diff --git a/core/src/main/java/org/springframework/security/config/AbstractUserDetailsServiceBeanDefinitionParser.java b/core/src/main/java/org/springframework/security/config/AbstractUserDetailsServiceBeanDefinitionParser.java index 4b1df14ce5..f67a3c3af6 100644 --- a/core/src/main/java/org/springframework/security/config/AbstractUserDetailsServiceBeanDefinitionParser.java +++ b/core/src/main/java/org/springframework/security/config/AbstractUserDetailsServiceBeanDefinitionParser.java @@ -23,12 +23,12 @@ public abstract class AbstractUserDetailsServiceBeanDefinitionParser implements /** UserDetailsService bean Id. For use in a stateful context (i.e. in AuthenticationProviderBDP) */ private String id; - protected abstract Class getBeanClass(Element element); + protected abstract String getBeanClassName(Element element); protected abstract void doParse(Element element, ParserContext parserContext, BeanDefinitionBuilder builder); public BeanDefinition parse(Element element, ParserContext parserContext) { - BeanDefinitionBuilder builder = BeanDefinitionBuilder.rootBeanDefinition(getBeanClass(element)); + BeanDefinitionBuilder builder = BeanDefinitionBuilder.rootBeanDefinition(getBeanClassName(element)); doParse(element, parserContext, builder); diff --git a/core/src/main/java/org/springframework/security/config/JdbcUserServiceBeanDefinitionParser.java b/core/src/main/java/org/springframework/security/config/JdbcUserServiceBeanDefinitionParser.java index e4628b6c05..aad96d4167 100644 --- a/core/src/main/java/org/springframework/security/config/JdbcUserServiceBeanDefinitionParser.java +++ b/core/src/main/java/org/springframework/security/config/JdbcUserServiceBeanDefinitionParser.java @@ -1,6 +1,5 @@ package org.springframework.security.config; -import org.springframework.security.userdetails.jdbc.JdbcUserDetailsManager; import org.springframework.util.StringUtils; import org.springframework.beans.factory.support.BeanDefinitionBuilder; import org.springframework.beans.factory.xml.ParserContext; @@ -18,8 +17,8 @@ public class JdbcUserServiceBeanDefinitionParser extends AbstractUserDetailsServ static final String ATT_GROUP_AUTHORITIES_QUERY = "group-authorities-by-username-query"; static final String ATT_ROLE_PREFIX = "role-prefix"; - protected Class getBeanClass(Element element) { - return JdbcUserDetailsManager.class; + protected String getBeanClassName(Element element) { + return "org.springframework.security.userdetails.jdbc.JdbcUserDetailsManager"; } protected void doParse(Element element, ParserContext parserContext, BeanDefinitionBuilder builder) { diff --git a/core/src/main/java/org/springframework/security/config/LdapProviderBeanDefinitionParser.java b/core/src/main/java/org/springframework/security/config/LdapProviderBeanDefinitionParser.java index 099270d518..2b127cd77e 100644 --- a/core/src/main/java/org/springframework/security/config/LdapProviderBeanDefinitionParser.java +++ b/core/src/main/java/org/springframework/security/config/LdapProviderBeanDefinitionParser.java @@ -1,11 +1,8 @@ package org.springframework.security.config; -import org.springframework.security.ldap.search.FilterBasedLdapUserSearch; -import org.springframework.security.providers.ldap.LdapAuthenticationProvider; -import org.springframework.security.providers.ldap.authenticator.BindAuthenticator; -import org.springframework.security.providers.ldap.authenticator.PasswordComparisonAuthenticator; import org.springframework.beans.factory.config.BeanDefinition; import org.springframework.beans.factory.config.RuntimeBeanReference; +import org.springframework.beans.factory.support.BeanDefinitionBuilder; import org.springframework.beans.factory.support.RootBeanDefinition; import org.springframework.beans.factory.xml.BeanDefinitionParser; import org.springframework.beans.factory.xml.ParserContext; @@ -30,12 +27,16 @@ public class LdapProviderBeanDefinitionParser implements BeanDefinitionParser { private static final String