@@ -75,7 +73,7 @@ public class AclEntryAfterInvocationCollectionFilteringProvider extends Abstract
//~ Methods ========================================================================================================
- public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
+ public Object decide(Authentication authentication, Object object, List config,
Object returnedObject) throws AccessDeniedException {
if (returnedObject == null) {
@@ -86,7 +84,7 @@ public class AclEntryAfterInvocationCollectionFilteringProvider extends Abstract
return null;
}
- Iterator iter = config.getConfigAttributes().iterator();
+ Iterator iter = config.iterator();
while (iter.hasNext()) {
ConfigAttribute attr = (ConfigAttribute) iter.next();
diff --git a/acl/src/main/java/org/springframework/security/afterinvocation/AclEntryAfterInvocationProvider.java b/acl/src/main/java/org/springframework/security/afterinvocation/AclEntryAfterInvocationProvider.java
index 915cde4091..b28ad7e5d9 100644
--- a/acl/src/main/java/org/springframework/security/afterinvocation/AclEntryAfterInvocationProvider.java
+++ b/acl/src/main/java/org/springframework/security/afterinvocation/AclEntryAfterInvocationProvider.java
@@ -14,23 +14,20 @@
*/
package org.springframework.security.afterinvocation;
-import org.springframework.security.AccessDeniedException;
-import org.springframework.security.SpringSecurityMessageSource;
-import org.springframework.security.Authentication;
-import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
-
-import org.springframework.security.acls.AclService;
-import org.springframework.security.acls.Permission;
+import java.util.Iterator;
+import java.util.List;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-
import org.springframework.context.MessageSource;
import org.springframework.context.MessageSourceAware;
import org.springframework.context.support.MessageSourceAccessor;
-
-import java.util.Iterator;
+import org.springframework.security.AccessDeniedException;
+import org.springframework.security.Authentication;
+import org.springframework.security.ConfigAttribute;
+import org.springframework.security.SpringSecurityMessageSource;
+import org.springframework.security.acls.AclService;
+import org.springframework.security.acls.Permission;
/**
@@ -74,10 +71,10 @@ public class AclEntryAfterInvocationProvider extends AbstractAclProvider impleme
//~ Methods ========================================================================================================
- public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
+ public Object decide(Authentication authentication, Object object, List config,
Object returnedObject) throws AccessDeniedException {
- Iterator iter = config.getConfigAttributes().iterator();
+ Iterator iter = config.iterator();
if (returnedObject == null) {
// AclManager interface contract prohibits nulls
@@ -95,7 +92,7 @@ public class AclEntryAfterInvocationProvider extends AbstractAclProvider impleme
}
return returnedObject;
- }
+ }
while (iter.hasNext()) {
ConfigAttribute attr = (ConfigAttribute) iter.next();
diff --git a/acl/src/main/java/org/springframework/security/vote/AclEntryVoter.java b/acl/src/main/java/org/springframework/security/vote/AclEntryVoter.java
index 51148b7da5..751b1e3e41 100644
--- a/acl/src/main/java/org/springframework/security/vote/AclEntryVoter.java
+++ b/acl/src/main/java/org/springframework/security/vote/AclEntryVoter.java
@@ -17,11 +17,11 @@ package org.springframework.security.vote;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.util.Iterator;
+import java.util.List;
import org.springframework.security.Authentication;
import org.springframework.security.AuthorizationServiceException;
import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.acls.Acl;
import org.springframework.security.acls.AclService;
import org.springframework.security.acls.NotFoundException;
@@ -150,11 +150,9 @@ public class AclEntryVoter extends AbstractAclVoter {
}
}
- public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config) {
- Iterator iter = config.getConfigAttributes().iterator();
+ public int vote(Authentication authentication, Object object, List attributes) {
- while (iter.hasNext()) {
- ConfigAttribute attr = (ConfigAttribute) iter.next();
+ for(ConfigAttribute attr : attributes) {
if (!this.supports(attr)) {
continue;
diff --git a/core/src/main/java/org/springframework/security/AccessDecisionManager.java b/core/src/main/java/org/springframework/security/AccessDecisionManager.java
index 666a5bbe37..9d4e63a258 100644
--- a/core/src/main/java/org/springframework/security/AccessDecisionManager.java
+++ b/core/src/main/java/org/springframework/security/AccessDecisionManager.java
@@ -15,6 +15,8 @@
package org.springframework.security;
+import java.util.List;
+
/**
* Makes a final access control (authorization) decision.
*
@@ -29,14 +31,14 @@ public interface AccessDecisionManager {
*
* @param authentication the caller invoking the method
* @param object the secured object being called
- * @param config the configuration attributes associated with the secured object being invoked
+ * @param configAttributes the configuration attributes associated with the secured object being invoked
*
* @throws AccessDeniedException if access is denied as the authentication does not hold a required authority or
* ACL privilege
* @throws InsufficientAuthenticationException if access is denied as the authentication does not provide a
* sufficient level of trust
*/
- void decide(Authentication authentication, Object object, ConfigAttributeDefinition config)
+ void decide(Authentication authentication, Object object, List configAttributes)
throws AccessDeniedException, InsufficientAuthenticationException;
/**
diff --git a/core/src/main/java/org/springframework/security/AfterInvocationManager.java b/core/src/main/java/org/springframework/security/AfterInvocationManager.java
index 2d8c2bd847..a18b37691f 100644
--- a/core/src/main/java/org/springframework/security/AfterInvocationManager.java
+++ b/core/src/main/java/org/springframework/security/AfterInvocationManager.java
@@ -15,6 +15,8 @@
package org.springframework.security;
+import java.util.List;
+
/**
* Reviews the Object returned from a secure object invocation,
* being able to modify the Object or throw an {@link
@@ -60,7 +62,7 @@ public interface AfterInvocationManager {
*
* @throws AccessDeniedException if access is denied
*/
- Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
+ Object decide(Authentication authentication, Object object, List config,
Object returnedObject) throws AccessDeniedException;
/**
diff --git a/core/src/main/java/org/springframework/security/ConfigAttribute.java b/core/src/main/java/org/springframework/security/ConfigAttribute.java
index d6e1e4820b..e32496ed66 100644
--- a/core/src/main/java/org/springframework/security/ConfigAttribute.java
+++ b/core/src/main/java/org/springframework/security/ConfigAttribute.java
@@ -27,12 +27,9 @@ import java.io.Serializable;
* patterns. These configuration attributes have special meaning to a {@link
* RunAsManager}, {@link AccessDecisionManager} or
* AccessDecisionManager delegate.
- *
*
- *
- * Stored at runtime with other ConfigAttributes for the same
- * secure object target within a {@link ConfigAttributeDefinition}.
- *
+ *
+ * Stored at runtime with other ConfigAttributes for the same secure object target.
*
* @author Ben Alex
* @version $Id$
diff --git a/core/src/main/java/org/springframework/security/ConfigAttributeEditor.java b/core/src/main/java/org/springframework/security/ConfigAttributeEditor.java
index 20272f7c52..c2d76343bf 100644
--- a/core/src/main/java/org/springframework/security/ConfigAttributeEditor.java
+++ b/core/src/main/java/org/springframework/security/ConfigAttributeEditor.java
@@ -20,7 +20,7 @@ import org.springframework.util.StringUtils;
import java.beans.PropertyEditorSupport;
/**
- * A property editor that can create a populated {@link ConfigAttributeDefinition} from a comma separated list of
+ * A property editor that can create a populated {@link List} from a comma separated list of
* values.
*
* Trims preceding and trailing spaces from presented command separated tokens, as this can be a source
diff --git a/core/src/main/java/org/springframework/security/RunAsManager.java b/core/src/main/java/org/springframework/security/RunAsManager.java
index 4e82a64384..84d85569e1 100644
--- a/core/src/main/java/org/springframework/security/RunAsManager.java
+++ b/core/src/main/java/org/springframework/security/RunAsManager.java
@@ -15,6 +15,8 @@
package org.springframework.security;
+import java.util.List;
+
/**
* Creates a new temporary {@link Authentication} object for the current secure
* object invocation only.
@@ -71,7 +73,7 @@ public interface RunAsManager {
* @return a replacement object to be used for duration of the secure object invocation, or null if
* the Authentication should be left as is
*/
- Authentication buildRunAs(Authentication authentication, Object object, ConfigAttributeDefinition config);
+ Authentication buildRunAs(Authentication authentication, Object object, List config);
/**
* Indicates whether this RunAsManager is able to process the passed
diff --git a/core/src/main/java/org/springframework/security/afterinvocation/AfterInvocationProvider.java b/core/src/main/java/org/springframework/security/afterinvocation/AfterInvocationProvider.java
index a568195e3b..fcd7ccf663 100644
--- a/core/src/main/java/org/springframework/security/afterinvocation/AfterInvocationProvider.java
+++ b/core/src/main/java/org/springframework/security/afterinvocation/AfterInvocationProvider.java
@@ -15,10 +15,11 @@
package org.springframework.security.afterinvocation;
+import java.util.List;
+
import org.springframework.security.AccessDeniedException;
import org.springframework.security.Authentication;
import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
/**
@@ -30,7 +31,7 @@ import org.springframework.security.ConfigAttributeDefinition;
public interface AfterInvocationProvider {
//~ Methods ========================================================================================================
- Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
+ Object decide(Authentication authentication, Object object, List config,
Object returnedObject) throws AccessDeniedException;
/**
diff --git a/core/src/main/java/org/springframework/security/afterinvocation/AfterInvocationProviderManager.java b/core/src/main/java/org/springframework/security/afterinvocation/AfterInvocationProviderManager.java
index 7b529b0392..9e059dea30 100644
--- a/core/src/main/java/org/springframework/security/afterinvocation/AfterInvocationProviderManager.java
+++ b/core/src/main/java/org/springframework/security/afterinvocation/AfterInvocationProviderManager.java
@@ -19,8 +19,6 @@ import org.springframework.security.AccessDeniedException;
import org.springframework.security.AfterInvocationManager;
import org.springframework.security.Authentication;
import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
-
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -35,7 +33,7 @@ import java.util.List;
* Provider-based implementation of {@link AfterInvocationManager}.
Handles configuration of a bean context
* defined list of {@link AfterInvocationProvider}s.
*
Every AfterInvocationProvider will be polled when the {@link #decide(Authentication, Object,
- * ConfigAttributeDefinition, Object)} method is called. The Object returned from each provider will be
+ * List, Object)} method is called. The Object returned from each provider will be
* presented to the successive provider for processing. This means each provider must ensure they return the
* Object, even if they are not interested in the "after invocation" decision (perhaps as the secure
* object invocation did not include a configuration attribute a given provider is configured to respond to).
Given a Collection of domain object instances returned from a secure object invocation, remove
@@ -91,9 +87,9 @@ public class BasicAclEntryAfterInvocationCollectionFilteringProvider implements
}
}
- public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
+ public Object decide(Authentication authentication, Object object, List config,
Object returnedObject) throws AccessDeniedException {
- Iterator iter = config.getConfigAttributes().iterator();
+ Iterator iter = config.iterator();
while (iter.hasNext()) {
ConfigAttribute attr = (ConfigAttribute) iter.next();
diff --git a/core/src/main/java/org/springframework/security/afterinvocation/BasicAclEntryAfterInvocationProvider.java b/core/src/main/java/org/springframework/security/afterinvocation/BasicAclEntryAfterInvocationProvider.java
index 0b570e1abc..8aceb21a4c 100644
--- a/core/src/main/java/org/springframework/security/afterinvocation/BasicAclEntryAfterInvocationProvider.java
+++ b/core/src/main/java/org/springframework/security/afterinvocation/BasicAclEntryAfterInvocationProvider.java
@@ -15,31 +15,26 @@
package org.springframework.security.afterinvocation;
-import org.springframework.security.AccessDeniedException;
-import org.springframework.security.SpringSecurityMessageSource;
-import org.springframework.security.Authentication;
-import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
-
-import org.springframework.security.acl.AclEntry;
-import org.springframework.security.acl.AclManager;
-import org.springframework.security.acl.basic.BasicAclEntry;
-import org.springframework.security.acl.basic.SimpleAclEntry;
+import java.util.Iterator;
+import java.util.List;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-
import org.springframework.beans.factory.InitializingBean;
-
import org.springframework.context.MessageSource;
import org.springframework.context.MessageSourceAware;
import org.springframework.context.i18n.LocaleContextHolder;
import org.springframework.context.support.MessageSourceAccessor;
-
+import org.springframework.security.AccessDeniedException;
+import org.springframework.security.Authentication;
+import org.springframework.security.ConfigAttribute;
+import org.springframework.security.SpringSecurityMessageSource;
+import org.springframework.security.acl.AclEntry;
+import org.springframework.security.acl.AclManager;
+import org.springframework.security.acl.basic.BasicAclEntry;
+import org.springframework.security.acl.basic.SimpleAclEntry;
import org.springframework.util.Assert;
-import java.util.Iterator;
-
/**
*
Given a domain object instance returned from a secure object invocation, ensures the principal has
* appropriate permission as defined by the {@link AclManager}.
@@ -61,7 +56,7 @@ import java.util.Iterator;
*
If the provided returnObject is null, permission will always be granted and
* null will be returned.
*
All comparisons and prefixes are case sensitive.
- *
+ *
* @deprecated Use new spring-security-acl module instead
*/
public class BasicAclEntryAfterInvocationProvider implements AfterInvocationProvider, InitializingBean,
@@ -90,9 +85,9 @@ public class BasicAclEntryAfterInvocationProvider implements AfterInvocationProv
}
}
- public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
+ public Object decide(Authentication authentication, Object object, List config,
Object returnedObject) throws AccessDeniedException {
- Iterator iter = config.getConfigAttributes().iterator();
+ Iterator iter = config.iterator();
while (iter.hasNext()) {
ConfigAttribute attr = (ConfigAttribute) iter.next();
diff --git a/core/src/main/java/org/springframework/security/annotation/Jsr250MethodDefinitionSource.java b/core/src/main/java/org/springframework/security/annotation/Jsr250MethodDefinitionSource.java
index 34eefa5bcc..9285214ad2 100644
--- a/core/src/main/java/org/springframework/security/annotation/Jsr250MethodDefinitionSource.java
+++ b/core/src/main/java/org/springframework/security/annotation/Jsr250MethodDefinitionSource.java
@@ -27,7 +27,6 @@ import javax.annotation.security.RolesAllowed;
import org.springframework.core.annotation.AnnotationUtils;
import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.intercept.method.AbstractFallbackMethodDefinitionSource;
@@ -48,7 +47,7 @@ public class Jsr250MethodDefinitionSource extends AbstractFallbackMethodDefiniti
return processAnnotations(AnnotationUtils.getAnnotations(method));
}
- public Collection> getConfigAttributeDefinitions() {
+ public Collection> getAllConfigAttributes() {
return null;
}
diff --git a/core/src/main/java/org/springframework/security/annotation/Jsr250Voter.java b/core/src/main/java/org/springframework/security/annotation/Jsr250Voter.java
index 4b573ca2da..56bf9c95e8 100644
--- a/core/src/main/java/org/springframework/security/annotation/Jsr250Voter.java
+++ b/core/src/main/java/org/springframework/security/annotation/Jsr250Voter.java
@@ -2,11 +2,11 @@ package org.springframework.security.annotation;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.Authentication;
import org.springframework.security.vote.AccessDecisionVoter;
import java.util.Iterator;
+import java.util.List;
/**
* Voter on JSR-250 configuration attributes.
@@ -44,9 +44,9 @@ public class Jsr250Voter implements AccessDecisionVoter {
* @param definition The configuration definition.
* @return The vote.
*/
- public int vote(Authentication authentication, Object object, ConfigAttributeDefinition definition) {
+ public int vote(Authentication authentication, Object object, List definition) {
int result = ACCESS_ABSTAIN;
- Iterator iter = definition.getConfigAttributes().iterator();
+ Iterator iter = definition.iterator();
while (iter.hasNext()) {
ConfigAttribute attribute = (ConfigAttribute) iter.next();
diff --git a/core/src/main/java/org/springframework/security/annotation/SecuredMethodDefinitionSource.java b/core/src/main/java/org/springframework/security/annotation/SecuredMethodDefinitionSource.java
index de8d0e1aff..3ddfe90314 100644
--- a/core/src/main/java/org/springframework/security/annotation/SecuredMethodDefinitionSource.java
+++ b/core/src/main/java/org/springframework/security/annotation/SecuredMethodDefinitionSource.java
@@ -43,7 +43,7 @@ public class SecuredMethodDefinitionSource extends AbstractFallbackMethodDefinit
return processAnnotation(AnnotationUtils.findAnnotation(method, Secured.class));
}
- public Collection> getConfigAttributeDefinitions() {
+ public Collection> getAllConfigAttributes() {
return null;
}
diff --git a/core/src/main/java/org/springframework/security/config/FilterChainProxyPostProcessor.java b/core/src/main/java/org/springframework/security/config/FilterChainProxyPostProcessor.java
index 774489bb25..915d244afb 100644
--- a/core/src/main/java/org/springframework/security/config/FilterChainProxyPostProcessor.java
+++ b/core/src/main/java/org/springframework/security/config/FilterChainProxyPostProcessor.java
@@ -17,7 +17,6 @@ import org.springframework.beans.factory.config.BeanPostProcessor;
import org.springframework.core.OrderComparator;
import org.springframework.core.Ordered;
import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.config.ConfigUtils.FilterChainList;
import org.springframework.security.context.HttpSessionContextIntegrationFilter;
import org.springframework.security.intercept.web.DefaultFilterInvocationDefinitionSource;
@@ -160,8 +159,6 @@ public class FilterChainProxyPostProcessor implements BeanPostProcessor, BeanFac
return;
}
- ConfigAttributeDefinition cad = new ConfigAttributeDefinition(fids.lookupAttributes(loginPage, "POST"));
-
if (!beanFactory.containsBean(BeanIds.ANONYMOUS_PROCESSING_FILTER)) {
logger.warn("The login page is being protected by the filter chain, but you don't appear to have" +
" anonymous authentication enabled. This is almost certainly an error.");
@@ -174,7 +171,7 @@ public class FilterChainProxyPostProcessor implements BeanPostProcessor, BeanFac
new AnonymousAuthenticationToken("key", anonPF.getUserAttribute().getPassword(),
anonPF.getUserAttribute().getAuthorities());
try {
- fsi.getAccessDecisionManager().decide(token, new Object(), cad);
+ fsi.getAccessDecisionManager().decide(token, new Object(), fids.lookupAttributes(loginPage, "POST"));
} catch (Exception e) {
logger.warn("Anonymous access to the login page doesn't appear to be enabled. This is almost certainly " +
"an error. Please check your configuration allows unauthenticated access to the configured " +
diff --git a/core/src/main/java/org/springframework/security/config/HttpSecurityBeanDefinitionParser.java b/core/src/main/java/org/springframework/security/config/HttpSecurityBeanDefinitionParser.java
index 3526379b44..bc1a1a7c11 100644
--- a/core/src/main/java/org/springframework/security/config/HttpSecurityBeanDefinitionParser.java
+++ b/core/src/main/java/org/springframework/security/config/HttpSecurityBeanDefinitionParser.java
@@ -12,13 +12,11 @@ import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.beans.factory.config.RuntimeBeanReference;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.springframework.beans.factory.support.BeanDefinitionRegistry;
-import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.beans.factory.support.ManagedList;
+import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.beans.factory.xml.BeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext;
-import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.ConfigAttributeEditor;
-import org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter;
import org.springframework.security.context.HttpSessionContextIntegrationFilter;
import org.springframework.security.intercept.web.DefaultFilterInvocationDefinitionSource;
import org.springframework.security.intercept.web.FilterSecurityInterceptor;
@@ -26,17 +24,18 @@ import org.springframework.security.intercept.web.RequestKey;
import org.springframework.security.securechannel.ChannelDecisionManagerImpl;
import org.springframework.security.securechannel.ChannelProcessingFilter;
import org.springframework.security.securechannel.InsecureChannelProcessor;
-import org.springframework.security.securechannel.SecureChannelProcessor;
import org.springframework.security.securechannel.RetryWithHttpEntryPoint;
import org.springframework.security.securechannel.RetryWithHttpsEntryPoint;
+import org.springframework.security.securechannel.SecureChannelProcessor;
import org.springframework.security.ui.AccessDeniedHandlerImpl;
import org.springframework.security.ui.ExceptionTranslationFilter;
import org.springframework.security.ui.SessionFixationProtectionFilter;
import org.springframework.security.ui.webapp.DefaultLoginPageGeneratingFilter;
+import org.springframework.security.util.AntUrlPathMatcher;
import org.springframework.security.util.FilterChainProxy;
import org.springframework.security.util.RegexUrlPathMatcher;
-import org.springframework.security.util.AntUrlPathMatcher;
import org.springframework.security.util.UrlMatcher;
+import org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter;
import org.springframework.util.StringUtils;
import org.springframework.util.xml.DomUtils;
import org.w3c.dom.Element;
@@ -603,7 +602,7 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
String access = urlElt.getAttribute(ATT_ACCESS_CONFIG);
- // Convert the comma-separated list of access attributes to a ConfigAttributeDefinition
+ // Convert the comma-separated list of access attributes to a List
if (StringUtils.hasText(access)) {
editor.setAsText(access);
Object key = new RequestKey(path, method);
diff --git a/core/src/main/java/org/springframework/security/event/authorization/AuthenticationCredentialsNotFoundEvent.java b/core/src/main/java/org/springframework/security/event/authorization/AuthenticationCredentialsNotFoundEvent.java
index 9303afb4cf..8fb2070d9a 100644
--- a/core/src/main/java/org/springframework/security/event/authorization/AuthenticationCredentialsNotFoundEvent.java
+++ b/core/src/main/java/org/springframework/security/event/authorization/AuthenticationCredentialsNotFoundEvent.java
@@ -15,8 +15,10 @@
package org.springframework.security.event.authorization;
+import java.util.List;
+
import org.springframework.security.AuthenticationCredentialsNotFoundException;
-import org.springframework.security.ConfigAttributeDefinition;
+import org.springframework.security.ConfigAttribute;
/**
@@ -30,36 +32,34 @@ public class AuthenticationCredentialsNotFoundEvent extends AbstractAuthorizatio
//~ Instance fields ================================================================================================
private AuthenticationCredentialsNotFoundException credentialsNotFoundException;
- private ConfigAttributeDefinition configAttributeDefinition;
+ private List configAttribs;
//~ Constructors ===================================================================================================
-/**
+ /**
* Construct the event.
*
* @param secureObject the secure object
* @param configAttribs that apply to the secure object
- * @param credentialsNotFoundException exception returned to the caller
- * (contains reason)
+ * @param credentialsNotFoundException exception returned to the caller (contains reason)
*
- * @throws IllegalArgumentException DOCUMENT ME!
*/
- public AuthenticationCredentialsNotFoundEvent(Object secureObject, ConfigAttributeDefinition configAttribs,
- AuthenticationCredentialsNotFoundException credentialsNotFoundException) {
+ public AuthenticationCredentialsNotFoundEvent(Object secureObject, List configAttribs,
+ AuthenticationCredentialsNotFoundException credentialsNotFoundException) {
super(secureObject);
if ((configAttribs == null) || (credentialsNotFoundException == null)) {
throw new IllegalArgumentException("All parameters are required and cannot be null");
}
- this.configAttributeDefinition = configAttribs;
+ this.configAttribs = configAttribs;
this.credentialsNotFoundException = credentialsNotFoundException;
}
//~ Methods ========================================================================================================
- public ConfigAttributeDefinition getConfigAttributeDefinition() {
- return configAttributeDefinition;
+ public List getConfigAttributes() {
+ return configAttribs;
}
public AuthenticationCredentialsNotFoundException getCredentialsNotFoundException() {
diff --git a/core/src/main/java/org/springframework/security/event/authorization/AuthorizationFailureEvent.java b/core/src/main/java/org/springframework/security/event/authorization/AuthorizationFailureEvent.java
index 9c61149063..958bfe258a 100644
--- a/core/src/main/java/org/springframework/security/event/authorization/AuthorizationFailureEvent.java
+++ b/core/src/main/java/org/springframework/security/event/authorization/AuthorizationFailureEvent.java
@@ -15,9 +15,11 @@
package org.springframework.security.event.authorization;
+import java.util.List;
+
import org.springframework.security.AccessDeniedException;
import org.springframework.security.Authentication;
-import org.springframework.security.ConfigAttributeDefinition;
+import org.springframework.security.ConfigAttribute;
/**
@@ -36,7 +38,7 @@ public class AuthorizationFailureEvent extends AbstractAuthorizationEvent {
private AccessDeniedException accessDeniedException;
private Authentication authentication;
- private ConfigAttributeDefinition configAttributeDefinition;
+ private List configAttributeDefinition;
//~ Constructors ===================================================================================================
@@ -51,7 +53,7 @@ public class AuthorizationFailureEvent extends AbstractAuthorizationEvent {
*
* @throws IllegalArgumentException if any null arguments are presented.
*/
- public AuthorizationFailureEvent(Object secureObject, ConfigAttributeDefinition configAttribs,
+ public AuthorizationFailureEvent(Object secureObject, List configAttribs,
Authentication authentication, AccessDeniedException accessDeniedException) {
super(secureObject);
@@ -74,7 +76,7 @@ public class AuthorizationFailureEvent extends AbstractAuthorizationEvent {
return authentication;
}
- public ConfigAttributeDefinition getConfigAttributeDefinition() {
+ public List getConfigAttributes() {
return configAttributeDefinition;
}
}
diff --git a/core/src/main/java/org/springframework/security/event/authorization/AuthorizedEvent.java b/core/src/main/java/org/springframework/security/event/authorization/AuthorizedEvent.java
index 2e8a2a0072..3e4632fe50 100644
--- a/core/src/main/java/org/springframework/security/event/authorization/AuthorizedEvent.java
+++ b/core/src/main/java/org/springframework/security/event/authorization/AuthorizedEvent.java
@@ -15,8 +15,10 @@
package org.springframework.security.event.authorization;
+import java.util.List;
+
import org.springframework.security.Authentication;
-import org.springframework.security.ConfigAttributeDefinition;
+import org.springframework.security.ConfigAttribute;
/**
@@ -30,20 +32,19 @@ public class AuthorizedEvent extends AbstractAuthorizationEvent {
//~ Instance fields ================================================================================================
private Authentication authentication;
- private ConfigAttributeDefinition configAttributeDefinition;
+ private List configAttributeDefinition;
//~ Constructors ===================================================================================================
-/**
+ /**
* Construct the event.
*
* @param secureObject the secure object
* @param configAttribs that apply to the secure object
* @param authentication that successfully called the secure object
*
- * @throws IllegalArgumentException DOCUMENT ME!
