Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-01 09:42:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Tidying up to remove warnings (generics, use of deprecated test classes etc).

Browse Source
This commit is contained in:
Luke Taylor 2009-04-28 06:49:43 +00:00
parent f38c0eb675
commit e94baf38b3
27 changed files with 150 additions and 177 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
core/src/test/java/org/springframework/security/util/AuthorityUtilsTests.java
View File

@ -49,7 +49,7 @@ public class AuthorityUtilsTests {
@Test @Test
public void commaSeparatedStringIsParsedCorrectly() { public void commaSeparatedStringIsParsedCorrectly() {
List<GrantedAuthority> authorityArray = List<GrantedAuthority> authorityArray =
AuthorityUtils.commaSeparatedStringToAuthorityList(" ROLE_A, B, C, ROLE_D, E "); AuthorityUtils.commaSeparatedStringToAuthorityList(" ROLE_A, B, C, ROLE_D\n,\n E ");
Set<String> authorities = AuthorityUtils.authorityListToSet(authorityArray); Set<String> authorities = AuthorityUtils.authorityListToSet(authorityArray);

1
itest/context/src/main/java/org/springframework/security/integration/UserDetailsServiceImpl.java
View File

@ -7,6 +7,7 @@ import org.springframework.transaction.annotation.Transactional;
public class UserDetailsServiceImpl implements UserDetailsService { public class UserDetailsServiceImpl implements UserDetailsService {
@SuppressWarnings("unused")
private UserRepository userRepository; private UserRepository userRepository;
@Transactional(readOnly=true) @Transactional(readOnly=true)

25
itest/web/src/test/java/org/springframework/security/integration/AbstractWebServerIntegrationTests.java
View File

@ -25,7 +25,7 @@ public abstract class AbstractWebServerIntegrationTests {
private final Object SERVER_LOCK = new Object(); private final Object SERVER_LOCK = new Object();
protected final WebTester tester = new WebTester(); protected final WebTester tester = new WebTester();
/** /**
* Override to set the application context files that should be loaded or return null * Override to set the application context files that should be loaded or return null
* to use web.xml. * to use web.xml.
*/ */
@ -49,15 +49,16 @@ public abstract class AbstractWebServerIntegrationTests {
} }
} }
} }
@SuppressWarnings("unchecked")
protected WebAppContext createWebContext() { protected WebAppContext createWebContext() {
WebAppContext webCtx = new WebAppContext("src/main/webapp", getContextPath()); WebAppContext webCtx = new WebAppContext("src/main/webapp", getContextPath());
if (StringUtils.hasText(getContextConfigLocations())) { if (StringUtils.hasText(getContextConfigLocations())) {
webCtx.addEventListener(new ContextLoaderListener()); webCtx.addEventListener(new ContextLoaderListener());
webCtx.getInitParams().put("contextConfigLocation", getContextConfigLocations()); webCtx.getInitParams().put("contextConfigLocation", getContextConfigLocations());
} }
return webCtx; return webCtx;
} }
@ -70,12 +71,12 @@ public abstract class AbstractWebServerIntegrationTests {
server = null; server = null;
} }
} }
@AfterMethod @AfterMethod
public void resetWebConversation() { public void resetWebConversation() {
tester.getTestContext().setWebClient(new WebConversation()); tester.getTestContext().setWebClient(new WebConversation());
} }
private final String getBaseUrl() { private final String getBaseUrl() {
int port = server.getConnectors()[0].getLocalPort(); int port = server.getConnectors()[0].getLocalPort();
return "http://localhost:" + port + getContextPath() + "/"; return "http://localhost:" + port + getContextPath() + "/";
@ -84,7 +85,7 @@ public abstract class AbstractWebServerIntegrationTests {
protected final Object getBean(String beanName) { protected final Object getBean(String beanName) {
return getAppContext().getBean(beanName); return getAppContext().getBean(beanName);
} }
private WebApplicationContext getAppContext() { private WebApplicationContext getAppContext() {
ServletContext servletCtx = ((WebAppContext)server.getHandler()).getServletContext(); ServletContext servletCtx = ((WebAppContext)server.getHandler()).getServletContext();
WebApplicationContext appCtx = WebApplicationContext appCtx =
@ -116,14 +117,14 @@ public abstract class AbstractWebServerIntegrationTests {
tester.assertTextPresent(text); tester.assertTextPresent(text);
} }
// Security-specific utility methods // Security-specific utility methods
protected void login(String username, String password) { protected void login(String username, String password) {
assertFormPresent(); assertFormPresent();
setFormElement("j_username", username); setFormElement("j_username", username);
setFormElement("j_password", password); setFormElement("j_password", password);
submit(); submit();
} }
} }

3
openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java
View File

@ -59,9 +59,10 @@ public class OpenID4JavaConsumer implements OpenIDConsumer {
return beginConsumption(req, identityUrl, returnToUrl, returnToUrl); return beginConsumption(req, identityUrl, returnToUrl, returnToUrl);
} }
@SuppressWarnings("unchecked")
public String beginConsumption(HttpServletRequest req, String identityUrl, String returnToUrl, String realm) public String beginConsumption(HttpServletRequest req, String identityUrl, String returnToUrl, String realm)
throws OpenIDConsumerException { throws OpenIDConsumerException {
List discoveries; List<DiscoveryInformation> discoveries;
try { try {
discoveries = consumerManager.discover(identityUrl); discoveries = consumerManager.discover(identityUrl);

13
openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationProviderTests.java
View File

