SEC-271: Spring 2-based configuration simplification of Acegi Security

This commit is contained in:
Vishal Puri 2007-05-10 02:32:30 +00:00
parent 09fd79bc64
commit 566314dae5
19 changed files with 1308 additions and 6 deletions

View File

@ -7,13 +7,14 @@
<artifactId>acegi-security-parent</artifactId> <artifactId>acegi-security-parent</artifactId>
<version>1.1-SNAPSHOT</version> <version>1.1-SNAPSHOT</version>
</parent> </parent>
<packaging>jar</packaging>
<artifactId>acegi-security</artifactId> <artifactId>acegi-security</artifactId>
<name>Acegi Security System for Spring</name> <name>Acegi Security System for Spring</name>
<scm> <scm>
<connection>scm:svn:https://svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity/core</connection> <connection>scm:svn:https://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity/core</connection>
<developerConnection>scm:svn:https://svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity/core</developerConnection> <developerConnection>scm:svn:https://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/trunk/acegisecurity/core</developerConnection>
<url>http://svn.sourceforge.net/viewcvs.cgi/acegisecurity/trunk/acegisecurity/core/</url> <url>http://acegisecurity.svn.sourceforge.net/viewcvs.cgi/acegisecurity/trunk/acegisecurity/core/</url>
</scm> </scm>
<dependencies> <dependencies>
@ -36,9 +37,9 @@
<optional>true</optional> <optional>true</optional>
</dependency> </dependency>
<dependency> <dependency>
<groupId>ehcache</groupId> <groupId>net.sf.ehcache</groupId>
<artifactId>ehcache</artifactId> <artifactId>ehcache</artifactId>
<version>1.1</version> <version>1.2.4</version>
<optional>true</optional> <optional>true</optional>
</dependency> </dependency>
<dependency> <dependency>
@ -127,7 +128,7 @@
</dependencies> </dependencies>
<build> <build>
<resources> <resources><!--
<resource> <resource>
<directory>${basedir}/../</directory> <directory>${basedir}/../</directory>
<targetPath>META-INF</targetPath> <targetPath>META-INF</targetPath>
@ -145,6 +146,22 @@
<filtering>false</filtering> <filtering>false</filtering>
</resource> </resource>
<resource> <resource>
<directory>${basedir}/src/main/resources/org/acegisecurity/config</directory>
<targetPath>META-INF</targetPath>
<includes>
<include>spring.handlers</include>
</includes>
<filtering>false</filtering>
</resource>
<resource>
<directory>${basedir}/src/main/resources/org/acegisecurity/config</directory>
<targetPath>META-INF</targetPath>
<includes>
<include>spring.schemas</include>
</includes>
<filtering>false</filtering>
</resource>
--><resource>
<directory>${basedir}/src/main/resources</directory> <directory>${basedir}/src/main/resources</directory>
<targetPath>/</targetPath> <targetPath>/</targetPath>
<includes> <includes>

View File

@ -0,0 +1,190 @@
/**
*
*/
package org.acegisecurity.config;
import org.acegisecurity.providers.dao.DaoAuthenticationProvider;
import org.acegisecurity.providers.dao.salt.ReflectionSaltSource;
import org.acegisecurity.providers.dao.salt.SystemWideSaltSource;
import org.acegisecurity.providers.encoding.Md5PasswordEncoder;
import org.springframework.beans.factory.config.RuntimeBeanReference;
import org.springframework.beans.factory.support.AbstractBeanDefinition;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import org.springframework.util.xml.DomUtils;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
/**
* @author vpuri
*
*/
public class AuthenticationRepositoryBeanDefinitionParser extends AbstractBeanDefinitionParser {
// ~~ Instance Variables
private static final String REPOSITORY_BEAN_REF = "repositoryBeanRef";
private static final String USER_DETAILS_SERVICE = "userDetailsService";
private static final String SALT_SOURCE_ELEMENT = "salt-source";
private static final String SALT_SOURCE_REF = "saltSourceBeanRef";
private static final String SYSTEM_WIDE_SALT_SOURCE = "system-wide";
private static final String REFLECTION_SALT_SOURCE = "reflection";
private static final String PASSWORD_ENCODER_ELEMENT = "password-encoder";
private static final String PASSWORD_ENCODER_REF = "encoderBeanRef";
private static final String PASSWORD_ENCODER = "encoder";
public static final String AUTOWIRE_AUTODETECT_VALUE = "autodetect";
// ~~ Methods
/**
* TODO: Document Me !!!
*/
public AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
Assert.notNull(parserContext, "ParserContext must not be null");
RootBeanDefinition repositoryBeanDef = new RootBeanDefinition(DaoAuthenticationProvider.class);
// if repositoryBeanRef is specified use its referred bean
String userDetailsRef = element.getAttribute(REPOSITORY_BEAN_REF);
if (StringUtils.hasLength(userDetailsRef)) {
repositoryBeanDef.getPropertyValues().addPropertyValue(USER_DETAILS_SERVICE,
new RuntimeBeanReference(userDetailsRef));
}
else {
// autodetect userDetailsService from App Context ? or we could even create this UserDetailsService BD with autodetection of dataSource hahaha Magic !!!
//repositoryBeanDef.getPropertyValues().addPropertyValue(USER_DETAILS_SERVICE, new RuntimeBeanReference(USER_DETAILS_SERVICE));
repositoryBeanDef.setAutowireMode(AbstractBeanDefinition.AUTOWIRE_AUTODETECT);
}
// check if saltSource is defined
Element saltSourceEle = DomUtils.getChildElementByTagName(element, SALT_SOURCE_ELEMENT);
setSaltSourceProperty(repositoryBeanDef, saltSourceEle);
Element passwordEncoderEle = DomUtils.getChildElementByTagName(element, PASSWORD_ENCODER_ELEMENT);
setPasswordEncoderProperty(repositoryBeanDef, passwordEncoderEle);
return repositoryBeanDef;
}
/**
*
* @param repositoryBeanDef
* @param element
*/
private void setSaltSourceProperty(RootBeanDefinition repositoryBeanDef, Element element) {
if(element != null) {
setBeanReferenceOrInnerBeanDefinitions(repositoryBeanDef, element, "saltSource",element.getAttribute(SALT_SOURCE_REF) );
}
}
/**
*
* @param repositoryBeanDef
* @param element
*/
private void setPasswordEncoderProperty(RootBeanDefinition repositoryBeanDef, Element element) {
if(element != null) {
setBeanReferenceOrInnerBeanDefinitions(repositoryBeanDef, element, "passwordEncoder",element.getAttribute(PASSWORD_ENCODER_REF) );
}
}
/**
*
* @param repositoryBeanDef
* @param element
* @param property
* @param reference
*/
private void setBeanReferenceOrInnerBeanDefinitions(RootBeanDefinition repositoryBeanDef, Element element ,String property, String reference) {
// check for encoderBeanRef attribute
if (StringUtils.hasLength(reference)) {
repositoryBeanDef.getPropertyValues().addPropertyValue(property, new RuntimeBeanReference(reference));
}
else {
doSetInnerBeanDefinitions(repositoryBeanDef, element);
}
}
/**
*
* @param repositoryBeanDef
* @param element
*/
private void doSetInnerBeanDefinitions(RootBeanDefinition repositoryBeanDef, Element element) {
NodeList children = element.getChildNodes();
for (int i = 0, n = children.getLength(); i < n; i++) {
Node node = children.item(i);
if (node.getNodeType() == Node.ELEMENT_NODE) {
Element childElement = (Element) node;
RootBeanDefinition innerBeanDefinition = null;
if (SYSTEM_WIDE_SALT_SOURCE.equals(node.getLocalName())) {
innerBeanDefinition = createSystemWideSaltSource(childElement);
repositoryBeanDef.getPropertyValues().addPropertyValue("saltSource", innerBeanDefinition);
}
else if (REFLECTION_SALT_SOURCE.equals(node.getLocalName())) {
innerBeanDefinition = createReflectionSaltSource(childElement);
repositoryBeanDef.getPropertyValues().addPropertyValue("saltSource", innerBeanDefinition);
}
if (PASSWORD_ENCODER.equals(node.getLocalName())) {
RootBeanDefinition passwordEncoderInnerBeanDefinition = createPasswordEncoder(childElement);
repositoryBeanDef.getPropertyValues().addPropertyValue("passwordEncoder", passwordEncoderInnerBeanDefinition);
}
}
}
}
/**
*
* @param childElement
* @return
*/
private RootBeanDefinition createPasswordEncoder(Element childElement) {
String attributeValue = childElement.getAttribute("method");
RootBeanDefinition definition = null;
// TODO: add other encoders support
if(attributeValue.equals("md5")){
definition = new RootBeanDefinition(Md5PasswordEncoder.class);
}
return definition;
}
/**
*
* @param saltSourceTypeElement
* @return
*/
private RootBeanDefinition createReflectionSaltSource(Element saltSourceTypeElement) {
RootBeanDefinition definition = new RootBeanDefinition(ReflectionSaltSource.class);
definition.getPropertyValues().addPropertyValue("userPropertyToUse", saltSourceTypeElement.getAttribute("userPropertyToUse"));
return definition;
}
/**
*
* @param saltSourceTypeElement
* @return
*/
private RootBeanDefinition createSystemWideSaltSource( Element saltSourceTypeElement) {
RootBeanDefinition definition = new RootBeanDefinition(SystemWideSaltSource.class);
definition.getPropertyValues().addPropertyValue("systemWideSalt", saltSourceTypeElement.getAttribute("systemWideSalt"));
return definition;
}
}

View File

@ -0,0 +1,78 @@
/**
*
*/
package org.acegisecurity.config;
import org.acegisecurity.context.HttpSessionContextIntegrationFilter;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.springframework.beans.factory.xml.AbstractSingleBeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.core.Conventions;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import org.w3c.dom.Attr;
import org.w3c.dom.Element;
import org.w3c.dom.NamedNodeMap;
/**
*
* @author vpuri
*
*/
public class ContextIntegrationBeanDefinitionParser extends AbstractSingleBeanDefinitionParser {
private static final String HTTP_SESSION_CONTEXT_INTEGRATION = "session-context-integration";
private static final String SESSION_CREATION = "sessionCreation";
private static final String IF_REQUIRED = "ifRequired";
private static final String ALWAYS = "always";
private static final String NEVER = "never";
@Override
protected Class getBeanClass(Element element) {
return HttpSessionContextIntegrationFilter.class;
}
@Override
protected void doParse(Element element, ParserContext parserContext, BeanDefinitionBuilder builder) {
NamedNodeMap attributes = element.getAttributes();
for (int x = 0; x < attributes.getLength(); x++) {
Attr attribute = (Attr) attributes.item(x);
String attributeName = attribute.getLocalName();
if ( !ID_ATTRIBUTE.equals(attributeName)) {
if (attributeName.equals(SESSION_CREATION)) {
String sessionCreation = element.getAttribute(SESSION_CREATION);
if(sessionCreation.equals(IF_REQUIRED)) {
builder.addPropertyValue("allowSessionCreation", Boolean.TRUE);
}
if(sessionCreation.equals(ALWAYS)) {
builder.addPropertyValue("allowSessionCreation", Boolean.TRUE);
}
if(sessionCreation.equals(NEVER)) {
builder.addPropertyValue("allowSessionCreation", Boolean.FALSE);
}
}
else{
String propertyName = Conventions.attributeNameToPropertyName(attributeName);
Assert.state(StringUtils.hasText(propertyName),
"Illegal property name returned from 'extractPropertyName(String)': cannot be null or empty.");
builder.addPropertyValue(propertyName, attribute.getValue());
}
}
}
}
}

