From b253510127ed24fb8516ae61531f8f1b46b1efca Mon Sep 17 00:00:00 2001
From: Luke Taylor <luke.taylor@springsource.com>
Date: Mon, 28 Jan 2008 19:24:45 +0000
Subject: [PATCH] SEC-418: Applied patch from issue.

---
 .../SwitchUserProcessingFilter.java           | 15 +++++-------
 .../SwitchUserProcessingFilterTests.java      | 24 +++++++++++++++++++
 2 files changed, 30 insertions(+), 9 deletions(-)

diff --git a/core/src/main/java/org/acegisecurity/ui/switchuser/SwitchUserProcessingFilter.java b/core/src/main/java/org/acegisecurity/ui/switchuser/SwitchUserProcessingFilter.java
index 9a913fdb1e..1825efe75a 100644
--- a/core/src/main/java/org/acegisecurity/ui/switchuser/SwitchUserProcessingFilter.java
+++ b/core/src/main/java/org/acegisecurity/ui/switchuser/SwitchUserProcessingFilter.java
@@ -55,7 +55,6 @@ import org.springframework.util.Assert;
 import java.io.IOException;
 
 import java.util.ArrayList;
-import java.util.Arrays;
 import java.util.List;
 
 import javax.servlet.Filter;
@@ -102,8 +101,6 @@ public class SwitchUserProcessingFilter implements Filter, InitializingBean, App
 
     private static final Log logger = LogFactory.getLog(SwitchUserProcessingFilter.class);
 
-    // ~ Static fields/initializers
-    // =============================================
     public static final String ACEGI_SECURITY_SWITCH_USERNAME_KEY = "j_username";
     public static final String ROLE_PREVIOUS_ADMINISTRATOR = "ROLE_PREVIOUS_ADMINISTRATOR";
 
@@ -116,9 +113,6 @@ public class SwitchUserProcessingFilter implements Filter, InitializingBean, App
     private String switchUserUrl = "/j_acegi_switch_user";
     private String targetUrl;
     private SwitchUserAuthorityChanger switchUserAuthorityChanger;
-
-    // ~ Instance fields
-    // ========================================================
     private UserDetailsService userDetailsService;
 
     //~ Methods ========================================================================================================
@@ -275,8 +269,11 @@ public class SwitchUserProcessingFilter implements Filter, InitializingBean, App
         Authentication currentAuth = SecurityContextHolder.getContext().getAuthentication();
         GrantedAuthority switchAuthority = new SwitchUserGrantedAuthority(ROLE_PREVIOUS_ADMINISTRATOR, currentAuth);
 
-        // get the original authorities
-        List orig = Arrays.asList(targetUser.getAuthorities());
+        // get the original authorities        
+        ArrayList orig = new ArrayList();
+        for (int i = 0; i < targetUser.getAuthorities().length; i++) {
+			orig.add(targetUser.getAuthorities()[i]);
+		}
 
         // Allow subclasses to change the authorities to be granted
         if (switchUserAuthorityChanger != null) {
@@ -443,7 +440,7 @@ public class SwitchUserProcessingFilter implements Filter, InitializingBean, App
     /**
      * Sets the authentication data access object.
      *
-     * @param authenticationDao The authentication dao
+     * @param userDetailsService The UserDetailsService to use
      */
     public void setUserDetailsService(UserDetailsService userDetailsService) {
         this.userDetailsService = userDetailsService;
diff --git a/core/src/test/java/org/acegisecurity/ui/switchuser/SwitchUserProcessingFilterTests.java b/core/src/test/java/org/acegisecurity/ui/switchuser/SwitchUserProcessingFilterTests.java
index 8c56f951d7..abc5f0c264 100644
--- a/core/src/test/java/org/acegisecurity/ui/switchuser/SwitchUserProcessingFilterTests.java
+++ b/core/src/test/java/org/acegisecurity/ui/switchuser/SwitchUserProcessingFilterTests.java
@@ -41,6 +41,8 @@ import org.springframework.dao.DataAccessException;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 
+import java.util.List;
+
 
 /**
  * Tests {@link org.acegisecurity.ui.switchuser.SwitchUserProcessingFilter}.
@@ -377,6 +379,28 @@ public class SwitchUserProcessingFilterTests extends TestCase {
         assertEquals("jacklord", ((User) targetAuth.getPrincipal()).getUsername());
     }
 
+    public void testModificationOfAuthoritiesWorks() {
+        UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("dano", "hawaii50");
+        SecurityContextHolder.getContext().setAuthentication(auth);
+
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        request.addParameter(SwitchUserProcessingFilter.ACEGI_SECURITY_SWITCH_USERNAME_KEY, "jacklord");
+
+        SwitchUserProcessingFilter filter = new SwitchUserProcessingFilter();
+        filter.setUserDetailsService(new MockAuthenticationDaoUserJackLord());
+        filter.setSwitchUserAuthorityChanger(new SwitchUserAuthorityChanger() {
+            public void modifyGrantedAuthorities(UserDetails targetUser, Authentication currentAuthentication, List authoritiesToBeGranted) {
+                authoritiesToBeGranted.clear();
+                authoritiesToBeGranted.add(new GrantedAuthorityImpl("ROLE_NEW"));
+            }
+        });
+
+        Authentication result = filter.attemptSwitchUser(request);
+        assertTrue(result != null);
+        assertEquals(2, result.getAuthorities().length);
+        assertEquals("ROLE_NEW", result.getAuthorities()[0].getAuthority());        
+    }
+
     //~ Inner Classes ==================================================================================================
 
     private class MockAuthenticationDaoUserJackLord implements UserDetailsService {