SEC-51 and SEC-67 related changes. Tested all functions of "filters" version in web browser OK.

samples/contacts-tiger/src/main/java/sample/contact/annotation/ContactManagerBackend.java

@@ -87,7 +87,7 @@ public class ContactManagerBackend extends ApplicationObjectSupport
 
     @Secured ({"ROLE_USER","AFTER_ACL_READ"})
     @Transactional(readOnly=true)
-    public Contact getById(Integer id) {
+    public Contact getById(Long id) {
         if (logger.isDebugEnabled()) {
             logger.debug("Returning contact with id: " + id);
         }
@@ -143,7 +143,7 @@ public class ContactManagerBackend extends ApplicationObjectSupport
     @Secured ({"ROLE_USER"})
     public void create(Contact contact) {
         // Create the Contact itself
-        contact.setId(new Integer(counter++));
+        contact.setId(new Long(counter++));
         contactDao.create(contact);
 
         // Grant the current principal access to the contact 

samples/contacts/src/main/java/sample/contact/AddPermissionController.java

@@ -1,4 +1,4 @@
-/* Copyright 2004 Acegi Technology Pty Limited
+/* Copyright 2004, 2005 Acegi Technology Pty Limited
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -21,13 +21,14 @@ import org.springframework.beans.factory.InitializingBean;
 
 import org.springframework.dao.DataAccessException;
 
+import org.springframework.util.Assert;
+
 import org.springframework.validation.BindException;
 
 import org.springframework.web.bind.RequestUtils;
 import org.springframework.web.servlet.ModelAndView;
 import org.springframework.web.servlet.mvc.SimpleFormController;
 import org.springframework.web.servlet.view.RedirectView;
-import org.springframework.util.Assert;
 
 import java.util.HashMap;
 import java.util.Iterator;
@@ -61,7 +62,8 @@ public class AddPermissionController extends SimpleFormController
     }
 
     public void afterPropertiesSet() throws Exception {
-        Assert.notNull(contactManager, "A ContactManager implementation is required");
+        Assert.notNull(contactManager,
+            "A ContactManager implementation is required");
     }
 
     protected ModelAndView disallowDuplicateFormSubmission(
@@ -80,7 +82,7 @@ public class AddPermissionController extends SimpleFormController
         int contactId = RequestUtils.getRequiredIntParameter(request,
                 "contactId");
 
-        Contact contact = contactManager.getById(new Integer(contactId));
+        Contact contact = contactManager.getById(new Long(contactId));
 
         AddPermission addPermission = new AddPermission();
         addPermission.setContact(contact);

samples/contacts/src/main/java/sample/contact/AdminPermissionController.java

@@ -1,4 +1,4 @@
-/* Copyright 2004 Acegi Technology Pty Limited
+/* Copyright 2004, 2005 Acegi Technology Pty Limited
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -20,10 +20,11 @@ import net.sf.acegisecurity.acl.AclManager;
 
 import org.springframework.beans.factory.InitializingBean;
 
+import org.springframework.util.Assert;
+
 import org.springframework.web.bind.RequestUtils;
 import org.springframework.web.servlet.ModelAndView;
 import org.springframework.web.servlet.mvc.Controller;
-import org.springframework.util.Assert;
 
 import java.io.IOException;
 
@@ -66,7 +67,8 @@ public class AdminPermissionController implements Controller, InitializingBean {
     }
 
     public void afterPropertiesSet() throws Exception {
-        Assert.notNull(contactManager, "A ContactManager implementation is required");
+        Assert.notNull(contactManager,
+            "A ContactManager implementation is required");
         Assert.notNull(aclManager, "An aclManager implementation is required");
     }
 
@@ -74,7 +76,7 @@ public class AdminPermissionController implements Controller, InitializingBean {
         HttpServletResponse response) throws ServletException, IOException {
         int id = RequestUtils.getRequiredIntParameter(request, "contactId");
 
-        Contact contact = contactManager.getById(new Integer(id));
+        Contact contact = contactManager.getById(new Long(id));
         AclEntry[] acls = aclManager.getAcls(contact);
 
         Map model = new HashMap();

samples/contacts/src/main/java/sample/contact/Contact.java

@@ -1,4 +1,4 @@
-/* Copyright 2004 Acegi Technology Pty Limited
+/* Copyright 2004, 2005 Acegi Technology Pty Limited
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -27,7 +27,7 @@ import java.io.Serializable;
 public class Contact implements Serializable {
     //~ Instance fields ========================================================
 
