config) throws IOException, ServletException {
- if ((invocation == null) || (config == null)) {
- throw new IllegalArgumentException("Nulls cannot be provided");
- }
-
- CaptchaSecurityContext context = null;
- context = (CaptchaSecurityContext) SecurityContextHolder.getContext();
-
- Iterator iter = config.iterator();
-
- while (iter.hasNext()) {
- ConfigAttribute attribute = (ConfigAttribute) iter.next();
-
- if (supports(attribute)) {
- logger.debug("supports this attribute : " + attribute);
-
- if (!isContextValidConcerningHumanity(context)) {
- logger.debug("context is not allowed to access ressource, redirect to captcha entry point");
- redirectToEntryPoint(invocation);
- } else {
- logger.debug("has been successfully checked this keyword, increment request count");
- context.incrementHumanRestrictedResourcesRequestsCount();
- }
- } else {
- logger.debug("do not support this attribute");
- }
- }
- }
-
- public ChannelEntryPoint getEntryPoint() {
- return entryPoint;
- }
-
- public String getKeyword() {
- return keyword;
- }
-
- public int getThreshold() {
- return thresold;
- }
-
- abstract boolean isContextValidConcerningHumanity(CaptchaSecurityContext context);
-
- private void redirectToEntryPoint(FilterInvocation invocation)
- throws IOException, ServletException {
- if (logger.isDebugEnabled()) {
- logger.debug("context is not valid : redirecting to entry point");
- }
-
- entryPoint.commence(invocation.getRequest(), invocation.getResponse());
- }
-
- public void setEntryPoint(ChannelEntryPoint entryPoint) {
- this.entryPoint = entryPoint;
- }
-
- public void setKeyword(String keyword) {
- this.keyword = keyword;
- }
-
- public void setThreshold(int thresold) {
- this.thresold = thresold;
- }
-
- public boolean supports(ConfigAttribute attribute) {
- if ((attribute != null) && (keyword.equals(attribute.getAttribute()))) {
- return true;
- } else {
- return false;
- }
- }
-}
diff --git a/sandbox/captcha/src/main/java/org/springframework/security/captcha/CaptchaEntryPoint.java b/sandbox/captcha/src/main/java/org/springframework/security/captcha/CaptchaEntryPoint.java
deleted file mode 100644
index 6a6ac74570..0000000000
--- a/sandbox/captcha/src/main/java/org/springframework/security/captcha/CaptchaEntryPoint.java
+++ /dev/null
@@ -1,393 +0,0 @@
-/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.captcha;
-
-import org.springframework.security.securechannel.ChannelEntryPoint;
-
-import org.springframework.security.util.PortMapper;
-import org.springframework.security.util.PortMapperImpl;
-import org.springframework.security.util.PortResolver;
-import org.springframework.security.util.PortResolverImpl;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-import org.springframework.beans.factory.InitializingBean;
-
-import org.springframework.util.Assert;
-
-import java.io.IOException;
-import java.io.UnsupportedEncodingException;
-
-import java.net.URLEncoder;
-
-import java.util.Enumeration;
-
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-
-/**
- * The captcha entry point : redirect to the captcha test page.
- *
- * This entry point can force the use of SSL : see {@link #getForceHttps()}
- *
- * This entry point allows internal OR external redirect : see {@link #setOutsideWebApp(boolean)}
- * / Original request can be added to the redirect path using a custom translation : see
- * {@link #setIncludeOriginalRequest(boolean)}
- * The original request is translated using URLEncoding and the following translation mapping in the redirect url :
- *
- * - original url => {@link #getOriginalRequestUrlParameterName()}
- * - If {@link #isIncludeOriginalParameters()}
- * - original method => {@link #getOriginalRequestMethodParameterName()}
- * - original parameters => {@link #getOriginalRequestParametersParameterName()}
- * - The original parameters string is contructed using :
- *
- * - a parameter separator {@link #getOriginalRequestParametersSeparator()}
- * - a parameter name value pair separator for each parameter {@link
- * #getOriginalRequestParametersNameValueSeparator()}
- *
- *
- *
- *
- * Default values :
- *
- * forceHttps = false
- * includesOriginalRequest = true
- * includesOriginalParameters = false
- * isOutsideWebApp = false
- * originalRequestUrlParameterName = original_requestUrl
- * originalRequestParametersParameterName = original_request_parameters
- * originalRequestParametersNameValueSeparator = __
- * originalRequestParametersSeparator = ;;
- * originalRequestMethodParameterName = original_request_method
- * urlEncodingCharset = UTF-8
- *
- *
- *
- * @author Marc-Antoine Garrigue
- * @version $Id$
- */
-public class CaptchaEntryPoint implements ChannelEntryPoint, InitializingBean {
- //~ Static fields/initializers =====================================================================================
-
- private static final Log logger = LogFactory.getLog(CaptchaEntryPoint.class);
-
- //~ Instance fields ================================================================================================
-
- private PortMapper portMapper = new PortMapperImpl();
- private PortResolver portResolver = new PortResolverImpl();
- private String captchaFormUrl;
- private String originalRequestMethodParameterName = "original_request_method";
- private String originalRequestParametersNameValueSeparator = "__";
- private String originalRequestParametersParameterName = "original_request_parameters";
- private String originalRequestParametersSeparator = ";;";
- private String originalRequestUrlParameterName = "original_requestUrl";
- private String urlEncodingCharset = "UTF-8";
- private boolean forceHttps = false;
- private boolean includeOriginalParameters = false;
- private boolean includeOriginalRequest = true;
- private boolean isOutsideWebApp = false;
-
- //~ Methods ========================================================================================================
-
- public void afterPropertiesSet() throws Exception {
- Assert.hasLength(captchaFormUrl, "captchaFormUrl must be specified");
- Assert.hasLength(originalRequestMethodParameterName, "originalRequestMethodParameterName must be specified");
- Assert.hasLength(originalRequestParametersNameValueSeparator,
- "originalRequestParametersNameValueSeparator must be specified");
- Assert.hasLength(originalRequestParametersParameterName,
- "originalRequestParametersParameterName must be specified");
- Assert.hasLength(originalRequestParametersSeparator, "originalRequestParametersSeparator must be specified");
- Assert.hasLength(originalRequestUrlParameterName, "originalRequestUrlParameterName must be specified");
- Assert.hasLength(urlEncodingCharset, "urlEncodingCharset must be specified");
- Assert.notNull(portMapper, "portMapper must be specified");
- Assert.notNull(portResolver, "portResolver must be specified");
- URLEncoder.encode(" fzaef é& à ", urlEncodingCharset);
- }
-
- private void buildInternalRedirect(StringBuffer redirectUrl, HttpServletRequest req) {
- // construct it
- StringBuffer simpleRedirect = new StringBuffer();
-
- String scheme = req.getScheme();
- String serverName = req.getServerName();
- int serverPort = portResolver.getServerPort(req);
- String contextPath = req.getContextPath();
- boolean includePort = true;
-
- if ("http".equals(scheme.toLowerCase()) && (serverPort == 80)) {
- includePort = false;
- }
-
- if ("https".equals(scheme.toLowerCase()) && (serverPort == 443)) {
- includePort = false;
- }
-
- simpleRedirect.append(scheme);
- simpleRedirect.append("://");
- simpleRedirect.append(serverName);
-
- if (includePort) {
- simpleRedirect.append(":");
- simpleRedirect.append(serverPort);
- }
-
- simpleRedirect.append(contextPath);
- simpleRedirect.append(captchaFormUrl);
-
- if (forceHttps && req.getScheme().equals("http")) {
- Integer httpPort = new Integer(portResolver.getServerPort(req));
- Integer httpsPort = (Integer) portMapper.lookupHttpsPort(httpPort);
-
- if (httpsPort != null) {
- if (httpsPort.intValue() == 443) {
- includePort = false;
- } else {
- includePort = true;
- }
-
- redirectUrl.append("https://");
- redirectUrl.append(serverName);
-
- if (includePort) {
- redirectUrl.append(":");
- redirectUrl.append(httpsPort);
- }
-
- redirectUrl.append(contextPath);
- redirectUrl.append(captchaFormUrl);
- } else {
- redirectUrl.append(simpleRedirect);
- }
- } else {
- redirectUrl.append(simpleRedirect);
- }
- }
-
- public void commence(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
- StringBuffer redirectUrl = new StringBuffer();
- HttpServletRequest req = (HttpServletRequest) request;
-
- if (isOutsideWebApp) {
- redirectUrl = redirectUrl.append(captchaFormUrl);
- } else {
- buildInternalRedirect(redirectUrl, req);
- }
-
- if (includeOriginalRequest) {
- includeOriginalRequest(redirectUrl, req);
- }
-
- // add post parameter? DONE!
- if (logger.isDebugEnabled()) {
- logger.debug("Redirecting to: " + redirectUrl);
- }
-
- ((HttpServletResponse) response).sendRedirect(redirectUrl.toString());
- }
-
- /**
- *
- * @return the captcha test page to redirect to.