*/
- public AuthorizedEvent(Object secureObject, ConfigAttributeDefinition configAttribs, Authentication authentication) {
+ public AuthorizedEvent(Object secureObject, List configAttribs, Authentication authentication) {
super(secureObject);
if ((configAttribs == null) || (authentication == null)) {
@@ -60,7 +61,7 @@ public class AuthorizedEvent extends AbstractAuthorizationEvent {
return authentication;
}
- public ConfigAttributeDefinition getConfigAttributeDefinition() {
+ public List getConfigAttributes() {
return configAttributeDefinition;
}
}
diff --git a/core/src/main/java/org/springframework/security/event/authorization/LoggerListener.java b/core/src/main/java/org/springframework/security/event/authorization/LoggerListener.java
index 95db1d303a..0f7eca4a4e 100644
--- a/core/src/main/java/org/springframework/security/event/authorization/LoggerListener.java
+++ b/core/src/main/java/org/springframework/security/event/authorization/LoggerListener.java
@@ -46,7 +46,7 @@ public class LoggerListener implements ApplicationListener {
if (logger.isWarnEnabled()) {
logger.warn("Security interception failed due to: " + authEvent.getCredentialsNotFoundException()
+ "; secure object: " + authEvent.getSource() + "; configuration attributes: "
- + authEvent.getConfigAttributeDefinition());
+ + authEvent.getConfigAttributes());
}
}
@@ -57,7 +57,7 @@ public class LoggerListener implements ApplicationListener {
logger.warn("Security authorization failed due to: " + authEvent.getAccessDeniedException()
+ "; authenticated principal: " + authEvent.getAuthentication()
+ "; secure object: " + authEvent.getSource()
- + "; configuration attributes: " + authEvent.getConfigAttributeDefinition());
+ + "; configuration attributes: " + authEvent.getConfigAttributes());
}
}
@@ -67,7 +67,7 @@ public class LoggerListener implements ApplicationListener {
if (logger.isInfoEnabled()) {
logger.info("Security authorized for authenticated principal: " + authEvent.getAuthentication()
+ "; secure object: " + authEvent.getSource() + "; configuration attributes: "
- + authEvent.getConfigAttributeDefinition());
+ + authEvent.getConfigAttributes());
}
}
diff --git a/core/src/main/java/org/springframework/security/event/authorization/PublicInvocationEvent.java b/core/src/main/java/org/springframework/security/event/authorization/PublicInvocationEvent.java
index dccb3a33d3..09951e9598 100644
--- a/core/src/main/java/org/springframework/security/event/authorization/PublicInvocationEvent.java
+++ b/core/src/main/java/org/springframework/security/event/authorization/PublicInvocationEvent.java
@@ -17,7 +17,7 @@ package org.springframework.security.event.authorization;
/**
* Event that is generated whenever a public secure object is invoked.
A public secure object is a secure object
- * that has no ConfigAttributeDefinition defined. A public secure object will not cause the
+ * that has no ConfigAttributes defined. A public secure object will not cause the
* SecurityContextHolder to be inspected or authenticated, and no authorization will take place.
*
Published just before the secure object attempts to proceed.
*
diff --git a/core/src/main/java/org/springframework/security/expression/SecurityExpressionRoot.java b/core/src/main/java/org/springframework/security/expression/SecurityExpressionRoot.java
index 98940d11c2..39afc1cb09 100644
--- a/core/src/main/java/org/springframework/security/expression/SecurityExpressionRoot.java
+++ b/core/src/main/java/org/springframework/security/expression/SecurityExpressionRoot.java
@@ -7,6 +7,12 @@ import org.springframework.security.AuthenticationTrustResolver;
import org.springframework.security.AuthenticationTrustResolverImpl;
import org.springframework.security.util.AuthorityUtils;
+/**
+ * Default root object for use in Spring Security expression evaluations.
+ *
+ * @author Luke Taylor
+ *
+ */
public class SecurityExpressionRoot {
private Authentication authentication;
private AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl();
@@ -21,6 +27,9 @@ public class SecurityExpressionRoot {
public SecurityExpressionRoot(Authentication a) {
+ if (a == null) {
+ throw new IllegalArgumentException("Authentication object cannot be null");
+ }
this.authentication = a;
}
@@ -56,14 +65,14 @@ public class SecurityExpressionRoot {
return trustResolver.isRememberMe(authentication);
}
- public Authentication getAuthentication() {
- return authentication;
- }
-
public final boolean isFullyAuthenticated() {
return !trustResolver.isAnonymous(authentication) && !trustResolver.isRememberMe(authentication);
}
+ public Authentication getAuthentication() {
+ return authentication;
+ }
+
public void setFilterObject(Object filterObject) {
this.filterObject = filterObject;
}
diff --git a/core/src/main/java/org/springframework/security/expression/support/ExpressionAnnotationMethodDefinitionSource.java b/core/src/main/java/org/springframework/security/expression/support/ExpressionAnnotationMethodDefinitionSource.java
index 460b60419e..c4c1473069 100644
--- a/core/src/main/java/org/springframework/security/expression/support/ExpressionAnnotationMethodDefinitionSource.java
+++ b/core/src/main/java/org/springframework/security/expression/support/ExpressionAnnotationMethodDefinitionSource.java
@@ -37,6 +37,10 @@ import org.springframework.util.ClassUtils;
public class ExpressionAnnotationMethodDefinitionSource extends AbstractMethodDefinitionSource {
public List getAttributes(Method method, Class targetClass) {
+ if (method.getDeclaringClass() == Object.class) {
+ return null;
+ }
+
logger.debug("Looking for expression annotations for method '" +
method.getName() + "' on target class '" + targetClass + "'");
PreFilter preFilter = findAnnotation(method, targetClass, PreFilter.class);
@@ -101,7 +105,7 @@ public class ExpressionAnnotationMethodDefinitionSource extends AbstractMethodDe
return null;
}
- public Collection> getConfigAttributeDefinitions() {
+ public Collection> getAllConfigAttributes() {
return null;
}
diff --git a/core/src/main/java/org/springframework/security/expression/support/MethodExpressionAfterInvocationProvider.java b/core/src/main/java/org/springframework/security/expression/support/MethodExpressionAfterInvocationProvider.java
index 4343042429..a62eaf0e91 100644
--- a/core/src/main/java/org/springframework/security/expression/support/MethodExpressionAfterInvocationProvider.java
+++ b/core/src/main/java/org/springframework/security/expression/support/MethodExpressionAfterInvocationProvider.java
@@ -1,6 +1,7 @@
package org.springframework.security.expression.support;
import java.lang.reflect.Method;
+import java.util.List;
import org.aopalliance.intercept.MethodInvocation;
import org.apache.commons.logging.Log;
@@ -13,7 +14,6 @@ import org.springframework.expression.spel.standard.StandardEvaluationContext;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.Authentication;
import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.afterinvocation.AfterInvocationProvider;
import org.springframework.security.expression.ExpressionUtils;
import org.springframework.security.expression.SecurityExpressionRoot;
@@ -32,7 +32,7 @@ public class MethodExpressionAfterInvocationProvider implements AfterInvocationP
private ParameterNameDiscoverer parameterNameDiscoverer = new LocalVariableTableParameterNameDiscoverer();
- public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config, Object returnedObject)
+ public Object decide(Authentication authentication, Object object, List config, Object returnedObject)
throws AccessDeniedException {
PostInvocationExpressionConfigAttribute mca = findMethodAccessControlExpression(config);
@@ -86,9 +86,9 @@ public class MethodExpressionAfterInvocationProvider implements AfterInvocationP
}
}
- private PostInvocationExpressionConfigAttribute findMethodAccessControlExpression(ConfigAttributeDefinition config) {
+ private PostInvocationExpressionConfigAttribute findMethodAccessControlExpression(List config) {
// Find the MethodAccessControlExpression attribute
- for (ConfigAttribute attribute : config.getConfigAttributes()) {
+ for (ConfigAttribute attribute : config) {
if (attribute instanceof PostInvocationExpressionConfigAttribute) {
return (PostInvocationExpressionConfigAttribute)attribute;
}
diff --git a/core/src/main/java/org/springframework/security/expression/support/MethodExpressionVoter.java b/core/src/main/java/org/springframework/security/expression/support/MethodExpressionVoter.java
index 000fc82d94..24ed50d40f 100644
--- a/core/src/main/java/org/springframework/security/expression/support/MethodExpressionVoter.java
+++ b/core/src/main/java/org/springframework/security/expression/support/MethodExpressionVoter.java
@@ -1,6 +1,7 @@
package org.springframework.security.expression.support;
import java.lang.reflect.Method;
+import java.util.List;
import org.aopalliance.intercept.MethodInvocation;
import org.apache.commons.logging.Log;
@@ -12,7 +13,6 @@ import org.springframework.expression.Expression;
import org.springframework.expression.spel.standard.StandardEvaluationContext;
import org.springframework.security.Authentication;
import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.expression.ExpressionUtils;
import org.springframework.security.expression.SecurityExpressionRoot;
import org.springframework.security.vote.AccessDecisionVoter;
@@ -43,8 +43,8 @@ public class MethodExpressionVoter implements AccessDecisionVoter {
return clazz.isAssignableFrom(MethodInvocation.class);
}
- public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config) {
- PreInvocationExpressionConfigAttribute mace = findMethodAccessControlExpression(config);
+ public int vote(Authentication authentication, Object object, List attributes) {
+ PreInvocationExpressionConfigAttribute mace = findMethodAccessControlExpression(attributes);
if (mace == null) {
// No expression based metadata, so abstain
@@ -102,9 +102,9 @@ public class MethodExpressionVoter implements AccessDecisionVoter {
return filterTarget;
}
- private PreInvocationExpressionConfigAttribute findMethodAccessControlExpression(ConfigAttributeDefinition config) {
+ private PreInvocationExpressionConfigAttribute findMethodAccessControlExpression(List config) {
// Find the MethodAccessControlExpression attribute
- for (ConfigAttribute attribute : config.getConfigAttributes()) {
+ for (ConfigAttribute attribute : config) {
if (attribute instanceof PreInvocationExpressionConfigAttribute) {
return (PreInvocationExpressionConfigAttribute)attribute;
}
diff --git a/core/src/main/java/org/springframework/security/intercept/AbstractSecurityInterceptor.java b/core/src/main/java/org/springframework/security/intercept/AbstractSecurityInterceptor.java
index be55c657b7..711051bb6c 100644
--- a/core/src/main/java/org/springframework/security/intercept/AbstractSecurityInterceptor.java
+++ b/core/src/main/java/org/springframework/security/intercept/AbstractSecurityInterceptor.java
@@ -15,46 +15,37 @@
package org.springframework.security.intercept;
-import org.springframework.security.AccessDecisionManager;
-import org.springframework.security.AccessDeniedException;
-import org.springframework.security.SpringSecurityMessageSource;
-import org.springframework.security.AfterInvocationManager;
-import org.springframework.security.Authentication;
-import org.springframework.security.AuthenticationCredentialsNotFoundException;
-import org.springframework.security.AuthenticationManager;
-import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
-import org.springframework.security.RunAsManager;
-
-import org.springframework.security.context.SecurityContextHolder;
-
-import org.springframework.security.event.authorization.AuthenticationCredentialsNotFoundEvent;
-import org.springframework.security.event.authorization.AuthorizationFailureEvent;
-import org.springframework.security.event.authorization.AuthorizedEvent;
-import org.springframework.security.event.authorization.PublicInvocationEvent;
-
-import org.springframework.security.runas.NullRunAsManager;
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-
import org.springframework.beans.factory.InitializingBean;
-
import org.springframework.context.ApplicationEvent;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.ApplicationEventPublisherAware;
import org.springframework.context.MessageSource;
import org.springframework.context.MessageSourceAware;
import org.springframework.context.support.MessageSourceAccessor;
-
+import org.springframework.security.AccessDecisionManager;
+import org.springframework.security.AccessDeniedException;
+import org.springframework.security.AfterInvocationManager;
+import org.springframework.security.Authentication;
+import org.springframework.security.AuthenticationCredentialsNotFoundException;
+import org.springframework.security.AuthenticationManager;
+import org.springframework.security.ConfigAttribute;
+import org.springframework.security.RunAsManager;
+import org.springframework.security.SpringSecurityMessageSource;
+import org.springframework.security.context.SecurityContextHolder;
+import org.springframework.security.event.authorization.AuthenticationCredentialsNotFoundEvent;
+import org.springframework.security.event.authorization.AuthorizationFailureEvent;
+import org.springframework.security.event.authorization.AuthorizedEvent;
+import org.springframework.security.event.authorization.PublicInvocationEvent;
+import org.springframework.security.runas.NullRunAsManager;
import org.springframework.util.Assert;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Set;
-import java.util.Collection;
-
/**
* Abstract class that implements security interception for secure objects.
*
@@ -64,8 +55,8 @@ import java.util.Collection;
*
Obtain the {@link Authentication} object from the {@link SecurityContextHolder}.
*
Determine if the request relates to a secured or public invocation by looking up the secure object request
* against the {@link ObjectDefinitionSource}.
- *
For an invocation that is secured (there is a
- * ConfigAttributeDefinition for the secure object invocation):
+ *
For an invocation that is secured (there is a list of ConfigAttributes for the secure
+ * object invocation):
*
*
If either the {@link org.springframework.security.Authentication#isAuthenticated()}
* returns false, or the {@link #alwaysReauthenticate} is
@@ -88,7 +79,7 @@ import java.util.Collection;
* the caller.
*
*
- *
For an invocation that is public (there is no ConfigAttributeDefinition for the secure object
+ *
For an invocation that is public (there are no ConfigAttributes for the secure object
* invocation):
*
*
As described above, the concrete subclass will be returned an InterceptorStatusToken which is
@@ -125,46 +116,6 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
//~ Methods ========================================================================================================
- /**
- * Completes the work of the AbstractSecurityInterceptor after the secure object invocation has been
- * completed.
- *
- * @param token as returned by the {@link #beforeInvocation(Object)}} method
- * @param returnedObject any object returned from the secure object invocation (may be null)
- * @return the object the secure object invocation should ultimately return to its caller (may be null)
- */
- protected Object afterInvocation(InterceptorStatusToken token, Object returnedObject) {
- if (token == null) {
- // public object
- return returnedObject;
- }
-
- if (token.isContextHolderRefreshRequired()) {
- if (logger.isDebugEnabled()) {
- logger.debug("Reverting to original Authentication: " + token.getAuthentication().toString());
- }
-
- SecurityContextHolder.getContext().setAuthentication(token.getAuthentication());
- }
-
- if (afterInvocationManager != null) {
- // Attempt after invocation handling
- try {
- returnedObject = afterInvocationManager.decide(token.getAuthentication(), token.getSecureObject(),
- token.getAttr(), returnedObject);
- }
- catch (AccessDeniedException accessDeniedException) {
- AuthorizationFailureEvent event = new AuthorizationFailureEvent(token.getSecureObject(), token
- .getAttr(), token.getAuthentication(), accessDeniedException);
- publishEvent(event);
-
- throw accessDeniedException;
- }
- }
-
- return returnedObject;
- }
-
public void afterPropertiesSet() throws Exception {
Assert.notNull(getSecureObjectClass(), "Subclass must provide a non-null response to getSecureObjectClass()");
Assert.notNull(this.messages, "A message source must be set");
@@ -185,11 +136,11 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
}
if (this.validateConfigAttributes) {
- Collection> attributeDefs = this.obtainObjectDefinitionSource().getConfigAttributeDefinitions();
+ Collection> attributeDefs = this.obtainObjectDefinitionSource().getAllConfigAttributes();
if (attributeDefs == null) {
logger.warn("Could not validate configuration attributes as the ObjectDefinitionSource did not return "
- + "a ConfigAttributeDefinition collection");
+ + "any attributes from getAllConfigAttributes()");
return;
}
@@ -222,15 +173,9 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
+ getSecureObjectClass());
}
- List attributes = this.obtainObjectDefinitionSource().getAttributes(object);
- ConfigAttributeDefinition attr = null;
+ List attributes = this.obtainObjectDefinitionSource().getAttributes(object);
- // TODO: temporary until refactor security interceptor and AccessManager
- if (attributes != null) {
- attr = new ConfigAttributeDefinition(attributes);
- }
-
- if (attr == null) {
+ if (attributes == null) {
if (rejectPublicInvocations) {
throw new IllegalArgumentException(
"No public invocations are allowed via this AbstractSecurityInterceptor. "
@@ -248,22 +193,22 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
}
if (logger.isDebugEnabled()) {
- logger.debug("Secure object: " + object + "; ConfigAttributes: " + attr);
+ logger.debug("Secure object: " + object + "; Attributes: " + attributes);
}
if (SecurityContextHolder.getContext().getAuthentication() == null) {
credentialsNotFound(messages.getMessage("AbstractSecurityInterceptor.authenticationNotFound",
- "An Authentication object was not found in the SecurityContext"), object, attr);
+ "An Authentication object was not found in the SecurityContext"), object, attributes);
}
Authentication authenticated = authenticateIfRequired();
// Attempt authorization
try {
- this.accessDecisionManager.decide(authenticated, object, attr);
+ this.accessDecisionManager.decide(authenticated, object, attributes);
}
catch (AccessDeniedException accessDeniedException) {
- AuthorizationFailureEvent event = new AuthorizationFailureEvent(object, attr, authenticated,
+ AuthorizationFailureEvent event = new AuthorizationFailureEvent(object, attributes, authenticated,
accessDeniedException);
publishEvent(event);
@@ -274,11 +219,11 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
logger.debug("Authorization successful");
}
- AuthorizedEvent event = new AuthorizedEvent(object, attr, authenticated);
+ AuthorizedEvent event = new AuthorizedEvent(object, attributes, authenticated);
publishEvent(event);
// Attempt to run as a different user
- Authentication runAs = this.runAsManager.buildRunAs(authenticated, object, attr);
+ Authentication runAs = this.runAsManager.buildRunAs(authenticated, object, attributes);
if (runAs == null) {
if (logger.isDebugEnabled()) {
@@ -286,7 +231,7 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
}
// no further work post-invocation
- return new InterceptorStatusToken(authenticated, false, attr, object);
+ return new InterceptorStatusToken(authenticated, false, attributes, object);
} else {
if (logger.isDebugEnabled()) {
logger.debug("Switching to RunAs Authentication: " + runAs);
@@ -295,10 +240,51 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
SecurityContextHolder.getContext().setAuthentication(runAs);
// revert to token.Authenticated post-invocation
- return new InterceptorStatusToken(authenticated, true, attr, object);
+ return new InterceptorStatusToken(authenticated, true, attributes, object);
}
}
+ /**
+ * Completes the work of the AbstractSecurityInterceptor after the secure object invocation has been
+ * completed.
+ *
+ * @param token as returned by the {@link #beforeInvocation(Object)}} method
+ * @param returnedObject any object returned from the secure object invocation (may be null)
+ * @return the object the secure object invocation should ultimately return to its caller (may be null)
+ */
+ protected Object afterInvocation(InterceptorStatusToken token, Object returnedObject) {
+ if (token == null) {
+ // public object
+ return returnedObject;
+ }
+
+ if (token.isContextHolderRefreshRequired()) {
+ if (logger.isDebugEnabled()) {
+ logger.debug("Reverting to original Authentication: " + token.getAuthentication().toString());
+ }
+
+ SecurityContextHolder.getContext().setAuthentication(token.getAuthentication());
+ }
+
+ if (afterInvocationManager != null) {
+ // Attempt after invocation handling
+ try {
+ returnedObject = afterInvocationManager.decide(token.getAuthentication(), token.getSecureObject(),
+ token.getAttributes(), returnedObject);
+ }
+ catch (AccessDeniedException accessDeniedException) {
+ AuthorizationFailureEvent event = new AuthorizationFailureEvent(token.getSecureObject(), token
+ .getAttributes(), token.getAuthentication(), accessDeniedException);
+ publishEvent(event);
+
+ throw accessDeniedException;
+ }
+ }
+
+ return returnedObject;
+ }
+
+
/**
* Checks the current authentication token and passes it to the AuthenticationManager if
* {@link org.springframework.security.Authentication#isAuthenticated()} returns false or the property
@@ -339,7 +325,7 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
* @param secureObject that was being called
* @param configAttribs that were defined for the secureObject
*/
- private void credentialsNotFound(String reason, Object secureObject, ConfigAttributeDefinition configAttribs) {
+ private void credentialsNotFound(String reason, Object secureObject, List configAttribs) {
AuthenticationCredentialsNotFoundException exception = new AuthenticationCredentialsNotFoundException(reason);
AuthenticationCredentialsNotFoundEvent event = new AuthenticationCredentialsNotFoundEvent(secureObject,
diff --git a/core/src/main/java/org/springframework/security/intercept/InterceptorStatusToken.java b/core/src/main/java/org/springframework/security/intercept/InterceptorStatusToken.java
index 210a31c23d..cdda457ba7 100644
--- a/core/src/main/java/org/springframework/security/intercept/InterceptorStatusToken.java
+++ b/core/src/main/java/org/springframework/security/intercept/InterceptorStatusToken.java
@@ -15,7 +15,10 @@
package org.springframework.security.intercept;
+import java.util.List;
+
import org.springframework.security.Authentication;
+import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
@@ -33,14 +36,14 @@ public class InterceptorStatusToken {
//~ Instance fields ================================================================================================
private Authentication authentication;
- private ConfigAttributeDefinition attr;
+ private List attr;
private Object secureObject;
private boolean contextHolderRefreshRequired;
//~ Constructors ===================================================================================================
public InterceptorStatusToken(Authentication authentication, boolean contextHolderRefreshRequired,
- ConfigAttributeDefinition attr, Object secureObject) {
+ List attr, Object secureObject) {
this.authentication = authentication;
this.contextHolderRefreshRequired = contextHolderRefreshRequired;
this.attr = attr;
@@ -49,7 +52,7 @@ public class InterceptorStatusToken {
//~ Methods ========================================================================================================
- public ConfigAttributeDefinition getAttr() {
+ public List getAttributes() {
return attr;
}
diff --git a/core/src/main/java/org/springframework/security/intercept/ObjectDefinitionSource.java b/core/src/main/java/org/springframework/security/intercept/ObjectDefinitionSource.java
index f3957aae23..b51cc06ada 100644
--- a/core/src/main/java/org/springframework/security/intercept/ObjectDefinitionSource.java
+++ b/core/src/main/java/org/springframework/security/intercept/ObjectDefinitionSource.java
@@ -15,16 +15,15 @@
package org.springframework.security.intercept;
-import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
-
import java.util.Collection;
import java.util.List;
+import org.springframework.security.ConfigAttribute;
+
/**
* Implemented by classes that store and can identify the {@link
- * ConfigAttributeDefinition} that applies to a given secure object
+ * ConfigAttribute}s that applies to a given secure object
* invocation.
*
* @author Ben Alex
@@ -34,7 +33,7 @@ public interface ObjectDefinitionSource {
//~ Methods ========================================================================================================
/**
- * Accesses the ConfigAttributeDefinition that applies to a given secure object.
+ * Accesses the ConfigAttributes that apply to a given secure object.
*
Returns null if no attributes apply.
*
* @param object the object being secured
@@ -47,18 +46,18 @@ public interface ObjectDefinitionSource {
List getAttributes(Object object) throws IllegalArgumentException;
/**
- * If available, returns all of the ConfigAttributeDefinitions defined by the implementing class.
+ * If available, returns all of the ConfigAttributes defined by the implementing class.
*
* This is used by the {@link AbstractSecurityInterceptor} to perform startup time validation of each
* ConfigAttribute configured against it.
*
- * @return the ConfigAttributeDefinitions or null if unsupported
+ * @return the ConfigAttributes or null if unsupported
*/
- Collection> getConfigAttributeDefinitions();
+ Collection> getAllConfigAttributes();
/**
* Indicates whether the ObjectDefinitionSource implementation is able to provide
- * ConfigAttributeDefinitions for the indicated secure object type.
+ * ConfigAttributes for the indicated secure object type.
*
* @param clazz the class that is being queried
*
diff --git a/core/src/main/java/org/springframework/security/intercept/method/DelegatingMethodDefinitionSource.java b/core/src/main/java/org/springframework/security/intercept/method/DelegatingMethodDefinitionSource.java
index c6e1057d3e..0d6db5b11b 100644
--- a/core/src/main/java/org/springframework/security/intercept/method/DelegatingMethodDefinitionSource.java
+++ b/core/src/main/java/org/springframework/security/intercept/method/DelegatingMethodDefinitionSource.java
@@ -73,12 +73,12 @@ public final class DelegatingMethodDefinitionSource extends AbstractMethodDefini
}
}
- public Collection> getConfigAttributeDefinitions() {
+ public Collection> getAllConfigAttributes() {
Set set = new HashSet();
Iterator i = methodDefinitionSources.iterator();
while (i.hasNext()) {
MethodDefinitionSource s = (MethodDefinitionSource) i.next();
- Collection> attrs = s.getConfigAttributeDefinitions();
+ Collection> attrs = s.getAllConfigAttributes();
if (attrs != null) {
set.addAll(attrs);
}
diff --git a/core/src/main/java/org/springframework/security/intercept/method/MapBasedMethodDefinitionSource.java b/core/src/main/java/org/springframework/security/intercept/method/MapBasedMethodDefinitionSource.java
index 1cd24ea9f4..44eea309fb 100644
--- a/core/src/main/java/org/springframework/security/intercept/method/MapBasedMethodDefinitionSource.java
+++ b/core/src/main/java/org/springframework/security/intercept/method/MapBasedMethodDefinitionSource.java
@@ -25,13 +25,12 @@ import java.util.Map;
import org.springframework.beans.factory.BeanClassLoaderAware;
import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.util.Assert;
import org.springframework.util.ClassUtils;
/**
- * Stores a {@link ConfigAttributeDefinition} for a method or class signature.
+ * Stores a list of ConfigAttributes for a method or class signature.
*
*
* This class is the preferred implementation of {@link MethodDefinitionSource} for XML-based
@@ -48,7 +47,7 @@ public class MapBasedMethodDefinitionSource extends AbstractFallbackMethodDefini
//~ Instance fields ================================================================================================
private ClassLoader beanClassLoader = ClassUtils.getDefaultClassLoader();
- /** Map from RegisteredMethod to ConfigAttributeDefinition */
+ /** Map from RegisteredMethod to ConfigAttribute list */
protected Map> methodMap = new HashMap();
/** Map from RegisteredMethod to name pattern used for registration */
@@ -61,14 +60,11 @@ public class MapBasedMethodDefinitionSource extends AbstractFallbackMethodDefini
/**
* Creates the MapBasedMethodDefinitionSource from a
- * @param methodMap map of method names to ConfigAttributeDefinitions.
+ * @param methodMap map of method names to ConfigAttributes.
*/
- public MapBasedMethodDefinitionSource(Map methodMap) {
- Iterator iterator = methodMap.entrySet().iterator();
-
- while (iterator.hasNext()) {
- Map.Entry entry = (Map.Entry) iterator.next();
- addSecureMethod((String)entry.getKey(), (List)entry.getValue());
+ public MapBasedMethodDefinitionSource(Map> methodMap) {
+ for (Map.Entry> entry : methodMap.entrySet()) {
+ addSecureMethod(entry.getKey(), entry.getValue());
}
}
@@ -213,7 +209,7 @@ public class MapBasedMethodDefinitionSource extends AbstractFallbackMethodDefini
*
* @return the attributes explicitly defined against this bean
*/
- public Collection> getConfigAttributeDefinitions() {
+ public Collection> getAllConfigAttributes() {
return methodMap.values();
}
diff --git a/core/src/main/java/org/springframework/security/intercept/method/MethodInvocationPrivilegeEvaluator.java b/core/src/main/java/org/springframework/security/intercept/method/MethodInvocationPrivilegeEvaluator.java
index e14b960dbe..c275149486 100644
--- a/core/src/main/java/org/springframework/security/intercept/method/MethodInvocationPrivilegeEvaluator.java
+++ b/core/src/main/java/org/springframework/security/intercept/method/MethodInvocationPrivilegeEvaluator.java
@@ -17,27 +17,23 @@ package org.springframework.security.intercept.method;
import java.util.List;
+import org.aopalliance.intercept.MethodInvocation;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.Authentication;
import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
-
import org.springframework.security.intercept.AbstractSecurityInterceptor;
-
-import org.aopalliance.intercept.MethodInvocation;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-import org.springframework.beans.factory.InitializingBean;
-
import org.springframework.util.Assert;
/**
- * Allows users to determine whether they have "before invocation" privileges for a given method invocation.
