mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-06-30 15:52:15 +00:00
SEC-1013: Refactored out use of ConfigAttributeDefinition from remaining interfaces
This commit is contained in:
Luke Taylor
parent
c7abdadc06
commit
a7d046357b
@ -14,21 +14,19 @@
|
||||
*/
|
||||
package org.springframework.security.afterinvocation;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.springframework.security.AccessDeniedException;
|
||||
import org.springframework.security.Authentication;
|
||||
import org.springframework.security.AuthorizationServiceException;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
|
||||
import org.springframework.security.acls.AclService;
|
||||
import org.springframework.security.acls.Permission;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.Iterator;
|
||||
|
||||
|
||||
/**
|
||||
* <p>
|
||||
@ -75,7 +73,7 @@ public class AclEntryAfterInvocationCollectionFilteringProvider extends Abstract
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
|
||||
public Object decide(Authentication authentication, Object object, List<ConfigAttribute> config,
|
||||
Object returnedObject) throws AccessDeniedException {
|
||||
|
||||
if (returnedObject == null) {
|
||||
@ -86,7 +84,7 @@ public class AclEntryAfterInvocationCollectionFilteringProvider extends Abstract
|
||||
return null;
|
||||
}
|
||||
|
||||
Iterator iter = config.getConfigAttributes().iterator();
|
||||
Iterator iter = config.iterator();
|
||||
|
||||
while (iter.hasNext()) {
|
||||
ConfigAttribute attr = (ConfigAttribute) iter.next();
|
||||
|
||||
@ -14,23 +14,20 @@
|
||||
*/
|
||||
package org.springframework.security.afterinvocation;
|
||||
|
||||
import org.springframework.security.AccessDeniedException;
|
||||
import org.springframework.security.SpringSecurityMessageSource;
|
||||
import org.springframework.security.Authentication;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
|
||||
import org.springframework.security.acls.AclService;
|
||||
import org.springframework.security.acls.Permission;
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
|
||||
import org.springframework.context.MessageSource;
|
||||
import org.springframework.context.MessageSourceAware;
|
||||
import org.springframework.context.support.MessageSourceAccessor;
|
||||
|
||||
import java.util.Iterator;
|
||||
import org.springframework.security.AccessDeniedException;
|
||||
import org.springframework.security.Authentication;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.SpringSecurityMessageSource;
|
||||
import org.springframework.security.acls.AclService;
|
||||
import org.springframework.security.acls.Permission;
|
||||
|
||||
|
||||
/**
|
||||
@ -74,10 +71,10 @@ public class AclEntryAfterInvocationProvider extends AbstractAclProvider impleme
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
|
||||
public Object decide(Authentication authentication, Object object, List<ConfigAttribute> config,
|
||||
Object returnedObject) throws AccessDeniedException {
|
||||
|
||||
Iterator iter = config.getConfigAttributes().iterator();
|
||||
Iterator iter = config.iterator();
|
||||
|
||||
if (returnedObject == null) {
|
||||
// AclManager interface contract prohibits nulls
|
||||
|
||||
@ -17,11 +17,11 @@ package org.springframework.security.vote;
|
||||
import java.lang.reflect.InvocationTargetException;
|
||||
import java.lang.reflect.Method;
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
|
||||
import org.springframework.security.Authentication;
|
||||
import org.springframework.security.AuthorizationServiceException;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
import org.springframework.security.acls.Acl;
|
||||
import org.springframework.security.acls.AclService;
|
||||
import org.springframework.security.acls.NotFoundException;
|
||||
@ -150,11 +150,9 @@ public class AclEntryVoter extends AbstractAclVoter {
|
||||
}
|
||||
}
|
||||
|
||||
public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config) {
|
||||
Iterator iter = config.getConfigAttributes().iterator();
|
||||
public int vote(Authentication authentication, Object object, List<ConfigAttribute> attributes) {
|
||||
|
||||
while (iter.hasNext()) {
|
||||
ConfigAttribute attr = (ConfigAttribute) iter.next();
|
||||
for(ConfigAttribute attr : attributes) {
|
||||
|
||||
if (!this.supports(attr)) {
|
||||
continue;
|
||||
|
||||
@ -15,6 +15,8 @@
|
||||
|
||||
package org.springframework.security;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* Makes a final access control (authorization) decision.
|
||||
*
|
||||
@ -29,14 +31,14 @@ public interface AccessDecisionManager {
|
||||
*
|
||||
* @param authentication the caller invoking the method
|
||||
* @param object the secured object being called
|
||||
* @param config the configuration attributes associated with the secured object being invoked
|
||||
* @param configAttributes the configuration attributes associated with the secured object being invoked
|
||||
*
|
||||
* @throws AccessDeniedException if access is denied as the authentication does not hold a required authority or
|
||||
* ACL privilege
|
||||
* @throws InsufficientAuthenticationException if access is denied as the authentication does not provide a
|
||||
* sufficient level of trust
|
||||
*/
|
||||
void decide(Authentication authentication, Object object, ConfigAttributeDefinition config)
|
||||
void decide(Authentication authentication, Object object, List<ConfigAttribute> configAttributes)
|
||||
throws AccessDeniedException, InsufficientAuthenticationException;
|
||||
|
||||
/**
|
||||
|
||||
@ -15,6 +15,8 @@
|
||||
|
||||
package org.springframework.security;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* Reviews the <code>Object</code> returned from a secure object invocation,
|
||||
* being able to modify the <code>Object</code> or throw an {@link
|
||||
@ -60,7 +62,7 @@ public interface AfterInvocationManager {
|
||||
*
|
||||
* @throws AccessDeniedException if access is denied
|
||||
*/
|
||||
Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
|
||||
Object decide(Authentication authentication, Object object, List<ConfigAttribute> config,
|
||||
Object returnedObject) throws AccessDeniedException;
|
||||
|
||||
/**
|
||||
|
||||
@ -27,12 +27,9 @@ import java.io.Serializable;
|
||||
* patterns. These configuration attributes have special meaning to a {@link
|
||||
* RunAsManager}, {@link AccessDecisionManager} or
|
||||
* <code>AccessDecisionManager</code> delegate.
|
||||
* </p>
|
||||
*
|
||||
* <P>
|
||||
* Stored at runtime with other <code>ConfigAttribute</code>s for the same
|
||||
* secure object target within a {@link ConfigAttributeDefinition}.
|
||||
* </p>
|
||||
* <p>
|
||||
* Stored at runtime with other <code>ConfigAttribute</code>s for the same secure object target.
|
||||
*
|
||||
* @author Ben Alex
|
||||
* @version $Id$
|
||||
|
||||
@ -20,7 +20,7 @@ import org.springframework.util.StringUtils;
|
||||
import java.beans.PropertyEditorSupport;
|
||||
|
||||
/**
|
||||
* A property editor that can create a populated {@link ConfigAttributeDefinition} from a comma separated list of
|
||||
* A property editor that can create a populated {@link List<ConfigAttribute>} from a comma separated list of
|
||||
* values.
|
||||
* <p>
|
||||
* Trims preceding and trailing spaces from presented command separated tokens, as this can be a source
|
||||
|
||||
@ -15,6 +15,8 @@
|
||||
|
||||
package org.springframework.security;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* Creates a new temporary {@link Authentication} object for the current secure
|
||||
* object invocation only.
|
||||
@ -71,7 +73,7 @@ public interface RunAsManager {
|
||||
* @return a replacement object to be used for duration of the secure object invocation, or <code>null</code> if
|
||||
* the <code>Authentication</code> should be left as is
|
||||
*/
|
||||
Authentication buildRunAs(Authentication authentication, Object object, ConfigAttributeDefinition config);
|
||||
Authentication buildRunAs(Authentication authentication, Object object, List<ConfigAttribute> config);
|
||||
|
||||
/**
|
||||
* Indicates whether this <code>RunAsManager</code> is able to process the passed
|
||||
|
||||
@ -15,10 +15,11 @@
|
||||
|
||||
package org.springframework.security.afterinvocation;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import org.springframework.security.AccessDeniedException;
|
||||
import org.springframework.security.Authentication;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
|
||||
|
||||
/**
|
||||
@ -30,7 +31,7 @@ import org.springframework.security.ConfigAttributeDefinition;
|
||||
public interface AfterInvocationProvider {
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
|
||||
Object decide(Authentication authentication, Object object, List<ConfigAttribute> config,
|
||||
Object returnedObject) throws AccessDeniedException;
|
||||
|
||||
/**
|
||||
|
||||
@ -19,8 +19,6 @@ import org.springframework.security.AccessDeniedException;
|
||||
import org.springframework.security.AfterInvocationManager;
|
||||
import org.springframework.security.Authentication;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
|
||||
@ -35,7 +33,7 @@ import java.util.List;
|
||||
* Provider-based implementation of {@link AfterInvocationManager}.<p>Handles configuration of a bean context
|
||||
* defined list of {@link AfterInvocationProvider}s.</p>
|
||||
* <p>Every <code>AfterInvocationProvider</code> will be polled when the {@link #decide(Authentication, Object,
|
||||
* ConfigAttributeDefinition, Object)} method is called. The <code>Object</code> returned from each provider will be
|
||||
* List<ConfigAttribute>, Object)} method is called. The <code>Object</code> returned from each provider will be
|
||||
* presented to the successive provider for processing. This means each provider <b>must</b> ensure they return the
|
||||
* <code>Object</code>, even if they are not interested in the "after invocation" decision (perhaps as the secure
|
||||
* object invocation did not include a configuration attribute a given provider is configured to respond to).</p>
|
||||
@ -64,7 +62,7 @@ public class AfterInvocationProviderManager implements AfterInvocationManager, I
|
||||
}
|
||||
}
|
||||
|
||||
public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
|
||||
public Object decide(Authentication authentication, Object object, List<ConfigAttribute> config,
|
||||
Object returnedObject) throws AccessDeniedException {
|
||||
Iterator iter = this.providers.iterator();
|
||||
|
||||
|
||||
@ -14,27 +14,23 @@
|
||||
*/
|
||||
package org.springframework.security.afterinvocation;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
import org.springframework.security.AccessDeniedException;
|
||||
import org.springframework.security.Authentication;
|
||||
import org.springframework.security.AuthorizationServiceException;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
|
||||
import org.springframework.security.acl.AclEntry;
|
||||
import org.springframework.security.acl.AclManager;
|
||||
import org.springframework.security.acl.basic.BasicAclEntry;
|
||||
import org.springframework.security.acl.basic.SimpleAclEntry;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.Iterator;
|
||||
|
||||
|
||||
/**
|
||||
* <p>Given a <code>Collection</code> of domain object instances returned from a secure object invocation, remove
|
||||
@ -91,9 +87,9 @@ public class BasicAclEntryAfterInvocationCollectionFilteringProvider implements
|
||||
}
|
||||
}
|
||||
|
||||
public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
|
||||
public Object decide(Authentication authentication, Object object, List<ConfigAttribute> config,
|
||||
Object returnedObject) throws AccessDeniedException {
|
||||
Iterator iter = config.getConfigAttributes().iterator();
|
||||
Iterator iter = config.iterator();
|
||||
|
||||
while (iter.hasNext()) {
|
||||
ConfigAttribute attr = (ConfigAttribute) iter.next();
|
||||
|
||||
@ -15,31 +15,26 @@
|
||||
|
||||
package org.springframework.security.afterinvocation;
|
||||
|
||||
import org.springframework.security.AccessDeniedException;
|
||||
import org.springframework.security.SpringSecurityMessageSource;
|
||||
import org.springframework.security.Authentication;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
|
||||
import org.springframework.security.acl.AclEntry;
|
||||
import org.springframework.security.acl.AclManager;
|
||||
import org.springframework.security.acl.basic.BasicAclEntry;
|
||||
import org.springframework.security.acl.basic.SimpleAclEntry;
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
|
||||
import org.springframework.context.MessageSource;
|
||||
import org.springframework.context.MessageSourceAware;
|
||||
import org.springframework.context.i18n.LocaleContextHolder;
|
||||
import org.springframework.context.support.MessageSourceAccessor;
|
||||
|
||||
import org.springframework.security.AccessDeniedException;
|
||||
import org.springframework.security.Authentication;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.SpringSecurityMessageSource;
|
||||
import org.springframework.security.acl.AclEntry;
|
||||
import org.springframework.security.acl.AclManager;
|
||||
import org.springframework.security.acl.basic.BasicAclEntry;
|
||||
import org.springframework.security.acl.basic.SimpleAclEntry;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
import java.util.Iterator;
|
||||
|
||||
/**
|
||||
* <p>Given a domain object instance returned from a secure object invocation, ensures the principal has
|
||||
* appropriate permission as defined by the {@link AclManager}.</p>
|
||||
@ -90,9 +85,9 @@ public class BasicAclEntryAfterInvocationProvider implements AfterInvocationProv
|
||||
}
|
||||
}
|
||||
|
||||
public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
|
||||
public Object decide(Authentication authentication, Object object, List<ConfigAttribute> config,
|
||||
Object returnedObject) throws AccessDeniedException {
|
||||
Iterator iter = config.getConfigAttributes().iterator();
|
||||
Iterator iter = config.iterator();
|
||||
|
||||
while (iter.hasNext()) {
|
||||
ConfigAttribute attr = (ConfigAttribute) iter.next();
|
||||
|
||||
@ -27,7 +27,6 @@ import javax.annotation.security.RolesAllowed;
|
||||
|
||||
import org.springframework.core.annotation.AnnotationUtils;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
import org.springframework.security.intercept.method.AbstractFallbackMethodDefinitionSource;
|
||||
|
||||
|
||||
@ -48,7 +47,7 @@ public class Jsr250MethodDefinitionSource extends AbstractFallbackMethodDefiniti
|
||||
return processAnnotations(AnnotationUtils.getAnnotations(method));
|
||||
}
|
||||
|
||||
public Collection<List<? extends ConfigAttribute>> getConfigAttributeDefinitions() {
|
||||
public Collection<List<? extends ConfigAttribute>> getAllConfigAttributes() {
|
||||
return null;
|
||||
}
|
||||
|
||||
|
||||
@ -2,11 +2,11 @@ package org.springframework.security.annotation;
|
||||
|
||||
import org.springframework.security.GrantedAuthority;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
import org.springframework.security.Authentication;
|
||||
import org.springframework.security.vote.AccessDecisionVoter;
|
||||
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* Voter on JSR-250 configuration attributes.
|
||||
@ -44,9 +44,9 @@ public class Jsr250Voter implements AccessDecisionVoter {
|
||||
* @param definition The configuration definition.
|
||||
* @return The vote.
|
||||
*/
|
||||
public int vote(Authentication authentication, Object object, ConfigAttributeDefinition definition) {
|
||||
public int vote(Authentication authentication, Object object, List<ConfigAttribute> definition) {
|
||||
int result = ACCESS_ABSTAIN;
|
||||
Iterator iter = definition.getConfigAttributes().iterator();
|
||||
Iterator iter = definition.iterator();
|
||||
|
||||
while (iter.hasNext()) {
|
||||
ConfigAttribute attribute = (ConfigAttribute) iter.next();
|
||||
|
||||
@ -43,7 +43,7 @@ public class SecuredMethodDefinitionSource extends AbstractFallbackMethodDefinit
|
||||
return processAnnotation(AnnotationUtils.findAnnotation(method, Secured.class));
|
||||
}
|
||||
|
||||
public Collection<List<? extends ConfigAttribute>> getConfigAttributeDefinitions() {
|
||||
public Collection<List<? extends ConfigAttribute>> getAllConfigAttributes() {
|
||||
return null;
|
||||
}
|
||||
|
||||
|
||||
@ -17,7 +17,6 @@ import org.springframework.beans.factory.config.BeanPostProcessor;
|
||||
import org.springframework.core.OrderComparator;
|
||||
import org.springframework.core.Ordered;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
import org.springframework.security.config.ConfigUtils.FilterChainList;
|
||||
import org.springframework.security.context.HttpSessionContextIntegrationFilter;
|
||||
import org.springframework.security.intercept.web.DefaultFilterInvocationDefinitionSource;
|
||||
@ -160,8 +159,6 @@ public class FilterChainProxyPostProcessor implements BeanPostProcessor, BeanFac
|
||||
return;
|
||||
}
|
||||
|
||||
ConfigAttributeDefinition cad = new ConfigAttributeDefinition(fids.lookupAttributes(loginPage, "POST"));
|
||||
|
||||
if (!beanFactory.containsBean(BeanIds.ANONYMOUS_PROCESSING_FILTER)) {
|
||||
logger.warn("The login page is being protected by the filter chain, but you don't appear to have" +
|
||||
" anonymous authentication enabled. This is almost certainly an error.");
|
||||
@ -174,7 +171,7 @@ public class FilterChainProxyPostProcessor implements BeanPostProcessor, BeanFac
|
||||
new AnonymousAuthenticationToken("key", anonPF.getUserAttribute().getPassword(),
|
||||
anonPF.getUserAttribute().getAuthorities());
|
||||
try {
|
||||
fsi.getAccessDecisionManager().decide(token, new Object(), cad);
|
||||
fsi.getAccessDecisionManager().decide(token, new Object(), fids.lookupAttributes(loginPage, "POST"));
|
||||
} catch (Exception e) {
|
||||
logger.warn("Anonymous access to the login page doesn't appear to be enabled. This is almost certainly " +
|
||||
"an error. Please check your configuration allows unauthenticated access to the configured " +
|
||||
|
||||
@ -12,13 +12,11 @@ import org.springframework.beans.factory.config.BeanDefinition;
|
||||
import org.springframework.beans.factory.config.RuntimeBeanReference;
|
||||
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
|
||||
import org.springframework.beans.factory.support.BeanDefinitionRegistry;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.beans.factory.support.ManagedList;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.beans.factory.xml.BeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
import org.springframework.security.ConfigAttributeEditor;
|
||||
import org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter;
|
||||
import org.springframework.security.context.HttpSessionContextIntegrationFilter;
|
||||
import org.springframework.security.intercept.web.DefaultFilterInvocationDefinitionSource;
|
||||
import org.springframework.security.intercept.web.FilterSecurityInterceptor;
|
||||
@ -26,17 +24,18 @@ import org.springframework.security.intercept.web.RequestKey;
|
||||
import org.springframework.security.securechannel.ChannelDecisionManagerImpl;
|
||||
import org.springframework.security.securechannel.ChannelProcessingFilter;
|
||||
import org.springframework.security.securechannel.InsecureChannelProcessor;
|
||||
import org.springframework.security.securechannel.SecureChannelProcessor;
|
||||
import org.springframework.security.securechannel.RetryWithHttpEntryPoint;
|
||||
import org.springframework.security.securechannel.RetryWithHttpsEntryPoint;
|
||||
import org.springframework.security.securechannel.SecureChannelProcessor;
|
||||
import org.springframework.security.ui.AccessDeniedHandlerImpl;
|
||||
import org.springframework.security.ui.ExceptionTranslationFilter;
|
||||
import org.springframework.security.ui.SessionFixationProtectionFilter;
|
||||
import org.springframework.security.ui.webapp.DefaultLoginPageGeneratingFilter;
|
||||
import org.springframework.security.util.AntUrlPathMatcher;
|
||||
import org.springframework.security.util.FilterChainProxy;
|
||||
import org.springframework.security.util.RegexUrlPathMatcher;
|
||||
import org.springframework.security.util.AntUrlPathMatcher;
|
||||
import org.springframework.security.util.UrlMatcher;
|
||||
import org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter;
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.springframework.util.xml.DomUtils;
|
||||
import org.w3c.dom.Element;
|
||||
@ -603,7 +602,7 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
|
||||
|
||||
String access = urlElt.getAttribute(ATT_ACCESS_CONFIG);
|
||||
|
||||
// Convert the comma-separated list of access attributes to a ConfigAttributeDefinition
|
||||
// Convert the comma-separated list of access attributes to a List<ConfigAttribute>
|
||||
if (StringUtils.hasText(access)) {
|
||||
editor.setAsText(access);
|
||||
Object key = new RequestKey(path, method);
|
||||
|
||||
@ -15,8 +15,10 @@
|
||||
|
||||
package org.springframework.security.event.authorization;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import org.springframework.security.AuthenticationCredentialsNotFoundException;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
|
||||
|
||||
/**
|
||||
@ -30,36 +32,34 @@ public class AuthenticationCredentialsNotFoundEvent extends AbstractAuthorizatio
|
||||
//~ Instance fields ================================================================================================
|
||||
|
||||
private AuthenticationCredentialsNotFoundException credentialsNotFoundException;
|
||||
private ConfigAttributeDefinition configAttributeDefinition;
|
||||
private List<ConfigAttribute> configAttribs;
|
||||
|
||||
//~ Constructors ===================================================================================================
|
||||
|
||||
/**
|
||||
/**
|
||||
* Construct the event.
|
||||
*
|
||||
* @param secureObject the secure object
|
||||
* @param configAttribs that apply to the secure object
|
||||
* @param credentialsNotFoundException exception returned to the caller
|
||||
* (contains reason)
|
||||
* @param credentialsNotFoundException exception returned to the caller (contains reason)
|
||||
*
|
||||
* @throws IllegalArgumentException DOCUMENT ME!
|
||||
*/
|
||||
public AuthenticationCredentialsNotFoundEvent(Object secureObject, ConfigAttributeDefinition configAttribs,
|
||||
AuthenticationCredentialsNotFoundException credentialsNotFoundException) {
|
||||
public AuthenticationCredentialsNotFoundEvent(Object secureObject, List<ConfigAttribute> configAttribs,
|
||||
AuthenticationCredentialsNotFoundException credentialsNotFoundException) {
|
||||
super(secureObject);
|
||||
|
||||
if ((configAttribs == null) || (credentialsNotFoundException == null)) {
|
||||
throw new IllegalArgumentException("All parameters are required and cannot be null");
|
||||
}
|
||||
|
||||
this.configAttributeDefinition = configAttribs;
|
||||
this.configAttribs = configAttribs;
|
||||
this.credentialsNotFoundException = credentialsNotFoundException;
|
||||
}
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
public ConfigAttributeDefinition getConfigAttributeDefinition() {
|
||||
return configAttributeDefinition;
|
||||
public List<ConfigAttribute> getConfigAttributes() {
|
||||
return configAttribs;
|
||||
}
|
||||
|
||||
public AuthenticationCredentialsNotFoundException getCredentialsNotFoundException() {
|
||||
|
||||
@ -15,9 +15,11 @@
|
||||
|
||||
package org.springframework.security.event.authorization;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import org.springframework.security.AccessDeniedException;
|
||||
import org.springframework.security.Authentication;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
|
||||
|
||||
/**
|
||||
@ -36,7 +38,7 @@ public class AuthorizationFailureEvent extends AbstractAuthorizationEvent {
|
||||
|
||||
private AccessDeniedException accessDeniedException;
|
||||
private Authentication authentication;
|
||||
private ConfigAttributeDefinition configAttributeDefinition;
|
||||
private List<ConfigAttribute> configAttributeDefinition;
|
||||
|
||||
//~ Constructors ===================================================================================================
|
||||
|
||||
@ -51,7 +53,7 @@ public class AuthorizationFailureEvent extends AbstractAuthorizationEvent {
|
||||
*
|
||||
* @throws IllegalArgumentException if any null arguments are presented.
|
||||
*/
|
||||
public AuthorizationFailureEvent(Object secureObject, ConfigAttributeDefinition configAttribs,
|
||||
public AuthorizationFailureEvent(Object secureObject, List<ConfigAttribute> configAttribs,
|
||||
Authentication authentication, AccessDeniedException accessDeniedException) {
|
||||
super(secureObject);
|
||||
|
||||
@ -74,7 +76,7 @@ public class AuthorizationFailureEvent extends AbstractAuthorizationEvent {
|
||||
return authentication;
|
||||
}
|
||||
|
||||
public ConfigAttributeDefinition getConfigAttributeDefinition() {
|
||||
public List<ConfigAttribute> getConfigAttributes() {
|
||||
return configAttributeDefinition;
|
||||
}
|
||||
}
|
||||
|
||||
@ -15,8 +15,10 @@
|
||||
|
||||
package org.springframework.security.event.authorization;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import org.springframework.security.Authentication;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
|
||||
|
||||
/**
|
||||
@ -30,20 +32,19 @@ public class AuthorizedEvent extends AbstractAuthorizationEvent {
|
||||
//~ Instance fields ================================================================================================
|
||||
|
||||
private Authentication authentication;
|
||||
private ConfigAttributeDefinition configAttributeDefinition;
|
||||
private List<ConfigAttribute> configAttributeDefinition;
|
||||
|
||||
//~ Constructors ===================================================================================================
|
||||
|
||||
/**
|
||||
/**
|
||||
* Construct the event.
|
||||
*
|
||||
* @param secureObject the secure object
|
||||
* @param configAttribs that apply to the secure object
|
||||
* @param authentication that successfully called the secure object
|
||||
*
|
||||
* @throws IllegalArgumentException DOCUMENT ME!
|
||||
*/
|
||||
public AuthorizedEvent(Object secureObject, ConfigAttributeDefinition configAttribs, Authentication authentication) {
|
||||
public AuthorizedEvent(Object secureObject, List<ConfigAttribute> configAttribs, Authentication authentication) {
|
||||
super(secureObject);
|
||||
|
||||
if ((configAttribs == null) || (authentication == null)) {
|
||||
@ -60,7 +61,7 @@ public class AuthorizedEvent extends AbstractAuthorizationEvent {
|
||||
return authentication;
|
||||
}
|
||||
|
||||
public ConfigAttributeDefinition getConfigAttributeDefinition() {
|
||||
public List<ConfigAttribute> getConfigAttributes() {
|
||||
return configAttributeDefinition;
|
||||
}
|
||||
}
|
||||
|
||||
@ -46,7 +46,7 @@ public class LoggerListener implements ApplicationListener {
|
||||
if (logger.isWarnEnabled()) {
|
||||
logger.warn("Security interception failed due to: " + authEvent.getCredentialsNotFoundException()
|
||||
+ "; secure object: " + authEvent.getSource() + "; configuration attributes: "
|
||||
+ authEvent.getConfigAttributeDefinition());
|
||||
+ authEvent.getConfigAttributes());
|
||||
}
|
||||
}
|
||||
|
||||
@ -57,7 +57,7 @@ public class LoggerListener implements ApplicationListener {
|
||||
logger.warn("Security authorization failed due to: " + authEvent.getAccessDeniedException()
|
||||
+ "; authenticated principal: " + authEvent.getAuthentication()
|
||||
+ "; secure object: " + authEvent.getSource()
|
||||
+ "; configuration attributes: " + authEvent.getConfigAttributeDefinition());
|
||||
+ "; configuration attributes: " + authEvent.getConfigAttributes());
|
||||
}
|
||||
}
|
||||
|
||||
@ -67,7 +67,7 @@ public class LoggerListener implements ApplicationListener {
|
||||
if (logger.isInfoEnabled()) {
|
||||
logger.info("Security authorized for authenticated principal: " + authEvent.getAuthentication()
|
||||
+ "; secure object: " + authEvent.getSource() + "; configuration attributes: "
|
||||
+ authEvent.getConfigAttributeDefinition());
|
||||
+ authEvent.getConfigAttributes());
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -17,7 +17,7 @@ package org.springframework.security.event.authorization;
|
||||
|
||||
/**
|
||||
* Event that is generated whenever a public secure object is invoked.<p>A public secure object is a secure object
|
||||
* that has no <code>ConfigAttributeDefinition</code> defined. A public secure object will not cause the
|
||||
* that has no <code>ConfigAttribute</code>s defined. A public secure object will not cause the
|
||||
* <code>SecurityContextHolder</code> to be inspected or authenticated, and no authorization will take place.</p>
|
||||
* <p>Published just before the secure object attempts to proceed.</p>
|
||||
*
|
||||
|
||||
@ -7,6 +7,12 @@ import org.springframework.security.AuthenticationTrustResolver;
|
||||
import org.springframework.security.AuthenticationTrustResolverImpl;
|
||||
import org.springframework.security.util.AuthorityUtils;
|
||||
|
||||
/**
|
||||
* Default root object for use in Spring Security expression evaluations.
|
||||
*
|
||||
* @author Luke Taylor
|
||||
*
|
||||
*/
|
||||
public class SecurityExpressionRoot {
|
||||
private Authentication authentication;
|
||||
private AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl();
|
||||
@ -21,6 +27,9 @@ public class SecurityExpressionRoot {
|
||||
|
||||
|
||||
public SecurityExpressionRoot(Authentication a) {
|
||||
if (a == null) {
|
||||
throw new IllegalArgumentException("Authentication object cannot be null");
|
||||
}
|
||||
this.authentication = a;
|
||||
}
|
||||
|
||||
@ -56,14 +65,14 @@ public class SecurityExpressionRoot {
|
||||
return trustResolver.isRememberMe(authentication);
|
||||
}
|
||||
|
||||
public Authentication getAuthentication() {
|
||||
return authentication;
|
||||
}
|
||||
|
||||
public final boolean isFullyAuthenticated() {
|
||||
return !trustResolver.isAnonymous(authentication) && !trustResolver.isRememberMe(authentication);
|
||||
}
|
||||
|
||||
public Authentication getAuthentication() {
|
||||
return authentication;
|
||||
}
|
||||
|
||||
public void setFilterObject(Object filterObject) {
|
||||
this.filterObject = filterObject;
|
||||
}
|
||||
|
||||
@ -37,6 +37,10 @@ import org.springframework.util.ClassUtils;
|
||||
public class ExpressionAnnotationMethodDefinitionSource extends AbstractMethodDefinitionSource {
|
||||
|
||||
public List<ConfigAttribute> getAttributes(Method method, Class targetClass) {
|
||||
if (method.getDeclaringClass() == Object.class) {
|
||||
return null;
|
||||
}
|
||||
|
||||
logger.debug("Looking for expression annotations for method '" +
|
||||
method.getName() + "' on target class '" + targetClass + "'");
|
||||
PreFilter preFilter = findAnnotation(method, targetClass, PreFilter.class);
|
||||
@ -101,7 +105,7 @@ public class ExpressionAnnotationMethodDefinitionSource extends AbstractMethodDe
|
||||
return null;
|
||||
}
|
||||
|
||||
public Collection<List<? extends ConfigAttribute>> getConfigAttributeDefinitions() {
|
||||
public Collection<List<? extends ConfigAttribute>> getAllConfigAttributes() {
|
||||
return null;
|
||||
}
|
||||
|
||||
|
||||
@ -1,6 +1,7 @@
|
||||
package org.springframework.security.expression.support;
|
||||
|
||||
import java.lang.reflect.Method;
|
||||
import java.util.List;
|
||||
|
||||
import org.aopalliance.intercept.MethodInvocation;
|
||||
import org.apache.commons.logging.Log;
|
||||
@ -13,7 +14,6 @@ import org.springframework.expression.spel.standard.StandardEvaluationContext;
|
||||
import org.springframework.security.AccessDeniedException;
|
||||
import org.springframework.security.Authentication;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
import org.springframework.security.afterinvocation.AfterInvocationProvider;
|
||||
import org.springframework.security.expression.ExpressionUtils;
|
||||
import org.springframework.security.expression.SecurityExpressionRoot;
|
||||
@ -32,7 +32,7 @@ public class MethodExpressionAfterInvocationProvider implements AfterInvocationP
|
||||
|
||||
private ParameterNameDiscoverer parameterNameDiscoverer = new LocalVariableTableParameterNameDiscoverer();
|
||||
|
||||
public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config, Object returnedObject)
|
||||
public Object decide(Authentication authentication, Object object, List<ConfigAttribute> config, Object returnedObject)
|
||||
throws AccessDeniedException {
|
||||
|
||||
PostInvocationExpressionConfigAttribute mca = findMethodAccessControlExpression(config);
|
||||
@ -86,9 +86,9 @@ public class MethodExpressionAfterInvocationProvider implements AfterInvocationP
|
||||
}
|
||||
}
|
||||
|
||||
private PostInvocationExpressionConfigAttribute findMethodAccessControlExpression(ConfigAttributeDefinition config) {
|
||||
private PostInvocationExpressionConfigAttribute findMethodAccessControlExpression(List<ConfigAttribute> config) {
|
||||
// Find the MethodAccessControlExpression attribute
|
||||
for (ConfigAttribute attribute : config.getConfigAttributes()) {
|
||||
for (ConfigAttribute attribute : config) {
|
||||
if (attribute instanceof PostInvocationExpressionConfigAttribute) {
|
||||
return (PostInvocationExpressionConfigAttribute)attribute;
|
||||
}
|
||||
|
||||
@ -1,6 +1,7 @@
|
||||
package org.springframework.security.expression.support;
|
||||
|
||||
import java.lang.reflect.Method;
|
||||
import java.util.List;
|
||||
|
||||
import org.aopalliance.intercept.MethodInvocation;
|
||||
import org.apache.commons.logging.Log;
|
||||
@ -12,7 +13,6 @@ import org.springframework.expression.Expression;
|
||||
import org.springframework.expression.spel.standard.StandardEvaluationContext;
|
||||
import org.springframework.security.Authentication;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
import org.springframework.security.expression.ExpressionUtils;
|
||||
import org.springframework.security.expression.SecurityExpressionRoot;
|
||||
import org.springframework.security.vote.AccessDecisionVoter;
|
||||
@ -43,8 +43,8 @@ public class MethodExpressionVoter implements AccessDecisionVoter {
|
||||
return clazz.isAssignableFrom(MethodInvocation.class);
|
||||
}
|
||||
|
||||
public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config) {
|
||||
PreInvocationExpressionConfigAttribute mace = findMethodAccessControlExpression(config);
|
||||
public int vote(Authentication authentication, Object object, List<ConfigAttribute> attributes) {
|
||||
PreInvocationExpressionConfigAttribute mace = findMethodAccessControlExpression(attributes);
|
||||
|
||||
if (mace == null) {
|
||||
// No expression based metadata, so abstain
|
||||
@ -102,9 +102,9 @@ public class MethodExpressionVoter implements AccessDecisionVoter {
|
||||
return filterTarget;
|
||||
}
|
||||
|
||||
private PreInvocationExpressionConfigAttribute findMethodAccessControlExpression(ConfigAttributeDefinition config) {
|
||||
private PreInvocationExpressionConfigAttribute findMethodAccessControlExpression(List<ConfigAttribute> config) {
|
||||
// Find the MethodAccessControlExpression attribute
|
||||
for (ConfigAttribute attribute : config.getConfigAttributes()) {
|
||||
for (ConfigAttribute attribute : config) {
|
||||
if (attribute instanceof PreInvocationExpressionConfigAttribute) {
|
||||
return (PreInvocationExpressionConfigAttribute)attribute;
|
||||
}
|
||||
|
||||
@ -15,46 +15,37 @@
|
||||
|
||||
package org.springframework.security.intercept;
|
||||
|
||||
import org.springframework.security.AccessDecisionManager;
|
||||
import org.springframework.security.AccessDeniedException;
|
||||
import org.springframework.security.SpringSecurityMessageSource;
|
||||
import org.springframework.security.AfterInvocationManager;
|
||||
import org.springframework.security.Authentication;
|
||||
import org.springframework.security.AuthenticationCredentialsNotFoundException;
|
||||
import org.springframework.security.AuthenticationManager;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
import org.springframework.security.RunAsManager;
|
||||
|
||||
import org.springframework.security.context.SecurityContextHolder;
|
||||
|
||||
import org.springframework.security.event.authorization.AuthenticationCredentialsNotFoundEvent;
|
||||
import org.springframework.security.event.authorization.AuthorizationFailureEvent;
|
||||
import org.springframework.security.event.authorization.AuthorizedEvent;
|
||||
import org.springframework.security.event.authorization.PublicInvocationEvent;
|
||||
|
||||
import org.springframework.security.runas.NullRunAsManager;
|
||||
import java.util.Collection;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
|
||||
import org.springframework.context.ApplicationEvent;
|
||||
import org.springframework.context.ApplicationEventPublisher;
|
||||
import org.springframework.context.ApplicationEventPublisherAware;
|
||||
import org.springframework.context.MessageSource;
|
||||
import org.springframework.context.MessageSourceAware;
|
||||
import org.springframework.context.support.MessageSourceAccessor;
|
||||
|
||||
import org.springframework.security.AccessDecisionManager;
|
||||
import org.springframework.security.AccessDeniedException;
|
||||
import org.springframework.security.AfterInvocationManager;
|
||||
import org.springframework.security.Authentication;
|
||||
import org.springframework.security.AuthenticationCredentialsNotFoundException;
|
||||
import org.springframework.security.AuthenticationManager;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.RunAsManager;
|
||||
import org.springframework.security.SpringSecurityMessageSource;
|
||||
import org.springframework.security.context.SecurityContextHolder;
|
||||
import org.springframework.security.event.authorization.AuthenticationCredentialsNotFoundEvent;
|
||||
import org.springframework.security.event.authorization.AuthorizationFailureEvent;
|
||||
import org.springframework.security.event.authorization.AuthorizedEvent;
|
||||
import org.springframework.security.event.authorization.PublicInvocationEvent;
|
||||
import org.springframework.security.runas.NullRunAsManager;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
import java.util.HashSet;
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
import java.util.Collection;
|
||||
|
||||
/**
|
||||
* Abstract class that implements security interception for secure objects.
|
||||
* <p>
|
||||
@ -64,8 +55,8 @@ import java.util.Collection;
|
||||
* <li>Obtain the {@link Authentication} object from the {@link SecurityContextHolder}.</li>
|
||||
* <li>Determine if the request relates to a secured or public invocation by looking up the secure object request
|
||||
* against the {@link ObjectDefinitionSource}.</li>
|
||||
* <li>For an invocation that is secured (there is a
|
||||
* <code>ConfigAttributeDefinition</code> for the secure object invocation):
|
||||
* <li>For an invocation that is secured (there is a list of <code>ConfigAttribute</code>s for the secure
|
||||
* object invocation):
|
||||
* <ol type="a">
|
||||
* <li>If either the {@link org.springframework.security.Authentication#isAuthenticated()}
|
||||
* returns <code>false</code>, or the {@link #alwaysReauthenticate} is
|
||||
@ -88,7 +79,7 @@ import java.util.Collection;
|
||||
* the caller.</li>
|
||||
* </ol>
|
||||
* </li>
|
||||
* <li>For an invocation that is public (there is no <code>ConfigAttributeDefinition</code> for the secure object
|
||||
* <li>For an invocation that is public (there are no <code>ConfigAttribute</code>s for the secure object
|
||||
* invocation):
|
||||
* <ol type="a">
|
||||
* <li>As described above, the concrete subclass will be returned an <code>InterceptorStatusToken</code> which is
|
||||
@ -125,46 +116,6 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
/**
|
||||
* Completes the work of the <tt>AbstractSecurityInterceptor</tt> after the secure object invocation has been
|
||||
* completed.
|
||||
*
|
||||
* @param token as returned by the {@link #beforeInvocation(Object)}} method
|
||||
* @param returnedObject any object returned from the secure object invocation (may be <tt>null</tt>)
|
||||
* @return the object the secure object invocation should ultimately return to its caller (may be <tt>null</tt>)
|
||||
*/
|
||||
protected Object afterInvocation(InterceptorStatusToken token, Object returnedObject) {
|
||||
if (token == null) {
|
||||
// public object
|
||||
return returnedObject;
|
||||
}
|
||||
|
||||
if (token.isContextHolderRefreshRequired()) {
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Reverting to original Authentication: " + token.getAuthentication().toString());
|
||||
}
|
||||
|
||||
SecurityContextHolder.getContext().setAuthentication(token.getAuthentication());
|
||||
}
|
||||
|
||||
if (afterInvocationManager != null) {
|
||||
// Attempt after invocation handling
|
||||
try {
|
||||
returnedObject = afterInvocationManager.decide(token.getAuthentication(), token.getSecureObject(),
|
||||
token.getAttr(), returnedObject);
|
||||
}
|
||||
catch (AccessDeniedException accessDeniedException) {
|
||||
AuthorizationFailureEvent event = new AuthorizationFailureEvent(token.getSecureObject(), token
|
||||
.getAttr(), token.getAuthentication(), accessDeniedException);
|
||||
publishEvent(event);
|
||||
|
||||
throw accessDeniedException;
|
||||
}
|
||||
}
|
||||
|
||||
return returnedObject;
|
||||
}
|
||||
|
||||
public void afterPropertiesSet() throws Exception {
|
||||
Assert.notNull(getSecureObjectClass(), "Subclass must provide a non-null response to getSecureObjectClass()");
|
||||
Assert.notNull(this.messages, "A message source must be set");
|
||||
@ -185,11 +136,11 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
|
||||
}
|
||||
|
||||
if (this.validateConfigAttributes) {
|
||||
Collection<List<? extends ConfigAttribute>> attributeDefs = this.obtainObjectDefinitionSource().getConfigAttributeDefinitions();
|
||||
Collection<List<? extends ConfigAttribute>> attributeDefs = this.obtainObjectDefinitionSource().getAllConfigAttributes();
|
||||
|
||||
if (attributeDefs == null) {
|
||||
logger.warn("Could not validate configuration attributes as the ObjectDefinitionSource did not return "
|
||||
+ "a ConfigAttributeDefinition collection");
|
||||
+ "any attributes from getAllConfigAttributes()");
|
||||
return;
|
||||
}
|
||||
|
||||
@ -222,15 +173,9 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
|
||||
+ getSecureObjectClass());
|
||||
}
|
||||
|
||||
List<? extends ConfigAttribute> attributes = this.obtainObjectDefinitionSource().getAttributes(object);
|
||||
ConfigAttributeDefinition attr = null;
|
||||
List<ConfigAttribute> attributes = this.obtainObjectDefinitionSource().getAttributes(object);
|
||||
|
||||
// TODO: temporary until refactor security interceptor and AccessManager
|
||||
if (attributes != null) {
|
||||
attr = new ConfigAttributeDefinition(attributes);
|
||||
}
|
||||
|
||||
if (attr == null) {
|
||||
if (attributes == null) {
|
||||
if (rejectPublicInvocations) {
|
||||
throw new IllegalArgumentException(
|
||||
"No public invocations are allowed via this AbstractSecurityInterceptor. "
|
||||
@ -248,22 +193,22 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
|
||||
}
|
||||
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Secure object: " + object + "; ConfigAttributes: " + attr);
|
||||
logger.debug("Secure object: " + object + "; Attributes: " + attributes);
|
||||
}
|
||||
|
||||
if (SecurityContextHolder.getContext().getAuthentication() == null) {
|
||||
credentialsNotFound(messages.getMessage("AbstractSecurityInterceptor.authenticationNotFound",
|
||||
"An Authentication object was not found in the SecurityContext"), object, attr);
|
||||
"An Authentication object was not found in the SecurityContext"), object, attributes);
|
||||
}
|
||||
|
||||
Authentication authenticated = authenticateIfRequired();
|
||||
|
||||
// Attempt authorization
|
||||
try {
|
||||
this.accessDecisionManager.decide(authenticated, object, attr);
|
||||
this.accessDecisionManager.decide(authenticated, object, attributes);
|
||||
}
|
||||
catch (AccessDeniedException accessDeniedException) {
|
||||
AuthorizationFailureEvent event = new AuthorizationFailureEvent(object, attr, authenticated,
|
||||
AuthorizationFailureEvent event = new AuthorizationFailureEvent(object, attributes, authenticated,
|
||||
accessDeniedException);
|
||||
publishEvent(event);
|
||||
|
||||
@ -274,11 +219,11 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
|
||||
logger.debug("Authorization successful");
|
||||
}
|
||||
|
||||
AuthorizedEvent event = new AuthorizedEvent(object, attr, authenticated);
|
||||
AuthorizedEvent event = new AuthorizedEvent(object, attributes, authenticated);
|
||||
publishEvent(event);
|
||||
|
||||
// Attempt to run as a different user
|
||||
Authentication runAs = this.runAsManager.buildRunAs(authenticated, object, attr);
|
||||
Authentication runAs = this.runAsManager.buildRunAs(authenticated, object, attributes);
|
||||
|
||||
if (runAs == null) {
|
||||
if (logger.isDebugEnabled()) {
|
||||
@ -286,7 +231,7 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
|
||||
}
|
||||
|
||||
// no further work post-invocation
|
||||
return new InterceptorStatusToken(authenticated, false, attr, object);
|
||||
return new InterceptorStatusToken(authenticated, false, attributes, object);
|
||||
} else {
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Switching to RunAs Authentication: " + runAs);
|
||||
@ -295,10 +240,51 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
|
||||
SecurityContextHolder.getContext().setAuthentication(runAs);
|
||||
|
||||
// revert to token.Authenticated post-invocation
|
||||
return new InterceptorStatusToken(authenticated, true, attr, object);
|
||||
return new InterceptorStatusToken(authenticated, true, attributes, object);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Completes the work of the <tt>AbstractSecurityInterceptor</tt> after the secure object invocation has been
|
||||
* completed.
|
||||
*
|
||||
* @param token as returned by the {@link #beforeInvocation(Object)}} method
|
||||
* @param returnedObject any object returned from the secure object invocation (may be <tt>null</tt>)
|
||||
* @return the object the secure object invocation should ultimately return to its caller (may be <tt>null</tt>)
|
||||
*/
|
||||
protected Object afterInvocation(InterceptorStatusToken token, Object returnedObject) {
|
||||
if (token == null) {
|
||||
// public object
|
||||
return returnedObject;
|
||||
}
|
||||
|
||||
if (token.isContextHolderRefreshRequired()) {
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Reverting to original Authentication: " + token.getAuthentication().toString());
|
||||
}
|
||||
|
||||
SecurityContextHolder.getContext().setAuthentication(token.getAuthentication());
|
||||
}
|
||||
|
||||
if (afterInvocationManager != null) {
|
||||
// Attempt after invocation handling
|
||||
try {
|
||||
returnedObject = afterInvocationManager.decide(token.getAuthentication(), token.getSecureObject(),
|
||||
token.getAttributes(), returnedObject);
|
||||
}
|
||||
catch (AccessDeniedException accessDeniedException) {
|
||||
AuthorizationFailureEvent event = new AuthorizationFailureEvent(token.getSecureObject(), token
|
||||
.getAttributes(), token.getAuthentication(), accessDeniedException);
|
||||
publishEvent(event);
|
||||
|
||||
throw accessDeniedException;
|
||||
}
|
||||
}
|
||||
|
||||
return returnedObject;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Checks the current authentication token and passes it to the AuthenticationManager if
|
||||
* {@link org.springframework.security.Authentication#isAuthenticated()} returns false or the property
|
||||
@ -339,7 +325,7 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
|
||||
* @param secureObject that was being called
|
||||
* @param configAttribs that were defined for the secureObject
|
||||
*/
|
||||
private void credentialsNotFound(String reason, Object secureObject, ConfigAttributeDefinition configAttribs) {
|
||||
private void credentialsNotFound(String reason, Object secureObject, List<ConfigAttribute> configAttribs) {
|
||||
AuthenticationCredentialsNotFoundException exception = new AuthenticationCredentialsNotFoundException(reason);
|
||||
|
||||
AuthenticationCredentialsNotFoundEvent event = new AuthenticationCredentialsNotFoundEvent(secureObject,
|
||||
|
||||
@ -15,7 +15,10 @@
|
||||
|
||||
package org.springframework.security.intercept;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import org.springframework.security.Authentication;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
|
||||
|
||||
@ -33,14 +36,14 @@ public class InterceptorStatusToken {
|
||||
//~ Instance fields ================================================================================================
|
||||
|
||||
private Authentication authentication;
|
||||
private ConfigAttributeDefinition attr;
|
||||
private List<ConfigAttribute> attr;
|
||||
private Object secureObject;
|
||||
private boolean contextHolderRefreshRequired;
|
||||
|
||||
//~ Constructors ===================================================================================================
|
||||
|
||||
public InterceptorStatusToken(Authentication authentication, boolean contextHolderRefreshRequired,
|
||||
ConfigAttributeDefinition attr, Object secureObject) {
|
||||
List<ConfigAttribute> attr, Object secureObject) {
|
||||
this.authentication = authentication;
|
||||
this.contextHolderRefreshRequired = contextHolderRefreshRequired;
|
||||
this.attr = attr;
|
||||
@ -49,7 +52,7 @@ public class InterceptorStatusToken {
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
public ConfigAttributeDefinition getAttr() {
|
||||
public List<ConfigAttribute> getAttributes() {
|
||||
return attr;
|
||||
}
|
||||
|
||||
|
||||
@ -15,16 +15,15 @@
|
||||
|
||||
package org.springframework.security.intercept;
|
||||
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.List;
|
||||
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
|
||||
|
||||
/**
|
||||
* Implemented by classes that store and can identify the {@link
|
||||
* ConfigAttributeDefinition} that applies to a given secure object
|
||||
* ConfigAttribute}s that applies to a given secure object
|
||||
* invocation.
|
||||
*
|
||||
* @author Ben Alex
|
||||
@ -34,7 +33,7 @@ public interface ObjectDefinitionSource {
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
/**
|
||||
* Accesses the <code>ConfigAttributeDefinition</code> that applies to a given secure object.
|
||||
* Accesses the <code>ConfigAttribute</code>s that apply to a given secure object.
|
||||
* <p>Returns <code>null</code> if no attributes apply.
|
||||
*
|
||||
* @param object the object being secured
|
||||
@ -47,18 +46,18 @@ public interface ObjectDefinitionSource {
|
||||
List<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException;
|
||||
|
||||
/**
|
||||
* If available, returns all of the <code>ConfigAttributeDefinition</code>s defined by the implementing class.
|
||||
* If available, returns all of the <code>ConfigAttribute</code>s defined by the implementing class.
|
||||
* <p>
|
||||
* This is used by the {@link AbstractSecurityInterceptor} to perform startup time validation of each
|
||||
* <code>ConfigAttribute</code> configured against it.
|
||||
*
|
||||
* @return the <code>ConfigAttributeDefinition</code>s or <code>null</code> if unsupported
|
||||
* @return the <code>ConfigAttribute</code>s or <code>null</code> if unsupported
|
||||
*/
|
||||
Collection<List<? extends ConfigAttribute>> getConfigAttributeDefinitions();
|
||||
Collection<List<? extends ConfigAttribute>> getAllConfigAttributes();
|
||||
|
||||
/**
|
||||
* Indicates whether the <code>ObjectDefinitionSource</code> implementation is able to provide
|
||||
* <code>ConfigAttributeDefinition</code>s for the indicated secure object type.
|
||||
* <code>ConfigAttribute</code>s for the indicated secure object type.
|
||||
*
|
||||
* @param clazz the class that is being queried
|
||||
*
|
||||
|
||||
@ -73,12 +73,12 @@ public final class DelegatingMethodDefinitionSource extends AbstractMethodDefini
|
||||
}
|
||||
}
|
||||
|
||||
public Collection<List<? extends ConfigAttribute>> getConfigAttributeDefinitions() {
|
||||
public Collection<List<? extends ConfigAttribute>> getAllConfigAttributes() {
|
||||
Set set = new HashSet();
|
||||
Iterator i = methodDefinitionSources.iterator();
|
||||
while (i.hasNext()) {
|
||||
MethodDefinitionSource s = (MethodDefinitionSource) i.next();
|
||||
Collection<List<? extends ConfigAttribute>> attrs = s.getConfigAttributeDefinitions();
|
||||
Collection<List<? extends ConfigAttribute>> attrs = s.getAllConfigAttributes();
|
||||
if (attrs != null) {
|
||||
set.addAll(attrs);
|
||||
}
|
||||
|
||||
@ -25,13 +25,12 @@ import java.util.Map;
|
||||
|
||||
import org.springframework.beans.factory.BeanClassLoaderAware;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.util.ClassUtils;
|
||||
|
||||
|
||||
/**
|
||||
* Stores a {@link ConfigAttributeDefinition} for a method or class signature.
|
||||
* Stores a list of <tt>ConfigAttribute</tt>s for a method or class signature.
|
||||
*
|
||||
* <p>
|
||||
* This class is the preferred implementation of {@link MethodDefinitionSource} for XML-based
|
||||
@ -48,7 +47,7 @@ public class MapBasedMethodDefinitionSource extends AbstractFallbackMethodDefini
|
||||
//~ Instance fields ================================================================================================
|
||||
private ClassLoader beanClassLoader = ClassUtils.getDefaultClassLoader();
|
||||
|
||||
/** Map from RegisteredMethod to ConfigAttributeDefinition */
|
||||
/** Map from RegisteredMethod to ConfigAttribute list */
|
||||
protected Map<RegisteredMethod, List<? extends ConfigAttribute>> methodMap = new HashMap();
|
||||
|
||||
/** Map from RegisteredMethod to name pattern used for registration */
|
||||
@ -61,14 +60,11 @@ public class MapBasedMethodDefinitionSource extends AbstractFallbackMethodDefini
|
||||
|
||||
/**
|
||||
* Creates the MapBasedMethodDefinitionSource from a
|
||||
* @param methodMap map of method names to <tt>ConfigAttributeDefinition</tt>s.
|
||||
* @param methodMap map of method names to <tt>ConfigAttribute</tt>s.
