Moved all security code other than ChannelSecurityInterceptor (including endpoint interceptor and securityContext propagation) to the sandbox prior to 1.0.
This commit is contained in:
@@ -1,80 +0,0 @@
|
||||
/*
|
||||
* Copyright 2002-2008 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.integration.security;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
import java.util.regex.Pattern;
|
||||
|
||||
import org.springframework.beans.BeansException;
|
||||
import org.springframework.beans.factory.config.BeanPostProcessor;
|
||||
import org.springframework.core.Ordered;
|
||||
import org.springframework.integration.channel.AbstractMessageChannel;
|
||||
import org.springframework.integration.channel.ChannelInterceptor;
|
||||
|
||||
/**
|
||||
* Registers the provided {@link ChannelInterceptor} instance with any
|
||||
* {@link AbstractMessageChannel} with a name matching the provided pattern
|
||||
* @author Jonas Partner
|
||||
*
|
||||
*/
|
||||
public class ChannelInterceptorRegisteringBeanPostProcessor implements BeanPostProcessor, Ordered {
|
||||
|
||||
private final ChannelInterceptor channelInterceptor;
|
||||
|
||||
private final List<Pattern> regexpPatterns;
|
||||
|
||||
private int order;
|
||||
|
||||
public ChannelInterceptorRegisteringBeanPostProcessor(ChannelInterceptor channelInterceptor, List<String> patterns) {
|
||||
this.channelInterceptor = channelInterceptor;
|
||||
|
||||
this.regexpPatterns = new ArrayList<Pattern>();
|
||||
for (String stringPattern : patterns) {
|
||||
regexpPatterns.add(Pattern.compile(stringPattern));
|
||||
}
|
||||
}
|
||||
|
||||
public Object postProcessAfterInitialization(Object bean, String beanName) throws BeansException {
|
||||
if (AbstractMessageChannel.class.isAssignableFrom(bean.getClass()) && matchesPattern(beanName)) {
|
||||
((AbstractMessageChannel) bean).addInterceptor(channelInterceptor);
|
||||
}
|
||||
return bean;
|
||||
}
|
||||
|
||||
public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException {
|
||||
return bean;
|
||||
}
|
||||
|
||||
public int getOrder() {
|
||||
return order;
|
||||
}
|
||||
|
||||
public void setOrder(int order) {
|
||||
this.order = order;
|
||||
}
|
||||
|
||||
protected boolean matchesPattern(String beanName) {
|
||||
for (Pattern regexpPattern : regexpPatterns) {
|
||||
if (regexpPattern.matcher(beanName).matches()) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
}
|
||||
@@ -1,40 +0,0 @@
|
||||
/*
|
||||
* Copyright 2002-2008 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.integration.security;
|
||||
|
||||
import org.springframework.integration.message.Message;
|
||||
import org.springframework.integration.message.MessageBuilder;
|
||||
import org.springframework.security.context.SecurityContext;
|
||||
|
||||
/**
|
||||
* @author Jonas Partner
|
||||
*
|
||||
*/
|
||||
public class SecurityContextUtils {
|
||||
|
||||
public static final String SECURITY_CONTEXT_HEADER_ATTRIBUTE = "SPRING_SECURITY_CONTEXT";
|
||||
|
||||
public static SecurityContext getSecurityContextFromHeader(Message<?> message) {
|
||||
return (SecurityContext) message.getHeaders().get(SECURITY_CONTEXT_HEADER_ATTRIBUTE);
|
||||
}
|
||||
|
||||
public static Message<?> setSecurityContextHeader(SecurityContext sctx, Message<?> message) {
|
||||
return MessageBuilder.fromMessage(message)
|
||||
.setHeader(SECURITY_CONTEXT_HEADER_ATTRIBUTE, sctx).build();
|
||||
}
|
||||
|
||||
}
|
||||
@@ -1,76 +0,0 @@
|
||||
/*
|
||||
* Copyright 2002-2008 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.integration.security;
|
||||
|
||||
import java.util.LinkedList;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.springframework.security.context.SecurityContext;
|
||||
import org.springframework.security.context.SecurityContextHolderStrategy;
|
||||
import org.springframework.security.context.SecurityContextImpl;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
/**
|
||||
* Covers scenarios where direct channels are used and ensures that an existing
|
||||
* {@link SecurityContext} is not unintentionally cleared
|
||||
* @author Jonas Partner
|
||||
*
|
||||
*/
|
||||
public class StackBasedSecurityContextHolderStrategy implements SecurityContextHolderStrategy {
|
||||
|
||||
private Log logger = LogFactory.getLog(getClass());
|
||||
|
||||
private static ThreadLocal<LinkedList<SecurityContext>> contextHolder = new ThreadLocal<LinkedList<SecurityContext>>();
|
||||
|
||||
public void clearContext() {
|
||||
if (getStackForThread().size() > 0) {
|
||||
SecurityContext ctx = getStackForThread().removeFirst();
|
||||
logger.debug("Popped security context " + ctx);
|
||||
}
|
||||
}
|
||||
|
||||
public SecurityContext getContext() {
|
||||
if (getStackForThread().peek() == null) {
|
||||
logger.debug("Pushed new blank security context");
|
||||
getStackForThread().addFirst(new SecurityContextImpl());
|
||||
}
|
||||
|
||||
return (SecurityContext) getStackForThread().peek();
|
||||
}
|
||||
|
||||
public void setContext(SecurityContext context) {
|
||||
Assert.notNull(context, "Only non-null SecurityContext instances are permitted");
|
||||
|
||||
getStackForThread().addFirst(context);
|
||||
logger.debug("Pushed context " + context);
|
||||
}
|
||||
|
||||
protected LinkedList<SecurityContext> getStackForThread() {
|
||||
if (contextHolder.get() == null) {
|
||||
contextHolder.set(new LinkedList<SecurityContext>());
|
||||
}
|
||||
return contextHolder.get();
|
||||
}
|
||||
|
||||
public void clearStack() {
|
||||
if (contextHolder.get() != null) {
|
||||
contextHolder.set(null);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
@@ -23,6 +23,8 @@ import org.springframework.util.StringUtils;
|
||||
/**
|
||||
* Creates the {@link ConfigAttributeDefinition}s for secured channel
|
||||
* send and receive operations based on simple String values.
|
||||
*
|
||||
* @author Mark Fisher
|
||||
*/
|
||||
public class ChannelAccessPolicy {
|
||||
|
||||
|
||||
@@ -1,56 +0,0 @@
|
||||
/*
|
||||
* Copyright 2002-2008 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.integration.security.channel;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
|
||||
import org.springframework.integration.channel.MessageChannel;
|
||||
import org.springframework.integration.channel.interceptor.ChannelInterceptorAdapter;
|
||||
import org.springframework.integration.message.Message;
|
||||
import org.springframework.integration.security.SecurityContextUtils;
|
||||
import org.springframework.security.context.SecurityContext;
|
||||
import org.springframework.security.context.SecurityContextHolder;
|
||||
|
||||
/**
|
||||
* Propagates the {@link SecurityContext} associated with the current thread
|
||||
* (if any) by adding it to the header of sent messages.
|
||||
*
|
||||
* @author Jonas Partner
|
||||
*/
|
||||
public class SecurityContextPropagatingChannelInterceptor extends ChannelInterceptorAdapter {
|
||||
|
||||
private final Log logger = LogFactory.getLog(this.getClass());
|
||||
|
||||
|
||||
@Override
|
||||
public Message<?> preSend(Message<?> message, MessageChannel channel) {
|
||||
return this.createSecurityContextMessageIfPossible(message);
|
||||
}
|
||||
|
||||
protected Message<?> createSecurityContextMessageIfPossible(Message<?> message) {
|
||||
SecurityContext securityContext = SecurityContextHolder.getContext();
|
||||
if (securityContext.getAuthentication() != null) {
|
||||
message = SecurityContextUtils.setSecurityContextHeader(securityContext, message);
|
||||
}
|
||||
else if (logger.isInfoEnabled()) {
|
||||
logger.info("No security context found");
|
||||
}
|
||||
return message;
|
||||
}
|
||||
|
||||
}
|
||||
@@ -1,47 +0,0 @@
|
||||
/*
|
||||
* Copyright 2002-2008 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.integration.security.config;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Jonas Partner
|
||||
*
|
||||
*/
|
||||
public class IncludeExcludePattern {
|
||||
|
||||
private final boolean isIncludePattern;
|
||||
|
||||
private final String pattern;
|
||||
|
||||
public IncludeExcludePattern(boolean isIncludePattern, String pattern) {
|
||||
this.isIncludePattern = isIncludePattern;
|
||||
this.pattern = pattern;
|
||||
}
|
||||
|
||||
public IncludeExcludePattern(String pattern) {
|
||||
this(true, pattern);
|
||||
}
|
||||
|
||||
public boolean isIncludePattern() {
|
||||
return isIncludePattern;
|
||||
}
|
||||
|
||||
public String getPattern() {
|
||||
return pattern;
|
||||
}
|
||||
|
||||
}
|
||||
@@ -1,40 +0,0 @@
|
||||
/*
|
||||
* Copyright 2002-2008 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.integration.security.config;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
import org.w3c.dom.Element;
|
||||
import org.w3c.dom.NodeList;
|
||||
|
||||
public class IncludeExcludePatternParser {
|
||||
|
||||
public OrderedIncludeExcludeList createFromNodeList(boolean includeByDefault, NodeList nodeList) {
|
||||
List<IncludeExcludePattern> patterns = new ArrayList<IncludeExcludePattern>();
|
||||
for (int i = 0; i < nodeList.getLength(); i++) {
|
||||
if (nodeList.item(i).getNodeName().equals("includePattern")) {
|
||||
patterns.add(new IncludeExcludePattern(true, ((Element) nodeList.item(i)).getTextContent()));
|
||||
}
|
||||
else if (nodeList.item(i).getNodeName().equals("excludePattern")) {
|
||||
patterns.add(new IncludeExcludePattern(false, ((Element) nodeList.item(i)).getTextContent()));
|
||||
}
|
||||
}
|
||||
return new JdkRegExpOrderedIncludeExcludeList(includeByDefault, patterns);
|
||||
}
|
||||
|
||||
}
|
||||
@@ -17,8 +17,6 @@
|
||||
package org.springframework.integration.security.config;
|
||||
|
||||
import org.springframework.beans.factory.xml.NamespaceHandlerSupport;
|
||||
import org.springframework.integration.security.StackBasedSecurityContextHolderStrategy;
|
||||
import org.springframework.security.context.SecurityContextHolder;
|
||||
|
||||
/**
|
||||
* Namespace handler for the security namespace.
|
||||
@@ -27,14 +25,8 @@ import org.springframework.security.context.SecurityContextHolder;
|
||||
*/
|
||||
public class IntegrationSecurityNamespaceHandler extends NamespaceHandlerSupport {
|
||||
|
||||
static {
|
||||
SecurityContextHolder.setStrategyName(StackBasedSecurityContextHolderStrategy.class.getName());
|
||||
}
|
||||
|
||||
public void init() {
|
||||
registerBeanDefinitionParser("secured-channels", new SecuredChannelsParser());
|
||||
registerBeanDefinitionParser("security-propagating-channels", new SecurityPropagatingChannelsParser());
|
||||
registerBeanDefinitionParser("endpoint-security-policy", new SecurityEndpointInterceptorParser());
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -1,67 +0,0 @@
|
||||
/*
|
||||
* Copyright 2002-2008 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.integration.security.config;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
import java.util.regex.Pattern;
|
||||
|
||||
public class JdkRegExpOrderedIncludeExcludeList implements OrderedIncludeExcludeList {
|
||||
|
||||
private final boolean includeByDefault;
|
||||
|
||||
private final List<PatternHolder> patternHolders;
|
||||
|
||||
public JdkRegExpOrderedIncludeExcludeList(List<IncludeExcludePattern> patterns) {
|
||||
this(true, patterns);
|
||||
}
|
||||
|
||||
public JdkRegExpOrderedIncludeExcludeList(boolean includeByDefault, List<IncludeExcludePattern> patterns) {
|
||||
super();
|
||||
this.includeByDefault = includeByDefault;
|
||||
List<PatternHolder> patternHolders = new ArrayList<PatternHolder>();
|
||||
for (int i = 0; i < patterns.size(); i++) {
|
||||
patternHolders.add(new PatternHolder(Pattern.compile(patterns.get(i).getPattern()), patterns.get(i)));
|
||||
}
|
||||
this.patternHolders = Collections.unmodifiableList(patternHolders);
|
||||
}
|
||||
|
||||
public boolean isIncluded(String name) {
|
||||
for (int i = 0; i < patternHolders.size(); i++) {
|
||||
if (patternHolders.get(i).compiledPattern.matcher(name).matches()) {
|
||||
return (patternHolders.get(i).includeExcludePattern.isIncludePattern());
|
||||
}
|
||||
}
|
||||
return includeByDefault;
|
||||
}
|
||||
|
||||
private static class PatternHolder {
|
||||
|
||||
private final Pattern compiledPattern;
|
||||
|
||||
private final IncludeExcludePattern includeExcludePattern;
|
||||
|
||||
public PatternHolder(Pattern compiledPattern, IncludeExcludePattern includeExcludePattern) {
|
||||
super();
|
||||
this.compiledPattern = compiledPattern;
|
||||
this.includeExcludePattern = includeExcludePattern;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
@@ -1,29 +0,0 @@
|
||||
/*
|
||||
* Copyright 2002-2008 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.integration.security.config;
|
||||
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Jonas Partner
|
||||
*
|
||||
*/
|
||||
public interface OrderedIncludeExcludeList {
|
||||
|
||||
public boolean isIncluded(String name);
|
||||
|
||||
}
|
||||
@@ -1,68 +0,0 @@
|
||||
/*
|
||||
* Copyright 2002-2008 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.integration.security.config;
|
||||
|
||||
import org.springframework.beans.BeanMetadataAttribute;
|
||||
import org.springframework.beans.factory.config.RuntimeBeanReference;
|
||||
import org.springframework.beans.factory.config.ConstructorArgumentValues.ValueHolder;
|
||||
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
|
||||
import org.springframework.beans.factory.support.BeanDefinitionReaderUtils;
|
||||
import org.springframework.beans.factory.xml.AbstractSingleBeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
import org.springframework.integration.security.endpoint.SecurityEndpointInterceptor;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.w3c.dom.Element;
|
||||
|
||||
