SEC-848: Remove all Spring LDAP dependecy loading from namespace parsers

http://jira.springframework.org/browse/SEC-848. Replaced class references with class names.

core/src/main/java/org/springframework/security/config/AbstractUserDetailsServiceBeanDefinitionParser.java

@@ -23,12 +23,12 @@ public abstract class AbstractUserDetailsServiceBeanDefinitionParser implements
 	/**  UserDetailsService bean Id. For use in a stateful context (i.e. in AuthenticationProviderBDP) */
 	private String id;
 	
-	protected abstract Class getBeanClass(Element element);
+	protected abstract String getBeanClassName(Element element);
 	
     protected abstract void doParse(Element element, ParserContext parserContext, BeanDefinitionBuilder builder);	
 	
 	public BeanDefinition parse(Element element, ParserContext parserContext) {
-		BeanDefinitionBuilder builder = BeanDefinitionBuilder.rootBeanDefinition(getBeanClass(element)); 
+		BeanDefinitionBuilder builder = BeanDefinitionBuilder.rootBeanDefinition(getBeanClassName(element)); 
 		
 		doParse(element, parserContext, builder);
 		

core/src/main/java/org/springframework/security/config/JdbcUserServiceBeanDefinitionParser.java

@@ -1,6 +1,5 @@
 package org.springframework.security.config;
 
-import org.springframework.security.userdetails.jdbc.JdbcUserDetailsManager;
 import org.springframework.util.StringUtils;
 import org.springframework.beans.factory.support.BeanDefinitionBuilder;
 import org.springframework.beans.factory.xml.ParserContext;
@@ -18,8 +17,8 @@ public class JdbcUserServiceBeanDefinitionParser extends AbstractUserDetailsServ
 	static final String ATT_GROUP_AUTHORITIES_QUERY = "group-authorities-by-username-query";
 	static final String ATT_ROLE_PREFIX = "role-prefix";
 
-    protected Class getBeanClass(Element element) {
-        return JdbcUserDetailsManager.class;
+    protected String getBeanClassName(Element element) {
+        return "org.springframework.security.userdetails.jdbc.JdbcUserDetailsManager";
     }
 
     protected void doParse(Element element, ParserContext parserContext, BeanDefinitionBuilder builder) {

core/src/main/java/org/springframework/security/config/LdapProviderBeanDefinitionParser.java

@@ -1,11 +1,8 @@
 package org.springframework.security.config;
 
-import org.springframework.security.ldap.search.FilterBasedLdapUserSearch;
-import org.springframework.security.providers.ldap.LdapAuthenticationProvider;
-import org.springframework.security.providers.ldap.authenticator.BindAuthenticator;
-import org.springframework.security.providers.ldap.authenticator.PasswordComparisonAuthenticator;
 import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.beans.factory.config.RuntimeBeanReference;
+import org.springframework.beans.factory.support.BeanDefinitionBuilder;
 import org.springframework.beans.factory.support.RootBeanDefinition;
 import org.springframework.beans.factory.xml.BeanDefinitionParser;
 import org.springframework.beans.factory.xml.ParserContext;
@@ -30,12 +27,16 @@ public class LdapProviderBeanDefinitionParser implements BeanDefinitionParser {
     private static final String ATT_USER_PASSWORD = "password-attribute";
     private static final String ATT_HASH = PasswordEncoderParser.ATT_HASH; 
     
-    private static final String DEF_USER_SEARCH_FILTER="uid={0}";
+    private static final String DEF_USER_SEARCH_FILTER = "uid={0}";
+    
+    private static final String PROVIDER_CLASS = "org.springframework.security.providers.ldap.LdapAuthenticationProvider";
+    private static final String BIND_AUTH_CLASS = "org.springframework.security.providers.ldap.authenticator.BindAuthenticator";
+    private static final String PASSWD_AUTH_CLASS = "org.springframework.security.providers.ldap.authenticator.PasswordComparisonAuthenticator";
 
     public BeanDefinition parse(Element elt, ParserContext parserContext) {
         RuntimeBeanReference contextSource = LdapUserServiceBeanDefinitionParser.parseServerReference(elt, parserContext);
         
-        RootBeanDefinition searchBean = LdapUserServiceBeanDefinitionParser.parseSearchBean(elt, parserContext);
+        BeanDefinition searchBean = LdapUserServiceBeanDefinitionParser.parseSearchBean(elt, parserContext);
         String userDnPattern = elt.getAttribute(ATT_USER_DN_PATTERN);
         
         String[] userDnPatternArray = new String[0];
@@ -45,22 +46,25 @@ public class LdapProviderBeanDefinitionParser implements BeanDefinitionParser {
             // TODO: Validate the pattern and make sure it is a valid DN.
         } else if (searchBean == null) {
             logger.info("No search information or DN pattern specified. Using default search filter '" + DEF_USER_SEARCH_FILTER + "'");
-            searchBean = new RootBeanDefinition(FilterBasedLdapUserSearch.class);
-            searchBean.setSource(elt);
-            searchBean.getConstructorArgumentValues().addIndexedArgumentValue(0, "");
-            searchBean.getConstructorArgumentValues().addIndexedArgumentValue(1, DEF_USER_SEARCH_FILTER);
-            searchBean.getConstructorArgumentValues().addIndexedArgumentValue(2, contextSource);
+            BeanDefinitionBuilder searchBeanBuilder = BeanDefinitionBuilder.rootBeanDefinition(LdapUserServiceBeanDefinitionParser.LDAP_SEARCH_CLASS); 
+            searchBeanBuilder.setSource(elt);
+            searchBeanBuilder.addConstructorArg("");
+            searchBeanBuilder.addConstructorArg(DEF_USER_SEARCH_FILTER);
+            searchBeanBuilder.addConstructorArg(contextSource);
+            searchBean = searchBeanBuilder.getBeanDefinition();
         }
         
-        RootBeanDefinition authenticator = new RootBeanDefinition(BindAuthenticator.class);
+        BeanDefinitionBuilder authenticatorBuilder = 
+        	BeanDefinitionBuilder.rootBeanDefinition(BIND_AUTH_CLASS);
         Element passwordCompareElt = DomUtils.getChildElementByTagName(elt, Elements.LDAP_PASSWORD_COMPARE);
         
         if (passwordCompareElt != null) {
-            authenticator = new RootBeanDefinition(PasswordComparisonAuthenticator.class);
+        	authenticatorBuilder = 
+            	BeanDefinitionBuilder.rootBeanDefinition(PASSWD_AUTH_CLASS);
             
             String passwordAttribute = passwordCompareElt.getAttribute(ATT_USER_PASSWORD);
             if (StringUtils.hasText(passwordAttribute)) {
-                authenticator.getPropertyValues().addPropertyValue("passwordAttributeName", passwordAttribute);
+            	authenticatorBuilder.addPropertyValue("passwordAttributeName", passwordAttribute);
             }
             
             Element passwordEncoderElement = DomUtils.getChildElementByTagName(passwordCompareElt, Elements.PASSWORD_ENCODER);
@@ -70,33 +74,34 @@ public class LdapProviderBeanDefinitionParser implements BeanDefinitionParser {
                 if (StringUtils.hasText(hash)) {
                     parserContext.getReaderContext().warning("Attribute 'hash' cannot be used with 'password-encoder' and " +
                             "will be ignored.", parserContext.extractSource(elt));
-                }                
+                }
                 PasswordEncoderParser pep = new PasswordEncoderParser(passwordEncoderElement, parserContext);
-                authenticator.getPropertyValues().addPropertyValue("passwordEncoder", pep.getPasswordEncoder());
+                authenticatorBuilder.addPropertyValue("passwordEncoder", pep.getPasswordEncoder());
                 
                 if (pep.getSaltSource() != null) {
-                    parserContext.getReaderContext().warning("Salt source information isn't valid when used with LDAP", passwordEncoderElement);
+                    parserContext.getReaderContext().warning("Salt source information isn't valid when used with LDAP", 
+                    		passwordEncoderElement);
                 }
             } else if (StringUtils.hasText(hash)) {
                 Class encoderClass = (Class) PasswordEncoderParser.ENCODER_CLASSES.get(hash);
-                authenticator.getPropertyValues().addPropertyValue("passwordEncoder", new RootBeanDefinition(encoderClass));
+                authenticatorBuilder.addPropertyValue("passwordEncoder", new RootBeanDefinition(encoderClass));
             }
-        } 
+        }
         
