diff --git a/config/src/main/java/org/springframework/security/config/BeanIds.java b/config/src/main/java/org/springframework/security/config/BeanIds.java index 3571b3e449..2ced2b2af1 100644 --- a/config/src/main/java/org/springframework/security/config/BeanIds.java +++ b/config/src/main/java/org/springframework/security/config/BeanIds.java @@ -6,14 +6,14 @@ package org.springframework.security.config; * These are intended for internal use. * * @author Ben Alex - * @version $Id$ + * @version $Id: BeanIds.java 3770 2009-07-15 23:09:47Z ltaylor $ */ public abstract class BeanIds { /** External alias for FilterChainProxy bean, for use in web.xml files */ public static final String SPRING_SECURITY_FILTER_CHAIN = "springSecurityFilterChain"; - static final String CONTEXT_SOURCE_SETTING_POST_PROCESSOR = "_contextSettingPostProcessor"; + public static final String CONTEXT_SOURCE_SETTING_POST_PROCESSOR = "_contextSettingPostProcessor"; public static final String USER_DETAILS_SERVICE = "_userDetailsService"; diff --git a/config/src/main/java/org/springframework/security/config/ConfigUtils.java b/config/src/main/java/org/springframework/security/config/ConfigUtils.java deleted file mode 100644 index c4c45a5072..0000000000 --- a/config/src/main/java/org/springframework/security/config/ConfigUtils.java +++ /dev/null @@ -1,129 +0,0 @@ -package org.springframework.security.config; - -import java.util.ArrayList; - -import org.springframework.beans.factory.config.BeanDefinition; -import org.springframework.beans.factory.parsing.BeanComponentDefinition; -import org.springframework.beans.factory.support.BeanDefinitionBuilder; -import org.springframework.beans.factory.support.ManagedList; -import org.springframework.beans.factory.support.RootBeanDefinition; -import org.springframework.beans.factory.xml.ParserContext; -import org.springframework.security.access.AccessDecisionVoter; -import org.springframework.security.access.intercept.AfterInvocationProviderManager; -import org.springframework.security.access.vote.AffirmativeBased; -import org.springframework.security.access.vote.AuthenticatedVoter; -import org.springframework.security.access.vote.RoleVoter; -import org.springframework.security.web.util.UrlUtils; -import org.springframework.util.StringUtils; -import org.w3c.dom.Element; - -/** - * Utility methods used internally by the Spring Security namespace configuration code. - * - * @author Luke Taylor - * @author Ben Alex - * @version $Id$ - */ -abstract class ConfigUtils { - @SuppressWarnings("unchecked") - static void registerDefaultMethodAccessManagerIfNecessary(ParserContext parserContext) { - if (!parserContext.getRegistry().containsBeanDefinition(BeanIds.METHOD_ACCESS_MANAGER)) { - parserContext.getRegistry().registerBeanDefinition(BeanIds.METHOD_ACCESS_MANAGER, - createAccessManagerBean(RoleVoter.class, AuthenticatedVoter.class)); - } - } - - @SuppressWarnings("unchecked") - static RootBeanDefinition createAccessManagerBean(Class... voters) { - ManagedList defaultVoters = new ManagedList(voters.length); - - for(Class voter : voters) { - defaultVoters.add(new RootBeanDefinition(voter)); - } - - BeanDefinitionBuilder accessMgrBuilder = BeanDefinitionBuilder.rootBeanDefinition(AffirmativeBased.class); - accessMgrBuilder.addPropertyValue("decisionVoters", defaultVoters); - return (RootBeanDefinition) accessMgrBuilder.getBeanDefinition(); - } - - public static int countNonEmpty(String[] objects) { - int nonNulls = 0; - - for (int i = 0; i < objects.length; i++) { - if (StringUtils.hasText(objects[i])) { - nonNulls++; - } - } - - return nonNulls; - } - - /** - * Creates and registers the bean definition for the default ProviderManager instance and returns - * the BeanDefinition for it. This method will typically be called when registering authentication providers - * using the <security:provider /> tag or by other beans which have a dependency on the - * authentication manager. - * @param element the source element under which this bean should be registered. - */ - static void registerProviderManagerIfNecessary(ParserContext pc, Element element) { - if(pc.getRegistry().containsBeanDefinition(BeanIds.AUTHENTICATION_MANAGER)) { - return; - } - - RootBeanDefinition authManager = new RootBeanDefinition(NamespaceAuthenticationManager.class); - authManager.getPropertyValues().addPropertyValue("providerBeanNames", new ArrayList()); - authManager.setSource(pc.extractSource(element.getOwnerDocument().getFirstChild())); - pc.getRegistry().registerBeanDefinition(BeanIds.AUTHENTICATION_MANAGER, authManager); - pc.registerBeanComponent(new BeanComponentDefinition(authManager, BeanIds.AUTHENTICATION_MANAGER)); - } - - @SuppressWarnings("unchecked") - static void addAuthenticationProvider(ParserContext parserContext, String beanName, Element element) { - registerProviderManagerIfNecessary(parserContext, element); - BeanDefinition authManager = parserContext.getRegistry().getBeanDefinition(BeanIds.AUTHENTICATION_MANAGER); - ((ArrayList) authManager.getPropertyValues().getPropertyValue("providerBeanNames").getValue()).add(beanName); - } - - @SuppressWarnings("unchecked") - static ManagedList getRegisteredAfterInvocationProviders(ParserContext parserContext) { - BeanDefinition manager = registerAfterInvocationProviderManagerIfNecessary(parserContext); - return (ManagedList) manager.getPropertyValues().getPropertyValue("providers").getValue(); - } - - @SuppressWarnings("unchecked") - private static BeanDefinition registerAfterInvocationProviderManagerIfNecessary(ParserContext parserContext) { - if(parserContext.getRegistry().containsBeanDefinition(BeanIds.AFTER_INVOCATION_MANAGER)) { - return parserContext.getRegistry().getBeanDefinition(BeanIds.AFTER_INVOCATION_MANAGER); - } - - BeanDefinition manager = new RootBeanDefinition(AfterInvocationProviderManager.class); - manager.getPropertyValues().addPropertyValue("providers", new ManagedList()); - parserContext.getRegistry().registerBeanDefinition(BeanIds.AFTER_INVOCATION_MANAGER, manager); - - return manager; - } - - /** - * Checks the value of an XML attribute which represents a redirect URL. - * If not empty or starting with "$" (potential placeholder), "/" or "http" it will raise an error. - */ - static void validateHttpRedirect(String url, ParserContext pc, Object source) { - if (!StringUtils.hasText(url) || UrlUtils.isValidRedirectUrl(url) || url.startsWith("$")) { - return; - } - pc.getReaderContext().warning(url + " is not a valid redirect URL (must start with '/' or http(s))", source); - } - -// static void setSessionControllerOnAuthenticationManager(ParserContext pc, String beanName, Element sourceElt) { -// BeanDefinition authManager = pc.getRegistry().getBeanDefinition(BeanIds.AUTHENTICATION_MANAGER); -// PropertyValue pv = authManager.getPropertyValues().getPropertyValue("sessionController"); -// -// if (pv != null && pv.getValue() != null) { -// pc.getReaderContext().error("A session controller has already been set on the authentication manager. " + -// "The element isn't compatible with a custom session controller", -// pc.extractSource(sourceElt)); -// } -// -// authManager.getPropertyValues().addPropertyValue("sessionController", new RuntimeBeanReference(beanName)); -// } -} diff --git a/config/src/main/java/org/springframework/security/config/Elements.java b/config/src/main/java/org/springframework/security/config/Elements.java index 58102b71ec..1c60cef57b 100644 --- a/config/src/main/java/org/springframework/security/config/Elements.java +++ b/config/src/main/java/org/springframework/security/config/Elements.java @@ -4,7 +4,7 @@ package org.springframework.security.config; * Contains all the element names used by Spring Security 2 namespace support. * * @author Ben Alex - * @version $Id$ + * @version $Id: Elements.java 3697 2009-06-08 12:59:13Z ltaylor $ */ public abstract class Elements { diff --git a/config/src/main/java/org/springframework/security/config/SecurityConfigurationException.java b/config/src/main/java/org/springframework/security/config/SecurityConfigurationException.java deleted file mode 100644 index bc4e03b579..0000000000 --- a/config/src/main/java/org/springframework/security/config/SecurityConfigurationException.java +++ /dev/null @@ -1,18 +0,0 @@ -package org.springframework.security.config; - -import org.springframework.core.NestedRuntimeException; - -/** - * @author Luke Taylor - * @author Ben Alex - * @version $Id$ - */ -public class SecurityConfigurationException extends NestedRuntimeException { - public SecurityConfigurationException(String s) { - super(s); - } - - public SecurityConfigurationException(String s, Throwable throwable) { - super(s, throwable); - } -} diff --git a/config/src/main/java/org/springframework/security/config/SecurityNamespaceHandler.java b/config/src/main/java/org/springframework/security/config/SecurityNamespaceHandler.java index ea8c7d1765..a139009821 100644 --- a/config/src/main/java/org/springframework/security/config/SecurityNamespaceHandler.java +++ b/config/src/main/java/org/springframework/security/config/SecurityNamespaceHandler.java @@ -1,6 +1,21 @@ package org.springframework.security.config; import org.springframework.beans.factory.xml.NamespaceHandlerSupport; +import org.springframework.security.config.authentication.AuthenticationManagerBeanDefinitionParser; +import org.springframework.security.config.authentication.AuthenticationProviderBeanDefinitionParser; +import org.springframework.security.config.authentication.CustomAuthenticationProviderBeanDefinitionDecorator; +import org.springframework.security.config.authentication.JdbcUserServiceBeanDefinitionParser; +import org.springframework.security.config.authentication.UserServiceBeanDefinitionParser; +import org.springframework.security.config.http.CustomFilterBeanDefinitionDecorator; +import org.springframework.security.config.http.FilterChainMapBeanDefinitionDecorator; +import org.springframework.security.config.http.FilterInvocationSecurityMetadataSourceBeanDefinitionParser; +import org.springframework.security.config.http.HttpSecurityBeanDefinitionParser; +import org.springframework.security.config.ldap.LdapProviderBeanDefinitionParser; +import org.springframework.security.config.ldap.LdapServerBeanDefinitionParser; +import org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser; +import org.springframework.security.config.method.CustomAfterInvocationProviderBeanDefinitionDecorator; +import org.springframework.security.config.method.GlobalMethodSecurityBeanDefinitionParser; +import org.springframework.security.config.method.InterceptMethodsBeanDefinitionDecorator; /** * Registers the bean definition parsers for the "security" namespace (http://www.springframework.org/schema/security). diff --git a/config/src/main/java/org/springframework/security/config/SessionRegistryInjectionBeanPostProcessor.java b/config/src/main/java/org/springframework/security/config/SessionRegistryInjectionBeanPostProcessor.java deleted file mode 100644 index d4bec494e2..0000000000 --- a/config/src/main/java/org/springframework/security/config/SessionRegistryInjectionBeanPostProcessor.java +++ /dev/null @@ -1,94 +0,0 @@ -package org.springframework.security.config; - -import java.util.ArrayList; -import java.util.List; - -import org.springframework.beans.BeansException; -import org.springframework.beans.factory.BeanFactory; -import org.springframework.beans.factory.BeanFactoryAware; -import org.springframework.beans.factory.ListableBeanFactory; -import org.springframework.beans.factory.config.BeanPostProcessor; -import org.springframework.security.authentication.concurrent.ConcurrentSessionController; -import org.springframework.security.authentication.concurrent.ConcurrentSessionControllerImpl; -import org.springframework.security.authentication.concurrent.SessionRegistry; -import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter; -import org.springframework.security.web.session.SessionFixationProtectionFilter; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -/** - * Registered by the AuthenticationManagerBeanDefinitionParser if an external - * ConcurrentSessionController is set (and hence an external SessionRegistry). - * Its responsibility is to set the SessionRegistry on namespace-registered beans which require access - * to it. - *

- * It will attempt to read the registry directly from the registered controller. If that fails, it will look in - * the application context for a registered SessionRegistry bean. - * - * See SEC-879. - * - * @author Luke Taylor - * @since 2.0.3 - */ -class SessionRegistryInjectionBeanPostProcessor implements BeanPostProcessor, BeanFactoryAware { - private final Log logger = LogFactory.getLog(getClass()); - private ListableBeanFactory beanFactory; - private SessionRegistry sessionRegistry; - private final String controllerBeanName; - - SessionRegistryInjectionBeanPostProcessor(String controllerBeanName) { - this.controllerBeanName = controllerBeanName; - } - - public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException { - if (BeanIds.FORM_LOGIN_FILTER.equals(beanName) || - BeanIds.OPEN_ID_FILTER.equals(beanName)) { - ((AbstractAuthenticationProcessingFilter) bean).setSessionRegistry(getSessionRegistry()); - } else if (BeanIds.SESSION_FIXATION_PROTECTION_FILTER.equals(beanName)) { - ((SessionFixationProtectionFilter)bean).setSessionRegistry(getSessionRegistry()); - } - - return bean; - } - - public Object postProcessAfterInitialization(Object bean, String beanName) throws BeansException { - return bean; - } - - private SessionRegistry getSessionRegistry() { - if (sessionRegistry != null) { - return sessionRegistry; - } - - logger.info("Attempting to read SessionRegistry from registered ConcurrentSessionController bean"); - - ConcurrentSessionController controller = (ConcurrentSessionController) beanFactory.getBean(controllerBeanName); - - if (controller instanceof ConcurrentSessionControllerImpl) { - sessionRegistry = ((ConcurrentSessionControllerImpl)controller).getSessionRegistry(); - - return sessionRegistry; - } - - logger.info("ConcurrentSessionController is not a standard implementation. SessionRegistry could not be read from it. Looking for it in the context."); - - List sessionRegs = new ArrayList(beanFactory.getBeansOfType(SessionRegistry.class).values()); - - if (sessionRegs.size() == 0) { - throw new SecurityConfigurationException("concurrent-session-controller-ref was set but no SessionRegistry could be obtained from the application context."); - } - - if (sessionRegs.size() > 1) { - logger.warn("More than one SessionRegistry instance in application context. Possible configuration errors may result."); - } - - sessionRegistry = sessionRegs.get(0); - - return sessionRegistry; - } - - public void setBeanFactory(BeanFactory beanFactory) throws BeansException { - this.beanFactory = (ListableBeanFactory) beanFactory; - } -} diff --git a/config/src/main/java/org/springframework/security/config/AbstractUserDetailsServiceBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/authentication/AbstractUserDetailsServiceBeanDefinitionParser.java similarity index 95% rename from config/src/main/java/org/springframework/security/config/AbstractUserDetailsServiceBeanDefinitionParser.java rename to config/src/main/java/org/springframework/security/config/authentication/AbstractUserDetailsServiceBeanDefinitionParser.java index 0565801646..e46c257e74 100644 --- a/config/src/main/java/org/springframework/security/config/AbstractUserDetailsServiceBeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/authentication/AbstractUserDetailsServiceBeanDefinitionParser.java @@ -1,4 +1,4 @@ -package org.springframework.security.config; +package org.springframework.security.config.authentication; import org.springframework.beans.factory.xml.BeanDefinitionParser; import org.springframework.beans.factory.xml.ParserContext; @@ -9,6 +9,8 @@ import org.springframework.beans.factory.support.AbstractBeanDefinition; import org.springframework.beans.factory.support.BeanDefinitionBuilder; import org.springframework.beans.factory.support.RootBeanDefinition; import org.springframework.beans.factory.BeanDefinitionStoreException; +import org.springframework.security.config.BeanIds; +import org.springframework.security.config.Elements; import org.springframework.util.StringUtils; import org.w3c.dom.Element; diff --git a/config/src/main/java/org/springframework/security/config/AuthenticationManagerBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParser.java similarity index 64% rename from config/src/main/java/org/springframework/security/config/AuthenticationManagerBeanDefinitionParser.java rename to config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParser.java index 092a0a0a55..296b9a7253 100644 --- a/config/src/main/java/org/springframework/security/config/AuthenticationManagerBeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParser.java @@ -1,10 +1,9 @@ -package org.springframework.security.config; +package org.springframework.security.config.authentication; import org.springframework.beans.factory.config.BeanDefinition; -import org.springframework.beans.factory.config.RuntimeBeanReference; -import