SEC-678: Merged changes from trunk.

core/src/main/java/org/acegisecurity/AbstractAuthenticationManager.java

@@ -23,6 +23,10 @@ package org.acegisecurity;
  * @version $Id$
  */
 public abstract class AbstractAuthenticationManager implements AuthenticationManager {
+
+    //~ Instance fields ================================================================================================
+    private boolean clearExtraInformation = true;
+
     //~ Methods ========================================================================================================
 
     /**
@@ -43,6 +47,11 @@ public abstract class AbstractAuthenticationManager implements AuthenticationMan
             return doAuthentication(authRequest);
         } catch (AuthenticationException e) {
             e.setAuthentication(authRequest);
+
+            if (clearExtraInformation) {
+                e.clearExtraInformation();
+            }
+
             throw e;
         }
     }
@@ -60,4 +69,15 @@ public abstract class AbstractAuthenticationManager implements AuthenticationMan
      */
     protected abstract Authentication doAuthentication(Authentication authentication)
         throws AuthenticationException;
+
+    /**
+     * If set to true, the <tt>extraInformation</tt> set on an <tt>AuthenticationException</tt> will be cleared
+     * before rethrowing it. This is useful for use with remoting protocols where the information shouldn't
+     * be serialized to the client. Defaults to 'false'.
+     *
+     * @see AuthenticationException#getExtraInformation()
+     */
+    public void setClearExtraInformation(boolean clearExtraInformation) {
+        this.clearExtraInformation = clearExtraInformation;
+    }
 }

core/src/main/java/org/acegisecurity/AccountExpiredException.java

@@ -25,7 +25,7 @@ package org.acegisecurity;
 public class AccountExpiredException extends AuthenticationException {
     //~ Constructors ===================================================================================================
 
-/**
+    /**
      * Constructs a <code>AccountExpiredException</code> with the specified
      * message.
      *
@@ -35,7 +35,7 @@ public class AccountExpiredException extends AuthenticationException {
         super(msg);
     }
 
-/**
+    /**
      * Constructs a <code>AccountExpiredException</code> with the specified
      * message and root cause.
      *
@@ -45,4 +45,8 @@ public class AccountExpiredException extends AuthenticationException {
     public AccountExpiredException(String msg, Throwable t) {
         super(msg, t);
     }
+
+    public AccountExpiredException(String msg, Object extraInformation) {
+        super(msg, extraInformation);
+    }
 }

core/src/main/java/org/acegisecurity/AuthenticationException.java

@@ -25,12 +25,12 @@ package org.acegisecurity;
 public abstract class AuthenticationException extends AcegiSecurityException {
     //~ Instance fields ================================================================================================
 
-    /** The authentication that related to this exception (may be <code>null</code>) */
     private Authentication authentication;
+    private Object extraInformation;
 
     //~ Constructors ===================================================================================================
 
-/**
+    /**
      * Constructs an <code>AuthenticationException</code> with the specified
      * message and root cause.
      *
@@ -41,7 +41,7 @@ public abstract class AuthenticationException extends AcegiSecurityException {
         super(msg, t);
     }
 
-/**
+    /**
      * Constructs an <code>AuthenticationException</code> with the specified
      * message and no root cause.
      *
@@ -51,8 +51,16 @@ public abstract class AuthenticationException extends AcegiSecurityException {
         super(msg);
     }
 
+    public AuthenticationException(String msg, Object extraInformation) {
+        super(msg);
+        this.extraInformation = extraInformation;
+    }
+
     //~ Methods ========================================================================================================
 
+    /**
+     * The authentication request which this exception corresponds to (may be <code>null</code>)
+     */
     public Authentication getAuthentication() {
         return authentication;
     }
@@ -60,4 +68,17 @@ public abstract class AuthenticationException extends AcegiSecurityException {
     void setAuthentication(Authentication authentication) {
         this.authentication = authentication;
     }
+
+    /**
+     * Any additional information about the exception. Generally a <code>UserDetails</code> object.
+     *
+     * @return extra information or <code>null</code>
+     */
+    public Object getExtraInformation() {
+        return extraInformation;
+    }
+
+    void clearExtraInformation() {
+        this.extraInformation = null;
+    }
 }

core/src/main/java/org/acegisecurity/BadCredentialsException.java

@@ -23,10 +23,6 @@ package org.acegisecurity;
  * @version $Id$
  */
 public class BadCredentialsException extends AuthenticationException {
-    //~ Instance fields ================================================================================================
-
-    private Object extraInformation;
-
     //~ Constructors ===================================================================================================
 
