diff --git a/changelog.txt b/changelog.txt index b7db97802d..1e41d387f0 100644 --- a/changelog.txt +++ b/changelog.txt @@ -6,7 +6,8 @@ Changes in version 0.6 (2004-xx-xx) * Added stack trace logging to SecurityEnforcementFilter * Updated Authentication to be serializable (Weblogic support) * Updated to Clover 1.3 -* Refactored User to UserDetails interface +* Refactored User to net.sf.acegisecurity.UserDetails interface +* Refactored CAS package to store UserDetails in CasAuthenticationToken * Improved organisation of DaoAuthenticationProvider to facilitate subclassing * Improved test coverage (now 98.3%) * Fixed Linux compatibility issues (directory case sensitivity etc) diff --git a/core/src/main/java/org/acegisecurity/providers/cas/CasAuthenticationProvider.java b/core/src/main/java/org/acegisecurity/providers/cas/CasAuthenticationProvider.java index 1b8b2cc1a3..62995500db 100644 --- a/core/src/main/java/org/acegisecurity/providers/cas/CasAuthenticationProvider.java +++ b/core/src/main/java/org/acegisecurity/providers/cas/CasAuthenticationProvider.java @@ -18,7 +18,7 @@ package net.sf.acegisecurity.providers.cas; import net.sf.acegisecurity.Authentication; import net.sf.acegisecurity.AuthenticationException; import net.sf.acegisecurity.BadCredentialsException; -import net.sf.acegisecurity.GrantedAuthority; +import net.sf.acegisecurity.UserDetails; import net.sf.acegisecurity.providers.AuthenticationProvider; import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken; import net.sf.acegisecurity.ui.cas.CasProcessingFilter; @@ -209,13 +209,14 @@ public class CasAuthenticationProvider implements AuthenticationProvider, // Check proxy list is trusted this.casProxyDecider.confirmProxyListTrusted(response.getProxyList()); - // Build list of granted authorities - GrantedAuthority[] ga = this.casAuthoritiesPopulator.getAuthorities(response + // Lookup user details + UserDetails userDetails = this.casAuthoritiesPopulator.getUserDetails(response .getUser()); // Construct CasAuthenticationToken return new CasAuthenticationToken(this.key, response.getUser(), - authentication.getCredentials(), ga, response.getProxyList(), + authentication.getCredentials(), userDetails.getAuthorities(), + userDetails, response.getProxyList(), response.getProxyGrantingTicketIou()); } } diff --git a/core/src/main/java/org/acegisecurity/providers/cas/CasAuthenticationToken.java b/core/src/main/java/org/acegisecurity/providers/cas/CasAuthenticationToken.java index 6b9d91e4aa..1e3dd09ad4 100644 --- a/core/src/main/java/org/acegisecurity/providers/cas/CasAuthenticationToken.java +++ b/core/src/main/java/org/acegisecurity/providers/cas/CasAuthenticationToken.java @@ -16,6 +16,7 @@ package net.sf.acegisecurity.providers.cas; import net.sf.acegisecurity.GrantedAuthority; +import net.sf.acegisecurity.UserDetails; import net.sf.acegisecurity.providers.AbstractAuthenticationToken; import java.io.Serializable; @@ -37,6 +38,7 @@ public class CasAuthenticationToken extends AbstractAuthenticationToken private Object credentials; private Object principal; private String proxyGrantingTicketIou; + private UserDetails userDetails; private GrantedAuthority[] authorities; private int keyHash; @@ -52,6 +54,8 @@ public class CasAuthenticationToken extends AbstractAuthenticationToken * null) * @param authorities the authorities granted to the user (from {@link * CasAuthoritiesPopulator}) (cannot be null) + * @param userDetails the user details (from {@link + * CasAuthoritiesPopulator}) (cannot be null) * @param proxyList the list of proxies from CAS (cannot be * null) * @param proxyGrantingTicketIou the PGT-IOU ID from CAS (cannot be @@ -61,12 +65,13 @@ public class CasAuthenticationToken extends AbstractAuthenticationToken * @throws IllegalArgumentException if a null was passed */ public CasAuthenticationToken(String key, Object principal, - Object credentials, GrantedAuthority[] authorities, List proxyList, - String proxyGrantingTicketIou) { + Object credentials, GrantedAuthority[] authorities, + UserDetails userDetails, List proxyList, String proxyGrantingTicketIou) { if ((key == null) || ("".equals(key)) || (principal == null) || "".equals(principal) || (credentials == null) || "".equals(credentials) || (authorities == null) - || (proxyList == null) || (proxyGrantingTicketIou == null)) { + || (userDetails == null) || (proxyList == null) + || (proxyGrantingTicketIou == null)) { throw new IllegalArgumentException( "Cannot pass null or empty values to constructor"); } @@ -83,6 +88,7 @@ public class CasAuthenticationToken extends AbstractAuthenticationToken this.principal = principal; this.credentials = credentials; this.authorities = authorities; + this.userDetails = userDetails; this.proxyList = proxyList; this.proxyGrantingTicketIou = proxyGrantingTicketIou; } @@ -141,6 +147,10 @@ public class CasAuthenticationToken extends AbstractAuthenticationToken return proxyList; } + public UserDetails getUserDetails() { + return userDetails; + } + public boolean equals(Object obj) { if (!super.equals(obj)) { return false; diff --git a/core/src/main/java/org/acegisecurity/providers/cas/CasAuthoritiesPopulator.java b/core/src/main/java/org/acegisecurity/providers/cas/CasAuthoritiesPopulator.java index e5b247c488..81fac9cac6 100644 --- a/core/src/main/java/org/acegisecurity/providers/cas/CasAuthoritiesPopulator.java +++ b/core/src/main/java/org/acegisecurity/providers/cas/CasAuthoritiesPopulator.java @@ -16,12 +16,12 @@ package net.sf.acegisecurity.providers.cas; import net.sf.acegisecurity.AuthenticationException; -import net.sf.acegisecurity.GrantedAuthority; +import net.sf.acegisecurity.UserDetails; /** - * Populates the GrantedAuthority[] objects for a CAS - * authenticated user. + * Populates the UserDetails associated with a CAS authenticated + * user. * *

* CAS does not provide the authorities (roles) granted to a user. It merely @@ -32,6 +32,18 @@ import net.sf.acegisecurity.GrantedAuthority; *

* *

+ * A {@link UserDetails} is returned by implementations. The + * UserDetails must, at minimum, contain the username and + * GrantedAuthority[] objects applicable to the CAS-authenticated + * user. Note that Acegi Security ignores the password and enabled/disabled + * status of the UserDetails because this is + * authentication-related and should have been enforced by the CAS server. The + * UserDetails returned by implementations is stored in the + * generated CasAuthenticationToken, so additional properties + * such as email addresses, telephone numbers etc can easily be stored. + *

+ * + *

* Implementations should not perform any caching. They will only be called * when a refresh is required. *

@@ -52,8 +64,11 @@ public interface CasAuthoritiesPopulator { * * @param casUserId as obtained from the CAS validation service * - * @return the granted authorities for the indicated user + * @return the details of the indicated user (at minimum the granted + * authorities and the username) + * + * @throws AuthenticationException DOCUMENT ME! */ - public GrantedAuthority[] getAuthorities(String casUserId) + public UserDetails getUserDetails(String casUserId) throws AuthenticationException; } diff --git a/core/src/main/java/org/acegisecurity/providers/cas/populator/DaoCasAuthoritiesPopulator.java b/core/src/main/java/org/acegisecurity/providers/cas/populator/DaoCasAuthoritiesPopulator.java index 2b29cc446f..d6423f2c49 100644 --- a/core/src/main/java/org/acegisecurity/providers/cas/populator/DaoCasAuthoritiesPopulator.java +++ b/core/src/main/java/org/acegisecurity/providers/cas/populator/DaoCasAuthoritiesPopulator.java @@ -16,7 +16,7 @@ package net.sf.acegisecurity.providers.cas.populator; import net.sf.acegisecurity.AuthenticationException; -import net.sf.acegisecurity.GrantedAuthority; +import net.sf.acegisecurity.UserDetails; import net.sf.acegisecurity.providers.cas.CasAuthoritiesPopulator; import net.sf.acegisecurity.providers.dao.AuthenticationDao; @@ -52,10 +52,9 @@ public class DaoCasAuthoritiesPopulator implements CasAuthoritiesPopulator, return authenticationDao; } - public GrantedAuthority[] getAuthorities(String casUserId) + public UserDetails getUserDetails(String casUserId) throws AuthenticationException { - return this.authenticationDao.loadUserByUsername(casUserId) - .getAuthorities(); + return this.authenticationDao.loadUserByUsername(casUserId); } public void afterPropertiesSet() throws Exception { diff --git a/core/src/test/java/org/acegisecurity/providers/cas/CasAuthenticationProviderTests.java b/core/src/test/java/org/acegisecurity/providers/cas/CasAuthenticationProviderTests.java index 139a8bd1e9..091af44471 100644 --- a/core/src/test/java/org/acegisecurity/providers/cas/CasAuthenticationProviderTests.java +++ b/core/src/test/java/org/acegisecurity/providers/cas/CasAuthenticationProviderTests.java @@ -22,9 +22,11 @@ import net.sf.acegisecurity.AuthenticationException; import net.sf.acegisecurity.BadCredentialsException; import net.sf.acegisecurity.GrantedAuthority; import net.sf.acegisecurity.GrantedAuthorityImpl; +import net.sf.acegisecurity.UserDetails; import net.sf.acegisecurity.providers.TestingAuthenticationToken; import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken; import net.sf.acegisecurity.providers.cas.ticketvalidator.AbstractTicketValidator; +import net.sf.acegisecurity.providers.dao.User; import net.sf.acegisecurity.ui.cas.CasProcessingFilter; import java.util.HashMap; @@ -177,7 +179,7 @@ public class CasAuthenticationProviderTests extends TestCase { CasAuthenticationToken token = new CasAuthenticationToken("WRONG_KEY", "test", "credentials", new GrantedAuthority[] {new GrantedAuthorityImpl("XX")}, - new Vector(), "IOU-xxx"); + makeUserDetails(), new Vector(), "IOU-xxx"); try { Authentication result = cap.authenticate(token); @@ -324,13 +326,20 @@ public class CasAuthenticationProviderTests extends TestCase { assertTrue(cap.supports(CasAuthenticationToken.class)); } + private UserDetails makeUserDetails() { + return new User("user", "password", true, + new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl( + "ROLE_TWO")}); + } + //~ Inner Classes ========================================================== private class MockAuthoritiesPopulator implements CasAuthoritiesPopulator { - public GrantedAuthority[] getAuthorities(String casUserId) + public UserDetails getUserDetails(String casUserId) throws AuthenticationException { - return new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_A"), new GrantedAuthorityImpl( - "ROLE_B")}; + return new User("user", "password", true, + new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_A"), new GrantedAuthorityImpl( + "ROLE_B")}); } } diff --git a/core/src/test/java/org/acegisecurity/providers/cas/CasAuthenticationTokenTests.java b/core/src/test/java/org/acegisecurity/providers/cas/CasAuthenticationTokenTests.java index e939aa5356..f0e0cda195 100644 --- a/core/src/test/java/org/acegisecurity/providers/cas/CasAuthenticationTokenTests.java +++ b/core/src/test/java/org/acegisecurity/providers/cas/CasAuthenticationTokenTests.java @@ -19,7 +19,9 @@ import junit.framework.TestCase; import net.sf.acegisecurity.GrantedAuthority; import net.sf.acegisecurity.GrantedAuthorityImpl; +import net.sf.acegisecurity.UserDetails; import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken; +import net.sf.acegisecurity.providers.dao.User; import java.util.List; import java.util.Vector; @@ -56,7 +58,7 @@ public class CasAuthenticationTokenTests extends TestCase { try { new CasAuthenticationToken(null, "Test", "Password", new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl( - "ROLE_TWO")}, new Vector(), + "ROLE_TWO")}, makeUserDetails(), new Vector(), "PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt"); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { @@ -66,7 +68,7 @@ public class CasAuthenticationTokenTests extends TestCase { try { new CasAuthenticationToken("key", null, "Password", new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl( - "ROLE_TWO")}, new Vector(), + "ROLE_TWO")}, makeUserDetails(), new