiUserRealm adapter = makeAdapter("adaptertest-valid.xml");
JettySpringSecurityUserRealm adapter = makeAdapter("adaptertest-valid.xml");
assertTrue(true);
}
public void testAuthenticationFailsForIncorrectPassword()
throws Exception {
JettyAcegiUserRealm adapter = makeAdapter("adaptertest-valid.xml");
JettySpringSecurityUserRealm adapter = makeAdapter("adaptertest-valid.xml");
assertEquals(null, adapter.authenticate("marissa", "kangaroo", null));
}
public void testAuthenticationFailsForIncorrectUserName()
throws Exception {
JettyAcegiUserRealm adapter = makeAdapter("adaptertest-valid.xml");
JettySpringSecurityUserRealm adapter = makeAdapter("adaptertest-valid.xml");
assertEquals(null, adapter.authenticate("melissa", "koala", null));
}
public void testAuthenticationSuccess() throws Exception {
JettyAcegiUserRealm adapter = makeAdapter("adaptertest-valid.xml");
JettySpringSecurityUserRealm adapter = makeAdapter("adaptertest-valid.xml");
UserPrincipal result = adapter.authenticate("marissa", "koala", null);
if (!(result instanceof JettyAcegiUserToken)) {
fail("Should have returned JettyAcegiUserToken");
if (!(result instanceof JettySpringSecurityUserToken)) {
fail("Should have returned JettySpringSecurityUserToken");
}
JettyAcegiUserToken castResult = (JettyAcegiUserToken) result;
JettySpringSecurityUserToken castResult = (JettySpringSecurityUserToken) result;
assertEquals("marissa", castResult.getPrincipal());
assertEquals("koala", castResult.getCredentials());
assertEquals("ROLE_TELLER", castResult.getAuthorities()[0].getAuthority());
@ -171,36 +171,36 @@ public class JettyAcegiUserRealmTests extends TestCase {
public void testAuthenticationWithNullPasswordHandledGracefully()
throws Exception {
JettyAcegiUserRealm adapter = makeAdapter("adaptertest-valid.xml");
JettySpringSecurityUserRealm adapter = makeAdapter("adaptertest-valid.xml");
assertEquals(null, adapter.authenticate("marissa", null, null));
}
public void testAuthenticationWithNullUserNameHandledGracefully()
throws Exception {
JettyAcegiUserRealm adapter = makeAdapter("adaptertest-valid.xml");
JettySpringSecurityUserRealm adapter = makeAdapter("adaptertest-valid.xml");
assertEquals(null, adapter.authenticate(null, "koala", null));
}
public void testDisassociateImplemented() throws Exception {
JettyAcegiUserRealm adapter = makeAdapter("adaptertest-valid.xml");
JettySpringSecurityUserRealm adapter = makeAdapter("adaptertest-valid.xml");
adapter.disassociate(new MockUserPrincipal());
assertTrue(true);
}
public void testGetAuthenticationManager() throws Exception {
JettyAcegiUserRealm adapter = makeAdapter("adaptertest-valid.xml");
JettySpringSecurityUserRealm adapter = makeAdapter("adaptertest-valid.xml");
assertTrue(adapter.getAuthenticationManager() != null);
}
public void testLogoutImplemented() throws Exception {
JettyAcegiUserRealm adapter = makeAdapter("adaptertest-valid.xml");
JettySpringSecurityUserRealm adapter = makeAdapter("adaptertest-valid.xml");
adapter.logout(new MockUserPrincipal());
assertTrue(true);
}
public void testNoArgsConstructor() {
try {
new JettyAcegiUserRealm();
new JettySpringSecurityUserRealm();
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertTrue(true);
@ -208,13 +208,13 @@ public class JettyAcegiUserRealmTests extends TestCase {
}
public void testPopRoleImplemented() throws Exception {
JettyAcegiUserRealm adapter = makeAdapter("adaptertest-valid.xml");
JettySpringSecurityUserRealm adapter = makeAdapter("adaptertest-valid.xml");
MockUserPrincipal user = new MockUserPrincipal();
assertEquals(user, adapter.popRole(user));
}
public void testPushRoleImplemented() throws Exception {
JettyAcegiUserRealm adapter = makeAdapter("adaptertest-valid.xml");
JettySpringSecurityUserRealm adapter = makeAdapter("adaptertest-valid.xml");
MockUserPrincipal user = new MockUserPrincipal();
assertEquals(user, adapter.pushRole(user, "SOME_ROLE"));
}

23
adapters/jetty/src/test/java/org/springframework/security/adapters/jetty/JettyAcegiUserTokenTests.java → adapters/jetty/src/test/java/org/springframework/security/adapters/jetty/JettySpringSecurityUserTokenTests.java
View File

@ -22,34 +22,25 @@ import org.springframework.security.GrantedAuthorityImpl;
/**
* Tests {@link JettyAcegiUserToken}.
* Tests {@link JettySpringSecurityUserToken}.
*
* @author Ben Alex
* @version $Id$
* @version $Id:JettySpringSecurityUserTokenTests.java 2151 2007-09-22 11:54:13Z luke_t $
*/
public class JettyAcegiUserTokenTests extends TestCase {
public class JettySpringSecurityUserTokenTests extends TestCase {
//~ Constructors ===================================================================================================
public JettyAcegiUserTokenTests() {
super();
public JettySpringSecurityUserTokenTests() {
}
public JettyAcegiUserTokenTests(String arg0) {
public JettySpringSecurityUserTokenTests(String arg0) {
super(arg0);
}
//~ Methods ========================================================================================================
public static void main(String[] args) {
junit.textui.TestRunner.run(JettyAcegiUserTokenTests.class);
}
public final void setUp() throws Exception {
super.setUp();
}
public void testGetters() throws Exception {
JettyAcegiUserToken token = new JettyAcegiUserToken("my_password", "Test", "Password",
JettySpringSecurityUserToken token = new JettySpringSecurityUserToken("my_password", "Test", "Password",
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO")});
assertEquals("Test", token.getPrincipal());
assertEquals("Password", token.getCredentials());
@ -59,7 +50,7 @@ public class JettyAcegiUserTokenTests extends TestCase {
public void testNoArgsConstructor() {
try {
new JettyAcegiUserToken();
new JettySpringSecurityUserToken();
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertTrue(true);

16
adapters/resin/src/main/java/org/springframework/security/adapters/resin/ResinAcegiAuthenticator.java
View File

@ -21,7 +21,7 @@ import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationException;
import org.springframework.security.AuthenticationManager;
import org.springframework.security.adapters.PrincipalAcegiUserToken;
import org.springframework.security.adapters.PrincipalSpringSecurityUserToken;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
@ -41,12 +41,12 @@ import javax.servlet.http.HttpServletResponse;
/**
* Adapter to enable Resin to authenticate via the Acegi Security System for Spring.<p>Returns a {@link
* PrincipalAcegiUserToken} to Resin's authentication system, which is subsequently available via
* Adapter to enable Resin to authenticate via Spring Security.<p>Returns a {@link
* PrincipalSpringSecurityUserToken} to Resin's authentication system, which is subsequently available via
* <code>HttpServletRequest.getUserPrincipal()</code>.</p>
*
* @author Ben Alex
* @version $Id$
* @version $Id:ResinAcegiAuthenticator.java 2151 2007-09-22 11:54:13Z luke_t $
*/
public class ResinAcegiAuthenticator extends AbstractAuthenticator {
//~ Static fields/initializers =====================================================================================
@ -98,15 +98,15 @@ public class ResinAcegiAuthenticator extends AbstractAuthenticator {
public boolean isUserInRole(HttpServletRequest request, HttpServletResponse response, ServletContext application,
Principal principal, String role) {
if (!(principal instanceof PrincipalAcegiUserToken)) {
if (!(principal instanceof PrincipalSpringSecurityUserToken)) {
if (logger.isWarnEnabled()) {
logger.warn("Expected passed principal to be of type PrincipalAcegiUserToken");
logger.warn("Expected passed principal to be of type PrincipalSpringSecurityUserToken");
}
return false;
}
PrincipalAcegiUserToken test = (PrincipalAcegiUserToken) principal;
PrincipalSpringSecurityUserToken test = (PrincipalSpringSecurityUserToken) principal;
return test.isUserInRole(role);
}
@ -133,7 +133,7 @@ public class ResinAcegiAuthenticator extends AbstractAuthenticator {
return null;
}
return new PrincipalAcegiUserToken(this.key, response.getPrincipal().toString(),
return new PrincipalSpringSecurityUserToken(this.key, response.getPrincipal().toString(),
response.getCredentials().toString(), response.getAuthorities(), response.getPrincipal());
}

18
adapters/resin/src/test/java/org/springframework/security/adapters/resin/ResinAcegiAuthenticatorTests.java
View File

@ -20,7 +20,7 @@ import junit.framework.TestCase;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.adapters.PrincipalAcegiUserToken;
import org.springframework.security.adapters.PrincipalSpringSecurityUserToken;
import java.security.Principal;
@ -31,7 +31,7 @@ import javax.servlet.ServletException;
* Tests {@link ResinAcegiAuthenticator}.
*
* @author Ben Alex
* @version $Id$
* @version $Id:ResinAcegiAuthenticatorTests.java 2151 2007-09-22 11:54:13Z luke_t $
*/
public class ResinAcegiAuthenticatorTests extends TestCase {
//~ Instance fields ================================================================================================
@ -164,11 +164,11 @@ public class ResinAcegiAuthenticatorTests extends TestCase {
Principal result = adapter.loginImpl("marissa", "koala");
if (!(result instanceof PrincipalAcegiUserToken)) {
fail("Should have returned PrincipalAcegiUserToken");
if (!(result instanceof PrincipalSpringSecurityUserToken)) {
fail("Should have returned PrincipalSpringSecurityUserToken");
}
PrincipalAcegiUserToken castResult = (PrincipalAcegiUserToken) result;
PrincipalSpringSecurityUserToken castResult = (PrincipalSpringSecurityUserToken) result;
assertEquals("marissa", castResult.getPrincipal());
assertEquals("koala", castResult.getCredentials());
assertEquals("ROLE_TELLER", castResult.getAuthorities()[0].getAuthority());
@ -185,11 +185,11 @@ public class ResinAcegiAuthenticatorTests extends TestCase {
Principal result = adapter.loginImpl(null, null, null, "marissa", "koala");
if (!(result instanceof PrincipalAcegiUserToken)) {
fail("Should have returned PrincipalAcegiUserToken");
if (!(result instanceof PrincipalSpringSecurityUserToken)) {
fail("Should have returned PrincipalSpringSecurityUserToken");
}
PrincipalAcegiUserToken castResult = (PrincipalAcegiUserToken) result;
PrincipalSpringSecurityUserToken castResult = (PrincipalSpringSecurityUserToken) result;
assertEquals("marissa", castResult.getPrincipal());
assertEquals("koala", castResult.getCredentials());
assertEquals("ROLE_TELLER", castResult.getAuthorities()[0].getAuthority());
@ -247,7 +247,7 @@ public class ResinAcegiAuthenticatorTests extends TestCase {
public void testHasRoleWithPrincipalAcegiUserToken()
throws Exception {
PrincipalAcegiUserToken token = new PrincipalAcegiUserToken("KEY", "Test", "Password",
PrincipalSpringSecurityUserToken token = new PrincipalSpringSecurityUserToken("KEY", "Test", "Password",
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO")},
null);
ResinAcegiAuthenticator adapter = new ResinAcegiAuthenticator();

15
core/src/main/java/org/springframework/security/AcegiMessageSource.java → core/src/main/java/org/springframework/security/SpringSecurityMessageSource.java
View File

