SEC-29: Remove from sandbox (now in core).

sandbox/src/main/java/org/acegisecurity/intercept/web/SandboxSecurityEnforcementFilter.java

@@ -1,310 +0,0 @@
-/* Copyright 2004, 2005 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.acegisecurity.intercept.web;
-
-import java.io.IOException;
-
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.acegisecurity.AccessDeniedException;
-import org.acegisecurity.AuthenticationException;
-import org.acegisecurity.AuthenticationTrustResolver;
-import org.acegisecurity.AuthenticationTrustResolverImpl;
-import org.acegisecurity.InsufficientAuthenticationException;
-import org.acegisecurity.context.SecurityContextHolder;
-import org.acegisecurity.ui.AbstractProcessingFilter;
-import org.acegisecurity.ui.AuthenticationEntryPoint;
-import org.acegisecurity.ui.ExceptionTranslationFilter;
-import org.acegisecurity.util.PortResolver;
-import org.acegisecurity.util.PortResolverImpl;
-import org.acegisecurity.wrapper.redirect.SavedHttpServletRequest;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.springframework.beans.factory.InitializingBean;
-import org.springframework.util.Assert;
-
-/**
- * Wraps requests to the {@link FilterSecurityInterceptor}.
- *
- * <p>
- * This filter is necessary because it provides the bridge between incoming
- * requests and the <code>FilterSecurityInterceptor</code> instance.
- * </p>
- *
- * <p>
- * If an {@link AuthenticationException} is detected, the filter will launch
- * the <code>authenticationEntryPoint</code>. This allows common handling of
- * authentication failures originating from any subclass of {@link
- * org.acegisecurity.intercept.AbstractSecurityInterceptor}.
- * </p>
- *
- * <p>
- * If an {@link AccessDeniedException} is detected, the filter will determine
- * whether or not the user is an anonymous user. If they are an anonymous
- * user, the <code>authenticationEntryPoint</code> will be launched. If they
- * are not an anonymous user, the filter will respond with a
- * <code>HttpServletResponse.SC_FORBIDDEN</code> (403 error).  In addition,
- * the <code>AccessDeniedException</code> itself will be placed in the
- * <code>HttpSession</code> attribute keyed against {@link
- * #ACEGI_SECURITY_ACCESS_DENIED_EXCEPTION_KEY} (to allow access to the stack
- * trace etc). Again, this allows common access denied handling irrespective
- * of the originating security interceptor.
- * </p>
- *
- * <p>
- * To use this filter, it is necessary to specify the following properties:
- * </p>
- *
- * <ul>
- * <li>
- * <code>filterSecurityInterceptor</code> indicates the
- * <code>FilterSecurityInterceptor</code> to delegate HTTP security decisions
- * to.
- * </li>
- * <li>
- * <code>authenticationEntryPoint</code> indicates the handler that should
- * commence the authentication process if an
- * <code>AuthenticationException</code> is detected. Note that this may also
- * switch the current protocol from http to https for an SSL login.
- * </li>
- * <li>
- * <code>portResolver</code> is used to determine the "real" port that a
- * request was received on.
- * </li>
- * </ul>
- *
- * <P>
- * <B>Do not use this class directly.</B> Instead configure
- * <code>web.xml</code> to use the {@link
- * org.acegisecurity.util.FilterToBeanProxy}.
- * </p>
- *
- * @author Ben Alex
- * @author colin sampaleanu
- * @author Andrey Grebnev <a href="mailto:andrey.grebnev@blandware.com">&lt;andrey.grebnev@blandware.com&gt;</a>
- * @version $Id$
- */
-public class SandboxSecurityEnforcementFilter implements Filter, InitializingBean {
-	
-    private static final Log logger = LogFactory.getLog(ExceptionTranslationFilter.class);
-    
-    public static final String ACEGI_SECURITY_ACCESS_DENIED_EXCEPTION_KEY = "ACEGI_SECURITY_403_EXCEPTION";
-    public static final String SAVED_REQUEST_SESSION_ATTRIBUTE = "org.acegisecurity.intercept.web.SAVED_REQUEST_SESSION_ATTRIBUTE";
-    
-    private AuthenticationEntryPoint authenticationEntryPoint;
-    private AuthenticationTrustResolver authenticationTrustResolver = new AuthenticationTrustResolverImpl();
-    private FilterSecurityInterceptor filterSecurityInterceptor;
-    private PortResolver portResolver = new PortResolverImpl();
-    private boolean createSessionAllowed = true;
-
-    /**
-     * Sets the AuthenticationEntryPoint.
-     * @param authenticationEntryPoint The authentication entry point.
-     */
-    public void setAuthenticationEntryPoint(
-        AuthenticationEntryPoint authenticationEntryPoint) {
-        this.authenticationEntryPoint = authenticationEntryPoint;
-    }
-
-    /**
-     * Returns the AuthenticationEntryPoint.
-     * @return The authentication entry point.
-     */
-    public AuthenticationEntryPoint getAuthenticationEntryPoint() {
-        return authenticationEntryPoint;
-    }
-
-    /**
-     * Sets the AuthenticationTrustResolver.
-     * @param authenticationTrustResolver The AuthenticationTrustResolver.
-     */
-    public void setAuthenticationTrustResolver(
-        AuthenticationTrustResolver authenticationTrustResolver) {
-        this.authenticationTrustResolver = authenticationTrustResolver;
-    }
-
-    /**
-     * If <code>true</code>, indicates that <code>SecurityEnforcementFilter</code> is permitted
-     * to store the target URL and exception information in the <code>HttpSession</code> (the
-     * default). In situations where you do not wish to unnecessarily create <code>HttpSession</code>s
-     * - because the user agent will know the failed URL, such as with BASIC or Digest authentication
-     * - you may wish to set this property to <code>false</code>. Remember to also set the
-     * {@link org.acegisecurity.context.HttpSessionContextIntegrationFilter#allowSessionCreation}
-     * to <code>false</code> if you set this property to <code>false</code>.
