SEC-73: Support storage and retrieval of actual Principal object (such as UserDetails) from PrnicipalAcegiUserToken.

2005-11-25 00:26:30 +00:00 · 2005-11-25 00:26:30 +00:00 · 72256a225f
parent 7847af2664
commit 72256a225f
11 changed files with 89 additions and 56 deletions
--- a/adapters/catalina/src/main/java/org/acegisecurity/adapters/catalina/CatalinaAcegiUserRealm.java
+++ b/adapters/catalina/src/main/java/org/acegisecurity/adapters/catalina/CatalinaAcegiUserRealm.java
@ -1,4 +1,4 @@
-/* Copyright 2004 Acegi Technology Pty Limited
+/* Copyright 2004, 2005 Acegi Technology Pty Limited
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -18,7 +18,9 @@ package org.acegisecurity.adapters.catalina;
 import org.acegisecurity.Authentication;
 import org.acegisecurity.AuthenticationException;
 import org.acegisecurity.AuthenticationManager;
 import org.acegisecurity.adapters.PrincipalAcegiUserToken;
 import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
 import org.apache.catalina.Container;
@ -108,7 +110,8 @@ public class CatalinaAcegiUserRealm extends RealmBase {
        return new PrincipalAcegiUserToken(this.key,
            response.getPrincipal().toString(),
-            response.getCredentials().toString(), response.getAuthorities());
+            response.getCredentials().toString(), response.getAuthorities(),
            response.getPrincipal());
    }
    public Principal authenticate(String username, byte[] credentials) {
--- a/adapters/catalina/src/test/java/org/acegisecurity/adapters/catalina/CatalinaAcegiUserRealmTests.java
+++ b/adapters/catalina/src/test/java/org/acegisecurity/adapters/catalina/CatalinaAcegiUserRealmTests.java
@ -1,4 +1,4 @@
-/* Copyright 2004 Acegi Technology Pty Limited
+/* Copyright 2004, 2005 Acegi Technology Pty Limited
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -19,6 +19,7 @@ import junit.framework.TestCase;
 import org.acegisecurity.GrantedAuthority;
 import org.acegisecurity.GrantedAuthorityImpl;
 import org.acegisecurity.adapters.PrincipalAcegiUserToken;
 import org.apache.catalina.LifecycleException;
@ -260,7 +261,7 @@ public class CatalinaAcegiUserRealmTests extends TestCase {
        PrincipalAcegiUserToken token = new PrincipalAcegiUserToken("KEY",
                "Test", "Password",
                new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
-                        "ROLE_TWO")});
+                        "ROLE_TWO")}, null);
        CatalinaAcegiUserRealm adapter = new CatalinaAcegiUserRealm();
        assertTrue(adapter.hasRole(token, "ROLE_ONE"));
        assertTrue(adapter.hasRole(token, "ROLE_TWO"));
--- a/adapters/jboss/src/main/java/org/acegisecurity/adapters/jboss/JbossAcegiLoginModule.java
+++ b/adapters/jboss/src/main/java/org/acegisecurity/adapters/jboss/JbossAcegiLoginModule.java
@ -12,6 +12,7 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package org.acegisecurity.adapters.jboss;
 import org.acegisecurity.AccountExpiredException;
@ -19,7 +20,9 @@ import org.acegisecurity.Authentication;
 import org.acegisecurity.AuthenticationException;
 import org.acegisecurity.AuthenticationManager;
 import org.acegisecurity.CredentialsExpiredException;
 import org.acegisecurity.adapters.PrincipalAcegiUserToken;
 import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
 import org.jboss.security.SimpleGroup;
@ -61,11 +64,15 @@ import javax.security.auth.login.LoginException;
 * @version $Id$
 */
 public class JbossAcegiLoginModule extends AbstractServerLoginModule {
    //~ Instance fields ========================================================
    private AuthenticationManager authenticationManager;
    private Principal identity;
    private String key;
    private char[] credential;
    //~ Methods ================================================================
    public void initialize(Subject subject, CallbackHandler callbackHandler,
        Map sharedState, Map options) {
        super.initialize(subject, callbackHandler, sharedState, options);
@ -84,8 +91,8 @@ public class JbossAcegiLoginModule extends AbstractServerLoginModule {
        String appContextLocation = (String) options.get("appContextLocation");
-        if ((((singletonId == null) || "".equals(singletonId)) &&
+        if ((((singletonId == null) || "".equals(singletonId))
-                (appContextLocation == null)) || "".equals(appContextLocation)) {
