SEC-1196: Change use of <authentication-manager> to actually register the global ProviderManager instance. This element now registers the global ProviderManager instance and must contain any authentication-provider elements (or ldap-authentication-provider elements).

This commit is contained in:
Luke Taylor
2009-08-03 00:21:11 +00:00
parent c5d6484b54
commit 5953af0f6b
29 changed files with 298 additions and 244 deletions

View File

@@ -2,6 +2,7 @@ package org.springframework.security.config;
public abstract class ConfigTestUtils {
public static final String AUTH_PROVIDER_XML =
"<authentication-manager alias='authManager'>" +
" <authentication-provider>" +
" <user-service id='us'>" +
" <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />" +
@@ -9,5 +10,6 @@ public abstract class ConfigTestUtils {
" <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />" +
" <user name='user' password='password' authorities='ROLE_USER' />" +
" </user-service>" +
" </authentication-provider>";
" </authentication-provider>" +
"</authentication-manager>";
}

View File

@@ -1,17 +1,12 @@
package org.springframework.security.config.authentication;
import static org.junit.Assert.assertFalse;
import org.junit.Test;
import org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException;
import org.springframework.context.support.AbstractXmlApplicationContext;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.authentication.concurrent.ConcurrentSessionControllerImpl;
import org.springframework.security.authentication.concurrent.SessionRegistryImpl;
import org.springframework.security.config.BeanIds;
import org.springframework.security.config.ConfigTestUtils;
import org.springframework.security.config.util.InMemoryXmlApplicationContext;
import org.springframework.security.util.FieldUtils;
/**
*
@@ -28,24 +23,16 @@ public class AuthenticationManagerBeanDefinitionParserTests {
" </b:property>" +
"</b:bean>";
@Test
public void sessionControllerRefAttributeIsSupportedFor204ContextButHasNoEffect() throws Exception {
setContext(
"<http auto-config='true'/>" +
SESSION_CONTROLLER +
"<authentication-manager alias='authManager' session-controller-ref='sc'/>" +
ConfigTestUtils.AUTH_PROVIDER_XML, "2.0.4");
ProviderManager pm = (ProviderManager) appContext.getBean(BeanIds.AUTHENTICATION_MANAGER);
assertFalse(FieldUtils.getFieldValue(pm, "sessionController") instanceof ConcurrentSessionControllerImpl);
}
@Test(expected=XmlBeanDefinitionStoreException.class)
public void sessionControllerRefAttributeIsRejectedFor30Context() throws Exception {
setContext(
"<http auto-config='true'/>" +
SESSION_CONTROLLER +
"<authentication-manager alias='authManager' session-controller-ref='sc'/>" +
ConfigTestUtils.AUTH_PROVIDER_XML, "3.0");
"<authentication-manager session-controller-ref='sc'>" +
" <authentication-provider>" +
" <user-service>" +
" <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />" +
" </user-service>" +
" </authentication-provider>" +
"</authentication-manager>" + SESSION_CONTROLLER, "3.0");
appContext.getBean(BeanIds.AUTHENTICATION_MANAGER);
}

View File

@@ -47,7 +47,10 @@ public class AuthenticationProviderBeanDefinitionParserTests {
@Test
public void externalUserServiceRefWorks() throws Exception {
setContext(" <authentication-provider user-service-ref='myUserService' />" +
appContext = new InMemoryXmlApplicationContext(
" <authentication-manager>" +
" <authentication-provider user-service-ref='myUserService' />" +
" </authentication-manager>" +
" <user-service id='myUserService'>" +
" <user name='bob' password='bobspassword' authorities='ROLE_A' />" +
" </user-service>");
@@ -105,11 +108,14 @@ public class AuthenticationProviderBeanDefinitionParserTests {
@Test
public void externalUserServicePasswordEncoderAndSaltSourceWork() throws Exception {
setContext(" <authentication-provider user-service-ref='customUserService'>" +
appContext = new InMemoryXmlApplicationContext(
" <authentication-manager>" +
" <authentication-provider user-service-ref='customUserService'>" +
" <password-encoder ref='customPasswordEncoder'>" +
" <salt-source ref='saltSource'/>" +
" </password-encoder>" +
" </authentication-provider>" +
" </authentication-provider>" +
" </authentication-manager>" +
" <b:bean id='customPasswordEncoder' " +
"class='org.springframework.security.authentication.encoding.Md5PasswordEncoder'/>" +
@@ -132,6 +138,6 @@ public class AuthenticationProviderBeanDefinitionParserTests {
}
private void setContext(String context) {
appContext = new InMemoryXmlApplicationContext(context);
appContext = new InMemoryXmlApplicationContext("<authentication-manager>" + context + "</authentication-manager>");
}
}

