SEC-73: Support storage and retrieval of actual Principal object (such as UserDetails) from PrnicipalAcegiUserToken.

adapters/catalina/src/main/java/org/acegisecurity/adapters/catalina/CatalinaAcegiUserRealm.java

@@ -1,4 +1,4 @@
-/* Copyright 2004 Acegi Technology Pty Limited
+/* Copyright 2004, 2005 Acegi Technology Pty Limited
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -18,7 +18,9 @@ package org.acegisecurity.adapters.catalina;
 import org.acegisecurity.Authentication;
 import org.acegisecurity.AuthenticationException;
 import org.acegisecurity.AuthenticationManager;
+
 import org.acegisecurity.adapters.PrincipalAcegiUserToken;
+
 import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
 
 import org.apache.catalina.Container;
@@ -108,7 +110,8 @@ public class CatalinaAcegiUserRealm extends RealmBase {
 
         return new PrincipalAcegiUserToken(this.key,
             response.getPrincipal().toString(),
-            response.getCredentials().toString(), response.getAuthorities());
+            response.getCredentials().toString(), response.getAuthorities(),
+            response.getPrincipal());
     }
 
     public Principal authenticate(String username, byte[] credentials) {

adapters/catalina/src/test/java/org/acegisecurity/adapters/catalina/CatalinaAcegiUserRealmTests.java

@@ -1,4 +1,4 @@
-/* Copyright 2004 Acegi Technology Pty Limited
+/* Copyright 2004, 2005 Acegi Technology Pty Limited
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,6 +19,7 @@ import junit.framework.TestCase;
 
 import org.acegisecurity.GrantedAuthority;
 import org.acegisecurity.GrantedAuthorityImpl;
+
 import org.acegisecurity.adapters.PrincipalAcegiUserToken;
 
 import org.apache.catalina.LifecycleException;
@@ -260,7 +261,7 @@ public class CatalinaAcegiUserRealmTests extends TestCase {
         PrincipalAcegiUserToken token = new PrincipalAcegiUserToken("KEY",
                 "Test", "Password",
                 new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
-                        "ROLE_TWO")});
+                        "ROLE_TWO")}, null);
         CatalinaAcegiUserRealm adapter = new CatalinaAcegiUserRealm();
         assertTrue(adapter.hasRole(token, "ROLE_ONE"));
         assertTrue(adapter.hasRole(token, "ROLE_TWO"));

adapters/jboss/src/main/java/org/acegisecurity/adapters/jboss/JbossAcegiLoginModule.java

@@ -12,6 +12,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.acegisecurity.adapters.jboss;
 
 import org.acegisecurity.AccountExpiredException;
@@ -19,7 +20,9 @@ import org.acegisecurity.Authentication;
 import org.acegisecurity.AuthenticationException;
 import org.acegisecurity.AuthenticationManager;
 import org.acegisecurity.CredentialsExpiredException;
+
 import org.acegisecurity.adapters.PrincipalAcegiUserToken;
+
 import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
 
 import org.jboss.security.SimpleGroup;
@@ -49,7 +52,7 @@ import javax.security.auth.login.LoginException;
 /**
  * Adapter to enable JBoss to authenticate via the Acegi Security System for
  * Spring.
- *
+ * 
  * <p>
  * Returns a {@link PrincipalAcegiUserToken} to JBoss' authentication system,
  * which is subsequently available from
@@ -61,11 +64,15 @@ import javax.security.auth.login.LoginException;
  * @version $Id$
  */
 public class JbossAcegiLoginModule extends AbstractServerLoginModule {
+    //~ Instance fields ========================================================
+
     private AuthenticationManager authenticationManager;
     private Principal identity;
     private String key;
     private char[] credential;
 
+    //~ Methods ================================================================
+
     public void initialize(Subject subject, CallbackHandler callbackHandler,
         Map sharedState, Map options) {
         super.initialize(subject, callbackHandler, sharedState, options);
@@ -84,8 +91,8 @@ public class JbossAcegiLoginModule extends AbstractServerLoginModule {
 
         String appContextLocation = (String) options.get("appContextLocation");
 
