mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-07-16 15:23:31 +00:00
Refactor CasAuthoritiesPopulator to use UserDetails rather than GrantedAuthority[].
This commit is contained in:
Ben Alex
parent
48b1cb7c85
commit
e3be8f20bb
@ -6,7 +6,8 @@ Changes in version 0.6 (2004-xx-xx)
|
||||
* Added stack trace logging to SecurityEnforcementFilter
|
||||
* Updated Authentication to be serializable (Weblogic support)
|
||||
* Updated to Clover 1.3
|
||||
* Refactored User to UserDetails interface
|
||||
* Refactored User to net.sf.acegisecurity.UserDetails interface
|
||||
* Refactored CAS package to store UserDetails in CasAuthenticationToken
|
||||
* Improved organisation of DaoAuthenticationProvider to facilitate subclassing
|
||||
* Improved test coverage (now 98.3%)
|
||||
* Fixed Linux compatibility issues (directory case sensitivity etc)
|
||||
|
||||
@ -18,7 +18,7 @@ package net.sf.acegisecurity.providers.cas;
|
||||
import net.sf.acegisecurity.Authentication;
|
||||
import net.sf.acegisecurity.AuthenticationException;
|
||||
import net.sf.acegisecurity.BadCredentialsException;
|
||||
import net.sf.acegisecurity.GrantedAuthority;
|
||||
import net.sf.acegisecurity.UserDetails;
|
||||
import net.sf.acegisecurity.providers.AuthenticationProvider;
|
||||
import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;
|
||||
import net.sf.acegisecurity.ui.cas.CasProcessingFilter;
|
||||
@ -209,13 +209,14 @@ public class CasAuthenticationProvider implements AuthenticationProvider,
|
||||
// Check proxy list is trusted
|
||||
this.casProxyDecider.confirmProxyListTrusted(response.getProxyList());
|
||||
|
||||
// Build list of granted authorities
|
||||
GrantedAuthority[] ga = this.casAuthoritiesPopulator.getAuthorities(response
|
||||
// Lookup user details
|
||||
UserDetails userDetails = this.casAuthoritiesPopulator.getUserDetails(response
|
||||
.getUser());
|
||||
|
||||
// Construct CasAuthenticationToken
|
||||
return new CasAuthenticationToken(this.key, response.getUser(),
|
||||
authentication.getCredentials(), ga, response.getProxyList(),
|
||||
authentication.getCredentials(), userDetails.getAuthorities(),
|
||||
userDetails, response.getProxyList(),
|
||||
response.getProxyGrantingTicketIou());
|
||||
}
|
||||
}
|
||||
|
||||
@ -16,6 +16,7 @@
|
||||
package net.sf.acegisecurity.providers.cas;
|
||||
|
||||
import net.sf.acegisecurity.GrantedAuthority;
|
||||
import net.sf.acegisecurity.UserDetails;
|
||||
import net.sf.acegisecurity.providers.AbstractAuthenticationToken;
|
||||
|
||||
import java.io.Serializable;
|
||||
@ -37,6 +38,7 @@ public class CasAuthenticationToken extends AbstractAuthenticationToken
|
||||
private Object credentials;
|
||||
private Object principal;
|
||||
private String proxyGrantingTicketIou;
|
||||
private UserDetails userDetails;
|
||||
private GrantedAuthority[] authorities;
|
||||
private int keyHash;
|
||||
|
||||
@ -52,6 +54,8 @@ public class CasAuthenticationToken extends AbstractAuthenticationToken
|
||||
* <code>null</code>)
|
||||
* @param authorities the authorities granted to the user (from {@link
|
||||
* CasAuthoritiesPopulator}) (cannot be <code>null</code>)
|
||||
* @param userDetails the user details (from {@link
|
||||
* CasAuthoritiesPopulator}) (cannot be <code>null</code>)
|
||||
