mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-03-31 04:18:31 +00:00
SEC-3056 - Fix JavaDoc errors.
Fixed JavaDoc errors accross multiple modules in order to make javadoc happy with Java 8.
This commit is contained in:
Thomas Darimont
Rob Winch
parent
7317c090cc
commit
ad1d858e2b
@ -83,14 +83,14 @@ import org.springframework.util.StringUtils;
|
||||
* Alternatively, you could have used a common superclass or interface for the
|
||||
* {@link #processDomainObjectClass} if both <code>BankAccount</code> and
|
||||
* <code>Customer</code> had common parents.
|
||||
* </p>
|
||||
*
|
||||
* <p>
|
||||
* If the principal does not have sufficient permissions, the voter will vote to deny
|
||||
* access.
|
||||
* </p>
|
||||
*
|
||||
* <p>
|
||||
* All comparisons and prefixes are case sensitive.
|
||||
* </p>
|
||||
*
|
||||
*
|
||||
* @author Ben Alex
|
||||
*/
|
||||
|
||||
@ -58,7 +58,7 @@ public abstract class SecurityConfigurerAdapter<O, B extends SecurityBuilder<O>>
|
||||
* Gets the {@link SecurityBuilder}. Cannot be null.
|
||||
*
|
||||
* @return the {@link SecurityBuilder}
|
||||
* @throw {@link IllegalStateException} if {@link SecurityBuilder} is null
|
||||
* @throws IllegalStateException if {@link SecurityBuilder} is null
|
||||
*/
|
||||
protected final B getBuilder() {
|
||||
if (securityBuilder == null) {
|
||||
|
||||
@ -36,9 +36,10 @@ public interface ProviderManagerBuilder<B extends ProviderManagerBuilder<B>> ext
|
||||
* customizations must be done externally and the {@link ProviderManagerBuilder} is
|
||||
* returned immediately.
|
||||
*
|
||||
* Note that an Exception is thrown if an error occurs when adding the {@link AuthenticationProvider}.
|
||||
*
|
||||
* @return a {@link ProviderManagerBuilder} to allow further authentication to be
|
||||
* provided to the {@link ProviderManagerBuilder}
|
||||
* @throws Exception if an error occurs when adding the {@link AuthenticationProvider}
|
||||
*/
|
||||
B authenticationProvider(AuthenticationProvider authenticationProvider);
|
||||
}
|
||||
|
||||
@ -61,7 +61,7 @@ public class AuthenticationManagerBuilder
|
||||
|
||||
/**
|
||||
* Creates a new instance
|
||||
* @param the {@link ObjectPostProcessor} instance to use.
|
||||
* @param objectPostProcessor the {@link ObjectPostProcessor} instance to use.
|
||||
*/
|
||||
public AuthenticationManagerBuilder(ObjectPostProcessor<Object> objectPostProcessor) {
|
||||
super(objectPostProcessor, true);
|
||||
@ -196,7 +196,6 @@ public class AuthenticationManagerBuilder
|
||||
* <p>
|
||||
* This method <b>does NOT</b> ensure that a {@link UserDetailsService} is available
|
||||
* for the {@link #getDefaultUserDetailsService()} method.
|
||||
* </p>
|
||||
*
|
||||
* @return a {@link LdapAuthenticationProviderConfigurer} to allow customization of
|
||||
* the LDAP authentication
|
||||
@ -216,11 +215,11 @@ public class AuthenticationManagerBuilder
|
||||
* <p>
|
||||
* This method <b>does NOT</b> ensure that the {@link UserDetailsService} is available
|
||||
* for the {@link #getDefaultUserDetailsService()} method.
|
||||
* </p>
|
||||
*
|
||||
* Note that an {@link Exception} might be thrown if an error occurs when adding the {@link AuthenticationProvider}.
|
||||
*
|
||||
* @return a {@link AuthenticationManagerBuilder} to allow further authentication to
|
||||
* be provided to the {@link AuthenticationManagerBuilder}
|
||||
* @throws Exception if an error occurs when adding the {@link AuthenticationProvider}
|
||||
*/
|
||||
public AuthenticationManagerBuilder authenticationProvider(
|
||||
AuthenticationProvider authenticationProvider) {
|
||||
|
||||
@ -27,7 +27,7 @@ import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
||||
* to have in memory authentication. It also allows easily adding users to the in memory
|
||||
* authentication.
|
||||
*
|
||||
* @param <B> the type of the {@link SecurityBuilder} that is being configured
|
||||
* @param <B> the type of the {@link ProviderManagerBuilder} that is being configured
|
||||
*
|
||||
* @author Rob Winch
|
||||
* @since 3.2
|
||||
|
||||
@ -38,7 +38,6 @@ import org.springframework.security.provisioning.JdbcUserDetailsManager;
|
||||
* <p>
|
||||
* The only required method is the {@link #dataSource(javax.sql.DataSource)} all other
|
||||
* methods have reasonable defaults.
|
||||
* </p>
|
||||
*
|
||||
* @param <B> the type of the {@link ProviderManagerBuilder} that is being configured
|
||||
*
|
||||
@ -82,7 +81,7 @@ public class JdbcUserDetailsManagerConfigurer<B extends ProviderManagerBuilder<B
|
||||
* </code>
|
||||
* @param query The query to use for selecting the username, password, and if the user
|
||||
* is enabled by username. Must contain a single parameter for the username.
|
||||
* @return The {@link JdbcUserDetailsManagerRegistry} used for additional
|
||||
* @return The {@link JdbcUserDetailsManagerConfigurer} used for additional
|
||||
* customizations
|
||||
* @throws Exception
|
||||
*/
|
||||
@ -102,7 +101,7 @@ public class JdbcUserDetailsManagerConfigurer<B extends ProviderManagerBuilder<B
|
||||
*
|
||||
* @param query The query to use for selecting the username, authority by username.
|
||||
* Must contain a single parameter for the username.
|
||||
* @return The {@link JdbcUserDetailsManagerRegistry} used for additional
|
||||
* @return The {@link JdbcUserDetailsManagerConfigurer} used for additional
|
||||
* customizations
|
||||
* @throws Exception
|
||||
*/
|
||||
@ -126,7 +125,7 @@ public class JdbcUserDetailsManagerConfigurer<B extends ProviderManagerBuilder<B
|
||||
*
|
||||
* @param query The query to use for selecting the authorities by group. Must contain
|
||||
* a single parameter for the username.
|
||||
* @return The {@link JdbcUserDetailsManagerRegistry} used for additional
|
||||
* @return The {@link JdbcUserDetailsManagerConfigurer} used for additional
|
||||
* customizations
|
||||
* @throws Exception
|
||||
*/
|
||||
@ -181,7 +180,7 @@ public class JdbcUserDetailsManagerConfigurer<B extends ProviderManagerBuilder<B
|
||||
/**
|
||||
* Populates the default schema that allows users and authorities to be stored.
|
||||
*
|
||||
* @return The {@link JdbcUserDetailsManagerRegistry} used for additional
|
||||
* @return The {@link JdbcUserDetailsManagerConfigurer} used for additional
|
||||
* customizations
|
||||
*/
|
||||
public JdbcUserDetailsManagerConfigurer<B> withDefaultSchema() {
|
||||
|
||||
@ -80,9 +80,6 @@ public class UserDetailsManagerConfigurer<B extends ProviderManagerBuilder<B>, C
|
||||
/**
|
||||
* Builds the user to be added. At minimum the username, password, and authorities
|
||||
* should provided. The remaining attributes have reasonable defaults.
|
||||
*
|
||||
* @param <T> the type of {@link UserDetailsManagerConfigurer} to return for chaining
|
||||
* methods.
|
||||
*/
|
||||
public class UserDetailsBuilder {
|
||||
private String username;
|
||||
@ -103,11 +100,10 @@ public class UserDetailsManagerConfigurer<B extends ProviderManagerBuilder<B>, C
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the {@link UserDetailsManagerRegistry} for method chaining (i.e. to add
|
||||
* Returns the {@link UserDetailsManagerConfigurer} for method chaining (i.e. to add
|
||||
* another user)
|
||||
*
|
||||
* @return the {@link UserDetailsManagerRegistry} for method chaining (i.e. to add
|
||||
* another user)
|
||||
* @return the {@link UserDetailsManagerConfigurer} for method chaining
|
||||
*/
|
||||
public C and() {
|
||||
return builder;
|
||||
|
||||
@ -27,8 +27,8 @@ import org.springframework.security.core.userdetails.UserDetailsService;
|
||||
* @author Rob Winch
|
||||
* @since 3.2
|
||||
*
|
||||
* @param <B> the type of the {@link SecurityBuilder}
|
||||
* @param <C> the {@link SecurityConfigurer} (or this)
|
||||
* @param <B> the type of the {@link ProviderManagerBuilder}
|
||||
* @param <C> the {@link UserDetailsServiceConfigurer} (or this)
|
||||
* @param <U> the type of UserDetailsService being used to allow for returning the
|
||||
* concrete UserDetailsService.
|
||||
*/
|
||||
|
||||
@ -29,9 +29,8 @@ import org.springframework.security.config.annotation.configuration.ObjectPostPr
|
||||
|
||||
/**
|
||||
* <p>
|
||||
* Enables Spring Security global method security similar to the <global-method-security>
|
||||
* Enables Spring Security global method security similar to the <global-method-security>
|
||||
* xml support.
|
||||
* </p>
|
||||
*
|
||||
* <p>
|
||||
* More advanced configurations may wish to extend
|
||||
|
||||
@ -142,11 +142,11 @@ public interface HttpSecurityBuilder<H extends HttpSecurityBuilder<H>> extends
|
||||
* <li>{@link LogoutFilter}</li>
|
||||
* <li>{@link X509AuthenticationFilter}</li>
|
||||
* <li>{@link AbstractPreAuthenticatedProcessingFilter}</li>
|
||||
* <li>{@link org.springframework.security.cas.web.CasAuthenticationFilter}</li>
|
||||
* <li><a href="{@docRoot}/org/springframework/security/cas/web/CasAuthenticationFilter.html">CasAuthenticationFilter</a></li>
|
||||
* <li>{@link UsernamePasswordAuthenticationFilter}</li>
|
||||
* <li>{@link ConcurrentSessionFilter}</li>
|
||||
* <li>{@link OpenIDAuthenticationFilter}</li>
|
||||
* <li>{@link DefaultLoginPageGeneratingFilter}</li>
|
||||
* <li>{@link org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter}</li>
|
||||
* <li>{@link ConcurrentSessionFilter}</li>
|
||||
* <li>{@link DigestAuthenticationFilter}</li>
|
||||
* <li>{@link BasicAuthenticationFilter}</li>
|
||||
|
||||
@ -71,7 +71,7 @@ import org.springframework.security.web.util.matcher.RequestMatcher;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
/**
|
||||
* A {@link HttpSecurity} is similar to Spring Security's XML <http> element in the
|
||||
* A {@link HttpSecurity} is similar to Spring Security's XML <http> element in the
|
||||
* namespace configuration. It allows configuring web based security for specific http
|
||||
* requests. By default it will be applied to all requests, but can be restricted using
|
||||
* {@link #requestMatcher(RequestMatcher)} or other similar methods.
