SEC-1156: Added check for enableAuthorities setting in deleteUser method of JdbcUserDetailsManager.
This commit is contained in:
parent
ab7f06c108
commit
db3f08cce4
|
@ -31,10 +31,10 @@ import java.util.List;
|
|||
* Jdbc user management service, based on the same table structure as its parent class, <tt>JdbcDaoImpl</tt>.
|
||||
* <p>
|
||||
* Provides CRUD operations for both users and groups. Note that if the {@link #setEnableAuthorities(boolean)
|
||||
* enableAuthorities} property is set to false, calls to createUser and updateUser will not store the
|
||||
* authorities from the <tt>UserDetails</tt>. Since this class cannot differentiate between authorities which were
|
||||
* loaded for an individual or for a group of which the individual is a member, it's important that you take this
|
||||
* into account when using this implementation for managing your users.
|
||||
* enableAuthorities} property is set to false, calls to createUser, updateUser and deleteUser will not store the
|
||||
* authorities from the <tt>UserDetails</tt> or delete authorities for the user. Since this class cannot differentiate
|
||||
* between authorities which were loaded for an individual or for a group of which the individual is a member,
|
||||
* it's important that you take this into account when using this implementation for managing your users.
|
||||
*
|
||||
* @author Luke Taylor
|
||||
* @version $Id$
|
||||
|
@ -178,7 +178,9 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
|
|||
}
|
||||
|
||||
public void deleteUser(String username) {
|
||||
if (getEnableAuthorities()) {
|
||||
deleteUserAuthorities(username);
|
||||
}
|
||||
getJdbcTemplate().update(deleteUserSql, new Object[] {username});
|
||||
userCache.removeUserFromCache(username);
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue