mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-10-30 22:28:46 +00:00
Corrected references to old context class names in Javadoc and logging.
This commit is contained in:
Luke Taylor
parent
5a51f391a4
commit
5cb7575b2b
@ -17,8 +17,7 @@ package net.sf.acegisecurity;
|
||||
|
||||
/**
|
||||
* Thrown if an authentication request is rejected because there is no {@link
|
||||
* Authentication} object in the {@link
|
||||
* net.sf.acegisecurity.context.security.SecureContext}.
|
||||
* Authentication} object in the {@link net.sf.acegisecurity.context.SecurityContext SecurityContext}.
|
||||
*
|
||||
* @author Ben Alex
|
||||
* @version $Id$
|
||||
|
||||
@ -19,18 +19,18 @@ package net.sf.acegisecurity;
|
||||
* Creates a new temporary {@link Authentication} object for the current secure
|
||||
* object invocation only.
|
||||
*
|
||||
* <P>
|
||||
* <p>
|
||||
* This interface permits implementations to replace the
|
||||
* <code>Authentication</code> object that applies to the current secure
|
||||
* object invocation only. The {@link
|
||||
* net.sf.acegisecurity.intercept.AbstractSecurityInterceptor} will replace
|
||||
* the <code>Authentication</code> object held in the {@link
|
||||
* net.sf.acegisecurity.context.security.SecureContext} for the duration of
|
||||
* the secure object callback only, returning it to the original
|
||||
* <code>Authentication</code> object when the callback ends.
|
||||
* the <code>Authentication</code> object held in the
|
||||
* {@link net.sf.acegisecurity.context.SecurityContext SecurityContext}
|
||||
* for the duration of the secure object callback only, returning it to
|
||||
* the original <code>Authentication</code> object when the callback ends.
|
||||
* </p>
|
||||
*
|
||||
* <P>
|
||||
* <p>
|
||||
* This is provided so that systems with two layers of objects can be
|
||||
* established. One layer is public facing and has normal secure methods with
|
||||
* the granted authorities expected to be held by external callers. The other
|
||||
|
||||
@ -34,7 +34,7 @@ import javax.servlet.http.HttpSession;
|
||||
|
||||
/**
|
||||
* <p>
|
||||
* Populates the <code>SecurityContextHolder</code> with information obtained
|
||||
* Populates the {@link SecurityContextHolder}</code> with information obtained
|
||||
* from the <code>HttpSession</code>.
|
||||
* </p>
|
||||
*
|
||||
@ -60,15 +60,15 @@ import javax.servlet.http.HttpSession;
|
||||
* No <code>HttpSession</code> will be created by this filter if one does not
|
||||
* already exist. If at the end of the web request the
|
||||
* <code>HttpSession</code> does not exist, a <code>HttpSession</code> will
|
||||
* <b>only</b> be created if the current contents of
|
||||
* <code>ContextHolder</code> are not {@link
|
||||
* <b>only</b> be created if the current contents of the
|
||||
* <code>SecurityContextHolder</code> are not {@link
|
||||
* java.lang.Object#equals(java.lang.Object)} to a <code>new</code> instance
|
||||
* of {@link #setContext(Class)}. This avoids needless
|
||||
* <code>HttpSession</code> creation, but automates the storage of changes
|
||||
* made to the <code>ContextHolder</code>.
|
||||
* made to the <code>SecurityContextHolder</code>.
|
||||
* </p>
|
||||
*
|
||||
* <P>
|
||||
* <p>
|
||||
* This filter will only execute once per request, to resolve servlet container
|
||||
* (specifically Weblogic) incompatibilities.
|
||||
* </p>
|
||||
@ -79,16 +79,16 @@ import javax.servlet.http.HttpSession;
|
||||
* similar clients that will never present the same <code>jsessionid</code>
|
||||
* etc), the {@link #setAllowSessionCreation(boolean)} should be set to
|
||||
* <code>false</code>. Only do this if you really need to conserve server
|
||||
* memory and ensure all classes using the <code>ContextHolder</code> are
|
||||
* designed to have no persistence of the <code>Context</code> between web
|
||||
* memory and ensure all classes using the <code>SecurityContextHolder</code> are
|
||||
* designed to have no persistence of the <code>SecurityContext</code> between web
|
||||
* requests.
