Removal of deprecated methods and classes.

config/src/test/java/org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptorWithAopConfigTests.java

@@ -39,11 +39,11 @@ public class MethodSecurityInterceptorWithAopConfigTests {
         "<b:bean id='target' class='org.springframework.security.TargetObject'/>" +
         "<b:bean id='securityInterceptor' class='org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor' autowire='byType' >" +
         "     <b:property name='securityMetadataSource'>" +
-        "       <b:value>" +
-                    "org.springframework.security.ITargetObject.makeLower*=ROLE_A\n" +
-                    "org.springframework.security.TargetObject.makeUpper*=ROLE_A\n" +
-                    "org.springframework.security.ITargetObject.computeHashCode*=ROLE_B\n" +
-        "       </b:value>" +
+        "         <method-security-metadata-source>" +
+        "             <protect method='org.springframework.security.ITargetObject.makeLower*' access='ROLE_A'/>" +
+        "             <protect method='org.springframework.security.ITargetObject.makeUpper*' access='ROLE_A'/>" +
+        "             <protect method='org.springframework.security.ITargetObject.computeHashCode*' access='ROLE_B'/>" +
+        "         </method-security-metadata-source>" +
         "     </b:property>" +
         "</b:bean>";
 

core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptor.java

@@ -42,10 +42,6 @@ public class MethodSecurityInterceptor extends AbstractSecurityInterceptor imple
 
     //~ Methods ========================================================================================================
 
-    public MethodSecurityMetadataSource getSecurityMetadataSource() {
-        return this.securityMetadataSource;
-    }
-
     public Class<? extends Object> getSecureObjectClass() {
         return MethodInvocation.class;
     }
@@ -72,6 +68,10 @@ public class MethodSecurityInterceptor extends AbstractSecurityInterceptor imple
         return result;
     }
 
+    public MethodSecurityMetadataSource getSecurityMetadataSource() {
+        return this.securityMetadataSource;
+    }
+
     public SecurityMetadataSource obtainSecurityMetadataSource() {
         return this.securityMetadataSource;
     }

core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisor.java

@@ -60,17 +60,6 @@ public class MethodSecurityMetadataSourceAdvisor extends AbstractPointcutAdvisor
 
     //~ Constructors ===================================================================================================
 
-    /**
-     * @deprecated use the decoupled approach instead
-     */
-    MethodSecurityMetadataSourceAdvisor(MethodSecurityInterceptor advice) {
-        Assert.notNull(advice.getSecurityMetadataSource(), "Cannot construct a MethodSecurityMetadataSourceAdvisor using a " +
-                "MethodSecurityInterceptor that has no SecurityMetadataSource configured");
-
-        this.interceptor = advice;
-        this.attributeSource = advice.getSecurityMetadataSource();
-    }
-
     /**
      * Alternative constructor for situations where we want the advisor decoupled from the advice. Instead the advice
      * bean name should be set. This prevents eager instantiation of the interceptor

core/src/main/java/org/springframework/security/access/method/MethodSecurityMetadataSourceEditor.java

@@ -1,75 +0,0 @@
-/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.access.method;
-
-import java.beans.PropertyEditorSupport;
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.LinkedHashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Properties;
-
-import org.springframework.beans.propertyeditors.PropertiesEditor;
-import org.springframework.security.access.ConfigAttribute;
-import org.springframework.security.access.SecurityConfig;
-import org.springframework.util.StringUtils;
-
-
-/**
- * Property editor to assist with the setup of a {@link MethodSecurityMetadataSource}.
- * <p>
- * The class creates and populates a {@link MapBasedMethodSecurityMetadataSource}.
- *
- * @author Ben Alex
- * @deprecated use method annotations or the protect-pointcut support from the namespace
- */
-public class MethodSecurityMetadataSourceEditor extends PropertyEditorSupport {
-    //~ Methods ========================================================================================================
-
-    @SuppressWarnings("unchecked")
-    public void setAsText(String s) throws IllegalArgumentException {
-        if ((s == null) || "".equals(s)) {
-            setValue(new MapBasedMethodSecurityMetadataSource());
-            return;
-        }
-
-        // Use properties editor to tokenize the string
-        PropertiesEditor propertiesEditor = new PropertiesEditor();
-        propertiesEditor.setAsText(s);
-
-        Properties props = (Properties) propertiesEditor.getValue();
-
-        // Now we have properties, process each one individually
-        Map<String, List<ConfigAttribute>> mappings = new LinkedHashMap<String, List<ConfigAttribute>>();
-
-        for (Iterator iter = props.keySet().iterator(); iter.hasNext();) {
-            String name = (String) iter.next();
-            String value = props.getProperty(name);
-
-            String[] tokens = StringUtils.commaDelimitedListToStringArray(value);
-            List<ConfigAttribute> attributes = new ArrayList<ConfigAttribute>(tokens.length);
-
-            for(String token : tokens) {
-                attributes.add(new SecurityConfig(token));
-            }
-
-            mappings.put(name, attributes);
-        }
-
-        setValue(new MapBasedMethodSecurityMetadataSource(mappings));
-    }
-}

core/src/main/java/org/springframework/security/authentication/AnonymousAuthenticationToken.java

@@ -15,13 +15,11 @@
 
 package org.springframework.security.authentication;
 
-import org.springframework.security.core.GrantedAuthority;
-
-
 import java.io.Serializable;
-import java.util.Arrays;
 import java.util.List;
 
+import org.springframework.security.core.GrantedAuthority;
+
 
 /**
  * Represents an anonymous <code>Authentication</code>.
@@ -37,13 +35,6 @@ public class AnonymousAuthenticationToken extends AbstractAuthenticationToken im
 
     //~ Constructors ===================================================================================================
 
-    /**
-     * @deprecated use the second constructor
-     */
-    public AnonymousAuthenticationToken(String key, Object principal, GrantedAuthority[] authorities) {
-        this(key, principal, Arrays.asList(authorities));
-    }
-
     /**
      * Constructor.
      *

core/src/main/java/org/springframework/security/authentication/UsernamePasswordAuthenticationToken.java

@@ -15,7 +15,6 @@
 
 package org.springframework.security.authentication;
 
-import java.util.Arrays;
 import java.util.Collection;
 
 import org.springframework.security.core.GrantedAuthority;
@@ -52,13 +51,6 @@ public class UsernamePasswordAuthenticationToken extends AbstractAuthenticationT
         setAuthenticated(false);
     }
 
-    /**
-     * @deprecated use the list of authorities version
-     */
-    public UsernamePasswordAuthenticationToken(Object principal, Object credentials, GrantedAuthority[] authorities) {
-        this(principal, credentials, Arrays.asList(authorities));
-    }
-
     /**
      * This constructor should only be used by <code>AuthenticationManager</code> or <code>AuthenticationProvider</code>
      * implementations that are satisfied with producing a trusted (i.e. {@link #isAuthenticated()} = <code>true</code>)