@ -20,24 +20,25 @@ import org.springframework.context.support.ResourceBundleMessageSource;
/**
* The default <code>MessageSource</code> used by Acegi Security.<p>All Acegi Security classes requiring messge
* localization will by default use this class. However, all such classes will also implement
* <code>MessageSourceAware</code> so that the application context can inject an alternative message source. Therefore
* this class is only used when the deployment environment has not specified an alternative message source.</p>
* The default <code>MessageSource</code> used by Spring Security.
* <p>All Spring Security classes requiring messge localization will by default use this class.
* However, all such classes will also implement <code>MessageSourceAware</code> so that the application context can
* inject an alternative message source. Therefore this class is only used when the deployment environment has not
* specified an alternative message source.</p>
*
* @author Ben Alex
* @version $Id$
*/
public class AcegiMessageSource extends ResourceBundleMessageSource {
public class SpringSecurityMessageSource extends ResourceBundleMessageSource {
//~ Constructors ===================================================================================================
public AcegiMessageSource() {
public SpringSecurityMessageSource() {
setBasename("org.springframework.security.messages");
}
//~ Methods ========================================================================================================
public static MessageSourceAccessor getAccessor() {
return new MessageSourceAccessor(new AcegiMessageSource());
return new MessageSourceAccessor(new SpringSecurityMessageSource());
}
}

2
core/src/main/java/org/springframework/security/acl/basic/GrantedAuthorityEffectiveAclsResolver.java
View File

@ -35,7 +35,7 @@ import java.util.Vector;
* Authentication#getPrincipal()} or {@link Authentication#getAuthorities()}. The principal object or granted
* authorities object has its <code>Object.equals(recipient)</code> method called to make the decision as to whether
* the recipient in the <code>BasicAclEntry</code> is the same as the principal or granted authority.</p>
* <P>This class should prove an adequate ACLs resolver if you're using standard Acegi Security classes. This is
* <P>This class should prove an adequate ACLs resolver if you're using standard Spring Security classes. This is
* because the typical <code>Authentication</code> token is <code>UsernamePasswordAuthenticationToken</code>, which
* for its <code>principal</code> is usually a <code>String</code>. The <code>GrantedAuthorityImpl</code> is typically
* used for granted authorities, which tests for equality based on a <code>String</code>. This means

4
core/src/main/java/org/springframework/security/adapters/AuthByAdapterProvider.java
View File

@ -15,7 +15,7 @@
package org.springframework.security.adapters;
import org.springframework.security.AcegiMessageSource;
import org.springframework.security.SpringSecurityMessageSource;
import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationException;
import org.springframework.security.BadCredentialsException;
@ -41,7 +41,7 @@ import org.springframework.util.Assert;
public class AuthByAdapterProvider implements InitializingBean, AuthenticationProvider, MessageSourceAware {
//~ Instance fields ================================================================================================
protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
private String key;
//~ Methods ========================================================================================================

4
core/src/main/java/org/springframework/security/adapters/PrincipalAcegiUserToken.java → core/src/main/java/org/springframework/security/adapters/PrincipalSpringSecurityUserToken.java
View File

@ -26,7 +26,7 @@ import java.security.Principal;
* @author Ben Alex
* @version $Id$
*/
public class PrincipalAcegiUserToken extends AbstractAdapterAuthenticationToken implements Principal {
public class PrincipalSpringSecurityUserToken extends AbstractAdapterAuthenticationToken implements Principal {
//~ Instance fields ================================================================================================
private static final long serialVersionUID = 1L;
@ -36,7 +36,7 @@ public class PrincipalAcegiUserToken extends AbstractAdapterAuthenticationToken
//~ Constructors ===================================================================================================
public PrincipalAcegiUserToken(String key, String username, String password, GrantedAuthority[] authorities,
public PrincipalSpringSecurityUserToken(String key, String username, String password, GrantedAuthority[] authorities,
Object principal) {
super(key, authorities);
this.username = username;

4
core/src/main/java/org/springframework/security/afterinvocation/AclEntryAfterInvocationProvider.java
View File

@ -15,7 +15,7 @@
package org.springframework.security.afterinvocation;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.AcegiMessageSource;
import org.springframework.security.SpringSecurityMessageSource;
import org.springframework.security.Authentication;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
@ -58,7 +58,7 @@ public class AclEntryAfterInvocationProvider extends AbstractAclProvider impleme
//~ Instance fields ================================================================================================
protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
//~ Constructors ===================================================================================================

4
core/src/main/java/org/springframework/security/afterinvocation/BasicAclEntryAfterInvocationProvider.java
View File

@ -16,7 +16,7 @@
package org.springframework.security.afterinvocation;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.AcegiMessageSource;
import org.springframework.security.SpringSecurityMessageSource;
import org.springframework.security.Authentication;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
@ -72,7 +72,7 @@ public class BasicAclEntryAfterInvocationProvider implements AfterInvocationProv
private AclManager aclManager;
private Class processDomainObjectClass = Object.class;
protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
private String processConfigAttribute = "AFTER_ACL_READ";
private int[] requirePermission = {SimpleAclEntry.READ};

4
core/src/main/java/org/springframework/security/concurrent/ConcurrentSessionControllerImpl.java
View File

@ -15,7 +15,7 @@
package org.springframework.security.concurrent;
import org.springframework.security.AcegiMessageSource;
import org.springframework.security.SpringSecurityMessageSource;
import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationException;
@ -39,7 +39,7 @@ public class ConcurrentSessionControllerImpl implements ConcurrentSessionControl
MessageSourceAware {
//~ Instance fields ================================================================================================
protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
private SessionRegistry sessionRegistry = new SessionRegistryImpl();
private boolean exceptionIfMaximumExceeded = false;
private int maximumSessions = 1;

8
core/src/main/java/org/springframework/security/concurrent/SessionInformation.java
View File

@ -22,11 +22,11 @@ import java.io.Serializable;
/**
* Represents a record of a session within the Acegi Security framework.<p>This is primarily used for concurrent
* session support.</p>
* <p>Sessions have three states: active, expired, and destroyed. A session can that is invalidated by
* Represents a record of a session within the Spring Security framework.
* <p>This is primarily used for concurrent session support.</p>
* <p>Sessions have three states: active, expired, and destroyed. A session can that is invalidated by
* <code>session.invalidate()</code> or via Servlet Container management is considered "destroyed". An "expired"
* session, on the other hand, is a session that Acegi Security wants to end because it was selected for removal for
* session, on the other hand, is a session that Spring Security wants to end because it was selected for removal for
* some reason (generally as it was the least recently used session and the maximum sessions for the user were
* reached). An "expired" session is removed as soon as possible by a <code>Filter</code>.</p>
*

4
core/src/main/java/org/springframework/security/intercept/AbstractSecurityInterceptor.java
View File

@ -17,7 +17,7 @@ package org.springframework.security.intercept;
import org.springframework.security.AccessDecisionManager;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.AcegiMessageSource;
import org.springframework.security.SpringSecurityMessageSource;
import org.springframework.security.AfterInvocationManager;
import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationCredentialsNotFoundException;
@ -134,7 +134,7 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
private AuthenticationManager authenticationManager;
protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
private RunAsManager runAsManager = new NullRunAsManager();

10
core/src/main/java/org/springframework/security/intercept/package.html
View File

@ -5,17 +5,17 @@ Actually enforces the security and ties the whole security system together.
A <i>secure object</i> is a term frequently used throughout the security
system. It does <b>not</b> refer to a business object that is being
secured, but instead refers to some infrastructure object that can have
security facilities provided for it by the Acegi Security System for
Spring. For example, one secure object would be
<code>MethodInvocation</code>, whilst another would be HTTP {@link
org.springframwork.security.intercept.web.FilterInvocation}. Note these are
security facilities provided for it by Spring Security.
For example, one secure object would be <code>MethodInvocation</code>,
whilst another would be HTTP
{@link org.springframwork.security.intercept.web.FilterInvocation}. Note these are
infrastructure objects and their design allows them to represent a large
variety of actual resources that might need to be secured, such as business
objects or HTTP request URLs.
</p>
<P>Each secure object typically has its
own <code>org.acegisecurity.intercept</code> package.
own <code>org.springframwork.security.intercept</code> package.
Each package usually includes a concrete security interceptor (which
subclasses {@link org.springframework.security.intercept.AbstractSecurityInterceptor},
an appropriate {@link org.springframework.security.intercept.ObjectDefinitionSource}

2
core/src/main/java/org/springframework/security/intercept/web/FilterSecurityInterceptor.java
View File

@ -41,7 +41,7 @@ import javax.servlet.ServletResponse;
public class FilterSecurityInterceptor extends AbstractSecurityInterceptor implements Filter {
//~ Static fields/initializers =====================================================================================
private static final String FILTER_APPLIED = "__acegi_security_filterSecurityInterceptor_filterApplied";
private static final String FILTER_APPLIED = "__spring_security_filterSecurityInterceptor_filterApplied";
//~ Instance fields ================================================================================================

4
core/src/main/java/org/springframework/security/ldap/DefaultInitialDirContextFactory.java
View File

@ -15,7 +15,7 @@
package org.springframework.security.ldap;
import org.springframework.security.AcegiMessageSource;
import org.springframework.security.SpringSecurityMessageSource;
import org.springframework.security.BadCredentialsException;
import org.apache.commons.logging.Log;
@ -78,7 +78,7 @@ public class DefaultInitialDirContextFactory implements InitialDirContextFactory
/** Allows extra environment variables to be added at config time. */
private Map extraEnvVars = null;
protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
/** Type of authentication within LDAP; default is simple. */
private String authenticationType = "simple";

2
core/src/main/java/org/springframework/security/ldap/SpringSecurityLdapTemplate.java
View File

@ -50,7 +50,7 @@ import javax.naming.directory.SearchResult;
/**
* LDAP equivalent of the Spring JdbcTemplate class.
* <p>
* This is mainly intended to simplify Ldap access within Acegi Security's LDAP-related services.
* This is mainly intended to simplify Ldap access within Spring Security's LDAP-related services.
* </p>
*
* @author Ben Alex

2
core/src/main/java/org/springframework/security/package.html
View File

@ -1,6 +1,6 @@
<html>
<body>
Provides core Acegi Security System for Spring interfaces and classes.
Provides core Spring Security interfaces and classes.
</body>
</html>

4
core/src/main/java/org/springframework/security/providers/ProviderManager.java
View File

@ -17,7 +17,7 @@ package org.springframework.security.providers;
import org.springframework.security.AbstractAuthenticationManager;
import org.springframework.security.AccountExpiredException;
import org.springframework.security.AcegiMessageSource;
import org.springframework.security.SpringSecurityMessageSource;
import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationException;
import org.springframework.security.AuthenticationServiceException;
@ -108,7 +108,7 @@ public class ProviderManager extends AbstractAuthenticationManager implements In
private ApplicationEventPublisher applicationEventPublisher;
private ConcurrentSessionController sessionController = new NullConcurrentSessionController();
private List providers;
protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
private Properties exceptionMappings = new Properties();
static {

4
core/src/main/java/org/springframework/security/providers/anonymous/AnonymousAuthenticationProvider.java
View File

@ -15,7 +15,7 @@
package org.springframework.security.providers.anonymous;
import org.springframework.security.AcegiMessageSource;
import org.springframework.security.SpringSecurityMessageSource;
import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationException;
import org.springframework.security.BadCredentialsException;
@ -42,7 +42,7 @@ public class AnonymousAuthenticationProvider implements AuthenticationProvider,
//~ Instance fields ================================================================================================
protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
private String key;
//~ Methods ========================================================================================================

4
core/src/main/java/org/springframework/security/providers/cas/CasAuthenticationProvider.java
View File

