Reducing use of global bean Ids as part of SEC-1186
This commit is contained in:
Luke Taylor
parent
7622dfe092
commit
d59bdc0cbc
|
|
@ -22,13 +22,13 @@ public abstract class BeanIds {
|
|||
// static final String FILTER_CHAIN_POST_PROCESSOR = "_filterChainProxyPostProcessor";
|
||||
// static final String FILTER_LIST = "_filterChainList";
|
||||
|
||||
public static final String JDBC_USER_DETAILS_MANAGER = "_jdbcUserDetailsManager";
|
||||
// public static final String JDBC_USER_DETAILS_MANAGER = "_jdbcUserDetailsManager";
|
||||
public static final String USER_DETAILS_SERVICE = "_userDetailsService";
|
||||
// public static final String ANONYMOUS_PROCESSING_FILTER = "_anonymousProcessingFilter";
|
||||
public static final String ANONYMOUS_AUTHENTICATION_PROVIDER = "_anonymousAuthenticationProvider";
|
||||
// public static final String BASIC_AUTHENTICATION_FILTER = "_basicAuthenticationFilter";
|
||||
public static final String BASIC_AUTHENTICATION_ENTRY_POINT = "_basicAuthenticationEntryPoint";
|
||||
public static final String SESSION_REGISTRY = "_sessionRegistry";
|
||||
// public static final String SESSION_REGISTRY = "_sessionRegistry";
|
||||
// public static final String CONCURRENT_SESSION_FILTER = "_concurrentSessionFilter";
|
||||
public static final String CONCURRENT_SESSION_CONTROLLER = "_concurrentSessionController";
|
||||
public static final String METHOD_ACCESS_MANAGER = "_defaultMethodAccessManager";
|
||||
|
|
@ -50,13 +50,13 @@ public abstract class BeanIds {
|
|||
// public static final String CHANNEL_PROCESSING_FILTER = "_channelProcessingFilter";
|
||||
public static final String CHANNEL_DECISION_MANAGER = "_channelDecisionManager";
|
||||
// public static final String REMEMBER_ME_FILTER = "_rememberMeFilter";
|
||||
public static final String REMEMBER_ME_SERVICES = "_rememberMeServices";
|
||||
// public static final String REMEMBER_ME_SERVICES = "_rememberMeServices";
|
||||
public static final String REMEMBER_ME_AUTHENTICATION_PROVIDER = "_rememberMeAuthenticationProvider";
|
||||
// public static final String DEFAULT_LOGIN_PAGE_GENERATING_FILTER = "_defaultLoginPageFilter";
|
||||
// public static final String SECURITY_CONTEXT_HOLDER_AWARE_REQUEST_FILTER = "_securityContextHolderAwareRequestFilter";
|
||||
public static final String SESSION_FIXATION_PROTECTION_FILTER = "_sessionFixationProtectionFilter";
|
||||
public static final String METHOD_SECURITY_METADATA_SOURCE_ADVISOR = "_methodSecurityMetadataSourceAdvisor";
|
||||
public static final String PROTECT_POINTCUT_POST_PROCESSOR = "_protectPointcutPostProcessor";
|
||||
// public static final String PROTECT_POINTCUT_POST_PROCESSOR = "_protectPointcutPostProcessor";
|
||||
// public static final String SECURED_METHOD_SECURITY_METADATA_SOURCE = "_securedSecurityMetadataSource";
|
||||
// public static final String JSR_250_METHOD_SECURITY_METADATA_SOURCE = "_jsr250SecurityMetadataSource";
|
||||
public static final String EMBEDDED_APACHE_DS = "_apacheDirectoryServerContainer";
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
package org.springframework.security.config;
|
||||
|
||||
import org.springframework.beans.factory.config.BeanDefinition;
|
||||
import org.springframework.beans.factory.config.RuntimeBeanReference;
|
||||
import org.springframework.beans.factory.parsing.BeanComponentDefinition;
|
||||
import org.springframework.beans.factory.parsing.CompositeComponentDefinition;
|
||||
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
|
||||
|
|
@ -32,23 +31,20 @@ public class ConcurrentSessionsBeanDefinitionParser implements BeanDefinitionPar
|
|||
static final String ATT_SESSION_REGISTRY_ALIAS = "session-registry-alias";
|
||||
static final String ATT_SESSION_REGISTRY_REF = "session-registry-ref";
|
||||
|
||||
public BeanDefinition parse(Element element, ParserContext parserContext) {
|
||||
public BeanDefinition parse(Element element, ParserContext pc) {
|
||||
CompositeComponentDefinition compositeDef =
|
||||
new CompositeComponentDefinition(element.getTagName(), parserContext.extractSource(element));
|
||||
parserContext.pushContainingComponent(compositeDef);
|
||||
new CompositeComponentDefinition(element.getTagName(), pc.extractSource(element));
|
||||
pc.pushContainingComponent(compositeDef);
|
||||
|
||||
BeanDefinitionRegistry beanRegistry = parserContext.getRegistry();
|
||||
BeanDefinitionRegistry beanRegistry = pc.getRegistry();
|
||||
|
||||
String sessionRegistryId = element.getAttribute(ATT_SESSION_REGISTRY_REF);
|
||||
|
||||
if (!StringUtils.hasText(sessionRegistryId)) {
|
||||
// Register an internal SessionRegistryImpl if no external reference supplied.
|
||||
RootBeanDefinition sessionRegistry = new RootBeanDefinition(SessionRegistryImpl.class);
|
||||
beanRegistry.registerBeanDefinition(BeanIds.SESSION_REGISTRY, sessionRegistry);
|
||||
parserContext.registerComponent(new BeanComponentDefinition(sessionRegistry, BeanIds.SESSION_REGISTRY));
|
||||
sessionRegistryId = BeanIds.SESSION_REGISTRY;
|
||||
} else {
|
||||
// Register the default ID as an alias so that things like session fixation filter can access it
|
||||
beanRegistry.registerAlias(sessionRegistryId, BeanIds.SESSION_REGISTRY);
|
||||
sessionRegistryId = pc.getReaderContext().registerWithGeneratedName(sessionRegistry);
|
||||
pc.registerComponent(new BeanComponentDefinition(sessionRegistry, sessionRegistryId));
|
||||
}
|
||||
|
||||
String registryAlias = element.getAttribute(ATT_SESSION_REGISTRY_ALIAS);
|
||||
|
|
@ -58,16 +54,16 @@ public class ConcurrentSessionsBeanDefinitionParser implements BeanDefinitionPar
|
|||
|
||||
BeanDefinitionBuilder filterBuilder =
|
||||
BeanDefinitionBuilder.rootBeanDefinition(ConcurrentSessionFilter.class);
|
||||
filterBuilder.addPropertyValue("sessionRegistry", new RuntimeBeanReference(sessionRegistryId));
|
||||
filterBuilder.addPropertyReference("sessionRegistry", sessionRegistryId);
|
||||
|
||||
Object source = parserContext.extractSource(element);
|
||||
Object source = pc.extractSource(element);
|
||||
filterBuilder.getRawBeanDefinition().setSource(source);
|
||||
filterBuilder.setRole(BeanDefinition.ROLE_INFRASTRUCTURE);
|
||||
|
||||
String expiryUrl = element.getAttribute(ATT_EXPIRY_URL);
|
||||
|
||||
if (StringUtils.hasText(expiryUrl)) {
|
||||
ConfigUtils.validateHttpRedirect(expiryUrl, parserContext, source);
|
||||
ConfigUtils.validateHttpRedirect(expiryUrl, pc, source);
|
||||
filterBuilder.addPropertyValue("expiredUrl", expiryUrl);
|
||||
}
|
||||
|
||||
|
|
@ -75,7 +71,7 @@ public class ConcurrentSessionsBeanDefinitionParser implements BeanDefinitionPar
|
|||
= BeanDefinitionBuilder.rootBeanDefinition(ConcurrentSessionControllerImpl.class);
|
||||
controllerBuilder.getRawBeanDefinition().setSource(source);
|
||||
controllerBuilder.setRole(BeanDefinition.ROLE_INFRASTRUCTURE);
|
||||
controllerBuilder.addPropertyValue("sessionRegistry", new RuntimeBeanReference(sessionRegistryId));
|
||||
controllerBuilder.addPropertyReference("sessionRegistry", sessionRegistryId);
|
||||
|
||||
String maxSessions = element.getAttribute(ATT_MAX_SESSIONS);
|
||||
|
||||
|
|
@ -92,10 +88,10 @@ public class ConcurrentSessionsBeanDefinitionParser implements BeanDefinitionPar
|
|||
BeanDefinition controller = controllerBuilder.getBeanDefinition();
|
||||
|
||||
beanRegistry.registerBeanDefinition(BeanIds.CONCURRENT_SESSION_CONTROLLER, controller);
|
||||
parserContext.registerComponent(new BeanComponentDefinition(controller, BeanIds.CONCURRENT_SESSION_CONTROLLER));
|
||||
ConfigUtils.setSessionControllerOnAuthenticationManager(parserContext, BeanIds.CONCURRENT_SESSION_CONTROLLER, element);
|
||||
pc.registerComponent(new BeanComponentDefinition(controller, BeanIds.CONCURRENT_SESSION_CONTROLLER));
|
||||
ConfigUtils.setSessionControllerOnAuthenticationManager(pc, BeanIds.CONCURRENT_SESSION_CONTROLLER, element);
|
||||
|
||||
parserContext.popAndRegisterContainingComponent();
|
||||
pc.popAndRegisterContainingComponent();
|
||||
|
||||
return filterBuilder.getBeanDefinition();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -59,17 +59,6 @@ public class FormLoginBeanDefinitionParser {
|
|||
|
||||
Object source = null;
|
||||
|
||||
// final Boolean sessionFixationProtectionEnabled =
|
||||
// new Boolean(pc.getRegistry().containsBeanDefinition(BeanIds.SESSION_FIXATION_PROTECTION_FILTER));
|
||||
// Boolean migrateSessionAttributes = Boolean.FALSE;
|
||||
//
|
||||
// if (sessionFixationProtectionEnabled.booleanValue()) {
|
||||
// PropertyValue pv =
|
||||
// pc.getRegistry().getBeanDefinition(BeanIds.SESSION_FIXATION_PROTECTION_FILTER)
|
||||
// .getPropertyValues().getPropertyValue("migrateSessionAttributes");
|
||||
// migrateSessionAttributes = (Boolean)pv.getValue();
|
||||
// }
|
||||
|
||||
if (elt != null) {
|
||||
source = pc.extractSource(elt);
|
||||
loginUrl = elt.getAttribute(ATT_LOGIN_URL);
|
||||
|
|
@ -101,21 +90,6 @@ public class FormLoginBeanDefinitionParser {
|
|||
filterBean.getPropertyValues().addPropertyValue("invalidateSessionOnSuccessfulAuthentication", Boolean.TRUE);
|
||||
}
|
||||
|
||||
// filterBean.getPropertyValues().addPropertyValue("invalidateSessionOnSuccessfulAuthentication",
|
||||
// sessionFixationProtectionEnabled);
|
||||
// filterBean.getPropertyValues().addPropertyValue("migrateInvalidatedSessionAttributes",
|
||||
// migrateSessionAttributes);
|
||||
|
||||
if (pc.getRegistry().containsBeanDefinition(BeanIds.REMEMBER_ME_SERVICES)) {
|
||||
filterBean.getPropertyValues().addPropertyValue("rememberMeServices",
|
||||
new RuntimeBeanReference(BeanIds.REMEMBER_ME_SERVICES) );
|
||||
}
|
||||
|
||||
if (pc.getRegistry().isBeanNameInUse(BeanIds.SESSION_REGISTRY)) {
|
||||
filterBean.getPropertyValues().addPropertyValue("sessionRegistry",
|
||||
new RuntimeBeanReference(BeanIds.SESSION_REGISTRY));
|
||||
}
|
||||
|
||||
BeanDefinitionBuilder entryPointBuilder =
|
||||
BeanDefinitionBuilder.rootBeanDefinition(LoginUrlAuthenticationEntryPoint.class);
|
||||
entryPointBuilder.getRawBeanDefinition().setSource(source);
|
||||
|
|
|
|||
|
|
@ -229,7 +229,7 @@ class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionParser {
|
|||
ppbp.setSource(source);
|
||||
ppbp.getConstructorArgumentValues().addGenericArgumentValue(mapBasedMethodSecurityMetadataSource);
|
||||
ppbp.getPropertyValues().addPropertyValue("pointcutMap", pointcutMap);
|
||||
parserContext.getRegistry().registerBeanDefinition(BeanIds.PROTECT_POINTCUT_POST_PROCESSOR, ppbp);
|
||||
parserContext.getReaderContext().registerWithGeneratedName(ppbp);
|
||||
}
|
||||
|
||||
private Map<String, List<ConfigAttribute>> parseProtectPointcuts(ParserContext parserContext, List<Element> protectPointcutElts) {
|
||||
|
|
|
|||
|
|
@ -16,6 +16,7 @@ import org.springframework.beans.BeanMetadataElement;
|
|||
import org.springframework.beans.PropertyValue;
|
||||
import org.springframework.beans.PropertyValues;
|
||||
import org.springframework.beans.factory.config.BeanDefinition;
|
||||
import org.springframework.beans.factory.config.BeanReference;
|
||||
import org.springframework.beans.factory.config.RuntimeBeanReference;
|
||||
import org.springframework.beans.factory.parsing.BeanComponentDefinition;
|
||||
import org.springframework.beans.factory.parsing.CompositeComponentDefinition;
|
||||
|
|
@ -168,15 +169,16 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
|
|||
filterChainMap, channelRequestMap, convertPathsToLowerCase, pc);
|
||||
|
||||
BeanDefinition cpf = null;
|
||||
BeanReference sessionRegistryRef = null;
|
||||
BeanDefinition concurrentSessionFilter = createConcurrentSessionFilterAndRelatedBeansIfRequired(element, pc);
|
||||
boolean sessionControlEnabled = concurrentSessionFilter != null;
|
||||
|
||||
BeanDefinition scpf = createSecurityContextPersistenceFilter(element, pc);
|
||||
|
||||
if (sessionControlEnabled) {
|
||||
if (concurrentSessionFilter != null) {
|
||||
sessionRegistryRef = (BeanReference)
|
||||
concurrentSessionFilter.getPropertyValues().getPropertyValue("sessionRegistry").getValue();
|
||||
logger.info("Concurrent session filter in use, setting 'forceEagerSessionCreation' to true");
|
||||
scpf.getPropertyValues().addPropertyValue("forceEagerSessionCreation", Boolean.TRUE);
|
||||
|
||||
}
|
||||
|
||||
BeanDefinition servApiFilter = createServletApiFilter(element, pc);
|
||||
|
|
@ -188,7 +190,7 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
|
|||
|
||||
BeanDefinition etf = createExceptionTranslationFilter(element, pc, allowSessionCreation);
|
||||
RootBeanDefinition sfpf = createSessionFixationProtectionFilter(pc, element.getAttribute(ATT_SESSION_FIXATION_PROTECTION),
|
||||
sessionControlEnabled);
|
||||
sessionRegistryRef);
|
||||
BeanDefinition fsi = createFilterSecurityInterceptor(element, pc, matcher, convertPathsToLowerCase);
|
||||
|
||||
String portMapperName = pc.getReaderContext().registerWithGeneratedName(portMapper);
|
||||
|
|
@ -200,7 +202,6 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
|
|||
if (sfpf != null) {
|
||||
// Used by SessionRegistrynjectionPP
|
||||
pc.getRegistry().registerBeanDefinition(BeanIds.SESSION_FIXATION_PROTECTION_FILTER, sfpf);
|
||||
// ConfigUtils.addHttpFilter(pc, new RuntimeBeanReference(BeanIds.SESSION_FIXATION_PROTECTION_FILTER));
|
||||
}
|
||||
|
||||
final FilterAndEntryPoint basic = createBasicFilter(element, pc, autoConfig);
|
||||
|
|
@ -209,14 +210,7 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
|
|||
|
||||
String rememberMeServicesId = null;
|
||||
if (rememberMeFilter != null) {
|
||||
//pc.getRegistry().registerBeanDefinition(BeanIds.REMEMBER_ME_FILTER, rememberMeFilter);
|
||||
rememberMeServicesId = ((RuntimeBeanReference) rememberMeFilter.getPropertyValues().getPropertyValue("rememberMeServices").getValue()).getBeanName();
|
||||
//ConfigUtils.addHttpFilter(pc, new RuntimeBeanReference(BeanIds.REMEMBER_ME_FILTER));
|
||||
// Post processor to inject RememberMeServices into filters which need it
|
||||
|
||||
RootBeanDefinition rememberMeInjectionPostProcessor = new RootBeanDefinition(RememberMeServicesInjectionBeanPostProcessor.class);
|
||||
rememberMeInjectionPostProcessor.setRole(BeanDefinition.ROLE_INFRASTRUCTURE);
|
||||
pc.getReaderContext().registerWithGeneratedName(rememberMeInjectionPostProcessor);
|
||||
}
|
||||
|
||||
final BeanDefinition logoutFilter = createLogoutFilter(element, autoConfig, pc, rememberMeServicesId);
|
||||
|
|
@ -227,18 +221,16 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
|
|||
// Required by login page filter
|
||||
pc.getRegistry().registerBeanDefinition(BeanIds.FORM_LOGIN_FILTER, form.filter);
|
||||
pc.registerBeanComponent(new BeanComponentDefinition(form.filter, BeanIds.FORM_LOGIN_FILTER));
|
||||
if (rememberMeServicesId != null) {
|
||||
form.filter.getPropertyValues().addPropertyValue("rememberMeServices", new RuntimeBeanReference(rememberMeServicesId));
|
||||
}
|
||||
injectRememberMeServicesRef(form.filter, rememberMeServicesId);
|
||||
injectSessionRegistryRef(form.filter, sessionRegistryRef);
|
||||
}
|
||||
|
||||
if (openID.filter != null) {
|
||||
// Required by login page filter
|
||||
pc.getRegistry().registerBeanDefinition(BeanIds.OPEN_ID_FILTER, openID.filter);
|
||||
pc.registerBeanComponent(new BeanComponentDefinition(openID.filter, BeanIds.OPEN_ID_FILTER));
|
||||
if (rememberMeServicesId != null) {
|
||||
openID.filter.getPropertyValues().addPropertyValue("rememberMeServices", new RuntimeBeanReference(rememberMeServicesId));
|
||||
}
|
||||
injectRememberMeServicesRef(openID.filter, rememberMeServicesId);
|
||||
injectSessionRegistryRef(openID.filter, sessionRegistryRef);
|
||||
}
|
||||
|
||||
FilterAndEntryPoint x509 = createX509Filter(element, pc);
|
||||
|
|
@ -320,14 +312,29 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
|
|||
|
||||
registerFilterChainProxy(pc, filterChainMap, matcher, source);
|
||||
|
||||
RootBeanDefinition postProcessor2 = new RootBeanDefinition(UserDetailsServiceInjectionBeanPostProcessor.class);
|
||||
postProcessor2.setRole(BeanDefinition.ROLE_INFRASTRUCTURE);
|
||||
pc.getReaderContext().registerWithGeneratedName(postProcessor2);
|
||||
BeanDefinitionBuilder userServiceInjector = BeanDefinitionBuilder.rootBeanDefinition(UserDetailsServiceInjectionBeanPostProcessor.class);
|
||||
userServiceInjector.addConstructorArgValue(BeanIds.X509_AUTH_PROVIDER);
|
||||
userServiceInjector.addConstructorArgValue(rememberMeServicesId);
|
||||
userServiceInjector.addConstructorArgValue(rememberMeServicesId);
|
||||
userServiceInjector.setRole(BeanDefinition.ROLE_INFRASTRUCTURE);
|
||||
pc.getReaderContext().registerWithGeneratedName(userServiceInjector.getBeanDefinition());
|
||||
|
||||
pc.popAndRegisterContainingComponent();
|
||||
return null;
|
||||
}
|
||||
|
||||
private void injectRememberMeServicesRef(RootBeanDefinition bean, String rememberMeServicesId) {
|
||||
if (rememberMeServicesId != null) {
|
||||
bean.getPropertyValues().addPropertyValue("rememberMeServices", new RuntimeBeanReference(rememberMeServicesId));
|
||||
}
|
||||
}
|
||||
|
||||
private void injectSessionRegistryRef(RootBeanDefinition bean, BeanReference sessionRegistryRef){
|
||||
if (sessionRegistryRef != null) {
|
||||
bean.getPropertyValues().addPropertyValue("sessionRegistry", sessionRegistryRef);
|
||||
}
|
||||
}
|
||||
|
||||
private void checkFilterChainOrder(List<OrderDecorator> filters, ParserContext pc, Object source) {
|
||||
logger.info("Checking sorted filter chain: " + filters);
|
||||
|
||||
|
|
@ -371,7 +378,6 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
|
|||
final String ATT_POSITION = "position";
|
||||
final String REF = "ref";
|
||||
|
||||
|
||||
for (Element elt: customFilterElts) {
|
||||
String after = elt.getAttribute(ATT_AFTER);
|
||||
String before = elt.getAttribute(ATT_BEFORE);
|
||||
|
|
@ -732,7 +738,8 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
