GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

SEC-1125: Further refactoring of web packages following creation of web module. Fixing samples.

3.0.x
Luke Taylor 17 years ago
parent
2a9a8a41db
commit
bec84f874a
275 changed files with 832 additions and 796 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      cas/src/main/java/org/springframework/security/ui/cas/CasProcessingFilter.java
  2. 2
      cas/src/main/java/org/springframework/security/ui/cas/CasProcessingFilterEntryPoint.java
  3. 16
      config/pom.xml
  4. 4
      config/src/main/java/org/springframework/security/config/AnonymousBeanDefinitionParser.java
  5. 4
      config/src/main/java/org/springframework/security/config/BasicAuthenticationBeanDefinitionParser.java
  6. 4
      config/src/main/java/org/springframework/security/config/CachingUserDetailsService.java
  7. 4
      config/src/main/java/org/springframework/security/config/ConcurrentSessionsBeanDefinitionParser.java
  8. 4
      config/src/main/java/org/springframework/security/config/EntryPointInjectionBeanPostProcessor.java
  9. 26
      config/src/main/java/org/springframework/security/config/FilterChainProxyPostProcessor.java
  10. 6
      config/src/main/java/org/springframework/security/config/FilterInvocationSecurityMetadataSourceBeanDefinitionParser.java
  11. 8
      config/src/main/java/org/springframework/security/config/FormLoginBeanDefinitionParser.java
  12. 8
      config/src/main/java/org/springframework/security/config/GlobalMethodSecurityBeanDefinitionParser.java
  13. 52
      config/src/main/java/org/springframework/security/config/HttpSecurityBeanDefinitionParser.java
  14. 4
      config/src/main/java/org/springframework/security/config/LogoutBeanDefinitionParser.java
  15. 2
      config/src/main/java/org/springframework/security/config/OrderedFilterBeanDefinitionDecorator.java
  16. 4
      config/src/main/java/org/springframework/security/config/PortMappingsBeanDefinitionParser.java
  17. 10
      config/src/main/java/org/springframework/security/config/RememberMeBeanDefinitionParser.java
  18. 6
      config/src/main/java/org/springframework/security/config/RememberMeServicesInjectionBeanPostProcessor.java
  19. 4
      config/src/main/java/org/springframework/security/config/SessionRegistryInjectionBeanPostProcessor.java
  20. 2
      config/src/main/java/org/springframework/security/config/UserDetailsServiceInjectionBeanPostProcessor.java
  21. 6
      config/src/main/java/org/springframework/security/config/X509BeanDefinitionParser.java
  22. 17
      config/src/test/java/org/springframework/security/config/FilterInvocationSecurityMetadataSourceBeanDefinitionParserTests.java
  23. 13
      config/src/test/java/org/springframework/security/config/GlobalMethodSecurityBeanDefinitionParserTests.java
  24. 104
      config/src/test/java/org/springframework/security/config/HttpSecurityBeanDefinitionParserTests.java
  25. 8
      config/src/test/java/org/springframework/security/config/SessionRegistryInjectionBeanPostProcessorTests.java
  26. 8
      config/src/test/java/org/springframework/security/util/FilterChainProxyConfigTests.java
  27. 20
      config/src/test/resources/org/springframework/security/util/filtertest-valid.xml
  28. 2
      core/src/main/java/org/springframework/security/AuthenticationDetails.java
  29. 2
      core/src/main/java/org/springframework/security/AuthenticationDetailsSource.java
  30. 4
      core/src/main/java/org/springframework/security/AuthenticationDetailsSourceImpl.java
  31. 4
      core/src/main/java/org/springframework/security/AuthenticationTrustResolverImpl.java
  32. 5
      core/src/main/java/org/springframework/security/expression/support/AbstractSecurityExpressionHandler.java
  33. 3
      core/src/main/java/org/springframework/security/providers/AnonymousAuthenticationProvider.java
  34. 3
      core/src/main/java/org/springframework/security/providers/AnonymousAuthenticationToken.java
  35. 3
      core/src/main/java/org/springframework/security/providers/RememberMeAuthenticationProvider.java
  36. 3
      core/src/main/java/org/springframework/security/providers/RememberMeAuthenticationToken.java
  37. 7
      core/src/main/java/org/springframework/security/providers/anonymous/package.html
  38. 3
      core/src/main/java/org/springframework/security/providers/dao/AbstractUserDetailsAuthenticationProvider.java
  39. 5
      core/src/main/java/org/springframework/security/providers/rememberme/package.html
  40. 4
      core/src/main/java/org/springframework/security/userdetails/UserCache.java
  41. 4
      core/src/main/java/org/springframework/security/userdetails/cache/EhCacheBasedUserCache.java
  42. 4
      core/src/main/java/org/springframework/security/userdetails/cache/NullUserCache.java
  43. 4
      core/src/main/java/org/springframework/security/userdetails/jdbc/JdbcUserDetailsManager.java
  44. 4
      core/src/test/java/org/springframework/security/AuthenticationDetailsSourceImplTests.java
  45. 4
      core/src/test/java/org/springframework/security/AuthenticationTrustResolverImplTests.java
  46. 2
      core/src/test/java/org/springframework/security/providers/anonymous/AnonymousAuthenticationProviderTests.java
  47. 1
      core/src/test/java/org/springframework/security/providers/anonymous/AnonymousAuthenticationTokenTests.java
  48. 4
      core/src/test/java/org/springframework/security/providers/dao/DaoAuthenticationProviderTests.java
  49. 1
      core/src/test/java/org/springframework/security/providers/dao/MockUserCache.java
  50. 1
      core/src/test/java/org/springframework/security/providers/dao/cache/EhCacheBasedUserCacheTests.java
  51. 1
      core/src/test/java/org/springframework/security/providers/dao/cache/NullUserCacheTests.java
  52. 2
      core/src/test/java/org/springframework/security/providers/rememberme/RememberMeAuthenticationProviderTests.java
  53. 1
      core/src/test/java/org/springframework/security/providers/rememberme/RememberMeAuthenticationTokenTests.java
  54. 2
      core/src/test/java/org/springframework/security/userdetails/jdbc/JdbcUserDetailsManagerTests.java
  55. 4
      core/src/test/java/org/springframework/security/vote/AuthenticatedVoterTests.java
  56. 4
      itest/context/src/test/java/org/springframework/security/performance/FilterChainPerformanceTests.java
  57. 24
      itest/context/src/test/resources/filter-chain-performance-app-context.xml
  58. 6
      itest/web/src/main/webapp/WEB-INF/custom-filters.xml
  59. 10
      itest/web/src/main/webapp/WEB-INF/http-security.xml
  60. 2
      ldap/src/main/java/org/springframework/security/ldap/SpringSecurityAuthenticationSource.java
  61. 2
      ldap/src/test/java/org/springframework/security/ldap/SpringSecurityAuthenticationSourceTests.java
  62. 12
      ntlm/src/main/java/org/springframework/security/ui/ntlm/NtlmProcessingFilter.java
  63. 2
      ntlm/src/main/java/org/springframework/security/ui/ntlm/NtlmProcessingFilterEntryPoint.java
  64. 2
      openid/src/main/java/org/springframework/security/openid/AuthenticationCancelledException.java
  65. 8
      openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java
  66. 11
      openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationProcessingFilter.java
  67. 2
      openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationProvider.java
  68. 2
      openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationStatus.java
  69. 2
      openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationToken.java
  70. 3
      openid/src/main/java/org/springframework/security/openid/OpenIDConsumer.java
  71. 2
      openid/src/main/java/org/springframework/security/openid/OpenIDConsumerException.java
  72. 0
      openid/src/main/java/org/springframework/security/openid/package.html
  73. 6
      openid/src/main/java/org/springframework/security/providers/openid/package.html
  74. 5
      openid/src/main/java/org/springframework/security/ui/openid/consumers/package.html
  75. 8
      openid/src/test/java/org/springframework/security/openid/MockOpenIDConsumer.java
  76. 7
      openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationProcessingFilterTests.java
  77. 6
      openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationProviderTests.java
  78. 5
      openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationTokenTests.java
  79. 4
      portlet/src/main/java/org/springframework/security/ui/portlet/PortletProcessingInterceptor.java
  80. 2
      samples/contacts/src/main/webapp/WEB-INF/applicationContext-security.xml
  81. 9
      samples/contacts/src/main/webapp/WEB-INF/web.xml
  82. 2
      samples/dms/src/main/resources/applicationContext-dms-secure.xml
  83. 10
      samples/ldap/pom.xml
  84. 8
      samples/ldap/src/main/webapp/WEB-INF/web.xml
  85. 20
      samples/preauth/pom.xml
  86. 24
      samples/preauth/src/main/webapp/WEB-INF/applicationContext-security.xml
  87. 36
      samples/preauth/src/main/webapp/WEB-INF/web.xml
  88. 10
      samples/runall.sh
  89. 2
      samples/tutorial/src/main/webapp/WEB-INF/web.xml
  90. 5
      web/src/main/java/org/springframework/security/ui/basicauth/package.html
  91. 5
      web/src/main/java/org/springframework/security/ui/digestauth/package.html
  92. 5
      web/src/main/java/org/springframework/security/ui/webapp/package.html
  93. 5
      web/src/main/java/org/springframework/security/web/AbstractAuthenticationTargetUrlRequestHandler.java
  94. 2
      web/src/main/java/org/springframework/security/web/AccessDeniedHandler.java
  95. 2
      web/src/main/java/org/springframework/security/web/AccessDeniedHandlerImpl.java
  96. 2
      web/src/main/java/org/springframework/security/web/AuthenticationEntryPoint.java
  97. 12
      web/src/main/java/org/springframework/security/web/ExceptionTranslationFilter.java
  98. 2
      web/src/main/java/org/springframework/security/web/FilterChainOrder.java
  99. 6
      web/src/main/java/org/springframework/security/web/FilterChainProxy.java
  100. 2
      web/src/main/java/org/springframework/security/web/PortMapper.java
  101. Some files were not shown because too many files have changed in this diff Show More

4
cas/src/main/java/org/springframework/security/ui/cas/CasProcessingFilter.java
Unescape View File

@ -25,8 +25,8 @@ import org.springframework.security.AuthenticationException;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken; import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
import org.springframework.security.ui.AbstractProcessingFilter; import org.springframework.security.web.FilterChainOrder;
import org.springframework.security.ui.FilterChainOrder; import org.springframework.security.web.authentication.AbstractProcessingFilter;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;

2
cas/src/main/java/org/springframework/security/ui/cas/CasProcessingFilterEntryPoint.java
Unescape View File

@ -23,7 +23,7 @@ import javax.servlet.http.HttpServletResponse;
import org.jasig.cas.client.util.CommonUtils; import org.jasig.cas.client.util.CommonUtils;
import org.springframework.security.AuthenticationException; import org.springframework.security.AuthenticationException;
import org.springframework.security.ui.AuthenticationEntryPoint; import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.beans.factory.InitializingBean; import org.springframework.beans.factory.InitializingBean;
import org.springframework.util.Assert; import org.springframework.util.Assert;

16
config/pom.xml
Unescape View File

@ -22,22 +22,28 @@
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.springframework.security</groupId> <groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId> <artifactId>spring-security-core</artifactId>
<version>${project.version}</version> <version>${project.version}</version>
<classifier>tests</classifier> <classifier>tests</classifier>
<scope>test</scope> <scope>test</scope>
</dependency> </dependency>
<dependency> <dependency>
<groupId>commons-logging</groupId> <groupId>org.springframework.security</groupId>
<artifactId>commons-logging</artifactId> <artifactId>spring-security-web</artifactId>
<version>${project.version}</version>
<classifier>tests</classifier>
<scope>test</scope>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.springframework.security</groupId> <groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId> <artifactId>spring-security-openid</artifactId>
<version>${project.version}</version> <version>${project.version}</version>
<classifier>tests</classifier>
<scope>test</scope> <scope>test</scope>
</dependency> </dependency>
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
</dependency>
<dependency> <dependency>
<groupId>org.springframework.security</groupId> <groupId>org.springframework.security</groupId>
<artifactId>spring-security-ldap</artifactId> <artifactId>spring-security-ldap</artifactId>

4
config/src/main/java/org/springframework/security/config/AnonymousBeanDefinitionParser.java
Unescape View File

@ -8,8 +8,8 @@ import org.springframework.beans.factory.parsing.BeanComponentDefinition;
import org.springframework.beans.factory.support.RootBeanDefinition; import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.beans.factory.xml.BeanDefinitionParser; import org.springframework.beans.factory.xml.BeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext; import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.security.providers.anonymous.AnonymousAuthenticationProvider; import org.springframework.security.providers.AnonymousAuthenticationProvider;
import org.springframework.security.ui.anonymous.AnonymousProcessingFilter; import org.springframework.security.web.authentication.AnonymousProcessingFilter;
import org.springframework.util.StringUtils; import org.springframework.util.StringUtils;
import org.w3c.dom.Element; import org.w3c.dom.Element;

4
config/src/main/java/org/springframework/security/config/BasicAuthenticationBeanDefinitionParser.java
Unescape View File

@ -7,8 +7,8 @@ import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.springframework.beans.factory.support.RootBeanDefinition; import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.beans.factory.xml.BeanDefinitionParser; import org.springframework.beans.factory.xml.BeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext; import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.security.ui.basicauth.BasicProcessingFilter; import org.springframework.security.web.authentication.www.BasicProcessingFilter;
import org.springframework.security.ui.basicauth.BasicProcessingFilterEntryPoint; import org.springframework.security.web.authentication.www.BasicProcessingFilterEntryPoint;
import org.w3c.dom.Element; import org.w3c.dom.Element;
/** /**

4
config/src/main/java/org/springframework/security/config/CachingUserDetailsService.java
Unescape View File

@ -1,9 +1,9 @@
package org.springframework.security.config; package org.springframework.security.config;
import org.springframework.security.providers.dao.UserCache; import org.springframework.security.userdetails.UserCache;
import org.springframework.security.providers.dao.cache.NullUserCache;
import org.springframework.security.userdetails.UserDetailsService; import org.springframework.security.userdetails.UserDetailsService;
import org.springframework.security.userdetails.UserDetails; import org.springframework.security.userdetails.UserDetails;
import org.springframework.security.userdetails.cache.NullUserCache;
import org.springframework.util.Assert; import org.springframework.util.Assert;
/** /**

4
config/src/main/java/org/springframework/security/config/ConcurrentSessionsBeanDefinitionParser.java
Unescape View File

@ -10,9 +10,9 @@ import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.beans.factory.xml.BeanDefinitionParser; import org.springframework.beans.factory.xml.BeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext; import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.security.concurrent.ConcurrentSessionControllerImpl; import org.springframework.security.concurrent.ConcurrentSessionControllerImpl;
import org.springframework.security.concurrent.ConcurrentSessionFilter;
import org.springframework.security.concurrent.SessionRegistryImpl;
import org.springframework.security.providers.ProviderManager; import org.springframework.security.providers.ProviderManager;
import org.springframework.security.web.concurrent.ConcurrentSessionFilter;
import org.springframework.security.web.concurrent.SessionRegistryImpl;
import org.springframework.util.StringUtils; import org.springframework.util.StringUtils;
import org.w3c.dom.Element; import org.w3c.dom.Element;

4
config/src/main/java/org/springframework/security/config/EntryPointInjectionBeanPostProcessor.java
Unescape View File

@ -9,8 +9,8 @@ import org.springframework.beans.factory.BeanFactory;
import org.springframework.beans.factory.BeanFactoryAware; import org.springframework.beans.factory.BeanFactoryAware;
import org.springframework.beans.factory.config.BeanPostProcessor; import org.springframework.beans.factory.config.BeanPostProcessor;
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory; import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
import org.springframework.security.ui.AuthenticationEntryPoint; import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.ui.ExceptionTranslationFilter; import org.springframework.security.web.ExceptionTranslationFilter;
import org.springframework.util.Assert; import org.springframework.util.Assert;
/** /**

26
config/src/main/java/org/springframework/security/config/FilterChainProxyPostProcessor.java
Unescape View File