@ -15,20 +15,16 @@
package org.springframework.security.openid; package org.springframework.security.openid;
import junit.framework.TestCase; import junit.framework.TestCase;
import org.springframework.security.authentication.AuthenticationServiceException; import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.authority.GrantedAuthorityImpl;
import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.openid.AuthenticationCancelledException;
import org.springframework.security.openid.OpenIDAuthenticationProvider;
import org.springframework.security.openid.OpenIDAuthenticationStatus;
import org.springframework.security.openid.OpenIDAuthenticationToken;
/** /**
@ -201,10 +197,9 @@ public class OpenIDAuthenticationProviderTests extends TestCase {
} }
static class MockUserDetailsService implements UserDetailsService { static class MockUserDetailsService implements UserDetailsService {
public UserDetails loadUserByUsername(String ssoUserId) public UserDetails loadUserByUsername(String ssoUserId) throws AuthenticationException {
throws AuthenticationException {
return new User(ssoUserId, "password", true, true, true, true, return new User(ssoUserId, "password", true, true, true, true,
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_A"), new GrantedAuthorityImpl("ROLE_B")}); AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_B"));
} }
} }
} }

37
samples/contacts/src/main/java/sample/contact/ClientApplication.java
View File

@ -16,24 +16,18 @@
package sample.contact; package sample.contact;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.util.List;
import java.util.Map;
import org.springframework.beans.factory.ListableBeanFactory;
import org.springframework.context.support.FileSystemXmlApplicationContext;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.beans.factory.ListableBeanFactory;
import org.springframework.context.support.FileSystemXmlApplicationContext;
import org.springframework.util.StopWatch; import org.springframework.util.StopWatch;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
/** /**
* Demonstrates accessing the {@link ContactManager} via remoting protocols. * Demonstrates accessing the {@link ContactManager} via remoting protocols.
@ -57,13 +51,11 @@ public class ClientApplication {
public void invokeContactManager(Authentication authentication, int nrOfCalls) { public void invokeContactManager(Authentication authentication, int nrOfCalls) {
StopWatch stopWatch = new StopWatch(nrOfCalls + " ContactManager call(s)"); StopWatch stopWatch = new StopWatch(nrOfCalls + " ContactManager call(s)");
Map contactServices = this.beanFactory.getBeansOfType(ContactManager.class, true, true); Map<String, ContactManager> contactServices = this.beanFactory.getBeansOfType(ContactManager.class, true, true);
SecurityContextHolder.getContext().setAuthentication(authentication); SecurityContextHolder.getContext().setAuthentication(authentication);
for (Iterator it = contactServices.keySet().iterator(); it.hasNext();) { for (String beanName : contactServices.keySet()) {
String beanName = (String) it.next();
Object object = this.beanFactory.getBean("&" + beanName); Object object = this.beanFactory.getBean("&" + beanName);
try { try {
@ -91,12 +83,12 @@ public class ClientApplication {
} catch (IllegalAccessException ignored) {} } catch (IllegalAccessException ignored) {}
catch (InvocationTargetException ignored) {} catch (InvocationTargetException ignored) {}
ContactManager remoteContactManager = (ContactManager) contactServices.get(beanName); ContactManager remoteContactManager = contactServices.get(beanName);
System.out.println("Calling ContactManager '" + beanName + "'"); System.out.println("Calling ContactManager '" + beanName + "'");
stopWatch.start(beanName); stopWatch.start(beanName);
List contacts = null; List<Contact> contacts = null;
for (int i = 0; i < nrOfCalls; i++) { for (int i = 0; i < nrOfCalls; i++) {
contacts = remoteContactManager.getAll(); contacts = remoteContactManager.getAll();
@ -105,11 +97,8 @@ public class ClientApplication {
stopWatch.stop(); stopWatch.stop();
if (contacts.size() != 0) { if (contacts.size() != 0) {
Iterator listIterator = contacts.iterator(); for(Contact contact : contacts) {
System.out.println("Contact: " + contact);
while (listIterator.hasNext()) {
Contact contact = (Contact) listIterator.next();
System.out.println("Contact: " + contact.toString());
} }
} else { } else {
System.out.println("No contacts found which this user has permission to"); System.out.println("No contacts found which this user has permission to");

30
samples/contacts/src/main/java/sample/contact/ContactDaoSpring.java
View File

@ -70,7 +70,7 @@ public class ContactDaoSpring extends JdbcDaoSupport implements ContactDao {
} }
public Contact getById(Long id) { public Contact getById(Long id) {
List list = contactsByIdQuery.execute(id.longValue()); List<Contact> list = contactsByIdQuery.execute(id.longValue());
if (list.size() == 0) { if (list.size() == 0) {
return null; return null;
@ -89,24 +89,20 @@ public class ContactDaoSpring extends JdbcDaoSupport implements ContactDao {
contactsByIdQuery = new ContactsByIdQuery(getDataSource()); contactsByIdQuery = new ContactsByIdQuery(getDataSource());
} }
private String makeObjectIdentity(Contact contact) {
return contact.getClass().getName() + ":" + contact.getId();
}
public void update(Contact contact) { public void update(Contact contact) {
contactUpdate.update(contact); contactUpdate.update(contact);
} }
//~ Inner Classes ================================================================================================== //~ Inner Classes ==================================================================================================
protected class AclObjectIdentityByObjectIdentityQuery extends MappingSqlQuery { protected class AclObjectIdentityByObjectIdentityQuery extends MappingSqlQuery<Long> {
protected AclObjectIdentityByObjectIdentityQuery(DataSource ds) { protected AclObjectIdentityByObjectIdentityQuery(DataSource ds) {
super(ds, "SELECT id FROM acl_object_identity WHERE object_identity = ?"); super(ds, "SELECT id FROM acl_object_identity WHERE object_identity = ?");
declareParameter(new SqlParameter(Types.VARCHAR)); declareParameter(new SqlParameter(Types.VARCHAR));
compile(); compile();
} }
protected Object mapRow(ResultSet rs, int rownum) protected Long mapRow(ResultSet rs, int rownum)
throws SQLException { throws SQLException {
return new Long(rs.getLong("id")); return new Long(rs.getLong("id"));
} }
@ -172,14 +168,13 @@ public class ContactDaoSpring extends JdbcDaoSupport implements ContactDao {
} }
} }
protected class ContactsAllQuery extends MappingSqlQuery { protected class ContactsAllQuery extends MappingSqlQuery<Contact> {
protected ContactsAllQuery(DataSource ds) { protected ContactsAllQuery(DataSource ds) {
super(ds, "SELECT id, contact_name, email FROM contacts ORDER BY id"); super(ds, "SELECT id, contact_name, email FROM contacts ORDER BY id");
compile(); compile();
} }
protected Object mapRow(ResultSet rs, int rownum) protected Contact mapRow(ResultSet rs, int rownum) throws SQLException {
throws SQLException {
Contact contact = new Contact(); Contact contact = new Contact();
contact.setId(new Long(rs.getLong("id"))); contact.setId(new Long(rs.getLong("id")));
contact.setName(rs.getString("contact_name")); contact.setName(rs.getString("contact_name"));
@ -189,15 +184,14 @@ public class ContactDaoSpring extends JdbcDaoSupport implements ContactDao {
} }
} }
protected class ContactsByIdQuery extends MappingSqlQuery { protected class ContactsByIdQuery extends MappingSqlQuery<Contact> {
protected ContactsByIdQuery(DataSource ds) { protected ContactsByIdQuery(DataSource ds) {
super(ds, "SELECT id, contact_name, email FROM contacts WHERE id = ? ORDER BY id"); super(ds, "SELECT id, contact_name, email FROM contacts WHERE id = ? ORDER BY id");
declareParameter(new SqlParameter(Types.BIGINT)); declareParameter(new SqlParameter(Types.BIGINT));
compile(); compile();
} }
protected Object mapRow(ResultSet rs, int rownum) protected Contact mapRow(ResultSet rs, int rownum) throws SQLException {
throws SQLException {
Contact contact = new Contact(); Contact contact = new Contact();
contact.setId(new Long(rs.getLong("id"))); contact.setId(new Long(rs.getLong("id")));
contact.setName(rs.getString("contact_name")); contact.setName(rs.getString("contact_name"));
@ -238,26 +232,24 @@ public class ContactDaoSpring extends JdbcDaoSupport implements ContactDao {
} }
} }
protected class PrincipalsAllQuery extends MappingSqlQuery { protected class PrincipalsAllQuery extends MappingSqlQuery<String> {
protected PrincipalsAllQuery(DataSource ds) { protected PrincipalsAllQuery(DataSource ds) {
super(ds, "SELECT username FROM users ORDER BY username"); super(ds, "SELECT username FROM users ORDER BY username");
compile(); compile();
} }
protected Object mapRow(ResultSet rs, int rownum) protected String mapRow(ResultSet rs, int rownum) throws SQLException {
throws SQLException {
return rs.getString("username"); return rs.getString("username");
} }
} }
protected class RolesAllQuery extends MappingSqlQuery { protected class RolesAllQuery extends MappingSqlQuery<String> {
protected RolesAllQuery(DataSource ds) { protected RolesAllQuery(DataSource ds) {
super(ds, "SELECT DISTINCT authority FROM authorities ORDER BY authority"); super(ds, "SELECT DISTINCT authority FROM authorities ORDER BY authority");
compile(); compile();
} }
protected Object mapRow(ResultSet rs, int rownum) protected String mapRow(ResultSet rs, int rownum) throws SQLException {
throws SQLException {
return rs.getString("authority"); return rs.getString("authority");
} }
} }

2
samples/contacts/src/main/java/sample/contact/ContactManagerBackend.java
View File

@ -165,7 +165,7 @@ public class ContactManagerBackend extends ApplicationObjectSupport implements C
} }
Random rnd = new Random(); Random rnd = new Random();
List contacts = contactDao.findAll(); List<Contact> contacts = contactDao.findAll();
int getNumber = rnd.nextInt(contacts.size()); int getNumber = rnd.nextInt(contacts.size());
return (Contact) contacts.get(getNumber); return (Contact) contacts.get(getNumber);

4
samples/contacts/src/main/java/sample/contact/DataSourcePopulator.java
View File

@ -163,7 +163,7 @@ public class DataSourcePopulator implements InitializingBean {
// Create acl_object_identity rows (and also acl_class rows as needed // Create acl_object_identity rows (and also acl_class rows as needed
for (int i = 1; i < createEntities; i++) { for (int i = 1; i < createEntities; i++) {
final ObjectIdentity objectIdentity = new ObjectIdentityImpl(Contact.class, new Long(i)); final ObjectIdentity objectIdentity = new ObjectIdentityImpl(Contact.class, new Long(i));
tt.execute(new TransactionCallback() { tt.execute(new TransactionCallback<Object>() {
public Object doInTransaction(TransactionStatus arg0) { public Object doInTransaction(TransactionStatus arg0) {
mutableAclService.createAcl(objectIdentity); mutableAclService.createAcl(objectIdentity);
@ -263,7 +263,7 @@ public class DataSourcePopulator implements InitializingBean {
} }
private void updateAclInTransaction(final MutableAcl acl) { private void updateAclInTransaction(final MutableAcl acl) {
tt.execute(new TransactionCallback() { tt.execute(new TransactionCallback<Object>() {
public Object doInTransaction(TransactionStatus arg0) { public Object doInTransaction(TransactionStatus arg0) {
mutableAclService.updateAcl(acl); mutableAclService.updateAcl(acl);

28
samples/contacts/src/main/java/sample/contact/DeletePermissionController.java
View File

@ -14,22 +14,7 @@
*/ */
package sample.contact; package sample.contact;
import org.springframework.security.acls.AclService;
import org.springframework.security.acls.Permission;
import org.springframework.security.acls.domain.BasePermission;
import org.springframework.security.acls.sid.PrincipalSid;
import org.springframework.security.acls.sid.Sid;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.util.Assert;
import org.springframework.web.bind.ServletRequestUtils;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.mvc.Controller;
import java.io.IOException; import java.io.IOException;
import java.util.HashMap; import java.util.HashMap;
import java.util.Map; import java.util.Map;
@ -37,6 +22,17 @@ import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.acls.AclService;
import org.springframework.security.acls.Permission;
import org.springframework.security.acls.domain.BasePermission;
import org.springframework.security.acls.sid.PrincipalSid;
import org.springframework.security.acls.sid.Sid;
import org.springframework.util.Assert;
import org.springframework.web.bind.ServletRequestUtils;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.mvc.Controller;
/** /**
* Controller for deleting an ACL permission. * Controller for deleting an ACL permission.
@ -71,7 +67,7 @@ public class DeletePermissionController implements Controller, InitializingBean
contactManager.deletePermission(contact, sidObject, permission); contactManager.deletePermission(contact, sidObject, permission);
Map model = new HashMap(); Map<String, Object> model = new HashMap<String, Object>();
model.put("contact", contact); model.put("contact", contact);
model.put("sid", sidObject); model.put("sid", sidObject);
model.put("permission", permission); model.put("permission", permission);

2
samples/contacts/src/main/java/sample/contact/SecureIndexController.java
View File

@ -85,7 +85,7 @@ public class SecureIndexController implements Controller, InitializingBean {
permissionEvaluator.hasPermission(user, contact, HAS_ADMIN) ? Boolean.TRUE : Boolean.FALSE); permissionEvaluator.hasPermission(user, contact, HAS_ADMIN) ? Boolean.TRUE : Boolean.FALSE);
} }
Map model = new HashMap(); Map<String, Object> model = new HashMap<String, Object>();
model.put("contacts", myContactsList); model.put("contacts", myContactsList);
model.put("hasDeletePermission", hasDelete); model.put("hasDeletePermission", hasDelete);
model.put("hasAdminPermission", hasAdmin); model.put("hasAdminPermission", hasAdmin);

9
samples/dms/src/main/java/sample/dms/DataSourcePopulator.java
View File

@ -6,8 +6,7 @@ import org.springframework.beans.factory.InitializingBean;
import org.springframework.jdbc.core.JdbcTemplate; import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.authority.GrantedAuthorityImpl;
import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.transaction.PlatformTransactionManager; import org.springframework.transaction.PlatformTransactionManager;
import org.springframework.transaction.TransactionStatus; import org.springframework.transaction.TransactionStatus;
@ -74,8 +73,8 @@ public class DataSourcePopulator implements InitializingBean {
template.execute("INSERT INTO AUTHORITIES VALUES('jane','ROLE_USER');"); template.execute("INSERT INTO AUTHORITIES VALUES('jane','ROLE_USER');");
// Now create an ACL entry for the root directory // Now create an ACL entry for the root directory
SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken("rod", "ignored", new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_IGNORED")})); SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken("rod", "ignored", AuthorityUtils.createAuthorityList(("ROLE_IGNORED"))));
tt.execute(new TransactionCallback() { tt.execute(new TransactionCallback<Object>() {
public Object doInTransaction(TransactionStatus arg0) { public Object doInTransaction(TransactionStatus arg0) {
addPermission(documentDao, Directory.ROOT_DIRECTORY, "ROLE_USER", LEVEL_GRANT_WRITE); addPermission(documentDao, Directory.ROOT_DIRECTORY, "ROLE_USER", LEVEL_GRANT_WRITE);
return null; return null;
@ -147,4 +146,4 @@ public class DataSourcePopulator implements InitializingBean {
* @param level based on the static final integer fields on this class * @param level based on the static final integer fields on this class
*/ */
protected void addPermission(DocumentDao documentDao, AbstractElement element, String recipient, int level) {} protected void addPermission(DocumentDao documentDao, AbstractElement element, String recipient, int level) {}
} }

2
samples/dms/src/main/java/sample/dms/secured/SecureDataSourcePopulator.java
View File

@ -38,7 +38,7 @@ public class SecureDataSourcePopulator extends DataSourcePopulator {
Assert.notNull(SecurityContextHolder.getContext().getAuthentication(), "SecurityContextHolder must contain an Authentication"); Assert.notNull(SecurityContextHolder.getContext().getAuthentication(), "SecurityContextHolder must contain an Authentication");
// We need SecureDocumentDao to assign different permissions // We need SecureDocumentDao to assign different permissions
SecureDocumentDao dao = (SecureDocumentDao) documentDao; //SecureDocumentDao dao = (SecureDocumentDao) documentDao;
// We need to construct an ACL-specific Sid. Note the prefix contract is defined on the superclass method's JavaDocs // We need to construct an ACL-specific Sid. Note the prefix contract is defined on the superclass method's JavaDocs
Sid sid = null; Sid sid = null;

4
samples/dms/src/main/java/sample/dms/secured/SecureDocumentDaoImpl.java
View File

@ -34,8 +34,8 @@ public class SecureDocumentDaoImpl extends DocumentDaoImpl implements SecureDocu
} }
public String[] getUsers() { public String[] getUsers() {
return (String[]) getJdbcTemplate().query(SELECT_FROM_USERS, new RowMapper() { return (String[]) getJdbcTemplate().query(SELECT_FROM_USERS, new RowMapper<String>() {
public Object mapRow(ResultSet rs, int rowNumber) throws SQLException { public String mapRow(ResultSet rs, int rowNumber) throws SQLException {
return rs.getString("USERNAME"); return rs.getString("USERNAME");
} }
}).toArray(new String[] {}); }).toArray(new String[] {});

38
samples/dms/src/main/resources/applicationContext-dms-insecure.xml
View File

@ -9,6 +9,10 @@
<beans> <beans>
<bean id="jdbcTemplate" class="org.springframework.jdbc.core.JdbcTemplate">
<property name="dataSource" ref="dataSource"/>
</bean>
<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource"> <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="org.hsqldb.jdbcDriver"/> <property name="driverClassName" value="org.hsqldb.jdbcDriver"/>
<property name="url" value="jdbc:hsqldb:mem:insecuredms"/> <property name="url" value="jdbc:hsqldb:mem:insecuredms"/>
@ -16,23 +20,23 @@
<property name="password" value=""/> <property name="password" value=""/>
</bean> </bean>
<bean id="transactionInterceptor" class="org.springframework.transaction.interceptor.TransactionInterceptor"> <bean id="transactionInterceptor" class="org.springframework.transaction.interceptor.TransactionInterceptor">
<property name="transactionAttributeSource"> <property name="transactionAttributeSource">
<value> <value>
sample.dms.DocumentDao.*=PROPAGATION_REQUIRED sample.dms.DocumentDao.*=PROPAGATION_REQUIRED
</value> </value>
</property> </property>
<property name="transactionManager" ref="transactionManager" /> <property name="transactionManager" ref="transactionManager" />
</bean> </bean>
<bean id="documentDao" class="sample.dms.DocumentDaoImpl"> <bean id="documentDao" class="sample.dms.DocumentDaoImpl">
<property name="dataSource" ref="dataSource"/> <property name="dataSource" ref="dataSource"/>
</bean> </bean>
<bean id="dataSourcePopulator" class="sample.dms.DataSourcePopulator"> <bean id="dataSourcePopulator" class="sample.dms.DataSourcePopulator">
<constructor-arg ref="dataSource"/> <constructor-arg ref="dataSource"/>
<constructor-arg ref="documentDao"/> <constructor-arg ref="documentDao"/>
<constructor-arg ref="transactionManager"/> <constructor-arg ref="transactionManager"/>
</bean> </bean>
</beans> </beans>

3
samples/dms/src/main/resources/applicationContext-dms-secure.xml
View File

@ -8,6 +8,9 @@
--> -->
<beans> <beans>
<bean id="jdbcTemplate" class="org.springframework.jdbc.core.JdbcTemplate">
<property name="dataSource" ref="dataSource"/>
</bean>
<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource"> <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="org.hsqldb.jdbcDriver"/> <property name="driverClassName" value="org.hsqldb.jdbcDriver"/>

24
samples/dms/src/test/java/DmsIntegrationTests.java
View File

@ -1,6 +1,13 @@
import static org.junit.Assert.*;
import org.junit.After;
import org.junit.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.test.AbstractTransactionalDataSourceSpringContextTests; import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.AbstractTransactionalJUnit4SpringContextTests;
import sample.dms.AbstractElement; import sample.dms.AbstractElement;
import sample.dms.Directory; import sample.dms.Directory;
@ -13,14 +20,21 @@ import sample.dms.DocumentDao;
* @version $Id$ * @version $Id$
* *
*/ */
public class DmsIntegrationTests extends AbstractTransactionalDataSourceSpringContextTests { @ContextConfiguration(locations={"classpath:applicationContext-dms-shared.xml", "classpath:applicationContext-dms-insecure.xml"})
public class DmsIntegrationTests extends AbstractTransactionalJUnit4SpringContextTests{
@Autowired
protected JdbcTemplate jdbcTemplate;
@Autowired
protected DocumentDao documentDao; protected DocumentDao documentDao;
protected String[] getConfigLocations() { protected String[] getConfigLocations() {
return new String[] {"classpath:applicationContext-dms-shared.xml", "classpath:applicationContext-dms-insecure.xml"}; return new String[] {"classpath:applicationContext-dms-shared.xml", "classpath:applicationContext-dms-insecure.xml"};
} }
protected void onTearDown() throws Exception { @After
public void clearContext() {
SecurityContextHolder.clearContext(); SecurityContextHolder.clearContext();
} }
@ -28,20 +42,24 @@ public class DmsIntegrationTests extends AbstractTransactionalDataSourceSpringCo
this.documentDao = documentDao; this.documentDao = documentDao;
} }
@Test
public void testBasePopulation() { public void testBasePopulation() {
assertEquals(9, jdbcTemplate.queryForInt("select count(id) from DIRECTORY")); assertEquals(9, jdbcTemplate.queryForInt("select count(id) from DIRECTORY"));
assertEquals(90, jdbcTemplate.queryForInt("select count(id) from FILE")); assertEquals(90, jdbcTemplate.queryForInt("select count(id) from FILE"));
assertEquals(3, documentDao.findElements(Directory.ROOT_DIRECTORY).length); assertEquals(3, documentDao.findElements(Directory.ROOT_DIRECTORY).length);
} }
@Test
public void testMarissaRetrieval() { public void testMarissaRetrieval() {
process("rod", "koala", false); process("rod", "koala", false);
} }
@Test
public void testScottRetrieval() { public void testScottRetrieval() {
process("scott", "wombat", false); process("scott", "wombat", false);
} }
@Test
public void testDianneRetrieval() { public void testDianneRetrieval() {
process("dianne", "emu", false); process("dianne", "emu", false);
} }

14
samples/dms/src/test/java/SecureDmsIntegrationTests.java
View File

@ -1,4 +1,7 @@
import org.springframework.security.acls.AclService; import static org.junit.Assert.assertEquals;
import org.junit.Test;
import org.springframework.test.context.ContextConfiguration;
@ -9,18 +12,17 @@ import org.springframework.security.acls.AclService;
* @version $Id$ * @version $Id$
* *
*/ */
@ContextConfiguration(locations={"classpath:applicationContext-dms-shared.xml", "classpath:applicationContext-dms-secure.xml"})
public class SecureDmsIntegrationTests extends DmsIntegrationTests { public class SecureDmsIntegrationTests extends DmsIntegrationTests {
private AclService aclService; // @Autowired
// private AclService aclService;
public void setAclService(AclService aclService) {
this.aclService = aclService;
}
protected String[] getConfigLocations() { protected String[] getConfigLocations() {
return new String[] {"classpath:applicationContext-dms-shared.xml", "classpath:applicationContext-dms-secure.xml"}; return new String[] {"classpath:applicationContext-dms-shared.xml", "classpath:applicationContext-dms-secure.xml"};
} }
@Test
public void testBasePopulation() { public void testBasePopulation() {
assertEquals(9, jdbcTemplate.queryForInt("select count(id) from DIRECTORY")); assertEquals(9, jdbcTemplate.queryForInt("select count(id) from DIRECTORY"));
assertEquals(90, jdbcTemplate.queryForInt("select count(id) from FILE")); assertEquals(90, jdbcTemplate.queryForInt("select count(id) from FILE"));

5
samples/tutorial/src/main/java/bigbank/web/ListAccounts.java
View File

@ -3,7 +3,6 @@ package bigbank.web;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
import org.springframework.util.Assert; import org.springframework.util.Assert;
import org.springframework.web.servlet.ModelAndView; import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.mvc.Controller; import org.springframework.web.servlet.mvc.Controller;
@ -13,7 +12,7 @@ import bigbank.BankService;
public class ListAccounts implements Controller { public class ListAccounts implements Controller {
private BankService bankService; private BankService bankService;
public ListAccounts(BankService bankService) { public ListAccounts(BankService bankService) {
Assert.notNull(bankService); Assert.notNull(bankService);
this.bankService = bankService; this.bankService = bankService;
@ -24,7 +23,7 @@ public class ListAccounts implements Controller {
// if (request.getUserPrincipal() == null) { // if (request.getUserPrincipal() == null) {
// throw new AuthenticationCredentialsNotFoundException("You must login to view the account list (Spring Security message)"); // only for Spring Security managed authentication // throw new AuthenticationCredentialsNotFoundException("You must login to view the account list (Spring Security message)"); // only for Spring Security managed authentication
// } // }
// Actual business logic // Actual business logic
ModelAndView mav = new ModelAndView("listAccounts"); ModelAndView mav = new ModelAndView("listAccounts");
mav.addObject("accounts", bankService.findAccounts()); mav.addObject("accounts", bankService.findAccounts());

1
taglibs/src/main/java/org/springframework/security/taglibs/authz/AccessControlListTag.java
View File

@ -169,6 +169,7 @@ public class AccessControlListTag extends TagSupport {
return hasPermission; return hasPermission;
} }
@SuppressWarnings("unchecked")
private void initializeIfRequired() throws JspException { private void initializeIfRequired() throws JspException {
if (applicationContext != null) { if (applicationContext != null) {
return; return;

60
taglibs/src/main/java/org/springframework/security/taglibs/authz/AuthorizeTag.java
View File

@ -18,7 +18,6 @@ package org.springframework.security.taglibs.authz;
import java.util.Collection; import java.util.Collection;
import java.util.Collections; import java.util.Collections;
import java.util.HashSet; import java.util.HashSet;
import java.util.Iterator;
import java.util.Set; import java.util.Set;
import javax.servlet.jsp.JspException; import javax.servlet.jsp.JspException;
@ -27,9 +26,9 @@ import javax.servlet.jsp.tagext.TagSupport;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.authority.GrantedAuthorityImpl; import org.springframework.security.core.authority.GrantedAuthorityImpl;
import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.util.StringUtils;
import org.springframework.web.util.ExpressionEvaluationUtils; import org.springframework.web.util.ExpressionEvaluationUtils;
@ -49,12 +48,10 @@ public class AuthorizeTag extends TagSupport {
//~ Methods ======================================================================================================== //~ Methods ========================================================================================================
private Set authoritiesToRoles(Collection c) { private Set<String> authoritiesToRoles(Collection<GrantedAuthority> c) {
Set target = new HashSet(); Set<String> target = new HashSet<String>();
for (Iterator iterator = c.iterator(); iterator.hasNext();) {
GrantedAuthority authority = (GrantedAuthority) iterator.next();
for (GrantedAuthority authority : c) {
if (null == authority.getAuthority()) { if (null == authority.getAuthority()) {
throw new IllegalArgumentException( throw new IllegalArgumentException(
"Cannot process GrantedAuthority objects which return null from getAuthority() - attempting to process " "Cannot process GrantedAuthority objects which return null from getAuthority() - attempting to process "
@ -73,13 +70,13 @@ public class AuthorizeTag extends TagSupport {
return Tag.SKIP_BODY; return Tag.SKIP_BODY;
} }
final Collection granted = getPrincipalAuthorities(); final Collection<GrantedAuthority> granted = getPrincipalAuthorities();
final String evaledIfNotGranted = ExpressionEvaluationUtils.evaluateString("ifNotGranted", ifNotGranted, final String evaledIfNotGranted = ExpressionEvaluationUtils.evaluateString("ifNotGranted", ifNotGranted,
pageContext); pageContext);
if ((null != evaledIfNotGranted) && !"".equals(evaledIfNotGranted)) { if ((null != evaledIfNotGranted) && !"".equals(evaledIfNotGranted)) {
Set grantedCopy = retainAll(granted, parseAuthoritiesString(evaledIfNotGranted)); Set<GrantedAuthority> grantedCopy = retainAll(granted, parseAuthoritiesString(evaledIfNotGranted));
if (!grantedCopy.isEmpty()) { if (!grantedCopy.isEmpty()) {
return Tag.SKIP_BODY; return Tag.SKIP_BODY;
@ -99,7 +96,7 @@ public class AuthorizeTag extends TagSupport {
pageContext); pageContext);
if ((null != evaledIfAnyGranted) && !"".equals(evaledIfAnyGranted)) { if ((null != evaledIfAnyGranted) && !"".equals(evaledIfAnyGranted)) {
Set grantedCopy = retainAll(granted, parseAuthoritiesString(evaledIfAnyGranted)); Set<GrantedAuthority> grantedCopy = retainAll(granted, parseAuthoritiesString(evaledIfAnyGranted));
if (grantedCopy.isEmpty()) { if (grantedCopy.isEmpty()) {
return Tag.SKIP_BODY; return Tag.SKIP_BODY;
@ -135,20 +132,9 @@ public class AuthorizeTag extends TagSupport {
return currentUser.getAuthorities(); return currentUser.getAuthorities();
} }
private Set parseAuthoritiesString(String authorizationsString) { private Set<GrantedAuthority> parseAuthoritiesString(String authorizationsString) {
final Set requiredAuthorities = new HashSet(); final Set<GrantedAuthority> requiredAuthorities = new HashSet<GrantedAuthority>();
final String[] authorities = StringUtils.commaDelimitedListToStringArray(authorizationsString); requiredAuthorities.addAll(AuthorityUtils.commaSeparatedStringToAuthorityList(authorizationsString));
for (int i = 0; i < authorities.length; i++) {
String authority = authorities[i];
// Remove the role's whitespace characters without depending on JDK 1.4+
// Includes space, tab, new line, carriage return and form feed.
String role = authority.trim(); // trim, don't use spaces, as per SEC-378
role = StringUtils.deleteAny(role, "\t\n\r\f");
requiredAuthorities.add(new GrantedAuthorityImpl(role));
}
return requiredAuthorities; return requiredAuthorities;
} }
@ -161,39 +147,31 @@ public class AuthorizeTag extends TagSupport {
* invalidating {@link Collection#retainAll(java.util.Collection)} results.</p> * invalidating {@link Collection#retainAll(java.util.Collection)} results.</p>
* <p> * <p>
* <strong>CAVEAT</strong>: This method <strong>will not</strong> work if the granted authorities * <strong>CAVEAT</strong>: This method <strong>will not</strong> work if the granted authorities
* returns a <code>null</code> string as the return value of {@link * returns a <code>null</code> string as the return value of {@link GrantedAuthority#getAuthority()}.
* org.springframework.security.core.GrantedAuthority#getAuthority()}.
* </p> * </p>
* <p>Reported by rawdave, on Fri Feb 04, 2005 2:11 pm in the Spring Security forum.</p>
* *
* @param granted The authorities granted by the authentication. May be any implementation of {@link * @param granted The authorities granted by the authentication. May be any implementation of {@link
* GrantedAuthority} that does <strong>not</strong> return <code>null</code> from {@link * GrantedAuthority} that does <strong>not</strong> return <code>null</code> from {@link
* org.springframework.security.core.GrantedAuthority#getAuthority()}. * GrantedAuthority#getAuthority()}.
* @param required A {@link Set} of {@link GrantedAuthorityImpl}s that have been built using ifAny, ifAll or * @param required A {@link Set} of {@link GrantedAuthorityImpl}s that have been built using ifAny, ifAll or
* ifNotGranted. * ifNotGranted.
* *
* @return A set containing only the common authorities between <var>granted</var> and <var>required</var>. * @return A set containing only the common authorities between <var>granted</var> and <var>required</var>.
* *
* @see <a href="http://forum.springframework.org/viewtopic.php?t=3367">authz:authorize ifNotGranted not behaving
* as expected</a> TODO: wrong article Url
*/ */
private Set retainAll(final Collection granted, final Set required) { private Set<GrantedAuthority> retainAll(final Collection<GrantedAuthority> granted, final Set<GrantedAuthority> required) {
Set grantedRoles = authoritiesToRoles(granted); Set<String> grantedRoles = authoritiesToRoles(granted);
Set requiredRoles = authoritiesToRoles(required); Set<String> requiredRoles = authoritiesToRoles(required);
grantedRoles.retainAll(requiredRoles); grantedRoles.retainAll(requiredRoles);
return rolesToAuthorities(grantedRoles, granted); return rolesToAuthorities(grantedRoles, granted);
} }
private Set rolesToAuthorities(Set grantedRoles, Collection granted) { private Set<GrantedAuthority> rolesToAuthorities(Set<String> grantedRoles, Collection<GrantedAuthority> granted) {
Set target = new HashSet(); Set<GrantedAuthority> target = new HashSet<GrantedAuthority>();
for (Iterator iterator = grantedRoles.iterator(); iterator.hasNext();) {
String role = (String) iterator.next();
for (Iterator grantedIterator = granted.iterator(); grantedIterator.hasNext();) {
GrantedAuthority authority = (GrantedAuthority) grantedIterator.next();
for (String role : grantedRoles) {
for (GrantedAuthority authority : granted) {
if (authority.getAuthority().equals(role)) { if (authority.getAuthority().equals(role)) {
target.add(authority); target.add(authority);

7
taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthenticationTagTests.java
View File

@ -15,18 +15,17 @@
package org.springframework.security.taglibs.authz; package org.springframework.security.taglibs.authz;
import javax.servlet.jsp.JspException;
import javax.servlet.jsp.tagext.Tag;
import junit.framework.TestCase; import junit.framework.TestCase;
import org.springframework.security.authentication.TestingAuthenticationToken; import org.springframework.security.authentication.TestingAuthenticationToken;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.User;
import javax.servlet.jsp.JspException;
import javax.servlet.jsp.tagext.Tag;
/** /**
* Tests {@link AuthenticationTag}. * Tests {@link AuthenticationTag}.

4
taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthorizeTagTests.java
View File

@ -78,7 +78,7 @@ public class AuthorizeTagTests extends TestCase {
} }
public void testOutputsBodyWhenAllGranted() throws JspException { public void testOutputsBodyWhenAllGranted() throws JspException {
authorizeTag.setIfAllGranted("ROLE SUPERVISOR,ROLE_TELLER"); authorizeTag.setIfAllGranted("ROLE SUPERVISOR, \nROLE_TELLER");
assertEquals("allows request - all required roles granted on principal", Tag.EVAL_BODY_INCLUDE, assertEquals("allows request - all required roles granted on principal", Tag.EVAL_BODY_INCLUDE,
authorizeTag.doStartTag()); authorizeTag.doStartTag());
} }
@ -102,7 +102,7 @@ public class AuthorizeTagTests extends TestCase {
} }
public void testSkipsBodyWhenMissingAnAllGranted() throws JspException { public void testSkipsBodyWhenMissingAnAllGranted() throws JspException {
authorizeTag.setIfAllGranted("ROLE SUPERVISOR,ROLE_TELLER,ROLE_BANKER"); authorizeTag.setIfAllGranted("ROLE SUPERVISOR, ROLE_TELLER,\n\rROLE_BANKER");
assertEquals("prevents request - missing ROLE_BANKER on principal", Tag.SKIP_BODY, authorizeTag.doStartTag()); assertEquals("prevents request - missing ROLE_BANKER on principal", Tag.SKIP_BODY, authorizeTag.doStartTag());
} }

1
taglibs/src/test/java/org/springframework/security/taglibs/velocity/AuthzImplTests.java
View File

@ -19,7 +19,6 @@ import junit.framework.TestCase;
import org.springframework.security.authentication.TestingAuthenticationToken; import org.springframework.security.authentication.TestingAuthenticationToken;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.User;

1
web/src/main/java/org/springframework/security/web/util/UrlUtils.java
View File

@ -18,7 +18,6 @@ package org.springframework.security.web.util;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import org.springframework.security.web.FilterInvocation; import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.savedrequest.SavedRequest;
/** /**

5
web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests.java
View File

@ -10,16 +10,13 @@ import javax.servlet.http.HttpServletRequest;
import junit.framework.TestCase; import junit.framework.TestCase;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.mapping.Attributes2GrantedAuthoritiesMapper; import org.springframework.security.core.authority.mapping.Attributes2GrantedAuthoritiesMapper;
import org.springframework.security.core.authority.mapping.MappableAttributesRetriever; import org.springframework.security.core.authority.mapping.MappableAttributesRetriever;
import org.springframework.security.core.authority.mapping.SimpleAttributes2GrantedAuthoritiesMapper; import org.springframework.security.core.authority.mapping.SimpleAttributes2GrantedAuthoritiesMapper;
import org.springframework.security.core.authority.mapping.SimpleMappableAttributesRetriever; import org.springframework.security.core.authority.mapping.SimpleMappableAttributesRetriever;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails; import org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails;
import org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.util.StringUtils;
/** /**
* *

2
web/src/test/java/org/springframework/security/web/session/MockApplicationListener.java
View File

@ -26,7 +26,7 @@ import org.springframework.security.web.session.HttpSessionDestroyedEvent;
* *
* @author Ray Krueger * @author Ray Krueger
*/ */
public class MockApplicationListener implements ApplicationListener { public class MockApplicationListener implements ApplicationListener<ApplicationEvent> {
//~ Instance fields ================================================================================================ //~ Instance fields ================================================================================================
private HttpSessionCreatedEvent createdEvent; private HttpSessionCreatedEvent createdEvent;