SEC-848: Remove all Spring LDAP dependecy loading from namespace parsers
http://jira.springframework.org/browse/SEC-848. Replaced class references with class names.
This commit is contained in:
Luke Taylor
parent
859e99edf4
commit
7603ce2f97
|
|
@ -23,12 +23,12 @@ public abstract class AbstractUserDetailsServiceBeanDefinitionParser implements
|
|||
/** UserDetailsService bean Id. For use in a stateful context (i.e. in AuthenticationProviderBDP) */
|
||||
private String id;
|
||||
|
||||
protected abstract Class getBeanClass(Element element);
|
||||
protected abstract String getBeanClassName(Element element);
|
||||
|
||||
protected abstract void doParse(Element element, ParserContext parserContext, BeanDefinitionBuilder builder);
|
||||
|
||||
public BeanDefinition parse(Element element, ParserContext parserContext) {
|
||||
BeanDefinitionBuilder builder = BeanDefinitionBuilder.rootBeanDefinition(getBeanClass(element));
|
||||
BeanDefinitionBuilder builder = BeanDefinitionBuilder.rootBeanDefinition(getBeanClassName(element));
|
||||
|
||||
doParse(element, parserContext, builder);
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,5 @@
|
|||
package org.springframework.security.config;
|
||||
|
||||
import org.springframework.security.userdetails.jdbc.JdbcUserDetailsManager;
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
|
|
@ -18,8 +17,8 @@ public class JdbcUserServiceBeanDefinitionParser extends AbstractUserDetailsServ
|
|||
static final String ATT_GROUP_AUTHORITIES_QUERY = "group-authorities-by-username-query";
|
||||
static final String ATT_ROLE_PREFIX = "role-prefix";
|
||||
|
||||
protected Class getBeanClass(Element element) {
|
||||
return JdbcUserDetailsManager.class;
|
||||
protected String getBeanClassName(Element element) {
|
||||
return "org.springframework.security.userdetails.jdbc.JdbcUserDetailsManager";
|
||||
}
|
||||
|
||||
protected void doParse(Element element, ParserContext parserContext, BeanDefinitionBuilder builder) {
|
||||
|
|
|
|||
|
|
@ -1,11 +1,8 @@
|
|||
package org.springframework.security.config;
|
||||
|
||||
import org.springframework.security.ldap.search.FilterBasedLdapUserSearch;
|
||||
import org.springframework.security.providers.ldap.LdapAuthenticationProvider;
|
||||
import org.springframework.security.providers.ldap.authenticator.BindAuthenticator;
|
||||
import org.springframework.security.providers.ldap.authenticator.PasswordComparisonAuthenticator;
|
||||
import org.springframework.beans.factory.config.BeanDefinition;
|
||||
import org.springframework.beans.factory.config.RuntimeBeanReference;
|
||||
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.beans.factory.xml.BeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
|
|
@ -30,12 +27,16 @@ public class LdapProviderBeanDefinitionParser implements BeanDefinitionParser {
|
|||
private static final String ATT_USER_PASSWORD = "password-attribute";
|
||||
private static final String ATT_HASH = PasswordEncoderParser.ATT_HASH;
|
||||
|
||||
private static final String DEF_USER_SEARCH_FILTER="uid={0}";
|
||||
private static final String DEF_USER_SEARCH_FILTER = "uid={0}";
|
||||
|
||||
private static final String PROVIDER_CLASS = "org.springframework.security.providers.ldap.LdapAuthenticationProvider";
|
||||
private static final String BIND_AUTH_CLASS = "org.springframework.security.providers.ldap.authenticator.BindAuthenticator";
|
||||
private static final String PASSWD_AUTH_CLASS = "org.springframework.security.providers.ldap.authenticator.PasswordComparisonAuthenticator";
|
||||
|
||||
public BeanDefinition parse(Element elt, ParserContext parserContext) {
|
||||
RuntimeBeanReference contextSource = LdapUserServiceBeanDefinitionParser.parseServerReference(elt, parserContext);
|
||||
|
||||
RootBeanDefinition searchBean = LdapUserServiceBeanDefinitionParser.parseSearchBean(elt, parserContext);
|
||||
BeanDefinition searchBean = LdapUserServiceBeanDefinitionParser.parseSearchBean(elt, parserContext);
|
||||
String userDnPattern = elt.getAttribute(ATT_USER_DN_PATTERN);
|
||||
|
||||
String[] userDnPatternArray = new String[0];
|
||||
|
|
@ -45,22 +46,25 @@ public class LdapProviderBeanDefinitionParser implements BeanDefinitionParser {
|
|||
// TODO: Validate the pattern and make sure it is a valid DN.