org.springframework.beans.factory.support.RootBeanDefinition; import org.springframework.beans.factory.xml.BeanDefinitionParser; import org.springframework.beans.factory.xml.ParserContext; +import org.springframework.security.config.BeanIds; import org.springframework.util.StringUtils; import org.w3c.dom.Element; @@ -32,14 +31,9 @@ public class AuthenticationManagerBeanDefinitionParser implements BeanDefinition String sessionControllerRef = element.getAttribute(ATT_SESSION_CONTROLLER_REF); if (StringUtils.hasText(sessionControllerRef)) { - BeanDefinition authManager = parserContext.getRegistry().getBeanDefinition(BeanIds.AUTHENTICATION_MANAGER); - authManager.getPropertyValues().addPropertyValue("sessionController", - new RuntimeBeanReference(sessionControllerRef)); - RootBeanDefinition sessionRegistryInjector = new RootBeanDefinition(SessionRegistryInjectionBeanPostProcessor.class); - sessionRegistryInjector.setRole(BeanDefinition.ROLE_INFRASTRUCTURE); - sessionRegistryInjector.getConstructorArgumentValues().addGenericArgumentValue(sessionControllerRef); - - parserContext.getReaderContext().registerWithGeneratedName(sessionRegistryInjector); + parserContext.getReaderContext().warning(ATT_SESSION_CONTROLLER_REF + " is not supported in Spring Security " + + " 3.0 and will be ignored. Use the attribute on the element instead.", + parserContext.extractSource(element)); } parserContext.getRegistry().registerAlias(BeanIds.AUTHENTICATION_MANAGER, alias); diff --git a/config/src/main/java/org/springframework/security/config/AuthenticationProviderBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParser.java similarity index 95% rename from config/src/main/java/org/springframework/security/config/AuthenticationProviderBeanDefinitionParser.java rename to config/src/main/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParser.java index a119fe3f2c..0eba7e5fd8 100644 --- a/config/src/main/java/org/springframework/security/config/AuthenticationProviderBeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParser.java @@ -1,4 +1,4 @@ -package org.springframework.security.config; +package org.springframework.security.config.authentication; import org.springframework.beans.BeansException; import org.springframework.beans.PropertyValue; @@ -13,6 +13,8 @@ import org.springframework.beans.factory.xml.BeanDefinitionParser; import org.springframework.beans.factory.xml.ParserContext; import org.springframework.core.Ordered; import org.springframework.security.authentication.dao.DaoAuthenticationProvider; +import org.springframework.security.config.Elements; +import org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser; import org.springframework.util.StringUtils; import org.springframework.util.xml.DomUtils; import org.w3c.dom.Element; @@ -24,7 +26,7 @@ import org.w3c.dom.Element; * @author Luke Taylor * @version $Id$ */ -class AuthenticationProviderBeanDefinitionParser implements BeanDefinitionParser { +public class AuthenticationProviderBeanDefinitionParser implements BeanDefinitionParser { private static String ATT_USER_DETAILS_REF = "user-service-ref"; public BeanDefinition parse(Element element, ParserContext parserContext) { diff --git a/config/src/main/java/org/springframework/security/config/CachingUserDetailsService.java b/config/src/main/java/org/springframework/security/config/authentication/CachingUserDetailsService.java similarity index 89% rename from config/src/main/java/org/springframework/security/config/CachingUserDetailsService.java rename to config/src/main/java/org/springframework/security/config/authentication/CachingUserDetailsService.java index 34e872f798..e72d677875 100644 --- a/config/src/main/java/org/springframework/security/config/CachingUserDetailsService.java +++ b/config/src/main/java/org/springframework/security/config/authentication/CachingUserDetailsService.java @@ -1,4 +1,4 @@ -package org.springframework.security.config; +package org.springframework.security.config.authentication; import org.springframework.security.core.userdetails.UserCache; import org.springframework.security.core.userdetails.UserDetails; @@ -11,7 +11,7 @@ import org.springframework.util.Assert; * @author Luke Taylor * @since 2.0 */ -class CachingUserDetailsService implements UserDetailsService { +public class CachingUserDetailsService implements UserDetailsService { private UserCache userCache = new NullUserCache(); private UserDetailsService delegate; @@ -29,16 +29,16 @@ class CachingUserDetailsService implements UserDetailsService { public UserDetails loadUserByUsername(String username) { UserDetails user = userCache.getUserFromCache(username); - + if (user == null) { user = delegate.loadUserByUsername(username); } - + Assert.notNull(user, "UserDetailsService " + delegate + " returned null for username " + username + ". " + "This is an interface contract violation"); - + userCache.putUserInCache(user); - + return user; } } diff --git a/config/src/main/java/org/springframework/security/config/authentication/ConfigUtils.java b/config/src/main/java/org/springframework/security/config/authentication/ConfigUtils.java new file mode 100644 index 0000000000..a504498ce9 --- /dev/null +++ b/config/src/main/java/org/springframework/security/config/authentication/ConfigUtils.java @@ -0,0 +1,46 @@ +package org.springframework.security.config.authentication; + +import java.util.ArrayList; + +import org.springframework.beans.factory.config.BeanDefinition; +import org.springframework.beans.factory.parsing.BeanComponentDefinition; +import org.springframework.beans.factory.support.RootBeanDefinition; +import org.springframework.beans.factory.xml.ParserContext; +import org.springframework.security.config.BeanIds; +import org.w3c.dom.Element; + +/** + * Utility methods used internally by the Spring Security namespace configuration code. + * + * @author Luke Taylor + * @author Ben Alex + * @version $Id: WebConfigUtils.java 3770 2009-07-15 23:09:47Z ltaylor $ + */ +public abstract class ConfigUtils { + + /** + * Creates and registers the bean definition for the default ProviderManager instance and returns + * the BeanDefinition for it. This method will typically be called when registering authentication providers + * using the <security:provider /> tag or by other beans which have a dependency on the + * authentication manager. + * @param element the source element under which this bean should be registered. + */ + public static void registerProviderManagerIfNecessary(ParserContext pc, Element element) { + if(pc.getRegistry().containsBeanDefinition(BeanIds.AUTHENTICATION_MANAGER)) { + return; + } + + RootBeanDefinition authManager = new RootBeanDefinition(NamespaceAuthenticationManager.class); + authManager.getPropertyValues().addPropertyValue("providerBeanNames", new ArrayList()); + authManager.setSource(pc.extractSource(element.getOwnerDocument().getFirstChild())); + pc.getRegistry().registerBeanDefinition(BeanIds.AUTHENTICATION_MANAGER, authManager); + pc.registerBeanComponent(new BeanComponentDefinition(authManager, BeanIds.AUTHENTICATION_MANAGER)); + } + + @SuppressWarnings("unchecked") + public static void addAuthenticationProvider(ParserContext parserContext, String beanName, Element element) { + registerProviderManagerIfNecessary(parserContext, element); + BeanDefinition authManager = parserContext.getRegistry().getBeanDefinition(BeanIds.AUTHENTICATION_MANAGER); + ((ArrayList) authManager.getPropertyValues().getPropertyValue("providerBeanNames").getValue()).add(beanName); + } +} diff --git a/config/src/main/java/org/springframework/security/config/CustomAuthenticationProviderBeanDefinitionDecorator.java b/config/src/main/java/org/springframework/security/config/authentication/CustomAuthenticationProviderBeanDefinitionDecorator.java similarity index 92% rename from config/src/main/java/org/springframework/security/config/CustomAuthenticationProviderBeanDefinitionDecorator.java rename to config/src/main/java/org/springframework/security/config/authentication/CustomAuthenticationProviderBeanDefinitionDecorator.java index dc0918b988..99ba390f44 100644 --- a/config/src/main/java/org/springframework/security/config/CustomAuthenticationProviderBeanDefinitionDecorator.java +++ b/config/src/main/java/org/springframework/security/config/authentication/CustomAuthenticationProviderBeanDefinitionDecorator.java @@ -1,4 +1,4 @@ -package org.springframework.security.config; +package org.springframework.security.config.authentication; import org.springframework.beans.factory.config.BeanDefinitionHolder; import org.springframework.beans.factory.xml.BeanDefinitionDecorator; diff --git a/config/src/main/java/org/springframework/security/config/JdbcUserServiceBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParser.java similarity index 95% rename from config/src/main/java/org/springframework/security/config/JdbcUserServiceBeanDefinitionParser.java rename to config/src/main/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParser.java index 427425833a..8809d580d1 100644 --- a/config/src/main/java/org/springframework/security/config/JdbcUserServiceBeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParser.java @@ -1,5 +1,6 @@ -package org.springframework.security.config; +package org.springframework.security.config.authentication; +import org.springframework.security.config.Elements; import org.springframework.util.StringUtils; import org.springframework.beans.factory.support.BeanDefinitionBuilder; import org.springframework.beans.factory.xml.ParserContext; diff --git a/config/src/main/java/org/springframework/security/config/NamespaceAuthenticationManager.java b/config/src/main/java/org/springframework/security/config/authentication/NamespaceAuthenticationManager.java similarity index 97% rename from config/src/main/java/org/springframework/security/config/NamespaceAuthenticationManager.java rename to config/src/main/java/org/springframework/security/config/authentication/NamespaceAuthenticationManager.java index 39df2f419b..4428262bbc 100644 --- a/config/src/main/java/org/springframework/security/config/NamespaceAuthenticationManager.java +++ b/config/src/main/java/org/springframework/security/config/authentication/NamespaceAuthenticationManager.java @@ -1,4 +1,4 @@ -package org.springframework.security.config; +package org.springframework.security.config.authentication; import java.util.ArrayList; import java.util.Iterator; diff --git a/config/src/main/java/org/springframework/security/config/PasswordEncoderParser.java b/config/src/main/java/org/springframework/security/config/authentication/PasswordEncoderParser.java similarity index 93% rename from config/src/main/java/org/springframework/security/config/PasswordEncoderParser.java rename to config/src/main/java/org/springframework/security/config/authentication/PasswordEncoderParser.java index d07068791f..17063f6543 100644 --- a/config/src/main/java/org/springframework/security/config/PasswordEncoderParser.java +++ b/config/src/main/java/org/springframework/security/config/authentication/PasswordEncoderParser.java @@ -1,4 +1,4 @@ -package org.springframework.security.config; +package org.springframework.security.config.authentication; import java.util.HashMap; import java.util.Map; @@ -18,6 +18,7 @@ import org.springframework.security.authentication.encoding.Md5PasswordEncoder; import org.springframework.security.authentication.encoding.PasswordEncoder; import org.springframework.security.authentication.encoding.PlaintextPasswordEncoder; import org.springframework.security.authentication.encoding.ShaPasswordEncoder; +import org.springframework.security.config.Elements; import org.springframework.util.StringUtils; import org.springframework.util.xml.DomUtils; import org.w3c.dom.Element; @@ -30,9 +31,9 @@ import org.w3c.dom.Element; * @author Luke Taylor * @version $Id$ */ -class PasswordEncoderParser { +public class PasswordEncoderParser { static final String ATT_REF = "ref"; - static final String ATT_HASH = "hash"; + public static final String ATT_HASH = "hash"; static final String ATT_BASE_64 = "base64"; static final String OPT_HASH_PLAINTEXT = "plaintext"; static final String OPT_HASH_SHA = "sha"; @@ -86,7 +87,7 @@ class PasswordEncoderParser { } } - static BeanDefinition createPasswordEncoderBeanDefinition(String hash, boolean useBase64) { + public static BeanDefinition createPasswordEncoderBeanDefinition(String hash, boolean useBase64) { Class beanClass = ENCODER_CLASSES.get(hash); BeanDefinitionBuilder beanBldr = BeanDefinitionBuilder.rootBeanDefinition(beanClass); diff --git a/config/src/main/java/org/springframework/security/config/SaltSourceBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/authentication/SaltSourceBeanDefinitionParser.java similarity index 95% rename from config/src/main/java/org/springframework/security/config/SaltSourceBeanDefinitionParser.java rename to config/src/main/java/org/springframework/security/config/authentication/SaltSourceBeanDefinitionParser.java index 24fa5bb84c..5c5d9694be 100644 --- a/config/src/main/java/org/springframework/security/config/SaltSourceBeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/authentication/SaltSourceBeanDefinitionParser.java @@ -1,4 +1,4 @@ -package org.springframework.security.config; +package org.springframework.security.config.authentication; import org.springframework.beans.BeanMetadataElement; import org.springframework.beans.factory.config.BeanDefinition; @@ -7,6 +7,7 @@ import org.springframework.beans.factory.support.RootBeanDefinition; import org.springframework.beans.factory.xml.ParserContext; import org.springframework.security.authentication.dao.ReflectionSaltSource; import org.springframework.security.authentication.dao.SystemWideSaltSource; +import org.springframework.security.config.Elements; import org.springframework.util.StringUtils; import org.w3c.dom.Element; diff --git a/config/src/main/java/org/springframework/security/config/UserServiceBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParser.java similarity index 98% rename from config/src/main/java/org/springframework/security/config/UserServiceBeanDefinitionParser.java rename to config/src/main/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParser.java index df822f0672..2bf33c6aa0 100644 --- a/config/src/main/java/org/springframework/security/config/UserServiceBeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParser.java @@ -1,4 +1,4 @@ -package org.springframework.security.config; +package org.springframework.security.config.authentication; import org.springframework.beans.factory.config.BeanDefinition; import org.springframework.beans.factory.config.PropertiesFactoryBean; diff --git a/config/src/main/java/org/springframework/security/config/ConcurrentSessionsBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/ConcurrentSessionsBeanDefinitionParser.java similarity index 96% rename from config/src/main/java/org/springframework/security/config/ConcurrentSessionsBeanDefinitionParser.java rename to config/src/main/java/org/springframework/security/config/http/ConcurrentSessionsBeanDefinitionParser.java index 8c2a32f9c0..73cdfe0923 100644 --- a/config/src/main/java/org/springframework/security/config/ConcurrentSessionsBeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/http/ConcurrentSessionsBeanDefinitionParser.java @@ -1,4 +1,4 @@ -package org.springframework.security.config; +package org.springframework.security.config.http; import org.springframework.beans.factory.config.BeanDefinition; import org.springframework.beans.factory.parsing.BeanComponentDefinition; @@ -61,7 +61,7 @@ public class ConcurrentSessionsBeanDefinitionParser implements BeanDefinitionPar String expiryUrl = element.getAttribute(ATT_EXPIRY_URL); if (StringUtils.hasText(expiryUrl)) { - ConfigUtils.validateHttpRedirect(expiryUrl, pc, source); + WebConfigUtils.validateHttpRedirect(expiryUrl, pc, source); filterBuilder.addPropertyValue("expiredUrl", expiryUrl); } diff --git a/config/src/main/java/org/springframework/security/config/CustomFilterBeanDefinitionDecorator.java b/config/src/main/java/org/springframework/security/config/http/CustomFilterBeanDefinitionDecorator.java similarity index 95% rename from config/src/main/java/org/springframework/security/config/CustomFilterBeanDefinitionDecorator.java rename to config/src/main/java/org/springframework/security/config/http/CustomFilterBeanDefinitionDecorator.java index 0a51f1debe..e8cea339e4 100644 --- a/config/src/main/java/org/springframework/security/config/CustomFilterBeanDefinitionDecorator.java +++ b/config/src/main/java/org/springframework/security/config/http/CustomFilterBeanDefinitionDecorator.java @@ -1,4 +1,4 @@ -package org.springframework.security.config; +package org.springframework.security.config.http; import org.springframework.beans.factory.config.BeanDefinitionHolder; import org.springframework.beans.factory.xml.BeanDefinitionDecorator; diff --git a/config/src/main/java/org/springframework/security/config/DefaultFilterChainValidator.java b/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java similarity index 99% rename from config/src/main/java/org/springframework/security/config/DefaultFilterChainValidator.java rename to config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java index 43abaaef50..776cc32b2c 100644 --- a/config/src/main/java/org/springframework/security/config/DefaultFilterChainValidator.java +++ b/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java @@ -1,4 +1,4 @@ -package org.springframework.security.config; +package org.springframework.security.config.http; import java.util.List; import java.util.Map; diff --git a/config/src/main/java/org/springframework/security/config/FilterChainMapBeanDefinitionDecorator.java b/config/src/main/java/org/springframework/security/config/http/FilterChainMapBeanDefinitionDecorator.java similarity index 94% rename from config/src/main/java/org/springframework/security/config/FilterChainMapBeanDefinitionDecorator.java rename to config/src/main/java/org/springframework/security/config/http/FilterChainMapBeanDefinitionDecorator.java index 44572c671a..f165a55e38 100644 --- a/config/src/main/java/org/springframework/security/config/FilterChainMapBeanDefinitionDecorator.java +++ b/config/src/main/java/org/springframework/security/config/http/FilterChainMapBeanDefinitionDecorator.java @@ -1,4 +1,4 @@ -package org.springframework.security.config; +package org.springframework.security.config.http; import org.springframework.beans.factory.config.BeanDefinition; import org.springframework.beans.factory.config.BeanDefinitionHolder; @@ -7,6 +7,7 @@ import org.springframework.beans.factory.support.ManagedList; import org.springframework.beans.factory.support.ManagedMap; import org.springframework.beans.factory.xml.BeanDefinitionDecorator; import org.springframework.beans.factory.xml.ParserContext; +import org.springframework.security.config.Elements; import org.springframework.security.web.util.RegexUrlPathMatcher; import org.springframework.util.StringUtils; import org.springframework.util.xml.DomUtils; @@ -21,7 +22,7 @@ import java.util.