Vector(), "PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt"); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { @@ -76,7 +78,7 @@ public class CasAuthenticationTokenTests extends TestCase { try { new CasAuthenticationToken("key", "Test", null, new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl( - "ROLE_TWO")}, new Vector(), + "ROLE_TWO")}, makeUserDetails(), new Vector(), "PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt"); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { @@ -85,7 +87,7 @@ public class CasAuthenticationTokenTests extends TestCase { try { new CasAuthenticationToken("key", "Test", "Password", null, - new Vector(), + makeUserDetails(), new Vector(), "PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt"); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { @@ -95,7 +97,7 @@ public class CasAuthenticationTokenTests extends TestCase { try { new CasAuthenticationToken("key", "Test", "Password", new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl( - "ROLE_TWO")}, null, + "ROLE_TWO")}, makeUserDetails(), null, "PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt"); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { @@ -105,7 +107,17 @@ public class CasAuthenticationTokenTests extends TestCase { try { new CasAuthenticationToken("key", "Test", "Password", new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl( - "ROLE_TWO")}, new Vector(), null); + "ROLE_TWO")}, null, new Vector(), + "PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt"); + fail("Should have thrown IllegalArgumentException"); + } catch (IllegalArgumentException expected) { + assertTrue(true); + } + + try { + new CasAuthenticationToken("key", "Test", "Password", + new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl( + "ROLE_TWO")}, makeUserDetails(), new Vector(), null); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { assertTrue(true); @@ -114,7 +126,7 @@ public class CasAuthenticationTokenTests extends TestCase { try { new CasAuthenticationToken("key", "Test", "Password", new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), null, new GrantedAuthorityImpl( - "ROLE_TWO")}, new Vector(), + "ROLE_TWO")}, makeUserDetails(), new Vector(), "PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt"); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { @@ -129,7 +141,7 @@ public class CasAuthenticationTokenTests extends TestCase { CasAuthenticationToken token1 = new CasAuthenticationToken("key", "Test", "Password", new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl( - "ROLE_TWO")}, proxyList1, + "ROLE_TWO")}, makeUserDetails(), proxyList1, "PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt"); List proxyList2 = new Vector(); @@ -138,7 +150,7 @@ public class CasAuthenticationTokenTests extends TestCase { CasAuthenticationToken token2 = new CasAuthenticationToken("key", "Test", "Password", new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl( - "ROLE_TWO")}, proxyList2, + "ROLE_TWO")}, makeUserDetails(), proxyList2, "PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt"); assertEquals(token1, token2); @@ -152,7 +164,7 @@ public class CasAuthenticationTokenTests extends TestCase { CasAuthenticationToken token = new CasAuthenticationToken("key", "Test", "Password", new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl( - "ROLE_TWO")}, proxyList, + "ROLE_TWO")}, makeUserDetails(), proxyList, "PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt"); assertEquals("key".hashCode(), token.getKeyHash()); assertEquals("Test", token.getPrincipal()); @@ -180,7 +192,7 @@ public class CasAuthenticationTokenTests extends TestCase { CasAuthenticationToken token1 = new CasAuthenticationToken("key", "Test", "Password", new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl( - "ROLE_TWO")}, proxyList1, + "ROLE_TWO")}, makeUserDetails(), proxyList1, "PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt"); List proxyList2 = new Vector(); @@ -189,7 +201,7 @@ public class CasAuthenticationTokenTests extends TestCase { CasAuthenticationToken