SEC-251: use username as parameter {2} in group searches

2006-05-19 22:10:05 +00:00 · 2006-05-19 22:10:05 +00:00 · 3239cd139e
parent 46cc1bec1e
commit 3239cd139e
2 changed files with 21 additions and 4 deletions
--- a/core/src/main/java/org/acegisecurity/providers/ldap/populator/DefaultLdapAuthoritiesPopulator.java
+++ b/core/src/main/java/org/acegisecurity/providers/ldap/populator/DefaultLdapAuthoritiesPopulator.java
@ -169,7 +169,7 @@ public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator

        logger.debug("Getting authorities for user " + userDn);

-        Set roles = getGroupMembershipRoles(userDn);
+        Set roles = getGroupMembershipRoles(userDn, userDetails.getUsername());

        // Temporary use of deprecated method
        Set oldGroupRoles = getGroupMembershipRoles(userDn, userDetails.getAttributes());
@ -203,7 +203,7 @@ public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator
 //        return userRoles;
 //    }

-    private Set getGroupMembershipRoles(String userDn) {
+    private Set getGroupMembershipRoles(String userDn, String username) {
        Set authorities = new HashSet();

        if (groupSearchBase == null) {
@ -211,7 +211,7 @@ public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator
        }

        if (logger.isDebugEnabled()) {
-            logger.debug("Searching for roles for user '"
+            logger.debug("Searching for roles for user '" + username + "', DN = " + "'" 
                    + userDn + "', with filter "+ groupSearchFilter
                    + " in search base '" + groupSearchBase + "'");
        }
@ -220,7 +220,7 @@ public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator

        template.setSearchScope(searchScope);

-        Set userRoles = template.searchForSingleAttributeValues(groupSearchBase, groupSearchFilter, new String[]{userDn}, groupRoleAttribute);
+        Set userRoles = template.searchForSingleAttributeValues(groupSearchBase, groupSearchFilter, new String[]{userDn, username}, groupRoleAttribute);

        if (logger.isDebugEnabled()) {
            logger.debug("Roles from search: " + userRoles);
--- a/core/src/test/java/org/acegisecurity/providers/ldap/populator/DefaultLdapAuthoritiesPopulatorTests.java
+++ b/core/src/test/java/org/acegisecurity/providers/ldap/populator/DefaultLdapAuthoritiesPopulatorTests.java
@ -82,4 +82,21 @@ public class DefaultLdapAuthoritiesPopulatorTests extends AbstractLdapServerTest
        assertTrue(roles.contains("ROLE_DEVELOPER"));
        assertTrue(roles.contains("ROLE_MANAGER"));
    }
+
+    public void testUseOfUsernameParameterReturnsExpectedRoles() {
+        DefaultLdapAuthoritiesPopulator populator =
+                new DefaultLdapAuthoritiesPopulator(getInitialCtxFactory(), "ou=groups");
+        populator.setGroupRoleAttribute("ou");
+        populator.setConvertToUpperCase(true);
+        populator.setGroupSearchFilter("(ou={1})");
+
+        LdapUserDetailsImpl.Essence user = new LdapUserDetailsImpl.Essence();
+        user.setUsername("manager");
+        user.setDn("uid=ben,ou=people,dc=acegisecurity,dc=org");
+
+        GrantedAuthority[] authorities =
+                populator.getGrantedAuthorities(user.createUserDetails());
+        assertEquals("Should have 1 role", 1, authorities.length);
+        assertTrue(authorities[0].equals("ROLE_MANAGER"));
+    }
 }