Changes to namespace reinstating authentication-provider element in preference to "repository" to wrap convey that a user-service will be used as to authenticate against. Also introduced separate password-encoder element for use within authentication-provider.

This commit is contained in:
Luke Taylor 2007-12-21 15:50:56 +00:00
parent 70286f1197
commit cf80292de3
23 changed files with 455 additions and 395 deletions

View File

@ -10,11 +10,11 @@ http://www.springframework.org/schema/security http://www.springframework.org/sc
<annotation-driven/> <annotation-driven/>
<repository> <authentication-provider>
<user-service> <user-service>
<user name="bob" password="bobspassword" authorities="ROLE_A,ROLE_B" /> <user name="bob" password="bobspassword" authorities="ROLE_A,ROLE_B" />
<user name="bill" password="billspassword" authorities="ROLE_A,ROLE_B,AUTH_OTHER" /> <user name="bill" password="billspassword" authorities="ROLE_A,ROLE_B,AUTH_OTHER" />
</user-service> </user-service>
</repository> </authentication-provider>
</b:beans> </b:beans>

View File

@ -0,0 +1,31 @@
package org.springframework.security.config;
import org.springframework.beans.factory.xml.AbstractSingleBeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.beans.factory.support.AbstractBeanDefinition;
import org.springframework.beans.factory.BeanDefinitionStoreException;
import org.springframework.util.StringUtils;
import org.w3c.dom.Element;
/**
* @author Luke Taylor
* @version $Id$
*/
public class AbstractUserDetailsServiceBeanDefinitionParser extends AbstractSingleBeanDefinitionParser {
protected String resolveId(Element element, AbstractBeanDefinition definition, ParserContext parserContext) throws BeanDefinitionStoreException {
String id = super.resolveId(element, definition, parserContext);
if (StringUtils.hasText(id)) {
return id;
}
if (parserContext.getRegistry().containsBeanDefinition(BeanIds.USER_DETAILS_SERVICE)) {
throw new SecurityConfigurationException("No id supplied in <" + element.getNodeName() + "> and another " +
"bean is already registered as " + BeanIds.USER_DETAILS_SERVICE);
}
return BeanIds.USER_DETAILS_SERVICE;
}
}

View File

@ -1,18 +1,67 @@
package org.springframework.security.config; package org.springframework.security.config;
import org.springframework.security.providers.dao.DaoAuthenticationProvider;
import org.springframework.beans.factory.config.BeanDefinition; import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.beans.factory.config.RuntimeBeanReference;
import org.springframework.beans.factory.xml.BeanDefinitionParser; import org.springframework.beans.factory.xml.BeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext; import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.util.xml.DomUtils;
import org.springframework.util.StringUtils;
import org.w3c.dom.Element; import org.w3c.dom.Element;
/** /**
* Wraps a UserDetailsService bean with a DaoAuthenticationProvider and registers the latter with the
* ProviderManager.
*
* @author Luke Taylor * @author Luke Taylor
* @version $Id$ * @version $Id$
*/ */
class AuthenticationProviderBeanDefinitionParser implements BeanDefinitionParser { class AuthenticationProviderBeanDefinitionParser implements BeanDefinitionParser {
private static String ATT_REF = "ref";
static final String ATT_DATA_SOURCE = "data-source";
public BeanDefinition parse(Element element, ParserContext parserContext) { public BeanDefinition parse(Element element, ParserContext parserContext) {
// TODO: Proper implementation RootBeanDefinition authProvider = new RootBeanDefinition(DaoAuthenticationProvider.class);
Element passwordEncoderElt = DomUtils.getChildElementByTagName(element, Elements.PASSWORD_ENCODER);
if (passwordEncoderElt != null) {
//TODO: Parse password encoder object and add to dao provider
}
ConfigUtils.getRegisteredProviders(parserContext).add(authProvider);
String ref = element.getAttribute(ATT_REF);
Element userServiceElt = DomUtils.getChildElementByTagName(element, Elements.USER_SERVICE);
Element jdbcUserServiceElt = DomUtils.getChildElementByTagName(element, Elements.JDBC_USER_SERVICE);
if (StringUtils.hasText(ref)) {
if (userServiceElt != null || jdbcUserServiceElt != null) {
throw new SecurityConfigurationException("The ref attribute cannot be used in combination with child" +
"elements '" + Elements.USER_SERVICE + "' or '" + Elements.JDBC_USER_SERVICE + "'");
}
authProvider.getPropertyValues().addPropertyValue("userDetailsService", new RuntimeBeanReference(ref));
return null;
}
// Use the child elements to create the UserDetailsService
BeanDefinition userDetailsService;
if (userServiceElt != null) {
userDetailsService = new UserServiceBeanDefinitionParser().parse(userServiceElt, parserContext);
} else if (jdbcUserServiceElt != null) {
userDetailsService = new UserServiceBeanDefinitionParser().parse(userServiceElt, parserContext);
} else {
throw new SecurityConfigurationException(Elements.AUTHENTICATION_PROVIDER
+ " requireds a UserDetailsService" );
}
authProvider.getPropertyValues().addPropertyValue("userDetailsService", userDetailsService);
return null; return null;
} }
} }

View File

@ -6,7 +6,7 @@ package org.springframework.security.config;
* @author Ben Alex * @author Ben Alex
* @version $Id$ * @version $Id$
*/ */
public class BeanIds { public abstract class BeanIds {
/** Package protected as end users shouldn't really be using this BFPP directly */ /** Package protected as end users shouldn't really be using this BFPP directly */
static final String INTERCEPT_METHODS_BEAN_FACTORY_POST_PROCESSOR = "_interceptMethodsBeanfactoryPP"; static final String INTERCEPT_METHODS_BEAN_FACTORY_POST_PROCESSOR = "_interceptMethodsBeanfactoryPP";

View File

@ -117,9 +117,7 @@ public abstract class ConfigUtils {
throw new IllegalArgumentException("More than one AuthenticationManager registered."); throw new IllegalArgumentException("More than one AuthenticationManager registered.");
} }
AuthenticationManager accessMgr = (AuthenticationManager) authManagers.values().toArray()[0]; return (AuthenticationManager) authManagers.values().toArray()[0];
return accessMgr;
} }
static ManagedList getRegisteredProviders(ParserContext parserContext) { static ManagedList getRegisteredProviders(ParserContext parserContext) {

View File

@ -6,15 +6,13 @@ package org.springframework.security.config;
* @author Ben Alex * @author Ben Alex
* @version $Id$ * @version $Id$
*/ */
class Elements { abstract class Elements {
public static final String USER_SERVICE = "user-service"; public static final String USER_SERVICE = "user-service";
public static final String JDBC_USER_SERVICE = "jdbc-user-service"; public static final String JDBC_USER_SERVICE = "jdbc-user-service";
public static final String CUSTOM_USER_SERVICE = "custom-user-service";
public static final String FILTER_CHAIN_MAP = "filter-chain-map"; public static final String FILTER_CHAIN_MAP = "filter-chain-map";
public static final String INTERCEPT_METHODS = "intercept-methods"; public static final String INTERCEPT_METHODS = "intercept-methods";
public static final String AUTHENTICATION_PROVIDER = "authentication-provider"; public static final String AUTHENTICATION_PROVIDER = "authentication-provider";
public static final String REPOSITORY = "repository";
public static final String HTTP = "http"; public static final String HTTP = "http";
public static final String LDAP = "ldap"; public static final String LDAP = "ldap";
public static final String PROTECT = "protect"; public static final String PROTECT = "protect";
@ -26,5 +24,6 @@ class Elements {
public static final String ANONYMOUS = "anonymous"; public static final String ANONYMOUS = "anonymous";
public static final String FILTER_CHAIN = "filter-chain"; public static final String FILTER_CHAIN = "filter-chain";
public static final String ANNOTATION_DRIVEN = "annotation-driven"; public static final String ANNOTATION_DRIVEN = "annotation-driven";
public static final String PASSWORD_ENCODER = "password-encoder";
public static final String SALT_SOURCE = "salt-source";
} }

View File

@ -0,0 +1,31 @@
package org.springframework.security.config;
import org.springframework.security.userdetails.jdbc.JdbcUserDetailsManager;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.w3c.dom.Element;
/**
* @author Luke Taylor
* @version $Id$
*/
public class JdbcUserServiceBeanDefinitionParser extends AbstractUserDetailsServiceBeanDefinitionParser {
static final String ATT_DATA_SOURCE = "data-source";
protected Class getBeanClass(Element element) {
return JdbcUserDetailsManager.class;
}
protected void doParse(Element element, BeanDefinitionBuilder builder) {
// TODO: Set authenticationManager property
String dataSource = element.getAttribute(ATT_DATA_SOURCE);
// An explicit dataSource was specified, so use it
if (dataSource != null) {
builder.addPropertyReference("dataSource", dataSource);
} else {
// TODO: Have some sensible fallback if dataSource not specified, eg autowire
throw new SecurityConfigurationException(ATT_DATA_SOURCE + " is required for "
+ Elements.JDBC_USER_SERVICE );
}
}
}

View File

@ -0,0 +1,88 @@
package org.springframework.security.config;
import org.springframework.security.providers.encoding.Md4PasswordEncoder;
import org.springframework.security.providers.encoding.Md5PasswordEncoder;
import org.springframework.security.providers.encoding.ShaPasswordEncoder;
import org.springframework.security.providers.encoding.BaseDigestPasswordEncoder;
import org.springframework.security.providers.ldap.authenticator.LdapShaPasswordEncoder;
import org.springframework.beans.factory.xml.BeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.util.StringUtils;
import org.springframework.util.xml.DomUtils;
import org.w3c.dom.Element;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import java.util.Map;
import java.util.HashMap;
/**
* Stateful parser for the <password-encoder> element.
*
* Will produce a PasswordEncoder and (optionally) a SaltSource.
*
* @author Luke Taylor
* @version $Id$
*/
public class PasswordEncoderParser {
static final String ATT_REF = "ref";
static final String ATT_HASH = "hash";
static final String ATT_BASE_64 = "base64";
static final String OPT_HASH_SHA = "sha";
static final String OPT_HASH_MD4 = "md4";
static final String OPT_HASH_MD5 = "md5";
static final String OPT_HASH_LDAP_SHA = "{sha}";
static final Map ENCODER_CLASSES;
static {
ENCODER_CLASSES = new HashMap();
ENCODER_CLASSES.put(OPT_HASH_SHA, ShaPasswordEncoder.class);
ENCODER_CLASSES.put(OPT_HASH_MD4, Md4PasswordEncoder.class);
ENCODER_CLASSES.put(OPT_HASH_MD5, Md5PasswordEncoder.class);
ENCODER_CLASSES.put(OPT_HASH_LDAP_SHA, LdapShaPasswordEncoder.class);
}
private Log logger = LogFactory.getLog(getClass());
private BeanDefinition passwordEncoder;
private BeanDefinition saltSource;
public PasswordEncoderParser(Element element, ParserContext parserContext) {
parse(element, parserContext);
}
private void parse(Element element, ParserContext parserContext) {
String hash = element.getAttribute(ATT_HASH);
boolean useBase64 = StringUtils.hasText(element.getAttribute(ATT_BASE_64));
Class beanClass = (Class) ENCODER_CLASSES.get(hash);
passwordEncoder = new RootBeanDefinition(beanClass);
if (useBase64) {
if (beanClass.isAssignableFrom(BaseDigestPasswordEncoder.class)) {
passwordEncoder.getPropertyValues().addPropertyValue("encodeHashAsBase64", "true");
} else {
logger.warn(ATT_BASE_64 + " isn't compatible with " + OPT_HASH_LDAP_SHA + " and will be ignored");
}
}
Element saltSourceElt = DomUtils.getChildElementByTagName(element, Elements.SALT_SOURCE);
if (saltSourceElt != null) {
saltSource = new SaltSourceBeanDefinitionParser().parse(saltSourceElt, parserContext);
}
}
public BeanDefinition getPasswordEncoder() {
return passwordEncoder;
}
public BeanDefinition getSaltSource() {
return saltSource;
}
}