|
||||
@ -283,7 +283,7 @@ public final class HttpSecurity extends
|
||||
*
|
||||
* @return
|
||||
* @throws Exception
|
||||
* @see {@link HeadersConfigurer}
|
||||
* @see HeadersConfigurer
|
||||
*/
|
||||
public HeadersConfigurer<HttpSecurity> headers() throws Exception {
|
||||
return getOrApply(new HeadersConfigurer<HttpSecurity>());
|
||||
@ -326,8 +326,8 @@ public final class HttpSecurity extends
|
||||
*
|
||||
* <pre>
|
||||
* <listener>
|
||||
* <listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
|
||||
* </listener>
|
||||
* <listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
|
||||
* </listener>
|
||||
* </pre>
|
||||
*
|
||||
* Alternatively,
|
||||
@ -378,7 +378,7 @@ public final class HttpSecurity extends
|
||||
*
|
||||
* @return the {@link PortMapperConfigurer} for further customizations
|
||||
* @throws Exception
|
||||
* @see {@link #requiresChannel()}
|
||||
* @see #requiresChannel()
|
||||
*/
|
||||
public PortMapperConfigurer<HttpSecurity> portMapper() throws Exception {
|
||||
return getOrApply(new PortMapperConfigurer<HttpSecurity>());
|
||||
@ -716,7 +716,7 @@ public final class HttpSecurity extends
|
||||
* {@link org.springframework.security.authentication.AnonymousAuthenticationToken}
|
||||
* and contain the role "ROLE_ANONYMOUS".
|
||||
*
|
||||
* <h2>Example Configuration</h2
|
||||
* <h2>Example Configuration</h2>
|
||||
*
|
||||
* The following configuration demonstrates how to specify that anonymous users should
|
||||
* contain the role "ROLE_ANON" instead.
|
||||
@ -908,6 +908,10 @@ public final class HttpSecurity extends
|
||||
return getOrApply(new HttpBasicConfigurer<HttpSecurity>());
|
||||
}
|
||||
|
||||
public <C> void setSharedObject(Class<C> sharedType, C object) {
|
||||
super.setSharedObject(sharedType, object);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void beforeConfigure() throws Exception {
|
||||
setSharedObject(AuthenticationManager.class, getAuthenticationRegistry().build());
|
||||
|
||||
@ -29,7 +29,7 @@ import java.util.List;
|
||||
/**
|
||||
* Used to add a {@link RequestDataValueProcessor} for Spring MVC and Spring Security CSRF
|
||||
* integration. This configuration is added whenever {@link EnableWebMvc} is added by
|
||||
* {@link SpringWebMvcImportSelector} and the DispatcherServlet is present on the
|
||||
* <a href="{@docRoot}/org/springframework/security/config/annotation/web/configuration/SpringWebMvcImportSelector.html">SpringWebMvcImportSelector</a> and the DispatcherServlet is present on the
|
||||
* classpath. It also adds the {@link AuthenticationPrincipalArgumentResolver} as a
|
||||
* {@link HandlerMethodArgumentResolver}.
|
||||
*
|
||||
|
||||
@ -262,7 +262,7 @@ public abstract class WebSecurityConfigurerAdapter implements
|
||||
* {@link #userDetailsService()} instead
|
||||
* @return
|
||||
* @throws Exception
|
||||
* @see {@link #userDetailsService()}
|
||||
* @see #userDetailsService()
|
||||
*/
|
||||
public UserDetailsService userDetailsServiceBean() throws Exception {
|
||||
AuthenticationManagerBuilder globalAuthBuilder = context
|
||||
@ -273,7 +273,7 @@ public abstract class WebSecurityConfigurerAdapter implements
|
||||
|
||||
/**
|
||||
* Allows modifying and accessing the {@link UserDetailsService} from
|
||||
* {@link #userDetailsServiceBean()()} without interacting with the
|
||||
* {@link #userDetailsServiceBean()} without interacting with the
|
||||
* {@link ApplicationContext}. Developers should override this method when changing
|
||||
* the instance of {@link #userDetailsServiceBean()}.
|
||||
*
|
||||
|
||||
@ -178,8 +178,8 @@ public abstract class AbstractAuthenticationFilterConfigurer<B extends HttpSecur
|
||||
}
|
||||
|
||||
/**
|
||||
* Ensures the urls for {@link #failureUrl(String)} and
|
||||
* {@link #authenticationUrls(String)} are granted access to any user.
|
||||
* Ensures the urls for {@link #failureUrl(String)} as well as for the {@link HttpSecurityBuilder}, the
|
||||
* {@link #getLoginPage} and {@link #getLoginProcessingUrl} are granted access to any user.
|
||||
*
|
||||
* @param permitAll true to grant access to the URLs false to skip this step
|
||||
* @return the {@link FormLoginConfigurer} for additional customization
|
||||
|
||||
@ -51,7 +51,7 @@ import org.springframework.security.web.access.intercept.FilterSecurityIntercept
|
||||
*
|
||||
* <ul>
|
||||
* <li>
|
||||
* {@link org.springframework.security.config.annotation.web.builders.HttpSecurity#getAuthenticationManager()}
|
||||
* {@link AuthenticationManager}
|
||||
* </li>
|
||||
* </ul>
|
||||
*
|
||||
@ -115,7 +115,7 @@ abstract class AbstractInterceptUrlConfigurer<C extends AbstractInterceptUrlConf
|
||||
|
||||
/**
|
||||
* Allows setting the {@link AccessDecisionManager}. If none is provided, a
|
||||
* default {@l AccessDecisionManager} is created.
|
||||
* default {@link AccessDecisionManager} is created.
|
||||
*
|
||||
* @param accessDecisionManager the {@link AccessDecisionManager} to use
|
||||
* @return the {@link AbstractInterceptUrlConfigurer} for further customization
|
||||
@ -162,7 +162,7 @@ abstract class AbstractInterceptUrlConfigurer<C extends AbstractInterceptUrlConf
|
||||
|
||||
/**
|
||||
* If currently null, creates a default {@link AccessDecisionManager} using
|
||||
* {@link #createDefaultAccessDecisionManager()}. Otherwise returns the
|
||||
* {@link #createDefaultAccessDecisionManager(HttpSecurityBuilder)}. Otherwise returns the
|
||||
* {@link AccessDecisionManager}.
|
||||
*
|
||||
* @param http the builder to use
|
||||
|
||||
@ -84,7 +84,7 @@ public final class ExceptionHandlingConfigurer<H extends HttpSecurityBuilder<H>>
|
||||
* @param accessDeniedUrl the URL to the access denied page (i.e. /errors/401)
|
||||
* @return the {@link ExceptionHandlingConfigurer} for further customization
|
||||
* @see AccessDeniedHandlerImpl
|
||||
* @see {@link #accessDeniedHandler(org.springframework.security.web.access.AccessDeniedHandler)}
|
||||
* @see #accessDeniedHandler(org.springframework.security.web.access.AccessDeniedHandler)
|
||||
*/
|
||||
public ExceptionHandlingConfigurer<H> accessDeniedPage(String accessDeniedUrl) {
|
||||
AccessDeniedHandlerImpl accessDeniedHandler = new AccessDeniedHandlerImpl();
|
||||
|
||||
@ -70,7 +70,7 @@ import org.springframework.util.StringUtils;
|
||||
*
|
||||
* @author Rob Winch
|
||||
* @since 3.2
|
||||
* @see {@link org.springframework.security.config.annotation.web.builders.HttpSecurity#authorizeRequests()}
|
||||
* @see org.springframework.security.config.annotation.web.builders.HttpSecurity#authorizeRequests()
|
||||
*/
|
||||
public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>
|
||||
extends
|
||||
@ -339,7 +339,7 @@ public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBu
|
||||
*
|
||||
* @return the {@link ExpressionUrlAuthorizationConfigurer} for further
|
||||
* customization
|
||||
* @see {@link RememberMeConfigurer}
|
||||
* @see RememberMeConfigurer
|
||||
*/
|
||||
public ExpressionInterceptUrlRegistry rememberMe() {
|
||||
return access(rememberMe);
|
||||
@ -371,7 +371,7 @@ public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBu
|
||||
*
|
||||
* @return the {@link ExpressionUrlAuthorizationConfigurer} for further
|
||||
* customization
|
||||
* @see {@link RememberMeConfigurer}
|
||||
* @see RememberMeConfigurer
|
||||
*/
|
||||
public ExpressionInterceptUrlRegistry fullyAuthenticated() {
|
||||
return access(fullyAuthenticated);
|
||||
|
||||
@ -53,7 +53,7 @@ import org.springframework.security.web.util.matcher.RequestMatcher;
|
||||
* The following shared objects are used:
|
||||
*
|
||||
* <ul>
|
||||
* <li>{@link AuthenticationManager}</li>
|
||||
* <li>{@link org.springframework.security.authentication.AuthenticationManager}</li>
|
||||
* <li>{@link RememberMeServices} - is optionally used. See {@link RememberMeConfigurer}</li>
|
||||
* <li>{@link SessionAuthenticationStrategy} - is optionally used. See
|
||||
* {@link SessionManagementConfigurer}</li>
|
||||
|
||||
@ -186,7 +186,7 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
|
||||
* X-XSS-Protection: 1
|
||||
* </pre>
|
||||
*
|
||||
* or if {@link #setBlock(boolean)} is true
|
||||
* or if {@link XXssProtectionHeaderWriter#setBlock(boolean)} of the given {@link XXssProtectionHeaderWriter} is true
|
||||
*
|
||||
*
|
||||
* <pre>
|
||||
|
||||
@ -83,7 +83,7 @@ public final class HttpBasicConfigurer<B extends HttpSecurityBuilder<B>> extends
|
||||
/**
|
||||
* Creates a new instance
|
||||
* @throws Exception
|
||||
* @see {@link HttpSecurity#httpBasic()}
|
||||
* @see HttpSecurity#httpBasic()
|
||||
*/
|
||||
public HttpBasicConfigurer() throws Exception {
|
||||
realmName(DEFAULT_REALM);
|
||||
|
||||
@ -187,7 +187,7 @@ public final class JeeConfigurer<H extends HttpSecurityBuilder<H>> extends
|
||||
* Populates a {@link PreAuthenticatedAuthenticationProvider} into
|
||||
* {@link HttpSecurity#authenticationProvider(org.springframework.security.authentication.AuthenticationProvider)}
|
||||
* and a {@link Http403ForbiddenEntryPoint} into
|
||||
* {@link HttpSecurity#authenticationEntryPoint(org.springframework.security.web.AuthenticationEntryPoint)}
|
||||
* {@link HttpSecurityBuilder#setSharedObject(Class, Object)}
|
||||
*
|
||||
* @see org.springframework.security.config.annotation.SecurityConfigurerAdapter#init(org.springframework.security.config.annotation.SecurityBuilder)
|
||||
*/
|
||||
|
||||
@ -35,7 +35,7 @@ import org.springframework.security.web.util.matcher.RequestMatcher;
|
||||
|
||||
/**
|
||||
* Adds logout support. Other {@link SecurityConfigurer} instances may invoke
|
||||
* {@link #addLogoutHandler(LogoutHandler)} in the {@link #init(HttpSecurity)} phase.
|
||||
* {@link #addLogoutHandler(LogoutHandler)} in the {@link #init(HttpSecurityBuilder)} phase.
|
||||
*
|
||||
* <h2>Security Filters</h2>
|
||||
*
|
||||
|
||||
@ -199,7 +199,7 @@ public final class OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>>
|
||||
* {@link HttpServletRequest} matches this URL the {@link OpenIDAuthenticationFilter}
|
||||
* will attempt to authenticate the request. The default is "/login/openid".
|
||||
*
|
||||
* @param loginUrl the URL used to perform authentication
|
||||
* @param loginProcessingUrl the URL used to perform authentication
|
||||
* @return the {@link OpenIDLoginConfigurer} for additional customization
|
||||
*/
|
||||
public OpenIDLoginConfigurer<H> loginProcessingUrl(String loginProcessingUrl) {
|
||||
|
||||
@ -105,7 +105,7 @@ public class MessageSecurityMetadataSourceRegistry {
|
||||
* {@link MessageSecurityMetadataSourceRegistry#simpDestPathMatcher(PathMatcher)} .
