GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

SEC-1909: Namespace configuration no longer uses deprecated API's 

Previously the namespace configuration used deprecated API's
causing warnings to show up in Spring Tool suite when editing
Spring configuration files.

Now the namespace configuration uses the replacement API's for
those that have been deprecated. The tests have also been updated
to ensure the new constructors are used and that the updates did
not break anything.
pull/7/merge
Rob Winch 14 years ago
parent
b196d70f99
commit
06638db289
8 changed files with 222 additions and 42 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 55
      config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java
  2. 17
      config/src/main/java/org/springframework/security/config/http/FormLoginBeanDefinitionParser.java
  3. 26
      config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java
  4. 37
      config/src/main/java/org/springframework/security/config/http/RememberMeBeanDefinitionParser.java
  5. 18
      config/src/main/java/org/springframework/security/config/method/MethodConfigUtils.java
  6. 28
      config/src/test/groovy/org/springframework/security/config/http/MiscHttpConfigTests.groovy
  7. 53
      config/src/test/groovy/org/springframework/security/config/http/RememberMeConfigTests.groovy
  8. 30
      config/src/test/groovy/org/springframework/security/config/http/SessionManagementConfigTests.groovy

55
config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java
Unescape View File

@ -1,3 +1,18 @@ @@ -1,3 +1,18 @@
/*
* Copyright 2002-2012 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.config.http;
import static org.springframework.security.config.http.SecurityFilters.*;
@ -5,10 +20,10 @@ import static org.springframework.security.config.http.SecurityFilters.*; @@ -5,10 +20,10 @@ import static org.springframework.security.config.http.SecurityFilters.*;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.BeanMetadataElement;
import org.springframework.beans.PropertyValue;
import org.springframework.beans.PropertyValues;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.beans.factory.config.BeanReference;
import org.springframework.beans.factory.config.ConstructorArgumentValues;
import org.springframework.beans.factory.config.ConstructorArgumentValues.ValueHolder;
import org.springframework.beans.factory.config.RuntimeBeanReference;
import org.springframework.beans.factory.parsing.BeanComponentDefinition;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
@ -20,6 +35,7 @@ import org.springframework.security.authentication.AnonymousAuthenticationProvid @@ -20,6 +35,7 @@ import org.springframework.security.authentication.AnonymousAuthenticationProvid
import org.springframework.security.authentication.RememberMeAuthenticationProvider;
import org.springframework.security.config.BeanIds;
import org.springframework.security.config.Elements;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.authority.mapping.SimpleAttributes2GrantedAuthoritiesMapper;
import org.springframework.security.core.authority.mapping.SimpleMappableAttributesRetriever;
import org.springframework.security.web.access.AccessDeniedHandlerImpl;
@ -143,9 +159,9 @@ final class AuthenticationConfigBuilder { @@ -143,9 +159,9 @@ final class AuthenticationConfigBuilder {
key = createKey();
}
rememberMeFilter = new RememberMeBeanDefinitionParser(key).parse(rememberMeElt, pc);
rememberMeFilter.getPropertyValues().addPropertyValue("authenticationManager", authenticationManager);
rememberMeServicesId = ((RuntimeBeanReference) rememberMeFilter.getPropertyValues().getPropertyValue("rememberMeServices").getValue()).getBeanName();
RememberMeBeanDefinitionParser rememberMeParser = new RememberMeBeanDefinitionParser(key, authenticationManager);
rememberMeFilter = rememberMeParser.parse(rememberMeElt, pc);