View File

@ -0,0 +1,49 @@
/**
*
*/
package org.acegisecurity.config;
import org.acegisecurity.ui.rememberme.RememberMeProcessingFilter;
import org.springframework.beans.factory.config.RuntimeBeanReference;
import org.springframework.beans.factory.support.AbstractBeanDefinition;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
import org.springframework.beans.factory.xml.BeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import org.w3c.dom.Element;
/**
* @author vpuri
*
*@since
*/
public class RememberMeFilterBeanDefinitionParser extends AbstractBeanDefinitionParser implements
BeanDefinitionParser {
private static final String REMEMBER_ME_SERVICES_REF = "rememberMeServicesBeanRef";
private static final String REMEMBER_ME_SERVICES = "rememberMeServices";
/**
*
*/
protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
Assert.notNull(parserContext, "ParserContext must not be null");
RootBeanDefinition rememberMeFilterBeanDef = new RootBeanDefinition(RememberMeProcessingFilter.class);
// detect all the required dependencies and autowire them by type
rememberMeFilterBeanDef.setAutowireMode(AbstractBeanDefinition.AUTOWIRE_AUTODETECT);
// check if rememberMeServicesBeanRef is defined and if it's specified use its referred bean
String rememberMeServicesRef = element.getAttribute(REMEMBER_ME_SERVICES_REF);
if (StringUtils.hasLength(rememberMeServicesRef)) {
rememberMeFilterBeanDef.getPropertyValues().addPropertyValue(REMEMBER_ME_SERVICES,
new RuntimeBeanReference(rememberMeServicesRef));
}
return rememberMeFilterBeanDef;
}
}

View File

@ -0,0 +1,61 @@
/**
*
*/
package org.acegisecurity.config;
import org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices;
import org.springframework.beans.factory.config.RuntimeBeanReference;
import org.springframework.beans.factory.support.AbstractBeanDefinition;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
import org.springframework.beans.factory.xml.BeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import org.w3c.dom.Element;
/**
* @author vpuri
*
*/
public class RememberMeServicesBeanDefinitionParser extends AbstractBeanDefinitionParser implements
BeanDefinitionParser {
private static final String PRINCIPAL_REPOSITORY_BEAN_REF = "principalRepositoryBeanRef";
private static final String USER_DETAILS_SERVICE = "userDetailsService";
/*
* key is optional; if unspecified, pick a rnd int and use for all unspecified key properties for acegi beans
*/
private static final String KEY = "key";
/**
*
*/
protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
Assert.notNull(parserContext, "ParserContext must not be null");
RootBeanDefinition rememberMeServicesBeanDef = new RootBeanDefinition(TokenBasedRememberMeServices.class);
String keyValue = element.getAttribute(KEY);
if (StringUtils.hasLength(keyValue)) {
rememberMeServicesBeanDef.getPropertyValues().addPropertyValue(KEY,keyValue);
} else {
// pick a rnd int
}
// check if rememberMeServicesBeanRef is defined and if it's specified use its referred bean
String rememberMeServicesRef = element.getAttribute(PRINCIPAL_REPOSITORY_BEAN_REF);
if (StringUtils.hasLength(rememberMeServicesRef)) {
rememberMeServicesBeanDef.getPropertyValues().addPropertyValue(USER_DETAILS_SERVICE,
new RuntimeBeanReference(rememberMeServicesRef));
}
else {
// auto-detects everything
rememberMeServicesBeanDef.setAutowireMode(AbstractBeanDefinition.AUTOWIRE_AUTODETECT);
}
return rememberMeServicesBeanDef;
}
}

View File

@ -0,0 +1,28 @@
/**
*
*/
package org.acegisecurity.config;
import org.springframework.beans.factory.xml.BeanDefinitionParser;
import org.springframework.beans.factory.xml.NamespaceHandlerSupport;
/**
* {@link org.springframework.beans.factory.xml.NamespaceHandler} for the '<code>security</code>' namespace.
* @author vpuri
*
* @since
*/
public class SecurityNamespaceHandler extends NamespaceHandlerSupport {
/**
* Register the {@link BeanDefinitionParser BeanDefinitionParsers} for the
* '<code>context-integration</code>', ' and '<code></code>' elements.
*/
public void init() {
registerBeanDefinitionParser("session-context-integration", new ContextIntegrationBeanDefinitionParser());
registerBeanDefinitionParser("authentication-repository", new AuthenticationRepositoryBeanDefinitionParser());
registerBeanDefinitionParser("authentication-remember-me-services", new RememberMeServicesBeanDefinitionParser());
registerBeanDefinitionParser("authentication-remember-me-filter", new RememberMeFilterBeanDefinitionParser());
}
}

View File

@ -0,0 +1 @@
http\://www.springframework.org/schema/security=org.acegisecurity.config.SecurityNamespaceHandler

View File

@ -0,0 +1,2 @@
http\://www.springframework.org/schema/security/spring-security-2.0.xsd=org/acegisecurity/config/spring-security-2.0.xsd

