debian/0000755000000000000000000000000011711767430007175 5ustar debian/rules0000755000000000000000000000044611711731053010251 0ustar #!/usr/bin/make -f include /usr/share/cdbs/1/rules/debhelper.mk include /usr/share/cdbs/1/class/maven.mk JAVA_HOME := /usr/lib/jvm/default-java DEB_MAVEN_DOC_TARGET := javadoc:jar javadoc:aggregate get-orig-source: uscan --download-version $(DEB_UPSTREAM_VERSION) --force-download --rename debian/libacegi-security-java-doc.install0000644000000000000000000000007711711614363015653 0ustar core/target/apidocs/* usr/share/doc/libacegi-security-java/api debian/README.source0000644000000000000000000000045411711614363011353 0ustar Information about acegi-security -------------------------------- This package was debianized using the mh_make command from the maven-debian-helper package. The build system uses Maven but prevents it from downloading anything from the Internet, making the build compliant with the Debian policy. debian/maven.rules0000644000000000000000000000346211711615110011347 0ustar # Maven rules - transform Maven dependencies and plugins # Format of this file is: # [group] [artifact] [type] [version] [classifier] [scope] # where each element can be either # - the exact string, for example org.apache for the group, or 3.1 # for the version. In this case, the element is simply matched # and left as it is # - * (the star character, alone). In this case, anything will # match and be left as it is. For example, using * on the # position of the artifact field will match any artifact id # - a regular expression of the form s/match/replace/ # in this case, elements that match are transformed using # the regex rule. # All elements much match before a rule can be applied # Example rule: match jar with groupid= junit, artifactid= junit # and version starting with 3., replacing the version with 3.x # junit junit jar s/3\\..*/3.x/ commons-collections commons-collections jar s/3\..*/3.x/ * * log4j log4j jar s/1\.2\..*/1.2.x/ * * commons-logging s/commons-logging-api/commons-logging/ * s/.*/debian/ * * net.sf.ehcache s/ehcache/ehcache-core/ * s/.*/debian/ * * s/aspectj/org.aspectj/ aspectjrt * s/.*/debian/ * * s/javax\.servlet/javax.servlet.jsp/ jsp-api * s/.*/2.1/ * * s/org\.springframework/org.springframework.ldap/ s/spring-ldap/spring-ldap-core/ * s/1\..*/debian/ * * org.springframework s/spring-remoting/spring-context/ * s/.*/3.x/ * * org.springframework s/spring-support/spring-context-support/ * s/.*/3.x/ * * org.springframework s/spring-mock/spring-test/ * s/.*/3.x/ * * org.springframework * * s/.*/3.x/ * * org.springframework.security * * s/2\..*/2.x/ * * s/org\.apache\.tomcat/javax.el/ el-api jar s/.*/2.1/ * * s/org\.apache\.tomcat/javax.servlet/ jsp-api jar s/.*/2.1/ * * s/org\.apache\.tomcat/javax.servlet/ servlet-api jar s/.*/2.5/ * * javax.servlet servlet-api jar s/.*/2.5/ * * debian/control0000644000000000000000000000427111711731066010600 0ustar Source: acegi-security Section: java Priority: optional Maintainer: Debian Java Maintainers Uploaders: James Page DM-Upload-Allowed: yes Build-Depends: cdbs, debhelper (>= 7), default-jdk, maven-debian-helper Build-Depends-Indep: aspectj, default-jdk-doc, libaopalliance-java, libcommons-codec-java, libcommons-codec-java-doc, libcommons-collections3-java, libcommons-lang-java, libcommons-logging-java, libcommons-logging-java-doc, libehcache-java, liblog4j1.2-java, liblog4j1.2-java-doc, libmaven-assembly-plugin-java, libmaven-install-plugin-java, libmaven-javadoc-plugin-java, libmaven-war-plugin-java, liboro-java, libservlet2.5-java, libservlet2.5-java-doc, libspring-aop-java, libspring-context-java, libspring-context-support-java, libspring-core-java, libspring-jdbc-java, libspring-ldap-java (>= 1.3.1), libspring-ldap-java-doc, libspring-test-java, libspring-web-java, Standards-Version: 3.9.2 Homepage: http://acegisecurity.org/ Vcs-Git: git://git.debian.org/git/pkg-java/acegi-security.git Vcs-Browser: http://git.debian.org/?p=pkg-java/acegi-security.git Package: libacegi-security-java Architecture: all Depends: ${maven:Depends}, ${misc:Depends} Recommends: ${maven:OptionalDepends} Suggests: libacegi-security-java-doc Description: Acegi Security System for Spring Acegi Security provides comprehensive security services for J2EE-based enterprise software applications. There is a particular emphasis on supporting projects built using The Spring Framework, which is the leading J2EE solution for enterprise software development. Package: libacegi-security-java-doc Architecture: all Section: doc Depends: ${maven:DocDepends}, ${misc:Depends} Recommends: ${maven:DocOptionalDepends} Suggests: libacegi-security-java Description: Documentation for Acegi Security Acegi Security provides comprehensive security services for J2EE-based enterprise software applications. There is a particular emphasis on supporting projects built using The Spring Framework, which is the leading J2EE solution for enterprise software development. . This package provides the API documentation for libacegi-security-java. debian/copyright0000644000000000000000000000213211711614363011122 0ustar Format: http://dep.debian.net/deps/dep5/ Upstream-Name: Acegi Security Upstream-Contact: Ben Alex as Developer Colin Sampaleanu as Developer Carlos Sanchez as Developer Luke Taylor as Developer Ray Krueger as Developer Robert Sanders as Developer Mark St.Godard as Developer John A. Lewis as Developer Source: http://acegisecurity.org/ Files: * Copyright: 2004-2007 Acegi Technology Pty Limited License: Apache-2.0 Files: acegi_checkstyle.xml Copyright: 2001-2004 The Apache Software Foundation. License: Apache-2.0 Files: debian/* Copyright: 2011, Canonical Ltd (http://www.canonical.com/) License: Apache-2.0 License: Apache-2.0 On Debian GNU/Linux system you can find the complete text of the Apache-2.0 license in '/usr/share/common-licenses/Apache-2.0' debian/maven.publishedRules0000644000000000000000000000164211711614665013223 0ustar # Maven published rules - additional rules to publish, to help # the packaging work of Debian maintainers using mh_make # Format of this file is: # [group] [artifact] [type] [version] [classifier] [scope] # where each element can be either # - the exact string, for example org.apache for the group, or 3.1 # for the version. In this case, the element is simply matched # and left as it is # - * (the star character, alone). In this case, anything will # match and be left as it is. For example, using * on the # position of the artifact field will match any artifact id # - a regular expression of the form s/match/replace/ # in this case, elements that match are transformed using # the regex rule. # All elements much match before a rule can be applied # Example rule: match jar with groupid= junit, artifactid= junit # and version starting with 3., replacing the version with 3.x # junit junit jar s/3\\..*/3.x/ debian/README.Debian0000644000000000000000000000121711711614363011233 0ustar acegi-security for Debian ------------------------- The initial release of acegi-security for Debian ships with the following features disabled: * cas provider in core * core-tiger for 1.5 JVM's * all adapters * all samples These where disable to reduce packaging dependencies in order to support packaging of Jenkins for Debian. This version is also built against Spring Framework 2.5 instead of 1.2.9 as specified in the original source. Note that acegi-security is several years old and has been superceeded by spring-security which all new projects should use. -- James Page Wed, 26 Jan 2011 14:45:33 +0000 debian/maven.ignoreRules0000644000000000000000000000346711711614665012536 0ustar # Maven ignore rules - ignore some Maven dependencies and plugins # Format of this file is: # [group] [artifact] [type] [version] [classifier] [scope] # where each element can be either # - the exact string, for example org.apache for the group, or 3.1 # for the version. In this case, the element is simply matched # and left as it is # - * (the star character, alone). In this case, anything will # match and be left as it is. For example, using * on the # position of the artifact field will match any artifact id # All elements much match before a rule can be applied # Example rule: match jar with groupid= junit, artifactid= junit # and version starting with 3., this dependency is then removed # from the POM # junit junit jar s/3\\..