SEC-1440: Implement support for separate entry-point-ref on htt-basic namespace element. Changes ported from master branch.

config/src/main/java/org/springframework/security/config/SecurityNamespaceHandler.java

@@ -129,8 +129,8 @@ public final class SecurityNamespaceHandler implements NamespaceHandler {
 
     private boolean matchesVersionInternal(Element element) {
         String schemaLocation = element.getAttributeNS("http://www.w3.org/2001/XMLSchema-instance", "schemaLocation");
-        return schemaLocation.matches("(?m).*spring-security-3.0.xsd.*")
+        return schemaLocation.matches("(?m).*spring-security-3\\.0.*xsd.*")
-                 || schemaLocation.matches("(?m).*spring-security.xsd.*")
+                 || schemaLocation.matches("(?m).*spring-security\\.xsd.*")
                  || !schemaLocation.matches("(?m).*spring-security.*");
     }
 

config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java

@@ -81,7 +81,7 @@ final class AuthenticationConfigBuilder {
     private String rememberMeServicesId;
     private BeanReference rememberMeProviderRef;
     private BeanDefinition basicFilter;
-    private BeanDefinition basicEntryPoint;
+    private BeanReference basicEntryPoint;
     private RootBeanDefinition formFilter;
     private BeanDefinition formEntryPoint;
     private RootBeanDefinition openIDFilter;
@@ -256,25 +256,29 @@ final class AuthenticationConfigBuilder {
         }
 
         RootBeanDefinition filter = null;
-        RootBeanDefinition entryPoint = null;
 
         if (basicAuthElt != null || autoConfig) {
             BeanDefinitionBuilder filterBuilder = BeanDefinitionBuilder.rootBeanDefinition(BasicAuthenticationFilter.class);
-            entryPoint = new RootBeanDefinition(BasicAuthenticationEntryPoint.class);
+
+            String entryPointId;
+
+            if (basicAuthElt != null && StringUtils.hasText(basicAuthElt.getAttribute(ATT_ENTRY_POINT_REF))) {
+                basicEntryPoint = new RuntimeBeanReference(basicAuthElt.getAttribute(ATT_ENTRY_POINT_REF));
+            } else {
+                RootBeanDefinition entryPoint = new RootBeanDefinition(BasicAuthenticationEntryPoint.class);
                 entryPoint.setSource(pc.extractSource(httpElt));
-
                 entryPoint.getPropertyValues().addPropertyValue("realmName", realm);
-
+                entryPointId = pc.getReaderContext().generateBeanName(entryPoint);
-            String entryPointId = pc.getReaderContext().generateBeanName(entryPoint);
                 pc.registerBeanComponent(new BeanComponentDefinition(entryPoint, entryPointId));
+                basicEntryPoint = new RuntimeBeanReference(entryPointId);
+            }
 
             filterBuilder.addPropertyValue("authenticationManager", authManager);
-            filterBuilder.addPropertyValue("authenticationEntryPoint", new RuntimeBeanReference(entryPointId));
+            filterBuilder.addPropertyValue("authenticationEntryPoint", basicEntryPoint);
             filter = (RootBeanDefinition) filterBuilder.getBeanDefinition();
         }
 
         basicFilter = filter;
-        basicEntryPoint = entryPoint;
     }
 
     void createX509Filter(BeanReference authManager) {

config/src/main/resources/org/springframework/security/config/spring-security-3.0.3.rnc

@@ -273,7 +273,7 @@ http.attlist &=
     ## Optional attribute specifying the realm name that will be used for all authentication features that require a realm name (eg BASIC and Digest authentication). If unspecified, defaults to "Spring Security Application".
     attribute realm {xsd:token}?
 http.attlist &=
-    ## Allows a customized AuthenticationEntryPoint to be used.
+    ## Allows a customized AuthenticationEntryPoint to be set on the ExceptionTranslationFilter.
     attribute entry-point-ref {xsd:token}?
 http.attlist &=
     ## Corresponds to the observeOncePerRequest property of FilterSecurityInterceptor. Defaults to "true"
@@ -416,7 +416,10 @@ filter-invocation-definition-source =
 
 http-basic =
     ## Adds support for basic authentication (this is an element to permit future expansion, such as supporting an "ignoreFailure" attribute)
-    element http-basic {empty}
+    element http-basic {http-basic.attlist, empty}
+http-basic.attlist &=
+    ## Sets the AuthenticationEntryPoint which is used by the BasicAuthenticationFilter.
+    attribute entry-point-ref {xsd:token}?
 
 session-management =
     element session-management {session-management.attlist, concurrency-control?}

config/src/test/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParserTests.java

@@ -416,6 +416,21 @@ public class HttpSecurityBeanDefinitionParserTests {
         assertFalse(fsi.isObserveOncePerRequest());
     }
 
+    @Test
+    public void httpBasicSupportsSeparateEntryPoint() throws Exception {
+        setContext("<http><http-basic entry-point-ref='ep' /></http>" +
+                   "<b:bean id='ep' class='org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint'>" +
+                   "    <b:property name='realmName' value='whocares'/>" +
+                   "</b:bean>" + AUTH_PROVIDER_XML);
+
+        BasicAuthenticationFilter baf = getFilter(BasicAuthenticationFilter.class);
+        assertSame(appContext.getBean("ep"), FieldUtils.getFieldValue(baf, "authenticationEntryPoint"));
+        // Since no other authentication system is in use, this should also end up on the ETF
+        ExceptionTranslationFilter etf = getFilter(ExceptionTranslationFilter.class);
+        assertSame(appContext.getBean("ep"), FieldUtils.getFieldValue(etf, "authenticationEntryPoint"));
+    }
+
+
     @Test
     public void accessDeniedPageAttributeIsSupported() throws Exception {
         setContext("<http access-denied-page='/access-denied'><http-basic /></http>" + AUTH_PROVIDER_XML);

config/src/test/java/org/springframework/security/config/util/InMemoryXmlApplicationContext.java

@@ -22,11 +22,11 @@ public class InMemoryXmlApplicationContext extends AbstractXmlApplicationContext
     Resource inMemoryXml;
 
     public InMemoryXmlApplicationContext(String xml) {
-        this(xml, "3.0", null);
+        this(xml, "3.0.3", null);
     }
 
     public InMemoryXmlApplicationContext(String xml, ApplicationContext parent) {
-        this(xml, "3.0", parent);
+        this(xml, "3.0.3", parent);
     }
 
     public InMemoryXmlApplicationContext(String xml, String secVersion, ApplicationContext parent) {