@ -18,19 +18,19 @@ import org.springframework.core.OrderComparator;
import org.springframework.core.Ordered; import org.springframework.core.Ordered;
import org.springframework.security.ConfigAttribute; import org.springframework.security.ConfigAttribute;
import org.springframework.security.config.ConfigUtils.FilterChainList; import org.springframework.security.config.ConfigUtils.FilterChainList;
import org.springframework.security.context.web.SecurityContextPersistenceFilter; import org.springframework.security.providers.AnonymousAuthenticationToken;
import org.springframework.security.intercept.web.DefaultFilterInvocationSecurityMetadataSource; import org.springframework.security.web.ExceptionTranslationFilter;
import org.springframework.security.intercept.web.FilterSecurityInterceptor; import org.springframework.security.web.FilterChainProxy;
import org.springframework.security.providers.anonymous.AnonymousAuthenticationToken; import org.springframework.security.web.SessionFixationProtectionFilter;
import org.springframework.security.ui.ExceptionTranslationFilter; import org.springframework.security.web.authentication.AnonymousProcessingFilter;
import org.springframework.security.ui.SessionFixationProtectionFilter; import org.springframework.security.web.authentication.AuthenticationProcessingFilter;
import org.springframework.security.ui.anonymous.AnonymousProcessingFilter; import org.springframework.security.web.authentication.AuthenticationProcessingFilterEntryPoint;
import org.springframework.security.ui.basicauth.BasicProcessingFilter; import org.springframework.security.web.authentication.DefaultLoginPageGeneratingFilter;
import org.springframework.security.ui.webapp.AuthenticationProcessingFilter; import org.springframework.security.web.authentication.www.BasicProcessingFilter;
import org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint; import org.springframework.security.web.context.SecurityContextPersistenceFilter;
import org.springframework.security.ui.webapp.DefaultLoginPageGeneratingFilter; import org.springframework.security.web.intercept.DefaultFilterInvocationSecurityMetadataSource;
import org.springframework.security.web.util.FilterChainProxy; import org.springframework.security.web.intercept.FilterSecurityInterceptor;
import org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter; import org.springframework.security.web.wrapper.SecurityContextHolderAwareRequestFilter;
/** /**
* *

6
config/src/main/java/org/springframework/security/config/FilterInvocationSecurityMetadataSourceBeanDefinitionParser.java
Unescape View File

@ -7,10 +7,10 @@ import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.springframework.beans.factory.xml.AbstractSingleBeanDefinitionParser; import org.springframework.beans.factory.xml.AbstractSingleBeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext; import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.security.ConfigAttribute; import org.springframework.security.ConfigAttribute;
import org.springframework.security.intercept.web.FilterInvocationSecurityMetadataSource;
import org.springframework.security.intercept.web.RequestKey;
import org.springframework.security.util.AntUrlPathMatcher; import org.springframework.security.util.AntUrlPathMatcher;
import org.springframework.security.util.UrlMatcher; import org.springframework.security.util.UrlMatcher;
import org.springframework.security.web.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.security.web.intercept.RequestKey;
import org.springframework.util.StringUtils; import org.springframework.util.StringUtils;
import org.springframework.util.xml.DomUtils; import org.springframework.util.xml.DomUtils;
import org.w3c.dom.Element; import org.w3c.dom.Element;
@ -24,7 +24,7 @@ import org.w3c.dom.Element;
public class FilterInvocationSecurityMetadataSourceBeanDefinitionParser extends AbstractSingleBeanDefinitionParser { public class FilterInvocationSecurityMetadataSourceBeanDefinitionParser extends AbstractSingleBeanDefinitionParser {
protected String getBeanClassName(Element element) { protected String getBeanClassName(Element element) {
return "org.springframework.security.intercept.web.DefaultFilterInvocationSecurityMetadataSource"; return "org.springframework.security.web.intercept.DefaultFilterInvocationSecurityMetadataSource";
} }
protected void doParse(Element element, ParserContext parserContext, BeanDefinitionBuilder builder) { protected void doParse(Element element, ParserContext parserContext, BeanDefinitionBuilder builder) {

8
config/src/main/java/org/springframework/security/config/FormLoginBeanDefinitionParser.java
Unescape View File

@ -7,10 +7,10 @@ import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.springframework.beans.factory.support.RootBeanDefinition; import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.beans.factory.xml.BeanDefinitionParser; import org.springframework.beans.factory.xml.BeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext; import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.security.ui.SavedRequestAwareAuthenticationSuccessHandler; import org.springframework.security.web.authentication.AuthenticationProcessingFilterEntryPoint;
import org.springframework.security.ui.SimpleUrlAuthenticationFailureHandler; import org.springframework.security.web.authentication.DefaultLoginPageGeneratingFilter;
import org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint; import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.security.ui.webapp.DefaultLoginPageGeneratingFilter; import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.util.StringUtils; import org.springframework.util.StringUtils;
import org.w3c.dom.Element; import org.w3c.dom.Element;

8
config/src/main/java/org/springframework/security/config/GlobalMethodSecurityBeanDefinitionParser.java
Unescape View File

@ -45,10 +45,10 @@ class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionParser {
private final Log logger = LogFactory.getLog(getClass()); private final Log logger = LogFactory.getLog(getClass());
private static final String SECURED_METHOD_DEFINITION_SOURCE_CLASS = "org.springframework.security.annotation.SecuredMethodSecurityMetadataSource"; static final String SECURED_METHOD_DEFINITION_SOURCE_CLASS = "org.springframework.security.annotation.SecuredMethodSecurityMetadataSource";
private static final String EXPRESSION_METHOD_DEFINITION_SOURCE_CLASS = "org.springframework.security.expression.method.ExpressionAnnotationMethodSecurityMetadataSource"; static final String EXPRESSION_METHOD_DEFINITION_SOURCE_CLASS = "org.springframework.security.expression.method.ExpressionAnnotationMethodSecurityMetadataSource";
private static final String JSR_250_SECURITY_METHOD_DEFINITION_SOURCE_CLASS = "org.springframework.security.annotation.Jsr250MethodSecurityMetadataSource"; static final String JSR_250_SECURITY_METHOD_DEFINITION_SOURCE_CLASS = "org.springframework.security.annotation.Jsr250MethodSecurityMetadataSource";
private static final String JSR_250_VOTER_CLASS = "org.springframework.security.annotation.Jsr250Voter"; static final String JSR_250_VOTER_CLASS = "org.springframework.security.annotation.Jsr250Voter";
/* /*
* Internal Bean IDs which are only used within this class * Internal Bean IDs which are only used within this class

52
config/src/main/java/org/springframework/security/config/HttpSecurityBeanDefinitionParser.java
Unescape View File

@ -19,30 +19,30 @@ import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.security.ConfigAttribute; import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeEditor; import org.springframework.security.ConfigAttributeEditor;
import org.springframework.security.SecurityConfig; import org.springframework.security.SecurityConfig;
import org.springframework.security.context.web.HttpSessionSecurityContextRepository;
import org.springframework.security.context.web.SecurityContextPersistenceFilter;
import org.springframework.security.expression.web.WebExpressionVoter;
import org.springframework.security.intercept.web.DefaultFilterInvocationSecurityMetadataSource;
import org.springframework.security.intercept.web.FilterSecurityInterceptor;
import org.springframework.security.intercept.web.RequestKey;
import org.springframework.security.securechannel.ChannelDecisionManagerImpl;
import org.springframework.security.securechannel.ChannelProcessingFilter;
import org.springframework.security.securechannel.InsecureChannelProcessor;
import org.springframework.security.securechannel.RetryWithHttpEntryPoint;
import org.springframework.security.securechannel.RetryWithHttpsEntryPoint;
import org.springframework.security.securechannel.SecureChannelProcessor;
import org.springframework.security.ui.AccessDeniedHandlerImpl;
import org.springframework.security.ui.ExceptionTranslationFilter;
import org.springframework.security.ui.SessionFixationProtectionFilter;
import org.springframework.security.ui.webapp.DefaultLoginPageGeneratingFilter;
import org.springframework.security.util.AntUrlPathMatcher; import org.springframework.security.util.AntUrlPathMatcher;
import org.springframework.security.util.RegexUrlPathMatcher; import org.springframework.security.util.RegexUrlPathMatcher;
import org.springframework.security.util.UrlMatcher; import org.springframework.security.util.UrlMatcher;
import org.springframework.security.vote.AccessDecisionVoter; import org.springframework.security.vote.AccessDecisionVoter;
import org.springframework.security.vote.AuthenticatedVoter; import org.springframework.security.vote.AuthenticatedVoter;
import org.springframework.security.vote.RoleVoter; import org.springframework.security.vote.RoleVoter;
import org.springframework.security.web.util.FilterChainProxy; import org.springframework.security.web.AccessDeniedHandlerImpl;
import org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter; import org.springframework.security.web.ExceptionTranslationFilter;
import org.springframework.security.web.FilterChainProxy;
import org.springframework.security.web.SessionFixationProtectionFilter;
import org.springframework.security.web.authentication.DefaultLoginPageGeneratingFilter;
import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
import org.springframework.security.web.context.SecurityContextPersistenceFilter;
import org.springframework.security.web.expression.WebExpressionVoter;
import org.springframework.security.web.intercept.DefaultFilterInvocationSecurityMetadataSource;
import org.springframework.security.web.intercept.FilterSecurityInterceptor;
import org.springframework.security.web.intercept.RequestKey;
import org.springframework.security.web.securechannel.ChannelDecisionManagerImpl;
import org.springframework.security.web.securechannel.ChannelProcessingFilter;
import org.springframework.security.web.securechannel.InsecureChannelProcessor;
import org.springframework.security.web.securechannel.RetryWithHttpEntryPoint;
import org.springframework.security.web.securechannel.RetryWithHttpsEntryPoint;
import org.springframework.security.web.securechannel.SecureChannelProcessor;
import org.springframework.security.web.wrapper.SecurityContextHolderAwareRequestFilter;
import org.springframework.util.StringUtils; import org.springframework.util.StringUtils;
import org.springframework.util.xml.DomUtils; import org.springframework.util.xml.DomUtils;
import org.w3c.dom.Element; import org.w3c.dom.Element;
@ -106,8 +106,12 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
private static final String ATT_DISABLE_URL_REWRITING = "disable-url-rewriting"; private static final String ATT_DISABLE_URL_REWRITING = "disable-url-rewriting";
private static final String EXPRESSION_FIDS_CLASS = "org.springframework.security.expression.web.ExpressionBasedFilterInvocationSecurityMetadataSource"; static final String OPEN_ID_AUTHENTICATION_PROCESSING_FILTER_CLASS = "org.springframework.security.openid.OpenIDAuthenticationProcessingFilter";
private static final String EXPRESSION_HANDLER_CLASS = "org.springframework.security.expression.web.support.DefaultWebSecurityExpressionHandler"; static final String OPEN_ID_AUTHENTICATION_PROVIDER_CLASS = "org.springframework.security.openid.OpenIDAuthenticationProvider";
static final String AUTHENTICATION_PROCESSING_FILTER_CLASS = "org.springframework.security.web.authentication.AuthenticationProcessingFilter";
static final String EXPRESSION_FIMDS_CLASS = "org.springframework.security.web.expression.ExpressionBasedFilterInvocationSecurityMetadataSource";
static final String EXPRESSION_HANDLER_CLASS = "org.springframework.security.web.expression.DefaultWebSecurityExpressionHandler";
private static final String EXPRESSION_HANDLER_ID = "_webExpressionHandler"; private static final String EXPRESSION_HANDLER_ID = "_webExpressionHandler";
@SuppressWarnings("unchecked") @SuppressWarnings("unchecked")
@ -166,7 +170,7 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
expressionHandlerRef = EXPRESSION_HANDLER_ID; expressionHandlerRef = EXPRESSION_HANDLER_ID;
} }
fidsBuilder = BeanDefinitionBuilder.rootBeanDefinition(EXPRESSION_FIDS_CLASS); fidsBuilder = BeanDefinitionBuilder.rootBeanDefinition(EXPRESSION_FIMDS_CLASS);
fidsBuilder.addConstructorArgValue(matcher); fidsBuilder.addConstructorArgValue(matcher);
fidsBuilder.addConstructorArgValue(requestToAttributesMap); fidsBuilder.addConstructorArgValue(requestToAttributesMap);
fidsBuilder.addConstructorArgReference(expressionHandlerRef); fidsBuilder.addConstructorArgReference(expressionHandlerRef);
@ -437,7 +441,7 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
if (formLoginElt != null || autoConfig) { if (formLoginElt != null || autoConfig) {
FormLoginBeanDefinitionParser parser = new FormLoginBeanDefinitionParser("/j_spring_security_check", FormLoginBeanDefinitionParser parser = new FormLoginBeanDefinitionParser("/j_spring_security_check",
"org.springframework.security.ui.webapp.AuthenticationProcessingFilter"); AUTHENTICATION_PROCESSING_FILTER_CLASS);
parser.parse(formLoginElt, pc); parser.parse(formLoginElt, pc);
formLoginFilter = parser.getFilterBean(); formLoginFilter = parser.getFilterBean();
@ -449,7 +453,7 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
if (openIDLoginElt != null) { if (openIDLoginElt != null) {
FormLoginBeanDefinitionParser parser = new FormLoginBeanDefinitionParser("/j_spring_openid_security_check", FormLoginBeanDefinitionParser parser = new FormLoginBeanDefinitionParser("/j_spring_openid_security_check",
"org.springframework.security.ui.openid.OpenIDAuthenticationProcessingFilter"); OPEN_ID_AUTHENTICATION_PROCESSING_FILTER_CLASS);
parser.parse(openIDLoginElt, pc); parser.parse(openIDLoginElt, pc);
openIDFilter = parser.getFilterBean(); openIDFilter = parser.getFilterBean();
@ -457,7 +461,7 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
openIDLoginPage = parser.getLoginPage(); openIDLoginPage = parser.getLoginPage();
BeanDefinitionBuilder openIDProviderBuilder = BeanDefinitionBuilder openIDProviderBuilder =
BeanDefinitionBuilder.rootBeanDefinition("org.springframework.security.providers.openid.OpenIDAuthenticationProvider"); BeanDefinitionBuilder.rootBeanDefinition(OPEN_ID_AUTHENTICATION_PROVIDER_CLASS);
String userService = openIDLoginElt.getAttribute(ATT_USER_SERVICE_REF); String userService = openIDLoginElt.getAttribute(ATT_USER_SERVICE_REF);

4
config/src/main/java/org/springframework/security/config/LogoutBeanDefinitionParser.java
Unescape View File

@ -6,8 +6,8 @@ import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.springframework.beans.factory.support.ManagedList; import org.springframework.beans.factory.support.ManagedList;
import org.springframework.beans.factory.xml.BeanDefinitionParser; import org.springframework.beans.factory.xml.BeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext; import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.security.ui.logout.LogoutFilter; import org.springframework.security.web.logout.LogoutFilter;
import org.springframework.security.ui.logout.SecurityContextLogoutHandler; import org.springframework.security.web.logout.SecurityContextLogoutHandler;
import org.springframework.util.StringUtils; import org.springframework.util.StringUtils;
import org.w3c.dom.Element; import org.w3c.dom.Element;

2
config/src/main/java/org/springframework/security/config/OrderedFilterBeanDefinitionDecorator.java
Unescape View File

@ -15,7 +15,7 @@ import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.springframework.beans.factory.xml.BeanDefinitionDecorator; import org.springframework.beans.factory.xml.BeanDefinitionDecorator;
import org.springframework.beans.factory.xml.ParserContext; import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.core.Ordered; import org.springframework.core.Ordered;
import org.springframework.security.ui.FilterChainOrder; import org.springframework.security.web.FilterChainOrder;
import org.springframework.util.Assert; import org.springframework.util.Assert;
import org.springframework.util.StringUtils; import org.springframework.util.StringUtils;
import org.w3c.dom.Element; import org.w3c.dom.Element;

4
config/src/main/java/org/springframework/security/config/PortMappingsBeanDefinitionParser.java
Unescape View File

@ -1,6 +1,6 @@
package org.springframework.security.config; package org.springframework.security.config;
import org.springframework.security.web.util.PortMapperImpl; import org.springframework.security.web.PortMapperImpl;
import org.springframework.beans.factory.xml.BeanDefinitionParser; import org.springframework.beans.factory.xml.BeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext; import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.beans.factory.config.BeanDefinition; import org.springframework.beans.factory.config.BeanDefinition;
@ -15,7 +15,7 @@ import java.util.Map;
import java.util.HashMap; import java.util.HashMap;
/** /**
* Parses a port-mappings element, producing a single {@link org.springframework.security.web.util.PortMapperImpl} * Parses a port-mappings element, producing a single {@link org.springframework.security.web.PortMapperImpl}
* bean. * bean.
* *
* @author Luke Taylor * @author Luke Taylor

10
config/src/main/java/org/springframework/security/config/RememberMeBeanDefinitionParser.java
Unescape View File

@ -7,11 +7,11 @@ import org.springframework.beans.factory.config.RuntimeBeanReference;
import org.springframework.beans.factory.support.RootBeanDefinition; import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.beans.factory.xml.BeanDefinitionParser; import org.springframework.beans.factory.xml.BeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext; import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.security.ui.rememberme.JdbcTokenRepositoryImpl; import org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl;
import org.springframework.security.ui.rememberme.PersistentTokenBasedRememberMeServices; import org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices;
import org.springframework.security.ui.rememberme.RememberMeProcessingFilter; import org.springframework.security.web.authentication.rememberme.RememberMeProcessingFilter;
import org.springframework.security.ui.rememberme.TokenBasedRememberMeServices; import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;
import org.springframework.security.providers.rememberme.RememberMeAuthenticationProvider; import org.springframework.security.providers.RememberMeAuthenticationProvider;
import org.springframework.util.StringUtils; import org.springframework.util.StringUtils;
import org.w3c.dom.Element; import org.w3c.dom.Element;

