INT-1115 upgraded si-security module to use Spring Security 3.0.2

This commit is contained in:
Oleg Zhurakousky
2010-07-20 21:12:01 +00:00
parent 8c2b9184a5
commit aed4b3bc26
13 changed files with 171 additions and 98 deletions

View File

@@ -15,8 +15,14 @@
<arguments>
</arguments>
</buildCommand>
<buildCommand>
<name>org.springframework.ide.eclipse.core.springbuilder</name>
<arguments>
</arguments>
</buildCommand>
</buildSpec>
<natures>
<nature>org.springframework.ide.eclipse.core.springnature</nature>
<nature>org.maven.ide.eclipse.maven2Nature</nature>
<nature>org.eclipse.jdt.core.javanature</nature>
</natures>

View File

@@ -28,7 +28,18 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>${org.springframework.security.version}</version>
<version>3.0.2.RELEASE</version>
<exclusions>
<exclusion>
<groupId>org.springframework</groupId>
<artifactId>spring-support</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>3.0.2.RELEASE</version>
<exclusions>
<exclusion>
<groupId>org.springframework</groupId>

View File

@@ -16,7 +16,8 @@
package org.springframework.integration.security.channel;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
@@ -25,12 +26,13 @@ import org.springframework.util.StringUtils;
* send and receive operations based on simple String values.
*
* @author Mark Fisher
* @author Oleg Zhurakousky
*/
public class ChannelAccessPolicy {
private final ConfigAttributeDefinition configAttributeDefinitionForSend;
private final ConfigAttribute configAttributeDefinitionForSend;
private final ConfigAttributeDefinition configAttributeDefinitionForReceive;
private final ConfigAttribute configAttributeDefinitionForReceive;
/**
@@ -42,22 +44,18 @@ public class ChannelAccessPolicy {
public ChannelAccessPolicy(String sendAccess, String receiveAccess) {
Assert.isTrue(sendAccess != null || receiveAccess != null,
"At least one of 'sendAccess' and 'receiveAccess' must not be null.");
String[] sendValues = StringUtils.trimArrayElements(
StringUtils.commaDelimitedListToStringArray(sendAccess));
String[] receiveValues = StringUtils.trimArrayElements(
StringUtils.commaDelimitedListToStringArray(receiveAccess));
this.configAttributeDefinitionForSend = (sendValues.length > 0)
? new ConfigAttributeDefinition(sendValues) : null;
this.configAttributeDefinitionForReceive = (receiveValues.length > 0)
? new ConfigAttributeDefinition(receiveValues) : null;
this.configAttributeDefinitionForSend = (StringUtils.hasText(sendAccess))
? new SecurityConfig(sendAccess) : null;
this.configAttributeDefinitionForReceive = (StringUtils.hasText(receiveAccess))
? new SecurityConfig(receiveAccess) : null;
}
public ConfigAttributeDefinition getConfigAttributeDefinitionForSend() {
public ConfigAttribute getConfigAttributeDefinitionForSend() {
return this.configAttributeDefinitionForSend;
}
public ConfigAttributeDefinition getConfigAttributeDefinitionForReceive() {
public ConfigAttribute getConfigAttributeDefinitionForReceive() {
return this.configAttributeDefinitionForReceive;
}

