SEC-1125: Further refactoring of web packages following creation of web module. Fixing samples.
This commit is contained in:
Luke Taylor
parent
2a9a8a41db
commit
bec84f874a
|
|
@ -25,8 +25,8 @@ import org.springframework.security.AuthenticationException;
|
|||
|
||||
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
|
||||
|
||||
import org.springframework.security.ui.AbstractProcessingFilter;
|
||||
import org.springframework.security.ui.FilterChainOrder;
|
||||
import org.springframework.security.web.FilterChainOrder;
|
||||
import org.springframework.security.web.authentication.AbstractProcessingFilter;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ import javax.servlet.http.HttpServletResponse;
|
|||
|
||||
import org.jasig.cas.client.util.CommonUtils;
|
||||
import org.springframework.security.AuthenticationException;
|
||||
import org.springframework.security.ui.AuthenticationEntryPoint;
|
||||
import org.springframework.security.web.AuthenticationEntryPoint;
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
|
|
|
|||
|
|
@ -20,6 +20,13 @@
|
|||
<artifactId>spring-security-web</artifactId>
|
||||
<version>${project.version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-core</artifactId>
|
||||
<version>${project.version}</version>
|
||||
<classifier>tests</classifier>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-web</artifactId>
|
||||
|
|
@ -28,15 +35,14 @@
|
|||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>commons-logging</groupId>
|
||||
<artifactId>commons-logging</artifactId>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-openid</artifactId>
|
||||
<version>${project.version}</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-core</artifactId>
|
||||
<version>${project.version}</version>
|
||||
<classifier>tests</classifier>
|
||||
<scope>test</scope>
|
||||
<groupId>commons-logging</groupId>
|
||||
<artifactId>commons-logging</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
|
|
|
|||
|
|
@ -8,8 +8,8 @@ import org.springframework.beans.factory.parsing.BeanComponentDefinition;
|
|||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.beans.factory.xml.BeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
import org.springframework.security.providers.anonymous.AnonymousAuthenticationProvider;
|
||||
import org.springframework.security.ui.anonymous.AnonymousProcessingFilter;
|
||||
import org.springframework.security.providers.AnonymousAuthenticationProvider;
|
||||
import org.springframework.security.web.authentication.AnonymousProcessingFilter;
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.w3c.dom.Element;
|
||||
|
||||
|
|
|
|||
|
|
@ -7,8 +7,8 @@ import org.springframework.beans.factory.support.BeanDefinitionBuilder;
|
|||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.beans.factory.xml.BeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
import org.springframework.security.ui.basicauth.BasicProcessingFilter;
|
||||
import org.springframework.security.ui.basicauth.BasicProcessingFilterEntryPoint;
|
||||
import org.springframework.security.web.authentication.www.BasicProcessingFilter;
|
||||
import org.springframework.security.web.authentication.www.BasicProcessingFilterEntryPoint;
|
||||
import org.w3c.dom.Element;
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
package org.springframework.security.config;
|
||||
|
||||
import org.springframework.security.providers.dao.UserCache;
|
||||
import org.springframework.security.providers.dao.cache.NullUserCache;
|
||||
import org.springframework.security.userdetails.UserCache;
|
||||
import org.springframework.security.userdetails.UserDetailsService;
|
||||
import org.springframework.security.userdetails.UserDetails;
|
||||
import org.springframework.security.userdetails.cache.NullUserCache;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -10,9 +10,9 @@ import org.springframework.beans.factory.support.RootBeanDefinition;
|
|||
import org.springframework.beans.factory.xml.BeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
import org.springframework.security.concurrent.ConcurrentSessionControllerImpl;
|
||||
import org.springframework.security.concurrent.ConcurrentSessionFilter;
|
||||
import org.springframework.security.concurrent.SessionRegistryImpl;
|
||||
import org.springframework.security.providers.ProviderManager;
|
||||
import org.springframework.security.web.concurrent.ConcurrentSessionFilter;
|
||||
import org.springframework.security.web.concurrent.SessionRegistryImpl;
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.w3c.dom.Element;
|
||||
|
||||
|
|
|
|||
|
|
@ -9,8 +9,8 @@ import org.springframework.beans.factory.BeanFactory;
|
|||
import org.springframework.beans.factory.BeanFactoryAware;
|
||||
import org.springframework.beans.factory.config.BeanPostProcessor;
|
||||
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
|
||||
import org.springframework.security.ui.AuthenticationEntryPoint;
|
||||
import org.springframework.security.ui.ExceptionTranslationFilter;
|
||||
import org.springframework.security.web.AuthenticationEntryPoint;
|
||||
import org.springframework.security.web.ExceptionTranslationFilter;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -18,19 +18,19 @@ import org.springframework.core.OrderComparator;
|
|||
import org.springframework.core.Ordered;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.config.ConfigUtils.FilterChainList;
|
||||
import org.springframework.security.context.web.SecurityContextPersistenceFilter;
|
||||
import org.springframework.security.intercept.web.DefaultFilterInvocationSecurityMetadataSource;
|
||||
import org.springframework.security.intercept.web.FilterSecurityInterceptor;
|
||||
import org.springframework.security.providers.anonymous.AnonymousAuthenticationToken;
|
||||
import org.springframework.security.ui.ExceptionTranslationFilter;
|
||||
import org.springframework.security.ui.SessionFixationProtectionFilter;
|
||||
import org.springframework.security.ui.anonymous.AnonymousProcessingFilter;
|
||||
import org.springframework.security.ui.basicauth.BasicProcessingFilter;
|
||||
import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;
|
||||
import org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint;
|
||||
import org.springframework.security.ui.webapp.DefaultLoginPageGeneratingFilter;
|
||||
import org.springframework.security.web.util.FilterChainProxy;
|
||||
import org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter;
|
||||
import org.springframework.security.providers.AnonymousAuthenticationToken;
|
||||
import org.springframework.security.web.ExceptionTranslationFilter;
|
||||
import org.springframework.security.web.FilterChainProxy;
|
||||
import org.springframework.security.web.SessionFixationProtectionFilter;
|
||||
import org.springframework.security.web.authentication.AnonymousProcessingFilter;
|
||||
import org.springframework.security.web.authentication.AuthenticationProcessingFilter;
|
||||
import org.springframework.security.web.authentication.AuthenticationProcessingFilterEntryPoint;
|
||||
import org.springframework.security.web.authentication.DefaultLoginPageGeneratingFilter;
|
||||
import org.springframework.security.web.authentication.www.BasicProcessingFilter;
|
||||
import org.springframework.security.web.context.SecurityContextPersistenceFilter;
|
||||
import org.springframework.security.web.intercept.DefaultFilterInvocationSecurityMetadataSource;
|
||||
import org.springframework.security.web.intercept.FilterSecurityInterceptor;
|
||||
import org.springframework.security.web.wrapper.SecurityContextHolderAwareRequestFilter;
|
||||
|
||||
/**
|
||||
*
|
||||
|
|
|
|||
|
|
@ -7,10 +7,10 @@ import org.springframework.beans.factory.support.BeanDefinitionBuilder;
|
|||
import org.springframework.beans.factory.xml.AbstractSingleBeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.intercept.web.FilterInvocationSecurityMetadataSource;
|
||||
import org.springframework.security.intercept.web.RequestKey;
|
||||
import org.springframework.security.util.AntUrlPathMatcher;
|
||||
import org.springframework.security.util.UrlMatcher;
|
||||
import org.springframework.security.web.intercept.FilterInvocationSecurityMetadataSource;
|
||||
import org.springframework.security.web.intercept.RequestKey;
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.springframework.util.xml.DomUtils;
|
||||
import org.w3c.dom.Element;
|
||||
|
|
@ -24,7 +24,7 @@ import org.w3c.dom.Element;
|
|||
public class FilterInvocationSecurityMetadataSourceBeanDefinitionParser extends AbstractSingleBeanDefinitionParser {
|
||||
|
||||
protected String getBeanClassName(Element element) {
|
||||
return "org.springframework.security.intercept.web.DefaultFilterInvocationSecurityMetadataSource";
|
||||
return "org.springframework.security.web.intercept.DefaultFilterInvocationSecurityMetadataSource";
|
||||
}
|
||||
|
||||
protected void doParse(Element element, ParserContext parserContext, BeanDefinitionBuilder builder) {
|
||||
|
|
|
|||
|
|
@ -7,10 +7,10 @@ import org.springframework.beans.factory.support.BeanDefinitionBuilder;
|
|||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.beans.factory.xml.BeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
import org.springframework.security.ui.SavedRequestAwareAuthenticationSuccessHandler;
|
||||
import org.springframework.security.ui.SimpleUrlAuthenticationFailureHandler;
|
||||
import org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint;
|
||||
import org.springframework.security.ui.webapp.DefaultLoginPageGeneratingFilter;
|
||||
import org.springframework.security.web.authentication.AuthenticationProcessingFilterEntryPoint;
|
||||
import org.springframework.security.web.authentication.DefaultLoginPageGeneratingFilter;
|
||||
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
|
||||
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
|
||||
import org.springframework.util.StringUtils;
|
||||
|
||||
import org.w3c.dom.Element;
|
||||
|
|
|
|||
|
|
@ -45,10 +45,10 @@ class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionParser {
|
|||
|
||||
private final Log logger = LogFactory.getLog(getClass());
|
||||
|
||||
private static final String SECURED_METHOD_DEFINITION_SOURCE_CLASS = "org.springframework.security.annotation.SecuredMethodSecurityMetadataSource";
|
||||
private static final String EXPRESSION_METHOD_DEFINITION_SOURCE_CLASS = "org.springframework.security.expression.method.ExpressionAnnotationMethodSecurityMetadataSource";
|
||||
private static final String JSR_250_SECURITY_METHOD_DEFINITION_SOURCE_CLASS = "org.springframework.security.annotation.Jsr250MethodSecurityMetadataSource";
|
||||
private static final String JSR_250_VOTER_CLASS = "org.springframework.security.annotation.Jsr250Voter";
|
||||
static final String SECURED_METHOD_DEFINITION_SOURCE_CLASS = "org.springframework.security.annotation.SecuredMethodSecurityMetadataSource";
|
||||
static final String EXPRESSION_METHOD_DEFINITION_SOURCE_CLASS = "org.springframework.security.expression.method.ExpressionAnnotationMethodSecurityMetadataSource";
|
||||
static final String JSR_250_SECURITY_METHOD_DEFINITION_SOURCE_CLASS = "org.springframework.security.annotation.Jsr250MethodSecurityMetadataSource";
|
||||
static final String JSR_250_VOTER_CLASS = "org.springframework.security.annotation.Jsr250Voter";
|
||||
|
||||
/*
|
||||
* Internal Bean IDs which are only used within this class
|
||||
|
|
|
|||
|
|
@ -19,30 +19,30 @@ import org.springframework.beans.factory.xml.ParserContext;
|
|||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.ConfigAttributeEditor;
|
||||
import org.springframework.security.SecurityConfig;
|
||||
import org.springframework.security.context.web.HttpSessionSecurityContextRepository;
|
||||
import org.springframework.security.context.web.SecurityContextPersistenceFilter;
|
||||
import org.springframework.security.expression.web.WebExpressionVoter;
|
||||
import org.springframework.security.intercept.web.DefaultFilterInvocationSecurityMetadataSource;
|
||||
import org.springframework.security.intercept.web.FilterSecurityInterceptor;
|
||||
import org.springframework.security.intercept.web.RequestKey;
|
||||
import org.springframework.security.securechannel.ChannelDecisionManagerImpl;
|
||||
import org.springframework.security.securechannel.ChannelProcessingFilter;
|
||||
import org.springframework.security.securechannel.InsecureChannelProcessor;
|
||||
import org.springframework.security.securechannel.RetryWithHttpEntryPoint;
|
||||
import org.springframework.security.securechannel.RetryWithHttpsEntryPoint;
|
||||
import org.springframework.security.securechannel.SecureChannelProcessor;
|
||||
import org.springframework.security.ui.AccessDeniedHandlerImpl;
|
||||