@ -15,7 +15,7 @@
package org.springframework.security.providers.cas;
import org.springframework.security.AcegiMessageSource;
import org.springframework.security.SpringSecurityMessageSource;
import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationException;
import org.springframework.security.BadCredentialsException;
@ -58,7 +58,7 @@ public class CasAuthenticationProvider implements AuthenticationProvider, Initia
private CasAuthoritiesPopulator casAuthoritiesPopulator;
private CasProxyDecider casProxyDecider;
protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
private StatelessTicketCache statelessTicketCache;
private String key;
private TicketValidator ticketValidator;

4
core/src/main/java/org/springframework/security/providers/cas/CasAuthoritiesPopulator.java
View File

@ -26,7 +26,7 @@ import org.springframework.security.userdetails.UserDetails;
*
* <p>
* CAS does not provide the authorities (roles) granted to a user. It merely
* authenticates their identity. As the Acegi Security System for Spring needs
* authenticates their identity. As Spring Security needs
* to know the authorities granted to a user in order to construct a valid
* <code>Authentication</code> object, implementations of this interface will
* provide this information.
@ -36,7 +36,7 @@ import org.springframework.security.userdetails.UserDetails;
* A {@link UserDetails} is returned by implementations. The
* <code>UserDetails</code> must, at minimum, contain the username and
* <code>GrantedAuthority[]</code> objects applicable to the CAS-authenticated
* user. Note that Acegi Security ignores the password and enabled/disabled
* user. Note that Spring Security ignores the password and enabled/disabled
* status of the <code>UserDetails</code> because this is
* authentication-related and should have been enforced by the CAS server. The
* <code>UserDetails</code> returned by implementations is stored in the

2
core/src/main/java/org/springframework/security/providers/cas/StatelessTicketCache.java
View File

@ -37,7 +37,7 @@ package org.springframework.security.providers.cas;
* <P>
* To avoid this issue with stateless callers, it is expected stateless callers
* will obtain a single service ticket or proxy ticket, and then present this
* same ticket to the Acegi Security System secured application on each
* same ticket to the Spring Security secured application on each
* occasion. As no <code>HttpSession</code> is available for such callers, the
* affirmative CAS validation outcome cannot be stored in this location.
* </p>

4
core/src/main/java/org/springframework/security/providers/cas/proxy/NamedCasProxyDecider.java
View File

@ -15,7 +15,7 @@
package org.springframework.security.providers.cas.proxy;
import org.springframework.security.AcegiMessageSource;
import org.springframework.security.SpringSecurityMessageSource;
import org.springframework.security.providers.cas.CasProxyDecider;
import org.springframework.security.providers.cas.ProxyUntrustedException;
@ -46,7 +46,7 @@ public class NamedCasProxyDecider implements CasProxyDecider, InitializingBean,
//~ Instance fields ================================================================================================
private List validProxies;
protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
//~ Methods ========================================================================================================

4
core/src/main/java/org/springframework/security/providers/cas/proxy/RejectProxyTickets.java
View File

@ -15,7 +15,7 @@
package org.springframework.security.providers.cas.proxy;
import org.springframework.security.AcegiMessageSource;
import org.springframework.security.SpringSecurityMessageSource;
import org.springframework.security.providers.cas.CasProxyDecider;
import org.springframework.security.providers.cas.ProxyUntrustedException;
@ -45,7 +45,7 @@ public class RejectProxyTickets implements CasProxyDecider, MessageSourceAware,
//~ Instance fields ================================================================================================
protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
//~ Methods ========================================================================================================

6
core/src/main/java/org/springframework/security/providers/cas/ticketvalidator/CasProxyTicketValidator.java
View File

@ -69,14 +69,14 @@ public class CasProxyTicketValidator extends AbstractTicketValidator {
/**
* Optional callback URL to obtain a proxy-granting ticket from CAS.
* <p>This callback URL belongs to the Acegi Security System for Spring secured application. We suggest you use
* <p>This callback URL belongs to the Spring Security secured application. We suggest you use
* CAS' <code>ProxyTicketReceptor</code> servlet to receive this callback and manage the proxy-granting ticket list.
* The callback URL is usually something like
* <code>https://www.mycompany.com/application/casProxy/receptor</code>.
* </p>
* <p>If left <code>null</code>, the <code>CasAuthenticationToken</code> will not have a proxy granting
* ticket IOU and there will be no proxy-granting ticket callback. Accordingly, the Acegi Securty System for
* Spring secured application will be unable to obtain a proxy ticket to call another CAS-secured service on
* ticket IOU and there will be no proxy-granting ticket callback. Accordingly, the Spring Securty
* secured application will be unable to obtain a proxy ticket to call another CAS-secured service on
* behalf of the user. This is not really an issue for most applications.</p>
*
* @return the proxy callback URL, or <code>null</code> if not used

4
core/src/main/java/org/springframework/security/providers/dao/AbstractUserDetailsAuthenticationProvider.java
View File

@ -16,7 +16,7 @@
package org.springframework.security.providers.dao;
import org.springframework.security.AccountExpiredException;
import org.springframework.security.AcegiMessageSource;
import org.springframework.security.SpringSecurityMessageSource;
import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationException;
import org.springframework.security.BadCredentialsException;
@ -69,7 +69,7 @@ public abstract class AbstractUserDetailsAuthenticationProvider implements Authe
MessageSourceAware {
//~ Instance fields ================================================================================================
protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
private UserCache userCache = new NullUserCache();
private boolean forcePrincipalAsString = false;
protected boolean hideUserNotFoundExceptions = true;

2
core/src/main/java/org/springframework/security/providers/jaas/JaasAuthenticationProvider.java
View File

@ -146,7 +146,7 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, Appli
private LoginExceptionResolver loginExceptionResolver = new DefaultLoginExceptionResolver();
private Resource loginConfig;
private String loginContextName = "ACEGI";
private String loginContextName = "SPRINGSECURITY";
private AuthorityGranter[] authorityGranters;
private JaasAuthenticationCallbackHandler[] callbackHandlers;
private ApplicationEventPublisher applicationEventPublisher;

2
core/src/main/java/org/springframework/security/providers/jaas/JaasNameCallbackHandler.java
View File

@ -28,7 +28,7 @@ import javax.security.auth.callback.UnsupportedCallbackException;
/**
* The most basic Callbacks to be handled when using a LoginContext from JAAS, are the NameCallback and
* PasswordCallback. The acegi security framework provides the JaasNameCallbackHandler specifically tailored to
* PasswordCallback. Spring Security provides the JaasNameCallbackHandler specifically tailored to
* handling the NameCallback. <br>
*
* @author Ray Krueger

2
core/src/main/java/org/springframework/security/providers/jaas/JaasPasswordCallbackHandler.java
View File

@ -26,7 +26,7 @@ import javax.security.auth.callback.UnsupportedCallbackException;
/**
* The most basic Callbacks to be handled when using a LoginContext from JAAS, are the NameCallback and
* PasswordCallback. The acegi security framework provides the JaasPasswordCallbackHandler specifically tailored to
* PasswordCallback. Spring Security provides the JaasPasswordCallbackHandler specifically tailored to
* handling the PasswordCallback. <br>
*
* @author Ray Krueger

2
core/src/main/java/org/springframework/security/providers/jaas/LoginExceptionResolver.java
View File

@ -22,7 +22,7 @@ import javax.security.auth.login.LoginException;
/**
* The JaasAuthenticationProvider takes an instance of LoginExceptionResolver
* to resolve LoginModule specific exceptions to Acegi exceptions. For
* to resolve LoginModule specific exceptions to Spring Security exceptions. For
* instance, a configured login module could throw a
* ScrewedUpPasswordException that extends LoginException, in this instance
* the LoginExceptionResolver implementation would return a {@link

17
core/src/main/java/org/springframework/security/providers/jaas/SecurityContextLoginModule.java
View File

@ -31,13 +31,14 @@ import javax.security.auth.spi.LoginModule;
/**
* An implementation of {@link LoginModule} that uses an Acegi Security {@link
* An implementation of {@link LoginModule} that uses a Spring Security {@link
* org.springframework.security.context.SecurityContext SecurityContext} to provide authentication.<p>This LoginModule
* provides opposite functionality to the {@link JaasAuthenticationProvider} API, and should not really be used in
* conjunction with it.</p>
* <p>The {@link JaasAuthenticationProvider} allows Acegi to authenticate against Jaas.</p>
* <p>The SecurityContextLoginModule allows a Jaas based application to authenticate against Acegi. If there is no
* Authentication in the {@link SecurityContextHolder} the login() method will throw a LoginException by default.
* <p>The {@link JaasAuthenticationProvider} allows Spring Security to authenticate against Jaas.</p>
* <p>The SecurityContextLoginModule allows a Jaas based application to authenticate against Spring Security.
* If there is no Authentication in the {@link SecurityContextHolder} the login() method will throw a LoginException
* by default.
* This functionality can be changed with the <tt>ignoreMissingAuthentication</tt> option by setting it to "true".
* Setting ignoreMissingAuthentication=true will tell the SecurityContextLoginModule to simply return false and be
* ignored if the authentication is null.</p>
@ -59,7 +60,7 @@ public class SecurityContextLoginModule implements LoginModule {
//~ Methods ========================================================================================================
/**
* Abort the authentication process by forgetting the Acegi Security <code>Authentication</code>.
* Abort the authentication process by forgetting the Spring Security <code>Authentication</code>.
*
* @return true if this method succeeded, or false if this <code>LoginModule</code> should be ignored.
*
@ -76,7 +77,7 @@ public class SecurityContextLoginModule implements LoginModule {
}
/**
* Authenticate the <code>Subject</code> (phase two) by adding the Acegi Security
* Authenticate the <code>Subject</code> (phase two) by adding the Spring Security
* <code>Authentication</code> to the <code>Subject</code>'s principals.
*
* @return true if this method succeeded, or false if this <code>LoginModule</code> should be ignored.
@ -103,7 +104,7 @@ public class SecurityContextLoginModule implements LoginModule {
/**
* Initialize this <code>LoginModule</code>. Ignores the callback handler, since the code establishing the
* <code>LoginContext</code> likely won't provide one that understands Acegi Security. Also ignores the
* <code>LoginContext</code> likely won't provide one that understands Spring Security. Also ignores the
* <code>sharedState</code> and <code>options</code> parameters, since none are recognized.
*
* @param subject the <code>Subject</code> to be authenticated. <p>
@ -120,7 +121,7 @@ public class SecurityContextLoginModule implements LoginModule {
}
/**
* Authenticate the <code>Subject</code> (phase one) by extracting the Acegi Security
* Authenticate the <code>Subject</code> (phase one) by extracting the Spring Security
* <code>Authentication</code> from the current <code>SecurityContext</code>.
*
* @return true if the authentication succeeded, or false if this <code>LoginModule</code> should be ignored.

4
core/src/main/java/org/springframework/security/providers/ldap/authenticator/AbstractLdapAuthenticator.java
View File

@ -15,7 +15,7 @@
package org.springframework.security.providers.ldap.authenticator;
import org.springframework.security.AcegiMessageSource;
import org.springframework.security.SpringSecurityMessageSource;
import org.springframework.security.ldap.InitialDirContextFactory;
import org.springframework.security.ldap.LdapUserSearch;
@ -49,7 +49,7 @@ public abstract class AbstractLdapAuthenticator implements LdapAuthenticator, In
/** Optional search object which can be used to locate a user when a simple DN match isn't sufficient */
private LdapUserSearch userSearch;
protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
/**
* The suffix to be added to the DN patterns, worked out internally from the root DN of the configured

21
core/src/main/java/org/springframework/security/providers/ldap/populator/DefaultLdapAuthoritiesPopulator.java
View File

@ -38,20 +38,27 @@ import javax.naming.directory.SearchControls;
/**
* The default strategy for obtaining user role information from the directory.
* <p/>
* <p>It obtains roles by performing a search for "groups" the user is a member of.</p>
* <p/>
* <p/>
* A typical group search scenario would be where each group/role is specified using the <tt>groupOfNames</tt>
* (or <tt>groupOfUniqueNames</tt>) LDAP objectClass and the user's DN is listed in the <tt>member</tt> (or
* <tt>uniqueMember</tt>) attribute to indicate that they should be assigned that role. The following LDIF sample has
* the groups stored under the DN <tt>ou=groups,dc=springframework,dc=org</tt> and a group called "developers" with
* "ben" and "marissa" as members:
* <pre>
* dn: ou=groups,dc=springframework,dc=orgobjectClass: top
* objectClass: organizationalUnitou: groupsdn: cn=developers,ou=groups,dc=springframework,dc=org
* objectClass: groupOfNamesobjectClass: topcn: developersdescription: Acegi Security Developers
* member: uid=ben,ou=people,dc=springframework,dc=orgmember: uid=marissa,ou=people,dc=springframework,dc=orgou: developer
* dn: ou=groups,dc=springframework,dc=org
* objectClass: top
* objectClass: organizationalUnit
* ou: groups
*
* dn: cn=developers,ou=groups,dc=springframework,dc=org
* objectClass: groupOfNameso
* objectClass: top
* cn: developers
* description: Spring Security Developers
* member: uid=ben,ou=people,dc=springframework,dc=org
* member: uid=marissa,ou=people,dc=springframework,dc=org
* ou: developer
* </pre>
* </p>
* <p/>
@ -65,7 +72,7 @@ import javax.naming.directory.SearchControls;
* <p>The configuration below shows how the group search might be performed with the above schema.
* <pre>
* &lt;bean id="ldapAuthoritiesPopulator"
* class="org.springframework.security.providers.ldap.populator.DefaultLdapAuthoritiesPopulator">
* class="org.springframework.security.providers.ldap.populator.DefaultLdapAuthoritiesPopulator">
* &lt;constructor-arg>&lt;ref local="initialDirContextFactory"/>&lt;/constructor-arg>
* &lt;constructor-arg>&lt;value>ou=groups&lt;/value>&lt;/constructor-arg>
* &lt;property name="groupRoleAttribute">&lt;value>ou&lt;/value>&lt;/property>

4
core/src/main/java/org/springframework/security/providers/rememberme/RememberMeAuthenticationProvider.java
View File

@ -15,7 +15,7 @@
package org.springframework.security.providers.rememberme;
import org.springframework.security.AcegiMessageSource;
import org.springframework.security.SpringSecurityMessageSource;
import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationException;
import org.springframework.security.BadCredentialsException;
@ -47,7 +47,7 @@ public class RememberMeAuthenticationProvider implements AuthenticationProvider,
//~ Instance fields ================================================================================================
protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
private String key;
//~ Methods ========================================================================================================

4
core/src/main/java/org/springframework/security/providers/x509/X509AuthenticationProvider.java
View File

@ -15,7 +15,7 @@
package org.springframework.security.providers.x509;
import org.springframework.security.AcegiMessageSource;
import org.springframework.security.SpringSecurityMessageSource;
import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationException;
import org.springframework.security.BadCredentialsException;
@ -53,7 +53,7 @@ public class X509AuthenticationProvider implements AuthenticationProvider, Initi
//~ Instance fields ================================================================================================
protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
private X509AuthoritiesPopulator x509AuthoritiesPopulator;
private X509UserCache userCache = new NullX509UserCache();

4
core/src/main/java/org/springframework/security/providers/x509/populator/DaoX509AuthoritiesPopulator.java
View File

@ -15,7 +15,7 @@
package org.springframework.security.providers.x509.populator;
import org.springframework.security.AcegiMessageSource;
import org.springframework.security.SpringSecurityMessageSource;
import org.springframework.security.AuthenticationException;
import org.springframework.security.BadCredentialsException;
import org.springframework.security.AuthenticationServiceException;
@ -53,7 +53,7 @@ public class DaoX509AuthoritiesPopulator implements X509AuthoritiesPopulator, In
//~ Instance fields ================================================================================================
protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
private Pattern subjectDNPattern;
private String subjectDNRegex = "CN=(.*?),";
private UserDetailsService userDetailsService;

4
core/src/main/java/org/springframework/security/runas/RunAsImplAuthenticationProvider.java
View File

@ -15,7 +15,7 @@
package org.springframework.security.runas;
import org.springframework.security.AcegiMessageSource;
import org.springframework.security.SpringSecurityMessageSource;
import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationException;
import org.springframework.security.BadCredentialsException;
@ -41,7 +41,7 @@ import org.springframework.util.Assert;
public class RunAsImplAuthenticationProvider implements InitializingBean, AuthenticationProvider, MessageSourceAware {
//~ Instance fields ================================================================================================
protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
private String key;
//~ Methods ========================================================================================================

2
core/src/main/java/org/springframework/security/taglibs/authz/AuthorizeTag.java
View File

@ -173,7 +173,7 @@ public class AuthorizeTag extends TagSupport {
* returns a <code>null</code> string as the return value of {@link
* org.springframework.security.GrantedAuthority#getAuthority()}.
* </p>
* <p>Reported by rawdave, on Fri Feb 04, 2005 2:11 pm in the Acegi Security System for Spring forums.</p>
* <p>Reported by rawdave, on Fri Feb 04, 2005 2:11 pm in the Spring Security forum.</p>
*
* @param granted The authorities granted by the authentication. May be any implementation of {@link
* GrantedAuthority} that does <strong>not</strong> return <code>null</code> from {@link

2
core/src/main/java/org/springframework/security/taglibs/velocity/Authz.java
View File

@ -29,7 +29,7 @@ import org.springframework.context.ApplicationContext;
/**
* Wrapper the implementation of Acegi Security for Spring JSP tag includes:
* Wrapper the implementation of Spring Security JSP tag includes:
* {@link AuthenticationTag}, {@link AclTag}, {@link AuthorizeTag}
*
* @author Wang Qi

4
core/src/main/java/org/springframework/security/ui/AbstractProcessingFilter.java
View File

@ -15,7 +15,7 @@
package org.springframework.security.ui;
import org.springframework.security.AcegiMessageSource;
import org.springframework.security.SpringSecurityMessageSource;
import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationException;
import org.springframework.security.AuthenticationManager;
@ -157,7 +157,7 @@ public abstract class AbstractProcessingFilter implements Filter, InitializingBe
protected final Log logger = LogFactory.getLog(this.getClass());
protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
private Properties exceptionMappings = new Properties();

2
core/src/main/java/org/springframework/security/ui/WebAuthenticationDetails.java
View File

@ -42,7 +42,7 @@ public class WebAuthenticationDetails implements SessionIdentifierAware, Seriali
*
* <p>
* NB: This constructor will cause a <code>HttpSession</code> to be created
* (this is considered reasonable as all Acegi Security authentication
* (this is considered reasonable as all Spring Security authentication
* requests rely on <code>HttpSession</code> to store the
* <code>Authentication</code> between requests
* </p>

2
core/src/main/java/org/springframework/security/ui/basicauth/BasicProcessingFilter.java
View File

@ -61,7 +61,7 @@ import org.springframework.util.Assert;
* which will prompt the user to authenticate again via BASIC authentication.</p>
* <p>Basic authentication is an attractive protocol because it is simple and widely deployed. However, it still
* transmits a password in clear text and as such is undesirable in many situations. Digest authentication is also
* provided by Acegi Security and should be used instead of Basic authentication wherever possible. See {@link
* provided by Spring Security and should be used instead of Basic authentication wherever possible. See {@link
* org.springframework.security.ui.digestauth.DigestProcessingFilter}.</p>
* <p>Note that if a {@link #rememberMeServices} is set, this filter will automatically send back remember-me
* details to the client. Therefore, subsequent requests will not need to present a BASIC authentication header as

16
core/src/main/java/org/springframework/security/ui/cas/ServiceProperties.java
View File

@ -19,9 +19,10 @@ import org.springframework.beans.factory.InitializingBean;
/**
* Stores properties related to this CAS service.<P>Each web application capable of processing CAS tickets is known
* as a service. This class stores the properties that are relevant to the local CAS service, being the application
* that is being secured by the Acegi Security System for Spring.</p>
* Stores properties related to this CAS service.
* <p>Each web application capable of processing CAS tickets is known as a service.
* This class stores the properties that are relevant to the local CAS service, being the application
* that is being secured by Spring Security.</p>
*
* @author Ben Alex
* @version $Id$
@ -41,9 +42,12 @@ public class ServiceProperties implements InitializingBean {
}
/**
* Represents the service the user is authenticating to.<p>This service is the callback URL belonging to
* the local Acegi Security System for Spring secured application. For example,</p>
* <code>https://www.mycompany.com/application/j_spring_cas_security_check</code>
* Represents the service the user is authenticating to.
* <p>This service is the callback URL belonging to the local Spring Security System for Spring secured application.
* For example,
* <pre>
* https://www.mycompany.com/application/j_spring_cas_security_check
* </pre>
*
* @return the URL of the service the user is authenticating to
*/

4
core/src/main/java/org/springframework/security/ui/digestauth/DigestProcessingFilter.java
View File

@ -15,7 +15,7 @@
package org.springframework.security.ui.digestauth;
import org.springframework.security.AcegiMessageSource;
import org.springframework.security.SpringSecurityMessageSource;
import org.springframework.security.AuthenticationException;
import org.springframework.security.AuthenticationServiceException;
import org.springframework.security.BadCredentialsException;
@ -93,7 +93,7 @@ public class DigestProcessingFilter implements Filter, InitializingBean, Message
private AuthenticationDetailsSource authenticationDetailsSource = new AuthenticationDetailsSourceImpl();
private DigestProcessingFilterEntryPoint authenticationEntryPoint;
protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
private UserCache userCache = new NullUserCache();
private UserDetailsService userDetailsService;
private boolean passwordAlreadyEncoded = false;

12
core/src/main/java/org/springframework/security/ui/rememberme/RememberMeServices.java
View File

@ -25,7 +25,7 @@ import javax.servlet.http.HttpServletResponse;
* Implement by a class that is capable of providing a remember-me service.
*
* <p>
* Acegi Security filters (namely {@link
* Spring Security filters (namely {@link
* org.springframework.security.ui.AbstractProcessingFilter} and {@link
* org.springframework.security.ui.rememberme.RememberMeProcessingFilter} will call
* the methods provided by an implementation of this interface.
@ -44,7 +44,7 @@ import javax.servlet.http.HttpServletResponse;
* <p>
* This interface does not define how remember-me services should offer a
* "cancel all remember-me tokens" type capability, as this will be
* implementation specific and requires no hooks into Acegi Security.
* implementation specific and requires no hooks into Spring Security.
* </p>
*
* @author Ben Alex
@ -55,14 +55,14 @@ public interface RememberMeServices {
/**
* This method will be called whenever the <code>SecurityContextHolder</code> does not contain an
* <code>Authentication</code> and the Acegi Security system wishes to provide an implementation with an
* opportunity to authenticate the request using remember-me capabilities. Acegi Security makes no attempt
* <code>Authentication</code> object and Spring Security wishes to provide an implementation with an
* opportunity to authenticate the request using remember-me capabilities. Spring Security makes no attempt
* whatsoever to determine whether the browser has requested remember-me services or presented a valid cookie.
* Such determinations are left to the implementation. If a browser has presented an unauthorised cookie for
* whatever reason, it should be silently ignored and invalidated using the <code>HttpServletResponse</code>
* object.<p>The returned <code>Authentication</code> must be acceptable to {@link
* org.springframework.security.AuthenticationManager} or {@link org.springframework.security.providers.AuthenticationProvider} defined
* by the web application. It is recommended {@link
* org.springframework.security.AuthenticationManager} or
* {@link org.springframework.security.providers.AuthenticationProvider} defined by the web application. It is recommended {@link
* org.springframework.security.providers.rememberme.RememberMeAuthenticationToken} be used in most cases, as it has a
* corresponding authentication provider.</p>
*

2
core/src/main/java/org/springframework/security/ui/rememberme/TokenBasedRememberMeServices.java
View File

@ -106,7 +106,7 @@ public class TokenBasedRememberMeServices implements RememberMeServices, Initial
public static final String SPRING_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY = "SPRING_SECURITY_HASHED_REMEMBER_ME_COOKIE";
public static final String DEFAULT_PARAMETER = "_acegi_security_remember_me";
public static final String DEFAULT_PARAMETER = "_spring_security_remember_me";
protected static final Log logger = LogFactory.getLog(TokenBasedRememberMeServices.class);

6
core/src/main/java/org/springframework/security/ui/switchuser/SwitchUserProcessingFilter.java
View File

@ -16,7 +16,7 @@
package org.springframework.security.ui.switchuser;
import org.springframework.security.AccountExpiredException;
import org.springframework.security.AcegiMessageSource;
import org.springframework.security.SpringSecurityMessageSource;
import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationCredentialsNotFoundException;
import org.springframework.security.AuthenticationException;
@ -70,7 +70,7 @@ import javax.servlet.http.HttpServletResponse;
/**
* Switch User processing filter responsible for user context switching.<p>This filter is similar to Unix 'su'
* however for Acegi-managed web applications. A common use-case for this feature is the ability to allow
* however for Spring Security-managed web applications. A common use-case for this feature is the ability to allow
* higher-authority users (i.e. ROLE_ADMIN) to switch to a regular user (i.e. ROLE_USER).</p>
* <p>This filter assumes that the user performing the switch will be required to be logged in as normal (i.e.
* ROLE_ADMIN user). The user will then access a page/controller that enables the administrator to specify who they
@ -111,7 +111,7 @@ public class SwitchUserProcessingFilter implements Filter, InitializingBean, App
private ApplicationEventPublisher eventPublisher;
private AuthenticationDetailsSource authenticationDetailsSource = new AuthenticationDetailsSourceImpl();
protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
private String exitUserUrl = "/j_spring_security_exit_user";
private String switchUserUrl = "/j_spring_security_switch_user";
private String targetUrl;

12
core/src/main/java/org/springframework/security/ui/webapp/SiteminderAuthenticationProcessingFilter.java
View File

@ -31,17 +31,17 @@ import javax.servlet.http.HttpServletResponse;
/**
* Extends Acegi's AuthenticationProcessingFilter to pick up CA/Netegrity Siteminder headers.<P>Also provides a
* backup form-based authentication and the ability set source key names.</p>
* <P><B>Siteminder</B> must present two <B>headers</B> to this filter, a username and password. You must set the
* Extends Spring Security's AuthenticationProcessingFilter to pick up CA/Netegrity Siteminder headers.
* <p>Also provides a backup form-based authentication and the ability set source key names.</p>
* <p><b>Siteminder</b> must present two <b>headers</b> to this filter, a username and password. You must set the
* header keys before this filter is used for authentication, otherwise Siteminder checks will be skipped. If the
* Siteminder check is unsuccessful (i.e. if the headers are not found), then the form parameters will be checked (see
* next paragraph). This allows applications to optionally function even when their Siteminder infrastructure is
* unavailable, as is often the case during development.</p>
* <P><B>Login forms</B> must present two <B>parameters</B> to this filter: a username and password. If not
* <p><b>Login forms</b> must present two <b>parameters</b> to this filter: a username and password. If not
* specified, the parameter names to use are contained in the static fields {@link #SPRING_SECURITY_FORM_USERNAME_KEY}
* and {@link #SPRING_SECURITY_FORM_PASSWORD_KEY}.</p>
* <P><B>Do not use this class directly.</B> Instead, configure <code>web.xml</code> to use the {@link
* <p><b>Do not use this class directly.</b> Instead, configure <code>web.xml</code> to use the {@link
* org.springframework.security.util.FilterToBeanProxy}.</p>
*/
public class SiteminderAuthenticationProcessingFilter extends AuthenticationProcessingFilter {
@ -66,7 +66,7 @@ public class SiteminderAuthenticationProcessingFilter extends AuthenticationProc
//~ Constructors ===================================================================================================
/**
/**
* Basic constructor.
*/
public SiteminderAuthenticationProcessingFilter() {

2
core/src/main/java/org/springframework/security/ui/x509/X509ProcessingFilterEntryPoint.java
View File

@ -34,7 +34,7 @@ import org.apache.commons.logging.LogFactory;
* <p>
* Therefore this class isn't actually responsible for the commencement of
* authentication, as it is in the case of other providers. It will be called if
* the certificate was rejected by Acegi's X509AuthenticationProvider, resulting
* the certificate was rejected by Spring Security's X509AuthenticationProvider, resulting
* in a null authentication.
* </p>
* The <code>commence</code> method will always return an

2
core/src/main/java/org/springframework/security/userdetails/UserDetails.java
View File

@ -25,7 +25,7 @@ import java.io.Serializable;
* Provides core user information.
*
* <p>
* Implementations are not used directly by Acegi Security for security
* Implementations are not used directly by Spring Security for security
* purposes. They simply store user information which is later encapsulated
* into {@link Authentication} objects. This allows non-security related user
* information (such as email addresses, telephone numbers etc) to be stored

2
core/src/main/java/org/springframework/security/userdetails/hierarchicalroles/RoleHierarchyImpl.java
View File

@ -51,7 +51,7 @@ import java.util.*;
* Hierarchical Roles will dramatically shorten your access rules (and also make the access rules much more elegant).
* </p>
* <p>
* Consider this access rule for Acegi's RoleVoter (background: every user that is authenticated should be
* Consider this access rule for Spring Security's RoleVoter (background: every user that is authenticated should be
* able to log out):<br>
* /logout.html=ROLE_A,ROLE_B,ROLE_AUTHENTICATED<br>
* With hierarchical roles this can now be shortened to:<br>

4
core/src/main/java/org/springframework/security/userdetails/hierarchicalroles/UserDetailsServiceWrapper.java
View File

@ -20,8 +20,8 @@ import org.springframework.security.userdetails.UsernameNotFoundException;
import org.springframework.dao.DataAccessException;
/**
* This class wraps Acegi's UserDetailsService in a way that its loadUserByUsername()
* method returns wrapped UserDetails that return all hierachically reachable authorities
* This class wraps Spring Security's <tt>UserDetailsService</tt> in a way that its <tt>loadUserByUsername()</tt>
* method returns wrapped <tt>UserDetails</tt> that return all hierachically reachable authorities
* instead of only the directly assigned authorities.
*
* @author Michael Mayr

6
core/src/main/java/org/springframework/security/userdetails/hierarchicalroles/UserDetailsWrapper.java
View File

@ -18,9 +18,9 @@ import org.springframework.security.GrantedAuthority;
import org.springframework.security.userdetails.UserDetails;
/**
* This class wraps Acegi's UserDetails in a way that its getAuthorities()-Method is
* delegated to RoleHierarchy.getReachableGrantedAuthorities. All other methods are
* delegated to the UserDetails implementation.
* This class wraps Spring Security's <tt>UserDetails</tt> in a way that its <tt>getAuthorities()</tt> method is
* delegated to <tt>RoleHierarchy.getReachableGrantedAuthorities</tt>. All other methods are
* delegated to the <tt>UserDetails</tt> implementation.
*
* @author Michael Mayr
*/

6
core/src/main/java/org/springframework/security/userdetails/jdbc/JdbcDaoImpl.java
View File

@ -17,7 +17,7 @@ package org.springframework.security.userdetails.jdbc;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.AcegiMessageSource;
import org.springframework.security.SpringSecurityMessageSource;
import org.springframework.security.userdetails.User;
import org.springframework.security.userdetails.UserDetails;
@ -67,7 +67,7 @@ public class JdbcDaoImpl extends JdbcDaoSupport implements UserDetailsService {
//~ Instance fields ================================================================================================
protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
protected MappingSqlQuery authoritiesByUsernameMapping;
protected MappingSqlQuery usersByUsernameMapping;
private String authoritiesByUsernameQuery;
@ -169,7 +169,7 @@ public class JdbcDaoImpl extends JdbcDaoSupport implements UserDetailsService {
/**
* Allows a default role prefix to be specified. If this is set to a non-empty value, then it is
* automatically prepended to any roles read in from the db. This may for example be used to add the
* <code>ROLE_</code> prefix expected to exist in role names (by default) by some other Acegi Security framework
* <code>ROLE_</code> prefix expected to exist in role names (by default) by some other Spring Security
* classes, in the case that the prefix is not already present in the db.
*
* @param rolePrefix the new prefix

2
core/src/main/java/org/springframework/security/util/FilterInvocationUtils.java
View File

@ -31,7 +31,7 @@ import javax.servlet.ServletResponse;
/**
* Static utility methods for creating <code>FilterInvocation</code>s usable within Acegi Security.<p>The generated
* Static utility methods for creating <code>FilterInvocation</code>s usable within Spring Security.<p>The generated
* <code>FilterInvocation</code> objects are not intended for use with <code>AbstractSecurityInterceptor</code>
* subclasses. Instead they are generally used by <code>WebInvocationPrivilegeEvaluator</code>.</p>
*

2
core/src/main/java/org/springframework/security/util/InMemoryResource.java
View File

@ -24,7 +24,7 @@ import java.io.InputStream;
/**
* An in memory implementation of Spring's {@link org.springframework.core.io.Resource} interface.
* <p>Used by the "Acegifier" web application to create a bean factory from an XML string, rather than a file.</p>
* <p>Used to create a bean factory from an XML string, rather than a file.</p>
*
* @author Luke Taylor
* @version $Id$

4
core/src/main/java/org/springframework/security/util/MethodInvocationUtils.java
View File

@ -26,8 +26,8 @@ import java.util.List;
/**
* Static utility methods for creating <code>MethodInvocation</code>s usable within Acegi Security.<p>All methods
* of this class return a {@link org.springframework.security.util.SimpleMethodInvocation}.</p>
* Static utility methods for creating <code>MethodInvocation</code>s usable within Spring Security.
* <p>All methods of this class return a {@link org.springframework.security.util.SimpleMethodInvocation}.</p>
*
* @author Ben Alex
* @version $Id$

2
core/src/main/java/org/springframework/security/util/package.html
View File

@ -1,5 +1,5 @@
<html>
<body>
General utility classes used throughout the Acegi Security System.
General utility classes used throughout the Spring Security framework.
</body>
</html>

4
core/src/main/java/org/springframework/security/vote/AbstractAccessDecisionManager.java
View File

@ -20,7 +20,7 @@ import java.util.List;
import org.springframework.security.AccessDecisionManager;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.AcegiMessageSource;
import org.springframework.security.SpringSecurityMessageSource;
import org.springframework.security.ConfigAttribute;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.MessageSource;
@ -43,7 +43,7 @@ public abstract class AbstractAccessDecisionManager implements AccessDecisionMan
private List decisionVoters;
protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
private boolean allowIfAllAbstainDecisions = false;

2
core/src/main/java/org/springframework/security/wrapper/SecurityContextHolderAwareRequestWrapper.java
View File

@ -31,7 +31,7 @@ import javax.servlet.http.HttpServletRequestWrapper;
/**
* An Acegi Security-aware <code>HttpServletRequestWrapper</code>, which uses the
* A Spring Security-aware <code>HttpServletRequestWrapper</code>, which uses the
* <code>SecurityContext</code>-defined <code>Authentication</code> object for {@link
* SecurityContextHolderAwareRequestWrapper#isUserInRole(java.lang.String)} and {@link
* javax.servlet.http.HttpServletRequestWrapper#getRemoteUser()} responses.

