From d59bdc0cbc77b117d4db8da680382b0ed571646a Mon Sep 17 00:00:00 2001 From: Luke Taylor Date: Wed, 8 Jul 2009 23:54:26 +0000 Subject: [PATCH] Reducing use of global bean Ids as part of SEC-1186 --- .../security/config/BeanIds.java | 8 +-- ...oncurrentSessionsBeanDefinitionParser.java | 32 ++++----- .../config/FormLoginBeanDefinitionParser.java | 26 ------- ...balMethodSecurityBeanDefinitionParser.java | 2 +- .../HttpSecurityBeanDefinitionParser.java | 57 +++++++++------- ...rMeServicesInjectionBeanPostProcessor.java | 67 ------------------- ...ailsServiceInjectionBeanPostProcessor.java | 25 +++++-- .../config/X509BeanDefinitionParser.java | 2 +- ...HttpSecurityBeanDefinitionParserTests.java | 10 +-- 9 files changed, 76 insertions(+), 153 deletions(-) delete mode 100644 config/src/main/java/org/springframework/security/config/RememberMeServicesInjectionBeanPostProcessor.java diff --git a/config/src/main/java/org/springframework/security/config/BeanIds.java b/config/src/main/java/org/springframework/security/config/BeanIds.java index 1d580d5a8c..b669bde2ad 100644 --- a/config/src/main/java/org/springframework/security/config/BeanIds.java +++ b/config/src/main/java/org/springframework/security/config/BeanIds.java @@ -22,13 +22,13 @@ public abstract class BeanIds { // static final String FILTER_CHAIN_POST_PROCESSOR = "_filterChainProxyPostProcessor"; // static final String FILTER_LIST = "_filterChainList"; - public static final String JDBC_USER_DETAILS_MANAGER = "_jdbcUserDetailsManager"; +// public static final String JDBC_USER_DETAILS_MANAGER = "_jdbcUserDetailsManager"; public static final String USER_DETAILS_SERVICE = "_userDetailsService"; // public static final String ANONYMOUS_PROCESSING_FILTER = "_anonymousProcessingFilter"; public static final String ANONYMOUS_AUTHENTICATION_PROVIDER = "_anonymousAuthenticationProvider"; // public static final String BASIC_AUTHENTICATION_FILTER = "_basicAuthenticationFilter"; public static final String BASIC_AUTHENTICATION_ENTRY_POINT = "_basicAuthenticationEntryPoint"; - public static final String SESSION_REGISTRY = "_sessionRegistry"; +// public static final String SESSION_REGISTRY = "_sessionRegistry"; // public static final String CONCURRENT_SESSION_FILTER = "_concurrentSessionFilter"; public static final String CONCURRENT_SESSION_CONTROLLER = "_concurrentSessionController"; public static final String METHOD_ACCESS_MANAGER = "_defaultMethodAccessManager"; @@ -50,13 +50,13 @@ public abstract class BeanIds { // public static final String CHANNEL_PROCESSING_FILTER = "_channelProcessingFilter"; public static final String CHANNEL_DECISION_MANAGER = "_channelDecisionManager"; // public static final String REMEMBER_ME_FILTER = "_rememberMeFilter"; - public static final String REMEMBER_ME_SERVICES = "_rememberMeServices"; +// public static final String REMEMBER_ME_SERVICES = "_rememberMeServices"; public static final String REMEMBER_ME_AUTHENTICATION_PROVIDER = "_rememberMeAuthenticationProvider"; // public static final String DEFAULT_LOGIN_PAGE_GENERATING_FILTER = "_defaultLoginPageFilter"; // public static final String SECURITY_CONTEXT_HOLDER_AWARE_REQUEST_FILTER = "_securityContextHolderAwareRequestFilter"; public static final String SESSION_FIXATION_PROTECTION_FILTER = "_sessionFixationProtectionFilter"; public static final String METHOD_SECURITY_METADATA_SOURCE_ADVISOR = "_methodSecurityMetadataSourceAdvisor"; - public static final String PROTECT_POINTCUT_POST_PROCESSOR = "_protectPointcutPostProcessor"; +// public static final String PROTECT_POINTCUT_POST_PROCESSOR = "_protectPointcutPostProcessor"; // public