Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SEC-1013: Refactored out use of ConfigAttributeDefinition from remaining interfaces

This commit is contained in:
Luke Taylor 2008-10-30 04:10:54 +00:00
parent c7abdadc06
commit a7d046357b
102 changed files with 896 additions and 1417 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
acl/src/main/java/org/springframework/security/afterinvocation/AclEntryAfterInvocationCollectionFilteringProvider.java
View File

@ -14,21 +14,19 @@
*/
package org.springframework.security.afterinvocation;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.Authentication;
import org.springframework.security.AuthorizationServiceException;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.acls.AclService;
import org.springframework.security.acls.Permission;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import java.util.Collection;
import java.util.Iterator;
/**
* <p>
@ -75,7 +73,7 @@ public class AclEntryAfterInvocationCollectionFilteringProvider extends Abstract
//~ Methods ========================================================================================================
public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
public Object decide(Authentication authentication, Object object, List<ConfigAttribute> config,
Object returnedObject) throws AccessDeniedException {
if (returnedObject == null) {
@ -86,7 +84,7 @@ public class AclEntryAfterInvocationCollectionFilteringProvider extends Abstract
return null;
}
Iterator iter = config.getConfigAttributes().iterator();
Iterator iter = config.iterator();
while (iter.hasNext()) {
ConfigAttribute attr = (ConfigAttribute) iter.next();

25
acl/src/main/java/org/springframework/security/afterinvocation/AclEntryAfterInvocationProvider.java
View File

@ -14,23 +14,20 @@
*/
package org.springframework.security.afterinvocation;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.SpringSecurityMessageSource;
import org.springframework.security.Authentication;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.acls.AclService;
import org.springframework.security.acls.Permission;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.context.MessageSource;
import org.springframework.context.MessageSourceAware;
import org.springframework.context.support.MessageSourceAccessor;
import java.util.Iterator;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.Authentication;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.SpringSecurityMessageSource;
import org.springframework.security.acls.AclService;
import org.springframework.security.acls.Permission;
/**
@ -74,10 +71,10 @@ public class AclEntryAfterInvocationProvider extends AbstractAclProvider impleme
//~ Methods ========================================================================================================
public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
public Object decide(Authentication authentication, Object object, List<ConfigAttribute> config,
Object returnedObject) throws AccessDeniedException {
Iterator iter = config.getConfigAttributes().iterator();
Iterator iter = config.iterator();
if (returnedObject == null) {
// AclManager interface contract prohibits nulls
@ -95,7 +92,7 @@ public class AclEntryAfterInvocationProvider extends AbstractAclProvider impleme
}
return returnedObject;
}
}
while (iter.hasNext()) {
ConfigAttribute attr = (ConfigAttribute) iter.next();

8
acl/src/main/java/org/springframework/security/vote/AclEntryVoter.java
View File

@ -17,11 +17,11 @@ package org.springframework.security.vote;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.util.Iterator;
import java.util.List;
import org.springframework.security.Authentication;
import org.springframework.security.AuthorizationServiceException;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.acls.Acl;
import org.springframework.security.acls.AclService;
import org.springframework.security.acls.NotFoundException;
@ -150,11 +150,9 @@ public class AclEntryVoter extends AbstractAclVoter {
}
}
public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config) {
Iterator iter = config.getConfigAttributes().iterator();
public int vote(Authentication authentication, Object object, List<ConfigAttribute> attributes) {
while (iter.hasNext()) {
ConfigAttribute attr = (ConfigAttribute) iter.next();
for(ConfigAttribute attr : attributes) {
if (!this.supports(attr)) {
continue;

6
core/src/main/java/org/springframework/security/AccessDecisionManager.java
View File

@ -15,6 +15,8 @@
package org.springframework.security;
import java.util.List;
/**
* Makes a final access control (authorization) decision.
*
@ -29,14 +31,14 @@ public interface AccessDecisionManager {
*
* @param authentication the caller invoking the method
* @param object the secured object being called
* @param config the configuration attributes associated with the secured object being invoked
* @param configAttributes the configuration attributes associated with the secured object being invoked
*
* @throws AccessDeniedException if access is denied as the authentication does not hold a required authority or
* ACL privilege
* @throws InsufficientAuthenticationException if access is denied as the authentication does not provide a
* sufficient level of trust
*/
void decide(Authentication authentication, Object object, ConfigAttributeDefinition config)
void decide(Authentication authentication, Object object, List<ConfigAttribute> configAttributes)
throws AccessDeniedException, InsufficientAuthenticationException;
/**

4
core/src/main/java/org/springframework/security/AfterInvocationManager.java
View File

@ -15,6 +15,8 @@
package org.springframework.security;
import java.util.List;
/**
* Reviews the <code>Object</code> returned from a secure object invocation,
* being able to modify the <code>Object</code> or throw an {@link
@ -60,7 +62,7 @@ public interface AfterInvocationManager {
*
* @throws AccessDeniedException if access is denied
*/
Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
Object decide(Authentication authentication, Object object, List<ConfigAttribute> config,
Object returnedObject) throws AccessDeniedException;
/**

7
core/src/main/java/org/springframework/security/ConfigAttribute.java
View File

@ -27,12 +27,9 @@ import java.io.Serializable;
* patterns. These configuration attributes have special meaning to a {@link
* RunAsManager}, {@link AccessDecisionManager} or
* <code>AccessDecisionManager</code> delegate.
* </p>
*
* <P>
* Stored at runtime with other <code>ConfigAttribute</code>s for the same
* secure object target within a {@link ConfigAttributeDefinition}.
* </p>
* <p>
* Stored at runtime with other <code>ConfigAttribute</code>s for the same secure object target.
*
* @author Ben Alex
* @version $Id$

2
core/src/main/java/org/springframework/security/ConfigAttributeEditor.java
View File

@ -20,7 +20,7 @@ import org.springframework.util.StringUtils;
import java.beans.PropertyEditorSupport;
/**
* A property editor that can create a populated {@link ConfigAttributeDefinition} from a comma separated list of
* A property editor that can create a populated {@link List<ConfigAttribute>} from a comma separated list of
* values.
* <p>
* Trims preceding and trailing spaces from presented command separated tokens, as this can be a source

4
core/src/main/java/org/springframework/security/RunAsManager.java
View File

@ -15,6 +15,8 @@
package org.springframework.security;
import java.util.List;
/**
* Creates a new temporary {@link Authentication} object for the current secure
* object invocation only.
@ -71,7 +73,7 @@ public interface RunAsManager {
* @return a replacement object to be used for duration of the secure object invocation, or <code>null</code> if
* the <code>Authentication</code> should be left as is
*/
Authentication buildRunAs(Authentication authentication, Object object, ConfigAttributeDefinition config);
Authentication buildRunAs(Authentication authentication, Object object, List<ConfigAttribute> config);
/**
* Indicates whether this <code>RunAsManager</code> is able to process the passed

5
core/src/main/java/org/springframework/security/afterinvocation/AfterInvocationProvider.java
View File

@ -15,10 +15,11 @@
package org.springframework.security.afterinvocation;
import java.util.List;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.Authentication;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
/**
@ -30,7 +31,7 @@ import org.springframework.security.ConfigAttributeDefinition;
public interface AfterInvocationProvider {
//~ Methods ========================================================================================================
Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
Object decide(Authentication authentication, Object object, List<ConfigAttribute> config,
Object returnedObject) throws AccessDeniedException;
/**

6
core/src/main/java/org/springframework/security/afterinvocation/AfterInvocationProviderManager.java
View File

@ -19,8 +19,6 @@ import org.springframework.security.AccessDeniedException;
import org.springframework.security.AfterInvocationManager;
import org.springframework.security.Authentication;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@ -35,7 +33,7 @@ import java.util.List;
* Provider-based implementation of {@link AfterInvocationManager}.<p>Handles configuration of a bean context
* defined list of {@link AfterInvocationProvider}s.</p>
* <p>Every <code>AfterInvocationProvider</code> will be polled when the {@link #decide(Authentication, Object,
* ConfigAttributeDefinition, Object)} method is called. The <code>Object</code> returned from each provider will be
* List<ConfigAttribute>, Object)} method is called. The <code>Object</code> returned from each provider will be
* presented to the successive provider for processing. This means each provider <b>must</b> ensure they return the
* <code>Object</code>, even if they are not interested in the "after invocation" decision (perhaps as the secure
* object invocation did not include a configuration attribute a given provider is configured to respond to).</p>
@ -64,7 +62,7 @@ public class AfterInvocationProviderManager implements AfterInvocationManager, I
}
}
public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
public Object decide(Authentication authentication, Object object, List<ConfigAttribute> config,
Object returnedObject) throws AccessDeniedException {
Iterator iter = this.providers.iterator();

22
core/src/main/java/org/springframework/security/afterinvocation/BasicAclEntryAfterInvocationCollectionFilteringProvider.java
View File

@ -14,27 +14,23 @@
*/
package org.springframework.security.afterinvocation;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.Authentication;
import org.springframework.security.AuthorizationServiceException;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.acl.AclEntry;
import org.springframework.security.acl.AclManager;
import org.springframework.security.acl.basic.BasicAclEntry;
import org.springframework.security.acl.basic.SimpleAclEntry;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.util.Assert;
import java.util.Collection;
import java.util.Iterator;
/**
* <p>Given a <code>Collection</code> of domain object instances returned from a secure object invocation, remove
@ -91,9 +87,9 @@ public class BasicAclEntryAfterInvocationCollectionFilteringProvider implements
}
}
public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
public Object decide(Authentication authentication, Object object, List<ConfigAttribute> config,
Object returnedObject) throws AccessDeniedException {
Iterator iter = config.getConfigAttributes().iterator();
Iterator iter = config.iterator();
while (iter.hasNext()) {
ConfigAttribute attr = (ConfigAttribute) iter.next();

31
core/src/main/java/org/springframework/security/afterinvocation/BasicAclEntryAfterInvocationProvider.java
View File

@ -15,31 +15,26 @@
package org.springframework.security.afterinvocation;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.SpringSecurityMessageSource;
import org.springframework.security.Authentication;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.acl.AclEntry;
import org.springframework.security.acl.AclManager;
import org.springframework.security.acl.basic.BasicAclEntry;
import org.springframework.security.acl.basic.SimpleAclEntry;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.MessageSource;
import org.springframework.context.MessageSourceAware;
import org.springframework.context.i18n.LocaleContextHolder;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.Authentication;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.SpringSecurityMessageSource;
import org.springframework.security.acl.AclEntry;
import org.springframework.security.acl.AclManager;
import org.springframework.security.acl.basic.BasicAclEntry;
import org.springframework.security.acl.basic.SimpleAclEntry;
import org.springframework.util.Assert;
import java.util.Iterator;
/**
* <p>Given a domain object instance returned from a secure object invocation, ensures the principal has
* appropriate permission as defined by the {@link AclManager}.</p>
@ -61,7 +56,7 @@ import java.util.Iterator;
* <p>If the provided <code>returnObject</code> is <code>null</code>, permission will always be granted and
* <code>null</code> will be returned.</p>
* <p>All comparisons and prefixes are case sensitive.</p>
*
*
* @deprecated Use new spring-security-acl module instead
*/
public class BasicAclEntryAfterInvocationProvider implements AfterInvocationProvider, InitializingBean,
@ -90,9 +85,9 @@ public class BasicAclEntryAfterInvocationProvider implements AfterInvocationProv
}
}
public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
public Object decide(Authentication authentication, Object object, List<ConfigAttribute> config,
Object returnedObject) throws AccessDeniedException {
Iterator iter = config.getConfigAttributes().iterator();
Iterator iter = config.iterator();
while (iter.hasNext()) {
ConfigAttribute attr = (ConfigAttribute) iter.next();

3
core/src/main/java/org/springframework/security/annotation/Jsr250MethodDefinitionSource.java
View File

@ -27,7 +27,6 @@ import javax.annotation.security.RolesAllowed;
import org.springframework.core.annotation.AnnotationUtils;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.intercept.method.AbstractFallbackMethodDefinitionSource;
@ -48,7 +47,7 @@ public class Jsr250MethodDefinitionSource extends AbstractFallbackMethodDefiniti
return processAnnotations(AnnotationUtils.getAnnotations(method));
}
public Collection<List<? extends ConfigAttribute>> getConfigAttributeDefinitions() {
public Collection<List<? extends ConfigAttribute>> getAllConfigAttributes() {
return null;
}

6
core/src/main/java/org/springframework/security/annotation/Jsr250Voter.java
View File

@ -2,11 +2,11 @@ package org.springframework.security.annotation;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.Authentication;
import org.springframework.security.vote.AccessDecisionVoter;
import java.util.Iterator;
import java.util.List;
/**
* Voter on JSR-250 configuration attributes.
@ -44,9 +44,9 @@ public class Jsr250Voter implements AccessDecisionVoter {
* @param definition The configuration definition.
* @return The vote.
*/
public int vote(Authentication authentication, Object object, ConfigAttributeDefinition definition) {
public int vote(Authentication authentication, Object object, List<ConfigAttribute> definition) {
int result = ACCESS_ABSTAIN;
Iterator iter = definition.getConfigAttributes().iterator();
Iterator iter = definition.iterator();
while (iter.hasNext()) {
ConfigAttribute attribute = (ConfigAttribute) iter.next();

2
core/src/main/java/org/springframework/security/annotation/SecuredMethodDefinitionSource.java
View File

@ -43,7 +43,7 @@ public class SecuredMethodDefinitionSource extends AbstractFallbackMethodDefinit
return processAnnotation(AnnotationUtils.findAnnotation(method, Secured.class));
}
public Collection<List<? extends ConfigAttribute>> getConfigAttributeDefinitions() {
public Collection<List<? extends ConfigAttribute>> getAllConfigAttributes() {
return null;
}

5
core/src/main/java/org/springframework/security/config/FilterChainProxyPostProcessor.java
View File

@ -17,7 +17,6 @@ import org.springframework.beans.factory.config.BeanPostProcessor;
import org.springframework.core.OrderComparator;
import org.springframework.core.Ordered;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.config.ConfigUtils.FilterChainList;
import org.springframework.security.context.HttpSessionContextIntegrationFilter;
import org.springframework.security.intercept.web.DefaultFilterInvocationDefinitionSource;
@ -160,8 +159,6 @@ public class FilterChainProxyPostProcessor implements BeanPostProcessor, BeanFac
return;
}
ConfigAttributeDefinition cad = new ConfigAttributeDefinition(fids.lookupAttributes(loginPage, "POST"));
if (!beanFactory.containsBean(BeanIds.ANONYMOUS_PROCESSING_FILTER)) {
logger.warn("The login page is being protected by the filter chain, but you don't appear to have" +
" anonymous authentication enabled. This is almost certainly an error.");
@ -174,7 +171,7 @@ public class FilterChainProxyPostProcessor implements BeanPostProcessor, BeanFac
new AnonymousAuthenticationToken("key", anonPF.getUserAttribute().getPassword(),
anonPF.getUserAttribute().getAuthorities());
try {
fsi.getAccessDecisionManager().decide(token, new Object(), cad);
fsi.getAccessDecisionManager().decide(token, new Object(), fids.lookupAttributes(loginPage, "POST"));
} catch (Exception e) {
logger.warn("Anonymous access to the login page doesn't appear to be enabled. This is almost certainly " +
"an error. Please check your configuration allows unauthenticated access to the configured " +

11
core/src/main/java/org/springframework/security/config/HttpSecurityBeanDefinitionParser.java
View File

@ -12,13 +12,11 @@ import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.beans.factory.config.RuntimeBeanReference;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.springframework.beans.factory.support.BeanDefinitionRegistry;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.beans.factory.support.ManagedList;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.beans.factory.xml.BeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.ConfigAttributeEditor;
import org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter;
import org.springframework.security.context.HttpSessionContextIntegrationFilter;
import org.springframework.security.intercept.web.DefaultFilterInvocationDefinitionSource;
import org.springframework.security.intercept.web.FilterSecurityInterceptor;
@ -26,17 +24,18 @@ import org.springframework.security.intercept.web.RequestKey;
import org.springframework.security.securechannel.ChannelDecisionManagerImpl;
import org.springframework.security.securechannel.ChannelProcessingFilter;
import org.springframework.security.securechannel.InsecureChannelProcessor;
import org.springframework.security.securechannel.SecureChannelProcessor;
import org.springframework.security.securechannel.RetryWithHttpEntryPoint;
import org.springframework.security.securechannel.RetryWithHttpsEntryPoint;
import org.springframework.security.securechannel.SecureChannelProcessor;
import org.springframework.security.ui.AccessDeniedHandlerImpl;
import org.springframework.security.ui.ExceptionTranslationFilter;
import org.springframework.security.ui.SessionFixationProtectionFilter;
import org.springframework.security.ui.webapp.DefaultLoginPageGeneratingFilter;
import org.springframework.security.util.AntUrlPathMatcher;
import org.springframework.security.util.FilterChainProxy;
import org.springframework.security.util.RegexUrlPathMatcher;
import org.springframework.security.util.AntUrlPathMatcher;
import org.springframework.security.util.UrlMatcher;
import org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter;
import org.springframework.util.StringUtils;
import org.springframework.util.xml.DomUtils;
import org.w3c.dom.Element;
@ -603,7 +602,7 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
String access = urlElt.getAttribute(ATT_ACCESS_CONFIG);
// Convert the comma-separated list of access attributes to a ConfigAttributeDefinition
// Convert the comma-separated list of access attributes to a List<ConfigAttribute>
if (StringUtils.hasText(access)) {
editor.setAsText(access);
Object key = new RequestKey(path, method);

22
core/src/main/java/org/springframework/security/event/authorization/AuthenticationCredentialsNotFoundEvent.java
View File

@ -15,8 +15,10 @@
package org.springframework.security.event.authorization;
import java.util.List;
import org.springframework.security.AuthenticationCredentialsNotFoundException;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.ConfigAttribute;
/**
@ -30,36 +32,34 @@ public class AuthenticationCredentialsNotFoundEvent extends AbstractAuthorizatio
//~ Instance fields ================================================================================================
private AuthenticationCredentialsNotFoundException credentialsNotFoundException;
private ConfigAttributeDefinition configAttributeDefinition;
private List<ConfigAttribute> configAttribs;
//~ Constructors ===================================================================================================
/**
/**
* Construct the event.
*
* @param secureObject the secure object
* @param configAttribs that apply to the secure object
* @param credentialsNotFoundException exception returned to the caller
* (contains reason)
* @param credentialsNotFoundException exception returned to the caller (contains reason)
*
* @throws IllegalArgumentException DOCUMENT ME!
*/
public AuthenticationCredentialsNotFoundEvent(Object secureObject, ConfigAttributeDefinition configAttribs,
AuthenticationCredentialsNotFoundException credentialsNotFoundException) {
public AuthenticationCredentialsNotFoundEvent(Object secureObject, List<ConfigAttribute> configAttribs,
AuthenticationCredentialsNotFoundException credentialsNotFoundException) {
super(secureObject);
if ((configAttribs == null) || (credentialsNotFoundException == null)) {
throw new IllegalArgumentException("All parameters are required and cannot be null");
}
this.configAttributeDefinition = configAttribs;
this.configAttribs = configAttribs;
this.credentialsNotFoundException = credentialsNotFoundException;
}
//~ Methods ========================================================================================================
public ConfigAttributeDefinition getConfigAttributeDefinition() {
return configAttributeDefinition;
public List<ConfigAttribute> getConfigAttributes() {
return configAttribs;
}
public AuthenticationCredentialsNotFoundException getCredentialsNotFoundException() {

10
core/src/main/java/org/springframework/security/event/authorization/AuthorizationFailureEvent.java
View File

@ -15,9 +15,11 @@
package org.springframework.security.event.authorization;
import java.util.List;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.Authentication;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.ConfigAttribute;
/**
@ -36,7 +38,7 @@ public class AuthorizationFailureEvent extends AbstractAuthorizationEvent {
private AccessDeniedException accessDeniedException;
private Authentication authentication;
private ConfigAttributeDefinition configAttributeDefinition;
private List<ConfigAttribute> configAttributeDefinition;
//~ Constructors ===================================================================================================
@ -51,7 +53,7 @@ public class AuthorizationFailureEvent extends AbstractAuthorizationEvent {
*
* @throws IllegalArgumentException if any null arguments are presented.
*/
public AuthorizationFailureEvent(Object secureObject, ConfigAttributeDefinition configAttribs,
public AuthorizationFailureEvent(Object secureObject, List<ConfigAttribute> configAttribs,
Authentication authentication, AccessDeniedException accessDeniedException) {
super(secureObject);
@ -74,7 +76,7 @@ public class AuthorizationFailureEvent extends AbstractAuthorizationEvent {
return authentication;
}
public ConfigAttributeDefinition getConfigAttributeDefinition() {
public List<ConfigAttribute> getConfigAttributes() {
return configAttributeDefinition;
}
}

13
core/src/main/java/org/springframework/security/event/authorization/AuthorizedEvent.java
View File

@ -15,8 +15,10 @@
package org.springframework.security.event.authorization;
import java.util.List;
import org.springframework.security.Authentication;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.ConfigAttribute;
/**
@ -30,20 +32,19 @@ public class AuthorizedEvent extends AbstractAuthorizationEvent {
//~ Instance fields ================================================================================================
private Authentication authentication;
private ConfigAttributeDefinition configAttributeDefinition;
private List<ConfigAttribute> configAttributeDefinition;
//~ Constructors ===================================================================================================
/**
/**
* Construct the event.
*
* @param secureObject the secure object
* @param configAttribs that apply to the secure object
* @param authentication that successfully called the secure object
*
* @throws IllegalArgumentException DOCUMENT ME!
*/
public AuthorizedEvent(Object secureObject, ConfigAttributeDefinition configAttribs, Authentication authentication) {
public AuthorizedEvent(Object secureObject, List<ConfigAttribute> configAttribs, Authentication authentication) {
super(secureObject);
if ((configAttribs == null) || (authentication == null)) {
@ -60,7 +61,7 @@ public class AuthorizedEvent extends AbstractAuthorizationEvent {
return authentication;
}
public ConfigAttributeDefinition getConfigAttributeDefinition() {
public List<ConfigAttribute> getConfigAttributes() {
return configAttributeDefinition;
}
}

6
core/src/main/java/org/springframework/security/event/authorization/LoggerListener.java
View File