*/3.x/ org.acegisecurity acegi-security-adapters pom * * * org.acegisecurity acegi-security-samples pom * * * org.acegisecurity acegi-security-tiger jar * * * cas casclient * * * * com.agilejava.docbkx docbkx-maven-plugin * * * * hsqldb hsqldb * * * * jmock jmock * * * * junit junit * * * * org.apache.directory.server apacheds-core * * * * org.apache.maven.plugins maven-deploy-plugin * * * * org.apache.maven.plugins maven-eclipse-plugin * * * * org.apache.maven.plugins maven-help-plugin * * * * org.apache.maven.plugins maven-idea-plugin * * * * org.apache.maven.plugins maven-jxr-plugin * * * * org.apache.maven.plugins maven-project-info-reports-plugin * * * * org.apache.maven.plugins maven-release-plugin * * * * org.apache.maven.plugins maven-site-plugin * * * * org.apache.maven.plugins maven-source-plugin * * * * org.apache.maven.plugins maven-surefire-plugin * * * * org.apache.maven.plugins maven-surefire-report-plugin * * * * org.codehaus.mojo cobertura-maven-plugin * * * * org.codehaus.mojo taglist-maven-plugin * * * * org.docbook docbook-xml * * * * taglibs standard * * * * debian/maven.properties0000644000000000000000000000031511711614363012414 0ustar # Include here properties to pass to Maven during the build. # For example: # maven.test.skip=true maven.test.skip=true # Set encoding for compatibilty with Java 7 project.build.sourceEncoding=ISO-8859-1 debian/orig-tar.sh0000755000000000000000000000100411711614363011247 0ustar #!/bin/sh -e VERSION=$2 TAR=../acegi-security_$VERSION.orig.tar.gz DIR=acegi-security-$VERSION TAG=$(echo "acegi-security-parent-$VERSION" | sed -re's/~(alpha|beta)/-\1-/') svn export https://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/spring-security/tags/${TAG}/ $DIR GZIP=--best tar -c -z -f $TAR --exclude '*.jar' --exclude '*.class' $DIR rm -rf $DIR ../$TAG # move to directory 'tarballs' if [ -r .svn/deb-layout ]; then . .svn/deb-layout mv $TAR $origDir && echo "moved $TAR to $origDir" fi debian/libacegi-security-java.poms0000644000000000000000000000270611711615110014410 0ustar # List of POM files for the package # Format of this file is: # [option]* # where option can be: # --ignore: ignore this POM or # --no-parent: remove the tag from the POM # --package=: an alternative package to use when installing this POM # and its artifact # --has-package-version: to indicate that the original version of the POM is the same as the upstream part # of the version for the package. # --keep-elements=: a list of XML elements to keep in the POM # during a clean operation with mh_cleanpom or mh_installpom # --artifact=: path to the build artifact associated with this POM, # it will be installed when using the command mh_install # --java-lib: install the jar into /usr/share/java to comply with Debian # packaging guidelines # --usj-name=: name to use when installing the library in /usr/share/java # --usj-version=: version to use when installing the library in /usr/share/java # --no-usj-versionless: don't install the versionless link in /usr/share/java # --dest-jar=: the destination for the real jar # it will be installed with mh_install. # --classifier=: Optional, the classifier for the jar. Empty by default. # --ignore-pom: don't install the POM with mh_install or mh_installpoms. To use with POM files that are created # temporarily for certain artifacts such as Javadoc jars. # pom.xml core/pom.xml debian/watch0000644000000000000000000000031411711614363010220 0ustar version=3 opts="uversionmangle=s/-(alpha|beta)-/~$1/" \ https://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/spring-security/tags/ \ acegi-security-parent-(\d.*)/ debian debian/orig-tar.sh debian/libacegi-security-java-doc.doc-base.api0000644000000000000000000000052111711614363016424 0ustar Document: libacegi-security-java Title: API Javadoc for Acegi Security Author: Interface21, Inc developers Abstract: This is the API Javadoc provided for the libacegi-security-java library. Section: Programming Format: HTML Index: /usr/share/doc/libacegi-security-java/api/index.html Files: /usr/share/doc/libacegi-security-java/api/* debian/changelog0000644000000000000000000000177611711760654011063 0ustar acegi-security (1.0.7-3) unstable; urgency=low * Team Upload [ Miguel Landaeta ] * Replace dependencies on Spring Framework 2.5 libraries with 3.0 ones. * Add spring3.patch. (Closes: #655903). [ James Page ] * d/control,rules,*.classpath: Dropped dependency on javahelper - not required. -- James Page Tue, 31 Jan 2012 12:42:18 +0000 acegi-security (1.0.7-2) unstable; urgency=low [James Page] * Fix FTBFS with OpenJDK 7: - d/maven.properties: Specify source encoding to ensure javadoc generation completes successfully with Java 7. [tony mancill] * Set DMUA flag. -- James Page Tue, 06 Dec 2011 15:20:05 +0000 acegi-security (1.0.7-1) unstable; urgency=low * Initial Debian release (Closes: #643759) -- James Page Thu, 29 Sep 2011 11:57:53 +0100 acegi-security (1.0.7-0ubuntu1) oneiric; urgency=low * Initial release -- James Page Mon, 04 Jul 2011 13:42:35 +0100 debian/compat0000644000000000000000000000000211711614363010367 0ustar 7 debian/maven.cleanIgnoreRules0000644000000000000000000000364011711615110013454 0ustar # Maven ignore rules - ignore some Maven dependencies and plugins # Format of this file is: # [group] [artifact] [type] [version] [classifier] [scope] # where each element can be either # - the exact string, for example org.apache for the group, or 3.1 # for the version. In this case, the element is simply matched # and left as it is # - * (the star character, alone). In this case, anything will # match and be left as it is. For example, using * on the # position of the artifact field will match any artifact id # All elements much match before a rule can be applied # Example rule: match jar with groupid= junit, artifactid= junit # and version starting with 3., this dependency is then removed # from the POM # junit junit jar s/3\\..*/3.x/ org.acegisecurity acegi-security-adapters pom * * * org.acegisecurity acegi-security-samples pom * * * org.acegisecurity acegi-security-tiger jar * * * cas casclient * * * * com.agilejava.docbkx docbkx-maven-plugin * * * * hsqldb hsqldb * * * * jmock jmock * * * * junit junit * * * * org.apache.directory.server apacheds-core * * * * org.apache.maven.plugins maven-deploy-plugin * * * * org.apache.maven.plugins maven-eclipse-plugin * * * * org.apache.maven.plugins maven-help-plugin * * * * org.apache.maven.plugins maven-idea-plugin * * * * org.apache.maven.plugins maven-jxr-plugin * * * * org.apache.maven.plugins maven-project-info-reports-plugin * * * * org.apache.maven.plugins maven-release-plugin * * * * org.apache.maven.plugins maven-site-plugin * * * * org.apache.maven.plugins maven-source-plugin * * * * org.apache.maven.plugins maven-surefire-plugin * * * * org.apache.maven.plugins maven-surefire-report-plugin * * * * org.apache.maven.plugins maven-war-plugin * * * * org.apache.maven.plugins maven-assembly-plugin * * * * org.codehaus.mojo cobertura-maven-plugin * * * * org.codehaus.mojo taglist-maven-plugin * * * * org.docbook docbook-xml * * * * taglibs standard * * * * debian/source/0000755000000000000000000000000011711614363010471 5ustar debian/source/format0000644000000000000000000000001411711614363011677 0ustar 3.0 (quilt) debian/patches/0000755000000000000000000000000011711614431010614 5ustar debian/patches/spring3.patch0000644000000000000000000001302411711614431013222 0ustar Description: Add compatibility with Spring 3.0 Framework Author: Miguel Landaeta Bug-Debian: http://bugs.debian.org/655903 Forwarded: no Last-Update: 2012-01-22 --- acegi-security-1.0.7.orig/core/src/main/java/org/acegisecurity/ui/rememberme/TokenBasedRememberMeServices.java +++ acegi-security-1.0.7/core/src/main/java/org/acegisecurity/ui/rememberme/TokenBasedRememberMeServices.java @@ -39,7 +39,7 @@ import org.springframework.beans.factory import org.springframework.context.ApplicationContext; import org.springframework.util.Assert; import org.springframework.util.StringUtils; -import org.springframework.web.bind.RequestUtils; +import org.springframework.web.bind.ServletRequestUtils; /** * Identifies previously remembered users by a Base-64 encoded cookie. @@ -357,7 +357,7 @@ public class TokenBasedRememberMeService return true; } - return RequestUtils.getBooleanParameter(request, parameter, false); + return ServletRequestUtils.getBooleanParameter(request, parameter, false); } public void loginSuccess(HttpServletRequest request, HttpServletResponse response, --- /dev/null +++ acegi-security-1.0.7/core/src/main/java/org/springframework/metadata/Attributes.java @@ -0,0 +1,98 @@ +/* + * Copyright 2002-2005 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.springframework.metadata; + +import java.lang.reflect.Field; +import java.lang.reflect.Method; +import java.util.Collection; + +/** + * Interface for accessing attributes at runtime. This is a facade, + * which can accommodate any attributes API such as Jakarta Commons Attributes, + * or (possibly in future) a Spring attributes implementation. + * + *

