Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-25 13:32:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-303: Check from null role attribute in LdapUserDetailsMapper

Browse Source
This commit is contained in:
Luke Taylor 2006-06-14 22:44:39 +00:00
parent eb3e954ae4
commit 49da801096
2 changed files with 72 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
core/src/main/java/org/acegisecurity/userdetails/ldap/LdapUserDetailsMapper.java
View File

@ -72,6 +72,11 @@ public class LdapUserDetailsMapper implements LdapEntryMapper {
for (int i = 0; (roleAttributes != null) && (i < roleAttributes.length); i++) { for (int i = 0; (roleAttributes != null) && (i < roleAttributes.length); i++) {
Attribute roleAttribute = attributes.get(roleAttributes[i]); Attribute roleAttribute = attributes.get(roleAttributes[i]);
if(roleAttribute == null) {
logger.debug("Couldn't read role attribute '" + roleAttributes[i] + "' for user " + dn);
continue;
}
NamingEnumeration attributeRoles = roleAttribute.getAll(); NamingEnumeration attributeRoles = roleAttribute.getAll();
while (attributeRoles.hasMore()) { while (attributeRoles.hasMore()) {

67
core/src/main/java/org/acegisecurity/userdetails/ldap/LdapUserDetailsMapperTests.java Normal file
View File

@ -0,0 +1,67 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.acegisecurity.userdetails.ldap;
import junit.framework.TestCase;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.BasicAttribute;
/**
* Tests {@link LdapUserDetailsMapper}.
*
* @author Luke Taylor
* @version $Id$
*/
public class LdapUserDetailsMapperTests extends TestCase {
public void testMultipleRoleAttributeValuesAreMappedToAuthorities() throws Exception {
LdapUserDetailsMapper mapper = new LdapUserDetailsMapper();
mapper.setConvertToUpperCase(false);
mapper.setRolePrefix("");
mapper.setRoleAttributes(new String[] {"userRole"});
BasicAttributes attrs = new BasicAttributes();
BasicAttribute roleAttribute = new BasicAttribute("userRole");
roleAttribute.add("X");
roleAttribute.add("Y");
roleAttribute.add("Z");
attrs.put(roleAttribute);
LdapUserDetailsImpl.Essence user = (LdapUserDetailsImpl.Essence) mapper.mapAttributes("cn=someName", attrs);
assertEquals(3, user.getGrantedAuthorities().length);
}
/**
* SEC-303. Non-retrieved role attribute causes NullPointerException
*/
public void testNonRetrievedRoleAttributeIsIgnored() throws Exception {
LdapUserDetailsMapper mapper = new LdapUserDetailsMapper();
mapper.setRoleAttributes(new String[] {"userRole", "nonRetrievedAttribute"});
BasicAttributes attrs = new BasicAttributes();
attrs.put(new BasicAttribute("userRole", "x"));
LdapUserDetailsImpl.Essence user = (LdapUserDetailsImpl.Essence) mapper.mapAttributes("cn=someName", attrs);
assertEquals(1, user.getGrantedAuthorities().length);
assertEquals("ROLE_X", user.getGrantedAuthorities()[0].getAuthority());
}
}