token2 = new CasAuthenticationToken("key", "OTHER_VALUE", "Password", new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl( - "ROLE_TWO")}, proxyList2, + "ROLE_TWO")}, makeUserDetails(), proxyList2, "PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt"); assertTrue(!token1.equals(token2)); @@ -202,7 +214,7 @@ public class CasAuthenticationTokenTests extends TestCase { CasAuthenticationToken token1 = new CasAuthenticationToken("key", "Test", "Password", new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl( - "ROLE_TWO")}, proxyList1, + "ROLE_TWO")}, makeUserDetails(), proxyList1, "PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt"); UsernamePasswordAuthenticationToken token2 = new UsernamePasswordAuthenticationToken("Test", @@ -221,7 +233,7 @@ public class CasAuthenticationTokenTests extends TestCase { CasAuthenticationToken token1 = new CasAuthenticationToken("key", "Test", "Password", new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl( - "ROLE_TWO")}, proxyList1, + "ROLE_TWO")}, makeUserDetails(), proxyList1, "PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt"); List proxyList2 = new Vector(); @@ -230,7 +242,7 @@ public class CasAuthenticationTokenTests extends TestCase { CasAuthenticationToken token2 = new CasAuthenticationToken("DIFFERENT_KEY", "Test", "Password", new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl( - "ROLE_TWO")}, proxyList2, + "ROLE_TWO")}, makeUserDetails(), proxyList2, "PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt"); assertTrue(!token1.equals(token2)); @@ -243,7 +255,7 @@ public class CasAuthenticationTokenTests extends TestCase { CasAuthenticationToken token1 = new CasAuthenticationToken("key", "Test", "Password", new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl( - "ROLE_TWO")}, proxyList1, + "ROLE_TWO")}, makeUserDetails(), proxyList1, "PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt"); List proxyList2 = new Vector(); @@ -252,7 +264,8 @@ public class CasAuthenticationTokenTests extends TestCase { CasAuthenticationToken token2 = new CasAuthenticationToken("key", "Test", "Password", new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl( - "ROLE_TWO")}, proxyList2, "PGTIOU-SOME_OTHER_VALUE"); + "ROLE_TWO")}, makeUserDetails(), proxyList2, + "PGTIOU-SOME_OTHER_VALUE"); assertTrue(!token1.equals(token2)); } @@ -264,7 +277,7 @@ public class CasAuthenticationTokenTests extends TestCase { CasAuthenticationToken token1 = new CasAuthenticationToken("key", "Test", "Password", new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl( - "ROLE_TWO")}, proxyList1, + "ROLE_TWO")}, makeUserDetails(), proxyList1, "PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt"); List proxyList2 = new Vector(); @@ -274,7 +287,7 @@ public class CasAuthenticationTokenTests extends TestCase { CasAuthenticationToken token2 = new CasAuthenticationToken("key", "Test", "Password", new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl( - "ROLE_TWO")}, proxyList2, + "ROLE_TWO")}, makeUserDetails(), proxyList2, "PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt"); assertTrue(!token1.equals(token2)); @@ -284,7 +297,7 @@ public class CasAuthenticationTokenTests extends TestCase { CasAuthenticationToken token = new CasAuthenticationToken("key", "Test", "Password", new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl( - "ROLE_TWO")}, new Vector(), + "ROLE_TWO")}, makeUserDetails(), new Vector(), "PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt"); assertTrue(token.isAuthenticated()); token.setAuthenticated(false); // ignored @@ -295,11 +308,17 @@ public class CasAuthenticationTokenTests extends TestCase { CasAuthenticationToken token = new CasAuthenticationToken("key", "Test", "Password", new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl( - "ROLE_TWO")}, new Vector(), + "ROLE_TWO")}, makeUserDetails(), new Vector(), "PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt"); String result = token.toString(); assertTrue(result.lastIndexOf("Proxy List:") != -1); assertTrue(result.lastIndexOf("Proxy-Granting Ticket IOU:") != -1); assertTrue(result.lastIndexOf("Credentials (Service/Proxy Ticket):") != -1); } + + private UserDetails makeUserDetails() { + return new User("user", "password", true, + new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl( + "ROLE_TWO")}); + } } diff --git a/core/src/test/java/org/acegisecurity/providers/cas/cache/EhCacheBasedTicketCacheTests.java b/core/src/test/java/org/acegisecurity/providers/cas/cache/EhCacheBasedTicketCacheTests.java index 84ca929272..3102882b30 100644 --- a/core/src/test/java/org/acegisecurity/providers/cas/cache/EhCacheBasedTicketCacheTests.java +++ b/core/src/test/java/org/acegisecurity/providers/cas/cache/EhCacheBasedTicketCacheTests.java @@ -20,6 +20,7 @@ import junit.framework.TestCase; import net.sf.acegisecurity.GrantedAuthority; import net.sf.acegisecurity.GrantedAuthorityImpl; import net.sf.acegisecurity.providers.cas.CasAuthenticationToken; +import net.sf.acegisecurity.providers.dao.User; import java.util.List; import java.util.Vector; @@ -82,10 +83,14 @@ public class EhCacheBasedTicketCacheTests extends TestCase { List proxyList = new Vector(); proxyList.add("https://localhost/newPortal/j_acegi_cas_security_check"); + User user = new User("marissa", "password", true, + new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl( + "ROLE_TWO")}); + return new CasAuthenticationToken("key", "marissa", "ST-0-ER94xMJmn6pha35CQRoZ", new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl( - "ROLE_TWO")}, proxyList, + "ROLE_TWO")}, user, proxyList, "PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt"); } } diff --git a/core/src/test/java/org/acegisecurity/providers/cas/populator/DaoCasAuthoritiesPopulatorTests.java b/core/src/test/java/org/acegisecurity/providers/cas/populator/DaoCasAuthoritiesPopulatorTests.java index f469b83e7f..e697984459 100644 --- a/core/src/test/java/org/acegisecurity/providers/cas/populator/DaoCasAuthoritiesPopulatorTests.java +++ b/core/src/test/java/org/acegisecurity/providers/cas/populator/DaoCasAuthoritiesPopulatorTests.java @@ -74,7 +74,7 @@ public class DaoCasAuthoritiesPopulatorTests extends TestCase { populator.afterPropertiesSet(); try { - populator.getAuthorities("scott"); + populator.getUserDetails("scott"); fail("Should have thrown UsernameNotFoundException"); } catch (UsernameNotFoundException expected) { assertTrue(true); @@ -87,10 +87,12 @@ public class DaoCasAuthoritiesPopulatorTests extends TestCase { populator.setAuthenticationDao(new MockAuthenticationDaoUserMarissa()); populator.afterPropertiesSet(); - GrantedAuthority[] results = populator.getAuthorities("marissa"); - assertEquals(2, results.length); - assertEquals(new GrantedAuthorityImpl("ROLE_ONE"), results[0]); - assertEquals(new GrantedAuthorityImpl("ROLE_TWO"), results[1]); + UserDetails results = populator.getUserDetails("marissa"); + assertEquals(2, results.getAuthorities().length); + assertEquals(new GrantedAuthorityImpl("ROLE_ONE"), + results.getAuthorities()[0]); + assertEquals(new GrantedAuthorityImpl("ROLE_TWO"), + results.getAuthorities()[1]); } public void testGetGrantedAuthoritiesWhenDaoThrowsException() @@ -100,7 +102,7 @@ public class DaoCasAuthoritiesPopulatorTests extends TestCase { populator.afterPropertiesSet(); try { - populator.getAuthorities("THE_DAO_WILL_FAIL"); + populator.getUserDetails("THE_DAO_WILL_FAIL"); fail("Should have thrown DataRetrievalFailureException"); } catch (DataRetrievalFailureException expected) { assertTrue(true); diff --git a/upgrade-05-06.txt b/upgrade-05-06.txt index 909797cafe..cee8b6b34a 100644 --- a/upgrade-05-06.txt +++ b/upgrade-05-06.txt @@ -43,5 +43,8 @@ applications: - Any custom event listeners relying on AuthenticationEvent should note a UserDetails is now provided in the AuthenticationEvent (not a User). +- CAS users should note the CasAuthoritiesPopulator interface signature has + changed. Most CAS users will be using DaoCasAuthoritiesPopulator, so this + change is unlikely to require any action. $Id$