GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

SEC-532: Remove FilterInvocationDefinitionSource-related classes which are no longer needed.

2.0.x
Luke Taylor 18 years ago
parent
a0ee7fb6fd
commit
c9de2f6c9f
15 changed files with 94 additions and 610 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 16
      core/src/main/java/org/springframework/security/intercept/web/FIDSToFilterChainMapConverter.java
  2. 27
      core/src/main/java/org/springframework/security/intercept/web/FilterInvocationDefinition.java
  3. 36
      core/src/main/java/org/springframework/security/intercept/web/FilterInvocationDefinitionMap.java
  4. 70
      core/src/main/java/org/springframework/security/intercept/web/PathBasedFilterInvocationDefinitionMap.java
  5. 42
      core/src/main/java/org/springframework/security/intercept/web/RegExpBasedFilterInvocationDefinitionMap.java
  6. 5
      core/src/main/java/org/springframework/security/providers/preauth/PreAuthenticatedUserDetailsService.java
  7. 8
      core/src/main/java/org/springframework/security/util/AntUrlPathMatcher.java
  8. 13
      core/src/main/java/org/springframework/security/util/FilterChainProxy.java
  9. 42
      core/src/test/java/org/springframework/security/intercept/web/DefaultFilterInvocationDefinitionSourceTests.java
  10. 43
      core/src/test/java/org/springframework/security/intercept/web/FilterInvocationDefinitionSourceEditorTests.java
  11. 197
      core/src/test/java/org/springframework/security/intercept/web/FilterInvocationDefinitionSourceEditorWithPathsTests.java
  12. 15
      core/src/test/java/org/springframework/security/intercept/web/FilterSecurityInterceptorTests.java
  13. 64
      core/src/test/java/org/springframework/security/intercept/web/MockFilterInvocationDefinition.java
  14. 121
      core/src/test/java/org/springframework/security/intercept/web/RegExpBasedFilterDefinitionMapTests.java
  15. 5
      core/src/test/java/org/springframework/security/util/FilterChainProxyTests.java

16
core/src/main/java/org/springframework/security/intercept/web/FIDSToFilterChainMapConverter.java
Unescape View File

@ -5,6 +5,7 @@ import org.springframework.util.Assert; @@ -5,6 +5,7 @@ import org.springframework.util.Assert;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.util.FilterChainProxy;
import org.springframework.security.util.UrlMatcher;
import javax.servlet.Filter;
import java.util.*;
@ -24,16 +25,13 @@ import java.util.regex.Pattern; @@ -24,16 +25,13 @@ import java.util.regex.Pattern;
public class FIDSToFilterChainMapConverter {
private LinkedHashMap filterChainMap = new LinkedHashMap();
private UrlMatcher matcher;
public FIDSToFilterChainMapConverter(FilterInvocationDefinitionSource source, ApplicationContext appContext) {
public FIDSToFilterChainMapConverter(DefaultFilterInvocationDefinitionSource fids, ApplicationContext appContext) {
// TODO: Check if this is necessary. Retained from refactoring of FilterChainProxy
Assert.notNull(source.getConfigAttributeDefinitions(), "FilterChainProxy requires the " +
Assert.notNull(fids.getConfigAttributeDefinitions(), "FilterChainProxy requires the " +
"FilterInvocationDefinitionSource to return a non-null response to getConfigAttributeDefinitions()");
Assert.isTrue(source instanceof DefaultFilterInvocationDefinitionSource,
"Can't handle FilterInvocationDefinitionSource type " + source.getClass());
DefaultFilterInvocationDefinitionSource fids = (DefaultFilterInvocationDefinitionSource)source;
matcher = fids.getUrlMatcher();
Map requestMap = fids.getRequestMap();
Iterator paths = requestMap.keySet().iterator();
@ -64,4 +62,8 @@ public class FIDSToFilterChainMapConverter { @@ -64,4 +62,8 @@ public class FIDSToFilterChainMapConverter {
public Map getFilterChainMap() {
return filterChainMap;
}
public UrlMatcher getMatcher() {
return matcher;
}
}

27
core/src/main/java/org/springframework/security/intercept/web/FilterInvocationDefinition.java
Unescape View File

@ -1,27 +0,0 @@ @@ -1,27 +0,0 @@
/* Copyright 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.intercept.web;
/**
* Interface to join {@link FilterInvocationDefinitionMap} and
* {@link FilterInvocationDefinitionSource}.
*
* @author <a href="mailto:carlos@apache.org">Carlos Sanchez</a>
* @version $Id$
* @since 1.1
*/
public interface FilterInvocationDefinition extends FilterInvocationDefinitionMap, FilterInvocationDefinitionSource {
}

36
core/src/main/java/org/springframework/security/intercept/web/FilterInvocationDefinitionMap.java
Unescape View File

@ -1,36 +0,0 @@ @@ -1,36 +0,0 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.intercept.web;
import org.springframework.security.ConfigAttributeDefinition;
/**
* Exposes methods required so that a property editor can populate the relevant
* {@link FilterInvocationDefinitionSource}.
*
* @author Ben Alex
* @version $Id$
*/
public interface FilterInvocationDefinitionMap {
//~ Methods ========================================================================================================
void addSecureUrl(String expression, ConfigAttributeDefinition attr);
boolean isConvertUrlToLowercaseBeforeComparison();
void setConvertUrlToLowercaseBeforeComparison(boolean convertUrlToLowercaseBeforeComparison);
}

70
core/src/main/java/org/springframework/security/intercept/web/PathBasedFilterInvocationDefinitionMap.java
Unescape View File