     /**
@@ -40,8 +36,7 @@ public class BadCredentialsException extends AuthenticationException {
     }
 
     public BadCredentialsException(String msg, Object extraInformation) {
-        super(msg);
-        this.extraInformation = extraInformation;
+        super(msg, extraInformation);
     }
 
     /**
@@ -57,12 +52,4 @@ public class BadCredentialsException extends AuthenticationException {
 
     //~ Methods ========================================================================================================
 
-    /**
-     * Any additional information about the exception. Generally a <code>UserDetails</code> object.
-     *
-     * @return extra information or <code>null</code>
-     */
-    public Object getExtraInformation() {
-        return extraInformation;
-    }
 }

core/src/main/java/org/acegisecurity/CredentialsExpiredException.java

@@ -45,4 +45,8 @@ public class CredentialsExpiredException extends AuthenticationException {
     public CredentialsExpiredException(String msg, Throwable t) {
         super(msg, t);
     }
+
+    public CredentialsExpiredException(String msg, Object extraInformation) {
+        super(msg, extraInformation);
+    }
 }

core/src/main/java/org/acegisecurity/DisabledException.java

@@ -44,4 +44,8 @@ public class DisabledException extends AuthenticationException {
     public DisabledException(String msg, Throwable t) {
         super(msg, t);
     }
+
+    public DisabledException(String msg, Object extraInformation) {
+        super(msg, extraInformation);
+    }
 }

core/src/main/java/org/acegisecurity/LockedException.java

@@ -44,4 +44,8 @@ public class LockedException extends AuthenticationException {
     public LockedException(String msg, Throwable t) {
         super(msg, t);
     }
+
+    public LockedException(String msg, Object extraInformation) {
+        super(msg, extraInformation);
+    }
 }

core/src/main/java/org/acegisecurity/providers/dao/AbstractUserDetailsAuthenticationProvider.java

@@ -266,6 +266,12 @@ public abstract class AbstractUserDetailsAuthenticationProvider implements Authe
         return preAuthenticationChecks;
     }
 
+    /**
+     * Sets the policy will be used to verify the status of the loaded <tt>UserDetails</tt> <em>before</em>
+     * validation of the credentials takes place.
+     *
+     * @param preAuthenticationChecks strategy to be invoked prior to authentication. 
+     */
     public void setPreAuthenticationChecks(UserDetailsChecker preAuthenticationChecks) {
         this.preAuthenticationChecks = preAuthenticationChecks;
     }
@@ -286,19 +292,18 @@ public abstract class AbstractUserDetailsAuthenticationProvider implements Authe
         public void check(UserDetails user) {
             if (!user.isAccountNonLocked()) {
                 throw new LockedException(messages.getMessage("AbstractUserDetailsAuthenticationProvider.locked",
-                        "User account is locked"));
+                        "User account is locked"), user);
             }
 
             if (!user.isEnabled()) {
                 throw new DisabledException(messages.getMessage("AbstractUserDetailsAuthenticationProvider.disabled",
-                        "User is disabled"));
+                        "User is disabled"), user);
             }
 
             if (!user.isAccountNonExpired()) {
                 throw new AccountExpiredException(messages.getMessage("AbstractUserDetailsAuthenticationProvider.expired",
-                        "User account has expired"));
+                        "User account has expired"), user);
             }
-
         }
     }
 
