LdapUserDetails extends CredentialsContainer

LdapUserDetails extends CredentialsContainer in order to clear password when erase-credentials is true. Fixes gh-4029
2025-05-31 01:02:14 +00:00 · 2016-08-18 14:58:55 -03:00 · 2016-08-18 14:58:55 -03:00 · 1171e25bc7
commit 1171e25bc7
parent f8bfe19a98
3 changed files with 50 additions and 1 deletions
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetails.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetails.java
@ -16,6 +16,7 @@

 package org.springframework.security.ldap.userdetails;

+import org.springframework.security.core.CredentialsContainer;
 import org.springframework.security.core.userdetails.UserDetails;

 /**
@ -23,7 +24,7 @@ import org.springframework.security.core.userdetails.UserDetails;
 *
 * @author Luke Taylor
 */
-public interface LdapUserDetails extends UserDetails {
+public interface LdapUserDetails extends UserDetails, CredentialsContainer {
 	// ~ Methods
 	// ========================================================================================================

--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsImpl.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsImpl.java
@ -107,6 +107,11 @@ public class LdapUserDetailsImpl implements LdapUserDetails, PasswordPolicyData
 		return enabled;
 	}

+	@Override
+	public void eraseCredentials() {
+		password = null;
+	}
+
 	public int getTimeBeforeExpiration() {
 		return timeBeforeExpiration;
 	}
--- a/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsImplTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsImplTests.java
@ -0,0 +1,43 @@
+/*
+ * Copyright 2012-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.ldap.userdetails;
+
+import org.junit.Test;
+import org.springframework.security.core.CredentialsContainer;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+/**
+ * Tests {@link LdapUserDetailsImpl}
+ *
+ * @author Joe Grandja
+ */
+public class LdapUserDetailsImplTests {
+
+	@Test
+	public void credentialsAreCleared() {
+		LdapUserDetailsImpl.Essence mutableLdapUserDetails = new LdapUserDetailsImpl.Essence();
+		mutableLdapUserDetails.setDn("uid=username1,ou=people,dc=example,dc=com");
+		mutableLdapUserDetails.setUsername("username1");
+		mutableLdapUserDetails.setPassword("password");
+
+		LdapUserDetails ldapUserDetails = mutableLdapUserDetails.createUserDetails();
+		assertThat(ldapUserDetails).isInstanceOf(CredentialsContainer.class);
+		ldapUserDetails.eraseCredentials();
+		assertThat(ldapUserDetails.getPassword()).isNull();
+	}
+
+}