|
||||
* </p>
|
||||
*
|
||||
* <p>
|
||||
* This filter MUST be executed BEFORE any authentication procesing mechanisms.
|
||||
* Authentication processing mechanisms (eg BASIC, CAS processing filters etc)
|
||||
* expect the <code>ContextHolder</code> to contain a valid
|
||||
* <code>SecureContext</code> by the time they execute.
|
||||
* expect the <code>SecurityContextHolder</code> to contain a valid
|
||||
* <code>SecurityContext</code> by the time they execute.
|
||||
* </p>
|
||||
*
|
||||
* @author Ben Alex
|
||||
|
||||
@ -25,7 +25,7 @@ import java.io.Serializable;
|
||||
* current thread of execution.
|
||||
*
|
||||
* <p>
|
||||
* Stored in {@link net.sf.acegisecurity.context.SecurityContextHolder}.
|
||||
* The security context is stored in a {@link SecurityContextHolder}.
|
||||
* </p>
|
||||
*
|
||||
* @author Ben Alex
|
||||
|
||||
@ -20,10 +20,10 @@ import org.springframework.util.Assert;
|
||||
|
||||
/**
|
||||
* Associates a given {@link SecurityContext} with the current execution
|
||||
* thread, along with new threads the current execution thread may spawn.
|
||||
* thread and any new threads the current execution thread may spawn.
|
||||
*
|
||||
* <p>
|
||||
* To guarantee the {@link #getContext()} never returns <code>null</code>, this
|
||||
* To guarantee that {@link #getContext()} never returns <code>null</code>, this
|
||||
* class defaults to returning <code>SecurityContextImpl</code> if no
|
||||
* <code>SecurityContext</code> has ever been associated with the current
|
||||
* thread of execution. Despite this behaviour, in general another class will
|
||||
|
||||
@ -21,9 +21,7 @@ import net.sf.acegisecurity.Authentication;
|
||||
* Base implementation of {@link SecurityContext}.
|
||||
*
|
||||
* <p>
|
||||
* Used by default by {@link
|
||||
* net.sf.acegisecurity.context.SecurityContextHolder} and {@link
|
||||
* net.sf.acegisecurity.context.HttpSessionContextIntegrationFilter}.
|
||||
* Used by default by {@link SecurityContextHolder} and {@link HttpSessionContextIntegrationFilter}.
|
||||
* </p>
|
||||
*
|
||||
* @author Ben Alex
|
||||
|
||||
@ -61,14 +61,14 @@ public class AuthenticationSimpleHttpInvokerRequestExecutor
|
||||
/**
|
||||
* Called every time a HTTP invocation is made.
|
||||
*
|
||||
* <P>
|
||||
* <p>
|
||||
* Simply allows the parent to setup the connection, and then adds an
|
||||
* <code>Authorization</code> HTTP header property that will be used for
|
||||
* BASIC authentication.
|
||||
* </p>
|
||||
*
|
||||
* <P>
|
||||
* The <code>ContextHolder</code> is used to obtain the relevant principal
|
||||
* <p>
|
||||
* The <code>SecurityContextHolder</code> is used to obtain the relevant principal
|
||||
* and credentials.
|
||||
* </p>
|
||||
*
|
||||
@ -77,7 +77,7 @@ public class AuthenticationSimpleHttpInvokerRequestExecutor
|
||||
*
|
||||
* @throws IOException if thrown by HttpURLConnection methods
|
||||
* @throws AuthenticationCredentialsNotFoundException if the
|
||||
* <code>ContextHolder</code> does not contain a valid
|
||||
* <code>SecurityContextHolder</code> does not contain a valid
|
||||
* <code>Authentication</code> with both its
|
||||
* <code>principal</code> and <code>credentials</code> not
|
||||
* <code>null</code>
|
||||
|
||||
@ -32,7 +32,7 @@ import java.lang.reflect.InvocationTargetException;
|
||||
/**
|
||||
* The actual <code>RemoteInvocation</code> that is passed from the client to
|
||||
* the server, which contains the contents of {@link SecurityContextHolder},
|
||||
* being a {@link SecureContext} object.
|
||||
* being a {@link SecurityContext} object.
|
||||
*
|
||||
* <p>
|
||||
* When constructed on the client via {@link
|
||||
|
||||
@ -22,7 +22,7 @@ import net.sf.acegisecurity.ConfigAttributeDefinition;
|
||||
/**
|
||||
* Indicates a secure object invocation failed because the
|
||||
* <code>Authentication</code> could not be obtained from the
|
||||
* <code>ContextHolder</code>.
|
||||
* <code>SecurityContextHolder</code>.
|
||||
*
|
||||
* @author Ben Alex
|
||||
* @version $Id$
|
||||
|
||||
@ -41,11 +41,11 @@ public class AuthorizationFailureEvent extends AbstractAuthorizationEvent {
|
||||
*
|
||||
* @param secureObject the secure object
|
||||
* @param configAttribs that apply to the secure object
|
||||
* @param authentication that was found on the <code>ContextHolder</code>
|
||||
* @param authentication that was found in the <code>SecurityContextHolder</code>
|
||||
* @param accessDeniedException that was returned by the
|
||||
* <code>AccessDecisionManager</code>
|
||||
*
|
||||
* @throws IllegalArgumentException DOCUMENT ME!
|
||||
* @throws IllegalArgumentException if any null arguments are presented.
|
||||
*/
|
||||
public AuthorizationFailureEvent(Object secureObject,
|
||||
ConfigAttributeDefinition configAttribs, Authentication authentication,
|
||||
|
||||
@ -18,14 +18,14 @@ package net.sf.acegisecurity.event.authorization;
|
||||
/**
|
||||
* Event that is generated whenever a public secure object is invoked.
|
||||
*
|
||||
* <P>
|
||||
* <p>
|
||||
* A public secure object is a secure object that has no
|
||||
* <code>ConfigAttributeDefinition</code> defined. A public secure object will
|
||||
* not cause the <code>ContextHolder</code> to be inspected or authenticated,
|
||||
* not cause the <code>SecurityContextHolder</code> to be inspected or authenticated,
|
||||
* and no authorization will take place.
|
||||
* </p>
|
||||
*
|
||||
* <P>
|
||||
* <p>
|
||||
* Published just before the secure object attempts to proceed.
|
||||
* </p>
|
||||
*
|
||||
|
||||
@ -39,8 +39,8 @@ import javax.servlet.ServletResponse;
|
||||
* Detects if there is no <code>Authentication</code> object in the
|
||||
* <code>SecurityContextHolder</code>, and populates it with one if needed.
|
||||
*
|
||||
* <P>
|
||||
* <B>Do not use this class directly.</B> Instead configure
|
||||
* <p>
|
||||
* <b>Do not use this class directly.</b> Instead configure
|
||||
* <code>web.xml</code> to use the {@link
|
||||
* net.sf.acegisecurity.util.FilterToBeanProxy}.
|
||||
* </p>
|
||||
@ -93,14 +93,14 @@ public class AnonymousProcessingFilter implements Filter, InitializingBean {
|
||||
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug(
|
||||
"Replaced SecurityContextHolder with anonymous token: '" +
|
||||
"Populated SecurityContextHolder with anonymous token: '" +
|
||||
SecurityContextHolder.getContext().getAuthentication() +
|
||||
"'");
|
||||
}
|
||||
} else {
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug(
|
||||
"SecurityContextHolder not replaced with anonymous token, as ContextHolder already contained: '" +
|
||||
"SecurityContextHolder not populated with anonymous token, as it already contained: '" +
|
||||
SecurityContextHolder.getContext().getAuthentication() +
|
||||
"'");
|
||||
}
|
||||
@ -119,11 +119,10 @@ public class AnonymousProcessingFilter implements Filter, InitializingBean {
|
||||
/**
|
||||
* Does nothing - we reply on IoC lifecycle services instead.
|
||||
*
|
||||
* @param arg0 DOCUMENT ME!
|
||||
* @param ignored not used
|
||||
*
|
||||
* @throws ServletException DOCUMENT ME!