View File

@ -1,119 +0,0 @@
package org.springframework.security.config;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.beans.factory.xml.BeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.security.providers.dao.DaoAuthenticationProvider;
import org.springframework.security.providers.encoding.Md4PasswordEncoder;
import org.springframework.security.providers.encoding.Md5PasswordEncoder;
import org.springframework.security.providers.encoding.PasswordEncoder;
import org.springframework.security.providers.encoding.PlaintextPasswordEncoder;
import org.springframework.security.providers.encoding.ShaPasswordEncoder;
import org.springframework.security.userdetails.jdbc.JdbcUserDetailsManager;
import org.springframework.util.StringUtils;
import org.springframework.util.xml.DomUtils;
import org.w3c.dom.Element;
/**
* Processes the top-level "repository" element.
*
* <p>A "repository" element is used to indicate a UserDetailsService or equivalent.
*
* @author Ben Alex
* @version $Id$
*/
class RepositoryBeanDefinitionParser implements BeanDefinitionParser {
static final String ATT_DATA_SOURCE = "data-source";
static final String ATT_REF = "ref";
static final String ATT_CREATE_PROVIDER = "create-provider";
static final String DEF_CREATE_PROVIDER = "true";
static final String ATT_HASH = "hash";
static final String DEF_HASH_PLAINTEXT = "plaintext";
static final String OPT_HASH_SHA_HEX = "sha-hex";
static final String OPT_HASH_SHA_BASE64 = "sha-base64";
static final String OPT_HASH_MD4_HEX = "md4-hex";
static final String OPT_HASH_MD4_BASE64 = "md4-base64";
static final String OPT_HASH_MD5_HEX = "md5-hex";
static final String OPT_HASH_MD5_BASE64 = "md5-base64";
public BeanDefinition parse(Element element, ParserContext parserContext) {
boolean createProvider = true;
String createProviderAtt = element.getAttribute(ATT_CREATE_PROVIDER);
if (StringUtils.hasText(createProviderAtt) && "false".equals(createProviderAtt)) {
createProvider = false;
}
if (createProvider) {
ConfigUtils.registerProviderManagerIfNecessary(parserContext);
}
Element userServiceElt = DomUtils.getChildElementByTagName(element, Elements.USER_SERVICE);
Element jdbcUserServiceElt = DomUtils.getChildElementByTagName(element, Elements.JDBC_USER_SERVICE);
Element customUserServiceElt = DomUtils.getChildElementByTagName(element, Elements.CUSTOM_USER_SERVICE);
if (userServiceElt != null) {
BeanDefinition userDetailsService = new UserServiceBeanDefinitionParser().parse(userServiceElt, parserContext);
createDaoAuthenticationProviderIfRequired(createProvider, userServiceElt.getAttribute(ATT_HASH), userDetailsService, parserContext);
}
if (jdbcUserServiceElt != null) {
// TODO: Set authenticationManager property
// TODO: Have some sensible fallback if dataSource not specified, eg autowire
BeanDefinitionBuilder builder = BeanDefinitionBuilder.rootBeanDefinition(JdbcUserDetailsManager.class);
String dataSource = jdbcUserServiceElt.getAttribute(ATT_DATA_SOURCE);
// An explicit dataSource was specified, so use it
builder.addPropertyReference("dataSource", dataSource);
parserContext.getRegistry().registerBeanDefinition(BeanIds.JDBC_USER_DETAILS_MANAGER, builder.getBeanDefinition());
createDaoAuthenticationProviderIfRequired(createProvider, jdbcUserServiceElt.getAttribute(ATT_HASH), builder.getBeanDefinition(), parserContext);
}
if (customUserServiceElt != null) {
String ref = customUserServiceElt.getAttribute(ATT_REF);
BeanDefinition userDetailsService = parserContext.getRegistry().getBeanDefinition(ref);
createDaoAuthenticationProviderIfRequired(createProvider, customUserServiceElt.getAttribute(ATT_HASH), userDetailsService, parserContext);
}
return null;
}
private void createDaoAuthenticationProviderIfRequired(boolean createProvider, String hash, BeanDefinition userDetailsService, ParserContext parserContext) {
if (createProvider) {
if (!StringUtils.hasText(hash)) {
hash = DEF_HASH_PLAINTEXT;
}
RootBeanDefinition authProvider = new RootBeanDefinition(DaoAuthenticationProvider.class);
authProvider.getPropertyValues().addPropertyValue("userDetailsService", userDetailsService);
PasswordEncoder pwdEnc = null;
if (OPT_HASH_MD4_HEX.equals(hash)) {
pwdEnc = new Md4PasswordEncoder();
((Md4PasswordEncoder)pwdEnc).setEncodeHashAsBase64(false);
} else if (OPT_HASH_MD4_BASE64.equals(hash)) {
pwdEnc = new Md4PasswordEncoder();
((Md4PasswordEncoder)pwdEnc).setEncodeHashAsBase64(true);
} else if (OPT_HASH_MD5_HEX.equals(hash)) {
pwdEnc = new Md5PasswordEncoder();
((Md5PasswordEncoder)pwdEnc).setEncodeHashAsBase64(false);
} else if (OPT_HASH_MD5_BASE64.equals(hash)) {
pwdEnc = new Md5PasswordEncoder();
((Md5PasswordEncoder)pwdEnc).setEncodeHashAsBase64(true);
} else if (OPT_HASH_SHA_HEX.equals(hash)) {
pwdEnc = new ShaPasswordEncoder();
((ShaPasswordEncoder)pwdEnc).setEncodeHashAsBase64(false);
} else if (OPT_HASH_SHA_BASE64.equals(hash)) {
pwdEnc = new ShaPasswordEncoder();
((ShaPasswordEncoder)pwdEnc).setEncodeHashAsBase64(true);
} else {
pwdEnc = new PlaintextPasswordEncoder();
}
authProvider.getPropertyValues().addPropertyValue("passwordEncoder", pwdEnc);
ConfigUtils.getRegisteredProviders(parserContext).add(authProvider);
}
}
}

