From 3239cd139eba179746ab77d0435d495344db02ec Mon Sep 17 00:00:00 2001 From: Luke Taylor Date: Fri, 19 May 2006 22:10:05 +0000 Subject: [PATCH] SEC-251: use username as parameter {2} in group searches --- .../DefaultLdapAuthoritiesPopulator.java | 8 ++++---- .../DefaultLdapAuthoritiesPopulatorTests.java | 17 +++++++++++++++++ 2 files changed, 21 insertions(+), 4 deletions(-) diff --git a/core/src/main/java/org/acegisecurity/providers/ldap/populator/DefaultLdapAuthoritiesPopulator.java b/core/src/main/java/org/acegisecurity/providers/ldap/populator/DefaultLdapAuthoritiesPopulator.java index 195125e798..28bee4dde9 100644 --- a/core/src/main/java/org/acegisecurity/providers/ldap/populator/DefaultLdapAuthoritiesPopulator.java +++ b/core/src/main/java/org/acegisecurity/providers/ldap/populator/DefaultLdapAuthoritiesPopulator.java @@ -169,7 +169,7 @@ public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator logger.debug("Getting authorities for user " + userDn); - Set roles = getGroupMembershipRoles(userDn); + Set roles = getGroupMembershipRoles(userDn, userDetails.getUsername()); // Temporary use of deprecated method Set oldGroupRoles = getGroupMembershipRoles(userDn, userDetails.getAttributes()); @@ -203,7 +203,7 @@ public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator // return userRoles; // } - private Set getGroupMembershipRoles(String userDn) { + private Set getGroupMembershipRoles(String userDn, String username) { Set authorities = new HashSet(); if (groupSearchBase == null) { @@ -211,7 +211,7 @@ public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator } if (logger.isDebugEnabled()) { - logger.debug("Searching for roles for user '" + logger.debug("Searching for roles for user '" + username + "', DN = " + "'" + userDn + "', with filter "+ groupSearchFilter + " in search base '" + groupSearchBase + "'"); } @@ -220,7 +220,7 @@ public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator template.setSearchScope(searchScope); - Set userRoles = template.searchForSingleAttributeValues(groupSearchBase, groupSearchFilter, new String[]{userDn}, groupRoleAttribute); + Set userRoles = template.searchForSingleAttributeValues(groupSearchBase, groupSearchFilter, new String[]{userDn, username}, groupRoleAttribute); if (logger.isDebugEnabled()) { logger.debug("Roles from search: " + userRoles); diff --git a/core/src/test/java/org/acegisecurity/providers/ldap/populator/DefaultLdapAuthoritiesPopulatorTests.java b/core/src/test/java/org/acegisecurity/providers/ldap/populator/DefaultLdapAuthoritiesPopulatorTests.java index 5c3199a7a3..a9c85dc3db 100644 --- a/core/src/test/java/org/acegisecurity/providers/ldap/populator/DefaultLdapAuthoritiesPopulatorTests.java +++ b/core/src/test/java/org/acegisecurity/providers/ldap/populator/DefaultLdapAuthoritiesPopulatorTests.java @@ -82,4 +82,21 @@ public class DefaultLdapAuthoritiesPopulatorTests extends AbstractLdapServerTest assertTrue(roles.contains("ROLE_DEVELOPER")); assertTrue(roles.contains("ROLE_MANAGER")); } + + public void testUseOfUsernameParameterReturnsExpectedRoles() { + DefaultLdapAuthoritiesPopulator populator = + new DefaultLdapAuthoritiesPopulator(getInitialCtxFactory(), "ou=groups"); + populator.setGroupRoleAttribute("ou"); + populator.setConvertToUpperCase(true); + populator.setGroupSearchFilter("(ou={1})"); + + LdapUserDetailsImpl.Essence user = new LdapUserDetailsImpl.Essence(); + user.setUsername("manager"); + user.setDn("uid=ben,ou=people,dc=acegisecurity,dc=org"); + + GrantedAuthority[] authorities = + populator.getGrantedAuthorities(user.createUserDetails()); + assertEquals("Should have 1 role", 1, authorities.length); + assertTrue(authorities[0].equals("ROLE_MANAGER")); + } }