4
core/src/main/java/org/springframework/security/wrapper/package.html
View File

@ -1,9 +1,9 @@
<html>
<body>
Populates a Servlet request with a new Acegi Security compliant
Populates a Servlet request with a new Spring Security compliant
<code>HttpServletRequestWrapper</code>.
<p>To use, simply add the <code>ContextHolderAwareRequestFilter</code>
<p>To use, simply add the <code>SecurityContextHolderAwareRequestFilter</code>
to <code>web.xml</code>.
</body>
</html>

2
core/src/main/resources/org/springframework/security/messages_fr.properties
View File

@ -1,4 +1,4 @@
# Acegi security
# Spring security
# Messages in French
# Translation by Laurent Pireyn (laurent.pireyn@pisolutions.eu)

2
core/src/main/resources/org/springframework/security/providers/dao/jdbc/acegisecurity-jdbc.xml
View File

@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
<!--
* The Acegi Security System for Spring is published under the terms
* Spring Security is published under the terms
* of the Apache Software License.
* $Id$
-->

2
core/src/main/resources/org/springframework/security/taglibs/authz.tld
View File

@ -8,7 +8,7 @@
<short-name>authz</short-name>
<uri>http://acegisecurity.org/authz</uri>
<description>
Acegi Security Systems Authorization Tag Library
Spring Securitys Authorization Tag Library
$Id$
</description>

2
core/src/site/site.xml
View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="ISO-8859-1"?>
<project name="Acegi Security Core">
<project name="Spring Security Core">
<body>
<menu ref="parent"/>

14
core/src/test/java/org/springframework/security/AcegiMessageSourceTests.java → core/src/test/java/org/springframework/security/SpringSecurityMessageSourceTests.java
View File

@ -24,27 +24,27 @@ import java.util.Locale;
/**
* Tests {@link org.springframework.security.AcegiMessageSource}.
* Tests {@link org.springframework.security.SpringSecurityMessageSource}.
*/
public class AcegiMessageSourceTests extends TestCase {
public class SpringSecurityMessageSourceTests extends TestCase {
//~ Constructors ===================================================================================================
public AcegiMessageSourceTests() {
public SpringSecurityMessageSourceTests() {
super();
}
public AcegiMessageSourceTests(String arg0) {
public SpringSecurityMessageSourceTests(String arg0) {
super(arg0);
}
//~ Methods ========================================================================================================
public static void main(String[] args) {
junit.textui.TestRunner.run(AcegiMessageSourceTests.class);
junit.textui.TestRunner.run(SpringSecurityMessageSourceTests.class);
}
public void testOperation() {
AcegiMessageSource msgs = new AcegiMessageSource();
SpringSecurityMessageSource msgs = new SpringSecurityMessageSource();
assertEquals("Proxy tickets are rejected", msgs.getMessage("RejectProxyTickets.reject", null, Locale.ENGLISH));
}
@ -54,7 +54,7 @@ public class AcegiMessageSourceTests extends TestCase {
LocaleContextHolder.setLocale(Locale.ENGLISH);
// Cause a message to be generated
MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
assertEquals("Missing mandatory digest value; received header FOOBAR",
messages.getMessage("DigestProcessingFilter.missingMandatory", new Object[] {"FOOBAR"},
"ERROR - FAILED TO LOOKUP"));

8
core/src/test/java/org/springframework/security/adapters/AuthByAdapterTests.java
View File

@ -59,7 +59,7 @@ public class AuthByAdapterTests extends TestCase {
AuthByAdapterProvider provider = new AuthByAdapterProvider();
provider.setKey("my_password");
PrincipalAcegiUserToken token = new PrincipalAcegiUserToken("my_password", "Test", "Password",
PrincipalSpringSecurityUserToken token = new PrincipalSpringSecurityUserToken("my_password", "Test", "Password",
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO")},
null);
assertTrue(provider.supports(token.getClass()));
@ -75,7 +75,7 @@ public class AuthByAdapterTests extends TestCase {
fail("Should have returned same type of object it was given");
}
PrincipalAcegiUserToken castResponse = (PrincipalAcegiUserToken) response;
PrincipalSpringSecurityUserToken castResponse = (PrincipalSpringSecurityUserToken) response;
assertEquals(token.getName(), castResponse.getName());
}
@ -120,8 +120,8 @@ public class AuthByAdapterTests extends TestCase {
AuthByAdapterProvider provider = new AuthByAdapterProvider();
provider.setKey("my_password");
// Should fail as PrincipalAcegiUserToken has different key
PrincipalAcegiUserToken token = new PrincipalAcegiUserToken("wrong_password", "Test", "Password", null, null);
// Should fail as PrincipalSpringSecurityUserToken has different key
PrincipalSpringSecurityUserToken token = new PrincipalSpringSecurityUserToken("wrong_password", "Test", "Password", null, null);
try {
provider.authenticate(token);

8
core/src/test/java/org/springframework/security/adapters/HttpRequestIntegrationFilterTests.java
View File

@ -58,7 +58,7 @@ public class HttpRequestIntegrationFilterTests extends TestCase {
public void testCorrectOperation() throws Exception {
HttpRequestIntegrationFilter filter = new HttpRequestIntegrationFilter();
PrincipalAcegiUserToken principal = new PrincipalAcegiUserToken("key", "someone", "password",
PrincipalSpringSecurityUserToken principal = new PrincipalSpringSecurityUserToken("key", "someone", "password",
new GrantedAuthority[] {new GrantedAuthorityImpl("SOME_ROLE")}, null);
MockHttpServletRequest request = new MockHttpServletRequest();
@ -69,12 +69,12 @@ public class HttpRequestIntegrationFilterTests extends TestCase {
filter.doFilter(request, response, chain);
if (!(SecurityContextHolder.getContext().getAuthentication() instanceof PrincipalAcegiUserToken)) {
if (!(SecurityContextHolder.getContext().getAuthentication() instanceof PrincipalSpringSecurityUserToken)) {
System.out.println(SecurityContextHolder.getContext().getAuthentication());
fail("Should have returned PrincipalAcegiUserToken");
fail("Should have returned PrincipalSpringSecurityUserToken");
}
PrincipalAcegiUserToken castResult = (PrincipalAcegiUserToken) SecurityContextHolder.getContext()
PrincipalSpringSecurityUserToken castResult = (PrincipalSpringSecurityUserToken) SecurityContextHolder.getContext()
.getAuthentication();
assertEquals(principal, castResult);
}

21
core/src/test/java/org/springframework/security/adapters/PrincipalAcegiUserTokenTests.java → core/src/test/java/org/springframework/security/adapters/PrincipalSpringSecurityUserTokenTests.java
View File

@ -22,34 +22,25 @@ import org.springframework.security.GrantedAuthorityImpl;
/**
* Tests {@link PrincipalAcegiUserToken}.
* Tests {@link PrincipalSpringSecurityUserToken}.
*
* @author Ben Alex
* @version $Id$
*/
public class PrincipalAcegiUserTokenTests extends TestCase {
public class PrincipalSpringSecurityUserTokenTests extends TestCase {
//~ Constructors ===================================================================================================
public PrincipalAcegiUserTokenTests() {
super();
public PrincipalSpringSecurityUserTokenTests() {
}
public PrincipalAcegiUserTokenTests(String arg0) {
public PrincipalSpringSecurityUserTokenTests(String arg0) {
super(arg0);
}
//~ Methods ========================================================================================================
public static void main(String[] args) {
junit.textui.TestRunner.run(PrincipalAcegiUserTokenTests.class);
}
public final void setUp() throws Exception {
super.setUp();
}
public void testGetters() throws Exception {
PrincipalAcegiUserToken token = new PrincipalAcegiUserToken("my_password", "Test", "Password",
PrincipalSpringSecurityUserToken token = new PrincipalSpringSecurityUserToken("my_password", "Test", "Password",
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO")},
null);
assertEquals("Test", token.getPrincipal());
@ -59,7 +50,7 @@ public class PrincipalAcegiUserTokenTests extends TestCase {
}
public void testNoArgConstructorDoesntExist() {
Class clazz = PrincipalAcegiUserToken.class;
Class clazz = PrincipalSpringSecurityUserToken.class;
try {
clazz.getDeclaredConstructor((Class[]) null);

14
core/src/test/java/org/springframework/security/context/HttpSessionContextIntegrationFilterTests.java
View File

@ -22,7 +22,7 @@ import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.MockFilterConfig;
import org.springframework.security.adapters.PrincipalAcegiUserToken;
import org.springframework.security.adapters.PrincipalSpringSecurityUserToken;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
@ -104,7 +104,7 @@ public class HttpSessionContextIntegrationFilterTests extends TestCase {
public void testExceptionWithinFilterChainStillClearsSecurityContextHolder() throws Exception {
// Build an Authentication object we simulate came from HttpSession
PrincipalAcegiUserToken sessionPrincipal = new PrincipalAcegiUserToken(
PrincipalSpringSecurityUserToken sessionPrincipal = new PrincipalSpringSecurityUserToken(
"key",
"someone",
"password",
@ -149,7 +149,7 @@ public class HttpSessionContextIntegrationFilterTests extends TestCase {
public void testExistingContextContentsCopiedIntoContextHolderFromSessionAndChangesToContextCopiedBackToSession()
throws Exception {
// Build an Authentication object we simulate came from HttpSession
PrincipalAcegiUserToken sessionPrincipal = new PrincipalAcegiUserToken(
PrincipalSpringSecurityUserToken sessionPrincipal = new PrincipalSpringSecurityUserToken(
"key",
"someone",
"password",
@ -158,7 +158,7 @@ public class HttpSessionContextIntegrationFilterTests extends TestCase {
// Build an Authentication object we simulate our Authentication changed
// it to
PrincipalAcegiUserToken updatedPrincipal = new PrincipalAcegiUserToken(
PrincipalSpringSecurityUserToken updatedPrincipal = new PrincipalSpringSecurityUserToken(
"key", "someone", "password",
new GrantedAuthority[] { new GrantedAuthorityImpl(
"SOME_DIFFERENT_ROLE") }, null);
@ -194,7 +194,7 @@ public class HttpSessionContextIntegrationFilterTests extends TestCase {
public void testHttpSessionCreatedWhenContextHolderChanges() throws Exception {
// Build an Authentication object we simulate our Authentication changed it to
PrincipalAcegiUserToken updatedPrincipal = new PrincipalAcegiUserToken(
PrincipalSpringSecurityUserToken updatedPrincipal = new PrincipalSpringSecurityUserToken(
"key", "someone", "password",
new GrantedAuthority[] { new GrantedAuthorityImpl(
"SOME_DIFFERENT_ROLE") }, null);
@ -260,7 +260,7 @@ public class HttpSessionContextIntegrationFilterTests extends TestCase {
public void testHttpSessionWithNonContextInWellKnownLocationIsOverwritten() throws Exception {
// Build an Authentication object we simulate our Authentication changed
// it to
PrincipalAcegiUserToken updatedPrincipal = new PrincipalAcegiUserToken(
PrincipalSpringSecurityUserToken updatedPrincipal = new PrincipalSpringSecurityUserToken(
"key", "someone", "password",
new GrantedAuthority[] { new GrantedAuthorityImpl(
"SOME_DIFFERENT_ROLE") }, null);
@ -289,7 +289,7 @@ public class HttpSessionContextIntegrationFilterTests extends TestCase {
}
public void testConcurrentThreadsLazilyChangeFilterAppliedValueToTrue() throws Exception {
PrincipalAcegiUserToken sessionPrincipal = new PrincipalAcegiUserToken(
PrincipalSpringSecurityUserToken sessionPrincipal = new PrincipalSpringSecurityUserToken(
"key",
"someone",
"password",