static final String SECURED_METHOD_SECURITY_METADATA_SOURCE = "_securedSecurityMetadataSource"; // public static final String JSR_250_METHOD_SECURITY_METADATA_SOURCE = "_jsr250SecurityMetadataSource"; public static final String EMBEDDED_APACHE_DS = "_apacheDirectoryServerContainer"; diff --git a/config/src/main/java/org/springframework/security/config/ConcurrentSessionsBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/ConcurrentSessionsBeanDefinitionParser.java index 99c15db3ae..44680bcafa 100644 --- a/config/src/main/java/org/springframework/security/config/ConcurrentSessionsBeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/ConcurrentSessionsBeanDefinitionParser.java @@ -1,7 +1,6 @@ package org.springframework.security.config; import org.springframework.beans.factory.config.BeanDefinition; -import org.springframework.beans.factory.config.RuntimeBeanReference; import org.springframework.beans.factory.parsing.BeanComponentDefinition; import org.springframework.beans.factory.parsing.CompositeComponentDefinition; import org.springframework.beans.factory.support.BeanDefinitionBuilder; @@ -32,23 +31,20 @@ public class ConcurrentSessionsBeanDefinitionParser implements BeanDefinitionPar static final String ATT_SESSION_REGISTRY_ALIAS = "session-registry-alias"; static final String ATT_SESSION_REGISTRY_REF = "session-registry-ref"; - public BeanDefinition parse(Element element, ParserContext parserContext) { + public BeanDefinition parse(Element element, ParserContext pc) { CompositeComponentDefinition compositeDef = - new CompositeComponentDefinition(element.getTagName(), parserContext.extractSource(element)); - parserContext.pushContainingComponent(compositeDef); + new CompositeComponentDefinition(element.getTagName(), pc.extractSource(element)); + pc.pushContainingComponent(compositeDef); - BeanDefinitionRegistry beanRegistry = parserContext.getRegistry(); + BeanDefinitionRegistry beanRegistry = pc.getRegistry(); String sessionRegistryId = element.getAttribute(ATT_SESSION_REGISTRY_REF); if (!StringUtils.hasText(sessionRegistryId)) { + // Register an internal SessionRegistryImpl if no external reference supplied. RootBeanDefinition sessionRegistry = new RootBeanDefinition(SessionRegistryImpl.class); - beanRegistry.registerBeanDefinition(BeanIds.SESSION_REGISTRY, sessionRegistry); - parserContext.registerComponent(new BeanComponentDefinition(sessionRegistry, BeanIds.SESSION_REGISTRY)); - sessionRegistryId = BeanIds.SESSION_REGISTRY; - } else { - // Register the default ID as an alias so that things like session fixation filter can access it - beanRegistry.registerAlias(sessionRegistryId, BeanIds.SESSION_REGISTRY); + sessionRegistryId = pc.getReaderContext().registerWithGeneratedName(sessionRegistry); + pc.registerComponent(new BeanComponentDefinition(sessionRegistry, sessionRegistryId)); } String registryAlias = element.getAttribute(ATT_SESSION_REGISTRY_ALIAS); @@ -58,16 +54,16 @@ public class ConcurrentSessionsBeanDefinitionParser implements BeanDefinitionPar BeanDefinitionBuilder filterBuilder = BeanDefinitionBuilder.rootBeanDefinition(ConcurrentSessionFilter.class); - filterBuilder.addPropertyValue("sessionRegistry", new RuntimeBeanReference(sessionRegistryId)); + filterBuilder.addPropertyReference("sessionRegistry", sessionRegistryId); - Object source = parserContext.extractSource(element); + Object source = pc.extractSource(element); filterBuilder.getRawBeanDefinition().setSource(source); filterBuilder.setRole(BeanDefinition.ROLE_INFRASTRUCTURE); String expiryUrl = element.getAttribute(ATT_EXPIRY_URL); if (StringUtils.hasText(expiryUrl)) { - ConfigUtils.validateHttpRedirect(expiryUrl, parserContext, source); + ConfigUtils.validateHttpRedirect(expiryUrl, pc, source); filterBuilder.addPropertyValue("expiredUrl", expiryUrl); } @@ -75,7 +71,7 @@ public class ConcurrentSessionsBeanDefinitionParser implements BeanDefinitionPar = BeanDefinitionBuilder.rootBeanDefinition(ConcurrentSessionControllerImpl.class); controllerBuilder.getRawBeanDefinition().setSource(source); controllerBuilder.setRole(BeanDefinition.ROLE_INFRASTRUCTURE); - controllerBuilder.addPropertyValue("sessionRegistry", new RuntimeBeanReference(sessionRegistryId)); + controllerBuilder.addPropertyReference("sessionRegistry", sessionRegistryId); String maxSessions = element.getAttribute(ATT_MAX_SESSIONS); @@ -92,10 +88,10 @@ public class ConcurrentSessionsBeanDefinitionParser implements BeanDefinitionPar BeanDefinition controller = controllerBuilder.getBeanDefinition(); beanRegistry.registerBeanDefinition(BeanIds.CONCURRENT_SESSION_CONTROLLER, controller); - parserContext.registerComponent(new BeanComponentDefinition(controller, BeanIds.CONCURRENT_SESSION_CONTROLLER)); - ConfigUtils.setSessionControllerOnAuthenticationManager(parserContext, BeanIds.CONCURRENT_SESSION_CONTROLLER, element); + pc.registerComponent(new BeanComponentDefinition(controller, BeanIds.CONCURRENT_SESSION_CONTROLLER)); + ConfigUtils.setSessionControllerOnAuthenticationManager(pc, BeanIds.CONCURRENT_SESSION_CONTROLLER, element); - parserContext.popAndRegisterContainingComponent(); + pc.popAndRegisterContainingComponent(); return filterBuilder.getBeanDefinition(); } diff --git a/config/src/main/java/org/springframework/security/config/FormLoginBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/FormLoginBeanDefinitionParser.java index 2184df16dc..c5fa8f70f3 100644 --- a/config/src/main/java/org/springframework/security/config/FormLoginBeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/FormLoginBeanDefinitionParser.java @@ -59,17 +59,6 @@ public class FormLoginBeanDefinitionParser { Object source = null; -// final Boolean sessionFixationProtectionEnabled = -// new Boolean(pc.getRegistry().containsBeanDefinition(BeanIds.SESSION_FIXATION_PROTECTION_FILTER)); -// Boolean migrateSessionAttributes = Boolean.FALSE; -// -// if (sessionFixationProtectionEnabled.booleanValue()) { -// PropertyValue pv = -// pc.getRegistry().getBeanDefinition(BeanIds.SESSION_FIXATION_PROTECTION_FILTER) -// .getPropertyValues().getPropertyValue("migrateSessionAttributes"); -// migrateSessionAttributes = (Boolean)pv.getValue(); -// } - if (elt != null) { source = pc.extractSource(elt); loginUrl = elt.getAttribute(ATT_LOGIN_URL); @@ -101,21 +90,6 @@ public class FormLoginBeanDefinitionParser { filterBean.getPropertyValues().addPropertyValue("invalidateSessionOnSuccessfulAuthentication", Boolean.TRUE); } -// filterBean.getPropertyValues().addPropertyValue("invalidateSessionOnSuccessfulAuthentication", -// sessionFixationProtectionEnabled); -// filterBean.getPropertyValues().addPropertyValue("migrateInvalidatedSessionAttributes", -// migrateSessionAttributes); - - if (pc.getRegistry().containsBeanDefinition(BeanIds.REMEMBER_ME_SERVICES)) { - filterBean.getPropertyValues().addPropertyValue("rememberMeServices", - new RuntimeBeanReference(BeanIds.REMEMBER_ME_SERVICES) ); - } - - if (pc.getRegistry().isBeanNameInUse(BeanIds.SESSION_REGISTRY)) { - filterBean.getPropertyValues().addPropertyValue("sessionRegistry", - new RuntimeBeanReference(BeanIds.SESSION_REGISTRY)); - } - BeanDefinitionBuilder entryPointBuilder = BeanDefinitionBuilder.rootBeanDefinition(LoginUrlAuthenticationEntryPoint.class); entryPointBuilder.getRawBeanDefinition().setSource(source); diff --git a/config/src/main/java/org/springframework/security/config/GlobalMethodSecurityBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/GlobalMethodSecurityBeanDefinitionParser.java index 45faaac04a..82f84375aa 100644 --- a/config/src/main/java/org/springframework/security/config/GlobalMethodSecurityBeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/GlobalMethodSecurityBeanDefinitionParser.java @@ -229,7 +229,7 @@ class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionParser { ppbp.setSource(source); ppbp.getConstructorArgumentValues().addGenericArgumentValue(mapBasedMethodSecurityMetadataSource); ppbp.getPropertyValues().addPropertyValue("pointcutMap", pointcutMap); - parserContext.getRegistry().registerBeanDefinition(BeanIds.PROTECT_POINTCUT_POST_PROCESSOR, ppbp); + parserContext.getReaderContext().registerWithGeneratedName(ppbp); } private Map> parseProtectPointcuts(ParserContext parserContext, List protectPointcutElts) { diff --git a/config/src/main/java/org/springframework/security/config/HttpSecurityBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/HttpSecurityBeanDefinitionParser.java index 356ad7896f..75bd255f71 100644 --- a/config/src/main/java/org/springframework/security/config/HttpSecurityBeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/HttpSecurityBeanDefinitionParser.java @@ -16,6 +16,7 @@ import org.springframework.beans.BeanMetadataElement; import org.springframework.beans.PropertyValue; import org.springframework.beans.PropertyValues; import org.springframework.beans.factory.config.BeanDefinition; +import org.springframework.beans.factory.config.BeanReference; import org.springframework.beans.factory.config.RuntimeBeanReference; import org.springframework.beans.factory.parsing.BeanComponentDefinition; import org.springframework.beans.factory.parsing.CompositeComponentDefinition; @@ -168,15 +169,16 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser { filterChainMap, channelRequestMap, convertPathsToLowerCase, pc); BeanDefinition cpf = null; + BeanReference sessionRegistryRef = null; BeanDefinition concurrentSessionFilter = createConcurrentSessionFilterAndRelatedBeansIfRequired(element, pc); - boolean sessionControlEnabled = concurrentSessionFilter != null; BeanDefinition scpf = createSecurityContextPersistenceFilter(element, pc); - if (sessionControlEnabled) { + if (concurrentSessionFilter != null) { + sessionRegistryRef = (BeanReference) + concurrentSessionFilter.getPropertyValues().getPropertyValue("sessionRegistry").getValue(); logger.info("Concurrent session filter in use, setting 'forceEagerSessionCreation' to true"); scpf.getPropertyValues().addPropertyValue("forceEagerSessionCreation", Boolean.TRUE); - } BeanDefinition servApiFilter = createServletApiFilter(element, pc); @@ -188,7 +190,7 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser { BeanDefinition etf = createExceptionTranslationFilter(element, pc, allowSessionCreation); RootBeanDefinition sfpf = createSessionFixationProtectionFilter(pc, element.getAttribute(ATT_SESSION_FIXATION_PROTECTION), - sessionControlEnabled); + sessionRegistryRef); BeanDefinition fsi = createFilterSecurityInterceptor(element, pc, matcher, convertPathsToLowerCase); String portMapperName = pc.getReaderContext().registerWithGeneratedName(portMapper); @@ -200,7 +202,6 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser { if (sfpf != null) { // Used by SessionRegistrynjectionPP