|
||||
*/
|
||||
public void init(FilterConfig arg0) throws ServletException {
|
||||
public void init(FilterConfig ignored) throws ServletException {
|
||||
}
|
||||
|
||||
/**
|
||||
@ -157,8 +156,8 @@ public class AnonymousProcessingFilter implements Filter, InitializingBean {
|
||||
* Controls whether the filter will remove the Anonymous token
|
||||
* after the request is complete. Generally this is desired to
|
||||
* avoid the expense of a session being created by
|
||||
* {@link net.sf.acegisecurity.context.HttpSessionContextIntegrationFilter} simply
|
||||
* to store the Anonymous authentication token.
|
||||
* {@link net.sf.acegisecurity.context.HttpSessionContextIntegrationFilter HttpSessionContextIntegrationFilter}
|
||||
* simply to store the Anonymous authentication token.
|
||||
*
|
||||
* <p>Defaults to <code>true</code>,
|
||||
* being the most optimal and appropriate option (ie <code>AnonymousProcessingFilter</code>
|
||||
|
||||
@ -30,15 +30,16 @@ import javax.security.auth.spi.LoginModule;
|
||||
|
||||
|
||||
/**
|
||||
* An implementation of {@link LoginModule} that uses an Acegi Security {@link
|
||||
* SecureContext} to provide authentication. <br>
|
||||
* An implementation of {@link LoginModule} that uses an Acegi Security
|
||||
* {@link net.sf.acegisecurity.context.SecurityContext SecurityContext}
|
||||
* to provide authentication. <br />
|
||||
* This LoginModule provides opposite functionality to the {@link
|
||||
* JaasAuthenticationProvider} API, and should not really be used in
|
||||
* conjunction. <br>
|
||||
* conjunction with it. <br />
|
||||
* The {@link JaasAuthenticationProvider} allows Acegi to authenticate against
|
||||
* Jaas. <br>
|
||||
* Jaas. <br />
|
||||
* The SecureContextLoginModule allows a Jaas based application to
|
||||
* authenticate against Acegi. If there is no Authentication in the {@link
|
||||
* authenticate against Acegi. If there is no Authentication in the {@link
|
||||
* SecurityContextHolder} the login() method will throw a LoginException by
|
||||
* default. This functionality can be changed with the
|
||||
* <tt>ignoreMissingAuthentication</tt> option by setting it to "true".
|
||||
@ -126,7 +127,7 @@ public class SecureContextLoginModule implements LoginModule {
|
||||
/**
|
||||
* Authenticate the <code>Subject</code> (phase one) by extracting the
|
||||
* Acegi Security <code>Authentication</code> from the current
|
||||
* <code>SecureContext</code>.
|
||||
* <code>SecurityContext</code>.
|
||||
*
|
||||
* @return true if the authentication succeeded, or false if this
|
||||
* <code>LoginModule</code> should be ignored.
|
||||
|
||||
@ -54,7 +54,7 @@ import javax.servlet.jsp.tagext.TagSupport;
|
||||
* One or more comma separate integer permissions are specified via the
|
||||
* <code>hasPermission</code> attribute. The tag will include its body if
|
||||
* <b>any</b> of the integer permissions have been granted to the current
|
||||
* <code>Authentication</code> (obtained from the <code>ContextHolder</code>).
|
||||
* <code>Authentication</code> (obtained from the <code>SecurityContextHolder</code>).
|
||||
* </p>
|
||||
*
|
||||
* <p>
|
||||
|
||||
@ -172,7 +172,7 @@ public class BasicProcessingFilter implements Filter, InitializingBean {
|
||||
password = token.substring(delim + 1);
|
||||
}
|
||||
|
||||
// Only reauthenticate if username doesn't match ContextHolder and user isn't authenticated (see SEC-53)
|
||||
// Only reauthenticate if username doesn't match SecurityContextHolder and user isn't authenticated (see SEC-53)
|
||||
Authentication existingAuth = SecurityContextHolder.getContext()
|
||||
.getAuthentication();
|
||||
|
||||
|
||||
@ -54,11 +54,11 @@ import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
/**
|
||||
* Processes a HTTP request's Digest authorization headers, putting the result
|
||||
* into the <code>ContextHolder</code>.
|
||||
* into the <code>SecurityContextHolder</code>.
