root
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Actions 9 Packages Projects Releases Wiki Activity

Removal of deprecated methods and classes.

This commit is contained in:
Luke Taylor 2010-06-26 16:23:42 +01:00
parent 6a79cf7be2
commit 026517f674
22 changed files with 162 additions and 1018 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
config/src/test/java/org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptorWithAopConfigTests.java
View File

@ -39,11 +39,11 @@ public class MethodSecurityInterceptorWithAopConfigTests {
"<b:bean id='target' class='org.springframework.security.TargetObject'/>" +
"<b:bean id='securityInterceptor' class='org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor' autowire='byType' >" +
" <b:property name='securityMetadataSource'>" +
" <b:value>" +
"org.springframework.security.ITargetObject.makeLower*=ROLE_A\n" +
"org.springframework.security.TargetObject.makeUpper*=ROLE_A\n" +
"org.springframework.security.ITargetObject.computeHashCode*=ROLE_B\n" +
" </b:value>" +
" <method-security-metadata-source>" +
" <protect method='org.springframework.security.ITargetObject.makeLower*' access='ROLE_A'/>" +
" <protect method='org.springframework.security.ITargetObject.makeUpper*' access='ROLE_A'/>" +
" <protect method='org.springframework.security.ITargetObject.computeHashCode*' access='ROLE_B'/>" +
" </method-security-metadata-source>" +
" </b:property>" +
"</b:bean>";

8
core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptor.java
View File

@ -42,10 +42,6 @@ public class MethodSecurityInterceptor extends AbstractSecurityInterceptor imple
//~ Methods ========================================================================================================
public MethodSecurityMetadataSource getSecurityMetadataSource() {
return this.securityMetadataSource;
}
public Class<? extends Object> getSecureObjectClass() {
return MethodInvocation.class;
}
@ -72,6 +68,10 @@ public class MethodSecurityInterceptor extends AbstractSecurityInterceptor imple
return result;
}
public MethodSecurityMetadataSource getSecurityMetadataSource() {
return this.securityMetadataSource;
}
public SecurityMetadataSource obtainSecurityMetadataSource() {
return this.securityMetadataSource;
}

11
core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisor.java
View File

@ -60,17 +60,6 @@ public class MethodSecurityMetadataSourceAdvisor extends AbstractPointcutAdvisor
//~ Constructors ===================================================================================================
/**
* @deprecated use the decoupled approach instead
*/
MethodSecurityMetadataSourceAdvisor(MethodSecurityInterceptor advice) {
Assert.notNull(advice.getSecurityMetadataSource(), "Cannot construct a MethodSecurityMetadataSourceAdvisor using a " +
"MethodSecurityInterceptor that has no SecurityMetadataSource configured");
this.interceptor = advice;
this.attributeSource = advice.getSecurityMetadataSource();
}
/**
* Alternative constructor for situations where we want the advisor decoupled from the advice. Instead the advice
* bean name should be set. This prevents eager instantiation of the interceptor

75
core/src/main/java/org/springframework/security/access/method/MethodSecurityMetadataSourceEditor.java
View File

@ -1,75 +0,0 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.access.method;
import java.beans.PropertyEditorSupport;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import org.springframework.beans.propertyeditors.PropertiesEditor;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.util.StringUtils;
/**
* Property editor to assist with the setup of a {@link MethodSecurityMetadataSource}.
* <p>
* The class creates and populates a {@link MapBasedMethodSecurityMetadataSource}.
*
* @author Ben Alex
* @deprecated use method annotations or the protect-pointcut support from the namespace
*/
public class MethodSecurityMetadataSourceEditor extends PropertyEditorSupport {
//~ Methods ========================================================================================================
@SuppressWarnings("unchecked")
public void setAsText(String s) throws IllegalArgumentException {
if ((s == null) || "".equals(s)) {
setValue(new MapBasedMethodSecurityMetadataSource());
return;
}
// Use properties editor to tokenize the string
PropertiesEditor propertiesEditor = new PropertiesEditor();
propertiesEditor.setAsText(s);
Properties props = (Properties) propertiesEditor.getValue();
// Now we have properties, process each one individually
Map<String, List<ConfigAttribute>> mappings = new LinkedHashMap<String, List<ConfigAttribute>>();
for (Iterator iter = props.keySet().iterator(); iter.hasNext();) {
String name = (String) iter.next();
String value = props.getProperty(name);
String[] tokens = StringUtils.commaDelimitedListToStringArray(value);
List<ConfigAttribute> attributes = new ArrayList<ConfigAttribute>(tokens.length);
for(String token : tokens) {
attributes.add(new SecurityConfig(token));
}
mappings.put(name, attributes);
}
setValue(new MapBasedMethodSecurityMetadataSource(mappings));
}
}

13
core/src/main/java/org/springframework/security/authentication/AnonymousAuthenticationToken.java
View File

@ -15,13 +15,11 @@
package org.springframework.security.authentication;
import org.springframework.security.core.GrantedAuthority;
import java.io.Serializable;
import java.util.Arrays;
import java.util.List;
import org.springframework.security.core.GrantedAuthority;
/**
* Represents an anonymous <code>Authentication</code>.
@ -37,13 +35,6 @@ public class AnonymousAuthenticationToken extends AbstractAuthenticationToken im
//~ Constructors ===================================================================================================
/**
* @deprecated use the second constructor
*/
public AnonymousAuthenticationToken(String key, Object principal, GrantedAuthority[] authorities) {
this(key, principal, Arrays.asList(authorities));
}
/**
* Constructor.
*

8
core/src/main/java/org/springframework/security/authentication/UsernamePasswordAuthenticationToken.java
View File

@ -15,7 +15,6 @@
package org.springframework.security.authentication;
import java.util.Arrays;
import java.util.Collection;
import org.springframework.security.core.GrantedAuthority;
@ -52,13 +51,6 @@ public class UsernamePasswordAuthenticationToken extends AbstractAuthenticationT
setAuthenticated(false);
}
/**
* @deprecated use the list of authorities version
*/
public UsernamePasswordAuthenticationToken(Object principal, Object credentials, GrantedAuthority[] authorities) {
this(principal, credentials, Arrays.asList(authorities));
}
/**
* This constructor should only be used by <code>AuthenticationManager</code> or <code>AuthenticationProvider</code>
* implementations that are satisfied with producing a trusted (i.e. {@link #isAuthenticated()} = <code>true</code>)

165
core/src/main/java/org/springframework/security/util/EncryptionUtils.java
View File