rememberMeServicesId = rememberMeParser.getRememberMeServicesId();
createRememberMeProvider(key);
}
}
@ -154,7 +170,7 @@ final class AuthenticationConfigBuilder { @@ -154,7 +170,7 @@ final class AuthenticationConfigBuilder {
RootBeanDefinition provider = new RootBeanDefinition(RememberMeAuthenticationProvider.class);
provider.setSource(rememberMeFilter.getSource());
provider.getPropertyValues().addPropertyValue("key", key);
provider.getConstructorArgumentValues().addGenericArgumentValue(key);
String id = pc.getReaderContext().generateBeanName(provider);
pc.registerBeanComponent(new BeanComponentDefinition(provider, id));
@ -320,8 +336,8 @@ final class AuthenticationConfigBuilder { @@ -320,8 +336,8 @@ final class AuthenticationConfigBuilder {
basicEntryPoint = new RuntimeBeanReference(entryPointId);
}
filterBuilder.addPropertyValue("authenticationManager", authManager);
filterBuilder.addPropertyValue("authenticationEntryPoint", basicEntryPoint);
filterBuilder.addConstructorArgValue(authManager);
filterBuilder.addConstructorArgValue(basicEntryPoint);
basicFilter = filterBuilder.getBeanDefinition();
}
@ -500,15 +516,14 @@ final class AuthenticationConfigBuilder { @@ -500,15 +516,14 @@ final class AuthenticationConfigBuilder {
}
anonymousFilter = new RootBeanDefinition(AnonymousAuthenticationFilter.class);
PropertyValue keyPV = new PropertyValue("key", key);
anonymousFilter.getConstructorArgumentValues().addIndexedArgumentValue(0, key);
anonymousFilter.getConstructorArgumentValues().addIndexedArgumentValue(1, username);
anonymousFilter.getConstructorArgumentValues().addIndexedArgumentValue(2, AuthorityUtils.createAuthorityList(grantedAuthority));
anonymousFilter.setSource(source);
anonymousFilter.getPropertyValues().addPropertyValue("userAttribute", username + "," + grantedAuthority);
anonymousFilter.getPropertyValues().addPropertyValue(keyPV);
RootBeanDefinition anonymousProviderBean = new RootBeanDefinition(AnonymousAuthenticationProvider.class);
anonymousProviderBean.getConstructorArgumentValues().addIndexedArgumentValue(0, key);
anonymousProviderBean.setSource(anonymousFilter.getSource());
anonymousProviderBean.getPropertyValues().addPropertyValue(keyPV);
String id = pc.getReaderContext().generateBeanName(anonymousProviderBean);
pc.registerBeanComponent(new BeanComponentDefinition(anonymousProviderBean, id));
@ -525,8 +540,8 @@ final class AuthenticationConfigBuilder { @@ -525,8 +540,8 @@ final class AuthenticationConfigBuilder {
BeanDefinitionBuilder etfBuilder = BeanDefinitionBuilder.rootBeanDefinition(ExceptionTranslationFilter.class);
etfBuilder.addPropertyValue("accessDeniedHandler", createAccessDeniedHandler(httpElt, pc));
assert requestCache != null;
etfBuilder.addPropertyValue("requestCache", requestCache);
etfBuilder.addPropertyValue("authenticationEntryPoint", selectEntryPoint());
etfBuilder.addConstructorArgValue(selectEntryPoint());
etfBuilder.addConstructorArgValue(requestCache);
etf = etfBuilder.getBeanDefinition();
}
@ -620,18 +635,18 @@ final class AuthenticationConfigBuilder { @@ -620,18 +635,18 @@ final class AuthenticationConfigBuilder {
return null;
}
PropertyValues pvs = entryPoint.getPropertyValues();
PropertyValue pv = pvs.getPropertyValue("loginFormUrl");
if (pv == null) {
ConstructorArgumentValues cavs = entryPoint.getConstructorArgumentValues();
ValueHolder vh = cavs.getIndexedArgumentValue(0, String.class);
if (vh == null) {
return null;
}
// If the login URL is the default one, then it is assumed not to have been set explicitly
if (DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL.equals(pv.getValue())) {
if (DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL.equals(vh.getValue())) {
return null;
}
return (String) pv.getValue();
return (String) vh.getValue();
}
private void createUserDetailsServiceFactory() {

17
config/src/main/java/org/springframework/security/config/http/FormLoginBeanDefinitionParser.java
Unescape View File