Of
- * course, if an {@link org.springframework.security.AfterInvocationManager} is used to authorize the result of a method
- * invocation, this class cannot assist determine whether or not the AfterInvocationManager will enable
+ * Allows users to determine whether they have "before invocation" privileges for a given method invocation.
+ *
+ * Of course, if an {@link org.springframework.security.AfterInvocationManager} is used to authorize the
+ * result of a method invocation, this class cannot assist determine whether or not the
+ * AfterInvocationManager will enable
* access. Instead this class aims to allow applications to determine whether or not the current principal would be
* allowed to at least attempt to invoke the method, irrespective of the "after" invocation handling.
*
@@ -63,7 +59,7 @@ public class MethodInvocationPrivilegeEvaluator implements InitializingBean {
Assert.notNull(mi, "MethodInvocation required");
Assert.notNull(mi.getMethod(), "MethodInvocation must provide a non-null getMethod()");
- List attrs = securityInterceptor.obtainObjectDefinitionSource().getAttributes(mi);
+ List attrs = securityInterceptor.obtainObjectDefinitionSource().getAttributes(mi);
if (attrs == null) {
if (securityInterceptor.isRejectPublicInvocations()) {
@@ -79,7 +75,7 @@ public class MethodInvocationPrivilegeEvaluator implements InitializingBean {
}
try {
- securityInterceptor.getAccessDecisionManager().decide(authentication, mi, new ConfigAttributeDefinition(attrs));
+ securityInterceptor.getAccessDecisionManager().decide(authentication, mi, attrs);
} catch (AccessDeniedException unauthorized) {
if (logger.isDebugEnabled()) {
logger.debug(mi.toString() + " denied for " + authentication.toString(), unauthorized);
diff --git a/core/src/main/java/org/springframework/security/intercept/method/ProtectPointcutPostProcessor.java b/core/src/main/java/org/springframework/security/intercept/method/ProtectPointcutPostProcessor.java
index 6e33d870cf..0e07e9286b 100644
--- a/core/src/main/java/org/springframework/security/intercept/method/ProtectPointcutPostProcessor.java
+++ b/core/src/main/java/org/springframework/security/intercept/method/ProtectPointcutPostProcessor.java
@@ -16,7 +16,6 @@ import org.aspectj.weaver.tools.PointcutPrimitive;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.config.BeanPostProcessor;
import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.intercept.method.aopalliance.MethodDefinitionSourceAdvisor;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
@@ -145,7 +144,7 @@ public final class ProtectPointcutPostProcessor implements BeanPostProcessor {
private void addPointcut(String pointcutExpression, List definition) {
Assert.hasText(pointcutExpression, "An AspectJ pointcut expression is required");
- Assert.notNull(definition, "ConfigAttributeDefinition required");
+ Assert.notNull(definition, "A List of ConfigAttributes is required");
pointcutExpression = replaceBooleanOperators(pointcutExpression);
pointcutMap.put(pointcutExpression, definition);
diff --git a/core/src/main/java/org/springframework/security/intercept/web/DefaultFilterInvocationDefinitionSource.java b/core/src/main/java/org/springframework/security/intercept/web/DefaultFilterInvocationDefinitionSource.java
index 083675bf96..a5d01b2c1b 100644
--- a/core/src/main/java/org/springframework/security/intercept/web/DefaultFilterInvocationDefinitionSource.java
+++ b/core/src/main/java/org/springframework/security/intercept/web/DefaultFilterInvocationDefinitionSource.java
@@ -15,40 +15,37 @@
package org.springframework.security.intercept.web;
-import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
-import org.springframework.security.util.UrlMatcher;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.LinkedHashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-
-import java.util.Collection;
-import java.util.List;
-import java.util.Map;
-import java.util.LinkedHashMap;
-import java.util.Iterator;
-import java.util.HashMap;
-import java.util.Set;
-import java.util.HashSet;
-import java.util.Arrays;
-import java.util.Collections;
+import org.springframework.security.ConfigAttribute;
+import org.springframework.security.util.UrlMatcher;
/**
* Default implementation of FilterInvocationDefinitionSource.
*
- * Stores an ordered map of compiled URL paths to ConfigAttributeDefinitions and provides URL matching
+ * Stores an ordered map of compiled URL paths to ConfigAttribute lists and provides URL matching
* against the items stored in this map using the configured UrlMatcher.
*
* The order of registering the regular expressions using the
- * {@link #addSecureUrl(String, ConfigAttributeDefinition)} is very important.
+ * {@link #addSecureUrl(String, List)} is very important.
* The system will identify the first matching regular
* expression for a given HTTP URL. It will not proceed to evaluate later regular expressions if a match has already
* been found. Accordingly, the most specific regular expressions should be registered first, with the most general
* regular expressions registered last.
*
* If URLs are registered for a particular HTTP method using
- * {@link #addSecureUrl(String, String, ConfigAttributeDefinition)}, then the method-specific matches will take
+ * {@link #addSecureUrl(String, String, List)}, then the method-specific matches will take
* precedence over any URLs which are registered without an HTTP method.
*
* @author Ben Alex
@@ -62,7 +59,7 @@ public class DefaultFilterInvocationDefinitionSource implements FilterInvocation
protected final Log logger = LogFactory.getLog(getClass());
/**
- * Non method-specific map of URL patterns to ConfigAttributeDefinitions
+ * Non method-specific map of URL patterns to Lists
* TODO: Store in the httpMethod map with null key.
*/
private Map requestMap = new LinkedHashMap();
@@ -87,30 +84,30 @@ public class DefaultFilterInvocationDefinitionSource implements FilterInvocation
* the type of the supplied UrlMatcher.
*
* @param urlMatcher typically an ant or regular expression matcher.
- * @param requestMap order-preserving map of .
+ * @param requestMap order-preserving map of request definitions to attribute lists
*/
public DefaultFilterInvocationDefinitionSource(UrlMatcher urlMatcher,
- LinkedHashMap> requestMap) {
+ LinkedHashMap> requestMap) {
this.urlMatcher = urlMatcher;
- for (Map.Entry> entry : requestMap.entrySet()) {
+ for (Map.Entry> entry : requestMap.entrySet()) {
addSecureUrl(entry.getKey().getUrl(), entry.getKey().getMethod(), entry.getValue());
}
}
//~ Methods ========================================================================================================
- void addSecureUrl(String pattern, List attr) {
+ void addSecureUrl(String pattern, List attr) {
addSecureUrl(pattern, null, attr);
}
/**
- * Adds a URL-ConfigAttributeDefinition pair to the request map, first allowing the UrlMatcher to
+ * Adds a URL,attribute-list pair to the request map, first allowing the UrlMatcher to
* process the pattern if required, using its compile method. The returned object will be used as the key
* to the request map and will be passed back to the UrlMatcher when iterating through the map to find
* a match for a particular URL.
*/
- void addSecureUrl(String pattern, String method, List attr) {
+ void addSecureUrl(String pattern, String method, List attr) {
Map mapToUse = getRequestMapForHttpMethod(method);
mapToUse.put(urlMatcher.compile(pattern), attr);
@@ -124,7 +121,7 @@ public class DefaultFilterInvocationDefinitionSource implements FilterInvocation
/**
* Return the HTTP method specific request map, creating it if it doesn't already exist.
* @param method GET, POST etc
- * @return map of URL patterns to ConfigAttributeDefinitions for this method.
+ * @return map of URL patterns to ConfigAttributes for this method.
*/
private Map getRequestMapForHttpMethod(String method) {
if (method == null) {
@@ -144,7 +141,7 @@ public class DefaultFilterInvocationDefinitionSource implements FilterInvocation
return methodRequestmap;
}
- public Collection> getConfigAttributeDefinitions() {
+ public Collection> getAllConfigAttributes() {
return Collections.unmodifiableCollection(getRequestMap().values());
}
@@ -175,7 +172,7 @@ public class DefaultFilterInvocationDefinitionSource implements FilterInvocation
* @param url the URI to retrieve configuration attributes for
* @param method the HTTP method (GET, POST, DELETE...).
*
- * @return the ConfigAttributeDefinition that applies to the specified FilterInvocation
+ * @return the ConfigAttributes that apply to the specified FilterInvocation
* or null if no match is foud
*/
public List lookupAttributes(String url, String method) {
diff --git a/core/src/main/java/org/springframework/security/intercept/web/FIDSToFilterChainMapConverter.java b/core/src/main/java/org/springframework/security/intercept/web/FIDSToFilterChainMapConverter.java
index 0709695432..b31414a062 100644
--- a/core/src/main/java/org/springframework/security/intercept/web/FIDSToFilterChainMapConverter.java
+++ b/core/src/main/java/org/springframework/security/intercept/web/FIDSToFilterChainMapConverter.java
@@ -28,8 +28,8 @@ public class FIDSToFilterChainMapConverter {
public FIDSToFilterChainMapConverter(DefaultFilterInvocationDefinitionSource fids, ApplicationContext appContext) {
// TODO: Check if this is necessary. Retained from refactoring of FilterChainProxy
- Assert.notNull(fids.getConfigAttributeDefinitions(), "FilterChainProxy requires the " +
- "FilterInvocationDefinitionSource to return a non-null response to getConfigAttributeDefinitions()");
+ Assert.notNull(fids.getAllConfigAttributes(), "FilterChainProxy requires the " +
+ "FilterInvocationDefinitionSource to return a non-null response to getAllConfigAttributes()");
matcher = fids.getUrlMatcher();
Map requestMap = fids.getRequestMap();
Iterator paths = requestMap.keySet().iterator();
diff --git a/core/src/main/java/org/springframework/security/intercept/web/WebInvocationPrivilegeEvaluator.java b/core/src/main/java/org/springframework/security/intercept/web/WebInvocationPrivilegeEvaluator.java
index 89776d793f..bdde3d554e 100644
--- a/core/src/main/java/org/springframework/security/intercept/web/WebInvocationPrivilegeEvaluator.java
+++ b/core/src/main/java/org/springframework/security/intercept/web/WebInvocationPrivilegeEvaluator.java
@@ -17,18 +17,13 @@ package org.springframework.security.intercept.web;
import java.util.List;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.Authentication;
import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
-
import org.springframework.security.intercept.AbstractSecurityInterceptor;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-import org.springframework.beans.factory.InitializingBean;
-
import org.springframework.util.Assert;
@@ -56,7 +51,7 @@ public class WebInvocationPrivilegeEvaluator implements InitializingBean {
public boolean isAllowed(FilterInvocation fi, Authentication authentication) {
Assert.notNull(fi, "FilterInvocation required");
- List attrs = securityInterceptor.obtainObjectDefinitionSource().getAttributes(fi);
+ List attrs = securityInterceptor.obtainObjectDefinitionSource().getAttributes(fi);
if (attrs == null) {
if (securityInterceptor.isRejectPublicInvocations()) {
@@ -72,7 +67,7 @@ public class WebInvocationPrivilegeEvaluator implements InitializingBean {
}
try {
- securityInterceptor.getAccessDecisionManager().decide(authentication, fi, new ConfigAttributeDefinition(attrs));
+ securityInterceptor.getAccessDecisionManager().decide(authentication, fi, attrs);
} catch (AccessDeniedException unauthorized) {
if (logger.isDebugEnabled()) {
logger.debug(fi.toString() + " denied for " + authentication.toString(), unauthorized);
diff --git a/core/src/main/java/org/springframework/security/providers/UsernamePasswordAuthenticationToken.java b/core/src/main/java/org/springframework/security/providers/UsernamePasswordAuthenticationToken.java
index 8f5a0aa62f..64f5fee0dc 100644
--- a/core/src/main/java/org/springframework/security/providers/UsernamePasswordAuthenticationToken.java
+++ b/core/src/main/java/org/springframework/security/providers/UsernamePasswordAuthenticationToken.java
@@ -21,9 +21,10 @@ import org.springframework.security.GrantedAuthority;
/**
* An {@link org.springframework.security.Authentication} implementation that is designed for simple presentation of a
* username and password.
- *
The principal and credentials should be set with an Object that provides
+ *
+ * The principal and credentials should be set with an Object that provides
* the respective property via its Object.toString() method. The simplest such Object to use
- * is String.
+ * is String.
*
* @author Ben Alex
* @version $Id$
@@ -52,7 +53,7 @@ public class UsernamePasswordAuthenticationToken extends AbstractAuthenticationT
/**
* This constructor should only be used by AuthenticationManager or AuthenticationProvider
- * implementations that are satisfied with producing a trusted (ie {@link #isAuthenticated()} = true)
+ * implementations that are satisfied with producing a trusted (i.e. {@link #isAuthenticated()} = true)
* authentication token.
*
* @param principal
diff --git a/core/src/main/java/org/springframework/security/runas/NullRunAsManager.java b/core/src/main/java/org/springframework/security/runas/NullRunAsManager.java
index fbfa5f3690..15ff31d106 100644
--- a/core/src/main/java/org/springframework/security/runas/NullRunAsManager.java
+++ b/core/src/main/java/org/springframework/security/runas/NullRunAsManager.java
@@ -15,15 +15,17 @@
package org.springframework.security.runas;
+import java.util.List;
+
import org.springframework.security.Authentication;
import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.RunAsManager;
/**
- * Implementation of a {@link RunAsManager} that does nothing.
This class should be used if you do not require
- * run-as authenticaiton replacement functionality.
+ * Implementation of a {@link RunAsManager} that does nothing.
+ *
+ * This class should be used if you do not require run-as authentication replacement functionality.
*
* @author Ben Alex
* @version $Id$
@@ -31,7 +33,7 @@ import org.springframework.security.RunAsManager;
public class NullRunAsManager implements RunAsManager {
//~ Methods ========================================================================================================
- public Authentication buildRunAs(Authentication authentication, Object object, ConfigAttributeDefinition config) {
+ public Authentication buildRunAs(Authentication authentication, Object object, List config) {
return null;
}
diff --git a/core/src/main/java/org/springframework/security/runas/RunAsManagerImpl.java b/core/src/main/java/org/springframework/security/runas/RunAsManagerImpl.java
index 1408b13405..2686954fe8 100644
--- a/core/src/main/java/org/springframework/security/runas/RunAsManagerImpl.java
+++ b/core/src/main/java/org/springframework/security/runas/RunAsManagerImpl.java
@@ -15,21 +15,17 @@
package org.springframework.security.runas;
+import java.util.List;
+import java.util.Vector;
+
+import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.Authentication;
import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.RunAsManager;
-
-import org.springframework.beans.factory.InitializingBean;
-
import org.springframework.util.Assert;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Vector;
-
/**
* Basic concrete implementation of a {@link RunAsManager}.
Is activated if any {@link
@@ -39,14 +35,15 @@ import java.util.Vector;
* created GrantedAuthorityImpls will be prefixed with a special prefix indicating that it is a role
* (default prefix value is ROLE_), and then the remainder of the RUN_AS_ keyword. For
* example, RUN_AS_FOO will result in the creation of a granted authority of
- * ROLE_RUN_AS_FOO.
- *
The role prefix may be overriden from the default, to match that used elsewhere, for example when using an
+ * ROLE_RUN_AS_FOO.
+ *
+ * The role prefix may be overriden from the default, to match that used elsewhere, for example when using an
* existing role database with another prefix. An empty role prefix may also be specified. Note however that there are
* potential issues with using an empty role prefix since different categories of {@link
* org.springframework.security.ConfigAttribute} can not be properly discerned based on the prefix, with possible consequences
* when performing voting and other actions. However, this option may be of some use when using preexisting role names
* without a prefix, and no ability exists to prefix them with a role prefix on reading them in, such as provided for
- * example in {@link org.springframework.security.userdetails.jdbc.JdbcDaoImpl}.
+ * example in {@link org.springframework.security.userdetails.jdbc.JdbcDaoImpl}.
*
* @author Ben Alex
* @author colin sampaleanu
@@ -64,13 +61,10 @@ public class RunAsManagerImpl implements RunAsManager, InitializingBean {
Assert.notNull(key, "A Key is required and should match that configured for the RunAsImplAuthenticationProvider");
}
- public Authentication buildRunAs(Authentication authentication, Object object, ConfigAttributeDefinition config) {
+ public Authentication buildRunAs(Authentication authentication, Object object, List config) {
List newAuthorities = new Vector();
- Iterator iter = config.getConfigAttributes().iterator();
-
- while (iter.hasNext()) {
- ConfigAttribute attribute = (ConfigAttribute) iter.next();
+ for(ConfigAttribute attribute : config) {
if (this.supports(attribute)) {
GrantedAuthorityImpl extraAuthority = new GrantedAuthorityImpl(getRolePrefix()
+ attribute.getAttribute());
@@ -80,17 +74,18 @@ public class RunAsManagerImpl implements RunAsManager, InitializingBean {
if (newAuthorities.size() == 0) {
return null;
- } else {
- for (int i = 0; i < authentication.getAuthorities().length; i++) {
- newAuthorities.add(authentication.getAuthorities()[i]);
- }
-
- GrantedAuthority[] resultType = {new GrantedAuthorityImpl("holder")};
- GrantedAuthority[] newAuthoritiesAsArray = (GrantedAuthority[]) newAuthorities.toArray(resultType);
-
- return new RunAsUserToken(this.key, authentication.getPrincipal(), authentication.getCredentials(),
- newAuthoritiesAsArray, authentication.getClass());
}
+
+
+ for (int i = 0; i < authentication.getAuthorities().length; i++) {
+ newAuthorities.add(authentication.getAuthorities()[i]);
+ }
+
+ GrantedAuthority[] resultType = {new GrantedAuthorityImpl("holder")};
+ GrantedAuthority[] newAuthoritiesAsArray = (GrantedAuthority[]) newAuthorities.toArray(resultType);
+
+ return new RunAsUserToken(this.key, authentication.getPrincipal(), authentication.getCredentials(),
+ newAuthoritiesAsArray, authentication.getClass());
}
public String getKey() {
diff --git a/core/src/main/java/org/springframework/security/securechannel/ChannelDecisionManager.java b/core/src/main/java/org/springframework/security/securechannel/ChannelDecisionManager.java
index bb44741eb4..1ccd17081a 100644
--- a/core/src/main/java/org/springframework/security/securechannel/ChannelDecisionManager.java
+++ b/core/src/main/java/org/springframework/security/securechannel/ChannelDecisionManager.java
@@ -16,11 +16,10 @@
package org.springframework.security.securechannel;
import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
-
import org.springframework.security.intercept.web.FilterInvocation;
import java.io.IOException;
+import java.util.List;
import javax.servlet.ServletException;
@@ -36,16 +35,10 @@ public interface ChannelDecisionManager {
/**
* Decided whether the presented {@link FilterInvocation} provides the appropriate level of channel
- * security based on the requested {@link ConfigAttributeDefinition}.
+ * security based on the requested list of ConfigAttributes.
*
- * @param invocation DOCUMENT ME!
- * @param config DOCUMENT ME!
- *
- * @throws IOException DOCUMENT ME!
- * @throws ServletException DOCUMENT ME!
*/
- void decide(FilterInvocation invocation, ConfigAttributeDefinition config)
- throws IOException, ServletException;
+ void decide(FilterInvocation invocation, List config) throws IOException, ServletException;
/**
* Indicates whether this ChannelDecisionManager is able to process the passed
diff --git a/core/src/main/java/org/springframework/security/securechannel/ChannelDecisionManagerImpl.java b/core/src/main/java/org/springframework/security/securechannel/ChannelDecisionManagerImpl.java
index 320909a895..99345ffe60 100644
--- a/core/src/main/java/org/springframework/security/securechannel/ChannelDecisionManagerImpl.java
+++ b/core/src/main/java/org/springframework/security/securechannel/ChannelDecisionManagerImpl.java
@@ -16,7 +16,6 @@
package org.springframework.security.securechannel;
import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.intercept.web.FilterInvocation;
@@ -65,15 +64,15 @@ public class ChannelDecisionManagerImpl implements ChannelDecisionManager, Initi
Assert.notEmpty(listToCheck, "A list of ChannelProcessors is required");
}
- public void decide(FilterInvocation invocation, ConfigAttributeDefinition config)
+ public void decide(FilterInvocation invocation, List config)
throws IOException, ServletException {
- Iterator attrs = config.getConfigAttributes().iterator();
+ Iterator attrs = config.iterator();
while (attrs.hasNext()) {
- ConfigAttribute attribute = (ConfigAttribute) attrs.next();
- if (ANY_CHANNEL.equals(attribute.getAttribute())) {
- return;
+ ConfigAttribute attribute = (ConfigAttribute) attrs.next();
+ if (ANY_CHANNEL.equals(attribute.getAttribute())) {
+ return;
}
}
diff --git a/core/src/main/java/org/springframework/security/securechannel/ChannelProcessingFilter.java b/core/src/main/java/org/springframework/security/securechannel/ChannelProcessingFilter.java
index cdc117839a..6025f3af87 100644
--- a/core/src/main/java/org/springframework/security/securechannel/ChannelProcessingFilter.java
+++ b/core/src/main/java/org/springframework/security/securechannel/ChannelProcessingFilter.java
@@ -15,25 +15,24 @@
package org.springframework.security.securechannel;
-import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
-import org.springframework.security.intercept.web.FilterInvocation;
-import org.springframework.security.intercept.web.FilterInvocationDefinitionSource;
-import org.springframework.security.ui.SpringSecurityFilter;
-import org.springframework.security.ui.FilterChainOrder;
-import org.springframework.beans.factory.InitializingBean;
-import org.springframework.util.Assert;
+import java.io.IOException;
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Set;
-import java.util.Collection;
+
+import org.springframework.beans.factory.InitializingBean;
+import org.springframework.security.ConfigAttribute;
+import org.springframework.security.intercept.web.FilterInvocation;
+import org.springframework.security.intercept.web.FilterInvocationDefinitionSource;
+import org.springframework.security.ui.FilterChainOrder;
+import org.springframework.security.ui.SpringSecurityFilter;
+import org.springframework.util.Assert;
/**
@@ -60,12 +59,12 @@ public class ChannelProcessingFilter extends SpringSecurityFilter implements Ini
Assert.notNull(filterInvocationDefinitionSource, "filterInvocationDefinitionSource must be specified");
Assert.notNull(channelDecisionManager, "channelDecisionManager must be specified");
- Collection> attrDefs = this.filterInvocationDefinitionSource.getConfigAttributeDefinitions();
+ Collection> attrDefs = this.filterInvocationDefinitionSource.getAllConfigAttributes();
if (attrDefs == null) {
if (logger.isWarnEnabled()) {
logger.warn("Could not validate configuration attributes as the FilterInvocationDefinitionSource did "
- + "not return a ConfigAttributeDefinition Iterator");
+ + "not return any attributes");
}
return;
@@ -91,17 +90,17 @@ public class ChannelProcessingFilter extends SpringSecurityFilter implements Ini
}
public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
- throws IOException, ServletException {
+ throws IOException, ServletException {
FilterInvocation fi = new FilterInvocation(request, response, chain);
- List attr = this.filterInvocationDefinitionSource.getAttributes(fi);
+ List attr = this.filterInvocationDefinitionSource.getAttributes(fi);
if (attr != null) {
if (logger.isDebugEnabled()) {
logger.debug("Request: " + fi.toString() + "; ConfigAttributes: " + attr);
}
- channelDecisionManager.decide(fi, new ConfigAttributeDefinition(attr));
+ channelDecisionManager.decide(fi, attr);
if (fi.getResponse().isCommitted()) {
return;
diff --git a/core/src/main/java/org/springframework/security/securechannel/ChannelProcessor.java b/core/src/main/java/org/springframework/security/securechannel/ChannelProcessor.java
index b7df11f7a3..6fdcb81f1c 100644
--- a/core/src/main/java/org/springframework/security/securechannel/ChannelProcessor.java
+++ b/core/src/main/java/org/springframework/security/securechannel/ChannelProcessor.java
@@ -16,11 +16,10 @@
package org.springframework.security.securechannel;
import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
-
import org.springframework.security.intercept.web.FilterInvocation;
import java.io.IOException;
+import java.util.List;
import javax.servlet.ServletException;
@@ -47,15 +46,10 @@ public interface ChannelProcessor {
/**
* Decided whether the presented {@link FilterInvocation} provides the appropriate level of channel
- * security based on the requested {@link ConfigAttributeDefinition}.
+ * security based on the requested list of ConfigAttributes.
*
- * @param invocation DOCUMENT ME!
- * @param config DOCUMENT ME!
- *
- * @throws IOException DOCUMENT ME!
- * @throws ServletException DOCUMENT ME!
