Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-05-31 09:12:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-576: Tidied up code, added preauth sample demo app.

Browse Source
This commit is contained in:
Luke Taylor 2008-01-23 20:02:11 +00:00
parent a9ff309b02
commit 837ecd85ec
27 changed files with 984 additions and 578 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
core/src/main/java/org/springframework/security/providers/preauth/PreAuthenticatedAuthenticationProvider.java
View File

@ -16,17 +16,18 @@ import org.springframework.util.Assert;
* Processes a pre-authenticated authentication request. The request will
* typically originate from a {@link org.springframework.security.ui.preauth.AbstractPreAuthenticatedProcessingFilter}
* subclass.
* </p>
*
* <p>
* This authentication provider will not perform any checks on authentication
* requests, as they should already be pre- authenticated. However, the
* PreAuthenticatedUserDetailsService implementation may still throw for exampe
* a UsernameNotFoundException.
* </p>
*
* @author Ruud Senden
* @since 2.0
*/
public class PreAuthenticatedAuthenticationProvider implements AuthenticationProvider, InitializingBean, Ordered {
private static final Log LOG = LogFactory.getLog(PreAuthenticatedAuthenticationProvider.class);
private static final Log logger = LogFactory.getLog(PreAuthenticatedAuthenticationProvider.class);
private PreAuthenticatedUserDetailsService preAuthenticatedUserDetailsService = null;
@ -47,14 +48,16 @@ public class PreAuthenticatedAuthenticationProvider implements AuthenticationPro
return null;
}
if (LOG.isDebugEnabled()) {
LOG.debug("PreAuthenticated authentication request: " + authentication);
if (logger.isDebugEnabled()) {
logger.debug("PreAuthenticated authentication request: " + authentication);
}
UserDetails ud = preAuthenticatedUserDetailsService.getUserDetails((PreAuthenticatedAuthenticationToken) authentication);
if (ud == null) {
return null;
}
PreAuthenticatedAuthenticationToken result =
new PreAuthenticatedAuthenticationToken(ud, authentication.getCredentials(), ud.getAuthorities());
result.setDetails(authentication.getDetails());

5
core/src/main/java/org/springframework/security/providers/preauth/PreAuthenticatedAuthenticationToken.java
View File

@ -7,10 +7,11 @@ import org.springframework.security.GrantedAuthority;
/**
* {@link org.springframework.security.Authentication} implementation for pre-authenticated
* authentication.
*
* @author Ruud Senden
* @since 2.0
*/
public class PreAuthenticatedAuthenticationToken extends AbstractAuthenticationToken {
private static final long serialVersionUID = 1L;
private Object principal;
private Object credentials;

5
core/src/main/java/org/springframework/security/providers/preauth/PreAuthenticatedGrantedAuthoritiesRetriever.java
View File

@ -6,10 +6,13 @@ import org.springframework.security.GrantedAuthority;
/**
* Interface that allows for retrieval of a list of pre-authenticated Granted
* Authorities.
*
* @author Ruud Senden
* @since 2.0
*/
public interface PreAuthenticatedGrantedAuthoritiesRetriever {
/**
* @return GrantedAuthority[] List of pre-authenticated GrantedAuthorities
*/
public GrantedAuthority[] getPreAuthenticatedGrantedAuthorities();
GrantedAuthority[] getPreAuthenticatedGrantedAuthorities();
}

5
core/src/main/java/org/springframework/security/providers/preauth/PreAuthenticatedGrantedAuthoritiesSetter.java
View File

@ -8,11 +8,14 @@ import org.springframework.security.GrantedAuthority;
* actually being used by the PreAuthenticatedAuthenticationProvider or one of
* its related classes, but may be useful for classes that also implement
* PreAuthenticatedGrantedAuthoritiesRetriever.
*
* @author Ruud Senden
* @since 2.0
*/
public interface PreAuthenticatedGrantedAuthoritiesSetter {
/**
* @param aPreAuthenticatedGrantedAuthorities
* The pre-authenticated GrantedAuthority[] to set
*/
public void setPreAuthenticatedGrantedAuthorities(GrantedAuthority[] aPreAuthenticatedGrantedAuthorities);
void setPreAuthenticatedGrantedAuthorities(GrantedAuthority[] aPreAuthenticatedGrantedAuthorities);
}