- */
- public String getCaptchaFormUrl() {
- return captchaFormUrl;
- }
-
- public boolean getForceHttps() {
- return forceHttps;
- }
-
- public String getOriginalRequestMethodParameterName() {
- return originalRequestMethodParameterName;
- }
-
- public String getOriginalRequestParametersNameValueSeparator() {
- return originalRequestParametersNameValueSeparator;
- }
-
- public String getOriginalRequestParametersParameterName() {
- return originalRequestParametersParameterName;
- }
-
- public String getOriginalRequestParametersSeparator() {
- return originalRequestParametersSeparator;
- }
-
- public String getOriginalRequestUrlParameterName() {
- return originalRequestUrlParameterName;
- }
-
- public PortMapper getPortMapper() {
- return portMapper;
- }
-
- public PortResolver getPortResolver() {
- return portResolver;
- }
-
- public String getUrlEncodingCharset() {
- return urlEncodingCharset;
- }
-
- private void includeOriginalRequest(StringBuffer redirectUrl, HttpServletRequest req) {
- // add original request to the url
- if (redirectUrl.indexOf("?") >= 0) {
- redirectUrl.append("&");
- } else {
- redirectUrl.append("?");
- }
-
- redirectUrl.append(originalRequestUrlParameterName);
- redirectUrl.append("=");
-
- try {
- redirectUrl.append(URLEncoder.encode(req.getRequestURL().toString(), urlEncodingCharset));
- } catch (UnsupportedEncodingException e) {
- logger.warn(e);
- }
-
- //append method
- redirectUrl.append("&");
- redirectUrl.append(originalRequestMethodParameterName);
- redirectUrl.append("=");
- redirectUrl.append(req.getMethod());
-
- if (includeOriginalParameters) {
- // append query params
- redirectUrl.append("&");
- redirectUrl.append(originalRequestParametersParameterName);
- redirectUrl.append("=");
-
- StringBuffer qp = new StringBuffer();
- Enumeration parameters = req.getParameterNames();
-
- if ((parameters != null) && parameters.hasMoreElements()) {
- //qp.append("?");
- while (parameters.hasMoreElements()) {
- String name = parameters.nextElement().toString();
- String value = req.getParameter(name);
- qp.append(name);
- qp.append(originalRequestParametersNameValueSeparator);
- qp.append(value);
-
- if (parameters.hasMoreElements()) {
- qp.append(originalRequestParametersSeparator);
- }
- }
- }
-
- try {
- redirectUrl.append(URLEncoder.encode(qp.toString(), urlEncodingCharset));
- } catch (Exception e) {
- logger.warn(e);
- }
- }
- }
-
- public boolean isIncludeOriginalParameters() {
- return includeOriginalParameters;
- }
-
- public boolean isIncludeOriginalRequest() {
- return includeOriginalRequest;
- }
-
- public boolean isOutsideWebApp() {
- return isOutsideWebApp;
- }
-
- /**
- * The URL where the CaptchaProcessingFilter login page can be found. Should be relative to
- * the web-app context path, and include a leading /
- *
- * @param captchaFormUrl
- */
- public void setCaptchaFormUrl(String captchaFormUrl) {
- this.captchaFormUrl = captchaFormUrl;
- }
-
- /**
- * Set to true to force captcha form access to be via https. If this value is true (the default is false),
- * and the incoming request for the protected resource which triggered the interceptor was not already
- * https, then
- *
- * @param forceHttps
- */
- public void setForceHttps(boolean forceHttps) {
- this.forceHttps = forceHttps;
- }
-
- public void setIncludeOriginalParameters(boolean includeOriginalParameters) {
- this.includeOriginalParameters = includeOriginalParameters;
- }
-
- /**
- * If set to true, the original request url will be appended to the redirect url using the {@link
- * #getOriginalRequestUrlParameterName()}.
- *
- * @param includeOriginalRequest
- */
- public void setIncludeOriginalRequest(boolean includeOriginalRequest) {
- this.includeOriginalRequest = includeOriginalRequest;
- }
-
- public void setOriginalRequestMethodParameterName(String originalRequestMethodParameterName) {
- this.originalRequestMethodParameterName = originalRequestMethodParameterName;
- }
-
- public void setOriginalRequestParametersNameValueSeparator(String originalRequestParametersNameValueSeparator) {
- this.originalRequestParametersNameValueSeparator = originalRequestParametersNameValueSeparator;
- }
-
- public void setOriginalRequestParametersParameterName(String originalRequestParametersParameterName) {
- this.originalRequestParametersParameterName = originalRequestParametersParameterName;
- }
-
- public void setOriginalRequestParametersSeparator(String originalRequestParametersSeparator) {
- this.originalRequestParametersSeparator = originalRequestParametersSeparator;
- }
-
- public void setOriginalRequestUrlParameterName(String originalRequestUrlParameterName) {
- this.originalRequestUrlParameterName = originalRequestUrlParameterName;
- }
-
- /**
- * if set to true, the {@link #commence(ServletRequest, ServletResponse)} method uses the {@link
- * #getCaptchaFormUrl()} as a complete URL, else it as a 'inside WebApp' path.
- *
- * @param isOutsideWebApp
- */
- public void setOutsideWebApp(boolean isOutsideWebApp) {
- this.isOutsideWebApp = isOutsideWebApp;
- }
-
- public void setPortMapper(PortMapper portMapper) {
- this.portMapper = portMapper;
- }
-
- public void setPortResolver(PortResolver portResolver) {
- this.portResolver = portResolver;
- }
-
- public void setUrlEncodingCharset(String urlEncodingCharset) {
- this.urlEncodingCharset = urlEncodingCharset;
- }
-}
diff --git a/sandbox/captcha/src/main/java/org/springframework/security/captcha/CaptchaSecurityContext.java b/sandbox/captcha/src/main/java/org/springframework/security/captcha/CaptchaSecurityContext.java
deleted file mode 100644
index d79f53d047..0000000000
--- a/sandbox/captcha/src/main/java/org/springframework/security/captcha/CaptchaSecurityContext.java
+++ /dev/null
@@ -1,57 +0,0 @@
-/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.captcha;
-
-import org.springframework.security.context.SecurityContext;
-
-
-/**
- * Interface that adds humanity concerns to the SecurityContext
- *
- * @author Marc-Antoine Garrigue
- * @version $Id$
- */
-public interface CaptchaSecurityContext extends SecurityContext {
- //~ Methods ========================================================================================================
-
- /**
- *
- * @return the number of human restricted resources requested since the last passed captcha.
- */
- int getHumanRestrictedResourcesRequestsCount();
-
- /**
- *
- * @return the date of the last passed Captcha in millis, 0 if the user never passed captcha.
- */
- long getLastPassedCaptchaDateInMillis();
-
- /**
- * Increments the human Restricted Resources Requests Count.
- */
- void incrementHumanRestrictedResourcesRequestsCount();
-
- /**
- *
- * @return true if the current user has already passed a captcha.
- */
- boolean isHuman();
-
- /**
- * set human attribute, should be called after captcha validation.
- */
- void setHuman();
-}
diff --git a/sandbox/captcha/src/main/java/org/springframework/security/captcha/CaptchaSecurityContextImpl.java b/sandbox/captcha/src/main/java/org/springframework/security/captcha/CaptchaSecurityContextImpl.java
deleted file mode 100644
index e4a20081be..0000000000
--- a/sandbox/captcha/src/main/java/org/springframework/security/captcha/CaptchaSecurityContextImpl.java
+++ /dev/null
@@ -1,105 +0,0 @@
-/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.captcha;
-
-import org.springframework.security.context.SecurityContextImpl;
-
-
-/**
- * Default CaptchaSecurityContext implementation
- *
- * @author Marc-Antoine Garrigue
- * @version $Id$
- */
-public class CaptchaSecurityContextImpl extends SecurityContextImpl implements CaptchaSecurityContext {
- //~ Instance fields ================================================================================================
-
- private boolean human;
- private int humanRestrictedResourcesRequestsCount;
- private long lastPassedCaptchaDate;
-
- //~ Constructors ===================================================================================================
-
- public CaptchaSecurityContextImpl() {
- human = false;
- lastPassedCaptchaDate = 0;
- humanRestrictedResourcesRequestsCount = 0;
- }
-
- //~ Methods ========================================================================================================
-
- public boolean equals(Object obj) {
- if (obj instanceof CaptchaSecurityContextImpl) {
- CaptchaSecurityContextImpl rhs = (CaptchaSecurityContextImpl) obj;
-
- if (this.isHuman() != rhs.isHuman()) {
- return false;
- }
-
- if (this.getHumanRestrictedResourcesRequestsCount() != rhs.getHumanRestrictedResourcesRequestsCount()) {
- return false;
- }
-
- if (this.getLastPassedCaptchaDateInMillis() != rhs.getLastPassedCaptchaDateInMillis()) {
- return false;
- }
-
- return super.equals(obj);
- }
-
- return false;
- }
-
- public int getHumanRestrictedResourcesRequestsCount() {
- return humanRestrictedResourcesRequestsCount;
- }
-
- public long getLastPassedCaptchaDateInMillis() {
- return lastPassedCaptchaDate;
- }
-
- public int hashCode() {
- int code = super.hashCode();
- code ^= this.humanRestrictedResourcesRequestsCount;
- code ^= this.lastPassedCaptchaDate;
-
- if (this.isHuman()) {
- code ^= -37;
- }
-
- return code;
- }
-
- /**
- * Method to increment the human Restricted Resources Requests Count;
- */
- public void incrementHumanRestrictedResourcesRequestsCount() {
- humanRestrictedResourcesRequestsCount++;
- }
-
- public boolean isHuman() {
- return human;
- }
-
- /**
- * Reset the lastPassedCaptchaDate and count.
- */
- public void setHuman() {
- this.human = true;
- this.lastPassedCaptchaDate = System.currentTimeMillis();
- this.humanRestrictedResourcesRequestsCount = 0;
- }
-}
diff --git a/sandbox/captcha/src/main/java/org/springframework/security/captcha/CaptchaServiceProxy.java b/sandbox/captcha/src/main/java/org/springframework/security/captcha/CaptchaServiceProxy.java
deleted file mode 100644
index 0aa9597647..0000000000
--- a/sandbox/captcha/src/main/java/org/springframework/security/captcha/CaptchaServiceProxy.java
+++ /dev/null
@@ -1,35 +0,0 @@
-/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.captcha;
-
-/**
- * Provide a common interface for captcha validation.
- *
- * @author Marc-Antoine Garrigue
- * @version $Id$
- */
-public interface CaptchaServiceProxy {
- //~ Methods ========================================================================================================
-
- /**
- *
- * @param id the id token
- * @param captchaResponse the user response
- *
- * @return true if the response is validated by the back end captcha service.
- */
- boolean validateReponseForId(String id, Object captchaResponse);
-}
diff --git a/sandbox/captcha/src/main/java/org/springframework/security/captcha/CaptchaValidationProcessingFilter.java b/sandbox/captcha/src/main/java/org/springframework/security/captcha/CaptchaValidationProcessingFilter.java
deleted file mode 100644
index eeb6c9bbcc..0000000000
--- a/sandbox/captcha/src/main/java/org/springframework/security/captcha/CaptchaValidationProcessingFilter.java
+++ /dev/null
@@ -1,140 +0,0 @@
-/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.captcha;
-
-import org.springframework.security.context.SecurityContextHolder;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-import org.springframework.beans.factory.InitializingBean;
-
-import java.io.IOException;
-
-import javax.servlet.*;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpSession;
-
-
-/**
- * Filter for web integration of the {@link CaptchaServiceProxy}.
