Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SEC-73: Support storage and retrieval of actual Principal object (such as UserDetails) from PrnicipalAcegiUserToken.

This commit is contained in:
Ben Alex 2005-11-25 00:26:30 +00:00
parent 7847af2664
commit 72256a225f
11 changed files with 89 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
adapters/catalina/src/main/java/org/acegisecurity/adapters/catalina/CatalinaAcegiUserRealm.java
View File

@ -1,4 +1,4 @@
/* Copyright 2004 Acegi Technology Pty Limited
/* Copyright 2004, 2005 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -18,7 +18,9 @@ package org.acegisecurity.adapters.catalina;
import org.acegisecurity.Authentication;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.AuthenticationManager;
import org.acegisecurity.adapters.PrincipalAcegiUserToken;
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.apache.catalina.Container;
@ -108,7 +110,8 @@ public class CatalinaAcegiUserRealm extends RealmBase {
return new PrincipalAcegiUserToken(this.key,
response.getPrincipal().toString(),
response.getCredentials().toString(), response.getAuthorities());
response.getCredentials().toString(), response.getAuthorities(),
response.getPrincipal());
}
public Principal authenticate(String username, byte[] credentials) {

5
adapters/catalina/src/test/java/org/acegisecurity/adapters/catalina/CatalinaAcegiUserRealmTests.java
View File

@ -1,4 +1,4 @@
/* Copyright 2004 Acegi Technology Pty Limited
/* Copyright 2004, 2005 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -19,6 +19,7 @@ import junit.framework.TestCase;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.GrantedAuthorityImpl;
import org.acegisecurity.adapters.PrincipalAcegiUserToken;
import org.apache.catalina.LifecycleException;
@ -260,7 +261,7 @@ public class CatalinaAcegiUserRealmTests extends TestCase {
PrincipalAcegiUserToken token = new PrincipalAcegiUserToken("KEY",
"Test", "Password",
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
"ROLE_TWO")});
"ROLE_TWO")}, null);
CatalinaAcegiUserRealm adapter = new CatalinaAcegiUserRealm();
assertTrue(adapter.hasRole(token, "ROLE_ONE"));
assertTrue(adapter.hasRole(token, "ROLE_TWO"));

56
adapters/jboss/src/main/java/org/acegisecurity/adapters/jboss/JbossAcegiLoginModule.java
View File