-    private Integer id;
+    private Long id;
     private String email;
     private String name;
 
@@ -60,7 +60,7 @@ public class Contact implements Serializable {
         return email;
     }
 
-    public void setId(Integer id) {
+    public void setId(Long id) {
         this.id = id;
     }
 
@@ -69,7 +69,7 @@ public class Contact implements Serializable {
      *
      * @return Returns the id.
      */
-    public Integer getId() {
+    public Long getId() {
         return id;
     }
 

samples/contacts/src/main/java/sample/contact/ContactDao.java

@@ -1,4 +1,4 @@
-/* Copyright 2004 Acegi Technology Pty Limited
+/* Copyright 2004, 2005 Acegi Technology Pty Limited
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -27,11 +27,11 @@ import java.util.List;
 public interface ContactDao {
     //~ Methods ================================================================
 
-    public Contact getById(Integer id);
+    public Contact getById(Long id);
 
     public void create(Contact contact);
 
-    public void delete(Integer contactId);
+    public void delete(Long contactId);
 
     public List findAll();
 

samples/contacts/src/main/java/sample/contact/ContactDaoSpring.java

@@ -1,4 +1,4 @@
-/* Copyright 2004 Acegi Technology Pty Limited
+/* Copyright 2004, 2005 Acegi Technology Pty Limited
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -48,8 +48,8 @@ public class ContactDaoSpring extends JdbcDaoSupport implements ContactDao {
 
     //~ Methods ================================================================
 
-    public Contact getById(Integer id) {
-        List list = contactsByIdQuery.execute(id.intValue());
+    public Contact getById(Long id) {
+        List list = contactsByIdQuery.execute(id.longValue());
 
         if (list.size() == 0) {
             return null;
@@ -59,10 +59,12 @@ public class ContactDaoSpring extends JdbcDaoSupport implements ContactDao {
     }
 
     public void create(Contact contact) {
+        System.out.println("creating contact w/ id " + contact.getId() + " "
+            + contact.getEmail());
         contactInsert.insert(contact);
     }
 
-    public void delete(Integer contactId) {
+    public void delete(Long contactId) {
         contactDelete.delete(contactId);
     }
 
@@ -109,14 +111,14 @@ public class ContactDaoSpring extends JdbcDaoSupport implements ContactDao {
 
         protected Object mapRow(ResultSet rs, int rownum)
             throws SQLException {
-            return new Integer(rs.getInt("id"));
+            return new Long(rs.getLong("id"));
         }
     }
 
     protected class AclObjectIdentityInsert extends SqlUpdate {
         protected AclObjectIdentityInsert(DataSource ds) {
             super(ds, "INSERT INTO acl_object_identity VALUES (?, ?, ?, ?)");
-            declareParameter(new SqlParameter(Types.INTEGER));
+            declareParameter(new SqlParameter(Types.BIGINT));
             declareParameter(new SqlParameter(Types.VARCHAR));
             declareParameter(new SqlParameter(Types.INTEGER));
             declareParameter(new SqlParameter(Types.VARCHAR));
@@ -124,7 +126,7 @@ public class ContactDaoSpring extends JdbcDaoSupport implements ContactDao {
         }
 
         protected int insert(String objectIdentity,
-            Integer parentAclObjectIdentity, String aclClass) {
+            Long parentAclObjectIdentity, String aclClass) {
             Object[] objs = new Object[] {null, objectIdentity, parentAclObjectIdentity, aclClass};
             super.update(objs);
 
@@ -135,19 +137,19 @@ public class ContactDaoSpring extends JdbcDaoSupport implements ContactDao {
     protected class ContactDelete extends SqlUpdate {
         protected ContactDelete(DataSource ds) {
             super(ds, "DELETE FROM contacts WHERE id = ?");
-            declareParameter(new SqlParameter(Types.INTEGER));
+            declareParameter(new SqlParameter(Types.BIGINT));
             compile();
         }
 