- *
- * It basically intercept calls containing the specific validation parameter, uses the {@link CaptchaServiceProxy} to
- * validate the request, and update the {@link CaptchaSecurityContext} if the request passed the validation.
- *
- * This Filter should be placed after the ContextIntegration filter and before the {@link
- * CaptchaChannelProcessorTemplate} filter in the filter stack in order to update the {@link CaptchaSecurityContext}
- * before the humanity verification routine occurs.
- *
- * This filter should only be used in conjunction with the {@link CaptchaSecurityContext}
- *
- * @author marc antoine Garrigue
- * @version $Id$
- */
-public class CaptchaValidationProcessingFilter implements InitializingBean, Filter {
- //~ Static fields/initializers =====================================================================================
-
- protected static final Log logger = LogFactory.getLog(CaptchaValidationProcessingFilter.class);
-
- //~ Instance fields ================================================================================================
-
- private CaptchaServiceProxy captchaService;
- private String captchaValidationParameter = "_captcha_parameter";
-
- //~ Methods ========================================================================================================
-
- public void afterPropertiesSet() throws Exception {
- if (this.captchaService == null) {
- throw new IllegalArgumentException("CaptchaServiceProxy must be defined ");
- }
-
- if ((this.captchaValidationParameter == null) || "".equals(captchaValidationParameter)) {
- throw new IllegalArgumentException("captchaValidationParameter must not be empty or null");
- }
- }
-
- /**
- * Does nothing. We use IoC container lifecycle services instead.
- */
- public void destroy() {}
-
- public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
- throws IOException, ServletException {
- String captchaResponse = request.getParameter(captchaValidationParameter);
-
- if ((request != null) && request instanceof HttpServletRequest && (captchaResponse != null)) {
- logger.debug("captcha validation parameter found");
-
- // validate the request against CaptchaServiceProxy
- boolean valid = false;
-
- logger.debug("try to validate");
-
- //get session
- HttpSession session = ((HttpServletRequest) request).getSession();
-
- if (session != null) {
- String id = session.getId();
- valid = this.captchaService.validateReponseForId(id, captchaResponse);
- logger.debug("captchaServiceProxy says : request is valid = " + valid);
-
- if (valid) {
- logger.debug("update the context");
- ((CaptchaSecurityContext) SecurityContextHolder.getContext()).setHuman();
-
- //logger.debug("retrieve original request from ")
- } else {
- logger.debug("captcha test failed");
- }
- } else {
- logger.debug("no session found, user don't even ask a captcha challenge");
- }
- } else {
- logger.debug("captcha validation parameter not found, do nothing");
- }
-
- if (logger.isDebugEnabled()) {
- logger.debug("chain ...");
- }
-
- chain.doFilter(request, response);
- }
-
- public CaptchaServiceProxy getCaptchaService() {
- return captchaService;
- }
-
- public String getCaptchaValidationParameter() {
- return captchaValidationParameter;
- }
-
- /**
- * Does nothing. We use IoC container lifecycle services instead.
- *
- * @param filterConfig ignored
- *
- * @throws ServletException ignored
- */
- public void init(FilterConfig filterConfig) throws ServletException {}
-
- public void setCaptchaService(CaptchaServiceProxy captchaService) {
- this.captchaService = captchaService;
- }
-
- public void setCaptchaValidationParameter(String captchaValidationParameter) {
- this.captchaValidationParameter = captchaValidationParameter;
- }
-}
diff --git a/sandbox/captcha/src/main/java/org/springframework/security/captcha/TestOnceAfterMaxRequestsCaptchaChannelProcessor.java b/sandbox/captcha/src/main/java/org/springframework/security/captcha/TestOnceAfterMaxRequestsCaptchaChannelProcessor.java
deleted file mode 100644
index 3e7d9f60c3..0000000000
--- a/sandbox/captcha/src/main/java/org/springframework/security/captcha/TestOnceAfterMaxRequestsCaptchaChannelProcessor.java
+++ /dev/null
@@ -1,50 +0,0 @@
-/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.captcha;
-
-/**
- * Return false if any CaptchaChannelProcessorTemplate mapped urls have been requested more than threshold and
- * humanity is false;
- * Default keyword : REQUIRES_CAPTCHA_ONCE_ABOVE_THRESHOLD_REQUESTS
- *
- * @author Marc-Antoine Garrigue
- * @version $Id$
- */
-public class TestOnceAfterMaxRequestsCaptchaChannelProcessor extends CaptchaChannelProcessorTemplate {
- //~ Static fields/initializers =====================================================================================
-
- public static final String DEFAULT_KEYWORD = "REQUIRES_CAPTCHA_ONCE_ABOVE_THRESHOLD_REQUESTS";
-
- //~ Constructors ===================================================================================================
-
- public TestOnceAfterMaxRequestsCaptchaChannelProcessor() {
- this.setKeyword(DEFAULT_KEYWORD);
- }
-
- //~ Methods ========================================================================================================
-
- boolean isContextValidConcerningHumanity(CaptchaSecurityContext context) {
- if (context.isHuman() || (context.getHumanRestrictedResourcesRequestsCount() < getThreshold())) {
- logger.debug("context is valid concerning humanity or request count < threshold");
-
- return true;
- } else {
- logger.debug("context is not valid concerning humanity and request count > threshold");
-
- return false;
- }
- }
-}
diff --git a/sandbox/captcha/src/main/java/org/springframework/security/captcha/package.html b/sandbox/captcha/src/main/java/org/springframework/security/captcha/package.html
deleted file mode 100644
index 8ae2702220..0000000000
--- a/sandbox/captcha/src/main/java/org/springframework/security/captcha/package.html
+++ /dev/null
@@ -1,12 +0,0 @@
-
-
-Captcha classes. Contains :
-
- - a CaptchaSecurityContext that overrides the default SecurityContext and holds some captcha related informations
- - an abstract CaptchaChannelProcessorTemplate and its implementations that test this context according to the configuration
- - a CaptchaServiceProxy and a CaptchaValidationProcessingFilter that alows to validate a captcha response and to update the CaptchaSecurity
- - a CaptchaEntryPoint that redirects to a captcha page if the CaptchaChannelProcessor implementation decide so
-
-
-
-
diff --git a/sandbox/captcha/src/test/java/org/springframework/security/captcha/AlwaysTestAfterMaxRequestsCaptchaChannelProcessorTests.java b/sandbox/captcha/src/test/java/org/springframework/security/captcha/AlwaysTestAfterMaxRequestsCaptchaChannelProcessorTests.java
deleted file mode 100644
index 51444843a7..0000000000
--- a/sandbox/captcha/src/test/java/org/springframework/security/captcha/AlwaysTestAfterMaxRequestsCaptchaChannelProcessorTests.java
+++ /dev/null
@@ -1,63 +0,0 @@
-/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.captcha;
-
-import junit.framework.TestCase;
-
-
-/**
- * @author Marc-Antoine Garrigue
- */
-public class AlwaysTestAfterMaxRequestsCaptchaChannelProcessorTests extends TestCase {
- //~ Instance fields ================================================================================================
-
- AlwaysTestAfterMaxRequestsCaptchaChannelProcessor alwaysTestAfterMaxRequestsCaptchaChannelProcessor;
-
- //~ Methods ========================================================================================================
-
- protected void setUp() throws Exception {
- super.setUp();
- alwaysTestAfterMaxRequestsCaptchaChannelProcessor = new AlwaysTestAfterMaxRequestsCaptchaChannelProcessor();
- }
-
- public void testIsContextValidConcerningHumanity()
- throws Exception {
- alwaysTestAfterMaxRequestsCaptchaChannelProcessor.setThreshold(1);
-
- CaptchaSecurityContextImpl context = new CaptchaSecurityContextImpl();
- assertTrue(alwaysTestAfterMaxRequestsCaptchaChannelProcessor.isContextValidConcerningHumanity(context));
-
- context.incrementHumanRestrictedResourcesRequestsCount();
-
- alwaysTestAfterMaxRequestsCaptchaChannelProcessor.setThreshold(-1);
- assertFalse(alwaysTestAfterMaxRequestsCaptchaChannelProcessor.isContextValidConcerningHumanity(context));
-
- alwaysTestAfterMaxRequestsCaptchaChannelProcessor.setThreshold(3);
- assertTrue(alwaysTestAfterMaxRequestsCaptchaChannelProcessor.isContextValidConcerningHumanity(context));
- context.incrementHumanRestrictedResourcesRequestsCount();
- assertTrue(alwaysTestAfterMaxRequestsCaptchaChannelProcessor.isContextValidConcerningHumanity(context));
- context.incrementHumanRestrictedResourcesRequestsCount();
- assertFalse(alwaysTestAfterMaxRequestsCaptchaChannelProcessor.isContextValidConcerningHumanity(context));
- }
-
- public void testNewContext() {
- CaptchaSecurityContextImpl context = new CaptchaSecurityContextImpl();
-
- assertFalse(alwaysTestAfterMaxRequestsCaptchaChannelProcessor.isContextValidConcerningHumanity(context));
- alwaysTestAfterMaxRequestsCaptchaChannelProcessor.setThreshold(1);
- assertTrue(alwaysTestAfterMaxRequestsCaptchaChannelProcessor.isContextValidConcerningHumanity(context));
- }
-}
diff --git a/sandbox/captcha/src/test/java/org/springframework/security/captcha/AlwaysTestAfterTimeInMillisCaptchaChannelProcessorTests.java b/sandbox/captcha/src/test/java/org/springframework/security/captcha/AlwaysTestAfterTimeInMillisCaptchaChannelProcessorTests.java
deleted file mode 100644
index a3e65d3450..0000000000
--- a/sandbox/captcha/src/test/java/org/springframework/security/captcha/AlwaysTestAfterTimeInMillisCaptchaChannelProcessorTests.java
+++ /dev/null
@@ -1,84 +0,0 @@
-/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.captcha;
-
-import junit.framework.*;
-
-import org.springframework.security.captcha.AlwaysTestAfterTimeInMillisCaptchaChannelProcessor;
-
-
-/**
- * WARNING! This test class make some assumptions concerning the compute speed! For example the two following
- * instructions should be computed in the same millis or the test is not valid.context.setHuman();
- * assertFalse(alwaysTestAfterTimeInMillisCaptchaChannelProcessor.isContextValidConcerningHumanity(context));
- *
This should be the case for most environements unless
- *
- * - you run it on a good old TRS-80
- * - you start M$office during this test ;)
- *
- */
-public class AlwaysTestAfterTimeInMillisCaptchaChannelProcessorTests extends TestCase {
- //~ Instance fields ================================================================================================
-
- AlwaysTestAfterTimeInMillisCaptchaChannelProcessor alwaysTestAfterTimeInMillisCaptchaChannelProcessor;
-
- //~ Methods ========================================================================================================
-
- protected void setUp() throws Exception {
- super.setUp();
- alwaysTestAfterTimeInMillisCaptchaChannelProcessor = new AlwaysTestAfterTimeInMillisCaptchaChannelProcessor();
- }
-
- public void testEqualsThresold() {
- CaptchaSecurityContext context = new CaptchaSecurityContextImpl();
- assertFalse(alwaysTestAfterTimeInMillisCaptchaChannelProcessor.isContextValidConcerningHumanity(context));
-
- //the two following instructions should be computed or the test is not valid (never fails). This should be the case
- // for most environements unless if you run it on a good old TRS-80 (thanks mom).
- context.setHuman();
- assertFalse(alwaysTestAfterTimeInMillisCaptchaChannelProcessor.isContextValidConcerningHumanity(context));
- }
-/* Commented out as it makes assumptions about the speed of the build server and fails intermittently on
- build.springframework.org - L.T.
-
- public void testIsContextValidConcerningHumanity()
- throws Exception {
- CaptchaSecurityContext context = new CaptchaSecurityContextImpl();
- alwaysTestAfterTimeInMillisCaptchaChannelProcessor.setThreshold(100);
- context.setHuman();
-
- while ((System.currentTimeMillis() - context.getLastPassedCaptchaDateInMillis()) < alwaysTestAfterTimeInMillisCaptchaChannelProcessor
- .getThreshold()) {
- assertTrue(alwaysTestAfterTimeInMillisCaptchaChannelProcessor.isContextValidConcerningHumanity(context));
- context.incrementHumanRestrictedRessoucesRequestsCount();
-
- long now = System.currentTimeMillis();
-
- while ((System.currentTimeMillis() - now) < 1) {}
-
- ;
- }
-
- assertFalse(alwaysTestAfterTimeInMillisCaptchaChannelProcessor.isContextValidConcerningHumanity(context));
- }
-*/
- public void testNewContext() {
- CaptchaSecurityContext context = new CaptchaSecurityContextImpl();
-
- //alwaysTestAfterTimeInMillisCaptchaChannelProcessor.setThreshold(10);
- assertFalse(alwaysTestAfterTimeInMillisCaptchaChannelProcessor.isContextValidConcerningHumanity(context));
- }
-}
diff --git a/sandbox/captcha/src/test/java/org/springframework/security/captcha/AlwaysTestBelowAverageTimeInMillisBetweenRequestsChannelProcessorTests.java b/sandbox/captcha/src/test/java/org/springframework/security/captcha/AlwaysTestBelowAverageTimeInMillisBetweenRequestsChannelProcessorTests.java
deleted file mode 100644
index c4a9c7bce0..0000000000
--- a/sandbox/captcha/src/test/java/org/springframework/security/captcha/AlwaysTestBelowAverageTimeInMillisBetweenRequestsChannelProcessorTests.java
+++ /dev/null
@@ -1,117 +0,0 @@
-/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.captcha;
-
-import junit.framework.TestCase;
-
-
-/**
- * DOCUMENT ME!
- *
- * @author $author$
- * @version $Revision: 2142 $
- */
-public class AlwaysTestBelowAverageTimeInMillisBetweenRequestsChannelProcessorTests extends TestCase {
- //~ Instance fields ================================================================================================
-
- AlwaysTestBelowAverageTimeInMillisBetweenRequestsChannelProcessor alwaysTestBelowAverageTimeInMillisBetweenRequestsChannelProcessor;
-
- //~ Methods ========================================================================================================
-
- protected void setUp() throws Exception {
- super.setUp();
- alwaysTestBelowAverageTimeInMillisBetweenRequestsChannelProcessor = new AlwaysTestBelowAverageTimeInMillisBetweenRequestsChannelProcessor();
- }
-
- public void testEqualsThresold() {
- CaptchaSecurityContext context = new CaptchaSecurityContextImpl();
- alwaysTestBelowAverageTimeInMillisBetweenRequestsChannelProcessor.setThreshold(100);
-
- context.setHuman();
-
- long now = System.currentTimeMillis();
-/*
- while ((System.currentTimeMillis() - now) <= 100) {
- assertTrue(alwaysTestBelowAverageTimeInMillisBetweenRequestsChannelProcessor
- .isContextValidConcerningHumanity(context));
- }
-
- context.incrementHumanRestrictedRessoucesRequestsCount();
- assertTrue(alwaysTestBelowAverageTimeInMillisBetweenRequestsChannelProcessor.isContextValidConcerningHumanity(
- context));
-
- context.setHuman();
- context.incrementHumanRestrictedRessoucesRequestsCount();
- assertFalse(alwaysTestBelowAverageTimeInMillisBetweenRequestsChannelProcessor.isContextValidConcerningHumanity(
- context));
-
- alwaysTestBelowAverageTimeInMillisBetweenRequestsChannelProcessor.setThreshold(0);
- context.setHuman();
- context.incrementHumanRestrictedRessoucesRequestsCount();
- assertFalse(alwaysTestBelowAverageTimeInMillisBetweenRequestsChannelProcessor.isContextValidConcerningHumanity(
- context));
- alwaysTestBelowAverageTimeInMillisBetweenRequestsChannelProcessor.setThreshold(0);
- */
- }
-/*
- public void testIsContextValidConcerningHumanity()
- throws Exception {
- CaptchaSecurityContext context = new CaptchaSecurityContextImpl();
- alwaysTestBelowAverageTimeInMillisBetweenRequestsChannelProcessor.setThreshold(10);
- context.setHuman();
-
- while ((System.currentTimeMillis() - context.getLastPassedCaptchaDateInMillis()) < (10 * alwaysTestBelowAverageTimeInMillisBetweenRequestsChannelProcessor
- .getThreshold())) {
- assertTrue(alwaysTestBelowAverageTimeInMillisBetweenRequestsChannelProcessor
- .isContextValidConcerningHumanity(context));
- }
- }
-
- public void testNewContext() {
- CaptchaSecurityContext context = new CaptchaSecurityContextImpl();
- assertFalse(alwaysTestBelowAverageTimeInMillisBetweenRequestsChannelProcessor.isContextValidConcerningHumanity(
- context));
-
- context.setHuman();
- assertTrue(alwaysTestBelowAverageTimeInMillisBetweenRequestsChannelProcessor.isContextValidConcerningHumanity(
- context));
- }
-
- public void testShouldPassAbove() {
- CaptchaSecurityContext context = new CaptchaSecurityContextImpl();
-
- context.setHuman();
-
- int i = 0;
-
- while ((System.currentTimeMillis() - context.getLastPassedCaptchaDateInMillis()) < (100 * alwaysTestBelowAverageTimeInMillisBetweenRequestsChannelProcessor
- .getThreshold())) {
- System.out.println((System.currentTimeMillis() - context.getLastPassedCaptchaDateInMillis()));
-
- context.incrementHumanRestrictedRessoucesRequestsCount();
- i++;
-
- while ((System.currentTimeMillis() - context.getLastPassedCaptchaDateInMillis()) < (alwaysTestBelowAverageTimeInMillisBetweenRequestsChannelProcessor
- .getThreshold() * i)) {}
-
- System.out.println((System.currentTimeMillis() - context.getLastPassedCaptchaDateInMillis()));
-
- assertTrue(alwaysTestBelowAverageTimeInMillisBetweenRequestsChannelProcessor
- .isContextValidConcerningHumanity(context));
- }
- }
- */
-}
diff --git a/sandbox/captcha/src/test/java/org/springframework/security/captcha/CaptchaChannelProcessorTemplateTests.java b/sandbox/captcha/src/test/java/org/springframework/security/captcha/CaptchaChannelProcessorTemplateTests.java
deleted file mode 100644
index 914b8df2bd..0000000000
--- a/sandbox/captcha/src/test/java/org/springframework/security/captcha/CaptchaChannelProcessorTemplateTests.java
+++ /dev/null
@@ -1,229 +0,0 @@
-/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.captcha;
-
-import junit.framework.TestCase;
-
-import org.springframework.security.ConfigAttribute;
-import org.springframework.security.SecurityConfig;
-
-import org.springframework.security.context.SecurityContextHolder;
-
-import org.springframework.security.intercept.web.FilterInvocation;
-
-import org.springframework.mock.web.MockHttpServletRequest;
-import org.springframework.mock.web.MockHttpServletResponse;
-
-import java.io.IOException;
-import java.util.List;
-
-import javax.servlet.ServletException;
-import javax.servlet.FilterChain;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-
-
-/**
- * Tests {@link org.springframework.security.captcha.CaptchaChannelProcessorTemplate}
- *
- * @author marc antoine Garrigue
- * @version $Id$
- */
-public class CaptchaChannelProcessorTemplateTests extends TestCase {
- //~ Methods ========================================================================================================
-
- private MockHttpServletResponse decideWithNewResponse(List cad,
- CaptchaChannelProcessorTemplate processor, MockHttpServletRequest request)
- throws IOException, ServletException {
- MockHttpServletResponse response;
- MockFilterChain chain;
- FilterInvocation fi;
- response = new MockHttpServletResponse();
- chain = new MockFilterChain();
- fi = new FilterInvocation(request, response, chain);
- processor.decide(fi, cad);
-
- return response;
- }
-
- public void setUp() {
- SecurityContextHolder.clearContext();
- }
-
- public void tearDown() {
- SecurityContextHolder.clearContext();
- }
-
- public void testContextRedirect() throws Exception {
- CaptchaChannelProcessorTemplate processor = new TestHumanityCaptchaChannelProcessor();
- processor.setKeyword("X");
-
- List cad = SecurityConfig.createList("Y");
-
- CaptchaSecurityContext context = new CaptchaSecurityContextImpl();
- SecurityContextHolder.setContext(context);
-
- CaptchaEntryPoint epoint = new CaptchaEntryPoint();
- epoint.setCaptchaFormUrl("/jcaptcha.do");
- epoint.setIncludeOriginalRequest(false);
-
- processor.setEntryPoint(epoint);
-
- MockHttpServletRequest request = new MockHttpServletRequest();
- request.setQueryString("info=true");
- request.setServerName("localhost");
- request.setContextPath("/demo");
- request.setServletPath("/restricted");
- request.setScheme("http");
- request.setServerPort(8000);
-
- MockHttpServletResponse response = new MockHttpServletResponse();
- MockFilterChain chain = new MockFilterChain();
- FilterInvocation fi = new FilterInvocation(request, response, chain);
-
- processor.decide(fi, cad);
- assertEquals(null, response.getRedirectedUrl());
- processor.setKeyword("Y");
- response = decideWithNewResponse(cad, processor, request);
- assertEquals("http://localhost:8000/demo/jcaptcha.do", response.getRedirectedUrl());
- context.setHuman();
- response = decideWithNewResponse(cad, processor, request);
- assertEquals(null, response.getRedirectedUrl());
- }
-
- public void testDecideRejectsNulls() throws Exception {
- CaptchaChannelProcessorTemplate processor = new TestHumanityCaptchaChannelProcessor();
- processor.setEntryPoint(new CaptchaEntryPoint());
- processor.setKeyword("X");
- processor.afterPropertiesSet();
-
- try {
- processor.decide(null, null);
- fail("Should have thrown IllegalArgumentException");
- } catch (IllegalArgumentException expected) {
- assertTrue(true);
- }
- }
-
- public void testGettersSetters() {
- CaptchaChannelProcessorTemplate processor = new TestHumanityCaptchaChannelProcessor();
- assertEquals(null, processor.getKeyword());
- processor.setKeyword("X");
- assertEquals("X", processor.getKeyword());
-
- assertEquals(0, processor.getThreshold());
- processor.setThreshold(1);
- assertEquals(1, processor.getThreshold());
-
- assertTrue(processor.getEntryPoint() == null);
- processor.setEntryPoint(new CaptchaEntryPoint());
- assertTrue(processor.getEntryPoint() != null);
- }
-
- public void testIncrementRequestCount() throws Exception {
- CaptchaChannelProcessorTemplate processor = new TestHumanityCaptchaChannelProcessor();
- processor.setKeyword("X");
-
- List cad = SecurityConfig.createList("X");
- CaptchaSecurityContext context = new CaptchaSecurityContextImpl();
- SecurityContextHolder.setContext(context);
-
- CaptchaEntryPoint epoint = new CaptchaEntryPoint();
- epoint.setCaptchaFormUrl("/jcaptcha.do");
- processor.setEntryPoint(epoint);
-
- MockHttpServletRequest request = new MockHttpServletRequest();
- request.setQueryString("info=true");
- request.setServerName("localhost");
- request.setContextPath("/demo");
- request.setServletPath("/restricted");
- request.setScheme("http");
- request.setServerPort(8000);
-
- MockHttpServletResponse response = new MockHttpServletResponse();
- MockFilterChain chain = new MockFilterChain();
- FilterInvocation fi = new FilterInvocation(request, response, chain);
-
- processor.decide(fi, cad);
- assertEquals(0, context.getHumanRestrictedResourcesRequestsCount());
- context.setHuman();
- decideWithNewResponse(cad, processor, request);
- assertEquals(1, context.getHumanRestrictedResourcesRequestsCount());
- decideWithNewResponse(cad, processor, request);
- assertEquals(2, context.getHumanRestrictedResourcesRequestsCount());
- processor.setKeyword("Y");
- decideWithNewResponse(cad, processor, request);
- assertEquals(2, context.getHumanRestrictedResourcesRequestsCount());
- context = new CaptchaSecurityContextImpl();
- decideWithNewResponse(cad, processor, request);
- assertEquals(0, context.getHumanRestrictedResourcesRequestsCount());
- }
-
- public void testMissingEntryPoint() throws Exception {
- CaptchaChannelProcessorTemplate processor = new TestHumanityCaptchaChannelProcessor();
- processor.setEntryPoint(null);
-
- try {
- processor.afterPropertiesSet();
- fail("Should have thrown IllegalArgumentException");
- } catch (IllegalArgumentException expected) {
- assertEquals("entryPoint required", expected.getMessage());
- }
- }
-
- public void testMissingKeyword() throws Exception {
- CaptchaChannelProcessorTemplate processor = new TestHumanityCaptchaChannelProcessor();
- processor.setKeyword(null);
-
- try {
- processor.afterPropertiesSet();
- fail("Should have thrown IllegalArgumentException");
- } catch (IllegalArgumentException expected) {}
-
- processor.setKeyword("");
-
- try {
- processor.afterPropertiesSet();
- fail("Should have thrown IllegalArgumentException");
- } catch (IllegalArgumentException expected) {}
- }
-
- public void testSupports() {
- CaptchaChannelProcessorTemplate processor = new TestHumanityCaptchaChannelProcessor();
- processor.setKeyword("X");
- assertTrue(processor.supports(new SecurityConfig(processor.getKeyword())));
-
- assertTrue(processor.supports(new SecurityConfig("X")));
-
- assertFalse(processor.supports(null));
-
- assertFalse(processor.supports(new SecurityConfig("NOT_SUPPORTED")));
- }
-
- //~ Inner Classes ==================================================================================================
-
- private class TestHumanityCaptchaChannelProcessor extends CaptchaChannelProcessorTemplate {
- boolean isContextValidConcerningHumanity(CaptchaSecurityContext context) {
- return context.isHuman();
- }
- }
-
- private static class MockFilterChain implements FilterChain {
- public void doFilter(ServletRequest arg0, ServletResponse arg1) throws IOException, ServletException {
- throw new UnsupportedOperationException("mock method not implemented");
- }
- }
-}
diff --git a/sandbox/captcha/src/test/java/org/springframework/security/captcha/CaptchaEntryPointTests.java b/sandbox/captcha/src/test/java/org/springframework/security/captcha/CaptchaEntryPointTests.java
deleted file mode 100644
index 934b9c579d..0000000000
--- a/sandbox/captcha/src/test/java/org/springframework/security/captcha/CaptchaEntryPointTests.java
+++ /dev/null
@@ -1,386 +0,0 @@
-/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.captcha;
-
-import junit.framework.TestCase;
-
-import org.springframework.security.MockPortResolver;
-
-import org.springframework.security.util.PortMapperImpl;
-
-import org.springframework.mock.web.MockHttpServletRequest;
-import org.springframework.mock.web.MockHttpServletResponse;
-
-import java.net.URLEncoder;
-
-import java.util.HashMap;
-import java.util.Map;
-
-
-/**
- * Tests {@link CaptchaEntryPoint}.
- *
- * @author marc antoine Garrigue
- * @version $Id$
- */
-public class CaptchaEntryPointTests extends TestCase {
- //~ Methods ========================================================================================================
-
- public void testDetectsMissingCaptchaFormUrl() throws Exception {
- CaptchaEntryPoint ep = new CaptchaEntryPoint();
- ep.setPortMapper(new PortMapperImpl());
- ep.setPortResolver(new MockPortResolver(80, 443));
-
- try {
- ep.afterPropertiesSet();
- fail("Should have thrown IllegalArgumentException");
- } catch (IllegalArgumentException expected) {
- assertEquals("captchaFormUrl must be specified", expected.getMessage());
- }
- }
-
- public void testDetectsMissingPortMapper() throws Exception {
- CaptchaEntryPoint ep = new CaptchaEntryPoint();
- ep.setCaptchaFormUrl("xxx");
- ep.setPortMapper(null);
-
- try {
- ep.afterPropertiesSet();
- fail("Should have thrown IllegalArgumentException");
- } catch (IllegalArgumentException expected) {
- assertEquals("portMapper must be specified", expected.getMessage());
- }
- }
-
- public void testDetectsMissingPortResolver() throws Exception {
- CaptchaEntryPoint ep = new CaptchaEntryPoint();
- ep.setCaptchaFormUrl("xxx");
- ep.setPortResolver(null);
-
- try {
- ep.afterPropertiesSet();
- fail("Should have thrown IllegalArgumentException");
- } catch (IllegalArgumentException expected) {
- assertEquals("portResolver must be specified", expected.getMessage());
- }
- }
-
- public void testGettersSetters() {
- CaptchaEntryPoint ep = new CaptchaEntryPoint();
- ep.setCaptchaFormUrl("/hello");
- ep.setPortMapper(new PortMapperImpl());
- ep.setPortResolver(new MockPortResolver(8080, 8443));
- assertEquals("/hello", ep.getCaptchaFormUrl());
- assertTrue(ep.getPortMapper() != null);
- assertTrue(ep.getPortResolver() != null);
-
- assertEquals("original_requestUrl", ep.getOriginalRequestUrlParameterName());
- ep.setOriginalRequestUrlParameterName("Z");
- assertEquals("Z", ep.getOriginalRequestUrlParameterName());
-
- assertEquals(true, ep.isIncludeOriginalRequest());
- ep.setIncludeOriginalRequest(false);
- assertEquals(false, ep.isIncludeOriginalRequest());
-
- assertEquals(false, ep.isOutsideWebApp());
- ep.setOutsideWebApp(true);
- assertEquals(true, ep.isOutsideWebApp());
-
- ep.setForceHttps(false);
- assertFalse(ep.getForceHttps());
- ep.setForceHttps(true);
- assertTrue(ep.getForceHttps());
- }
-
- public void testHttpsOperationFromOriginalHttpUrl()
- throws Exception {
- MockHttpServletRequest request = new MockHttpServletRequest();
-
- request.setRequestURI("/some_path");
- request.setScheme("http");
- request.setServerName("www.example.com");
- request.setContextPath("/bigWebApp");
- request.setServerPort(80);
-
- MockHttpServletResponse response = new MockHttpServletResponse();
-
- CaptchaEntryPoint ep = new CaptchaEntryPoint();
- ep.setIncludeOriginalRequest(false);
- ep.setCaptchaFormUrl("/hello");
- ep.setPortMapper(new PortMapperImpl());
- ep.setForceHttps(true);
- ep.setPortMapper(new PortMapperImpl());
- ep.setPortResolver(new MockPortResolver(80, 443));
- ep.afterPropertiesSet();
-
- ep.commence(request, response);
- assertEquals("https://www.example.com/bigWebApp/hello", response.getRedirectedUrl());
-
- request.setServerPort(8080);
- response = new MockHttpServletResponse();
- ep.setPortResolver(new MockPortResolver(8080, 8443));
- ep.commence(request, response);
- assertEquals("https://www.example.com:8443/bigWebApp/hello", response.getRedirectedUrl());
-
- // Now test an unusual custom HTTP:HTTPS is handled properly
- request.setServerPort(8888);
- response = new MockHttpServletResponse();
- ep.commence(request, response);
- assertEquals("https://www.example.com:8443/bigWebApp/hello", response.getRedirectedUrl());
-
- PortMapperImpl portMapper = new PortMapperImpl();
- Map map = new HashMap();
- map.put("8888", "9999");
- portMapper.setPortMappings(map);
- response = new MockHttpServletResponse();
-
- ep = new CaptchaEntryPoint();
- ep.setCaptchaFormUrl("/hello");
- ep.setPortMapper(new PortMapperImpl());
- ep.setForceHttps(true);
- ep.setPortMapper(portMapper);
- ep.setPortResolver(new MockPortResolver(8888, 9999));
- ep.setIncludeOriginalRequest(false);
-
- ep.afterPropertiesSet();
-
- ep.commence(request, response);
- assertEquals("https://www.example.com:9999/bigWebApp/hello", response.getRedirectedUrl());
- }
-
- public void testHttpsOperationFromOriginalHttpsUrl()
- throws Exception {
- MockHttpServletRequest request = new MockHttpServletRequest();
-
- request.setRequestURI("/some_path");
- request.setScheme("https");
- request.setServerName("www.example.com");
- request.setContextPath("/bigWebApp");
- request.setServerPort(443);
-
- MockHttpServletResponse response = new MockHttpServletResponse();
-
- CaptchaEntryPoint ep = new CaptchaEntryPoint();
- ep.setIncludeOriginalRequest(false);
- ep.setCaptchaFormUrl("/hello");
- ep.setPortMapper(new PortMapperImpl());
- ep.setForceHttps(true);
- ep.setPortMapper(new PortMapperImpl());
- ep.setPortResolver(new MockPortResolver(80, 443));
- ep.afterPropertiesSet();
-
- ep.commence(request, response);
- assertEquals("https://www.example.com/bigWebApp/hello", response.getRedirectedUrl());
-
- request.setServerPort(8443);
- response = new MockHttpServletResponse();
- ep.setPortResolver(new MockPortResolver(8080, 8443));
- ep.commence(request, response);
- assertEquals("https://www.example.com:8443/bigWebApp/hello", response.getRedirectedUrl());
- }
-
- public void testNormalOperation() throws Exception {
- CaptchaEntryPoint ep = new CaptchaEntryPoint();
- ep.setCaptchaFormUrl("/hello");
- ep.setPortMapper(new PortMapperImpl());
- ep.setPortResolver(new MockPortResolver(80, 443));
- ep.afterPropertiesSet();
- ep.setIncludeOriginalRequest(false);
-
- MockHttpServletRequest request = new MockHttpServletRequest();
- request.setRequestURI("/some_path");
- request.setContextPath("/bigWebApp");
- request.setScheme("http");
- request.setServerName("www.example.com");
- request.setContextPath("/bigWebApp");
- request.setServerPort(80);
-
- MockHttpServletResponse response = new MockHttpServletResponse();
-
- ep.afterPropertiesSet();
- ep.commence(request, response);
- assertEquals("http://www.example.com/bigWebApp/hello", response.getRedirectedUrl());
- }
-
- public void testOperationWhenHttpsRequestsButHttpsPortUnknown()
- throws Exception {
- CaptchaEntryPoint ep = new CaptchaEntryPoint();
- ep.setCaptchaFormUrl("/hello");
- ep.setPortMapper(new PortMapperImpl());
- ep.setPortResolver(new MockPortResolver(8888, 1234));
- ep.setForceHttps(true);
- ep.setIncludeOriginalRequest(false);
-
- ep.afterPropertiesSet();
-
- MockHttpServletRequest request = new MockHttpServletRequest();
- request.setRequestURI("/some_path");
- request.setContextPath("/bigWebApp");
- request.setScheme("http");
- request.setServerName("www.example.com");
- request.setContextPath("/bigWebApp");
- request.setServerPort(8888); // NB: Port we can't resolve
-
- MockHttpServletResponse response = new MockHttpServletResponse();
-
- ep.afterPropertiesSet();
- ep.commence(request, response);
-
- // Response doesn't switch to HTTPS, as we didn't know HTTP port 8888 to
- // HTTP port mapping
- assertEquals("http://www.example.com:8888/bigWebApp/hello", response.getRedirectedUrl());
- }
-
- public void testOperationWithOriginalRequestIncludes()
- throws Exception {
- CaptchaEntryPoint ep = new CaptchaEntryPoint();
- ep.setCaptchaFormUrl("/hello");
-
- PortMapperImpl mapper = new PortMapperImpl();
- mapper.getTranslatedPortMappings().put(new Integer(8888), new Integer(1234));
- ep.setPortMapper(mapper);
-
- ep.setPortResolver(new MockPortResolver(8888, 1234));
- ep.setIncludeOriginalRequest(true);
- ep.afterPropertiesSet();
-
- MockHttpServletRequest request = new MockHttpServletRequest();
- request.setMethod("post");
- request.setRequestURI("/some_path");
- request.setScheme("http");
- request.setServerName("www.example.com");
-
- // request.setContextPath("/bigWebApp");
- // TODO correct this when the getRequestUrl from mock works...
- request.setServerPort(8888); // NB: Port we can't resolve
-
- MockHttpServletResponse response = new MockHttpServletResponse();
-
- ep.afterPropertiesSet();
- ep.commence(request, response);
- assertEquals("http://www.example.com:8888/hello?original_requestUrl="
- + URLEncoder.encode("http://www.example.com:8888/some_path", "UTF-8") + "&original_request_method=post",
- response.getRedirectedUrl());
-
- // test the query params
- request.addParameter("name", "value");
- response = new MockHttpServletResponse();
- ep.commence(request, response);
- assertEquals("http://www.example.com:8888/hello?original_requestUrl="
- + URLEncoder.encode("http://www.example.com:8888/some_path", "UTF-8") + "&original_request_method=post",
- response.getRedirectedUrl());
-
- // test the multiple query params
- ep.setIncludeOriginalParameters(true);
-
- request.addParameter("name", "value");
- request.addParameter("name1", "value2");
- response = new MockHttpServletResponse();
- ep.commence(request, response);
- assertEquals("http://www.example.com:8888/hello?original_requestUrl="
- + URLEncoder.encode("http://www.example.com:8888/some_path", "UTF-8") + "&original_request_method=post"
- + "&original_request_parameters=" + URLEncoder.encode("name__value;;name1__value2", "UTF-8"),
- response.getRedirectedUrl());
-
- // test add parameter to captcha form url??
- ep.setCaptchaFormUrl("/hello?toto=titi");
- response = new MockHttpServletResponse();
- ep.commence(request, response);
- assertEquals("http://www.example.com:8888/hello?toto=titi&original_requestUrl="
- + URLEncoder.encode("http://www.example.com:8888/some_path", "UTF-8") + "&original_request_method=post"
- + "&original_request_parameters=" + URLEncoder.encode("name__value;;name1__value2", "UTF-8"),
- response.getRedirectedUrl());
-
- // with forcing!!!
- ep.setForceHttps(true);
- response = new MockHttpServletResponse();
- ep.commence(request, response);
- assertEquals("https://www.example.com:1234/hello?toto=titi&original_requestUrl="
- + URLEncoder.encode("http://www.example.com:8888/some_path", "UTF-8") + "&original_request_method=post"
- + "&original_request_parameters=" + URLEncoder.encode("name__value;;name1__value2", "UTF-8"),
- response.getRedirectedUrl());
- }
-
- public void testOperationWithOutsideWebApp() throws Exception {
- CaptchaEntryPoint ep = new CaptchaEntryPoint();
- ep.setCaptchaFormUrl("https://www.jcaptcha.net/dotest/");
-
- PortMapperImpl mapper = new PortMapperImpl();
- mapper.getTranslatedPortMappings().put(new Integer(8888), new Integer(1234));
- ep.setPortMapper(mapper);
-
- ep.setPortResolver(new MockPortResolver(8888, 1234));
- ep.setIncludeOriginalRequest(true);
- ep.setOutsideWebApp(true);
-
- ep.afterPropertiesSet();
-
- MockHttpServletRequest request = new MockHttpServletRequest();
- request.setRequestURI("/some_path");
- request.setScheme("http");
- request.setServerName("www.example.com");
- request.setMethod("post");
-
- // request.setContextPath("/bigWebApp");
- // TODO correct this when the getRequestUrl from mock works...
- request.setServerPort(8888); // NB: Port we can't resolve
-
- MockHttpServletResponse response = new MockHttpServletResponse();
-
- ep.afterPropertiesSet();
- ep.commence(request, response);
- assertEquals("https://www.jcaptcha.net/dotest/?original_requestUrl="
- + URLEncoder.encode("http://www.example.com:8888/some_path", "UTF-8") + "&original_request_method=post",
- response.getRedirectedUrl());
-
- // test the query params
- request.addParameter("name", "value");
- response = new MockHttpServletResponse();
- ep.commence(request, response);
- assertEquals("https://www.jcaptcha.net/dotest/?original_requestUrl="
- + URLEncoder.encode("http://www.example.com:8888/some_path", "UTF-8") + "&original_request_method=post",
- response.getRedirectedUrl());
-
- // test the multiple query params
- ep.setIncludeOriginalParameters(true);
- request.addParameter("name", "value");
- request.addParameter("name1", "value2");
- response = new MockHttpServletResponse();
- ep.commence(request, response);
- assertEquals("https://www.jcaptcha.net/dotest/?original_requestUrl="
- + URLEncoder.encode("http://www.example.com:8888/some_path", "UTF-8") + "&original_request_method=post"
- + "&original_request_parameters=" + URLEncoder.encode("name__value;;name1__value2", "UTF-8"),
- response.getRedirectedUrl());
-
- // test add parameter to captcha form url??
- ep.setCaptchaFormUrl("https://www.jcaptcha.net/dotest/?toto=titi");
- response = new MockHttpServletResponse();
- ep.commence(request, response);
- assertEquals("https://www.jcaptcha.net/dotest/?toto=titi&original_requestUrl="
- + URLEncoder.encode("http://www.example.com:8888/some_path", "UTF-8") + "&original_request_method=post"
- + "&original_request_parameters=" + URLEncoder.encode("name__value;;name1__value2", "UTF-8"),
- response.getRedirectedUrl());
-
- // with forcing!!!
- ep.setForceHttps(true);
- response = new MockHttpServletResponse();
- ep.commence(request, response);
- assertEquals("https://www.jcaptcha.net/dotest/?toto=titi&original_requestUrl="
- + URLEncoder.encode("http://www.example.com:8888/some_path", "UTF-8") + "&original_request_method=post"
- + "&original_request_parameters=" + URLEncoder.encode("name__value;;name1__value2", "UTF-8"),
- response.getRedirectedUrl());
- }
-}
diff --git a/sandbox/captcha/src/test/java/org/springframework/security/captcha/CaptchaSecurityContextImplTests.java b/sandbox/captcha/src/test/java/org/springframework/security/captcha/CaptchaSecurityContextImplTests.java
deleted file mode 100644
index e27fa75488..0000000000
--- a/sandbox/captcha/src/test/java/org/springframework/security/captcha/CaptchaSecurityContextImplTests.java
+++ /dev/null
@@ -1,106 +0,0 @@
-/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.captcha;
-
-import junit.framework.TestCase;
-
-
-/**
- * Tests {@link CaptchaSecurityContextImpl}.
- *
- * @author marc antoine Garrigue
- * @version $Id$
- */
-public class CaptchaSecurityContextImplTests extends TestCase {
- //~ Methods ========================================================================================================
-
- public void testDefaultValues() {
- CaptchaSecurityContext context = new CaptchaSecurityContextImpl();
- assertEquals("should not be human", false, context.isHuman());
- assertEquals("should be 0", 0, context.getLastPassedCaptchaDateInMillis());
- assertEquals("should be 0", 0, context.getHumanRestrictedResourcesRequestsCount());
- }
-
- public void testEquals() {
- CaptchaSecurityContext context1 = new CaptchaSecurityContextImpl();
- CaptchaSecurityContext context2 = new CaptchaSecurityContextImpl();
-
- assertEquals(context1, context2);
-
- assertFalse(context1.isHuman());
- context1.setHuman();
- assertNotSame(context1, context2);
-
- // Get fresh copy
- context1 = new CaptchaSecurityContextImpl();
- assertEquals(context1, context2);
-
- context1.incrementHumanRestrictedResourcesRequestsCount();
- assertNotSame(context1, context2);
- }
-
- public void testHashcode() {
- CaptchaSecurityContext context1 = new CaptchaSecurityContextImpl();
- CaptchaSecurityContext context2 = new CaptchaSecurityContextImpl();
-
- assertEquals(context1.hashCode(), context2.hashCode());
-
- assertFalse(context1.isHuman());
- context1.setHuman();
- assertTrue(context1.hashCode() != context2.hashCode());
-
- // Get fresh copy
- context1 = new CaptchaSecurityContextImpl();
- assertEquals(context1.hashCode(), context2.hashCode());
-
- context1.incrementHumanRestrictedResourcesRequestsCount();
- assertTrue(context1 != context2);
- }
-
- public void testIncrementRequests() {
- CaptchaSecurityContext context = new CaptchaSecurityContextImpl();
- context.setHuman();
- assertEquals("should be human", true, context.isHuman());
- assertEquals("should be 0", 0, context.getHumanRestrictedResourcesRequestsCount());
- context.incrementHumanRestrictedResourcesRequestsCount();
- assertEquals("should be 1", 1, context.getHumanRestrictedResourcesRequestsCount());
- }
-
- public void testResetHuman() {
- CaptchaSecurityContext context = new CaptchaSecurityContextImpl();
- context.setHuman();
- assertEquals("should be human", true, context.isHuman());
- assertEquals("should be 0", 0, context.getHumanRestrictedResourcesRequestsCount());
- context.incrementHumanRestrictedResourcesRequestsCount();
- assertEquals("should be 1", 1, context.getHumanRestrictedResourcesRequestsCount());
-
- long now = System.currentTimeMillis();
- context.setHuman();
- assertEquals("should be 0", 0, context.getHumanRestrictedResourcesRequestsCount());
- assertTrue("should be more than 0", (context.getLastPassedCaptchaDateInMillis() - now) >= 0);
- assertTrue("should be less than 0,1 seconde", (context.getLastPassedCaptchaDateInMillis() - now) < 100);
- }
-
- public void testSetHuman() {
- CaptchaSecurityContext context = new CaptchaSecurityContextImpl();
- long now = System.currentTimeMillis();
- context.setHuman();
- assertEquals("should be human", true, context.isHuman());
- assertTrue("should be more than 0", (context.getLastPassedCaptchaDateInMillis() - now) >= 0);
- assertTrue("should be less than 0,1 seconde", (context.getLastPassedCaptchaDateInMillis() - now) < 100);
- assertEquals("should be 0", 0, context.getHumanRestrictedResourcesRequestsCount());
- }
-}
diff --git a/sandbox/captcha/src/test/java/org/springframework/security/captcha/CaptchaValidationProcessingFilterTests.java b/sandbox/captcha/src/test/java/org/springframework/security/captcha/CaptchaValidationProcessingFilterTests.java
deleted file mode 100644
index 7ed25a89a3..0000000000
--- a/sandbox/captcha/src/test/java/org/springframework/security/captcha/CaptchaValidationProcessingFilterTests.java
+++ /dev/null
@@ -1,115 +0,0 @@
-/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.captcha;
-
-import junit.framework.TestCase;
-
-import org.springframework.security.context.SecurityContextHolder;
-
-import org.springframework.security.util.MockFilter;
-import org.springframework.security.util.MockFilterChain;
-
-import org.springframework.mock.web.MockHttpServletRequest;
-
-
-/**
- * Tests {@link CaptchaValidationProcessingFilter}.
- *
- * @author marc antoine Garrigue
- * @version $Id$
- */
-public class CaptchaValidationProcessingFilterTests extends TestCase {
- //~ Methods ========================================================================================================
-
- /*
- */
- public void testAfterPropertiesSet() throws Exception {
- CaptchaValidationProcessingFilter filter = new CaptchaValidationProcessingFilter();
-
- try {
- filter.afterPropertiesSet();
- fail("should have thrown an invalid argument exception");
- } catch (Exception e) {
- assertTrue("should be an InvalidArgumentException",
- IllegalArgumentException.class.isAssignableFrom(e.getClass()));
- }
-
- filter.setCaptchaService(new MockCaptchaServiceProxy());
- filter.afterPropertiesSet();
- filter.setCaptchaValidationParameter(null);
-
- try {
- filter.afterPropertiesSet();
- fail("should have thrown an invalid argument exception");
- } catch (Exception e) {
- assertTrue("should be an InvalidArgumentException",
- IllegalArgumentException.class.isAssignableFrom(e.getClass()));
- }
- }
-
- /*
- * Test method for
- * 'org.springframework.security.captcha.CaptchaValidationProcessingFilter.doFilter(ServletRequest,
- * ServletResponse, FilterChain)'
- */
- public void testDoFilterWithRequestParameter() throws Exception {
- CaptchaSecurityContext context = new CaptchaSecurityContextImpl();
- SecurityContextHolder.setContext(context);
-
- MockHttpServletRequest request = new MockHttpServletRequest();
-
- CaptchaValidationProcessingFilter filter = new CaptchaValidationProcessingFilter();
- request.addParameter(filter.getCaptchaValidationParameter(), "");
-
- MockCaptchaServiceProxy service = new MockCaptchaServiceProxy();
- MockFilterChain chain = new MockFilterChain(true);
- filter.setCaptchaService(service);
- filter.doFilter(request, null, chain);
- assertTrue("should have been called", service.hasBeenCalled);
- assertFalse("context should not have been updated", context.isHuman());
-
- // test with valid
- service.valid = true;
- filter.doFilter(request, null, chain);
- assertTrue("should have been called", service.hasBeenCalled);
- assertTrue("context should have been updated", context.isHuman());
- }
-
- /*
- * Test method for
- * 'org.springframework.security.captcha.CaptchaValidationProcessingFilter.doFilter(ServletRequest,
- * ServletResponse, FilterChain)'
- */
- public void testDoFilterWithoutRequestParameter() throws Exception {
- CaptchaSecurityContext context = new CaptchaSecurityContextImpl();
- SecurityContextHolder.setContext(context);
-
- MockHttpServletRequest request = new MockHttpServletRequest();
- CaptchaValidationProcessingFilter filter = new CaptchaValidationProcessingFilter();
- MockCaptchaServiceProxy service = new MockCaptchaServiceProxy();
- MockFilterChain chain = new MockFilterChain(true);
- filter.setCaptchaService(service);
- filter.doFilter(request, null, chain);
- assertFalse("proxy should not have been called", service.hasBeenCalled);
- assertFalse("context should not have been updated", context.isHuman());
-
- // test with valid
- service.valid = true;
- filter.doFilter(request, null, chain);
- assertFalse("proxy should not have been called", service.hasBeenCalled);
- assertFalse("context should not have been updated", context.isHuman());
- }
-}
diff --git a/sandbox/captcha/src/test/java/org/springframework/security/captcha/MockCaptchaServiceProxy.java b/sandbox/captcha/src/test/java/org/springframework/security/captcha/MockCaptchaServiceProxy.java
deleted file mode 100644
index af00da0462..0000000000
--- a/sandbox/captcha/src/test/java/org/springframework/security/captcha/MockCaptchaServiceProxy.java
+++ /dev/null
@@ -1,35 +0,0 @@
-/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.captcha;
-
-/**
- * @author Marc-Antoine Garrigue
- * @version $Id$
- */
-public class MockCaptchaServiceProxy implements CaptchaServiceProxy {
- //~ Instance fields ================================================================================================
-
- public boolean hasBeenCalled = false;
- public boolean valid = false;
-
- //~ Methods ========================================================================================================
-
- public boolean validateReponseForId(String id, Object response) {
- hasBeenCalled = true;
-
- return valid;
- }
-}
diff --git a/sandbox/captcha/src/test/java/org/springframework/security/captcha/TestOnceAfterMaxRequestsCaptchaChannelProcessorTests.java b/sandbox/captcha/src/test/java/org/springframework/security/captcha/TestOnceAfterMaxRequestsCaptchaChannelProcessorTests.java
deleted file mode 100644
index 5337ea41b4..0000000000
--- a/sandbox/captcha/src/test/java/org/springframework/security/captcha/TestOnceAfterMaxRequestsCaptchaChannelProcessorTests.java
+++ /dev/null
@@ -1,72 +0,0 @@
-/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.captcha;
-
-import junit.framework.*;
-
-import org.springframework.security.captcha.TestOnceAfterMaxRequestsCaptchaChannelProcessor;
-
-
-/**
- *
- * @author Marc-Antoine Garrigue
- * @version $Revision: 2142 $
- */
-public class TestOnceAfterMaxRequestsCaptchaChannelProcessorTests extends TestCase {
- //~ Instance fields ================================================================================================
-
- TestOnceAfterMaxRequestsCaptchaChannelProcessor testOnceAfterMaxRequestsCaptchaChannelProcessor;
-
- //~ Methods ========================================================================================================
-
- protected void setUp() throws Exception {
- super.setUp();
- testOnceAfterMaxRequestsCaptchaChannelProcessor = new TestOnceAfterMaxRequestsCaptchaChannelProcessor();
- }
-
- public void testIsContextValidConcerningHumanity()
- throws Exception {
- testOnceAfterMaxRequestsCaptchaChannelProcessor.setThreshold(1);
-
- CaptchaSecurityContextImpl context = new CaptchaSecurityContextImpl();
- assertTrue(testOnceAfterMaxRequestsCaptchaChannelProcessor.isContextValidConcerningHumanity(context));
-
- context.incrementHumanRestrictedResourcesRequestsCount();
-
- testOnceAfterMaxRequestsCaptchaChannelProcessor.setThreshold(-1);
- assertFalse(testOnceAfterMaxRequestsCaptchaChannelProcessor.isContextValidConcerningHumanity(context));
-
- testOnceAfterMaxRequestsCaptchaChannelProcessor.setThreshold(3);
- assertTrue(testOnceAfterMaxRequestsCaptchaChannelProcessor.isContextValidConcerningHumanity(context));
- context.incrementHumanRestrictedResourcesRequestsCount();
- assertTrue(testOnceAfterMaxRequestsCaptchaChannelProcessor.isContextValidConcerningHumanity(context));
- context.incrementHumanRestrictedResourcesRequestsCount();
- assertFalse(testOnceAfterMaxRequestsCaptchaChannelProcessor.isContextValidConcerningHumanity(context));
- context.setHuman();
-
- for (int i = 0; i < (2 * testOnceAfterMaxRequestsCaptchaChannelProcessor.getThreshold()); i++) {
- assertTrue(testOnceAfterMaxRequestsCaptchaChannelProcessor.isContextValidConcerningHumanity(context));
- }
- }
-
- public void testNewContext() {
- CaptchaSecurityContextImpl context = new CaptchaSecurityContextImpl();
-
- assertFalse(testOnceAfterMaxRequestsCaptchaChannelProcessor.isContextValidConcerningHumanity(context));
- testOnceAfterMaxRequestsCaptchaChannelProcessor.setThreshold(1);
- assertTrue(testOnceAfterMaxRequestsCaptchaChannelProcessor.isContextValidConcerningHumanity(context));
- }
-}
diff --git a/sandbox/pom.xml b/sandbox/pom.xml
index 4da093c7fb..ce02c727a5 100644
--- a/sandbox/pom.xml
+++ b/sandbox/pom.xml
@@ -11,9 +11,7 @@
pom
- webwork
other
- captcha
diff --git a/sandbox/webwork/pom.xml b/sandbox/webwork/pom.xml
deleted file mode 100644
index 8b2bfe299a..0000000000
--- a/sandbox/webwork/pom.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-
- 4.0.0
-
- org.springframework.security
- spring-security-sandbox
- 3.0.0.CI-SNAPSHOT
-
- spring-security-webwork
- Spring Security - Webwork support
- Spring Security - Support for WebWork 2
-
-
-
- opensymphony
- webwork
- 2.2.3
-
-
- javax.servlet
- servlet-api
-
-
-
diff --git a/sandbox/webwork/src/main/java/org/springframework/security/webwork/AcegiDispatcherUtils.java b/sandbox/webwork/src/main/java/org/springframework/security/webwork/AcegiDispatcherUtils.java
deleted file mode 100644
index ca5bbf9ada..0000000000
--- a/sandbox/webwork/src/main/java/org/springframework/security/webwork/AcegiDispatcherUtils.java
+++ /dev/null
@@ -1,132 +0,0 @@
-/* Copyright 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.webwork;
-
-import java.util.Map;
-
-import javax.servlet.ServletContext;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.springframework.security.ui.ExceptionTranslationFilter;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-import com.opensymphony.webwork.ServletActionContext;
-import com.opensymphony.webwork.dispatcher.DispatcherUtils;
-import com.opensymphony.webwork.dispatcher.mapper.ActionMapping;
-import com.opensymphony.xwork.ActionContext;
-import com.opensymphony.xwork.ActionProxy;
-import com.opensymphony.xwork.ActionProxyFactory;
-import com.opensymphony.xwork.Result;
-import com.opensymphony.xwork.config.ConfigurationException;
-import com.opensymphony.xwork.util.OgnlValueStack;
-import com.opensymphony.xwork.util.XWorkContinuationConfig;
-
-/**
- *
- * WebWork {@link DispatcherUtils} that ignores Acegi exceptions so they can be processed by
- * {@link ExceptionTranslationFilter}.
- *
- *
- *
- * This is meant to be fixed inside WebWork, see WW-291. Known
- * broken versions are 2.2.3 and 2.2.4.
- *
- *
- * @author Carlos Sanchez
- * @version $Id$
- */
-public class AcegiDispatcherUtils extends DispatcherUtils {
-
- private static final Log LOG = LogFactory.getLog(AcegiDispatcherUtils.class);
-
- protected AcegiDispatcherUtils(ServletContext servletContext) {
- super(servletContext);
- }
-
- /**
- *
- * Loads the action and executes it. This method first creates the action context from the given parameters then
- * loads an ActionProxy from the given action name and namespace. After that, the action is executed and
- * output channels throught the response object. Actions not found are sent back to the user via the
- * {@link DispatcherUtils#sendError} method, using the 404 return code. All other errors are reported by throwing a
- * ServletException.
- *
- *
- *
- * Difference between this and WebWork prvided class is that any unhandled exception will be thrown instead of
- * processed inside WebWork.
- *
- *
- * @param request the HttpServletRequest object
- * @param response the HttpServletResponse object
- * @param mapping the action mapping object
- * @throws ServletException when an unknown error occurs (not a 404, but typically something that would end up as a
- * 5xx by the servlet container)
- */
- public void serviceAction(HttpServletRequest request, HttpServletResponse response, ServletContext context,
- ActionMapping mapping) throws ServletException {
- Map extraContext = createContextMap(request, response, mapping, context);
-
- // If there was a previous value stack, then create a new copy and pass it in to be used by the new Action
- OgnlValueStack stack = (OgnlValueStack) request.getAttribute(ServletActionContext.WEBWORK_VALUESTACK_KEY);
- if (stack != null) {
- extraContext.put(ActionContext.VALUE_STACK, new OgnlValueStack(stack));
- }
-
- try {
- String namespace = mapping.getNamespace();
- String name = mapping.getName();
- String method = mapping.getMethod();
-
- String id = request.getParameter(XWorkContinuationConfig.CONTINUE_PARAM);
- if (id != null) {
- // remove the continue key from the params - we don't want to bother setting
- // on the value stack since we know it won't work. Besides, this breaks devMode!
- Map params = (Map) extraContext.get(ActionContext.PARAMETERS);
- params.remove(XWorkContinuationConfig.CONTINUE_PARAM);
-
- // and now put the key in the context to be picked up later by XWork
- extraContext.put(XWorkContinuationConfig.CONTINUE_KEY, id);
- }
-
- ActionProxy proxy = ActionProxyFactory.getFactory().createActionProxy(namespace, name, extraContext, true,
- false);
- proxy.setMethod(method);
- request.setAttribute(ServletActionContext.WEBWORK_VALUESTACK_KEY, proxy.getInvocation().getStack());
-
- // if the ActionMapping says to go straight to a result, do it!
- if (mapping.getResult() != null) {
- Result result = mapping.getResult();
- result.execute(proxy.getInvocation());
- } else {
- proxy.execute();
- }
-
- // If there was a previous value stack then set it back onto the request
- if (stack != null) {
- request.setAttribute(ServletActionContext.WEBWORK_VALUESTACK_KEY, stack);
- }
- } catch (ConfigurationException e) {
- LOG.error("Could not find action", e);
- sendError(request, response, context, HttpServletResponse.SC_NOT_FOUND, e);
- } catch (Exception e) {
- throw new ServletException(e);
- }
- }
-
-}
diff --git a/sandbox/webwork/src/main/java/org/springframework/security/webwork/FilterDispatcher.java b/sandbox/webwork/src/main/java/org/springframework/security/webwork/FilterDispatcher.java
deleted file mode 100644
index 30fdf4542f..0000000000
--- a/sandbox/webwork/src/main/java/org/springframework/security/webwork/FilterDispatcher.java
+++ /dev/null
@@ -1,49 +0,0 @@
-/* Copyright 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.webwork;
-
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-
-import org.springframework.security.ui.ExceptionTranslationFilter;
-
-import com.opensymphony.webwork.dispatcher.DispatcherUtils;
-
-/**
- *
- * {@link com.opensymphony.webwork.dispatcher.FilterDispatcher} that will setup WebWork to ignore Acegi exceptions so
- * they can be processed by {@link ExceptionTranslationFilter}
- *
- *
- *
- * Set it up in your web.xml instead of WebWork provided {@link com.opensymphony.webwork.dispatcher.FilterDispatcher}.
- *
- *
- *
- * This is meant to be fixed inside WebWork, see WW-291. Known
- * broken versions are 2.2.3 and 2.2.4.
- *
- *
- * @author Carlos Sanchez
- * @version $Id$
- */
-public class FilterDispatcher extends com.opensymphony.webwork.dispatcher.FilterDispatcher {
-
- public void init(FilterConfig filterConfig) throws ServletException {
- super.init(filterConfig);
- DispatcherUtils.setInstance(new AcegiDispatcherUtils(filterConfig.getServletContext()));
- }
-
-}