View File

@ -0,0 +1,43 @@
package org.springframework.security.config;
import org.springframework.security.providers.dao.salt.ReflectionSaltSource;
import org.springframework.security.providers.dao.salt.SystemWideSaltSource;
import org.springframework.beans.factory.xml.BeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.util.StringUtils;
import org.w3c.dom.Element;
/**
* @author Luke Taylor
* @version $Id$
*/
public class SaltSourceBeanDefinitionParser implements BeanDefinitionParser {
static final String ATT_USER_PROPERTY = "user-property";
static final String ATT_SYSTEM_WIDE = "system-wide";
public BeanDefinition parse(Element element, ParserContext parserContext) {
BeanDefinition saltSource;
String userProperty = element.getAttribute(ATT_USER_PROPERTY);
if (StringUtils.hasText(userProperty)) {
saltSource = new RootBeanDefinition(ReflectionSaltSource.class);
saltSource.getPropertyValues().addPropertyValue("userPropertyToUse", userProperty);
return saltSource;
}
String systemWideSalt = element.getAttribute(ATT_SYSTEM_WIDE);
if (StringUtils.hasText(systemWideSalt)) {
saltSource = new RootBeanDefinition(SystemWideSaltSource.class);
saltSource.getPropertyValues().addPropertyValue("systemWideSalt", systemWideSalt);
return saltSource;
}
throw new SecurityConfigurationException(Elements.SALT_SOURCE + " requires an attribute");
}
}

View File

@ -16,7 +16,7 @@ public class SecurityNamespaceHandler extends NamespaceHandlerSupport {
registerBeanDefinitionParser(Elements.LDAP, new LdapBeanDefinitionParser()); registerBeanDefinitionParser(Elements.LDAP, new LdapBeanDefinitionParser());
registerBeanDefinitionParser(Elements.HTTP, new HttpSecurityBeanDefinitionParser()); registerBeanDefinitionParser(Elements.HTTP, new HttpSecurityBeanDefinitionParser());
registerBeanDefinitionParser(Elements.USER_SERVICE, new UserServiceBeanDefinitionParser()); registerBeanDefinitionParser(Elements.USER_SERVICE, new UserServiceBeanDefinitionParser());
registerBeanDefinitionParser(Elements.REPOSITORY, new RepositoryBeanDefinitionParser()); registerBeanDefinitionParser(Elements.JDBC_USER_SERVICE, new JdbcUserServiceBeanDefinitionParser());
registerBeanDefinitionParser(Elements.AUTHENTICATION_PROVIDER, new AuthenticationProviderBeanDefinitionParser()); registerBeanDefinitionParser(Elements.AUTHENTICATION_PROVIDER, new AuthenticationProviderBeanDefinitionParser());
registerBeanDefinitionParser(Elements.ANNOTATION_DRIVEN, new AnnotationDrivenBeanDefinitionParser()); registerBeanDefinitionParser(Elements.ANNOTATION_DRIVEN, new AnnotationDrivenBeanDefinitionParser());

View File

@ -1,16 +1,11 @@
package org.springframework.security.config; package org.springframework.security.config;
import org.springframework.beans.factory.xml.AbstractSingleBeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.beans.factory.support.BeanDefinitionBuilder; import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.springframework.beans.factory.support.AbstractBeanDefinition;
import org.springframework.beans.factory.BeanDefinitionStoreException;
import org.springframework.security.userdetails.memory.InMemoryDaoImpl; import org.springframework.security.userdetails.memory.InMemoryDaoImpl;
import org.springframework.security.userdetails.memory.UserMap; import org.springframework.security.userdetails.memory.UserMap;
import org.springframework.security.userdetails.User; import org.springframework.security.userdetails.User;
import org.springframework.security.util.AuthorityUtils; import org.springframework.security.util.AuthorityUtils;
import org.springframework.util.xml.DomUtils; import org.springframework.util.xml.DomUtils;
import org.springframework.util.StringUtils;
import org.w3c.dom.Element; import org.w3c.dom.Element;
import java.util.List; import java.util.List;
@ -21,7 +16,7 @@ import java.util.Iterator;
* @author Ben Alex * @author Ben Alex
* @version $Id$ * @version $Id$
*/ */
public class UserServiceBeanDefinitionParser extends AbstractSingleBeanDefinitionParser { public class UserServiceBeanDefinitionParser extends AbstractUserDetailsServiceBeanDefinitionParser {
static final String ATT_PASSWORD = "password"; static final String ATT_PASSWORD = "password";
static final String ATT_NAME = "name"; static final String ATT_NAME = "name";
@ -47,16 +42,4 @@ public class UserServiceBeanDefinitionParser extends AbstractSingleBeanDefinitio
builder.addPropertyValue("userMap", users); builder.addPropertyValue("userMap", users);
} }
protected String resolveId(Element element, AbstractBeanDefinition definition, ParserContext parserContext) throws BeanDefinitionStoreException {
String id = super.resolveId(element, definition, parserContext);
if (StringUtils.hasText(id)) {
return id;
}
// TODO: Check for duplicate using default id here.
return BeanIds.USER_DETAILS_SERVICE;
}
} }

