Allow override of SwitchUserFilter.ROLE_PREVIOUS_ADMINISTRATOR
Fixes gh-3697
This commit is contained in:
Andrei Ivanov
Rob Winch
parent
2fac7dfb15
commit
9008a7af1d
|
|
@ -123,6 +123,7 @@ public class SwitchUserFilter extends GenericFilterBean implements
|
|||
private String targetUrl;
|
||||
private String switchFailureUrl;
|
||||
private String usernameParameter = SPRING_SECURITY_SWITCH_USERNAME_KEY;
|
||||
private String switchAuthorityRole = ROLE_PREVIOUS_ADMINISTRATOR;
|
||||
private SwitchUserAuthorityChanger switchUserAuthorityChanger;
|
||||
private UserDetailsService userDetailsService;
|
||||
private UserDetailsChecker userDetailsChecker = new AccountStatusUserDetailsChecker();
|
||||
|
|
@ -319,7 +320,7 @@ public class SwitchUserFilter extends GenericFilterBean implements
|
|||
}
|
||||
|
||||
GrantedAuthority switchAuthority = new SwitchUserGrantedAuthority(
|
||||
ROLE_PREVIOUS_ADMINISTRATOR, currentAuth);
|
||||
switchAuthorityRole, currentAuth);
|
||||
|
||||
// get the original authorities
|
||||
Collection<? extends GrantedAuthority> orig = targetUser.getAuthorities();
|
||||
|
|
@ -527,6 +528,16 @@ public class SwitchUserFilter extends GenericFilterBean implements
|
|||
this.usernameParameter = usernameParameter;
|
||||
}
|
||||
|
||||
/**
|
||||
* Allows the role of the switchAuthority to be customized.
|
||||
*
|
||||
* @param switchAuthorityRole the role name. Defaults to {@link #ROLE_PREVIOUS_ADMINISTRATOR}
|
||||
*/
|
||||
public void setSwitchAuthorityRole(String switchAuthorityRole) {
|
||||
Assert.notNull(switchAuthorityRole, "switchAuthorityRole cannot be null");
|
||||
this.switchAuthorityRole = switchAuthorityRole;
|
||||
}
|
||||
|
||||
/**
|
||||
* Strips any content after the ';' in the request URI
|
||||
*
|
||||
|
|
|
|||
|
|
@ -19,6 +19,7 @@ import static org.junit.Assert.*;
|
|||
import static org.mockito.Mockito.*;
|
||||
|
||||
import org.junit.*;
|
||||
import org.junit.rules.ExpectedException;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.security.authentication.AccountExpiredException;
|
||||
|
|
@ -52,6 +53,8 @@ import java.util.*;
|
|||
public class SwitchUserFilterTests {
|
||||
private final static List<GrantedAuthority> ROLES_12 = AuthorityUtils
|
||||
.createAuthorityList("ROLE_ONE", "ROLE_TWO");
|
||||
@Rule
|
||||
public ExpectedException thrown = ExpectedException.none();
|
||||
|
||||
@Before
|
||||
public void authenticateCurrentUser() {
|
||||
|
|
@ -86,6 +89,17 @@ public class SwitchUserFilterTests {
|
|||
|
||||
}
|
||||
|
||||
private Authentication switchToUserWithAuthorityRole(String name, String switchAuthorityRole) {
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
request.addParameter(SwitchUserFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, name);
|
||||
|
||||
SwitchUserFilter filter = new SwitchUserFilter();
|
||||
filter.setUserDetailsService(new MockUserDetailsService());
|
||||
filter.setSwitchAuthorityRole(switchAuthorityRole);
|
||||
|
||||
return filter.attemptSwitchUser(request);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void requiresExitUserMatchesCorrectly() {
|
||||
SwitchUserFilter filter = new SwitchUserFilter();
|
||||
|
|
@ -412,9 +426,44 @@ public class SwitchUserFilterTests {
|
|||
}
|
||||
}
|
||||
|
||||
assertNotNull(switchedFrom);
|
||||
assertSame(source, switchedFrom.getSource());
|
||||
}
|
||||
|
||||
// gh-3697
|
||||
@Test
|
||||
public void switchAuthorityRoleCannotBeNull() throws Exception {
|
||||
thrown.expect(IllegalArgumentException.class);
|
||||
thrown.expectMessage("switchAuthorityRole cannot be null");
|
||||
switchToUserWithAuthorityRole("dano", null);
|
||||
}
|
||||
|
||||
// gh-3697
|
||||
@Test
|
||||
public void switchAuthorityRoleCanBeChanged() throws Exception {
|
||||
String switchAuthorityRole = "PREVIOUS_ADMINISTRATOR";
|
||||
|
||||
// original user
|
||||
UsernamePasswordAuthenticationToken source = new UsernamePasswordAuthenticationToken(
|
||||
"orig", "hawaii50", ROLES_12);
|
||||
SecurityContextHolder.getContext().setAuthentication(source);
|
||||
SecurityContextHolder.getContext().setAuthentication(switchToUser("jacklord"));
|
||||
Authentication switched = switchToUserWithAuthorityRole("dano", switchAuthorityRole);
|
||||
|
||||
SwitchUserGrantedAuthority switchedFrom = null;
|
||||
|
||||
for (GrantedAuthority ga : switched.getAuthorities()) {
|
||||
if (ga instanceof SwitchUserGrantedAuthority) {
|
||||
switchedFrom = (SwitchUserGrantedAuthority) ga;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
assertNotNull(switchedFrom);
|
||||
assertSame(source, switchedFrom.getSource());
|
||||
assertEquals(switchAuthorityRole, switchedFrom.getAuthority());
|
||||
}
|
||||
|
||||
// ~ Inner Classes
|
||||
// ==================================================================================================
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue