Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Moved to /spring-security-core project

This commit is contained in:
Ben Alex 2007-12-02 00:20:35 +00:00
parent 435959a850
commit e2db910b06
82 changed files with 0 additions and 6244 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
sandbox/pom.xml
View File

@ -20,7 +20,6 @@
<module>webwork</module>
<module>openid</module>
<module>other</module>
<!-- module>spring-security-config</module-->
</modules>
<dependencies>

47
sandbox/spring-security-config/.classpath
View File

@ -1,47 +0,0 @@
<classpath>
<classpathentry kind="src" path="src/main/java"/>
<classpathentry kind="src" path="src/main/resources" excluding="**/*.java"/>
<classpathentry kind="src" path="src/test/java" output="target/test-classes"/>
<classpathentry kind="src" path="src/test/resources" output="target/test-classes" excluding="**/*.java"/>
<classpathentry kind="output" path="target/classes"/>
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
<classpathentry kind="var" path="M2_REPO/commons-collections/commons-collections/3.1/commons-collections-3.1.jar" sourcepath="M2_REPO/commons-collections/commons-collections/3.1/commons-collections-3.1-sources.jar"/>
<classpathentry kind="var" path="M2_REPO/org/apache/directory/server/apacheds-core-shared/1.0.0/apacheds-core-shared-1.0.0.jar"/>
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-context/2.0.4/spring-context-2.0.4.jar"/>
<classpathentry kind="var" path="M2_REPO/commons-codec/commons-codec/1.3/commons-codec-1.3.jar" sourcepath="M2_REPO/commons-codec/commons-codec/1.3/commons-codec-1.3-sources.jar"/>
<classpathentry kind="var" path="M2_REPO/commons-attributes/commons-attributes-api/2.1/commons-attributes-api-2.1.jar" sourcepath="M2_REPO/commons-attributes/commons-attributes-api/2.1/commons-attributes-api-2.1-sources.jar"/>
<classpathentry kind="var" path="M2_REPO/javax/servlet/servlet-api/2.4/servlet-api-2.4.jar" sourcepath="M2_REPO/javax/servlet/servlet-api/2.4/servlet-api-2.4-sources.jar"/>
<classpathentry kind="var" path="M2_REPO/junit/junit/3.8.1/junit-3.8.1.jar" sourcepath="M2_REPO/junit/junit/3.8.1/junit-3.8.1-sources.jar"/>
<classpathentry kind="var" path="M2_REPO/cas/casclient/2.0.11/casclient-2.0.11.jar"/>
<classpathentry kind="var" path="M2_REPO/hsqldb/hsqldb/1.8.0.4/hsqldb-1.8.0.4.jar"/>
<classpathentry kind="var" path="M2_REPO/qdox/qdox/1.5/qdox-1.5.jar"/>
<classpathentry kind="var" path="M2_REPO/org/apache/directory/shared/shared-ldap/0.9.5.3/shared-ldap-0.9.5.3.jar"/>
<classpathentry kind="var" path="M2_REPO/taglibs/standard/1.0.6/standard-1.0.6.jar" sourcepath="M2_REPO/taglibs/standard/1.0.6/standard-1.0.6-sources.jar"/>
<classpathentry kind="var" path="M2_REPO/jmock/jmock/1.0.1/jmock-1.0.1.jar" sourcepath="M2_REPO/jmock/jmock/1.0.1/jmock-1.0.1-sources.jar"/>
<classpathentry kind="var" path="M2_REPO/org/apache/directory/server/apacheds-core/1.0.0/apacheds-core-1.0.0.jar"/>
<classpathentry kind="var" path="M2_REPO/org/apache/directory/shared/shared-asn1/0.9.5.3/shared-asn1-0.9.5.3.jar"/>
<classpathentry kind="var" path="M2_REPO/javax/servlet/jsp-api/2.0/jsp-api-2.0.jar"/>
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-web/2.0.4/spring-web-2.0.4.jar"/>
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-support/2.0.4/spring-support-2.0.4.jar"/>
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-dao/2.0.4/spring-dao-2.0.4.jar"/>
<classpathentry kind="var" path="M2_REPO/org/acegisecurity/acegi-security/1.0.5-SNAPSHOT/acegi-security-1.0.5-SNAPSHOT.jar" sourcepath="M2_REPO/org/acegisecurity/acegi-security/1.0.5-SNAPSHOT/acegi-security-1.0.5-SNAPSHOT-sources.jar"/>
<classpathentry kind="var" path="M2_REPO/log4j/log4j/1.2.9/log4j-1.2.9.jar" sourcepath="M2_REPO/log4j/log4j/1.2.9/log4j-1.2.9-sources.jar"/>
<classpathentry kind="var" path="M2_REPO/commons-attributes/commons-attributes-compiler/2.1/commons-attributes-compiler-2.1.jar"/>
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-remoting/2.0.4/spring-remoting-2.0.4.jar"/>
<classpathentry kind="var" path="M2_REPO/antlr/antlr/2.7.6/antlr-2.7.6.jar" sourcepath="M2_REPO/antlr/antlr/2.7.6/antlr-2.7.6-sources.jar"/>
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-mock/2.0.4/spring-mock-2.0.4.jar"/>
<classpathentry kind="var" path="M2_REPO/jdbm/jdbm/1.0/jdbm-1.0.jar"/>
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-aop/2.0.4/spring-aop-2.0.4.jar"/>
<classpathentry kind="var" path="M2_REPO/org/slf4j/slf4j-log4j12/1.0.1/slf4j-log4j12-1.0.1.jar" sourcepath="M2_REPO/org/slf4j/slf4j-log4j12/1.0.1/slf4j-log4j12-1.0.1-sources.jar"/>
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-jdbc/2.0.4/spring-jdbc-2.0.4.jar"/>
<classpathentry kind="var" path="M2_REPO/commons-lang/commons-lang/2.1/commons-lang-2.1.jar" sourcepath="M2_REPO/commons-lang/commons-lang/2.1/commons-lang-2.1-sources.jar"/>
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-beans/2.0.4/spring-beans-2.0.4.jar"/>
<classpathentry kind="var" path="M2_REPO/oro/oro/2.0.8/oro-2.0.8.jar" sourcepath="M2_REPO/oro/oro/2.0.8/oro-2.0.8-sources.jar"/>
<classpathentry kind="var" path="M2_REPO/org/springframework/spring-core/2.0.4/spring-core-2.0.4.jar"/>
<classpathentry kind="var" path="M2_REPO/commons-logging/commons-logging/1.0.4/commons-logging-1.0.4.jar" sourcepath="M2_REPO/commons-logging/commons-logging/1.0.4/commons-logging-1.0.4-sources.jar"/>
<classpathentry kind="var" path="M2_REPO/aspectj/aspectjrt/1.2/aspectjrt-1.2.jar"/>
<classpathentry kind="var" path="M2_REPO/ant/ant/1.5/ant-1.5.jar"/>
<classpathentry kind="var" path="M2_REPO/aopalliance/aopalliance/1.0/aopalliance-1.0.jar" sourcepath="M2_REPO/aopalliance/aopalliance/1.0/aopalliance-1.0-sources.jar"/>
<classpathentry kind="var" path="M2_REPO/net/sf/ehcache/ehcache/1.2.4/ehcache-1.2.4.jar" sourcepath="M2_REPO/net/sf/ehcache/ehcache/1.2.4/ehcache-1.2.4-sources.jar"/>
<classpathentry kind="var" path="M2_REPO/org/acegisecurity/acegi-security-tiger/1.0.5-SNAPSHOT/acegi-security-tiger-1.0.5-SNAPSHOT.jar" sourcepath="M2_REPO/org/acegisecurity/acegi-security-tiger/1.0.5-SNAPSHOT/acegi-security-tiger-1.0.5-SNAPSHOT-sources.jar"/>
</classpath>

19
sandbox/spring-security-config/.project
View File

@ -1,19 +0,0 @@
<projectDescription>
<name>spring-security-config</name>
<comment>Acegi Security System for Spring</comment>
<projects/>
<buildSpec>
<buildCommand>
<name>org.eclipse.jdt.core.javabuilder</name>
</buildCommand>
<buildCommand>
<name>org.eclipse.wst.validation.validationbuilder</name>
</buildCommand>
</buildSpec>
<natures>
<nature>org.eclipse.wst.common.project.facet.core.nature</nature>
<nature>org.eclipse.jdt.core.javanature</nature>
<nature>org.eclipse.wst.common.modulecore.ModuleCoreNature</nature>
<nature>org.eclipse.jem.workbench.JavaEMFNature</nature>
</natures>
</projectDescription>

6
sandbox/spring-security-config/.settings/.component
View File

@ -1,6 +0,0 @@
<project-modules id="moduleCoreId">
<wb-module deploy-name="spring-security-config">
<wb-resource deploy-path="/" source-path="src/main/java"/>
<wb-resource deploy-path="/" source-path="src/main/resources"/>
</wb-module>
</project-modules>

7
sandbox/spring-security-config/.settings/org.eclipse.jdt.core.prefs
View File

@ -1,7 +0,0 @@
#Sun Jun 17 10:48:58 EST 2007
eclipse.preferences.version=1
org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5
org.eclipse.jdt.core.compiler.compliance=1.5
org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
org.eclipse.jdt.core.compiler.source=1.5

6
sandbox/spring-security-config/.settings/org.eclipse.wst.common.project.facet.core.xml
View File

@ -1,6 +0,0 @@
<faceted-project>
<fixed facet="jst.java"/>
<fixed facet="jst.utility"/>
<installed facet="jst.utility" version="1.0"/>
<installed facet="jst.java" version="5.0"/>
</faceted-project>

239
sandbox/spring-security-config/basicauth/BasicProcessingFilter.java
View File

@ -1,239 +0,0 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.acegisecurity.ui.basicauth;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.acegisecurity.Authentication;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.AuthenticationManager;
import org.acegisecurity.context.SecurityContextHolder;
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.acegisecurity.ui.AuthenticationDetailsSource;
import org.acegisecurity.ui.AuthenticationDetailsSourceImpl;
import org.acegisecurity.ui.AuthenticationEntryPoint;
import org.acegisecurity.ui.rememberme.RememberMeServices;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.core.Ordered;
import org.springframework.util.Assert;
/**
* Processes a HTTP request's BASIC authorization headers, putting the result into the
* <code>SecurityContextHolder</code>.<p>For a detailed background on what this filter is designed to process,
* refer to <A HREF="http://www.faqs.org/rfcs/rfc1945.html">RFC 1945, Section 11.1</A>. Any realm name presented in
* the HTTP request is ignored.</p>
* <p>In summary, this filter is responsible for processing any request that has a HTTP request header of
* <code>Authorization</code> with an authentication scheme of <code>Basic</code> and a Base64-encoded
* <code>username:password</code> token. For example, to authenticate user "Aladdin" with password "open sesame" the
* following header would be presented:</p>
* <p><code>Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==</code>.</p>
* <p>This filter can be used to provide BASIC authentication services to both remoting protocol clients (such as
* Hessian and SOAP) as well as standard user agents (such as Internet Explorer and Netscape).</p>
* <P>If authentication is successful, the resulting {@link Authentication} object will be placed into the
* <code>SecurityContextHolder</code>.</p>
* <p>If authentication fails and <code>ignoreFailure</code> is <code>false</code> (the default), an {@link
* AuthenticationEntryPoint} implementation is called. Usually this should be {@link BasicProcessingFilterEntryPoint},
* which will prompt the user to authenticate again via BASIC authentication.</p>
* <p>Basic authentication is an attractive protocol because it is simple and widely deployed. However, it still
* transmits a password in clear text and as such is undesirable in many situations. Digest authentication is also
* provided by Acegi Security and should be used instead of Basic authentication wherever possible. See {@link
* org.acegisecurity.ui.digestauth.DigestProcessingFilter}.</p>
* <p>Note that if a {@link #rememberMeServices} is set, this filter will automatically send back remember-me
* details to the client. Therefore, subsequent requests will not need to present a BASIC authentication header as
* they will be authenticated using the remember-me mechanism.</p>
* <p><b>Do not use this class directly.</b> Instead configure <code>web.xml</code> to use the {@link
* org.acegisecurity.util.FilterToBeanProxy}.</p>
*
* @author Ben Alex
* @version $Id$
*/
public class BasicProcessingFilter implements Filter, InitializingBean, Ordered {
//~ Static fields/initializers =====================================================================================
private static final Log logger = LogFactory.getLog(BasicProcessingFilter.class);
//~ Instance fields ================================================================================================
private AuthenticationDetailsSource authenticationDetailsSource = new AuthenticationDetailsSourceImpl();
private AuthenticationEntryPoint authenticationEntryPoint;
private AuthenticationManager authenticationManager;
private RememberMeServices rememberMeServices;
private boolean ignoreFailure = false;
private int order;
//~ Methods ========================================================================================================
public void afterPropertiesSet() throws Exception {
Assert.notNull(this.authenticationManager, "An AuthenticationManager is required");
Assert.notNull(this.authenticationEntryPoint, "An AuthenticationEntryPoint is required");
}
public void destroy() {}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
if (!(request instanceof HttpServletRequest)) {
throw new ServletException("Can only process HttpServletRequest");
}
if (!(response instanceof HttpServletResponse)) {
throw new ServletException("Can only process HttpServletResponse");
}
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
String header = httpRequest.getHeader("Authorization");
if (logger.isDebugEnabled()) {
logger.debug("Authorization header: " + header);
}
if ((header != null) && header.startsWith("Basic ")) {
String base64Token = header.substring(6);
String token = new String(Base64.decodeBase64(base64Token.getBytes()));
String username = "";
String password = "";
int delim = token.indexOf(":");
if (delim != -1) {
username = token.substring(0, delim);
password = token.substring(delim + 1);
}
if (authenticationIsRequired(username)) {
UsernamePasswordAuthenticationToken authRequest =
new UsernamePasswordAuthenticationToken(username, password);
authRequest.setDetails(authenticationDetailsSource.buildDetails((HttpServletRequest) request));
Authentication authResult;
try {
authResult = authenticationManager.authenticate(authRequest);
} catch (AuthenticationException failed) {
// Authentication failed
if (logger.isDebugEnabled()) {
logger.debug("Authentication request for user: " + username + " failed: " + failed.toString());
}
SecurityContextHolder.getContext().setAuthentication(null);
if (rememberMeServices != null) {
rememberMeServices.loginFail(httpRequest, httpResponse);
}
if (ignoreFailure) {
chain.doFilter(request, response);
} else {
authenticationEntryPoint.commence(request, response, failed);
}
return;
}
// Authentication success
if (logger.isDebugEnabled()) {
logger.debug("Authentication success: " + authResult.toString());
}
SecurityContextHolder.getContext().setAuthentication(authResult);
if (rememberMeServices != null) {
rememberMeServices.loginSuccess(httpRequest, httpResponse, authResult);
}
}
}
chain.doFilter(request, response);
}
private boolean authenticationIsRequired(String username) {
// Only reauthenticate if username doesn't match SecurityContextHolder and user isn't authenticated
// (see SEC-53)
Authentication existingAuth = SecurityContextHolder.getContext().getAuthentication();
if(existingAuth == null || !existingAuth.isAuthenticated()) {
return true;
}
// Limit username comparison to providers which use usernames (ie UsernamePasswordAuthenticationToken)
// (see SEC-348)
if (existingAuth instanceof UsernamePasswordAuthenticationToken && !existingAuth.getName().equals(username)) {
return true;
}
return false;
}
public AuthenticationEntryPoint getAuthenticationEntryPoint() {
return authenticationEntryPoint;
}
public AuthenticationManager getAuthenticationManager() {
return authenticationManager;
}
public void init(FilterConfig arg0) throws ServletException {}
public boolean isIgnoreFailure() {
return ignoreFailure;
}
public void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource) {
Assert.notNull(authenticationDetailsSource, "AuthenticationDetailsSource required");
this.authenticationDetailsSource = authenticationDetailsSource;
}
public void setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint) {
this.authenticationEntryPoint = authenticationEntryPoint;
}
public void setAuthenticationManager(AuthenticationManager authenticationManager) {
this.authenticationManager = authenticationManager;
}
public void setIgnoreFailure(boolean ignoreFailure) {
this.ignoreFailure = ignoreFailure;
}
public void setRememberMeServices(RememberMeServices rememberMeServices) {
this.rememberMeServices = rememberMeServices;
}
public int getOrder() {
return order;
}
public void setOrder(int order) {
this.order = order;
}
}

102
sandbox/spring-security-config/basicauth/BasicProcessingFilterEntryPoint.java
View File

@ -1,102 +0,0 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.acegisecurity.ui.basicauth;
import java.io.IOException;
import java.util.Map;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.ui.AuthenticationEntryPoint;
import org.acegisecurity.util.OrderedUtils;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import org.springframework.core.Ordered;
import org.springframework.util.Assert;
/**
* Used by the <code>SecurityEnforcementFilter</code> to commence
* authentication via the {@link BasicProcessingFilter}.
* <P>
* Once a user agent is authenticated using BASIC authentication, logout
* requires that the browser be closed or an unauthorized (401) header be sent.
* The simplest way of achieving the latter is to call the
* {@link #commence(ServletRequest, ServletResponse, AuthenticationException)}
* method below. This will indicate to the browser its credentials are no longer
* authorized, causing it to prompt the user to login again.
* </p>
*
* @author Ben Alex
* @version $Id: BasicProcessingFilterEntryPoint.java 1822 2007-05-17 12:20:16Z
* vishalpuri $
*/
public class BasicProcessingFilterEntryPoint implements AuthenticationEntryPoint, InitializingBean, Ordered,
ApplicationContextAware {
// ~ Static fields/initializers
// =====================================================================================
private static final int DEFAULT_ORDER = Integer.MAX_VALUE;
// ~ Instance fields
// ================================================================================================
private String realmName;
private int order = DEFAULT_ORDER;
private ApplicationContext applicationContext;
// ~ Methods
// ========================================================================================================
public int getOrder() {
return order;
}
public void setOrder(int order) {
this.order = order;
}
public void afterPropertiesSet() throws Exception {
Assert.hasText(realmName, "realmName must be specified");
if (order == DEFAULT_ORDER) {
OrderedUtils.copyOrderFromOtherClass(BasicProcessingFilter.class, applicationContext, this, true);
}
}
public void commence(ServletRequest request, ServletResponse response, AuthenticationException authException)
throws IOException, ServletException {
HttpServletResponse httpResponse = (HttpServletResponse) response;
httpResponse.addHeader("WWW-Authenticate", "Basic realm=\"" + realmName + "\"");
httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, authException.getMessage());
}
public String getRealmName() {
return realmName;
}
public void setRealmName(String realmName) {
this.realmName = realmName;
}
public void setApplicationContext(ApplicationContext applicationContext) {
this.applicationContext = applicationContext;
}
}

5
sandbox/spring-security-config/basicauth/package.html
View File

@ -1,5 +0,0 @@
<html>
<body>
Authenticates HTTP BASIC authentication requests.
</body>
</html>

154
sandbox/spring-security-config/pom.xml
View File

@ -1,154 +0,0 @@
<?xml version="1.0"?>
<project>
<parent>
<artifactId>spring-security-sandbox</artifactId>
<groupId>org.springframework.security</groupId>
<version>2.0-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<name>spring-security-config</name>
<version>2.0-SNAPSHOT</version>
<url>http://maven.apache.org</url>
<dependencies>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core-tiger</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-remoting</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-support</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-mock</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>net.sf.ehcache</groupId>
<artifactId>ehcache</artifactId>
<version>1.2.4</version>
<optional>true</optional>
</dependency>
<dependency>
<groupId>cas</groupId>
<artifactId>casclient</artifactId>
<version>2.0.11</version>
<optional>true</optional>
</dependency>
<dependency>
<groupId>commons-lang</groupId>
<artifactId>commons-lang</artifactId>
<version>2.1</version>
</dependency>
<dependency>
<groupId>commons-collections</groupId>
<artifactId>commons-collections</artifactId>
<version>3.1</version>
</dependency>
<dependency>
<groupId>commons-attributes</groupId>
<artifactId>commons-attributes-compiler</artifactId>
<version>2.1</version>
</dependency>
<dependency>
<groupId>commons-attributes</groupId>
<artifactId>commons-attributes-api</artifactId>
<version>2.1</version>
</dependency>
<dependency>
<groupId>commons-attributes</groupId>
<artifactId>commons-attributes-plugin</artifactId>
<version>2.1</version>
<type>plugin</type>
</dependency>
<dependency>
<groupId>aspectj</groupId>
<artifactId>aspectjrt</artifactId>
<version>1.2</version>
<optional>true</optional>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>jsp-api</artifactId>
<version>2.0</version>
<optional>true</optional>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
<version>2.4</version>
<optional>true</optional>
</dependency>
<dependency>
<groupId>taglibs</groupId>
<artifactId>standard</artifactId>
<version>1.0.6</version>
<optional>true</optional>
</dependency>
<dependency>
<groupId>hsqldb</groupId>
<artifactId>hsqldb</artifactId>
<version>1.8.0.4</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.directory.server</groupId>
<artifactId>apacheds-core</artifactId>
<version>1.0.0</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
<version>1.0.1</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>jmock</groupId>
<artifactId>jmock</artifactId>
<version>1.0.1</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<source>1.5</source>
<target>1.5</target>
</configuration>
</plugin>
</plugins>
</build>
<reporting>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-pmd-plugin</artifactId>
<configuration>
<targetJdk>1.5</targetJdk>
</configuration>
</plugin>
</plugins>
</reporting>
</project>

13
sandbox/spring-security-config/src/main/java/org/springframework/security/App.java
View File

@ -1,13 +0,0 @@
package org.springframework.security;
/**
* Hello world!
*
*/
public class App
{
public static void main( String[] args )
{
System.out.println( "Hello World!" );
}
}

50
sandbox/spring-security-config/src/main/java/org/springframework/security/BankService.java
View File

@ -1,50 +0,0 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security;
import org.springframework.security.annotation.Secured;
/**
* <code>BankService</code> sample using Java 5 Annotations.
*
* @author Mark St.Godard
* @version $Id$
*
* @see org.springframework.security.annotation.Secured
*/
@Secured({"ROLE_TELLER"})
public interface BankService {
//~ Methods ========================================================================================================
/**
* Get the account balance.
*
* @param accountNumber The account number
*
* @return The balance
*/
@Secured({"ROLE_PERMISSION_BALANCE"})
public float balance(String accountNumber);
/**
* List accounts
*
* @return The list of accounts
*/
@Secured({"ROLE_PERMISSION_LIST"})
public String[] listAccounts();
}

34
sandbox/spring-security-config/src/main/java/org/springframework/security/BankServiceImpl.java
View File

@ -1,34 +0,0 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security;
/**
* <code>BankService</code> sample implementation.
*
* @author Mark St.Godard
* @version $Id$
*/
public class BankServiceImpl implements BankService {
//~ Methods ========================================================================================================
public float balance(String accountNumber) {
return 42000000;
}
public String[] listAccounts() {
return new String[] {"1", "2", "3"};
}
}

77
sandbox/spring-security-config/src/main/java/org/springframework/security/Main.java
View File

@ -1,77 +0,0 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.context.SecurityContextImpl;
import org.springframework.security.providers.TestingAuthenticationToken;
import org.springframework.context.support.ClassPathXmlApplicationContext;
/**
*
DOCUMENT ME!
*
* @author Mark St.Godard
* @version $Id$
*/
public class Main {
//~ Methods ========================================================================================================
/**
* This can be done in a web app by using a filter or <code>SpringMvcIntegrationInterceptor</code>.
*/
private static void createSecureContext() {
TestingAuthenticationToken auth = new TestingAuthenticationToken("test", "test",
new GrantedAuthority[] {
new GrantedAuthorityImpl("ROLE_TELLER"), new GrantedAuthorityImpl("ROLE_PERMISSION_LIST")
});
SecurityContextHolder.getContext().setAuthentication(auth);
}
private static void destroySecureContext() {
SecurityContextHolder.setContext(new SecurityContextImpl());
}
public static void main(String[] args) throws Exception {
createSecureContext();
ClassPathXmlApplicationContext context = new ClassPathXmlApplicationContext(
"org/security/config/auto-config.xml");
BankService service = (BankService) context.getBean("bankService");
// will succeed
service.listAccounts();
// will fail
try {
System.out.println(
"We expect an AccessDeniedException now, as we do not hold the ROLE_PERMISSION_BALANCE granted authority, and we're using a unanimous access decision manager... ");
service.balance("1");
} catch (AccessDeniedException e) {
e.printStackTrace();
}
destroySecureContext();
}
}

145
sandbox/spring-security-config/src/main/java/org/springframework/security/config/AuthenticationMechanismBeanDefinitionParser.java
View File