|
||||
*
|
||||
* @return the {@link Constraint} that is associated to the {@link MessageMatcher}
|
||||
* @see {@link MessageSecurityMetadataSourceRegistry#simpDestPathMatcher(PathMatcher)}
|
||||
* @see MessageSecurityMetadataSourceRegistry#simpDestPathMatcher(PathMatcher)
|
||||
*/
|
||||
public Constraint simpDestMatchers(String... patterns) {
|
||||
return simpDestMatchers(null, patterns);
|
||||
@ -122,7 +122,7 @@ public class MessageSecurityMetadataSourceRegistry {
|
||||
* {@link MessageSecurityMetadataSourceRegistry#simpDestPathMatcher(PathMatcher)}.
|
||||
*
|
||||
* @return the {@link Constraint} that is associated to the {@link MessageMatcher}
|
||||
* @see {@link MessageSecurityMetadataSourceRegistry#simpDestPathMatcher(PathMatcher)}
|
||||
* @see MessageSecurityMetadataSourceRegistry#simpDestPathMatcher(PathMatcher)
|
||||
*/
|
||||
public Constraint simpMessageDestMatchers(String... patterns) {
|
||||
return simpDestMatchers(SimpMessageType.MESSAGE, patterns);
|
||||
@ -139,7 +139,7 @@ public class MessageSecurityMetadataSourceRegistry {
|
||||
* {@link MessageSecurityMetadataSourceRegistry#simpDestPathMatcher(PathMatcher)}.
|
||||
*
|
||||
* @return the {@link Constraint} that is associated to the {@link MessageMatcher}
|
||||
* @see {@link MessageSecurityMetadataSourceRegistry#simpDestPathMatcher(PathMatcher)}
|
||||
* @see MessageSecurityMetadataSourceRegistry#simpDestPathMatcher(PathMatcher)
|
||||
*/
|
||||
public Constraint simpSubscribeDestMatchers(String... patterns) {
|
||||
return simpDestMatchers(SimpMessageType.SUBSCRIBE, patterns);
|
||||
@ -353,7 +353,7 @@ public class MessageSecurityMetadataSourceRegistry {
|
||||
*
|
||||
* @return the {@link MessageSecurityMetadataSourceRegistry} for further
|
||||
* customization
|
||||
* @see {@link RememberMeConfigurer}
|
||||
* @see RememberMeConfigurer
|
||||
*/
|
||||
public MessageSecurityMetadataSourceRegistry rememberMe() {
|
||||
return access(rememberMe);
|
||||
@ -385,7 +385,7 @@ public class MessageSecurityMetadataSourceRegistry {
|
||||
*
|
||||
* @return the {@link MessageSecurityMetadataSourceRegistry} for further
|
||||
* customization
|
||||
* @see {@link RememberMeConfigurer}
|
||||
* @see RememberMeConfigurer
|
||||
*/
|
||||
public MessageSecurityMetadataSourceRegistry fullyAuthenticated() {
|
||||
return access(fullyAuthenticated);
|
||||
|
||||
@ -30,7 +30,7 @@ import org.springframework.web.servlet.support.RequestDataValueProcessor;
|
||||
/**
|
||||
* Used to add a {@link RequestDataValueProcessor} for Spring MVC and Spring Security CSRF
|
||||
* integration. This configuration is added whenever {@link EnableWebMvc} is added by
|
||||
* {@link SpringWebMvcImportSelector} and the DispatcherServlet is present on the
|
||||
* <a href="{@docRoot}/org/springframework/security/config/annotation/web/configuration/SpringWebMvcImportSelector.html">SpringWebMvcImportSelector</a> and the DispatcherServlet is present on the
|
||||
* classpath. It also adds the {@link AuthenticationPrincipalArgumentResolver} as a
|
||||
* {@link HandlerMethodArgumentResolver}.
|
||||
*
|
||||
|
||||
@ -25,7 +25,7 @@ import org.springframework.util.xml.DomUtils;
|
||||
import org.w3c.dom.Element;
|
||||
|
||||
/**
|
||||
* Stateful parser for the <password-encoder> element.
|
||||
* Stateful parser for the <password-encoder> element.
|
||||
*
|
||||
* Will produce a PasswordEncoder and (optionally) a SaltSource.
|
||||
*
|
||||
|
||||
@ -45,7 +45,7 @@ public interface SecurityExpressionOperations {
|
||||
* is converted may depend on the implementation settings.
|
||||
* </p>
|
||||
*
|
||||
* @param authority the authority to test (i.e. "USER")
|
||||
* @param role the authority to test (i.e. "USER")
|
||||
* @return true if the authority is found, else false
|
||||
*/
|
||||
boolean hasRole(String role);
|
||||
@ -62,7 +62,7 @@ public interface SecurityExpressionOperations {
|
||||
* is converted may depend on the implementation settings.
|
||||
* </p>
|
||||
*
|
||||
* @param authorities the authorities to test (i.e. "USER", "ADMIN")
|
||||
* @param roles the authorities to test (i.e. "USER", "ADMIN")
|
||||
* @return true if any of the authorities is found, else false
|
||||
*/
|
||||
boolean hasAnyRole(String... roles);
|
||||
|
||||
@ -195,8 +195,8 @@ public class DefaultMethodSecurityExpressionHandler extends
|
||||
|
||||
/**
|
||||
* <p>
|
||||
* Sets the default prefix to be added to {@link #hasAnyRole(String...)} or
|
||||
* {@link #hasRole(String)}. For example, if hasRole("ADMIN") or hasRole("ROLE_ADMIN")
|
||||
* Sets the default prefix to be added to {@link org.springframework.security.access.expression.SecurityExpressionRoot#hasAnyRole(String...)} or
|
||||
* {@link org.springframework.security.access.expression.SecurityExpressionRoot#hasRole(String)}. For example, if hasRole("ADMIN") or hasRole("ROLE_ADMIN")
|
||||
* is passed in, then the role ROLE_ADMIN will be used when the defaultRolePrefix is
|
||||
* "ROLE_" (default).
|
||||
* </p>
|
||||
|
||||
@ -32,7 +32,7 @@ public interface RoleHierarchy {
|
||||
* that are (transitively) reachable from them in the role hierarchy.
|
||||
* <p>
|
||||
* Example:<br>
|
||||
* Role hierarchy: ROLE_A > ROLE_B and ROLE_B > ROLE_C.<br>
|
||||
* Role hierarchy: ROLE_A > ROLE_B and ROLE_B > ROLE_C.<br>
|
||||
* Directly assigned authority: ROLE_A.<br>
|
||||
* Reachable authorities: ROLE_A, ROLE_B, ROLE_C.
|
||||
*
|
||||
|
||||
@ -27,7 +27,7 @@ import java.util.regex.Pattern;
|
||||
/**
|
||||
* <p>
|
||||
* This class defines a role hierarchy for use with the UserDetailsServiceWrapper.
|
||||
* </p>
|
||||
*
|
||||
* <p>
|
||||
* Here is an example configuration of a role hierarchy (hint: read the ">" sign as
|
||||
* "includes"):
|
||||
@ -41,19 +41,18 @@ import java.util.regex.Pattern;
|
||||
* </value>
|
||||
* </property>
|
||||
* </pre>
|
||||
*
|
||||
* </p>
|
||||
*
|
||||
* <p>
|
||||
* Explanation of the above:<br>
|
||||
* In effect every user with ROLE_A also has ROLE_B, ROLE_AUTHENTICATED and
|
||||
* ROLE_UNAUTHENTICATED;<br>
|
||||
* every user with ROLE_B also has ROLE_AUTHENTICATED and ROLE_UNAUTHENTICATED;<br>
|
||||
* every user with ROLE_AUTHENTICATED also has ROLE_UNAUTHENTICATED.
|
||||
* </p>
|
||||
*
|
||||
* <p>
|
||||
* Hierarchical Roles will dramatically shorten your access rules (and also make the
|
||||
* access rules much more elegant).
|
||||
* </p>
|
||||
*
|
||||
* <p>
|
||||
* Consider this access rule for Spring Security's RoleVoter (background: every user that
|
||||
* is authenticated should be able to log out):<br>
|
||||
@ -62,10 +61,8 @@ import java.util.regex.Pattern;
|
||||
* /logout.html=ROLE_AUTHENTICATED<br>
|
||||
* In addition to shorter rules this will also make your access rules more readable and
|
||||
* your intentions clearer.
|
||||
* </p>
|
||||
*
|
||||
* @author Michael Mayr
|
||||
*
|
||||
*/
|
||||
public class RoleHierarchyImpl implements RoleHierarchy {
|
||||
|
||||
|
||||
@ -8,7 +8,7 @@
|
||||
* security facilities provided for it by Spring Security.
|
||||
* For example, one secure object would be <code>MethodInvocation</code>,
|
||||
* whilst another would be HTTP
|
||||
* {@link org.springframework.security.web.FilterInvocation}. Note these are
|
||||
* {@code org.springframework.security.web.FilterInvocation}. Note these are
|
||||
* infrastructure objects and their design allows them to represent a large
|
||||
* variety of actual resources that might need to be secured, such as business
|
||||
* objects or HTTP request URLs.
|
||||
|
||||
@ -107,7 +107,7 @@ public class MapBasedMethodSecurityMetadataSource extends
|
||||
|
||||
/**
|
||||
* Add configuration attributes for a secure method. Method names can end or start
|
||||
* with <code>*</code> for matching multiple methods.
|
||||
* with <code>*</code> for matching multiple methods.
|
||||
*
|
||||
* @param name type and method name, separated by a dot
|
||||
* @param attr the security attributes associated with the method
|
||||
@ -131,7 +131,7 @@ public class MapBasedMethodSecurityMetadataSource extends
|
||||
|
||||
/**
|
||||
* Add configuration attributes for a secure method. Mapped method names can end or
|
||||
* start with <code>*</code> for matching multiple methods.
|
||||
* start with <code>*</code> for matching multiple methods.
|
||||
*
|
||||
* @param javaType target interface or class the security configuration attribute
|
||||
* applies to
|
||||
|
||||
@ -33,11 +33,11 @@ import org.springframework.util.Assert;
|
||||
|
||||
/**
|
||||
* Abstract implementation of {@link AccessDecisionManager}.
|
||||
* <p/>
|
||||
*
|
||||
* <p>
|
||||
* Handles configuration of a bean context defined list of {@link AccessDecisionVoter}s
|
||||
* and the access control behaviour if all voters abstain from voting (defaults to deny
|
||||
* access).
|
||||
* </p>
|
||||
*/
|
||||
public abstract class AbstractAccessDecisionManager implements AccessDecisionManager,
|
||||
InitializingBean, MessageSourceAware {
|
||||
@ -101,10 +101,9 @@ public abstract class AbstractAccessDecisionManager implements AccessDecisionMan
|
||||
/**
|
||||
* Iterates through all <code>AccessDecisionVoter</code>s and ensures each can support
|
||||
* the presented class.
|
||||
* <p/>
|
||||
* <p>
|
||||
* If one or more voters cannot support the presented class, <code>false</code> is
|
||||
* returned.