6
config/src/main/java/org/springframework/security/config/RememberMeServicesInjectionBeanPostProcessor.java
Unescape View File

@ -9,9 +9,9 @@ import org.springframework.beans.factory.BeanFactory;
import org.springframework.beans.factory.BeanFactoryAware; import org.springframework.beans.factory.BeanFactoryAware;
import org.springframework.beans.factory.ListableBeanFactory; import org.springframework.beans.factory.ListableBeanFactory;
import org.springframework.beans.factory.config.BeanPostProcessor; import org.springframework.beans.factory.config.BeanPostProcessor;
import org.springframework.security.ui.AbstractProcessingFilter; import org.springframework.security.web.authentication.AbstractProcessingFilter;
import org.springframework.security.ui.basicauth.BasicProcessingFilter; import org.springframework.security.web.authentication.rememberme.RememberMeServices;
import org.springframework.security.ui.rememberme.RememberMeServices; import org.springframework.security.web.authentication.www.BasicProcessingFilter;
import org.springframework.util.Assert; import org.springframework.util.Assert;
/** /**

4
config/src/main/java/org/springframework/security/config/SessionRegistryInjectionBeanPostProcessor.java
Unescape View File

@ -11,8 +11,8 @@ import org.springframework.beans.factory.config.BeanPostProcessor;
import org.springframework.security.concurrent.ConcurrentSessionController; import org.springframework.security.concurrent.ConcurrentSessionController;
import org.springframework.security.concurrent.ConcurrentSessionControllerImpl; import org.springframework.security.concurrent.ConcurrentSessionControllerImpl;
import org.springframework.security.concurrent.SessionRegistry; import org.springframework.security.concurrent.SessionRegistry;
import org.springframework.security.ui.AbstractProcessingFilter; import org.springframework.security.web.SessionFixationProtectionFilter;
import org.springframework.security.ui.SessionFixationProtectionFilter; import org.springframework.security.web.authentication.AbstractProcessingFilter;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;

2
config/src/main/java/org/springframework/security/config/UserDetailsServiceInjectionBeanPostProcessor.java
Unescape View File

@ -13,9 +13,9 @@ import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
import org.springframework.beans.factory.config.RuntimeBeanReference; import org.springframework.beans.factory.config.RuntimeBeanReference;
import org.springframework.beans.factory.support.RootBeanDefinition; import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationProvider; import org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationProvider;
import org.springframework.security.ui.rememberme.AbstractRememberMeServices;
import org.springframework.security.userdetails.UserDetailsByNameServiceWrapper; import org.springframework.security.userdetails.UserDetailsByNameServiceWrapper;
import org.springframework.security.userdetails.UserDetailsService; import org.springframework.security.userdetails.UserDetailsService;
import org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices;
import org.springframework.util.Assert; import org.springframework.util.Assert;
/** /**

6
config/src/main/java/org/springframework/security/config/X509BeanDefinitionParser.java
Unescape View File

@ -1,9 +1,9 @@
package org.springframework.security.config; package org.springframework.security.config;
import org.springframework.security.ui.preauth.PreAuthenticatedProcessingFilterEntryPoint;
import org.springframework.security.ui.preauth.x509.X509PreAuthenticatedProcessingFilter;
import org.springframework.security.ui.preauth.x509.SubjectDnX509PrincipalExtractor;
import org.springframework.security.userdetails.UserDetailsByNameServiceWrapper; import org.springframework.security.userdetails.UserDetailsByNameServiceWrapper;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedProcessingFilterEntryPoint;
import org.springframework.security.web.authentication.preauth.x509.SubjectDnX509PrincipalExtractor;
import org.springframework.security.web.authentication.preauth.x509.X509PreAuthenticatedProcessingFilter;
import org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationProvider; import org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationProvider;
import org.springframework.beans.factory.xml.BeanDefinitionParser; import org.springframework.beans.factory.xml.BeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext; import org.springframework.beans.factory.xml.ParserContext;

17
config/src/test/java/org/springframework/security/config/FilterInvocationDefinitionSourceParserTests.java → config/src/test/java/org/springframework/security/config/FilterInvocationSecurityMetadataSourceBeanDefinitionParserTests.java
Unescape View File

@ -1,6 +1,7 @@
package org.springframework.security.config; package org.springframework.security.config;
import static org.junit.Assert.*; import static org.junit.Assert.*;
import static org.mockito.Mockito.*;
import java.util.List; import java.util.List;
@ -13,15 +14,16 @@ import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.ConfigAttribute; import org.springframework.security.ConfigAttribute;
import org.springframework.security.SecurityConfig; import org.springframework.security.SecurityConfig;
import org.springframework.security.config.util.InMemoryXmlApplicationContext; import org.springframework.security.config.util.InMemoryXmlApplicationContext;
import org.springframework.security.intercept.web.DefaultFilterInvocationSecurityMetadataSource; import org.springframework.security.web.intercept.DefaultFilterInvocationSecurityMetadataSource;
import org.springframework.security.intercept.web.FilterInvocation; import org.springframework.security.web.intercept.FilterInvocation;
import org.w3c.dom.Element;
/** /**
* * Tests for {@link FilterInvocationSecurityMetadataSourceBeanDefinitionParser}.
* @author Luke Taylor * @author Luke Taylor
* @version $Id$ * @version $Id$
*/ */
public class FilterInvocationDefinitionSourceParserTests { public class FilterInvocationSecurityMetadataSourceBeanDefinitionParserTests {
private AbstractXmlApplicationContext appContext; private AbstractXmlApplicationContext appContext;
@After @After
@ -36,6 +38,11 @@ public class FilterInvocationDefinitionSourceParserTests {
appContext = new InMemoryXmlApplicationContext(context); appContext = new InMemoryXmlApplicationContext(context);
} }
@Test
public void beanClassNameIsCorrect() throws Exception {
assertEquals(DefaultFilterInvocationSecurityMetadataSource.class.getName(), new FilterInvocationSecurityMetadataSourceBeanDefinitionParser().getBeanClassName(mock(Element.class)));
}
@Test @Test
public void parsingMinimalConfigurationIsSuccessful() { public void parsingMinimalConfigurationIsSuccessful() {
setContext( setContext(
@ -52,7 +59,7 @@ public class FilterInvocationDefinitionSourceParserTests {
public void parsingWithinFilterSecurityInterceptorIsSuccessful() { public void parsingWithinFilterSecurityInterceptorIsSuccessful() {
setContext( setContext(
"<http auto-config='true'/>" + "<http auto-config='true'/>" +
"<b:bean id='fsi' class='org.springframework.security.intercept.web.FilterSecurityInterceptor' autowire='byType'>" + "<b:bean id='fsi' class='org.springframework.security.web.intercept.FilterSecurityInterceptor' autowire='byType'>" +
" <b:property name='securityMetadataSource'>" + " <b:property name='securityMetadataSource'>" +
" <filter-invocation-definition-source>" + " <filter-invocation-definition-source>" +
" <intercept-url pattern='/secure/extreme/**' access='ROLE_SUPERVISOR'/>" + " <intercept-url pattern='/secure/extreme/**' access='ROLE_SUPERVISOR'/>" +

13
config/src/test/java/org/springframework/security/config/GlobalMethodSecurityBeanDefinitionParserTests.java
Unescape View File

@ -1,6 +1,7 @@
package org.springframework.security.config; package org.springframework.security.config;
import static org.junit.Assert.*; import static org.junit.Assert.*;
import static org.springframework.security.config.GlobalMethodSecurityBeanDefinitionParser.*;
import static org.springframework.security.config.ConfigTestUtils.AUTH_PROVIDER_XML; import static org.springframework.security.config.ConfigTestUtils.AUTH_PROVIDER_XML;
import java.util.ArrayList; import java.util.ArrayList;
@ -14,8 +15,12 @@ import org.springframework.security.AccessDeniedException;
import org.springframework.security.AuthenticationCredentialsNotFoundException; import org.springframework.security.AuthenticationCredentialsNotFoundException;
import org.springframework.security.afterinvocation.AfterInvocationProviderManager; import org.springframework.security.afterinvocation.AfterInvocationProviderManager;
import org.springframework.security.annotation.BusinessService; import org.springframework.security.annotation.BusinessService;
import org.springframework.security.annotation.Jsr250MethodSecurityMetadataSource;
import org.springframework.security.annotation.Jsr250Voter;
import org.springframework.security.annotation.SecuredMethodSecurityMetadataSource;
import org.springframework.security.config.util.InMemoryXmlApplicationContext; import org.springframework.security.config.util.InMemoryXmlApplicationContext;
import org.springframework.security.context.SecurityContextHolder; import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.expression.method.ExpressionAnnotationMethodSecurityMetadataSource;
import org.springframework.security.expression.method.MethodExpressionAfterInvocationProvider; import org.springframework.security.expression.method.MethodExpressionAfterInvocationProvider;
import org.springframework.security.expression.method.MethodExpressionVoter; import org.springframework.security.expression.method.MethodExpressionVoter;
import org.springframework.security.providers.TestingAuthenticationToken; import org.springframework.security.providers.TestingAuthenticationToken;
@ -56,6 +61,14 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
target = null; target = null;
} }
@Test
public void beanClassNamesAreCorrect() throws Exception {
assertEquals(SecuredMethodSecurityMetadataSource.class.getName(), SECURED_METHOD_DEFINITION_SOURCE_CLASS);
assertEquals(ExpressionAnnotationMethodSecurityMetadataSource.class.getName(), EXPRESSION_METHOD_DEFINITION_SOURCE_CLASS);
assertEquals(Jsr250MethodSecurityMetadataSource.class.getName(), JSR_250_SECURITY_METHOD_DEFINITION_SOURCE_CLASS);
assertEquals(Jsr250Voter.class.getName(), JSR_250_VOTER_CLASS);
}
@Test(expected=AuthenticationCredentialsNotFoundException.class) @Test(expected=AuthenticationCredentialsNotFoundException.class)
public void targetShouldPreventProtectedMethodInvocationWithNoContext() { public void targetShouldPreventProtectedMethodInvocationWithNoContext() {
loadContext(); loadContext();

104
config/src/test/java/org/springframework/security/config/HttpSecurityBeanDefinitionParserTests.java
Unescape View File

@ -2,6 +2,7 @@ package org.springframework.security.config;
import static org.junit.Assert.*; import static org.junit.Assert.*;
import static org.springframework.security.config.ConfigTestUtils.AUTH_PROVIDER_XML; import static org.springframework.security.config.ConfigTestUtils.AUTH_PROVIDER_XML;
import static org.springframework.security.config.HttpSecurityBeanDefinitionParser.*;
import java.lang.reflect.Method; import java.lang.reflect.Method;
import java.util.Iterator; import java.util.Iterator;
@ -24,34 +25,43 @@ import org.springframework.security.MockAuthenticationEntryPoint;
import org.springframework.security.SecurityConfig; import org.springframework.security.SecurityConfig;
import org.springframework.security.concurrent.ConcurrentLoginException; import org.springframework.security.concurrent.ConcurrentLoginException;
import org.springframework.security.concurrent.ConcurrentSessionControllerImpl; import org.springframework.security.concurrent.ConcurrentSessionControllerImpl;
import org.springframework.security.concurrent.ConcurrentSessionFilter;
import org.springframework.security.config.util.InMemoryXmlApplicationContext; import org.springframework.security.config.util.InMemoryXmlApplicationContext;
import org.springframework.security.context.SecurityContextHolder; import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.context.web.HttpSessionSecurityContextRepository; import org.springframework.security.openid.OpenIDAuthenticationProcessingFilter;
import org.springframework.security.context.web.SecurityContextPersistenceFilter; import org.springframework.security.openid.OpenIDAuthenticationProvider;
import org.springframework.security.intercept.web.FilterInvocation;
import org.springframework.security.intercept.web.FilterInvocationSecurityMetadataSource;
import org.springframework.security.intercept.web.FilterSecurityInterceptor;
import org.springframework.security.providers.TestingAuthenticationToken; import org.springframework.security.providers.TestingAuthenticationToken;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken; import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
import org.springframework.security.securechannel.ChannelProcessingFilter;
import org.springframework.security.ui.AuthenticationFailureHandler;
import org.springframework.security.ui.AuthenticationSuccessHandler;
import org.springframework.security.ui.ExceptionTranslationFilter;
import org.springframework.security.ui.SessionFixationProtectionFilter;
import org.springframework.security.ui.WebAuthenticationDetails;
import org.springframework.security.ui.anonymous.AnonymousProcessingFilter;
import org.springframework.security.ui.basicauth.BasicProcessingFilter;
import org.springframework.security.ui.logout.LogoutFilter;
import org.springframework.security.ui.logout.LogoutHandler;
import org.springframework.security.ui.preauth.x509.X509PreAuthenticatedProcessingFilter;
import org.springframework.security.ui.rememberme.PersistentTokenBasedRememberMeServices;
import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;
import org.springframework.security.ui.webapp.DefaultLoginPageGeneratingFilter;
import org.springframework.security.util.FieldUtils; import org.springframework.security.util.FieldUtils;
import org.springframework.security.web.util.FilterChainProxy; import org.springframework.security.web.ExceptionTranslationFilter;
import org.springframework.security.web.util.PortMapperImpl; import org.springframework.security.web.FilterChainProxy;
import org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter; import org.springframework.security.web.PortMapperImpl;
import org.springframework.security.web.SessionFixationProtectionFilter;
import org.springframework.security.web.WebAuthenticationDetails;
import org.springframework.security.web.authentication.AnonymousProcessingFilter;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationProcessingFilter;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.DefaultLoginPageGeneratingFilter;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.security.web.authentication.preauth.x509.X509PreAuthenticatedProcessingFilter;
import org.springframework.security.web.authentication.rememberme.InMemoryTokenRepositoryImpl;
import org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices;
import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;
import org.springframework.security.web.authentication.www.BasicProcessingFilter;
import org.springframework.security.web.concurrent.ConcurrentSessionFilter;
import org.springframework.security.web.concurrent.SessionRegistryImpl;
import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
import org.springframework.security.web.context.SecurityContextPersistenceFilter;
import org.springframework.security.web.expression.DefaultWebSecurityExpressionHandler;
import org.springframework.security.web.expression.ExpressionBasedFilterInvocationSecurityMetadataSource;
import org.springframework.security.web.intercept.FilterInvocation;
import org.springframework.security.web.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.security.web.intercept.FilterSecurityInterceptor;
import org.springframework.security.web.logout.LogoutFilter;
import org.springframework.security.web.logout.LogoutHandler;
import org.springframework.security.web.securechannel.ChannelProcessingFilter;
import org.springframework.security.web.wrapper.SecurityContextHolderAwareRequestFilter;
import org.springframework.util.ReflectionUtils; import org.springframework.util.ReflectionUtils;
/** /**
@ -76,6 +86,15 @@ public class HttpSecurityBeanDefinitionParserTests {
setContext("<http><http-basic /></http>" + AUTH_PROVIDER_XML); setContext("<http><http-basic /></http>" + AUTH_PROVIDER_XML);
} }
@Test
public void beanClassNamesAreCorrect() throws Exception {
assertEquals(DefaultWebSecurityExpressionHandler.class.getName(), EXPRESSION_HANDLER_CLASS);
assertEquals(ExpressionBasedFilterInvocationSecurityMetadataSource.class.getName(), EXPRESSION_FIMDS_CLASS);
assertEquals(AuthenticationProcessingFilter.class.getName(), AUTHENTICATION_PROCESSING_FILTER_CLASS);
assertEquals(OpenIDAuthenticationProcessingFilter.class.getName(), OPEN_ID_AUTHENTICATION_PROCESSING_FILTER_CLASS);
assertEquals(OpenIDAuthenticationProvider.class.getName(), OPEN_ID_AUTHENTICATION_PROVIDER_CLASS);
}
@Test @Test
public void httpAutoConfigSetsUpCorrectFilterList() throws Exception { public void httpAutoConfigSetsUpCorrectFilterList() throws Exception {
setContext("<http auto-config='true' />" + AUTH_PROVIDER_XML); setContext("<http auto-config='true' />" + AUTH_PROVIDER_XML);
@ -142,7 +161,7 @@ public class HttpSecurityBeanDefinitionParserTests {
// This will be matched by the default pattern ".*" // This will be matched by the default pattern ".*"
List<Filter> allFilters = getFilters("/ImCaughtByTheUniversalMatchPattern"); List<Filter> allFilters = getFilters("/ImCaughtByTheUniversalMatchPattern");
checkAutoConfigFilters(allFilters); checkAutoConfigFilters(allFilters);
assertEquals(false, FieldUtils.getFieldValue(appContext.getBean("_filterChainProxy"), "stripQueryStringFromUrls")); assertEquals(false, FieldUtils.getFieldValue(appContext.getBean(BeanIds.FILTER_CHAIN_PROXY), "stripQueryStringFromUrls"));
assertEquals(false, FieldUtils.getFieldValue(allFilters.get(AUTO_CONFIG_FILTERS-1), "securityMetadataSource.stripQueryStringFromUrls")); assertEquals(false, FieldUtils.getFieldValue(allFilters.get(AUTO_CONFIG_FILTERS-1), "securityMetadataSource.stripQueryStringFromUrls"));
} }
@ -335,19 +354,22 @@ public class HttpSecurityBeanDefinitionParserTests {
@Test @Test
public void externalFiltersAreTreatedCorrectly() throws Exception { public void externalFiltersAreTreatedCorrectly() throws Exception {
// Decorated user-filters should be added to stack. The others should be ignored. // Decorated user-filters should be added to stack. The others should be ignored.
String contextHolderFilterClass = SecurityContextHolderAwareRequestFilter.class.getName();
String contextPersistenceFilterClass = SecurityContextPersistenceFilter.class.getName();
setContext( setContext(
"<http auto-config='true'/>" + AUTH_PROVIDER_XML + "<http auto-config='true'/>" + AUTH_PROVIDER_XML +
"<b:bean id='userFilter' class='org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter'>" + "<b:bean id='userFilter' class='"+ contextHolderFilterClass +"'>" +
" <custom-filter after='LOGOUT_FILTER'/>" + " <custom-filter after='LOGOUT_FILTER'/>" +
"</b:bean>" + "</b:bean>" +
"<b:bean id='userFilter1' class='org.springframework.security.context.web.SecurityContextPersistenceFilter'>" + "<b:bean id='userFilter1' class='" + contextPersistenceFilterClass + "'>" +
" <custom-filter before='SESSION_CONTEXT_INTEGRATION_FILTER'/>" + " <custom-filter before='SESSION_CONTEXT_INTEGRATION_FILTER'/>" +
"</b:bean>" + "</b:bean>" +
"<b:bean id='userFilter2' class='org.springframework.security.context.web.SecurityContextPersistenceFilter'>" + "<b:bean id='userFilter2' class='" + contextPersistenceFilterClass + "'>" +
" <custom-filter position='FIRST'/>" + " <custom-filter position='FIRST'/>" +
"</b:bean>" + "</b:bean>" +
"<b:bean id='userFilter3' class='org.springframework.security.context.web.SecurityContextPersistenceFilter'/>" + "<b:bean id='userFilter3' class='" + contextPersistenceFilterClass + "'/>" +
"<b:bean id='userFilter4' class='org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter'/>" "<b:bean id='userFilter4' class='"+ contextHolderFilterClass +"'/>"
); );
List<Filter> filters = getFilters("/someurl"); List<Filter> filters = getFilters("/someurl");
@ -361,7 +383,7 @@ public class HttpSecurityBeanDefinitionParserTests {
public void twoFiltersWithSameOrderAreRejected() { public void twoFiltersWithSameOrderAreRejected() {
setContext( setContext(
"<http auto-config='true'/>" + AUTH_PROVIDER_XML + "<http auto-config='true'/>" + AUTH_PROVIDER_XML +
"<b:bean id='userFilter' class='org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter'>" + "<b:bean id='userFilter' class='" + SecurityContextHolderAwareRequestFilter.class.getName() + "'>" +
" <custom-filter position='LOGOUT_FILTER'/>" + " <custom-filter position='LOGOUT_FILTER'/>" +
"</b:bean>"); "</b:bean>");
} }
@ -373,7 +395,7 @@ public class HttpSecurityBeanDefinitionParserTests {
" <remember-me token-repository-ref='tokenRepo'/>" + " <remember-me token-repository-ref='tokenRepo'/>" +
"</http>" + "</http>" +
"<b:bean id='tokenRepo' " + "<b:bean id='tokenRepo' " +
"class='org.springframework.security.ui.rememberme.InMemoryTokenRepositoryImpl'/> " + AUTH_PROVIDER_XML); "class='" + InMemoryTokenRepositoryImpl.class.getName() + "'/> " + AUTH_PROVIDER_XML);
Object rememberMeServices = appContext.getBean(BeanIds.REMEMBER_ME_SERVICES); Object rememberMeServices = appContext.getBean(BeanIds.REMEMBER_ME_SERVICES);
assertTrue(rememberMeServices instanceof PersistentTokenBasedRememberMeServices); assertTrue(rememberMeServices instanceof PersistentTokenBasedRememberMeServices);
@ -400,7 +422,7 @@ public class HttpSecurityBeanDefinitionParserTests {
"<http auto-config='true'>" + "<http auto-config='true'>" +
" <remember-me key='ourkey' services-ref='rms'/>" + " <remember-me key='ourkey' services-ref='rms'/>" +
"</http>" + "</http>" +
"<b:bean id='rms' class='org.springframework.security.ui.rememberme.TokenBasedRememberMeServices'> " + "<b:bean id='rms' class='"+ TokenBasedRememberMeServices.class.getName() +"'> " +
" <b:property name='userDetailsService' ref='us'/>" + " <b:property name='userDetailsService' ref='us'/>" +
" <b:property name='key' value='ourkey'/>" + " <b:property name='key' value='ourkey'/>" +
" <b:property name='tokenValiditySeconds' value='5000'/>" + " <b:property name='tokenValiditySeconds' value='5000'/>" +
@ -486,7 +508,7 @@ public class HttpSecurityBeanDefinitionParserTests {
"<http auto-config='true'>" + "<http auto-config='true'>" +
" <concurrent-session-control session-registry-ref='seshRegistry' />" + " <concurrent-session-control session-registry-ref='seshRegistry' />" +
"</http>" + "</http>" +
"<b:bean id='seshRegistry' class='org.springframework.security.concurrent.SessionRegistryImpl'/>" + "<b:bean id='seshRegistry' class='" + SessionRegistryImpl.class.getName() + "'/>" +
AUTH_PROVIDER_XML); AUTH_PROVIDER_XML);
Object sessionRegistry = appContext.getBean("seshRegistry"); Object sessionRegistry = appContext.getBean("seshRegistry");
Object sessionRegistryFromFilter = FieldUtils.getFieldValue( Object sessionRegistryFromFilter = FieldUtils.getFieldValue(
@ -508,9 +530,9 @@ public class HttpSecurityBeanDefinitionParserTests {
"<http auto-config='true'>" + "<http auto-config='true'>" +
" <concurrent-session-control session-registry-alias='seshRegistry' expired-url='/expired'/>" + " <concurrent-session-control session-registry-alias='seshRegistry' expired-url='/expired'/>" +
"</http>" + "</http>" +
"<b:bean id='sc' class='org.springframework.security.concurrent.ConcurrentSessionControllerImpl'>" + "<b:bean id='sc' class='" + ConcurrentSessionControllerImpl.class.getName() +"'>" +
" <b:property name='sessionRegistry'>" + " <b:property name='sessionRegistry'>" +
" <b:bean class='org.springframework.security.concurrent.SessionRegistryImpl'/>" + " <b:bean class='"+ SessionRegistryImpl.class.getName() + "'/>" +
" </b:property>" + " </b:property>" +
"</b:bean>" + AUTH_PROVIDER_XML); "</b:bean>" + AUTH_PROVIDER_XML);
} }
@ -523,7 +545,7 @@ public class HttpSecurityBeanDefinitionParserTests {
"</http>" + "</http>" +
"<b:bean id='sc' class='org.springframework.security.concurrent.ConcurrentSessionControllerImpl'>" + "<b:bean id='sc' class='org.springframework.security.concurrent.ConcurrentSessionControllerImpl'>" +
" <b:property name='sessionRegistry'>" + " <b:property name='sessionRegistry'>" +
" <b:bean class='org.springframework.security.concurrent.SessionRegistryImpl'/>" + " <b:bean class='" + SessionRegistryImpl.class.getName() + "'/>" +
" </b:property>" + " </b:property>" +
"</b:bean>" + "</b:bean>" +
"<authentication-manager alias='authManager' session-controller-ref='sc'/>" + AUTH_PROVIDER_XML); "<authentication-manager alias='authManager' session-controller-ref='sc'/>" + AUTH_PROVIDER_XML);
@ -564,7 +586,7 @@ public class HttpSecurityBeanDefinitionParserTests {
public void customEntryPointIsSupported() throws Exception { public void customEntryPointIsSupported() throws Exception {
setContext( setContext(
"<http auto-config='true' entry-point-ref='entryPoint'/>" + "<http auto-config='true' entry-point-ref='entryPoint'/>" +
"<b:bean id='entryPoint' class='org.springframework.security.MockAuthenticationEntryPoint'>" + "<b:bean id='entryPoint' class='" + MockAuthenticationEntryPoint.class.getName() + "'>" +
" <b:constructor-arg value='/customlogin'/>" + " <b:constructor-arg value='/customlogin'/>" +
"</b:bean>" + AUTH_PROVIDER_XML); "</b:bean>" + AUTH_PROVIDER_XML);
ExceptionTranslationFilter etf = (ExceptionTranslationFilter) getFilters("/someurl").get(AUTO_CONFIG_FILTERS-3); ExceptionTranslationFilter etf = (ExceptionTranslationFilter) getFilters("/someurl").get(AUTO_CONFIG_FILTERS-3);
@ -693,7 +715,7 @@ public class HttpSecurityBeanDefinitionParserTests {
@Test @Test
public void supportsExternallyDefinedSecurityContextRepository() throws Exception { public void supportsExternallyDefinedSecurityContextRepository() throws Exception {
setContext( setContext(
"<b:bean id='repo' class='org.springframework.security.context.web.HttpSessionSecurityContextRepository'/>" + "<b:bean id='repo' class='" + HttpSessionSecurityContextRepository.class.getName() + "'/>" +
"<http create-session='always' security-context-repository-ref='repo'>" + "<http create-session='always' security-context-repository-ref='repo'>" +
" <http-basic />" + " <http-basic />" +
"</http>" + AUTH_PROVIDER_XML); "</http>" + AUTH_PROVIDER_XML);
@ -706,7 +728,7 @@ public class HttpSecurityBeanDefinitionParserTests {
@Test(expected=BeanDefinitionParsingException.class) @Test(expected=BeanDefinitionParsingException.class)
public void cantUseUnsupportedSessionCreationAttributeWithExternallyDefinedSecurityContextRepository() throws Exception { public void cantUseUnsupportedSessionCreationAttributeWithExternallyDefinedSecurityContextRepository() throws Exception {
setContext( setContext(
"<b:bean id='repo' class='org.springframework.security.context.web.HttpSessionSecurityContextRepository'/>" + "<b:bean id='repo' class='" + HttpSessionSecurityContextRepository.class.getName() + "'/>" +
"<http create-session='never' security-context-repository-ref='repo'>" + "<http create-session='never' security-context-repository-ref='repo'>" +
" <http-basic />" + " <http-basic />" +
"</http>" + AUTH_PROVIDER_XML); "</http>" + AUTH_PROVIDER_XML);
@ -746,8 +768,8 @@ public class HttpSecurityBeanDefinitionParserTests {
"<http>" + "<http>" +
" <form-login authentication-success-handler-ref='sh' authentication-failure-handler-ref='fh'/>" + " <form-login authentication-success-handler-ref='sh' authentication-failure-handler-ref='fh'/>" +
"</http>" + "</http>" +
"<b:bean id='sh' class='org.springframework.security.ui.SavedRequestAwareAuthenticationSuccessHandler'/>" + "<b:bean id='sh' class='" + SavedRequestAwareAuthenticationSuccessHandler.class.getName() +"'/>" +
"<b:bean id='fh' class='org.springframework.security.ui.SimpleUrlAuthenticationFailureHandler'/>" + "<b:bean id='fh' class='" + SimpleUrlAuthenticationFailureHandler.class.getName() + "'/>" +
AUTH_PROVIDER_XML); AUTH_PROVIDER_XML);
AuthenticationProcessingFilter apf = (AuthenticationProcessingFilter) appContext.getBean(BeanIds.FORM_LOGIN_FILTER); AuthenticationProcessingFilter apf = (AuthenticationProcessingFilter) appContext.getBean(BeanIds.FORM_LOGIN_FILTER);
AuthenticationSuccessHandler sh = (AuthenticationSuccessHandler) appContext.getBean("sh"); AuthenticationSuccessHandler sh = (AuthenticationSuccessHandler) appContext.getBean("sh");

8
config/src/test/java/org/springframework/security/config/SessionRegistryInjectionBeanPostProcessorTests.java
Unescape View File

@ -8,8 +8,10 @@ import org.springframework.context.support.AbstractXmlApplicationContext;
import org.springframework.security.Authentication; import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationException; import org.springframework.security.AuthenticationException;
import org.springframework.security.concurrent.ConcurrentSessionController; import org.springframework.security.concurrent.ConcurrentSessionController;
import org.springframework.security.concurrent.ConcurrentSessionControllerImpl;
import org.springframework.security.config.util.InMemoryXmlApplicationContext; import org.springframework.security.config.util.InMemoryXmlApplicationContext;
import org.springframework.security.util.FieldUtils; import org.springframework.security.util.FieldUtils;
import org.springframework.security.web.concurrent.SessionRegistryImpl;
/** /**
* *
@ -35,9 +37,9 @@ public class SessionRegistryInjectionBeanPostProcessorTests {
public void sessionRegistryIsSetOnFiltersWhenUsingCustomControllerWithInternalRegistryBean() throws Exception { public void sessionRegistryIsSetOnFiltersWhenUsingCustomControllerWithInternalRegistryBean() throws Exception {
setContext( setContext(
"<http auto-config='true'/>" + "<http auto-config='true'/>" +
"<b:bean id='sc' class='org.springframework.security.concurrent.ConcurrentSessionControllerImpl'>" + "<b:bean id='sc' class='" + ConcurrentSessionControllerImpl.class.getName() + "'>" +
" <b:property name='sessionRegistry'>" + " <b:property name='sessionRegistry'>" +
" <b:bean class='org.springframework.security.concurrent.SessionRegistryImpl'/>" + " <b:bean class='" + SessionRegistryImpl.class.getName() + "'/>" +
" </b:property>" + " </b:property>" +
"</b:bean>" + "</b:bean>" +
"<authentication-manager alias='authManager' session-controller-ref='sc'/>" + "<authentication-manager alias='authManager' session-controller-ref='sc'/>" +
@ -51,7 +53,7 @@ public class SessionRegistryInjectionBeanPostProcessorTests {
setContext( setContext(
"<http auto-config='true'/>" + "<http auto-config='true'/>" +
"<b:bean id='sc' class='org.springframework.security.config.SessionRegistryInjectionBeanPostProcessorTests$MockConcurrentSessionController'/>" + "<b:bean id='sc' class='org.springframework.security.config.SessionRegistryInjectionBeanPostProcessorTests$MockConcurrentSessionController'/>" +
"<b:bean id='sessionRegistry' class='org.springframework.security.concurrent.SessionRegistryImpl'/>" + "<b:bean id='sessionRegistry' class='" + SessionRegistryImpl.class.getName() + "'/>" +
"<authentication-manager alias='authManager' session-controller-ref='sc'/>" + "<authentication-manager alias='authManager' session-controller-ref='sc'/>" +
ConfigTestUtils.AUTH_PROVIDER_XML); ConfigTestUtils.AUTH_PROVIDER_XML);
assertNotNull(FieldUtils.getFieldValue(appContext.getBean(BeanIds.SESSION_FIXATION_PROTECTION_FILTER), "sessionRegistry")); assertNotNull(FieldUtils.getFieldValue(appContext.getBean(BeanIds.SESSION_FIXATION_PROTECTION_FILTER), "sessionRegistry"));

8
config/src/test/java/org/springframework/security/util/FilterChainProxyConfigTests.java
Unescape View File

@ -34,10 +34,10 @@ import org.springframework.context.support.ClassPathXmlApplicationContext;
import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse; import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.MockFilterConfig; import org.springframework.security.MockFilterConfig;
import org.springframework.security.context.web.SecurityContextPersistenceFilter; import org.springframework.security.web.FilterChainProxy;
import org.springframework.security.ui.webapp.AuthenticationProcessingFilter; import org.springframework.security.web.authentication.AuthenticationProcessingFilter;
import org.springframework.security.web.util.FilterChainProxy; import org.springframework.security.web.context.SecurityContextPersistenceFilter;
import org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter; import org.springframework.security.web.wrapper.SecurityContextHolderAwareRequestFilter;
/** /**
* Tests {@link FilterChainProxy}. * Tests {@link FilterChainProxy}.

20
config/src/test/resources/org/springframework/security/util/filtertest-valid.xml
Unescape View File

@ -24,14 +24,14 @@
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd"> http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
<bean id="mockFilter" class="org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter"/> <bean id="mockFilter" class="org.springframework.security.web.wrapper.SecurityContextHolderAwareRequestFilter"/>
<bean id="mockFilter2" class="org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter"/> <bean id="mockFilter2" class="org.springframework.security.web.wrapper.SecurityContextHolderAwareRequestFilter"/>
<!-- These are just here so we have filters of a specific type to check the ordering is as expected --> <!-- These are just here so we have filters of a specific type to check the ordering is as expected -->
<bean id="sif" class="org.springframework.security.context.web.SecurityContextPersistenceFilter"/> <bean id="sif" class="org.springframework.security.web.context.SecurityContextPersistenceFilter"/>
<bean id="apf" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter"> <bean id="apf" class="org.springframework.security.web.authentication.AuthenticationProcessingFilter">
<property name="authenticationManager"> <property name="authenticationManager">
<bean class="org.springframework.security.MockAuthenticationManager"/> <bean class="org.springframework.security.MockAuthenticationManager"/>
</property> </property>
@ -39,7 +39,7 @@ http://www.springframework.org/schema/security http://www.springframework.org/sc
<bean id="mockNotAFilter" class="org.springframework.security.util.MockNotAFilter"/> <bean id="mockNotAFilter" class="org.springframework.security.util.MockNotAFilter"/>
<bean id="filterChain" class="org.springframework.security.web.util.FilterChainProxy"> <bean id="filterChain" class="org.springframework.security.web.FilterChainProxy">
<sec:filter-chain-map path-type="ant"> <sec:filter-chain-map path-type="ant">
<sec:filter-chain pattern="/foo/**" filters="mockFilter"/> <sec:filter-chain pattern="/foo/**" filters="mockFilter"/>
<sec:filter-chain pattern="/some/other/path/**" filters="mockFilter"/> <sec:filter-chain pattern="/some/other/path/**" filters="mockFilter"/>
@ -48,7 +48,7 @@ http://www.springframework.org/schema/security http://www.springframework.org/sc
</bean> </bean>
<!-- TODO: Refactor to replace the above (SEC-1034: 'new' is now the only valid syntax) --> <!-- TODO: Refactor to replace the above (SEC-1034: 'new' is now the only valid syntax) -->
<bean id="newFilterChainProxy" class="org.springframework.security.web.util.FilterChainProxy"> <bean id="newFilterChainProxy" class="org.springframework.security.web.FilterChainProxy">
<sec:filter-chain-map path-type="ant"> <sec:filter-chain-map path-type="ant">
<sec:filter-chain pattern="/foo/**" filters="mockFilter"/> <sec:filter-chain pattern="/foo/**" filters="mockFilter"/>
<sec:filter-chain pattern="/some/other/path/**" filters="sif,mockFilter,mockFilter2"/> <sec:filter-chain pattern="/some/other/path/**" filters="sif,mockFilter,mockFilter2"/>
@ -57,14 +57,14 @@ http://www.springframework.org/schema/security http://www.springframework.org/sc
</sec:filter-chain-map> </sec:filter-chain-map>
</bean> </bean>
<bean id="newFilterChainProxyNoDefaultPath" class="org.springframework.security.web.util.FilterChainProxy"> <bean id="newFilterChainProxyNoDefaultPath" class="org.springframework.security.web.FilterChainProxy">
<sec:filter-chain-map path-type="ant"> <sec:filter-chain-map path-type="ant">
<sec:filter-chain pattern="/foo/**" filters="mockFilter"/> <sec:filter-chain pattern="/foo/**" filters="mockFilter"/>
<sec:filter-chain pattern="/*.bar" filters="mockFilter,mockFilter2"/> <sec:filter-chain pattern="/*.bar" filters="mockFilter,mockFilter2"/>
</sec:filter-chain-map> </sec:filter-chain-map>
</bean> </bean>
<bean id="newFilterChainProxyWrongPathOrder" class="org.springframework.security.web.util.FilterChainProxy"> <bean id="newFilterChainProxyWrongPathOrder" class="org.springframework.security.web.FilterChainProxy">
<sec:filter-chain-map path-type="ant"> <sec:filter-chain-map path-type="ant">
<sec:filter-chain pattern="/foo/**" filters="mockFilter"/> <sec:filter-chain pattern="/foo/**" filters="mockFilter"/>
<sec:filter-chain pattern="/**" filters="sif,apf,mockFilter"/> <sec:filter-chain pattern="/**" filters="sif,apf,mockFilter"/>
@ -72,7 +72,7 @@ http://www.springframework.org/schema/security http://www.springframework.org/sc
</sec:filter-chain-map> </sec:filter-chain-map>
</bean> </bean>
<bean id="newFilterChainProxyRegex" class="org.springframework.security.web.util.FilterChainProxy"> <bean id="newFilterChainProxyRegex" class="org.springframework.security.web.FilterChainProxy">
<sec:filter-chain-map path-type="regex"> <sec:filter-chain-map path-type="regex">
<sec:filter-chain pattern="\A/foo/.*\Z" filters="mockFilter"/> <sec:filter-chain pattern="\A/foo/.*\Z" filters="mockFilter"/>
<sec:filter-chain pattern="\A/s[oO]me/other/path/.*\Z" filters="sif,mockFilter,mockFilter2"/> <sec:filter-chain pattern="\A/s[oO]me/other/path/.*\Z" filters="sif,mockFilter,mockFilter2"/>
@ -81,7 +81,7 @@ http://www.springframework.org/schema/security http://www.springframework.org/sc
</sec:filter-chain-map> </sec:filter-chain-map>
</bean> </bean>
<bean id="newFilterChainProxyNonNamespace" class="org.springframework.security.web.util.FilterChainProxy"> <bean id="newFilterChainProxyNonNamespace" class="org.springframework.security.web.FilterChainProxy">
<property name="matcher"> <property name="matcher">
<bean class="org.springframework.security.util.AntUrlPathMatcher"/> <bean class="org.springframework.security.util.AntUrlPathMatcher"/>
</property> </property>

2
core/src/main/java/org/springframework/security/ui/AuthenticationDetails.java → core/src/main/java/org/springframework/security/AuthenticationDetails.java
Unescape View File

@ -1,4 +1,4 @@
package org.springframework.security.ui; package org.springframework.security;
import java.io.Serializable; import java.io.Serializable;

2
core/src/main/java/org/springframework/security/ui/AuthenticationDetailsSource.java → core/src/main/java/org/springframework/security/AuthenticationDetailsSource.java
Unescape View File

@ -13,7 +13,7 @@
* limitations under the License. * limitations under the License.
*/ */
package org.springframework.security.ui; package org.springframework.security;

4
core/src/main/java/org/springframework/security/ui/AuthenticationDetailsSourceImpl.java → core/src/main/java/org/springframework/security/AuthenticationDetailsSourceImpl.java
Unescape View File

@ -1,8 +1,8 @@
package org.springframework.security.ui; package org.springframework.security;
import java.lang.reflect.Constructor; import java.lang.reflect.Constructor;
import org.springframework.security.ui.AuthenticationDetailsSource; import org.springframework.security.AuthenticationDetailsSource;
import org.springframework.util.Assert; import org.springframework.util.Assert;
import org.springframework.util.ReflectionUtils; import org.springframework.util.ReflectionUtils;

4
core/src/main/java/org/springframework/security/AuthenticationTrustResolverImpl.java
Unescape View File

@ -15,8 +15,8 @@
package org.springframework.security; package org.springframework.security;
import org.springframework.security.providers.anonymous.AnonymousAuthenticationToken; import org.springframework.security.providers.AnonymousAuthenticationToken;
import org.springframework.security.providers.rememberme.RememberMeAuthenticationToken; import org.springframework.security.providers.RememberMeAuthenticationToken;
/** /**

5
core/src/main/java/org/springframework/security/expression/support/AbstractSecurityExpressionHandler.java
Unescape View File

@ -0,0 +1,5 @@
package org.springframework.security.expression.support;
public class AbstractSecurityExpressionHandler {
}

3
core/src/main/java/org/springframework/security/providers/anonymous/AnonymousAuthenticationProvider.java → core/src/main/java/org/springframework/security/providers/AnonymousAuthenticationProvider.java
Unescape View File

@ -13,7 +13,7 @@
* limitations under the License. * limitations under the License.
*/ */
package org.springframework.security.providers.anonymous; package org.springframework.security.providers;
import org.springframework.beans.factory.InitializingBean; import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.MessageSource; import org.springframework.context.MessageSource;
@ -23,7 +23,6 @@ import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationException; import org.springframework.security.AuthenticationException;
import org.springframework.security.BadCredentialsException; import org.springframework.security.BadCredentialsException;
import org.springframework.security.SpringSecurityMessageSource; import org.springframework.security.SpringSecurityMessageSource;
import org.springframework.security.providers.AuthenticationProvider;
import org.springframework.util.Assert; import org.springframework.util.Assert;

3
core/src/main/java/org/springframework/security/providers/anonymous/AnonymousAuthenticationToken.java → core/src/main/java/org/springframework/security/providers/AnonymousAuthenticationToken.java
Unescape View File

@ -13,11 +13,10 @@
* limitations under the License. * limitations under the License.
*/ */
package org.springframework.security.providers.anonymous; package org.springframework.security.providers;
import org.springframework.security.GrantedAuthority; import org.springframework.security.GrantedAuthority;
import org.springframework.security.providers.AbstractAuthenticationToken;
import java.io.Serializable; import java.io.Serializable;
import java.util.Arrays; import java.util.Arrays;

3
core/src/main/java/org/springframework/security/providers/rememberme/RememberMeAuthenticationProvider.java → core/src/main/java/org/springframework/security/providers/RememberMeAuthenticationProvider.java
Unescape View File

@ -13,7 +13,7 @@
* limitations under the License. * limitations under the License.
*/ */
package org.springframework.security.providers.rememberme; package org.springframework.security.providers;
import org.springframework.beans.factory.InitializingBean; import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.MessageSource; import org.springframework.context.MessageSource;
@ -23,7 +23,6 @@ import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationException; import org.springframework.security.AuthenticationException;
import org.springframework.security.BadCredentialsException; import org.springframework.security.BadCredentialsException;
import org.springframework.security.SpringSecurityMessageSource; import org.springframework.security.SpringSecurityMessageSource;
import org.springframework.security.providers.AuthenticationProvider;
import org.springframework.util.Assert; import org.springframework.util.Assert;

3
core/src/main/java/org/springframework/security/providers/rememberme/RememberMeAuthenticationToken.java → core/src/main/java/org/springframework/security/providers/RememberMeAuthenticationToken.java
Unescape View File

@ -13,14 +13,13 @@
* limitations under the License. * limitations under the License.
*/ */
package org.springframework.security.providers.rememberme; package org.springframework.security.providers;
import java.io.Serializable; import java.io.Serializable;
import java.util.Arrays; import java.util.Arrays;
import java.util.List; import java.util.List;
import org.springframework.security.GrantedAuthority; import org.springframework.security.GrantedAuthority;
import org.springframework.security.providers.AbstractAuthenticationToken;
/** /**

7
core/src/main/java/org/springframework/security/providers/anonymous/package.html
Unescape View File

@ -1,7 +0,0 @@
<html>
<body>
Allows you to secure every invocation (especially useful for web request
URI security) by always having either an actual principal or an anonymous
principal authenticated.
</body>
</html>

3
core/src/main/java/org/springframework/security/providers/dao/AbstractUserDetailsAuthenticationProvider.java
Unescape View File

@ -26,12 +26,13 @@ import org.springframework.security.LockedException;
import org.springframework.security.providers.AuthenticationProvider; import org.springframework.security.providers.AuthenticationProvider;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken; import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
import org.springframework.security.providers.dao.cache.NullUserCache;
import org.springframework.security.userdetails.UserCache;
import org.springframework.security.userdetails.UserDetails; import org.springframework.security.userdetails.UserDetails;
import org.springframework.security.userdetails.UserDetailsService; import org.springframework.security.userdetails.UserDetailsService;
import org.springframework.security.userdetails.UsernameNotFoundException; import org.springframework.security.userdetails.UsernameNotFoundException;
import org.springframework.security.userdetails.UserDetailsChecker; import org.springframework.security.userdetails.UserDetailsChecker;
import org.springframework.security.userdetails.cache.NullUserCache;
import org.springframework.beans.factory.InitializingBean; import org.springframework.beans.factory.InitializingBean;

5
core/src/main/java/org/springframework/security/providers/rememberme/package.html
Unescape View File

@ -1,5 +0,0 @@
<html>
<body>
Authentication provider that processes <code>RememberMeAuthenticationToken</code>s.
</body>
</html>

4
core/src/main/java/org/springframework/security/providers/dao/UserCache.java → core/src/main/java/org/springframework/security/userdetails/UserCache.java
Unescape View File

@ -13,10 +13,8 @@
* limitations under the License. * limitations under the License.
*/ */
package org.springframework.security.providers.dao; package org.springframework.security.userdetails;
import org.springframework.security.userdetails.User;
import org.springframework.security.userdetails.UserDetails;
/** /**

4
core/src/main/java/org/springframework/security/providers/dao/cache/EhCacheBasedUserCache.java → core/src/main/java/org/springframework/security/userdetails/cache/EhCacheBasedUserCache.java vendored
Unescape View File

@ -13,14 +13,14 @@
* limitations under the License. * limitations under the License.
*/ */
package org.springframework.security.providers.dao.cache; package org.springframework.security.userdetails.cache;
import net.sf.ehcache.CacheException; import net.sf.ehcache.CacheException;
import net.sf.ehcache.Element; import net.sf.ehcache.Element;
import net.sf.ehcache.Ehcache; import net.sf.ehcache.Ehcache;
import org.springframework.security.providers.dao.UserCache;
import org.springframework.security.userdetails.UserCache;
import org.springframework.security.userdetails.UserDetails; import org.springframework.security.userdetails.UserDetails;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;

4
core/src/main/java/org/springframework/security/providers/dao/cache/NullUserCache.java → core/src/main/java/org/springframework/security/userdetails/cache/NullUserCache.java vendored
Unescape View File

@ -13,10 +13,10 @@
* limitations under the License. * limitations under the License.
*/ */
package org.springframework.security.providers.dao.cache; package org.springframework.security.userdetails.cache;
import org.springframework.security.providers.dao.UserCache;
import org.springframework.security.userdetails.UserCache;
import org.springframework.security.userdetails.UserDetails; import org.springframework.security.userdetails.UserDetails;

4
core/src/main/java/org/springframework/security/userdetails/jdbc/JdbcUserDetailsManager.java
Unescape View File

@ -9,11 +9,11 @@ import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.util.AuthorityUtils; import org.springframework.security.util.AuthorityUtils;
import org.springframework.security.context.SecurityContextHolder; import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken; import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
import org.springframework.security.providers.dao.UserCache; import org.springframework.security.userdetails.UserCache;
import org.springframework.security.providers.dao.cache.NullUserCache;
import org.springframework.security.userdetails.UserDetails; import org.springframework.security.userdetails.UserDetails;
import org.springframework.security.userdetails.UserDetailsManager; import org.springframework.security.userdetails.UserDetailsManager;
import org.springframework.security.userdetails.GroupManager; import org.springframework.security.userdetails.GroupManager;
import org.springframework.security.userdetails.cache.NullUserCache;
import org.springframework.context.ApplicationContextException; import org.springframework.context.ApplicationContextException;
import org.springframework.dao.IncorrectResultSizeDataAccessException; import org.springframework.dao.IncorrectResultSizeDataAccessException;
import org.springframework.jdbc.core.PreparedStatementSetter; import org.springframework.jdbc.core.PreparedStatementSetter;

4
web/src/test/java/org/springframework/security/ui/AuthenticationDetailsSourceImplTests.java → core/src/test/java/org/springframework/security/AuthenticationDetailsSourceImplTests.java
Unescape View File

@ -1,8 +1,10 @@
package org.springframework.security.ui; package org.springframework.security;
import static org.junit.Assert.*; import static org.junit.Assert.*;
import org.junit.Test; import org.junit.Test;
import org.springframework.security.AuthenticationDetails;
import org.springframework.security.AuthenticationDetailsSourceImpl;
import org.springframework.security.providers.TestingAuthenticationToken; import org.springframework.security.providers.TestingAuthenticationToken;
/** /**

4
core/src/test/java/org/springframework/security/AuthenticationTrustResolverImplTests.java
Unescape View File

@ -17,9 +17,9 @@ package org.springframework.security;
import junit.framework.TestCase; import junit.framework.TestCase;
import org.springframework.security.providers.AnonymousAuthenticationToken;
import org.springframework.security.providers.RememberMeAuthenticationToken;
import org.springframework.security.providers.TestingAuthenticationToken; import org.springframework.security.providers.TestingAuthenticationToken;
import org.springframework.security.providers.anonymous.AnonymousAuthenticationToken;
import org.springframework.security.providers.rememberme.RememberMeAuthenticationToken;
import org.springframework.security.util.AuthorityUtils; import org.springframework.security.util.AuthorityUtils;