@ -1,165 +0,0 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.util;
import java.io.UnsupportedEncodingException;
import java.security.spec.KeySpec;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESedeKeySpec;
import org.springframework.core.NestedRuntimeException;
import org.springframework.security.core.codec.Base64;
import org.springframework.util.Assert;
/**
* A static utility class that can encrypt and decrypt text.
*
* <p>This class is useful if you have simple needs and wish to use the DESede
* encryption cipher. More sophisticated requirements will need to use the
* Java crypto libraries directly.
*
* @author Alan Stewart
* @author Ben Alex
* @deprecated Use a dedicated encryption library instead.
*/
@Deprecated
public final class EncryptionUtils {
/**
* This is a static class that should not be instantiated.
*/
private EncryptionUtils() {}
/**
* Converts a String into a byte array using UTF-8, falling back to the
* platform's default character set if UTF-8 fails.
*
* @param input the input (required)
* @return a byte array representation of the input string
*/
public static byte[] stringToByteArray(String input) {
Assert.hasLength(input, "Input required");
try {
return input.getBytes("UTF-8");
} catch (UnsupportedEncodingException fallbackToDefault) {
return input.getBytes();
}
}
/**
* Converts a byte array into a String using UTF-8, falling back to the
* platform's default character set if UTF-8 fails.
*
* @param byteArray the byte array to convert (required)
* @return a string representation of the byte array
*/
public static String byteArrayToString(byte[] byteArray) {
Assert.notNull(byteArray, "ByteArray required");
Assert.isTrue(byteArray.length > 0, "ByteArray cannot be empty");
try {
return new String(byteArray, "UTF8");
} catch (final UnsupportedEncodingException e) {
return new String(byteArray);
}
}
private static byte[] cipher(String key, byte[] passedBytes, int cipherMode) throws EncryptionException {
try {
final KeySpec keySpec = new DESedeKeySpec(stringToByteArray(key));
final SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DESede");
final Cipher cipher = Cipher.getInstance("DESede/ECB/PKCS5Padding");
final SecretKey secretKey = keyFactory.generateSecret(keySpec);
cipher.init(cipherMode, secretKey);
return cipher.doFinal(passedBytes);
} catch (final Exception e) {
throw new EncryptionException(e.getMessage(), e);
}
}
/**
* Encrypts the inputString using the key.
*
* @param key at least 24 character long key (required)
* @param inputString the string to encrypt (required)
* @return the encrypted version of the inputString
* @throws EncryptionException in the event of an encryption failure
*/
public static String encrypt(String key, String inputString) throws EncryptionException {
isValidKey(key);
final byte[] cipherText = cipher(key, stringToByteArray(inputString), Cipher.ENCRYPT_MODE);
return byteArrayToString(Base64.encode(cipherText));
}
/**
* Encrypts the inputBytes using the key.
*
* @param key at least 24 character long key (required)
* @param inputBytes the bytes to encrypt (required)
* @return the encrypted version of the inputBytes
* @throws EncryptionException in the event of an encryption failure
*/
public static byte[] encrypt(String key, byte[] inputBytes) throws EncryptionException {
isValidKey(key);
return Base64.encode(cipher(key, inputBytes, Cipher.ENCRYPT_MODE));
}
/**
* Decrypts the inputString using the key.
*
* @param key the key used to originally encrypt the string (required)
* @param inputString the encrypted string (required)
* @return the decrypted version of inputString
* @throws EncryptionException in the event of an encryption failure
*/
public static String decrypt(String key, String inputString) throws EncryptionException {
Assert.hasText(key, "A key is required to attempt decryption");
final byte[] cipherText = cipher(key, Base64.decode(stringToByteArray(inputString)), Cipher.DECRYPT_MODE);
return byteArrayToString(cipherText);
}
/**
* Decrypts the inputBytes using the key.
*
* @param key the key used to originally encrypt the string (required)
* @param inputBytes the encrypted bytes (required)
* @return the decrypted version of inputBytes
* @throws EncryptionException in the event of an encryption failure
*/
public static byte[] decrypt(String key, byte[] inputBytes) throws EncryptionException {
Assert.hasText(key, "A key is required to attempt decryption");
return cipher(key, Base64.decode(inputBytes), Cipher.DECRYPT_MODE);
}
private static void isValidKey(String key) {
Assert.hasText(key, "A key to perform the encryption is required");
Assert.isTrue(key.length() >= 24, "Key must be at least 24 characters long");
}
public static class EncryptionException extends NestedRuntimeException {
private static final long serialVersionUID = 1L;
public EncryptionException(String message, Throwable t) {
super(message, t);
}
public EncryptionException(String message) {
super(message);
}
}
}

87
core/src/test/java/org/springframework/security/access/annotation/MethodDefinitionSourceEditorTigerTests.java
View File

@ -1,87 +0,0 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.access.annotation;
import static org.junit.Assert.assertEquals;
import java.util.Collection;
import java.util.List;
import org.junit.Before;
import org.junit.Test;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.access.annotation.test.Entity;
import org.springframework.security.access.annotation.test.PersonServiceImpl;
import org.springframework.security.access.annotation.test.Service;
import org.springframework.security.access.intercept.method.MockMethodInvocation;
import org.springframework.security.access.method.MapBasedMethodSecurityMetadataSource;
import org.springframework.security.access.method.MethodSecurityMetadataSourceEditor;
/**
* Extra tests to demonstrate generics behaviour with <code>MapBasedMethodDefinitionSource</code>.
*
* @author Ben Alex
*/
@SuppressWarnings("deprecation")
public class MethodDefinitionSourceEditorTigerTests {
private MockMethodInvocation makeUpper;
private MockMethodInvocation makeLower;
@Before
public void createMethodInvocations() throws Exception {
makeUpper = new MockMethodInvocation(new PersonServiceImpl(), Service.class,"makeUpperCase", Entity.class);
makeLower = new MockMethodInvocation(new PersonServiceImpl(), Service.class,"makeLowerCase", Entity.class);
}
@Test
public void testConcreteClassInvocations() throws Exception {
MethodSecurityMetadataSourceEditor editor = new MethodSecurityMetadataSourceEditor();
editor.setAsText(
"org.springframework.security.access.annotation.test.Service.makeLower*=ROLE_FROM_INTERFACE\r\n" +
"org.springframework.security.access.annotation.test.Service.makeUpper*=ROLE_FROM_INTERFACE\r\n" +
"org.springframework.security.access.annotation.test.ServiceImpl.makeUpper*=ROLE_FROM_IMPLEMENTATION");
MapBasedMethodSecurityMetadataSource map = (MapBasedMethodSecurityMetadataSource) editor.getValue();
assertEquals(3, map.getMethodMapSize());
Collection<ConfigAttribute> returnedMakeLower = map.getAttributes(makeLower);
List<ConfigAttribute> expectedMakeLower = SecurityConfig.createList("ROLE_FROM_INTERFACE");
assertEquals(expectedMakeLower, returnedMakeLower);
Collection<ConfigAttribute> returnedMakeUpper = map.getAttributes(makeUpper);
List<ConfigAttribute> expectedMakeUpper = SecurityConfig.createList(new String[]{"ROLE_FROM_IMPLEMENTATION"});
assertEquals(expectedMakeUpper, returnedMakeUpper);
}
@Test
public void testBridgeMethodResolution() throws Exception {
MethodSecurityMetadataSourceEditor editor = new MethodSecurityMetadataSourceEditor();
editor.setAsText(
"org.springframework.security.access.annotation.test.PersonService.makeUpper*=ROLE_FROM_INTERFACE\r\n" +
"org.springframework.security.access.annotation.test.ServiceImpl.makeUpper*=ROLE_FROM_ABSTRACT\r\n" +
"org.springframework.security.access.annotation.test.PersonServiceImpl.makeUpper*=ROLE_FROM_PSI");
MapBasedMethodSecurityMetadataSource map = (MapBasedMethodSecurityMetadataSource) editor.getValue();
assertEquals(3, map.getMethodMapSize());
Collection<ConfigAttribute> returnedMakeUpper = map.getAttributes(makeUpper);
List<ConfigAttribute> expectedMakeUpper = SecurityConfig.createList("ROLE_FROM_PSI");
assertEquals(expectedMakeUpper, returnedMakeUpper);
}
}

43
core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisorTests.java
View File