@ -46,7 +46,7 @@ public class LoggerListener implements ApplicationListener {
if (logger.isWarnEnabled()) {
logger.warn("Security interception failed due to: " + authEvent.getCredentialsNotFoundException()
+ "; secure object: " + authEvent.getSource() + "; configuration attributes: "
+ authEvent.getConfigAttributeDefinition());
+ authEvent.getConfigAttributes());
}
}
@ -57,7 +57,7 @@ public class LoggerListener implements ApplicationListener {
logger.warn("Security authorization failed due to: " + authEvent.getAccessDeniedException()
+ "; authenticated principal: " + authEvent.getAuthentication()
+ "; secure object: " + authEvent.getSource()
+ "; configuration attributes: " + authEvent.getConfigAttributeDefinition());
+ "; configuration attributes: " + authEvent.getConfigAttributes());
}
}
@ -67,7 +67,7 @@ public class LoggerListener implements ApplicationListener {
if (logger.isInfoEnabled()) {
logger.info("Security authorized for authenticated principal: " + authEvent.getAuthentication()
+ "; secure object: " + authEvent.getSource() + "; configuration attributes: "
+ authEvent.getConfigAttributeDefinition());
+ authEvent.getConfigAttributes());
}
}

2
core/src/main/java/org/springframework/security/event/authorization/PublicInvocationEvent.java
View File

@ -17,7 +17,7 @@ package org.springframework.security.event.authorization;
/**
* Event that is generated whenever a public secure object is invoked.<p>A public secure object is a secure object
* that has no <code>ConfigAttributeDefinition</code> defined. A public secure object will not cause the
* that has no <code>ConfigAttribute</code>s defined. A public secure object will not cause the
* <code>SecurityContextHolder</code> to be inspected or authenticated, and no authorization will take place.</p>
* <p>Published just before the secure object attempts to proceed.</p>
*

17
core/src/main/java/org/springframework/security/expression/SecurityExpressionRoot.java
View File

@ -7,6 +7,12 @@ import org.springframework.security.AuthenticationTrustResolver;
import org.springframework.security.AuthenticationTrustResolverImpl;
import org.springframework.security.util.AuthorityUtils;
/**
* Default root object for use in Spring Security expression evaluations.
*
* @author Luke Taylor
*
*/
public class SecurityExpressionRoot {
private Authentication authentication;
private AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl();
@ -21,6 +27,9 @@ public class SecurityExpressionRoot {
public SecurityExpressionRoot(Authentication a) {
if (a == null) {
throw new IllegalArgumentException("Authentication object cannot be null");
}
this.authentication = a;
}
@ -56,14 +65,14 @@ public class SecurityExpressionRoot {
return trustResolver.isRememberMe(authentication);
}
public Authentication getAuthentication() {
return authentication;
}
public final boolean isFullyAuthenticated() {
return !trustResolver.isAnonymous(authentication) && !trustResolver.isRememberMe(authentication);
}
public Authentication getAuthentication() {
return authentication;
}
public void setFilterObject(Object filterObject) {
this.filterObject = filterObject;
}

6
core/src/main/java/org/springframework/security/expression/support/ExpressionAnnotationMethodDefinitionSource.java
View File

@ -37,6 +37,10 @@ import org.springframework.util.ClassUtils;
public class ExpressionAnnotationMethodDefinitionSource extends AbstractMethodDefinitionSource {
public List<ConfigAttribute> getAttributes(Method method, Class targetClass) {
if (method.getDeclaringClass() == Object.class) {
return null;
}
logger.debug("Looking for expression annotations for method '" +
method.getName() + "' on target class '" + targetClass + "'");
PreFilter preFilter = findAnnotation(method, targetClass, PreFilter.class);
@ -101,7 +105,7 @@ public class ExpressionAnnotationMethodDefinitionSource extends AbstractMethodDe
return null;
}
public Collection<List<? extends ConfigAttribute>> getConfigAttributeDefinitions() {
public Collection<List<? extends ConfigAttribute>> getAllConfigAttributes() {
return null;
}

8
core/src/main/java/org/springframework/security/expression/support/MethodExpressionAfterInvocationProvider.java
View File

@ -1,6 +1,7 @@
package org.springframework.security.expression.support;
import java.lang.reflect.Method;
import java.util.List;
import org.aopalliance.intercept.MethodInvocation;
import org.apache.commons.logging.Log;
@ -13,7 +14,6 @@ import org.springframework.expression.spel.standard.StandardEvaluationContext;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.Authentication;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.afterinvocation.AfterInvocationProvider;
import org.springframework.security.expression.ExpressionUtils;
import org.springframework.security.expression.SecurityExpressionRoot;
@ -32,7 +32,7 @@ public class MethodExpressionAfterInvocationProvider implements AfterInvocationP
private ParameterNameDiscoverer parameterNameDiscoverer = new LocalVariableTableParameterNameDiscoverer();
public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config, Object returnedObject)
public Object decide(Authentication authentication, Object object, List<ConfigAttribute> config, Object returnedObject)
throws AccessDeniedException {
PostInvocationExpressionConfigAttribute mca = findMethodAccessControlExpression(config);
@ -86,9 +86,9 @@ public class MethodExpressionAfterInvocationProvider implements AfterInvocationP
}
}
private PostInvocationExpressionConfigAttribute findMethodAccessControlExpression(ConfigAttributeDefinition config) {
private PostInvocationExpressionConfigAttribute findMethodAccessControlExpression(List<ConfigAttribute> config) {
// Find the MethodAccessControlExpression attribute
for (ConfigAttribute attribute : config.getConfigAttributes()) {
for (ConfigAttribute attribute : config) {
if (attribute instanceof PostInvocationExpressionConfigAttribute) {
return (PostInvocationExpressionConfigAttribute)attribute;
}

10
core/src/main/java/org/springframework/security/expression/support/MethodExpressionVoter.java
View File

@ -1,6 +1,7 @@
package org.springframework.security.expression.support;
import java.lang.reflect.Method;
import java.util.List;
import org.aopalliance.intercept.MethodInvocation;
import org.apache.commons.logging.Log;
@ -12,7 +13,6 @@ import org.springframework.expression.Expression;
import org.springframework.expression.spel.standard.StandardEvaluationContext;
import org.springframework.security.Authentication;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.expression.ExpressionUtils;
import org.springframework.security.expression.SecurityExpressionRoot;
import org.springframework.security.vote.AccessDecisionVoter;
@ -43,8 +43,8 @@ public class MethodExpressionVoter implements AccessDecisionVoter {
return clazz.isAssignableFrom(MethodInvocation.class);
}
public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config) {
PreInvocationExpressionConfigAttribute mace = findMethodAccessControlExpression(config);
public int vote(Authentication authentication, Object object, List<ConfigAttribute> attributes) {
PreInvocationExpressionConfigAttribute mace = findMethodAccessControlExpression(attributes);
if (mace == null) {
// No expression based metadata, so abstain
@ -102,9 +102,9 @@ public class MethodExpressionVoter implements AccessDecisionVoter {
return filterTarget;
}
private PreInvocationExpressionConfigAttribute findMethodAccessControlExpression(ConfigAttributeDefinition config) {
private PreInvocationExpressionConfigAttribute findMethodAccessControlExpression(List<ConfigAttribute> config) {
// Find the MethodAccessControlExpression attribute
for (ConfigAttribute attribute : config.getConfigAttributes()) {
for (ConfigAttribute attribute : config) {
if (attribute instanceof PreInvocationExpressionConfigAttribute) {
return (PreInvocationExpressionConfigAttribute)attribute;
}

166
core/src/main/java/org/springframework/security/intercept/AbstractSecurityInterceptor.java
View File

@ -15,46 +15,37 @@
package org.springframework.security.intercept;
import org.springframework.security.AccessDecisionManager;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.SpringSecurityMessageSource;
import org.springframework.security.AfterInvocationManager;
import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationCredentialsNotFoundException;
import org.springframework.security.AuthenticationManager;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.RunAsManager;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.event.authorization.AuthenticationCredentialsNotFoundEvent;
import org.springframework.security.event.authorization.AuthorizationFailureEvent;
import org.springframework.security.event.authorization.AuthorizedEvent;
import org.springframework.security.event.authorization.PublicInvocationEvent;
import org.springframework.security.runas.NullRunAsManager;
import java.util.Collection;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.ApplicationEvent;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.ApplicationEventPublisherAware;
import org.springframework.context.MessageSource;
import org.springframework.context.MessageSourceAware;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.security.AccessDecisionManager;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.AfterInvocationManager;
import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationCredentialsNotFoundException;
import org.springframework.security.AuthenticationManager;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.RunAsManager;
import org.springframework.security.SpringSecurityMessageSource;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.event.authorization.AuthenticationCredentialsNotFoundEvent;
import org.springframework.security.event.authorization.AuthorizationFailureEvent;
import org.springframework.security.event.authorization.AuthorizedEvent;
import org.springframework.security.event.authorization.PublicInvocationEvent;
import org.springframework.security.runas.NullRunAsManager;
import org.springframework.util.Assert;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.Collection;
/**
* Abstract class that implements security interception for secure objects.
* <p>
@ -64,8 +55,8 @@ import java.util.Collection;
* <li>Obtain the {@link Authentication} object from the {@link SecurityContextHolder}.</li>
* <li>Determine if the request relates to a secured or public invocation by looking up the secure object request
* against the {@link ObjectDefinitionSource}.</li>
* <li>For an invocation that is secured (there is a
* <code>ConfigAttributeDefinition</code> for the secure object invocation):
* <li>For an invocation that is secured (there is a list of <code>ConfigAttribute</code>s for the secure
* object invocation):
* <ol type="a">
* <li>If either the {@link org.springframework.security.Authentication#isAuthenticated()}
* returns <code>false</code>, or the {@link #alwaysReauthenticate} is
@ -88,7 +79,7 @@ import java.util.Collection;
* the caller.</li>
* </ol>
* </li>
* <li>For an invocation that is public (there is no <code>ConfigAttributeDefinition</code> for the secure object
* <li>For an invocation that is public (there are no <code>ConfigAttribute</code>s for the secure object
* invocation):
* <ol type="a">
* <li>As described above, the concrete subclass will be returned an <code>InterceptorStatusToken</code> which is
@ -125,46 +116,6 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
//~ Methods ========================================================================================================
/**
* Completes the work of the <tt>AbstractSecurityInterceptor</tt> after the secure object invocation has been
* completed.
*
* @param token as returned by the {@link #beforeInvocation(Object)}} method
* @param returnedObject any object returned from the secure object invocation (may be <tt>null</tt>)
* @return the object the secure object invocation should ultimately return to its caller (may be <tt>null</tt>)
*/
protected Object afterInvocation(InterceptorStatusToken token, Object returnedObject) {
if (token == null) {
// public object
return returnedObject;
}
if (token.isContextHolderRefreshRequired()) {
if (logger.isDebugEnabled()) {
logger.debug("Reverting to original Authentication: " + token.getAuthentication().toString());
}
SecurityContextHolder.getContext().setAuthentication(token.getAuthentication());
}
if (afterInvocationManager != null) {
// Attempt after invocation handling
try {
returnedObject = afterInvocationManager.decide(token.getAuthentication(), token.getSecureObject(),
token.getAttr(), returnedObject);
}
catch (AccessDeniedException accessDeniedException) {
AuthorizationFailureEvent event = new AuthorizationFailureEvent(token.getSecureObject(), token
.getAttr(), token.getAuthentication(), accessDeniedException);
publishEvent(event);
throw accessDeniedException;
}
}
return returnedObject;
}
public void afterPropertiesSet() throws Exception {
Assert.notNull(getSecureObjectClass(), "Subclass must provide a non-null response to getSecureObjectClass()");
Assert.notNull(this.messages, "A message source must be set");
@ -185,11 +136,11 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
}
if (this.validateConfigAttributes) {
Collection<List<? extends ConfigAttribute>> attributeDefs = this.obtainObjectDefinitionSource().getConfigAttributeDefinitions();
Collection<List<? extends ConfigAttribute>> attributeDefs = this.obtainObjectDefinitionSource().getAllConfigAttributes();
if (attributeDefs == null) {
logger.warn("Could not validate configuration attributes as the ObjectDefinitionSource did not return "
+ "a ConfigAttributeDefinition collection");
+ "any attributes from getAllConfigAttributes()");
return;
}
@ -222,15 +173,9 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
+ getSecureObjectClass());
}
List<? extends ConfigAttribute> attributes = this.obtainObjectDefinitionSource().getAttributes(object);
ConfigAttributeDefinition attr = null;
List<ConfigAttribute> attributes = this.obtainObjectDefinitionSource().getAttributes(object);
// TODO: temporary until refactor security interceptor and AccessManager
if (attributes != null) {
attr = new ConfigAttributeDefinition(attributes);
}
if (attr == null) {
if (attributes == null) {
if (rejectPublicInvocations) {
throw new IllegalArgumentException(
"No public invocations are allowed via this AbstractSecurityInterceptor. "
@ -248,22 +193,22 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
}
if (logger.isDebugEnabled()) {
logger.debug("Secure object: " + object + "; ConfigAttributes: " + attr);
logger.debug("Secure object: " + object + "; Attributes: " + attributes);
}
if (SecurityContextHolder.getContext().getAuthentication() == null) {
credentialsNotFound(messages.getMessage("AbstractSecurityInterceptor.authenticationNotFound",
"An Authentication object was not found in the SecurityContext"), object, attr);
"An Authentication object was not found in the SecurityContext"), object, attributes);
}
Authentication authenticated = authenticateIfRequired();
// Attempt authorization
try {
this.accessDecisionManager.decide(authenticated, object, attr);
this.accessDecisionManager.decide(authenticated, object, attributes);
}
catch (AccessDeniedException accessDeniedException) {
AuthorizationFailureEvent event = new AuthorizationFailureEvent(object, attr, authenticated,
AuthorizationFailureEvent event = new AuthorizationFailureEvent(object, attributes, authenticated,
accessDeniedException);
publishEvent(event);
@ -274,11 +219,11 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
logger.debug("Authorization successful");
}
AuthorizedEvent event = new AuthorizedEvent(object, attr, authenticated);
AuthorizedEvent event = new AuthorizedEvent(object, attributes, authenticated);
publishEvent(event);
// Attempt to run as a different user
Authentication runAs = this.runAsManager.buildRunAs(authenticated, object, attr);
Authentication runAs = this.runAsManager.buildRunAs(authenticated, object, attributes);
if (runAs == null) {
if (logger.isDebugEnabled()) {
@ -286,7 +231,7 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
}
// no further work post-invocation
return new InterceptorStatusToken(authenticated, false, attr, object);
return new InterceptorStatusToken(authenticated, false, attributes, object);
} else {
if (logger.isDebugEnabled()) {
logger.debug("Switching to RunAs Authentication: " + runAs);
@ -295,10 +240,51 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
SecurityContextHolder.getContext().setAuthentication(runAs);
// revert to token.Authenticated post-invocation
return new InterceptorStatusToken(authenticated, true, attr, object);
return new InterceptorStatusToken(authenticated, true, attributes, object);
}
}
/**
* Completes the work of the <tt>AbstractSecurityInterceptor</tt> after the secure object invocation has been
* completed.
*
* @param token as returned by the {@link #beforeInvocation(Object)}} method
* @param returnedObject any object returned from the secure object invocation (may be <tt>null</tt>)
* @return the object the secure object invocation should ultimately return to its caller (may be <tt>null</tt>)
*/
protected Object afterInvocation(InterceptorStatusToken token, Object returnedObject) {
if (token == null) {
// public object
return returnedObject;
}
if (token.isContextHolderRefreshRequired()) {
if (logger.isDebugEnabled()) {
logger.debug("Reverting to original Authentication: " + token.getAuthentication().toString());
}
SecurityContextHolder.getContext().setAuthentication(token.getAuthentication());
}
if (afterInvocationManager != null) {
// Attempt after invocation handling
try {
returnedObject = afterInvocationManager.decide(token.getAuthentication(), token.getSecureObject(),
token.getAttributes(), returnedObject);
}
catch (AccessDeniedException accessDeniedException) {
AuthorizationFailureEvent event = new AuthorizationFailureEvent(token.getSecureObject(), token
.getAttributes(), token.getAuthentication(), accessDeniedException);
publishEvent(event);
throw accessDeniedException;
}
}
return returnedObject;
}
/**
* Checks the current authentication token and passes it to the AuthenticationManager if
* {@link org.springframework.security.Authentication#isAuthenticated()} returns false or the property
@ -339,7 +325,7 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
* @param secureObject that was being called
* @param configAttribs that were defined for the secureObject
*/
private void credentialsNotFound(String reason, Object secureObject, ConfigAttributeDefinition configAttribs) {
private void credentialsNotFound(String reason, Object secureObject, List<ConfigAttribute> configAttribs) {
AuthenticationCredentialsNotFoundException exception = new AuthenticationCredentialsNotFoundException(reason);
AuthenticationCredentialsNotFoundEvent event = new AuthenticationCredentialsNotFoundEvent(secureObject,

9
core/src/main/java/org/springframework/security/intercept/InterceptorStatusToken.java
View File

@ -15,7 +15,10 @@
package org.springframework.security.intercept;
import java.util.List;
import org.springframework.security.Authentication;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
@ -33,14 +36,14 @@ public class InterceptorStatusToken {
//~ Instance fields ================================================================================================
private Authentication authentication;
private ConfigAttributeDefinition attr;
private List<ConfigAttribute> attr;
private Object secureObject;
private boolean contextHolderRefreshRequired;
//~ Constructors ===================================================================================================
public InterceptorStatusToken(Authentication authentication, boolean contextHolderRefreshRequired,
ConfigAttributeDefinition attr, Object secureObject) {
List<ConfigAttribute> attr, Object secureObject) {
this.authentication = authentication;
this.contextHolderRefreshRequired = contextHolderRefreshRequired;
this.attr = attr;
@ -49,7 +52,7 @@ public class InterceptorStatusToken {
//~ Methods ========================================================================================================
public ConfigAttributeDefinition getAttr() {
public List<ConfigAttribute> getAttributes() {
return attr;
}

17
core/src/main/java/org/springframework/security/intercept/ObjectDefinitionSource.java
View File

@ -15,16 +15,15 @@
package org.springframework.security.intercept;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
import java.util.Collection;
import java.util.List;
import org.springframework.security.ConfigAttribute;
/**
* Implemented by classes that store and can identify the {@link
* ConfigAttributeDefinition} that applies to a given secure object
* ConfigAttribute}s that applies to a given secure object
* invocation.
*
* @author Ben Alex
@ -34,7 +33,7 @@ public interface ObjectDefinitionSource {
//~ Methods ========================================================================================================
/**
* Accesses the <code>ConfigAttributeDefinition</code> that applies to a given secure object.
* Accesses the <code>ConfigAttribute</code>s that apply to a given secure object.
* <p>Returns <code>null</code> if no attributes apply.
*
* @param object the object being secured
@ -47,18 +46,18 @@ public interface ObjectDefinitionSource {
List<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException;
/**
* If available, returns all of the <code>ConfigAttributeDefinition</code>s defined by the implementing class.
* If available, returns all of the <code>ConfigAttribute</code>s defined by the implementing class.
* <p>
* This is used by the {@link AbstractSecurityInterceptor} to perform startup time validation of each
* <code>ConfigAttribute</code> configured against it.
*
* @return the <code>ConfigAttributeDefinition</code>s or <code>null</code> if unsupported
* @return the <code>ConfigAttribute</code>s or <code>null</code> if unsupported
*/
Collection<List<? extends ConfigAttribute>> getConfigAttributeDefinitions();
Collection<List<? extends ConfigAttribute>> getAllConfigAttributes();
/**
* Indicates whether the <code>ObjectDefinitionSource</code> implementation is able to provide
* <code>ConfigAttributeDefinition</code>s for the indicated secure object type.
* <code>ConfigAttribute</code>s for the indicated secure object type.
*
* @param clazz the class that is being queried
*

4
core/src/main/java/org/springframework/security/intercept/method/DelegatingMethodDefinitionSource.java
View File

@ -73,12 +73,12 @@ public final class DelegatingMethodDefinitionSource extends AbstractMethodDefini
}
}
public Collection<List<? extends ConfigAttribute>> getConfigAttributeDefinitions() {
public Collection<List<? extends ConfigAttribute>> getAllConfigAttributes() {
Set set = new HashSet();
Iterator i = methodDefinitionSources.iterator();
while (i.hasNext()) {
MethodDefinitionSource s = (MethodDefinitionSource) i.next();
Collection<List<? extends ConfigAttribute>> attrs = s.getConfigAttributeDefinitions();
Collection<List<? extends ConfigAttribute>> attrs = s.getAllConfigAttributes();
if (attrs != null) {
set.addAll(attrs);
}

18
core/src/main/java/org/springframework/security/intercept/method/MapBasedMethodDefinitionSource.java
View File

@ -25,13 +25,12 @@ import java.util.Map;
import org.springframework.beans.factory.BeanClassLoaderAware;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.util.Assert;
import org.springframework.util.ClassUtils;
/**
* Stores a {@link ConfigAttributeDefinition} for a method or class signature.
* Stores a list of <tt>ConfigAttribute</tt>s for a method or class signature.
*
* <p>
* This class is the preferred implementation of {@link MethodDefinitionSource} for XML-based
@ -48,7 +47,7 @@ public class MapBasedMethodDefinitionSource extends AbstractFallbackMethodDefini
//~ Instance fields ================================================================================================
private ClassLoader beanClassLoader = ClassUtils.getDefaultClassLoader();
/** Map from RegisteredMethod to ConfigAttributeDefinition */
/** Map from RegisteredMethod to ConfigAttribute list */
protected Map<RegisteredMethod, List<? extends ConfigAttribute>> methodMap = new HashMap();
/** Map from RegisteredMethod to name pattern used for registration */
@ -61,14 +60,11 @@ public class MapBasedMethodDefinitionSource extends AbstractFallbackMethodDefini
/**
* Creates the MapBasedMethodDefinitionSource from a
* @param methodMap map of method names to <tt>ConfigAttributeDefinition</tt>s.
* @param methodMap map of method names to <tt>ConfigAttribute</tt>s.
*/
public MapBasedMethodDefinitionSource(Map methodMap) {
Iterator iterator = methodMap.entrySet().iterator();
while (iterator.hasNext()) {
Map.Entry entry = (Map.Entry) iterator.next();
addSecureMethod((String)entry.getKey(), (List<ConfigAttribute>)entry.getValue());
public MapBasedMethodDefinitionSource(Map<String, List<ConfigAttribute>> methodMap) {
for (Map.Entry<String, List<ConfigAttribute>> entry : methodMap.entrySet()) {
addSecureMethod(entry.getKey(), entry.getValue());
}
}
@ -213,7 +209,7 @@ public class MapBasedMethodDefinitionSource extends AbstractFallbackMethodDefini
*
* @return the attributes explicitly defined against this bean
*/
public Collection<List<? extends ConfigAttribute>> getConfigAttributeDefinitions() {
public Collection<List<? extends ConfigAttribute>> getAllConfigAttributes() {
return methodMap.values();
}

26
core/src/main/java/org/springframework/security/intercept/method/MethodInvocationPrivilegeEvaluator.java
View File

@ -17,27 +17,23 @@ package org.springframework.security.intercept.method;
import java.util.List;
import org.aopalliance.intercept.MethodInvocation;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.Authentication;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.intercept.AbstractSecurityInterceptor;
import org.aopalliance.intercept.MethodInvocation;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.util.Assert;
/**
* Allows users to determine whether they have "before invocation" privileges for a given method invocation.<p>Of
* course, if an {@link org.springframework.security.AfterInvocationManager} is used to authorize the <em>result</em> of a method
* invocation, this class cannot assist determine whether or not the <code>AfterInvocationManager</code> will enable
* Allows users to determine whether they have "before invocation" privileges for a given method invocation.
* <p>
* Of course, if an {@link org.springframework.security.AfterInvocationManager} is used to authorize the
* <em>result</em> of a method invocation, this class cannot assist determine whether or not the
* <code>AfterInvocationManager</code> will enable
* access. Instead this class aims to allow applications to determine whether or not the current principal would be
* allowed to at least attempt to invoke the method, irrespective of the "after" invocation handling.</p>
*
@ -63,7 +59,7 @@ public class MethodInvocationPrivilegeEvaluator implements InitializingBean {
Assert.notNull(mi, "MethodInvocation required");
Assert.notNull(mi.getMethod(), "MethodInvocation must provide a non-null getMethod()");
List<? extends ConfigAttribute> attrs = securityInterceptor.obtainObjectDefinitionSource().getAttributes(mi);
List<ConfigAttribute> attrs = securityInterceptor.obtainObjectDefinitionSource().getAttributes(mi);
if (attrs == null) {
if (securityInterceptor.isRejectPublicInvocations()) {
@ -79,7 +75,7 @@ public class MethodInvocationPrivilegeEvaluator implements InitializingBean {
}
try {
securityInterceptor.getAccessDecisionManager().decide(authentication, mi, new ConfigAttributeDefinition(attrs));
securityInterceptor.getAccessDecisionManager().decide(authentication, mi, attrs);
} catch (AccessDeniedException unauthorized) {
if (logger.isDebugEnabled()) {
logger.debug(mi.toString() + " denied for " + authentication.toString(), unauthorized);

3
core/src/main/java/org/springframework/security/intercept/method/ProtectPointcutPostProcessor.java
View File

@ -16,7 +16,6 @@ import org.aspectj.weaver.tools.PointcutPrimitive;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.config.BeanPostProcessor;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.intercept.method.aopalliance.MethodDefinitionSourceAdvisor;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
@ -145,7 +144,7 @@ public final class ProtectPointcutPostProcessor implements BeanPostProcessor {
private void addPointcut(String pointcutExpression, List<ConfigAttribute> definition) {
Assert.hasText(pointcutExpression, "An AspectJ pointcut expression is required");
Assert.notNull(definition, "ConfigAttributeDefinition required");
Assert.notNull(definition, "A List of ConfigAttributes is required");
pointcutExpression = replaceBooleanOperators(pointcutExpression);
pointcutMap.put(pointcutExpression, definition);

51
core/src/main/java/org/springframework/security/intercept/web/DefaultFilterInvocationDefinitionSource.java
View File

@ -15,40 +15,37 @@
package org.springframework.security.intercept.web;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.util.UrlMatcher;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import java.util.LinkedHashMap;
import java.util.Iterator;
import java.util.HashMap;
import java.util.Set;
import java.util.HashSet;
import java.util.Arrays;
import java.util.Collections;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.util.UrlMatcher;
/**
* Default implementation of <tt>FilterInvocationDefinitionSource</tt>.
* <p>
* Stores an ordered map of compiled URL paths to <tt>ConfigAttributeDefinition</tt>s and provides URL matching
* Stores an ordered map of compiled URL paths to <tt>ConfigAttribute</tt> lists and provides URL matching
* against the items stored in this map using the configured <tt>UrlMatcher</tt>.
* <p>
* The order of registering the regular expressions using the
* {@link #addSecureUrl(String, ConfigAttributeDefinition)} is very important.
* {@link #addSecureUrl(String, List<ConfigAttribute>)} is very important.
* The system will identify the <b>first</b> matching regular
* expression for a given HTTP URL. It will not proceed to evaluate later regular expressions if a match has already
* been found. Accordingly, the most specific regular expressions should be registered first, with the most general
* regular expressions registered last.
* <p>
* If URLs are registered for a particular HTTP method using
* {@link #addSecureUrl(String, String, ConfigAttributeDefinition)}, then the method-specific matches will take
* {@link #addSecureUrl(String, String, List<ConfigAttribute>)}, then the method-specific matches will take
* precedence over any URLs which are registered without an HTTP method.
*
* @author Ben Alex
@ -62,7 +59,7 @@ public class DefaultFilterInvocationDefinitionSource implements FilterInvocation
protected final Log logger = LogFactory.getLog(getClass());
/**
* Non method-specific map of URL patterns to <tt>ConfigAttributeDefinition</tt>s
* Non method-specific map of URL patterns to <tt>List<ConfiAttribute></tt>s
* TODO: Store in the httpMethod map with null key.
*/
private Map requestMap = new LinkedHashMap();
@ -87,30 +84,30 @@ public class DefaultFilterInvocationDefinitionSource implements FilterInvocation
* the type of the supplied UrlMatcher.
*
* @param urlMatcher typically an ant or regular expression matcher.
* @param requestMap order-preserving map of <RequestKey, ConfigAttributeDefinition>.
* @param requestMap order-preserving map of request definitions to attribute lists
*/
public DefaultFilterInvocationDefinitionSource(UrlMatcher urlMatcher,
LinkedHashMap<RequestKey, List<? extends ConfigAttribute>> requestMap) {
LinkedHashMap<RequestKey, List<ConfigAttribute>> requestMap) {
this.urlMatcher = urlMatcher;
for (Map.Entry<RequestKey, List<? extends ConfigAttribute>> entry : requestMap.entrySet()) {
for (Map.Entry<RequestKey, List<ConfigAttribute>> entry : requestMap.entrySet()) {
addSecureUrl(entry.getKey().getUrl(), entry.getKey().getMethod(), entry.getValue());
}
}
//~ Methods ========================================================================================================
void addSecureUrl(String pattern, List<? extends ConfigAttribute> attr) {
void addSecureUrl(String pattern, List<ConfigAttribute> attr) {
addSecureUrl(pattern, null, attr);
}
/**
* Adds a URL-ConfigAttributeDefinition pair to the request map, first allowing the <tt>UrlMatcher</tt> to
* Adds a URL,attribute-list pair to the request map, first allowing the <tt>UrlMatcher</tt> to
* process the pattern if required, using its <tt>compile</tt> method. The returned object will be used as the key
* to the request map and will be passed back to the <tt>UrlMatcher</tt> when iterating through the map to find
* a match for a particular URL.
*/
void addSecureUrl(String pattern, String method, List<? extends ConfigAttribute> attr) {
void addSecureUrl(String pattern, String method, List<ConfigAttribute> attr) {
Map mapToUse = getRequestMapForHttpMethod(method);
mapToUse.put(urlMatcher.compile(pattern), attr);
@ -124,7 +121,7 @@ public class DefaultFilterInvocationDefinitionSource implements FilterInvocation
/**
* Return the HTTP method specific request map, creating it if it doesn't already exist.
* @param method GET, POST etc
* @return map of URL patterns to <tt>ConfigAttributeDefinition</tt>s for this method.
* @return map of URL patterns to <tt>ConfigAttribute</tt>s for this method.
*/
private Map getRequestMapForHttpMethod(String method) {
if (method == null) {
@ -144,7 +141,7 @@ public class DefaultFilterInvocationDefinitionSource implements FilterInvocation
return methodRequestmap;
}
public Collection<List<? extends ConfigAttribute>> getConfigAttributeDefinitions() {
public Collection<List<? extends ConfigAttribute>> getAllConfigAttributes() {
return Collections.unmodifiableCollection(getRequestMap().values());
}
@ -175,7 +172,7 @@ public class DefaultFilterInvocationDefinitionSource implements FilterInvocation
* @param url the URI to retrieve configuration attributes for
* @param method the HTTP method (GET, POST, DELETE...).
*
* @return the <code>ConfigAttributeDefinition</code> that applies to the specified <code>FilterInvocation</code>
* @return the <code>ConfigAttribute</code>s that apply to the specified <code>FilterInvocation</code>
* or null if no match is foud
*/
public List<ConfigAttribute> lookupAttributes(String url, String method) {

4
core/src/main/java/org/springframework/security/intercept/web/FIDSToFilterChainMapConverter.java
View File

@ -28,8 +28,8 @@ public class FIDSToFilterChainMapConverter {
public FIDSToFilterChainMapConverter(DefaultFilterInvocationDefinitionSource fids, ApplicationContext appContext) {
// TODO: Check if this is necessary. Retained from refactoring of FilterChainProxy
Assert.notNull(fids.getConfigAttributeDefinitions(), "FilterChainProxy requires the " +
"FilterInvocationDefinitionSource to return a non-null response to getConfigAttributeDefinitions()");
Assert.notNull(fids.getAllConfigAttributes(), "FilterChainProxy requires the " +
"FilterInvocationDefinitionSource to return a non-null response to getAllConfigAttributes()");
matcher = fids.getUrlMatcher();
Map requestMap = fids.getRequestMap();
Iterator paths = requestMap.keySet().iterator();

15
core/src/main/java/org/springframework/security/intercept/web/WebInvocationPrivilegeEvaluator.java
View File

@ -17,18 +17,13 @@ package org.springframework.security.intercept.web;
import java.util.List;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.Authentication;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.intercept.AbstractSecurityInterceptor;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.util.Assert;
@ -56,7 +51,7 @@ public class WebInvocationPrivilegeEvaluator implements InitializingBean {
public boolean isAllowed(FilterInvocation fi, Authentication authentication) {
Assert.notNull(fi, "FilterInvocation required");
List<? extends ConfigAttribute> attrs = securityInterceptor.obtainObjectDefinitionSource().getAttributes(fi);
List<ConfigAttribute> attrs = securityInterceptor.obtainObjectDefinitionSource().getAttributes(fi);
if (attrs == null) {
if (securityInterceptor.isRejectPublicInvocations()) {
@ -72,7 +67,7 @@ public class WebInvocationPrivilegeEvaluator implements InitializingBean {
}
try {
securityInterceptor.getAccessDecisionManager().decide(authentication, fi, new ConfigAttributeDefinition(attrs));
securityInterceptor.getAccessDecisionManager().decide(authentication, fi, attrs);
} catch (AccessDeniedException unauthorized) {
if (logger.isDebugEnabled()) {
logger.debug(fi.toString() + " denied for " + authentication.toString(), unauthorized);

7
core/src/main/java/org/springframework/security/providers/UsernamePasswordAuthenticationToken.java
View File

@ -21,9 +21,10 @@ import org.springframework.security.GrantedAuthority;
/**
* An {@link org.springframework.security.Authentication} implementation that is designed for simple presentation of a
* username and password.
* <p>The <code>principal</code> and <code>credentials</code> should be set with an <code>Object</code> that provides
* <p>
* The <code>principal</code> and <code>credentials</code> should be set with an <code>Object</code> that provides
* the respective property via its <code>Object.toString()</code> method. The simplest such <code>Object</code> to use
* is <code>String</code>.</p>
* is <code>String</code>.
*
* @author Ben Alex
* @version $Id$
@ -52,7 +53,7 @@ public class UsernamePasswordAuthenticationToken extends AbstractAuthenticationT
/**
* This constructor should only be used by <code>AuthenticationManager</code> or <code>AuthenticationProvider</code>
* implementations that are satisfied with producing a trusted (ie {@link #isAuthenticated()} = <code>true</code>)
* implementations that are satisfied with producing a trusted (i.e. {@link #isAuthenticated()} = <code>true</code>)
* authentication token.
*
* @param principal

10
core/src/main/java/org/springframework/security/runas/NullRunAsManager.java
View File

@ -15,15 +15,17 @@
package org.springframework.security.runas;
import java.util.List;
import org.springframework.security.Authentication;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.RunAsManager;
/**
* Implementation of a {@link RunAsManager} that does nothing.<p>This class should be used if you do not require
* run-as authenticaiton replacement functionality.</p>
* Implementation of a {@link RunAsManager} that does nothing.
* <p>
* This class should be used if you do not require run-as authentication replacement functionality.
*
* @author Ben Alex
* @version $Id$
@ -31,7 +33,7 @@ import org.springframework.security.RunAsManager;
public class NullRunAsManager implements RunAsManager {
//~ Methods ========================================================================================================
public Authentication buildRunAs(Authentication authentication, Object object, ConfigAttributeDefinition config) {
public Authentication buildRunAs(Authentication authentication, Object object, List<ConfigAttribute> config) {
return null;
}

47
core/src/main/java/org/springframework/security/runas/RunAsManagerImpl.java
View File

@ -15,21 +15,17 @@
package org.springframework.security.runas;
import java.util.List;
import java.util.Vector;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.Authentication;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.RunAsManager;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.util.Assert;
import java.util.Iterator;
import java.util.List;
import java.util.Vector;
/**
* Basic concrete implementation of a {@link RunAsManager}.<p>Is activated if any {@link
@ -39,14 +35,15 @@ import java.util.Vector;
* created <code>GrantedAuthorityImpl</code>s will be prefixed with a special prefix indicating that it is a role
* (default prefix value is <code>ROLE_</code>), and then the remainder of the <code>RUN_AS_</code> keyword. For
* example, <code>RUN_AS_FOO</code> will result in the creation of a granted authority of
* <code>ROLE_RUN_AS_FOO</code>.</p>
* <p>The role prefix may be overriden from the default, to match that used elsewhere, for example when using an
* <code>ROLE_RUN_AS_FOO</code>.
* <p>
* The role prefix may be overriden from the default, to match that used elsewhere, for example when using an
* existing role database with another prefix. An empty role prefix may also be specified. Note however that there are
* potential issues with using an empty role prefix since different categories of {@link
* org.springframework.security.ConfigAttribute} can not be properly discerned based on the prefix, with possible consequences
* when performing voting and other actions. However, this option may be of some use when using preexisting role names
* without a prefix, and no ability exists to prefix them with a role prefix on reading them in, such as provided for
* example in {@link org.springframework.security.userdetails.jdbc.JdbcDaoImpl}.</p>
* example in {@link org.springframework.security.userdetails.jdbc.JdbcDaoImpl}.
*
* @author Ben Alex
* @author colin sampaleanu
@ -64,13 +61,10 @@ public class RunAsManagerImpl implements RunAsManager, InitializingBean {
Assert.notNull(key, "A Key is required and should match that configured for the RunAsImplAuthenticationProvider");
}
public Authentication buildRunAs(Authentication authentication, Object object, ConfigAttributeDefinition config) {
public Authentication buildRunAs(Authentication authentication, Object object, List<ConfigAttribute> config) {
List newAuthorities = new Vector();
Iterator iter = config.getConfigAttributes().iterator();
while (iter.hasNext()) {
ConfigAttribute attribute = (ConfigAttribute) iter.next();
for(ConfigAttribute attribute : config) {
if (this.supports(attribute)) {
GrantedAuthorityImpl extraAuthority = new GrantedAuthorityImpl(getRolePrefix()
+ attribute.getAttribute());
@ -80,17 +74,18 @@ public class RunAsManagerImpl implements RunAsManager, InitializingBean {
if (newAuthorities.size() == 0) {
return null;
} else {
for (int i = 0; i < authentication.getAuthorities().length; i++) {
newAuthorities.add(authentication.getAuthorities()[i]);
}
GrantedAuthority[] resultType = {new GrantedAuthorityImpl("holder")};
GrantedAuthority[] newAuthoritiesAsArray = (GrantedAuthority[]) newAuthorities.toArray(resultType);
return new RunAsUserToken(this.key, authentication.getPrincipal(), authentication.getCredentials(),
newAuthoritiesAsArray, authentication.getClass());
}
for (int i = 0; i < authentication.getAuthorities().length; i++) {
newAuthorities.add(authentication.getAuthorities()[i]);
}
GrantedAuthority[] resultType = {new GrantedAuthorityImpl("holder")};
GrantedAuthority[] newAuthoritiesAsArray = (GrantedAuthority[]) newAuthorities.toArray(resultType);
return new RunAsUserToken(this.key, authentication.getPrincipal(), authentication.getCredentials(),
newAuthoritiesAsArray, authentication.getClass());
}
public String getKey() {

13
core/src/main/java/org/springframework/security/securechannel/ChannelDecisionManager.java
View File

@ -16,11 +16,10 @@
package org.springframework.security.securechannel;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.intercept.web.FilterInvocation;
import java.io.IOException;
import java.util.List;
import javax.servlet.ServletException;
@ -36,16 +35,10 @@ public interface ChannelDecisionManager {
/**
* Decided whether the presented {@link FilterInvocation} provides the appropriate level of channel
* security based on the requested {@link ConfigAttributeDefinition}.
* security based on the requested list of <tt>ConfigAttribute</tt>s.
*
* @param invocation DOCUMENT ME!
* @param config DOCUMENT ME!
*
* @throws IOException DOCUMENT ME!
* @throws ServletException DOCUMENT ME!
*/
void decide(FilterInvocation invocation, ConfigAttributeDefinition config)
throws IOException, ServletException;
void decide(FilterInvocation invocation, List<ConfigAttribute> config) throws IOException, ServletException;
/**
* Indicates whether this <code>ChannelDecisionManager</code> is able to process the passed

11
core/src/main/java/org/springframework/security/securechannel/ChannelDecisionManagerImpl.java
View File

@ -16,7 +16,6 @@
package org.springframework.security.securechannel;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.intercept.web.FilterInvocation;
@ -65,15 +64,15 @@ public class ChannelDecisionManagerImpl implements ChannelDecisionManager, Initi
Assert.notEmpty(listToCheck, "A list of ChannelProcessors is required");
}
public void decide(FilterInvocation invocation, ConfigAttributeDefinition config)
public void decide(FilterInvocation invocation, List<ConfigAttribute> config)
throws IOException, ServletException {
Iterator attrs = config.getConfigAttributes().iterator();
Iterator attrs = config.iterator();
while (attrs.hasNext()) {
ConfigAttribute attribute = (ConfigAttribute) attrs.next();
if (ANY_CHANNEL.equals(attribute.getAttribute())) {
return;
ConfigAttribute attribute = (ConfigAttribute) attrs.next();
if (ANY_CHANNEL.equals(attribute.getAttribute())) {
return;
}
}

37
core/src/main/java/org/springframework/security/securechannel/ChannelProcessingFilter.java
View File

@ -15,25 +15,24 @@
package org.springframework.security.securechannel;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.intercept.web.FilterInvocation;
import org.springframework.security.intercept.web.FilterInvocationDefinitionSource;
import org.springframework.security.ui.SpringSecurityFilter;
import org.springframework.security.ui.FilterChainOrder;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.util.Assert;
import java.io.IOException;
import java.util.Collection;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.Collection;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.intercept.web.FilterInvocation;
import org.springframework.security.intercept.web.FilterInvocationDefinitionSource;
import org.springframework.security.ui.FilterChainOrder;
import org.springframework.security.ui.SpringSecurityFilter;
import org.springframework.util.Assert;
/**
@ -60,12 +59,12 @@ public class ChannelProcessingFilter extends SpringSecurityFilter implements Ini
Assert.notNull(filterInvocationDefinitionSource, "filterInvocationDefinitionSource must be specified");
Assert.notNull(channelDecisionManager, "channelDecisionManager must be specified");
Collection<List<? extends ConfigAttribute>> attrDefs = this.filterInvocationDefinitionSource.getConfigAttributeDefinitions();
Collection<List<? extends ConfigAttribute>> attrDefs = this.filterInvocationDefinitionSource.getAllConfigAttributes();
if (attrDefs == null) {
if (logger.isWarnEnabled()) {
logger.warn("Could not validate configuration attributes as the FilterInvocationDefinitionSource did "
+ "not return a ConfigAttributeDefinition Iterator");
+ "not return any attributes");
}
return;
@ -91,17 +90,17 @@ public class ChannelProcessingFilter extends SpringSecurityFilter implements Ini
}
public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
throws IOException, ServletException {
throws IOException, ServletException {
FilterInvocation fi = new FilterInvocation(request, response, chain);
List<? extends ConfigAttribute> attr = this.filterInvocationDefinitionSource.getAttributes(fi);
List<ConfigAttribute> attr = this.filterInvocationDefinitionSource.getAttributes(fi);
if (attr != null) {
if (logger.isDebugEnabled()) {
logger.debug("Request: " + fi.toString() + "; ConfigAttributes: " + attr);
}
channelDecisionManager.decide(fi, new ConfigAttributeDefinition(attr));
channelDecisionManager.decide(fi, attr);
if (fi.getResponse().isCommitted()) {
return;

12
core/src/main/java/org/springframework/security/securechannel/ChannelProcessor.java
View File

@ -16,11 +16,10 @@
package org.springframework.security.securechannel;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.intercept.web.FilterInvocation;
import java.io.IOException;
import java.util.List;
import javax.servlet.ServletException;
@ -47,15 +46,10 @@ public interface ChannelProcessor {
/**
* Decided whether the presented {@link FilterInvocation} provides the appropriate level of channel
* security based on the requested {@link ConfigAttributeDefinition}.
* security based on the requested list of <tt>ConfigAttribute</tt>s.
*
* @param invocation DOCUMENT ME!
* @param config DOCUMENT ME!
*
* @throws IOException DOCUMENT ME!
* @throws ServletException DOCUMENT ME!
*/
void decide(FilterInvocation invocation, ConfigAttributeDefinition config)
void decide(FilterInvocation invocation, List<ConfigAttribute> config)
throws IOException, ServletException;
/**

6
core/src/main/java/org/springframework/security/securechannel/InsecureChannelProcessor.java
View File

@ -16,7 +16,6 @@
package org.springframework.security.securechannel;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.intercept.web.FilterInvocation;
@ -27,6 +26,7 @@ import org.springframework.util.Assert;
import java.io.IOException;
import java.util.Iterator;
import java.util.List;
import javax.servlet.ServletException;
@ -55,13 +55,13 @@ public class InsecureChannelProcessor implements InitializingBean, ChannelProces
Assert.notNull(entryPoint, "entryPoint required");
}
public void decide(FilterInvocation invocation, ConfigAttributeDefinition config)
public void decide(FilterInvocation invocation, List<ConfigAttribute> config)
throws IOException, ServletException {
if ((invocation == null) || (config == null)) {
throw new IllegalArgumentException("Nulls cannot be provided");
}
Iterator iter = config.getConfigAttributes().iterator();
Iterator iter = config.iterator();
while (iter.hasNext()) {
ConfigAttribute attribute = (ConfigAttribute) iter.next();

