SEC-271: removed autowiring by type and explicity introspected the applicationContext to detect the required dependencies of userDetailsService

2025-06-30 07:42:52 +00:00 · 2007-05-18 03:20:28 +00:00 · 2007-05-18 03:20:28 +00:00 · e3435da9ae
commit e3435da9ae
parent 803c687b5d
8 changed files with 203 additions and 178 deletions
--- a/core/src/main/java/org/acegisecurity/config/AuthenticationProviderOrderResolver.java
+++ b/core/src/main/java/org/acegisecurity/config/AuthenticationProviderOrderResolver.java
@ -1,15 +1,16 @@
 package org.acegisecurity.config;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.List;
 import java.util.Map;
 import org.acegisecurity.AuthenticationManager;
 import org.acegisecurity.providers.AuthenticationProvider;
 import org.springframework.beans.BeansException;
 import org.springframework.beans.factory.config.BeanFactoryPostProcessor;
 import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
 import org.springframework.beans.factory.support.ManagedList;
 import org.springframework.beans.factory.support.RootBeanDefinition;
 import org.springframework.core.OrderComparator;
@ -20,7 +21,7 @@ public class AuthenticationProviderOrderResolver implements BeanFactoryPostProce
 	 */
 	public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) throws BeansException {
 		// retrieve all the AuthenticationProvider instances
-		List providers = retrieveAllAuthenticationProviders(beanFactory);
+		ManagedList providers = retrieveAllAuthenticationProviders(beanFactory);
 		String[] names = beanFactory.getBeanNamesForType(AuthenticationManager.class);
 		RootBeanDefinition definition = (RootBeanDefinition)beanFactory.getBeanDefinition(names[0]);
 		definition.getPropertyValues().addPropertyValue("providers",providers);
@ -30,9 +31,13 @@ public class AuthenticationProviderOrderResolver implements BeanFactoryPostProce
 	 * @param beanFactory
 	 * @return
 	 */
-	private List retrieveAllAuthenticationProviders(ConfigurableListableBeanFactory beanFactory) {
+	private ManagedList retrieveAllAuthenticationProviders(ConfigurableListableBeanFactory beanFactory) {
-		Map m = beanFactory.getBeansOfType(AuthenticationProvider.class);
+		String[] m = beanFactory.getBeanNamesForType(AuthenticationProvider.class);
-		List l = new ArrayList(m.values());
+		ManagedList l = new ManagedList();
 		for(int i=0;i<m.length;i++){
 			RootBeanDefinition def = (RootBeanDefinition)beanFactory.getBeanDefinition(m[i]);
 			l.add(def);
 		}
 		Collections.sort(l, new OrderComparator());
 		return l;
 	}
--- a/core/src/main/java/org/acegisecurity/config/AuthenticationRepositoryBeanDefinitionParser.java
+++ b/core/src/main/java/org/acegisecurity/config/AuthenticationRepositoryBeanDefinitionParser.java
@ -7,6 +7,7 @@ import org.acegisecurity.providers.dao.DaoAuthenticationProvider;
 import org.acegisecurity.providers.dao.salt.ReflectionSaltSource;
 import org.acegisecurity.providers.dao.salt.SystemWideSaltSource;
 import org.acegisecurity.providers.encoding.Md5PasswordEncoder;
 import org.springframework.beans.factory.config.BeanDefinitionHolder;
 import org.springframework.beans.factory.config.RuntimeBeanReference;
 import org.springframework.beans.factory.support.AbstractBeanDefinition;
 import org.springframework.beans.factory.support.RootBeanDefinition;
@ -25,7 +26,8 @@ import org.w3c.dom.NodeList;
 */
 public class AuthenticationRepositoryBeanDefinitionParser extends AbstractBeanDefinitionParser {
-	//	~ Instance fields ================================================================================================
+	// ~ Instance fields
 	// ================================================================================================
 	private static final String REPOSITORY_BEAN_REF = "repositoryBeanRef";
@ -45,11 +47,8 @@ public class AuthenticationRepositoryBeanDefinitionParser extends AbstractBeanDe
 	private static final String PASSWORD_ENCODER = "encoder";
-	public static final String AUTOWIRE_AUTODETECT_VALUE = "autodetect";
+	// ~ Method
-	
+	// ================================================================================================
 	//	~ Method ================================================================================================
 	/**
 	 * TODO: Document Me !!!
 	 */
@ -58,17 +57,6 @@ public class AuthenticationRepositoryBeanDefinitionParser extends AbstractBeanDe
 		RootBeanDefinition repositoryBeanDef = new RootBeanDefinition(DaoAuthenticationProvider.class);
 		// if repositoryBeanRef is specified use its referred bean
 		String userDetailsRef = element.getAttribute(REPOSITORY_BEAN_REF);
 		if (StringUtils.hasLength(userDetailsRef)) {
 			repositoryBeanDef.getPropertyValues().addPropertyValue(USER_DETAILS_SERVICE,
 					new RuntimeBeanReference(userDetailsRef));
 		}
 		else {
 			// autodetect userDetailsService from App Context ? or we could even create this UserDetailsService BD with autodetection of dataSource hahaha Magic !!!
 			//repositoryBeanDef.getPropertyValues().addPropertyValue(USER_DETAILS_SERVICE,		new RuntimeBeanReference(USER_DETAILS_SERVICE));
 			repositoryBeanDef.setAutowireMode(AbstractBeanDefinition.AUTOWIRE_AUTODETECT);
 		}
 		// check if saltSource is defined
 		Element saltSourceEle = DomUtils.getChildElementByTagName(element, SALT_SOURCE_ELEMENT);
 		setSaltSourceProperty(repositoryBeanDef, saltSourceEle);
@ -76,6 +64,19 @@ public class AuthenticationRepositoryBeanDefinitionParser extends AbstractBeanDe
 		Element passwordEncoderEle = DomUtils.getChildElementByTagName(element, PASSWORD_ENCODER_ELEMENT);
 		setPasswordEncoderProperty(repositoryBeanDef, passwordEncoderEle);
 		// if repositoryBeanRef is specified use its referred bean
 		String userDetailsRef = element.getAttribute(REPOSITORY_BEAN_REF);
 		if (StringUtils.hasLength(userDetailsRef)) {
 			repositoryBeanDef.getPropertyValues().addPropertyValue(USER_DETAILS_SERVICE,
 					new RuntimeBeanReference(userDetailsRef));
 		}
 		else {
 			// autodetect userDetailsService from App Context
 			RootBeanDefinition depConfigurer = new RootBeanDefinition(
 					AuthenticationRepositoryDependenciesConfigurer.class);
 			BeanDefinitionHolder holder = new BeanDefinitionHolder(depConfigurer, parserContext.getReaderContext().generateBeanName(depConfigurer));
 			registerBeanDefinition(holder, parserContext.getRegistry());
 		}
 		return repositoryBeanDef;
 	}
@ -86,7 +87,8 @@ public class AuthenticationRepositoryBeanDefinitionParser extends AbstractBeanDe
 	 */
 	private void setSaltSourceProperty(RootBeanDefinition repositoryBeanDef, Element element) {
 		if (element != null) {
-			setBeanReferenceOrInnerBeanDefinitions(repositoryBeanDef, element, "saltSource",element.getAttribute(SALT_SOURCE_REF) );
+			setBeanReferenceOrInnerBeanDefinitions(repositoryBeanDef, element, "saltSource", element
 					.getAttribute(SALT_SOURCE_REF));
 		}
 	}
@ -97,9 +99,11 @@ public class AuthenticationRepositoryBeanDefinitionParser extends AbstractBeanDe
 	 */
 	private void setPasswordEncoderProperty(RootBeanDefinition repositoryBeanDef, Element element) {
 		if (element != null) {
-			setBeanReferenceOrInnerBeanDefinitions(repositoryBeanDef, element, "passwordEncoder",element.getAttribute(PASSWORD_ENCODER_REF) );
+			setBeanReferenceOrInnerBeanDefinitions(repositoryBeanDef, element, "passwordEncoder", element
 					.getAttribute(PASSWORD_ENCODER_REF));
 		}
 	}
 	/**
 	 * 
 	 * @param repositoryBeanDef
@ -107,7 +111,8 @@ public class AuthenticationRepositoryBeanDefinitionParser extends AbstractBeanDe
 	 * @param property
 	 * @param reference
 	 */
-	private void setBeanReferenceOrInnerBeanDefinitions(RootBeanDefinition repositoryBeanDef, Element element ,String property, String reference) {		
+	private void setBeanReferenceOrInnerBeanDefinitions(RootBeanDefinition repositoryBeanDef, Element element,
 			String property, String reference) {
 		// check for encoderBeanRef attribute
 		if (StringUtils.hasLength(reference)) {
 			repositoryBeanDef.getPropertyValues().addPropertyValue(property, new RuntimeBeanReference(reference));
@ -142,7 +147,8 @@ public class AuthenticationRepositoryBeanDefinitionParser extends AbstractBeanDe
 				}
 				if (PASSWORD_ENCODER.equals(node.getLocalName())) {
 					RootBeanDefinition passwordEncoderInnerBeanDefinition = createPasswordEncoder(childElement);
-					repositoryBeanDef.getPropertyValues().addPropertyValue(property, passwordEncoderInnerBeanDefinition);
+					repositoryBeanDef.getPropertyValues()
 							.addPropertyValue(property, passwordEncoderInnerBeanDefinition);
 				}
 			}
 		}
@ -170,7 +176,8 @@ public class AuthenticationRepositoryBeanDefinitionParser extends AbstractBeanDe
 	 */
 	private RootBeanDefinition createReflectionSaltSource(Element saltSourceTypeElement) {
 		RootBeanDefinition definition = new RootBeanDefinition(ReflectionSaltSource.class);
-		definition.getPropertyValues().addPropertyValue("userPropertyToUse", saltSourceTypeElement.getAttribute("userPropertyToUse"));
+		definition.getPropertyValues().addPropertyValue("userPropertyToUse",
 				saltSourceTypeElement.getAttribute("userPropertyToUse"));
 		return definition;
 	}
@ -181,11 +188,9 @@ public class AuthenticationRepositoryBeanDefinitionParser extends AbstractBeanDe
 	 */
 	private RootBeanDefinition createSystemWideSaltSource(Element saltSourceTypeElement) {
 		RootBeanDefinition definition = new RootBeanDefinition(SystemWideSaltSource.class);
-		definition.getPropertyValues().addPropertyValue("systemWideSalt", saltSourceTypeElement.getAttribute("systemWideSalt"));
+		definition.getPropertyValues().addPropertyValue("systemWideSalt",
 				saltSourceTypeElement.getAttribute("systemWideSalt"));
 		return definition;
 	}
 }
--- a/core/src/main/java/org/acegisecurity/config/RememberMeServicesBeanDefinitionParser.java
+++ b/core/src/main/java/org/acegisecurity/config/RememberMeServicesBeanDefinitionParser.java
@ -23,7 +23,7 @@ public class RememberMeServicesBeanDefinitionParser extends AbstractBeanDefiniti
 	private static final String PRINCIPAL_REPOSITORY_BEAN_REF = "principalRepositoryBeanRef";
-	private static final String USER_DETAILS_SERVICE = "userDetailsService";
+	private static final String USER_DETAILS_SERVICE_PROPERTY = "userDetailsService";
 	/*
 	 * key is optional; if unspecified, pick a rnd int and use for all unspecified key properties for acegi beans
@ -48,12 +48,13 @@ public class RememberMeServicesBeanDefinitionParser extends AbstractBeanDefiniti
 		//	 check if rememberMeServicesBeanRef is defined and if it's specified use its referred bean
 		String rememberMeServicesRef = element.getAttribute(PRINCIPAL_REPOSITORY_BEAN_REF);
 		if (StringUtils.hasLength(rememberMeServicesRef)) {
-			rememberMeServicesBeanDef.getPropertyValues().addPropertyValue(USER_DETAILS_SERVICE,
+			rememberMeServicesBeanDef.getPropertyValues().addPropertyValue(USER_DETAILS_SERVICE_PROPERTY,
 					new RuntimeBeanReference(rememberMeServicesRef));
 		}  
 		else {
-			// auto-detects everything
+			// register a bean definition parse
-			rememberMeServicesBeanDef.setAutowireMode(AbstractBeanDefinition.AUTOWIRE_AUTODETECT);
+			RootBeanDefinition configurer = new RootBeanDefinition(RemeberMeServicesDependenciesConfigurer.class);
 			parserContext.getReaderContext().registerWithGeneratedName(configurer);
 		}
 		return rememberMeServicesBeanDef;
 	}
--- a/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd
+++ b/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd
@ -125,16 +125,26 @@
 	</xsd:complexType>
 	<!-- Logout Filter -->
-	<xsd:element name="logout-support" type="LogoutFilter" />
+	<xsd:element name="logout-support">
-
+		<xsd:complexType>
 	<xsd:complexType name="LogoutFilter">
 			<!-- Write other attributes -->
-		<xsd:attribute name="id" type="xsd:ID" />
+			<xsd:attribute name="id" type="xsd:ID">
-		<xsd:attribute name="redirectAfterLogoutUrl" type="xsd:string"
+				<xsd:annotation>
-			default="/" />
+					<xsd:documentation>
 						<![CDATA[
 	The unique identifier for a bean.
 				]]>
 					</xsd:documentation>
 				</xsd:annotation>
 			</xsd:attribute>
 			<xsd:attribute name="redirectAfterLogoutUrl"
 				type="xsd:string" default="/" />
 			<xsd:attribute name="logoutUrl" type="xsd:string"
 				default="/logout" />
 				<xsd:anyAttribute namespace="##other" processContents="lax"/>
 		</xsd:complexType>
 	</xsd:element>
 	<!-- Exception Translation Filter -->
 	<xsd:element name="exception-translation"
--- a/core/src/test/java/org/acegisecurity/config/AuthenticationRepositoryParserTest.java
+++ b/core/src/test/java/org/acegisecurity/config/AuthenticationRepositoryParserTest.java
@ -27,9 +27,10 @@ import org.springframework.util.Assert;
 public class AuthenticationRepositoryParserTest extends TestCase {
 	public void testAuthenticationRepositoryDefaultWithAutoUserdetails() {
-		ApplicationContext context = new ClassPathXmlApplicationContext("org/acegisecurity/config/authentication-dao-defaults.xml");
+		ApplicationContext context = new ClassPathXmlApplicationContext(
-		ConfigurableListableBeanFactory clbf = 
+				"org/acegisecurity/config/authentication-dao-defaults.xml");
-			(ConfigurableListableBeanFactory)context.getAutowireCapableBeanFactory();
+		ConfigurableListableBeanFactory clbf = (ConfigurableListableBeanFactory) context
 				.getAutowireCapableBeanFactory();
 		String[] names = clbf.getBeanNamesForType(AuthenticationProvider.class);
 		assertEquals(1, names.length);
@ -44,15 +45,16 @@ public class AuthenticationRepositoryParserTest extends TestCase {
 	}
 	public void testCollaboratorsAsInnerBeans() {
-		ApplicationContext context = new ClassPathXmlApplicationContext("org/acegisecurity/config/authentication-innerbeans.xml");
+		ApplicationContext context = new ClassPathXmlApplicationContext(
-		ConfigurableListableBeanFactory clbf = (ConfigurableListableBeanFactory)context.getAutowireCapableBeanFactory();
+				"org/acegisecurity/config/authentication-innerbeans.xml");
 		ConfigurableListableBeanFactory clbf = (ConfigurableListableBeanFactory) context
 				.getAutowireCapableBeanFactory();
 		// get the main bean definition, there should be only one
 		String[] names = clbf.getBeanNamesForType(AuthenticationProvider.class);
 		assertEquals(1, names.length);
 		RootBeanDefinition definition = (RootBeanDefinition) clbf.getBeanDefinition(names[0]);
 		assertEquals(DaoAuthenticationProvider.class, definition.getBeanClass());
 		// get the 2 inner beans
 		PropertyValue saltSourceBean = definition.getPropertyValues().getPropertyValue("saltSource");
 		assertEquals("saltSource", saltSourceBean.getName());
@ -72,8 +74,10 @@ public class AuthenticationRepositoryParserTest extends TestCase {
 	}
 	public void testCollaboratorsAsBeanRef() {
-		ApplicationContext context = new ClassPathXmlApplicationContext("org/acegisecurity/config/authentication-beanRef-attributes.xml");
+		ApplicationContext context = new ClassPathXmlApplicationContext(
-		ConfigurableListableBeanFactory clbf = (ConfigurableListableBeanFactory)context.getAutowireCapableBeanFactory();
+				"org/acegisecurity/config/authentication-beanRef-attributes.xml");
 		ConfigurableListableBeanFactory clbf = (ConfigurableListableBeanFactory) context
 				.getAutowireCapableBeanFactory();
 		// get the main bean definition, there should be only one
 		String[] names = clbf.getBeanNamesForType(AuthenticationProvider.class);
 		assertEquals(1, names.length);
@ -105,7 +109,8 @@ public class AuthenticationRepositoryParserTest extends TestCase {
 	}
 	public void testAutodetectionOfUserDetailsService() {
-		ApplicationContext context = new ClassPathXmlApplicationContext("org/acegisecurity/config/authentication-defaults.xml");
+		ApplicationContext context = new ClassPathXmlApplicationContext(
 				"org/acegisecurity/config/authentication-defaults.xml");
 		DaoAuthenticationProvider provider = (DaoAuthenticationProvider) context.getBean("authenticationRepository");
 		assertNotNull(provider.getUserDetailsService());
 		assertNull(provider.getSaltSource());
--- a/core/src/test/resources/org/acegisecurity/config/logout-filter-with-handlers.xml
+++ b/core/src/test/resources/org/acegisecurity/config/logout-filter-with-handlers.xml
@ -13,8 +13,9 @@ http://www.springframework.org/schema/security http://www.springframework.org/sc
 	<!-- If LogoutFilter does not have setHandlers populated, introspect app ctx for LogoutHandlers, using Ordered (if present, otherwise assume Integer.MAX_VALUE) -->
 	<!-- The logoutUrl and redirectAfterLogout are both optional and default to that shown -->
-	<security:logout-support id="logoutFilter"
+	<security:logout-support id="logoutFilter" logoutUrl="/logout" redirectAfterLogoutUrl="/"/>
-		redirectAfterLogoutUrl="/" logoutUrl="/logout" />
+	
 	<security:authentication-remember-me-services
 		id="rememberMeServices" key="someValue" />
--- a/samples/pom.xml
+++ b/samples/pom.xml
@ -1,29 +1,25 @@
-<?xml version="1.0" encoding="ISO-8859-1"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 <project xmlns="http://maven.apache.org/POM/4.0.0"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
 <modelVersion>4.0.0</modelVersion>
 <groupId>org.acegisecurity</groupId>
 <artifactId>acegi-security-samples</artifactId>
 <packaging>pom</packaging>
 <version>1.1-SNAPSHOT</version>
 <name>acegi-security-samples</name>
 <parent>
   <groupId>org.acegisecurity</groupId>
   <artifactId>acegi-security-parent</artifactId>
   <version>1.1-SNAPSHOT</version>
 </parent>
  <artifactId>acegi-security-samples</artifactId>
  <name>Acegi Security System for Spring - Samples</name>
  <packaging>pom</packaging>
  <dependencies>
    <dependency>
      <groupId>org.acegisecurity</groupId>
      <artifactId>acegi-security-tiger</artifactId>
      <version>${project.version}</version>
    </dependency>
  </dependencies>
 <modules>
 <!--
   <module>acegifier</module>
   <module>annotations</module>
   <module>attributes</module>
   <module>contacts</module>
   <module>contacts-tiger</module>
   <module>dms</module>
 -->
   <module>tutorial</module>
 </modules>
 </project>
--- a/samples/tutorial/src/main/webapp/WEB-INF/applicationContext-acegi-security.xml
+++ b/samples/tutorial/src/main/webapp/WEB-INF/applicationContext-acegi-security.xml
@ -42,10 +42,11 @@
 	<!-- If LogoutFilter does not have setHandlers populated, introspect app ctx for LogoutHandlers, using Ordered (if present, otherwise assume Integer.MAX_VALUE) -->
 	<!-- The logoutUrl and redirectAfterLogout are both optional and default to that shown -->
-	<security:logout-support id="logoutFilter" redirectAfterLogoutUrl="/index.jsp" logoutUrl="/j_acegi_logout"/>
+	<security:logout-support id="logoutFilter"
 		redirectAfterLogoutUrl="/index.jsp" logoutUrl="/j_acegi_logout" />
 	<security:authentication-remember-me-services
-		id="rememberMeServices" key="someValue" principalRepositoryBeanRef="userDetailsService"/>
+		id="rememberMeServices" key="someValue" />
 	<bean id="securityContextLogoutHandler"
@ -60,7 +61,7 @@
 	<security:authentication-mechanism id="authenticationManager" />
 	<!-- dao authentication provider "authenticationRepository" -->
-	<security:authentication-repository id="daoAuthenticationProvider" repositoryBeanRef="userDetailsService"/>
+	<security:authentication-repository id="daoAuthenticationProvider" />
 	<!-- UserDetailsService is the most commonly frequently Acegi Security interface implemented by end users -->
@ -72,7 +73,8 @@
 		class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter" />
 	<!-- makes the filter, but does little else, as it auto-detects everything -->
-	<security:authentication-remember-me-filter id="rememberMeProcessingFilter" />
+	<security:authentication-remember-me-filter
 		id="rememberMeProcessingFilter" />
 	<bean id="anonymousProcessingFilter"
 		class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">