@ -1,3 +1,18 @@ @@ -1,3 +1,18 @@
/*
* Copyright 2002-2012 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.config.http;
import org.apache.commons.logging.Log;
@ -115,7 +130,7 @@ public class FormLoginBeanDefinitionParser { @@ -115,7 +130,7 @@ public class FormLoginBeanDefinitionParser {
BeanDefinitionBuilder entryPointBuilder =
BeanDefinitionBuilder.rootBeanDefinition(LoginUrlAuthenticationEntryPoint.class);
entryPointBuilder.getRawBeanDefinition().setSource(source);
entryPointBuilder.addPropertyValue("loginFormUrl", loginPage != null ? loginPage : DEF_LOGIN_PAGE);
entryPointBuilder.addConstructorArgValue(loginPage != null ? loginPage : DEF_LOGIN_PAGE);
entryPointBuilder.addPropertyValue("portMapper", portMapper);
entryPointBuilder.addPropertyValue("portResolver", portResolver);
entryPointBean = (RootBeanDefinition) entryPointBuilder.getBeanDefinition();

26
config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java
Unescape View File

@ -1,3 +1,18 @@ @@ -1,3 +1,18 @@
/*
* Copyright 2002-2012 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.config.http;
import static org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.*;
@ -22,7 +37,6 @@ import org.springframework.security.access.vote.AuthenticatedVoter; @@ -22,7 +37,6 @@ import org.springframework.security.access.vote.AuthenticatedVoter;
import org.springframework.security.access.vote.RoleVoter;
import org.springframework.security.config.Elements;
import org.springframework.security.core.session.SessionRegistryImpl;
import org.springframework.security.web.PortResolverImpl;
import org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator;
import org.springframework.security.web.access.channel.ChannelDecisionManagerImpl;
import org.springframework.security.web.access.channel.ChannelProcessingFilter;
@ -179,7 +193,7 @@ class HttpConfigurationBuilder { @@ -179,7 +193,7 @@ class HttpConfigurationBuilder {
}
contextRepoRef = new RuntimeBeanReference(repoRef);
scpf.addPropertyValue("securityContextRepository", contextRepoRef);
scpf.addConstructorArgValue(contextRepoRef);
securityContextPersistenceFilter = scpf.getBeanDefinition();
}
@ -277,7 +291,7 @@ class HttpConfigurationBuilder { @@ -277,7 +291,7 @@ class HttpConfigurationBuilder {
sessionMgmtFilter.addPropertyValue("invalidSessionStrategy", new SimpleRedirectInvalidSessionStrategy(invalidSessionUrl));
}
sessionMgmtFilter.addPropertyReference("sessionAuthenticationStrategy", sessionAuthStratRef);
sessionMgmtFilter.addConstructorArgReference(sessionAuthStratRef);
sfpf = (RootBeanDefinition) sessionMgmtFilter.getBeanDefinition();
sessionStrategyRef = new RuntimeBeanReference(sessionAuthStratRef);
@ -310,7 +324,7 @@ class HttpConfigurationBuilder { @@ -310,7 +324,7 @@ class HttpConfigurationBuilder {
BeanDefinitionBuilder filterBuilder =
BeanDefinitionBuilder.rootBeanDefinition(ConcurrentSessionFilter.class);
filterBuilder.addPropertyReference("sessionRegistry", sessionRegistryId);
filterBuilder.addConstructorArgReference(sessionRegistryId);
Object source = pc.extractSource(element);
filterBuilder.getRawBeanDefinition().setSource(source);
@ -320,7 +334,7 @@ class HttpConfigurationBuilder { @@ -320,7 +334,7 @@ class HttpConfigurationBuilder {
if (StringUtils.hasText(expiryUrl)) {
WebConfigUtils.validateHttpRedirect(expiryUrl, pc, source);
filterBuilder.addPropertyValue("expiredUrl", expiryUrl);
filterBuilder.addConstructorArgValue(expiryUrl);
}
pc.popAndRegisterContainingComponent();
@ -450,7 +464,7 @@ class HttpConfigurationBuilder { @@ -450,7 +464,7 @@ class HttpConfigurationBuilder {
}
requestCacheAwareFilter = new RootBeanDefinition(RequestCacheAwareFilter.class);
requestCacheAwareFilter.getPropertyValues().addPropertyValue("requestCache", requestCache);
requestCacheAwareFilter.getConstructorArgumentValues().addGenericArgumentValue(requestCache);
}
private void createFilterSecurityInterceptor(BeanReference authManager) {

37
config/src/main/java/org/springframework/security/config/http/RememberMeBeanDefinitionParser.java
Unescape View File

@ -1,8 +1,24 @@ @@ -1,8 +1,24 @@
/*
* Copyright 2002-2012 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.config.http;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.beans.factory.config.BeanReference;
import org.springframework.beans.factory.config.RuntimeBeanReference;
import org.springframework.beans.factory.parsing.BeanComponentDefinition;
import org.springframework.beans.factory.parsing.CompositeComponentDefinition;
@ -21,6 +37,7 @@ import org.w3c.dom.Element; @@ -21,6 +37,7 @@ import org.w3c.dom.Element;
/**
* @author Luke Taylor
* @author Ben Alex
* @author Rob Winch
*/
class RememberMeBeanDefinitionParser implements BeanDefinitionParser {
static final String ATT_DATA_SOURCE = "data-source-ref";
@ -34,9 +51,12 @@ class RememberMeBeanDefinitionParser implements BeanDefinitionParser { @@ -34,9 +51,12 @@ class RememberMeBeanDefinitionParser implements BeanDefinitionParser {
protected final Log logger = LogFactory.getLog(getClass());
private final String key;
private final BeanReference authenticationManager;
private String rememberMeServicesId;
RememberMeBeanDefinitionParser(String key) {
RememberMeBeanDefinitionParser(String key, BeanReference authenticationManager) {
this.key = key;
this.authenticationManager = authenticationManager;
}
public BeanDefinition parse(Element element, ParserContext pc) {
@ -83,7 +103,7 @@ class RememberMeBeanDefinitionParser implements BeanDefinitionParser { @@ -83,7 +103,7 @@ class RememberMeBeanDefinitionParser implements BeanDefinitionParser {
((BeanDefinition)tokenRepo).getPropertyValues().addPropertyValue("dataSource",
new RuntimeBeanReference(dataSource));
}
services.getPropertyValues().addPropertyValue("tokenRepository", tokenRepo);
services.getConstructorArgumentValues().addIndexedArgumentValue(2, tokenRepo);
} else if (!servicesRefSet) {
services = new RootBeanDefinition(TokenBasedRememberMeServices.class);
}
@ -96,7 +116,9 @@ class RememberMeBeanDefinitionParser implements BeanDefinitionParser { @@ -96,7 +116,9 @@ class RememberMeBeanDefinitionParser implements BeanDefinitionParser {
uds.setFactoryMethodName("cachingUserDetailsService");
uds.getConstructorArgumentValues().addGenericArgumentValue(userServiceRef);
services.getPropertyValues().addPropertyValue("userDetailsService", uds);
services.getConstructorArgumentValues().addGenericArgumentValue(key);
services.getConstructorArgumentValues().addGenericArgumentValue(uds);
// tokenRepo is already added if it is a PersistentTokenBasedRememberMeServices
String useSecureCookie = element.getAttribute(ATT_SECURE_COOKIE);
if (StringUtils.hasText(useSecureCookie)) {
@ -112,7 +134,6 @@ class RememberMeBeanDefinitionParser implements BeanDefinitionParser { @@ -112,7 +134,6 @@ class RememberMeBeanDefinitionParser implements BeanDefinitionParser {
services.getPropertyValues().addPropertyValue("tokenValiditySeconds", tokenValidity);
}
services.setSource(source);
services.getPropertyValues().addPropertyValue("key", key);
servicesName = pc.getReaderContext().generateBeanName(services);
pc.registerBeanComponent(new BeanComponentDefinition(services, servicesName));
} else {
@ -123,6 +144,8 @@ class RememberMeBeanDefinitionParser implements BeanDefinitionParser { @@ -123,6 +144,8 @@ class RememberMeBeanDefinitionParser implements BeanDefinitionParser {
pc.getRegistry().registerAlias(servicesName, element.getAttribute(ATT_SERVICES_ALIAS));
}
this.rememberMeServicesId = servicesName;
BeanDefinitionBuilder filter = BeanDefinitionBuilder.rootBeanDefinition(RememberMeAuthenticationFilter.class);
filter.getRawBeanDefinition().setSource(source);
@ -130,11 +153,15 @@ class RememberMeBeanDefinitionParser implements BeanDefinitionParser { @@ -130,11 +153,15 @@ class RememberMeBeanDefinitionParser implements BeanDefinitionParser {
filter.addPropertyReference("authenticationSuccessHandler", successHandlerRef);
}
filter.addPropertyReference("rememberMeServices", servicesName);
filter.addConstructorArgValue(authenticationManager);
filter.addConstructorArgReference(servicesName);
pc.popAndRegisterContainingComponent();
return filter.getBeanDefinition();
}
String getRememberMeServicesId() {
return this.rememberMeServicesId;
}
}

18
config/src/main/java/org/springframework/security/config/method/MethodConfigUtils.java
Unescape View File

@ -1,3 +1,18 @@ @@ -1,3 +1,18 @@
/*
* Copyright 2002-2012 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.config.method;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
@ -15,6 +30,7 @@ import org.springframework.security.config.BeanIds; @@ -15,6 +30,7 @@ import org.springframework.security.config.BeanIds;
*
* @author Luke Taylor
* @author Ben Alex
* @author Rob Winch
*/
abstract class MethodConfigUtils {
@SuppressWarnings("unchecked")
@ -34,7 +50,7 @@ abstract class MethodConfigUtils { @@ -34,7 +50,7 @@ abstract class MethodConfigUtils {
}
BeanDefinitionBuilder accessMgrBuilder = BeanDefinitionBuilder.rootBeanDefinition(AffirmativeBased.class);
accessMgrBuilder.addPropertyValue("decisionVoters", defaultVoters);
accessMgrBuilder.addConstructorArgValue(defaultVoters);
return (RootBeanDefinition) accessMgrBuilder.getBeanDefinition();
}
}

28
config/src/test/groovy/org/springframework/security/config/http/MiscHttpConfigTests.groovy
Unescape View File

@ -1,3 +1,18 @@ @@ -1,3 +1,18 @@
/*
* Copyright 2002-2012 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.config.http;
@ -12,6 +27,7 @@ import org.springframework.mock.web.MockHttpServletRequest @@ -12,6 +27,7 @@ import org.springframework.mock.web.MockHttpServletRequest
import org.springframework.mock.web.MockHttpServletResponse
import org.springframework.security.access.AccessDeniedException
import org.springframework.security.access.SecurityConfig
import org.springframework.security.authentication.AnonymousAuthenticationProvider;
import org.springframework.security.authentication.TestingAuthenticationToken
import org.springframework.security.config.BeanIds
import org.springframework.security.config.MockUserServiceBeanPostProcessor
@ -56,6 +72,12 @@ import org.springframework.security.web.access.expression.DefaultWebSecurityExpr @@ -56,6 +72,12 @@ import org.springframework.security.web.access.expression.DefaultWebSecurityExpr
import org.springframework.security.web.util.AntPathRequestMatcher
import org.springframework.security.authentication.AuthenticationManager
/**
*
* @author Luke Taylor
* @author Rob Winch
*/
class MiscHttpConfigTests extends AbstractHttpConfigTests {
def 'Minimal configuration parses'() {
setup:
@ -181,8 +203,10 @@ class MiscHttpConfigTests extends AbstractHttpConfigTests { @@ -181,8 +203,10 @@ class MiscHttpConfigTests extends AbstractHttpConfigTests {
createAppContext()
AnonymousAuthenticationFilter filter = getFilter(AnonymousAuthenticationFilter);
def providers = appContext.getBeansOfType(AuthenticationManager).values()*.providers.flatten()
expect:
'customKey' == providers.find { it instanceof AnonymousAuthenticationProvider }.key
'customKey' == filter.key
'joe' == filter.principal
'anonymity' == filter.authorities[0].authority
@ -667,7 +691,7 @@ class MiscHttpConfigTests extends AbstractHttpConfigTests { @@ -667,7 +691,7 @@ class MiscHttpConfigTests extends AbstractHttpConfigTests {
def customAccessDecisionManagerIsSupported() {
xml.http('auto-config': 'true', 'access-decision-manager-ref': 'adm')
xml.'b:bean'(id: 'adm', 'class': AffirmativeBased.class.name) {
'b:property'(name: 'decisionVoters') {
'b:constructor-arg' {
'b:list'() {
'b:bean'('class': RoleVoter.class.name)
'b:bean'('class': RoleVoter.class.name)
@ -736,6 +760,6 @@ class MockPermissionEvaluator implements PermissionEvaluator { @@ -736,6 +760,6 @@ class MockPermissionEvaluator implements PermissionEvaluator {
class MockEntryPoint extends LoginUrlAuthenticationEntryPoint {
public MockEntryPoint() {
super.setLoginFormUrl("/notused");
super("/notused");
}
}

53
config/src/test/groovy/org/springframework/security/config/http/RememberMeConfigTests.groovy
Unescape View File

