From 931cf90dbbe7bdb22b6de4630ec814d59a813192 Mon Sep 17 00:00:00 2001 From: Luke Taylor Date: Tue, 21 Jul 2009 00:14:57 +0000 Subject: [PATCH] SEC-1203: Allow configuration of X509 subject-dn-regex attribute using PropertyPlaceholderConfigurer. Modified parser to use a BeanDefinition for the SubjectPrincipalDnExtractor to allow property subsititution. --- .../HttpSecurityBeanDefinitionParser.java | 6 ++-- ...HttpSecurityBeanDefinitionParserTests.java | 29 +++++++++++++++++++ 2 files changed, 32 insertions(+), 3 deletions(-) diff --git a/config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java index 917436c93e..2b186f8b6a 100644 --- a/config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java @@ -564,10 +564,10 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser { String regex = x509Elt.getAttribute("subject-principal-regex"); if (StringUtils.hasText(regex)) { - SubjectDnX509PrincipalExtractor extractor = new SubjectDnX509PrincipalExtractor(); - extractor.setSubjectDnRegex(regex); + BeanDefinitionBuilder extractor = BeanDefinitionBuilder.rootBeanDefinition(SubjectDnX509PrincipalExtractor.class); + extractor.addPropertyValue("subjectDnRegex", regex); - filterBuilder.addPropertyValue("principalExtractor", extractor); + filterBuilder.addPropertyValue("principalExtractor", extractor.getBeanDefinition()); } filter = (RootBeanDefinition) filterBuilder.getBeanDefinition(); entryPoint = new RootBeanDefinition(Http403ForbiddenEntryPoint.class); diff --git a/config/src/test/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParserTests.java index e516bc4d49..d08dbf9cb4 100644 --- a/config/src/test/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParserTests.java @@ -10,6 +10,7 @@ import java.util.Iterator; import java.util.List; import java.util.Map; import java.util.ArrayList; +import java.util.regex.Pattern; import javax.servlet.Filter; @@ -60,6 +61,7 @@ import org.springframework.security.web.authentication.WebAuthenticationDetails; import org.springframework.security.web.authentication.concurrent.ConcurrentSessionFilter; import org.springframework.security.web.authentication.logout.LogoutFilter; import org.springframework.security.web.authentication.logout.LogoutHandler; +import org.springframework.security.web.authentication.preauth.x509.SubjectDnX509PrincipalExtractor; import org.springframework.security.web.authentication.preauth.x509.X509PreAuthenticatedProcessingFilter; import org.springframework.security.web.authentication.rememberme.InMemoryTokenRepositoryImpl; import org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices; @@ -560,6 +562,33 @@ public class HttpSecurityBeanDefinitionParserTests { assertTrue(filters.get(2) instanceof X509PreAuthenticatedProcessingFilter); } + @Test + public void x509SubjectPrincipalRegexCanBeSetUsingPropertyPlaceholder() throws Exception { + System.setProperty("subject-principal-regex", "uid=(.*),"); + setContext( + "" + + "" + + " " + + "" + AUTH_PROVIDER_XML); + List filters = getFilters("/someurl"); + + X509PreAuthenticatedProcessingFilter filter = (X509PreAuthenticatedProcessingFilter) filters.get(2); + SubjectDnX509PrincipalExtractor pe = (SubjectDnX509PrincipalExtractor) FieldUtils.getFieldValue(filter, "principalExtractor"); + Pattern p = (Pattern) FieldUtils.getFieldValue(pe, "subjectDnPattern"); + assertEquals("uid=(.*),", p.pattern()); + } + + @Test + public void x() throws Exception { + setContext( + "" + + " " + + "" + AUTH_PROVIDER_XML); + List filters = getFilters("/someurl"); + + assertTrue(filters.get(2) instanceof X509PreAuthenticatedProcessingFilter); + } + @Test public void concurrentSessionSupportAddsFilterAndExpectedBeans() throws Exception { setContext(