SEC-1123: Renamed ObjectDefinitionSource to SecurityMetadataSourceand performed related refactoring
This commit is contained in:
parent
9b52e7bf69
commit
4aff4b2350
|
@ -27,7 +27,7 @@ import javax.annotation.security.RolesAllowed;
|
|||
|
||||
import org.springframework.core.annotation.AnnotationUtils;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.intercept.method.AbstractFallbackMethodDefinitionSource;
|
||||
import org.springframework.security.intercept.method.AbstractFallbackMethodSecurityMetadataSource;
|
||||
|
||||
|
||||
/**
|
||||
|
@ -37,7 +37,7 @@ import org.springframework.security.intercept.method.AbstractFallbackMethodDefin
|
|||
* @version $Id$
|
||||
* @since 2.0
|
||||
*/
|
||||
public class Jsr250MethodDefinitionSource extends AbstractFallbackMethodDefinitionSource {
|
||||
public class Jsr250MethodSecurityMetadataSource extends AbstractFallbackMethodSecurityMetadataSource {
|
||||
|
||||
protected List<ConfigAttribute> findAttributes(Class<?> clazz) {
|
||||
return processAnnotations(clazz.getAnnotations());
|
|
@ -24,7 +24,7 @@ import java.util.List;
|
|||
import org.springframework.core.annotation.AnnotationUtils;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.SecurityConfig;
|
||||
import org.springframework.security.intercept.method.AbstractFallbackMethodDefinitionSource;
|
||||
import org.springframework.security.intercept.method.AbstractFallbackMethodSecurityMetadataSource;
|
||||
|
||||
|
||||
/**
|
||||
|
@ -33,7 +33,7 @@ import org.springframework.security.intercept.method.AbstractFallbackMethodDefin
|
|||
* @author Ben Alex
|
||||
* @version $Id$
|
||||
*/
|
||||
public class SecuredMethodDefinitionSource extends AbstractFallbackMethodDefinitionSource {
|
||||
public class SecuredMethodSecurityMetadataSource extends AbstractFallbackMethodSecurityMetadataSource {
|
||||
|
||||
protected List<ConfigAttribute> findAttributes(Class<?> clazz) {
|
||||
return processAnnotation(clazz.getAnnotation(Secured.class));
|
|
@ -55,13 +55,10 @@ public abstract class BeanIds {
|
|||
public static final String DEFAULT_LOGIN_PAGE_GENERATING_FILTER = "_defaultLoginPageFilter";
|
||||
public static final String SECURITY_CONTEXT_HOLDER_AWARE_REQUEST_FILTER = "_securityContextHolderAwareRequestFilter";
|
||||
public static final String SESSION_FIXATION_PROTECTION_FILTER = "_sessionFixationProtectionFilter";
|
||||
// public static final String GLOBAL_METHOD_SECURITY_INTERCEPTOR = "_methodSecurityInterceptor";
|
||||
// public static final String METHOD_SECURITY_INTERCEPTOR_POST_PROCESSOR = "_methodSecurityInterceptorPostProcessor";
|
||||
public static final String METHOD_DEFINITION_SOURCE_ADVISOR = "_methodDefinitionSourceAdvisor";
|
||||
public static final String METHOD_SECURITY_METADATA_SOURCE_ADVISOR = "_methodSecurityMetadataSourceAdvisor";
|
||||
public static final String PROTECT_POINTCUT_POST_PROCESSOR = "_protectPointcutPostProcessor";
|
||||
// public static final String DELEGATING_METHOD_DEFINITION_SOURCE = "_delegatingMethodDefinitionSource";
|
||||
public static final String SECURED_METHOD_DEFINITION_SOURCE = "_securedMethodDefinitionSource";
|
||||
public static final String JSR_250_METHOD_DEFINITION_SOURCE = "_jsr250MethodDefinitionSource";
|
||||
public static final String SECURED_METHOD_SECURITY_METADATA_SOURCE = "_securedSecurityMetadataSource";
|
||||
public static final String JSR_250_METHOD_SECURITY_METADATA_SOURCE = "_jsr250SecurityMetadataSource";
|
||||
public static final String EMBEDDED_APACHE_DS = "_apacheDirectoryServerContainer";
|
||||
public static final String CONTEXT_SOURCE = "_securityContextSource";
|
||||
public static final String PORT_MAPPER = "_portMapper";
|
||||
|
|
|
@ -19,7 +19,7 @@ import org.springframework.core.Ordered;
|
|||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.config.ConfigUtils.FilterChainList;
|
||||
import org.springframework.security.context.SecurityContextPersistenceFilter;
|
||||
import org.springframework.security.intercept.web.DefaultFilterInvocationDefinitionSource;
|
||||
import org.springframework.security.intercept.web.DefaultFilterInvocationSecurityMetadataSource;
|
||||
import org.springframework.security.intercept.web.FilterSecurityInterceptor;
|
||||
import org.springframework.security.providers.anonymous.AnonymousAuthenticationToken;
|
||||
import org.springframework.security.providers.anonymous.AnonymousProcessingFilter;
|
||||
|
@ -147,8 +147,8 @@ public class FilterChainProxyPostProcessor implements BeanPostProcessor, BeanFac
|
|||
|
||||
FilterSecurityInterceptor fsi =
|
||||
((FilterSecurityInterceptor)beanFactory.getBean(BeanIds.FILTER_SECURITY_INTERCEPTOR));
|
||||
DefaultFilterInvocationDefinitionSource fids =
|
||||
(DefaultFilterInvocationDefinitionSource) fsi.getObjectDefinitionSource();
|
||||
DefaultFilterInvocationSecurityMetadataSource fids =
|
||||
(DefaultFilterInvocationSecurityMetadataSource) fsi.getSecurityMetadataSource();
|
||||
List<ConfigAttribute> attributes = fids.lookupAttributes(loginPage, "POST");
|
||||
|
||||
if (attributes == null) {
|
||||
|
|
|
@ -7,7 +7,7 @@ import org.springframework.beans.factory.support.BeanDefinitionBuilder;
|
|||
import org.springframework.beans.factory.xml.AbstractSingleBeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.intercept.web.FilterInvocationDefinitionSource;
|
||||
import org.springframework.security.intercept.web.FilterInvocationSecurityMetadataSource;
|
||||
import org.springframework.security.intercept.web.RequestKey;
|
||||
import org.springframework.security.util.AntUrlPathMatcher;
|
||||
import org.springframework.security.util.UrlMatcher;
|
||||
|
@ -16,15 +16,15 @@ import org.springframework.util.xml.DomUtils;
|
|||
import org.w3c.dom.Element;
|
||||
|
||||
/**
|
||||
* Allows for convenient creation of a {@link FilterInvocationDefinitionSource} bean for use with a FilterSecurityInterceptor.
|
||||
* Allows for convenient creation of a {@link FilterInvocationSecurityMetadataSource} bean for use with a FilterSecurityInterceptor.
|
||||
*
|
||||
* @author Luke Taylor
|
||||
* @version $Id$
|
||||
*/
|
||||
public class FilterInvocationDefinitionSourceBeanDefinitionParser extends AbstractSingleBeanDefinitionParser {
|
||||
public class FilterInvocationSecurityMetadataSourceBeanDefinitionParser extends AbstractSingleBeanDefinitionParser {
|
||||
|
||||
protected String getBeanClassName(Element element) {
|
||||
return "org.springframework.security.intercept.web.DefaultFilterInvocationDefinitionSource";
|
||||
return "org.springframework.security.intercept.web.DefaultFilterInvocationSecurityMetadataSource";
|
||||
}
|
||||
|
||||
protected void doParse(Element element, ParserContext parserContext, BeanDefinitionBuilder builder) {
|
|
@ -21,10 +21,10 @@ import org.springframework.security.SecurityConfig;
|
|||
import org.springframework.security.expression.method.MethodExpressionAfterInvocationProvider;
|
||||
import org.springframework.security.expression.method.MethodExpressionVoter;
|
||||
import org.springframework.security.expression.support.DefaultSecurityExpressionHandler;
|
||||
import org.springframework.security.intercept.method.DelegatingMethodDefinitionSource;
|
||||
import org.springframework.security.intercept.method.MapBasedMethodDefinitionSource;
|
||||
import org.springframework.security.intercept.method.DelegatingMethodSecurityMetadataSource;
|
||||
import org.springframework.security.intercept.method.MapBasedMethodSecurityMetadataSource;
|
||||
import org.springframework.security.intercept.method.ProtectPointcutPostProcessor;
|
||||
import org.springframework.security.intercept.method.aopalliance.MethodDefinitionSourceAdvisor;
|
||||
import org.springframework.security.intercept.method.aopalliance.MethodSecurityMetadataSourceAdvisor;
|
||||
import org.springframework.security.intercept.method.aopalliance.MethodSecurityInterceptor;
|
||||
import org.springframework.security.vote.AffirmativeBased;
|
||||
import org.springframework.security.vote.AuthenticatedVoter;
|
||||
|
@ -45,9 +45,9 @@ class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionParser {
|
|||
|
||||
private final Log logger = LogFactory.getLog(getClass());
|
||||
|
||||
private static final String SECURED_METHOD_DEFINITION_SOURCE_CLASS = "org.springframework.security.annotation.SecuredMethodDefinitionSource";
|
||||
private static final String EXPRESSION_METHOD_DEFINITION_SOURCE_CLASS = "org.springframework.security.expression.method.ExpressionAnnotationMethodDefinitionSource";
|
||||
private static final String JSR_250_SECURITY_METHOD_DEFINITION_SOURCE_CLASS = "org.springframework.security.annotation.Jsr250MethodDefinitionSource";
|
||||
private static final String SECURED_METHOD_DEFINITION_SOURCE_CLASS = "org.springframework.security.annotation.SecuredMethodSecurityMetadataSource";
|
||||
private static final String EXPRESSION_METHOD_DEFINITION_SOURCE_CLASS = "org.springframework.security.expression.method.ExpressionAnnotationMethodSecurityMetadataSource";
|
||||
private static final String JSR_250_SECURITY_METHOD_DEFINITION_SOURCE_CLASS = "org.springframework.security.annotation.Jsr250MethodSecurityMetadataSource";
|
||||
private static final String JSR_250_VOTER_CLASS = "org.springframework.security.annotation.Jsr250Voter";
|
||||
|
||||
/*
|
||||
|
@ -56,7 +56,7 @@ class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionParser {
|
|||
static final String SECURITY_INTERCEPTOR_ID = "_globalMethodSecurityInterceptor";
|
||||
static final String INTERCEPTOR_POST_PROCESSOR_ID = "_globalMethodSecurityInterceptorPostProcessor";
|
||||
static final String ACCESS_MANAGER_ID = "_globalMethodSecurityAccessManager";
|
||||
private static final String DELEGATING_METHOD_DEFINITION_SOURCE_ID = "_delegatingMethodDefinitionSource";
|
||||
private static final String DELEGATING_METHOD_DEFINITION_SOURCE_ID = "_delegatingMethodSecurityMetadataSource";
|
||||
private static final String EXPRESSION_HANDLER_ID = "_methodExpressionHandler";
|
||||
|
||||
private static final String ATT_ACCESS = "access";
|
||||
|
@ -83,9 +83,9 @@ class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionParser {
|
|||
|
||||
if (pointcutMap.size() > 0) {
|
||||
// SEC-1016: Put the pointcut MDS first, but only add it if there are actually any pointcuts defined.
|
||||
MapBasedMethodDefinitionSource mapBasedMethodDefinitionSource = new MapBasedMethodDefinitionSource();
|
||||
delegates.add(mapBasedMethodDefinitionSource);
|
||||
registerProtectPointcutPostProcessor(parserContext, pointcutMap, mapBasedMethodDefinitionSource, source);
|
||||
MapBasedMethodSecurityMetadataSource mapBasedMethodSecurityMetadataSource = new MapBasedMethodSecurityMetadataSource();
|
||||
delegates.add(mapBasedMethodSecurityMetadataSource);
|
||||
registerProtectPointcutPostProcessor(parserContext, pointcutMap, mapBasedMethodSecurityMetadataSource, source);
|
||||
}
|
||||
|
||||
if (expressionsEnabled) {
|
||||
|
@ -123,7 +123,7 @@ class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionParser {
|
|||
delegates.add(BeanDefinitionBuilder.rootBeanDefinition(JSR_250_SECURITY_METHOD_DEFINITION_SOURCE_CLASS).getBeanDefinition());
|
||||
}
|
||||
|
||||
registerDelegatingMethodDefinitionSource(parserContext, delegates, source);
|
||||
registerDelegatingMethodSecurityMetadataSource(parserContext, delegates, source);
|
||||
|
||||
String accessManagerId = element.getAttribute(ATT_ACCESS_MGR);
|
||||
|
||||
|
@ -167,24 +167,24 @@ class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionParser {
|
|||
}
|
||||
|
||||
@SuppressWarnings("unchecked")
|
||||
private void registerDelegatingMethodDefinitionSource(ParserContext parserContext, ManagedList delegates, Object source) {
|
||||
private void registerDelegatingMethodSecurityMetadataSource(ParserContext parserContext, ManagedList delegates, Object source) {
|
||||
if (parserContext.getRegistry().containsBeanDefinition(DELEGATING_METHOD_DEFINITION_SOURCE_ID)) {
|
||||
parserContext.getReaderContext().error("Duplicate <global-method-security> detected.", source);
|
||||
}
|
||||
RootBeanDefinition delegatingMethodDefinitionSource = new RootBeanDefinition(DelegatingMethodDefinitionSource.class);
|
||||
delegatingMethodDefinitionSource.setRole(BeanDefinition.ROLE_INFRASTRUCTURE);
|
||||
delegatingMethodDefinitionSource.setSource(source);
|
||||
delegatingMethodDefinitionSource.getPropertyValues().addPropertyValue("methodDefinitionSources", delegates);
|
||||
parserContext.getRegistry().registerBeanDefinition(DELEGATING_METHOD_DEFINITION_SOURCE_ID, delegatingMethodDefinitionSource);
|
||||
RootBeanDefinition delegatingMethodSecurityMetadataSource = new RootBeanDefinition(DelegatingMethodSecurityMetadataSource.class);
|
||||
delegatingMethodSecurityMetadataSource.setRole(BeanDefinition.ROLE_INFRASTRUCTURE);
|
||||
delegatingMethodSecurityMetadataSource.setSource(source);
|
||||
delegatingMethodSecurityMetadataSource.getPropertyValues().addPropertyValue("methodSecurityMetadataSources", delegates);
|
||||
parserContext.getRegistry().registerBeanDefinition(DELEGATING_METHOD_DEFINITION_SOURCE_ID, delegatingMethodSecurityMetadataSource);
|
||||
}
|
||||
|
||||
private void registerProtectPointcutPostProcessor(ParserContext parserContext,
|
||||
Map<String, List<ConfigAttribute>> pointcutMap,
|
||||
MapBasedMethodDefinitionSource mapBasedMethodDefinitionSource, Object source) {
|
||||
MapBasedMethodSecurityMetadataSource mapBasedMethodSecurityMetadataSource, Object source) {
|
||||
RootBeanDefinition ppbp = new RootBeanDefinition(ProtectPointcutPostProcessor.class);
|
||||
ppbp.setRole(BeanDefinition.ROLE_INFRASTRUCTURE);
|
||||
ppbp.setSource(source);
|
||||
ppbp.getConstructorArgumentValues().addGenericArgumentValue(mapBasedMethodDefinitionSource);
|
||||
ppbp.getConstructorArgumentValues().addGenericArgumentValue(mapBasedMethodSecurityMetadataSource);
|
||||
ppbp.getPropertyValues().addPropertyValue("pointcutMap", pointcutMap);
|
||||
parserContext.getRegistry().registerBeanDefinition(BeanIds.PROTECT_POINTCUT_POST_PROCESSOR, ppbp);
|
||||
}
|
||||
|
@ -224,7 +224,7 @@ class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionParser {
|
|||
|
||||
interceptor.getPropertyValues().addPropertyValue("accessDecisionManager", new RuntimeBeanReference(accessManagerId));
|
||||
interceptor.getPropertyValues().addPropertyValue("authenticationManager", new RuntimeBeanReference(BeanIds.AUTHENTICATION_MANAGER));
|
||||
interceptor.getPropertyValues().addPropertyValue("objectDefinitionSource", new RuntimeBeanReference(DELEGATING_METHOD_DEFINITION_SOURCE_ID));
|
||||
interceptor.getPropertyValues().addPropertyValue("securityMetadataSource", new RuntimeBeanReference(DELEGATING_METHOD_DEFINITION_SOURCE_ID));
|
||||
parserContext.getRegistry().registerBeanDefinition(SECURITY_INTERCEPTOR_ID, interceptor);
|
||||
parserContext.registerComponent(new BeanComponentDefinition(interceptor, SECURITY_INTERCEPTOR_ID));
|
||||
|
||||
|
@ -233,12 +233,12 @@ class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionParser {
|
|||
}
|
||||
|
||||
private void registerAdvisor(ParserContext parserContext, Object source) {
|
||||
RootBeanDefinition advisor = new RootBeanDefinition(MethodDefinitionSourceAdvisor.class);
|
||||
RootBeanDefinition advisor = new RootBeanDefinition(MethodSecurityMetadataSourceAdvisor.class);
|
||||
advisor.setRole(BeanDefinition.ROLE_INFRASTRUCTURE);
|
||||
advisor.setSource(source);
|
||||
advisor.getConstructorArgumentValues().addGenericArgumentValue(SECURITY_INTERCEPTOR_ID);
|
||||
advisor.getConstructorArgumentValues().addGenericArgumentValue(new RuntimeBeanReference(DELEGATING_METHOD_DEFINITION_SOURCE_ID));
|
||||
|
||||
parserContext.getRegistry().registerBeanDefinition(BeanIds.METHOD_DEFINITION_SOURCE_ADVISOR, advisor);
|
||||
parserContext.getRegistry().registerBeanDefinition(BeanIds.METHOD_SECURITY_METADATA_SOURCE_ADVISOR, advisor);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -22,7 +22,7 @@ import org.springframework.security.SecurityConfig;
|
|||
import org.springframework.security.context.HttpSessionSecurityContextRepository;
|
||||
import org.springframework.security.context.SecurityContextPersistenceFilter;
|
||||
import org.springframework.security.expression.web.WebExpressionVoter;
|
||||
import org.springframework.security.intercept.web.DefaultFilterInvocationDefinitionSource;
|
||||
import org.springframework.security.intercept.web.DefaultFilterInvocationSecurityMetadataSource;
|
||||
import org.springframework.security.intercept.web.FilterSecurityInterceptor;
|
||||
import org.springframework.security.intercept.web.RequestKey;
|
||||
import org.springframework.security.securechannel.ChannelDecisionManagerImpl;
|
||||
|
@ -106,7 +106,7 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
|
|||
|
||||
private static final String ATT_DISABLE_URL_REWRITING = "disable-url-rewriting";
|
||||
|
||||
private static final String EXPRESSION_FIDS_CLASS = "org.springframework.security.expression.web.ExpressionBasedFilterInvocationDefinitionSource";
|
||||
private static final String EXPRESSION_FIDS_CLASS = "org.springframework.security.expression.web.ExpressionBasedFilterInvocationSecurityMetadataSource";
|
||||
private static final String EXPRESSION_HANDLER_CLASS = "org.springframework.security.expression.support.DefaultSecurityExpressionHandler";
|
||||
private static final String EXPRESSION_HANDLER_ID = "_webExpressionHandler";
|
||||
|
||||
|
@ -172,7 +172,7 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
|
|||
fidsBuilder.addConstructorArgReference(expressionHandlerRef);
|
||||
voters = new Class[] {WebExpressionVoter.class};
|
||||
} else {
|
||||
fidsBuilder = BeanDefinitionBuilder.rootBeanDefinition(DefaultFilterInvocationDefinitionSource.class);
|
||||
fidsBuilder = BeanDefinitionBuilder.rootBeanDefinition(DefaultFilterInvocationSecurityMetadataSource.class);
|
||||
fidsBuilder.addConstructorArgValue(matcher);
|
||||
fidsBuilder.addConstructorArgValue(requestToAttributesMap);
|
||||
voters = new Class[] {RoleVoter.class, AuthenticatedVoter.class};
|
||||
|
@ -359,7 +359,7 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
|
|||
builder.addPropertyValue("observeOncePerRequest", Boolean.FALSE);
|
||||
}
|
||||
|
||||
builder.addPropertyValue("objectDefinitionSource", fids);
|
||||
builder.addPropertyValue("securityMetadataSource", fids);
|
||||
pc.getRegistry().registerBeanDefinition(BeanIds.FILTER_SECURITY_INTERCEPTOR, builder.getBeanDefinition());
|
||||
ConfigUtils.addHttpFilter(pc, new RuntimeBeanReference(BeanIds.FILTER_SECURITY_INTERCEPTOR));
|
||||
}
|
||||
|
@ -369,11 +369,11 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
|
|||
RootBeanDefinition channelFilter = new RootBeanDefinition(ChannelProcessingFilter.class);
|
||||
channelFilter.getPropertyValues().addPropertyValue("channelDecisionManager",
|
||||
new RuntimeBeanReference(BeanIds.CHANNEL_DECISION_MANAGER));
|
||||
DefaultFilterInvocationDefinitionSource channelFilterInvDefSource =
|
||||
new DefaultFilterInvocationDefinitionSource(matcher, channelRequestMap);
|
||||
DefaultFilterInvocationSecurityMetadataSource channelFilterInvDefSource =
|
||||
new DefaultFilterInvocationSecurityMetadataSource(matcher, channelRequestMap);
|
||||
channelFilterInvDefSource.setStripQueryStringFromUrls(matcher instanceof AntUrlPathMatcher);
|
||||
|
||||
channelFilter.getPropertyValues().addPropertyValue("filterInvocationDefinitionSource",
|
||||
channelFilter.getPropertyValues().addPropertyValue("filterInvocationSecurityMetadataSource",
|
||||
channelFilterInvDefSource);
|
||||
RootBeanDefinition channelDecisionManager = new RootBeanDefinition(ChannelDecisionManagerImpl.class);
|
||||
ManagedList channelProcessors = new ManagedList(3);
|
||||
|
@ -639,7 +639,7 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
|
|||
}
|
||||
|
||||
/**
|
||||
* Parses the filter invocation map which will be used to configure the FilterInvocationDefinitionSource
|
||||
* Parses the filter invocation map which will be used to configure the FilterInvocationSecurityMetadataSource
|
||||
* used in the security interceptor.
|
||||
*/
|
||||
static LinkedHashMap<RequestKey, List<ConfigAttribute>>
|
||||
|
@ -677,7 +677,7 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
|
|||
if (useExpressions) {
|
||||
logger.info("Creating access control expression attribute '" + access + "' for " + key);
|
||||
attributes = new ArrayList<ConfigAttribute>(1);
|
||||
// The expression will be parsed later by the ExpressionFilterInvocationDefinitionSource
|
||||
// The expression will be parsed later by the ExpressionFilterInvocationSecurityMetadataSource
|
||||
attributes.add(new SecurityConfig(access));
|
||||
|
||||
} else {
|
||||
|
|
|
@ -80,11 +80,11 @@ class InternalInterceptMethodsBeanDefinitionDecorator extends AbstractIntercepto
|
|||
}
|
||||
}
|
||||
|
||||
// Rely on the default property editor for MethodSecurityInterceptor.setObjectDefinitionSource to setup the MethodDefinitionSource
|
||||
// Rely on the default property editor for MethodSecurityInterceptor.setSecurityMetadataSource to setup the MethodSecurityMetadataSource
|
||||
sb.append(methodName + "=" + accessConfig).append("\r\n");
|
||||
}
|
||||
|
||||
interceptor.addPropertyValue("objectDefinitionSource", sb.toString());
|
||||
interceptor.addPropertyValue("securityMetadataSource", sb.toString());
|
||||
|
||||
return interceptor.getBeanDefinition();
|
||||
}
|
||||
|
|
|
@ -23,7 +23,7 @@ public class SecurityNamespaceHandler extends NamespaceHandlerSupport {
|
|||
registerBeanDefinitionParser(Elements.AUTHENTICATION_PROVIDER, new AuthenticationProviderBeanDefinitionParser());
|
||||
registerBeanDefinitionParser(Elements.GLOBAL_METHOD_SECURITY, new GlobalMethodSecurityBeanDefinitionParser());
|
||||
registerBeanDefinitionParser(Elements.AUTHENTICATION_MANAGER, new AuthenticationManagerBeanDefinitionParser());
|
||||
registerBeanDefinitionParser(Elements.FILTER_INVOCATION_DEFINITION_SOURCE, new FilterInvocationDefinitionSourceBeanDefinitionParser());
|
||||
registerBeanDefinitionParser(Elements.FILTER_INVOCATION_DEFINITION_SOURCE, new FilterInvocationSecurityMetadataSourceBeanDefinitionParser());
|
||||
|
||||
// Decorators
|
||||
registerBeanDefinitionDecorator(Elements.INTERCEPT_METHODS, new InterceptMethodsBeanDefinitionDecorator());
|
||||
|
|
|
@ -18,11 +18,11 @@ import org.springframework.security.expression.annotation.PostAuthorize;
|
|||
import org.springframework.security.expression.annotation.PostFilter;
|
||||
import org.springframework.security.expression.annotation.PreAuthorize;
|
||||
import org.springframework.security.expression.annotation.PreFilter;
|
||||
import org.springframework.security.intercept.method.AbstractMethodDefinitionSource;
|
||||
import org.springframework.security.intercept.method.AbstractMethodSecurityMetadataSource;
|
||||
import org.springframework.util.ClassUtils;
|
||||
|
||||
/**
|
||||
* MethodDefinitionSource which extracts metadata from the @PreFilter and @PreAuthorize annotations
|
||||
* <tt>MethodSecurityMetadataSource</tt> which extracts metadata from the @PreFilter and @PreAuthorize annotations
|
||||
* placed on a method. The metadata is encapsulated in a {@link AbstractExpressionBasedMethodConfigAttribute} instance.
|
||||
* <p>
|
||||
* Annotations may be specified on classes or methods, and method-specific annotations will take precedence.
|
||||
|
@ -38,10 +38,10 @@ import org.springframework.util.ClassUtils;
|
|||
* @since 2.5
|
||||
* @version $Id$
|
||||
*/
|
||||
public class ExpressionAnnotationMethodDefinitionSource extends AbstractMethodDefinitionSource {
|
||||
public class ExpressionAnnotationMethodSecurityMetadataSource extends AbstractMethodSecurityMetadataSource {
|
||||
private ExpressionParser parser;
|
||||
|
||||
public ExpressionAnnotationMethodDefinitionSource() {
|
||||
public ExpressionAnnotationMethodSecurityMetadataSource() {
|
||||
parser = new SpelAntlrExpressionParser();
|
||||
}
|
||||
|
||||
|
@ -49,7 +49,7 @@ public class ExpressionAnnotationMethodDefinitionSource extends AbstractMethodDe
|
|||
* Constructor which obtains the expression parser from the {@link SecurityExpressionHandler#getExpressionParser() }
|
||||
* method on the supplied <tt>SecurityExpressionHandler</tt>.
|
||||
*/
|
||||
public ExpressionAnnotationMethodDefinitionSource(SecurityExpressionHandler handler) {
|
||||
public ExpressionAnnotationMethodSecurityMetadataSource(SecurityExpressionHandler handler) {
|
||||
parser = handler.getExpressionParser();
|
||||
}
|
||||
|
||||
|
@ -76,7 +76,7 @@ public class ExpressionAnnotationMethodDefinitionSource extends AbstractMethodDe
|
|||
}
|
||||
|
||||
/**
|
||||
* See {@link org.springframework.security.intercept.method.AbstractFallbackMethodDefinitionSource#getAttributes(Method, Class)}
|
||||
* See {@link org.springframework.security.intercept.method.AbstractFallbackMethodSecurityMetadataSource#getAttributes(Method, Class)}
|
||||
* for the logic of this method. The ordering here is slightly different in that we consider method-specific
|
||||
* annotations on an interface before class-level ones.
|
||||
*/
|
|
@ -11,22 +11,22 @@ import org.springframework.expression.ExpressionParser;
|
|||
import org.springframework.expression.ParseException;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.expression.SecurityExpressionHandler;
|
||||
import org.springframework.security.intercept.web.DefaultFilterInvocationDefinitionSource;
|
||||
import org.springframework.security.intercept.web.DefaultFilterInvocationSecurityMetadataSource;
|
||||
import org.springframework.security.intercept.web.RequestKey;
|
||||
import org.springframework.security.util.UrlMatcher;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
/**
|
||||
* Expression-based <tt>FilterInvocationDefinitionSource</tt>.
|
||||
* Expression-based <tt>FilterInvocationSecurityMetadataSource</tt>.
|
||||
*
|
||||
* @author Luke Taylor
|
||||
* @version $Id$
|
||||
* @since 2.5
|
||||
*/
|
||||
public final class ExpressionBasedFilterInvocationDefinitionSource extends DefaultFilterInvocationDefinitionSource {
|
||||
private final static Log logger = LogFactory.getLog(ExpressionBasedFilterInvocationDefinitionSource.class);
|
||||
public final class ExpressionBasedFilterInvocationSecurityMetadataSource extends DefaultFilterInvocationSecurityMetadataSource {
|
||||
private final static Log logger = LogFactory.getLog(ExpressionBasedFilterInvocationSecurityMetadataSource.class);
|
||||
|
||||
public ExpressionBasedFilterInvocationDefinitionSource(UrlMatcher urlMatcher,
|
||||
public ExpressionBasedFilterInvocationSecurityMetadataSource(UrlMatcher urlMatcher,
|
||||
LinkedHashMap<RequestKey, List<ConfigAttribute>> requestMap, SecurityExpressionHandler expressionHandler) {
|
||||
super(urlMatcher, processMap(requestMap, expressionHandler.getExpressionParser()));
|
||||
Assert.notNull(expressionHandler, "A non-null SecurityExpressionHandler is required");
|
|
@ -54,7 +54,7 @@ import org.springframework.util.Assert;
|
|||
* <ol>
|
||||
* <li>Obtain the {@link Authentication} object from the {@link SecurityContextHolder}.</li>
|
||||
* <li>Determine if the request relates to a secured or public invocation by looking up the secure object request
|
||||
* against the {@link ObjectDefinitionSource}.</li>
|
||||
* against the {@link SecurityMetadataSource}.</li>
|
||||
* <li>For an invocation that is secured (there is a list of <code>ConfigAttribute</code>s for the secure
|
||||
* object invocation):
|
||||
* <ol type="a">
|
||||
|
@ -122,9 +122,9 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
|
|||
Assert.notNull(this.authenticationManager, "An AuthenticationManager is required");
|
||||
Assert.notNull(this.accessDecisionManager, "An AccessDecisionManager is required");
|
||||
Assert.notNull(this.runAsManager, "A RunAsManager is required");
|
||||
Assert.notNull(this.obtainObjectDefinitionSource(), "An ObjectDefinitionSource is required");
|
||||
Assert.isTrue(this.obtainObjectDefinitionSource().supports(getSecureObjectClass()),
|
||||
"ObjectDefinitionSource does not support secure object class: " + getSecureObjectClass());
|
||||
Assert.notNull(this.obtainSecurityMetadataSource(), "An SecurityMetadataSource is required");
|
||||
Assert.isTrue(this.obtainSecurityMetadataSource().supports(getSecureObjectClass()),
|
||||
"SecurityMetadataSource does not support secure object class: " + getSecureObjectClass());
|
||||
Assert.isTrue(this.runAsManager.supports(getSecureObjectClass()),
|
||||
"RunAsManager does not support secure object class: " + getSecureObjectClass());
|
||||
Assert.isTrue(this.accessDecisionManager.supports(getSecureObjectClass()),
|
||||
|
@ -136,10 +136,10 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
|
|||
}
|
||||
|
||||
if (this.validateConfigAttributes) {
|
||||
Collection<ConfigAttribute> attributeDefs = this.obtainObjectDefinitionSource().getAllConfigAttributes();
|
||||
Collection<ConfigAttribute> attributeDefs = this.obtainSecurityMetadataSource().getAllConfigAttributes();
|
||||
|
||||
if (attributeDefs == null) {
|
||||
logger.warn("Could not validate configuration attributes as the ObjectDefinitionSource did not return "
|
||||
logger.warn("Could not validate configuration attributes as the SecurityMetadataSource did not return "
|
||||
+ "any attributes from getAllConfigAttributes()");
|
||||
return;
|
||||
}
|
||||
|
@ -171,7 +171,7 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
|
|||
+ getSecureObjectClass());
|
||||
}
|
||||
|
||||
List<ConfigAttribute> attributes = this.obtainObjectDefinitionSource().getAttributes(object);
|
||||
List<ConfigAttribute> attributes = this.obtainSecurityMetadataSource().getAttributes(object);
|
||||
|
||||
if (attributes == null) {
|
||||
if (rejectPublicInvocations) {
|
||||
|
@ -371,7 +371,7 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
|
|||
return validateConfigAttributes;
|
||||
}
|
||||
|
||||
public abstract ObjectDefinitionSource obtainObjectDefinitionSource();
|
||||
public abstract SecurityMetadataSource obtainSecurityMetadataSource();
|
||||
|
||||
public void setAccessDecisionManager(AccessDecisionManager accessDecisionManager) {
|
||||
this.accessDecisionManager = accessDecisionManager;
|
||||
|
|
|
@ -28,7 +28,7 @@ import org.springframework.security.ConfigAttribute;
|
|||
* @author Ben Alex
|
||||
* @version $Id$
|
||||
*/
|
||||
public interface ObjectDefinitionSource {
|
||||
public interface SecurityMetadataSource {
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
/**
|
||||
|
@ -41,7 +41,7 @@ public interface ObjectDefinitionSource {
|
|||
* @return the attributes that apply to the passed in secured object or null if there are no applicable attributes.
|
||||
*
|
||||
* @throws IllegalArgumentException if the passed object is not of a type supported by the
|
||||
* <code>ObjectDefinitionSource</code> implementation
|
||||
* <code>SecurityMetadataSource</code> implementation
|
||||
*/
|
||||
List<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException;
|
||||
|
||||
|
@ -56,7 +56,7 @@ public interface ObjectDefinitionSource {
|
|||
Collection<ConfigAttribute> getAllConfigAttributes();
|
||||
|
||||
/**
|
||||
* Indicates whether the <code>ObjectDefinitionSource</code> implementation is able to provide
|
||||
* Indicates whether the <code>SecurityMetadataSource</code> implementation is able to provide
|
||||
* <code>ConfigAttribute</code>s for the indicated secure object type.
|
||||
*
|
||||
* @param clazz the class that is being queried
|
|
@ -7,25 +7,25 @@ import org.springframework.security.ConfigAttribute;
|
|||
import org.springframework.util.ClassUtils;
|
||||
|
||||
/**
|
||||
* Abstract implementation of {@link MethodDefinitionSource} that supports both Spring AOP and AspectJ and
|
||||
* Abstract implementation of {@link MethodSecurityMetadataSource} that supports both Spring AOP and AspectJ and
|
||||
* performs attribute resolution from: 1. specific target method; 2. target class; 3. declaring method;
|
||||
* 4. declaring class/interface. Use with {@link DelegatingMethodDefinitionSource} for caching support.
|
||||
* 4. declaring class/interface. Use with {@link DelegatingMethodSecurityMetadataSource} for caching support.
|
||||
* <p>
|
||||
* This class mimics the behaviour of Spring's AbstractFallbackTransactionAttributeSource class.
|
||||
* This class mimics the behaviour of Spring's <tt>AbstractFallbackTransactionAttributeSource</tt> class.
|
||||
* <p>
|
||||
* Note that this class cannot extract security metadata where that metadata is expressed by way of
|
||||
* a target method/class (i.e. #1 and #2 above) AND the target method/class is encapsulated in another
|
||||
* proxy object. Spring Security does not walk a proxy chain to locate the concrete/final target object.
|
||||
* Consider making Spring Security your final advisor (so it advises the final target, as opposed to
|
||||
* another proxy), move the metadata to declared methods or interfaces the proxy implements, or provide
|
||||
* your own replacement <tt>MethodDefinitionSource</tt>.
|
||||
* your own replacement <tt>MethodSecurityMetadataSource</tt>.
|
||||
*
|
||||
* @author Ben Alex
|
||||
* @author Luke taylor
|
||||
* @version $Id$
|
||||
* @since 2.0
|
||||
*/
|
||||
public abstract class AbstractFallbackMethodDefinitionSource extends AbstractMethodDefinitionSource {
|
||||
public abstract class AbstractFallbackMethodSecurityMetadataSource extends AbstractMethodSecurityMetadataSource {
|
||||
|
||||
public List<ConfigAttribute> getAttributes(Method method, Class<?> targetClass) {
|
||||
// The method may be on an interface, but we need attributes from the target class.
|
|
@ -33,14 +33,14 @@ import java.util.List;
|
|||
|
||||
|
||||
/**
|
||||
* Abstract implementation of <tt>MethodDefinitionSource</tt> which resolves the secured object type to
|
||||
* Abstract implementation of <tt>MethodSecurityMetadataSource</tt> which resolves the secured object type to
|
||||
* either a MethodInvocation or a JoinPoint.
|
||||
*
|
||||
* @author Ben Alex
|
||||
* @author Luke Taylor
|
||||
* @version $Id$
|
||||
*/
|
||||
public abstract class AbstractMethodDefinitionSource implements MethodDefinitionSource {
|
||||
public abstract class AbstractMethodSecurityMetadataSource implements MethodSecurityMetadataSource {
|
||||
|
||||
protected final Log logger = LogFactory.getLog(getClass());
|
||||
|
|
@ -22,17 +22,17 @@ import org.springframework.util.ObjectUtils;
|
|||
* @author Luke Taylor
|
||||
* @version $Id$
|
||||
*/
|
||||
public final class DelegatingMethodDefinitionSource extends AbstractMethodDefinitionSource implements InitializingBean {
|
||||
public final class DelegatingMethodSecurityMetadataSource extends AbstractMethodSecurityMetadataSource implements InitializingBean {
|
||||
private final static List<ConfigAttribute> NULL_CONFIG_ATTRIBUTE = Collections.emptyList();
|
||||
|
||||
private List<MethodDefinitionSource> methodDefinitionSources;
|
||||
private List<MethodSecurityMetadataSource> methodSecurityMetadataSources;
|
||||
private final Map<DefaultCacheKey, List<ConfigAttribute>> attributeCache =
|
||||
new HashMap<DefaultCacheKey, List<ConfigAttribute>>();
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
public void afterPropertiesSet() throws Exception {
|
||||
Assert.notNull(methodDefinitionSources, "A list of MethodDefinitionSources is required");
|
||||
Assert.notNull(methodSecurityMetadataSources, "A list of MethodSecurityMetadataSources is required");
|
||||
}
|
||||
|
||||
public List<ConfigAttribute> getAttributes(Method method, Class<?> targetClass) {
|
||||
|
@ -50,7 +50,7 @@ public final class DelegatingMethodDefinitionSource extends AbstractMethodDefini
|
|||
|
||||
// No cached value, so query the sources to find a result
|
||||
List<ConfigAttribute> attributes = null;
|
||||
for (MethodDefinitionSource s : methodDefinitionSources) {
|
||||
for (MethodSecurityMetadataSource s : methodSecurityMetadataSources) {
|
||||
attributes = s.getAttributes(method, targetClass);
|
||||
if (attributes != null) {
|
||||
break;
|
||||
|
@ -75,7 +75,7 @@ public final class DelegatingMethodDefinitionSource extends AbstractMethodDefini
|
|||
|
||||
public Collection<ConfigAttribute> getAllConfigAttributes() {
|
||||
Set<ConfigAttribute> set = new HashSet<ConfigAttribute>();
|
||||
for (MethodDefinitionSource s : methodDefinitionSources) {
|
||||
for (MethodSecurityMetadataSource s : methodSecurityMetadataSources) {
|
||||
Collection<ConfigAttribute> attrs = s.getAllConfigAttributes();
|
||||
if (attrs != null) {
|
||||
set.addAll(attrs);
|
||||
|
@ -85,8 +85,8 @@ public final class DelegatingMethodDefinitionSource extends AbstractMethodDefini
|
|||
}
|
||||
|
||||
@SuppressWarnings("unchecked")
|
||||
public void setMethodDefinitionSources(List methodDefinitionSources) {
|
||||
this.methodDefinitionSources = methodDefinitionSources;
|
||||
public void setMethodSecurityMetadataSources(List methodSecurityMetadataSources) {
|
||||
this.methodSecurityMetadataSources = methodSecurityMetadataSources;
|
||||
}
|
||||
|
||||
//~ Inner Classes ==================================================================================================
|
|
@ -34,7 +34,7 @@ import org.springframework.util.ClassUtils;
|
|||
* Stores a list of <tt>ConfigAttribute</tt>s for a method or class signature.