2
core/src/test/java/org/springframework/security/providers/anonymous/AnonymousAuthenticationProviderTests.java
Unescape View File

@ -22,6 +22,8 @@ import org.springframework.security.BadCredentialsException;
import org.springframework.security.GrantedAuthority; import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl; import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.providers.AnonymousAuthenticationProvider;
import org.springframework.security.providers.AnonymousAuthenticationToken;
import org.springframework.security.providers.TestingAuthenticationToken; import org.springframework.security.providers.TestingAuthenticationToken;
import org.springframework.security.util.AuthorityUtils; import org.springframework.security.util.AuthorityUtils;

1
core/src/test/java/org/springframework/security/providers/anonymous/AnonymousAuthenticationTokenTests.java
Unescape View File

@ -20,6 +20,7 @@ import java.util.List;
import junit.framework.TestCase; import junit.framework.TestCase;
import org.springframework.security.GrantedAuthority; import org.springframework.security.GrantedAuthority;
import org.springframework.security.providers.AnonymousAuthenticationToken;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken; import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
import org.springframework.security.util.AuthorityUtils; import org.springframework.security.util.AuthorityUtils;

4
core/src/test/java/org/springframework/security/providers/dao/DaoAuthenticationProviderTests.java
Unescape View File

@ -30,8 +30,6 @@ import org.springframework.security.LockedException;
import org.springframework.security.providers.TestingAuthenticationToken; import org.springframework.security.providers.TestingAuthenticationToken;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken; import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
import org.springframework.security.providers.dao.cache.EhCacheBasedUserCache;
import org.springframework.security.providers.dao.cache.NullUserCache;
import org.springframework.security.providers.dao.salt.SystemWideSaltSource; import org.springframework.security.providers.dao.salt.SystemWideSaltSource;
import org.springframework.security.providers.encoding.ShaPasswordEncoder; import org.springframework.security.providers.encoding.ShaPasswordEncoder;
@ -39,6 +37,8 @@ import org.springframework.security.userdetails.User;
import org.springframework.security.userdetails.UserDetails; import org.springframework.security.userdetails.UserDetails;
import org.springframework.security.userdetails.UserDetailsService; import org.springframework.security.userdetails.UserDetailsService;
import org.springframework.security.userdetails.UsernameNotFoundException; import org.springframework.security.userdetails.UsernameNotFoundException;
import org.springframework.security.userdetails.cache.EhCacheBasedUserCache;
import org.springframework.security.userdetails.cache.NullUserCache;
import org.springframework.security.util.AuthorityUtils; import org.springframework.security.util.AuthorityUtils;
import org.springframework.dao.DataAccessException; import org.springframework.dao.DataAccessException;

1
core/src/test/java/org/springframework/security/providers/dao/MockUserCache.java
Unescape View File

@ -7,6 +7,7 @@ import java.util.HashMap;
import java.util.Map; import java.util.Map;
import org.springframework.security.userdetails.User; import org.springframework.security.userdetails.User;
import org.springframework.security.userdetails.UserCache;
import org.springframework.security.userdetails.UserDetails; import org.springframework.security.userdetails.UserDetails;
public class MockUserCache implements UserCache { public class MockUserCache implements UserCache {

1
core/src/test/java/org/springframework/security/providers/dao/cache/EhCacheBasedUserCacheTests.java vendored
Unescape View File

@ -25,6 +25,7 @@ import org.junit.AfterClass;
import org.junit.BeforeClass; import org.junit.BeforeClass;
import org.junit.Test; import org.junit.Test;
import org.springframework.security.userdetails.User; import org.springframework.security.userdetails.User;
import org.springframework.security.userdetails.cache.EhCacheBasedUserCache;
import org.springframework.security.util.AuthorityUtils; import org.springframework.security.util.AuthorityUtils;
/** /**

1
core/src/test/java/org/springframework/security/providers/dao/cache/NullUserCacheTests.java vendored
Unescape View File

@ -18,6 +18,7 @@ package org.springframework.security.providers.dao.cache;
import junit.framework.TestCase; import junit.framework.TestCase;
import org.springframework.security.userdetails.User; import org.springframework.security.userdetails.User;
import org.springframework.security.userdetails.cache.NullUserCache;
import org.springframework.security.util.AuthorityUtils; import org.springframework.security.util.AuthorityUtils;

2
core/src/test/java/org/springframework/security/providers/rememberme/RememberMeAuthenticationProviderTests.java
Unescape View File

@ -19,6 +19,8 @@ import junit.framework.TestCase;
import org.springframework.security.Authentication; import org.springframework.security.Authentication;
import org.springframework.security.BadCredentialsException; import org.springframework.security.BadCredentialsException;
import org.springframework.security.providers.RememberMeAuthenticationProvider;
import org.springframework.security.providers.RememberMeAuthenticationToken;
import org.springframework.security.providers.TestingAuthenticationToken; import org.springframework.security.providers.TestingAuthenticationToken;
import org.springframework.security.util.AuthorityUtils; import org.springframework.security.util.AuthorityUtils;

1
core/src/test/java/org/springframework/security/providers/rememberme/RememberMeAuthenticationTokenTests.java
Unescape View File

@ -21,6 +21,7 @@ import java.util.List;
import junit.framework.TestCase; import junit.framework.TestCase;
import org.springframework.security.GrantedAuthority; import org.springframework.security.GrantedAuthority;
import org.springframework.security.providers.RememberMeAuthenticationToken;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken; import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
import org.springframework.security.util.AuthorityUtils; import org.springframework.security.util.AuthorityUtils;

2
core/src/test/java/org/springframework/security/userdetails/jdbc/JdbcUserDetailsManagerTests.java
Unescape View File

@ -26,8 +26,8 @@ import org.springframework.security.PopulatedDatabase;
import org.springframework.security.TestDataSource; import org.springframework.security.TestDataSource;
import org.springframework.security.context.SecurityContextHolder; import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken; import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
import org.springframework.security.providers.dao.UserCache;
import org.springframework.security.userdetails.User; import org.springframework.security.userdetails.User;
import org.springframework.security.userdetails.UserCache;
import org.springframework.security.userdetails.UserDetails; import org.springframework.security.userdetails.UserDetails;
import org.springframework.security.util.AuthorityUtils; import org.springframework.security.util.AuthorityUtils;

4
core/src/test/java/org/springframework/security/vote/AuthenticatedVoterTests.java
Unescape View File

@ -22,9 +22,9 @@ import junit.framework.TestCase;
import org.springframework.security.Authentication; import org.springframework.security.Authentication;
import org.springframework.security.ConfigAttribute; import org.springframework.security.ConfigAttribute;
import org.springframework.security.SecurityConfig; import org.springframework.security.SecurityConfig;
import org.springframework.security.providers.AnonymousAuthenticationToken;
import org.springframework.security.providers.RememberMeAuthenticationToken;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken; import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
import org.springframework.security.providers.anonymous.AnonymousAuthenticationToken;
import org.springframework.security.providers.rememberme.RememberMeAuthenticationToken;
import org.springframework.security.util.AuthorityUtils; import org.springframework.security.util.AuthorityUtils;

4
itest/context/src/test/java/org/springframework/security/performance/FilterChainPerformanceTests.java
Unescape View File

@ -19,9 +19,9 @@ import org.springframework.mock.web.MockHttpSession;
import org.springframework.security.GrantedAuthority; import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl; import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.context.SecurityContextHolder; import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.context.web.HttpSessionSecurityContextRepository;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken; import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
import org.springframework.security.web.util.FilterChainProxy; import org.springframework.security.web.FilterChainProxy;
import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.util.StopWatch; import org.springframework.util.StopWatch;

24
itest/context/src/test/resources/filter-chain-performance-app-context.xml
Unescape View File

@ -11,13 +11,13 @@
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd"> http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
<bean id="fcpMinimalStack" class="org.springframework.security.web.util.FilterChainProxy"> <bean id="fcpMinimalStack" class="org.springframework.security.web.FilterChainProxy">
<sec:filter-chain-map path-type="ant"> <sec:filter-chain-map path-type="ant">
<sec:filter-chain pattern="/**" filters="scpf,preAuthFilter,etf,fsi"/> <sec:filter-chain pattern="/**" filters="scpf,preAuthFilter,etf,fsi"/>
</sec:filter-chain-map> </sec:filter-chain-map>
</bean> </bean>
<bean id="fcpFullStack" class="org.springframework.security.web.util.FilterChainProxy"> <bean id="fcpFullStack" class="org.springframework.security.web.FilterChainProxy">
<sec:filter-chain-map path-type="ant"> <sec:filter-chain-map path-type="ant">
<sec:filter-chain pattern="/**" filters="scpf,preAuthFilter,apf,basicPf,logoutFilter,scharf,etf,fsi"/> <sec:filter-chain pattern="/**" filters="scpf,preAuthFilter,apf,basicPf,logoutFilter,scharf,etf,fsi"/>
</sec:filter-chain-map> </sec:filter-chain-map>
@ -37,36 +37,36 @@
<sec:user name="bob" password="bobspassword" authorities="ROLE_0,ROLE_1"/> <sec:user name="bob" password="bobspassword" authorities="ROLE_0,ROLE_1"/>
</sec:user-service> </sec:user-service>
<bean id="scpf" class="org.springframework.security.context.web.SecurityContextPersistenceFilter"/> <bean id="scpf" class="org.springframework.security.web.context.SecurityContextPersistenceFilter"/>
<bean id="apf" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter"> <bean id="apf" class="org.springframework.security.web.authentication.AuthenticationProcessingFilter">
<property name="authenticationManager" ref="authenticationManager"/> <property name="authenticationManager" ref="authenticationManager"/>
</bean> </bean>
<bean id="basicPf" class="org.springframework.security.ui.basicauth.BasicProcessingFilter"> <bean id="basicPf" class="org.springframework.security.web.authentication.www.BasicProcessingFilter">
<property name="authenticationManager" ref="authenticationManager"/> <property name="authenticationManager" ref="authenticationManager"/>
<property name="ignoreFailure" value="true"/> <property name="ignoreFailure" value="true"/>
</bean> </bean>
<bean id="preAuthFilter" class="org.springframework.security.ui.preauth.header.RequestHeaderPreAuthenticatedProcessingFilter"> <bean id="preAuthFilter" class="org.springframework.security.web.authentication.preauth.RequestHeaderPreAuthenticatedProcessingFilter">
<property name="authenticationManager" ref="authenticationManager"/> <property name="authenticationManager" ref="authenticationManager"/>
</bean> </bean>
<bean id="scharf" class="org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter" /> <bean id="scharf" class="org.springframework.security.web.wrapper.SecurityContextHolderAwareRequestFilter" />
<bean id="preAuthenticatedProcessingFilterEntryPoint" <bean id="preAuthenticatedProcessingFilterEntryPoint"
class="org.springframework.security.ui.preauth.PreAuthenticatedProcessingFilterEntryPoint"/> class="org.springframework.security.web.authentication.preauth.PreAuthenticatedProcessingFilterEntryPoint"/>
<bean id="logoutFilter" class="org.springframework.security.ui.logout.LogoutFilter"> <bean id="logoutFilter" class="org.springframework.security.web.logout.LogoutFilter">
<constructor-arg value="/"/> <constructor-arg value="/"/>
<constructor-arg> <constructor-arg>
<list> <list>
<bean class="org.springframework.security.ui.logout.SecurityContextLogoutHandler"/> <bean class="org.springframework.security.web.logout.SecurityContextLogoutHandler"/>
</list> </list>
</constructor-arg> </constructor-arg>
</bean> </bean>
<bean id="etf" class="org.springframework.security.ui.ExceptionTranslationFilter"> <bean id="etf" class="org.springframework.security.web.ExceptionTranslationFilter">
<property name="authenticationEntryPoint" ref="preAuthenticatedProcessingFilterEntryPoint"/> <property name="authenticationEntryPoint" ref="preAuthenticatedProcessingFilterEntryPoint"/>
</bean> </bean>
@ -88,7 +88,7 @@
</property> </property>
</bean> </bean>
<bean id="fsi" class="org.springframework.security.intercept.web.FilterSecurityInterceptor"> <bean id="fsi" class="org.springframework.security.web.intercept.FilterSecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager"/> <property name="authenticationManager" ref="authenticationManager"/>
<property name="accessDecisionManager" ref="accessDecisionManager"/> <property name="accessDecisionManager" ref="accessDecisionManager"/>
<property name="securityMetadataSource"> <property name="securityMetadataSource">

6
itest/web/src/main/webapp/WEB-INF/custom-filters.xml
Unescape View File

@ -7,13 +7,13 @@
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.2.xsd"> http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.2.xsd">
<!-- A second APF in addition to the standard namespace one --> <!-- A second APF in addition to the standard namespace one -->
<bean name="formLoginFilter2" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter"> <bean name="formLoginFilter2" class="org.springframework.security.authentication.AuthenticationProcessingFilter">
<sec:custom-filter after="AUTHENTICATION_PROCESSING_FILTER"/> <sec:custom-filter after="AUTHENTICATION_PROCESSING_FILTER"/>
<property name="filterProcessesUrl" value="/j_spring_security_check_2"/> <property name="filterProcessesUrl" value="/j_spring_security_check_2"/>
</bean> </bean>
<bean name="switchUserFilter" class="org.springframework.security.ui.switchuser.SwitchUserProcessingFilter"> <bean name="switchUserFilter" class="org.springframework.security.web.authentication.switchuser.SwitchUserProcessingFilter">
<sec:custom-filter position="SWITCH_USER_FILTER"/> <sec:custom-filter position="SWITCH_USER_FILTER"/>
</bean> </bean>
</beans> </beans>

10
itest/web/src/main/webapp/WEB-INF/http-security.xml
Unescape View File

@ -6,13 +6,13 @@
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.2.xsd"> http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.2.xsd">
<!-- <!--
Http App Context to test form login, remember-me and concurrent session control. Http App Context to test form login, remember-me and concurrent session control.
Needs to be supplemented with authentication provider(s) Needs to be supplemented with authentication provider(s)
--> -->
<http> <http>
<intercept-url pattern="/login.jsp*" filters="none" /> <intercept-url pattern="/login.jsp*" filters="none" />
<intercept-url pattern="/secure/**" access="ROLE_DEVELOPER,ROLE_USER" /> <intercept-url pattern="/secure/**" access="ROLE_DEVELOPER,ROLE_USER" />
<intercept-url pattern="/**" access="ROLE_DEVELOPER,ROLE_USER" /> <intercept-url pattern="/**" access="ROLE_DEVELOPER,ROLE_USER" />
@ -27,8 +27,8 @@
<remember-me key="doesntmatter" token-repository-ref="tokenRepo"/> <remember-me key="doesntmatter" token-repository-ref="tokenRepo"/>
</http> </http>
<beans:bean name="tokenRepo" class="org.springframework.security.ui.rememberme.InMemoryTokenRepositoryImpl"/> <beans:bean name="tokenRepo" class="org.springframework.security.web.authentication.rememberme.InMemoryTokenRepositoryImpl"/>
<!-- bean name="rememberMeServices" class="org.springframework.security.ui.rememberme.NullRememberMeServices"/ --> <!-- bean name="rememberMeServices" class="org.springframework.security.ui.rememberme.NullRememberMeServices"/ -->
</beans:beans> </beans:beans>

2
ldap/src/main/java/org/springframework/security/ldap/SpringSecurityAuthenticationSource.java
Unescape View File

@ -2,7 +2,7 @@ package org.springframework.security.ldap;
import org.springframework.security.Authentication; import org.springframework.security.Authentication;
import org.springframework.security.context.SecurityContextHolder; import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.providers.anonymous.AnonymousAuthenticationToken; import org.springframework.security.providers.AnonymousAuthenticationToken;
import org.springframework.security.userdetails.ldap.LdapUserDetails; import org.springframework.security.userdetails.ldap.LdapUserDetails;
import org.springframework.ldap.core.AuthenticationSource; import org.springframework.ldap.core.AuthenticationSource;

2
ldap/src/test/java/org/springframework/security/ldap/SpringSecurityAuthenticationSourceTests.java
Unescape View File

@ -1,8 +1,8 @@
package org.springframework.security.ldap; package org.springframework.security.ldap;
import org.springframework.security.context.SecurityContextHolder; import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.providers.AnonymousAuthenticationToken;
import org.springframework.security.providers.TestingAuthenticationToken; import org.springframework.security.providers.TestingAuthenticationToken;
import org.springframework.security.providers.anonymous.AnonymousAuthenticationToken;
import org.springframework.security.userdetails.ldap.LdapUserDetailsImpl; import org.springframework.security.userdetails.ldap.LdapUserDetailsImpl;
import org.springframework.security.util.AuthorityUtils; import org.springframework.security.util.AuthorityUtils;
import org.springframework.ldap.core.AuthenticationSource; import org.springframework.ldap.core.AuthenticationSource;

12
ntlm/src/main/java/org/springframework/security/ui/ntlm/NtlmProcessingFilter.java
Unescape View File

