Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-29 23:32:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-1584: Added namespace support for injecting custom HttpFirewall instance into FilterChainProxy.

Browse Source
This commit is contained in:
Luke Taylor 2010-10-13 19:34:04 +01:00
parent 82cd72768d
commit 8e68fa1334
12 changed files with 2253 additions and 645 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
config/convert_schema.sh
View File

@ -3,9 +3,9 @@
pushd src/main/resources/org/springframework/security/config/
echo "Converting rnc file to xsd ..."
java -jar ~/bin/trang.jar spring-security-3.0.3.rnc spring-security-3.0.3.xsd
java -jar ~/bin/trang.jar spring-security-3.0.4.rnc spring-security-3.0.4.xsd
echo "Applying XSL transformation to xsd ..."
xsltproc --output spring-security-3.0.3.xsd spring-security.xsl spring-security-3.0.3.xsd
xsltproc --output spring-security-3.0.4.xsd spring-security.xsl spring-security-3.0.4.xsd
popd

1
config/src/main/java/org/springframework/security/config/Elements.java
View File

@ -50,4 +50,5 @@ public abstract class Elements {
@Deprecated
public static final String FILTER_INVOCATION_DEFINITION_SOURCE = "filter-invocation-definition-source";
public static final String LDAP_PASSWORD_COMPARE = "password-compare";
public static final String HTTP_FIREWALL = "http-firewall";
}

2
config/src/main/java/org/springframework/security/config/SecurityNamespaceHandler.java
View File

@ -15,6 +15,7 @@ import org.springframework.security.config.authentication.JdbcUserServiceBeanDef
import org.springframework.security.config.authentication.UserServiceBeanDefinitionParser;
import org.springframework.security.config.http.FilterChainMapBeanDefinitionDecorator;
import org.springframework.security.config.http.FilterInvocationSecurityMetadataSourceParser;
import org.springframework.security.config.http.HttpFirewallBeanDefinitionParser;
import org.springframework.security.config.http.HttpSecurityBeanDefinitionParser;
import org.springframework.security.config.ldap.LdapProviderBeanDefinitionParser;
import org.springframework.security.config.ldap.LdapServerBeanDefinitionParser;
@ -119,6 +120,7 @@ public final class SecurityNamespaceHandler implements NamespaceHandler {
// Only load the web-namespace parsers if the web classes are available
if (ClassUtils.isPresent("org.springframework.security.web.FilterChainProxy", getClass().getClassLoader())) {
parsers.put(Elements.HTTP, new HttpSecurityBeanDefinitionParser());
parsers.put(Elements.HTTP_FIREWALL, new HttpFirewallBeanDefinitionParser());
parsers.put(Elements.FILTER_INVOCATION_DEFINITION_SOURCE, new FilterInvocationSecurityMetadataSourceParser());
parsers.put(Elements.FILTER_SECURITY_METADATA_SOURCE, new FilterInvocationSecurityMetadataSourceParser());
filterChainMapBDD = new FilterChainMapBeanDefinitionDecorator();

39
config/src/main/java/org/springframework/security/config/http/HttpFirewallBeanDefinitionParser.java Normal file
View File

@ -0,0 +1,39 @@
package org.springframework.security.config.http;
import org.springframework.beans.BeanMetadataElement;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.beans.factory.config.RuntimeBeanReference;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.springframework.beans.factory.support.ManagedMap;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.beans.factory.xml.BeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.security.config.BeanIds;
import org.springframework.util.StringUtils;
import org.w3c.dom.Element;
import java.util.*;
/**
* Injects the supplied {@code HttpFirewall} bean reference into the {@code FilterChainProxy}.
*
* @author Luke Taylor
*/
public class HttpFirewallBeanDefinitionParser implements BeanDefinitionParser {
@Override
public BeanDefinition parse(Element element, ParserContext pc) {
String ref = element.getAttribute("ref");
if (!StringUtils.hasText(ref)) {
pc.getReaderContext().error("ref attribute is required", pc.extractSource(element));
}
BeanDefinitionBuilder injector = BeanDefinitionBuilder.rootBeanDefinition(HttpFirewallInjectionBeanPostProcessor.class);
injector.addConstructorArgValue(ref);
pc.getReaderContext().registerWithGeneratedName(injector.getBeanDefinition());
return null;
}
}

40
config/src/main/java/org/springframework/security/config/http/HttpFirewallInjectionBeanPostProcessor.java Normal file
View File

@ -0,0 +1,40 @@
package org.springframework.security.config.http;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.BeanFactory;
import org.springframework.beans.factory.BeanFactoryAware;
import org.springframework.beans.factory.config.BeanPostProcessor;
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
import org.springframework.security.config.BeanIds;
import org.springframework.security.web.FilterChainProxy;
import org.springframework.security.web.firewall.HttpFirewall;
/**
* @author Luke Taylor
*/
public class HttpFirewallInjectionBeanPostProcessor implements BeanPostProcessor, BeanFactoryAware {
private ConfigurableListableBeanFactory beanFactory;
private String ref;
public HttpFirewallInjectionBeanPostProcessor(String ref) {
this.ref = ref;
}
public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException {
if (BeanIds.FILTER_CHAIN_PROXY.equals(beanName)) {
HttpFirewall fw = (HttpFirewall) beanFactory.getBean(ref);
((FilterChainProxy)bean).setFirewall(fw);
}
return bean;
}
public Object postProcessAfterInitialization(Object bean, String beanName) throws BeansException {
return bean;
}
public void setBeanFactory(BeanFactory beanFactory) throws BeansException {
this.beanFactory = (ConfigurableListableBeanFactory) beanFactory;
}
}