5
core/src/main/java/org/springframework/security/providers/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsService.java
View File

@ -17,14 +17,15 @@ import org.springframework.util.Assert;
* PreAuthenticatedAuthenticationProvider anyway), and the Granted Authorities
* are retrieved from the details object as returned by
* PreAuthenticatedAuthenticationToken.getDetails().
* </p>
*
* <p>
* The details object as returned by
* PreAuthenticatedAuthenticationToken.getDetails() must implement the
* PreAuthenticatedGrantedAuthoritiesRetriever interface for this implementation
* to work.
* </p>
*
* @author Ruud Senden
* @since 2.0
*/
public class PreAuthenticatedGrantedAuthoritiesUserDetailsService implements PreAuthenticatedUserDetailsService {
/**

5
core/src/main/java/org/springframework/security/providers/preauth/PreAuthenticatedUserDetailsService.java
View File

@ -7,6 +7,9 @@ import org.springframework.security.userdetails.UserDetails;
/**
* Interface that allows for retrieving a UserDetails object based on a
* PreAuthenticatedAuthenticationToken object.
*
* @author Ruud Senden
* @since 2.0
*/
public interface PreAuthenticatedUserDetailsService {
@ -19,6 +22,6 @@ public interface PreAuthenticatedUserDetailsService {
* if no user details can be found for the given authentication
* token
*/
public UserDetails getUserDetails(PreAuthenticatedAuthenticationToken aPreAuthenticatedAuthenticationToken)
UserDetails getUserDetails(PreAuthenticatedAuthenticationToken aPreAuthenticatedAuthenticationToken)
throws UsernameNotFoundException;
}

5
core/src/main/java/org/springframework/security/providers/preauth/UserDetailsByNameServiceWrapper.java
View File

@ -9,8 +9,11 @@ import org.springframework.util.Assert;
/**
* This implementation for PreAuthenticatedUserDetailsService wraps a regular
* Acegi UserDetailsService implementation, to retrieve a UserDetails object
* Spring Security UserDetailsService implementation, to retrieve a UserDetails object
* based on the user name contained in a PreAuthenticatedAuthenticationToken.
*
* @author Ruud Senden
* @since 2.0
*/
public class UserDetailsByNameServiceWrapper implements PreAuthenticatedUserDetailsService, InitializingBean {
private UserDetailsService userDetailsService = null;

7
core/src/main/java/org/springframework/security/rolemapping/MappableRolesRetriever.java
View File

@ -4,13 +4,16 @@ package org.springframework.security.rolemapping;
* Interface to be implemented by classes that can retrieve a list of mappable
* roles (for example the list of all available J2EE roles in a web or EJB
* application).
*
* @author Ruud Senden
* @since 2.0
*/
public interface MappableRolesRetriever {
/**
* Implementations of this method should return a list of all mappable
* roles.
*
* @return String[] containg list of all mappable roles
* @return list of all mappable roles
*/
public String[] getMappableRoles();
String[] getMappableRoles();
}

8
core/src/main/java/org/springframework/security/rolemapping/Roles2GrantedAuthoritiesMapper.java
View File

@ -5,6 +5,9 @@ import org.springframework.security.GrantedAuthority;
/**
* Interface to be implemented by classes that can map a list of roles to a list
* of Acegi GrantedAuthorities.
*
* @author Ruud Senden
* @since 2.0
*/
public interface Roles2GrantedAuthoritiesMapper {
/**
@ -14,9 +17,8 @@ public interface Roles2GrantedAuthoritiesMapper {
* GrantedAuthorities, all roles can be mapped to a single Acegi
* GrantedAuthority, some roles may not be mapped, etc.
*
* @param String[]
* containing list of roles
* @return GrantedAuthority[] containing list of mapped GrantedAuthorities
* @param roles the roles to be mapped
* @return the list of mapped GrantedAuthorities
*/
public GrantedAuthority[] getGrantedAuthorities(String[] roles);
}