pc.getRegistry().registerBeanDefinition(BeanIds.SESSION_FIXATION_PROTECTION_FILTER, sfpf); -// ConfigUtils.addHttpFilter(pc, new RuntimeBeanReference(BeanIds.SESSION_FIXATION_PROTECTION_FILTER)); } final FilterAndEntryPoint basic = createBasicFilter(element, pc, autoConfig); @@ -209,14 +210,7 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser { String rememberMeServicesId = null; if (rememberMeFilter != null) { - //pc.getRegistry().registerBeanDefinition(BeanIds.REMEMBER_ME_FILTER, rememberMeFilter); rememberMeServicesId = ((RuntimeBeanReference) rememberMeFilter.getPropertyValues().getPropertyValue("rememberMeServices").getValue()).getBeanName(); - //ConfigUtils.addHttpFilter(pc, new RuntimeBeanReference(BeanIds.REMEMBER_ME_FILTER)); - // Post processor to inject RememberMeServices into filters which need it - - RootBeanDefinition rememberMeInjectionPostProcessor = new RootBeanDefinition(RememberMeServicesInjectionBeanPostProcessor.class); - rememberMeInjectionPostProcessor.setRole(BeanDefinition.ROLE_INFRASTRUCTURE); - pc.getReaderContext().registerWithGeneratedName(rememberMeInjectionPostProcessor); } final BeanDefinition logoutFilter = createLogoutFilter(element, autoConfig, pc, rememberMeServicesId); @@ -227,18 +221,16 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser { // Required by login page filter pc.getRegistry().registerBeanDefinition(BeanIds.FORM_LOGIN_FILTER, form.filter); pc.registerBeanComponent(new BeanComponentDefinition(form.filter, BeanIds.FORM_LOGIN_FILTER)); - if (rememberMeServicesId != null) { - form.filter.getPropertyValues().addPropertyValue("rememberMeServices", new RuntimeBeanReference(rememberMeServicesId)); - } + injectRememberMeServicesRef(form.filter, rememberMeServicesId); + injectSessionRegistryRef(form.filter, sessionRegistryRef); } if (openID.filter != null) { // Required by login page filter pc.getRegistry().registerBeanDefinition(BeanIds.OPEN_ID_FILTER, openID.filter); pc.registerBeanComponent(new BeanComponentDefinition(openID.filter, BeanIds.OPEN_ID_FILTER)); - if (rememberMeServicesId != null) { - openID.filter.getPropertyValues().addPropertyValue("rememberMeServices", new RuntimeBeanReference(rememberMeServicesId)); - } + injectRememberMeServicesRef(openID.filter, rememberMeServicesId); + injectSessionRegistryRef(openID.filter, sessionRegistryRef); } FilterAndEntryPoint x509 = createX509Filter(element, pc); @@ -320,14 +312,29 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser { registerFilterChainProxy(pc, filterChainMap, matcher, source); - RootBeanDefinition postProcessor2 = new RootBeanDefinition(UserDetailsServiceInjectionBeanPostProcessor.class); - postProcessor2.setRole(BeanDefinition.ROLE_INFRASTRUCTURE); - pc.getReaderContext().registerWithGeneratedName(postProcessor2); + BeanDefinitionBuilder userServiceInjector = BeanDefinitionBuilder.rootBeanDefinition(UserDetailsServiceInjectionBeanPostProcessor.class); + userServiceInjector.addConstructorArgValue(BeanIds.X509_AUTH_PROVIDER); + userServiceInjector.addConstructorArgValue(rememberMeServicesId); + userServiceInjector.addConstructorArgValue(rememberMeServicesId); + userServiceInjector.setRole(BeanDefinition.ROLE_INFRASTRUCTURE); + pc.getReaderContext().registerWithGeneratedName(userServiceInjector.getBeanDefinition()); pc.popAndRegisterContainingComponent(); return null; } + private void injectRememberMeServicesRef(RootBeanDefinition bean, String rememberMeServicesId) { + if (rememberMeServicesId != null) { + bean.getPropertyValues().addPropertyValue("rememberMeServices", new RuntimeBeanReference(rememberMeServicesId)); + } + } + + private void