-     *
-     * @return <code>true</code> if the <code>HttpSession</code> will be used to store information
-     * about the failed request, <code>false</code> if the <code>HttpSession</code> will not be
-     * used
-     */
-    public boolean isCreateSessionAllowed() {
-        return createSessionAllowed;
-    }
-
-    public void setCreateSessionAllowed(boolean createSessionAllowed) {
-        this.createSessionAllowed = createSessionAllowed;
-    }
-
-    public AuthenticationTrustResolver getAuthenticationTrustResolver() {
-        return authenticationTrustResolver;
-    }
-
-    public void setFilterSecurityInterceptor(
-        FilterSecurityInterceptor filterSecurityInterceptor) {
-        this.filterSecurityInterceptor = filterSecurityInterceptor;
-    }
-
-    public FilterSecurityInterceptor getFilterSecurityInterceptor() {
-        return filterSecurityInterceptor;
-    }
-
-    public void setPortResolver(PortResolver portResolver) {
-        this.portResolver = portResolver;
-    }
-
-    public PortResolver getPortResolver() {
-        return portResolver;
-    }
-
-    public void afterPropertiesSet() throws Exception {
-        Assert.notNull(authenticationEntryPoint,
-            "authenticationEntryPoint must be specified");
-        Assert.notNull(filterSecurityInterceptor,
-            "filterSecurityInterceptor must be specified");
-        Assert.notNull(portResolver, "portResolver must be specified");
-        Assert.notNull(authenticationTrustResolver,
-            "authenticationTrustResolver must be specified");
-    }
-
-    public void destroy() {
-    }
-
-    public void doFilter(ServletRequest request, ServletResponse response,
-        FilterChain chain) throws IOException, ServletException {
-        if (!(request instanceof HttpServletRequest)) {
-            throw new ServletException("HttpServletRequest required");
-        }
-
-        if (!(response instanceof HttpServletResponse)) {
-            throw new ServletException("HttpServletResponse required");
-        }
-
-        FilterInvocation fi = new FilterInvocation(request, response, chain);
-
-        try {
-            filterSecurityInterceptor.invoke(fi);
-
-            if (logger.isDebugEnabled()) {
-                logger.debug("Chain processed normally");
-            }
-        } catch (AuthenticationException authentication) {
-            if (logger.isDebugEnabled()) {
-                logger.debug("Authentication exception occurred; redirecting to authentication entry point",
-                    authentication);
-            }
-
-            sendStartAuthentication(fi, authentication);
-        } catch (AccessDeniedException accessDenied) {
-            if (authenticationTrustResolver.isAnonymous(
-                        SecurityContextHolder.getContext().getAuthentication())) {
-                if (logger.isDebugEnabled()) {
-                    logger.debug("Access is denied (user is anonymous); redirecting to authentication entry point",
-                        accessDenied);
-                }
-
-                sendStartAuthentication(fi,
-                    new InsufficientAuthenticationException(
-                        "Full authentication is required to access this resource"));
-            } else {
-                if (logger.isDebugEnabled()) {
-                    logger.debug("Access is denied (user is not anonymous); sending back forbidden response",
-                        accessDenied);
-                }
-
-                sendAccessDeniedError(fi, accessDenied);
-            }
-        } catch (ServletException e) {
-            throw e;
-        } catch (IOException e) {
-            throw e;
-        } catch (Throwable otherException) {
-            throw new ServletException(otherException);
-        }
-    }
-
-    public void init(FilterConfig filterConfig) throws ServletException {
-    }
-
-    protected void sendAccessDeniedError(FilterInvocation fi,
-        AccessDeniedException accessDenied)
-        throws ServletException, IOException {
-        if (createSessionAllowed) {
-            ((HttpServletRequest) fi.getRequest()).getSession().setAttribute(ACEGI_SECURITY_ACCESS_DENIED_EXCEPTION_KEY,
-                accessDenied);
-        }
-
-        ((HttpServletResponse) fi.getResponse()).sendError(HttpServletResponse.SC_FORBIDDEN,
-            accessDenied.getMessage()); // 403
-    }
-
-    protected void sendStartAuthentication(FilterInvocation fi,
-        AuthenticationException reason) throws ServletException, IOException {
-    	
-    	// Get the HttpServletRequest
-        HttpServletRequest request = (HttpServletRequest) fi.getRequest();
-
-        // Save this original request on the session in case
-        // SecurityContextHolderAwareRequestWrapper has to resume it after (re)authentication.