*; * @author Luke Taylor * @version $Id$ */ -class FilterChainMapBeanDefinitionDecorator implements BeanDefinitionDecorator { +public class FilterChainMapBeanDefinitionDecorator implements BeanDefinitionDecorator { @SuppressWarnings("unchecked") public BeanDefinitionHolder decorate(Node node, BeanDefinitionHolder holder, ParserContext parserContext) { diff --git a/config/src/main/java/org/springframework/security/config/FilterChainOrder.java b/config/src/main/java/org/springframework/security/config/http/FilterChainOrder.java similarity index 98% rename from config/src/main/java/org/springframework/security/config/FilterChainOrder.java rename to config/src/main/java/org/springframework/security/config/http/FilterChainOrder.java index ab47fbc5c2..5a682c82f3 100644 --- a/config/src/main/java/org/springframework/security/config/FilterChainOrder.java +++ b/config/src/main/java/org/springframework/security/config/http/FilterChainOrder.java @@ -1,4 +1,4 @@ -package org.springframework.security.config; +package org.springframework.security.config.http; import org.springframework.util.Assert; @@ -11,7 +11,7 @@ import java.util.LinkedHashMap; * @author Luke Taylor * @version $Id$ */ -public abstract class FilterChainOrder { +abstract class FilterChainOrder { /** * The first position at which a Spring Security filter will be found. Any filter with an order less than this will * be guaranteed to be placed before the Spring Security filters in the stack. diff --git a/config/src/main/java/org/springframework/security/config/FilterInvocationSecurityMetadataSourceBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/FilterInvocationSecurityMetadataSourceBeanDefinitionParser.java similarity index 98% rename from config/src/main/java/org/springframework/security/config/FilterInvocationSecurityMetadataSourceBeanDefinitionParser.java rename to config/src/main/java/org/springframework/security/config/http/FilterInvocationSecurityMetadataSourceBeanDefinitionParser.java index 39a6786934..6d14716ab3 100644 --- a/config/src/main/java/org/springframework/security/config/FilterInvocationSecurityMetadataSourceBeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/http/FilterInvocationSecurityMetadataSourceBeanDefinitionParser.java @@ -1,4 +1,4 @@ -package org.springframework.security.config; +package org.springframework.security.config.http; import java.util.LinkedHashMap; import java.util.List; diff --git a/config/src/main/java/org/springframework/security/config/FormLoginBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/FormLoginBeanDefinitionParser.java similarity index 94% rename from config/src/main/java/org/springframework/security/config/FormLoginBeanDefinitionParser.java rename to config/src/main/java/org/springframework/security/config/http/FormLoginBeanDefinitionParser.java index ede9f3b719..aeb93b5561 100644 --- a/config/src/main/java/org/springframework/security/config/FormLoginBeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/http/FormLoginBeanDefinitionParser.java @@ -1,9 +1,8 @@ -package org.springframework.security.config; +package org.springframework.security.config.http; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.springframework.beans.factory.config.BeanDefinition; -import org.springframework.beans.factory.config.RuntimeBeanReference; import org.springframework.beans.factory.support.BeanDefinitionBuilder; import org.springframework.beans.factory.support.RootBeanDefinition; import org.springframework.beans.factory.xml.ParserContext; @@ -62,11 +61,11 @@ public class FormLoginBeanDefinitionParser { if (elt != null) { source = pc.extractSource(elt); loginUrl = elt.getAttribute(ATT_LOGIN_URL); - ConfigUtils.validateHttpRedirect(loginUrl, pc, source); + WebConfigUtils.validateHttpRedirect(loginUrl, pc, source); defaultTargetUrl = elt.getAttribute(ATT_FORM_LOGIN_TARGET_URL); - ConfigUtils.validateHttpRedirect(defaultTargetUrl, pc, source); + WebConfigUtils.validateHttpRedirect(defaultTargetUrl, pc, source); authenticationFailureUrl = elt.getAttribute(ATT_FORM_LOGIN_AUTHENTICATION_FAILURE_URL); - ConfigUtils.validateHttpRedirect(authenticationFailureUrl, pc, source); + WebConfigUtils.validateHttpRedirect(authenticationFailureUrl, pc, source); alwaysUseDefault = elt.getAttribute(ATT_ALWAYS_USE_DEFAULT_TARGET_URL); loginPage = elt.getAttribute(ATT_LOGIN_PAGE); successHandlerRef = elt.getAttribute(ATT_SUCCESS_HANDLER_REF); @@ -75,7 +74,7 @@ public class FormLoginBeanDefinitionParser { if (!StringUtils.hasText(loginPage)) { loginPage = null; } - ConfigUtils.validateHttpRedirect(loginPage, pc, source); + WebConfigUtils.validateHttpRedirect(loginPage, pc, source); } filterBean = createFilterBean(loginUrl, defaultTargetUrl, alwaysUseDefault, loginPage, authenticationFailureUrl, diff --git a/config/src/main/java/org/springframework/security/config/HttpSecurityBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java similarity index 96% rename from config/src/main/java/org/springframework/security/config/HttpSecurityBeanDefinitionParser.java rename to config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java index 0f8c5729ea..198ebefcea 100644 --- a/config/src/main/java/org/springframework/security/config/HttpSecurityBeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java @@ -1,6 +1,6 @@ -package org.springframework.security.config; +package org.springframework.security.config.http; -import static org.springframework.security.config.FilterChainOrder.*; +import static org.springframework.security.config.http.FilterChainOrder.*; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; @@ -30,12 +30,15 @@ import org.springframework.core.OrderComparator; import org.springframework.core.Ordered; import org.springframework.security.access.ConfigAttribute; import org.springframework.security.access.SecurityConfig; +import org.springframework.security.access.vote.AffirmativeBased; import org.springframework.security.access.vote.AuthenticatedVoter; import org.springframework.security.access.vote.RoleVoter; import org.springframework.security.authentication.AnonymousAuthenticationProvider; import org.springframework.security.authentication.ProviderManager; import org.springframework.security.authentication.RememberMeAuthenticationProvider; import org.springframework.security.authentication.concurrent.ConcurrentSessionControllerImpl; +import org.springframework.security.config.BeanIds; +import org.springframework.security.config.Elements; import org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper; import org.springframework.security.web.FilterChainProxy; import org.springframework.security.web.access.AccessDeniedHandlerImpl; @@ -129,6 +132,8 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser { private static final String ATT_DISABLE_URL_REWRITING = "disable-url-rewriting"; + private static final String ATT_SESSION_CONTROLLER_REF = "session-controller-ref"; + static final String OPEN_ID_AUTHENTICATION_PROCESSING_FILTER_CLASS = "org.springframework.security.openid.OpenIDAuthenticationProcessingFilter"; static final String OPEN_ID_AUTHENTICATION_PROVIDER_CLASS = "org.springframework.security.openid.OpenIDAuthenticationProvider"; static final String AUTHENTICATION_PROCESSING_FILTER_CLASS = "org.springframework.security.web.authentication.UsernamePasswordAuthenticationProcessingFilter"; @@ -156,7 +161,7 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser { * the map of filter chains defined, with the "universal" match pattern mapped to the list of beans which have been parsed here. */ public BeanDefinition parse(Element element, ParserContext pc) { -// ConfigUtils.registerProviderManagerIfNecessary(pc, element); +// WebConfigUtils.registerProviderManagerIfNecessary(pc, element); CompositeComponentDefinition compositeDef = new CompositeComponentDefinition(element.getTagName(), pc.extractSource(element)); pc.pushContainingComponent(compositeDef); @@ -212,7 +217,7 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser { } if (sfpf != null) { - // Used by SessionRegistrynjectionPP + // Used by SessionRegistryinjectionPP pc.getRegistry().registerBeanDefinition(BeanIds.SESSION_FIXATION_PROTECTION_FILTER, sfpf); } @@ -438,7 +443,7 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser { RuntimeBeanReference bean = new RuntimeBeanReference(ref); - if(ConfigUtils.countNonEmpty(new String[] {after, before, position}) != 1) { + if(WebConfigUtils.countNonEmpty(new String[] {after, before, position}) != 1) { pc.getReaderContext().error("A single '" + ATT_AFTER + "', '" + ATT_BEFORE + "', or '" + ATT_POSITION + "' attribute must be supplied", pc.extractSource(elt)); } @@ -708,8 +713,21 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser { } private BeanReference createConcurrentSessionController(Element elt, BeanDefinition filter, BeanReference sessionRegistry, ParserContext pc) { - BeanDefinitionBuilder controllerBuilder = BeanDefinitionBuilder.rootBeanDefinition(ConcurrentSessionControllerImpl.class); Element sessionCtrlElement = DomUtils.getChildElementByTagName(elt, Elements.CONCURRENT_SESSIONS); + + // Check for a custom controller + String sessionControllerRef = sessionCtrlElement.getAttribute(ATT_SESSION_CONTROLLER_REF); + + if (StringUtils.hasText(sessionControllerRef)) { + if (!StringUtils.hasText(sessionCtrlElement.getAttribute(ConcurrentSessionsBeanDefinitionParser.ATT_SESSION_REGISTRY_REF))) { + pc.getReaderContext().error("Use of " + ATT_SESSION_CONTROLLER_REF + " requires that " + + ConcurrentSessionsBeanDefinitionParser.ATT_SESSION_REGISTRY_REF + " is also set.", + pc.extractSource(sessionCtrlElement)); + } + return new RuntimeBeanReference(sessionControllerRef); + } + + BeanDefinitionBuilder controllerBuilder = BeanDefinitionBuilder.rootBeanDefinition(ConcurrentSessionControllerImpl.class); controllerBuilder.getRawBeanDefinition().setSource(filter.getSource()); controllerBuilder.setRole(BeanDefinition.ROLE_INFRASTRUCTURE); controllerBuilder.addPropertyValue("sessionRegistry", sessionRegistry); @@ -745,7 +763,7 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser { private BeanMetadataElement createAccessDeniedHandler(Element element, ParserContext pc) { String accessDeniedPage = element.getAttribute(ATT_ACCESS_DENIED_PAGE); - ConfigUtils.validateHttpRedirect(accessDeniedPage, pc, pc.extractSource(element)); + WebConfigUtils.validateHttpRedirect(accessDeniedPage, pc, pc.extractSource(element)); Element accessDeniedElt = DomUtils.getChildElementByTagName(element, Elements.ACCESS_DENIED_HANDLER); BeanDefinitionBuilder accessDeniedHandler = BeanDefinitionBuilder.rootBeanDefinition(AccessDeniedHandlerImpl.class); @@ -779,7 +797,6 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser { return accessDeniedHandler.getBeanDefinition(); } - @SuppressWarnings("unchecked") private BeanDefinition createFilterSecurityInterceptor(Element element, ParserContext pc, UrlMatcher matcher, boolean convertPathsToLowerCase, BeanReference authManager) { BeanDefinitionBuilder fidsBuilder; @@ -792,6 +809,7 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser { RootBeanDefinition accessDecisionMgr; + ManagedList voters = new ManagedList(2); if (useExpressions) { Element expressionHandlerElt = DomUtils.getChildElementByTagName(element, Elements.EXPRESSION_HANDLER); @@ -809,13 +827,16 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser { fidsBuilder.addConstructorArgValue(matcher); fidsBuilder.addConstructorArgValue(requestToAttributesMap); fidsBuilder.addConstructorArgReference(expressionHandlerRef); - accessDecisionMgr = ConfigUtils.createAccessManagerBean(WebExpressionVoter.class); + voters.add(new RootBeanDefinition(WebExpressionVoter.class)); } else { fidsBuilder = BeanDefinitionBuilder.rootBeanDefinition(DefaultFilterInvocationSecurityMetadataSource.class); fidsBuilder.addConstructorArgValue(matcher); fidsBuilder.addConstructorArgValue(requestToAttributesMap); - accessDecisionMgr = ConfigUtils.createAccessManagerBean(RoleVoter.class, AuthenticatedVoter.class); + voters.add(new RootBeanDefinition(RoleVoter.class)); + voters.add(new RootBeanDefinition(AuthenticatedVoter.class)); } + accessDecisionMgr = new RootBeanDefinition(AffirmativeBased.class); + accessDecisionMgr.getPropertyValues().addPropertyValue("decisionVoters", voters); accessDecisionMgr.setSource(pc.extractSource(element)); fidsBuilder.addPropertyValue("stripQueryStringFromUrls", matcher instanceof AntUrlPathMatcher); diff --git a/config/src/main/java/org/springframework/security/config/LogoutBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/LogoutBeanDefinitionParser.java similarity index 91% rename from config/src/main/java/org/springframework/security/config/LogoutBeanDefinitionParser.java rename to config/src/main/java/org/springframework/security/config/http/LogoutBeanDefinitionParser.java index db90e80429..14b8a7f3fa 100644 --- a/config/src/main/java/org/springframework/security/config/LogoutBeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/http/LogoutBeanDefinitionParser.java @@ -1,4 +1,4 @@ -package org.springframework.security.config; +package org.springframework.security.config.http; import org.springframework.beans.factory.config.BeanDefinition; import org.springframework.beans.factory.config.RuntimeBeanReference; @@ -16,7 +16,7 @@ import org.w3c.dom.Element; * @author Ben Alex * @version $Id$ */ -public class LogoutBeanDefinitionParser implements BeanDefinitionParser { +class LogoutBeanDefinitionParser implements BeanDefinitionParser { static final String ATT_LOGOUT_SUCCESS_URL = "logout-success-url"; static final String DEF_LOGOUT_SUCCESS_URL = "/"; @@ -44,9 +44,9 @@ public class LogoutBeanDefinitionParser implements BeanDefinitionParser { Object source = parserContext.extractSource(element); builder.getRawBeanDefinition().setSource(source); logoutUrl = element.getAttribute(ATT_LOGOUT_URL); - ConfigUtils.validateHttpRedirect(logoutUrl, parserContext, source); + WebConfigUtils.validateHttpRedirect(logoutUrl, parserContext, source); logoutSuccessUrl = element.getAttribute(ATT_LOGOUT_SUCCESS_URL); - ConfigUtils.validateHttpRedirect(logoutSuccessUrl, parserContext, source); + WebConfigUtils.validateHttpRedirect(logoutSuccessUrl, parserContext, source); invalidateSession = element.getAttribute(ATT_INVALIDATE_SESSION); } diff --git a/config/src/main/java/org/springframework/security/config/PortMappingsBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/PortMappingsBeanDefinitionParser.java similarity index 92% rename from config/src/main/java/org/springframework/security/config/PortMappingsBeanDefinitionParser.java rename to config/src/main/java/org/springframework/security/config/http/PortMappingsBeanDefinitionParser.java index ebc4336222..c28b68a882 100644 --- a/config/src/main/java/org/springframework/security/config/PortMappingsBeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/http/PortMappingsBeanDefinitionParser.java @@ -1,5 +1,6 @@ -package org.springframework.security.config; +package org.springframework.security.config.http; +import org.springframework.security.config.Elements; import org.springframework.security.web.PortMapperImpl; import org.springframework.beans.factory.xml.BeanDefinitionParser; import org.springframework.beans.factory.xml.ParserContext; @@ -21,7 +22,7 @@ import java.util.HashMap; * @author Luke Taylor * @version $Id$ */ -public class PortMappingsBeanDefinitionParser