*/
- void decide(FilterInvocation invocation, ConfigAttributeDefinition config)
+ void decide(FilterInvocation invocation, List config)
throws IOException, ServletException;
/**
diff --git a/core/src/main/java/org/springframework/security/securechannel/InsecureChannelProcessor.java b/core/src/main/java/org/springframework/security/securechannel/InsecureChannelProcessor.java
index c6981a944c..f7cbdb01ea 100644
--- a/core/src/main/java/org/springframework/security/securechannel/InsecureChannelProcessor.java
+++ b/core/src/main/java/org/springframework/security/securechannel/InsecureChannelProcessor.java
@@ -16,7 +16,6 @@
package org.springframework.security.securechannel;
import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.intercept.web.FilterInvocation;
@@ -27,6 +26,7 @@ import org.springframework.util.Assert;
import java.io.IOException;
import java.util.Iterator;
+import java.util.List;
import javax.servlet.ServletException;
@@ -55,13 +55,13 @@ public class InsecureChannelProcessor implements InitializingBean, ChannelProces
Assert.notNull(entryPoint, "entryPoint required");
}
- public void decide(FilterInvocation invocation, ConfigAttributeDefinition config)
+ public void decide(FilterInvocation invocation, List config)
throws IOException, ServletException {
if ((invocation == null) || (config == null)) {
throw new IllegalArgumentException("Nulls cannot be provided");
}
- Iterator iter = config.getConfigAttributes().iterator();
+ Iterator iter = config.iterator();
while (iter.hasNext()) {
ConfigAttribute attribute = (ConfigAttribute) iter.next();
diff --git a/core/src/main/java/org/springframework/security/securechannel/SecureChannelProcessor.java b/core/src/main/java/org/springframework/security/securechannel/SecureChannelProcessor.java
index c896dcaf3f..2d538d3641 100644
--- a/core/src/main/java/org/springframework/security/securechannel/SecureChannelProcessor.java
+++ b/core/src/main/java/org/springframework/security/securechannel/SecureChannelProcessor.java
@@ -16,7 +16,6 @@
package org.springframework.security.securechannel;
import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.intercept.web.FilterInvocation;
@@ -27,6 +26,7 @@ import org.springframework.util.Assert;
import java.io.IOException;
import java.util.Iterator;
+import java.util.List;
import javax.servlet.ServletException;
@@ -55,11 +55,11 @@ public class SecureChannelProcessor implements InitializingBean, ChannelProcesso
Assert.notNull(entryPoint, "entryPoint required");
}
- public void decide(FilterInvocation invocation, ConfigAttributeDefinition config)
+ public void decide(FilterInvocation invocation, List config)
throws IOException, ServletException {
Assert.isTrue((invocation != null) && (config != null), "Nulls cannot be provided");
- Iterator iter = config.getConfigAttributes().iterator();
+ Iterator iter = config.iterator();
while (iter.hasNext()) {
ConfigAttribute attribute = (ConfigAttribute) iter.next();
diff --git a/core/src/main/java/org/springframework/security/vote/AbstractAccessDecisionManager.java b/core/src/main/java/org/springframework/security/vote/AbstractAccessDecisionManager.java
index cdb75a5647..0026f7c159 100644
--- a/core/src/main/java/org/springframework/security/vote/AbstractAccessDecisionManager.java
+++ b/core/src/main/java/org/springframework/security/vote/AbstractAccessDecisionManager.java
@@ -60,7 +60,7 @@ public abstract class AbstractAccessDecisionManager implements AccessDecisionMan
}
}
- public List getDecisionVoters() {
+ public List getDecisionVoters() {
return this.decisionVoters;
}
diff --git a/core/src/main/java/org/springframework/security/vote/AccessDecisionVoter.java b/core/src/main/java/org/springframework/security/vote/AccessDecisionVoter.java
index 0ad672258b..ade4b459d9 100644
--- a/core/src/main/java/org/springframework/security/vote/AccessDecisionVoter.java
+++ b/core/src/main/java/org/springframework/security/vote/AccessDecisionVoter.java
@@ -15,9 +15,10 @@
package org.springframework.security.vote;
+import java.util.List;
+
import org.springframework.security.Authentication;
import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
/**
@@ -83,9 +84,9 @@ public interface AccessDecisionVoter {
*
* @param authentication the caller invoking the method
* @param object the secured object
- * @param config the configuration attributes associated with the method being invoked
+ * @param attributes the configuration attributes associated with the method being invoked
*
* @return either {@link #ACCESS_GRANTED}, {@link #ACCESS_ABSTAIN} or {@link #ACCESS_DENIED}
*/
- int vote(Authentication authentication, Object object, ConfigAttributeDefinition config);
+ int vote(Authentication authentication, Object object, List attributes);
}
diff --git a/core/src/main/java/org/springframework/security/vote/AffirmativeBased.java b/core/src/main/java/org/springframework/security/vote/AffirmativeBased.java
index 7b8a5900ce..e836e01f76 100644
--- a/core/src/main/java/org/springframework/security/vote/AffirmativeBased.java
+++ b/core/src/main/java/org/springframework/security/vote/AffirmativeBased.java
@@ -17,9 +17,10 @@ package org.springframework.security.vote;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.Authentication;
-import org.springframework.security.ConfigAttributeDefinition;
+import org.springframework.security.ConfigAttribute;
import java.util.Iterator;
+import java.util.List;
/**
@@ -37,18 +38,18 @@ public class AffirmativeBased extends AbstractAccessDecisionManager {
*
* @param authentication the caller invoking the method
* @param object the secured object
- * @param config the configuration attributes associated with the method being invoked
+ * @param configAttributes the configuration attributes associated with the method being invoked
*
* @throws AccessDeniedException if access is denied
*/
- public void decide(Authentication authentication, Object object, ConfigAttributeDefinition config)
- throws AccessDeniedException {
+ public void decide(Authentication authentication, Object object, List configAttributes)
+ throws AccessDeniedException {
Iterator iter = this.getDecisionVoters().iterator();
int deny = 0;
while (iter.hasNext()) {
AccessDecisionVoter voter = (AccessDecisionVoter) iter.next();
- int result = voter.vote(authentication, object, config);
+ int result = voter.vote(authentication, object, configAttributes);
switch (result) {
case AccessDecisionVoter.ACCESS_GRANTED:
diff --git a/core/src/main/java/org/springframework/security/vote/AuthenticatedVoter.java b/core/src/main/java/org/springframework/security/vote/AuthenticatedVoter.java
index 9f83cdddd2..e8bb2824fa 100644
--- a/core/src/main/java/org/springframework/security/vote/AuthenticatedVoter.java
+++ b/core/src/main/java/org/springframework/security/vote/AuthenticatedVoter.java
@@ -19,24 +19,26 @@ import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationTrustResolver;
import org.springframework.security.AuthenticationTrustResolverImpl;
import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.util.Assert;
import java.util.Iterator;
+import java.util.List;
/**
- *
Votes if a {@link ConfigAttribute#getAttribute()} of IS_AUTHENTICATED_FULLY or
+ * Votes if a {@link ConfigAttribute#getAttribute()} of IS_AUTHENTICATED_FULLY or
* IS_AUTHENTICATED_REMEMBERED or IS_AUTHENTICATED_ANONYMOUSLY is present. This list is in
- * order of most strict checking to least strict checking.
- *
The current Authentication will be inspected to determine if the principal has a particular
- * level of authentication. The "FULLY" authenticated option means the user is authenticated fully (ie {@link
+ * order of most strict checking to least strict checking.
+ *
+ * The current Authentication will be inspected to determine if the principal has a particular
+ * level of authentication. The "FULLY" authenticated option means the user is authenticated fully (i.e. {@link
* org.springframework.security.AuthenticationTrustResolver#isAnonymous(Authentication)} is false and {@link
- * org.springframework.security.AuthenticationTrustResolver#isRememberMe(Authentication)} is false. The "REMEMBERED" will grant
+ * org.springframework.security.AuthenticationTrustResolver#isRememberMe(Authentication)} is false). The "REMEMBERED" will grant
* access if the principal was either authenticated via remember-me OR is fully authenticated. The "ANONYMOUSLY" will
- * grant access if the principal was authenticated via remember-me, OR anonymously, OR via full authentication.
- *
All comparisons and prefixes are case sensitive.
+ * grant access if the principal was authenticated via remember-me, OR anonymously, OR via full authentication.
+ *
+ * All comparisons and prefixes are case sensitive.
*
* @author Ben Alex
* @version $Id$
@@ -54,8 +56,8 @@ public class AuthenticatedVoter implements AccessDecisionVoter {
//~ Methods ========================================================================================================
private boolean isFullyAuthenticated(Authentication authentication) {
- return (!authenticationTrustResolver.isAnonymous(authentication)
- && !authenticationTrustResolver.isRememberMe(authentication));
+ return (!authenticationTrustResolver.isAnonymous(authentication) &&
+ !authenticationTrustResolver.isRememberMe(authentication));
}
public void setAuthenticationTrustResolver(AuthenticationTrustResolver authenticationTrustResolver) {
@@ -85,9 +87,9 @@ public class AuthenticatedVoter implements AccessDecisionVoter {
return true;
}
- public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config) {
+ public int vote(Authentication authentication, Object object, List attributes) {
int result = ACCESS_ABSTAIN;
- Iterator iter = config.getConfigAttributes().iterator();
+ Iterator iter = attributes.iterator();
while (iter.hasNext()) {
ConfigAttribute attribute = (ConfigAttribute) iter.next();
diff --git a/core/src/main/java/org/springframework/security/vote/BasicAclEntryVoter.java b/core/src/main/java/org/springframework/security/vote/BasicAclEntryVoter.java
index 8cdc7dae21..8f6b3078dc 100644
--- a/core/src/main/java/org/springframework/security/vote/BasicAclEntryVoter.java
+++ b/core/src/main/java/org/springframework/security/vote/BasicAclEntryVoter.java
@@ -18,7 +18,6 @@ package org.springframework.security.vote;
import org.springframework.security.Authentication;
import org.springframework.security.AuthorizationServiceException;
import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.acl.AclEntry;
import org.springframework.security.acl.AclManager;
@@ -36,6 +35,7 @@ import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.util.Iterator;
+import java.util.List;
/**
@@ -163,8 +163,8 @@ public class BasicAclEntryVoter extends AbstractAclVoter implements Initializing
}
}
- public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config) {
- Iterator iter = config.getConfigAttributes().iterator();
+ public int vote(Authentication authentication, Object object, List attributes) {
+ Iterator iter = attributes.iterator();
while (iter.hasNext()) {
ConfigAttribute attr = (ConfigAttribute) iter.next();
diff --git a/core/src/main/java/org/springframework/security/vote/ConsensusBased.java b/core/src/main/java/org/springframework/security/vote/ConsensusBased.java
index 2aa1bd628f..a021ba694f 100644
--- a/core/src/main/java/org/springframework/security/vote/ConsensusBased.java
+++ b/core/src/main/java/org/springframework/security/vote/ConsensusBased.java
@@ -17,9 +17,10 @@ package org.springframework.security.vote;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.Authentication;
-import org.springframework.security.ConfigAttributeDefinition;
+import org.springframework.security.ConfigAttribute;
import java.util.Iterator;
+import java.util.List;
/**
@@ -43,11 +44,11 @@ public class ConsensusBased extends AbstractAccessDecisionManager {
*
* @param authentication the caller invoking the method
* @param object the secured object
- * @param config the configuration attributes associated with the method being invoked
+ * @param configAttributes the configuration attributes associated with the method being invoked
*
* @throws AccessDeniedException if access is denied
*/
- public void decide(Authentication authentication, Object object, ConfigAttributeDefinition config)
+ public void decide(Authentication authentication, Object object, List configAttributes)
throws AccessDeniedException {
Iterator iter = this.getDecisionVoters().iterator();
int grant = 0;
@@ -56,7 +57,7 @@ public class ConsensusBased extends AbstractAccessDecisionManager {
while (iter.hasNext()) {
AccessDecisionVoter voter = (AccessDecisionVoter) iter.next();
- int result = voter.vote(authentication, object, config);
+ int result = voter.vote(authentication, object, configAttributes);
switch (result) {
case AccessDecisionVoter.ACCESS_GRANTED:
diff --git a/core/src/main/java/org/springframework/security/vote/LabelBasedAclVoter.java b/core/src/main/java/org/springframework/security/vote/LabelBasedAclVoter.java
index 18281768da..be0787376f 100644
--- a/core/src/main/java/org/springframework/security/vote/LabelBasedAclVoter.java
+++ b/core/src/main/java/org/springframework/security/vote/LabelBasedAclVoter.java
@@ -16,7 +16,6 @@ package org.springframework.security.vote;
import org.springframework.security.Authentication;
import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
import org.aopalliance.intercept.MethodInvocation;
@@ -170,20 +169,16 @@ public class LabelBasedAclVoter extends AbstractAclVoter {
* Vote on whether or not the user has all the labels necessary to match the method argument's labeled
* data.
*
- * @param authentication DOCUMENT ME!
- * @param object DOCUMENT ME!
- * @param config DOCUMENT ME!
- *
* @return ACCESS_ABSTAIN, ACCESS_GRANTED, or ACCESS_DENIED.
*/
- public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config) {
+ public int vote(Authentication authentication, Object object, List attributes) {
int result = ACCESS_ABSTAIN;
if (logger.isDebugEnabled()) {
logger.debug("==========================================================");
}
- if (this.supports((ConfigAttribute) config.getConfigAttributes().iterator().next())) {
+ if (this.supports((ConfigAttribute) attributes.iterator().next())) {
result = ACCESS_DENIED;
/* Parse out the user's labels by examining the security context, and checking
diff --git a/core/src/main/java/org/springframework/security/vote/RoleVoter.java b/core/src/main/java/org/springframework/security/vote/RoleVoter.java
index ddddbcf2e6..01f7cd18bd 100644
--- a/core/src/main/java/org/springframework/security/vote/RoleVoter.java
+++ b/core/src/main/java/org/springframework/security/vote/RoleVoter.java
@@ -16,10 +16,10 @@
package org.springframework.security.vote;
import java.util.Iterator;
+import java.util.List;
import org.springframework.security.Authentication;
import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.GrantedAuthority;
/**
@@ -92,10 +92,10 @@ public class RoleVoter implements AccessDecisionVoter {
return true;
}
- public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config) {
+ public int vote(Authentication authentication, Object object, List attributes) {
int result = ACCESS_ABSTAIN;
- Iterator iter = config.getConfigAttributes().iterator();
- GrantedAuthority[] authorities = extractAuthorities(authentication);
+ Iterator iter = attributes.iterator();
+ GrantedAuthority[] authorities = extractAuthorities(authentication);
while (iter.hasNext()) {
ConfigAttribute attribute = (ConfigAttribute) iter.next();
@@ -114,8 +114,8 @@ public class RoleVoter implements AccessDecisionVoter {
return result;
}
-
+
GrantedAuthority[] extractAuthorities(Authentication authentication) {
- return authentication.getAuthorities();
+ return authentication.getAuthorities();
}
}
diff --git a/core/src/main/java/org/springframework/security/vote/UnanimousBased.java b/core/src/main/java/org/springframework/security/vote/UnanimousBased.java
index c8763dd76c..fa7fe7375b 100644
--- a/core/src/main/java/org/springframework/security/vote/UnanimousBased.java
+++ b/core/src/main/java/org/springframework/security/vote/UnanimousBased.java
@@ -15,17 +15,17 @@
package org.springframework.security.vote;
+import java.util.ArrayList;
+import java.util.List;
+
import org.springframework.security.AccessDeniedException;
import org.springframework.security.Authentication;
import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
-
-import java.util.Iterator;
/**
- * Simple concrete implementation of {@link org.springframework.security.AccessDecisionManager} that requires all voters to
- * abstain or grant access.
+ * Simple concrete implementation of {@link org.springframework.security.AccessDecisionManager} that requires all
+ * voters to abstain or grant access.
*/
public class UnanimousBased extends AbstractAccessDecisionManager {
//~ Methods ========================================================================================================
@@ -34,35 +34,33 @@ public class UnanimousBased extends AbstractAccessDecisionManager {
* This concrete implementation polls all configured {@link AccessDecisionVoter}s for each {@link
* ConfigAttribute} and grants access if only grant votes were received.
*
- * Other voting implementations usually pass the entire list of {@link ConfigAttributeDefinition}s to the
+ * Other voting implementations usually pass the entire list of ConfigAttributes to the
* AccessDecisionVoter. This implementation differs in that each AccessDecisionVoter
- * knows only about a single ConfigAttribute at a time.
- *
If every AccessDecisionVoter abstained from voting, the decision will be based on the
- * {@link #isAllowIfAllAbstainDecisions()} property (defaults to false).
+ * knows only about a single ConfigAttribute at a time.
+ *
+ * If every AccessDecisionVoter abstained from voting, the decision will be based on the
+ * {@link #isAllowIfAllAbstainDecisions()} property (defaults to false).
*
* @param authentication the caller invoking the method
* @param object the secured object
- * @param config the configuration attributes associated with the method being invoked
+ * @param attributes the configuration attributes associated with the method being invoked
*
* @throws AccessDeniedException if access is denied
*/
- public void decide(Authentication authentication, Object object, ConfigAttributeDefinition config)
+ public void decide(Authentication authentication, Object object, List attributes)
throws AccessDeniedException {
int grant = 0;
int abstain = 0;
- Iterator configIter = config.getConfigAttributes().iterator();
+ List singleAttributeList = new ArrayList(1);
+ singleAttributeList.add(null);
- while (configIter.hasNext()) {
- ConfigAttributeDefinition singleAttrDef =
- new ConfigAttributeDefinition((ConfigAttribute) configIter.next());
+ for (ConfigAttribute attribute : attributes) {
+ singleAttributeList.set(0, attribute);
- Iterator voters = this.getDecisionVoters().iterator();
-
- while (voters.hasNext()) {
- AccessDecisionVoter voter = (AccessDecisionVoter) voters.next();
- int result = voter.vote(authentication, object, singleAttrDef);
+ for(AccessDecisionVoter voter : getDecisionVoters()) {
+ int result = voter.vote(authentication, object, singleAttributeList);
switch (result) {
case AccessDecisionVoter.ACCESS_GRANTED:
diff --git a/core/src/test/java/org/springframework/security/MockAccessDecisionManager.java b/core/src/test/java/org/springframework/security/MockAccessDecisionManager.java
index dfcf187739..a41d68e03d 100644
--- a/core/src/test/java/org/springframework/security/MockAccessDecisionManager.java
+++ b/core/src/test/java/org/springframework/security/MockAccessDecisionManager.java
@@ -16,6 +16,7 @@
package org.springframework.security;
import java.util.Iterator;
+import java.util.List;
/**
@@ -28,13 +29,10 @@ import java.util.Iterator;
public class MockAccessDecisionManager implements AccessDecisionManager {
//~ Methods ========================================================================================================
- public void decide(Authentication authentication, Object object, ConfigAttributeDefinition config)
- throws AccessDeniedException {
- Iterator iter = config.getConfigAttributes().iterator();
-
- while (iter.hasNext()) {
- ConfigAttribute attr = (ConfigAttribute) iter.next();
+ public void decide(Authentication authentication, Object object, List configAttributes)
+ throws AccessDeniedException {
+ for(ConfigAttribute attr : configAttributes) {
if (this.supports(attr)) {
for (int i = 0; i < authentication.getAuthorities().length; i++) {
if (attr.getAttribute().equals(authentication.getAuthorities()[i].getAuthority())) {
diff --git a/core/src/test/java/org/springframework/security/MockAfterInvocationManager.java b/core/src/test/java/org/springframework/security/MockAfterInvocationManager.java
index c5a0168b36..847e197da0 100644
--- a/core/src/test/java/org/springframework/security/MockAfterInvocationManager.java
+++ b/core/src/test/java/org/springframework/security/MockAfterInvocationManager.java
@@ -16,6 +16,7 @@
package org.springframework.security;
import java.util.Iterator;
+import java.util.List;
/**
@@ -27,9 +28,9 @@ import java.util.Iterator;
public class MockAfterInvocationManager implements AfterInvocationManager {
//~ Methods ========================================================================================================
- public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
+ public Object decide(Authentication authentication, Object object, List config,
Object returnedObject) throws AccessDeniedException {
- Iterator iter = config.getConfigAttributes().iterator();
+ Iterator iter = config.iterator();
while (iter.hasNext()) {
ConfigAttribute attr = (ConfigAttribute) iter.next();
diff --git a/core/src/test/java/org/springframework/security/MockRunAsManager.java b/core/src/test/java/org/springframework/security/MockRunAsManager.java
index dd4a7eb058..436a04fa05 100644
--- a/core/src/test/java/org/springframework/security/MockRunAsManager.java
+++ b/core/src/test/java/org/springframework/security/MockRunAsManager.java
@@ -16,6 +16,7 @@
package org.springframework.security;
import java.util.Iterator;
+import java.util.List;
/**
@@ -28,8 +29,8 @@ import java.util.Iterator;
public class MockRunAsManager implements RunAsManager {
//~ Methods ========================================================================================================
- public Authentication buildRunAs(Authentication authentication, Object object, ConfigAttributeDefinition config) {
- Iterator iter = config.getConfigAttributes().iterator();
+ public Authentication buildRunAs(Authentication authentication, Object object, List config) {
+ Iterator iter = config.iterator();
while (iter.hasNext()) {
ConfigAttribute attr = (ConfigAttribute) iter.next();
diff --git a/core/src/test/java/org/springframework/security/afterinvocation/AfterInvocationProviderManagerTests.java b/core/src/test/java/org/springframework/security/afterinvocation/AfterInvocationProviderManagerTests.java
index 293ba010ac..efdca4d41a 100644
--- a/core/src/test/java/org/springframework/security/afterinvocation/AfterInvocationProviderManagerTests.java
+++ b/core/src/test/java/org/springframework/security/afterinvocation/AfterInvocationProviderManagerTests.java
@@ -15,23 +15,19 @@
package org.springframework.security.afterinvocation;
+import java.util.List;
+import java.util.Vector;
+
import junit.framework.TestCase;
+import org.aopalliance.intercept.MethodInvocation;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.Authentication;
import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.SecurityConfig;
-
import org.springframework.security.intercept.web.FilterInvocation;
-
import org.springframework.security.util.SimpleMethodInvocation;
-import org.aopalliance.intercept.MethodInvocation;
-
-import java.util.List;
-import java.util.Vector;
-
/**
* Tests {@link AfterInvocationProviderManager}.
@@ -62,11 +58,11 @@ public class AfterInvocationProviderManagerTests extends TestCase {
assertEquals(list, manager.getProviders());
manager.afterPropertiesSet();
- ConfigAttributeDefinition attr1 = new ConfigAttributeDefinition(new String[] {"GIVE_ME_SWAP1"});
- ConfigAttributeDefinition attr2 = new ConfigAttributeDefinition(new String[] {"GIVE_ME_SWAP2"});
- ConfigAttributeDefinition attr3 = new ConfigAttributeDefinition(new String[] {"GIVE_ME_SWAP3"});
- ConfigAttributeDefinition attr2and3 = new ConfigAttributeDefinition(new String[] {"GIVE_ME_SWAP2","GIVE_ME_SWAP3"});
- ConfigAttributeDefinition attr4 = new ConfigAttributeDefinition(new String[] {"NEVER_CAUSES_SWAP"});
+ List attr1 = SecurityConfig.createList(new String[] {"GIVE_ME_SWAP1"});
+ List attr2 = SecurityConfig.createList(new String[] {"GIVE_ME_SWAP2"});
+ List attr3 = SecurityConfig.createList(new String[] {"GIVE_ME_SWAP3"});
+ List attr2and3 = SecurityConfig.createList(new String[] {"GIVE_ME_SWAP2","GIVE_ME_SWAP3"});
+ List attr4 = SecurityConfig.createList(new String[] {"NEVER_CAUSES_SWAP"});
assertEquals("swap1", manager.decide(null, new SimpleMethodInvocation(), attr1, "content-before-swapping"));
@@ -162,7 +158,7 @@ public class AfterInvocationProviderManagerTests extends TestCase {
this.configAttribute = configAttribute;
}
- public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
+ public Object decide(Authentication authentication, Object object, List config,
Object returnedObject) throws AccessDeniedException {
if (config.contains(configAttribute)) {
return forceReturnObject;
diff --git a/core/src/test/java/org/springframework/security/afterinvocation/BasicAclEntryAfterInvocationCollectionFilteringProviderTests.java b/core/src/test/java/org/springframework/security/afterinvocation/BasicAclEntryAfterInvocationCollectionFilteringProviderTests.java
index c28d446d2c..351d734939 100644
--- a/core/src/test/java/org/springframework/security/afterinvocation/BasicAclEntryAfterInvocationCollectionFilteringProviderTests.java
+++ b/core/src/test/java/org/springframework/security/afterinvocation/BasicAclEntryAfterInvocationCollectionFilteringProviderTests.java
@@ -15,23 +15,22 @@
package org.springframework.security.afterinvocation;
+import java.util.List;
+import java.util.Vector;
+
import junit.framework.TestCase;
import org.springframework.security.AuthorizationServiceException;
-import org.springframework.security.ConfigAttributeDefinition;
+import org.springframework.security.ConfigAttribute;
import org.springframework.security.MockAclManager;
+import org.springframework.security.SecurityConfig;
import org.springframework.security.acl.AclEntry;
import org.springframework.security.acl.AclManager;
import org.springframework.security.acl.basic.MockAclObjectIdentity;
import org.springframework.security.acl.basic.SimpleAclEntry;
-
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
-
import org.springframework.security.util.SimpleMethodInvocation;
-import java.util.List;
-import java.util.Vector;
-
/**
* Tests {@link BasicAclEntryAfterInvocationCollectionFilteringProvider}.