View File

@ -0,0 +1,221 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<xsd:schema xmlns="http://www.springframework.org/schema/security"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
targetNamespace="http://www.springframework.org/schema/security"
elementFormDefault="qualified" attributeFormDefault="unqualified">
<xsd:element name="session-context-integration">
<xsd:complexType>
<xsd:attribute name="id" type="xsd:ID">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
The unique identifier for a bean.
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="sessionCreation"
default="ifRequired">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
Indicates if this filter can create a HttpSession if
needed (sessions are always created sparingly, but setting this value to
false will prohibit sessions from ever being created).
Defaults to true. Do not set to false if
you have set forceEagerSessionCreation to true ,
as the properties would be in conflict.
]]>
</xsd:documentation>
</xsd:annotation>
<xsd:simpleType>
<xsd:restriction base="xsd:string">
<xsd:enumeration value="ifRequired" />
<xsd:enumeration value="never" />
<xsd:enumeration value="always" />
</xsd:restriction>
</xsd:simpleType>
</xsd:attribute>
<xsd:attribute name="forceEagerSessionCreation"
default="false" type="defaultable-boolean" use="optional">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
Indicates if this filter is required to create a <code>HttpSession</code>
for every request before proceeding through the filter chain, even if the
<code>HttpSession</code> would not ordinarily have been created. By
default this is <code>false</code>, which is entirely appropriate for
most circumstances as you do not want a <code>HttpSession</code>
created unless the filter actually needs one. It is envisaged the main
situation in which this property would be set to <code>true</code> is
if using other filters that depend on a <code>HttpSession</code>
already existing, such as those which need to obtain a session ID. This
is only required in specialised cases, so leave it set to
<code>false</code> unless you have an actual requirement and are
conscious of the session creation overhead.
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="cloneFromHttpSession" default="false"
type="defaultable-boolean" use="optional">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
Indicates whether the <code>SecurityContext</code> will be cloned from
the <code>HttpSession</code>. The default is to simply reference (ie
the default is <code>false</code>). The default may cause issues if
concurrent threads need to have a different security identity from other
threads being concurrently processed that share the same
<code>HttpSession</code>. In most normal environments this does not
represent an issue, as changes to the security identity in one thread is
allowed to affect the security identitiy in other threads associated with
the same <code>HttpSession</code>. For unusual cases where this is not
permitted, change this value to <code>true</code> and ensure the
{@link #context} is set to a <code>SecurityContext</code> that
implements {@link Cloneable} and overrides the <code>clone()</code>
method.
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
</xsd:complexType>
</xsd:element>
<xsd:element name="authentication-remember-me-filter"
type="RememberMeFilter" />
<xsd:complexType name="RememberMeFilter">
<xsd:attribute name="id" type="xsd:ID">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
The unique identifier for a bean.
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="rememberMeServicesBeanRef" type="xsd:string"
use="optional" />
</xsd:complexType>
<xsd:element name="authentication-remember-me-services"
type="RememberMeServices" />
<xsd:complexType name="RememberMeServices">
<xsd:attribute name="id" type="xsd:ID">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
The unique identifier for a bean.
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="key" type="xsd:string"
use="optional" />
<xsd:attribute name="principalRepositoryBeanRef" type="xsd:string"
use="optional" />
</xsd:complexType>
<xsd:element name="authentication-repository"
type="AuthenticationRepositoryType" />
<xsd:complexType name="AuthenticationRepositoryType">
<xsd:sequence>
<xsd:element name="salt-source" type="SaltSource"
minOccurs="0" maxOccurs="1" />
<xsd:element name="password-encoder" type="PasswordEncoder"
minOccurs="0" maxOccurs="1" />
</xsd:sequence>
<xsd:attributeGroup ref="AuthenticationRepositoryAttributes" />
</xsd:complexType>
<!-- <security:salt-source source="systemwide|reflection" salt="salt"/> -->
<xsd:complexType name="SaltSource">
<xsd:sequence>
<xsd:choice minOccurs="0" maxOccurs="1">
<xsd:element name="system-wide">
<xsd:complexType>
<xsd:attribute name="systemWideSalt"
type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="reflection">
<xsd:complexType>
<xsd:attribute name="userPropertyToUse"
type="xsd:string" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:sequence>
<xsd:attribute name="saltSourceBeanRef" type="xsd:string"
use="optional" />
</xsd:complexType>
<xsd:complexType name="PasswordEncoder">
<xsd:sequence>
<xsd:choice minOccurs="0" maxOccurs="1">
<xsd:element name="encoder">
<xsd:complexType>
<xsd:attribute name="method" type="encoders" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:sequence>
<xsd:attribute name="encoderBeanRef" type="xsd:string"
use="optional" />
</xsd:complexType>
<xsd:attributeGroup name="AuthenticationRepositoryAttributes">
<xsd:attribute name="id" type="xsd:ID">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
The unique identifier for a bean.
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="repositoryBeanRef" type="xsd:string">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
Reference of a bean.
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
</xsd:attributeGroup>
<!-- simple internal types -->
<xsd:simpleType name="defaultable-boolean">
<xsd:restriction base="xsd:NMTOKEN">
<xsd:enumeration value="true" />
<xsd:enumeration value="false" />
</xsd:restriction>
</xsd:simpleType>
<xsd:simpleType name="encoders">
<xsd:restriction base="xsd:NMTOKEN">
<xsd:enumeration value="md5" />
<xsd:enumeration value="md5Hex" />
<xsd:enumeration value="sha" />
<xsd:enumeration value="shaHex" />
<xsd:enumeration value="custom" />
</xsd:restriction>
</xsd:simpleType>
</xsd:schema>

