Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-23 20:42:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-70: Refactor event publishing.

Browse Source
This commit is contained in:
Ben Alex 2005-11-03 06:55:47 +00:00
parent 3811200599
commit b6dbfde55c
48 changed files with 637 additions and 998 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
core/src/main/java/org/acegisecurity/providers/dao/event/AuthenticationEvent.java → core/src/main/java/org/acegisecurity/event/authentication/AbstractAuthenticationEvent.java
View File

@ -13,27 +13,15 @@
* limitations under the License. * limitations under the License.
*/ */
package net.sf.acegisecurity.providers.dao.event; package net.sf.acegisecurity.event.authentication;
import net.sf.acegisecurity.Authentication; import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.UserDetails;
import org.springframework.context.ApplicationEvent; import org.springframework.context.ApplicationEvent;
import org.springframework.util.Assert;
/** /**
* Represents a <code>net.sf.acegisecurity.provider.dao</code> application * Represents an application authentication event.
* event.
*
* <P>
* Subclasses exist for different types of authentication events. All
* authentication events relate to a particular {@link User} and are caused by
* a particular {@link Authentication} object. This is intended to permit
* logging of successful and unsuccessful login attempts, and facilitate the
* locking of accounts.
* </p>
* *
* <P> * <P>
* The <code>ApplicationEvent</code>'s <code>source</code> will be the * The <code>ApplicationEvent</code>'s <code>source</code> will be the
@ -43,20 +31,11 @@ import org.springframework.util.Assert;
* @author Ben Alex * @author Ben Alex
* @version $Id$ * @version $Id$
*/ */
public abstract class AuthenticationEvent extends ApplicationEvent { public abstract class AbstractAuthenticationEvent extends ApplicationEvent {
//~ Instance fields ========================================================
private UserDetails user;
//~ Constructors =========================================================== //~ Constructors ===========================================================
public AuthenticationEvent(Authentication authentication, UserDetails user) { public AbstractAuthenticationEvent(Authentication authentication) {
super(authentication); super(authentication);
// No need to check authentication isn't null, as done by super
Assert.notNull(user, "User is required");
this.user = user;
} }
//~ Methods ================================================================ //~ Methods ================================================================
@ -70,14 +49,4 @@ public abstract class AuthenticationEvent extends ApplicationEvent {
public Authentication getAuthentication() { public Authentication getAuthentication() {
return (Authentication) super.getSource(); return (Authentication) super.getSource();
} }
/**
* Getter for the <code>User</code> related to the
* <code>Authentication</code> attempt.
*
* @return the user
*/
public UserDetails getUser() {
return user;
}
} }

51
core/src/main/java/org/acegisecurity/event/authentication/AbstractAuthenticationFailureEvent.java Normal file
View File

@ -0,0 +1,51 @@
/* Copyright 2004, 2005 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.event.authentication;
import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.AuthenticationException;
import org.springframework.util.Assert;
/**
* Abstract application event which indicates authentication failure for some
* reason.
*
* @author Ben Alex
* @version $Id$
*/
public abstract class AbstractAuthenticationFailureEvent
extends AbstractAuthenticationEvent {
//~ Instance fields ========================================================
private AuthenticationException exception;
//~ Constructors ===========================================================
public AbstractAuthenticationFailureEvent(Authentication authentication,
AuthenticationException exception) {
super(authentication);
Assert.notNull(exception, "AuthenticationException is required");
this.exception = exception;
}
//~ Methods ================================================================
public AuthenticationException getException() {
return exception;
}
}

16
core/src/main/java/org/acegisecurity/providers/dao/event/AuthenticationFailurePasswordEvent.java → core/src/main/java/org/acegisecurity/event/authentication/AuthenticationFailureBadCredentialsEvent.java
View File

@ -13,25 +13,25 @@
* limitations under the License. * limitations under the License.
*/ */
package net.sf.acegisecurity.providers.dao.event; package net.sf.acegisecurity.event.authentication;
import net.sf.acegisecurity.Authentication; import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.UserDetails; import net.sf.acegisecurity.AuthenticationException;
/** /**
* Application event which indicates authentication failure due to invalid * Application event which indicates authentication failure due to invalid
* password. * credentials being presented.
* *
* @author Ben Alex * @author Ben Alex
* @version $Id$ * @version $Id$
*/ */
public class AuthenticationFailurePasswordEvent public class AuthenticationFailureBadCredentialsEvent
extends AuthenticationFailureEvent { extends AbstractAuthenticationFailureEvent {
//~ Constructors =========================================================== //~ Constructors ===========================================================
public AuthenticationFailurePasswordEvent(Authentication authentication, public AuthenticationFailureBadCredentialsEvent(
UserDetails user) { Authentication authentication, AuthenticationException exception) {
super(authentication, user); super(authentication, exception);
} }
} }

37
core/src/main/java/org/acegisecurity/event/authentication/AuthenticationFailureConcurrentLoginEvent.java Normal file
View File

@ -0,0 +1,37 @@
/* Copyright 2004, 2005 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.event.authentication;
import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.AuthenticationException;
/**
* Application event which indicates authentication failure due to the user
* attempting to login to too many concurrent sessions.
*
* @author Ben Alex
* @version $Id$
*/
public class AuthenticationFailureConcurrentLoginEvent
extends AbstractAuthenticationFailureEvent {
//~ Constructors ===========================================================
public AuthenticationFailureConcurrentLoginEvent(
Authentication authentication, AuthenticationException exception) {
super(authentication, exception);
}
}

10
core/src/main/java/org/acegisecurity/providers/dao/event/AuthenticationFailureCredentialsExpiredEvent.java → core/src/main/java/org/acegisecurity/event/authentication/AuthenticationFailureCredentialsExpiredEvent.java
View File

@ -13,10 +13,10 @@
* limitations under the License. * limitations under the License.
*/ */
package net.sf.acegisecurity.providers.dao.event; package net.sf.acegisecurity.event.authentication;
import net.sf.acegisecurity.Authentication; import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.UserDetails; import net.sf.acegisecurity.AuthenticationException;
/** /**
@ -27,11 +27,11 @@ import net.sf.acegisecurity.UserDetails;
* @version $Id$ * @version $Id$
*/ */
public class AuthenticationFailureCredentialsExpiredEvent public class AuthenticationFailureCredentialsExpiredEvent
extends AuthenticationFailureEvent { extends AbstractAuthenticationFailureEvent {
//~ Constructors =========================================================== //~ Constructors ===========================================================
public AuthenticationFailureCredentialsExpiredEvent( public AuthenticationFailureCredentialsExpiredEvent(
Authentication authentication, UserDetails user) { Authentication authentication, AuthenticationException exception) {
super(authentication, user); super(authentication, exception);
} }
} }

12
core/src/main/java/org/acegisecurity/providers/dao/event/AuthenticationFailureDisabledEvent.java → core/src/main/java/org/acegisecurity/event/authentication/AuthenticationFailureDisabledEvent.java
View File

@ -13,25 +13,25 @@
* limitations under the License. * limitations under the License.
*/ */
package net.sf.acegisecurity.providers.dao.event; package net.sf.acegisecurity.event.authentication;
import net.sf.acegisecurity.Authentication; import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.UserDetails; import net.sf.acegisecurity.AuthenticationException;
/** /**
* Application event which indicates authentication failure due to the user's * Application event which indicates authentication failure due to the user's
* account being locked. * account being disabled.
* *
* @author Ben Alex * @author Ben Alex
* @version $Id$ * @version $Id$
*/ */
public class AuthenticationFailureDisabledEvent public class AuthenticationFailureDisabledEvent
extends AuthenticationFailureEvent { extends AbstractAuthenticationFailureEvent {
//~ Constructors =========================================================== //~ Constructors ===========================================================
public AuthenticationFailureDisabledEvent(Authentication authentication, public AuthenticationFailureDisabledEvent(Authentication authentication,
UserDetails user) { AuthenticationException exception) {
super(authentication, user); super(authentication, exception);
} }
} }

14
core/src/main/java/org/acegisecurity/providers/dao/event/AuthenticationFailureAccountExpiredEvent.java → core/src/main/java/org/acegisecurity/event/authentication/AuthenticationFailureExpiredEvent.java
View File

@ -13,10 +13,10 @@
* limitations under the License. * limitations under the License.
*/ */
package net.sf.acegisecurity.providers.dao.event; package net.sf.acegisecurity.event.authentication;
import net.sf.acegisecurity.Authentication; import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.UserDetails; import net.sf.acegisecurity.AuthenticationException;
/** /**
@ -26,12 +26,12 @@ import net.sf.acegisecurity.UserDetails;
* @author Ben Alex * @author Ben Alex
* @version $Id$ * @version $Id$
*/ */
public class AuthenticationFailureAccountExpiredEvent public class AuthenticationFailureExpiredEvent
extends AuthenticationFailureEvent { extends AbstractAuthenticationFailureEvent {
//~ Constructors =========================================================== //~ Constructors ===========================================================
public AuthenticationFailureAccountExpiredEvent( public AuthenticationFailureExpiredEvent(Authentication authentication,
Authentication authentication, UserDetails user) { AuthenticationException exception) {
super(authentication, user); super(authentication, exception);
} }
} }

14
core/src/main/java/org/acegisecurity/providers/dao/event/AuthenticationFailureAccountLockedEvent.java → core/src/main/java/org/acegisecurity/event/authentication/AuthenticationFailureLockedEvent.java
View File

@ -13,10 +13,10 @@
* limitations under the License. * limitations under the License.
*/ */
package net.sf.acegisecurity.providers.dao.event; package net.sf.acegisecurity.event.authentication;
import net.sf.acegisecurity.Authentication; import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.UserDetails; import net.sf.acegisecurity.AuthenticationException;
/** /**
@ -26,12 +26,12 @@ import net.sf.acegisecurity.UserDetails;
* @author Ben Alex * @author Ben Alex
* @version $Id$ * @version $Id$
*/ */
public class AuthenticationFailureAccountLockedEvent public class AuthenticationFailureLockedEvent
extends AuthenticationFailureEvent { extends AbstractAuthenticationFailureEvent {
//~ Constructors =========================================================== //~ Constructors ===========================================================
public AuthenticationFailureAccountLockedEvent( public AuthenticationFailureLockedEvent(Authentication authentication,
Authentication authentication, UserDetails user) { AuthenticationException exception) {
super(authentication, user); super(authentication, exception);
} }
} }

38
core/src/main/java/org/acegisecurity/event/authentication/AuthenticationFailureProviderNotFoundEvent.java Normal file
View File

@ -0,0 +1,38 @@
/* Copyright 2004, 2005 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.event.authentication;
import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.AuthenticationException;
/**
* Application event which indicates authentication failure due to there being
* no registered <code>AuthenticationProvider</code> that can process the
* request.
*
* @author Ben Alex
* @version $Id$
*/
public class AuthenticationFailureProviderNotFoundEvent
extends AbstractAuthenticationFailureEvent {
//~ Constructors ===========================================================
public AuthenticationFailureProviderNotFoundEvent(
Authentication authentication, AuthenticationException exception) {
super(authentication, exception);
}
}

17
core/src/main/java/org/acegisecurity/providers/dao/event/AuthenticationFailureEvent.java → core/src/main/java/org/acegisecurity/event/authentication/AuthenticationFailureProxyUntrustedEvent.java
View File

@ -13,24 +13,25 @@
* limitations under the License. * limitations under the License.
*/ */
package net.sf.acegisecurity.providers.dao.event; package net.sf.acegisecurity.event.authentication;
import net.sf.acegisecurity.Authentication; import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.UserDetails; import net.sf.acegisecurity.AuthenticationException;
/** /**
* Abstract application event which indicates authentication failure for some * Application event which indicates authentication failure due to the CAS
* reason. * user's ticket being generated by an untrusted proxy.
* *
* @author Ben Alex * @author Ben Alex
* @version $Id$ * @version $Id$
*/ */
public abstract class AuthenticationFailureEvent extends AuthenticationEvent { public class AuthenticationFailureProxyUntrustedEvent
extends AbstractAuthenticationFailureEvent {
//~ Constructors =========================================================== //~ Constructors ===========================================================
public AuthenticationFailureEvent(Authentication authentication, public AuthenticationFailureProxyUntrustedEvent(
UserDetails user) { Authentication authentication, AuthenticationException exception) {
super(authentication, user); super(authentication, exception);
} }
} }

37
core/src/main/java/org/acegisecurity/event/authentication/AuthenticationFailureServiceExceptionEvent.java Normal file
View File

@ -0,0 +1,37 @@
/* Copyright 2004, 2005 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.event.authentication;
import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.AuthenticationException;
/**
* Application event which indicates authentication failure due to there being
* a problem internal to the <code>AuthenticationManager</code>.
*
* @author Ben Alex
* @version $Id$
*/
public class AuthenticationFailureServiceExceptionEvent
extends AbstractAuthenticationFailureEvent {
//~ Constructors ===========================================================
public AuthenticationFailureServiceExceptionEvent(
Authentication authentication, AuthenticationException exception) {
super(authentication, exception);
}
}

