SEC-641: Updated to set "source" values on BeanDefinitions where possible.

core/src/main/java/org/springframework/security/config/AnonymousBeanDefinitionParser.java

@@ -19,30 +19,32 @@ import org.w3c.dom.Element;
 public class AnonymousBeanDefinitionParser implements BeanDefinitionParser {
     static final String ATT_KEY = "key";
     static final String DEF_KEY = "doesNotMatter";
-    
+
 	static final String ATT_USERNAME = "username";
 	static final String DEF_USERNAME = "roleAnonymous";
-	
+
 	static final String ATT_GRANTED_AUTHORITY = "granted-authority";
 	static final String DEF_GRANTED_AUTHORITY = "ROLE_ANONYMOUS";
-	
+
 	protected final Log logger = LogFactory.getLog(getClass());
 
     public BeanDefinition parse(Element element, ParserContext parserContext) {
         String grantedAuthority = null;
         String username = null;
         String key = null;
-        
+        Object source = null;
+
         if (element != null) {
             grantedAuthority = element.getAttribute(ATT_GRANTED_AUTHORITY);
             username = element.getAttribute(ATT_USERNAME);
             key = element.getAttribute(ATT_KEY);
+            source = parserContext.extractSource(element);
         }
 
         if (!StringUtils.hasText(grantedAuthority)) {
         	grantedAuthority = DEF_GRANTED_AUTHORITY;
         }
-    	
+
         if (!StringUtils.hasText(username)) {
         	username = DEF_USERNAME;
         }
@@ -51,12 +53,15 @@ public class AnonymousBeanDefinitionParser implements BeanDefinitionParser {
         	key = DEF_KEY;
         }
 
-        BeanDefinition filter = new RootBeanDefinition(AnonymousProcessingFilter.class);
+        RootBeanDefinition filter = new RootBeanDefinition(AnonymousProcessingFilter.class);
+
+        filter.setSource(source);
         filter.getPropertyValues().addPropertyValue("userAttribute", username + "," + grantedAuthority);
         filter.getPropertyValues().addPropertyValue(ATT_KEY, key);
 
         BeanDefinition authManager = ConfigUtils.registerProviderManagerIfNecessary(parserContext);
-        BeanDefinition provider = new RootBeanDefinition(AnonymousAuthenticationProvider.class);
+        RootBeanDefinition provider = new RootBeanDefinition(AnonymousAuthenticationProvider.class);
+        provider.setSource(source);
         provider.getPropertyValues().addPropertyValue(ATT_KEY, key);
 
         ManagedList authMgrProviderList = (ManagedList) authManager.getPropertyValues().getPropertyValue("providers").getValue();

core/src/main/java/org/springframework/security/config/AuthenticationProviderBeanDefinitionParser.java

@@ -23,6 +23,7 @@ class AuthenticationProviderBeanDefinitionParser implements BeanDefinitionParser
 
     public BeanDefinition parse(Element element, ParserContext parserContext) {
         RootBeanDefinition authProvider = new RootBeanDefinition(DaoAuthenticationProvider.class);
+        authProvider.setSource(parserContext.extractSource(element));
 
         Element passwordEncoderElt = DomUtils.getChildElementByTagName(element, Elements.PASSWORD_ENCODER);
 

core/src/main/java/org/springframework/security/config/ConcurrentSessionsBeanDefinitionParser.java

@@ -34,6 +34,10 @@ public class ConcurrentSessionsBeanDefinitionParser implements BeanDefinitionPar
         controllerBuilder.addPropertyValue("sessionRegistry", new RuntimeBeanReference(BeanIds.SESSION_REGISTRY));
         filterBuilder.addPropertyValue("sessionRegistry", new RuntimeBeanReference(BeanIds.SESSION_REGISTRY));
 
+        Object source = parserContext.extractSource(element);
+        filterBuilder.setSource(source);
+        controllerBuilder.setSource(source);
+
         String expiryUrl = element.getAttribute("expiryUrl");
 
         if (StringUtils.hasText(expiryUrl)) {

core/src/main/java/org/springframework/security/config/FormLoginBeanDefinitionParser.java

@@ -25,7 +25,7 @@ public class FormLoginBeanDefinitionParser implements BeanDefinitionParser {
 
     static final String ATT_LOGIN_URL = "login-url";
     static final String DEF_LOGIN_URL = "/j_spring_security_check";
-    
+
     static final String ATT_LOGIN_PAGE = "login-page";
     static final String DEF_LOGIN_PAGE = DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL;
 