-        request.getSession().setAttribute(SAVED_REQUEST_SESSION_ATTRIBUTE, SavedHttpServletRequest.saveRequest(request));
-
-        int port = portResolver.getServerPort(request);
-        boolean includePort = true;
-
-        if ("http".equals(request.getScheme().toLowerCase()) && (port == 80)) {
-            includePort = false;
-        }
-
-        if ("https".equals(request.getScheme().toLowerCase()) && (port == 443)) {
-            includePort = false;
-        }
-
-        // Build the target URL from the request
-        String targetUrl = request.getScheme() + "://" +
-            request.getServerName() + ((includePort) ? (":" + port) : "") +
-            request.getContextPath() + fi.getRequestUrl();
-
-        if (logger.isDebugEnabled()) {
-            logger.debug(
-                "Authentication entry point being called; target URL added to Session: " +
-                targetUrl);
-        }
-
-        if (createSessionAllowed) {
-            ((HttpServletRequest) request).getSession().setAttribute(AbstractProcessingFilter.ACEGI_SECURITY_TARGET_URL_KEY,
-                targetUrl);
-        }
-
-        authenticationEntryPoint.commence(request,
-            (HttpServletResponse) fi.getResponse(), reason);
-    }
-    
-}

sandbox/src/main/java/org/acegisecurity/wrapper/SandboxSecurityContextHolderAwareRequestWrapper.java

@@ -1,475 +0,0 @@
-/* Copyright 2004, 2005 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.acegisecurity.wrapper;
-
-import java.security.Principal;
-import java.text.SimpleDateFormat;
-import java.util.ArrayList;
-import java.util.Enumeration;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Locale;
-import java.util.Map;
-import java.util.TimeZone;
-
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletRequestWrapper;
-import javax.servlet.http.HttpSession;
-
-import org.acegisecurity.Authentication;
-import org.acegisecurity.AuthenticationTrustResolver;
-import org.acegisecurity.AuthenticationTrustResolverImpl;
-import org.acegisecurity.GrantedAuthority;
-import org.acegisecurity.context.SecurityContextHolder;
-import org.acegisecurity.intercept.web.SandboxSecurityEnforcementFilter;
-import org.acegisecurity.userdetails.UserDetails;
-import org.acegisecurity.wrapper.redirect.Enumerator;
-import org.acegisecurity.wrapper.redirect.FastHttpDateFormat;
-import org.acegisecurity.wrapper.redirect.SavedHttpServletRequest;
-
-/**
- * An Acegi Security-aware <code>HttpServletRequestWrapper</code>, which uses
- * the <code>SecurityContext</code>-defined <code>Authentication</code>
- * object for
- * {@link SecurityContextHolderAwareRequestWrapper#isUserInRole(java.lang.String)}
- * and {@link javax.servlet.http.HttpServletRequestWrapper#getRemoteUser()}
- * responses.
- * <p>
- * Provides request parameters, headers, cookies from original requrest or saved request.
- * </p>
- * 
- * @author Orlando Garcia Carmona
- * @author Ben Alex
- * @author Andrey Grebnev <a href="mailto:andrey.grebnev@blandware.com">&lt;andrey.grebnev@blandware.com&gt;</a>
- * @version $Id$
- */
-public class SandboxSecurityContextHolderAwareRequestWrapper extends
-		HttpServletRequestWrapper {
-
-	// ~ Static fields ========================================================
-
-	protected static final TimeZone GMT_ZONE = TimeZone.getTimeZone("GMT");
-
-	/**
-	 * The default Locale if none are specified.
-	 */
-	protected static Locale defaultLocale = Locale.getDefault();
-
-	// ~ Instance fields
-	// ========================================================
-
-	/**
-	 * Authentication trust resolver.
-	 */
-	private AuthenticationTrustResolver authenticationTrustResolver = new AuthenticationTrustResolverImpl();
-
-	/**
-	 * The set of SimpleDateFormat formats to use in getDateHeader().
-	 * 
-	 * Notice that because SimpleDateFormat is not thread-safe, we can't declare
-	 * formats[] as a static variable.
-	 */
-	protected SimpleDateFormat formats[] = new SimpleDateFormat[3];
-
-	/**
-	 * Saved request (to be resumed after authentication)
-	 */
-	protected SavedHttpServletRequest savedRequest = null;
-
-	// ~ Constructors
-	// ===========================================================
-
-	/**
-	 * The class' primary constructor.
-	 * 
-	 * @param request HttpServletRequest
-	 */
-	public SandboxSecurityContextHolderAwareRequestWrapper(HttpServletRequest request) {
-
-		// First do what the parent class needs to.
-		super(request);
-
-		// Return if there isn't an existing HttpSession
-		HttpSession session = request.getSession(false);
-		if (session != null) {
-
-			// We know there's an existing HttpSession, so see if it has a
-			// saved request (placed there by SecurityEnforcementFilter).
-			SavedHttpServletRequest saved = (SavedHttpServletRequest) session
-					.getAttribute(SandboxSecurityEnforcementFilter.SAVED_REQUEST_SESSION_ATTRIBUTE);
-			if (saved != null) {
-
-				// We know there's a saved request, so see if it has a
-				// saved "root" request URI to forward to.
-				String requestURI = saved.getRequestURI();
-				if (requestURI != null) {
-
-					// We know there's a saved "root" request URI, so see if
-					// it's the
-					// same one specified by this request.
-					if (requestURI.equals(request.getRequestURI())) {
-
-						// They're the same "root" request URIs, so get the
-						// saved request and remove it from the HttpSession
-						// since we only want to process it once.
-						savedRequest = saved;
-						session
-								.removeAttribute(SandboxSecurityEnforcementFilter.SAVED_REQUEST_SESSION_ATTRIBUTE);
-
-						formats[0] = new SimpleDateFormat(
-								"EEE, dd MMM yyyy HH:mm:ss zzz", Locale.US);
-						formats[1] = new SimpleDateFormat(
-								"EEEEEE, dd-MMM-yy HH:mm:ss zzz", Locale.US);
-						formats[2] = new SimpleDateFormat(
-								"EEE MMMM d HH:mm:ss yyyy", Locale.US);
-
-						formats[0].setTimeZone(GMT_ZONE);
-						formats[1].setTimeZone(GMT_ZONE);
-						formats[2].setTimeZone(GMT_ZONE);
-					}
-
-				}
-
-			}
-
-		}
-
-		return;
-
-	}
-
-	// ~ Methods
-	// ================================================================
-
-	/**
-	 * Returns the principal's name, as obtained from the
-	 * <code>SecurityContextHolder</code>. Properly handles both
-	 * <code>String</code>-based and <code>UserDetails</code>-based
-	 * principals.
