Clarify and enforce interface interface contract for AuthenticationDao.

2004-12-21 20:53:32 +00:00 · 2004-12-21 20:53:32 +00:00 · dc726ac75c
parent 4bcc1222e1
commit dc726ac75c
4 changed files with 35 additions and 2 deletions
--- a/core/src/main/java/org/acegisecurity/providers/dao/DaoAuthenticationProvider.java
+++ b/core/src/main/java/org/acegisecurity/providers/dao/DaoAuthenticationProvider.java
@ -356,8 +356,10 @@ public class DaoAuthenticationProvider implements AuthenticationProvider,
    }

    private UserDetails getUserFromBackend(String username) {
+        UserDetails loadedUser;
+
        try {
-            return this.authenticationDao.loadUserByUsername(username);
+            loadedUser = this.authenticationDao.loadUserByUsername(username);
        } catch (UsernameNotFoundException notFound) {
            if (hideUserNotFoundExceptions) {
                throw new BadCredentialsException("Bad credentials presented");
@ -368,5 +370,12 @@ public class DaoAuthenticationProvider implements AuthenticationProvider,
            throw new AuthenticationServiceException(repositoryProblem
                .getMessage(), repositoryProblem);
        }
+
+        if (loadedUser == null) {
+            throw new AuthenticationServiceException(
+                "AuthenticationDao returned null, which is an interface contract violation");
+        }
+
+        return loadedUser;
    }
 }
--- a/core/src/main/java/org/acegisecurity/userdetails/UserDetailsService.java
+++ b/core/src/main/java/org/acegisecurity/userdetails/UserDetailsService.java
@ -45,7 +45,7 @@ public interface AuthenticationDao {
     * @param username the username presented to the {@link
     *        DaoAuthenticationProvider}
     *
-     * @return a fully populated user record
+     * @return a fully populated user record (never <code>null</code>)
     *
     * @throws UsernameNotFoundException if the user could not be found or the
     *         user has no GrantedAuthority
--- a/core/src/test/java/org/acegisecurity/providers/dao/DaoAuthenticationProviderTests.java
+++ b/core/src/test/java/org/acegisecurity/providers/dao/DaoAuthenticationProviderTests.java
@ -286,6 +286,22 @@ public class DaoAuthenticationProviderTests extends TestCase {
        assertEquals("marissa", castResult.getPrincipal());
    }

+    public void testDetectsNullBeingReturnedFromAuthenticationDao() {
+        UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("marissa",
+                "koala");
+
+        DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
+        provider.setAuthenticationDao(new MockAuthenticationDaoReturnsNull());
+
+        try {
+            provider.authenticate(token);
+            fail("Should have thrown AuthenticationServiceException");
+        } catch (AuthenticationServiceException expected) {
+            assertEquals("AuthenticationDao returned null, which is an interface contract violation",
+                expected.getMessage());
+        }
+    }
+
    public void testGettersSetters() {
        DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
        provider.setPasswordEncoder(new ShaPasswordEncoder());
@ -384,6 +400,13 @@ public class DaoAuthenticationProviderTests extends TestCase {

    //~ Inner Classes ==========================================================

+    private class MockAuthenticationDaoReturnsNull implements AuthenticationDao {
+        public UserDetails loadUserByUsername(String username)
+            throws UsernameNotFoundException, DataAccessException {
+            return null;
+        }
+    }
+
    private class MockAuthenticationDaoSimulateBackendError
        implements AuthenticationDao {
        public UserDetails loadUserByUsername(String username)
--- a/doc/xdocs/changes.xml
+++ b/doc/xdocs/changes.xml
@ -53,6 +53,7 @@
      <action dev="benalex" type="update">Improved JaasAuthenticationProvider startup error detection</action>
      <action dev="benalex" type="update">Refactored EH-CACHE implementations to use Spring IoC defined caches instead</action>
      <action dev="benalex" type="update">AbstractProcessingFilter now has various hook methods to assist subclasses</action>
+      <action dev="benalex" type="update">DaoAuthenticationProvider better detects AuthenticationDao interface violations</action>
      <action dev="benalex" type="fix">Fixed ambiguous column references in JdbcDaoImpl default query</action>
      <action dev="benalex" type="fix">Fixed AbstractProcessingFilter to use removeAttribute (JRun compatibility)</action>
      <action dev="benalex" type="fix">Fixed GrantedAuthorityEffectiveAclResolver support of UserDetails principals</action>