diff --git a/spring-integration-security/.project b/spring-integration-security/.project index e4ad711f09..a09f9eaca0 100644 --- a/spring-integration-security/.project +++ b/spring-integration-security/.project @@ -15,8 +15,14 @@ + + org.springframework.ide.eclipse.core.springbuilder + + + + org.springframework.ide.eclipse.core.springnature org.maven.ide.eclipse.maven2Nature org.eclipse.jdt.core.javanature diff --git a/spring-integration-security/pom.xml b/spring-integration-security/pom.xml index 6e24ac89d5..00b0234afd 100644 --- a/spring-integration-security/pom.xml +++ b/spring-integration-security/pom.xml @@ -28,7 +28,18 @@ org.springframework.security spring-security-core - ${org.springframework.security.version} + 3.0.2.RELEASE + + + org.springframework + spring-support + + + + + org.springframework.security + spring-security-config + 3.0.2.RELEASE org.springframework diff --git a/spring-integration-security/src/main/java/org/springframework/integration/security/channel/ChannelAccessPolicy.java b/spring-integration-security/src/main/java/org/springframework/integration/security/channel/ChannelAccessPolicy.java index c67f7a5e45..e7c4cbcb56 100644 --- a/spring-integration-security/src/main/java/org/springframework/integration/security/channel/ChannelAccessPolicy.java +++ b/spring-integration-security/src/main/java/org/springframework/integration/security/channel/ChannelAccessPolicy.java @@ -16,7 +16,8 @@ package org.springframework.integration.security.channel; -import org.springframework.security.ConfigAttributeDefinition; +import org.springframework.security.access.ConfigAttribute; +import org.springframework.security.access.SecurityConfig; import org.springframework.util.Assert; import org.springframework.util.StringUtils; @@ -25,12 +26,13 @@ import org.springframework.util.StringUtils; * send and receive operations based on simple String values. * * @author Mark Fisher + * @author Oleg Zhurakousky */ public class ChannelAccessPolicy { - private final ConfigAttributeDefinition configAttributeDefinitionForSend; + private final ConfigAttribute configAttributeDefinitionForSend; - private final ConfigAttributeDefinition configAttributeDefinitionForReceive; + private final ConfigAttribute configAttributeDefinitionForReceive; /** @@ -42,22 +44,18 @@ public class ChannelAccessPolicy { public ChannelAccessPolicy(String sendAccess, String receiveAccess) { Assert.isTrue(sendAccess != null || receiveAccess != null, "At least one of 'sendAccess' and 'receiveAccess' must not be null."); - String[] sendValues = StringUtils.trimArrayElements( - StringUtils.commaDelimitedListToStringArray(sendAccess)); - String[] receiveValues = StringUtils.trimArrayElements( - StringUtils.commaDelimitedListToStringArray(receiveAccess)); - this.configAttributeDefinitionForSend = (sendValues.length > 0) - ? new ConfigAttributeDefinition(sendValues) : null; - this.configAttributeDefinitionForReceive = (receiveValues.length > 0) - ? new ConfigAttributeDefinition(receiveValues) : null; + this.configAttributeDefinitionForSend = (StringUtils.hasText(sendAccess)) + ? new SecurityConfig(sendAccess) : null; + this.configAttributeDefinitionForReceive = (StringUtils.hasText(receiveAccess)) + ? new SecurityConfig(receiveAccess) : null; } - public ConfigAttributeDefinition getConfigAttributeDefinitionForSend() { + public ConfigAttribute getConfigAttributeDefinitionForSend() { return this.configAttributeDefinitionForSend; } - public ConfigAttributeDefinition getConfigAttributeDefinitionForReceive() { + public ConfigAttribute getConfigAttributeDefinitionForReceive() { return this.configAttributeDefinitionForReceive; } diff --git a/spring-integration-security/src/main/java/org/springframework/integration/security/channel/ChannelInvocationDefinitionSource.java b/spring-integration-security/src/main/java/org/springframework/integration/security/channel/ChannelInvocationDefinitionSource.java index 38bb054a4e..7d7b84db21 100644 --- a/spring-integration-security/src/main/java/org/springframework/integration/security/channel/ChannelInvocationDefinitionSource.java +++ b/spring-integration-security/src/main/java/org/springframework/integration/security/channel/ChannelInvocationDefinitionSource.java @@ -27,17 +27,17 @@ import java.util.regex.Pattern; import org.springframework.integration.context.NamedComponent; import org.springframework.integration.core.MessageChannel; -import org.springframework.security.ConfigAttribute; -import org.springframework.security.ConfigAttributeDefinition; -import org.springframework.security.intercept.ObjectDefinitionSource; +import org.springframework.security.access.ConfigAttribute; +import org.springframework.security.access.SecurityMetadataSource; import org.springframework.util.Assert; /** * The {@link ObjectDefinitionSource} implementation for secured {@link MessageChannel}s. * * @author Mark Fisher + * @author Oleg Zhurakousky */ -public class ChannelInvocationDefinitionSource implements ObjectDefinitionSource { +public class ChannelInvocationDefinitionSource implements SecurityMetadataSource { private final Map patternMappings; @@ -60,13 +60,7 @@ public class ChannelInvocationDefinitionSource implements ObjectDefinitionSource return this.patternMappings.keySet(); } - @SuppressWarnings("unchecked") - public boolean supports(Class clazz) { - return ChannelInvocation.class.isAssignableFrom(clazz); - } - - @SuppressWarnings("unchecked") - public ConfigAttributeDefinition getAttributes(Object object) throws IllegalArgumentException { + public Collection getAttributes(Object object) throws IllegalArgumentException { Assert.isAssignable(ChannelInvocation.class, object.getClass()); ChannelInvocation invocation = (ChannelInvocation) object; MessageChannel channel = invocation.getChannel(); @@ -78,35 +72,40 @@ public class ChannelInvocationDefinitionSource implements ObjectDefinitionSource ChannelAccessPolicy accessPolicy = mapping.getValue(); if (pattern.matcher(channelName).matches()) { if (invocation.isSend()) { - ConfigAttributeDefinition definition = accessPolicy.getConfigAttributeDefinitionForSend(); + ConfigAttribute definition = accessPolicy.getConfigAttributeDefinitionForSend(); if (definition != null) { - attributes.addAll(definition.getConfigAttributes()); + attributes.add(definition); } } else if (invocation.isReceive()) { - ConfigAttributeDefinition definition = accessPolicy.getConfigAttributeDefinitionForReceive(); + ConfigAttribute definition = accessPolicy.getConfigAttributeDefinitionForReceive(); if (definition != null) { - attributes.addAll(definition.getConfigAttributes()); + attributes.add(definition); } } } } - return new ConfigAttributeDefinition(attributes); + return attributes; } - public Collection getConfigAttributeDefinitions() { - Set definitions = new HashSet(); - for (ChannelAccessPolicy accessPolicy : this.patternMappings.values()) { - ConfigAttributeDefinition sendDefinition = accessPolicy.getConfigAttributeDefinitionForSend(); - if (sendDefinition != null) { - definitions.add(sendDefinition); - } - ConfigAttributeDefinition receiveDefinition = accessPolicy.getConfigAttributeDefinitionForReceive(); - if (receiveDefinition != null) { - definitions.add(receiveDefinition); - } - } - return definitions; + public Collection getAllConfigAttributes() { + Set allAttributes = new HashSet(); + + for (ChannelAccessPolicy policy : patternMappings.values()) { + ConfigAttribute attribute = policy.getConfigAttributeDefinitionForReceive(); + if (attribute != null){ + allAttributes.add(attribute); + } + attribute = policy.getConfigAttributeDefinitionForSend(); + if (attribute != null){ + allAttributes.add(attribute); + } + } + + return allAttributes; } + public boolean supports(Class clazz) { + return ChannelInvocation.class.isAssignableFrom(clazz); + } } diff --git a/spring-integration-security/src/main/java/org/springframework/integration/security/channel/ChannelSecurityInterceptor.java b/spring-integration-security/src/main/java/org/springframework/integration/security/channel/ChannelSecurityInterceptor.java index 3d6728917c..79a3862067 100644 --- a/spring-integration-security/src/main/java/org/springframework/integration/security/channel/ChannelSecurityInterceptor.java +++ b/spring-integration-security/src/main/java/org/springframework/integration/security/channel/ChannelSecurityInterceptor.java @@ -20,16 +20,16 @@ import java.lang.reflect.Method; import org.aopalliance.intercept.MethodInterceptor; import org.aopalliance.intercept.MethodInvocation; - -import org.springframework.security.intercept.AbstractSecurityInterceptor; -import org.springframework.security.intercept.InterceptorStatusToken; -import org.springframework.security.intercept.ObjectDefinitionSource; +import org.springframework.security.access.SecurityMetadataSource; +import org.springframework.security.access.intercept.AbstractSecurityInterceptor; +import org.springframework.security.access.intercept.InterceptorStatusToken; import org.springframework.util.Assert; - + /** * An AOP interceptor that enforces authorization for MessageChannel send and/or receive calls. * * @author Mark Fisher + * @author Oleg Zhurakousky */ public class ChannelSecurityInterceptor extends AbstractSecurityInterceptor implements MethodInterceptor { @@ -47,10 +47,6 @@ public class ChannelSecurityInterceptor extends AbstractSecurityInterceptor impl return ChannelInvocation.class; } - @Override - public ObjectDefinitionSource obtainObjectDefinitionSource() { - return this.objectDefinitionSource; - } public Object invoke(MethodInvocation invocation) throws Throwable { Method method = invocation.getMethod(); @@ -72,4 +68,10 @@ public class ChannelSecurityInterceptor extends AbstractSecurityInterceptor impl return returnValue; } + + @Override + public SecurityMetadataSource obtainSecurityMetadataSource() { + return this.objectDefinitionSource; + } + } diff --git a/spring-integration-security/src/main/java/org/springframework/integration/security/config/ChannelSecurityInterceptorBeanPostProcessor.java b/spring-integration-security/src/main/java/org/springframework/integration/security/config/ChannelSecurityInterceptorBeanPostProcessor.java index 8904b8358d..9b81abb5a9 100644 --- a/spring-integration-security/src/main/java/org/springframework/integration/security/config/ChannelSecurityInterceptorBeanPostProcessor.java +++ b/spring-integration-security/src/main/java/org/springframework/integration/security/config/ChannelSecurityInterceptorBeanPostProcessor.java @@ -32,6 +32,7 @@ import org.springframework.util.Assert; * A {@link BeanPostProcessor} that proxies {@link MessageChannel}s to apply a {@link ChannelSecurityInterceptor}. * * @author Mark Fisher + * @author Oleg Zhurakousky */ public class ChannelSecurityInterceptorBeanPostProcessor implements BeanPostProcessor { @@ -50,7 +51,7 @@ public class ChannelSecurityInterceptorBeanPostProcessor implements BeanPostProc public Object postProcessAfterInitialization(Object bean, String beanName) throws BeansException { if (bean instanceof MessageChannel && shouldProxy(beanName, (MessageChannel) bean, - (ChannelInvocationDefinitionSource) this.interceptor.obtainObjectDefinitionSource())) { + (ChannelInvocationDefinitionSource) this.interceptor.obtainSecurityMetadataSource())) { ProxyFactory proxyFactory = new ProxyFactory(bean); proxyFactory.addAdvisor(new DefaultPointcutAdvisor(this.interceptor)); return proxyFactory.getProxy(); @@ -59,7 +60,7 @@ public class ChannelSecurityInterceptorBeanPostProcessor implements BeanPostProc } private boolean shouldProxy(String beanName, MessageChannel channel, ChannelInvocationDefinitionSource definitionSource) { - Set patterns = ((ChannelInvocationDefinitionSource) this.interceptor.obtainObjectDefinitionSource()).getPatterns(); + Set patterns = ((ChannelInvocationDefinitionSource) this.interceptor.obtainSecurityMetadataSource()).getPatterns(); for (Pattern pattern : patterns) { if (pattern.matcher(beanName).matches()) { return true; diff --git a/spring-integration-security/src/test/java/org/springframework/integration/security/MockAuthenticationManager.java b/spring-integration-security/src/test/java/org/springframework/integration/security/MockAuthenticationManager.java new file mode 100644 index 0000000000..252ddb5ce0 --- /dev/null +++ b/spring-integration-security/src/test/java/org/springframework/integration/security/MockAuthenticationManager.java @@ -0,0 +1,44 @@ +/* + * Copyright 2002-2010 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.springframework.integration.security; + +import