implements BeanDefinitionParser { +class PortMappingsBeanDefinitionParser implements BeanDefinitionParser { public static final String ATT_HTTP_PORT = "http"; public static final String ATT_HTTPS_PORT = "https"; diff --git a/config/src/main/java/org/springframework/security/config/RememberMeBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/RememberMeBeanDefinitionParser.java similarity index 98% rename from config/src/main/java/org/springframework/security/config/RememberMeBeanDefinitionParser.java rename to config/src/main/java/org/springframework/security/config/http/RememberMeBeanDefinitionParser.java index 058c2a667a..df12da9c74 100644 --- a/config/src/main/java/org/springframework/security/config/RememberMeBeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/http/RememberMeBeanDefinitionParser.java @@ -1,4 +1,4 @@ -package org.springframework.security.config; +package org.springframework.security.config.http; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -22,7 +22,7 @@ import org.w3c.dom.Element; * @author Ben Alex * @version $Id$ */ -public class RememberMeBeanDefinitionParser implements BeanDefinitionParser { +class RememberMeBeanDefinitionParser implements BeanDefinitionParser { static final String ATT_KEY = "key"; static final String DEF_KEY = "SpringSecured"; diff --git a/config/src/main/java/org/springframework/security/config/UserDetailsServiceInjectionBeanPostProcessor.java b/config/src/main/java/org/springframework/security/config/http/UserDetailsServiceInjectionBeanPostProcessor.java similarity index 91% rename from config/src/main/java/org/springframework/security/config/UserDetailsServiceInjectionBeanPostProcessor.java rename to config/src/main/java/org/springframework/security/config/http/UserDetailsServiceInjectionBeanPostProcessor.java index 618e340a06..1132155886 100644 --- a/config/src/main/java/org/springframework/security/config/UserDetailsServiceInjectionBeanPostProcessor.java +++ b/config/src/main/java/org/springframework/security/config/http/UserDetailsServiceInjectionBeanPostProcessor.java @@ -1,4 +1,4 @@ -package org.springframework.security.config; +package org.springframework.security.config.http; import java.util.Map; @@ -12,6 +12,9 @@ import org.springframework.beans.factory.config.BeanPostProcessor; import org.springframework.beans.factory.config.ConfigurableListableBeanFactory; import org.springframework.beans.factory.config.RuntimeBeanReference; import org.springframework.beans.factory.support.RootBeanDefinition; +import org.springframework.context.ApplicationContextException; +import org.springframework.security.config.authentication.AbstractUserDetailsServiceBeanDefinitionParser; +import org.springframework.security.config.authentication.CachingUserDetailsService; import org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider; @@ -111,17 +114,17 @@ public class UserDetailsServiceInjectionBeanPostProcessor implements BeanPostPro * if available so should not be used for beans which need to separate the two. */ UserDetailsService getUserDetailsService() { - Map beans = beanFactory.getBeansOfType(CachingUserDetailsService.class); + Map beans = beanFactory.getBeansOfType(CachingUserDetailsService.class); if (beans.size() == 0) { beans = beanFactory.getBeansOfType(UserDetailsService.class); } if (beans.size() == 0) { - throw new SecurityConfigurationException("No UserDetailsService registered."); + throw new ApplicationContextException("No UserDetailsService registered."); } else if (beans.size() > 1) { - throw new SecurityConfigurationException("More than one UserDetailsService registered. Please " + + throw new ApplicationContextException("More than one UserDetailsService registered. Please " + "use a specific Id reference in or elements."); } diff --git a/config/src/main/java/org/springframework/security/config/http/WebConfigUtils.java b/config/src/main/java/org/springframework/security/config/http/WebConfigUtils.java new file mode 100644 index 0000000000..6f02008848 --- /dev/null +++ b/config/src/main/java/org/springframework/security/config/http/WebConfigUtils.java @@ -0,0 +1,39 @@ +package org.springframework.security.config.http; + +import org.springframework.beans.factory.xml.ParserContext; +import org.springframework.security.web.util.UrlUtils; +import org.springframework.util.StringUtils; + +/** + * Utility methods used internally by the Spring Security http namespace configuration code. + * + * @author Luke Taylor + * @author Ben Alex + * @version $Id: WebConfigUtils.java 3770 2009-07-15 23:09:47Z ltaylor $ + */ +abstract class WebConfigUtils { + + public static int countNonEmpty(String[] objects) { + int nonNulls = 0; + + for (int i = 0; i < objects.length; i++) { + if (StringUtils.hasText(objects[i])) { + nonNulls++; + } + } + + return nonNulls; + } + + /** + * Checks the value of an XML attribute which represents a redirect URL. + * If not empty or starting with "$" (potential placeholder), "/" or "http" it will raise an error. + */ + static void validateHttpRedirect(String url, ParserContext pc, Object source) { + if (!StringUtils.hasText(url) || UrlUtils.isValidRedirectUrl(url) || url.startsWith("$")) { + return; + } + pc.getReaderContext().warning(url + " is not a valid redirect URL (must start with '/' or http(s))", source); + } + +} diff --git a/config/src/main/java/org/springframework/security/config/ContextSourceSettingPostProcessor.java b/config/src/main/java/org/springframework/security/config/ldap/ContextSourceSettingPostProcessor.java similarity index 81% rename from config/src/main/java/org/springframework/security/config/ContextSourceSettingPostProcessor.java rename to config/src/main/java/org/springframework/security/config/ldap/ContextSourceSettingPostProcessor.java index 8454c23c06..193b145106 100644 --- a/config/src/main/java/org/springframework/security/config/ContextSourceSettingPostProcessor.java +++ b/config/src/main/java/org/springframework/security/config/ldap/ContextSourceSettingPostProcessor.java @@ -1,9 +1,12 @@ -package org.springframework.security.config; +package org.springframework.security.config.ldap; import org.springframework.beans.BeansException; import org.springframework.beans.factory.config.BeanFactoryPostProcessor; import org.springframework.beans.factory.config.ConfigurableListableBeanFactory; +import org.springframework.context.ApplicationContextException; import org.springframework.core.Ordered; +import org.springframework.security.config.BeanIds; +import org.springframework.security.config.Elements; import org.springframework.util.ClassUtils; /** @@ -29,7 +32,7 @@ class ContextSourceSettingPostProcessor implements BeanFactoryPostProcessor, Ord try { contextSourceClass = ClassUtils.forName(REQUIRED_CONTEXT_SOURCE_CLASS_NAME, ClassUtils.getDefaultClassLoader()); } catch (ClassNotFoundException e) { - throw new SecurityConfigurationException("Couldn't locate: " + REQUIRED_CONTEXT_SOURCE_CLASS_NAME + ". " + + throw new ApplicationContextException("Couldn't locate: " + REQUIRED_CONTEXT_SOURCE_CLASS_NAME + ". " + " If you are using LDAP with Spring Security, please ensure that you include the spring-ldap " + "jar file in your application", e); } @@ -38,13 +41,13 @@ class ContextSourceSettingPostProcessor implements BeanFactoryPostProcessor, Ord if (sources.length == 0) { - throw new SecurityConfigurationException("No BaseLdapPathContextSource instances found. Have you " + + throw new ApplicationContextException("No BaseLdapPathContextSource instances found. Have you " + "added an <" + Elements.LDAP_SERVER + " /> element to your application context?"); } if (!bf.containsBean(BeanIds.CONTEXT_SOURCE) && defaultNameRequired) { if (sources.length > 1) { - throw new SecurityConfigurationException("More than one BaseLdapPathContextSource instance found. " + + throw new ApplicationContextException("More than one BaseLdapPathContextSource instance found. " + "Please specify a specific server id using the 'server-ref' attribute when configuring your <" + Elements.LDAP_PROVIDER + "> " + "or <" + Elements.LDAP_USER_SERVICE + ">."); } diff --git a/config/src/main/java/org/springframework/security/config/LdapProviderBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/ldap/LdapProviderBeanDefinitionParser.java similarity index 94% rename from config/src/main/java/org/springframework/security/config/LdapProviderBeanDefinitionParser.java rename to config/src/main/java/org/springframework/security/config/ldap/LdapProviderBeanDefinitionParser.java index 1c9d26bd32..48367785f5 100644 --- a/config/src/main/java/org/springframework/security/config/LdapProviderBeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/ldap/LdapProviderBeanDefinitionParser.java @@ -1,4 +1,4 @@ -package org.springframework.security.config; +package org.springframework.security.config.ldap; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -7,6 +7,10 @@ import org.springframework.beans.factory.config.RuntimeBeanReference; import org.springframework.beans.factory.support.BeanDefinitionBuilder; import org.springframework.beans.factory.xml.BeanDefinitionParser; import org.springframework.beans.factory.xml.ParserContext; +import org.springframework.security.config.BeanIds; +import org.springframework.security.config.Elements; +import org.springframework.security.config.authentication.ConfigUtils; +import org.springframework.security.config.authentication.PasswordEncoderParser; import org.springframework.util.StringUtils; import org.springframework.util.xml.DomUtils; import org.w3c.dom.Element; diff --git a/config/src/main/java/org/springframework/security/config/LdapServerBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/ldap/LdapServerBeanDefinitionParser.java similarity index 98% rename from config/src/main/java/org/springframework/security/config/LdapServerBeanDefinitionParser.java rename to config/src/main/java/org/springframework/security/config/ldap/LdapServerBeanDefinitionParser.java index 6f8c4572c0..59856f5039 100644 --- a/config/src/main/java/org/springframework/security/config/LdapServerBeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/ldap/LdapServerBeanDefinitionParser.java @@ -1,4 +1,4 @@ -package org.springframework.security.config; +package org.springframework.security.config.ldap; import javax.naming.directory.Attribute; import javax.naming.directory.Attributes; @@ -12,6 +12,7 @@ import org.springframework.beans.factory.config.BeanDefinition; import org.springframework.beans.factory.support.RootBeanDefinition; import org.springframework.beans.factory.support.BeanDefinitionBuilder; import org.springframework.beans.factory.support.ManagedSet; +import org.springframework.security.config.BeanIds; import org.springframework.util.StringUtils; import org.w3c.dom.Element; diff --git a/config/src/main/java/org/springframework/security/config/LdapUserServiceBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/ldap/LdapUserServiceBeanDefinitionParser.java similarity index 97% rename from config/src/main/java/org/springframework/security/config/LdapUserServiceBeanDefinitionParser.java rename to config/src/main/java/org/springframework/security/config/ldap/LdapUserServiceBeanDefinitionParser.java index 54920a4c77..4d17d0c40d 100644 --- a/config/src/main/java/org/springframework/security/config/LdapUserServiceBeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/ldap/LdapUserServiceBeanDefinitionParser.java @@ -1,4 +1,4 @@ -package org.springframework.security.config; +package org.springframework.security.config.ldap; import org.springframework.beans.BeanMetadataElement; import org.springframework.beans.factory.xml.ParserContext; @@ -7,6 +7,8 @@ import org.springframework.beans.factory.support.BeanDefinitionRegistry; import org.springframework.beans.factory.support.RootBeanDefinition; import org.springframework.beans.factory.config.BeanDefinition; import org.springframework.beans.factory.config.RuntimeBeanReference; +import org.springframework.security.config.BeanIds; +import org.springframework.security.config.authentication.AbstractUserDetailsServiceBeanDefinitionParser; import org.springframework.util.StringUtils; import org.w3c.dom.Element; @@ -107,7 +109,7 @@ public class LdapUserServiceBeanDefinitionParser extends AbstractUserDetailsServ return; } - BeanDefinitionBuilder bdb = BeanDefinitionBuilder.rootBeanDefinition("org.springframework.security.config.ContextSourceSettingPostProcessor"); + BeanDefinitionBuilder bdb = BeanDefinitionBuilder.rootBeanDefinition(ContextSourceSettingPostProcessor.class); bdb.addPropertyValue("defaultNameRequired", Boolean.valueOf(defaultNameRequired)); registry.registerBeanDefinition(BeanIds.CONTEXT_SOURCE_SETTING_POST_PROCESSOR, bdb.getBeanDefinition()); } diff --git a/config/src/main/java/org/springframework/security/config/CustomAfterInvocationProviderBeanDefinitionDecorator.java b/config/src/main/java/org/springframework/security/config/method/CustomAfterInvocationProviderBeanDefinitionDecorator.java similarity index 81% rename from config/src/main/java/org/springframework/security/config/CustomAfterInvocationProviderBeanDefinitionDecorator.java rename to config/src/main/java/org/springframework/security/config/method/CustomAfterInvocationProviderBeanDefinitionDecorator.java index f87f8581c9..607f9034fc 100644 --- a/config/src/main/java/org/springframework/security/config/CustomAfterInvocationProviderBeanDefinitionDecorator.java +++ b/config/src/main/java/org/springframework/security/config/method/CustomAfterInvocationProviderBeanDefinitionDecorator.java @@ -1,4 +1,4 @@ -package org.springframework.security.config; +package org.springframework.security.config.method; import org.springframework.beans.factory.config.BeanDefinitionHolder; import org.springframework.beans.factory.xml.BeanDefinitionDecorator; @@ -17,7 +17,7 @@ public class CustomAfterInvocationProviderBeanDefinitionDecorator implements Bea @SuppressWarnings("unchecked") public BeanDefinitionHolder decorate(Node node, BeanDefinitionHolder holder, ParserContext parserContext) { - ConfigUtils.getRegisteredAfterInvocationProviders(parserContext).add(holder.getBeanDefinition()); + MethodConfigUtils.getRegisteredAfterInvocationProviders(parserContext).add(holder.getBeanDefinition()); return holder; } diff --git a/config/src/main/java/org/springframework/security/config/GlobalMethodSecurityBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java similarity index 96% rename from config/src/main/java/org/springframework/security/config/GlobalMethodSecurityBeanDefinitionParser.java rename to config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java index 82f84375aa..e0364a884f 100644 --- a/config/src/main/java/org/springframework/security/config/GlobalMethodSecurityBeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java @@ -1,4 +1,4 @@ -package org.springframework.security.config; +package org.springframework.security.config.method; import static org.springframework.security.config.Elements.