@ -12,6 +12,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.acegisecurity.adapters.jboss;
import org.acegisecurity.AccountExpiredException;
@ -19,7 +20,9 @@ import org.acegisecurity.Authentication;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.AuthenticationManager;
import org.acegisecurity.CredentialsExpiredException;
import org.acegisecurity.adapters.PrincipalAcegiUserToken;
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.jboss.security.SimpleGroup;
@ -49,7 +52,7 @@ import javax.security.auth.login.LoginException;
/**
* Adapter to enable JBoss to authenticate via the Acegi Security System for
* Spring.
*
*
* <p>
* Returns a {@link PrincipalAcegiUserToken} to JBoss' authentication system,
* which is subsequently available from
@ -61,11 +64,15 @@ import javax.security.auth.login.LoginException;
* @version $Id$
*/
public class JbossAcegiLoginModule extends AbstractServerLoginModule {
//~ Instance fields ========================================================
private AuthenticationManager authenticationManager;
private Principal identity;
private String key;
private char[] credential;
//~ Methods ================================================================
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map sharedState, Map options) {
super.initialize(subject, callbackHandler, sharedState, options);
@ -84,8 +91,8 @@ public class JbossAcegiLoginModule extends AbstractServerLoginModule {
String appContextLocation = (String) options.get("appContextLocation");
if ((((singletonId == null) || "".equals(singletonId)) &&
(appContextLocation == null)) || "".equals(appContextLocation)) {
if ((((singletonId == null) || "".equals(singletonId))
&& (appContextLocation == null)) || "".equals(appContextLocation)) {
throw new IllegalArgumentException(
"appContextLocation must be defined");
}
@ -99,8 +106,8 @@ public class JbossAcegiLoginModule extends AbstractServerLoginModule {
super.log.info("cannot locate " + appContextLocation);
}
throw new IllegalArgumentException("Cannot locate " +
appContextLocation);
throw new IllegalArgumentException("Cannot locate "
+ appContextLocation);
}
}
@ -111,13 +118,13 @@ public class JbossAcegiLoginModule extends AbstractServerLoginModule {
ctx = new ClassPathXmlApplicationContext(appContextLocation);
} catch (Exception e) {
if (super.log.isInfoEnabled()) {
super.log.info("error loading spring context " +
appContextLocation + " " + e);
super.log.info("error loading spring context "
+ appContextLocation + " " + e);
}
throw new IllegalArgumentException(
"error loading spring context " + appContextLocation + " " +
e);
"error loading spring context " + appContextLocation + " "
+ e);
}
} else {
if (super.log.isInfoEnabled()) {
@ -130,12 +137,11 @@ public class JbossAcegiLoginModule extends AbstractServerLoginModule {
if (ctx == null) {
if (super.log.isInfoEnabled()) {
super.log.info("singleton " + beanName +
" does not exists");
super.log.info("singleton " + beanName + " does not exists");
}
throw new IllegalArgumentException("singleton " + singletonId +
" does not exists");
throw new IllegalArgumentException("singleton " + singletonId
+ " does not exists");
}
}
@ -178,8 +184,8 @@ public class JbossAcegiLoginModule extends AbstractServerLoginModule {
if ((username == null) && (password == null)) {
identity = null;
super.log.trace("Authenticating as unauthenticatedIdentity=" +
identity);
super.log.trace("Authenticating as unauthenticatedIdentity="
+ identity);
}
if (username == null) {
@ -239,7 +245,7 @@ public class JbossAcegiLoginModule extends AbstractServerLoginModule {
identity = new PrincipalAcegiUserToken(this.key,
response.getName(), response.getCredentials().toString(),
response.getAuthorities());
response.getAuthorities(), response.getPrincipal());
}
if (getUseFirstPass() == true) {
@ -249,8 +255,8 @@ public class JbossAcegiLoginModule extends AbstractServerLoginModule {
}
super.loginOk = true;
super.log.trace("User '" + identity + "' authenticated, loginOk=" +
loginOk);
super.log.trace("User '" + identity + "' authenticated, loginOk="
+ loginOk);
return true;
}
@ -261,7 +267,7 @@ public class JbossAcegiLoginModule extends AbstractServerLoginModule {
protected Group[] getRoleSets() throws LoginException {
SimpleGroup roles = new SimpleGroup("Roles");
Group[] roleSets = { roles };
Group[] roleSets = {roles};
if (this.identity instanceof Authentication) {
Authentication user = (Authentication) this.identity;
@ -276,17 +282,17 @@ public class JbossAcegiLoginModule extends AbstractServerLoginModule {
}
protected String[] getUsernameAndPassword() throws LoginException {
String[] info = { null, null };
String[] info = {null, null};
// prompt for a username and password
if (callbackHandler == null) {
throw new LoginException("Error: no CallbackHandler available " +
"to collect authentication information");
throw new LoginException("Error: no CallbackHandler available "
+ "to collect authentication information");
}
NameCallback nc = new NameCallback("User name: ", "guest");
PasswordCallback pc = new PasswordCallback("Password: ", false);
Callback[] callbacks = { nc, pc };
Callback[] callbacks = {nc, pc};
String username = null;
String password = null;
@ -306,8 +312,8 @@ public class JbossAcegiLoginModule extends AbstractServerLoginModule {
} catch (java.io.IOException ioe) {
throw new LoginException(ioe.toString());
} catch (UnsupportedCallbackException uce) {
throw new LoginException("CallbackHandler does not support: " +
uce.getCallback());
throw new LoginException("CallbackHandler does not support: "
+ uce.getCallback());
}
info[0] = username;

5
adapters/jboss/src/test/java/org/acegisecurity/adapters/jboss/JbossIntegrationFilterTests.java
View File

@ -19,7 +19,9 @@ import junit.framework.TestCase;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.GrantedAuthorityImpl;
import org.acegisecurity.adapters.PrincipalAcegiUserToken;
import org.acegisecurity.context.SecurityContextHolder;
import org.acegisecurity.context.SecurityContextImpl;
@ -70,7 +72,8 @@ public class JbossIntegrationFilterTests extends TestCase {
public void testCorrectOperation() throws Exception {
PrincipalAcegiUserToken principal = new PrincipalAcegiUserToken("key",
"someone", "password",
new GrantedAuthority[] {new GrantedAuthorityImpl("SOME_ROLE")});
new GrantedAuthority[] {new GrantedAuthorityImpl("SOME_ROLE")},
null);
JbossIntegrationFilter filter = new MockJbossIntegrationFilter(new MockInitialContext(
makeIntoSubject(principal)));

7
adapters/resin/src/main/java/org/acegisecurity/adapters/resin/ResinAcegiAuthenticator.java
View File

@ -1,4 +1,4 @@
/* Copyright 2004 Acegi Technology Pty Limited
/* Copyright 2004, 2005 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -20,7 +20,9 @@ import com.caucho.http.security.AbstractAuthenticator;
import org.acegisecurity.Authentication;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.AuthenticationManager;
import org.acegisecurity.adapters.PrincipalAcegiUserToken;
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.apache.commons.logging.Log;
@ -151,7 +153,8 @@ public class ResinAcegiAuthenticator extends AbstractAuthenticator {
return new PrincipalAcegiUserToken(this.key,
response.getPrincipal().toString(),
response.getCredentials().toString(), response.getAuthorities());
response.getCredentials().toString(), response.getAuthorities(),
response.getPrincipal());
}
protected Principal loginImpl(HttpServletRequest request,