@@ -40,23 +40,26 @@ public class FormLoginBeanDefinitionParser implements BeanDefinitionParser {
         String defaultTargetUrl = null;
         String authenticationFailureUrl = null;
         String loginPage = null;
-        
+        Object source = null;
+
         if (elt != null) {
             loginUrl = elt.getAttribute(ATT_LOGIN_URL);
             defaultTargetUrl = elt.getAttribute(ATT_FORM_LOGIN_TARGET_URL);
             authenticationFailureUrl = elt.getAttribute(ATT_FORM_LOGIN_AUTHENTICATION_FAILURE_URL);
             loginPage = elt.getAttribute(ATT_LOGIN_PAGE);
+            source = parserContext.extractSource(elt);
         }
 
         ConfigUtils.registerProviderManagerIfNecessary(parserContext);
-        
-        BeanDefinition filterBean = createFilterBean(loginUrl, defaultTargetUrl, authenticationFailureUrl);
 
+        RootBeanDefinition filterBean = createFilterBean(loginUrl, defaultTargetUrl, authenticationFailureUrl);
+        filterBean.setSource(source);
         filterBean.getPropertyValues().addPropertyValue("authenticationManager",
                 new RuntimeBeanReference(BeanIds.AUTHENTICATION_MANAGER));
 
         BeanDefinitionBuilder entryPointBuilder =
                 BeanDefinitionBuilder.rootBeanDefinition(AuthenticationProcessingFilterEntryPoint.class);
+        entryPointBuilder.setSource(source);
 
 
         // If no login page has been defined, add in the default page generator.
@@ -79,7 +82,7 @@ public class FormLoginBeanDefinitionParser implements BeanDefinitionParser {
         return null;
     }
 
-    private BeanDefinition createFilterBean(String loginUrl, String defaultTargetUrl, String authenticationFailureUrl) {
+    private RootBeanDefinition createFilterBean(String loginUrl, String defaultTargetUrl, String authenticationFailureUrl) {
         BeanDefinitionBuilder filterBuilder =
                 BeanDefinitionBuilder.rootBeanDefinition(AuthenticationProcessingFilter.class);
 
@@ -103,6 +106,6 @@ public class FormLoginBeanDefinitionParser implements BeanDefinitionParser {
 
         filterBuilder.addPropertyValue("authenticationFailureUrl", authenticationFailureUrl);
 
-        return filterBuilder.getBeanDefinition();
+        return (RootBeanDefinition) filterBuilder.getBeanDefinition();
     }
 }

core/src/main/java/org/springframework/security/config/LdapServerBeanDefinitionParser.java

@@ -60,6 +60,8 @@ public class LdapServerBeanDefinitionParser implements BeanDefinitionParser {
             contextSource.getConstructorArgumentValues().addIndexedArgumentValue(0, url);
         }
 
+        contextSource.setSource(parserContext.extractSource(elt));
+
         String managerDn = elt.getAttribute(ATT_PRINCIPAL);
         String managerPassword = elt.getAttribute(ATT_PASSWORD);
 
@@ -143,6 +145,7 @@ public class LdapServerBeanDefinitionParser implements BeanDefinitionParser {
         contextSource.getPropertyValues().addPropertyValue("password", "secret");
 
         RootBeanDefinition apacheContainer = new RootBeanDefinition(ApacheDSContainer.class);
+        apacheContainer.setSource(parserContext.extractSource(element));
         apacheContainer.getConstructorArgumentValues().addGenericArgumentValue(configuration);
         apacheContainer.getConstructorArgumentValues().addGenericArgumentValue(contextSource);
 

core/src/main/java/org/springframework/security/config/LdapUserServiceBeanDefinitionParser.java

@@ -40,7 +40,7 @@ public class LdapUserServiceBeanDefinitionParser extends AbstractUserDetailsServ
         }
 
         String userSearchFilter = elt.getAttribute(ATT_USER_SEARCH_FILTER);
-        
+
         if (!StringUtils.hasText(userSearchFilter)) {
             parserContext.getReaderContext().error("User search filter must be supplied", elt);
         }
@@ -62,13 +62,17 @@ public class LdapUserServiceBeanDefinitionParser extends AbstractUserDetailsServ
             groupSearchBase = DEF_GROUP_SEARCH_BASE;
         }
 
+        Object source = parserContext.extractSource(elt);
+
         RuntimeBeanReference contextSource = new RuntimeBeanReference(server);
-        BeanDefinition search = new RootBeanDefinition(FilterBasedLdapUserSearch.class);
+        RootBeanDefinition search = new RootBeanDefinition(FilterBasedLdapUserSearch.class);
+        search.setSource(source);
         search.getConstructorArgumentValues().addIndexedArgumentValue(0, userSearchBase);
         search.getConstructorArgumentValues().addIndexedArgumentValue(1, userSearchFilter);
         search.getConstructorArgumentValues().addIndexedArgumentValue(2, contextSource);
 