* @param proxyList the list of proxies from CAS (cannot be
|
||||
* <code>null</code>)
|
||||
* @param proxyGrantingTicketIou the PGT-IOU ID from CAS (cannot be
|
||||
@ -61,12 +65,13 @@ public class CasAuthenticationToken extends AbstractAuthenticationToken
|
||||
* @throws IllegalArgumentException if a <code>null</code> was passed
|
||||
*/
|
||||
public CasAuthenticationToken(String key, Object principal,
|
||||
Object credentials, GrantedAuthority[] authorities, List proxyList,
|
||||
String proxyGrantingTicketIou) {
|
||||
Object credentials, GrantedAuthority[] authorities,
|
||||
UserDetails userDetails, List proxyList, String proxyGrantingTicketIou) {
|
||||
if ((key == null) || ("".equals(key)) || (principal == null)
|
||||
|| "".equals(principal) || (credentials == null)
|
||||
|| "".equals(credentials) || (authorities == null)
|
||||
|| (proxyList == null) || (proxyGrantingTicketIou == null)) {
|
||||
|| (userDetails == null) || (proxyList == null)
|
||||
|| (proxyGrantingTicketIou == null)) {
|
||||
throw new IllegalArgumentException(
|
||||
"Cannot pass null or empty values to constructor");
|
||||
}
|
||||
@ -83,6 +88,7 @@ public class CasAuthenticationToken extends AbstractAuthenticationToken
|
||||
this.principal = principal;
|
||||
this.credentials = credentials;
|
||||
this.authorities = authorities;
|
||||
this.userDetails = userDetails;
|
||||
this.proxyList = proxyList;
|
||||
this.proxyGrantingTicketIou = proxyGrantingTicketIou;
|
||||
}
|
||||
@ -141,6 +147,10 @@ public class CasAuthenticationToken extends AbstractAuthenticationToken
|
||||
return proxyList;
|
||||
}
|
||||
|
||||
public UserDetails getUserDetails() {
|
||||
return userDetails;
|
||||
}
|
||||
|
||||
public boolean equals(Object obj) {
|
||||
if (!super.equals(obj)) {
|
||||
return false;
|
||||
|
||||
@ -16,12 +16,12 @@
|
||||
package net.sf.acegisecurity.providers.cas;
|
||||
|
||||
import net.sf.acegisecurity.AuthenticationException;
|
||||
import net.sf.acegisecurity.GrantedAuthority;
|
||||
import net.sf.acegisecurity.UserDetails;
|
||||
|
||||
|
||||
/**
|
||||
* Populates the <code>GrantedAuthority[]</code> objects for a CAS
|
||||
* authenticated user.
|
||||
* Populates the <code>UserDetails</code> associated with a CAS authenticated
|
||||
* user.
|
||||
*
|
||||
* <P>
|
||||
* CAS does not provide the authorities (roles) granted to a user. It merely
|
||||
@ -32,6 +32,18 @@ import net.sf.acegisecurity.GrantedAuthority;
|
||||
* </p>
|
||||
*
|
||||
* <P>
|
||||
* A {@link UserDetails} is returned by implementations. The
|
||||
* <code>UserDetails</code> must, at minimum, contain the username and
|
||||
* <code>GrantedAuthority[]</code> objects applicable to the CAS-authenticated
|
||||
* user. Note that Acegi Security ignores the password and enabled/disabled
|
||||
* status of the <code>UserDetails</code> because this is
|
||||
* authentication-related and should have been enforced by the CAS server. The
|
||||
* <code>UserDetails</code> returned by implementations is stored in the
|
||||
* generated <code>CasAuthenticationToken</code>, so additional properties
|
||||
* such as email addresses, telephone numbers etc can easily be stored.
|
||||
* </p>
|
||||
*
|
||||
* <P>
|
||||
* Implementations should not perform any caching. They will only be called
|
||||
* when a refresh is required.
|
||||
* </p>
|
||||
@ -52,8 +64,11 @@ public interface CasAuthoritiesPopulator {
|
||||
*
|
||||
* @param casUserId as obtained from the CAS validation service
|
||||
*
|
||||
* @return the granted authorities for the indicated user
|
||||
* @return the details of the indicated user (at minimum the granted
|
||||
* authorities and the username)
|
||||
*
|
||||
* @throws AuthenticationException DOCUMENT ME!
|
||||
*/
|
||||
public GrantedAuthority[] getAuthorities(String casUserId)
|
||||
public UserDetails getUserDetails(String casUserId)
|
||||
throws AuthenticationException;
|
||||
}
|
||||
|
||||
@ -16,7 +16,7 @@
|
||||
package net.sf.acegisecurity.providers.cas.populator;
|
||||
|
||||
import net.sf.acegisecurity.AuthenticationException;
|
||||
import net.sf.acegisecurity.GrantedAuthority;
|
||||
import net.sf.acegisecurity.UserDetails;
|
||||
import net.sf.acegisecurity.providers.cas.CasAuthoritiesPopulator;
|
||||
import net.sf.acegisecurity.providers.dao.AuthenticationDao;
|
||||
|
||||
@ -52,10 +52,9 @@ public class DaoCasAuthoritiesPopulator implements CasAuthoritiesPopulator,
|
||||
return authenticationDao;
|
||||
}
|
||||
|
||||
public GrantedAuthority[] getAuthorities(String casUserId)
|
||||
public UserDetails getUserDetails(String casUserId)
|
||||
throws AuthenticationException {
|
||||
return this.authenticationDao.loadUserByUsername(casUserId)
|
||||
.getAuthorities();
|
||||
return this.authenticationDao.loadUserByUsername(casUserId);
|
||||
}
|
||||
|
||||
public void afterPropertiesSet() throws Exception {
|
||||
|
||||
@ -22,9 +22,11 @@ import net.sf.acegisecurity.AuthenticationException;
|
||||
import net.sf.acegisecurity.BadCredentialsException;
|
||||
import net.sf.acegisecurity.GrantedAuthority;
|
||||
import net.sf.acegisecurity.GrantedAuthorityImpl;
|
||||
import net.sf.acegisecurity.UserDetails;
|
||||
import net.sf.acegisecurity.providers.TestingAuthenticationToken;
|
||||
import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;
|
||||
import net.sf.acegisecurity.providers.cas.ticketvalidator.AbstractTicketValidator;
|
||||
import net.sf.acegisecurity.providers.dao.User;
|
||||
import net.sf.acegisecurity.ui.cas.CasProcessingFilter;
|
||||
|
||||
import java.util.HashMap;
|
||||
@ -177,7 +179,7 @@ public class CasAuthenticationProviderTests extends TestCase {
|
||||
CasAuthenticationToken token = new CasAuthenticationToken("WRONG_KEY",
|
||||
"test", "credentials",
|
||||
new GrantedAuthority[] {new GrantedAuthorityImpl("XX")},
|
||||
new Vector(), "IOU-xxx");
|
||||
makeUserDetails(), new Vector(), "IOU-xxx");
|
||||
|
||||
try {
|
||||
Authentication result = cap.authenticate(token);
|
||||
@ -324,13 +326,20 @@ public class CasAuthenticationProviderTests extends TestCase {
|
||||
assertTrue(cap.supports(CasAuthenticationToken.class));
|
||||
}
|
||||
|
||||
private UserDetails makeUserDetails() {
|
||||
return new User("user", "password", true,
|
||||
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
|
||||
"ROLE_TWO")});
|
||||
}
|
||||
|
||||
//~ Inner Classes ==========================================================
|
||||
|
||||
private class MockAuthoritiesPopulator implements CasAuthoritiesPopulator {
|
||||
public GrantedAuthority[] getAuthorities(String casUserId)
|
||||
public UserDetails getUserDetails(String casUserId)
|
||||
throws AuthenticationException {
|
||||
return new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_A"), new GrantedAuthorityImpl(
|
||||
"ROLE_B")};
|
||||
return new User("user", "password", true,
|
||||
