From 121c7a65b13d1bcb11e39d2e28af8ea6a307f53b Mon Sep 17 00:00:00 2001 From: Mark Fisher Date: Mon, 29 Sep 2008 02:16:50 +0000 Subject: [PATCH] Moved all security code other than ChannelSecurityInterceptor (including endpoint interceptor and securityContext propagation) to the sandbox prior to 1.0. --- ...terceptorRegisteringBeanPostProcessor.java | 80 ---------- .../security/SecurityContextUtils.java | 40 ----- ...ackBasedSecurityContextHolderStrategy.java | 76 ---------- .../security/channel/ChannelAccessPolicy.java | 2 + ...yContextPropagatingChannelInterceptor.java | 56 ------- .../config/IncludeExcludePattern.java | 47 ------ .../config/IncludeExcludePatternParser.java | 40 ----- .../IntegrationSecurityNamespaceHandler.java | 8 - .../JdkRegExpOrderedIncludeExcludeList.java | 67 --------- .../config/OrderedIncludeExcludeList.java | 29 ---- .../SecurityEndpointInterceptorParser.java | 68 --------- .../SecurityPropagatingBeanPostProcessor.java | 74 ---------- .../SecurityPropagatingChannelsParser.java | 55 ------- .../spring-integration-security-1.0.xsd | 37 ----- .../endpoint/SecurityEndpointInterceptor.java | 67 --------- ...ptorRegisteringBeanPostProcessorTests.java | 114 --------------- ...dapterSecurityIntegrationTests-context.xml | 2 +- ...hannelAdapterSecurityIntegrationTests.java | 1 - ...extPropagatingChannelInterceptorTests.java | 128 ---------------- .../{endpoint => channel}/TestConsumer.java | 5 +- .../IncludeExcludePatternParserTests.java | 68 --------- ...kRegExpOrderedIncludeExcludeListTests.java | 73 ---------- ...serTests-noPropagationByDefaultContext.xml | 31 ---- ...sParserTests-propagateByDefaultContext.xml | 21 --- ...ecurityPropagatingChannelsParserTests.java | 98 ------------- ...dpointSecurityIntegrationTests-context.xml | 61 -------- .../EndpointSecurityIntegrationTests.java | 87 ----------- .../SecurityEndpointInterceptorTests.java | 137 ------------------ .../security/endpoint/TestHandler.java | 36 ----- 29 files changed, 7 insertions(+), 1601 deletions(-) delete mode 100644 org.springframework.integration.security/src/main/java/org/springframework/integration/security/ChannelInterceptorRegisteringBeanPostProcessor.java delete mode 100644 org.springframework.integration.security/src/main/java/org/springframework/integration/security/SecurityContextUtils.java delete mode 100644 org.springframework.integration.security/src/main/java/org/springframework/integration/security/StackBasedSecurityContextHolderStrategy.java delete mode 100644 org.springframework.integration.security/src/main/java/org/springframework/integration/security/channel/SecurityContextPropagatingChannelInterceptor.java delete mode 100644 org.springframework.integration.security/src/main/java/org/springframework/integration/security/config/IncludeExcludePattern.java delete mode 100644 org.springframework.integration.security/src/main/java/org/springframework/integration/security/config/IncludeExcludePatternParser.java delete mode 100644 org.springframework.integration.security/src/main/java/org/springframework/integration/security/config/JdkRegExpOrderedIncludeExcludeList.java delete mode 100644 org.springframework.integration.security/src/main/java/org/springframework/integration/security/config/OrderedIncludeExcludeList.java delete mode 100644 org.springframework.integration.security/src/main/java/org/springframework/integration/security/config/SecurityEndpointInterceptorParser.java delete mode 100644 org.springframework.integration.security/src/main/java/org/springframework/integration/security/config/SecurityPropagatingBeanPostProcessor.java delete mode 100644 org.springframework.integration.security/src/main/java/org/springframework/integration/security/config/SecurityPropagatingChannelsParser.java delete mode 100644 org.springframework.integration.security/src/main/java/org/springframework/integration/security/endpoint/SecurityEndpointInterceptor.java delete mode 100644 org.springframework.integration.security/src/test/java/org/springframework/integration/security/ChannelInterceptorRegisteringBeanPostProcessorTests.java delete mode 100644 org.springframework.integration.security/src/test/java/org/springframework/integration/security/channel/SecurityContextPropagatingChannelInterceptorTests.java rename org.springframework.integration.security/src/test/java/org/springframework/integration/security/{endpoint => channel}/TestConsumer.java (91%) delete mode 100644 org.springframework.integration.security/src/test/java/org/springframework/integration/security/config/IncludeExcludePatternParserTests.java delete mode 100644 org.springframework.integration.security/src/test/java/org/springframework/integration/security/config/JdkRegExpOrderedIncludeExcludeListTests.java delete mode 100644 org.springframework.integration.security/src/test/java/org/springframework/integration/security/config/SecurityPropagatingChannelsParserTests-noPropagationByDefaultContext.xml delete mode 100644 org.springframework.integration.security/src/test/java/org/springframework/integration/security/config/SecurityPropagatingChannelsParserTests-propagateByDefaultContext.xml delete mode 100644 org.springframework.integration.security/src/test/java/org/springframework/integration/security/config/SecurityPropagatingChannelsParserTests.java delete mode 100644 org.springframework.integration.security/src/test/java/org/springframework/integration/security/endpoint/EndpointSecurityIntegrationTests-context.xml delete mode 100644 org.springframework.integration.security/src/test/java/org/springframework/integration/security/endpoint/EndpointSecurityIntegrationTests.java delete mode 100644 org.springframework.integration.security/src/test/java/org/springframework/integration/security/endpoint/SecurityEndpointInterceptorTests.java delete mode 100644 org.springframework.integration.security/src/test/java/org/springframework/integration/security/endpoint/TestHandler.java diff --git a/org.springframework.integration.security/src/main/java/org/springframework/integration/security/ChannelInterceptorRegisteringBeanPostProcessor.java b/org.springframework.integration.security/src/main/java/org/springframework/integration/security/ChannelInterceptorRegisteringBeanPostProcessor.java deleted file mode 100644 index f576150049..0000000000 --- a/org.springframework.integration.security/src/main/java/org/springframework/integration/security/ChannelInterceptorRegisteringBeanPostProcessor.java +++ /dev/null @@ -1,80 +0,0 @@ -/* - * Copyright 2002-2008 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.integration.security; - -import java.util.ArrayList; -import java.util.List; -import java.util.regex.Pattern; - -import org.springframework.beans.BeansException; -import org.springframework.beans.factory.config.BeanPostProcessor; -import org.springframework.core.Ordered; -import org.springframework.integration.channel.AbstractMessageChannel; -import org.springframework.integration.channel.ChannelInterceptor; - -/** - * Registers the provided {@link ChannelInterceptor} instance with any - * {@link AbstractMessageChannel} with a name matching the provided pattern - * @author Jonas Partner - * - */ -public class ChannelInterceptorRegisteringBeanPostProcessor implements BeanPostProcessor, Ordered { - - private final ChannelInterceptor channelInterceptor; - - private final List regexpPatterns; - - private int order; - - public ChannelInterceptorRegisteringBeanPostProcessor(ChannelInterceptor channelInterceptor, List patterns) { - this.channelInterceptor = channelInterceptor; - - this.regexpPatterns = new ArrayList(); - for (String stringPattern : patterns) { - regexpPatterns.add(Pattern.compile(stringPattern)); - } - } - - public Object postProcessAfterInitialization(Object bean, String beanName) throws BeansException { - if (AbstractMessageChannel.class.isAssignableFrom(bean.getClass()) && matchesPattern(beanName)) { - ((AbstractMessageChannel) bean).addInterceptor(channelInterceptor); - } - return