SEC-1132: Moved remaining preauth code from core to web
This commit is contained in:
Luke Taylor
parent
76561813e9
commit
4bad213b19
|
|
@ -12,9 +12,9 @@ import org.springframework.beans.factory.config.BeanPostProcessor;
|
|||
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
|
||||
import org.springframework.beans.factory.config.RuntimeBeanReference;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.security.authentication.preauth.PreAuthenticatedAuthenticationProvider;
|
||||
import org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper;
|
||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider;
|
||||
import org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
package org.springframework.security.config;
|
||||
|
||||
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider;
|
||||
import org.springframework.security.web.authentication.preauth.PreAuthenticatedProcessingFilterEntryPoint;
|
||||
import org.springframework.security.web.authentication.preauth.x509.SubjectDnX509PrincipalExtractor;
|
||||
import org.springframework.security.web.authentication.preauth.x509.X509PreAuthenticatedProcessingFilter;
|
||||
import org.springframework.security.authentication.preauth.PreAuthenticatedAuthenticationProvider;
|
||||
import org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper;
|
||||
import org.springframework.beans.factory.xml.BeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
package org.springframework.security.authentication.preauth;
|
||||
package org.springframework.security.core.userdetails;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import org.springframework.dao.DataAccessException;
|
||||
import org.springframework.security.authentication.preauth.PreAuthenticatedAuthenticationToken;
|
||||
import org.springframework.security.authentication.TestingAuthenticationToken;
|
||||
import org.springframework.security.core.authority.AuthorityUtils;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
|
|
@ -42,9 +42,9 @@ public class UserDetailsByNameServiceWrapperTests extends TestCase {
|
|||
}
|
||||
});
|
||||
svc.afterPropertiesSet();
|
||||
UserDetails result1 = svc.loadUserDetails(new PreAuthenticatedAuthenticationToken("dummy", "dummy"));
|
||||
UserDetails result1 = svc.loadUserDetails(new TestingAuthenticationToken("dummy", "dummy"));
|
||||
assertEquals("Result doesn't match original user", user, result1);
|
||||
UserDetails result2 = svc.loadUserDetails(new PreAuthenticatedAuthenticationToken("dummy2", "dummy"));
|
||||
UserDetails result2 = svc.loadUserDetails(new TestingAuthenticationToken("dummy2", "dummy"));
|
||||
assertNull("Result should have been null", result2);
|
||||
}
|
||||
|
||||
|
|
@ -71,7 +71,7 @@
|
|||
</bean>
|
||||
|
||||
|
||||
<bean id="preAuthenticatedAuthenticationProvider" class="org.springframework.security.authentication.preauth.PreAuthenticatedAuthenticationProvider">
|
||||
<bean id="preAuthenticatedAuthenticationProvider" class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
|
||||
<property name="preAuthenticatedUserDetailsService" ref="preAuthenticatedUserDetailsService"/>
|
||||
</bean>
|
||||
|
||||
|
|
|
|||
|
|
@ -40,12 +40,12 @@ import org.springframework.beans.factory.InitializingBean;
|
|||
import org.springframework.security.authentication.AuthenticationDetailsSource;
|
||||
import org.springframework.security.authentication.AuthenticationDetailsSourceImpl;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.authentication.preauth.PreAuthenticatedAuthenticationToken;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.core.context.SecurityContext;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.web.authentication.AbstractProcessingFilter;
|
||||
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.web.portlet.HandlerInterceptor;
|
||||
import org.springframework.web.portlet.ModelAndView;
|
||||
|
|
|
|||
|
|
@ -32,11 +32,11 @@ import org.springframework.mock.web.portlet.MockActionResponse;
|
|||
import org.springframework.mock.web.portlet.MockRenderRequest;
|
||||
import org.springframework.mock.web.portlet.MockRenderResponse;
|
||||
import org.springframework.security.web.authentication.AbstractProcessingFilter;
|
||||
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.authentication.BadCredentialsException;
|
||||
import org.springframework.security.authentication.TestingAuthenticationToken;
|
||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.authentication.preauth.PreAuthenticatedAuthenticationToken;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.authority.AuthorityUtils;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
|
|
|
|||
|
|
@ -24,12 +24,12 @@ import org.springframework.mock.web.portlet.MockActionRequest;
|
|||
import org.springframework.mock.web.portlet.MockActionResponse;
|
||||
import org.springframework.mock.web.portlet.MockRenderRequest;
|
||||
import org.springframework.mock.web.portlet.MockRenderResponse;
|
||||
import org.springframework.security.authentication.preauth.PreAuthenticatedAuthenticationToken;
|
||||
import org.springframework.security.core.authority.AuthorityUtils;
|
||||
import org.springframework.security.core.context.SecurityContext;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.core.context.SecurityContextImpl;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
|
||||
|
||||
/**
|
||||
* Tests {@link PortletSessionContextIntegrationInterceptor}.
|
||||
|
|
|
|||
|
|
@ -24,10 +24,10 @@ import org.springframework.mock.web.portlet.MockPortletRequest;
|
|||
import org.springframework.mock.web.portlet.MockRenderRequest;
|
||||
import org.springframework.mock.web.portlet.MockRenderResponse;
|
||||
import org.springframework.security.authentication.TestingAuthenticationToken;
|
||||
import org.springframework.security.authentication.preauth.PreAuthenticatedAuthenticationToken;
|
||||
import org.springframework.security.core.authority.AuthorityUtils;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
|
||||
|
||||
/**
|
||||
* Utilities for testing Portlet (JSR 168) based security.
