mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-02-28 18:39:06 +00:00
SEC-271: added method authoriztion BeanDefinition parser
This commit is contained in:
Vishal Puri
parent
0e46e5307c
commit
918f7ca008
@ -1,44 +1,47 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<classpath>
|
||||
<classpathentry kind="src" path="src/main/java"/>
|
||||
<classpathentry excluding="**/*.java" kind="src" path="src/main/resources"/>
|
||||
<classpathentry kind="src" output="target/test-classes" path="src/test/java"/>
|
||||
<classpathentry excluding="**/*.java" kind="src" output="target/test-classes" path="src/test/resources"/>
|
||||
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
|
||||
<classpathentry kind="var" path="M2_REPO/net/sf/ehcache/ehcache/1.2.4/ehcache-1.2.4.jar" sourcepath="M2_REPO/net/sf/ehcache/ehcache/1.2.4/ehcache-1.2.4-sources.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/aspectj/aspectjrt/1.2/aspectjrt-1.2.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-context/2.0.4/spring-context-2.0.4.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/commons-codec/commons-codec/1.3/commons-codec-1.3.jar" sourcepath="M2_REPO/commons-codec/commons-codec/1.3/commons-codec-1.3-sources.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/antlr/antlr/2.7.6/antlr-2.7.6.jar" sourcepath="M2_REPO/antlr/antlr/2.7.6/antlr-2.7.6-sources.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/commons-lang/commons-lang/2.1/commons-lang-2.1.jar" sourcepath="M2_REPO/commons-lang/commons-lang/2.1/commons-lang-2.1-sources.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/slf4j/slf4j-log4j12/1.0.1/slf4j-log4j12-1.0.1.jar" sourcepath="M2_REPO/org/slf4j/slf4j-log4j12/1.0.1/slf4j-log4j12-1.0.1-sources.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/acegisecurity/acegi-security-tiger/1.0.5-SNAPSHOT/acegi-security-tiger-1.0.5-SNAPSHOT.jar" sourcepath="M2_REPO/org/acegisecurity/acegi-security-tiger/1.0.5-SNAPSHOT/acegi-security-tiger-1.0.5-SNAPSHOT-sources.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-beans/2.0.4/spring-beans-2.0.4.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/javax/servlet/jsp-api/2.0/jsp-api-2.0.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-remoting/2.0.4/spring-remoting-2.0.4.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-support/2.0.4/spring-support-2.0.4.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/cas/casclient/2.0.11/casclient-2.0.11.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/aopalliance/aopalliance/1.0/aopalliance-1.0.jar" sourcepath="M2_REPO/aopalliance/aopalliance/1.0/aopalliance-1.0-sources.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-dao/2.0.4/spring-dao-2.0.4.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/apache/directory/server/apacheds-core-shared/1.0.0/apacheds-core-shared-1.0.0.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/jmock/jmock/1.0.1/jmock-1.0.1.jar" sourcepath="M2_REPO/jmock/jmock/1.0.1/jmock-1.0.1-sources.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/acegisecurity/acegi-security/1.0.5-SNAPSHOT/acegi-security-1.0.5-SNAPSHOT.jar" sourcepath="M2_REPO/org/acegisecurity/acegi-security/1.0.5-SNAPSHOT/acegi-security-1.0.5-SNAPSHOT-sources.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/taglibs/standard/1.0.6/standard-1.0.6.jar" sourcepath="M2_REPO/taglibs/standard/1.0.6/standard-1.0.6-sources.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/oro/oro/2.0.8/oro-2.0.8.jar" sourcepath="M2_REPO/oro/oro/2.0.8/oro-2.0.8-sources.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/apache/directory/shared/shared-asn1/0.9.5.3/shared-asn1-0.9.5.3.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-mock/2.0.4/spring-mock-2.0.4.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-jdbc/2.0.4/spring-jdbc-2.0.4.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-aop/2.0.4/spring-aop-2.0.4.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/hsqldb/hsqldb/1.8.0.4/hsqldb-1.8.0.4.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/javax/servlet/servlet-api/2.4/servlet-api-2.4.jar" sourcepath="M2_REPO/javax/servlet/servlet-api/2.4/servlet-api-2.4-sources.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/apache/directory/server/apacheds-core/1.0.0/apacheds-core-1.0.0.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/log4j/log4j/1.2.9/log4j-1.2.9.jar" sourcepath="M2_REPO/log4j/log4j/1.2.9/log4j-1.2.9-sources.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/jdbm/jdbm/1.0/jdbm-1.0.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/junit/junit/3.8.1/junit-3.8.1.jar" sourcepath="M2_REPO/junit/junit/3.8.1/junit-3.8.1-sources.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/apache/directory/shared/shared-ldap/0.9.5.3/shared-ldap-0.9.5.3.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/commons-logging/commons-logging/1.0.4/commons-logging-1.0.4.jar" sourcepath="M2_REPO/commons-logging/commons-logging/1.0.4/commons-logging-1.0.4-sources.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-web/2.0.4/spring-web-2.0.4.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/commons-collections/commons-collections/3.1/commons-collections-3.1.jar" sourcepath="M2_REPO/commons-collections/commons-collections/3.1/commons-collections-3.1-sources.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-core/2.0.4/spring-core-2.0.4.jar" sourcepath="/spring"/>
|
||||
<classpathentry kind="output" path="target/classes"/>
|
||||
</classpath>
|
||||
<classpathentry kind="src" path="src/main/java"/>
|
||||
<classpathentry kind="src" path="src/main/resources" excluding="**/*.java"/>
|
||||
<classpathentry kind="src" path="src/test/java" output="target/test-classes"/>
|
||||
<classpathentry kind="src" path="src/test/resources" output="target/test-classes" excluding="**/*.java"/>
|
||||
<classpathentry kind="output" path="target/classes"/>
|
||||
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
|
||||
<classpathentry kind="var" path="M2_REPO/commons-collections/commons-collections/3.1/commons-collections-3.1.jar" sourcepath="M2_REPO/commons-collections/commons-collections/3.1/commons-collections-3.1-sources.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/apache/directory/server/apacheds-core-shared/1.0.0/apacheds-core-shared-1.0.0.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-context/2.0.4/spring-context-2.0.4.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/commons-codec/commons-codec/1.3/commons-codec-1.3.jar" sourcepath="M2_REPO/commons-codec/commons-codec/1.3/commons-codec-1.3-sources.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/commons-attributes/commons-attributes-api/2.1/commons-attributes-api-2.1.jar" sourcepath="M2_REPO/commons-attributes/commons-attributes-api/2.1/commons-attributes-api-2.1-sources.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/javax/servlet/servlet-api/2.4/servlet-api-2.4.jar" sourcepath="M2_REPO/javax/servlet/servlet-api/2.4/servlet-api-2.4-sources.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/junit/junit/3.8.1/junit-3.8.1.jar" sourcepath="M2_REPO/junit/junit/3.8.1/junit-3.8.1-sources.