View File

@@ -27,17 +27,17 @@ import java.util.regex.Pattern;
import org.springframework.integration.context.NamedComponent;
import org.springframework.integration.core.MessageChannel;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.intercept.ObjectDefinitionSource;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityMetadataSource;
import org.springframework.util.Assert;
/**
* The {@link ObjectDefinitionSource} implementation for secured {@link MessageChannel}s.
*
* @author Mark Fisher
* @author Oleg Zhurakousky
*/
public class ChannelInvocationDefinitionSource implements ObjectDefinitionSource {
public class ChannelInvocationDefinitionSource implements SecurityMetadataSource {
private final Map<Pattern, ChannelAccessPolicy> patternMappings;
@@ -60,13 +60,7 @@ public class ChannelInvocationDefinitionSource implements ObjectDefinitionSource
return this.patternMappings.keySet();
}
@SuppressWarnings("unchecked")
public boolean supports(Class clazz) {
return ChannelInvocation.class.isAssignableFrom(clazz);
}
@SuppressWarnings("unchecked")
public ConfigAttributeDefinition getAttributes(Object object) throws IllegalArgumentException {
public Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException {
Assert.isAssignable(ChannelInvocation.class, object.getClass());
ChannelInvocation invocation = (ChannelInvocation) object;
MessageChannel channel = invocation.getChannel();
@@ -78,35 +72,40 @@ public class ChannelInvocationDefinitionSource implements ObjectDefinitionSource
ChannelAccessPolicy accessPolicy = mapping.getValue();
if (pattern.matcher(channelName).matches()) {
if (invocation.isSend()) {
ConfigAttributeDefinition definition = accessPolicy.getConfigAttributeDefinitionForSend();
ConfigAttribute definition = accessPolicy.getConfigAttributeDefinitionForSend();
if (definition != null) {
attributes.addAll(definition.getConfigAttributes());
attributes.add(definition);
}
}
else if (invocation.isReceive()) {
ConfigAttributeDefinition definition = accessPolicy.getConfigAttributeDefinitionForReceive();
ConfigAttribute definition = accessPolicy.getConfigAttributeDefinitionForReceive();
if (definition != null) {
attributes.addAll(definition.getConfigAttributes());
attributes.add(definition);
}
}
}
}
return new ConfigAttributeDefinition(attributes);
return attributes;
}
public Collection<?> getConfigAttributeDefinitions() {
Set<ConfigAttributeDefinition> definitions = new HashSet<ConfigAttributeDefinition>();
for (ChannelAccessPolicy accessPolicy : this.patternMappings.values()) {
ConfigAttributeDefinition sendDefinition = accessPolicy.getConfigAttributeDefinitionForSend();
if (sendDefinition != null) {
definitions.add(sendDefinition);
}
ConfigAttributeDefinition receiveDefinition = accessPolicy.getConfigAttributeDefinitionForReceive();
if (receiveDefinition != null) {
definitions.add(receiveDefinition);
}
}
return definitions;
public Collection<ConfigAttribute> getAllConfigAttributes() {
Set<ConfigAttribute> allAttributes = new HashSet<ConfigAttribute>();
for (ChannelAccessPolicy policy : patternMappings.values()) {
ConfigAttribute attribute = policy.getConfigAttributeDefinitionForReceive();
if (attribute != null){
allAttributes.add(attribute);
}
attribute = policy.getConfigAttributeDefinitionForSend();
if (attribute != null){
allAttributes.add(attribute);
}
}
return allAttributes;
}
public boolean supports(Class<?> clazz) {
return ChannelInvocation.class.isAssignableFrom(clazz);
}
}

View File

@@ -20,16 +20,16 @@ import java.lang.reflect.Method;
import org.aopalliance.intercept.MethodInterceptor;
import org.aopalliance.intercept.MethodInvocation;
import org.springframework.security.intercept.AbstractSecurityInterceptor;
import org.springframework.security.intercept.InterceptorStatusToken;
import org.springframework.security.intercept.ObjectDefinitionSource;
import org.springframework.security.access.SecurityMetadataSource;
import org.springframework.security.access.intercept.AbstractSecurityInterceptor;
import org.springframework.security.access.intercept.InterceptorStatusToken;
import org.springframework.util.Assert;
/**
* An AOP interceptor that enforces authorization for MessageChannel send and/or receive calls.
*
* @author Mark Fisher
* @author Oleg Zhurakousky
*/
public class ChannelSecurityInterceptor extends AbstractSecurityInterceptor implements MethodInterceptor {
@@ -47,10 +47,6 @@ public class ChannelSecurityInterceptor extends AbstractSecurityInterceptor impl
return ChannelInvocation.class;
}
@Override
public ObjectDefinitionSource obtainObjectDefinitionSource() {
return this.objectDefinitionSource;
}
public Object invoke(MethodInvocation invocation) throws Throwable {
Method method = invocation.getMethod();
@@ -72,4 +68,10 @@ public class ChannelSecurityInterceptor extends AbstractSecurityInterceptor impl
return returnValue;
}
@Override
public SecurityMetadataSource obtainSecurityMetadataSource() {
return this.objectDefinitionSource;
}
}

