Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Finish refactoring JdbcDaoIml to remove MappingSqlQuery objects. Updated Javadoc to avoid user confusion.

This commit is contained in:
Luke Taylor 2008-12-16 18:55:38 +00:00
parent b24cc17dea
commit 74fd5fe8a4
2 changed files with 68 additions and 125 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

185
core/src/main/java/org/springframework/security/userdetails/jdbc/JdbcDaoImpl.java
View File

@ -15,37 +15,28 @@
package org.springframework.security.userdetails.jdbc; package org.springframework.security.userdetails.jdbc;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import org.springframework.context.ApplicationContextException;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.dao.DataAccessException;
import org.springframework.jdbc.core.RowMapper;
import org.springframework.jdbc.core.support.JdbcDaoSupport;
import org.springframework.security.GrantedAuthority; import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl; import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.SpringSecurityMessageSource; import org.springframework.security.SpringSecurityMessageSource;
import org.springframework.security.userdetails.User; import org.springframework.security.userdetails.User;
import org.springframework.security.userdetails.UserDetails; import org.springframework.security.userdetails.UserDetails;
import org.springframework.security.userdetails.UserDetailsService; import org.springframework.security.userdetails.UserDetailsService;
import org.springframework.security.userdetails.UsernameNotFoundException; import org.springframework.security.userdetails.UsernameNotFoundException;
import org.springframework.security.util.AuthorityUtils; import org.springframework.security.util.AuthorityUtils;
import org.springframework.context.ApplicationContextException;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.dao.DataAccessException;
import org.springframework.jdbc.core.SqlParameter;
import org.springframework.jdbc.core.support.JdbcDaoSupport;
import org.springframework.jdbc.object.MappingSqlQuery;
import org.springframework.util.Assert; import org.springframework.util.Assert;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Types;
import java.util.List;
import java.util.ArrayList;
import java.util.Set;
import java.util.HashSet;
import javax.sql.DataSource;
/** /**
* <tt>UserDetailsServiceRetrieves</tt> implementation which retrieves the user details * <tt>UserDetailsServiceRetrieves</tt> implementation which retrieves the user details
@ -105,26 +96,23 @@ public class JdbcDaoImpl extends JdbcDaoSupport implements UserDetailsService {
//~ Static fields/initializers ===================================================================================== //~ Static fields/initializers =====================================================================================
public static final String DEF_USERS_BY_USERNAME_QUERY = public static final String DEF_USERS_BY_USERNAME_QUERY =
"SELECT username,password,enabled " + "select username,password,enabled " +
"FROM users " + "from users " +
"WHERE username = ?"; "where username = ?";
public static final String DEF_AUTHORITIES_BY_USERNAME_QUERY = public static final String DEF_AUTHORITIES_BY_USERNAME_QUERY =
"SELECT username,authority " + "select username,authority " +
"FROM authorities " + "from authorities " +
"WHERE username = ?"; "where username = ?";
public static final String DEF_GROUP_AUTHORITIES_BY_USERNAME_QUERY = public static final String DEF_GROUP_AUTHORITIES_BY_USERNAME_QUERY =
"SELECT g.id, g.group_name, ga.authority " + "select g.id, g.group_name, ga.authority " +
"FROM groups g, group_members gm, group_authorities ga " + "from groups g, group_members gm, group_authorities ga " +
"WHERE gm.username = ? " + "where gm.username = ? " +
"AND g.id = ga.group_id " + "and g.id = ga.group_id " +
"AND g.id = gm.group_id"; "and g.id = gm.group_id";
//~ Instance fields ================================================================================================ //~ Instance fields ================================================================================================
protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor(); protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
private MappingSqlQuery authoritiesByUsernameMapping;
private MappingSqlQuery groupAuthoritiesByUsernameMapping;
private MappingSqlQuery usersByUsernameMapping;
private String authoritiesByUsernameQuery; private String authoritiesByUsernameQuery;
private String groupAuthoritiesByUsernameQuery; private String groupAuthoritiesByUsernameQuery;
@ -145,8 +133,7 @@ public class JdbcDaoImpl extends JdbcDaoSupport implements UserDetailsService {
//~ Methods ======================================================================================================== //~ Methods ========================================================================================================
/** /**
* Allows subclasses to add their own granted authorities to the list to be returned in the * Allows subclasses to add their own granted authorities to the list to be returned in the <tt>UserDetails</tt>.
* <code>User</code>.
* *
* @param username the username, for use by finder methods * @param username the username, for use by finder methods
* @param authorities the current granted authorities, as populated from the <code>authoritiesByUsername</code> * @param authorities the current granted authorities, as populated from the <code>authoritiesByUsername</code>
@ -160,16 +147,6 @@ public class JdbcDaoImpl extends JdbcDaoSupport implements UserDetailsService {
protected void initDao() throws ApplicationContextException { protected void initDao() throws ApplicationContextException {
Assert.isTrue(enableAuthorities || enableGroups, "Use of either authorities or groups must be enabled"); Assert.isTrue(enableAuthorities || enableGroups, "Use of either authorities or groups must be enabled");
initMappingSqlQueries();
}
/**
* Extension point to allow other MappingSqlQuery objects to be substituted in a subclass
*/
private void initMappingSqlQueries() {
this.usersByUsernameMapping = new UsersByUsernameMapping(getDataSource());
this.authoritiesByUsernameMapping = new AuthoritiesByUsernameMapping(getDataSource());
this.groupAuthoritiesByUsernameMapping = new GroupAuthoritiesByUsernameMapping(getDataSource());
} }
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException { public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
@ -180,7 +157,7 @@ public class JdbcDaoImpl extends JdbcDaoSupport implements UserDetailsService {
messages.getMessage("JdbcDaoImpl.notFound", new Object[]{username}, "Username {0} not found"), username); messages.getMessage("JdbcDaoImpl.notFound", new Object[]{username}, "Username {0} not found"), username);
} }
UserDetails user = (UserDetails) users.get(0); // contains no GrantedAuthority[] UserDetails user = users.get(0); // contains no GrantedAuthority[]
Set<GrantedAuthority> dbAuthsSet = new HashSet<GrantedAuthority>(); Set<GrantedAuthority> dbAuthsSet = new HashSet<GrantedAuthority>();
@ -206,24 +183,51 @@ public class JdbcDaoImpl extends JdbcDaoSupport implements UserDetailsService {
} }
/** /**
* Executes the <tt>usersByUsernameQuery</tt> and returns a list of UserDetails objects (there should normally * Executes the SQL <tt>usersByUsernameQuery</tt> and returns a list of UserDetails objects.
* only be one matching user). * There should normally only be one matching user.
*/ */
protected List<UserDetails> loadUsersByUsername(String username) { protected List<UserDetails> loadUsersByUsername(String username) {
return usersByUsernameMapping.execute(username); return getJdbcTemplate().query(usersByUsernameQuery, new String[] {username}, new RowMapper() {
public Object mapRow(ResultSet rs, int rowNum) throws SQLException {
String username = rs.getString(1);
String password = rs.getString(2);
boolean enabled = rs.getBoolean(3);
return new User(username, password, enabled, true, true, true, AuthorityUtils.NO_AUTHORITIES);
}
});
} }
/** /**
* Loads authorities by executing the authoritiesByUsernameQuery. * Loads authorities by executing the SQL from <tt>authoritiesByUsernameQuery</tt>.
* *
* @return a list of GrantedAuthority objects for the user * @return a list of GrantedAuthority objects for the user
*/ */
protected List<GrantedAuthority> loadUserAuthorities(String username) { protected List<GrantedAuthority> loadUserAuthorities(String username) {
return authoritiesByUsernameMapping.execute(username); return getJdbcTemplate().query(authoritiesByUsernameQuery, new String[] {username}, new RowMapper() {
public Object mapRow(ResultSet rs, int rowNum) throws SQLException {
String roleName = rolePrefix + rs.getString(2);
GrantedAuthorityImpl authority = new GrantedAuthorityImpl(roleName);
return authority;
}
});
} }
/**
* Loads authorities by executing the SQL from <tt>groupAuthoritiesByUsernameQuery</tt>.
*
* @return a list of GrantedAuthority objects for the user
*/
protected List<GrantedAuthority> loadGroupAuthorities(String username) { protected List<GrantedAuthority> loadGroupAuthorities(String username) {
return groupAuthoritiesByUsernameMapping.execute(username); return getJdbcTemplate().query(groupAuthoritiesByUsernameQuery, new String[] {username}, new RowMapper() {
public Object mapRow(ResultSet rs, int rowNum) throws SQLException {
String roleName = getRolePrefix() + rs.getString(3);
GrantedAuthorityImpl authority = new GrantedAuthorityImpl(roleName);
return authority;
}
});
} }
/** /**
@ -247,12 +251,12 @@ public class JdbcDaoImpl extends JdbcDaoSupport implements UserDetailsService {
} }
/** /**
* Allows the default query string used to retrieve authorities based on username to be overriden, if * Allows the default query string used to retrieve authorities based on username to be overridden, if
* default table or column names need to be changed. The default query is {@link * default table or column names need to be changed. The default query is {@link
* #DEF_AUTHORITIES_BY_USERNAME_QUERY}; when modifying this query, ensure that all returned columns are mapped * #DEF_AUTHORITIES_BY_USERNAME_QUERY}; when modifying this query, ensure that all returned columns are mapped
* back to the same column names as in the default query. * back to the same column names as in the default query.
* *
* @param queryString The query string to set * @param queryString The SQL query string to set
*/ */
public void setAuthoritiesByUsernameQuery(String queryString) { public void setAuthoritiesByUsernameQuery(String queryString) {
authoritiesByUsernameQuery = queryString; authoritiesByUsernameQuery = queryString;
@ -263,12 +267,12 @@ public class JdbcDaoImpl extends JdbcDaoSupport implements UserDetailsService {
} }
/** /**
* Allows the default query string used to retrieve group authorities based on username to be overriden, if * Allows the default query string used to retrieve group authorities based on username to be overridden, if
* default table or column names need to be changed. The default query is {@link * default table or column names need to be changed. The default query is {@link
* #DEF_GROUP_AUTHORITIES_BY_USERNAME_QUERY}; when modifying this query, ensure that all returned columns are mapped * #DEF_GROUP_AUTHORITIES_BY_USERNAME_QUERY}; when modifying this query, ensure that all returned columns are mapped
* back to the same column names as in the default query. * back to the same column names as in the default query.
* *
* @param queryString The query string to set * @param queryString The SQL query string to set
*/ */
public void setGroupAuthoritiesByUsernameQuery(String queryString) { public void setGroupAuthoritiesByUsernameQuery(String queryString) {
groupAuthoritiesByUsernameQuery = queryString; groupAuthoritiesByUsernameQuery = queryString;
@ -309,12 +313,14 @@ public class JdbcDaoImpl extends JdbcDaoSupport implements UserDetailsService {
} }
/** /**
* Allows the default query string used to retrieve users based on username to be overriden, if default * Allows the default query string used to retrieve users based on username to be overridden, if default
* table or column names need to be changed. The default query is {@link #DEF_USERS_BY_USERNAME_QUERY}; when * table or column names need to be changed. The default query is {@link #DEF_USERS_BY_USERNAME_QUERY}; when
* modifying this query, ensure that all returned columns are mapped back to the same column names as in the * modifying this query, ensure that all returned columns are mapped back to the same column names as in the
* default query. If the 'enabled' column does not exist in the source db, a permanent true value for this column * default query. If the 'enabled' column does not exist in the source database, a permanent true value for this
* may be returned by using a query similar to <br><pre> * column may be returned by using a query similar to
* "SELECT username,password,'true' as enabled FROM users WHERE username = ?"</pre> * <pre>
* "select username,password,'true' as enabled from users where username = ?"
* </pre>
* *
* @param usersByUsernameQueryString The query string to set * @param usersByUsernameQueryString The query string to set
*/ */
@ -344,59 +350,4 @@ public class JdbcDaoImpl extends JdbcDaoSupport implements UserDetailsService {
public void setEnableGroups(boolean enableGroups) { public void setEnableGroups(boolean enableGroups) {
this.enableGroups = enableGroups; this.enableGroups = enableGroups;
} }
//~ Inner Classes ==================================================================================================
/**
* Query object to look up a user's authorities.
*/
private class AuthoritiesByUsernameMapping extends MappingSqlQuery {
protected AuthoritiesByUsernameMapping(DataSource ds) {
super(ds, authoritiesByUsernameQuery);
declareParameter(new SqlParameter(Types.VARCHAR));
compile();
}
protected Object mapRow(ResultSet rs, int rownum) throws SQLException {
String roleName = rolePrefix + rs.getString(2);
GrantedAuthorityImpl authority = new GrantedAuthorityImpl(roleName);
return authority;
}
}
private class GroupAuthoritiesByUsernameMapping extends MappingSqlQuery {
protected GroupAuthoritiesByUsernameMapping(DataSource ds) {
super(ds, groupAuthoritiesByUsernameQuery);
declareParameter(new SqlParameter(Types.VARCHAR));
compile();
}
protected Object mapRow(ResultSet rs, int rownum) throws SQLException {
String roleName = rolePrefix + rs.getString(3);
GrantedAuthorityImpl authority = new GrantedAuthorityImpl(roleName);
return authority;
}
}
/**
* Query object to look up a user.
*/
private class UsersByUsernameMapping extends MappingSqlQuery {
protected UsersByUsernameMapping(DataSource ds) {
super(ds, usersByUsernameQuery);
declareParameter(new SqlParameter(Types.VARCHAR));
compile();
}
protected Object mapRow(ResultSet rs, int rownum) throws SQLException {
String username = rs.getString(1);
String password = rs.getString(2);
boolean enabled = rs.getBoolean(3);
UserDetails user = new User(username, password, enabled, true, true, true, AuthorityUtils.NO_AUTHORITIES);
return user;
}
}
} }

8
core/src/test/java/org/springframework/security/userdetails/jdbc/JdbcDaoImplTests.java
View File

@ -37,14 +37,6 @@ import java.util.HashSet;
* @version $Id$ * @version $Id$
*/ */
public class JdbcDaoImplTests extends TestCase { public class JdbcDaoImplTests extends TestCase {
//~ Constructors ===================================================================================================
public JdbcDaoImplTests() {
}
public JdbcDaoImplTests(String arg0) {
super(arg0);
}
//~ Methods ======================================================================================================== //~ Methods ========================================================================================================