|
||||
} else if (searchBean == null) {
|
||||
logger.info("No search information or DN pattern specified. Using default search filter '" + DEF_USER_SEARCH_FILTER + "'");
|
||||
searchBean = new RootBeanDefinition(FilterBasedLdapUserSearch.class);
|
||||
searchBean.setSource(elt);
|
||||
searchBean.getConstructorArgumentValues().addIndexedArgumentValue(0, "");
|
||||
searchBean.getConstructorArgumentValues().addIndexedArgumentValue(1, DEF_USER_SEARCH_FILTER);
|
||||
searchBean.getConstructorArgumentValues().addIndexedArgumentValue(2, contextSource);
|
||||
BeanDefinitionBuilder searchBeanBuilder = BeanDefinitionBuilder.rootBeanDefinition(LdapUserServiceBeanDefinitionParser.LDAP_SEARCH_CLASS);
|
||||
searchBeanBuilder.setSource(elt);
|
||||
searchBeanBuilder.addConstructorArg("");
|
||||
searchBeanBuilder.addConstructorArg(DEF_USER_SEARCH_FILTER);
|
||||
searchBeanBuilder.addConstructorArg(contextSource);
|
||||
searchBean = searchBeanBuilder.getBeanDefinition();
|
||||
}
|
||||
|
||||
RootBeanDefinition authenticator = new RootBeanDefinition(BindAuthenticator.class);
|
||||
BeanDefinitionBuilder authenticatorBuilder =
|
||||
BeanDefinitionBuilder.rootBeanDefinition(BIND_AUTH_CLASS);
|
||||
Element passwordCompareElt = DomUtils.getChildElementByTagName(elt, Elements.LDAP_PASSWORD_COMPARE);
|
||||
|
||||
if (passwordCompareElt != null) {
|
||||
authenticator = new RootBeanDefinition(PasswordComparisonAuthenticator.class);
|
||||
authenticatorBuilder =
|
||||
BeanDefinitionBuilder.rootBeanDefinition(PASSWD_AUTH_CLASS);
|
||||
|
||||
String passwordAttribute = passwordCompareElt.getAttribute(ATT_USER_PASSWORD);
|
||||
if (StringUtils.hasText(passwordAttribute)) {
|
||||
authenticator.getPropertyValues().addPropertyValue("passwordAttributeName", passwordAttribute);
|
||||
authenticatorBuilder.addPropertyValue("passwordAttributeName", passwordAttribute);
|
||||
}
|
||||
|
||||
Element passwordEncoderElement = DomUtils.getChildElementByTagName(passwordCompareElt, Elements.PASSWORD_ENCODER);
|
||||
|
|
@ -70,33 +74,34 @@ public class LdapProviderBeanDefinitionParser implements BeanDefinitionParser {
|
|||
if (StringUtils.hasText(hash)) {
|
||||
parserContext.getReaderContext().warning("Attribute 'hash' cannot be used with 'password-encoder' and " +
|
||||
"will be ignored.", parserContext.extractSource(elt));
|
||||
}
|
||||
}
|
||||
PasswordEncoderParser pep = new PasswordEncoderParser(passwordEncoderElement, parserContext);
|
||||
authenticator.getPropertyValues().addPropertyValue("passwordEncoder", pep.getPasswordEncoder());
|
||||
authenticatorBuilder.addPropertyValue("passwordEncoder", pep.getPasswordEncoder());
|
||||
|
||||
if (pep.getSaltSource() != null) {
|
||||
parserContext.getReaderContext().warning("Salt source information isn't valid when used with LDAP", passwordEncoderElement);
|
||||
parserContext.getReaderContext().warning("Salt source information isn't valid when used with LDAP",
|
||||
passwordEncoderElement);
|
||||
}
|
||||
} else if (StringUtils.hasText(hash)) {
|
||||
Class encoderClass = (Class) PasswordEncoderParser.ENCODER_CLASSES.get(hash);
|
||||
authenticator.getPropertyValues().addPropertyValue("passwordEncoder", new RootBeanDefinition(encoderClass));
|
||||
authenticatorBuilder.addPropertyValue("passwordEncoder", new RootBeanDefinition(encoderClass));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
authenticator.getConstructorArgumentValues().addGenericArgumentValue(contextSource);
|
||||
authenticator.getPropertyValues().addPropertyValue("userDnPatterns", userDnPatternArray);
