Upgraded Spring Security to 3.1.0

Author: poutsma

parent/pom.xml

@@ -554,7 +554,7 @@
             <dependency>
                 <groupId>org.springframework.security</groupId>
                 <artifactId>spring-security-core</artifactId>
-                <version>3.0.7.RELEASE</version>
+                <version>3.1.0.RELEASE</version>
                 <exclusions>
                     <exclusion>
                         <groupId>org.springframework</groupId>
@@ -565,7 +565,7 @@
             <dependency>
                 <groupId>org.springframework.security</groupId>
                 <artifactId>spring-security-core</artifactId>
-                <version>3.0.7.RELEASE</version>
+                <version>3.1.0.RELEASE</version>
                 <classifier>tests</classifier>
                 <exclusions>
                     <exclusion>
@@ -577,7 +577,7 @@
             <dependency>
                 <groupId>org.springframework.security</groupId>
                 <artifactId>spring-security-config</artifactId>
-                <version>3.0.7.RELEASE</version>
+                <version>3.1.0.RELEASE</version>
             </dependency>
             <!-- X.509 dependencies -->
             <dependency>

security/src/main/java/org/springframework/ws/soap/security/x509/X509AuthenticationToken.java

@@ -1,11 +1,11 @@
 /*
- * Copyright 2005-2010 the original author or authors.
+ * Copyright 2005-2012 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
@@ -58,7 +58,7 @@ public X509AuthenticationToken(X509Certificate credentials) {
      * @param credentials the certificate
      * @param authorities the authorities
      */
-    public X509AuthenticationToken(Object principal, X509Certificate credentials, Collection<GrantedAuthority> authorities) {
+    public X509AuthenticationToken(Object principal, X509Certificate credentials, Collection<? extends GrantedAuthority> authorities) {
         super(authorities);
         this.principal = principal;
         this.credentials = credentials;

security/src/test/java/org/springframework/ws/soap/security/wss4j/Wss4jMessageInterceptorSpringSecurityCallbackHandlerTestCase.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2005-2011 the original author or authors.
+ * Copyright 2005-2012 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -22,7 +22,6 @@
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
-import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.userdetails.memory.InMemoryDaoImpl;
 import org.springframework.ws.context.DefaultMessageContext;
@@ -119,7 +118,7 @@ protected EndpointInterceptor prepareInterceptor(String actions, boolean validat
         else {
             SpringPlainTextPasswordValidationCallbackHandler callbackHandler =
                     new SpringPlainTextPasswordValidationCallbackHandler();
-            Authentication authResult = new TestingAuthenticationToken("Bert", "Ernie", new GrantedAuthority[0]);
+            Authentication authResult = new TestingAuthenticationToken("Bert", "Ernie");
             expect(authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("Bert", "Ernie"))).andReturn(authResult);
             callbackHandler.setAuthenticationManager(authenticationManager);
             callbackHandler.afterPropertiesSet();

security/src/test/java/org/springframework/ws/soap/security/wss4j/callback/SpringDigestPasswordValidationCallbackHandlerTest.java

@@ -1,11 +1,11 @@
 /*
- * Copyright 2005-2010 the original author or authors.
+ * Copyright 2005-2012 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
@@ -17,10 +17,11 @@
 package org.springframework.ws.soap.security.wss4j.callback;
 
 import java.util.Collection;
+import java.util.Collections;
 
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.authority.GrantedAuthorityImpl;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.userdetails.User;
@@ -39,7 +40,7 @@ public class SpringDigestPasswordValidationCallbackHandlerTest {
 
     private SpringDigestPasswordValidationCallbackHandler callbackHandler;
 
-    private GrantedAuthorityImpl grantedAuthority;
+    private SimpleGrantedAuthority grantedAuthority;
 
     private UsernameTokenPrincipalCallback callback;
 
@@ -49,8 +50,8 @@ public class SpringDigestPasswordValidationCallbackHandlerTest {
     public void setUp() throws Exception {
         callbackHandler = new SpringDigestPasswordValidationCallbackHandler();
 
-        grantedAuthority = new GrantedAuthorityImpl("ROLE_1");
-        user = new User("Ernie", "Bert", true, true, true, true, new GrantedAuthority[]{grantedAuthority});
+        grantedAuthority = new SimpleGrantedAuthority("ROLE_1");
+        user = new User("Ernie", "Bert", true, true, true, true, Collections.singleton(grantedAuthority));
 
         WSUsernameTokenPrincipal principal = new WSUsernameTokenPrincipal("Ernie", true);
         callback = new UsernameTokenPrincipalCallback(principal);
@@ -70,7 +71,7 @@ public void testHandleUsernameTokenPrincipal() throws Exception {
         Assert.assertNotNull("SecurityContext must not be null", context);
         Authentication authentication = context.getAuthentication();
         Assert.assertNotNull("Authentication must not be null", authentication);
-        Collection<GrantedAuthority> authorities = authentication.getAuthorities();
+        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
         Assert.assertTrue("GrantedAuthority[] must not be null or empty",
                 (authorities != null && authorities.size() > 0));
         Assert.assertEquals("Unexpected authority", grantedAuthority, authorities.iterator().next());

security/src/test/java/org/springframework/ws/soap/security/xwss/callback/SpringCertificateValidationCallbackHandlerTest.java