View File

@ -0,0 +1,115 @@
/**
*
*/
package org.acegisecurity.config;
import junit.framework.TestCase;
import org.acegisecurity.providers.AuthenticationProvider;
import org.acegisecurity.providers.dao.DaoAuthenticationProvider;
import org.acegisecurity.providers.dao.SaltSource;
import org.acegisecurity.providers.encoding.Md5PasswordEncoder;
import org.acegisecurity.providers.encoding.PasswordEncoder;
import org.acegisecurity.providers.encoding.PlaintextPasswordEncoder;
import org.acegisecurity.userdetails.jdbc.JdbcDaoImpl;
import org.springframework.beans.PropertyValue;
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
import org.springframework.beans.factory.config.RuntimeBeanReference;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.context.ApplicationContext;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import org.springframework.util.Assert;
/**
* @author vpuri
*
*/
public class AuthenticationRepositoryParserTest extends TestCase {
public void testAuthenticationRepositoryDefaultWithAutoUserdetails() {
ApplicationContext context = new ClassPathXmlApplicationContext("org/acegisecurity/config/authentication-dao-defaults.xml");
ConfigurableListableBeanFactory clbf =
(ConfigurableListableBeanFactory)context.getAutowireCapableBeanFactory();
String[] names = clbf.getBeanNamesForType(AuthenticationProvider.class);
assertEquals(1, names.length);
// check bean class
RootBeanDefinition definition = (RootBeanDefinition)clbf.getBeanDefinition(names[0]);
assertEquals(DaoAuthenticationProvider.class, definition.getBeanClass());
DaoAuthenticationProvider provider = (DaoAuthenticationProvider)context.getBean("authenticationRepository");
Assert.isAssignable(JdbcDaoImpl.class, provider.getUserDetailsService().getClass());
}
public void testCollaboratorsAsInnerBeans(){
ApplicationContext context = new ClassPathXmlApplicationContext("org/acegisecurity/config/authentication-innerbeans.xml");
ConfigurableListableBeanFactory clbf = (ConfigurableListableBeanFactory)context.getAutowireCapableBeanFactory();
// get the main bean definition, there should be only one
String[] names = clbf.getBeanNamesForType(AuthenticationProvider.class);
assertEquals(1, names.length);
RootBeanDefinition definition = (RootBeanDefinition)clbf.getBeanDefinition(names[0]);
assertEquals(DaoAuthenticationProvider.class, definition.getBeanClass());
// get the 2 inner beans
PropertyValue saltSourceBean = definition.getPropertyValues().getPropertyValue("saltSource");
assertEquals("saltSource", saltSourceBean.getName());
//get the BeanDefinition
RootBeanDefinition saltsourceDef = (RootBeanDefinition) saltSourceBean.getValue();
Assert.isAssignable(SaltSource.class,saltsourceDef.getBeanClass());
PropertyValue encoder = definition.getPropertyValues().getPropertyValue("passwordEncoder");
assertEquals("passwordEncoder", encoder.getName());
//get the BeanDefinition
RootBeanDefinition encoderDef = (RootBeanDefinition) encoder.getValue();
Assert.isAssignable(PasswordEncoder.class,encoderDef.getBeanClass());
assertEquals("incorrect bean class name", encoderDef.getBeanClassName(),Md5PasswordEncoder.class.getName());
}
public void testCollaboratorsAsBeanRef() {
ApplicationContext context = new ClassPathXmlApplicationContext("org/acegisecurity/config/authentication-beanRef-attributes.xml");
ConfigurableListableBeanFactory clbf = (ConfigurableListableBeanFactory)context.getAutowireCapableBeanFactory();
// get the main bean definition, there should be only one
String[] names = clbf.getBeanNamesForType(AuthenticationProvider.class);
assertEquals(1, names.length);
RootBeanDefinition definition = (RootBeanDefinition)clbf.getBeanDefinition(names[0]);
assertEquals(DaoAuthenticationProvider.class, definition.getBeanClass());
// get the referred collaborators
PropertyValue userDetailsBean = definition.getPropertyValues().getPropertyValue("userDetailsService");
assertEquals("userDetailsService", userDetailsBean.getName());
PropertyValue saltSourceBean = definition.getPropertyValues().getPropertyValue("saltSource");
assertEquals("saltSource", saltSourceBean.getName());
//get the BeanDefinition
RuntimeBeanReference saltsourceDef = (RuntimeBeanReference) saltSourceBean.getValue();
assertEquals("refToSaltSource",saltsourceDef.getBeanName());
PropertyValue encoder = definition.getPropertyValues().getPropertyValue("passwordEncoder");
assertEquals("passwordEncoder", encoder.getName());
//get the BeanDefinition
RuntimeBeanReference encoderDef = (RuntimeBeanReference) encoder.getValue();
assertEquals("refToPasswordEncoder",encoderDef.getBeanName());
DaoAuthenticationProvider provider = (DaoAuthenticationProvider)context.getBean("authenticationRepository");
assertTrue(provider.getPasswordEncoder() instanceof PasswordEncoder);
assertEquals(Md5PasswordEncoder.class, provider.getPasswordEncoder().getClass() );
}
public void testAutodetectionOfUserDetailsService(){
ApplicationContext context = new ClassPathXmlApplicationContext("org/acegisecurity/config/authentication-defaults.xml");
DaoAuthenticationProvider provider = (DaoAuthenticationProvider)context.getBean("authenticationRepository");
assertNotNull(provider.getUserDetailsService());
assertNull(provider.getSaltSource());
assertEquals(PlaintextPasswordEncoder.class, provider.getPasswordEncoder().getClass());
}
}

View File

@ -0,0 +1,44 @@
/**
*
*/
package org.acegisecurity.config;
import javax.servlet.Filter;
import org.acegisecurity.context.HttpSessionContextIntegrationFilter;
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.context.ApplicationContext;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import junit.framework.TestCase;
/**
* @author vpuri
*
*/
public class HttpSessionContextIntegrationParserTest extends TestCase {
public void testApplicationContext() {
ApplicationContext context = new ClassPathXmlApplicationContext("org/acegisecurity/config/session-context-integration-defaults.xml");
ConfigurableListableBeanFactory clbf =
(ConfigurableListableBeanFactory)context.getAutowireCapableBeanFactory();
String[] names = clbf.getBeanNamesForType(Filter.class);
assertEquals(1, names.length);
// check bean name
RootBeanDefinition definition = (RootBeanDefinition)clbf.getBeanDefinition(names[0]);
assertEquals(HttpSessionContextIntegrationFilter.class, definition.getBeanClass());
// check properties
//get the bean
HttpSessionContextIntegrationFilter filter = (HttpSessionContextIntegrationFilter)context.getBean("httpSessionContextIntegrationFilter");
assertFalse(filter.isAllowSessionCreation());
assertNotNull(definition.getPropertyValues().getPropertyValue("allowSessionCreation"));
assertFalse(filter.isForceEagerSessionCreation());
assertFalse(filter.isCloneFromHttpSession());
}
}