|
||||
authenticatorBuilder.addConstructorArg(contextSource);
|
||||
authenticatorBuilder.addPropertyValue("userDnPatterns", userDnPatternArray);
|
||||
|
||||
if (searchBean != null) {
|
||||
authenticator.getPropertyValues().addPropertyValue("userSearch", searchBean);
|
||||
authenticatorBuilder.addPropertyValue("userSearch", searchBean);
|
||||
}
|
||||
|
||||
RootBeanDefinition ldapProvider = new RootBeanDefinition(LdapAuthenticationProvider.class);
|
||||
ldapProvider.getConstructorArgumentValues().addGenericArgumentValue(authenticator);
|
||||
ldapProvider.getConstructorArgumentValues().addGenericArgumentValue(LdapUserServiceBeanDefinitionParser.parseAuthoritiesPopulator(elt, parserContext));
|
||||
ldapProvider.getPropertyValues().addPropertyValue("userDetailsContextMapper",
|
||||
BeanDefinitionBuilder ldapProvider = BeanDefinitionBuilder.rootBeanDefinition(PROVIDER_CLASS);
|
||||
ldapProvider.addConstructorArg(authenticatorBuilder.getBeanDefinition());
|
||||
ldapProvider.addConstructorArg(LdapUserServiceBeanDefinitionParser.parseAuthoritiesPopulator(elt, parserContext));
|
||||
ldapProvider.addPropertyValue("userDetailsContextMapper",
|
||||
LdapUserServiceBeanDefinitionParser.parseUserDetailsClass(elt, parserContext));
|
||||
|
||||
ConfigUtils.getRegisteredProviders(parserContext).add(ldapProvider);
|
||||
ConfigUtils.getRegisteredProviders(parserContext).add(ldapProvider.getBeanDefinition());
|
||||
|
||||
return null;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,11 +1,5 @@
|
|||
package org.springframework.security.config;
|
||||
|
||||
import org.springframework.security.userdetails.ldap.InetOrgPersonContextMapper;
|
||||
import org.springframework.security.userdetails.ldap.LdapUserDetailsMapper;
|
||||
import org.springframework.security.userdetails.ldap.LdapUserDetailsService;
|
||||
import org.springframework.security.userdetails.ldap.PersonContextMapper;
|
||||
import org.springframework.security.ldap.search.FilterBasedLdapUserSearch;
|
||||
import org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
|
|
@ -35,9 +29,15 @@ public class LdapUserServiceBeanDefinitionParser extends AbstractUserDetailsServ
|
|||
static final String ATT_USER_CLASS = "user-details-class";
|
||||
static final String OPT_PERSON = "person";
|
||||
static final String OPT_INETORGPERSON = "inetOrgPerson";
|
||||
|
||||
public static final String LDAP_SEARCH_CLASS = "org.springframework.security.ldap.search.FilterBasedLdapUserSearch";
|
||||
public static final String PERSON_MAPPER_CLASS = "org.springframework.security.userdetails.ldap.PersonContextMapper";
|
||||
public static final String INET_ORG_PERSON_MAPPER_CLASS = "org.springframework.security.userdetails.ldap.InetOrgPersonContextMapper";
|
||||
public static final String LDAP_USER_MAPPER_CLASS = "org.springframework.security.userdetails.ldap.LdapUserDetailsMapper";
|
||||
public static final String LDAP_AUTHORITIES_POPULATOR_CLASS = "org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator";
|
||||
|
||||
protected Class getBeanClass(Element element) {
|
||||
return LdapUserDetailsService.class;
|
||||
protected String getBeanClassName(Element element) {
|
||||
return "org.springframework.security.userdetails.ldap.LdapUserDetailsService";
|
||||
}
|
||||
|
||||
protected void doParse(Element elt, ParserContext parserContext, BeanDefinitionBuilder builder) {
|
||||
|
|
@ -68,7 +68,7 @@ public class LdapUserServiceBeanDefinitionParser extends AbstractUserDetailsServ