5
adapters/resin/src/test/java/org/acegisecurity/adapters/resin/ResinAcegiAuthenticatorTests.java
View File

@ -1,4 +1,4 @@
/* Copyright 2004 Acegi Technology Pty Limited
/* Copyright 2004, 2005 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -19,6 +19,7 @@ import junit.framework.TestCase;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.GrantedAuthorityImpl;
import org.acegisecurity.adapters.PrincipalAcegiUserToken;
import java.security.Principal;
@ -269,7 +270,7 @@ public class ResinAcegiAuthenticatorTests extends TestCase {
PrincipalAcegiUserToken token = new PrincipalAcegiUserToken("KEY",
"Test", "Password",
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
"ROLE_TWO")});
"ROLE_TWO")}, null);
ResinAcegiAuthenticator adapter = new ResinAcegiAuthenticator();
adapter.setAppContextLocation(
"org/acegisecurity/adapters/adaptertest-valid.xml");

12
core/src/main/java/org/acegisecurity/adapters/PrincipalAcegiUserToken.java
View File

@ -1,4 +1,4 @@
/* Copyright 2004 Acegi Technology Pty Limited
/* Copyright 2004, 2005 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -31,16 +31,18 @@ public class PrincipalAcegiUserToken extends AbstractAdapterAuthenticationToken
implements Principal {
//~ Instance fields ========================================================
private Object principal;
private String password;
private String username;
//~ Constructors ===========================================================
public PrincipalAcegiUserToken(String key, String username,
String password, GrantedAuthority[] authorities) {
String password, GrantedAuthority[] authorities, Object principal) {
super(key, authorities);
this.username = username;
this.password = password;
this.principal = principal;
}
protected PrincipalAcegiUserToken() {
@ -58,6 +60,10 @@ public class PrincipalAcegiUserToken extends AbstractAdapterAuthenticationToken
}
public Object getPrincipal() {
return this.username;
if (this.principal == null) {
return this.username;
}
return this.principal;
}
}

7
core/src/test/java/org/acegisecurity/adapters/AuthByAdapterTests.java
View File

@ -1,4 +1,4 @@
/* Copyright 2004 Acegi Technology Pty Limited
/* Copyright 2004, 2005 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -21,6 +21,7 @@ import org.acegisecurity.Authentication;
import org.acegisecurity.BadCredentialsException;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.GrantedAuthorityImpl;
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
@ -59,7 +60,7 @@ public class AuthByAdapterTests extends TestCase {
PrincipalAcegiUserToken token = new PrincipalAcegiUserToken("my_password",
"Test", "Password",
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
"ROLE_TWO")});
"ROLE_TWO")}, null);
assertTrue(provider.supports(token.getClass()));
Authentication response = provider.authenticate(token);
@ -122,7 +123,7 @@ public class AuthByAdapterTests extends TestCase {
// Should fail as PrincipalAcegiUserToken has different key
PrincipalAcegiUserToken token = new PrincipalAcegiUserToken("wrong_password",
"Test", "Password", null);
"Test", "Password", null, null);
try {
provider.authenticate(token);

5
core/src/test/java/org/acegisecurity/adapters/HttpRequestIntegrationFilterTests.java
View File

@ -19,7 +19,9 @@ import junit.framework.TestCase;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.GrantedAuthorityImpl;
import org.acegisecurity.context.SecurityContextHolder;
import org.acegisecurity.util.MockFilterChain;
import org.springframework.mock.web.MockHttpServletRequest;
@ -53,7 +55,8 @@ public class HttpRequestIntegrationFilterTests extends TestCase {
HttpRequestIntegrationFilter filter = new HttpRequestIntegrationFilter();
PrincipalAcegiUserToken principal = new PrincipalAcegiUserToken("key",
"someone", "password",
new GrantedAuthority[] {new GrantedAuthorityImpl("SOME_ROLE")});
new GrantedAuthority[] {new GrantedAuthorityImpl("SOME_ROLE")},
null);
MockHttpServletRequest request = new MockHttpServletRequest();
request.setUserPrincipal(principal);

4
core/src/test/java/org/acegisecurity/adapters/PrincipalAcegiUserTokenTests.java
View File

@ -1,4 +1,4 @@
/* Copyright 2004 Acegi Technology Pty Limited
/* Copyright 2004, 2005 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -52,7 +52,7 @@ public class PrincipalAcegiUserTokenTests extends TestCase {
PrincipalAcegiUserToken token = new PrincipalAcegiUserToken("my_password",
"Test", "Password",
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
"ROLE_TWO")});
"ROLE_TWO")}, null);
assertEquals("Test", token.getPrincipal());
assertEquals("Password", token.getCredentials());
assertEquals("my_password".hashCode(), token.getKeyHash());

