Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-01 09:42:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Clarify and enforce interface interface contract for AuthenticationDao.

Browse Source
This commit is contained in:
Ben Alex 2004-12-21 20:53:32 +00:00
parent 4bcc1222e1
commit dc726ac75c
4 changed files with 35 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
core/src/main/java/org/acegisecurity/providers/dao/DaoAuthenticationProvider.java
View File

@ -356,8 +356,10 @@ public class DaoAuthenticationProvider implements AuthenticationProvider,
} }
private UserDetails getUserFromBackend(String username) { private UserDetails getUserFromBackend(String username) {
UserDetails loadedUser;
try { try {
return this.authenticationDao.loadUserByUsername(username); loadedUser = this.authenticationDao.loadUserByUsername(username);
} catch (UsernameNotFoundException notFound) { } catch (UsernameNotFoundException notFound) {
if (hideUserNotFoundExceptions) { if (hideUserNotFoundExceptions) {
throw new BadCredentialsException("Bad credentials presented"); throw new BadCredentialsException("Bad credentials presented");
@ -368,5 +370,12 @@ public class DaoAuthenticationProvider implements AuthenticationProvider,
throw new AuthenticationServiceException(repositoryProblem throw new AuthenticationServiceException(repositoryProblem
.getMessage(), repositoryProblem); .getMessage(), repositoryProblem);
} }
if (loadedUser == null) {
throw new AuthenticationServiceException(
"AuthenticationDao returned null, which is an interface contract violation");
}
return loadedUser;
} }
} }

2
core/src/main/java/org/acegisecurity/userdetails/UserDetailsService.java
View File

@ -45,7 +45,7 @@ public interface AuthenticationDao {
* @param username the username presented to the {@link * @param username the username presented to the {@link
* DaoAuthenticationProvider} * DaoAuthenticationProvider}
* *
* @return a fully populated user record * @return a fully populated user record (never <code>null</code>)
* *
* @throws UsernameNotFoundException if the user could not be found or the * @throws UsernameNotFoundException if the user could not be found or the
* user has no GrantedAuthority * user has no GrantedAuthority

23
core/src/test/java/org/acegisecurity/providers/dao/DaoAuthenticationProviderTests.java
View File

@ -286,6 +286,22 @@ public class DaoAuthenticationProviderTests extends TestCase {
assertEquals("marissa", castResult.getPrincipal()); assertEquals("marissa", castResult.getPrincipal());
} }
public void testDetectsNullBeingReturnedFromAuthenticationDao() {
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("marissa",
"koala");
DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
provider.setAuthenticationDao(new MockAuthenticationDaoReturnsNull());
try {
provider.authenticate(token);
fail("Should have thrown AuthenticationServiceException");
} catch (AuthenticationServiceException expected) {
assertEquals("AuthenticationDao returned null, which is an interface contract violation",
expected.getMessage());
}
}
public void testGettersSetters() { public void testGettersSetters() {
DaoAuthenticationProvider provider = new DaoAuthenticationProvider(); DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
provider.setPasswordEncoder(new ShaPasswordEncoder()); provider.setPasswordEncoder(new ShaPasswordEncoder());
@ -384,6 +400,13 @@ public class DaoAuthenticationProviderTests extends TestCase {
//~ Inner Classes ========================================================== //~ Inner Classes ==========================================================
private class MockAuthenticationDaoReturnsNull implements AuthenticationDao {
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException, DataAccessException {
return null;
}
}
private class MockAuthenticationDaoSimulateBackendError private class MockAuthenticationDaoSimulateBackendError
implements AuthenticationDao { implements AuthenticationDao {
public UserDetails loadUserByUsername(String username) public UserDetails loadUserByUsername(String username)

1
doc/xdocs/changes.xml
View File

@ -53,6 +53,7 @@
<action dev="benalex" type="update">Improved JaasAuthenticationProvider startup error detection</action> <action dev="benalex" type="update">Improved JaasAuthenticationProvider startup error detection</action>
<action dev="benalex" type="update">Refactored EH-CACHE implementations to use Spring IoC defined caches instead</action> <action dev="benalex" type="update">Refactored EH-CACHE implementations to use Spring IoC defined caches instead</action>
<action dev="benalex" type="update">AbstractProcessingFilter now has various hook methods to assist subclasses</action> <action dev="benalex" type="update">AbstractProcessingFilter now has various hook methods to assist subclasses</action>
<action dev="benalex" type="update">DaoAuthenticationProvider better detects AuthenticationDao interface violations</action>
<action dev="benalex" type="fix">Fixed ambiguous column references in JdbcDaoImpl default query</action> <action dev="benalex" type="fix">Fixed ambiguous column references in JdbcDaoImpl default query</action>
<action dev="benalex" type="fix">Fixed AbstractProcessingFilter to use removeAttribute (JRun compatibility)</action> <action dev="benalex" type="fix">Fixed AbstractProcessingFilter to use removeAttribute (JRun compatibility)</action>
<action dev="benalex" type="fix">Fixed GrantedAuthorityEffectiveAclResolver support of UserDetails principals</action> <action dev="benalex" type="fix">Fixed GrantedAuthorityEffectiveAclResolver support of UserDetails principals</action>