Create a NullRunAsManager, which is used by default by the AbstractSecurityInterceptor.

core/src/main/java/org/acegisecurity/intercept/AbstractSecurityInterceptor.java

@@ -25,6 +25,7 @@ import net.sf.acegisecurity.RunAsManager;
 import net.sf.acegisecurity.context.Context;
 import net.sf.acegisecurity.context.ContextHolder;
 import net.sf.acegisecurity.context.SecureContext;
+import net.sf.acegisecurity.runas.NullRunAsManager;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
@@ -124,7 +125,7 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean {
 
     private AccessDecisionManager accessDecisionManager;
     private AuthenticationManager authenticationManager;
-    private RunAsManager runAsManager;
+    private RunAsManager runAsManager = new NullRunAsManager();
     private boolean validateConfigAttributes = true;
 
     //~ Methods ================================================================

core/src/main/java/org/acegisecurity/runas/NullRunAsManager.java

@@ -0,0 +1,50 @@
+/* Copyright 2004 Acegi Technology Pty Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package net.sf.acegisecurity.runas;
+
+import net.sf.acegisecurity.Authentication;
+import net.sf.acegisecurity.ConfigAttribute;
+import net.sf.acegisecurity.ConfigAttributeDefinition;
+import net.sf.acegisecurity.RunAsManager;
+
+
+/**
+ * Implementation of a {@link RunAsManager} that does nothing.
+ * 
+ * <p>
+ * This class should be used if you do not require run-as authenticaiton
+ * replacement functionality.
+ * </p>
+ *
+ * @author Ben Alex
+ * @version $Id$
+ */
+public class NullRunAsManager implements RunAsManager {
+    //~ Methods ================================================================
+
+    public Authentication buildRunAs(Authentication authentication,
+        Object object, ConfigAttributeDefinition config) {
+        return null;
+    }
+
+    public boolean supports(ConfigAttribute attribute) {
+        return false;
+    }
+
+    public boolean supports(Class clazz) {
+        return true;
+    }
+}

core/src/test/java/org/acegisecurity/intercept/method/MethodSecurityInterceptorTests.java

@@ -36,6 +36,7 @@ import net.sf.acegisecurity.context.SecureContext;
 import net.sf.acegisecurity.context.SecureContextImpl;
 import net.sf.acegisecurity.intercept.SecurityInterceptorCallback;
 import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;
+import net.sf.acegisecurity.runas.RunAsManagerImpl;
 
 import org.aopalliance.intercept.MethodInvocation;
 
@@ -336,7 +337,6 @@ public class MethodSecurityInterceptorTests extends TestCase {
     public void testStartupCheckForMethodDefinitionSource() {
         MethodSecurityInterceptor si = new MethodSecurityInterceptor();
         si.setAccessDecisionManager(new MockAccessDecisionManager());
-        si.setRunAsManager(new MockRunAsManager());
         si.setAuthenticationManager(new MockAuthenticationManager());
 
         try {
@@ -352,6 +352,7 @@ public class MethodSecurityInterceptorTests extends TestCase {
         MethodSecurityInterceptor si = new MethodSecurityInterceptor();
         si.setAccessDecisionManager(new MockAccessDecisionManager());
         si.setAuthenticationManager(new MockAuthenticationManager());
+        si.setRunAsManager(null); // Overriding the default
 
         si.setObjectDefinitionSource(new MockMethodDefinitionSource(false, true));
 