bean; - } - - public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException { - return bean; - } - - public int getOrder() { - return order; - } - - public void setOrder(int order) { - this.order = order; - } - - protected boolean matchesPattern(String beanName) { - for (Pattern regexpPattern : regexpPatterns) { - if (regexpPattern.matcher(beanName).matches()) { - return true; - } - } - return false; - } - -} diff --git a/org.springframework.integration.security/src/main/java/org/springframework/integration/security/SecurityContextUtils.java b/org.springframework.integration.security/src/main/java/org/springframework/integration/security/SecurityContextUtils.java deleted file mode 100644 index a8aecc0a40..0000000000 --- a/org.springframework.integration.security/src/main/java/org/springframework/integration/security/SecurityContextUtils.java +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Copyright 2002-2008 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.integration.security; - -import org.springframework.integration.message.Message; -import org.springframework.integration.message.MessageBuilder; -import org.springframework.security.context.SecurityContext; - -/** - * @author Jonas Partner - * - */ -public class SecurityContextUtils { - - public static final String SECURITY_CONTEXT_HEADER_ATTRIBUTE = "SPRING_SECURITY_CONTEXT"; - - public static SecurityContext getSecurityContextFromHeader(Message message) { - return (SecurityContext) message.getHeaders().get(SECURITY_CONTEXT_HEADER_ATTRIBUTE); - } - - public static Message setSecurityContextHeader(SecurityContext sctx, Message message) { - return MessageBuilder.fromMessage(message) - .setHeader(SECURITY_CONTEXT_HEADER_ATTRIBUTE, sctx).build(); - } - -} diff --git a/org.springframework.integration.security/src/main/java/org/springframework/integration/security/StackBasedSecurityContextHolderStrategy.java b/org.springframework.integration.security/src/main/java/org/springframework/integration/security/StackBasedSecurityContextHolderStrategy.java deleted file mode 100644 index 7424703086..0000000000 --- a/org.springframework.integration.security/src/main/java/org/springframework/integration/security/StackBasedSecurityContextHolderStrategy.java +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Copyright 2002-2008 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.integration.security; - -import java.util.LinkedList; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.springframework.security.context.SecurityContext; -import org.springframework.security.context.SecurityContextHolderStrategy; -import org.springframework.security.context.SecurityContextImpl; -import org.springframework.util.Assert; - -/** - * Covers scenarios where direct channels are used and ensures that an existing - * {@link SecurityContext} is not unintentionally cleared - * @author Jonas Partner - * - */ -public class StackBasedSecurityContextHolderStrategy implements SecurityContextHolderStrategy { - - private Log logger = LogFactory.getLog(getClass()); - - private static ThreadLocal> contextHolder = new ThreadLocal>(); - - public void clearContext() { - if (getStackForThread().size() > 0) { - SecurityContext ctx = getStackForThread().removeFirst(); - logger.debug("Popped security context " + ctx); - } - } - - public SecurityContext getContext() { - if (getStackForThread().peek() == null) { - logger.debug("Pushed new blank security context"); - getStackForThread().addFirst(new SecurityContextImpl()); - } - - return (SecurityContext) getStackForThread().peek(); - } - - public void setContext(SecurityContext context) { - Assert.notNull(context, "Only non-null SecurityContext instances are permitted"); - - getStackForThread().addFirst(context); - logger.debug("Pushed context " + context); - } - - protected LinkedList getStackForThread() { - if (contextHolder.get() == null) { - contextHolder.set(new LinkedList()); - } - return contextHolder.get(); - } - - public void clearStack() { - if (contextHolder.get() != null) { - contextHolder.set(null); - } - } - -} diff --git a/org.springframework.integration.security/src/main/java/org/springframework/integration/security/channel/ChannelAccessPolicy.java b/org.springframework.integration.security/src/main/java/org/springframework/integration/security/channel/ChannelAccessPolicy.java index 96c72f01cf..c67f7a5e45 100644 --- a/org.springframework.integration.security/src/main/java/org/springframework/integration/security/channel/ChannelAccessPolicy.java +++ b/org.springframework.integration.security/src/main/java/org/springframework/integration/security/channel/ChannelAccessPolicy.java @@ -23,6 +23,8 @@ import org.springframework.util.StringUtils; /** * Creates the {@link ConfigAttributeDefinition}s for secured channel * send and receive operations based on simple String values. + * + * @author Mark Fisher */ public class ChannelAccessPolicy { diff --git a/org.springframework.integration.security/src/main/java/org/springframework/integration/security/channel/SecurityContextPropagatingChannelInterceptor.java b/org.springframework.integration.security/src/main/java/org/springframework/integration/security/channel/SecurityContextPropagatingChannelInterceptor.java deleted file mode 100644 index e4699c574c..0000000000 --- a/org.springframework.integration.security/src/main/java/org/springframework/integration/security/channel/SecurityContextPropagatingChannelInterceptor.java +++ /dev/null @@ -1,56 +0,0 @@ -/* - * Copyright 2002-2008 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.integration.security.channel; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -import org.springframework.integration.channel.MessageChannel; -import org.springframework.integration.channel.interceptor.ChannelInterceptorAdapter; -import org.springframework.integration.message.Message; -import org.springframework.integration.security.SecurityContextUtils; -import org.springframework.security.context.SecurityContext; -import org.springframework.security.context.SecurityContextHolder; - -/** - * Propagates the {@link SecurityContext} associated with the current thread - * (if any) by adding it to the header of sent messages. - * - * @author Jonas Partner - */ -public class SecurityContextPropagatingChannelInterceptor extends ChannelInterceptorAdapter { - - private final Log logger = LogFactory.getLog(this.getClass()); - - - @Override - public Message preSend(Message message, MessageChannel channel) { - return this.createSecurityContextMessageIfPossible(message); - } - - protected Message createSecurityContextMessageIfPossible(Message message) { - SecurityContext securityContext = SecurityContextHolder.getContext(); - if (securityContext.getAuthentication() != null) { - message = SecurityContextUtils.setSecurityContextHeader(securityContext, message); - } - else if (logger.isInfoEnabled()) { - logger.info("No security context found"); - } - return message; - } - -} diff --git a/org.springframework.integration.security/src/main/java/org/springframework/integration/security/config/IncludeExcludePattern.java b/org.springframework.integration.security/src/main/java/org/springframework/integration/security/config/IncludeExcludePattern.java deleted file mode 100644 index 68f1cc4ea3..0000000000 --- a/org.springframework.integration.security/src/main/java/org/springframework/integration/security/config/IncludeExcludePattern.java +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Copyright 2002-2008 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.integration.security.config; - -/** - * - * @author Jonas Partner - * - */ -public class IncludeExcludePattern { - - private final boolean isIncludePattern; - - private final String pattern; - - public IncludeExcludePattern(boolean isIncludePattern, String pattern) { - this.isIncludePattern = isIncludePattern; - this.pattern = pattern; - } - - public IncludeExcludePattern(String pattern) { - this(true, pattern); - } - - public boolean isIncludePattern() { - return isIncludePattern; - } - - public String getPattern() { - return pattern; - } - -} diff --git a/org.springframework.integration.security/src/main/java/org/springframework/integration/security/config/IncludeExcludePatternParser.java b/org.springframework.integration.security/src/main/java/org/springframework/integration/security/config/IncludeExcludePatternParser.java deleted file mode 100644 index 9c9e017762..0000000000 --- a/org.springframework.integration.security/src/main/java/org/springframework/integration/security/config/IncludeExcludePatternParser.java +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Copyright 2002-2008 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.integration.security.config; - -import java.util.ArrayList; -import java.util.List; - -import org.w3c.dom.Element; -import org.w3c.dom.NodeList; - -public class IncludeExcludePatternParser { - - public OrderedIncludeExcludeList createFromNodeList(boolean includeByDefault, NodeList nodeList) { - List patterns = new ArrayList(); - for (int i = 0; i < nodeList.getLength(); i++) { - if (nodeList.item(i).getNodeName().equals("includePattern")) { - patterns.add(new IncludeExcludePattern(true, ((Element) nodeList.item(i)).getTextContent())); - } - else if (nodeList.item(i).getNodeName().equals("excludePattern")) { - patterns.add(new IncludeExcludePattern(false, ((Element) nodeList.item(i)).getTextContent())); - } - } - return new JdkRegExpOrderedIncludeExcludeList(includeByDefault, patterns); - } - -} diff --git a/org.springframework.integration.security/src/main/java/org/springframework/integration/security/config/IntegrationSecurityNamespaceHandler.java b/org.springframework.integration.security/src/main/java/org/springframework/integration/security/config/IntegrationSecurityNamespaceHandler.java index ed907802c6..1bada9ab22 100644 --- a/org.springframework.integration.security/src/main/java/org/springframework/integration/security/config/IntegrationSecurityNamespaceHandler.java +++ b/org.springframework.integration.security/src/main/java/org/springframework/integration/security/config/IntegrationSecurityNamespaceHandler.java @@ -17,8 +17,6 @@ package org.springframework.integration.security.config; import org.springframework.beans.factory.xml.NamespaceHandlerSupport; -import org.springframework.integration.security.StackBasedSecurityContextHolderStrategy; -import org.springframework.security.context.SecurityContextHolder; /** * Namespace handler for the security namespace. @@ -27,14 +25,8 @@ import org.springframework.security.context.SecurityContextHolder; */ public class IntegrationSecurityNamespaceHandler extends NamespaceHandlerSupport { - static { - SecurityContextHolder.setStrategyName(StackBasedSecurityContextHolderStrategy.class.getName()); - } - public void init() { registerBeanDefinitionParser("secured-channels", new SecuredChannelsParser()); - registerBeanDefinitionParser("security-propagating-channels", new SecurityPropagatingChannelsParser()); - registerBeanDefinitionParser("endpoint-security-policy", new SecurityEndpointInterceptorParser()); } } diff --git a/org.springframework.integration.security/src/main/java/org/springframework/integration/security/config/JdkRegExpOrderedIncludeExcludeList.java b/org.springframework.integration.security/src/main/java/org/springframework/integration/security/config/JdkRegExpOrderedIncludeExcludeList.java deleted file mode 100644 index 37276600f0..0000000000 --- a/org.springframework.integration.security/src/main/java/org/springframework/integration/security/config/JdkRegExpOrderedIncludeExcludeList.java +++ /dev/null @@ -1,67 +0,0 @@ -/* - * Copyright 2002-2008 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.integration.security.config; - -import java.util.ArrayList; -import java.util.Collections; -import java.util.List; -import java.util.regex.Pattern; - -public class JdkRegExpOrderedIncludeExcludeList implements OrderedIncludeExcludeList { - - private final boolean includeByDefault; - - private final List patternHolders; - - public JdkRegExpOrderedIncludeExcludeList(List patterns) { - this(true, patterns); - } - - public JdkRegExpOrderedIncludeExcludeList(boolean includeByDefault, List patterns) { - super(); - this.includeByDefault = includeByDefault; - List patternHolders = new ArrayList(); - for (int i = 0; i < patterns.size(); i++) { - patternHolders.add(new PatternHolder(Pattern.compile(patterns.get(i).getPattern()), patterns.get(i))); - } - this.patternHolders = Collections.unmodifiableList(patternHolders); - } - - public boolean isIncluded(String name) { - for (int i = 0; i < patternHolders.size(); i++) { - if (patternHolders.get(i).compiledPattern.matcher(name).matches()) { - return (patternHolders.get(i).includeExcludePattern.isIncludePattern()); - } - } - return includeByDefault; - } - - private static class PatternHolder { - - private final Pattern compiledPattern; - - private final IncludeExcludePattern includeExcludePattern; - - public PatternHolder(Pattern compiledPattern, IncludeExcludePattern includeExcludePattern) { - super(); - this.compiledPattern = compiledPattern; - this.includeExcludePattern = includeExcludePattern; - } - - } - -} diff --git a/org.springframework.integration.security/src/main/java/org/springframework/integration/security/config/OrderedIncludeExcludeList.java b/org.springframework.integration.security/src/main/java/org/springframework/integration/security/config/OrderedIncludeExcludeList.java deleted file mode 100644 index 1b24d9e794..0000000000 --- a/org.springframework.integration.security/src/main/java/org/springframework/integration/security/config/OrderedIncludeExcludeList.java +++ /dev/null @@ -1,29 +0,0 @@ -/* - * Copyright 2002-2008 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.integration.security.config; - - -/** - * - * @author Jonas Partner - * - */ -public interface OrderedIncludeExcludeList { - - public boolean isIncluded(String name); - -} diff --git a/org.springframework.integration.security/src/main/java/org/springframework/integration/security/config/SecurityEndpointInterceptorParser.java b/org.springframework.integration.security/src/main/java/org/springframework/integration/security/config/SecurityEndpointInterceptorParser.java deleted file mode 100644 index bb04e9b4b9..0000000000 --- a/org.springframework.integration.security/src/main/java/org/springframework/integration/security/config/SecurityEndpointInterceptorParser.java +++ /dev/null @@ -1,68 +0,0 @@ -/* - * Copyright 2002-2008 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.integration.security.config; - -import org.springframework.beans.BeanMetadataAttribute; -import org.springframework.beans.factory.config.RuntimeBeanReference; -import org.springframework.beans.factory.config.ConstructorArgumentValues.ValueHolder; -import org.springframework.beans.factory.support.BeanDefinitionBuilder; -import org.springframework.beans.factory.support.BeanDefinitionReaderUtils; -import org.springframework.beans.factory.xml.AbstractSingleBeanDefinitionParser; -import org.springframework.beans.factory.xml.ParserContext; -import org.springframework.integration.security.endpoint.SecurityEndpointInterceptor; -import org.springframework.security.ConfigAttributeDefinition; -import org.springframework.util.Assert; -import org.springframework.util.StringUtils; -import org.w3c.dom.Element; - -public class SecurityEndpointInterceptorParser extends AbstractSingleBeanDefinitionParser { - - public SecurityEndpointInterceptorParser() { - super(); - } - - @Override - protected boolean shouldGenerateId() { - return true; - } - - @Override - protected boolean shouldGenerateIdAsFallback() { - return true; - } - - protected void doParse(Element element, ParserContext parserContext, BeanDefinitionBuilder builder) { - String access = element.getAttribute("access"); - Assert.hasText(access, "Access attribute is required for element endpoint-security-policy"); - - String accessDecisionManager = element.getAttribute("access-decision-manager"); - Assert.hasText(accessDecisionManager, "A non null value for the access-decision-manager is required"); - - ConfigAttributeDefinition accessDefintion = new ConfigAttributeDefinition(StringUtils.tokenizeToStringArray( - access, ",")); - builder.getBeanDefinition().getConstructorArgumentValues().addGenericArgumentValue( - new ValueHolder(accessDefintion)); - builder.getBeanDefinition().getConstructorArgumentValues().addGenericArgumentValue( - new RuntimeBeanReference(accessDecisionManager)); - - builder.getBeanDefinition().setBeanClass(SecurityEndpointInterceptor.class); - String beanName = BeanDefinitionReaderUtils.registerWithGeneratedName(builder.getBeanDefinition(), - parserContext.getRegistry()); - builder.getBeanDefinition().addMetadataAttribute(new BeanMetadataAttribute("interceptorName", beanName)); - } - -} diff --git a/org.springframework.integration.security/src/main/java/org/springframework/integration/security/config/SecurityPropagatingBeanPostProcessor.java b/org.springframework.integration.security/src/main/java/org/springframework/integration/security/config/SecurityPropagatingBeanPostProcessor.java deleted file mode 100644 index 12a8eabfab..0000000000 --- a/org.springframework.integration.security/src/main/java/org/springframework/integration/security/config/SecurityPropagatingBeanPostProcessor.java +++ /dev/null @@ -1,74 +0,0 @@ -/* - * Copyright 2002-2008 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.integration.security.config; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.springframework.beans.BeansException; -import org.springframework.beans.factory.config.BeanPostProcessor; -import org.springframework.core.Ordered; -import org.springframework.integration.channel.AbstractMessageChannel; -import org.springframework.integration.security.channel.SecurityContextPropagatingChannelInterceptor; - -/** - * Post processes channels applying appropriate propagation behaviour. If - * default propagation is specified with a secure-channels tag, that will be - * applied in the absence of a secured tag for the channel. If the secured tag - * is specified, it will always determine propagation behaviour. - * - * @author Jonas Partner - */ -public class SecurityPropagatingBeanPostProcessor implements BeanPostProcessor, Ordered { - - protected static final String SECURITY_PROPAGATING_BEAN_POST_PROCESSOR_NAME = SecurityPropagatingBeanPostProcessor.class - .getName(); - - private final SecurityContextPropagatingChannelInterceptor interceptor = new SecurityContextPropagatingChannelInterceptor(); - - private final Log logger = LogFactory.getLog(this.getClass()); - - private final OrderedIncludeExcludeList includeExcludeList; - - public SecurityPropagatingBeanPostProcessor(OrderedIncludeExcludeList includeExcludeList) { - this.includeExcludeList = includeExcludeList; - } - - public int getOrder() { - return 0; - } - - public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException { - return bean; - } - - public Object postProcessAfterInitialization(Object bean, String beanName) throws BeansException { - if (AbstractMessageChannel.class.isAssignableFrom(bean.getClass())) { - AbstractMessageChannel channel = (AbstractMessageChannel) bean; - if (includeExcludeList.isIncluded(beanName)) { - channel.addInterceptor(this.interceptor); - if (logger.isDebugEnabled()) { - logger.debug("Channel '" + beanName + "' will propagate a SecurityContext."); - } - } - else if (logger.isDebugEnabled()) { - logger.debug("Channel '" + beanName + "' is not configured to propagate a SecurityContext."); - } - } - return bean; - } - -} diff --git a/org.springframework.integration.security/src/main/java/org/springframework/integration/security/config/SecurityPropagatingChannelsParser.java b/org.springframework.integration.security/src/main/java/org/springframework/integration/security/config/SecurityPropagatingChannelsParser.java deleted file mode 100644 index 8c37fc7420..0000000000 --- a/org.springframework.integration.security/src/main/java/org/springframework/integration/security/config/SecurityPropagatingChannelsParser.java +++ /dev/null @@ -1,55 +0,0 @@ -/* - * Copyright 2002-2008 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.integration.security.config; - -import org.springframework.beans.factory.BeanDefinitionStoreException; -import org.springframework.beans.factory.config.ConstructorArgumentValues.ValueHolder; -import org.springframework.beans.factory.support.AbstractBeanDefinition; -import org.springframework.beans.factory.support.BeanDefinitionBuilder; -import org.springframework.beans.factory.xml.AbstractSingleBeanDefinitionParser; -import org.springframework.beans.factory.xml.ParserContext; -import org.springframework.security.context.SecurityContext; -import org.w3c.dom.Element; - -/** - * Interprets the <secure-channels> element which controls default - * {@link SecurityContext} propagation behaviour. - * - * @author Jonas Partner - */ -public class SecurityPropagatingChannelsParser extends AbstractSingleBeanDefinitionParser { - - IncludeExcludePatternParser includeExcludePatternParser = new IncludeExcludePatternParser(); - - @Override - protected void doParse(Element element, ParserContext parserContext, BeanDefinitionBuilder builder) { - boolean propagateByDefault = Boolean.parseBoolean(element.getAttribute("propagate-by-default")); - OrderedIncludeExcludeList includeExcludeList = includeExcludePatternParser.createFromNodeList( - propagateByDefault, element.getChildNodes()); - builder.getBeanDefinition().setBeanClass(SecurityPropagatingBeanPostProcessor.class); - builder.getBeanDefinition().getConstructorArgumentValues().addGenericArgumentValue( - new ValueHolder(includeExcludeList)); - - } - - @Override - protected String resolveId(Element element, AbstractBeanDefinition definition, ParserContext parserContext) - throws BeanDefinitionStoreException { - return "internal.integration.SecureChannels"; - } - -} diff --git a/org.springframework.integration.security/src/main/java/org/springframework/integration/security/config/spring-integration-security-1.0.xsd b/org.springframework.integration.security/src/main/java/org/springframework/integration/security/config/spring-integration-security-1.0.xsd index 3fe6054ec9..16a80cba1f 100644 --- a/org.springframework.integration.security/src/main/java/org/springframework/integration/security/config/spring-integration-security-1.0.xsd +++ b/org.springframework.integration.security/src/main/java/org/springframework/integration/security/config/spring-integration-security-1.0.xsd @@ -35,41 +35,4 @@ - - - - - Defines security requirements for one or more Message Endpoints. - - - - - - - - - - - - - Defines a bean post processor which propagates the - security context by registering interceptors with channels. - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/org.springframework.integration.security/src/main/java/org/springframework/integration/security/endpoint/SecurityEndpointInterceptor.java b/org.springframework.integration.security/src/main/java/org/springframework/integration/security/endpoint/SecurityEndpointInterceptor.java deleted file mode 100644 index d047fd4aa5..0000000000 --- a/org.springframework.integration.security/src/main/java/org/springframework/integration/security/endpoint/SecurityEndpointInterceptor.java +++ /dev/null @@ -1,67 +0,0 @@ -/* - * Copyright 2002-2008 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.integration.security.endpoint; - -import org.springframework.integration.endpoint.interceptor.EndpointInterceptorAdapter; -import org.springframework.integration.message.Message; -import org.springframework.integration.security.SecurityContextUtils; -import org.springframework.security.AccessDecisionManager; -import org.springframework.security.ConfigAttributeDefinition; -import org.springframework.security.context.SecurityContext; -import