|
||||
*
|
||||
* <P>
|
||||
* <p>
|
||||
* For a detailed background on what this filter is designed to process, refer
|
||||
* to <A HREF="http://www.ietf.org/rfc/rfc2617.txt">RFC 2617</A> (which
|
||||
* to <a href="http://www.ietf.org/rfc/rfc2617.txt">RFC 2617</a> (which
|
||||
* superseded RFC 2069, although this filter support clients that implement
|
||||
* either RFC 2617 or RFC 2069).
|
||||
* </p>
|
||||
@ -72,18 +72,18 @@ import javax.servlet.http.HttpServletResponse;
|
||||
* <p>
|
||||
* This Digest implementation has been designed to avoid needing to store
|
||||
* session state between invocations. All session management information is
|
||||
* stored in the "nonce" that is sent to the client by the {@link
|
||||
* net.sf.acegisecurity.ui.digestauth.DigestProcessingFilterEntryPoint}.
|
||||
* stored in the "nonce" that is sent to the client by the {@link DigestProcessingFilterEntryPoint}.
|
||||
* </p>
|
||||
*
|
||||
* <P>
|
||||
* If authentication is successful, the resulting {@link Authentication} object
|
||||
* will be placed into the <code>ContextHolder</code>.
|
||||
* If authentication is successful, the resulting {@link net.sf.acegisecurity.Authentication Authentication}
|
||||
* object will be placed into the <code>SecurityContextHolder</code>.
|
||||
* </p>
|
||||
*
|
||||
* <p>
|
||||
* If authentication fails, an {@link AuthenticationEntryPoint} implementation
|
||||
* is called. This must always be {@link DigestProcessingFilterEntryPoint},
|
||||
* If authentication fails, an
|
||||
* {@link net.sf.acegisecurity.intercept.web.AuthenticationEntryPoint AuthenticationEntryPoint}
|
||||
* implementation is called. This must always be {@link DigestProcessingFilterEntryPoint},
|
||||
* which will prompt the user to authenticate again via Digest authentication.
|
||||
* </p>
|
||||
*
|
||||
@ -432,7 +432,7 @@ public class DigestProcessingFilter implements Filter, InitializingBean {
|
||||
return userCache;
|
||||
}
|
||||
|
||||
public void init(FilterConfig arg0) throws ServletException {}
|
||||
public void init(FilterConfig ignored) throws ServletException {}
|
||||
|
||||
private void fail(ServletRequest request, ServletResponse response,
|
||||
AuthenticationException failed) throws IOException, ServletException {
|
||||
|
||||
@ -65,8 +65,8 @@ import javax.servlet.http.HttpServletResponse;
|
||||
* via an <code>AuthenticationManager</code>-specific application event.
|
||||
* </p>
|
||||
*
|
||||
* <P>
|
||||
* <B>Do not use this class directly.</B> Instead configure
|
||||
* <p>
|
||||
* <b>Do not use this class directly.</b> Instead configure
|
||||
* <code>web.xml</code> to use the {@link
|
||||
* net.sf.acegisecurity.util.FilterToBeanProxy}.
|
||||
* </p>
|
||||
@ -130,7 +130,7 @@ public class RememberMeProcessingFilter implements Filter, InitializingBean,
|
||||
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug(
|
||||
"Replaced SecurityContextHolder with remember-me token: '"
|
||||
"SecurityContextHolder populated with remember-me token: '"
|
||||
+ SecurityContextHolder.getContext().getAuthentication()
|
||||
+ "'");
|
||||
}
|
||||
@ -145,7 +145,7 @@ public class RememberMeProcessingFilter implements Filter, InitializingBean,
|
||||
} else {
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug(
|
||||
"SecurityContextHolder not replaced with remember-me token, as SecurityContextHolder already contained: '"
|
||||
"SecurityContextHolder not populated with remember-me token, as it already contained: '"
|
||||
+ SecurityContextHolder.getContext().getAuthentication()
|
||||
+ "'");
|
||||
}
|
||||
@ -157,9 +157,8 @@ public class RememberMeProcessingFilter implements Filter, InitializingBean,
|
||||
/**
|
||||
* Does nothing - we rely on IoC lifecycle services instead.