The purpose of using this interface is to decouple Spring code from any + * specific attributes implementation. Even once JSR-175 is available, there + * is still value in such a facade interface, as it allows for hierarchical + * attribute sources: for example, an XML file or properties file might override + * some attributes defined in source-level metadata with JSR-175 or another framework. + * + * @author Mark Pollack + * @author Rod Johnson + * @since 30.09.2003 + * @see org.springframework.metadata.commons.CommonsAttributes + */ +public interface Attributes { + + /** + * Return the class attributes of the target class. + * @param targetClass the class that contains attribute information + * @return a collection of attributes, possibly an empty collection, never null + */ + Collection getAttributes(Class targetClass); + + /** + * Return the class attributes of the target class of a given type. + *

The class attributes are filtered by providing a Class + * reference to indicate the type to filter on. This is useful if you know + * the type of the attribute you are looking for and don't want to sort + * through the unfiltered Collection yourself. + * @param targetClass the class that contains attribute information + * @param filter specify that only this type of class should be returned + * @return return only the Collection of attributes that are of the filter type + */ + Collection getAttributes(Class targetClass, Class filter); + + /** + * Return the method attributes of the target method. + * @param targetMethod the method that contains attribute information + * @return a Collection of attributes, possibly an empty Collection, never null + */ + Collection getAttributes(Method targetMethod); + + /** + * Return the method attributes of the target method of a given type. + *

The method attributes are filtered by providing a Class + * reference to indicate the type to filter on. This is useful if you know + * the type of the attribute you are looking for and don't want to sort + * through the unfiltered Collection yourself. + * @param targetMethod the method that contains attribute information + * @param filter specify that only this type of class should be returned + * @return a Collection of attributes, possibly an empty Collection, never null + */ + Collection getAttributes(Method targetMethod, Class filter); + + /** + * Return the field attributes of the target field. + * @param targetField the field that contains attribute information + * @return a Collection of attribute, possibly an empty Collection, never null + */ + Collection getAttributes(Field targetField); + + /** + * Return the field attributes of the target method of a given type. + *

The field attributes are filtered by providing a Class + * reference to indicate the type to filter on. This is useful if you know + * the type of the attribute you are looking for and don't want to sort + * through the unfiltered Collection yourself. + * @param targetField the field that contains attribute information + * @param filter specify that only this type of class should be returned + * @return a Collection of attributes, possibly an empty Collection, never null + */ + Collection getAttributes(Field targetField, Class filter); + +} debian/patches/build.patch0000644000000000000000000000540611711614431012741 0ustar Description: Realign build dependencies to support Spring 3.0.x instead of Spring 1.2.x. Also disables modules which are not build as part of this package as they are surplus to requirements/have unfulfilled dependencies within Debian/Ubuntu.. Author: James Page Forwarded: not-needed Index: acegi-security/pom.xml =================================================================== --- acegi-security.orig/pom.xml 2011-07-04 10:38:11.186608030 +0100 +++ acegi-security/pom.xml 2011-07-04 10:39:55.516607965 +0100 @@ -8,9 +8,6 @@ core - core-tiger - adapters - samples Acegi Security System for Spring @@ -527,6 +524,11 @@ spring-core ${spring.version} + + org.springframework + spring-aop + ${spring.version} + org.springframework spring-mock @@ -563,7 +570,7 @@ - 1.2.9 + 3.0.5.RELEASE ${basedir}/src/docbkx ${basedir}/target/site/guide Index: acegi-security/core/pom.xml =================================================================== --- acegi-security.orig/core/pom.xml 2011-07-04 10:38:11.146608029 +0100 +++ acegi-security/core/pom.xml 2011-07-04 10:39:55.516607965 +0100 @@ -14,6 +14,11 @@ org.springframework spring-core + + org.springframework + spring-aop + + org.springframework spring-remoting @@ -36,6 +41,12 @@ org.springframework spring-mock true + + + junit + junit + + @@ -157,7 +168,7 @@ ${basedir}/src/main/resources - / + ./ **/* debian/patches/no_cas.patch0000644000000000000000000020166111711614363013111 0ustar Description: Removes CAS support from Acegi core. Author: James Page Forwarded: not-needed Index: acegi-security-1.0.7/core/src/main/java/org/acegisecurity/providers/cas/CasAuthenticationProvider.java =================================================================== --- acegi-security-1.0.7.orig/core/src/main/java/org/acegisecurity/providers/cas/CasAuthenticationProvider.java 2011-01-26 15:24:06.589282508 +0000 +++ /dev/null 1970-01-01 00:00:00.000000000 +0000 @@ -1,203 +0,0 @@ -/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.acegisecurity.providers.cas; - -import org.acegisecurity.AcegiMessageSource; -import org.acegisecurity.Authentication; -import org.acegisecurity.AuthenticationException; -import org.acegisecurity.BadCredentialsException; - -import org.acegisecurity.providers.AuthenticationProvider; -import org.acegisecurity.providers.UsernamePasswordAuthenticationToken; -import org.acegisecurity.providers.cas.cache.NullStatelessTicketCache; - -import org.acegisecurity.ui.cas.CasProcessingFilter; - -import org.acegisecurity.userdetails.UserDetails; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -import org.springframework.beans.factory.InitializingBean; - -import org.springframework.context.MessageSource; -import org.springframework.context.MessageSourceAware; -import org.springframework.context.support.MessageSourceAccessor; - -import org.springframework.util.Assert; - - -/** - * An {@link AuthenticationProvider} implementation that integrates with JA-SIG Central Authentication Service - * (CAS).

This AuthenticationProvider is capable of validating {@link - * UsernamePasswordAuthenticationToken} requests which contain a principal name equal to either {@link - * CasProcessingFilter#CAS_STATEFUL_IDENTIFIER} or {@link CasProcessingFilter#CAS_STATELESS_IDENTIFIER}. It can also - * validate a previously created {@link CasAuthenticationToken}.

- * - * @author Ben Alex - * @version $Id: CasAuthenticationProvider.java 2634 2008-02-15 14:03:52Z luke_t $ - */ -public class CasAuthenticationProvider implements AuthenticationProvider, InitializingBean, MessageSourceAware { - //~ Static fields/initializers ===================================================================================== - - private static final Log logger = LogFactory.getLog(CasAuthenticationProvider.class); - - //~ Instance fields ================================================================================================ - - private CasAuthoritiesPopulator casAuthoritiesPopulator; - private CasProxyDecider casProxyDecider; - protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor(); - private StatelessTicketCache statelessTicketCache = new NullStatelessTicketCache(); - private String key; - private TicketValidator ticketValidator; - - //~ Methods ======================================================================================================== - - public void afterPropertiesSet() throws Exception { - Assert.notNull(this.casAuthoritiesPopulator, "A casAuthoritiesPopulator must be set"); - Assert.notNull(this.ticketValidator, "A ticketValidator must be set"); - Assert.notNull(this.casProxyDecider, "A casProxyDecider must be set"); - Assert.notNull(this.statelessTicketCache, "A statelessTicketCache must be set"); - Assert.hasText(this.key, "A Key is required so CasAuthenticationProvider can identify tokens it previously authenticated"); - Assert.notNull(this.messages, "A message source must be set"); - } - - public Authentication authenticate(Authentication authentication) - throws AuthenticationException { - if (!supports(authentication.getClass())) { - return null; - } - - if (authentication instanceof UsernamePasswordAuthenticationToken - && (!CasProcessingFilter.CAS_STATEFUL_IDENTIFIER.equals(authentication.getPrincipal().toString()) - && !CasProcessingFilter.CAS_STATELESS_IDENTIFIER.equals(authentication.getPrincipal().toString()))) { - // UsernamePasswordAuthenticationToken not CAS related - return null; - } - - // If an existing CasAuthenticationToken, just check we created it - if (authentication instanceof CasAuthenticationToken) { - if (this.key.hashCode() == ((CasAuthenticationToken) authentication).getKeyHash()) { - return authentication; - } else { - throw new BadCredentialsException(messages.getMessage("CasAuthenticationProvider.incorrectKey", - "The presented CasAuthenticationToken does not contain the expected key")); - } - } - - // Ensure credentials are presented - if ((authentication.getCredentials() == null) || "".equals(authentication.getCredentials())) { - throw new BadCredentialsException(messages.getMessage("CasAuthenticationProvider.noServiceTicket", - "Failed to provide a CAS service ticket to validate")); - } - - boolean stateless = false; - - if (authentication instanceof UsernamePasswordAuthenticationToken - && CasProcessingFilter.CAS_STATELESS_IDENTIFIER.equals(authentication.getPrincipal())) { - stateless = true; - } - - CasAuthenticationToken result = null; - - if (stateless) { - // Try to obtain from cache - result = statelessTicketCache.getByTicketId(authentication.getCredentials().toString()); - } - - if (result == null) { - result = this.authenticateNow(authentication); - result.setDetails(authentication.getDetails()); - } - - if (stateless) { - // Add to cache - statelessTicketCache.putTicketInCache(result); - } - - return result; - } - - private CasAuthenticationToken authenticateNow(Authentication authentication) - throws AuthenticationException { - // Validate - TicketResponse response = ticketValidator.confirmTicketValid(authentication.getCredentials().toString()); - - // Check proxy list is trusted - this.casProxyDecider.confirmProxyListTrusted(response.getProxyList()); - - // Lookup user details - UserDetails userDetails = this.casAuthoritiesPopulator.getUserDetails(response.getUser()); - - // Construct CasAuthenticationToken - return new CasAuthenticationToken(this.key, userDetails, authentication.getCredentials(), - userDetails.getAuthorities(), userDetails, response.getProxyList(), response.getProxyGrantingTicketIou()); - } - - public CasAuthoritiesPopulator getCasAuthoritiesPopulator() { - return casAuthoritiesPopulator; - } - - public CasProxyDecider getCasProxyDecider() { - return casProxyDecider; - } - - public String getKey() { - return key; - } - - public StatelessTicketCache getStatelessTicketCache() { - return statelessTicketCache; - } - - public TicketValidator getTicketValidator() { - return ticketValidator; - } - - public void setCasAuthoritiesPopulator(CasAuthoritiesPopulator casAuthoritiesPopulator) { - this.casAuthoritiesPopulator = casAuthoritiesPopulator; - } - - public void setCasProxyDecider(CasProxyDecider casProxyDecider) { - this.casProxyDecider = casProxyDecider; - } - - public void setKey(String key) { - this.key = key; - } - - public void setMessageSource(MessageSource messageSource) { - this.messages = new MessageSourceAccessor(messageSource); - } - - public void setStatelessTicketCache(StatelessTicketCache statelessTicketCache) { - this.statelessTicketCache = statelessTicketCache; - } - - public void setTicketValidator(TicketValidator ticketValidator) { - this.ticketValidator = ticketValidator; - } - - public boolean supports(Class authentication) { - if (UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication)) { - return true; - } else if (CasAuthenticationToken.class.isAssignableFrom(authentication)) { - return true; - } else { - return false; - } - } -} Index: acegi-security-1.0.7/core/src/main/java/org/acegisecurity/providers/cas/CasAuthenticationToken.java =================================================================== --- acegi-security-1.0.7.orig/core/src/main/java/org/acegisecurity/providers/cas/CasAuthenticationToken.java 2011-01-26 15:24:06.559278785 +0000 +++ /dev/null 1970-01-01 00:00:00.000000000 +0000 @@ -1,157 +0,0 @@ -/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.acegisecurity.providers.cas; - -import org.acegisecurity.GrantedAuthority; - -import org.acegisecurity.providers.AbstractAuthenticationToken; - -import org.acegisecurity.userdetails.UserDetails; - -import java.io.Serializable; - -import java.util.List; - - -/** - * Represents a successful CAS Authentication. - * - * @author Ben Alex - * @version $Id: CasAuthenticationToken.java 1784 2007-02-24 21:00:24Z luke_t $ - */ -public class CasAuthenticationToken extends AbstractAuthenticationToken implements Serializable { - //~ Instance fields ================================================================================================ - - private static final long serialVersionUID = 1L; - private final List proxyList; - private final Object credentials; - private final Object principal; - private final String proxyGrantingTicketIou; - private final UserDetails userDetails; - private final int keyHash; - - //~ Constructors =================================================================================================== - -/** - * Constructor. - * - * @param key to identify if this object made by a given {@link - * CasAuthenticationProvider} - * @param principal typically the UserDetails object (cannot be null) - * @param credentials the service/proxy ticket ID from CAS (cannot be - * null) - * @param authorities the authorities granted to the user (from {@link - * CasAuthoritiesPopulator}) (cannot be null) - * @param userDetails the user details (from {@link - * CasAuthoritiesPopulator}) (cannot be null) - * @param proxyList the list of proxies from CAS (cannot be - * null) - * @param proxyGrantingTicketIou the PGT-IOU ID from CAS (cannot be - * null, but may be an empty String if no - * PGT-IOU ID was provided) - * - * @throws IllegalArgumentException if a null was passed - */ - public CasAuthenticationToken(final String key, final Object principal, final Object credentials, - final GrantedAuthority[] authorities, final UserDetails userDetails, final List proxyList, - final String proxyGrantingTicketIou) { - super(authorities); - - if ((key == null) || ("".equals(key)) || (principal == null) || "".equals(principal) || (credentials == null) - || "".equals(credentials) || (authorities == null) || (userDetails == null) || (proxyList == null) - || (proxyGrantingTicketIou == null)) { - throw new IllegalArgumentException("Cannot pass null or empty values to constructor"); - } - - this.keyHash = key.hashCode(); - this.principal = principal; - this.credentials = credentials; - this.userDetails = userDetails; - this.proxyList = proxyList; - this.proxyGrantingTicketIou = proxyGrantingTicketIou; - setAuthenticated(true); - } - - //~ Methods ======================================================================================================== - - public boolean equals(final Object obj) { - if (!super.equals(obj)) { - return false; - } - - if (obj instanceof CasAuthenticationToken) { - CasAuthenticationToken test = (CasAuthenticationToken) obj; - - // proxyGrantingTicketIou is never null due to constructor - if (!this.getProxyGrantingTicketIou().equals(test.getProxyGrantingTicketIou())) { - return false; - } - - // proxyList is never null due to constructor - if (!this.getProxyList().equals(test.getProxyList())) { - return false; - } - - if (this.getKeyHash() != test.getKeyHash()) { - return false; - } - - return true; - } - - return false; - } - - public Object getCredentials() { - return this.credentials; - } - - public int getKeyHash() { - return this.keyHash; - } - - public Object getPrincipal() { - return this.principal; - } - - /** - * Obtains the proxy granting ticket IOU. - * - * @return the PGT IOU-ID or an empty String if no proxy callback was requested when validating the - * service ticket - */ - public String getProxyGrantingTicketIou() { - return proxyGrantingTicketIou; - } - - public List getProxyList() { - return proxyList; - } - - public UserDetails getUserDetails() { - return userDetails; - } - - public String toString() { - StringBuffer sb = new StringBuffer(); - sb.append(super.toString()); - sb.append("; Credentials (Service/Proxy Ticket): ").append(this.credentials); - sb.append("; Proxy-Granting Ticket IOU: ").append(this.proxyGrantingTicketIou); - sb.append("; Proxy List: ").append(this.proxyList); - - return (sb.toString()); - } -} Index: acegi-security-1.0.7/core/src/main/java/org/acegisecurity/providers/cas/CasAuthoritiesPopulator.java =================================================================== --- acegi-security-1.0.7.orig/core/src/main/java/org/acegisecurity/providers/cas/CasAuthoritiesPopulator.java 2011-01-26 15:24:06.559278785 +0000 +++ /dev/null 1970-01-01 00:00:00.000000000 +0000 @@ -1,70 +0,0 @@ -/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.acegisecurity.providers.cas; - -import org.acegisecurity.AuthenticationException; - -import org.acegisecurity.userdetails.UserDetails; - - -/** - * Populates the UserDetails associated with a CAS authenticated - * user. - * - *

- * CAS does not provide the authorities (roles) granted to a user. It merely - * authenticates their identity. As the Acegi Security System for Spring needs - * to know the authorities granted to a user in order to construct a valid - * Authentication object, implementations of this interface will - * provide this information. - *

- * - *

- * A {@link UserDetails} is returned by implementations. The - * UserDetails must, at minimum, contain the username and - * GrantedAuthority[] objects applicable to the CAS-authenticated - * user. Note that Acegi Security ignores the password and enabled/disabled - * status of the UserDetails because this is - * authentication-related and should have been enforced by the CAS server. The - * UserDetails returned by implementations is stored in the - * generated CasAuthenticationToken, so additional properties - * such as email addresses, telephone numbers etc can easily be stored. - *

- * - *

- * Implementations should not perform any caching. They will only be called - * when a refresh is required. - *

- * - * @author Ben Alex - * @version $Id: CasAuthoritiesPopulator.java 1784 2007-02-24 21:00:24Z luke_t $ - */ -public interface CasAuthoritiesPopulator { - //~ Methods ======================================================================================================== - - /** - * Obtains the granted authorities for the specified user.

May throw any - * AuthenticationException or return null if the authorities are unavailable.

- * - * @param casUserId as obtained from the CAS validation service - * - * @return the details of the indicated user (at minimum the granted authorities and the username) - * - * @throws AuthenticationException DOCUMENT ME! - */ - UserDetails getUserDetails(String casUserId) - throws AuthenticationException; -} Index: acegi-security-1.0.7/core/src/main/java/org/acegisecurity/providers/cas/CasProxyDecider.java =================================================================== --- acegi-security-1.0.7.orig/core/src/main/java/org/acegisecurity/providers/cas/CasProxyDecider.java 2011-01-26 15:24:06.489270104 +0000 +++ /dev/null 1970-01-01 00:00:00.000000000 +0000 @@ -1,73 +0,0 @@ -/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.acegisecurity.providers.cas; - -import java.util.List; - - -/** - * Decides whether a proxy list presented via CAS is trusted or not. - * - *

- * CAS 1.0 allowed services to receive a service ticket and then validate it. - * CAS 2.0 allows services to receive a service ticket and then validate it - * with a proxy callback URL. The callback will enable the CAS server to - * authenticate the service. In doing so the service will receive a - * proxy-granting ticket and a proxy-granting ticket IOU. The IOU is just an - * internal record that a proxy-granting ticket is due to be received via the - * callback URL. - *

- * - *

- * With a proxy-granting ticket, a service can request the CAS server provides - * it with a proxy ticket. A proxy ticket is just a service ticket, but the - * CAS server internally tracks the list (chain) of services used to build the - * proxy ticket. The proxy ticket is then presented to the target service. - *

- * - *

- * If this application is a target service of a proxy ticket, the - * CasProxyDecider resolves whether or not the proxy list is - * trusted. Applications should only trust services they allow to impersonate - * an end user. - *

- * - *

- * If this application is a service that should never accept proxy-granting - * tickets, the implementation should reject tickets that present a proxy list - * with any members. If the list has no members, it indicates the CAS server - * directly authenticated the user (ie there are no services which proxied the - * user authentication). - *

- * - * @author Ben Alex - * @version $Id: CasProxyDecider.java 1784 2007-02-24 21:00:24Z luke_t $ - */ -public interface CasProxyDecider { - //~ Methods ======================================================================================================== - - /** - * Decides whether the proxy list is trusted. - *

Must throw any ProxyUntrustedException if the - * proxy list is untrusted.

- * - * @param proxyList the list of proxies to be checked. - * - * @throws ProxyUntrustedException DOCUMENT ME! - */ - void confirmProxyListTrusted(List proxyList) - throws ProxyUntrustedException; -} Index: acegi-security-1.0.7/core/src/main/java/org/acegisecurity/providers/cas/ProxyUntrustedException.java =================================================================== --- acegi-security-1.0.7.orig/core/src/main/java/org/acegisecurity/providers/cas/ProxyUntrustedException.java 2011-01-26 15:24:06.479268863 +0000 +++ /dev/null 1970-01-01 00:00:00.000000000 +0000 @@ -1,50 +0,0 @@ -/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.acegisecurity.providers.cas; - -import org.acegisecurity.AuthenticationException; - - -/** - * Thrown if a CAS proxy ticket is presented from an untrusted proxy. - * - * @author Ben Alex - * @version $Id: ProxyUntrustedException.java 1496 2006-05-23 13:38:33Z benalex $ - */ -public class ProxyUntrustedException extends AuthenticationException { - //~ Constructors =================================================================================================== - -/** - * Constructs a ProxyUntrustedException with the specified - * message. - * - * @param msg the detail message. - */ - public ProxyUntrustedException(String msg) { - super(msg); - } - -/** - * Constructs a ProxyUntrustedException with the specified - * message and root cause. - * - * @param msg the detail message. - * @param t root cause - */ - public ProxyUntrustedException(String msg, Throwable t) { - super(msg, t); - } -} Index: acegi-security-1.0.7/core/src/main/java/org/acegisecurity/providers/cas/StatelessTicketCache.java =================================================================== --- acegi-security-1.0.7.orig/core/src/main/java/org/acegisecurity/providers/cas/StatelessTicketCache.java 2011-01-26 15:24:06.599283751 +0000 +++ /dev/null 1970-01-01 00:00:00.000000000 +0000 @@ -1,116 +0,0 @@ -/* Copyright 2004 Acegi Technology Pty Limited - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.acegisecurity.providers.cas; - -/** - * Caches CAS service tickets and CAS proxy tickets for stateless connections. - * - *

- * When a service ticket or proxy ticket is validated against the CAS server, - * it is unable to be used again. Most types of callers are stateful and are - * associated with a given HttpSession. This allows the - * affirmative CAS validation outcome to be stored in the - * HttpSession, meaning the removal of the ticket from the CAS - * server is not an issue. - *

- * - *

- * Stateless callers, such as remoting protocols, cannot take advantage of - * HttpSession. If the stateless caller is located a significant - * network distance from the CAS server, acquiring a fresh service ticket or - * proxy ticket for each invocation would be expensive. - *

- * - *

- * To avoid this issue with stateless callers, it is expected stateless callers - * will obtain a single service ticket or proxy ticket, and then present this - * same ticket to the Acegi Security System secured application on each - * occasion. As no HttpSession is available for such callers, the - * affirmative CAS validation outcome cannot be stored in this location. - *

- * - *

- * The StatelessTicketCache enables the service tickets and proxy - * tickets belonging to stateless callers to be placed in a cache. This - * in-memory cache stores the CasAuthenticationToken, effectively - * providing the same capability as a HttpSession with the ticket - * identifier being the key rather than a session identifier. - *

- * - *

- * Implementations should provide a reasonable timeout on stored entries, such - * that the stateless caller are not required to unnecessarily acquire fresh - * CAS service tickets or proxy tickets. - *

- * - * @author Ben Alex - * @version $Id: StatelessTicketCache.java 1784 2007-02-24 21:00:24Z luke_t $ - */ -public interface StatelessTicketCache { - //~ Methods ================================================================ - - /** - * Retrieves the CasAuthenticationToken associated with the - * specified ticket. - * - *

- * If not found, returns a - * nullCasAuthenticationToken. - *

- * - * @return the fully populated authentication token - */ - CasAuthenticationToken getByTicketId(String serviceTicket); - - /** - * Adds the specified CasAuthenticationToken to the cache. - * - *

- * The {@link CasAuthenticationToken#getCredentials()} method is used to - * retrieve the service ticket number. - *

- * - * @param token to be added to the cache - */ - void putTicketInCache(CasAuthenticationToken token); - - /** - * Removes the specified ticket from the cache, as per {@link - * #removeTicketFromCache(String)}. - * - *

- * Implementations should use {@link - * CasAuthenticationToken#getCredentials()} to obtain the ticket and then - * delegate to to the {@link #removeTicketFromCache(String)} method. - *

- * - * @param token to be removed - */ - void removeTicketFromCache(CasAuthenticationToken token); - - /** - * Removes the specified ticket from the cache, meaning that future calls - * will require a new service ticket. - * - *

- * This is in case applications wish to provide a session termination - * capability for their stateless clients. - *

- * - * @param serviceTicket to be removed - */ - void removeTicketFromCache(String serviceTicket); -} Index: acegi-security-1.0.7/core/src/main/java/org/acegisecurity/providers/cas/TicketResponse.java =================================================================== --- acegi-security-1.0.7.orig/core/src/main/java/org/acegisecurity/providers/cas/TicketResponse.java 2011-01-26 15:24:06.469267627 +0000 +++ /dev/null 1970-01-01 00:00:00.000000000 +0000 @@ -1,96 +0,0 @@ -/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.acegisecurity.providers.cas; - -import java.util.List; -import java.util.Vector; - - -/** - * Represents a CAS service ticket in native CAS form. - * - * @author Ben Alex - * @version $Id: TicketResponse.java 1496 2006-05-23 13:38:33Z benalex $ - */ -public class TicketResponse { - //~ Instance fields ================================================================================================ - - private List proxyList; - private String proxyGrantingTicketIou; - private String user; - - //~ Constructors =================================================================================================== - -/** - * Constructor. - * - *

- * If null is passed into the proxyList or - * proxyGrantingTicketIou, suitable defaults are established. - * However, null cannot be passed for the user - * argument. - *

