mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-06-01 09:42:13 +00:00
Clarify and enforce interface interface contract for AuthenticationDao.
This commit is contained in:
parent
4bcc1222e1
commit
dc726ac75c
@ -356,8 +356,10 @@ public class DaoAuthenticationProvider implements AuthenticationProvider,
|
|||||||
}
|
}
|
||||||
|
|
||||||
private UserDetails getUserFromBackend(String username) {
|
private UserDetails getUserFromBackend(String username) {
|
||||||
|
UserDetails loadedUser;
|
||||||
|
|
||||||
try {
|
try {
|
||||||
return this.authenticationDao.loadUserByUsername(username);
|
loadedUser = this.authenticationDao.loadUserByUsername(username);
|
||||||
} catch (UsernameNotFoundException notFound) {
|
} catch (UsernameNotFoundException notFound) {
|
||||||
if (hideUserNotFoundExceptions) {
|
if (hideUserNotFoundExceptions) {
|
||||||
throw new BadCredentialsException("Bad credentials presented");
|
throw new BadCredentialsException("Bad credentials presented");
|
||||||
@ -368,5 +370,12 @@ public class DaoAuthenticationProvider implements AuthenticationProvider,
|
|||||||
throw new AuthenticationServiceException(repositoryProblem
|
throw new AuthenticationServiceException(repositoryProblem
|
||||||
.getMessage(), repositoryProblem);
|
.getMessage(), repositoryProblem);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (loadedUser == null) {
|
||||||
|
throw new AuthenticationServiceException(
|
||||||
|
"AuthenticationDao returned null, which is an interface contract violation");
|
||||||
|
}
|
||||||
|
|
||||||
|
return loadedUser;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -45,7 +45,7 @@ public interface AuthenticationDao {
|
|||||||
* @param username the username presented to the {@link
|
* @param username the username presented to the {@link
|
||||||
* DaoAuthenticationProvider}
|
* DaoAuthenticationProvider}
|
||||||
*
|
*
|
||||||
* @return a fully populated user record
|
* @return a fully populated user record (never <code>null</code>)
|
||||||
*
|
*
|
||||||
* @throws UsernameNotFoundException if the user could not be found or the
|
* @throws UsernameNotFoundException if the user could not be found or the
|
||||||
* user has no GrantedAuthority
|
* user has no GrantedAuthority
|
||||||
|
@ -286,6 +286,22 @@ public class DaoAuthenticationProviderTests extends TestCase {
|
|||||||
assertEquals("marissa", castResult.getPrincipal());
|
assertEquals("marissa", castResult.getPrincipal());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public void testDetectsNullBeingReturnedFromAuthenticationDao() {
|
||||||
|
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("marissa",
|
||||||
|
"koala");
|
||||||
|
|
||||||
|
DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
|
||||||
|
provider.setAuthenticationDao(new MockAuthenticationDaoReturnsNull());
|
||||||
|
|
||||||
|
try {
|
||||||
|
provider.authenticate(token);
|
||||||
|
fail("Should have thrown AuthenticationServiceException");
|
||||||
|
} catch (AuthenticationServiceException expected) {
|
||||||
|
assertEquals("AuthenticationDao returned null, which is an interface contract violation",
|
||||||
|
expected.getMessage());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
public void testGettersSetters() {
|
public void testGettersSetters() {
|
||||||
DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
|
DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
|
||||||
provider.setPasswordEncoder(new ShaPasswordEncoder());
|
provider.setPasswordEncoder(new ShaPasswordEncoder());
|
||||||
@ -384,6 +400,13 @@ public class DaoAuthenticationProviderTests extends TestCase {
|
|||||||
|
|
||||||
//~ Inner Classes ==========================================================
|
//~ Inner Classes ==========================================================
|
||||||
|
|
||||||
|
private class MockAuthenticationDaoReturnsNull implements AuthenticationDao {
|
||||||
|
public UserDetails loadUserByUsername(String username)
|
||||||
|
throws UsernameNotFoundException, DataAccessException {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
private class MockAuthenticationDaoSimulateBackendError
|
private class MockAuthenticationDaoSimulateBackendError
|
||||||
implements AuthenticationDao {
|
implements AuthenticationDao {
|
||||||
public UserDetails loadUserByUsername(String username)
|
public UserDetails loadUserByUsername(String username)
|
||||||
|
@ -53,6 +53,7 @@
|
|||||||
<action dev="benalex" type="update">Improved JaasAuthenticationProvider startup error detection</action>
|
<action dev="benalex" type="update">Improved JaasAuthenticationProvider startup error detection</action>
|
||||||
<action dev="benalex" type="update">Refactored EH-CACHE implementations to use Spring IoC defined caches instead</action>
|
<action dev="benalex" type="update">Refactored EH-CACHE implementations to use Spring IoC defined caches instead</action>
|
||||||
<action dev="benalex" type="update">AbstractProcessingFilter now has various hook methods to assist subclasses</action>
|
<action dev="benalex" type="update">AbstractProcessingFilter now has various hook methods to assist subclasses</action>
|
||||||
|
<action dev="benalex" type="update">DaoAuthenticationProvider better detects AuthenticationDao interface violations</action>
|
||||||
<action dev="benalex" type="fix">Fixed ambiguous column references in JdbcDaoImpl default query</action>
|
<action dev="benalex" type="fix">Fixed ambiguous column references in JdbcDaoImpl default query</action>
|
||||||
<action dev="benalex" type="fix">Fixed AbstractProcessingFilter to use removeAttribute (JRun compatibility)</action>
|
<action dev="benalex" type="fix">Fixed AbstractProcessingFilter to use removeAttribute (JRun compatibility)</action>
|
||||||
<action dev="benalex" type="fix">Fixed GrantedAuthorityEffectiveAclResolver support of UserDetails principals</action>
|
<action dev="benalex" type="fix">Fixed GrantedAuthorityEffectiveAclResolver support of UserDetails principals</action>
|
||||||
|
Loading…
x
Reference in New Issue
Block a user