Inicio Explorar Ayuda
Registro Iniciar sesión
github
/
spring-security
espejo de https://github.com/spring-projects/spring-security
2
0
Fork 0
Archivos Incidencias 0 Wiki
Explorar el Código

SEC-641: Avoid direct use of external classes in namespace parsing.

Luke Taylor hace 17 años
padre
6e93ec92eb
commit
549de2927e
Se han modificado 4 ficheros con 28 adiciones y 36 borrados
Dividir vista Mostrar estadísticas de diff
  1. 19 27
      core/src/main/java/org/springframework/security/config/LdapServerBeanDefinitionParser.java
  2. 6 6
      core/src/main/java/org/springframework/security/config/OrderedFilterBeanDefinitionDecorator.java
  3. 0 1
      core/src/main/java/org/springframework/security/config/PasswordEncoderParser.java
  4. 3 2
      core/src/main/java/org/springframework/security/providers/ldap/LdapAuthenticator.java

+ 19 - 27
core/src/main/java/org/springframework/security/config/LdapServerBeanDefinitionParser.java
Ver fichero 

@@ -6,18 +6,15 @@ import org.springframework.beans.factory.xml.ParserContext;
 
 import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
 
 import org.springframework.beans.factory.config.BeanDefinition;
 
 import org.springframework.beans.factory.support.RootBeanDefinition;
 
+import org.springframework.beans.factory.support.BeanDefinitionBuilder;
 
+import org.springframework.beans.factory.support.ManagedSet;
 
 import org.springframework.ldap.core.DirContextAdapter;
 
 import org.springframework.util.StringUtils;
 
 
 import org.w3c.dom.Element;
 
-import org.apache.directory.server.configuration.MutableServerStartupConfiguration;
 
-import org.apache.directory.server.core.partition.impl.btree.MutableBTreePartitionConfiguration;
 
 import org.apache.commons.logging.Log;
 
 import org.apache.commons.logging.LogFactory;
 
 
-import javax.naming.NamingException;
 
-import java.util.HashSet;
 
-
 
 /**
 
  * @author Luke Taylor
 
  * @version $Id$
 
@@ -89,24 +86,23 @@ public class LdapServerBeanDefinitionParser implements BeanDefinitionParser {
 
      *
 
      * Registers beans to create an embedded apache directory server.
 
      *
 
-     * @param element
 
-     * @param parserContext
 
-     *
 
      * @return the BeanDefinition for the ContextSource for the embedded server.
 
      *
 
      * @see ApacheDSContainer
 
      */
 
     private RootBeanDefinition createEmbeddedServer(Element element, ParserContext parserContext) {
 
-        MutableServerStartupConfiguration configuration = new MutableServerStartupConfiguration();
 
-        MutableBTreePartitionConfiguration partition = new MutableBTreePartitionConfiguration();
 
-
 
-        partition.setName("springsecurity");
 
+        Object source = parserContext.extractSource(element);
 
+        BeanDefinitionBuilder configuration = BeanDefinitionBuilder.rootBeanDefinition("org.apache.directory.server.configuration.MutableServerStartupConfiguration");
 
+        BeanDefinitionBuilder partition = BeanDefinitionBuilder.rootBeanDefinition("org.apache.directory.server.core.partition.impl.btree.MutableBTreePartitionConfiguration");
 
+        configuration.setSource(source);
 
+        partition.setSource(source);
 
 
         DirContextAdapter rootContext = new DirContextAdapter();
 
         rootContext.setAttributeValues("objectClass", new String[] {"top", "domain", "extensibleObject"});
 
         rootContext.setAttributeValue("dc", "springsecurity");
 
 
-        partition.setContextEntry(rootContext.getAttributes());
 
+        partition.addPropertyValue("name", "springsecurity");
 
+        partition.addPropertyValue("contextEntry", rootContext.getAttributes());
 
 
         String suffix = element.getAttribute(ATT_ROOT_SUFFIX);
 
 
@@ -114,14 +110,10 @@ public class LdapServerBeanDefinitionParser implements BeanDefinitionParser {
 
             suffix = OPT_DEFAULT_ROOT_SUFFIX;
 
         }
 
 
-        try {
 
-            partition.setSuffix(suffix);
 
-        } catch (NamingException e) {
 
-            parserContext.getReaderContext().error("Failed to set root name suffix to " + suffix, element, e);
 
-        }
 
+        partition.addPropertyValue("suffix", suffix);
 
 
-        HashSet partitions = new HashSet(1);
 
-        partitions.add(partition);
 
+        ManagedSet partitions = new ManagedSet(1);
 
+        partitions.add(partition.getBeanDefinition());
 
 
         String port = element.getAttribute(ATT_PORT);
 
 
@@ -129,13 +121,13 @@ public class LdapServerBeanDefinitionParser implements BeanDefinitionParser {
 
             port = OPT_DEFAULT_PORT;
 
         }
 
 
-        configuration.setLdapPort(Integer.parseInt(port));
 
+        configuration.addPropertyValue("ldapPort", port);
 
 
         // We shut down the server ourself when the app context is closed so we don't need
 
         // the extra shutdown hook from apache DS itself.
 
-        configuration.setShutdownHookEnabled(false);
 
-        configuration.setExitVmOnShutdown(false);
 
-        configuration.setContextPartitionConfigurations(partitions);
 
+        configuration.addPropertyValue("shutdownHookEnabled", Boolean.FALSE);
 
+        configuration.addPropertyValue("exitVmOnShutdown", Boolean.FALSE);
 
+        configuration.addPropertyValue("contextPartitionConfigurations", partitions);
 
 
         String url = "ldap://127.0.0.1:" + port + "/" + suffix;
 
 
@@ -144,9 +136,9 @@ public class LdapServerBeanDefinitionParser implements BeanDefinitionParser {
 
         contextSource.getPropertyValues().addPropertyValue("userDn", "uid=admin,ou=system");
 
         contextSource.getPropertyValues().addPropertyValue("password", "secret");
 
 
-        RootBeanDefinition apacheContainer = new RootBeanDefinition(ApacheDSContainer.class);
 
-        apacheContainer.setSource(parserContext.extractSource(element));
 
-        apacheContainer.getConstructorArgumentValues().addGenericArgumentValue(configuration);
 
+        RootBeanDefinition apacheContainer = new RootBeanDefinition("org.springframework.security.config.ApacheDSContainer", null, null);
 
+        apacheContainer.setSource(source);
 
+        apacheContainer.getConstructorArgumentValues().addGenericArgumentValue(configuration.getBeanDefinition());
 
         apacheContainer.getConstructorArgumentValues().addGenericArgumentValue(contextSource);
 
 
         String ldifs = element.getAttribute(ATT_LDIF_FILE);

+ 6 - 6
core/src/main/java/org/springframework/security/config/OrderedFilterBeanDefinitionDecorator.java
Ver fichero 

@@ -5,7 +5,7 @@ import org.springframework.beans.factory.xml.BeanDefinitionDecorator;
 
 import org.springframework.beans.factory.xml.ParserContext;
 
 import org.springframework.beans.factory.config.BeanDefinitionHolder;
 
 import org.springframework.beans.factory.config.BeanDefinition;
 
-import org.springframework.beans.factory.support.RootBeanDefinition;
 
+import org.springframework.beans.factory.support.BeanDefinitionBuilder;
 
 import org.springframework.core.Ordered;
 
 import org.springframework.util.StringUtils;
 
 import org.springframework.util.Assert;
 
@@ -39,15 +39,15 @@ public class OrderedFilterBeanDefinitionDecorator implements BeanDefinitionDecor
 
         String order = getOrder(elt, parserContext);
 
 
         BeanDefinition filter = holder.getBeanDefinition();
 
-        BeanDefinition wrapper = new RootBeanDefinition(OrderedFilterDecorator.class);
 
-        wrapper.getConstructorArgumentValues().addIndexedArgumentValue(0, holder.getBeanName());
 
-        wrapper.getConstructorArgumentValues().addIndexedArgumentValue(1, filter);
 
+        BeanDefinitionBuilder wrapper = BeanDefinitionBuilder.rootBeanDefinition("org.springframework.security.config.OrderedFilterBeanDefinitionDecorator$OrderedFilterDecorator");
 
+        wrapper.addConstructorArg(holder.getBeanName());
 
+        wrapper.addConstructorArg(filter);
 
 
         if (StringUtils.hasText(order)) {
 
-            wrapper.getPropertyValues().addPropertyValue("order", order);
 
+            wrapper.addPropertyValue("order", order);
 
         }
 
 
-        return new BeanDefinitionHolder(wrapper, holder.getBeanName());
 
+        return new BeanDefinitionHolder(wrapper.getBeanDefinition(), holder.getBeanName());
 
     }
 
 
     /**

+ 0 - 1
core/src/main/java/org/springframework/security/config/PasswordEncoderParser.java
Ver fichero 

@@ -5,7 +5,6 @@ import org.springframework.security.providers.encoding.Md5PasswordEncoder;
 
 import org.springframework.security.providers.encoding.ShaPasswordEncoder;
 
 import org.springframework.security.providers.encoding.BaseDigestPasswordEncoder;
 
 import org.springframework.security.providers.ldap.authenticator.LdapShaPasswordEncoder;
 
-import org.springframework.beans.factory.xml.BeanDefinitionParser;
 
 import org.springframework.beans.factory.xml.ParserContext;
 
 import org.springframework.beans.factory.config.BeanDefinition;
 
 import org.springframework.beans.factory.config.RuntimeBeanReference;

+ 3 - 2
core/src/main/java/org/springframework/security/providers/ldap/LdapAuthenticator.java
Ver fichero 

@@ -24,11 +24,12 @@ import org.springframework.ldap.core.DirContextOperations;
 
  * <p>
 
  * The LdapAuthenticationProvider calls this interface to authenticate a user
 
  * and obtain the information for that user from the directory.
 
- * </p>
 
- *
 
  *
 
  * @author Luke Taylor
 
  * @version $Id$
 
+ *
 
+ * @see org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator
 
+ * @see org.springframework.security.ldap.populator.UserDetailsServiceLdapAuthoritiesPopulator
 
  */
 
 public interface LdapAuthenticator {
 
     //~ Methods ========================================================================================================