Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SEC-251: use username as parameter {2} in group searches

This commit is contained in:
Luke Taylor 2006-05-19 22:10:05 +00:00
parent 46cc1bec1e
commit 3239cd139e
2 changed files with 21 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
core/src/main/java/org/acegisecurity/providers/ldap/populator/DefaultLdapAuthoritiesPopulator.java
View File

@ -169,7 +169,7 @@ public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator
logger.debug("Getting authorities for user " + userDn); logger.debug("Getting authorities for user " + userDn);
Set roles = getGroupMembershipRoles(userDn); Set roles = getGroupMembershipRoles(userDn, userDetails.getUsername());
// Temporary use of deprecated method // Temporary use of deprecated method
Set oldGroupRoles = getGroupMembershipRoles(userDn, userDetails.getAttributes()); Set oldGroupRoles = getGroupMembershipRoles(userDn, userDetails.getAttributes());
@ -203,7 +203,7 @@ public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator
// return userRoles; // return userRoles;
// } // }
private Set getGroupMembershipRoles(String userDn) { private Set getGroupMembershipRoles(String userDn, String username) {
Set authorities = new HashSet(); Set authorities = new HashSet();
if (groupSearchBase == null) { if (groupSearchBase == null) {
@ -211,7 +211,7 @@ public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator
} }
if (logger.isDebugEnabled()) { if (logger.isDebugEnabled()) {
logger.debug("Searching for roles for user '" logger.debug("Searching for roles for user '" + username + "', DN = " + "'"
+ userDn + "', with filter "+ groupSearchFilter + userDn + "', with filter "+ groupSearchFilter
+ " in search base '" + groupSearchBase + "'"); + " in search base '" + groupSearchBase + "'");
} }
@ -220,7 +220,7 @@ public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator
template.setSearchScope(searchScope); template.setSearchScope(searchScope);
Set userRoles = template.searchForSingleAttributeValues(groupSearchBase, groupSearchFilter, new String[]{userDn}, groupRoleAttribute); Set userRoles = template.searchForSingleAttributeValues(groupSearchBase, groupSearchFilter, new String[]{userDn, username}, groupRoleAttribute);
if (logger.isDebugEnabled()) { if (logger.isDebugEnabled()) {
logger.debug("Roles from search: " + userRoles); logger.debug("Roles from search: " + userRoles);

17
core/src/test/java/org/acegisecurity/providers/ldap/populator/DefaultLdapAuthoritiesPopulatorTests.java
View File

@ -82,4 +82,21 @@ public class DefaultLdapAuthoritiesPopulatorTests extends AbstractLdapServerTest
assertTrue(roles.contains("ROLE_DEVELOPER")); assertTrue(roles.contains("ROLE_DEVELOPER"));
assertTrue(roles.contains("ROLE_MANAGER")); assertTrue(roles.contains("ROLE_MANAGER"));
} }
public void testUseOfUsernameParameterReturnsExpectedRoles() {
DefaultLdapAuthoritiesPopulator populator =
new DefaultLdapAuthoritiesPopulator(getInitialCtxFactory(), "ou=groups");
populator.setGroupRoleAttribute("ou");
populator.setConvertToUpperCase(true);
populator.setGroupSearchFilter("(ou={1})");
LdapUserDetailsImpl.Essence user = new LdapUserDetailsImpl.Essence();
user.setUsername("manager");
user.setDn("uid=ben,ou=people,dc=acegisecurity,dc=org");
GrantedAuthority[] authorities =
populator.getGrantedAuthorities(user.createUserDetails());
assertEquals("Should have 1 role", 1, authorities.length);
assertTrue(authorities[0].equals("ROLE_MANAGER"));
}
} }