+            && (appContextLocation == null)) || "".equals(appContextLocation)) {
            throw new IllegalArgumentException(
                "appContextLocation must be defined");
        }
@ -99,8 +106,8 @@ public class JbossAcegiLoginModule extends AbstractServerLoginModule {
                    super.log.info("cannot locate " + appContextLocation);
                }
-                throw new IllegalArgumentException("Cannot locate " +
+                throw new IllegalArgumentException("Cannot locate "
-                    appContextLocation);
+                    + appContextLocation);
            }
        }
@ -111,13 +118,13 @@ public class JbossAcegiLoginModule extends AbstractServerLoginModule {
                ctx = new ClassPathXmlApplicationContext(appContextLocation);
            } catch (Exception e) {
                if (super.log.isInfoEnabled()) {
-                    super.log.info("error loading spring context " +
+                    super.log.info("error loading spring context "
-                        appContextLocation + " " + e);
+                        + appContextLocation + " " + e);
                }
                throw new IllegalArgumentException(
-                    "error loading spring context " + appContextLocation + " " +
+                    "error loading spring context " + appContextLocation + " "
-                    e);
+                    + e);
            }
        } else {
            if (super.log.isInfoEnabled()) {
@ -130,12 +137,11 @@ public class JbossAcegiLoginModule extends AbstractServerLoginModule {
            if (ctx == null) {
                if (super.log.isInfoEnabled()) {
-                    super.log.info("singleton " + beanName +
+                    super.log.info("singleton " + beanName + " does not exists");
                        " does not exists");
                }
-                throw new IllegalArgumentException("singleton " + singletonId +
+                throw new IllegalArgumentException("singleton " + singletonId
-                    " does not exists");
+                    + " does not exists");
            }
        }
@ -178,8 +184,8 @@ public class JbossAcegiLoginModule extends AbstractServerLoginModule {
        if ((username == null) && (password == null)) {
            identity = null;
-            super.log.trace("Authenticating as unauthenticatedIdentity=" +
+            super.log.trace("Authenticating as unauthenticatedIdentity="
-                identity);
+                + identity);
        }
        if (username == null) {
@ -239,7 +245,7 @@ public class JbossAcegiLoginModule extends AbstractServerLoginModule {
            identity = new PrincipalAcegiUserToken(this.key,
                    response.getName(), response.getCredentials().toString(),
-                    response.getAuthorities());
+                    response.getAuthorities(), response.getPrincipal());
        }
        if (getUseFirstPass() == true) {
@ -249,8 +255,8 @@ public class JbossAcegiLoginModule extends AbstractServerLoginModule {
        }
        super.loginOk = true;
-        super.log.trace("User '" + identity + "' authenticated, loginOk=" +
+        super.log.trace("User '" + identity + "' authenticated, loginOk="
-            loginOk);
+            + loginOk);
        return true;
    }
@ -280,8 +286,8 @@ public class JbossAcegiLoginModule extends AbstractServerLoginModule {
        // prompt for a username and password
        if (callbackHandler == null) {
-            throw new LoginException("Error: no CallbackHandler available " +
+            throw new LoginException("Error: no CallbackHandler available "
-                "to collect authentication information");
+                + "to collect authentication information");
        }
        NameCallback nc = new NameCallback("User name: ", "guest");
@ -306,8 +312,8 @@ public class JbossAcegiLoginModule extends AbstractServerLoginModule {
        } catch (java.io.IOException ioe) {
            throw new LoginException(ioe.toString());
        } catch (UnsupportedCallbackException uce) {
-            throw new LoginException("CallbackHandler does not support: " +
+            throw new LoginException("CallbackHandler does not support: "
-                uce.getCallback());
+                + uce.getCallback());
        }
        info[0] = username;