View File

@ -6,11 +6,15 @@ datatypes xsd = "http://www.w3.org/2001/XMLSchema-datatypes"
default namespace = "http://www.springframework.org/schema/security" default namespace = "http://www.springframework.org/schema/security"
start = http | ldap | repository start = http | ldap
hash = hash =
## Defines the type of hashing used on user passwords. If unspecified, "plaintext" is nominated, which indicates that the passwords are not hashed. We recommend strongly against using MD4, as it is a very weak hashing algorithm. ## Defines the hashing algorithm used on user passwords. We recommend strongly against using MD4, as it is a very weak hashing algorithm.
attribute hash {"plaintext" | "sha-hex" | "sha-base64" | "md5-hex" | "md5-base64" | "md4-hex" | "md4-base64"} attribute hash {"sha" | "md5" | "md4" | "{sha}" | "{ssha}"}
base64 =
## Whether a string should be base64 encoded
attribute base64 {"true" | "false"}
path-type = path-type =
## Defines the type of pattern used to specify URL paths (either JDK 1.4-compatible regular expressions, or Apache Ant expressions). Defaults to "ant" if unspecified. ## Defines the type of pattern used to specify URL paths (either JDK 1.4-compatible regular expressions, or Apache Ant expressions). Defaults to "ant" if unspecified.
@ -24,6 +28,27 @@ url =
## Specifies a URL. ## Specifies a URL.
attribute url { xsd:string } attribute url { xsd:string }
id =
## A bean identifier, used for referring to the bean elsewhere in the context.
attribute id {xsd:ID}
ref =
## Defines a reference to a Spring bean id.
attribute ref {xsd:IDREF}
password-encoder =
## element which defines a password encoding strategy. Used by an authentication provider to convert submitted passwords to hashed versions, for example.
element password-encoder {ref | (hash? & base64? & salt-source*)}
salt-source =
element salt-source {user-property | system-wide}
user-property =
## A property of the UserDetails object which will be used as salt by a password encoder. Typically something like "username" might be used.
attribute user-property {xsd:string}
system-wide =
## A single value that will be used as the salt for a password encoder.
attribute system-wide {xsd:string}
ldap = ldap =
## Sets up an ldap authentication provider, optionally with an embedded ldap server ## Sets up an ldap authentication provider, optionally with an embedded ldap server
element ldap {ldap.attlist, empty} element ldap {ldap.attlist, empty}
@ -33,7 +58,7 @@ ldap.attlist &=
ldap.attlist &= ldap.attlist &=
## Explicitly specify an ldif file resource to load into the embedded server ## Explicitly specify an ldif file resource to load into the embedded server
[ a:defaultValue = "classpath:*.ldif" ] attribute ldif { xsd:string }? [ a:defaultValue = "classpath*:*.ldif" ] attribute ldif { xsd:string }?
intercept-methods = intercept-methods =
## Can be used inside a bean definition to add a security interceptor to the bean and set up access configuration attributes for the bean's methods ## Can be used inside a bean definition to add a security interceptor to the bean and set up access configuration attributes for the bean's methods
@ -179,17 +204,15 @@ anonymous.attlist &=
## The granted authority that should be assigned to the anonymous request. Commonly this is used to assign the anonymous request particular roles, which can subsequently be used in authorization decisions. If unset, defaults to "ROLE_ANONYMOUS". ## The granted authority that should be assigned to the anonymous request. Commonly this is used to assign the anonymous request particular roles, which can subsequently be used in authorization decisions. If unset, defaults to "ROLE_ANONYMOUS".
attribute granted-authority {xsd:string}? attribute granted-authority {xsd:string}?
repository = authentication-provider =
element repository {repository.attlist, (user-service | jdbc-user-service | custom-user-service)} ## Indicates that the contained user-service should be used as an authentication source. May either refer to an external UserDetailsService bean by id (using the "ref" attribute) or contain a child element which creates the service.
repository.attlist &= element authentication-provider {(ref | (user-service | jdbc-user-service)) & password-encoder}
## Indicates the repository should have an authentication provider created. If unspecified, defaults to true. ap.attlist &=
attribute create-provider {"true" | "false"}? attribute ref {xsd:IDREF}
user-service = user-service =
element user-service {user-service.attlist, (user*)} element user-service {id? & (properties-file | (user*))}
user-service.attlist &= properties-file =
hash?
user-service.attlist &=
attribute properties {xsd:string}* attribute properties {xsd:string}*
user = user =
@ -207,19 +230,7 @@ user.attlist &=
jdbc-user-service = jdbc-user-service =
## Causes creation of a JDBC-based UserDetailsService. ## Causes creation of a JDBC-based UserDetailsService.
element jdbc-user-service {jdbc-user-service.attlist} element jdbc-user-service {id? & jdbc-user-service.attlist}
jdbc-user-service.attlist &=
hash?
jdbc-user-service.attlist &= jdbc-user-service.attlist &=
## The bean ID of the DataSource which provides the required tables. ## The bean ID of the DataSource which provides the required tables.
attribute data-source {xsd:string} attribute data-source {xsd:string}
custom-user-service =
## Represents a UserDetailsService implementation that has been provided by you. Registration here will automate the creation of a DaoAuthenticationProvider that delegates to your UserDetailsService implementation.
element custom-user-service {custom-user-service.attlist}
custom-user-service.attlist &=
hash?
custom-user-service.attlist &=
## The bean ID of your custom UserDetailsService implementation.
attribute ref {xsd:string}

View File

@ -3,17 +3,28 @@
<xs:attributeGroup name="hash"> <xs:attributeGroup name="hash">
<xs:attribute name="hash" use="required"> <xs:attribute name="hash" use="required">
<xs:annotation> <xs:annotation>
<xs:documentation>Defines the type of hashing used on user passwords. If unspecified, "plaintext" is nominated, which indicates that the passwords are not hashed. We recommend strongly against using MD4, as it is a very weak hashing algorithm.</xs:documentation> <xs:documentation>Defines the hashing algorithm used on user passwords. We recommend strongly against using MD4, as it is a very weak hashing algorithm.</xs:documentation>
</xs:annotation> </xs:annotation>
<xs:simpleType> <xs:simpleType>
<xs:restriction base="xs:token"> <xs:restriction base="xs:token">
<xs:enumeration value="plaintext"/> <xs:enumeration value="sha"/>
<xs:enumeration value="sha-hex"/> <xs:enumeration value="md5"/>
<xs:enumeration value="sha-base64"/> <xs:enumeration value="md4"/>
<xs:enumeration value="md5-hex"/> <xs:enumeration value="{sha}"/>
<xs:enumeration value="md5-base64"/> <xs:enumeration value="{ssha}"/>
<xs:enumeration value="md4-hex"/> </xs:restriction>
<xs:enumeration value="md4-base64"/> </xs:simpleType>
</xs:attribute>
</xs:attributeGroup>
<xs:attributeGroup name="base64">
<xs:attribute name="base64" use="required">
<xs:annotation>
<xs:documentation>Whether a string should be base64 encoded</xs:documentation>
</xs:annotation>
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value="true"/>
<xs:enumeration value="false"/>
</xs:restriction> </xs:restriction>
</xs:simpleType> </xs:simpleType>
</xs:attribute> </xs:attribute>
@ -45,6 +56,88 @@
</xs:annotation> </xs:annotation>
</xs:attribute> </xs:attribute>
</xs:attributeGroup> </xs:attributeGroup>
<xs:attributeGroup name="id">
<xs:attribute name="id" use="required" type="xs:ID">
<xs:annotation>
<xs:documentation>A bean identifier, used for referring to the bean elsewhere in the context.</xs:documentation>
</xs:annotation>
</xs:attribute>
</xs:attributeGroup>
<xs:attributeGroup name="ref">
<xs:attribute name="ref" use="required" type="xs:IDREF">
<xs:annotation>
<xs:documentation>Defines a reference to a Spring bean id.</xs:documentation>
</xs:annotation>
</xs:attribute>
</xs:attributeGroup>
<xs:element name="password-encoder">
<xs:annotation>
<xs:documentation>element which defines a password encoding strategy. Used by an authentication provider to convert submitted passwords to hashed versions, for example.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:element minOccurs="0" maxOccurs="unbounded" ref="security:salt-source"/>
</xs:sequence>
<xs:attribute name="ref" type="xs:IDREF">
<xs:annotation>
<xs:documentation>Defines a reference to a Spring bean id.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="hash">
<xs:annotation>
<xs:documentation>Defines the hashing algorithm used on user passwords. We recommend strongly against using MD4, as it is a very weak hashing algorithm.</xs:documentation>
</xs:annotation>
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value="sha"/>
<xs:enumeration value="md5"/>
<xs:enumeration value="md4"/>
<xs:enumeration value="{sha}"/>
<xs:enumeration value="{ssha}"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
<xs:attribute name="base64">
<xs:annotation>
<xs:documentation>Whether a string should be base64 encoded</xs:documentation>
</xs:annotation>
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value="true"/>
<xs:enumeration value="false"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
</xs:complexType>
</xs:element>
<xs:element name="salt-source">
<xs:complexType>
<xs:attribute name="user-property" type="xs:string">
<xs:annotation>
<xs:documentation>A property of the UserDetails object which will be used as salt by a password encoder. Typically something like "username" might be used. </xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="system-wide" type="xs:string">
<xs:annotation>
<xs:documentation>A single value that will be used as the salt for a password encoder. </xs:documentation>
</xs:annotation>
</xs:attribute>
</xs:complexType>
</xs:element>
<xs:attributeGroup name="user-property">
<xs:attribute name="user-property" use="required" type="xs:string">
<xs:annotation>
<xs:documentation>A property of the UserDetails object which will be used as salt by a password encoder. Typically something like "username" might be used. </xs:documentation>
</xs:annotation>
</xs:attribute>
</xs:attributeGroup>
<xs:attributeGroup name="system-wide">
<xs:attribute name="system-wide" use="required" type="xs:string">
<xs:annotation>
<xs:documentation>A single value that will be used as the salt for a password encoder. </xs:documentation>
</xs:annotation>
</xs:attribute>
</xs:attributeGroup>
<xs:element name="ldap"> <xs:element name="ldap">
<xs:annotation> <xs:annotation>
<xs:documentation>Sets up an ldap authentication provider, optionally with an embedded ldap server</xs:documentation> <xs:documentation>Sets up an ldap authentication provider, optionally with an embedded ldap server</xs:documentation>
@ -64,7 +157,7 @@
<xs:documentation>Specifies an IP port number. Used to configure an embedded LDAP server, for example.</xs:documentation> <xs:documentation>Specifies an IP port number. Used to configure an embedded LDAP server, for example.</xs:documentation>
</xs:annotation> </xs:annotation>
</xs:attribute> </xs:attribute>
<xs:attribute name="ldif" default="classpath:*.ldif" type="xs:string"> <xs:attribute name="ldif" default="classpath*:*.ldif" type="xs:string">
<xs:annotation> <xs:annotation>
<xs:documentation>Explicitly specify an ldif file resource to load into the embedded server</xs:documentation> <xs:documentation>Explicitly specify an ldif file resource to load into the embedded server</xs:documentation>
</xs:annotation> </xs:annotation>
@ -380,54 +473,42 @@
</xs:annotation> </xs:annotation>
</xs:attribute> </xs:attribute>
</xs:attributeGroup> </xs:attributeGroup>
<xs:element name="repository"> <xs:element name="authentication-provider">
<xs:annotation>
<xs:documentation>Indicates that the contained user-service should be used as an authentication source. May either refer to an external UserDetailsService bean by id (using the "ref" attribute) or contain a child element which creates the service. </xs:documentation>
</xs:annotation>
<xs:complexType> <xs:complexType>
<xs:choice minOccurs="0" maxOccurs="unbounded">
<xs:choice> <xs:choice>
<xs:element ref="security:user-service"/> <xs:element ref="security:user-service"/>
<xs:element ref="security:jdbc-user-service"/> <xs:element ref="security:jdbc-user-service"/>
<xs:element ref="security:custom-user-service"/>
</xs:choice> </xs:choice>
<xs:attributeGroup ref="security:repository.attlist"/> <xs:element ref="security:password-encoder"/>
</xs:choice>
<xs:attribute name="ref" type="xs:IDREF">
<xs:annotation>
<xs:documentation>Defines a reference to a Spring bean id.</xs:documentation>
</xs:annotation>
</xs:attribute>
</xs:complexType> </xs:complexType>
</xs:element> </xs:element>
<xs:attributeGroup name="repository.attlist"> <xs:attributeGroup name="ap.attlist">
<xs:attribute name="create-provider"> <xs:attribute name="ref" use="required" type="xs:IDREF"/>
<xs:annotation>
<xs:documentation>Indicates the repository should have an authentication provider created. If unspecified, defaults to true.</xs:documentation>
</xs:annotation>
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value="true"/>
<xs:enumeration value="false"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
</xs:attributeGroup> </xs:attributeGroup>
<xs:element name="user-service"> <xs:element name="user-service">
<xs:complexType> <xs:complexType>
<xs:sequence> <xs:sequence>
<xs:element minOccurs="0" maxOccurs="unbounded" ref="security:user"/> <xs:element minOccurs="0" maxOccurs="unbounded" ref="security:user"/>
</xs:sequence> </xs:sequence>
<xs:attributeGroup ref="security:user-service.attlist"/> <xs:attribute name="id" type="xs:ID">
<xs:annotation>
<xs:documentation>A bean identifier, used for referring to the bean elsewhere in the context.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attributeGroup ref="security:properties-file"/>
</xs:complexType> </xs:complexType>
</xs:element> </xs:element>
<xs:attributeGroup name="user-service.attlist"> <xs:attributeGroup name="properties-file">
<xs:attribute name="hash">
<xs:annotation>
<xs:documentation>Defines the type of hashing used on user passwords. If unspecified, "plaintext" is nominated, which indicates that the passwords are not hashed. We recommend strongly against using MD4, as it is a very weak hashing algorithm.</xs:documentation>
</xs:annotation>
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value="plaintext"/>
<xs:enumeration value="sha-hex"/>
<xs:enumeration value="sha-base64"/>
<xs:enumeration value="md5-hex"/>
<xs:enumeration value="md5-base64"/>
<xs:enumeration value="md4-hex"/>
<xs:enumeration value="md4-base64"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
<xs:attribute name="properties" type="xs:string"/> <xs:attribute name="properties" type="xs:string"/>
</xs:attributeGroup> </xs:attributeGroup>
<xs:element name="user"> <xs:element name="user">
@ -460,61 +541,19 @@
<xs:documentation>Causes creation of a JDBC-based UserDetailsService.</xs:documentation> <xs:documentation>Causes creation of a JDBC-based UserDetailsService.</xs:documentation>
</xs:annotation> </xs:annotation>
<xs:complexType> <xs:complexType>
<xs:attribute name="id" type="xs:ID">
<xs:annotation>
<xs:documentation>A bean identifier, used for referring to the bean elsewhere in the context.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attributeGroup ref="security:jdbc-user-service.attlist"/> <xs:attributeGroup ref="security:jdbc-user-service.attlist"/>
</xs:complexType> </xs:complexType>
</xs:element> </xs:element>
<xs:attributeGroup name="jdbc-user-service.attlist"> <xs:attributeGroup name="jdbc-user-service.attlist">
<xs:attribute name="hash">
<xs:annotation>
<xs:documentation>Defines the type of hashing used on user passwords. If unspecified, "plaintext" is nominated, which indicates that the passwords are not hashed. We recommend strongly against using MD4, as it is a very weak hashing algorithm.</xs:documentation>
</xs:annotation>
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value="plaintext"/>
<xs:enumeration value="sha-hex"/>
<xs:enumeration value="sha-base64"/>
<xs:enumeration value="md5-hex"/>
<xs:enumeration value="md5-base64"/>
<xs:enumeration value="md4-hex"/>
<xs:enumeration value="md4-base64"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
<xs:attribute name="data-source" use="required" type="xs:string"> <xs:attribute name="data-source" use="required" type="xs:string">
<xs:annotation> <xs:annotation>
<xs:documentation>The bean ID of the DataSource which provides the required tables.</xs:documentation> <xs:documentation>The bean ID of the DataSource which provides the required tables.</xs:documentation>
</xs:annotation> </xs:annotation>
</xs:attribute> </xs:attribute>
</xs:attributeGroup> </xs:attributeGroup>
<xs:element name="custom-user-service">
<xs:annotation>
<xs:documentation>Represents a UserDetailsService implementation that has been provided by you. Registration here will automate the creation of a DaoAuthenticationProvider that delegates to your UserDetailsService implementation.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:attributeGroup ref="security:custom-user-service.attlist"/>
</xs:complexType>
</xs:element>
<xs:attributeGroup name="custom-user-service.attlist">
<xs:attribute name="hash">
<xs:annotation>
<xs:documentation>Defines the type of hashing used on user passwords. If unspecified, "plaintext" is nominated, which indicates that the passwords are not hashed. We recommend strongly against using MD4, as it is a very weak hashing algorithm.</xs:documentation>
</xs:annotation>
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value="plaintext"/>
<xs:enumeration value="sha-hex"/>
<xs:enumeration value="sha-base64"/>
<xs:enumeration value="md5-hex"/>
<xs:enumeration value="md5-base64"/>
<xs:enumeration value="md4-hex"/>
<xs:enumeration value="md4-base64"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
<xs:attribute name="ref" use="required" type="xs:string">
<xs:annotation>
<xs:documentation>The bean ID of your custom UserDetailsService implementation.</xs:documentation>
</xs:annotation>
</xs:attribute>
</xs:attributeGroup>
</xs:schema> </xs:schema>