|
||||
* </p>
|
||||
*
|
||||
* @param clazz the type of secured object being presented
|
||||
* @return true if this type is supported
|
||||
|
||||
@ -24,7 +24,7 @@ package org.springframework.security.authentication.encoding;
|
||||
* </p>
|
||||
* <p>
|
||||
* As SHA is a one-way hash, the salt can contain any characters. The default strength for
|
||||
* the SHA encoding is SHA-1. If you wish to use higher strengths use the argumented
|
||||
* the SHA encoding is SHA-1. If you wish to use higher strengths use the parametrised
|
||||
* constructor. {@link #ShaPasswordEncoder(int strength)}
|
||||
* </p>
|
||||
* <p>
|
||||
@ -32,7 +32,7 @@ package org.springframework.security.authentication.encoding;
|
||||
*
|
||||
* <pre>
|
||||
* <bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.ShaPasswordEncoder">
|
||||
* <constructor-arg value="256"/>
|
||||
* <constructor-arg value="256"/>
|
||||
* </bean>
|
||||
* </pre>
|
||||
*
|
||||
|
||||
@ -51,7 +51,7 @@ import org.springframework.util.ObjectUtils;
|
||||
* This <code>AuthenticationProvider</code> is capable of validating
|
||||
* {@link org.springframework.security.authentication.UsernamePasswordAuthenticationToken}
|
||||
* requests contain the correct username and password.
|
||||
* </p>
|
||||
*
|
||||
* <p>
|
||||
* This implementation is backed by a <a
|
||||
* href="http://java.sun.com/j2se/1.5.0/docs/guide/security/jaas/JAASRefGuide.html"
|
||||
@ -68,7 +68,7 @@ import org.springframework.util.ObjectUtils;
|
||||
* in the ApplicationContext. When the LoginContext calls the internal CallbackHandler,
|
||||
* control is passed to each {@link JaasAuthenticationCallbackHandler} for each Callback
|
||||
* passed.
|
||||
* </p>
|
||||
*
|
||||
* <p>
|
||||
* {@link JaasAuthenticationCallbackHandler}s are passed to the
|
||||
* AbstractJaasAuthenticationProvider through the
|
||||
@ -84,8 +84,7 @@ import org.springframework.util.ObjectUtils;
|
||||
* </list>
|
||||
* </property>
|
||||
* </pre>
|
||||
*
|
||||
* </p>
|
||||
*
|
||||
* <p>
|
||||
* After calling LoginContext.login(), the AbstractJaasAuthenticationProvider will
|
||||
* retrieve the returned Principals from the Subject
|
||||
@ -95,7 +94,7 @@ import org.springframework.util.ObjectUtils;
|
||||
* Authorization a role, it returns that role name from it's
|
||||
* {@link AuthorityGranter#grant(java.security.Principal)} method. The returned role will
|
||||
* be applied to the Authorization object as a {@link GrantedAuthority}.
|
||||
* </p>
|
||||
*
|
||||
* <p>
|
||||
* AuthorityGranters are configured in spring xml as follows...
|
||||
*
|
||||
|
||||
@ -61,8 +61,7 @@ import java.security.Security;
|
||||
* <value>/WEB-INF/login.conf</value>
|
||||
* </property>
|
||||
* </pre>
|
||||
*
|
||||
* </p>
|
||||
*
|
||||
* <p>
|
||||
* The loginContextName should coincide with a given index in the loginConfig specifed.
|
||||
* The loginConfig file used in the JUnit tests appears as the following...
|
||||
@ -80,7 +79,6 @@ import java.security.Security;
|
||||
* <property name="loginContextName"> <value>JAASTest</value> </property>
|
||||
* </pre>
|
||||
*
|
||||
* </p>
|
||||
* <p>
|
||||
* When using JAAS login modules as the authentication source, sometimes the <a href=
|
||||
* "http://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/LoginContext.html"
|
||||
@ -91,7 +89,7 @@ import java.security.Security;
|
||||
* in the ApplicationContext. When the LoginContext calls the internal CallbackHandler,
|
||||
* control is passed to each {@link JaasAuthenticationCallbackHandler} for each Callback
|
||||
* passed.
|
||||
* </p>
|
||||
*
|
||||
* <p>
|
||||
* {@link JaasAuthenticationCallbackHandler}s are passed to the JaasAuthenticationProvider
|
||||
* through the
|
||||
@ -108,7 +106,6 @@ import java.security.Security;
|
||||
* </property>
|
||||
* </pre>
|
||||
*
|
||||
* </p>
|
||||
* <p>
|
||||
* After calling LoginContext.login(), the JaasAuthenticationProvider will retrieve the
|
||||
* returned Principals from the Subject (LoginContext.getSubject().getPrincipals). Each
|
||||
@ -130,10 +127,9 @@ import java.security.Security;
|
||||
* </pre>
|
||||
*
|
||||
* A configuration note: The JaasAuthenticationProvider uses the security properites
|
||||
* "e;login.config.url.X"e; to configure jaas. If you would like to customize the
|
||||
* "login.config.url.X" to configure jaas. If you would like to customize the
|
||||
* way Jaas gets configured, create a subclass of this and override the
|
||||
* {@link #configureJaas(Resource)} method.
|
||||
* </p>
|
||||
*
|
||||
* @author Ray Krueger
|
||||
* @author Rob Winch
|
||||
|
||||
@ -55,7 +55,7 @@ public class DelegatingSecurityContextExecutorService extends
|
||||
* Creates a new {@link DelegatingSecurityContextExecutorService} that uses the
|
||||
* current {@link SecurityContext} from the {@link SecurityContextHolder}.
|
||||
*
|
||||
* @param delegateTaskExecutor the {@link TaskExecutor} to delegate to. Cannot be
|
||||
* @param delegate the {@link ExecutorService} to delegate to. Cannot be
|
||||
* null.
|
||||
*/
|
||||
public DelegatingSecurityContextExecutorService(ExecutorService delegate) {
|
||||
|
||||
@ -70,13 +70,13 @@ public final class DelegatingSecurityContextRunnable implements Runnable {
|
||||
}
|
||||
|
||||
/**
|
||||
* Determines if the SecurityContext should be transfered if {@link #call()}
|
||||
* Determines if the SecurityContext should be transfered if {@link #run()}
|
||||
* is invoked on the same {@link Thread} the
|
||||
* {@link DelegatingSecurityContextCallable} was created on.
|
||||
*
|
||||
* @param enableOnOriginalThread
|
||||
* if false (default), will only transfer the
|
||||
* {@link SecurityContext} if {@link #call()} is invoked on a
|
||||
* {@link SecurityContext} if {@link #run()} is invoked on a
|
||||
* different {@link Thread} than the
|
||||
* {@link DelegatingSecurityContextCallable} was created on.
|
||||
* @since 4.0.2
|
||||
|
||||
@ -51,7 +51,7 @@ public final class DelegatingSecurityContextScheduledExecutorService extends
|
||||
* Creates a new {@link DelegatingSecurityContextScheduledExecutorService} that uses
|
||||
* the current {@link SecurityContext} from the {@link SecurityContextHolder}.
|
||||
*
|
||||
* @param delegateTaskExecutor the {@link TaskExecutor} to delegate to. Cannot be
|
||||
* @param delegate the {@link ScheduledExecutorService} to delegate to. Cannot be
|
||||
* null.
|
||||
*/
|
||||
public DelegatingSecurityContextScheduledExecutorService(
|
||||
|
||||
@ -30,7 +30,9 @@ import org.springframework.security.core.Authentication;
|
||||
* @author Rob Winch
|
||||
* @since 4.0
|
||||
*
|
||||
* @see org.springframework.security.messaging.context.AuthenticationPrincipalArgumentResolver
|
||||
* See: <a href="{@docRoot}/org/springframework/security/messaging/context/AuthenticationPrincipalArgumentResolver.html">
|
||||
* AuthenticationPrincipalArgumentResolver
|
||||
* </a>
|
||||
*/
|
||||
@Target({ ElementType.PARAMETER, ElementType.ANNOTATION_TYPE })
|
||||
@Retention(RetentionPolicy.RUNTIME)
|
||||
|
||||
@ -40,7 +40,7 @@ import org.springframework.util.ReflectionUtils;
|
||||
* <pre>
|
||||
* import org.springframework.security.access.method.P;
|
||||
*
|
||||
* @PostAuthorize("#to == returnObject.to")
|
||||
* {@code @PostAuthorize("#to == returnObject.to")}
|
||||
* public Message findMessageByTo(@P("to") String to);
|
||||
* </pre>
|
||||
*
|
||||
@ -70,7 +70,7 @@ import org.springframework.util.ReflectionUtils;
|
||||
* <pre>
|
||||
* import org.springframework.security.access.method.P;
|
||||
*
|
||||
* @PostAuthorize("#to == returnObject.to")
|
||||
* {@code @PostAuthorize("#to == returnObject.to")}
|
||||
* public Message findMessageByToAndFrom(@P("to") User to, User from);
|
||||
* </pre>
|
||||
*
|
||||
|
||||
@ -32,9 +32,8 @@ import java.util.concurrent.CopyOnWriteArraySet;
|
||||
* SessionDestroyedEvent}s published in the Spring application context.
|
||||
* <p>
|
||||
* For this class to function correctly in a web application, it is important that you
|
||||
* register an {@link org.springframework.security.web.session.HttpSessionEventPublisher
|
||||
* HttpSessionEventPublisher} in the <tt>web.xml</tt> file so that this class is notified
|
||||
* of sessions that expire.
|
||||
* register an <a href="{@docRoot}/org/springframework/security/web/session/HttpSessionEventPublisher.html">HttpSessionEventPublisher</a>
|
||||
* in the <tt>web.xml</tt> file so that this class is notified of sessions that expire.
|
||||
*
|
||||
* @author Ben Alex
|
||||
* @author Luke Taylor
|
||||
|
||||
@ -145,7 +145,7 @@ public class KeyBasedPersistenceTokenService implements TokenService, Initializi
|
||||
}
|
||||
|
||||
/**
|
||||
* @param pseudoRandomNumberBytes changes the number of bytes issued (must be >= 0;
|
||||
* @param pseudoRandomNumberBytes changes the number of bytes issued (must be >= 0;
|
||||
* defaults to 256)
|
||||
*/
|
||||
public void setPseudoRandomNumberBytes(int pseudoRandomNumberBytes) {
|
||||
|
||||
@ -38,7 +38,7 @@ public interface TokenService {
|
||||
Token allocateToken(String extendedInformation);
|
||||
|
||||
/**
|
||||
* Permits verification the <{@link Token#getKey()} was issued by this
|
||||
* Permits verification the {@link Token#getKey()} was issued by this
|
||||
* <code>TokenService</code> and reconstructs the corresponding <code>Token</code>.
|
||||
*
|
||||
* @param key as obtained from {@link Token#getKey()} and created by this
|
||||
|
||||
@ -47,7 +47,7 @@ import org.springframework.util.Assert;
|
||||
*
|
||||
* This table contains the login name, password and enabled status of the user.
|
||||
*
|
||||
* <table>
|
||||
* <table summary="The Users Table">
|
||||
* <tr>
|
||||
* <th>Column</th>
|
||||
* </tr>
|
||||
@ -64,7 +64,7 @@ import org.springframework.util.Assert;
|
||||
*
|
||||
* <h4>The Authorities Table</h4>
|
||||
*
|
||||
* <table>
|
||||
* <table summary="The Authorities Table">
|
||||
* <tr>
|
||||
* <th>Column</th>
|
||||
* </tr>
|
||||
|
||||
@ -23,7 +23,7 @@ import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
|
||||
/**
|
||||
* Used by {@link InMemoryDaoImpl} to temporarily store the attributes associated with a
|
||||
* Used by {@link org.springframework.security.provisioning.InMemoryUserDetailsManager} to temporarily store the attributes associated with a
|
||||
* user.