-        BeanDefinition populator = new RootBeanDefinition(DefaultLdapAuthoritiesPopulator.class);
+        RootBeanDefinition populator = new RootBeanDefinition(DefaultLdapAuthoritiesPopulator.class);
+        populator.setSource(source);
         populator.getConstructorArgumentValues().addIndexedArgumentValue(0, contextSource);
         populator.getConstructorArgumentValues().addIndexedArgumentValue(1, groupSearchBase);
         populator.getPropertyValues().addPropertyValue("groupSearchFilter", groupSearchFilter);

core/src/main/java/org/springframework/security/config/LogoutBeanDefinitionParser.java

@@ -22,7 +22,7 @@ public class LogoutBeanDefinitionParser implements BeanDefinitionParser {
 
 	static final String ATT_INVALIDATE_SESSION = "invalidate-session";
 	static final String DEF_INVALIDATE_SESSION  = "true";
-	
+
 	static final String ATT_LOGOUT_URL = "logout-url";
 	static final String DEF_LOGOUT_URL = "/j_spring_security_logout";
 
@@ -38,7 +38,8 @@ public class LogoutBeanDefinitionParser implements BeanDefinitionParser {
         }
 
         BeanDefinitionBuilder builder = BeanDefinitionBuilder.rootBeanDefinition(LogoutFilter.class);
-        
+        builder.setSource(parserContext.extractSource(element));
+
         if (!StringUtils.hasText(logoutUrl)) {
         	logoutUrl = DEF_LOGOUT_URL;
         }
@@ -48,11 +49,11 @@ public class LogoutBeanDefinitionParser implements BeanDefinitionParser {
             logoutSuccessUrl = DEF_LOGOUT_SUCCESS_URL;
         }
         builder.addConstructorArg(logoutSuccessUrl);
-        
+
         if (!StringUtils.hasText(invalidateSession)) {
         	invalidateSession = DEF_INVALIDATE_SESSION;
         }
-        
+
         ManagedList handlers = new ManagedList();
         SecurityContextLogoutHandler sclh = new SecurityContextLogoutHandler();
         if ("true".equals(invalidateSession)) {
@@ -67,7 +68,7 @@ public class LogoutBeanDefinitionParser implements BeanDefinitionParser {
         }
 
         builder.addConstructorArg(handlers);
-        
+
         parserContext.getRegistry().registerBeanDefinition(BeanIds.LOGOUT_FILTER, builder.getBeanDefinition());
 
         return null;

core/src/main/java/org/springframework/security/config/PasswordEncoderParser.java

@@ -68,7 +68,8 @@ public class PasswordEncoderParser {
             passwordEncoder = new RuntimeBeanReference(ref);
         } else {
             Class beanClass = (Class) ENCODER_CLASSES.get(hash);
-            BeanDefinition beanDefinition = new RootBeanDefinition(beanClass);
+            RootBeanDefinition beanDefinition = new RootBeanDefinition(beanClass);
+            beanDefinition.setSource(parserContext.extractSource(element));
             if (useBase64) {
                 if (beanClass.isAssignableFrom(BaseDigestPasswordEncoder.class)) {
                     beanDefinition.getPropertyValues().addPropertyValue("encodeHashAsBase64", "true");

core/src/main/java/org/springframework/security/config/PortMappingsBeanDefinitionParser.java

@@ -27,7 +27,8 @@ public class PortMappingsBeanDefinitionParser implements BeanDefinitionParser {
     public static final String ATT_HTTPS_PORT = "https";
 
     public BeanDefinition parse(Element element, ParserContext parserContext) {
-        BeanDefinition portMapper = new RootBeanDefinition(PortMapperImpl.class);
+        RootBeanDefinition portMapper = new RootBeanDefinition(PortMapperImpl.class);
+        portMapper.setSource(parserContext.extractSource(element));
 
         if (element != null) {
             List mappingElts = DomUtils.getChildElementsByTagName(element, Elements.PORT_MAPPING);

core/src/main/java/org/springframework/security/config/RememberMeBeanDefinitionParser.java

@@ -33,15 +33,17 @@ public class RememberMeBeanDefinitionParser implements BeanDefinitionParser {
         String tokenRepository = null;
         String dataSource = null;
         String key = null;
+        Object source = null;
 
         if (element != null) {
             tokenRepository = element.getAttribute(ATT_TOKEN_REPOSITORY);
             dataSource = element.getAttribute(ATT_DATA_SOURCE);
             key = element.getAttribute(ATT_KEY);
+            source = parserContext.extractSource(element);
         }
 
