Refactored up an AuthoritiesPopulator and DaoAuthoritiesPopulator from functionality in the cas provider. This interface and impl are well suited for use in the openid provider, and possibly in the sitemesh provider.

core/src/main/java/org/springframework/security/providers/AuthoritiesPopulator.java

@@ -0,0 +1,52 @@
+package org.springframework.security.providers;
+
+import org.springframework.security.AuthenticationException;
+import org.springframework.security.userdetails.UserDetails;
+
+/**
+ * Populates the <code>UserDetails</code> associated with a CAS authenticated
+ * user.
+ *
+ * <p>
+ * Intended to grant authorities (roles) for providers that do not support
+ * authorities/roles directly. It merely authenticates their identity.
+ * As Spring Security needs to know the authorities granted to a user in
+ * order to construct a valid <code>Authentication</code> object, implementations
+ * of this interface will provide this information.
+ * </p>
+ *
+ * <p>
+ * A {@link UserDetails} is returned by implementations. The
+ * <code>UserDetails</code> must, at minimum, contain the username and
+ * <code>GrantedAuthority[]</code> objects applicable to the authenticated
+ * user. Note that Spring Security ignores the password and enabled/disabled
+ * status of the <code>UserDetails</code> because this is
+ * authentication-related and should have been enforced by another provider server. The
+ * <code>UserDetails</code> returned by implementations is stored in the
+ * generated <code>AuthenticationToken</code>, so additional properties
+ * such as email addresses, telephone numbers etc can easily be stored.
+ * </p>
+ *
+ * <p>
+ * Implementations should not perform any caching. They will only be called
+ * when a refresh is required.
+ * </p>
+ *
+ * @author Ben Alex
+ * @author Ray Krueger
+ * @version $Id$
+ */
+public interface AuthoritiesPopulator {
+    /**
+     * Obtains the granted authorities for the specified user.<P>May throw any
+     * <code>AuthenticationException</code> or return <code>null</code> if the authorities are unavailable.</p>
+     *
+     * @param casUserId as obtained from the CAS validation service
+     *
+     * @return the details of the indicated user (at minimum the granted authorities and the username)
+     *
+     * @throws org.springframework.security.AuthenticationException DOCUMENT ME!
+     */
+    UserDetails getUserDetails(String casUserId)
+        throws AuthenticationException;
+}

core/src/main/java/org/springframework/security/providers/DaoAuthoritiesPopulator.java

@@ -0,0 +1,40 @@
+package org.springframework.security.providers;
+
+import org.springframework.beans.factory.InitializingBean;
+import org.springframework.security.AuthenticationException;
+import org.springframework.security.userdetails.UserDetails;
+import org.springframework.security.userdetails.UserDetailsService;
+import org.springframework.util.Assert;
+
+/**
+ * Populates the CAS authorities via an {@link org.springframework.security.userdetails.UserDetailsService}.<P>The additional information (username,
+ * password, enabled status etc)  an <code>AuthenticationDao</code> implementation provides about  a <code>User</code>
+ * is ignored. Only the <code>GrantedAuthority</code>s are relevant to this class.</p>
+ *
+ * @author Ben Alex
+ * @version $Id$
+ */
+public class DaoAuthoritiesPopulator implements AuthoritiesPopulator, InitializingBean {
+    //~ Instance fields ================================================================================================
+
+    private UserDetailsService userDetailsService;
+
+    //~ Methods ========================================================================================================
+
+    public void afterPropertiesSet() throws Exception {
+        Assert.notNull(this.userDetailsService, "A UserDetailsService must be set");
+    }
+
+    public UserDetails getUserDetails(String casUserId)
+        throws AuthenticationException {
+        return this.userDetailsService.loadUserByUsername(casUserId);
+    }
+
+    public UserDetailsService getUserDetailsService() {
+        return userDetailsService;
+    }
+
+    public void setUserDetailsService(UserDetailsService userDetailsService) {
+        this.userDetailsService = userDetailsService;
+    }
+}

core/src/main/java/org/springframework/security/providers/cas/CasAuthoritiesPopulator.java

@@ -15,14 +15,19 @@
 
 package org.springframework.security.providers.cas;
 
-import org.springframework.security.AuthenticationException;
-
-import org.springframework.security.userdetails.UserDetails;
+import org.springframework.security.providers.AuthoritiesPopulator;
 
