SEC-532: Remove FilterInvocationDefinitionSource-related classes which are no longer needed.

2025-06-28 14:52:24 +00:00 · 2008-01-29 15:09:20 +00:00 · 2008-01-29 15:09:20 +00:00 · c9de2f6c9f
commit c9de2f6c9f
parent a0ee7fb6fd
15 changed files with 94 additions and 610 deletions
--- a/core/src/main/java/org/springframework/security/intercept/web/FIDSToFilterChainMapConverter.java
+++ b/core/src/main/java/org/springframework/security/intercept/web/FIDSToFilterChainMapConverter.java
@ -5,6 +5,7 @@ import org.springframework.util.Assert;
 import org.springframework.security.ConfigAttribute;
 import org.springframework.security.ConfigAttributeDefinition;
 import org.springframework.security.util.FilterChainProxy;
 import org.springframework.security.util.UrlMatcher;
 import javax.servlet.Filter;
 import java.util.*;
@ -24,16 +25,13 @@ import java.util.regex.Pattern;
 public class FIDSToFilterChainMapConverter {
    private LinkedHashMap filterChainMap = new LinkedHashMap();
    private UrlMatcher matcher;
-    public FIDSToFilterChainMapConverter(FilterInvocationDefinitionSource source, ApplicationContext appContext) {
+    public FIDSToFilterChainMapConverter(DefaultFilterInvocationDefinitionSource fids, ApplicationContext appContext) {
        // TODO: Check if this is necessary. Retained from refactoring of FilterChainProxy
-        Assert.notNull(source.getConfigAttributeDefinitions(), "FilterChainProxy requires the " +
+        Assert.notNull(fids.getConfigAttributeDefinitions(), "FilterChainProxy requires the " +
                "FilterInvocationDefinitionSource to return a non-null response to getConfigAttributeDefinitions()");
-        Assert.isTrue(source instanceof DefaultFilterInvocationDefinitionSource,
+        matcher = fids.getUrlMatcher();
                "Can't handle FilterInvocationDefinitionSource type " + source.getClass());
        DefaultFilterInvocationDefinitionSource fids = (DefaultFilterInvocationDefinitionSource)source;
        Map requestMap = fids.getRequestMap();
        Iterator paths = requestMap.keySet().iterator();
@ -64,4 +62,8 @@ public class FIDSToFilterChainMapConverter {
    public Map getFilterChainMap() {
        return filterChainMap;
    }
    public UrlMatcher getMatcher() {
        return matcher;
    }
 }
--- a/core/src/main/java/org/springframework/security/intercept/web/FilterInvocationDefinition.java
+++ b/core/src/main/java/org/springframework/security/intercept/web/FilterInvocationDefinition.java
@ -1,27 +0,0 @@
 /* Copyright 2006 Acegi Technology Pty Limited
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package org.springframework.security.intercept.web;
 /**
 * Interface to join {@link FilterInvocationDefinitionMap} and
 * {@link FilterInvocationDefinitionSource}.
 *
 * @author <a href="mailto:carlos@apache.org">Carlos Sanchez</a>
 * @version $Id$
 * @since 1.1
 */
 public interface FilterInvocationDefinition extends FilterInvocationDefinitionMap, FilterInvocationDefinitionSource {
 }
--- a/core/src/main/java/org/springframework/security/intercept/web/FilterInvocationDefinitionMap.java
+++ b/core/src/main/java/org/springframework/security/intercept/web/FilterInvocationDefinitionMap.java
@ -1,36 +0,0 @@
 /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package org.springframework.security.intercept.web;
 import org.springframework.security.ConfigAttributeDefinition;
 /**
 * Exposes methods required so that a property editor can populate the relevant
 * {@link FilterInvocationDefinitionSource}.
 *
 * @author Ben Alex
 * @version $Id$
 */
 public interface FilterInvocationDefinitionMap {
    //~ Methods ========================================================================================================
    void addSecureUrl(String expression, ConfigAttributeDefinition attr);
    boolean isConvertUrlToLowercaseBeforeComparison();
    void setConvertUrlToLowercaseBeforeComparison(boolean convertUrlToLowercaseBeforeComparison);
 }
--- a/core/src/main/java/org/springframework/security/intercept/web/PathBasedFilterInvocationDefinitionMap.java
+++ b/core/src/main/java/org/springframework/security/intercept/web/PathBasedFilterInvocationDefinitionMap.java
@ -1,70 +0,0 @@
 /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package org.springframework.security.intercept.web;
 import org.springframework.security.ConfigAttributeDefinition;
 import org.springframework.security.util.AntUrlPathMatcher;
 /**
 * Extends DefaultFilterInvocationDefinitionSource, configuring it with a {@link AntUrlPathMatcher} to match URLs
 * using Apache Ant path-based patterns.
 * <p>
 * Apache Ant path expressions are used to match a HTTP request URL against a <code>ConfigAttributeDefinition</code>.
 * <p>
 * The order of registering the Ant paths using the {@link #addSecureUrl(String,ConfigAttributeDefinition)} is
 * very important. The system will identify the <b>first</b>  matching path for a given HTTP URL. It will not proceed
 * to evaluate later paths if a match has already been found. Accordingly, the most specific paths should be
 * registered first, with the most general paths registered last.
 * <p>
 * If no registered paths match the HTTP URL, <code>null</code> is returned.
 * <p>
 * Note that as of 2.0, lower case URL comparisons are made by default, as this is the default strategy for
 * <tt>AntUrlPathMatcher</tt>.