*; @@ -38,6 +38,8 @@ import org.springframework.security.access.prepost.PrePostAnnotationSecurityMeta import org.springframework.security.access.vote.AffirmativeBased; import org.springframework.security.access.vote.AuthenticatedVoter; import org.springframework.security.access.vote.RoleVoter; +import org.springframework.security.config.BeanIds; +import org.springframework.security.config.authentication.ConfigUtils; import org.springframework.util.StringUtils; import org.springframework.util.xml.DomUtils; import org.w3c.dom.Element; @@ -50,7 +52,7 @@ import org.w3c.dom.Element; * @version $Id$ * @since 2.0 */ -class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionParser { +public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionParser { private final Log logger = LogFactory.getLog(getClass()); @@ -58,7 +60,6 @@ class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionParser { * Internal Bean IDs which are only used within this class */ static final String SECURITY_INTERCEPTOR_ID = "_globalMethodSecurityInterceptor"; - static final String INTERCEPTOR_POST_PROCESSOR_ID = "_globalMethodSecurityInterceptorPostProcessor"; static final String ACCESS_MANAGER_ID = "_globalMethodSecurityAccessManager"; private static final String DELEGATING_METHOD_DEFINITION_SOURCE_ID = "_delegatingMethodSecurityMetadataSource"; private static final String EXPRESSION_HANDLER_ID = "_methodExpressionHandler"; @@ -141,7 +142,7 @@ class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionParser { } preInvocationVoter = preInvocationVoterBldr.getBeanDefinition(); - ConfigUtils.getRegisteredAfterInvocationProviders(pc).add(afterInvocationBldr.getBeanDefinition()); + MethodConfigUtils.getRegisteredAfterInvocationProviders(pc).add(afterInvocationBldr.getBeanDefinition()); delegates.add(mds.getBeanDefinition()); } @@ -215,7 +216,6 @@ class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionParser { parserContext.getReaderContext().error("Duplicate detected.", source); } RootBeanDefinition delegatingMethodSecurityMetadataSource = new RootBeanDefinition(DelegatingMethodSecurityMetadataSource.class); - delegatingMethodSecurityMetadataSource.setRole(BeanDefinition.ROLE_INFRASTRUCTURE); delegatingMethodSecurityMetadataSource.setSource(source); delegatingMethodSecurityMetadataSource.getPropertyValues().addPropertyValue("methodSecurityMetadataSources", delegates); parserContext.getRegistry().registerBeanDefinition(DELEGATING_METHOD_DEFINITION_SOURCE_ID, delegatingMethodSecurityMetadataSource); @@ -276,8 +276,7 @@ class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionParser { pc.getRegistry().registerBeanDefinition(SECURITY_INTERCEPTOR_ID, interceptor); pc.registerComponent(new BeanComponentDefinition(interceptor, SECURITY_INTERCEPTOR_ID)); - pc.getRegistry().registerBeanDefinition(INTERCEPTOR_POST_PROCESSOR_ID, - new RootBeanDefinition(MethodSecurityInterceptorPostProcessor.class)); + pc.getReaderContext().registerWithGeneratedName(new RootBeanDefinition(MethodSecurityInterceptorPostProcessor.class)); } private void registerAdvisor(ParserContext parserContext, Object source) { diff --git a/config/src/main/java/org/springframework/security/config/InterceptMethodsBeanDefinitionDecorator.java b/config/src/main/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecorator.java similarity index 92% rename from config/src/main/java/org/springframework/security/config/InterceptMethodsBeanDefinitionDecorator.java rename to config/src/main/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecorator.java index 9026599f16..828831caaa 100644 --- a/config/src/main/java/org/springframework/security/config/InterceptMethodsBeanDefinitionDecorator.java +++ b/config/src/main/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecorator.java @@ -1,4 +1,4 @@ -package org.springframework.security.config; +package org.springframework.security.config.method; import java.util.LinkedHashMap; import java.util.List; @@ -16,6 +16,9 @@ import org.springframework.security.access.ConfigAttribute; import org.springframework.security.access.SecurityConfig; import org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor; import org.springframework.security.access.method.MapBasedMethodSecurityMetadataSource; +import org.springframework.security.config.BeanIds; +import org.springframework.security.config.Elements; +import org.springframework.security.config.authentication.ConfigUtils; import org.springframework.util.StringUtils; import org.springframework.util.xml.DomUtils; import org.w3c.dom.Element; @@ -32,7 +35,7 @@ public class InterceptMethodsBeanDefinitionDecorator implements BeanDefinitionDe public BeanDefinitionHolder decorate(Node node, BeanDefinitionHolder definition, ParserContext parserContext) { ConfigUtils.registerProviderManagerIfNecessary(parserContext, (Element) node); - ConfigUtils.registerDefaultMethodAccessManagerIfNecessary(parserContext); + MethodConfigUtils.registerDefaultMethodAccessManagerIfNecessary(parserContext); return delegate.decorate(node, definition, parserContext); } diff --git a/config/src/main/java/org/springframework/security/config/method/MethodConfigUtils.java b/config/src/main/java/org/springframework/security/config/method/MethodConfigUtils.java new file mode 100644 index 0000000000..007d4ca6bb --- /dev/null +++ b/config/src/main/java/org/springframework/security/config/method/MethodConfigUtils.java @@ -0,0 +1,62 @@ +package org.springframework.security.config.method; + +import org.springframework.beans.factory.config.BeanDefinition; +import org.springframework.beans.factory.support.BeanDefinitionBuilder; +import org.springframework.beans.factory.support.ManagedList; +import org.springframework.beans.factory.support.RootBeanDefinition; +import org.springframework.beans.factory.xml.ParserContext; +import org.springframework.security.access.AccessDecisionVoter; +import org.springframework.security.access.intercept.AfterInvocationProviderManager; +import org.springframework.security.access.vote.AffirmativeBased; +import org.springframework.security.access.vote.AuthenticatedVoter; +import org.springframework.security.access.vote.RoleVoter; +import org.springframework.security.config.BeanIds; + +/** + * Utility methods used internally by the Spring Security namespace configuration code. + * + * @author Luke Taylor + * @author Ben Alex + * @version $Id: WebConfigUtils.java 3770 2009-07-15 23:09:47Z ltaylor $ + */ +abstract class MethodConfigUtils { + @SuppressWarnings("unchecked") + static void registerDefaultMethodAccessManagerIfNecessary(ParserContext parserContext) { + if (!parserContext.getRegistry().containsBeanDefinition(BeanIds.METHOD_ACCESS_MANAGER)) { + parserContext.getRegistry().registerBeanDefinition(BeanIds.METHOD_ACCESS_MANAGER, + createAccessManagerBean(RoleVoter.class, AuthenticatedVoter.class)); + } + } + + @SuppressWarnings("unchecked") + private static RootBeanDefinition createAccessManagerBean(Class... voters) { + ManagedList defaultVoters = new ManagedList(voters.length); + + for(Class voter : voters) { + defaultVoters.add(new RootBeanDefinition(voter)); + } + + BeanDefinitionBuilder accessMgrBuilder = BeanDefinitionBuilder.rootBeanDefinition(AffirmativeBased.class); + accessMgrBuilder.addPropertyValue("decisionVoters", defaultVoters); + return (RootBeanDefinition) accessMgrBuilder.getBeanDefinition(); + } + + @SuppressWarnings("unchecked") + static ManagedList getRegisteredAfterInvocationProviders(ParserContext parserContext) { + BeanDefinition manager = registerAfterInvocationProviderManagerIfNecessary(parserContext); + return (ManagedList) manager.getPropertyValues().getPropertyValue("providers").getValue(); + } + + @SuppressWarnings("unchecked") + static BeanDefinition registerAfterInvocationProviderManagerIfNecessary(ParserContext parserContext) { + if(parserContext.getRegistry().containsBeanDefinition(BeanIds.AFTER_INVOCATION_MANAGER)) { + return parserContext.getRegistry().getBeanDefinition(BeanIds.AFTER_INVOCATION_MANAGER); + } + + BeanDefinition manager = new RootBeanDefinition(AfterInvocationProviderManager.class); + manager.getPropertyValues().addPropertyValue("providers", new ManagedList()); + parserContext.getRegistry().registerBeanDefinition(BeanIds.AFTER_INVOCATION_MANAGER, manager); + + return manager; + } +} diff --git a/config/src/main/java/org/springframework/security/config/MethodSecurityInterceptorPostProcessor.java b/config/src/main/java/org/springframework/security/config/method/MethodSecurityInterceptorPostProcessor.java similarity index 89% rename from config/src/main/java/org/springframework/security/config/MethodSecurityInterceptorPostProcessor.java rename to config/src/main/java/org/springframework/security/config/method/MethodSecurityInterceptorPostProcessor.java index 20f7ae74f1..1433682490 100644 --- a/config/src/main/java/org/springframework/security/config/MethodSecurityInterceptorPostProcessor.java +++ b/config/src/main/java/org/springframework/security/config/method/MethodSecurityInterceptorPostProcessor.java @@ -1,4 +1,4 @@ -package org.springframework.security.config; +package org.springframework.security.config.method; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -8,6 +8,7 @@ import org.springframework.beans.factory.BeanFactoryAware; import org.springframework.beans.factory.config.BeanPostProcessor; import org.springframework.security.access.intercept.AfterInvocationManager; import org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor; +import org.springframework.security.config.BeanIds; /** * BeanPostProcessor which sets the AfterInvocationManager on the global MethodSecurityInterceptor, @@ -17,7 +18,7 @@ import org.springframework.security.access.intercept.aopalliance.MethodSecurityI * @version $Id$ * */ -public class MethodSecurityInterceptorPostProcessor implements BeanPostProcessor, BeanFactoryAware{ +class MethodSecurityInterceptorPostProcessor implements BeanPostProcessor, BeanFactoryAware{ private Log logger = LogFactory.getLog(getClass()); private BeanFactory beanFactory; diff --git a/config/src/main/java/org/springframework/security/config/ProtectPointcutPostProcessor.java b/config/src/main/java/org/springframework/security/config/method/ProtectPointcutPostProcessor.java similarity index 98% rename from config/src/main/java/org/springframework/security/config/ProtectPointcutPostProcessor.java rename to config/src/main/java/org/springframework/security/config/method/ProtectPointcutPostProcessor.java index 0212b3fc87..ef8db51f3e 100644 --- a/config/src/main/java/org/springframework/security/config/ProtectPointcutPostProcessor.java +++ b/config/src/main/java/org/springframework/security/config/method/ProtectPointcutPostProcessor.java @@ -1,4 +1,4 @@ -package org.springframework.security.config; +package org.springframework.security.config.method; import java.lang.reflect.Method; import java.util.HashSet; @@ -47,7 +47,7 @@ import org.springframework.util.StringUtils; * @since 2.0 * */ -public final class ProtectPointcutPostProcessor implements BeanPostProcessor { +final class ProtectPointcutPostProcessor implements BeanPostProcessor { private static final Log logger = LogFactory.getLog(ProtectPointcutPostProcessor.class); diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-2.0.4.rnc b/config/src/main/resources/org/springframework/security/config/spring-security-2.0.4.rnc deleted file mode 100644 index ba53ea0f10..0000000000 --- a/config/src/main/resources/org/springframework/security/config/spring-security-2.0.4.rnc +++ /dev/null @@ -1,506 +0,0 @@ -namespace a = "http://relaxng.org/ns/compatibility/annotations/1.0" -datatypes xsd = "http://www.w3.org/2001/XMLSchema-datatypes" - -default namespace = "http://www.springframework.org/schema/security" - -start = http | ldap-server | authentication-provider | ldap-authentication-provider | any-user-service | ldap-server | ldap-authentication-provider - -hash = - ## Defines the hashing algorithm used on user passwords. We recommend strongly against using MD4, as it is a very weak hashing algorithm. - attribute hash {"plaintext" | "sha" | "sha-256" | "md5" | "md4" | "{sha}" | "{ssha}"} -base64 = - ## Whether a string should be base64 encoded - attribute base64 {"true" | "false"} -path-type = - ## Defines the type of pattern used to specify URL paths (either JDK 1.4-compatible regular expressions, or Apache Ant expressions). Defaults to "ant" if unspecified. - attribute path-type {"ant" | "regex"} -port = - ## Specifies an IP port number. Used to configure an embedded LDAP server, for example. - attribute port { xsd:integer } -url = - ## Specifies a URL. - attribute url { xsd:string } -id = - ## A bean identifier, used for referring to the bean elsewhere in the context. - attribute id {xsd:ID} -ref = - ## Defines a reference to a Spring bean Id. - attribute ref {xsd:string} - -cache-ref = - ## Defines a reference to a cache for use with a UserDetailsService. - attribute cache-ref {xsd:string} - -user-service-ref = - ## A reference to a user-service (or UserDetailsService bean) Id - attribute user-service-ref {xsd:string} - -data-source-ref = - ## A reference to a DataSource bean - attribute data-source-ref {xsd:string} - -password-encoder = - ## element which defines a password encoding strategy. Used by an authentication provider to convert submitted passwords to hashed versions, for example. - element password-encoder {password-encoder.attlist, salt-source?} -password-encoder.attlist &= - ref | (hash? & base64?) - -salt-source = - ## Password salting strategy. A system-wide constant or a property from the UserDetails object can be used. - element salt-source {user-property | system-wide} -user-property = - ## A property of the UserDetails object which will be used as salt by a password encoder. Typically something like "username" might be used. - attribute user-property {xsd:string} -system-wide = - ## A single value that will be used as the salt for a password encoder. - attribute system-wide {xsd:string} - -boolean = "true" | "false" - -role-prefix = - ## A non-empty string prefix that will be added to role strings loaded from persistent storage (e.g. "ROLE_"). Use the value "none" for no prefix in cases where the default is non-empty. - attribute role-prefix {xsd:string} - - -ldap-server = - ## Defines an LDAP server location or starts an embedded server. The url indicates the location of a remote server. If no url is given, an embedded server will be started, listening on the supplied port number. The port is optional and defaults to 33389. A Spring LDAP ContextSource bean will be registered for the server with the id supplied. - element ldap-server {ldap-server.attlist} -ldap-server.attlist &= id? -ldap-server.attlist &= (url | port)? -ldap-server.attlist &= - ## Username (DN) of the "manager" user identity which will be used to authenticate to a (non-embedded) LDAP server. If omitted, anonymous access will be used. - attribute manager-dn {xsd:string}? -ldap-server.attlist &= - ## The password for the manager DN. - attribute manager-password {xsd:string}? -ldap-server.attlist &= - ## Explicitly specifies an ldif file resource to load into an embedded LDAP server - attribute ldif { xsd:string }? -ldap-server.attlist &= - ## Optional root suffix for the embedded LDAP server. Default is "dc=springframework,dc=org" - attribute root { xsd:string }? - -ldap-server-ref-attribute = - ## The optional server to use. If omitted, and a default LDAP server is registered (using with no Id), that server will be used. - attribute server-ref {xsd:string} - - -group-search-filter-attribute = - ## Group search filter. Defaults to (uniqueMember={0}). The substituted parameter is the DN of the user. - attribute group-search-filter {xsd:string} -group-search-base-attribute = - ## Search base for group membership searches. Defaults to "" (searching from the root). - attribute group-search-base {xsd:string} -user-search-filter-attribute = - ## The LDAP filter used to search for users (optional). For example "(uid={0})". The substituted parameter is the user's login name. - attribute user-search-filter {xsd:string} -user-search-base-attribute = - ## Search base for user searches. Defaults to "". Only used with a 'user-search-filter'. - attribute user-search-base {xsd:string} -group-role-attribute-attribute = - ## The LDAP attribute name which contains the role name which will be used within Spring Security. Defaults to "cn". - attribute group-role-attribute {xsd:string} -user-details-class-attribute = - ## Allows the objectClass of the user entry to be specified. If set, the framework will attempt to load standard attributes for the defined class into the returned UserDetails object - attribute user-details-class {"person" | "inetOrgPerson"} - - -ldap-user-service = - element ldap-user-service {ldap-us.attlist} -ldap-us.attlist &= id? -ldap-us.attlist &= - ldap-server-ref-attribute? -ldap-us.attlist &= - user-search-filter-attribute? -ldap-us.attlist &= - user-search-base-attribute? -ldap-us.attlist &= - group-search-filter-attribute? -ldap-us.attlist &= - group-search-base-attribute? -ldap-us.attlist &= - group-role-attribute-attribute? -ldap-us.attlist &= - cache-ref? -ldap-us.attlist &= - role-prefix? -ldap-us.attlist &= - user-details-class-attribute? - -ldap-authentication-provider = - ## Sets up an ldap authentication provider - element ldap-authentication-provider {ldap-ap.attlist, password-compare-element?} -ldap-ap.attlist &= - ldap-server-ref-attribute? -ldap-ap.attlist &= - user-search-base-attribute? -ldap-ap.attlist &= - user-search-filter-attribute? -ldap-ap.attlist &= - group-search-base-attribute? -ldap-ap.attlist &= - group-search-filter-attribute? -ldap-ap.attlist &= - group-role-attribute-attribute? -ldap-ap.attlist &= - ## A specific pattern used to build the user's DN, for example "uid={0},ou=people". The key "{0}" must be present and will be substituted with the username. - attribute user-dn-pattern {xsd:string}? -ldap-ap.attlist &= - role-prefix? -ldap-ap.attlist &= - user-details-class-attribute? - -password-compare-element = - ## Specifies that an LDAP provider should use an LDAP compare operation of the user's password to authenticate the user - element password-compare {password-compare.attlist, password-encoder?