 
 /**
+ * <p>
+ * <i>Backwards compatible extension to the {@link AuthoritiesPopulator} interface.
+ * This interface has usefulness outside of the CAS usecase. Thus, the {@link AuthoritiesPopulator}
+ * interface was refactored in.</i>
+ * </p>
+ * <p>
  * Populates the <code>UserDetails</code> associated with a CAS authenticated
  * user.
+ * </p>
  *
  * <p>
  * CAS does not provide the authorities (roles) granted to a user. It merely
@@ -33,18 +38,6 @@ import org.springframework.security.userdetails.UserDetails;
  * </p>
  *
  * <p>
- * A {@link UserDetails} is returned by implementations. The
- * <code>UserDetails</code> must, at minimum, contain the username and
- * <code>GrantedAuthority[]</code> objects applicable to the CAS-authenticated
- * user. Note that Spring Security ignores the password and enabled/disabled
- * status of the <code>UserDetails</code> because this is
- * authentication-related and should have been enforced by the CAS server. The
- * <code>UserDetails</code> returned by implementations is stored in the
- * generated <code>CasAuthenticationToken</code>, so additional properties
- * such as email addresses, telephone numbers etc can easily be stored.
- * </p>
- *
- * <p>
  * Implementations should not perform any caching. They will only be called
  * when a refresh is required.
  * </p>
@@ -52,19 +45,6 @@ import org.springframework.security.userdetails.UserDetails;
  * @author Ben Alex
  * @version $Id$
  */
-public interface CasAuthoritiesPopulator {
-    //~ Methods ========================================================================================================
+public interface CasAuthoritiesPopulator extends AuthoritiesPopulator {
 
-    /**
-     * Obtains the granted authorities for the specified user.<P>May throw any
-     * <code>AuthenticationException</code> or return <code>null</code> if the authorities are unavailable.</p>
-     *
-     * @param casUserId as obtained from the CAS validation service
-     *
-     * @return the details of the indicated user (at minimum the granted authorities and the username)
-     *
-     * @throws AuthenticationException DOCUMENT ME!
-     */
-    UserDetails getUserDetails(String casUserId)
-        throws AuthenticationException;
 }

core/src/main/java/org/springframework/security/providers/cas/populator/DaoCasAuthoritiesPopulator.java

@@ -15,47 +15,21 @@
 
 package org.springframework.security.providers.cas.populator;
 
-import org.springframework.security.AuthenticationException;
-
-import org.springframework.security.providers.cas.CasAuthoritiesPopulator;
-
-import org.springframework.security.userdetails.UserDetails;
-import org.springframework.security.userdetails.UserDetailsService;
-
 import org.springframework.beans.factory.InitializingBean;
-
-import org.springframework.util.Assert;
+import org.springframework.security.providers.DaoAuthoritiesPopulator;
 
 
 /**
- * Populates the CAS authorities via an {@link UserDetailsService}.<P>The additional information (username,
- * password, enabled status etc)  an <code>AuthenticationDao</code> implementation provides about  a <code>User</code>
- * is ignored. Only the <code>GrantedAuthority</code>s are relevant to this class.</p>
- *
+ * Backwards compatible placeholder.
+ * This class will be removed, use {@link DaoAuthoritiesPopulator} instead.
+ * 
+ * @deprecated Use {@link org.springframework.security.providers.DaoAuthoritiesPopulator}
  * @author Ben Alex
  * @version $Id$
  */
-public class DaoCasAuthoritiesPopulator implements CasAuthoritiesPopulator, InitializingBean {
-    //~ Instance fields ================================================================================================
-
-    private UserDetailsService userDetailsService;
-
-    //~ Methods ========================================================================================================
+public class DaoCasAuthoritiesPopulator extends DaoAuthoritiesPopulator implements InitializingBean {
 
     public void afterPropertiesSet() throws Exception {
-        Assert.notNull(this.userDetailsService, "A UserDetailsService must be set");
-    }
-
-    public UserDetails getUserDetails(String casUserId)
-        throws AuthenticationException {
-        return this.userDetailsService.loadUserByUsername(casUserId);
-    }
-
-    public UserDetailsService getUserDetailsService() {
-        return userDetailsService;
-    }
-
-    public void setUserDetailsService(UserDetailsService userDetailsService) {
-        this.userDetailsService = userDetailsService;
+        super.afterPropertiesSet();
     }
 }

sandbox/openid/pom.xml

@@ -11,6 +11,7 @@
     <description>Spring Security - Support for OpenID</description>
     <version>0.1-SNAPSHOT</version>
 
+<!--
     <repositories>
         <repository>
             <id>AcegiMaven</id>
@@ -21,6 +22,7 @@
             </releases>
         </repository>
     </repositories>
+-->
 
     <dependencies>
         <dependency>
@@ -41,18 +43,9 @@
         <dependency>
             <groupId>org.openid4java</groupId>
             <artifactId>openid4java</artifactId>
-            <version>0.9.2</version>
-        </dependency>
-        <dependency>
-            <groupId>com.janrain</groupId>
-            <artifactId>Janrain-Openid</artifactId>
-            <version>20070226</version>
-        </dependency>
-        <dependency>
-            <groupId>gnu</groupId>
-            <artifactId>libidn</artifactId>
-            <version>0.6.3</version>
+            <version>0.9.3</version>
         </dependency>
+
         <dependency>
             <groupId>org.apache.geronimo.specs</groupId>
             <artifactId>geronimo-servlet_2.4_spec</artifactId>
@@ -60,122 +53,7 @@
             <scope>compile</scope>
             <optional>true</optional>
         </dependency>
-        <!--
-        <dependency>
-            <groupId>javax.servlet</groupId>
-            <artifactId>servlet-api</artifactId>
-            <version>2.4</version>
-            <scope>provided</scope>
-        </dependency>
--->
 
-        <!--openid4java dependencies-->
-        <!--
-        <dependency>
-            <groupId>commons-codec</groupId>
-            <artifactId>commons-codec</artifactId>
-            <version>1.3</version>
-        </dependency>
-        <dependency>
-            <groupId>commons-httpclient</groupId>
-            <artifactId>commons-httpclient</artifactId>
-            <version>3.0.1</version>
-        </dependency>
-        <dependency>
-            <groupId>commons-logging</groupId>
-            <artifactId>commons-logging</artifactId>
-            <version>1.1</version>
-        </dependency>
-        <dependency>
-            <groupId>org.htmlparser</groupId>
-            <artifactId>htmlparser</artifactId>
-            <version>1.6</version>
-        </dependency>
-        <dependency>
-            <groupId>com.ibm.icu</groupId>
-            <artifactId>icu4j</artifactId>
-            <version>3.4.4</version>
-        </dependency>
-        <dependency>
-            <groupId>jug</groupId>
-            <artifactId>jug</artifactId>
-            <version>1.1</version>
-        </dependency>
-        <dependency>
-            <groupId>log4j</groupId>
-            <artifactId>log4j</artifactId>
-            <version>1.2.14</version>
-        </dependency>
-        <dependency>
-            <groupId>org.openxri</groupId>
-            <artifactId>openxri-client</artifactId>
-            <version>1.0.1</version>
-            <scope>system</scope>
-            <systemPath>${basedir}/lib/openxri-client.jar</systemPath>
-        </dependency>
-        <dependency>
-            <groupId>org.openxri</groupId>
-            <artifactId>openxri-syntax</artifactId>
-            <version>1.0.1</version>
-            <scope>system</scope>
-            <systemPath>${basedir}/lib/openxri-syntax.jar</systemPath>
-        </dependency>
-        <dependency>
-            <groupId>org.springframework</groupId>
-            <artifactId>spring</artifactId>
-            <version>2.0.3</version>
-        </dependency>
-        <dependency>
-            <groupId>xml-security</groupId>
-            <artifactId>xmlsec</artifactId>
-            <version>1.3.0</version>
-        </dependency>
-        <dependency>
-            <groupId>net.sf.ehcache</groupId>
-            <artifactId>ehcache</artifactId>
-            <version>1.2.3</version>
-        </dependency>
-        <dependency>
-            <groupId>jdom</groupId>
-            <artifactId>jdom</artifactId>
-            <version>1.0</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>jetty</groupId>
-            <artifactId>jetty</artifactId>
-            <version>6.0.2</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>jetty</groupId>
-            <artifactId>jetty-util</artifactId>
-            <version>6.0.2</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>xerces</groupId>
-            <artifactId>xercesImpl</artifactId>
-            <version>2.8.1</version>
-            <scope>test</scope>
-        </dependency>
--->
     </dependencies>
 