 *
 * @author Ben Alex
 * @author Luke taylor
 * @deprecated DefaultFilterInvocationDefinitionSource should now be used with an AntUrlPathMatcher instead.
 * @version $Id$
 */
 public class PathBasedFilterInvocationDefinitionMap extends DefaultFilterInvocationDefinitionSource
        implements FilterInvocationDefinition {
    //~ Constructors ===================================================================================================
    public PathBasedFilterInvocationDefinitionMap() {
        super(new AntUrlPathMatcher());
        setStripQueryStringFromUrls(true);
    }
    //~ Methods ========================================================================================================
    public void addSecureUrl(String antPath, String method, ConfigAttributeDefinition attr) {
        // SEC-501: If using lower case comparison, we should convert the paths to lower case
        // as any upper case characters included by mistake will prevent the URL from ever being matched.
        // This shouldn't be needed anymore. The property editor complains if there is upper case text in the URL
        // and the namespace implementation does the conversion itself, so it is safe to use the parent class
        // directly. 
        if (getUrlMatcher().requiresLowerCaseUrl()) {
            antPath = antPath.toLowerCase();
        }
        super.addSecureUrl(antPath, method, attr);
    }
    public void setConvertUrlToLowercaseBeforeComparison(boolean bool) {
        ((AntUrlPathMatcher)getUrlMatcher()).setRequiresLowerCaseUrl(bool);
    }
 }
--- a/core/src/main/java/org/springframework/security/intercept/web/RegExpBasedFilterInvocationDefinitionMap.java
+++ b/core/src/main/java/org/springframework/security/intercept/web/RegExpBasedFilterInvocationDefinitionMap.java
@ -1,42 +0,0 @@
 /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package org.springframework.security.intercept.web;
 import org.springframework.security.util.RegexUrlPathMatcher;
 /**
 * Configures an {@link DefaultFilterInvocationDefinitionSource} with a regular expression URL matching strategy
 * {@link RegexUrlPathMatcher}.
 *
 * @author Ben Alex
 * @author Luke Taylor
 * @deprecated
 * @version $Id$
 */
 public class RegExpBasedFilterInvocationDefinitionMap extends DefaultFilterInvocationDefinitionSource
    implements FilterInvocationDefinition {
    //~ Constructors ===================================================================================================
    public RegExpBasedFilterInvocationDefinitionMap() {
        super(new RegexUrlPathMatcher());
    }
    public void setConvertUrlToLowercaseBeforeComparison(boolean bool) {
        ((RegexUrlPathMatcher)getUrlMatcher()).setRequiresLowerCaseUrl(bool);
    }
 }
--- a/core/src/main/java/org/springframework/security/providers/preauth/PreAuthenticatedUserDetailsService.java
+++ b/core/src/main/java/org/springframework/security/providers/preauth/PreAuthenticatedUserDetailsService.java
@ -15,13 +15,12 @@ public interface PreAuthenticatedUserDetailsService {
 	/**
 	 *
-	 * @param aPreAuthenticatedAuthenticationToken
+	 * @param token
 	 *            The pre-authenticated authentication token
 	 * @return UserDetails for the given authentication token.
 	 * @throws UsernameNotFoundException
 	 *             if no user details can be found for the given authentication
 	 *             token
 	 */
-	UserDetails getUserDetails(PreAuthenticatedAuthenticationToken aPreAuthenticatedAuthenticationToken)
+	UserDetails getUserDetails(PreAuthenticatedAuthenticationToken token) throws UsernameNotFoundException;
 			throws UsernameNotFoundException;
 }
--- a/core/src/main/java/org/springframework/security/util/AntUrlPathMatcher.java
+++ b/core/src/main/java/org/springframework/security/util/AntUrlPathMatcher.java
@ -17,6 +17,14 @@ public class AntUrlPathMatcher implements UrlMatcher {
    private boolean requiresLowerCaseUrl = true;
    private PathMatcher pathMatcher = new AntPathMatcher();
    public AntUrlPathMatcher() {
        this(true);
    }
    public AntUrlPathMatcher(boolean requiresLowerCaseUrl) {
        this.requiresLowerCaseUrl = requiresLowerCaseUrl;
    }
    public Object compile(String path) {
        if (requiresLowerCaseUrl) {
            return path.toLowerCase();
--- a/core/src/main/java/org/springframework/security/util/FilterChainProxy.java
+++ b/core/src/main/java/org/springframework/security/util/FilterChainProxy.java
@ -106,7 +106,7 @@ public class FilterChainProxy implements Filter, InitializingBean, ApplicationCo
    /** Compiled pattern version of the filter chain map */
    private Map filterChainMap;
    private UrlMatcher matcher = new AntUrlPathMatcher();
-    private FilterInvocationDefinitionSource fids;
+    private DefaultFilterInvocationDefinitionSource fids;
    //~ Methods ========================================================================================================
@ -114,7 +114,9 @@ public class FilterChainProxy implements Filter, InitializingBean, ApplicationCo
        // Convert the FilterDefinitionSource to a filterChainMap if set
        if (fids != null) {
            Assert.isNull(uncompiledFilterChainMap, "Set the filterChainMap or FilterInvocationDefinitionSource but not both");
-            setFilterChainMap(new FIDSToFilterChainMapConverter(fids, applicationContext).getFilterChainMap());
+            FIDSToFilterChainMapConverter converter = new FIDSToFilterChainMapConverter(fids, applicationContext);
            setFilterChainMap(converter.getFilterChainMap());
            setMatcher(converter.getMatcher());
            fids = null;
        }
@ -238,10 +240,9 @@ public class FilterChainProxy implements Filter, InitializingBean, ApplicationCo
     * @deprecated Use namespace configuration or call setFilterChainMap instead.
