Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-27 22:32:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-272: Partial group manager implementation.

Browse Source
This commit is contained in:
Luke Taylor 2008-01-11 16:46:53 +00:00
parent d66b9693ba
commit bad58fe96a
4 changed files with 205 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
core/src/main/java/org/springframework/security/userdetails/GroupsManager.java Normal file
View File

@ -0,0 +1,32 @@
package org.springframework.security.userdetails;
import org.springframework.security.GrantedAuthority;
import java.util.List;
/**
* @author Luke Taylor
* @version $Id$
*/
public interface GroupsManager {
List findAllGroups();
List findUsersInGroup(String groupName);
void createGroup(String groupName, GrantedAuthority[] authorities);
//
// void deleteGroup(String groupName);
//
// void renameGroup(String oldName, String newName);
//
// void addUserToGroup(String username, String group);
//
// void removeUserFromGroup(String username, String groupName);
//
// GrantedAuthority[] findGroupAuthorities(String groupName);
//
// void removeGroupAuthority(String groupName, GrantedAuthority authority);
//
// void addGroupAuthority(String groupName, GrantedAuthority authority);
}

120
core/src/main/java/org/springframework/security/userdetails/jdbc/JdbcUserDetailsManager.java
View File

@ -4,12 +4,14 @@ import org.springframework.security.AccessDeniedException;
import org.springframework.security.Authentication; import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationException; import org.springframework.security.AuthenticationException;
import org.springframework.security.AuthenticationManager; import org.springframework.security.AuthenticationManager;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.context.SecurityContextHolder; import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken; import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
import org.springframework.security.providers.dao.UserCache; import org.springframework.security.providers.dao.UserCache;
import org.springframework.security.providers.dao.cache.NullUserCache; import org.springframework.security.providers.dao.cache.NullUserCache;
import org.springframework.security.userdetails.UserDetails; import org.springframework.security.userdetails.UserDetails;
import org.springframework.security.userdetails.UserDetailsManager; import org.springframework.security.userdetails.UserDetailsManager;
import org.springframework.security.userdetails.GroupsManager;
import org.springframework.context.ApplicationContextException; import org.springframework.context.ApplicationContextException;
import org.springframework.jdbc.core.SqlParameter; import org.springframework.jdbc.core.SqlParameter;
import org.springframework.jdbc.object.MappingSqlQuery; import org.springframework.jdbc.object.MappingSqlQuery;
@ -31,10 +33,12 @@ import java.util.List;
* *
* @author Luke Taylor * @author Luke Taylor
* @version $Id$ * @version $Id$
* @since 2.0
*/ */
public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsManager { public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsManager, GroupsManager {
//~ Static fields/initializers ===================================================================================== //~ Static fields/initializers =====================================================================================
// UserDetailsManager SQL
public static final String DEF_CREATE_USER_SQL = public static final String DEF_CREATE_USER_SQL =
"insert into users (username, password, enabled) values (?,?,?)"; "insert into users (username, password, enabled) values (?,?,?)";
public static final String DEF_DELETE_USER_SQL = public static final String DEF_DELETE_USER_SQL =
@ -50,6 +54,19 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
public static final String DEF_CHANGE_PASSWORD_SQL = public static final String DEF_CHANGE_PASSWORD_SQL =
"update users set password = ? where username = ?"; "update users set password = ? where username = ?";
// GroupsManager SQL
public static final String DEF_FIND_GROUPS_SQL =
"select group_name from groups";
public static final String DEF_FIND_USERS_IN_GROUP_SQL =
"select username from group_members gm, groups g " +
"where gm.group_id = g.id" +
" and g.group_name = ?";
public static final String DEF_INSERT_GROUP_SQL =
"insert into groups (group_name) values (?)";
public static final String DEF_FIND_GROUP_ID_SQL =
"select id from groups where group_name = ?";
public static final String DEF_INSERT_GROUP_AUTHORITY_SQL =
"insert into group_authorities (group_id, authority) values (?,?)";
//~ Instance fields ================================================================================================ //~ Instance fields ================================================================================================
@ -63,6 +80,12 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
private String userExistsSql = DEF_USER_EXISTS_SQL; private String userExistsSql = DEF_USER_EXISTS_SQL;
private String changePasswordSql = DEF_CHANGE_PASSWORD_SQL; private String changePasswordSql = DEF_CHANGE_PASSWORD_SQL;
private String findAllGroupsSql = DEF_FIND_GROUPS_SQL;
private String findUsersInGroupSql = DEF_FIND_USERS_IN_GROUP_SQL;
private String insertGroupSql = DEF_INSERT_GROUP_SQL;
private String findGroupIdSql = DEF_FIND_GROUP_ID_SQL;
private String insertGroupAuthoritySql = DEF_INSERT_GROUP_AUTHORITY_SQL;