|
||||
*
|
||||
* @param arg0 not used
|
||||
* @param ignored not used
|
||||
*
|
||||
* @throws ServletException not thrown
|
||||
*/
|
||||
public void init(FilterConfig arg0) throws ServletException {}
|
||||
public void init(FilterConfig ignored) throws ServletException {}
|
||||
}
|
||||
|
||||
@ -54,7 +54,7 @@ public interface RememberMeServices {
|
||||
//~ Methods ================================================================
|
||||
|
||||
/**
|
||||
* This method will be called whenever the <code>ContextHolder</code> does
|
||||
* This method will be called whenever the <code>SecurityContextHolder</code> does
|
||||
* not contain an <code>Authentication</code> and the Acegi Security
|
||||
* system wishes to provide an implementation with an opportunity to
|
||||
* authenticate the request using remember-me capabilities. Acegi Security
|
||||
|
||||
@ -238,7 +238,7 @@ public class TokenBasedRememberMeServices implements RememberMeServices,
|
||||
// Must do this after user lookup, as we need the DAO-derived password
|
||||
// If efficiency was a major issue, just add in a UserCache implementation,
|
||||
// but recall this method is usually only called one per HttpSession
|
||||
// (as if the token is valid, it will cause ContextHolder population, whilst
|
||||
// (as if the token is valid, it will cause SecurityContextHolder population, whilst
|
||||
// if invalid, will cause the cookie to be cancelled)
|
||||
String expectedTokenSignature = DigestUtils.md5Hex(userDetails
|
||||
.getUsername() + ":" + tokenExpiryTime + ":"
|
||||
|
||||
@ -78,7 +78,7 @@ import javax.servlet.http.HttpServletResponse;
|
||||
* </p>
|
||||
*
|
||||
* <p>
|
||||
* On successful switch, the user's <code>SecureContextHolder</code> will be
|
||||
* On successful switch, the user's <code>SecurityContextHolder</code> will be
|
||||
* updated to reflect the specified user and will also contain an additinal
|
||||
* {@link net.sf.acegisecurity.ui.switchuser.SwitchUserGrantedAuthority }
|
||||
* which contains the original user.
|
||||
@ -224,7 +224,7 @@ public class SwitchUserProcessingFilter implements Filter, InitializingBean,
|
||||
chain.doFilter(request, response);
|
||||
}
|
||||
|
||||
public void init(FilterConfig filterConfig) throws ServletException {}
|
||||
public void init(FilterConfig ignored) throws ServletException {}
|
||||
|
||||
/**
|
||||
* Attempt to exit from an already switched user.
|
||||
|
||||
@ -165,7 +165,7 @@ public class X509ProcessingFilter implements Filter, InitializingBean,
|
||||
filterChain.doFilter(request, response);
|
||||
}
|
||||
|
||||
public void init(FilterConfig filterConfig) throws ServletException {}
|
||||
public void init(FilterConfig ignored) throws ServletException {}
|
||||
|
||||
/**
|
||||
* Puts the <code>Authentication</code> instance returned by the
|
||||
@ -206,7 +206,7 @@ public class X509ProcessingFilter implements Filter, InitializingBean,
|
||||
SecurityContextHolder.getContext().setAuthentication(null);
|
||||
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Updated ContextHolder to contain null Authentication");
|
||||
logger.debug("Updated SecurityContextHolder to contain null Authentication");
|
||||
}
|
||||
|
||||
request.getSession().setAttribute(AbstractProcessingFilter.ACEGI_SECURITY_LAST_EXCEPTION_KEY,
|
||||
|
||||
@ -53,7 +53,7 @@ public class ContextHolderAwareRequestWrapper extends HttpServletRequestWrapper
|
||||
|
||||
/**
|
||||
* Returns the principal's name, as obtained from the
|
||||
* <code>ContextHolder</code>. Properly handles both
|
||||
* <code>SecurityContextHolder</code>. Properly handles both
|
||||
* <code>String</code>-based and <code>UserDetails</code>-based
|
||||
* principals.
|
||||
*
|
||||
@ -78,7 +78,7 @@ public class ContextHolderAwareRequestWrapper extends HttpServletRequestWrapper
|
||||
* GrantedAuthority#getAuthority()}.
