From ec44f2bdfe8d115adb35f1d41b8e18ca4ba40063 Mon Sep 17 00:00:00 2001 From: Luke Taylor Date: Fri, 31 Oct 2008 03:53:00 +0000 Subject: [PATCH] SEC-1012: Refactoring of use of GrantedAuthority[] to generified collections --- .../domain/AclAuthorizationStrategyImpl.java | 8 +- .../acls/sid/SidRetrievalStrategyImpl.java | 10 +- .../acls/sid/SidRetrievalStrategyTests.java | 7 +- .../providers/cas/CasAuthenticationToken.java | 18 +- .../cas/CasAuthenticationProviderTests.java | 32 +- .../cas/CasAuthenticationTokenTests.java | 33 +- .../security/Authentication.java | 3 +- .../security/AuthenticationManager.java | 26 +- .../security/GrantedAuthoritiesContainer.java | 3 +- .../GrantedAuthoritiesContainerImpl.java | 32 +- .../security/MockAuthenticationManager.java | 1 - .../MutableGrantedAuthoritiesContainer.java | 4 +- ...GrantedAuthorityEffectiveAclsResolver.java | 15 +- .../Attributes2GrantedAuthoritiesMapper.java | 5 +- ...edAttributes2GrantedAuthoritiesMapper.java | 260 ++++----- ...leAttributes2GrantedAuthoritiesMapper.java | 11 +- .../MethodInvocationPrivilegeEvaluator.java | 2 +- .../web/WebInvocationPrivilegeEvaluator.java | 2 +- .../ldap/LdapAuthoritiesPopulator.java | 4 +- .../DefaultLdapAuthoritiesPopulator.java | 16 +- ...etailsServiceLdapAuthoritiesPopulator.java | 4 +- .../AbstractAuthenticationToken.java | 154 +++-- .../providers/TestingAuthenticationToken.java | 9 +- .../UsernamePasswordAuthenticationToken.java | 13 +- .../AnonymousAuthenticationToken.java | 12 +- .../jaas/JaasAuthenticationProvider.java | 12 +- .../ldap/LdapAuthenticationProvider.java | 11 +- ...reAuthenticatedAuthenticationProvider.java | 32 +- .../PreAuthenticatedAuthenticationToken.java | 13 +- ...dGrantedAuthoritiesUserDetailsService.java | 50 +- .../rcp/RemoteAuthenticationManagerImpl.java | 15 +- .../RememberMeAuthenticationToken.java | 8 +- .../x509/X509AuthenticationProvider.java | 133 ----- .../x509/X509AuthenticationToken.java | 77 --- .../x509/X509AuthoritiesPopulator.java | 55 -- .../providers/x509/X509UserCache.java | 44 -- .../x509/cache/EhCacheBasedX509UserCache.java | 109 ---- .../x509/cache/NullX509UserCache.java | 42 -- .../providers/x509/cache/package.html | 5 - .../security/providers/x509/package.html | 6 - .../DaoX509AuthoritiesPopulator.java | 119 ---- .../providers/x509/populator/package.html | 7 - .../security/runas/RunAsManagerImpl.java | 46 +- .../security/runas/RunAsUserToken.java | 6 +- ...antedAuthoritiesAuthenticationDetails.java | 67 ++- ...edAuthoritiesWebAuthenticationDetails.java | 6 +- ...henticatedAuthenticationDetailsSource.java | 29 +- ...ticatedWebAuthenticationDetailsSource.java | 13 +- ...henticatedAuthenticationDetailsSource.java | 109 ++-- .../SwitchUserProcessingFilter.java | 17 +- .../ui/x509/X509ProcessingFilter.java | 210 ------- .../x509/X509ProcessingFilterEntryPoint.java | 77 --- .../security/ui/x509/package.html | 6 - .../security/userdetails/GroupManager.java | 6 +- .../security/userdetails/User.java | 102 +--- .../security/userdetails/UserDetails.java | 3 +- .../hierarchicalroles/RoleHierarchy.java | 4 +- .../hierarchicalroles/RoleHierarchyImpl.java | 19 +- .../hierarchicalroles/UserDetailsWrapper.java | 4 +- .../jdbc/JdbcUserDetailsManager.java | 126 ++--- .../ldap/InetOrgPersonContextMapper.java | 4 +- .../userdetails/ldap/LdapUserDetailsImpl.java | 16 +- .../ldap/LdapUserDetailsManager.java | 27 +- .../ldap/LdapUserDetailsMapper.java | 8 +- .../ldap/LdapUserDetailsService.java | 10 +- .../userdetails/ldap/PersonContextMapper.java | 4 +- .../ldap/UserDetailsContextMapper.java | 4 +- .../security/util/AuthorityUtils.java | 27 +- .../security/vote/LabelBasedAclVoter.java | 6 +- .../security/vote/RoleHierarchyVoter.java | 19 +- .../security/vote/RoleVoter.java | 13 +- ...urityContextHolderAwareRequestWrapper.java | 22 +- .../security/MockAccessDecisionManager.java | 5 +- ...tributes2GrantedAuthoritiesMapperTest.java | 402 +++++++------ ...leRoles2GrantedAuthoritiesMapperTests.java | 187 +++--- ...LdapProviderBeanDefinitionParserTests.java | 42 +- ...pSessionContextIntegrationFilterTests.java | 534 +++++++++--------- .../DefaultLdapAuthoritiesPopulatorTests.java | 51 +- ...sServiceLdapAuthoritiesPopulatorTests.java | 8 +- .../AbstractAuthenticationTokenTests.java | 61 +- .../providers/ProviderManagerTests.java | 20 +- .../TestingAuthenticationProviderTests.java | 33 +- ...rnamePasswordAuthenticationTokenTests.java | 9 +- .../AnonymousAuthenticationTokenTests.java | 34 +- .../AnonymousProcessingFilterTests.java | 5 +- .../dao/DaoAuthenticationProviderTests.java | 24 +- .../jaas/JaasAuthenticationProviderTests.java | 52 +- .../ldap/LdapAuthenticationProviderTests.java | 16 +- ...AuthenticatedAuthenticationTokenTests.java | 71 ++- ...tedAuthoritiesUserDetailsServiceTests.java | 117 ++-- .../RemoteAuthenticationManagerImplTests.java | 3 +- .../RemoteAuthenticationProviderTests.java | 2 +- ...RememberMeAuthenticationProviderTests.java | 3 +- .../RememberMeAuthenticationTokenTests.java | 15 +- .../x509/X509AuthenticationProviderTests.java | 131 ----- .../x509/X509AuthenticationTokenTests.java | 52 -- .../cache/EhCacheBasedX509UserCacheTests.java | 89 --- .../DaoX509AuthoritiesPopulatorTests.java | 146 ----- .../security/runas/RunAsManagerImplTests.java | 12 +- ...horitiesWebAuthenticationDetailsTests.java | 91 ++- ...edWebAuthenticationDetailsSourceTests.java | 215 +++---- .../SubjectDnX509PrincipalExtractorTests.java | 1 - .../preauth}/x509/X509TestUtils.java | 6 +- .../RememberMeProcessingFilterTests.java | 46 +- .../TokenBasedRememberMeServicesTests.java | 12 +- .../SwitchUserProcessingFilterTests.java | 40 +- .../X509ProcessingFilterEntryPointTests.java | 59 -- .../ui/x509/X509ProcessingFilterTests.java | 191 ------- .../security/userdetails/UserTests.java | 16 +- .../HierarchicalRolesTestHelper.java | 15 +- .../RoleHierarchyImplTests.java | 44 +- .../hierarchicalroles/TestHelperTests.java | 28 +- .../UserDetailsWrapperTests.java | 7 +- .../userdetails/jdbc/JdbcDaoImplTests.java | 26 +- .../jdbc/JdbcUserDetailsManagerTests.java | 12 +- .../ldap/LdapUserDetailsManagerTests.java | 26 +- .../ldap/LdapUserDetailsMapperTests.java | 36 +- .../ldap/LdapUserDetailsServiceTests.java | 23 +- .../memory/UserMapEditorTests.java | 4 +- .../security/util/AuthorityUtilsTests.java | 5 +- .../security/vote/UnanimousBasedTests.java | 12 +- ...ContextHolderAwareRequestWrapperTests.java | 13 +- ...lmUsernamePasswordAuthenticationToken.java | 36 +- .../openid/OpenIDAuthenticationToken.java | 8 +- .../OpenIDAuthenticationProviderTests.java | 2 +- ...PreAuthenticatedAuthenticationDetails.java | 23 +- ...henticatedAuthenticationDetailsSource.java | 10 +- .../providers/portlet/PortletTestUtils.java | 88 +-- .../PortletProcessingInterceptorTests.java | 358 ++++++------ .../security/taglibs/authz/AclTag.java | 15 +- .../security/taglibs/authz/AuthorizeTag.java | 30 +- .../security/taglibs/velocity/Authz.java | 27 +- .../security/taglibs/velocity/AuthzImpl.java | 73 +-- .../taglibs/authz/AuthenticationTagTests.java | 3 +- .../AuthorizeTagExpressionLanguageTests.java | 2 - .../taglibs/velocity/AuthzImplTest.java | 246 -------- .../taglibs/velocity/AuthzImplTests.java | 64 +++ 137 files changed, 2250 insertions(+), 4219 deletions(-) delete mode 100644 core/src/main/java/org/springframework/security/providers/x509/X509AuthenticationProvider.java delete mode 100644 core/src/main/java/org/springframework/security/providers/x509/X509AuthenticationToken.java delete mode 100644 core/src/main/java/org/springframework/security/providers/x509/X509AuthoritiesPopulator.java delete mode 100644 core/src/main/java/org/springframework/security/providers/x509/X509UserCache.java delete mode 100644 core/src/main/java/org/springframework/security/providers/x509/cache/EhCacheBasedX509UserCache.java delete mode 100644 core/src/main/java/org/springframework/security/providers/x509/cache/NullX509UserCache.java delete mode 100644 core/src/main/java/org/springframework/security/providers/x509/cache/package.html delete mode 100644 core/src/main/java/org/springframework/security/providers/x509/package.html delete mode 100644 core/src/main/java/org/springframework/security/providers/x509/populator/DaoX509AuthoritiesPopulator.java delete mode 100644 core/src/main/java/org/springframework/security/providers/x509/populator/package.html delete mode 100644 core/src/main/java/org/springframework/security/ui/x509/X509ProcessingFilter.java delete mode 100644 core/src/main/java/org/springframework/security/ui/x509/X509ProcessingFilterEntryPoint.java delete mode 100644 core/src/main/java/org/springframework/security/ui/x509/package.html delete mode 100644 core/src/test/java/org/springframework/security/providers/x509/X509AuthenticationProviderTests.java delete mode 100644 core/src/test/java/org/springframework/security/providers/x509/X509AuthenticationTokenTests.java delete mode 100644 core/src/test/java/org/springframework/security/providers/x509/cache/EhCacheBasedX509UserCacheTests.java delete mode 100644 core/src/test/java/org/springframework/security/providers/x509/populator/DaoX509AuthoritiesPopulatorTests.java rename core/src/test/java/org/springframework/security/{providers => ui/preauth}/x509/X509TestUtils.java (96%) delete mode 100644 core/src/test/java/org/springframework/security/ui/x509/X509ProcessingFilterEntryPointTests.java delete mode 100644 core/src/test/java/org/springframework/security/ui/x509/X509ProcessingFilterTests.java delete mode 100644 taglibs/src/test/java/org/springframework/security/taglibs/velocity/AuthzImplTest.java create mode 100644 taglibs/src/test/java/org/springframework/security/taglibs/velocity/AuthzImplTests.java diff --git a/acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImpl.java b/acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImpl.java index 2826ad8979..4d7fb1924d 100644 --- a/acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImpl.java +++ b/acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImpl.java @@ -15,6 +15,8 @@ package org.springframework.security.acls.domain; +import java.util.List; + import org.springframework.security.AccessDeniedException; import org.springframework.security.Authentication; import org.springframework.security.GrantedAuthority; @@ -100,10 +102,10 @@ public class AclAuthorizationStrategyImpl implements AclAuthorizationStrategy { } // Iterate this principal's authorities to determine right - GrantedAuthority[] auths = authentication.getAuthorities(); + List auths = authentication.getAuthorities(); - for (int i = 0; i < auths.length; i++) { - if (requiredAuthority.equals(auths[i])) { + for (int i = 0; i < auths.size(); i++) { + if (requiredAuthority.equals(auths.get(i))) { return; } } diff --git a/acl/src/main/java/org/springframework/security/acls/sid/SidRetrievalStrategyImpl.java b/acl/src/main/java/org/springframework/security/acls/sid/SidRetrievalStrategyImpl.java index 01d71fb0c8..d517c72c56 100644 --- a/acl/src/main/java/org/springframework/security/acls/sid/SidRetrievalStrategyImpl.java +++ b/acl/src/main/java/org/springframework/security/acls/sid/SidRetrievalStrategyImpl.java @@ -15,6 +15,8 @@ package org.springframework.security.acls.sid; +import java.util.List; + import org.springframework.security.Authentication; import org.springframework.security.GrantedAuthority; @@ -31,13 +33,13 @@ public class SidRetrievalStrategyImpl implements SidRetrievalStrategy { //~ Methods ======================================================================================================== public Sid[] getSids(Authentication authentication) { - GrantedAuthority[] authorities = authentication.getAuthorities(); - Sid[] sids = new Sid[authorities.length + 1]; + List authorities = authentication.getAuthorities(); + Sid[] sids = new Sid[authorities.size() + 1]; sids[0] = new PrincipalSid(authentication); - for (int i = 1; i <= authorities.length; i++) { - sids[i] = new GrantedAuthoritySid(authorities[i - 1]); + for (int i = 1; i <= authorities.size(); i++) { + sids[i] = new GrantedAuthoritySid(authorities.get(i - 1)); } return sids; diff --git a/acl/src/test/java/org/springframework/security/acls/sid/SidRetrievalStrategyTests.java b/acl/src/test/java/org/springframework/security/acls/sid/SidRetrievalStrategyTests.java index 8ebd2e53ba..032c5f1011 100644 --- a/acl/src/test/java/org/springframework/security/acls/sid/SidRetrievalStrategyTests.java +++ b/acl/src/test/java/org/springframework/security/acls/sid/SidRetrievalStrategyTests.java @@ -4,13 +4,11 @@ import junit.framework.Assert; import junit.framework.TestCase; import org.springframework.security.Authentication; -import org.springframework.security.GrantedAuthority; -import org.springframework.security.GrantedAuthorityImpl; import org.springframework.security.providers.TestingAuthenticationToken; /** * Tests for {@link SidRetrievalStrategyImpl} - * + * * @author Andrei Stefan */ public class SidRetrievalStrategyTests extends TestCase { @@ -18,8 +16,7 @@ public class SidRetrievalStrategyTests extends TestCase { //~ Methods ======================================================================================================== public void testSidsRetrieval() throws Exception { - Authentication authentication = new TestingAuthenticationToken("scott", "password", new GrantedAuthority[] { - new GrantedAuthorityImpl("ROLE_1"), new GrantedAuthorityImpl("ROLE_2"), new GrantedAuthorityImpl("ROLE_3") }); + Authentication authentication = new TestingAuthenticationToken("scott", "password", "ROLE_1", "ROLE_2", "ROLE_3"); SidRetrievalStrategy retrStrategy = new SidRetrievalStrategyImpl(); Sid[] sids = retrStrategy.getSids(authentication); diff --git a/cas/src/main/java/org/springframework/security/providers/cas/CasAuthenticationToken.java b/cas/src/main/java/org/springframework/security/providers/cas/CasAuthenticationToken.java index 907d582410..1a12df32d9 100644 --- a/cas/src/main/java/org/springframework/security/providers/cas/CasAuthenticationToken.java +++ b/cas/src/main/java/org/springframework/security/providers/cas/CasAuthenticationToken.java @@ -23,6 +23,8 @@ import org.springframework.security.providers.AbstractAuthenticationToken; import org.springframework.security.userdetails.UserDetails; import java.io.Serializable; +import java.util.Arrays; +import java.util.List; /** * Represents a successful CAS Authentication. @@ -43,7 +45,15 @@ public class CasAuthenticationToken extends AbstractAuthenticationToken implemen //~ Constructors =================================================================================================== -/** + /** + * @deprecated + */ + public CasAuthenticationToken(final String key, final Object principal, final Object credentials, + final GrantedAuthority[] authorities, final UserDetails userDetails, final Assertion assertion) { + this(key, principal, credentials, Arrays.asList(authorities), userDetails, assertion); + } + + /** * Constructor. * * @param key to identify if this object made by a given {@link @@ -61,7 +71,7 @@ public class CasAuthenticationToken extends AbstractAuthenticationToken implemen * @throws IllegalArgumentException if a null was passed */ public CasAuthenticationToken(final String key, final Object principal, final Object credentials, - final GrantedAuthority[] authorities, final UserDetails userDetails, final Assertion assertion) { + final List authorities, final UserDetails userDetails, final Assertion assertion) { super(authorities); if ((key == null) || ("".equals(key)) || (principal == null) || "".equals(principal) || (credentials == null) @@ -86,9 +96,9 @@ public class CasAuthenticationToken extends AbstractAuthenticationToken implemen if (obj instanceof CasAuthenticationToken) { CasAuthenticationToken test = (CasAuthenticationToken) obj; - + if (!this.assertion.equals(test.getAssertion())) { - return false; + return false; } if (this.getKeyHash() != test.getKeyHash()) { diff --git a/cas/src/test/java/org/springframework/security/providers/cas/CasAuthenticationProviderTests.java b/cas/src/test/java/org/springframework/security/providers/cas/CasAuthenticationProviderTests.java index dd5bf39256..e276aa6644 100644 --- a/cas/src/test/java/org/springframework/security/providers/cas/CasAuthenticationProviderTests.java +++ b/cas/src/test/java/org/springframework/security/providers/cas/CasAuthenticationProviderTests.java @@ -61,13 +61,13 @@ public class CasAuthenticationProviderTests { return new User("user", "password", true, true, true, true, new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_A"), new GrantedAuthorityImpl("ROLE_B")}); } - + private ServiceProperties makeServiceProperties() { - final ServiceProperties serviceProperties = new ServiceProperties(); - serviceProperties.setSendRenew(false); - serviceProperties.setService("http://test.com"); - - return serviceProperties; + final ServiceProperties serviceProperties = new ServiceProperties(); + serviceProperties.setSendRenew(false); + serviceProperties.setService("http://test.com"); + + return serviceProperties; } @Test @@ -79,7 +79,7 @@ public class CasAuthenticationProviderTests { StatelessTicketCache cache = new MockStatelessTicketCache(); cap.setStatelessTicketCache(cache); cap.setServiceProperties(makeServiceProperties()); - + cap.setTicketValidator(new MockTicketValidator(true)); cap.afterPropertiesSet(); @@ -99,8 +99,8 @@ public class CasAuthenticationProviderTests { CasAuthenticationToken casResult = (CasAuthenticationToken) result; assertEquals(makeUserDetailsFromAuthoritiesPopulator(), casResult.getPrincipal()); assertEquals("ST-123", casResult.getCredentials()); - assertEquals(new GrantedAuthorityImpl("ROLE_A"), casResult.getAuthorities()[0]); - assertEquals(new GrantedAuthorityImpl("ROLE_B"), casResult.getAuthorities()[1]); + assertEquals(new GrantedAuthorityImpl("ROLE_A"), casResult.getAuthorities().get(0)); + assertEquals(new GrantedAuthorityImpl("ROLE_B"), casResult.getAuthorities().get(1)); assertEquals(cap.getKey().hashCode(), casResult.getKeyHash()); assertEquals("details", casResult.getDetails()); @@ -171,7 +171,7 @@ public class CasAuthenticationProviderTests { @Test(expected = BadCredentialsException.class) public void invalidKeyIsDetected() throws Exception { - final Assertion assertion = new AssertionImpl("test"); + final Assertion assertion = new AssertionImpl("test"); CasAuthenticationProvider cap = new CasAuthenticationProvider(); cap.setUserDetailsService(new MockAuthoritiesPopulator()); cap.setKey("qwerty"); @@ -322,11 +322,11 @@ public class CasAuthenticationProviderTests { } public Assertion validate(final String ticket, final String service) - throws TicketValidationException { - if (returnTicket) { - return new AssertionImpl("rod"); - } - throw new BadCredentialsException("As requested from mock"); - } + throws TicketValidationException { + if (returnTicket) { + return new AssertionImpl("rod"); + } + throw new BadCredentialsException("As requested from mock"); + } } } diff --git a/cas/src/test/java/org/springframework/security/providers/cas/CasAuthenticationTokenTests.java b/cas/src/test/java/org/springframework/security/providers/cas/CasAuthenticationTokenTests.java index 64cd71dbce..0c0cef5651 100644 --- a/cas/src/test/java/org/springframework/security/providers/cas/CasAuthenticationTokenTests.java +++ b/cas/src/test/java/org/springframework/security/providers/cas/CasAuthenticationTokenTests.java @@ -64,7 +64,7 @@ public class CasAuthenticationTokenTests extends TestCase { } public void testConstructorRejectsNulls() { - final Assertion assertion = new AssertionImpl("test"); + final Assertion assertion = new AssertionImpl("test"); try { new CasAuthenticationToken(null, makeUserDetails(), "Password", new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO")}, @@ -92,13 +92,6 @@ public class CasAuthenticationTokenTests extends TestCase { assertTrue(true); } - try { - new CasAuthenticationToken("key", makeUserDetails(), "Password", null, makeUserDetails(), assertion); - fail("Should have thrown IllegalArgumentException"); - } catch (IllegalArgumentException expected) { - assertTrue(true); - } - try { new CasAuthenticationToken("key", makeUserDetails(), "Password", new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO")}, @@ -116,7 +109,7 @@ public class CasAuthenticationTokenTests extends TestCase { } catch (IllegalArgumentException expected) { assertTrue(true); } - + try { new CasAuthenticationToken("key", makeUserDetails(), "Password", @@ -129,7 +122,7 @@ public class CasAuthenticationTokenTests extends TestCase { } public void testEqualsWhenEqual() { - final Assertion assertion = new AssertionImpl("test"); + final Assertion assertion = new AssertionImpl("test"); CasAuthenticationToken token1 = new CasAuthenticationToken("key", makeUserDetails(), "Password", new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO")}, @@ -144,15 +137,15 @@ public class CasAuthenticationTokenTests extends TestCase { public void testGetters() { // Build the proxy list returned in the ticket from CAS - final Assertion assertion = new AssertionImpl("test"); + final Assertion assertion = new AssertionImpl("test"); CasAuthenticationToken token = new CasAuthenticationToken("key", makeUserDetails(), "Password", new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO")}, makeUserDetails(), assertion); assertEquals("key".hashCode(), token.getKeyHash()); assertEquals(makeUserDetails(), token.getPrincipal()); assertEquals("Password", token.getCredentials()); - assertEquals("ROLE_ONE", token.getAuthorities()[0].getAuthority()); - assertEquals("ROLE_TWO", token.getAuthorities()[1].getAuthority()); + assertEquals("ROLE_ONE", token.getAuthorities().get(0).getAuthority()); + assertEquals("ROLE_TWO", token.getAuthorities().get(1).getAuthority()); assertEquals(assertion, token.getAssertion()); assertEquals(makeUserDetails().getUsername(), token.getUserDetails().getUsername()); } @@ -169,7 +162,7 @@ public class CasAuthenticationTokenTests extends TestCase { } public void testNotEqualsDueToAbstractParentEqualsCheck() { - final Assertion assertion = new AssertionImpl("test"); + final Assertion assertion = new AssertionImpl("test"); CasAuthenticationToken token1 = new CasAuthenticationToken("key", makeUserDetails(), "Password", new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO")}, @@ -183,7 +176,7 @@ public class CasAuthenticationTokenTests extends TestCase { } public void testNotEqualsDueToDifferentAuthenticationClass() { - final Assertion assertion = new AssertionImpl("test"); + final Assertion assertion = new AssertionImpl("test"); CasAuthenticationToken token1 = new CasAuthenticationToken("key", makeUserDetails(), "Password", new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO")}, @@ -196,7 +189,7 @@ public class CasAuthenticationTokenTests extends TestCase { } public void testNotEqualsDueToKey() { - final Assertion assertion = new AssertionImpl("test"); + final Assertion assertion = new AssertionImpl("test"); CasAuthenticationToken token1 = new CasAuthenticationToken("key", makeUserDetails(), "Password", new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO")}, @@ -210,8 +203,8 @@ public class CasAuthenticationTokenTests extends TestCase { } public void testNotEqualsDueToAssertion() { - final Assertion assertion = new AssertionImpl("test"); - final Assertion assertion2 = new AssertionImpl("test"); + final Assertion assertion = new AssertionImpl("test"); + final Assertion assertion2 = new AssertionImpl("test"); CasAuthenticationToken token1 = new CasAuthenticationToken("key", makeUserDetails(), "Password", new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO")}, @@ -225,7 +218,7 @@ public class CasAuthenticationTokenTests extends TestCase { } public void testSetAuthenticated() { - final Assertion assertion = new AssertionImpl("test"); + final Assertion assertion = new AssertionImpl("test"); CasAuthenticationToken token = new CasAuthenticationToken("key", makeUserDetails(), "Password", new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO")}, makeUserDetails(), assertion); @@ -235,7 +228,7 @@ public class CasAuthenticationTokenTests extends TestCase { } public void testToString() { - final Assertion assertion = new AssertionImpl("test"); + final Assertion assertion = new AssertionImpl("test"); CasAuthenticationToken token = new CasAuthenticationToken("key", makeUserDetails(), "Password", new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO")}, makeUserDetails(), assertion); diff --git a/core/src/main/java/org/springframework/security/Authentication.java b/core/src/main/java/org/springframework/security/Authentication.java index 2eca608885..54ce5101a6 100644 --- a/core/src/main/java/org/springframework/security/Authentication.java +++ b/core/src/main/java/org/springframework/security/Authentication.java @@ -18,6 +18,7 @@ package org.springframework.security; import java.io.Serializable; import java.security.Principal; +import java.util.List; /** @@ -46,7 +47,7 @@ public interface Authentication extends Principal, Serializable { * * @return the authorities granted to the principal, or null if authentication has not been completed */ - GrantedAuthority[] getAuthorities(); + List getAuthorities(); /** * The credentials that prove the principal is correct. This is usually a password, but could be anything diff --git a/core/src/main/java/org/springframework/security/AuthenticationManager.java b/core/src/main/java/org/springframework/security/AuthenticationManager.java index caa7905649..622f016297 100644 --- a/core/src/main/java/org/springframework/security/AuthenticationManager.java +++ b/core/src/main/java/org/springframework/security/AuthenticationManager.java @@ -26,17 +26,20 @@ public interface AuthenticationManager { /** * Attempts to authenticate the passed {@link Authentication} object, returning a fully populated - * Authentication object (including granted authorities) if successful.

