SEC-1440: Implement support for separate entry-point-ref on htt-basic namespace element. Changes ported from master branch.

2025-06-26 22:02:41 +00:00 · 2010-03-26 14:00:21 +00:00 · 2010-03-26 14:00:21 +00:00 · f000aaa7e8
commit f000aaa7e8
parent 634e340d80
6 changed files with 1485 additions and 97 deletions
--- a/config/src/main/java/org/springframework/security/config/SecurityNamespaceHandler.java
+++ b/config/src/main/java/org/springframework/security/config/SecurityNamespaceHandler.java
@ -129,8 +129,8 @@ public final class SecurityNamespaceHandler implements NamespaceHandler {

    private boolean matchesVersionInternal(Element element) {
        String schemaLocation = element.getAttributeNS("http://www.w3.org/2001/XMLSchema-instance", "schemaLocation");
-        return schemaLocation.matches("(?m).*spring-security-3.0.xsd.*")
-                 || schemaLocation.matches("(?m).*spring-security.xsd.*")
+        return schemaLocation.matches("(?m).*spring-security-3\\.0.*xsd.*")
+                 || schemaLocation.matches("(?m).*spring-security\\.xsd.*")
                 || !schemaLocation.matches("(?m).*spring-security.*");
    }

--- a/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java
+++ b/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java
@ -81,7 +81,7 @@ final class AuthenticationConfigBuilder {
    private String rememberMeServicesId;
    private BeanReference rememberMeProviderRef;
    private BeanDefinition basicFilter;
-    private BeanDefinition basicEntryPoint;
+    private BeanReference basicEntryPoint;
    private RootBeanDefinition formFilter;
    private BeanDefinition formEntryPoint;
    private RootBeanDefinition openIDFilter;
@ -256,25 +256,29 @@ final class AuthenticationConfigBuilder {
        }

        RootBeanDefinition filter = null;
-        RootBeanDefinition entryPoint = null;

        if (basicAuthElt != null || autoConfig) {
            BeanDefinitionBuilder filterBuilder = BeanDefinitionBuilder.rootBeanDefinition(BasicAuthenticationFilter.class);
-            entryPoint = new RootBeanDefinition(BasicAuthenticationEntryPoint.class);
-            entryPoint.setSource(pc.extractSource(httpElt));

-            entryPoint.getPropertyValues().addPropertyValue("realmName", realm);
+            String entryPointId;

-            String entryPointId = pc.getReaderContext().generateBeanName(entryPoint);
-            pc.registerBeanComponent(new BeanComponentDefinition(entryPoint, entryPointId));
+            if (basicAuthElt != null && StringUtils.hasText(basicAuthElt.getAttribute(ATT_ENTRY_POINT_REF))) {
+                basicEntryPoint = new RuntimeBeanReference(basicAuthElt.getAttribute(ATT_ENTRY_POINT_REF));
+            } else {
+                RootBeanDefinition entryPoint = new RootBeanDefinition(BasicAuthenticationEntryPoint.class);
+                entryPoint.setSource(pc.extractSource(httpElt));
+                entryPoint.getPropertyValues().addPropertyValue("realmName", realm);
+                entryPointId = pc.getReaderContext().generateBeanName(entryPoint);
+                pc.registerBeanComponent(new BeanComponentDefinition(entryPoint, entryPointId));
+                basicEntryPoint = new RuntimeBeanReference(entryPointId);
+            }

            filterBuilder.addPropertyValue("authenticationManager", authManager);
-            filterBuilder.addPropertyValue("authenticationEntryPoint", new RuntimeBeanReference(entryPointId));
+            filterBuilder.addPropertyValue("authenticationEntryPoint", basicEntryPoint);
            filter = (RootBeanDefinition) filterBuilder.getBeanDefinition();
        }

        basicFilter = filter;
-        basicEntryPoint = entryPoint;
    }

    void createX509Filter(BeanReference authManager) {
--- a/config/src/main/resources/org/springframework/security/config/spring-security-3.0.3.rnc
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-3.0.3.rnc
@ -273,7 +273,7 @@ http.attlist &=
    ## Optional attribute specifying the realm name that will be used for all authentication features that require a realm name (eg BASIC and Digest authentication). If unspecified, defaults to "Spring Security Application".
    attribute realm {xsd:token}?
 http.attlist &=
-    ## Allows a customized AuthenticationEntryPoint to be used.
+    ## Allows a customized AuthenticationEntryPoint to be set on the ExceptionTranslationFilter.
    attribute entry-point-ref {xsd:token}?
 http.attlist &=
    ## Corresponds to the observeOncePerRequest property of FilterSecurityInterceptor. Defaults to "true"
@ -416,7 +416,10 @@ filter-invocation-definition-source =

 http-basic =
    ## Adds support for basic authentication (this is an element to permit future expansion, such as supporting an "ignoreFailure" attribute)
-    element http-basic {empty}
+    element http-basic {http-basic.attlist, empty}
+http-basic.attlist &=
+    ## Sets the AuthenticationEntryPoint which is used by the BasicAuthenticationFilter.
+    attribute entry-point-ref {xsd:token}?

 session-management =
    element session-management {session-management.attlist, concurrency-control?}
--- a/config/src/main/resources/org/springframework/security/config/spring-security-3.0.3.xsd
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-3.0.3.xsd
--- a/config/src/test/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParserTests.java
@ -416,6 +416,21 @@ public class HttpSecurityBeanDefinitionParserTests {
        assertFalse(fsi.isObserveOncePerRequest());
    }

+    @Test
+    public void httpBasicSupportsSeparateEntryPoint() throws Exception {
+        setContext("<http><http-basic entry-point-ref='ep' /></http>" +
+                   "<b:bean id='ep' class='org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint'>" +
+                   "    <b:property name='realmName' value='whocares'/>" +
+                   "</b:bean>" + AUTH_PROVIDER_XML);
+
+        BasicAuthenticationFilter baf = getFilter(BasicAuthenticationFilter.class);
+        assertSame(appContext.getBean("ep"), FieldUtils.getFieldValue(baf, "authenticationEntryPoint"));
+        // Since no other authentication system is in use, this should also end up on the ETF
+        ExceptionTranslationFilter etf = getFilter(ExceptionTranslationFilter.class);
+        assertSame(appContext.getBean("ep"), FieldUtils.getFieldValue(etf, "authenticationEntryPoint"));
+    }
+
+
    @Test
    public void accessDeniedPageAttributeIsSupported() throws Exception {
        setContext("<http access-denied-page='/access-denied'><http-basic /></http>" + AUTH_PROVIDER_XML);
--- a/config/src/test/java/org/springframework/security/config/util/InMemoryXmlApplicationContext.java
+++ b/config/src/test/java/org/springframework/security/config/util/InMemoryXmlApplicationContext.java
@ -22,11 +22,11 @@ public class InMemoryXmlApplicationContext extends AbstractXmlApplicationContext
    Resource inMemoryXml;

    public InMemoryXmlApplicationContext(String xml) {
-        this(xml, "3.0", null);
+        this(xml, "3.0.3", null);
    }

    public InMemoryXmlApplicationContext(String xml, ApplicationContext parent) {
-        this(xml, "3.0", parent);
+        this(xml, "3.0.3", parent);
    }

    public InMemoryXmlApplicationContext(String xml, String secVersion, ApplicationContext parent) {