root
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Actions 6 Packages Projects Releases Wiki Activity

SEC-641: Avoid direct use of external classes in namespace parsing.

This commit is contained in:
Luke Taylor 2008-02-07 15:03:27 +00:00
parent 6e93ec92eb
commit 549de2927e
4 changed files with 28 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
core/src/main/java/org/springframework/security/config/LdapServerBeanDefinitionParser.java
View File

@ -6,18 +6,15 @@ import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.springframework.beans.factory.support.ManagedSet;
import org.springframework.ldap.core.DirContextAdapter;
import org.springframework.util.StringUtils;
import org.w3c.dom.Element;
import org.apache.directory.server.configuration.MutableServerStartupConfiguration;
import org.apache.directory.server.core.partition.impl.btree.MutableBTreePartitionConfiguration;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import javax.naming.NamingException;
import java.util.HashSet;
/**
* @author Luke Taylor
* @version $Id$
@ -89,24 +86,23 @@ public class LdapServerBeanDefinitionParser implements BeanDefinitionParser {
*
* Registers beans to create an embedded apache directory server.
*
* @param element
* @param parserContext
*
* @return the BeanDefinition for the ContextSource for the embedded server.
*
* @see ApacheDSContainer
*/
private RootBeanDefinition createEmbeddedServer(Element element, ParserContext parserContext) {
MutableServerStartupConfiguration configuration = new MutableServerStartupConfiguration();
MutableBTreePartitionConfiguration partition = new MutableBTreePartitionConfiguration();
partition.setName("springsecurity");
Object source = parserContext.extractSource(element);
BeanDefinitionBuilder configuration = BeanDefinitionBuilder.rootBeanDefinition("org.apache.directory.server.configuration.MutableServerStartupConfiguration");
BeanDefinitionBuilder partition = BeanDefinitionBuilder.rootBeanDefinition("org.apache.directory.server.core.partition.impl.btree.MutableBTreePartitionConfiguration");
configuration.setSource(source);
partition.setSource(source);
DirContextAdapter rootContext = new DirContextAdapter();
rootContext.setAttributeValues("objectClass", new String[] {"top", "domain", "extensibleObject"});
rootContext.setAttributeValue("dc", "springsecurity");
partition.setContextEntry(rootContext.getAttributes());
partition.addPropertyValue("name", "springsecurity");
partition.addPropertyValue("contextEntry", rootContext.getAttributes());
String suffix = element.getAttribute(ATT_ROOT_SUFFIX);
@ -114,14 +110,10 @@ public class LdapServerBeanDefinitionParser implements BeanDefinitionParser {
suffix = OPT_DEFAULT_ROOT_SUFFIX;
}
try {
partition.setSuffix(suffix);
} catch (NamingException e) {
parserContext.getReaderContext().error("Failed to set root name suffix to " + suffix, element, e);
}
partition.addPropertyValue("suffix", suffix);
HashSet partitions = new HashSet(1);
partitions.add(partition);
ManagedSet partitions = new ManagedSet(1);
partitions.add(partition.getBeanDefinition());
String port = element.getAttribute(ATT_PORT);
@ -129,13 +121,13 @@ public class LdapServerBeanDefinitionParser implements BeanDefinitionParser {
port = OPT_DEFAULT_PORT;
}
configuration.setLdapPort(Integer.parseInt(port));
configuration.addPropertyValue("ldapPort", port);
// We shut down the server ourself when the app context is closed so we don't need
// the extra shutdown hook from apache DS itself.
configuration.setShutdownHookEnabled(false);
configuration.setExitVmOnShutdown(false);
configuration.setContextPartitionConfigurations(partitions);
configuration.addPropertyValue("shutdownHookEnabled", Boolean.FALSE);
configuration.addPropertyValue("exitVmOnShutdown", Boolean.FALSE);
configuration.addPropertyValue("contextPartitionConfigurations", partitions);
String url = "ldap://127.0.0.1:" + port + "/" + suffix;
@ -144,9 +136,9 @@ public class LdapServerBeanDefinitionParser implements BeanDefinitionParser {
contextSource.getPropertyValues().addPropertyValue("userDn", "uid=admin,ou=system");
contextSource.getPropertyValues().addPropertyValue("password", "secret");
RootBeanDefinition apacheContainer = new RootBeanDefinition(ApacheDSContainer.class);
apacheContainer.setSource(parserContext.extractSource(element));
apacheContainer.getConstructorArgumentValues().addGenericArgumentValue(configuration);
RootBeanDefinition apacheContainer = new RootBeanDefinition("org.springframework.security.config.ApacheDSContainer", null, null);
apacheContainer.setSource(source);
apacheContainer.getConstructorArgumentValues().addGenericArgumentValue(configuration.getBeanDefinition());
apacheContainer.getConstructorArgumentValues().addGenericArgumentValue(contextSource);
String ldifs = element.getAttribute(ATT_LDIF_FILE);

12
core/src/main/java/org/springframework/security/config/OrderedFilterBeanDefinitionDecorator.java
View File

@ -5,7 +5,7 @@ import org.springframework.beans.factory.xml.BeanDefinitionDecorator;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.beans.factory.config.BeanDefinitionHolder;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.springframework.core.Ordered;
import org.springframework.util.StringUtils;
import org.springframework.util.Assert;
@ -39,15 +39,15 @@ public class OrderedFilterBeanDefinitionDecorator implements BeanDefinitionDecor
String order = getOrder(elt, parserContext);
BeanDefinition filter = holder.getBeanDefinition();
BeanDefinition wrapper = new RootBeanDefinition(OrderedFilterDecorator.class);
wrapper.getConstructorArgumentValues().addIndexedArgumentValue(0, holder.getBeanName());
wrapper.getConstructorArgumentValues().addIndexedArgumentValue(1, filter);
BeanDefinitionBuilder wrapper = BeanDefinitionBuilder.rootBeanDefinition("org.springframework.security.config.OrderedFilterBeanDefinitionDecorator$OrderedFilterDecorator");
wrapper.addConstructorArg(holder.getBeanName());
wrapper.addConstructorArg(filter);
if (StringUtils.hasText(order)) {
wrapper.getPropertyValues().addPropertyValue("order", order);
wrapper.addPropertyValue("order", order);
}
return new BeanDefinitionHolder(wrapper, holder.getBeanName());
return new BeanDefinitionHolder(wrapper.getBeanDefinition(), holder.getBeanName());
}
/**

1
core/src/main/java/org/springframework/security/config/PasswordEncoderParser.java
View File

@ -5,7 +5,6 @@ import org.springframework.security.providers.encoding.Md5PasswordEncoder;
import org.springframework.security.providers.encoding.ShaPasswordEncoder;
import org.springframework.security.providers.encoding.BaseDigestPasswordEncoder;
import org.springframework.security.providers.ldap.authenticator.LdapShaPasswordEncoder;
import org.springframework.beans.factory.xml.BeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.beans.factory.config.RuntimeBeanReference;

5
core/src/main/java/org/springframework/security/providers/ldap/LdapAuthenticator.java
View File

@ -24,11 +24,12 @@ import org.springframework.ldap.core.DirContextOperations;
* <p>
* The LdapAuthenticationProvider calls this interface to authenticate a user
* and obtain the information for that user from the directory.
* </p>
*
*
* @author Luke Taylor
* @version $Id$
*
* @see org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator
* @see org.springframework.security.ldap.populator.UserDetailsServiceLdapAuthoritiesPopulator
*/
public interface LdapAuthenticator {
//~ Methods ========================================================================================================