mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-05-31 09:12:14 +00:00
Security namespaces
This commit is contained in:
Vishal Puri
parent
10bf40fc03
commit
5f42387915
28
sandbox/spring-security-config/.classpath
Normal file
28
sandbox/spring-security-config/.classpath
Normal file
@ -0,0 +1,28 @@
|
||||
<classpath>
|
||||
<classpathentry kind="src" path="src/main/java"/>
|
||||
<classpathentry kind="src" path="src/main/resources"/>
|
||||
<classpathentry kind="src" path="src/test/java" output="target/test-classes"/>
|
||||
<classpathentry kind="src" path="src/test/resources" output="target/test-classes"/>
|
||||
<classpathentry kind="output" path="target/classes"/>
|
||||
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
|
||||
<classpathentry kind="var" path="M2_REPO/commons-lang/commons-lang/2.1/commons-lang-2.1.jar" sourcepath="M2_REPO/commons-lang/commons-lang/2.1/commons-lang-2.1-sources.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-jdbc/2.0.4/spring-jdbc-2.0.4.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/javax/servlet/jsp-api/2.0/jsp-api-2.0.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-context/2.0.4/spring-context-2.0.4.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/junit/junit/3.8.1/junit-3.8.1.jar" sourcepath="M2_REPO/junit/junit/3.8.1/junit-3.8.1-sources.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/commons-codec/commons-codec/1.3/commons-codec-1.3.jar" sourcepath="M2_REPO/commons-codec/commons-codec/1.3/commons-codec-1.3-sources.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-web/2.0.4/spring-web-2.0.4.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-beans/2.0.4/spring-beans-2.0.4.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-core/2.0.4/spring-core-2.0.4.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/acegisecurity/acegi-security/1.1-SNAPSHOT/acegi-security-1.1-SNAPSHOT.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/oro/oro/2.0.8/oro-2.0.8.jar" sourcepath="M2_REPO/oro/oro/2.0.8/oro-2.0.8-sources.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/commons-logging/commons-logging/1.0.4/commons-logging-1.0.4.jar" sourcepath="M2_REPO/commons-logging/commons-logging/1.0.4/commons-logging-1.0.4-sources.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-support/2.0.4/spring-support-2.0.4.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/javax/servlet/servlet-api/2.4/servlet-api-2.4.jar" sourcepath="M2_REPO/javax/servlet/servlet-api/2.4/servlet-api-2.4-sources.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-aop/2.0.4/spring-aop-2.0.4.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/commons-collections/commons-collections/3.1/commons-collections-3.1.jar" sourcepath="M2_REPO/commons-collections/commons-collections/3.1/commons-collections-3.1-sources.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/log4j/log4j/1.2.9/log4j-1.2.9.jar" sourcepath="M2_REPO/log4j/log4j/1.2.9/log4j-1.2.9-sources.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-dao/2.0.4/spring-dao-2.0.4.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/aopalliance/aopalliance/1.0/aopalliance-1.0.jar" sourcepath="M2_REPO/aopalliance/aopalliance/1.0/aopalliance-1.0-sources.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-remoting/2.0.4/spring-remoting-2.0.4.jar"/>
|
||||
</classpath>
|
||||
21
sandbox/spring-security-config/.project
Normal file
21
sandbox/spring-security-config/.project
Normal file
@ -0,0 +1,21 @@
|
||||
<projectDescription>
|
||||
<name>spring-security-config</name>
|
||||
<comment>Acegi Security System for Spring</comment>
|
||||
<projects/>
|
||||
<buildSpec>
|
||||
<buildCommand>
|
||||
<name>org.eclipse.jdt.core.javabuilder</name>
|
||||
<arguments/>
|
||||
</buildCommand>
|
||||
<buildCommand>
|
||||
<name>org.eclipse.wst.validation.validationbuilder</name>
|
||||
<arguments/>
|
||||
</buildCommand>
|
||||
</buildSpec>
|
||||
<natures>
|
||||
<nature>org.eclipse.wst.common.project.facet.core.nature</nature>
|
||||
<nature>org.eclipse.jdt.core.javanature</nature>
|
||||
<nature>org.eclipse.wst.common.modulecore.ModuleCoreNature</nature>
|
||||
<nature>org.eclipse.jem.workbench.JavaEMFNature</nature>
|
||||
</natures>
|
||||
</projectDescription>
|
||||
6
sandbox/spring-security-config/.settings/.component
Normal file
6
sandbox/spring-security-config/.settings/.component
Normal file
@ -0,0 +1,6 @@
|
||||
<project-modules id="moduleCoreId">
|
||||
<wb-module deploy-name="spring-security-config">
|
||||
<wb-resource deploy-path="/" source-path="src/main/java"/>
|
||||
<wb-resource deploy-path="/" source-path="src/main/resources"/>
|
||||
</wb-module>
|
||||
</project-modules>
|
||||
@ -0,0 +1,5 @@
|
||||
#Fri May 25 12:12:42 EST 2007
|
||||
org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5
|
||||
eclipse.preferences.version=1
|
||||
org.eclipse.jdt.core.compiler.source=1.5
|
||||
org.eclipse.jdt.core.compiler.compliance=1.5
|
||||
@ -0,0 +1,6 @@
|
||||
<faceted-project>
|
||||
<fixed facet="jst.java"/>
|
||||
<fixed facet="jst.utility"/>
|
||||
<installed facet="jst.utility" version="1.0"/>
|
||||
<installed facet="jst.java" version="5.0"/>
|
||||
</faceted-project>
|
||||
@ -0,0 +1,239 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.acegisecurity.ui.basicauth;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import javax.servlet.Filter;
|
||||
import javax.servlet.FilterChain;
|
||||
import javax.servlet.FilterConfig;
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.ServletRequest;
|
||||
import javax.servlet.ServletResponse;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.acegisecurity.Authentication;
|
||||
import org.acegisecurity.AuthenticationException;
|
||||
import org.acegisecurity.AuthenticationManager;
|
||||
import org.acegisecurity.context.SecurityContextHolder;
|
||||
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
|
||||
import org.acegisecurity.ui.AuthenticationDetailsSource;
|
||||
import org.acegisecurity.ui.AuthenticationDetailsSourceImpl;
|
||||
import org.acegisecurity.ui.AuthenticationEntryPoint;
|
||||
import org.acegisecurity.ui.rememberme.RememberMeServices;
|
||||
import org.apache.commons.codec.binary.Base64;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
import org.springframework.core.Ordered;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
|
||||
/**
|
||||
* Processes a HTTP request's BASIC authorization headers, putting the result into the
|
||||
* <code>SecurityContextHolder</code>.<p>For a detailed background on what this filter is designed to process,
|
||||
* refer to <A HREF="http://www.faqs.org/rfcs/rfc1945.html">RFC 1945, Section 11.1</A>. Any realm name presented in
|
||||
* the HTTP request is ignored.</p>
|
||||
* <p>In summary, this filter is responsible for processing any request that has a HTTP request header of
|
||||
* <code>Authorization</code> with an authentication scheme of <code>Basic</code> and a Base64-encoded
|
||||
* <code>username:password</code> token. For example, to authenticate user "Aladdin" with password "open sesame" the
|
||||
* following header would be presented:</p>
|
||||
* <p><code>Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==</code>.</p>
|
||||
* <p>This filter can be used to provide BASIC authentication services to both remoting protocol clients (such as
|
||||
* Hessian and SOAP) as well as standard user agents (such as Internet Explorer and Netscape).</p>
|
||||
* <P>If authentication is successful, the resulting {@link Authentication} object will be placed into the
|
||||
* <code>SecurityContextHolder</code>.</p>
|
||||
* <p>If authentication fails and <code>ignoreFailure</code> is <code>false</code> (the default), an {@link
|
||||
* AuthenticationEntryPoint} implementation is called. Usually this should be {@link BasicProcessingFilterEntryPoint},
|
||||
* which will prompt the user to authenticate again via BASIC authentication.</p>
|
||||
* <p>Basic authentication is an attractive protocol because it is simple and widely deployed. However, it still
|
||||
* transmits a password in clear text and as such is undesirable in many situations. Digest authentication is also
|
||||
* provided by Acegi Security and should be used instead of Basic authentication wherever possible. See {@link
|
||||
* org.acegisecurity.ui.digestauth.DigestProcessingFilter}.</p>
|
||||
* <p>Note that if a {@link #rememberMeServices} is set, this filter will automatically send back remember-me
|
||||
* details to the client. Therefore, subsequent requests will not need to present a BASIC authentication header as
|
||||
* they will be authenticated using the remember-me mechanism.</p>
|
||||
* <p><b>Do not use this class directly.</b> Instead configure <code>web.xml</code> to use the {@link
|
||||
* org.acegisecurity.util.FilterToBeanProxy}.</p>
|
||||
*
|
||||
* @author Ben Alex
|
||||
* @version $Id: BasicProcessingFilter.java 1783 2007-02-23 19:21:44Z luke_t $
|
||||
*/
|
||||
public class BasicProcessingFilter implements Filter, InitializingBean, Ordered {
|
||||
//~ Static fields/initializers =====================================================================================
|
||||
|
||||
private static final Log logger = LogFactory.getLog(BasicProcessingFilter.class);
|
||||
|
||||
//~ Instance fields ================================================================================================
|
||||
|
||||
private AuthenticationDetailsSource authenticationDetailsSource = new AuthenticationDetailsSourceImpl();
|
||||
private AuthenticationEntryPoint authenticationEntryPoint;
|
||||
private AuthenticationManager authenticationManager;
|
||||
private RememberMeServices rememberMeServices;
|
||||
private boolean ignoreFailure = false;
|
||||
private int order;
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
public void afterPropertiesSet() throws Exception {
|
||||
Assert.notNull(this.authenticationManager, "An AuthenticationManager is required");
|
||||
Assert.notNull(this.authenticationEntryPoint, "An AuthenticationEntryPoint is required");
|
||||
}
|
||||
|
||||
public void destroy() {}
|
||||
|
||||
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
|
||||
throws IOException, ServletException {
|
||||
|
||||
if (!(request instanceof HttpServletRequest)) {
|
||||
throw new ServletException("Can only process HttpServletRequest");
|
||||
}
|
||||
|
||||
if (!(response instanceof HttpServletResponse)) {
|
||||
throw new ServletException("Can only process HttpServletResponse");
|
||||
}
|
||||
|
||||
HttpServletRequest httpRequest = (HttpServletRequest) request;
|
||||
HttpServletResponse httpResponse = (HttpServletResponse) response;
|
||||
|
||||
String header = httpRequest.getHeader("Authorization");
|
||||
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Authorization header: " + header);
|
||||
}
|
||||
|
||||
if ((header != null) && header.startsWith("Basic ")) {
|
||||
String base64Token = header.substring(6);
|
||||
String token = new String(Base64.decodeBase64(base64Token.getBytes()));
|
||||
|
||||
String username = "";
|
||||
String password = "";
|
||||
int delim = token.indexOf(":");
|
||||
|
||||
if (delim != -1) {
|
||||
username = token.substring(0, delim);
|
||||
password = token.substring(delim + 1);
|
||||
}
|
||||
|
||||
if (authenticationIsRequired(username)) {
|
||||
UsernamePasswordAuthenticationToken authRequest =
|
||||
new UsernamePasswordAuthenticationToken(username, password);
|
||||
authRequest.setDetails(authenticationDetailsSource.buildDetails((HttpServletRequest) request));
|
||||
|
||||
Authentication authResult;
|
||||
|
||||
try {
|
||||
authResult = authenticationManager.authenticate(authRequest);
|
||||
} catch (AuthenticationException failed) {
|
||||
// Authentication failed
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Authentication request for user: " + username + " failed: " + failed.toString());
|
||||
}
|
||||
|
||||
SecurityContextHolder.getContext().setAuthentication(null);
|
||||
|
||||
if (rememberMeServices != null) {
|
||||
rememberMeServices.loginFail(httpRequest, httpResponse);
|
||||
}
|
||||
|
||||
if (ignoreFailure) {
|
||||
chain.doFilter(request, response);
|
||||
} else {
|
||||
authenticationEntryPoint.commence(request, response, failed);
|
||||
}
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
// Authentication success
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Authentication success: " + authResult.toString());
|
||||
}
|
||||
|
||||
SecurityContextHolder.getContext().setAuthentication(authResult);
|
||||
|
||||
if (rememberMeServices != null) {
|
||||
rememberMeServices.loginSuccess(httpRequest, httpResponse, authResult);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
chain.doFilter(request, response);
|
||||
}
|
||||
|
||||
private boolean authenticationIsRequired(String username) {
|
||||
// Only reauthenticate if username doesn't match SecurityContextHolder and user isn't authenticated
|
||||
// (see SEC-53)
|
||||
Authentication existingAuth = SecurityContextHolder.getContext().getAuthentication();
|
||||
|
||||
if(existingAuth == null || !existingAuth.isAuthenticated()) {
|
||||
return true;
|
||||
}
|
||||
|
||||
// Limit username comparison to providers which use usernames (ie UsernamePasswordAuthenticationToken)
|
||||
// (see SEC-348)
|
||||
|
||||
if (existingAuth instanceof UsernamePasswordAuthenticationToken && !existingAuth.getName().equals(username)) {
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
public AuthenticationEntryPoint getAuthenticationEntryPoint() {
|
||||
return authenticationEntryPoint;
|
||||
}
|
||||
|
||||
public AuthenticationManager getAuthenticationManager() {
|
||||
return authenticationManager;
|
||||
}
|
||||
|
||||
public void init(FilterConfig arg0) throws ServletException {}
|
||||
|
||||
public boolean isIgnoreFailure() {
|
||||
return ignoreFailure;
|
||||
}
|
||||
|
||||
public void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource) {
|
||||
Assert.notNull(authenticationDetailsSource, "AuthenticationDetailsSource required");
|
||||
this.authenticationDetailsSource = authenticationDetailsSource;
|
||||
}
|
||||
|
||||
public void setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint) {
|
||||
this.authenticationEntryPoint = authenticationEntryPoint;
|
||||
}
|
||||
|
||||
public void setAuthenticationManager(AuthenticationManager authenticationManager) {
|
||||
this.authenticationManager = authenticationManager;
|
||||
}
|
||||
|
||||
public void setIgnoreFailure(boolean ignoreFailure) {
|
||||
this.ignoreFailure = ignoreFailure;
|
||||
}
|
||||
|
||||
public void setRememberMeServices(RememberMeServices rememberMeServices) {
|
||||
this.rememberMeServices = rememberMeServices;
|
||||
}
|
||||
|
||||
public int getOrder() {
|
||||
return order;
|
||||
}
|
||||
|
||||
public void setOrder(int order) {
|
||||
this.order = order;
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,89 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.acegisecurity.ui.basicauth;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.Map;
|
||||
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.ServletRequest;
|
||||
import javax.servlet.ServletResponse;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.acegisecurity.AuthenticationException;
|
||||
import org.acegisecurity.ui.AuthenticationEntryPoint;
|
||||
import org.acegisecurity.util.OrderedUtils;
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.context.ApplicationContextAware;
|
||||
import org.springframework.core.Ordered;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
|
||||
/**
|
||||
* Used by the <code>SecurityEnforcementFilter</code> to commence authentication via the {@link
|
||||
* BasicProcessingFilter}.<P>Once a user agent is authenticated using BASIC authentication, logout requires that
|
||||
* the browser be closed or an unauthorized (401) header be sent. The simplest way of achieving the latter is to call
|
||||
* the {@link #commence(ServletRequest, ServletResponse, AuthenticationException)} method below. This will indicate to
|
||||
* the browser its credentials are no longer authorized, causing it to prompt the user to login again.</p>
|
||||
*
|
||||
* @author Ben Alex
|
||||
* @version $Id: BasicProcessingFilterEntryPoint.java 1822 2007-05-17 12:20:16Z vishalpuri $
|
||||
*/
|
||||
public class BasicProcessingFilterEntryPoint implements AuthenticationEntryPoint, InitializingBean, Ordered, ApplicationContextAware {
|
||||
//~ Instance fields ================================================================================================
|
||||
|
||||
private static final int DEFAULT_ORDER = Integer.MAX_VALUE;
|
||||
private String realmName;
|
||||
private int order = DEFAULT_ORDER;
|
||||
private ApplicationContext applicationContext;
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
public int getOrder() {
|
||||
return order;
|
||||
}
|
||||
|
||||
public void setOrder(int order) {
|
||||
this.order = order;
|
||||
}
|
||||
|
||||
public void afterPropertiesSet() throws Exception {
|
||||
Assert.hasText(realmName, "realmName must be specified");
|
||||
if (order == DEFAULT_ORDER) {
|
||||
OrderedUtils.copyOrderFromOtherClass(BasicProcessingFilter.class, applicationContext, this, true);
|
||||
}
|
||||
}
|
||||
|
||||
public void commence(ServletRequest request, ServletResponse response, AuthenticationException authException)
|
||||
throws IOException, ServletException {
|
||||
HttpServletResponse httpResponse = (HttpServletResponse) response;
|
||||
httpResponse.addHeader("WWW-Authenticate", "Basic realm=\"" + realmName + "\"");
|
||||
httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, authException.getMessage());
|
||||
}
|
||||
|
||||
public String getRealmName() {
|
||||
return realmName;
|
||||
}
|
||||
|
||||
public void setRealmName(String realmName) {
|
||||
this.realmName = realmName;
|
||||
}
|
||||
|
||||
public void setApplicationContext(ApplicationContext applicationContext) {
|
||||
this.applicationContext = applicationContext;
|
||||
}
|
||||
}
|
||||
5
sandbox/spring-security-config/basicauth/package.html
Normal file
5
sandbox/spring-security-config/basicauth/package.html
Normal file
@ -0,0 +1,5 @@
|
||||
<html>
|
||||
<body>
|
||||
Authenticates HTTP BASIC authentication requests.
|
||||
</body>
|
||||
</html>
|
||||
122
sandbox/spring-security-config/pom.xml
Normal file
122
sandbox/spring-security-config/pom.xml
Normal file
@ -0,0 +1,122 @@
|
||||
<?xml version="1.0"?><project>
|
||||
<parent>
|
||||
<artifactId>acegi-security-sandbox</artifactId>
|
||||
<groupId>org.acegisecurity</groupId>
|
||||
<version>1.0.4-SNAPSHOT</version>
|
||||
</parent>
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<groupId>org.acegisecurity</groupId>
|
||||
<artifactId>spring-security-config</artifactId>
|
||||
<name>spring-security-config</name>
|
||||
<version>1.0-SNAPSHOT</version>
|
||||
<url>http://maven.apache.org</url>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.springframework</groupId>
|
||||
<artifactId>spring-remoting</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework</groupId>
|
||||
<artifactId>spring-jdbc</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework</groupId>
|
||||
<artifactId>spring-support</artifactId>
|
||||
<scope>runtime</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework</groupId>
|
||||
<artifactId>spring-mock</artifactId>
|
||||
<optional>true</optional>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>net.sf.ehcache</groupId>
|
||||
<artifactId>ehcache</artifactId>
|
||||
<version>1.2.4</version>
|
||||
<optional>true</optional>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>cas</groupId>
|
||||
<artifactId>casclient</artifactId>
|
||||
<version>2.0.11</version>
|
||||
<optional>true</optional>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>commons-lang</groupId>
|
||||
<artifactId>commons-lang</artifactId>
|
||||
<version>2.1</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>commons-logging</groupId>
|
||||
<artifactId>commons-logging</artifactId>
|
||||
<version>1.0.4</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>commons-codec</groupId>
|
||||
<artifactId>commons-codec</artifactId>
|
||||
<version>1.3</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>oro</groupId>
|
||||
<artifactId>oro</artifactId>
|
||||
<version>2.0.8</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>commons-collections</groupId>
|
||||
<artifactId>commons-collections</artifactId>
|
||||
<version>3.1</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>aspectj</groupId>
|
||||
<artifactId>aspectjrt</artifactId>
|
||||
<version>1.2</version>
|
||||
<optional>true</optional>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>javax.servlet</groupId>
|
||||
<artifactId>jsp-api</artifactId>
|
||||
<version>2.0</version>
|
||||
<optional>true</optional>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>javax.servlet</groupId>
|
||||
<artifactId>servlet-api</artifactId>
|
||||
<version>2.4</version>
|
||||
<optional>true</optional>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>taglibs</groupId>
|
||||
<artifactId>standard</artifactId>
|
||||
<version>1.0.6</version>
|
||||
<optional>true</optional>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>hsqldb</groupId>
|
||||
<artifactId>hsqldb</artifactId>
|
||||
<version>1.8.0.4</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.apache.directory.server</groupId>
|
||||
<artifactId>apacheds-core</artifactId>
|
||||
<version>1.0.0</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.slf4j</groupId>
|
||||
<artifactId>slf4j-log4j12</artifactId>
|
||||
<version>1.0.1</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>jmock</groupId>
|
||||
<artifactId>jmock</artifactId>
|
||||
<version>1.0.1</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>log4j</groupId>
|
||||
<artifactId>log4j</artifactId>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
</project>
|
||||
@ -0,0 +1,13 @@
|
||||
package org.acegisecurity;
|
||||
|
||||
/**
|
||||
* Hello world!
