Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-28 14:52:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Allow override of SwitchUserFilter.ROLE_PREVIOUS_ADMINISTRATOR

Browse Source 
Fixes gh-3697
This commit is contained in:
Andrei Ivanov 2016-02-12 16:43:29 +02:00 committed by Rob Winch
parent 2fac7dfb15
commit 9008a7af1d
2 changed files with 61 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilter.java
View File

@ -123,6 +123,7 @@ public class SwitchUserFilter extends GenericFilterBean implements
private String targetUrl; private String targetUrl;
private String switchFailureUrl; private String switchFailureUrl;
private String usernameParameter = SPRING_SECURITY_SWITCH_USERNAME_KEY; private String usernameParameter = SPRING_SECURITY_SWITCH_USERNAME_KEY;
private String switchAuthorityRole = ROLE_PREVIOUS_ADMINISTRATOR;
private SwitchUserAuthorityChanger switchUserAuthorityChanger; private SwitchUserAuthorityChanger switchUserAuthorityChanger;
private UserDetailsService userDetailsService; private UserDetailsService userDetailsService;
private UserDetailsChecker userDetailsChecker = new AccountStatusUserDetailsChecker(); private UserDetailsChecker userDetailsChecker = new AccountStatusUserDetailsChecker();
@ -319,7 +320,7 @@ public class SwitchUserFilter extends GenericFilterBean implements
} }
GrantedAuthority switchAuthority = new SwitchUserGrantedAuthority( GrantedAuthority switchAuthority = new SwitchUserGrantedAuthority(
ROLE_PREVIOUS_ADMINISTRATOR, currentAuth); switchAuthorityRole, currentAuth);
// get the original authorities // get the original authorities
Collection<? extends GrantedAuthority> orig = targetUser.getAuthorities(); Collection<? extends GrantedAuthority> orig = targetUser.getAuthorities();
@ -527,6 +528,16 @@ public class SwitchUserFilter extends GenericFilterBean implements
this.usernameParameter = usernameParameter; this.usernameParameter = usernameParameter;
} }
/**
* Allows the role of the switchAuthority to be customized.
*
* @param switchAuthorityRole the role name. Defaults to {@link #ROLE_PREVIOUS_ADMINISTRATOR}
*/
public void setSwitchAuthorityRole(String switchAuthorityRole) {
Assert.notNull(switchAuthorityRole, "switchAuthorityRole cannot be null");
this.switchAuthorityRole = switchAuthorityRole;
}
/** /**
* Strips any content after the ';' in the request URI * Strips any content after the ';' in the request URI
* *

49
web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java
View File

@ -19,6 +19,7 @@ import static org.junit.Assert.*;
import static org.mockito.Mockito.*; import static org.mockito.Mockito.*;
import org.junit.*; import org.junit.*;
import org.junit.rules.ExpectedException;
import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse; import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.authentication.AccountExpiredException; import org.springframework.security.authentication.AccountExpiredException;
@ -52,6 +53,8 @@ import java.util.*;
public class SwitchUserFilterTests { public class SwitchUserFilterTests {
private final static List<GrantedAuthority> ROLES_12 = AuthorityUtils private final static List<GrantedAuthority> ROLES_12 = AuthorityUtils
.createAuthorityList("ROLE_ONE", "ROLE_TWO"); .createAuthorityList("ROLE_ONE", "ROLE_TWO");
@Rule
public ExpectedException thrown = ExpectedException.none();
@Before @Before
public void authenticateCurrentUser() { public void authenticateCurrentUser() {
@ -86,6 +89,17 @@ public class SwitchUserFilterTests {
} }
private Authentication switchToUserWithAuthorityRole(String name, String switchAuthorityRole) {
MockHttpServletRequest request = new MockHttpServletRequest();
request.addParameter(SwitchUserFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, name);
SwitchUserFilter filter = new SwitchUserFilter();
filter.setUserDetailsService(new MockUserDetailsService());
filter.setSwitchAuthorityRole(switchAuthorityRole);
return filter.attemptSwitchUser(request);
}
@Test @Test
public void requiresExitUserMatchesCorrectly() { public void requiresExitUserMatchesCorrectly() {
SwitchUserFilter filter = new SwitchUserFilter(); SwitchUserFilter filter = new SwitchUserFilter();
@ -412,9 +426,44 @@ public class SwitchUserFilterTests {
} }
} }
assertNotNull(switchedFrom);
assertSame(source, switchedFrom.getSource()); assertSame(source, switchedFrom.getSource());
} }
// gh-3697
@Test
public void switchAuthorityRoleCannotBeNull() throws Exception {
thrown.expect(IllegalArgumentException.class);
thrown.expectMessage("switchAuthorityRole cannot be null");
switchToUserWithAuthorityRole("dano", null);
}
// gh-3697
@Test
public void switchAuthorityRoleCanBeChanged() throws Exception {
String switchAuthorityRole = "PREVIOUS_ADMINISTRATOR";
// original user
UsernamePasswordAuthenticationToken source = new UsernamePasswordAuthenticationToken(
"orig", "hawaii50", ROLES_12);
SecurityContextHolder.getContext().setAuthentication(source);
SecurityContextHolder.getContext().setAuthentication(switchToUser("jacklord"));
Authentication switched = switchToUserWithAuthorityRole("dano", switchAuthorityRole);
SwitchUserGrantedAuthority switchedFrom = null;
for (GrantedAuthority ga : switched.getAuthorities()) {
if (ga instanceof SwitchUserGrantedAuthority) {
switchedFrom = (SwitchUserGrantedAuthority) ga;
break;
}
}
assertNotNull(switchedFrom);
assertSame(source, switchedFrom.getSource());
assertEquals(switchAuthorityRole, switchedFrom.getAuthority());
}
// ~ Inner Classes // ~ Inner Classes
// ================================================================================================== // ==================================================================================================