6
core/src/main/java/org/springframework/security/securechannel/SecureChannelProcessor.java
View File

@ -16,7 +16,6 @@
package org.springframework.security.securechannel;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.intercept.web.FilterInvocation;
@ -27,6 +26,7 @@ import org.springframework.util.Assert;
import java.io.IOException;
import java.util.Iterator;
import java.util.List;
import javax.servlet.ServletException;
@ -55,11 +55,11 @@ public class SecureChannelProcessor implements InitializingBean, ChannelProcesso
Assert.notNull(entryPoint, "entryPoint required");
}
public void decide(FilterInvocation invocation, ConfigAttributeDefinition config)
public void decide(FilterInvocation invocation, List<ConfigAttribute> config)
throws IOException, ServletException {
Assert.isTrue((invocation != null) && (config != null), "Nulls cannot be provided");
Iterator iter = config.getConfigAttributes().iterator();
Iterator iter = config.iterator();
while (iter.hasNext()) {
ConfigAttribute attribute = (ConfigAttribute) iter.next();

2
core/src/main/java/org/springframework/security/vote/AbstractAccessDecisionManager.java
View File

@ -60,7 +60,7 @@ public abstract class AbstractAccessDecisionManager implements AccessDecisionMan
}
}
public List getDecisionVoters() {
public List<AccessDecisionVoter> getDecisionVoters() {
return this.decisionVoters;
}

7
core/src/main/java/org/springframework/security/vote/AccessDecisionVoter.java
View File

@ -15,9 +15,10 @@
package org.springframework.security.vote;
import java.util.List;
import org.springframework.security.Authentication;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
/**
@ -83,9 +84,9 @@ public interface AccessDecisionVoter {
*
* @param authentication the caller invoking the method
* @param object the secured object
* @param config the configuration attributes associated with the method being invoked
* @param attributes the configuration attributes associated with the method being invoked
*
* @return either {@link #ACCESS_GRANTED}, {@link #ACCESS_ABSTAIN} or {@link #ACCESS_DENIED}
*/
int vote(Authentication authentication, Object object, ConfigAttributeDefinition config);
int vote(Authentication authentication, Object object, List<ConfigAttribute> attributes);
}

11
core/src/main/java/org/springframework/security/vote/AffirmativeBased.java
View File

@ -17,9 +17,10 @@ package org.springframework.security.vote;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.Authentication;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.ConfigAttribute;
import java.util.Iterator;
import java.util.List;
/**
@ -37,18 +38,18 @@ public class AffirmativeBased extends AbstractAccessDecisionManager {
*
* @param authentication the caller invoking the method
* @param object the secured object
* @param config the configuration attributes associated with the method being invoked
* @param configAttributes the configuration attributes associated with the method being invoked
*
* @throws AccessDeniedException if access is denied
*/
public void decide(Authentication authentication, Object object, ConfigAttributeDefinition config)
throws AccessDeniedException {
public void decide(Authentication authentication, Object object, List<ConfigAttribute> configAttributes)
throws AccessDeniedException {
Iterator iter = this.getDecisionVoters().iterator();
int deny = 0;
while (iter.hasNext()) {
AccessDecisionVoter voter = (AccessDecisionVoter) iter.next();
int result = voter.vote(authentication, object, config);
int result = voter.vote(authentication, object, configAttributes);
switch (result) {
case AccessDecisionVoter.ACCESS_GRANTED:

26
core/src/main/java/org/springframework/security/vote/AuthenticatedVoter.java
View File

@ -19,24 +19,26 @@ import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationTrustResolver;
import org.springframework.security.AuthenticationTrustResolverImpl;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.util.Assert;
import java.util.Iterator;
import java.util.List;
/**
* <p>Votes if a {@link ConfigAttribute#getAttribute()} of <code>IS_AUTHENTICATED_FULLY</code> or
* Votes if a {@link ConfigAttribute#getAttribute()} of <code>IS_AUTHENTICATED_FULLY</code> or
* <code>IS_AUTHENTICATED_REMEMBERED</code> or <code>IS_AUTHENTICATED_ANONYMOUSLY</code> is present. This list is in
* order of most strict checking to least strict checking.</p>
* <p>The current <code>Authentication</code> will be inspected to determine if the principal has a particular
* level of authentication. The "FULLY" authenticated option means the user is authenticated fully (ie {@link
* order of most strict checking to least strict checking.
* <p>
* The current <code>Authentication</code> will be inspected to determine if the principal has a particular
* level of authentication. The "FULLY" authenticated option means the user is authenticated fully (i.e. {@link
* org.springframework.security.AuthenticationTrustResolver#isAnonymous(Authentication)} is false and {@link
* org.springframework.security.AuthenticationTrustResolver#isRememberMe(Authentication)} is false. The "REMEMBERED" will grant
* org.springframework.security.AuthenticationTrustResolver#isRememberMe(Authentication)} is false). The "REMEMBERED" will grant
* access if the principal was either authenticated via remember-me OR is fully authenticated. The "ANONYMOUSLY" will
* grant access if the principal was authenticated via remember-me, OR anonymously, OR via full authentication.</p>
* <p>All comparisons and prefixes are case sensitive.</p>
* grant access if the principal was authenticated via remember-me, OR anonymously, OR via full authentication.
* <p>
* All comparisons and prefixes are case sensitive.
*
* @author Ben Alex
* @version $Id$
@ -54,8 +56,8 @@ public class AuthenticatedVoter implements AccessDecisionVoter {
//~ Methods ========================================================================================================
private boolean isFullyAuthenticated(Authentication authentication) {
return (!authenticationTrustResolver.isAnonymous(authentication)
&& !authenticationTrustResolver.isRememberMe(authentication));
return (!authenticationTrustResolver.isAnonymous(authentication) &&
!authenticationTrustResolver.isRememberMe(authentication));
}
public void setAuthenticationTrustResolver(AuthenticationTrustResolver authenticationTrustResolver) {
@ -85,9 +87,9 @@ public class AuthenticatedVoter implements AccessDecisionVoter {
return true;
}
public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config) {
public int vote(Authentication authentication, Object object, List<ConfigAttribute> attributes) {
int result = ACCESS_ABSTAIN;
Iterator iter = config.getConfigAttributes().iterator();
Iterator iter = attributes.iterator();
while (iter.hasNext()) {
ConfigAttribute attribute = (ConfigAttribute) iter.next();

6
core/src/main/java/org/springframework/security/vote/BasicAclEntryVoter.java
View File

@ -18,7 +18,6 @@ package org.springframework.security.vote;
import org.springframework.security.Authentication;
import org.springframework.security.AuthorizationServiceException;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.acl.AclEntry;
import org.springframework.security.acl.AclManager;
@ -36,6 +35,7 @@ import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.util.Iterator;
import java.util.List;
/**
@ -163,8 +163,8 @@ public class BasicAclEntryVoter extends AbstractAclVoter implements Initializing
}
}
public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config) {
Iterator iter = config.getConfigAttributes().iterator();
public int vote(Authentication authentication, Object object, List<ConfigAttribute> attributes) {
Iterator iter = attributes.iterator();
while (iter.hasNext()) {
ConfigAttribute attr = (ConfigAttribute) iter.next();

9
core/src/main/java/org/springframework/security/vote/ConsensusBased.java
View File

@ -17,9 +17,10 @@ package org.springframework.security.vote;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.Authentication;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.ConfigAttribute;
import java.util.Iterator;
import java.util.List;
/**
@ -43,11 +44,11 @@ public class ConsensusBased extends AbstractAccessDecisionManager {
*
* @param authentication the caller invoking the method
* @param object the secured object
* @param config the configuration attributes associated with the method being invoked
* @param configAttributes the configuration attributes associated with the method being invoked
*
* @throws AccessDeniedException if access is denied
*/
public void decide(Authentication authentication, Object object, ConfigAttributeDefinition config)
public void decide(Authentication authentication, Object object, List<ConfigAttribute> configAttributes)
throws AccessDeniedException {
Iterator iter = this.getDecisionVoters().iterator();
int grant = 0;
@ -56,7 +57,7 @@ public class ConsensusBased extends AbstractAccessDecisionManager {
while (iter.hasNext()) {
AccessDecisionVoter voter = (AccessDecisionVoter) iter.next();
int result = voter.vote(authentication, object, config);
int result = voter.vote(authentication, object, configAttributes);
switch (result) {
case AccessDecisionVoter.ACCESS_GRANTED:

9
core/src/main/java/org/springframework/security/vote/LabelBasedAclVoter.java
View File

@ -16,7 +16,6 @@ package org.springframework.security.vote;
import org.springframework.security.Authentication;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
import org.aopalliance.intercept.MethodInvocation;
@ -170,20 +169,16 @@ public class LabelBasedAclVoter extends AbstractAclVoter {
* Vote on whether or not the user has all the labels necessary to match the method argument's labeled
* data.
*
* @param authentication DOCUMENT ME!
* @param object DOCUMENT ME!
* @param config DOCUMENT ME!
*
* @return ACCESS_ABSTAIN, ACCESS_GRANTED, or ACCESS_DENIED.
*/
public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config) {
public int vote(Authentication authentication, Object object, List<ConfigAttribute> attributes) {
int result = ACCESS_ABSTAIN;
if (logger.isDebugEnabled()) {
logger.debug("==========================================================");
}
if (this.supports((ConfigAttribute) config.getConfigAttributes().iterator().next())) {
if (this.supports((ConfigAttribute) attributes.iterator().next())) {
result = ACCESS_DENIED;
/* Parse out the user's labels by examining the security context, and checking

12
core/src/main/java/org/springframework/security/vote/RoleVoter.java
View File

@ -16,10 +16,10 @@
package org.springframework.security.vote;
import java.util.Iterator;
import java.util.List;
import org.springframework.security.Authentication;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.GrantedAuthority;
/**
@ -92,10 +92,10 @@ public class RoleVoter implements AccessDecisionVoter {
return true;
}
public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config) {
public int vote(Authentication authentication, Object object, List<ConfigAttribute> attributes) {
int result = ACCESS_ABSTAIN;
Iterator iter = config.getConfigAttributes().iterator();
GrantedAuthority[] authorities = extractAuthorities(authentication);
Iterator iter = attributes.iterator();
GrantedAuthority[] authorities = extractAuthorities(authentication);
while (iter.hasNext()) {
ConfigAttribute attribute = (ConfigAttribute) iter.next();
@ -114,8 +114,8 @@ public class RoleVoter implements AccessDecisionVoter {
return result;
}
GrantedAuthority[] extractAuthorities(Authentication authentication) {
return authentication.getAuthorities();
return authentication.getAuthorities();
}
}

38
core/src/main/java/org/springframework/security/vote/UnanimousBased.java
View File

@ -15,17 +15,17 @@
package org.springframework.security.vote;
import java.util.ArrayList;
import java.util.List;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.Authentication;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
import java.util.Iterator;
/**
* Simple concrete implementation of {@link org.springframework.security.AccessDecisionManager} that requires all voters to
* abstain or grant access.
* Simple concrete implementation of {@link org.springframework.security.AccessDecisionManager} that requires all
* voters to abstain or grant access.
*/
public class UnanimousBased extends AbstractAccessDecisionManager {
//~ Methods ========================================================================================================
@ -34,35 +34,33 @@ public class UnanimousBased extends AbstractAccessDecisionManager {
* This concrete implementation polls all configured {@link AccessDecisionVoter}s for each {@link
* ConfigAttribute} and grants access if <b>only</b> grant votes were received.
* <p>
* Other voting implementations usually pass the entire list of {@link ConfigAttributeDefinition}s to the
* Other voting implementations usually pass the entire list of <tt>ConfigAttribute</tt>s to the
* <code>AccessDecisionVoter</code>. This implementation differs in that each <code>AccessDecisionVoter</code>
* knows only about a single <code>ConfigAttribute</code> at a time.</p>
* <p>If every <code>AccessDecisionVoter</code> abstained from voting, the decision will be based on the
* {@link #isAllowIfAllAbstainDecisions()} property (defaults to false).</p>
* knows only about a single <code>ConfigAttribute</code> at a time.
* <p>
* If every <code>AccessDecisionVoter</code> abstained from voting, the decision will be based on the
* {@link #isAllowIfAllAbstainDecisions()} property (defaults to false).
*
* @param authentication the caller invoking the method
* @param object the secured object
* @param config the configuration attributes associated with the method being invoked
* @param attributes the configuration attributes associated with the method being invoked
*
* @throws AccessDeniedException if access is denied
*/
public void decide(Authentication authentication, Object object, ConfigAttributeDefinition config)
public void decide(Authentication authentication, Object object, List<ConfigAttribute> attributes)
throws AccessDeniedException {
int grant = 0;
int abstain = 0;
Iterator configIter = config.getConfigAttributes().iterator();
List<ConfigAttribute> singleAttributeList = new ArrayList<ConfigAttribute>(1);
singleAttributeList.add(null);
while (configIter.hasNext()) {
ConfigAttributeDefinition singleAttrDef =
new ConfigAttributeDefinition((ConfigAttribute) configIter.next());
for (ConfigAttribute attribute : attributes) {
singleAttributeList.set(0, attribute);
Iterator voters = this.getDecisionVoters().iterator();
while (voters.hasNext()) {
AccessDecisionVoter voter = (AccessDecisionVoter) voters.next();
int result = voter.vote(authentication, object, singleAttrDef);
for(AccessDecisionVoter voter : getDecisionVoters()) {
int result = voter.vote(authentication, object, singleAttributeList);
switch (result) {
case AccessDecisionVoter.ACCESS_GRANTED:

10
core/src/test/java/org/springframework/security/MockAccessDecisionManager.java
View File

@ -16,6 +16,7 @@
package org.springframework.security;
import java.util.Iterator;
import java.util.List;
/**
@ -28,13 +29,10 @@ import java.util.Iterator;
public class MockAccessDecisionManager implements AccessDecisionManager {
//~ Methods ========================================================================================================
public void decide(Authentication authentication, Object object, ConfigAttributeDefinition config)
throws AccessDeniedException {
Iterator iter = config.getConfigAttributes().iterator();
while (iter.hasNext()) {
ConfigAttribute attr = (ConfigAttribute) iter.next();
public void decide(Authentication authentication, Object object, List<ConfigAttribute> configAttributes)
throws AccessDeniedException {
for(ConfigAttribute attr : configAttributes) {
if (this.supports(attr)) {
for (int i = 0; i < authentication.getAuthorities().length; i++) {
if (attr.getAttribute().equals(authentication.getAuthorities()[i].getAuthority())) {

5
core/src/test/java/org/springframework/security/MockAfterInvocationManager.java
View File

@ -16,6 +16,7 @@
package org.springframework.security;
import java.util.Iterator;
import java.util.List;
/**
@ -27,9 +28,9 @@ import java.util.Iterator;
public class MockAfterInvocationManager implements AfterInvocationManager {
//~ Methods ========================================================================================================
public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
public Object decide(Authentication authentication, Object object, List<ConfigAttribute> config,
Object returnedObject) throws AccessDeniedException {
Iterator iter = config.getConfigAttributes().iterator();
Iterator iter = config.iterator();
while (iter.hasNext()) {
ConfigAttribute attr = (ConfigAttribute) iter.next();

5
core/src/test/java/org/springframework/security/MockRunAsManager.java
View File

@ -16,6 +16,7 @@
package org.springframework.security;
import java.util.Iterator;
import java.util.List;
/**
@ -28,8 +29,8 @@ import java.util.Iterator;
public class MockRunAsManager implements RunAsManager {
//~ Methods ========================================================================================================
public Authentication buildRunAs(Authentication authentication, Object object, ConfigAttributeDefinition config) {
Iterator iter = config.getConfigAttributes().iterator();
public Authentication buildRunAs(Authentication authentication, Object object, List<ConfigAttribute> config) {
Iterator iter = config.iterator();
while (iter.hasNext()) {
ConfigAttribute attr = (ConfigAttribute) iter.next();

24
core/src/test/java/org/springframework/security/afterinvocation/AfterInvocationProviderManagerTests.java
View File

@ -15,23 +15,19 @@
package org.springframework.security.afterinvocation;
import java.util.List;
import java.util.Vector;
import junit.framework.TestCase;
import org.aopalliance.intercept.MethodInvocation;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.Authentication;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.SecurityConfig;
import org.springframework.security.intercept.web.FilterInvocation;
import org.springframework.security.util.SimpleMethodInvocation;
import org.aopalliance.intercept.MethodInvocation;
import java.util.List;
import java.util.Vector;
/**
* Tests {@link AfterInvocationProviderManager}.
@ -62,11 +58,11 @@ public class AfterInvocationProviderManagerTests extends TestCase {
assertEquals(list, manager.getProviders());
manager.afterPropertiesSet();
ConfigAttributeDefinition attr1 = new ConfigAttributeDefinition(new String[] {"GIVE_ME_SWAP1"});
ConfigAttributeDefinition attr2 = new ConfigAttributeDefinition(new String[] {"GIVE_ME_SWAP2"});
ConfigAttributeDefinition attr3 = new ConfigAttributeDefinition(new String[] {"GIVE_ME_SWAP3"});
ConfigAttributeDefinition attr2and3 = new ConfigAttributeDefinition(new String[] {"GIVE_ME_SWAP2","GIVE_ME_SWAP3"});
ConfigAttributeDefinition attr4 = new ConfigAttributeDefinition(new String[] {"NEVER_CAUSES_SWAP"});
List<ConfigAttribute> attr1 = SecurityConfig.createList(new String[] {"GIVE_ME_SWAP1"});
List<ConfigAttribute> attr2 = SecurityConfig.createList(new String[] {"GIVE_ME_SWAP2"});
List<ConfigAttribute> attr3 = SecurityConfig.createList(new String[] {"GIVE_ME_SWAP3"});
List<ConfigAttribute> attr2and3 = SecurityConfig.createList(new String[] {"GIVE_ME_SWAP2","GIVE_ME_SWAP3"});
List<ConfigAttribute> attr4 = SecurityConfig.createList(new String[] {"NEVER_CAUSES_SWAP"});
assertEquals("swap1", manager.decide(null, new SimpleMethodInvocation(), attr1, "content-before-swapping"));
@ -162,7 +158,7 @@ public class AfterInvocationProviderManagerTests extends TestCase {
this.configAttribute = configAttribute;
}
public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
public Object decide(Authentication authentication, Object object, List<ConfigAttribute> config,
Object returnedObject) throws AccessDeniedException {
if (config.contains(configAttribute)) {
return forceReturnObject;

32
core/src/test/java/org/springframework/security/afterinvocation/BasicAclEntryAfterInvocationCollectionFilteringProviderTests.java
View File

@ -15,23 +15,22 @@
package org.springframework.security.afterinvocation;
import java.util.List;
import java.util.Vector;
import junit.framework.TestCase;
import org.springframework.security.AuthorizationServiceException;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.MockAclManager;
import org.springframework.security.SecurityConfig;
import org.springframework.security.acl.AclEntry;
import org.springframework.security.acl.AclManager;
import org.springframework.security.acl.basic.MockAclObjectIdentity;
import org.springframework.security.acl.basic.SimpleAclEntry;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
import org.springframework.security.util.SimpleMethodInvocation;
import java.util.List;
import java.util.Vector;
/**
* Tests {@link BasicAclEntryAfterInvocationCollectionFilteringProvider}.
@ -73,10 +72,10 @@ public class BasicAclEntryAfterInvocationCollectionFilteringProviderTests extend
// Create the Authentication and Config Attribs we'll be presenting
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("scott", "NOT_USED");
ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_COLLECTION_READ");
// Filter
List filteredList = (List) provider.decide(auth, new SimpleMethodInvocation(), attr, list);
List filteredList = (List) provider.decide(auth, new SimpleMethodInvocation(),
SecurityConfig.createList("AFTER_ACL_COLLECTION_READ"), list);
assertEquals(0, filteredList.size());
}
@ -106,7 +105,7 @@ public class BasicAclEntryAfterInvocationCollectionFilteringProviderTests extend
// Create the Authentication and Config Attribs we'll be presenting
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("scott", "NOT_USED");
ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_COLLECTION_READ");
List<ConfigAttribute> attr = SecurityConfig.createList("AFTER_ACL_COLLECTION_READ");
// Filter
List filteredList = (List) provider.decide(auth, new SimpleMethodInvocation(), attr, list);
@ -140,7 +139,7 @@ public class BasicAclEntryAfterInvocationCollectionFilteringProviderTests extend
// Create the Authentication and Config Attribs we'll be presenting
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("rod", "NOT_USED");
ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_COLLECTION_READ");
List<ConfigAttribute> attr = SecurityConfig.createList("AFTER_ACL_COLLECTION_READ");
// Filter
List filteredList = (List) provider.decide(auth, new SimpleMethodInvocation(), attr, list);
@ -175,7 +174,7 @@ public class BasicAclEntryAfterInvocationCollectionFilteringProviderTests extend
// Create the Authentication and Config Attribs we'll be presenting
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("rod", "NOT_USED");
ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_COLLECTION_READ");
List<ConfigAttribute> attr = SecurityConfig.createList("AFTER_ACL_COLLECTION_READ");
// Filter
String[] filteredList = (String[]) provider.decide(auth, new SimpleMethodInvocation(), attr, list);
@ -201,7 +200,7 @@ public class BasicAclEntryAfterInvocationCollectionFilteringProviderTests extend
// Create the Authentication and Config Attribs we'll be presenting
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("rod", "NOT_USED");
ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_COLLECTION_READ");
List<ConfigAttribute> attr = SecurityConfig.createList("AFTER_ACL_COLLECTION_READ");
// Filter
try {
@ -229,7 +228,7 @@ public class BasicAclEntryAfterInvocationCollectionFilteringProviderTests extend
// Create the Authentication and Config Attribs we'll be presenting
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("rod", "NOT_USED");
ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_COLLECTION_READ");
List<ConfigAttribute> attr = SecurityConfig.createList("AFTER_ACL_COLLECTION_READ");
// Filter
List filteredList = (List) provider.decide(auth, new SimpleMethodInvocation(), attr, null);
@ -262,14 +261,13 @@ public class BasicAclEntryAfterInvocationCollectionFilteringProviderTests extend
// Create the Authentication and Config Attribs we'll be presenting
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("rod", "NOT_USED");
ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_COLLECTION_READ");
List<ConfigAttribute> attr = SecurityConfig.createList("AFTER_ACL_COLLECTION_READ");
// As no matching config attrib, ensure provider doesn't change list
assertEquals(4, ((List) provider.decide(auth, new SimpleMethodInvocation(), attr, list)).size());
// Filter, this time with the conf attrib provider setup to answer
attr = new ConfigAttributeDefinition("AFTER_ACL_COLLECTION_ADMIN");
//attr.addConfigAttribute(new SecurityConfig("AFTER_ACL_COLLECTION_ADMIN"));
attr = SecurityConfig.createList("AFTER_ACL_COLLECTION_ADMIN");
List filteredList = (List) provider.decide(auth, new SimpleMethodInvocation(), attr, list);
@ -303,7 +301,7 @@ public class BasicAclEntryAfterInvocationCollectionFilteringProviderTests extend
// Create the Authentication and Config Attribs we'll be presenting
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("rod", "NOT_USED");
ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_COLLECTION_READ");
List<ConfigAttribute> attr = SecurityConfig.createList("AFTER_ACL_COLLECTION_READ");
// Filter
List filteredList = (List) provider.decide(auth, new SimpleMethodInvocation(), attr, list);