     */
    public void setFilterInvocationDefinitionSource(FilterInvocationDefinitionSource fids) {
-        if( fids instanceof RegExpBasedFilterInvocationDefinitionMap) {
+        Assert.isInstanceOf(DefaultFilterInvocationDefinitionSource.class, fids,
-            matcher = new RegexUrlPathMatcher();
+                "Must be a DefaultFilterInvocationDefinitionSource");
-        }
+        this.fids = (DefaultFilterInvocationDefinitionSource) fids;
        this.fids = fids;
    }
    /**
--- a/core/src/test/java/org/springframework/security/intercept/web/DefaultFilterInvocationDefinitionSourceTests.java
+++ b/core/src/test/java/org/springframework/security/intercept/web/DefaultFilterInvocationDefinitionSourceTests.java
@ -18,43 +18,40 @@ package org.springframework.security.intercept.web;
 import org.springframework.security.ConfigAttributeDefinition;
 import org.springframework.security.MockFilterChain;
 import org.springframework.security.SecurityConfig;
 import org.springframework.security.util.AntUrlPathMatcher;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.junit.Test;
 import org.junit.Before;
 import static org.junit.Assert.*;
 import static org.junit.Assert.assertEquals;
 /**
- * Tests parts of {@link PathBasedFilterInvocationDefinitionMap} not tested by {@link
+ * Tests parts of {@link DefaultFilterInvocationDefinitionSource} not tested by {@link
- * FilterInvocationDefinitionSourceEditorWithPathsTests}.
+ * FilterInvocationDefinitionSourceEditorTests}.
 *
 * @author Ben Alex
 * @version $Id$
 */
-public class PathBasedFilterInvocationDefinitionMapTests {
+public class DefaultFilterInvocationDefinitionSourceTests {
    DefaultFilterInvocationDefinitionSource map;
    //~ Methods ========================================================================================================
    @Before
    public void createMap() {
        map = new DefaultFilterInvocationDefinitionSource(new AntUrlPathMatcher());
        map.setStripQueryStringFromUrls(true);
    }
    @Test
    public void convertUrlToLowercaseIsTrueByDefault() {
        PathBasedFilterInvocationDefinitionMap map = new PathBasedFilterInvocationDefinitionMap();
        assertTrue(map.isConvertUrlToLowercaseBeforeComparison());
    }
    @Test
    public void convertUrlToLowercaseSetterRespected() {
        PathBasedFilterInvocationDefinitionMap map = new PathBasedFilterInvocationDefinitionMap();
        map.setConvertUrlToLowercaseBeforeComparison(false);
        assertFalse(map.isConvertUrlToLowercaseBeforeComparison());
    }
    @Test
    public void lookupNotRequiringExactMatchSuccessIfNotMatching() {
        PathBasedFilterInvocationDefinitionMap map = new PathBasedFilterInvocationDefinitionMap();
        map.setConvertUrlToLowercaseBeforeComparison(true);
        ConfigAttributeDefinition def = new ConfigAttributeDefinition();
        def.addConfigAttribute(new SecurityConfig("ROLE_ONE"));
        map.addSecureUrl("/secure/super/**", def);
@ -70,8 +67,6 @@ public class PathBasedFilterInvocationDefinitionMapTests {
     */
    @Test
    public void lookupNotRequiringExactMatchSucceedsIfSecureUrlPathContainsUpperCase() {
        PathBasedFilterInvocationDefinitionMap map = new PathBasedFilterInvocationDefinitionMap();
        ConfigAttributeDefinition def = new ConfigAttributeDefinition();
        def.addConfigAttribute(new SecurityConfig("ROLE_ONE"));
        map.addSecureUrl("/SeCuRE/super/**", def);
@ -85,8 +80,7 @@ public class PathBasedFilterInvocationDefinitionMapTests {
    @Test
    public void lookupRequiringExactMatchFailsIfNotMatching() {
-        PathBasedFilterInvocationDefinitionMap map = new PathBasedFilterInvocationDefinitionMap();
+        map = new DefaultFilterInvocationDefinitionSource(new AntUrlPathMatcher(false));
        map.setConvertUrlToLowercaseBeforeComparison(false);
        ConfigAttributeDefinition def = new ConfigAttributeDefinition();
        def.addConfigAttribute(new SecurityConfig("ROLE_ONE"));
        map.addSecureUrl("/secure/super/**", def);
@ -99,8 +93,7 @@ public class PathBasedFilterInvocationDefinitionMapTests {
    @Test
    public void lookupRequiringExactMatchIsSuccessful() {
-        PathBasedFilterInvocationDefinitionMap map = new PathBasedFilterInvocationDefinitionMap();
+        map = new DefaultFilterInvocationDefinitionSource(new AntUrlPathMatcher(false));
        map.setConvertUrlToLowercaseBeforeComparison(false);
        ConfigAttributeDefinition def = new ConfigAttributeDefinition();
        def.addConfigAttribute(new SecurityConfig("ROLE_ONE"));
        map.addSecureUrl("/SeCurE/super/**", def);
@ -113,7 +106,6 @@ public class PathBasedFilterInvocationDefinitionMapTests {
    @Test
    public void lookupRequiringExactMatchWithAdditionalSlashesIsSuccessful() {
        PathBasedFilterInvocationDefinitionMap map = new PathBasedFilterInvocationDefinitionMap();
        ConfigAttributeDefinition def = new ConfigAttributeDefinition();
        def.addConfigAttribute(new SecurityConfig("ROLE_ONE"));
        map.addSecureUrl("/someAdminPage.html**", def);
@ -126,7 +118,6 @@ public class PathBasedFilterInvocationDefinitionMapTests {
    @Test(expected = IllegalArgumentException.class)
    public void unknownHttpMethodIsRejected() {
        PathBasedFilterInvocationDefinitionMap map = new PathBasedFilterInvocationDefinitionMap();
        ConfigAttributeDefinition def = new ConfigAttributeDefinition();
        def.addConfigAttribute(new SecurityConfig("ROLE_ONE"));
        map.addSecureUrl("/someAdminPage.html**", "UNKNOWN", def);
@ -134,7 +125,6 @@ public class PathBasedFilterInvocationDefinitionMapTests {
    @Test
    public void httpMethodLookupSucceeds() {