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/cas/casclient/2.0.11/casclient-2.0.11.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/hsqldb/hsqldb/1.8.0.4/hsqldb-1.8.0.4.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/qdox/qdox/1.5/qdox-1.5.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/apache/directory/shared/shared-ldap/0.9.5.3/shared-ldap-0.9.5.3.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/taglibs/standard/1.0.6/standard-1.0.6.jar" sourcepath="M2_REPO/taglibs/standard/1.0.6/standard-1.0.6-sources.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/jmock/jmock/1.0.1/jmock-1.0.1.jar" sourcepath="M2_REPO/jmock/jmock/1.0.1/jmock-1.0.1-sources.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/apache/directory/server/apacheds-core/1.0.0/apacheds-core-1.0.0.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/apache/directory/shared/shared-asn1/0.9.5.3/shared-asn1-0.9.5.3.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/javax/servlet/jsp-api/2.0/jsp-api-2.0.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-web/2.0.4/spring-web-2.0.4.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-support/2.0.4/spring-support-2.0.4.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-dao/2.0.4/spring-dao-2.0.4.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/acegisecurity/acegi-security/1.0.5-SNAPSHOT/acegi-security-1.0.5-SNAPSHOT.jar" sourcepath="M2_REPO/org/acegisecurity/acegi-security/1.0.5-SNAPSHOT/acegi-security-1.0.5-SNAPSHOT-sources.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/log4j/log4j/1.2.9/log4j-1.2.9.jar" sourcepath="M2_REPO/log4j/log4j/1.2.9/log4j-1.2.9-sources.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/commons-attributes/commons-attributes-compiler/2.1/commons-attributes-compiler-2.1.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-remoting/2.0.4/spring-remoting-2.0.4.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/antlr/antlr/2.7.6/antlr-2.7.6.jar" sourcepath="M2_REPO/antlr/antlr/2.7.6/antlr-2.7.6-sources.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-mock/2.0.4/spring-mock-2.0.4.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/jdbm/jdbm/1.0/jdbm-1.0.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-aop/2.0.4/spring-aop-2.0.4.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/slf4j/slf4j-log4j12/1.0.1/slf4j-log4j12-1.0.1.jar" sourcepath="M2_REPO/org/slf4j/slf4j-log4j12/1.0.1/slf4j-log4j12-1.0.1-sources.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-jdbc/2.0.4/spring-jdbc-2.0.4.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/commons-lang/commons-lang/2.1/commons-lang-2.1.jar" sourcepath="M2_REPO/commons-lang/commons-lang/2.1/commons-lang-2.1-sources.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-beans/2.0.4/spring-beans-2.0.4.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/oro/oro/2.0.8/oro-2.0.8.jar" sourcepath="M2_REPO/oro/oro/2.0.8/oro-2.0.8-sources.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-core/2.0.4/spring-core-2.0.4.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/commons-logging/commons-logging/1.0.4/commons-logging-1.0.4.jar" sourcepath="M2_REPO/commons-logging/commons-logging/1.0.4/commons-logging-1.0.4-sources.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/aspectj/aspectjrt/1.2/aspectjrt-1.2.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/ant/ant/1.5/ant-1.5.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/aopalliance/aopalliance/1.0/aopalliance-1.0.jar" sourcepath="M2_REPO/aopalliance/aopalliance/1.0/aopalliance-1.0-sources.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/net/sf/ehcache/ehcache/1.2.4/ehcache-1.2.4.jar" sourcepath="M2_REPO/net/sf/ehcache/ehcache/1.2.4/ehcache-1.2.4-sources.jar"/>
|
||||
<classpathentry kind="var" path="M2_REPO/org/acegisecurity/acegi-security-tiger/1.0.5-SNAPSHOT/acegi-security-tiger-1.0.5-SNAPSHOT.jar" sourcepath="M2_REPO/org/acegisecurity/acegi-security-tiger/1.0.5-SNAPSHOT/acegi-security-tiger-1.0.5-SNAPSHOT-sources.jar"/>
|
||||
</classpath>
|
||||
@ -72,6 +72,23 @@
|
||||
<artifactId>commons-collections</artifactId>
|
||||
<version>3.1</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>commons-attributes</groupId>
|
||||
<artifactId>commons-attributes-compiler</artifactId>
|
||||
<version>2.1</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>commons-attributes</groupId>
|
||||
<artifactId>commons-attributes-api</artifactId>
|
||||
<version>2.1</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>commons-attributes</groupId>
|
||||
<artifactId>commons-attributes-plugin</artifactId>
|
||||
<version>2.1</version>
|
||||
<type>plugin</type>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>aspectj</groupId>
|
||||
<artifactId>aspectjrt</artifactId>
|
||||
|
||||
@ -0,0 +1,217 @@
|
||||
package org.acegisecurity.config;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
|
||||
import org.acegisecurity.annotation.SecurityAnnotationAttributes;
|
||||
import org.acegisecurity.intercept.method.MethodDefinitionAttributes;
|
||||
import org.acegisecurity.intercept.method.MethodDefinitionMap;
|
||||
import org.acegisecurity.intercept.method.MethodDefinitionSource;
|
||||
import org.acegisecurity.intercept.method.MethodDefinitionSourceMapping;
|
||||
import org.acegisecurity.intercept.method.aopalliance.MethodDefinitionSourceAdvisor;
|
||||
import org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor;
|
||||
import org.acegisecurity.intercept.method.aspectj.AspectJSecurityInterceptor;
|
||||
import org.acegisecurity.runas.RunAsManagerImpl;
|
||||
import org.acegisecurity.util.BeanDefinitionParserUtils;
|
||||
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
|
||||
import org.springframework.beans.factory.BeanDefinitionStoreException;
|
||||
import org.springframework.beans.factory.config.RuntimeBeanReference;
|
||||
import org.springframework.beans.factory.support.AbstractBeanDefinition;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.BeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
import org.springframework.metadata.commons.CommonsAttributes;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.springframework.util.xml.DomUtils;
|
||||
import org.w3c.dom.Element;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Vishal Puri
|
||||
*
|
||||
*/
|
||||
|
||||
public class AuthorizationMethodBeanDefinitionParser extends AbstractBeanDefinitionParser implements
|
||||
BeanDefinitionParser {
|
||||
// ~ static initializers
|
||||
// ================================================================================================
|
||||
|
||||
public static final String ASPECTJ_ATTRIBUTE = "aspectj";
|
||||
|
||||
public static final String SPRING_AOP_ATTRIBUTE = "springAop";
|
||||
|
||||
public static final String SOURCE_ATTRIBUTE = "source";
|
||||
|
||||
public static final String SOURCE_BEAN_REF = "sourceBeanId";
|
||||
|
||||
public static final String ATTRIBUTE = "attribute";
|
||||
|
||||
private static final String CONFIGURATION_ATTRIBUTE = "configuration-attribute";
|
||||
|