32
core/src/test/java/org/acegisecurity/context/HttpSessionContextIntegrationFilterTests.java
View File

@ -12,6 +12,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.acegisecurity.context;
import junit.framework.TestCase;
@ -20,6 +21,7 @@ import org.acegisecurity.Authentication;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.GrantedAuthorityImpl;
import org.acegisecurity.MockFilterConfig;
import org.acegisecurity.adapters.PrincipalAcegiUserToken;
import org.springframework.mock.web.MockHttpServletRequest;
@ -42,6 +44,8 @@ import javax.servlet.ServletResponse;
* @version $Id$
*/
public class HttpSessionContextIntegrationFilterTests extends TestCase {
//~ Constructors ===========================================================
public HttpSessionContextIntegrationFilterTests() {
super();
}
@ -50,6 +54,8 @@ public class HttpSessionContextIntegrationFilterTests extends TestCase {
super(arg0);
}
//~ Methods ================================================================
public static void main(String[] args) {
junit.textui.TestRunner.run(HttpSessionContextIntegrationFilterTests.class);
}
@ -80,7 +86,8 @@ public class HttpSessionContextIntegrationFilterTests extends TestCase {
// Build an Authentication object we simulate came from HttpSession
PrincipalAcegiUserToken sessionPrincipal = new PrincipalAcegiUserToken("key",
"someone", "password",
new GrantedAuthority[] { new GrantedAuthorityImpl("SOME_ROLE") });
new GrantedAuthority[] {new GrantedAuthorityImpl("SOME_ROLE")},
null);
// Build a Context to store in HttpSession (simulating prior request)
SecurityContext sc = new SecurityContextImpl();
@ -120,14 +127,14 @@ public class HttpSessionContextIntegrationFilterTests extends TestCase {
// Build an Authentication object we simulate came from HttpSession
PrincipalAcegiUserToken sessionPrincipal = new PrincipalAcegiUserToken("key",
"someone", "password",
new GrantedAuthority[] { new GrantedAuthorityImpl("SOME_ROLE") });
new GrantedAuthority[] {new GrantedAuthorityImpl("SOME_ROLE")},
null);
// Build an Authentication object we simulate our Authentication changed it to
PrincipalAcegiUserToken updatedPrincipal = new PrincipalAcegiUserToken("key",
"someone", "password",
new GrantedAuthority[] {
new GrantedAuthorityImpl("SOME_DIFFERENT_ROLE")
});
new GrantedAuthority[] {new GrantedAuthorityImpl("SOME_DIFFERENT_ROLE")},
null);
// Build a Context to store in HttpSession (simulating prior request)
SecurityContext sc = new SecurityContextImpl();
@ -163,9 +170,8 @@ public class HttpSessionContextIntegrationFilterTests extends TestCase {
// Build an Authentication object we simulate our Authentication changed it to
PrincipalAcegiUserToken updatedPrincipal = new PrincipalAcegiUserToken("key",
"someone", "password",
new GrantedAuthority[] {
new GrantedAuthorityImpl("SOME_DIFFERENT_ROLE")
});
new GrantedAuthority[] {new GrantedAuthorityImpl("SOME_DIFFERENT_ROLE")},
null);
// Build a mock request
MockHttpServletRequest request = new MockHttpServletRequest();
@ -213,9 +219,8 @@ public class HttpSessionContextIntegrationFilterTests extends TestCase {
// Build an Authentication object we simulate our Authentication changed it to
PrincipalAcegiUserToken updatedPrincipal = new PrincipalAcegiUserToken("key",
"someone", "password",
new GrantedAuthority[] {
new GrantedAuthorityImpl("SOME_DIFFERENT_ROLE")
});
new GrantedAuthority[] {new GrantedAuthorityImpl("SOME_DIFFERENT_ROLE")},
null);
// Build a mock request
MockHttpServletRequest request = new MockHttpServletRequest();
@ -249,6 +254,8 @@ public class HttpSessionContextIntegrationFilterTests extends TestCase {
filter.destroy();
}
//~ Inner Classes ==========================================================
private class MockFilterChain extends TestCase implements FilterChain {
private Authentication changeContextHolder;
private Authentication expectedOnContextHolder;
@ -261,8 +268,7 @@ public class HttpSessionContextIntegrationFilterTests extends TestCase {
this.toThrowDuringChain = toThrowDuringChain;
}
private MockFilterChain() {
}
private MockFilterChain() {}
public void doFilter(ServletRequest arg0, ServletResponse arg1)
throws IOException, ServletException {