-    <!--This doesn't even exist...-->
-<!--
-    <build>
-        <plugins>
-        <plugin>
-          <groupId>org.codehaus.mojo</groupId>
-          <artifactId>jalopy-maven-plugin</artifactId>
-          <version>1.0-SNAPSHOT</version>
-            <configuration>
-                <convention>../../jalopy.xml</convention>
-                <failOnError>false</failOnError>
-            </configuration>
-        </plugin>
-        </plugins>
-    </build>
--->
 </project>

sandbox/openid/src/main/java/org/springframework/security/providers/openid/OpenIDAuthenticationProvider.java

@@ -14,18 +14,14 @@
  */
 package org.springframework.security.providers.openid;
 
+import org.springframework.beans.factory.InitializingBean;
 import org.springframework.security.Authentication;
 import org.springframework.security.AuthenticationException;
 import org.springframework.security.AuthenticationServiceException;
 import org.springframework.security.BadCredentialsException;
-
 import org.springframework.security.providers.AuthenticationProvider;
-import org.springframework.security.providers.cas.CasAuthoritiesPopulator;
-
+import org.springframework.security.providers.AuthoritiesPopulator;
 import org.springframework.security.userdetails.UserDetails;
-
-import org.springframework.beans.factory.InitializingBean;
-
 import org.springframework.util.Assert;
 
 
@@ -37,12 +33,12 @@ import org.springframework.util.Assert;
 public class OpenIDAuthenticationProvider implements AuthenticationProvider, InitializingBean {
     //~ Instance fields ================================================================================================
 
-    private CasAuthoritiesPopulator ssoAuthoritiesPopulator;
+    private AuthoritiesPopulator authoritiesPopulator;
 
     //~ Methods ========================================================================================================
 
     public void afterPropertiesSet() throws Exception {
-        Assert.notNull(this.ssoAuthoritiesPopulator, "The ssoAuthoritiesPopulator must be set");
+        Assert.notNull(this.authoritiesPopulator, "The authoritiesPopulator must be set");
     }
 
     /* (non-Javadoc)
@@ -69,7 +65,7 @@ public class OpenIDAuthenticationProvider implements AuthenticationProvider, Ini
                  */
 
                 // Lookup user details
-                UserDetails userDetails = this.ssoAuthoritiesPopulator.getUserDetails(response.getIdentityUrl());
+                UserDetails userDetails = this.authoritiesPopulator.getUserDetails(response.getIdentityUrl());
 
                 authentication = new OpenIDAuthenticationToken(userDetails.getAuthorities(), response.getStatus(),
                         response.getIdentityUrl());
@@ -92,8 +88,8 @@ public class OpenIDAuthenticationProvider implements AuthenticationProvider, Ini
         return null;
     }
 
-    public void setSsoAuthoritiesPopulator(CasAuthoritiesPopulator ssoAuthoritiesPopulator) {
-        this.ssoAuthoritiesPopulator = ssoAuthoritiesPopulator;
+    public void setAuthoritiesPopulator(AuthoritiesPopulator authoritiesPopulator) {
+        this.authoritiesPopulator = authoritiesPopulator;
     }
 
     /* (non-Javadoc)

sandbox/openid/src/main/java/org/springframework/security/ui/openid/consumers/JanRainOpenIDConsumer.java

@@ -1,201 +0,0 @@
-/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.ui.openid.consumers;
-
-import com.janrain.openid.consumer.AuthRequest;
-import com.janrain.openid.consumer.Consumer;
-import com.janrain.openid.consumer.ErrorResponse;
-import com.janrain.openid.consumer.Response;
-import com.janrain.openid.consumer.StatusCode;
-import com.janrain.openid.store.OpenIDStore;
-
-import org.springframework.security.providers.openid.OpenIDAuthenticationStatus;
-import org.springframework.security.providers.openid.OpenIDAuthenticationToken;
-
-import org.springframework.security.ui.openid.OpenIDConstants;
-import org.springframework.security.ui.openid.OpenIDConsumer;
-import org.springframework.security.ui.openid.OpenIDConsumerException;
-
-import org.springframework.beans.factory.InitializingBean;
-
-import org.springframework.util.Assert;
-
-import java.io.IOException;
-
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpSession;
-
-
-/**
- * OpenIDConsumer implementation using the JanRain OpenID library
- *
- * @author Robin Bramley, Opsera Ltd
- * @version $Id:$
- */
-public class JanRainOpenIDConsumer implements OpenIDConsumer, InitializingBean {
-    //~ Static fields/initializers =====================================================================================
-
-    private static final String SAVED_ID_SESSION_KEY = "savedId";
-
-    //~ Instance fields ================================================================================================
-
-    private OpenIDStore store;
-    private String returnToUrl = "j_spring_openid_security_check";
-
-    //~ Methods ========================================================================================================
-
-    public void afterPropertiesSet() throws Exception {
-        Assert.notNull(this.store, "An OpenIDStore must be set on the store property");
-    }
-
-    /* (non-Javadoc)
-     * @see org.springframework.security.ui.openid.OpenIDConsumer#beginConsumption(java.lang.String)
-     */
-    public String beginConsumption(HttpServletRequest req, String identityUrl, String returnToUrl)
-        throws OpenIDConsumerException {
-        // fetch/create a session Map for the consumer's use
-        HttpSession session = req.getSession();
-        Map sessionMap = (Map) session.getAttribute(OpenIDConstants.OPENID_SESSION_MAP_KEY);
-
-        if (sessionMap == null) {
-            sessionMap = new HashMap();
-            session.setAttribute(OpenIDConstants.OPENID_SESSION_MAP_KEY, sessionMap);
-        }
-
-        Consumer openIdConsumer = new Consumer(sessionMap, store);
-
-        // Create an Authrequest object from the submitted value
-        AuthRequest ar;
-
-        try {
-            ar = openIdConsumer.begin(identityUrl);
-        } catch (IOException ioe) {
-            req.getSession().setAttribute(SAVED_ID_SESSION_KEY, escapeAttr(identityUrl));
-            throw new OpenIDConsumerException("Error on begin consumption for " + identityUrl, ioe);
-        }
-
-        // construct trust root and return to URLs.
-        String port = "";
-
-        if (req.getServerPort() != 80) {
-            port = ":" + req.getServerPort();
-        }
-
-        String trustRoot = req.getScheme() + "://" + req.getServerName() + port + "/";
-        String cp = req.getContextPath();
-
-        if (!cp.equals("")) {
-            cp = cp.substring(1) + "/";
-        }
-
-        String returnTo = trustRoot + cp + this.returnToUrl;
-
-        // send the user the redirect url to proceed with OpenID authentication
-        return ar.redirectUrl(trustRoot, returnTo);
-    }
-
-    /* (non-Javadoc)
-     * @see org.springframework.security.ui.openid.OpenIDConsumer#endConsumption(javax.servlet.http.HttpServletRequest)
-     */
-    public OpenIDAuthenticationToken endConsumption(HttpServletRequest req)
-        throws OpenIDConsumerException {
-        HttpSession session = req.getSession();
-        Map sessionMap = (Map) session.getAttribute(OpenIDConstants.OPENID_SESSION_MAP_KEY);
-
-        if (sessionMap == null) {
-            sessionMap = new HashMap();
-            session.setAttribute(OpenIDConstants.OPENID_SESSION_MAP_KEY, sessionMap);
-        }
-
-        // get a Consumer instance
-        Consumer openIdConsumer = new Consumer(sessionMap, store);
-
-        // convert the argument map into the form the library uses with a handy
-        // convenience function
-        Map query = Consumer.filterArgs(req.getParameterMap());
-
-        // Check the arguments to see what the response was.
-        Response response = openIdConsumer.complete(query);
-
-        String message = "";
-        OpenIDAuthenticationStatus status;
-
-        StatusCode statusCode = response.getStatus();
-
-        if (statusCode == StatusCode.CANCELLED) {
-            status = OpenIDAuthenticationStatus.CANCELLED;
-        } else if (statusCode == StatusCode.ERROR) {
-            status = OpenIDAuthenticationStatus.ERROR;
-            message = ((ErrorResponse) response).getMessage();
-        } else if (statusCode == StatusCode.FAILURE) {
-            status = OpenIDAuthenticationStatus.FAILURE;
-        } else if (statusCode == StatusCode.SETUP_NEEDED) {
-            status = OpenIDAuthenticationStatus.SETUP_NEEDED;
-        } else if (statusCode == StatusCode.SUCCESS) {
-            status = OpenIDAuthenticationStatus.SUCCESS;
-        } else {
-            // unknown status code
-            throw new OpenIDConsumerException("Unknown response status " + statusCode.toString());
-        }
-
-        return new OpenIDAuthenticationToken(status, response.getIdentityUrl(), message);
-    }
-
-    /*
-     * This method escapes characters in a string that can cause problems in
-     * HTML
-     */
-    private String escapeAttr(String s) {
-        if (s == null) {
-            return "";
-        }
-
-        StringBuffer result = new StringBuffer();
-
-        for (int i = 0; i < s.length(); i++) {
-            char c = s.charAt(i);
-
-            if (c == '<') {
-                result.append("&lt;");
-            } else if (c == '>') {
-                result.append("&gt;");
-            } else if (c == '&') {
-                result.append("&amp;");
-            } else if (c == '\"') {
-                result.append("&quot;");
-            } else if (c == '\'') {
-                result.append("&#039;");
-            } else if (c == '\\') {
-                result.append("&#092;");
-            } else {
-                result.append(c);
-            }
-        }
-
-        return result.toString();
-    }
-
-    public void setReturnToUrl(String returnToUrl) {
-        this.returnToUrl = returnToUrl;
-    }
-
-    // dependency injection
-    public void setStore(OpenIDStore store) {
-        this.store = store;
-    }
-}

