From 6f286e205420f953f8b3e5775a9d7d84c5c4061a Mon Sep 17 00:00:00 2001 From: Ray Krueger Date: Wed, 27 Apr 2005 03:39:06 +0000 Subject: [PATCH] AuthorityGranter.grant now returns a java.util.Set of role names, instead of a single role name --- .../providers/jaas/AuthorityGranter.java | 26 +++++++++++-------- .../jaas/JaasAuthenticationProvider.java | 14 ++++++---- .../jaas/JaasAuthenticationProviderTests.java | 15 ++++++----- .../providers/jaas/TestAuthorityGranter.java | 14 ++++++---- doc/xdocs/changes.xml | 1 + 5 files changed, 43 insertions(+), 27 deletions(-) diff --git a/core/src/main/java/org/acegisecurity/providers/jaas/AuthorityGranter.java b/core/src/main/java/org/acegisecurity/providers/jaas/AuthorityGranter.java index df344c6c8b..532cde8bef 100644 --- a/core/src/main/java/org/acegisecurity/providers/jaas/AuthorityGranter.java +++ b/core/src/main/java/org/acegisecurity/providers/jaas/AuthorityGranter.java @@ -1,4 +1,4 @@ -/* Copyright 2004 Acegi Technology Pty Limited +/* Copyright 2004, 2005 Acegi Technology Pty Limited * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -17,10 +17,12 @@ package net.sf.acegisecurity.providers.jaas; import java.security.Principal; +import java.util.Set; + /** - * The AuthorityGranter interface is used to map a given principal to a role - * name. + * The AuthorityGranter interface is used to map a given principal to role + * names. * *

* If a Windows NT login module were to be used from JAAS, an AuthrityGranter @@ -36,16 +38,18 @@ public interface AuthorityGranter { /** * The grant method is called for each principal returned from the - * LoginContext subject. If the AuthorityGranter wishes to grant - * authority, it should return the role name, such as ROLE_USER. If the - * AuthrityGranter does not wish to grant any authority it should return - * null. + * LoginContext subject. If the AuthorityGranter wishes to grant any + * authorities, it should return a java.util.Set containing the role names + * it wishes to grant, such as ROLE_USER. If the AuthrityGranter does not + * wish to grant any authorities it should return null.
+ * The set may contain any object as all objects in the returned set will be + * passed to the JaasGrantedAuthority constructor using toString(). * - * @param principal One of the principal from the + * @param principal One of the principals from the * LoginContext.getSubect().getPrincipals() method. * - * @return The name of a role to grant, or null meaning no role should be - * granted. + * @return A java.util.Set of role names to grant, or null meaning no + * roles should be granted for the principal. */ - public String grant(Principal principal); + public Set grant(Principal principal); } diff --git a/core/src/main/java/org/acegisecurity/providers/jaas/JaasAuthenticationProvider.java b/core/src/main/java/org/acegisecurity/providers/jaas/JaasAuthenticationProvider.java index 07adc16e1e..231f592004 100644 --- a/core/src/main/java/org/acegisecurity/providers/jaas/JaasAuthenticationProvider.java +++ b/core/src/main/java/org/acegisecurity/providers/jaas/JaasAuthenticationProvider.java @@ -353,12 +353,16 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, for (int i = 0; i < authorityGranters.length; i++) { AuthorityGranter granter = authorityGranters[i]; - String role = granter.grant(principal); + Set roles = granter.grant(principal); - //If the granter doesn't wish to grant any authority, it should return null. - if (role != null) { - authorities.add(new JaasGrantedAuthority(role, - principal)); + //If the granter doesn't wish to grant any authorities, it should return null. + if ((roles != null) && !roles.isEmpty()) { + for (Iterator roleIterator = roles.iterator(); + roleIterator.hasNext();) { + String role = roleIterator.next().toString(); + authorities.add(new JaasGrantedAuthority(role, + principal)); + } } } } diff --git a/core/src/test/java/org/acegisecurity/providers/jaas/JaasAuthenticationProviderTests.java b/core/src/test/java/org/acegisecurity/providers/jaas/JaasAuthenticationProviderTests.java index fe5e47a82c..4244510844 100644 --- a/core/src/test/java/org/acegisecurity/providers/jaas/JaasAuthenticationProviderTests.java +++ b/core/src/test/java/org/acegisecurity/providers/jaas/JaasAuthenticationProviderTests.java @@ -141,13 +141,16 @@ public class JaasAuthenticationProviderTests extends TestCase { List list = Arrays.asList(auth.getAuthorities()); - assertTrue("GrantedAuthorities does not contain ROLE_TEST", - list.contains(new GrantedAuthorityImpl("ROLE_TEST"))); + assertTrue("GrantedAuthorities should contain ROLE_TEST1", + list.contains(new GrantedAuthorityImpl("ROLE_TEST1"))); - assertTrue("GrantedAuthorities does not contain ROLE_1", + assertTrue("GrantedAuthorities should contain ROLE_TEST2", + list.contains(new GrantedAuthorityImpl("ROLE_TEST2"))); + + assertTrue("GrantedAuthorities should contain ROLE_1", list.contains(role1)); - assertTrue("GrantedAuthorities does not contain ROLE_2", + assertTrue("GrantedAuthorities should contain ROLE_2", list.contains(role2)); boolean foundit = false; @@ -195,8 +198,8 @@ public class JaasAuthenticationProviderTests extends TestCase { assertTrue(jaasProvider.supports(UsernamePasswordAuthenticationToken.class)); Authentication auth = jaasProvider.authenticate(token); - assertTrue("Only ROLE_TEST should have been returned", - auth.getAuthorities().length == 1); + assertTrue("Only ROLE_TEST1 and ROLE_TEST2 should have been returned", + auth.getAuthorities().length == 2); } public void testGetApplicationContext() throws Exception { diff --git a/core/src/test/java/org/acegisecurity/providers/jaas/TestAuthorityGranter.java b/core/src/test/java/org/acegisecurity/providers/jaas/TestAuthorityGranter.java index 8f1b5a9ea3..7421299cbc 100644 --- a/core/src/test/java/org/acegisecurity/providers/jaas/TestAuthorityGranter.java +++ b/core/src/test/java/org/acegisecurity/providers/jaas/TestAuthorityGranter.java @@ -1,4 +1,4 @@ -/* Copyright 2004 Acegi Technology Pty Limited +/* Copyright 2004, 2005 Acegi Technology Pty Limited * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -17,6 +17,9 @@ package net.sf.acegisecurity.providers.jaas; import java.security.Principal; +import java.util.HashSet; +import java.util.Set; + /** * DOCUMENT ME! @@ -27,13 +30,14 @@ import java.security.Principal; public class TestAuthorityGranter implements AuthorityGranter { //~ Methods ================================================================ - public String grant(Principal principal) { - String role = null; + public Set grant(Principal principal) { + Set rtnSet = new HashSet(); if (principal.getName().equals("TEST_PRINCIPAL")) { - role = "ROLE_TEST"; + rtnSet.add("ROLE_TEST1"); + rtnSet.add("ROLE_TEST2"); } - return role; + return rtnSet; } } diff --git a/doc/xdocs/changes.xml b/doc/xdocs/changes.xml index bb2a347825..646f00f6df 100644 --- a/doc/xdocs/changes.xml +++ b/doc/xdocs/changes.xml @@ -27,6 +27,7 @@ AnonymousProcessingFilter offers protected method to control when it should execute + AuthorityGranter.grant now returns a java.util.Set of role names, instead of a single role name Correct location of AuthenticationSimpleHttpInvokerRequestExecutor in clientContext.xml