-	 * 
-	 * @return the username or <code>null</code> if unavailable
-	 */
-	public String getRemoteUser() {
-		Authentication auth = getAuthentication();
-
-		if ((auth == null) || (auth.getPrincipal() == null)) {
-			return null;
-		}
-
-		if (auth.getPrincipal() instanceof UserDetails) {
-			return ((UserDetails) auth.getPrincipal()).getUsername();
-		}
-
-		return auth.getPrincipal().toString();
-	}
-
-	/**
-	 * Simple searches for an exactly matching {@link
-	 * GrantedAuthority#getAuthority()}.
-	 * 
-	 * <p>
-	 * Will always return <code>false</code> if the
-	 * <code>SecurityContextHolder</code> contains an
-	 * <code>Authentication</code> with
-	 * <code>null</code><code>principal</code> and/or
-	 * <code>GrantedAuthority[]</code> objects.
-	 * </p>
-	 * 
-	 * @param role the <code>GrantedAuthority</code><code>String</code> representation to check for.
-	 * @return <code>true</code> if an <b>exact</b> (case sensitive) matching granted authority is located, <code>false</code> otherwise.
-	 */
-	public boolean isUserInRole(String role) {
-		return isGranted(role);
-	}
-
-	/**
-	 * Returns the <code>Authentication</code> (which is a subclass of
-	 * <code>Principal</code>), or <code>null</code> if unavailable.
-	 * 
-	 * <p>
-	 * Note: Override this method in order to workaround the problem in Sun Java
-	 * System Application Server 8.1 PE
-	 * </p>
-	 * 
-	 * @return the <code>Authentication</code>, or <code>null</code>
-	 */
-	public Principal getUserPrincipal() {
-		Authentication auth = getAuthentication();
-
-		if ((auth == null) || (auth.getPrincipal() == null)) {
-			return null;
-		}
-
-		return auth;
-	}
-
-	/**
-	 * Obtain the current active <code>Authentication</code>
-	 * 
-	 * @return the authentication object or <code>null</code>
-	 */
-	private Authentication getAuthentication() {
-		Authentication auth = SecurityContextHolder.getContext()
-				.getAuthentication();
-
-		if (!authenticationTrustResolver.isAnonymous(auth)) {
-			return auth;
-		}
-
-		return null;
-	}
-
-	/**
-	 * Determines if principal has been granted a given role.
-	 * 
-	 * @param role The role being tested.
-	 * @return True if principal has been granted the given role.
-	 */
-	private boolean isGranted(String role) {
-		Authentication auth = getAuthentication();
-
-		if ((auth == null) || (auth.getPrincipal() == null)
-				|| (auth.getAuthorities() == null)) {
-			return false;
-		}
-
-		for (int i = 0; i < auth.getAuthorities().length; i++) {
-			if (role.equals(auth.getAuthorities()[i].getAuthority())) {
-				return true;
-			}
-		}
-
-		return false;
-	}
-
-	/**
-	 * The default behavior of this method is to return getMethod() on the
-	 * wrapped request object.
-	 */
-	public String getMethod() {
-		if (savedRequest == null) {
-			return super.getMethod();
-		} else {
-			return savedRequest.getMethod();
-		}
-	}
-
-	/**
-	 * The default behavior of this method is to return getHeader(String name)
-	 * on the wrapped request object.
-	 */
-	public String getHeader(String name) {
-		if (savedRequest == null) {
-			return super.getHeader(name);
-		} else {
-			String header = null;
-			Iterator iterator = savedRequest.getHeaderValues(name);
-			while (iterator.hasNext()) {
-				header = (String) iterator.next();
-				break;
-			}
-			return header;
-		}
-	}
-
-	/**
-	 * The default behavior of this method is to return getIntHeader(String
-	 * name) on the wrapped request object.
-	 */
-	public int getIntHeader(String name) {
-		if (savedRequest == null) {
-			return super.getIntHeader(name);
-		} else {
-			String value = getHeader(name);
-			if (value == null) {
-				return (-1);
-			} else {
-				return (Integer.parseInt(value));
-			}
-		}
-	}
-
-	/**
-	 * The default behavior of this method is to return getDateHeader(String
-	 * name) on the wrapped request object.
-	 */
-	public long getDateHeader(String name) {
-		if (savedRequest == null) {
-			return super.getDateHeader(name);
-		} else {
-			String value = getHeader(name);
-			if (value == null)
-				return (-1L);
-
-			// Attempt to convert the date header in a variety of formats
-			long result = FastHttpDateFormat.parseDate(value, formats);
-			if (result != (-1L)) {
-				return result;
-			}
-			throw new IllegalArgumentException(value);
-		}
-	}
-
-	/**
-	 * The default behavior of this method is to return getHeaderNames() on the
-	 * wrapped request object.
-	 */
-	public Enumeration getHeaderNames() {
-		if (savedRequest == null) {
-			return super.getHeaderNames();
-		} else {
-			return new Enumerator(savedRequest.getHeaderNames());
-		}
-	}
-
-	/**
-	 * The default behavior of this method is to return getHeaders(String name)
-	 * on the wrapped request object.
-	 */
-	public Enumeration getHeaders(String name) {
-		if (savedRequest == null) {
-			return super.getHeaders(name);
-		} else {
-			return new Enumerator(savedRequest.getHeaderValues(name));
-		}
-	}
-
-	/**
-	 * The default behavior of this method is to return getCookies() on the
-	 * wrapped request object.
-	 */
-	public Cookie[] getCookies() {
-		if (savedRequest == null) {
-			return super.getCookies();
-		} else {
-			List cookies = savedRequest.getCookies();
-			return (Cookie[]) cookies.toArray(new Cookie[cookies.size()]);
-		}
-	}
-
-	/**
-	 * The default behavior of this method is to return
-	 * getParameterValues(String name) on the wrapped request object.
-	 */
-	public String[] getParameterValues(String name) {
-		if (savedRequest == null) {
-			return super.getParameterValues(name);
-		} else {
-			return savedRequest.getParameterValues(name);
-		}
-	}
-
-	/**
-	 * The default behavior of this method is to return getParameterNames() on
-	 * the wrapped request object.
-	 */
-	public Enumeration getParameterNames() {
-		if (savedRequest == null) {
-			return super.getParameterNames();
-		} else {
-			return new Enumerator(savedRequest.getParameterNames());
-		}
-	}
-
-	/**
-	 * The default behavior of this method is to return getParameterMap() on the
-	 * wrapped request object.
-	 */
-	public Map getParameterMap() {
-		if (savedRequest == null) {
-			return super.getParameterMap();
-		} else {
-			return savedRequest.getParameterMap();
-		}
-	}
-
-	/**
-	 * The default behavior of this method is to return getParameter(String
-	 * name) on the wrapped request object.
-	 */
-	public String getParameter(String name) {
-
-		/*
-		 * if (savedRequest == null) { return super.getParameter(name); } else {
-		 * String value = null; String[] values =
-		 * savedRequest.getParameterValues(name); if (values == null) return
-		 * null; for (int i = 0; i < values.length; i++) { value = values[i];
-		 * break; } return value; }
-		 */
-
-		// We do not get value from super.getParameter because
-		// of a bug in Jetty servlet-container.
-		String value = null;
-		String[] values = null;
-		if (savedRequest == null) {
-			values = super.getParameterValues(name);
-		} else {
-			values = savedRequest.getParameterValues(name);
-		}
-
-		if (values == null)
-			return null;
-		for (int i = 0; i < values.length; i++) {
-			value = values[i];
-			break;
-		}
-		return value;
-
-	}
-
-	/**
-	 * The default behavior of this method is to return getLocales() on the
-	 * wrapped request object.
-	 */
-	public Enumeration getLocales() {
-		if (savedRequest == null) {
-			return super.getLocales();
-		} else {
-			Iterator iterator = savedRequest.getLocales();
-			if (iterator.hasNext()) {
-				return new Enumerator(iterator);
-			} else {
-				ArrayList results = new ArrayList();
-				results.add(defaultLocale);
-				return new Enumerator(results.iterator());
-			}
-		}
-	}
-
-	/**
-	 * The default behavior of this method is to return getLocale() on the
-	 * wrapped request object.
-	 */
-	public Locale getLocale() {
-		if (savedRequest == null) {
-			return super.getLocale();
-		} else {
-			Locale locale = null;
-			Iterator iterator = savedRequest.getLocales();
-			while (iterator.hasNext()) {
-				locale = (Locale) iterator.next();
-				break;
-			}
-			if (locale == null) {
-				return defaultLocale;
-			} else {
-				return locale;
-			}
-		}
-	}
-
-}

sandbox/src/main/java/org/acegisecurity/wrapper/redirect/Enumerator.java

@@ -1,143 +0,0 @@
-/* Copyright 2004, 2005 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.acegisecurity.wrapper.redirect;
-
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Enumeration;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.NoSuchElementException;
-
-/**
- * <p>Adapter class that wraps an <code>Enumeration</code> around a Java2
- * collection classes object <code>Iterator</code> so that existing APIs
- * returning Enumerations can easily run on top of the new collections.
- * Constructors are provided to easliy create such wrappers.</p>
- * <p>The source code is taken from Apache Tomcat</p>
- *
- * <p><a href="Enumerator.java.html"><i>View Source</i></a></p>
- *
- * @author Craig R. McClanahan
- * @author Andrey Grebnev <a href="mailto:andrey.grebnev@blandware.com">&lt;andrey.grebnev@blandware.com&gt;</a>
- * @version $Revision$ $Date$
- */
-public class Enumerator implements Enumeration {
-
-    // ----------------------------------------------------------- Constructors
-
-    /**
-     * The <code>Iterator</code> over which the <code>Enumeration</code>
-     * represented by this class actually operates.
-     */
-    private Iterator iterator = null;
-
-    /**
-     * Return an Enumeration over the values of the specified Collection.
-     *
-     * @param collection Collection whose values should be enumerated
-     */
-    public Enumerator(Collection collection) {
-        this(collection.iterator());
-    }
-
-    /**
-     * Return an Enumeration over the values of the specified Collection.
-     *
-     * @param collection Collection whose values should be enumerated
-     * @param clone true to clone iterator
-     */
-    public Enumerator(Collection collection, boolean clone) {
-        this(collection.iterator(), clone);
-    }
-
-    /**
-     * Return an Enumeration over the values returned by the
-     * specified Iterator.
-     *
-     * @param iterator Iterator to be wrapped
-     */
-    public Enumerator(Iterator iterator) {
-        super();
-        this.iterator = iterator;
-    }
-
-    /**
-     * Return an Enumeration over the values returned by the
-     * specified Iterator.
