diff --git a/core/src/main/java/org/springframework/security/ldap/SpringSecurityAuthenticationSource.java b/core/src/main/java/org/springframework/security/ldap/SpringSecurityAuthenticationSource.java index b363de3c0c..1fc6b9562a 100644 --- a/core/src/main/java/org/springframework/security/ldap/SpringSecurityAuthenticationSource.java +++ b/core/src/main/java/org/springframework/security/ldap/SpringSecurityAuthenticationSource.java @@ -59,11 +59,11 @@ public class SpringSecurityAuthenticationSource implements AuthenticationSource public String getCredentials() { Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); - if (authentication != null) { - return (String) authentication.getCredentials(); - } else { + if (authentication == null) { log.warn("No Authentication object set in SecurityContext - returning empty String as Credentials"); return ""; } + + return (String) authentication.getCredentials(); } } diff --git a/core/src/main/java/org/springframework/security/userdetails/ldap/LdapUserDetailsImpl.java b/core/src/main/java/org/springframework/security/userdetails/ldap/LdapUserDetailsImpl.java index e3cd2db71f..8b6518e8a3 100644 --- a/core/src/main/java/org/springframework/security/userdetails/ldap/LdapUserDetailsImpl.java +++ b/core/src/main/java/org/springframework/security/userdetails/ldap/LdapUserDetailsImpl.java @@ -20,6 +20,7 @@ import org.springframework.security.util.AuthorityUtils; import org.springframework.ldap.core.DirContextOperations; import org.springframework.util.Assert; +import javax.naming.Name; import javax.naming.directory.Attributes; import javax.naming.directory.BasicAttributes; import java.util.ArrayList; @@ -110,7 +111,7 @@ public class LdapUserDetailsImpl implements LdapUserDetails { public Essence() { } public Essence(DirContextOperations ctx) { - setDn(ctx.getDn().toString()); + setDn(ctx.getDn()); } public Essence(LdapUserDetails copyMe) { @@ -190,6 +191,10 @@ public class LdapUserDetailsImpl implements LdapUserDetails { instance.dn = dn; } + public void setDn(Name dn) { + instance.dn = dn.toString(); + } + public void setEnabled(boolean enabled) { instance.enabled = enabled; } diff --git a/core/src/test/java/org/springframework/security/ldap/SpringSecurityAuthenticationSourceTests.java b/core/src/test/java/org/springframework/security/ldap/SpringSecurityAuthenticationSourceTests.java new file mode 100644 index 0000000000..3f26ce4abd --- /dev/null +++ b/core/src/test/java/org/springframework/security/ldap/SpringSecurityAuthenticationSourceTests.java @@ -0,0 +1,73 @@ +package org.springframework.security.ldap; + +import org.springframework.security.context.SecurityContextHolder; +import org.springframework.security.providers.TestingAuthenticationToken; +import org.springframework.security.providers.anonymous.AnonymousAuthenticationToken; +import org.springframework.security.userdetails.ldap.LdapUserDetailsImpl; +import org.springframework.security.util.AuthorityUtils; +import org.springframework.ldap.core.AuthenticationSource; +import org.springframework.ldap.core.DistinguishedName; + +import org.junit.After; +import static org.junit.Assert.assertEquals; +import org.junit.Before; +import org.junit.Test; + +/** + * @author Luke Taylor + * @version $Id$ + */ +public class SpringSecurityAuthenticationSourceTests { + @Before + @After + public void clearContext() { + SecurityContextHolder.clearContext(); + } + + @Test + public void principalAndCredentialsAreEmptyWithNoAuthentication() { + AuthenticationSource source = new SpringSecurityAuthenticationSource(); + assertEquals("", source.getPrincipal()); + assertEquals("", source.getCredentials()); + } + + @Test + public void principalIsEmptyForAnonymousUser() { + AuthenticationSource source = new SpringSecurityAuthenticationSource(); + + SecurityContextHolder.getContext().setAuthentication( + new AnonymousAuthenticationToken("key", "anonUser", + AuthorityUtils.commaSeparatedStringToAuthorityArray("ignored"))); + assertEquals("", source.getPrincipal()); + } + + @Test(expected=IllegalArgumentException.class) + public void getPrincipalRejectsNonLdapUserDetailsObject() { + AuthenticationSource source = new SpringSecurityAuthenticationSource(); + SecurityContextHolder.getContext().setAuthentication( + new TestingAuthenticationToken(new Object(), "password", null)); + + source.getPrincipal(); + } + + @Test + public void expectedCredentialsAreReturned() { + AuthenticationSource source = new SpringSecurityAuthenticationSource(); + SecurityContextHolder.getContext().setAuthentication( + new TestingAuthenticationToken(new Object(), "password", null)); + + assertEquals("password", source.getCredentials()); + } + + @Test + public void expectedPrincipalIsReturned() { + LdapUserDetailsImpl.Essence user = new LdapUserDetailsImpl.Essence(); + user.setUsername("joe"); + user.setDn(new DistinguishedName("uid=joe,ou=users")); + AuthenticationSource source = new SpringSecurityAuthenticationSource(); + SecurityContextHolder.getContext().setAuthentication( + new TestingAuthenticationToken(user.createUserDetails(), null, null)); + + assertEquals("uid=joe, ou=users", source.getPrincipal()); + } +}