18
core/src/test/java/org/springframework/security/afterinvocation/BasicAclEntryAfterInvocationProviderTests.java
View File

@ -15,11 +15,15 @@
package org.springframework.security.afterinvocation;
import java.util.List;
import junit.framework.TestCase;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.MockAclManager;
import org.springframework.security.SecurityConfig;
import org.springframework.security.acl.AclEntry;
import org.springframework.security.acl.AclManager;
import org.springframework.security.acl.basic.MockAclObjectIdentity;
@ -54,7 +58,7 @@ public class BasicAclEntryAfterInvocationProviderTests extends TestCase {
// Create the Authentication and Config Attribs we'll be presenting
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("scott", "NOT_USED");
ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_READ");
List<ConfigAttribute> attr = SecurityConfig.createList("AFTER_ACL_READ");
try {
provider.decide(auth, new SimpleMethodInvocation(), attr, "belmont");
@ -81,7 +85,7 @@ public class BasicAclEntryAfterInvocationProviderTests extends TestCase {
// Create the Authentication and Config Attribs we'll be presenting
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("scott", "NOT_USED");
ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_READ");
List<ConfigAttribute> attr = SecurityConfig.createList("AFTER_ACL_READ");
try {
provider.decide(auth, new SimpleMethodInvocation(), attr, "belmont");
@ -109,7 +113,7 @@ public class BasicAclEntryAfterInvocationProviderTests extends TestCase {
// Create the Authentication and Config Attribs we'll be presenting
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("rod", "NOT_USED");
ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_READ");
List<ConfigAttribute> attr = SecurityConfig.createList("AFTER_ACL_READ");
// Filter
assertEquals("belmont", provider.decide(auth, new SimpleMethodInvocation(), attr, "belmont"));
@ -132,7 +136,7 @@ public class BasicAclEntryAfterInvocationProviderTests extends TestCase {
// Create the Authentication and Config Attribs we'll be presenting
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("rod", "NOT_USED");
ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_READ");
List<ConfigAttribute> attr = SecurityConfig.createList("AFTER_ACL_READ");
// Filter
assertNull(provider.decide(auth, new SimpleMethodInvocation(), attr, null));
@ -156,13 +160,13 @@ public class BasicAclEntryAfterInvocationProviderTests extends TestCase {
// Create the Authentication and Config Attribs we'll be presenting
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("rod", "NOT_USED");
ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_READ");
List<ConfigAttribute> attr = SecurityConfig.createList("AFTER_ACL_READ");
// As no matching config attrib, ensure provider returns original obj
assertEquals("sydney", provider.decide(auth, new SimpleMethodInvocation(), attr, "sydney"));
// Filter, this time with the conf attrib provider setup to answer
attr = new ConfigAttributeDefinition("AFTER_ACL_ADMIN");
attr = SecurityConfig.createList("AFTER_ACL_ADMIN");
assertEquals("sydney", provider.decide(auth, new SimpleMethodInvocation(), attr, "sydney"));
}
@ -184,7 +188,7 @@ public class BasicAclEntryAfterInvocationProviderTests extends TestCase {
// Create the Authentication and Config Attribs we'll be presenting
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("rod", "NOT_USED");
ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_READ");
List<ConfigAttribute> attr = SecurityConfig.createList("AFTER_ACL_READ");
// Filter
assertEquals("sydney", provider.decide(auth, new SimpleMethodInvocation(), attr, "sydney"));

1
core/src/test/java/org/springframework/security/annotation/Jsr250MethodDefinitionSourceTests.java
View File

@ -12,7 +12,6 @@ import junit.framework.Assert;
import org.junit.Test;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
/**
* @author Luke Taylor

1
core/src/test/java/org/springframework/security/annotation/SecuredMethodDefinitionSourceTests.java
View File

@ -22,7 +22,6 @@ import junit.framework.TestCase;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.SecurityConfig;
import org.springframework.util.StringUtils;

3
core/src/test/java/org/springframework/security/config/FilterInvocationDefinitionSourceParserTests.java
View File

@ -1,6 +1,6 @@
package org.springframework.security.config;
import static org.junit.Assert.*;
import static org.junit.Assert.assertTrue;
import java.util.List;
@ -11,7 +11,6 @@ import org.springframework.mock.web.MockFilterChain;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.SecurityConfig;
import org.springframework.security.intercept.web.DefaultFilterInvocationDefinitionSource;
import org.springframework.security.intercept.web.FilterInvocation;

11
core/src/test/java/org/springframework/security/config/HttpSecurityBeanDefinitionParserTests.java
View File

@ -1,7 +1,12 @@
package org.springframework.security.config;
import static org.junit.Assert.*;
import static org.springframework.security.config.ConfigTestUtils.*;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertSame;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
import static org.springframework.security.config.ConfigTestUtils.AUTH_PROVIDER_XML;
import java.lang.reflect.Method;
import java.util.Iterator;
@ -10,14 +15,12 @@ import java.util.List;
import org.junit.After;
import org.junit.Test;
import org.springframework.beans.factory.BeanCreationException;
import org.springframework.beans.factory.BeanDefinitionStoreException;
import org.springframework.beans.factory.parsing.BeanDefinitionParsingException;
import org.springframework.context.support.AbstractXmlApplicationContext;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.mock.web.MockHttpSession;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.MockAuthenticationEntryPoint;
import org.springframework.security.MockFilterChain;
import org.springframework.security.SecurityConfig;

23
core/src/test/java/org/springframework/security/config/MockAfterInvocationProvider.java
View File

@ -1,24 +1,25 @@
package org.springframework.security.config;
import java.util.List;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.Authentication;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.afterinvocation.AfterInvocationProvider;
public class MockAfterInvocationProvider implements AfterInvocationProvider {
public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config, Object returnedObject)
throws AccessDeniedException {
return returnedObject;
}
public Object decide(Authentication authentication, Object object, List<ConfigAttribute> config, Object returnedObject)
throws AccessDeniedException {
return returnedObject;
}
public boolean supports(ConfigAttribute attribute) {
return true;
}
public boolean supports(ConfigAttribute attribute) {
return true;
}
public boolean supports(Class clazz) {
return true;
}
public boolean supports(Class clazz) {
return true;
}
}

48
core/src/test/java/org/springframework/security/event/authorization/AuthenticationCredentialsNotFoundEventTests.java
View File

@ -15,11 +15,9 @@
package org.springframework.security.event.authorization;
import junit.framework.TestCase;
import org.junit.Test;
import org.springframework.security.AuthenticationCredentialsNotFoundException;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.SecurityConfig;
import org.springframework.security.util.SimpleMethodInvocation;
@ -29,42 +27,22 @@ import org.springframework.security.util.SimpleMethodInvocation;
* @author Ben Alex
* @version $Id$
*/
public class AuthenticationCredentialsNotFoundEventTests extends TestCase {
//~ Constructors ===================================================================================================
public AuthenticationCredentialsNotFoundEventTests() {
super();
}
public AuthenticationCredentialsNotFoundEventTests(String arg0) {
super(arg0);
}
//~ Methods ========================================================================================================
public class AuthenticationCredentialsNotFoundEventTests {
@Test(expected=IllegalArgumentException.class)
public void testRejectsNulls() {
try {
new AuthenticationCredentialsNotFoundEvent(null, new ConfigAttributeDefinition(new String[] {}),
new AuthenticationCredentialsNotFoundEvent(null, SecurityConfig.createList("TEST"),
new AuthenticationCredentialsNotFoundException("test"));
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertTrue(true);
}
}
try {
new AuthenticationCredentialsNotFoundEvent(new SimpleMethodInvocation(), null,
@Test(expected=IllegalArgumentException.class)
public void testRejectsNulls2() {
new AuthenticationCredentialsNotFoundEvent(new SimpleMethodInvocation(), null,
new AuthenticationCredentialsNotFoundException("test"));
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertTrue(true);
}
}
try {
new AuthenticationCredentialsNotFoundEvent(new SimpleMethodInvocation(), new ConfigAttributeDefinition(new String[] {}),
null);
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertTrue(true);
}
@Test(expected=IllegalArgumentException.class)
public void testRejectsNulls3() {
new AuthenticationCredentialsNotFoundEvent(new SimpleMethodInvocation(), SecurityConfig.createList("TEST"), null);
}
}

72
core/src/test/java/org/springframework/security/event/authorization/AuthorizationFailureEventTests.java
View File

@ -15,15 +15,10 @@
package org.springframework.security.event.authorization;
import junit.framework.TestCase;
import org.junit.Test;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.event.authorization.AuthorizationFailureEvent;
import org.springframework.security.SecurityConfig;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
import org.springframework.security.util.SimpleMethodInvocation;
@ -33,54 +28,29 @@ import org.springframework.security.util.SimpleMethodInvocation;
* @author Ben Alex
* @version $Id$
*/
public class AuthorizationFailureEventTests extends TestCase {
//~ Constructors ===================================================================================================
public AuthorizationFailureEventTests() {
super();
}
public AuthorizationFailureEventTests(String arg0) {
super(arg0);
}
//~ Methods ========================================================================================================
public static void main(String[] args) {
junit.textui.TestRunner.run(AuthorizationFailureEventTests.class);
}
public class AuthorizationFailureEventTests {
@Test(expected=IllegalArgumentException.class)
public void testRejectsNulls() {
try {
new AuthorizationFailureEvent(null, ConfigAttributeDefinition.NO_ATTRIBUTES,
new UsernamePasswordAuthenticationToken("foo", "bar"), new AccessDeniedException("error"));
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertTrue(true);
}
new AuthorizationFailureEvent(null, SecurityConfig.createList("TEST"),
new UsernamePasswordAuthenticationToken("foo", "bar"), new AccessDeniedException("error"));
}
try {
new AuthorizationFailureEvent(new SimpleMethodInvocation(), null,
new UsernamePasswordAuthenticationToken("foo", "bar"), new AccessDeniedException("error"));
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertTrue(true);
}
@Test(expected=IllegalArgumentException.class)
public void testRejectsNulls2() {
new AuthorizationFailureEvent(new SimpleMethodInvocation(), null,
new UsernamePasswordAuthenticationToken("foo", "bar"), new AccessDeniedException("error"));
}
try {
new AuthorizationFailureEvent(new SimpleMethodInvocation(), ConfigAttributeDefinition.NO_ATTRIBUTES, null,
new AccessDeniedException("error"));
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertTrue(true);
}
@Test(expected=IllegalArgumentException.class)
public void testRejectsNulls3() {
new AuthorizationFailureEvent(new SimpleMethodInvocation(), SecurityConfig.createList("TEST"), null,
new AccessDeniedException("error"));
}
try {
new AuthorizationFailureEvent(new SimpleMethodInvocation(), ConfigAttributeDefinition.NO_ATTRIBUTES,
new UsernamePasswordAuthenticationToken("foo", "bar"), null);
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertTrue(true);
}
@Test(expected=IllegalArgumentException.class)
public void testRejectsNulls4() {
new AuthorizationFailureEvent(new SimpleMethodInvocation(), SecurityConfig.createList("TEST"),
new UsernamePasswordAuthenticationToken("foo", "bar"), null);
}
}

51
core/src/test/java/org/springframework/security/event/authorization/AuthorizedEventTests.java
View File

@ -15,12 +15,9 @@
package org.springframework.security.event.authorization;
import junit.framework.TestCase;
import org.springframework.security.ConfigAttributeDefinition;
import org.junit.Test;
import org.springframework.security.SecurityConfig;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
import org.springframework.security.util.SimpleMethodInvocation;
@ -30,41 +27,21 @@ import org.springframework.security.util.SimpleMethodInvocation;
* @author Ben Alex
* @version $Id$
*/
public class AuthorizedEventTests extends TestCase {
//~ Constructors ===================================================================================================
public AuthorizedEventTests() {
super();
}
public AuthorizedEventTests(String arg0) {
super(arg0);
}
//~ Methods ========================================================================================================
public class AuthorizedEventTests {
@Test(expected=IllegalArgumentException.class)
public void testRejectsNulls() {
try {
new AuthorizedEvent(null, ConfigAttributeDefinition.NO_ATTRIBUTES,
new UsernamePasswordAuthenticationToken("foo", "bar"));
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertTrue(true);
}
new AuthorizedEvent(null, SecurityConfig.createList("TEST"), new UsernamePasswordAuthenticationToken("foo", "bar"));
}
try {
new AuthorizedEvent(new SimpleMethodInvocation(), null,
new UsernamePasswordAuthenticationToken("foo", "bar"));
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertTrue(true);
}
@Test(expected=IllegalArgumentException.class)
public void testRejectsNulls2() {
try {
new AuthorizedEvent(new SimpleMethodInvocation(), ConfigAttributeDefinition.NO_ATTRIBUTES, null);
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertTrue(true);
}
new AuthorizedEvent(new SimpleMethodInvocation(), null, new UsernamePasswordAuthenticationToken("foo", "bar"));
}
@Test(expected=IllegalArgumentException.class)
public void testRejectsNulls3() {
new AuthorizedEvent(new SimpleMethodInvocation(), SecurityConfig.createList("TEST"), null);
}
}

36
core/src/test/java/org/springframework/security/expression/support/MethodExpressionVoterTests.java
View File

@ -10,7 +10,7 @@ import java.util.List;
import org.aopalliance.intercept.MethodInvocation;
import org.junit.Before;
import org.junit.Test;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.annotation.ExpressionProtectedBusinessServiceImpl;
import org.springframework.security.providers.TestingAuthenticationToken;
import org.springframework.security.util.SimpleMethodInvocation;
@ -40,43 +40,53 @@ public class MethodExpressionVoterTests {
@Test
public void hasRoleExpressionAllowsUserWithRole() throws Exception {
ConfigAttributeDefinition cad = new ConfigAttributeDefinition(new PreInvocationExpressionConfigAttribute(null, null, "hasRole('blah')"));
assertEquals(AccessDecisionVoter.ACCESS_GRANTED, am.vote(joe, miStringArgs, cad));
assertEquals(AccessDecisionVoter.ACCESS_GRANTED, am.vote(joe, miStringArgs, createAttributes(new PreInvocationExpressionConfigAttribute(null, null, "hasRole('blah')"))));
}
@Test
public void hasRoleExpressionDeniesUserWithoutRole() throws Exception {
ConfigAttributeDefinition cad = new ConfigAttributeDefinition(new PreInvocationExpressionConfigAttribute(null, null, "hasRole('joedoesnt')"));
List<ConfigAttribute> cad = new ArrayList<ConfigAttribute>(1);
cad.add(new PreInvocationExpressionConfigAttribute(null, null, "hasRole('joedoesnt')"));
assertEquals(AccessDecisionVoter.ACCESS_DENIED, am.vote(joe, miStringArgs, cad));
}
@Test
public void matchingArgAgainstAuthenticationNameIsSuccessful() throws Exception {
// userName is an argument name of this method
ConfigAttributeDefinition cad = new ConfigAttributeDefinition(new PreInvocationExpressionConfigAttribute(null, null, "(#userName == principal) and (principal == 'joe')"));
assertEquals(AccessDecisionVoter.ACCESS_GRANTED, am.vote(joe, miStringArgs, cad));
assertEquals(AccessDecisionVoter.ACCESS_GRANTED,
am.vote(joe, miStringArgs, createAttributes(new PreInvocationExpressionConfigAttribute(null, null, "(#userName == principal) and (principal == 'joe')"))));
}
@Test
public void accessIsGrantedIfNoPreAuthorizeAttributeIsUsed() throws Exception {
ConfigAttributeDefinition cad = new ConfigAttributeDefinition(new PreInvocationExpressionConfigAttribute("(filterObject == 'jim')", "someList", null));
assertEquals(AccessDecisionVoter.ACCESS_GRANTED, am.vote(joe, miListArg, cad));
assertEquals(AccessDecisionVoter.ACCESS_GRANTED,
am.vote(joe, miListArg, createAttributes(new PreInvocationExpressionConfigAttribute("(filterObject == 'jim')", "someList", null))));
// All objects should have been removed, because the expression is always false
assertEquals(0, listArg.size());
}
@Test(expected=IllegalArgumentException.class)
public void arraysCannotBePrefiltered() throws Exception {
ConfigAttributeDefinition cad = new ConfigAttributeDefinition(new PreInvocationExpressionConfigAttribute("(filterObject == 'jim')", "someArray", null));
am.vote(joe, miArrayArg, cad);
am.vote(joe, miArrayArg,
createAttributes(new PreInvocationExpressionConfigAttribute("(filterObject == 'jim')", "someArray", null)));
}
@Test
public void listPreFilteringIsSuccessful() throws Exception {
ConfigAttributeDefinition cad = new ConfigAttributeDefinition(new PreInvocationExpressionConfigAttribute("(filterObject == 'joe' or filterObject == 'sam')", "someList", null));
am.vote(joe, miListArg, cad);
am.vote(joe, miListArg,
createAttributes(new PreInvocationExpressionConfigAttribute("(filterObject == 'joe' or filterObject == 'sam')", "someList", null)));
assertEquals("joe and sam should still be in the list", 2, listArg.size());
assertEquals("joe", listArg.get(0));
assertEquals("sam", listArg.get(1));
}
@Test
public void ruleDefinedInAClassMethodIsApplied() throws Exception {
assertEquals(AccessDecisionVoter.ACCESS_GRANTED, am.vote(joe, miStringArgs,
createAttributes(new PreInvocationExpressionConfigAttribute(null, null, "new org.springframework.security.expression.support.SecurityRules().isJoe(#userName)"))));
}
private List<ConfigAttribute> createAttributes(ConfigAttribute... attributes) {
return Arrays.asList(attributes);
}
}

42
core/src/test/java/org/springframework/security/intercept/InterceptorStatusTokenTests.java
View File

@ -15,13 +15,17 @@
package org.springframework.security.intercept;
import junit.framework.TestCase;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
import org.springframework.security.util.SimpleMethodInvocation;
import java.util.List;
import org.aopalliance.intercept.MethodInvocation;
import org.junit.Test;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.SecurityConfig;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
import org.springframework.security.util.SimpleMethodInvocation;
/**
@ -30,39 +34,17 @@ import org.aopalliance.intercept.MethodInvocation;
* @author Ben Alex
* @version $Id$
*/
public class InterceptorStatusTokenTests extends TestCase {
//~ Constructors ===================================================================================================
public InterceptorStatusTokenTests() {
super();
}
public InterceptorStatusTokenTests(String arg0) {
super(arg0);
}
//~ Methods ========================================================================================================
public void testNoArgConstructorDoesntExist() {
Class clazz = InterceptorStatusToken.class;
try {
clazz.getDeclaredConstructor((Class[]) null);
fail("Should have thrown NoSuchMethodException");
} catch (NoSuchMethodException expected) {
assertTrue(true);
}
}
public class InterceptorStatusTokenTests {
@Test
public void testOperation() {
ConfigAttributeDefinition attr = new ConfigAttributeDefinition("FOO");
List<ConfigAttribute> attr = SecurityConfig.createList("FOO");
MethodInvocation mi = new SimpleMethodInvocation();
InterceptorStatusToken token = new InterceptorStatusToken(new UsernamePasswordAuthenticationToken("rod",
"koala"), true, attr, mi);
assertTrue(token.isContextHolderRefreshRequired());
assertEquals(attr, token.getAttr());
assertEquals(attr, token.getAttributes());
assertEquals(mi, token.getSecureObject());
assertEquals("rod", token.getAuthentication().getPrincipal());
}

17
core/src/test/java/org/springframework/security/intercept/method/MethodDefinitionSourceEditorTests.java
View File

@ -15,24 +15,21 @@
package org.springframework.security.intercept.method;
import java.lang.reflect.AccessibleObject;
import java.lang.reflect.Method;
import java.util.Iterator;
import java.util.List;
import junit.framework.TestCase;
import org.aopalliance.intercept.MethodInvocation;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.ITargetObject;
import org.springframework.security.MockJoinPoint;
import org.springframework.security.OtherTargetObject;
import org.springframework.security.SecurityConfig;
import org.springframework.security.TargetObject;
import org.aopalliance.intercept.MethodInvocation;
import java.lang.reflect.AccessibleObject;
import java.lang.reflect.Method;
import java.util.Iterator;
import java.util.List;
/**
* Tests {@link MethodDefinitionSourceEditor} and its associated {@link MapBasedMethodDefinitionSource}.
@ -149,7 +146,7 @@ public class MethodDefinitionSourceEditorTests extends TestCase {
"org.springframework.security.TargetObject.countLength=ROLE_ONE,ROLE_TWO,RUN_AS_ENTRY\r\norg.springframework.security.TargetObject.make*=ROLE_NINE,ROLE_SUPERVISOR");
MapBasedMethodDefinitionSource map = (MapBasedMethodDefinitionSource) editor.getValue();
Iterator iter = map.getConfigAttributeDefinitions().iterator();
Iterator iter = map.getAllConfigAttributes().iterator();
int counter = 0;
while (iter.hasNext()) {

14
core/src/test/java/org/springframework/security/intercept/method/MockMethodDefinitionSource.java
View File

@ -15,18 +15,16 @@
package org.springframework.security.intercept.method;
import org.aopalliance.intercept.MethodInvocation;
import org.aspectj.lang.JoinPoint;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.SecurityConfig;
import java.lang.reflect.Method;
import java.util.Collection;
import java.util.List;
import java.util.Vector;
import org.aopalliance.intercept.MethodInvocation;
import org.aspectj.lang.JoinPoint;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.SecurityConfig;
/**
*
@ -64,7 +62,7 @@ public class MockMethodDefinitionSource implements MethodDefinitionSource {
//~ Methods ========================================================================================================
public Collection<List<? extends ConfigAttribute>> getConfigAttributeDefinitions() {
public Collection<List<? extends ConfigAttribute>> getAllConfigAttributes() {
if (returnACollection) {
return list;
} else {

27
core/src/test/java/org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptorTests.java
View File