||||
private static final String TYPE_ATTRIBUTE = "type";
|
||||
|
||||
// ~ Method
|
||||
// ================================================================================================
|
||||
|
||||
protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
|
||||
// <security:authorization-joinpoint aspectj="false|true"
|
||||
// springAop="true|false">
|
||||
// one attribute allowed, aspectj or springAop
|
||||
Assert.isTrue(!(element.hasAttribute(SPRING_AOP_ATTRIBUTE) && element.hasAttribute(ASPECTJ_ATTRIBUTE)),
|
||||
"only one attribute (springAop or aspectj) is allowed");
|
||||
|
||||
Element urlMappingEle = DomUtils.getChildElementByTagName(element, "url-mapping");
|
||||
|
||||
String sourceBeanId = urlMappingEle.getAttribute(SOURCE_BEAN_REF);
|
||||
boolean isSourceBeanIdDefined = StringUtils.hasLength(sourceBeanId);
|
||||
|
||||
if (!isValidConfiguration(urlMappingEle, isSourceBeanIdDefined)) {
|
||||
throw new IllegalArgumentException(
|
||||
" 'custom' value provided by 'source' attribute need to be selected when referring to a bean by 'sourceBeanId' attribute ");
|
||||
}
|
||||
|
||||
if ((element.hasAttribute(ASPECTJ_ATTRIBUTE)) && element.getAttribute(ASPECTJ_ATTRIBUTE).equals("true")) {
|
||||
// create AspectJSecurityInterceptor
|
||||
if (isSourceBeanIdDefined)
|
||||
return createMethodSecurityInterceptor(AspectJSecurityInterceptor.class, new RuntimeBeanReference(
|
||||
sourceBeanId));
|
||||
|
||||
return createMethodSecurityInterceptor(AspectJSecurityInterceptor.class, createObjectDefinitionSource(
|
||||
parserContext, urlMappingEle));
|
||||
}
|
||||
else if ((element.hasAttribute(SPRING_AOP_ATTRIBUTE))
|
||||
&& element.getAttribute(SPRING_AOP_ATTRIBUTE).equals("true")) {
|
||||
// create MethodSecurityInterceptor and
|
||||
// MethodDefinitionSourceAdvisor
|
||||
if (isSourceBeanIdDefined)
|
||||
return createMethodSecurityInterceptor(MethodSecurityInterceptor.class, new RuntimeBeanReference(
|
||||
sourceBeanId));
|
||||
|
||||
return createMethodSecurityInterceptor(MethodSecurityInterceptor.class, createObjectDefinitionSource(
|
||||
parserContext, urlMappingEle));
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param parserContext
|
||||
* @param firstChild
|
||||
* @param sourceValue
|
||||
* @throws BeanDefinitionStoreException
|
||||
*/
|
||||
private MethodDefinitionSource createObjectDefinitionSource(ParserContext parserContext, Element element)
|
||||
throws BeanDefinitionStoreException {
|
||||
String sourceValue = element.getAttribute(SOURCE_ATTRIBUTE);
|
||||
if (sourceValue.equals("xml")) {
|
||||
// create MethodDefinitionSourceEditor
|
||||
Element methodPattern = DomUtils.getChildElementByTagName(element, "method-pattern");
|
||||
String methodToProtect = methodPattern.getAttribute(TYPE_ATTRIBUTE);
|
||||
|
||||
MethodDefinitionSourceMapping mapping = new MethodDefinitionSourceMapping();
|
||||
MethodDefinitionMap source = new MethodDefinitionMap();
|
||||
List<MethodDefinitionSourceMapping> mappings = new ArrayList<MethodDefinitionSourceMapping>();
|
||||
|
||||
mapping.setMethodName(methodToProtect);
|
||||
|
||||
List configAttributes = DomUtils.getChildElementsByTagName(methodPattern, CONFIGURATION_ATTRIBUTE);
|
||||
|
||||
for (Iterator iter = configAttributes.iterator(); iter.hasNext();) {
|
||||
Element configAttribute = (Element) iter.next();
|
||||
String configAttributeValue = configAttribute.getAttribute(ATTRIBUTE);
|
||||
mapping.addConfigAttribute(configAttributeValue);
|
||||
}
|
||||
mappings.add(mapping);
|
||||
source.setMappings(mappings);
|
||||
return source;
|
||||
}
|
||||
else if (sourceValue.equals("annotations")) {
|
||||
BeanDefinitionParserUtils.registerBeanDefinition(parserContext, new RootBeanDefinition(
|
||||
DefaultAdvisorAutoProxyCreator.class));
|
||||
|
||||
MethodDefinitionAttributes source = new MethodDefinitionAttributes();
|
||||
SecurityAnnotationAttributes attributes = new SecurityAnnotationAttributes();
|
||||
source.setAttributes(attributes);
|
||||
return source;
|
||||
}
|
||||
else if (sourceValue.equals("attributes")) {
|
||||
// create CommonsAttributes
|
||||
CommonsAttributes attributes = new CommonsAttributes();
|
||||
// objectDefinitionSource and inject attributes
|
||||
MethodDefinitionAttributes source = new MethodDefinitionAttributes();
|
||||
source.setAttributes(attributes);
|
||||
|
||||
// register DefaultAdvisorAutoProxyCreator with parseContext
|
||||
BeanDefinitionParserUtils.registerBeanDefinition(parserContext, new RootBeanDefinition(
|
||||
DefaultAdvisorAutoProxyCreator.class));
|
||||
|
||||
// register MethodDefinitionSourceAdvisor autowire="constructor"
|
||||
registerMethodDefinitionSourceAdvisor(parserContext);
|
||||
return source;
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param parserContext
|
||||
* @throws BeanDefinitionStoreException
|
||||
*/
|
||||
private void registerMethodDefinitionSourceAdvisor(ParserContext parserContext) throws BeanDefinitionStoreException {
|
||||
RootBeanDefinition methodSecurityAdvisor = new RootBeanDefinition(MethodDefinitionSourceAdvisor.class);
|
||||
methodSecurityAdvisor.setAutowireMode(AbstractBeanDefinition.AUTOWIRE_CONSTRUCTOR);
|
||||
BeanDefinitionParserUtils.registerBeanDefinition(parserContext, methodSecurityAdvisor);
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates BeanDefinition for MethodSecurityInterceptor
|
||||
* MethodSecurityInterceptor autodetects 'authenticationManager' and
|
||||
* 'accessDecisionManager'
|
||||
* @param name
|
||||
*
|
||||
* @return
|
||||
*/
|
||||
private RootBeanDefinition createMethodSecurityInterceptor(Class interceptorType, Object object) {
|
||||
Assert.notNull(object, "objectDefinitionSource required");
|
||||
RootBeanDefinition securityInterceptor = new RootBeanDefinition(interceptorType);
|
||||
if (RuntimeBeanReference.class.isAssignableFrom(object.getClass())) {
|
||||
RuntimeBeanReference source = (RuntimeBeanReference) object;
|
||||
securityInterceptor.getPropertyValues().addPropertyValue("objectDefinitionSource", source);
|
||||
}
|
||||
else if (MethodDefinitionSource.class.isAssignableFrom(object.getClass())) {
|
||||
MethodDefinitionSource source = (MethodDefinitionSource) object;
|
||||
securityInterceptor.getPropertyValues().addPropertyValue("objectDefinitionSource", source);
|
||||
}
|
||||
securityInterceptor.getPropertyValues().addPropertyValue("validateConfigAttributes", Boolean.FALSE);
|
||||
RootBeanDefinition runAsManager = createRunAsManager();
|
||||
securityInterceptor.getPropertyValues().addPropertyValue("runAsManager", runAsManager);
|
||||
return securityInterceptor;
|
||||
}
|
||||
|
||||
private RootBeanDefinition createRunAsManager() {
|
||||
RootBeanDefinition runAsManager = new RootBeanDefinition(RunAsManagerImpl.class);
|
||||
runAsManager.getPropertyValues().addPropertyValue("key", "my_run_as_password");
|
||||
return runAsManager;
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks if 'custom' option is picked for 'source' attribute when
|
||||
* 'sourceBeanId' attribute is provided.