public class SecurityEndpointInterceptorParser extends AbstractSingleBeanDefinitionParser {
|
||||
|
||||
public SecurityEndpointInterceptorParser() {
|
||||
super();
|
||||
}
|
||||
|
||||
@Override
|
||||
protected boolean shouldGenerateId() {
|
||||
return true;
|
||||
}
|
||||
|
||||
@Override
|
||||
protected boolean shouldGenerateIdAsFallback() {
|
||||
return true;
|
||||
}
|
||||
|
||||
protected void doParse(Element element, ParserContext parserContext, BeanDefinitionBuilder builder) {
|
||||
String access = element.getAttribute("access");
|
||||
Assert.hasText(access, "Access attribute is required for element endpoint-security-policy");
|
||||
|
||||
String accessDecisionManager = element.getAttribute("access-decision-manager");
|
||||
Assert.hasText(accessDecisionManager, "A non null value for the access-decision-manager is required");
|
||||
|
||||
ConfigAttributeDefinition accessDefintion = new ConfigAttributeDefinition(StringUtils.tokenizeToStringArray(
|
||||
access, ","));
|
||||
builder.getBeanDefinition().getConstructorArgumentValues().addGenericArgumentValue(
|
||||
new ValueHolder(accessDefintion));
|
||||
builder.getBeanDefinition().getConstructorArgumentValues().addGenericArgumentValue(
|
||||
new RuntimeBeanReference(accessDecisionManager));
|
||||
|
||||
builder.getBeanDefinition().setBeanClass(SecurityEndpointInterceptor.class);
|
||||
String beanName = BeanDefinitionReaderUtils.registerWithGeneratedName(builder.getBeanDefinition(),
|
||||
parserContext.getRegistry());
|
||||
builder.getBeanDefinition().addMetadataAttribute(new BeanMetadataAttribute("interceptorName", beanName));
|
||||
}
|
||||
|
||||
}
|
||||
@@ -1,74 +0,0 @@
|
||||
/*
|
||||
* Copyright 2002-2008 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.integration.security.config;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.springframework.beans.BeansException;
|
||||
import org.springframework.beans.factory.config.BeanPostProcessor;
|
||||
import org.springframework.core.Ordered;
|
||||
import org.springframework.integration.channel.AbstractMessageChannel;
|
||||
import org.springframework.integration.security.channel.SecurityContextPropagatingChannelInterceptor;
|
||||
|
||||
/**
|
||||
* Post processes channels applying appropriate propagation behaviour. If
|
||||
* default propagation is specified with a secure-channels tag, that will be
|
||||
* applied in the absence of a secured tag for the channel. If the secured tag
|
||||
* is specified, it will always determine propagation behaviour.
|
||||
*
|
||||
* @author Jonas Partner
|
||||
*/
|
||||
public class SecurityPropagatingBeanPostProcessor implements BeanPostProcessor, Ordered {
|
||||
|
||||
protected static final String SECURITY_PROPAGATING_BEAN_POST_PROCESSOR_NAME = SecurityPropagatingBeanPostProcessor.class
|
||||
.getName();
|
||||
|
||||
private final SecurityContextPropagatingChannelInterceptor interceptor = new SecurityContextPropagatingChannelInterceptor();
|
||||
|
||||
private final Log logger = LogFactory.getLog(this.getClass());
|
||||
|
||||
private final OrderedIncludeExcludeList includeExcludeList;
|
||||
|
||||
public SecurityPropagatingBeanPostProcessor(OrderedIncludeExcludeList includeExcludeList) {
|
||||
this.includeExcludeList = includeExcludeList;
|
||||
}
|
||||
|
||||
public int getOrder() {
|
||||
return 0;
|
||||
}
|
||||
|
||||
public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException {
|
||||
return bean;
|
||||
}
|
||||
|
||||
public Object postProcessAfterInitialization(Object bean, String beanName) throws BeansException {
|
||||
if (AbstractMessageChannel.class.isAssignableFrom(bean.getClass())) {
|
||||
AbstractMessageChannel channel = (AbstractMessageChannel) bean;
|
||||
if (includeExcludeList.isIncluded(beanName)) {
|
||||
channel.addInterceptor(this.interceptor);
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Channel '" + beanName + "' will propagate a SecurityContext.");
|
||||
}
|
||||
}
|
||||
else if (logger.isDebugEnabled()) {
|
||||
logger.debug("Channel '" + beanName + "' is not configured to propagate a SecurityContext.");
|
||||
}
|
||||
}
|
||||
return bean;
|
||||
}
|
||||
|
||||
}
|
||||
@@ -1,55 +0,0 @@
|
||||
/*
|
||||
* Copyright 2002-2008 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.integration.security.config;
|
||||
|
||||
import org.springframework.beans.factory.BeanDefinitionStoreException;
|
||||
import org.springframework.beans.factory.config.ConstructorArgumentValues.ValueHolder;
|
||||
import org.springframework.beans.factory.support.AbstractBeanDefinition;
|
||||
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
|
||||
import org.springframework.beans.factory.xml.AbstractSingleBeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
import org.springframework.security.context.SecurityContext;
|
||||
import org.w3c.dom.Element;
|
||||
|
||||
/**
|
||||
* Interprets the <secure-channels> element which controls default
|
||||
* {@link SecurityContext} propagation behaviour.
|
||||
*
|
||||
* @author Jonas Partner
|
||||
*/
|
||||
public class SecurityPropagatingChannelsParser extends AbstractSingleBeanDefinitionParser {
|
||||
|
||||
IncludeExcludePatternParser includeExcludePatternParser = new IncludeExcludePatternParser();
|
||||
|
||||
@Override
|
||||
protected void doParse(Element element, ParserContext parserContext, BeanDefinitionBuilder builder) {
|
||||
boolean propagateByDefault = Boolean.parseBoolean(element.getAttribute("propagate-by-default"));
|
||||
OrderedIncludeExcludeList includeExcludeList = includeExcludePatternParser.createFromNodeList(
|
||||
propagateByDefault, element.getChildNodes());
|
||||
builder.getBeanDefinition().setBeanClass(SecurityPropagatingBeanPostProcessor.class);
|
||||
builder.getBeanDefinition().getConstructorArgumentValues().addGenericArgumentValue(
|
||||
new ValueHolder(includeExcludeList));
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
protected String resolveId(Element element, AbstractBeanDefinition definition, ParserContext parserContext)
|
||||
throws BeanDefinitionStoreException {
|
||||
return "internal.integration.SecureChannels";
|
||||
}
|
||||
|
||||
}
|
||||
@@ -35,41 +35,4 @@
|
||||
<xsd:attribute name="receive-access" type="xsd:string"/>
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:element name="endpoint-security-policy">
|
||||
<xsd:complexType>
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
Defines security requirements for one or more Message Endpoints.
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
<xsd:attribute name="access" type="xsd:string" use="required"/>
|
||||
<xsd:attribute name="access-decision-manager"
|
||||
type="xsd:string" default="accessDecisionManager" />
|
||||
|
||||
</xsd:complexType>
|
||||
</xsd:element>
|
||||
|
||||
<xsd:element name="security-propagating-channels">
|
||||
<xsd:complexType>
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
Defines a bean post processor which propagates the
|
||||
security context by registering interceptors with channels.
