From 552dc6486a8fbef87b2cebdbaa2df68e42723eab Mon Sep 17 00:00:00 2001 From: Luke Taylor Date: Sun, 13 Apr 2008 20:51:40 +0000 Subject: [PATCH] SEC-703: Expose customization of SQL used by http://jira.springframework.org/browse/SEC-703. Added suggested attributes for sql queries. --- .../JdbcUserServiceBeanDefinitionParser.java | 21 +++++++++++++++++++ .../security/config/spring-security-2.0.rnc | 10 +++++++++ .../security/config/spring-security-2.0.xsd | 18 ++++++++++++++++ ...cUserServiceBeanDefinitionParserTests.java | 10 +++++++++ 4 files changed, 59 insertions(+) diff --git a/core/src/main/java/org/springframework/security/config/JdbcUserServiceBeanDefinitionParser.java b/core/src/main/java/org/springframework/security/config/JdbcUserServiceBeanDefinitionParser.java index b0f17a9bb7..e4458b0d32 100644 --- a/core/src/main/java/org/springframework/security/config/JdbcUserServiceBeanDefinitionParser.java +++ b/core/src/main/java/org/springframework/security/config/JdbcUserServiceBeanDefinitionParser.java @@ -1,6 +1,7 @@ package org.springframework.security.config; import org.springframework.security.userdetails.jdbc.JdbcUserDetailsManager; +import org.springframework.util.StringUtils; import org.springframework.beans.factory.support.BeanDefinitionBuilder; import org.springframework.beans.factory.xml.ParserContext; import org.springframework.beans.factory.BeanDefinitionStoreException; @@ -13,6 +14,9 @@ import org.w3c.dom.Element; */ public class JdbcUserServiceBeanDefinitionParser extends AbstractUserDetailsServiceBeanDefinitionParser { static final String ATT_DATA_SOURCE = "data-source-ref"; + static final String ATT_USERS_BY_USERNAME_QUERY = "users-by-username-query"; + static final String ATT_AUTHORITIES_BY_USERNAME_QUERY = "authorities-by-username-query"; + static final String ATT_GROUP_AUTHORITIES_QUERY = "group-authorities-by-username-query"; protected Class getBeanClass(Element element) { return JdbcUserDetailsManager.class; @@ -29,5 +33,22 @@ public class JdbcUserServiceBeanDefinitionParser extends AbstractUserDetailsServ throw new BeanDefinitionStoreException(ATT_DATA_SOURCE + " is required for " + Elements.JDBC_USER_SERVICE ); } + + String usersQuery = element.getAttribute(ATT_USERS_BY_USERNAME_QUERY); + String authoritiesQuery = element.getAttribute(ATT_AUTHORITIES_BY_USERNAME_QUERY); + String groupAuthoritiesQuery = element.getAttribute(ATT_GROUP_AUTHORITIES_QUERY); + + if (StringUtils.hasText(usersQuery)) { + builder.addPropertyValue("usersByUsernameQuery", usersQuery); + } + + if (StringUtils.hasText(authoritiesQuery)) { + builder.addPropertyValue("authoritiesByUsernameQuery", authoritiesQuery); + } + + if (StringUtils.hasText(groupAuthoritiesQuery)) { + builder.addPropertyValue("enableGroups", Boolean.TRUE); + builder.addPropertyValue("authoritiesByUsernameQuery", groupAuthoritiesQuery); + } } } diff --git a/core/src/main/resources/org/springframework/security/config/spring-security-2.0.rnc b/core/src/main/resources/org/springframework/security/config/spring-security-2.0.rnc index 8d60ff0d91..d8a8f5ec4c 100644 --- a/core/src/main/resources/org/springframework/security/config/spring-security-2.0.rnc +++ b/core/src/main/resources/org/springframework/security/config/spring-security-2.0.rnc @@ -415,6 +415,16 @@ jdbc-user-service.attlist &= attribute data-source-ref {xsd:string} jdbc-user-service.attlist &= cache-ref? +jdbc-user-service.attlist &= + ## An SQL statement to query a username, password, and enabled status given a username + attribute users-by-username-query {xsd:string}? +jdbc-user-service.attlist &= + ## An SQL statement to query for a user's granted authorities given a username. + attribute authorities-by-username-query {xsd:string}? +jdbc-user-service.attlist &= + ## An SQL statement to query user's group authorities given a username. + attribute group-authorities-by-username-query {xsd:string}? + any-user-service = user-service | jdbc-user-service | ldap-user-service diff --git a/core/src/main/resources/org/springframework/security/config/spring-security-2.0.xsd b/core/src/main/resources/org/springframework/security/config/spring-security-2.0.xsd index 845b03293f..09cfb1b52f 100644 --- a/core/src/main/resources/org/springframework/security/config/spring-security-2.0.xsd +++ b/core/src/main/resources/org/springframework/security/config/spring-security-2.0.xsd @@ -1144,6 +1144,24 @@ UserDetailsService. + + + An SQL statement to query a username, password, and enabled status given a + username + + + + + An SQL statement to query for a user's granted authorities given a + username. + + + + + An SQL statement to query user's group authorities given a + username. + + diff --git a/core/src/test/java/org/springframework/security/config/JdbcUserServiceBeanDefinitionParserTests.java b/core/src/test/java/org/springframework/security/config/JdbcUserServiceBeanDefinitionParserTests.java index 74832ef7ac..789435ed75 100644 --- a/core/src/test/java/org/springframework/security/config/JdbcUserServiceBeanDefinitionParserTests.java +++ b/core/src/test/java/org/springframework/security/config/JdbcUserServiceBeanDefinitionParserTests.java @@ -52,6 +52,16 @@ public class JdbcUserServiceBeanDefinitionParserTests { JdbcUserDetailsManager mgr = (JdbcUserDetailsManager) appContext.getBean("myUserService"); } + @Test + public void usernameAndGroupQueriesAreParsedCorrectly() { + setContext("" + DATA_SOURCE); + JdbcUserDetailsManager mgr = (JdbcUserDetailsManager) appContext.getBean("myUserService"); + assertTrue(mgr.loadUserByUsername("rod") != null); + } + @Test public void cacheRefIsparsedCorrectly() { setContext(""