@ -15,43 +15,31 @@
package org.springframework.security.access.intercept.aopalliance;
import static org.mockito.Mockito.*;
import java.lang.reflect.Method;
import junit.framework.TestCase;
import org.springframework.security.TargetObject;
import org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor;
import org.springframework.security.access.intercept.aopalliance.MethodSecurityMetadataSourceAdvisor;
import org.springframework.security.access.method.MapBasedMethodSecurityMetadataSource;
import org.springframework.security.access.method.MethodSecurityMetadataSourceEditor;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.access.method.MethodSecurityMetadataSource;
/**
* Tests {@link MethodSecurityMetadataSourceAdvisor}.
*
* @author Ben Alex
*/
@SuppressWarnings("deprecation")
public class MethodSecurityMetadataSourceAdvisorTests extends TestCase {
//~ Methods ========================================================================================================
private MethodSecurityInterceptor getInterceptor() {
MethodSecurityMetadataSourceEditor editor = new MethodSecurityMetadataSourceEditor();
editor.setAsText("org.springframework.security.TargetObject.countLength=ROLE_NOT_USED");
MapBasedMethodSecurityMetadataSource map = (MapBasedMethodSecurityMetadataSource) editor.getValue();
MethodSecurityInterceptor msi = new MethodSecurityInterceptor();
msi.setSecurityMetadataSource(map);
return msi;
}
public void testAdvisorReturnsFalseWhenMethodInvocationNotDefined()
throws Exception {
public void testAdvisorReturnsFalseWhenMethodInvocationNotDefined() throws Exception {
Class<TargetObject> clazz = TargetObject.class;
Method method = clazz.getMethod("makeLowerCase", new Class[] {String.class});
MethodSecurityMetadataSourceAdvisor advisor = new MethodSecurityMetadataSourceAdvisor(getInterceptor());
MethodSecurityMetadataSource mds = mock(MethodSecurityMetadataSource.class);
when(mds.getAttributes(method, clazz)).thenReturn(null);
MethodSecurityMetadataSourceAdvisor advisor = new MethodSecurityMetadataSourceAdvisor("", mds ,"");
assertFalse(advisor.getPointcut().getMethodMatcher().matches(method, clazz));
}
@ -60,18 +48,9 @@ public class MethodSecurityMetadataSourceAdvisorTests extends TestCase {
Class<TargetObject> clazz = TargetObject.class;
Method method = clazz.getMethod("countLength", new Class[] {String.class});
MethodSecurityMetadataSourceAdvisor advisor = new MethodSecurityMetadataSourceAdvisor(getInterceptor());
MethodSecurityMetadataSource mds = mock(MethodSecurityMetadataSource.class);
when(mds.getAttributes(method, clazz)).thenReturn(SecurityConfig.createList("ROLE_A"));
MethodSecurityMetadataSourceAdvisor advisor = new MethodSecurityMetadataSourceAdvisor("", mds ,"");
assertTrue(advisor.getPointcut().getMethodMatcher().matches(method, clazz));
}
public void testDetectsImproperlyConfiguredAdvice() {
MethodSecurityInterceptor msi = new MethodSecurityInterceptor();
try {
new MethodSecurityMetadataSourceAdvisor(msi);
fail("Should have detected null SecurityMetadataSource and thrown AopConfigException");
} catch (IllegalArgumentException expected) {
assertTrue(true);
}
}
}

224
core/src/test/java/org/springframework/security/access/intercept/method/MethodSecurityMetadataSourceEditorTests.java
View File

@ -1,224 +0,0 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.access.intercept.method;
import java.lang.reflect.AccessibleObject;
import java.lang.reflect.Method;
import java.util.Collection;
import java.util.List;
import junit.framework.TestCase;
import org.aopalliance.intercept.MethodInvocation;
import org.springframework.security.ITargetObject;
import org.springframework.security.OtherTargetObject;
import org.springframework.security.TargetObject;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.access.method.MapBasedMethodSecurityMetadataSource;
import org.springframework.security.access.method.MethodSecurityMetadataSourceEditor;
/**
* Tests {@link MethodSecurityMetadataSourceEditor} and its associated {@link MapBasedMethodSecurityMetadataSource}.
*
* @author Ben Alex
*/
@SuppressWarnings("deprecation")
public class MethodSecurityMetadataSourceEditorTests extends TestCase {
//~ Methods ========================================================================================================
public final void setUp() throws Exception {
super.setUp();
}
public void testClassNameNotFoundResultsInException() {
MethodSecurityMetadataSourceEditor editor = new MethodSecurityMetadataSourceEditor();
try {
editor.setAsText("org.springframework.security.DOES_NOT_EXIST_NAME=FOO,BAR");
fail("Should have given IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertTrue(true);
}
}
public void testClassNameNotInProperFormatResultsInException() {
MethodSecurityMetadataSourceEditor editor = new MethodSecurityMetadataSourceEditor();
try {
editor.setAsText("DOES_NOT_EXIST_NAME=FOO,BAR");
fail("Should have given IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertTrue(true);
}
}
public void testClassNameValidButMethodNameInvalidResultsInException() {
MethodSecurityMetadataSourceEditor editor = new MethodSecurityMetadataSourceEditor();
try {
editor.setAsText("org.springframework.security.TargetObject.INVALID_METHOD=FOO,BAR");
fail("Should have given IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertTrue(true);
}
}
public void testConcreteClassInvocationsAlsoReturnDefinitionsAgainstInterface() throws Exception {
MethodSecurityMetadataSourceEditor editor = new MethodSecurityMetadataSourceEditor();
editor.setAsText(
"org.springframework.security.ITargetObject.computeHashCode*=ROLE_FROM_INTERFACE\r\n" +
"org.springframework.security.ITargetObject.makeLower*=ROLE_FROM_INTERFACE\r\n" +
"org.springframework.security.ITargetObject.makeUpper*=ROLE_FROM_INTERFACE\r\n" +
"org.springframework.security.TargetObject.computeHashCode*=ROLE_FROM_TO\r\n" +
"org.springframework.security.OtherTargetObject.computeHashCode*=ROLE_FROM_OTO\r\n" +
"org.springframework.security.OtherTargetObject.makeUpper*=ROLE_FROM_IMPLEMENTATION");
MapBasedMethodSecurityMetadataSource map = (MapBasedMethodSecurityMetadataSource) editor.getValue();
assertEquals(6, map.getMethodMapSize());
Collection<ConfigAttribute> returnedMakeLower = map.getAttributes(new MockMethodInvocation(ITargetObject.class, "makeLowerCase", new Class[] {String.class}, new OtherTargetObject()));
List<ConfigAttribute> expectedMakeLower = SecurityConfig.createList("ROLE_FROM_INTERFACE");
assertEquals(expectedMakeLower, returnedMakeLower);
Collection<ConfigAttribute> returnedMakeUpper = map.getAttributes(new MockMethodInvocation(ITargetObject.class, "makeUpperCase", new Class[] {String.class}, new OtherTargetObject()));
List<ConfigAttribute> expectedMakeUpper = SecurityConfig.createList("ROLE_FROM_IMPLEMENTATION");
assertEquals(expectedMakeUpper, returnedMakeUpper);
Collection<ConfigAttribute> returnedComputeHashCode = map.getAttributes(new MockMethodInvocation(ITargetObject.class, "computeHashCode", new Class[] {String.class}, new OtherTargetObject()));
List<ConfigAttribute> expectedComputeHashCode = SecurityConfig.createList("ROLE_FROM_OTO");
assertEquals(expectedComputeHashCode, returnedComputeHashCode);
returnedComputeHashCode = map.getAttributes(new MockMethodInvocation(ITargetObject.class, "computeHashCode", new Class[] {String.class}, new TargetObject()));
expectedComputeHashCode = SecurityConfig.createList("ROLE_FROM_TO");
assertEquals(expectedComputeHashCode, returnedComputeHashCode);
}
public void testEmptyStringReturnsEmptyMap() {
MethodSecurityMetadataSourceEditor editor = new MethodSecurityMetadataSourceEditor();
editor.setAsText("");
MapBasedMethodSecurityMetadataSource map = (MapBasedMethodSecurityMetadataSource) editor.getValue();
assertEquals(0, map.getMethodMapSize());
}
public void testIterator() {
MethodSecurityMetadataSourceEditor editor = new MethodSecurityMetadataSourceEditor();
editor.setAsText(
"org.springframework.security.TargetObject.countLength=ROLE_ONE,ROLE_TWO,RUN_AS_ENTRY\r\norg.springframework.security.TargetObject.make*=ROLE_NINE,ROLE_SUPERVISOR");
MapBasedMethodSecurityMetadataSource map = (MapBasedMethodSecurityMetadataSource) editor.getValue();
assertEquals(5, map.getAllConfigAttributes().size());
}
public void testMultiMethodParsing() {
MethodSecurityMetadataSourceEditor editor = new MethodSecurityMetadataSourceEditor();
editor.setAsText(
"org.springframework.security.TargetObject.countLength=ROLE_ONE,ROLE_TWO,RUN_AS_ENTRY\r\norg.springframework.security.TargetObject.make*=ROLE_NINE,ROLE_SUPERVISOR");
MapBasedMethodSecurityMetadataSource map = (MapBasedMethodSecurityMetadataSource) editor.getValue();
assertEquals(3, map.getMethodMapSize());
}
public void testMultiMethodParsingWhereLaterMethodsOverrideEarlierMethods() throws Exception {
MethodSecurityMetadataSourceEditor editor = new MethodSecurityMetadataSourceEditor();
editor.setAsText(
"org.springframework.security.TargetObject.*=ROLE_GENERAL\r\norg.springframework.security.TargetObject.makeLower*=ROLE_LOWER\r\norg.springframework.security.TargetObject.make*=ROLE_MAKE\r\norg.springframework.security.TargetObject.makeUpper*=ROLE_UPPER");
MapBasedMethodSecurityMetadataSource map = (MapBasedMethodSecurityMetadataSource) editor.getValue();
assertEquals(14, map.getMethodMapSize());
Collection<ConfigAttribute> returnedMakeLower = map.getAttributes(new MockMethodInvocation(ITargetObject.class,
"makeLowerCase", new Class[] {String.class}, new TargetObject()));
List<ConfigAttribute> expectedMakeLower = SecurityConfig.createList("ROLE_LOWER");
assertEquals(expectedMakeLower, returnedMakeLower);
Collection<ConfigAttribute> returnedMakeUpper = map.getAttributes(new MockMethodInvocation(ITargetObject.class,
"makeUpperCase", new Class[] {String.class}, new TargetObject()));
List<ConfigAttribute> expectedMakeUpper = SecurityConfig.createList("ROLE_UPPER");
assertEquals(expectedMakeUpper, returnedMakeUpper);
Collection<ConfigAttribute> returnedCountLength = map.getAttributes(new MockMethodInvocation(ITargetObject.class,
"countLength", new Class[] {String.class}, new TargetObject()));
List<ConfigAttribute> expectedCountLength = SecurityConfig.createList("ROLE_GENERAL");
assertEquals(expectedCountLength, returnedCountLength);
}
public void testNullIsReturnedByMethodSecurityMetadataSourceWhenMethodInvocationNotDefined() throws Exception {
MethodSecurityMetadataSourceEditor editor = new MethodSecurityMetadataSourceEditor();
editor.setAsText("org.springframework.security.TargetObject.countLength=ROLE_ONE,ROLE_TWO,RUN_AS_ENTRY");
MapBasedMethodSecurityMetadataSource map = (MapBasedMethodSecurityMetadataSource) editor.getValue();
Collection<ConfigAttribute> configAttributeDefinition = map.getAttributes(new MockMethodInvocation(
ITargetObject.class, "makeLowerCase", new Class[] {String.class}, new TargetObject()));
assertNull(configAttributeDefinition);
}
public void testNullReturnsEmptyMap() {
MethodSecurityMetadataSourceEditor editor = new MethodSecurityMetadataSourceEditor();
editor.setAsText(null);
MapBasedMethodSecurityMetadataSource map = (MapBasedMethodSecurityMetadataSource) editor.getValue();
assertEquals(0, map.getMethodMapSize());
}
public void testSingleMethodParsing() throws Exception {
MethodSecurityMetadataSourceEditor editor = new MethodSecurityMetadataSourceEditor();
editor.setAsText("org.springframework.security.TargetObject.countLength=ROLE_ONE,ROLE_TWO,RUN_AS_ENTRY");
MapBasedMethodSecurityMetadataSource map = (MapBasedMethodSecurityMetadataSource) editor.getValue();
Collection<ConfigAttribute> returnedCountLength = map.getAttributes(new MockMethodInvocation(ITargetObject.class,
"countLength", new Class[] {String.class}, new TargetObject()));
assertEquals(SecurityConfig.createList("ROLE_ONE", "ROLE_TWO", "RUN_AS_ENTRY"), returnedCountLength);
}
//~ Inner Classes ==================================================================================================
private class MockMethodInvocation implements MethodInvocation {
private Method method;
private Object targetObject;
public MockMethodInvocation(Class<?> clazz, String methodName, Class<?>[] parameterTypes, Object targetObject)
throws NoSuchMethodException {
this.method = clazz.getMethod(methodName, parameterTypes);
this.targetObject = targetObject;
}
public Object[] getArguments() {
return null;
}
public Method getMethod() {
return method;
}
public AccessibleObject getStaticPart() {
return null;
}
public Object getThis() {
return targetObject;
}
public Object proceed() throws Throwable {
return null;
}
}
}

120
core/src/test/java/org/springframework/security/util/EncryptionUtilsTests.java
View File

@ -1,120 +0,0 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.util;
import junit.framework.TestCase;
import org.springframework.security.util.EncryptionUtils.EncryptionException;
/**
* JUnit tests for EncryptionUtils.
*
* @author Alan Stewart
* @author Ben Alex
*/
@SuppressWarnings("deprecation")
public class EncryptionUtilsTests extends TestCase {
private final static String STRING_TO_ENCRYPT = "Alan K Stewart";
private final static String ENCRYPTION_KEY = "123456789012345678901234567890";
public void testEncryptsUsingDESEde() throws EncryptionException {
final String encryptedString = EncryptionUtils.encrypt(ENCRYPTION_KEY, STRING_TO_ENCRYPT);
assertEquals("3YIE8sIbaEoqGZZrHamFGQ==", encryptedString);
}
public void testEncryptByteArrayUsingDESEde() {
final byte[] encryptedArray = EncryptionUtils.encrypt(ENCRYPTION_KEY, EncryptionUtils.stringToByteArray(STRING_TO_ENCRYPT));
assertEquals("3YIE8sIbaEoqGZZrHamFGQ==", EncryptionUtils.byteArrayToString(encryptedArray));
}
public void testEncryptionKeyCanContainLetters() throws EncryptionException {
final String encryptedString = EncryptionUtils.encrypt("ASDF asdf 1234 8983 jklasdf J2Jaf8", STRING_TO_ENCRYPT);
assertEquals("v4+DQoClx6qm5tJwBcRrkw==", encryptedString);
}
public void testDecryptsUsingDESEde() throws EncryptionException {
final String encryptedString = "3YIE8sIbaEoqGZZrHamFGQ==";
final String decryptedString = EncryptionUtils.decrypt(ENCRYPTION_KEY, encryptedString);
assertEquals(STRING_TO_ENCRYPT, decryptedString);
}
public void testDecryptByteArrayUsingDESEde() {
final byte[] encrypted = EncryptionUtils.stringToByteArray("3YIE8sIbaEoqGZZrHamFGQ==");
final byte[] decrypted = EncryptionUtils.decrypt(ENCRYPTION_KEY, encrypted);
assertEquals(STRING_TO_ENCRYPT, EncryptionUtils.byteArrayToString(decrypted));
}
public void testFailEncryptWithNullEncryptionKey() {
try {
EncryptionUtils.encrypt(null, STRING_TO_ENCRYPT);
fail();
} catch (IllegalArgumentException e) {
assertTrue(true);
}
}
public void testFailEncryptWithEmptyEncryptionKey() {
try {
EncryptionUtils.encrypt("", STRING_TO_ENCRYPT);
fail();
} catch (IllegalArgumentException e) {
assertTrue(true);
}
}
public void teastFailEncryptWithShortEncryptionKey() {
try {
EncryptionUtils.encrypt("01234567890123456789012", STRING_TO_ENCRYPT);
fail();
} catch (IllegalArgumentException e) {
assertTrue(true);
}
}
public void testFailDecryptWithEmptyString() {
try {
EncryptionUtils.decrypt(ENCRYPTION_KEY, "");
fail();
} catch (IllegalArgumentException e) {
assertTrue(true);
}
}
public void testFailEncryptWithEmptyString() {
try {
EncryptionUtils.encrypt(ENCRYPTION_KEY, "");
fail();
} catch (IllegalArgumentException e) {
assertTrue(true);
}
}
public void testFailEncryptWithNullString() {
try {
EncryptionUtils.encrypt(ENCRYPTION_KEY, (String) null);
fail();
} catch (IllegalArgumentException e) {
assertTrue(true);
}
}
public void testEncryptAndDecrypt() throws EncryptionException {
final String stringToEncrypt = "Alan Stewart";
final String encryptedString = EncryptionUtils.encrypt(ENCRYPTION_KEY, stringToEncrypt);
final String decryptedString = EncryptionUtils.decrypt(ENCRYPTION_KEY, encryptedString);
assertEquals(stringToEncrypt, decryptedString);
}
}

218
samples/dms/src/main/java/sample/dms/DataSourcePopulator.java
View File

@ -8,10 +8,6 @@ import org.springframework.security.authentication.UsernamePasswordAuthenticatio
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.transaction.PlatformTransactionManager;
import org.springframework.transaction.TransactionStatus;
import org.springframework.transaction.support.TransactionCallback;
import org.springframework.transaction.support.TransactionTemplate;
import org.springframework.util.Assert;
@ -27,122 +23,128 @@ public class DataSourcePopulator implements InitializingBean {
protected static final int LEVEL_GRANT_ADMIN = 3;
protected JdbcTemplate template;
protected DocumentDao documentDao;
protected TransactionTemplate tt;
public DataSourcePopulator(DataSource dataSource, DocumentDao documentDao, PlatformTransactionManager platformTransactionManager) {
public DataSourcePopulator(DataSource dataSource, DocumentDao documentDao) {
Assert.notNull(dataSource, "DataSource required");
Assert.notNull(documentDao, "DocumentDao required");
Assert.notNull(platformTransactionManager, "PlatformTransactionManager required");
this.template = new JdbcTemplate(dataSource);
this.documentDao = documentDao;
this.tt = new TransactionTemplate(platformTransactionManager);
}
public void afterPropertiesSet() throws Exception {
// ACL tables
template.execute("CREATE TABLE ACL_SID(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 100) NOT NULL PRIMARY KEY,PRINCIPAL BOOLEAN NOT NULL,SID VARCHAR_IGNORECASE(100) NOT NULL,CONSTRAINT UNIQUE_UK_1 UNIQUE(SID,PRINCIPAL));");
template.execute("CREATE TABLE ACL_CLASS(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 100) NOT NULL PRIMARY KEY,CLASS VARCHAR_IGNORECASE(100) NOT NULL,CONSTRAINT UNIQUE_UK_2 UNIQUE(CLASS));");
template.execute("CREATE TABLE ACL_OBJECT_IDENTITY(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 100) NOT NULL PRIMARY KEY,OBJECT_ID_CLASS BIGINT NOT NULL,OBJECT_ID_IDENTITY BIGINT NOT NULL,PARENT_OBJECT BIGINT,OWNER_SID BIGINT,ENTRIES_INHERITING BOOLEAN NOT NULL,CONSTRAINT UNIQUE_UK_3 UNIQUE(OBJECT_ID_CLASS,OBJECT_ID_IDENTITY),CONSTRAINT FOREIGN_FK_1 FOREIGN KEY(PARENT_OBJECT)REFERENCES ACL_OBJECT_IDENTITY(ID),CONSTRAINT FOREIGN_FK_2 FOREIGN KEY(OBJECT_ID_CLASS)REFERENCES ACL_CLASS(ID),CONSTRAINT FOREIGN_FK_3 FOREIGN KEY(OWNER_SID)REFERENCES ACL_SID(ID));");
template.execute("CREATE TABLE ACL_ENTRY(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 100) NOT NULL PRIMARY KEY,ACL_OBJECT_IDENTITY BIGINT NOT NULL,ACE_ORDER INT NOT NULL,SID BIGINT NOT NULL,MASK INTEGER NOT NULL,GRANTING BOOLEAN NOT NULL,AUDIT_SUCCESS BOOLEAN NOT NULL,AUDIT_FAILURE BOOLEAN NOT NULL,CONSTRAINT UNIQUE_UK_4 UNIQUE(ACL_OBJECT_IDENTITY,ACE_ORDER),CONSTRAINT FOREIGN_FK_4 FOREIGN KEY(ACL_OBJECT_IDENTITY) REFERENCES ACL_OBJECT_IDENTITY(ID),CONSTRAINT FOREIGN_FK_5 FOREIGN KEY(SID) REFERENCES ACL_SID(ID));");
// Normal authentication tables
template.execute("CREATE TABLE USERS(USERNAME VARCHAR_IGNORECASE(50) NOT NULL PRIMARY KEY,PASSWORD VARCHAR_IGNORECASE(50) NOT NULL,ENABLED BOOLEAN NOT NULL);");
template.execute("CREATE TABLE AUTHORITIES(USERNAME VARCHAR_IGNORECASE(50) NOT NULL,AUTHORITY VARCHAR_IGNORECASE(50) NOT NULL,CONSTRAINT FK_AUTHORITIES_USERS FOREIGN KEY(USERNAME) REFERENCES USERS(USERNAME));");
template.execute("CREATE UNIQUE INDEX IX_AUTH_USERNAME ON AUTHORITIES(USERNAME,AUTHORITY);");
// Document management system business tables
template.execute("CREATE TABLE DIRECTORY(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 100) NOT NULL PRIMARY KEY, DIRECTORY_NAME VARCHAR_IGNORECASE(50) NOT NULL, PARENT_DIRECTORY_ID BIGINT)");
template.execute("CREATE TABLE FILE(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 100) NOT NULL PRIMARY KEY, FILE_NAME VARCHAR_IGNORECASE(50) NOT NULL, CONTENT VARCHAR_IGNORECASE(1024), PARENT_DIRECTORY_ID BIGINT)");
// Populate the authentication and role tables
template.execute("INSERT INTO USERS VALUES('rod','a564de63c2d0da68cf47586ee05984d7',TRUE);");
template.execute("INSERT INTO USERS VALUES('dianne','65d15fe9156f9c4bbffd98085992a44e',TRUE);");
template.execute("INSERT INTO USERS VALUES('scott','2b58af6dddbd072ed27ffc86725d7d3a',TRUE);");
template.execute("INSERT INTO USERS VALUES('peter','22b5c9accc6e1ba628cedc63a72d57f8',FALSE);");
template.execute("INSERT INTO USERS VALUES('bill','2b58af6dddbd072ed27ffc86725d7d3a',TRUE);");
template.execute("INSERT INTO USERS VALUES('bob','2b58af6dddbd072ed27ffc86725d7d3a',TRUE);");
template.execute("INSERT INTO USERS VALUES('jane','2b58af6dddbd072ed27ffc86725d7d3a',TRUE);");
template.execute("INSERT INTO AUTHORITIES VALUES('rod','ROLE_USER');");
template.execute("INSERT INTO AUTHORITIES VALUES('rod','ROLE_SUPERVISOR');");
template.execute("INSERT INTO AUTHORITIES VALUES('dianne','ROLE_USER');");
template.execute("INSERT INTO AUTHORITIES VALUES('scott','ROLE_USER');");
template.execute("INSERT INTO AUTHORITIES VALUES('peter','ROLE_USER');");
template.execute("INSERT INTO AUTHORITIES VALUES('bill','ROLE_USER');");
template.execute("INSERT INTO AUTHORITIES VALUES('bob','ROLE_USER');");
template.execute("INSERT INTO AUTHORITIES VALUES('jane','ROLE_USER');");
// Now create an ACL entry for the root directory
SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken("rod", "ignored", AuthorityUtils.createAuthorityList(("ROLE_IGNORED"))));
tt.execute(new TransactionCallback<Object>() {
public Object doInTransaction(TransactionStatus arg0) {
addPermission(documentDao, Directory.ROOT_DIRECTORY, "ROLE_USER", LEVEL_GRANT_WRITE);
return null;
}
});
// Now go off and create some directories and files for our users
createSampleData("rod", "koala");
createSampleData("dianne", "emu");
createSampleData("scott", "wombat");
}
/**
* Creates a directory for the user, and a series of sub-directories. The root directory is the parent for the user directory. The sub-directories
* are "confidential" and "shared". The ROLE_USER will be given read and write access to "shared".
*/
private void createSampleData(String username, String password) {
Assert.notNull(documentDao, "DocumentDao required");
Assert.hasText(username, "Username required");
public void afterPropertiesSet() throws Exception {
// ACL tables
template.execute("CREATE TABLE ACL_SID(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 100) NOT NULL PRIMARY KEY,PRINCIPAL BOOLEAN NOT NULL,SID VARCHAR_IGNORECASE(100) NOT NULL,CONSTRAINT UNIQUE_UK_1 UNIQUE(SID,PRINCIPAL));");
template.execute("CREATE TABLE ACL_CLASS(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 100) NOT NULL PRIMARY KEY,CLASS VARCHAR_IGNORECASE(100) NOT NULL,CONSTRAINT UNIQUE_UK_2 UNIQUE(CLASS));");
template.execute("CREATE TABLE ACL_OBJECT_IDENTITY(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 100) NOT NULL PRIMARY KEY,OBJECT_ID_CLASS BIGINT NOT NULL,OBJECT_ID_IDENTITY BIGINT NOT NULL,PARENT_OBJECT BIGINT,OWNER_SID BIGINT,ENTRIES_INHERITING BOOLEAN NOT NULL,CONSTRAINT UNIQUE_UK_3 UNIQUE(OBJECT_ID_CLASS,OBJECT_ID_IDENTITY),CONSTRAINT FOREIGN_FK_1 FOREIGN KEY(PARENT_OBJECT)REFERENCES ACL_OBJECT_IDENTITY(ID),CONSTRAINT FOREIGN_FK_2 FOREIGN KEY(OBJECT_ID_CLASS)REFERENCES ACL_CLASS(ID),CONSTRAINT FOREIGN_FK_3 FOREIGN KEY(OWNER_SID)REFERENCES ACL_SID(ID));");
template.execute("CREATE TABLE ACL_ENTRY(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 100) NOT NULL PRIMARY KEY,ACL_OBJECT_IDENTITY BIGINT NOT NULL,ACE_ORDER INT NOT NULL,SID BIGINT NOT NULL,MASK INTEGER NOT NULL,GRANTING BOOLEAN NOT NULL,AUDIT_SUCCESS BOOLEAN NOT NULL,AUDIT_FAILURE BOOLEAN NOT NULL,CONSTRAINT UNIQUE_UK_4 UNIQUE(ACL_OBJECT_IDENTITY,ACE_ORDER),CONSTRAINT FOREIGN_FK_4 FOREIGN KEY(ACL_OBJECT_IDENTITY) REFERENCES ACL_OBJECT_IDENTITY(ID),CONSTRAINT FOREIGN_FK_5 FOREIGN KEY(SID) REFERENCES ACL_SID(ID));");