|
|||
return channelFilter;
|
||||
}
|
||||
|
||||
private RootBeanDefinition createSessionFixationProtectionFilter(ParserContext pc, String sessionFixationAttribute, boolean sessionControlEnabled) {
|
||||
private RootBeanDefinition createSessionFixationProtectionFilter(ParserContext pc, String sessionFixationAttribute,
|
||||
BeanReference sessionRegistryRef) {
|
||||
if(!StringUtils.hasText(sessionFixationAttribute)) {
|
||||
sessionFixationAttribute = OPT_SESSION_FIXATION_MIGRATE_SESSION;
|
||||
}
|
||||
|
|
@ -742,8 +749,8 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
|
|||
BeanDefinitionBuilder.rootBeanDefinition(SessionFixationProtectionFilter.class);
|
||||
sessionFixationFilter.addPropertyValue("migrateSessionAttributes",
|
||||
Boolean.valueOf(sessionFixationAttribute.equals(OPT_SESSION_FIXATION_MIGRATE_SESSION)));
|
||||
if (sessionControlEnabled) {
|
||||
sessionFixationFilter.addPropertyReference("sessionRegistry", BeanIds.SESSION_REGISTRY);
|
||||
if (sessionRegistryRef != null) {
|
||||
sessionFixationFilter.addPropertyValue("sessionRegistry", sessionRegistryRef);
|
||||
}
|
||||
return (RootBeanDefinition) sessionFixationFilter.getBeanDefinition();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,67 +0,0 @@
|
|||
package org.springframework.security.config;
|
||||
|
||||
import java.util.Map;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.springframework.beans.BeansException;
|
||||
import org.springframework.beans.factory.BeanFactory;
|
||||
import org.springframework.beans.factory.BeanFactoryAware;
|
||||
import org.springframework.beans.factory.ListableBeanFactory;
|
||||
import org.springframework.beans.factory.config.BeanPostProcessor;
|
||||
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
|
||||
import org.springframework.security.web.authentication.RememberMeServices;
|
||||
import org.springframework.security.web.authentication.www.BasicProcessingFilter;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Luke Taylor
|
||||
* @version $Id$
|
||||
* @since 2.0
|
||||
*/
|
||||
public class RememberMeServicesInjectionBeanPostProcessor implements BeanPostProcessor, BeanFactoryAware {
|
||||
private Log logger = LogFactory.getLog(getClass());
|
||||
|
||||
private ListableBeanFactory beanFactory;
|
||||
|
||||
public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException {
|
||||
// if (bean instanceof AbstractAuthenticationProcessingFilter) {
|
||||
// AbstractAuthenticationProcessingFilter pf = (AbstractAuthenticationProcessingFilter) bean;
|
||||
//
|
||||
// if (pf.getRememberMeServices() == null) {
|
||||
// logger.info("Setting RememberMeServices on bean " + beanName);
|
||||
// pf.setRememberMeServices(getRememberMeServices());
|
||||
// }
|
||||
// } else if (BeanIds.BASIC_AUTHENTICATION_FILTER.equals(beanName)) {
|
||||
// // NB: For remember-me to be sent back, a user must submit a "_spring_security_remember_me" with their login request.
|
||||
// // Most of the time a user won't present such a parameter with their BASIC authentication request.
|
||||
// // In the future we might support setting the AbstractRememberMeServices.alwaysRemember = true, but I am reluctant to
|
||||
// // do so because it seems likely to lead to lower security for 99.99% of users if they set the property to true.