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
<xsd:sequence>
|
||||
<xsd:element name="propagation-patterns" type="propagationPatternType" maxOccurs="1" minOccurs="0"/>
|
||||
</xsd:sequence>
|
||||
<xsd:attribute name="propagate-by-default" type="xsd:boolean" default="true" />
|
||||
|
||||
</xsd:complexType>
|
||||
</xsd:element>
|
||||
|
||||
<xsd:complexType name="propagationPatternType">
|
||||
<xsd:choice maxOccurs="unbounded" minOccurs="0">
|
||||
<xsd:element name="includePattern" type="xsd:string"/>
|
||||
<xsd:element name="excludePattern" type="xsd:string"/>
|
||||
</xsd:choice>
|
||||
</xsd:complexType>
|
||||
|
||||
</xsd:schema>
|
||||
@@ -1,67 +0,0 @@
|
||||
/*
|
||||
* Copyright 2002-2008 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.integration.security.endpoint;
|
||||
|
||||
import org.springframework.integration.endpoint.interceptor.EndpointInterceptorAdapter;
|
||||
import org.springframework.integration.message.Message;
|
||||
import org.springframework.integration.security.SecurityContextUtils;
|
||||
import org.springframework.security.AccessDecisionManager;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
import org.springframework.security.context.SecurityContext;
|
||||
import org.springframework.security.context.SecurityContextHolder;
|
||||
|
||||
/**
|
||||
* @author Jonas Partner
|
||||
*/
|
||||
public class SecurityEndpointInterceptor extends EndpointInterceptorAdapter {
|
||||
|
||||
private final ConfigAttributeDefinition targetSecurityAttributes;
|
||||
|
||||
private final AccessDecisionManager accessDecisionManager;
|
||||
|
||||
public SecurityEndpointInterceptor(ConfigAttributeDefinition endpointSecurityAttributes,
|
||||
AccessDecisionManager accessDecisionManager) {
|
||||
super();
|
||||
this.targetSecurityAttributes = endpointSecurityAttributes;
|
||||
this.accessDecisionManager = accessDecisionManager;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Message<?> preHandle(Message<?> message) {
|
||||
SecurityContext securityContext = null;
|
||||
if (message != null) {
|
||||
securityContext = SecurityContextUtils.getSecurityContextFromHeader(message);
|
||||
}
|
||||
if (securityContext != null) {
|
||||
try {
|
||||
SecurityContextHolder.setContext(securityContext);
|
||||
this.accessDecisionManager.decide(SecurityContextHolder.getContext().getAuthentication(),
|
||||
message, this.targetSecurityAttributes);
|
||||
return message;
|
||||
}
|
||||
finally {
|
||||
SecurityContextHolder.clearContext();
|
||||
}
|
||||
}
|
||||
else {
|
||||
this.accessDecisionManager.decide(SecurityContextHolder.getContext().getAuthentication(),
|
||||
message, this.targetSecurityAttributes);
|
||||
return message;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
@@ -1,114 +0,0 @@
|
||||
/*
|
||||
* Copyright 2002-2008 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.integration.security;
|
||||
|
||||
import static org.junit.Assert.assertNotNull;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
import org.easymock.EasyMock;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
|
||||
import org.springframework.integration.channel.AbstractPollableChannel;
|
||||
import org.springframework.integration.channel.ChannelInterceptor;
|
||||
import org.springframework.integration.channel.MessageChannel;
|
||||
import org.springframework.integration.channel.interceptor.ChannelInterceptorAdapter;
|
||||
import org.springframework.integration.message.Message;
|
||||
import org.springframework.integration.message.selector.MessageSelector;
|
||||
|
||||
/**
|
||||
* @author Jonas Partner
|
||||
*/
|
||||
public class ChannelInterceptorRegisteringBeanPostProcessorTests {
|
||||
|
||||
public ArrayList<String> matchAll;
|
||||
|
||||
|
||||
@Before
|
||||
public void setUp() {
|
||||
matchAll = new ArrayList<String>();
|
||||
matchAll.add(".*");
|
||||
}
|
||||
|
||||
|
||||
@Test
|
||||
public void testWithAbstractMessageChannel() {
|
||||
ChannelInterceptorRegisteringBeanPostProcessor postprocessor = new ChannelInterceptorRegisteringBeanPostProcessor(
|
||||
new TestInterceptor(), matchAll);
|
||||
TestChannel channel = new TestChannel();
|
||||
postprocessor.postProcessAfterInitialization(channel, "shouldNotMatter");
|
||||
assertNotNull("No channel interceptor present after post processing", channel.channelInterceptor);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testWithAbstractMessageChannelAndPatternThatDoes() {
|
||||
ChannelInterceptorRegisteringBeanPostProcessor postprocessor = new ChannelInterceptorRegisteringBeanPostProcessor(
|
||||
new TestInterceptor(), matchAll);
|
||||
TestChannel channel = new TestChannel();
|
||||
postprocessor.postProcessAfterInitialization(channel, "shouldNotMatter");
|
||||
assertNotNull("No channel interceptor present after post processing", channel.channelInterceptor);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testWithMockMessageChanne() {
|
||||
MessageChannel channel = EasyMock.createStrictMock(MessageChannel.class);
|
||||
EasyMock.replay(channel);
|
||||
ChannelInterceptorRegisteringBeanPostProcessor postprocessor = new ChannelInterceptorRegisteringBeanPostProcessor(
|
||||
new TestInterceptor(), matchAll);
|
||||
postprocessor.postProcessAfterInitialization(channel, "shouldNotMatter");
|
||||
EasyMock.verify(channel);
|
||||
}
|
||||
|
||||
|
||||
private static class TestInterceptor extends ChannelInterceptorAdapter {
|
||||
}
|
||||
|
||||
|
||||
private static class TestChannel extends AbstractPollableChannel {
|
||||
|
||||
ChannelInterceptor channelInterceptor;
|
||||
|
||||
|
||||
@Override
|
||||
public void addInterceptor(ChannelInterceptor interceptor) {
|
||||
channelInterceptor = interceptor;
|
||||
super.addInterceptor(interceptor);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected Message<?> doReceive(long timeout) {
|
||||
return null;
|
||||
}
|
||||
|
||||
@Override
|
||||
protected boolean doSend(Message<?> message, long timeout) {
|
||||
return false;
|
||||
}
|
||||
|
||||
public List<Message<?>> clear() {
|
||||
return null;
|
||||
}
|
||||
|
||||
public List<Message<?>> purge(MessageSelector selector) {
|
||||
return null;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
@@ -24,7 +24,7 @@
|
||||
<si-security:access-policy pattern="secured.*" send-access="ROLE_ADMIN"/>
|
||||
</si-security:secured-channels>
|
||||
|
||||
<beans:bean id="testConsumer" class="org.springframework.integration.security.endpoint.TestConsumer"/>
|
||||
<beans:bean id="testConsumer" class="org.springframework.integration.security.channel.TestConsumer"/>
|
||||
|
||||
<outbound-channel-adapter id="securedChannelAdapter" ref="testConsumer"/>
|
||||
|
||||
|
||||
@@ -26,7 +26,6 @@ import org.springframework.beans.factory.annotation.Qualifier;
|
||||
import org.springframework.integration.channel.MessageChannel;
|
||||
import org.springframework.integration.message.StringMessage;
|
