SEC-703: Expose customization of SQL used by <jdbc-user-service>

http://jira.springframework.org/browse/SEC-703. Added suggested attributes for sql queries.
2008-04-13 20:51:40 +00:00 · 2008-04-13 20:51:40 +00:00 · 552dc6486a
parent d6e5dbbcfd
commit 552dc6486a
4 changed files with 59 additions and 0 deletions
--- a/core/src/main/java/org/springframework/security/config/JdbcUserServiceBeanDefinitionParser.java
+++ b/core/src/main/java/org/springframework/security/config/JdbcUserServiceBeanDefinitionParser.java
@ -1,6 +1,7 @@
 package org.springframework.security.config;

 import org.springframework.security.userdetails.jdbc.JdbcUserDetailsManager;
+import org.springframework.util.StringUtils;
 import org.springframework.beans.factory.support.BeanDefinitionBuilder;
 import org.springframework.beans.factory.xml.ParserContext;
 import org.springframework.beans.factory.BeanDefinitionStoreException;
@ -13,6 +14,9 @@ import org.w3c.dom.Element;
 */
 public class JdbcUserServiceBeanDefinitionParser extends AbstractUserDetailsServiceBeanDefinitionParser {
 	static final String ATT_DATA_SOURCE = "data-source-ref";
+	static final String ATT_USERS_BY_USERNAME_QUERY = "users-by-username-query";
+	static final String ATT_AUTHORITIES_BY_USERNAME_QUERY = "authorities-by-username-query";
+	static final String ATT_GROUP_AUTHORITIES_QUERY = "group-authorities-by-username-query";

    protected Class getBeanClass(Element element) {
        return JdbcUserDetailsManager.class;
@ -29,5 +33,22 @@ public class JdbcUserServiceBeanDefinitionParser extends AbstractUserDetailsServ
            throw new BeanDefinitionStoreException(ATT_DATA_SOURCE  + " is required for "
                    + Elements.JDBC_USER_SERVICE );
        }
+        
+        String usersQuery = element.getAttribute(ATT_USERS_BY_USERNAME_QUERY);
+        String authoritiesQuery = element.getAttribute(ATT_AUTHORITIES_BY_USERNAME_QUERY);
+        String groupAuthoritiesQuery = element.getAttribute(ATT_GROUP_AUTHORITIES_QUERY);
+        
+        if (StringUtils.hasText(usersQuery)) {
+            builder.addPropertyValue("usersByUsernameQuery", usersQuery);
+        }
+        
+        if (StringUtils.hasText(authoritiesQuery)) {
+            builder.addPropertyValue("authoritiesByUsernameQuery", authoritiesQuery);
+        }
+        
+        if (StringUtils.hasText(groupAuthoritiesQuery)) {
+            builder.addPropertyValue("enableGroups", Boolean.TRUE);
+            builder.addPropertyValue("authoritiesByUsernameQuery", groupAuthoritiesQuery);
+        }
    }
 }
--- a/core/src/main/resources/org/springframework/security/config/spring-security-2.0.rnc
+++ b/core/src/main/resources/org/springframework/security/config/spring-security-2.0.rnc
@ -415,6 +415,16 @@ jdbc-user-service.attlist &=
    attribute data-source-ref {xsd:string}
 jdbc-user-service.attlist &=
    cache-ref?
+jdbc-user-service.attlist &=
+    ## An SQL statement to query a username, password, and enabled status given a username
+    attribute users-by-username-query {xsd:string}?
+jdbc-user-service.attlist &=
+    ## An SQL statement to query for a user's granted authorities given a username.
+    attribute authorities-by-username-query {xsd:string}?
+jdbc-user-service.attlist &=
+    ## An SQL statement to query user's group authorities given a username.
+    attribute group-authorities-by-username-query {xsd:string}?
+    

 any-user-service = user-service | jdbc-user-service | ldap-user-service
    
--- a/core/src/main/resources/org/springframework/security/config/spring-security-2.0.xsd
+++ b/core/src/main/resources/org/springframework/security/config/spring-security-2.0.xsd
@ -1144,6 +1144,24 @@
        UserDetailsService.</xs:documentation>
      </xs:annotation>
    </xs:attribute>
+    <xs:attribute name="users-by-username-query" type="xs:string">
+      <xs:annotation>
+        <xs:documentation>An SQL statement to query a username, password, and enabled status given a
+          username</xs:documentation>
+      </xs:annotation>
+    </xs:attribute>
+    <xs:attribute name="authorities-by-username-query" type="xs:string">
+      <xs:annotation>
+        <xs:documentation>An SQL statement to query for a user's granted authorities given a
+          username.</xs:documentation>
+      </xs:annotation>
+    </xs:attribute>
+    <xs:attribute name="group-authorities-by-username-query" type="xs:string">
+      <xs:annotation>
+        <xs:documentation>An SQL statement to query user's group authorities given a
+        username.</xs:documentation>
+      </xs:annotation>
+    </xs:attribute>
  </xs:attributeGroup>
  <xs:element name="any-user-service" abstract="true"/>
  <xs:group name="custom-filter">
--- a/core/src/test/java/org/springframework/security/config/JdbcUserServiceBeanDefinitionParserTests.java
+++ b/core/src/test/java/org/springframework/security/config/JdbcUserServiceBeanDefinitionParserTests.java
@ -52,6 +52,16 @@ public class JdbcUserServiceBeanDefinitionParserTests {
        JdbcUserDetailsManager mgr = (JdbcUserDetailsManager) appContext.getBean("myUserService");
    }

+    @Test
+    public void usernameAndGroupQueriesAreParsedCorrectly() {
+        setContext("<jdbc-user-service id='myUserService' " +
+        		"data-source-ref='dataSource' " +
+        		"users-by-username-query='select username,password,enabled from users where username = ?' " +
+        		"authorities-by-username-query='select username,authority from authorities where username = ?'/>" + DATA_SOURCE);
+        JdbcUserDetailsManager mgr = (JdbcUserDetailsManager) appContext.getBean("myUserService");
+        assertTrue(mgr.loadUserByUsername("rod") != null);
+    }
+    
    @Test
    public void cacheRefIsparsedCorrectly() {
        setContext("<jdbc-user-service id='myUserService' cache-ref='userCache' data-source-ref='dataSource'/>"