Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add empty authorities by default 

Closes gh-12533
This commit is contained in:
stillya 2023-01-18 11:41:43 +06:00 committed by Steve Riesenberg
parent 6abbdd3654
commit 3229bfa40f
2 changed files with 35 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
core/src/main/java/org/springframework/security/core/userdetails/User.java
View File

@ -329,7 +329,7 @@ public class User implements UserDetails, CredentialsContainer {
private String password;
private List<GrantedAuthority> authorities;
private List<GrantedAuthority> authorities = new ArrayList<>();
private boolean accountExpired;
@ -427,6 +427,7 @@ public class User implements UserDetails, CredentialsContainer {
* @see #roles(String...)
*/
public UserBuilder authorities(GrantedAuthority... authorities) {
Assert.notNull(authorities, "authorities cannot be null");
return authorities(Arrays.asList(authorities));
}
@ -439,7 +440,8 @@ public class User implements UserDetails, CredentialsContainer {
* @see #roles(String...)
*/
public UserBuilder authorities(Collection<? extends GrantedAuthority> authorities) {
this.authorities = new ArrayList<>(authorities);
Assert.notNull(authorities, "authorities cannot be null");
this.authorities.addAll(authorities);
return this;
}
@ -452,6 +454,7 @@ public class User implements UserDetails, CredentialsContainer {
* @see #roles(String...)
*/
public UserBuilder authorities(String... authorities) {
Assert.notNull(authorities, "authorities cannot be null");
return authorities(AuthorityUtils.createAuthorityList(authorities));
}

30
core/src/test/java/org/springframework/security/core/userdetails/UserTests.java
View File

@ -18,6 +18,8 @@ package org.springframework.security.core.userdetails;
import java.io.ByteArrayOutputStream;
import java.io.ObjectOutputStream;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
@ -37,6 +39,7 @@ import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException
* Tests {@link User}.
*
* @author Ben Alex
* @author Ilya Starchenko
*/
public class UserTests {
@ -68,6 +71,33 @@ public class UserTests {
.isThrownBy(() -> User.class.getDeclaredConstructor((Class[]) null));
}
@Test
public void testBuildUserWithNoAuthorities() {
UserDetails user = User.builder().username("user").password("password").build();
assertThat(user.getAuthorities()).isEmpty();
}
@Test
public void testNullWithinUserAuthoritiesIsRejected() {
assertThatIllegalArgumentException().isThrownBy(() -> User.builder().username("user").password("password")
.authorities((Collection<? extends GrantedAuthority>) null).build());
List<GrantedAuthority> authorities = new ArrayList<>();
authorities.add(null);
authorities.add(null);
assertThatIllegalArgumentException().isThrownBy(
() -> User.builder().username("user").password("password").authorities(authorities).build());
assertThatIllegalArgumentException().isThrownBy(() -> User.builder().username("user").password("password")
.authorities((GrantedAuthority[]) null).build());
assertThatIllegalArgumentException().isThrownBy(() -> User.builder().username("user").password("password")
.authorities(new GrantedAuthority[] { null, null }).build());
assertThatIllegalArgumentException().isThrownBy(
() -> User.builder().username("user").password("password").authorities((String[]) null).build());
assertThatIllegalArgumentException().isThrownBy(() -> User.builder().username("user").password("password")
.authorities(new String[] { null, null }).build());
}
@Test
public void testNullValuesRejected() {
assertThatIllegalArgumentException().isThrownBy(() -> new User(null, "koala", true, true, true, true, ROLE_12));