-     *
-     * @param iterator Iterator to be wrapped
-     * @param clone true to clone iterator
-     */
-    public Enumerator(Iterator iterator, boolean clone) {
-
-        super();
-        if (!clone) {
-            this.iterator = iterator;
-        } else {
-            List list = new ArrayList();
-            while (iterator.hasNext()) {
-                list.add(iterator.next());
-            }
-            this.iterator = list.iterator();
-        }
-
-    }
-
-    /**
-     * Return an Enumeration over the values of the specified Map.
-     *
-     * @param map Map whose values should be enumerated
-     */
-    public Enumerator(Map map) {
-        this(map.values().iterator());
-    }
-
-    /**
-     * Return an Enumeration over the values of the specified Map.
-     *
-     * @param map Map whose values should be enumerated
-     * @param clone true to clone iterator
-     */
-    public Enumerator(Map map, boolean clone) {
-        this(map.values().iterator(), clone);
-    }
-
-    /**
-     * Tests if this enumeration contains more elements.
-     *
-     * @return <code>true</code> if and only if this enumeration object
-     *  contains at least one more element to provide, <code>false</code>
-     *  otherwise
-     */
-    public boolean hasMoreElements() {
-        return (iterator.hasNext());
-    }
-
-    /**
-     * Returns the next element of this enumeration if this enumeration
-     * has at least one more element to provide.
-     *
-     * @return the next element of this enumeration
-     *
-     * @exception NoSuchElementException if no more elements exist
-     */
-    public Object nextElement() throws NoSuchElementException {
-        return (iterator.next());
-    }
-
-}

sandbox/src/main/java/org/acegisecurity/wrapper/redirect/FastHttpDateFormat.java

@@ -1,226 +0,0 @@
-/* Copyright 2004, 2005 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.acegisecurity.wrapper.redirect;
-
-import java.text.DateFormat;
-import java.text.ParseException;
-import java.text.SimpleDateFormat;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.Locale;
-import java.util.TimeZone;
-
-/**
- * <p>Utility class to generate HTTP dates.</p>
- * <p><a href="FastHttpDateFormat.java.html"><i>View Source</i></a></p>
- * <p>This source code is taken from Tomcat Apache</p>
- *
- * @author Remy Maucherat
- * @author Andrey Grebnev <a href="mailto:andrey.grebnev@blandware.com">&lt;andrey.grebnev@blandware.com&gt;</a>
- * @version $Revision$ $Date$
- */
-public class FastHttpDateFormat {
-
-    /**
-     * Current formatted date.
-     */
-    protected static String currentDate = null;
-
-    /**
-     * Instant on which the currentDate object was generated.
-     */
-    protected static long currentDateGenerated = 0L;
-
-    /**
-     * HTTP date format.
-     */
-    protected static final SimpleDateFormat format =
-        new SimpleDateFormat("EEE, dd MMM yyyy HH:mm:ss zzz", Locale.US);
-
-    /**
-     * Formatter cache.
-     */
-    protected static final HashMap formatCache = new HashMap();
-
-    /**
-     * The set of SimpleDateFormat formats to use in <code>getDateHeader()</code>.
-     */
-    protected static final SimpleDateFormat formats[] = {
-        new SimpleDateFormat("EEE, dd MMM yyyy HH:mm:ss zzz", Locale.US),
-        new SimpleDateFormat("EEEEEE, dd-MMM-yy HH:mm:ss zzz", Locale.US),
-        new SimpleDateFormat("EEE MMMM d HH:mm:ss yyyy", Locale.US)
-    };
-
-    /**
-     * GMT timezone - all HTTP dates are on GMT
-     */
-    protected final static TimeZone gmtZone = TimeZone.getTimeZone("GMT");
-
-    /**
-     * Parser cache.
-     */
-    protected static final HashMap parseCache = new HashMap();
-
-    static {
-
-        format.setTimeZone(gmtZone);
-
-        formats[0].setTimeZone(gmtZone);
-        formats[1].setTimeZone(gmtZone);
-        formats[2].setTimeZone(gmtZone);
-
-    }
-
-    /**
-     * Formats a specified date to HTTP format. If local format is not
-     * <code>null</code>, it's used instead.
-     *
-     * @param value Date value to format
-     * @param threadLocalformat The format to use (or <code>null</code> -- then
-     *                          HTTP format will be used)
-     * @return Formatted date
-     */
-    public static final String formatDate(long value,
-                                          DateFormat threadLocalformat) {
-
-        String cachedDate = null;
-        Long longValue = new Long(value);
-        try {
-            cachedDate = (String) formatCache.get(longValue);
-        } catch (Exception e) {
-        }
-        if (cachedDate != null)
-            return cachedDate;
-
-        String newDate = null;
-        Date dateValue = new Date(value);
-        if (threadLocalformat != null) {
-            newDate = threadLocalformat.format(dateValue);
-            synchronized (formatCache) {
-                updateCache(formatCache, longValue, newDate);
-            }
-        } else {
-            synchronized (formatCache) {
-                newDate = format.format(dateValue);
-                updateCache(formatCache, longValue, newDate);
-            }
-        }
-        return newDate;
-
-    }
-
-    /**
-     * Gets the current date in HTTP format.
-     *
-     * @return Current date in HTTP format
-     */
-    public static final String getCurrentDate() {
-
-        long now = System.currentTimeMillis();
-        if ((now - currentDateGenerated) > 1000) {
-            synchronized (format) {
-                if ((now - currentDateGenerated) > 1000) {
-                    currentDateGenerated = now;
-                    currentDate = format.format(new Date(now));
-                }
-            }
-        }
-        return currentDate;
-
-    }
-
-    /**
-     * Parses date with given formatters.
