Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-22 12:02:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-2571: Improve wording of UsernamePasswordAuthenticationToken#setAuthenticated() error

Browse Source
This commit is contained in:
Rob Winch 2014-04-24 17:03:34 -05:00
parent 414289d466
commit 13c5750f5d
2 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
core/src/main/java/org/springframework/security/authentication/UsernamePasswordAuthenticationToken.java
View File

@ -85,7 +85,7 @@ public class UsernamePasswordAuthenticationToken extends AbstractAuthenticationT
public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException { public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException {
if (isAuthenticated) { if (isAuthenticated) {
throw new IllegalArgumentException( throw new IllegalArgumentException(
"Cannot set this token to trusted - use constructor which takes a GrantedAuthority list instead"); "Once created you cannot set this token to authenticated. Create a new instance using the constructor which takes a GrantedAuthority list will mark this as authenticated.");
} }
super.setAuthenticated(false); super.setAuthenticated(false);

3
core/src/test/java/org/springframework/security/authentication/UsernamePasswordAuthenticationTokenTests.java
View File

@ -15,6 +15,7 @@
package org.springframework.security.authentication; package org.springframework.security.authentication;
import static org.fest.assertions.Assertions.assertThat;
import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue; import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail; import static org.junit.Assert.fail;
@ -58,6 +59,8 @@ public class UsernamePasswordAuthenticationTokenTests {
token.setAuthenticated(true); token.setAuthenticated(true);
fail("Should have prohibited setAuthenticated(true)"); fail("Should have prohibited setAuthenticated(true)");
} catch (IllegalArgumentException expected) { } catch (IllegalArgumentException expected) {
// SEC-2540
assertThat(expected).hasMessage("Once created you cannot set this token to authenticated. Create a new instance using the constructor which takes a GrantedAuthority list will mark this as authenticated.");
} }
} }