SEC-417: Fix. Remove hard-coded messages from JdbcDaoImpl to allow internationalized versions for "user not found" etc.

core/src/main/java/org/acegisecurity/userdetails/jdbc/JdbcDaoImpl.java

@@ -17,6 +17,7 @@ package org.acegisecurity.userdetails.jdbc;
 
 import org.acegisecurity.GrantedAuthority;
 import org.acegisecurity.GrantedAuthorityImpl;
+import org.acegisecurity.AcegiMessageSource;
 
 import org.acegisecurity.userdetails.User;
 import org.acegisecurity.userdetails.UserDetails;
@@ -24,6 +25,7 @@ import org.acegisecurity.userdetails.UserDetailsService;
 import org.acegisecurity.userdetails.UsernameNotFoundException;
 
 import org.springframework.context.ApplicationContextException;
+import org.springframework.context.support.MessageSourceAccessor;
 
 import org.springframework.dao.DataAccessException;
 
@@ -65,6 +67,7 @@ public class JdbcDaoImpl extends JdbcDaoSupport implements UserDetailsService {
 
     //~ Instance fields ================================================================================================
 
+    protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
     protected MappingSqlQuery authoritiesByUsernameMapping;
     protected MappingSqlQuery usersByUsernameMapping;
     private String authoritiesByUsernameQuery;
@@ -124,7 +127,8 @@ public class JdbcDaoImpl extends JdbcDaoSupport implements UserDetailsService {
         List users = usersByUsernameMapping.execute(username);
 
         if (users.size() == 0) {
-            throw new UsernameNotFoundException("User not found");
+            throw new UsernameNotFoundException(
+                    messages.getMessage("JdbcDaoImpl.notFound", new Object[]{username}, "Username {0} not found"));
         }
 
         UserDetails user = (UserDetails) users.get(0); // contains no GrantedAuthority[]
@@ -134,7 +138,9 @@ public class JdbcDaoImpl extends JdbcDaoSupport implements UserDetailsService {
         addCustomAuthorities(user.getUsername(), dbAuths);
 
         if (dbAuths.size() == 0) {
-            throw new UsernameNotFoundException("User has no GrantedAuthority");
+            throw new UsernameNotFoundException(
+                    messages.getMessage("JdbcDaoImpl.noAuthority",
+                            new Object[] {username}, "User {0} has no GrantedAuthority"));
         }
 
         GrantedAuthority[] arrayAuths = (GrantedAuthority[]) dbAuths.toArray(new GrantedAuthority[dbAuths.size()]);

core/src/main/resources/org/acegisecurity/messages.properties

@@ -29,6 +29,8 @@ DigestProcessingFilter.nonceNotNumeric=Nonce token should have yielded a numeric
 DigestProcessingFilter.nonceCompromised=Nonce token compromised {0}
 DigestProcessingFilter.usernameNotFound=Username {0} not found
 DigestProcessingFilter.incorrectResponse=Incorrect response
+JdbcDaoImpl.notFound=User {0} not found
+JdbcDaoImpl.noAuthority=User {0} has no GrantedAuthority
 SwitchUserProcessingFilter.noCurrentUser=No current user associated with this request
 SwitchUserProcessingFilter.noOriginalAuthentication=Could not find original Authentication object
 SwitchUserProcessingFilter.usernameNotFound=Username {0} not found

core/src/main/resources/org/acegisecurity/messages_fr.properties

@@ -33,6 +33,8 @@ DigestProcessingFilter.nonceNotNumeric = Le jeton nonce aurait d
 DigestProcessingFilter.nonceCompromised = Le jeton nonce est compromis {0}
 DigestProcessingFilter.usernameNotFound = Le nom d'utilisateur {0} n'a pas été trouvé
 DigestProcessingFilter.incorrectResponse = Réponse incorrecte
+JdbcDaoImpl.notFound=Le nom d'utilisateur {0} n'a pas été trouvé
+JdbcDaoImpl.noAuthority=Le compte utilisateur {0} n'a pas de permissions
 SwitchUserProcessingFilter.noCurrentUser = Aucun utilisateur n'est associé à la requête en cours
 SwitchUserProcessingFilter.noOriginalAuthentication = L'objet Authentication original n'a pas été trouvé
 SwitchUserProcessingFilter.usernameNotFound = Le nom d'utilisateur {0} n'a pas été trouvé

core/src/test/java/org/acegisecurity/userdetails/jdbc/JdbcDaoTests.java

@@ -40,7 +40,6 @@ public class JdbcDaoTests extends TestCase {
     //~ Constructors ===================================================================================================
 
     public JdbcDaoTests() {
-        super();
     }
 
     public JdbcDaoTests(String arg0) {
@@ -49,10 +48,6 @@ public class JdbcDaoTests extends TestCase {
 
     //~ Methods ========================================================================================================
 
-    public static void main(String[] args) {
-        junit.textui.TestRunner.run(JdbcDaoTests.class);
-    }
-
     private JdbcDaoImpl makePopulatedJdbcDao() throws Exception {
         JdbcDaoImpl dao = new JdbcDaoImpl();
         dao.setDataSource(PopulatedDatabase.getDataSource());
@@ -71,10 +66,6 @@ public class JdbcDaoTests extends TestCase {
         return dao;
     }
 
-    public final void setUp() throws Exception {
-        super.setUp();
-    }
-
     public void testCheckDaoAccessUserSuccess() throws Exception {
         JdbcDaoImpl dao = makePopulatedJdbcDao();
         UserDetails user = dao.loadUserByUsername("marissa");
@@ -121,7 +112,7 @@ public class JdbcDaoTests extends TestCase {
             dao.loadUserByUsername("cooper");
             fail("Should have thrown UsernameNotFoundException");
         } catch (UsernameNotFoundException expected) {
-            assertEquals("User has no GrantedAuthority", expected.getMessage());
+            assertEquals("User cooper has no GrantedAuthority", expected.getMessage());
         }
     }