@ -17,18 +17,18 @@ package org.springframework.security.ui.ntlm;
import org.springframework.security.Authentication; import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationCredentialsNotFoundException; import org.springframework.security.AuthenticationCredentialsNotFoundException;
import org.springframework.security.AuthenticationDetailsSource;
import org.springframework.security.AuthenticationException; import org.springframework.security.AuthenticationException;
import org.springframework.security.AuthenticationManager; import org.springframework.security.AuthenticationManager;
import org.springframework.security.BadCredentialsException; import org.springframework.security.BadCredentialsException;
import org.springframework.security.InsufficientAuthenticationException; import org.springframework.security.InsufficientAuthenticationException;
import org.springframework.security.context.SecurityContextHolder; import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.providers.AnonymousAuthenticationToken;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken; import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
import org.springframework.security.providers.anonymous.AnonymousAuthenticationToken; import org.springframework.security.web.FilterChainOrder;
import org.springframework.security.ui.SpringSecurityFilter; import org.springframework.security.web.SpringSecurityFilter;
import org.springframework.security.ui.FilterChainOrder; import org.springframework.security.web.WebAuthenticationDetailsSource;
import org.springframework.security.ui.AuthenticationDetailsSource; import org.springframework.security.web.authentication.AuthenticationProcessingFilter;
import org.springframework.security.ui.WebAuthenticationDetailsSource;
import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;
import org.springframework.beans.factory.InitializingBean; import org.springframework.beans.factory.InitializingBean;
import org.springframework.util.Assert; import org.springframework.util.Assert;

2
ntlm/src/main/java/org/springframework/security/ui/ntlm/NtlmProcessingFilterEntryPoint.java
Unescape View File

@ -22,7 +22,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import org.springframework.security.AuthenticationException; import org.springframework.security.AuthenticationException;
import org.springframework.security.ui.AuthenticationEntryPoint; import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.util.Assert; import org.springframework.util.Assert;
/** /**

2
openid/src/main/java/org/springframework/security/providers/openid/AuthenticationCancelledException.java → openid/src/main/java/org/springframework/security/openid/AuthenticationCancelledException.java
Unescape View File

@ -12,7 +12,7 @@
* See the License for the specific language governing permissions and * See the License for the specific language governing permissions and
* limitations under the License. * limitations under the License.
*/ */
package org.springframework.security.providers.openid; package org.springframework.security.openid;
import org.springframework.security.AuthenticationException; import org.springframework.security.AuthenticationException;

8
openid/src/main/java/org/springframework/security/ui/openid/consumers/OpenID4JavaConsumer.java → openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java
Unescape View File

@ -12,13 +12,7 @@
* See the License for the specific language governing permissions and * See the License for the specific language governing permissions and
* limitations under the License. * limitations under the License.
*/ */
package org.springframework.security.ui.openid.consumers; package org.springframework.security.openid;
import org.springframework.security.providers.openid.OpenIDAuthenticationStatus;
import org.springframework.security.providers.openid.OpenIDAuthenticationToken;
import org.springframework.security.ui.openid.OpenIDConsumer;
import org.springframework.security.ui.openid.OpenIDConsumerException;
import org.openid4java.association.AssociationException; import org.openid4java.association.AssociationException;

11
openid/src/main/java/org/springframework/security/ui/openid/OpenIDAuthenticationProcessingFilter.java → openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationProcessingFilter.java
Unescape View File

@ -13,7 +13,7 @@
* limitations under the License. * limitations under the License.
*/ */
package org.springframework.security.ui.openid; package org.springframework.security.openid;
import java.io.IOException; import java.io.IOException;
import java.net.MalformedURLException; import java.net.MalformedURLException;
@ -28,12 +28,9 @@ import javax.servlet.http.HttpSession;
import org.springframework.security.Authentication; import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationException; import org.springframework.security.AuthenticationException;
import org.springframework.security.AuthenticationServiceException; import org.springframework.security.AuthenticationServiceException;
import org.springframework.security.providers.openid.OpenIDAuthenticationProvider; import org.springframework.security.web.FilterChainOrder;
import org.springframework.security.providers.openid.OpenIDAuthenticationToken; import org.springframework.security.web.authentication.AbstractProcessingFilter;
import org.springframework.security.ui.AbstractProcessingFilter; import org.springframework.security.web.authentication.AuthenticationProcessingFilter;
import org.springframework.security.ui.FilterChainOrder;
import org.springframework.security.ui.openid.consumers.OpenID4JavaConsumer;
import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;
import org.springframework.util.StringUtils; import org.springframework.util.StringUtils;

2
openid/src/main/java/org/springframework/security/providers/openid/OpenIDAuthenticationProvider.java → openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationProvider.java
Unescape View File

@ -12,7 +12,7 @@
* See the License for the specific language governing permissions and * See the License for the specific language governing permissions and
* limitations under the License. * limitations under the License.
*/ */
package org.springframework.security.providers.openid; package org.springframework.security.openid;
import org.springframework.beans.factory.InitializingBean; import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.Authentication; import org.springframework.security.Authentication;

2
openid/src/main/java/org/springframework/security/providers/openid/OpenIDAuthenticationStatus.java → openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationStatus.java
Unescape View File

@ -12,7 +12,7 @@
* See the License for the specific language governing permissions and * See the License for the specific language governing permissions and
* limitations under the License. * limitations under the License.
*/ */
package org.springframework.security.providers.openid; package org.springframework.security.openid;
import java.io.ObjectStreamException; import java.io.ObjectStreamException;
import java.io.Serializable; import java.io.Serializable;

2
openid/src/main/java/org/springframework/security/providers/openid/OpenIDAuthenticationToken.java → openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationToken.java
Unescape View File

@ -12,7 +12,7 @@
* See the License for the specific language governing permissions and * See the License for the specific language governing permissions and
* limitations under the License. * limitations under the License.
*/ */
package org.springframework.security.providers.openid; package org.springframework.security.openid;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.List; import java.util.List;

3
openid/src/main/java/org/springframework/security/ui/openid/OpenIDConsumer.java → openid/src/main/java/org/springframework/security/openid/OpenIDConsumer.java
Unescape View File

@ -12,9 +12,8 @@
* See the License for the specific language governing permissions and * See the License for the specific language governing permissions and
* limitations under the License. * limitations under the License.
*/ */
package org.springframework.security.ui.openid; package org.springframework.security.openid;
import org.springframework.security.providers.openid.OpenIDAuthenticationToken;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;

2
openid/src/main/java/org/springframework/security/ui/openid/OpenIDConsumerException.java → openid/src/main/java/org/springframework/security/openid/OpenIDConsumerException.java
Unescape View File

@ -12,7 +12,7 @@
* See the License for the specific language governing permissions and * See the License for the specific language governing permissions and
* limitations under the License. * limitations under the License.
*/ */
package org.springframework.security.ui.openid; package org.springframework.security.openid;
/** /**
* Thrown by an OpenIDConsumer if it cannot process a request * Thrown by an OpenIDConsumer if it cannot process a request

0
openid/src/main/java/org/springframework/security/ui/openid/package.html → openid/src/main/java/org/springframework/security/openid/package.html
Unescape View File

6
openid/src/main/java/org/springframework/security/providers/openid/package.html
Unescape View File

@ -1,6 +0,0 @@
<html>
<body>
An authentication provider that can process <a href="http://openid.net">OpenID</a>
Authentication Tokens as created by implementations of the OpenIDConsumer interface.
</body>
</html>

5
openid/src/main/java/org/springframework/security/ui/openid/consumers/package.html
Unescape View File

@ -1,5 +0,0 @@
<html>
<body>
Implementations of the OpenIDConsumer interface using 3rd party libraries.
</body>
</html>

8
openid/src/test/java/org/springframework/security/ui/openid/consumers/MockOpenIDConsumer.java → openid/src/test/java/org/springframework/security/openid/MockOpenIDConsumer.java
Unescape View File

@ -12,11 +12,11 @@
* See the License for the specific language governing permissions and * See the License for the specific language governing permissions and
* limitations under the License. * limitations under the License.
*/ */
package org.springframework.security.ui.openid.consumers; package org.springframework.security.openid;
import org.springframework.security.providers.openid.OpenIDAuthenticationToken; import org.springframework.security.openid.OpenIDAuthenticationToken;
import org.springframework.security.ui.openid.OpenIDConsumer; import org.springframework.security.openid.OpenIDConsumer;
import org.springframework.security.ui.openid.OpenIDConsumerException; import org.springframework.security.openid.OpenIDConsumerException;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;

7
openid/src/test/java/org/springframework/security/ui/openid/OpenIDAuthenticationProcessingFilterTests.java → openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationProcessingFilterTests.java
Unescape View File

@ -1,4 +1,4 @@
package org.springframework.security.ui.openid; package org.springframework.security.openid;
import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertEquals;
import static org.mockito.Matchers.any; import static org.mockito.Matchers.any;
@ -13,8 +13,9 @@ import org.junit.Test;
import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse; import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.MockAuthenticationManager; import org.springframework.security.MockAuthenticationManager;
import org.springframework.security.ui.SavedRequestAwareAuthenticationSuccessHandler; import org.springframework.security.openid.OpenIDAuthenticationProcessingFilter;
import org.springframework.security.ui.openid.consumers.MockOpenIDConsumer; import org.springframework.security.openid.OpenIDConsumerException;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
public class OpenIDAuthenticationProcessingFilterTests { public class OpenIDAuthenticationProcessingFilterTests {

6
openid/src/test/java/org/springframework/security/providers/openid/OpenIDAuthenticationProviderTests.java → openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationProviderTests.java
Unescape View File

@ -12,7 +12,7 @@
* See the License for the specific language governing permissions and * See the License for the specific language governing permissions and
* limitations under the License. * limitations under the License.
*/ */
package org.springframework.security.providers.openid; package org.springframework.security.openid;
import junit.framework.TestCase; import junit.framework.TestCase;
import org.springframework.security.Authentication; import org.springframework.security.Authentication;
@ -23,6 +23,10 @@ import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl; import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.userdetails.UserDetails; import org.springframework.security.userdetails.UserDetails;
import org.springframework.security.userdetails.User; import org.springframework.security.userdetails.User;
import org.springframework.security.openid.AuthenticationCancelledException;
import org.springframework.security.openid.OpenIDAuthenticationProvider;
import org.springframework.security.openid.OpenIDAuthenticationStatus;
import org.springframework.security.openid.OpenIDAuthenticationToken;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken; import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
import org.springframework.security.userdetails.UserDetailsService; import org.springframework.security.userdetails.UserDetailsService;

5
openid/src/test/java/org/springframework/security/providers/openid/OpenIDAuthenticationTokenTests.java → openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationTokenTests.java
Unescape View File

@ -12,7 +12,10 @@
* See the License for the specific language governing permissions and * See the License for the specific language governing permissions and
* limitations under the License. * limitations under the License.
*/ */
package org.springframework.security.providers.openid; package org.springframework.security.openid;
import org.springframework.security.openid.OpenIDAuthenticationStatus;
import org.springframework.security.openid.OpenIDAuthenticationToken;
import junit.framework.TestCase; import junit.framework.TestCase;

4
portlet/src/main/java/org/springframework/security/ui/portlet/PortletProcessingInterceptor.java
Unescape View File

@ -31,14 +31,14 @@ import javax.portlet.RenderRequest;
import javax.portlet.RenderResponse; import javax.portlet.RenderResponse;
import org.springframework.security.Authentication; import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationDetailsSource;
import org.springframework.security.AuthenticationDetailsSourceImpl;
import org.springframework.security.AuthenticationException; import org.springframework.security.AuthenticationException;
import org.springframework.security.AuthenticationManager; import org.springframework.security.AuthenticationManager;
import org.springframework.security.context.SecurityContext; import org.springframework.security.context.SecurityContext;
import org.springframework.security.context.SecurityContextHolder; import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationToken; import org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationToken;
import org.springframework.security.ui.AbstractProcessingFilter; import org.springframework.security.ui.AbstractProcessingFilter;
import org.springframework.security.ui.AuthenticationDetailsSource;
import org.springframework.security.ui.AuthenticationDetailsSourceImpl;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean; import org.springframework.beans.factory.InitializingBean;

2
samples/contacts/src/main/webapp/WEB-INF/applicationContext-security.xml
Unescape View File

@ -43,7 +43,7 @@
<!-- Filter used to switch the user context. Note: the switch and exit url must be secured <!-- Filter used to switch the user context. Note: the switch and exit url must be secured
based on the role granted the ability to 'switch' to another user --> based on the role granted the ability to 'switch' to another user -->
<!-- In this example 'rod' has ROLE_SUPERVISOR that can switch to regular ROLE_USER(s) --> <!-- In this example 'rod' has ROLE_SUPERVISOR that can switch to regular ROLE_USER(s) -->
<b:bean id="switchUserProcessingFilter" class="org.springframework.security.ui.switchuser.SwitchUserProcessingFilter" autowire="byType"> <b:bean id="switchUserProcessingFilter" class="org.springframework.security.web.authentication.switchuser.SwitchUserProcessingFilter" autowire="byType">
<custom-filter position="SWITCH_USER_FILTER"/> <custom-filter position="SWITCH_USER_FILTER"/>
<b:property name="targetUrl" value="/secure/index.htm"/> <b:property name="targetUrl" value="/secure/index.htm"/>
</b:bean> </b:bean>

9
samples/contacts/src/main/webapp/WEB-INF/web.xml
Unescape View File

@ -60,15 +60,6 @@
<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class> <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
</listener> </listener>
<!--
The HttpSessionEventPublisher will publish
HttpSessionCreatedEvent and HttpSessionDestroyedEvent
to the WebApplicationContext
-->
<listener>
<listener-class>org.springframework.security.ui.session.HttpSessionEventPublisher</listener-class>
</listener>
<!-- <!--
- Provides core MVC application controller. See contacts-servlet.xml. - Provides core MVC application controller. See contacts-servlet.xml.
--> -->

2
samples/dms/src/main/resources/applicationContext-dms-secure.xml
Unescape View File

@ -73,7 +73,7 @@
<property name="cacheName" value="userCache"/> <property name="cacheName" value="userCache"/>
</bean> </bean>
<bean id="userCache" class="org.springframework.security.providers.dao.cache.EhCacheBasedUserCache"> <bean id="userCache" class="org.springframework.security.userdetails.cache.EhCacheBasedUserCache">
<property name="cache" ref="userCacheBackend"/> <property name="cache" ref="userCacheBackend"/>
</bean> </bean>

10
samples/ldap/pom.xml
Unescape View File

@ -15,6 +15,16 @@
<artifactId>spring-security-ldap</artifactId> <artifactId>spring-security-ldap</artifactId>
<version>${project.version}</version> <version>${project.version}</version>
</dependency> </dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${project.version}</version>
</dependency>
<dependency> <dependency>
<groupId>org.springframework</groupId> <groupId>org.springframework</groupId>
<artifactId>org.springframework.web</artifactId> <artifactId>org.springframework.web</artifactId>

8
samples/ldap/src/main/webapp/WEB-INF/web.xml
Unescape View File

@ -46,12 +46,4 @@
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener> </listener>
<!--
- Publishes events for session creation and destruction through the application
- context. Optional unless concurrent session control is being used.
-->
<listener>
<listener-class>org.springframework.security.ui.session.HttpSessionEventPublisher</listener-class>
</listener>
</web-app> </web-app>

20
samples/preauth/pom.xml
Unescape View File

@ -14,29 +14,30 @@
<groupId>org.springframework.security</groupId> <groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId> <artifactId>spring-security-core</artifactId>
<version>${project.version}</version> <version>${project.version}</version>
<scope>runtime</scope>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.springframework</groupId> <groupId>org.springframework.security</groupId>
<artifactId>org.springframework.web</artifactId> <artifactId>spring-security-web</artifactId>
</dependency> <version>${project.version}</version>
<dependency> <scope>runtime</scope>
<groupId>org.springframework</groupId>
<artifactId>org.springframework.web.servlet</artifactId>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.springframework</groupId> <groupId>org.springframework.security</groupId>
<artifactId>org.springframework.jdbc</artifactId> <artifactId>spring-security-config</artifactId>
<version>${project.version}</version>
<scope>runtime</scope> <scope>runtime</scope>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.springframework</groupId> <groupId>org.springframework</groupId>
<artifactId>org.springframework.aop</artifactId> <artifactId>org.springframework.jdbc</artifactId>
<scope>runtime</scope> <scope>runtime</scope>
</dependency> </dependency>
<dependency> <dependency>
<groupId>jaxen</groupId> <groupId>jaxen</groupId>
<artifactId>jaxen</artifactId> <artifactId>jaxen</artifactId>
<version>1.1.1</version> <version>1.1.1</version>
<scope>runtime</scope>
</dependency> </dependency>
</dependencies> </dependencies>
@ -58,5 +59,4 @@
</plugin> </plugin>
</plugins> </plugins>
</build> </build>
</project> </project>