|
||||
*
|
||||
* @author Ben Alex
|
||||
@ -50,7 +50,7 @@ public class UserAttribute {
|
||||
/**
|
||||
* Set all authorities for this user.
|
||||
*
|
||||
* @param authorities {@link List} <{@link GrantedAuthority}>
|
||||
* @param authorities {@link List} <{@link GrantedAuthority}>
|
||||
* @since 1.1
|
||||
*/
|
||||
public void setAuthorities(List<GrantedAuthority> authorities) {
|
||||
@ -61,7 +61,7 @@ public class UserAttribute {
|
||||
* Set all authorities for this user from String values. It will create the necessary
|
||||
* {@link GrantedAuthority} objects.
|
||||
*
|
||||
* @param authoritiesAsStrings {@link List} <{@link String}>
|
||||
* @param authoritiesAsStrings {@link List} <{@link String}>
|
||||
* @since 1.1
|
||||
*/
|
||||
public void setAuthoritiesAsString(List<String> authoritiesAsStrings) {
|
||||
|
||||
@ -45,7 +45,7 @@ public class DelegatingSecurityContextTaskExecutor extends
|
||||
* Creates a new {@link DelegatingSecurityContextTaskExecutor} that uses the current
|
||||
* {@link SecurityContext} from the {@link SecurityContextHolder}.
|
||||
*
|
||||
* @param delegateTaskExecutor the {@link TaskExecutor} to delegate to. Cannot be
|
||||
* @param delegate the {@link TaskExecutor} to delegate to. Cannot be
|
||||
* null.
|
||||
*/
|
||||
public DelegatingSecurityContextTaskExecutor(TaskExecutor delegate) {
|
||||
|
||||
@ -31,25 +31,25 @@ import java.security.SecureRandom;
|
||||
* with a random salt, like this:
|
||||
* <p>
|
||||
* <code>
|
||||
* String pw_hash = BCrypt.hashpw(plain_password, BCrypt.gensalt()); <br />
|
||||
* String pw_hash = BCrypt.hashpw(plain_password, BCrypt.gensalt()); <br>
|
||||
* </code>
|
||||
* <p>
|
||||
* To check whether a plaintext password matches one that has been hashed previously, use
|
||||
* the checkpw method:
|
||||
* <p>
|
||||
* <code>
|
||||
* if (BCrypt.checkpw(candidate_password, stored_hash))<br />
|
||||
* System.out.println("It matches");<br />
|
||||
* else<br />
|
||||
* System.out.println("It does not match");<br />
|
||||
* if (BCrypt.checkpw(candidate_password, stored_hash))<br>
|
||||
* System.out.println("It matches");<br>
|
||||
* else<br>
|
||||
* System.out.println("It does not match");<br>
|
||||
* </code>
|
||||
* <p>
|
||||
* The gensalt() method takes an optional parameter (log_rounds) that determines the
|
||||
* computational complexity of the hashing:
|
||||
* <p>
|
||||
* <code>
|
||||
* String strong_salt = BCrypt.gensalt(10)<br />
|
||||
* String stronger_salt = BCrypt.gensalt(12)<br />
|
||||
* String strong_salt = BCrypt.gensalt(10)<br>
|
||||
* String stronger_salt = BCrypt.gensalt(12)<br>
|
||||
* </code>
|
||||
* <p>
|
||||
* The amount of work increases exponentially (2**log_rounds), so each increment is twice
|
||||
|
||||
@ -29,41 +29,39 @@ import java.util.Map;
|
||||
* <p>
|
||||
* By defining this object as a Bean, Spring Security is exposed as SpEL expressions for
|
||||
* creating Spring Data queries.
|
||||
* </p>
|
||||
*
|
||||
* <p>
|
||||
* With Java based configuration, we can define the bean using the following:
|
||||
* </p>
|
||||
*
|
||||
* <p>
|
||||
* For example, if you return a UserDetails that extends the following User object:
|
||||
* </p>
|
||||
*
|
||||
* <pre>
|
||||
* @Entity
|
||||
* @Entity
|
||||
* public class User {
|
||||
* @GeneratedValue(strategy = GenerationType.AUTO)
|
||||
* @Id
|
||||
* @GeneratedValue(strategy = GenerationType.AUTO)
|
||||
* @Id
|
||||
* private Long id;
|
||||
*
|
||||
* ...
|
||||
* }
|
||||
* </pre>
|
||||
*
|
||||
* <p>
|
||||
* And you have a Message object that looks like the following:
|
||||
* </p>
|
||||
*
|
||||
* <pre>
|
||||
* @Entity
|
||||
* @Entity
|
||||
* public class Message {
|
||||
* @Id
|
||||
* @GeneratedValue(strategy = GenerationType.AUTO)
|
||||
* @Id
|
||||
* @GeneratedValue(strategy = GenerationType.AUTO)
|
||||
* private Long id;
|
||||
*
|
||||
* @OneToOne
|
||||
* @OneToOne
|
||||
* private User to;
|
||||
*
|
||||
* ...
|
||||
* }
|
||||
* </pre>
|
||||
*
|
||||
* You can use the following {@code Query} annotation to search for only messages that are
|
||||
|
||||
@ -40,7 +40,7 @@ public class DefaultSpringSecurityContextSource extends LdapContextSource {
|
||||
* you want to use more than one server for fail-over, rather use the
|
||||
* {@link #DefaultSpringSecurityContextSource(List, String)} constructor.
|
||||
*
|
||||
* @param providerUrl an LDAP URL of the form <code>ldap://localhost:389/base_dn<code>
|
||||
* @param providerUrl an LDAP URL of the form <code>ldap://localhost:389/base_dn</code>
|
||||
*/
|
||||
public DefaultSpringSecurityContextSource(String providerUrl) {
|
||||
Assert.hasLength(providerUrl, "An LDAP connection URL must be supplied.");
|
||||
|
||||
@ -22,8 +22,7 @@ import org.springframework.security.core.userdetails.UsernameNotFoundException;
|
||||
* Obtains a user's information from the LDAP directory given a login name.
|
||||
* <p>
|
||||
* May be optionally used to configure the LDAP authentication implementation when a more
|
||||
* sophisticated approach is required than just using a simple username->DN mapping.
|
||||
* </p>
|
||||
* sophisticated approach is required than just using a simple username->DN mapping.
|
||||
*
|
||||
* @author Luke Taylor
|
||||
*/
|
||||
|
||||
@ -75,15 +75,15 @@ import java.util.Set;
|
||||
*
|
||||
* <pre>
|
||||
* <bean id="ldapAuthoritiesPopulator"
|
||||
* class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
|
||||
* <constructor-arg ref="contextSource"/>
|
||||
* <constructor-arg value="ou=groups"/>
|
||||
* <property name="groupRoleAttribute" value="ou"/>
|
||||
* <!-- the following properties are shown with their default values -->
|
||||
* <property name="searchSubtree" value="false"/>
|
||||
* <property name="rolePrefix" value="ROLE_"/>
|
||||
* <property name="convertToUpperCase" value="true"/>
|
||||
* </bean>
|
||||
* class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
|
||||
* <constructor-arg ref="contextSource"/>
|
||||
* <constructor-arg value="ou=groups"/>
|
||||
* <property name="groupRoleAttribute" value="ou"/>
|
||||
* <!-- the following properties are shown with their default values -->
|
||||
* <property name="searchSubtree" value="false"/>
|
||||
* <property name="rolePrefix" value="ROLE_"/>
|
||||
* <property name="convertToUpperCase" value="true"/>
|
||||
* </bean>
|
||||
* </pre>
|
||||
*
|
||||
* A search for roles for user "uid=ben,ou=people,dc=springframework,dc=org" would return
|
||||
@ -292,7 +292,7 @@ public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator
|
||||
|
||||
/**
|
||||
* Sets the prefix which will be prepended to the values loaded from the directory.
|
||||
* Defaults to "ROLE_" for compatibility with <tt>RoleVoter/tt>.
|
||||
* Defaults to "ROLE_" for compatibility with <tt>RoleVoter</tt>.
|
||||
*/
|
||||
public void setRolePrefix(String rolePrefix) {
|
||||
Assert.notNull(rolePrefix, "rolePrefix must not be null");
|
||||
@ -326,7 +326,7 @@ public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator
|
||||
* Returns the current LDAP template. Method available so that classes extending this
|
||||
* can override the template used
|
||||
* @return the LDAP template
|
||||
* @see {@link org.springframework.security.ldap.SpringSecurityLdapTemplate}
|
||||
* @see org.springframework.security.ldap.SpringSecurityLdapTemplate
|
||||
*/
|
||||
protected SpringSecurityLdapTemplate getLdapTemplate() {
|
||||
return ldapTemplate;
|
||||
@ -336,7 +336,7 @@ public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator
|
||||
* Returns the attribute name of the LDAP attribute that will be mapped to the role
|
||||
* name Method available so that classes extending this can override
|
||||
* @return the attribute name used for role mapping
|
||||
* @see {@link #setGroupRoleAttribute(String)}
|
||||
* @see #setGroupRoleAttribute(String)
|
||||
*/
|
||||
protected final String getGroupRoleAttribute() {
|
||||
return groupRoleAttribute;
|
||||
@ -346,7 +346,7 @@ public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator
|
||||
* Returns the search filter configured for this populator Method available so that
|
||||
* classes extending this can override
|
||||
* @return the search filter
|
||||
* @see {@link #setGroupSearchFilter(String)}
|
||||
* @see #setGroupSearchFilter(String)
|
||||
*/
|
||||
protected final String getGroupSearchFilter() {
|
||||
return groupSearchFilter;
|
||||
@ -356,7 +356,7 @@ public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator
|
||||
* Returns the role prefix used by this populator Method available so that classes
|
||||
* extending this can override
|
||||
* @return the role prefix
|
||||
* @see {@link #setRolePrefix(String)}
|
||||
* @see #setRolePrefix(String)
|
||||
*/
|
||||
protected final String getRolePrefix() {
|
||||
return rolePrefix;
|
||||
@ -366,7 +366,7 @@ public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator
|
||||
* Returns true if role names are converted to uppercase Method available so that
|
||||
* classes extending this can override
|
||||
* @return true if role names are converted to uppercase.
|
||||
* @see {@link #setConvertToUpperCase(boolean)}
|
||||
* @see #setConvertToUpperCase(boolean)
|
||||
*/
|
||||
protected final boolean isConvertToUpperCase() {
|
||||
return convertToUpperCase;
|
||||
@ -376,7 +376,7 @@ public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator
|
||||
* Returns the default role Method available so that classes extending this can
|
||||
* override
|
||||
* @return the default role used
|
||||
* @see {@link #setDefaultRole(String)}
|
||||
* @see #setDefaultRole(String)
|
||||
*/
|
||||
private GrantedAuthority getDefaultRole() {
|
||||
return defaultRole;
|
||||
|
||||
@ -110,9 +110,6 @@ import java.util.*;
|
||||
* ou: jdeveloper
|
||||
* member: uid=scaladude,ou=people,dc=springframework,dc=org *
|
||||
* </pre>
|
||||
*
|
||||
* </pre>
|
||||
* </p>
|
||||
*
|
||||
* @author Filip Hanik
|
||||
*/
|
||||
|
||||
@ -45,7 +45,7 @@ public final class ExpressionBasedMessageSecurityMetadataSourceFactory {
|
||||
* For example:
|
||||
*
|
||||
* <pre>
|
||||
* LinkedHashMap<MessageMatcher<?> matcherToExpression = new LinkedHashMap<MessageMatcher<Object>();
|
||||
* LinkedHashMap<MessageMatcher<?>,String> matcherToExpression = new LinkedHashMap<MessageMatcher<Object>,String>();
|
||||
* matcherToExpression.put(new SimDestinationMessageMatcher("/public/**"), "permitAll");
|
||||
* matcherToExpression.put(new SimDestinationMessageMatcher("/admin/**"), "hasRole('ROLE_ADMIN')");
|
||||
* matcherToExpression.put(new SimDestinationMessageMatcher("/**"), "authenticated");
|
||||
@ -57,11 +57,9 @@ public final class ExpressionBasedMessageSecurityMetadataSourceFactory {
|
||||
* If our destination is "/public/hello", it would match on "/public/**" and on "/**".
