SEC-3013: Add messages_en.properties

2025-06-12 07:02:13 +00:00 · 2015-07-13 23:18:45 -05:00 · 2015-07-13 23:18:45 -05:00 · 567b0ed030
commit 567b0ed030
parent 4e6b12f8b4
2 changed files with 71 additions and 5 deletions
--- a/core/src/main/resources/org/springframework/security/messages_en.properties
+++ b/core/src/main/resources/org/springframework/security/messages_en.properties
@ -0,0 +1,47 @@
+AbstractAccessDecisionManager.accessDenied=Access is denied
+AbstractLdapAuthenticationProvider.emptyPassword=Empty Password
+AbstractSecurityInterceptor.authenticationNotFound=An Authentication object was not found in the SecurityContext
+AbstractUserDetailsAuthenticationProvider.badCredentials=Bad credentials
+AbstractUserDetailsAuthenticationProvider.credentialsExpired=User credentials have expired
+AbstractUserDetailsAuthenticationProvider.disabled=User is disabled
+AbstractUserDetailsAuthenticationProvider.expired=User account has expired
+AbstractUserDetailsAuthenticationProvider.locked=User account is locked
+AbstractUserDetailsAuthenticationProvider.onlySupports=Only UsernamePasswordAuthenticationToken is supported
+AccountStatusUserDetailsChecker.credentialsExpired=User credentials have expired
+AccountStatusUserDetailsChecker.disabled=User is disabled
+AccountStatusUserDetailsChecker.expired=User account has expired
+AccountStatusUserDetailsChecker.locked=User account is locked
+AclEntryAfterInvocationProvider.noPermission=Authentication {0} has NO permissions to the domain object {1}
+AnonymousAuthenticationProvider.incorrectKey=The presented AnonymousAuthenticationToken does not contain the expected key
+BindAuthenticator.badCredentials=Bad credentials
+BindAuthenticator.emptyPassword=Empty Password
+CasAuthenticationProvider.incorrectKey=The presented CasAuthenticationToken does not contain the expected key
+CasAuthenticationProvider.noServiceTicket=Failed to provide a CAS service ticket to validate
+ConcurrentSessionControlStrategy.exceededAllowed=Maximum sessions of {0} for this principal exceeded
+DigestAuthenticationFilter.incorrectRealm=Response realm name {0} does not match system realm name of {1}
+DigestAuthenticationFilter.incorrectResponse=Incorrect response
+DigestAuthenticationFilter.missingAuth=Missing mandatory digest value for 'auth' QOP; received header {0}
+DigestAuthenticationFilter.missingMandatory=Missing mandatory digest value; received header {0}
+DigestAuthenticationFilter.nonceCompromised=Nonce token compromised {0}
+DigestAuthenticationFilter.nonceEncoding=Nonce is not encoded in Base64; received nonce {0}
+DigestAuthenticationFilter.nonceExpired=Nonce has expired/timed out
+DigestAuthenticationFilter.nonceNotNumeric=Nonce token should have yielded a numeric first token, but was {0}
+DigestAuthenticationFilter.nonceNotTwoTokens=Nonce should have yielded two tokens but was {0}
+DigestAuthenticationFilter.usernameNotFound=Username {0} not found
+JdbcDaoImpl.noAuthority=User {0} has no GrantedAuthority
+JdbcDaoImpl.notFound=User {0} not found
+LdapAuthenticationProvider.badCredentials=Bad credentials
+LdapAuthenticationProvider.credentialsExpired=User credentials have expired
+LdapAuthenticationProvider.disabled=User is disabled
+LdapAuthenticationProvider.expired=User account has expired
+LdapAuthenticationProvider.locked=User account is locked
+LdapAuthenticationProvider.emptyUsername=Empty username not allowed
+LdapAuthenticationProvider.onlySupports=Only UsernamePasswordAuthenticationToken is supported
+PasswordComparisonAuthenticator.badCredentials=Bad credentials
+PersistentTokenBasedRememberMeServices.cookieStolen=Invalid remember-me token (Series/token) mismatch. Implies previous cookie theft attack.
+ProviderManager.providerNotFound=No AuthenticationProvider found for {0}
+RememberMeAuthenticationProvider.incorrectKey=The presented RememberMeAuthenticationToken does not contain the expected key
+RunAsImplAuthenticationProvider.incorrectKey=The presented RunAsUserToken does not contain the expected key
+SubjectDnX509PrincipalExtractor.noMatching=No matching pattern was found in subjectDN: {0}
+SwitchUserFilter.noCurrentUser=No current user associated with this request
+SwitchUserFilter.noOriginalAuthentication=Could not find original Authentication object
--- a/core/src/test/java/org/springframework/security/core/SpringSecurityMessageSourceTests.java
+++ b/core/src/test/java/org/springframework/security/core/SpringSecurityMessageSourceTests.java
@ -23,16 +23,18 @@ import org.springframework.security.core.SpringSecurityMessageSource;

 import java.util.Locale;

-
 /**
 * Tests {@link org.springframework.security.core.SpringSecurityMessageSource}.
 */
 public class SpringSecurityMessageSourceTests extends TestCase {
-    //~ Methods ========================================================================================================
+    // ~ Methods
+    // ========================================================================================================

    public void testOperation() {
        SpringSecurityMessageSource msgs = new SpringSecurityMessageSource();
-        assertEquals("\u4E0D\u5141\u8BB8\u8BBF\u95EE", msgs.getMessage("AbstractAccessDecisionManager.accessDenied", null, Locale.SIMPLIFIED_CHINESE));
+        assertEquals("\u4E0D\u5141\u8BB8\u8BBF\u95EE", msgs.getMessage(
+                "AbstractAccessDecisionManager.accessDenied", null,
+                Locale.SIMPLIFIED_CHINESE));
    }

    public void testReplacableLookup() {
@ -42,11 +44,28 @@ public class SpringSecurityMessageSourceTests extends TestCase {

        // Cause a message to be generated
        MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
-        assertEquals("Le jeton nonce est compromis FOOBAR",
-            messages.getMessage("DigestAuthenticationFilter.nonceCompromised", new Object[] {"FOOBAR"},
+        assertEquals("Le jeton nonce est compromis FOOBAR", messages.getMessage(
+                "DigestAuthenticationFilter.nonceCompromised", new Object[] { "FOOBAR" },
                "ERROR - FAILED TO LOOKUP"));

        // Revert to original Locale
        LocaleContextHolder.setLocale(before);
    }
+
+    // SEC-3013
+    public void germanSystemLocaleWithEnglishLocaleContextHolder() {
+        Locale beforeSystem = Locale.getDefault();
+        Locale.setDefault(Locale.GERMAN);
+
+        Locale beforeHolder = LocaleContextHolder.getLocale();
+        LocaleContextHolder.setLocale(Locale.US);
+
+        MessageSourceAccessor msgs = SpringSecurityMessageSource.getAccessor();
+        assertEquals("Access is denied", msgs.getMessage(
+                "AbstractAccessDecisionManager.accessDenied", "Ooops"));
+
+        // Revert to original Locale
+        Locale.setDefault(beforeSystem);
+        LocaleContextHolder.setLocale(beforeHolder);
+    }
 }