protected SqlUpdate insertUser; protected SqlUpdate insertUser;
protected SqlUpdate deleteUser; protected SqlUpdate deleteUser;
protected SqlUpdate updateUser; protected SqlUpdate updateUser;
@ -71,6 +94,12 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
protected SqlQuery userExistsQuery; protected SqlQuery userExistsQuery;
protected SqlUpdate changePassword; protected SqlUpdate changePassword;
protected SqlQuery findAllGroupsQuery;
protected SqlQuery findUsersInGroupQuery;
protected SqlUpdate insertGroup;
protected SqlQuery findGroupIdQuery;
protected SqlUpdate insertGroupAuthority;
private AuthenticationManager authenticationManager; private AuthenticationManager authenticationManager;
private UserCache userCache = new NullUserCache(); private UserCache userCache = new NullUserCache();
@ -90,9 +119,18 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
deleteUserAuthorities = new DeleteUserAuthorities(getDataSource()); deleteUserAuthorities = new DeleteUserAuthorities(getDataSource());
userExistsQuery = new UserExistsQuery(getDataSource()); userExistsQuery = new UserExistsQuery(getDataSource());
changePassword = new ChangePassword(getDataSource()); changePassword = new ChangePassword(getDataSource());
findAllGroupsQuery = new AllGroupsQuery(getDataSource());
findUsersInGroupQuery = new GroupMembersQuery(getDataSource());
insertGroup = new InsertGroup(getDataSource());
findGroupIdQuery = new FindGroupIdQuery(getDataSource());
insertGroupAuthority = new InsertGroupAuthority(getDataSource());
super.initDao(); super.initDao();
} }
//~ UserDetailsManager implementation ==============================================================================
public void createUser(UserDetails user) { public void createUser(UserDetails user) {
insertUser.update(new Object[] {user.getUsername(), user.getPassword(), Boolean.valueOf(user.isEnabled())}); insertUser.update(new Object[] {user.getUsername(), user.getPassword(), Boolean.valueOf(user.isEnabled())});
@ -167,6 +205,29 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
return users.size() == 1; return users.size() == 1;
} }
//~ GroupManager implementation ====================================================================================
public List findAllGroups() {
return findAllGroupsQuery.execute();
}
public List findUsersInGroup(String groupName) {
Assert.hasText(groupName);
return findUsersInGroupQuery.execute(groupName);
}
public void createGroup(String groupName, GrantedAuthority[] authorities) {
Assert.hasText(groupName);
Assert.notNull(authorities);
insertGroup.update(groupName);
Integer key = (Integer) findGroupIdQuery.findObject(groupName);
for (int i=0; i < authorities.length; i++) {
insertGroupAuthority.update( new Object[] {key, authorities[i].getAuthority()});
}
}
public void setAuthenticationManager(AuthenticationManager authenticationManager) { public void setAuthenticationManager(AuthenticationManager authenticationManager) {
this.authenticationManager = authenticationManager; this.authenticationManager = authenticationManager;
} }
@ -206,6 +267,10 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
this.changePasswordSql = changePasswordSql; this.changePasswordSql = changePasswordSql;
} }
public void setFindAllGroupsSql(String findAllGroupsSql) {
this.findAllGroupsSql = findAllGroupsSql;
}
/** /**
* Optionally sets the UserCache if one is in use in the application. * Optionally sets the UserCache if one is in use in the application.
* This allows the user to be removed from the cache after updates have taken place to avoid stale data. * This allows the user to be removed from the cache after updates have taken place to avoid stale data.
@ -276,7 +341,6 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
protected class UserExistsQuery extends MappingSqlQuery { protected class UserExistsQuery extends MappingSqlQuery {
public UserExistsQuery(DataSource ds) { public UserExistsQuery(DataSource ds) {
super(ds, userExistsSql); super(ds, userExistsSql);
declareParameter(new SqlParameter(Types.VARCHAR)); declareParameter(new SqlParameter(Types.VARCHAR));
@ -287,4 +351,56 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
return rs.getString(1); return rs.getString(1);
} }
} }
protected class AllGroupsQuery extends MappingSqlQuery {
public AllGroupsQuery(DataSource ds) {
super(ds, findAllGroupsSql);
compile();
}
protected Object mapRow(ResultSet rs, int rowNum) throws SQLException {
return rs.getString(1);
}
}
protected class GroupMembersQuery extends MappingSqlQuery {
public GroupMembersQuery(DataSource ds) {
super(ds, findUsersInGroupSql);
declareParameter(new SqlParameter(Types.VARCHAR));
compile();
}
protected Object mapRow(ResultSet rs, int rowNum) throws SQLException {
return rs.getString(1);
}
}
protected class InsertGroup extends SqlUpdate {
public InsertGroup(DataSource ds) {
super(ds, insertGroupSql);
declareParameter(new SqlParameter(Types.VARCHAR));
compile();
}
}
private class FindGroupIdQuery extends MappingSqlQuery {
public FindGroupIdQuery(DataSource ds) {
super(ds, findGroupIdSql);
declareParameter(new SqlParameter(Types.INTEGER));
compile();
}
protected Object mapRow(ResultSet rs, int rowNum) throws SQLException {
return Integer.valueOf(rs.getInt(1));
}
}
protected class InsertGroupAuthority extends SqlUpdate {
public InsertGroupAuthority(DataSource ds) {
super(ds, insertGroupAuthoritySql);
declareParameter(new SqlParameter(Types.INTEGER));
declareParameter(new SqlParameter(Types.VARCHAR));
compile();
}
}
} }

15
core/src/test/java/org/springframework/security/PopulatedDatabase.java
View File

@ -99,6 +99,11 @@ public class PopulatedDatabase {
template.execute("INSERT INTO acl_permission VALUES (null, 3, 'scott', 14);"); template.execute("INSERT INTO acl_permission VALUES (null, 3, 'scott', 14);");
template.execute("INSERT INTO acl_permission VALUES (null, 6, 'scott', 1);"); template.execute("INSERT INTO acl_permission VALUES (null, 6, 'scott', 1);");
createGroupTables(template);
insertGroupData(template);
}
public static void createGroupTables(JdbcTemplate template) {
// Group tables and data // Group tables and data
template.execute( template.execute(
"CREATE TABLE GROUPS(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 0) PRIMARY KEY, GROUP_NAME VARCHAR_IGNORECASE(50) NOT NULL)"); "CREATE TABLE GROUPS(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 0) PRIMARY KEY, GROUP_NAME VARCHAR_IGNORECASE(50) NOT NULL)");
@ -106,15 +111,17 @@ public class PopulatedDatabase {
"CREATE TABLE GROUP_AUTHORITIES(GROUP_ID BIGINT NOT NULL, AUTHORITY VARCHAR(50) NOT NULL, CONSTRAINT FK_GROUP_AUTHORITIES_GROUP FOREIGN KEY(GROUP_ID) REFERENCES GROUPS(ID))"); "CREATE TABLE GROUP_AUTHORITIES(GROUP_ID BIGINT NOT NULL, AUTHORITY VARCHAR(50) NOT NULL, CONSTRAINT FK_GROUP_AUTHORITIES_GROUP FOREIGN KEY(GROUP_ID) REFERENCES GROUPS(ID))");
template.execute( template.execute(
"CREATE TABLE GROUP_MEMBERS(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 0) PRIMARY KEY, USERNAME VARCHAR(50) NOT NULL, GROUP_ID BIGINT NOT NULL, CONSTRAINT FK_GROUP_MEMBERS_GROUP FOREIGN KEY(GROUP_ID) REFERENCES GROUPS(ID))"); "CREATE TABLE GROUP_MEMBERS(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 0) PRIMARY KEY, USERNAME VARCHAR(50) NOT NULL, GROUP_ID BIGINT NOT NULL, CONSTRAINT FK_GROUP_MEMBERS_GROUP FOREIGN KEY(GROUP_ID) REFERENCES GROUPS(ID))");
}
public static void insertGroupData(JdbcTemplate template) {
template.execute("INSERT INTO USERS VALUES('jerry','password',TRUE)"); template.execute("INSERT INTO USERS VALUES('jerry','password',TRUE)");
template.execute("INSERT INTO USERS VALUES('tom','password',TRUE)"); template.execute("INSERT INTO USERS VALUES('tom','password',TRUE)");
template.execute("INSERT INTO GROUPS VALUES (0, 'GROUP_ZERO')"); template.execute("INSERT INTO GROUPS VALUES (0, 'GROUP_0')");
template.execute("INSERT INTO GROUPS VALUES (1, 'GROUP_ONE')"); template.execute("INSERT INTO GROUPS VALUES (1, 'GROUP_1')");
template.execute("INSERT INTO GROUPS VALUES (2, 'GROUP_TWO')"); template.execute("INSERT INTO GROUPS VALUES (2, 'GROUP_2')");
// Group 3 isn't used // Group 3 isn't used
template.execute("INSERT INTO GROUPS VALUES (3, 'GROUP_THREE')"); template.execute("INSERT INTO GROUPS VALUES (3, 'GROUP_3')");
template.execute("INSERT INTO GROUP_AUTHORITIES VALUES (0, 'ROLE_A')"); template.execute("INSERT INTO GROUP_AUTHORITIES VALUES (0, 'ROLE_A')");
template.execute("INSERT INTO GROUP_AUTHORITIES VALUES (1, 'ROLE_B')"); template.execute("INSERT INTO GROUP_AUTHORITIES VALUES (1, 'ROLE_B')");

