Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SEC-1466: Report error if authentication-provider element has child elements when used with "ref" attribute.

This commit is contained in:
Luke Taylor 2010-04-30 20:01:01 +01:00
parent 165cbb0d19
commit 863ccecf55
2 changed files with 21 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParser.java
View File

@ -25,6 +25,8 @@ import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import com.sun.tools.internal.xjc.util.DOMUtils;
/**
* Registers the central ProviderManager used by the namespace configuration, and allows the configuration of an
* alias, allowing users to reference it in their beans and clearly see where the name is
@ -56,6 +58,10 @@ public class AuthenticationManagerBeanDefinitionParser implements BeanDefinition
if (node instanceof Element) {
Element providerElt = (Element)node;
if (StringUtils.hasText(providerElt.getAttribute(ATT_REF))) {
if (DOMUtils.getChildElements(providerElt).length > 0) {
pc.getReaderContext().error("authentication-provider element cannot have children when used " +
"with 'ref' atribute", pc.extractSource(element));
}
providers.add(new RuntimeBeanReference(providerElt.getAttribute(ATT_REF)));
} else {
BeanDefinition provider = resolver.resolve(providerElt.getNamespaceURI()).parse(providerElt, pc);

15
config/src/test/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParserTests.java
View File

@ -11,6 +11,7 @@ import org.springframework.security.config.BeanIds;
import org.springframework.security.config.authentication.AuthenticationProviderBeanDefinitionParser;
import org.springframework.security.config.util.InMemoryXmlApplicationContext;
import org.springframework.security.util.FieldUtils;
import org.springframework.beans.factory.parsing.BeanDefinitionParsingException;
import org.springframework.context.support.AbstractXmlApplicationContext;
import org.junit.Test;
@ -129,6 +130,20 @@ public class AuthenticationProviderBeanDefinitionParserTests {
getProvider().authenticate(bob);
}
// SEC-1466
@Test(expected=BeanDefinitionParsingException.class)
public void exernalProviderDoesNotSupportChildElements() throws Exception {
appContext = new InMemoryXmlApplicationContext(
" <authentication-manager>" +
" <authentication-provider ref='aProvider'>" +
" <password-encoder ref='customPasswordEncoder'/>" +
" </authentication-provider>" +
" </authentication-manager>" +
" <b:bean id='aProvider' class='org.springframework.security.authentication.TestingAuthenticationProvider'/>" +
" <b:bean id='customPasswordEncoder' " +
" class='org.springframework.security.authentication.encoding.Md5PasswordEncoder'/>");
}
private AuthenticationProvider getProvider() {
List<AuthenticationProvider> providers =
((ProviderManager)appContext.getBean(BeanIds.AUTHENTICATION_MANAGER)).getProviders();