24
samples/preauth/src/main/webapp/WEB-INF/applicationContext-security.xml
Unescape View File

@ -12,13 +12,13 @@
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.1.xsd"> http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.1.xsd">
<bean id="filterChainProxy" class="org.springframework.security.util.FilterChainProxy"> <bean id="filterChainProxy" class="org.springframework.security.web.FilterChainProxy">
<sec:filter-chain-map path-type="ant"> <sec:filter-chain-map path-type="ant">
<sec:filter-chain pattern="/**" filters="sif,j2eePreAuthFilter,logoutFilter,etf,fsi"/> <sec:filter-chain pattern="/**" filters="sif,j2eePreAuthFilter,logoutFilter,etf,fsi"/>
</sec:filter-chain-map> </sec:filter-chain-map>
</bean> </bean>
<bean id="sif" class="org.springframework.security.context.HttpSessionContextIntegrationFilter"/> <bean id="sif" class="org.springframework.security.web.context.SecurityContextPersistenceFilter"/>
<sec:authentication-manager alias="authenticationManager" /> <sec:authentication-manager alias="authenticationManager" />
@ -30,24 +30,24 @@
<bean id="preAuthenticatedUserDetailsService" <bean id="preAuthenticatedUserDetailsService"
class="org.springframework.security.providers.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsService"/> class="org.springframework.security.providers.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsService"/>
<bean id="j2eePreAuthFilter" class="org.springframework.security.ui.preauth.j2ee.J2eePreAuthenticatedProcessingFilter"> <bean id="j2eePreAuthFilter" class="org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthenticatedProcessingFilter">
<property name="authenticationManager" ref="authenticationManager"/> <property name="authenticationManager" ref="authenticationManager"/>
<property name="authenticationDetailsSource" ref="authenticationDetailsSource"/> <property name="authenticationDetailsSource" ref="authenticationDetailsSource"/>
</bean> </bean>
<bean id="preAuthenticatedProcessingFilterEntryPoint" <bean id="preAuthenticatedProcessingFilterEntryPoint"
class="org.springframework.security.ui.preauth.PreAuthenticatedProcessingFilterEntryPoint"/> class="org.springframework.security.web.authentication.preauth.PreAuthenticatedProcessingFilterEntryPoint"/>
<bean id="logoutFilter" class="org.springframework.security.ui.logout.LogoutFilter"> <bean id="logoutFilter" class="org.springframework.security.web.logout.LogoutFilter">
<constructor-arg value="/"/> <constructor-arg value="/"/>
<constructor-arg> <constructor-arg>
<list> <list>
<bean class="org.springframework.security.ui.logout.SecurityContextLogoutHandler"/> <bean class="org.springframework.security.web.logout.SecurityContextLogoutHandler"/>
</list> </list>
</constructor-arg> </constructor-arg>
</bean> </bean>
<bean id="authenticationDetailsSource" class="org.springframework.security.ui.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource"> <bean id="authenticationDetailsSource" class="org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource">
<property name="mappableRolesRetriever" ref="j2eeMappableRolesRetriever"/> <property name="mappableRolesRetriever" ref="j2eeMappableRolesRetriever"/>
<property name="userRoles2GrantedAuthoritiesMapper" ref="j2eeUserRoles2GrantedAuthoritiesMapper"/> <property name="userRoles2GrantedAuthoritiesMapper" ref="j2eeUserRoles2GrantedAuthoritiesMapper"/>
</bean> </bean>
@ -56,7 +56,7 @@
<property name="convertAttributeToUpperCase" value="true"/> <property name="convertAttributeToUpperCase" value="true"/>
</bean> </bean>
<bean id="j2eeMappableRolesRetriever" class="org.springframework.security.ui.preauth.j2ee.WebXmlMappableAttributesRetriever"> <bean id="j2eeMappableRolesRetriever" class="org.springframework.security.web.authentication.preauth.j2ee.WebXmlMappableAttributesRetriever">
<property name="webXmlInputStream"><bean factory-bean="webXmlResource" factory-method="getInputStream"/> <property name="webXmlInputStream"><bean factory-bean="webXmlResource" factory-method="getInputStream"/>
</property> </property>
@ -69,7 +69,7 @@
<bean id="servletContext" class="org.springframework.web.context.support.ServletContextFactoryBean"/> <bean id="servletContext" class="org.springframework.web.context.support.ServletContextFactoryBean"/>
<bean id="etf" class="org.springframework.security.ui.ExceptionTranslationFilter"> <bean id="etf" class="org.springframework.security.web.ExceptionTranslationFilter">
<property name="authenticationEntryPoint" ref="preAuthenticatedProcessingFilterEntryPoint"/> <property name="authenticationEntryPoint" ref="preAuthenticatedProcessingFilterEntryPoint"/>
</bean> </bean>
@ -82,7 +82,7 @@
</property> </property>
</bean> </bean>
<bean id="fsi" class="org.springframework.security.intercept.web.FilterSecurityInterceptor"> <bean id="fsi" class="org.springframework.security.web.intercept.FilterSecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager"/> <property name="authenticationManager" ref="authenticationManager"/>
<property name="accessDecisionManager" ref="httpRequestAccessDecisionManager"/> <property name="accessDecisionManager" ref="httpRequestAccessDecisionManager"/>
<property name="securityMetadataSource"> <property name="securityMetadataSource">
@ -96,8 +96,8 @@
<bean id="roleVoter" class="org.springframework.security.vote.RoleVoter"/> <bean id="roleVoter" class="org.springframework.security.vote.RoleVoter"/>
<bean id="securityContextHolderAwareRequestFilter" class="org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter"> <bean id="securityContextHolderAwareRequestFilter" class="org.springframework.security.web.wrapper.SecurityContextHolderAwareRequestFilter">
<property name="wrapperClass" value="org.springframework.security.wrapper.SecurityContextHolderAwareRequestWrapper"/> <property name="wrapperClass" value="org.springframework.security.web.wrapper.SecurityContextHolderAwareRequestWrapper"/>
</bean> </bean>
</beans> </beans>

36
samples/preauth/src/main/webapp/WEB-INF/web.xml
Unescape View File

@ -12,15 +12,15 @@
<display-name>Spring Security Preauthentication Demo Application</display-name> <display-name>Spring Security Preauthentication Demo Application</display-name>
<!-- <!--
- Location of the XML file that defines the root application context - Location of the XML file that defines the root application context
- Applied by ContextLoaderListener. - Applied by ContextLoaderListener.
--> -->
<context-param> <context-param>
<param-name>contextConfigLocation</param-name> <param-name>contextConfigLocation</param-name>
<param-value> <param-value>
/WEB-INF/applicationContext-security.xml /WEB-INF/applicationContext-security.xml
</param-value> </param-value>
</context-param> </context-param>
<filter> <filter>
<filter-name>filterChainProxy</filter-name> <filter-name>filterChainProxy</filter-name>
@ -32,21 +32,13 @@
<url-pattern>/*</url-pattern> <url-pattern>/*</url-pattern>
</filter-mapping> </filter-mapping>
<!-- <!--
- Loads the root application context of this web app at startup. - Loads the root application context of this web app at startup.
- The application context is then available via - The application context is then available via
- WebApplicationContextUtils.getWebApplicationContext(servletContext). - WebApplicationContextUtils.getWebApplicationContext(servletContext).
--> -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!--
- Publishes events for session creation and destruction through the application
- context. Optional unless concurrent session control is being used.
-->
<listener> <listener>
<listener-class>org.springframework.security.ui.session.HttpSessionEventPublisher</listener-class> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener> </listener>
<login-config> <login-config>

10
samples/runall.sh
Unescape View File

@ -26,20 +26,30 @@ stop_jetty() {
cleanup cleanup
cd tutorial cd tutorial
echo "Running tutorial app..."
start_jetty start_jetty
curl http://localhost:8080/tutorial/ curl http://localhost:8080/tutorial/
stop_jetty stop_jetty
echo "Running contacts app..."
cd ../contacts cd ../contacts
start_jetty start_jetty
curl http://localhost:8080/contacts/ curl http://localhost:8080/contacts/
stop_jetty stop_jetty
echo "Running ldap app..."
cd ../ldap cd ../ldap
start_jetty start_jetty
curl http://localhost:8080/ldap/ curl http://localhost:8080/ldap/
stop_jetty stop_jetty
echo "Running preauth app..."
cd ../preauth
start_jetty
curl http://localhost:8080/preauth/
stop_jetty
cd ../cas cd ../cas
if [[ -e ./server/cas-server-webapp-3.2.1.war ]] if [[ -e ./server/cas-server-webapp-3.2.1.war ]]

2
samples/tutorial/src/main/webapp/WEB-INF/web.xml
Unescape View File

@ -57,7 +57,7 @@
- context. Optional unless concurrent session control is being used. - context. Optional unless concurrent session control is being used.
--> -->
<listener> <listener>
<listener-class>org.springframework.security.ui.session.HttpSessionEventPublisher</listener-class> <listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener> </listener>
<listener> <listener>

5
web/src/main/java/org/springframework/security/ui/basicauth/package.html
Unescape View File

@ -1,5 +0,0 @@
<html>
<body>
Authenticates HTTP BASIC authentication requests.
</body>
</html>

5
web/src/main/java/org/springframework/security/ui/digestauth/package.html
Unescape View File

@ -1,5 +0,0 @@
<html>
<body>
Authenticates HTTP Digest authentication requests.
</body>
</html>

5
web/src/main/java/org/springframework/security/ui/webapp/package.html
Unescape View File

@ -1,5 +0,0 @@
<html>
<body>
Authenticates users via HTTP properties, headers and session.
</body>
</html>

5
web/src/main/java/org/springframework/security/ui/AbstractAuthenticationTargetUrlRequestHandler.java → web/src/main/java/org/springframework/security/web/AbstractAuthenticationTargetUrlRequestHandler.java
Unescape View File

@ -1,4 +1,4 @@
package org.springframework.security.ui; package org.springframework.security.web;
import java.io.IOException; import java.io.IOException;
import java.io.UnsupportedEncodingException; import java.io.UnsupportedEncodingException;
@ -11,7 +11,8 @@ import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.springframework.security.Authentication; import org.springframework.security.Authentication;
import org.springframework.security.ui.logout.LogoutHandler; import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.logout.LogoutHandler;
import org.springframework.security.web.util.RedirectUtils; import org.springframework.security.web.util.RedirectUtils;
import org.springframework.security.web.util.UrlUtils; import org.springframework.security.web.util.UrlUtils;
import org.springframework.util.Assert; import org.springframework.util.Assert;

2
web/src/main/java/org/springframework/security/ui/AccessDeniedHandler.java → web/src/main/java/org/springframework/security/web/AccessDeniedHandler.java
Unescape View File

@ -13,7 +13,7 @@
* limitations under the License. * limitations under the License.
*/ */
package org.springframework.security.ui; package org.springframework.security.web;
import org.springframework.security.AccessDeniedException; import org.springframework.security.AccessDeniedException;

2
web/src/main/java/org/springframework/security/ui/AccessDeniedHandlerImpl.java → web/src/main/java/org/springframework/security/web/AccessDeniedHandlerImpl.java
Unescape View File

@ -13,7 +13,7 @@
* limitations under the License. * limitations under the License.
*/ */
package org.springframework.security.ui; package org.springframework.security.web;
import java.io.IOException; import java.io.IOException;

2
web/src/main/java/org/springframework/security/ui/AuthenticationEntryPoint.java → web/src/main/java/org/springframework/security/web/AuthenticationEntryPoint.java
Unescape View File

@ -13,7 +13,7 @@
* limitations under the License. * limitations under the License.
*/ */
package org.springframework.security.ui; package org.springframework.security.web;
import org.springframework.security.AuthenticationException; import org.springframework.security.AuthenticationException;

12
web/src/main/java/org/springframework/security/ui/ExceptionTranslationFilter.java → web/src/main/java/org/springframework/security/web/ExceptionTranslationFilter.java
Unescape View File

@ -13,7 +13,7 @@
* limitations under the License. * limitations under the License.
*/ */
package org.springframework.security.ui; package org.springframework.security.web;
import org.springframework.security.AccessDeniedException; import org.springframework.security.AccessDeniedException;
import org.springframework.security.SpringSecurityException; import org.springframework.security.SpringSecurityException;
@ -22,11 +22,9 @@ import org.springframework.security.AuthenticationTrustResolver;
import org.springframework.security.AuthenticationTrustResolverImpl; import org.springframework.security.AuthenticationTrustResolverImpl;
import org.springframework.security.InsufficientAuthenticationException; import org.springframework.security.InsufficientAuthenticationException;
import org.springframework.security.context.SecurityContextHolder; import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.ui.savedrequest.SavedRequest;
import org.springframework.security.util.ThrowableAnalyzer; import org.springframework.security.util.ThrowableAnalyzer;
import org.springframework.security.util.ThrowableCauseExtractor; import org.springframework.security.util.ThrowableCauseExtractor;
import org.springframework.security.web.util.PortResolver; import org.springframework.security.web.savedrequest.SavedRequest;
import org.springframework.security.web.util.PortResolverImpl;
import org.springframework.beans.factory.InitializingBean; import org.springframework.beans.factory.InitializingBean;
import org.springframework.util.Assert; import org.springframework.util.Assert;
@ -51,8 +49,8 @@ import javax.servlet.http.HttpServletResponse;
* <p> * <p>
* If an {@link AccessDeniedException} is detected, the filter will determine whether or not the user is an anonymous * If an {@link AccessDeniedException} is detected, the filter will determine whether or not the user is an anonymous
* user. If they are an anonymous user, the <code>authenticationEntryPoint</code> will be launched. If they are not * user. If they are an anonymous user, the <code>authenticationEntryPoint</code> will be launched. If they are not
* an anonymous user, the filter will delegate to the {@link org.springframework.security.ui.AccessDeniedHandler}. * an anonymous user, the filter will delegate to the {@link org.springframework.security.web.AccessDeniedHandler}.
* By default the filter will use {@link org.springframework.security.ui.AccessDeniedHandlerImpl}. * By default the filter will use {@link org.springframework.security.web.AccessDeniedHandlerImpl}.
* <p> * <p>
* To use this filter, it is necessary to specify the following properties: * To use this filter, it is necessary to specify the following properties:
* <ul> * <ul>
@ -176,7 +174,7 @@ public class ExceptionTranslationFilter extends SpringSecurityFilter implements
* <code>false</code>. * <code>false</code>.
* <p> * <p>
* Remember to also set * Remember to also set
* {@link org.springframework.security.context.web.HttpSessionSecurityContextRepository#setAllowSessionCreation(boolean)} * {@link org.springframework.security.web.context.HttpSessionSecurityContextRepository#setAllowSessionCreation(boolean)}
* to <code>false</code> if you set this property to <code>false</code>. * to <code>false</code> if you set this property to <code>false</code>.
* *
* @return <code>true</code> if the <code>HttpSession</code> will be * @return <code>true</code> if the <code>HttpSession</code> will be

2
web/src/main/java/org/springframework/security/ui/FilterChainOrder.java → web/src/main/java/org/springframework/security/web/FilterChainOrder.java
Unescape View File

@ -1,4 +1,4 @@
package org.springframework.security.ui; package org.springframework.security.web;
import org.springframework.util.Assert; import org.springframework.util.Assert;

6
web/src/main/java/org/springframework/security/web/util/FilterChainProxy.java → web/src/main/java/org/springframework/security/web/FilterChainProxy.java
Unescape View File

@ -13,7 +13,7 @@
* limitations under the License. * limitations under the License.
*/ */
package org.springframework.security.web.util; package org.springframework.security.web;
import java.io.IOException; import java.io.IOException;
import java.util.Collection; import java.util.Collection;
@ -34,10 +34,10 @@ import javax.servlet.ServletResponse;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean; import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.intercept.web.FilterInvocation;
import org.springframework.security.intercept.web.FilterInvocationSecurityMetadataSource;
import org.springframework.security.util.AntUrlPathMatcher; import org.springframework.security.util.AntUrlPathMatcher;
import org.springframework.security.util.UrlMatcher; import org.springframework.security.util.UrlMatcher;
import org.springframework.security.web.intercept.FilterInvocation;
import org.springframework.security.web.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.util.Assert; import org.springframework.util.Assert;
import org.springframework.web.filter.DelegatingFilterProxy; import org.springframework.web.filter.DelegatingFilterProxy;

2
web/src/main/java/org/springframework/security/web/util/PortMapper.java → web/src/main/java/org/springframework/security/web/PortMapper.java
Unescape View File

@ -13,7 +13,7 @@
* limitations under the License. * limitations under the License.
*/ */
package org.springframework.security.web.util; package org.springframework.security.web;
/** /**
* <code>PortMapper</code> implementations provide callers with information * <code>PortMapper</code> implementations provide callers with information

Some files were not shown because too many files have changed in this diff Show More

Write Preview
Loading…
Cancel
Save