|
||||
*
|
||||
*/
|
||||
public class App
|
||||
{
|
||||
public static void main( String[] args )
|
||||
{
|
||||
System.out.println( "Hello World!" );
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,50 @@
|
||||
/**
|
||||
*
|
||||
*/
|
||||
package org.acegisecurity.config;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import org.acegisecurity.ui.AccessDeniedHandler;
|
||||
import org.acegisecurity.ui.ExceptionTranslationFilter;
|
||||
import org.springframework.beans.BeansException;
|
||||
import org.springframework.beans.factory.config.BeanFactoryPostProcessor;
|
||||
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
/**
|
||||
* @author vpuri
|
||||
*
|
||||
*/
|
||||
public class AccessDeniedHandlerBeanDefinitionLocator implements BeanFactoryPostProcessor {
|
||||
|
||||
public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) throws BeansException {
|
||||
|
||||
Map m = beanFactory.getBeansOfType(AccessDeniedHandler.class);
|
||||
|
||||
List l = new ArrayList(m.values());
|
||||
|
||||
|
||||
|
||||
if (m.size() > 1) {
|
||||
throw new IllegalArgumentException(
|
||||
"More than one AccessDeniedHandler beans detected please refer to the one using "
|
||||
+ " [ accessDeniedBeanRef ] " + "attribute");
|
||||
}
|
||||
else if (m.size() == 1) {
|
||||
// use this
|
||||
String[] names = beanFactory.getBeanNamesForType(ExceptionTranslationFilter.class);
|
||||
Assert.notEmpty(names, "No bean of type ExceptionTranslationFilter found in ApplicationContext");
|
||||
RootBeanDefinition definition = (RootBeanDefinition) beanFactory.getBeanDefinition(names[0]);
|
||||
Assert.isAssignable(AccessDeniedHandler.class, l.get(0).getClass());
|
||||
definition.getPropertyValues().addPropertyValue("accessDeniedHandler", l.get(0));
|
||||
}
|
||||
else {
|
||||
// use the default one for now
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,80 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.acegisecurity.config;
|
||||
import org.acegisecurity.providers.ProviderManager;
|
||||
import org.springframework.beans.factory.config.RuntimeBeanReference;
|
||||
import org.springframework.beans.factory.support.AbstractBeanDefinition;
|
||||
import org.springframework.beans.factory.support.ManagedList;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.BeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.w3c.dom.Element;
|
||||
import org.w3c.dom.Node;
|
||||
import org.w3c.dom.NodeList;
|
||||
|
||||
/**
|
||||
* * {@link BeanDefinitionParser} for the <code>authentication-mechanism</code> tag,
|
||||
* resolves to {@link org.acegisecurity.providers.ProviderManager} </br>
|
||||
|
||||
* @author vpuri
|
||||
* @see {@link org.springframework.beans.factory.BeanFactory}
|
||||
* @see {@link org.acegisecurity.providers.ProviderManager}
|
||||
*
|
||||
*/
|
||||
public class AuthenticationMechanismBeanDefinitionParser extends AbstractBeanDefinitionParser implements
|
||||
BeanDefinitionParser {
|
||||
// ~ Instance fields
|
||||
// ================================================================================================
|
||||
|
||||
private static final String AUTHENTICATION_JDBC = "authentication-jdbc";
|
||||
|
||||
private static final String REF = "ref";
|
||||
|
||||
// ~ Methods
|
||||
// ========================================================================================================
|
||||
protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
|
||||
|
||||
ManagedList providers = new ManagedList();
|
||||
Assert.notNull(parserContext, "ParserContext must not be null");
|
||||
RootBeanDefinition authMechanismBeanDef = new RootBeanDefinition(ProviderManager.class);
|
||||
NodeList childNodes = element.getChildNodes();
|
||||
|
||||
for (int i = 0, n = childNodes.getLength(); i < n; i++) {
|
||||
Node node = childNodes.item(i);
|
||||
|
||||
if (node.getNodeType() == Node.ELEMENT_NODE) {
|
||||
Element childElement = (Element) node;
|
||||
//this.providerExists = true;
|
||||
|
||||
if (AUTHENTICATION_JDBC.equals(node.getLocalName())) {
|
||||
String attribute = childElement.getAttribute(REF);
|
||||
if (StringUtils.hasLength(attribute)) {
|
||||
// create a beandefinition
|
||||
providers.add(new RuntimeBeanReference(attribute));
|
||||
}
|
||||
|
||||
}
|
||||
// TODO:Add other providers here
|
||||
}
|
||||
authMechanismBeanDef.getPropertyValues().addPropertyValue("providers", providers);
|
||||
|
||||
}
|
||||
return authMechanismBeanDef;
|
||||
}
|
||||
|
||||
}
|
||||
@ -0,0 +1,58 @@
|
||||
/**
|
||||
*
|
||||
*/
|
||||
package org.acegisecurity.config;
|
||||
|
||||
import org.acegisecurity.ui.webapp.AuthenticationProcessingFilter;
|
||||
import org.springframework.beans.factory.support.AbstractBeanDefinition;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.BeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.w3c.dom.Element;
|
||||
|
||||
/**
|
||||
* @author vpuri
|
||||
*
|
||||
*/
|
||||
public class AuthenticationProcessingFilterBeanDefinitionParser extends AbstractBeanDefinitionParser implements
|
||||
BeanDefinitionParser {
|
||||
|
||||
// ~ Instance fields
|
||||
// ================================================================================================
|
||||
|
||||
private static final String AUTHENTICATION_URL = "authenticationUrl";
|
||||
|
||||
private static final String ERROR_FORM_URL = "errorFormUrl";
|
||||
|
||||
private static final String DEFAULT_TARGET_URL = "defaultTargetUrl";
|
||||
|
||||
// ~ Methods
|
||||
// ================================================================================================
|
||||
|
||||
protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
|
||||
|
||||
RootBeanDefinition definition = new RootBeanDefinition(AuthenticationProcessingFilter.class);
|
||||
|
||||
setPropertyIfAvailable(element, AUTHENTICATION_URL, "filterProcessesUrl", definition);
|
||||
setPropertyIfAvailable(element, ERROR_FORM_URL, "authenticationFailureUrl", definition);
|
||||
setPropertyIfAvailable(element, DEFAULT_TARGET_URL, "defaultTargetUrl", definition);
|
||||
|
||||
// register BFPP to re-unite all other collaborators
|
||||
RootBeanDefinition postProcessor = new RootBeanDefinition(
|
||||
AuthenticationProcessingFilterDependenciesConfigurer.class);
|
||||
parserContext.getReaderContext().registerWithGeneratedName(postProcessor);
|
||||
|
||||
return definition;
|
||||
}
|
||||
|
||||
private void setPropertyIfAvailable(Element element, String attribute, String property,
|
||||
RootBeanDefinition definition) {
|
||||
String propertyValue = element.getAttribute(attribute);
|
||||
if (StringUtils.hasText(propertyValue)) {
|
||||
definition.getPropertyValues().addPropertyValue(property, propertyValue);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
@ -0,0 +1,43 @@
|
||||
/**
|
||||
*
|
||||
*/
|
||||
package org.acegisecurity.config;
|
||||
|
||||
import org.acegisecurity.AuthenticationManager;
|
||||
import org.acegisecurity.ui.rememberme.RememberMeServices;
|
||||
import org.acegisecurity.ui.webapp.AuthenticationProcessingFilter;
|
||||
import org.springframework.beans.BeansException;
|
||||
import org.springframework.beans.factory.config.BeanFactoryPostProcessor;
|
||||
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
|
||||
/**
|
||||
* @author vpuri
|
||||
*
|
||||
*/
|
||||
public class AuthenticationProcessingFilterDependenciesConfigurer implements BeanFactoryPostProcessor {
|
||||
|
||||
// ~ Methods
|
||||
// ================================================================================================
|
||||
public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) throws BeansException {
|
||||
|
||||
String [] authenticationProcessingFilter = beanFactory.getBeanNamesForType(AuthenticationProcessingFilter.class);
|
||||
|
||||
RootBeanDefinition def = (RootBeanDefinition)beanFactory.getBeanDefinition(authenticationProcessingFilter[0]);
|
||||
|
||||
String[] remServiceNames = beanFactory.getBeanNamesForType(RememberMeServices.class);
|
||||
|
||||
RootBeanDefinition rememberMeServices = (RootBeanDefinition) beanFactory.getBeanDefinition(remServiceNames[0]);
|
||||
|
||||
if (remServiceNames.length > 0)
|
||||
def.getPropertyValues()
|
||||
.addPropertyValue("rememberMeServices", rememberMeServices);
|
||||
|
||||
String[] authManager = beanFactory.getBeanNamesForType(AuthenticationManager.class);
|
||||
|
||||
RootBeanDefinition authenticationManager = (RootBeanDefinition) beanFactory.getBeanDefinition(authManager[0]);
|
||||
|
||||
if (authManager.length > 0)
|
||||
def.getPropertyValues().addPropertyValue("authenticationManager", authenticationManager);
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,43 @@
|
||||
package org.acegisecurity.config;
|
||||
|
||||
import java.util.Collections;
|
||||
|
||||
import org.acegisecurity.AuthenticationManager;
|
||||
import org.acegisecurity.providers.AuthenticationProvider;
|
||||
import org.springframework.beans.BeansException;
|
||||
import org.springframework.beans.factory.config.BeanFactoryPostProcessor;
|
||||
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
|
||||
import org.springframework.beans.factory.support.ManagedList;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.core.OrderComparator;
|
||||
|
||||
public class AuthenticationProviderOrderResolver implements BeanFactoryPostProcessor {
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) throws BeansException {
|
||||
// retrieve all the AuthenticationProvider instances
|
||||
ManagedList providers = retrieveAllAuthenticationProviders(beanFactory);
|
||||
String[] names = beanFactory.getBeanNamesForType(AuthenticationManager.class);
|
||||
RootBeanDefinition definition = (RootBeanDefinition)beanFactory.getBeanDefinition(names[0]);
|
||||
definition.getPropertyValues().addPropertyValue("providers",providers);
|
||||
}
|
||||
/**
|
||||
*
|
||||
* @param beanFactory
|
||||
* @return
|
||||
*/
|
||||
private ManagedList retrieveAllAuthenticationProviders(ConfigurableListableBeanFactory beanFactory) {
|
||||
String[] m = beanFactory.getBeanNamesForType(AuthenticationProvider.class);
|
||||
ManagedList l = new ManagedList();
|
||||
for(int i=0;i<m.length;i++){
|
||||
RootBeanDefinition def = (RootBeanDefinition)beanFactory.getBeanDefinition(m[i]);
|
||||
l.add(def);
|
||||
}
|
||||
Collections.sort(l, new OrderComparator());
|
||||
return l;
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
@ -0,0 +1,196 @@
|
||||
/**
|
||||
*
|
||||
*/
|
||||
package org.acegisecurity.config;
|
||||
|
||||
import org.acegisecurity.providers.dao.DaoAuthenticationProvider;
|
||||
import org.acegisecurity.providers.dao.salt.ReflectionSaltSource;
|
||||
import org.acegisecurity.providers.dao.salt.SystemWideSaltSource;
|
||||
import org.acegisecurity.providers.encoding.Md5PasswordEncoder;
|
||||
import org.springframework.beans.factory.config.BeanDefinitionHolder;
|
||||
import org.springframework.beans.factory.config.RuntimeBeanReference;
|
||||
import org.springframework.beans.factory.support.AbstractBeanDefinition;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.springframework.util.xml.DomUtils;
|
||||
import org.w3c.dom.Element;
|
||||
import org.w3c.dom.Node;
|
||||
import org.w3c.dom.NodeList;
|
||||
|
||||
/**
|
||||
* @author vpuri
|
||||
*
|
||||
*/
|
||||
public class AuthenticationRepositoryBeanDefinitionParser extends AbstractBeanDefinitionParser {
|
||||
|
||||
// ~ Instance fields
|
||||
// ================================================================================================
|
||||
|
||||
private static final String REPOSITORY_BEAN_REF = "repositoryBeanRef";
|
||||
|
||||
private static final String USER_DETAILS_SERVICE = "userDetailsService";
|
||||
|
||||
private static final String SALT_SOURCE_ELEMENT = "salt-source";
|
||||
|
||||
private static final String SALT_SOURCE_REF = "saltSourceBeanRef";
|
||||
|
||||
private static final String SYSTEM_WIDE_SALT_SOURCE = "system-wide";
|
||||
|
||||
private static final String REFLECTION_SALT_SOURCE = "reflection";
|
||||
|
||||
private static final String PASSWORD_ENCODER_ELEMENT = "password-encoder";
|
||||
|
||||
private static final String PASSWORD_ENCODER_REF = "encoderBeanRef";
|
||||
|
||||
private static final String PASSWORD_ENCODER = "encoder";
|
||||
|
||||
// ~ Method
|
||||
// ================================================================================================
|
||||
/**
|
||||
* TODO: Document Me !!!
|
||||
*/
|
||||
public AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
|
||||
Assert.notNull(parserContext, "ParserContext must not be null");
|
||||
|
||||
RootBeanDefinition repositoryBeanDef = new RootBeanDefinition(DaoAuthenticationProvider.class);
|
||||
|
||||
// check if saltSource is defined
|
||||
Element saltSourceEle = DomUtils.getChildElementByTagName(element, SALT_SOURCE_ELEMENT);
|
||||
setSaltSourceProperty(repositoryBeanDef, saltSourceEle);
|
||||
|
||||
Element passwordEncoderEle = DomUtils.getChildElementByTagName(element, PASSWORD_ENCODER_ELEMENT);
|
||||
setPasswordEncoderProperty(repositoryBeanDef, passwordEncoderEle);
|
||||
|
||||
// if repositoryBeanRef is specified use its referred bean
|
||||
String userDetailsRef = element.getAttribute(REPOSITORY_BEAN_REF);
|
||||
if (StringUtils.hasLength(userDetailsRef)) {
|
||||
repositoryBeanDef.getPropertyValues().addPropertyValue(USER_DETAILS_SERVICE,
|
||||
new RuntimeBeanReference(userDetailsRef));
|
||||
}
|
||||
else {
|
||||
// autodetect userDetailsService from App Context
|
||||
RootBeanDefinition depConfigurer = new RootBeanDefinition(
|
||||
AuthenticationRepositoryDependenciesConfigurer.class);
|
||||
BeanDefinitionHolder holder = new BeanDefinitionHolder(depConfigurer, parserContext.getReaderContext().generateBeanName(depConfigurer));
|
||||
registerBeanDefinition(holder, parserContext.getRegistry());
|
||||
}
|
||||
return repositoryBeanDef;
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @param repositoryBeanDef
|
||||
* @param element
|
||||
*/
|
||||
private void setSaltSourceProperty(RootBeanDefinition repositoryBeanDef, Element element) {
|
||||
if (element != null) {
|
||||
setBeanReferenceOrInnerBeanDefinitions(repositoryBeanDef, element, "saltSource", element
|
||||
.getAttribute(SALT_SOURCE_REF));
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @param repositoryBeanDef
|
||||
* @param element
|
||||
*/
|
||||
private void setPasswordEncoderProperty(RootBeanDefinition repositoryBeanDef, Element element) {
|
||||
if (element != null) {
|
||||
setBeanReferenceOrInnerBeanDefinitions(repositoryBeanDef, element, "passwordEncoder", element
|
||||
.getAttribute(PASSWORD_ENCODER_REF));
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @param repositoryBeanDef
|
||||
* @param element
|
||||
* @param property
|
||||
* @param reference
|
||||
*/
|
||||
private void setBeanReferenceOrInnerBeanDefinitions(RootBeanDefinition repositoryBeanDef, Element element,
|
||||
String property, String reference) {
|
||||
// check for encoderBeanRef attribute
|
||||
if (StringUtils.hasLength(reference)) {
|
||||
repositoryBeanDef.getPropertyValues().addPropertyValue(property, new RuntimeBeanReference(reference));
|
||||
}
|
||||
else {
|
||||
doSetInnerBeanDefinitions(repositoryBeanDef, element, property);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @param repositoryBeanDef
|
||||
* @param element
|
||||
* @param property
|
||||
*/
|
||||
private void doSetInnerBeanDefinitions(RootBeanDefinition repositoryBeanDef, Element element, String property) {
|
||||
NodeList children = element.getChildNodes();
|
||||
for (int i = 0, n = children.getLength(); i < n; i++) {
|
||||
Node node = children.item(i);
|
||||
|
||||
if (node.getNodeType() == Node.ELEMENT_NODE) {
|
||||
Element childElement = (Element) node;
|
||||
RootBeanDefinition innerBeanDefinition = null;
|
||||
|
||||
if (SYSTEM_WIDE_SALT_SOURCE.equals(node.getLocalName())) {
|
||||
innerBeanDefinition = createSystemWideSaltSource(childElement);
|
||||
repositoryBeanDef.getPropertyValues().addPropertyValue(property, innerBeanDefinition);
|
||||
}
|
||||
else if (REFLECTION_SALT_SOURCE.equals(node.getLocalName())) {
|
||||
innerBeanDefinition = createReflectionSaltSource(childElement);
|
||||
repositoryBeanDef.getPropertyValues().addPropertyValue(property, innerBeanDefinition);
|
||||
}
|
||||
if (PASSWORD_ENCODER.equals(node.getLocalName())) {
|
||||
RootBeanDefinition passwordEncoderInnerBeanDefinition = createPasswordEncoder(childElement);
|
||||
repositoryBeanDef.getPropertyValues()
|
||||
.addPropertyValue(property, passwordEncoderInnerBeanDefinition);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @param childElement
|
||||
* @return
|
||||
*/
|
||||
private RootBeanDefinition createPasswordEncoder(Element childElement) {
|
||||
String attributeValue = childElement.getAttribute("method");
|
||||
RootBeanDefinition definition = null;
|
||||
// TODO: add other encoders support
|
||||
if (attributeValue.equals("md5")) {
|
||||
definition = new RootBeanDefinition(Md5PasswordEncoder.class);
|
||||
}
|
||||
return definition;
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @param saltSourceTypeElement
|
||||
* @return
|
||||
*/
|
||||
private RootBeanDefinition createReflectionSaltSource(Element saltSourceTypeElement) {
|
||||
RootBeanDefinition definition = new RootBeanDefinition(ReflectionSaltSource.class);
|
||||
definition.getPropertyValues().addPropertyValue("userPropertyToUse",
|
||||
saltSourceTypeElement.getAttribute("userPropertyToUse"));
|
||||
return definition;
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @param saltSourceTypeElement
|
||||
* @return
|
||||
*/
|
||||
private RootBeanDefinition createSystemWideSaltSource(Element saltSourceTypeElement) {
|
||||
RootBeanDefinition definition = new RootBeanDefinition(SystemWideSaltSource.class);
|
||||
definition.getPropertyValues().addPropertyValue("systemWideSalt",
|
||||
saltSourceTypeElement.getAttribute("systemWideSalt"));
|
||||
return definition;
|
||||
}
|
||||
|
||||
}
|
||||
@ -0,0 +1,36 @@
|
||||
/**
|
||||
*
|
||||
*/
|
||||
package org.acegisecurity.config;
|
||||
|
||||
import org.acegisecurity.providers.dao.DaoAuthenticationProvider;
|
||||
import org.acegisecurity.userdetails.UserDetailsService;
|
||||
import org.springframework.beans.BeansException;
|
||||
import org.springframework.beans.factory.config.BeanFactoryPostProcessor;
|
||||
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
|
||||
import org.springframework.beans.factory.config.RuntimeBeanReference;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
|
||||
/**
|
||||
* @author vpuri
|
||||
*
|
||||
*/
|
||||
public class AuthenticationRepositoryDependenciesConfigurer implements BeanFactoryPostProcessor {
|
||||
|
||||
public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) throws BeansException {
|
||||
String[] userDetailServices = beanFactory.getBeanNamesForType(UserDetailsService.class);
|
||||
|
||||
String[] authenticationProvider = beanFactory.getBeanNamesForType(DaoAuthenticationProvider.class);
|
||||
|
||||
RootBeanDefinition definition = (RootBeanDefinition) beanFactory.getBeanDefinition(authenticationProvider[0]);
|
||||
|
||||
// there should be only one principal-repository defined, pick the first
|
||||
// one
|
||||
if (userDetailServices.length != 0) {
|
||||
definition.getPropertyValues().addPropertyValue("userDetailsService",
|
||||
new RuntimeBeanReference(userDetailServices[0]));
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
@ -0,0 +1,78 @@
|
||||
/**
|
||||
*
|
||||
*/
|
||||
package org.acegisecurity.config;
|
||||
|
||||
import org.acegisecurity.context.HttpSessionContextIntegrationFilter;
|
||||
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
|
||||
import org.springframework.beans.factory.xml.AbstractSingleBeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
import org.springframework.core.Conventions;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.w3c.dom.Attr;
|
||||
import org.w3c.dom.Element;
|
||||
import org.w3c.dom.NamedNodeMap;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author vpuri
|
||||
*
|
||||
*/
|
||||
public class ContextIntegrationBeanDefinitionParser extends AbstractSingleBeanDefinitionParser {
|
||||
|
||||
private static final String HTTP_SESSION_CONTEXT_INTEGRATION = "session-context-integration";
|
||||
|
||||
private static final String SESSION_CREATION = "sessionCreation";
|
||||
|
||||
|
||||
|
||||
private static final String IF_REQUIRED = "ifRequired";
|
||||
|
||||
private static final String ALWAYS = "always";
|
||||
|
||||
private static final String NEVER = "never";
|
||||
|
||||
|
||||
|
||||
protected Class getBeanClass(Element element) {
|
||||
return HttpSessionContextIntegrationFilter.class;
|
||||
}
|
||||
|
||||
|
||||
|
||||
protected void doParse(Element element, ParserContext parserContext, BeanDefinitionBuilder builder) {
|
||||
|
||||
NamedNodeMap attributes = element.getAttributes();
|
||||
|
||||
for (int x = 0; x < attributes.getLength(); x++) {
|
||||
Attr attribute = (Attr) attributes.item(x);
|
||||
