Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-07-06 10:42:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-1131: Applied patch for portlet upgrade

Browse Source
This commit is contained in:
Luke Taylor 2009-04-12 05:52:20 +00:00
parent 365ae3936e
commit 7c4d54f356
12 changed files with 1006 additions and 952 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
core/src/main/java/org/springframework/security/authoritymapping/SimpleMappableAttributesRetriever.java
View File

@ -1,6 +1,5 @@
package org.springframework.security.authoritymapping;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
@ -25,9 +24,10 @@ public class SimpleMappableAttributesRetriever implements MappableAttributesRetr
return mappableAttributes;
}
public void setMappableAttributes(String[] aMappableRoles) {
mappableAttributes = new HashSet<String>(aMappableRoles.length);
mappableAttributes.addAll(Arrays.asList(aMappableRoles));
@SuppressWarnings("unchecked")
public void setMappableAttributes(Set aMappableRoles) {
mappableAttributes = new HashSet<String>();
mappableAttributes.addAll(aMappableRoles);
mappableAttributes = Collections.unmodifiableSet(mappableAttributes);
}

9
core/src/test/java/org/springframework/security/authoritymapping/SimpleMappableRolesRetrieverTests.java
View File

@ -3,8 +3,10 @@ package org.springframework.security.authoritymapping;
import java.util.Arrays;
import java.util.Collection;
import java.util.Set;
import java.util.HashSet;
import junit.framework.TestCase;
import org.springframework.util.StringUtils;
/**
*
@ -14,13 +16,12 @@ import junit.framework.TestCase;
public class SimpleMappableRolesRetrieverTests extends TestCase {
public final void testGetSetMappableRoles() {
String[] roles = new String[] { "Role1", "Role2" };
Set<String> roles = StringUtils.commaDelimitedListToSet("Role1,Role2");
SimpleMappableAttributesRetriever r = new SimpleMappableAttributesRetriever();
r.setMappableAttributes(roles);
Set<String> result = r.getMappableAttributes();
Collection<String> rolesColl = Arrays.asList(roles);
assertTrue("Role collections do not match; result: " + result + ", expected: " + rolesColl, rolesColl.containsAll(result)
&& result.containsAll(rolesColl));
assertTrue("Role collections do not match; result: " + result + ", expected: " + roles, roles.containsAll(result)
&& result.containsAll(roles));
}
}

2
pom.xml
View File

@ -19,7 +19,7 @@
<module>samples</module>
<module>taglibs</module>
<module>itest</module>
<!-- module>portlet</module -->
<module>portlet</module>
</modules>
<description>Spring Security</description>

8
portlet/pom.xml
View File

@ -12,7 +12,7 @@
<dependencies>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<artifactId>spring-security-web</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
@ -22,13 +22,13 @@
<dependency>
<groupId>javax.portlet</groupId>
<artifactId>portlet-api</artifactId>
<version>1.0</version>
<version>2.0</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-portlet</artifactId>
<version>2.0.8</version>
<artifactId>org.springframework.web.portlet</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>

53
portlet/src/main/java/org/springframework/security/context/PortletSessionContextIntegrationInterceptor.java
View File