org.springframework.security.authentication.AbstractAuthenticationManager; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.AuthenticationException; + +/** + * @author Oleg Zhurakousky + * @since 2.0 + */ +public class MockAuthenticationManager extends AbstractAuthenticationManager { + private boolean grantAccess; + + public MockAuthenticationManager(boolean grantAccess){ + this.grantAccess = grantAccess; + } + + /* (non-Javadoc) + * @see org.springframework.security.authentication.AbstractAuthenticationManager#doAuthentication(org.springframework.security.core.Authentication) + */ + @Override + protected Authentication doAuthentication(Authentication authentication) + throws AuthenticationException { + if (grantAccess){ + authentication.setAuthenticated(true); + } + return authentication; + } +} diff --git a/spring-integration-security/src/test/java/org/springframework/integration/security/SecurityTestUtils.java b/spring-integration-security/src/test/java/org/springframework/integration/security/SecurityTestUtils.java index bc1197b77b..04d9d22af4 100644 --- a/spring-integration-security/src/test/java/org/springframework/integration/security/SecurityTestUtils.java +++ b/spring-integration-security/src/test/java/org/springframework/integration/security/SecurityTestUtils.java @@ -16,17 +16,20 @@ package org.springframework.integration.security; -import org.springframework.security.GrantedAuthority; -import org.springframework.security.GrantedAuthorityImpl; -import org.springframework.security.context.SecurityContext; -import org.springframework.security.context.SecurityContextImpl; -import org.springframework.security.providers.UsernamePasswordAuthenticationToken; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.authority.GrantedAuthorityImpl; +import org.springframework.security.core.context.SecurityContext; +import org.springframework.security.core.context.SecurityContextImpl; +import org.springframework.util.CollectionUtils; /** * @author Jonas Partner + * @author Oleg Zhurakousky */ public class SecurityTestUtils { + @SuppressWarnings("unchecked") public static SecurityContext createContext(String username, String password, String... roles) { SecurityContextImpl ctxImpl = new SecurityContextImpl(); UsernamePasswordAuthenticationToken authToken; @@ -35,7 +38,7 @@ public class SecurityTestUtils { for (int i = 0; i < roles.length; i++) { authorities[i] = new GrantedAuthorityImpl(roles[i]); } - authToken = new UsernamePasswordAuthenticationToken(username, password, authorities); + authToken = new UsernamePasswordAuthenticationToken(username, password, CollectionUtils.arrayToList(authorities)); } else { authToken = new UsernamePasswordAuthenticationToken(username, password); diff --git a/spring-integration-security/src/test/java/org/springframework/integration/security/channel/ChannelAdapterSecurityIntegrationTests-context.xml b/spring-integration-security/src/test/java/org/springframework/integration/security/channel/ChannelAdapterSecurityIntegrationTests-context.xml index 7f4903b27d..7fc63de88a 100644 --- a/spring-integration-security/src/test/java/org/springframework/integration/security/channel/ChannelAdapterSecurityIntegrationTests-context.xml +++ b/spring-integration-security/src/test/java/org/springframework/integration/security/channel/ChannelAdapterSecurityIntegrationTests-context.xml @@ -19,7 +19,7 @@ - + diff --git a/spring-integration-security/src/test/java/org/springframework/integration/security/channel/ChannelAdapterSecurityIntegrationTests.java b/spring-integration-security/src/test/java/org/springframework/integration/security/channel/ChannelAdapterSecurityIntegrationTests.java index a312fe954f..5867c9f3a8 100644 --- a/spring-integration-security/src/test/java/org/springframework/integration/security/channel/ChannelAdapterSecurityIntegrationTests.java +++ b/spring-integration-security/src/test/java/org/springframework/integration/security/channel/ChannelAdapterSecurityIntegrationTests.java @@ -20,22 +20,22 @@ import static org.junit.Assert.assertEquals; import org.junit.After; import org.junit.Test; - import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.integration.core.MessageChannel; import org.springframework.integration.message.StringMessage; import org.springframework.integration.security.SecurityTestUtils; -import org.springframework.security.AccessDeniedException; -import org.springframework.security.AuthenticationException; -import org.springframework.security.context.SecurityContext; -import org.springframework.security.context.SecurityContextHolder; +import org.springframework.security.access.AccessDeniedException; +import org.springframework.security.core.AuthenticationException; +import org.springframework.security.core.context.SecurityContext; +import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.test.annotation.DirtiesContext; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.AbstractJUnit4SpringContextTests; /** * @author Mark Fisher + * @author Oleg Zhurakousky */ @ContextConfiguration public class ChannelAdapterSecurityIntegrationTests extends AbstractJUnit4SpringContextTests { @@ -58,10 +58,17 @@ public class ChannelAdapterSecurityIntegrationTests extends AbstractJUnit4Spring } + @Test(expected = AccessDeniedException.class) + @DirtiesContext + public void testSecuredWithNotEnoughPermission() { + login("bob", "bobspassword", "ROLE_ADMIN"); + securedChannelAdapter.send(new StringMessage("test")); + } + @Test @DirtiesContext public void testSecuredWithPermission() { - login("bob", "bobspassword", "ROLE_ADMIN"); + login("bob", "bobspassword", "ROLE_ADMIN, ROLE_PRESIDENT"); securedChannelAdapter.send(new StringMessage("test")); assertEquals("Wrong size of message list in target", 1, testConsumer.sentMessages.size()); } diff --git a/spring-integration-security/src/test/java/org/springframework/integration/security/channel/ChannelSecurityInterceptorTests.java b/spring-integration-security/src/test/java/org/springframework/integration/security/channel/ChannelSecurityInterceptorTests.java index 523ad37ff6..90d5fafef7 100644 --- a/spring-integration-security/src/test/java/org/springframework/integration/security/channel/ChannelSecurityInterceptorTests.java +++ b/spring-integration-security/src/test/java/org/springframework/integration/security/channel/ChannelSecurityInterceptorTests.java @@ -21,22 +21,23 @@ import java.util.regex.Pattern; import org.junit.After; import org.junit.Test; - import org.springframework.aop.framework.ProxyFactory; import org.springframework.integration.channel.QueueChannel; import org.springframework.integration.core.MessageChannel; import org.springframework.integration.message.StringMessage; +import org.springframework.integration.security.MockAuthenticationManager; import org.springframework.integration.security.SecurityTestUtils; -import org.springframework.security.AccessDeniedException; -import org.springframework.security.AuthenticationException; -import org.springframework.security.MockAuthenticationManager; -import org.springframework.security.context.SecurityContext; -import org.springframework.security.context.SecurityContextHolder; -import org.springframework.security.vote.AffirmativeBased; -import org.springframework.security.vote.RoleVoter; +import org.springframework.security.access.AccessDecisionVoter; +import org.springframework.security.access.AccessDeniedException; +import org.springframework.security.access.vote.AffirmativeBased; +import org.springframework.security.access.vote.RoleVoter; +import org.springframework.security.core.AuthenticationException; +import org.springframework.security.core.context.SecurityContext; +import org.springframework.security.core.context.SecurityContextHolder; /** * @author Mark Fisher + * @author Oleg Zhurakousky */ public class ChannelSecurityInterceptorTests { @@ -81,7 +82,8 @@ public class ChannelSecurityInterceptorTests { objectDefinitionSource.addPatternMapping(Pattern.compile("secured.*"), new ChannelAccessPolicy(role, null)); ChannelSecurityInterceptor interceptor = new ChannelSecurityInterceptor(objectDefinitionSource); AffirmativeBased accessDecisionManager = new AffirmativeBased(); - accessDecisionManager.setDecisionVoters(Collections.singletonList(new RoleVoter())); + + accessDecisionManager.setDecisionVoters(Collections.singletonList((AccessDecisionVoter)new RoleVoter())); accessDecisionManager.afterPropertiesSet(); interceptor.setAccessDecisionManager(accessDecisionManager); interceptor.setAuthenticationManager(new MockAuthenticationManager(true)); diff --git a/spring-integration-security/src/test/java/org/springframework/integration/security/config/SecuredChannelsParserTests.java b/spring-integration-security/src/test/java/org/springframework/integration/security/config/SecuredChannelsParserTests.java index c08a831e97..309955f269 100644 --- a/spring-integration-security/src/test/java/org/springframework/integration/security/config/SecuredChannelsParserTests.java +++ b/spring-integration-security/src/test/java/org/springframework/integration/security/config/SecuredChannelsParserTests.java @@ -42,14 +42,15 @@ import org.springframework.integration.core.MessageChannel; import org.springframework.integration.security.channel.ChannelAccessPolicy; import org.springframework.integration.security.channel.ChannelSecurityInterceptor; import org.springframework.integration.selector.MessageSelector; -import org.springframework.security.ConfigAttribute; -import org.springframework.security.ConfigAttributeDefinition; +import org.springframework.security.access.ConfigAttribute; +import org.springframework.security.access.SecurityConfig; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.AbstractJUnit4SpringContextTests; /** * @author Jonas Partner * @author Mark Fisher + * @author Oleg Zhurakousky */ @ContextConfiguration public class SecuredChannelsParserTests extends AbstractJUnit4SpringContextTests { @@ -73,8 +74,8 @@ public class SecuredChannelsParserTests extends AbstractJUnit4SpringContextTests ChannelSecurityInterceptor interceptor = (ChannelSecurityInterceptor) advisors[0].getAdvice(); ChannelAccessPolicy policy = this.retrievePolicyForPatternString(beanName, interceptor); assertNotNull("Pattern '" + beanName + "' is not included in mappings", policy); - ConfigAttributeDefinition sendDefinition = policy.getConfigAttributeDefinitionForSend(); - ConfigAttributeDefinition receiveDefinition = policy.getConfigAttributeDefinitionForReceive(); + ConfigAttribute sendDefinition = policy.getConfigAttributeDefinitionForSend(); + ConfigAttribute receiveDefinition = policy.getConfigAttributeDefinitionForReceive(); assertTrue("ROLE_ADMIN not found as send attribute", this.getRolesFromDefintion(sendDefinition).contains("ROLE_ADMIN")); assertNull("Policy applies to receive", receiveDefinition); } @@ -91,8 +92,8 @@ public class SecuredChannelsParserTests extends AbstractJUnit4SpringContextTests ChannelSecurityInterceptor interceptor = (ChannelSecurityInterceptor) advisors[0].getAdvice(); ChannelAccessPolicy policy = this.retrievePolicyForPatternString(beanName, interceptor); assertNotNull("Pattern '" + beanName + "' is not included in mappings", policy); - ConfigAttributeDefinition sendDefinition = policy.getConfigAttributeDefinitionForSend(); - ConfigAttributeDefinition receiveDefinition = policy.getConfigAttributeDefinitionForReceive(); + ConfigAttribute sendDefinition = policy.getConfigAttributeDefinitionForSend(); + ConfigAttribute receiveDefinition = policy.getConfigAttributeDefinitionForReceive(); Collection sendRoles = this.getRolesFromDefintion(sendDefinition); assertTrue("ROLE_ADMIN not found as send attribute", sendRoles.contains("ROLE_ADMIN")); assertTrue("ROLE_USER not found as send attribute", sendRoles.contains("ROLE_USER")); @@ -111,8 +112,8 @@ public class SecuredChannelsParserTests extends AbstractJUnit4SpringContextTests ChannelSecurityInterceptor interceptor = (ChannelSecurityInterceptor) advisors[0].getAdvice(); ChannelAccessPolicy policy = this.retrievePolicyForPatternString(beanName, interceptor); assertNotNull("Pattern '" + beanName + "' is not included in mappings", policy); - ConfigAttributeDefinition sendDefinition = policy.getConfigAttributeDefinitionForSend(); - ConfigAttributeDefinition receiveDefinition = policy.getConfigAttributeDefinitionForReceive(); + ConfigAttribute sendDefinition = policy.getConfigAttributeDefinitionForSend(); + ConfigAttribute receiveDefinition = policy.getConfigAttributeDefinitionForReceive(); Collection receiveRoles = this.getRolesFromDefintion(receiveDefinition); assertTrue("ROLE_ADMIN not found as receive attribute", receiveRoles.contains("ROLE_ADMIN")); assertNull("Policy applies to send", sendDefinition); @@ -130,8 +131,8 @@ public class SecuredChannelsParserTests extends AbstractJUnit4SpringContextTests ChannelSecurityInterceptor interceptor = (ChannelSecurityInterceptor) advisors[0].getAdvice(); ChannelAccessPolicy policy = this.retrievePolicyForPatternString(beanName, interceptor); assertNotNull("Pattern '" + beanName + "' is not included in mappings", policy); - ConfigAttributeDefinition sendDefinition = policy.getConfigAttributeDefinitionForSend(); - ConfigAttributeDefinition receiveDefinition = policy.getConfigAttributeDefinitionForReceive(); + ConfigAttribute sendDefinition = policy.getConfigAttributeDefinitionForSend(); + ConfigAttribute receiveDefinition = policy.getConfigAttributeDefinitionForReceive(); Collection receiveRoles = this.getRolesFromDefintion(receiveDefinition); assertTrue("ROLE_ADMIN not found as receive attribute", receiveRoles.contains("ROLE_ADMIN")); assertTrue("ROLE_USER not found as receive attribute", receiveRoles.contains("ROLE_USER")); @@ -150,8 +151,8 @@ public class SecuredChannelsParserTests extends AbstractJUnit4SpringContextTests ChannelSecurityInterceptor interceptor = (ChannelSecurityInterceptor) advisors[0].getAdvice(); ChannelAccessPolicy policy = this.retrievePolicyForPatternString(beanName, interceptor); assertNotNull("Pattern '" + beanName + "' is not included in mappings", policy); - ConfigAttributeDefinition sendDefinition = policy.getConfigAttributeDefinitionForSend(); - ConfigAttributeDefinition receiveDefinition = policy.getConfigAttributeDefinitionForReceive(); + ConfigAttribute sendDefinition = policy.getConfigAttributeDefinitionForSend(); + ConfigAttribute receiveDefinition = policy.getConfigAttributeDefinitionForReceive(); assertNotNull("Pattern does not apply to 'send'", sendDefinition); assertNotNull("Pattern does not apply to 'receive'", receiveDefinition); Collection sendRoles = this.getRolesFromDefintion(sendDefinition); @@ -163,7 +164,7 @@ public class SecuredChannelsParserTests extends AbstractJUnit4SpringContextTests @SuppressWarnings("unchecked") private ChannelAccessPolicy retrievePolicyForPatternString(String patternString, ChannelSecurityInterceptor interceptor) { - DirectFieldAccessor accessor = new DirectFieldAccessor(interceptor.obtainObjectDefinitionSource()); + DirectFieldAccessor accessor = new DirectFieldAccessor(interceptor.obtainSecurityMetadataSource()); Map policies = (Map) accessor.getPropertyValue("patternMappings"); for (Map.Entry entry : policies.entrySet()) { if (entry.getKey().pattern().equals(patternString)) { @@ -174,9 +175,9 @@ public class SecuredChannelsParserTests extends AbstractJUnit4SpringContextTests } @SuppressWarnings("unchecked") - private Collection getRolesFromDefintion(ConfigAttributeDefinition definition) { + private Collection getRolesFromDefintion(ConfigAttribute definition) { Set roles = new HashSet(); - Collection configAttributes = definition.getConfigAttributes(); + Collection configAttributes = SecurityConfig.createListFromCommaDelimitedString(definition.getAttribute()); for (Object next : configAttributes) { ConfigAttribute attribute = (ConfigAttribute) next; roles.add(attribute.getAttribute()); diff --git a/spring-integration-security/src/test/java/org/springframework/integration/security/config/commonSecurityConfiguration.xml b/spring-integration-security/src/test/java/org/springframework/integration/security/config/commonSecurityConfiguration.xml index 8dd319994e..e5e909c884 100644 --- a/spring-integration-security/src/test/java/org/springframework/integration/security/config/commonSecurityConfiguration.xml +++ b/spring-integration-security/src/test/java/org/springframework/integration/security/config/commonSecurityConfiguration.xml @@ -6,25 +6,24 @@ xmlns:context="http://www.springframework.org/schema/context" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd - http://www.springframework.org/schema/security - http://www.springframework.org/schema/security/spring-security.xsd + http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd"> - - - + - + - + + +