AuthorityGranter.grant now returns a java.util.Set of role names, instead of a single role name

core/src/main/java/org/acegisecurity/providers/jaas/AuthorityGranter.java

@@ -1,4 +1,4 @@
-/* Copyright 2004 Acegi Technology Pty Limited
+/* Copyright 2004, 2005 Acegi Technology Pty Limited
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -17,10 +17,12 @@ package net.sf.acegisecurity.providers.jaas;
 
 import java.security.Principal;
 
+import java.util.Set;
+
 
 /**
- * The AuthorityGranter interface is used to map a given principal to a role
- * name.
+ * The AuthorityGranter interface is used to map a given principal to role
+ * names.
  * 
  * <P>
  * If a Windows NT login module were to be used from JAAS, an AuthrityGranter
@@ -36,16 +38,18 @@ public interface AuthorityGranter {
 
     /**
      * The grant method is called for each principal returned from the
-     * LoginContext subject. If the AuthorityGranter wishes to grant
-     * authority, it should return the role name, such as ROLE_USER. If the
-     * AuthrityGranter does not wish to grant any authority it should return
-     * null.
+     * LoginContext subject. If the AuthorityGranter wishes to grant any
+     * authorities, it should return a java.util.Set containing the role names
+     * it wishes to grant, such as ROLE_USER. If the AuthrityGranter does not
+     * wish to grant any authorities it should return null. <br>
+     * The set may contain any object as all objects in the returned set will be
+     * passed to the JaasGrantedAuthority constructor using toString().
      *
-     * @param principal One of the principal from the
+     * @param principal One of the principals from the
      *        LoginContext.getSubect().getPrincipals() method.
      *
-     * @return The name of a role to grant, or null meaning no role should be
-     *         granted.
+     * @return A java.util.Set of role names to grant, or null meaning no
+     *         roles should be granted for the principal.
      */
-    public String grant(Principal principal);
+    public Set grant(Principal principal);
 }

core/src/main/java/org/acegisecurity/providers/jaas/JaasAuthenticationProvider.java

@@ -353,15 +353,19 @@ public class JaasAuthenticationProvider implements AuthenticationProvider,
 
                     for (int i = 0; i < authorityGranters.length; i++) {
                         AuthorityGranter granter = authorityGranters[i];
-                        String role = granter.grant(principal);
+                        Set roles = granter.grant(principal);
 
-                        //If the granter doesn't wish to grant any authority, it should return null.
-                        if (role != null) {
+                        //If the granter doesn't wish to grant any authorities, it should return null.
+                        if ((roles != null) && !roles.isEmpty()) {
+                            for (Iterator roleIterator = roles.iterator();
+                                roleIterator.hasNext();) {
+                                String role = roleIterator.next().toString();
                                 authorities.add(new JaasGrantedAuthority(role,
                                         principal));
                             }
                         }
                     }
+                }
 
                 //Convert the authorities set back to an array and apply it to the token.
                 token.setAuthorities((GrantedAuthority[]) authorities.toArray(

core/src/test/java/org/acegisecurity/providers/jaas/JaasAuthenticationProviderTests.java

@@ -141,13 +141,16 @@ public class JaasAuthenticationProviderTests extends TestCase {
 
         List list = Arrays.asList(auth.getAuthorities());
 
-        assertTrue("GrantedAuthorities does not contain ROLE_TEST",
-                list.contains(new GrantedAuthorityImpl("ROLE_TEST")));
+        assertTrue("GrantedAuthorities should contain ROLE_TEST1",
+                list.contains(new GrantedAuthorityImpl("ROLE_TEST1")));
 
-        assertTrue("GrantedAuthorities does not contain ROLE_1",
+        assertTrue("GrantedAuthorities should contain ROLE_TEST2",
+                list.contains(new GrantedAuthorityImpl("ROLE_TEST2")));
+
+        assertTrue("GrantedAuthorities should contain ROLE_1",
                 list.contains(role1));
 
-        assertTrue("GrantedAuthorities does not contain ROLE_2",
+        assertTrue("GrantedAuthorities should contain ROLE_2",
                 list.contains(role2));
 
         boolean foundit = false;
@@ -195,8 +198,8 @@ public class JaasAuthenticationProviderTests extends TestCase {
         assertTrue(jaasProvider.supports(UsernamePasswordAuthenticationToken.class));
 
         Authentication auth = jaasProvider.authenticate(token);
-        assertTrue("Only ROLE_TEST should have been returned",
-                auth.getAuthorities().length == 1);
+        assertTrue("Only ROLE_TEST1 and ROLE_TEST2 should have been returned",
+                auth.getAuthorities().length == 2);
     }
 
     public void testGetApplicationContext() throws Exception {

core/src/test/java/org/acegisecurity/providers/jaas/TestAuthorityGranter.java

@@ -1,4 +1,4 @@
-/* Copyright 2004 Acegi Technology Pty Limited
+/* Copyright 2004, 2005 Acegi Technology Pty Limited
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -17,6 +17,9 @@ package net.sf.acegisecurity.providers.jaas;
 
 import java.security.Principal;
 
+import java.util.HashSet;
+import java.util.Set;
+
 
 /**
  * DOCUMENT ME!
@@ -27,13 +30,14 @@ import java.security.Principal;
 public class TestAuthorityGranter implements AuthorityGranter {
     //~ Methods ================================================================
 
-    public String grant(Principal principal) {
-        String role = null;
+    public Set grant(Principal principal) {
+        Set rtnSet = new HashSet();
 
         if (principal.getName().equals("TEST_PRINCIPAL")) {
-            role = "ROLE_TEST";
+            rtnSet.add("ROLE_TEST1");
+            rtnSet.add("ROLE_TEST2");
         }
 
-        return role;
+        return rtnSet;
     }
 }

doc/xdocs/changes.xml

@@ -27,6 +27,7 @@
   <body>
     <release version="0.9.0" date="In CVS">
       <action dev="benalex" type="update">AnonymousProcessingFilter offers protected method to control when it should execute</action>
+      <action dev="raykrueger" type="update">AuthorityGranter.grant now returns a java.util.Set of role names, instead of a single role name</action>  
     </release>
     <release version="0.8.2" date="2005-04-20">
       <action dev="benalex" type="fix">Correct location of AuthenticationSimpleHttpInvokerRequestExecutor in clientContext.xml</action>