@@ -73,10 +72,10 @@ public class BasicAclEntryAfterInvocationCollectionFilteringProviderTests extend
// Create the Authentication and Config Attribs we'll be presenting
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("scott", "NOT_USED");
- ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_COLLECTION_READ");
// Filter
- List filteredList = (List) provider.decide(auth, new SimpleMethodInvocation(), attr, list);
+ List filteredList = (List) provider.decide(auth, new SimpleMethodInvocation(),
+ SecurityConfig.createList("AFTER_ACL_COLLECTION_READ"), list);
assertEquals(0, filteredList.size());
}
@@ -106,7 +105,7 @@ public class BasicAclEntryAfterInvocationCollectionFilteringProviderTests extend
// Create the Authentication and Config Attribs we'll be presenting
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("scott", "NOT_USED");
- ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_COLLECTION_READ");
+ List attr = SecurityConfig.createList("AFTER_ACL_COLLECTION_READ");
// Filter
List filteredList = (List) provider.decide(auth, new SimpleMethodInvocation(), attr, list);
@@ -140,7 +139,7 @@ public class BasicAclEntryAfterInvocationCollectionFilteringProviderTests extend
// Create the Authentication and Config Attribs we'll be presenting
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("rod", "NOT_USED");
- ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_COLLECTION_READ");
+ List attr = SecurityConfig.createList("AFTER_ACL_COLLECTION_READ");
// Filter
List filteredList = (List) provider.decide(auth, new SimpleMethodInvocation(), attr, list);
@@ -175,7 +174,7 @@ public class BasicAclEntryAfterInvocationCollectionFilteringProviderTests extend
// Create the Authentication and Config Attribs we'll be presenting
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("rod", "NOT_USED");
- ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_COLLECTION_READ");
+ List attr = SecurityConfig.createList("AFTER_ACL_COLLECTION_READ");
// Filter
String[] filteredList = (String[]) provider.decide(auth, new SimpleMethodInvocation(), attr, list);
@@ -201,7 +200,7 @@ public class BasicAclEntryAfterInvocationCollectionFilteringProviderTests extend
// Create the Authentication and Config Attribs we'll be presenting
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("rod", "NOT_USED");
- ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_COLLECTION_READ");
+ List attr = SecurityConfig.createList("AFTER_ACL_COLLECTION_READ");
// Filter
try {
@@ -229,7 +228,7 @@ public class BasicAclEntryAfterInvocationCollectionFilteringProviderTests extend
// Create the Authentication and Config Attribs we'll be presenting
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("rod", "NOT_USED");
- ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_COLLECTION_READ");
+ List attr = SecurityConfig.createList("AFTER_ACL_COLLECTION_READ");
// Filter
List filteredList = (List) provider.decide(auth, new SimpleMethodInvocation(), attr, null);
@@ -262,14 +261,13 @@ public class BasicAclEntryAfterInvocationCollectionFilteringProviderTests extend
// Create the Authentication and Config Attribs we'll be presenting
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("rod", "NOT_USED");
- ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_COLLECTION_READ");
+ List attr = SecurityConfig.createList("AFTER_ACL_COLLECTION_READ");
// As no matching config attrib, ensure provider doesn't change list
assertEquals(4, ((List) provider.decide(auth, new SimpleMethodInvocation(), attr, list)).size());
// Filter, this time with the conf attrib provider setup to answer
- attr = new ConfigAttributeDefinition("AFTER_ACL_COLLECTION_ADMIN");
- //attr.addConfigAttribute(new SecurityConfig("AFTER_ACL_COLLECTION_ADMIN"));
+ attr = SecurityConfig.createList("AFTER_ACL_COLLECTION_ADMIN");
List filteredList = (List) provider.decide(auth, new SimpleMethodInvocation(), attr, list);
@@ -303,7 +301,7 @@ public class BasicAclEntryAfterInvocationCollectionFilteringProviderTests extend
// Create the Authentication and Config Attribs we'll be presenting
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("rod", "NOT_USED");
- ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_COLLECTION_READ");
+ List attr = SecurityConfig.createList("AFTER_ACL_COLLECTION_READ");
// Filter
List filteredList = (List) provider.decide(auth, new SimpleMethodInvocation(), attr, list);
diff --git a/core/src/test/java/org/springframework/security/afterinvocation/BasicAclEntryAfterInvocationProviderTests.java b/core/src/test/java/org/springframework/security/afterinvocation/BasicAclEntryAfterInvocationProviderTests.java
index 79dac10452..57920c9d3a 100644
--- a/core/src/test/java/org/springframework/security/afterinvocation/BasicAclEntryAfterInvocationProviderTests.java
+++ b/core/src/test/java/org/springframework/security/afterinvocation/BasicAclEntryAfterInvocationProviderTests.java
@@ -15,11 +15,15 @@
package org.springframework.security.afterinvocation;
+import java.util.List;
+
import junit.framework.TestCase;
import org.springframework.security.AccessDeniedException;
+import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.MockAclManager;
+import org.springframework.security.SecurityConfig;
import org.springframework.security.acl.AclEntry;
import org.springframework.security.acl.AclManager;
import org.springframework.security.acl.basic.MockAclObjectIdentity;
@@ -54,7 +58,7 @@ public class BasicAclEntryAfterInvocationProviderTests extends TestCase {
// Create the Authentication and Config Attribs we'll be presenting
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("scott", "NOT_USED");
- ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_READ");
+ List attr = SecurityConfig.createList("AFTER_ACL_READ");
try {
provider.decide(auth, new SimpleMethodInvocation(), attr, "belmont");
@@ -81,7 +85,7 @@ public class BasicAclEntryAfterInvocationProviderTests extends TestCase {
// Create the Authentication and Config Attribs we'll be presenting
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("scott", "NOT_USED");
- ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_READ");
+ List attr = SecurityConfig.createList("AFTER_ACL_READ");
try {
provider.decide(auth, new SimpleMethodInvocation(), attr, "belmont");
@@ -109,7 +113,7 @@ public class BasicAclEntryAfterInvocationProviderTests extends TestCase {
// Create the Authentication and Config Attribs we'll be presenting
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("rod", "NOT_USED");
- ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_READ");
+ List attr = SecurityConfig.createList("AFTER_ACL_READ");
// Filter
assertEquals("belmont", provider.decide(auth, new SimpleMethodInvocation(), attr, "belmont"));
@@ -132,7 +136,7 @@ public class BasicAclEntryAfterInvocationProviderTests extends TestCase {
// Create the Authentication and Config Attribs we'll be presenting
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("rod", "NOT_USED");
- ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_READ");
+ List attr = SecurityConfig.createList("AFTER_ACL_READ");
// Filter
assertNull(provider.decide(auth, new SimpleMethodInvocation(), attr, null));
@@ -156,13 +160,13 @@ public class BasicAclEntryAfterInvocationProviderTests extends TestCase {
// Create the Authentication and Config Attribs we'll be presenting
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("rod", "NOT_USED");
- ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_READ");
+ List attr = SecurityConfig.createList("AFTER_ACL_READ");
// As no matching config attrib, ensure provider returns original obj
assertEquals("sydney", provider.decide(auth, new SimpleMethodInvocation(), attr, "sydney"));
// Filter, this time with the conf attrib provider setup to answer
- attr = new ConfigAttributeDefinition("AFTER_ACL_ADMIN");
+ attr = SecurityConfig.createList("AFTER_ACL_ADMIN");
assertEquals("sydney", provider.decide(auth, new SimpleMethodInvocation(), attr, "sydney"));
}
@@ -184,7 +188,7 @@ public class BasicAclEntryAfterInvocationProviderTests extends TestCase {
// Create the Authentication and Config Attribs we'll be presenting
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("rod", "NOT_USED");
- ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_READ");
+ List attr = SecurityConfig.createList("AFTER_ACL_READ");
// Filter
assertEquals("sydney", provider.decide(auth, new SimpleMethodInvocation(), attr, "sydney"));
diff --git a/core/src/test/java/org/springframework/security/annotation/Jsr250MethodDefinitionSourceTests.java b/core/src/test/java/org/springframework/security/annotation/Jsr250MethodDefinitionSourceTests.java
index c78666472b..5a1f96e699 100644
--- a/core/src/test/java/org/springframework/security/annotation/Jsr250MethodDefinitionSourceTests.java
+++ b/core/src/test/java/org/springframework/security/annotation/Jsr250MethodDefinitionSourceTests.java
@@ -12,7 +12,6 @@ import junit.framework.Assert;
import org.junit.Test;
import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
/**
* @author Luke Taylor
diff --git a/core/src/test/java/org/springframework/security/annotation/SecuredMethodDefinitionSourceTests.java b/core/src/test/java/org/springframework/security/annotation/SecuredMethodDefinitionSourceTests.java
index 78ba303baa..dc033054b2 100644
--- a/core/src/test/java/org/springframework/security/annotation/SecuredMethodDefinitionSourceTests.java
+++ b/core/src/test/java/org/springframework/security/annotation/SecuredMethodDefinitionSourceTests.java
@@ -22,7 +22,6 @@ import junit.framework.TestCase;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.SecurityConfig;
import org.springframework.util.StringUtils;
diff --git a/core/src/test/java/org/springframework/security/config/FilterInvocationDefinitionSourceParserTests.java b/core/src/test/java/org/springframework/security/config/FilterInvocationDefinitionSourceParserTests.java
index 6950a401b3..949a7c7735 100644
--- a/core/src/test/java/org/springframework/security/config/FilterInvocationDefinitionSourceParserTests.java
+++ b/core/src/test/java/org/springframework/security/config/FilterInvocationDefinitionSourceParserTests.java
@@ -1,6 +1,6 @@
package org.springframework.security.config;
-import static org.junit.Assert.*;
+import static org.junit.Assert.assertTrue;
import java.util.List;
@@ -11,7 +11,6 @@ import org.springframework.mock.web.MockFilterChain;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.SecurityConfig;
import org.springframework.security.intercept.web.DefaultFilterInvocationDefinitionSource;
import org.springframework.security.intercept.web.FilterInvocation;
diff --git a/core/src/test/java/org/springframework/security/config/HttpSecurityBeanDefinitionParserTests.java b/core/src/test/java/org/springframework/security/config/HttpSecurityBeanDefinitionParserTests.java
index 9b1580cfa0..9bb244ab05 100644
--- a/core/src/test/java/org/springframework/security/config/HttpSecurityBeanDefinitionParserTests.java
+++ b/core/src/test/java/org/springframework/security/config/HttpSecurityBeanDefinitionParserTests.java
@@ -1,7 +1,12 @@
package org.springframework.security.config;
-import static org.junit.Assert.*;
-import static org.springframework.security.config.ConfigTestUtils.*;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertSame;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+import static org.springframework.security.config.ConfigTestUtils.AUTH_PROVIDER_XML;
import java.lang.reflect.Method;
import java.util.Iterator;
@@ -10,14 +15,12 @@ import java.util.List;
import org.junit.After;
import org.junit.Test;
import org.springframework.beans.factory.BeanCreationException;
-import org.springframework.beans.factory.BeanDefinitionStoreException;
import org.springframework.beans.factory.parsing.BeanDefinitionParsingException;
import org.springframework.context.support.AbstractXmlApplicationContext;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.mock.web.MockHttpSession;
import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.MockAuthenticationEntryPoint;
import org.springframework.security.MockFilterChain;
import org.springframework.security.SecurityConfig;
diff --git a/core/src/test/java/org/springframework/security/config/MockAfterInvocationProvider.java b/core/src/test/java/org/springframework/security/config/MockAfterInvocationProvider.java
index a0e81c8fa8..c4987294be 100644
--- a/core/src/test/java/org/springframework/security/config/MockAfterInvocationProvider.java
+++ b/core/src/test/java/org/springframework/security/config/MockAfterInvocationProvider.java
@@ -1,24 +1,25 @@
package org.springframework.security.config;
+import java.util.List;
+
import org.springframework.security.AccessDeniedException;
import org.springframework.security.Authentication;
import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.afterinvocation.AfterInvocationProvider;
public class MockAfterInvocationProvider implements AfterInvocationProvider {
- public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config, Object returnedObject)
- throws AccessDeniedException {
- return returnedObject;
- }
+ public Object decide(Authentication authentication, Object object, List config, Object returnedObject)
+ throws AccessDeniedException {
+ return returnedObject;
+ }
- public boolean supports(ConfigAttribute attribute) {
- return true;
- }
+ public boolean supports(ConfigAttribute attribute) {
+ return true;
+ }
- public boolean supports(Class clazz) {
- return true;
- }
+ public boolean supports(Class clazz) {
+ return true;
+ }
}
diff --git a/core/src/test/java/org/springframework/security/event/authorization/AuthenticationCredentialsNotFoundEventTests.java b/core/src/test/java/org/springframework/security/event/authorization/AuthenticationCredentialsNotFoundEventTests.java
index 1df300ef55..18a41ec388 100644
--- a/core/src/test/java/org/springframework/security/event/authorization/AuthenticationCredentialsNotFoundEventTests.java
+++ b/core/src/test/java/org/springframework/security/event/authorization/AuthenticationCredentialsNotFoundEventTests.java
@@ -15,11 +15,9 @@
package org.springframework.security.event.authorization;
-import junit.framework.TestCase;
-
+import org.junit.Test;
import org.springframework.security.AuthenticationCredentialsNotFoundException;
-import org.springframework.security.ConfigAttributeDefinition;
-
+import org.springframework.security.SecurityConfig;
import org.springframework.security.util.SimpleMethodInvocation;
@@ -29,42 +27,22 @@ import org.springframework.security.util.SimpleMethodInvocation;
* @author Ben Alex
* @version $Id$
*/
-public class AuthenticationCredentialsNotFoundEventTests extends TestCase {
- //~ Constructors ===================================================================================================
-
- public AuthenticationCredentialsNotFoundEventTests() {
- super();
- }
-
- public AuthenticationCredentialsNotFoundEventTests(String arg0) {
- super(arg0);
- }
-
- //~ Methods ========================================================================================================
+public class AuthenticationCredentialsNotFoundEventTests {
+ @Test(expected=IllegalArgumentException.class)
public void testRejectsNulls() {
- try {
- new AuthenticationCredentialsNotFoundEvent(null, new ConfigAttributeDefinition(new String[] {}),
+ new AuthenticationCredentialsNotFoundEvent(null, SecurityConfig.createList("TEST"),
new AuthenticationCredentialsNotFoundException("test"));
- fail("Should have thrown IllegalArgumentException");
- } catch (IllegalArgumentException expected) {
- assertTrue(true);
- }
+ }
- try {
- new AuthenticationCredentialsNotFoundEvent(new SimpleMethodInvocation(), null,
+ @Test(expected=IllegalArgumentException.class)
+ public void testRejectsNulls2() {
+ new AuthenticationCredentialsNotFoundEvent(new SimpleMethodInvocation(), null,
new AuthenticationCredentialsNotFoundException("test"));
- fail("Should have thrown IllegalArgumentException");
- } catch (IllegalArgumentException expected) {
- assertTrue(true);
- }
+ }
- try {
- new AuthenticationCredentialsNotFoundEvent(new SimpleMethodInvocation(), new ConfigAttributeDefinition(new String[] {}),
- null);
- fail("Should have thrown IllegalArgumentException");
- } catch (IllegalArgumentException expected) {
- assertTrue(true);
- }
+ @Test(expected=IllegalArgumentException.class)
+ public void testRejectsNulls3() {
+ new AuthenticationCredentialsNotFoundEvent(new SimpleMethodInvocation(), SecurityConfig.createList("TEST"), null);
}
}
diff --git a/core/src/test/java/org/springframework/security/event/authorization/AuthorizationFailureEventTests.java b/core/src/test/java/org/springframework/security/event/authorization/AuthorizationFailureEventTests.java
index 1e659a05fe..43e3768f08 100644
--- a/core/src/test/java/org/springframework/security/event/authorization/AuthorizationFailureEventTests.java
+++ b/core/src/test/java/org/springframework/security/event/authorization/AuthorizationFailureEventTests.java
@@ -15,15 +15,10 @@
package org.springframework.security.event.authorization;
-import junit.framework.TestCase;
-
+import org.junit.Test;
import org.springframework.security.AccessDeniedException;
-import org.springframework.security.ConfigAttributeDefinition;
-
-import org.springframework.security.event.authorization.AuthorizationFailureEvent;
-
+import org.springframework.security.SecurityConfig;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
-
import org.springframework.security.util.SimpleMethodInvocation;
@@ -33,54 +28,29 @@ import org.springframework.security.util.SimpleMethodInvocation;
* @author Ben Alex
* @version $Id$
*/
-public class AuthorizationFailureEventTests extends TestCase {
- //~ Constructors ===================================================================================================
-
- public AuthorizationFailureEventTests() {
- super();
- }
-
- public AuthorizationFailureEventTests(String arg0) {
- super(arg0);
- }
-
- //~ Methods ========================================================================================================
-
- public static void main(String[] args) {
- junit.textui.TestRunner.run(AuthorizationFailureEventTests.class);
- }
+public class AuthorizationFailureEventTests {
+ @Test(expected=IllegalArgumentException.class)
public void testRejectsNulls() {
- try {
- new AuthorizationFailureEvent(null, ConfigAttributeDefinition.NO_ATTRIBUTES,
- new UsernamePasswordAuthenticationToken("foo", "bar"), new AccessDeniedException("error"));
- fail("Should have thrown IllegalArgumentException");
- } catch (IllegalArgumentException expected) {
- assertTrue(true);
- }
+ new AuthorizationFailureEvent(null, SecurityConfig.createList("TEST"),
+ new UsernamePasswordAuthenticationToken("foo", "bar"), new AccessDeniedException("error"));
+ }
- try {
- new AuthorizationFailureEvent(new SimpleMethodInvocation(), null,
- new UsernamePasswordAuthenticationToken("foo", "bar"), new AccessDeniedException("error"));
- fail("Should have thrown IllegalArgumentException");
- } catch (IllegalArgumentException expected) {
- assertTrue(true);
- }
+ @Test(expected=IllegalArgumentException.class)
+ public void testRejectsNulls2() {
+ new AuthorizationFailureEvent(new SimpleMethodInvocation(), null,
+ new UsernamePasswordAuthenticationToken("foo", "bar"), new AccessDeniedException("error"));
+ }
- try {
- new AuthorizationFailureEvent(new SimpleMethodInvocation(), ConfigAttributeDefinition.NO_ATTRIBUTES, null,
- new AccessDeniedException("error"));
- fail("Should have thrown IllegalArgumentException");
- } catch (IllegalArgumentException expected) {
- assertTrue(true);
- }
+ @Test(expected=IllegalArgumentException.class)
+ public void testRejectsNulls3() {
+ new AuthorizationFailureEvent(new SimpleMethodInvocation(), SecurityConfig.createList("TEST"), null,
+ new AccessDeniedException("error"));
+ }
- try {
- new AuthorizationFailureEvent(new SimpleMethodInvocation(), ConfigAttributeDefinition.NO_ATTRIBUTES,
- new UsernamePasswordAuthenticationToken("foo", "bar"), null);
- fail("Should have thrown IllegalArgumentException");
- } catch (IllegalArgumentException expected) {
- assertTrue(true);
- }
+ @Test(expected=IllegalArgumentException.class)
+ public void testRejectsNulls4() {
+ new AuthorizationFailureEvent(new SimpleMethodInvocation(), SecurityConfig.createList("TEST"),
+ new UsernamePasswordAuthenticationToken("foo", "bar"), null);
}
}
diff --git a/core/src/test/java/org/springframework/security/event/authorization/AuthorizedEventTests.java b/core/src/test/java/org/springframework/security/event/authorization/AuthorizedEventTests.java
index b52fd58571..5bff1fdf51 100644
--- a/core/src/test/java/org/springframework/security/event/authorization/AuthorizedEventTests.java
+++ b/core/src/test/java/org/springframework/security/event/authorization/AuthorizedEventTests.java
@@ -15,12 +15,9 @@
package org.springframework.security.event.authorization;
-import junit.framework.TestCase;
-
-import org.springframework.security.ConfigAttributeDefinition;
-
+import org.junit.Test;
+import org.springframework.security.SecurityConfig;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
-
import org.springframework.security.util.SimpleMethodInvocation;
@@ -30,41 +27,21 @@ import org.springframework.security.util.SimpleMethodInvocation;
* @author Ben Alex
* @version $Id$
*/
-public class AuthorizedEventTests extends TestCase {
- //~ Constructors ===================================================================================================
-
- public AuthorizedEventTests() {
- super();
- }
-
- public AuthorizedEventTests(String arg0) {
- super(arg0);
- }
-
- //~ Methods ========================================================================================================
+public class AuthorizedEventTests {
+ @Test(expected=IllegalArgumentException.class)
public void testRejectsNulls() {
- try {
- new AuthorizedEvent(null, ConfigAttributeDefinition.NO_ATTRIBUTES,
- new UsernamePasswordAuthenticationToken("foo", "bar"));
- fail("Should have thrown IllegalArgumentException");
- } catch (IllegalArgumentException expected) {
- assertTrue(true);
- }
+ new AuthorizedEvent(null, SecurityConfig.createList("TEST"), new UsernamePasswordAuthenticationToken("foo", "bar"));
+ }
- try {
- new AuthorizedEvent(new SimpleMethodInvocation(), null,
- new UsernamePasswordAuthenticationToken("foo", "bar"));
- fail("Should have thrown IllegalArgumentException");
- } catch (IllegalArgumentException expected) {
- assertTrue(true);
- }
+ @Test(expected=IllegalArgumentException.class)
+ public void testRejectsNulls2() {
- try {
- new AuthorizedEvent(new SimpleMethodInvocation(), ConfigAttributeDefinition.NO_ATTRIBUTES, null);
- fail("Should have thrown IllegalArgumentException");
- } catch (IllegalArgumentException expected) {
- assertTrue(true);
- }
+ new AuthorizedEvent(new SimpleMethodInvocation(), null, new UsernamePasswordAuthenticationToken("foo", "bar"));
+ }
+
+ @Test(expected=IllegalArgumentException.class)
+ public void testRejectsNulls3() {
+ new AuthorizedEvent(new SimpleMethodInvocation(), SecurityConfig.createList("TEST"), null);
}
}
diff --git a/core/src/test/java/org/springframework/security/expression/support/MethodExpressionVoterTests.java b/core/src/test/java/org/springframework/security/expression/support/MethodExpressionVoterTests.java
index 9eae7362a2..fb5964c050 100644
--- a/core/src/test/java/org/springframework/security/expression/support/MethodExpressionVoterTests.java
+++ b/core/src/test/java/org/springframework/security/expression/support/MethodExpressionVoterTests.java
@@ -10,7 +10,7 @@ import java.util.List;
import org.aopalliance.intercept.MethodInvocation;
import org.junit.Before;
import org.junit.Test;
-import org.springframework.security.ConfigAttributeDefinition;
+import org.springframework.security.ConfigAttribute;
import org.springframework.security.annotation.ExpressionProtectedBusinessServiceImpl;
import org.springframework.security.providers.TestingAuthenticationToken;
import org.springframework.security.util.SimpleMethodInvocation;
@@ -40,43 +40,53 @@ public class MethodExpressionVoterTests {
@Test
public void hasRoleExpressionAllowsUserWithRole() throws Exception {
- ConfigAttributeDefinition cad = new ConfigAttributeDefinition(new PreInvocationExpressionConfigAttribute(null, null, "hasRole('blah')"));
- assertEquals(AccessDecisionVoter.ACCESS_GRANTED, am.vote(joe, miStringArgs, cad));
+ assertEquals(AccessDecisionVoter.ACCESS_GRANTED, am.vote(joe, miStringArgs, createAttributes(new PreInvocationExpressionConfigAttribute(null, null, "hasRole('blah')"))));
}
@Test
public void hasRoleExpressionDeniesUserWithoutRole() throws Exception {
- ConfigAttributeDefinition cad = new ConfigAttributeDefinition(new PreInvocationExpressionConfigAttribute(null, null, "hasRole('joedoesnt')"));
+ List cad = new ArrayList(1);
+ cad.add(new PreInvocationExpressionConfigAttribute(null, null, "hasRole('joedoesnt')"));
assertEquals(AccessDecisionVoter.ACCESS_DENIED, am.vote(joe, miStringArgs, cad));
}
@Test
public void matchingArgAgainstAuthenticationNameIsSuccessful() throws Exception {
- // userName is an argument name of this method
- ConfigAttributeDefinition cad = new ConfigAttributeDefinition(new PreInvocationExpressionConfigAttribute(null, null, "(#userName == principal) and (principal == 'joe')"));
- assertEquals(AccessDecisionVoter.ACCESS_GRANTED, am.vote(joe, miStringArgs, cad));
+ assertEquals(AccessDecisionVoter.ACCESS_GRANTED,
+ am.vote(joe, miStringArgs, createAttributes(new PreInvocationExpressionConfigAttribute(null, null, "(#userName == principal) and (principal == 'joe')"))));
}
@Test
public void accessIsGrantedIfNoPreAuthorizeAttributeIsUsed() throws Exception {
- ConfigAttributeDefinition cad = new ConfigAttributeDefinition(new PreInvocationExpressionConfigAttribute("(filterObject == 'jim')", "someList", null));
- assertEquals(AccessDecisionVoter.ACCESS_GRANTED, am.vote(joe, miListArg, cad));
+ assertEquals(AccessDecisionVoter.ACCESS_GRANTED,
+ am.vote(joe, miListArg, createAttributes(new PreInvocationExpressionConfigAttribute("(filterObject == 'jim')", "someList", null))));
// All objects should have been removed, because the expression is always false
assertEquals(0, listArg.size());
}
@Test(expected=IllegalArgumentException.class)
public void arraysCannotBePrefiltered() throws Exception {
- ConfigAttributeDefinition cad = new ConfigAttributeDefinition(new PreInvocationExpressionConfigAttribute("(filterObject == 'jim')", "someArray", null));
- am.vote(joe, miArrayArg, cad);
+ am.vote(joe, miArrayArg,
+ createAttributes(new PreInvocationExpressionConfigAttribute("(filterObject == 'jim')", "someArray", null)));
}
@Test
public void listPreFilteringIsSuccessful() throws Exception {
- ConfigAttributeDefinition cad = new ConfigAttributeDefinition(new PreInvocationExpressionConfigAttribute("(filterObject == 'joe' or filterObject == 'sam')", "someList", null));
- am.vote(joe, miListArg, cad);
+ am.vote(joe, miListArg,
+ createAttributes(new PreInvocationExpressionConfigAttribute("(filterObject == 'joe' or filterObject == 'sam')", "someList", null)));
assertEquals("joe and sam should still be in the list", 2, listArg.size());
assertEquals("joe", listArg.get(0));
assertEquals("sam", listArg.get(1));
}
+
+ @Test
+ public void ruleDefinedInAClassMethodIsApplied() throws Exception {
+ assertEquals(AccessDecisionVoter.ACCESS_GRANTED, am.vote(joe, miStringArgs,
+ createAttributes(new PreInvocationExpressionConfigAttribute(null, null, "new org.springframework.security.expression.support.SecurityRules().isJoe(#userName)"))));
+ }
+
+ private List createAttributes(ConfigAttribute... attributes) {
+ return Arrays.asList(attributes);
+ }
+
}
diff --git a/core/src/test/java/org/springframework/security/intercept/InterceptorStatusTokenTests.java b/core/src/test/java/org/springframework/security/intercept/InterceptorStatusTokenTests.java
index 5b121b665c..28ca73c441 100644
--- a/core/src/test/java/org/springframework/security/intercept/InterceptorStatusTokenTests.java
+++ b/core/src/test/java/org/springframework/security/intercept/InterceptorStatusTokenTests.java
@@ -15,13 +15,17 @@
package org.springframework.security.intercept;
-import junit.framework.TestCase;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
-import org.springframework.security.ConfigAttributeDefinition;
-import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
-import org.springframework.security.util.SimpleMethodInvocation;
+import java.util.List;
import org.aopalliance.intercept.MethodInvocation;
+import org.junit.Test;
+import org.springframework.security.ConfigAttribute;
+import org.springframework.security.SecurityConfig;
+import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
+import org.springframework.security.util.SimpleMethodInvocation;
/**
@@ -30,39 +34,17 @@ import org.aopalliance.intercept.MethodInvocation;
* @author Ben Alex
* @version $Id$
*/
-public class InterceptorStatusTokenTests extends TestCase {
- //~ Constructors ===================================================================================================
-
- public InterceptorStatusTokenTests() {
- super();
- }
-
- public InterceptorStatusTokenTests(String arg0) {
- super(arg0);
- }
-
- //~ Methods ========================================================================================================
-
- public void testNoArgConstructorDoesntExist() {
- Class clazz = InterceptorStatusToken.class;
-
- try {
- clazz.getDeclaredConstructor((Class[]) null);
- fail("Should have thrown NoSuchMethodException");
- } catch (NoSuchMethodException expected) {
- assertTrue(true);
- }
- }
+public class InterceptorStatusTokenTests {
+ @Test
public void testOperation() {
- ConfigAttributeDefinition attr = new ConfigAttributeDefinition("FOO");
+ List attr = SecurityConfig.createList("FOO");
MethodInvocation mi = new SimpleMethodInvocation();
-
InterceptorStatusToken token = new InterceptorStatusToken(new UsernamePasswordAuthenticationToken("rod",
"koala"), true, attr, mi);
assertTrue(token.isContextHolderRefreshRequired());
- assertEquals(attr, token.getAttr());
+ assertEquals(attr, token.getAttributes());
assertEquals(mi, token.getSecureObject());
assertEquals("rod", token.getAuthentication().getPrincipal());
}
diff --git a/core/src/test/java/org/springframework/security/intercept/method/MethodDefinitionSourceEditorTests.java b/core/src/test/java/org/springframework/security/intercept/method/MethodDefinitionSourceEditorTests.java
index a3fe917955..16423b40cb 100644
--- a/core/src/test/java/org/springframework/security/intercept/method/MethodDefinitionSourceEditorTests.java
+++ b/core/src/test/java/org/springframework/security/intercept/method/MethodDefinitionSourceEditorTests.java
@@ -15,24 +15,21 @@
package org.springframework.security.intercept.method;
+import java.lang.reflect.AccessibleObject;
+import java.lang.reflect.Method;
+import java.util.Iterator;
+import java.util.List;
+
import junit.framework.TestCase;
+import org.aopalliance.intercept.MethodInvocation;
import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.ITargetObject;
import org.springframework.security.MockJoinPoint;
import org.springframework.security.OtherTargetObject;
import org.springframework.security.SecurityConfig;
import org.springframework.security.TargetObject;
-import org.aopalliance.intercept.MethodInvocation;
-
-import java.lang.reflect.AccessibleObject;
-import java.lang.reflect.Method;
-
-import java.util.Iterator;
-import java.util.List;
-
/**
* Tests {@link MethodDefinitionSourceEditor} and its associated {@link MapBasedMethodDefinitionSource}.
