Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SEC-1542: Add a setter for the UserDetailsChecker in AbstractRememberMeServices.

This commit is contained in:
Luke Taylor 2010-11-02 13:41:59 +00:00
parent 2671e52d5a
commit 84efffb937
2 changed files with 18 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java
View File

@ -46,7 +46,7 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
protected final MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
private UserDetailsService userDetailsService;
private final UserDetailsChecker userDetailsChecker = new AccountStatusUserDetailsChecker();
private UserDetailsChecker userDetailsChecker = new AccountStatusUserDetailsChecker();
private AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource = new WebAuthenticationDetailsSource();
private String cookieName = SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY;
@ -403,4 +403,18 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
Assert.notNull(authenticationDetailsSource, "AuthenticationDetailsSource cannot be null");
this.authenticationDetailsSource = authenticationDetailsSource;
}
/**
* Sets the strategy to be used to validate the {@code UserDetails} object obtained for
* the user when processing a remember-me cookie to automatically log in a user.
*
* @param userDetailsChecker
* the strategy which will be passed the user object to allow it to be rejected if account should not
* be allowed to authenticate (if it is locked, for example). Defaults to a
* {@code AccountStatusUserDetailsChecker} instance.
*
*/
public void setUserDetailsChecker(UserDetailsChecker userDetailsChecker) {
this.userDetailsChecker = userDetailsChecker;
}
}

4
web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java
View File

@ -10,6 +10,7 @@ import javax.servlet.http.HttpServletResponse;
import org.junit.Test;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.authentication.AccountStatusUserDetailsChecker;
import org.springframework.security.authentication.AuthenticationDetailsSource;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
@ -36,7 +37,7 @@ public class AbstractRememberMeServicesTests {
new MockRememberMeServices().decodeCookie("nonBase64CookieValue%");
}
@Test
@Test
public void setAndGetAreConsistent() throws Exception {
MockRememberMeServices services = new MockRememberMeServices();
assertNotNull(services.getCookieName());
@ -189,6 +190,7 @@ public class AbstractRememberMeServicesTests {
@Test
public void autoLoginShouldFailIfUserAccountIsLocked() {
MockRememberMeServices services = new MockRememberMeServices();
services.setUserDetailsChecker(new AccountStatusUserDetailsChecker());
User joeLocked = new User("joe", "password",false,true,true,true,joe.getAuthorities());
services.setUserDetailsService(new MockUserDetailsService(joeLocked, false));