@@ -366,8 +367,8 @@ public class MethodSecurityInterceptorTests extends TestCase {
     public void testValidationFailsIfInvalidAttributePresented() {
         MethodSecurityInterceptor si = new MethodSecurityInterceptor();
         si.setAccessDecisionManager(new MockAccessDecisionManager());
-        si.setRunAsManager(new MockRunAsManager());
         si.setAuthenticationManager(new MockAuthenticationManager());
+        si.setRunAsManager(new RunAsManagerImpl());
 
         assertTrue(si.isValidateConfigAttributes()); // check default
         si.setObjectDefinitionSource(new MockMethodDefinitionSource(true, true));
@@ -384,7 +385,6 @@ public class MethodSecurityInterceptorTests extends TestCase {
     public void testValidationNotAttemptedIfIsValidateConfigAttributesSetToFalse() {
         MethodSecurityInterceptor si = new MethodSecurityInterceptor();
         si.setAccessDecisionManager(new MockAccessDecisionManager());
-        si.setRunAsManager(new MockRunAsManager());
         si.setAuthenticationManager(new MockAuthenticationManager());
 
         assertTrue(si.isValidateConfigAttributes()); // check default

core/src/test/java/org/acegisecurity/intercept/method/MockMethodDefinitionSource.java

@@ -57,7 +57,7 @@ public class MockMethodDefinitionSource extends AbstractMethodDefinitionSource {
 
         ConfigAttributeDefinition def3 = new ConfigAttributeDefinition();
         def3.addConfigAttribute(new SecurityConfig("MOCK_UPPER"));
-        def3.addConfigAttribute(new SecurityConfig("RUN_AS"));
+        def3.addConfigAttribute(new SecurityConfig("RUN_AS_"));
         list.add(def3);
 
         if (includeInvalidAttributes) {

core/src/test/java/org/acegisecurity/runas/NullRunAsManagerTests.java

@@ -0,0 +1,64 @@
+/* Copyright 2004 Acegi Technology Pty Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package net.sf.acegisecurity.runas;
+
+import junit.framework.TestCase;
+
+import net.sf.acegisecurity.SecurityConfig;
+
+
+/**
+ * Tests {@link NullRunAsManager}.
+ *
+ * @author Ben Alex
+ * @version $Id$
+ */
+public class NullRunAsManagerTests extends TestCase {
+    //~ Constructors ===========================================================
+
+    public NullRunAsManagerTests() {
+        super();
+    }
+
+    public NullRunAsManagerTests(String arg0) {
+        super(arg0);
+    }
+
+    //~ Methods ================================================================
+
+    public final void setUp() throws Exception {
+        super.setUp();
+    }
+
+    public static void main(String[] args) {
+        junit.textui.TestRunner.run(NullRunAsManagerTests.class);
+    }
+
+    public void testAlwaysReturnsNull() {
+        NullRunAsManager runAs = new NullRunAsManager();
+        assertNull(runAs.buildRunAs(null, null, null));
+    }
+
+    public void testAlwaysSupportsClass() {
+        NullRunAsManager runAs = new NullRunAsManager();
+        assertTrue(runAs.supports(String.class));
+    }
+
+    public void testNeverSupportsAttribute() {
+        NullRunAsManager runAs = new NullRunAsManager();
+        assertFalse(runAs.supports(new SecurityConfig("X")));
+    }
+}

samples/quick-start/war-root/WEB-INF/applicationContext.xml

@@ -32,7 +32,6 @@
 	<bean id="filterInvocationInterceptor" class="net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor">
     	<property name="authenticationManager"><ref bean="authenticationManager"/></property>
     	<property name="accessDecisionManager"><ref bean="accessDecisionManager"/></property>
-    	<property name="runAsManager"><ref bean="runAsManager"/></property>
  		<property name="objectDefinitionSource">
 			<value>
 			    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
@@ -50,18 +49,9 @@
 		<property name="key"><value>my_password</value></property>
 	</bean>
 
-	<bean id="runAsManager" class="net.sf.acegisecurity.runas.RunAsManagerImpl">
-     	<property name="key"><value>my_run_as_password</value></property>
- 	</bean>
-
-	<bean id="runAsAuthenticationProvider" class="net.sf.acegisecurity.runas.RunAsImplAuthenticationProvider">
-     	<property name="key"><value>my_run_as_password</value></property>
- 	</bean>
-
 	<bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager">
 		<property name="providers">
 		  <list>
-		    <ref bean="runAsAuthenticationProvider"/>
 		    <ref bean="daoAuthenticationProvider"/>
 		  </list>
 		</property>