|
||||
*/
|
||||
public MapBasedMethodDefinitionSource(Map methodMap) {
|
||||
Iterator iterator = methodMap.entrySet().iterator();
|
||||
|
||||
while (iterator.hasNext()) {
|
||||
Map.Entry entry = (Map.Entry) iterator.next();
|
||||
addSecureMethod((String)entry.getKey(), (List<ConfigAttribute>)entry.getValue());
|
||||
public MapBasedMethodDefinitionSource(Map<String, List<ConfigAttribute>> methodMap) {
|
||||
for (Map.Entry<String, List<ConfigAttribute>> entry : methodMap.entrySet()) {
|
||||
addSecureMethod(entry.getKey(), entry.getValue());
|
||||
}
|
||||
}
|
||||
|
||||
@ -213,7 +209,7 @@ public class MapBasedMethodDefinitionSource extends AbstractFallbackMethodDefini
|
||||
*
|
||||
* @return the attributes explicitly defined against this bean
|
||||
*/
|
||||
public Collection<List<? extends ConfigAttribute>> getConfigAttributeDefinitions() {
|
||||
public Collection<List<? extends ConfigAttribute>> getAllConfigAttributes() {
|
||||
return methodMap.values();
|
||||
}
|
||||
|
||||
|
||||
@ -17,27 +17,23 @@ package org.springframework.security.intercept.method;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import org.aopalliance.intercept.MethodInvocation;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
import org.springframework.security.AccessDeniedException;
|
||||
import org.springframework.security.Authentication;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
|
||||
import org.springframework.security.intercept.AbstractSecurityInterceptor;
|
||||
|
||||
import org.aopalliance.intercept.MethodInvocation;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
|
||||
/**
|
||||
* Allows users to determine whether they have "before invocation" privileges for a given method invocation.<p>Of
|
||||
* course, if an {@link org.springframework.security.AfterInvocationManager} is used to authorize the <em>result</em> of a method
|
||||
* invocation, this class cannot assist determine whether or not the <code>AfterInvocationManager</code> will enable
|
||||
* Allows users to determine whether they have "before invocation" privileges for a given method invocation.
|
||||
* <p>
|
||||
* Of course, if an {@link org.springframework.security.AfterInvocationManager} is used to authorize the
|
||||
* <em>result</em> of a method invocation, this class cannot assist determine whether or not the
|
||||
* <code>AfterInvocationManager</code> will enable
|
||||
* access. Instead this class aims to allow applications to determine whether or not the current principal would be
|
||||
* allowed to at least attempt to invoke the method, irrespective of the "after" invocation handling.</p>
|
||||
*
|
||||
@ -63,7 +59,7 @@ public class MethodInvocationPrivilegeEvaluator implements InitializingBean {
|
||||
Assert.notNull(mi, "MethodInvocation required");
|
||||
Assert.notNull(mi.getMethod(), "MethodInvocation must provide a non-null getMethod()");
|
||||
|
||||
List<? extends ConfigAttribute> attrs = securityInterceptor.obtainObjectDefinitionSource().getAttributes(mi);
|
||||
List<ConfigAttribute> attrs = securityInterceptor.obtainObjectDefinitionSource().getAttributes(mi);
|
||||
|
||||
if (attrs == null) {
|
||||
if (securityInterceptor.isRejectPublicInvocations()) {
|
||||
@ -79,7 +75,7 @@ public class MethodInvocationPrivilegeEvaluator implements InitializingBean {
|
||||
}
|
||||
|
||||
try {
|
||||
securityInterceptor.getAccessDecisionManager().decide(authentication, mi, new ConfigAttributeDefinition(attrs));
|
||||
securityInterceptor.getAccessDecisionManager().decide(authentication, mi, attrs);
|
||||
} catch (AccessDeniedException unauthorized) {
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug(mi.toString() + " denied for " + authentication.toString(), unauthorized);
|
||||
|
||||
@ -16,7 +16,6 @@ import org.aspectj.weaver.tools.PointcutPrimitive;
|
||||
import org.springframework.beans.BeansException;
|
||||
import org.springframework.beans.factory.config.BeanPostProcessor;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
import org.springframework.security.intercept.method.aopalliance.MethodDefinitionSourceAdvisor;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.util.StringUtils;
|
||||
@ -145,7 +144,7 @@ public final class ProtectPointcutPostProcessor implements BeanPostProcessor {
|
||||
|
||||
private void addPointcut(String pointcutExpression, List<ConfigAttribute> definition) {
|
||||
Assert.hasText(pointcutExpression, "An AspectJ pointcut expression is required");
|
||||
Assert.notNull(definition, "ConfigAttributeDefinition required");
|
||||
Assert.notNull(definition, "A List of ConfigAttributes is required");
|
||||
pointcutExpression = replaceBooleanOperators(pointcutExpression);
|
||||
pointcutMap.put(pointcutExpression, definition);
|
||||
|
||||
|
||||
@ -15,40 +15,37 @@
|
||||
|
||||
package org.springframework.security.intercept.web;
|
||||
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
import org.springframework.security.util.UrlMatcher;
|
||||
import java.util.Arrays;
|
||||
import java.util.Collection;
|
||||
import java.util.Collections;
|
||||
import java.util.HashMap;
|
||||
import java.util.HashSet;
|
||||
import java.util.LinkedHashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.LinkedHashMap;
|
||||
import java.util.Iterator;
|
||||
import java.util.HashMap;
|
||||
import java.util.Set;
|
||||
import java.util.HashSet;
|
||||
import java.util.Arrays;
|
||||
import java.util.Collections;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.util.UrlMatcher;
|
||||
|
||||
|
||||
/**
|
||||
* Default implementation of <tt>FilterInvocationDefinitionSource</tt>.
|
||||
* <p>
|
||||
* Stores an ordered map of compiled URL paths to <tt>ConfigAttributeDefinition</tt>s and provides URL matching
|
||||
* Stores an ordered map of compiled URL paths to <tt>ConfigAttribute</tt> lists and provides URL matching
|
||||
* against the items stored in this map using the configured <tt>UrlMatcher</tt>.
|
||||
* <p>
|
||||
* The order of registering the regular expressions using the
|
||||
* {@link #addSecureUrl(String, ConfigAttributeDefinition)} is very important.
|
||||
* {@link #addSecureUrl(String, List<ConfigAttribute>)} is very important.
|
||||
* The system will identify the <b>first</b> matching regular
|
||||
* expression for a given HTTP URL. It will not proceed to evaluate later regular expressions if a match has already
|
||||
* been found. Accordingly, the most specific regular expressions should be registered first, with the most general
|
||||
* regular expressions registered last.
|
||||
* <p>
|
||||
* If URLs are registered for a particular HTTP method using
|
||||
* {@link #addSecureUrl(String, String, ConfigAttributeDefinition)}, then the method-specific matches will take
|
||||
* {@link #addSecureUrl(String, String, List<ConfigAttribute>)}, then the method-specific matches will take
|
||||
* precedence over any URLs which are registered without an HTTP method.
|
||||
*
|
||||
* @author Ben Alex
|
||||
@ -62,7 +59,7 @@ public class DefaultFilterInvocationDefinitionSource implements FilterInvocation
|
||||
protected final Log logger = LogFactory.getLog(getClass());
|
||||
|
||||
/**
|
||||
* Non method-specific map of URL patterns to <tt>ConfigAttributeDefinition</tt>s
|
||||
* Non method-specific map of URL patterns to <tt>List<ConfiAttribute></tt>s
|
||||
* TODO: Store in the httpMethod map with null key.
|
||||
*/
|
||||
private Map requestMap = new LinkedHashMap();
|
||||
@ -87,30 +84,30 @@ public class DefaultFilterInvocationDefinitionSource implements FilterInvocation
|
||||
* the type of the supplied UrlMatcher.
|
||||
*
|
||||
* @param urlMatcher typically an ant or regular expression matcher.
|
||||
* @param requestMap order-preserving map of <RequestKey, ConfigAttributeDefinition>.
|
||||
* @param requestMap order-preserving map of request definitions to attribute lists
|
||||
*/
|
||||
public DefaultFilterInvocationDefinitionSource(UrlMatcher urlMatcher,
|
||||
LinkedHashMap<RequestKey, List<? extends ConfigAttribute>> requestMap) {
|
||||
LinkedHashMap<RequestKey, List<ConfigAttribute>> requestMap) {
|
||||
this.urlMatcher = urlMatcher;
|
||||
|
||||
for (Map.Entry<RequestKey, List<? extends ConfigAttribute>> entry : requestMap.entrySet()) {
|
||||
for (Map.Entry<RequestKey, List<ConfigAttribute>> entry : requestMap.entrySet()) {
|
||||
addSecureUrl(entry.getKey().getUrl(), entry.getKey().getMethod(), entry.getValue());
|
||||
}
|
||||
}
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
void addSecureUrl(String pattern, List<? extends ConfigAttribute> attr) {
|
||||
void addSecureUrl(String pattern, List<ConfigAttribute> attr) {
|
||||
addSecureUrl(pattern, null, attr);
|
||||
}
|
||||
|
||||
/**
|
||||
* Adds a URL-ConfigAttributeDefinition pair to the request map, first allowing the <tt>UrlMatcher</tt> to
|
||||
* Adds a URL,attribute-list pair to the request map, first allowing the <tt>UrlMatcher</tt> to
|
||||
* process the pattern if required, using its <tt>compile</tt> method. The returned object will be used as the key
|
||||
* to the request map and will be passed back to the <tt>UrlMatcher</tt> when iterating through the map to find
|
||||
* a match for a particular URL.
|
||||
*/
|
||||
void addSecureUrl(String pattern, String method, List<? extends ConfigAttribute> attr) {
|
||||
void addSecureUrl(String pattern, String method, List<ConfigAttribute> attr) {
|
||||
Map mapToUse = getRequestMapForHttpMethod(method);
|
||||
|
||||
mapToUse.put(urlMatcher.compile(pattern), attr);
|
||||
@ -124,7 +121,7 @@ public class DefaultFilterInvocationDefinitionSource implements FilterInvocation
|
||||
/**
|
||||
* Return the HTTP method specific request map, creating it if it doesn't already exist.
|
||||
* @param method GET, POST etc
|
||||
* @return map of URL patterns to <tt>ConfigAttributeDefinition</tt>s for this method.
|
||||
* @return map of URL patterns to <tt>ConfigAttribute</tt>s for this method.
|
||||
*/
|
||||
private Map getRequestMapForHttpMethod(String method) {
|
||||
if (method == null) {
|
||||
@ -144,7 +141,7 @@ public class DefaultFilterInvocationDefinitionSource implements FilterInvocation
|
||||
return methodRequestmap;
|
||||
}
|
||||
|
||||
public Collection<List<? extends ConfigAttribute>> getConfigAttributeDefinitions() {
|
||||
public Collection<List<? extends ConfigAttribute>> getAllConfigAttributes() {
|
||||
return Collections.unmodifiableCollection(getRequestMap().values());
|
||||
}
|
||||
|
||||
@ -175,7 +172,7 @@ public class DefaultFilterInvocationDefinitionSource implements FilterInvocation
|
||||
* @param url the URI to retrieve configuration attributes for
|
||||
* @param method the HTTP method (GET, POST, DELETE...).
|
||||
*
|
||||
* @return the <code>ConfigAttributeDefinition</code> that applies to the specified <code>FilterInvocation</code>
|
||||
* @return the <code>ConfigAttribute</code>s that apply to the specified <code>FilterInvocation</code>
|
||||
* or null if no match is foud
|
||||
*/
|
||||
public List<ConfigAttribute> lookupAttributes(String url, String method) {
|
||||
|
||||
@ -28,8 +28,8 @@ public class FIDSToFilterChainMapConverter {
|
||||
|
||||
public FIDSToFilterChainMapConverter(DefaultFilterInvocationDefinitionSource fids, ApplicationContext appContext) {
|
||||
// TODO: Check if this is necessary. Retained from refactoring of FilterChainProxy
|
||||
Assert.notNull(fids.getConfigAttributeDefinitions(), "FilterChainProxy requires the " +
|
||||
"FilterInvocationDefinitionSource to return a non-null response to getConfigAttributeDefinitions()");
|
||||
Assert.notNull(fids.getAllConfigAttributes(), "FilterChainProxy requires the " +
|
||||
"FilterInvocationDefinitionSource to return a non-null response to getAllConfigAttributes()");
|
||||
matcher = fids.getUrlMatcher();
|
||||
Map requestMap = fids.getRequestMap();
|
||||
Iterator paths = requestMap.keySet().iterator();
|
||||
|
||||
@ -17,18 +17,13 @@ package org.springframework.security.intercept.web;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
import org.springframework.security.AccessDeniedException;
|
||||
import org.springframework.security.Authentication;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
|
||||
import org.springframework.security.intercept.AbstractSecurityInterceptor;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
|
||||
@ -56,7 +51,7 @@ public class WebInvocationPrivilegeEvaluator implements InitializingBean {
|
||||
public boolean isAllowed(FilterInvocation fi, Authentication authentication) {
|
||||
Assert.notNull(fi, "FilterInvocation required");
|
||||
|
||||
List<? extends ConfigAttribute> attrs = securityInterceptor.obtainObjectDefinitionSource().getAttributes(fi);
|
||||
List<ConfigAttribute> attrs = securityInterceptor.obtainObjectDefinitionSource().getAttributes(fi);
|
||||
|
||||
if (attrs == null) {
|
||||
if (securityInterceptor.isRejectPublicInvocations()) {
|
||||
@ -72,7 +67,7 @@ public class WebInvocationPrivilegeEvaluator implements InitializingBean {
|
||||
}
|
||||
|
||||
try {
|
||||
securityInterceptor.getAccessDecisionManager().decide(authentication, fi, new ConfigAttributeDefinition(attrs));
|
||||
securityInterceptor.getAccessDecisionManager().decide(authentication, fi, attrs);
|
||||
} catch (AccessDeniedException unauthorized) {
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug(fi.toString() + " denied for " + authentication.toString(), unauthorized);
|
||||
|
||||
@ -21,9 +21,10 @@ import org.springframework.security.GrantedAuthority;
|
||||
/**
|
||||
* An {@link org.springframework.security.Authentication} implementation that is designed for simple presentation of a
|
||||
* username and password.
|
||||
* <p>The <code>principal</code> and <code>credentials</code> should be set with an <code>Object</code> that provides
|
||||
* <p>
|
||||
* The <code>principal</code> and <code>credentials</code> should be set with an <code>Object</code> that provides
|
||||
* the respective property via its <code>Object.toString()</code> method. The simplest such <code>Object</code> to use
|
||||
* is <code>String</code>.</p>
|
||||
* is <code>String</code>.
|
||||
*
|
||||
* @author Ben Alex
|
||||
* @version $Id$
|
||||
@ -52,7 +53,7 @@ public class UsernamePasswordAuthenticationToken extends AbstractAuthenticationT
|
||||
|
||||
/**
|
||||
* This constructor should only be used by <code>AuthenticationManager</code> or <code>AuthenticationProvider</code>
|
||||
* implementations that are satisfied with producing a trusted (ie {@link #isAuthenticated()} = <code>true</code>)
|
||||
* implementations that are satisfied with producing a trusted (i.e. {@link #isAuthenticated()} = <code>true</code>)
|
||||
* authentication token.
|
||||
*
|
||||
* @param principal
|
||||
|
||||
@ -15,15 +15,17 @@
|
||||
|
||||
package org.springframework.security.runas;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import org.springframework.security.Authentication;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
import org.springframework.security.RunAsManager;
|
||||
|
||||
|
||||
/**
|
||||
* Implementation of a {@link RunAsManager} that does nothing.<p>This class should be used if you do not require
|
||||
* run-as authenticaiton replacement functionality.</p>
|
||||
* Implementation of a {@link RunAsManager} that does nothing.
|
||||
* <p>
|
||||
* This class should be used if you do not require run-as authentication replacement functionality.
|
||||
*
|
||||
* @author Ben Alex
|
||||
* @version $Id$
|
||||
@ -31,7 +33,7 @@ import org.springframework.security.RunAsManager;
|
||||
public class NullRunAsManager implements RunAsManager {
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
public Authentication buildRunAs(Authentication authentication, Object object, ConfigAttributeDefinition config) {
|
||||
public Authentication buildRunAs(Authentication authentication, Object object, List<ConfigAttribute> config) {
|
||||
return null;
|
||||
}
|
||||
|
||||
|
||||
@ -15,21 +15,17 @@
|
||||
|
||||
package org.springframework.security.runas;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Vector;
|
||||
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
import org.springframework.security.Authentication;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
import org.springframework.security.GrantedAuthority;
|
||||
import org.springframework.security.GrantedAuthorityImpl;
|
||||
import org.springframework.security.RunAsManager;
|
||||
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
import java.util.Vector;
|
||||
|
||||
|
||||
/**
|
||||
* Basic concrete implementation of a {@link RunAsManager}.<p>Is activated if any {@link
|
||||
@ -39,14 +35,15 @@ import java.util.Vector;
|
||||
* created <code>GrantedAuthorityImpl</code>s will be prefixed with a special prefix indicating that it is a role
|
||||
* (default prefix value is <code>ROLE_</code>), and then the remainder of the <code>RUN_AS_</code> keyword. For
|
||||
* example, <code>RUN_AS_FOO</code> will result in the creation of a granted authority of
|
||||
* <code>ROLE_RUN_AS_FOO</code>.</p>
|
||||
* <p>The role prefix may be overriden from the default, to match that used elsewhere, for example when using an
|
||||
* <code>ROLE_RUN_AS_FOO</code>.
|
||||
* <p>
|
||||
* The role prefix may be overriden from the default, to match that used elsewhere, for example when using an
|
||||
* existing role database with another prefix. An empty role prefix may also be specified. Note however that there are
|
||||
* potential issues with using an empty role prefix since different categories of {@link
|
||||
* org.springframework.security.ConfigAttribute} can not be properly discerned based on the prefix, with possible consequences
|
||||
* when performing voting and other actions. However, this option may be of some use when using preexisting role names
|
||||
* without a prefix, and no ability exists to prefix them with a role prefix on reading them in, such as provided for
|
||||
* example in {@link org.springframework.security.userdetails.jdbc.JdbcDaoImpl}.</p>
|
||||
* example in {@link org.springframework.security.userdetails.jdbc.JdbcDaoImpl}.
|
||||
*
|
||||
* @author Ben Alex
|
||||
* @author colin sampaleanu
|
||||
@ -64,13 +61,10 @@ public class RunAsManagerImpl implements RunAsManager, InitializingBean {
|
||||
Assert.notNull(key, "A Key is required and should match that configured for the RunAsImplAuthenticationProvider");
|
||||
}
|
||||
|
||||
public Authentication buildRunAs(Authentication authentication, Object object, ConfigAttributeDefinition config) {
|
||||
public Authentication buildRunAs(Authentication authentication, Object object, List<ConfigAttribute> config) {
|
||||
List newAuthorities = new Vector();
|
||||
Iterator iter = config.getConfigAttributes().iterator();
|
||||
|
||||
while (iter.hasNext()) {
|
||||
ConfigAttribute attribute = (ConfigAttribute) iter.next();
|
||||
|
||||
for(ConfigAttribute attribute : config) {
|
||||
if (this.supports(attribute)) {
|
||||
GrantedAuthorityImpl extraAuthority = new GrantedAuthorityImpl(getRolePrefix()
|
||||
+ attribute.getAttribute());
|
||||
@ -80,17 +74,18 @@ public class RunAsManagerImpl implements RunAsManager, InitializingBean {
|
||||
|
||||
if (newAuthorities.size() == 0) {
|
||||
return null;
|
||||
} else {
|
||||
for (int i = 0; i < authentication.getAuthorities().length; i++) {
|
||||
newAuthorities.add(authentication.getAuthorities()[i]);
|
||||
}
|
||||
|
||||
GrantedAuthority[] resultType = {new GrantedAuthorityImpl("holder")};
|
||||
GrantedAuthority[] newAuthoritiesAsArray = (GrantedAuthority[]) newAuthorities.toArray(resultType);
|
||||
|
||||
return new RunAsUserToken(this.key, authentication.getPrincipal(), authentication.getCredentials(),
|
||||
newAuthoritiesAsArray, authentication.getClass());
|
||||
}
|
||||
|
||||
|
||||
for (int i = 0; i < authentication.getAuthorities().length; i++) {
|
||||
newAuthorities.add(authentication.getAuthorities()[i]);
|
||||
}
|
||||
|
||||
GrantedAuthority[] resultType = {new GrantedAuthorityImpl("holder")};
|
||||
GrantedAuthority[] newAuthoritiesAsArray = (GrantedAuthority[]) newAuthorities.toArray(resultType);
|
||||
|
||||
return new RunAsUserToken(this.key, authentication.getPrincipal(), authentication.getCredentials(),
|
||||
newAuthoritiesAsArray, authentication.getClass());
|
||||
}
|
||||
|
||||
public String getKey() {
|
||||
|
||||
@ -16,11 +16,10 @@
|
||||
package org.springframework.security.securechannel;
|
||||
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
|
||||
import org.springframework.security.intercept.web.FilterInvocation;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.List;
|
||||
|
||||
import javax.servlet.ServletException;
|
||||
|
||||
@ -36,16 +35,10 @@ public interface ChannelDecisionManager {
|
||||
|
||||
/**
|
||||
* Decided whether the presented {@link FilterInvocation} provides the appropriate level of channel
|
||||
* security based on the requested {@link ConfigAttributeDefinition}.
|
||||
* security based on the requested list of <tt>ConfigAttribute</tt>s.
|
||||
*
|
||||
* @param invocation DOCUMENT ME!
|
||||
* @param config DOCUMENT ME!
|
||||
*
|
||||
* @throws IOException DOCUMENT ME!
|
||||
* @throws ServletException DOCUMENT ME!
|
||||
*/
|
||||
void decide(FilterInvocation invocation, ConfigAttributeDefinition config)
|
||||
throws IOException, ServletException;
|
||||
void decide(FilterInvocation invocation, List<ConfigAttribute> config) throws IOException, ServletException;
|
||||
|
||||
/**
|
||||
* Indicates whether this <code>ChannelDecisionManager</code> is able to process the passed
|
||||
|
||||
@ -16,7 +16,6 @@
|
||||
package org.springframework.security.securechannel;
|
||||
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
|
||||
import org.springframework.security.intercept.web.FilterInvocation;
|
||||
|
||||
@ -65,15 +64,15 @@ public class ChannelDecisionManagerImpl implements ChannelDecisionManager, Initi
|
||||
Assert.notEmpty(listToCheck, "A list of ChannelProcessors is required");
|
||||
}
|
||||
|
||||
public void decide(FilterInvocation invocation, ConfigAttributeDefinition config)
|
||||
public void decide(FilterInvocation invocation, List<ConfigAttribute> config)
|
||||
throws IOException, ServletException {
|
||||
|
||||
Iterator attrs = config.getConfigAttributes().iterator();
|
||||
Iterator attrs = config.iterator();
|
||||
|
||||
while (attrs.hasNext()) {
|
||||
ConfigAttribute attribute = (ConfigAttribute) attrs.next();
|
||||
if (ANY_CHANNEL.equals(attribute.getAttribute())) {
|
||||
return;
|
||||
ConfigAttribute attribute = (ConfigAttribute) attrs.next();
|
||||
if (ANY_CHANNEL.equals(attribute.getAttribute())) {
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -15,25 +15,24 @@
|
||||
|
||||
package org.springframework.security.securechannel;
|
||||
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
import org.springframework.security.intercept.web.FilterInvocation;
|
||||
import org.springframework.security.intercept.web.FilterInvocationDefinitionSource;
|
||||
import org.springframework.security.ui.SpringSecurityFilter;
|
||||
import org.springframework.security.ui.FilterChainOrder;
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
import org.springframework.util.Assert;
|
||||
import java.io.IOException;
|
||||
import java.util.Collection;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
|
||||
import javax.servlet.FilterChain;
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import java.io.IOException;
|
||||
import java.util.HashSet;
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
import java.util.Collection;
|
||||
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.intercept.web.FilterInvocation;
|
||||
import org.springframework.security.intercept.web.FilterInvocationDefinitionSource;
|
||||
import org.springframework.security.ui.FilterChainOrder;
|
||||
import org.springframework.security.ui.SpringSecurityFilter;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
|
||||
/**
|
||||
@ -60,12 +59,12 @@ public class ChannelProcessingFilter extends SpringSecurityFilter implements Ini
|
||||
Assert.notNull(filterInvocationDefinitionSource, "filterInvocationDefinitionSource must be specified");
|
||||
Assert.notNull(channelDecisionManager, "channelDecisionManager must be specified");
|
||||
|
||||
Collection<List<? extends ConfigAttribute>> attrDefs = this.filterInvocationDefinitionSource.getConfigAttributeDefinitions();
|
||||
Collection<List<? extends ConfigAttribute>> attrDefs = this.filterInvocationDefinitionSource.getAllConfigAttributes();
|
||||
|
||||
if (attrDefs == null) {
|
||||
if (logger.isWarnEnabled()) {
|
||||
logger.warn("Could not validate configuration attributes as the FilterInvocationDefinitionSource did "
|
||||
+ "not return a ConfigAttributeDefinition Iterator");
|
||||
+ "not return any attributes");
|
||||
}
|
||||
|
||||
return;
|
||||
@ -91,17 +90,17 @@ public class ChannelProcessingFilter extends SpringSecurityFilter implements Ini
|
||||
}
|
||||
|
||||
public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
|
||||
throws IOException, ServletException {
|
||||
throws IOException, ServletException {
|
||||
|
||||
FilterInvocation fi = new FilterInvocation(request, response, chain);
|
||||
List<? extends ConfigAttribute> attr = this.filterInvocationDefinitionSource.getAttributes(fi);
|
||||
List<ConfigAttribute> attr = this.filterInvocationDefinitionSource.getAttributes(fi);
|
||||
|
||||
if (attr != null) {
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Request: " + fi.toString() + "; ConfigAttributes: " + attr);
|
||||
}
|
||||
|
||||
channelDecisionManager.decide(fi, new ConfigAttributeDefinition(attr));
|
||||
channelDecisionManager.decide(fi, attr);
|
||||
|
||||
if (fi.getResponse().isCommitted()) {
|
||||
return;
|
||||
|
||||
@ -16,11 +16,10 @@
|
||||
package org.springframework.security.securechannel;
|
||||
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
|
||||
import org.springframework.security.intercept.web.FilterInvocation;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.List;
|
||||
|
||||
import javax.servlet.ServletException;
|
||||
|
||||
@ -47,15 +46,10 @@ public interface ChannelProcessor {
|
||||
|
||||
/**
|
||||
* Decided whether the presented {@link FilterInvocation} provides the appropriate level of channel
|
||||
* security based on the requested {@link ConfigAttributeDefinition}.
|
||||
* security based on the requested list of <tt>ConfigAttribute</tt>s.
|
||||
*
|
||||
* @param invocation DOCUMENT ME!
|
||||
* @param config DOCUMENT ME!
|
||||
*
|
||||
* @throws IOException DOCUMENT ME!
|
||||
* @throws ServletException DOCUMENT ME!
