Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-24 21:12:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-2072: <security:anonymous> granted-authority supports multiple authorities again

Browse Source
This commit is contained in:
Rob Winch 2012-11-02 16:23:37 -05:00
parent 091549779c
commit 4c50d1f5de
2 changed files with 18 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java
View File

@ -534,7 +534,7 @@ final class AuthenticationConfigBuilder {
anonymousFilter = new RootBeanDefinition(AnonymousAuthenticationFilter.class); anonymousFilter = new RootBeanDefinition(AnonymousAuthenticationFilter.class);
anonymousFilter.getConstructorArgumentValues().addIndexedArgumentValue(0, key); anonymousFilter.getConstructorArgumentValues().addIndexedArgumentValue(0, key);
anonymousFilter.getConstructorArgumentValues().addIndexedArgumentValue(1, username); anonymousFilter.getConstructorArgumentValues().addIndexedArgumentValue(1, username);
anonymousFilter.getConstructorArgumentValues().addIndexedArgumentValue(2, AuthorityUtils.createAuthorityList(grantedAuthority)); anonymousFilter.getConstructorArgumentValues().addIndexedArgumentValue(2, AuthorityUtils.commaSeparatedStringToAuthorityList(grantedAuthority));
anonymousFilter.setSource(source); anonymousFilter.setSource(source);
RootBeanDefinition anonymousProviderBean = new RootBeanDefinition(AnonymousAuthenticationProvider.class); RootBeanDefinition anonymousProviderBean = new RootBeanDefinition(AnonymousAuthenticationProvider.class);

17
config/src/test/groovy/org/springframework/security/config/http/MiscHttpConfigTests.groovy
View File

@ -212,6 +212,23 @@ class MiscHttpConfigTests extends AbstractHttpConfigTests {
'anonymity' == filter.authorities[0].authority 'anonymity' == filter.authorities[0].authority
} }
def anonymousSupportsMultipleGrantedAuthorities() {
xml.http {
'form-login'()
'anonymous'(username: 'joe', 'granted-authority':'ROLE_INVITADO,ROLE_PROFILE_INVITADO,ROLE_GRUPO_PUBLICO', key: 'customKey')
}
createAppContext()
AnonymousAuthenticationFilter filter = getFilter(AnonymousAuthenticationFilter);
def providers = appContext.getBeansOfType(AuthenticationManager).values()*.providers.flatten()
expect:
'customKey' == providers.find { it instanceof AnonymousAuthenticationProvider }.key
'customKey' == filter.key
'joe' == filter.principal
['ROLE_INVITADO','ROLE_PROFILE_INVITADO','ROLE_GRUPO_PUBLICO'] == filter.authorities*.authority
}
def httpMethodMatchIsSupported() { def httpMethodMatchIsSupported() {
httpAutoConfig { httpAutoConfig {
interceptUrl '/secure*', 'DELETE', 'ROLE_SUPERVISOR' interceptUrl '/secure*', 'DELETE', 'ROLE_SUPERVISOR'