From 350f75f7f342a131b00532acfbfd07cd7d04701f Mon Sep 17 00:00:00 2001 From: Luke Taylor Date: Mon, 20 Apr 2009 05:02:42 +0000 Subject: [PATCH] SEC-1084: Retain Authentication.details when authenticating in LdapAuthenticationProvider. --- .../ldap/authentication/LdapAuthenticationProvider.java | 7 +++++-- .../authentication/LdapAuthenticationProviderTests.java | 3 +++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapAuthenticationProvider.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapAuthenticationProvider.java index ad03ca503e..5ccc193548 100644 --- a/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapAuthenticationProvider.java +++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapAuthenticationProvider.java @@ -234,7 +234,7 @@ public class LdapAuthenticationProvider implements AuthenticationProvider, Messa messages.getMessage("AbstractUserDetailsAuthenticationProvider.onlySupports", "Only UsernamePasswordAuthenticationToken is supported")); - UsernamePasswordAuthenticationToken userToken = (UsernamePasswordAuthenticationToken)authentication; + final UsernamePasswordAuthenticationToken userToken = (UsernamePasswordAuthenticationToken)authentication; String username = userToken.getName(); @@ -287,7 +287,10 @@ public class LdapAuthenticationProvider implements AuthenticationProvider, Messa UserDetails user) { Object password = useAuthenticationRequestCredentials ? authentication.getCredentials() : user.getPassword(); - return new UsernamePasswordAuthenticationToken(user, password, user.getAuthorities()); + UsernamePasswordAuthenticationToken result = new UsernamePasswordAuthenticationToken(user, password, user.getAuthorities()); + result.setDetails(authentication.getDetails()); + + return result; } public boolean supports(Class authentication) { diff --git a/ldap/src/test/java/org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests.java b/ldap/src/test/java/org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests.java index 11107cb5bc..a120a140ae 100644 --- a/ldap/src/test/java/org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests.java +++ b/ldap/src/test/java/org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests.java @@ -124,8 +124,11 @@ public class LdapAuthenticationProviderTests { assertNotNull(ldapProvider.getAuthoritiesPopulator()); UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken("ben", "benspassword"); + Object authDetails = new Object(); + authRequest.setDetails(authDetails); Authentication authResult = ldapProvider.authenticate(authRequest); assertEquals("benspassword", authResult.getCredentials()); + assertSame(authDetails, authResult.getDetails()); UserDetails user = (UserDetails) authResult.getPrincipal(); assertEquals(2, user.getAuthorities().size()); assertEquals("{SHA}nFCebWjxfaLbHHG1Qk5UU4trbvQ=", user.getPassword());