|
||||
*/
|
||||
void decide(FilterInvocation invocation, ConfigAttributeDefinition config)
|
||||
void decide(FilterInvocation invocation, List<ConfigAttribute> config)
|
||||
throws IOException, ServletException;
|
||||
|
||||
/**
|
||||
|
||||
@ -16,7 +16,6 @@
|
||||
package org.springframework.security.securechannel;
|
||||
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
|
||||
import org.springframework.security.intercept.web.FilterInvocation;
|
||||
|
||||
@ -27,6 +26,7 @@ import org.springframework.util.Assert;
|
||||
import java.io.IOException;
|
||||
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
|
||||
import javax.servlet.ServletException;
|
||||
|
||||
@ -55,13 +55,13 @@ public class InsecureChannelProcessor implements InitializingBean, ChannelProces
|
||||
Assert.notNull(entryPoint, "entryPoint required");
|
||||
}
|
||||
|
||||
public void decide(FilterInvocation invocation, ConfigAttributeDefinition config)
|
||||
public void decide(FilterInvocation invocation, List<ConfigAttribute> config)
|
||||
throws IOException, ServletException {
|
||||
if ((invocation == null) || (config == null)) {
|
||||
throw new IllegalArgumentException("Nulls cannot be provided");
|
||||
}
|
||||
|
||||
Iterator iter = config.getConfigAttributes().iterator();
|
||||
Iterator iter = config.iterator();
|
||||
|
||||
while (iter.hasNext()) {
|
||||
ConfigAttribute attribute = (ConfigAttribute) iter.next();
|
||||
|
||||
@ -16,7 +16,6 @@
|
||||
package org.springframework.security.securechannel;
|
||||
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
|
||||
import org.springframework.security.intercept.web.FilterInvocation;
|
||||
|
||||
@ -27,6 +26,7 @@ import org.springframework.util.Assert;
|
||||
import java.io.IOException;
|
||||
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
|
||||
import javax.servlet.ServletException;
|
||||
|
||||
@ -55,11 +55,11 @@ public class SecureChannelProcessor implements InitializingBean, ChannelProcesso
|
||||
Assert.notNull(entryPoint, "entryPoint required");
|
||||
}
|
||||
|
||||
public void decide(FilterInvocation invocation, ConfigAttributeDefinition config)
|
||||
public void decide(FilterInvocation invocation, List<ConfigAttribute> config)
|
||||
throws IOException, ServletException {
|
||||
Assert.isTrue((invocation != null) && (config != null), "Nulls cannot be provided");
|
||||
|
||||
Iterator iter = config.getConfigAttributes().iterator();
|
||||
Iterator iter = config.iterator();
|
||||
|
||||
while (iter.hasNext()) {
|
||||
ConfigAttribute attribute = (ConfigAttribute) iter.next();
|
||||
|
||||
@ -60,7 +60,7 @@ public abstract class AbstractAccessDecisionManager implements AccessDecisionMan
|
||||
}
|
||||
}
|
||||
|
||||
public List getDecisionVoters() {
|
||||
public List<AccessDecisionVoter> getDecisionVoters() {
|
||||
return this.decisionVoters;
|
||||
}
|
||||
|
||||
|
||||
@ -15,9 +15,10 @@
|
||||
|
||||
package org.springframework.security.vote;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import org.springframework.security.Authentication;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
|
||||
|
||||
/**
|
||||
@ -83,9 +84,9 @@ public interface AccessDecisionVoter {
|
||||
*
|
||||
* @param authentication the caller invoking the method
|
||||
* @param object the secured object
|
||||
* @param config the configuration attributes associated with the method being invoked
|
||||
* @param attributes the configuration attributes associated with the method being invoked
|
||||
*
|
||||
* @return either {@link #ACCESS_GRANTED}, {@link #ACCESS_ABSTAIN} or {@link #ACCESS_DENIED}
|
||||
*/
|
||||
int vote(Authentication authentication, Object object, ConfigAttributeDefinition config);
|
||||
int vote(Authentication authentication, Object object, List<ConfigAttribute> attributes);
|
||||
}
|
||||
|
||||
@ -17,9 +17,10 @@ package org.springframework.security.vote;
|
||||
|
||||
import org.springframework.security.AccessDeniedException;
|
||||
import org.springframework.security.Authentication;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
|
||||
|
||||
/**
|
||||
@ -37,18 +38,18 @@ public class AffirmativeBased extends AbstractAccessDecisionManager {
|
||||
*
|
||||
* @param authentication the caller invoking the method
|
||||
* @param object the secured object
|
||||
* @param config the configuration attributes associated with the method being invoked
|
||||
* @param configAttributes the configuration attributes associated with the method being invoked
|
||||
*
|
||||
* @throws AccessDeniedException if access is denied
|
||||
*/
|
||||
public void decide(Authentication authentication, Object object, ConfigAttributeDefinition config)
|
||||
throws AccessDeniedException {
|
||||
public void decide(Authentication authentication, Object object, List<ConfigAttribute> configAttributes)
|
||||
throws AccessDeniedException {
|
||||
Iterator iter = this.getDecisionVoters().iterator();
|
||||
int deny = 0;
|
||||
|
||||
while (iter.hasNext()) {
|
||||
AccessDecisionVoter voter = (AccessDecisionVoter) iter.next();
|
||||
int result = voter.vote(authentication, object, config);
|
||||
int result = voter.vote(authentication, object, configAttributes);
|
||||
|
||||
switch (result) {
|
||||
case AccessDecisionVoter.ACCESS_GRANTED:
|
||||
|
||||
@ -19,24 +19,26 @@ import org.springframework.security.Authentication;
|
||||
import org.springframework.security.AuthenticationTrustResolver;
|
||||
import org.springframework.security.AuthenticationTrustResolverImpl;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
|
||||
|
||||
/**
|
||||
* <p>Votes if a {@link ConfigAttribute#getAttribute()} of <code>IS_AUTHENTICATED_FULLY</code> or
|
||||
* Votes if a {@link ConfigAttribute#getAttribute()} of <code>IS_AUTHENTICATED_FULLY</code> or
|
||||
* <code>IS_AUTHENTICATED_REMEMBERED</code> or <code>IS_AUTHENTICATED_ANONYMOUSLY</code> is present. This list is in
|
||||
* order of most strict checking to least strict checking.</p>
|
||||
* <p>The current <code>Authentication</code> will be inspected to determine if the principal has a particular
|
||||
* level of authentication. The "FULLY" authenticated option means the user is authenticated fully (ie {@link
|
||||
* order of most strict checking to least strict checking.
|
||||
* <p>
|
||||
* The current <code>Authentication</code> will be inspected to determine if the principal has a particular
|
||||
* level of authentication. The "FULLY" authenticated option means the user is authenticated fully (i.e. {@link
|
||||
* org.springframework.security.AuthenticationTrustResolver#isAnonymous(Authentication)} is false and {@link
|
||||
* org.springframework.security.AuthenticationTrustResolver#isRememberMe(Authentication)} is false. The "REMEMBERED" will grant
|
||||
* org.springframework.security.AuthenticationTrustResolver#isRememberMe(Authentication)} is false). The "REMEMBERED" will grant
|
||||
* access if the principal was either authenticated via remember-me OR is fully authenticated. The "ANONYMOUSLY" will
|
||||
* grant access if the principal was authenticated via remember-me, OR anonymously, OR via full authentication.</p>
|
||||
* <p>All comparisons and prefixes are case sensitive.</p>
|
||||
* grant access if the principal was authenticated via remember-me, OR anonymously, OR via full authentication.
|
||||
* <p>
|
||||
* All comparisons and prefixes are case sensitive.
|
||||
*
|
||||
* @author Ben Alex
|
||||
* @version $Id$
|
||||
@ -54,8 +56,8 @@ public class AuthenticatedVoter implements AccessDecisionVoter {
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
private boolean isFullyAuthenticated(Authentication authentication) {
|
||||
return (!authenticationTrustResolver.isAnonymous(authentication)
|
||||
&& !authenticationTrustResolver.isRememberMe(authentication));
|
||||
return (!authenticationTrustResolver.isAnonymous(authentication) &&
|
||||
!authenticationTrustResolver.isRememberMe(authentication));
|
||||
}
|
||||
|
||||
public void setAuthenticationTrustResolver(AuthenticationTrustResolver authenticationTrustResolver) {
|
||||
@ -85,9 +87,9 @@ public class AuthenticatedVoter implements AccessDecisionVoter {
|
||||
return true;
|
||||
}
|
||||
|
||||
public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config) {
|
||||
public int vote(Authentication authentication, Object object, List<ConfigAttribute> attributes) {
|
||||
int result = ACCESS_ABSTAIN;
|
||||
Iterator iter = config.getConfigAttributes().iterator();
|
||||
Iterator iter = attributes.iterator();
|
||||
|
||||
while (iter.hasNext()) {
|
||||
ConfigAttribute attribute = (ConfigAttribute) iter.next();
|
||||
|
||||
@ -18,7 +18,6 @@ package org.springframework.security.vote;
|
||||
import org.springframework.security.Authentication;
|
||||
import org.springframework.security.AuthorizationServiceException;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
|
||||
import org.springframework.security.acl.AclEntry;
|
||||
import org.springframework.security.acl.AclManager;
|
||||
@ -36,6 +35,7 @@ import java.lang.reflect.InvocationTargetException;
|
||||
import java.lang.reflect.Method;
|
||||
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
|
||||
|
||||
/**
|
||||
@ -163,8 +163,8 @@ public class BasicAclEntryVoter extends AbstractAclVoter implements Initializing
|
||||
}
|
||||
}
|
||||
|
||||
public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config) {
|
||||
Iterator iter = config.getConfigAttributes().iterator();
|
||||
public int vote(Authentication authentication, Object object, List<ConfigAttribute> attributes) {
|
||||
Iterator iter = attributes.iterator();
|
||||
|
||||
while (iter.hasNext()) {
|
||||
ConfigAttribute attr = (ConfigAttribute) iter.next();
|
||||
|
||||
@ -17,9 +17,10 @@ package org.springframework.security.vote;
|
||||
|
||||
import org.springframework.security.AccessDeniedException;
|
||||
import org.springframework.security.Authentication;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
|
||||
|
||||
/**
|
||||
@ -43,11 +44,11 @@ public class ConsensusBased extends AbstractAccessDecisionManager {
|
||||
*
|
||||
* @param authentication the caller invoking the method
|
||||
* @param object the secured object
|
||||
* @param config the configuration attributes associated with the method being invoked
|
||||
* @param configAttributes the configuration attributes associated with the method being invoked
|
||||
*
|
||||
* @throws AccessDeniedException if access is denied
|
||||
*/
|
||||
public void decide(Authentication authentication, Object object, ConfigAttributeDefinition config)
|
||||
public void decide(Authentication authentication, Object object, List<ConfigAttribute> configAttributes)
|
||||
throws AccessDeniedException {
|
||||
Iterator iter = this.getDecisionVoters().iterator();
|
||||
int grant = 0;
|
||||
@ -56,7 +57,7 @@ public class ConsensusBased extends AbstractAccessDecisionManager {
|
||||
|
||||
while (iter.hasNext()) {
|
||||
AccessDecisionVoter voter = (AccessDecisionVoter) iter.next();
|
||||
int result = voter.vote(authentication, object, config);
|
||||
int result = voter.vote(authentication, object, configAttributes);
|
||||
|
||||
switch (result) {
|
||||
case AccessDecisionVoter.ACCESS_GRANTED:
|
||||
|
||||
@ -16,7 +16,6 @@ package org.springframework.security.vote;
|
||||
|
||||
import org.springframework.security.Authentication;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
|
||||
import org.aopalliance.intercept.MethodInvocation;
|
||||
|
||||
@ -170,20 +169,16 @@ public class LabelBasedAclVoter extends AbstractAclVoter {
|
||||
* Vote on whether or not the user has all the labels necessary to match the method argument's labeled
|
||||
* data.
|
||||
*
|
||||
* @param authentication DOCUMENT ME!
|
||||
* @param object DOCUMENT ME!
|
||||
* @param config DOCUMENT ME!
|
||||
*
|
||||
* @return ACCESS_ABSTAIN, ACCESS_GRANTED, or ACCESS_DENIED.
|
||||
*/
|
||||
public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config) {
|
||||
public int vote(Authentication authentication, Object object, List<ConfigAttribute> attributes) {
|
||||
int result = ACCESS_ABSTAIN;
|
||||
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("==========================================================");
|
||||
}
|
||||
|
||||
if (this.supports((ConfigAttribute) config.getConfigAttributes().iterator().next())) {
|
||||
if (this.supports((ConfigAttribute) attributes.iterator().next())) {
|
||||
result = ACCESS_DENIED;
|
||||
|
||||
/* Parse out the user's labels by examining the security context, and checking
|
||||
|
||||
@ -16,10 +16,10 @@
|
||||
package org.springframework.security.vote;
|
||||
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
|
||||
import org.springframework.security.Authentication;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
import org.springframework.security.GrantedAuthority;
|
||||
|
||||
/**
|
||||
@ -92,9 +92,9 @@ public class RoleVoter implements AccessDecisionVoter {
|
||||
return true;
|
||||
}
|
||||
|
||||
public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config) {
|
||||
public int vote(Authentication authentication, Object object, List<ConfigAttribute> attributes) {
|
||||
int result = ACCESS_ABSTAIN;
|
||||
Iterator iter = config.getConfigAttributes().iterator();
|
||||
Iterator iter = attributes.iterator();
|
||||
GrantedAuthority[] authorities = extractAuthorities(authentication);
|
||||
|
||||
while (iter.hasNext()) {
|
||||
@ -116,6 +116,6 @@ public class RoleVoter implements AccessDecisionVoter {
|
||||
}
|
||||
|
||||
GrantedAuthority[] extractAuthorities(Authentication authentication) {
|
||||
return authentication.getAuthorities();
|
||||
return authentication.getAuthorities();
|
||||
}
|
||||
}
|
||||
|
||||
@ -15,17 +15,17 @@
|
||||
|
||||
package org.springframework.security.vote;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
import org.springframework.security.AccessDeniedException;
|
||||
import org.springframework.security.Authentication;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
|
||||
import java.util.Iterator;
|
||||
|
||||
|
||||
/**
|
||||
* Simple concrete implementation of {@link org.springframework.security.AccessDecisionManager} that requires all voters to
|
||||
* abstain or grant access.
|
||||
* Simple concrete implementation of {@link org.springframework.security.AccessDecisionManager} that requires all
|
||||
* voters to abstain or grant access.
|
||||
*/
|
||||
public class UnanimousBased extends AbstractAccessDecisionManager {
|
||||
//~ Methods ========================================================================================================
|
||||
@ -34,35 +34,33 @@ public class UnanimousBased extends AbstractAccessDecisionManager {
|
||||
* This concrete implementation polls all configured {@link AccessDecisionVoter}s for each {@link
|
||||
* ConfigAttribute} and grants access if <b>only</b> grant votes were received.
|
||||
* <p>
|
||||
* Other voting implementations usually pass the entire list of {@link ConfigAttributeDefinition}s to the
|
||||
* Other voting implementations usually pass the entire list of <tt>ConfigAttribute</tt>s to the
|
||||
* <code>AccessDecisionVoter</code>. This implementation differs in that each <code>AccessDecisionVoter</code>
|
||||
* knows only about a single <code>ConfigAttribute</code> at a time.</p>
|
||||
* <p>If every <code>AccessDecisionVoter</code> abstained from voting, the decision will be based on the
|
||||
* {@link #isAllowIfAllAbstainDecisions()} property (defaults to false).</p>
|
||||
* knows only about a single <code>ConfigAttribute</code> at a time.
|
||||
* <p>
|
||||
* If every <code>AccessDecisionVoter</code> abstained from voting, the decision will be based on the
|
||||
* {@link #isAllowIfAllAbstainDecisions()} property (defaults to false).
|
||||
*
|
||||
* @param authentication the caller invoking the method
|
||||
* @param object the secured object
|
||||
* @param config the configuration attributes associated with the method being invoked
|
||||
* @param attributes the configuration attributes associated with the method being invoked
|
||||
*
|
||||
* @throws AccessDeniedException if access is denied
|
||||
*/
|
||||
public void decide(Authentication authentication, Object object, ConfigAttributeDefinition config)
|
||||
public void decide(Authentication authentication, Object object, List<ConfigAttribute> attributes)
|
||||
throws AccessDeniedException {
|
||||
|
||||
int grant = 0;
|
||||
int abstain = 0;
|
||||
|
||||
Iterator configIter = config.getConfigAttributes().iterator();
|
||||
List<ConfigAttribute> singleAttributeList = new ArrayList<ConfigAttribute>(1);
|
||||
singleAttributeList.add(null);
|
||||
|
||||
while (configIter.hasNext()) {
|
||||
ConfigAttributeDefinition singleAttrDef =
|
||||
new ConfigAttributeDefinition((ConfigAttribute) configIter.next());
|
||||
for (ConfigAttribute attribute : attributes) {
|
||||
singleAttributeList.set(0, attribute);
|
||||
|
||||
Iterator voters = this.getDecisionVoters().iterator();
|
||||
|
||||
while (voters.hasNext()) {
|
||||
AccessDecisionVoter voter = (AccessDecisionVoter) voters.next();
|
||||
int result = voter.vote(authentication, object, singleAttrDef);
|
||||
for(AccessDecisionVoter voter : getDecisionVoters()) {
|
||||
int result = voter.vote(authentication, object, singleAttributeList);
|
||||
|
||||
switch (result) {
|
||||
case AccessDecisionVoter.ACCESS_GRANTED:
|
||||
|
||||
@ -16,6 +16,7 @@
|
||||
package org.springframework.security;
|
||||
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
|
||||
|
||||
/**
|
||||
@ -28,13 +29,10 @@ import java.util.Iterator;
|
||||
public class MockAccessDecisionManager implements AccessDecisionManager {
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
public void decide(Authentication authentication, Object object, ConfigAttributeDefinition config)
|
||||
throws AccessDeniedException {
|
||||
Iterator iter = config.getConfigAttributes().iterator();
|
||||
|
||||
while (iter.hasNext()) {
|
||||
ConfigAttribute attr = (ConfigAttribute) iter.next();
|
||||
public void decide(Authentication authentication, Object object, List<ConfigAttribute> configAttributes)
|
||||
throws AccessDeniedException {
|
||||
|
||||
for(ConfigAttribute attr : configAttributes) {
|
||||
if (this.supports(attr)) {
|
||||
for (int i = 0; i < authentication.getAuthorities().length; i++) {
|
||||
if (attr.getAttribute().equals(authentication.getAuthorities()[i].getAuthority())) {
|
||||
|
||||
@ -16,6 +16,7 @@
|
||||
package org.springframework.security;
|
||||
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
|
||||
|
||||
/**
|
||||
@ -27,9 +28,9 @@ import java.util.Iterator;
|
||||
public class MockAfterInvocationManager implements AfterInvocationManager {
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
|
||||
public Object decide(Authentication authentication, Object object, List<ConfigAttribute> config,
|
||||
Object returnedObject) throws AccessDeniedException {
|
||||
Iterator iter = config.getConfigAttributes().iterator();
|
||||
Iterator iter = config.iterator();
|
||||
|
||||
while (iter.hasNext()) {
|
||||
ConfigAttribute attr = (ConfigAttribute) iter.next();
|
||||
|
||||
@ -16,6 +16,7 @@
|
||||
package org.springframework.security;
|
||||
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
|
||||
|
||||
/**
|
||||
@ -28,8 +29,8 @@ import java.util.Iterator;
|
||||
public class MockRunAsManager implements RunAsManager {
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
public Authentication buildRunAs(Authentication authentication, Object object, ConfigAttributeDefinition config) {
|
||||
Iterator iter = config.getConfigAttributes().iterator();
|
||||
public Authentication buildRunAs(Authentication authentication, Object object, List<ConfigAttribute> config) {
|
||||
Iterator iter = config.iterator();
|
||||
|
||||
while (iter.hasNext()) {
|
||||
ConfigAttribute attr = (ConfigAttribute) iter.next();
|
||||
|
||||
@ -15,23 +15,19 @@
|
||||
|
||||
package org.springframework.security.afterinvocation;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Vector;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import org.aopalliance.intercept.MethodInvocation;
|
||||
import org.springframework.security.AccessDeniedException;
|
||||
import org.springframework.security.Authentication;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
import org.springframework.security.SecurityConfig;
|
||||
|
||||
import org.springframework.security.intercept.web.FilterInvocation;
|
||||
|
||||
import org.springframework.security.util.SimpleMethodInvocation;
|
||||
|
||||
import org.aopalliance.intercept.MethodInvocation;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Vector;
|
||||
|
||||
|
||||
/**
|
||||
* Tests {@link AfterInvocationProviderManager}.
|
||||
@ -62,11 +58,11 @@ public class AfterInvocationProviderManagerTests extends TestCase {
|
||||
assertEquals(list, manager.getProviders());
|
||||
manager.afterPropertiesSet();
|
||||
|
||||
ConfigAttributeDefinition attr1 = new ConfigAttributeDefinition(new String[] {"GIVE_ME_SWAP1"});
|
||||
ConfigAttributeDefinition attr2 = new ConfigAttributeDefinition(new String[] {"GIVE_ME_SWAP2"});
|
||||
ConfigAttributeDefinition attr3 = new ConfigAttributeDefinition(new String[] {"GIVE_ME_SWAP3"});
|
||||
ConfigAttributeDefinition attr2and3 = new ConfigAttributeDefinition(new String[] {"GIVE_ME_SWAP2","GIVE_ME_SWAP3"});
|
||||
ConfigAttributeDefinition attr4 = new ConfigAttributeDefinition(new String[] {"NEVER_CAUSES_SWAP"});
|
||||
List<ConfigAttribute> attr1 = SecurityConfig.createList(new String[] {"GIVE_ME_SWAP1"});
|
||||
List<ConfigAttribute> attr2 = SecurityConfig.createList(new String[] {"GIVE_ME_SWAP2"});
|
||||
List<ConfigAttribute> attr3 = SecurityConfig.createList(new String[] {"GIVE_ME_SWAP3"});
|
||||
List<ConfigAttribute> attr2and3 = SecurityConfig.createList(new String[] {"GIVE_ME_SWAP2","GIVE_ME_SWAP3"});
|
||||
List<ConfigAttribute> attr4 = SecurityConfig.createList(new String[] {"NEVER_CAUSES_SWAP"});
|
||||
|
||||
assertEquals("swap1", manager.decide(null, new SimpleMethodInvocation(), attr1, "content-before-swapping"));
|
||||
|
||||
@ -162,7 +158,7 @@ public class AfterInvocationProviderManagerTests extends TestCase {
|
||||
this.configAttribute = configAttribute;
|
||||
}
|
||||
|
||||
public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
|
||||
public Object decide(Authentication authentication, Object object, List<ConfigAttribute> config,
|
||||
Object returnedObject) throws AccessDeniedException {
|
||||
if (config.contains(configAttribute)) {
|
||||
return forceReturnObject;
|
||||
|
||||
@ -15,23 +15,22 @@
|
||||
|
||||
package org.springframework.security.afterinvocation;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Vector;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import org.springframework.security.AuthorizationServiceException;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.MockAclManager;
|
||||
import org.springframework.security.SecurityConfig;
|
||||
import org.springframework.security.acl.AclEntry;
|
||||
import org.springframework.security.acl.AclManager;
|
||||
import org.springframework.security.acl.basic.MockAclObjectIdentity;
|
||||
import org.springframework.security.acl.basic.SimpleAclEntry;
|
||||
|
||||
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
|
||||
|
||||
import org.springframework.security.util.SimpleMethodInvocation;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Vector;
|
||||
|
||||
|
||||
/**
|
||||
* Tests {@link BasicAclEntryAfterInvocationCollectionFilteringProvider}.