@@ -149,7 +146,7 @@ public class MethodDefinitionSourceEditorTests extends TestCase {
"org.springframework.security.TargetObject.countLength=ROLE_ONE,ROLE_TWO,RUN_AS_ENTRY\r\norg.springframework.security.TargetObject.make*=ROLE_NINE,ROLE_SUPERVISOR");
MapBasedMethodDefinitionSource map = (MapBasedMethodDefinitionSource) editor.getValue();
- Iterator iter = map.getConfigAttributeDefinitions().iterator();
+ Iterator iter = map.getAllConfigAttributes().iterator();
int counter = 0;
while (iter.hasNext()) {
diff --git a/core/src/test/java/org/springframework/security/intercept/method/MockMethodDefinitionSource.java b/core/src/test/java/org/springframework/security/intercept/method/MockMethodDefinitionSource.java
index 1c0ac7542b..cc0601c638 100644
--- a/core/src/test/java/org/springframework/security/intercept/method/MockMethodDefinitionSource.java
+++ b/core/src/test/java/org/springframework/security/intercept/method/MockMethodDefinitionSource.java
@@ -15,18 +15,16 @@
package org.springframework.security.intercept.method;
-import org.aopalliance.intercept.MethodInvocation;
-import org.aspectj.lang.JoinPoint;
-import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
-import org.springframework.security.SecurityConfig;
-
import java.lang.reflect.Method;
-
import java.util.Collection;
import java.util.List;
import java.util.Vector;
+import org.aopalliance.intercept.MethodInvocation;
+import org.aspectj.lang.JoinPoint;
+import org.springframework.security.ConfigAttribute;
+import org.springframework.security.SecurityConfig;
+
/**
*
@@ -64,7 +62,7 @@ public class MockMethodDefinitionSource implements MethodDefinitionSource {
//~ Methods ========================================================================================================
- public Collection> getConfigAttributeDefinitions() {
+ public Collection> getAllConfigAttributes() {
if (returnACollection) {
return list;
} else {
diff --git a/core/src/test/java/org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptorTests.java b/core/src/test/java/org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptorTests.java
index e5c3c35501..ed1b375300 100644
--- a/core/src/test/java/org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptorTests.java
+++ b/core/src/test/java/org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptorTests.java
@@ -15,8 +15,14 @@
package org.springframework.security.intercept.method.aopalliance;
+import java.lang.reflect.Method;
+import java.util.Collection;
+import java.util.List;
+
import junit.framework.TestCase;
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.support.ClassPathXmlApplicationContext;
import org.springframework.security.AccessDecisionManager;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.AfterInvocationManager;
@@ -24,7 +30,6 @@ import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationCredentialsNotFoundException;
import org.springframework.security.AuthenticationException;
import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.ITargetObject;
@@ -33,24 +38,12 @@ import org.springframework.security.MockAfterInvocationManager;
import org.springframework.security.MockAuthenticationManager;
import org.springframework.security.MockRunAsManager;
import org.springframework.security.RunAsManager;
-
import org.springframework.security.context.SecurityContextHolder;
-
import org.springframework.security.intercept.method.MethodDefinitionSource;
import org.springframework.security.intercept.method.MockMethodDefinitionSource;
-
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
-
import org.springframework.security.runas.RunAsManagerImpl;
-import org.springframework.context.ApplicationContext;
-import org.springframework.context.support.ClassPathXmlApplicationContext;
-
-import java.lang.reflect.Method;
-
-import java.util.Collection;
-import java.util.List;
-
/**
* Tests {@link MethodSecurityInterceptor}.
@@ -409,7 +402,7 @@ public class MethodSecurityInterceptorTests extends TestCase {
//~ Inner Classes ==================================================================================================
private class MockAccessDecisionManagerWhichOnlySupportsStrings implements AccessDecisionManager {
- public void decide(Authentication authentication, Object object, ConfigAttributeDefinition config)
+ public void decide(Authentication authentication, Object object, List configAttributes)
throws AccessDeniedException {
throw new UnsupportedOperationException("mock method not implemented");
}
@@ -428,7 +421,7 @@ public class MethodSecurityInterceptorTests extends TestCase {
}
private class MockAfterInvocationManagerWhichOnlySupportsStrings implements AfterInvocationManager {
- public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
+ public Object decide(Authentication authentication, Object object, List config,
Object returnedObject) throws AccessDeniedException {
throw new UnsupportedOperationException("mock method not implemented");
}
@@ -447,7 +440,7 @@ public class MethodSecurityInterceptorTests extends TestCase {
}
private class MockObjectDefinitionSourceWhichOnlySupportsStrings implements MethodDefinitionSource {
- public Collection> getConfigAttributeDefinitions() {
+ public Collection> getAllConfigAttributes() {
return null;
}
@@ -469,7 +462,7 @@ public class MethodSecurityInterceptorTests extends TestCase {
}
private class MockRunAsManagerWhichOnlySupportsStrings implements RunAsManager {
- public Authentication buildRunAs(Authentication authentication, Object object, ConfigAttributeDefinition config) {
+ public Authentication buildRunAs(Authentication authentication, Object object, List config) {
throw new UnsupportedOperationException("mock method not implemented");
}
diff --git a/core/src/test/java/org/springframework/security/intercept/web/AbstractFilterInvocationDefinitionSourceTests.java b/core/src/test/java/org/springframework/security/intercept/web/AbstractFilterInvocationDefinitionSourceTests.java
deleted file mode 100644
index b0f0ba4e91..0000000000
--- a/core/src/test/java/org/springframework/security/intercept/web/AbstractFilterInvocationDefinitionSourceTests.java
+++ /dev/null
@@ -1,102 +0,0 @@
-/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.intercept.web;
-
-import junit.framework.TestCase;
-
-import org.springframework.mock.web.MockHttpServletRequest;
-import org.springframework.mock.web.MockHttpServletResponse;
-
-import java.io.IOException;
-
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-
-
-/**
- * Tests {@link DefaultFilterInvocationDefinitionSource}.
- *
- * @author Ben Alex
- * @version $Id$
- */
-public class AbstractFilterInvocationDefinitionSourceTests extends TestCase {
- //~ Constructors ===================================================================================================
-
- public AbstractFilterInvocationDefinitionSourceTests() {
- super();
- }
-
- public AbstractFilterInvocationDefinitionSourceTests(String arg0) {
- super(arg0);
- }
-
- //~ Methods ========================================================================================================
-
- public void testDoesNotSupportAnotherObject() {
- MockFilterInvocationDefinitionSource mfis = new MockFilterInvocationDefinitionSource(false, true);
- assertFalse(mfis.supports(String.class));
- }
-
- public void testGetAttributesForANonFilterInvocation() {
- MockFilterInvocationDefinitionSource mfis = new MockFilterInvocationDefinitionSource(false, true);
-
- try {
- mfis.getAttributes(new String());
- fail("Should have thrown IllegalArgumentException");
- } catch (IllegalArgumentException expected) {
- assertTrue(true);
- }
- }
-
- public void testGetAttributesForANullObject() {
- MockFilterInvocationDefinitionSource mfis = new MockFilterInvocationDefinitionSource(false, true);
-
- try {
- mfis.getAttributes(null);
- fail("Should have thrown IllegalArgumentException");
- } catch (IllegalArgumentException expected) {
- assertTrue(true);
- }
- }
-
- public void testGetAttributesForFilterInvocationSuccess() {
- MockFilterInvocationDefinitionSource mfis = new MockFilterInvocationDefinitionSource(false, true);
-
- try {
- mfis.getAttributes(new FilterInvocation(new MockHttpServletRequest(null, null),
- new MockHttpServletResponse(), new MockFilterChain()));
- fail("Should have thrown UnsupportedOperationException");
- } catch (UnsupportedOperationException expected) {
- assertTrue(true);
- }
- }
-
- public void testSupportsFilterInvocation() {
- MockFilterInvocationDefinitionSource mfis = new MockFilterInvocationDefinitionSource(false, true);
- assertTrue(mfis.supports(FilterInvocation.class));
- }
-
- //~ Inner Classes ==================================================================================================
-
- private class MockFilterChain implements FilterChain {
- public void doFilter(ServletRequest arg0, ServletResponse arg1)
- throws IOException, ServletException {
- throw new UnsupportedOperationException("mock method not implemented");
- }
- }
-}
diff --git a/core/src/test/java/org/springframework/security/intercept/web/DefaultFilterInvocationDefinitionSourceTests.java b/core/src/test/java/org/springframework/security/intercept/web/DefaultFilterInvocationDefinitionSourceTests.java
index 6c322b2c61..f2951f8d9f 100644
--- a/core/src/test/java/org/springframework/security/intercept/web/DefaultFilterInvocationDefinitionSourceTests.java
+++ b/core/src/test/java/org/springframework/security/intercept/web/DefaultFilterInvocationDefinitionSourceTests.java
@@ -16,7 +16,6 @@
package org.springframework.security.intercept.web;
import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
@@ -30,7 +29,6 @@ import org.springframework.security.ConfigAttribute;
import org.springframework.security.MockFilterChain;
import org.springframework.security.SecurityConfig;
import org.springframework.security.util.AntUrlPathMatcher;
-import org.springframework.security.util.InMemoryXmlApplicationContext;
/**
* Tests parts of {@link DefaultFilterInvocationDefinitionSource} not tested by {@link
@@ -136,14 +134,14 @@ public class DefaultFilterInvocationDefinitionSourceTests {
@Test
public void httpMethodSpecificUrlTakesPrecedence() {
// Even though this is added before the method-specific def, the latter should match
- List allMethodDef = def;
- map.addSecureUrl("/**", null, def);
+ List allMethodDef = def;
+ map.addSecureUrl("/**", null, allMethodDef);
- List postOnlyDef = SecurityConfig.createList("ROLE_TWO");
+ List postOnlyDef = SecurityConfig.createList("ROLE_TWO");
map.addSecureUrl("/somepage**", "POST", postOnlyDef);
FilterInvocation fi = createFilterInvocation("/somepage", "POST");
- List attrs = map.getAttributes(fi);
+ List attrs = map.getAttributes(fi);
assertEquals(postOnlyDef, attrs);
}
@@ -165,38 +163,6 @@ public class DefaultFilterInvocationDefinitionSourceTests {
assertEquals(def, response);
}
- @Test
- public void xmlMapConfigurationIsSuccessful() {
- InMemoryXmlApplicationContext context = new InMemoryXmlApplicationContext(
- "" +
- " " +
- " " +
- " " +
- " " +
- " " +
- " " +
- " " +
- " " +
- " " +
- " " +
- " " +
- " " +
- " " +
- " " +
- " " +
- " " +
- " " +
- " " +
- ""
- );
-
- DefaultFilterInvocationDefinitionSource fids = (DefaultFilterInvocationDefinitionSource) context.getBean("fids");
- List cad = fids.lookupAttributes("/anything", "GET");
- assertNotNull(cad);
- assertEquals(1, cad.size());
- context.close();
- }
-
private FilterInvocation createFilterInvocation(String path, String method) {
MockHttpServletRequest request = new MockHttpServletRequest();
request.setRequestURI(null);
diff --git a/core/src/test/java/org/springframework/security/intercept/web/FilterInvocationDefinitionSourceEditorTests.java b/core/src/test/java/org/springframework/security/intercept/web/FilterInvocationDefinitionSourceEditorTests.java
index 05013edca5..13951a2dcf 100644
--- a/core/src/test/java/org/springframework/security/intercept/web/FilterInvocationDefinitionSourceEditorTests.java
+++ b/core/src/test/java/org/springframework/security/intercept/web/FilterInvocationDefinitionSourceEditorTests.java
@@ -146,7 +146,7 @@ public class FilterInvocationDefinitionSourceEditorTests extends TestCase {
editor.setAsText("\\A/secure/super.*\\Z=ROLE_WE_DONT_HAVE\r\n\\A/secure/.*\\Z=ROLE_SUPERVISOR,ROLE_TELLER");
DefaultFilterInvocationDefinitionSource map = (DefaultFilterInvocationDefinitionSource) editor.getValue();
- Iterator iter = map.getConfigAttributeDefinitions().iterator();
+ Iterator iter = map.getAllConfigAttributes().iterator();
int counter = 0;
while (iter.hasNext()) {
diff --git a/core/src/test/java/org/springframework/security/intercept/web/FilterSecurityInterceptorTests.java b/core/src/test/java/org/springframework/security/intercept/web/FilterSecurityInterceptorTests.java
index aed4c6c1d3..35b1b6d85b 100644
--- a/core/src/test/java/org/springframework/security/intercept/web/FilterSecurityInterceptorTests.java
+++ b/core/src/test/java/org/springframework/security/intercept/web/FilterSecurityInterceptorTests.java
@@ -15,30 +15,7 @@
package org.springframework.security.intercept.web;
-import junit.framework.TestCase;
-
-import org.springframework.security.AccessDecisionManager;
-import org.springframework.security.AccessDeniedException;
-import org.springframework.security.Authentication;
-import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
-import org.springframework.security.GrantedAuthority;
-import org.springframework.security.GrantedAuthorityImpl;
-import org.springframework.security.MockAccessDecisionManager;
-import org.springframework.security.MockAuthenticationManager;
-import org.springframework.security.MockRunAsManager;
-import org.springframework.security.RunAsManager;
-import org.springframework.security.MockApplicationEventPublisher;
-import org.springframework.security.SecurityConfig;
-import org.springframework.security.util.AntUrlPathMatcher;
-import org.springframework.security.util.RegexUrlPathMatcher;
-import org.springframework.security.context.SecurityContextHolder;
-import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
-import org.springframework.mock.web.MockHttpServletRequest;
-import org.springframework.mock.web.MockHttpServletResponse;
-
import java.io.IOException;
-
import java.util.Collection;
import java.util.LinkedHashMap;
import java.util.List;
@@ -48,6 +25,27 @@ import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
+import junit.framework.TestCase;
+
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.security.AccessDecisionManager;
+import org.springframework.security.AccessDeniedException;
+import org.springframework.security.Authentication;
+import org.springframework.security.ConfigAttribute;
+import org.springframework.security.GrantedAuthority;
+import org.springframework.security.GrantedAuthorityImpl;
+import org.springframework.security.MockAccessDecisionManager;
+import org.springframework.security.MockApplicationEventPublisher;
+import org.springframework.security.MockAuthenticationManager;
+import org.springframework.security.MockRunAsManager;
+import org.springframework.security.RunAsManager;
+import org.springframework.security.SecurityConfig;
+import org.springframework.security.context.SecurityContextHolder;
+import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
+import org.springframework.security.util.AntUrlPathMatcher;
+import org.springframework.security.util.RegexUrlPathMatcher;
+
/**
* Tests {@link FilterSecurityInterceptor}.
@@ -92,7 +90,7 @@ public class FilterSecurityInterceptorTests extends TestCase {
return true;
}
- public void decide(Authentication authentication, Object object, ConfigAttributeDefinition config)
+ public void decide(Authentication authentication, Object object, List configAttributes)
throws AccessDeniedException {
throw new UnsupportedOperationException("mock method not implemented");
}
@@ -124,7 +122,7 @@ public class FilterSecurityInterceptorTests extends TestCase {
}
public Authentication buildRunAs(Authentication authentication, Object object,
- ConfigAttributeDefinition config) {
+ List config) {
throw new UnsupportedOperationException("mock method not implemented");
}
});
@@ -221,9 +219,9 @@ public class FilterSecurityInterceptorTests extends TestCase {
public void testNotLoadedFromApplicationContext() throws Exception {
LinkedHashMap reqMap = new LinkedHashMap();
- reqMap.put(new RequestKey("/secure/**", null), new ConfigAttributeDefinition(new String[] {"ROLE_USER"}));
+ reqMap.put(new RequestKey("/secure/**", null), SecurityConfig.createList("ROLE_USER"));
DefaultFilterInvocationDefinitionSource fids
- = new DefaultFilterInvocationDefinitionSource(new AntUrlPathMatcher());
+ = new DefaultFilterInvocationDefinitionSource(new AntUrlPathMatcher(), reqMap);
FilterSecurityInterceptor filter = new FilterSecurityInterceptor();
filter.setObjectDefinitionSource(fids);
@@ -278,7 +276,7 @@ public class FilterSecurityInterceptorTests extends TestCase {
}
}
- public Collection> getConfigAttributeDefinitions() {
+ public Collection> getAllConfigAttributes() {
return null;
}
diff --git a/core/src/test/java/org/springframework/security/intercept/web/MockFilterInvocationDefinitionSource.java b/core/src/test/java/org/springframework/security/intercept/web/MockFilterInvocationDefinitionSource.java
deleted file mode 100644
index ff532e4b0d..0000000000
--- a/core/src/test/java/org/springframework/security/intercept/web/MockFilterInvocationDefinitionSource.java
+++ /dev/null
@@ -1,76 +0,0 @@
-/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.intercept.web;
-
-import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
-import org.springframework.security.util.AntUrlPathMatcher;
-
-import java.util.Collection;
-import java.util.List;
-import java.util.Vector;
-
-
-/**
- * Mock for {@link FilterInvocationDefinitionSource}
- *
- * @author Ben Alex
- * @version $Id$
- */
-public class MockFilterInvocationDefinitionSource extends DefaultFilterInvocationDefinitionSource {
- //~ Instance fields ================================================================================================
-
- private List list;
- private boolean returnAnIterator;
-
- //~ Constructors ===================================================================================================
-
- public MockFilterInvocationDefinitionSource(boolean includeInvalidAttributes, boolean returnAnIteratorWhenRequested) {
- super(new AntUrlPathMatcher()); // doesn't matter
- returnAnIterator = returnAnIteratorWhenRequested;
- list = new Vector();
-
- ConfigAttributeDefinition def1 = new ConfigAttributeDefinition("MOCK_LOWER");
- list.add(def1);
-
- if (includeInvalidAttributes) {
- ConfigAttributeDefinition def2 = new ConfigAttributeDefinition(new String[] {"MOCK_LOWER", "INVALID_ATTRIBUTE"});
- list.add(def2);
- }
-
- ConfigAttributeDefinition def3 = new ConfigAttributeDefinition(new String[] {"MOCK_UPPER","RUN_AS"});
- list.add(def3);
-
- if (includeInvalidAttributes) {
- ConfigAttributeDefinition def4 = new ConfigAttributeDefinition(new String[] {"MOCK_SOMETHING","ANOTHER_INVALID"});
- list.add(def4);
- }
- }
-
- //~ Methods ========================================================================================================
-
- public Collection> getConfigAttributeDefinitions() {
- if (returnAnIterator) {
- return list;
- } else {
- return null;
- }
- }
-
- public List lookupAttributes(String url, String method) {
- throw new UnsupportedOperationException("mock method not implemented");
- }
-}
diff --git a/core/src/test/java/org/springframework/security/runas/RunAsManagerImplTests.java b/core/src/test/java/org/springframework/security/runas/RunAsManagerImplTests.java
index 819b427e6b..d092bf3af5 100644
--- a/core/src/test/java/org/springframework/security/runas/RunAsManagerImplTests.java
+++ b/core/src/test/java/org/springframework/security/runas/RunAsManagerImplTests.java
@@ -18,12 +18,10 @@ package org.springframework.security.runas;
import junit.framework.TestCase;
import org.springframework.security.Authentication;
-import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.RunAsManager;
import org.springframework.security.SecurityConfig;
-
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
@@ -34,46 +32,23 @@ import org.springframework.security.providers.UsernamePasswordAuthenticationToke
* @version $Id$
*/
public class RunAsManagerImplTests extends TestCase {
- //~ Constructors ===================================================================================================
-
- public RunAsManagerImplTests() {
- super();
- }
-
- public RunAsManagerImplTests(String arg0) {
- super(arg0);
- }
-
- //~ Methods ========================================================================================================
-
- public static void main(String[] args) {
- junit.textui.TestRunner.run(RunAsManagerImplTests.class);
- }
-
- public final void setUp() throws Exception {
- super.setUp();
- }
-
public void testAlwaysSupportsClass() {
RunAsManagerImpl runAs = new RunAsManagerImpl();
assertTrue(runAs.supports(String.class));
}
- public void testDoesNotReturnAdditionalAuthoritiesIfCalledWithoutARunAsSetting()
- throws Exception {
- ConfigAttributeDefinition def = new ConfigAttributeDefinition("SOMETHING_WE_IGNORE");
+ public void testDoesNotReturnAdditionalAuthoritiesIfCalledWithoutARunAsSetting() throws Exception {
UsernamePasswordAuthenticationToken inputToken = new UsernamePasswordAuthenticationToken("Test", "Password",
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO")});
RunAsManagerImpl runAs = new RunAsManagerImpl();
runAs.setKey("my_password");
- Authentication resultingToken = runAs.buildRunAs(inputToken, new Object(), def);
+ Authentication resultingToken = runAs.buildRunAs(inputToken, new Object(), SecurityConfig.createList("SOMETHING_WE_IGNORE"));
assertEquals(null, resultingToken);
}
public void testRespectsRolePrefix() throws Exception {
- ConfigAttributeDefinition def = new ConfigAttributeDefinition("RUN_AS_SOMETHING");
UsernamePasswordAuthenticationToken inputToken = new UsernamePasswordAuthenticationToken("Test", "Password",
new GrantedAuthority[] {new GrantedAuthorityImpl("ONE"), new GrantedAuthorityImpl("TWO")});
@@ -81,7 +56,7 @@ public class RunAsManagerImplTests extends TestCase {
runAs.setKey("my_password");
runAs.setRolePrefix("FOOBAR_");
- Authentication resultingToken = runAs.buildRunAs(inputToken, new Object(), def);
+ Authentication resultingToken = runAs.buildRunAs(inputToken, new Object(), SecurityConfig.createList("RUN_AS_SOMETHING"));
if (!(resultingToken instanceof RunAsUserToken)) {
fail("Should have returned a RunAsUserToken");
@@ -98,14 +73,13 @@ public class RunAsManagerImplTests extends TestCase {
}
public void testReturnsAdditionalGrantedAuthorities() throws Exception {
- ConfigAttributeDefinition def = new ConfigAttributeDefinition("RUN_AS_SOMETHING");
UsernamePasswordAuthenticationToken inputToken = new UsernamePasswordAuthenticationToken("Test", "Password",
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO")});
RunAsManagerImpl runAs = new RunAsManagerImpl();
runAs.setKey("my_password");
- Authentication resultingToken = runAs.buildRunAs(inputToken, new Object(), def);
+ Authentication resultingToken = runAs.buildRunAs(inputToken, new Object(), SecurityConfig.createList("RUN_AS_SOMETHING"));
if (!(resultingToken instanceof RunAsUserToken)) {
fail("Should have returned a RunAsUserToken");
diff --git a/core/src/test/java/org/springframework/security/securechannel/ChannelDecisionManagerImplTests.java b/core/src/test/java/org/springframework/security/securechannel/ChannelDecisionManagerImplTests.java
index 7d556bb027..3617c3ece5 100644
--- a/core/src/test/java/org/springframework/security/securechannel/ChannelDecisionManagerImplTests.java
+++ b/core/src/test/java/org/springframework/security/securechannel/ChannelDecisionManagerImplTests.java
@@ -18,7 +18,6 @@ package org.springframework.security.securechannel;
import junit.framework.TestCase;
import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.MockFilterChain;
import org.springframework.security.SecurityConfig;
@@ -95,7 +94,7 @@ public class ChannelDecisionManagerImplTests extends TestCase {
MockFilterChain chain = new MockFilterChain();
FilterInvocation fi = new FilterInvocation(request, response, chain);
- ConfigAttributeDefinition cad = new ConfigAttributeDefinition("xyz");
+ List cad = SecurityConfig.createList("xyz");
cdm.decide(fi, cad);
assertTrue(fi.getResponse().isCommitted());
@@ -114,9 +113,7 @@ public class ChannelDecisionManagerImplTests extends TestCase {
MockFilterChain chain = new MockFilterChain();
FilterInvocation fi = new FilterInvocation(request, response, chain);
- ConfigAttributeDefinition cad = new ConfigAttributeDefinition(new String[]{"abc", "ANY_CHANNEL"});
-
- cdm.decide(fi, cad);
+ cdm.decide(fi, SecurityConfig.createList(new String[]{"abc", "ANY_CHANNEL"}));
assertFalse(fi.getResponse().isCommitted());
}
@@ -135,9 +132,7 @@ public class ChannelDecisionManagerImplTests extends TestCase {
MockFilterChain chain = new MockFilterChain();
FilterInvocation fi = new FilterInvocation(request, response, chain);
- ConfigAttributeDefinition cad = new ConfigAttributeDefinition("SOME_ATTRIBUTE_NO_PROCESSORS_SUPPORT");
-
- cdm.decide(fi, cad);
+ cdm.decide(fi, SecurityConfig.createList("SOME_ATTRIBUTE_NO_PROCESSORS_SUPPORT"));
assertFalse(fi.getResponse().isCommitted());
}
@@ -192,9 +187,9 @@ public class ChannelDecisionManagerImplTests extends TestCase {
this.failIfCalled = failIfCalled;
}
- public void decide(FilterInvocation invocation, ConfigAttributeDefinition config)
+ public void decide(FilterInvocation invocation, List config)
throws IOException, ServletException {
- Iterator iter = config.getConfigAttributes().iterator();
+ Iterator iter = config.iterator();
if (failIfCalled) {
fail("Should not have called this channel processor: " + configAttribute);
diff --git a/core/src/test/java/org/springframework/security/securechannel/ChannelProcessingFilterTests.java b/core/src/test/java/org/springframework/security/securechannel/ChannelProcessingFilterTests.java
index 3b5e2f728d..b5d1696d80 100644
--- a/core/src/test/java/org/springframework/security/securechannel/ChannelProcessingFilterTests.java
+++ b/core/src/test/java/org/springframework/security/securechannel/ChannelProcessingFilterTests.java
@@ -18,7 +18,6 @@ package org.springframework.security.securechannel;
import junit.framework.TestCase;
import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.SecurityConfig;
import org.springframework.security.intercept.web.FilterInvocation;
@@ -208,7 +207,7 @@ public class ChannelProcessingFilterTests extends TestCase {
this.supportAttribute = supportAttribute;
}
- public void decide(FilterInvocation invocation, ConfigAttributeDefinition config)
+ public void decide(FilterInvocation invocation, List config)
throws IOException, ServletException {
if (commitAResponse) {
invocation.getHttpResponse().sendRedirect("/redirected");
@@ -267,7 +266,7 @@ public class ChannelProcessingFilterTests extends TestCase {
}
}
- public Collection> getConfigAttributeDefinitions() {
+ public Collection> getAllConfigAttributes() {
if (!provideIterator) {
return null;
}
diff --git a/core/src/test/java/org/springframework/security/securechannel/InsecureChannelProcessorTests.java b/core/src/test/java/org/springframework/security/securechannel/InsecureChannelProcessorTests.java
index 123a211fbe..f9948fd780 100644
--- a/core/src/test/java/org/springframework/security/securechannel/InsecureChannelProcessorTests.java
+++ b/core/src/test/java/org/springframework/security/securechannel/InsecureChannelProcessorTests.java
@@ -17,14 +17,11 @@ package org.springframework.security.securechannel;
import junit.framework.TestCase;
-import org.springframework.security.ConfigAttributeDefinition;
-import org.springframework.security.MockFilterChain;
-import org.springframework.security.SecurityConfig;
-
-import org.springframework.security.intercept.web.FilterInvocation;
-
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.security.MockFilterChain;
+import org.springframework.security.SecurityConfig;
+import org.springframework.security.intercept.web.FilterInvocation;
/**
@@ -34,19 +31,8 @@ import org.springframework.mock.web.MockHttpServletResponse;
* @version $Id$
*/
public class InsecureChannelProcessorTests extends TestCase {
- //~ Methods ========================================================================================================
-
- public static void main(String[] args) {
- junit.textui.TestRunner.run(InsecureChannelProcessorTests.class);
- }
-
- public final void setUp() throws Exception {
- super.setUp();
- }
public void testDecideDetectsAcceptableChannel() throws Exception {
- ConfigAttributeDefinition cad = new ConfigAttributeDefinition(new String[]{"SOME_IGNORED_ATTRIBUTE", "REQUIRES_INSECURE_CHANNEL"});
-
MockHttpServletRequest request = new MockHttpServletRequest();
request.setQueryString("info=true");
request.setServerName("localhost");
@@ -60,15 +46,13 @@ public class InsecureChannelProcessorTests extends TestCase {
FilterInvocation fi = new FilterInvocation(request, response, chain);
InsecureChannelProcessor processor = new InsecureChannelProcessor();
- processor.decide(fi, cad);
+ processor.decide(fi, SecurityConfig.createList("SOME_IGNORED_ATTRIBUTE", "REQUIRES_INSECURE_CHANNEL"));
assertFalse(fi.getResponse().isCommitted());
}
public void testDecideDetectsUnacceptableChannel()
throws Exception {
- ConfigAttributeDefinition cad = new ConfigAttributeDefinition(new String[]{"SOME_IGNORED_ATTRIBUTE", "REQUIRES_INSECURE_CHANNEL"});
-
MockHttpServletRequest request = new MockHttpServletRequest();
request.setQueryString("info=true");
request.setServerName("localhost");
@@ -83,7 +67,7 @@ public class InsecureChannelProcessorTests extends TestCase {
FilterInvocation fi = new FilterInvocation(request, response, chain);
InsecureChannelProcessor processor = new InsecureChannelProcessor();
- processor.decide(fi, cad);
+ processor.decide(fi, SecurityConfig.createList(new String[]{"SOME_IGNORED_ATTRIBUTE", "REQUIRES_INSECURE_CHANNEL"}));
assertTrue(fi.getResponse().isCommitted());
}
diff --git a/core/src/test/java/org/springframework/security/securechannel/SecureChannelProcessorTests.java b/core/src/test/java/org/springframework/security/securechannel/SecureChannelProcessorTests.java
index 32527306dd..9ae8fd93bd 100644
--- a/core/src/test/java/org/springframework/security/securechannel/SecureChannelProcessorTests.java
+++ b/core/src/test/java/org/springframework/security/securechannel/SecureChannelProcessorTests.java
@@ -17,14 +17,11 @@ package org.springframework.security.securechannel;
import junit.framework.TestCase;
-import org.springframework.security.ConfigAttributeDefinition;
-import org.springframework.security.MockFilterChain;
-import org.springframework.security.SecurityConfig;
-
-import org.springframework.security.intercept.web.FilterInvocation;
-
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.security.MockFilterChain;
+import org.springframework.security.SecurityConfig;
+import org.springframework.security.intercept.web.FilterInvocation;
/**
@@ -37,8 +34,6 @@ public class SecureChannelProcessorTests extends TestCase {
//~ Methods ========================================================================================================
public void testDecideDetectsAcceptableChannel() throws Exception {
- ConfigAttributeDefinition cad = new ConfigAttributeDefinition(new String[]{"SOME_IGNORED_ATTRIBUTE", "REQUIRES_SECURE_CHANNEL"});
-
MockHttpServletRequest request = new MockHttpServletRequest();
request.setQueryString("info=true");
request.setServerName("localhost");
@@ -53,14 +48,12 @@ public class SecureChannelProcessorTests extends TestCase {
FilterInvocation fi = new FilterInvocation(request, response, chain);
SecureChannelProcessor processor = new SecureChannelProcessor();
- processor.decide(fi, cad);
+ processor.decide(fi, SecurityConfig.createList("SOME_IGNORED_ATTRIBUTE", "REQUIRES_SECURE_CHANNEL"));
assertFalse(fi.getResponse().isCommitted());
}
public void testDecideDetectsUnacceptableChannel() throws Exception {
- ConfigAttributeDefinition cad = new ConfigAttributeDefinition(new String[]{"SOME_IGNORED_ATTRIBUTE", "REQUIRES_SECURE_CHANNEL"});
-
MockHttpServletRequest request = new MockHttpServletRequest();
request.setQueryString("info=true");
request.setServerName("localhost");
@@ -74,7 +67,7 @@ public class SecureChannelProcessorTests extends TestCase {
FilterInvocation fi = new FilterInvocation(request, response, chain);
SecureChannelProcessor processor = new SecureChannelProcessor();
- processor.decide(fi, cad);
+ processor.decide(fi, SecurityConfig.createList(new String[]{"SOME_IGNORED_ATTRIBUTE", "REQUIRES_SECURE_CHANNEL"}));
assertTrue(fi.getResponse().isCommitted());
}
diff --git a/core/src/test/java/org/springframework/security/util/FilterChainProxyTests.java b/core/src/test/java/org/springframework/security/util/FilterChainProxyTests.java
index 4304bf8f79..1ef0407e75 100644
--- a/core/src/test/java/org/springframework/security/util/FilterChainProxyTests.java
+++ b/core/src/test/java/org/springframework/security/util/FilterChainProxyTests.java
@@ -15,29 +15,26 @@
package org.springframework.security.util;
-import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
-import org.springframework.security.MockFilterConfig;
-import org.springframework.security.SecurityConfig;
-import org.springframework.security.context.HttpSessionContextIntegrationFilter;
-import org.springframework.security.intercept.web.MockFilterInvocationDefinitionSource;
-import org.springframework.security.intercept.web.DefaultFilterInvocationDefinitionSource;
-import org.springframework.security.intercept.web.RequestKey;
-import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+import java.util.List;
+
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
import org.springframework.beans.factory.BeanCreationException;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import org.springframework.context.support.StaticApplicationContext;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
-
-import org.junit.After;
-import static org.junit.Assert.*;
-import org.junit.Before;
-import org.junit.Test;
-
-import java.util.LinkedHashMap;
-import java.util.List;
+import org.springframework.security.MockFilterConfig;
+import org.springframework.security.context.HttpSessionContextIntegrationFilter;
+import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;
/**
* Tests {@link FilterChainProxy}.
