SEC-1009: removed additional container adapter specific code

core/src/main/java/org/springframework/security/adapters/AbstractAdapterAuthenticationToken.java

@@ -1,110 +0,0 @@
-/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.adapters;
-
-import org.springframework.security.GrantedAuthority;
-
-import org.springframework.security.providers.AbstractAuthenticationToken;
-
-
-/**
- * Convenience superclass for {@link AuthByAdapter} implementations.
- *
- * @author Ben Alex
- * @version $Id$
- */
-public abstract class AbstractAdapterAuthenticationToken extends AbstractAuthenticationToken implements AuthByAdapter {
-    //~ Instance fields ================================================================================================
-
-    private int keyHash;
-
-    //~ Constructors ===================================================================================================
-
-    protected AbstractAdapterAuthenticationToken() {
-        super(null);
-    }
-
-/**
-     * The only way an <code>AbstractAdapterAuthentication</code> should be
-     * constructed.
-     *
-     * @param key the key that is hashed and made available via  {@link
-     *        #getKeyHash()}
-     * @param authorities the authorities granted to this principal
-     */
-    protected AbstractAdapterAuthenticationToken(String key, GrantedAuthority[] authorities) {
-        super(authorities);
-        this.keyHash = key.hashCode();
-    }
-
-    //~ Methods ========================================================================================================
-
-    public boolean equals(Object obj) {
-        if (obj instanceof AbstractAdapterAuthenticationToken) {
-            if (!super.equals(obj)) {
-                return false;
-            }
-
-            AbstractAdapterAuthenticationToken test = (AbstractAdapterAuthenticationToken) obj;
-
-            return (this.getKeyHash() == test.getKeyHash());
-        }
-
-        return false;
-    }
-
-    public int getKeyHash() {
-        return this.keyHash;
-    }
-
-    /**
-     * Always returns <code>true</code>.
-     *
-     * @return DOCUMENT ME!
-     */
-    public boolean isAuthenticated() {
-        return true;
-    }
-
-    /**
-     * Iterates the granted authorities and indicates whether or not the specified role is held.<p>Comparison
-     * is based on the <code>String</code> returned by {@link GrantedAuthority#getAuthority}.</p>
-     *
-     * @param role the role being searched for in this object's granted authorities list
-     *
-     * @return <code>true</code> if the granted authority is held, or <code>false</code> otherwise
-     */
-    public boolean isUserInRole(String role) {
-        GrantedAuthority[] authorities = super.getAuthorities();
-
-        for (int i = 0; i < authorities.length; i++) {
-            if (role.equals(authorities[i].getAuthority())) {
-                return true;
-            }
-        }
-
-        return false;
-    }
-
-    /**
-     * Setting is ignored. Always considered authenticated.
-     *
-     * @param ignored DOCUMENT ME!
-     */
-    public void setAuthenticated(boolean ignored) {
-        // ignored
-    }
-}

core/src/main/java/org/springframework/security/adapters/AuthByAdapter.java

@@ -1,45 +0,0 @@
-/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.adapters;
-
-import org.springframework.security.Authentication;
-
-
-/**
- * Indicates a specialized, immutable, server-side only {@link Authentication}
- * class.
- *
- * <P>
- * Automatically considered valid by the {@link AuthByAdapterProvider},
- * provided the hash code presented by the implementation objects matches that
- * expected by the <code>AuthByAdapterProvider</code>.
- * </p>
- *
- * @author Ben Alex
- * @version $Id$
- */
-public interface AuthByAdapter extends Authentication {
-    //~ Methods ========================================================================================================
-
-    /**
-     * Returns the hash code of the key that was passed to the constructor of the <code>AuthByAdapter</code>
-     * implementation. The implementation should convert the value to a hash code at construction time, rather than
-     * storing the key itself.
-     *
-     * @return the hash code of the key used when the object was created.
-     */
-    int getKeyHash();
-}

core/src/main/java/org/springframework/security/adapters/AuthByAdapterProvider.java

@@ -1,85 +0,0 @@
-/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.adapters;
-
-import org.springframework.security.SpringSecurityMessageSource;
-import org.springframework.security.Authentication;
-import org.springframework.security.AuthenticationException;
-import org.springframework.security.BadCredentialsException;
-
-import org.springframework.security.providers.AuthenticationProvider;
-
-import org.springframework.beans.factory.InitializingBean;
-
-import org.springframework.context.MessageSource;
-import org.springframework.context.MessageSourceAware;
-import org.springframework.context.support.MessageSourceAccessor;
-
-import org.springframework.util.Assert;
-
-
-/**
- * An {@link AuthenticationProvider} implementation that can authenticate an {@link AuthByAdapter}.<P>Configured in
- * the bean context with a key that should match the key used by adapters to generate <code>AuthByAdapter</code>
- * instances. It treats as valid any such instance presenting a hash code that matches the
- * <code>AuthByAdapterProvider</code>-configured key.</p>
- *  <P>If the key does not match, a <code>BadCredentialsException</code> is thrown.</p>
- */
-public class AuthByAdapterProvider implements InitializingBean, AuthenticationProvider, MessageSourceAware {
-    //~ Instance fields ================================================================================================
-
-    protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
-    private String key;
-
-    //~ Methods ========================================================================================================
-
-	public void afterPropertiesSet() throws Exception {
-        Assert.notNull(key, "A Key is required and should match that configured for the adapters");
-        Assert.notNull(messages, "A message source must be set");
-    }
-
-    public Authentication authenticate(Authentication authentication)
-        throws AuthenticationException {
-        AuthByAdapter token = (AuthByAdapter) authentication;
-
-        if (token.getKeyHash() == key.hashCode()) {
-            return authentication;
-        } else {
-            throw new BadCredentialsException(messages.getMessage("AuthByAdapterProvider.incorrectKey",
-                    "The presented AuthByAdapter implementation does not contain the expected key"));
-        }
-    }
-
-    public String getKey() {
-        return key;
-    }
-
-    public void setKey(String key) {
-        this.key = key;
-    }
-
-    public void setMessageSource(MessageSource messageSource) {
-        this.messages = new MessageSourceAccessor(messageSource);
-    }
-
-    public boolean supports(Class authentication) {
-        if (AuthByAdapter.class.isAssignableFrom(authentication)) {
-            return true;
-        } else {
-            return false;
-        }
-    }
-}

core/src/main/java/org/springframework/security/adapters/HttpRequestIntegrationFilter.java

@@ -1,93 +0,0 @@
-/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.adapters;
-
-import org.springframework.security.Authentication;
-
-import org.springframework.security.context.SecurityContextHolder;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-import java.io.IOException;
-
-import java.security.Principal;
-
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-
-
-/**
- * Populates <code>SecurityContext</code> with the <code>Authentication</code> obtained from the container's
- * <code>HttpServletRequest.getUserPrincipal()</code>.<p>Use this filter with container adapters only.</p>
- *  <p>This filter <b>never</b> preserves the <code>Authentication</code> on the <code>SecurityContext</code> - it
- * is replaced every request.</p>
- *  <p>See {@link org.springframework.security.context.HttpSessionContextIntegrationFilter} for further information.</p>
- *
- * @author Ben Alex
- * @version $Id$
- */
-public class HttpRequestIntegrationFilter implements Filter {
-    //~ Static fields/initializers =====================================================================================
-
-    private static final Log logger = LogFactory.getLog(HttpRequestIntegrationFilter.class);
-
-    //~ Methods ========================================================================================================
-
-    /**
-     * Does nothing. We use IoC container lifecycle services instead.
-     */
-    public void destroy() {}
-
-    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
-        throws IOException, ServletException {
-        if (request instanceof HttpServletRequest) {
-            Principal principal = ((HttpServletRequest) request).getUserPrincipal();
-
-            if ((principal != null) && principal instanceof Authentication) {
-                SecurityContextHolder.getContext().setAuthentication((Authentication) principal);
-
-                if (logger.isDebugEnabled()) {
-                    logger.debug("SecurityContextHolder updated with Authentication from container: '" + principal
-                        + "'");
-                }
-            } else {
-                if (logger.isDebugEnabled()) {
-                    logger.debug("SecurityContextHolder not set with new Authentication as Principal was: '"
-                        + principal + "'");
-                }
-            }
-        } else {
-            throw new IllegalArgumentException("Only HttpServletRequest is acceptable");
-        }
-
-        chain.doFilter(request, response);
-    }
-
-    /**
-     * Does nothing. We use IoC container lifecycle services instead.
-     *
-     * @param arg0 ignored
-     *
-     * @throws ServletException ignored
-     */
-    public void init(FilterConfig arg0) throws ServletException {}
-}

core/src/main/java/org/springframework/security/adapters/PrincipalSpringSecurityUserToken.java

@@ -1,64 +0,0 @@
-/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.adapters;
-
-import org.springframework.security.GrantedAuthority;
-
-import java.security.Principal;
-
-
-/**
- * A {@link Principal} compatible  {@link org.springframework.security.Authentication} object.
- *
- * @author Ben Alex
- * @version $Id$
- */
-public class PrincipalSpringSecurityUserToken extends AbstractAdapterAuthenticationToken implements Principal {
-    //~ Instance fields ================================================================================================
-
-    private static final long serialVersionUID = 1L;
-    private Object principal;
-    private String password;
-    private String username;
-
-    //~ Constructors ===================================================================================================
-
-    public PrincipalSpringSecurityUserToken(String key, String username, String password, GrantedAuthority[] authorities,
-        Object principal) {
-        super(key, authorities);
-        this.username = username;
-        this.password = password;
-        this.principal = principal;
-    }
-
-    //~ Methods ========================================================================================================
-
-    public Object getCredentials() {
-        return this.password;
-    }
-
-    public String getName() {
-        return this.username;
-    }
-
-    public Object getPrincipal() {
-        if (this.principal == null) {
-            return this.username;
-        }
-
-        return this.principal;
-    }
-}

core/src/main/java/org/springframework/security/adapters/package.html

@@ -1,11 +0,0 @@
-<html>
-<body>
-Allows external containers to obtain authentication information from the
-system.
-
-<p>It is recommended to use the <code>org.springframework.security.ui.webapp</code>
-package for standard web applications, as it has much lower configuration
-complexity.</p>
-
-</body>
-</html>