-        if ((((singletonId == null) || "".equals(singletonId)) &&
-                (appContextLocation == null)) || "".equals(appContextLocation)) {
+        if ((((singletonId == null) || "".equals(singletonId))
+            && (appContextLocation == null)) || "".equals(appContextLocation)) {
             throw new IllegalArgumentException(
                 "appContextLocation must be defined");
         }
@@ -99,8 +106,8 @@ public class JbossAcegiLoginModule extends AbstractServerLoginModule {
                     super.log.info("cannot locate " + appContextLocation);
                 }
 
-                throw new IllegalArgumentException("Cannot locate " +
-                    appContextLocation);
+                throw new IllegalArgumentException("Cannot locate "
+                    + appContextLocation);
             }
         }
 
@@ -111,13 +118,13 @@ public class JbossAcegiLoginModule extends AbstractServerLoginModule {
                 ctx = new ClassPathXmlApplicationContext(appContextLocation);
             } catch (Exception e) {
                 if (super.log.isInfoEnabled()) {
-                    super.log.info("error loading spring context " +
-                        appContextLocation + " " + e);
+                    super.log.info("error loading spring context "
+                        + appContextLocation + " " + e);
                 }
 
                 throw new IllegalArgumentException(
-                    "error loading spring context " + appContextLocation + " " +
-                    e);
+                    "error loading spring context " + appContextLocation + " "
+                    + e);
             }
         } else {
             if (super.log.isInfoEnabled()) {
@@ -130,12 +137,11 @@ public class JbossAcegiLoginModule extends AbstractServerLoginModule {
 
             if (ctx == null) {
                 if (super.log.isInfoEnabled()) {
-                    super.log.info("singleton " + beanName +
-                        " does not exists");
+                    super.log.info("singleton " + beanName + " does not exists");
                 }
 
-                throw new IllegalArgumentException("singleton " + singletonId +
-                    " does not exists");
+                throw new IllegalArgumentException("singleton " + singletonId
+                    + " does not exists");
             }
         }
 
@@ -178,8 +184,8 @@ public class JbossAcegiLoginModule extends AbstractServerLoginModule {
 
         if ((username == null) && (password == null)) {
             identity = null;
-            super.log.trace("Authenticating as unauthenticatedIdentity=" +
-                identity);
+            super.log.trace("Authenticating as unauthenticatedIdentity="
+                + identity);
         }
 
         if (username == null) {
@@ -239,7 +245,7 @@ public class JbossAcegiLoginModule extends AbstractServerLoginModule {
 
             identity = new PrincipalAcegiUserToken(this.key,
                     response.getName(), response.getCredentials().toString(),
-                    response.getAuthorities());
+                    response.getAuthorities(), response.getPrincipal());
         }
 
         if (getUseFirstPass() == true) {
@@ -249,8 +255,8 @@ public class JbossAcegiLoginModule extends AbstractServerLoginModule {
         }
 
         super.loginOk = true;
-        super.log.trace("User '" + identity + "' authenticated, loginOk=" +
-            loginOk);
+        super.log.trace("User '" + identity + "' authenticated, loginOk="
+            + loginOk);
 
         return true;
     }
@@ -261,7 +267,7 @@ public class JbossAcegiLoginModule extends AbstractServerLoginModule {
 
     protected Group[] getRoleSets() throws LoginException {
         SimpleGroup roles = new SimpleGroup("Roles");
-        Group[] roleSets = { roles };
+        Group[] roleSets = {roles};
 
         if (this.identity instanceof Authentication) {
             Authentication user = (Authentication) this.identity;
@@ -276,17 +282,17 @@ public class JbossAcegiLoginModule extends AbstractServerLoginModule {
     }
 
     protected String[] getUsernameAndPassword() throws LoginException {
-        String[] info = { null, null };
+        String[] info = {null, null};
 
         // prompt for a username and password
         if (callbackHandler == null) {
-            throw new LoginException("Error: no CallbackHandler available " +
-                "to collect authentication information");
+            throw new LoginException("Error: no CallbackHandler available "
+                + "to collect authentication information");
         }
 
         NameCallback nc = new NameCallback("User name: ", "guest");
         PasswordCallback pc = new PasswordCallback("Password: ", false);
-        Callback[] callbacks = { nc, pc };
+        Callback[] callbacks = {nc, pc};
         String username = null;
         String password = null;
 