import org.springframework.security.ui.ExceptionTranslationFilter;
|
||||
import org.springframework.security.ui.SessionFixationProtectionFilter;
|
||||
import org.springframework.security.ui.webapp.DefaultLoginPageGeneratingFilter;
|
||||
import org.springframework.security.util.AntUrlPathMatcher;
|
||||
import org.springframework.security.util.RegexUrlPathMatcher;
|
||||
import org.springframework.security.util.UrlMatcher;
|
||||
import org.springframework.security.vote.AccessDecisionVoter;
|
||||
import org.springframework.security.vote.AuthenticatedVoter;
|
||||
import org.springframework.security.vote.RoleVoter;
|
||||
import org.springframework.security.web.util.FilterChainProxy;
|
||||
import org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter;
|
||||
import org.springframework.security.web.AccessDeniedHandlerImpl;
|
||||
import org.springframework.security.web.ExceptionTranslationFilter;
|
||||
import org.springframework.security.web.FilterChainProxy;
|
||||
import org.springframework.security.web.SessionFixationProtectionFilter;
|
||||
import org.springframework.security.web.authentication.DefaultLoginPageGeneratingFilter;
|
||||
import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
|
||||
import org.springframework.security.web.context.SecurityContextPersistenceFilter;
|
||||
import org.springframework.security.web.expression.WebExpressionVoter;
|
||||
import org.springframework.security.web.intercept.DefaultFilterInvocationSecurityMetadataSource;
|
||||
import org.springframework.security.web.intercept.FilterSecurityInterceptor;
|
||||
import org.springframework.security.web.intercept.RequestKey;
|
||||
import org.springframework.security.web.securechannel.ChannelDecisionManagerImpl;
|
||||
import org.springframework.security.web.securechannel.ChannelProcessingFilter;
|
||||
import org.springframework.security.web.securechannel.InsecureChannelProcessor;
|
||||
import org.springframework.security.web.securechannel.RetryWithHttpEntryPoint;
|
||||
import org.springframework.security.web.securechannel.RetryWithHttpsEntryPoint;
|
||||
import org.springframework.security.web.securechannel.SecureChannelProcessor;
|
||||
import org.springframework.security.web.wrapper.SecurityContextHolderAwareRequestFilter;
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.springframework.util.xml.DomUtils;
|
||||
import org.w3c.dom.Element;
|
||||
|
|
@ -106,8 +106,12 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
|
|||
|
||||
private static final String ATT_DISABLE_URL_REWRITING = "disable-url-rewriting";
|
||||
|
||||
private static final String EXPRESSION_FIDS_CLASS = "org.springframework.security.expression.web.ExpressionBasedFilterInvocationSecurityMetadataSource";
|
||||
private static final String EXPRESSION_HANDLER_CLASS = "org.springframework.security.expression.web.support.DefaultWebSecurityExpressionHandler";
|
||||
static final String OPEN_ID_AUTHENTICATION_PROCESSING_FILTER_CLASS = "org.springframework.security.openid.OpenIDAuthenticationProcessingFilter";
|
||||
static final String OPEN_ID_AUTHENTICATION_PROVIDER_CLASS = "org.springframework.security.openid.OpenIDAuthenticationProvider";
|
||||
static final String AUTHENTICATION_PROCESSING_FILTER_CLASS = "org.springframework.security.web.authentication.AuthenticationProcessingFilter";
|
||||
|
||||
static final String EXPRESSION_FIMDS_CLASS = "org.springframework.security.web.expression.ExpressionBasedFilterInvocationSecurityMetadataSource";
|
||||
static final String EXPRESSION_HANDLER_CLASS = "org.springframework.security.web.expression.DefaultWebSecurityExpressionHandler";
|
||||
private static final String EXPRESSION_HANDLER_ID = "_webExpressionHandler";
|
||||
|
||||
@SuppressWarnings("unchecked")
|
||||
|
|
@ -166,7 +170,7 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
|
|||
expressionHandlerRef = EXPRESSION_HANDLER_ID;
|
||||
}
|
||||
|
||||
fidsBuilder = BeanDefinitionBuilder.rootBeanDefinition(EXPRESSION_FIDS_CLASS);
|
||||
fidsBuilder = BeanDefinitionBuilder.rootBeanDefinition(EXPRESSION_FIMDS_CLASS);
|
||||
fidsBuilder.addConstructorArgValue(matcher);
|
||||
fidsBuilder.addConstructorArgValue(requestToAttributesMap);
|
||||
fidsBuilder.addConstructorArgReference(expressionHandlerRef);
|
||||
|
|
@ -437,7 +441,7 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
|
|||
|
||||
if (formLoginElt != null || autoConfig) {
|
||||
FormLoginBeanDefinitionParser parser = new FormLoginBeanDefinitionParser("/j_spring_security_check",
|
||||
"org.springframework.security.ui.webapp.AuthenticationProcessingFilter");
|
||||
AUTHENTICATION_PROCESSING_FILTER_CLASS);
|
||||
|
||||
parser.parse(formLoginElt, pc);
|
||||
formLoginFilter = parser.getFilterBean();
|
||||
|
|
@ -449,7 +453,7 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
|
|||
|
||||
if (openIDLoginElt != null) {
|
||||
FormLoginBeanDefinitionParser parser = new FormLoginBeanDefinitionParser("/j_spring_openid_security_check",
|
||||
"org.springframework.security.ui.openid.OpenIDAuthenticationProcessingFilter");
|
||||
OPEN_ID_AUTHENTICATION_PROCESSING_FILTER_CLASS);
|
||||
|
||||
parser.parse(openIDLoginElt, pc);
|
||||
openIDFilter = parser.getFilterBean();
|
||||
|
|
@ -457,7 +461,7 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
|
|||
openIDLoginPage = parser.getLoginPage();
|
||||
|
||||
BeanDefinitionBuilder openIDProviderBuilder =
|
||||
BeanDefinitionBuilder.rootBeanDefinition("org.springframework.security.providers.openid.OpenIDAuthenticationProvider");
|
||||
BeanDefinitionBuilder.rootBeanDefinition(OPEN_ID_AUTHENTICATION_PROVIDER_CLASS);
|
||||
|
||||
String userService = openIDLoginElt.getAttribute(ATT_USER_SERVICE_REF);
|
||||
|
||||
|
|
|
|||
|
|
@ -6,8 +6,8 @@ import org.springframework.beans.factory.support.BeanDefinitionBuilder;
|
|||
import org.springframework.beans.factory.support.ManagedList;
|
||||
import org.springframework.beans.factory.xml.BeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
import org.springframework.security.ui.logout.LogoutFilter;
|
||||
import org.springframework.security.ui.logout.SecurityContextLogoutHandler;
|
||||
import org.springframework.security.web.logout.LogoutFilter;
|
||||
import org.springframework.security.web.logout.SecurityContextLogoutHandler;
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.w3c.dom.Element;
|
||||
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ import org.springframework.beans.factory.support.BeanDefinitionBuilder;
|
|||
import org.springframework.beans.factory.xml.BeanDefinitionDecorator;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
import org.springframework.core.Ordered;
|
||||
import org.springframework.security.ui.FilterChainOrder;
|
||||
import org.springframework.security.web.FilterChainOrder;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.w3c.dom.Element;
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
package org.springframework.security.config;
|
||||
|
||||
import org.springframework.security.web.util.PortMapperImpl;
|
||||
import org.springframework.security.web.PortMapperImpl;
|
||||
import org.springframework.beans.factory.xml.BeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
import org.springframework.beans.factory.config.BeanDefinition;
|
||||
|
|
@ -15,7 +15,7 @@ import java.util.Map;
|
|||
import java.util.HashMap;
|
||||
|
||||
/**
|
||||
* Parses a port-mappings element, producing a single {@link org.springframework.security.web.util.PortMapperImpl}
|
||||
* Parses a port-mappings element, producing a single {@link org.springframework.security.web.PortMapperImpl}
|
||||
* bean.
|
||||
*
|
||||
* @author Luke Taylor
|
||||
|
|
|
|||
|
|
@ -7,11 +7,11 @@ import org.springframework.beans.factory.config.RuntimeBeanReference;
|
|||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.beans.factory.xml.BeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
import org.springframework.security.ui.rememberme.JdbcTokenRepositoryImpl;
|
||||
import org.springframework.security.ui.rememberme.PersistentTokenBasedRememberMeServices;
|
||||
import org.springframework.security.ui.rememberme.RememberMeProcessingFilter;
|
||||
import org.springframework.security.ui.rememberme.TokenBasedRememberMeServices;
|
||||
import org.springframework.security.providers.rememberme.RememberMeAuthenticationProvider;
|
||||
import org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl;
|
||||
import org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices;
|
||||
import org.springframework.security.web.authentication.rememberme.RememberMeProcessingFilter;
|
||||
import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;
|
||||
import org.springframework.security.providers.RememberMeAuthenticationProvider;
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.w3c.dom.Element;
|
||||
|
||||
|
|
|
|||
|
|
@ -9,9 +9,9 @@ import org.springframework.beans.factory.BeanFactory;
|
|||
import org.springframework.beans.factory.BeanFactoryAware;
|
||||
import org.springframework.beans.factory.ListableBeanFactory;
|
||||
import org.springframework.beans.factory.config.BeanPostProcessor;
|
||||
import org.springframework.security.ui.AbstractProcessingFilter;
|
||||
import org.springframework.security.ui.basicauth.BasicProcessingFilter;
|
||||
import org.springframework.security.ui.rememberme.RememberMeServices;
|
||||
import org.springframework.security.web.authentication.AbstractProcessingFilter;
|
||||
import org.springframework.security.web.authentication.rememberme.RememberMeServices;
|
||||
import org.springframework.security.web.authentication.www.BasicProcessingFilter;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -11,8 +11,8 @@ import org.springframework.beans.factory.config.BeanPostProcessor;
|
|||
import org.springframework.security.concurrent.ConcurrentSessionController;
|
||||
import org.springframework.security.concurrent.ConcurrentSessionControllerImpl;
|
||||
import org.springframework.security.concurrent.SessionRegistry;
|
||||
import org.springframework.security.ui.AbstractProcessingFilter;
|
||||
import org.springframework.security.ui.SessionFixationProtectionFilter;
|
||||
import org.springframework.security.web.SessionFixationProtectionFilter;
|
||||
import org.springframework.security.web.authentication.AbstractProcessingFilter;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
|
|
|
|||
|
|
@ -13,9 +13,9 @@ import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
|
|||
import org.springframework.beans.factory.config.RuntimeBeanReference;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationProvider;
|
||||
import org.springframework.security.ui.rememberme.AbstractRememberMeServices;
|
||||
import org.springframework.security.userdetails.UserDetailsByNameServiceWrapper;
|
||||
import org.springframework.security.userdetails.UserDetailsService;
|
||||
import org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
package org.springframework.security.config;
|
||||
|
||||
import org.springframework.security.ui.preauth.PreAuthenticatedProcessingFilterEntryPoint;
|
||||
import org.springframework.security.ui.preauth.x509.X509PreAuthenticatedProcessingFilter;
|
||||
import org.springframework.security.ui.preauth.x509.SubjectDnX509PrincipalExtractor;
|
||||
import org.springframework.security.userdetails.UserDetailsByNameServiceWrapper;
|
||||
import org.springframework.security.web.authentication.preauth.PreAuthenticatedProcessingFilterEntryPoint;
|
||||
import org.springframework.security.web.authentication.preauth.x509.SubjectDnX509PrincipalExtractor;
|
||||
import org.springframework.security.web.authentication.preauth.x509.X509PreAuthenticatedProcessingFilter;
|
||||
import org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationProvider;
|
||||
import org.springframework.beans.factory.xml.BeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
package org.springframework.security.config;
|
||||
|
||||
import static org.junit.Assert.*;
|
||||
import static org.mockito.Mockito.*;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
|
|
@ -13,15 +14,16 @@ import org.springframework.mock.web.MockHttpServletResponse;
|
|||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.SecurityConfig;
|
||||
import org.springframework.security.config.util.InMemoryXmlApplicationContext;
|
||||
import org.springframework.security.intercept.web.DefaultFilterInvocationSecurityMetadataSource;
|
||||
import org.springframework.security.intercept.web.FilterInvocation;
|
||||
import org.springframework.security.web.intercept.DefaultFilterInvocationSecurityMetadataSource;
|
||||
import org.springframework.security.web.intercept.FilterInvocation;
|
||||
import org.w3c.dom.Element;
|
||||
|
||||
/**
|
||||
*
|
||||
* Tests for {@link FilterInvocationSecurityMetadataSourceBeanDefinitionParser}.
|
||||
* @author Luke Taylor
|
||||
* @version $Id$
|
||||
*/
|
||||
public class FilterInvocationDefinitionSourceParserTests {
|
||||
public class FilterInvocationSecurityMetadataSourceBeanDefinitionParserTests {
|
||||
private AbstractXmlApplicationContext appContext;
|
||||
|
||||
@After
|
||||
|
|
@ -36,6 +38,11 @@ public class FilterInvocationDefinitionSourceParserTests {
|
|||
appContext = new InMemoryXmlApplicationContext(context);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void beanClassNameIsCorrect() throws Exception {
|
||||
assertEquals(DefaultFilterInvocationSecurityMetadataSource.class.getName(), new FilterInvocationSecurityMetadataSourceBeanDefinitionParser().getBeanClassName(mock(Element.class)));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void parsingMinimalConfigurationIsSuccessful() {
|
||||
setContext(
|
||||
|
|
@ -52,7 +59,7 @@ public class FilterInvocationDefinitionSourceParserTests {
|
|||
public void parsingWithinFilterSecurityInterceptorIsSuccessful() {
|
||||
setContext(
|
||||
"<http auto-config='true'/>" +
|
||||
"<b:bean id='fsi' class='org.springframework.security.intercept.web.FilterSecurityInterceptor' autowire='byType'>" +
|
||||
"<b:bean id='fsi' class='org.springframework.security.web.intercept.FilterSecurityInterceptor' autowire='byType'>" +
|
||||
" <b:property name='securityMetadataSource'>" +
|
||||
" <filter-invocation-definition-source>" +
|
||||
" <intercept-url pattern='/secure/extreme/**' access='ROLE_SUPERVISOR'/>" +
|
||||
|
|
@ -1,6 +1,7 @@
|
|||
package org.springframework.security.config;
|
||||
|
||||
import static org.junit.Assert.*;
|
||||
import static org.springframework.security.config.GlobalMethodSecurityBeanDefinitionParser.*;
|
||||
import static org.springframework.security.config.ConfigTestUtils.AUTH_PROVIDER_XML;
|
||||
|
||||
import java.util.ArrayList;
|
||||
|
|
@ -14,8 +15,12 @@ import org.springframework.security.AccessDeniedException;
|
|||
import org.springframework.security.AuthenticationCredentialsNotFoundException;
|
||||
import org.springframework.security.afterinvocation.AfterInvocationProviderManager;
|
||||
import org.springframework.security.annotation.BusinessService;
|
||||
import org.springframework.security.annotation.Jsr250MethodSecurityMetadataSource;
|
||||
import org.springframework.security.annotation.Jsr250Voter;
|
||||
import org.springframework.security.annotation.SecuredMethodSecurityMetadataSource;
|
||||
import org.springframework.security.config.util.InMemoryXmlApplicationContext;
|
||||
import org.springframework.security.context.SecurityContextHolder;
|
||||
import org.springframework.security.expression.method.ExpressionAnnotationMethodSecurityMetadataSource;
|
||||
import org.springframework.security.expression.method.MethodExpressionAfterInvocationProvider;
|
||||
import org.springframework.security.expression.method.MethodExpressionVoter;
|
||||
import org.springframework.security.providers.TestingAuthenticationToken;
|
||||
|
|
@ -56,6 +61,14 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
|
|||
target = null;
|
||||
}
|
||||
|
||||
@Test
|
||||
public void beanClassNamesAreCorrect() throws Exception {
|
||||
assertEquals(SecuredMethodSecurityMetadataSource.class.getName(), SECURED_METHOD_DEFINITION_SOURCE_CLASS);
|
||||
assertEquals(ExpressionAnnotationMethodSecurityMetadataSource.class.getName(), EXPRESSION_METHOD_DEFINITION_SOURCE_CLASS);
|
||||
assertEquals(Jsr250MethodSecurityMetadataSource.class.getName(), JSR_250_SECURITY_METHOD_DEFINITION_SOURCE_CLASS);
|
||||
assertEquals(Jsr250Voter.class.getName(), JSR_250_VOTER_CLASS);
|
||||
}
|
||||
|
||||
@Test(expected=AuthenticationCredentialsNotFoundException.class)
|
||||
public void targetShouldPreventProtectedMethodInvocationWithNoContext() {
|
||||
loadContext();
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ package org.springframework.security.config;
|
|||
|
||||
import static org.junit.Assert.*;
|
||||
import static org.springframework.security.config.ConfigTestUtils.AUTH_PROVIDER_XML;
|
||||
import static org.springframework.security.config.HttpSecurityBeanDefinitionParser.*;
|
||||
|
||||
import java.lang.reflect.Method;
|
||||
import java.util.Iterator;
|
||||
|
|
@ -24,34 +25,43 @@ import org.springframework.security.MockAuthenticationEntryPoint;
|
|||
import org.springframework.security.SecurityConfig;
|
||||
import org.springframework.security.concurrent.ConcurrentLoginException;
|
||||
import org.springframework.security.concurrent.ConcurrentSessionControllerImpl;
|
||||
import org.springframework.security.concurrent.ConcurrentSessionFilter;
|
||||
import org.springframework.security.config.util.InMemoryXmlApplicationContext;
|
||||
import org.springframework.security.context.SecurityContextHolder;
|
||||
import org.springframework.security.context.web.HttpSessionSecurityContextRepository;
|
||||
import org.springframework.security.context.web.SecurityContextPersistenceFilter;
|
||||
import org.springframework.security.intercept.web.FilterInvocation;
|
||||
import org.springframework.security.intercept.web.FilterInvocationSecurityMetadataSource;
|
||||
import org.springframework.security.intercept.web.FilterSecurityInterceptor;
|
||||
import org.springframework.security.openid.OpenIDAuthenticationProcessingFilter;
|
||||
import org.springframework.security.openid.OpenIDAuthenticationProvider;
|
||||
import org.springframework.security.providers.TestingAuthenticationToken;
|
||||
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.securechannel.ChannelProcessingFilter;
|
||||
import org.springframework.security.ui.AuthenticationFailureHandler;
|
||||
import org.springframework.security.ui.AuthenticationSuccessHandler;
|
||||
import org.springframework.security.ui.ExceptionTranslationFilter;
|
||||
import org.springframework.security.ui.SessionFixationProtectionFilter;
|
||||
import org.springframework.security.ui.WebAuthenticationDetails;
|
||||
import org.springframework.security.ui.anonymous.AnonymousProcessingFilter;
|
||||
import org.springframework.security.ui.basicauth.BasicProcessingFilter;
|
||||
import org.springframework.security.ui.logout.LogoutFilter;
|
||||
import org.springframework.security.ui.logout.LogoutHandler;
|
||||
import org.springframework.security.ui.preauth.x509.X509PreAuthenticatedProcessingFilter;
|
||||
import org.springframework.security.ui.rememberme.PersistentTokenBasedRememberMeServices;
|
||||
import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;
|
||||
import org.springframework.security.ui.webapp.DefaultLoginPageGeneratingFilter;
|
||||
import org.springframework.security.util.FieldUtils;
|
||||
import org.springframework.security.web.util.FilterChainProxy;
|
||||
import org.springframework.security.web.util.PortMapperImpl;
|
||||
import org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter;
|
||||
import org.springframework.security.web.ExceptionTranslationFilter;
|
||||
import org.springframework.security.web.FilterChainProxy;
|
||||
import org.springframework.security.web.PortMapperImpl;
|
||||
import org.springframework.security.web.SessionFixationProtectionFilter;
|
||||
import org.springframework.security.web.WebAuthenticationDetails;
|
||||
import org.springframework.security.web.authentication.AnonymousProcessingFilter;
|
||||
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
|
||||
import org.springframework.security.web.authentication.AuthenticationProcessingFilter;
|
||||
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
|
||||
import org.springframework.security.web.authentication.DefaultLoginPageGeneratingFilter;
|
||||
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
|
||||
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
|
||||
import org.springframework.security.web.authentication.preauth.x509.X509PreAuthenticatedProcessingFilter;
|
||||
import org.springframework.security.web.authentication.rememberme.InMemoryTokenRepositoryImpl;
|
||||
import org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices;
|
||||
import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;
|
||||
import org.springframework.security.web.authentication.www.BasicProcessingFilter;
|
||||
import org.springframework.security.web.concurrent.ConcurrentSessionFilter;
|
||||
import org.springframework.security.web.concurrent.SessionRegistryImpl;
|
||||
import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
|
||||
import org.springframework.security.web.context.SecurityContextPersistenceFilter;
|
||||
import org.springframework.security.web.expression.DefaultWebSecurityExpressionHandler;
|
||||
import org.springframework.security.web.expression.ExpressionBasedFilterInvocationSecurityMetadataSource;
|
||||
import org.springframework.security.web.intercept.FilterInvocation;
|
||||
import org.springframework.security.web.intercept.FilterInvocationSecurityMetadataSource;
|
||||
import org.springframework.security.web.intercept.FilterSecurityInterceptor;
|
||||
import org.springframework.security.web.logout.LogoutFilter;
|
||||
import org.springframework.security.web.logout.LogoutHandler;
|
||||
import org.springframework.security.web.securechannel.ChannelProcessingFilter;
|
||||
import org.springframework.security.web.wrapper.SecurityContextHolderAwareRequestFilter;
|
||||
import org.springframework.util.ReflectionUtils;
|
||||
|
||||
/**
|
||||
|
|
@ -76,6 +86,15 @@ public class HttpSecurityBeanDefinitionParserTests {
|
|||
setContext("<http><http-basic /></http>" + AUTH_PROVIDER_XML);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void beanClassNamesAreCorrect() throws Exception {
|
||||
assertEquals(DefaultWebSecurityExpressionHandler.class.getName(), EXPRESSION_HANDLER_CLASS);
|
||||
assertEquals(ExpressionBasedFilterInvocationSecurityMetadataSource.class.getName(), EXPRESSION_FIMDS_CLASS);
|
||||
assertEquals(AuthenticationProcessingFilter.class.getName(), AUTHENTICATION_PROCESSING_FILTER_CLASS);
|
||||
assertEquals(OpenIDAuthenticationProcessingFilter.class.getName(), OPEN_ID_AUTHENTICATION_PROCESSING_FILTER_CLASS);
|
||||
assertEquals(OpenIDAuthenticationProvider.class.getName(), OPEN_ID_AUTHENTICATION_PROVIDER_CLASS);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void httpAutoConfigSetsUpCorrectFilterList() throws Exception {
|
||||
setContext("<http auto-config='true' />" + AUTH_PROVIDER_XML);
|
||||
|
|
@ -142,7 +161,7 @@ public class HttpSecurityBeanDefinitionParserTests {
|
|||
// This will be matched by the default pattern ".*"
|
||||
List<Filter> allFilters = getFilters("/ImCaughtByTheUniversalMatchPattern");
|
||||
checkAutoConfigFilters(allFilters);
|
||||
assertEquals(false, FieldUtils.getFieldValue(appContext.getBean("_filterChainProxy"), "stripQueryStringFromUrls"));
|
||||
assertEquals(false, FieldUtils.getFieldValue(appContext.getBean(BeanIds.FILTER_CHAIN_PROXY), "stripQueryStringFromUrls"));
|
||||
assertEquals(false, FieldUtils.getFieldValue(allFilters.get(AUTO_CONFIG_FILTERS-1), "securityMetadataSource.stripQueryStringFromUrls"));
|
||||
}
|
||||
|
||||
|
|
@ -335,19 +354,22 @@ public class HttpSecurityBeanDefinitionParserTests {
|
|||
@Test
|
||||
public void externalFiltersAreTreatedCorrectly() throws Exception {
|
||||
// Decorated user-filters should be added to stack. The others should be ignored.