View File

@@ -1,45 +1,20 @@
package org.springframework.security.config.authentication;
import static org.junit.Assert.*;
import org.junit.Test;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.config.BeanIds;
import org.springframework.security.config.util.InMemoryXmlApplicationContext;
public class CustomAuthenticationProviderBeanDefinitionDecoratorTests {
@Test
public void decoratedProviderParsesSuccessfully() {
InMemoryXmlApplicationContext ctx = new InMemoryXmlApplicationContext(
public void decoratedProviderParsesSuccessfullyWith20Namespace() {
new InMemoryXmlApplicationContext(
"<b:bean class='org.springframework.security.authentication.dao.DaoAuthenticationProvider'>" +
" <custom-authentication-provider />" +
" <b:property name='userDetailsService' ref='us'/>" +
"</b:bean>" +
"</b:bean>" +
"<user-service id='us'>" +
" <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />" +
"</user-service>"
);
ProviderManager authMgr = (ProviderManager) ctx.getBean(BeanIds.AUTHENTICATION_MANAGER);
assertEquals(1, authMgr.getProviders().size());
}
@Test
public void decoratedBeanAndRegisteredProviderAreTheSameObject() {
InMemoryXmlApplicationContext ctx = new InMemoryXmlApplicationContext(
"<b:bean id='myProvider' class='org.springframework.security.authentication.dao.DaoAuthenticationProvider'>" +
" <custom-authentication-provider />" +
" <b:property name='userDetailsService' ref='us'/>" +
"</b:bean>" +
"<user-service id='us'>" +
" <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />" +
"</user-service>"
);
ProviderManager authMgr = (ProviderManager) ctx.getBean(BeanIds.AUTHENTICATION_MANAGER);
assertEquals(1, authMgr.getProviders().size());
assertSame(ctx.getBean("myProvider"), authMgr.getProviders().get(0));
"</user-service>", "2.0.4", null);
}
}

View File

@@ -102,9 +102,11 @@ public class JdbcUserServiceBeanDefinitionParserTests {
@Test
public void isSupportedByAuthenticationProviderElement() {
setContext(
"<authentication-provider>" +
"<authentication-manager>" +
" <authentication-provider>" +
" <jdbc-user-service data-source-ref='dataSource'/>" +
"</authentication-provider>" + DATA_SOURCE);
" </authentication-provider>" +
"</authentication-manager>" + DATA_SOURCE);
AuthenticationManager mgr = (AuthenticationManager) appContext.getBean(BeanIds.AUTHENTICATION_MANAGER);
mgr.authenticate(new UsernamePasswordAuthenticationToken("rod", "koala"));
}
@@ -112,9 +114,11 @@ public class JdbcUserServiceBeanDefinitionParserTests {
@Test
public void cacheIsInjectedIntoAuthenticationProvider() {
setContext(
"<authentication-provider>" +
"<authentication-manager>" +
" <authentication-provider>" +
" <jdbc-user-service cache-ref='userCache' data-source-ref='dataSource'/>" +
"</authentication-provider>" + DATA_SOURCE + USER_CACHE_XML);
" </authentication-provider>" +
"</authentication-manager>" + DATA_SOURCE + USER_CACHE_XML);
ProviderManager mgr = (ProviderManager) appContext.getBean(BeanIds.AUTHENTICATION_MANAGER);
DaoAuthenticationProvider provider = (DaoAuthenticationProvider) mgr.getProviders().get(0);
assertSame(provider.getUserCache(), appContext.getBean("userCache"));

View File

@@ -605,7 +605,6 @@ public class HttpSecurityBeanDefinitionParserTests {
@Test(expected=BeanDefinitionParsingException.class)
public void useOfExternalConcurrentSessionControllerRequiresSessionRegistryToBeSet() throws Exception {
setContext(
"<authentication-manager alias='authManager' />" +
"<http auto-config='true'>" +
" <concurrent-session-control session-controller-ref='sc' expired-url='/expired'/>" +
"</http>" +
@@ -619,7 +618,6 @@ public class HttpSecurityBeanDefinitionParserTests {
@Test
public void useOfExternalSessionControllerAndRegistryIsWiredCorrectly() throws Exception {
setContext(
"<authentication-manager alias='authManager' />" +
"<http auto-config='true'>" +
" <concurrent-session-control session-registry-ref='sr' session-controller-ref='sc' expired-url='/expired'/>" +
"</http>" +
@@ -756,7 +754,9 @@ public class HttpSecurityBeanDefinitionParserTests {
public void httpElementDoesntInterfereWithBeanPostProcessing() {
setContext(
"<http auto-config='true'/>" +
"<authentication-provider user-service-ref='myUserService'/>" +
"<authentication-manager>" +
" <authentication-provider user-service-ref='myUserService'/>" +
"</authentication-manager>" +
"<b:bean id='myUserService' class='org.springframework.security.config.PostProcessedMockUserDetailsService'/>" +
"<b:bean id='beanPostProcessor' class='org.springframework.security.config.MockUserServiceBeanPostProcessor'/>"
);

View File

@@ -43,7 +43,10 @@ public class LdapProviderBeanDefinitionParserTests {
@Test
public void simpleProviderAuthenticatesCorrectly() {
setContext("<ldap-server /> <ldap-authentication-provider group-search-filter='member={0}' />");
setContext("<ldap-server />" +
"<authentication-manager>" +
" <ldap-authentication-provider group-search-filter='member={0}' />" +
"</authentication-manager>");
LdapAuthenticationProvider provider = getProvider();
Authentication auth = provider.authenticate(new UsernamePasswordAuthenticationToken("ben", "benspassword"));
@@ -61,9 +64,11 @@ public class LdapProviderBeanDefinitionParserTests {
@Test
public void supportsPasswordComparisonAuthentication() {
setContext("<ldap-server /> " +
"<authentication-manager>" +
"<ldap-authentication-provider user-dn-pattern='uid={0},ou=people'>" +
" <password-compare />" +
"</ldap-authentication-provider>");
"</ldap-authentication-provider>"+
"</authentication-manager>");
LdapAuthenticationProvider provider = getProvider();
provider.authenticate(new UsernamePasswordAuthenticationToken("ben", "benspassword"));
}
@@ -72,9 +77,11 @@ public class LdapProviderBeanDefinitionParserTests {
@Test
public void supportsPasswordComparisonAuthenticationWithHashAttribute() {
setContext("<ldap-server /> " +
"<authentication-manager>" +
"<ldap-authentication-provider user-dn-pattern='uid={0},ou=people'>" +
" <password-compare password-attribute='uid' hash='plaintext'/>" +
"</ldap-authentication-provider>");
"</ldap-authentication-provider>" +
"</authentication-manager>");
LdapAuthenticationProvider provider = getProvider();
provider.authenticate(new UsernamePasswordAuthenticationToken("ben", "ben"));
}
@@ -82,11 +89,13 @@ public class LdapProviderBeanDefinitionParserTests {
@Test
public void supportsPasswordComparisonAuthenticationWithPasswordEncoder() {
setContext("<ldap-server /> " +
"<authentication-manager>" +
"<ldap-authentication-provider user-dn-pattern='uid={0},ou=people'>" +
" <password-compare password-attribute='uid'>" +
" <password-encoder hash='plaintext'/>" +
" </password-compare>" +
"</ldap-authentication-provider>");
"</ldap-authentication-provider>" +
"</authentication-manager>");
LdapAuthenticationProvider provider = getProvider();
provider.authenticate(new UsernamePasswordAuthenticationToken("ben", "ben"));
}
@@ -94,14 +103,18 @@ public class LdapProviderBeanDefinitionParserTests {
@Test
public void detectsNonStandardServerId() {
setContext("<ldap-server id='myServer'/> " +
"<ldap-authentication-provider />");
"<authentication-manager>" +
" <ldap-authentication-provider />" +
"</authentication-manager>");
}
@Test
public void inetOrgContextMapperIsSupported() throws Exception {
setContext(
"<ldap-server id='someServer' url='ldap://127.0.0.1:343/dc=springframework,dc=org'/>" +
"<ldap-authentication-provider user-details-class='inetOrgPerson'/>");
"<authentication-manager>" +
" <ldap-authentication-provider user-details-class='inetOrgPerson'/>" +
"</authentication-manager>");
LdapAuthenticationProvider provider = getProvider();
assertTrue(FieldUtils.getFieldValue(provider, "userDetailsContextMapper") instanceof InetOrgPersonContextMapper);
}

View File

@@ -95,7 +95,9 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
setContext(
"<b:bean id='myUserService' class='org.springframework.security.config.PostProcessedMockUserDetailsService'/>" +
"<global-method-security />" +
"<authentication-provider user-service-ref='myUserService'/>" +
"<authentication-manager>" +
" <authentication-provider user-service-ref='myUserService'/>" +
"</authentication-manager>" +
"<b:bean id='beanPostProcessor' class='org.springframework.security.config.MockUserServiceBeanPostProcessor'/>"
);
@@ -113,7 +115,9 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
"</global-method-security>" +
"<b:bean id='myUserService' class='org.springframework.security.config.PostProcessedMockUserDetailsService'/>" +
"<aop:aspectj-autoproxy />" +
"<authentication-provider user-service-ref='myUserService'/>"
"<authentication-manager>" +
" <authentication-provider user-service-ref='myUserService'/>" +
"</authentication-manager>"
);
UserDetailsService service = (UserDetailsService) appContext.getBean("myUserService");

View File

@@ -22,7 +22,6 @@ import org.springframework.security.core.context.SecurityContextHolder;
*/
public class InterceptMethodsBeanDefinitionDecoratorTests {
private ClassPathXmlApplicationContext appContext;
private TestBusinessBean target;
@Before
@@ -50,13 +49,9 @@ public class InterceptMethodsBeanDefinitionDecoratorTests {
target.unprotected();
}
@Test
@Test(expected=AuthenticationCredentialsNotFoundException.class)
public void targetShouldPreventProtectedMethodInvocationWithNoContext() {
try {
target.doSomething();
fail("Expected AuthenticationCredentialsNotFoundException");
} catch (AuthenticationCredentialsNotFoundException expected) {
}
target.doSomething();
}
@Test
@@ -65,20 +60,16 @@ public class InterceptMethodsBeanDefinitionDecoratorTests {
AuthorityUtils.createAuthorityList("ROLE_USER"));
SecurityContextHolder.getContext().setAuthentication(token);
target.doSomething();
}
@Test
@Test(expected=AccessDeniedException.class)
public void targetShouldPreventProtectedMethodInvocationWithIncorrectRole() {
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
AuthorityUtils.createAuthorityList("ROLE_SOMEOTHERROLE"));
SecurityContextHolder.getContext().setAuthentication(token);
try {
target.doSomething();
fail("Expected AccessDeniedException");
} catch (AccessDeniedException expected) {
}
target.doSomething();
fail("Expected AccessDeniedException");
}
}

View File

@@ -19,12 +19,14 @@ import org.springframework.security.core.context.SecurityContextHolder;
*/
public class MethodSecurityInterceptorWithAopConfigTests {
static final String AUTH_PROVIDER_XML =
"<authentication-manager>" +
" <authentication-provider>" +
" <user-service>" +
" <user name='bob' password='bobspassword' authorities='ROLE_USER,ROLE_ADMIN' />" +
" <user name='bill' password='billspassword' authorities='ROLE_USER' />" +
" </user-service>" +
" </authentication-provider>";
" </authentication-provider>" +
"</authentication-manager>";
static final String ACCESS_MANAGER_XML =
"<b:bean id='accessDecisionManager' class='org.springframework.security.access.vote.AffirmativeBased'>" +