diff --git a/core/src/main/java/org/springframework/security/config/LdapConfigUtils.java b/core/src/main/java/org/springframework/security/config/LdapConfigUtils.java index 4acc563987..6cc65cf1e9 100644 --- a/core/src/main/java/org/springframework/security/config/LdapConfigUtils.java +++ b/core/src/main/java/org/springframework/security/config/LdapConfigUtils.java @@ -7,7 +7,7 @@ import org.springframework.beans.factory.config.ConfigurableListableBeanFactory; import org.springframework.beans.factory.support.BeanDefinitionRegistry; import org.springframework.beans.factory.support.RootBeanDefinition; import org.springframework.core.Ordered; -import org.springframework.security.ldap.SpringSecurityContextSource; +import org.springframework.ldap.core.support.BaseLdapPathContextSource; /** * @author Luke Taylor @@ -16,35 +16,35 @@ import org.springframework.security.ldap.SpringSecurityContextSource; */ class LdapConfigUtils { - /** - * Checks for the presence of a ContextSource instance. Also supplies the standard reference to any - * unconfigured or beans. This is + /** + * Checks for the presence of a ContextSource instance. Also supplies the standard reference to any + * unconfigured or beans. This is * necessary in cases where the user has given the server a specific Id, but hasn't used * the server-ref attribute to link this to the other ldap definitions. See SEC-799. */ private static class ContextSourceSettingPostProcessor implements BeanFactoryPostProcessor, Ordered { - /** If set to true, a bean parser has indicated that the default context source name needs to be set */ + /** If set to true, a bean parser has indicated that the default context source name needs to be set */ private boolean defaultNameRequired; - + public void postProcessBeanFactory(ConfigurableListableBeanFactory bf) throws BeansException { - String[] sources = bf.getBeanNamesForType(SpringSecurityContextSource.class); + String[] sources = bf.getBeanNamesForType(BaseLdapPathContextSource.class); if (sources.length == 0) { - throw new SecurityConfigurationException("No SpringSecurityContextSource instances found. Have you " + + throw new SecurityConfigurationException("No BaseLdapPathContextSource instances found. Have you " + "added an <" + Elements.LDAP_SERVER + " /> element to your application context?"); } - + if (!bf.containsBean(BeanIds.CONTEXT_SOURCE) && defaultNameRequired) { if (sources.length > 1) { - throw new SecurityConfigurationException("More than one SpringSecurityContextSource instance found. " + - "Please specify a specific server id using the 'server-ref' attribute when configuring your <" + + throw new SecurityConfigurationException("More than one BaseLdapPathContextSource instance found. " + + "Please specify a specific server id using the 'server-ref' attribute when configuring your <" + Elements.LDAP_PROVIDER + "> " + "or <" + Elements.LDAP_USER_SERVICE + ">."); } - + bf.registerAlias(sources[0], BeanIds.CONTEXT_SOURCE); } } - + public void setDefaultNameRequired(boolean defaultNameRequired) { this.defaultNameRequired = defaultNameRequired; } @@ -53,7 +53,7 @@ class LdapConfigUtils { return LOWEST_PRECEDENCE; } } - + static void registerPostProcessorIfNecessary(BeanDefinitionRegistry registry, boolean defaultNameRequired) { if (registry.containsBeanDefinition(BeanIds.CONTEXT_SOURCE_SETTING_POST_PROCESSOR)) { if (defaultNameRequired) { @@ -63,7 +63,7 @@ class LdapConfigUtils { return; } - BeanDefinition bd = new RootBeanDefinition(ContextSourceSettingPostProcessor.class); + BeanDefinition bd = new RootBeanDefinition(ContextSourceSettingPostProcessor.class); registry.registerBeanDefinition(BeanIds.CONTEXT_SOURCE_SETTING_POST_PROCESSOR, bd); bd.getPropertyValues().addPropertyValue("defaultNameRequired", Boolean.valueOf(defaultNameRequired)); } diff --git a/core/src/main/java/org/springframework/security/ldap/DefaultSpringSecurityContextSource.java b/core/src/main/java/org/springframework/security/ldap/DefaultSpringSecurityContextSource.java index cafa48e98b..ae0c466f93 100644 --- a/core/src/main/java/org/springframework/security/ldap/DefaultSpringSecurityContextSource.java +++ b/core/src/main/java/org/springframework/security/ldap/DefaultSpringSecurityContextSource.java @@ -1,39 +1,30 @@ package org.springframework.security.ldap; -import org.springframework.security.BadCredentialsException; -import org.springframework.security.SpringSecurityMessageSource; -import org.springframework.context.MessageSource; -import org.springframework.context.MessageSourceAware; -import org.springframework.context.support.MessageSourceAccessor; -import org.springframework.ldap.core.support.LdapContextSource; -import org.springframework.util.Assert; +import java.util.ArrayList; +import java.util.StringTokenizer; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; - -import javax.naming.Context; -import javax.naming.directory.DirContext; -import java.util.ArrayList; -import java.util.Hashtable; -import java.util.StringTokenizer; +import org.springframework.ldap.core.support.LdapContextSource; +import org.springframework.util.Assert; /** - * SpringSecurityContextSource implementation which uses Spring LDAP's LdapContextSource as a base - * class. Intended as a replacement for DefaultInitialDirContextFactory from versions of the framework prior - * to 2.0. + * ContextSource implementation which uses Spring LDAP's LdapContextSource as a base + * class. Used internally by the Spring Security LDAP namespace configuration. + *