View File

@ -0,0 +1,15 @@
package org.acegisecurity.config;
import junit.framework.TestCase;
import org.springframework.context.ApplicationContext;
import org.springframework.context.support.ClassPathXmlApplicationContext;
public class RememberMeBeanDefinitionParserTest extends TestCase {
public void testRememberMeDefaults() {
ApplicationContext context = new ClassPathXmlApplicationContext("org/acegisecurity/config/remember-me-defaults.xml");
}
}

View File

@ -0,0 +1,53 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
<security:authentication-repository id="authenticationRepository" repositoryBeanRef="refToUserDetailsService">
<security:salt-source saltSourceBeanRef="refToSaltSource"/>
<security:password-encoder encoderBeanRef="refToPasswordEncoder"/>
</security:authentication-repository>
<bean id="refToUserDetailsService"
class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
<property name="dataSource">
<ref bean="dataSource" />
</property>
</bean>
<bean id="dataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName">
<value>org.hsqldb.jdbcDriver</value>
</property>
<property name="url">
<value>jdbc:hsqldb:mem:test</value>
<!-- <value>jdbc:hsqldb:hsql://localhost/acl</value> -->
</property>
<property name="username">
<value>sa</value>
</property>
<property name="password">
<value></value>
</property>
</bean>
<bean id="refToSaltSource"
class="org.acegisecurity.providers.dao.salt.SystemWideSaltSource">
<property name="systemWideSalt">
<value>12345</value>
</property>
</bean>
<bean id="refToPasswordEncoder"
class="org.acegisecurity.providers.encoding.Md5PasswordEncoder" />
</beans>

View File

@ -0,0 +1,60 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
<!-- Case 1: defaults (userDetailsService mandatory)-->
<!-- autocreate userDetailsService with dataSource(search in ctx) injected -->
<security:authentication-repository id="authenticationRepository">
<!--<security:salt-source>
<security:system-wide systemWideSalt="12345" />
</security:salt-source>
--><security:password-encoder encoderBeanRef="passwordEncoder"/>
<!-- OR <security:password-encoder>
<security:encoder method="md5"/>
</security:password-encoder>
--></security:authentication-repository>
<bean id="userDetailsService"
class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
<property name="dataSource">
<ref bean="dataSource" />
</property>
</bean>
<bean id="dataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName">
<value>org.hsqldb.jdbcDriver</value>
</property>
<property name="url">
<value>jdbc:hsqldb:mem:test</value>
<!-- <value>jdbc:hsqldb:hsql://localhost/acl</value> -->
</property>
<property name="username">
<value>sa</value>
</property>
<property name="password">
<value></value>
</property>
</bean>
<bean id="saltSource"
class="org.acegisecurity.providers.dao.salt.SystemWideSaltSource">
<property name="systemWideSalt">
<value>12345</value>
</property>
</bean>
<bean id="passwordEncoder"
class="org.acegisecurity.providers.encoding.Md5PasswordEncoder" />
</beans>

View File

@ -0,0 +1,40 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
<security:authentication-repository id="authenticationRepository"/>
<bean id="userDetailsService"
class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
<property name="dataSource">
<ref bean="dataSource" />
</property>
</bean>
<bean id="dataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName">
<value>org.hsqldb.jdbcDriver</value>
</property>
<property name="url">
<value>jdbc:hsqldb:mem:test</value>
<!-- <value>jdbc:hsqldb:hsql://localhost/acl</value> -->
</property>
<property name="username">
<value>sa</value>
</property>
<property name="password">
<value></value>
</property>
</bean>
</beans>

View File

@ -0,0 +1,50 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
<!-- Case 1: defaults (userDetailsService mandatory)-->
<!-- autocreate userDetailsService with dataSource(search in ctx) injected -->
<security:authentication-repository id="authenticationRepository">
<security:salt-source>
<security:system-wide systemWideSalt="12345" />
</security:salt-source>
<security:password-encoder>
<security:encoder method="md5" />
</security:password-encoder>
</security:authentication-repository>
<bean id="AnyBeanIdAsThisBeanWillBeAutoDetectedAndInjectedInauthenticationRepositoryUsingAutoWireByType"
class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
<property name="dataSource">
<ref bean="dataSource" />
</property>
</bean>
<bean id="dataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName">
<value>org.hsqldb.jdbcDriver</value>
</property>
<property name="url">
<value>jdbc:hsqldb:mem:test</value>
<!-- <value>jdbc:hsqldb:hsql://localhost/acl</value> -->
</property>
<property name="username">
<value>sa</value>
</property>
<property name="password">
<value></value>
</property>
</bean>
</beans>

View File

@ -0,0 +1,68 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
<!-- ======================== AUTHENTICATION ======================= -->
<!-- makes the filter, but does little else, as it auto-detects everything -->
<security:authentication-remember-me-filter id="rememberMeFilter"
rememberMeServicesBeanRef="rememberMeServices" />
<!-- services should auto-detect UserDetails from app ctx if principalRepository was not specified; -->
<!-- key is optional; if unspecified, in the NamespaceHandler pick a rnd int and use for all unspecified key properties for acegi beans -->
<security:authentication-remember-me-services
id="rememberMeServices" key="someValue"
principalRepositoryBeanRef="userDetailsService" />
<!-- The rules are:
AuthenticationManager interface is implemented by ProviderManager
So if you have any auto-detection, create a ProviderManager definition
If ProviderManager.setProvider(List) is never called, auto-detect all AuthenticationProviders from app ctx, using Ordered to resolve their order
Every authentication mechanism OR provider must start with security:authentication-something
Use appropriate attrs and elements depending on provider or mechanism
-->
<bean id="authenticationManager"
class="org.acegisecurity.providers.ProviderManager">
<property name="providers">
<list>
<ref local="authenticationRepository" />
</list>
</property>
</bean>
<security:authentication-repository id="authenticationRepository" />
<bean id="userDetailsService"
class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
<property name="dataSource">
<ref bean="dataSource" />
</property>
</bean>
<bean id="dataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName">
<value>org.hsqldb.jdbcDriver</value>
</property>
<property name="url">
<value>jdbc:hsqldb:mem:test</value>
<!-- <value>jdbc:hsqldb:hsql://localhost/acl</value> -->
</property>
<property name="username">
<value>sa</value>
</property>
<property name="password">
<value></value>
</property>
</bean>
</beans>