|
||||
* However, only "/public/**" would be used since it is the first entry. That means
|
||||
* that a destination of "/public/hello" will be mapped to "permitAll".
|
||||
* </p>
|
||||
*
|
||||
* <p>
|
||||
* For a complete listing of expressions see {@link MessageSecurityExpressionRoot}
|
||||
* </p>
|
||||
*
|
||||
* @param matcherToExpression an ordered mapping of {@link MessageMatcher} to Strings
|
||||
* that are turned into an Expression using
|
||||
@ -81,7 +79,7 @@ public final class ExpressionBasedMessageSecurityMetadataSourceFactory {
|
||||
* For example:
|
||||
*
|
||||
* <pre>
|
||||
* LinkedHashMap<MessageMatcher<?> matcherToExpression = new LinkedHashMap<MessageMatcher<Object>();
|
||||
* LinkedHashMap<MessageMatcher<?>,String> matcherToExpression = new LinkedHashMap<MessageMatcher<Object>,String>();
|
||||
* matcherToExpression.put(new SimDestinationMessageMatcher("/public/**"), "permitAll");
|
||||
* matcherToExpression.put(new SimDestinationMessageMatcher("/admin/**"), "hasRole('ROLE_ADMIN')");
|
||||
* matcherToExpression.put(new SimDestinationMessageMatcher("/**"), "authenticated");
|
||||
|
||||
@ -30,12 +30,10 @@ import org.springframework.util.Assert;
|
||||
* <p>
|
||||
* The <code>SecurityMetadataSource</code> required by this security interceptor is of
|
||||
* type {@link MessageSecurityMetadataSource}.
|
||||
* </p>
|
||||
* <p>
|
||||
* Refer to {@link AbstractSecurityInterceptor} for details on the workflow.
|
||||
* </p>
|
||||
*
|
||||
* @see 4.0
|
||||
* @since 4.0
|
||||
* @author Rob Winch
|
||||
*/
|
||||
public final class ChannelSecurityInterceptor extends AbstractSecurityInterceptor
|
||||
|
||||
@ -32,12 +32,13 @@ import org.springframework.stereotype.Controller;
|
||||
* {@link Controller}:
|
||||
*
|
||||
* <pre>
|
||||
* @Controller
|
||||
* @Controller
|
||||
* public class MyController {
|
||||
* @MessageMapping("/im")
|
||||
* @MessageMapping("/im")
|
||||
* public void im(@AuthenticationPrincipal CustomUser customUser) {
|
||||
* // do something with CustomUser
|
||||
* }
|
||||
* }
|
||||
* </pre>
|
||||
*
|
||||
* <p>
|
||||
@ -47,11 +48,9 @@ import org.springframework.stereotype.Controller;
|
||||
* match, null will be returned unless
|
||||
* {@link AuthenticationPrincipal#errorOnInvalidType()} is true in which case a
|
||||
* {@link ClassCastException} will be thrown.
|
||||
* </p>
|
||||
*
|
||||
* <p>
|
||||
* Alternatively, users can create a custom meta annotation as shown below:
|
||||
* </p>
|
||||
*
|
||||
* <pre>
|
||||
* @Target({ ElementType.PARAMETER })
|
||||
@ -63,15 +62,15 @@ import org.springframework.stereotype.Controller;
|
||||
*
|
||||
* <p>
|
||||
* The custom annotation can then be used instead. For example:
|
||||
* </p>
|
||||
*
|
||||
* <pre>
|
||||
* @Controller
|
||||
* @Controller
|
||||
* public class MyController {
|
||||
* @MessageMapping("/im")
|
||||
* @MessageMapping("/im")
|
||||
* public void im(@CurrentUser CustomUser customUser) {
|
||||
* // do something with CustomUser
|
||||
* }
|
||||
* }
|
||||
* </pre>
|
||||
*
|
||||
* @author Rob Winch
|
||||
|
||||
@ -55,7 +55,6 @@ public final class SimpDestinationMessageMatcher implements MessageMatcher<Objec
|
||||
* Creates a new instance with the specified pattern, null {@link SimpMessageType}
|
||||
* (matches any type), and a {@link AntPathMatcher} created from the default
|
||||
* constructor.
|
||||
* </p>
|
||||
*
|
||||
* <p>
|
||||
* The mapping matches destinations despite the using the following rules:
|
||||
@ -87,7 +86,6 @@ public final class SimpDestinationMessageMatcher implements MessageMatcher<Objec
|
||||
/**
|
||||
* <p>
|
||||
* Creates a new instance with the specified pattern and {@link PathMatcher}.
|
||||
* </p>
|
||||
*
|
||||
* @param pattern the pattern to use
|
||||
* @param pathMatcher the {@link PathMatcher} to use.
|
||||
@ -100,7 +98,6 @@ public final class SimpDestinationMessageMatcher implements MessageMatcher<Objec
|
||||
* <p>
|
||||
* Creates a new instance with the specified pattern, {@link SimpMessageType}, and
|
||||
* {@link PathMatcher}.
|
||||
* </p>
|
||||
*
|
||||
* @param pattern the pattern to use
|
||||
* @param type the {@link SimpMessageType} to match on or null if any
|
||||
@ -155,10 +152,9 @@ public final class SimpDestinationMessageMatcher implements MessageMatcher<Objec
|
||||
* <p>
|
||||
* Creates a new instance with the specified pattern,
|
||||
* {@code SimpMessageType.SUBSCRIBE}, and {@link PathMatcher}.
|
||||
* </p>
|
||||
*
|
||||
* @param pattern the pattern to use
|
||||
* @param pathMatcher the {@link PathMatcher} to use.
|
||||
* @param matcher the {@link PathMatcher} to use.
|
||||
*/
|
||||
public static SimpDestinationMessageMatcher createSubscribeMatcher(String pattern,
|
||||
PathMatcher matcher) {
|
||||
@ -170,10 +166,9 @@ public final class SimpDestinationMessageMatcher implements MessageMatcher<Objec
|
||||
* <p>
|
||||
* Creates a new instance with the specified pattern, {@code SimpMessageType.MESSAGE},
|
||||
* and {@link PathMatcher}.
|
||||
* </p>
|
||||
*
|
||||
* @param pattern the pattern to use
|
||||
* @param pathMatcher the {@link PathMatcher} to use.
|
||||
* @param matcher the {@link PathMatcher} to use.
|
||||
*/
|
||||
public static SimpDestinationMessageMatcher createMessageMatcher(String pattern,
|
||||
PathMatcher matcher) {
|
||||
|
||||
@ -246,17 +246,17 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
|
||||
|
||||
/**
|
||||
* Maps the <tt>return_to url</tt> to a realm, for example:
|
||||
*
|
||||
*
|
||||
* <pre>
|
||||
* http://www.example.com/login/openid -> http://www.example.com/realm</tt>
|
||||
* http://www.example.com/login/openid -> http://www.example.com/realm
|
||||
* </pre>
|
||||
*
|
||||
*
|
||||
* If no mapping is provided then the returnToUrl will be parsed to extract the
|
||||
* protocol, hostname and port followed by a trailing slash. This means that
|
||||
* <tt>http://www.example.com/login/openid</tt> will automatically become
|
||||
* <tt>http://www.example.com:80/</tt>
|
||||
*
|
||||
* @param realmMapping containing returnToUrl -> realm mappings
|
||||
* @param realmMapping containing returnToUrl -> realm mappings
|
||||
*/
|
||||
public void setRealmMapping(Map<String, String> realmMapping) {
|
||||
this.realmMapping = realmMapping;
|
||||
|
||||
@ -39,12 +39,11 @@ public interface DnsResolver {
|
||||
/**
|
||||
* <p>
|
||||
* Resolves the host name for the specified service in the specified domain
|
||||
* </p>
|
||||
*
|
||||
* <p>
|
||||
* For example, if you need the host name for an LDAP server running in the domain
|
||||
* springsource.com, you would call <b>resolveServiceEntry("ldap",
|
||||
* "springsource.com")</b>.
|
||||
* </p>
|
||||
*
|
||||
* <p>
|
||||
* The DNS server needs to provide the service records for this, in the example above,
|
||||
@ -59,7 +58,6 @@ public interface DnsResolver {
|
||||
* priority, it will return the one with the highest weight. You will find more
|
||||
* informatione about DNS service records at <a
|
||||
* href="http://en.wikipedia.org/wiki/SRV_record">Wikipedia</a>.
|
||||
* </p>
|
||||
*
|
||||
* @param serviceType The service type you are searching for, e.g. ldap, kerberos, ...
|
||||
* @param domain The domain, in which you are searching for the service
|
||||
|
||||
@ -41,7 +41,7 @@ import org.springframework.web.servlet.mvc.support.RedirectAttributes;
|
||||
* {@link HttpServletRequest#authenticate(HttpServletResponse)}</li>
|
||||
* <li>{@link #login(HttpServletRequest, HttpServletResponse, LoginForm, BindingResult)} -
|
||||
* Integration with {@link HttpServletRequest#login(String, String)}</li>
|
||||
* <li>{@link #logout(HttpServletRequest, HttpServletResponse)} - Integration with
|
||||
* <li>{@link #logout(HttpServletRequest, HttpServletResponse, RedirectAttributes)} - Integration with
|
||||
* {@link HttpServletRequest#logout()}</li>
|
||||
* <li>{@link #remoteUser(HttpServletRequest)} - Integration with
|
||||
* {@link HttpServletRequest#getRemoteUser()}</li>
|
||||
|
||||
@ -45,7 +45,7 @@ import org.springframework.web.context.support.WebApplicationContextUtils;
|
||||
* technology (JSP, Facelets). It treats tag attributes as simple strings rather than
|
||||
* strings that may contain expressions with the exception of the "access" attribute,
|
||||
* which is always expected to contain a Spring EL expression.
|
||||
* <p/>
|
||||
* <p>
|
||||
* Subclasses are expected to extract tag attribute values from the specific rendering
|
||||
* technology, evaluate them as expressions if necessary, and set the String-based
|
||||
* attributes of this class.
|
||||
|
||||
@ -40,9 +40,7 @@ import org.springframework.test.web.servlet.MockMvc;
|
||||
* <li>The {@link SecurityContext} created with be that of
|
||||
* {@link SecurityContextHolder#createEmptyContext()}</li>
|
||||
* <li>It will be populated with an {@link UsernamePasswordAuthenticationToken} that uses
|
||||
* the username of either {@link #value()} or {@link #username()},
|
||||
* {@link GrantedAuthority} that are specified by {@link #roles()}, and a password
|
||||
* specified by {@link #password()}.
|
||||
* the username of {@link #value()}.
|
||||
* </ul>
|
||||
*
|
||||
* @see WithMockUser
|
||||
|
||||
@ -168,7 +168,7 @@ public final class SecurityMockMvcRequestPostProcessors {
|
||||
* for the {@link Authentication#getPrincipal()} and a custom {@link UserDetails}. All
|
||||
* details are declarative and do not require that the user actually exists.