45
core/src/test/java/org/springframework/security/userdetails/jdbc/JdbcUserDetailsManagerTests.java
View File

@ -4,6 +4,9 @@ import org.springframework.security.AccessDeniedException;
import org.springframework.security.Authentication; import org.springframework.security.Authentication;
import org.springframework.security.BadCredentialsException; import org.springframework.security.BadCredentialsException;
import org.springframework.security.MockAuthenticationManager; import org.springframework.security.MockAuthenticationManager;
import org.springframework.security.PopulatedDatabase;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.context.SecurityContextHolder; import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken; import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
import org.springframework.security.providers.dao.UserCache; import org.springframework.security.providers.dao.UserCache;
@ -22,6 +25,8 @@ import org.junit.Test;
import java.util.Map; import java.util.Map;
import java.util.HashMap; import java.util.HashMap;
import java.util.List;
import java.util.Collections;
/** /**
* Tests for {@link JdbcUserDetailsManager} * Tests for {@link JdbcUserDetailsManager}
@ -43,7 +48,7 @@ public class JdbcUserDetailsManagerTests {
@BeforeClass @BeforeClass
public static void createDataSource() { public static void createDataSource() {
dataSource = new DriverManagerDataSource("org.hsqldb.jdbcDriver", "jdbc:hsqldb:mem:tokenrepotest", "sa", ""); dataSource = new DriverManagerDataSource("org.hsqldb.jdbcDriver", "jdbc:hsqldb:mem:jdbcusermgrtest", "sa", "");
} }
@AfterClass @AfterClass
@ -71,12 +76,17 @@ public class JdbcUserDetailsManagerTests {
"password varchar(20) not null, enabled boolean not null)"); "password varchar(20) not null, enabled boolean not null)");
template.execute("create table authorities (username varchar(20) not null, authority varchar(20) not null, " + template.execute("create table authorities (username varchar(20) not null, authority varchar(20) not null, " +
"constraint fk_authorities_users foreign key(username) references users(username))"); "constraint fk_authorities_users foreign key(username) references users(username))");
PopulatedDatabase.createGroupTables(template);
PopulatedDatabase.insertGroupData(template);
} }
@After @After
public void dropTablesAndClearContext() { public void dropTablesAndClearContext() {
template.execute("drop table authorities"); template.execute("drop table authorities");
template.execute("drop table users"); template.execute("drop table users");
template.execute("drop table group_authorities");
template.execute("drop table group_members");
template.execute("drop table groups");
SecurityContextHolder.clearContext(); SecurityContextHolder.clearContext();
} }
@ -177,6 +187,39 @@ public class JdbcUserDetailsManagerTests {
assertTrue(cache.getUserMap().containsKey("joe")); assertTrue(cache.getUserMap().containsKey("joe"));
} }
@Test
public void findAllGroupsReturnsExpectedGroupNames() {
List<String> groups = manager.findAllGroups();
assertEquals(4, groups.size());
Collections.sort(groups);
assertEquals("GROUP_0", groups.get(0));
assertEquals("GROUP_1", groups.get(1));
assertEquals("GROUP_2", groups.get(2));
assertEquals("GROUP_3", groups.get(3));
}
@Test
public void findGroupMembersReturnsCorrectData() {
List<String> groupMembers = manager.findUsersInGroup("GROUP_0");
assertEquals(1, groupMembers.size());
assertEquals("jerry", groupMembers.get(0));
groupMembers = manager.findUsersInGroup("GROUP_1");
assertEquals(2, groupMembers.size());
}
@Test
public void createGroupInsertsCorrectData() {
manager.createGroup("TEST_GROUP", AuthorityUtils.stringArrayToAuthorityArray(new String[] {"ROLE_X", "ROLE_Y"}));
List roles = template.queryForList(
"select ga.authority from groups g, group_authorities ga " +
"where ga.group_id = g.id" +
" and g.group_name = 'TEST_GROUP'");
assertEquals(2, roles.size());
}
private Authentication authenticateJoe() { private Authentication authenticateJoe() {
UsernamePasswordAuthenticationToken auth = UsernamePasswordAuthenticationToken auth =
new UsernamePasswordAuthenticationToken("joe","password", joe.getAuthorities()); new UsernamePasswordAuthenticationToken("joe","password", joe.getAuthorities());