An - * AuthenticationManager must honour the following contract concerning exceptions:

- *

A {@link DisabledException} must be thrown if an account is disabled and the - * AuthenticationManager can test for this state.

- *

A {@link LockedException} must be thrown if an account is locked and the - * AuthenticationManager can test for account locking.

- *

A {@link BadCredentialsException} must be thrown if incorrect credentials are presented. Whilst the - * above exceptions are optional, an AuthenticationManager must always test credentials.

- *

Exceptions should be tested for and if applicable thrown in the order expressed above (ie if an + * Authentication object (including granted authorities) if successful. + *

+ * An AuthenticationManager must honour the following contract concerning exceptions: + *

    + *
  • A {@link DisabledException} must be thrown if an account is disabled and the + * AuthenticationManager can test for this state.
    • + *
  • A {@link LockedException} must be thrown if an account is locked and the + * AuthenticationManager can test for account locking.
    • + *
  • A {@link BadCredentialsException} must be thrown if incorrect credentials are presented. Whilst the + * above exceptions are optional, an AuthenticationManager must always test credentials.
    • + *
+ * Exceptions should be tested for and if applicable thrown in the order expressed above (i.e. if an * account is disabled or locked, the authentication request is immediately rejected and the credentials testing - * process is not performed). This prevents credentials being tested against disabled or locked accounts.

+ * process is not performed). This prevents credentials being tested against disabled or locked accounts. * * @param authentication the authentication request object * @@ -44,6 +47,5 @@ public interface AuthenticationManager { * * @throws AuthenticationException if authentication fails */ - Authentication authenticate(Authentication authentication) - throws AuthenticationException; + Authentication authenticate(Authentication authentication) throws AuthenticationException; } diff --git a/core/src/main/java/org/springframework/security/GrantedAuthoritiesContainer.java b/core/src/main/java/org/springframework/security/GrantedAuthoritiesContainer.java index 1f5a978f26..18bda0be28 100644 --- a/core/src/main/java/org/springframework/security/GrantedAuthoritiesContainer.java +++ b/core/src/main/java/org/springframework/security/GrantedAuthoritiesContainer.java @@ -1,6 +1,7 @@ package org.springframework.security; import java.io.Serializable; +import java.util.List; /** * Indicates that a object stores GrantedAuthority objects. @@ -13,5 +14,5 @@ import java.io.Serializable; * @since 2.0 */ public interface GrantedAuthoritiesContainer extends Serializable { - GrantedAuthority[] getGrantedAuthorities(); + List getGrantedAuthorities(); } diff --git a/core/src/main/java/org/springframework/security/GrantedAuthoritiesContainerImpl.java b/core/src/main/java/org/springframework/security/GrantedAuthoritiesContainerImpl.java index ef603c810a..bfda178cac 100644 --- a/core/src/main/java/org/springframework/security/GrantedAuthoritiesContainerImpl.java +++ b/core/src/main/java/org/springframework/security/GrantedAuthoritiesContainerImpl.java @@ -1,27 +1,25 @@ package org.springframework.security; -import java.util.ArrayList; -import java.util.Arrays; +import java.util.Collections; import java.util.List; import org.springframework.util.Assert; public class GrantedAuthoritiesContainerImpl implements MutableGrantedAuthoritiesContainer { - private List authorities; + private List authorities; - public void setGrantedAuthorities(GrantedAuthority[] newAuthorities) { - this.authorities = new ArrayList(newAuthorities.length); - authorities.addAll(Arrays.asList(newAuthorities)); - } + public void setGrantedAuthorities(List newAuthorities) { + authorities = Collections.unmodifiableList(newAuthorities); + } - public GrantedAuthority[] getGrantedAuthorities() { - Assert.notNull(authorities, "Granted authorities have not been set"); - return (GrantedAuthority[]) authorities.toArray(new GrantedAuthority[authorities.size()]); - } - - public String toString() { - StringBuffer sb = new StringBuffer(); - sb.append("Authorities: ").append(authorities); - return sb.toString(); - } + public List getGrantedAuthorities() { + Assert.notNull(authorities, "Granted authorities have not been set"); + return authorities; + } + + public String toString() { + StringBuffer sb = new StringBuffer(); + sb.append("Authorities: ").append(authorities); + return sb.toString(); + } } diff --git a/core/src/main/java/org/springframework/security/MockAuthenticationManager.java b/core/src/main/java/org/springframework/security/MockAuthenticationManager.java index 8b4c6a9552..d1b860386b 100644 --- a/core/src/main/java/org/springframework/security/MockAuthenticationManager.java +++ b/core/src/main/java/org/springframework/security/MockAuthenticationManager.java @@ -34,7 +34,6 @@ public class MockAuthenticationManager extends AbstractAuthenticationManager { } public MockAuthenticationManager() { - super(); } //~ Methods ======================================================================================================== diff --git a/core/src/main/java/org/springframework/security/MutableGrantedAuthoritiesContainer.java b/core/src/main/java/org/springframework/security/MutableGrantedAuthoritiesContainer.java index 61211e779f..d6427fce51 100644 --- a/core/src/main/java/org/springframework/security/MutableGrantedAuthoritiesContainer.java +++ b/core/src/main/java/org/springframework/security/MutableGrantedAuthoritiesContainer.java @@ -1,5 +1,7 @@ package org.springframework.security; +import java.util.List; + /** * Indicates that a object can be used to store and retrieve GrantedAuthority objects. *

@@ -14,5 +16,5 @@ public interface MutableGrantedAuthoritiesContainer extends GrantedAuthoritiesCo /** * Used to store authorities in the containing object. */ - void setGrantedAuthorities(GrantedAuthority[] authorities); + void setGrantedAuthorities(List authorities); } diff --git a/core/src/main/java/org/springframework/security/acl/basic/GrantedAuthorityEffectiveAclsResolver.java b/core/src/main/java/org/springframework/security/acl/basic/GrantedAuthorityEffectiveAclsResolver.java index 0a1f836230..92b3637a65 100644 --- a/core/src/main/java/org/springframework/security/acl/basic/GrantedAuthorityEffectiveAclsResolver.java +++ b/core/src/main/java/org/springframework/security/acl/basic/GrantedAuthorityEffectiveAclsResolver.java @@ -34,8 +34,9 @@ import java.util.Vector; * "recipient" types presented in a BasicAclEntry because it merely delegates to the detected {@link * Authentication#getPrincipal()} or {@link Authentication#getAuthorities()}. The principal object or granted * authorities object has its Object.equals(recipient) method called to make the decision as to whether - * the recipient in the BasicAclEntry is the same as the principal or granted authority.

- *

This class should prove an adequate ACLs resolver if you're using standard Spring Security classes. This is + * the recipient in the BasicAclEntry is the same as the principal or granted authority. + *

+ * This class should prove an adequate ACLs resolver if you're using standard Spring Security classes. This is * because the typical Authentication token is UsernamePasswordAuthenticationToken, which * for its principal is usually a String. The GrantedAuthorityImpl is typically * used for granted authorities, which tests for equality based on a String. This means @@ -93,9 +94,9 @@ public class GrantedAuthorityEffectiveAclsResolver implements EffectiveAclsResol // As with the principal, allow each of the Authentication's // granted authorities to decide whether the presented // recipient is "equal" - GrantedAuthority[] authorities = filteredBy.getAuthorities(); + Listauthorities = filteredBy.getAuthorities(); - if ((authorities == null) || (authorities.length == 0)) { + if ((authorities == null) || (authorities.size() == 0)) { if (logger.isDebugEnabled()) { logger.debug("Did not match principal and there are no granted authorities, " + "so cannot compare with recipient: " + recipient); @@ -104,10 +105,10 @@ public class GrantedAuthorityEffectiveAclsResolver implements EffectiveAclsResol continue; } - for (int k = 0; k < authorities.length; k++) { - if (authorities[k].equals(recipient)) { + for (int k = 0; k < authorities.size(); k++) { + if (authorities.get(k).equals(recipient)) { if (logger.isDebugEnabled()) { - logger.debug("GrantedAuthority: " + authorities[k] + " matches recipient: " + recipient); + logger.debug("GrantedAuthority: " + authorities.get(k) + " matches recipient: " + recipient); } list.add(allAcls[i]); diff --git a/core/src/main/java/org/springframework/security/authoritymapping/Attributes2GrantedAuthoritiesMapper.java b/core/src/main/java/org/springframework/security/authoritymapping/Attributes2GrantedAuthoritiesMapper.java index 23543d4317..f8c38860d6 100755 --- a/core/src/main/java/org/springframework/security/authoritymapping/Attributes2GrantedAuthoritiesMapper.java +++ b/core/src/main/java/org/springframework/security/authoritymapping/Attributes2GrantedAuthoritiesMapper.java @@ -1,5 +1,8 @@ package org.springframework.security.authoritymapping; +import java.util.Collection; +import java.util.List; + import org.springframework.security.GrantedAuthority; /** @@ -20,5 +23,5 @@ public interface Attributes2GrantedAuthoritiesMapper { * @param attribute the attributes to be mapped * @return the list of mapped GrantedAuthorities */ - public GrantedAuthority[] getGrantedAuthorities(String[] attributes); + public List getGrantedAuthorities(Collection attributes); } diff --git a/core/src/main/java/org/springframework/security/authoritymapping/MapBasedAttributes2GrantedAuthoritiesMapper.java b/core/src/main/java/org/springframework/security/authoritymapping/MapBasedAttributes2GrantedAuthoritiesMapper.java index 32188a1bf8..5dfb510162 100755 --- a/core/src/main/java/org/springframework/security/authoritymapping/MapBasedAttributes2GrantedAuthoritiesMapper.java +++ b/core/src/main/java/org/springframework/security/authoritymapping/MapBasedAttributes2GrantedAuthoritiesMapper.java @@ -16,152 +16,152 @@ import org.springframework.util.StringUtils; /** - *

* This class implements the Attributes2GrantedAuthoritiesMapper and * MappableAttributesRetriever interfaces based on the supplied Map. * It supports both one-to-one and one-to-many mappings. The granted * authorities to map to can be supplied either as a String or as a * GrantedAuthority object. - *

+ * * @author Ruud Senden */ public class MapBasedAttributes2GrantedAuthoritiesMapper implements Attributes2GrantedAuthoritiesMapper, MappableAttributesRetriever, InitializingBean { - private Map attributes2grantedAuthoritiesMap = null; - private String stringSeparator = ","; - private String[] mappableAttributes = null; + private Map> attributes2grantedAuthoritiesMap = null; + private String stringSeparator = ","; + private String[] mappableAttributes = null; - /** - * Check whether all properties have been set to correct values, and do some preprocessing. - */ - public void afterPropertiesSet() { - Assert.notEmpty(attributes2grantedAuthoritiesMap,"A non-empty attributes2grantedAuthoritiesMap must be supplied"); - attributes2grantedAuthoritiesMap = preProcessMap(attributes2grantedAuthoritiesMap); - try { - mappableAttributes = (String[])attributes2grantedAuthoritiesMap.keySet().toArray(new String[]{}); - } catch ( ArrayStoreException ase ) { - throw new IllegalArgumentException("attributes2grantedAuthoritiesMap contains non-String objects as keys"); - } - } - /** - * Preprocess the given map - * @param orgMap The map to process - * @return the processed Map - */ - private Map preProcessMap(Map orgMap) { - Map result = new HashMap(orgMap.size()); - Iterator it = orgMap.entrySet().iterator(); - while ( it.hasNext() ) { - Map.Entry entry = (Map.Entry)it.next(); - result.put(entry.getKey(),getGrantedAuthorityCollection(entry.getValue())); - } - return result; - } + public void afterPropertiesSet() throws Exception { + Assert.notNull(attributes2grantedAuthoritiesMap, "attributes2grantedAuthoritiesMap must be set"); + } - /** - * Convert the given value to a collection of Granted Authorities - * - * @param value - * The value to convert to a GrantedAuthority Collection - * @return Collection containing the GrantedAuthority Collection - */ - private Collection getGrantedAuthorityCollection(Object value) { - Collection result = new ArrayList(); - addGrantedAuthorityCollection(result,value); - return result; - } + /** + * Map the given array of attributes to Spring Security GrantedAuthorities. + */ + public List getGrantedAuthorities(Collection attributes) { + ArrayList gaList = new ArrayList(); + for (String attribute : attributes) { + Collection c = attributes2grantedAuthoritiesMap.get(attribute); + if ( c != null ) { gaList.addAll(c); } + } + gaList.trimToSize(); - /** - * Convert the given value to a collection of Granted Authorities, - * adding the result to the given result collection. - * - * @param value - * The value to convert to a GrantedAuthority Collection - * @return Collection containing the GrantedAuthority Collection - */ - private void addGrantedAuthorityCollection(Collection result, Object value) { - if ( value != null ) { - if ( value instanceof Collection ) { - addGrantedAuthorityCollection(result,(Collection)value); - } else if ( value instanceof Object[] ) { - addGrantedAuthorityCollection(result,(Object[])value); - } else if ( value instanceof String ) { - addGrantedAuthorityCollection(result,(String)value); - } else if ( value instanceof GrantedAuthority ) { - result.add(value); - } else { - throw new IllegalArgumentException("Invalid object type: "+value.getClass().getName()); - } - } - } + return gaList; + } - private void addGrantedAuthorityCollection(Collection result, Collection value) { - Iterator it = value.iterator(); - while ( it.hasNext() ) { - addGrantedAuthorityCollection(result,it.next()); - } - } + /** + * @return Returns the attributes2grantedAuthoritiesMap. + */ + public Map getAttributes2grantedAuthoritiesMap() { + return attributes2grantedAuthoritiesMap; + } + /** + * @param attributes2grantedAuthoritiesMap The attributes2grantedAuthoritiesMap to set. + */ + public void setAttributes2grantedAuthoritiesMap(final Map attributes2grantedAuthoritiesMap) { + Assert.notEmpty(attributes2grantedAuthoritiesMap,"A non-empty attributes2grantedAuthoritiesMap must be supplied"); + this.attributes2grantedAuthoritiesMap = preProcessMap(attributes2grantedAuthoritiesMap); - private void addGrantedAuthorityCollection(Collection result, Object[] value) { - for ( int i = 0 ; i < value.length ; i++ ) { - addGrantedAuthorityCollection(result,value[i]); - } - } + try { + mappableAttributes = (String[])this.attributes2grantedAuthoritiesMap.keySet().toArray(new String[]{}); + } catch ( ArrayStoreException ase ) { + throw new IllegalArgumentException("attributes2grantedAuthoritiesMap contains non-String objects as keys"); + } + } - private void addGrantedAuthorityCollection(Collection result, String value) { - StringTokenizer st = new StringTokenizer(value,stringSeparator,false); - while ( st.hasMoreTokens() ) { - String nextToken = st.nextToken(); - if ( StringUtils.hasText(nextToken) ) { - result.add(new GrantedAuthorityImpl(nextToken)); - } - } - } + /** + * Preprocess the given map to convert all the values to GrantedAuthority collections + * + * @param orgMap The map to process + * @return the processed Map + */ + private Map> preProcessMap(Map orgMap) { + Map result = new HashMap(orgMap.size()); - /** - * Map the given array of attributes to Spring Security GrantedAuthorities. - */ - public GrantedAuthority[] getGrantedAuthorities(String[] attributes) { - List gaList = new ArrayList(); - for (int i = 0; i < attributes.length; i++) { - Collection c = (Collection)attributes2grantedAuthoritiesMap.get(attributes[i]); - if ( c != null ) { gaList.addAll(c); } - } - GrantedAuthority[] result = new GrantedAuthority[gaList.size()]; - result = (GrantedAuthority[])gaList.toArray(result); - return result; - } + for(Map.Entry entry : orgMap.entrySet()) { + result.put(entry.getKey(),getGrantedAuthorityCollection(entry.getValue())); + } + return result; + } - /** - * @return Returns the attributes2grantedAuthoritiesMap. - */ - public Map getAttributes2grantedAuthoritiesMap() { - return attributes2grantedAuthoritiesMap; - } - /** - * @param attributes2grantedAuthoritiesMap The attributes2grantedAuthoritiesMap to set. - */ - public void setAttributes2grantedAuthoritiesMap(Map attributes2grantedAuthoritiesMap) { - this.attributes2grantedAuthoritiesMap = attributes2grantedAuthoritiesMap; - } + /** + * Convert the given value to a collection of Granted Authorities + * + * @param value + * The value to convert to a GrantedAuthority Collection + * @return Collection containing the GrantedAuthority Collection + */ + private Collection getGrantedAuthorityCollection(Object value) { + Collection result = new ArrayList(); + addGrantedAuthorityCollection(result,value); + return result; + } + + /** + * Convert the given value to a collection of Granted Authorities, + * adding the result to the given result collection. + * + * @param value + * The value to convert to a GrantedAuthority Collection + * @return Collection containing the GrantedAuthority Collection + */ + private void addGrantedAuthorityCollection(Collection result, Object value) { + if ( value == null ) { + return; + } + if ( value instanceof Collection ) { + addGrantedAuthorityCollection(result,(Collection)value); + } else if ( value instanceof Object[] ) { + addGrantedAuthorityCollection(result,(Object[])value); + } else if ( value instanceof String ) { + addGrantedAuthorityCollection(result,(String)value); + } else if ( value instanceof GrantedAuthority ) { + result.add((GrantedAuthority) value); + } else { + throw new IllegalArgumentException("Invalid object type: "+value.getClass().getName()); + } + } + + private void addGrantedAuthorityCollection(Collection result, Collection value) { + Iterator it = value.iterator(); + while ( it.hasNext() ) { + addGrantedAuthorityCollection(result,it.next()); + } + } + + private void addGrantedAuthorityCollection(Collection result, Object[] value) { + for ( int i = 0 ; i < value.length ; i++ ) { + addGrantedAuthorityCollection(result,value[i]); + } + } + + private void addGrantedAuthorityCollection(Collection result, String value) { + StringTokenizer st = new StringTokenizer(value,stringSeparator,false); + while ( st.hasMoreTokens() ) { + String nextToken = st.nextToken(); + if ( StringUtils.hasText(nextToken) ) { + result.add(new GrantedAuthorityImpl(nextToken)); + } + } + } + + /** + * + * @see org.springframework.security.authoritymapping.MappableAttributesRetriever#getMappableAttributes() + */ + public String[] getMappableAttributes() { + return mappableAttributes; + } + /** + * @return Returns the stringSeparator. + */ + public String getStringSeparator() { + return stringSeparator; + } + /** + * @param stringSeparator The stringSeparator to set. + */ + public void setStringSeparator(String stringSeparator) { + this.stringSeparator = stringSeparator; + } - /** - * - * @see org.springframework.security.authoritymapping.MappableAttributesRetriever#getMappableAttributes() - */ - public String[] getMappableAttributes() { - return mappableAttributes; - } - /** - * @return Returns the stringSeparator. - */ - public String getStringSeparator() { - return stringSeparator; - } - /** - * @param stringSeparator The stringSeparator to set. - */ - public void setStringSeparator(String stringSeparator) { - this.stringSeparator = stringSeparator; - } } diff --git a/core/src/main/java/org/springframework/security/authoritymapping/SimpleAttributes2GrantedAuthoritiesMapper.java b/core/src/main/java/org/springframework/security/authoritymapping/SimpleAttributes2GrantedAuthoritiesMapper.java index e35925fcb3..eacd176d0a 100755 --- a/core/src/main/java/org/springframework/security/authoritymapping/SimpleAttributes2GrantedAuthoritiesMapper.java +++ b/core/src/main/java/org/springframework/security/authoritymapping/SimpleAttributes2GrantedAuthoritiesMapper.java @@ -3,6 +3,9 @@ package org.springframework.security.authoritymapping; import org.springframework.security.GrantedAuthority; import org.springframework.security.GrantedAuthorityImpl; +import java.util.ArrayList; +import java.util.Collection; +import java.util.List; import java.util.Locale; import org.springframework.beans.factory.InitializingBean; @@ -41,10 +44,10 @@ public class SimpleAttributes2GrantedAuthoritiesMapper implements Attributes2Gra /** * Map the given list of string attributes one-to-one to Spring Security GrantedAuthorities. */ - public GrantedAuthority[] getGrantedAuthorities(String[] attributes) { - GrantedAuthority[] result = new GrantedAuthority[attributes.length]; - for (int i = 0; i < attributes.length; i++) { - result[i] = getGrantedAuthority(attributes[i]); + public List getGrantedAuthorities(Collection attributes) { + List result = new ArrayList(attributes.size()); + for (String attribute : attributes) { + result.add(getGrantedAuthority(attribute)); } return result; } diff --git a/core/src/main/java/org/springframework/security/intercept/method/MethodInvocationPrivilegeEvaluator.java b/core/src/main/java/org/springframework/security/intercept/method/MethodInvocationPrivilegeEvaluator.java index c275149486..f8390898b5 100644 --- a/core/src/main/java/org/springframework/security/intercept/method/MethodInvocationPrivilegeEvaluator.java +++ b/core/src/main/java/org/springframework/security/intercept/method/MethodInvocationPrivilegeEvaluator.java @@ -70,7 +70,7 @@ public class MethodInvocationPrivilegeEvaluator implements InitializingBean { } if ((authentication == null) || (authentication.getAuthorities() == null) - || (authentication.getAuthorities().length == 0)) { + || (authentication.getAuthorities().isEmpty())) { return false; } diff --git a/core/src/main/java/org/springframework/security/intercept/web/WebInvocationPrivilegeEvaluator.java b/core/src/main/java/org/springframework/security/intercept/web/WebInvocationPrivilegeEvaluator.java index bdde3d554e..68168c3ae9 100644 --- a/core/src/main/java/org/springframework/security/intercept/web/WebInvocationPrivilegeEvaluator.java +++ b/core/src/main/java/org/springframework/security/intercept/web/WebInvocationPrivilegeEvaluator.java @@ -62,7 +62,7 @@ public class WebInvocationPrivilegeEvaluator implements InitializingBean { } if ((authentication == null) || (authentication.getAuthorities() == null) - || (authentication.getAuthorities().length == 0)) { + || authentication.getAuthorities().isEmpty()) { return false; } diff --git a/core/src/main/java/org/springframework/security/ldap/LdapAuthoritiesPopulator.java b/core/src/main/java/org/springframework/security/ldap/LdapAuthoritiesPopulator.java index 2df828a20b..a69c81e572 100644 --- a/core/src/main/java/org/springframework/security/ldap/LdapAuthoritiesPopulator.java +++ b/core/src/main/java/org/springframework/security/ldap/LdapAuthoritiesPopulator.java @@ -15,6 +15,8 @@ package org.springframework.security.ldap; +import java.util.List; + import org.springframework.security.GrantedAuthority; import org.springframework.ldap.core.DirContextOperations; @@ -41,5 +43,5 @@ public interface LdapAuthoritiesPopulator { * @return the granted authorities for the given user. * */ - GrantedAuthority[] getGrantedAuthorities(DirContextOperations userData, String username); + List getGrantedAuthorities(DirContextOperations userData, String username); } diff --git a/core/src/main/java/org/springframework/security/ldap/populator/DefaultLdapAuthoritiesPopulator.java b/core/src/main/java/org/springframework/security/ldap/populator/DefaultLdapAuthoritiesPopulator.java index 55686bdba3..250dbd8fcf 100644 --- a/core/src/main/java/org/springframework/security/ldap/populator/DefaultLdapAuthoritiesPopulator.java +++ b/core/src/main/java/org/springframework/security/ldap/populator/DefaultLdapAuthoritiesPopulator.java @@ -27,8 +27,11 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import javax.naming.directory.SearchControls; + +import java.util.ArrayList; import java.util.HashSet; import java.util.Iterator; +import java.util.List; import java.util.Set; @@ -158,7 +161,7 @@ public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator * @return the extra roles which will be merged with those returned by the group search */ - protected Set getAdditionalRoles(DirContextOperations user, String username) { + protected Set getAdditionalRoles(DirContextOperations user, String username) { return null; } @@ -169,14 +172,14 @@ public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator * @param user the user who's authorities are required * @return the set of roles granted to the user. */ - public final GrantedAuthority[] getGrantedAuthorities(DirContextOperations user, String username) { + public final List getGrantedAuthorities(DirContextOperations user, String username) { String userDn = user.getNameInNamespace(); if (logger.isDebugEnabled()) { logger.debug("Getting authorities for user " + userDn); } - Set roles = getGroupMembershipRoles(userDn, username); + Set roles = getGroupMembershipRoles(userDn, username); Set extraRoles = getAdditionalRoles(user, username); @@ -188,10 +191,13 @@ public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator roles.add(defaultRole); } - return (GrantedAuthority[]) roles.toArray(new GrantedAuthority[roles.size()]); + List result = new ArrayList(roles.size()); + result.addAll(roles); + + return result; } - public Set getGroupMembershipRoles(String userDn, String username) { + public Set getGroupMembershipRoles(String userDn, String username) { Set authorities = new HashSet(); if (getGroupSearchBase() == null) { diff --git a/core/src/main/java/org/springframework/security/ldap/populator/UserDetailsServiceLdapAuthoritiesPopulator.java b/core/src/main/java/org/springframework/security/ldap/populator/UserDetailsServiceLdapAuthoritiesPopulator.java index 20dd79d0ea..55347bcf08 100644 --- a/core/src/main/java/org/springframework/security/ldap/populator/UserDetailsServiceLdapAuthoritiesPopulator.java +++ b/core/src/main/java/org/springframework/security/ldap/populator/UserDetailsServiceLdapAuthoritiesPopulator.java @@ -1,5 +1,7 @@ package org.springframework.security.ldap.populator; +import java.util.List; + import org.springframework.security.ldap.LdapAuthoritiesPopulator; import org.springframework.security.GrantedAuthority; import org.springframework.security.userdetails.UserDetailsService; @@ -23,7 +25,7 @@ public class UserDetailsServiceLdapAuthoritiesPopulator implements LdapAuthoriti this.userDetailsService = userService; } - public GrantedAuthority[] getGrantedAuthorities(DirContextOperations userData, String username) { + public List getGrantedAuthorities(DirContextOperations userData, String username) { return userDetailsService.loadUserByUsername(username).getAuthorities(); } } diff --git a/core/src/main/java/org/springframework/security/providers/AbstractAuthenticationToken.java b/core/src/main/java/org/springframework/security/providers/AbstractAuthenticationToken.java index e563ac78fb..acda56535e 100644 --- a/core/src/main/java/org/springframework/security/providers/AbstractAuthenticationToken.java +++ b/core/src/main/java/org/springframework/security/providers/AbstractAuthenticationToken.java @@ -16,15 +16,18 @@ package org.springframework.security.providers; import java.security.Principal; +import java.util.Collections; +import java.util.List; import org.springframework.security.Authentication; import org.springframework.security.GrantedAuthority; import org.springframework.security.userdetails.UserDetails; -import org.springframework.util.Assert; /** - * Base class for Authentication objects.