injectSessionRegistryRef(RootBeanDefinition bean, BeanReference sessionRegistryRef){ + if (sessionRegistryRef != null) { + bean.getPropertyValues().addPropertyValue("sessionRegistry", sessionRegistryRef); + } + } + private void checkFilterChainOrder(List filters, ParserContext pc, Object source) { logger.info("Checking sorted filter chain: " + filters); @@ -371,7 +378,6 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser { final String ATT_POSITION = "position"; final String REF = "ref"; - for (Element elt: customFilterElts) { String after = elt.getAttribute(ATT_AFTER); String before = elt.getAttribute(ATT_BEFORE); @@ -732,7 +738,8 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser { return channelFilter; } - private RootBeanDefinition createSessionFixationProtectionFilter(ParserContext pc, String sessionFixationAttribute, boolean sessionControlEnabled) { + private RootBeanDefinition createSessionFixationProtectionFilter(ParserContext pc, String sessionFixationAttribute, + BeanReference sessionRegistryRef) { if(!StringUtils.hasText(sessionFixationAttribute)) { sessionFixationAttribute = OPT_SESSION_FIXATION_MIGRATE_SESSION; } @@ -742,8 +749,8 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser { BeanDefinitionBuilder.rootBeanDefinition(SessionFixationProtectionFilter.class); sessionFixationFilter.addPropertyValue("migrateSessionAttributes", Boolean.valueOf(sessionFixationAttribute.equals(OPT_SESSION_FIXATION_MIGRATE_SESSION))); - if (sessionControlEnabled) { - sessionFixationFilter.addPropertyReference("sessionRegistry", BeanIds.SESSION_REGISTRY); + if (sessionRegistryRef != null) { + sessionFixationFilter.addPropertyValue("sessionRegistry", sessionRegistryRef); } return (RootBeanDefinition) sessionFixationFilter.getBeanDefinition(); } diff --git a/config/src/main/java/org/springframework/security/config/RememberMeServicesInjectionBeanPostProcessor.java b/config/src/main/java/org/springframework/security/config/RememberMeServicesInjectionBeanPostProcessor.java deleted file mode 100644 index bded9fd714..0000000000 --- a/config/src/main/java/org/springframework/security/config/RememberMeServicesInjectionBeanPostProcessor.java +++ /dev/null @@ -1,67 +0,0 @@ -package org.springframework.security.config; - -import java.util.Map; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.springframework.beans.BeansException; -import org.springframework.beans.factory.BeanFactory; -import org.springframework.beans.factory.BeanFactoryAware; -import org.springframework.beans.factory.ListableBeanFactory; -import org.springframework.beans.factory.config.BeanPostProcessor; -import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter; -import org.springframework.security.web.authentication.RememberMeServices; -import org.springframework.security.web.authentication.www.BasicProcessingFilter; -import org.springframework.util.Assert; - -/** - * - * @author Luke Taylor - * @version $Id$ - * @since 2.0 - */ -public class RememberMeServicesInjectionBeanPostProcessor implements BeanPostProcessor, BeanFactoryAware { - private Log logger = LogFactory.getLog(getClass()); - - private ListableBeanFactory beanFactory; - - public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException { -// if (bean instanceof AbstractAuthenticationProcessingFilter) { -// AbstractAuthenticationProcessingFilter pf = (AbstractAuthenticationProcessingFilter) bean; -// -// if (pf.getRememberMeServices() == null) { -// logger.info("Setting RememberMeServices on bean " + beanName); -// pf.setRememberMeServices(getRememberMeServices()); -// } -// } else if (BeanIds.BASIC_AUTHENTICATION_FILTER.equals(beanName)) { -// // NB: For remember-me to be sent back, a user must submit a "_spring_security_remember_me" with their login request. -// // Most of the time a user won't present such a parameter with their BASIC authentication request. -// // In the future we might support setting the AbstractRememberMeServices.alwaysRemember = true, but I am reluctant to -// // do so because it seems likely to lead to lower security for 99.99% of users if they set the property to true. -// -// BasicProcessingFilter bf = (BasicProcessingFilter) bean; -// logger.info("Setting RememberMeServices on bean " + beanName); -// bf.setRememberMeServices(getRememberMeServices()); -// } - - return bean; - } - - private RememberMeServices getRememberMeServices() { - Map beans = beanFactory.getBeansOfType(RememberMeServices.class); - - Assert.isTrue(beans.size() > 0, "No RememberMeServices configured"); - Assert.isTrue(beans.size() == 1, "Use of '' requires a single instance of RememberMeServices " + - "in the application context, but more than one was found."); - - return (RememberMeServices) beans.values().toArray()[0]; - } - - public Object postProcessAfterInitialization(Object bean, String beanName) throws BeansException { - return bean; - } - - public void setBeanFactory(BeanFactory beanFactory) throws BeansException { - this.beanFactory = (ListableBeanFactory) beanFactory; - } -} diff --git a/config/src/main/java/org/springframework/security/config/UserDetailsServiceInjectionBeanPostProcessor.java b/config/src/main/java/org/springframework/security/config/UserDetailsServiceInjectionBeanPostProcessor.java index 1f5029ebdf..618e340a06 100644 --- a/config/src/main/java/org/springframework/security/config/UserDetailsServiceInjectionBeanPostProcessor.java +++ b/config/src/main/java/org/springframework/security/config/UserDetailsServiceInjectionBeanPostProcessor.java @@ -28,13 +28,26 @@ import org.springframework.util.Assert; */ public class UserDetailsServiceInjectionBeanPostProcessor implements BeanPostProcessor, BeanFactoryAware { private ConfigurableListableBeanFactory beanFactory; + private final String x509ProviderId; + private final String rememberMeServicesId; + private final String openIDProviderId; + + public UserDetailsServiceInjectionBeanPostProcessor(String x509ProviderId, String rememberMeServicesId, + String openIDProviderId) { + this.x509ProviderId = x509ProviderId; + this.rememberMeServicesId = rememberMeServicesId; + this.openIDProviderId = openIDProviderId; + } public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException { - if (BeanIds.X509_AUTH_PROVIDER.equals(beanName)) { + if(beanName == null) { + return bean; + } + if (beanName.equals(x509ProviderId)) { injectUserDetailsServiceIntoX509Provider((PreAuthenticatedAuthenticationProvider) bean); - } else if (BeanIds.REMEMBER_ME_SERVICES.equals(beanName)) { + } else if (beanName.equals(rememberMeServicesId)) { injectUserDetailsServiceIntoRememberMeServices((AbstractRememberMeServices)bean); - } else if (BeanIds.OPEN_ID_PROVIDER.equals(beanName)) { + } else if (beanName.equals(openIDProviderId)) { injectUserDetailsServiceIntoOpenIDProvider(bean); } @@ -46,7 +59,7 @@ public class UserDetailsServiceInjectionBeanPostProcessor implements BeanPostPro } private void injectUserDetailsServiceIntoRememberMeServices(AbstractRememberMeServices services) { - BeanDefinition beanDefinition = beanFactory.getBeanDefinition(BeanIds.REMEMBER_ME_SERVICES); + BeanDefinition beanDefinition = beanFactory.getBeanDefinition(rememberMeServicesId); PropertyValue pv = beanDefinition.getPropertyValues().getPropertyValue("userDetailsService"); if (pv == null) { @@ -61,7 +74,7 @@ public class UserDetailsServiceInjectionBeanPostProcessor implements BeanPostPro } private void injectUserDetailsServiceIntoX509Provider(PreAuthenticatedAuthenticationProvider provider) { - BeanDefinition beanDefinition = beanFactory.getBeanDefinition(BeanIds.X509_AUTH_PROVIDER); + BeanDefinition beanDefinition = beanFactory.getBeanDefinition(x509ProviderId); PropertyValue pv = beanDefinition.getPropertyValues().getPropertyValue("preAuthenticatedUserDetailsService"); UserDetailsByNameServiceWrapper wrapper = new UserDetailsByNameServiceWrapper(); @@ -83,7 +96,7 @@ public class UserDetailsServiceInjectionBeanPostProcessor implements BeanPostPro } private void injectUserDetailsServiceIntoOpenIDProvider(Object bean) { - BeanDefinition beanDefinition = beanFactory.getBeanDefinition(BeanIds.OPEN_ID_PROVIDER); + BeanDefinition beanDefinition = beanFactory.getBeanDefinition(openIDProviderId); PropertyValue pv = beanDefinition.getPropertyValues().getPropertyValue("userDetailsService"); if (pv == null) { diff --git a/config/src/main/java/org/springframework/security/config/X509BeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/X509BeanDefinitionParser.java index 36ba702444..586ac53b68 100644 --- a/config/src/main/java/org/springframework/security/config/X509BeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/X509BeanDefinitionParser.java @@ -54,7 +54,7 @@ public class X509BeanDefinitionParser implements BeanDefinitionParser { provider.getPropertyValues().addPropertyValue("preAuthenticatedUserDetailsService", preAuthUserService); } - filterBuilder.addPropertyValue("authenticationManager", new RuntimeBeanReference(BeanIds.AUTHENTICATION_MANAGER)); + filterBuilder.addPropertyReference("authenticationManager", BeanIds.AUTHENTICATION_MANAGER); return (RootBeanDefinition) filterBuilder.getBeanDefinition(); } diff --git a/config/src/test/java/org/springframework/security/config/HttpSecurityBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/HttpSecurityBeanDefinitionParserTests.java index 16b07dde41..976c4af77f 100644 --- a/config/src/test/java/org/springframework/security/config/HttpSecurityBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/HttpSecurityBeanDefinitionParserTests.java @@ -363,7 +363,7 @@ public class HttpSecurityBeanDefinitionParserTests { } private PortMapperImpl getPortMapper() { - Map beans = appContext.getBeansOfType(PortMapperImpl.class); + Map beans = appContext.getBeansOfType(PortMapperImpl.class); return new ArrayList(beans.values()).get(0); } @@ -456,20 +456,20 @@ public class HttpSecurityBeanDefinitionParserTests { } @Test - public void rememberMeServiceWorksWithTokenRepoRef() { + public void rememberMeServiceWorksWithTokenRepoRef() throws Exception { setContext( "" + " " + "" + " " + AUTH_PROVIDER_XML); - Object rememberMeServices = appContext.getBean(BeanIds.REMEMBER_ME_SERVICES); + RememberMeServices rememberMeServices = getRememberMeServices(); assertTrue(rememberMeServices instanceof PersistentTokenBasedRememberMeServices); } @Test - public void rememberMeServiceWorksWithDataSourceRef() { + public void rememberMeServiceWorksWithDataSourceRef() throws Exception { setContext( "" + " " + @@ -477,7 +477,7 @@ public class HttpSecurityBeanDefinitionParserTests { " " + " " + "" + AUTH_PROVIDER_XML); - Object rememberMeServices = appContext.getBean(BeanIds.REMEMBER_ME_SERVICES); + RememberMeServices rememberMeServices = getRememberMeServices(); assertTrue(rememberMeServices instanceof PersistentTokenBasedRememberMeServices); }