|
||||
String contextHolderFilterClass = SecurityContextHolderAwareRequestFilter.class.getName();
|
||||
String contextPersistenceFilterClass = SecurityContextPersistenceFilter.class.getName();
|
||||
|
||||
setContext(
|
||||
"<http auto-config='true'/>" + AUTH_PROVIDER_XML +
|
||||
"<b:bean id='userFilter' class='org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter'>" +
|
||||
"<b:bean id='userFilter' class='"+ contextHolderFilterClass +"'>" +
|
||||
" <custom-filter after='LOGOUT_FILTER'/>" +
|
||||
"</b:bean>" +
|
||||
"<b:bean id='userFilter1' class='org.springframework.security.context.web.SecurityContextPersistenceFilter'>" +
|
||||
"<b:bean id='userFilter1' class='" + contextPersistenceFilterClass + "'>" +
|
||||
" <custom-filter before='SESSION_CONTEXT_INTEGRATION_FILTER'/>" +
|
||||
"</b:bean>" +
|
||||
"<b:bean id='userFilter2' class='org.springframework.security.context.web.SecurityContextPersistenceFilter'>" +
|
||||
"<b:bean id='userFilter2' class='" + contextPersistenceFilterClass + "'>" +
|
||||
" <custom-filter position='FIRST'/>" +
|
||||
"</b:bean>" +
|
||||
"<b:bean id='userFilter3' class='org.springframework.security.context.web.SecurityContextPersistenceFilter'/>" +
|
||||
"<b:bean id='userFilter4' class='org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter'/>"
|
||||
"<b:bean id='userFilter3' class='" + contextPersistenceFilterClass + "'/>" +
|
||||
"<b:bean id='userFilter4' class='"+ contextHolderFilterClass +"'/>"
|
||||
);
|
||||
List<Filter> filters = getFilters("/someurl");
|
||||
|
||||
|
|
@ -361,7 +383,7 @@ public class HttpSecurityBeanDefinitionParserTests {
|
|||
public void twoFiltersWithSameOrderAreRejected() {
|
||||
setContext(
|
||||
"<http auto-config='true'/>" + AUTH_PROVIDER_XML +
|
||||
"<b:bean id='userFilter' class='org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter'>" +
|
||||
"<b:bean id='userFilter' class='" + SecurityContextHolderAwareRequestFilter.class.getName() + "'>" +
|
||||
" <custom-filter position='LOGOUT_FILTER'/>" +
|
||||
"</b:bean>");
|
||||
}
|
||||
|
|
@ -373,7 +395,7 @@ public class HttpSecurityBeanDefinitionParserTests {
|
|||
" <remember-me token-repository-ref='tokenRepo'/>" +
|
||||
"</http>" +
|
||||
"<b:bean id='tokenRepo' " +
|
||||
"class='org.springframework.security.ui.rememberme.InMemoryTokenRepositoryImpl'/> " + AUTH_PROVIDER_XML);
|
||||
"class='" + InMemoryTokenRepositoryImpl.class.getName() + "'/> " + AUTH_PROVIDER_XML);
|
||||
Object rememberMeServices = appContext.getBean(BeanIds.REMEMBER_ME_SERVICES);
|
||||
|
||||
assertTrue(rememberMeServices instanceof PersistentTokenBasedRememberMeServices);
|
||||
|
|
@ -400,7 +422,7 @@ public class HttpSecurityBeanDefinitionParserTests {
|
|||
"<http auto-config='true'>" +
|
||||
" <remember-me key='ourkey' services-ref='rms'/>" +
|
||||
"</http>" +
|
||||
"<b:bean id='rms' class='org.springframework.security.ui.rememberme.TokenBasedRememberMeServices'> " +
|
||||
"<b:bean id='rms' class='"+ TokenBasedRememberMeServices.class.getName() +"'> " +
|
||||
" <b:property name='userDetailsService' ref='us'/>" +
|
||||
" <b:property name='key' value='ourkey'/>" +
|
||||
" <b:property name='tokenValiditySeconds' value='5000'/>" +
|
||||
|
|
@ -486,7 +508,7 @@ public class HttpSecurityBeanDefinitionParserTests {
|
|||
"<http auto-config='true'>" +
|
||||
" <concurrent-session-control session-registry-ref='seshRegistry' />" +
|
||||
"</http>" +
|
||||
"<b:bean id='seshRegistry' class='org.springframework.security.concurrent.SessionRegistryImpl'/>" +
|
||||
"<b:bean id='seshRegistry' class='" + SessionRegistryImpl.class.getName() + "'/>" +
|
||||
AUTH_PROVIDER_XML);
|
||||
Object sessionRegistry = appContext.getBean("seshRegistry");
|
||||
Object sessionRegistryFromFilter = FieldUtils.getFieldValue(
|
||||
|
|
@ -508,9 +530,9 @@ public class HttpSecurityBeanDefinitionParserTests {
|
|||
"<http auto-config='true'>" +
|
||||
" <concurrent-session-control session-registry-alias='seshRegistry' expired-url='/expired'/>" +
|
||||
"</http>" +
|
||||
"<b:bean id='sc' class='org.springframework.security.concurrent.ConcurrentSessionControllerImpl'>" +
|
||||
"<b:bean id='sc' class='" + ConcurrentSessionControllerImpl.class.getName() +"'>" +
|
||||
" <b:property name='sessionRegistry'>" +
|
||||
" <b:bean class='org.springframework.security.concurrent.SessionRegistryImpl'/>" +
|
||||
" <b:bean class='"+ SessionRegistryImpl.class.getName() + "'/>" +
|
||||
" </b:property>" +
|
||||
"</b:bean>" + AUTH_PROVIDER_XML);
|
||||
}
|
||||
|
|
@ -523,7 +545,7 @@ public class HttpSecurityBeanDefinitionParserTests {
|
|||
"</http>" +
|
||||
"<b:bean id='sc' class='org.springframework.security.concurrent.ConcurrentSessionControllerImpl'>" +
|
||||
" <b:property name='sessionRegistry'>" +
|
||||
" <b:bean class='org.springframework.security.concurrent.SessionRegistryImpl'/>" +
|
||||
" <b:bean class='" + SessionRegistryImpl.class.getName() + "'/>" +
|
||||
" </b:property>" +
|
||||
"</b:bean>" +
|
||||
"<authentication-manager alias='authManager' session-controller-ref='sc'/>" + AUTH_PROVIDER_XML);
|
||||
|
|
@ -564,7 +586,7 @@ public class HttpSecurityBeanDefinitionParserTests {
|
|||
public void customEntryPointIsSupported() throws Exception {
|
||||
setContext(
|
||||
"<http auto-config='true' entry-point-ref='entryPoint'/>" +
|
||||
"<b:bean id='entryPoint' class='org.springframework.security.MockAuthenticationEntryPoint'>" +
|
||||
"<b:bean id='entryPoint' class='" + MockAuthenticationEntryPoint.class.getName() + "'>" +
|
||||
" <b:constructor-arg value='/customlogin'/>" +
|
||||
"</b:bean>" + AUTH_PROVIDER_XML);
|
||||
ExceptionTranslationFilter etf = (ExceptionTranslationFilter) getFilters("/someurl").get(AUTO_CONFIG_FILTERS-3);
|
||||
|
|
@ -693,7 +715,7 @@ public class HttpSecurityBeanDefinitionParserTests {
|
|||
@Test
|
||||
public void supportsExternallyDefinedSecurityContextRepository() throws Exception {
|
||||
setContext(
|
||||
"<b:bean id='repo' class='org.springframework.security.context.web.HttpSessionSecurityContextRepository'/>" +
|
||||
"<b:bean id='repo' class='" + HttpSessionSecurityContextRepository.class.getName() + "'/>" +
|
||||
"<http create-session='always' security-context-repository-ref='repo'>" +
|
||||
" <http-basic />" +
|
||||
"</http>" + AUTH_PROVIDER_XML);
|
||||
|
|
@ -706,7 +728,7 @@ public class HttpSecurityBeanDefinitionParserTests {
|
|||
@Test(expected=BeanDefinitionParsingException.class)
|
||||
public void cantUseUnsupportedSessionCreationAttributeWithExternallyDefinedSecurityContextRepository() throws Exception {
|
||||
setContext(
|
||||
"<b:bean id='repo' class='org.springframework.security.context.web.HttpSessionSecurityContextRepository'/>" +
|
||||
"<b:bean id='repo' class='" + HttpSessionSecurityContextRepository.class.getName() + "'/>" +
|
||||
"<http create-session='never' security-context-repository-ref='repo'>" +
|
||||
" <http-basic />" +
|
||||
"</http>" + AUTH_PROVIDER_XML);
|
||||
|
|
@ -746,8 +768,8 @@ public class HttpSecurityBeanDefinitionParserTests {
|
|||
"<http>" +
|
||||
" <form-login authentication-success-handler-ref='sh' authentication-failure-handler-ref='fh'/>" +
|
||||
"</http>" +
|
||||
"<b:bean id='sh' class='org.springframework.security.ui.SavedRequestAwareAuthenticationSuccessHandler'/>" +
|
||||
"<b:bean id='fh' class='org.springframework.security.ui.SimpleUrlAuthenticationFailureHandler'/>" +
|
||||
"<b:bean id='sh' class='" + SavedRequestAwareAuthenticationSuccessHandler.class.getName() +"'/>" +
|
||||
"<b:bean id='fh' class='" + SimpleUrlAuthenticationFailureHandler.class.getName() + "'/>" +
|
||||
AUTH_PROVIDER_XML);
|
||||
AuthenticationProcessingFilter apf = (AuthenticationProcessingFilter) appContext.getBean(BeanIds.FORM_LOGIN_FILTER);
|
||||
AuthenticationSuccessHandler sh = (AuthenticationSuccessHandler) appContext.getBean("sh");
|
||||
|
|
|
|||
|
|
@ -8,8 +8,10 @@ import org.springframework.context.support.AbstractXmlApplicationContext;
|
|||
import org.springframework.security.Authentication;
|
||||
import org.springframework.security.AuthenticationException;
|
||||
import org.springframework.security.concurrent.ConcurrentSessionController;
|
||||
import org.springframework.security.concurrent.ConcurrentSessionControllerImpl;
|
||||
import org.springframework.security.config.util.InMemoryXmlApplicationContext;
|
||||
import org.springframework.security.util.FieldUtils;
|
||||
import org.springframework.security.web.concurrent.SessionRegistryImpl;
|
||||
|
||||
/**
|
||||
*
|
||||
|
|
@ -35,9 +37,9 @@ public class SessionRegistryInjectionBeanPostProcessorTests {
|
|||
public void sessionRegistryIsSetOnFiltersWhenUsingCustomControllerWithInternalRegistryBean() throws Exception {
|
||||
setContext(
|
||||
"<http auto-config='true'/>" +
|
||||
"<b:bean id='sc' class='org.springframework.security.concurrent.ConcurrentSessionControllerImpl'>" +
|
||||
"<b:bean id='sc' class='" + ConcurrentSessionControllerImpl.class.getName() + "'>" +
|
||||
" <b:property name='sessionRegistry'>" +
|
||||
" <b:bean class='org.springframework.security.concurrent.SessionRegistryImpl'/>" +
|
||||
" <b:bean class='" + SessionRegistryImpl.class.getName() + "'/>" +
|
||||
" </b:property>" +
|
||||
"</b:bean>" +
|
||||
"<authentication-manager alias='authManager' session-controller-ref='sc'/>" +
|
||||
|
|
@ -51,7 +53,7 @@ public class SessionRegistryInjectionBeanPostProcessorTests {
|
|||
setContext(
|
||||
"<http auto-config='true'/>" +
|
||||
"<b:bean id='sc' class='org.springframework.security.config.SessionRegistryInjectionBeanPostProcessorTests$MockConcurrentSessionController'/>" +
|
||||
"<b:bean id='sessionRegistry' class='org.springframework.security.concurrent.SessionRegistryImpl'/>" +
|
||||
"<b:bean id='sessionRegistry' class='" + SessionRegistryImpl.class.getName() + "'/>" +
|
||||
"<authentication-manager alias='authManager' session-controller-ref='sc'/>" +
|
||||
ConfigTestUtils.AUTH_PROVIDER_XML);
|
||||
assertNotNull(FieldUtils.getFieldValue(appContext.getBean(BeanIds.SESSION_FIXATION_PROTECTION_FILTER), "sessionRegistry"));
|
||||
|
|
|
|||
|
|
@ -34,10 +34,10 @@ import org.springframework.context.support.ClassPathXmlApplicationContext;
|
|||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.security.MockFilterConfig;
|
||||
import org.springframework.security.context.web.SecurityContextPersistenceFilter;
|
||||
import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;
|
||||
import org.springframework.security.web.util.FilterChainProxy;
|
||||
import org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter;
|
||||
import org.springframework.security.web.FilterChainProxy;
|
||||
import org.springframework.security.web.authentication.AuthenticationProcessingFilter;
|
||||
import org.springframework.security.web.context.SecurityContextPersistenceFilter;
|
||||
import org.springframework.security.web.wrapper.SecurityContextHolderAwareRequestFilter;
|
||||
|
||||
/**
|
||||
* Tests {@link FilterChainProxy}.