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_A"), new GrantedAuthorityImpl(
|
||||
"ROLE_B")});
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -19,7 +19,9 @@ import junit.framework.TestCase;
|
||||
|
||||
import net.sf.acegisecurity.GrantedAuthority;
|
||||
import net.sf.acegisecurity.GrantedAuthorityImpl;
|
||||
import net.sf.acegisecurity.UserDetails;
|
||||
import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;
|
||||
import net.sf.acegisecurity.providers.dao.User;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Vector;
|
||||
@ -56,7 +58,7 @@ public class CasAuthenticationTokenTests extends TestCase {
|
||||
try {
|
||||
new CasAuthenticationToken(null, "Test", "Password",
|
||||
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
|
||||
"ROLE_TWO")}, new Vector(),
|
||||
"ROLE_TWO")}, makeUserDetails(), new Vector(),
|
||||
"PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt");
|
||||
fail("Should have thrown IllegalArgumentException");
|
||||
} catch (IllegalArgumentException expected) {
|
||||
@ -66,7 +68,7 @@ public class CasAuthenticationTokenTests extends TestCase {
|
||||
try {
|
||||
new CasAuthenticationToken("key", null, "Password",
|
||||
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
|
||||
"ROLE_TWO")}, new Vector(),
|
||||
"ROLE_TWO")}, makeUserDetails(), new Vector(),
|
||||
"PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt");
|
||||
fail("Should have thrown IllegalArgumentException");
|
||||
} catch (IllegalArgumentException expected) {
|
||||
@ -76,7 +78,7 @@ public class CasAuthenticationTokenTests extends TestCase {
|
||||
try {
|
||||
new CasAuthenticationToken("key", "Test", null,
|
||||
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
|
||||
"ROLE_TWO")}, new Vector(),
|
||||
"ROLE_TWO")}, makeUserDetails(), new Vector(),
|
||||
"PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt");
|
||||
fail("Should have thrown IllegalArgumentException");
|
||||
} catch (IllegalArgumentException expected) {
|
||||
@ -85,7 +87,7 @@ public class CasAuthenticationTokenTests extends TestCase {
|
||||
|
||||
try {
|
||||
new CasAuthenticationToken("key", "Test", "Password", null,
|
||||
new Vector(),
|
||||
makeUserDetails(), new Vector(),
|
||||
"PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt");
|
||||
fail("Should have thrown IllegalArgumentException");
|
||||
} catch (IllegalArgumentException expected) {
|
||||
@ -95,7 +97,7 @@ public class CasAuthenticationTokenTests extends TestCase {
|
||||
try {
|
||||
new CasAuthenticationToken("key", "Test", "Password",
|
||||
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
|
||||
"ROLE_TWO")}, null,
|
||||
"ROLE_TWO")}, makeUserDetails(), null,
|
||||
"PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt");
|
||||
fail("Should have thrown IllegalArgumentException");
|
||||
} catch (IllegalArgumentException expected) {
|
||||
@ -105,7 +107,17 @@ public class CasAuthenticationTokenTests extends TestCase {
|
||||
try {
|
||||
new CasAuthenticationToken("key", "Test", "Password",
|
||||
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
|
||||
"ROLE_TWO")}, new Vector(), null);
|
||||
"ROLE_TWO")}, null, new Vector(),
|
||||
"PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt");
|
||||
fail("Should have thrown IllegalArgumentException");
|
||||
} catch (IllegalArgumentException expected) {
|
||||
assertTrue(true);
|
||||
}
|
||||
|
||||
try {
|
||||
new CasAuthenticationToken("key", "Test", "Password",
|
||||
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
|
||||
"ROLE_TWO")}, makeUserDetails(), new Vector(), null);