@ -18,14 +18,7 @@ package org.springframework.security.context;
import java.lang.reflect.Method;
import javax.portlet.ActionRequest;
import javax.portlet.ActionResponse;
import javax.portlet.PortletException;
import javax.portlet.PortletRequest;
import javax.portlet.PortletResponse;
import javax.portlet.PortletSession;
import javax.portlet.RenderRequest;
import javax.portlet.RenderResponse;
import javax.portlet.*;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@ -34,6 +27,8 @@ import org.springframework.util.Assert;
import org.springframework.util.ReflectionUtils;
import org.springframework.web.portlet.HandlerInterceptor;
import org.springframework.web.portlet.ModelAndView;
import org.springframework.security.web.context.SecurityContextPersistenceFilter;
import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
/**
* <p>This interceptor populates the {@link SecurityContextHolder} with information obtained from the
@ -75,10 +70,10 @@ import org.springframework.web.portlet.ModelAndView;
* sharing it with all the other portlets in your webapp (which is generally a good idea). It also means that (if
* you have done all the other appropriate magic), you will share this <code>SecurityContext</code> with servlets in
* your webapp. This is very useful if you have servlets serving images or processing AJAX calls from your portlets
* since they can now use the {@link HttpSessionContextIntegrationFilter} to access the same <code>SecurityContext<code>
* since they can now use the {@link SecurityContextPersistenceFilter} to access the same <code>SecurityContext<code>
* object from the session. This allows these calls to be secured as well as the portlet calls.</p>
*
* Much of the logic of this interceptor comes from the {@link HttpSessionContextIntegrationFilter} class which
* Much of the logic of this interceptor comes from the {@link SecurityContextPersistenceFilter} class which
* fills the same purpose on the servlet side. Ben Alex and Patrick Burlson are listed as authors here because they
* are the authors of that class and there are blocks of code that essentially identical between the two. (Making this
* a good candidate for refactoring someday.)
@ -101,7 +96,7 @@ public class PortletSessionContextIntegrationInterceptor
protected static final Log logger = LogFactory.getLog(PortletSessionContextIntegrationInterceptor.class);
public static final String SPRING_SECURITY_CONTEXT_KEY = HttpSessionContextIntegrationFilter.SPRING_SECURITY_CONTEXT_KEY;
public static final String SPRING_SECURITY_CONTEXT_KEY = HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY;
private static final String SESSION_EXISTED = PortletSessionContextIntegrationInterceptor.class.getName() + ".SESSION_EXISTED";
private static final String CONTEXT_HASHCODE = PortletSessionContextIntegrationInterceptor.class.getName() + ".CONTEXT_HASHCODE";
@ -219,6 +214,42 @@ public class PortletSessionContextIntegrationInterceptor
afterCompletion(request, response, handler, ex);
}
/**
* {@inheritDoc}
*/
public boolean preHandleResource(ResourceRequest request, ResourceResponse response, Object handler) throws Exception {
return preHandle(request, response, handler);
}
/**
* {@inheritDoc}
*/
public void postHandleResource(ResourceRequest request, ResourceResponse response, Object handler, ModelAndView modelAndView) throws Exception {
// no-op
}
/**
* {@inheritDoc}
*/
public void afterResourceCompletion(ResourceRequest request, ResourceResponse response, Object handler, Exception ex) throws Exception {
// call to common afterCompletion method
afterCompletion(request, response, handler, ex);
}
/**
* {@inheritDoc}
*/
public boolean preHandleEvent(EventRequest request, EventResponse response, Object handler) throws Exception {
return preHandle(request, response, handler);
}
/**
* {@inheritDoc}
*/
public void afterEventCompletion(EventRequest request, EventResponse response, Object handler, Exception ex) throws Exception {
// call to common afterCompletion method
afterCompletion(request, response, handler, ex);
}
private boolean preHandle(PortletRequest request, PortletResponse response,
Object handler) throws Exception {

2
portlet/src/main/java/org/springframework/security/ui/portlet/PortletPreAuthenticatedAuthenticationDetailsSource.java
View File

@ -6,7 +6,7 @@ import java.util.Set;
import javax.portlet.PortletRequest;
import org.springframework.security.ui.preauth.j2ee.AbstractPreAuthenticatedAuthenticationDetailsSource;
import org.springframework.security.web.authentication.preauth.j2ee.AbstractPreAuthenticatedAuthenticationDetailsSource;
public class PortletPreAuthenticatedAuthenticationDetailsSource extends AbstractPreAuthenticatedAuthenticationDetailsSource {

50
portlet/src/main/java/org/springframework/security/ui/portlet/PortletProcessingInterceptor.java
View File

@ -22,23 +22,18 @@ import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.portlet.ActionRequest;
import javax.portlet.ActionResponse;
import javax.portlet.PortletRequest;
import javax.portlet.PortletResponse;
import javax.portlet.PortletSession;
import javax.portlet.RenderRequest;
import javax.portlet.RenderResponse;
import javax.portlet.*;
import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationDetailsSource;
import org.springframework.security.AuthenticationDetailsSourceImpl;
import org.springframework.security.AuthenticationException;
import org.springframework.security.AuthenticationManager;
import org.springframework.security.web.authentication.AbstractProcessingFilter;
import org.springframework.security.context.SecurityContext;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationToken;
import org.springframework.security.ui.AbstractProcessingFilter;
import org.springframework.security.web.authentication.AbstractProcessingFilter;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
@ -69,14 +64,10 @@ import org.springframework.web.portlet.ModelAndView;
*
* <p>This interceptor will put the <code>PortletRequest</code> object into the
* <code>details<code> property of the <code>Authentication</code> object that is sent
* as a request to the <code>AuthenticationManager</code>. This is done so that the request
* is available to classes like {@link ContainerPortletAuthoritiesPopulator} that need
* access to information from the portlet container. The {@link PortletAuthenticationProvider}
* will replace this with the <code>USER_INFO</code> map in the resulting <code>Authentication</code>
* object.</p>
* as a request to the <code>AuthenticationManager</code>.
*
* @see org.springframework.security.ui.AbstractProcessingFilter
* @see org.springframework.security.ui.webapp.AuthenticationProcessingFilter
* @see org.springframework.security.web.authentication.AbstractProcessingFilter
* @see org.springframework.security.web.authentication.AuthenticationProcessingFilter
* @author John A. Lewis
* @since 2.0
* @version $Id$
@ -130,6 +121,35 @@ public class PortletProcessingInterceptor implements HandlerInterceptor, Initial
Object handler, Exception ex) throws Exception {
}
/**
* {@inheritDoc}
*/
public boolean preHandleResource(ResourceRequest request, ResourceResponse response, Object handler) throws Exception {
return preHandle(request, response, handler);
}
/**
* {@inheritDoc}
*/
public void postHandleResource(ResourceRequest request, ResourceResponse response, Object handler, ModelAndView modelAndView) throws Exception {
}
public void afterResourceCompletion(ResourceRequest request, ResourceResponse response, Object handler, Exception ex) throws Exception {
}
/**
* {@inheritDoc}
*/
public boolean preHandleEvent(EventRequest request, EventResponse response, Object handler) throws Exception {
return preHandle(request, response, handler);
}
/**
* {@inheritDoc}
*/
public void afterEventCompletion(EventRequest request, EventResponse response, Object handler, Exception ex) throws Exception {
}
/**
* Common preHandle method for both the action and render phases of the interceptor.
*/

1
portlet/src/test/java/org/springframework/security/ui/portlet/PortletProcessingInterceptorTests.java
View File

@ -34,6 +34,7 @@ import org.springframework.mock.web.portlet.MockRenderResponse;
import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationManager;
import org.springframework.security.BadCredentialsException;
import org.springframework.security.web.authentication.AbstractProcessingFilter;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.providers.TestingAuthenticationToken;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;

2
samples/pom.xml
View File

@ -16,7 +16,7 @@
<module>preauth</module>
<module>openid</module>
<module>ldap</module>
<!-- module>portlet</module -->
<module>portlet</module>
<module>cas</module>
</modules>
<dependencies>

4
samples/portlet/src/main/java/org/springframework/web/portlet/sample/SecurityContextPortlet.java
View File

@ -11,11 +11,11 @@ import javax.portlet.RenderRequest;
import javax.portlet.RenderResponse;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.ui.AbstractProcessingFilter;
import org.springframework.security.web.authentication.AbstractProcessingFilter;
/**
* A simple portlet which prints out the contents of the current {@link SecurityContext}
* A simple portlet which prints out the contents of the current {@link org.springframework.security.context.SecurityContext}
*
* @author Luke Taylor
*/

4
samples/portlet/src/main/resources/portlet/securityContextPortlet.xml
View File

@ -38,7 +38,7 @@
<property name="mappableRolesRetriever">
<bean class="org.springframework.security.authoritymapping.SimpleMappableAttributesRetriever">
<property name="mappableAttributes">
<list>
<set>
<value>tomcat</value>
<value>admin</value>
<value>manager</value>
@ -47,7 +47,7 @@
<value>Guest</value>
<value>User</value>
<value>Power User</value>
</list>
</set>
</property>
</bean>
</property>

3
web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests.java
View File

@ -19,6 +19,7 @@ import org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPre
import org.springframework.security.GrantedAuthority;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.util.StringUtils;
/**
*
@ -123,7 +124,7 @@ public class J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests extend
private MappableAttributesRetriever getMappableRolesRetriever(String[] mappedRoles) {
SimpleMappableAttributesRetriever result = new SimpleMappableAttributesRetriever();
result.setMappableAttributes(mappedRoles);
result.setMappableAttributes(new HashSet<String>(Arrays.asList(mappedRoles)));
return result;
}