-        BeanDefinition filter = new RootBeanDefinition(RememberMeProcessingFilter.class);
-        BeanDefinition services = new RootBeanDefinition(PersistentTokenBasedRememberMeServices.class);
+        RootBeanDefinition filter = new RootBeanDefinition(RememberMeProcessingFilter.class);
+        RootBeanDefinition services = new RootBeanDefinition(PersistentTokenBasedRememberMeServices.class);
 
         filter.getPropertyValues().addPropertyValue("authenticationManager",
                 new RuntimeBeanReference(BeanIds.AUTHENTICATION_MANAGER));
@@ -76,7 +78,11 @@ public class RememberMeBeanDefinitionParser implements BeanDefinitionParser {
         }
 
         BeanDefinition authManager = ConfigUtils.registerProviderManagerIfNecessary(parserContext);
-        BeanDefinition provider = new RootBeanDefinition(RememberMeAuthenticationProvider.class);
+        RootBeanDefinition provider = new RootBeanDefinition(RememberMeAuthenticationProvider.class);
+
+        filter.setSource(source);
+        services.setSource(source);
+        provider.setSource(source);
 
         provider.getPropertyValues().addPropertyValue(ATT_KEY, key);
         services.getPropertyValues().addPropertyValue(ATT_KEY, key);

core/src/main/java/org/springframework/security/config/SaltSourceBeanDefinitionParser.java

@@ -13,18 +13,20 @@ import org.w3c.dom.Element;
 /**
  * @author Luke Taylor
  * @version $Id$
+ * @since 2.0
  */
 public class SaltSourceBeanDefinitionParser implements BeanDefinitionParser {
     static final String ATT_USER_PROPERTY = "user-property";
     static final String ATT_SYSTEM_WIDE = "system-wide";
 
     public BeanDefinition parse(Element element, ParserContext parserContext) {
-        BeanDefinition saltSource;
+        RootBeanDefinition saltSource;
         String userProperty = element.getAttribute(ATT_USER_PROPERTY);
 
         if (StringUtils.hasText(userProperty)) {
             saltSource = new RootBeanDefinition(ReflectionSaltSource.class);
             saltSource.getPropertyValues().addPropertyValue("userPropertyToUse", userProperty);
+            saltSource.setSource(parserContext.extractSource(element));
 
             return saltSource;
         }
@@ -34,10 +36,12 @@ public class SaltSourceBeanDefinitionParser implements BeanDefinitionParser {
         if (StringUtils.hasText(systemWideSalt)) {
             saltSource = new RootBeanDefinition(SystemWideSaltSource.class);
             saltSource.getPropertyValues().addPropertyValue("systemWideSalt", systemWideSalt);
+            saltSource.setSource(parserContext.extractSource(element));
 
             return saltSource;
         }
 
-        throw new SecurityConfigurationException(Elements.SALT_SOURCE + " requires an attribute");
+        parserContext.getReaderContext().error(Elements.SALT_SOURCE + " requires an attribute", element);
+        return null;
     }
 }

core/src/main/java/org/springframework/security/config/X509BeanDefinitionParser.java

@@ -32,6 +32,10 @@ public class X509BeanDefinitionParser implements BeanDefinitionParser {
         BeanDefinitionBuilder filterBuilder = BeanDefinitionBuilder.rootBeanDefinition(X509PreAuthenticatedProcessingFilter.class);
 	    RootBeanDefinition entryPoint = new RootBeanDefinition(PreAuthenticatedProcessingFilterEntryPoint.class);
 
+        Object source = parserContext.extractSource(element);
+        filterBuilder.setSource(source);
+        entryPoint.setSource(source);
+
         String regex = element.getAttribute(ATT_REGEX);
 
         if (StringUtils.hasText(regex)) {
@@ -49,8 +53,10 @@ public class X509BeanDefinitionParser implements BeanDefinitionParser {
 
         if (StringUtils.hasText(userServiceRef)) {
             RootBeanDefinition statusCheckingUserService = new RootBeanDefinition(StatusCheckingUserDetailsService.class);
+            statusCheckingUserService.setSource(source);
             statusCheckingUserService.getConstructorArgumentValues().addIndexedArgumentValue(0, new RuntimeBeanReference(userServiceRef));
-            BeanDefinition preAuthUserService = new RootBeanDefinition(UserDetailsByNameServiceWrapper.class);
+            RootBeanDefinition preAuthUserService = new RootBeanDefinition(UserDetailsByNameServiceWrapper.class);
+            preAuthUserService.setSource(source);
             preAuthUserService.getPropertyValues().addPropertyValue("userDetailsService", statusCheckingUserService);
             provider.getPropertyValues().addPropertyValue("preAuthenticatedUserDetailsService", preAuthUserService);
         }