+ * From Spring Security 2.5, Spring LDAP 1.3 is used and the ContextSource interface + * provides support for binding with a username and password. As a result, Spring LDAP ContextSource + * implementations such as LdapContextSource may be used directly with Spring Security. * * @author Luke Taylor * @version $Id$ * @since 2.0 */ -public class DefaultSpringSecurityContextSource extends LdapContextSource implements SpringSecurityContextSource, - MessageSourceAware { +public class DefaultSpringSecurityContextSource extends LdapContextSource { private static final Log logger = LogFactory.getLog(DefaultSpringSecurityContextSource.class); private String rootDn; - protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor(); - /** * Create and initialize an instance which will connect to the supplied LDAP URL. * @@ -65,31 +56,4 @@ public class DefaultSpringSecurityContextSource extends LdapContextSource implem super.setUrls(urls.toArray(new String[urls.size()])); super.setBase(rootDn); } - - @SuppressWarnings("unchecked") - public DirContext getReadWriteContext(String userDn, Object credentials) { - Hashtable env = new Hashtable(getAnonymousEnv()); - - env.put(Context.SECURITY_PRINCIPAL, userDn); - env.put(Context.SECURITY_CREDENTIALS, credentials); - - if (logger.isDebugEnabled()) { - logger.debug("Creating context with principal: '" + userDn + "'"); - } - - try { - return createContext(env); - } catch (org.springframework.ldap.NamingException e) { - if ((e instanceof org.springframework.ldap.AuthenticationException) - || (e instanceof org.springframework.ldap.OperationNotSupportedException)) { - throw new BadCredentialsException( - messages.getMessage("DefaultSpringSecurityContextSource.badCredentials", "Bad credentials"), e); - } - throw e; - } - } - - public void setMessageSource(MessageSource messageSource) { - this.messages = new MessageSourceAccessor(messageSource); - } } diff --git a/core/src/main/java/org/springframework/security/providers/ldap/authenticator/BindAuthenticator.java b/core/src/main/java/org/springframework/security/providers/ldap/authenticator/BindAuthenticator.java index 088580e2d6..5ea066f610 100644 --- a/core/src/main/java/org/springframework/security/providers/ldap/authenticator/BindAuthenticator.java +++ b/core/src/main/java/org/springframework/security/providers/ldap/authenticator/BindAuthenticator.java @@ -48,9 +48,9 @@ public class BindAuthenticator extends AbstractLdapAuthenticator { //~ Constructors =================================================================================================== /** - * Create an initialized instance using the {@link SpringSecurityContextSource} provided. + * Create an initialized instance using the {@link BaseLdapPathContextSource} provided. * - * @param contextSource the SpringSecurityContextSource instance against which bind operations will be + * @param contextSource the BaseLdapPathContextSource instance against which bind operations will be * performed. * */ diff --git a/core/src/test/java/org/springframework/security/config/LdapServerBeanDefinitionParserTests.java b/core/src/test/java/org/springframework/security/config/LdapServerBeanDefinitionParserTests.java index 3831e40285..9b8ca7a416 100644 --- a/core/src/test/java/org/springframework/security/config/LdapServerBeanDefinitionParserTests.java +++ b/core/src/test/java/org/springframework/security/config/LdapServerBeanDefinitionParserTests.java @@ -1,12 +1,10 @@ package org.springframework.security.config; -import org.springframework.security.util.InMemoryXmlApplicationContext; -import org.springframework.security.ldap.SpringSecurityContextSource; - -import org.springframework.ldap.core.LdapTemplate; - -import org.junit.Test; import org.junit.After; +import org.junit.Test; +import org.springframework.ldap.core.LdapTemplate; +import org.springframework.security.ldap.DefaultSpringSecurityContextSource; +import org.springframework.security.util.InMemoryXmlApplicationContext; /** * @author Luke Taylor @@ -27,7 +25,7 @@ public class LdapServerBeanDefinitionParserTests { public void embeddedServerCreationContainsExpectedContextSourceAndData() { appCtx = new InMemoryXmlApplicationContext(""); - SpringSecurityContextSource contextSource = (SpringSecurityContextSource) appCtx.getBean(BeanIds.CONTEXT_SOURCE); + DefaultSpringSecurityContextSource contextSource = (DefaultSpringSecurityContextSource) appCtx.getBean(BeanIds.CONTEXT_SOURCE); // Check data is loaded LdapTemplate template = new LdapTemplate(contextSource); @@ -43,7 +41,7 @@ public class LdapServerBeanDefinitionParserTests { // Check the default context source is still there. appCtx.getBean(BeanIds.CONTEXT_SOURCE); - SpringSecurityContextSource contextSource = (SpringSecurityContextSource) appCtx.getBean("blah"); + DefaultSpringSecurityContextSource contextSource = (DefaultSpringSecurityContextSource) appCtx.getBean("blah"); // Check data is loaded as before LdapTemplate template = new LdapTemplate(contextSource); @@ -54,7 +52,7 @@ public class LdapServerBeanDefinitionParserTests { public void loadingSpecificLdifFileIsSuccessful() { appCtx = new InMemoryXmlApplicationContext( ""); - SpringSecurityContextSource contextSource = (SpringSecurityContextSource) appCtx.getBean(BeanIds.CONTEXT_SOURCE); + DefaultSpringSecurityContextSource contextSource = (DefaultSpringSecurityContextSource) appCtx.getBean(BeanIds.CONTEXT_SOURCE); LdapTemplate template = new LdapTemplate(contextSource); template.lookup("uid=pg,ou=gorillas");