@@ -1,11 +1,11 @@
 /*
- * Copyright 2005-2010 the original author or authors.
+ * Copyright 2005-2012 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
@@ -19,15 +19,16 @@
 import java.io.InputStream;
 import java.security.KeyStore;
 import java.security.cert.X509Certificate;
+import java.util.Collections;
 
 import org.springframework.core.io.ClassPathResource;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.authentication.TestingAuthenticationToken;
-import org.springframework.ws.soap.security.x509.X509AuthenticationToken;
 import org.springframework.ws.soap.security.callback.CleanupCallback;
+import org.springframework.ws.soap.security.x509.X509AuthenticationToken;
 
 import com.sun.xml.wss.impl.callback.CertificateValidationCallback;
 import org.junit.After;
@@ -75,7 +76,7 @@ public void tearDown() throws Exception {
     @Test
     public void testValidateCertificateValid() throws Exception {
         expect(authenticationManager.authenticate(isA(X509AuthenticationToken.class)))
-                .andReturn(new TestingAuthenticationToken(certificate, null, new GrantedAuthority[0]));
+                .andReturn(new TestingAuthenticationToken(certificate, null, Collections.<GrantedAuthority>emptyList()));
 
         replay(authenticationManager);
 
@@ -105,7 +106,7 @@ public void testValidateCertificateInvalid() throws Exception {
     @Test
     public void testCleanUp() throws Exception {
         TestingAuthenticationToken authentication =
-                new TestingAuthenticationToken(new Object(), new Object(), new GrantedAuthority[0]);
+                new TestingAuthenticationToken(new Object(), new Object(), Collections.<GrantedAuthority>emptyList());
         SecurityContextHolder.getContext().setAuthentication(authentication);
 
         CleanupCallback cleanupCallback = new CleanupCallback();

security/src/test/java/org/springframework/ws/soap/security/xwss/callback/SpringDigestPasswordValidationCallbackHandlerTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2005-2011 the original author or authors.
+ * Copyright 2005-2012 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,8 @@
 
 package org.springframework.ws.soap.security.xwss.callback;
 
+import java.util.Collections;
+
 import org.springframework.security.authentication.DisabledException;
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.GrantedAuthority;
@@ -81,7 +83,7 @@ public void testAuthenticateUserDigestUserNotFound() throws Exception {
 
     @Test
     public void testAuthenticateUserDigestValid() throws Exception {
-        User user = new User(username, password, true, true, true, true, new GrantedAuthority[0]);
+        User user = new User(username, password, true, true, true, true, Collections.<GrantedAuthority>emptyList());
         expect(userDetailsService.loadUserByUsername(username)).andReturn(user);
 
         replay(userDetailsService);
@@ -96,7 +98,7 @@ public void testAuthenticateUserDigestValid() throws Exception {
 
     @Test
     public void testAuthenticateUserDigestValidInvalid() throws Exception {
-        User user = new User(username, "Big bird", true, true, true, true, new GrantedAuthority[0]);
+        User user = new User(username, "Big bird", true, true, true, true, Collections.<GrantedAuthority>emptyList());
         expect(userDetailsService.loadUserByUsername(username)).andReturn(user);
 
         replay(userDetailsService);
@@ -111,7 +113,7 @@ public void testAuthenticateUserDigestValidInvalid() throws Exception {
 
     @Test
     public void testAuthenticateUserDigestDisabled() throws Exception {
-        User user = new User(username, "Ernie", false, true, true, true, new GrantedAuthority[0]);
+        User user = new User(username, "Ernie", false, true, true, true, Collections.<GrantedAuthority>emptyList());
         expect(userDetailsService.loadUserByUsername(username)).andReturn(user);
 
         replay(userDetailsService);
@@ -128,7 +130,7 @@ public void testAuthenticateUserDigestDisabled() throws Exception {
     @Test
     public void testCleanUp() throws Exception {
         TestingAuthenticationToken authentication =
-                new TestingAuthenticationToken(new Object(), new Object(), new GrantedAuthority[0]);
+                new TestingAuthenticationToken(new Object(), new Object(), Collections.<GrantedAuthority>emptyList());
         SecurityContextHolder.getContext().setAuthentication(authentication);
 
         CleanupCallback cleanupCallback = new CleanupCallback();

security/src/test/java/org/springframework/ws/soap/security/xwss/callback/SpringPlainTextPasswordValidationCallbackHandlerTest.java

@@ -1,11 +1,11 @@
 /*
- * Copyright 2005-2010 the original author or authors.
+ * Copyright 2005-2012 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
@@ -16,13 +16,15 @@
 
 package org.springframework.ws.soap.security.xwss.callback;
 
-import org.springframework.security.core.Authentication;
+import java.util.Collections;
+
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.BadCredentialsException;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.ws.soap.security.callback.CleanupCallback;
 
 import com.sun.xml.wss.impl.callback.PasswordValidationCallback;
@@ -64,7 +66,8 @@ public void tearDown() throws Exception {
 
     @Test
     public void testAuthenticateUserPlainTextValid() throws Exception {
-        Authentication authResult = new TestingAuthenticationToken(username, password, new GrantedAuthority[0]);
+        Authentication authResult = new TestingAuthenticationToken(username, password, Collections
+                        .<GrantedAuthority>emptyList());
         expect(authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(username, password))).andReturn(authResult);
 
         replay(authenticationManager);
@@ -94,7 +97,7 @@ public void testAuthenticateUserPlainTextInvalid() throws Exception {
     @Test
     public void testCleanUp() throws Exception {
         TestingAuthenticationToken authentication =
-                new TestingAuthenticationToken(new Object(), new Object(), new GrantedAuthority[0]);
+                new TestingAuthenticationToken(new Object(), new Object(), Collections.<GrantedAuthority>emptyList());
         SecurityContextHolder.getContext().setAuthentication(authentication);
 
         CleanupCallback cleanupCallback = new CleanupCallback();