@@ -63,31 +60,6 @@ public class FilterChainProxyTests {
}
}
- @Test(expected=IllegalArgumentException.class)
- public void testDetectsFilterInvocationDefinitionSourceThatDoesNotReturnAllConfigAttributes() throws Exception {
- FilterChainProxy filterChainProxy = new FilterChainProxy();
- filterChainProxy.setApplicationContext(new StaticApplicationContext());
-
- filterChainProxy.setFilterInvocationDefinitionSource(new MockFilterInvocationDefinitionSource(false, false));
- filterChainProxy.afterPropertiesSet();
- }
-
- @Test(expected=IllegalArgumentException.class)
- public void testDetectsIfConfigAttributeDoesNotReturnValueForGetAttributeMethod() throws Exception {
- FilterChainProxy filterChainProxy = new FilterChainProxy();
- filterChainProxy.setApplicationContext(new StaticApplicationContext());
-
- LinkedHashMap map = new LinkedHashMap();
- map.put(new RequestKey("/**"), SecurityConfig.createList(null));
- DefaultFilterInvocationDefinitionSource fids =
- new DefaultFilterInvocationDefinitionSource(new AntUrlPathMatcher(), map);
-
- filterChainProxy.setFilterInvocationDefinitionSource(fids);
-
- filterChainProxy.afterPropertiesSet();
- filterChainProxy.init(new MockFilterConfig());
- }
-
@Test(expected = IllegalArgumentException.class)
public void testDetectsMissingFilterInvocationDefinitionSource() throws Exception {
FilterChainProxy filterChainProxy = new FilterChainProxy();
diff --git a/core/src/test/java/org/springframework/security/vote/AbstractAccessDecisionManagerTests.java b/core/src/test/java/org/springframework/security/vote/AbstractAccessDecisionManagerTests.java
index 7281ebc6f4..c6c211a820 100644
--- a/core/src/test/java/org/springframework/security/vote/AbstractAccessDecisionManagerTests.java
+++ b/core/src/test/java/org/springframework/security/vote/AbstractAccessDecisionManagerTests.java
@@ -20,7 +20,6 @@ import junit.framework.TestCase;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.Authentication;
import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.SecurityConfig;
import java.util.List;
@@ -162,7 +161,7 @@ public class AbstractAccessDecisionManagerTests extends TestCase {
//~ Inner Classes ==================================================================================================
private class MockDecisionManagerImpl extends AbstractAccessDecisionManager {
- public void decide(Authentication authentication, Object object, ConfigAttributeDefinition config)
+ public void decide(Authentication authentication, Object object, List configAttributes)
throws AccessDeniedException {
return;
}
@@ -181,7 +180,7 @@ public class AbstractAccessDecisionManagerTests extends TestCase {
throw new UnsupportedOperationException("mock method not implemented");
}
- public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config) {
+ public int vote(Authentication authentication, Object object, List attributes) {
throw new UnsupportedOperationException("mock method not implemented");
}
}
diff --git a/core/src/test/java/org/springframework/security/vote/AffirmativeBasedTests.java b/core/src/test/java/org/springframework/security/vote/AffirmativeBasedTests.java
index ee0395d093..393fb647fe 100644
--- a/core/src/test/java/org/springframework/security/vote/AffirmativeBasedTests.java
+++ b/core/src/test/java/org/springframework/security/vote/AffirmativeBasedTests.java
@@ -15,18 +15,18 @@
package org.springframework.security.vote;
-import junit.framework.TestCase;
+import static org.junit.Assert.assertTrue;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.junit.Test;
import org.springframework.security.AccessDeniedException;
-import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
-
+import org.springframework.security.SecurityConfig;
import org.springframework.security.providers.TestingAuthenticationToken;
-import java.util.List;
-import java.util.Vector;
-
/**
* Tests {@link AffirmativeBased}.
@@ -34,29 +34,14 @@ import java.util.Vector;
* @author Ben Alex
* @version $Id$
*/
-public class AffirmativeBasedTests extends TestCase {
- //~ Constructors ===================================================================================================
-
- public AffirmativeBasedTests() {
- super();
- }
-
- public AffirmativeBasedTests(String arg0) {
- super(arg0);
- }
-
- //~ Methods ========================================================================================================
-
- public static void main(String[] args) {
- junit.textui.TestRunner.run(AffirmativeBasedTests.class);
- }
+public class AffirmativeBasedTests {
private AffirmativeBased makeDecisionManager() {
AffirmativeBased decisionManager = new AffirmativeBased();
RoleVoter roleVoter = new RoleVoter();
DenyVoter denyForSureVoter = new DenyVoter();
DenyAgainVoter denyAgainForSureVoter = new DenyAgainVoter();
- List voters = new Vector();
+ List voters = new ArrayList();
voters.add(roleVoter);
voters.add(denyForSureVoter);
voters.add(denyAgainForSureVoter);
@@ -70,85 +55,55 @@ public class AffirmativeBasedTests extends TestCase {
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_1"), new GrantedAuthorityImpl("ROLE_2")});
}
- public final void setUp() throws Exception {
- super.setUp();
- }
-
- public void testOneAffirmativeVoteOneDenyVoteOneAbstainVoteGrantsAccess()
- throws Exception {
+ @Test
+ public void testOneAffirmativeVoteOneDenyVoteOneAbstainVoteGrantsAccess() throws Exception {
TestingAuthenticationToken auth = makeTestToken();
AffirmativeBased mgr = makeDecisionManager();
- ConfigAttributeDefinition config = new ConfigAttributeDefinition(new String[]{"ROLE_1", "DENY_FOR_SURE"});
-
- mgr.decide(auth, new Object(), config);
- assertTrue(true);
+ mgr.decide(auth, new Object(), SecurityConfig.createList(new String[]{"ROLE_1", "DENY_FOR_SURE"}));
}
- public void testOneAffirmativeVoteTwoAbstainVotesGrantsAccess()
- throws Exception {
+ @Test
+ public void testOneAffirmativeVoteTwoAbstainVotesGrantsAccess() throws Exception {
TestingAuthenticationToken auth = makeTestToken();
AffirmativeBased mgr = makeDecisionManager();
- ConfigAttributeDefinition config = new ConfigAttributeDefinition("ROLE_2");
-
- mgr.decide(auth, new Object(), config);
- assertTrue(true);
+ mgr.decide(auth, new Object(), SecurityConfig.createList("ROLE_2"));
}
- public void testOneDenyVoteTwoAbstainVotesDeniesAccess()
- throws Exception {
+ @Test(expected=AccessDeniedException.class)
+ public void testOneDenyVoteTwoAbstainVotesDeniesAccess() throws Exception {
TestingAuthenticationToken auth = makeTestToken();
AffirmativeBased mgr = makeDecisionManager();
- ConfigAttributeDefinition config = new ConfigAttributeDefinition("ROLE_WE_DO_NOT_HAVE");
-
- try {
- mgr.decide(auth, new Object(), config);
- fail("Should have thrown AccessDeniedException");
- } catch (AccessDeniedException expected) {
- assertTrue(true);
- }
+ mgr.decide(auth, new Object(), SecurityConfig.createList("ROLE_WE_DO_NOT_HAVE"));
}
- public void testThreeAbstainVotesDeniesAccessWithDefault()
- throws Exception {
+ @Test(expected=AccessDeniedException.class)
+ public void testThreeAbstainVotesDeniesAccessWithDefault() throws Exception {
TestingAuthenticationToken auth = makeTestToken();
AffirmativeBased mgr = makeDecisionManager();
assertTrue(!mgr.isAllowIfAllAbstainDecisions()); // check default
- ConfigAttributeDefinition config = new ConfigAttributeDefinition("IGNORED_BY_ALL");
-
- try {
- mgr.decide(auth, new Object(), config);
- fail("Should have thrown AccessDeniedException");
- } catch (AccessDeniedException expected) {
- assertTrue(true);
- }
+ mgr.decide(auth, new Object(), SecurityConfig.createList("IGNORED_BY_ALL"));
}
- public void testThreeAbstainVotesGrantsAccessWithoutDefault()
- throws Exception {
+ @Test
+ public void testThreeAbstainVotesGrantsAccessWithoutDefault() throws Exception {
TestingAuthenticationToken auth = makeTestToken();
AffirmativeBased mgr = makeDecisionManager();
mgr.setAllowIfAllAbstainDecisions(true);
assertTrue(mgr.isAllowIfAllAbstainDecisions()); // check changed
- ConfigAttributeDefinition config = new ConfigAttributeDefinition("IGNORED_BY_ALL");
-
- mgr.decide(auth, new Object(), config);
- assertTrue(true);
+ mgr.decide(auth, new Object(), SecurityConfig.createList("IGNORED_BY_ALL"));
}
- public void testTwoAffirmativeVotesTwoAbstainVotesGrantsAccess()
- throws Exception {
+ @Test
+ public void testTwoAffirmativeVotesTwoAbstainVotesGrantsAccess() throws Exception {
TestingAuthenticationToken auth = makeTestToken();
AffirmativeBased mgr = makeDecisionManager();
- ConfigAttributeDefinition config = new ConfigAttributeDefinition(new String[]{"ROLE_1", "ROLE_2"});
-
- mgr.decide(auth, new Object(), config);
- assertTrue(true);
+ mgr.decide(auth, new Object(), SecurityConfig.createList("ROLE_1", "ROLE_2"));
}
}
diff --git a/core/src/test/java/org/springframework/security/vote/AuthenticatedVoterTests.java b/core/src/test/java/org/springframework/security/vote/AuthenticatedVoterTests.java
index c534ac7420..5581f697c4 100644
--- a/core/src/test/java/org/springframework/security/vote/AuthenticatedVoterTests.java
+++ b/core/src/test/java/org/springframework/security/vote/AuthenticatedVoterTests.java
@@ -15,14 +15,15 @@
package org.springframework.security.vote;
+import java.util.List;
+
import junit.framework.TestCase;
import org.springframework.security.Authentication;
-import org.springframework.security.ConfigAttributeDefinition;
+import org.springframework.security.ConfigAttribute;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.SecurityConfig;
-
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
import org.springframework.security.providers.anonymous.AnonymousAuthenticationToken;
import org.springframework.security.providers.rememberme.RememberMeAuthenticationToken;
@@ -35,17 +36,6 @@ import org.springframework.security.providers.rememberme.RememberMeAuthenticatio
* @version $Id$
*/
public class AuthenticatedVoterTests extends TestCase {
- //~ Constructors ===================================================================================================
-
- public AuthenticatedVoterTests() {
- super();
- }
-
- public AuthenticatedVoterTests(String arg0) {
- super(arg0);
- }
-
- //~ Methods ========================================================================================================
private Authentication createAnonymous() {
return new AnonymousAuthenticationToken("ignored", "ignored",
@@ -62,17 +52,9 @@ public class AuthenticatedVoterTests extends TestCase {
new GrantedAuthority[] {new GrantedAuthorityImpl("ignored")});
}
- public static void main(String[] args) {
- junit.textui.TestRunner.run(AuthenticatedVoterTests.class);
- }
-
- public final void setUp() throws Exception {
- super.setUp();
- }
-
public void testAnonymousWorks() {
AuthenticatedVoter voter = new AuthenticatedVoter();
- ConfigAttributeDefinition def = new ConfigAttributeDefinition(AuthenticatedVoter.IS_AUTHENTICATED_ANONYMOUSLY);
+ List def = SecurityConfig.createList(AuthenticatedVoter.IS_AUTHENTICATED_ANONYMOUSLY);
assertEquals(AccessDecisionVoter.ACCESS_GRANTED, voter.vote(createAnonymous(), null, def));
assertEquals(AccessDecisionVoter.ACCESS_GRANTED, voter.vote(createRememberMe(), null, def));
assertEquals(AccessDecisionVoter.ACCESS_GRANTED, voter.vote(createFullyAuthenticated(), null, def));
@@ -80,7 +62,7 @@ public class AuthenticatedVoterTests extends TestCase {
public void testFullyWorks() {
AuthenticatedVoter voter = new AuthenticatedVoter();
- ConfigAttributeDefinition def = new ConfigAttributeDefinition(AuthenticatedVoter.IS_AUTHENTICATED_FULLY);
+ List def = SecurityConfig.createList(AuthenticatedVoter.IS_AUTHENTICATED_FULLY);
assertEquals(AccessDecisionVoter.ACCESS_DENIED, voter.vote(createAnonymous(), null, def));
assertEquals(AccessDecisionVoter.ACCESS_DENIED, voter.vote(createRememberMe(), null, def));
assertEquals(AccessDecisionVoter.ACCESS_GRANTED, voter.vote(createFullyAuthenticated(), null, def));
@@ -88,7 +70,7 @@ public class AuthenticatedVoterTests extends TestCase {
public void testRememberMeWorks() {
AuthenticatedVoter voter = new AuthenticatedVoter();
- ConfigAttributeDefinition def = new ConfigAttributeDefinition(AuthenticatedVoter.IS_AUTHENTICATED_REMEMBERED);
+ List def = SecurityConfig.createList(AuthenticatedVoter.IS_AUTHENTICATED_REMEMBERED);
assertEquals(AccessDecisionVoter.ACCESS_DENIED, voter.vote(createAnonymous(), null, def));
assertEquals(AccessDecisionVoter.ACCESS_GRANTED, voter.vote(createRememberMe(), null, def));
assertEquals(AccessDecisionVoter.ACCESS_GRANTED, voter.vote(createFullyAuthenticated(), null, def));
diff --git a/core/src/test/java/org/springframework/security/vote/BasicAclEntryVoterTests.java b/core/src/test/java/org/springframework/security/vote/BasicAclEntryVoterTests.java
index 581234f63e..77e0192386 100644
--- a/core/src/test/java/org/springframework/security/vote/BasicAclEntryVoterTests.java
+++ b/core/src/test/java/org/springframework/security/vote/BasicAclEntryVoterTests.java
@@ -15,10 +15,15 @@
package org.springframework.security.vote;
+import java.lang.reflect.Method;
+import java.util.List;
+
import junit.framework.TestCase;
+import org.aopalliance.intercept.MethodInvocation;
+import org.aspectj.lang.JoinPoint;
import org.springframework.security.AuthorizationServiceException;
-import org.springframework.security.ConfigAttributeDefinition;
+import org.springframework.security.ConfigAttribute;
import org.springframework.security.MockAclManager;
import org.springframework.security.SecurityConfig;
import org.springframework.security.acl.AclEntry;
@@ -27,10 +32,6 @@ import org.springframework.security.acl.basic.MockAclObjectIdentity;
import org.springframework.security.acl.basic.SimpleAclEntry;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
import org.springframework.security.util.SimpleMethodInvocation;
-import org.aopalliance.intercept.MethodInvocation;
-import org.aspectj.lang.JoinPoint;
-
-import java.lang.reflect.Method;
/**
* Tests {@link BasicAclEntryVoter}.
@@ -93,7 +94,7 @@ public class BasicAclEntryVoterTests extends TestCase {
voter.afterPropertiesSet();
// Wire up an invocation to be voted on
- ConfigAttributeDefinition attr = new ConfigAttributeDefinition("FOO_ADMIN_OR_WRITE_ACCESS");
+ List attr = SecurityConfig.createList("FOO_ADMIN_OR_WRITE_ACCESS");
// Setup a MockMethodInvocation, so voter can retrieve domainObject
MethodInvocation mi = getMethodInvocation(domainObject);
@@ -213,7 +214,7 @@ public class BasicAclEntryVoterTests extends TestCase {
voter.afterPropertiesSet();
// Wire up an invocation to be voted on
- ConfigAttributeDefinition attr = new ConfigAttributeDefinition("A_DIFFERENT_ATTRIBUTE");
+ List attr = SecurityConfig.createList("A_DIFFERENT_ATTRIBUTE");
// Setup a MockMethodInvocation, so voter can retrieve domainObject
MethodInvocation mi = getMethodInvocation(domainObject);
@@ -245,7 +246,7 @@ public class BasicAclEntryVoterTests extends TestCase {
voter.afterPropertiesSet();
// Wire up an invocation to be voted on
- ConfigAttributeDefinition attr = new ConfigAttributeDefinition("FOO_ADMIN_OR_WRITE_ACCESS");
+ List attr = SecurityConfig.createList("FOO_ADMIN_OR_WRITE_ACCESS");
// Setup a MockMethodInvocation, so voter can retrieve domainObject
MethodInvocation mi = getMethodInvocation(domainObject);
@@ -276,7 +277,7 @@ public class BasicAclEntryVoterTests extends TestCase {
voter.afterPropertiesSet();
// Wire up an invocation to be voted on
- ConfigAttributeDefinition attr = new ConfigAttributeDefinition("FOO_ADMIN_OR_WRITE_ACCESS");
+ List attr = SecurityConfig.createList("FOO_ADMIN_OR_WRITE_ACCESS");
// Setup a MockMethodInvocation, so voter can retrieve domainObject
MethodInvocation mi = getMethodInvocation(domainObject);
@@ -307,7 +308,7 @@ public class BasicAclEntryVoterTests extends TestCase {
voter.afterPropertiesSet();
// Wire up an invocation to be voted on
- ConfigAttributeDefinition attr = new ConfigAttributeDefinition("FOO_ADMIN_OR_WRITE_ACCESS");
+ List attr = SecurityConfig.createList("FOO_ADMIN_OR_WRITE_ACCESS");
// Setup a MockMethodInvocation, so voter can retrieve domainObject
MethodInvocation mi = getMethodInvocation(domainObject);
@@ -342,7 +343,7 @@ public class BasicAclEntryVoterTests extends TestCase {
voter.afterPropertiesSet();
// Wire up an invocation to be voted on
- ConfigAttributeDefinition attr = new ConfigAttributeDefinition("FOO_ADMIN_OR_WRITE_ACCESS");
+ List attr = SecurityConfig.createList("FOO_ADMIN_OR_WRITE_ACCESS");
// Setup a MockMethodInvocation, so voter can retrieve domainObject
// (well actually it will access domainObject.getParent())
@@ -376,7 +377,7 @@ public class BasicAclEntryVoterTests extends TestCase {
voter.afterPropertiesSet();
// Wire up an invocation to be voted on
- ConfigAttributeDefinition attr = new ConfigAttributeDefinition("FOO_ADMIN_OR_WRITE_ACCESS");
+ List attr = SecurityConfig.createList("FOO_ADMIN_OR_WRITE_ACCESS");
// Setup a MockMethodInvocation, so voter can retrieve domainObject
// (well actually it will access domainObject.getParent())
@@ -413,7 +414,7 @@ public class BasicAclEntryVoterTests extends TestCase {
voter.afterPropertiesSet();
// Wire up an invocation to be voted on
- ConfigAttributeDefinition attr = new ConfigAttributeDefinition("FOO_ADMIN_OR_WRITE_ACCESS");
+ List attr = SecurityConfig.createList("FOO_ADMIN_OR_WRITE_ACCESS");
// Setup a MockMethodInvocation that doesn't provide SomeDomainObject arg
Class clazz = String.class;
diff --git a/core/src/test/java/org/springframework/security/vote/ConsensusBasedTests.java b/core/src/test/java/org/springframework/security/vote/ConsensusBasedTests.java
index 53f1aec72d..bd96f667e4 100644
--- a/core/src/test/java/org/springframework/security/vote/ConsensusBasedTests.java
+++ b/core/src/test/java/org/springframework/security/vote/ConsensusBasedTests.java
@@ -15,15 +15,17 @@
package org.springframework.security.vote;
+import static org.junit.Assert.*;
+
import java.util.List;
import java.util.Vector;
-import junit.framework.TestCase;
-
+import org.junit.Test;
import org.springframework.security.AccessDeniedException;
-import org.springframework.security.ConfigAttributeDefinition;
+import org.springframework.security.ConfigAttribute;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
+import org.springframework.security.SecurityConfig;
import org.springframework.security.providers.TestingAuthenticationToken;
@@ -33,98 +35,77 @@ import org.springframework.security.providers.TestingAuthenticationToken;
* @author Ben Alex
* @version $Id$
*/
-public class ConsensusBasedTests extends TestCase {
-
- //~ Methods ================================================================
+public class ConsensusBasedTests {
+ @Test(expected=AccessDeniedException.class)
public void testOneAffirmativeVoteOneDenyVoteOneAbstainVoteDeniesAccessWithoutDefault() throws Exception {
TestingAuthenticationToken auth = makeTestToken();
ConsensusBased mgr = makeDecisionManager();
mgr.setAllowIfEqualGrantedDeniedDecisions(false);
assertTrue(!mgr.isAllowIfEqualGrantedDeniedDecisions()); // check changed
- ConfigAttributeDefinition config = new ConfigAttributeDefinition(new String[]{"ROLE_1", "DENY_FOR_SURE"});
+ List config = SecurityConfig.createList(new String[]{"ROLE_1", "DENY_FOR_SURE"});
- try {
- mgr.decide(auth, new Object(), config);
- fail("Should have thrown AccessDeniedException");
- } catch (AccessDeniedException expected) {
- assertTrue(true);
- }
+ mgr.decide(auth, new Object(), config);
}
+ @Test
public void testOneAffirmativeVoteOneDenyVoteOneAbstainVoteGrantsAccessWithDefault() throws Exception {
TestingAuthenticationToken auth = makeTestToken();
ConsensusBased mgr = makeDecisionManager();
assertTrue(mgr.isAllowIfEqualGrantedDeniedDecisions()); // check default
- ConfigAttributeDefinition config = new ConfigAttributeDefinition(new String[]{"ROLE_1", "DENY_FOR_SURE"});
+ List config = SecurityConfig.createList(new String[]{"ROLE_1", "DENY_FOR_SURE"});
mgr.decide(auth, new Object(), config);
assertTrue(true);
}
+ @Test
public void testOneAffirmativeVoteTwoAbstainVotesGrantsAccess() throws Exception {
TestingAuthenticationToken auth = makeTestToken();
ConsensusBased mgr = makeDecisionManager();
- ConfigAttributeDefinition config = new ConfigAttributeDefinition("ROLE_2");
-
- mgr.decide(auth, new Object(), config);
+ mgr.decide(auth, new Object(), SecurityConfig.createList("ROLE_2"));
assertTrue(true);
}
+ @Test(expected=AccessDeniedException.class)
public void testOneDenyVoteTwoAbstainVotesDeniesAccess() throws Exception {
TestingAuthenticationToken auth = makeTestToken();
ConsensusBased mgr = makeDecisionManager();
- ConfigAttributeDefinition config = new ConfigAttributeDefinition("ROLE_WE_DO_NOT_HAVE");
-
- try {
- mgr.decide(auth, new Object(), config);
- fail("Should have thrown AccessDeniedException");
- } catch (AccessDeniedException expected) {
- assertTrue(true);
- }
+ mgr.decide(auth, new Object(), SecurityConfig.createList("ROLE_WE_DO_NOT_HAVE"));
+ fail("Should have thrown AccessDeniedException");
}
+ @Test(expected=AccessDeniedException.class)
public void testThreeAbstainVotesDeniesAccessWithDefault() throws Exception {
TestingAuthenticationToken auth = makeTestToken();
ConsensusBased mgr = makeDecisionManager();
assertTrue(!mgr.isAllowIfAllAbstainDecisions()); // check default
- ConfigAttributeDefinition config = new ConfigAttributeDefinition("IGNORED_BY_ALL");
-
- try {
- mgr.decide(auth, new Object(), config);
- fail("Should have thrown AccessDeniedException");
- } catch (AccessDeniedException expected) {
- assertTrue(true);
- }
+ mgr.decide(auth, new Object(), SecurityConfig.createList("IGNORED_BY_ALL"));
}
+ @Test
public void testThreeAbstainVotesGrantsAccessWithoutDefault() throws Exception {
TestingAuthenticationToken auth = makeTestToken();
ConsensusBased mgr = makeDecisionManager();
mgr.setAllowIfAllAbstainDecisions(true);
assertTrue(mgr.isAllowIfAllAbstainDecisions()); // check changed
- ConfigAttributeDefinition config = new ConfigAttributeDefinition("IGNORED_BY_ALL");
-
- mgr.decide(auth, new Object(), config);
- assertTrue(true);
+ mgr.decide(auth, new Object(), SecurityConfig.createList("IGNORED_BY_ALL"));
}
+ @Test
public void testTwoAffirmativeVotesTwoAbstainVotesGrantsAccess() throws Exception {
TestingAuthenticationToken auth = makeTestToken();
ConsensusBased mgr = makeDecisionManager();
- ConfigAttributeDefinition config = new ConfigAttributeDefinition(new String[]{"ROLE_1", "ROLE_2"});
-
- mgr.decide(auth, new Object(), config);
- assertTrue(true);
+ mgr.decide(auth, new Object(), SecurityConfig.createList(new String[]{"ROLE_1", "ROLE_2"}));
}
private ConsensusBased makeDecisionManager() {
diff --git a/core/src/test/java/org/springframework/security/vote/DenyAgainVoter.java b/core/src/test/java/org/springframework/security/vote/DenyAgainVoter.java
index f2b9d98362..903b613465 100644
--- a/core/src/test/java/org/springframework/security/vote/DenyAgainVoter.java
+++ b/core/src/test/java/org/springframework/security/vote/DenyAgainVoter.java
@@ -17,9 +17,9 @@ package org.springframework.security.vote;
import org.springframework.security.Authentication;
import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
import java.util.Iterator;
+import java.util.List;
/**
* Implementation of an {@link AccessDecisionVoter} for unit testing.