|
||||
*
|
||||
* @param user the UserDetails to populate
|
||||
* @param authentication the Authentication to populate
|
||||
* @return the {@link RequestPostProcessor} to use
|
||||
*/
|
||||
public static RequestPostProcessor authentication(Authentication authentication) {
|
||||
@ -635,10 +635,10 @@ public final class SecurityMockMvcRequestPostProcessors {
|
||||
* {@link #authorities(GrantedAuthority...)}, but just not as flexible.
|
||||
*
|
||||
* @param roles The roles to populate. Note that if the role does not start with
|
||||
* {@link #rolePrefix(String)} it will automatically be prepended. This means by
|
||||
* {@link #ROLE_PREFIX} it will automatically be prepended. This means by
|
||||
* default {@code roles("ROLE_USER")} and {@code roles("USER")} are equivalent.
|
||||
* @see #authorities(GrantedAuthority...)
|
||||
* @see #rolePrefix(String)
|
||||
* @see #ROLE_PREFIX
|
||||
* @return the UserRequestPostProcessor for further customizations
|
||||
*/
|
||||
public UserRequestPostProcessor roles(String... roles) {
|
||||
|
||||
@ -202,7 +202,7 @@ public final class SecurityMockMvcResultMatchers {
|
||||
/**
|
||||
* Specifies the {@link Authentication#getAuthorities()}
|
||||
*
|
||||
* @param expected the roles. Each value is automatically prefixed with "ROLE_"
|
||||
* @param roles the roles. Each value is automatically prefixed with "ROLE_"
|
||||
* @return the {@link AuthenticatedMatcher} for further customization
|
||||
*/
|
||||
public AuthenticatedMatcher withRoles(String... roles) {
|
||||
|
||||
@ -69,8 +69,6 @@ public abstract class WebTestUtils {
|
||||
* @param request the {@link HttpServletRequest} to obtain the
|
||||
* {@link SecurityContextRepository}
|
||||
* @param securityContextRepository the {@link SecurityContextRepository} to set
|
||||
* @return the {@link SecurityContextRepository} for the specified
|
||||
* {@link HttpServletRequest}
|
||||
*/
|
||||
public static void setSecurityContextRepository(HttpServletRequest request,
|
||||
SecurityContextRepository securityContextRepository) {
|
||||
|
||||
@ -59,14 +59,14 @@ import java.util.*;
|
||||
* requests which match the pattern. An example configuration might look like this:
|
||||
*
|
||||
* <pre>
|
||||
* <bean id="myfilterChainProxy" class="org.springframework.security.util.FilterChainProxy">
|
||||
* <constructor-arg>
|
||||
* <util:list>
|
||||
* <security:filter-chain pattern="/do/not/filter*" filters="none"/>
|
||||
* <security:filter-chain pattern="/**" filters="filter1,filter2,filter3"/>
|
||||
* </util:list>
|
||||
* </constructor-arg>
|
||||
* </bean>
|
||||
* <bean id="myfilterChainProxy" class="org.springframework.security.util.FilterChainProxy">
|
||||
* <constructor-arg>
|
||||
* <util:list>
|
||||
* <security:filter-chain pattern="/do/not/filter*" filters="none"/>
|
||||
* <security:filter-chain pattern="/**" filters="filter1,filter2,filter3"/>
|
||||
* </util:list>
|
||||
* </constructor-arg>
|
||||
* </bean>
|
||||
* </pre>
|
||||
*
|
||||
* The names "filter1", "filter2", "filter3" should be the bean names of {@code Filter}
|
||||
|
||||
@ -50,7 +50,7 @@ public class PortMapperImpl implements PortMapper {
|
||||
// ========================================================================================================
|
||||
|
||||
/**
|
||||
* Returns the translated (Integer -> Integer) version of the original port mapping
|
||||
* Returns the translated (Integer -> Integer) version of the original port mapping
|
||||
* specified via setHttpsPortMapping()
|
||||
*/
|
||||
public Map<Integer, Integer> getTranslatedPortMappings() {
|
||||
@ -77,12 +77,12 @@ public class PortMapperImpl implements PortMapper {
|
||||
* like this:
|
||||
*
|
||||
* <pre>
|
||||
* <property name="portMappings">
|
||||
* <map>
|
||||
* <entry key="80"><value>443</value></entry>
|
||||
* <entry key="8080"><value>8443</value></entry>
|
||||
* </map>
|
||||
* </property>
|
||||
* <property name="portMappings">
|
||||
* <map>
|
||||
* <entry key="80"><value>443</value></entry>
|
||||
* <entry key="8080"><value>8443</value></entry>
|
||||
* </map>
|
||||
* </property>
|
||||
* </pre>
|
||||
*
|
||||
* @param newMappings A Map consisting of String keys and String values, where for
|
||||
|
||||
@ -50,30 +50,30 @@ import org.springframework.web.filter.GenericFilterBean;
|
||||
*
|
||||
* <pre>
|
||||
*
|
||||
* <bean id="channelProcessingFilter" class="org.springframework.security.web.access.channel.ChannelProcessingFilter">
|
||||
* <property name="channelDecisionManager" ref="channelDecisionManager"/>
|
||||
* <property name="securityMetadataSource">
|
||||
* <security:filter-security-metadata-source request-matcher="regex">
|
||||
* <security:intercept-url pattern="\A/secure/.*\Z" access="REQUIRES_SECURE_CHANNEL"/>
|
||||
* <security:intercept-url pattern="\A/login.jsp.*\Z" access="REQUIRES_SECURE_CHANNEL"/>
|
||||
* <security:intercept-url pattern="\A/.*\Z" access="ANY_CHANNEL"/>
|
||||
* </security:filter-security-metadata-source>
|
||||
* </property>
|
||||
* </bean>
|
||||
* <bean id="channelProcessingFilter" class="org.springframework.security.web.access.channel.ChannelProcessingFilter">
|
||||
* <property name="channelDecisionManager" ref="channelDecisionManager"/>
|
||||
* <property name="securityMetadataSource">
|
||||
* <security:filter-security-metadata-source request-matcher="regex">
|
||||
* <security:intercept-url pattern="\A/secure/.*\Z" access="REQUIRES_SECURE_CHANNEL"/>
|
||||
* <security:intercept-url pattern="\A/login.jsp.*\Z" access="REQUIRES_SECURE_CHANNEL"/>
|
||||
* <security:intercept-url pattern="\A/.*\Z" access="ANY_CHANNEL"/>
|
||||
* </security:filter-security-metadata-source>
|
||||
* </property>
|
||||
* </bean>
|
||||
*
|
||||
* <bean id="channelDecisionManager" class="org.springframework.security.web.access.channel.ChannelDecisionManagerImpl">
|
||||
* <property name="channelProcessors">
|
||||
* <list>
|
||||
* <ref bean="secureChannelProcessor"/>
|
||||
* <ref bean="insecureChannelProcessor"/>
|
||||
* </list>
|
||||
* </property>
|
||||
* </bean>
|
||||
* <bean id="channelDecisionManager" class="org.springframework.security.web.access.channel.ChannelDecisionManagerImpl">
|
||||
* <property name="channelProcessors">
|
||||
* <list>
|
||||
* <ref bean="secureChannelProcessor"/>
|
||||
* <ref bean="insecureChannelProcessor"/>
|
||||
* </list>
|
||||
* </property>
|
||||
* </bean>
|
||||
*
|
||||
* <bean id="secureChannelProcessor"
|
||||
* class="org.springframework.security.web.access.channel.SecureChannelProcessor"/>
|
||||
* class="org.springframework.security.web.access.channel.SecureChannelProcessor"/>
|
||||
* <bean id="insecureChannelProcessor"
|
||||
* class="org.springframework.security.web.access.channel.InsecureChannelProcessor"/>
|
||||
* class="org.springframework.security.web.access.channel.InsecureChannelProcessor"/>
|
||||
*
|
||||
* </pre>
|
||||
*
|
||||
|
||||
@ -46,8 +46,8 @@ public class DefaultWebSecurityExpressionHandler extends
|
||||
|
||||
/**
|
||||
* <p>
|
||||
* Sets the default prefix to be added to {@link #hasAnyRole(String...)} or
|
||||
* {@link #hasRole(String)}. For example, if hasRole("ADMIN") or hasRole("ROLE_ADMIN")
|
||||
* Sets the default prefix to be added to {@link org.springframework.security.access.expression.SecurityExpressionRoot#hasAnyRole(String...)} or
|
||||
* {@link org.springframework.security.access.expression.SecurityExpressionRoot#hasRole(String)}. For example, if hasRole("ADMIN") or hasRole("ROLE_ADMIN")
|
||||
* is passed in, then the role ROLE_ADMIN will be used when the defaultRolePrefix is
|
||||
* "ROLE_" (default).
|
||||
* </p>
|
||||
|
||||
@ -10,15 +10,14 @@ import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.web.access.ExceptionTranslationFilter;
|
||||
import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
|
||||
import org.springframework.security.web.savedrequest.RequestCache;
|
||||
import org.springframework.security.web.savedrequest.SavedRequest;
|
||||
import org.springframework.security.web.savedrequest.DefaultSavedRequest;
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.springframework.security.web.savedrequest.SavedRequest;
|
||||
import org.springframework.security.web.savedrequest.RequestCache;
|
||||
import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
|
||||
|
||||
/**
|
||||
* An authentication success strategy which can make use of the
|
||||
* {@link DefaultSavedRequest} which may have been stored in the session by the
|
||||
* {@link org.springframework.security.web.savedrequest.DefaultSavedRequest} which may have been stored in the session by the
|
||||
* {@link ExceptionTranslationFilter}. When such a request is intercepted and requires
|
||||
* authentication, the request data is stored to record the original destination before
|
||||
* the authentication process commenced, and to allow the request to be reconstructed when
|
||||
@ -36,15 +35,15 @@ import org.springframework.util.StringUtils;
|
||||
* If the {@code targetUrlParameter} has been set on the request, the value will be used
|
||||
* as the destination. Any {@code DefaultSavedRequest} will again be removed.</li>
|
||||
* <li>
|
||||
* If a {@link SavedRequest} is found in the {@code RequestCache} (as set by the
|
||||
* If a {@link org.springframework.security.web.savedrequest.SavedRequest} is found in the {@code RequestCache} (as set by the
|
||||
* {@link ExceptionTranslationFilter} to record the original destination before the
|
||||
* authentication process commenced), a redirect will be performed to the Url of that
|
||||
* original destination. The {@code SavedRequest} object will remain cached and be picked
|
||||
* up when the redirected request is received (See
|
||||
* {@link org.springframework.security.web.savedrequest.SavedRequestAwareWrapper
|
||||
* SavedRequestAwareWrapper}).</li>
|
||||
* <a href="{@docRoot}/org/springframework/security/web/savedrequest/SavedRequestAwareWrapper.html">SavedRequestAwareWrapper</a>).
|
||||
* </li>
|
||||
* <li>
|
||||
* If no {@code SavedRequest} is found, it will delegate to the base class.</li>
|
||||
* If no {@link org.springframework.security.web.savedrequest.SavedRequest} is found, it will delegate to the base class.</li>
|
||||
* </ul>
|
||||
*
|
||||
* @author Luke Taylor
|
||||
|
||||
@ -23,7 +23,7 @@ import javax.servlet.http.HttpSession;
|
||||
import org.springframework.util.ReflectionUtils;
|
||||
|
||||
/**
|
||||
* Uses {@link HttpServletRequest#changeSessionId()} to protect against session fixation
|
||||
* Uses {@code HttpServletRequest.changeSessionId()} to protect against session fixation
|
||||
* attacks. This is the default implementation for Servlet 3.1+.