        PathBasedFilterInvocationDefinitionMap map = new PathBasedFilterInvocationDefinitionMap();
        ConfigAttributeDefinition def = new ConfigAttributeDefinition();
        def.addConfigAttribute(new SecurityConfig("ROLE_ONE"));
        map.addSecureUrl("/somepage**", "GET", def);
@ -146,7 +136,6 @@ public class PathBasedFilterInvocationDefinitionMapTests {
    @Test
    public void requestWithDifferentHttpMethodDoesntMatch() {
        PathBasedFilterInvocationDefinitionMap map = new PathBasedFilterInvocationDefinitionMap();
        ConfigAttributeDefinition def = new ConfigAttributeDefinition();
        def.addConfigAttribute(new SecurityConfig("ROLE_ONE"));
        map.addSecureUrl("/somepage**", "GET", def);
@ -158,7 +147,7 @@ public class PathBasedFilterInvocationDefinitionMapTests {
    @Test
    public void httpMethodSpecificUrlTakesPrecedence() {
-        PathBasedFilterInvocationDefinitionMap map = new PathBasedFilterInvocationDefinitionMap();
+
        // Even though this is added before the method-specific def, the latter should match
        ConfigAttributeDefinition allMethodDef = new ConfigAttributeDefinition();
@ -178,8 +167,7 @@ public class PathBasedFilterInvocationDefinitionMapTests {
     * Check fixes for SEC-321
     */
    @Test
-    public void extraQuestionMarkStillMatches() {
+    public void extraQuestionMarkStillMatches() {        
        PathBasedFilterInvocationDefinitionMap map = new PathBasedFilterInvocationDefinitionMap();
        ConfigAttributeDefinition def = new ConfigAttributeDefinition();
        def.addConfigAttribute(new SecurityConfig("ROLE_ONE"));
        map.addSecureUrl("/someAdminPage.html*", def);
--- a/core/src/test/java/org/springframework/security/intercept/web/FilterInvocationDefinitionSourceEditorTests.java
+++ b/core/src/test/java/org/springframework/security/intercept/web/FilterInvocationDefinitionSourceEditorTests.java
@ -21,6 +21,7 @@ import org.springframework.security.ConfigAttributeDefinition;
 import org.springframework.security.MockFilterChain;
 import org.springframework.security.SecurityConfig;
 import org.springframework.security.util.RegexUrlPathMatcher;
 import org.springframework.security.util.AntUrlPathMatcher;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
@ -30,8 +31,8 @@ import java.util.regex.PatternSyntaxException;
 /**
- * Tests {@link FilterInvocationDefinitionSourceEditor} and its associated default {@link
+ * Tests {@link FilterInvocationDefinitionSourceEditor} and its associated default
- * RegExpBasedFilterInvocationDefinitionMap}.
+ * {@link DefaultFilterInvocationDefinitionSource}.
 *
 * @author Ben Alex
 * @version $Id$
@ -273,4 +274,42 @@ public class FilterInvocationDefinitionSourceEditorTests extends TestCase {
        DefaultFilterInvocationDefinitionSource map = (DefaultFilterInvocationDefinitionSource) editor.getValue();
        assertEquals(2, map.getMapSize());
    }
    public void testAntPathDirectiveIsDetected() {
        FilterInvocationDefinitionSourceEditor editor = new FilterInvocationDefinitionSourceEditor();
        editor.setAsText(
            "PATTERN_TYPE_APACHE_ANT\r\n/secure/super/*=ROLE_WE_DONT_HAVE\r\n/secure/*=ROLE_SUPERVISOR,ROLE_TELLER");
        DefaultFilterInvocationDefinitionSource map = (DefaultFilterInvocationDefinitionSource) editor.getValue();
        assertTrue(map.getUrlMatcher() instanceof AntUrlPathMatcher);
    }
    public void testInvalidNameValueFailsToParse() {
        FilterInvocationDefinitionSourceEditor editor = new FilterInvocationDefinitionSourceEditor();
        try {
            // Use a "==" instead of an "="
            editor.setAsText("         PATTERN_TYPE_APACHE_ANT\r\n    /secure/*==ROLE_SUPERVISOR,ROLE_TELLER      \r\n");
            fail("Shouldn't be able to use '==' for config attribute.");
        } catch (IllegalArgumentException expected) {}
    }
    public void testSingleUrlParsing() throws Exception {
        FilterInvocationDefinitionSourceEditor editor = new FilterInvocationDefinitionSourceEditor();
        editor.setAsText("PATTERN_TYPE_APACHE_ANT\r\n/secure/super/*=ROLE_WE_DONT_HAVE,ANOTHER_ROLE");
        DefaultFilterInvocationDefinitionSource map = (DefaultFilterInvocationDefinitionSource) editor.getValue();
        MockHttpServletRequest httpRequest = new MockHttpServletRequest(null, null);
        httpRequest.setServletPath("/secure/super/very_secret.html");
        ConfigAttributeDefinition returned = map.getAttributes(new FilterInvocation(httpRequest,
                    new MockHttpServletResponse(), new MockFilterChain()));
        ConfigAttributeDefinition expected = new ConfigAttributeDefinition();
        expected.addConfigAttribute(new SecurityConfig("ROLE_WE_DONT_HAVE"));
        expected.addConfigAttribute(new SecurityConfig("ANOTHER_ROLE"));
        assertEquals(expected, returned);
    }
 }
--- a/core/src/test/java/org/springframework/security/intercept/web/FilterInvocationDefinitionSourceEditorWithPathsTests.java
+++ b/core/src/test/java/org/springframework/security/intercept/web/FilterInvocationDefinitionSourceEditorWithPathsTests.java
@ -1,197 +0,0 @@
 /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package org.springframework.security.intercept.web;
 import junit.framework.TestCase;
 import org.springframework.security.ConfigAttributeDefinition;
 import org.springframework.security.MockFilterChain;
 import org.springframework.security.SecurityConfig;
 import org.springframework.security.util.AntUrlPathMatcher;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import java.util.Iterator;
 /**
 * Tests {@link FilterInvocationDefinitionSourceEditor} and its associated {@link
 * PathBasedFilterInvocationDefinitionMap}.
