SEC-1098: Added ignorePartialResultException property which is set on the LDAP template.

This commit is contained in:
Luke Taylor 2009-04-21 03:37:16 +00:00
parent 06040853da
commit b2b2c95e55
2 changed files with 17 additions and 8 deletions

View File

@ -21,6 +21,7 @@ import org.springframework.security.ldap.SpringSecurityLdapTemplate;
import org.springframework.security.ldap.LdapAuthoritiesPopulator; import org.springframework.security.ldap.LdapAuthoritiesPopulator;
import org.springframework.ldap.core.ContextSource; import org.springframework.ldap.core.ContextSource;
import org.springframework.ldap.core.DirContextOperations; import org.springframework.ldap.core.DirContextOperations;
import org.springframework.ldap.core.LdapTemplate;
import org.springframework.util.Assert; import org.springframework.util.Assert;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
@ -292,4 +293,13 @@ public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator
int searchScope = searchSubtree ? SearchControls.SUBTREE_SCOPE : SearchControls.ONELEVEL_SCOPE; int searchScope = searchSubtree ? SearchControls.SUBTREE_SCOPE : SearchControls.ONELEVEL_SCOPE;
searchControls.setSearchScope(searchScope); searchControls.setSearchScope(searchScope);
} }
/**
* Sets the corresponding property on the underlying template, avoiding specific issues with Active Directory.
*
* @see LdapTemplate#setIgnoreNameNotFoundException(boolean)
*/
public void setIgnorePartialResultException(boolean ignore) {
ldapTemplate.setIgnorePartialResultException(ignore);
}
} }

View File

@ -44,11 +44,11 @@ public class DefaultLdapAuthoritiesPopulatorTests extends AbstractLdapIntegratio
super.onSetUp(); super.onSetUp();
populator = new DefaultLdapAuthoritiesPopulator(getContextSource(), "ou=groups"); populator = new DefaultLdapAuthoritiesPopulator(getContextSource(), "ou=groups");
populator.setIgnorePartialResultException(false);
} }
@Test @Test
public void testDefaultRoleIsAssignedWhenSet() { public void defaultRoleIsAssignedWhenSet() {
populator.setDefaultRole("ROLE_USER"); populator.setDefaultRole("ROLE_USER");
DirContextAdapter ctx = new DirContextAdapter(new DistinguishedName("cn=notfound")); DirContextAdapter ctx = new DirContextAdapter(new DistinguishedName("cn=notfound"));
@ -59,7 +59,7 @@ public class DefaultLdapAuthoritiesPopulatorTests extends AbstractLdapIntegratio
} }
@Test @Test
public void testGroupSearchReturnsExpectedRoles() { public void groupSearchReturnsExpectedRoles() {
populator.setRolePrefix("ROLE_"); populator.setRolePrefix("ROLE_");
populator.setGroupRoleAttribute("ou"); populator.setGroupRoleAttribute("ou");
populator.setSearchSubtree(true); populator.setSearchSubtree(true);
@ -81,7 +81,7 @@ public class DefaultLdapAuthoritiesPopulatorTests extends AbstractLdapIntegratio
} }
@Test @Test
public void testUseOfUsernameParameterReturnsExpectedRoles() { public void useOfUsernameParameterReturnsExpectedRoles() {
populator.setGroupRoleAttribute("ou"); populator.setGroupRoleAttribute("ou");
populator.setConvertToUpperCase(true); populator.setConvertToUpperCase(true);
populator.setGroupSearchFilter("(ou={1})"); populator.setGroupSearchFilter("(ou={1})");
@ -95,7 +95,7 @@ public class DefaultLdapAuthoritiesPopulatorTests extends AbstractLdapIntegratio
} }
@Test @Test
public void testSubGroupRolesAreNotFoundByDefault() { public void subGroupRolesAreNotFoundByDefault() {
populator.setGroupRoleAttribute("ou"); populator.setGroupRoleAttribute("ou");
populator.setConvertToUpperCase(true); populator.setConvertToUpperCase(true);
@ -112,7 +112,7 @@ public class DefaultLdapAuthoritiesPopulatorTests extends AbstractLdapIntegratio
} }
@Test @Test
public void testSubGroupRolesAreFoundWhenSubtreeSearchIsEnabled() { public void subGroupRolesAreFoundWhenSubtreeSearchIsEnabled() {
populator.setGroupRoleAttribute("ou"); populator.setGroupRoleAttribute("ou");
populator.setConvertToUpperCase(true); populator.setConvertToUpperCase(true);
populator.setSearchSubtree(true); populator.setSearchSubtree(true);
@ -132,7 +132,7 @@ public class DefaultLdapAuthoritiesPopulatorTests extends AbstractLdapIntegratio
} }
@Test @Test
public void testUserDnWithEscapedCharacterParameterReturnsExpectedRoles() { public void userDnWithEscapedCharacterParameterReturnsExpectedRoles() {
populator.setGroupRoleAttribute("ou"); populator.setGroupRoleAttribute("ou");
populator.setConvertToUpperCase(true); populator.setConvertToUpperCase(true);
populator.setGroupSearchFilter("(member={0})"); populator.setGroupSearchFilter("(member={0})");
@ -144,5 +144,4 @@ public class DefaultLdapAuthoritiesPopulatorTests extends AbstractLdapIntegratio
assertEquals("Should have 1 role", 1, authorities.size()); assertEquals("Should have 1 role", 1, authorities.size());
assertEquals("ROLE_MANAGER", authorities.get(0).getAuthority()); assertEquals("ROLE_MANAGER", authorities.get(0).getAuthority());
} }
} }