String attributeName = attribute.getLocalName();
|
||||
if ( !ID_ATTRIBUTE.equals(attributeName)) {
|
||||
if (attributeName.equals(SESSION_CREATION)) {
|
||||
String sessionCreation = element.getAttribute(SESSION_CREATION);
|
||||
|
||||
if(sessionCreation.equals(IF_REQUIRED)) {
|
||||
builder.addPropertyValue("allowSessionCreation", Boolean.TRUE);
|
||||
}
|
||||
|
||||
if(sessionCreation.equals(ALWAYS)) {
|
||||
builder.addPropertyValue("allowSessionCreation", Boolean.TRUE);
|
||||
}
|
||||
|
||||
if(sessionCreation.equals(NEVER)) {
|
||||
builder.addPropertyValue("allowSessionCreation", Boolean.FALSE);
|
||||
}
|
||||
}
|
||||
else{
|
||||
String propertyName = Conventions.attributeNameToPropertyName(attributeName);
|
||||
Assert.state(StringUtils.hasText(propertyName),
|
||||
"Illegal property name returned from 'extractPropertyName(String)': cannot be null or empty.");
|
||||
builder.addPropertyValue(propertyName, attribute.getValue());
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -0,0 +1,121 @@
|
||||
/**
|
||||
*
|
||||
*/
|
||||
package org.acegisecurity.config;
|
||||
|
||||
import org.acegisecurity.ui.AccessDeniedHandlerImpl;
|
||||
import org.acegisecurity.ui.ExceptionTranslationFilter;
|
||||
import org.springframework.beans.factory.config.RuntimeBeanReference;
|
||||
import org.springframework.beans.factory.support.AbstractBeanDefinition;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.springframework.util.xml.DomUtils;
|
||||
import org.w3c.dom.Element;
|
||||
|
||||
/**
|
||||
* Basically accessDeniedUrl is optional, we if unspecified impl will
|
||||
* auto-detect any AccessDeniedHandler in ctx and use it; alternately if there
|
||||
* are > 1 such handlers, we can nominate the one to use via
|
||||
* accessDeniedBeanRef;
|
||||
*
|
||||
* @author vpuri
|
||||
* @since
|
||||
*/
|
||||
public class ExceptionTranslationFilterBeanDefinitionParser extends AbstractBeanDefinitionParser {
|
||||
|
||||
private static final String ACCESS_DENIED = "access-denied";
|
||||
|
||||
private static final String ACCESS_DENIED_REF = "accessDeniedBeanRef";
|
||||
|
||||
private static final String ACCESS_DENIED_URL = "accessDeniedUrl";
|
||||
|
||||
private static final String ENTRY_POINT = "entry-point";
|
||||
|
||||
private static final String ENTRY_POINT_REF ="entryPointBeanRef";
|
||||
|
||||
protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
|
||||
|
||||
RootBeanDefinition exceptionFilterDef = new RootBeanDefinition(ExceptionTranslationFilter.class);
|
||||
|
||||
// add handler
|
||||
Element accessDeniedElement = DomUtils.getChildElementByTagName(element, ACCESS_DENIED);
|
||||
setAccessDeniedHandlerProperty(parserContext, exceptionFilterDef, accessDeniedElement);
|
||||
|
||||
Element entryPointElement = DomUtils.getChildElementByTagName(element, ENTRY_POINT);
|
||||
setEntryPointProperty(exceptionFilterDef, entryPointElement);
|
||||
|
||||
return exceptionFilterDef;
|
||||
}
|
||||
|
||||
private void setEntryPointProperty(RootBeanDefinition exceptionFilterDef, Element entryPointElement) {
|
||||
if (entryPointElement != null) {
|
||||
setBeanReferenceOrInnerBeanDefinitions(exceptionFilterDef, entryPointElement, "authenticationEntryPoint",
|
||||
entryPointElement.getAttribute(ENTRY_POINT_REF));
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @param parserContext
|
||||
* @param repositoryBeanDef
|
||||
* @param element
|
||||
*/
|
||||
private void setAccessDeniedHandlerProperty(ParserContext parserContext, RootBeanDefinition exceptionFilterDef,
|
||||
Element accessDeniedElement) {
|
||||
if (accessDeniedElement != null) {
|
||||
setBeanReferenceOrInnerBeanDefinitions(exceptionFilterDef, accessDeniedElement, "accessDeniedHandler",
|
||||
accessDeniedElement.getAttribute(ACCESS_DENIED_REF));
|
||||
}
|
||||
else {
|
||||
// register BFPP to check if handler exist in application context,
|
||||
// if > 1 throw error saying ref should be specified as there are
|
||||
// more than one
|
||||
RootBeanDefinition accessDeniedHandlerLocatorBeanDef = new RootBeanDefinition(
|
||||
AccessDeniedHandlerBeanDefinitionLocator.class);
|
||||
parserContext.getReaderContext().registerWithGeneratedName(accessDeniedHandlerLocatorBeanDef);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @param repositoryBeanDef
|
||||
* @param element
|
||||
* @param property
|
||||
* @param reference
|
||||
*/
|
||||
private void setBeanReferenceOrInnerBeanDefinitions(RootBeanDefinition exceptionFilterDef,
|
||||
Element element, String property, String beanRef) {
|
||||
// check for encoderBeanRef attribute
|
||||
if (StringUtils.hasLength(beanRef)) {
|
||||
exceptionFilterDef.getPropertyValues().addPropertyValue(property,
|
||||
new RuntimeBeanReference(beanRef));
|
||||
}
|
||||
else {
|
||||
doSetInnerBeanDefinitions(exceptionFilterDef, element, property);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @param repositoryBeanDef
|
||||
* @param element
|
||||
* @param property
|
||||
*/
|
||||
private void doSetInnerBeanDefinitions(RootBeanDefinition exceptionFilterDef, Element accessDeniedElement,
|
||||
String property) {
|
||||
RootBeanDefinition accessDeniedHandlerBeanDef = new RootBeanDefinition(AccessDeniedHandlerImpl.class);
|
||||
setPropertyIfAvailable(accessDeniedElement, ACCESS_DENIED_URL, "errorPage", accessDeniedHandlerBeanDef);
|
||||
exceptionFilterDef.getPropertyValues().addPropertyValue(property, accessDeniedHandlerBeanDef);
|
||||
|
||||
}
|
||||
|
||||
private void setPropertyIfAvailable(Element element, String attribute, String property,
|
||||
RootBeanDefinition definition) {
|
||||
String propertyValue = element.getAttribute(attribute);
|
||||
if (StringUtils.hasText(propertyValue)) {
|
||||
definition.getPropertyValues().addPropertyValue(property, propertyValue);
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,64 @@
|
||||
/**
|
||||
*
|
||||
*/
|
||||
package org.acegisecurity.config;
|
||||
|
||||
import org.acegisecurity.ui.logout.LogoutFilter;
|
||||
import org.springframework.beans.factory.support.AbstractBeanDefinition;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.w3c.dom.Element;
|
||||
|
||||
/**
|
||||
* @author vpuri
|
||||
* @since
|
||||
*/
|
||||
public class LogoutFilterBeanDefinitionParser extends AbstractBeanDefinitionParser {
|
||||
|
||||
// ~ Instance fields
|
||||
// ================================================================================================
|
||||
private static final String REDIRECT_AFTER_LOGOUT_URL = "redirectAfterLogoutUrl";
|
||||
|
||||
private static final String LOGOUT_URL = "logoutUrl";
|
||||
|
||||
// ~ Methods
|
||||
// ================================================================================================
|
||||
|
||||
protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
|
||||
|
||||
// add the properties
|
||||
RootBeanDefinition definition = new RootBeanDefinition(LogoutFilter.class);
|
||||
setConstructorArgumentIfAvailable(0, element, REDIRECT_AFTER_LOGOUT_URL, "logoutSuccessUrl", definition);
|
||||
|
||||
setPropertyIfAvailable(element, LOGOUT_URL, "filterProcessesUrl", definition);
|
||||
|
||||
// register BFPP to check if LogoutFilter does not have setHandlers
|
||||
// populated, introspect app ctx for LogoutHandlers, using Ordered (if
|
||||
// present, otherwise assume Integer.MAX_VALUE)
|
||||
RootBeanDefinition bfpp = new RootBeanDefinition(LogoutHandlerOrderResolver.class);
|
||||
parserContext.getReaderContext().registerWithGeneratedName(bfpp);
|
||||
|
||||
return definition;
|
||||
}
|
||||
|
||||
private void setConstructorArgumentIfAvailable(int index, Element element, String attribute, String property,
|
||||
RootBeanDefinition definition) {
|
||||
String propertyValue = element.getAttribute(attribute);
|
||||
if (StringUtils.hasText(propertyValue)) {
|
||||
definition.getConstructorArgumentValues().addIndexedArgumentValue(index, propertyValue);
|
||||
}
|
||||
}
|
||||
|
||||
private void setPropertyIfAvailable(Element element, String attribute, String property,
|
||||
RootBeanDefinition definition) {
|
||||
String propertyValue = element.getAttribute(attribute);
|
||||
if (StringUtils.hasText(propertyValue)) {
|
||||
definition.getPropertyValues().addPropertyValue(property, propertyValue);
|
||||
}
|
||||
}
|
||||
|
||||
//
|
||||
|
||||
}
|
||||
@ -0,0 +1,95 @@
|
||||
/**
|
||||
*
|
||||
*/
|
||||
package org.acegisecurity.config;
|
||||
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
|
||||
import org.acegisecurity.ui.logout.LogoutFilter;
|
||||
import org.acegisecurity.ui.logout.LogoutHandler;
|
||||
import org.acegisecurity.ui.logout.SecurityContextLogoutHandler;
|
||||
import org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices;
|
||||
import org.springframework.beans.BeansException;
|
||||
import org.springframework.beans.factory.config.BeanFactoryPostProcessor;
|
||||
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
|
||||
import org.springframework.beans.factory.config.ConstructorArgumentValues.ValueHolder;
|
||||
import org.springframework.beans.factory.support.ManagedList;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.core.OrderComparator;
|
||||
import org.springframework.core.Ordered;
|
||||
|
||||
/**
|
||||
* @author vpuri
|
||||
* @since
|
||||
*/
|
||||
public class LogoutHandlerOrderResolver implements BeanFactoryPostProcessor {
|
||||
|
||||
// ~ Methods
|
||||
// ================================================================================================
|
||||
|
||||
public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) throws BeansException {
|
||||
// If LogoutFilter does not have setHandlers populated, introspect app
|
||||
// ctx for LogoutHandlers, using Ordered (if present, otherwise assume
|
||||
// Integer.MAX_VALUE)
|
||||
String[] names = beanFactory.getBeanNamesForType(LogoutFilter.class);
|
||||
RootBeanDefinition definition = (RootBeanDefinition) beanFactory.getBeanDefinition(names[0]);
|
||||
ValueHolder holder = getHandlersIfConfigured(beanFactory, definition);
|
||||
if (holder == null) {
|
||||
// intropect the appcontext for registerd LogoutHandler
|
||||
List logoutHandlers = retrieveAllLogoutHandlers(beanFactory);
|
||||
definition.getConstructorArgumentValues().addIndexedArgumentValue(1, logoutHandlers);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @param beanFactory
|
||||
* @param definition
|
||||
* @return
|
||||
*/
|
||||
private ValueHolder getHandlersIfConfigured(ConfigurableListableBeanFactory beanFactory,
|
||||
RootBeanDefinition definition) {
|
||||
// there should be only one LogoutFilter
|
||||
return definition.getConstructorArgumentValues().getArgumentValue(1, null);
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @param beanFactory
|
||||
* @return
|
||||
*/
|
||||
private List retrieveAllLogoutHandlers(ConfigurableListableBeanFactory beanFactory) {
|
||||
String[] names = beanFactory.getBeanNamesForType(LogoutHandler.class);
|
||||
ManagedList list = new ManagedList();
|
||||
|
||||
for (int i = 0, n = names.length; i < n; i++) {
|
||||
RootBeanDefinition definition = (RootBeanDefinition) beanFactory.getBeanDefinition(names[i]);
|
||||
|
||||
if (definition.hasBeanClass()) {
|
||||
if (Ordered.class.isAssignableFrom(definition.getBeanClass())) {
|
||||
definition.getPropertyValues().addPropertyValue("order",
|
||||
new Integer(getOrder(definition.getBeanClass())));
|
||||
}
|
||||
else {
|
||||
definition.getPropertyValues().addPropertyValue("order", new Integer(Integer.MAX_VALUE));
|
||||
}
|
||||
}
|
||||
list.add(definition);
|
||||
}
|
||||
Collections.sort(list, new OrderComparator());
|
||||
return list;
|
||||
}
|
||||
|
||||
private int getOrder(Class clazz) {
|
||||
if (clazz.getName().equals(TokenBasedRememberMeServices.class.getName())) {
|
||||
return 100;
|
||||
}
|
||||
if (clazz.getName().equals(SecurityContextLogoutHandler.class.getName())) {
|
||||
return 200;
|
||||
}
|
||||
return Integer.MAX_VALUE;
|
||||
}
|
||||
|
||||
}
|
||||
@ -0,0 +1,235 @@
|
||||
/**
|
||||
*
|
||||
*/
|
||||
package org.acegisecurity.config;
|
||||
|
||||
import java.util.Properties;
|
||||
|
||||
import org.acegisecurity.GrantedAuthorityImpl;
|
||||
import org.acegisecurity.userdetails.User;
|
||||
import org.acegisecurity.userdetails.UserDetails;
|
||||
import org.acegisecurity.userdetails.jdbc.JdbcDaoImpl;
|
||||
import org.acegisecurity.userdetails.memory.InMemoryDaoImpl;
|
||||
import org.acegisecurity.userdetails.memory.UserAttribute;
|
||||
import org.acegisecurity.userdetails.memory.UserMap;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.springframework.beans.factory.config.PropertiesFactoryBean;
|
||||
import org.springframework.beans.factory.config.RuntimeBeanReference;
|
||||
import org.springframework.beans.factory.support.AbstractBeanDefinition;
|
||||
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
|
||||
import org.springframework.beans.factory.support.ManagedList;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.BeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.w3c.dom.Element;
|
||||
import org.w3c.dom.Node;
|
||||
import org.w3c.dom.NodeList;
|
||||
|
||||
/**
|
||||
* @author vpuri
|
||||
*
|
||||
*/
|
||||
public class PrincipalRepositoryBeanDefinitionParser extends AbstractBeanDefinitionParser implements
|
||||
BeanDefinitionParser {
|
||||
|
||||
// ~ Static fields/initializers =====================================================================================
|
||||
|
||||
private static final Log logger = LogFactory.getLog(PrincipalRepositoryBeanDefinitionParser.class);
|
||||
|
||||
// ~ Instance fields
|
||||
// ================================================================================================
|
||||
private static final String JDBC = "jdbc";
|
||||
|
||||
private static final String DATASOURCE_REF = "dataSourceBeanRef";
|
||||
|
||||
private static final String DATASOURCE = "dataSource";
|
||||
|
||||
private static final String JDBCTEMPLATE_REF = "jdbcTemplateBeanRef";
|
||||
|
||||
private static final String JDBCTEMPLATE = "jdbcTemplate";
|
||||
|
||||
private static final String AUTHORITIES_BY_USERNAME_QUERY = "authoritiesByUsernameQuery";
|
||||
|
||||
private static final String ROLE_PREFIX = "rolePrefix";
|
||||
|
||||
private static final String USERNAME_BASED_PRIMARY_KEY = "usernameBasedPrimaryKey";
|
||||
|
||||
private static final String PROPERTIES = "properties";
|
||||
|
||||
private static final String RESOURCE = "resource";
|
||||
|
||||
private static final String USER_PROPERTIES = "userProperties";
|
||||
|
||||
private static final String USER_DEFINITION = "user-definition";
|
||||
|
||||
private static final Object GRANTED_AUTHORITY = "granted-authority";
|
||||
|
||||
private static final String USERNAME = "username";
|
||||
|
||||
private static final String PASSWORD = "password";
|
||||
|
||||
private static final String ENABLED = "enabled";
|
||||
|
||||
private static final String GRANTED_AUTHORITY_REF = "granted-authority-ref";
|
||||
|
||||
private static final String AUTHORITY = "authority";
|
||||
|
||||
private static final String AUTHORITY_BEAN_REF="authorityBeanRef";
|
||||
|
||||
// ~ Method
|
||||
// ================================================================================================
|
||||
/**
|
||||
*
|
||||
*/
|
||||
|
||||
protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
|
||||
NodeList userDetailsServiceChildren = element.getChildNodes();
|
||||
RootBeanDefinition userDetailsServiceDefinition = null;
|
||||
for (int i = 0, n = userDetailsServiceChildren.getLength(); i < n; i++) {
|
||||
Node userDetailsService = userDetailsServiceChildren.item(i);
|
||||
|
||||
if (JDBC.equals(userDetailsService.getLocalName()) && userDetailsService.getNodeType() == Node.ELEMENT_NODE) {
|
||||
Element ele = (Element) userDetailsService;
|
||||
userDetailsServiceDefinition = parseUserDetailsServiceJdbcDefinition(ele);
|
||||
userDetailsServiceDefinition.setSource(parserContext.extractSource(element));
|
||||
parserContext.getReaderContext().registerWithGeneratedName(userDetailsServiceDefinition);
|
||||
}
|
||||
if (PROPERTIES.equals(userDetailsService.getLocalName())
|
||||
&& userDetailsService.getNodeType() == Node.ELEMENT_NODE) {
|
||||
Element ele = (Element) userDetailsService;
|
||||
|
||||
userDetailsServiceDefinition = new RootBeanDefinition(InMemoryDaoImpl.class);
|
||||
userDetailsServiceDefinition.getPropertyValues().addPropertyValue(USER_PROPERTIES,
|
||||
new RuntimeBeanReference(createPropertiesBeanDefinition(ele, parserContext)));
|
||||
userDetailsServiceDefinition.setSource(parserContext.extractSource(element));
|
||||
parserContext.getReaderContext().registerWithGeneratedName(userDetailsServiceDefinition);
|
||||
}
|
||||
if (USER_DEFINITION.equals(userDetailsService.getLocalName())
|
||||
&& userDetailsService.getNodeType() == Node.ELEMENT_NODE) {
|
||||
Element ele = (Element) userDetailsService;
|
||||
|
||||
// create a UserMap which interns uses UserMapEditor
|
||||
userDetailsServiceDefinition = createUserDefinition(ele, parserContext);
|
||||
}
|
||||
}
|
||||
return userDetailsServiceDefinition;
|
||||
}
|
||||
|
||||
private RootBeanDefinition createUserDefinition(Element ele, ParserContext parserContext) {
|
||||
RootBeanDefinition definition = new RootBeanDefinition(InMemoryDaoImpl.class);
|
||||
|
||||
UserAttribute userAttribute = new UserAttribute();
|
||||
UserMap userMap = new UserMap();
|
||||
|
||||
setPassword(ele, userAttribute);
|
||||
setEnabled(ele, userAttribute);
|
||||
setAuthorities(ele, userAttribute);
|
||||
|
||||
UserDetails user = new User(ele.getAttribute(USERNAME), userAttribute.getPassword(), userAttribute.isEnabled(),
|
||||
true, true, true, userAttribute.getAuthorities());
|
||||
userMap.addUser(user);
|
||||
definition.getPropertyValues().addPropertyValue("userMap", userMap);
|
||||
return definition;
|
||||
|
||||
}
|
||||
|
||||
private String createPropertiesBeanDefinition(Element ele, ParserContext parserContext) {
|
||||
// properties element
|
||||
RootBeanDefinition defintion = new RootBeanDefinition(PropertiesFactoryBean.class);
|
||||
String propertyValue = ele.getAttribute(RESOURCE);
|
||||
defintion.getPropertyValues().addPropertyValue("location", propertyValue);
|
||||
defintion.setSource(parserContext.extractSource(ele));
|
||||
return parserContext.getReaderContext().registerWithGeneratedName(defintion);
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @param elementToParse
|
||||
* @return
|
||||
*/
|
||||
private RootBeanDefinition parseUserDetailsServiceJdbcDefinition(Element elementToParse) {
|
||||
// parse attributes
|
||||
RootBeanDefinition definition = new RootBeanDefinition(JdbcDaoImpl.class);
|
||||
setPropertyIfAvailable(elementToParse, DATASOURCE_REF, DATASOURCE, definition);
|
||||
setPropertyIfAvailable(elementToParse, JDBCTEMPLATE_REF, JDBCTEMPLATE, definition);
|
||||
setPropertyIfAvailable(elementToParse, AUTHORITIES_BY_USERNAME_QUERY, AUTHORITIES_BY_USERNAME_QUERY, definition);
|
||||
setPropertyIfAvailable(elementToParse, ROLE_PREFIX, ROLE_PREFIX, definition);
|
||||
setPropertyIfAvailable(elementToParse, USERNAME_BASED_PRIMARY_KEY, USERNAME_BASED_PRIMARY_KEY, definition);
|
||||
return definition;
|
||||
}
|
||||
|
||||
protected void doParseProperties(Element element, ParserContext parserContext, BeanDefinitionBuilder builder) {
|
||||
Properties parsedProps = parserContext.getDelegate().parsePropsElement(element);
|
||||
builder.addPropertyValue(PROPERTIES, parsedProps);
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @param element
|
||||
* @param attribute
|
||||
* @param property
|
||||
* @param definition
|
||||
*/
|
||||
private void setPropertyIfAvailable(Element element, String attribute, String property,
|
||||
RootBeanDefinition definition) {
|
||||
String propertyValue = element.getAttribute(attribute);
|
||||
if (StringUtils.hasText(propertyValue)) {
|
||||
if (propertyValue.equals(DATASOURCE_REF) || propertyValue.equals(JDBCTEMPLATE_REF)) {
|
||||
definition.getPropertyValues().addPropertyValue(property, new RuntimeBeanReference(propertyValue));
|
||||
}
|
||||
else {
|
||||
definition.getPropertyValues().addPropertyValue(property, propertyValue);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
private void setPassword(Element element, UserAttribute userAttribute) {
|
||||
String propertyValue = element.getAttribute(PASSWORD);
|
||||
if (StringUtils.hasText(propertyValue)) {
|
||||
userAttribute.setPassword(propertyValue);
|
||||
}
|
||||
}
|
||||
|
||||
private void setEnabled(Element element, UserAttribute userAttribute) {
|
||||
String propertyValue = element.getAttribute(ENABLED);
|
||||
if (StringUtils.hasText(propertyValue)) {
|
||||
if (propertyValue.equals("true")) {
|
||||
userAttribute.setEnabled(true);
|
||||
}
|
||||
else {
|
||||
userAttribute.setEnabled(false);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
private void setAuthorities(Element ele, UserAttribute userAttribute) {
|
||||
// get authorities
|
||||
NodeList childNodes = ele.getChildNodes();
|
||||
|
||||