-        protected void delete(Integer contactId) {
-            super.update(contactId.intValue());
+        protected void delete(Long contactId) {
+            super.update(contactId.longValue());
         }
     }
 
     protected class ContactInsert extends SqlUpdate {
         protected ContactInsert(DataSource ds) {
             super(ds, "INSERT INTO contacts VALUES (?, ?, ?)");
-            declareParameter(new SqlParameter(Types.INTEGER));
+            declareParameter(new SqlParameter(Types.BIGINT));
             declareParameter(new SqlParameter(Types.VARCHAR));
             declareParameter(new SqlParameter(Types.VARCHAR));
             compile();
@@ -166,7 +168,7 @@ public class ContactDaoSpring extends JdbcDaoSupport implements ContactDao {
                 "UPDATE contacts SET contact_name = ?, address = ? WHERE id = ?");
             declareParameter(new SqlParameter(Types.VARCHAR));
             declareParameter(new SqlParameter(Types.VARCHAR));
-            declareParameter(new SqlParameter(Types.INTEGER));
+            declareParameter(new SqlParameter(Types.BIGINT));
             compile();
         }
 
@@ -186,7 +188,7 @@ public class ContactDaoSpring extends JdbcDaoSupport implements ContactDao {
         protected Object mapRow(ResultSet rs, int rownum)
             throws SQLException {
             Contact contact = new Contact();
-            contact.setId(new Integer(rs.getInt("id")));
+            contact.setId(new Long(rs.getLong("id")));
             contact.setName(rs.getString("contact_name"));
             contact.setEmail(rs.getString("email"));
 
@@ -198,14 +200,14 @@ public class ContactDaoSpring extends JdbcDaoSupport implements ContactDao {
         protected ContactsByIdQuery(DataSource ds) {
             super(ds,
                 "SELECT id, contact_name, email FROM contacts WHERE id = ? ORDER BY id");
-            declareParameter(new SqlParameter(Types.INTEGER));
+            declareParameter(new SqlParameter(Types.BIGINT));
             compile();
         }
 
         protected Object mapRow(ResultSet rs, int rownum)
             throws SQLException {
             Contact contact = new Contact();
-            contact.setId(new Integer(rs.getInt("id")));
+            contact.setId(new Long(rs.getLong("id")));
             contact.setName(rs.getString("contact_name"));
             contact.setEmail(rs.getString("email"));
 
@@ -217,12 +219,12 @@ public class ContactDaoSpring extends JdbcDaoSupport implements ContactDao {
         protected PermissionDelete(DataSource ds) {
             super(ds,
                 "DELETE FROM acl_permission WHERE ACL_OBJECT_IDENTITY = ? AND RECIPIENT = ?");
-            declareParameter(new SqlParameter(Types.INTEGER));
+            declareParameter(new SqlParameter(Types.BIGINT));
             declareParameter(new SqlParameter(Types.VARCHAR));
             compile();
         }
 
-        protected void delete(Integer aclObjectIdentity, String recipient) {
+        protected void delete(Long aclObjectIdentity, String recipient) {
             super.update(new Object[] {aclObjectIdentity, recipient});
         }
     }
@@ -230,14 +232,14 @@ public class ContactDaoSpring extends JdbcDaoSupport implements ContactDao {
     protected class PermissionInsert extends SqlUpdate {
         protected PermissionInsert(DataSource ds) {
             super(ds, "INSERT INTO acl_permission VALUES (?, ?, ?, ?);");
-            declareParameter(new SqlParameter(Types.INTEGER));
-            declareParameter(new SqlParameter(Types.INTEGER));
+            declareParameter(new SqlParameter(Types.BIGINT));
+            declareParameter(new SqlParameter(Types.BIGINT));
             declareParameter(new SqlParameter(Types.VARCHAR));
             declareParameter(new SqlParameter(Types.INTEGER));
             compile();
         }
 
-        protected int insert(Integer aclObjectIdentity, String recipient,
+        protected int insert(Long aclObjectIdentity, String recipient,
             Integer mask) {
             Object[] objs = new Object[] {null, aclObjectIdentity, recipient, mask};
             super.update(objs);

samples/contacts/src/main/java/sample/contact/ContactManager.java

@@ -1,4 +1,4 @@
-/* Copyright 2004 Acegi Technology Pty Limited
+/* Copyright 2004, 2005 Acegi Technology Pty Limited
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -31,7 +31,7 @@ public interface ContactManager {
 
     public List getAllRecipients();
 
-    public Contact getById(Integer id);
+    public Contact getById(Long id);
 
     public Contact getRandomContact();
 

samples/contacts/src/main/java/sample/contact/ContactManagerBackend.java

@@ -45,7 +45,7 @@ public class ContactManagerBackend extends ApplicationObjectSupport
 
     private BasicAclExtendedDao basicAclExtendedDao;
     private ContactDao contactDao;
-    private int counter = 100;
+    private int counter = 1000;
 
     //~ Methods ================================================================
 
@@ -76,7 +76,7 @@ public class ContactManagerBackend extends ApplicationObjectSupport
         return basicAclExtendedDao;
     }
 
-    public Contact getById(Integer id) {
+    public Contact getById(Long id) {
         if (logger.isDebugEnabled()) {
             logger.debug("Returning contact with id: " + id);
         }
@@ -130,7 +130,7 @@ public class ContactManagerBackend extends ApplicationObjectSupport
 
     public void create(Contact contact) {
         // Create the Contact itself
-        contact.setId(new Integer(counter++));
+        contact.setId(new Long(counter++));
         contactDao.create(contact);
 
         // Grant the current principal access to the contact 

samples/contacts/src/main/java/sample/contact/DataSourcePopulator.java

@@ -65,7 +65,7 @@ public class DataSourcePopulator implements InitializingBean {
         JdbcTemplate template = new JdbcTemplate(dataSource);
 
         template.execute(
-            "CREATE TABLE CONTACTS(ID INTEGER NOT NULL PRIMARY KEY, CONTACT_NAME VARCHAR_IGNORECASE(50) NOT NULL, EMAIL VARCHAR_IGNORECASE(50) NOT NULL)");
+            "CREATE TABLE CONTACTS(ID BIGINT NOT NULL PRIMARY KEY, CONTACT_NAME VARCHAR_IGNORECASE(50) NOT NULL, EMAIL VARCHAR_IGNORECASE(50) NOT NULL)");
         template.execute(
             "INSERT INTO contacts VALUES (1, 'John Smith', 'john@somewhere.com');"); // marissa
         template.execute(
@@ -93,7 +93,7 @@ public class DataSourcePopulator implements InitializingBean {
         }
 
         template.execute(
-            "CREATE TABLE ACL_OBJECT_IDENTITY(ID INTEGER GENERATED BY DEFAULT AS IDENTITY(START WITH 100)  NOT NULL PRIMARY KEY,OBJECT_IDENTITY VARCHAR_IGNORECASE(250) NOT NULL,PARENT_OBJECT INTEGER,ACL_CLASS VARCHAR_IGNORECASE(250) NOT NULL,CONSTRAINT UNIQUE_OBJECT_IDENTITY UNIQUE(OBJECT_IDENTITY),CONSTRAINT SYS_FK_3 FOREIGN KEY(PARENT_OBJECT) REFERENCES ACL_OBJECT_IDENTITY(ID))");
+            "CREATE TABLE ACL_OBJECT_IDENTITY(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 100)  NOT NULL PRIMARY KEY,OBJECT_IDENTITY VARCHAR_IGNORECASE(250) NOT NULL,PARENT_OBJECT BIGINT,ACL_CLASS VARCHAR_IGNORECASE(250) NOT NULL,CONSTRAINT UNIQUE_OBJECT_IDENTITY UNIQUE(OBJECT_IDENTITY),CONSTRAINT SYS_FK_3 FOREIGN KEY(PARENT_OBJECT) REFERENCES ACL_OBJECT_IDENTITY(ID))");
         template.execute(
             "INSERT INTO acl_object_identity VALUES (1, 'sample.contact.Contact:1', null, 'net.sf.acegisecurity.acl.basic.SimpleAclEntry');");
         template.execute(
@@ -120,7 +120,7 @@ public class DataSourcePopulator implements InitializingBean {
         }
 
         template.execute(
-            "CREATE TABLE ACL_PERMISSION(ID INTEGER GENERATED BY DEFAULT AS IDENTITY(START WITH 100)  NOT NULL PRIMARY KEY,ACL_OBJECT_IDENTITY INTEGER NOT NULL,RECIPIENT VARCHAR_IGNORECASE(100) NOT NULL,MASK INTEGER NOT NULL,CONSTRAINT UNIQUE_RECIPIENT UNIQUE(ACL_OBJECT_IDENTITY,RECIPIENT),CONSTRAINT SYS_FK_7 FOREIGN KEY(ACL_OBJECT_IDENTITY) REFERENCES ACL_OBJECT_IDENTITY(ID))");
+            "CREATE TABLE ACL_PERMISSION(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 100)  NOT NULL PRIMARY KEY,ACL_OBJECT_IDENTITY BIGINT NOT NULL,RECIPIENT VARCHAR_IGNORECASE(100) NOT NULL,MASK INTEGER NOT NULL,CONSTRAINT UNIQUE_RECIPIENT UNIQUE(ACL_OBJECT_IDENTITY,RECIPIENT),CONSTRAINT SYS_FK_7 FOREIGN KEY(ACL_OBJECT_IDENTITY) REFERENCES ACL_OBJECT_IDENTITY(ID))");
         template.execute(
             "INSERT INTO acl_permission VALUES (null, 1, 'marissa', 1);"); // administer
         template.execute(

samples/contacts/src/main/java/sample/contact/DeleteController.java

@@ -1,4 +1,4 @@
-/* Copyright 2004 Acegi Technology Pty Limited
+/* Copyright 2004, 2005 Acegi Technology Pty Limited
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -17,10 +17,11 @@ package sample.contact;
 
 import org.springframework.beans.factory.InitializingBean;
 
+import org.springframework.util.Assert;
+
 import org.springframework.web.bind.RequestUtils;
 import org.springframework.web.servlet.ModelAndView;
 import org.springframework.web.servlet.mvc.Controller;
-import org.springframework.util.Assert;
 
 import java.io.IOException;
 
@@ -51,13 +52,14 @@ public class DeleteController implements Controller, InitializingBean {
     }
 
     public void afterPropertiesSet() throws Exception {
-        Assert.notNull(contactManager, "A ContactManager implementation is required");
+        Assert.notNull(contactManager,
+            "A ContactManager implementation is required");
     }
 
     public ModelAndView handleRequest(HttpServletRequest request,
         HttpServletResponse response) throws ServletException, IOException {
         int id = RequestUtils.getRequiredIntParameter(request, "contactId");
-        Contact contact = contactManager.getById(new Integer(id));
+        Contact contact = contactManager.getById(new Long(id));
         contactManager.delete(contact);
 
         return new ModelAndView("deleted", "contact", contact);

samples/contacts/src/main/java/sample/contact/DeletePermissionController.java

@@ -1,4 +1,4 @@
-/* Copyright 2004 Acegi Technology Pty Limited
+/* Copyright 2004, 2005 Acegi Technology Pty Limited
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,10 +19,11 @@ import net.sf.acegisecurity.acl.AclManager;
 
 import org.springframework.beans.factory.InitializingBean;
 
+import org.springframework.util.Assert;
+
 import org.springframework.web.bind.RequestUtils;
 import org.springframework.web.servlet.ModelAndView;
 import org.springframework.web.servlet.mvc.Controller;
-import org.springframework.util.Assert;
 
 import java.io.IOException;
 
@@ -65,7 +66,8 @@ public class DeletePermissionController implements Controller, InitializingBean
     }
 
     public void afterPropertiesSet() throws Exception {
-        Assert.notNull(contactManager, "A ContactManager implementation is required");
+        Assert.notNull(contactManager,
+            "A ContactManager implementation is required");
         Assert.notNull(aclManager, "An aclManager implementation is required");
     }
 
@@ -76,7 +78,7 @@ public class DeletePermissionController implements Controller, InitializingBean
         String recipient = RequestUtils.getRequiredStringParameter(request,
                 "recipient");
 
-        Contact contact = contactManager.getById(new Integer(contactId));
+        Contact contact = contactManager.getById(new Long(contactId));
 
         contactManager.deletePermission(contact, recipient);
 

samples/contacts/src/main/webapp/common/WEB-INF/jsp/index.jsp

@@ -3,7 +3,7 @@
 <html>
 <head><title>Your Contacts</title></head>
 <body>
-<h1><authz:authentication operation="principal"/>'s Contacts</h1>
+<h1><authz:authentication operation="username"/>'s Contacts</h1>
 <P>
 <table cellpadding=3 border=0>
 <tr><td><b>id</b></td><td><b>Name</b></td><td><b>Email</b></td></tr>