||||
import org.springframework.integration.security.SecurityTestUtil;
|
||||
import org.springframework.integration.security.endpoint.TestConsumer;
|
||||
import org.springframework.security.AccessDeniedException;
|
||||
import org.springframework.security.AuthenticationException;
|
||||
import org.springframework.security.context.SecurityContext;
|
||||
|
||||
@@ -1,128 +0,0 @@
|
||||
/*
|
||||
* Copyright 2002-2008 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.integration.security.channel;
|
||||
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertFalse;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
|
||||
import org.junit.After;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.springframework.integration.channel.QueueChannel;
|
||||
import org.springframework.integration.message.Message;
|
||||
import org.springframework.integration.message.MessageHeaders;
|
||||
import org.springframework.integration.message.StringMessage;
|
||||
import org.springframework.integration.security.SecurityContextUtils;
|
||||
import org.springframework.security.Authentication;
|
||||
import org.springframework.security.GrantedAuthority;
|
||||
import org.springframework.security.context.SecurityContext;
|
||||
import org.springframework.security.context.SecurityContextHolder;
|
||||
|
||||
/**
|
||||
* @author Jonas Partner
|
||||
*/
|
||||
public class SecurityContextPropagatingChannelInterceptorTests {
|
||||
|
||||
private QueueChannel channel;
|
||||
|
||||
private SecurityContextPropagatingChannelInterceptor securityPropogatingChannelInterceptor;
|
||||
|
||||
private StubSecurityContext securityContext;
|
||||
|
||||
@Before
|
||||
public void setUp() {
|
||||
this.channel = new QueueChannel();
|
||||
this.securityPropogatingChannelInterceptor = new SecurityContextPropagatingChannelInterceptor();
|
||||
this.channel.addInterceptor(securityPropogatingChannelInterceptor);
|
||||
this.securityContext = new StubSecurityContext();
|
||||
}
|
||||
|
||||
@After
|
||||
public void tearDown() {
|
||||
SecurityContextHolder.clearContext();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testPropogationWhenSecurityContextExists() {
|
||||
this.associateContextWithThread();
|
||||
Message<?> message = new StringMessage("test");
|
||||
this.channel.send(message);
|
||||
message = channel.receive(0);
|
||||
MessageHeaders headers = message.getHeaders();
|
||||
assertTrue("No security context attribute found in header.",
|
||||
headers.keySet().contains(SecurityContextUtils.SECURITY_CONTEXT_HEADER_ATTRIBUTE));
|
||||
SecurityContext contextFromHeader = SecurityContextUtils.getSecurityContextFromHeader(message);
|
||||
assertEquals("Incorrect security context in message header.", securityContext, contextFromHeader);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testHeaderNotSetWhenNoSecurityContextExists() {
|
||||
Message<?> message = new StringMessage("test");
|
||||
channel.send(message);
|
||||
message = channel.receive(0);
|
||||
MessageHeaders headers = message.getHeaders();
|
||||
assertFalse("Security context header found when no security context existed.",
|
||||
headers.keySet().contains(SecurityContextUtils.SECURITY_CONTEXT_HEADER_ATTRIBUTE));
|
||||
}
|
||||
|
||||
private void associateContextWithThread() {
|
||||
SecurityContextHolder.setContext(securityContext);
|
||||
}
|
||||
|
||||
@SuppressWarnings("serial")
|
||||
private static class StubSecurityContext implements SecurityContext {
|
||||
|
||||
private Authentication authentication = new Authentication() {
|
||||
|
||||
public GrantedAuthority[] getAuthorities() {
|
||||
return null;
|
||||
}
|
||||
|
||||
public Object getCredentials() {
|
||||
return null;
|
||||
}
|
||||
|
||||
public Object getDetails() {
|
||||
return null;
|
||||
}
|
||||
|
||||
public Object getPrincipal() {
|
||||
return null;
|
||||
}
|
||||
|
||||
public boolean isAuthenticated() {
|
||||
return false;
|
||||
}
|
||||
|
||||
public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException {
|
||||
}
|
||||
|
||||
public String getName() {
|
||||
return null;
|
||||
}
|
||||
};
|
||||
|
||||
public Authentication getAuthentication() {
|
||||
return authentication;
|
||||
}
|
||||
|
||||
public void setAuthentication(Authentication authentication) {
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
@@ -14,7 +14,7 @@
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.integration.security.endpoint;
|
||||
package org.springframework.integration.security.channel;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
@@ -22,6 +22,9 @@ import java.util.List;
|
||||
import org.springframework.integration.message.Message;
|
||||
import org.springframework.integration.message.MessageConsumer;
|
||||
|
||||
/**
|
||||
* @author Mark Fisher
|
||||
*/
|
||||
public class TestConsumer implements MessageConsumer {
|
||||
|
||||
public List<Message<?>> sentMessages = new ArrayList<Message<?>>();
|
||||
@@ -1,68 +0,0 @@
|
||||
/*
|
||||
* Copyright 2002-2008 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.integration.security.config;
|
||||
|
||||
import static org.junit.Assert.*;
|
||||
|
||||
import java.io.StringReader;
|
||||
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.w3c.dom.Document;
|
||||
import org.w3c.dom.NodeList;
|
||||
import org.xml.sax.InputSource;
|
||||
|
||||
public class IncludeExcludePatternParserTests {
|
||||
|
||||
IncludeExcludePatternParser patternParser;
|
||||
|
||||
@Before
|
||||
public void setUp() {
|
||||
patternParser = new IncludeExcludePatternParser();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSimpleIncludeWithIncludeByDefaultFalse() throws Exception {
|
||||
NodeList nodeList = getNodeList("<doc><includePattern>includeMe</includePattern><excludePattern>.*</excludePattern></doc>");
|
||||
OrderedIncludeExcludeList matcher = patternParser.createFromNodeList(false, nodeList);
|
||||
assertTrue("Did not match expected entry includeMe", matcher.isIncluded("includeMe"));
|
||||
assertFalse("Matched unexpected entry notMe", matcher.isIncluded("notMe"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testIncludeByDefaultTrue() throws Exception {
|
||||
NodeList nodeList = getNodeList("<doc></doc>");
|
||||
OrderedIncludeExcludeList matcher = patternParser.createFromNodeList(true, nodeList);
|
||||
assertTrue("Did not match expected entry includeMe", matcher.isIncluded("anything"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testIncludeByDefaultTrueButExcluded() throws Exception {
|
||||
NodeList nodeList = getNodeList("<doc><excludePattern>ex.*</excludePattern><includePattern>exShouldNotMatter</includePattern></doc>");
|
||||
OrderedIncludeExcludeList matcher = patternParser.createFromNodeList(true, nodeList);
|
||||
assertFalse("Matched unexpected entry exNotMe", matcher.isIncluded("exNotMe"));
|
||||
assertFalse("Matched unexpected entry exShouldNotMatter", matcher.isIncluded("exShouldNotMatter"));