3
config/src/main/resources/META-INF/spring.schemas
View File

@ -1,5 +1,6 @@
http\://www.springframework.org/schema/security/spring-security.xsd=org/springframework/security/config/spring-security-3.0.3.xsd
http\://www.springframework.org/schema/security/spring-security.xsd=org/springframework/security/config/spring-security-3.0.4.xsd
http\://www.springframework.org/schema/security/spring-security-3.0.xsd=org/springframework/security/config/spring-security-3.0.xsd
http\://www.springframework.org/schema/security/spring-security-3.0.4.xsd=org/springframework/security/config/spring-security-3.0.4.xsd
http\://www.springframework.org/schema/security/spring-security-3.0.3.xsd=org/springframework/security/config/spring-security-3.0.3.xsd
http\://www.springframework.org/schema/security/spring-security-2.0.xsd=org/springframework/security/config/spring-security-2.0.xsd
http\://www.springframework.org/schema/security/spring-security-2.0.1.xsd=org/springframework/security/config/spring-security-2.0.1.xsd

5
config/src/main/resources/org/springframework/security/config/spring-security-3.0.3.rnc → config/src/main/resources/org/springframework/security/config/spring-security-3.0.4.rnc
View File

@ -245,6 +245,9 @@ protect-pointcut.attlist &=
## Access configuration attributes list that applies to all methods matching the pointcut, e.g. "ROLE_A,ROLE_B"
attribute access {xsd:token}
http-firewall =
## Allows a custom instance of HttpFirewall to be injected into the FilterChainProxy created by the namespace.
element http-firewall {ref}
http =
## Container element for HTTP security configuration
@ -628,5 +631,3 @@ position =
named-security-filter = "FIRST" | "CHANNEL_FILTER" | "CONCURRENT_SESSION_FILTER" | "SECURITY_CONTEXT_FILTER" | "LOGOUT_FILTER" | "X509_FILTER" | "PRE_AUTH_FILTER" | "CAS_FILTER" | "FORM_LOGIN_FILTER" | "OPENID_FILTER" |"BASIC_AUTH_FILTER" | "SERVLET_API_SUPPORT_FILTER" | "REMEMBER_ME_FILTER" | "ANONYMOUS_FILTER" | "EXCEPTION_TRANSLATION_FILTER" | "SESSION_MANAGEMENT_FILTER" | "FILTER_SECURITY_INTERCEPTOR" | "SWITCH_USER_FILTER" | "LAST"

1386
config/src/main/resources/org/springframework/security/config/spring-security-3.0.4.xsd Normal file
View File

File diff suppressed because it is too large Load Diff

13
config/src/test/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParserTests.java
View File

@ -80,6 +80,7 @@ import org.springframework.security.web.authentication.www.BasicAuthenticationFi
import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
import org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper;
import org.springframework.security.web.context.SecurityContextPersistenceFilter;
import org.springframework.security.web.firewall.DefaultHttpFirewall;
import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
import org.springframework.security.web.savedrequest.RequestCacheAwareFilter;
import org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter;
@ -1251,6 +1252,18 @@ public class HttpSecurityBeanDefinitionParserTests {
fcp.doFilter(request, new MockHttpServletResponse(), new MockFilterChain());
}
@Test
public void httpFirewallInjectionIsSupported() throws Exception {
setContext(
"<http-firewall ref='fw'/>" +
"<http>" +
" <form-login />" +
"</http>" +
"<b:bean id='fw' class='" + DefaultHttpFirewall.class.getName() +"'/>" +
AUTH_PROVIDER_XML);
FilterChainProxy fcp = (FilterChainProxy) appContext.getBean(BeanIds.FILTER_CHAIN_PROXY);
assertSame(appContext.getBean("fw"), FieldUtils.getFieldValue(fcp, "firewall"));
}
private void setContext(String context) {
appContext = new InMemoryXmlApplicationContext(context);

4
config/src/test/java/org/springframework/security/config/util/InMemoryXmlApplicationContext.java
View File

@ -22,11 +22,11 @@ public class InMemoryXmlApplicationContext extends AbstractXmlApplicationContext
Resource inMemoryXml;
public InMemoryXmlApplicationContext(String xml) {
this(xml, "3.0.3", null);
this(xml, "3.0.4", null);
}
public InMemoryXmlApplicationContext(String xml, ApplicationContext parent) {
this(xml, "3.0.3", parent);
this(xml, "3.0.4", parent);
}
public InMemoryXmlApplicationContext(String xml, String secVersion, ApplicationContext parent) {

781
docs/manual/src/docbook/appendix-namespace.xml
View File

File diff suppressed because it is too large Load Diff

4
web/src/main/java/org/springframework/security/web/FilterChainProxy.java
View File

@ -304,6 +304,10 @@ public class FilterChainProxy extends GenericFilterBean {
return matcher;
}
public void setFirewall(HttpFirewall firewall) {
this.firewall = firewall;
}
/**
* If set to 'true', the query string will be stripped from the request URL before
* attempting to find a matching filter chain. This is the default value.