 *
 * @author Ben Alex
 * @version $Id$
 */
 public class FilterInvocationDefinitionSourceEditorWithPathsTests extends TestCase {
    //~ Constructors ===================================================================================================
    public FilterInvocationDefinitionSourceEditorWithPathsTests() {
        super();
    }
    public FilterInvocationDefinitionSourceEditorWithPathsTests(String arg0) {
        super(arg0);
    }
    //~ Methods ========================================================================================================
    public void testAntPathDirectiveIsDetected() {
        FilterInvocationDefinitionSourceEditor editor = new FilterInvocationDefinitionSourceEditor();
        editor.setAsText(
            "PATTERN_TYPE_APACHE_ANT\r\n/secure/super/*=ROLE_WE_DONT_HAVE\r\n/secure/*=ROLE_SUPERVISOR,ROLE_TELLER");
        DefaultFilterInvocationDefinitionSource map = (DefaultFilterInvocationDefinitionSource) editor.getValue();
        assertTrue(map.getUrlMatcher() instanceof AntUrlPathMatcher);
    }
    public void testConvertUrlToLowercaseDefaultSettingUnchangedByEditor() {
        FilterInvocationDefinitionSourceEditor editor = new FilterInvocationDefinitionSourceEditor();
        editor.setAsText(
            "PATTERN_TYPE_APACHE_ANT\r\n/secure/super/*=ROLE_WE_DONT_HAVE\r\n/secure/*=ROLE_SUPERVISOR,ROLE_TELLER");
        DefaultFilterInvocationDefinitionSource map = (DefaultFilterInvocationDefinitionSource) editor.getValue();
        assertFalse(map.getUrlMatcher().requiresLowerCaseUrl());
    }
    public void testConvertUrlToLowercaseSettingApplied() {
        FilterInvocationDefinitionSourceEditor editor = new FilterInvocationDefinitionSourceEditor();
        editor.setAsText(
            "CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON\r\nPATTERN_TYPE_APACHE_ANT\r\n/secure/super/*=ROLE_WE_DONT_HAVE\r\n/secure/*=ROLE_SUPERVISOR,ROLE_TELLER");
        DefaultFilterInvocationDefinitionSource map = (DefaultFilterInvocationDefinitionSource) editor.getValue();
        assertTrue(map.getUrlMatcher().requiresLowerCaseUrl());
    }
    public void testInvalidNameValueFailsToParse() {
        FilterInvocationDefinitionSourceEditor editor = new FilterInvocationDefinitionSourceEditor();
        try {
            // Use a "==" instead of an "="
            editor.setAsText("         PATTERN_TYPE_APACHE_ANT\r\n    /secure/*==ROLE_SUPERVISOR,ROLE_TELLER      \r\n");
            fail("Shouldn't be able to use '==' for config attribute.");
        } catch (IllegalArgumentException expected) {}
    }
    public void testIterator() {
        FilterInvocationDefinitionSourceEditor editor = new FilterInvocationDefinitionSourceEditor();
        editor.setAsText(
            "PATTERN_TYPE_APACHE_ANT\r\n/secure/super/*=ROLE_WE_DONT_HAVE\r\n/secure/*=ROLE_SUPERVISOR,ROLE_TELLER");
        DefaultFilterInvocationDefinitionSource map = (DefaultFilterInvocationDefinitionSource) editor.getValue();
        Iterator iter = map.getConfigAttributeDefinitions();
        int counter = 0;
        while (iter.hasNext()) {
            iter.next();
            counter++;
        }
        assertEquals(2, counter);
    }
    public void testMapReturnsNullWhenNoMatchFound() throws Exception {
        FilterInvocationDefinitionSourceEditor editor = new FilterInvocationDefinitionSourceEditor();
        editor.setAsText("PATTERN_TYPE_APACHE_ANT\r\n/secure/super/*=ROLE_WE_DONT_HAVE");
        DefaultFilterInvocationDefinitionSource map = (DefaultFilterInvocationDefinitionSource) editor.getValue();
        MockHttpServletRequest httpRequest = new MockHttpServletRequest(null, null);
        httpRequest.setServletPath("/totally/different/path/index.html");
        ConfigAttributeDefinition returned = map.getAttributes(new FilterInvocation(httpRequest,
                    new MockHttpServletResponse(), new MockFilterChain()));
        assertEquals(null, returned);
    }
    public void testMultiUrlParsing() {
        FilterInvocationDefinitionSourceEditor editor = new FilterInvocationDefinitionSourceEditor();
        editor.setAsText(
            "PATTERN_TYPE_APACHE_ANT\r\n/secure/super/*=ROLE_WE_DONT_HAVE\r\n/secure/*=ROLE_SUPERVISOR,ROLE_TELLER");
        DefaultFilterInvocationDefinitionSource map = (DefaultFilterInvocationDefinitionSource) editor.getValue();
        assertEquals(2, map.getMapSize());
    }
    public void testOrderOfEntriesIsPreservedOrderA() {
        FilterInvocationDefinitionSourceEditor editor = new FilterInvocationDefinitionSourceEditor();
        editor.setAsText(
            "PATTERN_TYPE_APACHE_ANT\r\n/secure/super/**=ROLE_WE_DONT_HAVE,ANOTHER_ROLE\r\n/secure/**=ROLE_SUPERVISOR,ROLE_TELLER");
