SEC-1036: Removed references to SpringSecurityContextSource

This commit is contained in:
Luke Taylor 2008-11-29 12:15:51 +00:00
parent 5c29dfbc20
commit b25d6958d7
4 changed files with 35 additions and 73 deletions

View File

@ -7,7 +7,7 @@ import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
import org.springframework.beans.factory.support.BeanDefinitionRegistry; import org.springframework.beans.factory.support.BeanDefinitionRegistry;
import org.springframework.beans.factory.support.RootBeanDefinition; import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.core.Ordered; import org.springframework.core.Ordered;
import org.springframework.security.ldap.SpringSecurityContextSource; import org.springframework.ldap.core.support.BaseLdapPathContextSource;
/** /**
* @author Luke Taylor * @author Luke Taylor
@ -16,35 +16,35 @@ import org.springframework.security.ldap.SpringSecurityContextSource;
*/ */
class LdapConfigUtils { class LdapConfigUtils {
/** /**
* Checks for the presence of a ContextSource instance. Also supplies the standard reference to any * Checks for the presence of a ContextSource instance. Also supplies the standard reference to any
* unconfigured <ldap-authentication-provider> or <ldap-user-service> beans. This is * unconfigured <ldap-authentication-provider> or <ldap-user-service> beans. This is
* necessary in cases where the user has given the server a specific Id, but hasn't used * necessary in cases where the user has given the server a specific Id, but hasn't used
* the server-ref attribute to link this to the other ldap definitions. See SEC-799. * the server-ref attribute to link this to the other ldap definitions. See SEC-799.
*/ */
private static class ContextSourceSettingPostProcessor implements BeanFactoryPostProcessor, Ordered { private static class ContextSourceSettingPostProcessor implements BeanFactoryPostProcessor, Ordered {
/** If set to true, a bean parser has indicated that the default context source name needs to be set */ /** If set to true, a bean parser has indicated that the default context source name needs to be set */
private boolean defaultNameRequired; private boolean defaultNameRequired;
public void postProcessBeanFactory(ConfigurableListableBeanFactory bf) throws BeansException { public void postProcessBeanFactory(ConfigurableListableBeanFactory bf) throws BeansException {
String[] sources = bf.getBeanNamesForType(SpringSecurityContextSource.class); String[] sources = bf.getBeanNamesForType(BaseLdapPathContextSource.class);
if (sources.length == 0) { if (sources.length == 0) {
throw new SecurityConfigurationException("No SpringSecurityContextSource instances found. Have you " + throw new SecurityConfigurationException("No BaseLdapPathContextSource instances found. Have you " +
"added an <" + Elements.LDAP_SERVER + " /> element to your application context?"); "added an <" + Elements.LDAP_SERVER + " /> element to your application context?");
} }
if (!bf.containsBean(BeanIds.CONTEXT_SOURCE) && defaultNameRequired) { if (!bf.containsBean(BeanIds.CONTEXT_SOURCE) && defaultNameRequired) {
if (sources.length > 1) { if (sources.length > 1) {
throw new SecurityConfigurationException("More than one SpringSecurityContextSource instance found. " + throw new SecurityConfigurationException("More than one BaseLdapPathContextSource instance found. " +
"Please specify a specific server id using the 'server-ref' attribute when configuring your <" + "Please specify a specific server id using the 'server-ref' attribute when configuring your <" +
Elements.LDAP_PROVIDER + "> " + "or <" + Elements.LDAP_USER_SERVICE + ">."); Elements.LDAP_PROVIDER + "> " + "or <" + Elements.LDAP_USER_SERVICE + ">.");
} }
bf.registerAlias(sources[0], BeanIds.CONTEXT_SOURCE); bf.registerAlias(sources[0], BeanIds.CONTEXT_SOURCE);
} }
} }
public void setDefaultNameRequired(boolean defaultNameRequired) { public void setDefaultNameRequired(boolean defaultNameRequired) {
this.defaultNameRequired = defaultNameRequired; this.defaultNameRequired = defaultNameRequired;
} }
@ -53,7 +53,7 @@ class LdapConfigUtils {
return LOWEST_PRECEDENCE; return LOWEST_PRECEDENCE;
} }
} }
static void registerPostProcessorIfNecessary(BeanDefinitionRegistry registry, boolean defaultNameRequired) { static void registerPostProcessorIfNecessary(BeanDefinitionRegistry registry, boolean defaultNameRequired) {
if (registry.containsBeanDefinition(BeanIds.CONTEXT_SOURCE_SETTING_POST_PROCESSOR)) { if (registry.containsBeanDefinition(BeanIds.CONTEXT_SOURCE_SETTING_POST_PROCESSOR)) {
if (defaultNameRequired) { if (defaultNameRequired) {
@ -63,7 +63,7 @@ class LdapConfigUtils {
return; return;
} }
BeanDefinition bd = new RootBeanDefinition(ContextSourceSettingPostProcessor.class); BeanDefinition bd = new RootBeanDefinition(ContextSourceSettingPostProcessor.class);
registry.registerBeanDefinition(BeanIds.CONTEXT_SOURCE_SETTING_POST_PROCESSOR, bd); registry.registerBeanDefinition(BeanIds.CONTEXT_SOURCE_SETTING_POST_PROCESSOR, bd);
bd.getPropertyValues().addPropertyValue("defaultNameRequired", Boolean.valueOf(defaultNameRequired)); bd.getPropertyValues().addPropertyValue("defaultNameRequired", Boolean.valueOf(defaultNameRequired));
} }

View File

@ -1,39 +1,30 @@
package org.springframework.security.ldap; package org.springframework.security.ldap;
import org.springframework.security.BadCredentialsException; import java.util.ArrayList;
import org.springframework.security.SpringSecurityMessageSource; import java.util.StringTokenizer;
import org.springframework.context.MessageSource;
import org.springframework.context.MessageSourceAware;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.ldap.core.support.LdapContextSource;
import org.springframework.util.Assert;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.springframework.ldap.core.support.LdapContextSource;
import javax.naming.Context; import org.springframework.util.Assert;
import javax.naming.directory.DirContext;
import java.util.ArrayList;
import java.util.Hashtable;
import java.util.StringTokenizer;
/** /**
* SpringSecurityContextSource implementation which uses Spring LDAP's <tt>LdapContextSource</tt> as a base * ContextSource implementation which uses Spring LDAP's <tt>LdapContextSource</tt> as a base
* class. Intended as a replacement for <tt>DefaultInitialDirContextFactory</tt> from versions of the framework prior * class. Used internally by the Spring Security LDAP namespace configuration.
* to 2.0. * <p>
* From Spring Security 2.5, Spring LDAP 1.3 is used and the <tt>ContextSource</tt> interface
* provides support for binding with a username and password. As a result, Spring LDAP <tt>ContextSource</tt>
* implementations such as <tt>LdapContextSource</tt> may be used directly with Spring Security.
* *
* @author Luke Taylor * @author Luke Taylor
* @version $Id$ * @version $Id$
* @since 2.0 * @since 2.0
*/ */
public class DefaultSpringSecurityContextSource extends LdapContextSource implements SpringSecurityContextSource, public class DefaultSpringSecurityContextSource extends LdapContextSource {
MessageSourceAware {
private static final Log logger = LogFactory.getLog(DefaultSpringSecurityContextSource.class); private static final Log logger = LogFactory.getLog(DefaultSpringSecurityContextSource.class);
private String rootDn; private String rootDn;
protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
/** /**
* Create and initialize an instance which will connect to the supplied LDAP URL. * Create and initialize an instance which will connect to the supplied LDAP URL.
* *
@ -65,31 +56,4 @@ public class DefaultSpringSecurityContextSource extends LdapContextSource implem
super.setUrls(urls.toArray(new String[urls.size()])); super.setUrls(urls.toArray(new String[urls.size()]));
super.setBase(rootDn); super.setBase(rootDn);
} }
@SuppressWarnings("unchecked")
public DirContext getReadWriteContext(String userDn, Object credentials) {
Hashtable env = new Hashtable(getAnonymousEnv());
env.put(Context.SECURITY_PRINCIPAL, userDn);
env.put(Context.SECURITY_CREDENTIALS, credentials);
if (logger.isDebugEnabled()) {
logger.debug("Creating context with principal: '" + userDn + "'");
}
try {
return createContext(env);
} catch (org.springframework.ldap.NamingException e) {
if ((e instanceof org.springframework.ldap.AuthenticationException)
|| (e instanceof org.springframework.ldap.OperationNotSupportedException)) {
throw new BadCredentialsException(
messages.getMessage("DefaultSpringSecurityContextSource.badCredentials", "Bad credentials"), e);
}
throw e;
}
}
public void setMessageSource(MessageSource messageSource) {
this.messages = new MessageSourceAccessor(messageSource);
}
} }

View File

@ -48,9 +48,9 @@ public class BindAuthenticator extends AbstractLdapAuthenticator {
//~ Constructors =================================================================================================== //~ Constructors ===================================================================================================
/** /**
* Create an initialized instance using the {@link SpringSecurityContextSource} provided. * Create an initialized instance using the {@link BaseLdapPathContextSource} provided.
* *
* @param contextSource the SpringSecurityContextSource instance against which bind operations will be * @param contextSource the BaseLdapPathContextSource instance against which bind operations will be
* performed. * performed.
* *
*/ */

View File

@ -1,12 +1,10 @@
package org.springframework.security.config; package org.springframework.security.config;
import org.springframework.security.util.InMemoryXmlApplicationContext;
import org.springframework.security.ldap.SpringSecurityContextSource;
import org.springframework.ldap.core.LdapTemplate;
import org.junit.Test;
import org.junit.After; import org.junit.After;
import org.junit.Test;
import org.springframework.ldap.core.LdapTemplate;
import org.springframework.security.ldap.DefaultSpringSecurityContextSource;
import org.springframework.security.util.InMemoryXmlApplicationContext;
/** /**
* @author Luke Taylor * @author Luke Taylor
@ -27,7 +25,7 @@ public class LdapServerBeanDefinitionParserTests {
public void embeddedServerCreationContainsExpectedContextSourceAndData() { public void embeddedServerCreationContainsExpectedContextSourceAndData() {
appCtx = new InMemoryXmlApplicationContext("<ldap-server />"); appCtx = new InMemoryXmlApplicationContext("<ldap-server />");
SpringSecurityContextSource contextSource = (SpringSecurityContextSource) appCtx.getBean(BeanIds.CONTEXT_SOURCE); DefaultSpringSecurityContextSource contextSource = (DefaultSpringSecurityContextSource) appCtx.getBean(BeanIds.CONTEXT_SOURCE);
// Check data is loaded // Check data is loaded
LdapTemplate template = new LdapTemplate(contextSource); LdapTemplate template = new LdapTemplate(contextSource);
@ -43,7 +41,7 @@ public class LdapServerBeanDefinitionParserTests {
// Check the default context source is still there. // Check the default context source is still there.
appCtx.getBean(BeanIds.CONTEXT_SOURCE); appCtx.getBean(BeanIds.CONTEXT_SOURCE);
SpringSecurityContextSource contextSource = (SpringSecurityContextSource) appCtx.getBean("blah"); DefaultSpringSecurityContextSource contextSource = (DefaultSpringSecurityContextSource) appCtx.getBean("blah");
// Check data is loaded as before // Check data is loaded as before
LdapTemplate template = new LdapTemplate(contextSource); LdapTemplate template = new LdapTemplate(contextSource);
@ -54,7 +52,7 @@ public class LdapServerBeanDefinitionParserTests {
public void loadingSpecificLdifFileIsSuccessful() { public void loadingSpecificLdifFileIsSuccessful() {
appCtx = new InMemoryXmlApplicationContext( appCtx = new InMemoryXmlApplicationContext(
"<ldap-server ldif='classpath*:test-server2.xldif' root='dc=monkeymachine,dc=co,dc=uk' />"); "<ldap-server ldif='classpath*:test-server2.xldif' root='dc=monkeymachine,dc=co,dc=uk' />");
SpringSecurityContextSource contextSource = (SpringSecurityContextSource) appCtx.getBean(BeanIds.CONTEXT_SOURCE); DefaultSpringSecurityContextSource contextSource = (DefaultSpringSecurityContextSource) appCtx.getBean(BeanIds.CONTEXT_SOURCE);
LdapTemplate template = new LdapTemplate(contextSource); LdapTemplate template = new LdapTemplate(contextSource);
template.lookup("uid=pg,ou=gorillas"); template.lookup("uid=pg,ou=gorillas");