3
core/src/main/java/org/springframework/security/rolemapping/SimpleMappableRolesRetriever.java
View File

@ -6,6 +6,9 @@ import org.springframework.util.Assert;
* This class implements the MappableRolesRetriever interface by just returning
* a list of mappable roles as previously set using the corresponding setter
* method.
*
* @author Ruud Senden
* @since 2.0
*/
public class SimpleMappableRolesRetriever implements MappableRolesRetriever {
private String[] mappableRoles = null;

6
core/src/main/java/org/springframework/security/rolemapping/SimpleRoles2GrantedAuthoritiesMapper.java
View File

@ -14,12 +14,12 @@ import org.springframework.util.Assert;
* one-on-one mapping from roles to Acegi GrantedAuthorities. Optionally a
* prefix can be added, and the role name can be converted to upper or lower
* case.
* </p>
*
* <p>
* By default, the role is prefixed with "ROLE_" unless it already starts with
* "ROLE_", and no case conversion is done.
* </p>
*
* @author Ruud Senden
* @since 2.0
*/
public class SimpleRoles2GrantedAuthoritiesMapper implements Roles2GrantedAuthoritiesMapper, InitializingBean {
private String rolePrefix = "ROLE_";

6
core/src/main/java/org/springframework/security/rolemapping/XmlMappableRolesRetriever.java
View File

@ -28,12 +28,15 @@ import org.xml.sax.SAXException;
/**
* This implementation for the MappableRolesRetriever interface retrieves the
* list of mappable roles from an XML file.
*
* <p>
* This class is defined as abstract because it is too generic to be used
* directly. As this class is usually used to read very specific XML files (e.g.
* web.xml, ejb-jar.xml), subclasses should usually define the actual
* XPath-expression to use, and define a more specifically named setter for the
* XML InputStream (e.g. setWebXmlInputStream).
*
* @author Ruud Senden
* @since 2.0
*/
public abstract class XmlMappableRolesRetriever implements MappableRolesRetriever, InitializingBean {
private static final Log LOG = LogFactory.getLog(XmlMappableRolesRetriever.class);
@ -84,7 +87,6 @@ public abstract class XmlMappableRolesRetriever implements MappableRolesRetrieve
}
}
}
}
/**

19
core/src/main/java/org/springframework/security/ui/preauth/AbstractPreAuthenticatedProcessingFilter.java
View File