|
||||
* <p>
|
||||
* The valid configuration example:<br/> <security:url-mapping
|
||||
* source="custom" sourceBeanId="referenceToObjectDefinitionSource"/>
|
||||
* </p>
|
||||
* @param urlMappingElement
|
||||
* @return boolean Returns 'true' if configuration is accepted otherwise
|
||||
* returns 'false'
|
||||
*/
|
||||
private boolean isValidConfiguration(Element urlMappingElement, boolean isRefDefined) {
|
||||
Assert.notNull(urlMappingElement, "invalid tag - expected 'url-mapping' ");
|
||||
Assert.isTrue(urlMappingElement.getLocalName().equals("url-mapping"), "invalid tag - expected 'url-mapping' ");
|
||||
if (isRefDefined && (urlMappingElement.getAttribute(SOURCE_ATTRIBUTE).compareTo("custom") != 0)) {
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
}
|
||||
@ -4,9 +4,10 @@
|
||||
package org.acegisecurity.config;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import org.acegisecurity.AuthenticationManager;
|
||||
import org.acegisecurity.annotation.SecurityAnnotationAttributes;
|
||||
import org.acegisecurity.intercept.method.MethodDefinitionAttributes;
|
||||
import org.acegisecurity.intercept.method.aopalliance.MethodDefinitionSourceAdvisor;
|
||||
@ -16,6 +17,8 @@ import org.acegisecurity.intercept.web.FilterInvocationDefinitionSourceMapping;
|
||||
import org.acegisecurity.intercept.web.FilterSecurityInterceptor;
|
||||
import org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap;
|
||||
import org.acegisecurity.runas.RunAsManagerImpl;
|
||||
import org.acegisecurity.userdetails.memory.InMemoryDaoImpl;
|
||||
import org.acegisecurity.util.BeanDefinitionParserUtils;
|
||||
import org.acegisecurity.vote.AffirmativeBased;
|
||||
import org.acegisecurity.vote.AuthenticatedVoter;
|
||||
import org.acegisecurity.vote.RoleVoter;
|
||||
@ -27,6 +30,7 @@ import org.springframework.beans.factory.support.ManagedList;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.beans.factory.xml.BeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
import org.springframework.util.xml.DomUtils;
|
||||
import org.w3c.dom.Element;
|
||||
|
||||
/**
|
||||
@ -73,12 +77,14 @@ public class AutoConfigBeanDefinitionParser implements BeanDefinitionParser {
|
||||
|
||||
// filter security interceptor
|
||||
createAndRegisterBeanDefinitionForFilterSecurityInterceptor(parserContext, authenticationManager);
|
||||
|
||||
// create userDetailsService
|
||||
return null;
|
||||
}
|
||||
|
||||
private void createAndRegisterBeanDefintionForSecurityContextHolderAwareRequestFilter(ParserContext parserContext) {
|
||||
RootBeanDefinition beanDefinition = new RootBeanDefinition(SecurityContextHolderAwareRequestFilter.class);
|
||||
registerBeanDefinition(parserContext, beanDefinition);
|
||||
BeanDefinitionParserUtils.registerBeanDefinition(parserContext, beanDefinition);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -120,7 +126,7 @@ public class AutoConfigBeanDefinitionParser implements BeanDefinitionParser {
|
||||
source.setMappings(mappings);
|
||||
filterInvocationInterceptor.getPropertyValues().addPropertyValue("objectDefinitionSource",
|
||||
source.getDecorated());
|
||||
registerBeanDefinition(parserContext, filterInvocationInterceptor);
|
||||
BeanDefinitionParserUtils.registerBeanDefinition(parserContext, filterInvocationInterceptor);
|
||||
}
|
||||
|
||||
private RootBeanDefinition createAccessDecisionManagerAffirmativeBased() {
|
||||
@ -133,7 +139,8 @@ public class AutoConfigBeanDefinitionParser implements BeanDefinitionParser {
|
||||
}
|
||||
|
||||
private void createAndRegisterDefaultAdvisorAutoProxyCreator(ParserContext parserContext) {
|
||||
registerBeanDefinition(parserContext, new RootBeanDefinition(DefaultAdvisorAutoProxyCreator.class));
|
||||
BeanDefinitionParserUtils.registerBeanDefinition(parserContext, new RootBeanDefinition(
|
||||
DefaultAdvisorAutoProxyCreator.class));
|
||||
}
|
||||
|
||||
private void createAndRegisterBeanDefinitinoForMethodDefinitionSourceAdvisor(ParserContext parserContext,
|
||||
@ -142,23 +149,18 @@ public class AutoConfigBeanDefinitionParser implements BeanDefinitionParser {
|
||||
|
||||
RootBeanDefinition securityInterceptor = createMethodSecurityInterceptor(authenticationManager);
|
||||
methodSecurityAdvisor.getConstructorArgumentValues().addIndexedArgumentValue(0, securityInterceptor);
|
||||
registerBeanDefinition(parserContext, methodSecurityAdvisor);
|
||||
BeanDefinitionParserUtils.registerBeanDefinition(parserContext, methodSecurityAdvisor);
|
||||
|
||||
}
|
||||
|
||||
private RootBeanDefinition createAccessDecisionManagerUnanimousBased() {
|
||||
RootBeanDefinition accessDecisionManager = new RootBeanDefinition(UnanimousBased.class);
|
||||
accessDecisionManager.getPropertyValues().addPropertyValue("allowIfAllAbstainDecisions", Boolean.FALSE);
|
||||
RootBeanDefinition roleVoter = createRoleVoter();
|
||||
decisionVoters.add(roleVoter);
|
||||
decisionVoters.add(new RootBeanDefinition(RoleVoter.class));
|
||||
accessDecisionManager.getPropertyValues().addPropertyValue("decisionVoters", decisionVoters);
|
||||
return accessDecisionManager;
|
||||
}
|
||||
|
||||
private RootBeanDefinition createRoleVoter() {
|
||||
return new RootBeanDefinition(RoleVoter.class);
|
||||
}
|
||||
|
||||
private RootBeanDefinition createMethodSecurityInterceptor(RootBeanDefinition authenticationManager) {
|
||||
RootBeanDefinition securityInterceptor = new RootBeanDefinition(MethodSecurityInterceptor.class);
|
||||
securityInterceptor.getPropertyValues().addPropertyValue("authenticationManager", authenticationManager);
|
||||
@ -190,45 +192,36 @@ public class AutoConfigBeanDefinitionParser implements BeanDefinitionParser {
|
||||
}
|
||||
|
||||
private void createAndRegisterBeanDefinitionForExceptionTranslationFilter(ParserContext parserContext) {
|
||||
registerBeanDefinition(parserContext, ExceptionTranslationFilterBeanDefinitionParser
|
||||
BeanDefinitionParserUtils.registerBeanDefinition(parserContext, ExceptionTranslationFilterBeanDefinitionParser
|
||||
.createBeanDefinitionWithDefaults());
|
||||
}
|
||||
|
||||
private void createAndRegisterBeanDefinitionForRememberMeProcessingFilter(ParserContext parserContext,
|
||||
RootBeanDefinition authenticationManager) {
|
||||
registerBeanDefinition(parserContext, RememberMeFilterBeanDefinitionParser.createBeanDefinitionWithDefaults(
|
||||
parserContext, authenticationManager));
|
||||