@ -15,8 +15,14 @@
package org.springframework.security.intercept.method.aopalliance;
import java.lang.reflect.Method;
import java.util.Collection;
import java.util.List;
import junit.framework.TestCase;
import org.springframework.context.ApplicationContext;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import org.springframework.security.AccessDecisionManager;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.AfterInvocationManager;
@ -24,7 +30,6 @@ import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationCredentialsNotFoundException;
import org.springframework.security.AuthenticationException;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.ITargetObject;
@ -33,24 +38,12 @@ import org.springframework.security.MockAfterInvocationManager;
import org.springframework.security.MockAuthenticationManager;
import org.springframework.security.MockRunAsManager;
import org.springframework.security.RunAsManager;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.intercept.method.MethodDefinitionSource;
import org.springframework.security.intercept.method.MockMethodDefinitionSource;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
import org.springframework.security.runas.RunAsManagerImpl;
import org.springframework.context.ApplicationContext;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import java.lang.reflect.Method;
import java.util.Collection;
import java.util.List;
/**
* Tests {@link MethodSecurityInterceptor}.
@ -409,7 +402,7 @@ public class MethodSecurityInterceptorTests extends TestCase {
//~ Inner Classes ==================================================================================================
private class MockAccessDecisionManagerWhichOnlySupportsStrings implements AccessDecisionManager {
public void decide(Authentication authentication, Object object, ConfigAttributeDefinition config)
public void decide(Authentication authentication, Object object, List<ConfigAttribute> configAttributes)
throws AccessDeniedException {
throw new UnsupportedOperationException("mock method not implemented");
}
@ -428,7 +421,7 @@ public class MethodSecurityInterceptorTests extends TestCase {
}
private class MockAfterInvocationManagerWhichOnlySupportsStrings implements AfterInvocationManager {
public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
public Object decide(Authentication authentication, Object object, List<ConfigAttribute> config,
Object returnedObject) throws AccessDeniedException {
throw new UnsupportedOperationException("mock method not implemented");
}
@ -447,7 +440,7 @@ public class MethodSecurityInterceptorTests extends TestCase {
}
private class MockObjectDefinitionSourceWhichOnlySupportsStrings implements MethodDefinitionSource {
public Collection<List<? extends ConfigAttribute>> getConfigAttributeDefinitions() {
public Collection<List<? extends ConfigAttribute>> getAllConfigAttributes() {
return null;
}
@ -469,7 +462,7 @@ public class MethodSecurityInterceptorTests extends TestCase {
}
private class MockRunAsManagerWhichOnlySupportsStrings implements RunAsManager {
public Authentication buildRunAs(Authentication authentication, Object object, ConfigAttributeDefinition config) {
public Authentication buildRunAs(Authentication authentication, Object object, List<ConfigAttribute> config) {
throw new UnsupportedOperationException("mock method not implemented");
}

102
core/src/test/java/org/springframework/security/intercept/web/AbstractFilterInvocationDefinitionSourceTests.java
View File

@ -1,102 +0,0 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.intercept.web;
import junit.framework.TestCase;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
/**
* Tests {@link DefaultFilterInvocationDefinitionSource}.
*
* @author Ben Alex
* @version $Id$
*/
public class AbstractFilterInvocationDefinitionSourceTests extends TestCase {
//~ Constructors ===================================================================================================
public AbstractFilterInvocationDefinitionSourceTests() {
super();
}
public AbstractFilterInvocationDefinitionSourceTests(String arg0) {
super(arg0);
}
//~ Methods ========================================================================================================
public void testDoesNotSupportAnotherObject() {
MockFilterInvocationDefinitionSource mfis = new MockFilterInvocationDefinitionSource(false, true);
assertFalse(mfis.supports(String.class));
}
public void testGetAttributesForANonFilterInvocation() {
MockFilterInvocationDefinitionSource mfis = new MockFilterInvocationDefinitionSource(false, true);
try {
mfis.getAttributes(new String());
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertTrue(true);
}
}
public void testGetAttributesForANullObject() {
MockFilterInvocationDefinitionSource mfis = new MockFilterInvocationDefinitionSource(false, true);
try {
mfis.getAttributes(null);
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertTrue(true);
}
}
public void testGetAttributesForFilterInvocationSuccess() {
MockFilterInvocationDefinitionSource mfis = new MockFilterInvocationDefinitionSource(false, true);
try {
mfis.getAttributes(new FilterInvocation(new MockHttpServletRequest(null, null),
new MockHttpServletResponse(), new MockFilterChain()));
fail("Should have thrown UnsupportedOperationException");
} catch (UnsupportedOperationException expected) {
assertTrue(true);
}
}
public void testSupportsFilterInvocation() {
MockFilterInvocationDefinitionSource mfis = new MockFilterInvocationDefinitionSource(false, true);
assertTrue(mfis.supports(FilterInvocation.class));
}
//~ Inner Classes ==================================================================================================
private class MockFilterChain implements FilterChain {
public void doFilter(ServletRequest arg0, ServletResponse arg1)
throws IOException, ServletException {
throw new UnsupportedOperationException("mock method not implemented");
}
}
}

42
core/src/test/java/org/springframework/security/intercept/web/DefaultFilterInvocationDefinitionSourceTests.java
View File

@ -16,7 +16,6 @@
package org.springframework.security.intercept.web;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
@ -30,7 +29,6 @@ import org.springframework.security.ConfigAttribute;
import org.springframework.security.MockFilterChain;
import org.springframework.security.SecurityConfig;
import org.springframework.security.util.AntUrlPathMatcher;
import org.springframework.security.util.InMemoryXmlApplicationContext;
/**
* Tests parts of {@link DefaultFilterInvocationDefinitionSource} not tested by {@link
@ -136,14 +134,14 @@ public class DefaultFilterInvocationDefinitionSourceTests {
@Test
public void httpMethodSpecificUrlTakesPrecedence() {
// Even though this is added before the method-specific def, the latter should match
List<? extends ConfigAttribute> allMethodDef = def;
map.addSecureUrl("/**", null, def);
List<ConfigAttribute> allMethodDef = def;
map.addSecureUrl("/**", null, allMethodDef);
List<? extends ConfigAttribute> postOnlyDef = SecurityConfig.createList("ROLE_TWO");
List<ConfigAttribute> postOnlyDef = SecurityConfig.createList("ROLE_TWO");
map.addSecureUrl("/somepage**", "POST", postOnlyDef);
FilterInvocation fi = createFilterInvocation("/somepage", "POST");
List<? extends ConfigAttribute> attrs = map.getAttributes(fi);
List<ConfigAttribute> attrs = map.getAttributes(fi);
assertEquals(postOnlyDef, attrs);
}
@ -165,38 +163,6 @@ public class DefaultFilterInvocationDefinitionSourceTests {
assertEquals(def, response);
}
@Test
public void xmlMapConfigurationIsSuccessful() {
InMemoryXmlApplicationContext context = new InMemoryXmlApplicationContext(
"<b:bean id='fids' class='org.springframework.security.intercept.web.DefaultFilterInvocationDefinitionSource'>" +
" <b:constructor-arg>" +
" <b:bean class='org.springframework.security.util.AntUrlPathMatcher'/>" +
" </b:constructor-arg>" +
" <b:constructor-arg>" +
" <b:map>" +
" <b:entry>" +
" <b:key>" +
" <b:bean class='org.springframework.security.intercept.web.RequestKey'>" +
" <b:constructor-arg index='0' value='/**'/>" +
" <b:constructor-arg index='1' value='GET'/>" +
" </b:bean>" +
" </b:key>" +
" <b:bean class='org.springframework.security.ConfigAttributeDefinition'>" +
" <b:constructor-arg value='ROLE_A'/>" +
" </b:bean>" +
" </b:entry>" +
" </b:map>" +
" </b:constructor-arg>" +
"</b:bean>"
);
DefaultFilterInvocationDefinitionSource fids = (DefaultFilterInvocationDefinitionSource) context.getBean("fids");
List<? extends ConfigAttribute> cad = fids.lookupAttributes("/anything", "GET");
assertNotNull(cad);
assertEquals(1, cad.size());
context.close();
}
private FilterInvocation createFilterInvocation(String path, String method) {
MockHttpServletRequest request = new MockHttpServletRequest();
request.setRequestURI(null);

2
core/src/test/java/org/springframework/security/intercept/web/FilterInvocationDefinitionSourceEditorTests.java
View File

@ -146,7 +146,7 @@ public class FilterInvocationDefinitionSourceEditorTests extends TestCase {
editor.setAsText("\\A/secure/super.*\\Z=ROLE_WE_DONT_HAVE\r\n\\A/secure/.*\\Z=ROLE_SUPERVISOR,ROLE_TELLER");
DefaultFilterInvocationDefinitionSource map = (DefaultFilterInvocationDefinitionSource) editor.getValue();
Iterator iter = map.getConfigAttributeDefinitions().iterator();
Iterator iter = map.getAllConfigAttributes().iterator();
int counter = 0;
while (iter.hasNext()) {

54
core/src/test/java/org/springframework/security/intercept/web/FilterSecurityInterceptorTests.java
View File

@ -15,30 +15,7 @@
package org.springframework.security.intercept.web;
import junit.framework.TestCase;
import org.springframework.security.AccessDecisionManager;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.Authentication;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.MockAccessDecisionManager;
import org.springframework.security.MockAuthenticationManager;
import org.springframework.security.MockRunAsManager;
import org.springframework.security.RunAsManager;
import org.springframework.security.MockApplicationEventPublisher;
import org.springframework.security.SecurityConfig;
import org.springframework.security.util.AntUrlPathMatcher;
import org.springframework.security.util.RegexUrlPathMatcher;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import java.io.IOException;
import java.util.Collection;
import java.util.LinkedHashMap;
import java.util.List;
@ -48,6 +25,27 @@ import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import junit.framework.TestCase;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.AccessDecisionManager;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.Authentication;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.MockAccessDecisionManager;
import org.springframework.security.MockApplicationEventPublisher;
import org.springframework.security.MockAuthenticationManager;
import org.springframework.security.MockRunAsManager;
import org.springframework.security.RunAsManager;
import org.springframework.security.SecurityConfig;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
import org.springframework.security.util.AntUrlPathMatcher;
import org.springframework.security.util.RegexUrlPathMatcher;
/**
* Tests {@link FilterSecurityInterceptor}.
@ -92,7 +90,7 @@ public class FilterSecurityInterceptorTests extends TestCase {
return true;
}
public void decide(Authentication authentication, Object object, ConfigAttributeDefinition config)
public void decide(Authentication authentication, Object object, List<ConfigAttribute> configAttributes)
throws AccessDeniedException {
throw new UnsupportedOperationException("mock method not implemented");
}
@ -124,7 +122,7 @@ public class FilterSecurityInterceptorTests extends TestCase {
}
public Authentication buildRunAs(Authentication authentication, Object object,
ConfigAttributeDefinition config) {
List<ConfigAttribute> config) {
throw new UnsupportedOperationException("mock method not implemented");
}
});
@ -221,9 +219,9 @@ public class FilterSecurityInterceptorTests extends TestCase {
public void testNotLoadedFromApplicationContext() throws Exception {
LinkedHashMap reqMap = new LinkedHashMap();
reqMap.put(new RequestKey("/secure/**", null), new ConfigAttributeDefinition(new String[] {"ROLE_USER"}));
reqMap.put(new RequestKey("/secure/**", null), SecurityConfig.createList("ROLE_USER"));
DefaultFilterInvocationDefinitionSource fids
= new DefaultFilterInvocationDefinitionSource(new AntUrlPathMatcher());
= new DefaultFilterInvocationDefinitionSource(new AntUrlPathMatcher(), reqMap);
FilterSecurityInterceptor filter = new FilterSecurityInterceptor();
filter.setObjectDefinitionSource(fids);
@ -278,7 +276,7 @@ public class FilterSecurityInterceptorTests extends TestCase {
}
}
public Collection<List<? extends ConfigAttribute>> getConfigAttributeDefinitions() {
public Collection<List<? extends ConfigAttribute>> getAllConfigAttributes() {
return null;
}

76
core/src/test/java/org/springframework/security/intercept/web/MockFilterInvocationDefinitionSource.java
View File

@ -1,76 +0,0 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.intercept.web;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.util.AntUrlPathMatcher;
import java.util.Collection;
import java.util.List;
import java.util.Vector;
/**
* Mock for {@link FilterInvocationDefinitionSource}
*
* @author Ben Alex
* @version $Id$
*/
public class MockFilterInvocationDefinitionSource extends DefaultFilterInvocationDefinitionSource {
//~ Instance fields ================================================================================================
private List list;
private boolean returnAnIterator;
//~ Constructors ===================================================================================================
public MockFilterInvocationDefinitionSource(boolean includeInvalidAttributes, boolean returnAnIteratorWhenRequested) {
super(new AntUrlPathMatcher()); // doesn't matter
returnAnIterator = returnAnIteratorWhenRequested;
list = new Vector();
ConfigAttributeDefinition def1 = new ConfigAttributeDefinition("MOCK_LOWER");
list.add(def1);
if (includeInvalidAttributes) {
ConfigAttributeDefinition def2 = new ConfigAttributeDefinition(new String[] {"MOCK_LOWER", "INVALID_ATTRIBUTE"});
list.add(def2);
}
ConfigAttributeDefinition def3 = new ConfigAttributeDefinition(new String[] {"MOCK_UPPER","RUN_AS"});
list.add(def3);
if (includeInvalidAttributes) {
ConfigAttributeDefinition def4 = new ConfigAttributeDefinition(new String[] {"MOCK_SOMETHING","ANOTHER_INVALID"});
list.add(def4);
}
}
//~ Methods ========================================================================================================
public Collection<List<? extends ConfigAttribute>> getConfigAttributeDefinitions() {
if (returnAnIterator) {
return list;
} else {
return null;
}
}
public List<ConfigAttribute> lookupAttributes(String url, String method) {
throw new UnsupportedOperationException("mock method not implemented");
}
}

34
core/src/test/java/org/springframework/security/runas/RunAsManagerImplTests.java
View File

@ -18,12 +18,10 @@ package org.springframework.security.runas;
import junit.framework.TestCase;
import org.springframework.security.Authentication;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.RunAsManager;
import org.springframework.security.SecurityConfig;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
@ -34,46 +32,23 @@ import org.springframework.security.providers.UsernamePasswordAuthenticationToke
* @version $Id$
*/
public class RunAsManagerImplTests extends TestCase {
//~ Constructors ===================================================================================================
public RunAsManagerImplTests() {
super();
}
public RunAsManagerImplTests(String arg0) {
super(arg0);
}
//~ Methods ========================================================================================================
public static void main(String[] args) {
junit.textui.TestRunner.run(RunAsManagerImplTests.class);
}
public final void setUp() throws Exception {
super.setUp();
}
public void testAlwaysSupportsClass() {
RunAsManagerImpl runAs = new RunAsManagerImpl();
assertTrue(runAs.supports(String.class));
}
public void testDoesNotReturnAdditionalAuthoritiesIfCalledWithoutARunAsSetting()
throws Exception {
ConfigAttributeDefinition def = new ConfigAttributeDefinition("SOMETHING_WE_IGNORE");
public void testDoesNotReturnAdditionalAuthoritiesIfCalledWithoutARunAsSetting() throws Exception {
UsernamePasswordAuthenticationToken inputToken = new UsernamePasswordAuthenticationToken("Test", "Password",
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO")});
RunAsManagerImpl runAs = new RunAsManagerImpl();
runAs.setKey("my_password");
Authentication resultingToken = runAs.buildRunAs(inputToken, new Object(), def);
Authentication resultingToken = runAs.buildRunAs(inputToken, new Object(), SecurityConfig.createList("SOMETHING_WE_IGNORE"));
assertEquals(null, resultingToken);
}
public void testRespectsRolePrefix() throws Exception {
ConfigAttributeDefinition def = new ConfigAttributeDefinition("RUN_AS_SOMETHING");
UsernamePasswordAuthenticationToken inputToken = new UsernamePasswordAuthenticationToken("Test", "Password",
new GrantedAuthority[] {new GrantedAuthorityImpl("ONE"), new GrantedAuthorityImpl("TWO")});
@ -81,7 +56,7 @@ public class RunAsManagerImplTests extends TestCase {
runAs.setKey("my_password");
runAs.setRolePrefix("FOOBAR_");
Authentication resultingToken = runAs.buildRunAs(inputToken, new Object(), def);
Authentication resultingToken = runAs.buildRunAs(inputToken, new Object(), SecurityConfig.createList("RUN_AS_SOMETHING"));
if (!(resultingToken instanceof RunAsUserToken)) {
fail("Should have returned a RunAsUserToken");
@ -98,14 +73,13 @@ public class RunAsManagerImplTests extends TestCase {
}
public void testReturnsAdditionalGrantedAuthorities() throws Exception {
ConfigAttributeDefinition def = new ConfigAttributeDefinition("RUN_AS_SOMETHING");
UsernamePasswordAuthenticationToken inputToken = new UsernamePasswordAuthenticationToken("Test", "Password",
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO")});
RunAsManagerImpl runAs = new RunAsManagerImpl();
runAs.setKey("my_password");
Authentication resultingToken = runAs.buildRunAs(inputToken, new Object(), def);
Authentication resultingToken = runAs.buildRunAs(inputToken, new Object(), SecurityConfig.createList("RUN_AS_SOMETHING"));
if (!(resultingToken instanceof RunAsUserToken)) {
fail("Should have returned a RunAsUserToken");

15
core/src/test/java/org/springframework/security/securechannel/ChannelDecisionManagerImplTests.java
View File

@ -18,7 +18,6 @@ package org.springframework.security.securechannel;
import junit.framework.TestCase;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.MockFilterChain;
import org.springframework.security.SecurityConfig;
@ -95,7 +94,7 @@ public class ChannelDecisionManagerImplTests extends TestCase {
MockFilterChain chain = new MockFilterChain();
FilterInvocation fi = new FilterInvocation(request, response, chain);
ConfigAttributeDefinition cad = new ConfigAttributeDefinition("xyz");
List<ConfigAttribute> cad = SecurityConfig.createList("xyz");
cdm.decide(fi, cad);
assertTrue(fi.getResponse().isCommitted());
@ -114,9 +113,7 @@ public class ChannelDecisionManagerImplTests extends TestCase {
MockFilterChain chain = new MockFilterChain();
FilterInvocation fi = new FilterInvocation(request, response, chain);
ConfigAttributeDefinition cad = new ConfigAttributeDefinition(new String[]{"abc", "ANY_CHANNEL"});
cdm.decide(fi, cad);
cdm.decide(fi, SecurityConfig.createList(new String[]{"abc", "ANY_CHANNEL"}));
assertFalse(fi.getResponse().isCommitted());
}
@ -135,9 +132,7 @@ public class ChannelDecisionManagerImplTests extends TestCase {
MockFilterChain chain = new MockFilterChain();
FilterInvocation fi = new FilterInvocation(request, response, chain);
ConfigAttributeDefinition cad = new ConfigAttributeDefinition("SOME_ATTRIBUTE_NO_PROCESSORS_SUPPORT");
cdm.decide(fi, cad);
cdm.decide(fi, SecurityConfig.createList("SOME_ATTRIBUTE_NO_PROCESSORS_SUPPORT"));
assertFalse(fi.getResponse().isCommitted());
}
@ -192,9 +187,9 @@ public class ChannelDecisionManagerImplTests extends TestCase {
this.failIfCalled = failIfCalled;
}
public void decide(FilterInvocation invocation, ConfigAttributeDefinition config)
public void decide(FilterInvocation invocation, List<ConfigAttribute> config)
throws IOException, ServletException {
Iterator iter = config.getConfigAttributes().iterator();
Iterator iter = config.iterator();
if (failIfCalled) {
fail("Should not have called this channel processor: " + configAttribute);

5
core/src/test/java/org/springframework/security/securechannel/ChannelProcessingFilterTests.java
View File

@ -18,7 +18,6 @@ package org.springframework.security.securechannel;
import junit.framework.TestCase;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.SecurityConfig;
import org.springframework.security.intercept.web.FilterInvocation;
@ -208,7 +207,7 @@ public class ChannelProcessingFilterTests extends TestCase {
this.supportAttribute = supportAttribute;
}
public void decide(FilterInvocation invocation, ConfigAttributeDefinition config)
public void decide(FilterInvocation invocation, List<ConfigAttribute> config)
throws IOException, ServletException {
if (commitAResponse) {
invocation.getHttpResponse().sendRedirect("/redirected");
@ -267,7 +266,7 @@ public class ChannelProcessingFilterTests extends TestCase {
}
}
public Collection<List<? extends ConfigAttribute>> getConfigAttributeDefinitions() {
public Collection<List<? extends ConfigAttribute>> getAllConfigAttributes() {
if (!provideIterator) {
return null;
}

26
core/src/test/java/org/springframework/security/securechannel/InsecureChannelProcessorTests.java
View File

@ -17,14 +17,11 @@ package org.springframework.security.securechannel;
import junit.framework.TestCase;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.MockFilterChain;
import org.springframework.security.SecurityConfig;
import org.springframework.security.intercept.web.FilterInvocation;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.MockFilterChain;
import org.springframework.security.SecurityConfig;
import org.springframework.security.intercept.web.FilterInvocation;
/**
@ -34,19 +31,8 @@ import org.springframework.mock.web.MockHttpServletResponse;
* @version $Id$
*/
public class InsecureChannelProcessorTests extends TestCase {
//~ Methods ========================================================================================================
public static void main(String[] args) {
junit.textui.TestRunner.run(InsecureChannelProcessorTests.class);
}
public final void setUp() throws Exception {
super.setUp();
}
public void testDecideDetectsAcceptableChannel() throws Exception {
ConfigAttributeDefinition cad = new ConfigAttributeDefinition(new String[]{"SOME_IGNORED_ATTRIBUTE", "REQUIRES_INSECURE_CHANNEL"});
MockHttpServletRequest request = new MockHttpServletRequest();
request.setQueryString("info=true");
request.setServerName("localhost");
@ -60,15 +46,13 @@ public class InsecureChannelProcessorTests extends TestCase {
FilterInvocation fi = new FilterInvocation(request, response, chain);
InsecureChannelProcessor processor = new InsecureChannelProcessor();
processor.decide(fi, cad);
processor.decide(fi, SecurityConfig.createList("SOME_IGNORED_ATTRIBUTE", "REQUIRES_INSECURE_CHANNEL"));
assertFalse(fi.getResponse().isCommitted());
}
public void testDecideDetectsUnacceptableChannel()
throws Exception {
ConfigAttributeDefinition cad = new ConfigAttributeDefinition(new String[]{"SOME_IGNORED_ATTRIBUTE", "REQUIRES_INSECURE_CHANNEL"});
MockHttpServletRequest request = new MockHttpServletRequest();
request.setQueryString("info=true");
request.setServerName("localhost");
@ -83,7 +67,7 @@ public class InsecureChannelProcessorTests extends TestCase {
FilterInvocation fi = new FilterInvocation(request, response, chain);
InsecureChannelProcessor processor = new InsecureChannelProcessor();
processor.decide(fi, cad);
processor.decide(fi, SecurityConfig.createList(new String[]{"SOME_IGNORED_ATTRIBUTE", "REQUIRES_INSECURE_CHANNEL"}));
assertTrue(fi.getResponse().isCommitted());
}