- * - * @param user the user as indicated by CAS (cannot be null or - * an empty String) - * @param proxyList as provided by CAS (may be null) - * @param proxyGrantingTicketIou as provided by CAS (may be - * null) - * - * @throws IllegalArgumentException DOCUMENT ME! - */ - public TicketResponse(String user, List proxyList, String proxyGrantingTicketIou) { - if (proxyList == null) { - proxyList = new Vector(); - } - - if (proxyGrantingTicketIou == null) { - proxyGrantingTicketIou = ""; - } - - if ((user == null) || "".equals(user)) { - throw new IllegalArgumentException("Cannot pass null or empty String for User"); - } - - this.user = user; - this.proxyList = proxyList; - this.proxyGrantingTicketIou = proxyGrantingTicketIou; - } - - //~ Methods ======================================================================================================== - - public String getProxyGrantingTicketIou() { - return proxyGrantingTicketIou; - } - - public List getProxyList() { - return proxyList; - } - - public String getUser() { - return user; - } - - public String toString() { - StringBuffer sb = new StringBuffer(); - sb.append(super.toString()); - sb.append(": User: " + this.user); - sb.append("; Proxy-Granting Ticket IOU: " + this.proxyGrantingTicketIou); - sb.append("; Proxy List: " + this.proxyList.toString()); - - return sb.toString(); - } -} Index: acegi-security-1.0.7/core/src/main/java/org/acegisecurity/providers/cas/TicketValidator.java =================================================================== --- acegi-security-1.0.7.orig/core/src/main/java/org/acegisecurity/providers/cas/TicketValidator.java 2011-01-26 15:24:06.539276306 +0000 +++ /dev/null 1970-01-01 00:00:00.000000000 +0000 @@ -1,53 +0,0 @@ -/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.acegisecurity.providers.cas; - -import org.acegisecurity.AuthenticationException; - - -/** - * Validates a CAS service ticket. - * - *

- * Implementations must accept CAS proxy tickets, in addition to CAS service - * tickets. If proxy tickets should be rejected, this is resolved by a {@link - * CasProxyDecider} implementation (not by the TicketValidator). - *

- * - *

- * Implementations may request a proxy granting ticket if wish, although this - * behaviour is not mandatory. - *

- * - * @author Ben Alex - * @version $Id: TicketValidator.java 1784 2007-02-24 21:00:24Z luke_t $ - */ -public interface TicketValidator { - //~ Methods ======================================================================================================== - - /** - * Returns information about the ticket, if it is valid for this service.

Must throw an - * AuthenticationException if the ticket is not valid for this service.

- * - * @param serviceTicket DOCUMENT ME! - * - * @return details of the CAS service ticket - * - * @throws AuthenticationException DOCUMENT ME! - */ - TicketResponse confirmTicketValid(String serviceTicket) - throws AuthenticationException; -} Index: acegi-security-1.0.7/core/src/main/java/org/acegisecurity/providers/cas/cache/EhCacheBasedTicketCache.java =================================================================== --- acegi-security-1.0.7.orig/core/src/main/java/org/acegisecurity/providers/cas/cache/EhCacheBasedTicketCache.java 2011-01-26 15:24:06.459266384 +0000 +++ /dev/null 1970-01-01 00:00:00.000000000 +0000 @@ -1,105 +0,0 @@ -/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.acegisecurity.providers.cas.cache; - -import net.sf.ehcache.CacheException; -import net.sf.ehcache.Element; -import net.sf.ehcache.Ehcache; - -import org.acegisecurity.providers.cas.CasAuthenticationToken; -import org.acegisecurity.providers.cas.StatelessTicketCache; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -import org.springframework.beans.factory.InitializingBean; - -import org.springframework.dao.DataRetrievalFailureException; - -import org.springframework.util.Assert; - - -/** - * Caches tickets using a Spring IoC defined EHCACHE. - * - * @author Ben Alex - * @version $Id: EhCacheBasedTicketCache.java 1965 2007-08-27 23:41:59Z luke_t $ - */ -public class EhCacheBasedTicketCache implements StatelessTicketCache, InitializingBean { - //~ Static fields/initializers ===================================================================================== - - private static final Log logger = LogFactory.getLog(EhCacheBasedTicketCache.class); - - //~ Instance fields ================================================================================================ - - private Ehcache cache; - - //~ Methods ======================================================================================================== - - public void afterPropertiesSet() throws Exception { - Assert.notNull(cache, "cache mandatory"); - } - - public CasAuthenticationToken getByTicketId(String serviceTicket) { - Element element = null; - - try { - element = cache.get(serviceTicket); - } catch (CacheException cacheException) { - throw new DataRetrievalFailureException("Cache failure: " + cacheException.getMessage()); - } - - if (logger.isDebugEnabled()) { - logger.debug("Cache hit: " + (element != null) + "; service ticket: " + serviceTicket); - } - - if (element == null) { - return null; - } else { - return (CasAuthenticationToken) element.getValue(); - } - } - - public Ehcache getCache() { - return cache; - } - - public void putTicketInCache(CasAuthenticationToken token) { - Element element = new Element(token.getCredentials().toString(), token); - - if (logger.isDebugEnabled()) { - logger.debug("Cache put: " + element.getKey()); - } - - cache.put(element); - } - - public void removeTicketFromCache(CasAuthenticationToken token) { - if (logger.isDebugEnabled()) { - logger.debug("Cache remove: " + token.getCredentials().toString()); - } - - this.removeTicketFromCache(token.getCredentials().toString()); - } - - public void removeTicketFromCache(String serviceTicket) { - cache.remove(serviceTicket); - } - - public void setCache(Ehcache cache) { - this.cache = cache; - } -} Index: acegi-security-1.0.7/core/src/main/java/org/acegisecurity/providers/cas/cache/NullStatelessTicketCache.java =================================================================== --- acegi-security-1.0.7.orig/core/src/main/java/org/acegisecurity/providers/cas/cache/NullStatelessTicketCache.java 2011-01-26 15:24:06.449265143 +0000 +++ /dev/null 1970-01-01 00:00:00.000000000 +0000 @@ -1,63 +0,0 @@ -/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.acegisecurity.providers.cas.cache; - -import org.acegisecurity.providers.cas.CasAuthenticationProvider; -import org.acegisecurity.providers.cas.CasAuthenticationToken; -import org.acegisecurity.providers.cas.StatelessTicketCache; - -/** - * Implementation of @link {@link StatelessTicketCache} that has no backing cache. Useful - * in instances where storing of tickets for stateless session management is not required. - *

- * This is the default StatelessTicketCache of the @link {@link CasAuthenticationProvider} to - * eliminate the unnecessary dependency on EhCache that applications have even if they are not using - * the stateless session management. - * - * @author Scott Battaglia - * @version $Id$ - * - *@see CasAuthenticationProvider - */ -public final class NullStatelessTicketCache implements StatelessTicketCache { - - /** - * @return null since we are not storing any tickets. - */ - public CasAuthenticationToken getByTicketId(final String serviceTicket) { - return null; - } - - /** - * This is a no-op since we are not storing tickets. - */ - public void putTicketInCache(final CasAuthenticationToken token) { - // nothing to do - } - - /** - * This is a no-op since we are not storing tickets. - */ - public void removeTicketFromCache(final CasAuthenticationToken token) { - // nothing to do - } - - /** - * This is a no-op since we are not storing tickets. - */ - public void removeTicketFromCache(final String serviceTicket) { - // nothing to do - } -} Index: acegi-security-1.0.7/core/src/main/java/org/acegisecurity/providers/cas/cache/package.html =================================================================== --- acegi-security-1.0.7.orig/core/src/main/java/org/acegisecurity/providers/cas/cache/package.html 2011-01-26 15:24:06.469267627 +0000 +++ /dev/null 1970-01-01 00:00:00.000000000 +0000 @@ -1,5 +0,0 @@ - - -Caches CAS tickets for the CasAuthenticationProvider. - - Index: acegi-security-1.0.7/core/src/main/java/org/acegisecurity/providers/cas/package.html =================================================================== --- acegi-security-1.0.7.orig/core/src/main/java/org/acegisecurity/providers/cas/package.html 2011-01-26 15:24:06.609284987 +0000 +++ /dev/null 1970-01-01 00:00:00.000000000 +0000 @@ -1,6 +0,0 @@ - - -An authentication provider that can process JA-SIG Central Authentication Service (CAS) -service tickets and proxy tickets. - - Index: acegi-security-1.0.7/core/src/main/java/org/acegisecurity/providers/cas/populator/DaoCasAuthoritiesPopulator.java =================================================================== --- acegi-security-1.0.7.orig/core/src/main/java/org/acegisecurity/providers/cas/populator/DaoCasAuthoritiesPopulator.java 2011-01-26 15:24:06.549277549 +0000 +++ /dev/null 1970-01-01 00:00:00.000000000 +0000 @@ -1,61 +0,0 @@ -/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.acegisecurity.providers.cas.populator; - -import org.acegisecurity.AuthenticationException; - -import org.acegisecurity.providers.cas.CasAuthoritiesPopulator; - -import org.acegisecurity.userdetails.UserDetails; -import org.acegisecurity.userdetails.UserDetailsService; - -import org.springframework.beans.factory.InitializingBean; - -import org.springframework.util.Assert; - - -/** - * Populates the CAS authorities via an {@link UserDetailsService}.