org.springframework.security.context.SecurityContextHolder; - -/** - * @author Jonas Partner - */ -public class SecurityEndpointInterceptor extends EndpointInterceptorAdapter { - - private final ConfigAttributeDefinition targetSecurityAttributes; - - private final AccessDecisionManager accessDecisionManager; - - public SecurityEndpointInterceptor(ConfigAttributeDefinition endpointSecurityAttributes, - AccessDecisionManager accessDecisionManager) { - super(); - this.targetSecurityAttributes = endpointSecurityAttributes; - this.accessDecisionManager = accessDecisionManager; - } - - @Override - public Message preHandle(Message message) { - SecurityContext securityContext = null; - if (message != null) { - securityContext = SecurityContextUtils.getSecurityContextFromHeader(message); - } - if (securityContext != null) { - try { - SecurityContextHolder.setContext(securityContext); - this.accessDecisionManager.decide(SecurityContextHolder.getContext().getAuthentication(), - message, this.targetSecurityAttributes); - return message; - } - finally { - SecurityContextHolder.clearContext(); - } - } - else { - this.accessDecisionManager.decide(SecurityContextHolder.getContext().getAuthentication(), - message, this.targetSecurityAttributes); - return message; - } - } - -} diff --git a/org.springframework.integration.security/src/test/java/org/springframework/integration/security/ChannelInterceptorRegisteringBeanPostProcessorTests.java b/org.springframework.integration.security/src/test/java/org/springframework/integration/security/ChannelInterceptorRegisteringBeanPostProcessorTests.java deleted file mode 100644 index f6cdedbd57..0000000000 --- a/org.springframework.integration.security/src/test/java/org/springframework/integration/security/ChannelInterceptorRegisteringBeanPostProcessorTests.java +++ /dev/null @@ -1,114 +0,0 @@ -/* - * Copyright 2002-2008 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.integration.security; - -import static org.junit.Assert.assertNotNull; - -import java.util.ArrayList; -import java.util.List; - -import org.easymock.EasyMock; -import org.junit.Before; -import org.junit.Test; - -import org.springframework.integration.channel.AbstractPollableChannel; -import org.springframework.integration.channel.ChannelInterceptor; -import org.springframework.integration.channel.MessageChannel; -import org.springframework.integration.channel.interceptor.ChannelInterceptorAdapter; -import org.springframework.integration.message.Message; -import org.springframework.integration.message.selector.MessageSelector; - -/** - * @author Jonas Partner - */ -public class ChannelInterceptorRegisteringBeanPostProcessorTests { - - public ArrayList matchAll; - - - @Before - public void setUp() { - matchAll = new ArrayList(); - matchAll.add(".*"); - } - - - @Test - public void testWithAbstractMessageChannel() { - ChannelInterceptorRegisteringBeanPostProcessor postprocessor = new ChannelInterceptorRegisteringBeanPostProcessor( - new TestInterceptor(), matchAll); - TestChannel channel = new TestChannel(); - postprocessor.postProcessAfterInitialization(channel, "shouldNotMatter"); - assertNotNull("No channel interceptor present after post processing", channel.channelInterceptor); - } - - @Test - public void testWithAbstractMessageChannelAndPatternThatDoes() { - ChannelInterceptorRegisteringBeanPostProcessor postprocessor = new ChannelInterceptorRegisteringBeanPostProcessor( - new TestInterceptor(), matchAll); - TestChannel channel = new TestChannel(); - postprocessor.postProcessAfterInitialization(channel, "shouldNotMatter"); - assertNotNull("No channel interceptor present after post processing", channel.channelInterceptor); - } - - @Test - public void testWithMockMessageChanne() { - MessageChannel channel = EasyMock.createStrictMock(MessageChannel.class); - EasyMock.replay(channel); - ChannelInterceptorRegisteringBeanPostProcessor postprocessor = new ChannelInterceptorRegisteringBeanPostProcessor( - new TestInterceptor(), matchAll); - postprocessor.postProcessAfterInitialization(channel, "shouldNotMatter"); - EasyMock.verify(channel); - } - - - private static class TestInterceptor extends ChannelInterceptorAdapter { - } - - - private static class TestChannel extends AbstractPollableChannel { - - ChannelInterceptor channelInterceptor; - - - @Override - public void addInterceptor(ChannelInterceptor interceptor) { - channelInterceptor = interceptor; - super.addInterceptor(interceptor); - } - - @Override - protected Message doReceive(long timeout) { - return null; - } - - @Override - protected boolean doSend(Message message, long timeout) { - return false; - } - - public List> clear() { - return null; - } - - public List> purge(MessageSelector selector) { - return null; - } - - } - -} diff --git a/org.springframework.integration.security/src/test/java/org/springframework/integration/security/channel/ChannelAdapterSecurityIntegrationTests-context.xml b/org.springframework.integration.security/src/test/java/org/springframework/integration/security/channel/ChannelAdapterSecurityIntegrationTests-context.xml index 1c09730902..c095938a9c 100644 --- a/org.springframework.integration.security/src/test/java/org/springframework/integration/security/channel/ChannelAdapterSecurityIntegrationTests-context.xml +++ b/org.springframework.integration.security/src/test/java/org/springframework/integration/security/channel/ChannelAdapterSecurityIntegrationTests-context.xml @@ -24,7 +24,7 @@ - + diff --git a/org.springframework.integration.security/src/test/java/org/springframework/integration/security/channel/ChannelAdapterSecurityIntegrationTests.java b/org.springframework.integration.security/src/test/java/org/springframework/integration/security/channel/ChannelAdapterSecurityIntegrationTests.java index 00405f60db..9db5bf5f6f 100644 --- a/org.springframework.integration.security/src/test/java/org/springframework/integration/security/channel/ChannelAdapterSecurityIntegrationTests.java +++ b/org.springframework.integration.security/src/test/java/org/springframework/integration/security/channel/ChannelAdapterSecurityIntegrationTests.java @@ -26,7 +26,6 @@ import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.integration.channel.MessageChannel; import org.springframework.integration.message.StringMessage; import org.springframework.integration.security.SecurityTestUtil; -import org.springframework.integration.security.endpoint.TestConsumer; import org.springframework.security.AccessDeniedException; import org.springframework.security.AuthenticationException; import org.springframework.security.context.SecurityContext; diff --git a/org.springframework.integration.security/src/test/java/org/springframework/integration/security/channel/SecurityContextPropagatingChannelInterceptorTests.java b/org.springframework.integration.security/src/test/java/org/springframework/integration/security/channel/SecurityContextPropagatingChannelInterceptorTests.java deleted file mode 100644 index bfc54a7bdc..0000000000 --- a/org.springframework.integration.security/src/test/java/org/springframework/integration/security/channel/SecurityContextPropagatingChannelInterceptorTests.java +++ /dev/null @@ -1,128 +0,0 @@ -/* - * Copyright 2002-2008 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.integration.security.channel; - -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertTrue; - -import org.junit.After; -import org.junit.Before; -import org.junit.Test; -import org.springframework.integration.channel.QueueChannel; -import org.springframework.integration.message.Message; -import org.springframework.integration.message.MessageHeaders; -import org.springframework.integration.message.StringMessage; -import org.springframework.integration.security.SecurityContextUtils; -import org.springframework.security.Authentication; -import org.springframework.security.GrantedAuthority; -import org.springframework.security.context.SecurityContext; -import