@ -29,13 +29,14 @@ import org.springframework.util.Assert;
* Base class for processing filters that handle pre-authenticated authentication requests. Subclasses must implement
* the getPreAuthenticatedPrincipal() and getPreAuthenticatedCredentials() methods.
*
* @author Luke Taylor
* @author Ruud Senden
* @since 2.0
*/
public abstract class AbstractPreAuthenticatedProcessingFilter extends SpringSecurityFilter implements
InitializingBean, ApplicationEventPublisherAware {
private static final Log LOG = LogFactory.getLog(AbstractPreAuthenticatedProcessingFilter.class);
protected final Log logger = LogFactory.getLog(getClass());
private ApplicationEventPublisher eventPublisher = null;
@ -54,8 +55,8 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends SpringSec
* Try to authenticate a pre-authenticated user with Spring Security if the user has not yet been authenticated.
*/
public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException {
if (LOG.isDebugEnabled()) {
LOG.debug("Checking secure context token: " + SecurityContextHolder.getContext().getAuthentication());
if (logger.isDebugEnabled()) {
logger.debug("Checking secure context token: " + SecurityContextHolder.getContext().getAuthentication());
}
if (SecurityContextHolder.getContext().getAuthentication() == null) {
@ -73,8 +74,8 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends SpringSec
Object principal = getPreAuthenticatedPrincipal(httpRequest);
Object credentials = getPreAuthenticatedCredentials(httpRequest);
if (LOG.isDebugEnabled()) {
LOG.debug("AbstractPreAuthenticatedProcessingFilter: preAuthenticatedPrincipal=" + principal + ", trying to authenticate");
if (logger.isDebugEnabled()) {
logger.debug("AbstractPreAuthenticatedProcessingFilter: preAuthenticatedPrincipal=" + principal + ", trying to authenticate");
}
try {
@ -92,8 +93,8 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends SpringSec
* authentication manager into the secure context.
*/
protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, Authentication authResult) {
if (LOG.isDebugEnabled()) {
LOG.debug("Authentication success: " + authResult);
if (logger.isDebugEnabled()) {
logger.debug("Authentication success: " + authResult);
}
SecurityContextHolder.getContext().setAuthentication(authResult);
// Fire event
@ -109,8 +110,8 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends SpringSec
protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed) {
SecurityContextHolder.clearContext();
if (LOG.isDebugEnabled()) {
LOG.debug("Cleared security context due to exception", failed);
if (logger.isDebugEnabled()) {
logger.debug("Cleared security context due to exception", failed);
}
request.getSession().setAttribute(AbstractProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY, failed);
}

3
core/src/main/java/org/springframework/security/ui/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails.java
View File

@ -13,6 +13,9 @@ import org.springframework.util.Assert;
/**
* This WebAuthenticationDetails implementation allows for storing a list of
* pre-authenticated Granted Authorities.
*
* @author Ruud Senden
* @since 2.0
*/
public class PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails extends WebAuthenticationDetails implements
PreAuthenticatedGrantedAuthoritiesRetriever, PreAuthenticatedGrantedAuthoritiesSetter {

16
core/src/main/java/org/springframework/security/ui/preauth/PreAuthenticatedProcesingFilterEntryPoint.java → core/src/main/java/org/springframework/security/ui/preauth/PreAuthenticatedProcessingFilterEntryPoint.java
View File

@ -20,26 +20,26 @@ import org.springframework.core.Ordered;
* user will already have been identified through some external mechanism and a
* secure context established by the time the security-enforcement filter is
* invoked.
* </p>
* <p>
* Therefore this class isn't actually responsible for the commencement of
* authentication, as it is in the case of other providers. It will be called if
* the user is rejected by the AbstractPreAuthenticatedProcessingFilter,
* resulting in a null authentication.
* </p>
* <p>
* The <code>commence</code> method will always return an
* <code>HttpServletResponse.SC_FORBIDDEN</code> (403 error).
* </p>
* <p>
* This code is based on
* {@link org.springframework.security.ui.x509.X509ProcessingFilterEntryPoint}.
* </p>
*
* @see org.springframework.security.ui.ExceptionTranslationFilter
*
* @author Luke Taylor
* @author Ruud Senden
* @since 2.0
*/
public class PreAuthenticatedProcesingFilterEntryPoint implements AuthenticationEntryPoint, Ordered {
private static final Log LOG = LogFactory.getLog(PreAuthenticatedProcesingFilterEntryPoint.class);
public class PreAuthenticatedProcessingFilterEntryPoint implements AuthenticationEntryPoint, Ordered {
private static final Log logger = LogFactory.getLog(PreAuthenticatedProcessingFilterEntryPoint.class);
private int order = Integer.MAX_VALUE;
@ -48,8 +48,8 @@ public class PreAuthenticatedProcesingFilterEntryPoint implements Authentication
*/
public void commence(ServletRequest request, ServletResponse response, AuthenticationException arg2) throws IOException,
ServletException {
if (LOG.isDebugEnabled()) {
LOG.debug("J2EE entry point called. Rejecting access");
if (logger.isDebugEnabled()) {
logger.debug("Pre-authenticated entry point called. Rejecting access");
}
HttpServletResponse httpResponse = (HttpServletResponse) response;
httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN, "Access Denied");