View File

@ -1,39 +0,0 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.config;
import org.springframework.dao.DataAccessException;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.userdetails.User;
import org.springframework.security.userdetails.UserDetails;
import org.springframework.security.userdetails.UserDetailsService;
import org.springframework.security.userdetails.UsernameNotFoundException;
/**
* @author Ben Alex
* @version $Id: DataSourcePopulator.java 2291 2007-12-03 02:56:52Z benalex $
*/
public class CustomUserDetailsService implements UserDetailsService {
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
if ("rod".equals(username)) {
return new User("rod", "koala", true, true, true, true, new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_FOO")});
}
throw new UsernameNotFoundException("unsupported by stub");
}
}

View File

@ -1,48 +0,0 @@
package org.springframework.security.config;
import static org.junit.Assert.assertTrue;
import java.util.List;
import org.junit.AfterClass;
import org.junit.BeforeClass;
import org.junit.Test;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import org.springframework.security.providers.ProviderManager;
import org.springframework.security.providers.dao.DaoAuthenticationProvider;
/**
* @author Ben Alex
* @version $Id$
*/
public class CustomUserDetailsTests {
private static ClassPathXmlApplicationContext appContext;
@BeforeClass
public static void loadContext() {
appContext = new ClassPathXmlApplicationContext("org/springframework/security/config/custom-user-details.xml");
}
@AfterClass
public static void closeAppContext() {
if (appContext != null) {
appContext.close();
}
}
@Test
public void testUsersFound() {
CustomUserDetailsService mgr = (CustomUserDetailsService) appContext.getBean("myDetails");
assertTrue(mgr.loadUserByUsername("rod") != null);
}
@Test
public void testProviderManagerSetup() {
ProviderManager manager = (ProviderManager) appContext.getBean(BeanIds.AUTHENTICATION_MANAGER);
List providers = manager.getProviders();
assertTrue(providers.size() == 1);
assertTrue(providers.iterator().next() instanceof DaoAuthenticationProvider);
DaoAuthenticationProvider provider = (DaoAuthenticationProvider) providers.iterator().next();
assertTrue(provider.getUserDetailsService() instanceof CustomUserDetailsService);
}
}