12
core/src/main/java/org/acegisecurity/providers/dao/event/AuthenticationSuccessEvent.java → core/src/main/java/org/acegisecurity/event/authentication/AuthenticationSuccessEvent.java
View File

@ -1,4 +1,4 @@
/* Copyright 2004 Acegi Technology Pty Limited /* Copyright 2004, 2005 Acegi Technology Pty Limited
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -13,10 +13,9 @@
* limitations under the License. * limitations under the License.
*/ */
package net.sf.acegisecurity.providers.dao.event; package net.sf.acegisecurity.event.authentication;
import net.sf.acegisecurity.Authentication; import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.UserDetails;
/** /**
@ -25,11 +24,10 @@ import net.sf.acegisecurity.UserDetails;
* @author Ben Alex * @author Ben Alex
* @version $Id$ * @version $Id$
*/ */
public class AuthenticationSuccessEvent extends AuthenticationEvent { public class AuthenticationSuccessEvent extends AbstractAuthenticationEvent {
//~ Constructors =========================================================== //~ Constructors ===========================================================
public AuthenticationSuccessEvent(Authentication authentication, public AuthenticationSuccessEvent(Authentication authentication) {
UserDetails user) { super(authentication);
super(authentication, user);
} }
} }

17
core/src/main/java/org/acegisecurity/providers/dao/event/AuthenticationSwitchUserEvent.java → core/src/main/java/org/acegisecurity/event/authentication/AuthenticationSwitchUserEvent.java
View File

@ -13,7 +13,7 @@
* limitations under the License. * limitations under the License.
*/ */
package net.sf.acegisecurity.providers.dao.event; package net.sf.acegisecurity.event.authentication;
import net.sf.acegisecurity.Authentication; import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.UserDetails; import net.sf.acegisecurity.UserDetails;
@ -25,19 +25,28 @@ import net.sf.acegisecurity.UserDetails;
* @author Mark St.Godard * @author Mark St.Godard
* @version $Id$ * @version $Id$
*/ */
public class AuthenticationSwitchUserEvent extends AuthenticationEvent { public class AuthenticationSwitchUserEvent extends AbstractAuthenticationEvent {
//~ Instance fields ========================================================
private UserDetails targetUser;
//~ Constructors =========================================================== //~ Constructors ===========================================================
/** /**
* Switch user context event constructor * Switch user context event constructor
* *
* @param authentication The current <code>Authentication</code> object * @param authentication The current <code>Authentication</code> object
* @param sourceUser The original user
* @param targetUser The target user * @param targetUser The target user
*/ */
public AuthenticationSwitchUserEvent(Authentication authentication, public AuthenticationSwitchUserEvent(Authentication authentication,
UserDetails targetUser) { UserDetails targetUser) {
super(authentication, targetUser); super(authentication);
this.targetUser = targetUser;
} }
//~ Methods ================================================================
public UserDetails getTargetUser() {
return targetUser;
}
} }

65
core/src/main/java/org/acegisecurity/event/authentication/LoggerListener.java Normal file
View File

@ -0,0 +1,65 @@
/* Copyright 2004, 2005 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.event.authentication;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.context.ApplicationEvent;
import org.springframework.context.ApplicationListener;
import org.springframework.util.ClassUtils;
/**
* Outputs authentication-related application events to Commons Logging.
*
* <P>
* All authentication failures are logged at the warning level, whilst
* authentication successes are logged at the information level.
* </p>
*
* @author Ben Alex
* @version $Id$
*/
public class LoggerListener implements ApplicationListener {
//~ Static fields/initializers =============================================
private static final Log logger = LogFactory.getLog(LoggerListener.class);
//~ Methods ================================================================
public void onApplicationEvent(ApplicationEvent event) {
if (event instanceof AbstractAuthenticationEvent) {
AbstractAuthenticationEvent authEvent = (AbstractAuthenticationEvent) event;
if (logger.isWarnEnabled()) {
String message = "Authentication event "
+ ClassUtils.getShortName(authEvent.getClass()) + ": "
+ authEvent.getAuthentication().getName() + "; details: "
+ authEvent.getAuthentication().getDetails();
if (event instanceof AbstractAuthenticationFailureEvent) {
message = message + "; exception: "
+ ((AbstractAuthenticationFailureEvent) event).getException()
.getMessage();
}
logger.warn(message);
}
}
}
}

2
core/src/main/java/org/acegisecurity/providers/dao/event/package.html → core/src/main/java/org/acegisecurity/event/authentication/package.html
View File

@ -2,7 +2,7 @@
<body> <body>
Enables events to be published to the Spring application context. Enables events to be published to the Spring application context.
<P>The <code>DaoAuthenticationProvider</code> automatically publishes <P>The <code>ProviderManager</code> automatically publishes
events to the application context. These events are received by all events to the application context. These events are received by all
registered Spring <code>ApplicationListener</code>s.</P> registered Spring <code>ApplicationListener</code>s.</P>
</body> </body>

8
core/src/main/java/org/acegisecurity/intercept/event/SecurityInterceptionEvent.java → core/src/main/java/org/acegisecurity/event/authorization/AbstractAuthorizationEvent.java
View File

@ -1,4 +1,4 @@
/* Copyright 2004 Acegi Technology Pty Limited /* Copyright 2004, 2005 Acegi Technology Pty Limited
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -13,7 +13,7 @@
* limitations under the License. * limitations under the License.
*/ */
package net.sf.acegisecurity.intercept.event; package net.sf.acegisecurity.event.authorization;
import org.springframework.context.ApplicationEvent; import org.springframework.context.ApplicationEvent;
@ -24,7 +24,7 @@ import org.springframework.context.ApplicationEvent;
* @author Ben Alex * @author Ben Alex
* @version $Id$ * @version $Id$
*/ */
public abstract class SecurityInterceptionEvent extends ApplicationEvent { public abstract class AbstractAuthorizationEvent extends ApplicationEvent {
//~ Constructors =========================================================== //~ Constructors ===========================================================
/** /**
@ -32,7 +32,7 @@ public abstract class SecurityInterceptionEvent extends ApplicationEvent {
* *
* @param secureObject the secure object * @param secureObject the secure object
*/ */
public SecurityInterceptionEvent(Object secureObject) { public AbstractAuthorizationEvent(Object secureObject) {
super(secureObject); super(secureObject);
} }
} }

6
core/src/main/java/org/acegisecurity/intercept/event/AuthenticationCredentialsNotFoundEvent.java → core/src/main/java/org/acegisecurity/event/authorization/AuthenticationCredentialsNotFoundEvent.java
View File

@ -1,4 +1,4 @@
/* Copyright 2004 Acegi Technology Pty Limited /* Copyright 2004, 2005 Acegi Technology Pty Limited
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -13,7 +13,7 @@
* limitations under the License. * limitations under the License.
*/ */
package net.sf.acegisecurity.intercept.event; package net.sf.acegisecurity.event.authorization;
import net.sf.acegisecurity.AuthenticationCredentialsNotFoundException; import net.sf.acegisecurity.AuthenticationCredentialsNotFoundException;
import net.sf.acegisecurity.ConfigAttributeDefinition; import net.sf.acegisecurity.ConfigAttributeDefinition;
@ -28,7 +28,7 @@ import net.sf.acegisecurity.ConfigAttributeDefinition;
* @version $Id$ * @version $Id$
*/ */
public class AuthenticationCredentialsNotFoundEvent public class AuthenticationCredentialsNotFoundEvent
extends SecurityInterceptionEvent { extends AbstractAuthorizationEvent {
//~ Instance fields ======================================================== //~ Instance fields ========================================================
private AuthenticationCredentialsNotFoundException credentialsNotFoundException; private AuthenticationCredentialsNotFoundException credentialsNotFoundException;

6
core/src/main/java/org/acegisecurity/intercept/event/AuthorizationFailureEvent.java → core/src/main/java/org/acegisecurity/event/authorization/AuthorizationFailureEvent.java
View File

@ -1,4 +1,4 @@
/* Copyright 2004 Acegi Technology Pty Limited /* Copyright 2004, 2005 Acegi Technology Pty Limited
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -13,7 +13,7 @@
* limitations under the License. * limitations under the License.
*/ */
package net.sf.acegisecurity.intercept.event; package net.sf.acegisecurity.event.authorization;
import net.sf.acegisecurity.AccessDeniedException; import net.sf.acegisecurity.AccessDeniedException;
import net.sf.acegisecurity.Authentication; import net.sf.acegisecurity.Authentication;
@ -27,7 +27,7 @@ import net.sf.acegisecurity.ConfigAttributeDefinition;
* @author Ben Alex * @author Ben Alex
* @version $Id$ * @version $Id$
*/ */
public class AuthorizationFailureEvent extends SecurityInterceptionEvent { public class AuthorizationFailureEvent extends AbstractAuthorizationEvent {
//~ Instance fields ======================================================== //~ Instance fields ========================================================
private AccessDeniedException accessDeniedException; private AccessDeniedException accessDeniedException;

6
core/src/main/java/org/acegisecurity/intercept/event/AuthorizedEvent.java → core/src/main/java/org/acegisecurity/event/authorization/AuthorizedEvent.java
View File

@ -1,4 +1,4 @@
/* Copyright 2004 Acegi Technology Pty Limited /* Copyright 2004, 2005 Acegi Technology Pty Limited
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -13,7 +13,7 @@
* limitations under the License. * limitations under the License.
*/ */
package net.sf.acegisecurity.intercept.event; package net.sf.acegisecurity.event.authorization;
import net.sf.acegisecurity.Authentication; import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.ConfigAttributeDefinition; import net.sf.acegisecurity.ConfigAttributeDefinition;
@ -29,7 +29,7 @@ import net.sf.acegisecurity.ConfigAttributeDefinition;
* @author Ben Alex * @author Ben Alex
* @version $Id$ * @version $Id$
*/ */
public class AuthorizedEvent extends SecurityInterceptionEvent { public class AuthorizedEvent extends AbstractAuthorizationEvent {
//~ Instance fields ======================================================== //~ Instance fields ========================================================
private Authentication authentication; private Authentication authentication;

17
core/src/main/java/org/acegisecurity/intercept/event/LoggerListener.java → core/src/main/java/org/acegisecurity/event/authorization/LoggerListener.java
View File

@ -1,4 +1,4 @@
/* Copyright 2004 Acegi Technology Pty Limited /* Copyright 2004, 2005 Acegi Technology Pty Limited
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -13,7 +13,7 @@
* limitations under the License. * limitations under the License.
*/ */
package net.sf.acegisecurity.intercept.event; package net.sf.acegisecurity.event.authorization;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
@ -54,19 +54,6 @@ public class LoggerListener implements ApplicationListener {
} }
} }
if (event instanceof AuthenticationFailureEvent) {
AuthenticationFailureEvent authEvent = (AuthenticationFailureEvent) event;
if (logger.isWarnEnabled()) {
logger.warn("Security authentication failed due to: "
+ authEvent.getAuthenticationException()
+ "; for authentication request: "
+ authEvent.getAuthentication() + "; secure object: "
+ authEvent.getSource() + "; configuration attributes: "
+ authEvent.getConfigAttributeDefinition());
}
}
if (event instanceof AuthorizationFailureEvent) { if (event instanceof AuthorizationFailureEvent) {
AuthorizationFailureEvent authEvent = (AuthorizationFailureEvent) event; AuthorizationFailureEvent authEvent = (AuthorizationFailureEvent) event;

6
core/src/main/java/org/acegisecurity/intercept/event/PublicInvocationEvent.java → core/src/main/java/org/acegisecurity/event/authorization/PublicInvocationEvent.java
View File

@ -1,4 +1,4 @@
/* Copyright 2004 Acegi Technology Pty Limited /* Copyright 2004, 2005 Acegi Technology Pty Limited
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -13,7 +13,7 @@
* limitations under the License. * limitations under the License.
*/ */
package net.sf.acegisecurity.intercept.event; package net.sf.acegisecurity.event.authorization;
/** /**
* Event that is generated whenever a public secure object is invoked. * Event that is generated whenever a public secure object is invoked.
@ -32,7 +32,7 @@ package net.sf.acegisecurity.intercept.event;
* @author Ben Alex * @author Ben Alex
* @version $Id$ * @version $Id$
*/ */
public class PublicInvocationEvent extends SecurityInterceptionEvent { public class PublicInvocationEvent extends AbstractAuthorizationEvent {
//~ Constructors =========================================================== //~ Constructors ===========================================================
/** /**

5
core/src/main/java/org/acegisecurity/event/authorization/package.html Normal file
View File

@ -0,0 +1,5 @@
<html>
<body>
Provides support objects for security event interception (ie authorization).
</body>
</html>

120
core/src/main/java/org/acegisecurity/intercept/AbstractSecurityInterceptor.java
View File