@ -1,70 +0,0 @@ @@ -1,70 +0,0 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.intercept.web;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.util.AntUrlPathMatcher;
/**
* Extends DefaultFilterInvocationDefinitionSource, configuring it with a {@link AntUrlPathMatcher} to match URLs
* using Apache Ant path-based patterns.
* <p>
* Apache Ant path expressions are used to match a HTTP request URL against a <code>ConfigAttributeDefinition</code>.
* <p>
* The order of registering the Ant paths using the {@link #addSecureUrl(String,ConfigAttributeDefinition)} is
* very important. The system will identify the <b>first</b> matching path for a given HTTP URL. It will not proceed
* to evaluate later paths if a match has already been found. Accordingly, the most specific paths should be
* registered first, with the most general paths registered last.
* <p>
* If no registered paths match the HTTP URL, <code>null</code> is returned.
* <p>
* Note that as of 2.0, lower case URL comparisons are made by default, as this is the default strategy for
* <tt>AntUrlPathMatcher</tt>.
*
* @author Ben Alex
* @author Luke taylor
* @deprecated DefaultFilterInvocationDefinitionSource should now be used with an AntUrlPathMatcher instead.
* @version $Id$
*/
public class PathBasedFilterInvocationDefinitionMap extends DefaultFilterInvocationDefinitionSource
implements FilterInvocationDefinition {
//~ Constructors ===================================================================================================
public PathBasedFilterInvocationDefinitionMap() {
super(new AntUrlPathMatcher());
setStripQueryStringFromUrls(true);
}
//~ Methods ========================================================================================================
public void addSecureUrl(String antPath, String method, ConfigAttributeDefinition attr) {
// SEC-501: If using lower case comparison, we should convert the paths to lower case
// as any upper case characters included by mistake will prevent the URL from ever being matched.
// This shouldn't be needed anymore. The property editor complains if there is upper case text in the URL
// and the namespace implementation does the conversion itself, so it is safe to use the parent class
// directly.
if (getUrlMatcher().requiresLowerCaseUrl()) {
antPath = antPath.toLowerCase();
}
super.addSecureUrl(antPath, method, attr);
}
public void setConvertUrlToLowercaseBeforeComparison(boolean bool) {
((AntUrlPathMatcher)getUrlMatcher()).setRequiresLowerCaseUrl(bool);
}
}

42
core/src/main/java/org/springframework/security/intercept/web/RegExpBasedFilterInvocationDefinitionMap.java
Unescape View File

@ -1,42 +0,0 @@ @@ -1,42 +0,0 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.intercept.web;
import org.springframework.security.util.RegexUrlPathMatcher;
/**
* Configures an {@link DefaultFilterInvocationDefinitionSource} with a regular expression URL matching strategy
* {@link RegexUrlPathMatcher}.
*
* @author Ben Alex
* @author Luke Taylor
* @deprecated
* @version $Id$
*/
public class RegExpBasedFilterInvocationDefinitionMap extends DefaultFilterInvocationDefinitionSource
implements FilterInvocationDefinition {
//~ Constructors ===================================================================================================
public RegExpBasedFilterInvocationDefinitionMap() {
super(new RegexUrlPathMatcher());
}
public void setConvertUrlToLowercaseBeforeComparison(boolean bool) {
((RegexUrlPathMatcher)getUrlMatcher()).setRequiresLowerCaseUrl(bool);
}
}

5
core/src/main/java/org/springframework/security/providers/preauth/PreAuthenticatedUserDetailsService.java
Unescape View File

@ -15,13 +15,12 @@ public interface PreAuthenticatedUserDetailsService { @@ -15,13 +15,12 @@ public interface PreAuthenticatedUserDetailsService {
/**
*
* @param aPreAuthenticatedAuthenticationToken
* @param token
* The pre-authenticated authentication token
* @return UserDetails for the given authentication token.
* @throws UsernameNotFoundException
* if no user details can be found for the given authentication
* token
*/
UserDetails getUserDetails(PreAuthenticatedAuthenticationToken aPreAuthenticatedAuthenticationToken)
throws UsernameNotFoundException;
UserDetails getUserDetails(PreAuthenticatedAuthenticationToken token) throws UsernameNotFoundException;
}

8
core/src/main/java/org/springframework/security/util/AntUrlPathMatcher.java
Unescape View File

@ -17,6 +17,14 @@ public class AntUrlPathMatcher implements UrlMatcher { @@ -17,6 +17,14 @@ public class AntUrlPathMatcher implements UrlMatcher {
private boolean requiresLowerCaseUrl = true;
private PathMatcher pathMatcher = new AntPathMatcher();
public AntUrlPathMatcher() {
this(true);
}
public AntUrlPathMatcher(boolean requiresLowerCaseUrl) {
this.requiresLowerCaseUrl = requiresLowerCaseUrl;
}
public Object compile(String path) {
if (requiresLowerCaseUrl) {
return path.toLowerCase();

13
core/src/main/java/org/springframework/security/util/FilterChainProxy.java
Unescape View File

@ -106,7 +106,7 @@ public class FilterChainProxy implements Filter, InitializingBean, ApplicationCo @@ -106,7 +106,7 @@ public class FilterChainProxy implements Filter, InitializingBean, ApplicationCo
/** Compiled pattern version of the filter chain map */
private Map filterChainMap;
private UrlMatcher matcher = new AntUrlPathMatcher();
private FilterInvocationDefinitionSource fids;
private DefaultFilterInvocationDefinitionSource fids;
//~ Methods ========================================================================================================
@ -114,7 +114,9 @@ public class FilterChainProxy implements Filter, InitializingBean, ApplicationCo @@ -114,7 +114,9 @@ public class FilterChainProxy implements Filter, InitializingBean, ApplicationCo
// Convert the FilterDefinitionSource to a filterChainMap if set
if (fids != null) {
Assert.isNull(uncompiledFilterChainMap, "Set the filterChainMap or FilterInvocationDefinitionSource but not both");
setFilterChainMap(new FIDSToFilterChainMapConverter(fids, applicationContext).getFilterChainMap());
FIDSToFilterChainMapConverter converter = new FIDSToFilterChainMapConverter(fids, applicationContext);
setFilterChainMap(converter.getFilterChainMap());
setMatcher(converter.getMatcher());
fids = null;
}
@ -238,10 +240,9 @@ public class FilterChainProxy implements Filter, InitializingBean, ApplicationCo @@ -238,10 +240,9 @@ public class FilterChainProxy implements Filter, InitializingBean, ApplicationCo
* @deprecated Use namespace configuration or call setFilterChainMap instead.
*/
public void setFilterInvocationDefinitionSource(FilterInvocationDefinitionSource fids) {
if( fids instanceof RegExpBasedFilterInvocationDefinitionMap) {
matcher = new RegexUrlPathMatcher();
}
this.fids = fids;
Assert.isInstanceOf(DefaultFilterInvocationDefinitionSource.class, fids,
"Must be a DefaultFilterInvocationDefinitionSource");
this.fids = (DefaultFilterInvocationDefinitionSource) fids;
}
/**

42
core/src/test/java/org/springframework/security/intercept/web/PathBasedFilterInvocationDefinitionMapTests.java → core/src/test/java/org/springframework/security/intercept/web/DefaultFilterInvocationDefinitionSourceTests.java
Unescape View File

@ -18,43 +18,40 @@ package org.springframework.security.intercept.web; @@ -18,43 +18,40 @@ package org.springframework.security.intercept.web;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.MockFilterChain;
import org.springframework.security.SecurityConfig;
import org.springframework.security.util.AntUrlPathMatcher;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.junit.Test;
import org.junit.Before;
import static org.junit.Assert.*;
import static org.junit.Assert.assertEquals;
/**
* Tests parts of {@link PathBasedFilterInvocationDefinitionMap} not tested by {@link
* FilterInvocationDefinitionSourceEditorWithPathsTests}.
* Tests parts of {@link DefaultFilterInvocationDefinitionSource} not tested by {@link
* FilterInvocationDefinitionSourceEditorTests}.
*
* @author Ben Alex
* @version $Id$
*/
public class PathBasedFilterInvocationDefinitionMapTests {
public class DefaultFilterInvocationDefinitionSourceTests {
DefaultFilterInvocationDefinitionSource map;
//~ Methods ========================================================================================================
@Before
public void createMap() {
map = new DefaultFilterInvocationDefinitionSource(new AntUrlPathMatcher());
map.setStripQueryStringFromUrls(true);
}
@Test
public void convertUrlToLowercaseIsTrueByDefault() {
PathBasedFilterInvocationDefinitionMap map = new PathBasedFilterInvocationDefinitionMap();
assertTrue(map.isConvertUrlToLowercaseBeforeComparison());
}
@Test
public void convertUrlToLowercaseSetterRespected() {
PathBasedFilterInvocationDefinitionMap map = new PathBasedFilterInvocationDefinitionMap();
map.setConvertUrlToLowercaseBeforeComparison(false);
assertFalse(map.isConvertUrlToLowercaseBeforeComparison());
}
@Test
public void lookupNotRequiringExactMatchSuccessIfNotMatching() {
PathBasedFilterInvocationDefinitionMap map = new PathBasedFilterInvocationDefinitionMap();
map.setConvertUrlToLowercaseBeforeComparison(true);
ConfigAttributeDefinition def = new ConfigAttributeDefinition();
def.addConfigAttribute(new SecurityConfig("ROLE_ONE"));
map.addSecureUrl("/secure/super/**", def);
@ -70,8 +67,6 @@ public class PathBasedFilterInvocationDefinitionMapTests { @@ -70,8 +67,6 @@ public class PathBasedFilterInvocationDefinitionMapTests {
*/
@Test
public void lookupNotRequiringExactMatchSucceedsIfSecureUrlPathContainsUpperCase() {
PathBasedFilterInvocationDefinitionMap map = new PathBasedFilterInvocationDefinitionMap();
ConfigAttributeDefinition def = new ConfigAttributeDefinition();
def.addConfigAttribute(new SecurityConfig("ROLE_ONE"));
map.addSecureUrl("/SeCuRE/super/**", def);
@ -85,8 +80,7 @@ public class PathBasedFilterInvocationDefinitionMapTests { @@ -85,8 +80,7 @@ public class PathBasedFilterInvocationDefinitionMapTests {
@Test
public void lookupRequiringExactMatchFailsIfNotMatching() {
PathBasedFilterInvocationDefinitionMap map = new PathBasedFilterInvocationDefinitionMap();
map.setConvertUrlToLowercaseBeforeComparison(false);
map = new DefaultFilterInvocationDefinitionSource(new AntUrlPathMatcher(false));
ConfigAttributeDefinition def = new ConfigAttributeDefinition();
def.addConfigAttribute(new SecurityConfig("ROLE_ONE"));
map.addSecureUrl("/secure/super/**", def);
@ -99,8 +93,7 @@ public class PathBasedFilterInvocationDefinitionMapTests { @@ -99,8 +93,7 @@ public class PathBasedFilterInvocationDefinitionMapTests {
@Test
public void lookupRequiringExactMatchIsSuccessful() {
PathBasedFilterInvocationDefinitionMap map = new PathBasedFilterInvocationDefinitionMap();
map.setConvertUrlToLowercaseBeforeComparison(false);
map = new DefaultFilterInvocationDefinitionSource(new AntUrlPathMatcher(false));
ConfigAttributeDefinition def = new ConfigAttributeDefinition();
def.addConfigAttribute(new SecurityConfig("ROLE_ONE"));
map.addSecureUrl("/SeCurE/super/**", def);
@ -113,7 +106,6 @@ public class PathBasedFilterInvocationDefinitionMapTests { @@ -113,7 +106,6 @@ public class PathBasedFilterInvocationDefinitionMapTests {
@Test
public void lookupRequiringExactMatchWithAdditionalSlashesIsSuccessful() {
PathBasedFilterInvocationDefinitionMap map = new PathBasedFilterInvocationDefinitionMap();
ConfigAttributeDefinition def = new ConfigAttributeDefinition();
def.addConfigAttribute(new SecurityConfig("ROLE_ONE"));
map.addSecureUrl("/someAdminPage.html**", def);
@ -126,7 +118,6 @@ public class PathBasedFilterInvocationDefinitionMapTests { @@ -126,7 +118,6 @@ public class PathBasedFilterInvocationDefinitionMapTests {
@Test(expected = IllegalArgumentException.class)
public void unknownHttpMethodIsRejected() {
PathBasedFilterInvocationDefinitionMap map = new PathBasedFilterInvocationDefinitionMap();
ConfigAttributeDefinition def = new ConfigAttributeDefinition();
def.addConfigAttribute(new SecurityConfig("ROLE_ONE"));
map.addSecureUrl("/someAdminPage.html**", "UNKNOWN", def);
@ -134,7 +125,6 @@ public class PathBasedFilterInvocationDefinitionMapTests { @@ -134,7 +125,6 @@ public class PathBasedFilterInvocationDefinitionMapTests {
@Test
public void httpMethodLookupSucceeds() {
PathBasedFilterInvocationDefinitionMap map = new PathBasedFilterInvocationDefinitionMap();
ConfigAttributeDefinition def = new ConfigAttributeDefinition();
def.addConfigAttribute(new SecurityConfig("ROLE_ONE"));
map.addSecureUrl("/somepage**", "GET", def);
@ -146,7 +136,6 @@ public class PathBasedFilterInvocationDefinitionMapTests { @@ -146,7 +136,6 @@ public class PathBasedFilterInvocationDefinitionMapTests {
@Test
public void requestWithDifferentHttpMethodDoesntMatch() {
PathBasedFilterInvocationDefinitionMap map = new PathBasedFilterInvocationDefinitionMap();
ConfigAttributeDefinition def = new ConfigAttributeDefinition();
def.addConfigAttribute(new SecurityConfig("ROLE_ONE"));
map.addSecureUrl("/somepage**", "GET", def);
@ -158,7 +147,7 @@ public class PathBasedFilterInvocationDefinitionMapTests { @@ -158,7 +147,7 @@ public class PathBasedFilterInvocationDefinitionMapTests {
@Test
public void httpMethodSpecificUrlTakesPrecedence() {
PathBasedFilterInvocationDefinitionMap map = new PathBasedFilterInvocationDefinitionMap();
// Even though this is added before the method-specific def, the latter should match
ConfigAttributeDefinition allMethodDef = new ConfigAttributeDefinition();
@ -178,8 +167,7 @@ public class PathBasedFilterInvocationDefinitionMapTests { @@ -178,8 +167,7 @@ public class PathBasedFilterInvocationDefinitionMapTests {
* Check fixes for SEC-321
*/
@Test
public void extraQuestionMarkStillMatches() {
PathBasedFilterInvocationDefinitionMap map = new PathBasedFilterInvocationDefinitionMap();
public void extraQuestionMarkStillMatches() {
ConfigAttributeDefinition def = new ConfigAttributeDefinition();
def.addConfigAttribute(new SecurityConfig("ROLE_ONE"));
map.addSecureUrl("/someAdminPage.html*", def);

43
core/src/test/java/org/springframework/security/intercept/web/FilterInvocationDefinitionSourceEditorTests.java
Unescape View File

@ -21,6 +21,7 @@ import org.springframework.security.ConfigAttributeDefinition; @@ -21,6 +21,7 @@ import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.MockFilterChain;
import org.springframework.security.SecurityConfig;
import org.springframework.security.util.RegexUrlPathMatcher;
import org.springframework.security.util.AntUrlPathMatcher;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
@ -30,8 +31,8 @@ import java.util.regex.PatternSyntaxException; @@ -30,8 +31,8 @@ import java.util.regex.PatternSyntaxException;
/**
* Tests {@link FilterInvocationDefinitionSourceEditor} and its associated default {@link
* RegExpBasedFilterInvocationDefinitionMap}.
* Tests {@link FilterInvocationDefinitionSourceEditor} and its associated default
* {@link DefaultFilterInvocationDefinitionSource}.
*
* @author Ben Alex
* @version $Id$
@ -273,4 +274,42 @@ public class FilterInvocationDefinitionSourceEditorTests extends TestCase { @@ -273,4 +274,42 @@ public class FilterInvocationDefinitionSourceEditorTests extends TestCase {
DefaultFilterInvocationDefinitionSource map = (DefaultFilterInvocationDefinitionSource) editor.getValue();
assertEquals(2, map.getMapSize());
}
public void testAntPathDirectiveIsDetected() {
FilterInvocationDefinitionSourceEditor editor = new FilterInvocationDefinitionSourceEditor();
editor.setAsText(
"PATTERN_TYPE_APACHE_ANT\r\n/secure/super/*=ROLE_WE_DONT_HAVE\r\n/secure/*=ROLE_SUPERVISOR,ROLE_TELLER");
DefaultFilterInvocationDefinitionSource map = (DefaultFilterInvocationDefinitionSource) editor.getValue();
assertTrue(map.getUrlMatcher() instanceof AntUrlPathMatcher);
}
public void testInvalidNameValueFailsToParse() {
FilterInvocationDefinitionSourceEditor editor = new FilterInvocationDefinitionSourceEditor();
try {
// Use a "==" instead of an "="
editor.setAsText(" PATTERN_TYPE_APACHE_ANT\r\n /secure/*==ROLE_SUPERVISOR,ROLE_TELLER \r\n");
fail("Shouldn't be able to use '==' for config attribute.");
} catch (IllegalArgumentException expected) {}
}
public void testSingleUrlParsing() throws Exception {
FilterInvocationDefinitionSourceEditor editor = new FilterInvocationDefinitionSourceEditor();
editor.setAsText("PATTERN_TYPE_APACHE_ANT\r\n/secure/super/*=ROLE_WE_DONT_HAVE,ANOTHER_ROLE");
DefaultFilterInvocationDefinitionSource map = (DefaultFilterInvocationDefinitionSource) editor.getValue();
MockHttpServletRequest httpRequest = new MockHttpServletRequest(null, null);
httpRequest.setServletPath("/secure/super/very_secret.html");
ConfigAttributeDefinition returned = map.getAttributes(new FilterInvocation(httpRequest,
new MockHttpServletResponse(), new MockFilterChain()));
ConfigAttributeDefinition expected = new ConfigAttributeDefinition();
expected.addConfigAttribute(new SecurityConfig("ROLE_WE_DONT_HAVE"));
expected.addConfigAttribute(new SecurityConfig("ANOTHER_ROLE"));
assertEquals(expected, returned);
}
}

197
core/src/test/java/org/springframework/security/intercept/web/FilterInvocationDefinitionSourceEditorWithPathsTests.java
Unescape View File

@ -1,197 +0,0 @@ @@ -1,197 +0,0 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.intercept.web;
import junit.framework.TestCase;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.MockFilterChain;
import org.springframework.security.SecurityConfig;
import org.springframework.security.util.AntUrlPathMatcher;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import java.util.Iterator;
/**
* Tests {@link FilterInvocationDefinitionSourceEditor} and its associated {@link
* PathBasedFilterInvocationDefinitionMap}.
*
* @author Ben Alex
* @version $Id$
*/
public class FilterInvocationDefinitionSourceEditorWithPathsTests extends TestCase {
//~ Constructors ===================================================================================================
public FilterInvocationDefinitionSourceEditorWithPathsTests() {
super();
}
public FilterInvocationDefinitionSourceEditorWithPathsTests(String arg0) {
super(arg0);
}
//~ Methods ========================================================================================================
public void testAntPathDirectiveIsDetected() {
FilterInvocationDefinitionSourceEditor editor = new FilterInvocationDefinitionSourceEditor();
editor.setAsText(
"PATTERN_TYPE_APACHE_ANT\r\n/secure/super/*=ROLE_WE_DONT_HAVE\r\n/secure/*=ROLE_SUPERVISOR,ROLE_TELLER");
DefaultFilterInvocationDefinitionSource map = (DefaultFilterInvocationDefinitionSource) editor.getValue();
assertTrue(map.getUrlMatcher() instanceof AntUrlPathMatcher);
}
public void testConvertUrlToLowercaseDefaultSettingUnchangedByEditor() {
FilterInvocationDefinitionSourceEditor editor = new FilterInvocationDefinitionSourceEditor();
editor.setAsText(
"PATTERN_TYPE_APACHE_ANT\r\n/secure/super/*=ROLE_WE_DONT_HAVE\r\n/secure/*=ROLE_SUPERVISOR,ROLE_TELLER");
DefaultFilterInvocationDefinitionSource map = (DefaultFilterInvocationDefinitionSource) editor.getValue();
assertFalse(map.getUrlMatcher().requiresLowerCaseUrl());
}
public void testConvertUrlToLowercaseSettingApplied() {
FilterInvocationDefinitionSourceEditor editor = new FilterInvocationDefinitionSourceEditor();
editor.setAsText(
"CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON\r\nPATTERN_TYPE_APACHE_ANT\r\n/secure/super/*=ROLE_WE_DONT_HAVE\r\n/secure/*=ROLE_SUPERVISOR,ROLE_TELLER");
DefaultFilterInvocationDefinitionSource map = (DefaultFilterInvocationDefinitionSource) editor.getValue();
assertTrue(map.getUrlMatcher().requiresLowerCaseUrl());
}
public void testInvalidNameValueFailsToParse() {
FilterInvocationDefinitionSourceEditor editor = new FilterInvocationDefinitionSourceEditor();
try {
// Use a "==" instead of an "="
editor.setAsText(" PATTERN_TYPE_APACHE_ANT\r\n /secure/*==ROLE_SUPERVISOR,ROLE_TELLER \r\n");
fail("Shouldn't be able to use '==' for config attribute.");
} catch (IllegalArgumentException expected) {}
}
public void testIterator() {
FilterInvocationDefinitionSourceEditor editor = new FilterInvocationDefinitionSourceEditor();
editor.setAsText(
"PATTERN_TYPE_APACHE_ANT\r\n/secure/super/*=ROLE_WE_DONT_HAVE\r\n/secure/*=ROLE_SUPERVISOR,ROLE_TELLER");
DefaultFilterInvocationDefinitionSource map = (DefaultFilterInvocationDefinitionSource) editor.getValue();
Iterator iter = map.getConfigAttributeDefinitions();
int counter = 0;
while (iter.hasNext()) {
iter.next();
counter++;
}
assertEquals(2, counter);
}
public void testMapReturnsNullWhenNoMatchFound() throws Exception {
FilterInvocationDefinitionSourceEditor editor = new FilterInvocationDefinitionSourceEditor();
editor.setAsText("PATTERN_TYPE_APACHE_ANT\r\n/secure/super/*=ROLE_WE_DONT_HAVE");
DefaultFilterInvocationDefinitionSource map = (DefaultFilterInvocationDefinitionSource) editor.getValue();
MockHttpServletRequest httpRequest = new MockHttpServletRequest(null, null);
httpRequest.setServletPath("/totally/different/path/index.html");
ConfigAttributeDefinition returned = map.getAttributes(new FilterInvocation(httpRequest,
new MockHttpServletResponse(), new MockFilterChain()));
assertEquals(null, returned);
}
public void testMultiUrlParsing() {
FilterInvocationDefinitionSourceEditor editor = new FilterInvocationDefinitionSourceEditor();
editor.setAsText(
"PATTERN_TYPE_APACHE_ANT\r\n/secure/super/*=ROLE_WE_DONT_HAVE\r\n/secure/*=ROLE_SUPERVISOR,ROLE_TELLER");
DefaultFilterInvocationDefinitionSource map = (DefaultFilterInvocationDefinitionSource) editor.getValue();
assertEquals(2, map.getMapSize());
}
public void testOrderOfEntriesIsPreservedOrderA() {
FilterInvocationDefinitionSourceEditor editor = new FilterInvocationDefinitionSourceEditor();
editor.setAsText(
"PATTERN_TYPE_APACHE_ANT\r\n/secure/super/**=ROLE_WE_DONT_HAVE,ANOTHER_ROLE\r\n/secure/**=ROLE_SUPERVISOR,ROLE_TELLER");
DefaultFilterInvocationDefinitionSource map = (DefaultFilterInvocationDefinitionSource) editor.getValue();
// Test ensures we match the first entry, not the second
MockHttpServletRequest httpRequest = new MockHttpServletRequest(null, null);
httpRequest.setServletPath("/secure/super/very_secret.html");
ConfigAttributeDefinition returned = map.getAttributes(new FilterInvocation(httpRequest,
new MockHttpServletResponse(), new MockFilterChain()));
ConfigAttributeDefinition expected = new ConfigAttributeDefinition();
expected.addConfigAttribute(new SecurityConfig("ROLE_WE_DONT_HAVE"));
expected.addConfigAttribute(new SecurityConfig("ANOTHER_ROLE"));
assertEquals(expected, returned);
}
public void testOrderOfEntriesIsPreservedOrderB() {
FilterInvocationDefinitionSourceEditor editor = new FilterInvocationDefinitionSourceEditor();
editor.setAsText(
"PATTERN_TYPE_APACHE_ANT\r\n/secure/**=ROLE_SUPERVISOR,ROLE_TELLER\r\n/secure/super/**=ROLE_WE_DONT_HAVE");
DefaultFilterInvocationDefinitionSource map = (DefaultFilterInvocationDefinitionSource) editor.getValue();
MockHttpServletRequest httpRequest = new MockHttpServletRequest(null, null);
httpRequest.setServletPath("/secure/super/very_secret.html");
ConfigAttributeDefinition returned = map.getAttributes(new FilterInvocation(httpRequest,
new MockHttpServletResponse(), new MockFilterChain()));
ConfigAttributeDefinition expected = new ConfigAttributeDefinition();
expected.addConfigAttribute(new SecurityConfig("ROLE_SUPERVISOR"));
expected.addConfigAttribute(new SecurityConfig("ROLE_TELLER"));
assertEquals(expected, returned);
}
public void testSingleUrlParsing() throws Exception {
FilterInvocationDefinitionSourceEditor editor = new FilterInvocationDefinitionSourceEditor();
editor.setAsText("PATTERN_TYPE_APACHE_ANT\r\n/secure/super/*=ROLE_WE_DONT_HAVE,ANOTHER_ROLE");
DefaultFilterInvocationDefinitionSource map = (DefaultFilterInvocationDefinitionSource) editor.getValue();
MockHttpServletRequest httpRequest = new MockHttpServletRequest(null, null);
httpRequest.setServletPath("/secure/super/very_secret.html");
ConfigAttributeDefinition returned = map.getAttributes(new FilterInvocation(httpRequest,
new MockHttpServletResponse(), new MockFilterChain()));
ConfigAttributeDefinition expected = new ConfigAttributeDefinition();
expected.addConfigAttribute(new SecurityConfig("ROLE_WE_DONT_HAVE"));
expected.addConfigAttribute(new SecurityConfig("ANOTHER_ROLE"));
assertEquals(expected, returned);
}
public void testWhitespaceAndCommentsAndLinesWithoutEqualsSignsAreIgnored() {
FilterInvocationDefinitionSourceEditor editor = new FilterInvocationDefinitionSourceEditor();
editor.setAsText(
" PATTERN_TYPE_APACHE_ANT\r\n /secure/super/*=ROLE_WE_DONT_HAVE\r\n /secure/*=ROLE_SUPERVISOR,ROLE_TELLER \r\n \r\n \r\n // comment line \r\n \r\n");
DefaultFilterInvocationDefinitionSource map = (DefaultFilterInvocationDefinitionSource) editor.getValue();
assertEquals(2, map.getMapSize());
}
}