@@ -306,9 +311,9 @@ public abstract class AbstractUserDetailsAuthenticationProvider implements Authe
         public void check(UserDetails user) {
             if (!user.isCredentialsNonExpired()) {
                 throw new CredentialsExpiredException(messages.getMessage(
-                        "AbstractUserDetailsAuthenticationProvider.credentialsExpired", "User credentials have expired"));
+                        "AbstractUserDetailsAuthenticationProvider.credentialsExpired",
+                        "User credentials have expired"), user);
             }
-
         }
     }
 }

core/src/main/java/org/acegisecurity/providers/dao/DaoAuthenticationProvider.java

@@ -15,8 +15,6 @@
 
 package org.acegisecurity.providers.dao;
 
-import java.util.Map;
-
 import org.acegisecurity.AuthenticationException;
 import org.acegisecurity.AuthenticationServiceException;
 import org.acegisecurity.BadCredentialsException;
@@ -26,7 +24,6 @@ import org.acegisecurity.providers.encoding.PasswordEncoder;
 import org.acegisecurity.providers.encoding.PlaintextPasswordEncoder;
 import org.acegisecurity.userdetails.UserDetails;
 import org.acegisecurity.userdetails.UserDetailsService;
-import org.springframework.context.ApplicationContext;
 import org.springframework.dao.DataAccessException;
 import org.springframework.util.Assert;
 
@@ -82,31 +79,6 @@ public class DaoAuthenticationProvider extends AbstractUserDetailsAuthentication
 		Assert.notNull(this.userDetailsService, "A UserDetailsService must be set");
 	}
 
-	/**
-	 * Introspects the <code>Applicationcontext</code> for the single instance
-	 * of {@link AccessDeniedHandler}. If found invoke
-	 * setAccessDeniedHandler(AccessDeniedHandler accessDeniedHandler) method by
-	 * providing the found instance of accessDeniedHandler as a method
-	 * parameter. If more than one instance of <code>AccessDeniedHandler</code>
-	 * is found, the method throws <code>IllegalStateException</code>.
-	 * 
-	 * @param applicationContext to locate the instance
-	 */
-	private void autoDetectAnyUserDetailsServiceAndUseIt(ApplicationContext applicationContext) {
-		if (applicationContext != null) {
-			Map map = applicationContext.getBeansOfType(UserDetailsService.class);
-
-			if (map.size() > 1) {
-				throw new IllegalArgumentException(
-						"More than one UserDetailsService beans detected please refer to the one using "
-								+ " [ principalRepositoryBeanRef  ] " + "attribute");
-			}
-			else if (map.size() == 1) {
-				setUserDetailsService((UserDetailsService) map.values().iterator().next());
-			}
-		}
-	}
-
 	public PasswordEncoder getPasswordEncoder() {
 		return passwordEncoder;
 	}
@@ -172,5 +144,4 @@ public class DaoAuthenticationProvider extends AbstractUserDetailsAuthentication
 	public void setIncludeDetailsObject(boolean includeDetailsObject) {
 		this.includeDetailsObject = includeDetailsObject;
 	}
-
 }

core/src/main/java/org/acegisecurity/userdetails/checker/AccountStatusUserDetailsChecker.java

@@ -22,21 +22,21 @@ public class AccountStatusUserDetailsChecker implements UserDetailsChecker {
 
     public void check(UserDetails user) {
         if (!user.isAccountNonLocked()) {
-            throw new LockedException(messages.getMessage("UserDetailsService.locked", "User account is locked"));
+            throw new LockedException(messages.getMessage("UserDetailsService.locked", "User account is locked"), user);
         }
 
         if (!user.isEnabled()) {
-            throw new DisabledException(messages.getMessage("UserDetailsService.disabled", "User is disabled"));
+            throw new DisabledException(messages.getMessage("UserDetailsService.disabled", "User is disabled"), user);
         }
 
         if (!user.isAccountNonExpired()) {
             throw new AccountExpiredException(messages.getMessage("UserDetailsService.expired",
-                    "User account has expired"));
+                    "User account has expired"), user);
         }
 
         if (!user.isCredentialsNonExpired()) {
             throw new CredentialsExpiredException(messages.getMessage("UserDetailsService.credentialsExpired",
-                    "User credentials have expired"));
+                    "User credentials have expired"), user);
         }
     }
 }