SEC-427: Fix. Added NullAuthoritiesPopulator and extra constructor.

2007-08-30 21:12:16 +00:00 · 2007-08-30 21:12:16 +00:00 · 0c4916ee98
parent 301626fd6e
commit 0c4916ee98
2 changed files with 32 additions and 5 deletions
--- a/core/src/main/java/org/acegisecurity/providers/ldap/LdapAuthenticationProvider.java
+++ b/core/src/main/java/org/acegisecurity/providers/ldap/LdapAuthenticationProvider.java
@ -19,6 +19,7 @@ import org.acegisecurity.AuthenticationException;
 import org.acegisecurity.BadCredentialsException;
 import org.acegisecurity.GrantedAuthority;
 import org.acegisecurity.AuthenticationServiceException;
+import org.acegisecurity.ldap.LdapDataAccessException;

 import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
 import org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider;
@ -126,8 +127,8 @@ public class LdapAuthenticationProvider extends AbstractUserDetailsAuthenticatio

    //~ Constructors ===================================================================================================

-	/**
-     * Create an initialized instance to the values passed as arguments
+    /**
+     * Create an instance with the supplied authenticator and authorities populator implementations.
     *
     * @param authenticator the authentication strategy (bind, password comparison, etc)
     *          to be used by this provider for authenticating users.
@ -139,6 +140,17 @@ public class LdapAuthenticationProvider extends AbstractUserDetailsAuthenticatio
        this.setAuthoritiesPopulator(authoritiesPopulator);
    }

+    /**
+     * Creates an instance with the supplied authenticator and a null authorities populator.
+     * In this case, the authorities must be mapped from the user context.
+     *
+     * @param authenticator the authenticator strategy.
+     */
+    public LdapAuthenticationProvider(LdapAuthenticator authenticator) {
+        this.setAuthenticator(authenticator);
+        this.setAuthoritiesPopulator(new NullAuthoritiesPopulator());
+    }    
+
    //~ Methods ========================================================================================================

    private void setAuthenticator(LdapAuthenticator authenticator) {
@ -234,4 +246,13 @@ public class LdapAuthenticationProvider extends AbstractUserDetailsAuthenticatio
    public void setIncludeDetailsObject(boolean includeDetailsObject) {
        this.includeDetailsObject = includeDetailsObject;
    }
+
+    //~ Inner Classes ==================================================================================================
+
+    private static class NullAuthoritiesPopulator implements LdapAuthoritiesPopulator {
+        public GrantedAuthority[] getGrantedAuthorities(LdapUserDetails userDetails) throws LdapDataAccessException {
+            return new GrantedAuthority[0];
+        }
+    }
 }
+
--- a/core/src/test/java/org/acegisecurity/providers/ldap/LdapAuthenticationProviderTests.java
+++ b/core/src/test/java/org/acegisecurity/providers/ldap/LdapAuthenticationProviderTests.java
@ -47,7 +47,6 @@ public class LdapAuthenticationProviderTests extends TestCase {
    }

    public LdapAuthenticationProviderTests() {
-        super();
    }

    //~ Methods ========================================================================================================
@ -86,8 +85,7 @@ public class LdapAuthenticationProviderTests extends TestCase {
    }

    public void testEmptyPasswordIsRejected() {
-        LdapAuthenticationProvider ldapProvider = new LdapAuthenticationProvider(new MockAuthenticator(),
-                new MockAuthoritiesPopulator());
+        LdapAuthenticationProvider ldapProvider = new LdapAuthenticationProvider(new MockAuthenticator());
        try {
            ldapProvider.retrieveUser("jen", new UsernamePasswordAuthenticationToken("jen", ""));
            fail("Expected BadCredentialsException for empty password");
@ -116,6 +114,14 @@ public class LdapAuthenticationProviderTests extends TestCase {
        ldapProvider.additionalAuthenticationChecks(user, authRequest);
    }

+    public void testUseWithNullAuthoritiesPopulatorReturnsCorrectRole() {
+        LdapAuthenticationProvider ldapProvider = new LdapAuthenticationProvider(new MockAuthenticator());
+        UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken("bob", "bobspassword");
+        UserDetails user = ldapProvider.retrieveUser("bob", authRequest);
+        assertEquals(1, user.getAuthorities().length);
+        assertEquals("ROLE_FROM_ENTRY", user.getAuthorities()[0].getAuthority());
+    }
+
    //~ Inner Classes ==================================================================================================

    class MockAuthenticator implements LdapAuthenticator {