|
||||
@ -73,10 +72,10 @@ public class BasicAclEntryAfterInvocationCollectionFilteringProviderTests extend
|
||||
|
||||
// Create the Authentication and Config Attribs we'll be presenting
|
||||
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("scott", "NOT_USED");
|
||||
ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_COLLECTION_READ");
|
||||
|
||||
// Filter
|
||||
List filteredList = (List) provider.decide(auth, new SimpleMethodInvocation(), attr, list);
|
||||
List filteredList = (List) provider.decide(auth, new SimpleMethodInvocation(),
|
||||
SecurityConfig.createList("AFTER_ACL_COLLECTION_READ"), list);
|
||||
|
||||
assertEquals(0, filteredList.size());
|
||||
}
|
||||
@ -106,7 +105,7 @@ public class BasicAclEntryAfterInvocationCollectionFilteringProviderTests extend
|
||||
|
||||
// Create the Authentication and Config Attribs we'll be presenting
|
||||
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("scott", "NOT_USED");
|
||||
ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_COLLECTION_READ");
|
||||
List<ConfigAttribute> attr = SecurityConfig.createList("AFTER_ACL_COLLECTION_READ");
|
||||
|
||||
// Filter
|
||||
List filteredList = (List) provider.decide(auth, new SimpleMethodInvocation(), attr, list);
|
||||
@ -140,7 +139,7 @@ public class BasicAclEntryAfterInvocationCollectionFilteringProviderTests extend
|
||||
|
||||
// Create the Authentication and Config Attribs we'll be presenting
|
||||
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("rod", "NOT_USED");
|
||||
ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_COLLECTION_READ");
|
||||
List<ConfigAttribute> attr = SecurityConfig.createList("AFTER_ACL_COLLECTION_READ");
|
||||
|
||||
// Filter
|
||||
List filteredList = (List) provider.decide(auth, new SimpleMethodInvocation(), attr, list);
|
||||
@ -175,7 +174,7 @@ public class BasicAclEntryAfterInvocationCollectionFilteringProviderTests extend
|
||||
|
||||
// Create the Authentication and Config Attribs we'll be presenting
|
||||
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("rod", "NOT_USED");
|
||||
ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_COLLECTION_READ");
|
||||
List<ConfigAttribute> attr = SecurityConfig.createList("AFTER_ACL_COLLECTION_READ");
|
||||
|
||||
// Filter
|
||||
String[] filteredList = (String[]) provider.decide(auth, new SimpleMethodInvocation(), attr, list);
|
||||
@ -201,7 +200,7 @@ public class BasicAclEntryAfterInvocationCollectionFilteringProviderTests extend
|
||||
|
||||
// Create the Authentication and Config Attribs we'll be presenting
|
||||
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("rod", "NOT_USED");
|
||||
ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_COLLECTION_READ");
|
||||
List<ConfigAttribute> attr = SecurityConfig.createList("AFTER_ACL_COLLECTION_READ");
|
||||
|
||||
// Filter
|
||||
try {
|
||||
@ -229,7 +228,7 @@ public class BasicAclEntryAfterInvocationCollectionFilteringProviderTests extend
|
||||
|
||||
// Create the Authentication and Config Attribs we'll be presenting
|
||||
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("rod", "NOT_USED");
|
||||
ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_COLLECTION_READ");
|
||||
List<ConfigAttribute> attr = SecurityConfig.createList("AFTER_ACL_COLLECTION_READ");
|
||||
|
||||
// Filter
|
||||
List filteredList = (List) provider.decide(auth, new SimpleMethodInvocation(), attr, null);
|
||||
@ -262,14 +261,13 @@ public class BasicAclEntryAfterInvocationCollectionFilteringProviderTests extend
|
||||
|
||||
// Create the Authentication and Config Attribs we'll be presenting
|
||||
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("rod", "NOT_USED");
|
||||
ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_COLLECTION_READ");
|
||||
List<ConfigAttribute> attr = SecurityConfig.createList("AFTER_ACL_COLLECTION_READ");
|
||||
|
||||
// As no matching config attrib, ensure provider doesn't change list
|
||||
assertEquals(4, ((List) provider.decide(auth, new SimpleMethodInvocation(), attr, list)).size());
|
||||
|
||||
// Filter, this time with the conf attrib provider setup to answer
|
||||
attr = new ConfigAttributeDefinition("AFTER_ACL_COLLECTION_ADMIN");
|
||||
//attr.addConfigAttribute(new SecurityConfig("AFTER_ACL_COLLECTION_ADMIN"));
|
||||
attr = SecurityConfig.createList("AFTER_ACL_COLLECTION_ADMIN");
|
||||
|
||||
List filteredList = (List) provider.decide(auth, new SimpleMethodInvocation(), attr, list);
|
||||
|
||||
@ -303,7 +301,7 @@ public class BasicAclEntryAfterInvocationCollectionFilteringProviderTests extend
|
||||
|
||||
// Create the Authentication and Config Attribs we'll be presenting
|
||||
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("rod", "NOT_USED");
|
||||
ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_COLLECTION_READ");
|
||||
List<ConfigAttribute> attr = SecurityConfig.createList("AFTER_ACL_COLLECTION_READ");
|
||||
|
||||
// Filter
|
||||
List filteredList = (List) provider.decide(auth, new SimpleMethodInvocation(), attr, list);
|
||||
|
||||
@ -15,11 +15,15 @@
|
||||
|
||||
package org.springframework.security.afterinvocation;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import org.springframework.security.AccessDeniedException;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
import org.springframework.security.MockAclManager;
|
||||
import org.springframework.security.SecurityConfig;
|
||||
import org.springframework.security.acl.AclEntry;
|
||||
import org.springframework.security.acl.AclManager;
|
||||
import org.springframework.security.acl.basic.MockAclObjectIdentity;
|
||||
@ -54,7 +58,7 @@ public class BasicAclEntryAfterInvocationProviderTests extends TestCase {
|
||||
|
||||
// Create the Authentication and Config Attribs we'll be presenting
|
||||
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("scott", "NOT_USED");
|
||||
ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_READ");
|
||||
List<ConfigAttribute> attr = SecurityConfig.createList("AFTER_ACL_READ");
|
||||
|
||||
try {
|
||||
provider.decide(auth, new SimpleMethodInvocation(), attr, "belmont");
|
||||
@ -81,7 +85,7 @@ public class BasicAclEntryAfterInvocationProviderTests extends TestCase {
|
||||
|
||||
// Create the Authentication and Config Attribs we'll be presenting
|
||||
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("scott", "NOT_USED");
|
||||
ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_READ");
|
||||
List<ConfigAttribute> attr = SecurityConfig.createList("AFTER_ACL_READ");
|
||||
|
||||
try {
|
||||
provider.decide(auth, new SimpleMethodInvocation(), attr, "belmont");
|
||||
@ -109,7 +113,7 @@ public class BasicAclEntryAfterInvocationProviderTests extends TestCase {
|
||||
|
||||
// Create the Authentication and Config Attribs we'll be presenting
|
||||
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("rod", "NOT_USED");
|
||||
ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_READ");
|
||||
List<ConfigAttribute> attr = SecurityConfig.createList("AFTER_ACL_READ");
|
||||
|
||||
// Filter
|
||||
assertEquals("belmont", provider.decide(auth, new SimpleMethodInvocation(), attr, "belmont"));
|
||||
@ -132,7 +136,7 @@ public class BasicAclEntryAfterInvocationProviderTests extends TestCase {
|
||||
|
||||
// Create the Authentication and Config Attribs we'll be presenting
|
||||
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("rod", "NOT_USED");
|
||||
ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_READ");
|
||||
List<ConfigAttribute> attr = SecurityConfig.createList("AFTER_ACL_READ");
|
||||
|
||||
// Filter
|
||||
assertNull(provider.decide(auth, new SimpleMethodInvocation(), attr, null));
|
||||
@ -156,13 +160,13 @@ public class BasicAclEntryAfterInvocationProviderTests extends TestCase {
|
||||
|
||||
// Create the Authentication and Config Attribs we'll be presenting
|
||||
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("rod", "NOT_USED");
|
||||
ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_READ");
|
||||
List<ConfigAttribute> attr = SecurityConfig.createList("AFTER_ACL_READ");
|
||||
|
||||
// As no matching config attrib, ensure provider returns original obj
|
||||
assertEquals("sydney", provider.decide(auth, new SimpleMethodInvocation(), attr, "sydney"));
|
||||
|
||||
// Filter, this time with the conf attrib provider setup to answer
|
||||
attr = new ConfigAttributeDefinition("AFTER_ACL_ADMIN");
|
||||
attr = SecurityConfig.createList("AFTER_ACL_ADMIN");
|
||||
assertEquals("sydney", provider.decide(auth, new SimpleMethodInvocation(), attr, "sydney"));
|
||||
}
|
||||
|
||||
@ -184,7 +188,7 @@ public class BasicAclEntryAfterInvocationProviderTests extends TestCase {
|
||||
|
||||
// Create the Authentication and Config Attribs we'll be presenting
|
||||
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("rod", "NOT_USED");
|
||||
ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_READ");
|
||||
List<ConfigAttribute> attr = SecurityConfig.createList("AFTER_ACL_READ");
|
||||
|
||||
// Filter
|
||||
assertEquals("sydney", provider.decide(auth, new SimpleMethodInvocation(), attr, "sydney"));
|
||||
|
||||
@ -12,7 +12,6 @@ import junit.framework.Assert;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
|
||||
/**
|
||||
* @author Luke Taylor
|
||||
|
||||
@ -22,7 +22,6 @@ import junit.framework.TestCase;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
import org.springframework.security.SecurityConfig;
|
||||
import org.springframework.util.StringUtils;
|
||||
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
package org.springframework.security.config;
|
||||
|
||||
import static org.junit.Assert.*;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
@ -11,7 +11,6 @@ import org.springframework.mock.web.MockFilterChain;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
import org.springframework.security.SecurityConfig;
|
||||
import org.springframework.security.intercept.web.DefaultFilterInvocationDefinitionSource;
|
||||
import org.springframework.security.intercept.web.FilterInvocation;
|
||||
|
||||
@ -1,7 +1,12 @@
|
||||
package org.springframework.security.config;
|
||||
|
||||
import static org.junit.Assert.*;
|
||||
import static org.springframework.security.config.ConfigTestUtils.*;
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertFalse;
|
||||
import static org.junit.Assert.assertNotNull;
|
||||
import static org.junit.Assert.assertSame;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
import static org.junit.Assert.fail;
|
||||
import static org.springframework.security.config.ConfigTestUtils.AUTH_PROVIDER_XML;
|
||||
|
||||
import java.lang.reflect.Method;
|
||||
import java.util.Iterator;
|
||||
@ -10,14 +15,12 @@ import java.util.List;
|
||||
import org.junit.After;
|
||||
import org.junit.Test;
|
||||
import org.springframework.beans.factory.BeanCreationException;
|
||||
import org.springframework.beans.factory.BeanDefinitionStoreException;
|
||||
import org.springframework.beans.factory.parsing.BeanDefinitionParsingException;
|
||||
import org.springframework.context.support.AbstractXmlApplicationContext;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.mock.web.MockHttpSession;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
import org.springframework.security.MockAuthenticationEntryPoint;
|
||||
import org.springframework.security.MockFilterChain;
|
||||
import org.springframework.security.SecurityConfig;
|
||||
|
||||
@ -1,24 +1,25 @@
|
||||
package org.springframework.security.config;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import org.springframework.security.AccessDeniedException;
|
||||
import org.springframework.security.Authentication;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
import org.springframework.security.afterinvocation.AfterInvocationProvider;
|
||||
|
||||
public class MockAfterInvocationProvider implements AfterInvocationProvider {
|
||||
|
||||
public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config, Object returnedObject)
|
||||
throws AccessDeniedException {
|
||||
return returnedObject;
|
||||
}
|
||||
public Object decide(Authentication authentication, Object object, List<ConfigAttribute> config, Object returnedObject)
|
||||
throws AccessDeniedException {
|
||||
return returnedObject;
|
||||
}
|
||||
|
||||
public boolean supports(ConfigAttribute attribute) {
|
||||
return true;
|
||||
}
|
||||
public boolean supports(ConfigAttribute attribute) {
|
||||
return true;
|
||||
}
|
||||
|
||||
public boolean supports(Class clazz) {
|
||||
return true;
|
||||
}
|
||||
public boolean supports(Class clazz) {
|
||||
return true;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -15,11 +15,9 @@
|
||||
|
||||
package org.springframework.security.event.authorization;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.springframework.security.AuthenticationCredentialsNotFoundException;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
|
||||
import org.springframework.security.SecurityConfig;
|
||||
import org.springframework.security.util.SimpleMethodInvocation;
|
||||
|
||||
|
||||
@ -29,42 +27,22 @@ import org.springframework.security.util.SimpleMethodInvocation;
|
||||
* @author Ben Alex
|
||||
* @version $Id$
|
||||
*/
|
||||
public class AuthenticationCredentialsNotFoundEventTests extends TestCase {
|
||||
//~ Constructors ===================================================================================================
|
||||
|
||||
public AuthenticationCredentialsNotFoundEventTests() {
|
||||
super();
|
||||
}
|
||||
|
||||
public AuthenticationCredentialsNotFoundEventTests(String arg0) {
|
||||
super(arg0);
|
||||
}
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
public class AuthenticationCredentialsNotFoundEventTests {
|
||||
|
||||
@Test(expected=IllegalArgumentException.class)
|
||||
public void testRejectsNulls() {
|
||||
try {
|
||||
new AuthenticationCredentialsNotFoundEvent(null, new ConfigAttributeDefinition(new String[] {}),
|
||||
new AuthenticationCredentialsNotFoundEvent(null, SecurityConfig.createList("TEST"),
|
||||
new AuthenticationCredentialsNotFoundException("test"));
|
||||
fail("Should have thrown IllegalArgumentException");
|
||||
} catch (IllegalArgumentException expected) {
|
||||
assertTrue(true);
|
||||
}
|
||||
}
|
||||
|
||||
try {
|
||||
new AuthenticationCredentialsNotFoundEvent(new SimpleMethodInvocation(), null,
|
||||
@Test(expected=IllegalArgumentException.class)
|
||||
public void testRejectsNulls2() {
|
||||
new AuthenticationCredentialsNotFoundEvent(new SimpleMethodInvocation(), null,
|
||||
new AuthenticationCredentialsNotFoundException("test"));
|
||||
fail("Should have thrown IllegalArgumentException");
|
||||
} catch (IllegalArgumentException expected) {
|
||||
assertTrue(true);
|
||||
}
|
||||
}
|
||||
|
||||
try {
|
||||
new AuthenticationCredentialsNotFoundEvent(new SimpleMethodInvocation(), new ConfigAttributeDefinition(new String[] {}),
|
||||
null);
|
||||
fail("Should have thrown IllegalArgumentException");
|
||||
} catch (IllegalArgumentException expected) {
|
||||
assertTrue(true);
|
||||
}
|
||||
@Test(expected=IllegalArgumentException.class)
|
||||
public void testRejectsNulls3() {
|
||||
new AuthenticationCredentialsNotFoundEvent(new SimpleMethodInvocation(), SecurityConfig.createList("TEST"), null);
|
||||
}
|
||||
}
|
||||
|
||||
@ -15,15 +15,10 @@
|
||||
|
||||
package org.springframework.security.event.authorization;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.springframework.security.AccessDeniedException;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
|
||||
import org.springframework.security.event.authorization.AuthorizationFailureEvent;
|
||||
|
||||
import org.springframework.security.SecurityConfig;
|
||||
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
|
||||
|
||||
import org.springframework.security.util.SimpleMethodInvocation;
|
||||
|
||||
|
||||
@ -33,54 +28,29 @@ import org.springframework.security.util.SimpleMethodInvocation;
|
||||
* @author Ben Alex
|
||||
* @version $Id$
|
||||
*/
|
||||
public class AuthorizationFailureEventTests extends TestCase {
|
||||
//~ Constructors ===================================================================================================
|
||||
|
||||
public AuthorizationFailureEventTests() {
|
||||
super();
|
||||
}
|
||||
|
||||
public AuthorizationFailureEventTests(String arg0) {
|
||||
super(arg0);
|
||||
}
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
public static void main(String[] args) {
|
||||
junit.textui.TestRunner.run(AuthorizationFailureEventTests.class);
|
||||
}
|
||||
public class AuthorizationFailureEventTests {
|
||||
|
||||
@Test(expected=IllegalArgumentException.class)
|
||||
public void testRejectsNulls() {
|
||||
try {
|
||||
new AuthorizationFailureEvent(null, ConfigAttributeDefinition.NO_ATTRIBUTES,
|
||||
new UsernamePasswordAuthenticationToken("foo", "bar"), new AccessDeniedException("error"));
|
||||
fail("Should have thrown IllegalArgumentException");
|
||||
} catch (IllegalArgumentException expected) {
|
||||
assertTrue(true);
|
||||
}
|
||||
new AuthorizationFailureEvent(null, SecurityConfig.createList("TEST"),
|
||||
new UsernamePasswordAuthenticationToken("foo", "bar"), new AccessDeniedException("error"));
|
||||
}
|
||||
|
||||
try {
|
||||
new AuthorizationFailureEvent(new SimpleMethodInvocation(), null,
|
||||
new UsernamePasswordAuthenticationToken("foo", "bar"), new AccessDeniedException("error"));
|
||||
fail("Should have thrown IllegalArgumentException");
|
||||
} catch (IllegalArgumentException expected) {
|
||||
assertTrue(true);
|
||||
}
|
||||
@Test(expected=IllegalArgumentException.class)
|
||||
public void testRejectsNulls2() {
|
||||
new AuthorizationFailureEvent(new SimpleMethodInvocation(), null,
|
||||
new UsernamePasswordAuthenticationToken("foo", "bar"), new AccessDeniedException("error"));
|
||||
}
|
||||
|
||||
try {
|
||||
new AuthorizationFailureEvent(new SimpleMethodInvocation(), ConfigAttributeDefinition.NO_ATTRIBUTES, null,
|
||||
new AccessDeniedException("error"));
|
||||
fail("Should have thrown IllegalArgumentException");
|
||||
} catch (IllegalArgumentException expected) {
|
||||
assertTrue(true);
|
||||
}
|
||||
@Test(expected=IllegalArgumentException.class)
|
||||
public void testRejectsNulls3() {
|
||||
new AuthorizationFailureEvent(new SimpleMethodInvocation(), SecurityConfig.createList("TEST"), null,
|
||||
new AccessDeniedException("error"));
|
||||
}
|
||||
|
||||
try {
|
||||
new AuthorizationFailureEvent(new SimpleMethodInvocation(), ConfigAttributeDefinition.NO_ATTRIBUTES,
|
||||
new UsernamePasswordAuthenticationToken("foo", "bar"), null);
|
||||
fail("Should have thrown IllegalArgumentException");
|
||||
} catch (IllegalArgumentException expected) {
|
||||
assertTrue(true);
|
||||
}
|
||||
@Test(expected=IllegalArgumentException.class)
|
||||
public void testRejectsNulls4() {
|
||||
new AuthorizationFailureEvent(new SimpleMethodInvocation(), SecurityConfig.createList("TEST"),
|
||||
new UsernamePasswordAuthenticationToken("foo", "bar"), null);
|
||||
}
|
||||
}
|
||||
|
||||
@ -15,12 +15,9 @@
|
||||
|
||||
package org.springframework.security.event.authorization;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.springframework.security.SecurityConfig;
|
||||
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
|
||||
|
||||
import org.springframework.security.util.SimpleMethodInvocation;
|
||||
|
||||
|
||||
@ -30,41 +27,21 @@ import org.springframework.security.util.SimpleMethodInvocation;
|
||||
* @author Ben Alex
|
||||
* @version $Id$
|
||||
*/
|
||||
public class AuthorizedEventTests extends TestCase {
|
||||
//~ Constructors ===================================================================================================
|
||||
|
||||
public AuthorizedEventTests() {
|
||||
super();
|
||||
}
|
||||
|
||||
public AuthorizedEventTests(String arg0) {
|
||||
super(arg0);
|
||||
}
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
public class AuthorizedEventTests {
|
||||
|
||||
@Test(expected=IllegalArgumentException.class)
|
||||
public void testRejectsNulls() {
|
||||
try {
|
||||
new AuthorizedEvent(null, ConfigAttributeDefinition.NO_ATTRIBUTES,
|
||||
new UsernamePasswordAuthenticationToken("foo", "bar"));
|
||||
fail("Should have thrown IllegalArgumentException");
|
||||
} catch (IllegalArgumentException expected) {
|
||||
assertTrue(true);
|
||||
}
|
||||
new AuthorizedEvent(null, SecurityConfig.createList("TEST"), new UsernamePasswordAuthenticationToken("foo", "bar"));
|
||||
}
|
||||
|
||||
try {
|
||||
new AuthorizedEvent(new SimpleMethodInvocation(), null,
|
||||
new UsernamePasswordAuthenticationToken("foo", "bar"));
|
||||
fail("Should have thrown IllegalArgumentException");
|
||||
} catch (IllegalArgumentException expected) {
|
||||
assertTrue(true);
|
||||
}
|
||||
@Test(expected=IllegalArgumentException.class)
|
||||
public void testRejectsNulls2() {
|
||||
|
||||
try {
|
||||
new AuthorizedEvent(new SimpleMethodInvocation(), ConfigAttributeDefinition.NO_ATTRIBUTES, null);
|
||||
fail("Should have thrown IllegalArgumentException");
|
||||
} catch (IllegalArgumentException expected) {
|
||||
assertTrue(true);
|
||||
}
|
||||
new AuthorizedEvent(new SimpleMethodInvocation(), null, new UsernamePasswordAuthenticationToken("foo", "bar"));
|
||||
}
|
||||
|
||||
@Test(expected=IllegalArgumentException.class)
|
||||
public void testRejectsNulls3() {
|
||||
new AuthorizedEvent(new SimpleMethodInvocation(), SecurityConfig.createList("TEST"), null);
|
||||
}
|
||||
}
|
||||
|
||||
@ -10,7 +10,7 @@ import java.util.List;
|
||||
import org.aopalliance.intercept.MethodInvocation;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.annotation.ExpressionProtectedBusinessServiceImpl;
|
||||
import org.springframework.security.providers.TestingAuthenticationToken;
|
||||
import org.springframework.security.util.SimpleMethodInvocation;
|
||||
@ -40,43 +40,53 @@ public class MethodExpressionVoterTests {
|
||||
|
||||
@Test
|
||||
public void hasRoleExpressionAllowsUserWithRole() throws Exception {
|
||||
ConfigAttributeDefinition cad = new ConfigAttributeDefinition(new PreInvocationExpressionConfigAttribute(null, null, "hasRole('blah')"));
|
||||
assertEquals(AccessDecisionVoter.ACCESS_GRANTED, am.vote(joe, miStringArgs, cad));
|
||||
assertEquals(AccessDecisionVoter.ACCESS_GRANTED, am.vote(joe, miStringArgs, createAttributes(new PreInvocationExpressionConfigAttribute(null, null, "hasRole('blah')"))));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void hasRoleExpressionDeniesUserWithoutRole() throws Exception {
|
||||
ConfigAttributeDefinition cad = new ConfigAttributeDefinition(new PreInvocationExpressionConfigAttribute(null, null, "hasRole('joedoesnt')"));
|
||||
List<ConfigAttribute> cad = new ArrayList<ConfigAttribute>(1);
|
||||
cad.add(new PreInvocationExpressionConfigAttribute(null, null, "hasRole('joedoesnt')"));
|
||||
assertEquals(AccessDecisionVoter.ACCESS_DENIED, am.vote(joe, miStringArgs, cad));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void matchingArgAgainstAuthenticationNameIsSuccessful() throws Exception {
|
||||
// userName is an argument name of this method
|
||||
ConfigAttributeDefinition cad = new ConfigAttributeDefinition(new PreInvocationExpressionConfigAttribute(null, null, "(#userName == principal) and (principal == 'joe')"));
|
||||
assertEquals(AccessDecisionVoter.ACCESS_GRANTED, am.vote(joe, miStringArgs, cad));
|
||||
assertEquals(AccessDecisionVoter.ACCESS_GRANTED,
|
||||
am.vote(joe, miStringArgs, createAttributes(new PreInvocationExpressionConfigAttribute(null, null, "(#userName == principal) and (principal == 'joe')"))));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void accessIsGrantedIfNoPreAuthorizeAttributeIsUsed() throws Exception {
|
||||
ConfigAttributeDefinition cad = new ConfigAttributeDefinition(new PreInvocationExpressionConfigAttribute("(filterObject == 'jim')", "someList", null));
|
||||
assertEquals(AccessDecisionVoter.ACCESS_GRANTED, am.vote(joe, miListArg, cad));
|
||||
assertEquals(AccessDecisionVoter.ACCESS_GRANTED,
|
||||
am.vote(joe, miListArg, createAttributes(new PreInvocationExpressionConfigAttribute("(filterObject == 'jim')", "someList", null))));
|
||||
// All objects should have been removed, because the expression is always false
|
||||
assertEquals(0, listArg.size());
|
||||
}
|
||||
|
||||
@Test(expected=IllegalArgumentException.class)
|
||||
public void arraysCannotBePrefiltered() throws Exception {
|
||||
ConfigAttributeDefinition cad = new ConfigAttributeDefinition(new PreInvocationExpressionConfigAttribute("(filterObject == 'jim')", "someArray", null));
|
||||
am.vote(joe, miArrayArg, cad);
|
||||
am.vote(joe, miArrayArg,
|
||||
createAttributes(new PreInvocationExpressionConfigAttribute("(filterObject == 'jim')", "someArray", null)));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void listPreFilteringIsSuccessful() throws Exception {
|
||||
ConfigAttributeDefinition cad = new ConfigAttributeDefinition(new PreInvocationExpressionConfigAttribute("(filterObject == 'joe' or filterObject == 'sam')", "someList", null));
|
||||
am.vote(joe, miListArg, cad);
|
||||
am.vote(joe, miListArg,
|
||||
createAttributes(new PreInvocationExpressionConfigAttribute("(filterObject == 'joe' or filterObject == 'sam')", "someList", null)));
|
||||
assertEquals("joe and sam should still be in the list", 2, listArg.size());
|
||||
assertEquals("joe", listArg.get(0));
|
||||
assertEquals("sam", listArg.get(1));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void ruleDefinedInAClassMethodIsApplied() throws Exception {
|
||||
assertEquals(AccessDecisionVoter.ACCESS_GRANTED, am.vote(joe, miStringArgs,
|
||||
createAttributes(new PreInvocationExpressionConfigAttribute(null, null, "new org.springframework.security.expression.support.SecurityRules().isJoe(#userName)"))));
|
||||
}
|
||||
|
||||
private List<ConfigAttribute> createAttributes(ConfigAttribute... attributes) {
|
||||
return Arrays.asList(attributes);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -15,13 +15,17 @@
|
||||
|
||||
package org.springframework.security.intercept;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.util.SimpleMethodInvocation;
|
||||
import java.util.List;
|
||||
|
||||
import org.aopalliance.intercept.MethodInvocation;
|
||||
import org.junit.Test;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.SecurityConfig;
|
||||
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.util.SimpleMethodInvocation;
|
||||
|
||||
|
||||
/**
|
||||
@ -30,39 +34,17 @@ import org.aopalliance.intercept.MethodInvocation;
|
||||
* @author Ben Alex
|
||||
* @version $Id$
|
||||
*/
|
||||
public class InterceptorStatusTokenTests extends TestCase {
|
||||
//~ Constructors ===================================================================================================
|
||||
|
||||
public InterceptorStatusTokenTests() {
|
||||
super();
|
||||
}
|
||||
|
||||
public InterceptorStatusTokenTests(String arg0) {
|
||||
super(arg0);
|
||||
}
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
public void testNoArgConstructorDoesntExist() {
|
||||
Class clazz = InterceptorStatusToken.class;
|
||||
|
||||
try {
|
||||
clazz.getDeclaredConstructor((Class[]) null);
|
||||
fail("Should have thrown NoSuchMethodException");
|
||||
} catch (NoSuchMethodException expected) {
|
||||
assertTrue(true);
|
||||
}
|
||||
}
|
||||
public class InterceptorStatusTokenTests {
|
||||
|
||||
@Test
|
||||
public void testOperation() {
|
||||
ConfigAttributeDefinition attr = new ConfigAttributeDefinition("FOO");
|
||||
List<ConfigAttribute> attr = SecurityConfig.createList("FOO");
|
||||
MethodInvocation mi = new SimpleMethodInvocation();
|
||||
|
||||
InterceptorStatusToken token = new InterceptorStatusToken(new UsernamePasswordAuthenticationToken("rod",
|
||||
"koala"), true, attr, mi);
|
||||
|
||||
assertTrue(token.isContextHolderRefreshRequired());
|
||||
assertEquals(attr, token.getAttr());
|
||||
assertEquals(attr, token.getAttributes());
|
||||
assertEquals(mi, token.getSecureObject());
|
||||
assertEquals("rod", token.getAuthentication().getPrincipal());
|
||||
}
|
||||
|
||||
@ -15,24 +15,21 @@
|
||||
|
||||
package org.springframework.security.intercept.method;
|
||||
|
||||
import java.lang.reflect.AccessibleObject;
|
||||
import java.lang.reflect.Method;
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import org.aopalliance.intercept.MethodInvocation;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
import org.springframework.security.ITargetObject;
|
||||
import org.springframework.security.MockJoinPoint;
|
||||
import org.springframework.security.OtherTargetObject;
|
||||
import org.springframework.security.SecurityConfig;
|
||||
import org.springframework.security.TargetObject;
|
||||
|
||||
import org.aopalliance.intercept.MethodInvocation;
|
||||
|
||||
import java.lang.reflect.AccessibleObject;
|
||||
import java.lang.reflect.Method;
|
||||
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
|
||||
|
||||
/**
|
||||
* Tests {@link MethodDefinitionSourceEditor} and its associated {@link MapBasedMethodDefinitionSource}.