|
||||
//
|
||||
// BasicProcessingFilter bf = (BasicProcessingFilter) bean;
|
||||
// logger.info("Setting RememberMeServices on bean " + beanName);
|
||||
// bf.setRememberMeServices(getRememberMeServices());
|
||||
// }
|
||||
|
||||
return bean;
|
||||
}
|
||||
|
||||
private RememberMeServices getRememberMeServices() {
|
||||
Map<?,?> beans = beanFactory.getBeansOfType(RememberMeServices.class);
|
||||
|
||||
Assert.isTrue(beans.size() > 0, "No RememberMeServices configured");
|
||||
Assert.isTrue(beans.size() == 1, "Use of '<remember-me />' requires a single instance of RememberMeServices " +
|
||||
"in the application context, but more than one was found.");
|
||||
|
||||
return (RememberMeServices) beans.values().toArray()[0];
|
||||
}
|
||||
|
||||
public Object postProcessAfterInitialization(Object bean, String beanName) throws BeansException {
|
||||
return bean;
|
||||
}
|
||||
|
||||
public void setBeanFactory(BeanFactory beanFactory) throws BeansException {
|
||||
this.beanFactory = (ListableBeanFactory) beanFactory;
|
||||
}
|
||||
}
|
||||
|
|
@ -28,13 +28,26 @@ import org.springframework.util.Assert;
|
|||
*/
|
||||
public class UserDetailsServiceInjectionBeanPostProcessor implements BeanPostProcessor, BeanFactoryAware {
|
||||
private ConfigurableListableBeanFactory beanFactory;
|
||||
private final String x509ProviderId;
|
||||
private final String rememberMeServicesId;
|
||||
private final String openIDProviderId;
|
||||
|
||||
public UserDetailsServiceInjectionBeanPostProcessor(String x509ProviderId, String rememberMeServicesId,
|
||||
String openIDProviderId) {
|
||||
this.x509ProviderId = x509ProviderId;
|
||||
this.rememberMeServicesId = rememberMeServicesId;
|
||||
this.openIDProviderId = openIDProviderId;
|
||||
}
|
||||
|
||||
public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException {
|
||||
if (BeanIds.X509_AUTH_PROVIDER.equals(beanName)) {
|
||||
if(beanName == null) {
|
||||
return bean;
|
||||
}
|
||||
if (beanName.equals(x509ProviderId)) {
|
||||
injectUserDetailsServiceIntoX509Provider((PreAuthenticatedAuthenticationProvider) bean);
|
||||
} else if (BeanIds.REMEMBER_ME_SERVICES.equals(beanName)) {
|
||||
} else if (beanName.equals(rememberMeServicesId)) {
|
||||
injectUserDetailsServiceIntoRememberMeServices((AbstractRememberMeServices)bean);
|
||||
} else if (BeanIds.OPEN_ID_PROVIDER.equals(beanName)) {
|
||||
} else if (beanName.equals(openIDProviderId)) {
|
||||
injectUserDetailsServiceIntoOpenIDProvider(bean);
|
||||
}
|
||||
|
||||
|
|
@ -46,7 +59,7 @@ public class UserDetailsServiceInjectionBeanPostProcessor implements BeanPostPro
|
|||
}
|
||||
|
||||
private void injectUserDetailsServiceIntoRememberMeServices(AbstractRememberMeServices services) {
|
||||
BeanDefinition beanDefinition = beanFactory.getBeanDefinition(BeanIds.REMEMBER_ME_SERVICES);
|
||||
BeanDefinition beanDefinition = beanFactory.getBeanDefinition(rememberMeServicesId);
|
||||
PropertyValue pv = beanDefinition.getPropertyValues().getPropertyValue("userDetailsService");
|
||||
|
||||
if (pv == null) {
|
||||
|
|
@ -61,7 +74,7 @@ public class UserDetailsServiceInjectionBeanPostProcessor implements BeanPostPro
|
|||
}
|
||||
|
||||
private void injectUserDetailsServiceIntoX509Provider(PreAuthenticatedAuthenticationProvider provider) {
|
||||
BeanDefinition beanDefinition = beanFactory.getBeanDefinition(BeanIds.X509_AUTH_PROVIDER);
|
||||