View File

@ -13,6 +13,7 @@ import org.springframework.security.ui.webapp.DefaultLoginPageGeneratingFilter;
import org.springframework.security.util.FilterChainProxy; import org.springframework.security.util.FilterChainProxy;
import org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter; import org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter;
import org.springframework.context.support.ClassPathXmlApplicationContext; import org.springframework.context.support.ClassPathXmlApplicationContext;
import org.springframework.beans.BeansException;
import org.junit.AfterClass; import org.junit.AfterClass;
import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertEquals;
@ -32,7 +33,11 @@ public class HttpSecurityBeanDefinitionParserTests {
@BeforeClass @BeforeClass
public static void loadContext() { public static void loadContext() {
try {
appContext = new ClassPathXmlApplicationContext("org/springframework/security/config/http-security.xml"); appContext = new ClassPathXmlApplicationContext("org/springframework/security/config/http-security.xml");
} catch (BeansException e) {
e.printStackTrace();
}
} }
@AfterClass @AfterClass

View File

@ -14,9 +14,10 @@ import org.springframework.security.userdetails.jdbc.JdbcUserDetailsManager;
/** /**
* @author Ben Alex * @author Ben Alex
* @author Luke Taylor
* @version $Id$ * @version $Id$
*/ */
public class JdbcUserDetailsTests { public class JdbcUserServiceBeanDefinitionParserTests {
private static ClassPathXmlApplicationContext appContext; private static ClassPathXmlApplicationContext appContext;
@BeforeClass @BeforeClass
@ -32,18 +33,13 @@ public class JdbcUserDetailsTests {
} }
@Test @Test
public void testUsersFound() { public void validUsernameIsFound() {
JdbcUserDetailsManager mgr = (JdbcUserDetailsManager) appContext.getBean(BeanIds.JDBC_USER_DETAILS_MANAGER); JdbcUserDetailsManager mgr = (JdbcUserDetailsManager) appContext.getBean(BeanIds.USER_DETAILS_SERVICE);
assertTrue(mgr.loadUserByUsername("rod") != null); assertTrue(mgr.loadUserByUsername("rod") != null);
} }
@Test @Test
public void testProviderManagerSetup() { public void beanIdIsParsedCorrectly() {
ProviderManager manager = (ProviderManager) appContext.getBean(BeanIds.AUTHENTICATION_MANAGER); JdbcUserDetailsManager mgr = (JdbcUserDetailsManager) appContext.getBean("customUserService");
List providers = manager.getProviders();
assertTrue(providers.size() == 1);
assertTrue(providers.iterator().next() instanceof DaoAuthenticationProvider);
DaoAuthenticationProvider provider = (DaoAuthenticationProvider) providers.iterator().next();
assertTrue(provider.getUserDetailsService() instanceof JdbcUserDetailsManager);
} }
} }

View File

@ -8,11 +8,13 @@ import org.springframework.security.userdetails.ldap.LdapUserDetailsImpl;
import org.springframework.context.support.ClassPathXmlApplicationContext; import org.springframework.context.support.ClassPathXmlApplicationContext;
import org.springframework.ldap.core.LdapTemplate; import org.springframework.ldap.core.LdapTemplate;
import org.springframework.ldap.core.support.BaseLdapPathContextSource; import org.springframework.ldap.core.support.BaseLdapPathContextSource;
import org.springframework.beans.BeansException;
import org.junit.AfterClass; import org.junit.AfterClass;
import static org.junit.Assert.*; import static org.junit.Assert.*;
import org.junit.BeforeClass; import org.junit.BeforeClass;
import org.junit.Test; import org.junit.Test;
import org.junit.Assert;
/** /**
@ -24,7 +26,13 @@ public class LdapBeanDefinitionParserTests {
@BeforeClass @BeforeClass
public static void loadContext() { public static void loadContext() {
try {
appContext = new ClassPathXmlApplicationContext("org/springframework/security/config/ldap-embedded-default.xml"); appContext = new ClassPathXmlApplicationContext("org/springframework/security/config/ldap-embedded-default.xml");
} catch (BeansException e) {
e.printStackTrace();
Assert.fail("Exception loading context " + e);
}
} }
@AfterClass @AfterClass

View File

@ -1,15 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
<beans:bean id="myDetails" class="org.springframework.security.config.CustomUserDetailsService"/>
<repository>
<custom-user-service ref="myDetails"/>
</repository>
</beans:beans>

View File

@ -25,12 +25,12 @@ http://www.springframework.org/schema/security http://www.springframework.org/sc
<remember-me key="doesntmatter" token-repository="tokenRepo"/> <remember-me key="doesntmatter" token-repository="tokenRepo"/>
</http> </http>
<repository> <authentication-provider>
<user-service> <user-service>
<user name="bob" password="bobspassword" authorities="ROLE_A,ROLE_B" /> <user name="bob" password="bobspassword" authorities="ROLE_A,ROLE_B" />
<user name="bill" password="billspassword" authorities="ROLE_A,ROLE_B,AUTH_OTHER" /> <user name="bill" password="billspassword" authorities="ROLE_A,ROLE_B,AUTH_OTHER" />
</user-service> </user-service>
</repository> </authentication-provider>
<beans:bean name="tokenRepo" class="org.springframework.security.ui.rememberme.InMemoryTokenRepositoryImpl"/> <beans:bean name="tokenRepo" class="org.springframework.security.ui.rememberme.InMemoryTokenRepositoryImpl"/>

View File

@ -17,8 +17,8 @@ http://www.springframework.org/schema/security http://www.springframework.org/sc
<beans:property name="password" value=""/> <beans:property name="password" value=""/>
</beans:bean> </beans:bean>
<repository>
<jdbc-user-service data-source="dataSource"/> <jdbc-user-service data-source="dataSource"/>
</repository>
<jdbc-user-service id="customUserService" data-source="dataSource"/>
</beans:beans> </beans:beans>

View File

@ -16,11 +16,11 @@ http://www.springframework.org/schema/security http://www.springframework.org/sc
</intercept-methods> </intercept-methods>
</b:bean> </b:bean>
<repository> <authentication-provider>
<user-service> <user-service>
<user name="bob" password="bobspassword" authorities="ROLE_A,ROLE_B" /> <user name="bob" password="bobspassword" authorities="ROLE_A,ROLE_B" />
<user name="bill" password="billspassword" authorities="ROLE_A,ROLE_B,AUTH_OTHER" /> <user name="bill" password="billspassword" authorities="ROLE_A,ROLE_B,AUTH_OTHER" />
</user-service> </user-service>
</repository> </authentication-provider>
</b:beans> </b:beans>