        DefaultFilterInvocationDefinitionSource map = (DefaultFilterInvocationDefinitionSource) editor.getValue();
        // Test ensures we match the first entry, not the second
        MockHttpServletRequest httpRequest = new MockHttpServletRequest(null, null);
        httpRequest.setServletPath("/secure/super/very_secret.html");
        ConfigAttributeDefinition returned = map.getAttributes(new FilterInvocation(httpRequest,
                    new MockHttpServletResponse(), new MockFilterChain()));
        ConfigAttributeDefinition expected = new ConfigAttributeDefinition();
        expected.addConfigAttribute(new SecurityConfig("ROLE_WE_DONT_HAVE"));
        expected.addConfigAttribute(new SecurityConfig("ANOTHER_ROLE"));
        assertEquals(expected, returned);
    }
    public void testOrderOfEntriesIsPreservedOrderB() {
        FilterInvocationDefinitionSourceEditor editor = new FilterInvocationDefinitionSourceEditor();
        editor.setAsText(
            "PATTERN_TYPE_APACHE_ANT\r\n/secure/**=ROLE_SUPERVISOR,ROLE_TELLER\r\n/secure/super/**=ROLE_WE_DONT_HAVE");
        DefaultFilterInvocationDefinitionSource map = (DefaultFilterInvocationDefinitionSource) editor.getValue();
        MockHttpServletRequest httpRequest = new MockHttpServletRequest(null, null);
        httpRequest.setServletPath("/secure/super/very_secret.html");
        ConfigAttributeDefinition returned = map.getAttributes(new FilterInvocation(httpRequest,
                    new MockHttpServletResponse(), new MockFilterChain()));
        ConfigAttributeDefinition expected = new ConfigAttributeDefinition();
        expected.addConfigAttribute(new SecurityConfig("ROLE_SUPERVISOR"));
        expected.addConfigAttribute(new SecurityConfig("ROLE_TELLER"));
        assertEquals(expected, returned);
    }
    public void testSingleUrlParsing() throws Exception {
        FilterInvocationDefinitionSourceEditor editor = new FilterInvocationDefinitionSourceEditor();
        editor.setAsText("PATTERN_TYPE_APACHE_ANT\r\n/secure/super/*=ROLE_WE_DONT_HAVE,ANOTHER_ROLE");
        DefaultFilterInvocationDefinitionSource map = (DefaultFilterInvocationDefinitionSource) editor.getValue();
        MockHttpServletRequest httpRequest = new MockHttpServletRequest(null, null);
        httpRequest.setServletPath("/secure/super/very_secret.html");
        ConfigAttributeDefinition returned = map.getAttributes(new FilterInvocation(httpRequest,
                    new MockHttpServletResponse(), new MockFilterChain()));
        ConfigAttributeDefinition expected = new ConfigAttributeDefinition();
        expected.addConfigAttribute(new SecurityConfig("ROLE_WE_DONT_HAVE"));
        expected.addConfigAttribute(new SecurityConfig("ANOTHER_ROLE"));
        assertEquals(expected, returned);
    }
    public void testWhitespaceAndCommentsAndLinesWithoutEqualsSignsAreIgnored() {
        FilterInvocationDefinitionSourceEditor editor = new FilterInvocationDefinitionSourceEditor();
        editor.setAsText(
            "         PATTERN_TYPE_APACHE_ANT\r\n    /secure/super/*=ROLE_WE_DONT_HAVE\r\n    /secure/*=ROLE_SUPERVISOR,ROLE_TELLER      \r\n   \r\n     \r\n   // comment line  \r\n    \r\n");
        DefaultFilterInvocationDefinitionSource map = (DefaultFilterInvocationDefinitionSource) editor.getValue();
        assertEquals(2, map.getMapSize());
    }
 }
--- a/core/src/test/java/org/springframework/security/intercept/web/FilterSecurityInterceptorTests.java
+++ b/core/src/test/java/org/springframework/security/intercept/web/FilterSecurityInterceptorTests.java
@ -30,6 +30,8 @@ import org.springframework.security.MockAuthenticationManager;
 import org.springframework.security.MockRunAsManager;
 import org.springframework.security.RunAsManager;
 import org.springframework.security.SecurityConfig;
 import org.springframework.security.util.AntUrlPathMatcher;
 import org.springframework.security.util.RegexUrlPathMatcher;
 import org.springframework.security.context.SecurityContextHolder;
 import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
 import org.springframework.mock.web.MockHttpServletRequest;
@ -75,11 +77,10 @@ public class FilterSecurityInterceptorTests extends TestCase {
        SecurityContextHolder.clearContext();
    }
-    public void testEnsuresAccessDecisionManagerSupportsFilterInvocationClass()
+    public void testEnsuresAccessDecisionManagerSupportsFilterInvocationClass() throws Exception {
        throws Exception {
        FilterSecurityInterceptor interceptor = new FilterSecurityInterceptor();
        interceptor.setAuthenticationManager(new MockAuthenticationManager());
-        interceptor.setObjectDefinitionSource(new RegExpBasedFilterInvocationDefinitionMap());