ManagedList authorities = new ManagedList();
|
||||
|
||||
for (int i = 0, n = childNodes.getLength(); i < n; i++) {
|
||||
Node authorityNode = childNodes.item(i);
|
||||
|
||||
if (GRANTED_AUTHORITY.equals(authorityNode.getLocalName())
|
||||
&& authorityNode.getNodeType() == Element.ELEMENT_NODE) {
|
||||
Element propertyValue = (Element) authorityNode;
|
||||
authorities.add(new GrantedAuthorityImpl(propertyValue.getAttribute(AUTHORITY)));
|
||||
}
|
||||
|
||||
if (GRANTED_AUTHORITY_REF.equals(authorityNode.getLocalName())
|
||||
&& authorityNode.getNodeType() == Element.ELEMENT_NODE) {
|
||||
Element propertyValue = (Element) authorityNode;
|
||||
String attribute = propertyValue.getAttribute(AUTHORITY_BEAN_REF);
|
||||
if (StringUtils.hasLength(attribute)) {
|
||||
authorities.add(new RuntimeBeanReference(attribute));
|
||||
}
|
||||
}
|
||||
}
|
||||
userAttribute.setAuthorities(authorities);
|
||||
}
|
||||
|
||||
}
|
||||
@ -0,0 +1,35 @@
|
||||
/**
|
||||
*
|
||||
*/
|
||||
package org.acegisecurity.config;
|
||||
|
||||
import org.acegisecurity.ui.rememberme.RememberMeServices;
|
||||
import org.acegisecurity.userdetails.UserDetailsService;
|
||||
import org.springframework.beans.BeansException;
|
||||
import org.springframework.beans.factory.config.BeanFactoryPostProcessor;
|
||||
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
|
||||
import org.springframework.beans.factory.config.RuntimeBeanReference;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
|
||||
/**
|
||||
* @author vpuri
|
||||
*
|
||||
*/
|
||||
public class RemeberMeServicesDependenciesConfigurer implements BeanFactoryPostProcessor {
|
||||
|
||||
public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) throws BeansException {
|
||||
|
||||
String [] userDetailServices = beanFactory.getBeanNamesForType(UserDetailsService.class);
|
||||
|
||||
String [] rememberMeService = beanFactory.getBeanNamesForType(RememberMeServices.class);
|
||||
|
||||
RootBeanDefinition definition=(RootBeanDefinition) beanFactory.getBeanDefinition(rememberMeService[0]);
|
||||
|
||||
// there should be only one principal-repository defined, pick the first one
|
||||
if(userDetailServices.length!=0) {
|
||||
definition.getPropertyValues().addPropertyValue("userDetailsService", new RuntimeBeanReference(userDetailServices[0]));
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
@ -0,0 +1,49 @@
|
||||
/**
|
||||
*
|
||||
*/
|
||||
package org.acegisecurity.config;
|
||||
|
||||
import org.acegisecurity.ui.rememberme.RememberMeProcessingFilter;
|
||||
import org.springframework.beans.factory.config.RuntimeBeanReference;
|
||||
import org.springframework.beans.factory.support.AbstractBeanDefinition;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.w3c.dom.Element;
|
||||
|
||||
/**
|
||||
* @author vpuri
|
||||
*
|
||||
*@since
|
||||
*/
|
||||
public class RememberMeFilterBeanDefinitionParser extends AbstractBeanDefinitionParser {
|
||||
|
||||
private static final String REMEMBER_ME_SERVICES_REF = "rememberMeServicesBeanRef";
|
||||
|
||||
private static final String REMEMBER_ME_SERVICES = "rememberMeServices";
|
||||
|
||||
|
||||
protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
|
||||
Assert.notNull(parserContext, "ParserContext must not be null");
|
||||
|
||||
RootBeanDefinition rememberMeFilterBeanDef = new RootBeanDefinition(RememberMeProcessingFilter.class);
|
||||
|
||||
// detect all the required dependencies and autowire them by type
|
||||
rememberMeFilterBeanDef.setAutowireMode(AbstractBeanDefinition.AUTOWIRE_AUTODETECT);
|
||||
|
||||
// check if rememberMeServicesBeanRef is defined and if it's specified use its referred bean
|
||||
String rememberMeServicesRef = element.getAttribute(REMEMBER_ME_SERVICES_REF);
|
||||
if (StringUtils.hasLength(rememberMeServicesRef)) {
|
||||
rememberMeFilterBeanDef.getPropertyValues().addPropertyValue(REMEMBER_ME_SERVICES,
|
||||
new RuntimeBeanReference(rememberMeServicesRef));
|
||||
}
|
||||
return rememberMeFilterBeanDef;
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
}
|
||||
@ -0,0 +1,62 @@
|
||||
/**
|
||||
*
|
||||
*/
|
||||
package org.acegisecurity.config;
|
||||
|
||||
import org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices;
|
||||
import org.springframework.beans.factory.config.RuntimeBeanReference;
|
||||
import org.springframework.beans.factory.support.AbstractBeanDefinition;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.BeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.w3c.dom.Element;
|
||||
|
||||
/**
|
||||
* @author vpuri
|
||||
*
|
||||
*/
|
||||
public class RememberMeServicesBeanDefinitionParser extends AbstractBeanDefinitionParser implements
|
||||
BeanDefinitionParser {
|
||||
|
||||
private static final String PRINCIPAL_REPOSITORY_BEAN_REF = "principalRepositoryBeanRef";
|
||||
|
||||
private static final String USER_DETAILS_SERVICE_PROPERTY = "userDetailsService";
|
||||
|
||||
/*
|
||||
* key is optional; if unspecified, pick a rnd int and use for all unspecified key properties for acegi beans
|
||||
*/
|
||||
private static final String KEY = "key";
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
|
||||
Assert.notNull(parserContext, "ParserContext must not be null");
|
||||
|
||||
RootBeanDefinition rememberMeServicesBeanDef = new RootBeanDefinition(TokenBasedRememberMeServices.class);
|
||||
|
||||
String keyValue = element.getAttribute(KEY);
|
||||
if (StringUtils.hasLength(keyValue)) {
|
||||
rememberMeServicesBeanDef.getPropertyValues().addPropertyValue(KEY,keyValue);
|
||||
} else {
|
||||
// pick a rnd int
|
||||
}
|
||||
|
||||
// check if rememberMeServicesBeanRef is defined and if it's specified use its referred bean
|
||||
String rememberMeServicesRef = element.getAttribute(PRINCIPAL_REPOSITORY_BEAN_REF);
|
||||
if (StringUtils.hasLength(rememberMeServicesRef)) {
|
||||
rememberMeServicesBeanDef.getPropertyValues().addPropertyValue(USER_DETAILS_SERVICE_PROPERTY,
|
||||
new RuntimeBeanReference(rememberMeServicesRef));
|
||||
}
|
||||
else {
|
||||
// register a bean definition parse
|
||||
RootBeanDefinition configurer = new RootBeanDefinition(RemeberMeServicesDependenciesConfigurer.class);
|
||||
parserContext.getReaderContext().registerWithGeneratedName(configurer);
|
||||
}
|
||||
return rememberMeServicesBeanDef;
|
||||
}
|
||||
|
||||
}
|
||||
@ -0,0 +1,33 @@
|
||||
/**
|
||||
*
|
||||
*/
|
||||
package org.acegisecurity.config;
|
||||
|
||||
import org.springframework.beans.factory.xml.BeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.NamespaceHandlerSupport;
|
||||
|
||||
/**
|
||||
* {@link org.springframework.beans.factory.xml.NamespaceHandler} for the '<code>security</code>' namespace.
|
||||
* @author vpuri
|
||||
*
|
||||
* @since
|
||||
*/
|
||||
public class SecurityNamespaceHandler extends NamespaceHandlerSupport {
|
||||
|
||||
/**
|
||||
* Register the {@link BeanDefinitionParser BeanDefinitionParsers} for the
|
||||
* '<code>context-integration</code>', ' and '<code></code>' elements.
|
||||
*/
|
||||
public void init() {
|
||||
registerBeanDefinitionParser("principal-repository", new PrincipalRepositoryBeanDefinitionParser());
|
||||
registerBeanDefinitionParser("session-context-integration", new ContextIntegrationBeanDefinitionParser());
|
||||
registerBeanDefinitionParser("authentication-repository", new AuthenticationRepositoryBeanDefinitionParser());
|
||||
registerBeanDefinitionParser("authentication-mechanism", new AuthenticationMechanismBeanDefinitionParser());
|
||||
registerBeanDefinitionParser("authentication-remember-me-services", new RememberMeServicesBeanDefinitionParser());
|
||||
registerBeanDefinitionParser("authentication-remember-me-filter", new RememberMeFilterBeanDefinitionParser());
|
||||
registerBeanDefinitionParser("logout-support", new LogoutFilterBeanDefinitionParser());
|
||||
registerBeanDefinitionParser("exception-translation", new ExceptionTranslationFilterBeanDefinitionParser());
|
||||
registerBeanDefinitionParser("authentication-form", new AuthenticationProcessingFilterBeanDefinitionParser());
|
||||
}
|
||||
|
||||
}
|
||||
@ -0,0 +1,239 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.acegisecurity.ui.basicauth;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import javax.servlet.Filter;
|
||||
import javax.servlet.FilterChain;
|
||||
import javax.servlet.FilterConfig;
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.ServletRequest;
|
||||
import javax.servlet.ServletResponse;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.acegisecurity.Authentication;
|
||||
import org.acegisecurity.AuthenticationException;
|
||||
import org.acegisecurity.AuthenticationManager;
|
||||
import org.acegisecurity.context.SecurityContextHolder;
|
||||
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
|
||||
import org.acegisecurity.ui.AuthenticationDetailsSource;
|
||||
import org.acegisecurity.ui.AuthenticationDetailsSourceImpl;
|
||||
import org.acegisecurity.ui.AuthenticationEntryPoint;
|
||||
import org.acegisecurity.ui.rememberme.RememberMeServices;
|
||||
import org.apache.commons.codec.binary.Base64;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
import org.springframework.core.Ordered;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
|
||||
/**
|
||||
* Processes a HTTP request's BASIC authorization headers, putting the result into the
|
||||
* <code>SecurityContextHolder</code>.<p>For a detailed background on what this filter is designed to process,
|
||||
* refer to <A HREF="http://www.faqs.org/rfcs/rfc1945.html">RFC 1945, Section 11.1</A>. Any realm name presented in
|
||||
* the HTTP request is ignored.</p>
|
||||
* <p>In summary, this filter is responsible for processing any request that has a HTTP request header of
|
||||
* <code>Authorization</code> with an authentication scheme of <code>Basic</code> and a Base64-encoded
|
||||
* <code>username:password</code> token. For example, to authenticate user "Aladdin" with password "open sesame" the
|
||||
* following header would be presented:</p>
|
||||
* <p><code>Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==</code>.</p>
|
||||
* <p>This filter can be used to provide BASIC authentication services to both remoting protocol clients (such as
|
||||
* Hessian and SOAP) as well as standard user agents (such as Internet Explorer and Netscape).</p>
|
||||
* <P>If authentication is successful, the resulting {@link Authentication} object will be placed into the
|
||||
* <code>SecurityContextHolder</code>.</p>
|
||||
* <p>If authentication fails and <code>ignoreFailure</code> is <code>false</code> (the default), an {@link
|
||||
* AuthenticationEntryPoint} implementation is called. Usually this should be {@link BasicProcessingFilterEntryPoint},
|
||||
* which will prompt the user to authenticate again via BASIC authentication.</p>
|
||||
* <p>Basic authentication is an attractive protocol because it is simple and widely deployed. However, it still
|
||||
* transmits a password in clear text and as such is undesirable in many situations. Digest authentication is also
|
||||
* provided by Acegi Security and should be used instead of Basic authentication wherever possible. See {@link
|
||||
* org.acegisecurity.ui.digestauth.DigestProcessingFilter}.</p>
|
||||
* <p>Note that if a {@link #rememberMeServices} is set, this filter will automatically send back remember-me
|
||||
* details to the client. Therefore, subsequent requests will not need to present a BASIC authentication header as
|
||||
* they will be authenticated using the remember-me mechanism.</p>
|
||||
* <p><b>Do not use this class directly.</b> Instead configure <code>web.xml</code> to use the {@link
|
||||
* org.acegisecurity.util.FilterToBeanProxy}.</p>
|
||||
*
|
||||
* @author Ben Alex
|
||||
* @version $Id: BasicProcessingFilter.java 1783 2007-02-23 19:21:44Z luke_t $
|
||||
*/
|
||||
public class BasicProcessingFilter implements Filter, InitializingBean, Ordered {
|
||||
//~ Static fields/initializers =====================================================================================
|
||||
|
||||
private static final Log logger = LogFactory.getLog(BasicProcessingFilter.class);
|
||||
|
||||
//~ Instance fields ================================================================================================
|
||||
|
||||
private AuthenticationDetailsSource authenticationDetailsSource = new AuthenticationDetailsSourceImpl();
|
||||
private AuthenticationEntryPoint authenticationEntryPoint;
|
||||
private AuthenticationManager authenticationManager;
|
||||
private RememberMeServices rememberMeServices;
|
||||
private boolean ignoreFailure = false;
|
||||
private int order;
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
public void afterPropertiesSet() throws Exception {
|
||||
Assert.notNull(this.authenticationManager, "An AuthenticationManager is required");
|
||||
Assert.notNull(this.authenticationEntryPoint, "An AuthenticationEntryPoint is required");
|
||||
}
|
||||
|
||||
public void destroy() {}
|
||||
|
||||
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
|
||||
throws IOException, ServletException {
|
||||
|
||||
if (!(request instanceof HttpServletRequest)) {
|
||||
throw new ServletException("Can only process HttpServletRequest");
|
||||
}
|
||||
|
||||
if (!(response instanceof HttpServletResponse)) {
|
||||
throw new ServletException("Can only process HttpServletResponse");
|
||||
}
|
||||
|
||||
HttpServletRequest httpRequest = (HttpServletRequest) request;
|
||||
HttpServletResponse httpResponse = (HttpServletResponse) response;
|
||||
|
||||
String header = httpRequest.getHeader("Authorization");
|
||||
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Authorization header: " + header);
|
||||
}
|
||||
|
||||
if ((header != null) && header.startsWith("Basic ")) {
|
||||
String base64Token = header.substring(6);
|
||||
String token = new String(Base64.decodeBase64(base64Token.getBytes()));
|
||||
|
||||
String username = "";
|
||||
String password = "";
|
||||
int delim = token.indexOf(":");
|
||||
|
||||
if (delim != -1) {
|
||||
username = token.substring(0, delim);
|
||||
password = token.substring(delim + 1);
|
||||
}
|
||||
|
||||
if (authenticationIsRequired(username)) {
|
||||
UsernamePasswordAuthenticationToken authRequest =
|
||||
new UsernamePasswordAuthenticationToken(username, password);
|
||||
authRequest.setDetails(authenticationDetailsSource.buildDetails((HttpServletRequest) request));
|
||||
|
||||
Authentication authResult;
|
||||
|
||||
try {
|
||||
authResult = authenticationManager.authenticate(authRequest);
|
||||
} catch (AuthenticationException failed) {
|
||||
// Authentication failed
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Authentication request for user: " + username + " failed: " + failed.toString());
|
||||
}
|
||||
|
||||
SecurityContextHolder.getContext().setAuthentication(null);
|
||||
|
||||
if (rememberMeServices != null) {
|
||||
rememberMeServices.loginFail(httpRequest, httpResponse);
|
||||
}
|
||||
|
||||
if (ignoreFailure) {
|
||||
chain.doFilter(request, response);
|
||||
} else {
|
||||
authenticationEntryPoint.commence(request, response, failed);
|
||||
}
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
// Authentication success
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Authentication success: " + authResult.toString());
|
||||
}
|
||||
|
||||
SecurityContextHolder.getContext().setAuthentication(authResult);
|
||||
|
||||
if (rememberMeServices != null) {
|
||||
rememberMeServices.loginSuccess(httpRequest, httpResponse, authResult);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
chain.doFilter(request, response);
|
||||
}
|
||||
|
||||
private boolean authenticationIsRequired(String username) {
|
||||
// Only reauthenticate if username doesn't match SecurityContextHolder and user isn't authenticated
|
||||
// (see SEC-53)
|
||||
Authentication existingAuth = SecurityContextHolder.getContext().getAuthentication();
|
||||
|
||||
if(existingAuth == null || !existingAuth.isAuthenticated()) {
|
||||
return true;
|
||||
}
|
||||
|
||||
// Limit username comparison to providers which use usernames (ie UsernamePasswordAuthenticationToken)
|
||||
// (see SEC-348)
|
||||
|
||||
if (existingAuth instanceof UsernamePasswordAuthenticationToken && !existingAuth.getName().equals(username)) {
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
public AuthenticationEntryPoint getAuthenticationEntryPoint() {
|
||||
return authenticationEntryPoint;
|
||||
}
|
||||
|
||||
public AuthenticationManager getAuthenticationManager() {
|
||||
return authenticationManager;
|
||||
}
|
||||
|
||||
public void init(FilterConfig arg0) throws ServletException {}
|
||||
|
||||
public boolean isIgnoreFailure() {
|
||||
return ignoreFailure;
|
||||
}
|
||||
|
||||
public void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource) {
|
||||
Assert.notNull(authenticationDetailsSource, "AuthenticationDetailsSource required");
|
||||
this.authenticationDetailsSource = authenticationDetailsSource;
|
||||
}
|
||||
|
||||
public void setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint) {
|
||||
this.authenticationEntryPoint = authenticationEntryPoint;
|
||||
}
|
||||
|
||||
public void setAuthenticationManager(AuthenticationManager authenticationManager) {
|
||||
this.authenticationManager = authenticationManager;
|
||||
}
|
||||
|
||||
public void setIgnoreFailure(boolean ignoreFailure) {
|
||||
this.ignoreFailure = ignoreFailure;
|
||||
}
|
||||
|
||||
public void setRememberMeServices(RememberMeServices rememberMeServices) {
|
||||
this.rememberMeServices = rememberMeServices;
|
||||
}
|
||||
|
||||
public int getOrder() {
|
||||
return order;
|
||||
}
|
||||
|
||||
public void setOrder(int order) {
|
||||
this.order = order;
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,89 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.acegisecurity.ui.basicauth;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.Map;
|
||||
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.ServletRequest;
|
||||
import javax.servlet.ServletResponse;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.acegisecurity.AuthenticationException;
|
||||
import org.acegisecurity.ui.AuthenticationEntryPoint;
|
||||
import org.acegisecurity.util.OrderedUtils;
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.context.ApplicationContextAware;
|
||||
import org.springframework.core.Ordered;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
|
||||
/**
|
||||
* Used by the <code>SecurityEnforcementFilter</code> to commence authentication via the {@link
|
||||
* BasicProcessingFilter}.<P>Once a user agent is authenticated using BASIC authentication, logout requires that
|
||||
* the browser be closed or an unauthorized (401) header be sent. The simplest way of achieving the latter is to call
|
||||
* the {@link #commence(ServletRequest, ServletResponse, AuthenticationException)} method below. This will indicate to
|
||||
* the browser its credentials are no longer authorized, causing it to prompt the user to login again.</p>
|
||||
*
|
||||
* @author Ben Alex
|
||||
* @version $Id: BasicProcessingFilterEntryPoint.java 1822 2007-05-17 12:20:16Z vishalpuri $
|
||||
*/
|
||||
public class BasicProcessingFilterEntryPoint implements AuthenticationEntryPoint, InitializingBean, Ordered, ApplicationContextAware {
|
||||
//~ Instance fields ================================================================================================
|
||||
|
||||
private static final int DEFAULT_ORDER = Integer.MAX_VALUE;
|
||||
private String realmName;
|
||||
private int order = DEFAULT_ORDER;
|
||||
private ApplicationContext applicationContext;
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
public int getOrder() {
|
||||
return order;
|
||||
}
|
||||
|
||||
public void setOrder(int order) {
|
||||
this.order = order;
|
||||
}
|
||||
|
||||
public void afterPropertiesSet() throws Exception {
|
||||
Assert.hasText(realmName, "realmName must be specified");
|
||||
if (order == DEFAULT_ORDER) {
|
||||
OrderedUtils.copyOrderFromOtherClass(BasicProcessingFilter.class, applicationContext, this, true);
|
||||
}
|
||||
}
|
||||
|
||||
public void commence(ServletRequest request, ServletResponse response, AuthenticationException authException)
|
||||
throws IOException, ServletException {
|
||||
HttpServletResponse httpResponse = (HttpServletResponse) response;
|
||||
httpResponse.addHeader("WWW-Authenticate", "Basic realm=\"" + realmName + "\"");
|
||||
httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, authException.getMessage());
|
||||
}
|
||||
|
||||
public String getRealmName() {
|
||||
return realmName;
|
||||
}
|
||||
|
||||
public void setRealmName(String realmName) {
|
||||
this.realmName = realmName;
|
||||
}
|
||||
|
||||
public void setApplicationContext(ApplicationContext applicationContext) {
|
||||
this.applicationContext = applicationContext;
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,5 @@
|
||||
<html>
|
||||
<body>
|
||||
Authenticates HTTP BASIC authentication requests.