core/src/main/java/org/springframework/security/util/EncryptionUtils.java

@@ -1,165 +0,0 @@
-/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.util;
-
-import java.io.UnsupportedEncodingException;
-import java.security.spec.KeySpec;
-
-import javax.crypto.Cipher;
-import javax.crypto.SecretKey;
-import javax.crypto.SecretKeyFactory;
-import javax.crypto.spec.DESedeKeySpec;
-
-import org.springframework.core.NestedRuntimeException;
-import org.springframework.security.core.codec.Base64;
-import org.springframework.util.Assert;
-
-/**
- * A static utility class that can encrypt and decrypt text.
- *
- * <p>This class is useful if you have simple needs and wish to use the DESede
- * encryption cipher. More sophisticated requirements will need to use the
- * Java crypto libraries directly.
- *
- * @author Alan Stewart
- * @author Ben Alex
- * @deprecated Use a dedicated encryption library instead.
- */
-@Deprecated
-public final class EncryptionUtils {
-
-    /**
-     * This is a static class that should not be instantiated.
-     */
-    private EncryptionUtils() {}
-
-    /**
-     * Converts a String into a byte array using UTF-8, falling back to the
-     * platform's default character set if UTF-8 fails.
-     *
-     * @param input the input (required)
-     * @return a byte array representation of the input string
-     */
-    public static byte[] stringToByteArray(String input) {
-        Assert.hasLength(input, "Input required");
-        try {
-            return input.getBytes("UTF-8");
-        } catch (UnsupportedEncodingException fallbackToDefault) {
-            return input.getBytes();
-        }
-    }
-
-    /**
-     * Converts a byte array into a String using UTF-8, falling back to the
-     * platform's default character set if UTF-8 fails.
-     *
-     * @param byteArray the byte array to convert (required)
-     * @return a string representation of the byte array
-     */
-    public static String byteArrayToString(byte[] byteArray) {
-        Assert.notNull(byteArray, "ByteArray required");
-        Assert.isTrue(byteArray.length > 0, "ByteArray cannot be empty");
-        try {
-            return new String(byteArray, "UTF8");
-        } catch (final UnsupportedEncodingException e) {
-            return new String(byteArray);
-        }
-    }
-
-    private static byte[] cipher(String key, byte[] passedBytes, int cipherMode) throws EncryptionException {
-        try {
-            final KeySpec keySpec = new DESedeKeySpec(stringToByteArray(key));
-            final SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DESede");
-            final Cipher cipher = Cipher.getInstance("DESede/ECB/PKCS5Padding");
-            final SecretKey secretKey = keyFactory.generateSecret(keySpec);
-            cipher.init(cipherMode, secretKey);
-            return cipher.doFinal(passedBytes);
-        } catch (final Exception e) {
-            throw new EncryptionException(e.getMessage(), e);
-        }
-    }
-
-    /**
-     * Encrypts the inputString using the key.
-     *
-     * @param key at least 24 character long key (required)
-     * @param inputString the string to encrypt (required)
-     * @return the encrypted version of the inputString
-     * @throws EncryptionException in the event of an encryption failure
-     */
-    public static String encrypt(String key, String inputString) throws EncryptionException {
-        isValidKey(key);
-        final byte[] cipherText = cipher(key, stringToByteArray(inputString), Cipher.ENCRYPT_MODE);
-        return byteArrayToString(Base64.encode(cipherText));
-    }
-
-    /**
-     * Encrypts the inputBytes using the key.
-     *
-     * @param key at least 24 character long key (required)
-     * @param inputBytes the bytes to encrypt (required)
-     * @return the encrypted version of the inputBytes
-     * @throws EncryptionException in the event of an encryption failure
-     */
-    public static byte[] encrypt(String key, byte[] inputBytes) throws EncryptionException {
-        isValidKey(key);
-        return Base64.encode(cipher(key, inputBytes, Cipher.ENCRYPT_MODE));
-    }
-
-    /**
-     * Decrypts the inputString using the key.
-     *
-     * @param key the key used to originally encrypt the string (required)
-     * @param inputString the encrypted string (required)
-     * @return the decrypted version of inputString
-     * @throws EncryptionException in the event of an encryption failure
-     */
-    public static String decrypt(String key, String inputString) throws EncryptionException {
-        Assert.hasText(key, "A key is required to attempt decryption");
-        final byte[] cipherText = cipher(key, Base64.decode(stringToByteArray(inputString)), Cipher.DECRYPT_MODE);
-        return byteArrayToString(cipherText);
-    }
-
-    /**
-     * Decrypts the inputBytes using the key.
-     *
-     * @param key the key used to originally encrypt the string (required)
-     * @param inputBytes the encrypted bytes (required)
-     * @return the decrypted version of inputBytes
-     * @throws EncryptionException in the event of an encryption failure
-     */
-    public static byte[] decrypt(String key, byte[] inputBytes) throws EncryptionException {
-        Assert.hasText(key, "A key is required to attempt decryption");
-        return cipher(key, Base64.decode(inputBytes), Cipher.DECRYPT_MODE);
-    }
-
-    private static void isValidKey(String key) {
-        Assert.hasText(key, "A key to perform the encryption is required");
-        Assert.isTrue(key.length() >= 24, "Key must be at least 24 characters long");
-    }
-
-    public static class EncryptionException extends NestedRuntimeException {
-        private static final long serialVersionUID = 1L;
-
-        public EncryptionException(String message, Throwable t) {
-            super(message, t);
-        }
-
-        public EncryptionException(String message) {
-            super(message);
-        }
-    }
-}

core/src/test/java/org/springframework/security/access/annotation/MethodDefinitionSourceEditorTigerTests.java

@@ -1,87 +0,0 @@
-/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.access.annotation;
-
-import static org.junit.Assert.assertEquals;
-
-import java.util.Collection;
-import java.util.List;
-
-import org.junit.Before;
-import org.junit.Test;
-import org.springframework.security.access.ConfigAttribute;
-import org.springframework.security.access.SecurityConfig;
-import org.springframework.security.access.annotation.test.Entity;
-import org.springframework.security.access.annotation.test.PersonServiceImpl;
-import org.springframework.security.access.annotation.test.Service;
-import org.springframework.security.access.intercept.method.MockMethodInvocation;
-import org.springframework.security.access.method.MapBasedMethodSecurityMetadataSource;
-import org.springframework.security.access.method.MethodSecurityMetadataSourceEditor;
-
-
-/**
- * Extra tests to demonstrate generics behaviour with <code>MapBasedMethodDefinitionSource</code>.
- *
- * @author Ben Alex
- */
-@SuppressWarnings("deprecation")
-public class MethodDefinitionSourceEditorTigerTests {
-    private MockMethodInvocation makeUpper;
-    private MockMethodInvocation makeLower;
-
-    @Before
-    public void createMethodInvocations() throws Exception {
-        makeUpper = new MockMethodInvocation(new PersonServiceImpl(), Service.class,"makeUpperCase", Entity.class);
-        makeLower = new MockMethodInvocation(new PersonServiceImpl(), Service.class,"makeLowerCase", Entity.class);
-    }
-
-    @Test
-    public void testConcreteClassInvocations() throws Exception {
-        MethodSecurityMetadataSourceEditor editor = new MethodSecurityMetadataSourceEditor();
-        editor.setAsText(
-                "org.springframework.security.access.annotation.test.Service.makeLower*=ROLE_FROM_INTERFACE\r\n" +
-                "org.springframework.security.access.annotation.test.Service.makeUpper*=ROLE_FROM_INTERFACE\r\n" +
-                "org.springframework.security.access.annotation.test.ServiceImpl.makeUpper*=ROLE_FROM_IMPLEMENTATION");
-
-        MapBasedMethodSecurityMetadataSource map = (MapBasedMethodSecurityMetadataSource) editor.getValue();
-        assertEquals(3, map.getMethodMapSize());
-
-        Collection<ConfigAttribute> returnedMakeLower = map.getAttributes(makeLower);
-        List<ConfigAttribute> expectedMakeLower = SecurityConfig.createList("ROLE_FROM_INTERFACE");
-        assertEquals(expectedMakeLower, returnedMakeLower);
-
-        Collection<ConfigAttribute> returnedMakeUpper = map.getAttributes(makeUpper);
-        List<ConfigAttribute> expectedMakeUpper = SecurityConfig.createList(new String[]{"ROLE_FROM_IMPLEMENTATION"});
-        assertEquals(expectedMakeUpper, returnedMakeUpper);
-    }
-
-    @Test
-    public void testBridgeMethodResolution() throws Exception {
-        MethodSecurityMetadataSourceEditor editor = new MethodSecurityMetadataSourceEditor();
-        editor.setAsText(
-                "org.springframework.security.access.annotation.test.PersonService.makeUpper*=ROLE_FROM_INTERFACE\r\n" +
-                "org.springframework.security.access.annotation.test.ServiceImpl.makeUpper*=ROLE_FROM_ABSTRACT\r\n" +
-                "org.springframework.security.access.annotation.test.PersonServiceImpl.makeUpper*=ROLE_FROM_PSI");
-
-        MapBasedMethodSecurityMetadataSource map = (MapBasedMethodSecurityMetadataSource) editor.getValue();
-        assertEquals(3, map.getMethodMapSize());
-
-        Collection<ConfigAttribute> returnedMakeUpper = map.getAttributes(makeUpper);
-        List<ConfigAttribute> expectedMakeUpper = SecurityConfig.createList("ROLE_FROM_PSI");
-        assertEquals(expectedMakeUpper, returnedMakeUpper);
-    }
-
-}

core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisorTests.java

@@ -15,43 +15,31 @@
 
 package org.springframework.security.access.intercept.aopalliance;
 
+import static org.mockito.Mockito.*;
+
 import java.lang.reflect.Method;
 
 import junit.framework.TestCase;
 
 import org.springframework.security.TargetObject;
-import org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor;
-import org.springframework.security.access.intercept.aopalliance.MethodSecurityMetadataSourceAdvisor;
-import org.springframework.security.access.method.MapBasedMethodSecurityMetadataSource;
-import org.springframework.security.access.method.MethodSecurityMetadataSourceEditor;
+import org.springframework.security.access.SecurityConfig;
+import org.springframework.security.access.method.MethodSecurityMetadataSource;
 
