From 0c4916ee98dee5ee6a75362b9ba5b1621eb3194a Mon Sep 17 00:00:00 2001
From: Luke Taylor <luke.taylor@springsource.com>
Date: Thu, 30 Aug 2007 21:12:16 +0000
Subject: [PATCH] SEC-427: Fix. Added NullAuthoritiesPopulator and extra
 constructor.

---
 .../ldap/LdapAuthenticationProvider.java      | 25 +++++++++++++++++--
 .../ldap/LdapAuthenticationProviderTests.java | 12 ++++++---
 2 files changed, 32 insertions(+), 5 deletions(-)

diff --git a/core/src/main/java/org/acegisecurity/providers/ldap/LdapAuthenticationProvider.java b/core/src/main/java/org/acegisecurity/providers/ldap/LdapAuthenticationProvider.java
index 18b2adffb4..c1069ea20d 100644
--- a/core/src/main/java/org/acegisecurity/providers/ldap/LdapAuthenticationProvider.java
+++ b/core/src/main/java/org/acegisecurity/providers/ldap/LdapAuthenticationProvider.java
@@ -19,6 +19,7 @@ import org.acegisecurity.AuthenticationException;
 import org.acegisecurity.BadCredentialsException;
 import org.acegisecurity.GrantedAuthority;
 import org.acegisecurity.AuthenticationServiceException;
+import org.acegisecurity.ldap.LdapDataAccessException;
 
 import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
 import org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider;
@@ -126,8 +127,8 @@ public class LdapAuthenticationProvider extends AbstractUserDetailsAuthenticatio
 
     //~ Constructors ===================================================================================================
 
-	/**
-     * Create an initialized instance to the values passed as arguments
+    /**
+     * Create an instance with the supplied authenticator and authorities populator implementations.
      *
      * @param authenticator the authentication strategy (bind, password comparison, etc)
      *          to be used by this provider for authenticating users.
@@ -139,6 +140,17 @@ public class LdapAuthenticationProvider extends AbstractUserDetailsAuthenticatio
         this.setAuthoritiesPopulator(authoritiesPopulator);
     }
 
+    /**
+     * Creates an instance with the supplied authenticator and a null authorities populator.
+     * In this case, the authorities must be mapped from the user context.
+     *
+     * @param authenticator the authenticator strategy.
+     */
+    public LdapAuthenticationProvider(LdapAuthenticator authenticator) {
+        this.setAuthenticator(authenticator);
+        this.setAuthoritiesPopulator(new NullAuthoritiesPopulator());
+    }    
+
     //~ Methods ========================================================================================================
 
     private void setAuthenticator(LdapAuthenticator authenticator) {
@@ -234,4 +246,13 @@ public class LdapAuthenticationProvider extends AbstractUserDetailsAuthenticatio
     public void setIncludeDetailsObject(boolean includeDetailsObject) {
         this.includeDetailsObject = includeDetailsObject;
     }
+
+    //~ Inner Classes ==================================================================================================
+
+    private static class NullAuthoritiesPopulator implements LdapAuthoritiesPopulator {
+        public GrantedAuthority[] getGrantedAuthorities(LdapUserDetails userDetails) throws LdapDataAccessException {
+            return new GrantedAuthority[0];
+        }
+    }
 }
+
diff --git a/core/src/test/java/org/acegisecurity/providers/ldap/LdapAuthenticationProviderTests.java b/core/src/test/java/org/acegisecurity/providers/ldap/LdapAuthenticationProviderTests.java
index 1971991c44..7a68686b3f 100644
--- a/core/src/test/java/org/acegisecurity/providers/ldap/LdapAuthenticationProviderTests.java
+++ b/core/src/test/java/org/acegisecurity/providers/ldap/LdapAuthenticationProviderTests.java
@@ -47,7 +47,6 @@ public class LdapAuthenticationProviderTests extends TestCase {
     }
 
     public LdapAuthenticationProviderTests() {
-        super();
     }
 
     //~ Methods ========================================================================================================
@@ -86,8 +85,7 @@ public class LdapAuthenticationProviderTests extends TestCase {
     }
 
     public void testEmptyPasswordIsRejected() {
-        LdapAuthenticationProvider ldapProvider = new LdapAuthenticationProvider(new MockAuthenticator(),
-                new MockAuthoritiesPopulator());
+        LdapAuthenticationProvider ldapProvider = new LdapAuthenticationProvider(new MockAuthenticator());
         try {
             ldapProvider.retrieveUser("jen", new UsernamePasswordAuthenticationToken("jen", ""));
             fail("Expected BadCredentialsException for empty password");
@@ -116,6 +114,14 @@ public class LdapAuthenticationProviderTests extends TestCase {
         ldapProvider.additionalAuthenticationChecks(user, authRequest);
     }
 
+    public void testUseWithNullAuthoritiesPopulatorReturnsCorrectRole() {
+        LdapAuthenticationProvider ldapProvider = new LdapAuthenticationProvider(new MockAuthenticator());
+        UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken("bob", "bobspassword");
+        UserDetails user = ldapProvider.retrieveUser("bob", authRequest);
+        assertEquals(1, user.getAuthorities().length);
+        assertEquals("ROLE_FROM_ENTRY", user.getAuthorities()[0].getAuthority());
+    }
+
     //~ Inner Classes ==================================================================================================
 
     class MockAuthenticator implements LdapAuthenticator {