|
||||
</body>
|
||||
</html>
|
||||
@ -0,0 +1,65 @@
|
||||
package org.acegisecurity.util;
|
||||
|
||||
import java.lang.reflect.Method;
|
||||
import java.util.Map;
|
||||
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.core.Ordered;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.util.ReflectionUtils;
|
||||
|
||||
/**
|
||||
* Proivdes common logic for manipulating classes implementing the Spring
|
||||
* {@link Ordered} interface.
|
||||
*
|
||||
* @author Ben Alex
|
||||
*/
|
||||
public abstract class OrderedUtils {
|
||||
/**
|
||||
* Introspects the application context for a single instance of <code>sourceClass</code>. If found, the order from the source
|
||||
* class instance is copied into the <code>destinationObject</code>. If more than one instance of <code>sourceClass</code>
|
||||
* is found, the method throws <code>IllegalStateException</code>.
|
||||
*
|
||||
* <p>The <code>destinationObject</code> is required to provide a public <code>setOrder(int)</code> method to permit
|
||||
* mutation of the order property.
|
||||
*
|
||||
* @param sourceClass to locate in the application context (must be assignable to Ordered)
|
||||
* @param applicationContext to locate the class
|
||||
* @param destinationObject to copy the order into (must provide public setOrder(int) method)
|
||||
* @param skipIfMoreThanOneCandidateSourceClassInstance if the application context provides more than one potential source, skip modifications (if false, the first located matching source will be used)
|
||||
* @return whether or not the destination class was updated
|
||||
*/
|
||||
public static boolean copyOrderFromOtherClass(Class sourceClass, ApplicationContext applicationContext, Object destinationObject, boolean skipIfMoreThanOneCandidateSourceClassInstance) {
|
||||
Assert.notNull(sourceClass, "Source class required");
|
||||
Assert.notNull(applicationContext, "ApplicationContext required");
|
||||
Assert.notNull(destinationObject, "Destination object required");
|
||||
Assert.isAssignable(Ordered.class, sourceClass, "Source class " + sourceClass + " must be assignable to Ordered");
|
||||
Map map = applicationContext.getBeansOfType(sourceClass);
|
||||
if (map.size() == 0) {
|
||||
return false;
|
||||
} else if (map.size() > 1 && skipIfMoreThanOneCandidateSourceClassInstance) {
|
||||
return false;
|
||||
} else {
|
||||
copyOrderFromOtherObject((Ordered)map.values().iterator().next(), destinationObject);
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Copies the order property from the <code>sourceObject</code> into the <code>destinationObject</code>.
|
||||
*
|
||||
* <p>The <code>destinationObject</code> is required to provide a public <code>setOrder(int)</code> method to permit
|
||||
* mutation of the order property.
|
||||
*
|
||||
* @param sourceObject to copy the order from
|
||||
* @param destinationObject to copy the order into (must provide public setOrder(int) method)
|
||||
*/
|
||||
public static void copyOrderFromOtherObject(Ordered sourceObject, Object destinationObject) {
|
||||
Assert.notNull(sourceObject, "Source object required");
|
||||
Assert.notNull(destinationObject, "Destination object required");
|
||||
Method m = ReflectionUtils.findMethod(destinationObject.getClass(), "setOrder", new Class[] {int.class});
|
||||
Assert.notNull(m, "Method setOrder(int) not found on " + destinationObject.getClass());
|
||||
ReflectionUtils.invokeMethod(m, destinationObject, new Object[] {new Integer(sourceObject.getOrder())});
|
||||
}
|
||||
|
||||
}
|
||||
@ -0,0 +1,5 @@
|
||||
<html>
|
||||
<body>
|
||||
General utility classes used throughout the Acegi Security System.
|
||||
</body>
|
||||
</html>
|
||||
@ -0,0 +1,478 @@
|
||||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||
|
||||
<xsd:schema xmlns="http://www.springframework.org/schema/security"
|
||||
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
|
||||
targetNamespace="http://www.springframework.org/schema/security"
|
||||
xmlns:util="http://www.springframework.org/schema/util"
|
||||
elementFormDefault="qualified" attributeFormDefault="unqualified">
|
||||
|
||||
<xsd:import namespace="http://www.springframework.org/schema/util" />
|
||||
|
||||
<xsd:element name="session-context-integration">
|
||||
<xsd:complexType>
|
||||
<xsd:attribute name="id" type="xsd:ID">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
<![CDATA[
|
||||
The unique identifier for a bean.
|
||||
]]>
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:attribute>
|
||||
|
||||
<xsd:attribute name="sessionCreation"
|
||||
default="ifRequired">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
<![CDATA[
|
||||
Indicates if this filter can create a HttpSession if
|
||||
needed (sessions are always created sparingly, but setting this value to
|
||||
false will prohibit sessions from ever being created).
|
||||
Defaults to true. Do not set to false if
|
||||
you have set forceEagerSessionCreation to true ,
|
||||
as the properties would be in conflict.
|
||||
]]>
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
<xsd:simpleType>
|
||||
<xsd:restriction base="xsd:string">
|
||||
<xsd:enumeration value="ifRequired" />
|
||||
<xsd:enumeration value="never" />
|
||||
<xsd:enumeration value="always" />
|
||||
</xsd:restriction>
|
||||
</xsd:simpleType>
|
||||
</xsd:attribute>
|
||||
|
||||
<xsd:attribute name="forceEagerSessionCreation"
|
||||
default="false" type="defaultable-boolean" use="optional">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
<![CDATA[
|
||||
Indicates if this filter is required to create a 'HttpSession'
|
||||
for every request before proceeding through the filter chain, even if the
|
||||
'HttpSession' would not ordinarily have been created. By
|
||||
default this is 'false', which is entirely appropriate for
|
||||
most circumstances as you do not want a 'HttpSession'
|
||||
created unless the filter actually needs one. It is envisaged the main
|
||||
situation in which this property would be set to 'true' is
|
||||
if using other filters that depend on a 'HttpSession'
|
||||
already existing, such as those which need to obtain a session ID. This
|
||||
is only required in specialised cases, so leave it set to
|
||||
'false' unless you have an actual requirement and are
|
||||
conscious of the session creation overhead.
|
||||
]]>
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:attribute>
|
||||
<xsd:attribute name="cloneFromHttpSession" default="false"
|
||||
type="defaultable-boolean" use="optional">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
<![CDATA[
|
||||
Indicates whether the <code>SecurityContext</code> will be cloned from
|
||||
the HttpSession. The default is to simply reference (ie
|
||||
the default is 'false'. The default may cause issues if
|
||||
concurrent threads need to have a different security identity from other
|
||||
threads being concurrently processed that share the same
|
||||
<code>HttpSession</code>. In most normal environments this does not
|
||||
represent an issue, as changes to the security identity in one thread is
|
||||
allowed to affect the security identitiy in other threads associated with
|
||||
the same 'HttpSession'.
|
||||
]]>
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:attribute>
|
||||
</xsd:complexType>
|
||||
</xsd:element>
|
||||
|
||||
<xsd:element name="authentication-remember-me-filter"
|
||||
type="RememberMeFilter">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation source="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter">
|
||||
<![CDATA[
|
||||
makes the filter, but does little else, as it auto-detects everything
|
||||
]]>
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:element>
|
||||
|
||||
<xsd:complexType name="RememberMeFilter">
|
||||
<xsd:attribute name="id" type="xsd:ID">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
<![CDATA[
|
||||
The unique identifier for a bean.
|
||||
]]>
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:attribute>
|
||||
<xsd:attribute name="rememberMeServicesBeanRef"
|
||||
type="xsd:string" use="optional" />
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:element name="authentication-remember-me-services"
|
||||
type="RememberMeServices" />
|
||||
|
||||
<xsd:complexType name="RememberMeServices">
|
||||
<xsd:attribute name="id" type="xsd:ID">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
<![CDATA[
|
||||
The unique identifier for a bean.
|
||||
]]>
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:attribute>
|
||||
<xsd:attribute name="key" type="xsd:string" use="optional" />
|
||||
<xsd:attribute name="principalRepositoryBeanRef"
|
||||
type="xsd:string" use="optional" />
|
||||
</xsd:complexType>
|
||||
|
||||
<!-- Logout Filter -->
|
||||
<xsd:element name="logout-support">
|
||||
<xsd:complexType>
|
||||
<!-- Write other attributes -->
|
||||
<xsd:attribute name="id" type="xsd:ID">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
<![CDATA[
|
||||
The unique identifier for a bean.
|
||||
]]>
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:attribute>
|
||||
<xsd:attribute name="redirectAfterLogoutUrl"
|
||||
type="xsd:string" default="/" />
|
||||
<xsd:attribute name="logoutUrl" type="xsd:string"
|
||||
default="/logout" />
|
||||
<xsd:anyAttribute namespace="##other" processContents="lax" />
|
||||
</xsd:complexType>
|
||||
</xsd:element>
|
||||
|
||||
|
||||
<!-- Exception Translation Filter -->
|
||||
<xsd:element name="exception-translation"
|
||||
type="ExceptionTranslation" />
|
||||
|
||||
<xsd:complexType name="ExceptionTranslation">
|
||||
<xsd:all>
|
||||
<xsd:element ref="entry-point" maxOccurs="1" />
|
||||
<xsd:element ref="access-denied" maxOccurs="1"
|
||||
minOccurs="0" />
|
||||
</xsd:all>
|
||||
<xsd:attribute name="id" type="xsd:ID">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
<![CDATA[
|
||||
The unique identifier for a bean.
|
||||
]]>
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:attribute>
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:element name="entry-point">
|
||||
<xsd:complexType>
|
||||
<xsd:attribute name="entryPointBeanRef" type="xsd:string" />
|
||||
</xsd:complexType>
|
||||
</xsd:element>
|
||||
|
||||
<xsd:element name="access-denied">
|
||||
<xsd:complexType>
|
||||
<xsd:attribute name="accessDeniedUrl" type="xsd:string"
|
||||
use="optional" />
|
||||
<xsd:attribute name="accessDeniedBeanRef" type="xsd:string"
|
||||
use="optional" />
|
||||
</xsd:complexType>
|
||||
</xsd:element>
|
||||
|
||||
<!-- AuthenticationProcessigFilter -->
|
||||
<xsd:element name="authentication-form"
|
||||
type="AuthenticationProcessingFilter" />
|
||||
|
||||
<xsd:complexType name="AuthenticationProcessingFilter">
|
||||
<xsd:attribute name="id" type="xsd:ID">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
<![CDATA[
|
||||
The unique identifier for a bean.
|
||||
]]>
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:attribute>
|
||||
<xsd:attribute name="authenticationUrl" type="xsd:string"
|
||||
use="required">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
<![CDATA[
|
||||
The URL destination that this filter intercepts and processes (usually something like
|
||||
/login)
|
||||
]]>
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:attribute>
|
||||
<xsd:attribute name="defaultTargetUrl" type="xsd:string"
|
||||
use="required">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
<![CDATA[
|
||||
Where to redirect the browser to if authentication is successful but ACEGI_SAVED_REQUEST_KEY is
|
||||
null
|
||||
]]>
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:attribute>
|
||||
<xsd:attribute name="errorFormUrl" type="xsd:string"
|
||||
use="required">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
<![CDATA[
|
||||
Where to redirect the browser to if authentication fails.
|
||||
]]>
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:attribute>
|
||||
</xsd:complexType>
|
||||
|
||||
|
||||
|
||||
<xsd:element name="authentication-mechanism"
|
||||
type="AuthenticationManager">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation
|
||||
source="org.acegisecurity.providers.ProviderManager">
|
||||
<![CDATA[
|
||||
Resolves to 'org.acegisecurity.providers.ProviderManager'
|
||||
]]>
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:element>
|
||||
|
||||
<xsd:complexType name="AuthenticationManager">
|
||||
<xsd:sequence>
|
||||
<xsd:element ref="authentication-jdbc" minOccurs="0"
|
||||
maxOccurs="1" />
|
||||
<xsd:element ref="authentication-ldap" minOccurs="0"
|
||||
maxOccurs="1" />
|
||||
</xsd:sequence>
|
||||
<xsd:attribute name="id" type="xsd:ID">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
<![CDATA[
|
||||
The unique identifier for a bean.
|
||||
]]>
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:attribute>
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:element name="authentication-jdbc">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation
|
||||
source="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
|
||||
<![CDATA[
|
||||
if not specified will be auto-tetected from the ApplicationContext and tried in order
|
||||
]]>
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
<xsd:complexType>
|
||||
<xsd:attribute name="ref" type="xsd:string" />
|
||||
</xsd:complexType>
|
||||
</xsd:element>
|
||||
|
||||
<xsd:element name="authentication-ldap">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation
|
||||
source="org.acegisecurity.providers.ldap.LdapAuthenticationProvider">
|
||||
<![CDATA[
|
||||
if not specified will be auto-tetected from the ApplicationContext and tried in order
|
||||
]]>
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
<xsd:complexType>
|
||||
<xsd:attribute name="ref" type="xsd:string">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
<![CDATA[
|
||||
A short-cut alternative to a nested "<ref bean='...'/>" element.
|
||||
]]>
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:attribute>
|
||||
</xsd:complexType>
|
||||
</xsd:element>
|
||||
|
||||
|
||||
|
||||
<xsd:element name="principal-repository" type="PrincipalRepository" />
|
||||
|
||||
<xsd:complexType name="PrincipalRepository">
|
||||
<xsd:choice>
|
||||
<xsd:element ref="jdbc" minOccurs="0" maxOccurs="1" />
|
||||
<xsd:element ref="ldap" minOccurs="0" maxOccurs="1" />
|
||||
<xsd:element ref="properties" minOccurs="0" maxOccurs="1" />
|
||||
<xsd:element ref="user-definition" minOccurs="0"
|
||||
maxOccurs="unbounded" />
|
||||
</xsd:choice>
|
||||
<xsd:attribute name="id" type="xsd:ID">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
<![CDATA[
|
||||
The unique identifier for a bean.
|
||||
]]>
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:attribute>
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:element name="jdbc">
|
||||
<xsd:complexType>
|
||||
<xsd:attribute name="dataSourceBeanRef" type="xsd:string" />
|
||||
<xsd:attribute name="authoritiesByUsernameQuery"
|
||||
type="xsd:string" use="optional" />
|
||||
<xsd:attribute name="jdbcTemplateBeanRef" type="xsd:string"
|
||||
use="optional" />
|
||||
<xsd:attribute name="rolePrefix" type="xsd:string"
|
||||
use="optional" />
|
||||
<xsd:attribute name="usernameBasedPrimaryKey"
|
||||
type="xsd:boolean" use="optional" />
|
||||
<xsd:attribute name="usersByUsernameQuery" type="xsd:string"
|
||||
use="optional" />
|
||||
</xsd:complexType>
|
||||
</xsd:element>
|
||||
|
||||
|
||||
<xsd:element name="ldap">
|
||||
<xsd:complexType>
|
||||
<xsd:attribute name="not-yet-defined" type="xsd:string" />
|
||||
</xsd:complexType>
|
||||
</xsd:element>
|
||||
|
||||
<xsd:element name="properties">
|
||||
<xsd:complexType>
|
||||
<xsd:attribute name="resource" type="xsd:string" />
|
||||
</xsd:complexType>
|
||||
</xsd:element>
|
||||
|
||||
<xsd:element name="user-definition">
|
||||
<xsd:complexType>
|
||||
<xsd:sequence>
|
||||
<xsd:element name="granted-authority" minOccurs="0"
|
||||
maxOccurs="unbounded">
|
||||
<xsd:complexType>
|
||||
<xsd:attribute name="authority"
|
||||
type="xsd:string" use="required" />
|
||||
</xsd:complexType>
|
||||
</xsd:element>
|
||||
<xsd:element name="granted-authority-ref" minOccurs="0"
|
||||
maxOccurs="unbounded">
|
||||
<xsd:complexType>
|
||||
<xsd:attribute name="authorityBeanRef"
|
||||
type="xsd:string" use="required" />
|
||||
</xsd:complexType>
|
||||
</xsd:element>
|
||||
</xsd:sequence>
|
||||
<xsd:attribute name="username" type="xsd:string"
|
||||
use="required" />
|
||||
<xsd:attribute name="password" type="xsd:string" />
|
||||
<xsd:attribute name="enabled" type="xsd:boolean" />
|
||||
<xsd:anyAttribute namespace="##local"
|
||||
processContents="strict" />
|
||||
</xsd:complexType>
|
||||
</xsd:element>
|
||||
|
||||
|
||||
<xsd:element name="authentication-repository"
|
||||
type="AuthenticationRepositoryType" />
|
||||
|
||||
<xsd:complexType name="AuthenticationRepositoryType">
|
||||
<xsd:sequence>
|
||||
<xsd:element name="salt-source" type="SaltSource"
|
||||
minOccurs="0" maxOccurs="1" />
|
||||
<xsd:element name="password-encoder" type="PasswordEncoder"
|
||||
minOccurs="0" maxOccurs="1" />
|
||||
</xsd:sequence>
|
||||
<xsd:attributeGroup ref="AuthenticationRepositoryAttributes" />
|
||||
</xsd:complexType>
|
||||
|
||||
<!-- <security:salt-source source="systemwide|reflection" salt="salt"/> -->
|
||||
<xsd:complexType name="SaltSource">
|
||||
<xsd:sequence>
|
||||
<xsd:choice minOccurs="0" maxOccurs="1">
|
||||
<xsd:element name="system-wide">
|
||||
<xsd:complexType>
|
||||
<xsd:attribute name="systemWideSalt"
|
||||
type="xsd:string" />
|
||||
</xsd:complexType>
|
||||
</xsd:element>
|
||||
<xsd:element name="reflection">
|
||||
<xsd:complexType>
|
||||
<xsd:attribute name="userPropertyToUse"
|
||||
type="xsd:string" />
|
||||
</xsd:complexType>
|
||||
</xsd:element>
|
||||
</xsd:choice>
|
||||
</xsd:sequence>
|
||||
<xsd:attribute name="saltSourceBeanRef" type="xsd:string"
|
||||
use="optional" />
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:complexType name="PasswordEncoder">
|
||||
<xsd:sequence>
|
||||
<xsd:choice minOccurs="0" maxOccurs="1">
|
||||
<xsd:element name="encoder">
|
||||
<xsd:complexType>
|
||||
<xsd:attribute name="method" type="encoders" />
|
||||
</xsd:complexType>
|
||||
</xsd:element>
|
||||
</xsd:choice>
|
||||
</xsd:sequence>
|
||||
<xsd:attribute name="encoderBeanRef" type="xsd:string"
|
||||
use="optional" />
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:attributeGroup name="AuthenticationRepositoryAttributes">
|
||||
<xsd:attribute name="id" type="xsd:ID">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
<![CDATA[
|
||||
The unique identifier for a bean.
|
||||
]]>
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:attribute>
|
||||
<xsd:attribute name="repositoryBeanRef" type="xsd:string">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
<![CDATA[
|
||||
Reference of a bean.
|
||||
]]>
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:attribute>
|
||||
</xsd:attributeGroup>
|
||||
|
||||
<!-- simple internal types -->
|
||||
<xsd:simpleType name="defaultable-boolean">
|
||||
<xsd:restriction base="xsd:NMTOKEN">
|
||||
<xsd:enumeration value="true" />
|
||||
<xsd:enumeration value="false" />
|
||||
</xsd:restriction>
|
||||
</xsd:simpleType>
|
||||
|
||||
|
||||
|
||||
<xsd:simpleType name="encoders">
|
||||
<xsd:restriction base="xsd:NMTOKEN">
|
||||
<xsd:enumeration value="md5" />
|
||||
<xsd:enumeration value="md5Hex" />
|
||||
<xsd:enumeration value="sha" />
|
||||
<xsd:enumeration value="shaHex" />
|
||||
<xsd:enumeration value="custom" />
|
||||
</xsd:restriction>
|
||||
</xsd:simpleType>
|
||||
|
||||
|
||||
|
||||
|
||||
</xsd:schema>
|
||||
@ -0,0 +1,38 @@
|
||||
package org.acegisecurity;
|
||||
|
||||
import junit.framework.Test;
|
||||
import junit.framework.TestCase;
|
||||
import junit.framework.TestSuite;
|
||||
|
||||
/**
|
||||
* Unit test for simple App.
|
||||
*/
|
||||
public class AppTest
|
||||
extends TestCase
|
||||
{
|
||||
/**
|
||||
* Create the test case
|
||||
*
|
||||
* @param testName name of the test case
|
||||
*/
|
||||
public AppTest( String testName )
|
||||
{
|
||||
super( testName );
|
||||
}
|
||||
|
||||
/**
|
||||
* @return the suite of tests being tested
|
||||
*/
|
||||
public static Test suite()
|
||||
{
|
||||
return new TestSuite( AppTest.class );
|
||||
}
|
||||
|
||||
/**
|
||||
* Rigourous Test :-)
|
||||
*/
|
||||
public void testApp()
|
||||
{
|
||||
assertTrue( true );
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,25 @@
|
||||
/**
|
||||
*
|
||||
*/
|
||||
package org.acegisecurity.config;
|
||||
|
||||
import org.acegisecurity.providers.ProviderManager;
|
||||
import org.acegisecurity.providers.dao.DaoAuthenticationProvider;
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.context.support.ClassPathXmlApplicationContext;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
/**
|
||||
* @author vpuri
|
||||
*
|
||||
*/
|
||||
public class AuthenticationMechanismNamespaceTests extends TestCase {
|
||||
public void testParserDefaults() {
|
||||
ApplicationContext context = new ClassPathXmlApplicationContext(
|
||||
"org/acegisecurity/config/remember-me-defaults.xml");
|
||||
ProviderManager mgr = (ProviderManager) context.getBean("authenticationManager");
|
||||
assertEquals(1, mgr.getProviders().size());
|
||||
assertTrue(mgr.getProviders().get(0) instanceof DaoAuthenticationProvider);
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,25 @@
|
||||
/**
|
||||
*
|
||||
*/
|
||||
package org.acegisecurity.config;
|
||||
|
||||
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.context.support.ClassPathXmlApplicationContext;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
/**
|
||||
* @author vpuri
|
||||
*
|
||||
*/
|
||||
public class AuthenticationProcessingFilterNamespaceTests extends TestCase {
|
||||
|
||||
public void testAuthenticationFilterBeanDefinition() {
|
||||
ApplicationContext context = new ClassPathXmlApplicationContext(
|
||||
"org/acegisecurity/config/authentication-form-filter.xml");
|
||||
ConfigurableListableBeanFactory factory = (ConfigurableListableBeanFactory) context
|
||||
.getAutowireCapableBeanFactory();
|
||||
}
|
||||
|
||||
}
|
||||
@ -0,0 +1,120 @@
|
||||
/**
|
||||
*
|
||||
*/
|
||||
package org.acegisecurity.config;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import org.acegisecurity.providers.AuthenticationProvider;
|
||||
import org.acegisecurity.providers.dao.DaoAuthenticationProvider;
|
||||
import org.acegisecurity.providers.dao.SaltSource;
|
||||
import org.acegisecurity.providers.encoding.Md5PasswordEncoder;
|
||||
import org.acegisecurity.providers.encoding.PasswordEncoder;
|
||||
import org.acegisecurity.providers.encoding.PlaintextPasswordEncoder;
|
||||
import org.acegisecurity.userdetails.jdbc.JdbcDaoImpl;
|
||||
import org.springframework.beans.PropertyValue;
|
||||
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
|
||||
import org.springframework.beans.factory.config.RuntimeBeanReference;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.context.support.ClassPathXmlApplicationContext;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
/**
|
||||
* @author vpuri
|
||||
*
|
||||
*/
|
||||
public class AuthenticationRepositoryParserTest extends TestCase {
|
||||
|
||||
public void testAuthenticationRepositoryDefaultWithAutoUserdetails() {
|
||||
ApplicationContext context = new ClassPathXmlApplicationContext(
|
||||
"org/acegisecurity/config/authentication-dao-defaults.xml");
|
||||
ConfigurableListableBeanFactory clbf = (ConfigurableListableBeanFactory) context
|
||||
.getAutowireCapableBeanFactory();
|
||||
|
||||
String[] names = clbf.getBeanNamesForType(AuthenticationProvider.class);
|
||||
assertEquals(1, names.length);
|
||||
|
||||
// check bean class
|
||||
RootBeanDefinition definition = (RootBeanDefinition) clbf.getBeanDefinition(names[0]);
|
||||
assertEquals(DaoAuthenticationProvider.class, definition.getBeanClass());
|
||||
|
||||
DaoAuthenticationProvider provider = (DaoAuthenticationProvider) context.getBean("authenticationRepository");
|
||||
Assert.isAssignable(JdbcDaoImpl.class, provider.getUserDetailsService().getClass());
|
||||
|
||||
}
|
||||
|
||||
public void testCollaboratorsAsInnerBeans() {
|
||||
ApplicationContext context = new ClassPathXmlApplicationContext(
|
||||
"org/acegisecurity/config/authentication-innerbeans.xml");
|
||||
ConfigurableListableBeanFactory clbf = (ConfigurableListableBeanFactory) context
|
||||
.getAutowireCapableBeanFactory();
|
||||
// get the main bean definition, there should be only one
|
||||
String[] names = clbf.getBeanNamesForType(AuthenticationProvider.class);
|
||||
assertEquals(1, names.length);
|
||||
RootBeanDefinition definition = (RootBeanDefinition) clbf.getBeanDefinition(names[0]);
|
||||
assertEquals(DaoAuthenticationProvider.class, definition.getBeanClass());
|
||||
|
||||
// get the 2 inner beans
|
||||
PropertyValue saltSourceBean = definition.getPropertyValues().getPropertyValue("saltSource");
|
||||
assertEquals("saltSource", saltSourceBean.getName());
|
||||
|
||||
// get the BeanDefinition
|
||||
RootBeanDefinition saltsourceDef = (RootBeanDefinition) saltSourceBean.getValue();
|
||||
Assert.isAssignable(SaltSource.class, saltsourceDef.getBeanClass());
|
||||
|
||||
PropertyValue encoder = definition.getPropertyValues().getPropertyValue("passwordEncoder");
|
||||
assertEquals("passwordEncoder", encoder.getName());
|
||||
|
||||
// get the BeanDefinition
|
||||
RootBeanDefinition encoderDef = (RootBeanDefinition) encoder.getValue();
|
||||
Assert.isAssignable(PasswordEncoder.class, encoderDef.getBeanClass());
|
||||
|
||||
assertEquals("incorrect bean class name", encoderDef.getBeanClassName(), Md5PasswordEncoder.class.getName());
|
||||
}
|
||||
|
||||
public void testCollaboratorsAsBeanRef() {
|
||||
ApplicationContext context = new ClassPathXmlApplicationContext(
|
||||
"org/acegisecurity/config/authentication-beanRef-attributes.xml");
|
||||
ConfigurableListableBeanFactory clbf = (ConfigurableListableBeanFactory) context
|
||||
.getAutowireCapableBeanFactory();
|
||||
// get the main bean definition, there should be only one
|
||||
String[] names = clbf.getBeanNamesForType(AuthenticationProvider.class);
|
||||
assertEquals(1, names.length);
|
||||
RootBeanDefinition definition = (RootBeanDefinition) clbf.getBeanDefinition(names[0]);
|
||||
assertEquals(DaoAuthenticationProvider.class, definition.getBeanClass());
|
||||
|
||||
// get the referred collaborators
|
||||
|
||||
PropertyValue userDetailsBean = definition.getPropertyValues().getPropertyValue("userDetailsService");
|
||||
assertEquals("userDetailsService", userDetailsBean.getName());
|
||||
|
||||
PropertyValue saltSourceBean = definition.getPropertyValues().getPropertyValue("saltSource");
|
||||
assertEquals("saltSource", saltSourceBean.getName());
|
||||
|
||||
// get the BeanDefinition
|
||||
RuntimeBeanReference saltsourceDef = (RuntimeBeanReference) saltSourceBean.getValue();
|
||||
assertEquals("refToSaltSource", saltsourceDef.getBeanName());
|
||||
|
||||
PropertyValue encoder = definition.getPropertyValues().getPropertyValue("passwordEncoder");
|
||||
assertEquals("passwordEncoder", encoder.getName());
|
||||
|
||||
// get the BeanDefinition
|
||||
RuntimeBeanReference encoderDef = (RuntimeBeanReference) encoder.getValue();
|
||||
assertEquals("refToPasswordEncoder", encoderDef.getBeanName());
|
||||
|
||||
DaoAuthenticationProvider provider = (DaoAuthenticationProvider) context.getBean("authenticationRepository");
|
||||
assertTrue(provider.getPasswordEncoder() instanceof PasswordEncoder);
|
||||
assertEquals(Md5PasswordEncoder.class, provider.getPasswordEncoder().getClass());
|
||||
}
|
||||
|
||||
public void testAutodetectionOfUserDetailsService() {
|
||||
ApplicationContext context = new ClassPathXmlApplicationContext(
|
||||
"org/acegisecurity/config/authentication-defaults.xml");
|
||||
DaoAuthenticationProvider provider = (DaoAuthenticationProvider) context.getBean("authenticationRepository");
|
||||
assertNotNull(provider.getUserDetailsService());
|
||||
assertNull(provider.getSaltSource());
|
||||
assertEquals(PlaintextPasswordEncoder.class, provider.getPasswordEncoder().getClass());
|
||||
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,47 @@
|
||||
package org.acegisecurity.config;
|
||||
|
||||
import javax.servlet.Filter;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import org.acegisecurity.ui.ExceptionTranslationFilter;
|
||||
import org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint;
|
||||
import org.springframework.beans.PropertyValue;
|
||||
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
|
||||
import org.springframework.beans.factory.config.RuntimeBeanReference;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.context.support.ClassPathXmlApplicationContext;
|
||||
|
||||
public class ExceptionTranslationParserTests extends TestCase {
|
||||
|
||||
public void testParsingBeanReferences() {
|
||||
ApplicationContext context = new ClassPathXmlApplicationContext(
|
||||
"org/acegisecurity/config/exception-translation-beanref.xml");
|
||||
ConfigurableListableBeanFactory factory = (ConfigurableListableBeanFactory) context
|
||||
.getAutowireCapableBeanFactory();
|
||||
String[] beanNames = factory.getBeanNamesForType(Filter.class);
|
||||
assertEquals(1, beanNames.length);
|
||||
RootBeanDefinition def = (RootBeanDefinition) factory.getBeanDefinition(beanNames[0]);
|
||||
assertEquals(ExceptionTranslationFilter.class.getName(), def.getBeanClassName());
|
||||
// check collaborators
|
||||
PropertyValue accessDeniedHandler = def.getPropertyValues().getPropertyValue("accessDeniedHandler");
|
||||
assertNotNull(accessDeniedHandler);
|
||||
assertEquals(accessDeniedHandler.getValue(), new RuntimeBeanReference("theBeanToUse"));
|
||||
PropertyValue entryPoint = def.getPropertyValues().getPropertyValue("authenticationEntryPoint");
|
||||
assertNotNull(entryPoint);
|
||||
assertEquals(entryPoint.getValue(), new RuntimeBeanReference("authenticationProcessingFilterEntryPoint"));
|
||||
}
|
||||
|
||||
public void testRuntimeBeanDependencies() {
|
||||
ApplicationContext context = new ClassPathXmlApplicationContext(
|
||||
"org/acegisecurity/config/exception-translation-beanref.xml");
|
||||
ExceptionTranslationFilter filter = (ExceptionTranslationFilter) context.getBean("exceptionTranslationFilter");
|
||||
AuthenticationProcessingFilterEntryPoint entryPoint = (AuthenticationProcessingFilterEntryPoint) filter
|
||||
.getAuthenticationEntryPoint();
|
||||
assertEquals("/acegilogin.jsp", entryPoint.getLoginFormUrl());
|
||||
assertFalse(entryPoint.getForceHttps());
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
@ -0,0 +1,44 @@
|
||||
/**
|
||||
*
|
||||
*/
|
||||
package org.acegisecurity.config;
|
||||
|
||||
import javax.servlet.Filter;
|
||||
|
||||
import org.acegisecurity.context.HttpSessionContextIntegrationFilter;
|
||||
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.context.support.ClassPathXmlApplicationContext;
|
||||
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
/**
|
||||
* @author vpuri
|
||||
*
|
||||
*/
|
||||
public class HttpSessionContextIntegrationParserTest extends TestCase {
|
||||
|
||||
public void testApplicationContext() {
|
||||
ApplicationContext context = new ClassPathXmlApplicationContext("org/acegisecurity/config/session-context-integration-defaults.xml");
|
||||
ConfigurableListableBeanFactory clbf =
|
||||
(ConfigurableListableBeanFactory)context.getAutowireCapableBeanFactory();
|
||||
|
||||
String[] names = clbf.getBeanNamesForType(Filter.class);
|
||||
assertEquals(1, names.length);
|
||||
|
||||
// check bean name
|
||||
RootBeanDefinition definition = (RootBeanDefinition)clbf.getBeanDefinition(names[0]);
|
||||
assertEquals(HttpSessionContextIntegrationFilter.class, definition.getBeanClass());
|
||||
|
||||
// check properties
|
||||
//get the bean
|
||||
HttpSessionContextIntegrationFilter filter = (HttpSessionContextIntegrationFilter)context.getBean("httpSessionContextIntegrationFilter");
|
||||
assertFalse(filter.isAllowSessionCreation());
|
||||
assertNotNull(definition.getPropertyValues().getPropertyValue("allowSessionCreation"));
|
||||
assertFalse(filter.isForceEagerSessionCreation());
|
||||
assertFalse(filter.isCloneFromHttpSession());
|
||||
}
|
||||
|
||||
}
|
||||
@ -0,0 +1,29 @@
|
||||
/**
|
||||
*
|
||||
*/
|
||||
package org.acegisecurity.config;
|
||||
|
||||
import java.util.Map;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import org.acegisecurity.ui.logout.LogoutHandler;
|
||||
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.context.support.ClassPathXmlApplicationContext;
|
||||
|
||||
/**
|
||||
* @author vpuri
|
||||
*
|
||||
*/
|
||||
public class LogoutFilterBeanDefinitionParserTests extends TestCase {
|
||||
|
||||
public void testLogoutFilter() {
|
||||
ApplicationContext context = new ClassPathXmlApplicationContext(
|
||||
"org/acegisecurity/config/logout-filter-with-handlers.xml");
|
||||
ConfigurableListableBeanFactory bf = (ConfigurableListableBeanFactory) context.getAutowireCapableBeanFactory();
|
||||
Map m = bf.getBeansOfType(LogoutHandler.class);
|
||||
assertEquals(2, m.size());
|
||||
}
|
||||
|
||||
}
|
||||
@ -0,0 +1,22 @@
|
||||
/**
|
||||
*
|
||||
*/
|
||||
package org.acegisecurity.config;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.context.support.ClassPathXmlApplicationContext;
|
||||
|
||||
/**
|
||||
* @author vpuri
|
||||
*
|
||||
*/
|
||||
public class NamespaceTests extends TestCase {
|
||||
|
||||
|
||||
public void testPass() {
|
||||
ApplicationContext c = new ClassPathXmlApplicationContext("org/acegisecurity/config/applicationContext-acegi-security.xml");
|
||||
}
|
||||
|
||||
}
|
||||
@ -0,0 +1,66 @@
|
||||
/**
|
||||
*
|
||||
*/
|
||||
package org.acegisecurity.config;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import org.acegisecurity.GrantedAuthority;
|
||||
import org.acegisecurity.GrantedAuthorityImpl;
|
||||
import org.acegisecurity.userdetails.User;
|
||||
import org.acegisecurity.userdetails.UserDetailsService;
|
||||
import org.acegisecurity.userdetails.memory.InMemoryDaoImpl;
|
||||
import org.acegisecurity.userdetails.memory.UserMap;
|
||||
import org.springframework.beans.PropertyValue;
|
||||
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.context.support.ClassPathXmlApplicationContext;
|
||||
|
||||
/**
|
||||
* @author vpuri
|
||||
*
|
||||
*/
|
||||
public class PrincipalRepositoryNamespaceTests extends TestCase {
|
||||
|
||||
public void testParserWithUserDefinition() {
|
||||
ApplicationContext context = new ClassPathXmlApplicationContext(
|
||||
"org/acegisecurity/config/principal-repository-user-map.xml");
|
||||
|
||||
ConfigurableListableBeanFactory clbf = (ConfigurableListableBeanFactory) context
|
||||
.getAutowireCapableBeanFactory();
|
||||
|
||||
String[] names = clbf.getBeanNamesForType(UserDetailsService.class);
|
||||
assertEquals(1, names.length);
|
||||
|
||||
RootBeanDefinition definition = (RootBeanDefinition) clbf.getBeanDefinition(names[0]);
|
||||
assertEquals(InMemoryDaoImpl.class, definition.getBeanClass());
|
||||
|
||||
UserMap map = new UserMap();
|
||||
|
||||
GrantedAuthority[] authotities = { new GrantedAuthorityImpl("ROLE_YO"), new GrantedAuthorityImpl("ROLE_YOYO") };
|
||||
|
||||
User user = new User("vishal", "nottellingya", true, true, true, true, authotities);
|
||||
|
||||
map.addUser(user);
|
||||
|
||||
assertPropertyValues(map, definition, "userMap");
|
||||
|
||||
}
|
||||
|
||||
private void assertPropertyValues(UserMap assertionValue, RootBeanDefinition definition, String property) {
|
||||
PropertyValue propertyValue = definition.getPropertyValues().getPropertyValue(property);
|
||||
assertNotNull(propertyValue);
|
||||
assertTrue(propertyValue.getValue() instanceof UserMap);
|
||||
UserMap users = (UserMap) propertyValue.getValue();
|
||||
assertTrue(assertionValue.getUserCount() == users.getUserCount());
|
||||
assertEquals(assertionValue.getUser("vishal"), users.getUser("vishal"));
|
||||
assertTrue(users.getUser("vishal").isEnabled());
|
||||
assertTrue(users.getUser("vishal").isAccountNonExpired());
|
||||
assertTrue(users.getUser("vishal").isAccountNonLocked());
|
||||
assertTrue(users.getUser("vishal").isCredentialsNonExpired());
|
||||
assertEquals(2, users.getUser("vishal").getAuthorities().length);
|
||||
assertEquals(new GrantedAuthorityImpl("ROLE_YO"), users.getUser("vishal").getAuthorities()[0]);
|
||||
assertEquals(new GrantedAuthorityImpl("ROLE_YOYO"), users.getUser("vishal").getAuthorities()[1]);
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,19 @@
|
||||
package org.acegisecurity.config;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import org.acegisecurity.providers.ProviderManager;
|
||||
import org.acegisecurity.providers.dao.DaoAuthenticationProvider;
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.context.support.ClassPathXmlApplicationContext;
|
||||
|
||||
public class RememberMeBeanDefinitionParserTest extends TestCase {
|
||||
|
||||
public void testParserDefaults() {
|
||||
ApplicationContext context = new ClassPathXmlApplicationContext("org/acegisecurity/config/remember-me-defaults.xml");
|
||||
ProviderManager mgr = (ProviderManager)context.getBean("authenticationManager");
|
||||
assertEquals(1, mgr.getProviders().size());
|
||||
assertTrue(mgr.getProviders().get(0) instanceof DaoAuthenticationProvider);
|
||||
}
|
||||
|
||||
}
|
||||
@ -0,0 +1,176 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<beans xmlns="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns:security="http://www.springframework.org/schema/security"
|
||||
xmlns:util="http://www.springframework.org/schema/util"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
|
||||
http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
|
||||
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
|
||||
|
||||
<!--
|
||||
- A simple "base bones" Acegi Security configuration.