@ -1,3 +1,18 @@ @@ -1,3 +1,18 @@
/*
* Copyright 2002-2012 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.config.http
import org.springframework.beans.factory.parsing.BeanDefinitionParsingException
@ -9,15 +24,19 @@ import org.springframework.security.core.userdetails.MockUserDetailsService @@ -9,15 +24,19 @@ import org.springframework.security.core.userdetails.MockUserDetailsService
import org.springframework.security.util.FieldUtils
import org.springframework.security.web.authentication.logout.LogoutFilter
import org.springframework.security.web.authentication.rememberme.InMemoryTokenRepositoryImpl
import org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl;
import org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices
import org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter
import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices
import static org.springframework.security.config.ConfigTestUtils.AUTH_PROVIDER_XML
import org.springframework.security.web.authentication.RememberMeServices;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler
/**
*
* @author Luke Taylor
* @author Rob Winch
*/
class RememberMeConfigTests extends AbstractHttpConfigTests {
@ -25,13 +44,16 @@ class RememberMeConfigTests extends AbstractHttpConfigTests { @@ -25,13 +44,16 @@ class RememberMeConfigTests extends AbstractHttpConfigTests {
httpAutoConfig () {
'remember-me'('token-repository-ref': 'tokenRepo')
}
bean('tokenRepo', InMemoryTokenRepositoryImpl.class.name)
bean('tokenRepo', CustomTokenRepository.class.name)
createAppContext(AUTH_PROVIDER_XML)
def rememberMeServices = rememberMeServices()
expect:
rememberMeServices() instanceof PersistentTokenBasedRememberMeServices
FieldUtils.getFieldValue(rememberMeServices(), "useSecureCookie") == null
rememberMeServices instanceof PersistentTokenBasedRememberMeServices
rememberMeServices.tokenRepository instanceof CustomTokenRepository
FieldUtils.getFieldValue(rememberMeServices, "useSecureCookie") == null
}
def rememberMeServiceWorksWithDataSourceRef() {
@ -42,8 +64,11 @@ class RememberMeConfigTests extends AbstractHttpConfigTests { @@ -42,8 +64,11 @@ class RememberMeConfigTests extends AbstractHttpConfigTests {
createAppContext(AUTH_PROVIDER_XML)
def rememberMeServices = rememberMeServices()
expect:
rememberMeServices() instanceof PersistentTokenBasedRememberMeServices
rememberMeServices instanceof PersistentTokenBasedRememberMeServices
rememberMeServices.tokenRepository instanceof JdbcTokenRepositoryImpl
}
def rememberMeServiceWorksWithAuthenticationSuccessHandlerRef() {
@ -62,8 +87,11 @@ class RememberMeConfigTests extends AbstractHttpConfigTests { @@ -62,8 +87,11 @@ class RememberMeConfigTests extends AbstractHttpConfigTests {
httpAutoConfig () {
'remember-me'('key': "#{'our' + 'key'}", 'services-ref': 'rms')
}
bean('rms', TokenBasedRememberMeServices.class.name,
['key':'ourKey', 'tokenValiditySeconds':'5000'], ['userDetailsService':'us'])
xml.'b:bean'(id: 'rms', 'class': TokenBasedRememberMeServices.class.name) {
'b:constructor-arg'(value: 'ourKey')
'b:constructor-arg'(ref: 'us')
'b:property'(name: 'tokenValiditySeconds', value: '5000')
}
createAppContext(AUTH_PROVIDER_XML)
@ -88,8 +116,15 @@ class RememberMeConfigTests extends AbstractHttpConfigTests { @@ -88,8 +116,15 @@ class RememberMeConfigTests extends AbstractHttpConfigTests {
}
createAppContext(AUTH_PROVIDER_XML)
def rememberMeServices = rememberMeServices()
def rememberMeFilter = getFilter(RememberMeAuthenticationFilter.class)
expect:
rememberMeServices().tokenValiditySeconds == 10000
rememberMeFilter.authenticationManager
rememberMeServices.key == 'ourkey'
rememberMeServices.tokenValiditySeconds == 10000
rememberMeServices.userDetailsService
}
def 'Remember-me token validity allows negative value for non-persistent implementation'() {
@ -165,4 +200,8 @@ class RememberMeConfigTests extends AbstractHttpConfigTests { @@ -165,4 +200,8 @@ class RememberMeConfigTests extends AbstractHttpConfigTests {
def rememberMeServices() {
getFilter(RememberMeAuthenticationFilter.class).getRememberMeServices()
}
static class CustomTokenRepository extends InMemoryTokenRepositoryImpl {
}
}

30
config/src/test/groovy/org/springframework/security/config/http/SessionManagementConfigTests.groovy
Unescape View File

@ -1,3 +1,18 @@ @@ -1,3 +1,18 @@
/*
* Copyright 2002-2012 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.config.http
import org.springframework.mock.web.MockFilterChain
@ -22,6 +37,7 @@ import static org.junit.Assert.assertSame @@ -22,6 +37,7 @@ import static org.junit.Assert.assertSame
* Tests session-related functionality for the <http> namespace element and <session-management>
*
* @author Luke Taylor
* @author Rob Winch
*/
class SessionManagementConfigTests extends AbstractHttpConfigTests {
@ -87,11 +103,25 @@ class SessionManagementConfigTests extends AbstractHttpConfigTests { @@ -87,11 +103,25 @@ class SessionManagementConfigTests extends AbstractHttpConfigTests {
expect:
filters.get(0) instanceof ConcurrentSessionFilter
filters.get(0).expiredUrl == '/expired'
appContext.getBean("sr") != null
getFilter(SessionManagementFilter.class) != null
sessionRegistryIsValid();
}
def 'concurrency-control handles default expired-url as null'() {
httpAutoConfig {
'session-management'() {
'concurrency-control'('session-registry-alias':'sr')
}
}
createAppContext();
List filters = getFilters("/someurl");
expect:
filters.get(0).expiredUrl == null
}
def externalSessionStrategyIsSupported() {
when:
httpAutoConfig {

Write Preview
Loading…
Cancel
Save