+        interceptor.setObjectDefinitionSource(new DefaultFilterInvocationDefinitionSource(new RegexUrlPathMatcher()));
        interceptor.setRunAsManager(new MockRunAsManager());
        interceptor.setAccessDecisionManager(new AccessDecisionManager() {
@ -111,7 +112,7 @@ public class FilterSecurityInterceptorTests extends TestCase {
        FilterSecurityInterceptor interceptor = new FilterSecurityInterceptor();
        interceptor.setAccessDecisionManager(new MockAccessDecisionManager());
        interceptor.setAuthenticationManager(new MockAuthenticationManager());
-        interceptor.setObjectDefinitionSource(new RegExpBasedFilterInvocationDefinitionMap());
+        interceptor.setObjectDefinitionSource(new DefaultFilterInvocationDefinitionSource(new RegexUrlPathMatcher()));
        interceptor.setRunAsManager(new RunAsManager() {
                public boolean supports(Class clazz) {
@ -177,7 +178,8 @@ public class FilterSecurityInterceptorTests extends TestCase {
        interceptor.setAccessDecisionManager(new MockAccessDecisionManager());
        interceptor.setAuthenticationManager(new MockAuthenticationManager());
-        RegExpBasedFilterInvocationDefinitionMap fidp = new RegExpBasedFilterInvocationDefinitionMap();
+        DefaultFilterInvocationDefinitionSource fidp =
                new DefaultFilterInvocationDefinitionSource(new RegexUrlPathMatcher());
        interceptor.setObjectDefinitionSource(fidp);
        interceptor.setRunAsManager(new MockRunAsManager());
        interceptor.afterPropertiesSet();
@ -232,7 +234,8 @@ public class FilterSecurityInterceptorTests extends TestCase {
        List mappings = new ArrayList(1);
        mappings.add(mapping);
-        PathBasedFilterInvocationDefinitionMap filterInvocationDefinitionSource = new PathBasedFilterInvocationDefinitionMap();
+        DefaultFilterInvocationDefinitionSource filterInvocationDefinitionSource
                = new DefaultFilterInvocationDefinitionSource(new AntUrlPathMatcher());
        filterInvocationDefinitionSource.setMappings(mappings);
        FilterSecurityInterceptor filter = new FilterSecurityInterceptor();
--- a/core/src/test/java/org/springframework/security/intercept/web/MockFilterInvocationDefinition.java
+++ b/core/src/test/java/org/springframework/security/intercept/web/MockFilterInvocationDefinition.java
@ -1,64 +0,0 @@
 /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package org.springframework.security.intercept.web;
 import java.util.HashMap;
 import java.util.Iterator;
 import java.util.Map;
 import org.springframework.security.ConfigAttributeDefinition;
 /**
 * Mock for {@link FilterInvocationDefinitionMap}
 *
 * @author <a href="mailto:carlos@apache.org">Carlos Sanchez</a>
 * @version $Id: MockFilterInvocationDefinitionSource.java 1496 2006-05-23
 *          13:38:33Z benalex $
 */
 public class MockFilterInvocationDefinition implements FilterInvocationDefinition {
    private Map secureUrls = new HashMap();
    private boolean convertUrlToLowercaseBeforeComparison = false;
    public void addSecureUrl(String expression, ConfigAttributeDefinition attr) {
        secureUrls.put(expression, attr);
    }
    public boolean isConvertUrlToLowercaseBeforeComparison() {
        return convertUrlToLowercaseBeforeComparison;
    }
    public void setConvertUrlToLowercaseBeforeComparison(boolean convertUrlToLowercaseBeforeComparison) {
        this.convertUrlToLowercaseBeforeComparison = convertUrlToLowercaseBeforeComparison;
    }
    public ConfigAttributeDefinition getSecureUrl(String expression) {
        return (ConfigAttributeDefinition) secureUrls.get(expression);
    }
    public ConfigAttributeDefinition getAttributes(Object object) throws IllegalArgumentException {
        return (ConfigAttributeDefinition) secureUrls.get(object);
    }
    public Iterator getConfigAttributeDefinitions() {
        return secureUrls.values().iterator();
    }
    public boolean supports(Class clazz) {
        return true;
    }
 }
--- a/core/src/test/java/org/springframework/security/intercept/web/RegExpBasedFilterDefinitionMapTests.java
+++ b/core/src/test/java/org/springframework/security/intercept/web/RegExpBasedFilterDefinitionMapTests.java
@ -1,121 +0,0 @@
 /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package org.springframework.security.intercept.web;
 import junit.framework.TestCase;
 import org.springframework.security.ConfigAttributeDefinition;
 import org.springframework.security.MockFilterChain;
 import org.springframework.security.SecurityConfig;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 /**
 * Tests parts of {@link RegExpBasedFilterInvocationDefinitionMap} not tested by {@link
 * FilterInvocationDefinitionSourceEditorTests}.