View File

@@ -32,6 +32,7 @@ import org.springframework.util.Assert;
* A {@link BeanPostProcessor} that proxies {@link MessageChannel}s to apply a {@link ChannelSecurityInterceptor}.
*
* @author Mark Fisher
* @author Oleg Zhurakousky
*/
public class ChannelSecurityInterceptorBeanPostProcessor implements BeanPostProcessor {
@@ -50,7 +51,7 @@ public class ChannelSecurityInterceptorBeanPostProcessor implements BeanPostProc
public Object postProcessAfterInitialization(Object bean, String beanName) throws BeansException {
if (bean instanceof MessageChannel && shouldProxy(beanName, (MessageChannel) bean,
(ChannelInvocationDefinitionSource) this.interceptor.obtainObjectDefinitionSource())) {
(ChannelInvocationDefinitionSource) this.interceptor.obtainSecurityMetadataSource())) {
ProxyFactory proxyFactory = new ProxyFactory(bean);
proxyFactory.addAdvisor(new DefaultPointcutAdvisor(this.interceptor));
return proxyFactory.getProxy();
@@ -59,7 +60,7 @@ public class ChannelSecurityInterceptorBeanPostProcessor implements BeanPostProc
}
private boolean shouldProxy(String beanName, MessageChannel channel, ChannelInvocationDefinitionSource definitionSource) {
Set<Pattern> patterns = ((ChannelInvocationDefinitionSource) this.interceptor.obtainObjectDefinitionSource()).getPatterns();
Set<Pattern> patterns = ((ChannelInvocationDefinitionSource) this.interceptor.obtainSecurityMetadataSource()).getPatterns();
for (Pattern pattern : patterns) {
if (pattern.matcher(beanName).matches()) {
return true;

View File

@@ -0,0 +1,44 @@
/*
* Copyright 2002-2010 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.integration.security;
import org.springframework.security.authentication.AbstractAuthenticationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
/**
* @author Oleg Zhurakousky
* @since 2.0
*/
public class MockAuthenticationManager extends AbstractAuthenticationManager {
private boolean grantAccess;
public MockAuthenticationManager(boolean grantAccess){
this.grantAccess = grantAccess;
}
/* (non-Javadoc)
* @see org.springframework.security.authentication.AbstractAuthenticationManager#doAuthentication(org.springframework.security.core.Authentication)
*/
@Override
protected Authentication doAuthentication(Authentication authentication)
throws AuthenticationException {
if (grantAccess){
authentication.setAuthenticated(true);
}
return authentication;
}
}

View File

@@ -16,17 +16,20 @@
package org.springframework.integration.security;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.context.SecurityContext;
import org.springframework.security.context.SecurityContextImpl;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.GrantedAuthorityImpl;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextImpl;
import org.springframework.util.CollectionUtils;
/**
* @author Jonas Partner
* @author Oleg Zhurakousky
*/
public class SecurityTestUtils {
@SuppressWarnings("unchecked")
public static SecurityContext createContext(String username, String password, String... roles) {
SecurityContextImpl ctxImpl = new SecurityContextImpl();
UsernamePasswordAuthenticationToken authToken;
@@ -35,7 +38,7 @@ public class SecurityTestUtils {
for (int i = 0; i < roles.length; i++) {
authorities[i] = new GrantedAuthorityImpl(roles[i]);
}
authToken = new UsernamePasswordAuthenticationToken(username, password, authorities);
authToken = new UsernamePasswordAuthenticationToken(username, password, CollectionUtils.arrayToList(authorities));
}
else {
authToken = new UsernamePasswordAuthenticationToken(username, password);

View File

@@ -19,7 +19,7 @@
<beans:import resource="classpath:org/springframework/integration/security/config/commonSecurityConfiguration.xml"/>
<si-security:secured-channels>
<si-security:access-policy pattern="secured.*" send-access="ROLE_ADMIN"/>
<si-security:access-policy pattern="securedChannel.*" send-access="ROLE_ADMIN, ROLE_PRESIDENT"/>
</si-security:secured-channels>
<beans:bean id="testHandler" class="org.springframework.integration.security.channel.TestHandler"/>

View File

@@ -20,22 +20,22 @@ import static org.junit.Assert.assertEquals;
import org.junit.After;
import org.junit.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.integration.core.MessageChannel;
import org.springframework.integration.message.StringMessage;
import org.springframework.integration.security.SecurityTestUtils;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.AuthenticationException;
import org.springframework.security.context.SecurityContext;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.test.annotation.DirtiesContext;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.AbstractJUnit4SpringContextTests;
/**
* @author Mark Fisher
* @author Oleg Zhurakousky
*/
@ContextConfiguration
public class ChannelAdapterSecurityIntegrationTests extends AbstractJUnit4SpringContextTests {
@@ -58,10 +58,17 @@ public class ChannelAdapterSecurityIntegrationTests extends AbstractJUnit4Spring
}
@Test(expected = AccessDeniedException.class)
@DirtiesContext
public void testSecuredWithNotEnoughPermission() {
login("bob", "bobspassword", "ROLE_ADMIN");
securedChannelAdapter.send(new StringMessage("test"));
}
@Test
@DirtiesContext
public void testSecuredWithPermission() {
login("bob", "bobspassword", "ROLE_ADMIN");
login("bob", "bobspassword", "ROLE_ADMIN, ROLE_PRESIDENT");
securedChannelAdapter.send(new StringMessage("test"));
assertEquals("Wrong size of message list in target", 1, testConsumer.sentMessages.size());
}

View File

@@ -21,22 +21,23 @@ import java.util.regex.Pattern;
import org.junit.After;
import org.junit.Test;
import org.springframework.aop.framework.ProxyFactory;
import org.springframework.integration.channel.QueueChannel;
import org.springframework.integration.core.MessageChannel;
import org.springframework.integration.message.StringMessage;
import org.springframework.integration.security.MockAuthenticationManager;
import org.springframework.integration.security.SecurityTestUtils;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.AuthenticationException;
import org.springframework.security.MockAuthenticationManager;
import org.springframework.security.context.SecurityContext;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.vote.AffirmativeBased;
import org.springframework.security.vote.RoleVoter;
import org.springframework.security.access.AccessDecisionVoter;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.vote.AffirmativeBased;
import org.springframework.security.access.vote.RoleVoter;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
/**
* @author Mark Fisher
* @author Oleg Zhurakousky
*/
public class ChannelSecurityInterceptorTests {
@@ -81,7 +82,8 @@ public class ChannelSecurityInterceptorTests {
objectDefinitionSource.addPatternMapping(Pattern.compile("secured.*"), new ChannelAccessPolicy(role, null));
ChannelSecurityInterceptor interceptor = new ChannelSecurityInterceptor(objectDefinitionSource);
AffirmativeBased accessDecisionManager = new AffirmativeBased();
accessDecisionManager.setDecisionVoters(Collections.singletonList(new RoleVoter()));
accessDecisionManager.setDecisionVoters(Collections.singletonList((AccessDecisionVoter)new RoleVoter()));
accessDecisionManager.afterPropertiesSet();
interceptor.setAccessDecisionManager(accessDecisionManager);
interceptor.setAuthenticationManager(new MockAuthenticationManager(true));