@@ -306,8 +312,8 @@ public class JbossAcegiLoginModule extends AbstractServerLoginModule {
         } catch (java.io.IOException ioe) {
             throw new LoginException(ioe.toString());
         } catch (UnsupportedCallbackException uce) {
-            throw new LoginException("CallbackHandler does not support: " +
-                uce.getCallback());
+            throw new LoginException("CallbackHandler does not support: "
+                + uce.getCallback());
         }
 
         info[0] = username;

adapters/jboss/src/test/java/org/acegisecurity/adapters/jboss/JbossIntegrationFilterTests.java

@@ -19,7 +19,9 @@ import junit.framework.TestCase;
 
 import org.acegisecurity.GrantedAuthority;
 import org.acegisecurity.GrantedAuthorityImpl;
+
 import org.acegisecurity.adapters.PrincipalAcegiUserToken;
+
 import org.acegisecurity.context.SecurityContextHolder;
 import org.acegisecurity.context.SecurityContextImpl;
 
@@ -70,7 +72,8 @@ public class JbossIntegrationFilterTests extends TestCase {
     public void testCorrectOperation() throws Exception {
         PrincipalAcegiUserToken principal = new PrincipalAcegiUserToken("key",
                 "someone", "password",
-                new GrantedAuthority[] {new GrantedAuthorityImpl("SOME_ROLE")});
+                new GrantedAuthority[] {new GrantedAuthorityImpl("SOME_ROLE")},
+                null);
 
         JbossIntegrationFilter filter = new MockJbossIntegrationFilter(new MockInitialContext(
                     makeIntoSubject(principal)));

adapters/resin/src/main/java/org/acegisecurity/adapters/resin/ResinAcegiAuthenticator.java

@@ -1,4 +1,4 @@
-/* Copyright 2004 Acegi Technology Pty Limited
+/* Copyright 2004, 2005 Acegi Technology Pty Limited
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -20,7 +20,9 @@ import com.caucho.http.security.AbstractAuthenticator;
 import org.acegisecurity.Authentication;
 import org.acegisecurity.AuthenticationException;
 import org.acegisecurity.AuthenticationManager;
+
 import org.acegisecurity.adapters.PrincipalAcegiUserToken;
+
 import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
 
 import org.apache.commons.logging.Log;
@@ -151,7 +153,8 @@ public class ResinAcegiAuthenticator extends AbstractAuthenticator {
 
         return new PrincipalAcegiUserToken(this.key,
             response.getPrincipal().toString(),
-            response.getCredentials().toString(), response.getAuthorities());
+            response.getCredentials().toString(), response.getAuthorities(),
+            response.getPrincipal());
     }
 
     protected Principal loginImpl(HttpServletRequest request,

adapters/resin/src/test/java/org/acegisecurity/adapters/resin/ResinAcegiAuthenticatorTests.java

@@ -1,4 +1,4 @@
-/* Copyright 2004 Acegi Technology Pty Limited
+/* Copyright 2004, 2005 Acegi Technology Pty Limited
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,6 +19,7 @@ import junit.framework.TestCase;
 
 import org.acegisecurity.GrantedAuthority;
 import org.acegisecurity.GrantedAuthorityImpl;
+
 import org.acegisecurity.adapters.PrincipalAcegiUserToken;
 
 import java.security.Principal;
@@ -269,7 +270,7 @@ public class ResinAcegiAuthenticatorTests extends TestCase {
         PrincipalAcegiUserToken token = new PrincipalAcegiUserToken("KEY",
                 "Test", "Password",
                 new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
-                        "ROLE_TWO")});
+                        "ROLE_TWO")}, null);
         ResinAcegiAuthenticator adapter = new ResinAcegiAuthenticator();
         adapter.setAppContextLocation(
             "org/acegisecurity/adapters/adaptertest-valid.xml");

core/src/main/java/org/acegisecurity/adapters/PrincipalAcegiUserToken.java

@@ -1,4 +1,4 @@
-/* Copyright 2004 Acegi Technology Pty Limited
+/* Copyright 2004, 2005 Acegi Technology Pty Limited
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -31,16 +31,18 @@ public class PrincipalAcegiUserToken extends AbstractAdapterAuthenticationToken
     implements Principal {
     //~ Instance fields ========================================================
 
+    private Object principal;
     private String password;
     private String username;
 
     //~ Constructors ===========================================================
 
     public PrincipalAcegiUserToken(String key, String username,
-        String password, GrantedAuthority[] authorities) {
+        String password, GrantedAuthority[] authorities, Object principal) {
         super(key, authorities);
         this.username = username;
         this.password = password;
+        this.principal = principal;
     }
 
     protected PrincipalAcegiUserToken() {
@@ -58,6 +60,10 @@ public class PrincipalAcegiUserToken extends AbstractAdapterAuthenticationToken
     }
 
     public Object getPrincipal() {
-        return this.username;
+        if (this.principal == null) {
+            return this.username;
+        }
+
+        return this.principal;
     }
 }

core/src/test/java/org/acegisecurity/adapters/AuthByAdapterTests.java

@@ -1,4 +1,4 @@
-/* Copyright 2004 Acegi Technology Pty Limited
+/* Copyright 2004, 2005 Acegi Technology Pty Limited
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -21,6 +21,7 @@ import org.acegisecurity.Authentication;
 import org.acegisecurity.BadCredentialsException;
 import org.acegisecurity.GrantedAuthority;
 import org.acegisecurity.GrantedAuthorityImpl;
+
 import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
 
 
@@ -59,7 +60,7 @@ public class AuthByAdapterTests extends TestCase {
         PrincipalAcegiUserToken token = new PrincipalAcegiUserToken("my_password",
                 "Test", "Password",
                 new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
-                        "ROLE_TWO")});
+                        "ROLE_TWO")}, null);
         assertTrue(provider.supports(token.getClass()));
 
         Authentication response = provider.authenticate(token);
@@ -122,7 +123,7 @@ public class AuthByAdapterTests extends TestCase {
 
         // Should fail as PrincipalAcegiUserToken has different key
         PrincipalAcegiUserToken token = new PrincipalAcegiUserToken("wrong_password",
-                "Test", "Password", null);
+                "Test", "Password", null, null);
 
         try {
             provider.authenticate(token);

core/src/test/java/org/acegisecurity/adapters/HttpRequestIntegrationFilterTests.java

@@ -19,7 +19,9 @@ import junit.framework.TestCase;
 
 import org.acegisecurity.GrantedAuthority;
 import org.acegisecurity.GrantedAuthorityImpl;
+
 import org.acegisecurity.context.SecurityContextHolder;
+
 import org.acegisecurity.util.MockFilterChain;
 
 import org.springframework.mock.web.MockHttpServletRequest;
@@ -53,7 +55,8 @@ public class HttpRequestIntegrationFilterTests extends TestCase {
         HttpRequestIntegrationFilter filter = new HttpRequestIntegrationFilter();
         PrincipalAcegiUserToken principal = new PrincipalAcegiUserToken("key",
                 "someone", "password",
-                new GrantedAuthority[] {new GrantedAuthorityImpl("SOME_ROLE")});
+                new GrantedAuthority[] {new GrantedAuthorityImpl("SOME_ROLE")},
+                null);
 
         MockHttpServletRequest request = new MockHttpServletRequest();
         request.setUserPrincipal(principal);

core/src/test/java/org/acegisecurity/adapters/PrincipalAcegiUserTokenTests.java

@@ -1,4 +1,4 @@
-/* Copyright 2004 Acegi Technology Pty Limited
+/* Copyright 2004, 2005 Acegi Technology Pty Limited
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -52,7 +52,7 @@ public class PrincipalAcegiUserTokenTests extends TestCase {
         PrincipalAcegiUserToken token = new PrincipalAcegiUserToken("my_password",
                 "Test", "Password",
                 new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
-                        "ROLE_TWO")});
+                        "ROLE_TWO")}, null);
         assertEquals("Test", token.getPrincipal());
         assertEquals("Password", token.getCredentials());
         assertEquals("my_password".hashCode(), token.getKeyHash());

core/src/test/java/org/acegisecurity/context/HttpSessionContextIntegrationFilterTests.java

@@ -12,6 +12,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.acegisecurity.context;
 
 import junit.framework.TestCase;
@@ -20,6 +21,7 @@ import org.acegisecurity.Authentication;
 import org.acegisecurity.GrantedAuthority;
 import org.acegisecurity.GrantedAuthorityImpl;
 import org.acegisecurity.MockFilterConfig;
+
 import org.acegisecurity.adapters.PrincipalAcegiUserToken;
 
 import org.springframework.mock.web.MockHttpServletRequest;
@@ -42,6 +44,8 @@ import javax.servlet.ServletResponse;
  * @version $Id$
  */
 public class HttpSessionContextIntegrationFilterTests extends TestCase {
+    //~ Constructors ===========================================================
+
     public HttpSessionContextIntegrationFilterTests() {
         super();
     }
@@ -50,6 +54,8 @@ public class HttpSessionContextIntegrationFilterTests extends TestCase {
         super(arg0);
     }
 