|
||||
|
|
|
|||
|
|
@ -60,16 +60,16 @@
|
|||
|
||||
<sec:authentication-manager alias="authenticationManager"/>
|
||||
|
||||
<bean id="portletAuthProvider" class="org.springframework.security.authentication.preauth.PreAuthenticatedAuthenticationProvider">
|
||||
<bean id="portletAuthProvider" class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
|
||||
<sec:custom-authentication-provider/>
|
||||
<property name="preAuthenticatedUserDetailsService">
|
||||
<bean class="org.springframework.security.authentication.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsService"/>
|
||||
<bean class="org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsService"/>
|
||||
</property>
|
||||
<property name="throwExceptionWhenTokenRejected" value="true"/>
|
||||
</bean>
|
||||
|
||||
<!--
|
||||
<bean id="portletAuthProvider" class="org.springframework.security.authentication.preauth.PreAuthenticatedAuthenticationProvider">
|
||||
<bean id="portletAuthProvider" class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
|
||||
<sec:custom-authentication-provider/>
|
||||
<property name="preAuthenticatedUserDetailsService">
|
||||
<bean class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
|
||||
|
|
|
|||
|
|
@ -22,13 +22,13 @@
|
|||
|
||||
<sec:authentication-manager alias="authenticationManager" />
|
||||
|
||||
<bean id="preAuthenticatedAuthenticationProvider" class="org.springframework.security.authentication.preauth.PreAuthenticatedAuthenticationProvider">
|
||||
<bean id="preAuthenticatedAuthenticationProvider" class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
|
||||
<sec:custom-authentication-provider />
|
||||
<property name="preAuthenticatedUserDetailsService" ref="preAuthenticatedUserDetailsService"/>
|
||||
</bean>
|
||||
|
||||
<bean id="preAuthenticatedUserDetailsService"
|
||||
class="org.springframework.security.authentication.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsService"/>
|
||||
class="org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsService"/>
|
||||
|
||||
<bean id="j2eePreAuthFilter" class="org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthenticatedProcessingFilter">
|
||||
<property name="authenticationManager" ref="authenticationManager"/>
|
||||
|
|
|
|||
|
|
@ -44,13 +44,13 @@
|
|||
<para><programlisting>
|
||||
<![CDATA[
|
||||
<bean id="anonymousProcessingFilter"
|
||||
class="org.springframework.security.providers.anonymous.AnonymousProcessingFilter">
|
||||
class="org.springframework.security.web.authentication.AnonymousProcessingFilter">
|
||||
<property name="key" value="foobar"/>
|
||||
<property name="userAttribute" value="anonymousUser,ROLE_ANONYMOUS"/>
|
||||
</bean>
|
||||
|
||||
<bean id="anonymousAuthenticationProvider"
|
||||
class="org.springframework.security.providers.anonymous.AnonymousAuthenticationProvider">
|
||||
class="org.springframework.security.authentication.AnonymousAuthenticationProvider">
|
||||
<property name="key" value="foobar"/>
|
||||
</bean>]]>
|
||||
</programlisting></para>
|
||||
|
|
@ -71,7 +71,7 @@
|
|||
<para><programlisting>
|
||||
<![CDATA[
|
||||
<bean id="filterInvocationInterceptor"
|
||||
class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
|
||||
class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
|
||||
<property name="authenticationManager" ref="authenticationManager"/>
|
||||
<property name="accessDecisionManager" ref="httpRequestAccessDecisionManager"/>
|
||||
<property name="objectDefinitionSource">
|
||||
|
|
|
|||
|
|
@ -184,71 +184,6 @@ boolean supports(Class clazz);
|
|||
as the <literal>ROLE_</literal> prefix.</para>
|
||||
</section>
|
||||
|
||||
<!--
|
||||
|
||||
<para><literal>BasicAclEntryVoter</literal> is the other concrete
|
||||
voter included with Spring Security. It integrates with Spring
|
||||
Security's <literal>AclManager</literal> (discussed later). This voter
|
||||
is designed to have multiple instances in the same application
|
||||
context, such as:
|
||||
<programlisting>
|
||||
<![CDATA[
|
||||
<bean id="aclContactReadVoter"
|
||||
class="org.springframework.security.vote.BasicAclEntryVoter">
|
||||
<property name="processConfigAttribute" value="ACL_CONTACT_READ"/>
|
||||
<property name="processDomainObjectClass" value="sample.contact.Contact"/>
|
||||
<property name="aclManager" ref="aclManager"/>
|
||||
<property name="requirePermission">
|
||||
<list>
|
||||
<ref local="org.springframework.security.acl.basic.SimpleAclEntry.ADMINISTRATION"/>
|
||||
<ref local="org.springframework.security.acl.basic.SimpleAclEntry.READ"/>
|
||||
</list>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<bean id="aclContactDeleteVoter"
|
||||
class="org.springframework.security.vote.BasicAclEntryVoter">
|
||||
<property name="processConfigAttribute" value="ACL_CONTACT_DELETE"/>
|
||||
<property name="processDomainObjectClass" value="sample.contact.Contact"/>
|
||||
<property name="aclManager" ref="aclManager"/>
|
||||
<property name="requirePermission">
|
||||
<list>
|
||||
<ref local="org.springframework.security.acl.basic.SimpleAclEntry.ADMINISTRATION"/>
|
||||
<ref local="org.springframework.security.acl.basic.SimpleAclEntry.DELETE"/>
|
||||
</list>
|
||||
</property>
|
||||
</bean>
|
||||
]]></programlisting>
|
||||
In the above example, you'd define
|
||||
<literal>ACL_CONTACT_READ</literal> or
|
||||
<literal>ACL_CONTACT_DELETE</literal> against some methods on a
|
||||
<classname>MethodSecurityInterceptor</classname> or
|
||||
<literal>AspectJSecurityInterceptor</literal>. When those methods are
|
||||
invoked, the above applicable voter defined above would vote to grant
|
||||
or deny access. The voter would look at the method invocation to
|
||||
locate the first argument of type
|
||||
<literal>sample.contact.Contact</literal>, and then pass that
|
||||
<literal>Contact</literal> to the <literal>AclManager</literal>. The
|
||||
<literal>AclManager</literal> will then return an access control list
|
||||
(ACL) that applies to the current <interfacename>Authentication</interfacename>.
