From c7354c125aeac84be918baf6967d28e1f4c6b71e Mon Sep 17 00:00:00 2001 From: Luke Taylor Date: Sun, 16 Sep 2007 22:20:08 +0000 Subject: [PATCH] SEC-417: Fix. Remove hard-coded messages from JdbcDaoImpl to allow internationalized versions for "user not found" etc. --- .../acegisecurity/userdetails/jdbc/JdbcDaoImpl.java | 10 ++++++++-- .../resources/org/acegisecurity/messages.properties | 2 ++ .../org/acegisecurity/messages_fr.properties | 2 ++ .../acegisecurity/userdetails/jdbc/JdbcDaoTests.java | 11 +---------- 4 files changed, 13 insertions(+), 12 deletions(-) diff --git a/core/src/main/java/org/acegisecurity/userdetails/jdbc/JdbcDaoImpl.java b/core/src/main/java/org/acegisecurity/userdetails/jdbc/JdbcDaoImpl.java index 78fd55dc85..af3a0fb501 100644 --- a/core/src/main/java/org/acegisecurity/userdetails/jdbc/JdbcDaoImpl.java +++ b/core/src/main/java/org/acegisecurity/userdetails/jdbc/JdbcDaoImpl.java @@ -17,6 +17,7 @@ package org.acegisecurity.userdetails.jdbc; import org.acegisecurity.GrantedAuthority; import org.acegisecurity.GrantedAuthorityImpl; +import org.acegisecurity.AcegiMessageSource; import org.acegisecurity.userdetails.User; import org.acegisecurity.userdetails.UserDetails; @@ -24,6 +25,7 @@ import org.acegisecurity.userdetails.UserDetailsService; import org.acegisecurity.userdetails.UsernameNotFoundException; import org.springframework.context.ApplicationContextException; +import org.springframework.context.support.MessageSourceAccessor; import org.springframework.dao.DataAccessException; @@ -65,6 +67,7 @@ public class JdbcDaoImpl extends JdbcDaoSupport implements UserDetailsService { //~ Instance fields ================================================================================================ + protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor(); protected MappingSqlQuery authoritiesByUsernameMapping; protected MappingSqlQuery usersByUsernameMapping; private String authoritiesByUsernameQuery; @@ -124,7 +127,8 @@ public class JdbcDaoImpl extends JdbcDaoSupport implements UserDetailsService { List users = usersByUsernameMapping.execute(username); if (users.size() == 0) { - throw new UsernameNotFoundException("User not found"); + throw new UsernameNotFoundException( + messages.getMessage("JdbcDaoImpl.notFound", new Object[]{username}, "Username {0} not found")); } UserDetails user = (UserDetails) users.get(0); // contains no GrantedAuthority[] @@ -134,7 +138,9 @@ public class JdbcDaoImpl extends JdbcDaoSupport implements UserDetailsService { addCustomAuthorities(user.getUsername(), dbAuths); if (dbAuths.size() == 0) { - throw new UsernameNotFoundException("User has no GrantedAuthority"); + throw new UsernameNotFoundException( + messages.getMessage("JdbcDaoImpl.noAuthority", + new Object[] {username}, "User {0} has no GrantedAuthority")); } GrantedAuthority[] arrayAuths = (GrantedAuthority[]) dbAuths.toArray(new GrantedAuthority[dbAuths.size()]); diff --git a/core/src/main/resources/org/acegisecurity/messages.properties b/core/src/main/resources/org/acegisecurity/messages.properties index 734d344548..1d3bc772ae 100644 --- a/core/src/main/resources/org/acegisecurity/messages.properties +++ b/core/src/main/resources/org/acegisecurity/messages.properties @@ -29,6 +29,8 @@ DigestProcessingFilter.nonceNotNumeric=Nonce token should have yielded a numeric DigestProcessingFilter.nonceCompromised=Nonce token compromised {0} DigestProcessingFilter.usernameNotFound=Username {0} not found DigestProcessingFilter.incorrectResponse=Incorrect response +JdbcDaoImpl.notFound=User {0} not found +JdbcDaoImpl.noAuthority=User {0} has no GrantedAuthority SwitchUserProcessingFilter.noCurrentUser=No current user associated with this request SwitchUserProcessingFilter.noOriginalAuthentication=Could not find original Authentication object SwitchUserProcessingFilter.usernameNotFound=Username {0} not found diff --git a/core/src/main/resources/org/acegisecurity/messages_fr.properties b/core/src/main/resources/org/acegisecurity/messages_fr.properties index 981f375c28..9bf8cf9d84 100644 --- a/core/src/main/resources/org/acegisecurity/messages_fr.properties +++ b/core/src/main/resources/org/acegisecurity/messages_fr.properties @@ -33,6 +33,8 @@ DigestProcessingFilter.nonceNotNumeric = Le jeton nonce aurait d DigestProcessingFilter.nonceCompromised = Le jeton nonce est compromis {0} DigestProcessingFilter.usernameNotFound = Le nom d'utilisateur {0} n'a pas été trouvé DigestProcessingFilter.incorrectResponse = Réponse incorrecte +JdbcDaoImpl.notFound=Le nom d'utilisateur {0} n'a pas été trouvé +JdbcDaoImpl.noAuthority=Le compte utilisateur {0} n'a pas de permissions SwitchUserProcessingFilter.noCurrentUser = Aucun utilisateur n'est associé à la requête en cours SwitchUserProcessingFilter.noOriginalAuthentication = L'objet Authentication original n'a pas été trouvé SwitchUserProcessingFilter.usernameNotFound = Le nom d'utilisateur {0} n'a pas été trouvé diff --git a/core/src/test/java/org/acegisecurity/userdetails/jdbc/JdbcDaoTests.java b/core/src/test/java/org/acegisecurity/userdetails/jdbc/JdbcDaoTests.java index e829f97b1f..bfd3f08aed 100644 --- a/core/src/test/java/org/acegisecurity/userdetails/jdbc/JdbcDaoTests.java +++ b/core/src/test/java/org/acegisecurity/userdetails/jdbc/JdbcDaoTests.java @@ -40,7 +40,6 @@ public class JdbcDaoTests extends TestCase { //~ Constructors =================================================================================================== public JdbcDaoTests() { - super(); } public JdbcDaoTests(String arg0) { @@ -49,10 +48,6 @@ public class JdbcDaoTests extends TestCase { //~ Methods ======================================================================================================== - public static void main(String[] args) { - junit.textui.TestRunner.run(JdbcDaoTests.class); - } - private JdbcDaoImpl makePopulatedJdbcDao() throws Exception { JdbcDaoImpl dao = new JdbcDaoImpl(); dao.setDataSource(PopulatedDatabase.getDataSource()); @@ -71,10 +66,6 @@ public class JdbcDaoTests extends TestCase { return dao; } - public final void setUp() throws Exception { - super.setUp(); - } - public void testCheckDaoAccessUserSuccess() throws Exception { JdbcDaoImpl dao = makePopulatedJdbcDao(); UserDetails user = dao.loadUserByUsername("marissa"); @@ -121,7 +112,7 @@ public class JdbcDaoTests extends TestCase { dao.loadUserByUsername("cooper"); fail("Should have thrown UsernameNotFoundException"); } catch (UsernameNotFoundException expected) { - assertEquals("User has no GrantedAuthority", expected.getMessage()); + assertEquals("User cooper has no GrantedAuthority", expected.getMessage()); } }