 /**
  * Tests {@link MethodSecurityMetadataSourceAdvisor}.
  *
  * @author Ben Alex
  */
-@SuppressWarnings("deprecation")
 public class MethodSecurityMetadataSourceAdvisorTests extends TestCase {
     //~ Methods ========================================================================================================
 
-    private MethodSecurityInterceptor getInterceptor() {
-        MethodSecurityMetadataSourceEditor editor = new MethodSecurityMetadataSourceEditor();
-        editor.setAsText("org.springframework.security.TargetObject.countLength=ROLE_NOT_USED");
-
-        MapBasedMethodSecurityMetadataSource map = (MapBasedMethodSecurityMetadataSource) editor.getValue();
-
-        MethodSecurityInterceptor msi = new MethodSecurityInterceptor();
-        msi.setSecurityMetadataSource(map);
-
-        return msi;
-    }
-
-    public void testAdvisorReturnsFalseWhenMethodInvocationNotDefined()
-        throws Exception {
+    public void testAdvisorReturnsFalseWhenMethodInvocationNotDefined() throws Exception {
         Class<TargetObject> clazz = TargetObject.class;
         Method method = clazz.getMethod("makeLowerCase", new Class[] {String.class});
 
-        MethodSecurityMetadataSourceAdvisor advisor = new MethodSecurityMetadataSourceAdvisor(getInterceptor());
+        MethodSecurityMetadataSource mds = mock(MethodSecurityMetadataSource.class);
+        when(mds.getAttributes(method, clazz)).thenReturn(null);
+        MethodSecurityMetadataSourceAdvisor advisor = new MethodSecurityMetadataSourceAdvisor("", mds ,"");
         assertFalse(advisor.getPointcut().getMethodMatcher().matches(method, clazz));
     }
 
@@ -60,18 +48,9 @@ public class MethodSecurityMetadataSourceAdvisorTests extends TestCase {
         Class<TargetObject> clazz = TargetObject.class;
         Method method = clazz.getMethod("countLength", new Class[] {String.class});
 
-        MethodSecurityMetadataSourceAdvisor advisor = new MethodSecurityMetadataSourceAdvisor(getInterceptor());
+        MethodSecurityMetadataSource mds = mock(MethodSecurityMetadataSource.class);
+        when(mds.getAttributes(method, clazz)).thenReturn(SecurityConfig.createList("ROLE_A"));
+        MethodSecurityMetadataSourceAdvisor advisor = new MethodSecurityMetadataSourceAdvisor("", mds ,"");
         assertTrue(advisor.getPointcut().getMethodMatcher().matches(method, clazz));
     }
-
-    public void testDetectsImproperlyConfiguredAdvice() {
-        MethodSecurityInterceptor msi = new MethodSecurityInterceptor();
-
-        try {
-            new MethodSecurityMetadataSourceAdvisor(msi);
-            fail("Should have detected null SecurityMetadataSource and thrown AopConfigException");
-        } catch (IllegalArgumentException expected) {
-            assertTrue(true);
-        }
-    }
 }

core/src/test/java/org/springframework/security/access/intercept/method/MethodSecurityMetadataSourceEditorTests.java

@@ -1,224 +0,0 @@
-/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.access.intercept.method;
-
-import java.lang.reflect.AccessibleObject;
-import java.lang.reflect.Method;
-import java.util.Collection;
-import java.util.List;
-
-import junit.framework.TestCase;
-
-import org.aopalliance.intercept.MethodInvocation;
-import org.springframework.security.ITargetObject;
-import org.springframework.security.OtherTargetObject;
-import org.springframework.security.TargetObject;
-import org.springframework.security.access.ConfigAttribute;
-import org.springframework.security.access.SecurityConfig;
-import org.springframework.security.access.method.MapBasedMethodSecurityMetadataSource;
-import org.springframework.security.access.method.MethodSecurityMetadataSourceEditor;
-
-
-/**
- * Tests {@link MethodSecurityMetadataSourceEditor} and its associated {@link MapBasedMethodSecurityMetadataSource}.
- *
- * @author Ben Alex
- */
-@SuppressWarnings("deprecation")
-public class MethodSecurityMetadataSourceEditorTests extends TestCase {
-    //~ Methods ========================================================================================================
-
-    public final void setUp() throws Exception {
-        super.setUp();
-    }
-
-    public void testClassNameNotFoundResultsInException() {
-        MethodSecurityMetadataSourceEditor editor = new MethodSecurityMetadataSourceEditor();
-
-        try {
-            editor.setAsText("org.springframework.security.DOES_NOT_EXIST_NAME=FOO,BAR");
-            fail("Should have given IllegalArgumentException");
-        } catch (IllegalArgumentException expected) {
-            assertTrue(true);
-        }
-    }
-
-    public void testClassNameNotInProperFormatResultsInException() {
-        MethodSecurityMetadataSourceEditor editor = new MethodSecurityMetadataSourceEditor();
-
-        try {
-            editor.setAsText("DOES_NOT_EXIST_NAME=FOO,BAR");
-            fail("Should have given IllegalArgumentException");
-        } catch (IllegalArgumentException expected) {
-            assertTrue(true);
-        }
-    }
-
-    public void testClassNameValidButMethodNameInvalidResultsInException() {
-        MethodSecurityMetadataSourceEditor editor = new MethodSecurityMetadataSourceEditor();
-
-        try {
-            editor.setAsText("org.springframework.security.TargetObject.INVALID_METHOD=FOO,BAR");
-            fail("Should have given IllegalArgumentException");
-        } catch (IllegalArgumentException expected) {
-            assertTrue(true);
-        }
-    }
-
-    public void testConcreteClassInvocationsAlsoReturnDefinitionsAgainstInterface() throws Exception {
-        MethodSecurityMetadataSourceEditor editor = new MethodSecurityMetadataSourceEditor();
-        editor.setAsText(
-            "org.springframework.security.ITargetObject.computeHashCode*=ROLE_FROM_INTERFACE\r\n" +
-            "org.springframework.security.ITargetObject.makeLower*=ROLE_FROM_INTERFACE\r\n" +
-            "org.springframework.security.ITargetObject.makeUpper*=ROLE_FROM_INTERFACE\r\n" +
-            "org.springframework.security.TargetObject.computeHashCode*=ROLE_FROM_TO\r\n" +
-            "org.springframework.security.OtherTargetObject.computeHashCode*=ROLE_FROM_OTO\r\n" +
-            "org.springframework.security.OtherTargetObject.makeUpper*=ROLE_FROM_IMPLEMENTATION");
-
-        MapBasedMethodSecurityMetadataSource map = (MapBasedMethodSecurityMetadataSource) editor.getValue();
-        assertEquals(6, map.getMethodMapSize());
-
-        Collection<ConfigAttribute> returnedMakeLower = map.getAttributes(new MockMethodInvocation(ITargetObject.class, "makeLowerCase", new Class[] {String.class}, new OtherTargetObject()));
-        List<ConfigAttribute> expectedMakeLower = SecurityConfig.createList("ROLE_FROM_INTERFACE");
-        assertEquals(expectedMakeLower, returnedMakeLower);
-
-        Collection<ConfigAttribute> returnedMakeUpper = map.getAttributes(new MockMethodInvocation(ITargetObject.class, "makeUpperCase", new Class[] {String.class}, new OtherTargetObject()));
-        List<ConfigAttribute> expectedMakeUpper = SecurityConfig.createList("ROLE_FROM_IMPLEMENTATION");
-        assertEquals(expectedMakeUpper, returnedMakeUpper);
-
-        Collection<ConfigAttribute> returnedComputeHashCode = map.getAttributes(new MockMethodInvocation(ITargetObject.class, "computeHashCode", new Class[] {String.class}, new OtherTargetObject()));
-        List<ConfigAttribute> expectedComputeHashCode = SecurityConfig.createList("ROLE_FROM_OTO");
-        assertEquals(expectedComputeHashCode, returnedComputeHashCode);
-
-        returnedComputeHashCode = map.getAttributes(new MockMethodInvocation(ITargetObject.class, "computeHashCode", new Class[] {String.class}, new TargetObject()));
-        expectedComputeHashCode = SecurityConfig.createList("ROLE_FROM_TO");
-        assertEquals(expectedComputeHashCode, returnedComputeHashCode);
-    }
-
-    public void testEmptyStringReturnsEmptyMap() {
-        MethodSecurityMetadataSourceEditor editor = new MethodSecurityMetadataSourceEditor();
-        editor.setAsText("");
-
-        MapBasedMethodSecurityMetadataSource map = (MapBasedMethodSecurityMetadataSource) editor.getValue();
-        assertEquals(0, map.getMethodMapSize());
-    }
-
-    public void testIterator() {
-        MethodSecurityMetadataSourceEditor editor = new MethodSecurityMetadataSourceEditor();
-        editor.setAsText(
-            "org.springframework.security.TargetObject.countLength=ROLE_ONE,ROLE_TWO,RUN_AS_ENTRY\r\norg.springframework.security.TargetObject.make*=ROLE_NINE,ROLE_SUPERVISOR");
-
-        MapBasedMethodSecurityMetadataSource map = (MapBasedMethodSecurityMetadataSource) editor.getValue();
-
-        assertEquals(5, map.getAllConfigAttributes().size());
-    }
-
-    public void testMultiMethodParsing() {
-        MethodSecurityMetadataSourceEditor editor = new MethodSecurityMetadataSourceEditor();
-        editor.setAsText(
-            "org.springframework.security.TargetObject.countLength=ROLE_ONE,ROLE_TWO,RUN_AS_ENTRY\r\norg.springframework.security.TargetObject.make*=ROLE_NINE,ROLE_SUPERVISOR");
-
-        MapBasedMethodSecurityMetadataSource map = (MapBasedMethodSecurityMetadataSource) editor.getValue();
-        assertEquals(3, map.getMethodMapSize());
-    }
-
-    public void testMultiMethodParsingWhereLaterMethodsOverrideEarlierMethods() throws Exception {
-        MethodSecurityMetadataSourceEditor editor = new MethodSecurityMetadataSourceEditor();
-        editor.setAsText(
-            "org.springframework.security.TargetObject.*=ROLE_GENERAL\r\norg.springframework.security.TargetObject.makeLower*=ROLE_LOWER\r\norg.springframework.security.TargetObject.make*=ROLE_MAKE\r\norg.springframework.security.TargetObject.makeUpper*=ROLE_UPPER");
-
-        MapBasedMethodSecurityMetadataSource map = (MapBasedMethodSecurityMetadataSource) editor.getValue();
-        assertEquals(14, map.getMethodMapSize());
-
-        Collection<ConfigAttribute> returnedMakeLower = map.getAttributes(new MockMethodInvocation(ITargetObject.class,
-                    "makeLowerCase", new Class[] {String.class}, new TargetObject()));
-        List<ConfigAttribute> expectedMakeLower = SecurityConfig.createList("ROLE_LOWER");
-        assertEquals(expectedMakeLower, returnedMakeLower);
-
-        Collection<ConfigAttribute> returnedMakeUpper = map.getAttributes(new MockMethodInvocation(ITargetObject.class,
-                    "makeUpperCase", new Class[] {String.class}, new TargetObject()));
-        List<ConfigAttribute> expectedMakeUpper = SecurityConfig.createList("ROLE_UPPER");
-        assertEquals(expectedMakeUpper, returnedMakeUpper);
-
-        Collection<ConfigAttribute> returnedCountLength = map.getAttributes(new MockMethodInvocation(ITargetObject.class,
-                    "countLength", new Class[] {String.class}, new TargetObject()));
-        List<ConfigAttribute> expectedCountLength = SecurityConfig.createList("ROLE_GENERAL");
-        assertEquals(expectedCountLength, returnedCountLength);
-    }
-
-    public void testNullIsReturnedByMethodSecurityMetadataSourceWhenMethodInvocationNotDefined() throws Exception {
-        MethodSecurityMetadataSourceEditor editor = new MethodSecurityMetadataSourceEditor();
-        editor.setAsText("org.springframework.security.TargetObject.countLength=ROLE_ONE,ROLE_TWO,RUN_AS_ENTRY");
-
-        MapBasedMethodSecurityMetadataSource map = (MapBasedMethodSecurityMetadataSource) editor.getValue();
-
-        Collection<ConfigAttribute> configAttributeDefinition = map.getAttributes(new MockMethodInvocation(
-                    ITargetObject.class, "makeLowerCase", new Class[] {String.class}, new TargetObject()));
-        assertNull(configAttributeDefinition);
-    }
-
-    public void testNullReturnsEmptyMap() {
-        MethodSecurityMetadataSourceEditor editor = new MethodSecurityMetadataSourceEditor();
-        editor.setAsText(null);
-
-        MapBasedMethodSecurityMetadataSource map = (MapBasedMethodSecurityMetadataSource) editor.getValue();
-        assertEquals(0, map.getMethodMapSize());
-    }
-
-    public void testSingleMethodParsing() throws Exception {
-        MethodSecurityMetadataSourceEditor editor = new MethodSecurityMetadataSourceEditor();
-        editor.setAsText("org.springframework.security.TargetObject.countLength=ROLE_ONE,ROLE_TWO,RUN_AS_ENTRY");
-
-        MapBasedMethodSecurityMetadataSource map = (MapBasedMethodSecurityMetadataSource) editor.getValue();
-
-        Collection<ConfigAttribute> returnedCountLength = map.getAttributes(new MockMethodInvocation(ITargetObject.class,
-                    "countLength", new Class[] {String.class}, new TargetObject()));
-        assertEquals(SecurityConfig.createList("ROLE_ONE", "ROLE_TWO", "RUN_AS_ENTRY"), returnedCountLength);
-    }
-
-    //~ Inner Classes ==================================================================================================
-
-    private class MockMethodInvocation implements MethodInvocation {
-        private Method method;
-        private Object targetObject;
-
-        public MockMethodInvocation(Class<?> clazz, String methodName, Class<?>[] parameterTypes, Object targetObject)
-            throws NoSuchMethodException {
-            this.method = clazz.getMethod(methodName, parameterTypes);
-            this.targetObject = targetObject;
-        }
-
-        public Object[] getArguments() {
-            return null;
-        }
-
-        public Method getMethod() {
-            return method;
-        }
-
-        public AccessibleObject getStaticPart() {
-            return null;
-        }
-
-        public Object getThis() {
-            return targetObject;
-        }
-
-        public Object proceed() throws Throwable {
-            return null;
-        }
-    }
-}

core/src/test/java/org/springframework/security/util/EncryptionUtilsTests.java

@@ -1,120 +0,0 @@
-/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.util;
-
-import junit.framework.TestCase;
-
-import org.springframework.security.util.EncryptionUtils.EncryptionException;
-
-/**
- * JUnit tests for EncryptionUtils.
- *
- * @author Alan Stewart
- * @author Ben Alex
- */
-@SuppressWarnings("deprecation")
-public class EncryptionUtilsTests extends TestCase {
-    private final static String STRING_TO_ENCRYPT = "Alan K Stewart";
-    private final static String ENCRYPTION_KEY = "123456789012345678901234567890";
-
-    public void testEncryptsUsingDESEde() throws EncryptionException {
-        final String encryptedString = EncryptionUtils.encrypt(ENCRYPTION_KEY, STRING_TO_ENCRYPT);
-        assertEquals("3YIE8sIbaEoqGZZrHamFGQ==", encryptedString);
-    }
-
-    public void testEncryptByteArrayUsingDESEde() {
-        final byte[] encryptedArray = EncryptionUtils.encrypt(ENCRYPTION_KEY, EncryptionUtils.stringToByteArray(STRING_TO_ENCRYPT));
-        assertEquals("3YIE8sIbaEoqGZZrHamFGQ==", EncryptionUtils.byteArrayToString(encryptedArray));
-    }
-
-    public void testEncryptionKeyCanContainLetters() throws EncryptionException {
-        final String encryptedString = EncryptionUtils.encrypt("ASDF asdf 1234 8983 jklasdf J2Jaf8", STRING_TO_ENCRYPT);
-        assertEquals("v4+DQoClx6qm5tJwBcRrkw==", encryptedString);
-    }
-
-    public void testDecryptsUsingDESEde() throws EncryptionException {
-        final String encryptedString = "3YIE8sIbaEoqGZZrHamFGQ==";
-        final String decryptedString = EncryptionUtils.decrypt(ENCRYPTION_KEY, encryptedString);
-        assertEquals(STRING_TO_ENCRYPT, decryptedString);
-    }
-
-    public void testDecryptByteArrayUsingDESEde() {
-        final byte[] encrypted = EncryptionUtils.stringToByteArray("3YIE8sIbaEoqGZZrHamFGQ==");
-        final byte[] decrypted = EncryptionUtils.decrypt(ENCRYPTION_KEY, encrypted);
-        assertEquals(STRING_TO_ENCRYPT, EncryptionUtils.byteArrayToString(decrypted));
-    }
-
-    public void testFailEncryptWithNullEncryptionKey() {
-        try {
-            EncryptionUtils.encrypt(null, STRING_TO_ENCRYPT);
-            fail();
-        } catch (IllegalArgumentException e) {
-            assertTrue(true);
-        }
-    }
-
-    public void testFailEncryptWithEmptyEncryptionKey() {
-        try {
-            EncryptionUtils.encrypt("", STRING_TO_ENCRYPT);
-            fail();
-        } catch (IllegalArgumentException e) {
-            assertTrue(true);
-        }
-    }
-
-    public void teastFailEncryptWithShortEncryptionKey() {
-        try {
-            EncryptionUtils.encrypt("01234567890123456789012", STRING_TO_ENCRYPT);
-            fail();
-        } catch (IllegalArgumentException e) {
-            assertTrue(true);
-        }
-    }
-
-    public void testFailDecryptWithEmptyString() {
-        try {
-            EncryptionUtils.decrypt(ENCRYPTION_KEY, "");
-            fail();
-        } catch (IllegalArgumentException e) {
-            assertTrue(true);
-        }
-    }
-
-    public void testFailEncryptWithEmptyString() {
-        try {
-            EncryptionUtils.encrypt(ENCRYPTION_KEY, "");
-            fail();
-        } catch (IllegalArgumentException e) {
-            assertTrue(true);
-        }
-    }
-
-    public void testFailEncryptWithNullString() {
-        try {
-            EncryptionUtils.encrypt(ENCRYPTION_KEY, (String) null);
-            fail();
-        } catch (IllegalArgumentException e) {
-            assertTrue(true);
-        }
-    }
-
-    public void testEncryptAndDecrypt() throws EncryptionException {
-        final String stringToEncrypt = "Alan Stewart";
-        final String encryptedString = EncryptionUtils.encrypt(ENCRYPTION_KEY, stringToEncrypt);
-        final String decryptedString = EncryptionUtils.decrypt(ENCRYPTION_KEY, encryptedString);
-        assertEquals(stringToEncrypt, decryptedString);
-    }
-}

samples/dms/src/main/java/sample/dms/DataSourcePopulator.java

@@ -8,10 +8,6 @@ import org.springframework.security.authentication.UsernamePasswordAuthenticatio
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.transaction.PlatformTransactionManager;
-import org.springframework.transaction.TransactionStatus;
-import org.springframework.transaction.support.TransactionCallback;
-import org.springframework.transaction.support.TransactionTemplate;
 import org.springframework.util.Assert;
 
 
@@ -27,122 +23,128 @@ public class DataSourcePopulator implements InitializingBean {
     protected static final int LEVEL_GRANT_ADMIN = 3;
     protected JdbcTemplate template;
     protected DocumentDao documentDao;
-    protected TransactionTemplate tt;
 
-    public DataSourcePopulator(DataSource dataSource, DocumentDao documentDao, PlatformTransactionManager platformTransactionManager) {
+    public DataSourcePopulator(DataSource dataSource, DocumentDao documentDao) {
        Assert.notNull(dataSource, "DataSource required");
        Assert.notNull(documentDao, "DocumentDao required");
-       Assert.notNull(platformTransactionManager, "PlatformTransactionManager required");
        this.template = new JdbcTemplate(dataSource);
        this.documentDao = documentDao;
-       this.tt = new TransactionTemplate(platformTransactionManager);
-   }
+    }
 
     public void afterPropertiesSet() throws Exception {
-           // ACL tables
-           template.execute("CREATE TABLE ACL_SID(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 100) NOT NULL PRIMARY KEY,PRINCIPAL BOOLEAN NOT NULL,SID VARCHAR_IGNORECASE(100) NOT NULL,CONSTRAINT UNIQUE_UK_1 UNIQUE(SID,PRINCIPAL));");
-           template.execute("CREATE TABLE ACL_CLASS(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 100) NOT NULL PRIMARY KEY,CLASS VARCHAR_IGNORECASE(100) NOT NULL,CONSTRAINT UNIQUE_UK_2 UNIQUE(CLASS));");
-           template.execute("CREATE TABLE ACL_OBJECT_IDENTITY(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 100) NOT NULL PRIMARY KEY,OBJECT_ID_CLASS BIGINT NOT NULL,OBJECT_ID_IDENTITY BIGINT NOT NULL,PARENT_OBJECT BIGINT,OWNER_SID BIGINT,ENTRIES_INHERITING BOOLEAN NOT NULL,CONSTRAINT UNIQUE_UK_3 UNIQUE(OBJECT_ID_CLASS,OBJECT_ID_IDENTITY),CONSTRAINT FOREIGN_FK_1 FOREIGN KEY(PARENT_OBJECT)REFERENCES ACL_OBJECT_IDENTITY(ID),CONSTRAINT FOREIGN_FK_2 FOREIGN KEY(OBJECT_ID_CLASS)REFERENCES ACL_CLASS(ID),CONSTRAINT FOREIGN_FK_3 FOREIGN KEY(OWNER_SID)REFERENCES ACL_SID(ID));");
-           template.execute("CREATE TABLE ACL_ENTRY(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 100) NOT NULL PRIMARY KEY,ACL_OBJECT_IDENTITY BIGINT NOT NULL,ACE_ORDER INT NOT NULL,SID BIGINT NOT NULL,MASK INTEGER NOT NULL,GRANTING BOOLEAN NOT NULL,AUDIT_SUCCESS BOOLEAN NOT NULL,AUDIT_FAILURE BOOLEAN NOT NULL,CONSTRAINT UNIQUE_UK_4 UNIQUE(ACL_OBJECT_IDENTITY,ACE_ORDER),CONSTRAINT FOREIGN_FK_4 FOREIGN KEY(ACL_OBJECT_IDENTITY) REFERENCES ACL_OBJECT_IDENTITY(ID),CONSTRAINT FOREIGN_FK_5 FOREIGN KEY(SID) REFERENCES ACL_SID(ID));");
-
-           // Normal authentication tables
-           template.execute("CREATE TABLE USERS(USERNAME VARCHAR_IGNORECASE(50) NOT NULL PRIMARY KEY,PASSWORD VARCHAR_IGNORECASE(50) NOT NULL,ENABLED BOOLEAN NOT NULL);");
-           template.execute("CREATE TABLE AUTHORITIES(USERNAME VARCHAR_IGNORECASE(50) NOT NULL,AUTHORITY VARCHAR_IGNORECASE(50) NOT NULL,CONSTRAINT FK_AUTHORITIES_USERS FOREIGN KEY(USERNAME) REFERENCES USERS(USERNAME));");
-           template.execute("CREATE UNIQUE INDEX IX_AUTH_USERNAME ON AUTHORITIES(USERNAME,AUTHORITY);");
-
-           // Document management system business tables
-           template.execute("CREATE TABLE DIRECTORY(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 100) NOT NULL PRIMARY KEY, DIRECTORY_NAME VARCHAR_IGNORECASE(50) NOT NULL, PARENT_DIRECTORY_ID BIGINT)");
-           template.execute("CREATE TABLE FILE(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 100) NOT NULL PRIMARY KEY, FILE_NAME VARCHAR_IGNORECASE(50) NOT NULL, CONTENT VARCHAR_IGNORECASE(1024), PARENT_DIRECTORY_ID BIGINT)");
-
-           // Populate the authentication and role tables
-           template.execute("INSERT INTO USERS VALUES('rod','a564de63c2d0da68cf47586ee05984d7',TRUE);");
-           template.execute("INSERT INTO USERS VALUES('dianne','65d15fe9156f9c4bbffd98085992a44e',TRUE);");
-           template.execute("INSERT INTO USERS VALUES('scott','2b58af6dddbd072ed27ffc86725d7d3a',TRUE);");
-           template.execute("INSERT INTO USERS VALUES('peter','22b5c9accc6e1ba628cedc63a72d57f8',FALSE);");
-           template.execute("INSERT INTO USERS VALUES('bill','2b58af6dddbd072ed27ffc86725d7d3a',TRUE);");
-           template.execute("INSERT INTO USERS VALUES('bob','2b58af6dddbd072ed27ffc86725d7d3a',TRUE);");
-           template.execute("INSERT INTO USERS VALUES('jane','2b58af6dddbd072ed27ffc86725d7d3a',TRUE);");
-           template.execute("INSERT INTO AUTHORITIES VALUES('rod','ROLE_USER');");
-           template.execute("INSERT INTO AUTHORITIES VALUES('rod','ROLE_SUPERVISOR');");
-           template.execute("INSERT INTO AUTHORITIES VALUES('dianne','ROLE_USER');");
-           template.execute("INSERT INTO AUTHORITIES VALUES('scott','ROLE_USER');");
-           template.execute("INSERT INTO AUTHORITIES VALUES('peter','ROLE_USER');");
-           template.execute("INSERT INTO AUTHORITIES VALUES('bill','ROLE_USER');");
-           template.execute("INSERT INTO AUTHORITIES VALUES('bob','ROLE_USER');");
-           template.execute("INSERT INTO AUTHORITIES VALUES('jane','ROLE_USER');");
-
-           // Now create an ACL entry for the root directory
-           SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken("rod", "ignored", AuthorityUtils.createAuthorityList(("ROLE_IGNORED"))));
-           tt.execute(new TransactionCallback<Object>() {
-               public Object doInTransaction(TransactionStatus arg0) {
-                   addPermission(documentDao, Directory.ROOT_DIRECTORY, "ROLE_USER", LEVEL_GRANT_WRITE);
-                   return null;
-               }
-           });
-
-           // Now go off and create some directories and files for our users
-           createSampleData("rod", "koala");
-           createSampleData("dianne", "emu");
-           createSampleData("scott", "wombat");
+        // ACL tables
+        template.execute("CREATE TABLE ACL_SID(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 100) NOT NULL PRIMARY KEY,PRINCIPAL BOOLEAN NOT NULL,SID VARCHAR_IGNORECASE(100) NOT NULL,CONSTRAINT UNIQUE_UK_1 UNIQUE(SID,PRINCIPAL));");
+        template.execute("CREATE TABLE ACL_CLASS(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 100) NOT NULL PRIMARY KEY,CLASS VARCHAR_IGNORECASE(100) NOT NULL,CONSTRAINT UNIQUE_UK_2 UNIQUE(CLASS));");
+        template.execute("CREATE TABLE ACL_OBJECT_IDENTITY(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 100) NOT NULL PRIMARY KEY,OBJECT_ID_CLASS BIGINT NOT NULL,OBJECT_ID_IDENTITY BIGINT NOT NULL,PARENT_OBJECT BIGINT,OWNER_SID BIGINT,ENTRIES_INHERITING BOOLEAN NOT NULL,CONSTRAINT UNIQUE_UK_3 UNIQUE(OBJECT_ID_CLASS,OBJECT_ID_IDENTITY),CONSTRAINT FOREIGN_FK_1 FOREIGN KEY(PARENT_OBJECT)REFERENCES ACL_OBJECT_IDENTITY(ID),CONSTRAINT FOREIGN_FK_2 FOREIGN KEY(OBJECT_ID_CLASS)REFERENCES ACL_CLASS(ID),CONSTRAINT FOREIGN_FK_3 FOREIGN KEY(OWNER_SID)REFERENCES ACL_SID(ID));");
+        template.execute("CREATE TABLE ACL_ENTRY(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 100) NOT NULL PRIMARY KEY,ACL_OBJECT_IDENTITY BIGINT NOT NULL,ACE_ORDER INT NOT NULL,SID BIGINT NOT NULL,MASK INTEGER NOT NULL,GRANTING BOOLEAN NOT NULL,AUDIT_SUCCESS BOOLEAN NOT NULL,AUDIT_FAILURE BOOLEAN NOT NULL,CONSTRAINT UNIQUE_UK_4 UNIQUE(ACL_OBJECT_IDENTITY,ACE_ORDER),CONSTRAINT FOREIGN_FK_4 FOREIGN KEY(ACL_OBJECT_IDENTITY) REFERENCES ACL_OBJECT_IDENTITY(ID),CONSTRAINT FOREIGN_FK_5 FOREIGN KEY(SID) REFERENCES ACL_SID(ID));");
+
+        // Normal authentication tables
+        template.execute("CREATE TABLE USERS(USERNAME VARCHAR_IGNORECASE(50) NOT NULL PRIMARY KEY,PASSWORD VARCHAR_IGNORECASE(50) NOT NULL,ENABLED BOOLEAN NOT NULL);");
+        template.execute("CREATE TABLE AUTHORITIES(USERNAME VARCHAR_IGNORECASE(50) NOT NULL,AUTHORITY VARCHAR_IGNORECASE(50) NOT NULL,CONSTRAINT FK_AUTHORITIES_USERS FOREIGN KEY(USERNAME) REFERENCES USERS(USERNAME));");
+        template.execute("CREATE UNIQUE INDEX IX_AUTH_USERNAME ON AUTHORITIES(USERNAME,AUTHORITY);");
+
+        // Document management system business tables
+        template.execute("CREATE TABLE DIRECTORY(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 100) NOT NULL PRIMARY KEY, DIRECTORY_NAME VARCHAR_IGNORECASE(50) NOT NULL, PARENT_DIRECTORY_ID BIGINT)");
+        template.execute("CREATE TABLE FILE(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 100) NOT NULL PRIMARY KEY, FILE_NAME VARCHAR_IGNORECASE(50) NOT NULL, CONTENT VARCHAR_IGNORECASE(1024), PARENT_DIRECTORY_ID BIGINT)");
+
+        // Populate the authentication and role tables
+        template.execute("INSERT INTO USERS VALUES('rod','a564de63c2d0da68cf47586ee05984d7',TRUE);");
+        template.execute("INSERT INTO USERS VALUES('dianne','65d15fe9156f9c4bbffd98085992a44e',TRUE);");
+        template.execute("INSERT INTO USERS VALUES('scott','2b58af6dddbd072ed27ffc86725d7d3a',TRUE);");
+        template.execute("INSERT INTO USERS VALUES('peter','22b5c9accc6e1ba628cedc63a72d57f8',FALSE);");
+        template.execute("INSERT INTO USERS VALUES('bill','2b58af6dddbd072ed27ffc86725d7d3a',TRUE);");
+        template.execute("INSERT INTO USERS VALUES('bob','2b58af6dddbd072ed27ffc86725d7d3a',TRUE);");
+        template.execute("INSERT INTO USERS VALUES('jane','2b58af6dddbd072ed27ffc86725d7d3a',TRUE);");
+        template.execute("INSERT INTO AUTHORITIES VALUES('rod','ROLE_USER');");
+        template.execute("INSERT INTO AUTHORITIES VALUES('rod','ROLE_SUPERVISOR');");
+        template.execute("INSERT INTO AUTHORITIES VALUES('dianne','ROLE_USER');");
+        template.execute("INSERT INTO AUTHORITIES VALUES('scott','ROLE_USER');");
+        template.execute("INSERT INTO AUTHORITIES VALUES('peter','ROLE_USER');");
+        template.execute("INSERT INTO AUTHORITIES VALUES('bill','ROLE_USER');");
+        template.execute("INSERT INTO AUTHORITIES VALUES('bob','ROLE_USER');");
+        template.execute("INSERT INTO AUTHORITIES VALUES('jane','ROLE_USER');");
+
+        // Now create an ACL entry for the root directory
+        SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken("rod", "ignored", AuthorityUtils.createAuthorityList(("ROLE_IGNORED"))));
+
+        addPermission(documentDao, Directory.ROOT_DIRECTORY, "ROLE_USER", LEVEL_GRANT_WRITE);
+
+        // Now go off and create some directories and files for our users
+        createSampleData("rod", "koala");
+        createSampleData("dianne", "emu");
+        createSampleData("scott", "wombat");
+
     }
 
-   /**
-    * Creates a directory for the user, and a series of sub-directories. The root directory is the parent for the user directory. The sub-directories
-    * are "confidential" and "shared". The ROLE_USER will be given read and write access to "shared".
-    */
-   private void createSampleData(String username, String password) {
-       Assert.notNull(documentDao, "DocumentDao required");
-       Assert.hasText(username, "Username required");
-
-       Authentication auth = new UsernamePasswordAuthenticationToken(username, password);
-
-       try {
-           // Set the SecurityContextHolder ThreadLocal so any subclasses automatically know which user is operating
-           SecurityContextHolder.getContext().setAuthentication(auth);
-
-           // Create the home directory first
-           Directory home = new Directory(username, Directory.ROOT_DIRECTORY);
-           documentDao.create(home);
-           addPermission(documentDao, home, username, LEVEL_GRANT_ADMIN);
-           addPermission(documentDao, home, "ROLE_USER", LEVEL_GRANT_READ);
-           createFiles(documentDao, home);
-
-           // Now create the confidential directory
-           Directory confid = new Directory("confidential", home);
-           documentDao.create(confid);
-           addPermission(documentDao, confid, "ROLE_USER", LEVEL_NEGATE_READ);
-           createFiles(documentDao, confid);
-
-           // Now create the shared directory
-           Directory shared = new Directory("shared", home);
-           documentDao.create(shared);
-           addPermission(documentDao, shared, "ROLE_USER", LEVEL_GRANT_READ);
-           addPermission(documentDao, shared, "ROLE_USER", LEVEL_GRANT_WRITE);
-           createFiles(documentDao, shared);
-       } finally {
-           // Clear the SecurityContextHolder ThreadLocal so future calls are guaranteed to be clean
-           SecurityContextHolder.clearContext();
-       }
-   }
-
-   private void createFiles(DocumentDao documentDao, Directory parent) {
-       Assert.notNull(documentDao, "DocumentDao required");
-       Assert.notNull(parent, "Parent required");
-       int countBeforeInsert = documentDao.findElements(parent).length;
-       for (int i = 0; i < 10; i++) {
-           File file = new File("file_" + i + ".txt", parent);
-           documentDao.create(file);
-       }
-       Assert.isTrue(countBeforeInsert + 10 == documentDao.findElements(parent).length, "Failed to increase count by 10");
-   }
-
-   /**
-    * Allows subclass to add permissions.
-    *
-    * @param documentDao that will presumably offer methods to enable the operation to be completed
-    * @param element to the subject of the new permissions
-    * @param recipient to receive permission (if it starts with ROLE_ it is assumed to be a GrantedAuthority, else it is a username)
-    * @param level based on the static final integer fields on this class
-    */
-   protected void addPermission(DocumentDao documentDao, AbstractElement element, String recipient, int level) {}
+    /**
+     * Creates a directory for the user, and a series of sub-directories. The
+     * root directory is the parent for the user directory. The sub-directories
+     * are "confidential" and "shared". The ROLE_USER will be given read and
+     * write access to "shared".
+     */
+    private void createSampleData(String username, String password) {
+        Assert.notNull(documentDao, "DocumentDao required");
+        Assert.hasText(username, "Username required");
+
+        Authentication auth = new UsernamePasswordAuthenticationToken(username, password);
+
+        try {
+            // Set the SecurityContextHolder ThreadLocal so any subclasses
+            // automatically know which user is operating
+            SecurityContextHolder.getContext().setAuthentication(auth);
+
+            // Create the home directory first
+            Directory home = new Directory(username, Directory.ROOT_DIRECTORY);
+            documentDao.create(home);
+            addPermission(documentDao, home, username, LEVEL_GRANT_ADMIN);
+            addPermission(documentDao, home, "ROLE_USER", LEVEL_GRANT_READ);
+            createFiles(documentDao, home);
+
+            // Now create the confidential directory
+            Directory confid = new Directory("confidential", home);
+            documentDao.create(confid);
+            addPermission(documentDao, confid, "ROLE_USER", LEVEL_NEGATE_READ);
+            createFiles(documentDao, confid);
+
+            // Now create the shared directory
+            Directory shared = new Directory("shared", home);
+            documentDao.create(shared);
+            addPermission(documentDao, shared, "ROLE_USER", LEVEL_GRANT_READ);
+            addPermission(documentDao, shared, "ROLE_USER", LEVEL_GRANT_WRITE);
+            createFiles(documentDao, shared);
+        } finally {
+            // Clear the SecurityContextHolder ThreadLocal so future calls are
+            // guaranteed to be clean
+            SecurityContextHolder.clearContext();
+        }
+    }
+
+    private void createFiles(DocumentDao documentDao, Directory parent) {
+        Assert.notNull(documentDao, "DocumentDao required");
+        Assert.notNull(parent, "Parent required");
+        int countBeforeInsert = documentDao.findElements(parent).length;
+        for (int i = 0; i < 10; i++) {
+            File file = new File("file_" + i + ".txt", parent);
+            documentDao.create(file);
+        }
+        Assert.isTrue(countBeforeInsert + 10 == documentDao.findElements(parent).length,
+                "Failed to increase count by 10");
+    }
+
+    /**
+     * Allows subclass to add permissions.
+     *
+     * @param documentDao
+     *            that will presumably offer methods to enable the operation to
+     *            be completed
+     * @param element
+     *            to the subject of the new permissions
+     * @param recipient
+     *            to receive permission (if it starts with ROLE_ it is assumed
+     *            to be a GrantedAuthority, else it is a username)
+     * @param level
+     *            based on the static final integer fields on this class
+     */
+    protected void addPermission(DocumentDao documentDao, AbstractElement element, String recipient, int level) {
+    }
 }

samples/dms/src/main/java/sample/dms/secured/SecureDataSourcePopulator.java

@@ -13,7 +13,6 @@ import org.springframework.security.acls.model.ObjectIdentity;
 import org.springframework.security.acls.model.Permission;
 import org.springframework.security.acls.model.Sid;
 import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.transaction.PlatformTransactionManager;
 import org.springframework.util.Assert;
 
 import sample.dms.AbstractElement;
@@ -24,8 +23,8 @@ public class SecureDataSourcePopulator extends DataSourcePopulator {
 
     private MutableAclService aclService;
 
-    public SecureDataSourcePopulator(DataSource dataSource, SecureDocumentDao documentDao, PlatformTransactionManager platformTransactionManager, MutableAclService aclService) {
-        super(dataSource, documentDao, platformTransactionManager);
+    public SecureDataSourcePopulator(DataSource dataSource, SecureDocumentDao documentDao, MutableAclService aclService) {
+        super(dataSource, documentDao);
         Assert.notNull(aclService, "MutableAclService required");
         this.aclService = aclService;
     }

samples/dms/src/main/resources/applicationContext-dms-insecure.xml

@@ -35,7 +35,6 @@
     <bean id="dataSourcePopulator" class="sample.dms.DataSourcePopulator">
         <constructor-arg ref="dataSource"/>
         <constructor-arg ref="documentDao"/>
-        <constructor-arg ref="transactionManager"/>
     </bean>
 
 </beans>

samples/dms/src/main/resources/applicationContext-dms-secure.xml

@@ -9,7 +9,7 @@
     xmlns:s="http://www.springframework.org/schema/security"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
-                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
+                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
 
     <bean id="jdbcTemplate" class="org.springframework.jdbc.core.JdbcTemplate">
         <property name="dataSource" ref="dataSource"/>
@@ -44,7 +44,6 @@
     <bean id="dataSourcePopulator" class="sample.dms.secured.SecureDataSourcePopulator">
         <constructor-arg ref="dataSource"/>
         <constructor-arg ref="documentDao"/>
-        <constructor-arg ref="transactionManager"/>
         <constructor-arg ref="aclService"/>
     </bean>
 
@@ -206,21 +205,25 @@
 
    <!-- ================= METHOD INVOCATION AUTHORIZATION ==================== -->
 
-   <bean id="methodSecurityAdvisor" class="org.springframework.security.access.intercept.aopalliance.MethodSecurityMetadataSourceAdvisor" autowire="constructor"/>
+   <bean id="methodSecurityAdvisor" class="org.springframework.security.access.intercept.aopalliance.MethodSecurityMetadataSourceAdvisor">
+       <constructor-arg value="methodSecurityInterceptor" />
+       <constructor-arg ref="msmds" />
+       <constructor-arg value="msmds" />
+   </bean>
 
    <bean id="methodSecurityInterceptor" class="org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor">
-      <property name="authenticationManager"><ref bean="authenticationManager"/></property>
-      <property name="accessDecisionManager"><ref local="businessAccessDecisionManager"/></property>
-      <property name="afterInvocationManager"><ref local="afterInvocationManager"/></property>
-      <property name="securityMetadataSource">
-         <value>
-            sample.dms.DocumentDao.create=ACL_ABSTRACT_ELEMENT_WRITE_PARENT
-            sample.dms.DocumentDao.delete=ACL_ABSTRACT_ELEMENT_WRITE
-            sample.dms.DocumentDao.update=ACL_ABSTRACT_ELEMENT_WRITE
-            sample.dms.DocumentDao.findElements=AFTER_ACL_COLLECTION_READ
-            sample.dms.secured.SecureDocumentDao.getUsers=ROLE_USER
-         </value>
-      </property>
+      <property name="authenticationManager" ref="authenticationManager"/>
+      <property name="accessDecisionManager" ref="businessAccessDecisionManager"/>
+      <property name="afterInvocationManager" ref="afterInvocationManager"/>
+      <property name="securityMetadataSource" ref="msmds" />
    </bean>
 
+   <s:method-security-metadata-source id="msmds">
+      <s:protect method="sample.dms.DocumentDao.create" access="ACL_ABSTRACT_ELEMENT_WRITE_PARENT" />
+      <s:protect method="sample.dms.DocumentDao.delete" access="ACL_ABSTRACT_ELEMENT_WRITE" />
+      <s:protect method="sample.dms.DocumentDao.update" access="ACL_ABSTRACT_ELEMENT_WRITE" />
+      <s:protect method="sample.dms.DocumentDao.findElements" access="AFTER_ACL_COLLECTION_READ" />
+      <s:protect method="sample.dms.secured.SecureDocumentDao.getUsers" access="ROLE_USER" />
+   </s:method-security-metadata-source>
+
 </beans>

web/src/main/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptor.java

@@ -87,6 +87,14 @@ public class FilterSecurityInterceptor extends AbstractSecurityInterceptor imple
         return this.securityMetadataSource;
     }
 
+    public SecurityMetadataSource obtainSecurityMetadataSource() {
+        return this.securityMetadataSource;
+    }
+
+    public void setSecurityMetadataSource(FilterInvocationSecurityMetadataSource newSource) {
+        this.securityMetadataSource = newSource;
+    }
+
     public Class<? extends Object> getSecureObjectClass() {
         return FilterInvocation.class;
     }
@@ -127,22 +135,6 @@ public class FilterSecurityInterceptor extends AbstractSecurityInterceptor imple
         return observeOncePerRequest;
     }
 
-    public SecurityMetadataSource obtainSecurityMetadataSource() {
-        return this.securityMetadataSource;
-    }
-
-    /**
-     * @deprecated use setSecurityMetadataSource instead
-     */
-    public void setObjectDefinitionSource(FilterInvocationSecurityMetadataSource newSource) {
-        logger.warn("The property 'objectDefinitionSource' is deprecated. Please use 'securityMetadataSource' instead");
-        this.securityMetadataSource = newSource;
-    }
-
-    public void setSecurityMetadataSource(FilterInvocationSecurityMetadataSource newSource) {
-        this.securityMetadataSource = newSource;
-    }
-
     public void setObserveOncePerRequest(boolean observeOncePerRequest) {
         this.observeOncePerRequest = observeOncePerRequest;
     }

web/src/main/java/org/springframework/security/web/authentication/AbstractProcessingFilter.java

@@ -1,17 +0,0 @@
-package org.springframework.security.web.authentication;
-
-/**
- * Renamed class, retained for backwards compatibility.
- * <p>
- * See {@link AbstractAuthenticationProcessingFilter}.
- *
- * @author Luke Taylor
- * @deprecated Use AbstractAuthenticationProcessingFilter instead.
- */
-@Deprecated
-public abstract class AbstractProcessingFilter extends AbstractAuthenticationProcessingFilter {
-
-    protected AbstractProcessingFilter(String defaultFilterProcessesUrl) {
-        super(defaultFilterProcessesUrl);
-    }
-}

web/src/main/java/org/springframework/security/web/authentication/AuthenticationProcessingFilter.java

@@ -1,14 +0,0 @@
-package org.springframework.security.web.authentication;
-
-/**
- * Renamed class, retained for backwards compatibility.
- * <p>
- * See {@link UsernamePasswordAuthenticationFilter}.
- *
- * @author Luke Taylor
- * @deprecated Use UsernamePasswordAuthenticationFilter instead.
- */
-
-public class AuthenticationProcessingFilter extends UsernamePasswordAuthenticationFilter {
-
-}

web/src/main/java/org/springframework/security/web/authentication/AuthenticationProcessingFilterEntryPoint.java

@@ -1,13 +0,0 @@
-package org.springframework.security.web.authentication;
-
-/**
- * Renamed class, retained for backwards compatibility.
- * <p>
- * See {@link LoginUrlAuthenticationEntryPoint}.
- *
- * @author Luke Taylor
- * @deprecated Use LoginUrlAuthenticationEntryPoint instead.
- */
-public class AuthenticationProcessingFilterEntryPoint extends LoginUrlAuthenticationEntryPoint{
-
-}

web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedProcessingFilterEntryPoint.java

@@ -1,15 +0,0 @@
-package org.springframework.security.web.authentication.preauth;
-
-import org.springframework.security.web.authentication.Http403ForbiddenEntryPoint;
-
-/**
- * Renamed class, retained for backwards compatibility.
- * <p>
- * See {@link Http403ForbiddenEntryPoint}.
- *
- * @author Luke Taylor
- * @deprecated Use Http403ForbiddenEntryPoint instead.
- */
-public class PreAuthenticatedProcessingFilterEntryPoint extends Http403ForbiddenEntryPoint {
-
-}

web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java

@@ -222,40 +222,6 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
         return context;
     }
 
-    @SuppressWarnings("unchecked")
-    @Deprecated
-    /**
-     * Sets the {@code SecurityContext} implementation class.
-     *
-     * @deprecated use a custom {@code SecurityContextHolderStrategy} where the {@code createEmptyContext} method
-     *      returns the correct implementation.
-     */
-    public void setSecurityContextClass(Class contextClass) {
-        if (contextClass == null || (!SecurityContext.class.isAssignableFrom(contextClass))) {
-            throw new IllegalArgumentException("securityContextClass must implement SecurityContext "
-                    + "(typically use org.springframework.security.core.context.SecurityContextImpl; existing class is "
-                    + contextClass + ")");
-        }
-
-        this.securityContextClass = contextClass;
-        contextObject = generateNewContext();
-    }
-
-    /**
-     * Normally, the {@code SecurityContext} retrieved from the session is stored directly in the
-     * {@code SecurityContextHolder}, meaning that it is shared between concurrent threads.
-     * In this case, if one thread modifies the contents of the context, all threads will see the same
-     * change.
-     *
-     * @param cloneFromHttpSession set to true to clone the security context retrieved from the session.
-     *          Defaults to false.
-     * @deprecated Override the {@code loadContext} method and copy the created context instead.
-     */
-    @Deprecated
-    public void setCloneFromHttpSession(boolean cloneFromHttpSession) {
-        this.cloneFromHttpSession = cloneFromHttpSession;
-    }
-
     /**
      * If set to true (the default), a session will be created (if required) to store the security context if it is
      * determined that its contents are different from the default empty context value.

web/src/test/java/org/springframework/security/web/context/HttpSessionSecurityContextRepositoryTests.java

@@ -18,20 +18,6 @@ import org.springframework.security.web.context.SaveContextOnUpdateOrErrorRespon
 public class HttpSessionSecurityContextRepositoryTests {
     private final TestingAuthenticationToken testToken = new TestingAuthenticationToken("someone", "passwd", "ROLE_A");
 
-    @Test(expected=IllegalArgumentException.class)
-    @Deprecated
-    public void detectsInvalidContextClass() throws Exception {
-        HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
-        repo.setSecurityContextClass(String.class);
-    }
-
-    @Deprecated
-    @Test(expected=IllegalArgumentException.class)
-    public void cannotSetNullContextClass() throws Exception {
-        HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
-        repo.setSecurityContextClass(null);
-    }
-
     @Test
     public void sessionIsntCreatedIfContextDoesntChange() throws Exception {
         HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
@@ -162,30 +148,6 @@ public class HttpSessionSecurityContextRepositoryTests {
         assertNull(request.getSession(false));
     }
 
-    @Test
-    @Deprecated
-    public void settingCloneFromContextLoadsClonedContextObject() throws Exception {
-        HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
-        repo.setCloneFromHttpSession(true);
-        MockHttpServletRequest request = new MockHttpServletRequest();
-        MockContext contextBefore = new MockContext();
-        request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, contextBefore);
-        contextBefore.setAuthentication(testToken);
-        MockHttpServletResponse response = new MockHttpServletResponse();
-        HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
-        SecurityContext loadedContext = repo.loadContext(holder);
-        assertTrue(loadedContext instanceof MockContext);
-        assertFalse(loadedContext == contextBefore);
-    }
-
-    @Test
-    @Deprecated
-    public void generateNewContextWorksWithContextClass() throws Exception {
-        HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
-        repo.setSecurityContextClass(MockContext.class);
-        assertTrue(repo.generateNewContext() instanceof MockContext);
-    }
-
     @Test
     @SuppressWarnings("deprecation")
     public void sessionDisableUrlRewritingPreventsSessionIdBeingWrittenToUrl() throws Exception {