@@ -35,34 +35,34 @@ import java.util.Iterator;
* @version $Id$
*/
public class DenyAgainVoter implements AccessDecisionVoter {
- // ~ Methods
- // ========================================================================================================
+ // ~ Methods
+ // ========================================================================================================
- public boolean supports(ConfigAttribute attribute) {
- if ("DENY_AGAIN_FOR_SURE".equals(attribute.getAttribute())) {
- return true;
- }
- else {
- return false;
- }
- }
+ public boolean supports(ConfigAttribute attribute) {
+ if ("DENY_AGAIN_FOR_SURE".equals(attribute.getAttribute())) {
+ return true;
+ }
+ else {
+ return false;
+ }
+ }
- public boolean supports(Class clazz) {
- return true;
- }
+ public boolean supports(Class clazz) {
+ return true;
+ }
- public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config) {
- Iterator iter = config.getConfigAttributes().iterator();
+ public int vote(Authentication authentication, Object object, List attributes) {
+ Iterator iter = attributes.iterator();
- while (iter.hasNext()) {
- ConfigAttribute attribute = (ConfigAttribute) iter.next();
+ while (iter.hasNext()) {
+ ConfigAttribute attribute = (ConfigAttribute) iter.next();
- if (this.supports(attribute)) {
- return ACCESS_DENIED;
- }
- }
+ if (this.supports(attribute)) {
+ return ACCESS_DENIED;
+ }
+ }
- return ACCESS_ABSTAIN;
- }
+ return ACCESS_ABSTAIN;
+ }
}
diff --git a/core/src/test/java/org/springframework/security/vote/DenyVoter.java b/core/src/test/java/org/springframework/security/vote/DenyVoter.java
index 2dbbfecef6..bbdfe24cfa 100644
--- a/core/src/test/java/org/springframework/security/vote/DenyVoter.java
+++ b/core/src/test/java/org/springframework/security/vote/DenyVoter.java
@@ -17,9 +17,9 @@ package org.springframework.security.vote;
import org.springframework.security.Authentication;
import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
import java.util.Iterator;
+import java.util.List;
/**
@@ -45,8 +45,8 @@ public class DenyVoter implements AccessDecisionVoter {
return true;
}
- public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config) {
- Iterator iter = config.getConfigAttributes().iterator();
+ public int vote(Authentication authentication, Object object, List attributes) {
+ Iterator iter = attributes.iterator();
while (iter.hasNext()) {
ConfigAttribute attribute = (ConfigAttribute) iter.next();
diff --git a/core/src/test/java/org/springframework/security/vote/RoleHierarchyVoterTests.java b/core/src/test/java/org/springframework/security/vote/RoleHierarchyVoterTests.java
index 6c02d20046..a7c60568e9 100644
--- a/core/src/test/java/org/springframework/security/vote/RoleHierarchyVoterTests.java
+++ b/core/src/test/java/org/springframework/security/vote/RoleHierarchyVoterTests.java
@@ -1,24 +1,23 @@
package org.springframework.security.vote;
-import static org.junit.Assert.*;
+import static org.junit.Assert.assertEquals;
import org.junit.Test;
-import org.springframework.security.ConfigAttributeDefinition;
+import org.springframework.security.SecurityConfig;
import org.springframework.security.providers.TestingAuthenticationToken;
import org.springframework.security.userdetails.hierarchicalroles.RoleHierarchyImpl;
public class RoleHierarchyVoterTests {
- @Test
- public void hierarchicalRoleIsIncludedInDecision() {
+ @Test
+ public void hierarchicalRoleIsIncludedInDecision() {
RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl();
roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B");
// User has role A, role B is required
TestingAuthenticationToken auth = new TestingAuthenticationToken("user", "password", "ROLE_A");
RoleHierarchyVoter voter = new RoleHierarchyVoter(roleHierarchyImpl);
- ConfigAttributeDefinition config = new ConfigAttributeDefinition("ROLE_B");
-
- assertEquals(RoleHierarchyVoter.ACCESS_GRANTED, voter.vote(auth, new Object(), config));
- }
+
+ assertEquals(RoleHierarchyVoter.ACCESS_GRANTED, voter.vote(auth, new Object(), SecurityConfig.createList("ROLE_B")));
+ }
}
diff --git a/core/src/test/java/org/springframework/security/vote/UnanimousBasedTests.java b/core/src/test/java/org/springframework/security/vote/UnanimousBasedTests.java
index 51ec11e0c1..cc8be6f055 100644
--- a/core/src/test/java/org/springframework/security/vote/UnanimousBasedTests.java
+++ b/core/src/test/java/org/springframework/security/vote/UnanimousBasedTests.java
@@ -15,18 +15,18 @@
package org.springframework.security.vote;
+import java.util.List;
+import java.util.Vector;
+
import junit.framework.TestCase;
import org.springframework.security.AccessDeniedException;
-import org.springframework.security.ConfigAttributeDefinition;
+import org.springframework.security.ConfigAttribute;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
-
+import org.springframework.security.SecurityConfig;
import org.springframework.security.providers.TestingAuthenticationToken;
-import java.util.List;
-import java.util.Vector;
-
/**
* Tests {@link UnanimousBased}.
@@ -86,7 +86,7 @@ public class UnanimousBasedTests extends TestCase {
TestingAuthenticationToken auth = makeTestToken();
UnanimousBased mgr = makeDecisionManager();
- ConfigAttributeDefinition config = new ConfigAttributeDefinition(new String[]{"ROLE_1", "DENY_FOR_SURE"});
+ List config = SecurityConfig.createList(new String[]{"ROLE_1", "DENY_FOR_SURE"});
try {
mgr.decide(auth, new Object(), config);
@@ -100,7 +100,7 @@ public class UnanimousBasedTests extends TestCase {
TestingAuthenticationToken auth = makeTestToken();
UnanimousBased mgr = makeDecisionManager();
- ConfigAttributeDefinition config = new ConfigAttributeDefinition("ROLE_2");
+ List config = SecurityConfig.createList("ROLE_2");
mgr.decide(auth, new Object(), config);
assertTrue(true);
@@ -110,7 +110,7 @@ public class UnanimousBasedTests extends TestCase {
TestingAuthenticationToken auth = makeTestToken();
UnanimousBased mgr = makeDecisionManager();
- ConfigAttributeDefinition config = new ConfigAttributeDefinition("ROLE_WE_DO_NOT_HAVE");
+ List config = SecurityConfig.createList("ROLE_WE_DO_NOT_HAVE");
try {
mgr.decide(auth, new Object(), config);
@@ -124,7 +124,7 @@ public class UnanimousBasedTests extends TestCase {
TestingAuthenticationToken auth = makeTestTokenWithFooBarPrefix();
UnanimousBased mgr = makeDecisionManagerWithFooBarPrefix();
- ConfigAttributeDefinition config = new ConfigAttributeDefinition(new String[]{"FOOBAR_1", "FOOBAR_2"});
+ List config = SecurityConfig.createList(new String[]{"FOOBAR_1", "FOOBAR_2"});
mgr.decide(auth, new Object(), config);
assertTrue(true);
@@ -136,7 +136,7 @@ public class UnanimousBasedTests extends TestCase {
assertTrue(!mgr.isAllowIfAllAbstainDecisions()); // check default
- ConfigAttributeDefinition config = new ConfigAttributeDefinition("IGNORED_BY_ALL");
+ List config = SecurityConfig.createList("IGNORED_BY_ALL");
try {
mgr.decide(auth, new Object(), config);
@@ -152,7 +152,7 @@ public class UnanimousBasedTests extends TestCase {
mgr.setAllowIfAllAbstainDecisions(true);
assertTrue(mgr.isAllowIfAllAbstainDecisions()); // check changed
- ConfigAttributeDefinition config = new ConfigAttributeDefinition("IGNORED_BY_ALL");
+ List config = SecurityConfig.createList("IGNORED_BY_ALL");
mgr.decide(auth, new Object(), config);
assertTrue(true);
@@ -162,7 +162,7 @@ public class UnanimousBasedTests extends TestCase {
TestingAuthenticationToken auth = makeTestToken();
UnanimousBased mgr = makeDecisionManager();
- ConfigAttributeDefinition config = new ConfigAttributeDefinition(new String[]{"ROLE_1", "ROLE_2"});
+ List config = SecurityConfig.createList(new String[]{"ROLE_1", "ROLE_2"});
mgr.decide(auth, new Object(), config);
assertTrue(true);
diff --git a/samples/tutorial/src/main/java/bigbank/Account.java b/samples/tutorial/src/main/java/bigbank/Account.java
index 1fdc1044e5..c892c13a58 100644
--- a/samples/tutorial/src/main/java/bigbank/Account.java
+++ b/samples/tutorial/src/main/java/bigbank/Account.java
@@ -5,47 +5,53 @@ package bigbank;
* encapsulate business logic (methods) and state in the domain object.
* Nevertheless, this demo is intended to reflect what people usually do,
* as opposed to what they ideally would be doing.
- *
+ *
* @author Ben Alex
* @version $Id$
*/
public class Account {
- private long id = -1;
- private String holder;
- private double balance;
-
- public Account(String holder) {
- super();
- this.holder = holder;
- }
+ private long id = -1;
+ private String holder;
+ private double balance;
+ private double overdraft = 500.00;
- public long getId() {
- return id;
- }
+ public Account(String holder) {
+ this.holder = holder;
+ }
- public void setId(long id) {
- this.id = id;
- }
+ public long getId() {
+ return id;
+ }
- public String getHolder() {
- return holder;
- }
+ public void setId(long id) {
+ this.id = id;
+ }
- public void setHolder(String holder) {
- this.holder = holder;
- }
+ public String getHolder() {
+ return holder;
+ }
- public double getBalance() {
- return balance;
- }
+ public void setHolder(String holder) {
+ this.holder = holder;
+ }
- public void setBalance(double balance) {
- this.balance = balance;
- }
+ public double getBalance() {
+ return balance;
+ }
- public String toString() {
- return "Account[id=" + id + ",balance=" + balance +",holder=" + holder + "]";
- }
+ public void setBalance(double balance) {
+ this.balance = balance;
+ }
-
+ public double getOverdraft() {
+ return overdraft;
+ }
+
+ public void setOverdraft(double overdraft) {
+ this.overdraft = overdraft;
+ }
+
+ public String toString() {
+ return "Account[id=" + id + ",balance=" + balance +",holder=" + holder + ", overdraft=" + overdraft + "]";
+ }
}
diff --git a/samples/tutorial/src/main/java/bigbank/BankService.java b/samples/tutorial/src/main/java/bigbank/BankService.java
index 90c21ccde5..587ce9109b 100644
--- a/samples/tutorial/src/main/java/bigbank/BankService.java
+++ b/samples/tutorial/src/main/java/bigbank/BankService.java
@@ -1,15 +1,16 @@
package bigbank;
-import org.springframework.security.annotation.Secured;
+import org.springframework.security.expression.annotation.PreAuthorize;
+
public interface BankService {
-
- @Secured("IS_AUTHENTICATED_ANONYMOUSLY")
- public Account readAccount(Long id);
-
- @Secured("IS_AUTHENTICATED_ANONYMOUSLY")
- public Account[] findAccounts();
-
- @Secured("ROLE_TELLER")
- public Account post(Account account, double amount);
+
+ public Account readAccount(Long id);
+
+ public Account[] findAccounts();
+
+ @PreAuthorize(
+ "hasRole('ROLE_SUPERVISOR') or " +
+ "hasRole('ROLE_TELLER') and (#account.balance + #amount >= -#account.overdraft)" )
+ public Account post(Account account, double amount);
}
diff --git a/samples/tutorial/src/main/java/bigbank/BankServiceImpl.java b/samples/tutorial/src/main/java/bigbank/BankServiceImpl.java
index e461e132d0..59ac02b0d1 100644
--- a/samples/tutorial/src/main/java/bigbank/BankServiceImpl.java
+++ b/samples/tutorial/src/main/java/bigbank/BankServiceImpl.java
@@ -4,37 +4,36 @@ import org.aspectj.lang.annotation.Pointcut;
import org.springframework.util.Assert;
public class BankServiceImpl implements BankService {
- private BankDao bankDao;
+ private BankDao bankDao;
- // Not used unless you declare a
- @Pointcut("execution(* bigbank.BankServiceImpl.*(..))")
- public void myPointcut() {}
+ // Not used unless you declare a
+ @Pointcut("execution(* bigbank.BankServiceImpl.*(..))")
+ public void myPointcut() {}
- public BankServiceImpl(BankDao bankDao) {
- Assert.notNull(bankDao);
- this.bankDao = bankDao;
- }
+ public BankServiceImpl(BankDao bankDao) {
+ Assert.notNull(bankDao);
+ this.bankDao = bankDao;
+ }
- public Account[] findAccounts() {
- return this.bankDao.findAccounts();
- }
+ public Account[] findAccounts() {
+ return this.bankDao.findAccounts();
+ }
- public Account post(Account account, double amount) {
- Assert.notNull(account);
- Assert.notNull(account.getId());
-
- // We read account bank from DAO so it reflects the latest balance
- Account a = bankDao.readAccount(account.getId());
- if (account == null) {
- throw new IllegalArgumentException("Couldn't find requested account");
- }
-
- a.setBalance(a.getBalance() + amount);
- bankDao.createOrUpdateAccount(a);
- return a;
- }
+ public Account post(Account account, double amount) {
+ Assert.notNull(account);
- public Account readAccount(Long id) {
- return bankDao.readAccount(id);
- }
+ // We read account bank from DAO so it reflects the latest balance
+ Account a = bankDao.readAccount(account.getId());
+ if (account == null) {
+ throw new IllegalArgumentException("Couldn't find requested account");
+ }
+
+ a.setBalance(a.getBalance() + amount);
+ bankDao.createOrUpdateAccount(a);
+ return a;
+ }
+
+ public Account readAccount(Long id) {
+ return bankDao.readAccount(id);
+ }
}
diff --git a/samples/tutorial/src/main/resources/applicationContext-business.xml b/samples/tutorial/src/main/resources/applicationContext-business.xml
index e1e21a97e4..698aabd9b3 100644
--- a/samples/tutorial/src/main/resources/applicationContext-business.xml
+++ b/samples/tutorial/src/main/resources/applicationContext-business.xml
@@ -3,22 +3,22 @@
-
+
-
-
-
+
+
+
-
-
+
+
-
+
-
\ No newline at end of file
+
diff --git a/samples/tutorial/src/main/webapp/WEB-INF/applicationContext-security.xml b/samples/tutorial/src/main/webapp/WEB-INF/applicationContext-security.xml
index 5b05501436..e0cfbff4bf 100644
--- a/samples/tutorial/src/main/webapp/WEB-INF/applicationContext-security.xml
+++ b/samples/tutorial/src/main/webapp/WEB-INF/applicationContext-security.xml
@@ -9,26 +9,26 @@
+ xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
+ http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.5.xsd">
-
-
-
+
+
+
-
+ -->
-
+
Custom VotersIt is also possible to implement a custom
@@ -288,7 +288,7 @@ boolean supports(Class clazz);
illustrates Spring Security's
AfterInvocationManager and its concrete
implementations.
-
+
After Invocation Implementation
@@ -299,7 +299,7 @@ boolean supports(Class clazz);
-
+
@@ -455,7 +455,7 @@ boolean supports(Class clazz);
-
+
]]> In the above example, the Contact will be
@@ -486,7 +486,7 @@ boolean supports(Class clazz);
-
+
]]>
As you can imagine, the returned Object
must be a Collection or array for this provider
@@ -501,7 +501,7 @@ boolean supports(Class clazz);
Authorization Tag Libraries
-
+
AuthorizeTag is used to include content if
the current principal holds certain
@@ -592,4 +592,4 @@ boolean supports(Class clazz);
works exactly the samae as
AccessControlListTag.
-
\ No newline at end of file
+
diff --git a/src/docbkx/runas-auth-provider.xml b/src/docbkx/runas-auth-provider.xml
index 3abfdf6c0f..ae24cd37aa 100644
--- a/src/docbkx/runas-auth-provider.xml
+++ b/src/docbkx/runas-auth-provider.xml
@@ -1,9 +1,9 @@
Run-As Authentication Replacement
-
-
+
+
Overview
-
+
The AbstractSecurityInterceptor is able to
temporarily replace the Authentication object in
the SecurityContext and
@@ -15,7 +15,7 @@
RunAsManager will indicate the replacement
Authentication object, if any, that should be used
during the SecurityInterceptorCallback.
-
+
By temporarily replacing the Authentication
object during the secure object callback phase, the secured invocation
will be able to call other objects which require different
@@ -27,17 +27,17 @@
SecurityContextHolder, these run-as replacements
are particularly useful when calling remote web services
-
+
ConfigurationA RunAsManager interface is provided by Spring Security:
- Authentication buildRunAs(Authentication authentication, Object object, ConfigAttributeDefinition config);
+ Authentication buildRunAs(Authentication authentication, Object object, List<ConfigAttribute> config);
boolean supports(ConfigAttribute attribute);
boolean supports(Class clazz);
-
+
The first method returns the Authentication
object that should replace the existing
Authentication object for the duration of the
@@ -49,7 +49,7 @@
interceptor implementation to ensure the configured
RunAsManager supports the type of secure object
that the security interceptor will present.
-
+
One concrete implementation of a RunAsManager
is provided with Spring Security. The
RunAsManagerImpl class returns a replacement
@@ -68,7 +68,7 @@
RUN_AS_SERVER will result in the replacement
RunAsUserToken containing a
ROLE_RUN_AS_SERVER granted authority.
-
+
The replacement RunAsUserToken is just like
any other Authentication object. It needs to be
authenticated by the AuthenticationManager,
@@ -77,7 +77,7 @@
RunAsImplAuthenticationProvider performs such
authentication. It simply accepts as valid any
RunAsUserToken presented.
-
+
To ensure malicious code does not create a
RunAsUserToken and present it for guaranteed
acceptance by the RunAsImplAuthenticationProvider,
@@ -101,4 +101,4 @@
RunAsUserToken is immutable after creation for
security reasons
-
\ No newline at end of file
+
diff --git a/src/docbkx/secured-objects.xml b/src/docbkx/secured-objects.xml
index aa079a0ca5..e994138a38 100644
--- a/src/docbkx/secured-objects.xml
+++ b/src/docbkx/secured-objects.xml
@@ -5,32 +5,32 @@
AOP Alliance (MethodInvocation) Security Interceptor
-
+
- Prior to Spring Security 2.0, securing MethodInvocations needed quite a
- lot of boiler plate configuration. Now the recommended approach for method security
+ Prior to Spring Security 2.0, securing MethodInvocations needed quite a
+ lot of boiler plate configuration. Now the recommended approach for method security
is to use namespace configuration.
- This way the method security infrastructure beans are configured automatically for you so you don't really need to
+ This way the method security infrastructure beans are configured automatically for you so you don't really need to
know about the implementation classes. We'll just provide a quick overview of the classes that are involved here.
Method security in enforced using a MethodSecurityInterceptor, which secures
- MethodInvocations. Depending on the configuration approach, an interceptor may be specific to a single
+ MethodInvocations. Depending on the configuration approach, an interceptor may be specific to a single
bean or shared between multiple beans. The interceptor uses a MethodDefinitionSource
- instance to obtain the configuration attributes that apply to a particular method invocation.
- MapBasedMethodDefinitionSource is used to store configuration attributes keyed by method names
+ instance to obtain the configuration attributes that apply to a particular method invocation.
+ MapBasedMethodDefinitionSource is used to store configuration attributes keyed by method names
(which can be wildcarded) and will be used internally when the attributes are defined in the application context using
the <intercept-methods> or <protect-point> elements. Other implementations
will be used to handle annotation-based configuration.
-
+
Explicit MethodSecurityIterceptor Configuration
You can of course configure a MethodSecurityIterceptor directly in your application context
for use with one of Spring AOP's proxying mechanisms:
-
@@ -42,7 +42,7 @@
org.springframework.security.context.BankManager.getBalance=ROLE_TELLER,ROLE_SUPERVISOR
- ]]>
+ ]]>
@@ -119,15 +119,15 @@ pointcut domainObjectInstanceExecution(): target(PersistableEntity)
Object around(): domainObjectInstanceExecution() {
if (this.securityInterceptor == null) {
- return proceed();
+ return proceed();
}
-
+
AspectJCallback callback = new AspectJCallback() {
public Object proceedWithObject() {
return proceed();
}
};
-
+
return this.securityInterceptor.invoke(thisJoinPoint, callback);
}
@@ -178,13 +178,13 @@ public void afterPropertiesSet() throws Exception {
FilterInvocation Security InterceptorTo secure FilterInvocations, developers need
- to add a FilterSecurityInterceptor to their filter chain.
+ to add a FilterSecurityInterceptor to their filter chain.
A typical configuration example is provided below:In the application context you will need to configure three
beans:
-
+
@@ -204,8 +204,8 @@ public void afterPropertiesSet() throws Exception {
-
-
+
+
]]>
@@ -245,7 +245,7 @@ public void afterPropertiesSet() throws Exception {
Level Design section of this document.
The FilterSecurityInterceptor can be
- configured with configuration attributes in two ways. The first,
+ configured with configuration attributes in two ways. The first,
which is shown above, is using the <filter-invocation-definition-source>
namespace element. This is similar to the <filter-chain-map>
used to configure a FilterChainProxy but the <intercept-url>
@@ -254,7 +254,7 @@ public void afterPropertiesSet() throws Exception {
ObjectDefinitionSource, although this is beyond the
scope of this document. Irrespective of the approach used, the
ObjectDefinitionSource is responsible for returning
- a ConfigAttributeDefinition object that contains
+ a List<ConfigAttribute> containing
all of the configuration attributes associated with a single secure
HTTP URL.
@@ -271,7 +271,7 @@ public void afterPropertiesSet() throws Exception {
little relevance to most users of the
FilterSecurityInterceptor.
- When using the namespace option to configure the interceptor,
+ When using the namespace option to configure the interceptor,
commas are used to delimit the different configuration
attributes that apply to each HTTP URL. Each configuration attribute
is assigned into its own SecurityConfig object. The
@@ -299,7 +299,7 @@ public void afterPropertiesSet() throws Exception {
-
+
]]>
@@ -324,4 +324,4 @@ public void afterPropertiesSet() throws Exception {
RunAsManager. If neither of these can process a
given configuration attribute, an exception is thrown.
-
\ No newline at end of file
+