-     *
-     * @param value The string to parse
-     * @param formats Array of formats to use
-     * @return Parsed date (or <code>null</code> if no formatter mached)
-     */
-    private static final Long internalParseDate
-        (String value, DateFormat[] formats) {
-        Date date = null;
-        for (int i = 0; (date == null) && (i < formats.length); i++) {
-            try {
-                date = formats[i].parse(value);
-            } catch (ParseException e) {
-                ;
-            }
-        }
-        if (date == null) {
-            return null;
-        }
-        return new Long(date.getTime());
-    }
-
-    /**
-     * Tries to parse the given date as an HTTP date. If local format list is not
-     * <code>null</code>, it's used instead.
-     *
-     * @param value The string to parse
-     * @param threadLocalformats Array of formats to use for parsing.
-     *                           If <code>null</code>, HTTP formats are used.
-     * @return Parsed date (or -1 if error occured)
-     */
-    public static final long parseDate(String value,
-                                       DateFormat[] threadLocalformats) {
-
-        Long cachedDate = null;
-        try {
-            cachedDate = (Long) parseCache.get(value);
-        } catch (Exception e) {
-        }
-        if (cachedDate != null)
-            return cachedDate.longValue();
-
-        Long date = null;
-        if (threadLocalformats != null) {
-            date = internalParseDate(value, threadLocalformats);
-            synchronized (parseCache) {
-                updateCache(parseCache, value, date);
-            }
-        } else {
-            synchronized (parseCache) {
-                date = internalParseDate(value, formats);
-                updateCache(parseCache, value, date);
-            }
-        }
-        if (date == null) {
-            return (-1L);
-        } else {
-            return date.longValue();
-        }
-
-    }
-
-    /**
-     * Updates cache.
-     *
-     * @param cache Cache to be updated
-     * @param key Key to be updated
-     * @param value New value
-     */
-    private static final void updateCache(HashMap cache, Object key,
-                                          Object value) {
-        if (value == null) {
-            return;
-        }
-        if (cache.size() > 1000) {
-            cache.clear();
-        }
-        cache.put(key, value);
-    }
-    
-}

sandbox/src/main/java/org/acegisecurity/wrapper/redirect/SavedHttpServletRequest.java

@@ -1,352 +0,0 @@
-/* Copyright 2004, 2005 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.acegisecurity.wrapper.redirect;
-
-import java.util.ArrayList;
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Locale;
-import java.util.Map;
-
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-
-import org.acegisecurity.ui.ExceptionTranslationFilter;
-import org.acegisecurity.wrapper.SecurityContextHolderAwareRequestWrapper;
-
-/**
- * <p>
- * Object that saves the critical information from a request so that
- * HTTP (header and parameter)-based authentication can reproduce it
- * once the user has been authenticated.
- * <p>
- * <b>IMPLEMENTATION NOTE</b> - It is assumed that this object is accessed
- * only from the context of a single thread, so no synchronization around
- * internal collection classes is performed.
- * <p>
- * Note that SavedHttpServletRequest doesn't save uploaded file binary data, although
- * it does save request parameters so that a POST transaction can be faithfully
- * duplicated.  On one hand it is unfortunate to lose such type of data, but on
- * the other hand we don't store it in session because the data can be very big
- * and this solution can overload restricted resources.
- * </p>
- * <p>The original source code from Apache Tomcat<p>
- *
- * @see ExceptionTranslationFilter
- * @see SecurityContextHolderAwareRequestWrapper
- * @author Craig R. McClanahan
- * @author Andrey Grebnev <a href="mailto:andrey.grebnev@blandware.com">&lt;andrey.grebnev@blandware.com&gt;</a>
- * @version $Revision$ $Date$
- */
-public class SavedHttpServletRequest {
-
-    /**
-     * This method provides ability to create SavedHttpServletRequest from HttpServletRequest
-     * @param request           request to be saved
-     * @return saved request    resulting SavedHttpServletRequest
-     */
-    public static SavedHttpServletRequest saveRequest(HttpServletRequest request) {
-        if (request.getRequestURI() == null)
-            return null;
-
-        // Create and populate a SavedHttpServletRequest object for this request
-        SavedHttpServletRequest saved = new SavedHttpServletRequest();
-        Cookie cookies[] = request.getCookies();
-        if (cookies != null) {
-            for (int i = 0; i < cookies.length; i++)
-                saved.addCookie(cookies[i]);
-        }
-        Enumeration names = request.getHeaderNames();
-        while (names.hasMoreElements()) {
-            String name = (String) names.nextElement();
-            Enumeration values = request.getHeaders(name);
-            while (values.hasMoreElements()) {
-                String value = (String) values.nextElement();
-                saved.addHeader(name, value);
-            }
-        }
-        Enumeration locales = request.getLocales();
-        while (locales.hasMoreElements()) {
-            Locale locale = (Locale) locales.nextElement();
-            saved.addLocale(locale);
-        }
-        Map parameters = request.getParameterMap();
-        Iterator paramNames = parameters.keySet().iterator();
-        while (paramNames.hasNext()) {
-            String paramName = (String) paramNames.next();
-            String paramValues[] = (String[]) parameters.get(paramName);
-            saved.addParameter(paramName, paramValues);
-        }
-        saved.setMethod(request.getMethod());
-        saved.setQueryString(request.getQueryString());
-        saved.setRequestURI(request.getRequestURI());
-//        saved.setPathInfo(request.getPathInfo());
-
-        return saved;
-    }
-
-    /**
-     * The set of Cookies associated with this Request.