|
||||
*
|
||||
* <p>
|
||||
* Will always return <code>false</code> if the <code>ContextHolder</code>
|
||||
* Will always return <code>false</code> if the <code>SecurityContextHolder</code>
|
||||
* contains an <code>Authentication</code> with
|
||||
* <code>null</code><code>principal</code> and/or
|
||||
* <code>GrantedAuthority[]</code> objects.
|
||||
|
||||
@ -69,7 +69,7 @@ public class ContextPropagatingRemoteInvocationTests extends TestCase {
|
||||
SecurityContextHolder.setContext(new SecurityContextImpl());
|
||||
|
||||
// The result from invoking the TargetObject should contain the
|
||||
// Authentication class delivered via the ContextHolder
|
||||
// Authentication class delivered via the SecurityContextHolder
|
||||
assertEquals("some_string net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken false",
|
||||
remoteInvocation.invoke(new TargetObject()));
|
||||
}
|
||||
|
||||
@ -83,7 +83,7 @@ public class SecurityEnforcementFilterTests extends TestCase {
|
||||
MockFilterSecurityInterceptor interceptor = new MockFilterSecurityInterceptor(true,
|
||||
false, false, false);
|
||||
|
||||
// Setup ContextHolder, as filter needs to check if user is anonymous
|
||||
// Setup SecurityContextHolder, as filter needs to check if user is anonymous
|
||||
SecurityContextHolder.getContext().setAuthentication(new AnonymousAuthenticationToken(
|
||||
"ignored", "ignored",
|
||||
new GrantedAuthority[] {new GrantedAuthorityImpl("IGNORED")}));
|
||||
@ -113,7 +113,7 @@ public class SecurityEnforcementFilterTests extends TestCase {
|
||||
MockFilterSecurityInterceptor interceptor = new MockFilterSecurityInterceptor(true,
|
||||
false, false, false);
|
||||
|
||||
// Setup ContextHolder, as filter needs to check if user is anonymous
|
||||
// Setup SecurityContextHolder, as filter needs to check if user is anonymous
|
||||
SecurityContextHolder.getContext().setAuthentication(null);
|
||||
|
||||
// Test
|
||||
|
||||
@ -104,7 +104,7 @@ public class AnonymousProcessingFilterTests extends TestCase {
|
||||
|
||||
public void testOperationWhenAuthenticationExistsInContextHolder()
|
||||
throws Exception {
|
||||
// Put an Authentication object into the ContextHolder
|
||||
// Put an Authentication object into the SecurityContextHolder
|
||||
Authentication originalAuth = new TestingAuthenticationToken("user",
|
||||
"password",
|
||||
new GrantedAuthority[] { new GrantedAuthorityImpl("ROLE_A") });
|
||||
|
||||
@ -30,7 +30,7 @@ import javax.security.auth.login.LoginException;
|
||||
|
||||
|
||||
/**
|
||||
* DOCUMENT ME!
|
||||
* Testst SecureContextLoginModule
|
||||
*
|
||||
* @author Ray Krueger
|
||||
*/
|
||||
@ -57,7 +57,7 @@ public class SecureContextLoginModuleTests extends TestCase {
|
||||
try {
|
||||
module.login();
|
||||
fail(
|
||||
"LoginException expected, there is no Authentication in the SecureContext");
|
||||
"LoginException expected, there is no Authentication in the SecurityContext");
|
||||
} catch (LoginException e) {}
|
||||
}
|
||||
|
||||
@ -87,7 +87,7 @@ public class SecureContextLoginModuleTests extends TestCase {
|
||||
try {
|
||||
SecurityContextHolder.getContext().setAuthentication(null);
|
||||
module.login();
|
||||
fail("LoginException expected, the authentication is null in the SecureContext");
|
||||
fail("LoginException expected, the authentication is null in the SecurityContext");
|
||||
} catch (Exception e) {
|
||||
}
|
||||
}
|
||||
|
||||
@ -118,7 +118,7 @@ public class RememberMeProcessingFilterTests extends TestCase {
|
||||
|
||||
public void testOperationWhenAuthenticationExistsInContextHolder()
|
||||
throws Exception {
|
||||
// Put an Authentication object into the ContextHolder
|
||||
// Put an Authentication object into the SecurityContextHolder
|
||||
Authentication originalAuth = new TestingAuthenticationToken("user",
|
||||
"password",
|
||||
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_A")});
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user