Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added default role option to authorities populator.

This commit is contained in:
Luke Taylor 2006-01-13 21:13:53 +00:00
parent bc7b0d00fe
commit 38629f159a
2 changed files with 30 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
core/src/main/java/org/acegisecurity/providers/ldap/populator/DefaultLdapAuthoritiesPopulator.java
View File

@ -135,6 +135,9 @@ public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator
private boolean convertToUpperCase = true;
/** A default role which will be assigned to all authenticated users if set */
private GrantedAuthority defaultRole = null;
/** An initial context factory is only required if searching for groups is required. */
private InitialDirContextFactory initialDirContextFactory = null;
@ -143,7 +146,8 @@ public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator
/**
* Constructor for non-group search scenarios. Typically in this case
* the <tt>userRoleAttributes</tt> property will be set to obtain roles directly
* from the user's directory entry attributes.
* from the user's directory entry attributes. The <tt>defaultRole</tt> property
* may also be set and will be assigned to all users.
*/
public DefaultLdapAuthoritiesPopulator() {
}
@ -182,6 +186,10 @@ public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator
roles.addAll(groupRoles);
}
if(defaultRole != null) {
roles.add(defaultRole);
}
return (GrantedAuthority[])roles.toArray(new GrantedAuthority[roles.size()]);
}
@ -202,7 +210,8 @@ public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator
*
* @param userDn the user's distinguished name.
* @param userAttributes
* @return the set of roles obtained from a group membership search.
* @return the set of roles obtained from a group membership search, or null if
* <tt>groupSearchBase</tt> has been set.
*/
protected Set getGroupMembershipRoles(String userDn, Attributes userAttributes) {
Set userRoles = new HashSet();
@ -313,4 +322,14 @@ public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator
public void setConvertToUpperCase(boolean convertToUpperCase) {
this.convertToUpperCase = convertToUpperCase;
}
/**
* The default role which will be assigned to all users.
*
* @param defaultRole the role name, including any desired prefix.
*/
public void setDefaultRole(String defaultRole) {
Assert.notNull(defaultRole, "The defaultRole property cannot be set to null");
this.defaultRole = new GrantedAuthorityImpl(defaultRole);
}
}

9
core/src/test/java/org/acegisecurity/providers/ldap/populator/DefaultLdapAuthoritiesPopulatorTests.java
View File

@ -43,6 +43,15 @@ public class DefaultLdapAuthoritiesPopulatorTests extends AbstractLdapServerTest
assertEquals("User should have three roles", 3, authorities.length);
}
public void testDefaultRoleIsAssignedWhenSet() {
DefaultLdapAuthoritiesPopulator populator = new DefaultLdapAuthoritiesPopulator();
populator.setDefaultRole("ROLE_USER");
GrantedAuthority[] authorities = populator.getGrantedAuthorities("Ignored", "Ignored", new BasicAttributes());
assertEquals(1, authorities.length);
assertEquals("ROLE_USER", authorities[0].getAuthority());
}
public void testGroupSearch() throws Exception {
DefaultLdapAuthoritiesPopulator populator = new DefaultLdapAuthoritiesPopulator(dirCtxFactory, "ou=groups");
populator.setRolePrefix("ROLE_");