6
core/src/main/java/org/springframework/security/ui/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.java
View File

@ -18,7 +18,7 @@ import org.springframework.beans.factory.InitializingBean;
import org.springframework.util.Assert;
public class J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource extends AuthenticationDetailsSourceImpl implements InitializingBean {
private static final Log LOG = LogFactory.getLog(J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.class);
private static final Log logger = LogFactory.getLog(J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.class);
private String[] j2eeMappableRoles;
@ -75,8 +75,8 @@ public class J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource extends Aut
String[] j2eeUserRoles = new String[j2eeUserRolesList.size()];
j2eeUserRoles = (String[]) j2eeUserRolesList.toArray(j2eeUserRoles);
GrantedAuthority[] userGas = j2eeUserRoles2GrantedAuthoritiesMapper.getGrantedAuthorities(j2eeUserRoles);
if (LOG.isDebugEnabled()) {
LOG.debug("J2EE user roles [" + StringUtils.join(j2eeUserRoles) + "] mapped to Granted Authorities: ["
if (logger.isDebugEnabled()) {
logger.debug("J2EE user roles [" + StringUtils.join(j2eeUserRoles) + "] mapped to Granted Authorities: ["
+ StringUtils.join(userGas) + "]");
}
return userGas;

11
core/src/main/java/org/springframework/security/ui/preauth/j2ee/J2eePreAuthenticatedProcessingFilter.java
View File

@ -3,24 +3,23 @@ package org.springframework.security.ui.preauth.j2ee;
import javax.servlet.http.HttpServletRequest;
import org.springframework.security.ui.preauth.AbstractPreAuthenticatedProcessingFilter;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
/**
* This AbstractPreAuthenticatedProcessingFilter implementation is based on the
* J2EE container-based authentication mechanism. It will use the J2EE user
* principal name as the pre-authenticated principal.
*
* @author Ruud Senden
* @since 2.0
*/
public class J2eePreAuthenticatedProcessingFilter extends AbstractPreAuthenticatedProcessingFilter {
private static final Log LOG = LogFactory.getLog(J2eePreAuthenticatedProcessingFilter.class);
/**
* Return the J2EE user name.
*/
protected Object getPreAuthenticatedPrincipal(HttpServletRequest httpRequest) {
Object principal = httpRequest.getUserPrincipal() == null ? null : httpRequest.getUserPrincipal().getName();
if (LOG.isDebugEnabled()) {
LOG.debug("PreAuthenticated J2EE principal: " + principal);
if (logger.isDebugEnabled()) {
logger.debug("PreAuthenticated J2EE principal: " + principal);
}
return principal;
}

6
core/src/main/java/org/springframework/security/ui/preauth/j2ee/WebXmlMappableRolesRetriever.java
View File

@ -9,8 +9,6 @@ import org.springframework.security.rolemapping.XmlMappableRolesRetriever;
* This MappableRolesRetriever implementation reads the list of defined J2EE
* roles from a web.xml file. It's functionality is based on the
* XmlMappableRolesRetriever base class.
* </p>
*
* <p>
* Example on how to configure this MappableRolesRetriever in the Spring
* configuration file:
@ -27,10 +25,10 @@ import org.springframework.security.rolemapping.XmlMappableRolesRetriever;
* &lt;/bean&gt;
* &lt;bean id=&quot;servletContext&quot; class=&quot;org.springframework.web.context.support.ServletContextFactoryBean&quot;/&gt;
*
*
* </pre>
*
* </p>
* @author Ruud Senden
* @since 2.0
*/
public class WebXmlMappableRolesRetriever extends XmlMappableRolesRetriever {
private static final String XPATH_EXPR = "/web-app/security-role/role-name/text()";

4
core/src/test/java/org/springframework/security/ui/preauth/PreAuthenticatedProcesingFilterEntryPointTests.java
View File