|
||||
@ -149,7 +146,7 @@ public class MethodDefinitionSourceEditorTests extends TestCase {
|
||||
"org.springframework.security.TargetObject.countLength=ROLE_ONE,ROLE_TWO,RUN_AS_ENTRY\r\norg.springframework.security.TargetObject.make*=ROLE_NINE,ROLE_SUPERVISOR");
|
||||
|
||||
MapBasedMethodDefinitionSource map = (MapBasedMethodDefinitionSource) editor.getValue();
|
||||
Iterator iter = map.getConfigAttributeDefinitions().iterator();
|
||||
Iterator iter = map.getAllConfigAttributes().iterator();
|
||||
int counter = 0;
|
||||
|
||||
while (iter.hasNext()) {
|
||||
|
||||
@ -15,18 +15,16 @@
|
||||
|
||||
package org.springframework.security.intercept.method;
|
||||
|
||||
import org.aopalliance.intercept.MethodInvocation;
|
||||
import org.aspectj.lang.JoinPoint;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
import org.springframework.security.SecurityConfig;
|
||||
|
||||
import java.lang.reflect.Method;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.List;
|
||||
import java.util.Vector;
|
||||
|
||||
import org.aopalliance.intercept.MethodInvocation;
|
||||
import org.aspectj.lang.JoinPoint;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.SecurityConfig;
|
||||
|
||||
|
||||
/**
|
||||
*
|
||||
@ -64,7 +62,7 @@ public class MockMethodDefinitionSource implements MethodDefinitionSource {
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
public Collection<List<? extends ConfigAttribute>> getConfigAttributeDefinitions() {
|
||||
public Collection<List<? extends ConfigAttribute>> getAllConfigAttributes() {
|
||||
if (returnACollection) {
|
||||
return list;
|
||||
} else {
|
||||
|
||||
@ -15,8 +15,14 @@
|
||||
|
||||
package org.springframework.security.intercept.method.aopalliance;
|
||||
|
||||
import java.lang.reflect.Method;
|
||||
import java.util.Collection;
|
||||
import java.util.List;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.context.support.ClassPathXmlApplicationContext;
|
||||
import org.springframework.security.AccessDecisionManager;
|
||||
import org.springframework.security.AccessDeniedException;
|
||||
import org.springframework.security.AfterInvocationManager;
|
||||
@ -24,7 +30,6 @@ import org.springframework.security.Authentication;
|
||||
import org.springframework.security.AuthenticationCredentialsNotFoundException;
|
||||
import org.springframework.security.AuthenticationException;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
import org.springframework.security.GrantedAuthority;
|
||||
import org.springframework.security.GrantedAuthorityImpl;
|
||||
import org.springframework.security.ITargetObject;
|
||||
@ -33,24 +38,12 @@ import org.springframework.security.MockAfterInvocationManager;
|
||||
import org.springframework.security.MockAuthenticationManager;
|
||||
import org.springframework.security.MockRunAsManager;
|
||||
import org.springframework.security.RunAsManager;
|
||||
|
||||
import org.springframework.security.context.SecurityContextHolder;
|
||||
|
||||
import org.springframework.security.intercept.method.MethodDefinitionSource;
|
||||
import org.springframework.security.intercept.method.MockMethodDefinitionSource;
|
||||
|
||||
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
|
||||
|
||||
import org.springframework.security.runas.RunAsManagerImpl;
|
||||
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.context.support.ClassPathXmlApplicationContext;
|
||||
|
||||
import java.lang.reflect.Method;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.List;
|
||||
|
||||
|
||||
/**
|
||||
* Tests {@link MethodSecurityInterceptor}.
|
||||
@ -409,7 +402,7 @@ public class MethodSecurityInterceptorTests extends TestCase {
|
||||
//~ Inner Classes ==================================================================================================
|
||||
|
||||
private class MockAccessDecisionManagerWhichOnlySupportsStrings implements AccessDecisionManager {
|
||||
public void decide(Authentication authentication, Object object, ConfigAttributeDefinition config)
|
||||
public void decide(Authentication authentication, Object object, List<ConfigAttribute> configAttributes)
|
||||
throws AccessDeniedException {
|
||||
throw new UnsupportedOperationException("mock method not implemented");
|
||||
}
|
||||
@ -428,7 +421,7 @@ public class MethodSecurityInterceptorTests extends TestCase {
|
||||
}
|
||||
|
||||
private class MockAfterInvocationManagerWhichOnlySupportsStrings implements AfterInvocationManager {
|
||||
public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
|
||||
public Object decide(Authentication authentication, Object object, List<ConfigAttribute> config,
|
||||
Object returnedObject) throws AccessDeniedException {
|
||||
throw new UnsupportedOperationException("mock method not implemented");
|
||||
}
|
||||
@ -447,7 +440,7 @@ public class MethodSecurityInterceptorTests extends TestCase {
|
||||
}
|
||||
|
||||
private class MockObjectDefinitionSourceWhichOnlySupportsStrings implements MethodDefinitionSource {
|
||||
public Collection<List<? extends ConfigAttribute>> getConfigAttributeDefinitions() {
|
||||
public Collection<List<? extends ConfigAttribute>> getAllConfigAttributes() {
|
||||
return null;
|
||||
}
|
||||
|
||||
@ -469,7 +462,7 @@ public class MethodSecurityInterceptorTests extends TestCase {
|
||||
}
|
||||
|
||||
private class MockRunAsManagerWhichOnlySupportsStrings implements RunAsManager {
|
||||
public Authentication buildRunAs(Authentication authentication, Object object, ConfigAttributeDefinition config) {
|
||||
public Authentication buildRunAs(Authentication authentication, Object object, List<ConfigAttribute> config) {
|
||||
throw new UnsupportedOperationException("mock method not implemented");
|
||||
}
|
||||
|
||||
|
||||
@ -1,102 +0,0 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.intercept.web;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import javax.servlet.FilterChain;
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.ServletRequest;
|
||||
import javax.servlet.ServletResponse;
|
||||
|
||||
|
||||
/**
|
||||
* Tests {@link DefaultFilterInvocationDefinitionSource}.
|
||||
*
|
||||
* @author Ben Alex
|
||||
* @version $Id$
|
||||
*/
|
||||
public class AbstractFilterInvocationDefinitionSourceTests extends TestCase {
|
||||
//~ Constructors ===================================================================================================
|
||||
|
||||
public AbstractFilterInvocationDefinitionSourceTests() {
|
||||
super();
|
||||
}
|
||||
|
||||
public AbstractFilterInvocationDefinitionSourceTests(String arg0) {
|
||||
super(arg0);
|
||||
}
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
public void testDoesNotSupportAnotherObject() {
|
||||
MockFilterInvocationDefinitionSource mfis = new MockFilterInvocationDefinitionSource(false, true);
|
||||
assertFalse(mfis.supports(String.class));
|
||||
}
|
||||
|
||||
public void testGetAttributesForANonFilterInvocation() {
|
||||
MockFilterInvocationDefinitionSource mfis = new MockFilterInvocationDefinitionSource(false, true);
|
||||
|
||||
try {
|
||||
mfis.getAttributes(new String());
|
||||
fail("Should have thrown IllegalArgumentException");
|
||||
} catch (IllegalArgumentException expected) {
|
||||
assertTrue(true);
|
||||
}
|
||||
}
|
||||
|
||||
public void testGetAttributesForANullObject() {
|
||||
MockFilterInvocationDefinitionSource mfis = new MockFilterInvocationDefinitionSource(false, true);
|
||||
|
||||
try {
|
||||
mfis.getAttributes(null);
|
||||
fail("Should have thrown IllegalArgumentException");
|
||||
} catch (IllegalArgumentException expected) {
|
||||
assertTrue(true);
|
||||
}
|
||||
}
|
||||
|
||||
public void testGetAttributesForFilterInvocationSuccess() {
|
||||
MockFilterInvocationDefinitionSource mfis = new MockFilterInvocationDefinitionSource(false, true);
|
||||
|
||||
try {
|
||||
mfis.getAttributes(new FilterInvocation(new MockHttpServletRequest(null, null),
|
||||
new MockHttpServletResponse(), new MockFilterChain()));
|
||||
fail("Should have thrown UnsupportedOperationException");
|
||||
} catch (UnsupportedOperationException expected) {
|
||||
assertTrue(true);
|
||||
}
|
||||
}
|
||||
|
||||
public void testSupportsFilterInvocation() {
|
||||
MockFilterInvocationDefinitionSource mfis = new MockFilterInvocationDefinitionSource(false, true);
|
||||
assertTrue(mfis.supports(FilterInvocation.class));
|
||||
}
|
||||
|
||||
//~ Inner Classes ==================================================================================================
|
||||
|
||||
private class MockFilterChain implements FilterChain {
|
||||
public void doFilter(ServletRequest arg0, ServletResponse arg1)
|
||||
throws IOException, ServletException {
|
||||
throw new UnsupportedOperationException("mock method not implemented");
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -16,7 +16,6 @@
|
||||
package org.springframework.security.intercept.web;
|
||||
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertNotNull;
|
||||
import static org.junit.Assert.assertNull;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
|
||||
@ -30,7 +29,6 @@ import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.MockFilterChain;
|
||||
import org.springframework.security.SecurityConfig;
|
||||
import org.springframework.security.util.AntUrlPathMatcher;
|
||||
import org.springframework.security.util.InMemoryXmlApplicationContext;
|
||||
|
||||
/**
|
||||
* Tests parts of {@link DefaultFilterInvocationDefinitionSource} not tested by {@link
|
||||
@ -136,14 +134,14 @@ public class DefaultFilterInvocationDefinitionSourceTests {
|
||||
@Test
|
||||
public void httpMethodSpecificUrlTakesPrecedence() {
|
||||
// Even though this is added before the method-specific def, the latter should match
|
||||
List<? extends ConfigAttribute> allMethodDef = def;
|
||||
map.addSecureUrl("/**", null, def);
|
||||
List<ConfigAttribute> allMethodDef = def;
|
||||
map.addSecureUrl("/**", null, allMethodDef);
|
||||
|
||||
List<? extends ConfigAttribute> postOnlyDef = SecurityConfig.createList("ROLE_TWO");
|
||||
List<ConfigAttribute> postOnlyDef = SecurityConfig.createList("ROLE_TWO");
|
||||
map.addSecureUrl("/somepage**", "POST", postOnlyDef);
|
||||
|
||||
FilterInvocation fi = createFilterInvocation("/somepage", "POST");
|
||||
List<? extends ConfigAttribute> attrs = map.getAttributes(fi);
|
||||
List<ConfigAttribute> attrs = map.getAttributes(fi);
|
||||
assertEquals(postOnlyDef, attrs);
|
||||
}
|
||||
|
||||
@ -165,38 +163,6 @@ public class DefaultFilterInvocationDefinitionSourceTests {
|
||||
assertEquals(def, response);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void xmlMapConfigurationIsSuccessful() {
|
||||
InMemoryXmlApplicationContext context = new InMemoryXmlApplicationContext(
|
||||
"<b:bean id='fids' class='org.springframework.security.intercept.web.DefaultFilterInvocationDefinitionSource'>" +
|
||||
" <b:constructor-arg>" +
|
||||
" <b:bean class='org.springframework.security.util.AntUrlPathMatcher'/>" +
|
||||
" </b:constructor-arg>" +
|
||||
" <b:constructor-arg>" +
|
||||
" <b:map>" +
|
||||
" <b:entry>" +
|
||||
" <b:key>" +
|
||||
" <b:bean class='org.springframework.security.intercept.web.RequestKey'>" +
|
||||
" <b:constructor-arg index='0' value='/**'/>" +
|
||||
" <b:constructor-arg index='1' value='GET'/>" +
|
||||
" </b:bean>" +
|
||||
" </b:key>" +
|
||||
" <b:bean class='org.springframework.security.ConfigAttributeDefinition'>" +
|
||||
" <b:constructor-arg value='ROLE_A'/>" +
|
||||
" </b:bean>" +
|
||||
" </b:entry>" +
|
||||
" </b:map>" +
|
||||
" </b:constructor-arg>" +
|
||||
"</b:bean>"
|
||||
);
|
||||
|
||||
DefaultFilterInvocationDefinitionSource fids = (DefaultFilterInvocationDefinitionSource) context.getBean("fids");
|
||||
List<? extends ConfigAttribute> cad = fids.lookupAttributes("/anything", "GET");
|
||||
assertNotNull(cad);
|
||||
assertEquals(1, cad.size());
|
||||
context.close();
|
||||
}
|
||||
|
||||
private FilterInvocation createFilterInvocation(String path, String method) {
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
request.setRequestURI(null);
|
||||
|
||||
@ -146,7 +146,7 @@ public class FilterInvocationDefinitionSourceEditorTests extends TestCase {
|
||||
editor.setAsText("\\A/secure/super.*\\Z=ROLE_WE_DONT_HAVE\r\n\\A/secure/.*\\Z=ROLE_SUPERVISOR,ROLE_TELLER");
|
||||
|
||||
DefaultFilterInvocationDefinitionSource map = (DefaultFilterInvocationDefinitionSource) editor.getValue();
|
||||
Iterator iter = map.getConfigAttributeDefinitions().iterator();
|
||||
Iterator iter = map.getAllConfigAttributes().iterator();
|
||||
int counter = 0;
|
||||
|
||||
while (iter.hasNext()) {
|
||||
|
||||
@ -15,30 +15,7 @@
|
||||
|
||||
package org.springframework.security.intercept.web;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import org.springframework.security.AccessDecisionManager;
|
||||
import org.springframework.security.AccessDeniedException;
|
||||
import org.springframework.security.Authentication;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
import org.springframework.security.GrantedAuthority;
|
||||
import org.springframework.security.GrantedAuthorityImpl;
|
||||
import org.springframework.security.MockAccessDecisionManager;
|
||||
import org.springframework.security.MockAuthenticationManager;
|
||||
import org.springframework.security.MockRunAsManager;
|
||||
import org.springframework.security.RunAsManager;
|
||||
import org.springframework.security.MockApplicationEventPublisher;
|
||||
import org.springframework.security.SecurityConfig;
|
||||
import org.springframework.security.util.AntUrlPathMatcher;
|
||||
import org.springframework.security.util.RegexUrlPathMatcher;
|
||||
import org.springframework.security.context.SecurityContextHolder;
|
||||
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.LinkedHashMap;
|
||||
import java.util.List;
|
||||
@ -48,6 +25,27 @@ import javax.servlet.ServletException;
|
||||
import javax.servlet.ServletRequest;
|
||||
import javax.servlet.ServletResponse;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.security.AccessDecisionManager;
|
||||
import org.springframework.security.AccessDeniedException;
|
||||
import org.springframework.security.Authentication;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.GrantedAuthority;
|
||||
import org.springframework.security.GrantedAuthorityImpl;
|
||||
import org.springframework.security.MockAccessDecisionManager;
|
||||
import org.springframework.security.MockApplicationEventPublisher;
|
||||
import org.springframework.security.MockAuthenticationManager;
|
||||
import org.springframework.security.MockRunAsManager;
|
||||
import org.springframework.security.RunAsManager;
|
||||
import org.springframework.security.SecurityConfig;
|
||||
import org.springframework.security.context.SecurityContextHolder;
|
||||
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.util.AntUrlPathMatcher;
|
||||
import org.springframework.security.util.RegexUrlPathMatcher;
|
||||
|
||||
|
||||
/**
|
||||
* Tests {@link FilterSecurityInterceptor}.
|
||||
@ -92,7 +90,7 @@ public class FilterSecurityInterceptorTests extends TestCase {
|
||||
return true;
|
||||
}
|
||||
|
||||
public void decide(Authentication authentication, Object object, ConfigAttributeDefinition config)
|
||||
public void decide(Authentication authentication, Object object, List<ConfigAttribute> configAttributes)
|
||||
throws AccessDeniedException {
|
||||
throw new UnsupportedOperationException("mock method not implemented");
|
||||
}
|
||||
@ -124,7 +122,7 @@ public class FilterSecurityInterceptorTests extends TestCase {
|
||||
}
|
||||
|
||||
public Authentication buildRunAs(Authentication authentication, Object object,
|
||||
ConfigAttributeDefinition config) {
|
||||
List<ConfigAttribute> config) {
|
||||
throw new UnsupportedOperationException("mock method not implemented");
|
||||
}
|
||||
});
|
||||
@ -221,9 +219,9 @@ public class FilterSecurityInterceptorTests extends TestCase {
|
||||
|
||||
public void testNotLoadedFromApplicationContext() throws Exception {
|
||||
LinkedHashMap reqMap = new LinkedHashMap();
|
||||
reqMap.put(new RequestKey("/secure/**", null), new ConfigAttributeDefinition(new String[] {"ROLE_USER"}));
|
||||
reqMap.put(new RequestKey("/secure/**", null), SecurityConfig.createList("ROLE_USER"));
|
||||
DefaultFilterInvocationDefinitionSource fids
|
||||
= new DefaultFilterInvocationDefinitionSource(new AntUrlPathMatcher());
|
||||
= new DefaultFilterInvocationDefinitionSource(new AntUrlPathMatcher(), reqMap);
|
||||
|
||||
FilterSecurityInterceptor filter = new FilterSecurityInterceptor();
|
||||
filter.setObjectDefinitionSource(fids);
|
||||
@ -278,7 +276,7 @@ public class FilterSecurityInterceptorTests extends TestCase {
|
||||
}
|
||||
}
|
||||
|
||||
public Collection<List<? extends ConfigAttribute>> getConfigAttributeDefinitions() {
|
||||
public Collection<List<? extends ConfigAttribute>> getAllConfigAttributes() {
|
||||
return null;
|
||||
}
|
||||
|
||||
|
||||
@ -1,76 +0,0 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.intercept.web;
|
||||
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
import org.springframework.security.util.AntUrlPathMatcher;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.List;
|
||||
import java.util.Vector;
|
||||
|
||||
|
||||
/**
|
||||
* Mock for {@link FilterInvocationDefinitionSource}
|
||||
*
|
||||
* @author Ben Alex
|
||||
* @version $Id$
|
||||
*/
|
||||
public class MockFilterInvocationDefinitionSource extends DefaultFilterInvocationDefinitionSource {
|
||||
//~ Instance fields ================================================================================================
|
||||
|
||||
private List list;
|
||||
private boolean returnAnIterator;
|
||||
|
||||
//~ Constructors ===================================================================================================
|
||||
|
||||
public MockFilterInvocationDefinitionSource(boolean includeInvalidAttributes, boolean returnAnIteratorWhenRequested) {
|
||||
super(new AntUrlPathMatcher()); // doesn't matter
|
||||
returnAnIterator = returnAnIteratorWhenRequested;
|
||||
list = new Vector();
|
||||
|
||||
ConfigAttributeDefinition def1 = new ConfigAttributeDefinition("MOCK_LOWER");
|
||||
list.add(def1);
|
||||
|
||||
if (includeInvalidAttributes) {
|
||||
ConfigAttributeDefinition def2 = new ConfigAttributeDefinition(new String[] {"MOCK_LOWER", "INVALID_ATTRIBUTE"});
|
||||
list.add(def2);
|
||||
}
|
||||
|
||||
ConfigAttributeDefinition def3 = new ConfigAttributeDefinition(new String[] {"MOCK_UPPER","RUN_AS"});
|
||||
list.add(def3);
|
||||
|
||||
if (includeInvalidAttributes) {
|
||||
ConfigAttributeDefinition def4 = new ConfigAttributeDefinition(new String[] {"MOCK_SOMETHING","ANOTHER_INVALID"});
|
||||
list.add(def4);
|
||||
}
|
||||
}
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
public Collection<List<? extends ConfigAttribute>> getConfigAttributeDefinitions() {
|
||||
if (returnAnIterator) {
|
||||
return list;
|
||||
} else {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
public List<ConfigAttribute> lookupAttributes(String url, String method) {
|
||||
throw new UnsupportedOperationException("mock method not implemented");
|
||||
}
|
||||
}
|
||||
@ -18,12 +18,10 @@ package org.springframework.security.runas;
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import org.springframework.security.Authentication;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
import org.springframework.security.GrantedAuthority;
|
||||
import org.springframework.security.GrantedAuthorityImpl;
|
||||
import org.springframework.security.RunAsManager;
|
||||
import org.springframework.security.SecurityConfig;
|
||||
|
||||
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
|
||||
|
||||
|
||||
@ -34,46 +32,23 @@ import org.springframework.security.providers.UsernamePasswordAuthenticationToke
|
||||
* @version $Id$
|
||||
*/
|
||||
public class RunAsManagerImplTests extends TestCase {
|
||||
//~ Constructors ===================================================================================================
|
||||
|
||||
public RunAsManagerImplTests() {
|
||||
super();
|
||||
}
|
||||
|
||||
public RunAsManagerImplTests(String arg0) {
|
||||
super(arg0);
|
||||
}
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
public static void main(String[] args) {
|
||||
junit.textui.TestRunner.run(RunAsManagerImplTests.class);
|
||||
}
|
||||
|
||||
public final void setUp() throws Exception {
|
||||
super.setUp();
|
||||
}
|
||||
|
||||
public void testAlwaysSupportsClass() {
|
||||
RunAsManagerImpl runAs = new RunAsManagerImpl();
|
||||
assertTrue(runAs.supports(String.class));
|
||||
}
|
||||
|
||||
public void testDoesNotReturnAdditionalAuthoritiesIfCalledWithoutARunAsSetting()
|
||||
throws Exception {
|
||||
ConfigAttributeDefinition def = new ConfigAttributeDefinition("SOMETHING_WE_IGNORE");
|
||||
public void testDoesNotReturnAdditionalAuthoritiesIfCalledWithoutARunAsSetting() throws Exception {
|
||||
UsernamePasswordAuthenticationToken inputToken = new UsernamePasswordAuthenticationToken("Test", "Password",
|
||||
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO")});
|
||||
|
||||
RunAsManagerImpl runAs = new RunAsManagerImpl();
|
||||
runAs.setKey("my_password");
|
||||
|
||||
Authentication resultingToken = runAs.buildRunAs(inputToken, new Object(), def);
|
||||
Authentication resultingToken = runAs.buildRunAs(inputToken, new Object(), SecurityConfig.createList("SOMETHING_WE_IGNORE"));
|
||||
assertEquals(null, resultingToken);
|
||||
}
|
||||
|
||||
public void testRespectsRolePrefix() throws Exception {
|
||||
ConfigAttributeDefinition def = new ConfigAttributeDefinition("RUN_AS_SOMETHING");
|
||||
UsernamePasswordAuthenticationToken inputToken = new UsernamePasswordAuthenticationToken("Test", "Password",
|
||||
new GrantedAuthority[] {new GrantedAuthorityImpl("ONE"), new GrantedAuthorityImpl("TWO")});
|
||||
|
||||
@ -81,7 +56,7 @@ public class RunAsManagerImplTests extends TestCase {
|
||||
runAs.setKey("my_password");
|
||||
runAs.setRolePrefix("FOOBAR_");
|
||||
|
||||
Authentication resultingToken = runAs.buildRunAs(inputToken, new Object(), def);
|
||||
Authentication resultingToken = runAs.buildRunAs(inputToken, new Object(), SecurityConfig.createList("RUN_AS_SOMETHING"));
|
||||
|
||||
if (!(resultingToken instanceof RunAsUserToken)) {
|
||||
fail("Should have returned a RunAsUserToken");
|
||||
@ -98,14 +73,13 @@ public class RunAsManagerImplTests extends TestCase {
|
||||
}
|
||||
|
||||
public void testReturnsAdditionalGrantedAuthorities() throws Exception {
|
||||
ConfigAttributeDefinition def = new ConfigAttributeDefinition("RUN_AS_SOMETHING");
|
||||
UsernamePasswordAuthenticationToken inputToken = new UsernamePasswordAuthenticationToken("Test", "Password",
|
||||
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO")});
|
||||
|
||||
RunAsManagerImpl runAs = new RunAsManagerImpl();
|
||||
runAs.setKey("my_password");
|
||||
|
||||
Authentication resultingToken = runAs.buildRunAs(inputToken, new Object(), def);
|
||||
Authentication resultingToken = runAs.buildRunAs(inputToken, new Object(), SecurityConfig.createList("RUN_AS_SOMETHING"));
|
||||
|
||||
if (!(resultingToken instanceof RunAsUserToken)) {
|
||||
fail("Should have returned a RunAsUserToken");
|
||||
|
||||
@ -18,7 +18,6 @@ package org.springframework.security.securechannel;
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
import org.springframework.security.MockFilterChain;
|
||||
import org.springframework.security.SecurityConfig;
|
||||
|
||||
@ -95,7 +94,7 @@ public class ChannelDecisionManagerImplTests extends TestCase {
|
||||
MockFilterChain chain = new MockFilterChain();
|
||||
FilterInvocation fi = new FilterInvocation(request, response, chain);
|
||||
|
||||
ConfigAttributeDefinition cad = new ConfigAttributeDefinition("xyz");
|
||||
List<ConfigAttribute> cad = SecurityConfig.createList("xyz");
|
||||
|
||||
cdm.decide(fi, cad);
|
||||
assertTrue(fi.getResponse().isCommitted());
|
||||
@ -114,9 +113,7 @@ public class ChannelDecisionManagerImplTests extends TestCase {
|
||||
MockFilterChain chain = new MockFilterChain();
|
||||
FilterInvocation fi = new FilterInvocation(request, response, chain);
|
||||
|
||||
ConfigAttributeDefinition cad = new ConfigAttributeDefinition(new String[]{"abc", "ANY_CHANNEL"});
|
||||
|
||||
cdm.decide(fi, cad);
|
||||
cdm.decide(fi, SecurityConfig.createList(new String[]{"abc", "ANY_CHANNEL"}));
|
||||
assertFalse(fi.getResponse().isCommitted());
|
||||
}
|
||||
|
||||
@ -135,9 +132,7 @@ public class ChannelDecisionManagerImplTests extends TestCase {
|
||||
MockFilterChain chain = new MockFilterChain();
|
||||
FilterInvocation fi = new FilterInvocation(request, response, chain);
|
||||
|
||||
ConfigAttributeDefinition cad = new ConfigAttributeDefinition("SOME_ATTRIBUTE_NO_PROCESSORS_SUPPORT");
|
||||
|
||||
cdm.decide(fi, cad);
|
||||
cdm.decide(fi, SecurityConfig.createList("SOME_ATTRIBUTE_NO_PROCESSORS_SUPPORT"));
|
||||
assertFalse(fi.getResponse().isCommitted());
|
||||
}
|
||||
|
||||
@ -192,9 +187,9 @@ public class ChannelDecisionManagerImplTests extends TestCase {
|
||||
this.failIfCalled = failIfCalled;
|
||||
}
|
||||
|
||||
public void decide(FilterInvocation invocation, ConfigAttributeDefinition config)
|
||||
public void decide(FilterInvocation invocation, List<ConfigAttribute> config)
|
||||
throws IOException, ServletException {
|
||||
Iterator iter = config.getConfigAttributes().iterator();
|
||||
Iterator iter = config.iterator();
|
||||
|
||||
if (failIfCalled) {
|
||||
fail("Should not have called this channel processor: " + configAttribute);
|
||||
|
||||
@ -18,7 +18,6 @@ package org.springframework.security.securechannel;
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
import org.springframework.security.SecurityConfig;
|
||||
|
||||
import org.springframework.security.intercept.web.FilterInvocation;
|
||||
@ -208,7 +207,7 @@ public class ChannelProcessingFilterTests extends TestCase {
|
||||
this.supportAttribute = supportAttribute;
|
||||
}
|
||||
|
||||
public void decide(FilterInvocation invocation, ConfigAttributeDefinition config)
|
||||
public void decide(FilterInvocation invocation, List<ConfigAttribute> config)
|
||||
throws IOException, ServletException {
|
||||
if (commitAResponse) {
|
||||
invocation.getHttpResponse().sendRedirect("/redirected");
|
||||
@ -267,7 +266,7 @@ public class ChannelProcessingFilterTests extends TestCase {
|
||||
}
|
||||
}
|
||||
|
||||
public Collection<List<? extends ConfigAttribute>> getConfigAttributeDefinitions() {
|
||||
public Collection<List<? extends ConfigAttribute>> getAllConfigAttributes() {
|
||||
if (!provideIterator) {
|
||||
return null;
|
||||
}
|
||||
|
||||
@ -17,14 +17,11 @@ package org.springframework.security.securechannel;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
import org.springframework.security.MockFilterChain;
|
||||
import org.springframework.security.SecurityConfig;
|
||||
|
||||
import org.springframework.security.intercept.web.FilterInvocation;
|
||||
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.security.MockFilterChain;
|
||||
import org.springframework.security.SecurityConfig;
|
||||
import org.springframework.security.intercept.web.FilterInvocation;
|
||||
|
||||
|
||||
/**
|
||||
@ -34,19 +31,8 @@ import org.springframework.mock.web.MockHttpServletResponse;
|
||||
* @version $Id$
|
||||
*/
|
||||
public class InsecureChannelProcessorTests extends TestCase {
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
public static void main(String[] args) {
|
||||
junit.textui.TestRunner.run(InsecureChannelProcessorTests.class);
|
||||
}
|
||||
|
||||
public final void setUp() throws Exception {
|
||||
super.setUp();
|
||||
}
|
||||
|
||||
public void testDecideDetectsAcceptableChannel() throws Exception {
|
||||
ConfigAttributeDefinition cad = new ConfigAttributeDefinition(new String[]{"SOME_IGNORED_ATTRIBUTE", "REQUIRES_INSECURE_CHANNEL"});
|
||||
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
request.setQueryString("info=true");
|
||||
request.setServerName("localhost");
|
||||
@ -60,15 +46,13 @@ public class InsecureChannelProcessorTests extends TestCase {
|
||||
FilterInvocation fi = new FilterInvocation(request, response, chain);
|
||||
|
||||
InsecureChannelProcessor processor = new InsecureChannelProcessor();
|
||||
processor.decide(fi, cad);
|
||||
processor.decide(fi, SecurityConfig.createList("SOME_IGNORED_ATTRIBUTE", "REQUIRES_INSECURE_CHANNEL"));
|
||||
|
||||
assertFalse(fi.getResponse().isCommitted());
|
||||
}
|
||||
|
||||
public void testDecideDetectsUnacceptableChannel()
|
||||
throws Exception {
|
||||
ConfigAttributeDefinition cad = new ConfigAttributeDefinition(new String[]{"SOME_IGNORED_ATTRIBUTE", "REQUIRES_INSECURE_CHANNEL"});
|
||||
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
request.setQueryString("info=true");
|
||||
request.setServerName("localhost");
|
||||
@ -83,7 +67,7 @@ public class InsecureChannelProcessorTests extends TestCase {
|
||||
FilterInvocation fi = new FilterInvocation(request, response, chain);
|
||||
|
||||
InsecureChannelProcessor processor = new InsecureChannelProcessor();
|
||||
processor.decide(fi, cad);
|
||||
processor.decide(fi, SecurityConfig.createList(new String[]{"SOME_IGNORED_ATTRIBUTE", "REQUIRES_INSECURE_CHANNEL"}));
|
||||
|
||||
assertTrue(fi.getResponse().isCommitted());
|
||||
}
|
||||
|
||||
@ -17,14 +17,11 @@ package org.springframework.security.securechannel;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
import org.springframework.security.MockFilterChain;
|
||||
import org.springframework.security.SecurityConfig;
|
||||
|
||||
import org.springframework.security.intercept.web.FilterInvocation;
|
||||
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.security.MockFilterChain;
|
||||
import org.springframework.security.SecurityConfig;
|
||||
import org.springframework.security.intercept.web.FilterInvocation;
|
||||
|
||||
|
||||
/**
|
||||
@ -37,8 +34,6 @@ public class SecureChannelProcessorTests extends TestCase {
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
public void testDecideDetectsAcceptableChannel() throws Exception {
|
||||
ConfigAttributeDefinition cad = new ConfigAttributeDefinition(new String[]{"SOME_IGNORED_ATTRIBUTE", "REQUIRES_SECURE_CHANNEL"});
|
||||
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
request.setQueryString("info=true");
|
||||
request.setServerName("localhost");
|
||||
@ -53,14 +48,12 @@ public class SecureChannelProcessorTests extends TestCase {
|
||||
FilterInvocation fi = new FilterInvocation(request, response, chain);
|
||||
|
||||
SecureChannelProcessor processor = new SecureChannelProcessor();
|
||||
processor.decide(fi, cad);
|
||||
processor.decide(fi, SecurityConfig.createList("SOME_IGNORED_ATTRIBUTE", "REQUIRES_SECURE_CHANNEL"));
|
||||
|
||||
assertFalse(fi.getResponse().isCommitted());
|
||||
}
|
||||
|
||||
public void testDecideDetectsUnacceptableChannel() throws Exception {
|
||||
ConfigAttributeDefinition cad = new ConfigAttributeDefinition(new String[]{"SOME_IGNORED_ATTRIBUTE", "REQUIRES_SECURE_CHANNEL"});
|
||||
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
request.setQueryString("info=true");
|
||||
request.setServerName("localhost");
|
||||
@ -74,7 +67,7 @@ public class SecureChannelProcessorTests extends TestCase {
|
||||
FilterInvocation fi = new FilterInvocation(request, response, chain);
|
||||
|
||||
SecureChannelProcessor processor = new SecureChannelProcessor();
|
||||
processor.decide(fi, cad);
|
||||
processor.decide(fi, SecurityConfig.createList(new String[]{"SOME_IGNORED_ATTRIBUTE", "REQUIRES_SECURE_CHANNEL"}));
|
||||
|
||||
assertTrue(fi.getResponse().isCommitted());
|
||||
}
|
||||
|
||||
@ -15,29 +15,26 @@
|
||||
|
||||
package org.springframework.security.util;
|
||||
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
import org.springframework.security.MockFilterConfig;
|
||||
import org.springframework.security.SecurityConfig;
|
||||
import org.springframework.security.context.HttpSessionContextIntegrationFilter;
|
||||
import org.springframework.security.intercept.web.MockFilterInvocationDefinitionSource;
|
||||
import org.springframework.security.intercept.web.DefaultFilterInvocationDefinitionSource;
|
||||
import org.springframework.security.intercept.web.RequestKey;
|
||||
import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertFalse;
|
||||
import static org.junit.Assert.assertNotNull;
|
||||
import static org.junit.Assert.assertNull;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
import static org.junit.Assert.fail;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import org.junit.After;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.springframework.beans.factory.BeanCreationException;
|
||||
import org.springframework.context.support.ClassPathXmlApplicationContext;
|
||||
import org.springframework.context.support.StaticApplicationContext;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
|
||||
import org.junit.After;
|
||||
import static org.junit.Assert.*;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
|
||||
import java.util.LinkedHashMap;
|
||||
import java.util.List;
|
||||
import org.springframework.security.MockFilterConfig;
|
||||
import org.springframework.security.context.HttpSessionContextIntegrationFilter;
|
||||
import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;
|
||||
|
||||
/**
|
||||
* Tests {@link FilterChainProxy}.