@ -12,6 +12,7 @@
* See the License for the specific language governing permissions and * See the License for the specific language governing permissions and
* limitations under the License. * limitations under the License.
*/ */
package net.sf.acegisecurity.intercept; package net.sf.acegisecurity.intercept;
import net.sf.acegisecurity.AccessDecisionManager; import net.sf.acegisecurity.AccessDecisionManager;
@ -25,11 +26,10 @@ import net.sf.acegisecurity.ConfigAttribute;
import net.sf.acegisecurity.ConfigAttributeDefinition; import net.sf.acegisecurity.ConfigAttributeDefinition;
import net.sf.acegisecurity.RunAsManager; import net.sf.acegisecurity.RunAsManager;
import net.sf.acegisecurity.context.SecurityContextHolder; import net.sf.acegisecurity.context.SecurityContextHolder;
import net.sf.acegisecurity.intercept.event.AuthenticationCredentialsNotFoundEvent; import net.sf.acegisecurity.event.authorization.AuthenticationCredentialsNotFoundEvent;
import net.sf.acegisecurity.intercept.event.AuthenticationFailureEvent; import net.sf.acegisecurity.event.authorization.AuthorizationFailureEvent;
import net.sf.acegisecurity.intercept.event.AuthorizationFailureEvent; import net.sf.acegisecurity.event.authorization.AuthorizedEvent;
import net.sf.acegisecurity.intercept.event.AuthorizedEvent; import net.sf.acegisecurity.event.authorization.PublicInvocationEvent;
import net.sf.acegisecurity.intercept.event.PublicInvocationEvent;
import net.sf.acegisecurity.runas.NullRunAsManager; import net.sf.acegisecurity.runas.NullRunAsManager;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
@ -50,16 +50,16 @@ import java.util.Set;
/** /**
* Abstract class that implements security interception for secure objects. * Abstract class that implements security interception for secure objects.
* *
* <P> * <P>
* The <code>AbstractSecurityInterceptor</code> will ensure the proper startup * The <code>AbstractSecurityInterceptor</code> will ensure the proper startup
* configuration of the security interceptor. It will also implement the * configuration of the security interceptor. It will also implement the
* proper handling of secure object invocations, being: * proper handling of secure object invocations, being:
* *
* <ol> * <ol>
* <li> * <li>
* Obtain the {@link Authentication} object from the * Obtain the {@link Authentication} object from the {@link
* {@link SecurityContextHolder}. * SecurityContextHolder}.
* </li> * </li>
* <li> * <li>
* Determine if the request relates to a secured or public invocation by * Determine if the request relates to a secured or public invocation by
@ -69,7 +69,7 @@ import java.util.Set;
* <li> * <li>
* For an invocation that is secured (there is a * For an invocation that is secured (there is a
* <code>ConfigAttributeDefinition</code> for the secure object invocation): * <code>ConfigAttributeDefinition</code> for the secure object invocation):
* *
* <ol type="a"> * <ol type="a">
* <li> * <li>
* If either the {@link net.sf.acegisecurity.Authentication#isAuthenticated()} * If either the {@link net.sf.acegisecurity.Authentication#isAuthenticated()}
@ -108,12 +108,12 @@ import java.util.Set;
* caller. * caller.
* </li> * </li>
* </ol> * </ol>
* *
* </li> * </li>
* <li> * <li>
* For an invocation that is public (there is no * For an invocation that is public (there is no
* <code>ConfigAttributeDefinition</code> for the secure object invocation): * <code>ConfigAttributeDefinition</code> for the secure object invocation):
* *
* <ol type="a"> * <ol type="a">
* <li> * <li>
* As described above, the concrete subclass will be returned an * As described above, the concrete subclass will be returned an
@ -124,7 +124,7 @@ import java.util.Set;
* Object)} is called. * Object)} is called.
* </li> * </li>
* </ol> * </ol>
* *
* </li> * </li>
* <li> * <li>
* Control again returns to the concrete subclass, along with the * Control again returns to the concrete subclass, along with the
@ -139,7 +139,12 @@ import java.util.Set;
*/ */
public abstract class AbstractSecurityInterceptor implements InitializingBean, public abstract class AbstractSecurityInterceptor implements InitializingBean,
ApplicationContextAware { ApplicationContextAware {
//~ Static fields/initializers =============================================
protected static final Log logger = LogFactory.getLog(AbstractSecurityInterceptor.class); protected static final Log logger = LogFactory.getLog(AbstractSecurityInterceptor.class);
//~ Instance fields ========================================================
private AccessDecisionManager accessDecisionManager; private AccessDecisionManager accessDecisionManager;
private AfterInvocationManager afterInvocationManager; private AfterInvocationManager afterInvocationManager;
private ApplicationContext context; private ApplicationContext context;
@ -148,6 +153,8 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean,
private boolean alwaysReauthenticate = false; private boolean alwaysReauthenticate = false;
private boolean validateConfigAttributes = true; private boolean validateConfigAttributes = true;
//~ Methods ================================================================
public void setAfterInvocationManager( public void setAfterInvocationManager(
AfterInvocationManager afterInvocationManager) { AfterInvocationManager afterInvocationManager) {
this.afterInvocationManager = afterInvocationManager; this.afterInvocationManager = afterInvocationManager;
@ -245,27 +252,27 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean,
if (!this.obtainObjectDefinitionSource().supports(getSecureObjectClass())) { if (!this.obtainObjectDefinitionSource().supports(getSecureObjectClass())) {
throw new IllegalArgumentException( throw new IllegalArgumentException(
"ObjectDefinitionSource does not support secure object class: " + "ObjectDefinitionSource does not support secure object class: "
getSecureObjectClass()); + getSecureObjectClass());
} }
if (!this.runAsManager.supports(getSecureObjectClass())) { if (!this.runAsManager.supports(getSecureObjectClass())) {
throw new IllegalArgumentException( throw new IllegalArgumentException(
"RunAsManager does not support secure object class: " + "RunAsManager does not support secure object class: "
getSecureObjectClass()); + getSecureObjectClass());
} }
if (!this.accessDecisionManager.supports(getSecureObjectClass())) { if (!this.accessDecisionManager.supports(getSecureObjectClass())) {
throw new IllegalArgumentException( throw new IllegalArgumentException(
"AccessDecisionManager does not support secure object class: " + "AccessDecisionManager does not support secure object class: "
getSecureObjectClass()); + getSecureObjectClass());
} }
if ((this.afterInvocationManager != null) && if ((this.afterInvocationManager != null)
!this.afterInvocationManager.supports(getSecureObjectClass())) { && !this.afterInvocationManager.supports(getSecureObjectClass())) {
throw new IllegalArgumentException( throw new IllegalArgumentException(
"AfterInvocationManager does not support secure object class: " + "AfterInvocationManager does not support secure object class: "
getSecureObjectClass()); + getSecureObjectClass());
} }
if (this.validateConfigAttributes) { if (this.validateConfigAttributes) {
@ -281,16 +288,18 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean,
Set set = new HashSet(); Set set = new HashSet();
while (iter.hasNext()) { while (iter.hasNext()) {
ConfigAttributeDefinition def = (ConfigAttributeDefinition) iter.next(); ConfigAttributeDefinition def = (ConfigAttributeDefinition) iter
.next();
Iterator attributes = def.getConfigAttributes(); Iterator attributes = def.getConfigAttributes();
while (attributes.hasNext()) { while (attributes.hasNext()) {
ConfigAttribute attr = (ConfigAttribute) attributes.next(); ConfigAttribute attr = (ConfigAttribute) attributes
.next();
if (!this.runAsManager.supports(attr) && if (!this.runAsManager.supports(attr)
!this.accessDecisionManager.supports(attr) && && !this.accessDecisionManager.supports(attr)
((this.afterInvocationManager == null) || && ((this.afterInvocationManager == null)
!this.afterInvocationManager.supports(attr))) { || !this.afterInvocationManager.supports(attr))) {
set.add(attr); set.add(attr);
} }
} }
@ -302,8 +311,8 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean,
} }
} else { } else {
throw new IllegalArgumentException( throw new IllegalArgumentException(
"Unsupported configuration attributes: " + "Unsupported configuration attributes: "
set.toString()); + set.toString());
} }
} }
} }
@ -330,16 +339,18 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean,
if (token.isContextHolderRefreshRequired()) { if (token.isContextHolderRefreshRequired()) {
if (logger.isDebugEnabled()) { if (logger.isDebugEnabled()) {
logger.debug("Reverting to original Authentication: " + logger.debug("Reverting to original Authentication: "
token.getAuthentication().toString()); + token.getAuthentication().toString());
} }
SecurityContextHolder.getContext().setAuthentication(token.getAuthentication()); SecurityContextHolder.getContext().setAuthentication(token
.getAuthentication());
} }
if (afterInvocationManager != null) { if (afterInvocationManager != null) {
returnedObject = afterInvocationManager.decide(token.getAuthentication(), returnedObject = afterInvocationManager.decide(token
token.getSecureObject(), token.getAttr(), returnedObject); .getAuthentication(), token.getSecureObject(),
token.getAttr(), returnedObject);
} }
return returnedObject; return returnedObject;
@ -348,18 +359,18 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean,
protected InterceptorStatusToken beforeInvocation(Object object) { protected InterceptorStatusToken beforeInvocation(Object object) {
Assert.notNull(object, "Object was null"); Assert.notNull(object, "Object was null");
Assert.isTrue(getSecureObjectClass().isAssignableFrom(object.getClass()), Assert.isTrue(getSecureObjectClass().isAssignableFrom(object.getClass()),
"Security invocation attempted for object " + "Security invocation attempted for object "
object.getClass().getName() + + object.getClass().getName()
" but AbstractSecurityInterceptor only configured to support secure objects of type: " + + " but AbstractSecurityInterceptor only configured to support secure objects of type: "
getSecureObjectClass()); + getSecureObjectClass());
ConfigAttributeDefinition attr = this.obtainObjectDefinitionSource() ConfigAttributeDefinition attr = this.obtainObjectDefinitionSource()
.getAttributes(object); .getAttributes(object);
if (attr != null) { if (attr != null) {
if (logger.isDebugEnabled()) { if (logger.isDebugEnabled()) {
logger.debug("Secure object: " + object.toString() + logger.debug("Secure object: " + object.toString()
"; ConfigAttributes: " + attr.toString()); + "; ConfigAttributes: " + attr.toString());
} }
// We check for just the property we're interested in (we do // We check for just the property we're interested in (we do
@ -373,26 +384,19 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean,
Authentication authenticated; Authentication authenticated;
if (!SecurityContextHolder.getContext().getAuthentication() if (!SecurityContextHolder.getContext().getAuthentication()
.isAuthenticated() || .isAuthenticated()
alwaysReauthenticate) { || alwaysReauthenticate) {
try { try {
authenticated = this.authenticationManager.authenticate(SecurityContextHolder.getContext() authenticated = this.authenticationManager.authenticate(SecurityContextHolder.getContext()
.getAuthentication()); .getAuthentication());
} catch (AuthenticationException authenticationException) { } catch (AuthenticationException authenticationException) {
AuthenticationFailureEvent event = new AuthenticationFailureEvent(object,
attr,
SecurityContextHolder.getContext()
.getAuthentication(),
authenticationException);
this.context.publishEvent(event);
throw authenticationException; throw authenticationException;
} }
// We don't authenticated.setAuthentication(true), because each provider should do that // We don't authenticated.setAuthentication(true), because each provider should do that
if (logger.isDebugEnabled()) { if (logger.isDebugEnabled()) {
logger.debug("Successfully Authenticated: " + logger.debug("Successfully Authenticated: "
authenticated.toString()); + authenticated.toString());
} }
SecurityContextHolder.getContext().setAuthentication(authenticated); SecurityContextHolder.getContext().setAuthentication(authenticated);
@ -401,8 +405,8 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean,
.getAuthentication(); .getAuthentication();
if (logger.isDebugEnabled()) { if (logger.isDebugEnabled()) {
logger.debug("Previously Authenticated: " + logger.debug("Previously Authenticated: "
authenticated.toString()); + authenticated.toString());
} }
} }
@ -439,8 +443,8 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean,
object); // no further work post-invocation object); // no further work post-invocation
} else { } else {
if (logger.isDebugEnabled()) { if (logger.isDebugEnabled()) {
logger.debug("Switching to RunAs Authentication: " + logger.debug("Switching to RunAs Authentication: "
runAs.toString()); + runAs.toString());
} }
SecurityContextHolder.getContext().setAuthentication(runAs); SecurityContextHolder.getContext().setAuthentication(runAs);
@ -462,7 +466,7 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean,
/** /**
* Helper method which generates an exception containing the passed reason, * Helper method which generates an exception containing the passed reason,
* and publishes an event to the application context. * and publishes an event to the application context.
* *
* <P> * <P>
* Always throws an exception. * Always throws an exception.
* </p> * </p>

79
core/src/main/java/org/acegisecurity/intercept/event/AuthenticationFailureEvent.java
View File

