SEC-671: Changed AuthenticationDetailsSource to take an object as argument instead of an HttpServletRequest and renamed AuthenticationDetailsSourceImpl to WebAuthenticationDetailsSource. Also removed some preauth dependencies on commons lang

core/src/main/java/org/springframework/security/authoritymapping/XmlMappableAttributesRetriever.java

@@ -4,6 +4,7 @@ import java.io.FilterInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.StringReader;
+import java.util.Arrays;
 import java.util.List;
 
 import javax.xml.parsers.DocumentBuilder;
@@ -11,7 +12,6 @@ import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.FactoryConfigurationError;
 import javax.xml.parsers.ParserConfigurationException;
 
-import org.apache.commons.lang.ArrayUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.jaxen.JaxenException;
@@ -75,7 +75,7 @@ public abstract class XmlMappableAttributesRetriever implements MappableAttribut
             Document doc = getDocument(aStream);
             String[] roles = getMappableAttributes(doc);
             if (logger.isDebugEnabled()) {
-                logger.debug("Mappable attributes from XML document: " + ArrayUtils.toString(roles));
+                logger.debug("Mappable attributes from XML document: " + Arrays.asList(roles));
             }
             return roles;
         } finally {

core/src/main/java/org/springframework/security/providers/anonymous/AnonymousProcessingFilter.java

@@ -20,7 +20,7 @@ import org.springframework.security.Authentication;
 import org.springframework.security.context.SecurityContextHolder;
 
 import org.springframework.security.ui.AuthenticationDetailsSource;
-import org.springframework.security.ui.AuthenticationDetailsSourceImpl;
+import org.springframework.security.ui.WebAuthenticationDetailsSource;
 import org.springframework.security.ui.FilterChainOrder;
 import org.springframework.security.ui.SpringSecurityFilter;
 
@@ -56,7 +56,7 @@ public class AnonymousProcessingFilter  extends SpringSecurityFilter  implements
 
     //~ Instance fields ================================================================================================
 
-    private AuthenticationDetailsSource authenticationDetailsSource = new AuthenticationDetailsSourceImpl();
+    private AuthenticationDetailsSource authenticationDetailsSource = new WebAuthenticationDetailsSource();
     private String key;
     private UserAttribute userAttribute;
     private boolean removeAfterRequest = true;

core/src/main/java/org/springframework/security/providers/preauth/PreAuthenticatedAuthenticationProvider.java

@@ -83,7 +83,7 @@ public class PreAuthenticatedAuthenticationProvider implements AuthenticationPro
     }
 
     /**
-     * Set the PreAuthenticatedUserDetailsServices to be used.
+     * Set the AuthenticatedUserDetailsServices to be used.
      *
      * @param aPreAuthenticatedUserDetailsService
      */

core/src/main/java/org/springframework/security/ui/AbstractProcessingFilter.java

@@ -143,7 +143,7 @@ public abstract class AbstractProcessingFilter extends SpringSecurityFilter impl
 
     protected ApplicationEventPublisher eventPublisher;
 
-    protected AuthenticationDetailsSource authenticationDetailsSource = new AuthenticationDetailsSourceImpl();
+    protected AuthenticationDetailsSource authenticationDetailsSource = new WebAuthenticationDetailsSource();
 
     private AuthenticationManager authenticationManager;
 

core/src/main/java/org/springframework/security/ui/AuthenticationDetailsSource.java

@@ -15,7 +15,6 @@
 
 package org.springframework.security.ui;
 
-import javax.servlet.http.HttpServletRequest;
 
 
 /**
@@ -31,9 +30,9 @@ public interface AuthenticationDetailsSource {
     /**
      * Called by a class when it wishes a new authentication details instance to be created.
      *
-     * @param request the request object, which may be used by the authentication details object
+     * @param context the request object, which may be used by the authentication details object
      *
      * @return a fully-configured authentication details instance
      */
-    Object buildDetails(HttpServletRequest request);
+    Object buildDetails(Object context);
 }

core/src/main/java/org/springframework/security/ui/AuthenticationDetailsSourceImpl.java → core/src/main/java/org/springframework/security/ui/WebAuthenticationDetailsSource.java

@@ -25,25 +25,31 @@ import javax.servlet.http.HttpServletRequest;
 
 
 /**
- * Base implementation of {@link AuthenticationDetailsSource}.<P>By default will create an instance of
- * <code>WebAuthenticationDetails</code>. Any object that accepts a <code>HttpServletRequest</code> as its sole
- * constructor can be used instead of this default.</p>
+ * Implementation of {@link AuthenticationDetailsSource} which builds the details object from
+ * an <tt>HttpServletRequest</tt> object.
+ * <p>
+ * By default will create an instance of <code>WebAuthenticationDetails</code>. Any object that accepts a 
+ * <code>HttpServletRequest</code> as its sole constructor can be used instead of this default.
  *
  * @author Ben Alex
  * @version $Id$
  */
-public class AuthenticationDetailsSourceImpl implements AuthenticationDetailsSource {
+public class WebAuthenticationDetailsSource implements AuthenticationDetailsSource {
     //~ Instance fields ================================================================================================
 
     private Class clazz = WebAuthenticationDetails.class;
 
     //~ Methods ========================================================================================================
 
-    public Object buildDetails(HttpServletRequest request) {
+    /**
+     * @param context the <tt>HttpServletRequest</tt> object.
+     */
+    public Object buildDetails(Object context) {
+        Assert.isInstanceOf(HttpServletRequest.class, context);
         try {
             Constructor constructor = clazz.getConstructor(new Class[] {HttpServletRequest.class});
 
-            return constructor.newInstance(new Object[] {request});
+            return constructor.newInstance(new Object[] {context});
         } catch (NoSuchMethodException ex) {
             ReflectionUtils.handleReflectionException(ex);
         } catch (InvocationTargetException ex) {

core/src/main/java/org/springframework/security/ui/basicauth/BasicProcessingFilter.java

@@ -33,7 +33,7 @@ import org.springframework.security.context.SecurityContextHolder;
 import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
 import org.springframework.security.providers.anonymous.AnonymousAuthenticationToken;
 import org.springframework.security.ui.AuthenticationDetailsSource;
-import org.springframework.security.ui.AuthenticationDetailsSourceImpl;
+import org.springframework.security.ui.WebAuthenticationDetailsSource;
 import org.springframework.security.ui.AuthenticationEntryPoint;
 import org.springframework.security.ui.FilterChainOrder;
 import org.springframework.security.ui.SpringSecurityFilter;
@@ -93,7 +93,7 @@ public class BasicProcessingFilter extends SpringSecurityFilter implements Initi
 
     //~ Instance fields ================================================================================================
 
-    private AuthenticationDetailsSource authenticationDetailsSource = new AuthenticationDetailsSourceImpl();
+    private AuthenticationDetailsSource authenticationDetailsSource = new WebAuthenticationDetailsSource();
     private AuthenticationEntryPoint authenticationEntryPoint;
     private AuthenticationManager authenticationManager;
     private RememberMeServices rememberMeServices;

core/src/main/java/org/springframework/security/ui/digestauth/DigestProcessingFilter.java

@@ -27,7 +27,7 @@ import org.springframework.security.providers.dao.UserCache;
 import org.springframework.security.providers.dao.cache.NullUserCache;
 
 import org.springframework.security.ui.AuthenticationDetailsSource;
-import org.springframework.security.ui.AuthenticationDetailsSourceImpl;
+import org.springframework.security.ui.WebAuthenticationDetailsSource;
 
 import org.springframework.security.userdetails.UserDetails;
 import org.springframework.security.userdetails.UserDetailsService;
@@ -91,7 +91,7 @@ public class DigestProcessingFilter implements Filter, InitializingBean, Message
 
     //~ Instance fields ================================================================================================
 
-    private AuthenticationDetailsSource authenticationDetailsSource = new AuthenticationDetailsSourceImpl();
+    private AuthenticationDetailsSource authenticationDetailsSource = new WebAuthenticationDetailsSource();
     private DigestProcessingFilterEntryPoint authenticationEntryPoint;
     protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
     private UserCache userCache = new NullUserCache();

core/src/main/java/org/springframework/security/ui/preauth/AbstractPreAuthenticatedProcessingFilter.java

@@ -13,7 +13,7 @@ import org.springframework.security.Authentication;
 import org.springframework.security.AuthenticationException;
 import org.springframework.security.event.authentication.InteractiveAuthenticationSuccessEvent;
 import org.springframework.security.ui.AuthenticationDetailsSource;
-import org.springframework.security.ui.AuthenticationDetailsSourceImpl;
+import org.springframework.security.ui.WebAuthenticationDetailsSource;
 import org.springframework.security.ui.AbstractProcessingFilter;
 import org.springframework.security.ui.SpringSecurityFilter;
 import org.springframework.security.context.SecurityContextHolder;
@@ -40,7 +40,7 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends SpringSec
 
     private ApplicationEventPublisher eventPublisher = null;
 
-    private AuthenticationDetailsSource authenticationDetailsSource = new AuthenticationDetailsSourceImpl();
+    private AuthenticationDetailsSource authenticationDetailsSource = new WebAuthenticationDetailsSource();
 
     private AuthenticationManager authenticationManager = null;
 

core/src/main/java/org/springframework/security/ui/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails.java

@@ -1,5 +1,7 @@
 package org.springframework.security.ui.preauth;
 
+import java.util.Arrays;
+
 import javax.servlet.http.HttpServletRequest;
 
 import org.springframework.security.providers.preauth.PreAuthenticatedGrantedAuthoritiesRetriever;
@@ -7,7 +9,6 @@ import org.springframework.security.providers.preauth.PreAuthenticatedGrantedAut
 import org.springframework.security.ui.WebAuthenticationDetails;
 import org.springframework.security.GrantedAuthority;
 
-import org.apache.commons.lang.StringUtils;
 import org.springframework.util.Assert;
 
 /**
@@ -33,7 +34,7 @@ public class PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails extends
 	public String toString() {
 		StringBuffer sb = new StringBuffer();
 		sb.append(super.toString() + "; ");
-		sb.append("preAuthenticatedGrantedAuthorities: " + StringUtils.join(preAuthenticatedGrantedAuthorities, ", "));
+		sb.append("preAuthenticatedGrantedAuthorities: " + Arrays.asList(preAuthenticatedGrantedAuthorities));
 		return sb.toString();
 	}
 

core/src/main/java/org/springframework/security/ui/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.java

@@ -1,23 +1,29 @@
 package org.springframework.security.ui.preauth.j2ee;
 
 import org.springframework.security.ui.preauth.PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails;
-import org.springframework.security.ui.AuthenticationDetailsSourceImpl;
+import org.springframework.security.ui.WebAuthenticationDetailsSource;
 import org.springframework.security.providers.preauth.PreAuthenticatedGrantedAuthoritiesSetter;
 import org.springframework.security.GrantedAuthority;
 import org.springframework.security.authoritymapping.Attributes2GrantedAuthoritiesMapper;
 import org.springframework.security.authoritymapping.MappableAttributesRetriever;
 
 import java.util.ArrayList;
+import java.util.Arrays;
 
 import javax.servlet.http.HttpServletRequest;
 
-import org.apache.commons.lang.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.util.Assert;
 
-public class J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource extends AuthenticationDetailsSourceImpl implements InitializingBean {
+/**
+ * Extended AuthenticationDetailsSource which allows
+ *
+ * @author Ruud Senden
+ * @since 2.0
+ */
+public class J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource extends WebAuthenticationDetailsSource implements InitializingBean {
     private static final Log logger = LogFactory.getLog(J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.class);
 
     private String[] j2eeMappableRoles;
@@ -41,18 +47,18 @@ public class J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource extends Aut
     }
 
     /**
-     * Build the authentication details object. If the speficied authentication
+     * Build the authentication details object. If the specified authentication
      * details class implements the PreAuthenticatedGrantedAuthoritiesSetter, a
      * list of pre-authenticated Granted Authorities will be set based on the
      * J2EE roles for the current user.
      *
-     * @see org.springframework.security.ui.AuthenticationDetailsSource#buildDetails(javax.servlet.http.HttpServletRequest)
+     * @see org.springframework.security.ui.AuthenticationDetailsSource#buildDetails(Object)
      */
-    public Object buildDetails(HttpServletRequest request) {
-        Object result = super.buildDetails(request);
+    public Object buildDetails(Object context) {
+        Object result = super.buildDetails(context);
         if (result instanceof PreAuthenticatedGrantedAuthoritiesSetter) {
             ((PreAuthenticatedGrantedAuthoritiesSetter) result)
-                    .setPreAuthenticatedGrantedAuthorities(getJ2eeBasedGrantedAuthorities(request));
+                    .setPreAuthenticatedGrantedAuthorities(getJ2eeBasedGrantedAuthorities((HttpServletRequest)context));
         }
         return result;
     }
@@ -76,8 +82,8 @@ public class J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource extends Aut
         j2eeUserRoles = (String[]) j2eeUserRolesList.toArray(j2eeUserRoles);
         GrantedAuthority[] userGas = j2eeUserRoles2GrantedAuthoritiesMapper.getGrantedAuthorities(j2eeUserRoles);
         if (logger.isDebugEnabled()) {
-            logger.debug("J2EE user roles [" + StringUtils.join(j2eeUserRoles) + "] mapped to Granted Authorities: ["
-                    + StringUtils.join(userGas) + "]");
+            logger.debug("J2EE user roles [" + j2eeUserRolesList + "] mapped to Granted Authorities: ["
+                    + Arrays.asList(userGas) + "]");
         }
         return userGas;
     }

core/src/main/java/org/springframework/security/ui/rememberme/AbstractRememberMeServices.java

@@ -10,7 +10,7 @@ import org.springframework.security.SpringSecurityMessageSource;
 import org.springframework.security.AccountStatusException;
 import org.springframework.security.providers.rememberme.RememberMeAuthenticationToken;
 import org.springframework.security.ui.AuthenticationDetailsSource;
-import org.springframework.security.ui.AuthenticationDetailsSourceImpl;
+import org.springframework.security.ui.WebAuthenticationDetailsSource;
 import org.springframework.security.ui.logout.LogoutHandler;
 import org.springframework.security.userdetails.UserDetails;
 import org.springframework.security.userdetails.UserDetailsService;
@@ -47,7 +47,7 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 
     private UserDetailsService userDetailsService;
     private UserDetailsChecker userDetailsChecker = new AccountStatusUserDetailsChecker();
-    private AuthenticationDetailsSource authenticationDetailsSource = new AuthenticationDetailsSourceImpl();
+    private AuthenticationDetailsSource authenticationDetailsSource = new WebAuthenticationDetailsSource();
 
     private String cookieName = SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY;
 	private String parameter = DEFAULT_PARAMETER;

core/src/main/java/org/springframework/security/ui/switchuser/SwitchUserProcessingFilter.java

@@ -29,7 +29,7 @@ import org.springframework.security.context.SecurityContextHolder;
 import org.springframework.security.event.authentication.AuthenticationSwitchUserEvent;
 import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
 import org.springframework.security.ui.AuthenticationDetailsSource;
-import org.springframework.security.ui.AuthenticationDetailsSourceImpl;
+import org.springframework.security.ui.WebAuthenticationDetailsSource;
 import org.springframework.security.ui.SpringSecurityFilter;
 import org.springframework.security.ui.FilterChainOrder;
 import org.springframework.security.ui.AbstractProcessingFilter;
@@ -113,7 +113,7 @@ public class SwitchUserProcessingFilter extends SpringSecurityFilter implements
     //~ Instance fields ================================================================================================
 
     private ApplicationEventPublisher eventPublisher;
-    private AuthenticationDetailsSource authenticationDetailsSource = new AuthenticationDetailsSourceImpl();
+    private AuthenticationDetailsSource authenticationDetailsSource = new WebAuthenticationDetailsSource();
     protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
     private String exitUserUrl = "/j_spring_security_exit_user";
     private String switchUserUrl = "/j_spring_security_switch_user";

core/src/main/java/org/springframework/security/ui/x509/X509ProcessingFilter.java

@@ -27,7 +27,7 @@ import org.springframework.security.providers.x509.X509AuthenticationToken;
 
 import org.springframework.security.ui.AbstractProcessingFilter;
 import org.springframework.security.ui.AuthenticationDetailsSource;
-import org.springframework.security.ui.AuthenticationDetailsSourceImpl;
+import org.springframework.security.ui.WebAuthenticationDetailsSource;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
@@ -77,7 +77,7 @@ public class X509ProcessingFilter implements Filter, InitializingBean, Applicati
     //~ Instance fields ================================================================================================
 
     private ApplicationEventPublisher eventPublisher;
-    private AuthenticationDetailsSource authenticationDetailsSource = new AuthenticationDetailsSourceImpl();
+    private AuthenticationDetailsSource authenticationDetailsSource = new WebAuthenticationDetailsSource();
     private AuthenticationManager authenticationManager;
 
     //~ Methods ========================================================================================================

core/src/test/java/org/springframework/security/ui/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetailsTests.java

@@ -12,7 +12,6 @@ import javax.servlet.http.HttpServletRequest;
 
 import junit.framework.TestCase;
 
-import org.apache.commons.lang.StringUtils;
 import org.springframework.mock.web.MockHttpServletRequest;
 
 /**
@@ -28,8 +27,8 @@ public class PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetailsTests ext
 		GrantedAuthority[] gas = new GrantedAuthority[] { new GrantedAuthorityImpl("Role1"), new GrantedAuthorityImpl("Role2") };
 		details.setPreAuthenticatedGrantedAuthorities(gas);
 		String toString = details.toString();
-		assertTrue("toString doesn't contain Role1", StringUtils.contains(toString, "Role1"));
-		assertTrue("toString doesn't contain Role2", StringUtils.contains(toString, "Role2"));
+		assertTrue("toString should contain Role1", toString.contains("Role1"));
+		assertTrue("toString should contain Role2", toString.contains("Role2"));
 	}
 
 	public final void testGetSetPreAuthenticatedGrantedAuthorities() {

ntlm/src/main/java/org/springframework/security/ui/ntlm/NtlmProcessingFilter.java

@@ -27,7 +27,7 @@ import org.springframework.security.providers.anonymous.AnonymousAuthenticationT
 import org.springframework.security.ui.SpringSecurityFilter;
 import org.springframework.security.ui.FilterChainOrder;
 import org.springframework.security.ui.AuthenticationDetailsSource;
-import org.springframework.security.ui.AuthenticationDetailsSourceImpl;
+import org.springframework.security.ui.WebAuthenticationDetailsSource;
 import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.util.Assert;
@@ -112,7 +112,7 @@ public class NtlmProcessingFilter extends SpringSecurityFilter implements Initia
 	private String	defaultDomain;
 	private String	domainController;
 	private AuthenticationManager authenticationManager;
-    private AuthenticationDetailsSource authenticationDetailsSource = new AuthenticationDetailsSourceImpl();
+    private AuthenticationDetailsSource authenticationDetailsSource = new WebAuthenticationDetailsSource();
 
     //~ Methods ========================================================================================================