SEC-1124: Refactored LDAP code into separate module

17 years ago · 4aae5ec42e
71 changed files with 112 additions and 230 deletions
--- a/core/pom.xml
+++ b/core/pom.xml
@ -58,11 +58,6 @@
				@@ -58,11 +58,6 @@
            <groupId>org.aspectj</groupId>
            <artifactId>com.springsource.org.aspectj.weaver</artifactId>
        </dependency>
-        <dependency>
-            <groupId>org.springframework.ldap</groupId>
-            <artifactId>spring-ldap-core</artifactId>
-            <optional>true</optional>
-        </dependency>
        <dependency>
            <groupId>cglib</groupId>
            <artifactId>cglib-nodep</artifactId>
@ -102,33 +97,13 @@
				@@ -102,33 +97,13 @@
            <artifactId>servlet-api</artifactId>
            <optional>true</optional>
        </dependency>
-        <dependency>
-            <groupId>org.apache.directory.server</groupId>
-            <artifactId>apacheds-core</artifactId>
-            <version>1.0.2</version>
-            <scope>compile</scope>
-            <optional>true</optional>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.directory.server</groupId>
-            <artifactId>apacheds-server-jndi</artifactId>
-            <version>1.0.2</version>
-            <scope>compile</scope>
-            <optional>true</optional>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.mina</groupId>
-            <artifactId>mina-core</artifactId>
-            <version>1.0.5</version>
-            <scope>compile</scope>
-            <optional>true</optional>
-        </dependency>
        <dependency>
            <groupId>org.apache.tomcat</groupId>
            <artifactId>annotations-api</artifactId>
            <version>6.0.14</version>
            <optional>true</optional>
        </dependency>
+<!--
        <dependency>
            <groupId>org.slf4j</groupId>
            <artifactId>slf4j-log4j12</artifactId>
@ -136,6 +111,7 @@
				@@ -136,6 +111,7 @@
            <scope>runtime</scope>
            <optional>true</optional>
        </dependency>
+ -->
        <dependency>
            <groupId>org.jmock</groupId>
            <artifactId>jmock-junit4</artifactId>
--- a/core/src/main/java/org/springframework/security/config/Elements.java
+++ b/core/src/main/java/org/springframework/security/config/Elements.java
@ -6,7 +6,7 @@ package org.springframework.security.config;
				@@ -6,7 +6,7 @@ package org.springframework.security.config;
 * @author Ben Alex
 * @version $Id$
 */
-abstract class Elements {
+public abstract class Elements {

    public static final String AUTHENTICATION_MANAGER = "authentication-manager";
    public static final String USER_SERVICE = "user-service";
--- a/core/src/main/java/org/springframework/security/config/LdapConfigUtils.java
+++ b/core/src/main/java/org/springframework/security/config/LdapConfigUtils.java
@ -1,71 +0,0 @@
				@@ -1,71 +0,0 @@
-package org.springframework.security.config;
-
-import org.springframework.beans.BeansException;
-import org.springframework.beans.factory.config.BeanDefinition;
-import org.springframework.beans.factory.config.BeanFactoryPostProcessor;
-import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
-import org.springframework.beans.factory.support.BeanDefinitionRegistry;
-import org.springframework.beans.factory.support.RootBeanDefinition;
-import org.springframework.core.Ordered;
-import org.springframework.ldap.core.support.BaseLdapPathContextSource;
-
-/**
- * @author Luke Taylor
- * @version $Id$
- * @since 2.0
- */
-class LdapConfigUtils {
-
-    /**
-     * Checks for the presence of a ContextSource instance. Also supplies the standard reference to any
-     * unconfigured <ldap-authentication-provider> or <ldap-user-service> beans. This is
-     * necessary in cases where the user has given the server a specific Id, but hasn't used
-     * the server-ref attribute to link this to the other ldap definitions. See SEC-799.
-     */
-    private static class ContextSourceSettingPostProcessor implements BeanFactoryPostProcessor, Ordered {
-        /** If set to true, a bean parser has indicated that the default context source name needs to be set */
-        private boolean defaultNameRequired;
-
-        public void postProcessBeanFactory(ConfigurableListableBeanFactory bf) throws BeansException {
-            String[] sources = bf.getBeanNamesForType(BaseLdapPathContextSource.class);
-
-            if (sources.length == 0) {
-                throw new SecurityConfigurationException("No BaseLdapPathContextSource instances found. Have you " +
-                        "added an <" + Elements.LDAP_SERVER + " /> element to your application context?");
-            }
-
-            if (!bf.containsBean(BeanIds.CONTEXT_SOURCE) && defaultNameRequired) {
-                if (sources.length > 1) {
-                    throw new SecurityConfigurationException("More than one BaseLdapPathContextSource instance found. " +
-                            "Please specify a specific server id using the 'server-ref' attribute when configuring your <" +
-                            Elements.LDAP_PROVIDER + "> " + "or <" + Elements.LDAP_USER_SERVICE + ">.");
-                }
-
-                bf.registerAlias(sources[0], BeanIds.CONTEXT_SOURCE);
-            }
-        }
-
-        public void setDefaultNameRequired(boolean defaultNameRequired) {
-            this.defaultNameRequired = defaultNameRequired;
-        }
-
-        public int getOrder() {
-            return LOWEST_PRECEDENCE;
-        }
-    }
-
-    static void registerPostProcessorIfNecessary(BeanDefinitionRegistry registry, boolean defaultNameRequired) {
-        if (registry.containsBeanDefinition(BeanIds.CONTEXT_SOURCE_SETTING_POST_PROCESSOR)) {
-            if (defaultNameRequired) {
-                BeanDefinition bd = registry.getBeanDefinition(BeanIds.CONTEXT_SOURCE_SETTING_POST_PROCESSOR);
-                bd.getPropertyValues().addPropertyValue("defaultNameRequired", Boolean.valueOf(defaultNameRequired));
-            }
-            return;
-        }
-
-        BeanDefinition bd = new RootBeanDefinition(ContextSourceSettingPostProcessor.class);
-        registry.registerBeanDefinition(BeanIds.CONTEXT_SOURCE_SETTING_POST_PROCESSOR, bd);
-        bd.getPropertyValues().addPropertyValue("defaultNameRequired", Boolean.valueOf(defaultNameRequired));
-    }
-
-}
--- a/core/src/main/java/org/springframework/security/config/LdapProviderBeanDefinitionParser.java
+++ b/core/src/main/java/org/springframework/security/config/LdapProviderBeanDefinitionParser.java
@ -1,17 +1,14 @@
				@@ -1,17 +1,14 @@
 package org.springframework.security.config;