|
||||
}
|
||||
|
||||
public NodeList getNodeList(String xmlString) throws Exception {
|
||||
StringReader reader = new StringReader(xmlString);
|
||||
Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(new InputSource(reader));
|
||||
return doc.getDocumentElement().getChildNodes();
|
||||
}
|
||||
|
||||
}
|
||||
@@ -1,73 +0,0 @@
|
||||
/*
|
||||
* Copyright 2002-2008 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.integration.security.config;
|
||||
|
||||
import static org.junit.Assert.*;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
import org.junit.Test;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Jonas Partner
|
||||
*
|
||||
*/
|
||||
public class JdkRegExpOrderedIncludeExcludeListTests {
|
||||
|
||||
@Test
|
||||
public void testSimpleInclusionIncludeByDefaultFalse() {
|
||||
List<IncludeExcludePattern> patterns = createIncludeExcludeList(new boolean[] { true }, new String[] { ".*" });
|
||||
JdkRegExpOrderedIncludeExcludeList matcher = new JdkRegExpOrderedIncludeExcludeList(false, patterns);
|
||||
assertTrue("Did not match expected name", matcher.isIncluded("anyoldthing"));
|
||||
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testNoPatternsIncludeByDefaultTrue() {
|
||||
List<IncludeExcludePattern> patterns = createIncludeExcludeList(new boolean[] {}, new String[] {});
|
||||
JdkRegExpOrderedIncludeExcludeList matcher = new JdkRegExpOrderedIncludeExcludeList(true, patterns);
|
||||
assertTrue("Did not match expected name", matcher.isIncluded("anyoldthing"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testNoPatternsIncludeByDefaultFalse() {
|
||||
List<IncludeExcludePattern> patterns = createIncludeExcludeList(new boolean[] {}, new String[] {});
|
||||
JdkRegExpOrderedIncludeExcludeList matcher = new JdkRegExpOrderedIncludeExcludeList(false, patterns);
|
||||
assertFalse("Unexpected match when match by default false and no patterns", matcher.isIncluded("anyoldthing"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testExcludeThenIncludeWithIncludeByDefaultFalse() {
|
||||
List<IncludeExcludePattern> patterns = createIncludeExcludeList(new boolean[] { false, true }, new String[] {
|
||||
"admin.*", ".*" });
|
||||
JdkRegExpOrderedIncludeExcludeList matcher = new JdkRegExpOrderedIncludeExcludeList(false, patterns);
|
||||
assertFalse("Unexpected match when match by default false and should have been excluded", matcher
|
||||
.isIncluded("adminChannel"));
|
||||
}
|
||||
|
||||
List<IncludeExcludePattern> createIncludeExcludeList(boolean[] includeExclude, String[] patterns) {
|
||||
assertEquals("flag and patterns arrays must be same length", includeExclude.length, patterns.length);
|
||||
|
||||
List<IncludeExcludePattern> includeExcludePatterns = new ArrayList<IncludeExcludePattern>(patterns.length);
|
||||
for (int i = 0; i < includeExclude.length; i++) {
|
||||
includeExcludePatterns.add(new IncludeExcludePattern(includeExclude[i], patterns[i]));
|
||||
}
|
||||
return includeExcludePatterns;
|
||||
}
|
||||
|
||||
}
|
||||
@@ -1,31 +0,0 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<beans:beans xmlns="http://www.springframework.org/schema/integration"
|
||||
xmlns:si-security="http://www.springframework.org/schema/integration/security"
|
||||
xmlns:beans="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns:security="http://www.springframework.org/schema/security"
|
||||
xmlns:context="http://www.springframework.org/schema/context"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/beans
|
||||
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
|
||||
http://www.springframework.org/schema/security
|
||||
http://www.springframework.org/schema/security/spring-security-2.0.xsd
|
||||
http://www.springframework.org/schema/integration
|
||||
http://www.springframework.org/schema/integration/spring-integration-1.0.xsd
|
||||
http://www.springframework.org/schema/integration/security
|
||||
http://www.springframework.org/schema/integration/security/spring-integration-security-1.0.xsd
|
||||
http://www.springframework.org/schema/context
|
||||
http://www.springframework.org/schema/context/spring-context-2.5.xsd">
|
||||
|
||||
<si-security:security-propagating-channels
|
||||
propagate-by-default="false">
|
||||
<si-security:propagation-patterns>
|
||||
<si-security:excludePattern>
|
||||
adminSpecial
|
||||
</si-security:excludePattern>
|
||||
<si-security:includePattern>
|
||||
admin.*
|
||||
</si-security:includePattern>
|
||||
</si-security:propagation-patterns>
|
||||
</si-security:security-propagating-channels>
|
||||
|
||||
</beans:beans>
|
||||
@@ -1,21 +0,0 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<beans:beans xmlns="http://www.springframework.org/schema/integration"
|
||||
xmlns:si-security="http://www.springframework.org/schema/integration/security"
|
||||
xmlns:beans="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns:security="http://www.springframework.org/schema/security"
|
||||
xmlns:context="http://www.springframework.org/schema/context"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/beans
|
||||
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
|
||||
http://www.springframework.org/schema/security
|
||||
http://www.springframework.org/schema/security/spring-security-2.0.xsd
|
||||
http://www.springframework.org/schema/integration
|
||||
http://www.springframework.org/schema/integration/spring-integration-1.0.xsd
|
||||
http://www.springframework.org/schema/integration/security
|
||||
http://www.springframework.org/schema/integration/security/spring-integration-security-1.0.xsd
|
||||
http://www.springframework.org/schema/context
|
||||
http://www.springframework.org/schema/context/spring-context-2.5.xsd">
|
||||
|
||||
<si-security:security-propagating-channels propagate-by-default="true"/>
|
||||
|
||||
</beans:beans>
|
||||
@@ -1,98 +0,0 @@
|
||||
/*
|
||||
* Copyright 2002-2008 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.integration.security.config;
|
||||
|
||||
import static org.junit.Assert.*;
|
||||
|
||||
import org.junit.After;
|
||||
import org.junit.Test;
|
||||
|
||||
import org.springframework.beans.factory.config.AutowireCapableBeanFactory;
|
||||
import org.springframework.context.support.ClassPathXmlApplicationContext;
|
||||
import org.springframework.integration.channel.PollableChannel;
|
||||
import org.springframework.integration.channel.QueueChannel;
|
||||
import org.springframework.integration.message.StringMessage;
|
||||
import org.springframework.security.context.SecurityContext;
|
||||
import org.springframework.security.context.SecurityContextHolder;
|
||||
import org.springframework.security.context.SecurityContextImpl;
|
||||
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
|
||||
|
||||
/**
|
||||
* @author Jonas Partner
|
||||
*/
|
||||
public class SecurityPropagatingChannelsParserTests {
|
||||
|
||||
private ClassPathXmlApplicationContext applicationContext;
|
||||
|
||||
@After
|
||||
public void tearDown() {
|
||||
if (applicationContext != null) {
|
||||
applicationContext.close();
|
||||
}
|
||||
SecurityContextHolder.clearContext();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testPropagationByDefault() {
|
||||
loadApplicationContext(this.getClass().getSimpleName() + "-propagateByDefaultContext.xml");
|
||||
QueueChannel channel = new QueueChannel();
|
||||
applicationContext.getAutowireCapableBeanFactory().applyBeanPostProcessorsAfterInitialization(channel,
|
||||
"Does not matter");
|
||||
assertTrue("security context did not propagate by setting message bus level default",
|
||||
channelPropagatesSecurityContext(channel));
|
||||
}
|
||||
|
||||
// @Test
|
||||
// public void testNoPropagationOnExcludedChannel() {
|
||||
// loadApplicationContext(this.getClass().getSimpleName() +
|
||||
// "-propagateByDefaultContext.xml");
|
||||
// assertFalse("security context propagated when channel was explicitly
|
||||
// excluded",
|
||||
// channelPropagatesSecurityContext(excludedFromPropagation));
|
||||
// }
|
||||
//
|
||||
@Test
|
||||
public void testNoPropagationWithExcludedChannel() {
|
||||
loadApplicationContext(this.getClass().getSimpleName() + "-noPropagationByDefaultContext.xml");
|
||||
QueueChannel channel = new QueueChannel();
|
||||
applicationContext.getAutowireCapableBeanFactory().applyBeanPostProcessorsAfterInitialization(channel,
|
||||
"adminSpecial");
|
||||
assertFalse("security context propagated when channel excluded", channelPropagatesSecurityContext(channel));
|
||||
}
|
||||
|
||||
private boolean channelPropagatesSecurityContext(PollableChannel channel) {
|
||||
login("bob", "bobspassword");
|
||||
channel.send(new StringMessage("testMessage"));
|
||||
SecurityContext context = (SecurityContext) channel.receive(-1).getHeaders().get(
|
||||
"SPRING_SECURITY_CONTEXT");
|
||||
return context != null;
|
||||
}
|
||||
|
||||
private void login(String username, String password) {
|
||||
UsernamePasswordAuthenticationToken authToken = new UsernamePasswordAuthenticationToken(username, password);
|
||||
SecurityContext context = new SecurityContextImpl();
|
||||
context.setAuthentication(authToken);
|
||||
SecurityContextHolder.setContext(context);
|
||||
}
|
||||
|
||||
private void loadApplicationContext(String resource) {
|
||||
this.applicationContext = new ClassPathXmlApplicationContext(resource, this.getClass());
|
||||
AutowireCapableBeanFactory beanFactory = this.applicationContext.getAutowireCapableBeanFactory();
|
||||
beanFactory.autowireBean(this);
|
||||
}
|
||||
|
||||
}
|
||||
@@ -1,61 +0,0 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<beans:beans xmlns="http://www.springframework.org/schema/integration"
|
||||
xmlns:si-security="http://www.springframework.org/schema/integration/security"
|
||||
xmlns:beans="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns:security="http://www.springframework.org/schema/security"
|
||||
xmlns:context="http://www.springframework.org/schema/context"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/beans
|
||||
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
|
||||
http://www.springframework.org/schema/security
|
||||
http://www.springframework.org/schema/security/spring-security-2.0.xsd
|
||||
http://www.springframework.org/schema/integration
|
||||
http://www.springframework.org/schema/integration/spring-integration-1.0.xsd
|
||||
http://www.springframework.org/schema/integration/security
|
||||
http://www.springframework.org/schema/integration/security/spring-integration-security-1.0.xsd
|
||||
http://www.springframework.org/schema/context
|
||||
http://www.springframework.org/schema/context/spring-context-2.5.xsd">
|
||||
|
||||
<message-bus/>
|
||||
|
||||
<channel id="input"/>
|
||||
|
||||
<service-activator id="endpoint"
|
||||
input-channel="input"
|
||||
output-channel="output"
|
||||
ref="testHandler">
|
||||
<interceptors>
|
||||
<si-security:endpoint-security-policy access="ROLE_ADMIN"/>
|
||||
</interceptors>
|
||||
</service-activator>
|
||||
|
||||
<outbound-channel-adapter id="output" ref="testConsumer"/>
|
||||
|
||||
<beans:bean id="testHandler"
|
||||
class="org.springframework.integration.security.endpoint.TestHandler"/>
|
||||
|
||||
<beans:bean id="testConsumer"
|
||||
class="org.springframework.integration.security.endpoint.TestConsumer"/>
|
||||
|
||||
<beans:bean id="accessDecisionManager"
|
||||
class="org.springframework.security.vote.AffirmativeBased">
|
||||
<beans:property name="allowIfAllAbstainDecisions" value="true"/>
|
||||
<beans:property name="decisionVoters">
|
||||
<beans:list>
|
||||
<beans:bean
|
||||
class="org.springframework.security.vote.RoleVoter"/>
|
||||
</beans:list>
|
||||
</beans:property>
|
||||
</beans:bean>
|
||||
|
||||
<security:authentication-provider
|
||||
user-service-ref="userDetailsService" />
|
||||
|
||||
<security:user-service id="userDetailsService">
|
||||
<security:user name="jimi" password="jimispassword"
|
||||
authorities="ROLE_USER, ROLE_ADMIN"/>
|
||||
<security:user name="bob" password="bobspassword"
|
||||
authorities="ROLE_USER"/>
|
||||
</security:user-service>
|
||||
|
||||
</beans:beans>
|
||||
@@ -1,87 +0,0 @@
|
||||
/*
|
||||
* Copyright 2002-2008 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.integration.security.endpoint;
|
||||
|
||||
import static org.junit.Assert.assertEquals;
|
||||
|
||||
import org.junit.After;
|
||||
import org.junit.Test;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.beans.factory.annotation.Qualifier;
|
||||
import org.springframework.integration.channel.MessageChannel;
|
||||
import org.springframework.integration.message.MessagingException;
|
||||
import org.springframework.integration.message.StringMessage;
|
||||
import org.springframework.integration.security.SecurityTestUtil;
|
||||
import org.springframework.security.AccessDeniedException;
|
||||
import org.springframework.security.context.SecurityContext;
|
||||
import org.springframework.security.context.SecurityContextHolder;
|
||||
import org.springframework.test.annotation.DirtiesContext;
|
||||
import org.springframework.test.context.ContextConfiguration;
|
||||
import org.springframework.test.context.junit4.AbstractJUnit4SpringContextTests;
|
||||
|
||||
/**
|
||||
* @author Jonas Partner
|
||||
* @author Mark Fisher
|
||||
*/
|
||||
@ContextConfiguration
|
||||
public class EndpointSecurityIntegrationTests extends AbstractJUnit4SpringContextTests {
|
||||
|
||||
@Autowired
|
||||
@Qualifier("input")
|
||||
MessageChannel input;
|
||||
|
||||
@Autowired
|
||||
TestHandler testHandler;
|
||||
|
||||
@Autowired
|
||||
TestConsumer testConsumer;
|
||||
|
||||
|
||||
@After
|
||||
public void tearDown() {
|
||||
SecurityContextHolder.clearContext();
|
||||
}
|
||||
|
||||
@Test
|
||||
@DirtiesContext
|
||||
public void testWithPermision() {
|
||||
login("bob", "bobspassword", "ROLE_ADMIN");
|
||||
input.send(new StringMessage("test"));
|
||||
assertEquals("Wrong size of message list in handler", 1, testHandler.sentMessages.size());
|
||||
assertEquals("Wrong size of message list in consumer", 1, testConsumer.sentMessages.size());
|
||||
}
|
||||
|
||||
@Test(expected = AccessDeniedException.class)
|
||||
@DirtiesContext
|
||||
public void testWithoutPermision() throws Throwable {
|
||||
login("bob", "bobspassword", "ROLE_USER");
|
||||
try {
|
||||
input.send(new StringMessage("test"));
|
||||
}
|
||||
catch (MessagingException e) {
|
||||
throw e.getCause();
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
private void login(String username, String password, String... roles) {
|
||||
SecurityContext context = SecurityTestUtil.createContext(username, password, roles);
|
||||
SecurityContextHolder.setContext(context);
|
||||
}
|
||||
|
||||
}
|
||||
@@ -1,137 +0,0 @@
|
||||
/*
|
||||
* Copyright 2002-2008 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.integration.security.endpoint;
|
||||
|
||||
import static org.easymock.EasyMock.createMock;
|
||||
import static org.easymock.EasyMock.expectLastCall;
|
||||
import static org.easymock.EasyMock.replay;
|
||||
import static org.easymock.EasyMock.verify;
|
||||
import static org.junit.Assert.assertNull;
|
||||
|
||||
import org.junit.Test;
|
||||
|
||||
import org.springframework.integration.message.Message;
|
||||
import org.springframework.integration.message.StringMessage;
|
||||
import org.springframework.integration.security.SecurityContextUtils;
|
||||
import org.springframework.integration.security.SecurityTestUtil;
|
||||
import org.springframework.security.AccessDecisionManager;
|
||||
import org.springframework.security.AccessDeniedException;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
import org.springframework.security.context.SecurityContext;
|
||||
import org.springframework.security.context.SecurityContextHolder;
|
||||
|
||||
/**
|
||||
* @author Jonas Partner
|
||||
* @author Mark Fisher
|
||||
*/
|
||||
public class SecurityEndpointInterceptorTests {
|
||||
|
||||
@Test(expected = AccessDeniedException.class)
|
||||
public void testUnauthenticatedAccessToSecuredEndpointWithNullMessage() throws Throwable {
|
||||
try {
|
||||
Message<?> message = null;
|
||||
ConfigAttributeDefinition attDefintion = new ConfigAttributeDefinition("ROLE_ADMIN");
|
||||
AccessDecisionManager adm = createMock(AccessDecisionManager.class);
|
||||
adm.decide(null, message, attDefintion);
|
||||
expectLastCall().andThrow(new AccessDeniedException("nope"));
|
||||
replay(adm);
|
||||
|
||||
SecurityEndpointInterceptor interceptor = new SecurityEndpointInterceptor(attDefintion, adm);
|
||||
interceptor.preHandle(message);
|
||||
verify(adm);
|
||||
}
|
||||
finally {
|
||||
assertNull("Authentication was not null after invocation threw AccessDeniedException",
|
||||
SecurityContextHolder.getContext().getAuthentication());
|
||||
}
|
||||
}
|
||||
|
||||
@Test(expected = AccessDeniedException.class)
|
||||
public void testUnauthenticatedAccessToSecuredEndpointWithNoSecurityContext() throws Throwable {
|
||||
try {
|
||||
Message<?> message = this.createMessageWithoutContext();
|
||||
ConfigAttributeDefinition attDefintion = new ConfigAttributeDefinition("ROLE_ADMIN");
|
||||
AccessDecisionManager adm = createMock(AccessDecisionManager.class);
|
||||
adm.decide(null, message, attDefintion);
|
||||
expectLastCall().andThrow(new AccessDeniedException("nope"));
|
||||
replay(adm);
|
||||
|
||||
SecurityEndpointInterceptor interceptor = new SecurityEndpointInterceptor(attDefintion, adm);
|
||||
interceptor.preHandle(message);
|
||||
verify(adm);
|
||||
}
|
||||
finally {
|
||||
assertNull("Authentication was not null after invocation threw AccessDeniedException",
|
||||
SecurityContextHolder.getContext().getAuthentication());
|
||||
}
|
||||
}
|
||||
|
||||
@Test(expected = AccessDeniedException.class)
|
||||
public void testUnauthenticatedAccessToSecuredEndpointWithSecurityContext() throws Throwable {
|
||||
try {
|
||||
SecurityContext context = SecurityTestUtil.createContext("bob", "bobspassword",
|
||||
new String[] { "ROLE_ADMIN" });
|
||||
ConfigAttributeDefinition attDefintion = new ConfigAttributeDefinition("ROLE_ADMIN");
|
||||
Message<?> message = this.createMessageWithContext(context);
|
||||
|
||||
AccessDecisionManager adm = createMock(AccessDecisionManager.class);
|
||||
adm.decide(context.getAuthentication(), message, attDefintion);
|
||||
expectLastCall().andThrow(new AccessDeniedException("nope"));
|
||||
replay(adm);
|
||||
|
||||
SecurityEndpointInterceptor interceptor = new SecurityEndpointInterceptor(attDefintion, adm);
|
||||
interceptor.preHandle(message);
|
||||
verify(adm);
|
||||
}
|
||||
finally {
|
||||
assertNull("Authentication was not null after successful invocation", SecurityContextHolder.getContext()
|
||||
.getAuthentication());
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testAuthenticatedAccessToSecuredEndpoint() throws Throwable {
|
||||
try {
|
||||
SecurityContext context = SecurityTestUtil.createContext("bob", "bobspassword",
|
||||
new String[] { "ROLE_ADMIN" });
|
||||
ConfigAttributeDefinition attDefintion = new ConfigAttributeDefinition("ROLE_ADMIN");
|
||||
Message<?> message = this.createMessageWithContext(context);
|
||||
AccessDecisionManager adm = createMock(AccessDecisionManager.class);
|
||||
adm.decide(context.getAuthentication(), message, attDefintion);
|
||||
expectLastCall();
|
||||
replay(adm);
|
||||
|
||||
SecurityEndpointInterceptor interceptor = new SecurityEndpointInterceptor(attDefintion, adm);
|
||||
interceptor.preHandle(message);
|
||||
verify(adm);
|
||||
}
|
||||
finally {
|
||||
assertNull("Authentication was not null after successful invocation", SecurityContextHolder.getContext()
|
||||
.getAuthentication());
|
||||
}
|
||||
}
|
||||
|
||||
public Message<?> createMessageWithContext(SecurityContext securityContext) {
|
||||
Message<?> message = new StringMessage("test");
|
||||
return SecurityContextUtils.setSecurityContextHeader(securityContext, message);
|
||||
}
|
||||
|
||||
public Message<?> createMessageWithoutContext() {
|
||||
return new StringMessage("test");
|
||||
}
|
||||
|
||||
}
|
||||
@@ -1,36 +0,0 @@
|
||||
/*
|
||||
* Copyright 2002-2008 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.integration.security.endpoint;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
import org.springframework.integration.message.Message;
|
||||
|
||||
/**
|
||||
* @author Mark Fisher
|
||||
*/
|
||||
public class TestHandler {
|
||||
|
||||
public List<Message<?>> sentMessages = new ArrayList<Message<?>>();
|
||||
|
||||
public Message<?> handle(Message<?> message) {
|
||||
sentMessages.add(message);
|
||||
return message;
|
||||
}
|
||||
|
||||
}
|
||||
Reference in New Issue
Block a user