+    //~ Methods ================================================================
+
     public static void main(String[] args) {
         junit.textui.TestRunner.run(HttpSessionContextIntegrationFilterTests.class);
     }
@@ -80,7 +86,8 @@ public class HttpSessionContextIntegrationFilterTests extends TestCase {
         // Build an Authentication object we simulate came from HttpSession
         PrincipalAcegiUserToken sessionPrincipal = new PrincipalAcegiUserToken("key",
                 "someone", "password",
-                new GrantedAuthority[] { new GrantedAuthorityImpl("SOME_ROLE") });
+                new GrantedAuthority[] {new GrantedAuthorityImpl("SOME_ROLE")},
+                null);
 
         // Build a Context to store in HttpSession (simulating prior request)
         SecurityContext sc = new SecurityContextImpl();
@@ -120,14 +127,14 @@ public class HttpSessionContextIntegrationFilterTests extends TestCase {
         // Build an Authentication object we simulate came from HttpSession
         PrincipalAcegiUserToken sessionPrincipal = new PrincipalAcegiUserToken("key",
                 "someone", "password",
-                new GrantedAuthority[] { new GrantedAuthorityImpl("SOME_ROLE") });
+                new GrantedAuthority[] {new GrantedAuthorityImpl("SOME_ROLE")},
+                null);
 
         // Build an Authentication object we simulate our Authentication changed it to
         PrincipalAcegiUserToken updatedPrincipal = new PrincipalAcegiUserToken("key",
                 "someone", "password",
-                new GrantedAuthority[] {
-                    new GrantedAuthorityImpl("SOME_DIFFERENT_ROLE")
-                });
+                new GrantedAuthority[] {new GrantedAuthorityImpl("SOME_DIFFERENT_ROLE")},
+                null);
 
         // Build a Context to store in HttpSession (simulating prior request)
         SecurityContext sc = new SecurityContextImpl();
@@ -163,9 +170,8 @@ public class HttpSessionContextIntegrationFilterTests extends TestCase {
         // Build an Authentication object we simulate our Authentication changed it to
         PrincipalAcegiUserToken updatedPrincipal = new PrincipalAcegiUserToken("key",
                 "someone", "password",
-                new GrantedAuthority[] {
-                    new GrantedAuthorityImpl("SOME_DIFFERENT_ROLE")
-                });
+                new GrantedAuthority[] {new GrantedAuthorityImpl("SOME_DIFFERENT_ROLE")},
+                null);
 
         // Build a mock request
         MockHttpServletRequest request = new MockHttpServletRequest();
@@ -213,9 +219,8 @@ public class HttpSessionContextIntegrationFilterTests extends TestCase {
         // Build an Authentication object we simulate our Authentication changed it to
         PrincipalAcegiUserToken updatedPrincipal = new PrincipalAcegiUserToken("key",
                 "someone", "password",
-                new GrantedAuthority[] {
-                    new GrantedAuthorityImpl("SOME_DIFFERENT_ROLE")
-                });
+                new GrantedAuthority[] {new GrantedAuthorityImpl("SOME_DIFFERENT_ROLE")},
+                null);
 
         // Build a mock request
         MockHttpServletRequest request = new MockHttpServletRequest();
@@ -249,6 +254,8 @@ public class HttpSessionContextIntegrationFilterTests extends TestCase {
         filter.destroy();
     }
 
+    //~ Inner Classes ==========================================================
+
     private class MockFilterChain extends TestCase implements FilterChain {
         private Authentication changeContextHolder;
         private Authentication expectedOnContextHolder;
@@ -261,8 +268,7 @@ public class HttpSessionContextIntegrationFilterTests extends TestCase {
             this.toThrowDuringChain = toThrowDuringChain;
         }
 
-        private MockFilterChain() {
-        }
+        private MockFilterChain() {}
 
         public void doFilter(ServletRequest arg0, ServletResponse arg1)
             throws IOException, ServletException {