|
||||
-
|
||||
- The sample includes the "popular" features that people tend to use.
|
||||
- Specifically, form authentication, remember-me, and anonymous processing.
|
||||
- Other features aren't setup, as these can be added later by inserting
|
||||
- the relevant XML fragments as specified in the Reference Guide.
|
||||
-
|
||||
- To assist new users, the filters specified in the FilterChainProxy are
|
||||
- declared in the application context in the same order. Collaborators
|
||||
- required by those filters are placed at the end of the file.
|
||||
-
|
||||
- $Id: applicationContext-acegi-security.xml 1833 2007-05-17 23:06:46Z vishalpuri $
|
||||
-->
|
||||
|
||||
|
||||
<bean id="filterChainProxy"
|
||||
class="org.acegisecurity.util.FilterChainProxy">
|
||||
<property name="filterInvocationDefinitionSource">
|
||||
<value>
|
||||
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
|
||||
PATTERN_TYPE_APACHE_ANT
|
||||
/**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
|
||||
</value>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<!-- sessionCreation defaults to ifRequired(true) always(true) never(false) . -->
|
||||
<security:session-context-integration
|
||||
id="httpSessionContextIntegrationFilter" sessionCreation="ifRequired" />
|
||||
|
||||
|
||||
<!-- If LogoutFilter does not have setHandlers populated, introspect app ctx for LogoutHandlers, using Ordered (if present, otherwise assume Integer.MAX_VALUE) -->
|
||||
<!-- The logoutUrl and redirectAfterLogout are both optional and default to that shown -->
|
||||
<security:logout-support id="logoutFilter"
|
||||
redirectAfterLogoutUrl="/index.jsp" logoutUrl="/j_acegi_logout" />
|
||||
|
||||
<security:authentication-remember-me-services
|
||||
id="rememberMeServices" key="someValue" />
|
||||
|
||||
|
||||
<bean id="securityContextLogoutHandler"
|
||||
class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler" />
|
||||
|
||||
<!-- the URLs are all mandatory and have no defaults (well, except authenticationUrl) -->
|
||||
<security:authentication-form id="authenticationProcessingFilter"
|
||||
authenticationUrl="/j_acegi_security_check" defaultTargetUrl="/"
|
||||
errorFormUrl="/acegilogin.jsp?login_error=1" />
|
||||
|
||||
<!-- make it optional, if not supplied autodetect all auth-providers from app ctx, using Ordered to resolve their order -->
|
||||
<security:authentication-mechanism id="authenticationManager">
|
||||
<security:authentication-jdbc ref="daoAuthenticationProvider" />
|
||||
</security:authentication-mechanism>
|
||||
|
||||
|
||||
<!-- UserDetailsService is the most commonly frequently Acegi Security interface implemented by end users -->
|
||||
<security:principal-repository id="userDetailsService">
|
||||
<security:properties
|
||||
resource="classpath:org/acegisecurity/config/user.properties" />
|
||||
</security:principal-repository>
|
||||
|
||||
<!-- dao authentication provider "authenticationRepository" -->
|
||||
<security:authentication-repository id="daoAuthenticationProvider" />
|
||||
|
||||
|
||||
<bean id="securityContextHolderAwareRequestFilter"
|
||||
class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter" />
|
||||
|
||||
<!-- makes the filter, but does little else, as it auto-detects everything -->
|
||||
<security:authentication-remember-me-filter
|
||||
id="rememberMeProcessingFilter" />
|
||||
|
||||
<bean id="anonymousProcessingFilter"
|
||||
class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
|
||||
<property name="key" value="changeThis" />
|
||||
<property name="userAttribute"
|
||||
value="anonymousUser,ROLE_ANONYMOUS" />
|
||||
</bean>
|
||||
|
||||
<!-- Basically accessDeniedUrl is optional, we if unspecified impl will auto-detect any AccessDeniedHandler in ctx and use it;
|
||||
alternately if there are > 1 such handlers, we can nominate the one to use via accessDeniedBeanRef; provide nested elements for
|
||||
other props; i do not mind if you move the access denied stuff to a sub-element -->
|
||||
<security:exception-translation id="exceptionTranslationFilter">
|
||||
<security:entry-point
|
||||
entryPointBeanRef="authenticationEntryPoint" />
|
||||
</security:exception-translation>
|
||||
|
||||
|
||||
<bean id="authenticationEntryPoint"
|
||||
class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
|
||||
<property name="loginFormUrl" value="/acegilogin.jsp" />
|
||||
<property name="forceHttps" value="false" />
|
||||
</bean>
|
||||
|
||||
|
||||
<bean id="accessDeniedHandler"
|
||||
class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
|
||||
<property name="errorPage" value="/accessDenied.jsp" />
|
||||
</bean>
|
||||
|
||||
|
||||
<bean id="filterInvocationInterceptor"
|
||||
class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
|
||||
<property name="authenticationManager"
|
||||
ref="authenticationManager" />
|
||||
<property name="accessDecisionManager">
|
||||
<bean class="org.acegisecurity.vote.AffirmativeBased">
|
||||
<property name="allowIfAllAbstainDecisions"
|
||||
value="false" />
|
||||
<property name="decisionVoters">
|
||||
<list>
|
||||
<bean class="org.acegisecurity.vote.RoleVoter" />
|
||||
<bean
|
||||
class="org.acegisecurity.vote.AuthenticatedVoter" />
|
||||
</list>
|
||||
</property>
|
||||
</bean>
|
||||
</property>
|
||||
<property name="objectDefinitionSource">
|
||||
<value>
|
||||
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
|
||||
PATTERN_TYPE_APACHE_ANT
|
||||
/secure/extreme/**=ROLE_SUPERVISOR
|
||||
/secure/**=IS_AUTHENTICATED_REMEMBERED
|
||||
/**=IS_AUTHENTICATED_ANONYMOUSLY
|
||||
</value>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
|
||||
<!--<bean id="authenticationManager"
|
||||
class="org.acegisecurity.providers.ProviderManager">
|
||||
<property name="providers">
|
||||
<list>
|
||||
<ref local="daoAuthenticationProvider" />
|
||||
<bean
|
||||
class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
|
||||
<property name="key" value="changeThis" />
|
||||
</bean>
|
||||
<bean
|
||||
class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">
|
||||
<property name="key" value="changeThis" />
|
||||
</bean>
|
||||
</list>
|
||||
</property>
|
||||
</bean>-->
|
||||
|
||||
<bean id="userCache"
|
||||
class="org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
|
||||
<property name="cache">
|
||||
<bean
|
||||
class="org.springframework.cache.ehcache.EhCacheFactoryBean">
|
||||
<property name="cacheManager">
|
||||
<bean
|
||||
class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean" />
|
||||
</property>
|
||||
<property name="cacheName" value="userCache" />
|
||||
</bean>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<!-- This bean is optional; it isn't used by any other bean as it only listens and logs -->
|
||||
<bean id="loggerListener"
|
||||
class="org.acegisecurity.event.authentication.LoggerListener" />
|
||||
|
||||
</beans>
|
||||
@ -0,0 +1,21 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<beans xmlns="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns:security="http://www.springframework.org/schema/security"
|
||||
xmlns:util="http://www.springframework.org/schema/util"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
|
||||
http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
|
||||
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
|
||||
|
||||
<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
|
||||
<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
|
||||
|
||||
<!-- AuthenticationEntryPoints handled across the system via Ordered interface; every Acegi entry point has an order; the highest order wins and
|
||||
is used as the entry point by ExceptionTranslationFilter; for things like BasicAuthenticationfilter, they're smart enough to know they need a
|
||||
BasicAuthenticationProcessingFilterEntryPoint, so they use that one; here we have an entryPointOrder to say when we make the BasicEntryPoint,
|
||||
we will call setOrder(2) such that this app effectively will use somehing with a higher order as the app-wide default -->
|
||||
<security:authentication-basic id="id"
|
||||
realmName="Spring Security Application" entryPointOrder="2" />
|
||||
|
||||
</beans>
|
||||
@ -0,0 +1,53 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<beans xmlns="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns:security="http://www.springframework.org/schema/security"
|
||||
xmlns:util="http://www.springframework.org/schema/util"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
|
||||
http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
|
||||
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
|
||||
|
||||
<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
|
||||
<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
|
||||
|
||||
<security:authentication-repository id="authenticationRepository" repositoryBeanRef="refToUserDetailsService">
|
||||
<security:salt-source saltSourceBeanRef="refToSaltSource"/>
|
||||
<security:password-encoder encoderBeanRef="refToPasswordEncoder"/>
|
||||
</security:authentication-repository>
|
||||
|
||||
<bean id="refToUserDetailsService"
|
||||
class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
|
||||
<property name="dataSource">
|
||||
<ref bean="dataSource" />
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<bean id="dataSource"
|
||||
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
|
||||
<property name="driverClassName">
|
||||
<value>org.hsqldb.jdbcDriver</value>
|
||||
</property>
|
||||
<property name="url">
|
||||
<value>jdbc:hsqldb:mem:test</value>
|
||||
<!-- <value>jdbc:hsqldb:hsql://localhost/acl</value> -->
|
||||
</property>
|
||||
<property name="username">
|
||||
<value>sa</value>
|
||||
</property>
|
||||
<property name="password">
|
||||
<value></value>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<bean id="refToSaltSource"
|
||||
class="org.acegisecurity.providers.dao.salt.SystemWideSaltSource">
|
||||
<property name="systemWideSalt">
|
||||
<value>12345</value>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<bean id="refToPasswordEncoder"
|
||||
class="org.acegisecurity.providers.encoding.Md5PasswordEncoder" />
|
||||
|
||||
</beans>
|
||||
@ -0,0 +1,54 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<beans xmlns="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns:security="http://www.springframework.org/schema/security"
|
||||
xmlns:util="http://www.springframework.org/schema/util"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
|
||||
http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
|
||||
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
|
||||
|
||||
<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
|
||||
<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
|
||||
|
||||
<!-- Case 1: defaults (userDetailsService mandatory)-->
|
||||
<!-- autocreate userDetailsService with dataSource(search in ctx) injected -->
|
||||
|
||||
<security:authentication-repository id="authenticationRepository">
|
||||
<security:password-encoder encoderBeanRef="passwordEncoder" />
|
||||
</security:authentication-repository>
|
||||
|
||||
<bean id="userDetailsService"
|
||||
class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
|
||||
<property name="dataSource">
|
||||
<ref bean="dataSource" />
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<bean id="dataSource"
|
||||
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
|
||||
<property name="driverClassName">
|
||||
<value>org.hsqldb.jdbcDriver</value>
|
||||
</property>
|
||||
<property name="url">
|
||||
<value>jdbc:hsqldb:mem:test</value>
|
||||
<!-- <value>jdbc:hsqldb:hsql://localhost/acl</value> -->
|
||||
</property>
|
||||
<property name="username">
|
||||
<value>sa</value>
|
||||
</property>
|
||||
<property name="password">
|
||||
<value></value>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<bean id="saltSource"
|
||||
class="org.acegisecurity.providers.dao.salt.SystemWideSaltSource">
|
||||
<property name="systemWideSalt">
|
||||
<value>12345</value>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<bean id="passwordEncoder"
|
||||
class="org.acegisecurity.providers.encoding.Md5PasswordEncoder" />
|
||||
</beans>
|
||||
@ -0,0 +1,40 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<beans xmlns="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns:security="http://www.springframework.org/schema/security"
|
||||
xmlns:util="http://www.springframework.org/schema/util"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
|
||||
http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
|
||||
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
|
||||
|
||||
<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
|
||||
<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
|
||||
|
||||
<security:authentication-repository id="authenticationRepository"/>
|
||||
|
||||
<bean id="userDetailsService"
|
||||
class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
|
||||
<property name="dataSource">
|
||||
<ref bean="dataSource" />
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<bean id="dataSource"
|
||||
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
|
||||
<property name="driverClassName">
|
||||
<value>org.hsqldb.jdbcDriver</value>
|
||||
</property>
|
||||
<property name="url">
|
||||
<value>jdbc:hsqldb:mem:test</value>
|
||||
<!-- <value>jdbc:hsqldb:hsql://localhost/acl</value> -->
|
||||
</property>
|
||||
<property name="username">
|
||||
<value>sa</value>
|
||||
</property>
|
||||
<property name="password">
|
||||
<value></value>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
</beans>
|
||||
@ -0,0 +1,57 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<beans xmlns="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns:security="http://www.springframework.org/schema/security"
|
||||
xmlns:util="http://www.springframework.org/schema/util"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
|
||||
http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
|
||||
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
|
||||
|
||||
<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
|
||||
<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
|
||||
|
||||
|
||||
<!-- the URLs are all mandatory and have no defaults (well, except authenticationUrl) -->
|
||||
<security:authentication-form id="authenticationProcessinFilter"
|
||||
authenticationUrl="/login" defaultTargetUrl="/login.html"
|
||||
errorFormUrl="error.html" />
|
||||
|
||||
<!-- make it optional, if not supplied autodetect all auth-providers from app ctx, using Ordered to resolve their order -->
|
||||
<security:authentication-mechanism id="authenticationManager">
|
||||
<security:authentication-jdbc ref="authenticationRepository"/>
|
||||
</security:authentication-mechanism>
|
||||
|
||||
<!-- dao authentication provider -->
|
||||
<security:authentication-repository id="authenticationRepository" repositoryBeanRef="userDetailsService"/>
|
||||
|
||||
<security:authentication-remember-me-services
|
||||
id="rememberMeServices" key="someValue" />
|
||||
|
||||
<bean id="userDetailsService"
|
||||
class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
|
||||
<property name="dataSource">
|
||||
<ref bean="dataSource" />
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<bean id="dataSource"
|
||||
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
|
||||
<property name="driverClassName">
|
||||
<value>org.hsqldb.jdbcDriver</value>
|
||||
</property>
|
||||
<property name="url">
|
||||
<value>jdbc:hsqldb:mem:test</value>
|
||||
<!-- <value>jdbc:hsqldb:hsql://localhost/acl</value> -->
|
||||
</property>
|
||||
<property name="username">
|
||||
<value>sa</value>
|
||||
</property>
|
||||
<property name="password">
|
||||
<value></value>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
|
||||
</beans>
|
||||
|
||||
@ -0,0 +1,50 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<beans xmlns="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns:security="http://www.springframework.org/schema/security"
|
||||
xmlns:util="http://www.springframework.org/schema/util"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
|
||||
http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
|
||||
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
|
||||
|
||||
<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
|
||||
<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
|
||||
|
||||
<!-- Case 1: defaults (userDetailsService mandatory)-->
|
||||
<!-- autocreate userDetailsService with dataSource(search in ctx) injected -->
|
||||
|
||||
<security:authentication-repository id="authenticationRepository">
|
||||
<security:salt-source>
|
||||
<security:system-wide systemWideSalt="12345" />
|
||||
</security:salt-source>
|
||||
<security:password-encoder>
|
||||
<security:encoder method="md5" />
|
||||
</security:password-encoder>
|
||||
</security:authentication-repository>
|
||||
|
||||
<bean id="AnyBeanIdAsThisBeanWillBeAutoDetectedAndInjectedInauthenticationRepositoryUsingAutoWireByType"
|
||||
class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
|
||||
<property name="dataSource">
|
||||
<ref bean="dataSource" />
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<bean id="dataSource"
|
||||
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
|
||||
<property name="driverClassName">
|
||||
<value>org.hsqldb.jdbcDriver</value>
|
||||
</property>
|
||||
<property name="url">
|
||||
<value>jdbc:hsqldb:mem:test</value>
|
||||
<!-- <value>jdbc:hsqldb:hsql://localhost/acl</value> -->
|
||||
</property>
|
||||
<property name="username">
|
||||
<value>sa</value>
|
||||
</property>
|
||||
<property name="password">
|
||||
<value></value>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
</beans>
|
||||
@ -0,0 +1,37 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<beans xmlns="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns:security="http://www.springframework.org/schema/security"
|
||||
xmlns:util="http://www.springframework.org/schema/util"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
|
||||
http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
|
||||
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
|
||||
|
||||
<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
|
||||
<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
|
||||
|
||||
|
||||
<!-- Basically accessDeniedUrl is optional, we if unspecified impl will auto-detect any AccessDeniedHandler in ctx and use it;
|
||||
alternately if there are > 1 such handlers, we can nominate the one to use via accessDeniedBeanRef; provide nested elements for
|
||||
other props; i do not mind if you move the access denied stuff to a sub-element -->
|
||||
<security:exception-translation id="exceptionTranslationFilter">
|
||||
<security:entry-point
|
||||
entryPointBeanRef="authenticationProcessingFilterEntryPoint" />
|
||||
</security:exception-translation>
|
||||
|
||||
<bean id="theBeanToUse"
|
||||
class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
|
||||
<property name="errorPage" value="/accessDenied.jsp" />
|
||||
</bean>
|
||||
|
||||
<bean id="authenticationProcessingFilterEntryPoint"
|
||||
class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
|
||||
<property name="loginFormUrl">
|
||||
<value>/acegilogin.jsp</value>
|
||||
</property>
|
||||
<property name="forceHttps">
|
||||
<value>false</value>
|
||||
</property>
|
||||
</bean>
|
||||
</beans>
|
||||
@ -0,0 +1,38 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<beans xmlns="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns:security="http://www.springframework.org/schema/security"
|
||||
xmlns:util="http://www.springframework.org/schema/util"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
|
||||
http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
|
||||
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
|
||||
|
||||
<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
|
||||
<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
|
||||
|
||||
|
||||
<!-- Basically accessDeniedUrl is optional, we if unspecified impl will auto-detect any AccessDeniedHandler in ctx and use it;
|
||||
alternately if there are > 1 such handlers, we can nominate the one to use via accessDeniedBeanRef; provide nested elements for
|
||||
other props; i do not mind if you move the access denied stuff to a sub-element -->
|
||||
<security:exception-translation id="exceptionTranslationFilter">
|
||||
<security:access-denied accessDeniedBeanRef="theBeanToUse" />
|
||||
<security:entry-point
|
||||
entryPointBeanRef="authenticationProcessingFilterEntryPoint" />
|
||||
</security:exception-translation>
|
||||
|
||||
<bean id="theBeanToUse"
|
||||
class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
|
||||
<property name="errorPage" value="/accessDenied.jsp" />
|
||||
</bean>
|
||||
|
||||
<bean id="authenticationProcessingFilterEntryPoint"
|
||||
class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
|
||||
<property name="loginFormUrl">
|
||||
<value>/acegilogin.jsp</value>
|
||||
</property>
|
||||
<property name="forceHttps">
|
||||
<value>false</value>
|
||||
</property>
|
||||
</bean>
|
||||
</beans>
|
||||
@ -0,0 +1,34 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<beans xmlns="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns:security="http://www.springframework.org/schema/security"
|
||||
xmlns:util="http://www.springframework.org/schema/util"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
|
||||
http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
|
||||
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
|
||||
|
||||
<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
|
||||
<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
|
||||
|
||||
<!-- If LogoutFilter does not have setHandlers populated, introspect app ctx for LogoutHandlers, using Ordered (if present, otherwise assume Integer.MAX_VALUE) -->
|
||||
<!-- The logoutUrl and redirectAfterLogout are both optional and default to that shown -->
|
||||
<security:logout-support id="logoutFilter" logoutUrl="/logout" redirectAfterLogoutUrl="/"/>
|
||||
|
||||
|
||||
|
||||
<security:authentication-remember-me-services
|
||||
id="rememberMeServices" key="someValue" />
|
||||
|
||||
<bean id="SecurityContextLogoutHandler"
|
||||
class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler" />
|
||||
|
||||
<security:principal-repository id="userDetailsService">
|
||||
<security:user-definition username="vishal"
|
||||
password="nottellingya" enabled="true">
|
||||
<security:granted-authority authority="ROLE_YO" />
|
||||
<security:granted-authority authority="ROLE_YOYO" />
|
||||
<!-- TODO: <security:granted-authority-ref authorityBeanRef="fooBarAuthority"/>-->
|
||||
</security:user-definition>
|
||||
</security:principal-repository>
|
||||
</beans>
|
||||
@ -0,0 +1,44 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<beans xmlns="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns:security="http://www.springframework.org/schema/security"
|
||||
xmlns:util="http://www.springframework.org/schema/util"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
|
||||
http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
|
||||
http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd">
|
||||
|
||||
<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
|
||||
<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
|
||||
|
||||
<!-- userDetailsService, This is used if they want an out-of-the-bx UserDetailsService; if they write their own, this goes away and they wire a legacy bean definition and then the various
|
||||
beans depending on a UserDetailsService will auto-detect it at runtime OR provide a way of setUserDetailsService(UserDetailsService) if to specified explicitly.
