From f626d5ec47c40b9db4fb2cbf0e861d2561b954a2 Mon Sep 17 00:00:00 2001
From: Luke Taylor <luke.taylor@springsource.com>
Date: Mon, 18 Feb 2008 20:44:09 +0000
Subject: [PATCH] SEC-678: Merged changes from trunk.

---
 .../AbstractAuthenticationManager.java        | 20 +++++++++++++
 .../AccountExpiredException.java              |  8 +++--
 .../AuthenticationException.java              | 27 +++++++++++++++--
 .../BadCredentialsException.java              | 15 +---------
 .../CredentialsExpiredException.java          |  4 +++
 .../org/acegisecurity/DisabledException.java  |  4 +++
 .../org/acegisecurity/LockedException.java    |  4 +++
 ...ractUserDetailsAuthenticationProvider.java | 17 +++++++----
 .../dao/DaoAuthenticationProvider.java        | 29 -------------------
 .../AccountStatusUserDetailsChecker.java      |  8 ++---
 10 files changed, 78 insertions(+), 58 deletions(-)

diff --git a/core/src/main/java/org/acegisecurity/AbstractAuthenticationManager.java b/core/src/main/java/org/acegisecurity/AbstractAuthenticationManager.java
index 77f235c7af..ee156f4e47 100644
--- a/core/src/main/java/org/acegisecurity/AbstractAuthenticationManager.java
+++ b/core/src/main/java/org/acegisecurity/AbstractAuthenticationManager.java
@@ -23,6 +23,10 @@ package org.acegisecurity;
  * @version $Id$
  */
 public abstract class AbstractAuthenticationManager implements AuthenticationManager {
+
+    //~ Instance fields ================================================================================================
+    private boolean clearExtraInformation = true;
+
     //~ Methods ========================================================================================================
 
     /**
@@ -43,6 +47,11 @@ public abstract class AbstractAuthenticationManager implements AuthenticationMan
             return doAuthentication(authRequest);
         } catch (AuthenticationException e) {
             e.setAuthentication(authRequest);
+
+            if (clearExtraInformation) {
+                e.clearExtraInformation();
+            }
+
             throw e;
         }
     }
@@ -60,4 +69,15 @@ public abstract class AbstractAuthenticationManager implements AuthenticationMan
      */
     protected abstract Authentication doAuthentication(Authentication authentication)
         throws AuthenticationException;
+
+    /**
+     * If set to true, the <tt>extraInformation</tt> set on an <tt>AuthenticationException</tt> will be cleared
+     * before rethrowing it. This is useful for use with remoting protocols where the information shouldn't
+     * be serialized to the client. Defaults to 'false'.
+     *
+     * @see AuthenticationException#getExtraInformation()
+     */
+    public void setClearExtraInformation(boolean clearExtraInformation) {
+        this.clearExtraInformation = clearExtraInformation;
+    }
 }
diff --git a/core/src/main/java/org/acegisecurity/AccountExpiredException.java b/core/src/main/java/org/acegisecurity/AccountExpiredException.java
index ef4af2c13d..29e540b06e 100644
--- a/core/src/main/java/org/acegisecurity/AccountExpiredException.java
+++ b/core/src/main/java/org/acegisecurity/AccountExpiredException.java
@@ -25,7 +25,7 @@ package org.acegisecurity;
 public class AccountExpiredException extends AuthenticationException {
     //~ Constructors ===================================================================================================
 
-/**
+    /**
      * Constructs a <code>AccountExpiredException</code> with the specified
      * message.
      *
@@ -35,7 +35,7 @@ public class AccountExpiredException extends AuthenticationException {
         super(msg);
     }
 
-/**
+    /**
      * Constructs a <code>AccountExpiredException</code> with the specified
      * message and root cause.
      *
@@ -45,4 +45,8 @@ public class AccountExpiredException extends AuthenticationException {
     public AccountExpiredException(String msg, Throwable t) {
         super(msg, t);
     }
+
+    public AccountExpiredException(String msg, Object extraInformation) {
+        super(msg, extraInformation);
+    }
 }
diff --git a/core/src/main/java/org/acegisecurity/AuthenticationException.java b/core/src/main/java/org/acegisecurity/AuthenticationException.java
index c8eb374a50..57497a52a1 100644
--- a/core/src/main/java/org/acegisecurity/AuthenticationException.java
+++ b/core/src/main/java/org/acegisecurity/AuthenticationException.java
@@ -25,12 +25,12 @@ package org.acegisecurity;
 public abstract class AuthenticationException extends AcegiSecurityException {
     //~ Instance fields ================================================================================================
 