@ -1,79 +0,0 @@
/* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.intercept.event;
import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.AuthenticationException;
import net.sf.acegisecurity.ConfigAttributeDefinition;
/**
* Indicates a secure object invocation failed because the principal could not
* be authenticated.
*
* @author Ben Alex
* @version $Id$
*/
public class AuthenticationFailureEvent extends SecurityInterceptionEvent {
//~ Instance fields ========================================================
private Authentication authentication;
private AuthenticationException authenticationException;
private ConfigAttributeDefinition configAttributeDefinition;
//~ Constructors ===========================================================
/**
* Construct the event.
*
* @param secureObject the secure object
* @param configAttribs that apply to the secure object
* @param authentication that was found on the <code>ContextHolder</code>
* @param authenticationException that was returned by the
* <code>AuthenticationManager</code>
*
* @throws IllegalArgumentException DOCUMENT ME!
*/
public AuthenticationFailureEvent(Object secureObject,
ConfigAttributeDefinition configAttribs, Authentication authentication,
AuthenticationException authenticationException) {
super(secureObject);
if ((configAttribs == null) || (authentication == null)
|| (authenticationException == null)) {
throw new IllegalArgumentException(
"All parameters are required and cannot be null");
}
this.configAttributeDefinition = configAttribs;
this.authentication = authentication;
this.authenticationException = authenticationException;
}
//~ Methods ================================================================
public Authentication getAuthentication() {
return authentication;
}
public AuthenticationException getAuthenticationException() {
return authenticationException;
}
public ConfigAttributeDefinition getConfigAttributeDefinition() {
return configAttributeDefinition;
}
}

5
core/src/main/java/org/acegisecurity/intercept/event/package.html
View File

@ -1,5 +0,0 @@
<html>
<body>
Provides support objects for security event interception.
</body>
</html>

103
core/src/main/java/org/acegisecurity/providers/ProviderManager.java
View File

@ -15,19 +15,43 @@
package net.sf.acegisecurity.providers; package net.sf.acegisecurity.providers;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import net.sf.acegisecurity.AbstractAuthenticationManager; import net.sf.acegisecurity.AbstractAuthenticationManager;
import net.sf.acegisecurity.AccountExpiredException;
import net.sf.acegisecurity.Authentication; import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.AuthenticationException; import net.sf.acegisecurity.AuthenticationException;
import net.sf.acegisecurity.AuthenticationServiceException;
import net.sf.acegisecurity.BadCredentialsException;
import net.sf.acegisecurity.CredentialsExpiredException;
import net.sf.acegisecurity.DisabledException;
import net.sf.acegisecurity.LockedException;
import net.sf.acegisecurity.concurrent.ConcurrentLoginException;
import net.sf.acegisecurity.concurrent.ConcurrentSessionController; import net.sf.acegisecurity.concurrent.ConcurrentSessionController;
import net.sf.acegisecurity.concurrent.NullConcurrentSessionController; import net.sf.acegisecurity.concurrent.NullConcurrentSessionController;
import net.sf.acegisecurity.event.authentication.AbstractAuthenticationEvent;
import net.sf.acegisecurity.event.authentication.AuthenticationFailureBadCredentialsEvent;
import net.sf.acegisecurity.event.authentication.AuthenticationFailureConcurrentLoginEvent;
import net.sf.acegisecurity.event.authentication.AuthenticationFailureCredentialsExpiredEvent;
import net.sf.acegisecurity.event.authentication.AuthenticationFailureDisabledEvent;
import net.sf.acegisecurity.event.authentication.AuthenticationFailureExpiredEvent;
import net.sf.acegisecurity.event.authentication.AuthenticationFailureLockedEvent;
import net.sf.acegisecurity.event.authentication.AuthenticationFailureProviderNotFoundEvent;
import net.sf.acegisecurity.event.authentication.AuthenticationFailureProxyUntrustedEvent;
import net.sf.acegisecurity.event.authentication.AuthenticationFailureServiceExceptionEvent;
import net.sf.acegisecurity.event.authentication.AuthenticationSuccessEvent;
import net.sf.acegisecurity.providers.cas.ProxyUntrustedException;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean; import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.ApplicationEventPublisher;
import java.util.Iterator; import org.springframework.context.ApplicationEventPublisherAware;
import java.util.List; import org.springframework.util.Assert;
/** /**
@ -51,6 +75,18 @@ import java.util.List;
* <code>Authentication</code>, the <code>ProviderManager</code> will throw a * <code>Authentication</code>, the <code>ProviderManager</code> will throw a
* <code>ProviderNotFoundException</code>. * <code>ProviderNotFoundException</code>.
* </p> * </p>
*
* <p>If a valid <code>Authentication</code> is returned by an <code>AuthenticationProvider</code>,
* the <code>ProviderManager</code> will publish an
* {@link net.sf.acegisecurity.event.authentication.AuthenticationSuccessEvent}. If an
* <code>AuthenticationException</code> is detected, the final <code>AuthenticationException</code> thrown
* will be used to publish an appropriate failure event. By default <code>ProviderManager</code>
* maps common exceptions to events, but this can be fine-tuned by providing a new
* <code>exceptionMappings</code> <code>java.util.Properties</code> object. In the
* properties object, each of the keys represent the fully qualified classname of
* the exception, and each of the values represent the name of an event class which subclasses
* {@link net.sf.acegisecurity.event.authentication.AbstractAuthenticationFailureEvent} and
* provides its constructor.
* *
* @author Ben Alex * @author Ben Alex
* @author Wesley Hall * @author Wesley Hall
@ -60,7 +96,7 @@ import java.util.List;
* @see ConcurrentSessionController * @see ConcurrentSessionController
*/ */
public class ProviderManager extends AbstractAuthenticationManager public class ProviderManager extends AbstractAuthenticationManager
implements InitializingBean { implements InitializingBean, ApplicationEventPublisherAware {
//~ Static fields/initializers ============================================= //~ Static fields/initializers =============================================
private static final Log logger = LogFactory.getLog(ProviderManager.class); private static final Log logger = LogFactory.getLog(ProviderManager.class);
@ -69,6 +105,8 @@ public class ProviderManager extends AbstractAuthenticationManager
private ConcurrentSessionController sessionController = new NullConcurrentSessionController(); private ConcurrentSessionController sessionController = new NullConcurrentSessionController();
private List providers; private List providers;
private Properties exceptionMappings;
private ApplicationEventPublisher applicationEventPublisher;
//~ Methods ================================================================ //~ Methods ================================================================
@ -131,7 +169,28 @@ public class ProviderManager extends AbstractAuthenticationManager
public void afterPropertiesSet() throws Exception { public void afterPropertiesSet() throws Exception {
checkIfValidList(this.providers); checkIfValidList(this.providers);
if (exceptionMappings == null) {
exceptionMappings = new Properties();
exceptionMappings.put(AccountExpiredException.class.getName(), AuthenticationFailureExpiredEvent.class.getName());
exceptionMappings.put(AuthenticationServiceException.class.getName(), AuthenticationFailureServiceExceptionEvent.class.getName());
exceptionMappings.put(LockedException.class.getName(), AuthenticationFailureLockedEvent.class.getName());
exceptionMappings.put(CredentialsExpiredException.class.getName(), AuthenticationFailureCredentialsExpiredEvent.class.getName());
exceptionMappings.put(DisabledException.class.getName(), AuthenticationFailureDisabledEvent.class.getName());
exceptionMappings.put(BadCredentialsException.class.getName(), AuthenticationFailureBadCredentialsEvent.class.getName());
exceptionMappings.put(ConcurrentLoginException.class.getName(), AuthenticationFailureConcurrentLoginEvent.class.getName());
exceptionMappings.put(ProviderNotFoundException.class.getName(), AuthenticationFailureProviderNotFoundEvent.class.getName());
exceptionMappings.put(ProxyUntrustedException.class.getName(), AuthenticationFailureProxyUntrustedEvent.class.getName());
doAddExtraDefaultExceptionMappings(exceptionMappings);
}
} }
/**
* Provided so subclasses can add extra exception mappings during startup if no
* exception mappings are injected by the IoC container.
*
* @param exceptionMappings the properties object, which already has entries in it
*/
protected void doAddExtraDefaultExceptionMappings(Properties exceptionMappings) {}
/** /**
* Attempts to authenticate the passed {@link Authentication} object. * Attempts to authenticate the passed {@link Authentication} object.
@ -186,18 +245,38 @@ public class ProviderManager extends AbstractAuthenticationManager
if (result != null) { if (result != null) {
sessionController.registerSuccessfulAuthentication(result); sessionController.registerSuccessfulAuthentication(result);
applicationEventPublisher.publishEvent(new AuthenticationSuccessEvent(result));
return result; return result;
} }
} }
} }
if (lastException != null) { if (lastException == null) {
throw lastException; lastException = new ProviderNotFoundException("No authentication provider for " + toTest.getName());
} }
throw new ProviderNotFoundException("No authentication provider for " // Publish the event
+ toTest.getName()); String className = exceptionMappings.getProperty(lastException.getClass().getName());
AbstractAuthenticationEvent event = null;
if (className != null) {
try {
Class clazz = getClass().getClassLoader().loadClass(className);
Constructor constructor = clazz.getConstructor(new Class[] {Authentication.class, AuthenticationException.class});
Object obj = constructor.newInstance(new Object[] {authentication, lastException});
Assert.isInstanceOf(AbstractAuthenticationEvent.class, obj, "Must be an AbstractAuthenticationEvent");
event = (AbstractAuthenticationEvent) obj;
} catch (ClassNotFoundException ignored) {
} catch (NoSuchMethodException ignored) {
} catch (IllegalAccessException ignored) {
} catch (InstantiationException ignored) {
} catch (InvocationTargetException ignored) {
}
}
Assert.notNull(event, "A valid event must be available for the exception " + lastException.getClass().getName());
applicationEventPublisher.publishEvent(event);
// Throw the exception
throw lastException;
} }
private void checkIfValidList(List listToCheck) { private void checkIfValidList(List listToCheck) {
@ -206,4 +285,8 @@ public class ProviderManager extends AbstractAuthenticationManager
"A list of AuthenticationManagers is required"); "A list of AuthenticationManagers is required");
} }
} }
public void setApplicationEventPublisher(ApplicationEventPublisher applicationEventPublisher) {
this.applicationEventPublisher = applicationEventPublisher;
}
} }

89
core/src/main/java/org/acegisecurity/providers/dao/DaoAuthenticationProvider.java
View File