|
||||
fail("Should have thrown IllegalArgumentException");
|
||||
} catch (IllegalArgumentException expected) {
|
||||
assertTrue(true);
|
||||
@ -114,7 +126,7 @@ public class CasAuthenticationTokenTests extends TestCase {
|
||||
try {
|
||||
new CasAuthenticationToken("key", "Test", "Password",
|
||||
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), null, new GrantedAuthorityImpl(
|
||||
"ROLE_TWO")}, new Vector(),
|
||||
"ROLE_TWO")}, makeUserDetails(), new Vector(),
|
||||
"PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt");
|
||||
fail("Should have thrown IllegalArgumentException");
|
||||
} catch (IllegalArgumentException expected) {
|
||||
@ -129,7 +141,7 @@ public class CasAuthenticationTokenTests extends TestCase {
|
||||
CasAuthenticationToken token1 = new CasAuthenticationToken("key",
|
||||
"Test", "Password",
|
||||
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
|
||||
"ROLE_TWO")}, proxyList1,
|
||||
"ROLE_TWO")}, makeUserDetails(), proxyList1,
|
||||
"PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt");
|
||||
|
||||
List proxyList2 = new Vector();
|
||||
@ -138,7 +150,7 @@ public class CasAuthenticationTokenTests extends TestCase {
|
||||
CasAuthenticationToken token2 = new CasAuthenticationToken("key",
|
||||
"Test", "Password",
|
||||
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
|
||||
"ROLE_TWO")}, proxyList2,
|
||||
"ROLE_TWO")}, makeUserDetails(), proxyList2,
|
||||
"PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt");
|
||||
|
||||
assertEquals(token1, token2);
|
||||
@ -152,7 +164,7 @@ public class CasAuthenticationTokenTests extends TestCase {
|
||||
CasAuthenticationToken token = new CasAuthenticationToken("key",
|
||||
"Test", "Password",
|
||||
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
|
||||
"ROLE_TWO")}, proxyList,
|
||||
"ROLE_TWO")}, makeUserDetails(), proxyList,
|
||||
"PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt");
|
||||
assertEquals("key".hashCode(), token.getKeyHash());
|
||||
assertEquals("Test", token.getPrincipal());
|
||||
@ -180,7 +192,7 @@ public class CasAuthenticationTokenTests extends TestCase {
|
||||
CasAuthenticationToken token1 = new CasAuthenticationToken("key",
|
||||
"Test", "Password",
|
||||
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
|
||||
"ROLE_TWO")}, proxyList1,
|
||||
"ROLE_TWO")}, makeUserDetails(), proxyList1,
|
||||
"PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt");
|
||||
|
||||
List proxyList2 = new Vector();
|
||||
@ -189,7 +201,7 @@ public class CasAuthenticationTokenTests extends TestCase {
|
||||
CasAuthenticationToken token2 = new CasAuthenticationToken("key",
|
||||
"OTHER_VALUE", "Password",
|
||||
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
|
||||
"ROLE_TWO")}, proxyList2,
|
||||
"ROLE_TWO")}, makeUserDetails(), proxyList2,
|
||||
"PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt");
|
||||
|
||||
assertTrue(!token1.equals(token2));
|
||||
@ -202,7 +214,7 @@ public class CasAuthenticationTokenTests extends TestCase {
|
||||
CasAuthenticationToken token1 = new CasAuthenticationToken("key",
|
||||
"Test", "Password",
|
||||
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
|
||||
"ROLE_TWO")}, proxyList1,
|
||||
"ROLE_TWO")}, makeUserDetails(), proxyList1,
|
||||
"PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt");
|
||||
|
||||
UsernamePasswordAuthenticationToken token2 = new UsernamePasswordAuthenticationToken("Test",
|
||||
@ -221,7 +233,7 @@ public class CasAuthenticationTokenTests extends TestCase {
|
||||