15
core/src/test/java/org/springframework/security/intercept/web/FilterSecurityInterceptorTests.java
Unescape View File

@ -30,6 +30,8 @@ import org.springframework.security.MockAuthenticationManager; @@ -30,6 +30,8 @@ import org.springframework.security.MockAuthenticationManager;
import org.springframework.security.MockRunAsManager;
import org.springframework.security.RunAsManager;
import org.springframework.security.SecurityConfig;
import org.springframework.security.util.AntUrlPathMatcher;
import org.springframework.security.util.RegexUrlPathMatcher;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
import org.springframework.mock.web.MockHttpServletRequest;
@ -75,11 +77,10 @@ public class FilterSecurityInterceptorTests extends TestCase { @@ -75,11 +77,10 @@ public class FilterSecurityInterceptorTests extends TestCase {
SecurityContextHolder.clearContext();
}
public void testEnsuresAccessDecisionManagerSupportsFilterInvocationClass()
throws Exception {
public void testEnsuresAccessDecisionManagerSupportsFilterInvocationClass() throws Exception {
FilterSecurityInterceptor interceptor = new FilterSecurityInterceptor();
interceptor.setAuthenticationManager(new MockAuthenticationManager());
interceptor.setObjectDefinitionSource(new RegExpBasedFilterInvocationDefinitionMap());
interceptor.setObjectDefinitionSource(new DefaultFilterInvocationDefinitionSource(new RegexUrlPathMatcher()));
interceptor.setRunAsManager(new MockRunAsManager());
interceptor.setAccessDecisionManager(new AccessDecisionManager() {
@ -111,7 +112,7 @@ public class FilterSecurityInterceptorTests extends TestCase { @@ -111,7 +112,7 @@ public class FilterSecurityInterceptorTests extends TestCase {
FilterSecurityInterceptor interceptor = new FilterSecurityInterceptor();
interceptor.setAccessDecisionManager(new MockAccessDecisionManager());
interceptor.setAuthenticationManager(new MockAuthenticationManager());
interceptor.setObjectDefinitionSource(new RegExpBasedFilterInvocationDefinitionMap());
interceptor.setObjectDefinitionSource(new DefaultFilterInvocationDefinitionSource(new RegexUrlPathMatcher()));
interceptor.setRunAsManager(new RunAsManager() {
public boolean supports(Class clazz) {
@ -177,7 +178,8 @@ public class FilterSecurityInterceptorTests extends TestCase { @@ -177,7 +178,8 @@ public class FilterSecurityInterceptorTests extends TestCase {
interceptor.setAccessDecisionManager(new MockAccessDecisionManager());
interceptor.setAuthenticationManager(new MockAuthenticationManager());
RegExpBasedFilterInvocationDefinitionMap fidp = new RegExpBasedFilterInvocationDefinitionMap();
DefaultFilterInvocationDefinitionSource fidp =
new DefaultFilterInvocationDefinitionSource(new RegexUrlPathMatcher());
interceptor.setObjectDefinitionSource(fidp);
interceptor.setRunAsManager(new MockRunAsManager());
interceptor.afterPropertiesSet();
@ -232,7 +234,8 @@ public class FilterSecurityInterceptorTests extends TestCase { @@ -232,7 +234,8 @@ public class FilterSecurityInterceptorTests extends TestCase {
List mappings = new ArrayList(1);
mappings.add(mapping);
PathBasedFilterInvocationDefinitionMap filterInvocationDefinitionSource = new PathBasedFilterInvocationDefinitionMap();
DefaultFilterInvocationDefinitionSource filterInvocationDefinitionSource
= new DefaultFilterInvocationDefinitionSource(new AntUrlPathMatcher());
filterInvocationDefinitionSource.setMappings(mappings);
FilterSecurityInterceptor filter = new FilterSecurityInterceptor();

64
core/src/test/java/org/springframework/security/intercept/web/MockFilterInvocationDefinition.java
Unescape View File

@ -1,64 +0,0 @@ @@ -1,64 +0,0 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.intercept.web;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import org.springframework.security.ConfigAttributeDefinition;
/**
* Mock for {@link FilterInvocationDefinitionMap}
*
* @author <a href="mailto:carlos@apache.org">Carlos Sanchez</a>
* @version $Id: MockFilterInvocationDefinitionSource.java 1496 2006-05-23
* 13:38:33Z benalex $
*/
public class MockFilterInvocationDefinition implements FilterInvocationDefinition {
private Map secureUrls = new HashMap();
private boolean convertUrlToLowercaseBeforeComparison = false;
public void addSecureUrl(String expression, ConfigAttributeDefinition attr) {
secureUrls.put(expression, attr);
}
public boolean isConvertUrlToLowercaseBeforeComparison() {
return convertUrlToLowercaseBeforeComparison;
}
public void setConvertUrlToLowercaseBeforeComparison(boolean convertUrlToLowercaseBeforeComparison) {
this.convertUrlToLowercaseBeforeComparison = convertUrlToLowercaseBeforeComparison;
}
public ConfigAttributeDefinition getSecureUrl(String expression) {
return (ConfigAttributeDefinition) secureUrls.get(expression);
}
public ConfigAttributeDefinition getAttributes(Object object) throws IllegalArgumentException {
return (ConfigAttributeDefinition) secureUrls.get(object);
}
public Iterator getConfigAttributeDefinitions() {
return secureUrls.values().iterator();
}
public boolean supports(Class clazz) {
return true;
}
}

121
core/src/test/java/org/springframework/security/intercept/web/RegExpBasedFilterDefinitionMapTests.java
Unescape View File

@ -1,121 +0,0 @@ @@ -1,121 +0,0 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.intercept.web;
import junit.framework.TestCase;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.MockFilterChain;
import org.springframework.security.SecurityConfig;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
/**
* Tests parts of {@link RegExpBasedFilterInvocationDefinitionMap} not tested by {@link
* FilterInvocationDefinitionSourceEditorTests}.
*
* @author Ben Alex
* @version $Id$
*/
public class RegExpBasedFilterDefinitionMapTests extends TestCase {
//~ Constructors ===================================================================================================
public RegExpBasedFilterDefinitionMapTests() {
}
public RegExpBasedFilterDefinitionMapTests(String arg0) {
super(arg0);
}
//~ Methods ========================================================================================================
public void testConvertUrlToLowercaseIsFalseByDefault() {
RegExpBasedFilterInvocationDefinitionMap map = new RegExpBasedFilterInvocationDefinitionMap();
assertFalse(map.isConvertUrlToLowercaseBeforeComparison());
}
public void testConvertUrlToLowercaseSetterRespected() {
RegExpBasedFilterInvocationDefinitionMap map = new RegExpBasedFilterInvocationDefinitionMap();
map.setConvertUrlToLowercaseBeforeComparison(true);
assertTrue(map.isConvertUrlToLowercaseBeforeComparison());
}
public void testLookupNotRequiringExactMatchSuccessIfNotMatching() {
RegExpBasedFilterInvocationDefinitionMap map = new RegExpBasedFilterInvocationDefinitionMap();
map.setConvertUrlToLowercaseBeforeComparison(true);
assertTrue(map.isConvertUrlToLowercaseBeforeComparison());
ConfigAttributeDefinition def = new ConfigAttributeDefinition();
def.addConfigAttribute(new SecurityConfig("ROLE_ONE"));
map.addSecureUrl("\\A/secure/super.*\\Z", def);
// Build a HTTP request
MockHttpServletRequest request = new MockHttpServletRequest();
request.setRequestURI(null);
MockHttpServletRequest req = request;
req.setServletPath("/SeCuRE/super/somefile.html");
FilterInvocation fi = new FilterInvocation(req, new MockHttpServletResponse(), new MockFilterChain());
ConfigAttributeDefinition response = map.lookupAttributes(fi.getRequestUrl());
assertEquals(def, response);
}
public void testLookupRequiringExactMatchFailsIfNotMatching() {
RegExpBasedFilterInvocationDefinitionMap map = new RegExpBasedFilterInvocationDefinitionMap();
assertFalse(map.isConvertUrlToLowercaseBeforeComparison());
ConfigAttributeDefinition def = new ConfigAttributeDefinition();
def.addConfigAttribute(new SecurityConfig("ROLE_ONE"));
map.addSecureUrl("\\A/secure/super.*\\Z", def);
// Build a HTTP request
MockHttpServletRequest request = new MockHttpServletRequest();
request.setRequestURI(null);
MockHttpServletRequest req = request;
req.setServletPath("/SeCuRE/super/somefile.html");
FilterInvocation fi = new FilterInvocation(req, new MockHttpServletResponse(), new MockFilterChain());
ConfigAttributeDefinition response = map.lookupAttributes(fi.getRequestUrl());
assertEquals(null, response);
}
public void testLookupRequiringExactMatchIsSuccessful() {
RegExpBasedFilterInvocationDefinitionMap map = new RegExpBasedFilterInvocationDefinitionMap();
assertFalse(map.isConvertUrlToLowercaseBeforeComparison());
ConfigAttributeDefinition def = new ConfigAttributeDefinition();
def.addConfigAttribute(new SecurityConfig("ROLE_ONE"));
map.addSecureUrl("\\A/secure/super.*\\Z", def);
// Build a HTTP request
MockHttpServletRequest request = new MockHttpServletRequest();
request.setRequestURI(null);
MockHttpServletRequest req = request;
req.setServletPath("/secure/super/somefile.html");
FilterInvocation fi = new FilterInvocation(req, new MockHttpServletResponse(), new MockFilterChain());
ConfigAttributeDefinition response = map.lookupAttributes(fi.getRequestUrl());
assertEquals(def, response);
}
}

5
core/src/test/java/org/springframework/security/util/FilterChainProxyTests.java
Unescape View File

@ -30,7 +30,7 @@ import org.springframework.security.MockApplicationContext; @@ -30,7 +30,7 @@ import org.springframework.security.MockApplicationContext;
import org.springframework.security.MockFilterConfig;
import org.springframework.security.context.HttpSessionContextIntegrationFilter;
import org.springframework.security.intercept.web.MockFilterInvocationDefinitionSource;
import org.springframework.security.intercept.web.PathBasedFilterInvocationDefinitionMap;
import org.springframework.security.intercept.web.DefaultFilterInvocationDefinitionSource;
import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;
import java.util.List;
@ -82,7 +82,8 @@ public class FilterChainProxyTests { @@ -82,7 +82,8 @@ public class FilterChainProxyTests {
ConfigAttributeDefinition cad = new ConfigAttributeDefinition();
cad.addConfigAttribute(new MockConfigAttribute());
PathBasedFilterInvocationDefinitionMap fids = new PathBasedFilterInvocationDefinitionMap();
DefaultFilterInvocationDefinitionSource fids =
new DefaultFilterInvocationDefinitionSource(new AntUrlPathMatcher());
fids.addSecureUrl("/**", cad);
filterChainProxy.setFilterInvocationDefinitionSource(fids);

Write Preview
Loading…
Cancel
Save