Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixed no authority check so that it is after addCustomAuthorities 

http://opensource.atlassian.com/projects/spring/browse/SEC-253

Also removed the unused logger
This commit is contained in:
Ray Krueger 2006-04-26 16:22:38 +00:00
parent a47a342ce6
commit a7d0f88e01
1 changed files with 10 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
core/src/main/java/org/acegisecurity/userdetails/jdbc/JdbcDaoImpl.java
View File

@ -15,27 +15,24 @@
package org.acegisecurity.userdetails.jdbc; package org.acegisecurity.userdetails.jdbc;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Types;
import java.util.List;
import javax.sql.DataSource;
import org.acegisecurity.GrantedAuthority; import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.GrantedAuthorityImpl; import org.acegisecurity.GrantedAuthorityImpl;
import org.acegisecurity.userdetails.User; import org.acegisecurity.userdetails.User;
import org.acegisecurity.userdetails.UserDetails; import org.acegisecurity.userdetails.UserDetails;
import org.acegisecurity.userdetails.UserDetailsService; import org.acegisecurity.userdetails.UserDetailsService;
import org.acegisecurity.userdetails.UsernameNotFoundException; import org.acegisecurity.userdetails.UsernameNotFoundException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.context.ApplicationContextException; import org.springframework.context.ApplicationContextException;
import org.springframework.dao.DataAccessException; import org.springframework.dao.DataAccessException;
import org.springframework.jdbc.core.SqlParameter; import org.springframework.jdbc.core.SqlParameter;
import org.springframework.jdbc.core.support.JdbcDaoSupport; import org.springframework.jdbc.core.support.JdbcDaoSupport;
import org.springframework.jdbc.object.MappingSqlQuery; import org.springframework.jdbc.object.MappingSqlQuery;
import javax.sql.DataSource;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Types;
import java.util.List;
/** /**
* <p> * <p>
@ -70,7 +67,6 @@ public class JdbcDaoImpl extends JdbcDaoSupport implements UserDetailsService {
public static final String DEF_USERS_BY_USERNAME_QUERY = "SELECT username,password,enabled FROM users WHERE username = ?"; public static final String DEF_USERS_BY_USERNAME_QUERY = "SELECT username,password,enabled FROM users WHERE username = ?";
public static final String DEF_AUTHORITIES_BY_USERNAME_QUERY = "SELECT username,authority FROM authorities WHERE username = ?"; public static final String DEF_AUTHORITIES_BY_USERNAME_QUERY = "SELECT username,authority FROM authorities WHERE username = ?";
private static final Log logger = LogFactory.getLog(JdbcDaoImpl.class);
//~ Instance fields ======================================================== //~ Instance fields ========================================================
@ -182,15 +178,14 @@ public class JdbcDaoImpl extends JdbcDaoSupport implements UserDetailsService {
List dbAuths = authoritiesByUsernameMapping.execute(user.getUsername()); List dbAuths = authoritiesByUsernameMapping.execute(user.getUsername());
addCustomAuthorities(user.getUsername(), dbAuths);
if (dbAuths.size() == 0) { if (dbAuths.size() == 0) {
throw new UsernameNotFoundException("User has no GrantedAuthority"); throw new UsernameNotFoundException("User has no GrantedAuthority");
} }
GrantedAuthority[] arrayAuths = {}; GrantedAuthority[] arrayAuths =
(GrantedAuthority[]) dbAuths.toArray(new GrantedAuthority[dbAuths.size()]);
addCustomAuthorities(user.getUsername(), dbAuths);
arrayAuths = (GrantedAuthority[]) dbAuths.toArray(arrayAuths);
String returnUsername = user.getUsername(); String returnUsername = user.getUsername();