|
||||
@ -63,31 +60,6 @@ public class FilterChainProxyTests {
|
||||
}
|
||||
}
|
||||
|
||||
@Test(expected=IllegalArgumentException.class)
|
||||
public void testDetectsFilterInvocationDefinitionSourceThatDoesNotReturnAllConfigAttributes() throws Exception {
|
||||
FilterChainProxy filterChainProxy = new FilterChainProxy();
|
||||
filterChainProxy.setApplicationContext(new StaticApplicationContext());
|
||||
|
||||
filterChainProxy.setFilterInvocationDefinitionSource(new MockFilterInvocationDefinitionSource(false, false));
|
||||
filterChainProxy.afterPropertiesSet();
|
||||
}
|
||||
|
||||
@Test(expected=IllegalArgumentException.class)
|
||||
public void testDetectsIfConfigAttributeDoesNotReturnValueForGetAttributeMethod() throws Exception {
|
||||
FilterChainProxy filterChainProxy = new FilterChainProxy();
|
||||
filterChainProxy.setApplicationContext(new StaticApplicationContext());
|
||||
|
||||
LinkedHashMap map = new LinkedHashMap();
|
||||
map.put(new RequestKey("/**"), SecurityConfig.createList(null));
|
||||
DefaultFilterInvocationDefinitionSource fids =
|
||||
new DefaultFilterInvocationDefinitionSource(new AntUrlPathMatcher(), map);
|
||||
|
||||
filterChainProxy.setFilterInvocationDefinitionSource(fids);
|
||||
|
||||
filterChainProxy.afterPropertiesSet();
|
||||
filterChainProxy.init(new MockFilterConfig());
|
||||
}
|
||||
|
||||
@Test(expected = IllegalArgumentException.class)
|
||||
public void testDetectsMissingFilterInvocationDefinitionSource() throws Exception {
|
||||
FilterChainProxy filterChainProxy = new FilterChainProxy();
|
||||
|
||||
@ -20,7 +20,6 @@ import junit.framework.TestCase;
|
||||
import org.springframework.security.AccessDeniedException;
|
||||
import org.springframework.security.Authentication;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
import org.springframework.security.SecurityConfig;
|
||||
|
||||
import java.util.List;
|
||||
@ -162,7 +161,7 @@ public class AbstractAccessDecisionManagerTests extends TestCase {
|
||||
//~ Inner Classes ==================================================================================================
|
||||
|
||||
private class MockDecisionManagerImpl extends AbstractAccessDecisionManager {
|
||||
public void decide(Authentication authentication, Object object, ConfigAttributeDefinition config)
|
||||
public void decide(Authentication authentication, Object object, List<ConfigAttribute> configAttributes)
|
||||
throws AccessDeniedException {
|
||||
return;
|
||||
}
|
||||
@ -181,7 +180,7 @@ public class AbstractAccessDecisionManagerTests extends TestCase {
|
||||
throw new UnsupportedOperationException("mock method not implemented");
|
||||
}
|
||||
|
||||
public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config) {
|
||||
public int vote(Authentication authentication, Object object, List<ConfigAttribute> attributes) {
|
||||
throw new UnsupportedOperationException("mock method not implemented");
|
||||
}
|
||||
}
|
||||
|
||||
@ -15,18 +15,18 @@
|
||||
|
||||
package org.springframework.security.vote;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.springframework.security.AccessDeniedException;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
import org.springframework.security.GrantedAuthority;
|
||||
import org.springframework.security.GrantedAuthorityImpl;
|
||||
|
||||
import org.springframework.security.SecurityConfig;
|
||||
import org.springframework.security.providers.TestingAuthenticationToken;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Vector;
|
||||
|
||||
|
||||
/**
|
||||
* Tests {@link AffirmativeBased}.
|
||||
@ -34,29 +34,14 @@ import java.util.Vector;
|
||||
* @author Ben Alex
|
||||
* @version $Id$
|
||||
*/
|
||||
public class AffirmativeBasedTests extends TestCase {
|
||||
//~ Constructors ===================================================================================================
|
||||
|
||||
public AffirmativeBasedTests() {
|
||||
super();
|
||||
}
|
||||
|
||||
public AffirmativeBasedTests(String arg0) {
|
||||
super(arg0);
|
||||
}
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
public static void main(String[] args) {
|
||||
junit.textui.TestRunner.run(AffirmativeBasedTests.class);
|
||||
}
|
||||
public class AffirmativeBasedTests {
|
||||
|
||||
private AffirmativeBased makeDecisionManager() {
|
||||
AffirmativeBased decisionManager = new AffirmativeBased();
|
||||
RoleVoter roleVoter = new RoleVoter();
|
||||
DenyVoter denyForSureVoter = new DenyVoter();
|
||||
DenyAgainVoter denyAgainForSureVoter = new DenyAgainVoter();
|
||||
List voters = new Vector();
|
||||
List voters = new ArrayList();
|
||||
voters.add(roleVoter);
|
||||
voters.add(denyForSureVoter);
|
||||
voters.add(denyAgainForSureVoter);
|
||||
@ -70,85 +55,55 @@ public class AffirmativeBasedTests extends TestCase {
|
||||
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_1"), new GrantedAuthorityImpl("ROLE_2")});
|
||||
}
|
||||
|
||||
public final void setUp() throws Exception {
|
||||
super.setUp();
|
||||
}
|
||||
|
||||
public void testOneAffirmativeVoteOneDenyVoteOneAbstainVoteGrantsAccess()
|
||||
throws Exception {
|
||||
@Test
|
||||
public void testOneAffirmativeVoteOneDenyVoteOneAbstainVoteGrantsAccess() throws Exception {
|
||||
TestingAuthenticationToken auth = makeTestToken();
|
||||
AffirmativeBased mgr = makeDecisionManager();
|
||||
|
||||
ConfigAttributeDefinition config = new ConfigAttributeDefinition(new String[]{"ROLE_1", "DENY_FOR_SURE"});
|
||||
|
||||
mgr.decide(auth, new Object(), config);
|
||||
assertTrue(true);
|
||||
mgr.decide(auth, new Object(), SecurityConfig.createList(new String[]{"ROLE_1", "DENY_FOR_SURE"}));
|
||||
}
|
||||
|
||||
public void testOneAffirmativeVoteTwoAbstainVotesGrantsAccess()
|
||||
throws Exception {
|
||||
@Test
|
||||
public void testOneAffirmativeVoteTwoAbstainVotesGrantsAccess() throws Exception {
|
||||
TestingAuthenticationToken auth = makeTestToken();
|
||||
AffirmativeBased mgr = makeDecisionManager();
|
||||
|
||||
ConfigAttributeDefinition config = new ConfigAttributeDefinition("ROLE_2");
|
||||
|
||||
mgr.decide(auth, new Object(), config);
|
||||
assertTrue(true);
|
||||
mgr.decide(auth, new Object(), SecurityConfig.createList("ROLE_2"));
|
||||
}
|
||||
|
||||
public void testOneDenyVoteTwoAbstainVotesDeniesAccess()
|
||||
throws Exception {
|
||||
@Test(expected=AccessDeniedException.class)
|
||||
public void testOneDenyVoteTwoAbstainVotesDeniesAccess() throws Exception {
|
||||
TestingAuthenticationToken auth = makeTestToken();
|
||||
AffirmativeBased mgr = makeDecisionManager();
|
||||
|
||||
ConfigAttributeDefinition config = new ConfigAttributeDefinition("ROLE_WE_DO_NOT_HAVE");
|
||||
|
||||
try {
|
||||
mgr.decide(auth, new Object(), config);
|
||||
fail("Should have thrown AccessDeniedException");
|
||||
} catch (AccessDeniedException expected) {
|
||||
assertTrue(true);
|
||||
}
|
||||
mgr.decide(auth, new Object(), SecurityConfig.createList("ROLE_WE_DO_NOT_HAVE"));
|
||||
}
|
||||
|
||||
public void testThreeAbstainVotesDeniesAccessWithDefault()
|
||||
throws Exception {
|
||||
@Test(expected=AccessDeniedException.class)
|
||||
public void testThreeAbstainVotesDeniesAccessWithDefault() throws Exception {
|
||||
TestingAuthenticationToken auth = makeTestToken();
|
||||
AffirmativeBased mgr = makeDecisionManager();
|
||||
|
||||
assertTrue(!mgr.isAllowIfAllAbstainDecisions()); // check default
|
||||
|
||||
ConfigAttributeDefinition config = new ConfigAttributeDefinition("IGNORED_BY_ALL");
|
||||
|
||||
try {
|
||||
mgr.decide(auth, new Object(), config);
|
||||
fail("Should have thrown AccessDeniedException");
|
||||
} catch (AccessDeniedException expected) {
|
||||
assertTrue(true);
|
||||
}
|
||||
mgr.decide(auth, new Object(), SecurityConfig.createList("IGNORED_BY_ALL"));
|
||||
}
|
||||
|
||||
public void testThreeAbstainVotesGrantsAccessWithoutDefault()
|
||||
throws Exception {
|
||||
@Test
|
||||
public void testThreeAbstainVotesGrantsAccessWithoutDefault() throws Exception {
|
||||
TestingAuthenticationToken auth = makeTestToken();
|
||||
AffirmativeBased mgr = makeDecisionManager();
|
||||
mgr.setAllowIfAllAbstainDecisions(true);
|
||||
assertTrue(mgr.isAllowIfAllAbstainDecisions()); // check changed
|
||||
|
||||
ConfigAttributeDefinition config = new ConfigAttributeDefinition("IGNORED_BY_ALL");
|
||||
|
||||
mgr.decide(auth, new Object(), config);
|
||||
assertTrue(true);
|
||||
mgr.decide(auth, new Object(), SecurityConfig.createList("IGNORED_BY_ALL"));
|
||||
}
|
||||
|
||||
public void testTwoAffirmativeVotesTwoAbstainVotesGrantsAccess()
|
||||
throws Exception {
|
||||
@Test
|
||||
public void testTwoAffirmativeVotesTwoAbstainVotesGrantsAccess() throws Exception {
|
||||
TestingAuthenticationToken auth = makeTestToken();
|
||||
AffirmativeBased mgr = makeDecisionManager();
|
||||
|
||||
ConfigAttributeDefinition config = new ConfigAttributeDefinition(new String[]{"ROLE_1", "ROLE_2"});
|
||||
|
||||
mgr.decide(auth, new Object(), config);
|
||||
assertTrue(true);
|
||||
mgr.decide(auth, new Object(), SecurityConfig.createList("ROLE_1", "ROLE_2"));
|
||||
}
|
||||
}
|
||||
|
||||
@ -15,14 +15,15 @@
|
||||
|
||||
package org.springframework.security.vote;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import org.springframework.security.Authentication;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.GrantedAuthority;
|
||||
import org.springframework.security.GrantedAuthorityImpl;
|
||||
import org.springframework.security.SecurityConfig;
|
||||
|
||||
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.providers.anonymous.AnonymousAuthenticationToken;
|
||||
import org.springframework.security.providers.rememberme.RememberMeAuthenticationToken;
|
||||
@ -35,17 +36,6 @@ import org.springframework.security.providers.rememberme.RememberMeAuthenticatio
|
||||
* @version $Id$
|
||||
*/
|
||||
public class AuthenticatedVoterTests extends TestCase {
|
||||
//~ Constructors ===================================================================================================
|
||||
|
||||
public AuthenticatedVoterTests() {
|
||||
super();
|
||||
}
|
||||
|
||||
public AuthenticatedVoterTests(String arg0) {
|
||||
super(arg0);
|
||||
}
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
private Authentication createAnonymous() {
|
||||
return new AnonymousAuthenticationToken("ignored", "ignored",
|
||||
@ -62,17 +52,9 @@ public class AuthenticatedVoterTests extends TestCase {
|
||||
new GrantedAuthority[] {new GrantedAuthorityImpl("ignored")});
|
||||
}
|
||||
|
||||
public static void main(String[] args) {
|
||||
junit.textui.TestRunner.run(AuthenticatedVoterTests.class);
|
||||
}
|
||||
|
||||
public final void setUp() throws Exception {
|
||||
super.setUp();
|
||||
}
|
||||
|
||||
public void testAnonymousWorks() {
|
||||
AuthenticatedVoter voter = new AuthenticatedVoter();
|
||||
ConfigAttributeDefinition def = new ConfigAttributeDefinition(AuthenticatedVoter.IS_AUTHENTICATED_ANONYMOUSLY);
|
||||
List<ConfigAttribute> def = SecurityConfig.createList(AuthenticatedVoter.IS_AUTHENTICATED_ANONYMOUSLY);
|
||||
assertEquals(AccessDecisionVoter.ACCESS_GRANTED, voter.vote(createAnonymous(), null, def));
|
||||
assertEquals(AccessDecisionVoter.ACCESS_GRANTED, voter.vote(createRememberMe(), null, def));
|
||||
assertEquals(AccessDecisionVoter.ACCESS_GRANTED, voter.vote(createFullyAuthenticated(), null, def));
|
||||
@ -80,7 +62,7 @@ public class AuthenticatedVoterTests extends TestCase {
|
||||
|
||||
public void testFullyWorks() {
|
||||
AuthenticatedVoter voter = new AuthenticatedVoter();
|
||||
ConfigAttributeDefinition def = new ConfigAttributeDefinition(AuthenticatedVoter.IS_AUTHENTICATED_FULLY);
|
||||
List<ConfigAttribute> def = SecurityConfig.createList(AuthenticatedVoter.IS_AUTHENTICATED_FULLY);
|
||||
assertEquals(AccessDecisionVoter.ACCESS_DENIED, voter.vote(createAnonymous(), null, def));
|
||||
assertEquals(AccessDecisionVoter.ACCESS_DENIED, voter.vote(createRememberMe(), null, def));
|
||||
assertEquals(AccessDecisionVoter.ACCESS_GRANTED, voter.vote(createFullyAuthenticated(), null, def));
|
||||
@ -88,7 +70,7 @@ public class AuthenticatedVoterTests extends TestCase {
|
||||
|
||||
public void testRememberMeWorks() {
|
||||
AuthenticatedVoter voter = new AuthenticatedVoter();
|
||||
ConfigAttributeDefinition def = new ConfigAttributeDefinition(AuthenticatedVoter.IS_AUTHENTICATED_REMEMBERED);
|
||||
List<ConfigAttribute> def = SecurityConfig.createList(AuthenticatedVoter.IS_AUTHENTICATED_REMEMBERED);
|
||||
assertEquals(AccessDecisionVoter.ACCESS_DENIED, voter.vote(createAnonymous(), null, def));
|
||||
assertEquals(AccessDecisionVoter.ACCESS_GRANTED, voter.vote(createRememberMe(), null, def));
|
||||
assertEquals(AccessDecisionVoter.ACCESS_GRANTED, voter.vote(createFullyAuthenticated(), null, def));
|
||||
|
||||
@ -15,10 +15,15 @@
|
||||
|
||||
package org.springframework.security.vote;
|
||||
|
||||
import java.lang.reflect.Method;
|
||||
import java.util.List;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import org.aopalliance.intercept.MethodInvocation;
|
||||
import org.aspectj.lang.JoinPoint;
|
||||
import org.springframework.security.AuthorizationServiceException;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.MockAclManager;
|
||||
import org.springframework.security.SecurityConfig;
|
||||
import org.springframework.security.acl.AclEntry;
|
||||
@ -27,10 +32,6 @@ import org.springframework.security.acl.basic.MockAclObjectIdentity;
|
||||
import org.springframework.security.acl.basic.SimpleAclEntry;
|
||||
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.util.SimpleMethodInvocation;
|
||||
import org.aopalliance.intercept.MethodInvocation;
|
||||
import org.aspectj.lang.JoinPoint;
|
||||
|
||||
import java.lang.reflect.Method;
|
||||
|
||||
/**
|
||||
* Tests {@link BasicAclEntryVoter}.
