Fixed problem with relative name being used in (member={0}) search in DefaultAuthoritiesPopulator.

2007-12-14 20:41:00 +00:00 · 2007-12-14 20:41:00 +00:00 · 31c09896ea
parent 09f68400ec
commit 31c09896ea
5 changed files with 50 additions and 2 deletions
--- a/core/src/main/java/org/springframework/security/ldap/SpringSecurityLdapTemplate.java
+++ b/core/src/main/java/org/springframework/security/ldap/SpringSecurityLdapTemplate.java
@ -116,7 +116,8 @@ public class SpringSecurityLdapTemplate extends org.springframework.ldap.core.Ld

                    // Object object = ctx.lookup(LdapUtils.getRelativeName(dn, ctx));

-                    return new DirContextAdapter(attrs, new DistinguishedName(dn));
+                    return new DirContextAdapter(attrs, new DistinguishedName(dn),
+                            new DistinguishedName(ctx.getNameInNamespace()));
                }
            });
    }
--- a/core/src/main/java/org/springframework/security/ldap/populator/DefaultLdapAuthoritiesPopulator.java
+++ b/core/src/main/java/org/springframework/security/ldap/populator/DefaultLdapAuthoritiesPopulator.java
@ -19,8 +19,10 @@ import org.springframework.security.GrantedAuthority;
 import org.springframework.security.GrantedAuthorityImpl;
 import org.springframework.security.ldap.SpringSecurityLdapTemplate;
 import org.springframework.security.ldap.LdapAuthoritiesPopulator;
+import org.springframework.security.ldap.LdapUtils;
 import org.springframework.ldap.core.ContextSource;
 import org.springframework.ldap.core.DirContextOperations;
+import org.springframework.ldap.core.DistinguishedName;
 import org.springframework.util.Assert;

 import org.apache.commons.logging.Log;
@ -170,7 +172,7 @@ public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator
     * @return the set of roles granted to the user.
     */
    public final GrantedAuthority[] getGrantedAuthorities(DirContextOperations user, String username) {
-        String userDn = user.getDn().toString();
+        String userDn = user.getNameInNamespace();

        if (logger.isDebugEnabled()) {
            logger.debug("Getting authorities for user " + userDn);
--- a/core/src/main/java/org/springframework/security/userdetails/ldap/LdapUserDetailsImpl.java
+++ b/core/src/main/java/org/springframework/security/userdetails/ldap/LdapUserDetailsImpl.java
@ -99,6 +99,33 @@ public class LdapUserDetailsImpl implements LdapUserDetails {
        return enabled;
    }

+    public String toString() {
+        StringBuffer sb = new StringBuffer();
+        sb.append(super.toString()).append(": ");
+        sb.append("Username: ").append(this.username).append("; ");
+        sb.append("Password: [PROTECTED]; ");
+        sb.append("Enabled: ").append(this.enabled).append("; ");
+        sb.append("AccountNonExpired: ").append(this.accountNonExpired).append("; ");
+        sb.append("credentialsNonExpired: ").append(this.credentialsNonExpired).append("; ");
+        sb.append("AccountNonLocked: ").append(this.accountNonLocked).append("; ");
+
+        if (this.getAuthorities() != null) {
+            sb.append("Granted Authorities: ");
+
+            for (int i = 0; i < this.getAuthorities().length; i++) {
+                if (i > 0) {
+                    sb.append(", ");
+                }
+
+                sb.append(this.getAuthorities()[i].toString());
+            }
+        } else {
+            sb.append("Not granted any authorities");
+        }
+
+        return sb.toString();        
+    }
+
    //~ Inner Classes ==================================================================================================

    /**
--- a/core/src/test/java/org/springframework/security/config/LdapBeanDefinitionParserTests.java
+++ b/core/src/test/java/org/springframework/security/config/LdapBeanDefinitionParserTests.java
@ -1,5 +1,10 @@
 package org.springframework.security.config;

+import org.springframework.security.providers.ProviderManager;
+import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
+import org.springframework.security.providers.ldap.LdapAuthenticationProvider;
+import org.springframework.security.Authentication;
+import org.springframework.security.userdetails.ldap.LdapUserDetailsImpl;
 import org.springframework.context.support.ClassPathXmlApplicationContext;
 import org.springframework.ldap.core.LdapTemplate;
 import org.springframework.ldap.core.support.BaseLdapPathContextSource;
@ -40,5 +45,17 @@ public class LdapBeanDefinitionParserTests {
        LdapTemplate template = new LdapTemplate(idcf);

        template.lookup("uid=ben,ou=people");
+
+        ProviderManager authManager = (ProviderManager) appContext.getBean(BeanIds.AUTHENTICATION_MANAGER);
+
+        assertEquals(1, authManager.getProviders().size());
+
+        LdapAuthenticationProvider provider = (LdapAuthenticationProvider) authManager.getProviders().get(0);
+
+        Authentication auth = provider.authenticate(new UsernamePasswordAuthenticationToken("ben", "benspassword"));
+
+        LdapUserDetailsImpl ben = (LdapUserDetailsImpl) auth.getPrincipal();
+
+        assertEquals(2, ben.getAuthorities().length);
    }
 }
--- a/core/src/test/java/org/springframework/security/providers/ldap/authenticator/PasswordComparisonAuthenticatorMockTests.java
+++ b/core/src/test/java/org/springframework/security/providers/ldap/authenticator/PasswordComparisonAuthenticatorMockTests.java
@ -50,6 +50,7 @@ public class PasswordComparisonAuthenticatorMockTests extends MockObjectTestCase
 //        mockCtx.expects(once()).method("lookup").with(eq("cn=Bob,ou=people")).will(returnValue(true));
        mockCtx.expects(once()).method("getAttributes").with(eq("cn=Bob,ou=people"), NULL)
               .will(returnValue(attrs));
+        mockCtx.expects(once()).method("getNameInNamespace").will(returnValue("dc=springframework,dc=org"));

        // Setup a single return value (i.e. success)
        Attributes searchResults = new BasicAttributes("", null);