|
||||
If they fail to provide a repository, the security-autodetect will set one up for them with a few basic in-memory users and pwds -->
|
||||
|
||||
<!--<security:security-autoconfig/> -->
|
||||
|
||||
<security:principal-repository id="userDetailsService">
|
||||
<security:jdbc dataSourceBeanRef="dataSource"/>
|
||||
</security:principal-repository>
|
||||
|
||||
<bean id="dataSource"
|
||||
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
|
||||
<property name="driverClassName">
|
||||
<value>org.hsqldb.jdbcDriver</value>
|
||||
</property>
|
||||
<property name="url">
|
||||
<value>jdbc:hsqldb:mem:test</value>
|
||||
<!-- <value>jdbc:hsqldb:hsql://localhost/acl</value> -->
|
||||
</property>
|
||||
<property name="username">
|
||||
<value>sa</value>
|
||||
</property>
|
||||
<property name="password">
|
||||
<value></value>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<!--<bean id="jdbcTemplate" class="org.springframework.jdbc.core.JdbcTemplate">
|
||||
<property name="dataSource" ref="dataSource"></property>
|
||||
</bean>-->
|
||||
</beans>
|
||||
@ -0,0 +1,22 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<beans xmlns="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns:security="http://www.springframework.org/schema/security"
|
||||
xmlns:util="http://www.springframework.org/schema/util"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
|
||||
http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
|
||||
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
|
||||
|
||||
<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
|
||||
<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
|
||||
|
||||
<!-- userDetailsService, This is used if they want an out-of-the-bx UserDetailsService; if they write their own, this goes away and they wire a legacy bean definition and then the various
|
||||
beans depending on a UserDetailsService will auto-detect it at runtime OR provide a way of setUserDetailsService(UserDetailsService) if to specified explicitly.
|
||||
If they fail to provide a repository, the security-autodetect will set one up for them with a few basic in-memory users and pwds -->
|
||||
|
||||
<security:principal-repository id="userDetailsService">
|
||||
<security:properties resource="classpath:org/acegisecurity/config/user.properties"/>
|
||||
</security:principal-repository>
|
||||
|
||||
</beans>
|
||||
@ -0,0 +1,28 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<beans xmlns="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns:security="http://www.springframework.org/schema/security"
|
||||
xmlns:util="http://www.springframework.org/schema/util"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
|
||||
http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
|
||||
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
|
||||
|
||||
<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
|
||||
<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
|
||||
|
||||
<!-- userDetailsService, This is used if they want an out-of-the-bx UserDetailsService; if they write their own, this goes away and they wire a legacy bean definition and then the various
|
||||
beans depending on a UserDetailsService will auto-detect it at runtime OR provide a way of setUserDetailsService(UserDetailsService) if to specified explicitly.
|
||||
If they fail to provide a repository, the security-autodetect will set one up for them with a few basic in-memory users and pwds -->
|
||||
|
||||
<security:principal-repository id="userDetailsService">
|
||||
<security:user-definition username="vishal" password="nottellingya" enabled="true">
|
||||
<security:granted-authority authority="ROLE_YO"/>
|
||||
<security:granted-authority authority="ROLE_YOYO"/>
|
||||
<!-- TODO: <security:granted-authority-ref authorityBeanRef="fooBarAuthority"/>-->
|
||||
</security:user-definition>
|
||||
</security:principal-repository>
|
||||
|
||||
<!-- TODO: <security:granted-authority id="fooBarAuthority" authority="ROLE_FOOBAR"/> -->
|
||||
|
||||
</beans>
|
||||
@ -0,0 +1,76 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<beans xmlns="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns:security="http://www.springframework.org/schema/security"
|
||||
xmlns:util="http://www.springframework.org/schema/util"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
|
||||
http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
|
||||
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
|
||||
|
||||
<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
|
||||
<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
|
||||
|
||||
<!-- ======================== AUTHENTICATION ======================= -->
|
||||
|
||||
<!-- makes the filter, but does little else, as it auto-detects everything -->
|
||||
<security:authentication-remember-me-filter id="rememberMeFilter" rememberMeServicesBeanRef="rememberMeServices" />
|
||||
|
||||
<!-- services should auto-detect UserDetails from app ctx if principalRepository was not specified; -->
|
||||
<!-- key is optional; if unspecified, in the NamespaceHandler pick a rnd int and use for all unspecified key properties for acegi beans -->
|
||||
<security:authentication-remember-me-services
|
||||
id="rememberMeServices" key="someValue"
|
||||
principalRepositoryBeanRef="userDetailsService" />
|
||||
|
||||
<!-- The rules are:
|
||||
AuthenticationManager interface is implemented by ProviderManager
|
||||
So if you have any auto-detection, create a ProviderManager definition
|
||||
If ProviderManager.setProvider(List) is never called, auto-detect all AuthenticationProviders from app ctx, using Ordered to resolve their order
|
||||
Every authentication mechanism OR provider must start with security:authentication-something
|
||||
Use appropriate attrs and elements depending on provider or mechanism
|
||||
-->
|
||||
<!-- make it optional, if not supplied autodetect all auth-providers from app ctx, using Ordered to resolve their order -->
|
||||
<security:authentication-mechanism id="authenticationManager">
|
||||
<security:authentication-jdbc ref="authenticationRepository"/>
|
||||
</security:authentication-mechanism>
|
||||
|
||||
|
||||
<!--<bean id="authenticationManager"
|
||||
class="org.acegisecurity.providers.ProviderManager">
|
||||
|
||||
<property name="providers">
|
||||
<list>
|
||||
<ref local="authenticationRepository" />
|
||||
</list>
|
||||
</property>
|
||||
</bean>-->
|
||||
|
||||
<!-- dao authentication provider -->
|
||||
<security:authentication-repository id="authenticationRepository" />
|
||||
|
||||
|
||||
|
||||
<bean id="userDetailsService"
|
||||
class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
|
||||
<property name="dataSource">
|
||||
<ref bean="dataSource" />
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<bean id="dataSource"
|
||||
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
|
||||
<property name="driverClassName">
|
||||
<value>org.hsqldb.jdbcDriver</value>
|
||||
</property>
|
||||
<property name="url">
|
||||
<value>jdbc:hsqldb:mem:test</value>
|
||||
<!-- <value>jdbc:hsqldb:hsql://localhost/acl</value> -->
|
||||
</property>
|
||||
<property name="username">
|
||||
<value>sa</value>
|
||||
</property>
|
||||
<property name="password">
|
||||
<value></value>
|
||||
</property>
|
||||
</bean>
|
||||
</beans>
|
||||
@ -0,0 +1,21 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<beans xmlns="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns:security="http://www.springframework.org/schema/security"
|
||||
xmlns:util="http://www.springframework.org/schema/util"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
|
||||
http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
|
||||
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
|
||||
|
||||
<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
|
||||
<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
|
||||
|
||||
|
||||
<!-- introspect all bean definitions for an explicit object of a "required" type, and if not found, add it. You can turn OFF ones you dont want added via attributes -->
|
||||
<security:security-autoconfig exceptionTranslation="disable"
|
||||
sessionContextIntegration="disable" logoutSupport="disable"
|
||||
filterChain="disable" servletRequestEmulation="disabled"
|
||||
anonyomousRoleGranter="disabled" />
|
||||
|
||||
</beans>
|
||||
@ -0,0 +1,183 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<beans xmlns="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns:security="http://www.springframework.org/schema/security"
|
||||
xmlns:util="http://www.springframework.org/schema/util"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
|
||||
http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
|
||||
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
|
||||
|
||||
<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
|
||||
<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
|
||||
|
||||
<!-- introspect all bean definitions for an explicit object of a "required" type, and if not found, add it. You can turn OFF ones you dont want added via attributes -->
|
||||
<security:security-autoconfig exceptionTranslation="disable"
|
||||
sessionContextIntegration="disable" logoutSupport="disable"
|
||||
filterChain="disable" servletRequestEmulation="disabled"
|
||||
anonyomousRoleGranter="disabled" />
|
||||
|
||||
<!-- autodetect attribute is the default, and an exception is thrown if false, as the expectation is they will write their own legacy <beans> format
|
||||
FilterChainProxy bean definition is dissatisfied with the auto approach. The auto approach simply creates a bean definition similar to that shown
|
||||
below with the AUTODETECT_ALL_ORDERED_FILTERs. As suggested, this causes a runtime check of app ctx for all javax.servlet.Filter instances, and
|
||||
for each that also implemented Ordered, these are automatically applied to the pattern shown (which is **/* in the case of autodetect=true).*-->
|
||||
<security:filter-chain id="id" />
|
||||
<bean id="dcdc" class="FilterChainProxy">
|
||||
<property name="chainConfig">
|
||||
<value>
|
||||
**/*=AUTODETECT_ALL_ORDERED_FILTERS
|
||||
**/*=filter1,filter2,filter3
|
||||
</value>
|
||||
</property>
|
||||
</bean>
|
||||
<!-- also provide an OrderedFilterAdapter, impls Filter and Ordered, and can be configured declaratively in Spring XML (eg SiteMesh), setOrder, setDelegate(Filter object) -->
|
||||
|
||||
<!-- creates a bean definition for an AccessDecisionManager; strategy defaults to AffirmativeBased;
|
||||
superclass AbstractAccessDecisionManager requires refactoring so if no setProvider(List) given, it introspects app ctx for all AccessDecisionVoters
|
||||
and uses their Ordered interface to apply them; if one doesn't implement Ordered, assume it is Integer.MAX_VALUE -->
|
||||
<security:authorization-manager id="id"
|
||||
strategy="consensus|unanimous|affirmative" />t
|
||||
|
||||
<!-- ======================== AUTHENTICATION ======================= -->
|
||||
|
||||
<!-- sessionCreation defaults to ifRequired. -->
|
||||
<security:session-context-integration
|
||||
id="httpSessionContextIntegrationFilter"
|
||||
sessionCreation="never|ifRequired|always" />
|
||||
|
||||
<!-- The rules are:
|
||||
AuthenticationManager interface is implemented by ProviderManager
|
||||
So if you have any auto-detection, create a ProviderManager definition
|
||||
If ProviderManager.setProvider(List) is never called, auto-detect all AuthenticationProviders from app ctx, using Ordered to resolve their order
|
||||
Every authentication mechanism OR provider must start with security:authentication-something
|
||||
Use appropriate attrs and elements depending on provider or mechanism
|
||||
-->
|
||||
<security:authentication-repository id="id"
|
||||
repositoryBeanRef="beanIdOfRepositoryIfUnspecifiedAutoDetectTheirUserDetailsInstance">
|
||||
<security:salt-source
|
||||
saltSourceBeanRef="beanRefOfAnExternalEncoder" />
|
||||
<!-- or allow it to be written inline as an inner bean -->
|
||||
<security:password-encoder
|
||||
encoder="md5|md5Hex|sha|shaHex|custom"
|
||||
encoderBeanRef="beanRefOfAnExternalEncoder" />
|
||||
<!-- same story here, inner beans allowed -->
|
||||
</security:authentication-repository>
|
||||
|
||||
<security:salt-source>
|
||||
<security:system-wide systemWideSalt="12345" />
|
||||
<security-reflection userPropertyToUse="sss" />
|
||||
</security:salt-source>
|
||||
|
||||
|
||||
<!-- the URLs are all mandatory and have no defaults (well, except authenticationUrl) -->
|
||||
<security:authentication-form id="id" authenticationUrl="/login"
|
||||
loginFormUrl="/login.html" errorFormUrl="error.html" />
|
||||
|
||||
<!-- AuthenticationEntryPoints handled across the system via Ordered interface; every Acegi entry point has an order; the highest order wins and
|
||||
is used as the entry point by ExceptionTranslationFilter; for things like BasicAuthenticationfilter, they're smart enough to know they need a
|
||||
BasicAuthenticationProcessingFilterEntryPoint, so they use that one; here we have an entryPointOrder to say when we make the BasicEntryPoint,
|
||||
we will call setOrder(2) such that this app effectively will use somehing with a higher order as the app-wide default -->
|
||||
<security:authentication-basic id="id"
|
||||
realmName="Spring Security Application" entryPointOrder="2" />
|
||||
|
||||
<!-- This is used if they want an out-of-the-bx UserDetailsService; if they write their own, this goes away and they wire a legacy bean definition and then the various
|
||||
beans depending on a UserDetailsService will auto-detect it at runtime OR provide a way of setUserDetailsService(UserDetailsService) if to specified explicitly.
|
||||
If they fail to provide a repository, the security-autodetect will set one up for them with a few basic in-memory users and pwds -->
|
||||
<security:principal-repository id="id">
|
||||
<security:ldap
|
||||
x="you can do the attributes and suitable nested elements" />
|
||||
<security:jdbc
|
||||
x="you can do the attributes and suitable nested elements" />
|
||||
<security:properties
|
||||
location="resourceStringToPropertiesFile">
|
||||
<!-- if they specify a resource attrib, that means throw exception if they nest some user-definition data) -->
|
||||
<security:user-definition username="ben"
|
||||
password="nottellingYou" enabled="true"
|
||||
it="more stuff if you want">
|
||||
<security:granted-authority authority="ROLE_ANONYMOUS" />
|
||||
<ref bean="fooBarAuthority" />
|
||||
</security:user-definition>
|
||||
</security:properties>
|
||||
</security:principal-repository>
|
||||
|
||||
<!-- makes the filter, but does little else, as it auto-detects everything -->
|
||||
<security:authentication-remember-me-filter id="id"
|
||||
rememberMeServicesBeanRef="theId" />
|
||||
|
||||
<!-- services should auto-detect UserDetails from app ctx if principalRepository was not specified; key is handled in same way as discussed earlier -->
|
||||
<security:authentication-remember-me-services id="id"
|
||||
key="someValue" principalRepositoryBeanRef="jdbcDaoImpl" />
|
||||
|
||||
<!-- key is optional; if unspecified, in the NamespaceHandler pick a rnd int and use for all unspecified key properties for acegi beans -->
|
||||
<security:anonymous-role-granter id="id" key="someValue">
|
||||
<security:granted-authority authority="ROLE_ANONYMOUS" />
|
||||
<ref bean="fooBarAuthority" />
|
||||
</security:anonymous-role-granter>
|
||||
|
||||
<security:granted-authority id="fooBarAuthority"
|
||||
authority="ROLE_FOOBAR" />
|
||||
|
||||
<!-- If LogoutFilter does not have setHandlers populated, introspect app ctx for LogoutHandlers, using Ordered (if present, otherwise assume Integer.MAX_VALUE) -->
|
||||
<!-- The logoutUrl and redirectAfterLogout are both optional and default to that shown -->
|
||||
<security:logout-support id="logoutFilter"
|
||||
redirectAfterLogoutUrl="/" logoutUrl="/logout" />
|
||||
|
||||
|
||||
<!-- ===================== HTTP CHANNEL REQUIREMENTS ==================== -->
|
||||
|
||||
<!-- channel security out of scope; they use existing bean definition format; the channel filter will auto-detect and use Ordered interface as discussed above -->
|
||||
|
||||
<!-- any kind of ACL support is out of scope; frankly it is too hard for 1.1.0 -->
|
||||
|
||||
<!-- ensure element name is not overlapping with portlet or spring web flow or tapestry URI patterns, as this filter is incompatible with them -->
|
||||
<security:authorization-http-url>
|
||||
<security:url-mapping
|
||||
source="xml - the default and no other options"
|
||||
sourceBeanId="referenceToTheirObjectDefinitionSource">
|
||||
<!-- Specify security:uri-patterns in order of processing; each pattern must specify EITHER a regularExpression OR a path, but not both
|
||||
and ALL patterns in the url-mapping MUST be of the SAME type (ie cannot mix a regular expression and Ant Path) - give exception if tried -->
|
||||
<security:uri-pattern path="/index.jsp"
|
||||
regularExpression="whatever">
|
||||
<security:configuration-attribute attribute="ROLE_A" />
|
||||
<ref
|
||||
bean="someExternalConfigurationAttributeThatIsATopLevelBean" />
|
||||
</security:uri-pattern>
|
||||
<security:uri-pattern path="/**"
|
||||
regularExperssion="whatever">
|
||||
<security:configuration-attribute attribute="ROLE_A" />
|
||||
<ref
|
||||
bean="someExternalConfigurationAttributeThatIsATopLevelBean" />
|
||||
</security:uri-pattern>
|
||||
</security:url-mapping>
|
||||
</security:authorization-http-url>
|
||||
|
||||
<!-- the source refers to use of the relevant concete ObjectDefinitionSource; user can alternately specify their own instance and refer to it
|
||||
via the sourceBeanId property; in that case they must specify "custom"; if unspecified, it means it's described as nested elements using the
|
||||
security:method-pattern element, and you will therefore create it via the MethodDefinitionSourceEditor (that is what the default source=xml means, too)
|
||||
For aspectj and springAop, that means create a MethodSecurityInterceptor and AspectJSecurityInterceptor bean definition respectively (in the case of
|
||||
springAop, also create a MethodDefinitionSourceAdvisor); defaults to springAop=true, aspectJ=false -->
|
||||
<security:authorization-joinpoint aspectj="false|true"
|
||||
springAop="true|false">
|
||||
<security:url-mapping source="custom|xml|attributes|annotations"
|
||||
sourceBeanId="referenceToTheirObjectDefinitionSource">
|
||||
<security:method-pattern
|
||||
type="com.foo.Bar.whateverMethodNamePattern">
|
||||
<security:configuration-attribute attribute="ROLE_A" />
|
||||
<ref
|
||||
bean="someExternalConfigurationAttributeThatIsATopLevelBean" />
|
||||
</security:method-pattern>
|
||||
</security:url-mapping>
|
||||
<!-- if get time, do a new security:pointcut-pattern -->
|
||||
</security:authorization-joinpoint>
|
||||
|
||||
|
||||
<!-- Basically accessDeniedUrl is optional, we if unspecified impl will auto-detect any AccessDeniedHandler in ctx and use it;
|
||||
alternately if there are > 1 such handlers, we can nominate the one to use via accessDeniedBeanRef; provide nested elements for
|
||||
other props; i do not mind if you move the access denied stuff to a sub-element -->
|
||||
<security:exception-translation id="id"
|
||||
accessDeniedUrl="/accessDenied.jsp"
|
||||
accessDeniedBeanRef="theBeanToUse">
|
||||
<security:entry-point path="/acegilogin.jsp" https="boolean" />
|
||||
</security:exception-translation>
|
||||
|
||||
</beans>
|
||||
@ -0,0 +1,63 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<beans xmlns="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns:security="http://www.springframework.org/schema/security"
|
||||
xmlns:util="http://www.springframework.org/schema/util"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
|
||||
http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
|
||||
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
|
||||
|
||||
<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
|
||||
<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
|
||||
|
||||
<!-- ======================== AUTHENTICATION ======================= -->
|
||||
|
||||
<!-- sessionCreation defaults to ifRequired(true) always(true) never(false) . -->
|
||||
<security:session-context-integration id="httpSessionContextIntegrationFilter" sessionCreation="never" />
|
||||
|
||||
<!-- The rules are:
|
||||
AuthenticationManager interface is implemented by ProviderManager
|
||||
So if you have any auto-detection, create a ProviderManager definition
|
||||
If ProviderManager.setProvider(List) is never called, auto-detect all AuthenticationProviders from app ctx, using Ordered to resolve their order
|
||||
Every authentication mechanism OR provider must start with security:authentication-something
|
||||
Use appropriate attrs and elements depending on provider or mechanism
|
||||
-->
|
||||
|
||||
|
||||
<!-- Case 1
|
||||
<security:authentication-repository id="id" repositoryBeanRef="userDetails">
|
||||
<security:salt-source
|
||||
saltSourceBeanRef="beanRefOfAnExternalEncoder" />
|
||||
or allow it to be written inline as an inner bean
|
||||
<security:password-encoder
|
||||
encoder="md5|md5Hex|sha|shaHex|custom"
|
||||
encoderBeanRef="beanRefOfAnExternalEncoder" />
|
||||
same story here, inner beans allowed
|
||||
</security:authentication-repository>
|
||||
|
||||
<bean id="userDetails" class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
|
||||
<property name="dataSource"><ref bean="dataSource"/></property>
|
||||
</bean>
|
||||
|
||||
Case 2: autodetect userDetails
|
||||
<security:authentication-repository id="id">
|
||||
<security:salt-source
|
||||
saltSourceBeanRef="beanRefOfAnExternalEncoder" />
|
||||
or allow it to be written inline as an inner bean
|
||||
<security:password-encoder
|
||||
encoder="md5|md5Hex|sha|shaHex|custom"
|
||||
encoderBeanRef="beanRefOfAnExternalEncoder" />
|
||||
same story here, inner beans allowed
|
||||
</security:authentication-repository>
|
||||
|
||||
Case 3: inner beans
|
||||
<security:authentication-repository id="id"
|
||||
ref="userDetails">
|
||||
<security:salt-source propertyName="propertyValue" />
|
||||
or allow it to be written inline as an inner bean
|
||||
<security:password-encoder encoder="md5" />
|
||||
same story here, inner beans allowed
|
||||
</security:authentication-repository>
|
||||
--></beans>
|
||||
|
||||
@ -0,0 +1,2 @@
|
||||
vishal=ity,ROLE_ADMIN
|
||||
ity=vishal,ROLE_TELLER
|
||||
Loading…
x
Reference in New Issue
Block a user