CasAuthenticationToken token1 = new CasAuthenticationToken("key",
|
||||
"Test", "Password",
|
||||
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
|
||||
"ROLE_TWO")}, proxyList1,
|
||||
"ROLE_TWO")}, makeUserDetails(), proxyList1,
|
||||
"PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt");
|
||||
|
||||
List proxyList2 = new Vector();
|
||||
@ -230,7 +242,7 @@ public class CasAuthenticationTokenTests extends TestCase {
|
||||
CasAuthenticationToken token2 = new CasAuthenticationToken("DIFFERENT_KEY",
|
||||
"Test", "Password",
|
||||
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
|
||||
"ROLE_TWO")}, proxyList2,
|
||||
"ROLE_TWO")}, makeUserDetails(), proxyList2,
|
||||
"PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt");
|
||||
|
||||
assertTrue(!token1.equals(token2));
|
||||
@ -243,7 +255,7 @@ public class CasAuthenticationTokenTests extends TestCase {
|
||||
CasAuthenticationToken token1 = new CasAuthenticationToken("key",
|
||||
"Test", "Password",
|
||||
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
|
||||
"ROLE_TWO")}, proxyList1,
|
||||
"ROLE_TWO")}, makeUserDetails(), proxyList1,
|
||||
"PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt");
|
||||
|
||||
List proxyList2 = new Vector();
|
||||
@ -252,7 +264,8 @@ public class CasAuthenticationTokenTests extends TestCase {
|
||||
CasAuthenticationToken token2 = new CasAuthenticationToken("key",
|
||||
"Test", "Password",
|
||||
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
|
||||
"ROLE_TWO")}, proxyList2, "PGTIOU-SOME_OTHER_VALUE");
|
||||
"ROLE_TWO")}, makeUserDetails(), proxyList2,
|
||||
"PGTIOU-SOME_OTHER_VALUE");
|
||||
|
||||
assertTrue(!token1.equals(token2));
|
||||
}
|
||||
@ -264,7 +277,7 @@ public class CasAuthenticationTokenTests extends TestCase {
|
||||
CasAuthenticationToken token1 = new CasAuthenticationToken("key",
|
||||
"Test", "Password",
|
||||
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
|
||||
"ROLE_TWO")}, proxyList1,
|
||||
"ROLE_TWO")}, makeUserDetails(), proxyList1,
|
||||
"PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt");
|
||||
|
||||
List proxyList2 = new Vector();
|
||||
@ -274,7 +287,7 @@ public class CasAuthenticationTokenTests extends TestCase {
|
||||
CasAuthenticationToken token2 = new CasAuthenticationToken("key",
|
||||
"Test", "Password",
|
||||
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
|
||||
"ROLE_TWO")}, proxyList2,
|
||||
"ROLE_TWO")}, makeUserDetails(), proxyList2,
|
||||
"PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt");
|
||||
|
||||
assertTrue(!token1.equals(token2));
|
||||
@ -284,7 +297,7 @@ public class CasAuthenticationTokenTests extends TestCase {
|
||||
CasAuthenticationToken token = new CasAuthenticationToken("key",
|
||||
"Test", "Password",
|
||||
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
|
||||
"ROLE_TWO")}, new Vector(),
|
||||
"ROLE_TWO")}, makeUserDetails(), new Vector(),
|
||||
"PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt");
|
||||
assertTrue(token.isAuthenticated());
|
||||
token.setAuthenticated(false); // ignored
|
||||
@ -295,11 +308,17 @@ public class CasAuthenticationTokenTests extends TestCase {
|
||||
CasAuthenticationToken token = new CasAuthenticationToken("key",
|
||||
"Test", "Password",
|
||||
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
|
||||
"ROLE_TWO")}, new Vector(),
|
||||
"ROLE_TWO")}, makeUserDetails(), new Vector(),
|
||||
"PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt");
|
||||
String result = token.toString();
|
||||
assertTrue(result.lastIndexOf("Proxy List:") != -1);