|
||||
*
|
||||
* @author Rob Winch
|
||||
|
||||
@ -16,13 +16,12 @@ import org.springframework.util.Assert;
|
||||
* {@link RegisterSessionAuthenticationStrategy} is typically used in combination with
|
||||
* {@link CompositeSessionAuthenticationStrategy} and
|
||||
* {@link ConcurrentSessionControlAuthenticationStrategy}, but can be used on its own if
|
||||
* tracking of sessions is desired but no need to control concurrency.</P
|
||||
* tracking of sessions is desired but no need to control concurrency.
|
||||
*
|
||||
* <p>
|
||||
* NOTE: When using a {@link SessionRegistry} it is important that all sessions (including
|
||||
* timed out sessions) are removed. This is typically done by adding
|
||||
* {@link HttpSessionEventPublisher}.
|
||||
* </p>
|
||||
*
|
||||
* @see CompositeSessionAuthenticationStrategy
|
||||
*
|
||||
|
||||
@ -27,7 +27,7 @@ import javax.servlet.http.HttpSession;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
/**
|
||||
* The default implementation of {@link SessionAuthenticationStrategy} when using <
|
||||
* The default implementation of {@link SessionAuthenticationStrategy} when using <
|
||||
* Servlet 3.1.
|
||||
* <p>
|
||||
* Creates a new session for the newly authenticated user if they already have a session
|
||||
|
||||
@ -92,12 +92,12 @@ import org.springframework.web.filter.GenericFilterBean;
|
||||
* correct constraints to the <tt>switchUserUrl</tt>. Example:
|
||||
*
|
||||
* <pre>
|
||||
* <bean id="switchUserProcessingFilter" class="org.springframework.security.web.authentication.switchuser.SwitchUserFilter">
|
||||
* <property name="userDetailsService" ref="userDetailsService" />
|
||||
* <property name="switchUserUrl" value="/login/impersonate" />
|
||||
* <property name="exitUserUrl" value="/logout/impersonate" />
|
||||
* <property name="targetUrl" value="/index.jsp" />
|
||||
* </bean>
|
||||
* <bean id="switchUserProcessingFilter" class="org.springframework.security.web.authentication.switchuser.SwitchUserFilter">
|
||||
* <property name="userDetailsService" ref="userDetailsService" />
|
||||
* <property name="switchUserUrl" value="/login/impersonate" />
|
||||
* <property name="exitUserUrl" value="/logout/impersonate" />
|
||||
* <property name="targetUrl" value="/index.jsp" />
|
||||
* </bean>
|
||||
* </pre>
|
||||
*
|
||||
* @author Mark St.Godard
|
||||
|
||||
@ -34,13 +34,14 @@ import org.springframework.web.method.support.ModelAndViewContainer;
|
||||
* {@link Controller}:
|
||||
*
|
||||
* <pre>
|
||||
* @Controller
|
||||
* @Controller
|
||||
* public class MyController {
|
||||
* @RequestMapping("/user/current/show")
|
||||
* @RequestMapping("/user/current/show")
|
||||
* public String show(@AuthenticationPrincipal CustomUser customUser) {
|
||||
* // do something with CustomUser
|
||||
* return "view";
|
||||
* }
|
||||
* }
|
||||
* </pre>
|
||||
*
|
||||
* <p>
|
||||
@ -50,11 +51,9 @@ import org.springframework.web.method.support.ModelAndViewContainer;
|
||||
* match, null will be returned unless
|
||||
* {@link AuthenticationPrincipal#errorOnInvalidType()} is true in which case a
|
||||
* {@link ClassCastException} will be thrown.
|
||||
* </p>
|
||||
*
|
||||
* <p>
|
||||
* Alternatively, users can create a custom meta annotation as shown below:
|
||||
* </p>
|
||||
*
|
||||
* <pre>
|
||||
* @Target({ ElementType.PARAMETER })
|
||||
@ -66,16 +65,16 @@ import org.springframework.web.method.support.ModelAndViewContainer;
|
||||
*
|
||||
* <p>
|
||||
* The custom annotation can then be used instead. For example:
|
||||
* </p>
|
||||
*
|
||||
* <pre>
|
||||
* @Controller
|
||||
* @Controller
|
||||
* public class MyController {
|
||||
* @RequestMapping("/user/current/show")
|
||||
* @RequestMapping("/user/current/show")
|
||||
* public String show(@CurrentUser CustomUser customUser) {
|
||||
* // do something with CustomUser
|
||||
* return "view";
|
||||
* }
|
||||
* }
|
||||
* </pre>
|
||||
*
|
||||
* @deprecated use org.springframework.security.web.method.annotation.
|
||||
|
||||
@ -267,7 +267,7 @@ public abstract class AbstractSecurityWebApplicationInitializer implements
|
||||
}
|
||||
|
||||
/**
|
||||
* Return the <servlet-name> to use the DispatcherServlet's
|
||||
* Return the <servlet-name> to use the DispatcherServlet's
|
||||
* {@link WebApplicationContext} to find the {@link DelegatingFilterProxy} or null to
|
||||
* use the parent {@link ApplicationContext}.
|
||||
*
|
||||
@ -278,7 +278,7 @@ public abstract class AbstractSecurityWebApplicationInitializer implements
|
||||
* {@link WebApplicationContext}.
|
||||
* </p>
|
||||
*
|
||||
* @return the <servlet-name> of the DispatcherServlet to use its
|
||||
* @return the <servlet-name> of the DispatcherServlet to use its
|
||||
* {@link WebApplicationContext} or null (default) to use the parent
|
||||
* {@link ApplicationContext}.
|
||||
*/
|
||||
|
||||
@ -28,7 +28,8 @@ import javax.servlet.http.HttpServletRequest;
|
||||
public class InvalidCsrfTokenException extends CsrfException {
|
||||
|
||||
/**
|
||||
* @param msg
|
||||
* @param expectedAccessToken
|
||||
* @param actualAccessToken
|
||||
*/
|
||||
public InvalidCsrfTokenException(CsrfToken expectedAccessToken,
|
||||
String actualAccessToken) {
|
||||
|
||||
@ -85,7 +85,7 @@ public final class XXssProtectionHeaderWriter implements HeaderWriter {
|
||||
* If false, will not specify the mode as blocked. In this instance, any content will
|
||||
* be attempted to be fixed. If true, the content will be replaced with "#".
|
||||
*
|
||||
* @param enabled the new value
|
||||
* @param block the new value
|
||||
*/
|
||||
public void setBlock(boolean block) {
|
||||
if (!enabled && block) {
|
||||
|
||||
@ -7,7 +7,7 @@ import java.util.regex.Pattern;
|
||||
/**
|
||||
* Implementation which uses a regular expression to validate the supplied origin. If the
|
||||
* value of the HTTP parameter matches the pattern, then the the result will be ALLOW-FROM
|
||||
* <paramter-value>.
|
||||
* <paramter-value>.
|
||||
*
|
||||
* @author Marten Deinum
|
||||
* @since 3.2
|
||||
|
||||
@ -50,7 +50,7 @@ public final class XFrameOptionsHeaderWriter implements HeaderWriter {
|
||||
*
|
||||
* @param frameOptionsMode the {@link XFrameOptionsMode} to use. If using
|
||||
* {@link XFrameOptionsMode#ALLOW_FROM}, use
|
||||
* {@link #FrameOptionsHeaderWriter(AllowFromStrategy)} instead.
|
||||
* {@link #XFrameOptionsHeaderWriter(AllowFromStrategy)} instead.
|
||||
*/
|
||||
public XFrameOptionsHeaderWriter(XFrameOptionsMode frameOptionsMode) {
|
||||
Assert.notNull(frameOptionsMode, "frameOptionsMode cannot be null");
|
||||
|
||||
@ -34,12 +34,13 @@ import org.springframework.web.method.support.ModelAndViewContainer;
|
||||
* {@link Controller}:
|
||||
*
|
||||
* <pre>
|
||||
* @Controller
|
||||
* @Controller
|
||||
* public class MyController {
|
||||
* @MessageMapping("/im")
|
||||
* @MessageMapping("/im")
|
||||
* public void im(@AuthenticationPrincipal CustomUser customUser) {
|
||||
* // do something with CustomUser
|
||||
* }
|
||||
* }
|
||||
* </pre>
|
||||
*
|
||||
* <p>
|
||||
@ -49,11 +50,9 @@ import org.springframework.web.method.support.ModelAndViewContainer;
|
||||
* match, null will be returned unless
|
||||
* {@link AuthenticationPrincipal#errorOnInvalidType()} is true in which case a
|
||||
* {@link ClassCastException} will be thrown.
|
||||
* </p>
|
||||
*
|
||||
* <p>
|
||||
* Alternatively, users can create a custom meta annotation as shown below:
|
||||
* </p>
|
||||
*
|
||||
* <pre>
|
||||
* @Target({ ElementType.PARAMETER })
|
||||
@ -65,15 +64,15 @@ import org.springframework.web.method.support.ModelAndViewContainer;
|
||||
*
|
||||
* <p>
|
||||
* The custom annotation can then be used instead. For example:
|
||||
* </p>
|
||||
*
|
||||
* <pre>
|
||||
* @Controller
|
||||
* @Controller
|
||||
* public class MyController {
|
||||
* @MessageMapping("/im")
|
||||
* @MessageMapping("/im")
|
||||
* public void im(@CurrentUser CustomUser customUser) {
|
||||
* // do something with CustomUser
|
||||
* }
|
||||
* }
|
||||
* </pre>
|
||||
*
|
||||
* @author Rob Winch
|
||||
|
||||
@ -43,7 +43,6 @@ import org.apache.commons.logging.LogFactory;
|
||||
* wrapper. Nevertheless, the important data from the original request is emulated and
|
||||
* this should prove adequate for most purposes (in particular standard HTTP GET and POST
|
||||
* operations).
|
||||
* </p>
|
||||
*
|
||||
* <p>
|
||||
* Added into a request by
|
||||
|
||||
@ -155,7 +155,7 @@ public class SecurityContextHolderAwareRequestFilter extends GenericFilterBean {
|
||||
* when invoking {@link HttpServletRequest#logout()}.
|
||||
* </p>
|
||||
*
|
||||
* @param logoutHandlers the {@link List<LogoutHandler>}s when invoking
|
||||
* @param logoutHandlers the {@code List<LogoutHandler>}s when invoking
|
||||
* {@link HttpServletRequest#logout()}.
|
||||
*
|
||||
* @throws IllegalStateException if the Servlet 3 APIs are not found on the classpath
|
||||
|
||||
@ -102,8 +102,11 @@ public class ThrowableAnalyzer {
|
||||
/**
|
||||
* Initializes associations between <code>Throwable</code>s and
|
||||
* <code>ThrowableCauseExtractor</code>s. The default implementation performs the
|
||||
* following registrations: <li>{@link #DEFAULT_EXTRACTOR} for {@link Throwable}</li>
|
||||
* <li>{@link #INVOCATIONTARGET_EXTRACTOR} for {@link InvocationTargetException}</li> <br>
|
||||
* following registrations:
|
||||
* <ul>
|
||||
* <li>{@link #DEFAULT_EXTRACTOR} for {@link Throwable}</li>
|
||||
* <li>{@link #INVOCATIONTARGET_EXTRACTOR} for {@link InvocationTargetException}</li>
|
||||
* </ul><br>
|
||||
* Subclasses overriding this method are encouraged to invoke the super method to
|
||||
* perform the default registrations. They can register additional extractors as
|
||||
* required.
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user