|
||||
|
|
|
|||
|
|
@ -24,14 +24,14 @@
|
|||
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
|
||||
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
|
||||
|
||||
<bean id="mockFilter" class="org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter"/>
|
||||
<bean id="mockFilter" class="org.springframework.security.web.wrapper.SecurityContextHolderAwareRequestFilter"/>
|
||||
|
||||
<bean id="mockFilter2" class="org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter"/>
|
||||
<bean id="mockFilter2" class="org.springframework.security.web.wrapper.SecurityContextHolderAwareRequestFilter"/>
|
||||
|
||||
<!-- These are just here so we have filters of a specific type to check the ordering is as expected -->
|
||||
<bean id="sif" class="org.springframework.security.context.web.SecurityContextPersistenceFilter"/>
|
||||
<bean id="sif" class="org.springframework.security.web.context.SecurityContextPersistenceFilter"/>
|
||||
|
||||
<bean id="apf" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter">
|
||||
<bean id="apf" class="org.springframework.security.web.authentication.AuthenticationProcessingFilter">
|
||||
<property name="authenticationManager">
|
||||
<bean class="org.springframework.security.MockAuthenticationManager"/>
|
||||
</property>
|
||||
|
|
@ -39,7 +39,7 @@ http://www.springframework.org/schema/security http://www.springframework.org/sc
|
|||
|
||||
<bean id="mockNotAFilter" class="org.springframework.security.util.MockNotAFilter"/>
|
||||
|
||||
<bean id="filterChain" class="org.springframework.security.web.util.FilterChainProxy">
|
||||
<bean id="filterChain" class="org.springframework.security.web.FilterChainProxy">
|
||||
<sec:filter-chain-map path-type="ant">
|
||||
<sec:filter-chain pattern="/foo/**" filters="mockFilter"/>
|
||||
<sec:filter-chain pattern="/some/other/path/**" filters="mockFilter"/>
|
||||
|
|
@ -48,7 +48,7 @@ http://www.springframework.org/schema/security http://www.springframework.org/sc
|
|||
</bean>
|
||||
|
||||
<!-- TODO: Refactor to replace the above (SEC-1034: 'new' is now the only valid syntax) -->
|
||||
<bean id="newFilterChainProxy" class="org.springframework.security.web.util.FilterChainProxy">
|
||||
<bean id="newFilterChainProxy" class="org.springframework.security.web.FilterChainProxy">
|
||||
<sec:filter-chain-map path-type="ant">
|
||||
<sec:filter-chain pattern="/foo/**" filters="mockFilter"/>
|
||||
<sec:filter-chain pattern="/some/other/path/**" filters="sif,mockFilter,mockFilter2"/>
|
||||
|
|
@ -57,14 +57,14 @@ http://www.springframework.org/schema/security http://www.springframework.org/sc
|
|||
</sec:filter-chain-map>
|
||||
</bean>
|
||||
|
||||
<bean id="newFilterChainProxyNoDefaultPath" class="org.springframework.security.web.util.FilterChainProxy">
|
||||
<bean id="newFilterChainProxyNoDefaultPath" class="org.springframework.security.web.FilterChainProxy">
|
||||
<sec:filter-chain-map path-type="ant">
|
||||
<sec:filter-chain pattern="/foo/**" filters="mockFilter"/>
|
||||
<sec:filter-chain pattern="/*.bar" filters="mockFilter,mockFilter2"/>
|
||||
</sec:filter-chain-map>
|
||||
</bean>
|
||||
|
||||
<bean id="newFilterChainProxyWrongPathOrder" class="org.springframework.security.web.util.FilterChainProxy">
|
||||
<bean id="newFilterChainProxyWrongPathOrder" class="org.springframework.security.web.FilterChainProxy">
|
||||
<sec:filter-chain-map path-type="ant">
|
||||
<sec:filter-chain pattern="/foo/**" filters="mockFilter"/>
|
||||
<sec:filter-chain pattern="/**" filters="sif,apf,mockFilter"/>
|
||||
|
|
@ -72,7 +72,7 @@ http://www.springframework.org/schema/security http://www.springframework.org/sc
|
|||
</sec:filter-chain-map>
|
||||
</bean>
|
||||
|
||||
<bean id="newFilterChainProxyRegex" class="org.springframework.security.web.util.FilterChainProxy">
|
||||
<bean id="newFilterChainProxyRegex" class="org.springframework.security.web.FilterChainProxy">
|
||||
<sec:filter-chain-map path-type="regex">
|
||||
<sec:filter-chain pattern="\A/foo/.*\Z" filters="mockFilter"/>
|
||||
<sec:filter-chain pattern="\A/s[oO]me/other/path/.*\Z" filters="sif,mockFilter,mockFilter2"/>
|
||||
|
|
@ -81,7 +81,7 @@ http://www.springframework.org/schema/security http://www.springframework.org/sc
|
|||
</sec:filter-chain-map>
|
||||
</bean>
|
||||
|
||||
<bean id="newFilterChainProxyNonNamespace" class="org.springframework.security.web.util.FilterChainProxy">
|
||||
<bean id="newFilterChainProxyNonNamespace" class="org.springframework.security.web.FilterChainProxy">
|
||||
<property name="matcher">
|
||||
<bean class="org.springframework.security.util.AntUrlPathMatcher"/>
|
||||
</property>
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
package org.springframework.security.ui;
|
||||
package org.springframework.security;
|
||||
|
||||
import java.io.Serializable;
|
||||
|
||||
|
|
@ -13,7 +13,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.ui;
|
||||
package org.springframework.security;
|
||||
|
||||
|
||||
|
||||
|
|
@ -1,8 +1,8 @@
|
|||
package org.springframework.security.ui;
|
||||
package org.springframework.security;
|
||||
|
||||
import java.lang.reflect.Constructor;
|
||||
|
||||
import org.springframework.security.ui.AuthenticationDetailsSource;
|
||||
import org.springframework.security.AuthenticationDetailsSource;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.util.ReflectionUtils;
|
||||
|
||||
|
|
@ -15,8 +15,8 @@
|
|||
|
||||
package org.springframework.security;
|
||||
|
||||
import org.springframework.security.providers.anonymous.AnonymousAuthenticationToken;
|
||||
import org.springframework.security.providers.rememberme.RememberMeAuthenticationToken;
|
||||
import org.springframework.security.providers.AnonymousAuthenticationToken;
|
||||
import org.springframework.security.providers.RememberMeAuthenticationToken;
|
||||
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -0,0 +1,5 @@
|
|||
package org.springframework.security.expression.support;
|
||||
|
||||
public class AbstractSecurityExpressionHandler {
|
||||
|
||||
}
|
||||
|
|
@ -13,7 +13,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.providers.anonymous;
|
||||
package org.springframework.security.providers;
|
||||
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
import org.springframework.context.MessageSource;
|
||||
|
|
@ -23,7 +23,6 @@ import org.springframework.security.Authentication;
|
|||
import org.springframework.security.AuthenticationException;
|
||||
import org.springframework.security.BadCredentialsException;
|
||||
import org.springframework.security.SpringSecurityMessageSource;
|
||||
import org.springframework.security.providers.AuthenticationProvider;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
|
||||
|
|
@ -13,11 +13,10 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.providers.anonymous;
|
||||
package org.springframework.security.providers;
|
||||
|
||||
import org.springframework.security.GrantedAuthority;
|
||||
|
||||
import org.springframework.security.providers.AbstractAuthenticationToken;
|
||||
|
||||
import java.io.Serializable;
|
||||
import java.util.Arrays;
|
||||
|
|
@ -13,7 +13,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.providers.rememberme;
|
||||
package org.springframework.security.providers;
|
||||
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
import org.springframework.context.MessageSource;
|
||||
|
|
@ -23,7 +23,6 @@ import org.springframework.security.Authentication;
|
|||
import org.springframework.security.AuthenticationException;
|
||||
import org.springframework.security.BadCredentialsException;
|
||||
import org.springframework.security.SpringSecurityMessageSource;
|
||||
import org.springframework.security.providers.AuthenticationProvider;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
|
||||
|
|
@ -13,14 +13,13 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.providers.rememberme;
|
||||
package org.springframework.security.providers;
|
||||
|
||||
import java.io.Serializable;
|
||||
import java.util.Arrays;
|
||||
import java.util.List;
|
||||
|
||||
import org.springframework.security.GrantedAuthority;
|
||||
import org.springframework.security.providers.AbstractAuthenticationToken;
|
||||
|
||||
|
||||
/**
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
<html>
|
||||
<body>
|
||||
Allows you to secure every invocation (especially useful for web request
|
||||
URI security) by always having either an actual principal or an anonymous
|
||||
principal authenticated.
|
||||
</body>
|
||||
</html>
|
||||
|
|
@ -26,12 +26,13 @@ import org.springframework.security.LockedException;
|
|||
|
||||
import org.springframework.security.providers.AuthenticationProvider;
|
||||
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.providers.dao.cache.NullUserCache;
|
||||
|
||||
import org.springframework.security.userdetails.UserCache;
|
||||
import org.springframework.security.userdetails.UserDetails;
|
||||
import org.springframework.security.userdetails.UserDetailsService;
|
||||
import org.springframework.security.userdetails.UsernameNotFoundException;
|
||||
import org.springframework.security.userdetails.UserDetailsChecker;
|
||||
import org.springframework.security.userdetails.cache.NullUserCache;
|
||||
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +0,0 @@
|
|||
<html>
|
||||
<body>
|
||||
Authentication provider that processes <code>RememberMeAuthenticationToken</code>s.
|
||||
</body>
|
||||
</html>
|
||||
|
|
@ -13,10 +13,8 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.providers.dao;
|
||||
package org.springframework.security.userdetails;
|
||||
|
||||
import org.springframework.security.userdetails.User;
|
||||
import org.springframework.security.userdetails.UserDetails;
|
||||
|
||||
|
||||
/**
|
||||
|
|
@ -13,14 +13,14 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.providers.dao.cache;
|
||||
package org.springframework.security.userdetails.cache;
|
||||
|
||||
import net.sf.ehcache.CacheException;
|
||||
import net.sf.ehcache.Element;
|
||||
import net.sf.ehcache.Ehcache;
|
||||
|
||||
import org.springframework.security.providers.dao.UserCache;
|
||||
|
||||
import org.springframework.security.userdetails.UserCache;
|
||||
import org.springframework.security.userdetails.UserDetails;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
|
|
@ -13,10 +13,10 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.providers.dao.cache;
|
||||
package org.springframework.security.userdetails.cache;
|
||||
|
||||
import org.springframework.security.providers.dao.UserCache;
|
||||
|
||||
import org.springframework.security.userdetails.UserCache;
|
||||
import org.springframework.security.userdetails.UserDetails;
|
||||
|
||||
|
||||
|
|
@ -9,11 +9,11 @@ import org.springframework.security.GrantedAuthorityImpl;
|
|||
import org.springframework.security.util.AuthorityUtils;
|
||||
import org.springframework.security.context.SecurityContextHolder;
|
||||
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.providers.dao.UserCache;
|
||||
import org.springframework.security.providers.dao.cache.NullUserCache;
|
||||
import org.springframework.security.userdetails.UserCache;
|
||||
import org.springframework.security.userdetails.UserDetails;
|
||||
import org.springframework.security.userdetails.UserDetailsManager;
|
||||
import org.springframework.security.userdetails.GroupManager;
|
||||
import org.springframework.security.userdetails.cache.NullUserCache;
|
||||
import org.springframework.context.ApplicationContextException;
|
||||
import org.springframework.dao.IncorrectResultSizeDataAccessException;
|
||||
import org.springframework.jdbc.core.PreparedStatementSetter;
|
||||
|
|
|
|||
|
|
@ -1,8 +1,10 @@
|
|||
package org.springframework.security.ui;
|
||||
package org.springframework.security;
|
||||
|
||||
import static org.junit.Assert.*;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.springframework.security.AuthenticationDetails;
|
||||
import org.springframework.security.AuthenticationDetailsSourceImpl;