17
core/src/test/java/org/springframework/security/securechannel/SecureChannelProcessorTests.java
View File

@ -17,14 +17,11 @@ package org.springframework.security.securechannel;
import junit.framework.TestCase;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.MockFilterChain;
import org.springframework.security.SecurityConfig;
import org.springframework.security.intercept.web.FilterInvocation;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.MockFilterChain;
import org.springframework.security.SecurityConfig;
import org.springframework.security.intercept.web.FilterInvocation;
/**
@ -37,8 +34,6 @@ public class SecureChannelProcessorTests extends TestCase {
//~ Methods ========================================================================================================
public void testDecideDetectsAcceptableChannel() throws Exception {
ConfigAttributeDefinition cad = new ConfigAttributeDefinition(new String[]{"SOME_IGNORED_ATTRIBUTE", "REQUIRES_SECURE_CHANNEL"});
MockHttpServletRequest request = new MockHttpServletRequest();
request.setQueryString("info=true");
request.setServerName("localhost");
@ -53,14 +48,12 @@ public class SecureChannelProcessorTests extends TestCase {
FilterInvocation fi = new FilterInvocation(request, response, chain);
SecureChannelProcessor processor = new SecureChannelProcessor();
processor.decide(fi, cad);
processor.decide(fi, SecurityConfig.createList("SOME_IGNORED_ATTRIBUTE", "REQUIRES_SECURE_CHANNEL"));
assertFalse(fi.getResponse().isCommitted());
}
public void testDecideDetectsUnacceptableChannel() throws Exception {
ConfigAttributeDefinition cad = new ConfigAttributeDefinition(new String[]{"SOME_IGNORED_ATTRIBUTE", "REQUIRES_SECURE_CHANNEL"});
MockHttpServletRequest request = new MockHttpServletRequest();
request.setQueryString("info=true");
request.setServerName("localhost");
@ -74,7 +67,7 @@ public class SecureChannelProcessorTests extends TestCase {
FilterInvocation fi = new FilterInvocation(request, response, chain);
SecureChannelProcessor processor = new SecureChannelProcessor();
processor.decide(fi, cad);
processor.decide(fi, SecurityConfig.createList(new String[]{"SOME_IGNORED_ATTRIBUTE", "REQUIRES_SECURE_CHANNEL"}));
assertTrue(fi.getResponse().isCommitted());
}

56
core/src/test/java/org/springframework/security/util/FilterChainProxyTests.java
View File

@ -15,29 +15,26 @@
package org.springframework.security.util;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.MockFilterConfig;
import org.springframework.security.SecurityConfig;
import org.springframework.security.context.HttpSessionContextIntegrationFilter;
import org.springframework.security.intercept.web.MockFilterInvocationDefinitionSource;
import org.springframework.security.intercept.web.DefaultFilterInvocationDefinitionSource;
import org.springframework.security.intercept.web.RequestKey;
import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
import java.util.List;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.springframework.beans.factory.BeanCreationException;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import org.springframework.context.support.StaticApplicationContext;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.junit.After;
import static org.junit.Assert.*;
import org.junit.Before;
import org.junit.Test;
import java.util.LinkedHashMap;
import java.util.List;
import org.springframework.security.MockFilterConfig;
import org.springframework.security.context.HttpSessionContextIntegrationFilter;
import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;
/**
* Tests {@link FilterChainProxy}.
@ -63,31 +60,6 @@ public class FilterChainProxyTests {
}
}
@Test(expected=IllegalArgumentException.class)
public void testDetectsFilterInvocationDefinitionSourceThatDoesNotReturnAllConfigAttributes() throws Exception {
FilterChainProxy filterChainProxy = new FilterChainProxy();
filterChainProxy.setApplicationContext(new StaticApplicationContext());
filterChainProxy.setFilterInvocationDefinitionSource(new MockFilterInvocationDefinitionSource(false, false));
filterChainProxy.afterPropertiesSet();
}
@Test(expected=IllegalArgumentException.class)
public void testDetectsIfConfigAttributeDoesNotReturnValueForGetAttributeMethod() throws Exception {
FilterChainProxy filterChainProxy = new FilterChainProxy();
filterChainProxy.setApplicationContext(new StaticApplicationContext());
LinkedHashMap map = new LinkedHashMap();
map.put(new RequestKey("/**"), SecurityConfig.createList(null));
DefaultFilterInvocationDefinitionSource fids =
new DefaultFilterInvocationDefinitionSource(new AntUrlPathMatcher(), map);
filterChainProxy.setFilterInvocationDefinitionSource(fids);
filterChainProxy.afterPropertiesSet();
filterChainProxy.init(new MockFilterConfig());
}
@Test(expected = IllegalArgumentException.class)
public void testDetectsMissingFilterInvocationDefinitionSource() throws Exception {
FilterChainProxy filterChainProxy = new FilterChainProxy();

5
core/src/test/java/org/springframework/security/vote/AbstractAccessDecisionManagerTests.java
View File

@ -20,7 +20,6 @@ import junit.framework.TestCase;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.Authentication;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.SecurityConfig;
import java.util.List;
@ -162,7 +161,7 @@ public class AbstractAccessDecisionManagerTests extends TestCase {
//~ Inner Classes ==================================================================================================
private class MockDecisionManagerImpl extends AbstractAccessDecisionManager {
public void decide(Authentication authentication, Object object, ConfigAttributeDefinition config)
public void decide(Authentication authentication, Object object, List<ConfigAttribute> configAttributes)
throws AccessDeniedException {
return;
}
@ -181,7 +180,7 @@ public class AbstractAccessDecisionManagerTests extends TestCase {
throw new UnsupportedOperationException("mock method not implemented");
}
public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config) {
public int vote(Authentication authentication, Object object, List<ConfigAttribute> attributes) {
throw new UnsupportedOperationException("mock method not implemented");
}
}

97
core/src/test/java/org/springframework/security/vote/AffirmativeBasedTests.java
View File

@ -15,18 +15,18 @@
package org.springframework.security.vote;
import junit.framework.TestCase;
import static org.junit.Assert.assertTrue;
import java.util.ArrayList;
import java.util.List;
import org.junit.Test;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.SecurityConfig;
import org.springframework.security.providers.TestingAuthenticationToken;
import java.util.List;
import java.util.Vector;
/**
* Tests {@link AffirmativeBased}.
@ -34,29 +34,14 @@ import java.util.Vector;
* @author Ben Alex
* @version $Id$
*/
public class AffirmativeBasedTests extends TestCase {
//~ Constructors ===================================================================================================
public AffirmativeBasedTests() {
super();
}
public AffirmativeBasedTests(String arg0) {
super(arg0);
}
//~ Methods ========================================================================================================
public static void main(String[] args) {
junit.textui.TestRunner.run(AffirmativeBasedTests.class);
}
public class AffirmativeBasedTests {
private AffirmativeBased makeDecisionManager() {
AffirmativeBased decisionManager = new AffirmativeBased();
RoleVoter roleVoter = new RoleVoter();
DenyVoter denyForSureVoter = new DenyVoter();
DenyAgainVoter denyAgainForSureVoter = new DenyAgainVoter();
List voters = new Vector();
List voters = new ArrayList();
voters.add(roleVoter);
voters.add(denyForSureVoter);
voters.add(denyAgainForSureVoter);
@ -70,85 +55,55 @@ public class AffirmativeBasedTests extends TestCase {
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_1"), new GrantedAuthorityImpl("ROLE_2")});
}
public final void setUp() throws Exception {
super.setUp();
}
public void testOneAffirmativeVoteOneDenyVoteOneAbstainVoteGrantsAccess()
throws Exception {
@Test
public void testOneAffirmativeVoteOneDenyVoteOneAbstainVoteGrantsAccess() throws Exception {
TestingAuthenticationToken auth = makeTestToken();
AffirmativeBased mgr = makeDecisionManager();
ConfigAttributeDefinition config = new ConfigAttributeDefinition(new String[]{"ROLE_1", "DENY_FOR_SURE"});
mgr.decide(auth, new Object(), config);
assertTrue(true);
mgr.decide(auth, new Object(), SecurityConfig.createList(new String[]{"ROLE_1", "DENY_FOR_SURE"}));
}
public void testOneAffirmativeVoteTwoAbstainVotesGrantsAccess()
throws Exception {
@Test
public void testOneAffirmativeVoteTwoAbstainVotesGrantsAccess() throws Exception {
TestingAuthenticationToken auth = makeTestToken();
AffirmativeBased mgr = makeDecisionManager();
ConfigAttributeDefinition config = new ConfigAttributeDefinition("ROLE_2");
mgr.decide(auth, new Object(), config);
assertTrue(true);
mgr.decide(auth, new Object(), SecurityConfig.createList("ROLE_2"));
}
public void testOneDenyVoteTwoAbstainVotesDeniesAccess()
throws Exception {
@Test(expected=AccessDeniedException.class)
public void testOneDenyVoteTwoAbstainVotesDeniesAccess() throws Exception {
TestingAuthenticationToken auth = makeTestToken();
AffirmativeBased mgr = makeDecisionManager();
ConfigAttributeDefinition config = new ConfigAttributeDefinition("ROLE_WE_DO_NOT_HAVE");
try {
mgr.decide(auth, new Object(), config);
fail("Should have thrown AccessDeniedException");
} catch (AccessDeniedException expected) {
assertTrue(true);
}
mgr.decide(auth, new Object(), SecurityConfig.createList("ROLE_WE_DO_NOT_HAVE"));
}
public void testThreeAbstainVotesDeniesAccessWithDefault()
throws Exception {
@Test(expected=AccessDeniedException.class)
public void testThreeAbstainVotesDeniesAccessWithDefault() throws Exception {
TestingAuthenticationToken auth = makeTestToken();
AffirmativeBased mgr = makeDecisionManager();
assertTrue(!mgr.isAllowIfAllAbstainDecisions()); // check default
ConfigAttributeDefinition config = new ConfigAttributeDefinition("IGNORED_BY_ALL");
try {
mgr.decide(auth, new Object(), config);
fail("Should have thrown AccessDeniedException");
} catch (AccessDeniedException expected) {
assertTrue(true);
}
mgr.decide(auth, new Object(), SecurityConfig.createList("IGNORED_BY_ALL"));
}
public void testThreeAbstainVotesGrantsAccessWithoutDefault()
throws Exception {
@Test
public void testThreeAbstainVotesGrantsAccessWithoutDefault() throws Exception {
TestingAuthenticationToken auth = makeTestToken();
AffirmativeBased mgr = makeDecisionManager();
mgr.setAllowIfAllAbstainDecisions(true);
assertTrue(mgr.isAllowIfAllAbstainDecisions()); // check changed
ConfigAttributeDefinition config = new ConfigAttributeDefinition("IGNORED_BY_ALL");
mgr.decide(auth, new Object(), config);
assertTrue(true);
mgr.decide(auth, new Object(), SecurityConfig.createList("IGNORED_BY_ALL"));
}
public void testTwoAffirmativeVotesTwoAbstainVotesGrantsAccess()
throws Exception {
@Test
public void testTwoAffirmativeVotesTwoAbstainVotesGrantsAccess() throws Exception {
TestingAuthenticationToken auth = makeTestToken();
AffirmativeBased mgr = makeDecisionManager();
ConfigAttributeDefinition config = new ConfigAttributeDefinition(new String[]{"ROLE_1", "ROLE_2"});
mgr.decide(auth, new Object(), config);
assertTrue(true);
mgr.decide(auth, new Object(), SecurityConfig.createList("ROLE_1", "ROLE_2"));
}
}

30
core/src/test/java/org/springframework/security/vote/AuthenticatedVoterTests.java
View File

@ -15,14 +15,15 @@
package org.springframework.security.vote;
import java.util.List;
import junit.framework.TestCase;
import org.springframework.security.Authentication;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.SecurityConfig;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
import org.springframework.security.providers.anonymous.AnonymousAuthenticationToken;
import org.springframework.security.providers.rememberme.RememberMeAuthenticationToken;
@ -35,17 +36,6 @@ import org.springframework.security.providers.rememberme.RememberMeAuthenticatio
* @version $Id$
*/
public class AuthenticatedVoterTests extends TestCase {
//~ Constructors ===================================================================================================
public AuthenticatedVoterTests() {
super();
}
public AuthenticatedVoterTests(String arg0) {
super(arg0);
}
//~ Methods ========================================================================================================
private Authentication createAnonymous() {
return new AnonymousAuthenticationToken("ignored", "ignored",
@ -62,17 +52,9 @@ public class AuthenticatedVoterTests extends TestCase {
new GrantedAuthority[] {new GrantedAuthorityImpl("ignored")});
}
public static void main(String[] args) {
junit.textui.TestRunner.run(AuthenticatedVoterTests.class);
}
public final void setUp() throws Exception {
super.setUp();
}
public void testAnonymousWorks() {
AuthenticatedVoter voter = new AuthenticatedVoter();
ConfigAttributeDefinition def = new ConfigAttributeDefinition(AuthenticatedVoter.IS_AUTHENTICATED_ANONYMOUSLY);
List<ConfigAttribute> def = SecurityConfig.createList(AuthenticatedVoter.IS_AUTHENTICATED_ANONYMOUSLY);
assertEquals(AccessDecisionVoter.ACCESS_GRANTED, voter.vote(createAnonymous(), null, def));
assertEquals(AccessDecisionVoter.ACCESS_GRANTED, voter.vote(createRememberMe(), null, def));
assertEquals(AccessDecisionVoter.ACCESS_GRANTED, voter.vote(createFullyAuthenticated(), null, def));
@ -80,7 +62,7 @@ public class AuthenticatedVoterTests extends TestCase {
public void testFullyWorks() {
AuthenticatedVoter voter = new AuthenticatedVoter();
ConfigAttributeDefinition def = new ConfigAttributeDefinition(AuthenticatedVoter.IS_AUTHENTICATED_FULLY);
List<ConfigAttribute> def = SecurityConfig.createList(AuthenticatedVoter.IS_AUTHENTICATED_FULLY);
assertEquals(AccessDecisionVoter.ACCESS_DENIED, voter.vote(createAnonymous(), null, def));
assertEquals(AccessDecisionVoter.ACCESS_DENIED, voter.vote(createRememberMe(), null, def));
assertEquals(AccessDecisionVoter.ACCESS_GRANTED, voter.vote(createFullyAuthenticated(), null, def));
@ -88,7 +70,7 @@ public class AuthenticatedVoterTests extends TestCase {
public void testRememberMeWorks() {
AuthenticatedVoter voter = new AuthenticatedVoter();
ConfigAttributeDefinition def = new ConfigAttributeDefinition(AuthenticatedVoter.IS_AUTHENTICATED_REMEMBERED);
List<ConfigAttribute> def = SecurityConfig.createList(AuthenticatedVoter.IS_AUTHENTICATED_REMEMBERED);
assertEquals(AccessDecisionVoter.ACCESS_DENIED, voter.vote(createAnonymous(), null, def));
assertEquals(AccessDecisionVoter.ACCESS_GRANTED, voter.vote(createRememberMe(), null, def));
assertEquals(AccessDecisionVoter.ACCESS_GRANTED, voter.vote(createFullyAuthenticated(), null, def));

27
core/src/test/java/org/springframework/security/vote/BasicAclEntryVoterTests.java
View File

@ -15,10 +15,15 @@
package org.springframework.security.vote;
import java.lang.reflect.Method;
import java.util.List;
import junit.framework.TestCase;
import org.aopalliance.intercept.MethodInvocation;
import org.aspectj.lang.JoinPoint;
import org.springframework.security.AuthorizationServiceException;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.MockAclManager;
import org.springframework.security.SecurityConfig;
import org.springframework.security.acl.AclEntry;
@ -27,10 +32,6 @@ import org.springframework.security.acl.basic.MockAclObjectIdentity;
import org.springframework.security.acl.basic.SimpleAclEntry;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
import org.springframework.security.util.SimpleMethodInvocation;
import org.aopalliance.intercept.MethodInvocation;
import org.aspectj.lang.JoinPoint;
import java.lang.reflect.Method;
/**
* Tests {@link BasicAclEntryVoter}.
@ -93,7 +94,7 @@ public class BasicAclEntryVoterTests extends TestCase {
voter.afterPropertiesSet();
// Wire up an invocation to be voted on
ConfigAttributeDefinition attr = new ConfigAttributeDefinition("FOO_ADMIN_OR_WRITE_ACCESS");
List<ConfigAttribute> attr = SecurityConfig.createList("FOO_ADMIN_OR_WRITE_ACCESS");
// Setup a MockMethodInvocation, so voter can retrieve domainObject
MethodInvocation mi = getMethodInvocation(domainObject);
@ -213,7 +214,7 @@ public class BasicAclEntryVoterTests extends TestCase {
voter.afterPropertiesSet();
// Wire up an invocation to be voted on
ConfigAttributeDefinition attr = new ConfigAttributeDefinition("A_DIFFERENT_ATTRIBUTE");
List<ConfigAttribute> attr = SecurityConfig.createList("A_DIFFERENT_ATTRIBUTE");
// Setup a MockMethodInvocation, so voter can retrieve domainObject
MethodInvocation mi = getMethodInvocation(domainObject);
@ -245,7 +246,7 @@ public class BasicAclEntryVoterTests extends TestCase {
voter.afterPropertiesSet();
// Wire up an invocation to be voted on
ConfigAttributeDefinition attr = new ConfigAttributeDefinition("FOO_ADMIN_OR_WRITE_ACCESS");
List<ConfigAttribute> attr = SecurityConfig.createList("FOO_ADMIN_OR_WRITE_ACCESS");
// Setup a MockMethodInvocation, so voter can retrieve domainObject
MethodInvocation mi = getMethodInvocation(domainObject);
@ -276,7 +277,7 @@ public class BasicAclEntryVoterTests extends TestCase {
voter.afterPropertiesSet();
// Wire up an invocation to be voted on
ConfigAttributeDefinition attr = new ConfigAttributeDefinition("FOO_ADMIN_OR_WRITE_ACCESS");
List<ConfigAttribute> attr = SecurityConfig.createList("FOO_ADMIN_OR_WRITE_ACCESS");
// Setup a MockMethodInvocation, so voter can retrieve domainObject
MethodInvocation mi = getMethodInvocation(domainObject);
@ -307,7 +308,7 @@ public class BasicAclEntryVoterTests extends TestCase {
voter.afterPropertiesSet();
// Wire up an invocation to be voted on
ConfigAttributeDefinition attr = new ConfigAttributeDefinition("FOO_ADMIN_OR_WRITE_ACCESS");
List<ConfigAttribute> attr = SecurityConfig.createList("FOO_ADMIN_OR_WRITE_ACCESS");
// Setup a MockMethodInvocation, so voter can retrieve domainObject
MethodInvocation mi = getMethodInvocation(domainObject);
@ -342,7 +343,7 @@ public class BasicAclEntryVoterTests extends TestCase {
voter.afterPropertiesSet();
// Wire up an invocation to be voted on
ConfigAttributeDefinition attr = new ConfigAttributeDefinition("FOO_ADMIN_OR_WRITE_ACCESS");
List<ConfigAttribute> attr = SecurityConfig.createList("FOO_ADMIN_OR_WRITE_ACCESS");
// Setup a MockMethodInvocation, so voter can retrieve domainObject
// (well actually it will access domainObject.getParent())
@ -376,7 +377,7 @@ public class BasicAclEntryVoterTests extends TestCase {
voter.afterPropertiesSet();
// Wire up an invocation to be voted on
ConfigAttributeDefinition attr = new ConfigAttributeDefinition("FOO_ADMIN_OR_WRITE_ACCESS");
List<ConfigAttribute> attr = SecurityConfig.createList("FOO_ADMIN_OR_WRITE_ACCESS");
// Setup a MockMethodInvocation, so voter can retrieve domainObject
// (well actually it will access domainObject.getParent())
@ -413,7 +414,7 @@ public class BasicAclEntryVoterTests extends TestCase {
voter.afterPropertiesSet();
// Wire up an invocation to be voted on
ConfigAttributeDefinition attr = new ConfigAttributeDefinition("FOO_ADMIN_OR_WRITE_ACCESS");
List<ConfigAttribute> attr = SecurityConfig.createList("FOO_ADMIN_OR_WRITE_ACCESS");
// Setup a MockMethodInvocation that doesn't provide SomeDomainObject arg
Class clazz = String.class;

63
core/src/test/java/org/springframework/security/vote/ConsensusBasedTests.java
View File

@ -15,15 +15,17 @@
package org.springframework.security.vote;
import static org.junit.Assert.*;
import java.util.List;
import java.util.Vector;
import junit.framework.TestCase;
import org.junit.Test;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.SecurityConfig;
import org.springframework.security.providers.TestingAuthenticationToken;
@ -33,98 +35,77 @@ import org.springframework.security.providers.TestingAuthenticationToken;
* @author Ben Alex
* @version $Id$
*/
public class ConsensusBasedTests extends TestCase {
//~ Methods ================================================================
public class ConsensusBasedTests {
@Test(expected=AccessDeniedException.class)
public void testOneAffirmativeVoteOneDenyVoteOneAbstainVoteDeniesAccessWithoutDefault() throws Exception {
TestingAuthenticationToken auth = makeTestToken();
ConsensusBased mgr = makeDecisionManager();
mgr.setAllowIfEqualGrantedDeniedDecisions(false);
assertTrue(!mgr.isAllowIfEqualGrantedDeniedDecisions()); // check changed
ConfigAttributeDefinition config = new ConfigAttributeDefinition(new String[]{"ROLE_1", "DENY_FOR_SURE"});
List<ConfigAttribute> config = SecurityConfig.createList(new String[]{"ROLE_1", "DENY_FOR_SURE"});
try {
mgr.decide(auth, new Object(), config);
fail("Should have thrown AccessDeniedException");
} catch (AccessDeniedException expected) {
assertTrue(true);
}
mgr.decide(auth, new Object(), config);
}
@Test
public void testOneAffirmativeVoteOneDenyVoteOneAbstainVoteGrantsAccessWithDefault() throws Exception {
TestingAuthenticationToken auth = makeTestToken();
ConsensusBased mgr = makeDecisionManager();
assertTrue(mgr.isAllowIfEqualGrantedDeniedDecisions()); // check default
ConfigAttributeDefinition config = new ConfigAttributeDefinition(new String[]{"ROLE_1", "DENY_FOR_SURE"});
List<ConfigAttribute> config = SecurityConfig.createList(new String[]{"ROLE_1", "DENY_FOR_SURE"});
mgr.decide(auth, new Object(), config);
assertTrue(true);
}
@Test
public void testOneAffirmativeVoteTwoAbstainVotesGrantsAccess() throws Exception {
TestingAuthenticationToken auth = makeTestToken();
ConsensusBased mgr = makeDecisionManager();
ConfigAttributeDefinition config = new ConfigAttributeDefinition("ROLE_2");
mgr.decide(auth, new Object(), config);
mgr.decide(auth, new Object(), SecurityConfig.createList("ROLE_2"));
assertTrue(true);
}
@Test(expected=AccessDeniedException.class)
public void testOneDenyVoteTwoAbstainVotesDeniesAccess() throws Exception {
TestingAuthenticationToken auth = makeTestToken();
ConsensusBased mgr = makeDecisionManager();
ConfigAttributeDefinition config = new ConfigAttributeDefinition("ROLE_WE_DO_NOT_HAVE");
try {
mgr.decide(auth, new Object(), config);
fail("Should have thrown AccessDeniedException");
} catch (AccessDeniedException expected) {
assertTrue(true);
}
mgr.decide(auth, new Object(), SecurityConfig.createList("ROLE_WE_DO_NOT_HAVE"));
fail("Should have thrown AccessDeniedException");
}
@Test(expected=AccessDeniedException.class)
public void testThreeAbstainVotesDeniesAccessWithDefault() throws Exception {
TestingAuthenticationToken auth = makeTestToken();
ConsensusBased mgr = makeDecisionManager();
assertTrue(!mgr.isAllowIfAllAbstainDecisions()); // check default
ConfigAttributeDefinition config = new ConfigAttributeDefinition("IGNORED_BY_ALL");
try {
mgr.decide(auth, new Object(), config);
fail("Should have thrown AccessDeniedException");
} catch (AccessDeniedException expected) {
assertTrue(true);
}
mgr.decide(auth, new Object(), SecurityConfig.createList("IGNORED_BY_ALL"));
}
@Test
public void testThreeAbstainVotesGrantsAccessWithoutDefault() throws Exception {
TestingAuthenticationToken auth = makeTestToken();
ConsensusBased mgr = makeDecisionManager();
mgr.setAllowIfAllAbstainDecisions(true);
assertTrue(mgr.isAllowIfAllAbstainDecisions()); // check changed
ConfigAttributeDefinition config = new ConfigAttributeDefinition("IGNORED_BY_ALL");
mgr.decide(auth, new Object(), config);
assertTrue(true);
mgr.decide(auth, new Object(), SecurityConfig.createList("IGNORED_BY_ALL"));
}
@Test
public void testTwoAffirmativeVotesTwoAbstainVotesGrantsAccess() throws Exception {
TestingAuthenticationToken auth = makeTestToken();
ConsensusBased mgr = makeDecisionManager();
ConfigAttributeDefinition config = new ConfigAttributeDefinition(new String[]{"ROLE_1", "ROLE_2"});
mgr.decide(auth, new Object(), config);
assertTrue(true);
mgr.decide(auth, new Object(), SecurityConfig.createList(new String[]{"ROLE_1", "ROLE_2"}));
}
private ConsensusBased makeDecisionManager() {

48
core/src/test/java/org/springframework/security/vote/DenyAgainVoter.java
View File

@ -17,9 +17,9 @@ package org.springframework.security.vote;
import org.springframework.security.Authentication;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
import java.util.Iterator;
import java.util.List;
/**
* Implementation of an {@link AccessDecisionVoter} for unit testing.
@ -35,34 +35,34 @@ import java.util.Iterator;
* @version $Id$
*/
public class DenyAgainVoter implements AccessDecisionVoter {
// ~ Methods
// ========================================================================================================
// ~ Methods
// ========================================================================================================
public boolean supports(ConfigAttribute attribute) {
if ("DENY_AGAIN_FOR_SURE".equals(attribute.getAttribute())) {
return true;
}
else {
return false;
}
}
public boolean supports(ConfigAttribute attribute) {
if ("DENY_AGAIN_FOR_SURE".equals(attribute.getAttribute())) {
return true;
}
else {
return false;
}
}
public boolean supports(Class clazz) {
return true;
}
public boolean supports(Class clazz) {
return true;
}
public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config) {
Iterator iter = config.getConfigAttributes().iterator();
public int vote(Authentication authentication, Object object, List<ConfigAttribute> attributes) {
Iterator iter = attributes.iterator();
while (iter.hasNext()) {
ConfigAttribute attribute = (ConfigAttribute) iter.next();
while (iter.hasNext()) {
ConfigAttribute attribute = (ConfigAttribute) iter.next();
if (this.supports(attribute)) {
return ACCESS_DENIED;
}
}
if (this.supports(attribute)) {
return ACCESS_DENIED;
}
}
return ACCESS_ABSTAIN;
}
return ACCESS_ABSTAIN;
}
}

6
core/src/test/java/org/springframework/security/vote/DenyVoter.java
View File

@ -17,9 +17,9 @@ package org.springframework.security.vote;
import org.springframework.security.Authentication;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
import java.util.Iterator;
import java.util.List;
/**
@ -45,8 +45,8 @@ public class DenyVoter implements AccessDecisionVoter {
return true;
}
public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config) {
Iterator iter = config.getConfigAttributes().iterator();
public int vote(Authentication authentication, Object object, List<ConfigAttribute> attributes) {
Iterator iter = attributes.iterator();
while (iter.hasNext()) {
ConfigAttribute attribute = (ConfigAttribute) iter.next();

15
core/src/test/java/org/springframework/security/vote/RoleHierarchyVoterTests.java
View File

@ -1,24 +1,23 @@
package org.springframework.security.vote;
import static org.junit.Assert.*;
import static org.junit.Assert.assertEquals;
import org.junit.Test;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.SecurityConfig;
import org.springframework.security.providers.TestingAuthenticationToken;
import org.springframework.security.userdetails.hierarchicalroles.RoleHierarchyImpl;
public class RoleHierarchyVoterTests {
@Test
public void hierarchicalRoleIsIncludedInDecision() {
@Test
public void hierarchicalRoleIsIncludedInDecision() {
RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl();
roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B");
// User has role A, role B is required
TestingAuthenticationToken auth = new TestingAuthenticationToken("user", "password", "ROLE_A");
RoleHierarchyVoter voter = new RoleHierarchyVoter(roleHierarchyImpl);
ConfigAttributeDefinition config = new ConfigAttributeDefinition("ROLE_B");
assertEquals(RoleHierarchyVoter.ACCESS_GRANTED, voter.vote(auth, new Object(), config));
}
assertEquals(RoleHierarchyVoter.ACCESS_GRANTED, voter.vote(auth, new Object(), SecurityConfig.createList("ROLE_B")));
}
}

24
core/src/test/java/org/springframework/security/vote/UnanimousBasedTests.java
View File

@ -15,18 +15,18 @@
package org.springframework.security.vote;
import java.util.List;
import java.util.Vector;
import junit.framework.TestCase;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.SecurityConfig;
import org.springframework.security.providers.TestingAuthenticationToken;
import java.util.List;
import java.util.Vector;
/**
* Tests {@link UnanimousBased}.
@ -86,7 +86,7 @@ public class UnanimousBasedTests extends TestCase {
TestingAuthenticationToken auth = makeTestToken();
UnanimousBased mgr = makeDecisionManager();
ConfigAttributeDefinition config = new ConfigAttributeDefinition(new String[]{"ROLE_1", "DENY_FOR_SURE"});
List<ConfigAttribute> config = SecurityConfig.createList(new String[]{"ROLE_1", "DENY_FOR_SURE"});
try {
mgr.decide(auth, new Object(), config);
@ -100,7 +100,7 @@ public class UnanimousBasedTests extends TestCase {
TestingAuthenticationToken auth = makeTestToken();
UnanimousBased mgr = makeDecisionManager();
ConfigAttributeDefinition config = new ConfigAttributeDefinition("ROLE_2");
List<ConfigAttribute> config = SecurityConfig.createList("ROLE_2");
mgr.decide(auth, new Object(), config);
assertTrue(true);
@ -110,7 +110,7 @@ public class UnanimousBasedTests extends TestCase {
TestingAuthenticationToken auth = makeTestToken();
UnanimousBased mgr = makeDecisionManager();
ConfigAttributeDefinition config = new ConfigAttributeDefinition("ROLE_WE_DO_NOT_HAVE");
List<ConfigAttribute> config = SecurityConfig.createList("ROLE_WE_DO_NOT_HAVE");
try {
mgr.decide(auth, new Object(), config);
@ -124,7 +124,7 @@ public class UnanimousBasedTests extends TestCase {
TestingAuthenticationToken auth = makeTestTokenWithFooBarPrefix();
UnanimousBased mgr = makeDecisionManagerWithFooBarPrefix();
ConfigAttributeDefinition config = new ConfigAttributeDefinition(new String[]{"FOOBAR_1", "FOOBAR_2"});
List<ConfigAttribute> config = SecurityConfig.createList(new String[]{"FOOBAR_1", "FOOBAR_2"});
mgr.decide(auth, new Object(), config);
assertTrue(true);
@ -136,7 +136,7 @@ public class UnanimousBasedTests extends TestCase {
assertTrue(!mgr.isAllowIfAllAbstainDecisions()); // check default
ConfigAttributeDefinition config = new ConfigAttributeDefinition("IGNORED_BY_ALL");
List<ConfigAttribute> config = SecurityConfig.createList("IGNORED_BY_ALL");
try {
mgr.decide(auth, new Object(), config);
@ -152,7 +152,7 @@ public class UnanimousBasedTests extends TestCase {
mgr.setAllowIfAllAbstainDecisions(true);
assertTrue(mgr.isAllowIfAllAbstainDecisions()); // check changed
ConfigAttributeDefinition config = new ConfigAttributeDefinition("IGNORED_BY_ALL");
List<ConfigAttribute> config = SecurityConfig.createList("IGNORED_BY_ALL");
mgr.decide(auth, new Object(), config);
assertTrue(true);
@ -162,7 +162,7 @@ public class UnanimousBasedTests extends TestCase {
TestingAuthenticationToken auth = makeTestToken();
UnanimousBased mgr = makeDecisionManager();
ConfigAttributeDefinition config = new ConfigAttributeDefinition(new String[]{"ROLE_1", "ROLE_2"});
List<ConfigAttribute> config = SecurityConfig.createList(new String[]{"ROLE_1", "ROLE_2"});
mgr.decide(auth, new Object(), config);
assertTrue(true);

68
samples/tutorial/src/main/java/bigbank/Account.java
View File

@ -5,47 +5,53 @@ package bigbank;
* encapsulate business logic (methods) and state in the domain object.
* Nevertheless, this demo is intended to reflect what people usually do,
* as opposed to what they ideally would be doing.
*
*
* @author Ben Alex
* @version $Id$
*/
public class Account {
private long id = -1;
private String holder;
private double balance;
public Account(String holder) {
super();
this.holder = holder;
}
private long id = -1;
private String holder;
private double balance;
private double overdraft = 500.00;
public long getId() {
return id;
}
public Account(String holder) {
this.holder = holder;
}
public void setId(long id) {
this.id = id;
}
public long getId() {
return id;
}
public String getHolder() {
return holder;
}
public void setId(long id) {
this.id = id;
}
public void setHolder(String holder) {
this.holder = holder;
}
public String getHolder() {
return holder;
}
public double getBalance() {
return balance;
}
public void setHolder(String holder) {
this.holder = holder;
}
public void setBalance(double balance) {
this.balance = balance;
}
public double getBalance() {
return balance;
}
public String toString() {
return "Account[id=" + id + ",balance=" + balance +",holder=" + holder + "]";
}
public void setBalance(double balance) {
this.balance = balance;
}
public double getOverdraft() {
return overdraft;
}
public void setOverdraft(double overdraft) {
this.overdraft = overdraft;
}
public String toString() {
return "Account[id=" + id + ",balance=" + balance +",holder=" + holder + ", overdraft=" + overdraft + "]";
}
}

21
samples/tutorial/src/main/java/bigbank/BankService.java
View File

@ -1,15 +1,16 @@
package bigbank;
import org.springframework.security.annotation.Secured;
import org.springframework.security.expression.annotation.PreAuthorize;
public interface BankService {
@Secured("IS_AUTHENTICATED_ANONYMOUSLY")
public Account readAccount(Long id);
@Secured("IS_AUTHENTICATED_ANONYMOUSLY")
public Account[] findAccounts();
@Secured("ROLE_TELLER")
public Account post(Account account, double amount);
public Account readAccount(Long id);
public Account[] findAccounts();
@PreAuthorize(
"hasRole('ROLE_SUPERVISOR') or " +
"hasRole('ROLE_TELLER') and (#account.balance + #amount >= -#account.overdraft)" )
public Account post(Account account, double amount);
}

55
samples/tutorial/src/main/java/bigbank/BankServiceImpl.java
View File

@ -4,37 +4,36 @@ import org.aspectj.lang.annotation.Pointcut;
import org.springframework.util.Assert;
public class BankServiceImpl implements BankService {
private BankDao bankDao;
private BankDao bankDao;
// Not used unless you declare a <protect-pointcut>
@Pointcut("execution(* bigbank.BankServiceImpl.*(..))")
public void myPointcut() {}
// Not used unless you declare a <protect-pointcut>
@Pointcut("execution(* bigbank.BankServiceImpl.*(..))")
public void myPointcut() {}
public BankServiceImpl(BankDao bankDao) {
Assert.notNull(bankDao);
this.bankDao = bankDao;
}
public BankServiceImpl(BankDao bankDao) {
Assert.notNull(bankDao);
this.bankDao = bankDao;
}
public Account[] findAccounts() {
return this.bankDao.findAccounts();
}
public Account[] findAccounts() {
return this.bankDao.findAccounts();
}
public Account post(Account account, double amount) {
Assert.notNull(account);
Assert.notNull(account.getId());
// We read account bank from DAO so it reflects the latest balance
Account a = bankDao.readAccount(account.getId());
if (account == null) {
throw new IllegalArgumentException("Couldn't find requested account");
}
a.setBalance(a.getBalance() + amount);
bankDao.createOrUpdateAccount(a);
return a;
}
public Account post(Account account, double amount) {
Assert.notNull(account);
public Account readAccount(Long id) {
return bankDao.readAccount(id);
}
// We read account bank from DAO so it reflects the latest balance
Account a = bankDao.readAccount(account.getId());
if (account == null) {
throw new IllegalArgumentException("Couldn't find requested account");
}
a.setBalance(a.getBalance() + amount);
bankDao.createOrUpdateAccount(a);
return a;
}
public Account readAccount(Long id) {
return bankDao.readAccount(id);
}
}

18
samples/tutorial/src/main/resources/applicationContext-business.xml
View File

@ -3,22 +3,22 @@
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
<bean id="bankDao" class="bigbank.BankDaoStub"/>
<bean id="bankDao" class="bigbank.BankDaoStub"/>
<bean id="seedData" class="bigbank.SeedData">
<property name="bankDao" ref="bankDao"/>
</bean>
<bean id="seedData" class="bigbank.SeedData">
<property name="bankDao" ref="bankDao"/>
</bean>
<bean id="bankService" class="bigbank.BankServiceImpl">
<constructor-arg ref="bankDao"/>
<bean id="bankService" class="bigbank.BankServiceImpl">
<constructor-arg ref="bankDao"/>
<!-- This will add a security interceptor to the bean
<security:intercept-methods>
<security:protect method="bigbank.BankService.*" access="IS_AUTHENTICATED_REMEMBERED" />
<security:protect method="bigbank.BankService.post" access="ROLE_TELLER" />
</security:intercept-methods> -->
</bean>
</bean>
</beans>
</beans>

28
samples/tutorial/src/main/webapp/WEB-INF/applicationContext-security.xml
View File

@ -9,26 +9,26 @@
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.1.xsd">
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.5.xsd">
<global-method-security secured-annotations="enabled">
<!-- AspectJ pointcut expression that locates our "post" method and applies security that way
<protect-pointcut expression="execution(* bigbank.*Service.post*(..))" access="ROLE_TELLER"/>
-->
</global-method-security>
<global-method-security spel-annotations="enabled">
<!-- AspectJ pointcut expression that locates our "post" method and applies security that way
<protect-pointcut expression="execution(* bigbank.*Service.post*(..))" access="ROLE_TELLER"/>
-->
</global-method-security>
<http auto-config="true">
<intercept-url pattern="/secure/extreme/**" access="ROLE_SUPERVISOR"/>
<intercept-url pattern="/secure/**" access="IS_AUTHENTICATED_REMEMBERED" />
<!-- Disable web URI authorization, as we're using <global-method-security> and have @Secured the services layer instead
<!-- Disable web URI authorization, as we're using <global-method-security> and have @Secured the services layer instead
<intercept-url pattern="/listAccounts.html" access="IS_AUTHENTICATED_REMEMBERED" />
<intercept-url pattern="/post.html" access="ROLE_TELLER" />
-->
<intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<!--
Uncomment to enable X509 client authentication support
<x509 />
<x509 />
-->
<!-- All of this is unnecessary if auto-config="true"
@ -40,7 +40,7 @@
<!-- Uncomment to limit the number of sessions a user can have
<concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="true"/>
-->
-->
</http>
<!--
@ -54,10 +54,10 @@
<password-encoder hash="md5"/>
<user-service>
<user name="rod" password="a564de63c2d0da68cf47586ee05984d7" authorities="ROLE_SUPERVISOR, ROLE_USER, ROLE_TELLER" />
<user name="dianne" password="65d15fe9156f9c4bbffd98085992a44e" authorities="ROLE_USER,ROLE_TELLER" />
<user name="dianne" password="65d15fe9156f9c4bbffd98085992a44e" authorities="ROLE_USER,ROLE_TELLER" />
<user name="scott" password="2b58af6dddbd072ed27ffc86725d7d3a" authorities="ROLE_USER" />
<user name="peter" password="22b5c9accc6e1ba628cedc63a72d57f8" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</user-service>
</authentication-provider>
</beans:beans>
</beans:beans>

2
samples/tutorial/src/main/webapp/WEB-INF/jsp/listAccounts.jsp
View File

@ -24,4 +24,4 @@
</td>
</tr>
</c:forEach>
</table>
</table>

30
src/docbkx/authorization-common.xml
View File

@ -61,7 +61,7 @@
or web requests. A pre-invocation decision on whether the invocation is allowed to proceed is made by
the <interfacename>AccessDecisionManager</interfacename>.
</para>
<section>
<title>The AccessDecisionManager</title>
<para>The <interfacename>AccessDecisionManager</interfacename> is called by the
@ -70,7 +70,7 @@
<interfacename>AccessDecisionManager</interfacename> interface contains three
methods:
<programlisting>
void decide(Authentication authentication, Object secureObject, ConfigAttributeDefinition config) throws AccessDeniedException;
void decide(Authentication authentication, Object secureObject, List&lt;ConfigAttribute&gt; config) throws AccessDeniedException;
boolean supports(ConfigAttribute attribute);
boolean supports(Class clazz);
</programlisting>
@ -124,7 +124,7 @@
<para>The <interfacename>AccessDecisionVoter</interfacename> interface has three
methods:
<programlisting>
int vote(Authentication authentication, Object object, ConfigAttributeDefinition config);
int vote(Authentication authentication, Object object, List&lt;ConfigAttribute&gt; config);
boolean supports(ConfigAttribute attribute);
boolean supports(Class clazz);
</programlisting>
@ -168,9 +168,9 @@ boolean supports(Class clazz);
<para>
The most commonly used <interfacename>AccessDecisionVoter</interfacename>
provided with Spring Security is the simple <classname>RoleVoter</classname>, which treats
configuration attributes as simple role names and votes to grant access if the user has been assigned
configuration attributes as simple role names and votes to grant access if the user has been assigned
that role.</para>
<para>It will vote if any ConfigAttribute begins with the prefix <literal>ROLE_</literal>.
<para>It will vote if any ConfigAttribute begins with the prefix <literal>ROLE_</literal>.
It will vote to grant access if there is a <interfacename>GrantedAuthority</interfacename> which returns a
<literal>String</literal> representation (via the
<literal>getAuthority()</literal> method) exactly equal to one or more
@ -183,8 +183,8 @@ boolean supports(Class clazz);
<literal>RoleVoter</literal> is case sensitive on comparisons as well
as the <literal>ROLE_</literal> prefix.</para>
</section>
<!--
<!--
<para><literal>BasicAclEntryVoter</literal> is the other concrete
voter included with Spring Security. It integrates with Spring
@ -206,7 +206,7 @@ boolean supports(Class clazz);
</property>
</bean>
<bean id="aclContactDeleteVoter"
<bean id="aclContactDeleteVoter"
class="org.springframework.security.vote.BasicAclEntryVoter">
<property name="processConfigAttribute" value="ACL_CONTACT_DELETE"/>
<property name="processDomainObjectClass" value="sample.contact.Contact"/>
@ -248,7 +248,7 @@ boolean supports(Class clazz);
deprecated, and have all references to the replacement package limited
to the chapter describing the new ACL implementation.</para>
-->
<section>
<title>Custom Voters</title>
<para>It is also possible to implement a custom
@ -288,7 +288,7 @@ boolean supports(Class clazz);
<para><xref linkend="authz-after-invocation"/> illustrates Spring Security's
<literal>AfterInvocationManager</literal> and its concrete
implementations.
<figure xml:id="authz-after-invocation">
<title>After Invocation Implementation</title>
<mediaobject>
@ -299,7 +299,7 @@ boolean supports(Class clazz);
<imagedata align="center" fileref="images/AfterInvocation.gif" format="GIF"/>
</imageobject>
</mediaobject>
</figure>
</para>
@ -455,7 +455,7 @@ boolean supports(Class clazz);
<ref local="org.springframework.security.acl.basic.SimpleAclEntry.READ"/>
</list>
</property>
</bean>
</bean>
]]> </programlisting></para>
<para>In the above example, the <literal>Contact</literal> will be
@ -486,7 +486,7 @@ boolean supports(Class clazz);
<ref local="org.springframework.security.acl.basic.SimpleAclEntry.READ"/>
</list>
</property>
</bean>
</bean>
]]></programlisting>
As you can imagine, the returned <literal>Object</literal>
must be a <literal>Collection</literal> or array for this provider
@ -501,7 +501,7 @@ boolean supports(Class clazz);
</section>
<section xml:id="authorization-taglibs"><info><title>Authorization Tag Libraries</title></info>
<para><literal>AuthorizeTag</literal> is used to include content if
the current principal holds certain
@ -592,4 +592,4 @@ boolean supports(Class clazz);
works exactly the samae as
<literal>AccessControlListTag</literal>.</para>
</section>
</chapter>
</chapter>

Some files were not shown because too many files have changed in this diff Show More