@ -22,29 +22,18 @@ import net.sf.acegisecurity.AuthenticationServiceException;
import net.sf.acegisecurity.BadCredentialsException; import net.sf.acegisecurity.BadCredentialsException;
import net.sf.acegisecurity.CredentialsExpiredException; import net.sf.acegisecurity.CredentialsExpiredException;
import net.sf.acegisecurity.DisabledException; import net.sf.acegisecurity.DisabledException;
import net.sf.acegisecurity.GrantedAuthority;
import net.sf.acegisecurity.LockedException; import net.sf.acegisecurity.LockedException;
import net.sf.acegisecurity.UserDetails; import net.sf.acegisecurity.UserDetails;
import net.sf.acegisecurity.providers.AuthenticationProvider; import net.sf.acegisecurity.providers.AuthenticationProvider;
import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken; import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import net.sf.acegisecurity.providers.dao.cache.NullUserCache; import net.sf.acegisecurity.providers.dao.cache.NullUserCache;
import net.sf.acegisecurity.providers.dao.event.AuthenticationFailureAccountExpiredEvent;
import net.sf.acegisecurity.providers.dao.event.AuthenticationFailureAccountLockedEvent;
import net.sf.acegisecurity.providers.dao.event.AuthenticationFailureCredentialsExpiredEvent;
import net.sf.acegisecurity.providers.dao.event.AuthenticationFailureDisabledEvent;
import net.sf.acegisecurity.providers.dao.event.AuthenticationFailurePasswordEvent;
import net.sf.acegisecurity.providers.dao.event.AuthenticationFailureUsernameNotFoundEvent;
import net.sf.acegisecurity.providers.dao.event.AuthenticationSuccessEvent;
import net.sf.acegisecurity.providers.encoding.PasswordEncoder; import net.sf.acegisecurity.providers.encoding.PasswordEncoder;
import net.sf.acegisecurity.providers.encoding.PlaintextPasswordEncoder; import net.sf.acegisecurity.providers.encoding.PlaintextPasswordEncoder;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.InitializingBean; import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import org.springframework.dao.DataAccessException; import org.springframework.dao.DataAccessException;
import org.springframework.util.Assert; import org.springframework.util.Assert;
@ -83,23 +72,14 @@ import org.springframework.util.Assert;
* incorrect password, the {@link AuthenticationDao} will be queried to * incorrect password, the {@link AuthenticationDao} will be queried to
* confirm the most up-to-date password was used for comparison. * confirm the most up-to-date password was used for comparison.
* </p> * </p>
*
* <P>
* If an application context is detected (which is automatically the case when
* the bean is started within a Spring container), application events will be
* published to the context. See {@link
* net.sf.acegisecurity.providers.dao.event.AuthenticationEvent} for further
* information.
* </p>
* *
* @author Ben Alex * @author Ben Alex
* @version $Id$ * @version $Id$
*/ */
public class DaoAuthenticationProvider implements AuthenticationProvider, public class DaoAuthenticationProvider implements AuthenticationProvider,
InitializingBean, ApplicationContextAware { InitializingBean {
//~ Instance fields ======================================================== //~ Instance fields ========================================================
private ApplicationContext context;
private AuthenticationDao authenticationDao; private AuthenticationDao authenticationDao;
private PasswordEncoder passwordEncoder = new PlaintextPasswordEncoder(); private PasswordEncoder passwordEncoder = new PlaintextPasswordEncoder();
private SaltSource saltSource; private SaltSource saltSource;
@ -109,11 +89,6 @@ public class DaoAuthenticationProvider implements AuthenticationProvider,
//~ Methods ================================================================ //~ Methods ================================================================
public void setApplicationContext(ApplicationContext applicationContext)
throws BeansException {
this.context = applicationContext;
}
public void setAuthenticationDao(AuthenticationDao authenticationDao) { public void setAuthenticationDao(AuthenticationDao authenticationDao) {
this.authenticationDao = authenticationDao; this.authenticationDao = authenticationDao;
} }
@ -122,10 +97,6 @@ public class DaoAuthenticationProvider implements AuthenticationProvider,
return authenticationDao; return authenticationDao;
} }
public ApplicationContext getContext() {
return context;
}
public void setForcePrincipalAsString(boolean forcePrincipalAsString) { public void setForcePrincipalAsString(boolean forcePrincipalAsString) {
this.forcePrincipalAsString = forcePrincipalAsString; this.forcePrincipalAsString = forcePrincipalAsString;
} }
@ -140,7 +111,7 @@ public class DaoAuthenticationProvider implements AuthenticationProvider,
* password is incorrect. Setting this property to <code>false</code> will * password is incorrect. Setting this property to <code>false</code> will
* cause <code>UsernameNotFoundException</code>s to be thrown instead for * cause <code>UsernameNotFoundException</code>s to be thrown instead for
* the former. Note this is considered less secure than throwing * the former. Note this is considered less secure than throwing
* <code>BadCredentialsException</code> for both events. * <code>BadCredentialsException</code> for both exceptions.
* *
* @param hideUserNotFoundExceptions set to <code>false</code> if you wish * @param hideUserNotFoundExceptions set to <code>false</code> if you wish
* <code>UsernameNotFoundException</code>s to be thrown instead of * <code>UsernameNotFoundException</code>s to be thrown instead of
@ -197,7 +168,8 @@ public class DaoAuthenticationProvider implements AuthenticationProvider,
} }
public void afterPropertiesSet() throws Exception { public void afterPropertiesSet() throws Exception {
Assert.notNull(this.authenticationDao, "An Authentication DAO must be set"); Assert.notNull(this.authenticationDao,
"An Authentication DAO must be set");
Assert.notNull(this.userCache, "A user cache must be set"); Assert.notNull(this.userCache, "A user cache must be set");
} }
@ -220,29 +192,10 @@ public class DaoAuthenticationProvider implements AuthenticationProvider,
if (user == null) { if (user == null) {
cacheWasUsed = false; cacheWasUsed = false;
user = getUserFromBackend(username);
try {
user = getUserFromBackend(username);
} catch (BadCredentialsException ex) {
if (this.context != null) {
context.publishEvent(new AuthenticationFailureUsernameNotFoundEvent(
authentication,
new User("".equals(username)
? "EMPTY_STRING_PROVIDED" : username, "*****",
false, false, false, false,
new GrantedAuthority[0])));
}
throw ex;
}
} }
if (!user.isAccountNonLocked()) { if (!user.isAccountNonLocked()) {
if (this.context != null) {
context.publishEvent(new AuthenticationFailureAccountLockedEvent(
authentication, user));
}
throw new LockedException("User account is locked"); throw new LockedException("User account is locked");
} }
@ -254,52 +207,26 @@ public class DaoAuthenticationProvider implements AuthenticationProvider,
} }
if (!isPasswordCorrect(authentication, user)) { if (!isPasswordCorrect(authentication, user)) {
if (this.context != null) {
context.publishEvent(new AuthenticationFailurePasswordEvent(
authentication, user));
}
throw new BadCredentialsException("Bad credentials presented"); throw new BadCredentialsException("Bad credentials presented");
} }
} }
if (!user.isEnabled()) { if (!user.isEnabled()) {
if (this.context != null) {
context.publishEvent(new AuthenticationFailureDisabledEvent(
authentication, user));
}
throw new DisabledException("User is disabled"); throw new DisabledException("User is disabled");
} }
if (!user.isAccountNonExpired()) { if (!user.isAccountNonExpired()) {
if (this.context != null) {
context.publishEvent(new AuthenticationFailureAccountExpiredEvent(
authentication, user));
}
throw new AccountExpiredException("User account has expired"); throw new AccountExpiredException("User account has expired");
} }
if (!user.isCredentialsNonExpired()) { if (!user.isCredentialsNonExpired()) {
if (this.context != null) {
context.publishEvent(new AuthenticationFailureCredentialsExpiredEvent(
authentication, user));
}
throw new CredentialsExpiredException( throw new CredentialsExpiredException(
"User credentials have expired"); "User credentials have expired");
} }
if (!cacheWasUsed) { if (!cacheWasUsed) {
// Put into cache // Put into cache
this.userCache.putUserInCache(user); this.userCache.putUserInCache(user);
// As this appears to be an initial login, publish the event
if (this.context != null) {
context.publishEvent(new AuthenticationSuccessEvent(
authentication, user));
}
} }
Object principalToReturn = user; Object principalToReturn = user;

76
core/src/main/java/org/acegisecurity/providers/dao/PasswordDaoAuthenticationProvider.java
View File

@ -19,29 +19,18 @@ import net.sf.acegisecurity.AccountExpiredException;
import net.sf.acegisecurity.Authentication; import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.AuthenticationException; import net.sf.acegisecurity.AuthenticationException;
import net.sf.acegisecurity.AuthenticationServiceException; import net.sf.acegisecurity.AuthenticationServiceException;
import net.sf.acegisecurity.BadCredentialsException;
import net.sf.acegisecurity.CredentialsExpiredException; import net.sf.acegisecurity.CredentialsExpiredException;
import net.sf.acegisecurity.DisabledException; import net.sf.acegisecurity.DisabledException;
import net.sf.acegisecurity.GrantedAuthority;
import net.sf.acegisecurity.LockedException; import net.sf.acegisecurity.LockedException;
import net.sf.acegisecurity.UserDetails; import net.sf.acegisecurity.UserDetails;
import net.sf.acegisecurity.providers.AuthenticationProvider; import net.sf.acegisecurity.providers.AuthenticationProvider;
import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken; import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import net.sf.acegisecurity.providers.dao.cache.NullUserCache; import net.sf.acegisecurity.providers.dao.cache.NullUserCache;
import net.sf.acegisecurity.providers.dao.event.AuthenticationFailureAccountExpiredEvent;
import net.sf.acegisecurity.providers.dao.event.AuthenticationFailureAccountLockedEvent;
import net.sf.acegisecurity.providers.dao.event.AuthenticationFailureCredentialsExpiredEvent;
import net.sf.acegisecurity.providers.dao.event.AuthenticationFailureDisabledEvent;
import net.sf.acegisecurity.providers.dao.event.AuthenticationFailureUsernameOrPasswordEvent;
import net.sf.acegisecurity.providers.dao.event.AuthenticationSuccessEvent;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.InitializingBean; import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import org.springframework.dao.DataAccessException; import org.springframework.dao.DataAccessException;
import org.springframework.util.Assert; import org.springframework.util.Assert;
@ -90,32 +79,22 @@ import org.springframework.util.Assert;
* If an application context is detected (which is automatically the case when * If an application context is detected (which is automatically the case when
* the bean is started within a Spring container), application events will be * the bean is started within a Spring container), application events will be
* published to the context. See {@link * published to the context. See {@link
* net.sf.acegisecurity.providers.dao.event.AuthenticationEvent} for further * net.sf.acegisecurity.event.authentication.AbstractAuthenticationEvent} for
* information. * further information.
* </p> * </p>
* *
* @author Karel Miarka * @author Karel Miarka
*/ */
public class PasswordDaoAuthenticationProvider implements AuthenticationProvider, public class PasswordDaoAuthenticationProvider implements AuthenticationProvider,
InitializingBean, ApplicationContextAware { InitializingBean {
//~ Instance fields ======================================================== //~ Instance fields ========================================================
private ApplicationContext context;
private PasswordAuthenticationDao authenticationDao; private PasswordAuthenticationDao authenticationDao;
private UserCache userCache = new NullUserCache(); private UserCache userCache = new NullUserCache();
private boolean forcePrincipalAsString = false; private boolean forcePrincipalAsString = false;
//~ Methods ================================================================ //~ Methods ================================================================
public void setApplicationContext(ApplicationContext applicationContext)
throws BeansException {
this.context = applicationContext;
}
public ApplicationContext getContext() {
return context;
}
public void setForcePrincipalAsString(boolean forcePrincipalAsString) { public void setForcePrincipalAsString(boolean forcePrincipalAsString) {
this.forcePrincipalAsString = forcePrincipalAsString; this.forcePrincipalAsString = forcePrincipalAsString;
} }
@ -142,7 +121,8 @@ public class PasswordDaoAuthenticationProvider implements AuthenticationProvider
} }
public void afterPropertiesSet() throws Exception { public void afterPropertiesSet() throws Exception {
Assert.notNull(this.authenticationDao, "A Password authentication DAO must be set"); Assert.notNull(this.authenticationDao,
"A Password authentication DAO must be set");
Assert.notNull(this.userCache, "A user cache must be set"); Assert.notNull(this.userCache, "A user cache must be set");
} }
@ -169,58 +149,22 @@ public class PasswordDaoAuthenticationProvider implements AuthenticationProvider
if (user == null) { if (user == null) {
cacheWasUsed = false; cacheWasUsed = false;
user = getUserFromBackend(username, password);
try {
user = getUserFromBackend(username, password);
} catch (BadCredentialsException ex) {
if (this.context != null) {
if ((username == null) || "".equals(username)) {
username = "NONE_PROVIDED";
}
context.publishEvent(new AuthenticationFailureUsernameOrPasswordEvent(
authentication,
new User(username, "*****", false, false, false,
false, new GrantedAuthority[0])));
}
throw ex;
}
} }
if (!user.isEnabled()) { if (!user.isEnabled()) {
if (this.context != null) {
context.publishEvent(new AuthenticationFailureDisabledEvent(
authentication, user));
}
throw new DisabledException("User is disabled"); throw new DisabledException("User is disabled");
} }
if (!user.isAccountNonExpired()) { if (!user.isAccountNonExpired()) {
if (this.context != null) {
context.publishEvent(new AuthenticationFailureAccountExpiredEvent(
authentication, user));
}
throw new AccountExpiredException("User account has expired"); throw new AccountExpiredException("User account has expired");
} }
if (!user.isAccountNonLocked()) { if (!user.isAccountNonLocked()) {
if (this.context != null) {
context.publishEvent(new AuthenticationFailureAccountLockedEvent(
authentication, user));
}
throw new LockedException("User account is locked"); throw new LockedException("User account is locked");
} }
if (!user.isCredentialsNonExpired()) { if (!user.isCredentialsNonExpired()) {
if (this.context != null) {
context.publishEvent(new AuthenticationFailureCredentialsExpiredEvent(
authentication, user));
}
throw new CredentialsExpiredException( throw new CredentialsExpiredException(
"User credentials have expired"); "User credentials have expired");
} }
@ -228,12 +172,6 @@ public class PasswordDaoAuthenticationProvider implements AuthenticationProvider
if (!cacheWasUsed) { if (!cacheWasUsed) {
// Put into cache // Put into cache
this.userCache.putUserInCache(user); this.userCache.putUserInCache(user);
// As this appears to be an initial login, publish the event
if (this.context != null) {
context.publishEvent(new AuthenticationSuccessEvent(
authentication, user));
}
} }
Object principalToReturn = user; Object principalToReturn = user;

40
core/src/main/java/org/acegisecurity/providers/dao/event/AuthenticationFailureUsernameNotFoundEvent.java
View File

@ -1,40 +0,0 @@
/* Copyright 2004, 2005 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.providers.dao.event;
import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.UserDetails;
/**
* Application event which indicates authentication failure due to nonexistent
* username. <code>AuthenticationFailureUsernameNotFoundEvent.getUser()</code>
* returns an instance of <code>User</code>, where the username is filled by
* the <code>String</code> provided at login attempt. The other properties are
* set to non-<code>null</code> values without any meaning.
*
* @author Karel Miarka
*/
public class AuthenticationFailureUsernameNotFoundEvent
extends AuthenticationFailureEvent {
//~ Constructors ===========================================================
// ~ Constructors ===========================================================
public AuthenticationFailureUsernameNotFoundEvent(
Authentication authentication, UserDetails user) {
super(authentication, user);
}
}

43
core/src/main/java/org/acegisecurity/providers/dao/event/AuthenticationFailureUsernameOrPasswordEvent.java
View File

@ -1,43 +0,0 @@
/* Copyright 2004, 2005 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.providers.dao.event;
import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.UserDetails;
/**
* Application event which indicates authentication failure due to invalid
* username or password.
*
* <P>
* <code>AuthenticationFailureUsernameOrPasswordEvent.getUser()</code> returns
* an instance of <code>User</code>, where the username is filled by the
* <code>String</code> provided at login attempt. The other properties are set
* to non-<code>null</code> values without any meaning.
* </p>
*
* @author Karel Miarka
*/
public class AuthenticationFailureUsernameOrPasswordEvent
extends AuthenticationFailureEvent {
//~ Constructors ===========================================================
public AuthenticationFailureUsernameOrPasswordEvent(
Authentication authentication, UserDetails user) {
super(authentication, user);
}
}

131
core/src/main/java/org/acegisecurity/providers/dao/event/LoggerListener.java
View File

@ -1,131 +0,0 @@
/* Copyright 2004, 2005 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.providers.dao.event;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.context.ApplicationEvent;
import org.springframework.context.ApplicationListener;
/**
* Outputs authentication-related application events to Commons Logging.
*
* <P>
* All authentication failures are logged at the warning level, whilst
* authentication successes are logged at the information level.
* </p>
*
* @author Ben Alex
* @version $Id$
*/
public class LoggerListener implements ApplicationListener {
//~ Static fields/initializers =============================================
private static final Log logger = LogFactory.getLog(LoggerListener.class);
//~ Methods ================================================================
public void onApplicationEvent(ApplicationEvent event) {
if (event instanceof AuthenticationFailurePasswordEvent) {
AuthenticationFailurePasswordEvent authEvent = (AuthenticationFailurePasswordEvent) event;
if (logger.isWarnEnabled()) {
logger.warn(
"Authentication failed due to incorrect password for user: "
+ authEvent.getUser().getUsername() + "; details: "
+ authEvent.getAuthentication().getDetails());
}
}
if (event instanceof AuthenticationFailureDisabledEvent) {
AuthenticationFailureDisabledEvent authEvent = (AuthenticationFailureDisabledEvent) event;
if (logger.isWarnEnabled()) {
logger.warn(
"Authentication failed due to account being disabled for user: "
+ authEvent.getUser().getUsername() + "; details: "
+ authEvent.getAuthentication().getDetails());
}
}
if (event instanceof AuthenticationFailureAccountLockedEvent) {
AuthenticationFailureAccountLockedEvent authEvent = (AuthenticationFailureAccountLockedEvent) event;
if (logger.isWarnEnabled()) {
logger.warn(
"Authentication failed due to account being locked for user: "
+ authEvent.getUser().getUsername() + "; details: "
+ authEvent.getAuthentication().getDetails());
}
}
if (event instanceof AuthenticationFailureCredentialsExpiredEvent) {
AuthenticationFailureCredentialsExpiredEvent authEvent = (AuthenticationFailureCredentialsExpiredEvent) event;
if (logger.isWarnEnabled()) {
logger.warn(
"Authentication failed due to account credentials have been expired for user: "
+ authEvent.getUser().getUsername() + "; details: "
+ authEvent.getAuthentication().getDetails());
}
}
if (event instanceof AuthenticationFailureAccountExpiredEvent) {
AuthenticationFailureAccountExpiredEvent authEvent = (AuthenticationFailureAccountExpiredEvent) event;
if (logger.isWarnEnabled()) {
logger.warn(
"Authentication failed due to account having expired for user: "
+ authEvent.getUser().getUsername() + "; details: "
+ authEvent.getAuthentication().getDetails());
}
}
if (event instanceof AuthenticationFailureUsernameNotFoundEvent) {
AuthenticationFailureUsernameNotFoundEvent authEvent = (AuthenticationFailureUsernameNotFoundEvent) event;
if (logger.isWarnEnabled()) {
logger.warn(
"Authentication failed due to nonexistent username: "
+ authEvent.getUser().getUsername() + "; details: "
+ authEvent.getAuthentication().getDetails());
}
}
if (event instanceof AuthenticationFailureUsernameOrPasswordEvent) {
AuthenticationFailureUsernameOrPasswordEvent authEvent = (AuthenticationFailureUsernameOrPasswordEvent) event;
if (logger.isWarnEnabled()) {
logger.warn(
"Authentication failed due to invalid username or password: "
+ authEvent.getUser().getUsername() + "; details: "
+ authEvent.getAuthentication().getDetails());
}
}
if (event instanceof AuthenticationSuccessEvent) {
AuthenticationSuccessEvent authEvent = (AuthenticationSuccessEvent) event;
if (logger.isInfoEnabled()) {
logger.info("Authentication success for user: "
+ authEvent.getUser().getUsername() + "; details: "
+ authEvent.getAuthentication().getDetails());
}
}
}
}

3
core/src/main/java/org/acegisecurity/ui/switchuser/SwitchUserProcessingFilter.java
View File

@ -24,11 +24,10 @@ import net.sf.acegisecurity.DisabledException;
import net.sf.acegisecurity.GrantedAuthority; import net.sf.acegisecurity.GrantedAuthority;
import net.sf.acegisecurity.UserDetails; import net.sf.acegisecurity.UserDetails;
import net.sf.acegisecurity.context.SecurityContextHolder; import net.sf.acegisecurity.context.SecurityContextHolder;
import net.sf.acegisecurity.event.authentication.AuthenticationSwitchUserEvent;
import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken; import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import net.sf.acegisecurity.providers.dao.AuthenticationDao; import net.sf.acegisecurity.providers.dao.AuthenticationDao;
import net.sf.acegisecurity.providers.dao.User;
import net.sf.acegisecurity.providers.dao.UsernameNotFoundException; import net.sf.acegisecurity.providers.dao.UsernameNotFoundException;
import net.sf.acegisecurity.providers.dao.event.AuthenticationSwitchUserEvent;
import net.sf.acegisecurity.ui.WebAuthenticationDetails; import net.sf.acegisecurity.ui.WebAuthenticationDetails;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;

61
core/src/test/java/org/acegisecurity/providers/dao/event/AuthenticationEventTests.java → core/src/test/java/org/acegisecurity/event/authentication/AuthenticationEventTests.java
View File

@ -13,19 +13,18 @@
* limitations under the License. * limitations under the License.
*/ */
package net.sf.acegisecurity.providers.dao.event; package net.sf.acegisecurity.event.authentication;
import junit.framework.TestCase; import junit.framework.TestCase;
import net.sf.acegisecurity.Authentication; import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.GrantedAuthority; import net.sf.acegisecurity.AuthenticationException;
import net.sf.acegisecurity.GrantedAuthorityImpl; import net.sf.acegisecurity.DisabledException;
import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken; import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import net.sf.acegisecurity.providers.dao.User;
/** /**
* Tests {@link AuthenticationEvent} and its subclasses. * Tests {@link AbstractAuthenticationEvent} and its subclasses.
* *
* @author Ben Alex * @author Ben Alex
* @version $Id$ * @version $Id$
@ -41,63 +40,42 @@ public class AuthenticationEventTests extends TestCase {
junit.textui.TestRunner.run(AuthenticationEventTests.class); junit.textui.TestRunner.run(AuthenticationEventTests.class);
} }
public void testDisabledEvent() { public void testAbstractAuthenticationEvent() {
Authentication auth = getAuthentication(); Authentication auth = getAuthentication();
User user = getUser(); AbstractAuthenticationEvent event = new AuthenticationSuccessEvent(auth);
AuthenticationFailureDisabledEvent event = new AuthenticationFailureDisabledEvent(auth,
user);
assertEquals(auth, event.getAuthentication()); assertEquals(auth, event.getAuthentication());
assertEquals(user, event.getUser());
} }
public void testPasswordEvent() { public void testAbstractAuthenticationFailureEvent() {
Authentication auth = getAuthentication(); Authentication auth = getAuthentication();
User user = getUser(); AuthenticationException exception = new DisabledException("TEST");
AuthenticationFailurePasswordEvent event = new AuthenticationFailurePasswordEvent(auth, AbstractAuthenticationFailureEvent event = new AuthenticationFailureDisabledEvent(auth,
user); exception);
assertEquals(auth, event.getAuthentication()); assertEquals(auth, event.getAuthentication());
assertEquals(user, event.getUser()); assertEquals(exception, event.getException());
} }
public void testRejectsNullAuthentication() { public void testRejectsNullAuthentication() {
AuthenticationException exception = new DisabledException("TEST");
try { try {
AuthenticationFailureDisabledEvent event = new AuthenticationFailureDisabledEvent(null, AuthenticationFailureDisabledEvent event = new AuthenticationFailureDisabledEvent(null,
getUser()); exception);
fail("Should have thrown IllegalArgumentException"); fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) { } catch (IllegalArgumentException expected) {
assertTrue(true); assertTrue(true);
} }
} }
public void testRejectsNullUser() { public void testRejectsNullAuthenticationException() {
try { try {
AuthenticationFailureDisabledEvent event = new AuthenticationFailureDisabledEvent(getAuthentication(), new AuthenticationFailureDisabledEvent(getAuthentication(), null);
null);
fail("Should have thrown IllegalArgumentException"); fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) { } catch (IllegalArgumentException expected) {
assertTrue(true); assertTrue(true);
} }
} }
public void testSuccessEvent() {
Authentication auth = getAuthentication();
User user = getUser();
AuthenticationSuccessEvent event = new AuthenticationSuccessEvent(auth,
user);
assertEquals(auth, event.getAuthentication());
assertEquals(user, event.getUser());
}
public void testSwitchUserContextEvent() {
Authentication auth = getAuthentication();
User targetUser = getUser();
AuthenticationSwitchUserEvent event = new AuthenticationSwitchUserEvent(auth,
targetUser);
assertEquals(auth, event.getAuthentication());
assertEquals(targetUser, event.getUser());
}
private Authentication getAuthentication() { private Authentication getAuthentication() {
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken("Principal", UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken("Principal",
"Credentials"); "Credentials");
@ -105,11 +83,4 @@ public class AuthenticationEventTests extends TestCase {
return authentication; return authentication;
} }
private User getUser() {
User user = new User("foo", "bar", true, true, true, true,
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_FOOBAR")});
return user;
}
} }

57
core/src/test/java/org/acegisecurity/event/authentication/LoggerListenerTests.java Normal file
View File

@ -0,0 +1,57 @@
/* Copyright 2004, 2005 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.event.authentication;
import junit.framework.TestCase;
import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.LockedException;
import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;
/**
* Tests {@link LoggerListener}.
*
* @author Ben Alex
* @version $Id$
*/
public class LoggerListenerTests extends TestCase {
//~ Methods ================================================================
public final void setUp() throws Exception {
super.setUp();
}
public static void main(String[] args) {
junit.textui.TestRunner.run(LoggerListenerTests.class);
}
public void testLogsEvents() {
AuthenticationFailureDisabledEvent event = new AuthenticationFailureDisabledEvent(getAuthentication(),
new LockedException("TEST"));
LoggerListener listener = new LoggerListener();
listener.onApplicationEvent(event);
assertTrue(true);
}
private Authentication getAuthentication() {
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken("Principal",
"Credentials");
authentication.setDetails("127.0.0.1");
return authentication;
}
}

18
core/src/test/java/org/acegisecurity/intercept/event/AuthenticationCredentialsNotFoundEventTests.java → core/src/test/java/org/acegisecurity/event/authorization/AuthenticationCredentialsNotFoundEventTests.java
View File

@ -1,4 +1,4 @@
/* Copyright 2004 Acegi Technology Pty Limited /* Copyright 2004, 2005 Acegi Technology Pty Limited
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -13,7 +13,7 @@
* limitations under the License. * limitations under the License.
*/ */
package net.sf.acegisecurity.intercept.event; package net.sf.acegisecurity.event.authorization;
import junit.framework.TestCase; import junit.framework.TestCase;
@ -47,25 +47,25 @@ public class AuthenticationCredentialsNotFoundEventTests extends TestCase {
public void testRejectsNulls() { public void testRejectsNulls() {
try { try {
AuthenticationCredentialsNotFoundEvent event = new AuthenticationCredentialsNotFoundEvent(null, new AuthenticationCredentialsNotFoundEvent(null,
new ConfigAttributeDefinition(), new ConfigAttributeDefinition(),
new AuthenticationCredentialsNotFoundException("test")); new AuthenticationCredentialsNotFoundException("test"));
fail("Should have thrown IllegalArgumentException"); fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) { } catch (IllegalArgumentException expected) {
assertTrue(true); assertTrue(true);
} }
try { try {
AuthenticationCredentialsNotFoundEvent event = new AuthenticationCredentialsNotFoundEvent(new MockMethodInvocation(), new AuthenticationCredentialsNotFoundEvent(new MockMethodInvocation(),
null, new AuthenticationCredentialsNotFoundException("test")); null, new AuthenticationCredentialsNotFoundException("test"));
fail("Should have thrown IllegalArgumentException"); fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) { } catch (IllegalArgumentException expected) {
assertTrue(true); assertTrue(true);
} }
try { try {
AuthenticationCredentialsNotFoundEvent event = new AuthenticationCredentialsNotFoundEvent(new MockMethodInvocation(), new AuthenticationCredentialsNotFoundEvent(new MockMethodInvocation(),
new ConfigAttributeDefinition(), null); new ConfigAttributeDefinition(), null);
fail("Should have thrown IllegalArgumentException"); fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) { } catch (IllegalArgumentException expected) {
assertTrue(true); assertTrue(true);