|
||||
import org.springframework.security.providers.TestingAuthenticationToken;
|
||||
|
||||
/**
|
||||
|
|
@ -17,9 +17,9 @@ package org.springframework.security;
|
|||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import org.springframework.security.providers.AnonymousAuthenticationToken;
|
||||
import org.springframework.security.providers.RememberMeAuthenticationToken;
|
||||
import org.springframework.security.providers.TestingAuthenticationToken;
|
||||
import org.springframework.security.providers.anonymous.AnonymousAuthenticationToken;
|
||||
import org.springframework.security.providers.rememberme.RememberMeAuthenticationToken;
|
||||
import org.springframework.security.util.AuthorityUtils;
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -22,6 +22,8 @@ import org.springframework.security.BadCredentialsException;
|
|||
import org.springframework.security.GrantedAuthority;
|
||||
import org.springframework.security.GrantedAuthorityImpl;
|
||||
|
||||
import org.springframework.security.providers.AnonymousAuthenticationProvider;
|
||||
import org.springframework.security.providers.AnonymousAuthenticationToken;
|
||||
import org.springframework.security.providers.TestingAuthenticationToken;
|
||||
import org.springframework.security.util.AuthorityUtils;
|
||||
|
||||
|
|
|
|||
|
|
@ -20,6 +20,7 @@ import java.util.List;
|
|||
import junit.framework.TestCase;
|
||||
|
||||
import org.springframework.security.GrantedAuthority;
|
||||
import org.springframework.security.providers.AnonymousAuthenticationToken;
|
||||
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.util.AuthorityUtils;
|
||||
|
||||
|
|
|
|||
|
|
@ -30,8 +30,6 @@ import org.springframework.security.LockedException;
|
|||
|
||||
import org.springframework.security.providers.TestingAuthenticationToken;
|
||||
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.providers.dao.cache.EhCacheBasedUserCache;
|
||||
import org.springframework.security.providers.dao.cache.NullUserCache;
|
||||
import org.springframework.security.providers.dao.salt.SystemWideSaltSource;
|
||||
import org.springframework.security.providers.encoding.ShaPasswordEncoder;
|
||||
|
||||
|
|
@ -39,6 +37,8 @@ import org.springframework.security.userdetails.User;
|
|||
import org.springframework.security.userdetails.UserDetails;
|
||||
import org.springframework.security.userdetails.UserDetailsService;
|
||||
import org.springframework.security.userdetails.UsernameNotFoundException;
|
||||
import org.springframework.security.userdetails.cache.EhCacheBasedUserCache;
|
||||
import org.springframework.security.userdetails.cache.NullUserCache;
|
||||
import org.springframework.security.util.AuthorityUtils;
|
||||
|
||||
import org.springframework.dao.DataAccessException;
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ import java.util.HashMap;
|
|||
import java.util.Map;
|
||||
|
||||
import org.springframework.security.userdetails.User;
|
||||
import org.springframework.security.userdetails.UserCache;
|
||||
import org.springframework.security.userdetails.UserDetails;
|
||||
|
||||
public class MockUserCache implements UserCache {
|
||||
|
|
|
|||
|
|
@ -25,6 +25,7 @@ import org.junit.AfterClass;
|
|||
import org.junit.BeforeClass;
|
||||
import org.junit.Test;
|
||||
import org.springframework.security.userdetails.User;
|
||||
import org.springframework.security.userdetails.cache.EhCacheBasedUserCache;
|
||||
import org.springframework.security.util.AuthorityUtils;
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@ package org.springframework.security.providers.dao.cache;
|
|||
import junit.framework.TestCase;
|
||||
|
||||
import org.springframework.security.userdetails.User;
|
||||
import org.springframework.security.userdetails.cache.NullUserCache;
|
||||
import org.springframework.security.util.AuthorityUtils;
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -19,6 +19,8 @@ import junit.framework.TestCase;
|
|||
|
||||
import org.springframework.security.Authentication;
|
||||
import org.springframework.security.BadCredentialsException;
|
||||
import org.springframework.security.providers.RememberMeAuthenticationProvider;
|
||||
import org.springframework.security.providers.RememberMeAuthenticationToken;
|
||||
import org.springframework.security.providers.TestingAuthenticationToken;
|
||||
import org.springframework.security.util.AuthorityUtils;
|
||||
|
||||
|
|
|
|||
|
|
@ -21,6 +21,7 @@ import java.util.List;
|
|||
import junit.framework.TestCase;
|
||||
|
||||
import org.springframework.security.GrantedAuthority;
|
||||
import org.springframework.security.providers.RememberMeAuthenticationToken;
|
||||
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.util.AuthorityUtils;
|
||||
|
||||
|
|
|
|||
|
|
@ -26,8 +26,8 @@ import org.springframework.security.PopulatedDatabase;
|
|||
import org.springframework.security.TestDataSource;
|
||||
import org.springframework.security.context.SecurityContextHolder;
|
||||
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.providers.dao.UserCache;
|
||||
import org.springframework.security.userdetails.User;
|
||||
import org.springframework.security.userdetails.UserCache;
|
||||
import org.springframework.security.userdetails.UserDetails;
|
||||
import org.springframework.security.util.AuthorityUtils;
|
||||
|
||||
|
|
|
|||
|
|
@ -22,9 +22,9 @@ import junit.framework.TestCase;
|
|||
import org.springframework.security.Authentication;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.SecurityConfig;
|
||||
import org.springframework.security.providers.AnonymousAuthenticationToken;
|
||||
import org.springframework.security.providers.RememberMeAuthenticationToken;
|
||||
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.providers.anonymous.AnonymousAuthenticationToken;
|
||||
import org.springframework.security.providers.rememberme.RememberMeAuthenticationToken;
|
||||
import org.springframework.security.util.AuthorityUtils;
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -19,9 +19,9 @@ import org.springframework.mock.web.MockHttpSession;
|
|||
import org.springframework.security.GrantedAuthority;
|
||||
import org.springframework.security.GrantedAuthorityImpl;
|
||||
import org.springframework.security.context.SecurityContextHolder;
|
||||
import org.springframework.security.context.web.HttpSessionSecurityContextRepository;
|
||||
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.web.util.FilterChainProxy;
|
||||
import org.springframework.security.web.FilterChainProxy;
|
||||
import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
|
||||
import org.springframework.test.context.ContextConfiguration;
|
||||
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
|
||||
import org.springframework.util.StopWatch;
|
||||
|
|
|
|||
|
|
@ -11,13 +11,13 @@
|
|||
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
|
||||
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
|
||||
|
||||
<bean id="fcpMinimalStack" class="org.springframework.security.web.util.FilterChainProxy">
|
||||
<bean id="fcpMinimalStack" class="org.springframework.security.web.FilterChainProxy">
|
||||
<sec:filter-chain-map path-type="ant">
|
||||
<sec:filter-chain pattern="/**" filters="scpf,preAuthFilter,etf,fsi"/>
|
||||
</sec:filter-chain-map>
|
||||
</bean>
|
||||
|
||||
<bean id="fcpFullStack" class="org.springframework.security.web.util.FilterChainProxy">
|
||||
<bean id="fcpFullStack" class="org.springframework.security.web.FilterChainProxy">
|
||||
<sec:filter-chain-map path-type="ant">
|
||||
<sec:filter-chain pattern="/**" filters="scpf,preAuthFilter,apf,basicPf,logoutFilter,scharf,etf,fsi"/>
|
||||
</sec:filter-chain-map>
|
||||
|
|
@ -37,36 +37,36 @@
|
|||
<sec:user name="bob" password="bobspassword" authorities="ROLE_0,ROLE_1"/>
|
||||
</sec:user-service>
|
||||
|
||||
<bean id="scpf" class="org.springframework.security.context.web.SecurityContextPersistenceFilter"/>
|
||||
<bean id="scpf" class="org.springframework.security.web.context.SecurityContextPersistenceFilter"/>
|
||||
|
||||
<bean id="apf" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter">
|
||||
<bean id="apf" class="org.springframework.security.web.authentication.AuthenticationProcessingFilter">
|
||||
<property name="authenticationManager" ref="authenticationManager"/>
|
||||
</bean>
|
||||
|
||||
<bean id="basicPf" class="org.springframework.security.ui.basicauth.BasicProcessingFilter">
|
||||
<bean id="basicPf" class="org.springframework.security.web.authentication.www.BasicProcessingFilter">
|
||||
<property name="authenticationManager" ref="authenticationManager"/>
|
||||
<property name="ignoreFailure" value="true"/>
|
||||
</bean>
|
||||
|
||||
<bean id="preAuthFilter" class="org.springframework.security.ui.preauth.header.RequestHeaderPreAuthenticatedProcessingFilter">
|
||||
<bean id="preAuthFilter" class="org.springframework.security.web.authentication.preauth.RequestHeaderPreAuthenticatedProcessingFilter">
|
||||
<property name="authenticationManager" ref="authenticationManager"/>
|
||||
</bean>
|
||||
|
||||
<bean id="scharf" class="org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter" />
|
||||
<bean id="scharf" class="org.springframework.security.web.wrapper.SecurityContextHolderAwareRequestFilter" />
|
||||
|
||||
<bean id="preAuthenticatedProcessingFilterEntryPoint"
|
||||
class="org.springframework.security.ui.preauth.PreAuthenticatedProcessingFilterEntryPoint"/>
|
||||
class="org.springframework.security.web.authentication.preauth.PreAuthenticatedProcessingFilterEntryPoint"/>
|
||||
|
||||
<bean id="logoutFilter" class="org.springframework.security.ui.logout.LogoutFilter">
|
||||
<bean id="logoutFilter" class="org.springframework.security.web.logout.LogoutFilter">
|
||||
<constructor-arg value="/"/>
|
||||
<constructor-arg>
|
||||
<list>
|
||||
<bean class="org.springframework.security.ui.logout.SecurityContextLogoutHandler"/>
|
||||
<bean class="org.springframework.security.web.logout.SecurityContextLogoutHandler"/>
|
||||
</list>
|
||||
</constructor-arg>
|
||||
</bean>
|
||||
|
||||
<bean id="etf" class="org.springframework.security.ui.ExceptionTranslationFilter">
|
||||
<bean id="etf" class="org.springframework.security.web.ExceptionTranslationFilter">
|
||||
<property name="authenticationEntryPoint" ref="preAuthenticatedProcessingFilterEntryPoint"/>
|
||||
</bean>
|
||||
|
||||
|
|
@ -88,7 +88,7 @@
|
|||
</property>
|
||||
</bean>
|
||||
|
||||
<bean id="fsi" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
|
||||
<bean id="fsi" class="org.springframework.security.web.intercept.FilterSecurityInterceptor">
|
||||
<property name="authenticationManager" ref="authenticationManager"/>
|
||||
<property name="accessDecisionManager" ref="accessDecisionManager"/>
|
||||
<property name="securityMetadataSource">
|
||||
|
|
|
|||
|
|
@ -7,13 +7,13 @@
|
|||
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.2.xsd">
|
||||
|
||||
<!-- A second APF in addition to the standard namespace one -->
|
||||
<bean name="formLoginFilter2" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter">
|
||||
<bean name="formLoginFilter2" class="org.springframework.security.authentication.AuthenticationProcessingFilter">
|
||||
<sec:custom-filter after="AUTHENTICATION_PROCESSING_FILTER"/>
|
||||
<property name="filterProcessesUrl" value="/j_spring_security_check_2"/>
|
||||
</bean>
|
||||
|
||||
|
||||
<bean name="switchUserFilter" class="org.springframework.security.ui.switchuser.SwitchUserProcessingFilter">
|
||||
<bean name="switchUserFilter" class="org.springframework.security.web.authentication.switchuser.SwitchUserProcessingFilter">
|
||||
<sec:custom-filter position="SWITCH_USER_FILTER"/>
|
||||
</bean>
|
||||
</beans>
|
||||
</beans>
|
||||
|
|
|
|||
|
|
@ -6,13 +6,13 @@
|
|||
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
|
||||
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.2.xsd">
|
||||
|
||||
<!--
|
||||
<!--
|
||||
Http App Context to test form login, remember-me and concurrent session control.