sandbox/openid/src/test/java/org/springframework/security/providers/openid/MockAuthoritiesPopulator.java

@@ -17,9 +17,7 @@ package org.springframework.security.providers.openid;
 import org.springframework.security.AuthenticationException;
 import org.springframework.security.GrantedAuthority;
 import org.springframework.security.GrantedAuthorityImpl;
-
-import org.springframework.security.providers.cas.CasAuthoritiesPopulator;
-
+import org.springframework.security.providers.AuthoritiesPopulator;
 import org.springframework.security.userdetails.User;
 import org.springframework.security.userdetails.UserDetails;
 
@@ -29,7 +27,7 @@ import org.springframework.security.userdetails.UserDetails;
  *
  * @author Robin Bramley, Opsera Ltd
  */
-public class MockAuthoritiesPopulator implements CasAuthoritiesPopulator {
+public class MockAuthoritiesPopulator implements AuthoritiesPopulator {
     //~ Methods ========================================================================================================
 
     public UserDetails getUserDetails(String ssoUserId)

sandbox/openid/src/test/java/org/springframework/security/providers/openid/OpenIDAuthenticationProviderTests.java

@@ -15,11 +15,9 @@
 package org.springframework.security.providers.openid;
 
 import junit.framework.TestCase;
-
 import org.springframework.security.Authentication;
 import org.springframework.security.AuthenticationServiceException;
 import org.springframework.security.BadCredentialsException;
-
 import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
 
 
@@ -40,7 +38,7 @@ public class OpenIDAuthenticationProviderTests extends TestCase {
      */
     public void testAuthenticateCancel() {
         OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider();
-        provider.setSsoAuthoritiesPopulator(new MockAuthoritiesPopulator());
+        provider.setAuthoritiesPopulator(new MockAuthoritiesPopulator());
 
         Authentication preAuth = new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.CANCELLED, USERNAME, "");
 
@@ -59,7 +57,7 @@ public class OpenIDAuthenticationProviderTests extends TestCase {
      */
     public void testAuthenticateError() {
         OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider();
-        provider.setSsoAuthoritiesPopulator(new MockAuthoritiesPopulator());
+        provider.setAuthoritiesPopulator(new MockAuthoritiesPopulator());
 
         Authentication preAuth = new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.ERROR, USERNAME, "");
 
@@ -78,7 +76,7 @@ public class OpenIDAuthenticationProviderTests extends TestCase {
      */
     public void testAuthenticateFailure() {
         OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider();
-        provider.setSsoAuthoritiesPopulator(new MockAuthoritiesPopulator());
+        provider.setAuthoritiesPopulator(new MockAuthoritiesPopulator());
 
         Authentication preAuth = new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.FAILURE, USERNAME, "");
 
@@ -97,7 +95,7 @@ public class OpenIDAuthenticationProviderTests extends TestCase {
      */
     public void testAuthenticateSetupNeeded() {
         OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider();
-        provider.setSsoAuthoritiesPopulator(new MockAuthoritiesPopulator());
+        provider.setAuthoritiesPopulator(new MockAuthoritiesPopulator());
 
         Authentication preAuth = new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.SETUP_NEEDED, USERNAME, "");
 