--- a/adapters/jboss/src/test/java/org/acegisecurity/adapters/jboss/JbossIntegrationFilterTests.java
+++ b/adapters/jboss/src/test/java/org/acegisecurity/adapters/jboss/JbossIntegrationFilterTests.java
@ -19,7 +19,9 @@ import junit.framework.TestCase;
 import org.acegisecurity.GrantedAuthority;
 import org.acegisecurity.GrantedAuthorityImpl;
 import org.acegisecurity.adapters.PrincipalAcegiUserToken;
 import org.acegisecurity.context.SecurityContextHolder;
 import org.acegisecurity.context.SecurityContextImpl;
@ -70,7 +72,8 @@ public class JbossIntegrationFilterTests extends TestCase {
    public void testCorrectOperation() throws Exception {
        PrincipalAcegiUserToken principal = new PrincipalAcegiUserToken("key",
                "someone", "password",
-                new GrantedAuthority[] {new GrantedAuthorityImpl("SOME_ROLE")});
+                new GrantedAuthority[] {new GrantedAuthorityImpl("SOME_ROLE")},
                null);
        JbossIntegrationFilter filter = new MockJbossIntegrationFilter(new MockInitialContext(
                    makeIntoSubject(principal)));
--- a/adapters/resin/src/main/java/org/acegisecurity/adapters/resin/ResinAcegiAuthenticator.java
+++ b/adapters/resin/src/main/java/org/acegisecurity/adapters/resin/ResinAcegiAuthenticator.java
@ -1,4 +1,4 @@
-/* Copyright 2004 Acegi Technology Pty Limited
+/* Copyright 2004, 2005 Acegi Technology Pty Limited
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -20,7 +20,9 @@ import com.caucho.http.security.AbstractAuthenticator;
 import org.acegisecurity.Authentication;
 import org.acegisecurity.AuthenticationException;
 import org.acegisecurity.AuthenticationManager;
 import org.acegisecurity.adapters.PrincipalAcegiUserToken;
 import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
 import org.apache.commons.logging.Log;
@ -151,7 +153,8 @@ public class ResinAcegiAuthenticator extends AbstractAuthenticator {
        return new PrincipalAcegiUserToken(this.key,
            response.getPrincipal().toString(),
-            response.getCredentials().toString(), response.getAuthorities());
+            response.getCredentials().toString(), response.getAuthorities(),
            response.getPrincipal());
    }
    protected Principal loginImpl(HttpServletRequest request,
--- a/adapters/resin/src/test/java/org/acegisecurity/adapters/resin/ResinAcegiAuthenticatorTests.java
+++ b/adapters/resin/src/test/java/org/acegisecurity/adapters/resin/ResinAcegiAuthenticatorTests.java
@ -1,4 +1,4 @@
-/* Copyright 2004 Acegi Technology Pty Limited
+/* Copyright 2004, 2005 Acegi Technology Pty Limited
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -19,6 +19,7 @@ import junit.framework.TestCase;
 import org.acegisecurity.GrantedAuthority;
 import org.acegisecurity.GrantedAuthorityImpl;
 import org.acegisecurity.adapters.PrincipalAcegiUserToken;
 import java.security.Principal;
@ -269,7 +270,7 @@ public class ResinAcegiAuthenticatorTests extends TestCase {
        PrincipalAcegiUserToken token = new PrincipalAcegiUserToken("KEY",
                "Test", "Password",
                new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
-                        "ROLE_TWO")});
+                        "ROLE_TWO")}, null);
        ResinAcegiAuthenticator adapter = new ResinAcegiAuthenticator();
        adapter.setAppContextLocation(
            "org/acegisecurity/adapters/adaptertest-valid.xml");
--- a/core/src/main/java/org/acegisecurity/adapters/PrincipalAcegiUserToken.java
+++ b/core/src/main/java/org/acegisecurity/adapters/PrincipalAcegiUserToken.java
@ -1,4 +1,4 @@
-/* Copyright 2004 Acegi Technology Pty Limited
+/* Copyright 2004, 2005 Acegi Technology Pty Limited
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -31,16 +31,18 @@ public class PrincipalAcegiUserToken extends AbstractAdapterAuthenticationToken
    implements Principal {
    //~ Instance fields ========================================================
    private Object principal;
    private String password;
    private String username;
    //~ Constructors ===========================================================
    public PrincipalAcegiUserToken(String key, String username,
-        String password, GrantedAuthority[] authorities) {
+        String password, GrantedAuthority[] authorities, Object principal) {
        super(key, authorities);
        this.username = username;