org.springframework.security.context.SecurityContextHolder; - -/** - * @author Jonas Partner - */ -public class SecurityContextPropagatingChannelInterceptorTests { - - private QueueChannel channel; - - private SecurityContextPropagatingChannelInterceptor securityPropogatingChannelInterceptor; - - private StubSecurityContext securityContext; - - @Before - public void setUp() { - this.channel = new QueueChannel(); - this.securityPropogatingChannelInterceptor = new SecurityContextPropagatingChannelInterceptor(); - this.channel.addInterceptor(securityPropogatingChannelInterceptor); - this.securityContext = new StubSecurityContext(); - } - - @After - public void tearDown() { - SecurityContextHolder.clearContext(); - } - - @Test - public void testPropogationWhenSecurityContextExists() { - this.associateContextWithThread(); - Message message = new StringMessage("test"); - this.channel.send(message); - message = channel.receive(0); - MessageHeaders headers = message.getHeaders(); - assertTrue("No security context attribute found in header.", - headers.keySet().contains(SecurityContextUtils.SECURITY_CONTEXT_HEADER_ATTRIBUTE)); - SecurityContext contextFromHeader = SecurityContextUtils.getSecurityContextFromHeader(message); - assertEquals("Incorrect security context in message header.", securityContext, contextFromHeader); - } - - @Test - public void testHeaderNotSetWhenNoSecurityContextExists() { - Message message = new StringMessage("test"); - channel.send(message); - message = channel.receive(0); - MessageHeaders headers = message.getHeaders(); - assertFalse("Security context header found when no security context existed.", - headers.keySet().contains(SecurityContextUtils.SECURITY_CONTEXT_HEADER_ATTRIBUTE)); - } - - private void associateContextWithThread() { - SecurityContextHolder.setContext(securityContext); - } - - @SuppressWarnings("serial") - private static class StubSecurityContext implements SecurityContext { - - private Authentication authentication = new Authentication() { - - public GrantedAuthority[] getAuthorities() { - return null; - } - - public Object getCredentials() { - return null; - } - - public Object getDetails() { - return null; - } - - public Object getPrincipal() { - return null; - } - - public boolean isAuthenticated() { - return false; - } - - public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException { - } - - public String getName() { - return null; - } - }; - - public Authentication getAuthentication() { - return authentication; - } - - public void setAuthentication(Authentication authentication) { - } - } - -} diff --git a/org.springframework.integration.security/src/test/java/org/springframework/integration/security/endpoint/TestConsumer.java b/org.springframework.integration.security/src/test/java/org/springframework/integration/security/channel/TestConsumer.java similarity index 91% rename from org.springframework.integration.security/src/test/java/org/springframework/integration/security/endpoint/TestConsumer.java rename to org.springframework.integration.security/src/test/java/org/springframework/integration/security/channel/TestConsumer.java index 17286a3e91..774be4dffc 100644 --- a/org.springframework.integration.security/src/test/java/org/springframework/integration/security/endpoint/TestConsumer.java +++ b/org.springframework.integration.security/src/test/java/org/springframework/integration/security/channel/TestConsumer.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package org.springframework.integration.security.endpoint; +package org.springframework.integration.security.channel; import java.util.ArrayList; import java.util.List; @@ -22,6 +22,9 @@ import java.util.List; import org.springframework.integration.message.Message; import org.springframework.integration.message.MessageConsumer; +/** + * @author Mark Fisher + */ public class TestConsumer implements MessageConsumer { public List> sentMessages = new ArrayList>(); diff --git a/org.springframework.integration.security/src/test/java/org/springframework/integration/security/config/IncludeExcludePatternParserTests.java b/org.springframework.integration.security/src/test/java/org/springframework/integration/security/config/IncludeExcludePatternParserTests.java deleted file mode 100644 index b185ccc073..0000000000 --- a/org.springframework.integration.security/src/test/java/org/springframework/integration/security/config/IncludeExcludePatternParserTests.java +++ /dev/null @@ -1,68 +0,0 @@ -/* - * Copyright 2002-2008 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.springframework.integration.security.config; - -import static org.junit.Assert.*; - -import java.io.StringReader; - -import javax.xml.parsers.DocumentBuilderFactory; - -import org.junit.Before; -import org.junit.Test; -import org.w3c.dom.Document; -import org.w3c.dom.NodeList; -import org.xml.sax.InputSource; - -public class IncludeExcludePatternParserTests { - - IncludeExcludePatternParser patternParser; - - @Before - public void setUp() { - patternParser = new IncludeExcludePatternParser(); - } - - @Test - public void testSimpleIncludeWithIncludeByDefaultFalse() throws Exception { - NodeList nodeList = getNodeList("includeMe.*"); - OrderedIncludeExcludeList matcher = patternParser.createFromNodeList(false, nodeList); - assertTrue("Did not match expected entry includeMe", matcher.isIncluded("includeMe")); - assertFalse("Matched unexpected entry notMe", matcher.isIncluded("notMe")); - } - - @Test - public void testIncludeByDefaultTrue() throws Exception { - NodeList nodeList = getNodeList(""); - OrderedIncludeExcludeList matcher = patternParser.createFromNodeList(true, nodeList); - assertTrue("Did not match expected entry includeMe", matcher.isIncluded("anything")); - } - - @Test - public void testIncludeByDefaultTrueButExcluded() throws Exception { - NodeList nodeList = getNodeList("ex.*exShouldNotMatter"); - OrderedIncludeExcludeList matcher = patternParser.createFromNodeList(true, nodeList); - assertFalse("Matched unexpected entry exNotMe", matcher.isIncluded("exNotMe")); - assertFalse("Matched unexpected entry exShouldNotMatter", matcher.isIncluded("exShouldNotMatter")); - } - - public NodeList getNodeList(String xmlString) throws Exception { - StringReader reader = new StringReader(xmlString); - Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(new InputSource(reader)); - return doc.getDocumentElement().getChildNodes(); - } - -} diff --git a/org.springframework.integration.security/src/test/java/org/springframework/integration/security/config/JdkRegExpOrderedIncludeExcludeListTests.java b/org.springframework.integration.security/src/test/java/org/springframework/integration/security/config/JdkRegExpOrderedIncludeExcludeListTests.java deleted file mode 100644 index 1007fbfff6..0000000000 --- a/org.springframework.integration.security/src/test/java/org/springframework/integration/security/config/JdkRegExpOrderedIncludeExcludeListTests.java +++ /dev/null @@ -1,73 +0,0 @@ -/* - * Copyright 2002-2008 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.springframework.integration.security.config; - -import static org.junit.Assert.*; - -import java.util.ArrayList; -import java.util.List; - -import org.junit.Test; - -/** - * - * @author Jonas Partner - * - */ -public class JdkRegExpOrderedIncludeExcludeListTests { - - @Test - public void testSimpleInclusionIncludeByDefaultFalse() { - List patterns = createIncludeExcludeList(new boolean[] { true }, new String[] { ".*" }); - JdkRegExpOrderedIncludeExcludeList matcher = new JdkRegExpOrderedIncludeExcludeList(false, patterns); - assertTrue("Did not match expected name", matcher.isIncluded("anyoldthing")); - - } - - @Test - public void testNoPatternsIncludeByDefaultTrue() { - List patterns = createIncludeExcludeList(new boolean[] {}, new String[] {}); - JdkRegExpOrderedIncludeExcludeList matcher = new JdkRegExpOrderedIncludeExcludeList(true, patterns); - assertTrue("Did not match expected name", matcher.isIncluded("anyoldthing")); - } - - @Test - public void testNoPatternsIncludeByDefaultFalse() { - List patterns = createIncludeExcludeList(new boolean[] {}, new String[] {}); - JdkRegExpOrderedIncludeExcludeList matcher = new JdkRegExpOrderedIncludeExcludeList(false, patterns); - assertFalse("Unexpected match when match by default false and no patterns", matcher.isIncluded("anyoldthing")); - } - - @Test - public void testExcludeThenIncludeWithIncludeByDefaultFalse() { - List patterns = createIncludeExcludeList(new boolean[] { false, true }, new String[] { - "admin.*", ".*" }); - JdkRegExpOrderedIncludeExcludeList matcher = new JdkRegExpOrderedIncludeExcludeList(false, patterns); - assertFalse("Unexpected match when match by default false and should have been excluded", matcher - .isIncluded("adminChannel")); - } - - List createIncludeExcludeList(boolean[] includeExclude, String[] patterns) { - assertEquals("flag and patterns arrays must be same length", includeExclude.length, patterns.length); - - List includeExcludePatterns = new ArrayList(patterns.length); - for (int i = 0; i < includeExclude.length; i++) { - includeExcludePatterns.add(new IncludeExcludePattern(includeExclude[i], patterns[i])); - } - return includeExcludePatterns; - } - -} diff --git a/org.springframework.integration.security/src/test/java/org/springframework/integration/security/config/SecurityPropagatingChannelsParserTests-noPropagationByDefaultContext.xml b/org.springframework.integration.security/src/test/java/org/springframework/integration/security/config/SecurityPropagatingChannelsParserTests-noPropagationByDefaultContext.xml deleted file mode 100644 index 8f9a76c320..0000000000 --- a/org.springframework.integration.security/src/test/java/org/springframework/integration/security/config/SecurityPropagatingChannelsParserTests-noPropagationByDefaultContext.xml +++ /dev/null @@ -1,31 +0,0 @@ - - - - - - - adminSpecial - - - admin.* - - - - - \ No newline at end of file diff --git a/org.springframework.integration.security/src/test/java/org/springframework/integration/security/config/SecurityPropagatingChannelsParserTests-propagateByDefaultContext.xml b/org.springframework.integration.security/src/test/java/org/springframework/integration/security/config/SecurityPropagatingChannelsParserTests-propagateByDefaultContext.xml deleted file mode 100644 index bd08059f8e..0000000000 --- a/org.springframework.integration.security/src/test/java/org/springframework/integration/security/config/SecurityPropagatingChannelsParserTests-propagateByDefaultContext.xml +++ /dev/null @@ -1,21 +0,0 @@ - - - - - - \ No newline at end of file diff --git a/org.springframework.integration.security/src/test/java/org/springframework/integration/security/config/SecurityPropagatingChannelsParserTests.java b/org.springframework.integration.security/src/test/java/org/springframework/integration/security/config/SecurityPropagatingChannelsParserTests.java deleted file mode 100644 index c415cbc8c3..0000000000 --- a/org.springframework.integration.security/src/test/java/org/springframework/integration/security/config/SecurityPropagatingChannelsParserTests.java +++ /dev/null @@ -1,98 +0,0 @@ -/* - * Copyright 2002-2008 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.integration.security.config; - -import static org.junit.Assert.*; - -import org.junit.After; -import org.junit.Test; - -import org.springframework.beans.factory.config.AutowireCapableBeanFactory; -import org.springframework.context.support.ClassPathXmlApplicationContext; -import org.springframework.integration.channel.PollableChannel; -import org.springframework.integration.channel.QueueChannel; -import org.springframework.integration.message.StringMessage; -import org.springframework.security.context.SecurityContext; -import org.springframework.security.context.SecurityContextHolder; -import org.springframework.security.context.SecurityContextImpl; -import org.springframework.security.providers.UsernamePasswordAuthenticationToken; - -/** - * @author Jonas Partner - */ -public class SecurityPropagatingChannelsParserTests { - - private ClassPathXmlApplicationContext applicationContext; - - @After - public void tearDown() { - if (applicationContext != null) { - applicationContext.close(); - } - SecurityContextHolder.clearContext(); - } - - @Test - public void testPropagationByDefault() { - loadApplicationContext(this.getClass().getSimpleName() + "-propagateByDefaultContext.xml"); - QueueChannel channel = new QueueChannel(); - applicationContext.getAutowireCapableBeanFactory().applyBeanPostProcessorsAfterInitialization(channel, - "Does not matter"); - assertTrue("security context did not propagate by setting message bus level default", - channelPropagatesSecurityContext(channel)); - } - - // @Test - // public void testNoPropagationOnExcludedChannel() { - // loadApplicationContext(this.getClass().getSimpleName() + - // "-propagateByDefaultContext.xml"); - // assertFalse("security context propagated when channel was explicitly - // excluded", - // channelPropagatesSecurityContext(excludedFromPropagation)); - // } - // - @Test - public void testNoPropagationWithExcludedChannel() { - loadApplicationContext(this.getClass().getSimpleName() + "-noPropagationByDefaultContext.xml"); - QueueChannel channel = new QueueChannel(); - applicationContext.getAutowireCapableBeanFactory().applyBeanPostProcessorsAfterInitialization(channel, - "adminSpecial"); - assertFalse("security context propagated when channel excluded", channelPropagatesSecurityContext(channel)); - } - - private boolean channelPropagatesSecurityContext(PollableChannel channel) { - login("bob", "bobspassword"); - channel.send(new StringMessage("testMessage")); - SecurityContext context = (SecurityContext) channel.receive(-1).getHeaders().get( - "SPRING_SECURITY_CONTEXT"); - return context != null; - } - - private void login(String username, String password) { - UsernamePasswordAuthenticationToken authToken = new UsernamePasswordAuthenticationToken(username, password); - SecurityContext context = new SecurityContextImpl(); - context.setAuthentication(authToken); - SecurityContextHolder.setContext(context); - } - - private void loadApplicationContext(String resource) { - this.applicationContext = new ClassPathXmlApplicationContext(resource, this.getClass()); - AutowireCapableBeanFactory beanFactory = this.applicationContext.getAutowireCapableBeanFactory(); - beanFactory.autowireBean(this); - } - -} diff --git a/org.springframework.integration.security/src/test/java/org/springframework/integration/security/endpoint/EndpointSecurityIntegrationTests-context.xml b/org.springframework.integration.security/src/test/java/org/springframework/integration/security/endpoint/EndpointSecurityIntegrationTests-context.xml deleted file mode 100644 index 98af93194c..0000000000 --- a/org.springframework.integration.security/src/test/java/org/springframework/integration/security/endpoint/EndpointSecurityIntegrationTests-context.xml +++ /dev/null @@ -1,61 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/org.springframework.integration.security/src/test/java/org/springframework/integration/security/endpoint/EndpointSecurityIntegrationTests.java b/org.springframework.integration.security/src/test/java/org/springframework/integration/security/endpoint/EndpointSecurityIntegrationTests.java deleted file mode 100644 index 6d288a1ba2..0000000000 --- a/org.springframework.integration.security/src/test/java/org/springframework/integration/security/endpoint/EndpointSecurityIntegrationTests.java +++ /dev/null @@ -1,87 +0,0 @@ -/* - * Copyright 2002-2008 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.integration.security.endpoint; - -import static org.junit.Assert.assertEquals; - -import org.junit.After; -import org.junit.Test; - -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.beans.factory.annotation.Qualifier; -import org.springframework.integration.channel.MessageChannel; -import org.springframework.integration.message.MessagingException; -import org.springframework.integration.message.StringMessage; -import org.springframework.integration.security.SecurityTestUtil; -import org.springframework.security.AccessDeniedException; -import org.springframework.security.context.SecurityContext; -import org.springframework.security.context.SecurityContextHolder; -import org.springframework.test.annotation.DirtiesContext; -import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.junit4.AbstractJUnit4SpringContextTests; - -/** - * @author Jonas Partner - * @author Mark Fisher - */ -@ContextConfiguration -public class EndpointSecurityIntegrationTests extends AbstractJUnit4SpringContextTests { - - @Autowired - @Qualifier("input") - MessageChannel input; - - @Autowired - TestHandler testHandler; - - @Autowired - TestConsumer testConsumer; - - - @After - public void tearDown() { - SecurityContextHolder.clearContext(); - } - - @Test - @DirtiesContext - public void testWithPermision() { - login("bob", "bobspassword", "ROLE_ADMIN"); - input.send(new StringMessage("test")); - assertEquals("Wrong size of message list in handler", 1, testHandler.sentMessages.size()); - assertEquals("Wrong size of message list in consumer", 1, testConsumer.sentMessages.size()); - } - - @Test(expected = AccessDeniedException.class) - @DirtiesContext - public void testWithoutPermision() throws Throwable { - login("bob", "bobspassword", "ROLE_USER"); - try { - input.send(new StringMessage("test")); - } - catch (MessagingException e) { - throw e.getCause(); - } - } - - - private void login(String username, String password, String... roles) { - SecurityContext context = SecurityTestUtil.createContext(username, password, roles); - SecurityContextHolder.setContext(context); - } - -} diff --git a/org.springframework.integration.security/src/test/java/org/springframework/integration/security/endpoint/SecurityEndpointInterceptorTests.java b/org.springframework.integration.security/src/test/java/org/springframework/integration/security/endpoint/SecurityEndpointInterceptorTests.java deleted file mode 100644 index 7a0e0c37ef..0000000000 --- a/org.springframework.integration.security/src/test/java/org/springframework/integration/security/endpoint/SecurityEndpointInterceptorTests.java +++ /dev/null @@ -1,137 +0,0 @@ -/* - * Copyright 2002-2008 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.integration.security.endpoint; - -import static org.easymock.EasyMock.createMock; -import static org.easymock.EasyMock.expectLastCall; -import static org.easymock.EasyMock.replay; -import static org.easymock.EasyMock.verify; -import static org.junit.Assert.assertNull; - -import org.junit.Test; - -import org.springframework.integration.message.Message; -import org.springframework.integration.message.StringMessage; -import org.springframework.integration.security.SecurityContextUtils; -import org.springframework.integration.security.SecurityTestUtil; -import org.springframework.security.AccessDecisionManager; -import org.springframework.security.AccessDeniedException; -import org.springframework.security.ConfigAttributeDefinition; -import org.springframework.security.context.SecurityContext; -import org.springframework.security.context.SecurityContextHolder; - -/** - * @author Jonas Partner - * @author Mark Fisher - */ -public class SecurityEndpointInterceptorTests { - - @Test(expected = AccessDeniedException.class) - public void testUnauthenticatedAccessToSecuredEndpointWithNullMessage() throws Throwable { - try { - Message message = null; - ConfigAttributeDefinition attDefintion = new ConfigAttributeDefinition("ROLE_ADMIN"); - AccessDecisionManager adm = createMock(AccessDecisionManager.class); - adm.decide(null, message, attDefintion); - expectLastCall().andThrow(new AccessDeniedException("nope")); - replay(adm); - - SecurityEndpointInterceptor interceptor = new SecurityEndpointInterceptor(attDefintion, adm); - interceptor.preHandle(message); - verify(adm); - } - finally { - assertNull("Authentication was not null after invocation threw AccessDeniedException", - SecurityContextHolder.getContext().getAuthentication()); - } - } - - @Test(expected = AccessDeniedException.class) - public void testUnauthenticatedAccessToSecuredEndpointWithNoSecurityContext() throws Throwable { - try { - Message message = this.createMessageWithoutContext(); - ConfigAttributeDefinition attDefintion = new ConfigAttributeDefinition("ROLE_ADMIN"); - AccessDecisionManager adm = createMock(AccessDecisionManager.class); - adm.decide(null, message, attDefintion); - expectLastCall().andThrow(new AccessDeniedException("nope")); - replay(adm); - - SecurityEndpointInterceptor interceptor = new SecurityEndpointInterceptor(attDefintion, adm); - interceptor.preHandle(message); - verify(adm); - } - finally { - assertNull("Authentication was not null after invocation threw AccessDeniedException", - SecurityContextHolder.getContext().getAuthentication()); - } - } - - @Test(expected = AccessDeniedException.class) - public void testUnauthenticatedAccessToSecuredEndpointWithSecurityContext() throws Throwable { - try { - SecurityContext context = SecurityTestUtil.createContext("bob", "bobspassword", - new String[] { "ROLE_ADMIN" }); - ConfigAttributeDefinition attDefintion = new ConfigAttributeDefinition("ROLE_ADMIN"); - Message message = this.createMessageWithContext(context); - - AccessDecisionManager adm = createMock(AccessDecisionManager.class); - adm.decide(context.getAuthentication(), message, attDefintion); - expectLastCall().andThrow(new AccessDeniedException("nope")); - replay(adm); - - SecurityEndpointInterceptor interceptor = new SecurityEndpointInterceptor(attDefintion, adm); - interceptor.preHandle(message); - verify(adm); - } - finally { - assertNull("Authentication was not null after successful invocation", SecurityContextHolder.getContext() - .getAuthentication()); - } - } - - @Test - public void testAuthenticatedAccessToSecuredEndpoint() throws Throwable { - try { - SecurityContext context = SecurityTestUtil.createContext("bob", "bobspassword", - new String[] { "ROLE_ADMIN" }); - ConfigAttributeDefinition attDefintion = new ConfigAttributeDefinition("ROLE_ADMIN"); - Message message = this.createMessageWithContext(context); - AccessDecisionManager adm = createMock(AccessDecisionManager.class); - adm.decide(context.getAuthentication(), message, attDefintion); - expectLastCall(); - replay(adm); - - SecurityEndpointInterceptor interceptor = new SecurityEndpointInterceptor(attDefintion, adm); - interceptor.preHandle(message); - verify(adm); - } - finally { - assertNull("Authentication was not null after successful invocation", SecurityContextHolder.getContext() - .getAuthentication()); - } - } - - public Message createMessageWithContext(SecurityContext securityContext) { - Message message = new StringMessage("test"); - return SecurityContextUtils.setSecurityContextHeader(securityContext, message); - } - - public Message createMessageWithoutContext() { - return new StringMessage("test"); - } - -} diff --git a/org.springframework.integration.security/src/test/java/org/springframework/integration/security/endpoint/TestHandler.java b/org.springframework.integration.security/src/test/java/org/springframework/integration/security/endpoint/TestHandler.java deleted file mode 100644 index 5a239bdcec..0000000000 --- a/org.springframework.integration.security/src/test/java/org/springframework/integration/security/endpoint/TestHandler.java +++ /dev/null @@ -1,36 +0,0 @@ -/* - * Copyright 2002-2008 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.integration.security.endpoint; - -import java.util.ArrayList; -import java.util.List; - -import org.springframework.integration.message.Message; - -/** - * @author Mark Fisher - */ -public class TestHandler { - - public List> sentMessages = new ArrayList>(); - - public Message handle(Message message) { - sentMessages.add(message); - return message; - } - -}