From 31c09896eacfe4770f1b78ab416d49de03256b9a Mon Sep 17 00:00:00 2001 From: Luke Taylor Date: Fri, 14 Dec 2007 20:41:00 +0000 Subject: [PATCH] Fixed problem with relative name being used in (member={0}) search in DefaultAuthoritiesPopulator. --- .../ldap/SpringSecurityLdapTemplate.java | 3 ++- .../DefaultLdapAuthoritiesPopulator.java | 4 ++- .../userdetails/ldap/LdapUserDetailsImpl.java | 27 +++++++++++++++++++ .../config/LdapBeanDefinitionParserTests.java | 17 ++++++++++++ ...swordComparisonAuthenticatorMockTests.java | 1 + 5 files changed, 50 insertions(+), 2 deletions(-) diff --git a/core/src/main/java/org/springframework/security/ldap/SpringSecurityLdapTemplate.java b/core/src/main/java/org/springframework/security/ldap/SpringSecurityLdapTemplate.java index e681476d1b..f606836d2f 100644 --- a/core/src/main/java/org/springframework/security/ldap/SpringSecurityLdapTemplate.java +++ b/core/src/main/java/org/springframework/security/ldap/SpringSecurityLdapTemplate.java @@ -116,7 +116,8 @@ public class SpringSecurityLdapTemplate extends org.springframework.ldap.core.Ld // Object object = ctx.lookup(LdapUtils.getRelativeName(dn, ctx)); - return new DirContextAdapter(attrs, new DistinguishedName(dn)); + return new DirContextAdapter(attrs, new DistinguishedName(dn), + new DistinguishedName(ctx.getNameInNamespace())); } }); } diff --git a/core/src/main/java/org/springframework/security/ldap/populator/DefaultLdapAuthoritiesPopulator.java b/core/src/main/java/org/springframework/security/ldap/populator/DefaultLdapAuthoritiesPopulator.java index d460cbd2d6..ebd0892fe0 100644 --- a/core/src/main/java/org/springframework/security/ldap/populator/DefaultLdapAuthoritiesPopulator.java +++ b/core/src/main/java/org/springframework/security/ldap/populator/DefaultLdapAuthoritiesPopulator.java @@ -19,8 +19,10 @@ import org.springframework.security.GrantedAuthority; import org.springframework.security.GrantedAuthorityImpl; import org.springframework.security.ldap.SpringSecurityLdapTemplate; import org.springframework.security.ldap.LdapAuthoritiesPopulator; +import org.springframework.security.ldap.LdapUtils; import org.springframework.ldap.core.ContextSource; import org.springframework.ldap.core.DirContextOperations; +import org.springframework.ldap.core.DistinguishedName; import org.springframework.util.Assert; import org.apache.commons.logging.Log; @@ -170,7 +172,7 @@ public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator * @return the set of roles granted to the user. */ public final GrantedAuthority[] getGrantedAuthorities(DirContextOperations user, String username) { - String userDn = user.getDn().toString(); + String userDn = user.getNameInNamespace(); if (logger.isDebugEnabled()) { logger.debug("Getting authorities for user " + userDn); diff --git a/core/src/main/java/org/springframework/security/userdetails/ldap/LdapUserDetailsImpl.java b/core/src/main/java/org/springframework/security/userdetails/ldap/LdapUserDetailsImpl.java index 8b6518e8a3..3b301bb87e 100644 --- a/core/src/main/java/org/springframework/security/userdetails/ldap/LdapUserDetailsImpl.java +++ b/core/src/main/java/org/springframework/security/userdetails/ldap/LdapUserDetailsImpl.java @@ -99,6 +99,33 @@ public class LdapUserDetailsImpl implements LdapUserDetails { return enabled; } + public String toString() { + StringBuffer sb = new StringBuffer(); + sb.append(super.toString()).append(": "); + sb.append("Username: ").append(this.username).append("; "); + sb.append("Password: [PROTECTED]; "); + sb.append("Enabled: ").append(this.enabled).append("; "); + sb.append("AccountNonExpired: ").append(this.accountNonExpired).append("; "); + sb.append("credentialsNonExpired: ").append(this.credentialsNonExpired).append("; "); + sb.append("AccountNonLocked: ").append(this.accountNonLocked).append("; "); + + if (this.getAuthorities() != null) { + sb.append("Granted Authorities: "); + + for (int i = 0; i < this.getAuthorities().length; i++) { + if (i > 0) { + sb.append(", "); + } + + sb.append(this.getAuthorities()[i].toString()); + } + } else { + sb.append("Not granted any authorities"); + } + + return sb.toString(); + } + //~ Inner Classes ================================================================================================== /** diff --git a/core/src/test/java/org/springframework/security/config/LdapBeanDefinitionParserTests.java b/core/src/test/java/org/springframework/security/config/LdapBeanDefinitionParserTests.java index c25a056979..b5ee2a4aa0 100644 --- a/core/src/test/java/org/springframework/security/config/LdapBeanDefinitionParserTests.java +++ b/core/src/test/java/org/springframework/security/config/LdapBeanDefinitionParserTests.java @@ -1,5 +1,10 @@ package org.springframework.security.config; +import org.springframework.security.providers.ProviderManager; +import org.springframework.security.providers.UsernamePasswordAuthenticationToken; +import org.springframework.security.providers.ldap.LdapAuthenticationProvider; +import org.springframework.security.Authentication; +import org.springframework.security.userdetails.ldap.LdapUserDetailsImpl; import org.springframework.context.support.ClassPathXmlApplicationContext; import org.springframework.ldap.core.LdapTemplate; import org.springframework.ldap.core.support.BaseLdapPathContextSource; @@ -40,5 +45,17 @@ public class LdapBeanDefinitionParserTests { LdapTemplate template = new LdapTemplate(idcf); template.lookup("uid=ben,ou=people"); + + ProviderManager authManager = (ProviderManager) appContext.getBean(BeanIds.AUTHENTICATION_MANAGER); + + assertEquals(1, authManager.getProviders().size()); + + LdapAuthenticationProvider provider = (LdapAuthenticationProvider) authManager.getProviders().get(0); + + Authentication auth = provider.authenticate(new UsernamePasswordAuthenticationToken("ben", "benspassword")); + + LdapUserDetailsImpl ben = (LdapUserDetailsImpl) auth.getPrincipal(); + + assertEquals(2, ben.getAuthorities().length); } } diff --git a/core/src/test/java/org/springframework/security/providers/ldap/authenticator/PasswordComparisonAuthenticatorMockTests.java b/core/src/test/java/org/springframework/security/providers/ldap/authenticator/PasswordComparisonAuthenticatorMockTests.java index 35276d3817..0a8073693a 100644 --- a/core/src/test/java/org/springframework/security/providers/ldap/authenticator/PasswordComparisonAuthenticatorMockTests.java +++ b/core/src/test/java/org/springframework/security/providers/ldap/authenticator/PasswordComparisonAuthenticatorMockTests.java @@ -50,6 +50,7 @@ public class PasswordComparisonAuthenticatorMockTests extends MockObjectTestCase // mockCtx.expects(once()).method("lookup").with(eq("cn=Bob,ou=people")).will(returnValue(true)); mockCtx.expects(once()).method("getAttributes").with(eq("cn=Bob,ou=people"), NULL) .will(returnValue(attrs)); + mockCtx.expects(once()).method("getNameInNamespace").will(returnValue("dc=springframework,dc=org")); // Setup a single return value (i.e. success) Attributes searchResults = new BasicAttributes("", null);