View File

@ -0,0 +1,147 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
<!-- introspect all bean definitions for an explicit object of a "required" type, and if not found, add it. You can turn OFF ones you dont want added via attributes -->
<security:security-autoconfig exceptionTranslation="disable" sessionContextIntegration="disable" logoutSupport="disable" filterChain="disable" servletRequestEmulation="disabled" anonyomousRoleGranter="disabled"/>
<!-- autodetect attribute is the default, and an exception is thrown if false, as the expectation is they will write their own legacy <beans> format
FilterChainProxy bean definition is dissatisfied with the auto approach. The auto approach simply creates a bean definition similar to that shown
below with the AUTODETECT_ALL_ORDERED_FILTERs. As suggested, this causes a runtime check of app ctx for all javax.servlet.Filter instances, and
for each that also implemented Ordered, these are automatically applied to the pattern shown (which is **/* in the case of autodetect=true).*-->
<security:filter-chain id="id" />
<bean id="dcdc" class="FilterChainProxy">
<property name="chainConfig">
<value>
**/*=AUTODETECT_ALL_ORDERED_FILTERS
**/*=filter1,filter2,filter3
</value>
</property>
</bean>
<!-- also provide an OrderedFilterAdapter, impls Filter and Ordered, and can be configured declaratively in Spring XML (eg SiteMesh), setOrder, setDelegate(Filter object) -->
<!-- creates a bean definition for an AccessDecisionManager; strategy defaults to AffirmativeBased;
superclass AbstractAccessDecisionManager requires refactoring so if no setProvider(List) given, it introspects app ctx for all AccessDecisionVoters
and uses their Ordered interface to apply them; if one doesn't implement Ordered, assume it is Integer.MAX_VALUE -->
<security:authorization-manager id="id" strategy="consensus|unanimous|affirmative"/>
<!-- ======================== AUTHENTICATION ======================= -->
<!-- sessionCreation defaults to ifRequired. -->
<security:session-context-integration id="httpSessionContextIntegrationFilter" sessionCreation="never|ifRequired|always" />
<!-- The rules are:
AuthenticationManager interface is implemented by ProviderManager
So if you have any auto-detection, create a ProviderManager definition
If ProviderManager.setProvider(List) is never called, auto-detect all AuthenticationProviders from app ctx, using Ordered to resolve their order
Every authentication mechanism OR provider must start with security:authentication-something
Use appropriate attrs and elements depending on provider or mechanism
-->
<security:authentication-repository id="id" repositoryBeanRef="beanIdOfRepositoryIfUnspecifiedAutoDetectTheirUserDetailsInstance">
<security:salt-source saltSourceBeanRef="beanRefOfAnExternalEncoder"/> <!-- or allow it to be written inline as an inner bean -->
<security:password-encoder encoder="md5|md5Hex|sha|shaHex|custom" encoderBeanRef="beanRefOfAnExternalEncoder"/> <!-- same story here, inner beans allowed -->
</security:authentication-repository>
<security:salt-source>
<security:system-wide systemWideSalt="12345"/>
<security-reflection userPropertyToUse="sss"/>
</security:salt-source>
<!-- the URLs are all mandatory and have no defaults (well, except authenticationUrl) -->
<security:authentication-form id="id" authenticationUrl="/login" loginFormUrl="/login.html" errorFormUrl="error.html"/>
<!-- AuthenticationEntryPoints handled across the system via Ordered interface; every Acegi entry point has an order; the highest order wins and
is used as the entry point by ExceptionTranslationFilter; for things like BasicAuthenticationfilter, they're smart enough to know they need a
BasicAuthenticationProcessingFilterEntryPoint, so they use that one; here we have an entryPointOrder to say when we make the BasicEntryPoint,
we will call setOrder(2) such that this app effectively will use somehing with a higher order as the app-wide default -->
<security:authentication-basic id="id" realmName="Spring Security Application" entryPointOrder="2"/>
<!-- This is used if they want an out-of-the-bx UserDetails; if they write their own, this goes away and they wire a legacy bean definition and then the various
beans depending on a UserDetails will auto-detect it at runtime OR provide a way of setUserDetails(UserDetails) if to specified explicitly.
If they fail to provide a repository, the security-autodetect will set one up for them with a few basic in-memory users and pwds -->
<security:principal-repository id="id">
<security:ldap x="you can do the attributes and suitable nested elements"/>
<security:jdbc x="you can do the attributes and suitable nested elements"/>
<security:properties resource="resourceStringToPropertiesFile"> <!-- if they specify a resource attrib, that means throw exception if they nest some user-definition data) -->
<security:user-definition username="ben" password="nottellingYou" enabled="true" it="more stuff if you want">
<security:granted-authority authority="ROLE_ANONYMOUS"/>
<ref bean="fooBarAuthority"/>
</security:user-definition>
</security:properties>
</security:principal-repository>
<!-- makes the filter, but does little else, as it auto-detects everything -->
<security:authentication-remember-me-filter id="id" rememberMeServicesBeanRef="theId" />
<!-- services should auto-detect UserDetails from app ctx if principalRepository was not specified; key is handled in same way as discussed earlier -->
<security:authentication-remember-me-services id="id" key="someValue" principalRepositoryBeanRef="jdbcDaoImpl" />
<!-- key is optional; if unspecified, in the NamespaceHandler pick a rnd int and use for all unspecified key properties for acegi beans -->
<security:anonymous-role-granter " id="id" key="someValue" >
<security:granted-authority authority="ROLE_ANONYMOUS"/>
<ref bean="fooBarAuthority"/>
</security:anonymous-role-granter>
<security:granted-authority id="fooBarAuthority" authority="ROLE_FOOBAR"/>
<!-- If LogoutFilter does not have setHandlers populated, introspect app ctx for LogoutHandlers, using Ordered (if present, otherwise assume Integer.MAX_VALUE) -->
<!-- The logoutUrl and redirectAfterLogout are both optional and default to that shown -->
<security:logout-support id="logoutFilter" redirectAfterLogoutUrl="/" logoutUrl="/logout"/>
<!-- ===================== HTTP CHANNEL REQUIREMENTS ==================== -->
<!-- channel security out of scope; they use existing bean definition format; the channel filter will auto-detect and use Ordered interface as discussed above -->
<!-- any kind of ACL support is out of scope; frankly it is too hard for 1.1.0 -->
<!-- ensure element name is not overlapping with portlet or spring web flow or tapestry URI patterns, as this filter is incompatible with them -->
<security:authorization-http-url>
<security:url-mapping source="xml - the default and no other options" sourceBeanId="referenceToTheirObjectDefinitionSource">
<!-- Specify security:uri-patterns in order of processing; each pattern must specify EITHER a regularExpression OR a path, but not both
and ALL patterns in the url-mapping MUST be of the SAME type (ie cannot mix a regular expression and Ant Path) - give exception if tried -->
<security:uri-pattern path ="/index.jsp" regularExpression="whatever">
<security:configuration-attribute attribute="ROLE_A"/>
<ref bean="someExternalConfigurationAttributeThatIsATopLevelBean"/>
</security:uri-pattern>
<security:uri-pattern path ="/**" regularExperssion="whatever">
<security:configuration-attribute attribute="ROLE_A"/>
<ref bean="someExternalConfigurationAttributeThatIsATopLevelBean"/>
</security:uri-pattern>
</security:url-mapping>
</security:authorization-http-url>
<!-- the source refers to use of the relevant concete ObjectDefinitionSource; user can alternately specify their own instance and refer to it
via the sourceBeanId property; in that case they must specify "custom"; if unspecified, it means it's described as nested elements using the
security:method-pattern element, and you will therefore create it via the MethodDefinitionSourceEditor (that is what the default source=xml means, too)
For aspectj and springAop, that means create a MethodSecurityInterceptor and AspectJSecurityInterceptor bean definition respectively (in the case of
springAop, also create a MethodDefinitionSourceAdvisor); defaults to springAop=true, aspectJ=false -->
<security:authorization-joinpoint aspectj="false|true" springAop="true|false" >
<security:url-mapping source="custom|xml|attributes|annotations" sourceBeanId="referenceToTheirObjectDefinitionSource">
<security:method-pattern type="com.foo.Bar.whateverMethodNamePattern">
<security:configuration-attribute attribute="ROLE_A"/>
<ref bean="someExternalConfigurationAttributeThatIsATopLevelBean"/>
</security:method-pattern>
</security:url-mapping>
<!-- if get time, do a new security:pointcut-pattern -->
</security:authorization-joinpoint>
<!-- Basically accessDeniedUrl is optional, we if unspecified impl will auto-detect any AccessDeniedHandler in ctx and use it;
alternately if there are > 1 such handlers, we can nominate the one to use via accessDeniedBeanRef; provide nested elements for
other props; i do not mind if you move the access denied stuff to a sub-element -->
<security:exception-translation id="id" accessDeniedUrl="/accessDenied.jsp" accessDeniedBeanRef="theBeanToUse">
<security:entry-point path="/acegilogin.jsp" https="boolean"/>
</security:exception-translation>
</beans>