View File

@@ -42,14 +42,15 @@ import org.springframework.integration.core.MessageChannel;
import org.springframework.integration.security.channel.ChannelAccessPolicy;
import org.springframework.integration.security.channel.ChannelSecurityInterceptor;
import org.springframework.integration.selector.MessageSelector;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.AbstractJUnit4SpringContextTests;
/**
* @author Jonas Partner
* @author Mark Fisher
* @author Oleg Zhurakousky
*/
@ContextConfiguration
public class SecuredChannelsParserTests extends AbstractJUnit4SpringContextTests {
@@ -73,8 +74,8 @@ public class SecuredChannelsParserTests extends AbstractJUnit4SpringContextTests
ChannelSecurityInterceptor interceptor = (ChannelSecurityInterceptor) advisors[0].getAdvice();
ChannelAccessPolicy policy = this.retrievePolicyForPatternString(beanName, interceptor);
assertNotNull("Pattern '" + beanName + "' is not included in mappings", policy);
ConfigAttributeDefinition sendDefinition = policy.getConfigAttributeDefinitionForSend();
ConfigAttributeDefinition receiveDefinition = policy.getConfigAttributeDefinitionForReceive();
ConfigAttribute sendDefinition = policy.getConfigAttributeDefinitionForSend();
ConfigAttribute receiveDefinition = policy.getConfigAttributeDefinitionForReceive();
assertTrue("ROLE_ADMIN not found as send attribute", this.getRolesFromDefintion(sendDefinition).contains("ROLE_ADMIN"));
assertNull("Policy applies to receive", receiveDefinition);
}
@@ -91,8 +92,8 @@ public class SecuredChannelsParserTests extends AbstractJUnit4SpringContextTests
ChannelSecurityInterceptor interceptor = (ChannelSecurityInterceptor) advisors[0].getAdvice();
ChannelAccessPolicy policy = this.retrievePolicyForPatternString(beanName, interceptor);
assertNotNull("Pattern '" + beanName + "' is not included in mappings", policy);
ConfigAttributeDefinition sendDefinition = policy.getConfigAttributeDefinitionForSend();
ConfigAttributeDefinition receiveDefinition = policy.getConfigAttributeDefinitionForReceive();
ConfigAttribute sendDefinition = policy.getConfigAttributeDefinitionForSend();
ConfigAttribute receiveDefinition = policy.getConfigAttributeDefinitionForReceive();
Collection<String> sendRoles = this.getRolesFromDefintion(sendDefinition);
assertTrue("ROLE_ADMIN not found as send attribute", sendRoles.contains("ROLE_ADMIN"));
assertTrue("ROLE_USER not found as send attribute", sendRoles.contains("ROLE_USER"));
@@ -111,8 +112,8 @@ public class SecuredChannelsParserTests extends AbstractJUnit4SpringContextTests
ChannelSecurityInterceptor interceptor = (ChannelSecurityInterceptor) advisors[0].getAdvice();
ChannelAccessPolicy policy = this.retrievePolicyForPatternString(beanName, interceptor);
assertNotNull("Pattern '" + beanName + "' is not included in mappings", policy);
ConfigAttributeDefinition sendDefinition = policy.getConfigAttributeDefinitionForSend();
ConfigAttributeDefinition receiveDefinition = policy.getConfigAttributeDefinitionForReceive();
ConfigAttribute sendDefinition = policy.getConfigAttributeDefinitionForSend();
ConfigAttribute receiveDefinition = policy.getConfigAttributeDefinitionForReceive();
Collection<String> receiveRoles = this.getRolesFromDefintion(receiveDefinition);
assertTrue("ROLE_ADMIN not found as receive attribute", receiveRoles.contains("ROLE_ADMIN"));
assertNull("Policy applies to send", sendDefinition);
@@ -130,8 +131,8 @@ public class SecuredChannelsParserTests extends AbstractJUnit4SpringContextTests
ChannelSecurityInterceptor interceptor = (ChannelSecurityInterceptor) advisors[0].getAdvice();
ChannelAccessPolicy policy = this.retrievePolicyForPatternString(beanName, interceptor);
assertNotNull("Pattern '" + beanName + "' is not included in mappings", policy);
ConfigAttributeDefinition sendDefinition = policy.getConfigAttributeDefinitionForSend();
ConfigAttributeDefinition receiveDefinition = policy.getConfigAttributeDefinitionForReceive();
ConfigAttribute sendDefinition = policy.getConfigAttributeDefinitionForSend();
ConfigAttribute receiveDefinition = policy.getConfigAttributeDefinitionForReceive();
Collection<String> receiveRoles = this.getRolesFromDefintion(receiveDefinition);
assertTrue("ROLE_ADMIN not found as receive attribute", receiveRoles.contains("ROLE_ADMIN"));
assertTrue("ROLE_USER not found as receive attribute", receiveRoles.contains("ROLE_USER"));
@@ -150,8 +151,8 @@ public class SecuredChannelsParserTests extends AbstractJUnit4SpringContextTests
ChannelSecurityInterceptor interceptor = (ChannelSecurityInterceptor) advisors[0].getAdvice();
ChannelAccessPolicy policy = this.retrievePolicyForPatternString(beanName, interceptor);
assertNotNull("Pattern '" + beanName + "' is not included in mappings", policy);
ConfigAttributeDefinition sendDefinition = policy.getConfigAttributeDefinitionForSend();
ConfigAttributeDefinition receiveDefinition = policy.getConfigAttributeDefinitionForReceive();
ConfigAttribute sendDefinition = policy.getConfigAttributeDefinitionForSend();
ConfigAttribute receiveDefinition = policy.getConfigAttributeDefinitionForReceive();
assertNotNull("Pattern does not apply to 'send'", sendDefinition);
assertNotNull("Pattern does not apply to 'receive'", receiveDefinition);
Collection<String> sendRoles = this.getRolesFromDefintion(sendDefinition);
@@ -163,7 +164,7 @@ public class SecuredChannelsParserTests extends AbstractJUnit4SpringContextTests
@SuppressWarnings("unchecked")
private ChannelAccessPolicy retrievePolicyForPatternString(String patternString, ChannelSecurityInterceptor interceptor) {
DirectFieldAccessor accessor = new DirectFieldAccessor(interceptor.obtainObjectDefinitionSource());
DirectFieldAccessor accessor = new DirectFieldAccessor(interceptor.obtainSecurityMetadataSource());
Map<Pattern, ChannelAccessPolicy> policies = (Map<Pattern, ChannelAccessPolicy>) accessor.getPropertyValue("patternMappings");
for (Map.Entry<Pattern, ChannelAccessPolicy> entry : policies.entrySet()) {
if (entry.getKey().pattern().equals(patternString)) {
@@ -174,9 +175,9 @@ public class SecuredChannelsParserTests extends AbstractJUnit4SpringContextTests
}
@SuppressWarnings("unchecked")
private Collection<String> getRolesFromDefintion(ConfigAttributeDefinition definition) {
private Collection<String> getRolesFromDefintion(ConfigAttribute definition) {
Set<String> roles = new HashSet<String>();
Collection configAttributes = definition.getConfigAttributes();
Collection configAttributes = SecurityConfig.createListFromCommaDelimitedString(definition.getAttribute());
for (Object next : configAttributes) {
ConfigAttribute attribute = (ConfigAttribute) next;
roles.add(attribute.getAttribute());

View File

@@ -6,25 +6,24 @@
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd">
<context:annotation-config/>
<beans:bean id="authenticationManager" class="org.springframework.security.MockAuthenticationManager"/>
<beans:bean id="accessDecisionManager" class="org.springframework.security.vote.AffirmativeBased">
<beans:bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
<beans:property name="allowIfAllAbstainDecisions" value="true"/>
<beans:property name="decisionVoters">
<beans:list>
<beans:bean class="org.springframework.security.vote.RoleVoter"/>
<beans:bean class="org.springframework.security.access.vote.RoleVoter"/>
</beans:list>
</beans:property>
</beans:bean>
<security:authentication-provider user-service-ref="userDetailsService"/>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider user-service-ref="userDetailsService"/>
</security:authentication-manager>
<security:user-service id="userDetailsService">
<security:user name="jimi" password="jimispassword" authorities="ROLE_USER, ROLE_ADMIN"/>