@ -20,7 +20,7 @@ import org.springframework.mock.web.MockHttpServletResponse;
public class PreAuthenticatedProcesingFilterEntryPointTests extends TestCase {
public void testGetSetOrder() {
PreAuthenticatedProcesingFilterEntryPoint fep = new PreAuthenticatedProcesingFilterEntryPoint();
PreAuthenticatedProcessingFilterEntryPoint fep = new PreAuthenticatedProcessingFilterEntryPoint();
fep.setOrder(333);
assertEquals(fep.getOrder(), 333);
}
@ -28,7 +28,7 @@ public class PreAuthenticatedProcesingFilterEntryPointTests extends TestCase {
public void testCommence() {
MockHttpServletRequest req = new MockHttpServletRequest();
MockHttpServletResponse resp = new MockHttpServletResponse();
PreAuthenticatedProcesingFilterEntryPoint fep = new PreAuthenticatedProcesingFilterEntryPoint();
PreAuthenticatedProcessingFilterEntryPoint fep = new PreAuthenticatedProcessingFilterEntryPoint();
try {
fep.commence(req,resp,new AuthenticationCredentialsNotFoundException("test"));
assertEquals("Incorrect status",resp.getStatus(),HttpServletResponse.SC_FORBIDDEN);

116
samples/preauth/pom.xml Normal file
View File

@ -0,0 +1,116 @@
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples</artifactId>
<version>2.0-SNAPSHOT</version>
</parent>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples-preauth</artifactId>
<name>Spring Security - Preauthentiation sample</name>
<packaging>war</packaging>
<dependencies>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core-tiger</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-aop</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>jstl</artifactId>
<version>1.2</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>taglibs</groupId>
<artifactId>standard</artifactId>
<version>1.0.6</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>jaxen</groupId>
<artifactId>jaxen</artifactId>
<version>1.1.1</version>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.apache.directory.server</groupId>
<artifactId>apacheds-core</artifactId>
<version>1.0.2</version>
<scope>compile</scope>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.apache.directory.server</groupId>
<artifactId>apacheds-server-jndi</artifactId>
<version>1.0.2</version>
<scope>compile</scope>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
<version>1.4.3</version>
<scope>runtime</scope>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.ldap</groupId>
<artifactId>spring-ldap</artifactId>
<version>1.2.1</version>
<optional>true</optional>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<source>1.5</source>
<target>1.5</target>
</configuration>
</plugin>
<plugin>
<groupId>org.mortbay.jetty</groupId>
<artifactId>maven-jetty-plugin</artifactId>
<version>6.1.5</version>
<configuration>
<contextPath>/preauth</contextPath>
<userRealms>
<userRealm implementation="org.mortbay.jetty.security.HashUserRealm">
<name>Preauth Realm</name>
<config>realm.properties</config>
</userRealm>
</userRealms>
</configuration>
</plugin>
</plugins>
</build>
</project>

3
samples/preauth/realm.properties Normal file
View File

@ -0,0 +1,3 @@
rod: koala,ROLE_SUPERVISOR,ROLE_USER
bob: bobspassword,ROLE_USER
user: password

125
samples/preauth/src/main/webapp/WEB-INF/applicationContext-security.xml Normal file
View File

@ -0,0 +1,125 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
- Sample namespace-based configuration
-
- $Id: applicationContext-security-ns.xml 2396 2007-12-23 16:36:44Z luke_t $
-->
<b:beans xmlns="http://www.springframework.org/schema/security"
xmlns:b="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
<b:bean id="filterChainProxy" class="org.springframework.security.util.FilterChainProxy">
<filter-chain-map path-type="ant">
<filter-chain pattern="/**" filters="sif,j2eePreAuthFilter,logoutFilter,etf,fsi"/>
</filter-chain-map>
</b:bean>
<b:bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
<b:property name="providers">
<b:list>
<b:ref local="preAuthenticatedAuthenticationProvider"/>
</b:list>
</b:property>
</b:bean>
<b:bean id="sif" class="org.springframework.security.context.HttpSessionContextIntegrationFilter"/>
<b:bean id="preAuthenticatedAuthenticationProvider" class="org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationProvider">
<b:property name="preAuthenticatedUserDetailsService" ref="preAuthenticatedUserDetailsService"/>
</b:bean>
<b:bean id="preAuthenticatedUserDetailsService"
class="org.springframework.security.providers.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsService"/>
<b:bean id="j2eePreAuthFilter" class="org.springframework.security.ui.preauth.j2ee.J2eePreAuthenticatedProcessingFilter">
<b:property name="authenticationManager" ref="authenticationManager"/>
<b:property name="authenticationDetailsSource" ref="authenticationDetailsSource"/>
</b:bean>
<b:bean id="preAuthenticatedProcessingFilterEntryPoint"
class="org.springframework.security.ui.preauth.PreAuthenticatedProcessingFilterEntryPoint"/>
<b:bean id="logoutFilter" class="org.springframework.security.ui.logout.LogoutFilter">
<b:constructor-arg value="/"/>
<b:constructor-arg>
<b:list>
<b:bean class="org.springframework.security.ui.logout.SecurityContextLogoutHandler"/>
</b:list>
</b:constructor-arg>
</b:bean>
<b:bean id="authenticationDetailsSource" class="org.springframework.security.ui.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource">
<b:property name="j2eeMappableRolesRetriever">
<b:ref local="j2eeMappableRolesRetriever"/>
</b:property>
<b:property name="j2eeUserRoles2GrantedAuthoritiesMapper">
<b:ref local="j2eeUserRoles2GrantedAuthoritiesMapper"/>
</b:property>
</b:bean>
<b:bean id="j2eeUserRoles2GrantedAuthoritiesMapper" class="org.springframework.security.rolemapping.SimpleRoles2GrantedAuthoritiesMapper">
<b:property name="convertRoleToUpperCase" value="true"/>
</b:bean>
<b:bean id="j2eeMappableRolesRetriever" class="org.springframework.security.ui.preauth.j2ee.WebXmlMappableRolesRetriever">
<b:property name="webXmlInputStream"><b:bean factory-bean="webXmlResource" factory-method="getInputStream"/>
</b:property>
</b:bean>
<b:bean id="webXmlResource" class="org.springframework.web.context.support.ServletContextResource">
<b:constructor-arg ref="servletContext"/>
<b:constructor-arg value="/WEB-INF/web.xml"/>
</b:bean>
<b:bean id="servletContext" class="org.springframework.web.context.support.ServletContextFactoryBean"/>
<b:bean id="etf" class="org.springframework.security.ui.ExceptionTranslationFilter">
<b:property name="authenticationEntryPoint">
<b:ref local="preAuthenticatedProcessingFilterEntryPoint"/>
</b:property>
</b:bean>
<b:bean id="httpRequestAccessDecisionManager" class="org.springframework.security.vote.AffirmativeBased">
<b:property name="allowIfAllAbstainDecisions" value="false"/>
<b:property name="decisionVoters">
<b:list>
<b:ref bean="roleVoter"/>
</b:list>
</b:property>
</b:bean>
<b:bean id="fsi" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
<b:property name="authenticationManager" ref="authenticationManager"/>
<b:property name="accessDecisionManager">
<b:ref local="httpRequestAccessDecisionManager"/>
</b:property>
<b:property name="objectDefinitionSource">
<b:value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/secure/extreme/**=ROLE_SUPERVISOR
/secure/**=ROLE_USER
/**=ROLE_USER
</b:value>
</b:property>
</b:bean>
<b:bean id="roleVoter" class="org.springframework.security.vote.RoleVoter"/>
<b:bean id="securityContextHolderAwareRequestFilter" class="org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter">
<b:property name="wrapperClass" value="org.springframework.security.wrapper.SecurityContextHolderAwareRequestWrapper"/>
</b:bean>
</b:beans>

20
samples/preauth/src/main/webapp/WEB-INF/classes/log4j.properties Normal file
View File

@ -0,0 +1,20 @@
# Global logging configuration
log4j.rootLogger=INFO, stdout, fileout
log4j.logger.org.springframework.security=DEBUG, stdout, fileout
# Console output...
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.conversionPattern=[%p,%c{1},%t] %m%n
# Rolling log file output...
log4j.appender.fileout=org.apache.log4j.RollingFileAppender
log4j.appender.fileout.File=spring-security-preauth.log
#log4j.appender.fileout.File=${webapp.root}/WEB-INF/log4j.log
log4j.appender.fileout.MaxFileSize=1024KB
log4j.appender.fileout.MaxBackupIndex=1
log4j.appender.fileout.layout=org.apache.log4j.PatternLayout
log4j.appender.fileout.layout.conversionPattern=%d{ABSOLUTE} %5p %c{1},%t:%L - %m%n

73
samples/preauth/src/main/webapp/WEB-INF/web.xml Normal file
View File

@ -0,0 +1,73 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
- Tutorial web application
-
- $Id: web.xml 2476 2008-01-18 18:17:09Z luke_t $
-->
<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" version="2.4">
<display-name>Spring Security Preauthentication Demo Application</display-name>
<!--
- Location of the XML file that defines the root application context
- Applied by ContextLoaderListener.
-->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext-security.xml
</param-value>
</context-param>
<filter>
<filter-name>filterChainProxy</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>filterChainProxy</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!--
- Loads the root application context of this web app at startup.
- The application context is then available via
- WebApplicationContextUtils.getWebApplicationContext(servletContext).
-->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!--
- Publishes events for session creation and destruction through the application
- context. Optional unless concurrent session control is being used.
-->
<listener>
<listener-class>org.springframework.security.ui.session.HttpSessionEventPublisher</listener-class>
</listener>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Preauth Realm</realm-name>
</login-config>
<security-role>
<role-name>ROLE_USER</role-name>
</security-role>
<security-role>
<role-name>ROLE_SUPERVISOR</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>All areas</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>ROLE_USER</role-name>
</auth-constraint>
</security-constraint>
</web-app>

11
samples/preauth/src/main/webapp/index.jsp Normal file
View File

@ -0,0 +1,11 @@
<html>
<body>
<h1>Home Page</h1>
<p>Anyone can view this page.</p>
<p>Your principal object is....: <%= request.getUserPrincipal() %></p>
<p><a href="secure/index.jsp">Secure page</a></p>
<p><a href="secure/extreme/index.jsp">Extremely secure page</a></p>
</body>
</html>

15
samples/preauth/src/main/webapp/secure/extreme/index.jsp Normal file
View File

@ -0,0 +1,15 @@
<%@ taglib prefix="authz" uri="http://www.springframework.org/security/tags" %>
<html>
<body>
<h1>VERY Secure Page</h1>
This is a protected page. You can only see me if you are a supervisor.
<authz:authorize ifAllGranted="ROLE_SUPERVISOR">
You have "ROLE_SUPERVISOR" (this text is surrounded by &lt;authz:authorize&gt; tags).
</authz:authorize>
<p><a href="../../">Home</a>
<p><a href="../../j_spring_security_logout">Logout</a>
</body>
</html>

15
samples/preauth/src/main/webapp/secure/index.jsp Normal file
View File

@ -0,0 +1,15 @@
<html>
<body>
<h1>Secure Page</h1>
This is a protected page. You can get to me if you've been remembered,
or if you've authenticated this session.<br><br>
<%if (request.isUserInRole("ROLE_SUPERVISOR")) { %>
You are a supervisor! You can therefore see the <a href="extreme/index.jsp">extremely secure page</a>.<br><br>
<% } %>
<p><a href="../">Home</a>
<p><a href="../j_spring_security_logout">Logout</a>
</body>
</html>