-    /** The authentication that related to this exception (may be <code>null</code>) */
     private Authentication authentication;
+    private Object extraInformation;
 
     //~ Constructors ===================================================================================================
 
-/**
+    /**
      * Constructs an <code>AuthenticationException</code> with the specified
      * message and root cause.
      *
@@ -41,7 +41,7 @@ public abstract class AuthenticationException extends AcegiSecurityException {
         super(msg, t);
     }
 
-/**
+    /**
      * Constructs an <code>AuthenticationException</code> with the specified
      * message and no root cause.
      *
@@ -51,8 +51,16 @@ public abstract class AuthenticationException extends AcegiSecurityException {
         super(msg);
     }
 
+    public AuthenticationException(String msg, Object extraInformation) {
+        super(msg);
+        this.extraInformation = extraInformation;
+    }
+
     //~ Methods ========================================================================================================
 
+    /**
+     * The authentication request which this exception corresponds to (may be <code>null</code>)
+     */
     public Authentication getAuthentication() {
         return authentication;
     }
@@ -60,4 +68,17 @@ public abstract class AuthenticationException extends AcegiSecurityException {
     void setAuthentication(Authentication authentication) {
         this.authentication = authentication;
     }
+
+    /**
+     * Any additional information about the exception. Generally a <code>UserDetails</code> object.
+     *
+     * @return extra information or <code>null</code>
+     */
+    public Object getExtraInformation() {
+        return extraInformation;
+    }
+
+    void clearExtraInformation() {
+        this.extraInformation = null;
+    }
 }
diff --git a/core/src/main/java/org/acegisecurity/BadCredentialsException.java b/core/src/main/java/org/acegisecurity/BadCredentialsException.java
index 52f1f8da58..211ea0115f 100644
--- a/core/src/main/java/org/acegisecurity/BadCredentialsException.java
+++ b/core/src/main/java/org/acegisecurity/BadCredentialsException.java
@@ -23,10 +23,6 @@ package org.acegisecurity;
  * @version $Id$
  */
 public class BadCredentialsException extends AuthenticationException {
-    //~ Instance fields ================================================================================================
-
-    private Object extraInformation;
-
     //~ Constructors ===================================================================================================
 
     /**
@@ -40,8 +36,7 @@ public class BadCredentialsException extends AuthenticationException {
     }
 
     public BadCredentialsException(String msg, Object extraInformation) {
-        super(msg);
-        this.extraInformation = extraInformation;
+        super(msg, extraInformation);
     }
 
     /**
@@ -57,12 +52,4 @@ public class BadCredentialsException extends AuthenticationException {
 
     //~ Methods ========================================================================================================
 
-    /**
-     * Any additional information about the exception. Generally a <code>UserDetails</code> object.
-     *
-     * @return extra information or <code>null</code>
-     */
-    public Object getExtraInformation() {
-        return extraInformation;
-    }
 }
diff --git a/core/src/main/java/org/acegisecurity/CredentialsExpiredException.java b/core/src/main/java/org/acegisecurity/CredentialsExpiredException.java
index 950f6ad7a4..9c3d4f7d8a 100644
--- a/core/src/main/java/org/acegisecurity/CredentialsExpiredException.java
+++ b/core/src/main/java/org/acegisecurity/CredentialsExpiredException.java
@@ -45,4 +45,8 @@ public class CredentialsExpiredException extends AuthenticationException {
     public CredentialsExpiredException(String msg, Throwable t) {
         super(msg, t);
     }
+
+    public CredentialsExpiredException(String msg, Object extraInformation) {
+        super(msg, extraInformation);
+    }
 }
diff --git a/core/src/main/java/org/acegisecurity/DisabledException.java b/core/src/main/java/org/acegisecurity/DisabledException.java
index bfa50edc2c..6be5bceb59 100644
--- a/core/src/main/java/org/acegisecurity/DisabledException.java
+++ b/core/src/main/java/org/acegisecurity/DisabledException.java
@@ -44,4 +44,8 @@ public class DisabledException extends AuthenticationException {
     public DisabledException(String msg, Throwable t) {
         super(msg, t);
     }
+
+    public DisabledException(String msg, Object extraInformation) {
+        super(msg, extraInformation);
+    }
 }
diff --git a/core/src/main/java/org/acegisecurity/LockedException.java b/core/src/main/java/org/acegisecurity/LockedException.java
index df4048c6ef..3b5a039e58 100644
--- a/core/src/main/java/org/acegisecurity/LockedException.java
+++ b/core/src/main/java/org/acegisecurity/LockedException.java
@@ -44,4 +44,8 @@ public class LockedException extends AuthenticationException {
     public LockedException(String msg, Throwable t) {
         super(msg, t);
     }
+
+    public LockedException(String msg, Object extraInformation) {
+        super(msg, extraInformation);
+    }
 }
diff --git a/core/src/main/java/org/acegisecurity/providers/dao/AbstractUserDetailsAuthenticationProvider.java b/core/src/main/java/org/acegisecurity/providers/dao/AbstractUserDetailsAuthenticationProvider.java
index 9e6ba3c139..f530166541 100644
--- a/core/src/main/java/org/acegisecurity/providers/dao/AbstractUserDetailsAuthenticationProvider.java
+++ b/core/src/main/java/org/acegisecurity/providers/dao/AbstractUserDetailsAuthenticationProvider.java
@@ -266,6 +266,12 @@ public abstract class AbstractUserDetailsAuthenticationProvider implements Authe
         return preAuthenticationChecks;
     }
 
+    /**
+     * Sets the policy will be used to verify the status of the loaded <tt>UserDetails</tt> <em>before</em>
+     * validation of the credentials takes place.
+     *
+     * @param preAuthenticationChecks strategy to be invoked prior to authentication. 
+     */
     public void setPreAuthenticationChecks(UserDetailsChecker preAuthenticationChecks) {
         this.preAuthenticationChecks = preAuthenticationChecks;
     }
@@ -286,19 +292,18 @@ public abstract class AbstractUserDetailsAuthenticationProvider implements Authe
         public void check(UserDetails user) {
             if (!user.isAccountNonLocked()) {
                 throw new LockedException(messages.getMessage("AbstractUserDetailsAuthenticationProvider.locked",
-                        "User account is locked"));
+                        "User account is locked"), user);
             }
 
             if (!user.isEnabled()) {
                 throw new DisabledException(messages.getMessage("AbstractUserDetailsAuthenticationProvider.disabled",
-                        "User is disabled"));
+                        "User is disabled"), user);
             }
 
             if (!user.isAccountNonExpired()) {
                 throw new AccountExpiredException(messages.getMessage("AbstractUserDetailsAuthenticationProvider.expired",
-                        "User account has expired"));
+                        "User account has expired"), user);
             }
-
         }
     }
 
@@ -306,9 +311,9 @@ public abstract class AbstractUserDetailsAuthenticationProvider implements Authe
         public void check(UserDetails user) {
             if (!user.isCredentialsNonExpired()) {
                 throw new CredentialsExpiredException(messages.getMessage(
-                        "AbstractUserDetailsAuthenticationProvider.credentialsExpired", "User credentials have expired"));
+                        "AbstractUserDetailsAuthenticationProvider.credentialsExpired",
+                        "User credentials have expired"), user);
             }
-
         }
     }
 }
diff --git a/core/src/main/java/org/acegisecurity/providers/dao/DaoAuthenticationProvider.java b/core/src/main/java/org/acegisecurity/providers/dao/DaoAuthenticationProvider.java
index 3c0c699c62..ea1246f2b9 100644
--- a/core/src/main/java/org/acegisecurity/providers/dao/DaoAuthenticationProvider.java
+++ b/core/src/main/java/org/acegisecurity/providers/dao/DaoAuthenticationProvider.java
@@ -15,8 +15,6 @@
 
 package org.acegisecurity.providers.dao;
 
-import java.util.Map;
-
 import org.acegisecurity.AuthenticationException;
 import org.acegisecurity.AuthenticationServiceException;
 import org.acegisecurity.BadCredentialsException;
@@ -26,7 +24,6 @@ import org.acegisecurity.providers.encoding.PasswordEncoder;
 import org.acegisecurity.providers.encoding.PlaintextPasswordEncoder;
 import org.acegisecurity.userdetails.UserDetails;
 import org.acegisecurity.userdetails.UserDetailsService;
-import org.springframework.context.ApplicationContext;
 import org.springframework.dao.DataAccessException;
 import org.springframework.util.Assert;
 
@@ -82,31 +79,6 @@ public class DaoAuthenticationProvider extends AbstractUserDetailsAuthentication
 		Assert.notNull(this.userDetailsService, "A UserDetailsService must be set");
 	}
 
-	/**
-	 * Introspects the <code>Applicationcontext</code> for the single instance
-	 * of {@link AccessDeniedHandler}. If found invoke
-	 * setAccessDeniedHandler(AccessDeniedHandler accessDeniedHandler) method by
-	 * providing the found instance of accessDeniedHandler as a method
-	 * parameter. If more than one instance of <code>AccessDeniedHandler</code>
-	 * is found, the method throws <code>IllegalStateException</code>.
-	 * 
-	 * @param applicationContext to locate the instance
-	 */
-	private void autoDetectAnyUserDetailsServiceAndUseIt(ApplicationContext applicationContext) {
-		if (applicationContext != null) {
-			Map map = applicationContext.getBeansOfType(UserDetailsService.class);
-
-			if (map.size() > 1) {
-				throw new IllegalArgumentException(
-						"More than one UserDetailsService beans detected please refer to the one using "
-								+ " [ principalRepositoryBeanRef  ] " + "attribute");
-			}
-			else if (map.size() == 1) {
-				setUserDetailsService((UserDetailsService) map.values().iterator().next());
-			}
-		}
-	}
-
 	public PasswordEncoder getPasswordEncoder() {
 		return passwordEncoder;
 	}
@@ -172,5 +144,4 @@ public class DaoAuthenticationProvider extends AbstractUserDetailsAuthentication
 	public void setIncludeDetailsObject(boolean includeDetailsObject) {
 		this.includeDetailsObject = includeDetailsObject;
 	}
-
 }
diff --git a/core/src/main/java/org/acegisecurity/userdetails/checker/AccountStatusUserDetailsChecker.java b/core/src/main/java/org/acegisecurity/userdetails/checker/AccountStatusUserDetailsChecker.java
index f55bc3b007..eb264c0d8e 100644
--- a/core/src/main/java/org/acegisecurity/userdetails/checker/AccountStatusUserDetailsChecker.java
+++ b/core/src/main/java/org/acegisecurity/userdetails/checker/AccountStatusUserDetailsChecker.java
@@ -22,21 +22,21 @@ public class AccountStatusUserDetailsChecker implements UserDetailsChecker {
 
     public void check(UserDetails user) {
         if (!user.isAccountNonLocked()) {
-            throw new LockedException(messages.getMessage("UserDetailsService.locked", "User account is locked"));
+            throw new LockedException(messages.getMessage("UserDetailsService.locked", "User account is locked"), user);
         }
 
         if (!user.isEnabled()) {
-            throw new DisabledException(messages.getMessage("UserDetailsService.disabled", "User is disabled"));
+            throw new DisabledException(messages.getMessage("UserDetailsService.disabled", "User is disabled"), user);
         }
 
         if (!user.isAccountNonExpired()) {
             throw new AccountExpiredException(messages.getMessage("UserDetailsService.expired",
-                    "User account has expired"));
+                    "User account has expired"), user);
         }
 
         if (!user.isCredentialsNonExpired()) {
             throw new CredentialsExpiredException(messages.getMessage("UserDetailsService.credentialsExpired",
-                    "User credentials have expired"));
+                    "User credentials have expired"), user);
         }
     }
 }