|
||||
Assuming that ACL contains one of the listed
|
||||
<literal>requirePermission</literal>s, the voter will vote to grant
|
||||
access. If the ACL does not contain one of the permissions defined
|
||||
against the voter, the voter will vote to deny access.
|
||||
<literal>BasicAclEntryVoter</literal> is an important class as it
|
||||
allows you to build truly complex applications with domain object
|
||||
security entirely defined in the application context. If you're
|
||||
interested in learning more about Spring Security's ACL capabilities
|
||||
and how best to apply them, please see the ACL and "After Invocation"
|
||||
sections of this reference guide, and the Contacts sample
|
||||
application.</para>
|
||||
-->
|
||||
<!--
|
||||
<para>TODO: Remove references to the old ACL package when it's
|
||||
deprecated, and have all references to the replacement package limited
|
||||
to the chapter describing the new ACL implementation.</para>
|
||||
-->
|
||||
|
||||
<section>
|
||||
<title>Custom Voters</title>
|
||||
<para>It is also possible to implement a custom
|
||||
|
|
@ -337,19 +272,7 @@ boolean supports(Class clazz);
|
|||
<literal>ROLE_AUTHENTICATED</literal> configuration attribute</para>
|
||||
|
||||
<section xml:id="after-invocation-acl-aware"><info><title>ACL-Aware AfterInvocationProviders</title></info>
|
||||
|
||||
<para>PLEASE NOTE: Acegi Security 1.0.3 contains a preview of a new
|
||||
ACL module. The new ACL module is a significant rewrite of the
|
||||
existing ACL module. The new module can be found under the
|
||||
<literal>org.springframework.security.acls</literal> package, with
|
||||
the old ACL module under
|
||||
<literal>org.springframework.security.acl</literal>. We encourage
|
||||
users to consider testing with the new ACL module and build
|
||||
applications with it. The old ACL module should be considered
|
||||
deprecated and may be removed from a future release. The following
|
||||
information relates to the new ACL package, and is thus
|
||||
recommended.</para>
|
||||
|
||||
<!-- TODO: Move to ACL section and add reference here -->
|
||||
<para>A common services layer method we've all written at one stage
|
||||
or another looks like this:</para>
|
||||
|
||||
|
|
@ -362,11 +285,11 @@ boolean supports(Class clazz);
|
|||
not suffice. This is because the identity of the
|
||||
<literal>Contact</literal> is all that is available before the
|
||||
secure object is invoked. The
|
||||
<literal>AclAfterInvocationProvider</literal> delivers a solution,
|
||||
<classname>AclEntryAfterInvocationProvider</classname> delivers a solution,
|
||||
and is configured as follows:
|
||||
<programlisting><![CDATA[
|
||||
<bean id="afterAclRead"
|
||||
class="org.springframework.security.afterinvocation.AclEntryAfterInvocationProvider">
|
||||
class="org.springframework.security.acls.afterinvocation.AclEntryAfterInvocationProvider">
|
||||
<constructor-arg ref="aclService"/>
|
||||
<constructor-arg>
|
||||
<list>
|
||||
|
|
@ -378,25 +301,25 @@ boolean supports(Class clazz);
|
|||
]]></programlisting>
|
||||
In the above example, the <literal>Contact</literal> will be
|
||||
retrieved and passed to the
|
||||
<literal>AclEntryAfterInvocationProvider</literal>. The provider
|
||||
will thrown an <literal>AccessDeniedException</literal> if one of
|
||||
<classname>AclEntryAfterInvocationProvider</classname>. The provider
|
||||
will thrown an <classname>AccessDeniedException</classname> if one of
|
||||
the listed <literal>requirePermission</literal>s is not held by the
|
||||
<interfacename>Authentication</interfacename>. The
|
||||
<literal>AclEntryAfterInvocationProvider</literal> queries the
|
||||
<literal>Acl</literal>Service to determine the ACL that applies for
|
||||
<classname>AclEntryAfterInvocationProvider</classname> queries the
|
||||
acl service to determine the ACL that applies for
|
||||
this domain object to this <interfacename>Authentication</interfacename>.</para>
|
||||
|
||||
<para>Similar to the
|
||||
<literal>AclEntryAfterInvocationProvider</literal> is
|
||||
<literal>AclEntryAfterInvocationCollectionFilteringProvider</literal>.
|
||||
<classname>AclEntryAfterInvocationProvider</classname> is
|
||||
<classname>AclEntryAfterInvocationCollectionFilteringProvider</classname>.
|
||||
It is designed to remove <literal>Collection</literal> or array
|
||||
elements for which a principal does not have access. It never thrown
|
||||
an <literal>AccessDeniedException</literal> - simply silently
|
||||
an <classname>AccessDeniedException</classname> - simply silently
|
||||
removes the offending elements. The provider is configured as
|
||||
follows:
|
||||
<programlisting><![CDATA[
|
||||
<bean id="afterAclCollectionRead"
|
||||
class="org.springframework.security.afterinvocation.AclEntryAfterInvocationCollectionFilteringProvider">
|
||||
class="org.springframework.security.acls.afterinvocation.AclEntryAfterInvocationCollectionFilteringProvider">
|
||||
<constructor-arg ref="aclService"/>
|
||||
<constructor-arg>
|
||||
<list>
|
||||
|
|
@ -416,92 +339,10 @@ boolean supports(Class clazz);
|
|||
<para>The Contacts sample application demonstrates these two
|
||||
<literal>AfterInvocationProvider</literal>s.</para>
|
||||
</section>
|
||||
|
||||
<section xml:id="after-invocation-acl-aware-old">
|
||||
<info><title>ACL-Aware AfterInvocationProviders (old ACL module)</title></info>
|
||||
|
||||
<para>PLEASE NOTE: Acegi Security 1.0.3 contains a preview of a new
|
||||
ACL module. The new ACL module is a significant rewrite of the
|
||||
existing ACL module. The new module can be found under the
|
||||
<literal>org.springframework.security.acls</literal> package, with
|
||||
the old ACL module under
|
||||
<literal>org.springframework.security.acl</literal>. We encourage
|
||||
users to consider testing with the new ACL module and build
|
||||
applications with it. The old ACL module should be considered
|
||||
deprecated and may be removed from a future release.</para>
|
||||
|
||||
<para>A common services layer method we've all written at one stage
|
||||
or another looks like this:</para>
|
||||
|
||||
<para><programlisting>public Contact getById(Integer id);</programlisting></para>
|
||||
|
||||
<para>Quite often, only principals with permission to read the
|
||||
<literal>Contact</literal> should be allowed to obtain it. In this
|
||||
situation the <interfacename>AccessDecisionManager</interfacename> approach
|
||||
provided by the <classname>AbstractSecurityInterceptor</classname> will
|
||||
not suffice. This is because the identity of the
|
||||
<literal>Contact</literal> is all that is available before the
|
||||
secure object is invoked. The
|
||||
<literal>BasicAclAfterInvocationProvider</literal> delivers a
|
||||
solution, and is configured as follows:</para>
|
||||
|
||||
<para><programlisting><![CDATA[
|
||||
<bean id="afterAclRead"
|
||||
class="org.springframework.security.afterinvocation.BasicAclEntryAfterInvocationProvider">
|
||||
<property name="aclManager" ref="aclManager"/>
|
||||
<property name="requirePermission">
|
||||
<list>
|
||||
<ref local="org.springframework.security.acl.basic.SimpleAclEntry.ADMINISTRATION"/>
|
||||
<ref local="org.springframework.security.acl.basic.SimpleAclEntry.READ"/>
|
||||
</list>
|
||||
</property>
|
||||
</bean>
|
||||
]]> </programlisting></para>
|
||||
|
||||
<para>In the above example, the <literal>Contact</literal> will be
|
||||
retrieved and passed to the
|
||||
<literal>BasicAclEntryAfterInvocationProvider</literal>. The
|
||||
provider will thrown an <literal>AccessDeniedException</literal> if
|
||||
one of the listed <literal>requirePermission</literal>s is not held
|
||||
by the <interfacename>Authentication</interfacename>. The
|
||||
<literal>BasicAclEntryAfterInvocationProvider</literal> queries the
|
||||
<literal>AclManager</literal> to determine the ACL that applies for
|
||||
this domain object to this <interfacename>Authentication</interfacename>.</para>
|
||||
|
||||
<para>Similar to the
|
||||
<literal>BasicAclEntryAfterInvocationProvider</literal> is
|
||||
<literal>BasicAclEntryAfterInvocationCollectionFilteringProvider</literal>.
|
||||
It is designed to remove <literal>Collection</literal> or array
|
||||
elements for which a principal does not have access. It never thrown
|
||||
an <literal>AccessDeniedException</literal> - simply silently
|
||||
removes the offending elements. The provider is configured as
|
||||
follows:
|
||||
<programlisting><![CDATA[
|
||||
<bean id="afterAclCollectionRead"
|
||||
class="org.springframework.security.afterinvocation.BasicAclEntryAfterInvocationCollectionFilteringProvider">
|
||||
<property name="aclManager" ref="aclManager"/>
|
||||
<property name="requirePermission">
|
||||
<list>
|
||||
<ref local="org.springframework.security.acl.basic.SimpleAclEntry.ADMINISTRATION"/>
|
||||
<ref local="org.springframework.security.acl.basic.SimpleAclEntry.READ"/>
|
||||
</list>
|
||||
</property>
|
||||
</bean>
|
||||
]]></programlisting>
|
||||
As you can imagine, the returned <literal>Object</literal>
|
||||
must be a <literal>Collection</literal> or array for this provider
|
||||
to operate. It will remove any element if the
|
||||
<literal>AclManager</literal> indicates the
|
||||
<interfacename>Authentication</interfacename> does not hold one of the listed
|
||||
<literal>requirePermission</literal>s.</para>
|
||||
|
||||
<para>The Contacts sample application demonstrates these two
|
||||
<literal>AfterInvocationProvider</literal>s.</para>
|
||||
</section>
|
||||
</section>
|
||||
|
||||
<section xml:id="authorization-taglibs"><info><title>Authorization Tag Libraries</title></info>
|
||||
|
||||
<section xml:id="authorization-taglibs">
|
||||
<info><title>Authorization Tag Libraries</title></info>
|
||||
|
||||
<para><literal>AuthorizeTag</literal> is used to include content if
|
||||
the current principal holds certain
|
||||
|
|
|
|||
|
|
@ -28,13 +28,13 @@
|
|||
collaborator:</para>
|
||||
|
||||
<para><programlisting>
|
||||
<bean id="basicProcessingFilter" class="org.springframework.security.ui.basicauth.BasicProcessingFilter">
|
||||
<bean id="basicProcessingFilter" class="org.springframework.security.web.authentication.www.BasicProcessingFilter">
|
||||
<property name="authenticationManager"><ref bean="authenticationManager"/></property>
|
||||
<property name="authenticationEntryPoint"><ref bean="authenticationEntryPoint"/></property>
|
||||
</bean>
|
||||
|
||||
<bean id="authenticationEntryPoint"
|
||||
class="org.springframework.security.ui.basicauth.BasicProcessingFilterEntryPoint">
|
||||
class="org.springframework.security.web.authentication.www.BasicProcessingFilterEntryPoint">
|
||||
<property name="realmName"><value>Name Of Your Realm</value></property>
|
||||
</bean>
|
||||
|
||||
|
|
|
|||
|
|
@ -274,7 +274,7 @@
|
|||
to your application context. This represents your service:</para>
|
||||
|
||||
<para><programlisting><![CDATA[
|
||||
<bean id="serviceProperties" class="org.springframework.security.ui.cas.ServiceProperties">
|
||||
<bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
|
||||
<property name="service" value="https://localhost:8443/cas-sample/j_spring_cas_security_check"/>
|
||||
<property name="sendRenew" value="false"/>
|
||||
</bean>]]>
|
||||
|
|
@ -294,7 +294,7 @@
|
|||
<para><programlisting><![CDATA[
|
||||
<security:authentication-manager alias="authenticationManager"/>
|
||||
|
||||
<bean id="casProcessingFilter" class="org.springframework.security.ui.cas.CasProcessingFilter">
|
||||
<bean id="casProcessingFilter" class="org.springframework.security.cas.web.CasProcessingFilter">
|
||||
<security:custom-filter after="CAS_PROCESSING_FILTER"/>
|
||||
<property name="authenticationManager" ref="authenticationManager"/>
|
||||
<property name="authenticationFailureUrl" value="/casfailed.jsp"/>
|
||||
|
|
@ -302,7 +302,7 @@
|
|||
</bean>
|
||||
|
||||
<bean id="casProcessingFilterEntryPoint"
|
||||
class="org.springframework.security.ui.cas.CasProcessingFilterEntryPoint">
|
||||
class="org.springframework.security.cas.web.CasProcessingFilterEntryPoint">
|
||||
<property name="loginUrl" value="https://localhost:9443/cas/login"/>
|
||||
<property name="serviceProperties" ref="serviceProperties"/>
|
||||
</bean>
|
||||
|
|
@ -335,7 +335,7 @@
|
|||
<para>Next you need to add a <literal>CasAuthenticationProvider</literal> and its
|
||||
collaborators:
|
||||
<programlisting><![CDATA[
|
||||
<bean id="casAuthenticationProvider" class="org.springframework.security.providers.cas.CasAuthenticationProvider">
|
||||
<bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
|
||||
<security:custom-authentication-provider />
|
||||
<property name="userDetailsService" ref="userService"/>
|
||||
<property name="serviceProperties" ref="serviceProperties" />
|
||||
|
|
|
|||
|
|
@ -42,7 +42,7 @@
|
|||
<para>To confiure channel security explicitly, you would define the following the filter in your application
|
||||
context:
|
||||
<programlisting><![CDATA[
|
||||
<bean id="channelProcessingFilter" class="org.springframework.security.securechannel.ChannelProcessingFilter">
|
||||
<bean id="channelProcessingFilter" class="org.springframework.security.web.access.channel.ChannelProcessingFilter">
|
||||
<property name="channelDecisionManager" ref="channelDecisionManager"/>
|
||||
<property name="filterInvocationDefinitionSource">
|
||||
<security:filter-invocation-definition-source path-type="regex">
|
||||
|
|
@ -54,7 +54,7 @@
|
|||
</property>
|
||||
</bean>
|
||||
|
||||
<bean id="channelDecisionManager" class="org.springframework.security.securechannel.ChannelDecisionManagerImpl">
|
||||
<bean id="channelDecisionManager" class="org.springframework.security.access.channel.ChannelDecisionManagerImpl">
|
||||
<property name="channelProcessors">
|
||||
<list>
|
||||
<ref bean="secureChannelProcessor"/>
|
||||
|
|
@ -63,8 +63,8 @@
|
|||
</property>
|
||||
</bean>
|
||||
|
||||
<bean id="secureChannelProcessor" class="org.springframework.security.securechannel.SecureChannelProcessor"/>
|
||||
<bean id="insecureChannelProcessor" class="org.springframework.security.securechannel.InsecureChannelProcessor"/>]]>
|
||||
<bean id="secureChannelProcessor" class="org.springframework.security.access.channel.SecureChannelProcessor"/>
|
||||
<bean id="insecureChannelProcessor" class="org.springframework.security.access.channel.InsecureChannelProcessor"/>]]>
|
||||
</programlisting>
|
||||
Like <classname>FilterSecurityInterceptor</classname>, Apache Ant
|
||||
style paths are also supported by the
|
||||
|
|
|
|||
|
|
@ -46,7 +46,7 @@
|
|||
|
||||
<para><programlisting><![CDATA[
|
||||
<bean id="filterChainProxy"
|
||||
class="org.springframework.security.util.FilterChainProxy">
|
||||
class="org.springframework.security.web.FilterChainProxy">
|
||||
<security:filter-chain-map path-type="ant">
|
||||
<security:filter-chain pattern="/**" filters="httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,basicProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor,switchUserProcessingFilter"/>
|
||||
</security:filter-chain-map>
|
||||
|
|
@ -124,7 +124,7 @@
|
|||
the example we're using in this chapter:</para>
|
||||
|
||||
<para><programlisting><bean id="authenticationManager"
|
||||
class="org.springframework.security.providers.ProviderManager">
|
||||
class="org.springframework.security.authentication.ProviderManager">
|
||||
<property name="providers">
|
||||
<list>
|
||||
<ref local="daoAuthenticationProvider"/>
|
||||
|
|
@ -187,17 +187,17 @@
|
|||
|
||||
<para><programlisting><![CDATA[
|
||||
<bean id="exceptionTranslationFilter"
|
||||
class="org.springframework.security.ui.ExceptionTranslationFilter">
|
||||
class="org.springframework.security.web.access.ExceptionTranslationFilter">
|
||||
<property name="authenticationEntryPoint" ref="authenticationProcessingFilterEntryPoint"/>
|
||||
<property name="accessDeniedHandler">
|
||||
<bean class="org.springframework.security.ui.AccessDeniedHandlerImpl">
|
||||
<bean class="org.springframework.security.web.access.AccessDeniedHandlerImpl">
|
||||
<property name="errorPage" value="/accessDenied.jsp"/>
|
||||
</bean>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<bean id="authenticationProcessingFilterEntryPoint"
|
||||
class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
|
||||
class="org.springframework.security.web.authentication.AuthenticationProcessingFilterEntryPoint">
|
||||
<property name="loginFormUrl" value="/login.jsp"/>
|
||||
<property name="forceHttps">< value="false"/>
|
||||
</bean>]]></programlisting></para>
|
||||
|
|
@ -335,7 +335,7 @@
|
|||
<property name="password" value=""/>
|
||||
</bean>
|
||||
|
||||
<bean id="userDetailsService" class="org.springframework.security.userdetails.jdbc.JdbcDaoImpl">
|
||||
<bean id="userDetailsService" class="org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl">
|
||||
<property name="dataSource" ref="dataSource"/>
|
||||
</bean> ]]> </programlisting></para>
|
||||
|
||||
|
|
@ -396,13 +396,13 @@
|
|||
following to <literal>web.xml</literal>:
|
||||
<programlisting>
|
||||
<listener>
|
||||
<listener-class>org.springframework.security.ui.session.HttpSessionEventPublisher</listener-class>
|
||||
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
|
||||
</listener>
|
||||
</programlisting>
|
||||
</para>
|
||||
|
||||
<para>In addition, you will need to add the
|
||||
<literal>org.springframework.security.concurrent.ConcurrentSessionFilter</literal>
|
||||
<literal>org.springframework.security.web.authentication.concurrent.ConcurrentSessionFilter</literal>
|
||||
to your <classname>FilterChainProxy</classname>. The
|
||||
<classname>ConcurrentSessionFilter</classname> requires two
|
||||
properties, <literal>sessionRegistry</literal>, which generally points
|
||||
|
|
@ -425,7 +425,7 @@
|
|||
<para>
|
||||
<programlisting><![CDATA[
|
||||
<bean id="authenticationManager"
|
||||
class="org.springframework.security.providers.ProviderManager">
|
||||
class="org.springframework.security.authentication.ProviderManager">
|
||||
<property name="providers">
|
||||
<!-- your providers go here -->
|
||||
</property>
|
||||
|
|
@ -433,10 +433,10 @@
|
|||
</bean>
|
||||
|
||||
<bean id="concurrentSessionController"
|
||||
class="org.springframework.security.concurrent.ConcurrentSessionControllerImpl">
|
||||
class="org.springframework.security.authentication.concurrent.ConcurrentSessionControllerImpl">
|
||||
<property name="maximumSessions" value="1"/>
|
||||
<property name="sessionRegistry">
|
||||
<bean class="org.springframework.security.concurrent.SessionRegistryImpl"/>
|
||||
<bean class="org.springframework.security.authentication.concurrent.SessionRegistryImpl"/>
|
||||
<property>
|
||||
</bean>
|
||||
]]></programlisting></para>
|
||||
|
|
|
|||
|
|
@ -33,7 +33,7 @@
|
|||
<para><programlisting>
|
||||
<![CDATA[
|
||||
<bean id="daoAuthenticationProvider"
|
||||
class="org.springframework.security.providers.dao.DaoAuthenticationProvider">
|
||||
class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
|
||||
<property name="userDetailsService" ref="inMemoryDaoImpl"/>
|
||||
<property name="saltSource" ref bean="saltSource"/>
|
||||
<property name="passwordEncoder" ref="passwordEncoder"/>
|
||||
|
|
@ -71,7 +71,7 @@
|
|||
follows:</para>
|
||||
<para><programlisting><![CDATA[
|
||||
<bean id="daoAuthenticationProvider"
|
||||
class="org.springframework.security.providers.dao.DaoAuthenticationProvider">
|
||||
class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
|
||||
<property name="userDetailsService" ref="userDetailsService"/>
|
||||
<property name="userCache" ref="userCache"/>
|
||||
</bean>
|
||||
|
|
@ -85,7 +85,7 @@
|
|||
<property name="cacheName" value="userCache"/>
|
||||
</bean>
|
||||
|
||||
<bean id="userCache" class="org.springframework.security.providers.dao.cache.EhCacheBasedUserCache">
|
||||
<bean id="userCache" class="org.springframework.security.core.userdetails.cache.EhCacheBasedUserCache">
|
||||
<property name="cache" ref="userCacheBackend"/>
|
||||
</bean>]]>
|
||||
</programlisting></para>
|
||||
|
|
|
|||
|
|
@ -92,14 +92,14 @@
|
|||
<para><programlisting>
|
||||
<![CDATA[
|
||||
<bean id="digestProcessingFilter"
|
||||
class="org.springframework.security.ui.digestauth.DigestProcessingFilter">
|
||||
class="org.springframework.security.web.authentication.www.DigestProcessingFilter">
|
||||
<property name="userDetailsService" ref="jdbcDaoImpl"/>
|
||||
<property name="authenticationEntryPoint" ref="digestProcessingFilterEntryPoint"/>
|
||||
<property name="userCache" ref="userCache"/>
|
||||
</bean>
|
||||
|
||||
<bean id="digestProcessingFilterEntryPoint"
|
||||
class="org.springframework.security.ui.digestauth.DigestProcessingFilterEntryPoint">
|
||||
class="org.springframework.security.web.authentication.www.DigestProcessingFilterEntryPoint">
|
||||
<property name="realmName" value="Contacts Realm via Digest Authentication"/>
|
||||
<property name="key" value="acegi"/>
|
||||
<property name="nonceValiditySeconds" value="10"/>
|
||||
|
|
|
|||
|
|
@ -6,13 +6,6 @@
|
|||
<info>
|
||||
<title>Overview</title>
|
||||
</info>
|
||||
<para>PLEASE NOTE: Before release 2.0.0, Spring Security was known as Acegi Security. An ACL
|
||||
module was provided with the old Acegi Security releases under the
|
||||
<literal>org.[acegisecurity/springsecurity].acl</literal> package. This old package
|
||||
is now deprecated and will be removed in a future release of Spring Security. This
|
||||
chapter covers the new ACL module, which is officially recommended from Spring Security
|
||||
2.0.0 and above, and can be found under the
|
||||
<literal>org.springframework.security.acls</literal> package.</para>
|
||||
<para>Complex applications often will find the need to define access permissions not simply
|
||||
at a web request or method invocation level. Instead, security decisions need to
|
||||
comprise both who (<interfacename>Authentication</interfacename>), where
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@
|
|||
<literal>AuthenticationProcessingFilter</literal> to your application context:
|
||||
<programlisting><![CDATA[
|
||||
<bean id="authenticationProcessingFilter"
|
||||
class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter">
|
||||
class="org.springframework.security.web.authentication.AuthenticationProcessingFilter">
|
||||
<property name="authenticationManager" ref="authenticationManager"/>
|
||||
<property name="authenticationFailureUrl" value="/login.jsp?login_error=1"/>
|
||||
<property name="defaultTargetUrl" value="/"/>
|
||||
|
|
|
|||
|
|
@ -32,18 +32,18 @@ JAASTest {
|
|||
above JAAS login configuration file:
|
||||
<programlisting><![CDATA[
|
||||
<bean id="jaasAuthenticationProvider"
|
||||
class="org.springframework.security.providers.jaas.JaasAuthenticationProvider">
|
||||
class="org.springframework.security.authentication.jaas.JaasAuthenticationProvider">
|
||||
<property name="loginConfig" value="/WEB-INF/login.conf"/>
|
||||
<property name="loginContextName" value="JAASTest"/>
|
||||
<property name="callbackHandlers">
|
||||
<list>
|
||||
<bean class="org.springframework.security.providers.jaas.JaasNameCallbackHandler"/>
|
||||
<bean class="org.springframework.security.providers.jaas.JaasPasswordCallbackHandler"/>
|
||||
<bean class="org.springframework.security.authentication.jaas.JaasNameCallbackHandler"/>
|
||||
<bean class="org.springframework.security.authentication.jaas.JaasPasswordCallbackHandler"/>
|
||||
</list>
|
||||
</property>
|
||||
<property name="authorityGranters">
|
||||
<list>
|
||||
<bean class="org.springframework.security.providers.jaas.TestAuthorityGranter"/>
|
||||
<bean class="org.springframework.security.authentication.jaas.TestAuthorityGranter"/>
|
||||
</list>
|
||||
</property>
|
||||
</bean>
|
||||
|
|
|
|||
|
|
@ -196,7 +196,7 @@
|
|||
</para>
|
||||
<para>
|
||||
The main LDAP provider class is
|
||||
<classname>org.springframework.security.providers.ldap.LdapAuthenticationProvider</classname>.
|
||||
<classname>org.springframework.security.ldap.authentication.LdapAuthenticationProvider</classname>.
|
||||
This bean doesn't actually do much itself but delegates the work to two other beans, an
|
||||
<interfacename>LdapAuthenticator</interfacename>
|
||||
and an
|
||||
|
|
@ -261,7 +261,7 @@
|
|||
<title>BindAuthenticator</title>
|
||||
</info>
|
||||
<para>The class
|
||||
<classname>org.springframework.security.providers.ldap.authenticator.BindAuthenticator</classname>
|
||||
<classname>org.springframework.security.ldap.authentication.BindAuthenticator</classname>
|
||||
implements the bind authentication strategy. It simply attempts to bind as the
|
||||
user.</para>
|
||||
</section>
|
||||
|
|
@ -270,7 +270,7 @@
|
|||
<title>PasswordComparisonAuthenticator</title>
|
||||
</info>
|
||||
<para>The class
|
||||
<classname>org.springframework.security.providers.ldap.authenticator.PasswordComparisonAuthenticator</classname>
|
||||
<classname>org.springframework.security.ldap.authentication.PasswordComparisonAuthenticator</classname>
|
||||
implements the password comparison authentication strategy.</para>
|
||||
</section>
|
||||
<section xml:id="ldap-ldap-authenticators-active-directory">
|
||||
|
|
@ -350,9 +350,9 @@
|
|||
</bean>
|
||||
|
||||
<bean id="ldapAuthProvider"
|
||||
class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">
|
||||
class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
|
||||
<constructor-arg>
|
||||
<bean class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator">
|
||||
<bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
|
||||
<constructor-arg ref="contextSource"/>
|
||||
<property name="userDnPatterns">
|
||||
<list><value>uid={0},ou=people</value></list>
|
||||
|
|
@ -360,7 +360,7 @@
|
|||
</bean>
|
||||
</constructor-arg>
|
||||
<constructor-arg>
|
||||
<bean class="org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator">
|
||||
<bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
|
||||
<constructor-arg ref="contextSource"/>
|
||||
<constructor-arg value="ou=groups"/>
|
||||
<property name="groupRoleAttribute" value="ou"/>
|
||||
|
|
|
|||
|
|
@ -13,7 +13,6 @@ import org.springframework.security.web.authentication.WebAuthenticationDetailsS
|
|||
import org.springframework.security.authentication.AuthenticationDetailsSource;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.authentication.event.InteractiveAuthenticationSuccessEvent;
|
||||
import org.springframework.security.authentication.preauth.PreAuthenticatedAuthenticationToken;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
package org.springframework.security.authentication.preauth;
|
||||
package org.springframework.security.web.authentication.preauth;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
|
|
@ -17,7 +17,7 @@ import org.springframework.util.Assert;
|
|||
/**
|
||||
* <p>
|
||||
* Processes a pre-authenticated authentication request. The request will
|
||||
* typically originate from a {@link org.springframework.security.ui.preauth.AbstractPreAuthenticatedProcessingFilter}
|
||||
* typically originate from a {@link org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter}
|
||||
* subclass.
|
||||
*
|
||||
* <p>
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
package org.springframework.security.authentication.preauth;
|
||||
package org.springframework.security.web.authentication.preauth;
|
||||
|
||||
import java.util.Arrays;
|
||||
import java.util.List;
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
package org.springframework.security.authentication.preauth;
|
||||
package org.springframework.security.web.authentication.preauth;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
|
|
@ -6,9 +6,9 @@ import org.apache.commons.logging.Log;
|
|||
import org.apache.commons.logging.LogFactory;
|
||||
import org.springframework.security.authentication.AuthenticationDetailsSource;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.authentication.preauth.PreAuthenticatedAuthenticationToken;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
package org.springframework.security.authentication.preauth;
|
||||
package org.springframework.security.web.authentication.preauth;
|
||||
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertFalse;
|
||||
|
|
@ -8,14 +8,14 @@ import static org.junit.Assert.assertTrue;
|
|||
|
||||
import org.junit.Test;
|
||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.authentication.preauth.PreAuthenticatedAuthenticationProvider;
|
||||
import org.springframework.security.authentication.preauth.PreAuthenticatedAuthenticationToken;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.authority.AuthorityUtils;
|
||||
import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.security.core.userdetails.UsernameNotFoundException;
|
||||
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider;
|
||||
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
|
||||
|
||||
/**
|
||||
*
|
||||
|
|
@ -1,12 +1,12 @@
|
|||
package org.springframework.security.authentication.preauth;
|
||||
package org.springframework.security.web.authentication.preauth;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import org.springframework.security.authentication.preauth.PreAuthenticatedAuthenticationToken;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.AuthorityUtils;
|
||||
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
|
||||
|
||||
/**
|
||||
*
|
||||
|
|
@ -1,16 +1,16 @@
|
|||
package org.springframework.security.authentication.preauth;
|
||||
package org.springframework.security.web.authentication.preauth;
|
||||
|
||||
import static org.junit.Assert.*;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.springframework.security.authentication.preauth.PreAuthenticatedAuthenticationToken;
|
||||
import org.springframework.security.authentication.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsService;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.AuthorityUtils;
|
||||
import org.springframework.security.core.authority.GrantedAuthoritiesContainer;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
|
||||
import org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsService;
|
||||
|
||||
/**
|
||||
*
|
||||
|
|
@ -8,7 +8,6 @@ import org.junit.After;
|
|||
import org.junit.Test;
|
||||
import org.springframework.security.authentication.AuthenticationDetailsSource;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.authentication.preauth.PreAuthenticatedAuthenticationProvider;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.authority.AuthorityUtils;
|
||||
import org.springframework.security.core.context.SecurityContext;
|
||||
|
|
@ -17,6 +16,7 @@ import org.springframework.security.core.context.SecurityContextImpl;
|
|||
import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.security.core.userdetails.UserDetailsChecker;
|
||||
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider;
|
||||
|
||||
/**
|
||||
*
|
||||
|
|
|
|||
Loading…
Reference in New Issue