        this.password = password;
        this.principal = principal;
    }
    protected PrincipalAcegiUserToken() {
@ -58,6 +60,10 @@ public class PrincipalAcegiUserToken extends AbstractAdapterAuthenticationToken
    }
    public Object getPrincipal() {
        if (this.principal == null) {
            return this.username;
        }
        return this.principal;
    }
 }
--- a/core/src/test/java/org/acegisecurity/adapters/AuthByAdapterTests.java
+++ b/core/src/test/java/org/acegisecurity/adapters/AuthByAdapterTests.java
@ -1,4 +1,4 @@
-/* Copyright 2004 Acegi Technology Pty Limited
+/* Copyright 2004, 2005 Acegi Technology Pty Limited
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -21,6 +21,7 @@ import org.acegisecurity.Authentication;
 import org.acegisecurity.BadCredentialsException;
 import org.acegisecurity.GrantedAuthority;
 import org.acegisecurity.GrantedAuthorityImpl;
 import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
@ -59,7 +60,7 @@ public class AuthByAdapterTests extends TestCase {
        PrincipalAcegiUserToken token = new PrincipalAcegiUserToken("my_password",
                "Test", "Password",
                new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
-                        "ROLE_TWO")});
+                        "ROLE_TWO")}, null);
        assertTrue(provider.supports(token.getClass()));
        Authentication response = provider.authenticate(token);
@ -122,7 +123,7 @@ public class AuthByAdapterTests extends TestCase {
        // Should fail as PrincipalAcegiUserToken has different key
        PrincipalAcegiUserToken token = new PrincipalAcegiUserToken("wrong_password",
-                "Test", "Password", null);
+                "Test", "Password", null, null);
        try {
            provider.authenticate(token);
--- a/core/src/test/java/org/acegisecurity/adapters/HttpRequestIntegrationFilterTests.java
+++ b/core/src/test/java/org/acegisecurity/adapters/HttpRequestIntegrationFilterTests.java
@ -19,7 +19,9 @@ import junit.framework.TestCase;
 import org.acegisecurity.GrantedAuthority;
 import org.acegisecurity.GrantedAuthorityImpl;
 import org.acegisecurity.context.SecurityContextHolder;
 import org.acegisecurity.util.MockFilterChain;
 import org.springframework.mock.web.MockHttpServletRequest;
@ -53,7 +55,8 @@ public class HttpRequestIntegrationFilterTests extends TestCase {
        HttpRequestIntegrationFilter filter = new HttpRequestIntegrationFilter();
        PrincipalAcegiUserToken principal = new PrincipalAcegiUserToken("key",
                "someone", "password",
-                new GrantedAuthority[] {new GrantedAuthorityImpl("SOME_ROLE")});
+                new GrantedAuthority[] {new GrantedAuthorityImpl("SOME_ROLE")},
                null);
        MockHttpServletRequest request = new MockHttpServletRequest();
        request.setUserPrincipal(principal);
--- a/core/src/test/java/org/acegisecurity/adapters/PrincipalAcegiUserTokenTests.java
+++ b/core/src/test/java/org/acegisecurity/adapters/PrincipalAcegiUserTokenTests.java
@ -1,4 +1,4 @@
-/* Copyright 2004 Acegi Technology Pty Limited
+/* Copyright 2004, 2005 Acegi Technology Pty Limited
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -52,7 +52,7 @@ public class PrincipalAcegiUserTokenTests extends TestCase {
        PrincipalAcegiUserToken token = new PrincipalAcegiUserToken("my_password",
                "Test", "Password",
                new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
-                        "ROLE_TWO")});
+                        "ROLE_TWO")}, null);
        assertEquals("Test", token.getPrincipal());
        assertEquals("Password", token.getCredentials());
        assertEquals("my_password".hashCode(), token.getKeyHash());
--- a/core/src/test/java/org/acegisecurity/context/HttpSessionContextIntegrationFilterTests.java
+++ b/core/src/test/java/org/acegisecurity/context/HttpSessionContextIntegrationFilterTests.java
@ -12,6 +12,7 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package org.acegisecurity.context;
 import junit.framework.TestCase;
@ -20,6 +21,7 @@ import org.acegisecurity.Authentication;
 import org.acegisecurity.GrantedAuthority;
 import org.acegisecurity.GrantedAuthorityImpl;
 import org.acegisecurity.MockFilterConfig;
 import org.acegisecurity.adapters.PrincipalAcegiUserToken;
 import org.springframework.mock.web.MockHttpServletRequest;