+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
 import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.beans.factory.config.RuntimeBeanReference;
 import org.springframework.beans.factory.support.BeanDefinitionBuilder;
-import org.springframework.beans.factory.support.RootBeanDefinition;
 import org.springframework.beans.factory.xml.BeanDefinitionParser;
 import org.springframework.beans.factory.xml.ParserContext;
-import org.springframework.security.providers.encoding.PasswordEncoder;
 import org.springframework.util.StringUtils;
 import org.springframework.util.xml.DomUtils;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
 import org.w3c.dom.Element;

 /**
@ -83,9 +80,9 @@ public class LdapProviderBeanDefinitionParser implements BeanDefinitionParser {
				@@ -83,9 +80,9 @@ public class LdapProviderBeanDefinitionParser implements BeanDefinitionParser {
                    parserContext.getReaderContext().warning("Salt source information isn't valid when used with LDAP",
                            passwordEncoderElement);
                }
-            } else if (StringUtils.hasText(hash)) {
-                Class<? extends PasswordEncoder> encoderClass = PasswordEncoderParser.ENCODER_CLASSES.get(hash);
-                authenticatorBuilder.addPropertyValue("passwordEncoder", new RootBeanDefinition(encoderClass));
+            } else if (StringUtils.hasText(hash)) {;
+                authenticatorBuilder.addPropertyValue("passwordEncoder",
+                        PasswordEncoderParser.createPasswordEncoderBeanDefinition(hash, false));
            }
        }

--- a/core/src/main/java/org/springframework/security/config/LdapServerBeanDefinitionParser.java
+++ b/core/src/main/java/org/springframework/security/config/LdapServerBeanDefinitionParser.java
@ -148,7 +148,7 @@ public class LdapServerBeanDefinitionParser implements BeanDefinitionParser {
				@@ -148,7 +148,7 @@ public class LdapServerBeanDefinitionParser implements BeanDefinitionParser {
        contextSource.addPropertyValue("userDn", "uid=admin,ou=system");
        contextSource.addPropertyValue("password", "secret");

-        RootBeanDefinition apacheContainer = new RootBeanDefinition("org.springframework.security.config.ApacheDSContainer", null, null);
+        RootBeanDefinition apacheContainer = new RootBeanDefinition("org.springframework.security.config.ldap.ApacheDSContainer", null, null);
        apacheContainer.setSource(source);
        apacheContainer.getConstructorArgumentValues().addGenericArgumentValue(configuration.getBeanDefinition());
        apacheContainer.getConstructorArgumentValues().addGenericArgumentValue(contextSource.getBeanDefinition());
--- a/core/src/main/java/org/springframework/security/config/LdapUserServiceBeanDefinitionParser.java
+++ b/core/src/main/java/org/springframework/security/config/LdapUserServiceBeanDefinitionParser.java
@ -2,7 +2,9 @@ package org.springframework.security.config;
				@@ -2,7 +2,9 @@ package org.springframework.security.config;

 import org.springframework.beans.factory.xml.ParserContext;
 import org.springframework.beans.factory.support.BeanDefinitionBuilder;
+import org.springframework.beans.factory.support.BeanDefinitionRegistry;
 import org.springframework.beans.factory.support.RootBeanDefinition;
+import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.beans.factory.config.RuntimeBeanReference;
 import org.springframework.util.StringUtils;

@ -88,11 +90,25 @@ public class LdapUserServiceBeanDefinitionParser extends AbstractUserDetailsServ
				@@ -88,11 +90,25 @@ public class LdapUserServiceBeanDefinitionParser extends AbstractUserDetailsServ

        RuntimeBeanReference contextSource = new RuntimeBeanReference(server);
        contextSource.setSource(parserContext.extractSource(elt));
-        LdapConfigUtils.registerPostProcessorIfNecessary(parserContext.getRegistry(), requiresDefaultName);
+        registerPostProcessorIfNecessary(parserContext.getRegistry(), requiresDefaultName);

        return contextSource;
    }

+    private static void registerPostProcessorIfNecessary(BeanDefinitionRegistry registry, boolean defaultNameRequired) {
+        if (registry.containsBeanDefinition(BeanIds.CONTEXT_SOURCE_SETTING_POST_PROCESSOR)) {
+            if (defaultNameRequired) {
+                BeanDefinition bd = registry.getBeanDefinition(BeanIds.CONTEXT_SOURCE_SETTING_POST_PROCESSOR);
+                bd.getPropertyValues().addPropertyValue("defaultNameRequired", Boolean.valueOf(defaultNameRequired));
+            }
+            return;
+        }
+
+        BeanDefinitionBuilder bdb = BeanDefinitionBuilder.rootBeanDefinition("org.springframework.security.config.ldap.ContextSourceSettingPostProcessor");
+        bdb.addPropertyValue("defaultNameRequired", Boolean.valueOf(defaultNameRequired));
+        registry.registerBeanDefinition(BeanIds.CONTEXT_SOURCE_SETTING_POST_PROCESSOR, bdb.getBeanDefinition());
+    }
+
    static RootBeanDefinition parseUserDetailsClass(Element elt, ParserContext parserContext) {
        String userDetailsClass = elt.getAttribute(ATT_USER_CLASS);

--- a/core/src/main/java/org/springframework/security/config/PasswordEncoderParser.java
+++ b/core/src/main/java/org/springframework/security/config/PasswordEncoderParser.java
@ -6,16 +6,18 @@ import java.util.Map;
				@@ -6,16 +6,18 @@ import java.util.Map;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.springframework.beans.BeanMetadataElement;
+import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.beans.factory.config.RuntimeBeanReference;
+import org.springframework.beans.factory.support.BeanDefinitionBuilder;
 import org.springframework.beans.factory.support.RootBeanDefinition;
 import org.springframework.beans.factory.xml.ParserContext;
 import org.springframework.security.providers.encoding.BaseDigestPasswordEncoder;
+import org.springframework.security.providers.encoding.LdapShaPasswordEncoder;
 import org.springframework.security.providers.encoding.Md4PasswordEncoder;
 import org.springframework.security.providers.encoding.Md5PasswordEncoder;
 import org.springframework.security.providers.encoding.PasswordEncoder;
 import org.springframework.security.providers.encoding.PlaintextPasswordEncoder;
 import org.springframework.security.providers.encoding.ShaPasswordEncoder;
-import org.springframework.security.providers.ldap.authenticator.LdapShaPasswordEncoder;
 import org.springframework.util.StringUtils;
 import org.springframework.util.xml.DomUtils;
 import org.w3c.dom.Element;
@ -39,10 +41,10 @@ class PasswordEncoderParser {
				@@ -39,10 +41,10 @@ class PasswordEncoderParser {
    static final String OPT_HASH_MD5 = "md5";
    static final String OPT_HASH_LDAP_SHA = "{sha}";

-    static final Map<String, Class<? extends PasswordEncoder>> ENCODER_CLASSES;
+    private static final Map<String, Class<? extends PasswordEncoder>> ENCODER_CLASSES;

    static {
-        ENCODER_CLASSES = new HashMap<String, Class<? extends PasswordEncoder>>(6);
+        ENCODER_CLASSES = new HashMap<String, Class<? extends PasswordEncoder>>();
        ENCODER_CLASSES.put(OPT_HASH_PLAINTEXT, PlaintextPasswordEncoder.class);
        ENCODER_CLASSES.put(OPT_HASH_SHA, ShaPasswordEncoder.class);
        ENCODER_CLASSES.put(OPT_HASH_SHA256, ShaPasswordEncoder.class);
@ -51,7 +53,7 @@ class PasswordEncoderParser {
				@@ -51,7 +53,7 @@ class PasswordEncoderParser {
        ENCODER_CLASSES.put(OPT_HASH_LDAP_SHA, LdapShaPasswordEncoder.class);
    }

-    private Log logger = LogFactory.getLog(getClass());
+    private static Log logger = LogFactory.getLog(PasswordEncoderParser.class);

    private BeanMetadataElement passwordEncoder;
    private BeanMetadataElement saltSource;
@ -73,22 +75,8 @@ class PasswordEncoderParser {
				@@ -73,22 +75,8 @@ class PasswordEncoderParser {
        if (StringUtils.hasText(ref)) {
            passwordEncoder = new RuntimeBeanReference(ref);
        } else {
-            Class<? extends PasswordEncoder> beanClass = ENCODER_CLASSES.get(hash);
-            RootBeanDefinition beanDefinition = new RootBeanDefinition(beanClass);
-
-            if (OPT_HASH_SHA256.equals(hash)) {
-                beanDefinition.getConstructorArgumentValues().addIndexedArgumentValue(0, new Integer(256));
-            }
-
-            beanDefinition.setSource(parserContext.extractSource(element));
-            if (useBase64) {
-                if (BaseDigestPasswordEncoder.class.isAssignableFrom(beanClass)) {
-                    beanDefinition.getPropertyValues().addPropertyValue("encodeHashAsBase64", "true");
-                } else {
-                    logger.warn(ATT_BASE_64 + " isn't compatible with " + hash + " and will be ignored");
-                }
-            }
-            passwordEncoder = beanDefinition;
+            passwordEncoder = createPasswordEncoderBeanDefinition(hash, useBase64);
+            ((RootBeanDefinition)passwordEncoder).setSource(parserContext.extractSource(element));
        }

        Element saltSourceElt = DomUtils.getChildElementByTagName(element, Elements.SALT_SOURCE);
@ -98,6 +86,24 @@ class PasswordEncoderParser {
				@@ -98,6 +86,24 @@ class PasswordEncoderParser {
        }
    }

+    static BeanDefinition createPasswordEncoderBeanDefinition(String hash, boolean useBase64) {
+        Class<? extends PasswordEncoder> beanClass = ENCODER_CLASSES.get(hash);
+        BeanDefinitionBuilder beanBldr = BeanDefinitionBuilder.rootBeanDefinition(beanClass);
+
+        if (OPT_HASH_SHA256.equals(hash)) {
+            beanBldr.addConstructorArgValue(new Integer(256));
+        }
+
+        if (useBase64) {
+            if (BaseDigestPasswordEncoder.class.isAssignableFrom(beanClass)) {
+                beanBldr.addPropertyValue("encodeHashAsBase64", "true");
+            } else {
+                logger.warn(ATT_BASE_64 + " isn't compatible with " + hash + " and will be ignored");
+            }
+        }
+        return beanBldr.getBeanDefinition();
+    }
+
    public BeanMetadataElement getPasswordEncoder() {
        return passwordEncoder;
    }
--- a/core/src/main/java/org/springframework/security/ldap/LdapCallback.java
+++ b/core/src/main/java/org/springframework/security/ldap/LdapCallback.java
@ -1,35 +0,0 @@
				@@ -1,35 +0,0 @@
-/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.ldap;
-
-import javax.naming.NamingException;
-import javax.naming.directory.DirContext;
-
-
-/**
- * Callback object for use with SpringSecurityLdapTemplate.
- *
- * @deprecated use spring-ldap ContextExecutor instead.
- * @TODO: Delete before 2.0 release
- *
- * @author Ben Alex
- */
-public interface LdapCallback {
-    //~ Methods ========================================================================================================
-
-    Object doInDirContext(DirContext dirContext)
-        throws NamingException;
-}
--- a/core/src/main/java/org/springframework/security/ldap/LdapEntryMapper.java
+++ b/core/src/main/java/org/springframework/security/ldap/LdapEntryMapper.java
@ -1,35 +0,0 @@
				@@ -1,35 +0,0 @@
-/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.ldap;
-
-import javax.naming.NamingException;
-import javax.naming.directory.Attributes;
-
-
-/**
- * A mapper for use with {@link SpringSecurityLdapTemplate}. Creates a customized object from
- * a set of attributes retrieved from a directory entry.
- *
- * @author Luke Taylor
- * @deprecated in favour of Spring LDAP ContextMapper
- * @version $Id$
- */
-public interface LdapEntryMapper {
-    //~ Methods ========================================================================================================
-
-    Object mapAttributes(String dn, Attributes attributes)
-        throws NamingException;
-}
--- a/core/src/main/java/org/springframework/security/providers/ldap/authenticator/LdapShaPasswordEncoder.java
+++ b/core/src/main/java/org/springframework/security/providers/ldap/authenticator/LdapShaPasswordEncoder.java
@ -13,10 +13,8 @@
				@@ -13,10 +13,8 @@
 * limitations under the License.
 */

-package org.springframework.security.providers.ldap.authenticator;
+package org.springframework.security.providers.encoding;

-import org.springframework.security.providers.encoding.PasswordEncoder;
-import org.springframework.security.providers.encoding.ShaPasswordEncoder;

 import org.apache.commons.codec.binary.Base64;

--- a/core/src/test/resources/log4j.properties
+++ b/core/src/test/resources/log4j.properties
@ -9,6 +9,3 @@ log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
				@@ -9,6 +9,3 @@ log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
 log4j.appender.stdout.layout.ConversionPattern=%p %c{1} - %m%n

 log4j.logger.org.springframework.security=DEBUG
-log4j.logger.org.springframework.ldap=DEBUG
-
-log4j.logger.org.apache.directory=ERROR
--- a/ldap/src/main/java/org/springframework/security/config/ldap/ApacheDSContainer.java
+++ b/ldap/src/main/java/org/springframework/security/config/ldap/ApacheDSContainer.java
@ -1,4 +1,4 @@
				@@ -1,4 +1,4 @@
-package org.springframework.security.config;
+package org.springframework.security.config.ldap;

 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.beans.factory.DisposableBean;
@ -8,6 +8,7 @@ import org.springframework.context.ApplicationContext;
				@@ -8,6 +8,7 @@ import org.springframework.context.ApplicationContext;
 import org.springframework.context.Lifecycle;
 import org.springframework.core.io.Resource;
 import org.springframework.ldap.core.ContextSource;
+import org.springframework.security.config.LdapServerBeanDefinitionParser;
 import org.springframework.util.Assert;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
--- a/ldap/src/main/java/org/springframework/security/ldap/DefaultLdapUsernameToDnMapper.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/DefaultLdapUsernameToDnMapper.java
--- a/ldap/src/main/java/org/springframework/security/ldap/DefaultSpringSecurityContextSource.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/DefaultSpringSecurityContextSource.java
--- a/ldap/src/main/java/org/springframework/security/ldap/LdapAuthoritiesPopulator.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/LdapAuthoritiesPopulator.java
--- a/ldap/src/main/java/org/springframework/security/ldap/LdapUserSearch.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/LdapUserSearch.java
--- a/ldap/src/main/java/org/springframework/security/ldap/LdapUsernameToDnMapper.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/LdapUsernameToDnMapper.java
--- a/ldap/src/main/java/org/springframework/security/ldap/LdapUtils.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/LdapUtils.java
--- a/ldap/src/main/java/org/springframework/security/ldap/NamingExceptionTranslator.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/NamingExceptionTranslator.java
--- a/ldap/src/main/java/org/springframework/security/ldap/SpringSecurityAuthenticationSource.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/SpringSecurityAuthenticationSource.java
--- a/ldap/src/main/java/org/springframework/security/ldap/SpringSecurityContextSource.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/SpringSecurityContextSource.java
--- a/ldap/src/main/java/org/springframework/security/ldap/SpringSecurityLdapTemplate.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/SpringSecurityLdapTemplate.java
--- a/ldap/src/main/java/org/springframework/security/ldap/populator/DefaultLdapAuthoritiesPopulator.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/populator/DefaultLdapAuthoritiesPopulator.java
--- a/ldap/src/main/java/org/springframework/security/ldap/populator/UserDetailsServiceLdapAuthoritiesPopulator.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/populator/UserDetailsServiceLdapAuthoritiesPopulator.java
--- a/ldap/src/main/java/org/springframework/security/ldap/populator/package.html
+++ b/ldap/src/main/java/org/springframework/security/ldap/populator/package.html
--- a/ldap/src/main/java/org/springframework/security/ldap/search/FilterBasedLdapUserSearch.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/search/FilterBasedLdapUserSearch.java
--- a/ldap/src/main/java/org/springframework/security/ldap/search/package.html
+++ b/ldap/src/main/java/org/springframework/security/ldap/search/package.html
--- a/ldap/src/main/java/org/springframework/security/providers/ldap/LdapAuthenticationProvider.java
+++ b/ldap/src/main/java/org/springframework/security/providers/ldap/LdapAuthenticationProvider.java
--- a/ldap/src/main/java/org/springframework/security/providers/ldap/LdapAuthenticator.java
+++ b/ldap/src/main/java/org/springframework/security/providers/ldap/LdapAuthenticator.java
--- a/ldap/src/main/java/org/springframework/security/providers/ldap/authenticator/AbstractLdapAuthenticator.java
+++ b/ldap/src/main/java/org/springframework/security/providers/ldap/authenticator/AbstractLdapAuthenticator.java
--- a/ldap/src/main/java/org/springframework/security/providers/ldap/authenticator/BindAuthenticator.java
+++ b/ldap/src/main/java/org/springframework/security/providers/ldap/authenticator/BindAuthenticator.java
--- a/ldap/src/main/java/org/springframework/security/providers/ldap/authenticator/PasswordComparisonAuthenticator.java
+++ b/ldap/src/main/java/org/springframework/security/providers/ldap/authenticator/PasswordComparisonAuthenticator.java
@ -25,6 +25,7 @@ import org.springframework.security.BadCredentialsException;
				@@ -25,6 +25,7 @@ import org.springframework.security.BadCredentialsException;
 import org.springframework.security.ldap.LdapUtils;
 import org.springframework.security.ldap.SpringSecurityLdapTemplate;
 import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
+import org.springframework.security.providers.encoding.LdapShaPasswordEncoder;
 import org.springframework.security.providers.encoding.PasswordEncoder;
 import org.springframework.security.userdetails.UsernameNotFoundException;
 import org.springframework.util.Assert;
--- a/ldap/src/main/java/org/springframework/security/providers/ldap/authenticator/package.html
+++ b/ldap/src/main/java/org/springframework/security/providers/ldap/authenticator/package.html
--- a/ldap/src/main/java/org/springframework/security/providers/ldap/package.html
+++ b/ldap/src/main/java/org/springframework/security/providers/ldap/package.html
--- a/ldap/src/main/java/org/springframework/security/userdetails/ldap/InetOrgPerson.java
+++ b/ldap/src/main/java/org/springframework/security/userdetails/ldap/InetOrgPerson.java
--- a/ldap/src/main/java/org/springframework/security/userdetails/ldap/InetOrgPersonContextMapper.java
+++ b/ldap/src/main/java/org/springframework/security/userdetails/ldap/InetOrgPersonContextMapper.java
--- a/ldap/src/main/java/org/springframework/security/userdetails/ldap/LdapUserDetails.java
+++ b/ldap/src/main/java/org/springframework/security/userdetails/ldap/LdapUserDetails.java
--- a/ldap/src/main/java/org/springframework/security/userdetails/ldap/LdapUserDetailsImpl.java
+++ b/ldap/src/main/java/org/springframework/security/userdetails/ldap/LdapUserDetailsImpl.java
--- a/ldap/src/main/java/org/springframework/security/userdetails/ldap/LdapUserDetailsManager.java
+++ b/ldap/src/main/java/org/springframework/security/userdetails/ldap/LdapUserDetailsManager.java
--- a/ldap/src/main/java/org/springframework/security/userdetails/ldap/LdapUserDetailsMapper.java
+++ b/ldap/src/main/java/org/springframework/security/userdetails/ldap/LdapUserDetailsMapper.java
--- a/ldap/src/main/java/org/springframework/security/userdetails/ldap/LdapUserDetailsService.java
+++ b/ldap/src/main/java/org/springframework/security/userdetails/ldap/LdapUserDetailsService.java
--- a/ldap/src/main/java/org/springframework/security/userdetails/ldap/Person.java
+++ b/ldap/src/main/java/org/springframework/security/userdetails/ldap/Person.java
--- a/ldap/src/main/java/org/springframework/security/userdetails/ldap/PersonContextMapper.java
+++ b/ldap/src/main/java/org/springframework/security/userdetails/ldap/PersonContextMapper.java
--- a/ldap/src/main/java/org/springframework/security/userdetails/ldap/UserDetailsContextMapper.java
+++ b/ldap/src/main/java/org/springframework/security/userdetails/ldap/UserDetailsContextMapper.java
--- a/core/src/test/java/org/springframework/security/config/LdapProviderBeanDefinitionParserTests.java
+++ b/core/src/test/java/org/springframework/security/config/LdapProviderBeanDefinitionParserTests.java
@ -1,4 +1,4 @@
				@@ -1,4 +1,4 @@
-package org.springframework.security.config;
+package org.springframework.security;

 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertTrue;
@ -6,6 +6,8 @@ import static org.junit.Assert.assertTrue;
				@@ -6,6 +6,8 @@ import static org.junit.Assert.assertTrue;
 import org.junit.After;
 import org.junit.Test;
 import org.springframework.security.Authentication;
+import org.springframework.security.config.BeanIds;
+import org.springframework.security.config.SecurityConfigurationException;
 import org.springframework.security.providers.ProviderManager;
 import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
 import org.springframework.security.providers.ldap.LdapAuthenticationProvider;
--- a/core/src/test/java/org/springframework/security/config/LdapServerBeanDefinitionParserTests.java
+++ b/core/src/test/java/org/springframework/security/config/LdapServerBeanDefinitionParserTests.java
@ -1,8 +1,9 @@
				@@ -1,8 +1,9 @@
-package org.springframework.security.config;
+package org.springframework.security;

 import org.junit.After;
 import org.junit.Test;
 import org.springframework.ldap.core.LdapTemplate;
+import org.springframework.security.config.BeanIds;
 import org.springframework.security.ldap.DefaultSpringSecurityContextSource;
 import org.springframework.security.util.InMemoryXmlApplicationContext;

--- a/core/src/test/java/org/springframework/security/config/LdapUserServiceBeanDefinitionParserTests.java
+++ b/core/src/test/java/org/springframework/security/config/LdapUserServiceBeanDefinitionParserTests.java
@ -1,4 +1,4 @@
				@@ -1,4 +1,4 @@
-package org.springframework.security.config;
+package org.springframework.security;

 import java.util.Set;

--- a/ldap/src/test/java/org/springframework/security/ldap/AbstractLdapIntegrationTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/AbstractLdapIntegrationTests.java
--- a/ldap/src/test/java/org/springframework/security/ldap/DefaultSpringSecurityContextSourceTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/DefaultSpringSecurityContextSourceTests.java
--- a/ldap/src/test/java/org/springframework/security/ldap/LdapUtilsTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/LdapUtilsTests.java
--- a/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityAuthenticationSourceTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityAuthenticationSourceTests.java
--- a/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateTests.java
--- a/ldap/src/test/java/org/springframework/security/ldap/populator/DefaultLdapAuthoritiesPopulatorTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/populator/DefaultLdapAuthoritiesPopulatorTests.java
--- a/ldap/src/test/java/org/springframework/security/ldap/populator/UserDetailsServiceLdapAuthoritiesPopulatorTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/populator/UserDetailsServiceLdapAuthoritiesPopulatorTests.java
@ -1,28 +1,32 @@
				@@ -1,28 +1,32 @@
 package org.springframework.security.ldap.populator;

-import java.util.List;
-
-import org.springframework.security.userdetails.UserDetailsService;
-import org.springframework.security.userdetails.MockUserDetailsService;
-import org.springframework.security.GrantedAuthority;
+import static org.junit.Assert.assertEquals;
+import static org.mockito.Mockito.*;

-import org.springframework.ldap.core.DirContextAdapter;
+import java.util.List;

 import org.junit.Test;
-import static org.junit.Assert.*;
+import org.springframework.ldap.core.DirContextAdapter;
+import org.springframework.security.GrantedAuthority;
+import org.springframework.security.userdetails.UserDetails;
+import org.springframework.security.userdetails.UserDetailsService;
+import org.springframework.security.util.AuthorityUtils;

 /**
 * @author Luke Taylor
 * @version $Id$
 */
 public class UserDetailsServiceLdapAuthoritiesPopulatorTests {
-    UserDetailsService uds = new MockUserDetailsService();

    @Test
    public void delegationToUserDetailsServiceReturnsCorrectRoles() throws Exception {
-        UserDetailsServiceLdapAuthoritiesPopulator populator = new UserDetailsServiceLdapAuthoritiesPopulator(uds);
+        UserDetailsService uds = mock(UserDetailsService.class);
+        UserDetails user = mock(UserDetails.class);
+        when(uds.loadUserByUsername("joe")).thenReturn(user);
+        when(user.getAuthorities()).thenReturn(AuthorityUtils.createAuthorityList("ROLE_USER"));

-        List<GrantedAuthority> auths =  populator.getGrantedAuthorities(new DirContextAdapter(), "valid");
+        UserDetailsServiceLdapAuthoritiesPopulator populator = new UserDetailsServiceLdapAuthoritiesPopulator(uds);
+        List<GrantedAuthority> auths =  populator.getGrantedAuthorities(new DirContextAdapter(), "joe");

        assertEquals(1, auths.size());
        assertEquals("ROLE_USER", auths.get(0).getAuthority());
--- a/ldap/src/test/java/org/springframework/security/ldap/search/FilterBasedLdapUserSearchTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/search/FilterBasedLdapUserSearchTests.java
--- a/ldap/src/test/java/org/springframework/security/providers/ldap/LdapAuthenticationProviderTests.java
+++ b/ldap/src/test/java/org/springframework/security/providers/ldap/LdapAuthenticationProviderTests.java
--- a/ldap/src/test/java/org/springframework/security/providers/ldap/authenticator/BindAuthenticatorTests.java
+++ b/ldap/src/test/java/org/springframework/security/providers/ldap/authenticator/BindAuthenticatorTests.java
--- a/ldap/src/test/java/org/springframework/security/providers/ldap/authenticator/LdapShaPasswordEncoderTests.java
+++ b/ldap/src/test/java/org/springframework/security/providers/ldap/authenticator/LdapShaPasswordEncoderTests.java
@ -19,6 +19,7 @@ import static org.junit.Assert.*;
				@@ -19,6 +19,7 @@ import static org.junit.Assert.*;

 import org.junit.Before;
 import org.junit.Test;
+import org.springframework.security.providers.encoding.LdapShaPasswordEncoder;


 /**
--- a/ldap/src/test/java/org/springframework/security/providers/ldap/authenticator/MockUserSearch.java
+++ b/ldap/src/test/java/org/springframework/security/providers/ldap/authenticator/MockUserSearch.java
--- a/ldap/src/test/java/org/springframework/security/providers/ldap/authenticator/PasswordComparisonAuthenticatorMockTests.java
+++ b/ldap/src/test/java/org/springframework/security/providers/ldap/authenticator/PasswordComparisonAuthenticatorMockTests.java
--- a/ldap/src/test/java/org/springframework/security/providers/ldap/authenticator/PasswordComparisonAuthenticatorTests.java
+++ b/ldap/src/test/java/org/springframework/security/providers/ldap/authenticator/PasswordComparisonAuthenticatorTests.java
@ -20,6 +20,7 @@ import org.springframework.security.Authentication;
				@@ -20,6 +20,7 @@ import org.springframework.security.Authentication;

 import org.springframework.security.ldap.AbstractLdapIntegrationTests;

+import org.springframework.security.providers.encoding.LdapShaPasswordEncoder;
 import org.springframework.security.providers.encoding.PlaintextPasswordEncoder;
 import org.springframework.security.providers.UsernamePasswordAuthenticationToken;

--- a/ldap/src/test/java/org/springframework/security/userdetails/ldap/InetOrgPersonTests.java
+++ b/ldap/src/test/java/org/springframework/security/userdetails/ldap/InetOrgPersonTests.java
--- a/ldap/src/test/java/org/springframework/security/userdetails/ldap/LdapUserDetailsManagerTests.java
+++ b/ldap/src/test/java/org/springframework/security/userdetails/ldap/LdapUserDetailsManagerTests.java
--- a/ldap/src/test/java/org/springframework/security/userdetails/ldap/LdapUserDetailsMapperTests.java
+++ b/ldap/src/test/java/org/springframework/security/userdetails/ldap/LdapUserDetailsMapperTests.java
--- a/ldap/src/test/java/org/springframework/security/userdetails/ldap/LdapUserDetailsServiceTests.java
+++ b/ldap/src/test/java/org/springframework/security/userdetails/ldap/LdapUserDetailsServiceTests.java
--- a/ldap/src/test/resources/log4j.properties
+++ b/ldap/src/test/resources/log4j.properties
@ -0,0 +1,14 @@
				@@ -0,0 +1,14 @@
+# Logging
+#
+# $Id: log4j.properties 3455 2008-12-11 17:00:13Z ltaylor $
+
+log4j.rootLogger=INFO, stdout
+
+log4j.appender.stdout=org.apache.log4j.ConsoleAppender
+log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
+log4j.appender.stdout.layout.ConversionPattern=%p %c{1} - %m%n
+
+log4j.logger.org.springframework.security=DEBUG
+log4j.logger.org.springframework.ldap=DEBUG
+
+log4j.logger.org.apache.directory=ERROR
--- a/ldap/src/test/resources/test-server.ldif
+++ b/ldap/src/test/resources/test-server.ldif
--- a/ldap/src/test/resources/test-server2.xldif
+++ b/ldap/src/test/resources/test-server2.xldif
--- a/ntlm/pom.xml
+++ b/ntlm/pom.xml
@ -15,6 +15,11 @@
				@@ -15,6 +15,11 @@
          <artifactId>spring-security-core</artifactId>
          <version>${project.version}</version>
        </dependency>
+        <dependency>
+          <groupId>org.springframework.security</groupId>
+          <artifactId>spring-security-ldap</artifactId>
+          <version>${project.version}</version>
+        </dependency>        
        <!-- SMT NTLM-->
        <dependency>
            <groupId>org.samba.jcifs</groupId>
--- a/pom.xml
+++ b/pom.xml
@ -9,14 +9,15 @@
				@@ -9,14 +9,15 @@

    <modules>
        <module>core</module>
-        <!-- module>portlet</module -->
-        <module>ntlm</module>
-        <module>openid</module>
-        <module>samples</module>
+        <module>ldap</module>
        <module>cas</module>
+        <module>openid</module>
        <module>acl</module>
+        <module>ntlm</module>
+        <module>samples</module>
        <module>taglibs</module>
        <module>itest</module>
+        <!-- module>portlet</module -->
  </modules>

    <description>Spring Security</description>
@ -292,6 +293,11 @@
				@@ -292,6 +293,11 @@
            <version>4.5</version>
            <scope>test</scope>
        </dependency>
+        <dependency>
+            <groupId>org.mockito</groupId>
+            <artifactId>mockito-core</artifactId>
+            <version>1.7</version>
+        </dependency>
    </dependencies>

    <build>
--- a/samples/ldap/pom.xml
+++ b/samples/ldap/pom.xml
@ -12,7 +12,7 @@
				@@ -12,7 +12,7 @@
    <dependencies>
        <dependency>
            <groupId>org.springframework.security</groupId>
-            <artifactId>spring-security-core</artifactId>
+            <artifactId>spring-security-ldap</artifactId>
            <version>${project.version}</version>
        </dependency>
        <dependency>
@ -24,11 +24,13 @@
				@@ -24,11 +24,13 @@
            <artifactId>org.springframework.web.servlet</artifactId>
            <version>${spring.version}</version>
        </dependency>
+<!--        
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>org.springframework.jdbc</artifactId>
            <scope>runtime</scope>
        </dependency>
+-->        
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>org.springframework.aop</artifactId>
@ -38,13 +40,13 @@
				@@ -38,13 +40,13 @@
            <groupId>org.apache.directory.server</groupId>
            <artifactId>apacheds-core</artifactId>
            <version>1.0.2</version>
-            <scope>compile</scope>
+            <scope>runtime</scope>
        </dependency>
        <dependency>
            <groupId>org.apache.directory.server</groupId>
            <artifactId>apacheds-server-jndi</artifactId>
            <version>1.0.2</version>
-            <scope>compile</scope>
+            <scope>runtime</scope>
        </dependency>
        <dependency>
            <groupId>org.slf4j</groupId>
@ -52,11 +54,6 @@
				@@ -52,11 +54,6 @@
            <version>1.4.3</version>
            <scope>runtime</scope>
        </dependency>
-        <dependency>
-            <groupId>org.springframework.ldap</groupId>
-            <artifactId>spring-ldap-core</artifactId>
-            <scope>runtime</scope>
-        </dependency>
    </dependencies>

    <build>