Authentication auth = new UsernamePasswordAuthenticationToken(username, password);
// Normal authentication tables
template.execute("CREATE TABLE USERS(USERNAME VARCHAR_IGNORECASE(50) NOT NULL PRIMARY KEY,PASSWORD VARCHAR_IGNORECASE(50) NOT NULL,ENABLED BOOLEAN NOT NULL);");
template.execute("CREATE TABLE AUTHORITIES(USERNAME VARCHAR_IGNORECASE(50) NOT NULL,AUTHORITY VARCHAR_IGNORECASE(50) NOT NULL,CONSTRAINT FK_AUTHORITIES_USERS FOREIGN KEY(USERNAME) REFERENCES USERS(USERNAME));");
template.execute("CREATE UNIQUE INDEX IX_AUTH_USERNAME ON AUTHORITIES(USERNAME,AUTHORITY);");
try {
// Set the SecurityContextHolder ThreadLocal so any subclasses automatically know which user is operating
SecurityContextHolder.getContext().setAuthentication(auth);
// Document management system business tables
template.execute("CREATE TABLE DIRECTORY(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 100) NOT NULL PRIMARY KEY, DIRECTORY_NAME VARCHAR_IGNORECASE(50) NOT NULL, PARENT_DIRECTORY_ID BIGINT)");
template.execute("CREATE TABLE FILE(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 100) NOT NULL PRIMARY KEY, FILE_NAME VARCHAR_IGNORECASE(50) NOT NULL, CONTENT VARCHAR_IGNORECASE(1024), PARENT_DIRECTORY_ID BIGINT)");
// Create the home directory first
Directory home = new Directory(username, Directory.ROOT_DIRECTORY);
documentDao.create(home);
addPermission(documentDao, home, username, LEVEL_GRANT_ADMIN);
addPermission(documentDao, home, "ROLE_USER", LEVEL_GRANT_READ);
createFiles(documentDao, home);
// Populate the authentication and role tables
template.execute("INSERT INTO USERS VALUES('rod','a564de63c2d0da68cf47586ee05984d7',TRUE);");
template.execute("INSERT INTO USERS VALUES('dianne','65d15fe9156f9c4bbffd98085992a44e',TRUE);");
template.execute("INSERT INTO USERS VALUES('scott','2b58af6dddbd072ed27ffc86725d7d3a',TRUE);");
template.execute("INSERT INTO USERS VALUES('peter','22b5c9accc6e1ba628cedc63a72d57f8',FALSE);");
template.execute("INSERT INTO USERS VALUES('bill','2b58af6dddbd072ed27ffc86725d7d3a',TRUE);");
template.execute("INSERT INTO USERS VALUES('bob','2b58af6dddbd072ed27ffc86725d7d3a',TRUE);");
template.execute("INSERT INTO USERS VALUES('jane','2b58af6dddbd072ed27ffc86725d7d3a',TRUE);");
template.execute("INSERT INTO AUTHORITIES VALUES('rod','ROLE_USER');");
template.execute("INSERT INTO AUTHORITIES VALUES('rod','ROLE_SUPERVISOR');");
template.execute("INSERT INTO AUTHORITIES VALUES('dianne','ROLE_USER');");
template.execute("INSERT INTO AUTHORITIES VALUES('scott','ROLE_USER');");
template.execute("INSERT INTO AUTHORITIES VALUES('peter','ROLE_USER');");
template.execute("INSERT INTO AUTHORITIES VALUES('bill','ROLE_USER');");
template.execute("INSERT INTO AUTHORITIES VALUES('bob','ROLE_USER');");
template.execute("INSERT INTO AUTHORITIES VALUES('jane','ROLE_USER');");
// Now create the confidential directory
Directory confid = new Directory("confidential", home);
documentDao.create(confid);
addPermission(documentDao, confid, "ROLE_USER", LEVEL_NEGATE_READ);
createFiles(documentDao, confid);
// Now create an ACL entry for the root directory
SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken("rod", "ignored", AuthorityUtils.createAuthorityList(("ROLE_IGNORED"))));
// Now create the shared directory
Directory shared = new Directory("shared", home);
documentDao.create(shared);
addPermission(documentDao, shared, "ROLE_USER", LEVEL_GRANT_READ);
addPermission(documentDao, shared, "ROLE_USER", LEVEL_GRANT_WRITE);
createFiles(documentDao, shared);
} finally {
// Clear the SecurityContextHolder ThreadLocal so future calls are guaranteed to be clean
SecurityContextHolder.clearContext();
}
}
addPermission(documentDao, Directory.ROOT_DIRECTORY, "ROLE_USER", LEVEL_GRANT_WRITE);
private void createFiles(DocumentDao documentDao, Directory parent) {
Assert.notNull(documentDao, "DocumentDao required");
Assert.notNull(parent, "Parent required");
int countBeforeInsert = documentDao.findElements(parent).length;
for (int i = 0; i < 10; i++) {
File file = new File("file_" + i + ".txt", parent);
documentDao.create(file);
}
Assert.isTrue(countBeforeInsert + 10 == documentDao.findElements(parent).length, "Failed to increase count by 10");
}
// Now go off and create some directories and files for our users
createSampleData("rod", "koala");
createSampleData("dianne", "emu");
createSampleData("scott", "wombat");
/**
* Allows subclass to add permissions.
*
* @param documentDao that will presumably offer methods to enable the operation to be completed
* @param element to the subject of the new permissions
* @param recipient to receive permission (if it starts with ROLE_ it is assumed to be a GrantedAuthority, else it is a username)
* @param level based on the static final integer fields on this class
*/
protected void addPermission(DocumentDao documentDao, AbstractElement element, String recipient, int level) {}
}
/**
* Creates a directory for the user, and a series of sub-directories. The
* root directory is the parent for the user directory. The sub-directories
* are "confidential" and "shared". The ROLE_USER will be given read and
* write access to "shared".
*/
private void createSampleData(String username, String password) {
Assert.notNull(documentDao, "DocumentDao required");
Assert.hasText(username, "Username required");
Authentication auth = new UsernamePasswordAuthenticationToken(username, password);
try {
// Set the SecurityContextHolder ThreadLocal so any subclasses
// automatically know which user is operating
SecurityContextHolder.getContext().setAuthentication(auth);
// Create the home directory first
Directory home = new Directory(username, Directory.ROOT_DIRECTORY);
documentDao.create(home);
addPermission(documentDao, home, username, LEVEL_GRANT_ADMIN);
addPermission(documentDao, home, "ROLE_USER", LEVEL_GRANT_READ);
createFiles(documentDao, home);
// Now create the confidential directory
Directory confid = new Directory("confidential", home);
documentDao.create(confid);
addPermission(documentDao, confid, "ROLE_USER", LEVEL_NEGATE_READ);
createFiles(documentDao, confid);
// Now create the shared directory
Directory shared = new Directory("shared", home);
documentDao.create(shared);
addPermission(documentDao, shared, "ROLE_USER", LEVEL_GRANT_READ);
addPermission(documentDao, shared, "ROLE_USER", LEVEL_GRANT_WRITE);
createFiles(documentDao, shared);
} finally {
// Clear the SecurityContextHolder ThreadLocal so future calls are
// guaranteed to be clean
SecurityContextHolder.clearContext();
}
}
private void createFiles(DocumentDao documentDao, Directory parent) {
Assert.notNull(documentDao, "DocumentDao required");
Assert.notNull(parent, "Parent required");
int countBeforeInsert = documentDao.findElements(parent).length;
for (int i = 0; i < 10; i++) {
File file = new File("file_" + i + ".txt", parent);
documentDao.create(file);
}
Assert.isTrue(countBeforeInsert + 10 == documentDao.findElements(parent).length,
"Failed to increase count by 10");
}
/**
* Allows subclass to add permissions.
*
* @param documentDao
* that will presumably offer methods to enable the operation to
* be completed
* @param element
* to the subject of the new permissions
* @param recipient
* to receive permission (if it starts with ROLE_ it is assumed
* to be a GrantedAuthority, else it is a username)
* @param level
* based on the static final integer fields on this class
*/
protected void addPermission(DocumentDao documentDao, AbstractElement element, String recipient, int level) {
}
}

5
samples/dms/src/main/java/sample/dms/secured/SecureDataSourcePopulator.java
View File

@ -13,7 +13,6 @@ import org.springframework.security.acls.model.ObjectIdentity;
import org.springframework.security.acls.model.Permission;
import org.springframework.security.acls.model.Sid;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.transaction.PlatformTransactionManager;
import org.springframework.util.Assert;
import sample.dms.AbstractElement;
@ -24,8 +23,8 @@ public class SecureDataSourcePopulator extends DataSourcePopulator {
private MutableAclService aclService;
public SecureDataSourcePopulator(DataSource dataSource, SecureDocumentDao documentDao, PlatformTransactionManager platformTransactionManager, MutableAclService aclService) {
super(dataSource, documentDao, platformTransactionManager);
public SecureDataSourcePopulator(DataSource dataSource, SecureDocumentDao documentDao, MutableAclService aclService) {
super(dataSource, documentDao);
Assert.notNull(aclService, "MutableAclService required");
this.aclService = aclService;
}

1
samples/dms/src/main/resources/applicationContext-dms-insecure.xml
View File

@ -35,7 +35,6 @@
<bean id="dataSourcePopulator" class="sample.dms.DataSourcePopulator">
<constructor-arg ref="dataSource"/>
<constructor-arg ref="documentDao"/>
<constructor-arg ref="transactionManager"/>
</bean>
</beans>

37
samples/dms/src/main/resources/applicationContext-dms-secure.xml
View File

@ -9,7 +9,7 @@
xmlns:s="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<bean id="jdbcTemplate" class="org.springframework.jdbc.core.JdbcTemplate">
<property name="dataSource" ref="dataSource"/>
@ -44,7 +44,6 @@
<bean id="dataSourcePopulator" class="sample.dms.secured.SecureDataSourcePopulator">
<constructor-arg ref="dataSource"/>
<constructor-arg ref="documentDao"/>
<constructor-arg ref="transactionManager"/>
<constructor-arg ref="aclService"/>
</bean>
@ -206,21 +205,25 @@
<!-- ================= METHOD INVOCATION AUTHORIZATION ==================== -->
<bean id="methodSecurityAdvisor" class="org.springframework.security.access.intercept.aopalliance.MethodSecurityMetadataSourceAdvisor" autowire="constructor"/>
<bean id="methodSecurityInterceptor" class="org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor">
<property name="authenticationManager"><ref bean="authenticationManager"/></property>
<property name="accessDecisionManager"><ref local="businessAccessDecisionManager"/></property>
<property name="afterInvocationManager"><ref local="afterInvocationManager"/></property>
<property name="securityMetadataSource">
<value>
sample.dms.DocumentDao.create=ACL_ABSTRACT_ELEMENT_WRITE_PARENT
sample.dms.DocumentDao.delete=ACL_ABSTRACT_ELEMENT_WRITE
sample.dms.DocumentDao.update=ACL_ABSTRACT_ELEMENT_WRITE
sample.dms.DocumentDao.findElements=AFTER_ACL_COLLECTION_READ
sample.dms.secured.SecureDocumentDao.getUsers=ROLE_USER
</value>
</property>
<bean id="methodSecurityAdvisor" class="org.springframework.security.access.intercept.aopalliance.MethodSecurityMetadataSourceAdvisor">
<constructor-arg value="methodSecurityInterceptor" />
<constructor-arg ref="msmds" />
<constructor-arg value="msmds" />
</bean>
<bean id="methodSecurityInterceptor" class="org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="accessDecisionManager" ref="businessAccessDecisionManager"/>
<property name="afterInvocationManager" ref="afterInvocationManager"/>
<property name="securityMetadataSource" ref="msmds" />
</bean>
<s:method-security-metadata-source id="msmds">
<s:protect method="sample.dms.DocumentDao.create" access="ACL_ABSTRACT_ELEMENT_WRITE_PARENT" />
<s:protect method="sample.dms.DocumentDao.delete" access="ACL_ABSTRACT_ELEMENT_WRITE" />
<s:protect method="sample.dms.DocumentDao.update" access="ACL_ABSTRACT_ELEMENT_WRITE" />
<s:protect method="sample.dms.DocumentDao.findElements" access="AFTER_ACL_COLLECTION_READ" />
<s:protect method="sample.dms.secured.SecureDocumentDao.getUsers" access="ROLE_USER" />
</s:method-security-metadata-source>
</beans>

24
web/src/main/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptor.java
View File

@ -87,6 +87,14 @@ public class FilterSecurityInterceptor extends AbstractSecurityInterceptor imple
return this.securityMetadataSource;
}
public SecurityMetadataSource obtainSecurityMetadataSource() {
return this.securityMetadataSource;
}
public void setSecurityMetadataSource(FilterInvocationSecurityMetadataSource newSource) {
this.securityMetadataSource = newSource;
}
public Class<? extends Object> getSecureObjectClass() {
return FilterInvocation.class;
}
@ -127,22 +135,6 @@ public class FilterSecurityInterceptor extends AbstractSecurityInterceptor imple
return observeOncePerRequest;
}
public SecurityMetadataSource obtainSecurityMetadataSource() {
return this.securityMetadataSource;
}
/**
* @deprecated use setSecurityMetadataSource instead
*/
public void setObjectDefinitionSource(FilterInvocationSecurityMetadataSource newSource) {
logger.warn("The property 'objectDefinitionSource' is deprecated. Please use 'securityMetadataSource' instead");
this.securityMetadataSource = newSource;
}
public void setSecurityMetadataSource(FilterInvocationSecurityMetadataSource newSource) {
this.securityMetadataSource = newSource;
}
public void setObserveOncePerRequest(boolean observeOncePerRequest) {
this.observeOncePerRequest = observeOncePerRequest;
}

17
web/src/main/java/org/springframework/security/web/authentication/AbstractProcessingFilter.java
View File

@ -1,17 +0,0 @@
package org.springframework.security.web.authentication;
/**
* Renamed class, retained for backwards compatibility.
* <p>
* See {@link AbstractAuthenticationProcessingFilter}.
*
* @author Luke Taylor
* @deprecated Use AbstractAuthenticationProcessingFilter instead.
*/
@Deprecated
public abstract class AbstractProcessingFilter extends AbstractAuthenticationProcessingFilter {
protected AbstractProcessingFilter(String defaultFilterProcessesUrl) {
super(defaultFilterProcessesUrl);
}
}

14
web/src/main/java/org/springframework/security/web/authentication/AuthenticationProcessingFilter.java
View File

@ -1,14 +0,0 @@
package org.springframework.security.web.authentication;
/**
* Renamed class, retained for backwards compatibility.
* <p>
* See {@link UsernamePasswordAuthenticationFilter}.
*
* @author Luke Taylor
* @deprecated Use UsernamePasswordAuthenticationFilter instead.
*/
public class AuthenticationProcessingFilter extends UsernamePasswordAuthenticationFilter {
}

13
web/src/main/java/org/springframework/security/web/authentication/AuthenticationProcessingFilterEntryPoint.java
View File

@ -1,13 +0,0 @@
package org.springframework.security.web.authentication;
/**
* Renamed class, retained for backwards compatibility.
* <p>
* See {@link LoginUrlAuthenticationEntryPoint}.
*
* @author Luke Taylor
* @deprecated Use LoginUrlAuthenticationEntryPoint instead.
*/
public class AuthenticationProcessingFilterEntryPoint extends LoginUrlAuthenticationEntryPoint{
}

15
web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedProcessingFilterEntryPoint.java
View File

@ -1,15 +0,0 @@
package org.springframework.security.web.authentication.preauth;
import org.springframework.security.web.authentication.Http403ForbiddenEntryPoint;
/**
* Renamed class, retained for backwards compatibility.
* <p>
* See {@link Http403ForbiddenEntryPoint}.
*
* @author Luke Taylor
* @deprecated Use Http403ForbiddenEntryPoint instead.
*/
public class PreAuthenticatedProcessingFilterEntryPoint extends Http403ForbiddenEntryPoint {
}

34
web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java
View File

@ -222,40 +222,6 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
return context;
}
@SuppressWarnings("unchecked")
@Deprecated
/**
* Sets the {@code SecurityContext} implementation class.
*
* @deprecated use a custom {@code SecurityContextHolderStrategy} where the {@code createEmptyContext} method
* returns the correct implementation.
*/
public void setSecurityContextClass(Class contextClass) {
if (contextClass == null || (!SecurityContext.class.isAssignableFrom(contextClass))) {
throw new IllegalArgumentException("securityContextClass must implement SecurityContext "
+ "(typically use org.springframework.security.core.context.SecurityContextImpl; existing class is "
+ contextClass + ")");
}
this.securityContextClass = contextClass;
contextObject = generateNewContext();
}
/**
* Normally, the {@code SecurityContext} retrieved from the session is stored directly in the
* {@code SecurityContextHolder}, meaning that it is shared between concurrent threads.
* In this case, if one thread modifies the contents of the context, all threads will see the same
* change.
*
* @param cloneFromHttpSession set to true to clone the security context retrieved from the session.
* Defaults to false.
* @deprecated Override the {@code loadContext} method and copy the created context instead.
*/
@Deprecated
public void setCloneFromHttpSession(boolean cloneFromHttpSession) {
this.cloneFromHttpSession = cloneFromHttpSession;
}
/**
* If set to true (the default), a session will be created (if required) to store the security context if it is
* determined that its contents are different from the default empty context value.

38
web/src/test/java/org/springframework/security/web/context/HttpSessionSecurityContextRepositoryTests.java
View File

@ -18,20 +18,6 @@ import org.springframework.security.web.context.SaveContextOnUpdateOrErrorRespon
public class HttpSessionSecurityContextRepositoryTests {
private final TestingAuthenticationToken testToken = new TestingAuthenticationToken("someone", "passwd", "ROLE_A");
@Test(expected=IllegalArgumentException.class)
@Deprecated
public void detectsInvalidContextClass() throws Exception {
HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
repo.setSecurityContextClass(String.class);
}
@Deprecated
@Test(expected=IllegalArgumentException.class)
public void cannotSetNullContextClass() throws Exception {
HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
repo.setSecurityContextClass(null);
}
@Test
public void sessionIsntCreatedIfContextDoesntChange() throws Exception {
HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
@ -162,30 +148,6 @@ public class HttpSessionSecurityContextRepositoryTests {
assertNull(request.getSession(false));
}
@Test
@Deprecated
public void settingCloneFromContextLoadsClonedContextObject() throws Exception {
HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
repo.setCloneFromHttpSession(true);
MockHttpServletRequest request = new MockHttpServletRequest();
MockContext contextBefore = new MockContext();
request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, contextBefore);
contextBefore.setAuthentication(testToken);
MockHttpServletResponse response = new MockHttpServletResponse();
HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
SecurityContext loadedContext = repo.loadContext(holder);
assertTrue(loadedContext instanceof MockContext);
assertFalse(loadedContext == contextBefore);
}
@Test
@Deprecated
public void generateNewContextWorksWithContextClass() throws Exception {
HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
repo.setSecurityContextClass(MockContext.class);
assertTrue(repo.generateNewContext() instanceof MockContext);
}
@Test
@SuppressWarnings("deprecation")
public void sessionDisableUrlRewritingPreventsSessionIdBeingWrittenToUrl() throws Exception {