SEC-427: Fix. Added NullAuthoritiesPopulator and extra constructor.

This commit is contained in:
Luke Taylor 2007-08-30 21:12:16 +00:00
parent 301626fd6e
commit 0c4916ee98
2 changed files with 32 additions and 5 deletions

View File

@ -19,6 +19,7 @@ import org.acegisecurity.AuthenticationException;
import org.acegisecurity.BadCredentialsException; import org.acegisecurity.BadCredentialsException;
import org.acegisecurity.GrantedAuthority; import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.AuthenticationServiceException; import org.acegisecurity.AuthenticationServiceException;
import org.acegisecurity.ldap.LdapDataAccessException;
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken; import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider; import org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider;
@ -127,7 +128,7 @@ public class LdapAuthenticationProvider extends AbstractUserDetailsAuthenticatio
//~ Constructors =================================================================================================== //~ Constructors ===================================================================================================
/** /**
* Create an initialized instance to the values passed as arguments * Create an instance with the supplied authenticator and authorities populator implementations.
* *
* @param authenticator the authentication strategy (bind, password comparison, etc) * @param authenticator the authentication strategy (bind, password comparison, etc)
* to be used by this provider for authenticating users. * to be used by this provider for authenticating users.
@ -139,6 +140,17 @@ public class LdapAuthenticationProvider extends AbstractUserDetailsAuthenticatio
this.setAuthoritiesPopulator(authoritiesPopulator); this.setAuthoritiesPopulator(authoritiesPopulator);
} }
/**
* Creates an instance with the supplied authenticator and a null authorities populator.
* In this case, the authorities must be mapped from the user context.
*
* @param authenticator the authenticator strategy.
*/
public LdapAuthenticationProvider(LdapAuthenticator authenticator) {
this.setAuthenticator(authenticator);
this.setAuthoritiesPopulator(new NullAuthoritiesPopulator());
}
//~ Methods ======================================================================================================== //~ Methods ========================================================================================================
private void setAuthenticator(LdapAuthenticator authenticator) { private void setAuthenticator(LdapAuthenticator authenticator) {
@ -234,4 +246,13 @@ public class LdapAuthenticationProvider extends AbstractUserDetailsAuthenticatio
public void setIncludeDetailsObject(boolean includeDetailsObject) { public void setIncludeDetailsObject(boolean includeDetailsObject) {
this.includeDetailsObject = includeDetailsObject; this.includeDetailsObject = includeDetailsObject;
} }
//~ Inner Classes ==================================================================================================
private static class NullAuthoritiesPopulator implements LdapAuthoritiesPopulator {
public GrantedAuthority[] getGrantedAuthorities(LdapUserDetails userDetails) throws LdapDataAccessException {
return new GrantedAuthority[0];
}
}
} }

View File

@ -47,7 +47,6 @@ public class LdapAuthenticationProviderTests extends TestCase {
} }
public LdapAuthenticationProviderTests() { public LdapAuthenticationProviderTests() {
super();
} }
//~ Methods ======================================================================================================== //~ Methods ========================================================================================================
@ -86,8 +85,7 @@ public class LdapAuthenticationProviderTests extends TestCase {
} }
public void testEmptyPasswordIsRejected() { public void testEmptyPasswordIsRejected() {
LdapAuthenticationProvider ldapProvider = new LdapAuthenticationProvider(new MockAuthenticator(), LdapAuthenticationProvider ldapProvider = new LdapAuthenticationProvider(new MockAuthenticator());
new MockAuthoritiesPopulator());
try { try {
ldapProvider.retrieveUser("jen", new UsernamePasswordAuthenticationToken("jen", "")); ldapProvider.retrieveUser("jen", new UsernamePasswordAuthenticationToken("jen", ""));
fail("Expected BadCredentialsException for empty password"); fail("Expected BadCredentialsException for empty password");
@ -116,6 +114,14 @@ public class LdapAuthenticationProviderTests extends TestCase {
ldapProvider.additionalAuthenticationChecks(user, authRequest); ldapProvider.additionalAuthenticationChecks(user, authRequest);
} }
public void testUseWithNullAuthoritiesPopulatorReturnsCorrectRole() {
LdapAuthenticationProvider ldapProvider = new LdapAuthenticationProvider(new MockAuthenticator());
UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken("bob", "bobspassword");
UserDetails user = ldapProvider.retrieveUser("bob", authRequest);
assertEquals(1, user.getAuthorities().length);
assertEquals("ROLE_FROM_ENTRY", user.getAuthorities()[0].getAuthority());
}
//~ Inner Classes ================================================================================================== //~ Inner Classes ==================================================================================================
class MockAuthenticator implements LdapAuthenticator { class MockAuthenticator implements LdapAuthenticator {