|
||||
assertTrue(result.lastIndexOf("Proxy-Granting Ticket IOU:") != -1);
|
||||
assertTrue(result.lastIndexOf("Credentials (Service/Proxy Ticket):") != -1);
|
||||
}
|
||||
|
||||
private UserDetails makeUserDetails() {
|
||||
return new User("user", "password", true,
|
||||
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
|
||||
"ROLE_TWO")});
|
||||
}
|
||||
}
|
||||
|
||||
@ -20,6 +20,7 @@ import junit.framework.TestCase;
|
||||
import net.sf.acegisecurity.GrantedAuthority;
|
||||
import net.sf.acegisecurity.GrantedAuthorityImpl;
|
||||
import net.sf.acegisecurity.providers.cas.CasAuthenticationToken;
|
||||
import net.sf.acegisecurity.providers.dao.User;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Vector;
|
||||
@ -82,10 +83,14 @@ public class EhCacheBasedTicketCacheTests extends TestCase {
|
||||
List proxyList = new Vector();
|
||||
proxyList.add("https://localhost/newPortal/j_acegi_cas_security_check");
|
||||
|
||||
User user = new User("marissa", "password", true,
|
||||
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
|
||||
"ROLE_TWO")});
|
||||
|
||||
return new CasAuthenticationToken("key", "marissa",
|
||||
"ST-0-ER94xMJmn6pha35CQRoZ",
|
||||
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
|
||||
"ROLE_TWO")}, proxyList,
|
||||
"ROLE_TWO")}, user, proxyList,
|
||||
"PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt");
|
||||
}
|
||||
}
|
||||
|
||||
@ -74,7 +74,7 @@ public class DaoCasAuthoritiesPopulatorTests extends TestCase {
|
||||
populator.afterPropertiesSet();
|
||||
|
||||
try {
|
||||
populator.getAuthorities("scott");
|
||||
populator.getUserDetails("scott");
|
||||
fail("Should have thrown UsernameNotFoundException");
|
||||
} catch (UsernameNotFoundException expected) {
|
||||
assertTrue(true);
|
||||
@ -87,10 +87,12 @@ public class DaoCasAuthoritiesPopulatorTests extends TestCase {
|
||||
populator.setAuthenticationDao(new MockAuthenticationDaoUserMarissa());
|
||||
populator.afterPropertiesSet();
|
||||
|
||||
GrantedAuthority[] results = populator.getAuthorities("marissa");
|
||||
assertEquals(2, results.length);
|
||||
assertEquals(new GrantedAuthorityImpl("ROLE_ONE"), results[0]);
|
||||
assertEquals(new GrantedAuthorityImpl("ROLE_TWO"), results[1]);
|
||||
UserDetails results = populator.getUserDetails("marissa");
|
||||
assertEquals(2, results.getAuthorities().length);
|
||||
assertEquals(new GrantedAuthorityImpl("ROLE_ONE"),
|
||||
results.getAuthorities()[0]);
|
||||
assertEquals(new GrantedAuthorityImpl("ROLE_TWO"),
|
||||
results.getAuthorities()[1]);
|
||||
}
|
||||
|
||||
public void testGetGrantedAuthoritiesWhenDaoThrowsException()
|
||||
@ -100,7 +102,7 @@ public class DaoCasAuthoritiesPopulatorTests extends TestCase {
|
||||
populator.afterPropertiesSet();
|
||||
|
||||
try {
|
||||
populator.getAuthorities("THE_DAO_WILL_FAIL");
|
||||
populator.getUserDetails("THE_DAO_WILL_FAIL");
|
||||
fail("Should have thrown DataRetrievalFailureException");
|
||||
} catch (DataRetrievalFailureException expected) {
|
||||
assertTrue(true);
|
||||
|
||||
@ -43,5 +43,8 @@ applications:
|
||||
- Any custom event listeners relying on AuthenticationEvent should note a
|
||||
UserDetails is now provided in the AuthenticationEvent (not a User).
|
||||
|
||||
- CAS users should note the CasAuthoritiesPopulator interface signature has
|
||||
changed. Most CAS users will be using DaoCasAuthoritiesPopulator, so this
|
||||
change is unlikely to require any action.
|
||||
|
||||
$Id$
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user