@@ -116,7 +114,7 @@ public class OpenIDAuthenticationProviderTests extends TestCase {
      */
     public void testAuthenticateSuccess() {
         OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider();
-        provider.setSsoAuthoritiesPopulator(new MockAuthoritiesPopulator());
+        provider.setAuthoritiesPopulator(new MockAuthoritiesPopulator());
 
         Authentication preAuth = new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.SUCCESS, USERNAME, "");
 
@@ -135,14 +133,14 @@ public class OpenIDAuthenticationProviderTests extends TestCase {
         assertTrue(((OpenIDAuthenticationToken) postAuth).getMessage() == null);
     }
 
-    public void testDetectsMissingAuthoritiesPopulator() {
+    public void testDetectsMissingAuthoritiesPopulator() throws Exception {
         OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider();
 
         try {
             provider.afterPropertiesSet();
             fail("Should have thrown Exception");
-        } catch (Exception expected) {
-            assertEquals("The ssoAuthoritiesPopulator must be set", expected.getMessage());
+        } catch (IllegalArgumentException expected) {
+            //ignored
         }
     }
 
@@ -151,7 +149,7 @@ public class OpenIDAuthenticationProviderTests extends TestCase {
      */
     public void testDoesntSupport() {
         OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider();
-        provider.setSsoAuthoritiesPopulator(new MockAuthoritiesPopulator());
+        provider.setAuthoritiesPopulator(new MockAuthoritiesPopulator());
 
         assertFalse(provider.supports(UsernamePasswordAuthenticationToken.class));
     }
@@ -161,7 +159,7 @@ public class OpenIDAuthenticationProviderTests extends TestCase {
      */
     public void testIgnoresUserPassAuthToken() {
         OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider();
-        provider.setSsoAuthoritiesPopulator(new MockAuthoritiesPopulator());
+        provider.setAuthoritiesPopulator(new MockAuthoritiesPopulator());
 
         UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(USERNAME, "password");
         assertEquals(null, provider.authenticate(token));
@@ -172,17 +170,17 @@ public class OpenIDAuthenticationProviderTests extends TestCase {
      */
     public void testSupports() {
         OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider();
-        provider.setSsoAuthoritiesPopulator(new MockAuthoritiesPopulator());
+        provider.setAuthoritiesPopulator(new MockAuthoritiesPopulator());
 
         assertTrue(provider.supports(OpenIDAuthenticationToken.class));
     }
 
     public void testValidation() throws Exception {
         OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider();
-        provider.setSsoAuthoritiesPopulator(new MockAuthoritiesPopulator());
+        provider.setAuthoritiesPopulator(new MockAuthoritiesPopulator());
         provider.afterPropertiesSet();
 
-        provider.setSsoAuthoritiesPopulator(null);
+        provider.setAuthoritiesPopulator(null);
 
         try {
             provider.afterPropertiesSet();

sandbox/openid/src/test/java/org/springframework/security/ui/openid/OpenIDResponseProcessingFilterTests.java

@@ -15,21 +15,17 @@
 package org.springframework.security.ui.openid;
 
 import junit.framework.TestCase;
-
+import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.security.AbstractAuthenticationManager;
 import org.springframework.security.Authentication;
 import org.springframework.security.AuthenticationException;
 import org.springframework.security.BadCredentialsException;
-
-import org.springframework.security.providers.cas.CasAuthoritiesPopulator;
+import org.springframework.security.providers.AuthoritiesPopulator;
 import org.springframework.security.providers.openid.MockAuthoritiesPopulator;
 import org.springframework.security.providers.openid.OpenIDAuthenticationStatus;
 import org.springframework.security.providers.openid.OpenIDAuthenticationToken;
-
 import org.springframework.security.ui.openid.consumers.MockOpenIDConsumer;
 
-import org.springframework.mock.web.MockHttpServletRequest;
-
 
 /**
  * Tests {@link OpenIDResponseProcessingFilter}
@@ -113,7 +109,7 @@ public class OpenIDResponseProcessingFilterTests extends TestCase {
 
     // private mock AuthenticationManager
     private class MockOpenIDAuthenticationManager extends AbstractAuthenticationManager {
-        private CasAuthoritiesPopulator ssoAuthoritiesPopulator;
+        private AuthoritiesPopulator ssoAuthoritiesPopulator;
         private boolean grantAccess = true;
 
         public MockOpenIDAuthenticationManager(boolean grantAccess) {