|
||||
Needs to be supplemented with authentication provider(s)
|
||||
Needs to be supplemented with authentication provider(s)
|
||||
-->
|
||||
|
||||
<http>
|
||||
<intercept-url pattern="/login.jsp*" filters="none" />
|
||||
<intercept-url pattern="/login.jsp*" filters="none" />
|
||||
<intercept-url pattern="/secure/**" access="ROLE_DEVELOPER,ROLE_USER" />
|
||||
<intercept-url pattern="/**" access="ROLE_DEVELOPER,ROLE_USER" />
|
||||
|
||||
|
|
@ -27,8 +27,8 @@
|
|||
<remember-me key="doesntmatter" token-repository-ref="tokenRepo"/>
|
||||
</http>
|
||||
|
||||
<beans:bean name="tokenRepo" class="org.springframework.security.ui.rememberme.InMemoryTokenRepositoryImpl"/>
|
||||
<beans:bean name="tokenRepo" class="org.springframework.security.web.authentication.rememberme.InMemoryTokenRepositoryImpl"/>
|
||||
|
||||
<!-- bean name="rememberMeServices" class="org.springframework.security.ui.rememberme.NullRememberMeServices"/ -->
|
||||
|
||||
</beans:beans>
|
||||
</beans:beans>
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ package org.springframework.security.ldap;
|
|||
|
||||
import org.springframework.security.Authentication;
|
||||
import org.springframework.security.context.SecurityContextHolder;
|
||||
import org.springframework.security.providers.anonymous.AnonymousAuthenticationToken;
|
||||
import org.springframework.security.providers.AnonymousAuthenticationToken;
|
||||
import org.springframework.security.userdetails.ldap.LdapUserDetails;
|
||||
import org.springframework.ldap.core.AuthenticationSource;
|
||||
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
package org.springframework.security.ldap;
|
||||
|
||||
import org.springframework.security.context.SecurityContextHolder;
|
||||
import org.springframework.security.providers.AnonymousAuthenticationToken;
|
||||
import org.springframework.security.providers.TestingAuthenticationToken;
|
||||
import org.springframework.security.providers.anonymous.AnonymousAuthenticationToken;
|
||||
import org.springframework.security.userdetails.ldap.LdapUserDetailsImpl;
|
||||
import org.springframework.security.util.AuthorityUtils;
|
||||
import org.springframework.ldap.core.AuthenticationSource;
|
||||
|
|
|
|||
|
|
@ -17,18 +17,18 @@ package org.springframework.security.ui.ntlm;
|
|||
|
||||
import org.springframework.security.Authentication;
|
||||
import org.springframework.security.AuthenticationCredentialsNotFoundException;
|
||||
import org.springframework.security.AuthenticationDetailsSource;
|
||||
import org.springframework.security.AuthenticationException;
|
||||
import org.springframework.security.AuthenticationManager;
|
||||
import org.springframework.security.BadCredentialsException;
|
||||
import org.springframework.security.InsufficientAuthenticationException;
|
||||
import org.springframework.security.context.SecurityContextHolder;
|
||||
import org.springframework.security.providers.AnonymousAuthenticationToken;
|
||||
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.providers.anonymous.AnonymousAuthenticationToken;
|
||||
import org.springframework.security.ui.SpringSecurityFilter;
|
||||
import org.springframework.security.ui.FilterChainOrder;
|
||||
import org.springframework.security.ui.AuthenticationDetailsSource;
|
||||
import org.springframework.security.ui.WebAuthenticationDetailsSource;
|
||||
import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;
|
||||
import org.springframework.security.web.FilterChainOrder;
|
||||
import org.springframework.security.web.SpringSecurityFilter;
|
||||
import org.springframework.security.web.WebAuthenticationDetailsSource;
|
||||
import org.springframework.security.web.authentication.AuthenticationProcessingFilter;
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ import javax.servlet.http.HttpServletRequest;
|
|||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.springframework.security.AuthenticationException;
|
||||
import org.springframework.security.ui.AuthenticationEntryPoint;
|
||||
import org.springframework.security.web.AuthenticationEntryPoint;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.providers.openid;
|
||||
package org.springframework.security.openid;
|
||||
|
||||
import org.springframework.security.AuthenticationException;
|
||||
|
||||
|
|
@ -12,13 +12,7 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.ui.openid.consumers;
|
||||
|
||||
import org.springframework.security.providers.openid.OpenIDAuthenticationStatus;
|
||||
import org.springframework.security.providers.openid.OpenIDAuthenticationToken;
|
||||
|
||||
import org.springframework.security.ui.openid.OpenIDConsumer;
|
||||
import org.springframework.security.ui.openid.OpenIDConsumerException;
|
||||
package org.springframework.security.openid;
|
||||
|
||||
import org.openid4java.association.AssociationException;
|
||||
|
||||
|
|
@ -13,7 +13,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.ui.openid;
|
||||
package org.springframework.security.openid;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.net.MalformedURLException;
|
||||
|
|
@ -28,12 +28,9 @@ import javax.servlet.http.HttpSession;
|
|||
import org.springframework.security.Authentication;
|
||||
import org.springframework.security.AuthenticationException;
|
||||
import org.springframework.security.AuthenticationServiceException;
|
||||
import org.springframework.security.providers.openid.OpenIDAuthenticationProvider;
|
||||
import org.springframework.security.providers.openid.OpenIDAuthenticationToken;
|
||||
import org.springframework.security.ui.AbstractProcessingFilter;
|
||||
import org.springframework.security.ui.FilterChainOrder;
|
||||
import org.springframework.security.ui.openid.consumers.OpenID4JavaConsumer;
|
||||
import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;
|
||||
import org.springframework.security.web.FilterChainOrder;
|
||||
import org.springframework.security.web.authentication.AbstractProcessingFilter;
|
||||
import org.springframework.security.web.authentication.AuthenticationProcessingFilter;
|
||||
import org.springframework.util.StringUtils;
|
||||
|
||||
|
||||
|
|
@ -12,7 +12,7 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.providers.openid;
|
||||
package org.springframework.security.openid;
|
||||
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
import org.springframework.security.Authentication;
|
||||
|
|
@ -12,7 +12,7 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.providers.openid;
|
||||
package org.springframework.security.openid;
|
||||
|
||||
import java.io.ObjectStreamException;
|
||||
import java.io.Serializable;
|
||||
|
|
@ -12,7 +12,7 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.providers.openid;
|
||||
package org.springframework.security.openid;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
|
@ -12,9 +12,8 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.ui.openid;
|
||||
package org.springframework.security.openid;
|
||||
|
||||
import org.springframework.security.providers.openid.OpenIDAuthenticationToken;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
|
|
@ -12,7 +12,7 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.ui.openid;
|
||||
package org.springframework.security.openid;
|
||||
|
||||
/**
|
||||
* Thrown by an OpenIDConsumer if it cannot process a request
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
<html>
|
||||
<body>
|
||||
An authentication provider that can process <a href="http://openid.net">OpenID</a>
|
||||
Authentication Tokens as created by implementations of the OpenIDConsumer interface.
|
||||
</body>
|
||||
</html>
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
<html>
|
||||
<body>
|
||||
Implementations of the OpenIDConsumer interface using 3rd party libraries.
|
||||
</body>
|
||||
</html>
|
||||
|
|
@ -12,11 +12,11 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.ui.openid.consumers;
|
||||
package org.springframework.security.openid;
|
||||
|
||||
import org.springframework.security.providers.openid.OpenIDAuthenticationToken;
|
||||
import org.springframework.security.ui.openid.OpenIDConsumer;
|
||||
import org.springframework.security.ui.openid.OpenIDConsumerException;
|
||||
import org.springframework.security.openid.OpenIDAuthenticationToken;
|
||||
import org.springframework.security.openid.OpenIDConsumer;
|
||||
import org.springframework.security.openid.OpenIDConsumerException;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
package org.springframework.security.ui.openid;
|
||||
package org.springframework.security.openid;
|
||||
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.mockito.Matchers.any;
|
||||
|
|
@ -13,8 +13,9 @@ import org.junit.Test;
|
|||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.security.MockAuthenticationManager;
|
||||
import org.springframework.security.ui.SavedRequestAwareAuthenticationSuccessHandler;
|
||||
import org.springframework.security.ui.openid.consumers.MockOpenIDConsumer;
|
||||
import org.springframework.security.openid.OpenIDAuthenticationProcessingFilter;
|
||||
import org.springframework.security.openid.OpenIDConsumerException;
|
||||
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
|
||||
|
||||
public class OpenIDAuthenticationProcessingFilterTests {
|
||||
|
||||
|
|
@ -12,7 +12,7 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.providers.openid;
|
||||
package org.springframework.security.openid;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
import org.springframework.security.Authentication;
|
||||
|
|
@ -23,6 +23,10 @@ import org.springframework.security.GrantedAuthority;
|
|||
import org.springframework.security.GrantedAuthorityImpl;
|
||||
import org.springframework.security.userdetails.UserDetails;
|
||||
import org.springframework.security.userdetails.User;
|
||||
import org.springframework.security.openid.AuthenticationCancelledException;
|
||||
import org.springframework.security.openid.OpenIDAuthenticationProvider;
|
||||
import org.springframework.security.openid.OpenIDAuthenticationStatus;
|
||||
import org.springframework.security.openid.OpenIDAuthenticationToken;
|
||||
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.userdetails.UserDetailsService;
|
||||
|
||||
|
|
@ -12,7 +12,10 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.providers.openid;
|
||||
package org.springframework.security.openid;
|
||||
|
||||
import org.springframework.security.openid.OpenIDAuthenticationStatus;
|
||||
import org.springframework.security.openid.OpenIDAuthenticationToken;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
|
|
@ -31,14 +31,14 @@ import javax.portlet.RenderRequest;
|
|||
import javax.portlet.RenderResponse;
|
||||
|
||||
import org.springframework.security.Authentication;
|
||||
import org.springframework.security.AuthenticationDetailsSource;
|
||||
import org.springframework.security.AuthenticationDetailsSourceImpl;
|
||||
import org.springframework.security.AuthenticationException;
|
||||
import org.springframework.security.AuthenticationManager;
|
||||
import org.springframework.security.context.SecurityContext;
|
||||
import org.springframework.security.context.SecurityContextHolder;
|
||||
import org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationToken;
|
||||
import org.springframework.security.ui.AbstractProcessingFilter;
|
||||
import org.springframework.security.ui.AuthenticationDetailsSource;
|
||||
import org.springframework.security.ui.AuthenticationDetailsSourceImpl;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
|
|
|
|||
|
|
@ -43,7 +43,7 @@
|
|||
<!-- Filter used to switch the user context. Note: the switch and exit url must be secured
|
||||
based on the role granted the ability to 'switch' to another user -->
|
||||
<!-- In this example 'rod' has ROLE_SUPERVISOR that can switch to regular ROLE_USER(s) -->
|
||||
<b:bean id="switchUserProcessingFilter" class="org.springframework.security.ui.switchuser.SwitchUserProcessingFilter" autowire="byType">
|
||||
<b:bean id="switchUserProcessingFilter" class="org.springframework.security.web.authentication.switchuser.SwitchUserProcessingFilter" autowire="byType">
|
||||
<custom-filter position="SWITCH_USER_FILTER"/>
|
||||
<b:property name="targetUrl" value="/secure/index.htm"/>
|
||||
</b:bean>
|
||||
|
|
|
|||
|
|
@ -60,15 +60,6 @@
|
|||
<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
|
||||
</listener>
|
||||
|
||||
<!--
|
||||
The HttpSessionEventPublisher will publish
|
||||
HttpSessionCreatedEvent and HttpSessionDestroyedEvent
|
||||
to the WebApplicationContext
|
||||
-->
|
||||
<listener>
|
||||
<listener-class>org.springframework.security.ui.session.HttpSessionEventPublisher</listener-class>
|
||||
</listener>
|
||||
|
||||
<!--
|
||||
- Provides core MVC application controller. See contacts-servlet.xml.
|
||||
-->
|
||||
|
|
|
|||
|
|
@ -73,7 +73,7 @@
|
|||
<property name="cacheName" value="userCache"/>
|
||||
</bean>
|
||||
|
||||
<bean id="userCache" class="org.springframework.security.providers.dao.cache.EhCacheBasedUserCache">
|
||||
<bean id="userCache" class="org.springframework.security.userdetails.cache.EhCacheBasedUserCache">
|
||||
<property name="cache" ref="userCacheBackend"/>
|
||||
</bean>
|
||||
|
||||
|
|
|
|||
|
|
@ -15,6 +15,16 @@
|
|||
<artifactId>spring-security-ldap</artifactId>
|
||||
<version>${project.version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-config</artifactId>
|
||||
<version>${project.version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-web</artifactId>
|
||||
<version>${project.version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework</groupId>
|
||||
<artifactId>org.springframework.web</artifactId>
|
||||
|
|
|
|||
|
|
@ -46,12 +46,4 @@
|
|||
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
|
||||
</listener>
|
||||
|
||||
<!--
|
||||
- Publishes events for session creation and destruction through the application
|
||||
- context. Optional unless concurrent session control is being used.