|
||||
*
|
||||
* <p>
|
||||
* This class is the preferred implementation of {@link MethodDefinitionSource} for XML-based
|
||||
* This class is the preferred implementation of {@link MethodSecurityMetadataSource} for XML-based
|
||||
* definition of method security metadata. To assist in XML-based definition, wildcard support
|
||||
* is provided.
|
||||
* </p>
|
||||
|
@ -43,7 +43,7 @@ import org.springframework.util.ClassUtils;
|
|||
* @version $Id$
|
||||
* @since 2.0
|
||||
*/
|
||||
public class MapBasedMethodDefinitionSource extends AbstractFallbackMethodDefinitionSource implements BeanClassLoaderAware {
|
||||
public class MapBasedMethodSecurityMetadataSource extends AbstractFallbackMethodSecurityMetadataSource implements BeanClassLoaderAware {
|
||||
|
||||
//~ Instance fields ================================================================================================
|
||||
private ClassLoader beanClassLoader = ClassUtils.getDefaultClassLoader();
|
||||
|
@ -56,14 +56,14 @@ public class MapBasedMethodDefinitionSource extends AbstractFallbackMethodDefini
|
|||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
public MapBasedMethodDefinitionSource() {
|
||||
public MapBasedMethodSecurityMetadataSource() {
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates the MapBasedMethodDefinitionSource from a
|
||||
* Creates the <tt>MapBasedMethodSecurityMetadataSource</tt> from a
|
||||
* @param methodMap map of method names to <tt>ConfigAttribute</tt>s.
|
||||
*/
|
||||
public MapBasedMethodDefinitionSource(Map<String, List<ConfigAttribute>> methodMap) {
|
||||
public MapBasedMethodSecurityMetadataSource(Map<String, List<ConfigAttribute>> methodMap) {
|
||||
for (Map.Entry<String, List<ConfigAttribute>> entry : methodMap.entrySet()) {
|
||||
addSecureMethod(entry.getKey(), entry.getValue());
|
||||
}
|
|
@ -59,7 +59,7 @@ public class MethodInvocationPrivilegeEvaluator implements InitializingBean {
|
|||
Assert.notNull(mi, "MethodInvocation required");
|
||||
Assert.notNull(mi.getMethod(), "MethodInvocation must provide a non-null getMethod()");
|
||||
|
||||
List<ConfigAttribute> attrs = securityInterceptor.obtainObjectDefinitionSource().getAttributes(mi);
|
||||
List<ConfigAttribute> attrs = securityInterceptor.obtainSecurityMetadataSource().getAttributes(mi);
|
||||
|
||||
if (attrs == null) {
|
||||
if (securityInterceptor.isRejectPublicInvocations()) {
|
||||
|
|
|
@ -19,16 +19,16 @@ import java.lang.reflect.Method;
|
|||
import java.util.List;
|
||||
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.intercept.ObjectDefinitionSource;
|
||||
import org.springframework.security.intercept.SecurityMetadataSource;
|
||||
|
||||
|
||||
/**
|
||||
* Interface for <code>ObjectDefinitionSource</code> implementations
|
||||
* Interface for <code>SecurityMetadataSource</code> implementations
|
||||
* that are designed to perform lookups keyed on <code>Method</code>s.
|
||||
*
|
||||
* @author Ben Alex
|
||||
* @version $Id$
|
||||
*/
|
||||
public interface MethodDefinitionSource extends ObjectDefinitionSource {
|
||||
public interface MethodSecurityMetadataSource extends SecurityMetadataSource {
|
||||
public List<ConfigAttribute> getAttributes(Method method, Class<?> targetClass);
|
||||
}
|
|
@ -30,21 +30,21 @@ import org.springframework.util.StringUtils;
|
|||
|
||||
|
||||
/**
|
||||
* Property editor to assist with the setup of a {@link MethodDefinitionSource}.
|
||||
* Property editor to assist with the setup of a {@link MethodSecurityMetadataSource}.
|
||||
* <p>
|
||||
* The class creates and populates a {@link MapBasedMethodDefinitionSource}.
|
||||
* The class creates and populates a {@link MapBasedMethodSecurityMetadataSource}.
|
||||
*
|
||||
* @author Ben Alex
|
||||
* @deprecated use method annotations or the protect-pointcut support from the namespace
|
||||
* @version $Id$
|
||||
*/
|
||||
public class MethodDefinitionSourceEditor extends PropertyEditorSupport {
|
||||
public class MethodSecurityMetadataSourceEditor extends PropertyEditorSupport {
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
@SuppressWarnings("unchecked")
|
||||
public void setAsText(String s) throws IllegalArgumentException {
|
||||
if ((s == null) || "".equals(s)) {
|
||||
setValue(new MapBasedMethodDefinitionSource());
|
||||
setValue(new MapBasedMethodSecurityMetadataSource());
|
||||
return;
|
||||
}
|
||||
|
||||
|
@ -71,6 +71,6 @@ public class MethodDefinitionSourceEditor extends PropertyEditorSupport {
|
|||
mappings.put(name, attributes);
|
||||
}
|
||||
|
||||
setValue(new MapBasedMethodDefinitionSource(mappings));
|
||||
setValue(new MapBasedMethodSecurityMetadataSource(mappings));
|
||||
}
|
||||
}
|
|
@ -15,19 +15,19 @@ import org.aspectj.weaver.tools.PointcutPrimitive;
|
|||
import org.springframework.beans.BeansException;
|
||||
import org.springframework.beans.factory.config.BeanPostProcessor;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.intercept.method.aopalliance.MethodDefinitionSourceAdvisor;
|
||||
import org.springframework.security.intercept.method.aopalliance.MethodSecurityMetadataSourceAdvisor;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.util.StringUtils;
|
||||
|
||||
/**
|
||||
* Parses AspectJ pointcut expressions, registering methods that match the pointcut with a
|
||||
* traditional {@link MapBasedMethodDefinitionSource}.
|
||||
* traditional {@link MapBasedMethodSecurityMetadataSource}.
|
||||
*
|
||||
* <p>
|
||||
* This class provides a convenient way of declaring a list of pointcuts, and then
|
||||
* having every method of every bean defined in the Spring application context compared with
|
||||
* those pointcuts. Where a match is found, the matching method will be registered with the
|
||||
* {@link MapBasedMethodDefinitionSource}.
|
||||
* {@link MapBasedMethodSecurityMetadataSource}.
|
||||
* <p>
|
||||
* It is very important to understand that only the <b>first</b> pointcut that matches a given
|
||||
* method will be taken as authoritative for that method. This is why pointcuts should be provided
|
||||
|
@ -36,8 +36,8 @@ import org.springframework.util.StringUtils;
|
|||
* Note also that only beans defined in the Spring application context will be examined by this
|
||||
* class.
|
||||
* <p>
|
||||
* Because this class registers method security metadata with {@link MapBasedMethodDefinitionSource},
|
||||
* normal Spring Security capabilities such as {@link MethodDefinitionSourceAdvisor} can be used.
|
||||
* Because this class registers method security metadata with {@link MapBasedMethodSecurityMetadataSource},
|
||||
* normal Spring Security capabilities such as {@link MethodSecurityMetadataSourceAdvisor} can be used.
|
||||
* It does not matter the fact the method metadata was originally obtained from an AspectJ pointcut
|
||||
* expression evaluation.
|
||||
*
|
||||
|
@ -51,12 +51,12 @@ public final class ProtectPointcutPostProcessor implements BeanPostProcessor {
|
|||
private static final Log logger = LogFactory.getLog(ProtectPointcutPostProcessor.class);
|
||||
|
||||
private Map<String,List<ConfigAttribute>> pointcutMap = new LinkedHashMap<String,List<ConfigAttribute>>();
|
||||
private MapBasedMethodDefinitionSource mapBasedMethodDefinitionSource;
|
||||
private MapBasedMethodSecurityMetadataSource mapBasedMethodSecurityMetadataSource;
|
||||
private PointcutParser parser;
|
||||
|
||||
public ProtectPointcutPostProcessor(MapBasedMethodDefinitionSource mapBasedMethodDefinitionSource) {
|
||||
Assert.notNull(mapBasedMethodDefinitionSource, "MapBasedMethodDefinitionSource to populate is required");
|
||||
this.mapBasedMethodDefinitionSource = mapBasedMethodDefinitionSource;
|
||||
public ProtectPointcutPostProcessor(MapBasedMethodSecurityMetadataSource mapBasedMethodSecurityMetadataSource) {
|
||||
Assert.notNull(mapBasedMethodSecurityMetadataSource, "MapBasedMethodSecurityMetadataSource to populate is required");
|
||||
this.mapBasedMethodSecurityMetadataSource = mapBasedMethodSecurityMetadataSource;
|
||||
|
||||
// Set up AspectJ pointcut expression parser
|
||||
Set<PointcutPrimitive> supportedPrimitives = new HashSet<PointcutPrimitive>(3);
|
||||
|
@ -115,7 +115,7 @@ public final class ProtectPointcutPostProcessor implements BeanPostProcessor {
|
|||
logger.debug("AspectJ pointcut expression '" + expression.getPointcutExpression() + "' matches target class '" + targetClass.getName() + "' (bean ID '" + beanName + "') for method '" + method + "'; registering security configuration attribute '" + attr + "'");
|
||||
}
|
||||
|
||||
mapBasedMethodDefinitionSource.addSecureMethod(targetClass, method, attr);
|
||||
mapBasedMethodSecurityMetadataSource.addSecureMethod(targetClass, method, attr);
|
||||
}
|
||||
|
||||
return matches;
|
||||
|
|
|
@ -17,8 +17,8 @@ package org.springframework.security.intercept.method.aopalliance;
|
|||
|
||||
import org.springframework.security.intercept.AbstractSecurityInterceptor;
|
||||
import org.springframework.security.intercept.InterceptorStatusToken;
|
||||
import org.springframework.security.intercept.ObjectDefinitionSource;
|
||||
import org.springframework.security.intercept.method.MethodDefinitionSource;
|
||||
import org.springframework.security.intercept.SecurityMetadataSource;
|
||||
import org.springframework.security.intercept.method.MethodSecurityMetadataSource;
|
||||
|
||||
import org.aopalliance.intercept.MethodInterceptor;
|
||||
import org.aopalliance.intercept.MethodInvocation;
|
||||
|
@ -26,8 +26,8 @@ import org.aopalliance.intercept.MethodInvocation;
|
|||
|
||||
/**
|
||||
* Provides security interception of AOP Alliance based method invocations.<p>The
|
||||
* <code>ObjectDefinitionSource</code> required by this security interceptor is of type {@link
|
||||
* MethodDefinitionSource}. This is shared with the AspectJ based security interceptor
|
||||
* <code>SecurityMetadataSource</code> required by this security interceptor is of type {@link
|
||||
* MethodSecurityMetadataSource}. This is shared with the AspectJ based security interceptor
|
||||
* (<code>AspectJSecurityInterceptor</code>), since both work with Java <code>Method</code>s.</p>
|
||||
* <P>Refer to {@link AbstractSecurityInterceptor} for details on the workflow.</p>
|
||||
*
|
||||
|
@ -37,12 +37,12 @@ import org.aopalliance.intercept.MethodInvocation;
|
|||
public class MethodSecurityInterceptor extends AbstractSecurityInterceptor implements MethodInterceptor {
|
||||
//~ Instance fields ================================================================================================
|
||||
|
||||
private MethodDefinitionSource objectDefinitionSource;
|
||||
private MethodSecurityMetadataSource securityMetadataSource;
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
public MethodDefinitionSource getObjectDefinitionSource() {
|
||||
return this.objectDefinitionSource;
|
||||
public MethodSecurityMetadataSource getSecurityMetadataSource() {
|
||||
return this.securityMetadataSource;
|
||||
}
|
||||
|
||||
public Class<? extends Object> getSecureObjectClass() {
|
||||
|
@ -71,11 +71,11 @@ public class MethodSecurityInterceptor extends AbstractSecurityInterceptor imple
|
|||
return result;
|
||||
}
|
||||
|
||||
public ObjectDefinitionSource obtainObjectDefinitionSource() {
|
||||
return this.objectDefinitionSource;
|
||||
public SecurityMetadataSource obtainSecurityMetadataSource() {
|
||||
return this.securityMetadataSource;
|
||||
}
|
||||
|
||||
public void setObjectDefinitionSource(MethodDefinitionSource newSource) {
|
||||
this.objectDefinitionSource = newSource;
|
||||
public void setSecurityMetadataSource(MethodSecurityMetadataSource newSource) {
|
||||
this.securityMetadataSource = newSource;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -26,11 +26,11 @@ import org.springframework.aop.support.StaticMethodMatcherPointcut;
|
|||
import org.springframework.beans.BeansException;
|
||||
import org.springframework.beans.factory.BeanFactory;
|
||||
import org.springframework.beans.factory.BeanFactoryAware;
|
||||
import org.springframework.security.intercept.method.MethodDefinitionSource;
|
||||
import org.springframework.security.intercept.method.MethodSecurityMetadataSource;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
/**
|
||||
* Advisor driven by a {@link MethodDefinitionSource}, used to exclude a {@link MethodSecurityInterceptor} from
|
||||
* Advisor driven by a {@link MethodSecurityMetadataSource}, used to exclude a {@link MethodSecurityInterceptor} from
|
||||
* public (ie non-secure) methods.
|
||||
* <p>
|
||||
* Because the AOP framework caches advice calculations, this is normally faster than just letting the
|
||||
|
@ -47,12 +47,12 @@ import org.springframework.util.Assert;
|
|||
* @author Ben Alex
|
||||
* @version $Id$
|
||||
*/
|
||||
public class MethodDefinitionSourceAdvisor extends AbstractPointcutAdvisor implements BeanFactoryAware {
|
||||
public class MethodSecurityMetadataSourceAdvisor extends AbstractPointcutAdvisor implements BeanFactoryAware {
|
||||
//~ Instance fields ================================================================================================
|
||||
|
||||
private MethodDefinitionSource attributeSource;
|
||||
private MethodSecurityMetadataSource attributeSource;
|
||||
private MethodSecurityInterceptor interceptor;
|
||||
private Pointcut pointcut = new MethodDefinitionSourcePointcut();
|
||||
private Pointcut pointcut = new MethodSecurityMetadataSourcePointcut();
|
||||
private BeanFactory beanFactory;
|
||||
private String adviceBeanName;
|
||||
private final Object adviceMonitor = new Object();
|
||||
|
@ -62,12 +62,12 @@ public class MethodDefinitionSourceAdvisor extends AbstractPointcutAdvisor imple
|
|||
/**
|
||||
* @deprecated use the decoupled approach instead
|
||||
*/
|
||||
public MethodDefinitionSourceAdvisor(MethodSecurityInterceptor advice) {
|
||||
Assert.notNull(advice.getObjectDefinitionSource(), "Cannot construct a MethodDefinitionSourceAdvisor using a " +
|
||||
"MethodSecurityInterceptor that has no ObjectDefinitionSource configured");
|
||||
public MethodSecurityMetadataSourceAdvisor(MethodSecurityInterceptor advice) {
|
||||
Assert.notNull(advice.getSecurityMetadataSource(), "Cannot construct a MethodSecurityMetadataSourceAdvisor using a " +
|
||||
"MethodSecurityInterceptor that has no SecurityMetadataSource configured");
|
||||
|
||||
this.interceptor = advice;
|
||||
this.attributeSource = advice.getObjectDefinitionSource();
|
||||
this.attributeSource = advice.getSecurityMetadataSource();
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -82,7 +82,7 @@ public class MethodDefinitionSourceAdvisor extends AbstractPointcutAdvisor imple
|
|||
* @param adviceBeanName name of the MethodSecurityInterceptor bean
|
||||
* @param attributeSource the attribute source (should be the same as the one used on the interceptor)
|
||||
*/
|
||||
public MethodDefinitionSourceAdvisor(String adviceBeanName, MethodDefinitionSource attributeSource) {
|
||||
public MethodSecurityMetadataSourceAdvisor(String adviceBeanName, MethodSecurityMetadataSource attributeSource) {
|
||||
Assert.notNull(adviceBeanName, "The adviceBeanName cannot be null");
|
||||
Assert.notNull(attributeSource, "The attributeSource cannot be null");
|
||||
|
||||
|
@ -114,7 +114,7 @@ public class MethodDefinitionSourceAdvisor extends AbstractPointcutAdvisor imple
|
|||
|
||||
//~ Inner Classes ==================================================================================================
|
||||
|
||||
class MethodDefinitionSourcePointcut extends StaticMethodMatcherPointcut {
|
||||
class MethodSecurityMetadataSourcePointcut extends StaticMethodMatcherPointcut {
|
||||
@SuppressWarnings("unchecked")
|
||||
public boolean matches(Method m, Class targetClass) {
|
||||
return attributeSource.getAttributes(m, targetClass) != null;
|
||||
|
@ -124,7 +124,7 @@ public class MethodDefinitionSourceAdvisor extends AbstractPointcutAdvisor imple
|
|||
/**
|
||||
* Represents a <code>MethodInvocation</code>.
|
||||
* <p>
|
||||
* Required as <code>MethodDefinitionSource</code> only supports lookup of configuration attributes for
|
||||
* Required as <code>MethodSecurityMetadataSource</code> only supports lookup of configuration attributes for
|
||||
* <code>MethodInvocation</code>s.
|
||||
*/
|
||||
class InternalMethodInvocation implements MethodInvocation {
|
|
@ -2,8 +2,8 @@ package org.springframework.security.intercept.method.aspectj;
|
|||
|
||||
import org.springframework.security.intercept.AbstractSecurityInterceptor;
|
||||
import org.springframework.security.intercept.InterceptorStatusToken;
|
||||
import org.springframework.security.intercept.ObjectDefinitionSource;
|
||||
import org.springframework.security.intercept.method.MethodDefinitionSource;
|
||||
import org.springframework.security.intercept.SecurityMetadataSource;
|
||||
import org.springframework.security.intercept.method.MethodSecurityMetadataSource;
|
||||
|
||||
import org.aspectj.lang.JoinPoint;
|
||||
|
||||
|
@ -16,12 +16,12 @@ import org.aspectj.lang.JoinPoint;
|
|||
public class AspectJAnnotationSecurityInterceptor extends AbstractSecurityInterceptor {
|
||||
//~ Instance fields ================================================================================================
|
||||
|
||||
private MethodDefinitionSource objectDefinitionSource;
|
||||
private MethodSecurityMetadataSource securityMetadataSource;
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
public MethodDefinitionSource getObjectDefinitionSource() {
|
||||
return this.objectDefinitionSource;
|
||||
public MethodSecurityMetadataSource getSecurityMetadataSource() {
|
||||
return this.securityMetadataSource;
|
||||
}
|
||||
|
||||
public Class<? extends Object> getSecureObjectClass() {
|
||||
|
@ -50,12 +50,12 @@ public class AspectJAnnotationSecurityInterceptor extends AbstractSecurityInterc
|
|||
return result;
|
||||
}
|
||||
|
||||
public ObjectDefinitionSource obtainObjectDefinitionSource() {
|
||||
return this.objectDefinitionSource;
|
||||
public SecurityMetadataSource obtainSecurityMetadataSource() {
|
||||
return this.securityMetadataSource;
|
||||
}
|
||||
|
||||
public void setObjectDefinitionSource(MethodDefinitionSource newSource) {
|
||||
this.objectDefinitionSource = newSource;
|
||||
public void setSecurityMetadataSource(MethodSecurityMetadataSource newSource) {
|
||||
this.securityMetadataSource = newSource;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -17,8 +17,8 @@ package org.springframework.security.intercept.method.aspectj;
|
|||
|
||||
import org.springframework.security.intercept.AbstractSecurityInterceptor;
|
||||
import org.springframework.security.intercept.InterceptorStatusToken;
|
||||
import org.springframework.security.intercept.ObjectDefinitionSource;
|
||||
import org.springframework.security.intercept.method.MethodDefinitionSource;
|
||||
import org.springframework.security.intercept.SecurityMetadataSource;
|
||||
import org.springframework.security.intercept.method.MethodSecurityMetadataSource;
|
||||
|
||||
import org.aspectj.lang.JoinPoint;
|
||||
|
||||
|
@ -26,8 +26,8 @@ import org.aspectj.lang.JoinPoint;
|
|||
/**
|
||||
* Provides security interception of AspectJ method invocations.
|
||||
* <p>
|
||||
* The <code>ObjectDefinitionSource</code> required by this security interceptor is of type
|
||||
* {@link MethodDefinitionSource}. This is shared with the AOP Alliance based security interceptor
|
||||
* The <code>SecurityMetadataSource</code> required by this security interceptor is of type
|
||||
* {@link MethodSecurityMetadataSource}. This is shared with the AOP Alliance based security interceptor
|
||||
* (<code>MethodSecurityInterceptor</code>), since both work with Java <code>Method</code>s.
|
||||
* <p>
|
||||
* The secure object type is <code>org.aspectj.lang.JoinPoint</code>, which is passed from the relevant
|
||||
|
@ -42,7 +42,7 @@ import org.aspectj.lang.JoinPoint;
|
|||
public class AspectJSecurityInterceptor extends AbstractSecurityInterceptor {
|
||||
//~ Instance fields ================================================================================================
|
||||
|
||||
private MethodDefinitionSource objectDefinitionSource;
|
||||
private MethodSecurityMetadataSource securityMetadataSource;
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
|
@ -72,11 +72,11 @@ public class AspectJSecurityInterceptor extends AbstractSecurityInterceptor {
|
|||
return result;
|
||||
}
|
||||
|
||||
public ObjectDefinitionSource obtainObjectDefinitionSource() {
|
||||
return this.objectDefinitionSource;
|
||||
public SecurityMetadataSource obtainSecurityMetadataSource() {
|
||||
return this.securityMetadataSource;
|
||||
}
|
||||
|
||||
public void setObjectDefinitionSource(MethodDefinitionSource newSource) {
|
||||
this.objectDefinitionSource = newSource;
|
||||
public void setSecurityMetadataSource(MethodSecurityMetadataSource newSource) {
|
||||
this.securityMetadataSource = newSource;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -51,7 +51,7 @@ import org.springframework.security.util.UrlMatcher;
|
|||
* @author Luke Taylor
|
||||
* @version $Id$
|
||||
*/
|
||||
public class DefaultFilterInvocationDefinitionSource implements FilterInvocationDefinitionSource {
|
||||
public class DefaultFilterInvocationSecurityMetadataSource implements FilterInvocationSecurityMetadataSource {
|
||||
|
||||
private static final Set<String> HTTP_METHODS = new HashSet<String>(Arrays.asList("DELETE", "GET", "HEAD", "OPTIONS", "POST", "PUT", "TRACE"));
|
||||
|
||||
|
@ -76,7 +76,7 @@ public class DefaultFilterInvocationDefinitionSource implements FilterInvocation
|
|||
* @param urlMatcher typically an ant or regular expression matcher.
|
||||
* @param requestMap order-preserving map of request definitions to attribute lists
|
||||
*/
|
||||
public DefaultFilterInvocationDefinitionSource(UrlMatcher urlMatcher,
|
||||
public DefaultFilterInvocationSecurityMetadataSource(UrlMatcher urlMatcher,
|
||||
LinkedHashMap<RequestKey, List<ConfigAttribute>> requestMap) {
|
||||
this.urlMatcher = urlMatcher;
|
||||
|
|
@ -15,14 +15,14 @@
|
|||
|
||||
package org.springframework.security.intercept.web;
|
||||
|
||||
import org.springframework.security.intercept.ObjectDefinitionSource;
|
||||
import org.springframework.security.intercept.SecurityMetadataSource;
|
||||
|
||||
|
||||
/**
|
||||
* Marker interface for <code>ObjectDefinitionSource</code> implementations
|
||||
* Marker interface for <code>SecurityMetadataSource</code> implementations
|
||||
* that are designed to perform lookups keyed on {@link FilterInvocation}s.
|
||||
*
|
||||
* @author Ben Alex
|
||||
* @version $Id$
|
||||
*/
|
||||
public interface FilterInvocationDefinitionSource extends ObjectDefinitionSource {}
|
||||
public interface FilterInvocationSecurityMetadataSource extends SecurityMetadataSource {}
|
|
@ -17,7 +17,7 @@ package org.springframework.security.intercept.web;
|
|||
|
||||
import org.springframework.security.intercept.AbstractSecurityInterceptor;
|
||||
import org.springframework.security.intercept.InterceptorStatusToken;
|
||||
import org.springframework.security.intercept.ObjectDefinitionSource;
|
||||
import org.springframework.security.intercept.SecurityMetadataSource;
|
||||
import org.springframework.security.ui.FilterChainOrder;
|
||||
import org.springframework.core.Ordered;
|
||||
|
||||
|
@ -34,8 +34,8 @@ import javax.servlet.ServletResponse;
|
|||
/**
|
||||
* Performs security handling of HTTP resources via a filter implementation.
|
||||
* <p>
|
||||
* The <code>ObjectDefinitionSource</code> required by this security interceptor is of type {@link
|
||||
* FilterInvocationDefinitionSource}.
|
||||
* The <code>SecurityMetadataSource</code> required by this security interceptor is of type {@link
|
||||
* FilterInvocationSecurityMetadataSource}.
|
||||
* <p>
|
||||
* Refer to {@link AbstractSecurityInterceptor} for details on the workflow.</p>
|
||||
*
|
||||
|
@ -49,7 +49,7 @@ public class FilterSecurityInterceptor extends AbstractSecurityInterceptor imple
|
|||
|
||||
//~ Instance fields ================================================================================================
|
||||
|
||||
private FilterInvocationDefinitionSource objectDefinitionSource;
|
||||
private FilterInvocationSecurityMetadataSource securityMetadataSource;
|
||||
private boolean observeOncePerRequest = true;
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
@ -85,8 +85,8 @@ public class FilterSecurityInterceptor extends AbstractSecurityInterceptor imple
|
|||
invoke(fi);
|
||||
}
|
||||
|
||||
public FilterInvocationDefinitionSource getObjectDefinitionSource() {
|
||||
return this.objectDefinitionSource;
|
||||
public FilterInvocationSecurityMetadataSource getSecurityMetadataSource() {
|
||||
return this.securityMetadataSource;
|
||||
}
|
||||
|
||||
public Class<? extends Object> getSecureObjectClass() {
|
||||
|
@ -96,7 +96,7 @@ public class FilterSecurityInterceptor extends AbstractSecurityInterceptor imple
|
|||
public void invoke(FilterInvocation fi) throws IOException, ServletException {
|
||||
if ((fi.getRequest() != null) && (fi.getRequest().getAttribute(FILTER_APPLIED) != null)
|
||||
&& observeOncePerRequest) {
|
||||
// filter already applied to this request and user wants us to observce
|
||||
// filter already applied to this request and user wants us to observe
|
||||
// once-per-request handling, so don't re-do security checking
|
||||
fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
|
||||
} else {
|
||||
|
@ -129,12 +129,20 @@ public class FilterSecurityInterceptor extends AbstractSecurityInterceptor imple
|
|||
return observeOncePerRequest;
|
||||
}
|
||||
|
||||
public ObjectDefinitionSource obtainObjectDefinitionSource() {
|
||||
return this.objectDefinitionSource;
|
||||
public SecurityMetadataSource obtainSecurityMetadataSource() {
|
||||
return this.securityMetadataSource;
|
||||
}
|
||||
|
||||
public void setObjectDefinitionSource(FilterInvocationDefinitionSource newSource) {
|
||||
this.objectDefinitionSource = newSource;
|
||||
/**
|
||||
* @deprecated use setSecurityMetadataSource instead
|
||||
*/
|
||||
public void setObjectDefinitionSource(FilterInvocationSecurityMetadataSource newSource) {
|
||||
logger.warn("The property 'objectDefinitionSource' is deprecated. Please use 'securityMetadataSource' instead");
|
||||
this.securityMetadataSource = newSource;
|
||||
}
|
||||
|
||||
public void setSecurityMetadataSource(FilterInvocationSecurityMetadataSource newSource) {
|
||||
this.securityMetadataSource = newSource;
|
||||
}
|
||||
|
||||
public void setObserveOncePerRequest(boolean observeOncePerRequest) {
|
||||
|
|
|
@ -51,7 +51,7 @@ public class WebInvocationPrivilegeEvaluator implements InitializingBean {
|
|||
public boolean isAllowed(FilterInvocation fi, Authentication authentication) {
|
||||
Assert.notNull(fi, "FilterInvocation required");
|
||||
|
||||
List<ConfigAttribute> attrs = securityInterceptor.obtainObjectDefinitionSource().getAttributes(fi);
|
||||
List<ConfigAttribute> attrs = securityInterceptor.obtainSecurityMetadataSource().getAttributes(fi);
|
||||
|
||||
if (attrs == null) {
|
||||
if (securityInterceptor.isRejectPublicInvocations()) {
|
||||
|
|
|
@ -29,7 +29,7 @@ import javax.servlet.http.HttpServletResponse;
|
|||
import org.springframework.beans.factory.InitializingBean;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.intercept.web.FilterInvocation;
|
||||
import org.springframework.security.intercept.web.FilterInvocationDefinitionSource;
|
||||
import org.springframework.security.intercept.web.FilterInvocationSecurityMetadataSource;
|
||||
import org.springframework.security.ui.FilterChainOrder;
|
||||
import org.springframework.security.ui.SpringSecurityFilter;
|
||||
import org.springframework.util.Assert;
|
||||
|
@ -51,19 +51,19 @@ public class ChannelProcessingFilter extends SpringSecurityFilter implements Ini
|
|||
//~ Instance fields ================================================================================================
|
||||
|
||||
private ChannelDecisionManager channelDecisionManager;
|
||||
private FilterInvocationDefinitionSource filterInvocationDefinitionSource;
|
||||
private FilterInvocationSecurityMetadataSource filterInvocationSecurityMetadataSource;
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
public void afterPropertiesSet() throws Exception {
|
||||
Assert.notNull(filterInvocationDefinitionSource, "filterInvocationDefinitionSource must be specified");
|
||||
Assert.notNull(filterInvocationSecurityMetadataSource, "filterInvocationSecurityMetadataSource must be specified");
|
||||
Assert.notNull(channelDecisionManager, "channelDecisionManager must be specified");
|
||||
|
||||
Collection<ConfigAttribute> attrDefs = this.filterInvocationDefinitionSource.getAllConfigAttributes();
|
||||
Collection<ConfigAttribute> attrDefs = this.filterInvocationSecurityMetadataSource.getAllConfigAttributes();
|
||||
|
||||
if (attrDefs == null) {
|
||||
if (logger.isWarnEnabled()) {
|
||||
logger.warn("Could not validate configuration attributes as the FilterInvocationDefinitionSource did "
|
||||
logger.warn("Could not validate configuration attributes as the FilterInvocationSecurityMetadataSource did "
|
||||
+ "not return any attributes");
|
||||
}
|
||||
|
||||
|
@ -91,7 +91,7 @@ public class ChannelProcessingFilter extends SpringSecurityFilter implements Ini
|
|||
throws IOException, ServletException {
|
||||
|
||||
FilterInvocation fi = new FilterInvocation(request, response, chain);
|
||||
List<ConfigAttribute> attr = this.filterInvocationDefinitionSource.getAttributes(fi);
|
||||
List<ConfigAttribute> attr = this.filterInvocationSecurityMetadataSource.getAttributes(fi);
|
||||
|
||||
if (attr != null) {
|
||||
if (logger.isDebugEnabled()) {
|
||||
|
@ -112,16 +112,16 @@ public class ChannelProcessingFilter extends SpringSecurityFilter implements Ini
|
|||
return channelDecisionManager;
|
||||
}
|
||||
|
||||
public FilterInvocationDefinitionSource getFilterInvocationDefinitionSource() {
|
||||
return filterInvocationDefinitionSource;
|
||||
public FilterInvocationSecurityMetadataSource getFilterInvocationSecurityMetadataSource() {
|
||||
return filterInvocationSecurityMetadataSource;
|
||||
}
|
||||
|
||||
public void setChannelDecisionManager(ChannelDecisionManager channelDecisionManager) {
|
||||
this.channelDecisionManager = channelDecisionManager;
|
||||
}
|
||||
|
||||
public void setFilterInvocationDefinitionSource(FilterInvocationDefinitionSource filterInvocationDefinitionSource) {
|
||||
this.filterInvocationDefinitionSource = filterInvocationDefinitionSource;
|
||||
public void setFilterInvocationSecurityMetadataSource(FilterInvocationSecurityMetadataSource filterInvocationSecurityMetadataSource) {
|
||||
this.filterInvocationSecurityMetadataSource = filterInvocationSecurityMetadataSource;
|
||||
}
|
||||
|
||||
public int getOrder() {
|
||||
|
|
|
@ -35,7 +35,7 @@ import org.apache.commons.logging.Log;
|
|||
import org.apache.commons.logging.LogFactory;
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
import org.springframework.security.intercept.web.FilterInvocation;
|
||||
import org.springframework.security.intercept.web.FilterInvocationDefinitionSource;
|
||||
import org.springframework.security.intercept.web.FilterInvocationSecurityMetadataSource;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.web.filter.DelegatingFilterProxy;
|
||||
|
||||
|
@ -53,7 +53,7 @@ import org.springframework.web.filter.DelegatingFilterProxy;
|
|||
*
|
||||
* <p>As of version 2.0, <tt>FilterChainProxy</tt> is configured using an ordered Map of path patterns to <tt>List</tt>s
|
||||
* of <tt>Filter</tt> objects. In previous
|
||||
* versions, a {@link FilterInvocationDefinitionSource} was used. This is now deprecated in favour of namespace-based
|
||||
* versions, a {@link FilterInvocationSecurityMetadataSource} was used. This is now deprecated in favour of namespace-based
|
||||
* configuration which provides a more robust and simplfied syntax. The Map instance will normally be
|
||||
* created while parsing the namespace configuration, so doesn't have to be set explicitly.
|
||||
* Instead the <filter-chain-map> element should be used within the FilterChainProxy bean declaration.
|
||||
|
|
|
@ -16,6 +16,7 @@
|
|||
package org.springframework.security.util;
|
||||
|
||||
import org.springframework.security.intercept.web.FilterInvocation;
|
||||
import org.springframework.security.intercept.web.FilterInvocationSecurityMetadataSource;
|
||||
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
|
@ -48,18 +49,16 @@ public final class FilterInvocationUtils {
|
|||
|
||||
/**
|
||||
* Creates a <code>FilterInvocation</code> for the specified <code>contextPath</code> and <code>Uri</code>.
|
||||
* Note the normal subclasses of <code>DefaultFilterInvocationDefinitionSource</code> disregard the
|
||||
* Note the normal subclasses of <tt>DefaultFilterInvocationSecurityMetadataSource</tt> disregard the
|
||||
* <code>contextPath</code> when evaluating which secure object metadata applies to a given
|
||||
* <code>FilterInvocation</code>, so generally the <code>contextPath</code> is unimportant unless you are using a
|
||||
* custom <code>FilterInvocationDefinitionSource</code>.
|
||||
* custom <code>FilterInvocationSecurityMetadataSource</code>.
|
||||
*
|
||||
* @param contextPath the <code>contextPath</code> that will be contained within the
|
||||
* <code>FilterInvocation</code><code>HttpServletRequest</code>
|
||||
* @param uri the URI of the request, such as <code>/foo/default.jsp</code>
|
||||
*
|
||||
* @return a fully-formed <code>FilterInvocation</code> (never <code>null</code>)
|
||||
*
|
||||
* @throws UnsupportedOperationException DOCUMENT ME!
|
||||
*/
|
||||
public static FilterInvocation create(String contextPath, String uri) {
|
||||
Assert.hasText(contextPath, "contextPath required");
|
||||
|
@ -72,8 +71,7 @@ public final class FilterInvocationUtils {
|
|||
|
||||
FilterInvocation fi = new FilterInvocation(req, new MockHttpServletResponse(),
|
||||
new FilterChain() {
|
||||
public void doFilter(ServletRequest arg0, ServletResponse arg1)
|
||||
throws IOException, ServletException {
|
||||
public void doFilter(ServletRequest arg0, ServletResponse arg1) throws IOException, ServletException {
|
||||
throw new UnsupportedOperationException(
|
||||
"WebInvocationPrivilegeEvaluator does not support filter chains");
|
||||
}
|
||||
|
|
|
@ -19,7 +19,7 @@ import org.springframework.security.ConfigAttribute;
|
|||
* @version $Id$
|
||||
*/
|
||||
public class Jsr250MethodDefinitionSourceTests {
|
||||
Jsr250MethodDefinitionSource mds = new Jsr250MethodDefinitionSource();
|
||||
Jsr250MethodSecurityMetadataSource mds = new Jsr250MethodSecurityMetadataSource();
|
||||
A a = new A();
|
||||
UserAllowedClass userAllowed = new UserAllowedClass();
|
||||
DenyAllClass denyAll = new DenyAllClass();
|
||||
|
|
|
@ -26,8 +26,8 @@ import org.springframework.security.SecurityConfig;
|
|||
import org.springframework.security.annotation.test.Entity;
|
||||
import org.springframework.security.annotation.test.PersonServiceImpl;
|
||||
import org.springframework.security.annotation.test.Service;
|
||||
import org.springframework.security.intercept.method.MapBasedMethodDefinitionSource;
|
||||
import org.springframework.security.intercept.method.MethodDefinitionSourceEditor;
|
||||
import org.springframework.security.intercept.method.MapBasedMethodSecurityMetadataSource;
|
||||
import org.springframework.security.intercept.method.MethodSecurityMetadataSourceEditor;
|
||||
import org.springframework.security.intercept.method.MockMethodInvocation;
|
||||
|
||||
|
||||
|
@ -50,13 +50,13 @@ public class MethodDefinitionSourceEditorTigerTests {
|
|||
|
||||
@Test
|
||||
public void testConcreteClassInvocations() throws Exception {
|
||||
MethodDefinitionSourceEditor editor = new MethodDefinitionSourceEditor();
|
||||
MethodSecurityMetadataSourceEditor editor = new MethodSecurityMetadataSourceEditor();
|
||||
editor.setAsText(
|
||||
"org.springframework.security.annotation.test.Service.makeLower*=ROLE_FROM_INTERFACE\r\n" +
|
||||
"org.springframework.security.annotation.test.Service.makeUpper*=ROLE_FROM_INTERFACE\r\n" +
|
||||
"org.springframework.security.annotation.test.ServiceImpl.makeUpper*=ROLE_FROM_IMPLEMENTATION");
|
||||
|
||||
MapBasedMethodDefinitionSource map = (MapBasedMethodDefinitionSource) editor.getValue();
|
||||
MapBasedMethodSecurityMetadataSource map = (MapBasedMethodSecurityMetadataSource) editor.getValue();
|
||||
assertEquals(3, map.getMethodMapSize());
|
||||
|
||||
List<? extends ConfigAttribute> returnedMakeLower = map.getAttributes(makeLower);
|
||||
|
@ -70,13 +70,13 @@ public class MethodDefinitionSourceEditorTigerTests {
|
|||
|
||||
@Test
|
||||
public void testBridgeMethodResolution() throws Exception {
|
||||
MethodDefinitionSourceEditor editor = new MethodDefinitionSourceEditor();
|
||||
MethodSecurityMetadataSourceEditor editor = new MethodSecurityMetadataSourceEditor();
|
||||
editor.setAsText(
|
||||
"org.springframework.security.annotation.test.PersonService.makeUpper*=ROLE_FROM_INTERFACE\r\n" +
|
||||
"org.springframework.security.annotation.test.ServiceImpl.makeUpper*=ROLE_FROM_ABSTRACT\r\n" +
|
||||
"org.springframework.security.annotation.test.PersonServiceImpl.makeUpper*=ROLE_FROM_PSI");
|
||||
|
||||
MapBasedMethodDefinitionSource map = (MapBasedMethodDefinitionSource) editor.getValue();
|
||||
MapBasedMethodSecurityMetadataSource map = (MapBasedMethodSecurityMetadataSource) editor.getValue();
|
||||
assertEquals(3, map.getMethodMapSize());
|
||||
|
||||
List<? extends ConfigAttribute> returnedMakeUpper = map.getAttributes(makeUpper);
|
||||
|
|
|
@ -27,7 +27,7 @@ import org.springframework.util.StringUtils;
|
|||
|
||||
|
||||
/**
|
||||
* Tests for {@link org.springframework.security.annotation.SecuredMethodDefinitionSource}
|
||||
* Tests for {@link org.springframework.security.annotation.SecuredMethodSecurityMetadataSource}
|
||||
*
|
||||
* @author Mark St.Godard
|
||||
* @author Joe Scalise
|
||||
|
@ -37,7 +37,7 @@ import org.springframework.util.StringUtils;
|
|||
public class SecuredMethodDefinitionSourceTests extends TestCase {
|
||||
//~ Instance fields ================================================================================================
|
||||
|
||||
private SecuredMethodDefinitionSource mds = new SecuredMethodDefinitionSource();;
|
||||
private SecuredMethodSecurityMetadataSource mds = new SecuredMethodSecurityMetadataSource();;
|
||||
private Log logger = LogFactory.getLog(SecuredMethodDefinitionSourceTests.class);
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
|
|
@ -12,7 +12,7 @@ import org.springframework.mock.web.MockHttpServletRequest;
|
|||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.SecurityConfig;
|
||||
import org.springframework.security.intercept.web.DefaultFilterInvocationDefinitionSource;
|
||||
import org.springframework.security.intercept.web.DefaultFilterInvocationSecurityMetadataSource;
|
||||
import org.springframework.security.intercept.web.FilterInvocation;
|
||||
import org.springframework.security.util.InMemoryXmlApplicationContext;
|
||||
|
||||
|
@ -42,7 +42,7 @@ public class FilterInvocationDefinitionSourceParserTests {
|
|||
"<filter-invocation-definition-source id='fids'>" +
|
||||
" <intercept-url pattern='/**' access='ROLE_A'/>" +
|
||||
"</filter-invocation-definition-source>");
|
||||
DefaultFilterInvocationDefinitionSource fids = (DefaultFilterInvocationDefinitionSource) appContext.getBean("fids");
|
||||
DefaultFilterInvocationSecurityMetadataSource fids = (DefaultFilterInvocationSecurityMetadataSource) appContext.getBean("fids");
|
||||
List<? extends ConfigAttribute> cad = fids.getAttributes(createFilterInvocation("/anything", "GET"));
|
||||
assertNotNull(cad);
|
||||
assertTrue(cad.contains(new SecurityConfig("ROLE_A")));
|
||||
|
@ -53,7 +53,7 @@ public class FilterInvocationDefinitionSourceParserTests {
|
|||
setContext(
|
||||
"<http auto-config='true'/>" +
|
||||
"<b:bean id='fsi' class='org.springframework.security.intercept.web.FilterSecurityInterceptor' autowire='byType'>" +
|
||||
" <b:property name='objectDefinitionSource'>" +
|
||||
" <b:property name='securityMetadataSource'>" +
|
||||
" <filter-invocation-definition-source>" +
|
||||
" <intercept-url pattern='/secure/extreme/**' access='ROLE_SUPERVISOR'/>" +
|
||||
" <intercept-url pattern='/secure/**' access='ROLE_USER'/>" +
|
||||
|
|
|
@ -29,7 +29,7 @@ import org.springframework.security.context.HttpSessionSecurityContextRepository
|
|||
import org.springframework.security.context.SecurityContextHolder;
|
||||
import org.springframework.security.context.SecurityContextPersistenceFilter;
|
||||
import org.springframework.security.intercept.web.FilterInvocation;
|
||||
import org.springframework.security.intercept.web.FilterInvocationDefinitionSource;
|
||||
import org.springframework.security.intercept.web.FilterInvocationSecurityMetadataSource;
|
||||
import org.springframework.security.intercept.web.FilterSecurityInterceptor;
|
||||
import org.springframework.security.providers.TestingAuthenticationToken;
|
||||
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
|
||||
|
@ -86,7 +86,7 @@ public class HttpSecurityBeanDefinitionParserTests {
|
|||
checkAutoConfigFilters(filterList);
|
||||
|
||||
assertEquals(true, FieldUtils.getFieldValue(appContext.getBean("_filterChainProxy"), "stripQueryStringFromUrls"));
|
||||
assertEquals(true, FieldUtils.getFieldValue(filterList.get(AUTO_CONFIG_FILTERS-1), "objectDefinitionSource.stripQueryStringFromUrls"));
|
||||
assertEquals(true, FieldUtils.getFieldValue(filterList.get(AUTO_CONFIG_FILTERS-1), "securityMetadataSource.stripQueryStringFromUrls"));
|
||||
}
|
||||
|
||||
@Test(expected=BeanDefinitionParsingException.class)
|
||||
|
@ -144,7 +144,7 @@ public class HttpSecurityBeanDefinitionParserTests {
|
|||
List<Filter> allFilters = getFilters("/ImCaughtByTheUniversalMatchPattern");
|
||||
checkAutoConfigFilters(allFilters);
|
||||
assertEquals(false, FieldUtils.getFieldValue(appContext.getBean("_filterChainProxy"), "stripQueryStringFromUrls"));
|
||||
assertEquals(false, FieldUtils.getFieldValue(allFilters.get(AUTO_CONFIG_FILTERS-1), "objectDefinitionSource.stripQueryStringFromUrls"));
|
||||
assertEquals(false, FieldUtils.getFieldValue(allFilters.get(AUTO_CONFIG_FILTERS-1), "securityMetadataSource.stripQueryStringFromUrls"));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
@ -225,7 +225,7 @@ public class HttpSecurityBeanDefinitionParserTests {
|
|||
|
||||
FilterSecurityInterceptor fis = (FilterSecurityInterceptor) appContext.getBean(BeanIds.FILTER_SECURITY_INTERCEPTOR);
|
||||
|
||||
FilterInvocationDefinitionSource fids = fis.getObjectDefinitionSource();
|
||||
FilterInvocationSecurityMetadataSource fids = fis.getSecurityMetadataSource();
|
||||
List<? extends ConfigAttribute> attrDef = fids.getAttributes(createFilterinvocation("/Secure", null));
|
||||
assertEquals(2, attrDef.size());
|
||||
assertTrue(attrDef.contains(new SecurityConfig("ROLE_A")));
|
||||
|
@ -245,7 +245,7 @@ public class HttpSecurityBeanDefinitionParserTests {
|
|||
" </http>" + AUTH_PROVIDER_XML);
|
||||
|
||||
FilterSecurityInterceptor fis = (FilterSecurityInterceptor) appContext.getBean(BeanIds.FILTER_SECURITY_INTERCEPTOR);
|
||||
FilterInvocationDefinitionSource fids = fis.getObjectDefinitionSource();
|
||||
FilterInvocationSecurityMetadataSource fids = fis.getSecurityMetadataSource();
|
||||
List<? extends ConfigAttribute> attrs = fids.getAttributes(createFilterinvocation("/secure", "POST"));
|
||||
assertEquals(2, attrs.size());
|
||||
assertTrue(attrs.contains(new SecurityConfig("ROLE_A")));
|
||||
|
@ -685,7 +685,7 @@ public class HttpSecurityBeanDefinitionParserTests {
|
|||
"</http>" + AUTH_PROVIDER_XML);
|
||||
FilterSecurityInterceptor fis = (FilterSecurityInterceptor) appContext.getBean(BeanIds.FILTER_SECURITY_INTERCEPTOR);
|
||||
|
||||
FilterInvocationDefinitionSource fids = fis.getObjectDefinitionSource();
|
||||
FilterInvocationSecurityMetadataSource fids = fis.getSecurityMetadataSource();
|
||||
List<? extends ConfigAttribute> attrDef = fids.getAttributes(createFilterinvocation("/someurl", null));
|
||||
assertEquals(1, attrDef.size());
|
||||
assertTrue(attrDef.contains(new SecurityConfig("ROLE_B")));
|
||||
|
@ -723,7 +723,7 @@ public class HttpSecurityBeanDefinitionParserTests {
|
|||
|
||||
FilterSecurityInterceptor fis = (FilterSecurityInterceptor) appContext.getBean(BeanIds.FILTER_SECURITY_INTERCEPTOR);
|
||||
|
||||
FilterInvocationDefinitionSource fids = fis.getObjectDefinitionSource();
|
||||
FilterInvocationSecurityMetadataSource fids = fis.getSecurityMetadataSource();
|
||||
List<? extends ConfigAttribute> attrDef = fids.getAttributes(createFilterinvocation("/secure", null));
|
||||
assertEquals(1, attrDef.size());
|
||||
|
||||
|
|
|
@ -11,14 +11,14 @@ import org.springframework.security.expression.annotation.PostAuthorize;
|
|||
import org.springframework.security.expression.annotation.PostFilter;
|
||||
import org.springframework.security.expression.annotation.PreAuthorize;
|
||||
import org.springframework.security.expression.annotation.PreFilter;
|
||||
import org.springframework.security.expression.method.ExpressionAnnotationMethodDefinitionSource;
|
||||
import org.springframework.security.expression.method.ExpressionAnnotationMethodSecurityMetadataSource;
|
||||
import org.springframework.security.expression.method.PostInvocationExpressionAttribute;
|
||||
import org.springframework.security.expression.method.PreInvocationExpressionAttribute;
|
||||
import org.springframework.security.intercept.method.MockMethodInvocation;
|
||||
|
||||
|
||||
public class ExpressionAnnotationMethodDefinitionSourceTests {
|
||||
private ExpressionAnnotationMethodDefinitionSource mds = new ExpressionAnnotationMethodDefinitionSource();
|
||||
private ExpressionAnnotationMethodSecurityMetadataSource mds = new ExpressionAnnotationMethodSecurityMetadataSource();
|
||||
|
||||
private MockMethodInvocation voidImpl1;
|
||||
private MockMethodInvocation voidImpl2;
|
||||
|
|
|
@ -46,7 +46,7 @@ public class AbstractSecurityInterceptorTests {
|
|||
si.setAuthenticationManager(jmock.mock(AuthenticationManager.class));
|
||||
si.setAfterInvocationManager(jmock.mock(AfterInvocationManager.class));
|
||||
si.setAccessDecisionManager(jmock.mock(AccessDecisionManager.class));
|
||||
si.setObjectDefinitionSource(jmock.mock(ObjectDefinitionSource.class));
|
||||
si.setSecurityMetadataSource(jmock.mock(SecurityMetadataSource.class));
|
||||
|
||||
jmock.checking(new Expectations() {{ ignoring(anything()); }});
|
||||
si.beforeInvocation(new SimpleMethodInvocation());
|
||||
|
@ -59,7 +59,7 @@ public class AbstractSecurityInterceptorTests {
|
|||
si.setAuthenticationManager(jmock.mock(AuthenticationManager.class));
|
||||
si.setAfterInvocationManager(jmock.mock(AfterInvocationManager.class));
|
||||
si.setAccessDecisionManager(jmock.mock(AccessDecisionManager.class));
|
||||
si.setObjectDefinitionSource(jmock.mock(ObjectDefinitionSource.class));
|
||||
si.setSecurityMetadataSource(jmock.mock(SecurityMetadataSource.class));
|
||||
|
||||
jmock.checking(new Expectations() {{ ignoring(anything()); }});
|
||||
|
||||
|
@ -69,34 +69,34 @@ public class AbstractSecurityInterceptorTests {
|
|||
//~ Inner Classes ==================================================================================================
|
||||
|
||||
private class MockSecurityInterceptorReturnsNull extends AbstractSecurityInterceptor {
|
||||
private ObjectDefinitionSource objectDefinitionSource;
|
||||
private SecurityMetadataSource securityMetadataSource;
|
||||
|
||||
public Class<? extends Object> getSecureObjectClass() {
|
||||
return null;
|
||||
}
|
||||
|
||||
public ObjectDefinitionSource obtainObjectDefinitionSource() {
|
||||
return objectDefinitionSource;
|
||||
public SecurityMetadataSource obtainSecurityMetadataSource() {
|
||||
return securityMetadataSource;
|
||||
}
|
||||
|
||||
public void setObjectDefinitionSource(ObjectDefinitionSource objectDefinitionSource) {
|
||||
this.objectDefinitionSource = objectDefinitionSource;
|
||||
public void setSecurityMetadataSource(SecurityMetadataSource securityMetadataSource) {
|
||||
this.securityMetadataSource = securityMetadataSource;
|
||||
}
|
||||
}
|
||||
|
||||
private class MockSecurityInterceptorWhichOnlySupportsStrings extends AbstractSecurityInterceptor {
|
||||
private ObjectDefinitionSource objectDefinitionSource;
|
||||
private SecurityMetadataSource securityMetadataSource;
|
||||
|
||||
public Class<? extends Object> getSecureObjectClass() {
|
||||
return String.class;
|
||||
}
|
||||
|
||||
public ObjectDefinitionSource obtainObjectDefinitionSource() {
|
||||
return objectDefinitionSource;
|
||||
public SecurityMetadataSource obtainSecurityMetadataSource() {
|
||||
return securityMetadataSource;
|
||||
}
|
||||
|
||||
public void setObjectDefinitionSource(ObjectDefinitionSource objectDefinitionSource) {
|
||||
this.objectDefinitionSource = objectDefinitionSource;
|
||||
public void setSecurityMetadataSource(SecurityMetadataSource securityMetadataSource) {
|
||||
this.securityMetadataSource = securityMetadataSource;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -11,21 +11,21 @@ import org.springframework.security.ConfigAttribute;
|
|||
import org.springframework.security.SecurityConfig;
|
||||
|
||||
/**
|
||||
* Tests for {@link MapBasedMethodDefinitionSource}.
|
||||
* Tests for {@link MapBasedMethodSecurityMetadataSource}.
|
||||
*
|
||||
* @author Luke Taylor
|
||||
* @since 2.0.4
|
||||
*/
|
||||
public class MapBasedMethodDefinitionSourceTests {
|
||||
public class MapBasedMethodSecurityMetadataSourceTests {
|
||||
private final List<ConfigAttribute> ROLE_A = SecurityConfig.createList("ROLE_A");
|
||||
private final List<ConfigAttribute> ROLE_B = SecurityConfig.createList("ROLE_B");
|
||||
private MapBasedMethodDefinitionSource mds;
|
||||
private MapBasedMethodSecurityMetadataSource mds;
|
||||
private Method someMethodString;
|
||||
private Method someMethodInteger;
|
||||
|
||||
@Before
|
||||
public void initialize() throws Exception {
|
||||
mds = new MapBasedMethodDefinitionSource();
|
||||
mds = new MapBasedMethodSecurityMetadataSource();
|
||||
someMethodString = MockService.class.getMethod("someMethod", String.class);
|
||||
someMethodInteger = MockService.class.getMethod("someMethod", Integer.class);
|
||||
}
|
|
@ -50,7 +50,7 @@ public class MethodInvocationPrivilegeEvaluatorTests {
|
|||
private TestingAuthenticationToken token;
|
||||
private MethodSecurityInterceptor interceptor;
|
||||
private AccessDecisionManager adm;
|
||||
private MethodDefinitionSource mds;
|
||||
private MethodSecurityMetadataSource mds;
|
||||
private final List<ConfigAttribute> role = SecurityConfig.createList("ROLE_IGNORED");
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
@ -62,10 +62,10 @@ public class MethodInvocationPrivilegeEvaluatorTests {
|
|||
token = new TestingAuthenticationToken("Test", "Password", "ROLE_SOMETHING");
|
||||
adm = jmock.mock(AccessDecisionManager.class);
|
||||
AuthenticationManager authman = jmock.mock(AuthenticationManager.class);
|
||||
mds = jmock.mock(MethodDefinitionSource.class);
|
||||
mds = jmock.mock(MethodSecurityMetadataSource.class);
|
||||
interceptor.setAccessDecisionManager(adm);
|
||||
interceptor.setAuthenticationManager(authman);
|
||||
interceptor.setObjectDefinitionSource(mds);
|
||||
interceptor.setSecurityMetadataSource(mds);
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
|
@ -31,13 +31,13 @@ import org.springframework.security.TargetObject;
|
|||
|
||||
|
||||
/**
|
||||
* Tests {@link MethodDefinitionSourceEditor} and its associated {@link MapBasedMethodDefinitionSource}.
|
||||
* Tests {@link MethodSecurityMetadataSourceEditor} and its associated {@link MapBasedMethodSecurityMetadataSource}.
|
||||
*
|
||||
* @author Ben Alex
|
||||
* @version $Id$
|
||||
*/
|
||||
@SuppressWarnings("deprecation")
|
||||
public class MethodDefinitionSourceEditorTests extends TestCase {
|
||||
public class MethodSecurityMetadataSourceEditorTests extends TestCase {
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
public final void setUp() throws Exception {
|
||||
|
@ -45,10 +45,10 @@ public class MethodDefinitionSourceEditorTests extends TestCase {
|
|||
}
|
||||
|
||||
public void testAspectJJointPointLookup() throws Exception {
|
||||
MethodDefinitionSourceEditor editor = new MethodDefinitionSourceEditor();
|
||||
MethodSecurityMetadataSourceEditor editor = new MethodSecurityMetadataSourceEditor();
|
||||
editor.setAsText("org.springframework.security.TargetObject.countLength=ROLE_ONE,ROLE_TWO,RUN_AS_ENTRY");
|
||||
|
||||
MapBasedMethodDefinitionSource map = (MapBasedMethodDefinitionSource) editor.getValue();
|
||||
MapBasedMethodSecurityMetadataSource map = (MapBasedMethodSecurityMetadataSource) editor.getValue();
|
||||
|
||||
Class<TargetObject> clazz = TargetObject.class;
|
||||
Method method = clazz.getMethod("countLength", new Class[] {String.class});
|
||||
|
@ -61,7 +61,7 @@ public class MethodDefinitionSourceEditorTests extends TestCase {
|
|||
}
|
||||
|
||||
public void testClassNameNotFoundResultsInException() {
|
||||
MethodDefinitionSourceEditor editor = new MethodDefinitionSourceEditor();
|
||||
MethodSecurityMetadataSourceEditor editor = new MethodSecurityMetadataSourceEditor();
|
||||
|
||||
try {
|
||||
editor.setAsText("org.springframework.security.DOES_NOT_EXIST_NAME=FOO,BAR");
|
||||
|
@ -72,7 +72,7 @@ public class MethodDefinitionSourceEditorTests extends TestCase {
|
|||
}
|
||||
|
||||
public void testClassNameNotInProperFormatResultsInException() {
|
||||
MethodDefinitionSourceEditor editor = new MethodDefinitionSourceEditor();
|
||||
MethodSecurityMetadataSourceEditor editor = new MethodSecurityMetadataSourceEditor();
|
||||
|
||||
try {
|
||||
editor.setAsText("DOES_NOT_EXIST_NAME=FOO,BAR");
|
||||
|
@ -83,7 +83,7 @@ public class MethodDefinitionSourceEditorTests extends TestCase {
|
|||
}
|
||||
|
||||
public void testClassNameValidButMethodNameInvalidResultsInException() {
|
||||
MethodDefinitionSourceEditor editor = new MethodDefinitionSourceEditor();
|
||||
MethodSecurityMetadataSourceEditor editor = new MethodSecurityMetadataSourceEditor();
|
||||
|
||||
try {
|
||||
editor.setAsText("org.springframework.security.TargetObject.INVALID_METHOD=FOO,BAR");
|
||||
|
@ -94,7 +94,7 @@ public class MethodDefinitionSourceEditorTests extends TestCase {
|
|||
}
|
||||
|
||||
public void testConcreteClassInvocationsAlsoReturnDefinitionsAgainstInterface() throws Exception {
|
||||
MethodDefinitionSourceEditor editor = new MethodDefinitionSourceEditor();
|
||||
MethodSecurityMetadataSourceEditor editor = new MethodSecurityMetadataSourceEditor();
|
||||
editor.setAsText(
|
||||
"org.springframework.security.ITargetObject.computeHashCode*=ROLE_FROM_INTERFACE\r\n" +
|
||||
"org.springframework.security.ITargetObject.makeLower*=ROLE_FROM_INTERFACE\r\n" +
|
||||
|
@ -103,7 +103,7 @@ public class MethodDefinitionSourceEditorTests extends TestCase {
|
|||
"org.springframework.security.OtherTargetObject.computeHashCode*=ROLE_FROM_OTO\r\n" +
|
||||
"org.springframework.security.OtherTargetObject.makeUpper*=ROLE_FROM_IMPLEMENTATION");
|
||||
|
||||
MapBasedMethodDefinitionSource map = (MapBasedMethodDefinitionSource) editor.getValue();
|
||||
MapBasedMethodSecurityMetadataSource map = (MapBasedMethodSecurityMetadataSource) editor.getValue();
|
||||
assertEquals(6, map.getMethodMapSize());
|
||||
|
||||
List<? extends ConfigAttribute> returnedMakeLower = map.getAttributes(new MockMethodInvocation(ITargetObject.class, "makeLowerCase", new Class[] {String.class}, new OtherTargetObject()));
|
||||
|
@ -124,38 +124,38 @@ public class MethodDefinitionSourceEditorTests extends TestCase {
|
|||
}
|
||||
|
||||
public void testEmptyStringReturnsEmptyMap() {
|
||||
MethodDefinitionSourceEditor editor = new MethodDefinitionSourceEditor();
|
||||
MethodSecurityMetadataSourceEditor editor = new MethodSecurityMetadataSourceEditor();
|
||||
editor.setAsText("");
|
||||
|
||||
MapBasedMethodDefinitionSource map = (MapBasedMethodDefinitionSource) editor.getValue();
|
||||
MapBasedMethodSecurityMetadataSource map = (MapBasedMethodSecurityMetadataSource) editor.getValue();
|
||||
assertEquals(0, map.getMethodMapSize());
|
||||
}
|
||||
|
||||
public void testIterator() {
|
||||
MethodDefinitionSourceEditor editor = new MethodDefinitionSourceEditor();
|
||||
MethodSecurityMetadataSourceEditor editor = new MethodSecurityMetadataSourceEditor();
|
||||
editor.setAsText(
|
||||
"org.springframework.security.TargetObject.countLength=ROLE_ONE,ROLE_TWO,RUN_AS_ENTRY\r\norg.springframework.security.TargetObject.make*=ROLE_NINE,ROLE_SUPERVISOR");
|
||||
|
||||
MapBasedMethodDefinitionSource map = (MapBasedMethodDefinitionSource) editor.getValue();
|
||||
MapBasedMethodSecurityMetadataSource map = (MapBasedMethodSecurityMetadataSource) editor.getValue();
|
||||
|
||||
assertEquals(5, map.getAllConfigAttributes().size());
|
||||
}
|
||||
|
||||
public void testMultiMethodParsing() {
|
||||
MethodDefinitionSourceEditor editor = new MethodDefinitionSourceEditor();
|
||||
MethodSecurityMetadataSourceEditor editor = new MethodSecurityMetadataSourceEditor();
|
||||
editor.setAsText(
|
||||
"org.springframework.security.TargetObject.countLength=ROLE_ONE,ROLE_TWO,RUN_AS_ENTRY\r\norg.springframework.security.TargetObject.make*=ROLE_NINE,ROLE_SUPERVISOR");
|
||||
|
||||
MapBasedMethodDefinitionSource map = (MapBasedMethodDefinitionSource) editor.getValue();
|
||||
MapBasedMethodSecurityMetadataSource map = (MapBasedMethodSecurityMetadataSource) editor.getValue();
|
||||
assertEquals(3, map.getMethodMapSize());
|
||||
}
|
||||
|
||||
public void testMultiMethodParsingWhereLaterMethodsOverrideEarlierMethods() throws Exception {
|
||||
MethodDefinitionSourceEditor editor = new MethodDefinitionSourceEditor();
|
||||
MethodSecurityMetadataSourceEditor editor = new MethodSecurityMetadataSourceEditor();
|
||||
editor.setAsText(
|
||||
"org.springframework.security.TargetObject.*=ROLE_GENERAL\r\norg.springframework.security.TargetObject.makeLower*=ROLE_LOWER\r\norg.springframework.security.TargetObject.make*=ROLE_MAKE\r\norg.springframework.security.TargetObject.makeUpper*=ROLE_UPPER");
|
||||
|
||||
MapBasedMethodDefinitionSource map = (MapBasedMethodDefinitionSource) editor.getValue();
|
||||
MapBasedMethodSecurityMetadataSource map = (MapBasedMethodSecurityMetadataSource) editor.getValue();
|
||||
assertEquals(14, map.getMethodMapSize());
|
||||
|
||||
List<? extends ConfigAttribute> returnedMakeLower = map.getAttributes(new MockMethodInvocation(ITargetObject.class,
|
||||
|
@ -174,11 +174,11 @@ public class MethodDefinitionSourceEditorTests extends TestCase {
|
|||
assertEquals(expectedCountLength, returnedCountLength);
|
||||
}
|
||||
|
||||
public void testNullIsReturnedByMethodDefinitionSourceWhenMethodInvocationNotDefined() throws Exception {
|
||||
MethodDefinitionSourceEditor editor = new MethodDefinitionSourceEditor();
|
||||
public void testNullIsReturnedByMethodSecurityMetadataSourceWhenMethodInvocationNotDefined() throws Exception {
|
||||
MethodSecurityMetadataSourceEditor editor = new MethodSecurityMetadataSourceEditor();
|
||||
editor.setAsText("org.springframework.security.TargetObject.countLength=ROLE_ONE,ROLE_TWO,RUN_AS_ENTRY");
|
||||
|
||||
MapBasedMethodDefinitionSource map = (MapBasedMethodDefinitionSource) editor.getValue();
|
||||
MapBasedMethodSecurityMetadataSource map = (MapBasedMethodSecurityMetadataSource) editor.getValue();
|
||||
|
||||
List<? extends ConfigAttribute> configAttributeDefinition = map.getAttributes(new MockMethodInvocation(
|
||||
ITargetObject.class, "makeLowerCase", new Class[] {String.class}, new TargetObject()));
|
||||
|
@ -186,18 +186,18 @@ public class MethodDefinitionSourceEditorTests extends TestCase {
|
|||
}
|
||||
|
||||
public void testNullReturnsEmptyMap() {
|
||||
MethodDefinitionSourceEditor editor = new MethodDefinitionSourceEditor();
|
||||
MethodSecurityMetadataSourceEditor editor = new MethodSecurityMetadataSourceEditor();
|
||||
editor.setAsText(null);
|
||||
|
||||
MapBasedMethodDefinitionSource map = (MapBasedMethodDefinitionSource) editor.getValue();
|
||||
MapBasedMethodSecurityMetadataSource map = (MapBasedMethodSecurityMetadataSource) editor.getValue();
|
||||
assertEquals(0, map.getMethodMapSize());
|
||||
}
|
||||
|
||||
public void testSingleMethodParsing() throws Exception {
|
||||
MethodDefinitionSourceEditor editor = new MethodDefinitionSourceEditor();
|
||||
MethodSecurityMetadataSourceEditor editor = new MethodSecurityMetadataSourceEditor();
|
||||
editor.setAsText("org.springframework.security.TargetObject.countLength=ROLE_ONE,ROLE_TWO,RUN_AS_ENTRY");
|
||||
|
||||
MapBasedMethodDefinitionSource map = (MapBasedMethodDefinitionSource) editor.getValue();
|
||||
MapBasedMethodSecurityMetadataSource map = (MapBasedMethodSecurityMetadataSource) editor.getValue();
|
||||
|
||||
List<? extends ConfigAttribute> returnedCountLength = map.getAttributes(new MockMethodInvocation(ITargetObject.class,
|
||||
"countLength", new Class[] {String.class}, new TargetObject()));
|
|
@ -30,7 +30,7 @@ import org.springframework.security.SecurityConfig;
|
|||
* @author Ben Alex
|
||||
* @version $Id$
|
||||
*/
|
||||
public class MockMethodDefinitionSource implements MethodDefinitionSource {
|
||||
public class MockMethodSecurityMetadataSource implements MethodSecurityMetadataSource {
|
||||
//~ Instance fields ================================================================================================
|
||||
|
||||
private List<ConfigAttribute> list;
|
||||
|
@ -38,7 +38,7 @@ public class MockMethodDefinitionSource implements MethodDefinitionSource {
|
|||
|
||||
//~ Constructors ===================================================================================================
|
||||
|
||||
public MockMethodDefinitionSource(boolean includeInvalidAttributes, boolean returnACollectionWhenRequested) {
|
||||
public MockMethodSecurityMetadataSource(boolean includeInvalidAttributes, boolean returnACollectionWhenRequested) {
|
||||
returnACollection = returnACollectionWhenRequested;
|
||||
list = new ArrayList<ConfigAttribute>();
|
||||
|
|
@ -41,7 +41,7 @@ import org.springframework.security.RunAsManager;
|
|||
import org.springframework.security.SecurityConfig;
|
||||
import org.springframework.security.TargetObject;
|
||||
import org.springframework.security.context.SecurityContextHolder;
|
||||
import org.springframework.security.intercept.method.MethodDefinitionSource;
|
||||
import org.springframework.security.intercept.method.MethodSecurityMetadataSource;
|
||||
import org.springframework.security.providers.TestingAuthenticationToken;
|
||||
import org.springframework.security.runas.RunAsUserToken;
|
||||
|
||||
|
@ -59,7 +59,7 @@ public class MethodSecurityInterceptorTests {
|
|||
private ITargetObject realTarget;
|
||||
private ITargetObject advisedTarget;
|
||||
private AccessDecisionManager adm;
|
||||
private MethodDefinitionSource mds;
|
||||
private MethodSecurityMetadataSource mds;
|
||||
private AuthenticationManager authman;
|
||||
|
||||
private Expectations mdsWillReturnNullFromGetAttributes;
|
||||
|
@ -74,10 +74,10 @@ public class MethodSecurityInterceptorTests {
|
|||
interceptor = new MethodSecurityInterceptor();
|
||||
adm = jmock.mock(AccessDecisionManager.class);
|
||||
authman = jmock.mock(AuthenticationManager.class);
|
||||
mds = jmock.mock(MethodDefinitionSource.class);
|
||||
mds = jmock.mock(MethodSecurityMetadataSource.class);
|
||||
interceptor.setAccessDecisionManager(adm);
|
||||
interceptor.setAuthenticationManager(authman);
|
||||
interceptor.setObjectDefinitionSource(mds);
|
||||
interceptor.setSecurityMetadataSource(mds);
|
||||
createTarget(false);
|
||||
|
||||
mdsWillReturnNullFromGetAttributes = new Expectations() {{
|
||||
|
@ -109,7 +109,7 @@ public class MethodSecurityInterceptorTests {
|
|||
assertEquals(adm, interceptor.getAccessDecisionManager());
|
||||
assertEquals(runAs, interceptor.getRunAsManager());
|
||||
assertEquals(authman, interceptor.getAuthenticationManager());
|
||||
assertEquals(mds, interceptor.getObjectDefinitionSource());
|
||||
assertEquals(mds, interceptor.getSecurityMetadataSource());
|
||||
assertEquals(aim, interceptor.getAfterInvocationManager());
|
||||
}
|
||||
|
||||
|
@ -126,8 +126,8 @@ public class MethodSecurityInterceptorTests {
|
|||
}
|
||||
|
||||
@Test(expected=IllegalArgumentException.class)
|
||||
public void missingMethodDefinitionSourceIsRejected() throws Exception {
|
||||
interceptor.setObjectDefinitionSource(null);
|
||||
public void missingMethodSecurityMetadataSourceIsRejected() throws Exception {
|
||||
interceptor.setSecurityMetadataSource(null);
|
||||
interceptor.afterPropertiesSet();
|
||||
}
|
||||
|
||||
|
@ -138,7 +138,7 @@ public class MethodSecurityInterceptorTests {
|
|||
}
|
||||
|
||||
@Test(expected=IllegalArgumentException.class)
|
||||
public void initializationRejectsObjectDefinitionSourceThatDoesNotSupportMethodInvocation() throws Throwable {
|
||||
public void initializationRejectsSecurityMetadataSourceThatDoesNotSupportMethodInvocation() throws Throwable {
|
||||
jmock.checking(new Expectations() {{
|
||||
oneOf(mds).supports(MethodInvocation.class); will(returnValue(false));
|
||||
}});
|
||||
|
@ -198,7 +198,7 @@ public class MethodSecurityInterceptorTests {
|
|||
}
|
||||
|
||||
@Test
|
||||
public void validationNotAttemptedIfMethodDefinitionSourceReturnsNullForAttributes() throws Exception {
|
||||
public void validationNotAttemptedIfMethodSecurityMetadataSourceReturnsNullForAttributes() throws Exception {
|
||||
jmock.checking(new Expectations() {{
|
||||
oneOf(mds).supports(MethodInvocation.class); will(returnValue(true));
|
||||
oneOf(adm).supports(MethodInvocation.class); will(returnValue(true));
|
||||
|
@ -302,90 +302,4 @@ public class MethodSecurityInterceptorTests {
|
|||
}});
|
||||
advisedTarget.makeUpperCase("hello");
|
||||
}
|
||||
|
||||
|
||||
//~ Inner Classes ==================================================================================================
|
||||
|
||||
// private static class MockMethodDefinitionSource() extends AbstractMethodDefinitionSource {
|
||||
//
|
||||
// }
|
||||
|
||||
/*
|
||||
private class MockAccessDecisionManagerWhichOnlySupportsStrings implements AccessDecisionManager {
|
||||
public void decide(Authentication authentication, Object object, List<ConfigAttribute> configAttributes)
|
||||
throws AccessDeniedException {
|
||||
throw new UnsupportedOperationException("mock method not implemented");
|
||||
}
|
||||
|
||||
public boolean supports(Class<?> clazz) {
|
||||
if (String.class.isAssignableFrom(clazz)) {
|
||||
return true;
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
public boolean supports(ConfigAttribute attribute) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
private class MockAfterInvocationManagerWhichOnlySupportsStrings implements AfterInvocationManager {
|
||||
public Object decide(Authentication authentication, Object object, List<ConfigAttribute> config,
|
||||
Object returnedObject) throws AccessDeniedException {
|
||||
throw new UnsupportedOperationException("mock method not implemented");
|
||||
}
|
||||
|
||||
public boolean supports(Class<?> clazz) {
|
||||
if (String.class.isAssignableFrom(clazz)) {
|
||||
return true;
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
public boolean supports(ConfigAttribute attribute) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
private class MockObjectDefinitionSourceWhichOnlySupportsStrings implements MethodDefinitionSource {
|
||||
public Collection<ConfigAttribute> getAllConfigAttributes() {
|
||||
return null;
|
||||
}
|
||||
|
||||
public List<ConfigAttribute> getAttributes(Method method, Class<?> targetClass) {
|
||||
throw new UnsupportedOperationException("mock method not implemented");
|
||||
}
|
||||
|
||||
public boolean supports(Class<?> clazz) {
|
||||
if (String.class.isAssignableFrom(clazz)) {
|
||||
return true;
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
public List<ConfigAttribute> getAttributes(Object object) {
|
||||
throw new UnsupportedOperationException("mock method not implemented");
|
||||
}
|
||||
}
|
||||
|
||||
private class MockRunAsManagerWhichOnlySupportsStrings implements RunAsManager {
|
||||
public Authentication buildRunAs(Authentication authentication, Object object, List<ConfigAttribute> config) {
|
||||
throw new UnsupportedOperationException("mock method not implemented");
|
||||
}
|
||||
|
||||
public boolean supports(Class<?> clazz) {
|
||||
if (String.class.isAssignableFrom(clazz)) {
|
||||
return true;
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
public boolean supports(ConfigAttribute attribute) {
|
||||
return true;
|
||||
}
|
||||
}*/
|
||||
}
|
||||
|
|
|
@ -56,7 +56,7 @@ public class MethodSecurityInterceptorWithAopConfigTests {
|
|||
"</aop:config>" +
|
||||
"<b:bean id='target' class='org.springframework.security.TargetObject'/>" +
|
||||
"<b:bean id='securityInterceptor' class='org.springframework.security.intercept.method.aopalliance.MethodSecurityInterceptor' autowire='byType' >" +
|
||||
" <b:property name='objectDefinitionSource'>" +
|
||||
" <b:property name='securityMetadataSource'>" +
|
||||
" <b:value>" +
|
||||
"org.springframework.security.TargetObject.makeLower*=ROLE_A\n" +
|
||||
"org.springframework.security.TargetObject.makeUpper*=ROLE_A\n" +
|
||||
|
|
|
@ -20,45 +20,37 @@ import java.lang.reflect.Method;
|
|||
import junit.framework.TestCase;
|
||||
|
||||
import org.springframework.security.TargetObject;
|
||||
import org.springframework.security.intercept.method.MapBasedMethodDefinitionSource;
|
||||
import org.springframework.security.intercept.method.MethodDefinitionSourceEditor;
|
||||
import org.springframework.security.intercept.method.MapBasedMethodSecurityMetadataSource;
|
||||
import org.springframework.security.intercept.method.MethodSecurityMetadataSourceEditor;
|
||||
|
||||
/**
|
||||
* Tests {@link MethodDefinitionSourceAdvisor}.
|
||||
* Tests {@link MethodSecurityMetadataSourceAdvisor}.
|
||||
*
|
||||
* @author Ben Alex
|
||||
* @version $Id$
|
||||
*/
|
||||
@SuppressWarnings("deprecation")
|
||||
public class MethodDefinitionSourceAdvisorTests extends TestCase {
|
||||
public class MethodSecurityMetadataSourceAdvisorTests extends TestCase {
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
private MethodSecurityInterceptor getInterceptor() {
|
||||
MethodDefinitionSourceEditor editor = new MethodDefinitionSourceEditor();
|
||||
MethodSecurityMetadataSourceEditor editor = new MethodSecurityMetadataSourceEditor();
|
||||
editor.setAsText("org.springframework.security.TargetObject.countLength=ROLE_NOT_USED");
|
||||
|
||||
MapBasedMethodDefinitionSource map = (MapBasedMethodDefinitionSource) editor.getValue();
|
||||
MapBasedMethodSecurityMetadataSource map = (MapBasedMethodSecurityMetadataSource) editor.getValue();
|
||||
|
||||
MethodSecurityInterceptor msi = new MethodSecurityInterceptor();
|
||||
msi.setObjectDefinitionSource(map);
|
||||
msi.setSecurityMetadataSource(map);
|
||||
|
||||
return msi;
|
||||
}
|
||||
|
||||
public static void main(String[] args) {
|
||||
junit.textui.TestRunner.run(MethodDefinitionSourceAdvisorTests.class);
|
||||
}
|
||||
|
||||
public final void setUp() throws Exception {
|
||||
super.setUp();
|
||||
}
|
||||
|
||||
public void testAdvisorReturnsFalseWhenMethodInvocationNotDefined()
|
||||
throws Exception {
|
||||
Class<TargetObject> clazz = TargetObject.class;
|
||||
Method method = clazz.getMethod("makeLowerCase", new Class[] {String.class});
|
||||
|
||||
MethodDefinitionSourceAdvisor advisor = new MethodDefinitionSourceAdvisor(getInterceptor());
|
||||
MethodSecurityMetadataSourceAdvisor advisor = new MethodSecurityMetadataSourceAdvisor(getInterceptor());
|
||||
assertFalse(advisor.getPointcut().getMethodMatcher().matches(method, clazz));
|
||||
}
|
||||
|
||||
|
@ -67,7 +59,7 @@ public class MethodDefinitionSourceAdvisorTests extends TestCase {
|
|||
Class<TargetObject> clazz = TargetObject.class;
|
||||
Method method = clazz.getMethod("countLength", new Class[] {String.class});
|
||||
|
||||
MethodDefinitionSourceAdvisor advisor = new MethodDefinitionSourceAdvisor(getInterceptor());
|
||||
MethodSecurityMetadataSourceAdvisor advisor = new MethodSecurityMetadataSourceAdvisor(getInterceptor());
|
||||
assertTrue(advisor.getPointcut().getMethodMatcher().matches(method, clazz));
|
||||
}
|
||||
|
||||
|
@ -75,8 +67,8 @@ public class MethodDefinitionSourceAdvisorTests extends TestCase {
|
|||
MethodSecurityInterceptor msi = new MethodSecurityInterceptor();
|
||||
|
||||
try {
|
||||
new MethodDefinitionSourceAdvisor(msi);
|
||||
fail("Should have detected null ObjectDefinitionSource and thrown AopConfigException");
|
||||
new MethodSecurityMetadataSourceAdvisor(msi);
|
||||
fail("Should have detected null SecurityMetadataSource and thrown AopConfigException");
|
||||
} catch (IllegalArgumentException expected) {
|
||||
assertTrue(true);
|
||||
}
|
||||
|
@ -86,7 +78,7 @@ public class MethodDefinitionSourceAdvisorTests extends TestCase {
|
|||
Class<TargetObject> clazz = TargetObject.class;
|
||||
Method method = clazz.getMethod("countLength", new Class[] {String.class});
|
||||
|
||||
MethodDefinitionSourceAdvisor.InternalMethodInvocation imi = new MethodDefinitionSourceAdvisor(getInterceptor()).new InternalMethodInvocation(method, clazz);
|
||||
MethodSecurityMetadataSourceAdvisor.InternalMethodInvocation imi = new MethodSecurityMetadataSourceAdvisor(getInterceptor()).new InternalMethodInvocation(method, clazz);
|
||||
|
||||
try {
|
||||
imi.getArguments();
|
||||
|
@ -110,7 +102,7 @@ public class MethodDefinitionSourceAdvisorTests extends TestCase {
|
|||
}
|
||||
|
||||
try {
|
||||
new MethodDefinitionSourceAdvisor(getInterceptor()).new InternalMethodInvocation();
|
||||
new MethodSecurityMetadataSourceAdvisor(getInterceptor()).new InternalMethodInvocation();
|
||||
fail("Should have thrown UnsupportedOperationException");
|
||||
} catch (UnsupportedOperationException expected) {
|
||||
assertTrue(true);
|
|
@ -32,7 +32,7 @@ import org.springframework.security.MockJoinPoint;
|
|||
import org.springframework.security.SecurityConfig;
|
||||
import org.springframework.security.TargetObject;
|
||||
import org.springframework.security.context.SecurityContextHolder;
|
||||
import org.springframework.security.intercept.method.MethodDefinitionSource;
|
||||
import org.springframework.security.intercept.method.MethodSecurityMetadataSource;
|
||||
import org.springframework.security.providers.TestingAuthenticationToken;
|
||||
|
||||
|
||||
|
@ -47,7 +47,7 @@ public class AspectJSecurityInterceptorTests {
|
|||
private TestingAuthenticationToken token;
|
||||
private AspectJSecurityInterceptor interceptor;
|
||||
private AccessDecisionManager adm;
|
||||
private MethodDefinitionSource mds;
|
||||
private MethodSecurityMetadataSource mds;
|
||||
private AuthenticationManager authman;
|
||||
private AspectJCallback aspectJCallback;
|
||||
private JoinPoint joinPoint;
|
||||
|
@ -61,10 +61,10 @@ public class AspectJSecurityInterceptorTests {
|
|||
interceptor = new AspectJSecurityInterceptor();
|
||||
adm = jmock.mock(AccessDecisionManager.class);
|
||||
authman = jmock.mock(AuthenticationManager.class);
|
||||
mds = jmock.mock(MethodDefinitionSource.class);
|
||||
mds = jmock.mock(MethodSecurityMetadataSource.class);
|
||||
interceptor.setAccessDecisionManager(adm);
|
||||
interceptor.setAuthenticationManager(authman);
|
||||
interceptor.setObjectDefinitionSource(mds);
|
||||
interceptor.setSecurityMetadataSource(mds);
|
||||
Method method = TargetObject.class.getMethod("countLength", new Class[] {String.class});
|
||||
joinPoint = new MockJoinPoint(new TargetObject(), method);
|
||||
aspectJCallback = jmock.mock(AspectJCallback.class);
|
||||
|
|
|
@ -29,29 +29,29 @@ import org.springframework.security.util.AntUrlPathMatcher;
|
|||
import org.springframework.security.util.MockFilterChain;
|
||||
|
||||
/**
|
||||
* Tests parts of {@link DefaultFilterInvocationDefinitionSource} not tested by {@link
|
||||
* Tests parts of {@link DefaultFilterInvocationSecurityMetadataSource} not tested by {@link
|
||||
* FilterInvocationDefinitionSourceEditorTests}.
|
||||
*
|
||||
* @author Ben Alex
|
||||
* @version $Id$
|
||||
*/
|
||||
@SuppressWarnings("unchecked")
|
||||
public class DefaultFilterInvocationDefinitionSourceTests {
|
||||
private DefaultFilterInvocationDefinitionSource fids;
|
||||
public class DefaultFilterInvocationSecurityMetadataSourceTests {
|
||||
private DefaultFilterInvocationSecurityMetadataSource fids;
|
||||
private List<ConfigAttribute> def = SecurityConfig.createList("ROLE_ONE");
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
private void createFids(String url, String method) {
|
||||
LinkedHashMap requestMap = new LinkedHashMap();
|
||||
requestMap.put(new RequestKey(url, method), def);
|
||||
fids = new DefaultFilterInvocationDefinitionSource(new AntUrlPathMatcher(), requestMap);
|
||||
fids = new DefaultFilterInvocationSecurityMetadataSource(new AntUrlPathMatcher(), requestMap);
|
||||
fids.setStripQueryStringFromUrls(true);
|
||||
}
|
||||
|
||||
private void createFids(String url, boolean convertToLowerCase) {
|
||||
LinkedHashMap requestMap = new LinkedHashMap();
|
||||
requestMap.put(new RequestKey(url), def);
|
||||
fids = new DefaultFilterInvocationDefinitionSource(new AntUrlPathMatcher(convertToLowerCase), requestMap);
|
||||
fids = new DefaultFilterInvocationSecurityMetadataSource(new AntUrlPathMatcher(convertToLowerCase), requestMap);
|
||||
fids.setStripQueryStringFromUrls(true);
|
||||
}
|
||||
|
||||
|
@ -59,7 +59,7 @@ public class DefaultFilterInvocationDefinitionSourceTests {
|
|||
public void convertUrlToLowercaseIsTrueByDefault() {
|
||||
LinkedHashMap requestMap = new LinkedHashMap();
|
||||
requestMap.put(new RequestKey("/something"), def);
|
||||
fids = new DefaultFilterInvocationDefinitionSource(new AntUrlPathMatcher(), requestMap);
|
||||
fids = new DefaultFilterInvocationSecurityMetadataSource(new AntUrlPathMatcher(), requestMap);
|
||||
assertTrue(fids.isConvertUrlToLowercaseBeforeComparison());
|
||||
}
|
||||
|
||||
|
@ -154,7 +154,7 @@ public class DefaultFilterInvocationDefinitionSourceTests {
|
|||
requestMap.put(new RequestKey("/**"), def);
|
||||
List<ConfigAttribute> postOnlyDef = SecurityConfig.createList("ROLE_TWO");
|
||||
requestMap.put(new RequestKey("/somepage**", "POST"), postOnlyDef);
|
||||
fids = new DefaultFilterInvocationDefinitionSource(new AntUrlPathMatcher(), requestMap);
|
||||
fids = new DefaultFilterInvocationSecurityMetadataSource(new AntUrlPathMatcher(), requestMap);
|
||||
|
||||
List<ConfigAttribute> attrs = fids.getAttributes(createFilterInvocation("/somepage", "POST"));
|
||||
assertEquals(postOnlyDef, attrs);
|
|
@ -48,7 +48,7 @@ public class FilterSecurityInterceptorTests {
|
|||
private Mockery jmock = new JUnit4Mockery();
|
||||
private AuthenticationManager am;
|
||||
private AccessDecisionManager adm;
|
||||
private FilterInvocationDefinitionSource ods;
|
||||
private FilterInvocationSecurityMetadataSource ods;
|
||||
private RunAsManager ram;
|
||||
private FilterSecurityInterceptor interceptor;
|
||||
|
||||
|
@ -59,11 +59,11 @@ public class FilterSecurityInterceptorTests {
|
|||
public final void setUp() throws Exception {
|
||||
interceptor = new FilterSecurityInterceptor();
|
||||
am = jmock.mock(AuthenticationManager.class);
|
||||
ods = jmock.mock(FilterInvocationDefinitionSource.class);
|
||||
ods = jmock.mock(FilterInvocationSecurityMetadataSource.class);
|
||||
adm = jmock.mock(AccessDecisionManager.class);
|
||||
ram = jmock.mock(RunAsManager.class);
|
||||
interceptor.setAuthenticationManager(am);
|
||||
interceptor.setObjectDefinitionSource(ods);
|
||||
interceptor.setSecurityMetadataSource(ods);
|
||||
interceptor.setAccessDecisionManager(adm);
|
||||
interceptor.setRunAsManager(ram);
|
||||
interceptor.setApplicationEventPublisher(new MockApplicationEventPublisher(true));
|
||||
|
|
|
@ -48,7 +48,7 @@ public class WebInvocationPrivilegeEvaluatorTests {
|
|||
private Mockery jmock = new JUnit4Mockery();
|
||||
private AuthenticationManager am;
|
||||
private AccessDecisionManager adm;
|
||||
private FilterInvocationDefinitionSource ods;
|
||||
private FilterInvocationSecurityMetadataSource ods;
|
||||
private RunAsManager ram;
|
||||
private FilterSecurityInterceptor interceptor;
|
||||
|
||||
|
@ -58,11 +58,11 @@ public class WebInvocationPrivilegeEvaluatorTests {
|
|||
public final void setUp() throws Exception {
|
||||
interceptor = new FilterSecurityInterceptor();
|
||||
am = jmock.mock(AuthenticationManager.class);
|
||||
ods = jmock.mock(FilterInvocationDefinitionSource.class);
|
||||
ods = jmock.mock(FilterInvocationSecurityMetadataSource.class);
|
||||
adm = jmock.mock(AccessDecisionManager.class);
|
||||
ram = jmock.mock(RunAsManager.class);
|
||||
interceptor.setAuthenticationManager(am);
|
||||
interceptor.setObjectDefinitionSource(ods);
|
||||
interceptor.setSecurityMetadataSource(ods);
|
||||
interceptor.setAccessDecisionManager(adm);
|
||||
interceptor.setRunAsManager(ram);
|
||||
interceptor.setApplicationEventPublisher(new MockApplicationEventPublisher(true));
|
||||
|
|
|
@ -15,20 +15,21 @@
|
|||
|
||||
package org.springframework.security.securechannel;
|
||||
|
||||
import static org.junit.Assert.*;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.Collection;
|
||||
import java.util.List;
|
||||
|
||||
import javax.servlet.ServletException;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.SecurityConfig;
|
||||
import org.springframework.security.intercept.web.FilterInvocation;
|
||||
import org.springframework.security.intercept.web.FilterInvocationDefinitionSource;
|
||||
import org.springframework.security.intercept.web.FilterInvocationSecurityMetadataSource;
|
||||
import org.springframework.security.util.MockFilterChain;
|
||||
|
||||
|
||||
|
@ -38,72 +39,57 @@ import org.springframework.security.util.MockFilterChain;
|
|||
* @author Ben Alex
|
||||
* @version $Id$
|
||||
*/
|
||||
public class ChannelProcessingFilterTests extends TestCase {
|
||||
public class ChannelProcessingFilterTests {
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
public void testDetectsMissingChannelDecisionManager()
|
||||
throws Exception {
|
||||
@Test(expected=IllegalArgumentException.class)
|
||||
public void testDetectsMissingChannelDecisionManager() throws Exception {
|
||||
ChannelProcessingFilter filter = new ChannelProcessingFilter();
|
||||
|
||||
MockFilterInvocationDefinitionMap fids = new MockFilterInvocationDefinitionMap("/path", true, "MOCK");
|
||||
filter.setFilterInvocationDefinitionSource(fids);
|
||||
filter.setFilterInvocationSecurityMetadataSource(fids);
|
||||
|
||||
try {
|
||||
filter.afterPropertiesSet();
|
||||
fail("Should have thrown IllegalArgumentException");
|
||||
} catch (IllegalArgumentException expected) {
|
||||
assertEquals("channelDecisionManager must be specified", expected.getMessage());
|
||||
}
|
||||
filter.afterPropertiesSet();
|
||||
}
|
||||
|
||||
public void testDetectsMissingFilterInvocationDefinitionSource()
|
||||
throws Exception {
|
||||
@Test(expected=IllegalArgumentException.class)
|
||||
public void testDetectsMissingFilterInvocationSecurityMetadataSource() throws Exception {
|
||||
ChannelProcessingFilter filter = new ChannelProcessingFilter();
|
||||
filter.setChannelDecisionManager(new MockChannelDecisionManager(false, "MOCK"));
|
||||
|
||||
try {
|
||||
filter.afterPropertiesSet();
|
||||
fail("Should have thrown IllegalArgumentException");
|
||||
} catch (IllegalArgumentException expected) {
|
||||
assertEquals("filterInvocationDefinitionSource must be specified", expected.getMessage());
|
||||
}
|
||||
filter.afterPropertiesSet();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testDetectsSupportedConfigAttribute() throws Exception {
|
||||
ChannelProcessingFilter filter = new ChannelProcessingFilter();
|
||||
filter.setChannelDecisionManager(new MockChannelDecisionManager(false, "SUPPORTS_MOCK_ONLY"));
|
||||
|
||||
MockFilterInvocationDefinitionMap fids = new MockFilterInvocationDefinitionMap("/path", true, "SUPPORTS_MOCK_ONLY");
|
||||
|
||||
filter.setFilterInvocationDefinitionSource(fids);
|
||||
filter.setFilterInvocationSecurityMetadataSource(fids);
|
||||
|
||||
filter.afterPropertiesSet();
|
||||
assertTrue(true);
|
||||
}
|
||||
|
||||
@Test(expected=IllegalArgumentException.class)
|
||||
public void testDetectsUnsupportedConfigAttribute() throws Exception {
|
||||
ChannelProcessingFilter filter = new ChannelProcessingFilter();
|
||||
filter.setChannelDecisionManager(new MockChannelDecisionManager(false, "SUPPORTS_MOCK_ONLY"));
|
||||
|
||||
MockFilterInvocationDefinitionMap fids = new MockFilterInvocationDefinitionMap("/path", true, "SUPPORTS_MOCK_ONLY", "INVALID_ATTRIBUTE");
|
||||
|
||||
filter.setFilterInvocationDefinitionSource(fids);
|
||||
|
||||
try {
|
||||
filter.afterPropertiesSet();
|
||||
fail("Should have thrown IllegalArgumentException");
|
||||
} catch (IllegalArgumentException expected) {
|
||||
assertTrue(expected.getMessage().startsWith("Unsupported configuration attributes:"));
|
||||
}
|
||||
filter.setFilterInvocationSecurityMetadataSource(fids);
|
||||
filter.afterPropertiesSet();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testDoFilterWhenManagerDoesCommitResponse() throws Exception {
|
||||
ChannelProcessingFilter filter = new ChannelProcessingFilter();
|
||||
filter.setChannelDecisionManager(new MockChannelDecisionManager(true, "SOME_ATTRIBUTE"));
|
||||
|
||||
MockFilterInvocationDefinitionMap fids = new MockFilterInvocationDefinitionMap("/path", true, "SOME_ATTRIBUTE");
|
||||
|
||||
filter.setFilterInvocationDefinitionSource(fids);
|
||||
filter.setFilterInvocationSecurityMetadataSource(fids);
|
||||
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
request.setQueryString("info=now");
|
||||
|
@ -113,16 +99,16 @@ public class ChannelProcessingFilterTests extends TestCase {
|
|||
MockFilterChain chain = new MockFilterChain(false);
|
||||
|
||||
filter.doFilter(request, response, chain);
|
||||
assertTrue(true);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testDoFilterWhenManagerDoesNotCommitResponse() throws Exception {
|
||||
ChannelProcessingFilter filter = new ChannelProcessingFilter();
|
||||
filter.setChannelDecisionManager(new MockChannelDecisionManager(false, "SOME_ATTRIBUTE"));
|
||||
|
||||
MockFilterInvocationDefinitionMap fids = new MockFilterInvocationDefinitionMap("/path", true, "SOME_ATTRIBUTE");
|
||||
|
||||
filter.setFilterInvocationDefinitionSource(fids);
|
||||
filter.setFilterInvocationSecurityMetadataSource(fids);
|
||||
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
request.setQueryString("info=now");
|
||||
|
@ -132,9 +118,9 @@ public class ChannelProcessingFilterTests extends TestCase {
|
|||
MockFilterChain chain = new MockFilterChain(true);
|
||||
|
||||
filter.doFilter(request, response, chain);
|
||||
assertTrue(true);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testDoFilterWhenNullConfigAttributeReturned()
|
||||
throws Exception {
|
||||
ChannelProcessingFilter filter = new ChannelProcessingFilter();
|
||||
|
@ -142,7 +128,7 @@ public class ChannelProcessingFilterTests extends TestCase {
|
|||
|
||||
MockFilterInvocationDefinitionMap fids = new MockFilterInvocationDefinitionMap("/path", true, "NOT_USED");
|
||||
|
||||
filter.setFilterInvocationDefinitionSource(fids);
|
||||
filter.setFilterInvocationSecurityMetadataSource(fids);
|
||||
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
request.setQueryString("info=now");
|
||||
|
@ -152,9 +138,9 @@ public class ChannelProcessingFilterTests extends TestCase {
|
|||
MockFilterChain chain = new MockFilterChain(true);
|
||||
|
||||
filter.doFilter(request, response, chain);
|
||||
assertTrue(true);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testGetterSetters() throws Exception {
|
||||
ChannelProcessingFilter filter = new ChannelProcessingFilter();
|
||||
filter.setChannelDecisionManager(new MockChannelDecisionManager(false, "MOCK"));
|
||||
|
@ -162,8 +148,8 @@ public class ChannelProcessingFilterTests extends TestCase {
|
|||
|
||||
MockFilterInvocationDefinitionMap fids = new MockFilterInvocationDefinitionMap("/path", false, "MOCK");
|
||||
|
||||
filter.setFilterInvocationDefinitionSource(fids);
|
||||
assertTrue(filter.getFilterInvocationDefinitionSource() != null);
|
||||
filter.setFilterInvocationSecurityMetadataSource(fids);
|
||||
assertTrue(filter.getFilterInvocationSecurityMetadataSource() != null);
|
||||
|
||||
filter.init(null);
|
||||
filter.afterPropertiesSet();
|
||||
|
@ -197,7 +183,7 @@ public class ChannelProcessingFilterTests extends TestCase {
|
|||
}
|
||||
}
|
||||
|
||||
private class MockFilterInvocationDefinitionMap implements FilterInvocationDefinitionSource {
|
||||
private class MockFilterInvocationDefinitionMap implements FilterInvocationSecurityMetadataSource {
|
||||
private List<ConfigAttribute> toReturn;
|
||||
private String servletPath;
|
||||
private boolean provideIterator;
|
||||
|
|
|
@ -1,91 +1,91 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd" >
|
||||
<beans>
|
||||
<bean id="userDetailsService" class="org.springframework.security.userdetails.memory.InMemoryDaoImpl">
|
||||
<property name="userMap">
|
||||
<value>
|
||||
blueuser=password,ROLE_BASIC,LABEL_BLUE
|
||||
superuser=password2,ROLE_BASIC,LABEL_SHARED
|
||||
orangeuser=password3,ROLE_BASIC,LABEL_ORANGE
|
||||
multiuser=password4,ROLE_BASIC,LABEL_BLUE,LABEL_ORANGE
|
||||
</value>
|
||||
</property>
|
||||
</bean>
|
||||
<bean id="userDetailsService" class="org.springframework.security.userdetails.memory.InMemoryDaoImpl">
|
||||
<property name="userMap">
|
||||
<value>
|
||||
blueuser=password,ROLE_BASIC,LABEL_BLUE
|
||||
superuser=password2,ROLE_BASIC,LABEL_SHARED
|
||||
orangeuser=password3,ROLE_BASIC,LABEL_ORANGE
|
||||
multiuser=password4,ROLE_BASIC,LABEL_BLUE,LABEL_ORANGE
|
||||
</value>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<bean id="daoAuthenticationProvider" class="org.springframework.security.providers.dao.DaoAuthenticationProvider">
|
||||
<property name="userDetailsService"><ref bean="userDetailsService"/></property>
|
||||
</bean>
|
||||
<bean id="daoAuthenticationProvider" class="org.springframework.security.providers.dao.DaoAuthenticationProvider">
|
||||
<property name="userDetailsService"><ref bean="userDetailsService"/></property>
|
||||
</bean>
|
||||
|
||||
<bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
|
||||
<property name="providers">
|
||||
<list>
|
||||
<ref local="daoAuthenticationProvider"/>
|
||||
</list>
|
||||
</property>
|
||||
</bean>
|
||||
<bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
|
||||
<property name="providers">
|
||||
<list>
|
||||
<ref local="daoAuthenticationProvider"/>
|
||||
</list>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<bean id="accessDecisionManager" class="org.springframework.security.vote.UnanimousBased">
|
||||
<property name="allowIfAllAbstainDecisions"><value>false</value></property>
|
||||
<property name="decisionVoters">
|
||||
<list>
|
||||
<bean class="org.springframework.security.vote.RoleVoter"/>
|
||||
<bean class="org.springframework.security.vote.LabelBasedAclVoter">
|
||||
<property name="attributeIndicatingLabeledOperation"><value>LABELED_OPERATION</value></property>
|
||||
<property name="labelMap">
|
||||
<map>
|
||||
<entry key="LABEL_BLUE">
|
||||
<list>
|
||||
<value>blue</value>
|
||||
<value>blue-orange</value>
|
||||
</list>
|
||||
</entry>
|
||||
<entry key="LABEL_ORANGE">
|
||||
<list>
|
||||
<value>orange</value>
|
||||
<value>blue-orange</value>
|
||||
</list>
|
||||
</entry>
|
||||
<entry key="LABEL_SHARED">
|
||||
<list>
|
||||
<value>blue</value>
|
||||
<value>orange</value>
|
||||
<value>blue-orange</value>
|
||||
</list>
|
||||
</entry>
|
||||
</map>
|
||||
</property>
|
||||
</bean>
|
||||
</list>
|
||||
</property>
|
||||
</bean>
|
||||
<bean id="accessDecisionManager" class="org.springframework.security.vote.UnanimousBased">
|
||||
<property name="allowIfAllAbstainDecisions"><value>false</value></property>
|
||||
<property name="decisionVoters">
|
||||
<list>
|
||||
<bean class="org.springframework.security.vote.RoleVoter"/>
|
||||
<bean class="org.springframework.security.vote.LabelBasedAclVoter">
|
||||
<property name="attributeIndicatingLabeledOperation"><value>LABELED_OPERATION</value></property>
|
||||
<property name="labelMap">
|
||||
<map>
|
||||
<entry key="LABEL_BLUE">
|
||||
<list>
|
||||
<value>blue</value>
|
||||
<value>blue-orange</value>
|
||||
</list>
|
||||
</entry>
|
||||
<entry key="LABEL_ORANGE">
|
||||
<list>
|
||||
<value>orange</value>
|
||||
<value>blue-orange</value>
|
||||
</list>
|
||||
</entry>
|
||||
<entry key="LABEL_SHARED">
|
||||
<list>
|
||||
<value>blue</value>
|
||||
<value>orange</value>
|
||||
<value>blue-orange</value>
|
||||
</list>
|
||||
</entry>
|
||||
</map>
|
||||
</property>
|
||||
</bean>
|
||||
</list>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<bean id="securityInteceptor"
|
||||
class="org.springframework.security.intercept.method.aopalliance.MethodSecurityInterceptor">
|
||||
<property name="validateConfigAttributes"><value>false</value></property>
|
||||
<property name="authenticationManager"><ref bean="authenticationManager"/></property>
|
||||
<property name="accessDecisionManager"><ref bean="accessDecisionManager"/></property>
|
||||
<property name="objectDefinitionSource">
|
||||
<value>
|
||||
<bean id="securityInteceptor"
|
||||
class="org.springframework.security.intercept.method.aopalliance.MethodSecurityInterceptor">
|
||||
<property name="validateConfigAttributes"><value>false</value></property>
|
||||
<property name="authenticationManager"><ref bean="authenticationManager"/></property>
|
||||
<property name="accessDecisionManager"><ref bean="accessDecisionManager"/></property>
|
||||
<property name="securityMetadataSource">
|
||||
<value>
|
||||
org.springframework.security.vote.SampleService.get*=ROLE_BASIC
|
||||
org.springframework.security.vote.SampleService.do*=ROLE_BASIC,LABELED_OPERATION
|
||||
</value>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<bean id="perfOfSecurity" class="org.springframework.aop.interceptor.PerformanceMonitorInterceptor">
|
||||
<property name="prefix"><value>Security: </value></property>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<bean id="sampleService" class="org.springframework.security.vote.SampleServiceImpl"/>
|
||||
<bean id="perfOfSecurity" class="org.springframework.aop.interceptor.PerformanceMonitorInterceptor">
|
||||
<property name="prefix"><value>Security: </value></property>
|
||||
</bean>
|
||||
|
||||
<bean class="org.springframework.aop.framework.autoproxy.BeanNameAutoProxyCreator">
|
||||
<property name="beanNames"><value>sampleService</value></property>
|
||||
<property name="interceptorNames">
|
||||
<list>
|
||||
<value>perfOfSecurity</value>
|
||||
<value>securityInteceptor</value>
|
||||
</list>
|
||||
</property>
|
||||
</bean>
|
||||
<bean id="sampleService" class="org.springframework.security.vote.SampleServiceImpl"/>
|
||||
|
||||
<bean class="org.springframework.aop.framework.autoproxy.BeanNameAutoProxyCreator">
|
||||
<property name="beanNames"><value>sampleService</value></property>
|
||||
<property name="interceptorNames">
|
||||
<list>
|
||||
<value>perfOfSecurity</value>
|
||||
<value>securityInteceptor</value>
|
||||
</list>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
</beans>
|
||||
|
|
|
@ -91,7 +91,7 @@
|
|||
<bean id="fsi" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
|
||||
<property name="authenticationManager" ref="authenticationManager"/>
|
||||
<property name="accessDecisionManager" ref="accessDecisionManager"/>
|
||||
<property name="objectDefinitionSource">
|
||||
<property name="securityMetadataSource">
|
||||
<sec:filter-invocation-definition-source>
|
||||
<sec:intercept-url pattern="/secure/extreme/**" access="ROLE_2"/>
|
||||
<sec:intercept-url pattern="/secure/**" access="ROLE_1"/>
|
||||
|
|
|
@ -30,7 +30,7 @@
|
|||
<property name="rejectPublicInvocations" value="true"/>
|
||||
<property name="authenticationManager" ref="authenticationManager"/>
|
||||
<property name="accessDecisionManager" ref="accessDecisionManager"/>
|
||||
<property name="objectDefinitionSource"><value>
|
||||
<property name="securityMetadataSource"><value>
|
||||
org.springframework.security.concurrent.SessionRegistry.get*=ROLE_C
|
||||
</value></property>
|
||||
</bean>
|
||||
|
|
|
@ -3,93 +3,93 @@
|
|||
|
||||
<beans>
|
||||
|
||||
<bean id="filterChainProxy" class="org.springframework.security.util.FilterChainProxy">
|
||||
<property name="filterInvocationDefinitionSource">
|
||||
<value>
|
||||
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
|
||||
PATTERN_TYPE_APACHE_ANT
|
||||
/login_error.jsp=httpSessionContextIntegrationFilter
|
||||
/**=httpSessionContextIntegrationFilter, exceptionTranslationFilter, ntlmFilter, filterSecurityInterceptor
|
||||
</value>
|
||||
</property>
|
||||
</bean>
|
||||
<bean id="filterChainProxy" class="org.springframework.security.util.FilterChainProxy">
|
||||
<property name="filterInvocationDefinitionSource">
|
||||
<value>
|
||||
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
|
||||
PATTERN_TYPE_APACHE_ANT
|
||||
/login_error.jsp=httpSessionContextIntegrationFilter
|
||||
/**=httpSessionContextIntegrationFilter, exceptionTranslationFilter, ntlmFilter, filterSecurityInterceptor
|
||||
</value>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<!-- The first item in the Chain: httpSessionContextIntegrationFilter -->
|
||||
<bean id="httpSessionContextIntegrationFilter" class="org.springframework.security.context.HttpSessionContextIntegrationFilter">
|
||||
<property name="context">
|
||||
<value>org.springframework.security.context.SecurityContextImpl</value>
|
||||
</property>
|
||||
</bean>
|
||||
<!-- The first item in the Chain: httpSessionContextIntegrationFilter -->
|
||||
<bean id="httpSessionContextIntegrationFilter" class="org.springframework.security.context.HttpSessionContextIntegrationFilter">
|
||||
<property name="context">
|
||||
<value>org.springframework.security.context.SecurityContextImpl</value>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<!-- the second item in the chain: exceptionTranslationFilter -->
|
||||
<bean id="exceptionTranslationFilter" class="org.springframework.security.ui.ExceptionTranslationFilter">
|
||||
<property name="authenticationEntryPoint" ref="ntlmEntryPoint"/>
|
||||
</bean>
|
||||
<!-- the second item in the chain: exceptionTranslationFilter -->
|
||||
<bean id="exceptionTranslationFilter" class="org.springframework.security.ui.ExceptionTranslationFilter">
|
||||
<property name="authenticationEntryPoint" ref="ntlmEntryPoint"/>
|
||||
</bean>
|
||||
|
||||
<!-- the third item in the chain: ntlmFilter -->
|
||||
<bean id="ntlmFilter" class="org.springframework.security.ui.ntlm.NtlmProcessingFilter">
|
||||
<property name="defaultDomain" value="YOURDOMAIN"/>
|
||||
<!-- It is better to use a WINS server if available over a specific domain controller
|
||||
<property name="domainController" value="FOO"/> -->
|
||||
<property name="netbiosWINS" value="192.168.0.3"/>
|
||||
<property name="authenticationManager" ref="providerManager"/>
|
||||
</bean>
|
||||
<!-- the third item in the chain: ntlmFilter -->
|
||||
<bean id="ntlmFilter" class="org.springframework.security.ui.ntlm.NtlmProcessingFilter">
|
||||
<property name="defaultDomain" value="YOURDOMAIN"/>
|
||||
<!-- It is better to use a WINS server if available over a specific domain controller
|
||||
<property name="domainController" value="FOO"/> -->
|
||||
<property name="netbiosWINS" value="192.168.0.3"/>
|
||||
<property name="authenticationManager" ref="providerManager"/>
|
||||
</bean>
|
||||
|
||||
<bean id="providerManager" class="org.springframework.security.providers.ProviderManager">
|
||||
<property name="providers">
|
||||
<list>
|
||||
<ref local="daoAuthenticationProvider"/>
|
||||
<bean id="providerManager" class="org.springframework.security.providers.ProviderManager">
|
||||
<property name="providers">
|
||||
<list>
|
||||
<ref local="daoAuthenticationProvider"/>
|
||||
</list>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<bean id="daoAuthenticationProvider" class="org.springframework.security.providers.dao.DaoAuthenticationProvider">
|
||||
<property name="userDetailsService">
|
||||
<ref local="memoryUserDetailsService"/>
|
||||
</property>
|
||||
</bean>
|
||||
<bean id="daoAuthenticationProvider" class="org.springframework.security.providers.dao.DaoAuthenticationProvider">
|
||||
<property name="userDetailsService">
|
||||
<ref local="memoryUserDetailsService"/>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<!-- NOTE: You will need to write a custom UserDetailsService in most cases -->
|
||||
<bean id="memoryUserDetailsService" class="org.springframework.security.userdetails.memory.InMemoryDaoImpl">
|
||||
<property name="userMap">
|
||||
<value>jdoe=PASSWORD,ROLE_USER</value>
|
||||
</property>
|
||||
</bean>
|
||||
<!-- NOTE: You will need to write a custom UserDetailsService in most cases -->
|
||||
<bean id="memoryUserDetailsService" class="org.springframework.security.userdetails.memory.InMemoryDaoImpl">
|
||||
<property name="userMap">
|
||||
<value>jdoe=PASSWORD,ROLE_USER</value>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<!-- the fourth item in the chain: filterSecurityInterceptor -->
|
||||
<bean id="filterSecurityInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
|
||||
<property name="authenticationManager"><ref local="providerManager"/></property>
|
||||
<property name="accessDecisionManager"><ref local="accessDecisionManager"/></property>
|
||||
<property name="objectDefinitionSource">
|
||||
<value>
|
||||
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
|
||||
PATTERN_TYPE_APACHE_ANT
|
||||
/**=ROLE_USER
|
||||
</value>
|
||||
</property>
|
||||
</bean>
|
||||
<!-- the fourth item in the chain: filterSecurityInterceptor -->
|
||||
<bean id="filterSecurityInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
|
||||
<property name="authenticationManager"><ref local="providerManager"/></property>
|
||||
<property name="accessDecisionManager"><ref local="accessDecisionManager"/></property>
|
||||
<property name="securityMetadataSource">
|
||||
<value>
|
||||
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
|
||||
PATTERN_TYPE_APACHE_ANT
|
||||
/**=ROLE_USER
|
||||
</value>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<!-- authenticationManager defined above -->
|
||||
<bean id="accessDecisionManager" class="org.springframework.security.vote.UnanimousBased">
|
||||
<property name="allowIfAllAbstainDecisions">
|
||||
<value>false</value>
|
||||
</property>
|
||||
<property name="decisionVoters">
|
||||
<list>
|
||||
<ref local="roleVoter"/>
|
||||
</list>
|
||||
</property>
|
||||
</bean>
|
||||
<!-- authenticationManager defined above -->
|
||||
<bean id="accessDecisionManager" class="org.springframework.security.vote.UnanimousBased">
|
||||
<property name="allowIfAllAbstainDecisions">
|
||||
<value>false</value>
|
||||
</property>
|
||||
<property name="decisionVoters">
|
||||
<list>
|
||||
<ref local="roleVoter"/>
|
||||
</list>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<bean id="roleVoter" class="org.springframework.security.vote.RoleVoter"/>
|
||||
<bean id="roleVoter" class="org.springframework.security.vote.RoleVoter"/>
|
||||
|
||||
<bean id="ntlmEntryPoint" class="org.springframework.security.ui.ntlm.NtlmProcessingFilterEntryPoint">
|
||||
<property name="authenticationFailureUrl" value="/login_error.jsp"/>
|
||||
</bean>
|
||||
<bean id="ntlmEntryPoint" class="org.springframework.security.ui.ntlm.NtlmProcessingFilterEntryPoint">
|
||||
<property name="authenticationFailureUrl" value="/login_error.jsp"/>
|
||||
</bean>
|
||||
|
||||
<!-- Done with the chain -->
|
||||
<!-- Done with the chain -->
|
||||
|
||||
<!-- This bean automatically receives AuthenticationEvent messages from DaoAuthenticationProvider -->
|
||||
<bean id="loggerListener" class="org.springframework.security.event.authentication.LoggerListener"/>
|
||||
<!-- This bean automatically receives AuthenticationEvent messages from DaoAuthenticationProvider -->
|
||||
<bean id="loggerListener" class="org.springframework.security.event.authentication.LoggerListener"/>
|
||||
|
||||
</beans>
|
||||
|
|
|
@ -220,13 +220,13 @@
|
|||
|
||||
<!-- ================= METHOD INVOCATION AUTHORIZATION ==================== -->
|
||||
|
||||
<bean id="methodSecurityAdvisor" class="org.springframework.security.intercept.method.aopalliance.MethodDefinitionSourceAdvisor" autowire="constructor"/>
|
||||
<bean id="methodSecurityAdvisor" class="org.springframework.security.intercept.method.aopalliance.MethodSecurityMetadataSourceAdvisor" autowire="constructor"/>
|
||||
|
||||
<bean id="methodSecurityInterceptor" class="org.springframework.security.intercept.method.aopalliance.MethodSecurityInterceptor">
|
||||
<property name="authenticationManager"><ref bean="authenticationManager"/></property>
|
||||
<property name="accessDecisionManager"><ref local="businessAccessDecisionManager"/></property>
|
||||
<property name="afterInvocationManager"><ref local="afterInvocationManager"/></property>
|
||||
<property name="objectDefinitionSource">
|
||||
<property name="securityMetadataSource">
|
||||
<value>
|
||||
sample.dms.DocumentDao.create=ACL_ABSTRACT_ELEMENT_WRITE_PARENT
|
||||
sample.dms.DocumentDao.delete=ACL_ABSTRACT_ELEMENT_WRITE
|
||||
|
|
|
@ -38,31 +38,31 @@
|
|||
<bean id="preAuthenticatedProcessingFilterEntryPoint"
|
||||
class="org.springframework.security.ui.preauth.PreAuthenticatedProcessingFilterEntryPoint"/>
|
||||
|
||||
<bean id="logoutFilter" class="org.springframework.security.ui.logout.LogoutFilter">
|
||||
<constructor-arg value="/"/>
|
||||
<constructor-arg>
|
||||
<list>
|
||||
<bean class="org.springframework.security.ui.logout.SecurityContextLogoutHandler"/>
|
||||
</list>
|
||||
</constructor-arg>
|
||||
</bean>
|
||||
<bean id="logoutFilter" class="org.springframework.security.ui.logout.LogoutFilter">
|
||||
<constructor-arg value="/"/>
|
||||
<constructor-arg>
|
||||
<list>
|
||||
<bean class="org.springframework.security.ui.logout.SecurityContextLogoutHandler"/>
|
||||
</list>
|
||||
</constructor-arg>
|
||||
</bean>
|
||||
|
||||
<bean id="authenticationDetailsSource" class="org.springframework.security.ui.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource">
|
||||
<property name="mappableRolesRetriever" ref="j2eeMappableRolesRetriever"/>
|
||||
<property name="userRoles2GrantedAuthoritiesMapper" ref="j2eeUserRoles2GrantedAuthoritiesMapper"/>
|
||||
</bean>
|
||||
|
||||
<bean id="j2eeUserRoles2GrantedAuthoritiesMapper" class="org.springframework.security.authoritymapping.SimpleAttributes2GrantedAuthoritiesMapper">
|
||||
<property name="convertAttributeToUpperCase" value="true"/>
|
||||
<bean id="j2eeUserRoles2GrantedAuthoritiesMapper" class="org.springframework.security.authoritymapping.SimpleAttributes2GrantedAuthoritiesMapper">
|
||||
<property name="convertAttributeToUpperCase" value="true"/>
|
||||
</bean>
|
||||
|
||||
<bean id="j2eeMappableRolesRetriever" class="org.springframework.security.ui.preauth.j2ee.WebXmlMappableAttributesRetriever">
|
||||
<bean id="j2eeMappableRolesRetriever" class="org.springframework.security.ui.preauth.j2ee.WebXmlMappableAttributesRetriever">
|
||||
|
||||
<property name="webXmlInputStream"><bean factory-bean="webXmlResource" factory-method="getInputStream"/>
|
||||
<property name="webXmlInputStream"><bean factory-bean="webXmlResource" factory-method="getInputStream"/>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<bean id="webXmlResource" class="org.springframework.web.context.support.ServletContextResource">
|
||||
<bean id="webXmlResource" class="org.springframework.web.context.support.ServletContextResource">
|
||||
<constructor-arg ref="servletContext"/>
|
||||
<constructor-arg value="/WEB-INF/web.xml"/>
|
||||
</bean>
|
||||
|
@ -73,30 +73,30 @@
|
|||
<property name="authenticationEntryPoint" ref="preAuthenticatedProcessingFilterEntryPoint"/>
|
||||
</bean>
|
||||
|
||||
<bean id="httpRequestAccessDecisionManager" class="org.springframework.security.vote.AffirmativeBased">
|
||||
<bean id="httpRequestAccessDecisionManager" class="org.springframework.security.vote.AffirmativeBased">
|
||||
<property name="allowIfAllAbstainDecisions" value="false"/>
|
||||
<property name="decisionVoters">
|
||||
<list>
|
||||
<list>
|
||||
<ref bean="roleVoter"/>
|
||||
</list>
|
||||
</property>
|
||||
</list>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<bean id="fsi" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
|
||||
<bean id="fsi" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
|
||||
<property name="authenticationManager" ref="authenticationManager"/>
|
||||
<property name="accessDecisionManager" ref="httpRequestAccessDecisionManager"/>
|
||||
<property name="objectDefinitionSource">
|
||||
<property name="securityMetadataSource">
|
||||
<sec:filter-invocation-definition-source>
|
||||
<sec:intercept-url pattern="/secure/extreme/**" access="ROLE_SUPERVISOR"/>
|
||||
<sec:intercept-url pattern="/secure/**" access="ROLE_USER"/>
|
||||
<sec:intercept-url pattern="/**" access="ROLE_USER"/>
|
||||
</sec:filter-invocation-definition-source>
|
||||
</property>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<bean id="roleVoter" class="org.springframework.security.vote.RoleVoter"/>
|
||||
|
||||
<bean id="securityContextHolderAwareRequestFilter" class="org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter">
|
||||
<bean id="securityContextHolderAwareRequestFilter" class="org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter">
|
||||
<property name="wrapperClass" value="org.springframework.security.wrapper.SecurityContextHolderAwareRequestWrapper"/>
|
||||
</bean>
|
||||
|
||||
|
|
Loading…
Reference in New Issue