Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SEC-2072: <security:anonymous> granted-authority supports multiple authorities again

This commit is contained in:
Rob Winch 2012-11-02 16:23:37 -05:00
parent 091549779c
commit 4c50d1f5de
2 changed files with 18 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java
View File

@ -534,7 +534,7 @@ final class AuthenticationConfigBuilder {
anonymousFilter = new RootBeanDefinition(AnonymousAuthenticationFilter.class);
anonymousFilter.getConstructorArgumentValues().addIndexedArgumentValue(0, key);
anonymousFilter.getConstructorArgumentValues().addIndexedArgumentValue(1, username);
anonymousFilter.getConstructorArgumentValues().addIndexedArgumentValue(2, AuthorityUtils.createAuthorityList(grantedAuthority));
anonymousFilter.getConstructorArgumentValues().addIndexedArgumentValue(2, AuthorityUtils.commaSeparatedStringToAuthorityList(grantedAuthority));
anonymousFilter.setSource(source);
RootBeanDefinition anonymousProviderBean = new RootBeanDefinition(AnonymousAuthenticationProvider.class);

17
config/src/test/groovy/org/springframework/security/config/http/MiscHttpConfigTests.groovy
View File

@ -212,6 +212,23 @@ class MiscHttpConfigTests extends AbstractHttpConfigTests {
'anonymity' == filter.authorities[0].authority
}
def anonymousSupportsMultipleGrantedAuthorities() {
xml.http {
'form-login'()
'anonymous'(username: 'joe', 'granted-authority':'ROLE_INVITADO,ROLE_PROFILE_INVITADO,ROLE_GRUPO_PUBLICO', key: 'customKey')
}
createAppContext()
AnonymousAuthenticationFilter filter = getFilter(AnonymousAuthenticationFilter);
def providers = appContext.getBeansOfType(AuthenticationManager).values()*.providers.flatten()
expect:
'customKey' == providers.find { it instanceof AnonymousAuthenticationProvider }.key
'customKey' == filter.key
'joe' == filter.principal
['ROLE_INVITADO','ROLE_PROFILE_INVITADO','ROLE_GRUPO_PUBLICO'] == filter.authorities*.authority
}
def httpMethodMatchIsSupported() {
httpAutoConfig {
interceptUrl '/secure*', 'DELETE', 'ROLE_SUPERVISOR'