} - -password-compare.attlist &= - ## The attribute in the directory which contains the user password. Defaults to "userPassword". - attribute password-attribute {xsd:string}? -password-compare.attlist &= - hash? - -intercept-methods = - ## Can be used inside a bean definition to add a security interceptor to the bean and set up access configuration attributes for the bean's methods - element intercept-methods {intercept-methods.attlist, protect+} -intercept-methods.attlist &= - ## Optional AccessDecisionManager bean ID to be used by the created method security interceptor. - attribute access-decision-manager-ref {xsd:string}? - - -protect = - ## Defines a protected method and the access control configuration attributes that apply to it. We strongly advise you NOT to mix "protect" declarations with any services provided "global-method-security". - element protect {protect.attlist, empty} -protect.attlist &= - ## A method name - attribute method {xsd:string} -protect.attlist &= - ## Access configuration attributes list that applies to the method, e.g. "ROLE_A,ROLE_B". - attribute access {xsd:string} - - -global-method-security = - ## Provides method security for all beans registered in the Spring application context. Specifically, beans will be scanned for Spring Security annotations and/or matches with the ordered list of "protect-pointcut" sub-elements. Where there is a match, the beans will automatically be proxied and security authorization applied to the methods accordingly. If you use and enable all three sources of method security metadata (ie "protect-pointcut" declarations, @Secured and also JSR 250 security annotations), the metadata sources will be queried in that order. In practical terms, this enables you to use XML to override method security metadata expressed by way of @Secured annotations, with @Secured annotations overriding method security metadata expressed by JSR 250 annotations. It is perfectly acceptable to mix and match, with a given Java type using a combination of XML, @Secured and JSR 250 to express method security metadata (albeit on different methods). - element global-method-security {global-method-security.attlist, protect-pointcut*} -global-method-security.attlist &= - ## Specifies whether the use of Spring Security's @Secured annotations should be enabled for this application context. Please ensure you have the spring-security-tiger-xxx.jar on the classpath. Defaults to "disabled". - attribute secured-annotations {"disabled" | "enabled" }? -global-method-security.attlist &= - ## Specifies whether JSR-250 style attributes are to be used (for example "RolesAllowed"). This will require the javax.annotation.security classes on the classpath. Defaults to "disabled". - attribute jsr250-annotations {"disabled" | "enabled" }? -global-method-security.attlist &= - ## Optional AccessDecisionManager bean ID to override the default used for method security. - attribute access-decision-manager-ref {xsd:string}? - -custom-after-invocation-provider = - ## Used to decorate an AfterInvocationProvider to specify that it should be used with method security. - element custom-after-invocation-provider {empty} - -protect-pointcut = - ## Defines a protected pointcut and the access control configuration attributes that apply to it. Every bean registered in the Spring application context that provides a method that matches the pointcut will receive security authorization. - element protect-pointcut {protect-pointcut.attlist, empty} -protect-pointcut.attlist &= - ## An AspectJ expression, including the 'execution' keyword. For example, 'execution(int com.foo.TargetObject.countLength(String))' (without the quotes). - attribute expression {xsd:string} -protect-pointcut.attlist &= - ## Access configuration attributes list that applies to all methods matching the pointcut, e.g. "ROLE_A,ROLE_B" - attribute access {xsd:string} - - -http = - ## Container element for HTTP security configuration - element http {http.attlist, (intercept-url+ & form-login? & openid-login & x509? & http-basic? & logout? & concurrent-session-control? & remember-me? & anonymous? & port-mappings) } -http.attlist &= - ## Automatically registers a login form, BASIC authentication, anonymous authentication, logout services, remember-me and servlet-api-integration. If set to "true", all of these capabilities are added (although you can still customize the configuration of each by providing the respective element). If unspecified, defaults to "false". - attribute auto-config {boolean}? -http.attlist &= - ## Controls the eagerness with which an HTTP session is created. If not set, defaults to "ifRequired". - attribute create-session {"ifRequired" | "always" | "never" }? -http.attlist &= - ## The path format used to define the paths in child elements. - path-type? -http.attlist &= - ## Whether test URLs should be converted to lower case prior to comparing with defined path patterns. If unspecified, defaults to "true". - attribute lowercase-comparisons {boolean}? -http.attlist &= - ## Provides versions of HttpServletRequest security methods such as isUserInRole() and getPrincipal() which are implemented by accessing the Spring SecurityContext. Defaults to "true". - attribute servlet-api-provision {boolean}? -http.attlist &= - ## Optional attribute specifying the ID of the AccessDecisionManager implementation which should be used for authorizing HTTP requests. - attribute access-decision-manager-ref {xsd:string}? -http.attlist &= - ## Optional attribute specifying the realm name that will be used for all authentication features that require a realm name (eg BASIC and Digest authentication). If unspecified, defaults to "Spring Security Application". - attribute realm {xsd:string}? -http.attlist &= - ## Indicates whether an existing session should be invalidated when a user authenticates and a new session started. If set to "none" no change will be made. "newSession" will create a new empty session. "migrateSession" will create a new session and copy the session attributes to the new session. Defaults to "migrateSession". - attribute session-fixation-protection {"none" | "newSession" | "migrateSession" }? -http.attlist &= - ## Allows a customized AuthenticationEntryPoint to be used. - attribute entry-point-ref {xsd:string}? -http.attlist &= - ## Corresponds to the observeOncePerRequest property of FilterSecurityInterceptor. Defaults to "true" - attribute once-per-request {boolean}? -http.attlist &= - ## Allows the access denied page to be set (the user will be redirected here if an AccessDeniedException is raised). - attribute access-denied-page {xsd:string}? - -intercept-url = - ## Specifies the access attributes and/or filter list for a particular set of URLs. - element intercept-url {intercept-url.attlist, empty} -intercept-url.attlist &= - ## The pattern which defines the URL path. The content will depend on the type set in the containing http element, so will default to ant path syntax. - attribute pattern {xsd:string} -intercept-url.attlist &= - ## The access configuration attributes that apply for the configured path. - attribute access {xsd:string}? -intercept-url.attlist &= - ## The HTTP Method for which the access configuration attributes should apply. If not specified, the attributes will apply to any method. - attribute method {"GET" | "DELETE" | "HEAD" | "OPTIONS" | "POST" | "PUT" | "TRACE"}? - -intercept-url.attlist &= - ## The filter list for the path. Currently can be set to "none" to remove a path from having any filters applied. The full filter stack (consisting of all filters created by the namespace configuration, and any added using 'custom-filter'), will be applied to any other paths. - attribute filters {"none"}? -intercept-url.attlist &= - ## Used to specify that a URL must be accessed over http or https, or that there is no preference. - attribute requires-channel {"http" | "https" | "any"}? - -logout = - ## Incorporates a logout processing filter. Most web applications require a logout filter, although you may not require one if you write a controller to provider similar logic. - element logout {logout.attlist, empty} -logout.attlist &= - ## Specifies the URL that will cause a logout. Spring Security will initialize a filter that responds to this particular URL. Defaults to /j_spring_security_logout if unspecified. - attribute logout-url {xsd:string}? -logout.attlist &= - ## Specifies the URL to display once the user has logged out. If not specified, defaults to /. - attribute logout-success-url {xsd:string}? -logout.attlist &= - ## Specifies whether a logout also causes HttpSession invalidation, which is generally desirable. If unspecified, defaults to true. - attribute invalidate-session {boolean}? - -form-login = - ## Sets up a form login configuration for authentication with a username and password - element form-login {form-login.attlist, empty} -form-login.attlist &= - ## The URL that the login form is posted to. If unspecified, it defaults to /j_spring_security_check. - attribute login-processing-url {xsd:string}? -form-login.attlist &= - ## The URL that will be redirected to after successful authentication, if the user's previous action could not be resumed. This generally happens if the user visits a login page without having first requested a secured operation that triggers authentication. If unspecified, defaults to the root of the application. - attribute default-target-url {xsd:string}? -form-login.attlist &= - ## Whether the user should always be redirected to the default-target-url after login. - attribute always-use-default-target {boolean}? -form-login.attlist &= - ## The URL for the login page. If no login URL is specified, Spring Security will automatically create a login URL at /spring_security_login and a corresponding filter to render that login URL when requested. - attribute login-page {xsd:string}? -form-login.attlist &= - ## The URL for the login failure page. If no login failure URL is specified, Spring Security will automatically create a failure login URL at /spring_security_login?login_error and a corresponding filter to render that login failure URL when requested. - attribute authentication-failure-url {xsd:string}? - -openid-login = - ## Sets up form login for authentication with an Open ID identity - element openid-login {form-login.attlist, user-service-ref?, empty} - - -filter-chain-map = - ## Used to explicitly configure a FilterChainProxy instance with a FilterChainMap - element filter-chain-map {filter-chain-map.attlist, filter-chain+} -filter-chain-map.attlist &= - path-type - -filter-chain = - ## Used within filter-chain-map to define a specific URL pattern and the list of filters which apply to the URLs matching that pattern. When multiple filter-chain elements are used within a filter-chain-map element, the most specific patterns must be placed at the top of the list, with most general ones at the bottom. - element filter-chain {filter-chain.attlist, empty} -filter-chain.attlist &= - attribute pattern {xsd:string} -filter-chain.attlist &= - attribute filters {xsd:string} - -filter-invocation-definition-source = - ## Used to explicitly configure a FilterInvocationDefinitionSource bean for use with a FilterSecurityInterceptor. Usually only needed if you are configuring a FilterChainProxy explicitly, rather than using the element. The intercept-url elements used should only contain pattern, method and access attributes. Any others will result in a configuration error. - element filter-invocation-definition-source {fids.attlist, intercept-url+} -fids.attlist &= - id? -fids.attlist &= - ## as for http element - attribute lowercase-comparisons {boolean}? -fids.attlist &= - ## as for http element - path-type? - -http-basic = - ## Adds support for basic authentication (this is an element to permit future expansion, such as supporting an "ignoreFailure" attribute) - element http-basic {empty} - - -concurrent-session-control = - ## Adds support for concurrent session control, allowing limits to be placed on the number of sessions a user can have. - element concurrent-session-control {concurrent-sessions.attlist, empty} -concurrent-sessions.attlist &= - ## The maximum number of sessions a single user can have open at the same time. Defaults to "1". - attribute max-sessions {xsd:positiveInteger}? -concurrent-sessions.attlist &= - ## The URL a user will be redirected to if they attempt to use a session which has been "expired" by the concurrent session controller because they have logged in again. - attribute expired-url {xsd:string}? -concurrent-sessions.attlist &= - ## Specifies that an exception should be raised when a user attempts to login when they already have the maximum configured sessions open. The default behaviour is to expire the original session. - attribute exception-if-maximum-exceeded {boolean}? -concurrent-sessions.attlist &= - ## Allows you to define an alias for the SessionRegistry bean in order to access it in your own configuration - attribute session-registry-alias {xsd:string}? -concurrent-sessions.attlist &= - ## A reference to an external SessionRegistry implementation which will be used in place of the standard one. - attribute session-registry-ref {xsd:string}? - -remember-me = - ## Sets up remember-me authentication. If used with the "key" attribute (or no attributes) the cookie-only implementation will be used. Specifying "token-repository-ref" or "remember-me-data-source-ref" will use the more secure, persisten token approach. - element remember-me {remember-me.attlist} -remember-me.attlist &= - ## The "key" used to identify cookies from a specific token-based remember-me application. You should set this to a unique value for your application. - attribute key {xsd:string}? - -remember-me.attlist &= - (token-repository-ref | remember-me-data-source-ref | remember-me-services-ref) - -remember-me.attlist &= - user-service-ref? - -remember-me.attlist &= - ## The period (in seconds) for which the remember-me cookie should be valid. - attribute token-validity-seconds {xsd:positiveInteger}? - -token-repository-ref = - ## Reference to a PersistentTokenRepository bean for use with the persistent token remember-me implementation. - attribute token-repository-ref {xsd:string} -remember-me-services-ref = - ## Allows a custom implementation of RememberMeServices to be used. Note that this implementation should return RememberMeAuthenticationToken instances with the same "key" value as specified in the remember-me element. Alternatively it should register its own AuthenticationProvider. - attribute services-ref {xsd:string}? -remember-me-data-source-ref = - ## DataSource bean for the database that contains the token repository schema. - data-source-ref - -anonymous = - ## Adds support for automatically granting all anonymous web requests a particular principal identity and a corresponding granted authority. - element anonymous {anonymous.attlist} -anonymous.attlist &= - ## The key shared between the provider and filter. This generally does not need to be set. If unset, it will default to "doesNotMatter". - attribute key {xsd:string}? -anonymous.attlist &= - ## The username that should be assigned to the anonymous request. This allows the principal to be identified, which may be important for logging and auditing. if unset, defaults to "anonymousUser". - attribute username {xsd:string}? -anonymous.attlist &= - ## The granted authority that should be assigned to the anonymous request. Commonly this is used to assign the anonymous request particular roles, which can subsequently be used in authorization decisions. If unset, defaults to "ROLE_ANONYMOUS". - attribute granted-authority {xsd:string}? - -port-mappings = - ## Defines the list of mappings between http and https ports for use in redirects - element port-mappings {port-mappings.attlist, port-mapping+} - -port-mappings.attlist &= empty - -port-mapping = - element port-mapping {http-port, https-port} - -http-port = attribute http {xsd:string} - -https-port = attribute https {xsd:string} - - -x509 = - ## Adds support for X.509 client authentication. - element x509 {x509.attlist} -x509.attlist &= - ## The regular expression used to obtain the username from the certificate's subject. Defaults to matching on the common name using the pattern "CN=(.*?),". - attribute subject-principal-regex {xsd:string}? -x509.attlist &= - ## Explicitly specifies which user-service should be used to load user data for X.509 authenticated clients. If ommitted, the default user-service will be used. - user-service-ref? - -authentication-manager = - ## If you are using namespace configuration with Spring Security, an AuthenticationManager will automatically be registered. This element allows you to define an alias to allow you to reference the authentication-manager in your own beans. - element authentication-manager {authman.attlist} -authman.attlist &= - ## The alias you wish to use for the AuthenticationManager bean - attribute alias {xsd:ID} -authman.attlist &= - ## Allows the session controller to be set on the internal AuthenticationManager. This should not be used with the element - attribute session-controller-ref {xsd:string}? - - -authentication-provider = - ## Indicates that the contained user-service should be used as an authentication source. - element authentication-provider {ap.attlist & any-user-service & password-encoder?} -ap.attlist &= - ## Specifies a reference to a separately configured UserDetailsService from which to obtain authentication data. - user-service-ref? - -custom-authentication-provider = - ## Element used to decorate an AuthenticationProvider bean to add it to the internal AuthenticationManager maintained by the namespace. - element custom-authentication-provider {cap.attlist} -cap.attlist &= empty - -user-service = - ## Creates an in-memory UserDetailsService from a properties file or a list of "user" child elements. - element user-service {id? & (properties-file | (user*))} -properties-file = - attribute properties {xsd:string}? - -user = - ## Represents a user in the application. - element user {user.attlist, empty} -user.attlist &= - ## The username assigned to the user. - attribute name {xsd:string} -user.attlist &= - ## The password assigned to the user. This may be hashed if the corresponding authentication provider supports hashing (remember to set the "hash" attribute of the "user-service" element). - attribute password {xsd:string} -user.attlist &= - ## One of more authorities granted to the user. Separate authorities with a comma (but no space). For example, "ROLE_USER,ROLE_ADMINISTRATOR" - attribute authorities {xsd:string} -user.attlist &= - ## Can be set to "true" to mark an account as locked and unusable. - attribute locked {boolean}? -user.attlist &= - ## Can be set to "true" to mark an account as disabled and unusable. - attribute disabled {boolean}? - -jdbc-user-service = - ## Causes creation of a JDBC-based UserDetailsService. - element jdbc-user-service {id? & jdbc-user-service.attlist} -jdbc-user-service.attlist &= - ## The bean ID of the DataSource which provides the required tables. - attribute data-source-ref {xsd:string} -jdbc-user-service.attlist &= - cache-ref? -jdbc-user-service.attlist &= - ## An SQL statement to query a username, password, and enabled status given a username - attribute users-by-username-query {xsd:string}? -jdbc-user-service.attlist &= - ## An SQL statement to query for a user's granted authorities given a username. - attribute authorities-by-username-query {xsd:string}? -jdbc-user-service.attlist &= - ## An SQL statement to query user's group authorities given a username. - attribute group-authorities-by-username-query {xsd:string}? -jdbc-user-service.attlist &= - role-prefix? - - -any-user-service = user-service | jdbc-user-service | ldap-user-service - -custom-filter = - ## Used to indicate that a filter bean declaration should be incorporated into the security filter chain. If neither the 'after' or 'before' options are supplied, then the filter must implement the Ordered interface directly. - element custom-filter {after | before | position}? -after = - ## The filter immediately after which the custom-filter should be placed in the chain. This feature will only be needed by advanced users who wish to mix their own filters into the security filter chain and have some knowledge of the standard Spring Security filters. The filter names map to specific Spring Security implementation filters. - attribute after {named-security-filter} -before = - ## The filter immediately before which the custom-filter should be placed in the chain - attribute before {named-security-filter} -position = - ## The explicit position at which the custom-filter should be placed in the chain. Use if you are replacing a standard filter. - attribute position {named-security-filter} - - - -named-security-filter = "FIRST" | "CHANNEL_FILTER" | "CONCURRENT_SESSION_FILTER" | "SESSION_CONTEXT_INTEGRATION_FILTER" | "LOGOUT_FILTER" | "X509_FILTER" | "PRE_AUTH_FILTER" | "CAS_PROCESSING_FILTER" | "AUTHENTICATION_PROCESSING_FILTER" | "OPENID_PROCESSING_FILTER" |"BASIC_PROCESSING_FILTER" | "SERVLET_API_SUPPORT_FILTER" | "REMEMBER_ME_FILTER" | "ANONYMOUS_FILTER" | "EXCEPTION_TRANSLATION_FILTER" | "NTLM_FILTER" | "FILTER_SECURITY_INTERCEPTOR" | "SWITCH_USER_FILTER" | "LAST" - - diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-3.0.rnc b/config/src/main/resources/org/springframework/security/config/spring-security-3.0.rnc index 6915ca1cbf..3e91003338 100644 --- a/config/src/main/resources/org/springframework/security/config/spring-security-3.0.rnc +++ b/config/src/main/resources/org/springframework/security/config/spring-security-3.0.rnc @@ -411,6 +411,9 @@ concurrent-sessions.attlist &= concurrent-sessions.attlist &= ## A reference to an external SessionRegistry implementation which will be used in place of the standard one. attribute session-registry-ref {xsd:token}? +concurrent-sessions.attlist &= + ## Allows a custom session controller to be set on the internal http AuthenticationManager. If used, the session-registry-ref attribute must also be set. + attribute session-controller-ref {xsd:token}? remember-me = ## Sets up remember-me authentication. If used with the "key" attribute (or no attributes) the cookie-only implementation will be used. Specifying "token-repository-ref" or "remember-me-data-source-ref" will use the more secure, persisten token approach. @@ -490,10 +493,6 @@ authentication-manager = authman.attlist &= ## The alias you wish to use for the AuthenticationManager bean attribute alias {xsd:ID} -authman.attlist &= - ## Allows the session controller to be set on the internal AuthenticationManager. This should not be used with the element - attribute session-controller-ref {xsd:token}? - authentication-provider = ## Indicates that the contained user-service should be used as an authentication source. diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-3.0.xsd b/config/src/main/resources/org/springframework/security/config/spring-security-3.0.xsd index 351594b948..f1f8239581 100644 --- a/config/src/main/resources/org/springframework/security/config/spring-security-3.0.xsd +++ b/config/src/main/resources/org/springframework/security/config/spring-security-3.0.xsd @@ -1290,6 +1290,13 @@ be used in place of the standard one. + + + Allows a custom session controller to be set on the internal http + AuthenticationManager. If used, the session-registry-ref attribute must also be + set. + + @@ -1420,13 +1427,6 @@ bean - - - Allows the session controller to be set on the internal - AuthenticationManager. This should not be used with the - <concurrent-session-control /> element - - diff --git a/config/src/test/java/org/springframework/security/config/MockUserServiceBeanPostProcessor.java b/config/src/test/java/org/springframework/security/config/MockUserServiceBeanPostProcessor.java index 4e40c15858..d54e719b6c 100644 --- a/config/src/test/java/org/springframework/security/config/MockUserServiceBeanPostProcessor.java +++ b/config/src/test/java/org/springframework/security/config/MockUserServiceBeanPostProcessor.java @@ -7,7 +7,7 @@ import org.springframework.beans.factory.config.BeanPostProcessor; * Test bean post processor which injects a message into a PostProcessedMockUserDetailsService. * * @author Luke Taylor - * @version $Id$ + * @version $Id: MockUserServiceBeanPostProcessor.java 3541 2009-03-23 04:23:48Z ltaylor $ */ public class MockUserServiceBeanPostProcessor implements BeanPostProcessor { diff --git a/config/src/test/java/org/springframework/security/config/SessionRegistryInjectionBeanPostProcessorTests.java b/config/src/test/java/org/springframework/security/config/SessionRegistryInjectionBeanPostProcessorTests.java deleted file mode 100644 index 9ca9df72df..0000000000 --- a/config/src/test/java/org/springframework/security/config/SessionRegistryInjectionBeanPostProcessorTests.java +++ /dev/null @@ -1,69 +0,0 @@ -package org.springframework.security.config; - -import static org.junit.Assert.*; - -import org.junit.After; -import org.junit.Test; -import org.springframework.context.support.AbstractXmlApplicationContext; -import org.springframework.security.authentication.concurrent.ConcurrentSessionController; -import org.springframework.security.authentication.concurrent.ConcurrentSessionControllerImpl; -import org.springframework.security.authentication.concurrent.SessionRegistryImpl; -import org.springframework.security.config.util.InMemoryXmlApplicationContext; -import org.springframework.security.core.Authentication; -import org.springframework.security.core.AuthenticationException; -import org.springframework.security.util.FieldUtils; - -/** - * - * @author Luke Taylor - * $Id$ - */ -public class SessionRegistryInjectionBeanPostProcessorTests { - private AbstractXmlApplicationContext appContext; - - @After - public void closeAppContext() { - if (appContext != null) { - appContext.close(); - appContext = null; - } - } - - private void setContext(String context) { - appContext = new InMemoryXmlApplicationContext(context); - } - - @Test - public void sessionRegistryIsSetOnFiltersWhenUsingCustomControllerWithInternalRegistryBean() throws Exception { - setContext( - "" + - "" + - " " + - " " + - " " + - "" + - "" + - ConfigTestUtils.AUTH_PROVIDER_XML); - assertNotNull(FieldUtils.getFieldValue(appContext.getBean(BeanIds.SESSION_FIXATION_PROTECTION_FILTER), "sessionRegistry")); - assertNotNull(FieldUtils.getFieldValue(appContext.getBean(BeanIds.FORM_LOGIN_FILTER), "sessionRegistry")); - } - - @Test - public void sessionRegistryIsSetOnFiltersWhenUsingCustomControllerWithNonStandardController() throws Exception { - setContext( - "" + - "" + - "" + - "" + - ConfigTestUtils.AUTH_PROVIDER_XML); - assertNotNull(FieldUtils.getFieldValue(appContext.getBean(BeanIds.SESSION_FIXATION_PROTECTION_FILTER), "sessionRegistry")); - assertNotNull(FieldUtils.getFieldValue(appContext.getBean(BeanIds.FORM_LOGIN_FILTER), "sessionRegistry")); - } - - public static class MockConcurrentSessionController implements ConcurrentSessionController { - public void checkAuthenticationAllowed(Authentication request) throws AuthenticationException { - } - public void registerSuccessfulAuthentication(Authentication authentication) { - } - } -} diff --git a/config/src/test/java/org/springframework/security/config/TestBusinessBean.java b/config/src/test/java/org/springframework/security/config/TestBusinessBean.java index 0fc7895670..eac97164b8 100644 --- a/config/src/test/java/org/springframework/security/config/TestBusinessBean.java +++ b/config/src/test/java/org/springframework/security/config/TestBusinessBean.java @@ -2,7 +2,7 @@ package org.springframework.security.config; /** * @author luke - * @version $Id$ + * @version $Id: TestBusinessBean.java 3541 2009-03-23 04:23:48Z ltaylor $ */ public interface TestBusinessBean { diff --git a/config/src/test/java/org/springframework/security/config/TestBusinessBeanImpl.java b/config/src/test/java/org/springframework/security/config/TestBusinessBeanImpl.java index 4932cec72f..27f21a0601 100644 --- a/config/src/test/java/org/springframework/security/config/TestBusinessBeanImpl.java +++ b/config/src/test/java/org/springframework/security/config/TestBusinessBeanImpl.java @@ -5,7 +5,7 @@ import org.springframework.context.ApplicationListener; /** * @author Luke Taylor - * @version $Id$ + * @version $Id: TestBusinessBeanImpl.java 3729 2009-06-26 12:44:46Z ltaylor $ */ public class TestBusinessBeanImpl implements TestBusinessBean, ApplicationListener { public void setInteger(int i) { diff --git a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParserTests.java new file mode 100644 index 0000000000..95d8b7670b --- /dev/null +++ b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParserTests.java @@ -0,0 +1,55 @@ +package org.springframework.security.config.authentication; + +import static org.junit.Assert.assertFalse; + +import org.junit.Test; +import org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException; +import org.springframework.context.support.AbstractXmlApplicationContext; +import org.springframework.security.authentication.ProviderManager; +import org.springframework.security.authentication.concurrent.ConcurrentSessionControllerImpl; +import org.springframework.security.authentication.concurrent.SessionRegistryImpl; +import org.springframework.security.config.BeanIds; +import org.springframework.security.config.ConfigTestUtils; +import org.springframework.security.config.util.InMemoryXmlApplicationContext; +import org.springframework.security.util.FieldUtils; + +/** + * + * @author Luke Taylor + * @version $Id$ + */ +public class AuthenticationManagerBeanDefinitionParserTests { + private AbstractXmlApplicationContext appContext; + + private final String SESSION_CONTROLLER = + "" + + " " + + " " + + " " + + ""; + + @Test + public void sessionControllerRefAttributeIsSupportedFor204ContextButHasNoEffect() throws Exception { + setContext( + "" + + SESSION_CONTROLLER + + "" + + ConfigTestUtils.AUTH_PROVIDER_XML, "2.0.4"); + ProviderManager pm = (ProviderManager) appContext.getBean(BeanIds.AUTHENTICATION_MANAGER); + assertFalse(FieldUtils.getFieldValue(pm, "sessionController") instanceof ConcurrentSessionControllerImpl); + } + + @Test(expected=XmlBeanDefinitionStoreException.class) + public void sessionControllerRefAttributeIsRejectedFor30Context() throws Exception { + setContext( + "" + + SESSION_CONTROLLER + + "" + + ConfigTestUtils.AUTH_PROVIDER_XML, "3.0"); + appContext.getBean(BeanIds.AUTHENTICATION_MANAGER); + } + + private void setContext(String context, String version) { + appContext = new InMemoryXmlApplicationContext(context, version, null); + } +} diff --git a/config/src/test/java/org/springframework/security/config/AuthenticationProviderBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParserTests.java similarity index 96% rename from config/src/test/java/org/springframework/security/config/AuthenticationProviderBeanDefinitionParserTests.java rename to config/src/test/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParserTests.java index 669849cce1..30ec1830ac 100644 --- a/config/src/test/java/org/springframework/security/config/AuthenticationProviderBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParserTests.java @@ -1,4 +1,4 @@ -package org.springframework.security.config; +package org.springframework.security.config.authentication; import static org.junit.Assert.*; @@ -7,6 +7,8 @@ import org.springframework.security.authentication.ProviderManager; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.authentication.dao.ReflectionSaltSource; import org.springframework.security.authentication.encoding.ShaPasswordEncoder; +import org.springframework.security.config.BeanIds; +import org.springframework.security.config.authentication.AuthenticationProviderBeanDefinitionParser; import org.springframework.security.config.util.InMemoryXmlApplicationContext; import org.springframework.security.util.FieldUtils; import org.springframework.context.support.AbstractXmlApplicationContext; diff --git a/config/src/test/java/org/springframework/security/config/CustomAuthenticationProviderBeanDefinitionDecoratorTests.java b/config/src/test/java/org/springframework/security/config/authentication/CustomAuthenticationProviderBeanDefinitionDecoratorTests.java similarity index 94% rename from config/src/test/java/org/springframework/security/config/CustomAuthenticationProviderBeanDefinitionDecoratorTests.java rename to config/src/test/java/org/springframework/security/config/authentication/CustomAuthenticationProviderBeanDefinitionDecoratorTests.java index 3af8703e5c..2ee8a5b331 100644 --- a/config/src/test/java/org/springframework/security/config/CustomAuthenticationProviderBeanDefinitionDecoratorTests.java +++ b/config/src/test/java/org/springframework/security/config/authentication/CustomAuthenticationProviderBeanDefinitionDecoratorTests.java @@ -1,9 +1,10 @@ -package org.springframework.security.config; +package org.springframework.security.config.authentication; import static org.junit.Assert.*; import org.junit.Test; import org.springframework.security.authentication.ProviderManager; +import org.springframework.security.config.BeanIds; import org.springframework.security.config.util.InMemoryXmlApplicationContext; diff --git a/config/src/test/java/org/springframework/security/config/JdbcUserServiceBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParserTests.java similarity index 94% rename from config/src/test/java/org/springframework/security/config/JdbcUserServiceBeanDefinitionParserTests.java rename to config/src/test/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParserTests.java index 000292546a..d9d452f132 100644 --- a/config/src/test/java/org/springframework/security/config/JdbcUserServiceBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParserTests.java @@ -1,4 +1,4 @@ -package org.springframework.security.config; +package org.springframework.security.config.authentication; import static org.junit.Assert.*; import static org.mockito.Mockito.*; @@ -9,6 +9,10 @@ import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.ProviderManager; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.authentication.dao.DaoAuthenticationProvider; +import org.springframework.security.config.BeanIds; +import org.springframework.security.config.authentication.AbstractUserDetailsServiceBeanDefinitionParser; +import org.springframework.security.config.authentication.CachingUserDetailsService; +import org.springframework.security.config.authentication.JdbcUserServiceBeanDefinitionParser; import org.springframework.security.config.util.InMemoryXmlApplicationContext; import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.core.userdetails.UserDetails; diff --git a/config/src/test/java/org/springframework/security/config/UserServiceBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParserTests.java similarity index 98% rename from config/src/test/java/org/springframework/security/config/UserServiceBeanDefinitionParserTests.java rename to config/src/test/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParserTests.java index ef73b79039..0e0993e02c 100644 --- a/config/src/test/java/org/springframework/security/config/UserServiceBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParserTests.java @@ -1,4 +1,4 @@ -package org.springframework.security.config; +package org.springframework.security.config.authentication; import static org.junit.Assert.*; diff --git a/config/src/test/java/org/springframework/security/config/FilterSecurityMetadataSourceBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/FilterSecurityMetadataSourceBeanDefinitionParserTests.java similarity index 92% rename from config/src/test/java/org/springframework/security/config/FilterSecurityMetadataSourceBeanDefinitionParserTests.java rename to config/src/test/java/org/springframework/security/config/http/FilterSecurityMetadataSourceBeanDefinitionParserTests.java index d4baae64b7..9be6bb319c 100644 --- a/config/src/test/java/org/springframework/security/config/FilterSecurityMetadataSourceBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/http/FilterSecurityMetadataSourceBeanDefinitionParserTests.java @@ -1,4 +1,4 @@ -package org.springframework.security.config; +package org.springframework.security.config.http; import static org.junit.Assert.*; import static org.mockito.Mockito.*; @@ -13,6 +13,9 @@ import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; import org.springframework.security.access.ConfigAttribute; import org.springframework.security.access.SecurityConfig; +import org.springframework.security.config.BeanIds; +import org.springframework.security.config.ConfigTestUtils; +import org.springframework.security.config.http.FilterInvocationSecurityMetadataSourceBeanDefinitionParser; import org.springframework.security.config.util.InMemoryXmlApplicationContext; import org.springframework.security.web.FilterInvocation; import org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource; diff --git a/config/src/test/java/org/springframework/security/config/HttpSecurityBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParserTests.java similarity index 95% rename from config/src/test/java/org/springframework/security/config/HttpSecurityBeanDefinitionParserTests.java rename to config/src/test/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParserTests.java index e9a29635de..ab8eb25229 100644 --- a/config/src/test/java/org/springframework/security/config/HttpSecurityBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParserTests.java @@ -1,9 +1,9 @@ -package org.springframework.security.config; +package org.springframework.security.config.http; import static org.hamcrest.Matchers.*; import static org.junit.Assert.*; import static org.springframework.security.config.ConfigTestUtils.AUTH_PROVIDER_XML; -import static org.springframework.security.config.HttpSecurityBeanDefinitionParser.*; +import static org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.*; import java.lang.reflect.Method; import java.util.Iterator; @@ -31,6 +31,8 @@ import org.springframework.security.authentication.concurrent.ConcurrentLoginExc import org.springframework.security.authentication.concurrent.ConcurrentSessionController; import org.springframework.security.authentication.concurrent.ConcurrentSessionControllerImpl; import org.springframework.security.authentication.concurrent.SessionRegistryImpl; +import org.springframework.security.config.BeanIds; +import org.springframework.security.config.PostProcessedMockUserDetailsService; import org.springframework.security.config.util.InMemoryXmlApplicationContext; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.openid.OpenIDAuthenticationProcessingFilter; @@ -573,11 +575,44 @@ public class HttpSecurityBeanDefinitionParserTests { public void externalSessionRegistryBeanIsConfiguredCorrectly() throws Exception { setContext( "" + - " " + + " " + "" + - "" + + "" + AUTH_PROVIDER_XML); - Object sessionRegistry = appContext.getBean("seshRegistry"); + checkSessionRegistry(); + } + + @Test(expected=BeanDefinitionParsingException.class) + public void useOfExternalConcurrentSessionControllerRequiresSessionRegistryToBeSet() throws Exception { + setContext( + "" + + "" + + " " + + "" + + "" + + " " + + " " + + " " + + "" + AUTH_PROVIDER_XML); + } + + @Test + public void useOfExternalSessionControllerAndRegistryIsWiredCorrectly() throws Exception { + setContext( + "" + + "" + + " " + + "" + + "" + + " " + + "" + + "" + AUTH_PROVIDER_XML + ); + checkSessionRegistry(); + } + + private void checkSessionRegistry() throws Exception { + Object sessionRegistry = appContext.getBean("sr"); Object sessionRegistryFromConcurrencyFilter = FieldUtils.getFieldValue( getFilter(ConcurrentSessionFilter.class),"sessionRegistry"); Object sessionRegistryFromFormLoginFilter = FieldUtils.getFieldValue( diff --git a/config/src/test/java/org/springframework/security/config/LdapProviderBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/ldap/LdapProviderBeanDefinitionParserTests.java similarity index 94% rename from config/src/test/java/org/springframework/security/config/LdapProviderBeanDefinitionParserTests.java rename to config/src/test/java/org/springframework/security/config/ldap/LdapProviderBeanDefinitionParserTests.java index 4aef77d311..c8fab44d40 100644 --- a/config/src/test/java/org/springframework/security/config/LdapProviderBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/ldap/LdapProviderBeanDefinitionParserTests.java @@ -1,14 +1,14 @@ -package org.springframework.security.config; +package org.springframework.security.config.ldap; import static org.junit.Assert.*; -import static org.springframework.security.config.LdapProviderBeanDefinitionParser.*; +import static org.springframework.security.config.ldap.LdapProviderBeanDefinitionParser.*; import org.junit.After; import org.junit.Test; +import org.springframework.context.ApplicationContextException; import org.springframework.security.authentication.ProviderManager; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.config.BeanIds; -import org.springframework.security.config.SecurityConfigurationException; import org.springframework.security.config.util.InMemoryXmlApplicationContext; import org.springframework.security.core.Authentication; import org.springframework.security.ldap.authentication.BindAuthenticator; @@ -52,7 +52,7 @@ public class LdapProviderBeanDefinitionParserTests { assertEquals(3, ben.getAuthorities().size()); } - @Test(expected = SecurityConfigurationException.class) + @Test(expected = ApplicationContextException.class) public void missingServerEltCausesConfigException() { setContext(""); } diff --git a/config/src/test/java/org/springframework/security/config/LdapServerBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/ldap/LdapServerBeanDefinitionParserTests.java similarity index 97% rename from config/src/test/java/org/springframework/security/config/LdapServerBeanDefinitionParserTests.java rename to config/src/test/java/org/springframework/security/config/ldap/LdapServerBeanDefinitionParserTests.java index 7c0b32b2c3..2c9de7d2b1 100644 --- a/config/src/test/java/org/springframework/security/config/LdapServerBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/ldap/LdapServerBeanDefinitionParserTests.java @@ -1,4 +1,4 @@ -package org.springframework.security.config; +package org.springframework.security.config.ldap; import org.junit.After; import org.junit.Test; diff --git a/config/src/test/java/org/springframework/security/config/LdapUserServiceBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/ldap/LdapUserServiceBeanDefinitionParserTests.java similarity index 96% rename from config/src/test/java/org/springframework/security/config/LdapUserServiceBeanDefinitionParserTests.java rename to config/src/test/java/org/springframework/security/config/ldap/LdapUserServiceBeanDefinitionParserTests.java index 19e3594e24..e2a095b947 100644 --- a/config/src/test/java/org/springframework/security/config/LdapUserServiceBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/ldap/LdapUserServiceBeanDefinitionParserTests.java @@ -1,13 +1,14 @@ -package org.springframework.security.config; +package org.springframework.security.config.ldap; import static org.junit.Assert.*; import static org.mockito.Mockito.mock; -import static org.springframework.security.config.LdapUserServiceBeanDefinitionParser.*; +import static org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser.*; import java.util.Set; import org.junit.After; import org.junit.Test; +import org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser; import org.springframework.security.config.util.InMemoryXmlApplicationContext; import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.core.authority.GrantedAuthorityImpl; diff --git a/config/src/test/java/org/springframework/security/config/CustomAfterInvocationProviderBeanDefinitionDecoratorTests.java b/config/src/test/java/org/springframework/security/config/method/CustomAfterInvocationProviderBeanDefinitionDecoratorTests.java similarity index 85% rename from config/src/test/java/org/springframework/security/config/CustomAfterInvocationProviderBeanDefinitionDecoratorTests.java rename to config/src/test/java/org/springframework/security/config/method/CustomAfterInvocationProviderBeanDefinitionDecoratorTests.java index a0367340d1..666d7468ac 100644 --- a/config/src/test/java/org/springframework/security/config/CustomAfterInvocationProviderBeanDefinitionDecoratorTests.java +++ b/config/src/test/java/org/springframework/security/config/method/CustomAfterInvocationProviderBeanDefinitionDecoratorTests.java @@ -1,4 +1,4 @@ -package org.springframework.security.config; +package org.springframework.security.config.method; import static org.junit.Assert.*; @@ -7,6 +7,9 @@ import org.junit.Test; import org.springframework.context.support.AbstractXmlApplicationContext; import org.springframework.security.access.intercept.AfterInvocationProviderManager; import org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor; +import org.springframework.security.config.ConfigTestUtils; +import org.springframework.security.config.MockAfterInvocationProvider; +import org.springframework.security.config.method.GlobalMethodSecurityBeanDefinitionParser; import org.springframework.security.config.util.InMemoryXmlApplicationContext; public class CustomAfterInvocationProviderBeanDefinitionDecoratorTests { diff --git a/config/src/test/java/org/springframework/security/config/GlobalMethodSecurityBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java similarity index 97% rename from config/src/test/java/org/springframework/security/config/GlobalMethodSecurityBeanDefinitionParserTests.java rename to config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java index 56a579740b..fc41a8aadd 100644 --- a/config/src/test/java/org/springframework/security/config/GlobalMethodSecurityBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java @@ -1,4 +1,4 @@ -package org.springframework.security.config; +package org.springframework.security.config.method; import static org.junit.Assert.*; import static org.springframework.security.config.ConfigTestUtils.AUTH_PROVIDER_XML; @@ -23,6 +23,10 @@ import org.springframework.security.access.vote.AffirmativeBased; import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException; import org.springframework.security.authentication.TestingAuthenticationToken; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.config.BeanIds; +import org.springframework.security.config.ConfigTestUtils; +import org.springframework.security.config.PostProcessedMockUserDetailsService; +import org.springframework.security.config.method.GlobalMethodSecurityBeanDefinitionParser; import org.springframework.security.config.util.InMemoryXmlApplicationContext; import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.core.context.SecurityContextHolder; @@ -269,7 +273,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests { } private void setContext(String context, ApplicationContext parent) { - appContext = new InMemoryXmlApplicationContext(context, parent); + appContext = new InMemoryXmlApplicationContext(context, "3.0", parent); } } diff --git a/config/src/test/java/org/springframework/security/config/InterceptMethodsBeanDefinitionDecoratorTests.java b/config/src/test/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecoratorTests.java similarity index 96% rename from config/src/test/java/org/springframework/security/config/InterceptMethodsBeanDefinitionDecoratorTests.java rename to config/src/test/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecoratorTests.java index 0e81d9ccfd..0c7f860e0e 100644 --- a/config/src/test/java/org/springframework/security/config/InterceptMethodsBeanDefinitionDecoratorTests.java +++ b/config/src/test/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecoratorTests.java @@ -1,4 +1,4 @@ -package org.springframework.security.config; +package org.springframework.security.config.method; import static org.junit.Assert.*; @@ -12,6 +12,7 @@ import org.springframework.security.authentication.AuthenticationCredentialsNotF import org.springframework.security.authentication.TestingAuthenticationToken; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.authentication.event.AuthenticationSuccessEvent; +import org.springframework.security.config.TestBusinessBean; import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.core.context.SecurityContextHolder; diff --git a/config/src/test/java/org/springframework/security/config/Jsr250AnnotationDrivenBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/method/Jsr250AnnotationDrivenBeanDefinitionParserTests.java similarity index 96% rename from config/src/test/java/org/springframework/security/config/Jsr250AnnotationDrivenBeanDefinitionParserTests.java rename to config/src/test/java/org/springframework/security/config/method/Jsr250AnnotationDrivenBeanDefinitionParserTests.java index 2f7a40c88c..bfe88460e8 100644 --- a/config/src/test/java/org/springframework/security/config/Jsr250AnnotationDrivenBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/method/Jsr250AnnotationDrivenBeanDefinitionParserTests.java @@ -1,4 +1,4 @@ -package org.springframework.security.config; +package org.springframework.security.config.method; import org.junit.After; import org.junit.Before; @@ -7,6 +7,7 @@ import org.springframework.security.access.AccessDeniedException; import org.springframework.security.access.annotation.BusinessService; import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.config.ConfigTestUtils; import org.springframework.security.config.util.InMemoryXmlApplicationContext; import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.core.context.SecurityContextHolder; diff --git a/config/src/test/java/org/springframework/security/config/SecuredAnnotationDrivenBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/method/SecuredAnnotationDrivenBeanDefinitionParserTests.java similarity index 95% rename from config/src/test/java/org/springframework/security/config/SecuredAnnotationDrivenBeanDefinitionParserTests.java rename to config/src/test/java/org/springframework/security/config/method/SecuredAnnotationDrivenBeanDefinitionParserTests.java index 3e1a799ed9..ef21e04740 100644 --- a/config/src/test/java/org/springframework/security/config/SecuredAnnotationDrivenBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/method/SecuredAnnotationDrivenBeanDefinitionParserTests.java @@ -1,4 +1,4 @@ -package org.springframework.security.config; +package org.springframework.security.config.method; import org.junit.After; import org.junit.Before; @@ -7,6 +7,7 @@ import org.springframework.security.access.AccessDeniedException; import org.springframework.security.access.annotation.BusinessService; import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.config.ConfigTestUtils; import org.springframework.security.config.util.InMemoryXmlApplicationContext; import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.core.context.SecurityContextHolder; diff --git a/config/src/test/java/org/springframework/security/config/util/InMemoryXmlApplicationContext.java b/config/src/test/java/org/springframework/security/config/util/InMemoryXmlApplicationContext.java index f3c651179c..83cdb6f29a 100644 --- a/config/src/test/java/org/springframework/security/config/util/InMemoryXmlApplicationContext.java +++ b/config/src/test/java/org/springframework/security/config/util/InMemoryXmlApplicationContext.java @@ -17,22 +17,18 @@ public class InMemoryXmlApplicationContext extends AbstractXmlApplicationContext " xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'\n" + " xsi:schemaLocation='http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd\n" + "http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-2.5.xsd\n" + - "http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd'>\n"; + "http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-"; private static final String BEANS_CLOSE = "\n"; Resource inMemoryXml; public InMemoryXmlApplicationContext(String xml) { - this(xml, true, null); - } - - public InMemoryXmlApplicationContext(String xml, ApplicationContext parent) { - this(xml, true, parent); + this(xml, "3.0", null); } - public InMemoryXmlApplicationContext(String xml, boolean addBeansTags, ApplicationContext parent) { - String fullXml = addBeansTags ? BEANS_OPENING + xml + BEANS_CLOSE : xml; + public InMemoryXmlApplicationContext(String xml, String secVersion, ApplicationContext parent) { + String fullXml = BEANS_OPENING + secVersion + ".xsd'>\n" + xml + BEANS_CLOSE; inMemoryXml = new InMemoryResource(fullXml); setParent(parent); refresh();