|
||||
-->
|
||||
<listener>
|
||||
<listener-class>org.springframework.security.ui.session.HttpSessionEventPublisher</listener-class>
|
||||
</listener>
|
||||
|
||||
</web-app>
|
||||
|
|
|
|||
|
|
@ -14,29 +14,30 @@
|
|||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-core</artifactId>
|
||||
<version>${project.version}</version>
|
||||
<scope>runtime</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework</groupId>
|
||||
<artifactId>org.springframework.web</artifactId>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-web</artifactId>
|
||||
<version>${project.version}</version>
|
||||
<scope>runtime</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework</groupId>
|
||||
<artifactId>org.springframework.web.servlet</artifactId>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-config</artifactId>
|
||||
<version>${project.version}</version>
|
||||
<scope>runtime</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework</groupId>
|
||||
<artifactId>org.springframework.jdbc</artifactId>
|
||||
<scope>runtime</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework</groupId>
|
||||
<artifactId>org.springframework.aop</artifactId>
|
||||
<scope>runtime</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>jaxen</groupId>
|
||||
<artifactId>jaxen</artifactId>
|
||||
<version>1.1.1</version>
|
||||
<scope>runtime</scope>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
|
||||
|
|
@ -58,5 +59,4 @@
|
|||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
|
||||
</project>
|
||||
|
|
|
|||
|
|
@ -12,13 +12,13 @@
|
|||
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
|
||||
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.1.xsd">
|
||||
|
||||
<bean id="filterChainProxy" class="org.springframework.security.util.FilterChainProxy">
|
||||
<bean id="filterChainProxy" class="org.springframework.security.web.FilterChainProxy">
|
||||
<sec:filter-chain-map path-type="ant">
|
||||
<sec:filter-chain pattern="/**" filters="sif,j2eePreAuthFilter,logoutFilter,etf,fsi"/>
|
||||
</sec:filter-chain-map>
|
||||
</bean>
|
||||
|
||||
<bean id="sif" class="org.springframework.security.context.HttpSessionContextIntegrationFilter"/>
|
||||
<bean id="sif" class="org.springframework.security.web.context.SecurityContextPersistenceFilter"/>
|
||||
|
||||
<sec:authentication-manager alias="authenticationManager" />
|
||||
|
||||
|
|
@ -30,24 +30,24 @@
|
|||
<bean id="preAuthenticatedUserDetailsService"
|
||||
class="org.springframework.security.providers.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsService"/>
|
||||
|
||||
<bean id="j2eePreAuthFilter" class="org.springframework.security.ui.preauth.j2ee.J2eePreAuthenticatedProcessingFilter">
|
||||
<bean id="j2eePreAuthFilter" class="org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthenticatedProcessingFilter">
|
||||
<property name="authenticationManager" ref="authenticationManager"/>
|
||||
<property name="authenticationDetailsSource" ref="authenticationDetailsSource"/>
|
||||
</bean>
|
||||
|
||||
<bean id="preAuthenticatedProcessingFilterEntryPoint"
|
||||
class="org.springframework.security.ui.preauth.PreAuthenticatedProcessingFilterEntryPoint"/>
|
||||
class="org.springframework.security.web.authentication.preauth.PreAuthenticatedProcessingFilterEntryPoint"/>
|
||||
|
||||
<bean id="logoutFilter" class="org.springframework.security.ui.logout.LogoutFilter">
|
||||
<bean id="logoutFilter" class="org.springframework.security.web.logout.LogoutFilter">
|
||||
<constructor-arg value="/"/>
|
||||
<constructor-arg>
|
||||
<list>
|
||||
<bean class="org.springframework.security.ui.logout.SecurityContextLogoutHandler"/>
|
||||
<bean class="org.springframework.security.web.logout.SecurityContextLogoutHandler"/>
|
||||
</list>
|
||||
</constructor-arg>
|
||||
</bean>
|
||||
|
||||
<bean id="authenticationDetailsSource" class="org.springframework.security.ui.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource">
|
||||
<bean id="authenticationDetailsSource" class="org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource">
|
||||
<property name="mappableRolesRetriever" ref="j2eeMappableRolesRetriever"/>
|
||||
<property name="userRoles2GrantedAuthoritiesMapper" ref="j2eeUserRoles2GrantedAuthoritiesMapper"/>
|
||||
</bean>
|
||||
|
|
@ -56,7 +56,7 @@
|
|||
<property name="convertAttributeToUpperCase" value="true"/>
|
||||
</bean>
|
||||
|
||||
<bean id="j2eeMappableRolesRetriever" class="org.springframework.security.ui.preauth.j2ee.WebXmlMappableAttributesRetriever">
|
||||
<bean id="j2eeMappableRolesRetriever" class="org.springframework.security.web.authentication.preauth.j2ee.WebXmlMappableAttributesRetriever">
|
||||
|
||||
<property name="webXmlInputStream"><bean factory-bean="webXmlResource" factory-method="getInputStream"/>
|
||||
</property>
|
||||
|
|
@ -69,7 +69,7 @@
|
|||
|
||||
<bean id="servletContext" class="org.springframework.web.context.support.ServletContextFactoryBean"/>
|
||||
|
||||
<bean id="etf" class="org.springframework.security.ui.ExceptionTranslationFilter">
|
||||
<bean id="etf" class="org.springframework.security.web.ExceptionTranslationFilter">
|
||||
<property name="authenticationEntryPoint" ref="preAuthenticatedProcessingFilterEntryPoint"/>
|
||||
</bean>
|
||||
|
||||
|
|
@ -82,7 +82,7 @@
|
|||
</property>
|
||||
</bean>
|
||||
|
||||
<bean id="fsi" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
|
||||
<bean id="fsi" class="org.springframework.security.web.intercept.FilterSecurityInterceptor">
|
||||
<property name="authenticationManager" ref="authenticationManager"/>
|
||||
<property name="accessDecisionManager" ref="httpRequestAccessDecisionManager"/>
|
||||
<property name="securityMetadataSource">
|
||||
|
|
@ -96,8 +96,8 @@
|
|||
|
||||
<bean id="roleVoter" class="org.springframework.security.vote.RoleVoter"/>
|
||||
|
||||
<bean id="securityContextHolderAwareRequestFilter" class="org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter">
|
||||
<property name="wrapperClass" value="org.springframework.security.wrapper.SecurityContextHolderAwareRequestWrapper"/>
|
||||
<bean id="securityContextHolderAwareRequestFilter" class="org.springframework.security.web.wrapper.SecurityContextHolderAwareRequestFilter">
|
||||
<property name="wrapperClass" value="org.springframework.security.web.wrapper.SecurityContextHolderAwareRequestWrapper"/>
|
||||
</bean>
|
||||
|
||||
</beans>
|
||||
|
|
|
|||
|
|
@ -12,15 +12,15 @@
|
|||
<display-name>Spring Security Preauthentication Demo Application</display-name>
|
||||
|
||||
<!--
|
||||
- Location of the XML file that defines the root application context
|
||||
- Applied by ContextLoaderListener.
|
||||
-->
|
||||
<context-param>
|
||||
<param-name>contextConfigLocation</param-name>
|
||||
<param-value>
|
||||
/WEB-INF/applicationContext-security.xml
|
||||
</param-value>
|
||||
</context-param>
|
||||
- Location of the XML file that defines the root application context
|
||||
- Applied by ContextLoaderListener.
|
||||
-->
|
||||
<context-param>
|
||||
<param-name>contextConfigLocation</param-name>
|
||||
<param-value>
|
||||
/WEB-INF/applicationContext-security.xml
|
||||
</param-value>
|
||||
</context-param>
|
||||
|
||||
<filter>
|
||||
<filter-name>filterChainProxy</filter-name>
|
||||
|
|
@ -32,21 +32,13 @@
|
|||
<url-pattern>/*</url-pattern>
|
||||
</filter-mapping>
|
||||
|
||||
<!--
|
||||
- Loads the root application context of this web app at startup.
|
||||
- The application context is then available via
|
||||
- WebApplicationContextUtils.getWebApplicationContext(servletContext).
|
||||
<!--
|
||||
- Loads the root application context of this web app at startup.
|
||||
- The application context is then available via
|
||||
- WebApplicationContextUtils.getWebApplicationContext(servletContext).
|
||||
-->
|
||||
<listener>
|
||||
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
|
||||
</listener>
|
||||
|
||||
<!--
|
||||
- Publishes events for session creation and destruction through the application
|
||||
- context. Optional unless concurrent session control is being used.
|
||||
-->
|
||||
<listener>
|
||||
<listener-class>org.springframework.security.ui.session.HttpSessionEventPublisher</listener-class>
|
||||
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
|
||||
</listener>
|
||||
|
||||
<login-config>
|
||||
|
|
|
|||
|
|
@ -26,20 +26,30 @@ stop_jetty() {
|
|||
cleanup
|
||||
|
||||
cd tutorial
|
||||
echo "Running tutorial app..."
|
||||
start_jetty
|
||||
curl http://localhost:8080/tutorial/
|
||||
stop_jetty
|
||||
|
||||
echo "Running contacts app..."
|
||||
cd ../contacts
|
||||
start_jetty
|
||||
curl http://localhost:8080/contacts/
|
||||
stop_jetty
|
||||
|
||||
echo "Running ldap app..."
|
||||
cd ../ldap
|
||||
start_jetty
|
||||
curl http://localhost:8080/ldap/
|
||||
stop_jetty
|
||||
|
||||
echo "Running preauth app..."
|
||||
cd ../preauth
|
||||
start_jetty
|
||||
curl http://localhost:8080/preauth/
|
||||
stop_jetty
|
||||
|
||||
|
||||
cd ../cas
|
||||
|
||||
if [[ -e ./server/cas-server-webapp-3.2.1.war ]]
|
||||
|
|
|
|||
|
|
@ -57,7 +57,7 @@
|
|||
- context. Optional unless concurrent session control is being used.
|
||||
-->
|
||||
<listener>
|
||||
<listener-class>org.springframework.security.ui.session.HttpSessionEventPublisher</listener-class>
|
||||
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
|
||||
</listener>
|
||||
|
||||
<listener>
|
||||
|
|
|
|||
|
|
@ -1,5 +0,0 @@
|
|||
<html>
|
||||
<body>
|
||||
Authenticates HTTP BASIC authentication requests.
|
||||
</body>
|
||||
</html>
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
<html>
|
||||
<body>
|
||||
Authenticates HTTP Digest authentication requests.
|
||||
</body>
|
||||
</html>
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
<html>
|
||||
<body>
|
||||
Authenticates users via HTTP properties, headers and session.
|
||||
</body>
|
||||
</html>
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
package org.springframework.security.ui;
|
||||
package org.springframework.security.web;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.io.UnsupportedEncodingException;
|
||||
|
|
@ -11,7 +11,8 @@ import javax.servlet.http.HttpServletResponse;
|
|||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.springframework.security.Authentication;
|
||||
import org.springframework.security.ui.logout.LogoutHandler;
|
||||
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
|
||||
import org.springframework.security.web.logout.LogoutHandler;
|
||||
import org.springframework.security.web.util.RedirectUtils;
|
||||
import org.springframework.security.web.util.UrlUtils;
|
||||
import org.springframework.util.Assert;
|
||||
|
|
@ -13,7 +13,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.ui;
|
||||
package org.springframework.security.web;
|
||||
|
||||
import org.springframework.security.AccessDeniedException;
|
||||
|
||||
|
|
@ -13,7 +13,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.ui;
|
||||
package org.springframework.security.web;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
|
|
@ -13,7 +13,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.ui;
|
||||
package org.springframework.security.web;
|
||||
|
||||
import org.springframework.security.AuthenticationException;
|
||||
|
||||
|
|
@ -13,7 +13,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.ui;
|
||||
package org.springframework.security.web;
|
||||
|
||||
import org.springframework.security.AccessDeniedException;
|
||||
import org.springframework.security.SpringSecurityException;
|
||||
|
|
@ -22,11 +22,9 @@ import org.springframework.security.AuthenticationTrustResolver;
|
|||
import org.springframework.security.AuthenticationTrustResolverImpl;
|
||||
import org.springframework.security.InsufficientAuthenticationException;
|
||||
import org.springframework.security.context.SecurityContextHolder;
|
||||
import org.springframework.security.ui.savedrequest.SavedRequest;
|
||||
import org.springframework.security.util.ThrowableAnalyzer;
|
||||
import org.springframework.security.util.ThrowableCauseExtractor;
|
||||
import org.springframework.security.web.util.PortResolver;
|
||||
import org.springframework.security.web.util.PortResolverImpl;
|
||||
import org.springframework.security.web.savedrequest.SavedRequest;
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
|
||||
import org.springframework.util.Assert;
|
||||
|
|
@ -51,8 +49,8 @@ import javax.servlet.http.HttpServletResponse;
|
|||
* <p>
|
||||
* If an {@link AccessDeniedException} is detected, the filter will determine whether or not the user is an anonymous
|
||||
* user. If they are an anonymous user, the <code>authenticationEntryPoint</code> will be launched. If they are not
|
||||
* an anonymous user, the filter will delegate to the {@link org.springframework.security.ui.AccessDeniedHandler}.
|
||||
* By default the filter will use {@link org.springframework.security.ui.AccessDeniedHandlerImpl}.
|
||||
* an anonymous user, the filter will delegate to the {@link org.springframework.security.web.AccessDeniedHandler}.
|
||||
* By default the filter will use {@link org.springframework.security.web.AccessDeniedHandlerImpl}.
|
||||
* <p>
|
||||
* To use this filter, it is necessary to specify the following properties:
|
||||
* <ul>
|
||||
|
|
@ -176,7 +174,7 @@ public class ExceptionTranslationFilter extends SpringSecurityFilter implements
|
|||
* <code>false</code>.
|
||||
* <p>
|
||||
* Remember to also set
|
||||
* {@link org.springframework.security.context.web.HttpSessionSecurityContextRepository#setAllowSessionCreation(boolean)}
|
||||
* {@link org.springframework.security.web.context.HttpSessionSecurityContextRepository#setAllowSessionCreation(boolean)}
|
||||
* to <code>false</code> if you set this property to <code>false</code>.
|
||||
*
|
||||
* @return <code>true</code> if the <code>HttpSession</code> will be
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
package org.springframework.security.ui;
|
||||
package org.springframework.security.web;
|
||||
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
|
|
@ -13,7 +13,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.web.util;
|
||||
package org.springframework.security.web;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.Collection;
|
||||
|
|
@ -34,10 +34,10 @@ import javax.servlet.ServletResponse;
|
|||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
import org.springframework.security.intercept.web.FilterInvocation;
|
||||
import org.springframework.security.intercept.web.FilterInvocationSecurityMetadataSource;
|
||||
import org.springframework.security.util.AntUrlPathMatcher;
|
||||
import org.springframework.security.util.UrlMatcher;
|
||||
import org.springframework.security.web.intercept.FilterInvocation;
|
||||
import org.springframework.security.web.intercept.FilterInvocationSecurityMetadataSource;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.web.filter.DelegatingFilterProxy;
|
||||
|
||||
|
|
@ -13,7 +13,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.web.util;
|
||||
package org.springframework.security.web;
|
||||
|
||||
/**
|
||||
* <code>PortMapper</code> implementations provide callers with information
|
||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue