OPEN - issue SEC-649: Add user-service-ref attribute to remember-me namespace element

http://jira.springframework.org/browse/SEC-649. Added attribute to namespace and parsing support.
2025-06-27 14:22:47 +00:00 · 2008-03-31 17:27:58 +00:00 · 2008-03-31 17:27:58 +00:00 · 40e51dd5fe
commit 40e51dd5fe
parent cc752cfc28
5 changed files with 1256 additions and 1235 deletions
--- a/core/src/main/java/org/springframework/security/config/RememberMeBeanDefinitionParser.java
+++ b/core/src/main/java/org/springframework/security/config/RememberMeBeanDefinitionParser.java
@ -27,6 +27,8 @@ public class RememberMeBeanDefinitionParser implements BeanDefinitionParser {

 	static final String ATT_DATA_SOURCE = "data-source";
 	static final String ATT_TOKEN_REPOSITORY = "token-repository-ref";
+	static final String ATT_USER_SERVICE_REF = "user-service-ref";
+	
 	protected final Log logger = LogFactory.getLog(getClass());

    public BeanDefinition parse(Element element, ParserContext parserContext) {
@ -34,11 +36,13 @@ public class RememberMeBeanDefinitionParser implements BeanDefinitionParser {
        String dataSource = null;
        String key = null;
        Object source = null;
+        String userServiceRef = null;

        if (element != null) {
            tokenRepository = element.getAttribute(ATT_TOKEN_REPOSITORY);
            dataSource = element.getAttribute(ATT_DATA_SOURCE);
            key = element.getAttribute(ATT_KEY);
+            userServiceRef = element.getAttribute(ATT_USER_SERVICE_REF);            
            source = parserContext.extractSource(element);
        }

@ -84,6 +88,10 @@ public class RememberMeBeanDefinitionParser implements BeanDefinitionParser {
        services.setSource(source);
        provider.setSource(source);

+        if (StringUtils.hasText(userServiceRef)) {
+            services.getPropertyValues().addPropertyValue("userDetailsService", new RuntimeBeanReference(userServiceRef));
+        }
+
        provider.getPropertyValues().addPropertyValue(ATT_KEY, key);
        services.getPropertyValues().addPropertyValue(ATT_KEY, key);

--- a/core/src/main/java/org/springframework/security/ui/FilterChainOrder.java
+++ b/core/src/main/java/org/springframework/security/ui/FilterChainOrder.java
@ -1,6 +1,5 @@
 package org.springframework.security.ui;

-import org.springframework.core.Ordered;
 import org.springframework.util.Assert;

 import java.util.Map;
@ -53,6 +52,7 @@ public abstract class FilterChainOrder {
        filterNameToOrder.put("PRE_AUTH_FILTER", new Integer(PRE_AUTH_FILTER));
        filterNameToOrder.put("CAS_PROCESSING_FILTER", new Integer(CAS_PROCESSING_FILTER));
        filterNameToOrder.put("AUTHENTICATION_PROCESSING_FILTER", new Integer(AUTHENTICATION_PROCESSING_FILTER));
+        filterNameToOrder.put("OPENID_PROCESSING_FILTER", new Integer(OPENID_PROCESSING_FILTER));
        filterNameToOrder.put("BASIC_PROCESSING_FILTER", new Integer(BASIC_PROCESSING_FILTER));
        filterNameToOrder.put("SERVLET_API_SUPPORT_FILTER", new Integer(SERVLET_API_SUPPORT_FILTER));
        filterNameToOrder.put("REMEMBER_ME_FILTER", new Integer(REMEMBER_ME_FILTER));
--- a/core/src/main/resources/org/springframework/security/config/spring-security-2.0.rnc
+++ b/core/src/main/resources/org/springframework/security/config/spring-security-2.0.rnc
@ -319,6 +319,8 @@ remember-me =
    element remember-me {remember-me.attlist}
 remember-me.attlist &=
    (attribute key {xsd:string} | (attribute token-repository-ref {xsd:string} | attribute data-source-ref {xsd:string}))
+remember-me.attlist &=
+    user-service-ref?

 anonymous =
    ## Adds support for automatically granting all anonymous web requests a particular principal identity and a corresponding granted authority.
--- a/core/src/main/resources/org/springframework/security/config/spring-security-2.0.xsd
+++ b/core/src/main/resources/org/springframework/security/config/spring-security-2.0.xsd
--- a/core/src/test/java/org/springframework/security/config/HttpSecurityBeanDefinitionParserTests.java
+++ b/core/src/test/java/org/springframework/security/config/HttpSecurityBeanDefinitionParserTests.java
@ -35,6 +35,7 @@ import org.springframework.security.ui.WebAuthenticationDetails;
 import org.springframework.security.ui.basicauth.BasicProcessingFilter;
 import org.springframework.security.ui.logout.LogoutFilter;
 import org.springframework.security.ui.preauth.x509.X509PreAuthenticatedProcessingFilter;
+import org.springframework.security.ui.rememberme.AbstractRememberMeServices;
 import org.springframework.security.ui.rememberme.PersistentTokenBasedRememberMeServices;
 import org.springframework.security.ui.rememberme.RememberMeProcessingFilter;
 import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;
@ -247,6 +248,17 @@ public class HttpSecurityBeanDefinitionParserTests {
        assertTrue(rememberMeServices instanceof PersistentTokenBasedRememberMeServices);
    }

+    @Test
+    public void rememberMeServiceConfigurationParsesWithCustomUserService() {
+        setContext(
+                "<http auto-config='true'>" +
+                "    <remember-me key='doesntmatter' user-service-ref='userService'/>" +
+                "</http>" +
+                "<b:bean id='userService' " +
+                        "class='org.springframework.security.userdetails.MockUserDetailsService'/> " + AUTH_PROVIDER_XML);
+//        AbstractRememberMeServices rememberMeServices = (AbstractRememberMeServices) appContext.getBean(BeanIds.REMEMBER_ME_SERVICES);
+    }    
+    
    @Test
    public void x509SupportAddsFilterAtExpectedPosition() throws Exception {
        setContext(