|
|||
return null;
|
||||
}
|
||||
|
||||
BeanDefinitionBuilder searchBuilder = BeanDefinitionBuilder.rootBeanDefinition(FilterBasedLdapUserSearch.class);
|
||||
BeanDefinitionBuilder searchBuilder = BeanDefinitionBuilder.rootBeanDefinition(LDAP_SEARCH_CLASS);
|
||||
searchBuilder.setSource(source);
|
||||
searchBuilder.addConstructorArg(userSearchBase);
|
||||
searchBuilder.addConstructorArg(userSearchFilter);
|
||||
|
|
@ -96,12 +96,12 @@ public class LdapUserServiceBeanDefinitionParser extends AbstractUserDetailsServ
|
|||
static RootBeanDefinition parseUserDetailsClass(Element elt, ParserContext parserContext) {
|
||||
String userDetailsClass = elt.getAttribute(ATT_USER_CLASS);
|
||||
|
||||
if(OPT_PERSON.equals(userDetailsClass)) {
|
||||
return new RootBeanDefinition(PersonContextMapper.class);
|
||||
if (OPT_PERSON.equals(userDetailsClass)) {
|
||||
return new RootBeanDefinition(PERSON_MAPPER_CLASS, null, null);
|
||||
} else if (OPT_INETORGPERSON.equals(userDetailsClass)) {
|
||||
return new RootBeanDefinition(InetOrgPersonContextMapper.class);
|
||||
return new RootBeanDefinition(INET_ORG_PERSON_MAPPER_CLASS, null, null);
|
||||
}
|
||||
return new RootBeanDefinition(LdapUserDetailsMapper.class);
|
||||
return new RootBeanDefinition(LDAP_USER_MAPPER_CLASS, null, null);
|
||||
}
|
||||
|
||||
static RootBeanDefinition parseAuthoritiesPopulator(Element elt, ParserContext parserContext) {
|
||||
|
|
@ -118,7 +118,7 @@ public class LdapUserServiceBeanDefinitionParser extends AbstractUserDetailsServ
|
|||
groupSearchBase = DEF_GROUP_SEARCH_BASE;
|
||||
}
|
||||
|
||||
BeanDefinitionBuilder populator = BeanDefinitionBuilder.rootBeanDefinition(DefaultLdapAuthoritiesPopulator.class);
|
||||
BeanDefinitionBuilder populator = BeanDefinitionBuilder.rootBeanDefinition(LDAP_AUTHORITIES_POPULATOR_CLASS);
|
||||
populator.setSource(parserContext.extractSource(elt));
|
||||
populator.addConstructorArg(parseServerReference(elt, parserContext));
|
||||
populator.addConstructorArg(groupSearchBase);
|
||||
|
|
@ -129,7 +129,7 @@ public class LdapUserServiceBeanDefinitionParser extends AbstractUserDetailsServ
|
|||
rolePrefix = "";
|
||||
}
|
||||
populator.addPropertyValue("rolePrefix", rolePrefix);
|
||||
}
|
||||
}
|
||||
|
||||
if (StringUtils.hasLength(groupRoleAttribute)) {
|
||||
populator.addPropertyValue("groupRoleAttribute", groupRoleAttribute);
|
||||
|
|
|
|||
|
|
@ -6,7 +6,6 @@ import org.springframework.beans.factory.support.BeanDefinitionBuilder;
|
|||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
import org.springframework.beans.factory.BeanDefinitionStoreException;
|
||||
import org.springframework.security.userdetails.memory.InMemoryDaoImpl;
|
||||
import org.springframework.security.userdetails.memory.UserMap;
|
||||
import org.springframework.security.userdetails.User;
|
||||
import org.springframework.security.util.AuthorityUtils;
|
||||
|
|
@ -33,8 +32,8 @@ public class UserServiceBeanDefinitionParser extends AbstractUserDetailsServiceB
|
|||
static final String ATT_DISABLED = "disabled";
|
||||
static final String ATT_LOCKED = "locked";
|
||||
|
||||
protected Class getBeanClass(Element element) {
|
||||
return InMemoryDaoImpl.class;
|
||||
protected String getBeanClassName(Element element) {
|
||||
return "org.springframework.security.userdetails.memory.InMemoryDaoImpl";
|
||||
}
|
||||
|
||||
protected void doParse(Element element, ParserContext parserContext, BeanDefinitionBuilder builder) {
|
||||
|
|
|
|||
Loading…
Reference in New Issue