@ -42,6 +44,8 @@ import javax.servlet.ServletResponse;
 * @version $Id$
 */
 public class HttpSessionContextIntegrationFilterTests extends TestCase {
    //~ Constructors ===========================================================
    public HttpSessionContextIntegrationFilterTests() {
        super();
    }
@ -50,6 +54,8 @@ public class HttpSessionContextIntegrationFilterTests extends TestCase {
        super(arg0);
    }
    //~ Methods ================================================================
    public static void main(String[] args) {
        junit.textui.TestRunner.run(HttpSessionContextIntegrationFilterTests.class);
    }
@ -80,7 +86,8 @@ public class HttpSessionContextIntegrationFilterTests extends TestCase {
        // Build an Authentication object we simulate came from HttpSession
        PrincipalAcegiUserToken sessionPrincipal = new PrincipalAcegiUserToken("key",
                "someone", "password",
-                new GrantedAuthority[] { new GrantedAuthorityImpl("SOME_ROLE") });
+                new GrantedAuthority[] {new GrantedAuthorityImpl("SOME_ROLE")},
                null);
        // Build a Context to store in HttpSession (simulating prior request)
        SecurityContext sc = new SecurityContextImpl();
@ -120,14 +127,14 @@ public class HttpSessionContextIntegrationFilterTests extends TestCase {
        // Build an Authentication object we simulate came from HttpSession
        PrincipalAcegiUserToken sessionPrincipal = new PrincipalAcegiUserToken("key",
                "someone", "password",
-                new GrantedAuthority[] { new GrantedAuthorityImpl("SOME_ROLE") });
+                new GrantedAuthority[] {new GrantedAuthorityImpl("SOME_ROLE")},
                null);
        // Build an Authentication object we simulate our Authentication changed it to
        PrincipalAcegiUserToken updatedPrincipal = new PrincipalAcegiUserToken("key",
                "someone", "password",
-                new GrantedAuthority[] {
+                new GrantedAuthority[] {new GrantedAuthorityImpl("SOME_DIFFERENT_ROLE")},
-                    new GrantedAuthorityImpl("SOME_DIFFERENT_ROLE")
+                null);
                });
        // Build a Context to store in HttpSession (simulating prior request)
        SecurityContext sc = new SecurityContextImpl();
@ -163,9 +170,8 @@ public class HttpSessionContextIntegrationFilterTests extends TestCase {
        // Build an Authentication object we simulate our Authentication changed it to
        PrincipalAcegiUserToken updatedPrincipal = new PrincipalAcegiUserToken("key",
                "someone", "password",
-                new GrantedAuthority[] {
+                new GrantedAuthority[] {new GrantedAuthorityImpl("SOME_DIFFERENT_ROLE")},
-                    new GrantedAuthorityImpl("SOME_DIFFERENT_ROLE")
+                null);
                });
        // Build a mock request
        MockHttpServletRequest request = new MockHttpServletRequest();
@ -213,9 +219,8 @@ public class HttpSessionContextIntegrationFilterTests extends TestCase {
        // Build an Authentication object we simulate our Authentication changed it to
        PrincipalAcegiUserToken updatedPrincipal = new PrincipalAcegiUserToken("key",
                "someone", "password",
-                new GrantedAuthority[] {
+                new GrantedAuthority[] {new GrantedAuthorityImpl("SOME_DIFFERENT_ROLE")},
-                    new GrantedAuthorityImpl("SOME_DIFFERENT_ROLE")
+                null);
                });
        // Build a mock request
        MockHttpServletRequest request = new MockHttpServletRequest();
@ -249,6 +254,8 @@ public class HttpSessionContextIntegrationFilterTests extends TestCase {
        filter.destroy();
    }
    //~ Inner Classes ==========================================================
    private class MockFilterChain extends TestCase implements FilterChain {
        private Authentication changeContextHolder;
        private Authentication expectedOnContextHolder;
@ -261,8 +268,7 @@ public class HttpSessionContextIntegrationFilterTests extends TestCase {
            this.toThrowDuringChain = toThrowDuringChain;
        }
-        private MockFilterChain() {
+        private MockFilterChain() {}
        }
        public void doFilter(ServletRequest arg0, ServletResponse arg1)
            throws IOException, ServletException {