Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SEC-418: Changed interface SwitchAuthorityChanger to return List rather than expecting modification of passed in List of authorities.

This commit is contained in:
Luke Taylor 2008-01-28 19:26:30 +00:00
parent 0be34cdcc1
commit e63fa0f610
3 changed files with 34 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
core/src/main/java/org/springframework/security/ui/switchuser/SwitchUserAuthorityChanger.java
View File

@ -25,6 +25,8 @@ public interface SwitchUserAuthorityChanger {
* @param currentAuthentication the current Authentication of the principal performing the switching
* @param authoritiesToBeGranted all {@link GrantedAuthority} instances to be granted to the user,
* excluding the special "switch user" authority that is used internally (guaranteed never null)
*
* @return the modified list of granted authorities.
*/
void modifyGrantedAuthorities(UserDetails targetUser, Authentication currentAuthentication, List authoritiesToBeGranted);
List modifyGrantedAuthorities(UserDetails targetUser, Authentication currentAuthentication, List authoritiesToBeGranted);
}

7
core/src/main/java/org/springframework/security/ui/switchuser/SwitchUserProcessingFilter.java
View File

@ -25,6 +25,7 @@ import org.springframework.security.DisabledException;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.LockedException;
import org.springframework.security.util.RedirectUtils;
import org.springframework.security.util.AuthorityUtils;
import org.springframework.security.context.SecurityContextHolder;
@ -283,15 +284,15 @@ public class SwitchUserProcessingFilter extends SpringSecurityFilter implements
// Allow subclasses to change the authorities to be granted
if (switchUserAuthorityChanger != null) {
switchUserAuthorityChanger.modifyGrantedAuthorities(targetUser, currentAuth, orig);
orig = switchUserAuthorityChanger.modifyGrantedAuthorities(targetUser, currentAuth, orig);
}
// add the new switch user authority
List newAuths = new ArrayList(orig);
newAuths.add(switchAuthority);
GrantedAuthority[] authorities = {};
authorities = (GrantedAuthority[]) newAuths.toArray(authorities);
GrantedAuthority[] authorities =
(GrantedAuthority[]) newAuths.toArray(new GrantedAuthority[newAuths.size()]);
// create the new authentication token
targetUserRequest = new UsernamePasswordAuthenticationToken(targetUser, targetUser.getPassword(), authorities);

27
core/src/test/java/org/springframework/security/ui/switchuser/SwitchUserProcessingFilterTests.java
View File

@ -41,6 +41,9 @@ import org.springframework.dao.DataAccessException;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import java.util.List;
import java.util.ArrayList;
/**
* Tests {@link org.springframework.security.ui.switchuser.SwitchUserProcessingFilter}.
@ -400,6 +403,30 @@ public class SwitchUserProcessingFilterTests extends TestCase {
assertEquals("jacklord", ((User) targetAuth.getPrincipal()).getUsername());
}
public void testModificationOfAuthoritiesWorks() {
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("dano", "hawaii50");
SecurityContextHolder.getContext().setAuthentication(auth);
MockHttpServletRequest request = new MockHttpServletRequest();
request.addParameter(SwitchUserProcessingFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, "jacklord");
SwitchUserProcessingFilter filter = new SwitchUserProcessingFilter();
filter.setUserDetailsService(new MockAuthenticationDaoUserJackLord());
filter.setSwitchUserAuthorityChanger(new SwitchUserAuthorityChanger() {
public List modifyGrantedAuthorities(UserDetails targetUser, Authentication currentAuthentication, List authoritiesToBeGranted) {
List auths = new ArrayList();
auths.add(new GrantedAuthorityImpl("ROLE_NEW"));
return auths;
}
});
Authentication result = filter.attemptSwitchUser(request);
assertTrue(result != null);
assertEquals(2, result.getAuthorities().length);
assertEquals("ROLE_NEW", result.getAuthorities()[0].getAuthority());
}
//~ Inner Classes ==================================================================================================
private class MockAuthenticationDaoUserJackLord implements UserDetailsService {