BeanDefinitionParserUtils.registerBeanDefinition(parserContext, RememberMeFilterBeanDefinitionParser
|
||||
.createBeanDefinitionWithDefaults(parserContext, authenticationManager));
|
||||
}
|
||||
|
||||
private void createAndRegisterBeanDefinitionForAuthenticationProcessingFilter(ParserContext parserContext,
|
||||
RootBeanDefinition authenticationManager, RootBeanDefinition rememberMeServices) {
|
||||
RootBeanDefinition defintion = AuthenticationProcessingFilterBeanDefinitionParser
|
||||
.createBeandefinitionWithDefaults(parserContext, authenticationManager, rememberMeServices);
|
||||
registerBeanDefinition(parserContext, defintion);
|
||||
BeanDefinitionParserUtils.registerBeanDefinition(parserContext, defintion);
|
||||
}
|
||||
|
||||
private void createAndRegisterBeanDefinitionForLogoutFilter(ParserContext parserContext,
|
||||
RootBeanDefinition rememberMeServices) {
|
||||
RootBeanDefinition defintion = LogoutFilterBeanDefinitionParser
|
||||
.createBeanDefinitionWithDefaults(rememberMeServices);
|
||||
registerBeanDefinition(parserContext, defintion);
|
||||
BeanDefinitionParserUtils.registerBeanDefinition(parserContext, defintion);
|
||||
}
|
||||
|
||||
private void createAndRegisterBeanDefinitionForHttpSessionContextIntegrationFilter(ParserContext parserContext) {
|
||||
RootBeanDefinition defintion = ContextIntegrationBeanDefinitionParser.createBeanDefinitionWithDefaults();
|
||||
registerBeanDefinition(parserContext, defintion);
|
||||
BeanDefinitionParserUtils.registerBeanDefinition(parserContext, defintion);
|
||||
// retrieveBeanDefinition(parserContext, o)
|
||||
}
|
||||
|
||||
/**
|
||||
* @param parserContext
|
||||
* @param defintion
|
||||
*/
|
||||
private void registerBeanDefinition(ParserContext parserContext, RootBeanDefinition defintion) {
|
||||
parserContext.getRegistry().registerBeanDefinition(
|
||||
parserContext.getReaderContext().generateBeanName(defintion), defintion);
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a <code>BeanDefinition</code> of the specified type.
|
||||
*
|
||||
@ -247,7 +240,4 @@ public class AutoConfigBeanDefinitionParser implements BeanDefinitionParser {
|
||||
return null;
|
||||
}
|
||||
|
||||
private Class ss(Object o) {
|
||||
return o.getClass();
|
||||
}
|
||||
}
|
||||
|
||||
@ -26,6 +26,8 @@ import org.w3c.dom.Node;
|
||||
*
|
||||
*/
|
||||
public class FilterSecurityInterceptorBeanDefinitionParser extends AbstractBeanDefinitionParser {
|
||||
// ~ static initializers
|
||||
// ================================================================================================
|
||||
|
||||
private static final String OBJECT_DEFINITION_SOURCE_PROPERTY = "objectDefinitionSource";
|
||||
|
||||
@ -37,6 +39,9 @@ public class FilterSecurityInterceptorBeanDefinitionParser extends AbstractBeanD
|
||||
|
||||
private static final String CONFIGURATION_ATTRIB_ATTRIBUTE = "attribute";
|
||||
|
||||
// ~ Methods
|
||||
// ================================================================================================
|
||||
|
||||
protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
|
||||
return createBeanDefinitionForFilterSecurityInterceptor(element, parserContext);
|
||||
}
|
||||
@ -45,7 +50,8 @@ public class FilterSecurityInterceptorBeanDefinitionParser extends AbstractBeanD
|
||||
ParserContext parserContext) {
|
||||
RootBeanDefinition filterInvocationInterceptor = new RootBeanDefinition(FilterSecurityInterceptor.class);
|
||||
|
||||
RootBeanDefinition accessDecisionManager = AuthorizationManagerBeanDefinitionParser.createAccessDecisionManagerAffirmativeBased();
|
||||
RootBeanDefinition accessDecisionManager = AuthorizationManagerBeanDefinitionParser
|
||||
.createAccessDecisionManagerAffirmativeBased();
|
||||
filterInvocationInterceptor.getPropertyValues()
|
||||
.addPropertyValue("accessDecisionManager", accessDecisionManager);
|
||||
|
||||
@ -56,8 +62,12 @@ public class FilterSecurityInterceptorBeanDefinitionParser extends AbstractBeanD
|
||||
Element firstChild = DomUtils.getChildElementByTagName(element, "url-mapping");
|
||||
// if 'url-mapping' element is defined
|
||||
if (firstChild != null) {
|
||||
BeanDefinitionParserUtils.setPropertyIfAvailable(firstChild, OBJECT_DEFINITION_SOURCE_REF_ATTRIBUTE,
|
||||
OBJECT_DEFINITION_SOURCE_PROPERTY, true/* RuntimeBeanReference */, filterInvocationInterceptor);
|
||||
|
||||
if (BeanDefinitionParserUtils.setPropertyIfAvailable(firstChild, OBJECT_DEFINITION_SOURCE_REF_ATTRIBUTE,
|
||||
OBJECT_DEFINITION_SOURCE_PROPERTY, true/* RuntimeBeanReference */, filterInvocationInterceptor)) {
|
||||
return filterInvocationInterceptor;
|
||||
}
|
||||
|
||||
// get 'uri-pattern' or 'path' attribute. not both can be specified
|
||||
// together
|
||||
List uriPatternElements = DomUtils.getChildElementsByTagName(firstChild, "uri-pattern");
|
||||
@ -118,8 +128,8 @@ public class FilterSecurityInterceptorBeanDefinitionParser extends AbstractBeanD
|
||||
mapping.setUrl(url);
|
||||
// get child elements 'configuration-attribute'
|
||||
List configAttributes = DomUtils.getChildElementsByTagName(uriPattern, "configuration-attribute");
|
||||
|
||||
for (Iterator iter = configAttributes.iterator(); iter.hasNext();) {
|
||||
|
||||
for (Iterator iter = configAttributes.iterator(); iter.hasNext();) {
|
||||
Element configAttribute = (Element) iter.next();
|
||||
String configAttributeValue = configAttribute.getAttribute(CONFIGURATION_ATTRIB_ATTRIBUTE);
|
||||
mapping.addConfigAttribute(configAttributeValue);
|
||||
@ -145,11 +155,9 @@ public class FilterSecurityInterceptorBeanDefinitionParser extends AbstractBeanD
|
||||
|
||||
mappings.add(mapping);
|
||||
source.setMappings(mappings);
|
||||
filterInvocationInterceptor.getPropertyValues().addPropertyValue("objectDefinitionSource",
|
||||
filterInvocationInterceptor.getPropertyValues().addPropertyValue(OBJECT_DEFINITION_SOURCE_PROPERTY,
|
||||
source.getDecorated());
|
||||
return filterInvocationInterceptor;
|
||||
}
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
||||
@ -3,8 +3,13 @@
|
||||
*/
|
||||
package org.acegisecurity.config;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Properties;
|
||||
|
||||
import org.acegisecurity.GrantedAuthority;
|
||||
import org.acegisecurity.GrantedAuthorityImpl;
|
||||
import org.acegisecurity.userdetails.User;
|
||||
import org.acegisecurity.userdetails.UserDetails;
|
||||
@ -142,6 +147,15 @@ public class PrincipalRepositoryBeanDefinitionParser extends AbstractBeanDefinit
|
||||
defintion.setSource(parserContext.extractSource(ele));
|
||||
return parserContext.getReaderContext().registerWithGeneratedName(defintion);
|
||||
}
|
||||
|
||||
protected static RootBeanDefinition createSampleUsersUsingProperties() {
|
||||
// properties element
|
||||
RootBeanDefinition defintion = new RootBeanDefinition(PropertiesFactoryBean.class);
|
||||
String location = "classpath:org/acegisecurity/config/user.properties";
|
||||
defintion.getPropertyValues().addPropertyValue("location", location);
|
||||
return defintion;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
*
|
||||
|
||||
@ -30,6 +30,7 @@ public class SecurityNamespaceHandler extends NamespaceHandlerSupport {
|
||||
registerBeanDefinitionParser("authentication-form", new AuthenticationProcessingFilterBeanDefinitionParser());
|
||||
registerBeanDefinitionParser("authorization-manager", new AuthorizationManagerBeanDefinitionParser());
|
||||
registerBeanDefinitionParser("authorization-http-url", new FilterSecurityInterceptorBeanDefinitionParser());
|
||||
registerBeanDefinitionParser("authorization-joinpoint", new AuthorizationMethodBeanDefinitionParser());
|
||||
registerBeanDefinitionParser("autoconfig", new AutoConfigBeanDefinitionParser());
|
||||
}
|
||||
|
||||
|
||||
@ -4,12 +4,15 @@
|
||||
package org.acegisecurity.util;
|
||||
|
||||
import org.springframework.beans.factory.config.RuntimeBeanNameReference;
|
||||
import org.springframework.beans.factory.support.BeanDefinitionReaderUtils;
|
||||
import org.springframework.beans.factory.config.RuntimeBeanReference;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.w3c.dom.Element;
|
||||
|
||||
/**
|
||||
* The convenience methods for the parsing of bean definition xml file.
|
||||
*
|
||||
* @author Vishal Puri
|
||||
*
|
||||
*/
|
||||
@ -40,17 +43,46 @@ public class BeanDefinitionParserUtils {
|
||||
}
|
||||
}
|
||||
|
||||
public static void setPropertyIfAvailable(Element element, String attribute, String property,
|
||||
/**
|
||||
* <p>
|
||||
* Configure a <code>BeanDefinition</code>with the property value
|
||||
* retrieved from xml attribute. If the attribute is like a standard spring
|
||||
* 'ref' attribute as indicated by 'isRunTimeBeanReference', the property
|
||||
* will be resolved as a reference to the spring bean.
|
||||
* </p>
|
||||
*
|
||||
* @param element The parent element.
|
||||
* @param attribute The child attribute.
|
||||
* @param property The configuration property for the BeanDefinition
|
||||
* @param isRunTimeBeanReference Indicates if the property is like a
|
||||
* standard spring 'ref' attribute.
|
||||
* @param definition The BeanDefinition to configure with the property
|
||||
* provided.
|
||||
* @return boolean To indicate if BeanDefinition was configured with a
|
||||
* property.
|
||||
*/
|
||||
public static boolean setPropertyIfAvailable(Element element, String attribute, String property,
|
||||
boolean isRunTimeBeanReference, RootBeanDefinition definition) {
|
||||
String propertyValue = element.getAttribute(attribute);
|
||||
if (StringUtils.hasText(propertyValue)) {
|
||||
if (!isRunTimeBeanReference) {
|
||||
definition.getPropertyValues().addPropertyValue(property, propertyValue);
|
||||
return true;
|
||||
}
|
||||
else {
|
||||
definition.getPropertyValues().addPropertyValue(property, new RuntimeBeanNameReference(propertyValue));
|
||||
definition.getPropertyValues().addPropertyValue(property, new RuntimeBeanReference(propertyValue));
|
||||
return true;
|
||||
}
|
||||
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param parserContext
|
||||
* @param defintion
|
||||
*/
|
||||
public static void registerBeanDefinition(ParserContext parserContext, RootBeanDefinition defintion) {
|
||||
parserContext.getRegistry().registerBeanDefinition(
|
||||
parserContext.getReaderContext().generateBeanName(defintion), defintion);
|
||||
}
|
||||
}
|
||||
|
||||
@ -0,0 +1,4 @@
|
||||
angelina=black,ROLE_ADMIN
|
||||
brad=grey,ROLE_TELLER,ROLE_PERMISSION_LIST
|
||||
paris=pink,ROLE_TELLER
|
||||
bono=sunny,ROLE_PERMISSION_LIST
|
||||
@ -553,20 +553,24 @@
|
||||
<xsd:element name="configuration-attribute"
|
||||
type="ConfigurationAttributeType" />
|
||||
</xsd:sequence>
|
||||
<xsd:attribute name="path" type="xsd:string" use="optional"/>
|
||||
<xsd:attribute name="regularExpression" type="xsd:string" use="optional"/>
|
||||
<xsd:attribute name="path" type="xsd:string" use="optional" />
|
||||
<xsd:attribute name="regularExpression" type="xsd:string"
|
||||
use="optional" />
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:complexType name="ConfigurationAttributeType">
|
||||
<xsd:attribute name="attribute" type="xsd:string" />
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:element name="authorization-manager" type="AuthorizationManagerType"/>
|
||||
|
||||
|
||||
<xsd:element name="authorization-manager"
|
||||
type="AuthorizationManagerType" />
|
||||
|
||||
<xsd:complexType name="AuthorizationManagerType">
|
||||
<xsd:sequence>
|
||||
<xsd:element name="role-voter" type="xsd:string" minOccurs="0" maxOccurs="1"/>
|
||||
<xsd:element name="authenticated-voter" type="xsd:string" minOccurs="0" maxOccurs="1"/>
|
||||
<xsd:element name="role-voter" type="xsd:string"
|
||||
minOccurs="0" maxOccurs="1" />
|
||||
<xsd:element name="authenticated-voter" type="xsd:string"
|
||||
minOccurs="0" maxOccurs="1" />
|
||||
</xsd:sequence>
|
||||
<xsd:attribute name="id" type="xsd:ID">
|
||||
<xsd:annotation>
|
||||
@ -577,9 +581,67 @@
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:attribute>
|
||||
<xsd:attribute name="strategy" type="response" default="affirmative"/>
|
||||
<xsd:attribute name="strategy" type="response"
|
||||
default="affirmative" />
|
||||
</xsd:complexType>
|
||||
|
||||
|
||||
<!-- Authorization JointPoint -->
|
||||
<xsd:element name="authorization-joinpoint"
|
||||
type="AuthorizationJointPointType">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
<![CDATA[
|
||||
|
||||
]]>
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:element>
|
||||
|
||||
<xsd:complexType name="AuthorizationJointPointType">
|
||||
<xsd:sequence minOccurs="1" maxOccurs="1">
|
||||
<xsd:element name="url-mapping"
|
||||
type="JointPointMappingType">
|
||||
</xsd:element>
|
||||
</xsd:sequence>
|
||||
<xsd:attribute name="id" type="xsd:ID">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
<![CDATA[
|
||||
The unique identifier for a bean.
|
||||
]]>
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:attribute>
|
||||
<xsd:attribute name="springAop" type="xsd:boolean"
|
||||
use="optional" />
|
||||
<xsd:attribute name="aspectj" type="xsd:boolean" use="optional" />
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:complexType name="JointPointMappingType">
|
||||
<xsd:sequence minOccurs="1" maxOccurs="unbounded">
|
||||
<xsd:element name="method-pattern" type="MethodPatternType" />
|
||||
</xsd:sequence>
|
||||
<xsd:attribute name="source" type="MethodInterceptorType"
|
||||
default="xml" />
|
||||
<xsd:attribute name="sourceBeanId" type="xsd:string">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
<![CDATA[
|
||||
Reference to an external ObjectDefinitionSource.
|
||||
]]>
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:attribute>
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:complexType name="MethodPatternType">
|
||||
<xsd:sequence minOccurs="1" maxOccurs="unbounded">
|
||||
<xsd:element name="configuration-attribute"
|
||||
type="ConfigurationAttributeType" />
|
||||
</xsd:sequence>
|
||||
<xsd:attribute name="type" type="xsd:string" />
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:simpleType name="response">
|
||||
<xsd:restriction base="xsd:NMTOKEN">
|
||||
<xsd:enumeration value="consensus" />
|
||||
@ -588,6 +650,15 @@
|
||||
</xsd:restriction>
|
||||
</xsd:simpleType>
|
||||
|
||||
<xsd:simpleType name="MethodInterceptorType">
|
||||
<xsd:restriction base="xsd:NMTOKEN">
|
||||
<xsd:enumeration value="xml" />
|
||||
<xsd:enumeration value="attributes" />
|
||||
<xsd:enumeration value="annotations" />
|
||||
<xsd:enumeration value="custom" />
|
||||
</xsd:restriction>
|
||||
</xsd:simpleType>
|
||||
|
||||
<!-- simple internal types -->
|
||||
<xsd:simpleType name="defaultable-boolean">
|
||||
<xsd:restriction base="xsd:NMTOKEN">
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
package org.acegisecurity.config;
|
||||
package org.acegisecurity.config;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
@ -9,13 +9,14 @@ import org.acegisecurity.userdetails.UserDetailsService;
|
||||
import org.acegisecurity.userdetails.memory.InMemoryDaoImpl;
|
||||
import org.acegisecurity.userdetails.memory.UserMap;
|
||||
import org.springframework.beans.PropertyValue;
|
||||
import org.springframework.beans.factory.config.BeanDefinition;
|
||||
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.context.support.ClassPathXmlApplicationContext;
|
||||
|
||||
/**
|
||||
* @author vpuri
|
||||
* @author Vishal Puri
|
||||
*
|
||||
*/
|
||||
public class PrincipalRepositoryNamespaceTests extends TestCase {
|
||||
@ -60,4 +61,5 @@ public class PrincipalRepositoryNamespaceTests extends TestCase {
|
||||
assertEquals(new GrantedAuthorityImpl("ROLE_YO"), users.getUser("vishal").getAuthorities()[0]);
|
||||
assertEquals(new GrantedAuthorityImpl("ROLE_YOYO"), users.getUser("vishal").getAuthorities()[1]);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -12,9 +12,7 @@ http://www.springframework.org/schema/security http://www.springframework.org/sc
|
||||
<import resource="remember-me-defaults.xml" />
|
||||
|
||||
<security:authorization-http-url id="authorizationhttp">
|
||||
<security:url-mapping
|
||||
source="xml - the default and no other options"
|
||||
sourceBeanId="referenceToTheirObjectDefinitionSource">
|
||||
<security:url-mapping source="xml">
|
||||
<!-- Specify security:uri-patterns in order of processing; each pattern must specify EITHER a
|
||||
regularExpression OR a path, but not both and ALL patterns in the url-mapping MUST be of the
|
||||
SAME type (ie cannot mix a regular expression and Ant Path) - give exception if tried -->
|
||||
@ -22,8 +20,7 @@ http://www.springframework.org/schema/security http://www.springframework.org/sc
|
||||
<security:configuration-attribute attribute="ROLE_A" />
|
||||
<security:configuration-attribute attribute="ROLE_B" />
|
||||
</security:uri-pattern>
|
||||
<security:uri-pattern
|
||||
regularExpression="whatever">
|
||||
<security:uri-pattern regularExpression="whatever">
|
||||
<security:configuration-attribute attribute="ROLE_A" />
|
||||
</security:uri-pattern>
|
||||
</security:url-mapping>
|
||||
|
||||
@ -0,0 +1,42 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<beans xmlns="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns:security="http://www.springframework.org/schema/security"
|
||||
xmlns:util="http://www.springframework.org/schema/util"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
|
||||
http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
|
||||
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
|
||||
|
||||
<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
|
||||
<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
|
||||
|
||||
<!--
|
||||
the source refers to use of the relevant concete ObjectDefinitionSource;
|
||||
user can alternately specify their own instance and refer to it
|
||||
via the sourceBeanId property; in that case they must specify "custom";
|
||||
if unspecified, it means it's described as nested elements using the
|
||||
security:method-pattern element, and you will therefore create it via
|
||||
the MethodDefinitionSourceEditor (that is what the default source=xml means, too)
|
||||
For aspectj and springAop, that means create a MethodSecurityInterceptor and
|
||||
AspectJSecurityInterceptor bean definition respectively (in the case of
|
||||
springAop, also create a MethodDefinitionSourceAdvisor); defaults to
|
||||
springAop=true, aspectJ=false
|
||||
-->
|
||||
<import resource="remember-me-defaults.xml" />
|
||||
<import resource="authorization-manager.xml"/>
|
||||
|
||||
<security:authorization-joinpoint id="methodInterceptor"
|
||||
springAop="true" >
|
||||
<security:url-mapping source="annotations">
|
||||
<security:method-pattern
|
||||
type="org.acegisecurity.BankServiceImpl.listAccounts">
|
||||
<security:configuration-attribute attribute="ROLE_A" />
|
||||
<security:configuration-attribute attribute="ROLE_B" />
|
||||
</security:method-pattern>
|
||||
</security:url-mapping>
|
||||
</security:authorization-joinpoint>
|
||||
|
||||
|
||||
|
||||
</beans>
|
||||
@ -0,0 +1,42 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<beans xmlns="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns:security="http://www.springframework.org/schema/security"
|
||||
xmlns:util="http://www.springframework.org/schema/util"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
|
||||
http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
|
||||
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
|
||||
|
||||
<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
|
||||
<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
|
||||
|
||||
<!--
|
||||
the source refers to use of the relevant concete ObjectDefinitionSource;
|
||||
user can alternately specify their own instance and refer to it
|
||||
via the sourceBeanId property; in that case they must specify "custom";
|
||||
if unspecified, it means it's described as nested elements using the
|
||||
security:method-pattern element, and you will therefore create it via
|
||||
the MethodDefinitionSourceEditor (that is what the default source=xml means, too)
|
||||
For aspectj and springAop, that means create a MethodSecurityInterceptor and
|
||||
AspectJSecurityInterceptor bean definition respectively (in the case of
|
||||
springAop, also create a MethodDefinitionSourceAdvisor); defaults to
|
||||
springAop=true, aspectJ=false
|
||||
-->
|
||||
<import resource="remember-me-defaults.xml" />
|
||||
<import resource="authorization-manager.xml"/>
|
||||
|
||||
<security:authorization-joinpoint id="methodInterceptor"
|
||||
aspectj="true" >
|
||||
<security:url-mapping source="annotations">
|
||||
<security:method-pattern
|
||||
type="org.acegisecurity.BankServiceImpl.listAccounts">
|
||||
<security:configuration-attribute attribute="ROLE_A" />
|
||||
<security:configuration-attribute attribute="ROLE_B" />
|
||||
</security:method-pattern>
|
||||
</security:url-mapping>
|
||||
</security:authorization-joinpoint>
|
||||
|
||||
|
||||
|
||||
</beans>
|
||||
@ -0,0 +1,42 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<beans xmlns="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns:security="http://www.springframework.org/schema/security"
|
||||
xmlns:util="http://www.springframework.org/schema/util"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
|
||||
http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
|
||||
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
|
||||
|
||||
<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
|
||||
<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
|
||||
|
||||
<!--
|
||||
the source refers to use of the relevant concete ObjectDefinitionSource;
|
||||
user can alternately specify their own instance and refer to it
|
||||
via the sourceBeanId property; in that case they must specify "custom";
|
||||
if unspecified, it means it's described as nested elements using the
|
||||
security:method-pattern element, and you will therefore create it via
|
||||
the MethodDefinitionSourceEditor (that is what the default source=xml means, too)
|
||||
For aspectj and springAop, that means create a MethodSecurityInterceptor and
|
||||
AspectJSecurityInterceptor bean definition respectively (in the case of
|
||||
springAop, also create a MethodDefinitionSourceAdvisor); defaults to
|
||||
springAop=true, aspectJ=false
|
||||
-->
|
||||
<import resource="remember-me-defaults.xml" />
|
||||
<import resource="authorization-manager.xml"/>
|
||||
|
||||
<security:authorization-joinpoint id="methodInterceptor"
|
||||
springAop="true" >
|
||||
<security:url-mapping source="attributes">
|
||||
<security:method-pattern
|
||||
type="org.acegisecurity.BankServiceImpl.listAccounts">
|
||||
<security:configuration-attribute attribute="ROLE_A" />
|
||||
<security:configuration-attribute attribute="ROLE_B" />
|
||||
</security:method-pattern>
|
||||
</security:url-mapping>
|
||||
</security:authorization-joinpoint>
|
||||
|
||||
|
||||
|
||||
</beans>
|
||||
@ -0,0 +1,56 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<beans xmlns="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns:security="http://www.springframework.org/schema/security"
|
||||
xmlns:util="http://www.springframework.org/schema/util"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
|
||||
http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
|
||||
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
|
||||
|
||||
<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
|
||||
<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
|
||||
|
||||
<!--
|
||||
the source refers to use of the relevant concete ObjectDefinitionSource;
|
||||
user can alternately specify their own instance and refer to it
|
||||
via the sourceBeanId property; in that case they must specify "custom";
|
||||
if unspecified, it means it's described as nested elements using the
|
||||
security:method-pattern element, and you will therefore create it via
|
||||
the MethodDefinitionSourceEditor (that is what the default source=xml means, too)
|
||||
For aspectj and springAop, that means create a MethodSecurityInterceptor and
|
||||
AspectJSecurityInterceptor bean definition respectively (in the case of
|
||||
springAop, also create a MethodDefinitionSourceAdvisor); defaults to
|
||||
springAop=true, aspectJ=false
|
||||
-->
|
||||
<import resource="remember-me-defaults.xml" />
|
||||
<import resource="authorization-manager.xml"/>
|
||||
|
||||
<security:authorization-joinpoint id="methodInterceptor"
|
||||
springAop="true" >
|
||||
<security:url-mapping source="xml">
|
||||
<security:method-pattern
|
||||
type="org.acegisecurity.BankServiceImpl.listAccounts">
|
||||
<security:configuration-attribute attribute="ROLE_A" />
|
||||
</security:method-pattern>
|
||||
</security:url-mapping>
|
||||
</security:authorization-joinpoint>
|
||||
|
||||
|
||||
<!--
|
||||
<bean id="methodSecurity" class="org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor">
|
||||
<property name="validateConfigAttributes"><value>true</value></property>
|
||||
<property name="authenticationManager"><ref bean="authenticationManager"/></property>
|
||||
<property name="accessDecisionManager"><ref bean="accessDecisionManager"/></property>
|
||||
<property name="runAsManager"><ref bean="runAsManager"/></property>
|
||||
<property name="afterInvocationManager"><ref bean="afterInvocationManager"/></property>
|
||||
<property name="objectDefinitionSource">
|
||||
<value>
|
||||
org.acegisecurity.context.BankManager.delete*=ROLE_SUPERVISOR,RUN_AS_SERVER
|
||||
org.acegisecurity.context.BankManager.getBalance=ROLE_TELLER,ROLE_SUPERVISOR,BANKSECURITY_CUSTOMER,RUN_AS_SERVER
|
||||
</value>
|
||||
</property>
|
||||
</bean>
|
||||
-->
|
||||
|
||||
</beans>
|
||||
Loading…
x
Reference in New Issue
Block a user