Allow authorities to be overridden in UserBuilder

Issue gh-12533
This commit is contained in:
Dmitry Korotych 2023-06-08 19:58:43 +03:00 committed by Steve Riesenberg
parent 00cf5edef2
commit 4def405067
No known key found for this signature in database
GPG Key ID: 5F311AB48A55D521
2 changed files with 28 additions and 5 deletions

View File

@ -441,6 +441,7 @@ public class User implements UserDetails, CredentialsContainer {
*/ */
public UserBuilder authorities(Collection<? extends GrantedAuthority> authorities) { public UserBuilder authorities(Collection<? extends GrantedAuthority> authorities) {
Assert.notNull(authorities, "authorities cannot be null"); Assert.notNull(authorities, "authorities cannot be null");
this.authorities.clear();
this.authorities.addAll(authorities); this.authorities.addAll(authorities);
return this; return this;
} }

View File

@ -18,18 +18,19 @@ package org.springframework.security.core.userdetails;
import java.io.ByteArrayOutputStream; import java.io.ByteArrayOutputStream;
import java.io.ObjectOutputStream; import java.io.ObjectOutputStream;
import java.util.ArrayList; import java.util.*;
import java.util.Collection;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.function.Function; import java.util.function.Function;
import java.util.stream.Stream;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.Arguments;
import org.junit.jupiter.params.provider.MethodSource;
import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.util.CollectionUtils;
import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType; import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
@ -45,6 +46,14 @@ public class UserTests {
private static final List<GrantedAuthority> ROLE_12 = AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"); private static final List<GrantedAuthority> ROLE_12 = AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO");
public static Stream<Arguments> testNewAuthoritiesShouldReplacePreviousAuthorities() {
return Stream.of(
Arguments.of((Object) new String[0]),
Arguments.of((Object) new String[]{"B7", "C12", "role"}),
Arguments.of((Object) new String[]{"A1"})
);
}
@Test @Test
public void equalsReturnsTrueIfUsernamesAreTheSame() { public void equalsReturnsTrueIfUsernamesAreTheSame() {
User user1 = new User("rod", "koala", true, true, true, true, ROLE_12); User user1 = new User("rod", "koala", true, true, true, true, ROLE_12);
@ -98,6 +107,19 @@ public class UserTests {
.authorities(new String[] { null, null }).build()); .authorities(new String[] { null, null }).build());
} }
@ParameterizedTest
@MethodSource
public void testNewAuthoritiesShouldReplacePreviousAuthorities(String[] authorities) {
UserDetails parent = User.builder().username("user").password("password").authorities("A1", "A2", "B1").build();
User.UserBuilder builder = User.withUserDetails(parent).authorities(authorities);
UserDetails user = builder.build();
assertThat(AuthorityUtils.authorityListToSet(user.getAuthorities())).containsOnly(authorities);
user = builder.authorities(AuthorityUtils.createAuthorityList(authorities)).build();
assertThat(AuthorityUtils.authorityListToSet(user.getAuthorities())).containsOnly(authorities);
user = builder.authorities(AuthorityUtils.createAuthorityList(authorities).toArray(GrantedAuthority[]::new)).build();
assertThat(AuthorityUtils.authorityListToSet(user.getAuthorities())).containsOnly(authorities);
}
@Test @Test
public void testNullValuesRejected() { public void testNullValuesRejected() {
assertThatIllegalArgumentException().isThrownBy(() -> new User(null, "koala", true, true, true, true, ROLE_12)); assertThatIllegalArgumentException().isThrownBy(() -> new User(null, "koala", true, true, true, true, ROLE_12));