@ -1,145 +0,0 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.config;
import org.springframework.security.ldap.DefaultInitialDirContextFactory;
import org.springframework.security.providers.ProviderManager;
import org.springframework.security.providers.ldap.LdapAuthenticationProvider;
import org.springframework.security.providers.ldap.authenticator.BindAuthenticator;
import org.springframework.security.providers.ldap.populator.DefaultLdapAuthoritiesPopulator;
import org.springframework.security.util.BeanDefinitionParserUtils;
import org.springframework.beans.factory.config.RuntimeBeanReference;
import org.springframework.beans.factory.support.AbstractBeanDefinition;
import org.springframework.beans.factory.support.ManagedList;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
import org.springframework.beans.factory.xml.BeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import org.springframework.util.xml.DomUtils;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
/**
* * {@link BeanDefinitionParser} for the <code>authentication-mechanism</code>
* tag, resolves to {@link org.springframework.security.providers.ProviderManager} </br>
*
* @author vpuri
* @see {@link org.springframework.beans.factory.BeanFactory}
* @see {@link org.springframework.security.providers.ProviderManager}
*
*/
public class AuthenticationMechanismBeanDefinitionParser extends AbstractBeanDefinitionParser implements
BeanDefinitionParser {
// ~ Instance fields
// ================================================================================================
private static final String AUTHENTICATION_JDBC = "authentication-jdbc";
private static final String AUTHENTICATION_LDAP = "authentication-ldap";
private static final String REF = "ref";
// ~ Methods
// ========================================================================================================
protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
ManagedList providers = new ManagedList();
Assert.notNull(parserContext, "ParserContext must not be null");
RootBeanDefinition authMechanismBeanDef = new RootBeanDefinition(ProviderManager.class);
NodeList childNodes = element.getChildNodes();
for (int i = 0, n = childNodes.getLength(); i < n; i++) {
Node node = childNodes.item(i);
if (node.getNodeType() == Node.ELEMENT_NODE) {
Element childElement = (Element) node;
// this.providerExists = true;
if (AUTHENTICATION_JDBC.equals(node.getLocalName())) {
String attribute = childElement.getAttribute(REF);
if (StringUtils.hasLength(attribute)) {
// create a beandefinition
providers.add(new RuntimeBeanReference(attribute));
}
}
else if (AUTHENTICATION_LDAP.equals(node.getLocalName())) {
providers.add(createLdapAuthencticationProviderBeanDefinition(childElement, parserContext));
}
}
authMechanismBeanDef.getPropertyValues().addPropertyValue("providers", providers);
}
return authMechanismBeanDef;
}
/**
* Creates a default bean definition.
* @return
*/
protected static RootBeanDefinition createAndRegisterBeanDefinitionWithDefaults(ParserContext parserContext) {
RootBeanDefinition beanDefinition = new RootBeanDefinition(ProviderManager.class);
ManagedList providers = new ManagedList();
// create authentication-repository (DaoAuthenticationProvider) and add
// that to list
RootBeanDefinition authRepo = AuthenticationRepositoryBeanDefinitionParser.createBeanDefinitionWithDefaults();
providers.add(authRepo);
beanDefinition.getPropertyValues().addPropertyValue("providers", providers);
parserContext.getReaderContext().registerWithGeneratedName(beanDefinition);
return beanDefinition;
}
protected static RootBeanDefinition createLdapAuthencticationProviderBeanDefinition(Element element,
ParserContext parserContext) {
// element ldap
RootBeanDefinition ldapAuthProvider = new RootBeanDefinition(LdapAuthenticationProvider.class);
RootBeanDefinition initialDirContextFactory = createInitialDirContextFactoryBeanDefinition(element);
RootBeanDefinition ldapAuthoritiesPopulator = new RootBeanDefinition(DefaultLdapAuthoritiesPopulator.class);
RootBeanDefinition bindAuthenticator = new RootBeanDefinition(BindAuthenticator.class);
Element property = DomUtils.getChildElementByTagName(element, "property");
Assert.notNull(property);
parserContext.getDelegate().parsePropertyElement(property, bindAuthenticator);
bindAuthenticator.getConstructorArgumentValues().addIndexedArgumentValue(0, initialDirContextFactory);
// LdapAuthenticator
ldapAuthProvider.getConstructorArgumentValues().addIndexedArgumentValue(0, bindAuthenticator);
ldapAuthoritiesPopulator.getConstructorArgumentValues().addIndexedArgumentValue(0, initialDirContextFactory);
BeanDefinitionParserUtils.setConstructorArgumentIfAvailable(1, element, "groupSearchBase", false,
ldapAuthoritiesPopulator);
BeanDefinitionParserUtils.setPropertyIfAvailable(element, "groupRoleAttribute", "groupRoleAttribute", false,
ldapAuthoritiesPopulator);
// LdapAuthoritiesPopulator
ldapAuthProvider.getConstructorArgumentValues().addIndexedArgumentValue(1, ldapAuthoritiesPopulator);
return ldapAuthProvider;
}
private static RootBeanDefinition createInitialDirContextFactoryBeanDefinition(Element element) {
RootBeanDefinition initialDirContextFactory = new RootBeanDefinition(DefaultInitialDirContextFactory.class);
BeanDefinitionParserUtils.setConstructorArgumentIfAvailable(0, element, "ldapUrl", false,
initialDirContextFactory);
BeanDefinitionParserUtils.setPropertyIfAvailable(element, "managerDn", "managerDn", false,
initialDirContextFactory);
BeanDefinitionParserUtils.setPropertyIfAvailable(element, "managerPassword", "managerPassword", false,
initialDirContextFactory);
return initialDirContextFactory;
}
}

69
sandbox/spring-security-config/src/main/java/org/springframework/security/config/AuthenticationProcessingFilterBeanDefinitionParser.java
View File

@ -1,69 +0,0 @@
/**
*
*/
package org.springframework.security.config;
import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;
import org.springframework.beans.factory.support.AbstractBeanDefinition;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
import org.springframework.beans.factory.xml.BeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.util.StringUtils;
import org.w3c.dom.Element;
/**
* @author vpuri
*
*/
public class AuthenticationProcessingFilterBeanDefinitionParser extends AbstractBeanDefinitionParser implements
BeanDefinitionParser {
// ~ Instance fields
// ================================================================================================
private static final String AUTHENTICATION_URL = "authenticationUrl";
private static final String ERROR_FORM_URL = "errorFormUrl";
private static final String DEFAULT_TARGET_URL = "defaultTargetUrl";
// ~ Methods
// ================================================================================================
protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
RootBeanDefinition definition = new RootBeanDefinition(AuthenticationProcessingFilter.class);
setPropertyIfAvailable(element, AUTHENTICATION_URL, "filterProcessesUrl", definition);
setPropertyIfAvailable(element, ERROR_FORM_URL, "authenticationFailureUrl", definition);
setPropertyIfAvailable(element, DEFAULT_TARGET_URL, "defaultTargetUrl", definition);
return definition;
}
private void setPropertyIfAvailable(Element element, String attribute, String property,
RootBeanDefinition definition) {
String propertyValue = element.getAttribute(attribute);
if (StringUtils.hasText(propertyValue)) {
definition.getPropertyValues().addPropertyValue(property, propertyValue);
}
}
protected static RootBeanDefinition createBeandefinitionWithDefaults(ParserContext parserContext, RootBeanDefinition authenticationManager, RootBeanDefinition rememberMeServices) {
RootBeanDefinition definition = new RootBeanDefinition(AuthenticationProcessingFilter.class);
definition.getPropertyValues().addPropertyValue("authenticationManager",authenticationManager);
definition.getPropertyValues().addPropertyValue("rememberMeServices",rememberMeServices);
// RootBeanDefinition beanDefinition = AuthenticationMechanismBeanDefinitionParser.createAndRegisterBeanDefinitionWithDefaults(parserContext);
// definition.getPropertyValues().addPropertyValue("authenticationManager",
// parserContext.getReaderContext().getRegistry().getBeanDefinition(beanDefinition.getBeanClassName()));
// definition.getPropertyValues().addPropertyValue("rememberMeServices",
// RememberMeServicesBeanDefinitionParser.createAndRegisterBeanDefintionWithDefaults(parserContext));
/* TODO: There should not be any defaults for these urls ?!?! */
definition.getPropertyValues().addPropertyValue("authenticationFailureUrl", "/acegilogin.jsp?login_error=1");
definition.getPropertyValues().addPropertyValue("defaultTargetUrl", "/");
return definition;
}
}

43
sandbox/spring-security-config/src/main/java/org/springframework/security/config/AuthenticationProviderOrderResolver.java
View File

@ -1,43 +0,0 @@
package org.springframework.security.config;
import java.util.Collections;
import org.springframework.security.AuthenticationManager;
import org.springframework.security.providers.AuthenticationProvider;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.config.BeanFactoryPostProcessor;
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
import org.springframework.beans.factory.support.ManagedList;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.core.OrderComparator;
public class AuthenticationProviderOrderResolver implements BeanFactoryPostProcessor {
/**
*
*/
public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) throws BeansException {
// retrieve all the AuthenticationProvider instances
ManagedList providers = retrieveAllAuthenticationProviders(beanFactory);
String[] names = beanFactory.getBeanNamesForType(AuthenticationManager.class);
RootBeanDefinition definition = (RootBeanDefinition)beanFactory.getBeanDefinition(names[0]);
definition.getPropertyValues().addPropertyValue("providers",providers);
}
/**
*
* @param beanFactory
* @return
*/
private ManagedList retrieveAllAuthenticationProviders(ConfigurableListableBeanFactory beanFactory) {
String[] m = beanFactory.getBeanNamesForType(AuthenticationProvider.class);
ManagedList l = new ManagedList();
for(int i=0;i<m.length;i++){
RootBeanDefinition def = (RootBeanDefinition)beanFactory.getBeanDefinition(m[i]);
l.add(def);
}
Collections.sort(l, new OrderComparator());
return l;
}
}

191
sandbox/spring-security-config/src/main/java/org/springframework/security/config/AuthenticationRepositoryBeanDefinitionParser.java
View File

@ -1,191 +0,0 @@
/**
*
*/
package org.springframework.security.config;
import org.springframework.security.providers.dao.DaoAuthenticationProvider;
import org.springframework.security.providers.dao.salt.ReflectionSaltSource;
import org.springframework.security.providers.dao.salt.SystemWideSaltSource;
import org.springframework.security.providers.encoding.Md5PasswordEncoder;
import org.springframework.beans.factory.config.RuntimeBeanReference;
import org.springframework.beans.factory.support.AbstractBeanDefinition;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import org.springframework.util.xml.DomUtils;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
/**
* @author vpuri
*
*/
public class AuthenticationRepositoryBeanDefinitionParser extends AbstractBeanDefinitionParser {
// ~ Static fields
// =====================================================================================
private static final String REPOSITORY_BEAN_REF = "repositoryBeanRef";
private static final String USER_DETAILS_SERVICE = "userDetailsService";
private static final String SALT_SOURCE_ELEMENT = "salt-source";
private static final String SALT_SOURCE_REF = "saltSourceBeanRef";
private static final String SYSTEM_WIDE_SALT_SOURCE = "system-wide";
private static final String REFLECTION_SALT_SOURCE = "reflection";
private static final String PASSWORD_ENCODER_ELEMENT = "password-encoder";
private static final String PASSWORD_ENCODER_REF = "encoderBeanRef";
private static final String PASSWORD_ENCODER = "encoder";
// ~ Method
// ================================================================================================
public AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
Assert.notNull(parserContext, "ParserContext must not be null");
RootBeanDefinition repositoryBeanDef = new RootBeanDefinition(DaoAuthenticationProvider.class);
// check if saltSource is defined
Element saltSourceEle = DomUtils.getChildElementByTagName(element, SALT_SOURCE_ELEMENT);
setSaltSourceProperty(repositoryBeanDef, saltSourceEle);
Element passwordEncoderEle = DomUtils.getChildElementByTagName(element, PASSWORD_ENCODER_ELEMENT);
setPasswordEncoderProperty(repositoryBeanDef, passwordEncoderEle);
// if repositoryBeanRef is specified use its referred bean
String userDetailsRef = element.getAttribute(REPOSITORY_BEAN_REF);
if (StringUtils.hasLength(userDetailsRef)) {
repositoryBeanDef.getPropertyValues().addPropertyValue(USER_DETAILS_SERVICE,
new RuntimeBeanReference(userDetailsRef));
}
return repositoryBeanDef;
}
/**
*
* @param repositoryBeanDef
* @param element
*/
private void setSaltSourceProperty(RootBeanDefinition repositoryBeanDef, Element element) {
if (element != null) {
setBeanReferenceOrInnerBeanDefinitions(repositoryBeanDef, element, "saltSource", element
.getAttribute(SALT_SOURCE_REF));
}
}
/**
*
* @param repositoryBeanDef
* @param element
*/
private void setPasswordEncoderProperty(RootBeanDefinition repositoryBeanDef, Element element) {
if (element != null) {
setBeanReferenceOrInnerBeanDefinitions(repositoryBeanDef, element, "passwordEncoder", element
.getAttribute(PASSWORD_ENCODER_REF));
}
}
/**
*
* @param repositoryBeanDef
* @param element
* @param property
* @param reference
*/
private void setBeanReferenceOrInnerBeanDefinitions(RootBeanDefinition repositoryBeanDef, Element element,
String property, String reference) {
// check for encoderBeanRef attribute
if (StringUtils.hasLength(reference)) {
repositoryBeanDef.getPropertyValues().addPropertyValue(property, new RuntimeBeanReference(reference));
}
else {
doSetInnerBeanDefinitions(repositoryBeanDef, element, property);
}
}
/**
*
* @param repositoryBeanDef
* @param element
* @param property
*/
private void doSetInnerBeanDefinitions(RootBeanDefinition repositoryBeanDef, Element element, String property) {
NodeList children = element.getChildNodes();
for (int i = 0, n = children.getLength(); i < n; i++) {
Node node = children.item(i);
if (node.getNodeType() == Node.ELEMENT_NODE) {
Element childElement = (Element) node;
RootBeanDefinition innerBeanDefinition = null;
if (SYSTEM_WIDE_SALT_SOURCE.equals(node.getLocalName())) {
innerBeanDefinition = createSystemWideSaltSource(childElement);
repositoryBeanDef.getPropertyValues().addPropertyValue(property, innerBeanDefinition);
}
else if (REFLECTION_SALT_SOURCE.equals(node.getLocalName())) {
innerBeanDefinition = createReflectionSaltSource(childElement);
repositoryBeanDef.getPropertyValues().addPropertyValue(property, innerBeanDefinition);
}
if (PASSWORD_ENCODER.equals(node.getLocalName())) {
RootBeanDefinition passwordEncoderInnerBeanDefinition = createPasswordEncoder(childElement);
repositoryBeanDef.getPropertyValues()
.addPropertyValue(property, passwordEncoderInnerBeanDefinition);
}
}
}
}
/**
*
* @param childElement
* @return
*/
private RootBeanDefinition createPasswordEncoder(Element childElement) {
String attributeValue = childElement.getAttribute("method");
RootBeanDefinition definition = null;
// TODO: add other encoders support
if (attributeValue.equals("md5")) {
definition = new RootBeanDefinition(Md5PasswordEncoder.class);
}
return definition;
}
/**
*
* @param saltSourceTypeElement
* @return
*/
private RootBeanDefinition createReflectionSaltSource(Element saltSourceTypeElement) {
RootBeanDefinition definition = new RootBeanDefinition(ReflectionSaltSource.class);
definition.getPropertyValues().addPropertyValue("userPropertyToUse",
saltSourceTypeElement.getAttribute("userPropertyToUse"));
return definition;
}
/**
*
* @param saltSourceTypeElement
* @return
*/
private RootBeanDefinition createSystemWideSaltSource(Element saltSourceTypeElement) {
RootBeanDefinition definition = new RootBeanDefinition(SystemWideSaltSource.class);
definition.getPropertyValues().addPropertyValue("systemWideSalt",
saltSourceTypeElement.getAttribute("systemWideSalt"));
return definition;
}
protected static RootBeanDefinition createBeanDefinitionWithDefaults() {
RootBeanDefinition repositoryBeanDef = new RootBeanDefinition(DaoAuthenticationProvider.class);
return repositoryBeanDef;
}
}

81
sandbox/spring-security-config/src/main/java/org/springframework/security/config/AuthorizationManagerBeanDefinitionParser.java
View File

@ -1,81 +0,0 @@
package org.springframework.security.config;
import org.springframework.security.vote.AffirmativeBased;
import org.springframework.security.vote.AuthenticatedVoter;
import org.springframework.security.vote.ConsensusBased;
import org.springframework.security.vote.RoleVoter;
import org.springframework.security.vote.UnanimousBased;
import org.springframework.beans.factory.support.AbstractBeanDefinition;
import org.springframework.beans.factory.support.ManagedList;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
import org.springframework.beans.factory.xml.BeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.util.StringUtils;
import org.springframework.util.xml.DomUtils;
import org.w3c.dom.Element;
public class AuthorizationManagerBeanDefinitionParser extends AbstractBeanDefinitionParser implements
BeanDefinitionParser {
// ~ static initializers
// ================================================================================================
public static final String ROLE_VOTER_ELE = "role-voter";
public static final String AUTHENTICATED_VOTER_ELE = "authenticated-voter";
public static final String STRATEGY_ATTRIBUTE = "strategy";
// ~ Method
// ================================================================================================
protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
return createBeanDefinition(element, parserContext);
}
private RootBeanDefinition createBeanDefinition(Element element, ParserContext parserContext) {
ManagedList decisionVoters = new ManagedList();
Element roleVoterEle = DomUtils.getChildElementByTagName(element, ROLE_VOTER_ELE);
Element authVoterEle = DomUtils.getChildElementByTagName(element, AUTHENTICATED_VOTER_ELE);
if(roleVoterEle!=null && roleVoterEle.getLocalName().equals(ROLE_VOTER_ELE)) {
decisionVoters.add(new RootBeanDefinition(RoleVoter.class));
}
if (authVoterEle!=null && authVoterEle.getLocalName().equals(AUTHENTICATED_VOTER_ELE)) {
decisionVoters.add(new RootBeanDefinition(AuthenticatedVoter.class));
}
String strategy = element.getAttribute(STRATEGY_ATTRIBUTE);
if (StringUtils.hasLength(strategy)) {
if (strategy.equals("affirmative")) {
return createAccessDecisionManager(AffirmativeBased.class, decisionVoters);
}
else if (strategy.equals("consensus")) {
return createAccessDecisionManager(ConsensusBased.class, decisionVoters);
}
else if (strategy.equals("unanimous")) {
return createAccessDecisionManager(UnanimousBased.class, decisionVoters);
}
}
else {
return createAccessDecisionManagerAffirmativeBased();
}
return null;
}
protected static RootBeanDefinition createAccessDecisionManagerAffirmativeBased() {
ManagedList decisionVoters = new ManagedList();
decisionVoters.add(new RootBeanDefinition(AuthenticatedVoter.class));
decisionVoters.add(new RootBeanDefinition(RoleVoter.class));
return createAccessDecisionManager(AffirmativeBased.class, decisionVoters);
}
protected static RootBeanDefinition createAccessDecisionManager(Class clazz, ManagedList decisionVoters) {
RootBeanDefinition accessDecisionManager = new RootBeanDefinition(clazz);
accessDecisionManager.getPropertyValues().addPropertyValue("allowIfAllAbstainDecisions", Boolean.FALSE);
accessDecisionManager.getPropertyValues().addPropertyValue("decisionVoters", decisionVoters);
return accessDecisionManager;
}
}

217
sandbox/spring-security-config/src/main/java/org/springframework/security/config/AuthorizationMethodBeanDefinitionParser.java
View File

@ -1,217 +0,0 @@
package org.springframework.security.config;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.springframework.security.annotation.SecurityAnnotationAttributes;
import org.springframework.security.intercept.method.MethodDefinitionAttributes;
import org.springframework.security.intercept.method.MethodDefinitionMap;
import org.springframework.security.intercept.method.MethodDefinitionSource;
import org.springframework.security.intercept.method.MethodDefinitionSourceMapping;
import org.springframework.security.intercept.method.aopalliance.MethodDefinitionSourceAdvisor;
import org.springframework.security.intercept.method.aopalliance.MethodSecurityInterceptor;
import org.springframework.security.intercept.method.aspectj.AspectJSecurityInterceptor;
import org.springframework.security.runas.RunAsManagerImpl;
import org.springframework.security.util.BeanDefinitionParserUtils;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.beans.factory.BeanDefinitionStoreException;
import org.springframework.beans.factory.config.RuntimeBeanReference;
import org.springframework.beans.factory.support.AbstractBeanDefinition;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
import org.springframework.beans.factory.xml.BeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.metadata.commons.CommonsAttributes;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import org.springframework.util.xml.DomUtils;
import org.w3c.dom.Element;
/**
*
* @author Vishal Puri
*
*/
public class AuthorizationMethodBeanDefinitionParser extends AbstractBeanDefinitionParser implements
BeanDefinitionParser {
// ~ static initializers
// ================================================================================================
public static final String ASPECTJ_ATTRIBUTE = "aspectj";
public static final String SPRING_AOP_ATTRIBUTE = "springAop";
public static final String SOURCE_ATTRIBUTE = "source";
public static final String SOURCE_BEAN_REF = "sourceBeanId";
public static final String ATTRIBUTE = "attribute";
private static final String CONFIGURATION_ATTRIBUTE = "configuration-attribute";
private static final String TYPE_ATTRIBUTE = "type";
// ~ Method
// ================================================================================================
protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
// <security:authorization-joinpoint aspectj="false|true"
// springAop="true|false">
// one attribute allowed, aspectj or springAop
Assert.isTrue(!(element.hasAttribute(SPRING_AOP_ATTRIBUTE) && element.hasAttribute(ASPECTJ_ATTRIBUTE)),
"only one attribute (springAop or aspectj) is allowed");
Element urlMappingEle = DomUtils.getChildElementByTagName(element, "url-mapping");
String sourceBeanId = urlMappingEle.getAttribute(SOURCE_BEAN_REF);
boolean isSourceBeanIdDefined = StringUtils.hasLength(sourceBeanId);
if (!isValidConfiguration(urlMappingEle, isSourceBeanIdDefined)) {
throw new IllegalArgumentException(
" 'custom' value provided by 'source' attribute need to be selected when referring to a bean by 'sourceBeanId' attribute ");
}
if ((element.hasAttribute(ASPECTJ_ATTRIBUTE)) && element.getAttribute(ASPECTJ_ATTRIBUTE).equals("true")) {
// create AspectJSecurityInterceptor
if (isSourceBeanIdDefined)
return createMethodSecurityInterceptor(AspectJSecurityInterceptor.class, new RuntimeBeanReference(
sourceBeanId));
return createMethodSecurityInterceptor(AspectJSecurityInterceptor.class, createObjectDefinitionSource(
parserContext, urlMappingEle));
}
else if ((element.hasAttribute(SPRING_AOP_ATTRIBUTE))
&& element.getAttribute(SPRING_AOP_ATTRIBUTE).equals("true")) {
// create MethodSecurityInterceptor and
// MethodDefinitionSourceAdvisor
if (isSourceBeanIdDefined)
return createMethodSecurityInterceptor(MethodSecurityInterceptor.class, new RuntimeBeanReference(
sourceBeanId));
return createMethodSecurityInterceptor(MethodSecurityInterceptor.class, createObjectDefinitionSource(
parserContext, urlMappingEle));
}
return null;
}
/**
* @param parserContext
* @param firstChild
* @param sourceValue
* @throws BeanDefinitionStoreException
*/
private MethodDefinitionSource createObjectDefinitionSource(ParserContext parserContext, Element element)
throws BeanDefinitionStoreException {
String sourceValue = element.getAttribute(SOURCE_ATTRIBUTE);
if (sourceValue.equals("xml")) {
// create MethodDefinitionSourceEditor
Element methodPattern = DomUtils.getChildElementByTagName(element, "method-pattern");
String methodToProtect = methodPattern.getAttribute(TYPE_ATTRIBUTE);
MethodDefinitionSourceMapping mapping = new MethodDefinitionSourceMapping();
MethodDefinitionMap source = new MethodDefinitionMap();
List<MethodDefinitionSourceMapping> mappings = new ArrayList<MethodDefinitionSourceMapping>();
mapping.setMethodName(methodToProtect);
List configAttributes = DomUtils.getChildElementsByTagName(methodPattern, CONFIGURATION_ATTRIBUTE);
for (Iterator iter = configAttributes.iterator(); iter.hasNext();) {
Element configAttribute = (Element) iter.next();
String configAttributeValue = configAttribute.getAttribute(ATTRIBUTE);
mapping.addConfigAttribute(configAttributeValue);
}
mappings.add(mapping);
source.setMappings(mappings);
return source;
}
else if (sourceValue.equals("annotations")) {
BeanDefinitionParserUtils.registerBeanDefinition(parserContext, new RootBeanDefinition(
DefaultAdvisorAutoProxyCreator.class));
MethodDefinitionAttributes source = new MethodDefinitionAttributes();
SecurityAnnotationAttributes attributes = new SecurityAnnotationAttributes();
source.setAttributes(attributes);
return source;
}
else if (sourceValue.equals("attributes")) {
// create CommonsAttributes
CommonsAttributes attributes = new CommonsAttributes();
// objectDefinitionSource and inject attributes
MethodDefinitionAttributes source = new MethodDefinitionAttributes();
source.setAttributes(attributes);
// register DefaultAdvisorAutoProxyCreator with parseContext
BeanDefinitionParserUtils.registerBeanDefinition(parserContext, new RootBeanDefinition(
DefaultAdvisorAutoProxyCreator.class));
// register MethodDefinitionSourceAdvisor autowire="constructor"
registerMethodDefinitionSourceAdvisor(parserContext);
return source;
}
return null;
}
/**
* @param parserContext
* @throws BeanDefinitionStoreException
*/
private void registerMethodDefinitionSourceAdvisor(ParserContext parserContext) throws BeanDefinitionStoreException {
RootBeanDefinition methodSecurityAdvisor = new RootBeanDefinition(MethodDefinitionSourceAdvisor.class);
methodSecurityAdvisor.setAutowireMode(AbstractBeanDefinition.AUTOWIRE_CONSTRUCTOR);
BeanDefinitionParserUtils.registerBeanDefinition(parserContext, methodSecurityAdvisor);
}
/**
* Creates BeanDefinition for MethodSecurityInterceptor
* MethodSecurityInterceptor autodetects 'authenticationManager' and
* 'accessDecisionManager'
* @param name
*
* @return
*/
private RootBeanDefinition createMethodSecurityInterceptor(Class interceptorType, Object object) {
Assert.notNull(object, "objectDefinitionSource required");
RootBeanDefinition securityInterceptor = new RootBeanDefinition(interceptorType);
if (RuntimeBeanReference.class.isAssignableFrom(object.getClass())) {
RuntimeBeanReference source = (RuntimeBeanReference) object;
securityInterceptor.getPropertyValues().addPropertyValue("objectDefinitionSource", source);
}
else if (MethodDefinitionSource.class.isAssignableFrom(object.getClass())) {
MethodDefinitionSource source = (MethodDefinitionSource) object;
securityInterceptor.getPropertyValues().addPropertyValue("objectDefinitionSource", source);
}
securityInterceptor.getPropertyValues().addPropertyValue("validateConfigAttributes", Boolean.FALSE);
RootBeanDefinition runAsManager = createRunAsManager();
securityInterceptor.getPropertyValues().addPropertyValue("runAsManager", runAsManager);
return securityInterceptor;
}
private RootBeanDefinition createRunAsManager() {
RootBeanDefinition runAsManager = new RootBeanDefinition(RunAsManagerImpl.class);
runAsManager.getPropertyValues().addPropertyValue("key", "my_run_as_password");
return runAsManager;
}
/**
* Checks if 'custom' option is picked for 'source' attribute when
* 'sourceBeanId' attribute is provided.
* <p>
* The valid configuration example:<br/> &lt;security:url-mapping
* source="custom" sourceBeanId="referenceToObjectDefinitionSource"/&gt;
* </p>
* @param urlMappingElement
* @return boolean Returns 'true' if configuration is accepted otherwise
* returns 'false'
*/
private boolean isValidConfiguration(Element urlMappingElement, boolean isRefDefined) {
Assert.notNull(urlMappingElement, "invalid tag - expected 'url-mapping' ");
Assert.isTrue(urlMappingElement.getLocalName().equals("url-mapping"), "invalid tag - expected 'url-mapping' ");
if (isRefDefined && (urlMappingElement.getAttribute(SOURCE_ATTRIBUTE).compareTo("custom") != 0)) {
return false;
}
return true;
}
}

239
sandbox/spring-security-config/src/main/java/org/springframework/security/config/AutoConfigBeanDefinitionParser.java
View File

@ -1,239 +0,0 @@
/**
*
*/
package org.springframework.security.config;
import java.util.ArrayList;
import java.util.List;
import org.springframework.security.annotation.SecurityAnnotationAttributes;
import org.springframework.security.intercept.method.MethodDefinitionAttributes;
import org.springframework.security.intercept.method.aopalliance.MethodDefinitionSourceAdvisor;
import org.springframework.security.intercept.method.aopalliance.MethodSecurityInterceptor;
import org.springframework.security.intercept.web.FilterInvocationDefinitionDecorator;
import org.springframework.security.intercept.web.FilterInvocationDefinitionSourceMapping;
import org.springframework.security.intercept.web.FilterSecurityInterceptor;
import org.springframework.security.intercept.web.PathBasedFilterInvocationDefinitionMap;
import org.springframework.security.runas.RunAsManagerImpl;
import org.springframework.security.util.BeanDefinitionParserUtils;
import org.springframework.security.vote.AffirmativeBased;
import org.springframework.security.vote.AuthenticatedVoter;
import org.springframework.security.vote.RoleVoter;
import org.springframework.security.vote.UnanimousBased;
import org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.beans.factory.support.ManagedList;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.beans.factory.xml.BeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext;
import org.w3c.dom.Element;
/**
* Parses 'autoconfig' tag and creates all the required
* <code>BeanDefinition</code>s with their default configurations. It also
* resolves their dependencies and wire them together.
*
* @author Vishal Puri
*
*/
public class AutoConfigBeanDefinitionParser implements BeanDefinitionParser {
// ~ instance fields
// ================================================================================================
private RootBeanDefinition authenticationManager;
private RootBeanDefinition rememberMeServices;
private ManagedList decisionVoters = new ManagedList();
// ~ Method
// ================================================================================================
public BeanDefinition parse(Element element, ParserContext parserContext) {
// authentication manager
this.authenticationManager = AuthenticationMechanismBeanDefinitionParser
.createAndRegisterBeanDefinitionWithDefaults(parserContext);
// remembermeServices
this.rememberMeServices = RememberMeServicesBeanDefinitionParser
.createAndRegisterBeanDefintionWithDefaults(parserContext);
// flters
createAndRegisterBeanDefinitionForHttpSessionContextIntegrationFilter(parserContext);
createAndRegisterBeanDefinitionForLogoutFilter(parserContext, rememberMeServices);
createAndRegisterBeanDefinitionForAuthenticationProcessingFilter(parserContext, authenticationManager,
rememberMeServices);
createAndRegisterBeanDefinitionForRememberMeProcessingFilter(parserContext, authenticationManager);
createAndRegisterBeanDefinitionForExceptionTranslationFilter(parserContext);
createAndRegisterBeanDefintionForSecurityContextHolderAwareRequestFilter(parserContext);
// method interceptor
createAndRegisterBeanDefinitinoForMethodDefinitionSourceAdvisor(parserContext, authenticationManager);
createAndRegisterDefaultAdvisorAutoProxyCreator(parserContext);
// filter security interceptor
createAndRegisterBeanDefinitionForFilterSecurityInterceptor(parserContext, authenticationManager);
// create userDetailsService
return null;
}
private void createAndRegisterBeanDefintionForSecurityContextHolderAwareRequestFilter(ParserContext parserContext) {
RootBeanDefinition beanDefinition = new RootBeanDefinition(SecurityContextHolderAwareRequestFilter.class);
BeanDefinitionParserUtils.registerBeanDefinition(parserContext, beanDefinition);
}
/**
* Creates <code>FilterSecurityInterceptor</code> bean definition and
* register it with the <code>ParserContext</code>
*
* @param parserContext To register the bean definition with
* @param authenticationManager The <code>AuthenticationManager</code> to
* set as a property in the bean definition
*/
private void createAndRegisterBeanDefinitionForFilterSecurityInterceptor(ParserContext parserContext,
RootBeanDefinition authenticationManager) {
RootBeanDefinition filterInvocationInterceptor = new RootBeanDefinition(FilterSecurityInterceptor.class);
filterInvocationInterceptor.getPropertyValues()
.addPropertyValue("authenticationManager", authenticationManager);
RootBeanDefinition accessDecisionManager = createAccessDecisionManagerAffirmativeBased();
filterInvocationInterceptor.getPropertyValues()
.addPropertyValue("accessDecisionManager", accessDecisionManager);
FilterInvocationDefinitionDecorator source = new FilterInvocationDefinitionDecorator();
source.setDecorated(new PathBasedFilterInvocationDefinitionMap());
FilterInvocationDefinitionSourceMapping mapping = new FilterInvocationDefinitionSourceMapping();
String url1 = "/acegilogin.jsp";
String value1 = "IS_AUTHENTICATED_ANONYMOUSLY";
String url2 = "/**";
String value2 = "IS_AUTHENTICATED_REMEMBERED";
mapping.setUrl(url1);
mapping.addConfigAttribute(value1);
mapping.setUrl(url2);
mapping.addConfigAttribute(value2);
List mappings = new ArrayList();
mappings.add(mapping);
source.setMappings(mappings);
filterInvocationInterceptor.getPropertyValues().addPropertyValue("objectDefinitionSource",
source.getDecorated());
BeanDefinitionParserUtils.registerBeanDefinition(parserContext, filterInvocationInterceptor);
}
private RootBeanDefinition createAccessDecisionManagerAffirmativeBased() {
RootBeanDefinition accessDecisionManager = new RootBeanDefinition(AffirmativeBased.class);
accessDecisionManager.getPropertyValues().addPropertyValue("allowIfAllAbstainDecisions", Boolean.FALSE);
RootBeanDefinition authenticatedVoter = new RootBeanDefinition(AuthenticatedVoter.class);
this.decisionVoters.add(authenticatedVoter);
accessDecisionManager.getPropertyValues().addPropertyValue("decisionVoters", decisionVoters);
return accessDecisionManager;
}
private void createAndRegisterDefaultAdvisorAutoProxyCreator(ParserContext parserContext) {
BeanDefinitionParserUtils.registerBeanDefinition(parserContext, new RootBeanDefinition(
DefaultAdvisorAutoProxyCreator.class));
}
private void createAndRegisterBeanDefinitinoForMethodDefinitionSourceAdvisor(ParserContext parserContext,
RootBeanDefinition authenticationManager) {
RootBeanDefinition methodSecurityAdvisor = new RootBeanDefinition(MethodDefinitionSourceAdvisor.class);
RootBeanDefinition securityInterceptor = createMethodSecurityInterceptor(authenticationManager);
methodSecurityAdvisor.getConstructorArgumentValues().addIndexedArgumentValue(0, securityInterceptor);
BeanDefinitionParserUtils.registerBeanDefinition(parserContext, methodSecurityAdvisor);
}
private RootBeanDefinition createAccessDecisionManagerUnanimousBased() {
RootBeanDefinition accessDecisionManager = new RootBeanDefinition(UnanimousBased.class);
accessDecisionManager.getPropertyValues().addPropertyValue("allowIfAllAbstainDecisions", Boolean.FALSE);
decisionVoters.add(new RootBeanDefinition(RoleVoter.class));
accessDecisionManager.getPropertyValues().addPropertyValue("decisionVoters", decisionVoters);
return accessDecisionManager;
}
private RootBeanDefinition createMethodSecurityInterceptor(RootBeanDefinition authenticationManager) {
RootBeanDefinition securityInterceptor = new RootBeanDefinition(MethodSecurityInterceptor.class);
securityInterceptor.getPropertyValues().addPropertyValue("authenticationManager", authenticationManager);
RootBeanDefinition accessDecisionManager = createAccessDecisionManagerUnanimousBased();
securityInterceptor.getPropertyValues().addPropertyValue("accessDecisionManager", accessDecisionManager);
securityInterceptor.getPropertyValues().addPropertyValue("validateConfigAttributes", Boolean.FALSE);
RootBeanDefinition runAsManager = createRunAsManager();
securityInterceptor.getPropertyValues().addPropertyValue("runAsManager", runAsManager);
RootBeanDefinition objectDefinitionSource = createMethodDefinitionAttributes();
securityInterceptor.getPropertyValues().addPropertyValue("objectDefinitionSource", objectDefinitionSource);
return securityInterceptor;
}
private RootBeanDefinition createMethodDefinitionAttributes() {
RootBeanDefinition objectDefinitionSource = new RootBeanDefinition(MethodDefinitionAttributes.class);
RootBeanDefinition attributes = createSecurityAnnotationAttributes();
objectDefinitionSource.getPropertyValues().addPropertyValue("attributes", attributes);
return objectDefinitionSource;
}
private RootBeanDefinition createSecurityAnnotationAttributes() {
return new RootBeanDefinition(SecurityAnnotationAttributes.class);
}
private RootBeanDefinition createRunAsManager() {
RootBeanDefinition runAsManager = new RootBeanDefinition(RunAsManagerImpl.class);
runAsManager.getPropertyValues().addPropertyValue("key", "my_run_as_password");
return runAsManager;
}
private void createAndRegisterBeanDefinitionForExceptionTranslationFilter(ParserContext parserContext) {
BeanDefinitionParserUtils.registerBeanDefinition(parserContext, ExceptionTranslationFilterBeanDefinitionParser
.createBeanDefinitionWithDefaults());
}
private void createAndRegisterBeanDefinitionForRememberMeProcessingFilter(ParserContext parserContext,
RootBeanDefinition authenticationManager) {
BeanDefinitionParserUtils.registerBeanDefinition(parserContext, RememberMeFilterBeanDefinitionParser
.createBeanDefinitionWithDefaults(parserContext, authenticationManager));
}
private void createAndRegisterBeanDefinitionForAuthenticationProcessingFilter(ParserContext parserContext,
RootBeanDefinition authenticationManager, RootBeanDefinition rememberMeServices) {
RootBeanDefinition defintion = AuthenticationProcessingFilterBeanDefinitionParser
.createBeandefinitionWithDefaults(parserContext, authenticationManager, rememberMeServices);
BeanDefinitionParserUtils.registerBeanDefinition(parserContext, defintion);
}
private void createAndRegisterBeanDefinitionForLogoutFilter(ParserContext parserContext,
RootBeanDefinition rememberMeServices) {
RootBeanDefinition defintion = LogoutFilterBeanDefinitionParser
.createBeanDefinitionWithDefaults(rememberMeServices);
BeanDefinitionParserUtils.registerBeanDefinition(parserContext, defintion);
}
private void createAndRegisterBeanDefinitionForHttpSessionContextIntegrationFilter(ParserContext parserContext) {
RootBeanDefinition defintion = ContextIntegrationBeanDefinitionParser.createBeanDefinitionWithDefaults();
BeanDefinitionParserUtils.registerBeanDefinition(parserContext, defintion);
// retrieveBeanDefinition(parserContext, o)
}
/**
* Returns a <code>BeanDefinition</code> of the specified type.
*
* @param parserContext
* @param type
* @return
*/
private RootBeanDefinition retrieveBeanDefinition(ParserContext parserContext, Class type) {
String[] names = parserContext.getRegistry().getBeanDefinitionNames();
for (String name : names) {
BeanDefinition beanDefinition = parserContext.getRegistry().getBeanDefinition(name);
if (type.isInstance(beanDefinition)) {
return (RootBeanDefinition) beanDefinition;
}
}
return null;
}
}

90
sandbox/spring-security-config/src/main/java/org/springframework/security/config/ContextIntegrationBeanDefinitionParser.java
View File

@ -1,90 +0,0 @@
/**
*
*/
package org.springframework.security.config;
import org.springframework.security.context.HttpSessionContextIntegrationFilter;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.beans.factory.xml.AbstractSingleBeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.core.Conventions;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import org.w3c.dom.Attr;
import org.w3c.dom.Element;
import org.w3c.dom.NamedNodeMap;
/**
*
* @author vpuri
*
*/
public class ContextIntegrationBeanDefinitionParser extends AbstractSingleBeanDefinitionParser {
// ~ Static fields/initializers
// =====================================================================================
private static final String HTTP_SESSION_CONTEXT_INTEGRATION = "session-context-integration";
private static final String SESSION_CREATION = "sessionCreation";
private static final String IF_REQUIRED = "ifRequired";
private static final String ALWAYS = "always";
private static final String NEVER = "never";
private static final String ALLOW_SESSION_CREATION = "allowSessionCreation";
// ~ Methods
// ========================================================================================================
protected Class getBeanClass(Element element) {
return HttpSessionContextIntegrationFilter.class;
}
protected void doParse(Element element, ParserContext parserContext, BeanDefinitionBuilder builder) {
NamedNodeMap attributes = element.getAttributes();
for (int x = 0; x < attributes.getLength(); x++) {
Attr attribute = (Attr) attributes.item(x);
String attributeName = attribute.getLocalName();
if (!ID_ATTRIBUTE.equals(attributeName)) {
if (attributeName.equals(SESSION_CREATION)) {
String sessionCreation = element.getAttribute(SESSION_CREATION);
createBeanDefinition(builder, sessionCreation);
}
else {
String propertyName = Conventions.attributeNameToPropertyName(attributeName);
Assert
.state(StringUtils.hasText(propertyName),
"Illegal property name returned from 'extractPropertyName(String)': cannot be null or empty.");
builder.addPropertyValue(propertyName, attribute.getValue());
}
}
}
}
private void createBeanDefinition(BeanDefinitionBuilder builder, String attribute) {
if (attribute.equals(IF_REQUIRED)) {
builder.addPropertyValue(ALLOW_SESSION_CREATION, Boolean.TRUE);
}
else if (attribute.equals(ALWAYS)) {
builder.addPropertyValue(ALLOW_SESSION_CREATION, Boolean.TRUE);
}
else if (attribute.equals(NEVER)) {
builder.addPropertyValue(ALLOW_SESSION_CREATION, Boolean.FALSE);
}
else {
createBeanDefinitionWithDefaults();
}
}
protected static RootBeanDefinition createBeanDefinitionWithDefaults() {
RootBeanDefinition definition = new RootBeanDefinition(HttpSessionContextIntegrationFilter.class);
definition.getPropertyValues().addPropertyValue(ALLOW_SESSION_CREATION, Boolean.TRUE);
return definition;
}
}

183
sandbox/spring-security-config/src/main/java/org/springframework/security/config/ExceptionTranslationFilterBeanDefinitionParser.java
View File

@ -1,183 +0,0 @@
/**
*
*/
package org.springframework.security.config;
import org.springframework.security.ui.AccessDeniedHandlerImpl;
import org.springframework.security.ui.ExceptionTranslationFilter;
import org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint;
import org.springframework.beans.factory.config.RuntimeBeanReference;
import org.springframework.beans.factory.support.AbstractBeanDefinition;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.util.StringUtils;
import org.springframework.util.xml.DomUtils;
import org.w3c.dom.Element;
/**
* <p>
* This class parses the <security:exception-translation /> tag and creates the
* bean defintion for <code>ExceptionTranslationFilter</code>.</br> The
* '&lt;security:access-denied .. /&gt;' tag is optional and if not specified
* <code>ExceptionTranslationFilter</code> <br/> will autodetect the instance
* of <code>AccessDeniedHandler</code>; alternately if there are > 1 such
* handlers, <br/>we can nominate the one to use via 'accessDeniedBeanRef'.
* </p>
*
* <p>
* The 'entryPointBeanRef' and 'accessDeniedBeanRef' can be specified as
* attributes or inner bean definitions. <br/> See following sample showing both
* ways.
* </p>
*
* <p>
* Sample: <d1>
* <dt> &lt;security:exception-translation id="exceptionTranslationFilter"&gt;
* </dt>
* <dd> &lt;security:entry-point
* entryPointBeanRef="authenticationProcessingFilterEntryPoint" /&gt; </dd>
* <dd> &lt;security:access-denied accessDeniedBeanRef="theBeanToUse" /&gt;
* </dd>
* <dt>&lt;/security:exception-translation&gt;</dt>
* </d1> or <d1>
* <dt> &lt;security:exception-translation id="exceptionTranslationFilter"
* entryPointBeanRef="ref" accessDeniedBeanRef="ref" /&gt;</dt>
* </d1>
* </p>
*
* @author Vishal Puri
* @version
* @see {@link org.springframework.security.ui.ExceptionTranslationFilter}
* @see {@link org.springframework.security.ui.AccessDeniedHandler}
*/
public class ExceptionTranslationFilterBeanDefinitionParser extends AbstractBeanDefinitionParser {
// ~ Static fields
// =====================================================================================
private static final String ACCESS_DENIED = "access-denied";
private static final String ACCESS_DENIED_REF = "accessDeniedBeanRef";
private static final String ACCESS_DENIED_URL = "accessDeniedUrl";
private static final String ENTRY_POINT = "entry-point";
private static final String ENTRY_POINT_REF = "entryPointBeanRef";
private static final String LOGIN_FORM_URL = "loginFormUrl";
private static final String LOGIN_FORM_URL_VALUE = "/acegilogin.jsp";
// ~ Method
// ================================================================================================
protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
RootBeanDefinition exceptionFilterDef = new RootBeanDefinition(ExceptionTranslationFilter.class);
// add handler
Element accessDeniedElement = DomUtils.getChildElementByTagName(element, ACCESS_DENIED);
setAccessDeniedHandlerProperty(parserContext, exceptionFilterDef, accessDeniedElement);
Element entryPointElement = DomUtils.getChildElementByTagName(element, ENTRY_POINT);
setEntryPointProperty(exceptionFilterDef, entryPointElement);
return exceptionFilterDef;
}
private void setEntryPointProperty(RootBeanDefinition exceptionFilterDef, Element entryPointElement) {
if (entryPointElement != null) {
setBeanReferenceOrInnerBeanDefinitions(exceptionFilterDef, entryPointElement, "authenticationEntryPoint",
entryPointElement.getAttribute(ENTRY_POINT_REF));
}
}
/**
* Resolves are reference to 'accessDeniedHandler' property.
* @param parserContext
* @param exceptionFilterDef The ExceptionFilter BeanDefinition
* @param accessDeniedElement The inner tag for accessDeniedHandler
* property.
*/
private void setAccessDeniedHandlerProperty(ParserContext parserContext, RootBeanDefinition exceptionFilterDef,
Element accessDeniedElement) {
if (accessDeniedElement != null) {
setBeanReferenceOrInnerBeanDefinitions(exceptionFilterDef, accessDeniedElement, "accessDeniedHandler",
accessDeniedElement.getAttribute(ACCESS_DENIED_REF));
}
}
/**
* Add property if it's specified as an attribute or inner tag.
*
* @param exceptionFilterDef The ExceptionFilter BeanDefinition
* @param element The inner bean element
* @param property The property to add
* @param beanRef The bean reference to resolve.
*/
private void setBeanReferenceOrInnerBeanDefinitions(RootBeanDefinition exceptionFilterDef, Element element,
String property, String beanRef) {
// check for encoderBeanRef attribute
if (StringUtils.hasLength(beanRef)) {
exceptionFilterDef.getPropertyValues().addPropertyValue(property, new RuntimeBeanReference(beanRef));
}
else {
doSetInnerBeanDefinitions(exceptionFilterDef, element, property);
}
}
/**
* Add property specified as an inner bean definition.
* @param exceptionFilterDef The ExceptionFilter BeanDefinition
* @param element The inner bean element
* @param property The property to add
*/
private void doSetInnerBeanDefinitions(RootBeanDefinition exceptionFilterDef, Element accessDeniedElement,
String property) {
RootBeanDefinition accessDeniedHandlerBeanDef = new RootBeanDefinition(AccessDeniedHandlerImpl.class);
setPropertyIfAvailable(accessDeniedElement, ACCESS_DENIED_URL, "errorPage", accessDeniedHandlerBeanDef);
exceptionFilterDef.getPropertyValues().addPropertyValue(property, accessDeniedHandlerBeanDef);
}
/**
* @param element
* @param attribute
* @param property
* @param definition
*/
private void setPropertyIfAvailable(Element element, String attribute, String property,
RootBeanDefinition definition) {
String propertyValue = element.getAttribute(attribute);
if (StringUtils.hasText(propertyValue)) {
definition.getPropertyValues().addPropertyValue(property, propertyValue);
}
}
/**
* Creates <code>BeanDefintion</code> for
* <code>ExceptionTranslationFilter</code> with it's default properties.
* @return beanDefinition The bean defintion configured with default
* properties
*/
protected static RootBeanDefinition createBeanDefinitionWithDefaults() {
RootBeanDefinition beanDefinition = new RootBeanDefinition(ExceptionTranslationFilter.class);
beanDefinition.getPropertyValues().addPropertyValue("authenticationEntryPoint",
createBeanDefintionForAuthenticationProcessingFilterEntryPoint());
return beanDefinition;
}
/**
* Creates <code>BeanDefintion</code> for
* <code>AuthenticationProcessingFilterEntryPoint</code> with it's default
* properties.
* @return beanDefinition The bean defintion configured with default
*/
protected static RootBeanDefinition createBeanDefintionForAuthenticationProcessingFilterEntryPoint() {
RootBeanDefinition beanDefinition = new RootBeanDefinition(AuthenticationProcessingFilterEntryPoint.class);
beanDefinition.getPropertyValues().addPropertyValue(LOGIN_FORM_URL, LOGIN_FORM_URL_VALUE);
return beanDefinition;
}
}

162
sandbox/spring-security-config/src/main/java/org/springframework/security/config/FilterSecurityInterceptorBeanDefinitionParser.java
View File

@ -1,162 +0,0 @@
package org.springframework.security.config;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.springframework.security.intercept.web.FilterInvocationDefinitionDecorator;
import org.springframework.security.intercept.web.FilterInvocationDefinitionSourceMapping;
import org.springframework.security.intercept.web.FilterSecurityInterceptor;
import org.springframework.security.intercept.web.PathBasedFilterInvocationDefinitionMap;
import org.springframework.security.intercept.web.RegExpBasedFilterInvocationDefinitionMap;
import org.springframework.security.util.BeanDefinitionParserUtils;
import org.springframework.beans.factory.support.AbstractBeanDefinition;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.util.Assert;
import org.springframework.util.xml.DomUtils;
import org.w3c.dom.Element;
import org.w3c.dom.NamedNodeMap;
import org.w3c.dom.Node;
/**
* @author Vishal Puri
*
*/
public class FilterSecurityInterceptorBeanDefinitionParser extends AbstractBeanDefinitionParser {
// ~ static initializers
// ================================================================================================
private static final String OBJECT_DEFINITION_SOURCE_PROPERTY = "objectDefinitionSource";
private static final String OBJECT_DEFINITION_SOURCE_REF_ATTRIBUTE = "sourceBeanId";
private static final String PATH_ATTRIBUTE = "path";
private static final String REG_EX_ATTRIBUTE = "regularExpression";
private static final String CONFIGURATION_ATTRIB_ATTRIBUTE = "attribute";
// ~ Methods
// ================================================================================================
protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
return createBeanDefinitionForFilterSecurityInterceptor(element, parserContext);
}
protected static RootBeanDefinition createBeanDefinitionForFilterSecurityInterceptor(Element element,
ParserContext parserContext) {
RootBeanDefinition filterInvocationInterceptor = new RootBeanDefinition(FilterSecurityInterceptor.class);
RootBeanDefinition accessDecisionManager = AuthorizationManagerBeanDefinitionParser
.createAccessDecisionManagerAffirmativeBased();
filterInvocationInterceptor.getPropertyValues()
.addPropertyValue("accessDecisionManager", accessDecisionManager);
FilterInvocationDefinitionDecorator source = new FilterInvocationDefinitionDecorator();
FilterInvocationDefinitionSourceMapping mapping = new FilterInvocationDefinitionSourceMapping();
List<FilterInvocationDefinitionSourceMapping> mappings = new ArrayList<FilterInvocationDefinitionSourceMapping>();
Element firstChild = DomUtils.getChildElementByTagName(element, "url-mapping");
// if 'url-mapping' element is defined
if (firstChild != null) {
if (BeanDefinitionParserUtils.setPropertyIfAvailable(firstChild, OBJECT_DEFINITION_SOURCE_REF_ATTRIBUTE,
OBJECT_DEFINITION_SOURCE_PROPERTY, true/* RuntimeBeanReference */, filterInvocationInterceptor)) {
return filterInvocationInterceptor;
}
// get 'uri-pattern' or 'path' attribute. not both can be specified
// together
List uriPatternElements = DomUtils.getChildElementsByTagName(firstChild, "uri-pattern");
boolean patternToMatchCreated = false;
Node patternAttribute = null;
String url = "";
boolean isPathFound = false;
for (Iterator it = uriPatternElements.iterator(); it.hasNext();) {
Element uriPattern = (Element) it.next();
/* path or pattern - only one attribute is allowed */
NamedNodeMap map = uriPattern.getAttributes();
Assert.isTrue(map.getLength() == 1,
"only 'path' or 'regularExperssion' attribute allowed with 'uri-pattern' tag");
// check if typecreated variable is false then create a type and
// store it somewhere and set typecreated variable to true
if (!patternToMatchCreated) {
// should only be one attribute "path" or
// "regularExpression"
patternAttribute = map.item(0);
// set this variable to true
patternToMatchCreated = true;
// get the attributes and set the decoratd type
// appropriately
if (uriPattern.hasAttribute(PATH_ATTRIBUTE)) {
isPathFound = true;
url = uriPattern.getAttribute(PATH_ATTRIBUTE);
source.setDecorated(new PathBasedFilterInvocationDefinitionMap());
}
else if (uriPattern.hasAttribute(REG_EX_ATTRIBUTE)) {
url = uriPattern.getAttribute(REG_EX_ATTRIBUTE);
source.setDecorated(new RegExpBasedFilterInvocationDefinitionMap());
}
}
else {
// type created already so check if it matches with the
// current element
// if it matches get the one attribute "path" or
// "regularExpression" and apply as property
uriPattern.getAttribute(patternAttribute.getLocalName());
Assert
.hasLength(uriPattern.getAttribute(patternAttribute.getLocalName()),
" ALL uri-pattern tags in the url-mapping must be of the same type (ie cannot mix a regular expression and Ant Path)");
if (isPathFound) {
url = uriPattern.getAttribute(PATH_ATTRIBUTE);
}
else {
url = uriPattern.getAttribute(REG_EX_ATTRIBUTE);
}
}
mapping.setUrl(url);
// get child elements 'configuration-attribute'
List configAttributes = DomUtils.getChildElementsByTagName(uriPattern, "configuration-attribute");
for (Iterator iter = configAttributes.iterator(); iter.hasNext();) {
Element configAttribute = (Element) iter.next();
String configAttributeValue = configAttribute.getAttribute(CONFIGURATION_ATTRIB_ATTRIBUTE);
mapping.addConfigAttribute(configAttributeValue);
}
}
}
// default properties
else {
String url1 = "/acegilogin.jsp";
String value1 = "IS_AUTHENTICATED_ANONYMOUSLY";
String url2 = "/**";
String value2 = "IS_AUTHENTICATED_REMEMBERED";
mapping.setUrl(url1);
mapping.addConfigAttribute(value1);
mapping.setUrl(url2);
mapping.addConfigAttribute(value2);
}
mappings.add(mapping);
source.setMappings(mappings);
filterInvocationInterceptor.getPropertyValues().addPropertyValue(OBJECT_DEFINITION_SOURCE_PROPERTY,
source.getDecorated());
return filterInvocationInterceptor;
}
}

106
sandbox/spring-security-config/src/main/java/org/springframework/security/config/LogoutFilterBeanDefinitionParser.java
View File

@ -1,106 +0,0 @@
/**
*
*/
package org.springframework.security.config;
import org.springframework.security.ui.logout.LogoutFilter;
import org.springframework.security.ui.logout.SecurityContextLogoutHandler;
import org.springframework.beans.factory.support.AbstractBeanDefinition;
import org.springframework.beans.factory.support.ManagedList;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.util.StringUtils;
import org.w3c.dom.Element;
/**
* @author vpuri
* @since
*/
public class LogoutFilterBeanDefinitionParser extends AbstractBeanDefinitionParser {
// ~ Instance fields
// ================================================================================================
private static final String REDIRECT_AFTER_LOGOUT_URL = "redirectAfterLogoutUrl";
private static final String LOGOUT_URL = "logoutUrl";
private static final String REDIRECT_AFTER_LOGOUT_URL_VALUE = "/";
// ~ Methods
// ================================================================================================
protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
// add the properties
RootBeanDefinition definition = new RootBeanDefinition(LogoutFilter.class);
doCreateBeanDefinition(definition, element, parserContext, false);
return definition;
}
/**
*
* @param definition
* @param element
* @param parserContext
* @param isAutoconfig
* @see {@link AutoConfigBeanDefinitionParser}
*/
private void doCreateBeanDefinition(RootBeanDefinition definition, Element element, ParserContext parserContext,
boolean isAutoconfig) {
setConstructorArgumentIfAvailable(0, element, REDIRECT_AFTER_LOGOUT_URL, "logoutSuccessUrl", definition);
setPropertyIfAvailable(element, LOGOUT_URL, "filterProcessesUrl", definition);
/* TODO: Move this logic to LogoutFilter itlself */
// register BFPP to check if LogoutFilter does not have setHandlers
// populated, introspect app ctx for LogoutHandlers, using Ordered
// (if
// present, otherwise assume Integer.MAX_VALUE)
RootBeanDefinition bfpp = new RootBeanDefinition(LogoutHandlerOrderResolver.class);
parserContext.getReaderContext().registerWithGeneratedName(bfpp);
}
private void setConstructorArgumentIfAvailable(int index, Element element, String attribute, String property,
RootBeanDefinition definition) {
String propertyValue = element.getAttribute(attribute);
if (StringUtils.hasText(propertyValue)) {
addConstructorArgument(index, definition, propertyValue);
}
}
private void addConstructorArgument(int index, RootBeanDefinition definition, String propertyValue) {
definition.getConstructorArgumentValues().addIndexedArgumentValue(index, propertyValue);
}
private void setPropertyIfAvailable(Element element, String attribute, String property,
RootBeanDefinition definition) {
String propertyValue = element.getAttribute(attribute);
if (StringUtils.hasText(propertyValue)) {
definition.getPropertyValues().addPropertyValue(property, propertyValue);
}
}
/**
* Creates <code>BeanDefintion</code> as required by 'autoconfig' tag
*
* @param definition The BeanDefinition for Logoutfilter
* @param element
* @param parserContext
* @param isAutoconfig
* @return definition
*/
protected static RootBeanDefinition createBeanDefinitionWithDefaults(RootBeanDefinition rememberMeServices) {
RootBeanDefinition definition = new RootBeanDefinition(LogoutFilter.class);
definition.getConstructorArgumentValues().addIndexedArgumentValue(0, REDIRECT_AFTER_LOGOUT_URL_VALUE);
// create BeanDefinitions for LogoutHandlers
// (TokenBasedRememberMeServices) and (SecuritycontextLogoutHandler)
ManagedList handlers = new ManagedList();
//RootBeanDefinition rememberMeServices = RememberMeServicesBeanDefinitionParser.doCreateBeanDefintionWithDefaults();
handlers.add(rememberMeServices);
handlers.add(new RootBeanDefinition(SecurityContextLogoutHandler.class));
definition.getConstructorArgumentValues().addIndexedArgumentValue(1, handlers);
return definition;
}
}

95
sandbox/spring-security-config/src/main/java/org/springframework/security/config/LogoutHandlerOrderResolver.java
View File

@ -1,95 +0,0 @@
/**
*
*/
package org.springframework.security.config;
import java.util.Collections;
import java.util.List;
import org.springframework.security.ui.logout.LogoutFilter;
import org.springframework.security.ui.logout.LogoutHandler;
import org.springframework.security.ui.logout.SecurityContextLogoutHandler;
import org.springframework.security.ui.rememberme.TokenBasedRememberMeServices;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.config.BeanFactoryPostProcessor;
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
import org.springframework.beans.factory.config.ConstructorArgumentValues.ValueHolder;
import org.springframework.beans.factory.support.ManagedList;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.core.OrderComparator;
import org.springframework.core.Ordered;
/**
* @author vpuri
* @since
*/
public class LogoutHandlerOrderResolver implements BeanFactoryPostProcessor {
// ~ Methods
// ================================================================================================
public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) throws BeansException {
// If LogoutFilter does not have setHandlers populated, introspect app
// ctx for LogoutHandlers, using Ordered (if present, otherwise assume
// Integer.MAX_VALUE)
String[] names = beanFactory.getBeanNamesForType(LogoutFilter.class);
RootBeanDefinition definition = (RootBeanDefinition) beanFactory.getBeanDefinition(names[0]);
ValueHolder holder = getHandlersIfConfigured(beanFactory, definition);
if (holder == null) {
// intropect the appcontext for registerd LogoutHandler
List logoutHandlers = retrieveAllLogoutHandlers(beanFactory);
definition.getConstructorArgumentValues().addIndexedArgumentValue(1, logoutHandlers);
}
}
/**
*
* @param beanFactory
* @param definition
* @return
*/
private ValueHolder getHandlersIfConfigured(ConfigurableListableBeanFactory beanFactory,
RootBeanDefinition definition) {
// there should be only one LogoutFilter
return definition.getConstructorArgumentValues().getArgumentValue(1, null);
}
/**
*
* @param beanFactory
* @return
*/
private List retrieveAllLogoutHandlers(ConfigurableListableBeanFactory beanFactory) {
String[] names = beanFactory.getBeanNamesForType(LogoutHandler.class);
ManagedList list = new ManagedList();
for (int i = 0, n = names.length; i < n; i++) {
RootBeanDefinition definition = (RootBeanDefinition) beanFactory.getBeanDefinition(names[i]);
if (definition.hasBeanClass()) {
if (Ordered.class.isAssignableFrom(definition.getBeanClass())) {
definition.getPropertyValues().addPropertyValue("order",
Integer.valueOf(getOrder(definition.getBeanClass())));
}
else {
definition.getPropertyValues().addPropertyValue("order", Integer.valueOf(Integer.MAX_VALUE));
}
}
list.add(definition);
}
Collections.sort(list, new OrderComparator());
return list;
}
private int getOrder(Class clazz) {
if (clazz.getName().equals(TokenBasedRememberMeServices.class.getName())) {
return 100;
}
if (clazz.getName().equals(SecurityContextLogoutHandler.class.getName())) {
return 200;
}
return Integer.MAX_VALUE;
}
}

242
sandbox/spring-security-config/src/main/java/org/springframework/security/config/PrincipalRepositoryBeanDefinitionParser.java
View File

@ -1,242 +0,0 @@
/**
*
*/
package org.springframework.security.config;
import java.util.Properties;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.userdetails.User;
import org.springframework.security.userdetails.UserDetails;
import org.springframework.security.userdetails.jdbc.JdbcDaoImpl;
import org.springframework.security.userdetails.memory.InMemoryDaoImpl;
import org.springframework.security.userdetails.memory.UserAttribute;
import org.springframework.security.userdetails.memory.UserMap;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.config.PropertiesFactoryBean;
import org.springframework.beans.factory.config.RuntimeBeanReference;
import org.springframework.beans.factory.support.AbstractBeanDefinition;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.springframework.beans.factory.support.ManagedList;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
import org.springframework.beans.factory.xml.BeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.util.StringUtils;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
/**
* @author vpuri
*
*/
public class PrincipalRepositoryBeanDefinitionParser extends AbstractBeanDefinitionParser implements
BeanDefinitionParser {
// ~ Static fields/initializers
// =====================================================================================
private static final Log logger = LogFactory.getLog(PrincipalRepositoryBeanDefinitionParser.class);
// ~ Instance fields
// ================================================================================================
private static final String JDBC = "jdbc";
private static final String DATASOURCE_REF = "dataSourceBeanRef";
private static final String DATASOURCE = "dataSource";
private static final String JDBCTEMPLATE_REF = "jdbcTemplateBeanRef";
private static final String JDBCTEMPLATE = "jdbcTemplate";
private static final String AUTHORITIES_BY_USERNAME_QUERY = "authoritiesByUsernameQuery";
private static final String ROLE_PREFIX = "rolePrefix";
private static final String USERNAME_BASED_PRIMARY_KEY = "usernameBasedPrimaryKey";
private static final String PROPERTIES = "properties";
private static final String RESOURCE = "resource";
private static final String USER_PROPERTIES = "userProperties";
private static final String USER_DEFINITION = "user-definition";
private static final Object GRANTED_AUTHORITY = "granted-authority";
private static final String USERNAME = "username";
private static final String PASSWORD = "password";
private static final String ENABLED = "enabled";
private static final String GRANTED_AUTHORITY_REF = "granted-authority-ref";
private static final String AUTHORITY = "authority";
private static final String AUTHORITY_BEAN_REF = "authorityBeanRef";
// ~ Method
// ================================================================================================
/**
*
*/
protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
NodeList userDetailsServiceChildren = element.getChildNodes();
RootBeanDefinition userDetailsServiceDefinition = null;
for (int i = 0, n = userDetailsServiceChildren.getLength(); i < n; i++) {
Node userDetailsService = userDetailsServiceChildren.item(i);
if (JDBC.equals(userDetailsService.getLocalName()) && userDetailsService.getNodeType() == Node.ELEMENT_NODE) {
Element ele = (Element) userDetailsService;
userDetailsServiceDefinition = parseUserDetailsServiceJdbcDefinition(ele);
userDetailsServiceDefinition.setSource(parserContext.extractSource(element));
}
if (PROPERTIES.equals(userDetailsService.getLocalName())
&& userDetailsService.getNodeType() == Node.ELEMENT_NODE) {
Element ele = (Element) userDetailsService;
userDetailsServiceDefinition = new RootBeanDefinition(InMemoryDaoImpl.class);
userDetailsServiceDefinition.getPropertyValues().addPropertyValue(USER_PROPERTIES,
new RuntimeBeanReference(createPropertiesBeanDefinition(ele, parserContext)));
userDetailsServiceDefinition.setSource(parserContext.extractSource(element));
}
if (USER_DEFINITION.equals(userDetailsService.getLocalName())
&& userDetailsService.getNodeType() == Node.ELEMENT_NODE) {
Element ele = (Element) userDetailsService;
// create a UserMap which interns uses UserMapEditor
userDetailsServiceDefinition = createUserDefinition(ele, parserContext);
}
}
return userDetailsServiceDefinition;
}
private RootBeanDefinition createUserDefinition(Element ele, ParserContext parserContext) {
RootBeanDefinition definition = new RootBeanDefinition(InMemoryDaoImpl.class);
UserAttribute userAttribute = new UserAttribute();
UserMap userMap = new UserMap();
setPassword(ele, userAttribute);
setEnabled(ele, userAttribute);
setAuthorities(ele, userAttribute);
UserDetails user = new User(ele.getAttribute(USERNAME), userAttribute.getPassword(), userAttribute.isEnabled(),
true, true, true, userAttribute.getAuthorities());
userMap.addUser(user);
definition.getPropertyValues().addPropertyValue("userMap", userMap);
return definition;
}
private String createPropertiesBeanDefinition(Element ele, ParserContext parserContext) {
// properties element
RootBeanDefinition defintion = new RootBeanDefinition(PropertiesFactoryBean.class);
String propertyValue = ele.getAttribute(RESOURCE);
defintion.getPropertyValues().addPropertyValue("location", propertyValue);
defintion.setSource(parserContext.extractSource(ele));
return parserContext.getReaderContext().registerWithGeneratedName(defintion);
}
protected static RootBeanDefinition createSampleUsersUsingProperties() {
// properties element
RootBeanDefinition defintion = new RootBeanDefinition(PropertiesFactoryBean.class);
String location = "classpath:org/security/config/user.properties";
defintion.getPropertyValues().addPropertyValue("location", location);
return defintion;
}
/**
*
* @param elementToParse
* @return
*/
private RootBeanDefinition parseUserDetailsServiceJdbcDefinition(Element elementToParse) {
// parse attributes
RootBeanDefinition definition = new RootBeanDefinition(JdbcDaoImpl.class);
setPropertyIfAvailable(elementToParse, DATASOURCE_REF, DATASOURCE, definition);
setPropertyIfAvailable(elementToParse, JDBCTEMPLATE_REF, JDBCTEMPLATE, definition);
setPropertyIfAvailable(elementToParse, AUTHORITIES_BY_USERNAME_QUERY, AUTHORITIES_BY_USERNAME_QUERY, definition);
setPropertyIfAvailable(elementToParse, ROLE_PREFIX, ROLE_PREFIX, definition);
setPropertyIfAvailable(elementToParse, USERNAME_BASED_PRIMARY_KEY, USERNAME_BASED_PRIMARY_KEY, definition);
return definition;
}
protected void doParseProperties(Element element, ParserContext parserContext, BeanDefinitionBuilder builder) {
Properties parsedProps = parserContext.getDelegate().parsePropsElement(element);
builder.addPropertyValue(PROPERTIES, parsedProps);
}
/**
*
* @param element
* @param attribute
* @param property
* @param definition
*/
private void setPropertyIfAvailable(Element element, String attribute, String property,
RootBeanDefinition definition) {
String propertyValue = element.getAttribute(attribute);
if (StringUtils.hasText(propertyValue)) {
if (propertyValue.equals(DATASOURCE_REF) || propertyValue.equals(JDBCTEMPLATE_REF)) {
definition.getPropertyValues().addPropertyValue(property, new RuntimeBeanReference(propertyValue));
}
else {
definition.getPropertyValues().addPropertyValue(property, propertyValue);
}
}
}
private void setPassword(Element element, UserAttribute userAttribute) {
String propertyValue = element.getAttribute(PASSWORD);
if (StringUtils.hasText(propertyValue)) {
userAttribute.setPassword(propertyValue);
}
}
private void setEnabled(Element element, UserAttribute userAttribute) {
String propertyValue = element.getAttribute(ENABLED);
if (StringUtils.hasText(propertyValue)) {
if (propertyValue.equals("true")) {
userAttribute.setEnabled(true);
}
else {
userAttribute.setEnabled(false);
}
}
}
private void setAuthorities(Element ele, UserAttribute userAttribute) {
// get authorities
NodeList childNodes = ele.getChildNodes();
ManagedList authorities = new ManagedList();
for (int i = 0, n = childNodes.getLength(); i < n; i++) {
Node authorityNode = childNodes.item(i);
if (GRANTED_AUTHORITY.equals(authorityNode.getLocalName())
&& authorityNode.getNodeType() == Element.ELEMENT_NODE) {
Element propertyValue = (Element) authorityNode;
authorities.add(new GrantedAuthorityImpl(propertyValue.getAttribute(AUTHORITY)));
}
if (GRANTED_AUTHORITY_REF.equals(authorityNode.getLocalName())
&& authorityNode.getNodeType() == Element.ELEMENT_NODE) {
Element propertyValue = (Element) authorityNode;
String attribute = propertyValue.getAttribute(AUTHORITY_BEAN_REF);
if (StringUtils.hasLength(attribute)) {
authorities.add(new RuntimeBeanReference(attribute));
}
}
}
userAttribute.setAuthorities(authorities);
}
}

46
sandbox/spring-security-config/src/main/java/org/springframework/security/config/RememberMeFilterBeanDefinitionParser.java
View File

@ -1,46 +0,0 @@
/**
*
*/
package org.springframework.security.config;
import org.springframework.security.ui.rememberme.RememberMeProcessingFilter;
import org.springframework.beans.factory.config.RuntimeBeanReference;
import org.springframework.beans.factory.support.AbstractBeanDefinition;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import org.w3c.dom.Element;
/**
* @author vpuri
*
*@since
*/
public class RememberMeFilterBeanDefinitionParser extends AbstractBeanDefinitionParser {
private static final String REMEMBER_ME_SERVICES_REF = "rememberMeServicesBeanRef";
private static final String REMEMBER_ME_SERVICES = "rememberMeServices";
protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
Assert.notNull(parserContext, "ParserContext must not be null");
RootBeanDefinition rememberMeFilterBeanDef = new RootBeanDefinition(RememberMeProcessingFilter.class);
// check if rememberMeServicesBeanRef is defined and if it's specified use its referred bean
String rememberMeServicesRef = element.getAttribute(REMEMBER_ME_SERVICES_REF);
if (StringUtils.hasLength(rememberMeServicesRef)) {
rememberMeFilterBeanDef.getPropertyValues().addPropertyValue(REMEMBER_ME_SERVICES,
new RuntimeBeanReference(rememberMeServicesRef));
}
return rememberMeFilterBeanDef;
}
protected static RootBeanDefinition createBeanDefinitionWithDefaults(ParserContext parserContext, RootBeanDefinition authenticationManager) {
RootBeanDefinition definition= new RootBeanDefinition(RememberMeProcessingFilter.class);
definition.getPropertyValues().addPropertyValue("authenticationManager",authenticationManager);
return definition;
}
}

82
sandbox/spring-security-config/src/main/java/org/springframework/security/config/RememberMeServicesBeanDefinitionParser.java
View File

@ -1,82 +0,0 @@
/**
*
*/
package org.springframework.security.config;
import org.springframework.security.ui.rememberme.TokenBasedRememberMeServices;
import org.springframework.beans.factory.config.RuntimeBeanReference;
import org.springframework.beans.factory.support.AbstractBeanDefinition;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
import org.springframework.beans.factory.xml.BeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import org.w3c.dom.Element;
/**
* Parses
* @author vpuri
*
*/
public class RememberMeServicesBeanDefinitionParser extends AbstractBeanDefinitionParser implements
BeanDefinitionParser {
private static final String PRINCIPAL_REPOSITORY_BEAN_REF = "principalRepositoryBeanRef";
private static final String USER_DETAILS_SERVICE_PROPERTY = "userDetailsService";
/*
* key is optional; if unspecified, pick a rnd int and use for all
* unspecified key properties for acegi beans
*/
private static final String KEY = "key";
protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
RootBeanDefinition rememberMeServicesBeanDef = createBeanDefinition(element, parserContext);
return rememberMeServicesBeanDef;
}
private RootBeanDefinition createBeanDefinition(Element element, ParserContext parserContext) {
Assert.notNull(parserContext, "ParserContext must not be null");
RootBeanDefinition rememberMeServicesBeanDef = new RootBeanDefinition(TokenBasedRememberMeServices.class);
String keyValue = "";
String rememberMeServicesRef = "";
if (element != null) {
keyValue = element.getAttribute(KEY);
if (StringUtils.hasLength(keyValue)) {
rememberMeServicesBeanDef.getPropertyValues().addPropertyValue(KEY, keyValue);
}
else {
/*
* TODO: pick a rnd int and apply it whenver required in
* applicationcontext
*/
}
// check if rememberMeServicesBeanRef is defined and if it's
// specified
// use its referred bean
rememberMeServicesRef = element.getAttribute(PRINCIPAL_REPOSITORY_BEAN_REF);
if (StringUtils.hasLength(rememberMeServicesRef)) {
rememberMeServicesBeanDef.getPropertyValues().addPropertyValue(USER_DETAILS_SERVICE_PROPERTY,
new RuntimeBeanReference(rememberMeServicesRef));
}
}
return rememberMeServicesBeanDef;
}
protected static RootBeanDefinition createAndRegisterBeanDefintionWithDefaults(ParserContext parserContext){
RootBeanDefinition beanDefinition = new RootBeanDefinition(TokenBasedRememberMeServices.class);
beanDefinition.getPropertyValues().addPropertyValue(KEY, "key");
parserContext.getReaderContext().registerWithGeneratedName(beanDefinition);
return beanDefinition;
}
}

21
sandbox/spring-security-config/src/main/java/org/springframework/security/config/SecurityAutoDetectNamepsaceHandler.java
View File

@ -1,21 +0,0 @@
/**
*
*/
package org.springframework.security.config;
import org.springframework.beans.factory.xml.NamespaceHandlerSupport;
/**
* @author Vishal Puri
*
*/
public class SecurityAutoDetectNamepsaceHandler extends NamespaceHandlerSupport {
/* (non-Javadoc)
* @see org.springframework.beans.factory.xml.NamespaceHandler#init()
*/
public void init() {
registerBeanDefinitionParser("autoconfig", new AutoConfigBeanDefinitionParser());
}
}

37
sandbox/spring-security-config/src/main/java/org/springframework/security/config/SecurityNamespaceHandler.java
View File

@ -1,37 +0,0 @@
/**
*
*/
package org.springframework.security.config;
import org.springframework.beans.factory.xml.BeanDefinitionParser;
import org.springframework.beans.factory.xml.NamespaceHandlerSupport;
/**
* {@link org.springframework.beans.factory.xml.NamespaceHandler} for the '<code>security</code>' namespace.
* @author vpuri
*
* @since
*/
public class SecurityNamespaceHandler extends NamespaceHandlerSupport {
/**
* Register the {@link BeanDefinitionParser BeanDefinitionParsers} for the
* '<code>context-integration</code>', ' and '<code></code>' elements.
*/
public void init() {
registerBeanDefinitionParser("principal-repository", new PrincipalRepositoryBeanDefinitionParser());
registerBeanDefinitionParser("session-context-integration", new ContextIntegrationBeanDefinitionParser());
registerBeanDefinitionParser("authentication-repository", new AuthenticationRepositoryBeanDefinitionParser());
registerBeanDefinitionParser("authentication-mechanism", new AuthenticationMechanismBeanDefinitionParser());
registerBeanDefinitionParser("authentication-remember-me-services", new RememberMeServicesBeanDefinitionParser());
registerBeanDefinitionParser("authentication-remember-me-filter", new RememberMeFilterBeanDefinitionParser());
registerBeanDefinitionParser("logout-support", new LogoutFilterBeanDefinitionParser());
registerBeanDefinitionParser("exception-translation", new ExceptionTranslationFilterBeanDefinitionParser());
registerBeanDefinitionParser("authentication-form", new AuthenticationProcessingFilterBeanDefinitionParser());
registerBeanDefinitionParser("authorization-manager", new AuthorizationManagerBeanDefinitionParser());
registerBeanDefinitionParser("authorization-http-url", new FilterSecurityInterceptorBeanDefinitionParser());
registerBeanDefinitionParser("authorization-joinpoint", new AuthorizationMethodBeanDefinitionParser());
registerBeanDefinitionParser("autoconfig", new AutoConfigBeanDefinitionParser());
}
}

239
sandbox/spring-security-config/src/main/java/org/springframework/security/ui/basicauth/BasicProcessingFilter.java
View File

@ -1,239 +0,0 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.ui.basicauth;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationException;
import org.springframework.security.AuthenticationManager;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
import org.springframework.security.ui.AuthenticationDetailsSource;
import org.springframework.security.ui.AuthenticationDetailsSourceImpl;
import org.springframework.security.ui.AuthenticationEntryPoint;
import org.springframework.security.ui.rememberme.RememberMeServices;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.core.Ordered;
import org.springframework.util.Assert;
/**
* Processes a HTTP request's BASIC authorization headers, putting the result into the
* <code>SecurityContextHolder</code>.<p>For a detailed background on what this filter is designed to process,
* refer to <A HREF="http://www.faqs.org/rfcs/rfc1945.html">RFC 1945, Section 11.1</A>. Any realm name presented in
* the HTTP request is ignored.</p>
* <p>In summary, this filter is responsible for processing any request that has a HTTP request header of
* <code>Authorization</code> with an authentication scheme of <code>Basic</code> and a Base64-encoded
* <code>username:password</code> token. For example, to authenticate user "Aladdin" with password "open sesame" the
* following header would be presented:</p>
* <p><code>Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==</code>.</p>
* <p>This filter can be used to provide BASIC authentication services to both remoting protocol clients (such as
* Hessian and SOAP) as well as standard user agents (such as Internet Explorer and Netscape).</p>
* <P>If authentication is successful, the resulting {@link Authentication} object will be placed into the
* <code>SecurityContextHolder</code>.</p>
* <p>If authentication fails and <code>ignoreFailure</code> is <code>false</code> (the default), an {@link
* AuthenticationEntryPoint} implementation is called. Usually this should be {@link BasicProcessingFilterEntryPoint},
* which will prompt the user to authenticate again via BASIC authentication.</p>
* <p>Basic authentication is an attractive protocol because it is simple and widely deployed. However, it still
* transmits a password in clear text and as such is undesirable in many situations. Digest authentication is also
* provided by Acegi Security and should be used instead of Basic authentication wherever possible. See {@link
* org.springframework.security.ui.digestauth.DigestProcessingFilter}.</p>
* <p>Note that if a {@link #rememberMeServices} is set, this filter will automatically send back remember-me
* details to the client. Therefore, subsequent requests will not need to present a BASIC authentication header as
* they will be authenticated using the remember-me mechanism.</p>
* <p><b>Do not use this class directly.</b> Instead configure <code>web.xml</code> to use the {@link
* org.springframework.security.util.FilterToBeanProxy}.</p>
*
* @author Ben Alex
* @version $Id$
*/
public class BasicProcessingFilter implements Filter, InitializingBean, Ordered {
//~ Static fields/initializers =====================================================================================
private static final Log logger = LogFactory.getLog(BasicProcessingFilter.class);
//~ Instance fields ================================================================================================
private AuthenticationDetailsSource authenticationDetailsSource = new AuthenticationDetailsSourceImpl();
private AuthenticationEntryPoint authenticationEntryPoint;
private AuthenticationManager authenticationManager;
private RememberMeServices rememberMeServices;
private boolean ignoreFailure = false;
private int order;
//~ Methods ========================================================================================================
public void afterPropertiesSet() throws Exception {
Assert.notNull(this.authenticationManager, "An AuthenticationManager is required");
Assert.notNull(this.authenticationEntryPoint, "An AuthenticationEntryPoint is required");
}
public void destroy() {}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
if (!(request instanceof HttpServletRequest)) {
throw new ServletException("Can only process HttpServletRequest");
}
if (!(response instanceof HttpServletResponse)) {
throw new ServletException("Can only process HttpServletResponse");
}
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
String header = httpRequest.getHeader("Authorization");
if (logger.isDebugEnabled()) {
logger.debug("Authorization header: " + header);
}
if ((header != null) && header.startsWith("Basic ")) {
String base64Token = header.substring(6);
String token = new String(Base64.decodeBase64(base64Token.getBytes()));
String username = "";
String password = "";
int delim = token.indexOf(":");
if (delim != -1) {
username = token.substring(0, delim);
password = token.substring(delim + 1);
}
if (authenticationIsRequired(username)) {
UsernamePasswordAuthenticationToken authRequest =
new UsernamePasswordAuthenticationToken(username, password);
authRequest.setDetails(authenticationDetailsSource.buildDetails((HttpServletRequest) request));
Authentication authResult;
try {
authResult = authenticationManager.authenticate(authRequest);
} catch (AuthenticationException failed) {
// Authentication failed
if (logger.isDebugEnabled()) {
logger.debug("Authentication request for user: " + username + " failed: " + failed.toString());
}
SecurityContextHolder.getContext().setAuthentication(null);
if (rememberMeServices != null) {
rememberMeServices.loginFail(httpRequest, httpResponse);
}
if (ignoreFailure) {
chain.doFilter(request, response);
} else {
authenticationEntryPoint.commence(request, response, failed);
}
return;
}
// Authentication success
if (logger.isDebugEnabled()) {
logger.debug("Authentication success: " + authResult.toString());
}
SecurityContextHolder.getContext().setAuthentication(authResult);
if (rememberMeServices != null) {
rememberMeServices.loginSuccess(httpRequest, httpResponse, authResult);
}
}
}
chain.doFilter(request, response);
}
private boolean authenticationIsRequired(String username) {
// Only reauthenticate if username doesn't match SecurityContextHolder and user isn't authenticated
// (see SEC-53)
Authentication existingAuth = SecurityContextHolder.getContext().getAuthentication();
if(existingAuth == null || !existingAuth.isAuthenticated()) {
return true;
}
// Limit username comparison to providers which use usernames (ie UsernamePasswordAuthenticationToken)
// (see SEC-348)
if (existingAuth instanceof UsernamePasswordAuthenticationToken && !existingAuth.getName().equals(username)) {
return true;
}
return false;
}
public AuthenticationEntryPoint getAuthenticationEntryPoint() {
return authenticationEntryPoint;
}
public AuthenticationManager getAuthenticationManager() {
return authenticationManager;
}
public void init(FilterConfig arg0) throws ServletException {}
public boolean isIgnoreFailure() {
return ignoreFailure;
}
public void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource) {
Assert.notNull(authenticationDetailsSource, "AuthenticationDetailsSource required");
this.authenticationDetailsSource = authenticationDetailsSource;
}
public void setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint) {
this.authenticationEntryPoint = authenticationEntryPoint;
}
public void setAuthenticationManager(AuthenticationManager authenticationManager) {
this.authenticationManager = authenticationManager;
}
public void setIgnoreFailure(boolean ignoreFailure) {
this.ignoreFailure = ignoreFailure;
}
public void setRememberMeServices(RememberMeServices rememberMeServices) {
this.rememberMeServices = rememberMeServices;
}
public int getOrder() {
return order;
}
public void setOrder(int order) {
this.order = order;
}
}

88
sandbox/spring-security-config/src/main/java/org/springframework/security/ui/basicauth/BasicProcessingFilterEntryPoint.java
View File

@ -1,88 +0,0 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.ui.basicauth;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.AuthenticationException;
import org.springframework.security.ui.AuthenticationEntryPoint;
import org.springframework.security.util.OrderedUtils;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import org.springframework.core.Ordered;
import org.springframework.util.Assert;
/**
* Used by the <code>SecurityEnforcementFilter</code> to commence authentication via the {@link
* BasicProcessingFilter}.<P>Once a user agent is authenticated using BASIC authentication, logout requires that
* the browser be closed or an unauthorized (401) header be sent. The simplest way of achieving the latter is to call
* the {@link #commence(ServletRequest, ServletResponse, AuthenticationException)} method below. This will indicate to
* the browser its credentials are no longer authorized, causing it to prompt the user to login again.</p>
*
* @author Ben Alex
* @version $Id$
*/
public class BasicProcessingFilterEntryPoint implements AuthenticationEntryPoint, InitializingBean, Ordered, ApplicationContextAware {
//~ Instance fields ================================================================================================
private static final int DEFAULT_ORDER = Integer.MAX_VALUE;
private String realmName;
private int order = DEFAULT_ORDER;
private ApplicationContext applicationContext;
//~ Methods ========================================================================================================
public int getOrder() {
return order;
}
public void setOrder(int order) {
this.order = order;
}
public void afterPropertiesSet() throws Exception {
Assert.hasText(realmName, "realmName must be specified");
if (order == DEFAULT_ORDER) {
OrderedUtils.copyOrderFromOtherClass(BasicProcessingFilter.class, applicationContext, this, true);
}
}
public void commence(ServletRequest request, ServletResponse response, AuthenticationException authException)
throws IOException, ServletException {
HttpServletResponse httpResponse = (HttpServletResponse) response;
httpResponse.addHeader("WWW-Authenticate", "Basic realm=\"" + realmName + "\"");
httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, authException.getMessage());
}
public String getRealmName() {
return realmName;
}
public void setRealmName(String realmName) {
this.realmName = realmName;
}
public void setApplicationContext(ApplicationContext applicationContext) {
this.applicationContext = applicationContext;
}
}

5
sandbox/spring-security-config/src/main/java/org/springframework/security/ui/basicauth/package.html
View File

@ -1,5 +0,0 @@
<html>
<body>
Authenticates HTTP BASIC authentication requests.
</body>
</html>

88
sandbox/spring-security-config/src/main/java/org/springframework/security/util/BeanDefinitionParserUtils.java
View File

@ -1,88 +0,0 @@
/**
*
*/
package org.springframework.security.util;
import org.springframework.beans.factory.config.RuntimeBeanNameReference;
import org.springframework.beans.factory.config.RuntimeBeanReference;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.util.StringUtils;
import org.w3c.dom.Element;
/**
* The convenience methods for the parsing of bean definition xml file.
*
* @author Vishal Puri
*
*/
public class BeanDefinitionParserUtils {
// ~ Constructor
// ================================================================================================
/**
* Prevents instantiation
*/
private BeanDefinitionParserUtils() {
}
// ~ Method
// ================================================================================================
public static void setConstructorArgumentIfAvailable(int index, Element element, String attribute,
boolean isRunTimeBeanReference, RootBeanDefinition definition) {
String propertyValue = element.getAttribute(attribute);
if (StringUtils.hasText(propertyValue)) {
if (!isRunTimeBeanReference) {
definition.getConstructorArgumentValues().addIndexedArgumentValue(index, propertyValue);
}
else {
definition.getConstructorArgumentValues().addIndexedArgumentValue(index,
new RuntimeBeanNameReference(propertyValue));
}
}
}
/**
* <p>
* Configure a <code>BeanDefinition</code>with the property value
* retrieved from xml attribute. If the attribute is like a standard spring
* 'ref' attribute as indicated by 'isRunTimeBeanReference', the property
* will be resolved as a reference to the spring bean.
* </p>
*
* @param element The parent element.
* @param attribute The child attribute.
* @param property The configuration property for the BeanDefinition
* @param isRunTimeBeanReference Indicates if the property is like a
* standard spring 'ref' attribute.
* @param definition The BeanDefinition to configure with the property
* provided.
* @return boolean To indicate if BeanDefinition was configured with a
* property.
*/
public static boolean setPropertyIfAvailable(Element element, String attribute, String property,
boolean isRunTimeBeanReference, RootBeanDefinition definition) {
String propertyValue = element.getAttribute(attribute);
if (StringUtils.hasText(propertyValue)) {
if (!isRunTimeBeanReference) {
definition.getPropertyValues().addPropertyValue(property, propertyValue);
return true;
}
else {
definition.getPropertyValues().addPropertyValue(property, new RuntimeBeanReference(propertyValue));
return true;
}
}
return false;
}
/**
* @param parserContext
* @param defintion
*/
public static void registerBeanDefinition(ParserContext parserContext, RootBeanDefinition defintion) {
parserContext.getRegistry().registerBeanDefinition(
parserContext.getReaderContext().generateBeanName(defintion), defintion);
}
}

66
sandbox/spring-security-config/src/main/java/org/springframework/security/util/OrderedUtils.java
View File

@ -1,66 +0,0 @@
package org.springframework.security.util;
import java.lang.reflect.Method;
import java.util.Map;
import org.springframework.context.ApplicationContext;
import org.springframework.core.Ordered;
import org.springframework.util.Assert;
import org.springframework.util.ReflectionUtils;
/**
* Proivdes common logic for manipulating classes implementing the Spring
* {@link Ordered} interface.
*
* @author Ben Alex
* @author Vishal Puri
*/
public abstract class OrderedUtils {
/**
* Introspects the application context for a single instance of <code>sourceClass</code>. If found, the order from the source
* class instance is copied into the <code>destinationObject</code>. If more than one instance of <code>sourceClass</code>
* is found, the method throws <code>IllegalStateException</code>.
*
* <p>The <code>destinationObject</code> is required to provide a public <code>setOrder(int)</code> method to permit
* mutation of the order property.
*
* @param sourceClass to locate in the application context (must be assignable to Ordered)
* @param applicationContext to locate the class
* @param destinationObject to copy the order into (must provide public setOrder(int) method)
* @param skipIfMoreThanOneCandidateSourceClassInstance if the application context provides more than one potential source, skip modifications (if false, the first located matching source will be used)
* @return whether or not the destination class was updated
*/
public static boolean copyOrderFromOtherClass(Class sourceClass, ApplicationContext applicationContext, Object destinationObject, boolean skipIfMoreThanOneCandidateSourceClassInstance) {
Assert.notNull(sourceClass, "Source class required");
Assert.notNull(applicationContext, "ApplicationContext required");
Assert.notNull(destinationObject, "Destination object required");
Assert.isAssignable(Ordered.class, sourceClass, "Source class " + sourceClass + " must be assignable to Ordered");
Map map = applicationContext.getBeansOfType(sourceClass);
if (map.size() == 0) {
return false;
} else if (map.size() > 1 && skipIfMoreThanOneCandidateSourceClassInstance) {
return false;
} else {
copyOrderFromOtherObject((Ordered)map.values().iterator().next(), destinationObject);
return true;
}
}
/**
* Copies the order property from the <code>sourceObject</code> into the <code>destinationObject</code>.
*
* <p>The <code>destinationObject</code> is required to provide a public <code>setOrder(int)</code> method to permit
* mutation of the order property.
*
* @param sourceObject to copy the order from
* @param destinationObject to copy the order into (must provide public setOrder(int) method)
*/
public static void copyOrderFromOtherObject(Ordered sourceObject, Object destinationObject) {
Assert.notNull(sourceObject, "Source object required");
Assert.notNull(destinationObject, "Destination object required");
Method m = ReflectionUtils.findMethod(destinationObject.getClass(), "setOrder", new Class[] {int.class});
Assert.notNull(m, "Method setOrder(int) not found on " + destinationObject.getClass());
ReflectionUtils.invokeMethod(m, destinationObject, new Object[] { Integer.valueOf((sourceObject.getOrder()))});
}
}

4
sandbox/spring-security-config/src/main/resources/org/springframework/security/config/inmemory-users.properties
View File

@ -1,4 +0,0 @@
angelina=black,ROLE_ADMIN
brad=grey,ROLE_TELLER,ROLE_PERMISSION_LIST
paris=pink,ROLE_TELLER
bono=sunny,ROLE_PERMISSION_LIST

686
sandbox/spring-security-config/src/main/resources/org/springframework/security/config/spring-security-2.0.xsd
View File

@ -1,686 +0,0 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<xsd:schema xmlns="http://www.springframework.org/schema/security"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
targetNamespace="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
elementFormDefault="qualified" attributeFormDefault="unqualified">
<xsd:import namespace="http://www.springframework.org/schema/beans" />
<xsd:element name="autoconfig" />
<xsd:element name="session-context-integration">
<xsd:complexType>
<xsd:attribute name="id" type="xsd:ID">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
The unique identifier for a bean.
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="sessionCreation"
default="ifRequired">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
Indicates if this filter can create a HttpSession if
needed (sessions are always created sparingly, but setting this value to
false will prohibit sessions from ever being created).
Defaults to true. Do not set to false if
you have set forceEagerSessionCreation to true ,
as the properties would be in conflict.
]]>
</xsd:documentation>
</xsd:annotation>
<xsd:simpleType>
<xsd:restriction base="xsd:string">
<xsd:enumeration value="ifRequired" />
<xsd:enumeration value="never" />
<xsd:enumeration value="always" />
</xsd:restriction>
</xsd:simpleType>
</xsd:attribute>
<xsd:attribute name="forceEagerSessionCreation"
default="false" type="defaultable-boolean" use="optional">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
Indicates if this filter is required to create a 'HttpSession'
for every request before proceeding through the filter chain, even if the
'HttpSession' would not ordinarily have been created. By
default this is 'false', which is entirely appropriate for
most circumstances as you do not want a 'HttpSession'
created unless the filter actually needs one. It is envisaged the main
situation in which this property would be set to 'true' is
if using other filters that depend on a 'HttpSession'
already existing, such as those which need to obtain a session ID. This
is only required in specialised cases, so leave it set to
'false' unless you have an actual requirement and are
conscious of the session creation overhead.
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="cloneFromHttpSession" default="false"
type="defaultable-boolean" use="optional">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
Indicates whether the <code>SecurityContext</code> will be cloned from
the HttpSession. The default is to simply reference (ie
the default is 'false'. The default may cause issues if
concurrent threads need to have a different security identity from other
threads being concurrently processed that share the same
<code>HttpSession</code>. In most normal environments this does not
represent an issue, as changes to the security identity in one thread is
allowed to affect the security identitiy in other threads associated with
the same 'HttpSession'.
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
</xsd:complexType>
</xsd:element>
<xsd:element name="authentication-remember-me-filter"
type="RememberMeFilter">
<xsd:annotation>
<xsd:documentation
source="org.springframework.security.ui.rememberme.RememberMeProcessingFilter">
<![CDATA[
makes the filter, but does little else, as it auto-detects everything
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:element>
<xsd:complexType name="RememberMeFilter">
<xsd:attribute name="id" type="xsd:ID">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
The unique identifier for a bean.
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="rememberMeServicesBeanRef"
type="xsd:string" use="optional" />
</xsd:complexType>
<xsd:element name="authentication-remember-me-services"
type="RememberMeServices" />
<xsd:complexType name="RememberMeServices">
<xsd:attribute name="id" type="xsd:ID">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
The unique identifier for a bean.
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="key" type="xsd:string" use="optional" />
<xsd:attribute name="principalRepositoryBeanRef"
type="xsd:string" use="optional" />
</xsd:complexType>
<!-- Logout Filter -->
<xsd:element name="logout-support">
<xsd:complexType>
<!-- Write other attributes -->
<xsd:attribute name="id" type="xsd:ID">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
The unique identifier for a bean.
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="redirectAfterLogoutUrl"
type="xsd:string" default="/" />
<xsd:attribute name="logoutUrl" type="xsd:string"
default="/logout" />
<xsd:anyAttribute namespace="##other" processContents="lax" />
</xsd:complexType>
</xsd:element>
<!-- Exception Translation Filter -->
<xsd:element name="exception-translation"
type="ExceptionTranslation" />
<xsd:complexType name="ExceptionTranslation">
<xsd:all>
<xsd:element ref="entry-point" maxOccurs="1" />
<xsd:element ref="access-denied" maxOccurs="1"
minOccurs="0" />
</xsd:all>
<xsd:attribute name="id" type="xsd:ID">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
The unique identifier for a bean.
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
</xsd:complexType>
<xsd:element name="entry-point">
<xsd:complexType>
<xsd:attribute name="entryPointBeanRef" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="access-denied">
<xsd:complexType>
<xsd:attribute name="accessDeniedUrl" type="xsd:string"
use="optional" />
<xsd:attribute name="accessDeniedBeanRef" type="xsd:string"
use="optional" />
</xsd:complexType>
</xsd:element>
<!-- AuthenticationProcessigFilter -->
<xsd:element name="authentication-form"
type="AuthenticationProcessingFilter" />
<xsd:complexType name="AuthenticationProcessingFilter">
<xsd:attribute name="id" type="xsd:ID">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
The unique identifier for a bean.
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="authenticationUrl" type="xsd:string"
use="required">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
The URL destination that this filter intercepts and processes (usually something like
/login)
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="defaultTargetUrl" type="xsd:string"
use="required">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
Where to redirect the browser to if authentication is successful but ACEGI_SAVED_REQUEST_KEY is
null
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="errorFormUrl" type="xsd:string"
use="required">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
Where to redirect the browser to if authentication fails.
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
</xsd:complexType>
<xsd:element name="authentication-mechanism"
type="AuthenticationManager">
<xsd:annotation>
<xsd:documentation
source="org.springframework.security.providers.ProviderManager">
<![CDATA[
Resolves to 'org.springframework.security.providers.ProviderManager'
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:element>
<xsd:complexType name="AuthenticationManager">
<xsd:sequence>
<xsd:element ref="authentication-jdbc" minOccurs="0"
maxOccurs="1" />
<xsd:element ref="authentication-ldap" minOccurs="0"
maxOccurs="1" />
</xsd:sequence>
<xsd:attribute name="id" type="xsd:ID">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
The unique identifier for a bean.
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
</xsd:complexType>
<xsd:element name="authentication-jdbc">
<xsd:annotation>
<xsd:documentation
source="org.springframework.security.providers.dao.DaoAuthenticationProvider">
<![CDATA[
if not specified will be auto-tetected from the ApplicationContext and tried in order
]]>
</xsd:documentation>
</xsd:annotation>
<xsd:complexType>
<xsd:attribute name="ref" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="authentication-ldap">
<xsd:annotation>
<xsd:documentation
source="org.springframework.security.providers.ldap.LdapAuthenticationProvider">
<![CDATA[
if not specified will be auto-tetected from the ApplicationContext and tried in order
]]>
</xsd:documentation>
</xsd:annotation>
<xsd:complexType>
<xsd:sequence>
<xsd:element name="property">
<xsd:complexType>
<xsd:complexContent>
<xsd:extension base="beans:propertyType"></xsd:extension>
</xsd:complexContent>
</xsd:complexType>
</xsd:element>
</xsd:sequence>
<xsd:attribute name="ldapUrl" type="xsd:string">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
The LDAP url of the server (and root context) to connect to.
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="managerDn" type="xsd:string">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
The LDAP url of the server (and root context) to connect to.
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="managerPassword" type="xsd:string">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
The manager user's password.
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="groupSearchBase" type="xsd:string">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="groupRoleAttribute"
type="xsd:string">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
</xsd:complexType>
</xsd:element>
<xsd:element name="principal-repository" type="PrincipalRepository" />
<xsd:complexType name="PrincipalRepository">
<xsd:choice>
<xsd:element ref="jdbc" minOccurs="0" maxOccurs="1" />
<xsd:element ref="ldap" minOccurs="0" maxOccurs="1" />
<xsd:element ref="properties" minOccurs="0" maxOccurs="1" />
<xsd:element ref="user-definition" minOccurs="0"
maxOccurs="unbounded" />
</xsd:choice>
<xsd:attribute name="id" type="xsd:ID">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
The unique identifier for a bean.
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
</xsd:complexType>
<xsd:element name="jdbc">
<xsd:complexType>
<xsd:attribute name="dataSourceBeanRef" type="xsd:string" />
<xsd:attribute name="authoritiesByUsernameQuery"
type="xsd:string" use="optional" />
<xsd:attribute name="jdbcTemplateBeanRef" type="xsd:string"
use="optional" />
<xsd:attribute name="rolePrefix" type="xsd:string"
use="optional" />
<xsd:attribute name="usernameBasedPrimaryKey"
type="xsd:boolean" use="optional" />
<xsd:attribute name="usersByUsernameQuery" type="xsd:string"
use="optional" />
</xsd:complexType>
</xsd:element>
<xsd:element name="ldap">
<xsd:complexType>
<xsd:attribute name="not-yet-defined" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="properties">
<xsd:complexType>
<xsd:attribute name="resource" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="user-definition">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="granted-authority" minOccurs="0"
maxOccurs="unbounded">
<xsd:complexType>
<xsd:attribute name="authority"
type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
<xsd:element name="granted-authority-ref" minOccurs="0"
maxOccurs="unbounded">
<xsd:complexType>
<xsd:attribute name="authorityBeanRef"
type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:sequence>
<xsd:attribute name="username" type="xsd:string"
use="required" />
<xsd:attribute name="password" type="xsd:string" />
<xsd:attribute name="enabled" type="xsd:boolean" />
<xsd:anyAttribute namespace="##local"
processContents="strict" />
</xsd:complexType>
</xsd:element>
<xsd:element name="authentication-repository"
type="AuthenticationRepositoryType" />
<xsd:complexType name="AuthenticationRepositoryType">
<xsd:sequence>
<xsd:element name="salt-source" type="SaltSource"
minOccurs="0" maxOccurs="1" />
<xsd:element name="password-encoder" type="PasswordEncoder"
minOccurs="0" maxOccurs="1" />
</xsd:sequence>
<xsd:attributeGroup ref="AuthenticationRepositoryAttributes" />
</xsd:complexType>
<!-- <security:salt-source source="systemwide|reflection" salt="salt"/> -->
<xsd:complexType name="SaltSource">
<xsd:sequence>
<xsd:choice minOccurs="0" maxOccurs="1">
<xsd:element name="system-wide">
<xsd:complexType>
<xsd:attribute name="systemWideSalt"
type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="reflection">
<xsd:complexType>
<xsd:attribute name="userPropertyToUse"
type="xsd:string" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:sequence>
<xsd:attribute name="saltSourceBeanRef" type="xsd:string"
use="optional" />
</xsd:complexType>
<xsd:complexType name="PasswordEncoder">
<xsd:sequence>
<xsd:choice minOccurs="0" maxOccurs="1">
<xsd:element name="encoder">
<xsd:complexType>
<xsd:attribute name="method" type="encoders" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:sequence>
<xsd:attribute name="encoderBeanRef" type="xsd:string"
use="optional" />
</xsd:complexType>
<xsd:attributeGroup name="AuthenticationRepositoryAttributes">
<xsd:attribute name="id" type="xsd:ID">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
The unique identifier for a bean.
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="repositoryBeanRef" type="xsd:string">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
Reference of a bean.
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
</xsd:attributeGroup>
<xsd:element name="authorization-http-url"
type="AuthorizationHttpUrlType">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
Specify security:uri-patterns in order of processing; each pattern must specify EITHER a
regularExpression OR a path, but not both and ALL patterns in the url-mapping MUST be of the
SAME type (ie cannot mix a regular expression and Ant Path) - exception will be thrown if tried
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:element>
<xsd:complexType name="AuthorizationHttpUrlType">
<xsd:sequence minOccurs="1" maxOccurs="1">
<xsd:element name="url-mapping" type="UrlMappingType"></xsd:element>
</xsd:sequence>
<xsd:attribute name="id" type="xsd:ID">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
The unique identifier for a bean.
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
</xsd:complexType>
<xsd:complexType name="UrlMappingType">
<xsd:sequence minOccurs="1" maxOccurs="unbounded">
<xsd:element name="uri-pattern" type="UriPatternType" />
</xsd:sequence>
<xsd:attribute name="source" type="xsd:string" default="xml" />
<xsd:attribute name="sourceBeanId" type="xsd:string">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
Reference to an external ObjectDefinitionSource.
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
</xsd:complexType>
<xsd:complexType name="UriPatternType">
<xsd:sequence minOccurs="1" maxOccurs="unbounded">
<xsd:element name="configuration-attribute"
type="ConfigurationAttributeType" />
</xsd:sequence>
<xsd:attribute name="path" type="xsd:string" use="optional" />
<xsd:attribute name="regularExpression" type="xsd:string"
use="optional" />
</xsd:complexType>
<xsd:complexType name="ConfigurationAttributeType">
<xsd:attribute name="attribute" type="xsd:string" />
</xsd:complexType>
<xsd:element name="authorization-manager"
type="AuthorizationManagerType" />
<xsd:complexType name="AuthorizationManagerType">
<xsd:sequence>
<xsd:element name="role-voter" type="xsd:string"
minOccurs="0" maxOccurs="1" />
<xsd:element name="authenticated-voter" type="xsd:string"
minOccurs="0" maxOccurs="1" />
</xsd:sequence>
<xsd:attribute name="id" type="xsd:ID">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
The unique identifier for a bean.
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="strategy" type="response"
default="affirmative" />
</xsd:complexType>
<!-- Authorization JointPoint -->
<xsd:element name="authorization-joinpoint"
type="AuthorizationJointPointType">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:element>
<xsd:complexType name="AuthorizationJointPointType">
<xsd:sequence minOccurs="1" maxOccurs="1">
<xsd:element name="url-mapping"
type="JointPointMappingType">
</xsd:element>
</xsd:sequence>
<xsd:attribute name="id" type="xsd:ID">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
The unique identifier for a bean.
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="springAop" type="xsd:boolean"
use="optional" />
<xsd:attribute name="aspectj" type="xsd:boolean" use="optional" />
</xsd:complexType>
<xsd:complexType name="JointPointMappingType">
<xsd:sequence minOccurs="1" maxOccurs="unbounded">
<xsd:element name="method-pattern" type="MethodPatternType" />
</xsd:sequence>
<xsd:attribute name="source" type="MethodInterceptorType"
default="xml" />
<xsd:attribute name="sourceBeanId" type="xsd:string">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
Reference to an external ObjectDefinitionSource.
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
</xsd:complexType>
<xsd:complexType name="MethodPatternType">
<xsd:sequence minOccurs="1" maxOccurs="unbounded">
<xsd:element name="configuration-attribute"
type="ConfigurationAttributeType" />
</xsd:sequence>
<xsd:attribute name="type" type="xsd:string" />
</xsd:complexType>
<xsd:simpleType name="response">
<xsd:restriction base="xsd:NMTOKEN">
<xsd:enumeration value="consensus" />
<xsd:enumeration value="unanimous" />
<xsd:enumeration value="affirmative" />
</xsd:restriction>
</xsd:simpleType>
<xsd:simpleType name="MethodInterceptorType">
<xsd:restriction base="xsd:NMTOKEN">
<xsd:enumeration value="xml" />
<xsd:enumeration value="attributes" />
<xsd:enumeration value="annotations" />
<xsd:enumeration value="custom" />
</xsd:restriction>
</xsd:simpleType>
<!-- simple internal types -->
<xsd:simpleType name="defaultable-boolean">
<xsd:restriction base="xsd:NMTOKEN">
<xsd:enumeration value="true" />
<xsd:enumeration value="false" />
</xsd:restriction>
</xsd:simpleType>
<xsd:simpleType name="encoders">
<xsd:restriction base="xsd:NMTOKEN">
<xsd:enumeration value="md5" />
<xsd:enumeration value="md5Hex" />
<xsd:enumeration value="sha" />
<xsd:enumeration value="shaHex" />
<xsd:enumeration value="custom" />
</xsd:restriction>
</xsd:simpleType>
</xsd:schema>

38
sandbox/spring-security-config/src/test/java/org/springframework/security/AppTest.java
View File

@ -1,38 +0,0 @@
package org.springframework.security;
import junit.framework.Test;
import junit.framework.TestCase;
import junit.framework.TestSuite;
/**
* Unit test for simple App.
*/
public class AppTest
extends TestCase
{
/**
* Create the test case
*
* @param testName name of the test case
*/
public AppTest( String testName )
{
super( testName );
}
/**
* @return the suite of tests being tested
*/
public static Test suite()
{
return new TestSuite( AppTest.class );
}
/**
* Rigourous Test :-)
*/
public void testApp()
{
assertTrue( true );
}
}

98
sandbox/spring-security-config/src/test/java/org/springframework/security/BankTests.java
View File

@ -1,98 +0,0 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security;
import junit.framework.TestCase;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.context.SecurityContextImpl;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
import org.springframework.context.support.ClassPathXmlApplicationContext;
/**
* Tests security objects.
*
* @author Ben Alex
* @version $Id$
*/
public class BankTests extends TestCase {
//~ Instance fields ================================================================================================
private BankService service;
private ClassPathXmlApplicationContext ctx;
//~ Constructors ===================================================================================================
public BankTests() {
super();
}
public BankTests(String arg0) {
super(arg0);
}
//~ Methods ========================================================================================================
private static void createSecureContext() {
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("test", "test",
new GrantedAuthority[] {
new GrantedAuthorityImpl("ROLE_TELLER"), new GrantedAuthorityImpl("ROLE_PERMISSION_LIST")
});
SecurityContextHolder.getContext().setAuthentication(auth);
}
private static void destroySecureContext() {
SecurityContextHolder.setContext(new SecurityContextImpl());
}
public static void main(String[] args) {
junit.textui.TestRunner.run(BankTests.class);
}
public final void setUp() throws Exception {
super.setUp();
ctx = new ClassPathXmlApplicationContext("org/security/config/auto-config.xml");
service = (BankService) ctx.getBean("bankService");
}
public void testDeniedAccess() throws Exception {
createSecureContext();
try {
service.balance("1");
fail("Should have thrown AccessDeniedException");
} catch (AccessDeniedException expected) {
assertTrue(true);
}
destroySecureContext();
}
public void testListAccounts() throws Exception {
createSecureContext();
service.listAccounts();
destroySecureContext();
}
}

25
sandbox/spring-security-config/src/test/java/org/springframework/security/config/AuthenticationMechanismNamespaceTests.java
View File

@ -1,25 +0,0 @@
/**
*
*/
package org.springframework.security.config;
import org.springframework.security.providers.ProviderManager;
import org.springframework.security.providers.dao.DaoAuthenticationProvider;
import org.springframework.context.ApplicationContext;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import junit.framework.TestCase;
/**
* @author vpuri
*
*/
public class AuthenticationMechanismNamespaceTests extends TestCase {
public void testParserDefaults() {
ApplicationContext context = new ClassPathXmlApplicationContext(
"org/springframework/security/config/remember-me-defaults.xml");
ProviderManager mgr = (ProviderManager) context.getBean("authenticationManager");
assertEquals(1, mgr.getProviders().size());
assertTrue(mgr.getProviders().get(0) instanceof DaoAuthenticationProvider);
}
}

25
sandbox/spring-security-config/src/test/java/org/springframework/security/config/AuthenticationProcessingFilterNamespaceTests.java
View File

@ -1,25 +0,0 @@
/**
*
*/
package org.springframework.security.config;
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
import org.springframework.context.ApplicationContext;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import junit.framework.TestCase;
/**
* @author vpuri
*
*/
public class AuthenticationProcessingFilterNamespaceTests extends TestCase {
public void testAuthenticationFilterBeanDefinition() {
ApplicationContext context = new ClassPathXmlApplicationContext(
"org/springframework/security/config/authentication-form-filter.xml");
ConfigurableListableBeanFactory factory = (ConfigurableListableBeanFactory) context
.getAutowireCapableBeanFactory();
}
}

120
sandbox/spring-security-config/src/test/java/org/springframework/security/config/AuthenticationRepositoryParserTest.java
View File

@ -1,120 +0,0 @@
/**
*
*/
package org.springframework.security.config;
import junit.framework.TestCase;
import org.springframework.security.providers.AuthenticationProvider;
import org.springframework.security.providers.dao.DaoAuthenticationProvider;
import org.springframework.security.providers.dao.SaltSource;
import org.springframework.security.providers.encoding.Md5PasswordEncoder;
import org.springframework.security.providers.encoding.PasswordEncoder;
import org.springframework.security.providers.encoding.PlaintextPasswordEncoder;
import org.springframework.security.userdetails.jdbc.JdbcDaoImpl;
import org.springframework.beans.PropertyValue;
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
import org.springframework.beans.factory.config.RuntimeBeanReference;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.context.ApplicationContext;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import org.springframework.util.Assert;
/**
* @author vpuri
*
*/
public class AuthenticationRepositoryParserTest extends TestCase {
public void testAuthenticationRepositoryDefaultWithAutoUserdetails() {
ApplicationContext context = new ClassPathXmlApplicationContext(
"org/springframework/security/config/authentication-dao-defaults.xml");
ConfigurableListableBeanFactory clbf = (ConfigurableListableBeanFactory) context
.getAutowireCapableBeanFactory();
String[] names = clbf.getBeanNamesForType(AuthenticationProvider.class);
assertEquals(1, names.length);
// check bean class
RootBeanDefinition definition = (RootBeanDefinition) clbf.getBeanDefinition(names[0]);
assertEquals(DaoAuthenticationProvider.class, definition.getBeanClass());
DaoAuthenticationProvider provider = (DaoAuthenticationProvider) context.getBean("authenticationRepository");
Assert.isAssignable(JdbcDaoImpl.class, provider.getUserDetailsService().getClass());
}
public void testCollaboratorsAsInnerBeans() {
ApplicationContext context = new ClassPathXmlApplicationContext(
"org/springframework/security/config/authentication-innerbeans.xml");
ConfigurableListableBeanFactory clbf = (ConfigurableListableBeanFactory) context
.getAutowireCapableBeanFactory();
// get the main bean definition, there should be only one
String[] names = clbf.getBeanNamesForType(AuthenticationProvider.class);
assertEquals(1, names.length);
RootBeanDefinition definition = (RootBeanDefinition) clbf.getBeanDefinition(names[0]);
assertEquals(DaoAuthenticationProvider.class, definition.getBeanClass());
// get the 2 inner beans
PropertyValue saltSourceBean = definition.getPropertyValues().getPropertyValue("saltSource");
assertEquals("saltSource", saltSourceBean.getName());
// get the BeanDefinition
RootBeanDefinition saltsourceDef = (RootBeanDefinition) saltSourceBean.getValue();
Assert.isAssignable(SaltSource.class, saltsourceDef.getBeanClass());
PropertyValue encoder = definition.getPropertyValues().getPropertyValue("passwordEncoder");
assertEquals("passwordEncoder", encoder.getName());
// get the BeanDefinition
RootBeanDefinition encoderDef = (RootBeanDefinition) encoder.getValue();
Assert.isAssignable(PasswordEncoder.class, encoderDef.getBeanClass());
assertEquals("incorrect bean class name", encoderDef.getBeanClassName(), Md5PasswordEncoder.class.getName());
}
public void testCollaboratorsAsBeanRef() {
ApplicationContext context = new ClassPathXmlApplicationContext(
"org/springframework/security/config/authentication-beanRef-attributes.xml");
ConfigurableListableBeanFactory clbf = (ConfigurableListableBeanFactory) context
.getAutowireCapableBeanFactory();
// get the main bean definition, there should be only one
String[] names = clbf.getBeanNamesForType(AuthenticationProvider.class);
assertEquals(1, names.length);
RootBeanDefinition definition = (RootBeanDefinition) clbf.getBeanDefinition(names[0]);
assertEquals(DaoAuthenticationProvider.class, definition.getBeanClass());
// get the referred collaborators
PropertyValue userDetailsBean = definition.getPropertyValues().getPropertyValue("userDetailsService");
assertEquals("userDetailsService", userDetailsBean.getName());
PropertyValue saltSourceBean = definition.getPropertyValues().getPropertyValue("saltSource");
assertEquals("saltSource", saltSourceBean.getName());
// get the BeanDefinition
RuntimeBeanReference saltsourceDef = (RuntimeBeanReference) saltSourceBean.getValue();
assertEquals("refToSaltSource", saltsourceDef.getBeanName());
PropertyValue encoder = definition.getPropertyValues().getPropertyValue("passwordEncoder");
assertEquals("passwordEncoder", encoder.getName());
// get the BeanDefinition
RuntimeBeanReference encoderDef = (RuntimeBeanReference) encoder.getValue();
assertEquals("refToPasswordEncoder", encoderDef.getBeanName());
DaoAuthenticationProvider provider = (DaoAuthenticationProvider) context.getBean("authenticationRepository");
assertTrue(provider.getPasswordEncoder() instanceof PasswordEncoder);
assertEquals(Md5PasswordEncoder.class, provider.getPasswordEncoder().getClass());
}
public void testAutodetectionOfUserDetailsService() {
ApplicationContext context = new ClassPathXmlApplicationContext(
"org/springframework/security/config/authentication-defaults.xml");
DaoAuthenticationProvider provider = (DaoAuthenticationProvider) context.getBean("authenticationRepository");
assertNotNull(provider.getUserDetailsService());
assertNull(provider.getSaltSource());
assertEquals(PlaintextPasswordEncoder.class, provider.getPasswordEncoder().getClass());
}
}

30
sandbox/spring-security-config/src/test/java/org/springframework/security/config/AuthorizationManagerBeanDefinitionParserTests.java
View File

@ -1,30 +0,0 @@
package org.springframework.security.config;
import java.util.List;
import junit.framework.TestCase;
import org.springframework.security.AccessDecisionManager;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
import org.springframework.beans.factory.support.ManagedList;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.context.ApplicationContext;
import org.springframework.context.support.ClassPathXmlApplicationContext;
public class AuthorizationManagerBeanDefinitionParserTests extends TestCase {
public void testParsingBeanDefinition() {
ApplicationContext context = new ClassPathXmlApplicationContext(
"org/springframework/security/config/authorization-manager.xml");
ConfigurableListableBeanFactory bf = (ConfigurableListableBeanFactory) context.getAutowireCapableBeanFactory();
String[] beanNames = bf.getBeanNamesForType(AccessDecisionManager.class);
assertEquals(1, beanNames.length);
BeanDefinition def = (RootBeanDefinition) bf.getBeanDefinition(beanNames[0]);
assertNotNull(def);
List decisionVoters = (ManagedList) def.getPropertyValues().getPropertyValue("decisionVoters").getValue();
assertEquals(2, decisionVoters.size());
assertEquals("org.springframework.security.vote.RoleVoter", ((BeanDefinition) decisionVoters.get(0)).getBeanClassName());
assertEquals("org.springframework.security.vote.AuthenticatedVoter", ((BeanDefinition) decisionVoters.get(1)).getBeanClassName());
}
}

105
sandbox/spring-security-config/src/test/java/org/springframework/security/config/AutoConfigBeanDefinitionParserTests.java
View File

@ -1,105 +0,0 @@
/**
*
*/
package org.springframework.security.config;
import java.lang.reflect.Field;
import java.util.Map;
import junit.framework.TestCase;
import org.springframework.security.AuthenticationManager;
import org.springframework.security.context.HttpSessionContextIntegrationFilter;
import org.springframework.security.intercept.method.MethodDefinitionSource;
import org.springframework.security.intercept.method.aopalliance.MethodDefinitionSourceAdvisor;
import org.springframework.security.ui.logout.LogoutFilter;
import org.springframework.security.ui.logout.LogoutHandler;
import org.springframework.security.ui.rememberme.RememberMeProcessingFilter;
import org.springframework.security.ui.rememberme.RememberMeServices;
import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
import org.springframework.context.ApplicationContext;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import org.springframework.util.ReflectionUtils;
/**
* @author Vishal Puri
*
*/
public class AutoConfigBeanDefinitionParserTests extends TestCase {
private ApplicationContext context;
private ConfigurableListableBeanFactory bf;
// ~ Methods
// ========================================================================================================
public void setUp() {
this.context = new ClassPathXmlApplicationContext("org/springframework/security/config/auto-config.xml");
this.bf = (ConfigurableListableBeanFactory) context.getAutowireCapableBeanFactory();
}
public void testContextBeanDefinitionCreated() {
String[] names = bf.getBeanNamesForType(HttpSessionContextIntegrationFilter.class);
assertEquals(1, names.length);
HttpSessionContextIntegrationFilter filter = (HttpSessionContextIntegrationFilter) bf.getBean(names[0]);
// check properties
// get the bean
assertTrue(filter.isAllowSessionCreation());
assertFalse(filter.isForceEagerSessionCreation());
assertFalse(filter.isCloneFromHttpSession());
}
public void testLogoutFilterDefinitionCreatedWithDefaults() throws Exception {
String[] names = bf.getBeanNamesForType(LogoutFilter.class);
assertEquals(1, names.length);
LogoutFilter filter = (LogoutFilter) context.getBean(names[0]);
assertNotNull(filter);
Field logoutSuccessUrl = makeAccessibleAndGetFieldByName(filter.getClass().getDeclaredFields(),
"logoutSuccessUrl");
String value = (String) logoutSuccessUrl.get(filter);
assertEquals("/", value);
Field handlers = makeAccessibleAndGetFieldByName(filter.getClass().getDeclaredFields(), "handlers");
assertNotNull(handlers);
LogoutHandler[] handlersArray = (LogoutHandler[]) handlers.get(filter);
assertEquals(2, handlersArray.length);
}
public void testExceptionTranslationFilterCreatedwithDefaults() throws Exception {
Map map = bf.getBeansOfType(AuthenticationProcessingFilter.class);
AuthenticationProcessingFilter filter = (AuthenticationProcessingFilter) map.values().iterator().next();
AuthenticationManager authMgr = filter.getAuthenticationManager();
assertNotNull(authMgr);
RememberMeServices remMeServices = filter.getRememberMeServices();
assertNotNull(remMeServices);
assertEquals("/acegilogin.jsp?login_error=1", filter.getAuthenticationFailureUrl());
assertEquals("/", filter.getDefaultTargetUrl());
}
public void testRememberMePRocessingFilterCreatedWithDefaults() {
Map map = bf.getBeansOfType(RememberMeProcessingFilter.class);
RememberMeProcessingFilter filter = (RememberMeProcessingFilter) map.values().iterator().next();
}
public void testMethodDefinitionSourceAdvisorCreatedWithDefaults() throws Exception {
Map map = bf.getBeansOfType(MethodDefinitionSourceAdvisor.class);
assertEquals(1, map.size());
MethodDefinitionSourceAdvisor advisor = (MethodDefinitionSourceAdvisor) map.values().iterator().next();
Field transactionAttributeSource = makeAccessibleAndGetFieldByName(advisor.getClass().getDeclaredFields(), "transactionAttributeSource");
assertNotNull(transactionAttributeSource);
assertTrue(transactionAttributeSource.get(advisor) instanceof MethodDefinitionSource);
}
private Field makeAccessibleAndGetFieldByName(Field[] declaredFields, String name) {
Field field = null;
for (int i = 0, n = declaredFields.length; i < n; i++) {
ReflectionUtils.makeAccessible(declaredFields[i]);
if (declaredFields[i].getName().equals(name)) {
return declaredFields[i];
}
}
return field;
}
}

75
sandbox/spring-security-config/src/test/java/org/springframework/security/config/ExceptionTranslationParserTests.java
View File

@ -1,75 +0,0 @@
package org.springframework.security.config;
import java.lang.reflect.Field;
import junit.framework.TestCase;
import org.springframework.security.ui.AccessDeniedHandler;
import org.springframework.security.ui.AccessDeniedHandlerImpl;
import org.springframework.security.ui.ExceptionTranslationFilter;
import org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint;
import org.springframework.beans.PropertyValue;
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
import org.springframework.beans.factory.config.RuntimeBeanReference;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.context.ApplicationContext;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import org.springframework.util.ReflectionUtils;
public class ExceptionTranslationParserTests extends TestCase {
public void testParsingBeanReferences() {
ApplicationContext context = new ClassPathXmlApplicationContext(
"org/springframework/security/config/exception-translation-beanref.xml");
ConfigurableListableBeanFactory factory = (ConfigurableListableBeanFactory) context
.getAutowireCapableBeanFactory();
String[] beanNames = factory.getBeanNamesForType(ExceptionTranslationFilter.class);
assertEquals(1, beanNames.length);
RootBeanDefinition def = (RootBeanDefinition) factory.getBeanDefinition(beanNames[0]);
assertEquals(ExceptionTranslationFilter.class.getName(), def.getBeanClassName());
// check collaborators
PropertyValue accessDeniedHandler = def.getPropertyValues().getPropertyValue("accessDeniedHandler");
assertNotNull(accessDeniedHandler);
assertEquals(accessDeniedHandler.getValue(), new RuntimeBeanReference("theBeanToUse"));
PropertyValue entryPoint = def.getPropertyValues().getPropertyValue("authenticationEntryPoint");
assertNotNull(entryPoint);
assertEquals(entryPoint.getValue(), new RuntimeBeanReference("authenticationProcessingFilterEntryPoint"));
}
public void testRuntimeBeanDependencies() {
ApplicationContext context = new ClassPathXmlApplicationContext(
"org/springframework/security/config/exception-translation-beanref.xml");
ExceptionTranslationFilter filter = (ExceptionTranslationFilter) context.getBean("exceptionTranslationFilter");
AuthenticationProcessingFilterEntryPoint entryPoint = (AuthenticationProcessingFilterEntryPoint) filter
.getAuthenticationEntryPoint();
assertEquals("/acegilogin.jsp", entryPoint.getLoginFormUrl());
assertFalse(entryPoint.getForceHttps());
}
public void testAutoDetectionOfDefaultDependencies() throws Exception {
ApplicationContext context = new ClassPathXmlApplicationContext(
"org/springframework/security/config/exception-translation-autodetect-handler.xml");
ExceptionTranslationFilter filter = (ExceptionTranslationFilter) context.getBean("exceptionTranslationFilter");
Field field = makeAccessibleAndGetFieldByName(filter.getClass().getDeclaredFields(), "accessDeniedHandler");
assertTrue(field.get(filter) instanceof AccessDeniedHandler);
AccessDeniedHandlerImpl accessDeniedHandler = (AccessDeniedHandlerImpl) field
.get(filter);
Field f = makeAccessibleAndGetFieldByName(accessDeniedHandler.getClass().getDeclaredFields(), "errorPage");
assertEquals("errorPage",f.getName());
String value = (String) f.get(accessDeniedHandler);
assertEquals("/accessDenied.jsp", value);
}
private Field makeAccessibleAndGetFieldByName(Field[] fields, String name) {
Field field = null;
for (int i = 0, n = fields.length; i < n; i++) {
ReflectionUtils.makeAccessible(fields[i]);
if (fields[i].getName().equals(name)) {
return fields[i];
}
}
return field;
}
}

33
sandbox/spring-security-config/src/test/java/org/springframework/security/config/FilterSecurityInterceptorBeanDefinitionParserTests.java
View File

@ -1,33 +0,0 @@
package org.springframework.security.config;
import junit.framework.TestCase;
import org.springframework.security.intercept.web.FilterSecurityInterceptor;
import org.springframework.security.intercept.web.RegExpBasedFilterInvocationDefinitionMap;
import org.springframework.beans.PropertyValue;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.context.ApplicationContext;
import org.springframework.context.support.ClassPathXmlApplicationContext;
/**
* @author Vishal Puri
*/
public class FilterSecurityInterceptorBeanDefinitionParserTests extends TestCase {
public void testParsingBeanDefinition() {
ApplicationContext context = new ClassPathXmlApplicationContext(
"org/springframework/security/config/authorization-http-config.xml");
ConfigurableListableBeanFactory bf = (ConfigurableListableBeanFactory) context.getAutowireCapableBeanFactory();
String[] beanNames = bf.getBeanNamesForType(FilterSecurityInterceptor.class);
assertEquals(1, beanNames.length);
BeanDefinition def = bf.getBeanDefinition(beanNames[0]);
assertEquals(2, def.getPropertyValues().size());
PropertyValue objectDefinitionSource = def.getPropertyValues().getPropertyValue("objectDefinitionSource");
assertTrue(objectDefinitionSource.getValue() instanceof RegExpBasedFilterInvocationDefinitionMap);
PropertyValue accessDecisionManager = def.getPropertyValues().getPropertyValue("accessDecisionManager");
BeanDefinition definition = (RootBeanDefinition) accessDecisionManager.getValue() ;
assertEquals("org.springframework.security.vote.AffirmativeBased" , definition.getBeanClassName());
}
}

44
sandbox/spring-security-config/src/test/java/org/springframework/security/config/HttpSessionContextIntegrationParserTest.java
View File

@ -1,44 +0,0 @@
/**
*
*/
package org.springframework.security.config;
import javax.servlet.Filter;
import org.springframework.security.context.HttpSessionContextIntegrationFilter;
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.context.ApplicationContext;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import junit.framework.TestCase;
/**
* @author vpuri
*
*/
public class HttpSessionContextIntegrationParserTest extends TestCase {
public void testApplicationContext() {
ApplicationContext context = new ClassPathXmlApplicationContext("org/springframework/security/config/session-context-integration-defaults.xml");
ConfigurableListableBeanFactory clbf =
(ConfigurableListableBeanFactory)context.getAutowireCapableBeanFactory();
String[] names = clbf.getBeanNamesForType(Filter.class);
assertEquals(1, names.length);
// check bean name
RootBeanDefinition definition = (RootBeanDefinition)clbf.getBeanDefinition(names[0]);
assertEquals(HttpSessionContextIntegrationFilter.class, definition.getBeanClass());
// check properties
//get the bean
HttpSessionContextIntegrationFilter filter = (HttpSessionContextIntegrationFilter)context.getBean("httpSessionContextIntegrationFilter");
assertFalse(filter.isAllowSessionCreation());
assertNotNull(definition.getPropertyValues().getPropertyValue("allowSessionCreation"));
assertFalse(filter.isForceEagerSessionCreation());
assertFalse(filter.isCloneFromHttpSession());
}
}

52
sandbox/spring-security-config/src/test/java/org/springframework/security/config/LdapAuthenticationProviderBeanDefinitionParserTests.java
View File

@ -1,52 +0,0 @@
package org.springframework.security.config;
import junit.framework.TestCase;
import org.springframework.security.ldap.InitialDirContextFactory;
import org.springframework.security.providers.ldap.LdapAuthenticationProvider;
import org.springframework.security.providers.ldap.authenticator.BindAuthenticator;
import org.springframework.beans.PropertyValue;
import org.springframework.beans.PropertyValues;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
import org.springframework.beans.factory.config.ConstructorArgumentValues.ValueHolder;
import org.springframework.beans.factory.support.ManagedList;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.context.ApplicationContext;
import org.springframework.context.support.ClassPathXmlApplicationContext;
/**
* @author Vishal Puri
*
*/
public class LdapAuthenticationProviderBeanDefinitionParserTests extends TestCase {
public void testBeanDefinitionCreation() {
ApplicationContext context = new ClassPathXmlApplicationContext("org/springframework/security/config/ldap-config.xml");
ConfigurableListableBeanFactory bf = (ConfigurableListableBeanFactory) context.getAutowireCapableBeanFactory();
BeanDefinition def = (RootBeanDefinition) bf.getBeanDefinition("authenticationManager");
assertNotNull(def);
PropertyValues values = def.getPropertyValues();
PropertyValue value = values.getPropertyValue("providers");
assertNotNull(value);
ManagedList list = (ManagedList) value.getValue();
assertEquals(1, list.size());
RootBeanDefinition definition = (RootBeanDefinition) list.get(0);
assertEquals(LdapAuthenticationProvider.class, definition.getBeanClass());
assertEquals(2, definition.getConstructorArgumentValues().getArgumentCount());
ValueHolder holder = definition.getConstructorArgumentValues().getArgumentValue(0, BindAuthenticator.class);
assertNotNull(holder.getConvertedValue() instanceof BindAuthenticator);
RootBeanDefinition authenticatorDefinition = (RootBeanDefinition) holder.getValue();
assertEquals(1, authenticatorDefinition.getConstructorArgumentValues().getArgumentCount());
RootBeanDefinition initialContextDir = (RootBeanDefinition) authenticatorDefinition
.getConstructorArgumentValues().getArgumentValue(0, InitialDirContextFactory.class).getValue();
assertEquals("cn=manager,dc=security,dc=org", initialContextDir.getPropertyValues().getPropertyValue(
"managerDn").getValue());
assertEquals("ldap://monkeymachine:389/dc=security,dc=org", initialContextDir.getConstructorArgumentValues()
.getArgumentValue(0, String.class).getValue());
}
}

29
sandbox/spring-security-config/src/test/java/org/springframework/security/config/LogoutFilterBeanDefinitionParserTests.java
View File

@ -1,29 +0,0 @@
/**
*
*/
package org.springframework.security.config;
import java.util.Map;
import junit.framework.TestCase;
import org.springframework.security.ui.logout.LogoutHandler;
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
import org.springframework.context.ApplicationContext;
import org.springframework.context.support.ClassPathXmlApplicationContext;
/**
* @author vpuri
*
*/
public class LogoutFilterBeanDefinitionParserTests extends TestCase {
public void testLogoutFilter() {
ApplicationContext context = new ClassPathXmlApplicationContext(
"org/springframework/security/config/logout-filter-with-handlers.xml");
ConfigurableListableBeanFactory bf = (ConfigurableListableBeanFactory) context.getAutowireCapableBeanFactory();
Map m = bf.getBeansOfType(LogoutHandler.class);
assertEquals(2, m.size());
}
}

22
sandbox/spring-security-config/src/test/java/org/springframework/security/config/NamespaceTests.java
View File

@ -1,22 +0,0 @@
/**
*
*/
package org.springframework.security.config;
import junit.framework.TestCase;
import org.springframework.context.ApplicationContext;
import org.springframework.context.support.ClassPathXmlApplicationContext;
/**
* @author vpuri
*
*/
public class NamespaceTests extends TestCase {
public void testPass() {
ApplicationContext c = new ClassPathXmlApplicationContext("org/springframework/security/config/applicationContext-acegi-security.xml");
}
}

64
sandbox/spring-security-config/src/test/java/org/springframework/security/config/PrincipalRepositoryNamespaceTests.java
View File

@ -1,64 +0,0 @@
package org.springframework.security.config;
import junit.framework.TestCase;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.userdetails.User;
import org.springframework.security.userdetails.UserDetailsService;
import org.springframework.security.userdetails.memory.InMemoryDaoImpl;
import org.springframework.security.userdetails.memory.UserMap;
import org.springframework.beans.PropertyValue;
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.context.ApplicationContext;
import org.springframework.context.support.ClassPathXmlApplicationContext;
/**
* @author Vishal Puri
*
*/
public class PrincipalRepositoryNamespaceTests extends TestCase {
public void testParserWithUserDefinition() {
ApplicationContext context = new ClassPathXmlApplicationContext(
"org/springframework/security/config/principal-repository-user-map.xml");
ConfigurableListableBeanFactory clbf = (ConfigurableListableBeanFactory) context
.getAutowireCapableBeanFactory();
String[] names = clbf.getBeanNamesForType(UserDetailsService.class);
assertEquals(1, names.length);
RootBeanDefinition definition = (RootBeanDefinition) clbf.getBeanDefinition(names[0]);
assertEquals(InMemoryDaoImpl.class, definition.getBeanClass());
UserMap map = new UserMap();
GrantedAuthority[] authotities = { new GrantedAuthorityImpl("ROLE_YO"), new GrantedAuthorityImpl("ROLE_YOYO") };
User user = new User("vishal", "nottellingya", true, true, true, true, authotities);
map.addUser(user);
assertPropertyValues(map, definition, "userMap");
}
private void assertPropertyValues(UserMap assertionValue, RootBeanDefinition definition, String property) {
PropertyValue propertyValue = definition.getPropertyValues().getPropertyValue(property);
assertNotNull(propertyValue);
assertTrue(propertyValue.getValue() instanceof UserMap);
UserMap users = (UserMap) propertyValue.getValue();
assertTrue(assertionValue.getUserCount() == users.getUserCount());
assertEquals(assertionValue.getUser("vishal"), users.getUser("vishal"));
assertTrue(users.getUser("vishal").isEnabled());
assertTrue(users.getUser("vishal").isAccountNonExpired());
assertTrue(users.getUser("vishal").isAccountNonLocked());
assertTrue(users.getUser("vishal").isCredentialsNonExpired());
assertEquals(2, users.getUser("vishal").getAuthorities().length);
assertEquals(new GrantedAuthorityImpl("ROLE_YO"), users.getUser("vishal").getAuthorities()[0]);
assertEquals(new GrantedAuthorityImpl("ROLE_YOYO"), users.getUser("vishal").getAuthorities()[1]);
}
}

19
sandbox/spring-security-config/src/test/java/org/springframework/security/config/RememberMeBeanDefinitionParserTest.java
View File

@ -1,19 +0,0 @@
package org.springframework.security.config;
import junit.framework.TestCase;
import org.springframework.security.providers.ProviderManager;
import org.springframework.security.providers.dao.DaoAuthenticationProvider;
import org.springframework.context.ApplicationContext;
import org.springframework.context.support.ClassPathXmlApplicationContext;
//TODO: fix test name
public class RememberMeBeanDefinitionParserTest extends TestCase {
public void testParserDefaults() {
ApplicationContext context = new ClassPathXmlApplicationContext("org/springframework/security/config/remember-me-defaults.xml");
ProviderManager mgr = (ProviderManager)context.getBean("authenticationManager");
assertEquals(1, mgr.getProviders().size());
assertTrue(mgr.getProviders().get(0) instanceof DaoAuthenticationProvider);
}
}

54
sandbox/spring-security-config/src/test/java/org/springframework/security/config/RememberMeServicesBeanDefinitionParserTests.java
View File

@ -1,54 +0,0 @@
/**
*
*/
package org.springframework.security.config;
import java.lang.reflect.Field;
import java.util.Map;
import junit.framework.TestCase;
import org.springframework.security.AuthenticationManager;
import org.springframework.security.ui.rememberme.RememberMeProcessingFilter;
import org.springframework.security.ui.rememberme.RememberMeServices;
import org.springframework.security.ui.rememberme.TokenBasedRememberMeServices;
import org.springframework.security.userdetails.UserDetailsService;
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.context.ApplicationContext;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import org.springframework.util.ReflectionUtils;
/**
* @author Vishal Puri
*
*/
public class RememberMeServicesBeanDefinitionParserTests extends TestCase {
public void testFilterConfiguration() {
ApplicationContext context = new ClassPathXmlApplicationContext("org/springframework/security/config/remember-me-defaults.xml");
ConfigurableListableBeanFactory bf = (ConfigurableListableBeanFactory)context.getAutowireCapableBeanFactory();
String[] names = bf.getBeanNamesForType(RememberMeProcessingFilter.class);
assertEquals(1, names.length);
RootBeanDefinition definition = (RootBeanDefinition)bf.getBeanDefinition(names[0]);
assertEquals(definition.getBeanClass(), RememberMeProcessingFilter.class);
}
public void testRuntimeAutoDetectionOfDependencies() throws Exception {
ApplicationContext context = new ClassPathXmlApplicationContext("org/springframework/security/config/remember-me-autodetect.xml");
ConfigurableListableBeanFactory factory = (ConfigurableListableBeanFactory) context.getAutowireCapableBeanFactory();
Map map = factory.getBeansOfType(RememberMeProcessingFilter.class);
RememberMeProcessingFilter filter = (RememberMeProcessingFilter)map.values().iterator().next();
RememberMeServices services = filter.getRememberMeServices();
assertNotNull(services);
TokenBasedRememberMeServices rememberMeServices = (TokenBasedRememberMeServices)services;
UserDetailsService ud = rememberMeServices.getUserDetailsService();
assertNotNull(ud);
Field field = filter.getClass().getDeclaredField("authenticationManager");
ReflectionUtils.makeAccessible(field);
Object obj = field.get(filter);
assertNotNull("authentication manager should not have been null", obj);
assertTrue(obj instanceof AuthenticationManager);
}
}

12
sandbox/spring-security-config/src/test/resources/log4j.properties
View File

@ -1,12 +0,0 @@
# Logging
#
log4j.rootCategory=WARN, stdout
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.ConversionPattern=%d %p %c - %m%n
log4j.category.org.springframework.security=DEBUG
log4j.category.org.springframework=INFO

174
sandbox/spring-security-config/src/test/resources/org/springframework/security/config/applicationContext-acegi-security.xml
View File

@ -1,174 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
<!--
- A simple "base bones" Acegi Security configuration.
-
- The sample includes the "popular" features that people tend to use.
- Specifically, form authentication, remember-me, and anonymous processing.
- Other features aren't setup, as these can be added later by inserting
- the relevant XML fragments as specified in the Reference Guide.
-
- To assist new users, the filters specified in the FilterChainProxy are
- declared in the application context in the same order. Collaborators
- required by those filters are placed at the end of the file.
-
- $Id: applicationContext-acegi-security.xml 1833 2007-05-17 23:06:46Z vishalpuri $
-->
<bean id="filterChainProxy"
class="org.springframework.security.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
</value>
</property>
</bean>
<!-- sessionCreation defaults to ifRequired(true) always(true) never(false) . -->
<security:session-context-integration
id="httpSessionContextIntegrationFilter" sessionCreation="ifRequired" />
<!-- If LogoutFilter does not have setHandlers populated, introspect app ctx for LogoutHandlers, using Ordered (if present, otherwise assume Integer.MAX_VALUE) -->
<!-- The logoutUrl and redirectAfterLogout are both optional and default to that shown -->
<security:logout-support id="logoutFilter"
redirectAfterLogoutUrl="/index.jsp" logoutUrl="/j_spring_security_logout" />
<security:authentication-remember-me-services
id="rememberMeServices" key="someValue" />
<bean id="securityContextLogoutHandler"
class="org.springframework.security.ui.logout.SecurityContextLogoutHandler" />
<!-- the URLs are all mandatory and have no defaults (well, except authenticationUrl) -->
<security:authentication-form id="authenticationProcessingFilter"
authenticationUrl="/j_spring_security_check" defaultTargetUrl="/"
errorFormUrl="/acegilogin.jsp?login_error=1" />
<!-- make it optional, if not supplied autodetect all auth-providers from app ctx, using Ordered to resolve their order -->
<security:authentication-mechanism id="authenticationManager">
<security:authentication-jdbc ref="daoAuthenticationProvider" />
</security:authentication-mechanism>
<!-- UserDetailsService is the most commonly frequently Acegi Security interface implemented by end users -->
<security:principal-repository id="userDetailsService">
<security:properties
resource="classpath:org/acegisecurity/config/user.properties" />
</security:principal-repository>
<!-- dao authentication provider "authenticationRepository" -->
<security:authentication-repository id="daoAuthenticationProvider" />
<bean id="securityContextHolderAwareRequestFilter"
class="org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter" />
<!-- makes the filter, but does little else, as it auto-detects everything -->
<security:authentication-remember-me-filter
id="rememberMeProcessingFilter" />
<bean id="anonymousProcessingFilter"
class="org.springframework.security.providers.anonymous.AnonymousProcessingFilter">
<property name="key" value="changeThis" />
<property name="userAttribute"
value="anonymousUser,ROLE_ANONYMOUS" />
</bean>
<!-- Basically accessDeniedUrl is optional, we if unspecified impl will auto-detect any AccessDeniedHandler in ctx and use it;
alternately if there are > 1 such handlers, we can nominate the one to use via accessDeniedBeanRef; provide nested elements for
other props; i do not mind if you move the access denied stuff to a sub-element -->
<security:exception-translation id="exceptionTranslationFilter">
<security:entry-point
entryPointBeanRef="authenticationEntryPoint" />
</security:exception-translation>
<bean id="authenticationEntryPoint"
class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<property name="loginFormUrl" value="/acegilogin.jsp" />
<property name="forceHttps" value="false" />
</bean>
<bean id="accessDeniedHandler"
class="org.springframework.security.ui.AccessDeniedHandlerImpl">
<property name="errorPage" value="/accessDenied.jsp" />
</bean>
<bean id="filterInvocationInterceptor"
class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager"
ref="authenticationManager" />
<property name="accessDecisionManager">
<bean class="org.springframework.security.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions"
value="false" />
<property name="decisionVoters">
<list>
<bean class="org.springframework.security.vote.RoleVoter" />
<bean
class="org.springframework.security.vote.AuthenticatedVoter" />
</list>
</property>
</bean>
</property>
<property name="objectDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/acegilogin.jsp=IS_AUTHENTICATED_ANONYMOUSLY
/**=IS_AUTHENTICATED_REMEMBERED
</value>
</property>
</bean>
<!--<bean id="authenticationManager"
class="org.springframework.security.providers.ProviderManager">
<property name="providers">
<list>
<ref local="daoAuthenticationProvider" />
<bean
class="org.springframework.security.providers.anonymous.AnonymousAuthenticationProvider">
<property name="key" value="changeThis" />
</bean>
<bean
class="org.springframework.security.providers.rememberme.RememberMeAuthenticationProvider">
<property name="key" value="changeThis" />
</bean>
</list>
</property>
</bean>-->
<bean id="userCache"
class="org.springframework.security.providers.dao.cache.EhCacheBasedUserCache">
<property name="cache">
<bean
class="org.springframework.cache.ehcache.EhCacheFactoryBean">
<property name="cacheManager">
<bean
class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean" />
</property>
<property name="cacheName" value="userCache" />
</bean>
</property>
</bean>
<!-- This bean is optional; it isn't used by any other bean as it only listens and logs -->
<bean id="loggerListener"
class="org.springframework.security.event.authentication.LoggerListener" />
</beans>

19
sandbox/spring-security-config/src/test/resources/org/springframework/security/config/authentication-basic-filter.xml
View File

@ -1,19 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
<!-- AuthenticationEntryPoints handled across the system via Ordered interface; every Acegi entry point has an order; the highest order wins and
is used as the entry point by ExceptionTranslationFilter; for things like BasicAuthenticationfilter, they're smart enough to know they need a
BasicAuthenticationProcessingFilterEntryPoint, so they use that one; here we have an entryPointOrder to say when we make the BasicEntryPoint,
we will call setOrder(2) such that this app effectively will use somehing with a higher order as the app-wide default -->
<security:authentication-basic id="id"
realmName="Spring Security Application" entryPointOrder="2" />
</beans>

51
sandbox/spring-security-config/src/test/resources/org/springframework/security/config/authentication-beanRef-attributes.xml
View File

@ -1,51 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
<security:authentication-repository id="authenticationRepository" repositoryBeanRef="refToUserDetailsService">
<security:salt-source saltSourceBeanRef="refToSaltSource"/>
<security:password-encoder encoderBeanRef="refToPasswordEncoder"/>
</security:authentication-repository>
<bean id="refToUserDetailsService"
class="org.springframework.security.userdetails.jdbc.JdbcDaoImpl">
<property name="dataSource">
<ref bean="dataSource" />
</property>
</bean>
<bean id="dataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName">
<value>org.hsqldb.jdbcDriver</value>
</property>
<property name="url">
<value>jdbc:hsqldb:mem:test</value>
<!-- <value>jdbc:hsqldb:hsql://localhost/acl</value> -->
</property>
<property name="username">
<value>sa</value>
</property>
<property name="password">
<value></value>
</property>
</bean>
<bean id="refToSaltSource"
class="org.springframework.security.providers.dao.salt.SystemWideSaltSource">
<property name="systemWideSalt">
<value>12345</value>
</property>
</bean>
<bean id="refToPasswordEncoder"
class="org.springframework.security.providers.encoding.Md5PasswordEncoder" />
</beans>

54
sandbox/spring-security-config/src/test/resources/org/springframework/security/config/authentication-dao-defaults.xml
View File

@ -1,54 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
<!-- Case 1: defaults (userDetailsService mandatory)-->
<!-- autocreate userDetailsService with dataSource(search in ctx) injected -->
<security:authentication-repository id="authenticationRepository">
<security:password-encoder encoderBeanRef="passwordEncoder" />
</security:authentication-repository>
<bean id="userDetailsService"
class="org.springframework.security.userdetails.jdbc.JdbcDaoImpl">
<property name="dataSource">
<ref bean="dataSource" />
</property>
</bean>
<bean id="dataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName">
<value>org.hsqldb.jdbcDriver</value>
</property>
<property name="url">
<value>jdbc:hsqldb:mem:test</value>
<!-- <value>jdbc:hsqldb:hsql://localhost/acl</value> -->
</property>
<property name="username">
<value>sa</value>
</property>
<property name="password">
<value></value>
</property>
</bean>
<bean id="saltSource"
class="org.springframework.security.providers.dao.salt.SystemWideSaltSource">
<property name="systemWideSalt">
<value>12345</value>
</property>
</bean>
<bean id="passwordEncoder"
class="org.springframework.security.providers.encoding.Md5PasswordEncoder" />
</beans>

40
sandbox/spring-security-config/src/test/resources/org/springframework/security/config/authentication-defaults.xml
View File

@ -1,40 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
<security:authentication-repository id="authenticationRepository"/>
<bean id="userDetailsService"
class="org.springframework.security.userdetails.jdbc.JdbcDaoImpl">
<property name="dataSource">
<ref bean="dataSource" />
</property>
</bean>
<bean id="dataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName">
<value>org.hsqldb.jdbcDriver</value>
</property>
<property name="url">
<value>jdbc:hsqldb:mem:test</value>
<!-- <value>jdbc:hsqldb:hsql://localhost/acl</value> -->
</property>
<property name="username">
<value>sa</value>
</property>
<property name="password">
<value></value>
</property>
</bean>
</beans>

57
sandbox/spring-security-config/src/test/resources/org/springframework/security/config/authentication-form-filter.xml
View File

@ -1,57 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
<!-- the URLs are all mandatory and have no defaults (well, except authenticationUrl) -->
<security:authentication-form id="authenticationProcessinFilter"
authenticationUrl="/login" defaultTargetUrl="/login.html"
errorFormUrl="error.html" />
<!-- make it optional, if not supplied autodetect all auth-providers from app ctx, using Ordered to resolve their order -->
<security:authentication-mechanism id="authenticationManager">
<security:authentication-jdbc ref="authenticationRepository"/>
</security:authentication-mechanism>
<!-- dao authentication provider -->
<security:authentication-repository id="authenticationRepository" repositoryBeanRef="userDetailsService"/>
<security:authentication-remember-me-services
id="rememberMeServices" key="someValue" />
<bean id="userDetailsService"
class="org.springframework.security.userdetails.jdbc.JdbcDaoImpl">
<property name="dataSource">
<ref bean="dataSource" />
</property>
</bean>
<bean id="dataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName">
<value>org.hsqldb.jdbcDriver</value>
</property>
<property name="url">
<value>jdbc:hsqldb:mem:test</value>
<!-- <value>jdbc:hsqldb:hsql://localhost/acl</value> -->
</property>
<property name="username">
<value>sa</value>
</property>
<property name="password">
<value></value>
</property>
</bean>
</beans>

50
sandbox/spring-security-config/src/test/resources/org/springframework/security/config/authentication-innerbeans.xml
View File

@ -1,50 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
<!-- Case 1: defaults (userDetailsService mandatory)-->
<!-- autocreate userDetailsService with dataSource(search in ctx) injected -->
<security:authentication-repository id="authenticationRepository">
<security:salt-source>
<security:system-wide systemWideSalt="12345" />
</security:salt-source>
<security:password-encoder>
<security:encoder method="md5" />
</security:password-encoder>
</security:authentication-repository>
<bean id="AnyBeanIdAsThisBeanWillBeAutoDetectedAndInjectedInauthenticationRepositoryUsingAutoWireByType"
class="org.springframework.security.userdetails.jdbc.JdbcDaoImpl">
<property name="dataSource">
<ref bean="dataSource" />
</property>
</bean>
<bean id="dataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName">
<value>org.hsqldb.jdbcDriver</value>
</property>
<property name="url">
<value>jdbc:hsqldb:mem:test</value>
<!-- <value>jdbc:hsqldb:hsql://localhost/acl</value> -->
</property>
<property name="username">
<value>sa</value>
</property>
<property name="password">
<value></value>
</property>
</bean>
</beans>

59
sandbox/spring-security-config/src/test/resources/org/springframework/security/config/authorization-http-config.xml
View File

@ -1,59 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
<!-- ensure element name is not overlapping with portlet or spring web flow or tapestry URI patterns,
as this filter is incompatible with them -->
<import resource="remember-me-defaults.xml" />
<security:authorization-http-url id="authorizationhttp">
<security:url-mapping source="xml">
<!-- Specify security:uri-patterns in order of processing; each pattern must specify EITHER a
regularExpression OR a path, but not both and ALL patterns in the url-mapping MUST be of the
SAME type (ie cannot mix a regular expression and Ant Path) - give exception if tried -->
<security:uri-pattern regularExpression="/**">
<security:configuration-attribute attribute="ROLE_A" />
<security:configuration-attribute attribute="ROLE_B" />
</security:uri-pattern>
<security:uri-pattern regularExpression="whatever">
<security:configuration-attribute attribute="ROLE_A" />
</security:uri-pattern>
</security:url-mapping>
</security:authorization-http-url>
<!--<bean id="filterInvocationInterceptor"
class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager"
ref="authenticationManager" />
<property name="accessDecisionManager">
<bean class="org.springframework.security.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions"
value="false" />
<property name="decisionVoters">
<list>
<bean class="org.springframework.security.vote.RoleVoter" />
<bean
class="org.springframework.security.vote.AuthenticatedVoter" />
</list>
</property>
</bean>
</property>
<property name="objectDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/acegilogin.jsp=IS_AUTHENTICATED_ANONYMOUSLY
/**=IS_AUTHENTICATED_REMEMBERED
</value>
</property>
</bean>
-->
</beans>

21
sandbox/spring-security-config/src/test/resources/org/springframework/security/config/authorization-manager.xml
View File

@ -1,21 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
<!--
creates a bean definition for an AccessDecisionManager; strategy defaults to
AffirmativeBased; superclass AbstractAccessDecisionManager requires refactoring
so if no setProvider(List) given, it introspects app ctx for all AccessDecisionVoters
and uses their Ordered interface to apply them; if one doesn't implement Ordered,
assume it is Integer.MAX_VALUE
-->
<security:authorization-manager id="id" strategy="affirmative">
<security:role-voter />
<security:authenticated-voter />
</security:authorization-manager>
</beans>

42
sandbox/spring-security-config/src/test/resources/org/springframework/security/config/authorization-method-annotations.xml
View File

@ -1,42 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
<!--
the source refers to use of the relevant concete ObjectDefinitionSource;
user can alternately specify their own instance and refer to it
via the sourceBeanId property; in that case they must specify "custom";
if unspecified, it means it's described as nested elements using the
security:method-pattern element, and you will therefore create it via
the MethodDefinitionSourceEditor (that is what the default source=xml means, too)
For aspectj and springAop, that means create a MethodSecurityInterceptor and
AspectJSecurityInterceptor bean definition respectively (in the case of
springAop, also create a MethodDefinitionSourceAdvisor); defaults to
springAop=true, aspectJ=false
-->
<import resource="remember-me-defaults.xml" />
<import resource="authorization-manager.xml"/>
<security:authorization-joinpoint id="methodInterceptor"
springAop="true" >
<security:url-mapping source="annotations">
<security:method-pattern
type="org.springframework.security.BankServiceImpl.listAccounts">
<security:configuration-attribute attribute="ROLE_A" />
<security:configuration-attribute attribute="ROLE_B" />
</security:method-pattern>
</security:url-mapping>
</security:authorization-joinpoint>
</beans>

42
sandbox/spring-security-config/src/test/resources/org/springframework/security/config/authorization-method-aspectj.xml
View File

@ -1,42 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
<!--
the source refers to use of the relevant concete ObjectDefinitionSource;
user can alternately specify their own instance and refer to it
via the sourceBeanId property; in that case they must specify "custom";
if unspecified, it means it's described as nested elements using the
security:method-pattern element, and you will therefore create it via
the MethodDefinitionSourceEditor (that is what the default source=xml means, too)
For aspectj and springAop, that means create a MethodSecurityInterceptor and
AspectJSecurityInterceptor bean definition respectively (in the case of
springAop, also create a MethodDefinitionSourceAdvisor); defaults to
springAop=true, aspectJ=false
-->
<import resource="remember-me-defaults.xml" />
<import resource="authorization-manager.xml"/>
<security:authorization-joinpoint id="methodInterceptor"
aspectj="true" >
<security:url-mapping source="annotations">
<security:method-pattern
type="org.springframework.security.BankServiceImpl.listAccounts">
<security:configuration-attribute attribute="ROLE_A" />
<security:configuration-attribute attribute="ROLE_B" />
</security:method-pattern>
</security:url-mapping>
</security:authorization-joinpoint>
</beans>

42
sandbox/spring-security-config/src/test/resources/org/springframework/security/config/authorization-method-attributes.xml
View File

@ -1,42 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
<!--
the source refers to use of the relevant concete ObjectDefinitionSource;
user can alternately specify their own instance and refer to it
via the sourceBeanId property; in that case they must specify "custom";
if unspecified, it means it's described as nested elements using the
security:method-pattern element, and you will therefore create it via
the MethodDefinitionSourceEditor (that is what the default source=xml means, too)
For aspectj and springAop, that means create a MethodSecurityInterceptor and
AspectJSecurityInterceptor bean definition respectively (in the case of
springAop, also create a MethodDefinitionSourceAdvisor); defaults to
springAop=true, aspectJ=false
-->
<import resource="remember-me-defaults.xml" />
<import resource="authorization-manager.xml"/>
<security:authorization-joinpoint id="methodInterceptor"
springAop="true" >
<security:url-mapping source="attributes">
<security:method-pattern
type="org.springframework.security.BankServiceImpl.listAccounts">
<security:configuration-attribute attribute="ROLE_A" />
<security:configuration-attribute attribute="ROLE_B" />
</security:method-pattern>
</security:url-mapping>
</security:authorization-joinpoint>
</beans>

56
sandbox/spring-security-config/src/test/resources/org/springframework/security/config/authorization-method.xml
View File

@ -1,56 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
<!--
the source refers to use of the relevant concete ObjectDefinitionSource;
user can alternately specify their own instance and refer to it
via the sourceBeanId property; in that case they must specify "custom";
if unspecified, it means it's described as nested elements using the
security:method-pattern element, and you will therefore create it via
the MethodDefinitionSourceEditor (that is what the default source=xml means, too)
For aspectj and springAop, that means create a MethodSecurityInterceptor and
AspectJSecurityInterceptor bean definition respectively (in the case of
springAop, also create a MethodDefinitionSourceAdvisor); defaults to
springAop=true, aspectJ=false
-->
<import resource="remember-me-defaults.xml" />
<import resource="authorization-manager.xml"/>
<security:authorization-joinpoint id="methodInterceptor"
springAop="true" >
<security:url-mapping source="xml">
<security:method-pattern
type="org.springframework.security.BankServiceImpl.listAccounts">
<security:configuration-attribute attribute="ROLE_A" />
</security:method-pattern>
</security:url-mapping>
</security:authorization-joinpoint>
<!--
<bean id="methodSecurity" class="org.springframework.security.intercept.method.aopalliance.MethodSecurityInterceptor">
<property name="validateConfigAttributes"><value>true</value></property>
<property name="authenticationManager"><ref bean="authenticationManager"/></property>
<property name="accessDecisionManager"><ref bean="accessDecisionManager"/></property>
<property name="runAsManager"><ref bean="runAsManager"/></property>
<property name="afterInvocationManager"><ref bean="afterInvocationManager"/></property>
<property name="objectDefinitionSource">
<value>
org.springframework.security.context.BankManager.delete*=ROLE_SUPERVISOR,RUN_AS_SERVER
org.springframework.security.context.BankManager.getBalance=ROLE_TELLER,ROLE_SUPERVISOR,BANKSECURITY_CUSTOMER,RUN_AS_SERVER
</value>
</property>
</bean>
-->
</beans>

32
sandbox/spring-security-config/src/test/resources/org/springframework/security/config/auto-config.xml
View File

@ -1,32 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
<!--
<security:autodetect>
really behind the scenes will create an annotations-based
MethodSecurityInterceptor with the MethodDefinitionSourceAdvisor that
automatically detects annotated interfaces. So basically edit the
Clinic interface and pop @Secured("ROLE_SUPERVISOR") onto the storeVisit
method, re-run the app, and prove to the users that only users with
ROLE_SUPERVISOR in their properties file are now able to store a visit
to the clinic.
-->
<security:autoconfig/>
<!-- UserDetailsService is the most commonly frequently Acegi Security interface implemented by end users -->
<security:principal-repository id="userDetailsService">
<security:properties
resource="classpath:org/acegisecurity/config/user.properties" />
</security:principal-repository>
<bean id="bankService" class="org.springframework.security.BankServiceImpl"/>
</beans>

41
sandbox/spring-security-config/src/test/resources/org/springframework/security/config/exception-translation-autodetect-handler.xml
View File

@ -1,41 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
<!-- Basically accessDeniedUrl is optional, we if unspecified impl will auto-detect any AccessDeniedHandler in ctx and use it;
alternately if there are > 1 such handlers, we can nominate the one to use via accessDeniedBeanRef; provide nested elements for
other props; i do not mind if you move the access denied stuff to a sub-element -->
<security:exception-translation id="exceptionTranslationFilter">
<security:entry-point
entryPointBeanRef="authenticationProcessingFilterEntryPoint" />
<!--<security:access-denied accessDeniedBeanRef="theBeanToUse" />-->
</security:exception-translation>
<bean id="theBeanToUse"
class="org.springframework.security.ui.AccessDeniedHandlerImpl">
<property name="errorPage" value="/accessDenied.jsp" />
</bean>
<!--<bean id="anotherBeanToUse"
class="org.springframework.security.ui.AccessDeniedHandlerImpl">
<property name="errorPage" value="/accessDenied.jsp" />
</bean>-->
<bean id="authenticationProcessingFilterEntryPoint"
class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<property name="loginFormUrl">
<value>/acegilogin.jsp</value>
</property>
<property name="forceHttps">
<value>false</value>
</property>
</bean>
</beans>

38
sandbox/spring-security-config/src/test/resources/org/springframework/security/config/exception-translation-beanref.xml
View File

@ -1,38 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
<!-- Basically accessDeniedUrl is optional, we if unspecified impl will auto-detect any AccessDeniedHandler in ctx and use it;
alternately if there are > 1 such handlers, we can nominate the one to use via accessDeniedBeanRef; provide nested elements for
other props; i do not mind if you move the access denied stuff to a sub-element -->
<security:exception-translation id="exceptionTranslationFilter">
<security:entry-point
entryPointBeanRef="authenticationProcessingFilterEntryPoint" />
<security:access-denied accessDeniedBeanRef="theBeanToUse" />
</security:exception-translation>
<bean id="theBeanToUse"
class="org.springframework.security.ui.AccessDeniedHandlerImpl">
<property name="errorPage" value="/accessDenied.jsp" />
</bean>
<bean id="authenticationProcessingFilterEntryPoint"
class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<property name="loginFormUrl">
<value>/acegilogin.jsp</value>
</property>
<property name="forceHttps">
<value>false</value>
</property>
</bean>
</beans>

73
sandbox/spring-security-config/src/test/resources/org/springframework/security/config/ldap-config.xml
View File

@ -1,73 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
<!-- make it optional, if not supplied autodetect all auth-providers from app ctx, using Ordered to resolve their order -->
<security:authentication-mechanism id="authenticationManager">
<security:authentication-ldap
ldapUrl="ldap://monkeymachine:389/dc=springframework,dc=org"
managerDn="cn=manager,dc=springframework,dc=org"
managerPassword="password" groupSearchBase="ou=groups"
groupRoleAttribute="ou">
<security:property name="userDnPatterns">
<list>
<value>uid={0},ou=people</value>
</list>
</security:property>
</security:authentication-ldap>
</security:authentication-mechanism>
<!--<bean id="initialDirContextFactory"
class="org.springframework.security.ldap.DefaultInitialDirContextFactory">
<constructor-arg
value="ldap://monkeymachine:389/dc=springframework,dc=org" />
<property name="managerDn">
<value>cn=manager,dc=springframework,dc=org</value>
</property>
<property name="managerPassword">
<value>password</value>
</property>
</bean>
<bean id="ldapAuthProvider"
class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">
<constructor-arg>
<bean
class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator">
<constructor-arg>
<ref local="initialDirContextFactory" />
</constructor-arg>
<property name="userDnPatterns">
<list>
<value>uid={0},ou=people</value>
</list>
</property>
</bean>
</constructor-arg>
<constructor-arg>
<bean
class="org.springframework.security.providers.ldap.populator.DefaultLdapAuthoritiesPopulator">
<constructor-arg>
<ref local="initialDirContextFactory" />
</constructor-arg>
<constructor-arg>
<value>ou=groups</value>
</constructor-arg>
<property name="groupRoleAttribute">
<value>ou</value>
</property>
</bean>
</constructor-arg>
</bean>
-->
</beans>

34
sandbox/spring-security-config/src/test/resources/org/springframework/security/config/logout-filter-with-handlers.xml
View File

@ -1,34 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
<!-- If LogoutFilter does not have setHandlers populated, introspect app ctx for LogoutHandlers, using Ordered (if present, otherwise assume Integer.MAX_VALUE) -->
<!-- The logoutUrl and redirectAfterLogout are both optional and default to that shown -->
<security:logout-support id="logoutFilter" logoutUrl="/logout" redirectAfterLogoutUrl="/"/>
<security:authentication-remember-me-services
id="rememberMeServices" key="someValue" />
<bean id="SecurityContextLogoutHandler"
class="org.springframework.security.ui.logout.SecurityContextLogoutHandler" />
<security:principal-repository id="userDetailsService">
<security:user-definition username="vishal"
password="nottellingya" enabled="true">
<security:granted-authority authority="ROLE_YO" />
<security:granted-authority authority="ROLE_YOYO" />
<!-- TODO: <security:granted-authority-ref authorityBeanRef="fooBarAuthority"/>-->
</security:user-definition>
</security:principal-repository>
</beans>

42
sandbox/spring-security-config/src/test/resources/org/springframework/security/config/principal-repository-jdbc.xml
View File

@ -1,42 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd">
<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
<!-- userDetailsService, This is used if they want an out-of-the-bx UserDetailsService; if they write their own, this goes away and they wire a legacy bean definition and then the various
beans depending on a UserDetailsService will auto-detect it at runtime OR provide a way of setUserDetailsService(UserDetailsService) if to specified explicitly.
If they fail to provide a repository, the security-autodetect will set one up for them with a few basic in-memory users and pwds -->
<!--<security:security-autoconfig/> -->
<security:principal-repository id="userDetailsService">
<security:jdbc dataSourceBeanRef="dataSource"/>
</security:principal-repository>
<bean id="dataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName">
<value>org.hsqldb.jdbcDriver</value>
</property>
<property name="url">
<value>jdbc:hsqldb:mem:test</value>
<!-- <value>jdbc:hsqldb:hsql://localhost/acl</value> -->
</property>
<property name="username">
<value>sa</value>
</property>
<property name="password">
<value></value>
</property>
</bean>
<!--<bean id="jdbcTemplate" class="org.springframework.jdbc.core.JdbcTemplate">
<property name="dataSource" ref="dataSource"></property>
</bean>-->
</beans>

22
sandbox/spring-security-config/src/test/resources/org/springframework/security/config/principal-repository-properties.xml
View File

@ -1,22 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
<!-- userDetailsService, This is used if they want an out-of-the-bx UserDetailsService; if they write their own, this goes away and they wire a legacy bean definition and then the various
beans depending on a UserDetailsService will auto-detect it at runtime OR provide a way of setUserDetailsService(UserDetailsService) if to specified explicitly.
If they fail to provide a repository, the security-autodetect will set one up for them with a few basic in-memory users and pwds -->
<security:principal-repository id="userDetailsService">
<security:properties resource="classpath:org/acegisecurity/config/user.properties"/>
</security:principal-repository>
</beans>

28
sandbox/spring-security-config/src/test/resources/org/springframework/security/config/principal-repository-user-map.xml
View File

@ -1,28 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
<!-- userDetailsService, This is used if they want an out-of-the-bx UserDetailsService; if they write their own, this goes away and they wire a legacy bean definition and then the various
beans depending on a UserDetailsService will auto-detect it at runtime OR provide a way of setUserDetailsService(UserDetailsService) if to specified explicitly.
If they fail to provide a repository, the security-autodetect will set one up for them with a few basic in-memory users and pwds -->
<security:principal-repository id="userDetailsService">
<security:user-definition username="vishal" password="nottellingya" enabled="true">
<security:granted-authority authority="ROLE_YO"/>
<security:granted-authority authority="ROLE_YOYO"/>
<!-- TODO: <security:granted-authority-ref authorityBeanRef="fooBarAuthority"/>-->
</security:user-definition>
</security:principal-repository>
<!-- TODO: <security:granted-authority id="fooBarAuthority" authority="ROLE_FOOBAR"/> -->
</beans>

62
sandbox/spring-security-config/src/test/resources/org/springframework/security/config/remember-me-autodetect.xml
View File

@ -1,62 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
<!-- ======================== AUTHENTICATION ======================= -->
<!-- makes the filter, but does little else, as it auto-detects everything -->
<security:authentication-remember-me-filter id="rememberMeFilter" />
<!-- services should auto-detect UserDetails from app ctx if principalRepository was not specified; -->
<!-- key is optional; if unspecified, in the NamespaceHandler pick a rnd int and use for all unspecified key properties for acegi beans -->
<security:authentication-remember-me-services
id="rememberMeServices" key="someValue" />
<!-- The rules are:
AuthenticationManager interface is implemented by ProviderManager
So if you have any auto-detection, create a ProviderManager definition
If ProviderManager.setProvider(List) is never called, auto-detect all AuthenticationProviders from app ctx, using Ordered to resolve their order
Every authentication mechanism OR provider must start with security:authentication-something
Use appropriate attrs and elements depending on provider or mechanism
-->
<!-- make it optional, if not supplied autodetect all auth-providers from app ctx, using Ordered to resolve their order -->
<security:authentication-mechanism id="authenticationManager">
<security:authentication-jdbc ref="authenticationRepository" />
</security:authentication-mechanism>
<!-- dao authentication provider -->
<security:authentication-repository id="authenticationRepository" />
<bean id="userDetailsService"
class="org.springframework.security.userdetails.jdbc.JdbcDaoImpl">
<property name="dataSource">
<ref bean="dataSource" />
</property>
</bean>
<bean id="dataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName">
<value>org.hsqldb.jdbcDriver</value>
</property>
<property name="url">
<value>jdbc:hsqldb:mem:test</value>
<!-- <value>jdbc:hsqldb:hsql://localhost/acl</value> -->
</property>
<property name="username">
<value>sa</value>
</property>
<property name="password">
<value></value>
</property>
</bean>
</beans>

63
sandbox/spring-security-config/src/test/resources/org/springframework/security/config/remember-me-defaults.xml
View File

@ -1,63 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
<!-- ======================== AUTHENTICATION ======================= -->
<!-- makes the filter, but does little else, as it auto-detects everything -->
<security:authentication-remember-me-filter id="rememberMeFilter" />
<!-- services should auto-detect UserDetails from app ctx if principalRepository was not specified; -->
<!-- key is optional; if unspecified, in the NamespaceHandler pick a rnd int and use for all unspecified key properties for acegi beans -->
<security:authentication-remember-me-services
id="rememberMeServices" key="someValue"
principalRepositoryBeanRef="userDetailsService" />
<!-- The rules are:
AuthenticationManager interface is implemented by ProviderManager
So if you have any auto-detection, create a ProviderManager definition
If ProviderManager.setProvider(List) is never called, auto-detect all AuthenticationProviders from app ctx, using Ordered to resolve their order
Every authentication mechanism OR provider must start with security:authentication-something
Use appropriate attrs and elements depending on provider or mechanism
-->
<!-- make it optional, if not supplied autodetect all auth-providers from app ctx, using Ordered to resolve their order -->
<security:authentication-mechanism id="authenticationManager">
<security:authentication-jdbc ref="authenticationRepository" />
</security:authentication-mechanism>
<!-- dao authentication provider -->
<security:authentication-repository id="authenticationRepository" />
<bean id="userDetailsService"
class="org.springframework.security.userdetails.jdbc.JdbcDaoImpl">
<property name="dataSource">
<ref bean="dataSource" />
</property>
</bean>
<bean id="dataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName">
<value>org.hsqldb.jdbcDriver</value>
</property>
<property name="url">
<value>jdbc:hsqldb:mem:test</value>
<!-- <value>jdbc:hsqldb:hsql://localhost/acl</value> -->
</property>
<property name="username">
<value>sa</value>
</property>
<property name="password">
<value></value>
</property>
</bean>
</beans>

21
sandbox/spring-security-config/src/test/resources/org/springframework/security/config/security-autoconfig-autodetect.xml
View File

@ -1,21 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
<!-- introspect all bean definitions for an explicit object of a "required" type, and if not found, add it. You can turn OFF ones you dont want added via attributes -->
<security:security-autoconfig exceptionTranslation="disable"
sessionContextIntegration="disable" logoutSupport="disable"
filterChain="disable" servletRequestEmulation="disabled"
anonyomousRoleGranter="disabled" />
</beans>

186
sandbox/spring-security-config/src/test/resources/org/springframework/security/config/security-namespaces.xml
View File

@ -1,186 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
<!-- introspect all bean definitions for an explicit object of a "required" type, and if not found, add it. You can turn OFF ones you dont want added via attributes -->
<security:security-autoconfig exceptionTranslation="disable"
sessionContextIntegration="disable" logoutSupport="disable"
filterChain="disable" servletRequestEmulation="disabled"
anonyomousRoleGranter="disabled" />
<!-- autodetect attribute is the default, and an exception is thrown if false, as the expectation is they will write their own legacy <beans> format
FilterChainProxy bean definition is dissatisfied with the auto approach. The auto approach simply creates a bean definition similar to that shown
below with the AUTODETECT_ALL_ORDERED_FILTERs. As suggested, this causes a runtime check of app ctx for all javax.servlet.Filter instances, and
for each that also implemented Ordered, these are automatically applied to the pattern shown (which is **/* in the case of autodetect=true).*-->
<security:filter-chain id="id" />
<bean id="dcdc" class="FilterChainProxy">
<property name="chainConfig">
<value>
**/*=AUTODETECT_ALL_ORDERED_FILTERS
**/*=filter1,filter2,filter3
</value>
</property>
</bean>
<!-- also provide an OrderedFilterAdapter, impls Filter and Ordered, and can be configured declaratively in Spring XML (eg SiteMesh), setOrder, setDelegate(Filter object) -->
<!-- creates a bean definition for an AccessDecisionManager; strategy defaults to AffirmativeBased;
superclass AbstractAccessDecisionManager requires refactoring so if no setProvider(List) given, it introspects app ctx for all AccessDecisionVoters
and uses their Ordered interface to apply them; if one doesn't implement Ordered, assume it is Integer.MAX_VALUE -->
<security:authorization-manager id="id"
strategy="consensus|unanimous|affirmative" />
<!-- ======================== AUTHENTICATION ======================= -->
<!-- sessionCreation defaults to ifRequired. -->
<security:session-context-integration
id="httpSessionContextIntegrationFilter"
sessionCreation="never|ifRequired|always" />
<!-- The rules are:
AuthenticationManager interface is implemented by ProviderManager
So if you have any auto-detection, create a ProviderManager definition
If ProviderManager.setProvider(List) is never called, auto-detect all AuthenticationProviders from app ctx, using Ordered to resolve their order
Every authentication mechanism OR provider must start with security:authentication-something
Use appropriate attrs and elements depending on provider or mechanism
-->
<security:authentication-repository id="id"
repositoryBeanRef="beanIdOfRepositoryIfUnspecifiedAutoDetectTheirUserDetailsInstance">
<security:salt-source
saltSourceBeanRef="beanRefOfAnExternalEncoder" />
<!-- or allow it to be written inline as an inner bean -->
<security:password-encoder
encoder="md5|md5Hex|sha|shaHex|custom"
encoderBeanRef="beanRefOfAnExternalEncoder" />
<!-- same story here, inner beans allowed -->
</security:authentication-repository>
<security:salt-source>
<security:system-wide systemWideSalt="12345" />
<security-reflection userPropertyToUse="sss" />
</security:salt-source>
<!-- the URLs are all mandatory and have no defaults (well, except authenticationUrl) -->
<security:authentication-form id="id" authenticationUrl="/login"
loginFormUrl="/login.html" errorFormUrl="error.html" />
<!-- AuthenticationEntryPoints handled across the system via Ordered interface; every Acegi entry point has an order; the highest order wins and
is used as the entry point by ExceptionTranslationFilter; for things like BasicAuthenticationfilter, they're smart enough to know they need a
BasicAuthenticationProcessingFilterEntryPoint, so they use that one; here we have an entryPointOrder to say when we make the BasicEntryPoint,
we will call setOrder(2) such that this app effectively will use somehing with a higher order as the app-wide default -->
<security:authentication-basic id="id"
realmName="Spring Security Application" entryPointOrder="2" />
<!-- This is used if they want an out-of-the-bx UserDetailsService; if they write their own, this goes away and they wire a legacy bean definition and then the various
beans depending on a UserDetailsService will auto-detect it at runtime OR provide a way of setUserDetailsService(UserDetailsService) if to specified explicitly.
If they fail to provide a repository, the security-autodetect will set one up for them with a few basic in-memory users and pwds -->
<security:principal-repository id="id">
<security:ldap
x="you can do the attributes and suitable nested elements" />
<security:jdbc
x="you can do the attributes and suitable nested elements" />
<security:properties
location="resourceStringToPropertiesFile">
<!-- if they specify a resource attrib, that means throw exception if they nest some user-definition data) -->
<security:user-definition username="ben"
password="nottellingYou" enabled="true"
it="more stuff if you want">
<security:granted-authority authority="ROLE_ANONYMOUS" />
<ref bean="fooBarAuthority" />
</security:user-definition>
</security:properties>
</security:principal-repository>
<!-- makes the filter, but does little else, as it auto-detects everything -->
<security:authentication-remember-me-filter id="id"
rememberMeServicesBeanRef="theId" />
<!-- services should auto-detect UserDetails from app ctx if principalRepository was not specified; key is handled in same way as discussed earlier -->
<security:authentication-remember-me-services id="id"
key="someValue" principalRepositoryBeanRef="jdbcDaoImpl" />
<!-- key is optional; if unspecified, in the NamespaceHandler pick a rnd int and use for all unspecified key properties for acegi beans -->
<security:anonymous-role-granter id="id" key="someValue">
<security:granted-authority authority="ROLE_ANONYMOUS" />
<ref bean="fooBarAuthority" />
</security:anonymous-role-granter>
<security:granted-authority id="fooBarAuthority"
authority="ROLE_FOOBAR" />
<!-- If LogoutFilter does not have setHandlers populated, introspect app ctx for LogoutHandlers, using Ordered (if present, otherwise assume Integer.MAX_VALUE) -->
<!-- The logoutUrl and redirectAfterLogout are both optional and default to that shown -->
<security:logout-support id="logoutFilter"
redirectAfterLogoutUrl="/" logoutUrl="/logout" />
<!-- ===================== HTTP CHANNEL REQUIREMENTS ==================== -->
<!-- channel security out of scope; they use existing bean definition format; the channel filter will auto-detect and use Ordered interface as discussed above -->
<!-- any kind of ACL support is out of scope; frankly it is too hard for 1.1.0 -->
<!-- ensure element name is not overlapping with portlet or spring web flow or tapestry URI patterns,
as this filter is incompatible with them -->
<security:authorization-http-url>
<security:url-mapping
source="xml - the default and no other options"
sourceBeanId="referenceToTheirObjectDefinitionSource">
<!-- Specify security:uri-patterns in order of processing; each pattern must specify EITHER a
regularExpression OR a path, but not both and ALL patterns in the url-mapping MUST be of the
SAME type (ie cannot mix a regular expression and Ant Path) - give exception if tried -->
<security:uri-pattern path="/index.jsp"
regularExpression="whatever">
<security:configuration-attribute attribute="ROLE_A" />
<ref
bean="someExternalConfigurationAttributeThatIsATopLevelBean" />
</security:uri-pattern>
<security:uri-pattern path="/**"
regularExperssion="whatever">
<security:configuration-attribute attribute="ROLE_A" />
<ref
bean="someExternalConfigurationAttributeThatIsATopLevelBean" />
</security:uri-pattern>
</security:url-mapping>
</security:authorization-http-url>
<!-- the source refers to use of the relevant concete ObjectDefinitionSource; user can alternately specify their own instance and refer to it
via the sourceBeanId property; in that case they must specify "custom"; if unspecified, it means it's described as nested elements using the
security:method-pattern element, and you will therefore create it via the MethodDefinitionSourceEditor (that is what the default source=xml means, too)
For aspectj and springAop, that means create a MethodSecurityInterceptor and AspectJSecurityInterceptor bean definition respectively (in the case of
springAop, also create a MethodDefinitionSourceAdvisor); defaults to springAop=true, aspectJ=false -->
<security:authorization-joinpoint aspectj="false|true"
springAop="true|false">
<security:url-mapping source="custom|xml|attributes|annotations"
sourceBeanId="referenceToTheirObjectDefinitionSource">
<security:method-pattern
type="com.foo.Bar.whateverMethodNamePattern">
<security:configuration-attribute attribute="ROLE_A" />
<ref
bean="someExternalConfigurationAttributeThatIsATopLevelBean" />
</security:method-pattern>
</security:url-mapping>
<!-- if get time, do a new security:pointcut-pattern -->
</security:authorization-joinpoint>
<!-- Basically accessDeniedUrl is optional, we if unspecified impl will auto-detect any AccessDeniedHandler in ctx and use it;
alternately if there are > 1 such handlers, we can nominate the one to use via accessDeniedBeanRef; provide nested elements for
other props; i do not mind if you move the access denied stuff to a sub-element -->
<security:exception-translation id="id"
accessDeniedUrl="/accessDenied.jsp"
accessDeniedBeanRef="theBeanToUse">
<security:entry-point path="/acegilogin.jsp" https="boolean" />
</security:exception-translation>
</beans>

63
sandbox/spring-security-config/src/test/resources/org/springframework/security/config/session-context-integration-defaults.xml
View File

@ -1,63 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
<!-- ======================== AUTHENTICATION ======================= -->
<!-- sessionCreation defaults to ifRequired(true) always(true) never(false) . -->
<security:session-context-integration id="httpSessionContextIntegrationFilter" sessionCreation="never" />
<!-- The rules are:
AuthenticationManager interface is implemented by ProviderManager
So if you have any auto-detection, create a ProviderManager definition
If ProviderManager.setProvider(List) is never called, auto-detect all AuthenticationProviders from app ctx, using Ordered to resolve their order
Every authentication mechanism OR provider must start with security:authentication-something
Use appropriate attrs and elements depending on provider or mechanism
-->
<!-- Case 1
<security:authentication-repository id="id" repositoryBeanRef="userDetails">
<security:salt-source
saltSourceBeanRef="beanRefOfAnExternalEncoder" />
or allow it to be written inline as an inner bean
<security:password-encoder
encoder="md5|md5Hex|sha|shaHex|custom"
encoderBeanRef="beanRefOfAnExternalEncoder" />
same story here, inner beans allowed
</security:authentication-repository>
<bean id="userDetails" class="org.springframework.security.userdetails.jdbc.JdbcDaoImpl">
<property name="dataSource"><ref bean="dataSource"/></property>
</bean>
Case 2: autodetect userDetails
<security:authentication-repository id="id">
<security:salt-source
saltSourceBeanRef="beanRefOfAnExternalEncoder" />
or allow it to be written inline as an inner bean
<security:password-encoder
encoder="md5|md5Hex|sha|shaHex|custom"
encoderBeanRef="beanRefOfAnExternalEncoder" />
same story here, inner beans allowed
</security:authentication-repository>
Case 3: inner beans
<security:authentication-repository id="id"
ref="userDetails">
<security:salt-source propertyName="propertyValue" />
or allow it to be written inline as an inner bean
<security:password-encoder encoder="md5" />
same story here, inner beans allowed
</security:authentication-repository>
--></beans>

2
sandbox/spring-security-config/src/test/resources/org/springframework/security/config/user.properties
View File

@ -1,2 +0,0 @@
vishal=ity,ROLE_ADMIN
ity=vishal,ROLE_TELLER,ROLE_PERMISSION_LIST