View File

@ -0,0 +1,63 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
<!-- ======================== AUTHENTICATION ======================= -->
<!-- sessionCreation defaults to ifRequired(true) always(true) never(false) . -->
<security:session-context-integration id="httpSessionContextIntegrationFilter" sessionCreation="never" />
<!-- The rules are:
AuthenticationManager interface is implemented by ProviderManager
So if you have any auto-detection, create a ProviderManager definition
If ProviderManager.setProvider(List) is never called, auto-detect all AuthenticationProviders from app ctx, using Ordered to resolve their order
Every authentication mechanism OR provider must start with security:authentication-something
Use appropriate attrs and elements depending on provider or mechanism
-->
<!-- Case 1
<security:authentication-repository id="id" repositoryBeanRef="userDetails">
<security:salt-source
saltSourceBeanRef="beanRefOfAnExternalEncoder" />
or allow it to be written inline as an inner bean
<security:password-encoder
encoder="md5|md5Hex|sha|shaHex|custom"
encoderBeanRef="beanRefOfAnExternalEncoder" />
same story here, inner beans allowed
</security:authentication-repository>
<bean id="userDetails" class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
<property name="dataSource"><ref bean="dataSource"/></property>
</bean>
Case 2: autodetect userDetails
<security:authentication-repository id="id">
<security:salt-source
saltSourceBeanRef="beanRefOfAnExternalEncoder" />
or allow it to be written inline as an inner bean
<security:password-encoder
encoder="md5|md5Hex|sha|shaHex|custom"
encoderBeanRef="beanRefOfAnExternalEncoder" />
same story here, inner beans allowed
</security:authentication-repository>
Case 3: inner beans
<security:authentication-repository id="id"
ref="userDetails">
<security:salt-source propertyName="propertyValue" />
or allow it to be written inline as an inner bean
<security:password-encoder encoder="md5" />
same story here, inner beans allowed
</security:authentication-repository>
--></beans>