32
core/src/test/java/org/acegisecurity/intercept/event/AuthorizationFailureEventTests.java → core/src/test/java/org/acegisecurity/event/authorization/AuthorizationFailureEventTests.java
View File

@ -1,4 +1,4 @@
/* Copyright 2004 Acegi Technology Pty Limited /* Copyright 2004, 2005 Acegi Technology Pty Limited
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -13,13 +13,14 @@
* limitations under the License. * limitations under the License.
*/ */
package net.sf.acegisecurity.intercept.event; package net.sf.acegisecurity.event.authorization;
import junit.framework.TestCase; import junit.framework.TestCase;
import net.sf.acegisecurity.AccessDeniedException; import net.sf.acegisecurity.AccessDeniedException;
import net.sf.acegisecurity.ConfigAttributeDefinition; import net.sf.acegisecurity.ConfigAttributeDefinition;
import net.sf.acegisecurity.MockMethodInvocation; import net.sf.acegisecurity.MockMethodInvocation;
import net.sf.acegisecurity.event.authorization.AuthorizationFailureEvent;
import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken; import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;
@ -48,38 +49,37 @@ public class AuthorizationFailureEventTests extends TestCase {
public void testRejectsNulls() { public void testRejectsNulls() {
try { try {
AuthorizationFailureEvent event = new AuthorizationFailureEvent(null, new AuthorizationFailureEvent(null,
new ConfigAttributeDefinition(), new ConfigAttributeDefinition(),
new UsernamePasswordAuthenticationToken("foo", "bar"), new UsernamePasswordAuthenticationToken("foo", "bar"),
new AccessDeniedException("error")); new AccessDeniedException("error"));
fail("Should have thrown IllegalArgumentException"); fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) { } catch (IllegalArgumentException expected) {
assertTrue(true); assertTrue(true);
} }
try { try {
AuthorizationFailureEvent event = new AuthorizationFailureEvent(new MockMethodInvocation(), new AuthorizationFailureEvent(new MockMethodInvocation(), null,
null, new UsernamePasswordAuthenticationToken("foo", "bar"),
new UsernamePasswordAuthenticationToken("foo", "bar"), new AccessDeniedException("error"));
new AccessDeniedException("error"));
fail("Should have thrown IllegalArgumentException"); fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) { } catch (IllegalArgumentException expected) {
assertTrue(true); assertTrue(true);
} }
try { try {
AuthorizationFailureEvent event = new AuthorizationFailureEvent(new MockMethodInvocation(), new AuthorizationFailureEvent(new MockMethodInvocation(),
new ConfigAttributeDefinition(), null, new ConfigAttributeDefinition(), null,
new AccessDeniedException("error")); new AccessDeniedException("error"));
fail("Should have thrown IllegalArgumentException"); fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) { } catch (IllegalArgumentException expected) {
assertTrue(true); assertTrue(true);
} }
try { try {
AuthorizationFailureEvent event = new AuthorizationFailureEvent(new MockMethodInvocation(), new AuthorizationFailureEvent(new MockMethodInvocation(),
new ConfigAttributeDefinition(), new ConfigAttributeDefinition(),
new UsernamePasswordAuthenticationToken("foo", "bar"), null); new UsernamePasswordAuthenticationToken("foo", "bar"), null);
fail("Should have thrown IllegalArgumentException"); fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) { } catch (IllegalArgumentException expected) {
assertTrue(true); assertTrue(true);

17
core/src/test/java/org/acegisecurity/intercept/event/AuthorizedEventTests.java → core/src/test/java/org/acegisecurity/event/authorization/AuthorizedEventTests.java
View File

@ -1,4 +1,4 @@
/* Copyright 2004 Acegi Technology Pty Limited /* Copyright 2004, 2005 Acegi Technology Pty Limited
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -13,7 +13,7 @@
* limitations under the License. * limitations under the License.
*/ */
package net.sf.acegisecurity.intercept.event; package net.sf.acegisecurity.event.authorization;
import junit.framework.TestCase; import junit.framework.TestCase;
@ -47,25 +47,24 @@ public class AuthorizedEventTests extends TestCase {
public void testRejectsNulls() { public void testRejectsNulls() {
try { try {
AuthorizedEvent event = new AuthorizedEvent(null, new AuthorizedEvent(null, new ConfigAttributeDefinition(),
new ConfigAttributeDefinition(), new UsernamePasswordAuthenticationToken("foo", "bar"));
new UsernamePasswordAuthenticationToken("foo", "bar"));
fail("Should have thrown IllegalArgumentException"); fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) { } catch (IllegalArgumentException expected) {
assertTrue(true); assertTrue(true);
} }
try { try {
AuthorizedEvent event = new AuthorizedEvent(new MockMethodInvocation(), new AuthorizedEvent(new MockMethodInvocation(), null,
null, new UsernamePasswordAuthenticationToken("foo", "bar")); new UsernamePasswordAuthenticationToken("foo", "bar"));
fail("Should have thrown IllegalArgumentException"); fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) { } catch (IllegalArgumentException expected) {
assertTrue(true); assertTrue(true);
} }
try { try {
AuthorizedEvent event = new AuthorizedEvent(new MockMethodInvocation(), new AuthorizedEvent(new MockMethodInvocation(),
new ConfigAttributeDefinition(), null); new ConfigAttributeDefinition(), null);
fail("Should have thrown IllegalArgumentException"); fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) { } catch (IllegalArgumentException expected) {
assertTrue(true); assertTrue(true);

88
core/src/test/java/org/acegisecurity/intercept/event/AuthenticationFailureEventTests.java
View File

@ -1,88 +0,0 @@
/* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.intercept.event;
import junit.framework.TestCase;
import net.sf.acegisecurity.BadCredentialsException;
import net.sf.acegisecurity.ConfigAttributeDefinition;
import net.sf.acegisecurity.MockMethodInvocation;
import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;
/**
* Tests {@link AuthenticationFailureEvent}.
*
* @author Ben Alex
* @version $Id$
*/
public class AuthenticationFailureEventTests extends TestCase {
//~ Constructors ===========================================================
public AuthenticationFailureEventTests() {
super();
}
public AuthenticationFailureEventTests(String arg0) {
super(arg0);
}
//~ Methods ================================================================
public static void main(String[] args) {
junit.textui.TestRunner.run(AuthenticationFailureEventTests.class);
}
public void testRejectsNulls() {
try {
AuthenticationFailureEvent event = new AuthenticationFailureEvent(null,
new ConfigAttributeDefinition(),
new UsernamePasswordAuthenticationToken("foo", "bar"),
new BadCredentialsException("error"));
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertTrue(true);
}
try {
AuthenticationFailureEvent event = new AuthenticationFailureEvent(new MockMethodInvocation(),
null,
new UsernamePasswordAuthenticationToken("foo", "bar"),
new BadCredentialsException("error"));
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertTrue(true);
}
try {
AuthenticationFailureEvent event = new AuthenticationFailureEvent(new MockMethodInvocation(),
new ConfigAttributeDefinition(), null,
new BadCredentialsException("error"));
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertTrue(true);
}
try {
AuthenticationFailureEvent event = new AuthenticationFailureEvent(new MockMethodInvocation(),
new ConfigAttributeDefinition(),
new UsernamePasswordAuthenticationToken("foo", "bar"), null);
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertTrue(true);
}
}
}

37
core/src/test/java/org/acegisecurity/providers/ProviderManagerTests.java
View File

@ -15,14 +15,20 @@
package net.sf.acegisecurity.providers; package net.sf.acegisecurity.providers;
import junit.framework.TestCase; import java.util.List;
import java.util.Vector;
import net.sf.acegisecurity.*; import junit.framework.TestCase;
import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.AuthenticationException;
import net.sf.acegisecurity.AuthenticationServiceException;
import net.sf.acegisecurity.GrantedAuthority;
import net.sf.acegisecurity.GrantedAuthorityImpl;
import net.sf.acegisecurity.concurrent.ConcurrentSessionControllerImpl; import net.sf.acegisecurity.concurrent.ConcurrentSessionControllerImpl;
import net.sf.acegisecurity.concurrent.NullConcurrentSessionController; import net.sf.acegisecurity.concurrent.NullConcurrentSessionController;
import java.util.List; import org.springframework.context.ApplicationEvent;
import java.util.Vector; import org.springframework.context.ApplicationEventPublisher;
/** /**
@ -59,6 +65,7 @@ public class ProviderManagerTests extends TestCase {
"ROLE_TWO")}); "ROLE_TWO")});
ProviderManager mgr = makeProviderManager(); ProviderManager mgr = makeProviderManager();
mgr.setApplicationEventPublisher(new MockApplicationEventPublisher(true));
try { try {
mgr.authenticate(token); mgr.authenticate(token);
@ -68,13 +75,14 @@ public class ProviderManagerTests extends TestCase {
} }
} }
public void testAuthenticationSuccess() { public void testAuthenticationSuccess() throws Exception {
TestingAuthenticationToken token = new TestingAuthenticationToken("Test", TestingAuthenticationToken token = new TestingAuthenticationToken("Test",
"Password", "Password",
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl( new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
"ROLE_TWO")}); "ROLE_TWO")});
ProviderManager mgr = makeProviderManager(); ProviderManager mgr = makeProviderManager();
mgr.setApplicationEventPublisher(new MockApplicationEventPublisher(true));
Authentication result = mgr.authenticate(token); Authentication result = mgr.authenticate(token);
if (!(result instanceof TestingAuthenticationToken)) { if (!(result instanceof TestingAuthenticationToken)) {
@ -95,6 +103,7 @@ public class ProviderManagerTests extends TestCase {
"ROLE_TWO")}); "ROLE_TWO")});
ProviderManager mgr = makeProviderManagerWithMockProviderWhichReturnsNullInList(); ProviderManager mgr = makeProviderManagerWithMockProviderWhichReturnsNullInList();
mgr.setApplicationEventPublisher(new MockApplicationEventPublisher(true));
Authentication result = mgr.authenticate(token); Authentication result = mgr.authenticate(token);
if (!(result instanceof TestingAuthenticationToken)) { if (!(result instanceof TestingAuthenticationToken)) {
@ -166,14 +175,16 @@ public class ProviderManagerTests extends TestCase {
assertEquals(1, mgr.getProviders().size()); assertEquals(1, mgr.getProviders().size());
} }
private ProviderManager makeProviderManager() { private ProviderManager makeProviderManager() throws Exception {
MockProvider provider1 = new MockProvider(); MockProvider provider1 = new MockProvider();
List providers = new Vector(); List providers = new Vector();
providers.add(provider1); providers.add(provider1);
ProviderManager mgr = new ProviderManager(); ProviderManager mgr = new ProviderManager();
mgr.setProviders(providers); mgr.setProviders(providers);
mgr.afterPropertiesSet();
return mgr; return mgr;
} }
@ -233,4 +244,18 @@ public class ProviderManagerTests extends TestCase {
} }
} }
} }
private class MockApplicationEventPublisher implements ApplicationEventPublisher {
private boolean expectedEvent;
public MockApplicationEventPublisher(boolean expectedEvent) {
this.expectedEvent = expectedEvent;
}
public void publishEvent(ApplicationEvent event) {
if (expectedEvent == false) {
throw new IllegalStateException("The ApplicationEventPublisher did not expect to receive this event");
}
}
}
} }

52
core/src/test/java/org/acegisecurity/providers/dao/DaoAuthenticationProviderTests.java
View File

@ -34,8 +34,6 @@ import net.sf.acegisecurity.providers.dao.cache.NullUserCache;
import net.sf.acegisecurity.providers.dao.salt.SystemWideSaltSource; import net.sf.acegisecurity.providers.dao.salt.SystemWideSaltSource;
import net.sf.acegisecurity.providers.encoding.ShaPasswordEncoder; import net.sf.acegisecurity.providers.encoding.ShaPasswordEncoder;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import org.springframework.dao.DataAccessException; import org.springframework.dao.DataAccessException;
import org.springframework.dao.DataRetrievalFailureException; import org.springframework.dao.DataRetrievalFailureException;
@ -67,8 +65,6 @@ public class DaoAuthenticationProviderTests extends TestCase {
DaoAuthenticationProvider provider = new DaoAuthenticationProvider(); DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
provider.setAuthenticationDao(new MockAuthenticationDaoUserMarissa()); provider.setAuthenticationDao(new MockAuthenticationDaoUserMarissa());
provider.setUserCache(new MockUserCache()); provider.setUserCache(new MockUserCache());
provider.setApplicationContext(new ClassPathXmlApplicationContext(
"net/sf/acegisecurity/util/filtertest-valid.xml"));
try { try {
provider.authenticate(token); provider.authenticate(token);
@ -92,16 +88,6 @@ public class DaoAuthenticationProviderTests extends TestCase {
} catch (AccountExpiredException expected) { } catch (AccountExpiredException expected) {
assertTrue(true); assertTrue(true);
} }
provider.setApplicationContext(new ClassPathXmlApplicationContext(
"net/sf/acegisecurity/util/filtertest-valid.xml"));
try {
provider.authenticate(token);
fail("Should have thrown AccountExpiredException");
} catch (AccountExpiredException expected) {
assertTrue(true);
}
} }
public void testAuthenticateFailsIfAccountLocked() { public void testAuthenticateFailsIfAccountLocked() {
@ -118,16 +104,6 @@ public class DaoAuthenticationProviderTests extends TestCase {
} catch (LockedException expected) { } catch (LockedException expected) {
assertTrue(true); assertTrue(true);
} }
provider.setApplicationContext(new ClassPathXmlApplicationContext(
"net/sf/acegisecurity/util/filtertest-valid.xml"));
try {
provider.authenticate(token);
fail("Should have thrown CredentialsExpiredException");
} catch (LockedException expected) {
assertTrue(true);
}
} }
public void testAuthenticateFailsIfCredentialsExpired() { public void testAuthenticateFailsIfCredentialsExpired() {
@ -145,18 +121,9 @@ public class DaoAuthenticationProviderTests extends TestCase {
assertTrue(true); assertTrue(true);
} }
provider.setApplicationContext(new ClassPathXmlApplicationContext(
"net/sf/acegisecurity/util/filtertest-valid.xml"));
try {
provider.authenticate(token);
fail("Should have thrown CredentialsExpiredException");
} catch (CredentialsExpiredException expected) {
assertTrue(true);
}
// Check that wrong password causes BadCredentialsException, rather than CredentialsExpiredException // Check that wrong password causes BadCredentialsException, rather than CredentialsExpiredException
token = new UsernamePasswordAuthenticationToken("peter", "wrong_password"); token = new UsernamePasswordAuthenticationToken("peter",
"wrong_password");
try { try {
provider.authenticate(token); provider.authenticate(token);
@ -180,16 +147,6 @@ public class DaoAuthenticationProviderTests extends TestCase {
} catch (DisabledException expected) { } catch (DisabledException expected) {
assertTrue(true); assertTrue(true);
} }
provider.setApplicationContext(new ClassPathXmlApplicationContext(
"net/sf/acegisecurity/util/filtertest-valid.xml"));
try {
provider.authenticate(token);
fail("Should have thrown DisabledException");
} catch (DisabledException expected) {
assertTrue(true);
}
} }
public void testAuthenticateFailsWhenAuthenticationDaoHasBackendFailure() { public void testAuthenticateFailsWhenAuthenticationDaoHasBackendFailure() {
@ -422,11 +379,6 @@ public class DaoAuthenticationProviderTests extends TestCase {
assertFalse(provider.isForcePrincipalAsString()); assertFalse(provider.isForcePrincipalAsString());
provider.setForcePrincipalAsString(true); provider.setForcePrincipalAsString(true);
assertTrue(provider.isForcePrincipalAsString()); assertTrue(provider.isForcePrincipalAsString());
provider.setApplicationContext(new ClassPathXmlApplicationContext(
"net/sf/acegisecurity/util/filtertest-valid.xml"));
assertEquals(ClassPathXmlApplicationContext.class.getName(),
provider.getContext().getClass().getName());
} }
public void testGoesBackToAuthenticationDaoToObtainLatestPasswordIfCachedPasswordSeemsIncorrect() { public void testGoesBackToAuthenticationDaoToObtainLatestPasswordIfCachedPasswordSeemsIncorrect() {

32
core/src/test/java/org/acegisecurity/providers/dao/PasswordDaoAuthenticationProviderTests.java
View File

@ -32,8 +32,6 @@ import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import net.sf.acegisecurity.providers.dao.cache.EhCacheBasedUserCache; import net.sf.acegisecurity.providers.dao.cache.EhCacheBasedUserCache;
import net.sf.acegisecurity.providers.dao.cache.NullUserCache; import net.sf.acegisecurity.providers.dao.cache.NullUserCache;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import org.springframework.dao.DataAccessException; import org.springframework.dao.DataAccessException;
import org.springframework.dao.DataRetrievalFailureException; import org.springframework.dao.DataRetrievalFailureException;
@ -87,16 +85,6 @@ public class PasswordDaoAuthenticationProviderTests extends TestCase {
} catch (AccountExpiredException expected) { } catch (AccountExpiredException expected) {
assertTrue(true); assertTrue(true);
} }
provider.setApplicationContext(new ClassPathXmlApplicationContext(
"net/sf/acegisecurity/util/filtertest-valid.xml"));
try {
provider.authenticate(token);
fail("Should have thrown AccountExpiredException");
} catch (AccountExpiredException expected) {
assertTrue(true);
}
} }
public void testAuthenticateFailsIfAccountLocked() { public void testAuthenticateFailsIfAccountLocked() {
@ -113,16 +101,6 @@ public class PasswordDaoAuthenticationProviderTests extends TestCase {
} catch (LockedException expected) { } catch (LockedException expected) {
assertTrue(true); assertTrue(true);
} }
provider.setApplicationContext(new ClassPathXmlApplicationContext(
"net/sf/acegisecurity/util/filtertest-valid.xml"));
try {
provider.authenticate(token);
fail("Should have thrown AccountExpiredException");
} catch (LockedException expected) {
assertTrue(true);
}
} }
public void testAuthenticateFailsIfCredentialsExpired() { public void testAuthenticateFailsIfCredentialsExpired() {
@ -139,16 +117,6 @@ public class PasswordDaoAuthenticationProviderTests extends TestCase {
} catch (CredentialsExpiredException expected) { } catch (CredentialsExpiredException expected) {
assertTrue(true); assertTrue(true);
} }
provider.setApplicationContext(new ClassPathXmlApplicationContext(
"net/sf/acegisecurity/util/filtertest-valid.xml"));
try {
provider.authenticate(token);
fail("Should have thrown CredentialsExpiredException");
} catch (CredentialsExpiredException expected) {
assertTrue(true);
}
} }
public void testAuthenticateFailsIfUserDisabled() { public void testAuthenticateFailsIfUserDisabled() {

98
core/src/test/java/org/acegisecurity/providers/dao/event/LoggerListenerTests.java
View File

@ -1,98 +0,0 @@
/* Copyright 2004, 2005 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.providers.dao.event;
import junit.framework.TestCase;
import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.GrantedAuthority;
import net.sf.acegisecurity.GrantedAuthorityImpl;
import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import net.sf.acegisecurity.providers.dao.User;
/**
* Tests {@link LoggerListener}.
*
* @author Ben Alex
* @version $Id$
*/
public class LoggerListenerTests extends TestCase {
//~ Methods ================================================================
public final void setUp() throws Exception {
super.setUp();
}
public static void main(String[] args) {
junit.textui.TestRunner.run(LoggerListenerTests.class);
}
public void testLogsDisabledEvents() {
AuthenticationFailureDisabledEvent event = new AuthenticationFailureDisabledEvent(getAuthentication(),
getUser());
LoggerListener listener = new LoggerListener();
listener.onApplicationEvent(event);
assertTrue(true);
}
public void testLogsPasswordEvents() {
AuthenticationFailurePasswordEvent event = new AuthenticationFailurePasswordEvent(getAuthentication(),
getUser());
LoggerListener listener = new LoggerListener();
listener.onApplicationEvent(event);
assertTrue(true);
}
public void testLogsSuccessEvents() {
AuthenticationSuccessEvent event = new AuthenticationSuccessEvent(getAuthentication(),
getUser());
LoggerListener listener = new LoggerListener();
listener.onApplicationEvent(event);
assertTrue(true);
}
public void testLogsUsernameNotFoundEvents() {
AuthenticationFailureUsernameNotFoundEvent event = new AuthenticationFailureUsernameNotFoundEvent(getAuthentication(),
getUser());
LoggerListener listener = new LoggerListener();
listener.onApplicationEvent(event);
assertTrue(true);
}
public void testLogsUsernameOfPasswordEvent() {
AuthenticationFailureUsernameOrPasswordEvent event = new AuthenticationFailureUsernameOrPasswordEvent(getAuthentication(),
getUser());
LoggerListener listener = new LoggerListener();
listener.onApplicationEvent(event);
assertTrue(true);
}
private Authentication getAuthentication() {
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken("Principal",
"Credentials");
authentication.setDetails("127.0.0.1");
return authentication;
}
private User getUser() {
User user = new User("foo", "bar", true, true, true, true,
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_FOOBAR")});
return user;
}
}

4
core/src/test/resources/org/acegisecurity/applicationContext.xml
View File

@ -21,10 +21,10 @@
<beans> <beans>
<!-- Automatically receives AuthenticationEvent messages from DaoAuthenticationProvider --> <!-- Automatically receives AuthenticationEvent messages from DaoAuthenticationProvider -->
<bean id="authenticationLoggerListener" class="net.sf.acegisecurity.providers.dao.event.LoggerListener"/> <bean id="authenticationLoggerListener" class="net.sf.acegisecurity.event.authentication.LoggerListener"/>
<!-- Automatically receives AuthenticationEvent messages from AbstractSecurityInterceptor --> <!-- Automatically receives AuthenticationEvent messages from AbstractSecurityInterceptor -->
<bean id="secureObjectLoggerListener" class="net.sf.acegisecurity.intercept.event.LoggerListener"/> <bean id="secureObjectLoggerListener" class="net.sf.acegisecurity.event.authorization.LoggerListener"/>
<!-- Setup a cache we can use in tests of the caching layer --> <!-- Setup a cache we can use in tests of the caching layer -->
<bean id="cacheManager" class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"> <bean id="cacheManager" class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean">

2
core/src/test/resources/org/acegisecurity/intercept/method/aopalliance/applicationContext.xml
View File

@ -25,7 +25,7 @@
<bean id="accessDecision" class="net.sf.acegisecurity.MockAccessDecisionManager"/> <bean id="accessDecision" class="net.sf.acegisecurity.MockAccessDecisionManager"/>
<bean id="runAs" class="net.sf.acegisecurity.MockRunAsManager"/> <bean id="runAs" class="net.sf.acegisecurity.MockRunAsManager"/>
<bean id="loggerListener" class="net.sf.acegisecurity.intercept.event.LoggerListener"/> <bean id="secureObjectLoggerListener" class="net.sf.acegisecurity.event.authorization.LoggerListener"/>
<bean id="securityInterceptor" class="net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor"> <bean id="securityInterceptor" class="net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor">
<property name="authenticationManager"><ref local="authentication"/></property> <property name="authenticationManager"><ref local="authentication"/></property>

2
core/src/test/resources/org/acegisecurity/intercept/method/applicationContext.xml
View File

@ -50,6 +50,6 @@
</property> </property>
</bean> </bean>
<bean id="loggerListener" class="net.sf.acegisecurity.intercept.event.LoggerListener"/> <bean id="secureObjectLoggerListener" class="net.sf.acegisecurity.event.authorization.LoggerListener"/>
</beans> </beans>

3
doc/xdocs/upgrade/upgrade-080-090.html
View File

@ -46,6 +46,9 @@ applications:
set this property to false if you would like the anoymous authentication token to be preserved, set this property to false if you would like the anoymous authentication token to be preserved,
which would be an unusual requirement.<br><br></li> which would be an unusual requirement.<br><br></li>
<li>Event publishing has been refactored. New event classes have been added, and the location of
LoggerListener has changed. See the net.sf.acegisecurity.event package.</li>
</ul> </ul>
</body> </body>

4
samples/contacts-tiger/src/main/webapp/filter/WEB-INF/applicationContext-acegi-security.xml
View File

@ -65,8 +65,8 @@
<property name="cache"><ref local="userCacheBackend"/></property> <property name="cache"><ref local="userCacheBackend"/></property>
</bean> </bean>
<!-- Automatically receives AuthenticationEvent messages from DaoAuthenticationProvider --> <!-- Automatically receives AuthenticationEvent messages -->
<bean id="loggerListener" class="net.sf.acegisecurity.providers.dao.event.LoggerListener"/> <bean id="loggerListener" class="net.sf.acegisecurity.event.authentication.LoggerListener"/>
<bean id="basicProcessingFilter" class="net.sf.acegisecurity.ui.basicauth.BasicProcessingFilter"> <bean id="basicProcessingFilter" class="net.sf.acegisecurity.ui.basicauth.BasicProcessingFilter">
<property name="authenticationManager"><ref local="authenticationManager"/></property> <property name="authenticationManager"><ref local="authenticationManager"/></property>

4
samples/contacts/src/main/webapp/filter/WEB-INF/applicationContext-acegi-security.xml
View File

@ -65,8 +65,8 @@
<property name="cache"><ref local="userCacheBackend"/></property> <property name="cache"><ref local="userCacheBackend"/></property>
</bean> </bean>
<!-- Automatically receives AuthenticationEvent messages from DaoAuthenticationProvider --> <!-- Automatically receives AuthenticationEvent messages -->
<bean id="loggerListener" class="net.sf.acegisecurity.providers.dao.event.LoggerListener"/> <bean id="loggerListener" class="net.sf.acegisecurity.event.authentication.LoggerListener"/>
<bean id="basicProcessingFilter" class="net.sf.acegisecurity.ui.basicauth.BasicProcessingFilter"> <bean id="basicProcessingFilter" class="net.sf.acegisecurity.ui.basicauth.BasicProcessingFilter">
<property name="authenticationManager"><ref local="authenticationManager"/></property> <property name="authenticationManager"><ref local="authenticationManager"/></property>