 *
 * @author Ben Alex
 * @version $Id$
 */
 public class RegExpBasedFilterDefinitionMapTests extends TestCase {
    //~ Constructors ===================================================================================================
    public RegExpBasedFilterDefinitionMapTests() {
    }
    public RegExpBasedFilterDefinitionMapTests(String arg0) {
        super(arg0);
    }
    //~ Methods ========================================================================================================
    public void testConvertUrlToLowercaseIsFalseByDefault() {
        RegExpBasedFilterInvocationDefinitionMap map = new RegExpBasedFilterInvocationDefinitionMap();
        assertFalse(map.isConvertUrlToLowercaseBeforeComparison());
    }
    public void testConvertUrlToLowercaseSetterRespected() {
        RegExpBasedFilterInvocationDefinitionMap map = new RegExpBasedFilterInvocationDefinitionMap();
        map.setConvertUrlToLowercaseBeforeComparison(true);
        assertTrue(map.isConvertUrlToLowercaseBeforeComparison());
    }
    public void testLookupNotRequiringExactMatchSuccessIfNotMatching() {
        RegExpBasedFilterInvocationDefinitionMap map = new RegExpBasedFilterInvocationDefinitionMap();
        map.setConvertUrlToLowercaseBeforeComparison(true);
        assertTrue(map.isConvertUrlToLowercaseBeforeComparison());
        ConfigAttributeDefinition def = new ConfigAttributeDefinition();
        def.addConfigAttribute(new SecurityConfig("ROLE_ONE"));
        map.addSecureUrl("\\A/secure/super.*\\Z", def);
        // Build a HTTP request
        MockHttpServletRequest request = new MockHttpServletRequest();
        request.setRequestURI(null);
        MockHttpServletRequest req = request;
        req.setServletPath("/SeCuRE/super/somefile.html");
        FilterInvocation fi = new FilterInvocation(req, new MockHttpServletResponse(), new MockFilterChain());
        ConfigAttributeDefinition response = map.lookupAttributes(fi.getRequestUrl());
        assertEquals(def, response);
    }
    public void testLookupRequiringExactMatchFailsIfNotMatching() {
        RegExpBasedFilterInvocationDefinitionMap map = new RegExpBasedFilterInvocationDefinitionMap();
        assertFalse(map.isConvertUrlToLowercaseBeforeComparison());
        ConfigAttributeDefinition def = new ConfigAttributeDefinition();
        def.addConfigAttribute(new SecurityConfig("ROLE_ONE"));
        map.addSecureUrl("\\A/secure/super.*\\Z", def);
        // Build a HTTP request
        MockHttpServletRequest request = new MockHttpServletRequest();
        request.setRequestURI(null);
        MockHttpServletRequest req = request;
        req.setServletPath("/SeCuRE/super/somefile.html");
        FilterInvocation fi = new FilterInvocation(req, new MockHttpServletResponse(), new MockFilterChain());
        ConfigAttributeDefinition response = map.lookupAttributes(fi.getRequestUrl());
        assertEquals(null, response);
    }
    public void testLookupRequiringExactMatchIsSuccessful() {
        RegExpBasedFilterInvocationDefinitionMap map = new RegExpBasedFilterInvocationDefinitionMap();
        assertFalse(map.isConvertUrlToLowercaseBeforeComparison());
        ConfigAttributeDefinition def = new ConfigAttributeDefinition();
        def.addConfigAttribute(new SecurityConfig("ROLE_ONE"));
        map.addSecureUrl("\\A/secure/super.*\\Z", def);
        // Build a HTTP request
        MockHttpServletRequest request = new MockHttpServletRequest();
        request.setRequestURI(null);
        MockHttpServletRequest req = request;
        req.setServletPath("/secure/super/somefile.html");
        FilterInvocation fi = new FilterInvocation(req, new MockHttpServletResponse(), new MockFilterChain());
        ConfigAttributeDefinition response = map.lookupAttributes(fi.getRequestUrl());
        assertEquals(def, response);
    }
 }
--- a/core/src/test/java/org/springframework/security/util/FilterChainProxyTests.java
+++ b/core/src/test/java/org/springframework/security/util/FilterChainProxyTests.java
@ -30,7 +30,7 @@ import org.springframework.security.MockApplicationContext;
 import org.springframework.security.MockFilterConfig;
 import org.springframework.security.context.HttpSessionContextIntegrationFilter;
 import org.springframework.security.intercept.web.MockFilterInvocationDefinitionSource;
-import org.springframework.security.intercept.web.PathBasedFilterInvocationDefinitionMap;
+import org.springframework.security.intercept.web.DefaultFilterInvocationDefinitionSource;
 import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;
 import java.util.List;
@ -82,7 +82,8 @@ public class FilterChainProxyTests {
        ConfigAttributeDefinition cad = new ConfigAttributeDefinition();
        cad.addConfigAttribute(new MockConfigAttribute());
-        PathBasedFilterInvocationDefinitionMap fids = new PathBasedFilterInvocationDefinitionMap();
+        DefaultFilterInvocationDefinitionSource fids =
                new DefaultFilterInvocationDefinitionSource(new AntUrlPathMatcher());
        fids.addSecureUrl("/**", cad);
        filterChainProxy.setFilterInvocationDefinitionSource(fids);