Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-25 21:42:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix issue when encoded passwords are used. Modify Contacts sample to test encoded passwords.

Browse Source
This commit is contained in:
Ben Alex 2004-06-08 12:54:42 +00:00
parent b9b176da82
commit b3e2d78c5d
3 changed files with 19 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
core/src/main/java/org/acegisecurity/providers/dao/DaoAuthenticationProvider.java
View File

@ -194,8 +194,10 @@ public class DaoAuthenticationProvider implements AuthenticationProvider,
} }
} }
// Ensure we return the original credentials the user supplied,
// so subsequent attempts are successful even with encoded passwords
return new UsernamePasswordAuthenticationToken(user.getUsername(), return new UsernamePasswordAuthenticationToken(user.getUsername(),
user.getPassword(), user.getAuthorities()); authentication.getCredentials(), user.getAuthorities());
} }
public boolean supports(Class authentication) { public boolean supports(Class authentication) {

4
core/src/test/java/org/acegisecurity/providers/dao/DaoAuthenticationProviderTests.java
View File

@ -193,7 +193,9 @@ public class DaoAuthenticationProviderTests extends TestCase {
UsernamePasswordAuthenticationToken castResult = (UsernamePasswordAuthenticationToken) result; UsernamePasswordAuthenticationToken castResult = (UsernamePasswordAuthenticationToken) result;
assertEquals("marissa", castResult.getPrincipal()); assertEquals("marissa", castResult.getPrincipal());
assertEquals("koala{SYSTEM_SALT_VALUE}", castResult.getCredentials());
// We expect original credentials user submitted to be returned
assertEquals("koala", castResult.getCredentials());
assertEquals("ROLE_ONE", castResult.getAuthorities()[0].getAuthority()); assertEquals("ROLE_ONE", castResult.getAuthorities()[0].getAuthority());
assertEquals("ROLE_TWO", castResult.getAuthorities()[1].getAuthority()); assertEquals("ROLE_TWO", castResult.getAuthorities()[1].getAuthority());
} }

16
samples/contacts/etc/filter/applicationContext.xml
View File

@ -30,20 +30,28 @@
</property> </property>
</bean> </bean>
<!-- Passwords encoded using MD5, NOT in Base64 format, with null as salt
Encoded password for marissa is "koala"
Encoded password for dianne is "emu"
Encoded password for scott is "wombat"
Encoded password for peter is "opal" -->
<bean id="inMemoryDaoImpl" class="net.sf.acegisecurity.providers.dao.memory.InMemoryDaoImpl"> <bean id="inMemoryDaoImpl" class="net.sf.acegisecurity.providers.dao.memory.InMemoryDaoImpl">
<property name="userMap"> <property name="userMap">
<value> <value>
marissa=koala,ROLE_TELLER,ROLE_SUPERVISOR marissa=a564de63c2d0da68cf47586ee05984d7,ROLE_TELLER,ROLE_SUPERVISOR
dianne=emu,ROLE_TELLER dianne=65d15fe9156f9c4bbffd98085992a44e,ROLE_TELLER
scott=wombat,ROLE_TELLER scott=2b58af6dddbd072ed27ffc86725d7d3a,ROLE_TELLER
peter=opal,disabled,ROLE_TELLER peter=22b5c9accc6e1ba628cedc63a72d57f8,disabled,ROLE_TELLER
</value> </value>
</property> </property>
</bean> </bean>
<bean id="passwordEncoder" class="net.sf.acegisecurity.providers.encoding.Md5PasswordEncoder"/>
<bean id="daoAuthenticationProvider" class="net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider"> <bean id="daoAuthenticationProvider" class="net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider">
<property name="authenticationDao"><ref bean="inMemoryDaoImpl"/></property> <property name="authenticationDao"><ref bean="inMemoryDaoImpl"/></property>
<property name="userCache"><ref bean="userCache"/></property> <property name="userCache"><ref bean="userCache"/></property>
<property name="passwordEncoder"><ref bean="passwordEncoder"/></property>
</bean> </bean>
<bean id="userCache" class="net.sf.acegisecurity.providers.dao.cache.EhCacheBasedUserCache"> <bean id="userCache" class="net.sf.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">