ATT_USER_PASSWORD = "password-attribute"; private static final String ATT_HASH = PasswordEncoderParser.ATT_HASH; - private static final String DEF_USER_SEARCH_FILTER="uid={0}"; + private static final String DEF_USER_SEARCH_FILTER = "uid={0}"; + + private static final String PROVIDER_CLASS = "org.springframework.security.providers.ldap.LdapAuthenticationProvider"; + private static final String BIND_AUTH_CLASS = "org.springframework.security.providers.ldap.authenticator.BindAuthenticator"; + private static final String PASSWD_AUTH_CLASS = "org.springframework.security.providers.ldap.authenticator.PasswordComparisonAuthenticator"; public BeanDefinition parse(Element elt, ParserContext parserContext) { RuntimeBeanReference contextSource = LdapUserServiceBeanDefinitionParser.parseServerReference(elt, parserContext); - RootBeanDefinition searchBean = LdapUserServiceBeanDefinitionParser.parseSearchBean(elt, parserContext); + BeanDefinition searchBean = LdapUserServiceBeanDefinitionParser.parseSearchBean(elt, parserContext); String userDnPattern = elt.getAttribute(ATT_USER_DN_PATTERN); String[] userDnPatternArray = new String[0]; @@ -45,22 +46,25 @@ public class LdapProviderBeanDefinitionParser implements BeanDefinitionParser { // TODO: Validate the pattern and make sure it is a valid DN. } else if (searchBean == null) { logger.info("No search information or DN pattern specified. Using default search filter '" + DEF_USER_SEARCH_FILTER + "'"); - searchBean = new RootBeanDefinition(FilterBasedLdapUserSearch.class); - searchBean.setSource(elt); - searchBean.getConstructorArgumentValues().addIndexedArgumentValue(0, ""); - searchBean.getConstructorArgumentValues().addIndexedArgumentValue(1, DEF_USER_SEARCH_FILTER); - searchBean.getConstructorArgumentValues().addIndexedArgumentValue(2, contextSource); + BeanDefinitionBuilder searchBeanBuilder = BeanDefinitionBuilder.rootBeanDefinition(LdapUserServiceBeanDefinitionParser.LDAP_SEARCH_CLASS); + searchBeanBuilder.setSource(elt); + searchBeanBuilder.addConstructorArg(""); + searchBeanBuilder.addConstructorArg(DEF_USER_SEARCH_FILTER); + searchBeanBuilder.addConstructorArg(contextSource); + searchBean = searchBeanBuilder.getBeanDefinition(); } - RootBeanDefinition authenticator = new RootBeanDefinition(BindAuthenticator.class); + BeanDefinitionBuilder authenticatorBuilder = + BeanDefinitionBuilder.rootBeanDefinition(BIND_AUTH_CLASS); Element passwordCompareElt = DomUtils.getChildElementByTagName(elt, Elements.LDAP_PASSWORD_COMPARE); if (passwordCompareElt != null) { - authenticator = new RootBeanDefinition(PasswordComparisonAuthenticator.class); + authenticatorBuilder = + BeanDefinitionBuilder.rootBeanDefinition(PASSWD_AUTH_CLASS); String passwordAttribute = passwordCompareElt.getAttribute(ATT_USER_PASSWORD); if (StringUtils.hasText(passwordAttribute)) { - authenticator.getPropertyValues().addPropertyValue("passwordAttributeName", passwordAttribute); + authenticatorBuilder.addPropertyValue("passwordAttributeName", passwordAttribute); } Element passwordEncoderElement = DomUtils.getChildElementByTagName(passwordCompareElt, Elements.PASSWORD_ENCODER); @@ -70,33 +74,34 @@ public class LdapProviderBeanDefinitionParser implements BeanDefinitionParser { if (StringUtils.hasText(hash)) { parserContext.getReaderContext().warning("Attribute 'hash' cannot be used with 'password-encoder' and " + "will be ignored.", parserContext.extractSource(elt)); - } + } PasswordEncoderParser pep = new PasswordEncoderParser(passwordEncoderElement, parserContext); - authenticator.getPropertyValues().addPropertyValue("passwordEncoder", pep.getPasswordEncoder()); + authenticatorBuilder.addPropertyValue("passwordEncoder", pep.getPasswordEncoder()); if (pep.getSaltSource() != null) { - parserContext.getReaderContext().warning("Salt source information isn't valid when used with LDAP", passwordEncoderElement); + parserContext.getReaderContext().warning("Salt source information isn't valid when used with LDAP", + passwordEncoderElement); } } else if (StringUtils.hasText(hash)) { Class encoderClass = (Class) PasswordEncoderParser.ENCODER_CLASSES.get(hash); - authenticator.getPropertyValues().addPropertyValue("passwordEncoder", new RootBeanDefinition(encoderClass)); + authenticatorBuilder.addPropertyValue("passwordEncoder", new RootBeanDefinition(encoderClass)); } - } + } - authenticator.getConstructorArgumentValues().addGenericArgumentValue(contextSource); - authenticator.getPropertyValues().addPropertyValue("userDnPatterns", userDnPatternArray); + authenticatorBuilder.addConstructorArg(contextSource); + authenticatorBuilder.addPropertyValue("userDnPatterns", userDnPatternArray); if (searchBean != null) { - authenticator.getPropertyValues().addPropertyValue("userSearch", searchBean); + authenticatorBuilder.addPropertyValue("userSearch", searchBean); } - RootBeanDefinition ldapProvider = new RootBeanDefinition(LdapAuthenticationProvider.class); - ldapProvider.getConstructorArgumentValues().addGenericArgumentValue(authenticator); - ldapProvider.getConstructorArgumentValues().addGenericArgumentValue(LdapUserServiceBeanDefinitionParser.parseAuthoritiesPopulator(elt, parserContext)); - ldapProvider.getPropertyValues().addPropertyValue("userDetailsContextMapper", + BeanDefinitionBuilder ldapProvider = BeanDefinitionBuilder.rootBeanDefinition(PROVIDER_CLASS); + ldapProvider.addConstructorArg(authenticatorBuilder.getBeanDefinition()); + ldapProvider.addConstructorArg(LdapUserServiceBeanDefinitionParser.parseAuthoritiesPopulator(elt, parserContext)); + ldapProvider.addPropertyValue("userDetailsContextMapper", LdapUserServiceBeanDefinitionParser.parseUserDetailsClass(elt, parserContext)); - ConfigUtils.getRegisteredProviders(parserContext).add(ldapProvider); + ConfigUtils.getRegisteredProviders(parserContext).add(ldapProvider.getBeanDefinition()); return null; } diff --git a/core/src/main/java/org/springframework/security/config/LdapUserServiceBeanDefinitionParser.java b/core/src/main/java/org/springframework/security/config/LdapUserServiceBeanDefinitionParser.java index cc07f5a465..5781c4af35 100644 --- a/core/src/main/java/org/springframework/security/config/LdapUserServiceBeanDefinitionParser.java +++ b/core/src/main/java/org/springframework/security/config/LdapUserServiceBeanDefinitionParser.java @@ -1,11 +1,5 @@ package org.springframework.security.config; -import org.springframework.security.userdetails.ldap.InetOrgPersonContextMapper; -import org.springframework.security.userdetails.ldap.LdapUserDetailsMapper; -import org.springframework.security.userdetails.ldap.LdapUserDetailsService; -import org.springframework.security.userdetails.ldap.PersonContextMapper; -import org.springframework.security.ldap.search.FilterBasedLdapUserSearch; -import org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator; import org.springframework.beans.factory.xml.ParserContext; import org.springframework.beans.factory.support.BeanDefinitionBuilder; import org.springframework.beans.factory.support.RootBeanDefinition; @@ -35,9 +29,15 @@ public class LdapUserServiceBeanDefinitionParser extends AbstractUserDetailsServ static final String ATT_USER_CLASS = "user-details-class"; static final String OPT_PERSON = "person"; static final String OPT_INETORGPERSON = "inetOrgPerson"; + + public static final String LDAP_SEARCH_CLASS = "org.springframework.security.ldap.search.FilterBasedLdapUserSearch"; + public static final String PERSON_MAPPER_CLASS = "org.springframework.security.userdetails.ldap.PersonContextMapper"; + public static final String INET_ORG_PERSON_MAPPER_CLASS = "org.springframework.security.userdetails.ldap.InetOrgPersonContextMapper"; + public static final String LDAP_USER_MAPPER_CLASS = "org.springframework.security.userdetails.ldap.LdapUserDetailsMapper"; + public static final String LDAP_AUTHORITIES_POPULATOR_CLASS = "org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator"; - protected Class getBeanClass(Element