Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SEC-374: Allow GrantedAuthority[]s assigned to switched user identity to be filtered.

This commit is contained in:
Ben Alex 2006-11-14 05:49:56 +00:00
parent 13ef76801f
commit 775840a565
2 changed files with 44 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
core/src/main/java/org/acegisecurity/ui/switchuser/SwitchUserAuthorityChanger.java Normal file
View File

@ -0,0 +1,30 @@
package org.acegisecurity.ui.switchuser;
import java.util.List;
import org.acegisecurity.Authentication;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.userdetails.UserDetails;
/**
* Allows subclasses to modify the {@link GrantedAuthority} list that will be assigned to the principal
* when they assume the identity of a different principal.
*
* <p>Configured against the {@link SwitchUserProcessingFilter}.
*
* @author Ben Alex
* @version $Id$
*
*/
public interface SwitchUserAuthorityChanger {
/**
* Allow subclasses to add or remove authorities that will be granted when in switch user mode.
*
* @param targetUser the UserDetails representing the identity being switched to
* @param currentAuthentication the current Authentication of the principal performing the switching
* @param authoritiesToBeGranted all {@link GrantedAuthority} instances to be granted to the user,
* excluding the special "switch user" authority that is used internally (guaranteed never null)
*/
public void modifyGrantedAuthorities(UserDetails targetUser, Authentication currentAuthentication, List authoritiesToBeGranted);
}

14
core/src/main/java/org/acegisecurity/ui/switchuser/SwitchUserProcessingFilter.java
View File

@ -115,6 +115,7 @@ public class SwitchUserProcessingFilter implements Filter, InitializingBean, App
private String exitUserUrl = "/j_acegi_exit_user"; private String exitUserUrl = "/j_acegi_exit_user";
private String switchUserUrl = "/j_acegi_switch_user"; private String switchUserUrl = "/j_acegi_switch_user";
private String targetUrl; private String targetUrl;
private SwitchUserAuthorityChanger switchUserAuthorityChanger;
// ~ Instance fields // ~ Instance fields
// ======================================================== // ========================================================
@ -277,6 +278,11 @@ public class SwitchUserProcessingFilter implements Filter, InitializingBean, App
// get the original authorities // get the original authorities
List orig = Arrays.asList(targetUser.getAuthorities()); List orig = Arrays.asList(targetUser.getAuthorities());
// Allow subclasses to change the authorities to be granted
if (switchUserAuthorityChanger != null) {
switchUserAuthorityChanger.modifyGrantedAuthorities(targetUser, currentAuth, orig);
}
// add the new switch user authority // add the new switch user authority
List newAuths = new ArrayList(orig); List newAuths = new ArrayList(orig);
newAuths.add(switchAuthority); newAuths.add(switchAuthority);
@ -460,4 +466,12 @@ public class SwitchUserProcessingFilter implements Filter, InitializingBean, App
return uri; return uri;
} }
/**
* @param switchUserAuthorityChanger to use to fine-tune the authorities granted to subclasses (may be null if
* SwitchUserProcessingFilter shoudl not fine-tune the authorities)
*/
public void setSwitchUserAuthorityChanger(SwitchUserAuthorityChanger switchUserAuthorityChanger) {
this.switchUserAuthorityChanger = switchUserAuthorityChanger;
}
} }