AuthorityGranter.grant now returns a java.util.Set of role names, instead of a single role name
This commit is contained in:
parent
c29a5731be
commit
6f286e2054
|
@ -1,4 +1,4 @@
|
|||
/* Copyright 2004 Acegi Technology Pty Limited
|
||||
/* Copyright 2004, 2005 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -17,10 +17,12 @@ package net.sf.acegisecurity.providers.jaas;
|
|||
|
||||
import java.security.Principal;
|
||||
|
||||
import java.util.Set;
|
||||
|
||||
|
||||
/**
|
||||
* The AuthorityGranter interface is used to map a given principal to a role
|
||||
* name.
|
||||
* The AuthorityGranter interface is used to map a given principal to role
|
||||
* names.
|
||||
*
|
||||
* <P>
|
||||
* If a Windows NT login module were to be used from JAAS, an AuthrityGranter
|
||||
|
@ -36,16 +38,18 @@ public interface AuthorityGranter {
|
|||
|
||||
/**
|
||||
* The grant method is called for each principal returned from the
|
||||
* LoginContext subject. If the AuthorityGranter wishes to grant
|
||||
* authority, it should return the role name, such as ROLE_USER. If the
|
||||
* AuthrityGranter does not wish to grant any authority it should return
|
||||
* null.
|
||||
* LoginContext subject. If the AuthorityGranter wishes to grant any
|
||||
* authorities, it should return a java.util.Set containing the role names
|
||||
* it wishes to grant, such as ROLE_USER. If the AuthrityGranter does not
|
||||
* wish to grant any authorities it should return null. <br>
|
||||
* The set may contain any object as all objects in the returned set will be
|
||||
* passed to the JaasGrantedAuthority constructor using toString().
|
||||
*
|
||||
* @param principal One of the principal from the
|
||||
* @param principal One of the principals from the
|
||||
* LoginContext.getSubect().getPrincipals() method.
|
||||
*
|
||||
* @return The name of a role to grant, or null meaning no role should be
|
||||
* granted.
|
||||
* @return A java.util.Set of role names to grant, or null meaning no
|
||||
* roles should be granted for the principal.
|
||||
*/
|
||||
public String grant(Principal principal);
|
||||
public Set grant(Principal principal);
|
||||
}
|
||||
|
|
|
@ -353,15 +353,19 @@ public class JaasAuthenticationProvider implements AuthenticationProvider,
|
|||
|
||||
for (int i = 0; i < authorityGranters.length; i++) {
|
||||
AuthorityGranter granter = authorityGranters[i];
|
||||
String role = granter.grant(principal);
|
||||
Set roles = granter.grant(principal);
|
||||
|
||||
//If the granter doesn't wish to grant any authority, it should return null.
|
||||
if (role != null) {
|
||||
//If the granter doesn't wish to grant any authorities, it should return null.
|
||||
if ((roles != null) && !roles.isEmpty()) {
|
||||
for (Iterator roleIterator = roles.iterator();
|
||||
roleIterator.hasNext();) {
|
||||
String role = roleIterator.next().toString();
|
||||
authorities.add(new JaasGrantedAuthority(role,
|
||||
principal));
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
//Convert the authorities set back to an array and apply it to the token.
|
||||
token.setAuthorities((GrantedAuthority[]) authorities.toArray(
|
||||
|
|
|
@ -141,13 +141,16 @@ public class JaasAuthenticationProviderTests extends TestCase {
|
|||
|
||||
List list = Arrays.asList(auth.getAuthorities());
|
||||
|
||||
assertTrue("GrantedAuthorities does not contain ROLE_TEST",
|
||||
list.contains(new GrantedAuthorityImpl("ROLE_TEST")));
|
||||
assertTrue("GrantedAuthorities should contain ROLE_TEST1",
|
||||
list.contains(new GrantedAuthorityImpl("ROLE_TEST1")));
|
||||
|
||||
assertTrue("GrantedAuthorities does not contain ROLE_1",
|
||||
assertTrue("GrantedAuthorities should contain ROLE_TEST2",
|
||||
list.contains(new GrantedAuthorityImpl("ROLE_TEST2")));
|
||||
|
||||
assertTrue("GrantedAuthorities should contain ROLE_1",
|
||||
list.contains(role1));
|
||||
|
||||
assertTrue("GrantedAuthorities does not contain ROLE_2",
|
||||
assertTrue("GrantedAuthorities should contain ROLE_2",
|
||||
list.contains(role2));
|
||||
|
||||
boolean foundit = false;
|
||||
|
@ -195,8 +198,8 @@ public class JaasAuthenticationProviderTests extends TestCase {
|
|||
assertTrue(jaasProvider.supports(UsernamePasswordAuthenticationToken.class));
|
||||
|
||||
Authentication auth = jaasProvider.authenticate(token);
|
||||
assertTrue("Only ROLE_TEST should have been returned",
|
||||
auth.getAuthorities().length == 1);
|
||||
assertTrue("Only ROLE_TEST1 and ROLE_TEST2 should have been returned",
|
||||
auth.getAuthorities().length == 2);
|
||||
}
|
||||
|
||||
public void testGetApplicationContext() throws Exception {
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* Copyright 2004 Acegi Technology Pty Limited
|
||||
/* Copyright 2004, 2005 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -17,6 +17,9 @@ package net.sf.acegisecurity.providers.jaas;
|
|||
|
||||
import java.security.Principal;
|
||||
|
||||
import java.util.HashSet;
|
||||
import java.util.Set;
|
||||
|
||||
|
||||
/**
|
||||
* DOCUMENT ME!
|
||||
|
@ -27,13 +30,14 @@ import java.security.Principal;
|
|||
public class TestAuthorityGranter implements AuthorityGranter {
|
||||
//~ Methods ================================================================
|
||||
|
||||
public String grant(Principal principal) {
|
||||
String role = null;
|
||||
public Set grant(Principal principal) {
|
||||
Set rtnSet = new HashSet();
|
||||
|
||||
if (principal.getName().equals("TEST_PRINCIPAL")) {
|
||||
role = "ROLE_TEST";
|
||||
rtnSet.add("ROLE_TEST1");
|
||||
rtnSet.add("ROLE_TEST2");
|
||||
}
|
||||
|
||||
return role;
|
||||
return rtnSet;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -27,6 +27,7 @@
|
|||
<body>
|
||||
<release version="0.9.0" date="In CVS">
|
||||
<action dev="benalex" type="update">AnonymousProcessingFilter offers protected method to control when it should execute</action>
|
||||
<action dev="raykrueger" type="update">AuthorityGranter.grant now returns a java.util.Set of role names, instead of a single role name</action>
|
||||
</release>
|
||||
<release version="0.8.2" date="2005-04-20">
|
||||
<action dev="benalex" type="fix">Correct location of AuthenticationSimpleHttpInvokerRequestExecutor in clientContext.xml</action>
|
||||
|
|
Loading…
Reference in New Issue