mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-06-22 03:52:15 +00:00
SEC-678: Merged changes from trunk.
This commit is contained in:
Luke Taylor
parent
1b07b5e616
commit
f626d5ec47
@ -23,6 +23,10 @@ package org.acegisecurity;
|
||||
* @version $Id$
|
||||
*/
|
||||
public abstract class AbstractAuthenticationManager implements AuthenticationManager {
|
||||
|
||||
//~ Instance fields ================================================================================================
|
||||
private boolean clearExtraInformation = true;
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
/**
|
||||
@ -43,6 +47,11 @@ public abstract class AbstractAuthenticationManager implements AuthenticationMan
|
||||
return doAuthentication(authRequest);
|
||||
} catch (AuthenticationException e) {
|
||||
e.setAuthentication(authRequest);
|
||||
|
||||
if (clearExtraInformation) {
|
||||
e.clearExtraInformation();
|
||||
}
|
||||
|
||||
throw e;
|
||||
}
|
||||
}
|
||||
@ -60,4 +69,15 @@ public abstract class AbstractAuthenticationManager implements AuthenticationMan
|
||||
*/
|
||||
protected abstract Authentication doAuthentication(Authentication authentication)
|
||||
throws AuthenticationException;
|
||||
|
||||
/**
|
||||
* If set to true, the <tt>extraInformation</tt> set on an <tt>AuthenticationException</tt> will be cleared
|
||||
* before rethrowing it. This is useful for use with remoting protocols where the information shouldn't
|
||||
* be serialized to the client. Defaults to 'false'.
|
||||
*
|
||||
* @see AuthenticationException#getExtraInformation()
|
||||
*/
|
||||
public void setClearExtraInformation(boolean clearExtraInformation) {
|
||||
this.clearExtraInformation = clearExtraInformation;
|
||||
}
|
||||
}
|
||||
|
||||
@ -45,4 +45,8 @@ public class AccountExpiredException extends AuthenticationException {
|
||||
public AccountExpiredException(String msg, Throwable t) {
|
||||
super(msg, t);
|
||||
}
|
||||
|
||||
public AccountExpiredException(String msg, Object extraInformation) {
|
||||
super(msg, extraInformation);
|
||||
}
|
||||
}
|
||||
|
||||
@ -25,8 +25,8 @@ package org.acegisecurity;
|
||||
public abstract class AuthenticationException extends AcegiSecurityException {
|
||||
//~ Instance fields ================================================================================================
|
||||
|
||||
/** The authentication that related to this exception (may be <code>null</code>) */
|
||||
private Authentication authentication;
|
||||
private Object extraInformation;
|
||||
|
||||
//~ Constructors ===================================================================================================
|
||||
|
||||
@ -51,8 +51,16 @@ public abstract class AuthenticationException extends AcegiSecurityException {
|
||||
super(msg);
|
||||
}
|
||||
|
||||
public AuthenticationException(String msg, Object extraInformation) {
|
||||
super(msg);
|
||||
this.extraInformation = extraInformation;
|
||||
}
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
/**
|
||||
* The authentication request which this exception corresponds to (may be <code>null</code>)
|
||||
*/
|
||||
public Authentication getAuthentication() {
|
||||
return authentication;
|
||||
}
|
||||
@ -60,4 +68,17 @@ public abstract class AuthenticationException extends AcegiSecurityException {
|
||||
void setAuthentication(Authentication authentication) {
|
||||
this.authentication = authentication;
|
||||
}
|
||||
|
||||
/**
|
||||
* Any additional information about the exception. Generally a <code>UserDetails</code> object.
|
||||
*
|
||||
* @return extra information or <code>null</code>
|
||||
*/
|
||||
public Object getExtraInformation() {
|
||||
return extraInformation;
|
||||
}
|
||||
|
||||
void clearExtraInformation() {
|
||||
this.extraInformation = null;
|
||||
}
|
||||
}
|
||||
|
||||
@ -23,10 +23,6 @@ package org.acegisecurity;
|
||||
* @version $Id$
|
||||
*/
|
||||
public class BadCredentialsException extends AuthenticationException {
|
||||
//~ Instance fields ================================================================================================
|
||||
|
||||
private Object extraInformation;
|
||||
|
||||
//~ Constructors ===================================================================================================
|
||||
|
||||
/**
|
||||
@ -40,8 +36,7 @@ public class BadCredentialsException extends AuthenticationException {
|
||||
}
|
||||
|
||||
public BadCredentialsException(String msg, Object extraInformation) {
|
||||
super(msg);
|
||||
this.extraInformation = extraInformation;
|
||||
super(msg, extraInformation);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -57,12 +52,4 @@ public class BadCredentialsException extends AuthenticationException {
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
/**
|
||||
* Any additional information about the exception. Generally a <code>UserDetails</code> object.
|
||||
*
|
||||
* @return extra information or <code>null</code>
|
||||
*/
|
||||
public Object getExtraInformation() {
|
||||
return extraInformation;
|
||||
}
|
||||
}
|
||||
|
||||
@ -45,4 +45,8 @@ public class CredentialsExpiredException extends AuthenticationException {
|
||||
public CredentialsExpiredException(String msg, Throwable t) {
|
||||
super(msg, t);
|
||||
}
|
||||
|
||||
public CredentialsExpiredException(String msg, Object extraInformation) {
|
||||
super(msg, extraInformation);
|
||||
}
|
||||
}
|
||||
|
||||
@ -44,4 +44,8 @@ public class DisabledException extends AuthenticationException {
|
||||
public DisabledException(String msg, Throwable t) {
|
||||
super(msg, t);
|
||||
}
|
||||
|
||||
public DisabledException(String msg, Object extraInformation) {
|
||||
super(msg, extraInformation);
|
||||
}
|
||||
}
|
||||
|
||||
@ -44,4 +44,8 @@ public class LockedException extends AuthenticationException {
|
||||
public LockedException(String msg, Throwable t) {
|
||||
super(msg, t);
|
||||
}
|
||||
|
||||
public LockedException(String msg, Object extraInformation) {
|
||||
super(msg, extraInformation);
|
||||
}
|
||||
}
|
||||
|
||||
@ -266,6 +266,12 @@ public abstract class AbstractUserDetailsAuthenticationProvider implements Authe
|
||||
return preAuthenticationChecks;
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets the policy will be used to verify the status of the loaded <tt>UserDetails</tt> <em>before</em>
|
||||
* validation of the credentials takes place.
|
||||
*
|
||||
* @param preAuthenticationChecks strategy to be invoked prior to authentication.
|
||||
*/
|
||||
public void setPreAuthenticationChecks(UserDetailsChecker preAuthenticationChecks) {
|
||||
this.preAuthenticationChecks = preAuthenticationChecks;
|
||||
}
|
||||
@ -286,19 +292,18 @@ public abstract class AbstractUserDetailsAuthenticationProvider implements Authe
|
||||
public void check(UserDetails user) {
|
||||
if (!user.isAccountNonLocked()) {
|
||||
throw new LockedException(messages.getMessage("AbstractUserDetailsAuthenticationProvider.locked",
|
||||
"User account is locked"));
|
||||
"User account is locked"), user);
|
||||
}
|
||||
|
||||
if (!user.isEnabled()) {
|
||||
throw new DisabledException(messages.getMessage("AbstractUserDetailsAuthenticationProvider.disabled",
|
||||
"User is disabled"));
|
||||
"User is disabled"), user);
|
||||
}
|
||||
|
||||
if (!user.isAccountNonExpired()) {
|
||||
throw new AccountExpiredException(messages.getMessage("AbstractUserDetailsAuthenticationProvider.expired",
|
||||
"User account has expired"));
|
||||
"User account has expired"), user);
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
@ -306,9 +311,9 @@ public abstract class AbstractUserDetailsAuthenticationProvider implements Authe
|
||||
public void check(UserDetails user) {
|
||||
if (!user.isCredentialsNonExpired()) {
|
||||
throw new CredentialsExpiredException(messages.getMessage(
|
||||
"AbstractUserDetailsAuthenticationProvider.credentialsExpired", "User credentials have expired"));
|
||||
}
|
||||
|
||||
"AbstractUserDetailsAuthenticationProvider.credentialsExpired",
|
||||
"User credentials have expired"), user);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -15,8 +15,6 @@
|
||||
|
||||
package org.acegisecurity.providers.dao;
|
||||
|
||||
import java.util.Map;
|
||||
|
||||
import org.acegisecurity.AuthenticationException;
|
||||
import org.acegisecurity.AuthenticationServiceException;
|
||||
import org.acegisecurity.BadCredentialsException;
|
||||
@ -26,7 +24,6 @@ import org.acegisecurity.providers.encoding.PasswordEncoder;
|
||||
import org.acegisecurity.providers.encoding.PlaintextPasswordEncoder;
|
||||
import org.acegisecurity.userdetails.UserDetails;
|
||||
import org.acegisecurity.userdetails.UserDetailsService;
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.dao.DataAccessException;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
@ -82,31 +79,6 @@ public class DaoAuthenticationProvider extends AbstractUserDetailsAuthentication
|
||||
Assert.notNull(this.userDetailsService, "A UserDetailsService must be set");
|
||||
}
|
||||
|
||||
/**
|
||||
* Introspects the <code>Applicationcontext</code> for the single instance
|
||||
* of {@link AccessDeniedHandler}. If found invoke
|
||||
* setAccessDeniedHandler(AccessDeniedHandler accessDeniedHandler) method by
|
||||
* providing the found instance of accessDeniedHandler as a method
|
||||
* parameter. If more than one instance of <code>AccessDeniedHandler</code>
|
||||
* is found, the method throws <code>IllegalStateException</code>.
|
||||
*
|
||||
* @param applicationContext to locate the instance
|
||||
*/
|
||||
private void autoDetectAnyUserDetailsServiceAndUseIt(ApplicationContext applicationContext) {
|
||||
if (applicationContext != null) {
|
||||
Map map = applicationContext.getBeansOfType(UserDetailsService.class);
|
||||
|
||||
if (map.size() > 1) {
|
||||
throw new IllegalArgumentException(
|
||||
"More than one UserDetailsService beans detected please refer to the one using "
|
||||
+ " [ principalRepositoryBeanRef ] " + "attribute");
|
||||
}
|
||||
else if (map.size() == 1) {
|
||||
setUserDetailsService((UserDetailsService) map.values().iterator().next());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public PasswordEncoder getPasswordEncoder() {
|
||||
return passwordEncoder;
|
||||
}
|
||||
@ -172,5 +144,4 @@ public class DaoAuthenticationProvider extends AbstractUserDetailsAuthentication
|
||||
public void setIncludeDetailsObject(boolean includeDetailsObject) {
|
||||
this.includeDetailsObject = includeDetailsObject;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -22,21 +22,21 @@ public class AccountStatusUserDetailsChecker implements UserDetailsChecker {
|
||||
|
||||
public void check(UserDetails user) {
|
||||
if (!user.isAccountNonLocked()) {
|
||||
throw new LockedException(messages.getMessage("UserDetailsService.locked", "User account is locked"));
|
||||
throw new LockedException(messages.getMessage("UserDetailsService.locked", "User account is locked"), user);
|
||||
}
|
||||
|
||||
if (!user.isEnabled()) {
|
||||
throw new DisabledException(messages.getMessage("UserDetailsService.disabled", "User is disabled"));
|
||||
throw new DisabledException(messages.getMessage("UserDetailsService.disabled", "User is disabled"), user);
|
||||
}
|
||||
|
||||
if (!user.isAccountNonExpired()) {
|
||||
throw new AccountExpiredException(messages.getMessage("UserDetailsService.expired",
|
||||
"User account has expired"));
|
||||
"User account has expired"), user);
|
||||
}
|
||||
|
||||
if (!user.isCredentialsNonExpired()) {
|
||||
throw new CredentialsExpiredException(messages.getMessage("UserDetailsService.credentialsExpired",
|
||||
"User credentials have expired"));
|
||||
"User credentials have expired"), user);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user