-     */
-    private ArrayList cookies = new ArrayList();
-
-    /**
-     * The set of Headers associated with this Request.  Each key is a header
-     * name, while the value is a ArrayList containing one or more actual
-     * values for this header.  The values are returned as an Iterator when
-     * you ask for them.
-     */
-    private HashMap headers = new HashMap();
-
-    /**
-     * The set of Locales associated with this Request.
-     */
-    private ArrayList locales = new ArrayList();
-
-    /**
-     * The request method used on this Request.
-     */
-    private String method = null;
-
-    /**
-     * The set of request parameters associated with this Request.  Each
-     * entry is keyed by the parameter name, pointing at a String array of
-     * the corresponding values.
-     */
-    private HashMap parameters = new HashMap();
-
-    /**
-     * The request pathInfo associated with this Request.
-     */
-    private String pathInfo = null;
-
-    /**
-     * The query string associated with this Request.
-     */
-    private String queryString = null;
-
-    /**
-     * The request URI associated with this Request.
-     */
-    private String requestURI = null;
-
-    /**
-     * Adds cookie to list of cookies
-     *
-     * @param cookie cookie to add
-     */
-    public void addCookie(Cookie cookie) {
-        cookies.add(cookie);
-    }
-
-    /**
-     * Adds header
-     *
-     * @param name  header name
-     * @param value header value
-     */
-    public void addHeader(String name, String value) {
-        ArrayList values = (ArrayList) headers.get(name);
-        if (values == null) {
-            values = new ArrayList();
-            headers.put(name, values);
-        }
-        values.add(value);
-    }
-
-    /**
-     * Adds locale
-     *
-     * @param locale locale to add
-     */
-    public void addLocale(Locale locale) {
-        locales.add(locale);
-    }
-
-    /**
-     * Adds parameter
-     *
-     * @param name      parameter name
-     * @param values    parameter values
-     */
-    public void addParameter(String name, String values[]) {
-        parameters.put(name, values);
-    }
-
-    /**
-     * Returns list of cookies
-     *
-     * @return list of cookies
-     */
-    public List getCookies() {
-        return cookies;
-    }
-
-    /**
-     * Returns iterator over header names
-     *
-     * @return iterator over header names
-     */
-    public Iterator getHeaderNames() {
-        return (headers.keySet().iterator());
-    }
-
-    /**
-     * Returns iterator over header values
-     *
-     * @param name header name
-     * @return iterator over header values
-     */
-    public Iterator getHeaderValues(String name) {
-        ArrayList values = (ArrayList) headers.get(name);
-        if (values == null)
-            return ((new ArrayList()).iterator());
-        else
-            return (values.iterator());
-    }
-
-    /**
-     * Returns iterator over locales
-     *
-     * @return iterator over locales
-     */
-    public Iterator getLocales() {
-        return (locales.iterator());
-    }
-
-    /**
-     * Returns request method
-     *
-     * @return request method
-     */
-    public String getMethod() {
-        return (this.method);
-    }
-
-    /**
-     * Returns parameters
-     *
-     * @return parameters map
-     */
-    public Map getParameterMap() {
-        return parameters;
-    }
-
-    /**
-     * Returns iterator over parameter names
-     *
-     * @return iterator over parameter names
-     */
-    public Iterator getParameterNames() {
-        return (parameters.keySet().iterator());
-    }
-
-    /**
-     * Returns parameter values
-     *
-     * @param name parameter name
-     * @return parameter values
-     */
-    public String[] getParameterValues(String name) {
-        return ((String[]) parameters.get(name));
-    }
-
-    /**
-     * Returns path info
-     *
-     * @return path info
-     */
-    public String getPathInfo() {
-        return pathInfo;
-    }
-
-    /**
-     * Returns query string
-     *
-     * @return query string
-     */
-    public String getQueryString() {
-        return (this.queryString);
-    }
-
-    /**
-     * Returns request URI
-     *
-     * @return request URI
-     */
-    public String getRequestURI() {
-        return (this.requestURI);
-    }
-
-    /**
-     * Gets uri with path info and query string
-     *
-     * @return uri with path info and query string
-     */
-    public String getRequestURL() {
-        if (getRequestURI() == null)
-            return null;
-
-        StringBuffer sb = new StringBuffer(getRequestURI());
-//        if (getPathInfo() != null) {
-//            sb.append(getPathInfo());
-//        }
-        if (getQueryString() != null) {
-            sb.append('?');
-            sb.append(getQueryString());
-        }
-        return sb.toString();
-    }
-
-    /**
-     * Sets request method
-     *
-     * @param method request method to set
-     */
-    public void setMethod(String method) {
-        this.method = method;
-    }
-
-    /**
-     * Sets path info
-     *
-     * @param pathInfo path info to set
-     */
-    public void setPathInfo(String pathInfo) {
-        this.pathInfo = pathInfo;
-    }
-
-    /**
-     * Sets query string
-     *
-     * @param queryString query string to set
-     */
-    public void setQueryString(String queryString) {
-        this.queryString = queryString;
-    }
-
-    /**
-     * Sets request URI
-     *
-     * @param requestURI request URI to set
-     */
-    public void setRequestURI(String requestURI) {
-        this.requestURI = requestURI;
-    }
-
-}

sandbox/src/main/java/org/acegisecurity/wrapper/redirect/package.html

@@ -1,8 +0,0 @@
-<html>
-<body>
-Redirection helper code for
-<code>SecurityContextHolderAwareRequestWrapper</code>
-and
-<code>SecurityEnforcementFilter</code>.
-</body>
-</html>