|
||||
@ -93,7 +94,7 @@ public class BasicAclEntryVoterTests extends TestCase {
|
||||
voter.afterPropertiesSet();
|
||||
|
||||
// Wire up an invocation to be voted on
|
||||
ConfigAttributeDefinition attr = new ConfigAttributeDefinition("FOO_ADMIN_OR_WRITE_ACCESS");
|
||||
List<ConfigAttribute> attr = SecurityConfig.createList("FOO_ADMIN_OR_WRITE_ACCESS");
|
||||
|
||||
// Setup a MockMethodInvocation, so voter can retrieve domainObject
|
||||
MethodInvocation mi = getMethodInvocation(domainObject);
|
||||
@ -213,7 +214,7 @@ public class BasicAclEntryVoterTests extends TestCase {
|
||||
voter.afterPropertiesSet();
|
||||
|
||||
// Wire up an invocation to be voted on
|
||||
ConfigAttributeDefinition attr = new ConfigAttributeDefinition("A_DIFFERENT_ATTRIBUTE");
|
||||
List<ConfigAttribute> attr = SecurityConfig.createList("A_DIFFERENT_ATTRIBUTE");
|
||||
|
||||
// Setup a MockMethodInvocation, so voter can retrieve domainObject
|
||||
MethodInvocation mi = getMethodInvocation(domainObject);
|
||||
@ -245,7 +246,7 @@ public class BasicAclEntryVoterTests extends TestCase {
|
||||
voter.afterPropertiesSet();
|
||||
|
||||
// Wire up an invocation to be voted on
|
||||
ConfigAttributeDefinition attr = new ConfigAttributeDefinition("FOO_ADMIN_OR_WRITE_ACCESS");
|
||||
List<ConfigAttribute> attr = SecurityConfig.createList("FOO_ADMIN_OR_WRITE_ACCESS");
|
||||
|
||||
// Setup a MockMethodInvocation, so voter can retrieve domainObject
|
||||
MethodInvocation mi = getMethodInvocation(domainObject);
|
||||
@ -276,7 +277,7 @@ public class BasicAclEntryVoterTests extends TestCase {
|
||||
voter.afterPropertiesSet();
|
||||
|
||||
// Wire up an invocation to be voted on
|
||||
ConfigAttributeDefinition attr = new ConfigAttributeDefinition("FOO_ADMIN_OR_WRITE_ACCESS");
|
||||
List<ConfigAttribute> attr = SecurityConfig.createList("FOO_ADMIN_OR_WRITE_ACCESS");
|
||||
|
||||
// Setup a MockMethodInvocation, so voter can retrieve domainObject
|
||||
MethodInvocation mi = getMethodInvocation(domainObject);
|
||||
@ -307,7 +308,7 @@ public class BasicAclEntryVoterTests extends TestCase {
|
||||
voter.afterPropertiesSet();
|
||||
|
||||
// Wire up an invocation to be voted on
|
||||
ConfigAttributeDefinition attr = new ConfigAttributeDefinition("FOO_ADMIN_OR_WRITE_ACCESS");
|
||||
List<ConfigAttribute> attr = SecurityConfig.createList("FOO_ADMIN_OR_WRITE_ACCESS");
|
||||
|
||||
// Setup a MockMethodInvocation, so voter can retrieve domainObject
|
||||
MethodInvocation mi = getMethodInvocation(domainObject);
|
||||
@ -342,7 +343,7 @@ public class BasicAclEntryVoterTests extends TestCase {
|
||||
voter.afterPropertiesSet();
|
||||
|
||||
// Wire up an invocation to be voted on
|
||||
ConfigAttributeDefinition attr = new ConfigAttributeDefinition("FOO_ADMIN_OR_WRITE_ACCESS");
|
||||
List<ConfigAttribute> attr = SecurityConfig.createList("FOO_ADMIN_OR_WRITE_ACCESS");
|
||||
|
||||
// Setup a MockMethodInvocation, so voter can retrieve domainObject
|
||||
// (well actually it will access domainObject.getParent())
|
||||
@ -376,7 +377,7 @@ public class BasicAclEntryVoterTests extends TestCase {
|
||||
voter.afterPropertiesSet();
|
||||
|
||||
// Wire up an invocation to be voted on
|
||||
ConfigAttributeDefinition attr = new ConfigAttributeDefinition("FOO_ADMIN_OR_WRITE_ACCESS");
|
||||
List<ConfigAttribute> attr = SecurityConfig.createList("FOO_ADMIN_OR_WRITE_ACCESS");
|
||||
|
||||
// Setup a MockMethodInvocation, so voter can retrieve domainObject
|
||||
// (well actually it will access domainObject.getParent())
|
||||
@ -413,7 +414,7 @@ public class BasicAclEntryVoterTests extends TestCase {
|
||||
voter.afterPropertiesSet();
|
||||
|
||||
// Wire up an invocation to be voted on
|
||||
ConfigAttributeDefinition attr = new ConfigAttributeDefinition("FOO_ADMIN_OR_WRITE_ACCESS");
|
||||
List<ConfigAttribute> attr = SecurityConfig.createList("FOO_ADMIN_OR_WRITE_ACCESS");
|
||||
|
||||
// Setup a MockMethodInvocation that doesn't provide SomeDomainObject arg
|
||||
Class clazz = String.class;
|
||||
|
||||
@ -15,15 +15,17 @@
|
||||
|
||||
package org.springframework.security.vote;
|
||||
|
||||
import static org.junit.Assert.*;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Vector;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.springframework.security.AccessDeniedException;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.GrantedAuthority;
|
||||
import org.springframework.security.GrantedAuthorityImpl;
|
||||
import org.springframework.security.SecurityConfig;
|
||||
import org.springframework.security.providers.TestingAuthenticationToken;
|
||||
|
||||
|
||||
@ -33,98 +35,77 @@ import org.springframework.security.providers.TestingAuthenticationToken;
|
||||
* @author Ben Alex
|
||||
* @version $Id$
|
||||
*/
|
||||
public class ConsensusBasedTests extends TestCase {
|
||||
|
||||
//~ Methods ================================================================
|
||||
public class ConsensusBasedTests {
|
||||
|
||||
@Test(expected=AccessDeniedException.class)
|
||||
public void testOneAffirmativeVoteOneDenyVoteOneAbstainVoteDeniesAccessWithoutDefault() throws Exception {
|
||||
TestingAuthenticationToken auth = makeTestToken();
|
||||
ConsensusBased mgr = makeDecisionManager();
|
||||
mgr.setAllowIfEqualGrantedDeniedDecisions(false);
|
||||
assertTrue(!mgr.isAllowIfEqualGrantedDeniedDecisions()); // check changed
|
||||
|
||||
ConfigAttributeDefinition config = new ConfigAttributeDefinition(new String[]{"ROLE_1", "DENY_FOR_SURE"});
|
||||
List<ConfigAttribute> config = SecurityConfig.createList(new String[]{"ROLE_1", "DENY_FOR_SURE"});
|
||||
|
||||
try {
|
||||
mgr.decide(auth, new Object(), config);
|
||||
fail("Should have thrown AccessDeniedException");
|
||||
} catch (AccessDeniedException expected) {
|
||||
assertTrue(true);
|
||||
}
|
||||
mgr.decide(auth, new Object(), config);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testOneAffirmativeVoteOneDenyVoteOneAbstainVoteGrantsAccessWithDefault() throws Exception {
|
||||
TestingAuthenticationToken auth = makeTestToken();
|
||||
ConsensusBased mgr = makeDecisionManager();
|
||||
|
||||
assertTrue(mgr.isAllowIfEqualGrantedDeniedDecisions()); // check default
|
||||
|
||||
ConfigAttributeDefinition config = new ConfigAttributeDefinition(new String[]{"ROLE_1", "DENY_FOR_SURE"});
|
||||
List<ConfigAttribute> config = SecurityConfig.createList(new String[]{"ROLE_1", "DENY_FOR_SURE"});
|
||||
|
||||
mgr.decide(auth, new Object(), config);
|
||||
assertTrue(true);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testOneAffirmativeVoteTwoAbstainVotesGrantsAccess() throws Exception {
|
||||
TestingAuthenticationToken auth = makeTestToken();
|
||||
ConsensusBased mgr = makeDecisionManager();
|
||||
|
||||
ConfigAttributeDefinition config = new ConfigAttributeDefinition("ROLE_2");
|
||||
|
||||
mgr.decide(auth, new Object(), config);
|
||||
mgr.decide(auth, new Object(), SecurityConfig.createList("ROLE_2"));
|
||||
assertTrue(true);
|
||||
}
|
||||
|
||||
@Test(expected=AccessDeniedException.class)
|
||||
public void testOneDenyVoteTwoAbstainVotesDeniesAccess() throws Exception {
|
||||
TestingAuthenticationToken auth = makeTestToken();
|
||||
ConsensusBased mgr = makeDecisionManager();
|
||||
|
||||
ConfigAttributeDefinition config = new ConfigAttributeDefinition("ROLE_WE_DO_NOT_HAVE");
|
||||
|
||||
try {
|
||||
mgr.decide(auth, new Object(), config);
|
||||
fail("Should have thrown AccessDeniedException");
|
||||
} catch (AccessDeniedException expected) {
|
||||
assertTrue(true);
|
||||
}
|
||||
mgr.decide(auth, new Object(), SecurityConfig.createList("ROLE_WE_DO_NOT_HAVE"));
|
||||
fail("Should have thrown AccessDeniedException");
|
||||
}
|
||||
|
||||
@Test(expected=AccessDeniedException.class)
|
||||
public void testThreeAbstainVotesDeniesAccessWithDefault() throws Exception {
|
||||
TestingAuthenticationToken auth = makeTestToken();
|
||||
ConsensusBased mgr = makeDecisionManager();
|
||||
|
||||
assertTrue(!mgr.isAllowIfAllAbstainDecisions()); // check default
|
||||
|
||||
ConfigAttributeDefinition config = new ConfigAttributeDefinition("IGNORED_BY_ALL");
|
||||
|
||||
try {
|
||||
mgr.decide(auth, new Object(), config);
|
||||
fail("Should have thrown AccessDeniedException");
|
||||
} catch (AccessDeniedException expected) {
|
||||
assertTrue(true);
|
||||
}
|
||||
mgr.decide(auth, new Object(), SecurityConfig.createList("IGNORED_BY_ALL"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testThreeAbstainVotesGrantsAccessWithoutDefault() throws Exception {
|
||||
TestingAuthenticationToken auth = makeTestToken();
|
||||
ConsensusBased mgr = makeDecisionManager();
|
||||
mgr.setAllowIfAllAbstainDecisions(true);
|
||||
assertTrue(mgr.isAllowIfAllAbstainDecisions()); // check changed
|
||||
|
||||
ConfigAttributeDefinition config = new ConfigAttributeDefinition("IGNORED_BY_ALL");
|
||||
|
||||
mgr.decide(auth, new Object(), config);
|
||||
assertTrue(true);
|
||||
mgr.decide(auth, new Object(), SecurityConfig.createList("IGNORED_BY_ALL"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testTwoAffirmativeVotesTwoAbstainVotesGrantsAccess() throws Exception {
|
||||
TestingAuthenticationToken auth = makeTestToken();
|
||||
ConsensusBased mgr = makeDecisionManager();
|
||||
|
||||
ConfigAttributeDefinition config = new ConfigAttributeDefinition(new String[]{"ROLE_1", "ROLE_2"});
|
||||
|
||||
mgr.decide(auth, new Object(), config);
|
||||
assertTrue(true);
|
||||
mgr.decide(auth, new Object(), SecurityConfig.createList(new String[]{"ROLE_1", "ROLE_2"}));
|
||||
}
|
||||
|
||||
private ConsensusBased makeDecisionManager() {
|
||||
|
||||
@ -17,9 +17,9 @@ package org.springframework.security.vote;
|
||||
|
||||
import org.springframework.security.Authentication;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* Implementation of an {@link AccessDecisionVoter} for unit testing.
|
||||
@ -35,34 +35,34 @@ import java.util.Iterator;
|
||||
* @version $Id$
|
||||
*/
|
||||
public class DenyAgainVoter implements AccessDecisionVoter {
|
||||
// ~ Methods
|
||||
// ========================================================================================================
|
||||
// ~ Methods
|
||||
// ========================================================================================================
|
||||
|
||||
public boolean supports(ConfigAttribute attribute) {
|
||||
if ("DENY_AGAIN_FOR_SURE".equals(attribute.getAttribute())) {
|
||||
return true;
|
||||
}
|
||||
else {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
public boolean supports(ConfigAttribute attribute) {
|
||||
if ("DENY_AGAIN_FOR_SURE".equals(attribute.getAttribute())) {
|
||||
return true;
|
||||
}
|
||||
else {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
public boolean supports(Class clazz) {
|
||||
return true;
|
||||
}
|
||||
public boolean supports(Class clazz) {
|
||||
return true;
|
||||
}
|
||||
|
||||
public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config) {
|
||||
Iterator iter = config.getConfigAttributes().iterator();
|
||||
public int vote(Authentication authentication, Object object, List<ConfigAttribute> attributes) {
|
||||
Iterator iter = attributes.iterator();
|
||||
|
||||
while (iter.hasNext()) {
|
||||
ConfigAttribute attribute = (ConfigAttribute) iter.next();
|
||||
while (iter.hasNext()) {
|
||||
ConfigAttribute attribute = (ConfigAttribute) iter.next();
|
||||
|
||||
if (this.supports(attribute)) {
|
||||
return ACCESS_DENIED;
|
||||
}
|
||||
}
|
||||
if (this.supports(attribute)) {
|
||||
return ACCESS_DENIED;
|
||||
}
|
||||
}
|
||||
|
||||
return ACCESS_ABSTAIN;
|
||||
}
|
||||
return ACCESS_ABSTAIN;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -17,9 +17,9 @@ package org.springframework.security.vote;
|
||||
|
||||
import org.springframework.security.Authentication;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
|
||||
|
||||
/**
|
||||
@ -45,8 +45,8 @@ public class DenyVoter implements AccessDecisionVoter {
|
||||
return true;
|
||||
}
|
||||
|
||||
public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config) {
|
||||
Iterator iter = config.getConfigAttributes().iterator();
|
||||
public int vote(Authentication authentication, Object object, List<ConfigAttribute> attributes) {
|
||||
Iterator iter = attributes.iterator();
|
||||
|
||||
while (iter.hasNext()) {
|
||||
ConfigAttribute attribute = (ConfigAttribute) iter.next();
|
||||
|
||||
@ -1,24 +1,23 @@
|
||||
package org.springframework.security.vote;
|
||||
|
||||
import static org.junit.Assert.*;
|
||||
import static org.junit.Assert.assertEquals;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
import org.springframework.security.SecurityConfig;
|
||||
import org.springframework.security.providers.TestingAuthenticationToken;
|
||||
import org.springframework.security.userdetails.hierarchicalroles.RoleHierarchyImpl;
|
||||
|
||||
public class RoleHierarchyVoterTests {
|
||||
|
||||
@Test
|
||||
public void hierarchicalRoleIsIncludedInDecision() {
|
||||
@Test
|
||||
public void hierarchicalRoleIsIncludedInDecision() {
|
||||
RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl();
|
||||
roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B");
|
||||
|
||||
// User has role A, role B is required
|
||||
TestingAuthenticationToken auth = new TestingAuthenticationToken("user", "password", "ROLE_A");
|
||||
RoleHierarchyVoter voter = new RoleHierarchyVoter(roleHierarchyImpl);
|
||||
ConfigAttributeDefinition config = new ConfigAttributeDefinition("ROLE_B");
|
||||
|
||||
assertEquals(RoleHierarchyVoter.ACCESS_GRANTED, voter.vote(auth, new Object(), config));
|
||||
}
|
||||
assertEquals(RoleHierarchyVoter.ACCESS_GRANTED, voter.vote(auth, new Object(), SecurityConfig.createList("ROLE_B")));
|
||||
}
|
||||
}
|
||||
|
||||
@ -15,18 +15,18 @@
|
||||
|
||||
package org.springframework.security.vote;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Vector;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import org.springframework.security.AccessDeniedException;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.GrantedAuthority;
|
||||
import org.springframework.security.GrantedAuthorityImpl;
|
||||
|
||||
import org.springframework.security.SecurityConfig;
|
||||
import org.springframework.security.providers.TestingAuthenticationToken;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Vector;
|
||||
|
||||
|
||||
/**
|
||||
* Tests {@link UnanimousBased}.
|
||||
@ -86,7 +86,7 @@ public class UnanimousBasedTests extends TestCase {
|
||||
TestingAuthenticationToken auth = makeTestToken();
|
||||
UnanimousBased mgr = makeDecisionManager();
|
||||
|
||||
ConfigAttributeDefinition config = new ConfigAttributeDefinition(new String[]{"ROLE_1", "DENY_FOR_SURE"});
|
||||
List<ConfigAttribute> config = SecurityConfig.createList(new String[]{"ROLE_1", "DENY_FOR_SURE"});
|
||||
|
||||
try {
|
||||
mgr.decide(auth, new Object(), config);
|
||||
@ -100,7 +100,7 @@ public class UnanimousBasedTests extends TestCase {
|
||||
TestingAuthenticationToken auth = makeTestToken();
|
||||
UnanimousBased mgr = makeDecisionManager();
|
||||
|
||||
ConfigAttributeDefinition config = new ConfigAttributeDefinition("ROLE_2");
|
||||
List<ConfigAttribute> config = SecurityConfig.createList("ROLE_2");
|
||||
|
||||
mgr.decide(auth, new Object(), config);
|
||||
assertTrue(true);
|
||||
@ -110,7 +110,7 @@ public class UnanimousBasedTests extends TestCase {
|
||||
TestingAuthenticationToken auth = makeTestToken();
|
||||
UnanimousBased mgr = makeDecisionManager();
|
||||
|
||||
ConfigAttributeDefinition config = new ConfigAttributeDefinition("ROLE_WE_DO_NOT_HAVE");
|
||||
List<ConfigAttribute> config = SecurityConfig.createList("ROLE_WE_DO_NOT_HAVE");
|
||||
|
||||
try {
|
||||
mgr.decide(auth, new Object(), config);
|
||||
@ -124,7 +124,7 @@ public class UnanimousBasedTests extends TestCase {
|
||||
TestingAuthenticationToken auth = makeTestTokenWithFooBarPrefix();
|
||||
UnanimousBased mgr = makeDecisionManagerWithFooBarPrefix();
|
||||
|
||||
ConfigAttributeDefinition config = new ConfigAttributeDefinition(new String[]{"FOOBAR_1", "FOOBAR_2"});
|
||||
List<ConfigAttribute> config = SecurityConfig.createList(new String[]{"FOOBAR_1", "FOOBAR_2"});
|
||||
|
||||
mgr.decide(auth, new Object(), config);
|
||||
assertTrue(true);
|
||||
@ -136,7 +136,7 @@ public class UnanimousBasedTests extends TestCase {
|
||||
|
||||
assertTrue(!mgr.isAllowIfAllAbstainDecisions()); // check default
|
||||
|
||||
ConfigAttributeDefinition config = new ConfigAttributeDefinition("IGNORED_BY_ALL");
|
||||
List<ConfigAttribute> config = SecurityConfig.createList("IGNORED_BY_ALL");
|
||||
|
||||
try {
|
||||
mgr.decide(auth, new Object(), config);
|
||||
@ -152,7 +152,7 @@ public class UnanimousBasedTests extends TestCase {
|
||||
mgr.setAllowIfAllAbstainDecisions(true);
|
||||
assertTrue(mgr.isAllowIfAllAbstainDecisions()); // check changed
|
||||
|
||||
ConfigAttributeDefinition config = new ConfigAttributeDefinition("IGNORED_BY_ALL");
|
||||
List<ConfigAttribute> config = SecurityConfig.createList("IGNORED_BY_ALL");
|
||||
|
||||
mgr.decide(auth, new Object(), config);
|
||||
assertTrue(true);
|
||||
@ -162,7 +162,7 @@ public class UnanimousBasedTests extends TestCase {
|
||||
TestingAuthenticationToken auth = makeTestToken();
|
||||
UnanimousBased mgr = makeDecisionManager();
|
||||
|
||||
ConfigAttributeDefinition config = new ConfigAttributeDefinition(new String[]{"ROLE_1", "ROLE_2"});
|
||||
List<ConfigAttribute> config = SecurityConfig.createList(new String[]{"ROLE_1", "ROLE_2"});
|
||||
|
||||
mgr.decide(auth, new Object(), config);
|
||||
assertTrue(true);
|
||||
|
||||
@ -10,42 +10,48 @@ package bigbank;
|
||||
* @version $Id$
|
||||
*/
|
||||
public class Account {
|
||||
private long id = -1;
|
||||
private String holder;
|
||||
private double balance;
|
||||
private long id = -1;
|
||||
private String holder;
|
||||
private double balance;
|
||||
private double overdraft = 500.00;
|
||||
|
||||
public Account(String holder) {
|
||||
super();
|
||||
this.holder = holder;
|
||||
}
|
||||
public Account(String holder) {
|
||||
this.holder = holder;
|
||||
}
|
||||
|
||||
public long getId() {
|
||||
return id;
|
||||
}
|
||||
public long getId() {
|
||||
return id;
|
||||
}
|
||||
|
||||
public void setId(long id) {
|
||||
this.id = id;
|
||||
}
|
||||
public void setId(long id) {
|
||||
this.id = id;
|
||||
}
|
||||
|
||||
public String getHolder() {
|
||||
return holder;
|
||||
}
|
||||
public String getHolder() {
|
||||
return holder;
|
||||
}
|
||||
|
||||
public void setHolder(String holder) {
|
||||
this.holder = holder;
|
||||
}
|
||||
public void setHolder(String holder) {
|
||||
this.holder = holder;
|
||||
}
|
||||
|
||||
public double getBalance() {
|
||||
return balance;
|
||||
}
|
||||
public double getBalance() {
|
||||
return balance;
|
||||
}
|
||||
|
||||
public void setBalance(double balance) {
|
||||
this.balance = balance;
|
||||
}
|
||||
public void setBalance(double balance) {
|
||||
this.balance = balance;
|
||||
}
|
||||
|
||||
public String toString() {
|
||||
return "Account[id=" + id + ",balance=" + balance +",holder=" + holder + "]";
|
||||
}
|
||||
public double getOverdraft() {
|
||||
return overdraft;
|
||||
}
|
||||
|
||||
public void setOverdraft(double overdraft) {
|
||||
this.overdraft = overdraft;
|
||||
}
|
||||
|
||||
public String toString() {
|
||||
return "Account[id=" + id + ",balance=" + balance +",holder=" + holder + ", overdraft=" + overdraft + "]";
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,15 +1,16 @@
|
||||
package bigbank;
|
||||
|
||||
import org.springframework.security.annotation.Secured;
|
||||
import org.springframework.security.expression.annotation.PreAuthorize;
|
||||
|
||||
|
||||
public interface BankService {
|
||||
|
||||
@Secured("IS_AUTHENTICATED_ANONYMOUSLY")
|
||||
public Account readAccount(Long id);
|
||||
public Account readAccount(Long id);
|
||||
|
||||
@Secured("IS_AUTHENTICATED_ANONYMOUSLY")
|
||||
public Account[] findAccounts();
|
||||
public Account[] findAccounts();
|
||||
|
||||
@Secured("ROLE_TELLER")
|
||||
public Account post(Account account, double amount);
|
||||
@PreAuthorize(
|
||||
"hasRole('ROLE_SUPERVISOR') or " +
|
||||
"hasRole('ROLE_TELLER') and (#account.balance + #amount >= -#account.overdraft)" )
|
||||
public Account post(Account account, double amount);
|
||||
}
|
||||
|
||||
@ -4,37 +4,36 @@ import org.aspectj.lang.annotation.Pointcut;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
public class BankServiceImpl implements BankService {
|
||||
private BankDao bankDao;
|
||||
private BankDao bankDao;
|
||||
|
||||
// Not used unless you declare a <protect-pointcut>
|
||||
@Pointcut("execution(* bigbank.BankServiceImpl.*(..))")
|
||||
public void myPointcut() {}
|
||||
// Not used unless you declare a <protect-pointcut>
|
||||
@Pointcut("execution(* bigbank.BankServiceImpl.*(..))")
|
||||
public void myPointcut() {}
|
||||
|
||||
public BankServiceImpl(BankDao bankDao) {
|
||||
Assert.notNull(bankDao);
|
||||
this.bankDao = bankDao;
|
||||
}
|
||||
public BankServiceImpl(BankDao bankDao) {
|
||||
Assert.notNull(bankDao);
|
||||
this.bankDao = bankDao;
|
||||
}
|
||||
|
||||
public Account[] findAccounts() {
|
||||
return this.bankDao.findAccounts();
|
||||
}
|
||||
public Account[] findAccounts() {
|
||||
return this.bankDao.findAccounts();
|
||||
}
|
||||
|
||||
public Account post(Account account, double amount) {
|
||||
Assert.notNull(account);
|
||||
Assert.notNull(account.getId());
|
||||
public Account post(Account account, double amount) {
|
||||
Assert.notNull(account);
|
||||
|
||||
// We read account bank from DAO so it reflects the latest balance
|
||||
Account a = bankDao.readAccount(account.getId());
|
||||
if (account == null) {
|
||||
throw new IllegalArgumentException("Couldn't find requested account");
|
||||
}
|
||||
// We read account bank from DAO so it reflects the latest balance
|
||||
Account a = bankDao.readAccount(account.getId());
|
||||
if (account == null) {
|
||||
throw new IllegalArgumentException("Couldn't find requested account");
|
||||
}
|
||||
|
||||
a.setBalance(a.getBalance() + amount);
|
||||
bankDao.createOrUpdateAccount(a);
|
||||
return a;
|
||||
}
|
||||
a.setBalance(a.getBalance() + amount);
|
||||
bankDao.createOrUpdateAccount(a);
|
||||
return a;
|
||||
}
|
||||
|
||||
public Account readAccount(Long id) {
|
||||
return bankDao.readAccount(id);
|
||||
}
|
||||
public Account readAccount(Long id) {
|
||||
return bankDao.readAccount(id);
|
||||
}
|
||||
}
|
||||
|
||||
@ -3,22 +3,22 @@
|
||||
<beans xmlns="http://www.springframework.org/schema/beans"
|
||||
xmlns:security="http://www.springframework.org/schema/security"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
|
||||
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
|
||||
|
||||
<bean id="bankDao" class="bigbank.BankDaoStub"/>
|
||||
<bean id="bankDao" class="bigbank.BankDaoStub"/>
|
||||
|
||||
<bean id="seedData" class="bigbank.SeedData">
|
||||
<property name="bankDao" ref="bankDao"/>
|
||||
</bean>
|
||||
<bean id="seedData" class="bigbank.SeedData">
|
||||
<property name="bankDao" ref="bankDao"/>
|
||||
</bean>
|
||||
|
||||
<bean id="bankService" class="bigbank.BankServiceImpl">
|
||||
<constructor-arg ref="bankDao"/>
|
||||
<bean id="bankService" class="bigbank.BankServiceImpl">
|
||||
<constructor-arg ref="bankDao"/>
|
||||
<!-- This will add a security interceptor to the bean
|
||||
<security:intercept-methods>
|
||||
<security:protect method="bigbank.BankService.*" access="IS_AUTHENTICATED_REMEMBERED" />
|
||||
<security:protect method="bigbank.BankService.post" access="ROLE_TELLER" />
|
||||
</security:intercept-methods> -->
|
||||
</bean>
|
||||
</bean>
|
||||
|
||||
</beans>
|
||||
@ -9,19 +9,19 @@
|
||||
<beans:beans xmlns="http://www.springframework.org/schema/security"
|
||||
xmlns:beans="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
|
||||
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.1.xsd">
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
|
||||
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.5.xsd">
|
||||
|
||||
<global-method-security secured-annotations="enabled">
|
||||
<!-- AspectJ pointcut expression that locates our "post" method and applies security that way
|
||||
<protect-pointcut expression="execution(* bigbank.*Service.post*(..))" access="ROLE_TELLER"/>
|
||||
-->
|
||||
</global-method-security>
|
||||
<global-method-security spel-annotations="enabled">
|
||||
<!-- AspectJ pointcut expression that locates our "post" method and applies security that way
|
||||
<protect-pointcut expression="execution(* bigbank.*Service.post*(..))" access="ROLE_TELLER"/>
|
||||
-->
|
||||
</global-method-security>
|
||||
|
||||
<http auto-config="true">
|
||||
<intercept-url pattern="/secure/extreme/**" access="ROLE_SUPERVISOR"/>
|
||||
<intercept-url pattern="/secure/**" access="IS_AUTHENTICATED_REMEMBERED" />
|
||||
<!-- Disable web URI authorization, as we're using <global-method-security> and have @Secured the services layer instead
|
||||
<!-- Disable web URI authorization, as we're using <global-method-security> and have @Secured the services layer instead
|
||||
<intercept-url pattern="/listAccounts.html" access="IS_AUTHENTICATED_REMEMBERED" />
|
||||
<intercept-url pattern="/post.html" access="ROLE_TELLER" />
|
||||
-->
|
||||
@ -40,7 +40,7 @@
|
||||
|
||||
<!-- Uncomment to limit the number of sessions a user can have
|
||||
<concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="true"/>
|
||||
-->
|
||||
-->
|
||||
</http>
|
||||
|
||||
<!--
|
||||
@ -54,10 +54,10 @@
|
||||
<password-encoder hash="md5"/>
|
||||
<user-service>
|
||||
<user name="rod" password="a564de63c2d0da68cf47586ee05984d7" authorities="ROLE_SUPERVISOR, ROLE_USER, ROLE_TELLER" />
|
||||
<user name="dianne" password="65d15fe9156f9c4bbffd98085992a44e" authorities="ROLE_USER,ROLE_TELLER" />
|
||||
<user name="dianne" password="65d15fe9156f9c4bbffd98085992a44e" authorities="ROLE_USER,ROLE_TELLER" />
|
||||
<user name="scott" password="2b58af6dddbd072ed27ffc86725d7d3a" authorities="ROLE_USER" />
|
||||
<user name="peter" password="22b5c9accc6e1ba628cedc63a72d57f8" authorities="ROLE_USER" />
|
||||
</user-service>
|
||||
</authentication-provider>
|
||||
</user-service>
|
||||
</authentication-provider>
|
||||
|
||||
</beans:beans>
|
||||
@ -70,7 +70,7 @@
|
||||
<interfacename>AccessDecisionManager</interfacename> interface contains three
|
||||
methods:
|
||||
<programlisting>
|
||||
void decide(Authentication authentication, Object secureObject, ConfigAttributeDefinition config) throws AccessDeniedException;
|
||||
void decide(Authentication authentication, Object secureObject, List<ConfigAttribute> config) throws AccessDeniedException;
|
||||
boolean supports(ConfigAttribute attribute);
|
||||
boolean supports(Class clazz);
|
||||
</programlisting>
|
||||
@ -124,7 +124,7 @@
|
||||
<para>The <interfacename>AccessDecisionVoter</interfacename> interface has three
|
||||
methods:
|
||||
<programlisting>
|
||||
int vote(Authentication authentication, Object object, ConfigAttributeDefinition config);
|
||||
int vote(Authentication authentication, Object object, List<ConfigAttribute> config);
|
||||
boolean supports(ConfigAttribute attribute);
|
||||
boolean supports(Class clazz);
|
||||
</programlisting>
|
||||
|
||||
@ -32,7 +32,7 @@
|
||||
<info><title>Configuration</title></info>
|
||||
<para>A <literal>RunAsManager</literal> interface is provided by Spring Security:
|
||||
<programlisting>
|
||||
Authentication buildRunAs(Authentication authentication, Object object, ConfigAttributeDefinition config);
|
||||
Authentication buildRunAs(Authentication authentication, Object object, List<ConfigAttribute> config);
|
||||
boolean supports(ConfigAttribute attribute);
|
||||
boolean supports(Class clazz);
|
||||
</programlisting>
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
x
Reference in New Issue
Block a user