element) { - return LdapUserDetailsService.class; + protected String getBeanClassName(Element element) { + return "org.springframework.security.userdetails.ldap.LdapUserDetailsService"; } protected void doParse(Element elt, ParserContext parserContext, BeanDefinitionBuilder builder) { @@ -68,7 +68,7 @@ public class LdapUserServiceBeanDefinitionParser extends AbstractUserDetailsServ return null; } - BeanDefinitionBuilder searchBuilder = BeanDefinitionBuilder.rootBeanDefinition(FilterBasedLdapUserSearch.class); + BeanDefinitionBuilder searchBuilder = BeanDefinitionBuilder.rootBeanDefinition(LDAP_SEARCH_CLASS); searchBuilder.setSource(source); searchBuilder.addConstructorArg(userSearchBase); searchBuilder.addConstructorArg(userSearchFilter); @@ -96,12 +96,12 @@ public class LdapUserServiceBeanDefinitionParser extends AbstractUserDetailsServ static RootBeanDefinition parseUserDetailsClass(Element elt, ParserContext parserContext) { String userDetailsClass = elt.getAttribute(ATT_USER_CLASS); - if(OPT_PERSON.equals(userDetailsClass)) { - return new RootBeanDefinition(PersonContextMapper.class); + if (OPT_PERSON.equals(userDetailsClass)) { + return new RootBeanDefinition(PERSON_MAPPER_CLASS, null, null); } else if (OPT_INETORGPERSON.equals(userDetailsClass)) { - return new RootBeanDefinition(InetOrgPersonContextMapper.class); + return new RootBeanDefinition(INET_ORG_PERSON_MAPPER_CLASS, null, null); } - return new RootBeanDefinition(LdapUserDetailsMapper.class); + return new RootBeanDefinition(LDAP_USER_MAPPER_CLASS, null, null); } static RootBeanDefinition parseAuthoritiesPopulator(Element elt, ParserContext parserContext) { @@ -118,7 +118,7 @@ public class LdapUserServiceBeanDefinitionParser extends AbstractUserDetailsServ groupSearchBase = DEF_GROUP_SEARCH_BASE; } - BeanDefinitionBuilder populator = BeanDefinitionBuilder.rootBeanDefinition(DefaultLdapAuthoritiesPopulator.class); + BeanDefinitionBuilder populator = BeanDefinitionBuilder.rootBeanDefinition(LDAP_AUTHORITIES_POPULATOR_CLASS); populator.setSource(parserContext.extractSource(elt)); populator.addConstructorArg(parseServerReference(elt, parserContext)); populator.addConstructorArg(groupSearchBase); @@ -129,7 +129,7 @@ public class LdapUserServiceBeanDefinitionParser extends AbstractUserDetailsServ rolePrefix = ""; } populator.addPropertyValue("rolePrefix", rolePrefix); - } + } if (StringUtils.hasLength(groupRoleAttribute)) { populator.addPropertyValue("groupRoleAttribute", groupRoleAttribute); diff --git a/core/src/main/java/org/springframework/security/config/UserServiceBeanDefinitionParser.java b/core/src/main/java/org/springframework/security/config/UserServiceBeanDefinitionParser.java index 743489a1b1..46d51bc77a 100644 --- a/core/src/main/java/org/springframework/security/config/UserServiceBeanDefinitionParser.java +++ b/core/src/main/java/org/springframework/security/config/UserServiceBeanDefinitionParser.java @@ -6,7 +6,6 @@ import org.springframework.beans.factory.support.BeanDefinitionBuilder; import org.springframework.beans.factory.support.RootBeanDefinition; import org.springframework.beans.factory.xml.ParserContext; import org.springframework.beans.factory.BeanDefinitionStoreException; -import org.springframework.security.userdetails.memory.InMemoryDaoImpl; import org.springframework.security.userdetails.memory.UserMap; import org.springframework.security.userdetails.User; import org.springframework.security.util.AuthorityUtils; @@ -33,8 +32,8 @@ public class UserServiceBeanDefinitionParser extends AbstractUserDetailsServiceB static final String ATT_DISABLED = "disabled"; static final String ATT_LOCKED = "locked"; - protected Class getBeanClass(Element element) { - return InMemoryDaoImpl.class; + protected String getBeanClassName(Element element) { + return "org.springframework.security.userdetails.memory.InMemoryDaoImpl"; } protected void doParse(Element element, ParserContext parserContext, BeanDefinitionBuilder builder) {