14
core/src/test/java/org/springframework/security/ldap/DefaultInitialDirContextFactoryTests.java
View File

@ -15,7 +15,7 @@
package org.springframework.security.ldap;
import org.springframework.security.AcegiMessageSource;
import org.springframework.security.SpringSecurityMessageSource;
import org.springframework.security.BadCredentialsException;
import org.springframework.ldap.UncategorizedLdapException;
@ -43,7 +43,7 @@ public class DefaultInitialDirContextFactoryTests extends AbstractLdapIntegratio
public void onSetUp() throws Exception {
super.onSetUp();
idf = getInitialDirContextFactory();
idf.setMessageSource(new AcegiMessageSource());
idf.setMessageSource(new SpringSecurityMessageSource());
}
@Test
@ -57,15 +57,15 @@ public class DefaultInitialDirContextFactoryTests extends AbstractLdapIntegratio
@Test
public void testBaseDnIsParsedFromCorrectlyFromUrl() {
idf = new DefaultInitialDirContextFactory("ldap://acegisecurity.org/dc=springframework,dc=org");
idf = new DefaultInitialDirContextFactory("ldap://springsecurity.org/dc=springframework,dc=org");
assertEquals("dc=springframework,dc=org", idf.getRootDn());
// Check with an empty root
idf = new DefaultInitialDirContextFactory("ldap://acegisecurity.org/");
idf = new DefaultInitialDirContextFactory("ldap://springsecurity.org/");
assertEquals("", idf.getRootDn());
// Empty root without trailing slash
idf = new DefaultInitialDirContextFactory("ldap://acegisecurity.org");
idf = new DefaultInitialDirContextFactory("ldap://springsecurity.org");
assertEquals("", idf.getRootDn());
}
@ -125,12 +125,12 @@ public class DefaultInitialDirContextFactoryTests extends AbstractLdapIntegratio
@Test
public void testEnvironment() {
idf = new DefaultInitialDirContextFactory("ldap://acegisecurity.org/");
idf = new DefaultInitialDirContextFactory("ldap://springsecurity.org/");
// check basic env
Hashtable env = idf.getEnvironment();
//assertEquals("com.sun.jndi.ldap.LdapCtxFactory", env.get(Context.INITIAL_CONTEXT_FACTORY));
assertEquals("ldap://acegisecurity.org/", env.get(Context.PROVIDER_URL));
assertEquals("ldap://springsecurity.org/", env.get(Context.PROVIDER_URL));
assertEquals("simple", env.get(Context.SECURITY_AUTHENTICATION));
assertNull(env.get(Context.SECURITY_PRINCIPAL));
assertNull(env.get(Context.SECURITY_CREDENTIALS));

7
core/src/test/java/org/springframework/security/ldap/LdapUtilsTests.java
View File

@ -60,14 +60,13 @@ public class LdapUtilsTests extends MockObjectTestCase {
LdapUtils.getRelativeName("cn=jane,dc=springframework,dc=org", (Context) mockCtx.proxy()));
}
public void testGetRelativeNameWorksWithArbitrarySpaces()
throws Exception {
public void testGetRelativeNameWorksWithArbitrarySpaces() throws Exception {
Mock mockCtx = mock(DirContext.class);
mockCtx.expects(atLeastOnce()).method("getNameInNamespace").will(returnValue("dc=acegisecurity,dc = org"));
mockCtx.expects(atLeastOnce()).method("getNameInNamespace").will(returnValue("dc=springsecurity,dc = org"));
assertEquals("cn=jane smith",
LdapUtils.getRelativeName("cn=jane smith, dc = acegisecurity , dc=org", (Context) mockCtx.proxy()));
LdapUtils.getRelativeName("cn=jane smith, dc = springsecurity , dc=org", (Context) mockCtx.proxy()));
}
public void testRootDnsAreParsedFromUrlsCorrectly() {

4
core/src/test/java/org/springframework/security/providers/ldap/authenticator/BindAuthenticatorTests.java
View File

@ -15,7 +15,7 @@
package org.springframework.security.providers.ldap.authenticator;
import org.springframework.security.AcegiMessageSource;
import org.springframework.security.SpringSecurityMessageSource;
import org.springframework.security.BadCredentialsException;
import org.springframework.security.Authentication;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
@ -48,7 +48,7 @@ public class BindAuthenticatorTests extends AbstractLdapIntegrationTests {
public void onSetUp() {
authenticator = new BindAuthenticator((InitialDirContextFactory) getContextSource());
authenticator.setMessageSource(new AcegiMessageSource());
authenticator.setMessageSource(new SpringSecurityMessageSource());
bob = new UsernamePasswordAuthenticationToken("bob", "bobspassword");
ben = new UsernamePasswordAuthenticationToken("ben", "benspassword");

2
core/src/test/java/org/springframework/security/ui/digestauth/DigestProcessingFilterTests.java
View File

@ -63,7 +63,7 @@ public class DigestProcessingFilterTests extends MockObjectTestCase {
private static final String NC = "00000002";
private static final String CNONCE = "c822c727a648aba7";
private static final String REALM = "The Actual, Correct Realm Name";
private static final String KEY = "acegi";
private static final String KEY = "springsecurity";
private static final String QOP = "auth";
private static final String USERNAME = "marissa,ok";
private static final String PASSWORD = "koala";

8
core/src/test/java/org/springframework/security/util/StringSplitUtilsTests.java
View File

@ -51,14 +51,14 @@ public class StringSplitUtilsTests extends TestCase {
public void testSplitEachArrayElementAndCreateMapNormalOperation() {
// note it ignores malformed entries (ie those without an equals sign)
String unsplit = "username=\"marissa\", invalidEntryThatHasNoEqualsSign, realm=\"Contacts Realm\", nonce=\"MTEwOTAyMzU1MTQ4NDo1YzY3OWViYWM5NDNmZWUwM2UwY2NmMDBiNDQzMTQ0OQ==\", uri=\"/acegi-security-sample-contacts-filter/secure/adminPermission.htm?contactId=4\", response=\"38644211cf9ac3da63ab639807e2baff\", qop=auth, nc=00000004, cnonce=\"2b8d329a8571b99a\"";
String unsplit = "username=\"marissa\", invalidEntryThatHasNoEqualsSign, realm=\"Contacts Realm\", nonce=\"MTEwOTAyMzU1MTQ4NDo1YzY3OWViYWM5NDNmZWUwM2UwY2NmMDBiNDQzMTQ0OQ==\", uri=\"/spring-security-sample-contacts-filter/secure/adminPermission.htm?contactId=4\", response=\"38644211cf9ac3da63ab639807e2baff\", qop=auth, nc=00000004, cnonce=\"2b8d329a8571b99a\"";
String[] headerEntries = StringUtils.commaDelimitedListToStringArray(unsplit);
Map headerMap = StringSplitUtils.splitEachArrayElementAndCreateMap(headerEntries, "=", "\"");
assertEquals("marissa", headerMap.get("username"));
assertEquals("Contacts Realm", headerMap.get("realm"));
assertEquals("MTEwOTAyMzU1MTQ4NDo1YzY3OWViYWM5NDNmZWUwM2UwY2NmMDBiNDQzMTQ0OQ==", headerMap.get("nonce"));
assertEquals("/acegi-security-sample-contacts-filter/secure/adminPermission.htm?contactId=4",
assertEquals("/spring-security-sample-contacts-filter/secure/adminPermission.htm?contactId=4",
headerMap.get("uri"));
assertEquals("38644211cf9ac3da63ab639807e2baff", headerMap.get("response"));
assertEquals("auth", headerMap.get("qop"));
@ -68,14 +68,14 @@ public class StringSplitUtilsTests extends TestCase {
}
public void testSplitEachArrayElementAndCreateMapRespectsInstructionNotToRemoveCharacters() {
String unsplit = "username=\"marissa\", realm=\"Contacts Realm\", nonce=\"MTEwOTAyMzU1MTQ4NDo1YzY3OWViYWM5NDNmZWUwM2UwY2NmMDBiNDQzMTQ0OQ==\", uri=\"/acegi-security-sample-contacts-filter/secure/adminPermission.htm?contactId=4\", response=\"38644211cf9ac3da63ab639807e2baff\", qop=auth, nc=00000004, cnonce=\"2b8d329a8571b99a\"";
String unsplit = "username=\"marissa\", realm=\"Contacts Realm\", nonce=\"MTEwOTAyMzU1MTQ4NDo1YzY3OWViYWM5NDNmZWUwM2UwY2NmMDBiNDQzMTQ0OQ==\", uri=\"/spring-security-sample-contacts-filter/secure/adminPermission.htm?contactId=4\", response=\"38644211cf9ac3da63ab639807e2baff\", qop=auth, nc=00000004, cnonce=\"2b8d329a8571b99a\"";
String[] headerEntries = StringUtils.commaDelimitedListToStringArray(unsplit);
Map headerMap = StringSplitUtils.splitEachArrayElementAndCreateMap(headerEntries, "=", null);
assertEquals("\"marissa\"", headerMap.get("username"));
assertEquals("\"Contacts Realm\"", headerMap.get("realm"));
assertEquals("\"MTEwOTAyMzU1MTQ4NDo1YzY3OWViYWM5NDNmZWUwM2UwY2NmMDBiNDQzMTQ0OQ==\"", headerMap.get("nonce"));
assertEquals("\"/acegi-security-sample-contacts-filter/secure/adminPermission.htm?contactId=4\"",
assertEquals("\"/spring-security-sample-contacts-filter/secure/adminPermission.htm?contactId=4\"",
headerMap.get("uri"));
assertEquals("\"38644211cf9ac3da63ab639807e2baff\"", headerMap.get("response"));
assertEquals("auth", headerMap.get("qop"));

2
jalopy.xml
View File

@ -5,7 +5,7 @@
<version>14</version>
</compliance>
<style>
<description>Acegi Security System for Spring</description>
<description>Spring Security</description>
<name>acegisecurity</name>
</style>
</general>

2
lib/clover/license.txt
View File

@ -1,4 +1,4 @@
Cenque has supported the Acegi Security System for Spring project with a free
Cenque has supported Spring Security project with a free
Team Edition license of Clover.
We thank Cenqua for their support.

11
notice.txt
View File

@ -1,19 +1,18 @@
======================================================================
== NOTICE file corresponding to section 4(d) of the Apache License, ==
== Version 2.0, in this case for the Acegi Security System for ==
== Spring distribution. ==
== Version 2.0, in this case for the Spring Security distribution. ==
======================================================================
The end-user documentation included with a redistribution, if any,
must include the following acknowledgement:
"This product includes software developed by the Acegi Security
System for Spring Project (http://acegisecurity.org)."
"This product includes software developed by Spring Security
Project (http://acegisecurity.org)."
Alternately, this acknowledgement may appear in the software itself,
if and wherever such third-party acknowledgements normally appear.
The names "Acegi", "Acegi Security System" and "Acegi Security System
for Spring" must not be used to endorse or promote products derived
The names "Spring", "Spring Security" and "Spring Security System"
must not be used to endorse or promote products derived
from this software without prior written permission. For written
permission, please contact ben.alex@acegi.com.au.

12
ntlm/src/main/java/org/springframework/security/ui/ntlm/NtlmProcessingFilter.java
View File

@ -54,7 +54,7 @@ import org.springframework.beans.factory.InitializingBean;
import org.springframework.util.Assert;
/**
* A clean-room implementation for Acegi Security System of an NTLM HTTP filter
* A clean-room implementation for Spring Security of an NTLM HTTP filter
* leveraging the JCIFS library.
* <p>
* NTLM is a Microsoft-developed protocol providing single sign-on capabilities
@ -64,13 +64,13 @@ import org.springframework.util.Assert;
* A web application can then reuse the user's Windows credentials without
* having to ask for them again.
* <p>
* Because NTLM only provides the username of the Windows client, an Acegi
* Because NTLM only provides the username of the Windows client, a Spring
* Security NTLM deployment must have a <code>UserDetailsService</code> that
* provides a <code>UserDetails</code> object with the empty string as the
* password and whatever <code>GrantedAuthority</code> values necessary to
* pass the <code>FilterSecurityInterceptor</code>.
* <p>
* The Acegi Security bean configuration file must also place the
* The Spring Security bean configuration file must also place the
* <code>ExceptionTranslationFilter</code> before this filter in the
* <code>FilterChainProxy</code> definition.
*
@ -83,7 +83,7 @@ public class NtlmProcessingFilter extends HttpFilter implements InitializingBean
private static Log logger = LogFactory.getLog(NtlmProcessingFilter.class);
private static final String STATE_ATTR = "AcegiNtlm";
private static final String STATE_ATTR = "SpringSecurityNtlm";
private static final String CHALLENGE_ATTR = "NtlmChal";
private static final Integer BEGIN = new Integer(0);
private static final Integer NEGOTIATE = new Integer(1);
@ -328,7 +328,7 @@ public class NtlmProcessingFilter extends HttpFilter implements InitializingBean
this.logon(session, dcAddress, auth);
session.setAttribute(STATE_ATTR, COMPLETE);
// Do not reauthenticate the user in Acegi during an IE POST
// Do not reauthenticate the user in Spring Security during an IE POST
final Authentication myCurrentAuth = SecurityContextHolder.getContext().getAuthentication();
if (myCurrentAuth == null || myCurrentAuth instanceof AnonymousAuthenticationToken) {
logger.debug("Authenticating user credentials");
@ -408,7 +408,7 @@ public class NtlmProcessingFilter extends HttpFilter implements InitializingBean
}
/**
* Authenticates the user credentials acquired from NTLM against the Acegi
* Authenticates the user credentials acquired from NTLM against the Spring
* Security <code>AuthenticationManager</code>.
*
* @param request the <code>HttpServletRequest</code> object.

2
ntlm/src/main/java/org/springframework/security/ui/ntlm/NtlmUsernamePasswordAuthenticationToken.java
View File

@ -31,7 +31,7 @@ public class NtlmUsernamePasswordAuthenticationToken extends UsernamePasswordAut
private static final long serialVersionUID = 1L;
/**
* ACEGI often checks password ; but we do not have one. This is the replacement password
* Spring Security often checks password ; but we do not have one. This is the replacement password
*/
public static final String DEFAULT_PASSWORD = "";

14
ntlm/web.xml
View File

@ -1,10 +1,10 @@
<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<display-name>Acegi NTLM</display-name>
<display-name>Spring Security NTLM</display-name>
<!-- 1. Setup two parameters: -->
<!-- a) Acegi's configuration file -->
<!-- b) Loggin configuration file -->
<!-- a) Spring Security's configuration file -->
<!-- b) Logging configuration file -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/applicationContext.xml</param-value>
@ -15,9 +15,9 @@
<param-value>/WEB-INF/log4j.properties</param-value>
</context-param>
<!-- 2. Setup the Acegi Filter Chain Proxy -->
<!-- 2. Setup the Spring Security Filter Chain Proxy -->
<filter>
<filter-name>Acegi Filter Chain Proxy</filter-name>
<filter-name>Spring Security Filter Chain Proxy</filter-name>
<filter-class>org.springframework.security.util.FilterToBeanProxy</filter-class>
<init-param>
<param-name>targetClass</param-name>
@ -26,7 +26,7 @@
</filter>
<filter-mapping>
<filter-name>Acegi Filter Chain Proxy</filter-name>
<filter-name>Spring Security Filter Chain Proxy</filter-name>
<url-pattern>/**</url-pattern>
</filter-mapping>
@ -41,7 +41,7 @@
<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
</listener>
<!-- c) Setup ACEGI to subscribe to http session events in the web context -->
<!-- c) Setup Spring Security to subscribe to http session events in the web context -->
<listener>
<listener-class>org.springframework.security.ui.session.HttpSessionEventPublisher</listener-class>
</listener>

12
readme.txt
View File

@ -1,12 +1,12 @@
===============================================================================
ACEGI SECURITY SYSTEM FOR SPRING - README FILE
SPRING SECURITY - README FILE
===============================================================================
-------------------------------------------------------------------------------
OVERVIEW
-------------------------------------------------------------------------------
The Acegi Security System for Spring provides security services for
Spring Security provides security services for
The Spring Framework (http://www.springframework.org).
For a detailed list of features and access to the latest release, please visit
@ -22,7 +22,7 @@ JAR files are no longer signed. They were signed in releases 1.0.0 and earlier.
BUILDING
-------------------------------------------------------------------------------
Acegi Security is built using Maven. Please read the "Building with Maven" page
Spring Security is built using Maven. Please read the "Building" page
at http://acegisecurity.org. This page is also included in the /docs directory
of official release ZIPs.
@ -38,7 +38,7 @@ ZIPs.
DOCUMENTATION
-------------------------------------------------------------------------------
http://acegisecurity.org has a wide range of articles about Acegi Security,
http://acegisecurity.org has a wide range of articles about Spring Security,
including links to external resources. A copy of this web site is included in
the /docs directory of official release ZIPs.
@ -50,12 +50,12 @@ The core JavaDocs can be found in /docs/multiproject/acegi-security/apidocs/.
OBTAINING SUPPORT
-------------------------------------------------------------------------------
If you need any help, please use the Acegi Security System for Spring forum
If you need any help, please use the Spring Security forum
located at the Spring Community's forum site:
http://forum.springframework.org
If you start using Acegi Security in your project, please consider joining
If you start using Spring Security in your project, please consider joining
the acegisecurity-developer mailing list. This is currently the best way to
keep informed about the project's status and provide feedback in design
discussions. You can join at:

2
samples/contacts/client/client.properties
View File

@ -5,5 +5,5 @@
serverName=localhost
httpPort=8080
contextPath=/acegi-security-sample-contacts-filter
contextPath=/spring-security-sample-contacts-filter
rmiPort=1099

4
samples/contacts/src/main/webapp/WEB-INF/web.xml
View File

@ -46,7 +46,7 @@
<filter>
<filter-name>Acegi Filter Chain Proxy</filter-name>
<filter-name>Spring Security Filter Chain Proxy</filter-name>
<filter-class>org.springframework.security.util.FilterToBeanProxy</filter-class>
<init-param>
<param-name>targetClass</param-name>
@ -55,7 +55,7 @@
</filter>
<filter-mapping>
<filter-name>Acegi Filter Chain Proxy</filter-name>
<filter-name>Spring Security Filter Chain Proxy</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

10
samples/contacts/src/site/resources/sslhowto.txt
View File

@ -9,7 +9,7 @@ might find the troubleshooting section at the end helpful).
The following demonstrates how to create a self-signed certificate and add
it to the cacerts file. If you just want to use the certificate we have
already created and shipped with the Acegi Security System for Spring, you
already created and shipped with Spring Security, you
can skip directly to step 3.
@ -18,7 +18,7 @@ can skip directly to step 3.
What is your first and last name?
[Unknown]: localhost
What is the name of your organizational unit?
[Unknown]: Acegi Security System for Spring
[Unknown]: Spring Security
What is the name of your organization?
[Unknown]: TEST CERTIFICATE ONLY. DO NOT USE IN PRODUCTION.
What is the name of your City or Locality?
@ -27,7 +27,7 @@ What is the name of your State or Province?
[Unknown]:
What is the two-letter country code for this unit?
[Unknown]:
Is CN=localhost, OU=Acegi Security System for Spring, O=TEST CERTIFICATE ONLY. D
Is CN=localhost, OU=Spring Security, O=TEST CERTIFICATE ONLY. D
O NOT USE IN PRODUCTION., L=Unknown, ST=Unknown, C=Unknown correct?
[no]: yes
@ -47,9 +47,9 @@ O NOT USE IN PRODUCTION., L=Unknown, ST=Unknown, C=Unknown correct?
6. keytool -import -v -file acegisecurity.txt -keypass password -keystore cacerts -storepass changeit -alias acegisecurity
Owner: CN=localhost, OU=Acegi Security System for Spring, O=TEST CERTIFICATE ONL
Owner: CN=localhost, OU=Spring Security, O=TEST CERTIFICATE ONL
Y. DO NOT USE IN PRODUCTION., L=Unknown, ST=Unknown, C=Unknown
Issuer: CN=localhost, OU=Acegi Security System for Spring, O=TEST CERTIFICATE ON
Issuer: CN=localhost, OU=Spring Security, O=TEST CERTIFICATE ON
LY. DO NOT USE IN PRODUCTION., L=Unknown, ST=Unknown, C=Unknown
Serial number: 4080daf4
Valid from: Sat Apr 17 07:21:24 GMT 2004 until: Tue Sep 02 07:21:24 GMT 2031

4
samples/tutorial/src/main/webapp/WEB-INF/web.xml
View File

@ -25,7 +25,7 @@
</context-param>
<filter>
<filter-name>Acegi Filter Chain Proxy</filter-name>
<filter-name>Spring Security Filter Chain Proxy</filter-name>
<filter-class>org.springframework.security.util.FilterToBeanProxy</filter-class>
<init-param>
<param-name>targetClass</param-name>
@ -34,7 +34,7 @@
</filter>
<filter-mapping>
<filter-name>Acegi Filter Chain Proxy</filter-name>
<filter-name>Spring Security Filter Chain Proxy</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

5
sandbox/spring-security-config/src/main/java/org/springframework/security/util/package.html
View File

@ -1,5 +0,0 @@
<html>
<body>
General utility classes used throughout the Acegi Security System.
</body>
</html>

16
src-readme.txt
View File

@ -1,12 +1,12 @@
===============================================================================
ACEGI SECURITY SYSTEM FOR SPRING - README FILE
SPRING SECURITY - README FILE
===============================================================================
-------------------------------------------------------------------------------
OVERVIEW
-------------------------------------------------------------------------------
The Acegi Security System for Spring provides security services for
Spring Security System provides security services for
The Spring Framework (http://www.springframework.org).
For a detailed list of features and access to the latest release, please visit
@ -16,10 +16,10 @@ http://acegisecurity.org.
SOURCE RELEASES
-------------------------------------------------------------------------------
If you have downloaded an acegi-security-xx-src.zip, you will NOT be able to
If you have downloaded a spring-security-xx-src.zip, you will NOT be able to
compile the project. The -src releases are intended for source code review
and IDE integration only. If you wish to use Acegi Security, you must download
the full release or compile it from CVS. See the "Building with Maven" page
and IDE integration only. If you wish to use Spring Security, you must download
the full release or compile it from CVS. See the "Building" page
at http://acegisecurity.org for further details. There is also a "Download"
link if you would prefer to download an already compiled release.
@ -27,12 +27,12 @@ link if you would prefer to download an already compiled release.
OBTAINING SUPPORT
-------------------------------------------------------------------------------
If you need any help, please use the Acegi Security System for Spring forum
located at the Spring Community's forum site:
If you need any help, please use the Spring Security forum located at the
Spring Community's forum site:
http://forum.springframework.org
If you start using Acegi Security in your project, please consider joining
If you start using Spring Security in your project, please consider joining
the acegisecurity-developer mailing list. This is currently the best way to
keep informed about the project's status and provide feedback in design
discussions. You can join at:

Some files were not shown because too many files have changed in this diff Show More