-        authenticator.getConstructorArgumentValues().addGenericArgumentValue(contextSource);
-        authenticator.getPropertyValues().addPropertyValue("userDnPatterns", userDnPatternArray);
+        authenticatorBuilder.addConstructorArg(contextSource);
+        authenticatorBuilder.addPropertyValue("userDnPatterns", userDnPatternArray);
         
         if (searchBean != null) {
-            authenticator.getPropertyValues().addPropertyValue("userSearch", searchBean);
+        	authenticatorBuilder.addPropertyValue("userSearch", searchBean);
         }
                 
-        RootBeanDefinition ldapProvider = new RootBeanDefinition(LdapAuthenticationProvider.class);
-        ldapProvider.getConstructorArgumentValues().addGenericArgumentValue(authenticator);
-        ldapProvider.getConstructorArgumentValues().addGenericArgumentValue(LdapUserServiceBeanDefinitionParser.parseAuthoritiesPopulator(elt, parserContext));
-        ldapProvider.getPropertyValues().addPropertyValue("userDetailsContextMapper", 
+        BeanDefinitionBuilder ldapProvider = BeanDefinitionBuilder.rootBeanDefinition(PROVIDER_CLASS);
+        ldapProvider.addConstructorArg(authenticatorBuilder.getBeanDefinition());
+        ldapProvider.addConstructorArg(LdapUserServiceBeanDefinitionParser.parseAuthoritiesPopulator(elt, parserContext));
+        ldapProvider.addPropertyValue("userDetailsContextMapper", 
         		LdapUserServiceBeanDefinitionParser.parseUserDetailsClass(elt, parserContext));
         
-        ConfigUtils.getRegisteredProviders(parserContext).add(ldapProvider);
+        ConfigUtils.getRegisteredProviders(parserContext).add(ldapProvider.getBeanDefinition());
 
         return null;
     }

core/src/main/java/org/springframework/security/config/LdapUserServiceBeanDefinitionParser.java

@@ -1,11 +1,5 @@
 package org.springframework.security.config;
 
-import org.springframework.security.userdetails.ldap.InetOrgPersonContextMapper;
-import org.springframework.security.userdetails.ldap.LdapUserDetailsMapper;
-import org.springframework.security.userdetails.ldap.LdapUserDetailsService;
-import org.springframework.security.userdetails.ldap.PersonContextMapper;
-import org.springframework.security.ldap.search.FilterBasedLdapUserSearch;
-import org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator;
 import org.springframework.beans.factory.xml.ParserContext;
 import org.springframework.beans.factory.support.BeanDefinitionBuilder;
 import org.springframework.beans.factory.support.RootBeanDefinition;
@@ -35,9 +29,15 @@ public class LdapUserServiceBeanDefinitionParser extends AbstractUserDetailsServ
     static final String ATT_USER_CLASS = "user-details-class";
     static final String OPT_PERSON = "person";
     static final String OPT_INETORGPERSON = "inetOrgPerson";
+    
+    public static final String LDAP_SEARCH_CLASS = "org.springframework.security.ldap.search.FilterBasedLdapUserSearch";
+    public static final String PERSON_MAPPER_CLASS = "org.springframework.security.userdetails.ldap.PersonContextMapper";
+    public static final String INET_ORG_PERSON_MAPPER_CLASS = "org.springframework.security.userdetails.ldap.InetOrgPersonContextMapper";
+    public static final String LDAP_USER_MAPPER_CLASS = "org.springframework.security.userdetails.ldap.LdapUserDetailsMapper";
+    public static final String LDAP_AUTHORITIES_POPULATOR_CLASS = "org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator";
 
-    protected Class getBeanClass(Element element) {
-        return LdapUserDetailsService.class;
+    protected String getBeanClassName(Element element) {
+        return "org.springframework.security.userdetails.ldap.LdapUserDetailsService";
     }
 
     protected void doParse(Element elt, ParserContext parserContext, BeanDefinitionBuilder builder) {
@@ -68,7 +68,7 @@ public class LdapUserServiceBeanDefinitionParser extends AbstractUserDetailsServ
             return null;
         }
         
-        BeanDefinitionBuilder searchBuilder = BeanDefinitionBuilder.rootBeanDefinition(FilterBasedLdapUserSearch.class);
+        BeanDefinitionBuilder searchBuilder = BeanDefinitionBuilder.rootBeanDefinition(LDAP_SEARCH_CLASS);
         searchBuilder.setSource(source);
         searchBuilder.addConstructorArg(userSearchBase);
         searchBuilder.addConstructorArg(userSearchFilter);
@@ -96,12 +96,12 @@ public class LdapUserServiceBeanDefinitionParser extends AbstractUserDetailsServ
     static RootBeanDefinition parseUserDetailsClass(Element elt, ParserContext parserContext) {
     	String userDetailsClass = elt.getAttribute(ATT_USER_CLASS);
     	
-    	if(OPT_PERSON.equals(userDetailsClass)) {
-    		return new RootBeanDefinition(PersonContextMapper.class);
+    	if (OPT_PERSON.equals(userDetailsClass)) {
+    		return new RootBeanDefinition(PERSON_MAPPER_CLASS, null, null);
     	} else if (OPT_INETORGPERSON.equals(userDetailsClass)) {
-    		return new RootBeanDefinition(InetOrgPersonContextMapper.class);
+    		return new RootBeanDefinition(INET_ORG_PERSON_MAPPER_CLASS, null, null);
     	}
-    	return new RootBeanDefinition(LdapUserDetailsMapper.class);
+    	return new RootBeanDefinition(LDAP_USER_MAPPER_CLASS, null, null);
     }
     
     static RootBeanDefinition parseAuthoritiesPopulator(Element elt, ParserContext parserContext) {
@@ -118,7 +118,7 @@ public class LdapUserServiceBeanDefinitionParser extends AbstractUserDetailsServ
             groupSearchBase = DEF_GROUP_SEARCH_BASE;
         }
         
-        BeanDefinitionBuilder populator = BeanDefinitionBuilder.rootBeanDefinition(DefaultLdapAuthoritiesPopulator.class);
+        BeanDefinitionBuilder populator = BeanDefinitionBuilder.rootBeanDefinition(LDAP_AUTHORITIES_POPULATOR_CLASS);
         populator.setSource(parserContext.extractSource(elt));
         populator.addConstructorArg(parseServerReference(elt, parserContext));
         populator.addConstructorArg(groupSearchBase);
@@ -129,7 +129,7 @@ public class LdapUserServiceBeanDefinitionParser extends AbstractUserDetailsServ
                 rolePrefix = "";
             }
             populator.addPropertyValue("rolePrefix", rolePrefix);
-        }                
+        }
         
         if (StringUtils.hasLength(groupRoleAttribute)) {
             populator.addPropertyValue("groupRoleAttribute", groupRoleAttribute);

core/src/main/java/org/springframework/security/config/UserServiceBeanDefinitionParser.java

@@ -6,7 +6,6 @@ import org.springframework.beans.factory.support.BeanDefinitionBuilder;
 import org.springframework.beans.factory.support.RootBeanDefinition;
 import org.springframework.beans.factory.xml.ParserContext;
 import org.springframework.beans.factory.BeanDefinitionStoreException;
-import org.springframework.security.userdetails.memory.InMemoryDaoImpl;
 import org.springframework.security.userdetails.memory.UserMap;
 import org.springframework.security.userdetails.User;
 import org.springframework.security.util.AuthorityUtils;
@@ -33,8 +32,8 @@ public class UserServiceBeanDefinitionParser extends AbstractUserDetailsServiceB
 	static final String ATT_DISABLED = "disabled";
     static final String ATT_LOCKED = "locked";
 
-    protected Class getBeanClass(Element element) {
-        return InMemoryDaoImpl.class;
+    protected String getBeanClassName(Element element) {
+        return "org.springframework.security.userdetails.memory.InMemoryDaoImpl";
     }
 
     protected void doParse(Element element, ParserContext parserContext, BeanDefinitionBuilder builder) {