The additional information (username, - * password, enabled status etc) an AuthenticationDao implementation provides about a User - * is ignored. Only the GrantedAuthoritys are relevant to this class.

- * - * @author Ben Alex - * @version $Id: DaoCasAuthoritiesPopulator.java 1821 2007-05-17 03:18:35Z raykrueger $ - */ -public class DaoCasAuthoritiesPopulator implements CasAuthoritiesPopulator, InitializingBean { - //~ Instance fields ================================================================================================ - - private UserDetailsService userDetailsService; - - //~ Methods ======================================================================================================== - - public void afterPropertiesSet() throws Exception { - Assert.notNull(this.userDetailsService, "A UserDetailsService must be set"); - } - - public UserDetails getUserDetails(String casUserId) - throws AuthenticationException { - return this.userDetailsService.loadUserByUsername(casUserId); - } - - public UserDetailsService getUserDetailsService() { - return userDetailsService; - } - - public void setUserDetailsService(UserDetailsService userDetailsService) { - this.userDetailsService = userDetailsService; - } -} Index: acegi-security-1.0.7/core/src/main/java/org/acegisecurity/providers/cas/populator/package.html =================================================================== --- acegi-security-1.0.7.orig/core/src/main/java/org/acegisecurity/providers/cas/populator/package.html 2011-01-26 15:24:06.549277549 +0000 +++ /dev/null 1970-01-01 00:00:00.000000000 +0000 @@ -1,5 +0,0 @@ - - -Implementations that populate GrantedAuthority[]s of CAS authentications. - - Index: acegi-security-1.0.7/core/src/main/java/org/acegisecurity/providers/cas/proxy/AcceptAnyCasProxy.java =================================================================== --- acegi-security-1.0.7.orig/core/src/main/java/org/acegisecurity/providers/cas/proxy/AcceptAnyCasProxy.java 2011-01-26 15:24:06.499271345 +0000 +++ /dev/null 1970-01-01 00:00:00.000000000 +0000 @@ -1,51 +0,0 @@ -/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.acegisecurity.providers.cas.proxy; - -import org.acegisecurity.providers.cas.CasProxyDecider; -import org.acegisecurity.providers.cas.ProxyUntrustedException; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -import org.springframework.util.Assert; - -import java.util.List; - - -/** - * Accepts a proxied request from any other service.

Also accepts the request if there was no proxy (ie the user - * directly authenticated against this service).

- * - * @author Ben Alex - * @version $Id: AcceptAnyCasProxy.java 1496 2006-05-23 13:38:33Z benalex $ - */ -public class AcceptAnyCasProxy implements CasProxyDecider { - //~ Static fields/initializers ===================================================================================== - - private static final Log logger = LogFactory.getLog(AcceptAnyCasProxy.class); - - //~ Methods ======================================================================================================== - - public void confirmProxyListTrusted(List proxyList) - throws ProxyUntrustedException { - Assert.notNull(proxyList, "proxyList cannot be null"); - - if (logger.isDebugEnabled()) { - logger.debug("Always accepting proxy list: " + proxyList.toString()); - } - } -} Index: acegi-security-1.0.7/core/src/main/java/org/acegisecurity/providers/cas/proxy/NamedCasProxyDecider.java =================================================================== --- acegi-security-1.0.7.orig/core/src/main/java/org/acegisecurity/providers/cas/proxy/NamedCasProxyDecider.java 2011-01-26 15:24:06.509272588 +0000 +++ /dev/null 1970-01-01 00:00:00.000000000 +0000 @@ -1,88 +0,0 @@ -/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.acegisecurity.providers.cas.proxy; - -import org.acegisecurity.AcegiMessageSource; - -import org.acegisecurity.providers.cas.CasProxyDecider; -import org.acegisecurity.providers.cas.ProxyUntrustedException; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -import org.springframework.beans.factory.InitializingBean; - -import org.springframework.context.MessageSource; -import org.springframework.context.MessageSourceAware; -import org.springframework.context.support.MessageSourceAccessor; - -import org.springframework.util.Assert; - -import java.util.List; - - -/** - * Accepts proxied requests if the closest proxy is named in the validProxies list.

Also accepts the - * request if there was no proxy (ie the user directly authenticated against this service).

- */ -public class NamedCasProxyDecider implements CasProxyDecider, InitializingBean, MessageSourceAware { - //~ Static fields/initializers ===================================================================================== - - private static final Log logger = LogFactory.getLog(NamedCasProxyDecider.class); - - //~ Instance fields ================================================================================================ - - private List validProxies; - protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor(); - - //~ Methods ======================================================================================================== - - public void afterPropertiesSet() throws Exception { - Assert.notNull(this.validProxies, "A validProxies list must be set"); - Assert.notNull(this.messages, "A message source must be set"); - } - - public void confirmProxyListTrusted(List proxyList) - throws ProxyUntrustedException { - Assert.notNull(proxyList, "proxyList cannot be null"); - - if (logger.isDebugEnabled()) { - logger.debug("Proxy list: " + proxyList.toString()); - } - - if (proxyList.size() == 0) { - // A Service Ticket (not a Proxy Ticket) - return; - } - - if (!validProxies.contains(proxyList.get(0))) { - throw new ProxyUntrustedException(messages.getMessage("NamedCasProxyDecider.untrusted", - new Object[] {proxyList.get(0)}, "Nearest proxy {0} is untrusted")); - } - } - - public List getValidProxies() { - return validProxies; - } - - public void setMessageSource(MessageSource messageSource) { - this.messages = new MessageSourceAccessor(messageSource); - } - - public void setValidProxies(List validProxies) { - this.validProxies = validProxies; - } -} Index: acegi-security-1.0.7/core/src/main/java/org/acegisecurity/providers/cas/proxy/RejectProxyTickets.java =================================================================== --- acegi-security-1.0.7.orig/core/src/main/java/org/acegisecurity/providers/cas/proxy/RejectProxyTickets.java 2011-01-26 15:24:06.519273824 +0000 +++ /dev/null 1970-01-01 00:00:00.000000000 +0000 @@ -1,76 +0,0 @@ -/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.acegisecurity.providers.cas.proxy; - -import org.acegisecurity.AcegiMessageSource; - -import org.acegisecurity.providers.cas.CasProxyDecider; -import org.acegisecurity.providers.cas.ProxyUntrustedException; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -import org.springframework.beans.factory.InitializingBean; - -import org.springframework.context.MessageSource; -import org.springframework.context.MessageSourceAware; -import org.springframework.context.support.MessageSourceAccessor; - -import org.springframework.util.Assert; - -import java.util.List; - - -/** - * Accepts no proxied requests.

This class should be used if only service tickets wish to be accepted (ie no - * proxy tickets at all).

- */ -public class RejectProxyTickets implements CasProxyDecider, MessageSourceAware, InitializingBean { - //~ Static fields/initializers ===================================================================================== - - private static final Log logger = LogFactory.getLog(RejectProxyTickets.class); - - //~ Instance fields ================================================================================================ - - protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor(); - - //~ Methods ======================================================================================================== - - public void afterPropertiesSet() throws Exception { - Assert.notNull(this.messages, "A message source must be set"); - } - - public void confirmProxyListTrusted(List proxyList) - throws ProxyUntrustedException { - Assert.notNull(proxyList, "proxyList cannot be null"); - - if (proxyList.size() == 0) { - // A Service Ticket (not a Proxy Ticket) - return; - } - - if (logger.isDebugEnabled()) { - logger.debug("Proxies are unacceptable; proxy list provided: " + proxyList.toString()); - } - - throw new ProxyUntrustedException( - messages.getMessage("RejectProxyTickets.reject", "Proxy tickets are rejected")); - } - - public void setMessageSource(MessageSource messageSource) { - this.messages = new MessageSourceAccessor(messageSource); - } -} Index: acegi-security-1.0.7/core/src/main/java/org/acegisecurity/providers/cas/proxy/package.html =================================================================== --- acegi-security-1.0.7.orig/core/src/main/java/org/acegisecurity/providers/cas/proxy/package.html 2011-01-26 15:24:06.529275065 +0000 +++ /dev/null 1970-01-01 00:00:00.000000000 +0000 @@ -1,6 +0,0 @@ - - -Implementations that decide whether proxy lists of -CAS authentications are trusted. - - Index: acegi-security-1.0.7/core/src/main/java/org/acegisecurity/providers/cas/ticketvalidator/AbstractTicketValidator.java =================================================================== --- acegi-security-1.0.7.orig/core/src/main/java/org/acegisecurity/providers/cas/ticketvalidator/AbstractTicketValidator.java 2011-01-26 15:24:06.579281267 +0000 +++ /dev/null 1970-01-01 00:00:00.000000000 +0000 @@ -1,97 +0,0 @@ -/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.acegisecurity.providers.cas.ticketvalidator; - -import org.acegisecurity.providers.cas.TicketValidator; - -import org.acegisecurity.ui.cas.ServiceProperties; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -import org.springframework.beans.factory.InitializingBean; - -import org.springframework.util.Assert; - - -/** - * Convenience abstract base for TicketValidators. - * - * @author Ben Alex - * @version $Id: AbstractTicketValidator.java 1730 2006-11-12 23:10:09Z benalex $ - */ -public abstract class AbstractTicketValidator implements TicketValidator, InitializingBean { - //~ Static fields/initializers ===================================================================================== - - private static final Log logger = LogFactory.getLog(AbstractTicketValidator.class); - - //~ Instance fields ================================================================================================ - - private ServiceProperties serviceProperties; - private String casValidate; - private String trustStore; - - //~ Methods ======================================================================================================== - - public void afterPropertiesSet() throws Exception { - Assert.hasLength(casValidate, "A casValidate URL must be set"); - Assert.notNull(serviceProperties, "serviceProperties must be specified"); - - if ((trustStore != null) && (!"".equals(trustStore))) { - if (logger.isDebugEnabled()) { - logger.debug("Setting system property 'javax.net.ssl.trustStore'" + " to value [" + trustStore + "]"); - } - - System.setProperty("javax.net.ssl.trustStore", trustStore); - } - } - - /** - * Mandatory URL to CAS' proxy ticket valiation service.

This is usually something like - * https://www.mycompany.com/cas/proxyValidate.

- * - * @return the CAS proxy ticket validation URL - */ - public String getCasValidate() { - return casValidate; - } - - public ServiceProperties getServiceProperties() { - return serviceProperties; - } - - /** - * Optional property which will be used to set the system property javax.net.ssl.trustStore. - * - * @return the javax.net.ssl.trustStore that will be set during bean initialization, or - * null to leave the system property unchanged - */ - public String getTrustStore() { - return trustStore; - } - - public void setCasValidate(String casValidate) { - this.casValidate = casValidate; - } - - public void setServiceProperties(ServiceProperties serviceProperties) { - this.serviceProperties = serviceProperties; - } - - public void setTrustStore(String trustStore) { - this.trustStore = trustStore; - } -} Index: acegi-security-1.0.7/core/src/main/java/org/acegisecurity/providers/cas/ticketvalidator/CasProxyTicketValidator.java =================================================================== --- acegi-security-1.0.7.orig/core/src/main/java/org/acegisecurity/providers/cas/ticketvalidator/CasProxyTicketValidator.java 2011-01-26 15:24:06.569280026 +0000 +++ /dev/null 1970-01-01 00:00:00.000000000 +0000 @@ -1,116 +0,0 @@ -/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.acegisecurity.providers.cas.ticketvalidator; - -import edu.yale.its.tp.cas.client.ProxyTicketValidator; - -import org.acegisecurity.AuthenticationException; -import org.acegisecurity.AuthenticationServiceException; -import org.acegisecurity.BadCredentialsException; - -import org.acegisecurity.providers.cas.TicketResponse; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - - -/** - * Uses CAS' ProxyTicketValidator to validate a service ticket. - * - * @author Ben Alex - * @version $Id: CasProxyTicketValidator.java 1784 2007-02-24 21:00:24Z luke_t $ - */ -public class CasProxyTicketValidator extends AbstractTicketValidator { - //~ Static fields/initializers ===================================================================================== - - private static final Log logger = LogFactory.getLog(CasProxyTicketValidator.class); - - //~ Instance fields ================================================================================================ - - private String proxyCallbackUrl; - - //~ Methods ======================================================================================================== - - public TicketResponse confirmTicketValid(String serviceTicket) - throws AuthenticationException { - // Attempt to validate presented ticket using CAS' ProxyTicketValidator class - ProxyTicketValidator pv = new ProxyTicketValidator(); - - pv.setCasValidateUrl(super.getCasValidate()); - pv.setServiceTicket(serviceTicket); - pv.setService(super.getServiceProperties().getService()); - - if (super.getServiceProperties().isSendRenew()) { - logger.warn( - "The current CAS ProxyTicketValidator does not support the 'renew' property. " - + "The ticket cannot be validated as having been issued by a 'renew' authentication. " - + "It is expected this will be corrected in a future version of CAS' ProxyTicketValidator."); - } - - if ((this.proxyCallbackUrl != null) && (!"".equals(this.proxyCallbackUrl))) { - pv.setProxyCallbackUrl(proxyCallbackUrl); - } - - return validateNow(pv); - } - - /** - * Optional callback URL to obtain a proxy-granting ticket from CAS. - *

This callback URL belongs to the Acegi Security System for Spring secured application. We suggest you use - * CAS' ProxyTicketReceptor servlet to receive this callback and manage the proxy-granting ticket list. - * The callback URL is usually something like - * https://www.mycompany.com/application/casProxy/receptor. - *

- *

If left null, the CasAuthenticationToken will not have a proxy granting - * ticket IOU and there will be no proxy-granting ticket callback. Accordingly, the Acegi Securty System for - * Spring secured application will be unable to obtain a proxy ticket to call another CAS-secured service on - * behalf of the user. This is not really an issue for most applications.

- * - * @return the proxy callback URL, or null if not used - */ - public String getProxyCallbackUrl() { - return proxyCallbackUrl; - } - - public void setProxyCallbackUrl(String proxyCallbackUrl) { - this.proxyCallbackUrl = proxyCallbackUrl; - } - - /** - * Perform the actual remote invocation. Protected to enable replacement during tests. - * - * @param pv the populated ProxyTicketValidator - * - * @return the TicketResponse - * - * @throws AuthenticationServiceException ifProxyTicketValidator internally fails - * @throws BadCredentialsException DOCUMENT ME! - */ - protected TicketResponse validateNow(ProxyTicketValidator pv) - throws AuthenticationServiceException, BadCredentialsException { - try { - pv.validate(); - } catch (Exception internalProxyTicketValidatorProblem) { - throw new AuthenticationServiceException(internalProxyTicketValidatorProblem.getMessage()); - } - - if (!pv.isAuthenticationSuccesful()) { - throw new BadCredentialsException(pv.getErrorCode() + ": " + pv.getErrorMessage()); - } - - return new TicketResponse(pv.getUser(), pv.getProxyList(), pv.getPgtIou()); - } -} Index: acegi-security-1.0.7/core/src/main/java/org/acegisecurity/providers/cas/ticketvalidator/package.html =================================================================== --- acegi-security-1.0.7.orig/core/src/main/java/org/acegisecurity/providers/cas/ticketvalidator/package.html 2011-01-26 15:24:06.589282508 +0000 +++ /dev/null 1970-01-01 00:00:00.000000000 +0000 @@ -1,5 +0,0 @@ - - -Implementations that validate service tickets. - - Index: acegi-security-1.0.7/core/src/main/java/org/acegisecurity/providers/ProviderManager.java =================================================================== --- acegi-security-1.0.7.orig/core/src/main/java/org/acegisecurity/providers/ProviderManager.java 2011-01-26 15:33:35.219802704 +0000 +++ acegi-security-1.0.7/core/src/main/java/org/acegisecurity/providers/ProviderManager.java 2011-01-26 15:33:54.822233751 +0000 @@ -42,7 +42,6 @@ import org.acegisecurity.event.authentication.AuthenticationFailureServiceExceptionEvent; import org.acegisecurity.event.authentication.AuthenticationSuccessEvent; -import org.acegisecurity.providers.cas.ProxyUntrustedException; import org.acegisecurity.userdetails.UsernameNotFoundException; @@ -131,8 +130,6 @@ AuthenticationFailureConcurrentLoginEvent.class.getName()); DEFAULT_EXCEPTION_MAPPINGS.put(ProviderNotFoundException.class.getName(), AuthenticationFailureProviderNotFoundEvent.class.getName()); - DEFAULT_EXCEPTION_MAPPINGS.put(ProxyUntrustedException.class.getName(), - AuthenticationFailureProxyUntrustedEvent.class.getName()); } public ProviderManager() { @@ -337,4 +334,4 @@ this.additionalExceptionMappings = additionalExceptionMappings; } -} \ No newline at end of file +} debian/patches/series0000644000000000000000000000004711711614431012032 0ustar build.patch no_cas.patch spring3.patch