SEC-1132: Moved access-control/authorization specific code to org.sf.security.access package. Created provisioning package for user management classes to remove cyclical deps. Some other moving of classes to remove code tangles. Restructuring of portlet module under org.sf.security.portlet
This commit is contained in:
@@ -5,9 +5,9 @@ import static org.junit.Assert.*;
|
||||
import org.junit.After;
|
||||
import org.junit.Test;
|
||||
import org.springframework.context.support.AbstractXmlApplicationContext;
|
||||
import org.springframework.security.afterinvocation.AfterInvocationProviderManager;
|
||||
import org.springframework.security.access.intercept.AfterInvocationProviderManager;
|
||||
import org.springframework.security.access.intercept.method.aopalliance.MethodSecurityInterceptor;
|
||||
import org.springframework.security.config.util.InMemoryXmlApplicationContext;
|
||||
import org.springframework.security.intercept.method.aopalliance.MethodSecurityInterceptor;
|
||||
|
||||
public class CustomAfterInvocationProviderBeanDefinitionDecoratorTests {
|
||||
private AbstractXmlApplicationContext appContext;
|
||||
|
||||
@@ -11,11 +11,11 @@ import org.springframework.context.support.AbstractXmlApplicationContext;
|
||||
import org.springframework.mock.web.MockFilterChain;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.SecurityConfig;
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
import org.springframework.security.access.SecurityConfig;
|
||||
import org.springframework.security.config.util.InMemoryXmlApplicationContext;
|
||||
import org.springframework.security.web.FilterInvocation;
|
||||
import org.springframework.security.web.intercept.DefaultFilterInvocationSecurityMetadataSource;
|
||||
import org.springframework.security.web.intercept.FilterInvocation;
|
||||
import org.w3c.dom.Element;
|
||||
|
||||
/**
|
||||
|
||||
@@ -11,24 +11,24 @@ import org.junit.After;
|
||||
import org.junit.Test;
|
||||
import org.springframework.beans.factory.parsing.BeanDefinitionParsingException;
|
||||
import org.springframework.context.support.AbstractXmlApplicationContext;
|
||||
import org.springframework.security.AccessDeniedException;
|
||||
import org.springframework.security.AuthenticationCredentialsNotFoundException;
|
||||
import org.springframework.security.afterinvocation.AfterInvocationProviderManager;
|
||||
import org.springframework.security.annotation.BusinessService;
|
||||
import org.springframework.security.annotation.Jsr250MethodSecurityMetadataSource;
|
||||
import org.springframework.security.annotation.Jsr250Voter;
|
||||
import org.springframework.security.annotation.SecuredMethodSecurityMetadataSource;
|
||||
import org.springframework.security.access.AccessDeniedException;
|
||||
import org.springframework.security.access.annotation.BusinessService;
|
||||
import org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource;
|
||||
import org.springframework.security.access.annotation.Jsr250Voter;
|
||||
import org.springframework.security.access.annotation.SecuredMethodSecurityMetadataSource;
|
||||
import org.springframework.security.access.expression.method.ExpressionAnnotationMethodSecurityMetadataSource;
|
||||
import org.springframework.security.access.expression.method.MethodExpressionAfterInvocationProvider;
|
||||
import org.springframework.security.access.expression.method.MethodExpressionVoter;
|
||||
import org.springframework.security.access.intercept.AfterInvocationProviderManager;
|
||||
import org.springframework.security.access.vote.AffirmativeBased;
|
||||
import org.springframework.security.config.util.InMemoryXmlApplicationContext;
|
||||
import org.springframework.security.context.SecurityContextHolder;
|
||||
import org.springframework.security.expression.method.ExpressionAnnotationMethodSecurityMetadataSource;
|
||||
import org.springframework.security.expression.method.MethodExpressionAfterInvocationProvider;
|
||||
import org.springframework.security.expression.method.MethodExpressionVoter;
|
||||
import org.springframework.security.providers.TestingAuthenticationToken;
|
||||
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.userdetails.UserDetailsService;
|
||||
import org.springframework.security.util.AuthorityUtils;
|
||||
import org.springframework.security.util.FieldUtils;
|
||||
import org.springframework.security.vote.AffirmativeBased;
|
||||
|
||||
/**
|
||||
* @author Ben Alex
|
||||
@@ -42,7 +42,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
|
||||
|
||||
public void loadContext() {
|
||||
setContext(
|
||||
"<b:bean id='target' class='org.springframework.security.annotation.BusinessServiceImpl'/>" +
|
||||
"<b:bean id='target' class='org.springframework.security.access.annotation.BusinessServiceImpl'/>" +
|
||||
"<global-method-security>" +
|
||||
" <protect-pointcut expression='execution(* *.someUser*(..))' access='ROLE_USER'/>" +
|
||||
" <protect-pointcut expression='execution(* *.someAdmin*(..))' access='ROLE_ADMIN'/>" +
|
||||
@@ -132,10 +132,10 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
|
||||
@Test
|
||||
public void supportsMethodArgumentsInPointcut() {
|
||||
setContext(
|
||||
"<b:bean id='target' class='org.springframework.security.annotation.BusinessServiceImpl'/>" +
|
||||
"<b:bean id='target' class='org.springframework.security.access.annotation.BusinessServiceImpl'/>" +
|
||||
"<global-method-security>" +
|
||||
" <protect-pointcut expression='execution(* org.springframework.security.annotation.BusinessService.someOther(String))' access='ROLE_ADMIN'/>" +
|
||||
" <protect-pointcut expression='execution(* org.springframework.security.annotation.BusinessService.*(..))' access='ROLE_USER'/>" +
|
||||
" <protect-pointcut expression='execution(* org.springframework.security.access.annotation.BusinessService.someOther(String))' access='ROLE_ADMIN'/>" +
|
||||
" <protect-pointcut expression='execution(* org.springframework.security.access.annotation.BusinessService.*(..))' access='ROLE_USER'/>" +
|
||||
"</global-method-security>" + ConfigTestUtils.AUTH_PROVIDER_XML
|
||||
);
|
||||
SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken("user", "password"));
|
||||
@@ -154,11 +154,11 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
|
||||
@Test
|
||||
public void supportsBooleanPointcutExpressions() {
|
||||
setContext(
|
||||
"<b:bean id='target' class='org.springframework.security.annotation.BusinessServiceImpl'/>" +
|
||||
"<b:bean id='target' class='org.springframework.security.access.annotation.BusinessServiceImpl'/>" +
|
||||
"<global-method-security>" +
|
||||
" <protect-pointcut expression=" +
|
||||
" 'execution(* org.springframework.security.annotation.BusinessService.*(..)) " +
|
||||
" and not execution(* org.springframework.security.annotation.BusinessService.someOther(String)))' " +
|
||||
" 'execution(* org.springframework.security.access.annotation.BusinessService.*(..)) " +
|
||||
" and not execution(* org.springframework.security.access.annotation.BusinessService.someOther(String)))' " +
|
||||
" access='ROLE_USER'/>" +
|
||||
"</global-method-security>" + ConfigTestUtils.AUTH_PROVIDER_XML
|
||||
);
|
||||
@@ -191,7 +191,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
|
||||
"<global-method-security secured-annotations='enabled'/>" +
|
||||
"<b:bean id='businessService' class='org.springframework.remoting.httpinvoker.HttpInvokerProxyFactoryBean'>" +
|
||||
" <b:property name='serviceUrl' value='http://localhost:8080/SomeService'/>" +
|
||||
" <b:property name='serviceInterface' value='org.springframework.security.annotation.BusinessService'/>" +
|
||||
" <b:property name='serviceInterface' value='org.springframework.security.access.annotation.BusinessService'/>" +
|
||||
"</b:bean>" + AUTH_PROVIDER_XML
|
||||
);
|
||||
|
||||
@@ -220,7 +220,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
|
||||
public void accessIsDeniedForHasRoleExpression() {
|
||||
setContext(
|
||||
"<global-method-security expression-annotations='enabled'/>" +
|
||||
"<b:bean id='target' class='org.springframework.security.annotation.ExpressionProtectedBusinessServiceImpl'/>" +
|
||||
"<b:bean id='target' class='org.springframework.security.access.annotation.ExpressionProtectedBusinessServiceImpl'/>" +
|
||||
AUTH_PROVIDER_XML);
|
||||
SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken("bob","bobspassword"));
|
||||
target = (BusinessService) appContext.getBean("target");
|
||||
@@ -231,7 +231,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
|
||||
public void preAndPostFilterAnnotationsWorkWithLists() {
|
||||
setContext(
|
||||
"<global-method-security expression-annotations='enabled'/>" +
|
||||
"<b:bean id='target' class='org.springframework.security.annotation.ExpressionProtectedBusinessServiceImpl'/>" +
|
||||
"<b:bean id='target' class='org.springframework.security.access.annotation.ExpressionProtectedBusinessServiceImpl'/>" +
|
||||
AUTH_PROVIDER_XML);
|
||||
SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken("bob","bobspassword"));
|
||||
target = (BusinessService) appContext.getBean("target");
|
||||
@@ -250,7 +250,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
|
||||
public void prePostFilterAnnotationWorksWithArrays() {
|
||||
setContext(
|
||||
"<global-method-security expression-annotations='enabled'/>" +
|
||||
"<b:bean id='target' class='org.springframework.security.annotation.ExpressionProtectedBusinessServiceImpl'/>" +
|
||||
"<b:bean id='target' class='org.springframework.security.access.annotation.ExpressionProtectedBusinessServiceImpl'/>" +
|
||||
AUTH_PROVIDER_XML);
|
||||
SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken("bob","bobspassword"));
|
||||
target = (BusinessService) appContext.getBean("target");
|
||||
|
||||
@@ -19,10 +19,10 @@ import org.springframework.mock.web.MockFilterChain;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.mock.web.MockHttpSession;
|
||||
import org.springframework.security.AccessDeniedException;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.MockAuthenticationEntryPoint;
|
||||
import org.springframework.security.SecurityConfig;
|
||||
import org.springframework.security.access.AccessDeniedException;
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
import org.springframework.security.access.SecurityConfig;
|
||||
import org.springframework.security.concurrent.ConcurrentLoginException;
|
||||
import org.springframework.security.concurrent.ConcurrentSessionControllerImpl;
|
||||
import org.springframework.security.config.util.InMemoryXmlApplicationContext;
|
||||
@@ -34,6 +34,7 @@ import org.springframework.security.providers.UsernamePasswordAuthenticationToke
|
||||
import org.springframework.security.util.FieldUtils;
|
||||
import org.springframework.security.web.ExceptionTranslationFilter;
|
||||
import org.springframework.security.web.FilterChainProxy;
|
||||
import org.springframework.security.web.FilterInvocation;
|
||||
import org.springframework.security.web.PortMapperImpl;
|
||||
import org.springframework.security.web.SessionFixationProtectionFilter;
|
||||
import org.springframework.security.web.WebAuthenticationDetails;
|
||||
@@ -55,7 +56,6 @@ import org.springframework.security.web.context.HttpSessionSecurityContextReposi
|
||||
import org.springframework.security.web.context.SecurityContextPersistenceFilter;
|
||||
import org.springframework.security.web.expression.DefaultWebSecurityExpressionHandler;
|
||||
import org.springframework.security.web.expression.ExpressionBasedFilterInvocationSecurityMetadataSource;
|
||||
import org.springframework.security.web.intercept.FilterInvocation;
|
||||
import org.springframework.security.web.intercept.FilterInvocationSecurityMetadataSource;
|
||||
import org.springframework.security.web.intercept.FilterSecurityInterceptor;
|
||||
import org.springframework.security.web.logout.LogoutFilter;
|
||||
|
||||
@@ -6,8 +6,8 @@ import org.junit.After;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.springframework.context.support.ClassPathXmlApplicationContext;
|
||||
import org.springframework.security.AccessDeniedException;
|
||||
import org.springframework.security.AuthenticationCredentialsNotFoundException;
|
||||
import org.springframework.security.access.AccessDeniedException;
|
||||
import org.springframework.security.context.SecurityContextHolder;
|
||||
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.util.AuthorityUtils;
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
package org.springframework.security.config;
|
||||
|
||||
import static org.junit.Assert.*;
|
||||
import static org.mockito.Mockito.*;
|
||||
|
||||
import org.junit.After;
|
||||
import org.junit.Test;
|
||||
@@ -9,10 +10,11 @@ import org.springframework.security.config.util.InMemoryXmlApplicationContext;
|
||||
import org.springframework.security.providers.ProviderManager;
|
||||
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.providers.dao.DaoAuthenticationProvider;
|
||||
import org.springframework.security.provisioning.JdbcUserDetailsManager;
|
||||
import org.springframework.security.userdetails.UserDetails;
|
||||
import org.springframework.security.userdetails.jdbc.JdbcUserDetailsManager;
|
||||
import org.springframework.security.util.AuthorityUtils;
|
||||
import org.springframework.security.util.FieldUtils;
|
||||
import org.w3c.dom.Element;
|
||||
|
||||
/**
|
||||
* @author Ben Alex
|
||||
@@ -40,6 +42,11 @@ public class JdbcUserServiceBeanDefinitionParserTests {
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void beanNameIsCorrect() throws Exception {
|
||||
assertEquals(JdbcUserDetailsManager.class.getName(), new JdbcUserServiceBeanDefinitionParser().getBeanClassName(mock(Element.class)));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void validUsernameIsFound() {
|
||||
setContext("<jdbc-user-service data-source-ref='dataSource'/>" + DATA_SOURCE);
|
||||
|
||||
@@ -3,9 +3,9 @@ package org.springframework.security.config;
|
||||
import org.junit.After;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.springframework.security.AccessDeniedException;
|
||||
import org.springframework.security.AuthenticationCredentialsNotFoundException;
|
||||
import org.springframework.security.annotation.BusinessService;
|
||||
import org.springframework.security.access.AccessDeniedException;
|
||||
import org.springframework.security.access.annotation.BusinessService;
|
||||
import org.springframework.security.config.util.InMemoryXmlApplicationContext;
|
||||
import org.springframework.security.context.SecurityContextHolder;
|
||||
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
|
||||
@@ -23,7 +23,7 @@ public class Jsr250AnnotationDrivenBeanDefinitionParserTests {
|
||||
@Before
|
||||
public void loadContext() {
|
||||
appContext = new InMemoryXmlApplicationContext(
|
||||
"<b:bean id='target' class='org.springframework.security.annotation.Jsr250BusinessServiceImpl'/>" +
|
||||
"<b:bean id='target' class='org.springframework.security.access.annotation.Jsr250BusinessServiceImpl'/>" +
|
||||
"<global-method-security jsr250-annotations='enabled'/>" + ConfigTestUtils.AUTH_PROVIDER_XML
|
||||
);
|
||||
target = (BusinessService) appContext.getBean("target");
|
||||
|
||||
@@ -2,10 +2,10 @@ package org.springframework.security.config;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import org.springframework.security.AccessDeniedException;
|
||||
import org.springframework.security.Authentication;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.afterinvocation.AfterInvocationProvider;
|
||||
import org.springframework.security.access.AccessDeniedException;
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
import org.springframework.security.access.intercept.AfterInvocationProvider;
|
||||
|
||||
public class MockAfterInvocationProvider implements AfterInvocationProvider {
|
||||
|
||||
|
||||
@@ -3,9 +3,9 @@ package org.springframework.security.config;
|
||||
import org.junit.After;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.springframework.security.AccessDeniedException;
|
||||
import org.springframework.security.AuthenticationCredentialsNotFoundException;
|
||||
import org.springframework.security.annotation.BusinessService;
|
||||
import org.springframework.security.access.AccessDeniedException;
|
||||
import org.springframework.security.access.annotation.BusinessService;
|
||||
import org.springframework.security.config.util.InMemoryXmlApplicationContext;
|
||||
import org.springframework.security.context.SecurityContextHolder;
|
||||
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
|
||||
@@ -24,7 +24,7 @@ public class SecuredAnnotationDrivenBeanDefinitionParserTests {
|
||||
public void loadContext() {
|
||||
SecurityContextHolder.clearContext();
|
||||
appContext = new InMemoryXmlApplicationContext(
|
||||
"<b:bean id='target' class='org.springframework.security.annotation.BusinessServiceImpl'/>" +
|
||||
"<b:bean id='target' class='org.springframework.security.access.annotation.BusinessServiceImpl'/>" +
|
||||
"<global-method-security secured-annotations='enabled'/>" + ConfigTestUtils.AUTH_PROVIDER_XML
|
||||
);
|
||||
target = (BusinessService) appContext.getBean("target");
|
||||
|
||||
@@ -25,9 +25,9 @@ public class MethodSecurityInterceptorWithAopConfigTests {
|
||||
" </authentication-provider>";
|
||||
|
||||
static final String ACCESS_MANAGER_XML =
|
||||
"<b:bean id='accessDecisionManager' class='org.springframework.security.vote.AffirmativeBased'>" +
|
||||
"<b:bean id='accessDecisionManager' class='org.springframework.security.access.vote.AffirmativeBased'>" +
|
||||
" <b:property name='decisionVoters'>" +
|
||||
" <b:list><b:bean class='org.springframework.security.vote.RoleVoter'/></b:list>" +
|
||||
" <b:list><b:bean class='org.springframework.security.access.vote.RoleVoter'/></b:list>" +
|
||||
" </b:property>" +
|
||||
"</b:bean>";
|
||||
|
||||
@@ -55,7 +55,7 @@ public class MethodSecurityInterceptorWithAopConfigTests {
|
||||
" <aop:advisor advice-ref='securityInterceptor' pointcut-ref='targetMethods' />" +
|
||||
"</aop:config>" +
|
||||
"<b:bean id='target' class='org.springframework.security.TargetObject'/>" +
|
||||
"<b:bean id='securityInterceptor' class='org.springframework.security.intercept.method.aopalliance.MethodSecurityInterceptor' autowire='byType' >" +
|
||||
"<b:bean id='securityInterceptor' class='org.springframework.security.access.intercept.method.aopalliance.MethodSecurityInterceptor' autowire='byType' >" +
|
||||
" <b:property name='securityMetadataSource'>" +
|
||||
" <b:value>" +
|
||||
"org.springframework.security.TargetObject.makeLower*=ROLE_A\n" +
|
||||
|
||||
Reference in New Issue
Block a user