BeanDefinition beanDefinition = beanFactory.getBeanDefinition(x509ProviderId);
|
||||
PropertyValue pv = beanDefinition.getPropertyValues().getPropertyValue("preAuthenticatedUserDetailsService");
|
||||
UserDetailsByNameServiceWrapper wrapper = new UserDetailsByNameServiceWrapper();
|
||||
|
||||
|
|
@ -83,7 +96,7 @@ public class UserDetailsServiceInjectionBeanPostProcessor implements BeanPostPro
|
|||
}
|
||||
|
||||
private void injectUserDetailsServiceIntoOpenIDProvider(Object bean) {
|
||||
BeanDefinition beanDefinition = beanFactory.getBeanDefinition(BeanIds.OPEN_ID_PROVIDER);
|
||||
BeanDefinition beanDefinition = beanFactory.getBeanDefinition(openIDProviderId);
|
||||
PropertyValue pv = beanDefinition.getPropertyValues().getPropertyValue("userDetailsService");
|
||||
|
||||
if (pv == null) {
|
||||
|
|
|
|||
|
|
@ -54,7 +54,7 @@ public class X509BeanDefinitionParser implements BeanDefinitionParser {
|
|||
provider.getPropertyValues().addPropertyValue("preAuthenticatedUserDetailsService", preAuthUserService);
|
||||
}
|
||||
|
||||
filterBuilder.addPropertyValue("authenticationManager", new RuntimeBeanReference(BeanIds.AUTHENTICATION_MANAGER));
|
||||
filterBuilder.addPropertyReference("authenticationManager", BeanIds.AUTHENTICATION_MANAGER);
|
||||
|
||||
return (RootBeanDefinition) filterBuilder.getBeanDefinition();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -363,7 +363,7 @@ public class HttpSecurityBeanDefinitionParserTests {
|
|||
}
|
||||
|
||||
private PortMapperImpl getPortMapper() {
|
||||
Map<String,PortMapperImpl> beans = appContext.getBeansOfType(PortMapperImpl.class);
|
||||
Map<String,PortMapperImpl> beans = appContext.getBeansOfType(PortMapperImpl.class);
|
||||
return new ArrayList<PortMapperImpl>(beans.values()).get(0);
|
||||
}
|
||||
|
||||
|
|
@ -456,20 +456,20 @@ public class HttpSecurityBeanDefinitionParserTests {
|
|||
}
|
||||
|
||||
@Test
|
||||
public void rememberMeServiceWorksWithTokenRepoRef() {
|
||||
public void rememberMeServiceWorksWithTokenRepoRef() throws Exception {
|
||||
setContext(
|
||||
"<http auto-config='true'>" +
|
||||
" <remember-me token-repository-ref='tokenRepo'/>" +
|
||||
"</http>" +
|
||||
"<b:bean id='tokenRepo' " +
|
||||
"class='" + InMemoryTokenRepositoryImpl.class.getName() + "'/> " + AUTH_PROVIDER_XML);
|
||||
Object rememberMeServices = appContext.getBean(BeanIds.REMEMBER_ME_SERVICES);
|
||||
RememberMeServices rememberMeServices = getRememberMeServices();
|
||||
|
||||
assertTrue(rememberMeServices instanceof PersistentTokenBasedRememberMeServices);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void rememberMeServiceWorksWithDataSourceRef() {
|
||||
public void rememberMeServiceWorksWithDataSourceRef() throws Exception {
|
||||
setContext(
|
||||
"<http auto-config='true'>" +
|
||||
" <remember-me data-source-ref='ds'/>" +
|
||||
|
|
@ -477,7 +477,7 @@ public class HttpSecurityBeanDefinitionParserTests {
|
|||
"<b:bean id='ds' class='org.springframework.security.TestDataSource'> " +
|
||||
" <b:constructor-arg value='tokendb'/>" +
|
||||
"</b:bean>" + AUTH_PROVIDER_XML);
|
||||
Object rememberMeServices = appContext.getBean(BeanIds.REMEMBER_ME_SERVICES);
|
||||
RememberMeServices rememberMeServices = getRememberMeServices();
|
||||
|
||||
assertTrue(rememberMeServices instanceof PersistentTokenBasedRememberMeServices);
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue