SEC-1132: Moved access-control/authorization specific code to org.sf.security.access package. Created provisioning package for user management classes to remove cyclical deps. Some other moving of classes to remove code tangles. Restructuring of portlet module under org.sf.security.portlet

This commit is contained in:
Luke Taylor
2009-04-12 12:23:23 +00:00
parent 7c4d54f356
commit 9efb5a7007
288 changed files with 773 additions and 705 deletions

View File

@@ -5,9 +5,9 @@ import static org.junit.Assert.*;
import org.junit.After;
import org.junit.Test;
import org.springframework.context.support.AbstractXmlApplicationContext;
import org.springframework.security.afterinvocation.AfterInvocationProviderManager;
import org.springframework.security.access.intercept.AfterInvocationProviderManager;
import org.springframework.security.access.intercept.method.aopalliance.MethodSecurityInterceptor;
import org.springframework.security.config.util.InMemoryXmlApplicationContext;
import org.springframework.security.intercept.method.aopalliance.MethodSecurityInterceptor;
public class CustomAfterInvocationProviderBeanDefinitionDecoratorTests {
private AbstractXmlApplicationContext appContext;

View File

@@ -11,11 +11,11 @@ import org.springframework.context.support.AbstractXmlApplicationContext;
import org.springframework.mock.web.MockFilterChain;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.SecurityConfig;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.config.util.InMemoryXmlApplicationContext;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.intercept.DefaultFilterInvocationSecurityMetadataSource;
import org.springframework.security.web.intercept.FilterInvocation;
import org.w3c.dom.Element;
/**

View File

@@ -11,24 +11,24 @@ import org.junit.After;
import org.junit.Test;
import org.springframework.beans.factory.parsing.BeanDefinitionParsingException;
import org.springframework.context.support.AbstractXmlApplicationContext;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.AuthenticationCredentialsNotFoundException;
import org.springframework.security.afterinvocation.AfterInvocationProviderManager;
import org.springframework.security.annotation.BusinessService;
import org.springframework.security.annotation.Jsr250MethodSecurityMetadataSource;
import org.springframework.security.annotation.Jsr250Voter;
import org.springframework.security.annotation.SecuredMethodSecurityMetadataSource;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.annotation.BusinessService;
import org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource;
import org.springframework.security.access.annotation.Jsr250Voter;
import org.springframework.security.access.annotation.SecuredMethodSecurityMetadataSource;
import org.springframework.security.access.expression.method.ExpressionAnnotationMethodSecurityMetadataSource;
import org.springframework.security.access.expression.method.MethodExpressionAfterInvocationProvider;
import org.springframework.security.access.expression.method.MethodExpressionVoter;
import org.springframework.security.access.intercept.AfterInvocationProviderManager;
import org.springframework.security.access.vote.AffirmativeBased;
import org.springframework.security.config.util.InMemoryXmlApplicationContext;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.expression.method.ExpressionAnnotationMethodSecurityMetadataSource;
import org.springframework.security.expression.method.MethodExpressionAfterInvocationProvider;
import org.springframework.security.expression.method.MethodExpressionVoter;
import org.springframework.security.providers.TestingAuthenticationToken;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
import org.springframework.security.userdetails.UserDetailsService;
import org.springframework.security.util.AuthorityUtils;
import org.springframework.security.util.FieldUtils;
import org.springframework.security.vote.AffirmativeBased;
/**
* @author Ben Alex
@@ -42,7 +42,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
public void loadContext() {
setContext(
"<b:bean id='target' class='org.springframework.security.annotation.BusinessServiceImpl'/>" +
"<b:bean id='target' class='org.springframework.security.access.annotation.BusinessServiceImpl'/>" +
"<global-method-security>" +
" <protect-pointcut expression='execution(* *.someUser*(..))' access='ROLE_USER'/>" +
" <protect-pointcut expression='execution(* *.someAdmin*(..))' access='ROLE_ADMIN'/>" +
@@ -132,10 +132,10 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
@Test
public void supportsMethodArgumentsInPointcut() {
setContext(
"<b:bean id='target' class='org.springframework.security.annotation.BusinessServiceImpl'/>" +
"<b:bean id='target' class='org.springframework.security.access.annotation.BusinessServiceImpl'/>" +
"<global-method-security>" +
" <protect-pointcut expression='execution(* org.springframework.security.annotation.BusinessService.someOther(String))' access='ROLE_ADMIN'/>" +
" <protect-pointcut expression='execution(* org.springframework.security.annotation.BusinessService.*(..))' access='ROLE_USER'/>" +
" <protect-pointcut expression='execution(* org.springframework.security.access.annotation.BusinessService.someOther(String))' access='ROLE_ADMIN'/>" +
" <protect-pointcut expression='execution(* org.springframework.security.access.annotation.BusinessService.*(..))' access='ROLE_USER'/>" +
"</global-method-security>" + ConfigTestUtils.AUTH_PROVIDER_XML
);
SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken("user", "password"));
@@ -154,11 +154,11 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
@Test
public void supportsBooleanPointcutExpressions() {
setContext(
"<b:bean id='target' class='org.springframework.security.annotation.BusinessServiceImpl'/>" +
"<b:bean id='target' class='org.springframework.security.access.annotation.BusinessServiceImpl'/>" +
"<global-method-security>" +
" <protect-pointcut expression=" +
" 'execution(* org.springframework.security.annotation.BusinessService.*(..)) " +
" and not execution(* org.springframework.security.annotation.BusinessService.someOther(String)))' " +
" 'execution(* org.springframework.security.access.annotation.BusinessService.*(..)) " +
" and not execution(* org.springframework.security.access.annotation.BusinessService.someOther(String)))' " +
" access='ROLE_USER'/>" +
"</global-method-security>" + ConfigTestUtils.AUTH_PROVIDER_XML
);
@@ -191,7 +191,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
"<global-method-security secured-annotations='enabled'/>" +
"<b:bean id='businessService' class='org.springframework.remoting.httpinvoker.HttpInvokerProxyFactoryBean'>" +
" <b:property name='serviceUrl' value='http://localhost:8080/SomeService'/>" +
" <b:property name='serviceInterface' value='org.springframework.security.annotation.BusinessService'/>" +
" <b:property name='serviceInterface' value='org.springframework.security.access.annotation.BusinessService'/>" +
"</b:bean>" + AUTH_PROVIDER_XML
);
@@ -220,7 +220,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
public void accessIsDeniedForHasRoleExpression() {
setContext(
"<global-method-security expression-annotations='enabled'/>" +
"<b:bean id='target' class='org.springframework.security.annotation.ExpressionProtectedBusinessServiceImpl'/>" +
"<b:bean id='target' class='org.springframework.security.access.annotation.ExpressionProtectedBusinessServiceImpl'/>" +
AUTH_PROVIDER_XML);
SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken("bob","bobspassword"));
target = (BusinessService) appContext.getBean("target");
@@ -231,7 +231,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
public void preAndPostFilterAnnotationsWorkWithLists() {
setContext(
"<global-method-security expression-annotations='enabled'/>" +
"<b:bean id='target' class='org.springframework.security.annotation.ExpressionProtectedBusinessServiceImpl'/>" +
"<b:bean id='target' class='org.springframework.security.access.annotation.ExpressionProtectedBusinessServiceImpl'/>" +
AUTH_PROVIDER_XML);
SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken("bob","bobspassword"));
target = (BusinessService) appContext.getBean("target");
@@ -250,7 +250,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
public void prePostFilterAnnotationWorksWithArrays() {
setContext(
"<global-method-security expression-annotations='enabled'/>" +
"<b:bean id='target' class='org.springframework.security.annotation.ExpressionProtectedBusinessServiceImpl'/>" +
"<b:bean id='target' class='org.springframework.security.access.annotation.ExpressionProtectedBusinessServiceImpl'/>" +
AUTH_PROVIDER_XML);
SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken("bob","bobspassword"));
target = (BusinessService) appContext.getBean("target");

View File

@@ -19,10 +19,10 @@ import org.springframework.mock.web.MockFilterChain;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.mock.web.MockHttpSession;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.MockAuthenticationEntryPoint;
import org.springframework.security.SecurityConfig;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.concurrent.ConcurrentLoginException;
import org.springframework.security.concurrent.ConcurrentSessionControllerImpl;
import org.springframework.security.config.util.InMemoryXmlApplicationContext;
@@ -34,6 +34,7 @@ import org.springframework.security.providers.UsernamePasswordAuthenticationToke
import org.springframework.security.util.FieldUtils;
import org.springframework.security.web.ExceptionTranslationFilter;
import org.springframework.security.web.FilterChainProxy;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.PortMapperImpl;
import org.springframework.security.web.SessionFixationProtectionFilter;
import org.springframework.security.web.WebAuthenticationDetails;
@@ -55,7 +56,6 @@ import org.springframework.security.web.context.HttpSessionSecurityContextReposi
import org.springframework.security.web.context.SecurityContextPersistenceFilter;
import org.springframework.security.web.expression.DefaultWebSecurityExpressionHandler;
import org.springframework.security.web.expression.ExpressionBasedFilterInvocationSecurityMetadataSource;
import org.springframework.security.web.intercept.FilterInvocation;
import org.springframework.security.web.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.security.web.intercept.FilterSecurityInterceptor;
import org.springframework.security.web.logout.LogoutFilter;

View File

@@ -6,8 +6,8 @@ import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.AuthenticationCredentialsNotFoundException;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
import org.springframework.security.util.AuthorityUtils;

View File

@@ -1,6 +1,7 @@
package org.springframework.security.config;
import static org.junit.Assert.*;
import static org.mockito.Mockito.*;
import org.junit.After;
import org.junit.Test;
@@ -9,10 +10,11 @@ import org.springframework.security.config.util.InMemoryXmlApplicationContext;
import org.springframework.security.providers.ProviderManager;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
import org.springframework.security.providers.dao.DaoAuthenticationProvider;
import org.springframework.security.provisioning.JdbcUserDetailsManager;
import org.springframework.security.userdetails.UserDetails;
import org.springframework.security.userdetails.jdbc.JdbcUserDetailsManager;
import org.springframework.security.util.AuthorityUtils;
import org.springframework.security.util.FieldUtils;
import org.w3c.dom.Element;
/**
* @author Ben Alex
@@ -40,6 +42,11 @@ public class JdbcUserServiceBeanDefinitionParserTests {
}
}
@Test
public void beanNameIsCorrect() throws Exception {
assertEquals(JdbcUserDetailsManager.class.getName(), new JdbcUserServiceBeanDefinitionParser().getBeanClassName(mock(Element.class)));
}
@Test
public void validUsernameIsFound() {
setContext("<jdbc-user-service data-source-ref='dataSource'/>" + DATA_SOURCE);

View File

@@ -3,9 +3,9 @@ package org.springframework.security.config;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.AuthenticationCredentialsNotFoundException;
import org.springframework.security.annotation.BusinessService;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.annotation.BusinessService;
import org.springframework.security.config.util.InMemoryXmlApplicationContext;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
@@ -23,7 +23,7 @@ public class Jsr250AnnotationDrivenBeanDefinitionParserTests {
@Before
public void loadContext() {
appContext = new InMemoryXmlApplicationContext(
"<b:bean id='target' class='org.springframework.security.annotation.Jsr250BusinessServiceImpl'/>" +
"<b:bean id='target' class='org.springframework.security.access.annotation.Jsr250BusinessServiceImpl'/>" +
"<global-method-security jsr250-annotations='enabled'/>" + ConfigTestUtils.AUTH_PROVIDER_XML
);
target = (BusinessService) appContext.getBean("target");

View File

@@ -2,10 +2,10 @@ package org.springframework.security.config;
import java.util.List;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.Authentication;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.afterinvocation.AfterInvocationProvider;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.intercept.AfterInvocationProvider;
public class MockAfterInvocationProvider implements AfterInvocationProvider {

View File

@@ -3,9 +3,9 @@ package org.springframework.security.config;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.AuthenticationCredentialsNotFoundException;
import org.springframework.security.annotation.BusinessService;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.annotation.BusinessService;
import org.springframework.security.config.util.InMemoryXmlApplicationContext;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
@@ -24,7 +24,7 @@ public class SecuredAnnotationDrivenBeanDefinitionParserTests {
public void loadContext() {
SecurityContextHolder.clearContext();
appContext = new InMemoryXmlApplicationContext(
"<b:bean id='target' class='org.springframework.security.annotation.BusinessServiceImpl'/>" +
"<b:bean id='target' class='org.springframework.security.access.annotation.BusinessServiceImpl'/>" +
"<global-method-security secured-annotations='enabled'/>" + ConfigTestUtils.AUTH_PROVIDER_XML
);
target = (BusinessService) appContext.getBean("target");

View File

@@ -25,9 +25,9 @@ public class MethodSecurityInterceptorWithAopConfigTests {
" </authentication-provider>";
static final String ACCESS_MANAGER_XML =
"<b:bean id='accessDecisionManager' class='org.springframework.security.vote.AffirmativeBased'>" +
"<b:bean id='accessDecisionManager' class='org.springframework.security.access.vote.AffirmativeBased'>" +
" <b:property name='decisionVoters'>" +
" <b:list><b:bean class='org.springframework.security.vote.RoleVoter'/></b:list>" +
" <b:list><b:bean class='org.springframework.security.access.vote.RoleVoter'/></b:list>" +
" </b:property>" +
"</b:bean>";
@@ -55,7 +55,7 @@ public class MethodSecurityInterceptorWithAopConfigTests {
" <aop:advisor advice-ref='securityInterceptor' pointcut-ref='targetMethods' />" +
"</aop:config>" +
"<b:bean id='target' class='org.springframework.security.TargetObject'/>" +
"<b:bean id='securityInterceptor' class='org.springframework.security.intercept.method.aopalliance.MethodSecurityInterceptor' autowire='byType' >" +
"<b:bean id='securityInterceptor' class='org.springframework.security.access.intercept.method.aopalliance.MethodSecurityInterceptor' autowire='byType' >" +
" <b:property name='securityMetadataSource'>" +
" <b:value>" +
"org.springframework.security.TargetObject.makeLower*=ROLE_A\n" +