Implementations which use this class should be immutable.

+ * Base class for Authentication objects. + *

+ * Implementations which use this class should be immutable. * * @author Ben Alex * @author Luke Taylor @@ -34,22 +37,11 @@ public abstract class AbstractAuthenticationToken implements Authentication { //~ Instance fields ================================================================================================ private Object details; - private GrantedAuthority[] authorities; + private List authorities; private boolean authenticated = false; //~ Constructors =================================================================================================== - /** - * Retained for compatibility with subclasses written before the - * AbstractAuthenticationToken(GrantedAuthority[]) constructor - * was introduced. - * - * @deprecated in favour of the constructor which takes a - * GrantedAuthority[] argument. - */ - public AbstractAuthenticationToken() { - } - /** * Creates a token with the supplied array of authorities. * @@ -60,82 +52,70 @@ public abstract class AbstractAuthenticationToken implements Authentication { * Authentication#getAuthorities()}null should only be * presented if the principal has not been authenticated). */ - public AbstractAuthenticationToken(GrantedAuthority[] authorities) { + public AbstractAuthenticationToken(List authorities) { if (authorities != null) { - for (int i = 0; i < authorities.length; i++) { - Assert.notNull(authorities[i], - "Granted authority element " + i + " is null - GrantedAuthority[] cannot contain any null elements"); + for (int i = 0; i < authorities.size(); i++) { + if(authorities.get(i) == null) { + throw new IllegalArgumentException("Granted authority element " + i + + " is null - GrantedAuthority[] cannot contain any null elements"); + } } + this.authorities = Collections.unmodifiableList(authorities); } - - this.authorities = authorities; } //~ Methods ======================================================================================================== public boolean equals(Object obj) { - if (obj instanceof AbstractAuthenticationToken) { - AbstractAuthenticationToken test = (AbstractAuthenticationToken) obj; - - if (!((this.getAuthorities() == null) && (test.getAuthorities() == null))) { - if ((this.getAuthorities() == null) || (test.getAuthorities() == null)) { - return false; - } - - if (this.getAuthorities().length != test.getAuthorities().length) { - return false; - } - - for (int i = 0; i < this.getAuthorities().length; i++) { - if (!this.getAuthorities()[i].equals(test.getAuthorities()[i])) { - return false; - } - } - } - - if ((this.details == null) && (test.getDetails() != null)) { - return false; - } - - if ((this.details != null) && (test.getDetails() == null)) { - return false; - } - - if ((this.details != null) && (!this.details.equals(test.getDetails()))) { - return false; - } - - if ((this.getCredentials() == null) && (test.getCredentials() != null)) { - return false; - } - - if ((this.getCredentials() != null) && !this.getCredentials().equals(test.getCredentials())) { - return false; - } - - if (this.getPrincipal() == null && test.getPrincipal() != null) { - return false; - } - - if (this.getPrincipal() != null && !this.getPrincipal().equals(test.getPrincipal())) { - return false; - } - - return this.isAuthenticated() == test.isAuthenticated(); + if (!(obj instanceof AbstractAuthenticationToken)) { + return false; } - return false; + AbstractAuthenticationToken test = (AbstractAuthenticationToken) obj; + + if (!(authorities == null && test.authorities == null)) { + // Not both null + if (authorities == null || test.authorities == null) { + return false; + } + if(!authorities.equals(test.authorities)) { + return false; + } + } + + if ((this.details == null) && (test.getDetails() != null)) { + return false; + } + + if ((this.details != null) && (test.getDetails() == null)) { + return false; + } + + if ((this.details != null) && (!this.details.equals(test.getDetails()))) { + return false; + } + + if ((this.getCredentials() == null) && (test.getCredentials() != null)) { + return false; + } + + if ((this.getCredentials() != null) && !this.getCredentials().equals(test.getCredentials())) { + return false; + } + + if (this.getPrincipal() == null && test.getPrincipal() != null) { + return false; + } + + if (this.getPrincipal() != null && !this.getPrincipal().equals(test.getPrincipal())) { + return false; + } + + return this.isAuthenticated() == test.isAuthenticated(); } - public GrantedAuthority[] getAuthorities() { - if (authorities == null) { - return null; - } - - GrantedAuthority[] copy = new GrantedAuthority[authorities.length]; - System.arraycopy(authorities, 0, copy, 0, authorities.length); - - return copy; + public List getAuthorities() { + return authorities; } public Object getDetails() { @@ -146,7 +126,7 @@ public abstract class AbstractAuthenticationToken implements Authentication { if (this.getPrincipal() instanceof UserDetails) { return ((UserDetails) this.getPrincipal()).getUsername(); } - + if (getPrincipal() instanceof Principal) { return ((Principal)getPrincipal()).getName(); } @@ -157,12 +137,9 @@ public abstract class AbstractAuthenticationToken implements Authentication { public int hashCode() { int code = 31; - // Copy authorities to local variable for performance (SEC-223) - GrantedAuthority[] authorities = this.getAuthorities(); - if (authorities != null) { - for (int i = 0; i < authorities.length; i++) { - code ^= authorities[i].hashCode(); + for (GrantedAuthority authority : authorities) { + code ^= authority.hashCode(); } } @@ -205,15 +182,16 @@ public abstract class AbstractAuthenticationToken implements Authentication { sb.append("Authenticated: ").append(this.isAuthenticated()).append("; "); sb.append("Details: ").append(this.getDetails()).append("; "); - if (this.getAuthorities() != null) { + if (authorities != null) { sb.append("Granted Authorities: "); - for (int i = 0; i < this.getAuthorities().length; i++) { - if (i > 0) { + int i = 0; + for (GrantedAuthority authority: authorities) { + if (i++ > 0) { sb.append(", "); } - sb.append(this.getAuthorities()[i].toString()); + sb.append(authority); } } else { sb.append("Not granted any authorities"); diff --git a/core/src/main/java/org/springframework/security/providers/TestingAuthenticationToken.java b/core/src/main/java/org/springframework/security/providers/TestingAuthenticationToken.java index 40f5180545..4031c5024b 100644 --- a/core/src/main/java/org/springframework/security/providers/TestingAuthenticationToken.java +++ b/core/src/main/java/org/springframework/security/providers/TestingAuthenticationToken.java @@ -15,6 +15,9 @@ package org.springframework.security.providers; +import java.util.Arrays; +import java.util.List; + import org.springframework.security.GrantedAuthority; import org.springframework.security.util.AuthorityUtils; @@ -44,10 +47,14 @@ public class TestingAuthenticationToken extends AbstractAuthenticationToken { public TestingAuthenticationToken(Object principal, Object credentials, String... authorities) { - this(principal, credentials, AuthorityUtils.stringArrayToAuthorityArray(authorities)); + this(principal, credentials, AuthorityUtils.createAuthorityList(authorities)); } public TestingAuthenticationToken(Object principal, Object credentials, GrantedAuthority[] authorities) { + this(principal, credentials, Arrays.asList(authorities)); + } + + public TestingAuthenticationToken(Object principal, Object credentials, List authorities) { super(authorities); this.principal = principal; this.credentials = credentials; diff --git a/core/src/main/java/org/springframework/security/providers/UsernamePasswordAuthenticationToken.java b/core/src/main/java/org/springframework/security/providers/UsernamePasswordAuthenticationToken.java index 64f5fee0dc..72f8b03320 100644 --- a/core/src/main/java/org/springframework/security/providers/UsernamePasswordAuthenticationToken.java +++ b/core/src/main/java/org/springframework/security/providers/UsernamePasswordAuthenticationToken.java @@ -15,6 +15,9 @@ package org.springframework.security.providers; +import java.util.Arrays; +import java.util.List; + import org.springframework.security.GrantedAuthority; @@ -51,6 +54,13 @@ public class UsernamePasswordAuthenticationToken extends AbstractAuthenticationT setAuthenticated(false); } + /** + * @deprecated use the list of authorities version + */ + public UsernamePasswordAuthenticationToken(Object principal, Object credentials, GrantedAuthority[] authorities) { + this(principal, credentials, Arrays.asList(authorities)); + } + /** * This constructor should only be used by AuthenticationManager or AuthenticationProvider * implementations that are satisfied with producing a trusted (i.e. {@link #isAuthenticated()} = true) @@ -60,13 +70,14 @@ public class UsernamePasswordAuthenticationToken extends AbstractAuthenticationT * @param credentials * @param authorities */ - public UsernamePasswordAuthenticationToken(Object principal, Object credentials, GrantedAuthority[] authorities) { + public UsernamePasswordAuthenticationToken(Object principal, Object credentials, List authorities) { super(authorities); this.principal = principal; this.credentials = credentials; super.setAuthenticated(true); // must use super, as we override } + //~ Methods ======================================================================================================== public Object getCredentials() { diff --git a/core/src/main/java/org/springframework/security/providers/anonymous/AnonymousAuthenticationToken.java b/core/src/main/java/org/springframework/security/providers/anonymous/AnonymousAuthenticationToken.java index 4a23bb7609..c5d3c573c1 100644 --- a/core/src/main/java/org/springframework/security/providers/anonymous/AnonymousAuthenticationToken.java +++ b/core/src/main/java/org/springframework/security/providers/anonymous/AnonymousAuthenticationToken.java @@ -20,6 +20,8 @@ import org.springframework.security.GrantedAuthority; import org.springframework.security.providers.AbstractAuthenticationToken; import java.io.Serializable; +import java.util.Arrays; +import java.util.List; /** @@ -37,7 +39,11 @@ public class AnonymousAuthenticationToken extends AbstractAuthenticationToken im //~ Constructors =================================================================================================== -/** + public AnonymousAuthenticationToken(String key, Object principal, GrantedAuthority[] authorities) { + this(key, principal, Arrays.asList(authorities)); + } + + /** * Constructor. * * @param key to identify if this object made by an authorised client @@ -46,11 +52,11 @@ public class AnonymousAuthenticationToken extends AbstractAuthenticationToken im * * @throws IllegalArgumentException if a null was passed */ - public AnonymousAuthenticationToken(String key, Object principal, GrantedAuthority[] authorities) { + public AnonymousAuthenticationToken(String key, Object principal, List authorities) { super(authorities); if ((key == null) || ("".equals(key)) || (principal == null) || "".equals(principal) || (authorities == null) - || (authorities.length == 0)) { + || (authorities.isEmpty())) { throw new IllegalArgumentException("Cannot pass null or empty values to constructor"); } diff --git a/core/src/main/java/org/springframework/security/providers/jaas/JaasAuthenticationProvider.java b/core/src/main/java/org/springframework/security/providers/jaas/JaasAuthenticationProvider.java index 0f76980831..f05d309b03 100644 --- a/core/src/main/java/org/springframework/security/providers/jaas/JaasAuthenticationProvider.java +++ b/core/src/main/java/org/springframework/security/providers/jaas/JaasAuthenticationProvider.java @@ -153,12 +153,12 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, Appli //~ Methods ======================================================================================================== - public void afterPropertiesSet() throws Exception { + public void afterPropertiesSet() throws Exception { Assert.notNull(loginConfig, "loginConfig must be set on " + getClass()); Assert.hasLength(loginContextName, "loginContextName must be set on " + getClass()); configureJaas(loginConfig); - + Assert.notNull(Configuration.getConfiguration(), "As per http://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/Configuration.html " + "\"If a Configuration object was set via the Configuration.setConfiguration method, then that object is " @@ -190,10 +190,10 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, Appli loginContext.login(); //create a set to hold the authorities, and add any that have already been applied. - Set authorities = new HashSet(); + Set authorities = new HashSet(); if (request.getAuthorities() != null) { - authorities.addAll(Arrays.asList(request.getAuthorities())); + authorities.addAll(request.getAuthorities()); } //get the subject principals and pass them to each of the AuthorityGranters @@ -219,7 +219,7 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, Appli //Convert the authorities set back to an array and apply it to the token. JaasAuthenticationToken result = new JaasAuthenticationToken(request.getPrincipal(), request.getCredentials(), - (GrantedAuthority[]) authorities.toArray(new GrantedAuthority[authorities.size()]), loginContext); + (GrantedAuthority[]) authorities.toArray(new GrantedAuthority[0]), loginContext); //Publish the success event publishSuccessEvent(result); @@ -379,7 +379,7 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, Appli */ protected void publishSuccessEvent(UsernamePasswordAuthenticationToken token) { if (applicationEventPublisher != null) { - applicationEventPublisher.publishEvent(new JaasAuthenticationSuccessEvent(token)); + applicationEventPublisher.publishEvent(new JaasAuthenticationSuccessEvent(token)); } } diff --git a/core/src/main/java/org/springframework/security/providers/ldap/LdapAuthenticationProvider.java b/core/src/main/java/org/springframework/security/providers/ldap/LdapAuthenticationProvider.java index f41f9148c1..abfccb1241 100644 --- a/core/src/main/java/org/springframework/security/providers/ldap/LdapAuthenticationProvider.java +++ b/core/src/main/java/org/springframework/security/providers/ldap/LdapAuthenticationProvider.java @@ -15,6 +15,8 @@ package org.springframework.security.providers.ldap; +import java.util.List; + import org.springframework.security.Authentication; import org.springframework.security.AuthenticationException; import org.springframework.security.AuthenticationServiceException; @@ -28,6 +30,7 @@ import org.springframework.security.providers.UsernamePasswordAuthenticationToke import org.springframework.security.userdetails.UserDetails; import org.springframework.security.userdetails.ldap.LdapUserDetailsMapper; import org.springframework.security.userdetails.ldap.UserDetailsContextMapper; +import org.springframework.security.util.AuthorityUtils; import org.springframework.context.support.MessageSourceAccessor; import org.springframework.ldap.NamingException; import org.springframework.ldap.core.DirContextOperations; @@ -228,7 +231,7 @@ public class LdapAuthenticationProvider implements AuthenticationProvider { try { DirContextOperations userData = getAuthenticator().authenticate(authentication); - GrantedAuthority[] extraAuthorities = loadUserAuthorities(userData, username, password); + List extraAuthorities = loadUserAuthorities(userData, username, password); UserDetails user = userDetailsContextMapper.mapUserFromContext(userData, username, extraAuthorities); @@ -239,7 +242,7 @@ public class LdapAuthenticationProvider implements AuthenticationProvider { } } - protected GrantedAuthority[] loadUserAuthorities(DirContextOperations userData, String username, String password) { + protected List loadUserAuthorities(DirContextOperations userData, String username, String password) { return getAuthoritiesPopulator().getGrantedAuthorities(userData, username); } @@ -257,8 +260,8 @@ public class LdapAuthenticationProvider implements AuthenticationProvider { //~ Inner Classes ================================================================================================== private static class NullAuthoritiesPopulator implements LdapAuthoritiesPopulator { - public GrantedAuthority[] getGrantedAuthorities(DirContextOperations userDetails, String username) { - return new GrantedAuthority[0]; + public List getGrantedAuthorities(DirContextOperations userDetails, String username) { + return AuthorityUtils.NO_AUTHORITIES; } } } diff --git a/core/src/main/java/org/springframework/security/providers/preauth/PreAuthenticatedAuthenticationProvider.java b/core/src/main/java/org/springframework/security/providers/preauth/PreAuthenticatedAuthenticationProvider.java index 20b8d84e2b..75f9edf732 100644 --- a/core/src/main/java/org/springframework/security/providers/preauth/PreAuthenticatedAuthenticationProvider.java +++ b/core/src/main/java/org/springframework/security/providers/preauth/PreAuthenticatedAuthenticationProvider.java @@ -1,9 +1,12 @@ package org.springframework.security.providers.preauth; +import java.util.Arrays; + import org.springframework.security.providers.AuthenticationProvider; import org.springframework.security.Authentication; import org.springframework.security.AuthenticationException; import org.springframework.security.BadCredentialsException; +import org.springframework.security.GrantedAuthority; import org.springframework.security.userdetails.AuthenticationUserDetailsService; import org.springframework.security.userdetails.UserDetails; import org.springframework.security.userdetails.UserDetailsChecker; @@ -34,7 +37,7 @@ public class PreAuthenticatedAuthenticationProvider implements AuthenticationPro private static final Log logger = LogFactory.getLog(PreAuthenticatedAuthenticationProvider.class); private AuthenticationUserDetailsService preAuthenticatedUserDetailsService = null; - private UserDetailsChecker userDetailsChecker = new AccountStatusUserDetailsChecker(); + private UserDetailsChecker userDetailsChecker = new AccountStatusUserDetailsChecker(); private boolean throwExceptionWhenTokenRejected = false; private int order = -1; // default: same as non-ordered @@ -63,7 +66,7 @@ public class PreAuthenticatedAuthenticationProvider implements AuthenticationPro if (authentication.getPrincipal() == null) { logger.debug("No pre-authenticated principal found in request."); - + if (throwExceptionWhenTokenRejected) { throw new BadCredentialsException("No pre-authenticated principal found in request."); } @@ -75,16 +78,17 @@ public class PreAuthenticatedAuthenticationProvider implements AuthenticationPro if (throwExceptionWhenTokenRejected) { throw new BadCredentialsException("No pre-authenticated credentials found in request."); - } + } return null; } - + UserDetails ud = preAuthenticatedUserDetailsService.loadUserDetails(authentication); userDetailsChecker.check(ud); PreAuthenticatedAuthenticationToken result = - new PreAuthenticatedAuthenticationToken(ud, authentication.getCredentials(), ud.getAuthorities()); + new PreAuthenticatedAuthenticationToken(ud, authentication.getCredentials(), + ud.getAuthorities().toArray(new GrantedAuthority[0])); result.setDetails(authentication.getDetails()); return result; @@ -114,22 +118,22 @@ public class PreAuthenticatedAuthenticationProvider implements AuthenticationPro order = i; } - /** - * If true, causes the provider to throw a BadCredentialsException if the presented authentication - * request is invalid (contains a null principal or credentials). Otherwise it will just return + /** + * If true, causes the provider to throw a BadCredentialsException if the presented authentication + * request is invalid (contains a null principal or credentials). Otherwise it will just return * null. Defaults to false. - */ + */ public void setThrowExceptionWhenTokenRejected(boolean throwExceptionWhenTokenRejected) { this.throwExceptionWhenTokenRejected = throwExceptionWhenTokenRejected; } /** * Sets the strategy which will be used to validate the loaded UserDetails object - * for the user. Defaults to an {@link AccountStatusUserDetailsChecker}. + * for the user. Defaults to an {@link AccountStatusUserDetailsChecker}. * @param userDetailsChecker */ - public void setUserDetailsChecker(UserDetailsChecker userDetailsChecker) { - Assert.notNull(userDetailsChecker, "userDetailsChacker cannot be null"); - this.userDetailsChecker = userDetailsChecker; - } + public void setUserDetailsChecker(UserDetailsChecker userDetailsChecker) { + Assert.notNull(userDetailsChecker, "userDetailsChacker cannot be null"); + this.userDetailsChecker = userDetailsChecker; + } } diff --git a/core/src/main/java/org/springframework/security/providers/preauth/PreAuthenticatedAuthenticationToken.java b/core/src/main/java/org/springframework/security/providers/preauth/PreAuthenticatedAuthenticationToken.java index 0936adc701..8f04fb9e48 100755 --- a/core/src/main/java/org/springframework/security/providers/preauth/PreAuthenticatedAuthenticationToken.java +++ b/core/src/main/java/org/springframework/security/providers/preauth/PreAuthenticatedAuthenticationToken.java @@ -1,5 +1,8 @@ package org.springframework.security.providers.preauth; +import java.util.Arrays; +import java.util.List; + import org.springframework.security.providers.AbstractAuthenticationToken; import org.springframework.security.GrantedAuthority; @@ -37,6 +40,14 @@ public class PreAuthenticatedAuthenticationToken extends AbstractAuthenticationT this.credentials = aCredentials; } + /** + * + * @deprecated + */ + public PreAuthenticatedAuthenticationToken(Object aPrincipal, Object aCredentials, GrantedAuthority[] anAuthorities) { + this(aPrincipal, aCredentials, Arrays.asList(anAuthorities)); + } + /** * Constructor used for an authentication response. The {@link * org.springframework.security.Authentication#isAuthenticated()} will return @@ -47,7 +58,7 @@ public class PreAuthenticatedAuthenticationToken extends AbstractAuthenticationT * @param anAuthorities * The granted authorities */ - public PreAuthenticatedAuthenticationToken(Object aPrincipal, Object aCredentials, GrantedAuthority[] anAuthorities) { + public PreAuthenticatedAuthenticationToken(Object aPrincipal, Object aCredentials, List anAuthorities) { super(anAuthorities); this.principal = aPrincipal; this.credentials = aCredentials; diff --git a/core/src/main/java/org/springframework/security/providers/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsService.java b/core/src/main/java/org/springframework/security/providers/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsService.java index 537eac2674..0d6c54017d 100755 --- a/core/src/main/java/org/springframework/security/providers/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsService.java +++ b/core/src/main/java/org/springframework/security/providers/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsService.java @@ -1,5 +1,7 @@ package org.springframework.security.providers.preauth; +import java.util.List; + import org.springframework.security.userdetails.AuthenticationUserDetailsService; import org.springframework.security.userdetails.UserDetails; import org.springframework.security.userdetails.User; @@ -20,7 +22,7 @@ import org.springframework.util.Assert; * PreAuthenticatedAuthenticationProvider anyway), and the Granted Authorities * are retrieved from the details object as returned by * PreAuthenticatedAuthenticationToken.getDetails(). - * + * *

* The details object as returned by PreAuthenticatedAuthenticationToken.getDetails() must implement the * {@link GrantedAuthoritiesContainer} interface for this implementation to work. @@ -29,27 +31,27 @@ import org.springframework.util.Assert; * @since 2.0 */ public class PreAuthenticatedGrantedAuthoritiesUserDetailsService implements AuthenticationUserDetailsService { - /** - * Get a UserDetails object based on the user name contained in the given - * token, and the GrantedAuthorities as returned by the - * GrantedAuthoritiesContainer implementation as returned by - * the token.getDetails() method. - */ - public final UserDetails loadUserDetails(Authentication token) throws AuthenticationException { - Assert.notNull(token.getDetails()); - Assert.isInstanceOf(GrantedAuthoritiesContainer.class, token.getDetails()); - GrantedAuthority[] authorities = ((GrantedAuthoritiesContainer) token.getDetails()).getGrantedAuthorities(); - UserDetails ud = createuserDetails(token, authorities); - return ud; - } - - /** - * Creates the final UserDetails object. Can be overridden to customize the contents. - * - * @param token the authentication request token - * @param authorities the pre-authenticated authorities. - */ - protected UserDetails createuserDetails(Authentication token, GrantedAuthority[] authorities) { - return new User(token.getName(), "N/A", true, true, true, true, authorities); - } + /** + * Get a UserDetails object based on the user name contained in the given + * token, and the GrantedAuthorities as returned by the + * GrantedAuthoritiesContainer implementation as returned by + * the token.getDetails() method. + */ + public final UserDetails loadUserDetails(Authentication token) throws AuthenticationException { + Assert.notNull(token.getDetails()); + Assert.isInstanceOf(GrantedAuthoritiesContainer.class, token.getDetails()); + List authorities = ((GrantedAuthoritiesContainer) token.getDetails()).getGrantedAuthorities(); + UserDetails ud = createuserDetails(token, authorities); + return ud; + } + + /** + * Creates the final UserDetails object. Can be overridden to customize the contents. + * + * @param token the authentication request token + * @param authorities the pre-authenticated authorities. + */ + protected UserDetails createuserDetails(Authentication token, List authorities) { + return new User(token.getName(), "N/A", true, true, true, true, authorities); + } } diff --git a/core/src/main/java/org/springframework/security/providers/rcp/RemoteAuthenticationManagerImpl.java b/core/src/main/java/org/springframework/security/providers/rcp/RemoteAuthenticationManagerImpl.java index 45410f7b9f..f77ff295cd 100644 --- a/core/src/main/java/org/springframework/security/providers/rcp/RemoteAuthenticationManagerImpl.java +++ b/core/src/main/java/org/springframework/security/providers/rcp/RemoteAuthenticationManagerImpl.java @@ -15,6 +15,8 @@ package org.springframework.security.providers.rcp; +import java.util.List; + import org.springframework.security.AuthenticationException; import org.springframework.security.AuthenticationManager; import org.springframework.security.GrantedAuthority; @@ -27,9 +29,10 @@ import org.springframework.util.Assert; /** - * Server-side processor of a remote authentication request.

This bean requires no security interceptor to - * protect it. Instead, the bean uses the configured AuthenticationManager to resolve an authentication - * request.

+ * Server-side processor of a remote authentication request. + *

+ * This bean requires no security interceptor to protect it. Instead, the bean uses the configured + * AuthenticationManager to resolve an authentication request. * * @author Ben Alex * @version $Id$ @@ -46,11 +49,13 @@ public class RemoteAuthenticationManagerImpl implements RemoteAuthenticationMana } public GrantedAuthority[] attemptAuthentication(String username, String password) - throws RemoteAuthenticationException { + throws RemoteAuthenticationException { UsernamePasswordAuthenticationToken request = new UsernamePasswordAuthenticationToken(username, password); try { - return authenticationManager.authenticate(request).getAuthorities(); + List authorities = authenticationManager.authenticate(request).getAuthorities(); + + return authorities == null ? null : authorities.toArray(new GrantedAuthority[authorities.size()]); } catch (AuthenticationException authEx) { throw new RemoteAuthenticationException(authEx.getMessage()); } diff --git a/core/src/main/java/org/springframework/security/providers/rememberme/RememberMeAuthenticationToken.java b/core/src/main/java/org/springframework/security/providers/rememberme/RememberMeAuthenticationToken.java index 7b0c47d5e3..dad8b91b00 100644 --- a/core/src/main/java/org/springframework/security/providers/rememberme/RememberMeAuthenticationToken.java +++ b/core/src/main/java/org/springframework/security/providers/rememberme/RememberMeAuthenticationToken.java @@ -16,6 +16,8 @@ package org.springframework.security.providers.rememberme; import java.io.Serializable; +import java.util.Arrays; +import java.util.List; import org.springframework.security.GrantedAuthority; import org.springframework.security.providers.AbstractAuthenticationToken; @@ -37,6 +39,10 @@ public class RememberMeAuthenticationToken extends AbstractAuthenticationToken i //~ Constructors =================================================================================================== + public RememberMeAuthenticationToken(String key, Object principal, GrantedAuthority[] authorities) { + this(key, principal, Arrays.asList(authorities)); + } + /** * Constructor. * @@ -46,7 +52,7 @@ public class RememberMeAuthenticationToken extends AbstractAuthenticationToken i * * @throws IllegalArgumentException if a null was passed */ - public RememberMeAuthenticationToken(String key, Object principal, GrantedAuthority[] authorities) { + public RememberMeAuthenticationToken(String key, Object principal, List authorities) { super(authorities); if ((key == null) || ("".equals(key)) || (principal == null) || "".equals(principal)) { diff --git a/core/src/main/java/org/springframework/security/providers/x509/X509AuthenticationProvider.java b/core/src/main/java/org/springframework/security/providers/x509/X509AuthenticationProvider.java deleted file mode 100644 index 0dd040619c..0000000000 --- a/core/src/main/java/org/springframework/security/providers/x509/X509AuthenticationProvider.java +++ /dev/null @@ -1,133 +0,0 @@ -/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.providers.x509; - -import org.springframework.security.SpringSecurityMessageSource; -import org.springframework.security.Authentication; -import org.springframework.security.AuthenticationException; -import org.springframework.security.BadCredentialsException; - -import org.springframework.security.providers.AuthenticationProvider; -import org.springframework.security.providers.x509.cache.NullX509UserCache; - -import org.springframework.security.userdetails.UserDetails; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -import org.springframework.beans.factory.InitializingBean; - -import org.springframework.context.MessageSource; -import org.springframework.context.MessageSourceAware; -import org.springframework.context.support.MessageSourceAccessor; - -import org.springframework.util.Assert; - -import java.security.cert.X509Certificate; - - -/** - * Processes an X.509 authentication request.

The request will typically originate from {@link - * org.springframework.security.ui.x509.X509ProcessingFilter}).

- * - * @author Luke Taylor - * @deprecated superceded by the preauth provider. Use the X.509 authentication support in org.springframework.security.ui.preauth.x509 instead - * or namespace support via the <x509 /> element. - * @version $Id$ - */ -public class X509AuthenticationProvider implements AuthenticationProvider, InitializingBean, MessageSourceAware { - //~ Static fields/initializers ===================================================================================== - - private static final Log logger = LogFactory.getLog(X509AuthenticationProvider.class); - - //~ Instance fields ================================================================================================ - - protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor(); - private X509AuthoritiesPopulator x509AuthoritiesPopulator; - private X509UserCache userCache = new NullX509UserCache(); - - //~ Methods ======================================================================================================== - - public void afterPropertiesSet() throws Exception { - Assert.notNull(userCache, "An x509UserCache must be set"); - Assert.notNull(x509AuthoritiesPopulator, "An X509AuthoritiesPopulator must be set"); - Assert.notNull(this.messages, "A message source must be set"); - } - - /** - * If the supplied authentication token contains a certificate then this will be passed to the configured - * {@link X509AuthoritiesPopulator} to obtain the user details and authorities for the user identified by the - * certificate.

If no certificate is present (for example, if the filter is applied to an HttpRequest for - * which client authentication hasn't been configured in the container) then a BadCredentialsException will be - * raised.

- * - * @param authentication the authentication request. - * - * @return an X509AuthenticationToken containing the authorities of the principal represented by the certificate. - * - * @throws AuthenticationException if the {@link X509AuthoritiesPopulator} rejects the certficate. - * @throws BadCredentialsException if no certificate was presented in the authentication request. - */ - public Authentication authenticate(Authentication authentication) - throws AuthenticationException { - if (!supports(authentication.getClass())) { - return null; - } - - if (logger.isDebugEnabled()) { - logger.debug("X509 authentication request: " + authentication); - } - - X509Certificate clientCertificate = (X509Certificate) authentication.getCredentials(); - - if (clientCertificate == null) { - throw new BadCredentialsException(messages.getMessage("X509AuthenticationProvider.certificateNull", - "Certificate is null")); - } - - UserDetails user = userCache.getUserFromCache(clientCertificate); - - if (user == null) { - if (logger.isDebugEnabled()) { - logger.debug("Authenticating with certificate " + clientCertificate); - } - user = x509AuthoritiesPopulator.getUserDetails(clientCertificate); - userCache.putUserInCache(clientCertificate, user); - } - - X509AuthenticationToken result = new X509AuthenticationToken(user, clientCertificate, user.getAuthorities()); - - result.setDetails(authentication.getDetails()); - - return result; - } - - public void setMessageSource(MessageSource messageSource) { - this.messages = new MessageSourceAccessor(messageSource); - } - - public void setX509AuthoritiesPopulator(X509AuthoritiesPopulator x509AuthoritiesPopulator) { - this.x509AuthoritiesPopulator = x509AuthoritiesPopulator; - } - - public void setX509UserCache(X509UserCache cache) { - this.userCache = cache; - } - - public boolean supports(Class authentication) { - return X509AuthenticationToken.class.isAssignableFrom(authentication); - } -} diff --git a/core/src/main/java/org/springframework/security/providers/x509/X509AuthenticationToken.java b/core/src/main/java/org/springframework/security/providers/x509/X509AuthenticationToken.java deleted file mode 100644 index 0d2f6b7203..0000000000 --- a/core/src/main/java/org/springframework/security/providers/x509/X509AuthenticationToken.java +++ /dev/null @@ -1,77 +0,0 @@ -/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.providers.x509; - -import org.springframework.security.GrantedAuthority; - -import org.springframework.security.providers.AbstractAuthenticationToken; - -import java.security.cert.X509Certificate; - - -/** - * Authentication implementation for X.509 client-certificate authentication. - * - * @author Luke Taylor - * @deprecated superceded by the preauth provider. Use the X.509 authentication support in org.springframework.security.ui.preauth.x509 instead. - * @version $Id$ - */ -public class X509AuthenticationToken extends AbstractAuthenticationToken { - //~ Instance fields ================================================================================================ - - private static final long serialVersionUID = 1L; - private Object principal; - private X509Certificate credentials; - - //~ Constructors =================================================================================================== - - /** - * Used for an authentication request. The {@link org.springframework.security.Authentication#isAuthenticated()} will return - * false. - * - * @param credentials the certificate - */ - public X509AuthenticationToken(X509Certificate credentials) { - super(null); - this.credentials = credentials; - } - - /** - * Used for an authentication response object. The {@link org.springframework.security.Authentication#isAuthenticated()} - * will return true. - * - * @param principal the principal, which is generally a - * UserDetails - * @param credentials the certificate - * @param authorities the authorities - */ - public X509AuthenticationToken(Object principal, X509Certificate credentials, GrantedAuthority[] authorities) { - super(authorities); - this.principal = principal; - this.credentials = credentials; - setAuthenticated(true); - } - - //~ Methods ======================================================================================================== - - public Object getCredentials() { - return credentials; - } - - public Object getPrincipal() { - return principal; - } -} diff --git a/core/src/main/java/org/springframework/security/providers/x509/X509AuthoritiesPopulator.java b/core/src/main/java/org/springframework/security/providers/x509/X509AuthoritiesPopulator.java deleted file mode 100644 index ad37c39972..0000000000 --- a/core/src/main/java/org/springframework/security/providers/x509/X509AuthoritiesPopulator.java +++ /dev/null @@ -1,55 +0,0 @@ -/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.providers.x509; - -import org.springframework.security.AuthenticationException; - -import org.springframework.security.userdetails.UserDetails; - -import java.security.cert.X509Certificate; - - -/** - * Populates the UserDetails associated with the X.509 - * certificate presented by a client. - *

- * Although the certificate will already have been validated by the web container, - * implementations may choose to perform additional application-specific checks on - * the certificate content here. If an implementation chooses to reject the certificate, - * it should throw a {@link org.springframework.security.BadCredentialsException}. - *

- * - * @author Luke Taylor - * @deprecated - * @version $Id$ - */ -public interface X509AuthoritiesPopulator { - //~ Methods ======================================================================================================== - - /** - * Obtains the granted authorities for the specified user.

May throw any - * AuthenticationException or return null if the authorities are unavailable.

- * - * @param userCertificate the X.509 certificate supplied - * - * @return the details of the indicated user (at minimum the granted authorities and the username) - * - * @throws AuthenticationException if the user details are not available or the certificate isn't valid for the - * application's purpose. - */ - UserDetails getUserDetails(X509Certificate userCertificate) - throws AuthenticationException; -} diff --git a/core/src/main/java/org/springframework/security/providers/x509/X509UserCache.java b/core/src/main/java/org/springframework/security/providers/x509/X509UserCache.java deleted file mode 100644 index 1c413d36bb..0000000000 --- a/core/src/main/java/org/springframework/security/providers/x509/X509UserCache.java +++ /dev/null @@ -1,44 +0,0 @@ -/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.providers.x509; - -import org.springframework.security.userdetails.UserDetails; - -import java.security.cert.X509Certificate; - - -/** - * Provides a cache of {@link UserDetails} objects for the - * {@link X509AuthenticationProvider}. - *

- * Similar in function to the {@link org.springframework.security.providers.dao.UserCache} - * used by the Dao provider, but the cache is keyed with the user's certificate - * rather than the user name. - *

- * - * @author Luke Taylor - * @deprecated - * @version $Id$ - */ -public interface X509UserCache { - //~ Methods ======================================================================================================== - - UserDetails getUserFromCache(X509Certificate userCertificate); - - void putUserInCache(X509Certificate key, UserDetails user); - - void removeUserFromCache(X509Certificate key); -} diff --git a/core/src/main/java/org/springframework/security/providers/x509/cache/EhCacheBasedX509UserCache.java b/core/src/main/java/org/springframework/security/providers/x509/cache/EhCacheBasedX509UserCache.java deleted file mode 100644 index 9cbf17f4fd..0000000000 --- a/core/src/main/java/org/springframework/security/providers/x509/cache/EhCacheBasedX509UserCache.java +++ /dev/null @@ -1,109 +0,0 @@ -/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.providers.x509.cache; - -import net.sf.ehcache.CacheException; -import net.sf.ehcache.Element; -import net.sf.ehcache.Ehcache; - -import org.springframework.security.providers.x509.X509UserCache; - -import org.springframework.security.userdetails.UserDetails; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -import org.springframework.beans.factory.InitializingBean; - -import org.springframework.dao.DataRetrievalFailureException; - -import org.springframework.util.Assert; - -import java.security.cert.X509Certificate; - - -/** - * Caches User objects using a Spring IoC defined EHCACHE. - * - * @author Luke Taylor - * @author Ben Alex - * @deprecated use the X509 preauthenticated - * @version $Id$ - */ -public class EhCacheBasedX509UserCache implements X509UserCache, InitializingBean { - //~ Static fields/initializers ===================================================================================== - - private static final Log logger = LogFactory.getLog(EhCacheBasedX509UserCache.class); - - //~ Instance fields ================================================================================================ - - private Ehcache cache; - - //~ Methods ======================================================================================================== - - public void afterPropertiesSet() throws Exception { - Assert.notNull(cache, "cache is mandatory"); - } - - public UserDetails getUserFromCache(X509Certificate userCert) { - Element element = null; - - try { - element = cache.get(userCert); - } catch (CacheException cacheException) { - throw new DataRetrievalFailureException("Cache failure: " + cacheException.getMessage()); - } - - if (logger.isDebugEnabled()) { - String subjectDN = "unknown"; - - if ((userCert != null) && (userCert.getSubjectDN() != null)) { - subjectDN = userCert.getSubjectDN().toString(); - } - - logger.debug("X.509 Cache hit. SubjectDN: " + subjectDN); - } - - if (element == null) { - return null; - } else { - return (UserDetails) element.getValue(); - } - } - - public void putUserInCache(X509Certificate userCert, UserDetails user) { - Element element = new Element(userCert, user); - - if (logger.isDebugEnabled()) { - logger.debug("Cache put: " + userCert.getSubjectDN()); - } - - cache.put(element); - } - - public void removeUserFromCache(X509Certificate userCert) { - if (logger.isDebugEnabled()) { - logger.debug("Cache remove: " + userCert.getSubjectDN()); - } - - cache.remove(userCert); - } - - public void setCache(Ehcache cache) { - this.cache = cache; - } -} diff --git a/core/src/main/java/org/springframework/security/providers/x509/cache/NullX509UserCache.java b/core/src/main/java/org/springframework/security/providers/x509/cache/NullX509UserCache.java deleted file mode 100644 index c2612719b1..0000000000 --- a/core/src/main/java/org/springframework/security/providers/x509/cache/NullX509UserCache.java +++ /dev/null @@ -1,42 +0,0 @@ -/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.providers.x509.cache; - -import org.springframework.security.providers.x509.X509UserCache; - -import org.springframework.security.userdetails.UserDetails; - -import java.security.cert.X509Certificate; - - -/** - * "Cache" that doesn't do any caching. - * - * @author Luke Taylor - * @deprecated - * @version $Id$ - */ -public class NullX509UserCache implements X509UserCache { - //~ Methods ======================================================================================================== - - public UserDetails getUserFromCache(X509Certificate certificate) { - return null; - } - - public void putUserInCache(X509Certificate certificate, UserDetails user) {} - - public void removeUserFromCache(X509Certificate certificate) {} -} diff --git a/core/src/main/java/org/springframework/security/providers/x509/cache/package.html b/core/src/main/java/org/springframework/security/providers/x509/cache/package.html deleted file mode 100644 index c592e2763f..0000000000 --- a/core/src/main/java/org/springframework/security/providers/x509/cache/package.html +++ /dev/null @@ -1,5 +0,0 @@ - - -Deprecated and will be removed in a future version. Use a caching UserDetailsService instead. - - diff --git a/core/src/main/java/org/springframework/security/providers/x509/package.html b/core/src/main/java/org/springframework/security/providers/x509/package.html deleted file mode 100644 index 7000b3c528..0000000000 --- a/core/src/main/java/org/springframework/security/providers/x509/package.html +++ /dev/null @@ -1,6 +0,0 @@ - - -This package is now deprecated and will be removed in a future version. -Use the X.509 authentication support in org.springframework.security.ui.preauth.x509 instead. - - diff --git a/core/src/main/java/org/springframework/security/providers/x509/populator/DaoX509AuthoritiesPopulator.java b/core/src/main/java/org/springframework/security/providers/x509/populator/DaoX509AuthoritiesPopulator.java deleted file mode 100644 index 57998aa628..0000000000 --- a/core/src/main/java/org/springframework/security/providers/x509/populator/DaoX509AuthoritiesPopulator.java +++ /dev/null @@ -1,119 +0,0 @@ -/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.providers.x509.populator; - -import org.springframework.security.SpringSecurityMessageSource; -import org.springframework.security.AuthenticationException; -import org.springframework.security.BadCredentialsException; -import org.springframework.security.AuthenticationServiceException; - -import org.springframework.security.providers.x509.X509AuthoritiesPopulator; - -import org.springframework.security.userdetails.UserDetails; -import org.springframework.security.userdetails.UserDetailsService; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -import org.springframework.beans.factory.InitializingBean; - -import org.springframework.context.MessageSource; -import org.springframework.context.MessageSourceAware; -import org.springframework.context.support.MessageSourceAccessor; - -import org.springframework.util.Assert; - -import java.security.cert.X509Certificate; -import java.util.regex.Pattern; -import java.util.regex.Matcher; - -/** - * Populates the X509 authorities via an {@link org.springframework.security.userdetails.UserDetailsService}. - * - * @author Luke Taylor - * @deprecated This package is now deprecated. Use the X.509 authentication support in - * org.springframework.security.ui.preauth.x509 instead. - * @version $Id$ - */ -public class DaoX509AuthoritiesPopulator implements X509AuthoritiesPopulator, InitializingBean, MessageSourceAware { - //~ Static fields/initializers ===================================================================================== - - private static final Log logger = LogFactory.getLog(DaoX509AuthoritiesPopulator.class); - - //~ Instance fields ================================================================================================ - - protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor(); - private Pattern subjectDNPattern; - private String subjectDNRegex = "CN=(.*?),"; - private UserDetailsService userDetailsService; - - //~ Methods ======================================================================================================== - - public void afterPropertiesSet() throws Exception { - Assert.notNull(userDetailsService, "An authenticationDao must be set"); - Assert.notNull(this.messages, "A message source must be set"); - - subjectDNPattern = Pattern.compile(subjectDNRegex, Pattern.CASE_INSENSITIVE); - } - - public UserDetails getUserDetails(X509Certificate clientCert) throws AuthenticationException { - String subjectDN = clientCert.getSubjectDN().getName(); - - Matcher matcher = subjectDNPattern.matcher(subjectDN); - - if (!matcher.find()) { - throw new BadCredentialsException(messages.getMessage("DaoX509AuthoritiesPopulator.noMatching", - new Object[] {subjectDN}, "No matching pattern was found in subjectDN: {0}")); - } - - if (matcher.groupCount() != 1) { - throw new IllegalArgumentException("Regular expression must contain a single group "); - } - - String userName = matcher.group(1); - - UserDetails user = this.userDetailsService.loadUserByUsername(userName); - - if (user == null) { - throw new AuthenticationServiceException( - "UserDetailsService returned null, which is an interface contract violation"); - } - - return user; - } - - public void setMessageSource(MessageSource messageSource) { - this.messages = new MessageSourceAccessor(messageSource); - } - - /** - * Sets the regular expression which will by used to extract the user name from the certificate's Subject - * DN. - *

It should contain a single group; for example the default expression "CN=(.?)," matches the common - * name field. So "CN=Jimi Hendrix, OU=..." will give a user name of "Jimi Hendrix".

- *

The matches are case insensitive. So "emailAddress=(.?)," will match "EMAILADDRESS=jimi@hendrix.org, - * CN=..." giving a user name "jimi@hendrix.org"

- * - * @param subjectDNRegex the regular expression to find in the subject - */ - public void setSubjectDNRegex(String subjectDNRegex) { - this.subjectDNRegex = subjectDNRegex; - } - - public void setUserDetailsService(UserDetailsService userDetailsService) { - this.userDetailsService = userDetailsService; - } -} diff --git a/core/src/main/java/org/springframework/security/providers/x509/populator/package.html b/core/src/main/java/org/springframework/security/providers/x509/populator/package.html deleted file mode 100644 index cfda487895..0000000000 --- a/core/src/main/java/org/springframework/security/providers/x509/populator/package.html +++ /dev/null @@ -1,7 +0,0 @@ - - -This package is now deprecated and will be removed in a future version. -Use the X.509 authentication support in org.springframework.security.ui.preauth.x509 instead. -Authorities are loaded by a UserDetailsService. - - diff --git a/core/src/main/java/org/springframework/security/runas/RunAsManagerImpl.java b/core/src/main/java/org/springframework/security/runas/RunAsManagerImpl.java index 2686954fe8..df8918b5c1 100644 --- a/core/src/main/java/org/springframework/security/runas/RunAsManagerImpl.java +++ b/core/src/main/java/org/springframework/security/runas/RunAsManagerImpl.java @@ -15,8 +15,8 @@ package org.springframework.security.runas; +import java.util.ArrayList; import java.util.List; -import java.util.Vector; import org.springframework.beans.factory.InitializingBean; import org.springframework.security.Authentication; @@ -28,22 +28,23 @@ import org.springframework.util.Assert; /** - * Basic concrete implementation of a {@link RunAsManager}.

Is activated if any {@link - * ConfigAttribute#getAttribute()} is prefixed with RUN_AS_. If found, it generates a new {@link - * RunAsUserToken} containing the same principal, credentials and granted authorities as the original {@link - * Authentication} object, along with {@link GrantedAuthorityImpl}s for each RUN_AS_ indicated. The - * created GrantedAuthorityImpls will be prefixed with a special prefix indicating that it is a role - * (default prefix value is ROLE_), and then the remainder of the RUN_AS_ keyword. For - * example, RUN_AS_FOO will result in the creation of a granted authority of - * ROLE_RUN_AS_FOO. + * Basic concrete implementation of a {@link RunAsManager}. + *

+ * Is activated if any {@link ConfigAttribute#getAttribute()} is prefixed with RUN_AS_. + * If found, it generates a new {@link RunAsUserToken} containing the same principal, credentials and granted + * authorities as the original {@link Authentication} object, along with {@link GrantedAuthorityImpl}s for each + * RUN_AS_ indicated. The created GrantedAuthorityImpls will be prefixed with a special + * prefix indicating that it is a role (default prefix value is ROLE_), and then the remainder of the + * RUN_AS_ keyword. For example, RUN_AS_FOO will result in the creation of a granted + * authority of ROLE_RUN_AS_FOO. *

* The role prefix may be overriden from the default, to match that used elsewhere, for example when using an * existing role database with another prefix. An empty role prefix may also be specified. Note however that there are - * potential issues with using an empty role prefix since different categories of {@link - * org.springframework.security.ConfigAttribute} can not be properly discerned based on the prefix, with possible consequences - * when performing voting and other actions. However, this option may be of some use when using preexisting role names - * without a prefix, and no ability exists to prefix them with a role prefix on reading them in, such as provided for - * example in {@link org.springframework.security.userdetails.jdbc.JdbcDaoImpl}. + * potential issues with using an empty role prefix since different categories of {@link ConfigAttribute} can not be + * properly discerned based on the prefix, with possible consequences when performing voting and other actions. + * However, this option may be of some use when using preexisting role names without a prefix, and no ability exists to + * prefix them with a role prefix on reading them in, such as provided for example in + * {@link org.springframework.security.userdetails.jdbc.JdbcDaoImpl}. * * @author Ben Alex * @author colin sampaleanu @@ -62,12 +63,11 @@ public class RunAsManagerImpl implements RunAsManager, InitializingBean { } public Authentication buildRunAs(Authentication authentication, Object object, List config) { - List newAuthorities = new Vector(); + List newAuthorities = new ArrayList(); for(ConfigAttribute attribute : config) { if (this.supports(attribute)) { - GrantedAuthorityImpl extraAuthority = new GrantedAuthorityImpl(getRolePrefix() - + attribute.getAttribute()); + GrantedAuthority extraAuthority = new GrantedAuthorityImpl(getRolePrefix() + attribute.getAttribute()); newAuthorities.add(extraAuthority); } } @@ -76,16 +76,14 @@ public class RunAsManagerImpl implements RunAsManager, InitializingBean { return null; } + // Add existing authorities + newAuthorities.addAll(authentication.getAuthorities()); - for (int i = 0; i < authentication.getAuthorities().length; i++) { - newAuthorities.add(authentication.getAuthorities()[i]); - } - - GrantedAuthority[] resultType = {new GrantedAuthorityImpl("holder")}; - GrantedAuthority[] newAuthoritiesAsArray = (GrantedAuthority[]) newAuthorities.toArray(resultType); +// GrantedAuthority[] resultType = {new GrantedAuthorityImpl("holder")}; + GrantedAuthority[] newAuthoritiesAsArray = newAuthorities.toArray(new GrantedAuthority[0]); return new RunAsUserToken(this.key, authentication.getPrincipal(), authentication.getCredentials(), - newAuthoritiesAsArray, authentication.getClass()); + newAuthoritiesAsArray, authentication.getClass()); } public String getKey() { diff --git a/core/src/main/java/org/springframework/security/runas/RunAsUserToken.java b/core/src/main/java/org/springframework/security/runas/RunAsUserToken.java index 77db661436..6fb23e3801 100644 --- a/core/src/main/java/org/springframework/security/runas/RunAsUserToken.java +++ b/core/src/main/java/org/springframework/security/runas/RunAsUserToken.java @@ -15,6 +15,8 @@ package org.springframework.security.runas; +import java.util.Arrays; + import org.springframework.security.GrantedAuthority; import org.springframework.security.providers.AbstractAuthenticationToken; @@ -38,8 +40,8 @@ public class RunAsUserToken extends AbstractAuthenticationToken { //~ Constructors =================================================================================================== public RunAsUserToken(String key, Object principal, Object credentials, GrantedAuthority[] authorities, - Class originalAuthentication) { - super(authorities); + Class originalAuthentication) { + super(Arrays.asList(authorities)); this.keyHash = key.hashCode(); this.principal = principal; this.credentials = credentials; diff --git a/core/src/main/java/org/springframework/security/ui/preauth/PreAuthenticatedGrantedAuthoritiesAuthenticationDetails.java b/core/src/main/java/org/springframework/security/ui/preauth/PreAuthenticatedGrantedAuthoritiesAuthenticationDetails.java index f124b1ed11..2a43c0b2b8 100755 --- a/core/src/main/java/org/springframework/security/ui/preauth/PreAuthenticatedGrantedAuthoritiesAuthenticationDetails.java +++ b/core/src/main/java/org/springframework/security/ui/preauth/PreAuthenticatedGrantedAuthoritiesAuthenticationDetails.java @@ -1,6 +1,7 @@ package org.springframework.security.ui.preauth; -import java.util.Arrays; +import java.util.Collections; +import java.util.List; import org.springframework.security.GrantedAuthority; import org.springframework.security.MutableGrantedAuthoritiesContainer; @@ -10,46 +11,44 @@ import org.springframework.util.Assert; /** * This AuthenticationDetails implementation allows for storing a list of * pre-authenticated Granted Authorities. - * + * * @author Ruud Senden * @since 2.0 */ public class PreAuthenticatedGrantedAuthoritiesAuthenticationDetails extends AuthenticationDetails implements - MutableGrantedAuthoritiesContainer { - public static final long serialVersionUID = 1L; + MutableGrantedAuthoritiesContainer { + public static final long serialVersionUID = 1L; - private GrantedAuthority[] preAuthenticatedGrantedAuthorities = null; + private List preAuthenticatedGrantedAuthorities = null; - public PreAuthenticatedGrantedAuthoritiesAuthenticationDetails(Object context) { - super(context); - } + public PreAuthenticatedGrantedAuthoritiesAuthenticationDetails(Object context) { + super(context); + } - /** - * @return The String representation of this object. - */ - public String toString() { - StringBuffer sb = new StringBuffer(); - sb.append(super.toString() + "; "); - sb.append("preAuthenticatedGrantedAuthorities: " + Arrays.asList(preAuthenticatedGrantedAuthorities)); - return sb.toString(); - } + /** + * @return The String representation of this object. + */ + public String toString() { + StringBuffer sb = new StringBuffer(); + sb.append(super.toString() + "; "); + sb.append("preAuthenticatedGrantedAuthorities: " + preAuthenticatedGrantedAuthorities); + return sb.toString(); + } - /** - * - * @see org.springframework.security.GrantedAuthoritiesContainer#getGrantedAuthorities() - */ - public GrantedAuthority[] getGrantedAuthorities() { - Assert.notNull(preAuthenticatedGrantedAuthorities, "Pre-authenticated granted authorities have not been set"); - GrantedAuthority[] result = new GrantedAuthority[preAuthenticatedGrantedAuthorities.length]; - System.arraycopy(preAuthenticatedGrantedAuthorities, 0, result, 0, result.length); - return result; - } + /** + * + * @see org.springframework.security.GrantedAuthoritiesContainer#getGrantedAuthorities() + */ + public List getGrantedAuthorities() { + Assert.notNull(preAuthenticatedGrantedAuthorities, "Pre-authenticated granted authorities have not been set"); - /** - * @see org.springframework.security.MutableGrantedAuthoritiesContainer#setGrantedAuthorities() - */ - public void setGrantedAuthorities(GrantedAuthority[] aJ2eeBasedGrantedAuthorities) { - this.preAuthenticatedGrantedAuthorities = new GrantedAuthority[aJ2eeBasedGrantedAuthorities.length]; - System.arraycopy(aJ2eeBasedGrantedAuthorities, 0, preAuthenticatedGrantedAuthorities, 0, preAuthenticatedGrantedAuthorities.length); - } + return preAuthenticatedGrantedAuthorities; + } + + /** + * @see org.springframework.security.MutableGrantedAuthoritiesContainer#setGrantedAuthorities() + */ + public void setGrantedAuthorities(List aJ2eeBasedGrantedAuthorities) { + this.preAuthenticatedGrantedAuthorities = Collections.unmodifiableList(aJ2eeBasedGrantedAuthorities); + } } diff --git a/core/src/main/java/org/springframework/security/ui/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails.java b/core/src/main/java/org/springframework/security/ui/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails.java index 625cb8cdfd..355b62187f 100755 --- a/core/src/main/java/org/springframework/security/ui/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails.java +++ b/core/src/main/java/org/springframework/security/ui/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails.java @@ -1,5 +1,7 @@ package org.springframework.security.ui.preauth; +import java.util.List; + import javax.servlet.http.HttpServletRequest; import org.springframework.security.ui.WebAuthenticationDetails; @@ -25,11 +27,11 @@ public class PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails extends super(request); } - public GrantedAuthority[] getGrantedAuthorities() { + public List getGrantedAuthorities() { return authoritiesContainer.getGrantedAuthorities(); } - public void setGrantedAuthorities(GrantedAuthority[] authorities) { + public void setGrantedAuthorities(List authorities) { this.authoritiesContainer.setGrantedAuthorities(authorities); } diff --git a/core/src/main/java/org/springframework/security/ui/preauth/j2ee/AbstractPreAuthenticatedAuthenticationDetailsSource.java b/core/src/main/java/org/springframework/security/ui/preauth/j2ee/AbstractPreAuthenticatedAuthenticationDetailsSource.java index aa7e62933b..724953bb84 100644 --- a/core/src/main/java/org/springframework/security/ui/preauth/j2ee/AbstractPreAuthenticatedAuthenticationDetailsSource.java +++ b/core/src/main/java/org/springframework/security/ui/preauth/j2ee/AbstractPreAuthenticatedAuthenticationDetailsSource.java @@ -1,6 +1,8 @@ package org.springframework.security.ui.preauth.j2ee; import java.util.Arrays; +import java.util.Collection; +import java.util.List; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -14,18 +16,18 @@ import org.springframework.util.Assert; /** * Base implementation for classes scenarios where the authentication details object is used - * to store a list of authorities obtained from the context object (such as an HttpServletRequest) + * to store a list of authorities obtained from the context object (such as an HttpServletRequest) * passed to {@link #buildDetails(Object)}. *

- * - * + * + * * @author Luke Taylor * @since 2.0 */ public abstract class AbstractPreAuthenticatedAuthenticationDetailsSource extends AuthenticationDetailsSourceImpl { protected final Log logger = LogFactory.getLog(getClass()); protected String[] j2eeMappableRoles; - protected Attributes2GrantedAuthoritiesMapper j2eeUserRoles2GrantedAuthoritiesMapper = + protected Attributes2GrantedAuthoritiesMapper j2eeUserRoles2GrantedAuthoritiesMapper = new SimpleAttributes2GrantedAuthoritiesMapper(); public AbstractPreAuthenticatedAuthenticationDetailsSource() { @@ -49,29 +51,28 @@ public abstract class AbstractPreAuthenticatedAuthenticationDetailsSource extend */ public Object buildDetails(Object context) { Object result = super.buildDetails(context); - + if (result instanceof MutableGrantedAuthoritiesContainer) { - String[] j2eeUserRoles = getUserRoles(context, j2eeMappableRoles); - GrantedAuthority[] userGas = j2eeUserRoles2GrantedAuthoritiesMapper.getGrantedAuthorities(j2eeUserRoles); + Collection j2eeUserRoles = getUserRoles(context, j2eeMappableRoles); + List userGas = j2eeUserRoles2GrantedAuthoritiesMapper.getGrantedAuthorities(j2eeUserRoles); if (logger.isDebugEnabled()) { - logger.debug("J2EE user roles [" + Arrays.asList(j2eeUserRoles) + "] mapped to Granted Authorities: [" - + Arrays.asList(userGas) + "]"); + logger.debug("J2EE roles [" + j2eeUserRoles + "] mapped to Granted Authorities: [" + userGas + "]"); } - + ((MutableGrantedAuthoritiesContainer) result).setGrantedAuthorities(userGas); } return result; } - + /** * Allows the roles of the current user to be determined from the context object - * + * * @param context the context object (an HttpRequest, PortletRequest etc) * @param mappableRoles the possible roles as determined by the MappableAttributesRetriever * @return the subset of mappable roles which the current user has. */ - protected abstract String[] getUserRoles(Object context, String[] mappableRoles); + protected abstract Collection getUserRoles(Object context, String[] mappableRoles); /** * @param aJ2eeMappableRolesRetriever @@ -88,4 +89,4 @@ public abstract class AbstractPreAuthenticatedAuthenticationDetailsSource extend public void setUserRoles2GrantedAuthoritiesMapper(Attributes2GrantedAuthoritiesMapper mapper) { j2eeUserRoles2GrantedAuthoritiesMapper = mapper; } -} \ No newline at end of file +} diff --git a/core/src/main/java/org/springframework/security/ui/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.java b/core/src/main/java/org/springframework/security/ui/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.java index 8e53065593..e1bbea276a 100755 --- a/core/src/main/java/org/springframework/security/ui/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.java +++ b/core/src/main/java/org/springframework/security/ui/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.java @@ -4,6 +4,7 @@ import org.springframework.security.ui.preauth.PreAuthenticatedGrantedAuthoritie import org.springframework.security.authoritymapping.SimpleAttributes2GrantedAuthoritiesMapper; import java.util.ArrayList; +import java.util.Collection; import javax.servlet.http.HttpServletRequest; @@ -12,7 +13,7 @@ import org.springframework.beans.factory.InitializingBean; /** * Implementation of AuthenticationDetailsSource which converts the user's J2EE roles (as obtained by calling * {@link HttpServletRequest#isUserInRole(String)}) into GrantedAuthoritys and stores these in the authentication - * details object (. + * details object (. * * @author Ruud Senden * @since 2.0 @@ -24,7 +25,7 @@ public class J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource extends Abs */ public J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource() { super.setClazz(PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails.class); - + j2eeUserRoles2GrantedAuthoritiesMapper = new SimpleAttributes2GrantedAuthoritiesMapper(); } @@ -32,10 +33,10 @@ public class J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource extends Abs * Obtains the list of user roles based on the current user's J2EE roles. * * @param request The request against which isUserInRole will be called for each role name - * returned by the MappableAttributesRetriever. + * returned by the MappableAttributesRetriever. * @return GrantedAuthority[] mapped from the user's J2EE roles. */ - protected String[] getUserRoles(Object context, String[] mappableRoles) { + protected Collection getUserRoles(Object context, String[] mappableRoles) { ArrayList j2eeUserRolesList = new ArrayList(); for (int i = 0; i < mappableRoles.length; i++) { @@ -43,7 +44,7 @@ public class J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource extends Abs j2eeUserRolesList.add(mappableRoles[i]); } } - - return (String[]) j2eeUserRolesList.toArray(new String[j2eeUserRolesList.size()]); + + return j2eeUserRolesList; } } diff --git a/core/src/main/java/org/springframework/security/ui/preauth/websphere/WebSpherePreAuthenticatedAuthenticationDetailsSource.java b/core/src/main/java/org/springframework/security/ui/preauth/websphere/WebSpherePreAuthenticatedAuthenticationDetailsSource.java index 8da44edaa2..1ec117a43e 100755 --- a/core/src/main/java/org/springframework/security/ui/preauth/websphere/WebSpherePreAuthenticatedAuthenticationDetailsSource.java +++ b/core/src/main/java/org/springframework/security/ui/preauth/websphere/WebSpherePreAuthenticatedAuthenticationDetailsSource.java @@ -1,6 +1,7 @@ package org.springframework.security.ui.preauth.websphere; import java.util.Arrays; +import java.util.List; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -17,70 +18,70 @@ import org.springframework.util.Assert; * This AuthenticationDetailsSource implementation, when configured with a MutableGrantedAuthoritiesContainer, * will set the pre-authenticated granted authorities based on the WebSphere groups for the current WebSphere * user, mapped using the configured Attributes2GrantedAuthoritiesMapper. - * + * * By default, this class is configured to build instances of the * PreAuthenticatedGrantedAuthoritiesAuthenticationDetails class. - * + * * @author Ruud Senden */ public class WebSpherePreAuthenticatedAuthenticationDetailsSource extends AuthenticationDetailsSourceImpl implements InitializingBean { - private static final Log LOG = LogFactory.getLog(WebSpherePreAuthenticatedAuthenticationDetailsSource.class); + private final Log logger = LogFactory.getLog(getClass()); - private Attributes2GrantedAuthoritiesMapper webSphereGroups2GrantedAuthoritiesMapper = new SimpleAttributes2GrantedAuthoritiesMapper(); + private Attributes2GrantedAuthoritiesMapper webSphereGroups2GrantedAuthoritiesMapper = new SimpleAttributes2GrantedAuthoritiesMapper(); - /** - * Public constructor which overrides the default AuthenticationDetails - * class to be used. - */ - public WebSpherePreAuthenticatedAuthenticationDetailsSource() { - super.setClazz(PreAuthenticatedGrantedAuthoritiesAuthenticationDetails.class); - } + /** + * Public constructor which overrides the default AuthenticationDetails + * class to be used. + */ + public WebSpherePreAuthenticatedAuthenticationDetailsSource() { + super.setClazz(PreAuthenticatedGrantedAuthoritiesAuthenticationDetails.class); + } - /** - * Check that all required properties have been set. - */ - public void afterPropertiesSet() throws Exception { - Assert.notNull(webSphereGroups2GrantedAuthoritiesMapper, "WebSphere groups to granted authorities mapper not set"); - } + /** + * Check that all required properties have been set. + */ + public void afterPropertiesSet() throws Exception { + Assert.notNull(webSphereGroups2GrantedAuthoritiesMapper, "WebSphere groups to granted authorities mapper not set"); + } - /** - * Build the authentication details object. If the speficied authentication - * details class implements the PreAuthenticatedGrantedAuthoritiesSetter, a - * list of pre-authenticated Granted Authorities will be set based on the - * WebSphere groups for the current user. - * - * @see org.springframework.security.ui.AuthenticationDetailsSource#buildDetails(Object) - */ - public Object buildDetails(Object context) { - Object result = super.buildDetails(context); - if (result instanceof MutableGrantedAuthoritiesContainer) { - ((MutableGrantedAuthoritiesContainer) result) - .setGrantedAuthorities(getWebSphereGroupsBasedGrantedAuthorities()); - } - return result; - } + /** + * Build the authentication details object. If the specified authentication + * details class implements the PreAuthenticatedGrantedAuthoritiesSetter, a + * list of pre-authenticated Granted Authorities will be set based on the + * WebSphere groups for the current user. + * + * @see org.springframework.security.ui.AuthenticationDetailsSource#buildDetails(Object) + */ + public Object buildDetails(Object context) { + Object result = super.buildDetails(context); + if (result instanceof MutableGrantedAuthoritiesContainer) { + ((MutableGrantedAuthoritiesContainer) result) + .setGrantedAuthorities(getWebSphereGroupsBasedGrantedAuthorities()); + } + return result; + } - /** - * Get a list of Granted Authorities based on the current user's WebSphere groups. - * - * @return GrantedAuthority[] mapped from the user's WebSphere groups. - */ - private GrantedAuthority[] getWebSphereGroupsBasedGrantedAuthorities() { - String[] webSphereGroups = WASSecurityHelper.getGroupsForCurrentUser(); - GrantedAuthority[] userGas = webSphereGroups2GrantedAuthoritiesMapper.getGrantedAuthorities(webSphereGroups); - if (LOG.isDebugEnabled()) { - LOG.debug("WebSphere groups: " + Arrays.asList(webSphereGroups) + " mapped to Granted Authorities: " - + Arrays.asList(userGas)); - } - return userGas; - } + /** + * Get a list of Granted Authorities based on the current user's WebSphere groups. + * + * @return GrantedAuthority[] mapped from the user's WebSphere groups. + */ + private List getWebSphereGroupsBasedGrantedAuthorities() { + List webSphereGroups = Arrays.asList(WASSecurityHelper.getGroupsForCurrentUser()); + List userGas = webSphereGroups2GrantedAuthoritiesMapper.getGrantedAuthorities(webSphereGroups); + if (logger.isDebugEnabled()) { + logger.debug("WebSphere groups: " + webSphereGroups + " mapped to Granted Authorities: " + + Arrays.asList(userGas)); + } + return userGas; + } - /** - * @param mapper - * The Attributes2GrantedAuthoritiesMapper to use - */ - public void setWebSphereGroups2GrantedAuthoritiesMapper(Attributes2GrantedAuthoritiesMapper mapper) { - webSphereGroups2GrantedAuthoritiesMapper = mapper; - } + /** + * @param mapper + * The Attributes2GrantedAuthoritiesMapper to use + */ + public void setWebSphereGroups2GrantedAuthoritiesMapper(Attributes2GrantedAuthoritiesMapper mapper) { + webSphereGroups2GrantedAuthoritiesMapper = mapper; + } } diff --git a/core/src/main/java/org/springframework/security/ui/switchuser/SwitchUserProcessingFilter.java b/core/src/main/java/org/springframework/security/ui/switchuser/SwitchUserProcessingFilter.java index 0c1f589844..4a28e3de05 100644 --- a/core/src/main/java/org/springframework/security/ui/switchuser/SwitchUserProcessingFilter.java +++ b/core/src/main/java/org/springframework/security/ui/switchuser/SwitchUserProcessingFilter.java @@ -240,7 +240,7 @@ public class SwitchUserProcessingFilter extends SpringSecurityFilter implements GrantedAuthority switchAuthority = new SwitchUserGrantedAuthority(ROLE_PREVIOUS_ADMINISTRATOR, currentAuth); // get the original authorities - List orig = Arrays.asList(targetUser.getAuthorities()); + List orig = targetUser.getAuthorities(); // Allow subclasses to change the authorities to be granted if (switchUserAuthorityChanger != null) { @@ -251,11 +251,8 @@ public class SwitchUserProcessingFilter extends SpringSecurityFilter implements List newAuths = new ArrayList(orig); newAuths.add(switchAuthority); - GrantedAuthority[] authorities = - (GrantedAuthority[]) newAuths.toArray(new GrantedAuthority[newAuths.size()]); - // create the new authentication token - targetUserRequest = new UsernamePasswordAuthenticationToken(targetUser, targetUser.getPassword(), authorities); + targetUserRequest = new UsernamePasswordAuthenticationToken(targetUser, targetUser.getPassword(), newAuths); // set details targetUserRequest.setDetails(authenticationDetailsSource.buildDetails(request)); @@ -304,7 +301,7 @@ public class SwitchUserProcessingFilter extends SpringSecurityFilter implements logger.debug("Switch User failed", failed); if (switchFailureUrl != null) { - sendRedirect(request, response, switchFailureUrl); + sendRedirect(request, response, switchFailureUrl); } else { response.getWriter().print("Switch user failed: " + failed.getMessage()); response.flushBuffer(); @@ -330,12 +327,12 @@ public class SwitchUserProcessingFilter extends SpringSecurityFilter implements Authentication original = null; // iterate over granted authorities and find the 'switch user' authority - GrantedAuthority[] authorities = current.getAuthorities(); + List authorities = current.getAuthorities(); - for (int i = 0; i < authorities.length; i++) { + for (GrantedAuthority auth : authorities) { // check for switch user type of authority - if (authorities[i] instanceof SwitchUserGrantedAuthority) { - original = ((SwitchUserGrantedAuthority) authorities[i]).getSource(); + if (auth instanceof SwitchUserGrantedAuthority) { + original = ((SwitchUserGrantedAuthority) auth).getSource(); logger.debug("Found original switch user granted authority [" + original + "]"); } } diff --git a/core/src/main/java/org/springframework/security/ui/x509/X509ProcessingFilter.java b/core/src/main/java/org/springframework/security/ui/x509/X509ProcessingFilter.java deleted file mode 100644 index 58b5a13999..0000000000 --- a/core/src/main/java/org/springframework/security/ui/x509/X509ProcessingFilter.java +++ /dev/null @@ -1,210 +0,0 @@ -/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.ui.x509; - -import org.springframework.security.Authentication; -import org.springframework.security.AuthenticationException; -import org.springframework.security.AuthenticationManager; - -import org.springframework.security.context.SecurityContextHolder; - -import org.springframework.security.event.authentication.InteractiveAuthenticationSuccessEvent; - -import org.springframework.security.providers.x509.X509AuthenticationToken; - -import org.springframework.security.ui.AbstractProcessingFilter; -import org.springframework.security.ui.AuthenticationDetailsSource; -import org.springframework.security.ui.WebAuthenticationDetailsSource; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -import org.springframework.beans.factory.InitializingBean; - -import org.springframework.context.ApplicationEventPublisher; -import org.springframework.context.ApplicationEventPublisherAware; - -import org.springframework.util.Assert; - -import java.io.IOException; - -import java.security.cert.X509Certificate; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.Filter; -import javax.servlet.ServletRequest; -import javax.servlet.ServletException; -import javax.servlet.FilterChain; -import javax.servlet.ServletResponse; -import javax.servlet.FilterConfig; - - -/** - * Processes the X.509 certificate submitted by a client browser when HTTPS is used with client-authentication - * enabled.

An {@link X509AuthenticationToken} is created with the certificate as the credentials.

- *

The configured authentication manager is expected to supply a provider which can handle this token (usually - * an instance of {@link org.springframework.security.providers.x509.X509AuthenticationProvider}).

- *

If authentication is successful, an {@link - * org.springframework.security.event.authentication.InteractiveAuthenticationSuccessEvent} will be published to the application - * context. No events will be published if authentication was unsuccessful, because this would generally be recorded - * via an AuthenticationManager-specific application event.

- * - * @author Luke Taylor - * @deprecated Use X509PreAuthenticatedProcessingFilter from the preauth.x509 package instead - * @version $Id$ - */ -public class X509ProcessingFilter implements Filter, InitializingBean, ApplicationEventPublisherAware { - //~ Static fields/initializers ===================================================================================== - - private static final Log logger = LogFactory.getLog(X509ProcessingFilter.class); - - //~ Instance fields ================================================================================================ - - private ApplicationEventPublisher eventPublisher; - private AuthenticationDetailsSource authenticationDetailsSource = new WebAuthenticationDetailsSource(); - private AuthenticationManager authenticationManager; - - //~ Methods ======================================================================================================== - - public void afterPropertiesSet() throws Exception { - Assert.notNull(authenticationManager, "An AuthenticationManager must be set"); - } - - public void destroy() {} - - /** - * This method first checks for an existing, non-null authentication in the secure context. If one is found - * it does nothing.

If no authentication object exists, it attempts to obtain the client authentication - * certificate from the request. If there is no certificate present then authentication is skipped. Otherwise a - * new authentication request containing the certificate will be passed to the configured {@link - * AuthenticationManager}.

- *

If authentication is successful the returned token will be stored in the secure context. Otherwise - * it will be set to null. In either case, the request proceeds through the filter chain.

- * - * @param request DOCUMENT ME! - * @param response DOCUMENT ME! - * @param filterChain DOCUMENT ME! - * - * @throws IOException DOCUMENT ME! - * @throws javax.servlet.ServletException DOCUMENT ME! - */ - public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) - throws IOException, ServletException { - if (!(request instanceof HttpServletRequest)) { - throw new ServletException("Can only process HttpServletRequest"); - } - - if (!(response instanceof HttpServletResponse)) { - throw new ServletException("Can only process HttpServletResponse"); - } - - HttpServletRequest httpRequest = (HttpServletRequest) request; - HttpServletResponse httpResponse = (HttpServletResponse) response; - - if (logger.isDebugEnabled()) { - logger.debug("Checking secure context token: " + SecurityContextHolder.getContext().getAuthentication()); - } - - if (SecurityContextHolder.getContext().getAuthentication() == null) { - Authentication authResult = null; - X509Certificate clientCertificate = extractClientCertificate(httpRequest); - - try { - X509AuthenticationToken authRequest = new X509AuthenticationToken(clientCertificate); - - authRequest.setDetails(authenticationDetailsSource.buildDetails((HttpServletRequest) request)); - authResult = authenticationManager.authenticate(authRequest); - successfulAuthentication(httpRequest, httpResponse, authResult); - } catch (AuthenticationException failed) { - unsuccessfulAuthentication(httpRequest, httpResponse, failed); - } - } - - filterChain.doFilter(request, response); - } - - private X509Certificate extractClientCertificate(HttpServletRequest request) { - X509Certificate[] certs = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate"); - - if ((certs != null) && (certs.length > 0)) { - return certs[0]; - } - - if (logger.isDebugEnabled()) { - logger.debug("No client certificate found in request."); - } - - return null; - } - - public void init(FilterConfig ignored) throws ServletException {} - - public void setApplicationEventPublisher(ApplicationEventPublisher context) { - this.eventPublisher = context; - } - - public void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource) { - Assert.notNull(authenticationDetailsSource, "AuthenticationDetailsSource required"); - this.authenticationDetailsSource = authenticationDetailsSource; - } - - public void setAuthenticationManager(AuthenticationManager authenticationManager) { - this.authenticationManager = authenticationManager; - } - - /** - * Puts the Authentication instance returned by the authentication manager into the secure - * context. - * - * @param request DOCUMENT ME! - * @param response DOCUMENT ME! - * @param authResult DOCUMENT ME! - * - * @throws IOException DOCUMENT ME! - */ - protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, - Authentication authResult) throws IOException { - if (logger.isDebugEnabled()) { - logger.debug("Authentication success: " + authResult); - } - - SecurityContextHolder.getContext().setAuthentication(authResult); - - // Fire event - if (this.eventPublisher != null) { - eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(authResult, this.getClass())); - } - } - - /** - * Ensures the authentication object in the secure context is set to null when authentication fails. - * - * @param request DOCUMENT ME! - * @param response DOCUMENT ME! - * @param failed DOCUMENT ME! - */ - protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, - AuthenticationException failed) { - SecurityContextHolder.getContext().setAuthentication(null); - - if (logger.isDebugEnabled()) { - logger.debug("Updated SecurityContextHolder to contain null Authentication"); - } - - request.getSession().setAttribute(AbstractProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY, failed); - } -} diff --git a/core/src/main/java/org/springframework/security/ui/x509/X509ProcessingFilterEntryPoint.java b/core/src/main/java/org/springframework/security/ui/x509/X509ProcessingFilterEntryPoint.java deleted file mode 100644 index d3b2cffa8d..0000000000 --- a/core/src/main/java/org/springframework/security/ui/x509/X509ProcessingFilterEntryPoint.java +++ /dev/null @@ -1,77 +0,0 @@ -/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.ui.x509; - -import java.io.IOException; - -import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; -import javax.servlet.http.HttpServletResponse; - -import org.springframework.security.AuthenticationException; -import org.springframework.security.ui.AuthenticationEntryPoint; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -/** - * In the X.509 authentication case (unlike CAS, for example) the certificate - * will already have been extracted from the request and a secure context - * established by the time the security-enforcement filter is invoked. - *

- * Therefore this class isn't actually responsible for the commencement of - * authentication, as it is in the case of other providers. It will be called if - * the certificate was rejected by Spring Security's X509AuthenticationProvider, resulting - * in a null authentication. - *

- * The commence method will always return an - * HttpServletResponse.SC_FORBIDDEN (403 error). - * - * @author Luke Taylor - * @deprecated Use the preauth package instead - * @version $Id$ - * - * @see org.springframework.security.ui.ExceptionTranslationFilter - */ -public class X509ProcessingFilterEntryPoint implements AuthenticationEntryPoint { - // ~ Static fields/initializers - // ===================================================================================== - - private static final Log logger = LogFactory.getLog(X509ProcessingFilterEntryPoint.class); - - // ~ Methods - // ======================================================================================================== - - /** - * Returns a 403 error code to the client. - * - * @param request DOCUMENT ME! - * @param response DOCUMENT ME! - * @param authException DOCUMENT ME! - * - * @throws IOException DOCUMENT ME! - * @throws ServletException DOCUMENT ME! - */ - public void commence(ServletRequest request, ServletResponse response, AuthenticationException authException) - throws IOException, ServletException { - if (logger.isDebugEnabled()) { - logger.debug("X509 entry point called. Rejecting access"); - } - - HttpServletResponse httpResponse = (HttpServletResponse) response; - httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN, "Access Denied"); - } -} diff --git a/core/src/main/java/org/springframework/security/ui/x509/package.html b/core/src/main/java/org/springframework/security/ui/x509/package.html deleted file mode 100644 index 7000b3c528..0000000000 --- a/core/src/main/java/org/springframework/security/ui/x509/package.html +++ /dev/null @@ -1,6 +0,0 @@ - - -This package is now deprecated and will be removed in a future version. -Use the X.509 authentication support in org.springframework.security.ui.preauth.x509 instead. - - diff --git a/core/src/main/java/org/springframework/security/userdetails/GroupManager.java b/core/src/main/java/org/springframework/security/userdetails/GroupManager.java index f7664ad292..81b12b9551 100644 --- a/core/src/main/java/org/springframework/security/userdetails/GroupManager.java +++ b/core/src/main/java/org/springframework/security/userdetails/GroupManager.java @@ -1,5 +1,7 @@ package org.springframework.security.userdetails; +import java.util.List; + import org.springframework.security.GrantedAuthority; /** @@ -36,7 +38,7 @@ public interface GroupManager { * @param groupName the name for the new group * @param authorities the authorities which are to be allocated to this group. */ - void createGroup(String groupName, GrantedAuthority[] authorities); + void createGroup(String groupName, List authorities); /** * Removes a group, including all members and authorities. @@ -69,7 +71,7 @@ public interface GroupManager { /** * Obtains the list of authorities which are assigned to a group. */ - GrantedAuthority[] findGroupAuthorities(String groupName); + List findGroupAuthorities(String groupName); /** * Assigns a new authority to a group. diff --git a/core/src/main/java/org/springframework/security/userdetails/User.java b/core/src/main/java/org/springframework/security/userdetails/User.java index 1942d751a5..944cbd8c2f 100644 --- a/core/src/main/java/org/springframework/security/userdetails/User.java +++ b/core/src/main/java/org/springframework/security/userdetails/User.java @@ -15,13 +15,16 @@ package org.springframework.security.userdetails; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collections; +import java.util.List; import java.util.SortedSet; import java.util.TreeSet; import org.springframework.security.GrantedAuthority; import org.springframework.util.Assert; - /** * Models core user information retieved by an {@link UserDetailsService}.

Implemented with value object * semantics (immutable after construction, like a String). Developers may use this class directly, @@ -36,7 +39,7 @@ public class User implements UserDetails { private static final long serialVersionUID = 1L; private String password; private String username; - private GrantedAuthority[] authorities; + private List authorities; private boolean accountNonExpired; private boolean accountNonLocked; private boolean credentialsNonExpired; @@ -45,58 +48,12 @@ public class User implements UserDetails { //~ Constructors =================================================================================================== /** - * Construct the User with the details required by - * {@link org.springframework.security.providers.dao.DaoAuthenticationProvider}. - * - * @param username the username presented to the - * DaoAuthenticationProvider - * @param password the password that should be presented to the - * DaoAuthenticationProvider - * @param enabled set to true if the user is enabled - * @param authorities the authorities that should be granted to the caller - * if they presented the correct username and password and the user - * is enabled - * - * @throws IllegalArgumentException if a null value was passed - * either as a parameter or as an element in the - * GrantedAuthority[] array - * - * @deprecated use new constructor with extended properties (this - * constructor will be removed from release 1.0.0) - */ - public User(String username, String password, boolean enabled, GrantedAuthority[] authorities) - throws IllegalArgumentException { - this(username, password, enabled, true, true, authorities); - } - - /** - * Construct the User with the details required by - * {@link org.springframework.security.providers.dao.DaoAuthenticationProvider}. - * - * @param username the username presented to the - * DaoAuthenticationProvider - * @param password the password that should be presented to the - * DaoAuthenticationProvider - * @param enabled set to true if the user is enabled - * @param accountNonExpired set to true if the account has not - * expired - * @param credentialsNonExpired set to true if the credentials - * have not expired - * @param authorities the authorities that should be granted to the caller - * if they presented the correct username and password and the user - * is enabled - * - * @throws IllegalArgumentException if a null value was passed - * either as a parameter or as an element in the - * GrantedAuthority[] array - * - * @deprecated use new constructor with extended properties (this - * constructor will be removed from release 1.0.0) + * @deprecated */ public User(String username, String password, boolean enabled, boolean accountNonExpired, - boolean credentialsNonExpired, GrantedAuthority[] authorities) - throws IllegalArgumentException { - this(username, password, enabled, accountNonExpired, credentialsNonExpired, true, authorities); + boolean credentialsNonExpired, boolean accountNonLocked, GrantedAuthority[] authorities) { + this(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, + authorities == null ? null : Arrays.asList(authorities)); } /** @@ -123,8 +80,8 @@ public class User implements UserDetails { * GrantedAuthority[] array */ public User(String username, String password, boolean enabled, boolean accountNonExpired, - boolean credentialsNonExpired, boolean accountNonLocked, GrantedAuthority[] authorities) - throws IllegalArgumentException { + boolean credentialsNonExpired, boolean accountNonLocked, List authorities) { + if (((username == null) || "".equals(username)) || (password == null)) { throw new IllegalArgumentException("Cannot pass null or empty values to constructor"); } @@ -149,16 +106,10 @@ public class User implements UserDetails { // We rely on constructor to guarantee any User has non-null and >0 // authorities - if (user.getAuthorities().length != this.getAuthorities().length) { + if (!authorities.equals(user.authorities)) { return false; } - for (int i = 0; i < this.getAuthorities().length; i++) { - if (!this.getAuthorities()[i].equals(user.getAuthorities()[i])) { - return false; - } - } - // We rely on constructor to guarantee non-null username and password return (this.getPassword().equals(user.getPassword()) && this.getUsername().equals(user.getUsername()) && (this.isAccountNonExpired() == user.isAccountNonExpired()) @@ -167,7 +118,7 @@ public class User implements UserDetails { && (this.isEnabled() == user.isEnabled())); } - public GrantedAuthority[] getAuthorities() { + public List getAuthorities() { return authorities; } @@ -183,8 +134,8 @@ public class User implements UserDetails { int code = 9792; if (this.getAuthorities() != null) { - for (int i = 0; i < this.getAuthorities().length; i++) { - code = code * (this.getAuthorities()[i].hashCode() % 7); + for (int i = 0; i < this.getAuthorities().size(); i++) { + code = code * (authorities.get(i).hashCode() % 7); } } @@ -231,17 +182,20 @@ public class User implements UserDetails { return enabled; } - protected void setAuthorities(GrantedAuthority[] authorities) { + protected void setAuthorities(List authorities) { Assert.notNull(authorities, "Cannot pass a null GrantedAuthority array"); // Ensure array iteration order is predictable (as per UserDetails.getAuthorities() contract and SEC-xxx) - SortedSet sorter = new TreeSet(); - for (int i = 0; i < authorities.length; i++) { - Assert.notNull(authorities[i], - "Granted authority element " + i + " is null - GrantedAuthority[] cannot contain any null elements"); - sorter.add(authorities[i]); + SortedSet sorter = new TreeSet(); + + for (GrantedAuthority grantedAuthority : authorities) { + Assert.notNull(grantedAuthority, "GrantedAuthority list cannot contain any null elements"); + sorter.add(grantedAuthority); } - - this.authorities = (GrantedAuthority[]) sorter.toArray(new GrantedAuthority[sorter.size()]); + + List sortedAuthorities = new ArrayList(sorter.size()); + sortedAuthorities.addAll(sorter); + + this.authorities = Collections.unmodifiableList(sortedAuthorities); } public String toString() { @@ -257,12 +211,12 @@ public class User implements UserDetails { if (this.getAuthorities() != null) { sb.append("Granted Authorities: "); - for (int i = 0; i < this.getAuthorities().length; i++) { + for (int i = 0; i < authorities.size(); i++) { if (i > 0) { sb.append(", "); } - sb.append(this.getAuthorities()[i].toString()); + sb.append(authorities.get(i)); } } else { sb.append("Not granted any authorities"); diff --git a/core/src/main/java/org/springframework/security/userdetails/UserDetails.java b/core/src/main/java/org/springframework/security/userdetails/UserDetails.java index 8c4efa0b25..5d8a999f05 100644 --- a/core/src/main/java/org/springframework/security/userdetails/UserDetails.java +++ b/core/src/main/java/org/springframework/security/userdetails/UserDetails.java @@ -19,6 +19,7 @@ import org.springframework.security.Authentication; import org.springframework.security.GrantedAuthority; import java.io.Serializable; +import java.util.List; /** @@ -56,7 +57,7 @@ public interface UserDetails extends Serializable { * * @return the authorities, sorted by natural key (never null) */ - GrantedAuthority[] getAuthorities(); + List getAuthorities(); /** * Returns the password used to authenticate the user. Cannot return null. diff --git a/core/src/main/java/org/springframework/security/userdetails/hierarchicalroles/RoleHierarchy.java b/core/src/main/java/org/springframework/security/userdetails/hierarchicalroles/RoleHierarchy.java index cb3a95807c..8cae4ca393 100755 --- a/core/src/main/java/org/springframework/security/userdetails/hierarchicalroles/RoleHierarchy.java +++ b/core/src/main/java/org/springframework/security/userdetails/hierarchicalroles/RoleHierarchy.java @@ -14,6 +14,8 @@ package org.springframework.security.userdetails.hierarchicalroles; +import java.util.List; + import org.springframework.security.GrantedAuthority; /** @@ -37,6 +39,6 @@ public interface RoleHierarchy { * @param authorities - Array of the directly assigned authorities. * @return Array of all reachable authorities given the assigned authorities. */ - public GrantedAuthority[] getReachableGrantedAuthorities(GrantedAuthority[] authorities); + public List getReachableGrantedAuthorities(List authorities); } diff --git a/core/src/main/java/org/springframework/security/userdetails/hierarchicalroles/RoleHierarchyImpl.java b/core/src/main/java/org/springframework/security/userdetails/hierarchicalroles/RoleHierarchyImpl.java index 76782d66c0..b693117e2b 100755 --- a/core/src/main/java/org/springframework/security/userdetails/hierarchicalroles/RoleHierarchyImpl.java +++ b/core/src/main/java/org/springframework/security/userdetails/hierarchicalroles/RoleHierarchyImpl.java @@ -98,27 +98,30 @@ public class RoleHierarchyImpl implements RoleHierarchy { buildRolesReachableInOneOrMoreStepsMap(); } - public GrantedAuthority[] getReachableGrantedAuthorities(GrantedAuthority[] authorities) { - if (authorities == null || authorities.length == 0) { + public List getReachableGrantedAuthorities(List authorities) { + if (authorities == null || authorities.isEmpty()) { return null; } - Set reachableRoles = new HashSet(); + Set reachableRoles = new HashSet(); - for (int i = 0; i < authorities.length; i++) { - reachableRoles.add(authorities[i]); - Set additionalReachableRoles = (Set) rolesReachableInOneOrMoreStepsMap.get(authorities[i]); + for (GrantedAuthority authority : authorities) { + reachableRoles.add(authority); + Set additionalReachableRoles = (Set) rolesReachableInOneOrMoreStepsMap.get(authority); if (additionalReachableRoles != null) { reachableRoles.addAll(additionalReachableRoles); } } if (logger.isDebugEnabled()) { - logger.debug("getReachableGrantedAuthorities() - From the roles " + Arrays.asList(authorities) + logger.debug("getReachableGrantedAuthorities() - From the roles " + authorities + " one can reach " + reachableRoles + " in zero or more steps."); } - return (GrantedAuthority[]) reachableRoles.toArray(new GrantedAuthority[reachableRoles.size()]); + List reachableRoleList = new ArrayList(reachableRoles.size()); + reachableRoleList.addAll(reachableRoles); + + return reachableRoleList; } /** diff --git a/core/src/main/java/org/springframework/security/userdetails/hierarchicalroles/UserDetailsWrapper.java b/core/src/main/java/org/springframework/security/userdetails/hierarchicalroles/UserDetailsWrapper.java index 0471c4c3ca..f9a4b678f0 100755 --- a/core/src/main/java/org/springframework/security/userdetails/hierarchicalroles/UserDetailsWrapper.java +++ b/core/src/main/java/org/springframework/security/userdetails/hierarchicalroles/UserDetailsWrapper.java @@ -14,6 +14,8 @@ package org.springframework.security.userdetails.hierarchicalroles; +import java.util.List; + import org.springframework.security.GrantedAuthority; import org.springframework.security.userdetails.UserDetails; @@ -46,7 +48,7 @@ public class UserDetailsWrapper implements UserDetails { return userDetails.isAccountNonLocked(); } - public GrantedAuthority[] getAuthorities() { + public List getAuthorities() { return roleHierarchy.getReachableGrantedAuthorities(userDetails.getAuthorities()); } diff --git a/core/src/main/java/org/springframework/security/userdetails/jdbc/JdbcUserDetailsManager.java b/core/src/main/java/org/springframework/security/userdetails/jdbc/JdbcUserDetailsManager.java index 52cd25ec4b..ff99ddf3fb 100644 --- a/core/src/main/java/org/springframework/security/userdetails/jdbc/JdbcUserDetailsManager.java +++ b/core/src/main/java/org/springframework/security/userdetails/jdbc/JdbcUserDetailsManager.java @@ -134,12 +134,12 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa public void createUser(final UserDetails user) { validateUserDetails(user); getJdbcTemplate().update(createUserSql, new PreparedStatementSetter() { - public void setValues(PreparedStatement ps) throws SQLException { - ps.setString(1, user.getUsername()); - ps.setString(2, user.getPassword()); - ps.setBoolean(3, user.isEnabled()); - } - + public void setValues(PreparedStatement ps) throws SQLException { + ps.setString(1, user.getUsername()); + ps.setString(2, user.getPassword()); + ps.setBoolean(3, user.isEnabled()); + } + }); insertUserAuthorities(user); @@ -148,11 +148,11 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa public void updateUser(final UserDetails user) { validateUserDetails(user); getJdbcTemplate().update(updateUserSql, new PreparedStatementSetter() { - public void setValues(PreparedStatement ps) throws SQLException { - ps.setString(1, user.getPassword()); - ps.setBoolean(2, user.isEnabled()); - ps.setString(3, user.getUsername()); - } + public void setValues(PreparedStatement ps) throws SQLException { + ps.setString(1, user.getPassword()); + ps.setBoolean(2, user.isEnabled()); + ps.setString(3, user.getUsername()); + } }); deleteUserAuthorities(user.getUsername()); @@ -162,9 +162,9 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa } private void insertUserAuthorities(UserDetails user) { - for (int i=0; i < user.getAuthorities().length; i++) { - getJdbcTemplate().update(createAuthoritySql, - new Object[] {user.getUsername(), user.getAuthorities()[i].getAuthority()}); + for (int i=0; i < user.getAuthorities().size(); i++) { + getJdbcTemplate().update(createAuthoritySql, + new Object[] {user.getUsername(), user.getAuthorities().get(i).getAuthority()}); } } @@ -173,9 +173,9 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa getJdbcTemplate().update(deleteUserSql, new Object[] {username}); userCache.removeUserFromCache(username); } - + private void deleteUserAuthorities(String username) { - getJdbcTemplate().update(deleteUserAuthoritiesSql, new Object[] {username}); + getJdbcTemplate().update(deleteUserAuthoritiesSql, new Object[] {username}); } public void changePassword(String oldPassword, String newPassword) throws AuthenticationException { @@ -218,7 +218,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa } public boolean userExists(String username) { - List users = getJdbcTemplate().queryForList(userExistsSql, new Object[] {username}); + List users = getJdbcTemplate().queryForList(userExistsSql, new Object[] {username}); if (users.size() > 1) { throw new IncorrectResultSizeDataAccessException("More than one user found with name '" + username + "'", 1); @@ -238,25 +238,25 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa return (String[]) getJdbcTemplate().queryForList(findUsersInGroupSql, new String[] {groupName}, String.class).toArray(new String[0]); } - public void createGroup(final String groupName, final GrantedAuthority[] authorities) { + public void createGroup(final String groupName, final List authorities) { Assert.hasText(groupName); Assert.notNull(authorities); logger.debug("Creating new group '" + groupName + "' with authorities " + - AuthorityUtils.authorityArrayToSet(authorities)); + AuthorityUtils.authorityArrayToSet(authorities)); getJdbcTemplate().update(insertGroupSql, new String[] {groupName}); - + final int groupId = findGroupId(groupName); - for (int i=0; i < authorities.length; i++) { - final String authority = authorities[i].getAuthority(); - getJdbcTemplate().update(insertGroupAuthoritySql, new PreparedStatementSetter() { - public void setValues(PreparedStatement ps) throws SQLException { - ps.setInt(1, groupId); - ps.setString(2, authority); - } - }); + for (int i=0; i < authorities.size(); i++) { + final String authority = authorities.get(i).getAuthority(); + getJdbcTemplate().update(insertGroupAuthoritySql, new PreparedStatementSetter() { + public void setValues(PreparedStatement ps) throws SQLException { + ps.setInt(1, groupId); + ps.setString(2, authority); + } + }); } } @@ -266,9 +266,9 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa final int id = findGroupId(groupName); PreparedStatementSetter groupIdPSS = new PreparedStatementSetter() { - public void setValues(PreparedStatement ps) throws SQLException { - ps.setInt(1, id); - } + public void setValues(PreparedStatement ps) throws SQLException { + ps.setInt(1, id); + } }; getJdbcTemplate().update(deleteGroupMembersSql, groupIdPSS); getJdbcTemplate().update(deleteGroupAuthoritiesSql, groupIdPSS); @@ -290,10 +290,10 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa final int id = findGroupId(groupName); getJdbcTemplate().update(insertGroupMemberSql, new PreparedStatementSetter() { - public void setValues(PreparedStatement ps) throws SQLException { - ps.setInt(1, id); - ps.setString(2, username); - } + public void setValues(PreparedStatement ps) throws SQLException { + ps.setInt(1, id); + ps.setString(2, username); + } }); userCache.removeUserFromCache(username); @@ -307,29 +307,29 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa final int id = findGroupId(groupName); getJdbcTemplate().update(deleteGroupMemberSql, new PreparedStatementSetter() { - public void setValues(PreparedStatement ps) throws SQLException { - ps.setInt(1, id); - ps.setString(2, username); - } + public void setValues(PreparedStatement ps) throws SQLException { + ps.setInt(1, id); + ps.setString(2, username); + } }); userCache.removeUserFromCache(username); } - public GrantedAuthority[] findGroupAuthorities(String groupName) { + public List findGroupAuthorities(String groupName) { logger.debug("Loading authorities for group '" + groupName + "'"); Assert.hasText(groupName); - - List authorities = getJdbcTemplate().query(groupAuthoritiesSql, new String[] {groupName}, new RowMapper() { - public Object mapRow(ResultSet rs, int rowNum) throws SQLException { - String roleName = getRolePrefix() + rs.getString(3); - GrantedAuthorityImpl authority = new GrantedAuthorityImpl(roleName); - return authority; - } + List authorities = getJdbcTemplate().query(groupAuthoritiesSql, new String[] {groupName}, new RowMapper() { + public Object mapRow(ResultSet rs, int rowNum) throws SQLException { + String roleName = getRolePrefix() + rs.getString(3); + GrantedAuthorityImpl authority = new GrantedAuthorityImpl(roleName); + + return authority; + } }); - return (GrantedAuthority[]) authorities.toArray(new GrantedAuthority[0]); + return authorities; } public void removeGroupAuthority(String groupName, final GrantedAuthority authority) { @@ -338,13 +338,13 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa Assert.notNull(authority); final int id = findGroupId(groupName); - + getJdbcTemplate().update(deleteGroupAuthoritySql, new PreparedStatementSetter() { - public void setValues(PreparedStatement ps) throws SQLException { - ps.setInt(1, id); - ps.setString(2, authority.getAuthority()); - } + public void setValues(PreparedStatement ps) throws SQLException { + ps.setInt(1, id); + ps.setString(2, authority.getAuthority()); + } }); } @@ -355,15 +355,15 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa final int id = findGroupId(groupName); getJdbcTemplate().update(insertGroupAuthoritySql, new PreparedStatementSetter() { - public void setValues(PreparedStatement ps) throws SQLException { - ps.setInt(1, id); - ps.setString(2, authority.getAuthority()); - } + public void setValues(PreparedStatement ps) throws SQLException { + ps.setInt(1, id); + ps.setString(2, authority.getAuthority()); + } }); } - + private int findGroupId(String group) { - return getJdbcTemplate().queryForInt(findGroupIdSql, new Object[] {group}); + return getJdbcTemplate().queryForInt(findGroupIdSql, new Object[] {group}); } public void setAuthenticationManager(AuthenticationManager authenticationManager) { @@ -425,12 +425,12 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa validateAuthorities(user.getAuthorities()); } - private void validateAuthorities(GrantedAuthority[] authorities) { + private void validateAuthorities(List authorities) { Assert.notNull(authorities, "Authorities list must not be null"); - for (int i=0; i < authorities.length; i++) { - Assert.notNull(authorities[i], "Authorities list contains a null entry"); - Assert.hasText(authorities[i].getAuthority(), "getAuthority() method must return a non-empty string"); + for (int i=0; i < authorities.size(); i++) { + Assert.notNull(authorities.get(i), "Authorities list contains a null entry"); + Assert.hasText(authorities.get(i).getAuthority(), "getAuthority() method must return a non-empty string"); } } } diff --git a/core/src/main/java/org/springframework/security/userdetails/ldap/InetOrgPersonContextMapper.java b/core/src/main/java/org/springframework/security/userdetails/ldap/InetOrgPersonContextMapper.java index 15a4fc6bbb..102903d061 100644 --- a/core/src/main/java/org/springframework/security/userdetails/ldap/InetOrgPersonContextMapper.java +++ b/core/src/main/java/org/springframework/security/userdetails/ldap/InetOrgPersonContextMapper.java @@ -14,6 +14,8 @@ */ package org.springframework.security.userdetails.ldap; +import java.util.List; + import org.springframework.security.userdetails.UserDetails; import org.springframework.security.GrantedAuthority; import org.springframework.ldap.core.DirContextOperations; @@ -27,7 +29,7 @@ import org.springframework.util.Assert; */ public class InetOrgPersonContextMapper implements UserDetailsContextMapper { - public UserDetails mapUserFromContext(DirContextOperations ctx, String username, GrantedAuthority[] authorities) { + public UserDetails mapUserFromContext(DirContextOperations ctx, String username, List authorities) { InetOrgPerson.Essence p = new InetOrgPerson.Essence(ctx); p.setUsername(username); diff --git a/core/src/main/java/org/springframework/security/userdetails/ldap/LdapUserDetailsImpl.java b/core/src/main/java/org/springframework/security/userdetails/ldap/LdapUserDetailsImpl.java index 79d12f8ed6..c75c6f0f08 100644 --- a/core/src/main/java/org/springframework/security/userdetails/ldap/LdapUserDetailsImpl.java +++ b/core/src/main/java/org/springframework/security/userdetails/ldap/LdapUserDetailsImpl.java @@ -50,7 +50,7 @@ public class LdapUserDetailsImpl implements LdapUserDetails { private String dn; private String password; private String username; - private GrantedAuthority[] authorities = AuthorityUtils.NO_AUTHORITIES; + private List authorities = AuthorityUtils.NO_AUTHORITIES; private boolean accountNonExpired = true; private boolean accountNonLocked = true; private boolean credentialsNonExpired = true; @@ -62,7 +62,7 @@ public class LdapUserDetailsImpl implements LdapUserDetails { //~ Methods ======================================================================================================== - public GrantedAuthority[] getAuthorities() { + public List getAuthorities() { return authorities; } @@ -107,12 +107,12 @@ public class LdapUserDetailsImpl implements LdapUserDetails { if (this.getAuthorities() != null) { sb.append("Granted Authorities: "); - for (int i = 0; i < this.getAuthorities().length; i++) { + for (int i = 0; i < this.getAuthorities().size(); i++) { if (i > 0) { sb.append(", "); } - sb.append(this.getAuthorities()[i].toString()); + sb.append(this.getAuthorities().get(i).toString()); } } else { sb.append("Not granted any authorities"); @@ -184,8 +184,8 @@ public class LdapUserDetailsImpl implements LdapUserDetails { return newInstance; } - public GrantedAuthority[] getGrantedAuthorities() { - return (GrantedAuthority[]) mutableAuthorities.toArray(new GrantedAuthority[0]); + public List getGrantedAuthorities() { + return mutableAuthorities; } public void setAccountNonExpired(boolean accountNonExpired) { @@ -196,8 +196,8 @@ public class LdapUserDetailsImpl implements LdapUserDetails { instance.accountNonLocked = accountNonLocked; } - public void setAuthorities(GrantedAuthority[] authorities) { - mutableAuthorities = new ArrayList(Arrays.asList(authorities)); + public void setAuthorities(List authorities) { + mutableAuthorities = authorities; } public void setCredentialsNonExpired(boolean credentialsNonExpired) { diff --git a/core/src/main/java/org/springframework/security/userdetails/ldap/LdapUserDetailsManager.java b/core/src/main/java/org/springframework/security/userdetails/ldap/LdapUserDetailsManager.java index 9fbf5672a5..310b04233d 100644 --- a/core/src/main/java/org/springframework/security/userdetails/ldap/LdapUserDetailsManager.java +++ b/core/src/main/java/org/springframework/security/userdetails/ldap/LdapUserDetailsManager.java @@ -60,13 +60,10 @@ import java.util.ListIterator; *

* It is designed around a standard setup where users and groups/roles are stored under separate contexts, * defined by the "userDnBase" and "groupSearchBase" properties respectively. - *

*

* In this case, LDAP is being used purely to retrieve information and this class can be used in place of any other * UserDetailsService for authentication. Authentication isn't performed directly against the directory, unlike with the * LDAP authentication provider setup. - *

- * * * @author Luke Taylor * @since 2.0 @@ -127,7 +124,7 @@ public class LdapUserDetailsManager implements UserDetailsManager { public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException { DistinguishedName dn = usernameMapper.buildDn(username); - GrantedAuthority[] authorities = getUserAuthorities(dn, username); + List authorities = getUserAuthorities(dn, username); logger.debug("Loading user '"+ username + "' with DN '" + dn + "'"); @@ -207,7 +204,7 @@ public class LdapUserDetailsManager implements UserDetailsManager { * @param username the user whose roles are required. * @return the granted authorities returned by the group search */ - GrantedAuthority[] getUserAuthorities(final DistinguishedName dn, final String username) { + List getUserAuthorities(final DistinguishedName dn, final String username) { SearchExecutor se = new SearchExecutor() { public NamingEnumeration executeSearch(DirContext ctx) throws NamingException { DistinguishedName fullDn = LdapUtils.getFullDn(dn, ctx); @@ -222,9 +219,7 @@ public class LdapUserDetailsManager implements UserDetailsManager { new AttributesMapperCallbackHandler(roleMapper); template.search(se, roleCollector); - List authorities = roleCollector.getList(); - - return (GrantedAuthority[]) authorities.toArray(new GrantedAuthority[authorities.size()]); + return roleCollector.getList(); } // protected String getRoleFilter(DistinguishedName dn, String username) { @@ -236,9 +231,9 @@ public class LdapUserDetailsManager implements UserDetailsManager { copyToContext(user, ctx); DistinguishedName dn = usernameMapper.buildDn(user.getUsername()); // Check for any existing authorities which might be set for this DN - GrantedAuthority[] authorities = getUserAuthorities(dn, user.getUsername()); + List authorities = getUserAuthorities(dn, user.getUsername()); - if(authorities.length > 0) { + if(authorities.size() > 0) { removeAuthorities(dn, authorities); } @@ -255,7 +250,7 @@ public class LdapUserDetailsManager implements UserDetailsManager { logger.debug("Updating user '"+ user.getUsername() + "' with DN '" + dn + "'"); - GrantedAuthority[] authorities = getUserAuthorities(dn, user.getUsername()); + List authorities = getUserAuthorities(dn, user.getUsername()); DirContextAdapter ctx = loadUserAsContext(dn, user.getUsername()); ctx.setUpdateMode(true); @@ -318,19 +313,19 @@ public class LdapUserDetailsManager implements UserDetailsManager { userDetailsMapper.mapUserToContext(user, ctx); } - protected void addAuthorities(DistinguishedName userDn, GrantedAuthority[] authorities) { + protected void addAuthorities(DistinguishedName userDn, List authorities) { modifyAuthorities(userDn, authorities, DirContext.ADD_ATTRIBUTE); } - protected void removeAuthorities(DistinguishedName userDn, GrantedAuthority[] authorities) { + protected void removeAuthorities(DistinguishedName userDn, List authorities) { modifyAuthorities(userDn, authorities, DirContext.REMOVE_ATTRIBUTE); } - private void modifyAuthorities(final DistinguishedName userDn, final GrantedAuthority[] authorities, final int modType) { + private void modifyAuthorities(final DistinguishedName userDn, final List authorities, final int modType) { template.executeReadWrite(new ContextExecutor() { public Object executeWithContext(DirContext ctx) throws NamingException { - for(int i=0; i < authorities.length; i++) { - GrantedAuthority authority = authorities[i]; + for(int i=0; i < authorities.size(); i++) { + GrantedAuthority authority = authorities.get(i); String group = convertAuthorityToGroup(authority); DistinguishedName fullDn = LdapUtils.getFullDn(userDn, ctx); ModificationItem addGroup = new ModificationItem(modType, diff --git a/core/src/main/java/org/springframework/security/userdetails/ldap/LdapUserDetailsMapper.java b/core/src/main/java/org/springframework/security/userdetails/ldap/LdapUserDetailsMapper.java index 4f7992dc52..fddc4aa700 100644 --- a/core/src/main/java/org/springframework/security/userdetails/ldap/LdapUserDetailsMapper.java +++ b/core/src/main/java/org/springframework/security/userdetails/ldap/LdapUserDetailsMapper.java @@ -15,6 +15,8 @@ package org.springframework.security.userdetails.ldap; +import java.util.List; + import org.springframework.security.GrantedAuthorityImpl; import org.springframework.security.GrantedAuthority; import org.springframework.security.userdetails.UserDetails; @@ -44,7 +46,7 @@ public class LdapUserDetailsMapper implements UserDetailsContextMapper { //~ Methods ======================================================================================================== - public UserDetails mapUserFromContext(DirContextOperations ctx, String username, GrantedAuthority[] authorities) { + public UserDetails mapUserFromContext(DirContextOperations ctx, String username, List authorities) { String dn = ctx.getNameInNamespace(); logger.debug("Mapping user details from context with DN: " + dn); @@ -80,8 +82,8 @@ public class LdapUserDetailsMapper implements UserDetailsContextMapper { // Add the supplied authorities - for (int i=0; i < authorities.length; i++) { - essence.addAuthority(authorities[i]); + for (int i=0; i < authorities.size(); i++) { + essence.addAuthority(authorities.get(i)); } return essence.createUserDetails(); diff --git a/core/src/main/java/org/springframework/security/userdetails/ldap/LdapUserDetailsService.java b/core/src/main/java/org/springframework/security/userdetails/ldap/LdapUserDetailsService.java index ba2ff00b06..e0884d723b 100644 --- a/core/src/main/java/org/springframework/security/userdetails/ldap/LdapUserDetailsService.java +++ b/core/src/main/java/org/springframework/security/userdetails/ldap/LdapUserDetailsService.java @@ -1,12 +1,11 @@ package org.springframework.security.userdetails.ldap; -import org.springframework.security.GrantedAuthority; -import org.springframework.security.ldap.LdapUserSearch; +import org.springframework.ldap.core.DirContextOperations; import org.springframework.security.ldap.LdapAuthoritiesPopulator; +import org.springframework.security.ldap.LdapUserSearch; import org.springframework.security.userdetails.UserDetails; import org.springframework.security.userdetails.UserDetailsService; import org.springframework.security.userdetails.UsernameNotFoundException; -import org.springframework.ldap.core.DirContextOperations; import org.springframework.util.Assert; /** @@ -32,9 +31,8 @@ public class LdapUserDetailsService implements UserDetailsService { public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { DirContextOperations userData = userSearch.searchForUser(username); - GrantedAuthority[] authorities = authoritiesPopulator.getGrantedAuthorities(userData, username); - - return userDetailsMapper.mapUserFromContext(userData, username, authorities); + return userDetailsMapper.mapUserFromContext(userData, username, + authoritiesPopulator.getGrantedAuthorities(userData, username)); } public void setUserDetailsMapper(UserDetailsContextMapper userDetailsMapper) { diff --git a/core/src/main/java/org/springframework/security/userdetails/ldap/PersonContextMapper.java b/core/src/main/java/org/springframework/security/userdetails/ldap/PersonContextMapper.java index 8c41d114ca..a0c60d771c 100644 --- a/core/src/main/java/org/springframework/security/userdetails/ldap/PersonContextMapper.java +++ b/core/src/main/java/org/springframework/security/userdetails/ldap/PersonContextMapper.java @@ -1,5 +1,7 @@ package org.springframework.security.userdetails.ldap; +import java.util.List; + import org.springframework.security.userdetails.UserDetails; import org.springframework.security.GrantedAuthority; import org.springframework.ldap.core.DirContextOperations; @@ -12,7 +14,7 @@ import org.springframework.util.Assert; */ public class PersonContextMapper implements UserDetailsContextMapper { - public UserDetails mapUserFromContext(DirContextOperations ctx, String username, GrantedAuthority[] authorities) { + public UserDetails mapUserFromContext(DirContextOperations ctx, String username, List authorities) { Person.Essence p = new Person.Essence(ctx); p.setUsername(username); diff --git a/core/src/main/java/org/springframework/security/userdetails/ldap/UserDetailsContextMapper.java b/core/src/main/java/org/springframework/security/userdetails/ldap/UserDetailsContextMapper.java index aec082fc26..8438b46903 100644 --- a/core/src/main/java/org/springframework/security/userdetails/ldap/UserDetailsContextMapper.java +++ b/core/src/main/java/org/springframework/security/userdetails/ldap/UserDetailsContextMapper.java @@ -14,6 +14,8 @@ */ package org.springframework.security.userdetails.ldap; +import java.util.List; + import org.springframework.security.userdetails.UserDetails; import org.springframework.security.GrantedAuthority; import org.springframework.ldap.core.DirContextOperations; @@ -37,7 +39,7 @@ public interface UserDetailsContextMapper { * @param authority the list of authorities which the user should be given. * @return the user object. */ - UserDetails mapUserFromContext(DirContextOperations ctx, String username, GrantedAuthority[] authority); + UserDetails mapUserFromContext(DirContextOperations ctx, String username, List authority); /** * Reverse of the above operation. Populates a context object from the supplied user object. diff --git a/core/src/main/java/org/springframework/security/util/AuthorityUtils.java b/core/src/main/java/org/springframework/security/util/AuthorityUtils.java index 1f7481b00c..9897703c8c 100644 --- a/core/src/main/java/org/springframework/security/util/AuthorityUtils.java +++ b/core/src/main/java/org/springframework/security/util/AuthorityUtils.java @@ -6,7 +6,10 @@ import org.springframework.security.GrantedAuthorityImpl; import org.springframework.security.context.SecurityContextHolder; import org.springframework.util.StringUtils; +import java.util.ArrayList; +import java.util.Collections; import java.util.HashSet; +import java.util.List; import java.util.Set; /** @@ -14,7 +17,7 @@ import java.util.Set; * @version $Id$ */ public abstract class AuthorityUtils { - public static final GrantedAuthority[] NO_AUTHORITIES = new GrantedAuthority[0]; + public static final List NO_AUTHORITIES = Collections.EMPTY_LIST; /** * Returns true if the current user has the specified authority. @@ -24,10 +27,10 @@ public abstract class AuthorityUtils { * name exists in the current user's list of authorities. False otherwise, or if the user in not authenticated. */ public static boolean userHasAuthority(String authority) { - GrantedAuthority[] authorities = getUserAuthorities(); + List authorities = getUserAuthorities(); - for (int i = 0; i < authorities.length; i++) { - if (authority.equals(authorities[i].getAuthority())) { + for (GrantedAuthority grantedAuthority : authorities) { + if (authority.equals(grantedAuthority.getAuthority())) { return true; } } @@ -40,7 +43,7 @@ public abstract class AuthorityUtils { * * @return an array containing the current user's authorities (or an empty array if not authenticated), never null. */ - private static GrantedAuthority[] getUserAuthorities() { + private static List getUserAuthorities() { Authentication auth = SecurityContextHolder.getContext().getAuthentication(); if (auth == null || auth.getAuthorities() == null) { @@ -73,21 +76,21 @@ public abstract class AuthorityUtils { * Converts an array of GrantedAuthority objects to a Set. * @return a Set of the Strings obtained from each call to GrantedAuthority.getAuthority() */ - public static Set authorityArrayToSet(GrantedAuthority[] authorities) { - Set set = new HashSet(authorities.length); + public static Set authorityArrayToSet(List authorities) { + Set set = new HashSet(authorities.size()); - for (int i = 0; i < authorities.length; i++) { - set.add(authorities[i].getAuthority()); + for (GrantedAuthority authority: authorities) { + set.add(authority.getAuthority()); } return set; } - public static GrantedAuthority[] stringArrayToAuthorityArray(String[] roles) { - GrantedAuthority[] authorities = new GrantedAuthority[roles.length]; + public static List createAuthorityList(String... roles) { + List authorities = new ArrayList(roles.length); for (int i=0; i < roles.length; i++) { - authorities[i] = new GrantedAuthorityImpl(roles[i]); + authorities.add(new GrantedAuthorityImpl(roles[i])); } return authorities; diff --git a/core/src/main/java/org/springframework/security/vote/LabelBasedAclVoter.java b/core/src/main/java/org/springframework/security/vote/LabelBasedAclVoter.java index be0787376f..ff57fa5111 100644 --- a/core/src/main/java/org/springframework/security/vote/LabelBasedAclVoter.java +++ b/core/src/main/java/org/springframework/security/vote/LabelBasedAclVoter.java @@ -186,9 +186,9 @@ public class LabelBasedAclVoter extends AbstractAclVoter { */ List userLabels = new Vector(); - for (int i = 0; i < authentication.getAuthorities().length; i++) { - if (labelMap.containsKey(authentication.getAuthorities()[i].getAuthority())) { - String userLabel = authentication.getAuthorities()[i].getAuthority(); + for (int i = 0; i < authentication.getAuthorities().size(); i++) { + String userLabel = authentication.getAuthorities().get(i).getAuthority(); + if (labelMap.containsKey(userLabel)) { userLabels.add(userLabel); logger.debug("Adding " + userLabel + " to <<<" + authentication.getName() + "'s>>> authorized label list"); diff --git a/core/src/main/java/org/springframework/security/vote/RoleHierarchyVoter.java b/core/src/main/java/org/springframework/security/vote/RoleHierarchyVoter.java index 1ce679da21..400f89a38c 100644 --- a/core/src/main/java/org/springframework/security/vote/RoleHierarchyVoter.java +++ b/core/src/main/java/org/springframework/security/vote/RoleHierarchyVoter.java @@ -1,29 +1,32 @@ package org.springframework.security.vote; +import java.util.List; + import org.springframework.security.Authentication; import org.springframework.security.GrantedAuthority; import org.springframework.security.userdetails.hierarchicalroles.RoleHierarchy; import org.springframework.util.Assert; /** - * Extended RoleVoter which uses a {@link RoleHierarchy} definition to determine the + * Extended RoleVoter which uses a {@link RoleHierarchy} definition to determine the * roles allocated to the current user before voting. - * + * * @author Luke Taylor * @since 2.0.4 */ public class RoleHierarchyVoter extends RoleVoter { private RoleHierarchy roleHierarchy = null; - + public RoleHierarchyVoter(RoleHierarchy roleHierarchy) { - Assert.notNull(roleHierarchy, "RoleHierarchy must not be null"); - this.roleHierarchy = roleHierarchy; + Assert.notNull(roleHierarchy, "RoleHierarchy must not be null"); + this.roleHierarchy = roleHierarchy; } /** * Calls the RoleHierarchy to obtain the complete set of user authorities. */ - GrantedAuthority[] extractAuthorities(Authentication authentication) { - return roleHierarchy.getReachableGrantedAuthorities(authentication.getAuthorities()); - } + @Override + List extractAuthorities(Authentication authentication) { + return roleHierarchy.getReachableGrantedAuthorities(authentication.getAuthorities()); + } } diff --git a/core/src/main/java/org/springframework/security/vote/RoleVoter.java b/core/src/main/java/org/springframework/security/vote/RoleVoter.java index 01f7cd18bd..2fddcc4276 100644 --- a/core/src/main/java/org/springframework/security/vote/RoleVoter.java +++ b/core/src/main/java/org/springframework/security/vote/RoleVoter.java @@ -94,18 +94,15 @@ public class RoleVoter implements AccessDecisionVoter { public int vote(Authentication authentication, Object object, List attributes) { int result = ACCESS_ABSTAIN; - Iterator iter = attributes.iterator(); - GrantedAuthority[] authorities = extractAuthorities(authentication); - - while (iter.hasNext()) { - ConfigAttribute attribute = (ConfigAttribute) iter.next(); + List authorities = extractAuthorities(authentication); + for (ConfigAttribute attribute : attributes) { if (this.supports(attribute)) { result = ACCESS_DENIED; // Attempt to find a matching granted authority - for (int i = 0; i < authorities.length; i++) { - if (attribute.getAttribute().equals(authorities[i].getAuthority())) { + for (GrantedAuthority authority : authorities) { + if (attribute.getAttribute().equals(authority.getAuthority())) { return ACCESS_GRANTED; } } @@ -115,7 +112,7 @@ public class RoleVoter implements AccessDecisionVoter { return result; } - GrantedAuthority[] extractAuthorities(Authentication authentication) { + List extractAuthorities(Authentication authentication) { return authentication.getAuthorities(); } } diff --git a/core/src/main/java/org/springframework/security/wrapper/SecurityContextHolderAwareRequestWrapper.java b/core/src/main/java/org/springframework/security/wrapper/SecurityContextHolderAwareRequestWrapper.java index dcf5cda6ed..d651c831c6 100644 --- a/core/src/main/java/org/springframework/security/wrapper/SecurityContextHolderAwareRequestWrapper.java +++ b/core/src/main/java/org/springframework/security/wrapper/SecurityContextHolderAwareRequestWrapper.java @@ -18,6 +18,7 @@ package org.springframework.security.wrapper; import org.springframework.security.Authentication; import org.springframework.security.AuthenticationTrustResolver; import org.springframework.security.AuthenticationTrustResolverImpl; +import org.springframework.security.GrantedAuthority; import org.springframework.security.context.SecurityContextHolder; @@ -25,6 +26,7 @@ import org.springframework.security.userdetails.UserDetails; import org.springframework.security.util.PortResolver; import java.security.Principal; +import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequestWrapper; @@ -124,12 +126,19 @@ public class SecurityContextHolderAwareRequestWrapper extends HttpServletRequest role = rolePrefix + role; } - if ((auth == null) || (auth.getPrincipal() == null) || (auth.getAuthorities() == null)) { + if ((auth == null) || (auth.getPrincipal() == null)) { return false; } - for (int i = 0; i < auth.getAuthorities().length; i++) { - if (role.equals(auth.getAuthorities()[i].getAuthority())) { + List authorities = auth.getAuthorities(); + + if (authorities == null) { + return false; + } + + + for (GrantedAuthority grantedAuthority : authorities) { + if (role.equals(grantedAuthority.getAuthority())) { return true; } } @@ -138,10 +147,11 @@ public class SecurityContextHolderAwareRequestWrapper extends HttpServletRequest } /** - * Simple searches for an exactly matching {@link org.springframework.security.GrantedAuthority#getAuthority()}.

Will - * always return false if the SecurityContextHolder contains an + * Simple searches for an exactly matching {@link org.springframework.security.GrantedAuthority#getAuthority()}. + *

+ * Will always return false if the SecurityContextHolder contains an * Authentication with nullprincipal and/or GrantedAuthority[] - * objects.

+ * objects. * * @param role the GrantedAuthorityString representation to check for * diff --git a/core/src/test/java/org/springframework/security/MockAccessDecisionManager.java b/core/src/test/java/org/springframework/security/MockAccessDecisionManager.java index a41d68e03d..ad4112a4f0 100644 --- a/core/src/test/java/org/springframework/security/MockAccessDecisionManager.java +++ b/core/src/test/java/org/springframework/security/MockAccessDecisionManager.java @@ -15,7 +15,6 @@ package org.springframework.security; -import java.util.Iterator; import java.util.List; @@ -34,8 +33,8 @@ public class MockAccessDecisionManager implements AccessDecisionManager { for(ConfigAttribute attr : configAttributes) { if (this.supports(attr)) { - for (int i = 0; i < authentication.getAuthorities().length; i++) { - if (attr.getAttribute().equals(authentication.getAuthorities()[i].getAuthority())) { + for(GrantedAuthority authority : authentication.getAuthorities()) { + if (attr.getAttribute().equals(authority.getAuthority())) { return; } } diff --git a/core/src/test/java/org/springframework/security/authoritymapping/MapBasedAttributes2GrantedAuthoritiesMapperTest.java b/core/src/test/java/org/springframework/security/authoritymapping/MapBasedAttributes2GrantedAuthoritiesMapperTest.java index c2e5989cb1..136d65896f 100755 --- a/core/src/test/java/org/springframework/security/authoritymapping/MapBasedAttributes2GrantedAuthoritiesMapperTest.java +++ b/core/src/test/java/org/springframework/security/authoritymapping/MapBasedAttributes2GrantedAuthoritiesMapperTest.java @@ -1,232 +1,214 @@ package org.springframework.security.authoritymapping; +import static org.junit.Assert.*; + import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; import java.util.HashMap; - -import junit.framework.TestCase; +import java.util.List; import org.apache.log4j.Level; import org.apache.log4j.Logger; +import org.junit.Test; import org.springframework.security.GrantedAuthority; import org.springframework.security.GrantedAuthorityImpl; /** - * + * * @author Ruud Senden */ -public class MapBasedAttributes2GrantedAuthoritiesMapperTest extends TestCase { +public class MapBasedAttributes2GrantedAuthoritiesMapperTest { - protected void setUp() throws Exception { - // Set Log4j loglevel to debug to include all logstatements in tests - Logger.getRootLogger().setLevel(Level.DEBUG); - } + protected void setUp() throws Exception { + // Set Log4j loglevel to debug to include all logstatements in tests + Logger.getRootLogger().setLevel(Level.DEBUG); + } - public final void testAfterPropertiesSetNoMap() { - MapBasedAttributes2GrantedAuthoritiesMapper mapper = new MapBasedAttributes2GrantedAuthoritiesMapper(); - try { - mapper.afterPropertiesSet(); - fail("Expected exception not thrown"); - } catch (IllegalArgumentException expected) { - // Expected exception - } catch (Exception unexpected) { - fail("Unexpected exception: " + unexpected); - } - } - - public final void testAfterPropertiesSetEmptyMap() { - MapBasedAttributes2GrantedAuthoritiesMapper mapper = new MapBasedAttributes2GrantedAuthoritiesMapper(); - mapper.setAttributes2grantedAuthoritiesMap(new HashMap()); - try { - mapper.afterPropertiesSet(); - fail("Expected exception not thrown"); - } catch (IllegalArgumentException expected) { - // Expected exception - } catch (Exception unexpected) { - fail("Unexpected exception: " + unexpected); - } - } - - public final void testAfterPropertiesSetInvalidKeyTypeMap() { - MapBasedAttributes2GrantedAuthoritiesMapper mapper = new MapBasedAttributes2GrantedAuthoritiesMapper(); - HashMap m = new HashMap(); - m.put(new Object(),"ga1"); - mapper.setAttributes2grantedAuthoritiesMap(m); - try { - mapper.afterPropertiesSet(); - fail("Expected exception not thrown"); - } catch (IllegalArgumentException expected) { - // Expected exception - } catch (Exception unexpected) { - fail("Unexpected exception: " + unexpected); - } - } - - public final void testAfterPropertiesSetInvalidValueTypeMap1() { - MapBasedAttributes2GrantedAuthoritiesMapper mapper = new MapBasedAttributes2GrantedAuthoritiesMapper(); - HashMap m = new HashMap(); - m.put("role1",new Object()); - mapper.setAttributes2grantedAuthoritiesMap(m); - try { - mapper.afterPropertiesSet(); - fail("Expected exception not thrown"); - } catch (IllegalArgumentException expected) { - // Expected exception - } catch (Exception unexpected) { - fail("Unexpected exception: " + unexpected); - } - } - - public final void testAfterPropertiesSetInvalidValueTypeMap2() { - MapBasedAttributes2GrantedAuthoritiesMapper mapper = new MapBasedAttributes2GrantedAuthoritiesMapper(); - HashMap m = new HashMap(); - m.put("role1",new Object[]{new String[]{"ga1","ga2"}, new Object()}); - mapper.setAttributes2grantedAuthoritiesMap(m); - try { - mapper.afterPropertiesSet(); - fail("Expected exception not thrown"); - } catch (IllegalArgumentException expected) { - // Expected exception - } catch (Exception unexpected) { - fail("Unexpected exception: " + unexpected); - } - } + @Test(expected=IllegalArgumentException.class) + public void testAfterPropertiesSetNoMap() throws Exception { + MapBasedAttributes2GrantedAuthoritiesMapper mapper = new MapBasedAttributes2GrantedAuthoritiesMapper(); + mapper.afterPropertiesSet(); + } - public final void testAfterPropertiesSetValidMap() { - MapBasedAttributes2GrantedAuthoritiesMapper mapper = new MapBasedAttributes2GrantedAuthoritiesMapper(); - HashMap m = getValidAttributes2GrantedAuthoritiesMap(); - mapper.setAttributes2grantedAuthoritiesMap(m); - try { - mapper.afterPropertiesSet(); - } catch (Exception unexpected) { - fail("Unexpected exception: " + unexpected); - } - } - - public final void testMapping1() { - String[] roles = { "role1" }; - String[] expectedGas = { "ga1" }; - Attributes2GrantedAuthoritiesMapper mapper = getDefaultMapper(); - testGetGrantedAuthorities(mapper, roles, expectedGas); - } - - public final void testMapping2() { - String[] roles = { "role2" }; - String[] expectedGas = { "ga2" }; - Attributes2GrantedAuthoritiesMapper mapper = getDefaultMapper(); - testGetGrantedAuthorities(mapper, roles, expectedGas); - } - - public final void testMapping3() { - String[] roles = { "role3" }; - String[] expectedGas = { "ga3", "ga4" }; - Attributes2GrantedAuthoritiesMapper mapper = getDefaultMapper(); - testGetGrantedAuthorities(mapper, roles, expectedGas); - } - - public final void testMapping4() { - String[] roles = { "role4" }; - String[] expectedGas = { "ga5", "ga6" }; - Attributes2GrantedAuthoritiesMapper mapper = getDefaultMapper(); - testGetGrantedAuthorities(mapper, roles, expectedGas); - } - - public final void testMapping5() { - String[] roles = { "role5" }; - String[] expectedGas = { "ga7", "ga8", "ga9" }; - Attributes2GrantedAuthoritiesMapper mapper = getDefaultMapper(); - testGetGrantedAuthorities(mapper, roles, expectedGas); - } - - public final void testMapping6() { - String[] roles = { "role6" }; - String[] expectedGas = { "ga10", "ga11", "ga12" }; - Attributes2GrantedAuthoritiesMapper mapper = getDefaultMapper(); - testGetGrantedAuthorities(mapper, roles, expectedGas); - } - - public final void testMapping7() { - String[] roles = { "role7" }; - String[] expectedGas = { "ga13", "ga14" }; - Attributes2GrantedAuthoritiesMapper mapper = getDefaultMapper(); - testGetGrantedAuthorities(mapper, roles, expectedGas); - } - - public final void testMapping8() { - String[] roles = { "role8" }; - String[] expectedGas = { "ga13", "ga14" }; - Attributes2GrantedAuthoritiesMapper mapper = getDefaultMapper(); - testGetGrantedAuthorities(mapper, roles, expectedGas); - } - - public final void testMapping9() { - String[] roles = { "role9" }; - String[] expectedGas = {}; - Attributes2GrantedAuthoritiesMapper mapper = getDefaultMapper(); - testGetGrantedAuthorities(mapper, roles, expectedGas); - } - - public final void testMapping10() { - String[] roles = { "role10" }; - String[] expectedGas = {}; - Attributes2GrantedAuthoritiesMapper mapper = getDefaultMapper(); - testGetGrantedAuthorities(mapper, roles, expectedGas); - } - - public final void testMapping11() { - String[] roles = { "role11" }; - String[] expectedGas = {}; - Attributes2GrantedAuthoritiesMapper mapper = getDefaultMapper(); - testGetGrantedAuthorities(mapper, roles, expectedGas); - } - - public final void testNonExistingMapping() { - String[] roles = { "nonExisting" }; - String[] expectedGas = {}; - Attributes2GrantedAuthoritiesMapper mapper = getDefaultMapper(); - testGetGrantedAuthorities(mapper, roles, expectedGas); - } - - public final void testMappingCombination() { - String[] roles = { "role1", "role2", "role3", "role4", "role5", "role6", "role7", "role8", "role9", "role10", "role11" }; - String[] expectedGas = { "ga1", "ga2", "ga3", "ga4", "ga5", "ga6", "ga7", "ga8", "ga9", "ga10", "ga11", "ga12", "ga13", "ga14"}; - Attributes2GrantedAuthoritiesMapper mapper = getDefaultMapper(); - testGetGrantedAuthorities(mapper, roles, expectedGas); - } + @Test(expected=IllegalArgumentException.class) + public void testAfterPropertiesSetEmptyMap() throws Exception { + MapBasedAttributes2GrantedAuthoritiesMapper mapper = new MapBasedAttributes2GrantedAuthoritiesMapper(); + mapper.setAttributes2grantedAuthoritiesMap(new HashMap()); + mapper.afterPropertiesSet(); + } - private HashMap getValidAttributes2GrantedAuthoritiesMap() { - HashMap m = new HashMap(); - m.put("role1","ga1"); - m.put("role2",new GrantedAuthorityImpl("ga2")); - m.put("role3",Arrays.asList(new Object[]{"ga3",new GrantedAuthorityImpl("ga4")})); - m.put("role4","ga5,ga6"); - m.put("role5",Arrays.asList(new Object[]{"ga7","ga8",new Object[]{new GrantedAuthorityImpl("ga9")}})); - m.put("role6",new Object[]{"ga10","ga11",new Object[]{new GrantedAuthorityImpl("ga12")}}); - m.put("role7",new String[]{"ga13","ga14"}); - m.put("role8",new String[]{"ga13","ga14",null}); - m.put("role9",null); - m.put("role10",new Object[]{}); - m.put("role11",Arrays.asList(new Object[]{null})); - return m; - } + @Test(expected=IllegalArgumentException.class) + public void testAfterPropertiesSetInvalidKeyTypeMap() throws Exception { + MapBasedAttributes2GrantedAuthoritiesMapper mapper = new MapBasedAttributes2GrantedAuthoritiesMapper(); + HashMap m = new HashMap(); + m.put(new Object(),"ga1"); + mapper.setAttributes2grantedAuthoritiesMap(m); + mapper.afterPropertiesSet(); + } - private MapBasedAttributes2GrantedAuthoritiesMapper getDefaultMapper() { - MapBasedAttributes2GrantedAuthoritiesMapper mapper = new MapBasedAttributes2GrantedAuthoritiesMapper(); - mapper.setAttributes2grantedAuthoritiesMap(getValidAttributes2GrantedAuthoritiesMap()); - mapper.afterPropertiesSet(); - return mapper; - } + @Test(expected=IllegalArgumentException.class) + public void testAfterPropertiesSetInvalidValueTypeMap1() throws Exception { + MapBasedAttributes2GrantedAuthoritiesMapper mapper = new MapBasedAttributes2GrantedAuthoritiesMapper(); + HashMap m = new HashMap(); + m.put("role1",new Object()); + mapper.setAttributes2grantedAuthoritiesMap(m); + mapper.afterPropertiesSet(); + } - private void testGetGrantedAuthorities(Attributes2GrantedAuthoritiesMapper mapper, String[] roles, String[] expectedGas) { - GrantedAuthority[] result = mapper.getGrantedAuthorities(roles); - Collection resultColl = new ArrayList(result.length); - for (int i = 0; i < result.length; i++) { - resultColl.add(result[i].getAuthority()); - } - Collection expectedColl = Arrays.asList(expectedGas); - assertTrue("Role collections do not match; result: " + resultColl + ", expected: " + expectedColl, expectedColl - .containsAll(resultColl) - && resultColl.containsAll(expectedColl)); - } + @Test(expected=IllegalArgumentException.class) + public void testAfterPropertiesSetInvalidValueTypeMap2() throws Exception { + MapBasedAttributes2GrantedAuthoritiesMapper mapper = new MapBasedAttributes2GrantedAuthoritiesMapper(); + HashMap m = new HashMap(); + m.put("role1",new Object[]{new String[]{"ga1","ga2"}, new Object()}); + mapper.setAttributes2grantedAuthoritiesMap(m); + mapper.afterPropertiesSet(); + } + + @Test + public void testAfterPropertiesSetValidMap() throws Exception { + MapBasedAttributes2GrantedAuthoritiesMapper mapper = new MapBasedAttributes2GrantedAuthoritiesMapper(); + HashMap m = getValidAttributes2GrantedAuthoritiesMap(); + mapper.setAttributes2grantedAuthoritiesMap(m); + mapper.afterPropertiesSet(); + } + + @Test + public void testMapping1() throws Exception { + String[] roles = { "role1" }; + String[] expectedGas = { "ga1" }; + Attributes2GrantedAuthoritiesMapper mapper = getDefaultMapper(); + testGetGrantedAuthorities(mapper, roles, expectedGas); + } + + @Test + public void testMapping2() throws Exception { + String[] roles = { "role2" }; + String[] expectedGas = { "ga2" }; + Attributes2GrantedAuthoritiesMapper mapper = getDefaultMapper(); + testGetGrantedAuthorities(mapper, roles, expectedGas); + } + + @Test + public void testMapping3() throws Exception { + String[] roles = { "role3" }; + String[] expectedGas = { "ga3", "ga4" }; + Attributes2GrantedAuthoritiesMapper mapper = getDefaultMapper(); + testGetGrantedAuthorities(mapper, roles, expectedGas); + } + + @Test + public void testMapping4() throws Exception { + String[] roles = { "role4" }; + String[] expectedGas = { "ga5", "ga6" }; + Attributes2GrantedAuthoritiesMapper mapper = getDefaultMapper(); + testGetGrantedAuthorities(mapper, roles, expectedGas); + } + + @Test + public void testMapping5() throws Exception { + String[] roles = { "role5" }; + String[] expectedGas = { "ga7", "ga8", "ga9" }; + Attributes2GrantedAuthoritiesMapper mapper = getDefaultMapper(); + testGetGrantedAuthorities(mapper, roles, expectedGas); + } + + @Test + public void testMapping6() throws Exception { + String[] roles = { "role6" }; + String[] expectedGas = { "ga10", "ga11", "ga12" }; + Attributes2GrantedAuthoritiesMapper mapper = getDefaultMapper(); + testGetGrantedAuthorities(mapper, roles, expectedGas); + } + + @Test + public void testMapping7() throws Exception { + String[] roles = { "role7" }; + String[] expectedGas = { "ga13", "ga14" }; + Attributes2GrantedAuthoritiesMapper mapper = getDefaultMapper(); + testGetGrantedAuthorities(mapper, roles, expectedGas); + } + + @Test + public void testMapping8() throws Exception { + String[] roles = { "role8" }; + String[] expectedGas = { "ga13", "ga14" }; + Attributes2GrantedAuthoritiesMapper mapper = getDefaultMapper(); + testGetGrantedAuthorities(mapper, roles, expectedGas); + } + + @Test + public void testMapping9() throws Exception { + String[] roles = { "role9" }; + String[] expectedGas = {}; + Attributes2GrantedAuthoritiesMapper mapper = getDefaultMapper(); + testGetGrantedAuthorities(mapper, roles, expectedGas); + } + + @Test + public void testMapping10() throws Exception { + String[] roles = { "role10" }; + String[] expectedGas = {}; + Attributes2GrantedAuthoritiesMapper mapper = getDefaultMapper(); + testGetGrantedAuthorities(mapper, roles, expectedGas); + } + + @Test + public void testMapping11() throws Exception { + String[] roles = { "role11" }; + String[] expectedGas = {}; + Attributes2GrantedAuthoritiesMapper mapper = getDefaultMapper(); + testGetGrantedAuthorities(mapper, roles, expectedGas); + } + + @Test + public void testNonExistingMapping() throws Exception { + String[] roles = { "nonExisting" }; + String[] expectedGas = {}; + Attributes2GrantedAuthoritiesMapper mapper = getDefaultMapper(); + testGetGrantedAuthorities(mapper, roles, expectedGas); + } + + @Test + public void testMappingCombination() throws Exception { + String[] roles = { "role1", "role2", "role3", "role4", "role5", "role6", "role7", "role8", "role9", "role10", "role11" }; + String[] expectedGas = { "ga1", "ga2", "ga3", "ga4", "ga5", "ga6", "ga7", "ga8", "ga9", "ga10", "ga11", "ga12", "ga13", "ga14"}; + Attributes2GrantedAuthoritiesMapper mapper = getDefaultMapper(); + testGetGrantedAuthorities(mapper, roles, expectedGas); + } + + private HashMap getValidAttributes2GrantedAuthoritiesMap() { + HashMap m = new HashMap(); + m.put("role1","ga1"); + m.put("role2",new GrantedAuthorityImpl("ga2")); + m.put("role3",Arrays.asList(new Object[]{"ga3",new GrantedAuthorityImpl("ga4")})); + m.put("role4","ga5,ga6"); + m.put("role5",Arrays.asList(new Object[]{"ga7","ga8",new Object[]{new GrantedAuthorityImpl("ga9")}})); + m.put("role6",new Object[]{"ga10","ga11",new Object[]{new GrantedAuthorityImpl("ga12")}}); + m.put("role7",new String[]{"ga13","ga14"}); + m.put("role8",new String[]{"ga13","ga14",null}); + m.put("role9",null); + m.put("role10",new Object[]{}); + m.put("role11",Arrays.asList(new Object[]{null})); + return m; + } + + private MapBasedAttributes2GrantedAuthoritiesMapper getDefaultMapper() throws Exception { + MapBasedAttributes2GrantedAuthoritiesMapper mapper = new MapBasedAttributes2GrantedAuthoritiesMapper(); + mapper.setAttributes2grantedAuthoritiesMap(getValidAttributes2GrantedAuthoritiesMap()); + mapper.afterPropertiesSet(); + return mapper; + } + + private void testGetGrantedAuthorities(Attributes2GrantedAuthoritiesMapper mapper, String[] roles, String[] expectedGas) { + List result = mapper.getGrantedAuthorities(Arrays.asList(roles)); + Collection resultColl = new ArrayList(result.size()); + for (int i = 0; i < result.size(); i++) { + resultColl.add(result.get(i).getAuthority()); + } + Collection expectedColl = Arrays.asList(expectedGas); + assertTrue("Role collections should match; result: " + resultColl + ", expected: " + expectedColl, expectedColl + .containsAll(resultColl) + && resultColl.containsAll(expectedColl)); + } } diff --git a/core/src/test/java/org/springframework/security/authoritymapping/SimpleRoles2GrantedAuthoritiesMapperTests.java b/core/src/test/java/org/springframework/security/authoritymapping/SimpleRoles2GrantedAuthoritiesMapperTests.java index 4eb14ed3d8..8d51495163 100755 --- a/core/src/test/java/org/springframework/security/authoritymapping/SimpleRoles2GrantedAuthoritiesMapperTests.java +++ b/core/src/test/java/org/springframework/security/authoritymapping/SimpleRoles2GrantedAuthoritiesMapperTests.java @@ -5,117 +5,118 @@ import org.springframework.security.GrantedAuthority; import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; +import java.util.List; import junit.framework.TestCase; /** - * + * * @author TSARDD * @since 18-okt-2007 */ public class SimpleRoles2GrantedAuthoritiesMapperTests extends TestCase { - public final void testAfterPropertiesSetConvertToUpperAndLowerCase() { - SimpleAttributes2GrantedAuthoritiesMapper mapper = new SimpleAttributes2GrantedAuthoritiesMapper(); - mapper.setConvertAttributeToLowerCase(true); - mapper.setConvertAttributeToUpperCase(true); - try { - mapper.afterPropertiesSet(); - fail("Expected exception not thrown"); - } catch (IllegalArgumentException expected) { - } catch (Exception unexpected) { - fail("Unexpected exception: " + unexpected); - } - } + public final void testAfterPropertiesSetConvertToUpperAndLowerCase() { + SimpleAttributes2GrantedAuthoritiesMapper mapper = new SimpleAttributes2GrantedAuthoritiesMapper(); + mapper.setConvertAttributeToLowerCase(true); + mapper.setConvertAttributeToUpperCase(true); + try { + mapper.afterPropertiesSet(); + fail("Expected exception not thrown"); + } catch (IllegalArgumentException expected) { + } catch (Exception unexpected) { + fail("Unexpected exception: " + unexpected); + } + } - public final void testAfterPropertiesSet() { - SimpleAttributes2GrantedAuthoritiesMapper mapper = new SimpleAttributes2GrantedAuthoritiesMapper(); - try { - mapper.afterPropertiesSet(); - } catch (Exception unexpected) { - fail("Unexpected exception: " + unexpected); - } - } + public final void testAfterPropertiesSet() { + SimpleAttributes2GrantedAuthoritiesMapper mapper = new SimpleAttributes2GrantedAuthoritiesMapper(); + try { + mapper.afterPropertiesSet(); + } catch (Exception unexpected) { + fail("Unexpected exception: " + unexpected); + } + } - public final void testGetGrantedAuthoritiesNoConversion() { - String[] roles = { "Role1", "Role2" }; - String[] expectedGas = { "Role1", "Role2" }; - SimpleAttributes2GrantedAuthoritiesMapper mapper = getDefaultMapper(); - testGetGrantedAuthorities(mapper, roles, expectedGas); - } + public final void testGetGrantedAuthoritiesNoConversion() { + String[] roles = { "Role1", "Role2" }; + String[] expectedGas = { "Role1", "Role2" }; + SimpleAttributes2GrantedAuthoritiesMapper mapper = getDefaultMapper(); + testGetGrantedAuthorities(mapper, roles, expectedGas); + } - public final void testGetGrantedAuthoritiesToUpperCase() { - String[] roles = { "Role1", "Role2" }; - String[] expectedGas = { "ROLE1", "ROLE2" }; - SimpleAttributes2GrantedAuthoritiesMapper mapper = getDefaultMapper(); - mapper.setConvertAttributeToUpperCase(true); - testGetGrantedAuthorities(mapper, roles, expectedGas); - } + public final void testGetGrantedAuthoritiesToUpperCase() { + String[] roles = { "Role1", "Role2" }; + String[] expectedGas = { "ROLE1", "ROLE2" }; + SimpleAttributes2GrantedAuthoritiesMapper mapper = getDefaultMapper(); + mapper.setConvertAttributeToUpperCase(true); + testGetGrantedAuthorities(mapper, roles, expectedGas); + } - public final void testGetGrantedAuthoritiesToLowerCase() { - String[] roles = { "Role1", "Role2" }; - String[] expectedGas = { "role1", "role2" }; - SimpleAttributes2GrantedAuthoritiesMapper mapper = getDefaultMapper(); - mapper.setConvertAttributeToLowerCase(true); - testGetGrantedAuthorities(mapper, roles, expectedGas); - } + public final void testGetGrantedAuthoritiesToLowerCase() { + String[] roles = { "Role1", "Role2" }; + String[] expectedGas = { "role1", "role2" }; + SimpleAttributes2GrantedAuthoritiesMapper mapper = getDefaultMapper(); + mapper.setConvertAttributeToLowerCase(true); + testGetGrantedAuthorities(mapper, roles, expectedGas); + } - public final void testGetGrantedAuthoritiesAddPrefixIfAlreadyExisting() { - String[] roles = { "Role1", "Role2", "ROLE_Role3" }; - String[] expectedGas = { "ROLE_Role1", "ROLE_Role2", "ROLE_ROLE_Role3" }; - SimpleAttributes2GrantedAuthoritiesMapper mapper = getDefaultMapper(); - mapper.setAddPrefixIfAlreadyExisting(true); - mapper.setAttributePrefix("ROLE_"); - testGetGrantedAuthorities(mapper, roles, expectedGas); - } + public final void testGetGrantedAuthoritiesAddPrefixIfAlreadyExisting() { + String[] roles = { "Role1", "Role2", "ROLE_Role3" }; + String[] expectedGas = { "ROLE_Role1", "ROLE_Role2", "ROLE_ROLE_Role3" }; + SimpleAttributes2GrantedAuthoritiesMapper mapper = getDefaultMapper(); + mapper.setAddPrefixIfAlreadyExisting(true); + mapper.setAttributePrefix("ROLE_"); + testGetGrantedAuthorities(mapper, roles, expectedGas); + } - public final void testGetGrantedAuthoritiesDontAddPrefixIfAlreadyExisting1() { - String[] roles = { "Role1", "Role2", "ROLE_Role3" }; - String[] expectedGas = { "ROLE_Role1", "ROLE_Role2", "ROLE_Role3" }; - SimpleAttributes2GrantedAuthoritiesMapper mapper = getDefaultMapper(); - mapper.setAddPrefixIfAlreadyExisting(false); - mapper.setAttributePrefix("ROLE_"); - testGetGrantedAuthorities(mapper, roles, expectedGas); - } + public final void testGetGrantedAuthoritiesDontAddPrefixIfAlreadyExisting1() { + String[] roles = { "Role1", "Role2", "ROLE_Role3" }; + String[] expectedGas = { "ROLE_Role1", "ROLE_Role2", "ROLE_Role3" }; + SimpleAttributes2GrantedAuthoritiesMapper mapper = getDefaultMapper(); + mapper.setAddPrefixIfAlreadyExisting(false); + mapper.setAttributePrefix("ROLE_"); + testGetGrantedAuthorities(mapper, roles, expectedGas); + } - public final void testGetGrantedAuthoritiesDontAddPrefixIfAlreadyExisting2() { - String[] roles = { "Role1", "Role2", "role_Role3" }; - String[] expectedGas = { "ROLE_Role1", "ROLE_Role2", "ROLE_role_Role3" }; - SimpleAttributes2GrantedAuthoritiesMapper mapper = getDefaultMapper(); - mapper.setAddPrefixIfAlreadyExisting(false); - mapper.setAttributePrefix("ROLE_"); - testGetGrantedAuthorities(mapper, roles, expectedGas); - } + public final void testGetGrantedAuthoritiesDontAddPrefixIfAlreadyExisting2() { + String[] roles = { "Role1", "Role2", "role_Role3" }; + String[] expectedGas = { "ROLE_Role1", "ROLE_Role2", "ROLE_role_Role3" }; + SimpleAttributes2GrantedAuthoritiesMapper mapper = getDefaultMapper(); + mapper.setAddPrefixIfAlreadyExisting(false); + mapper.setAttributePrefix("ROLE_"); + testGetGrantedAuthorities(mapper, roles, expectedGas); + } - public final void testGetGrantedAuthoritiesCombination1() { - String[] roles = { "Role1", "Role2", "role_Role3" }; - String[] expectedGas = { "ROLE_ROLE1", "ROLE_ROLE2", "ROLE_ROLE3" }; - SimpleAttributes2GrantedAuthoritiesMapper mapper = getDefaultMapper(); - mapper.setAddPrefixIfAlreadyExisting(false); - mapper.setConvertAttributeToUpperCase(true); - mapper.setAttributePrefix("ROLE_"); - testGetGrantedAuthorities(mapper, roles, expectedGas); - } + public final void testGetGrantedAuthoritiesCombination1() { + String[] roles = { "Role1", "Role2", "role_Role3" }; + String[] expectedGas = { "ROLE_ROLE1", "ROLE_ROLE2", "ROLE_ROLE3" }; + SimpleAttributes2GrantedAuthoritiesMapper mapper = getDefaultMapper(); + mapper.setAddPrefixIfAlreadyExisting(false); + mapper.setConvertAttributeToUpperCase(true); + mapper.setAttributePrefix("ROLE_"); + testGetGrantedAuthorities(mapper, roles, expectedGas); + } - private void testGetGrantedAuthorities(SimpleAttributes2GrantedAuthoritiesMapper mapper, String[] roles, String[] expectedGas) { - GrantedAuthority[] result = mapper.getGrantedAuthorities(roles); - Collection resultColl = new ArrayList(result.length); - for (int i = 0; i < result.length; i++) { - resultColl.add(result[i].getAuthority()); - } - Collection expectedColl = Arrays.asList(expectedGas); - assertTrue("Role collections do not match; result: " + resultColl + ", expected: " + expectedColl, expectedColl - .containsAll(resultColl) - && resultColl.containsAll(expectedColl)); - } + private void testGetGrantedAuthorities(SimpleAttributes2GrantedAuthoritiesMapper mapper, String[] roles, String[] expectedGas) { + List result = mapper.getGrantedAuthorities(Arrays.asList(roles)); + Collection resultColl = new ArrayList(result.size()); + for (int i = 0; i < result.size(); i++) { + resultColl.add(result.get(i).getAuthority()); + } + Collection expectedColl = Arrays.asList(expectedGas); + assertTrue("Role collections do not match; result: " + resultColl + ", expected: " + expectedColl, expectedColl + .containsAll(resultColl) + && resultColl.containsAll(expectedColl)); + } - private SimpleAttributes2GrantedAuthoritiesMapper getDefaultMapper() { - SimpleAttributes2GrantedAuthoritiesMapper mapper = new SimpleAttributes2GrantedAuthoritiesMapper(); - mapper.setAttributePrefix(""); - mapper.setConvertAttributeToLowerCase(false); - mapper.setConvertAttributeToUpperCase(false); - mapper.setAddPrefixIfAlreadyExisting(false); - return mapper; - } + private SimpleAttributes2GrantedAuthoritiesMapper getDefaultMapper() { + SimpleAttributes2GrantedAuthoritiesMapper mapper = new SimpleAttributes2GrantedAuthoritiesMapper(); + mapper.setAttributePrefix(""); + mapper.setConvertAttributeToLowerCase(false); + mapper.setConvertAttributeToUpperCase(false); + mapper.setAddPrefixIfAlreadyExisting(false); + return mapper; + } } diff --git a/core/src/test/java/org/springframework/security/config/LdapProviderBeanDefinitionParserTests.java b/core/src/test/java/org/springframework/security/config/LdapProviderBeanDefinitionParserTests.java index 4b2bf59769..a5cf801472 100644 --- a/core/src/test/java/org/springframework/security/config/LdapProviderBeanDefinitionParserTests.java +++ b/core/src/test/java/org/springframework/security/config/LdapProviderBeanDefinitionParserTests.java @@ -38,15 +38,15 @@ public class LdapProviderBeanDefinitionParserTests { Authentication auth = provider.authenticate(new UsernamePasswordAuthenticationToken("ben", "benspassword")); LdapUserDetailsImpl ben = (LdapUserDetailsImpl) auth.getPrincipal(); - assertEquals(3, ben.getAuthorities().length); + assertEquals(3, ben.getAuthorities().size()); } - + @Test(expected = SecurityConfigurationException.class) public void missingServerEltCausesConfigException() { setContext(""); } - + @Test public void supportsPasswordComparisonAuthentication() { setContext(" " + @@ -54,10 +54,10 @@ public class LdapProviderBeanDefinitionParserTests { " " + ""); LdapAuthenticationProvider provider = getProvider(); - provider.authenticate(new UsernamePasswordAuthenticationToken("ben", "benspassword")); - } - - + provider.authenticate(new UsernamePasswordAuthenticationToken("ben", "benspassword")); + } + + @Test public void supportsPasswordComparisonAuthenticationWithHashAttribute() { setContext(" " + @@ -65,27 +65,27 @@ public class LdapProviderBeanDefinitionParserTests { " " + ""); LdapAuthenticationProvider provider = getProvider(); - provider.authenticate(new UsernamePasswordAuthenticationToken("ben", "ben")); - } - + provider.authenticate(new UsernamePasswordAuthenticationToken("ben", "ben")); + } + @Test public void supportsPasswordComparisonAuthenticationWithPasswordEncoder() { setContext(" " + - "" + - " " + - " " + - " " + - ""); + "" + + " " + + " " + + " " + + ""); LdapAuthenticationProvider provider = getProvider(); - provider.authenticate(new UsernamePasswordAuthenticationToken("ben", "ben")); - } + provider.authenticate(new UsernamePasswordAuthenticationToken("ben", "ben")); + } @Test public void detectsNonStandardServerId() { setContext(" " + ""); } - + @Test public void inetOrgContextMapperIsSupported() throws Exception { setContext( @@ -93,8 +93,8 @@ public class LdapProviderBeanDefinitionParserTests { ""); LdapAuthenticationProvider provider = getProvider(); assertTrue(FieldUtils.getFieldValue(provider, "userDetailsContextMapper") instanceof InetOrgPersonContextMapper); - } - + } + private void setContext(String context) { appCtx = new InMemoryXmlApplicationContext(context); } @@ -106,5 +106,5 @@ public class LdapProviderBeanDefinitionParserTests { LdapAuthenticationProvider provider = (LdapAuthenticationProvider) authManager.getProviders().get(0); return provider; - } + } } diff --git a/core/src/test/java/org/springframework/security/context/HttpSessionContextIntegrationFilterTests.java b/core/src/test/java/org/springframework/security/context/HttpSessionContextIntegrationFilterTests.java index f3f2f9ef78..4e7d5803a5 100644 --- a/core/src/test/java/org/springframework/security/context/HttpSessionContextIntegrationFilterTests.java +++ b/core/src/test/java/org/springframework/security/context/HttpSessionContextIntegrationFilterTests.java @@ -18,11 +18,9 @@ package org.springframework.security.context; import junit.framework.TestCase; import org.springframework.security.Authentication; -import org.springframework.security.GrantedAuthority; -import org.springframework.security.GrantedAuthorityImpl; import org.springframework.security.MockFilterConfig; - -import org.springframework.security.adapters.PrincipalSpringSecurityUserToken; +import org.springframework.security.providers.UsernamePasswordAuthenticationToken; +import org.springframework.security.util.AuthorityUtils; import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; @@ -44,342 +42,316 @@ import javax.servlet.ServletResponse; * 02:04:47Z benalex $ */ public class HttpSessionContextIntegrationFilterTests extends TestCase { - //~ Constructors =================================================================================================== + // Build an Authentication object we simulate came from HttpSession + private UsernamePasswordAuthenticationToken sessionPrincipal = new UsernamePasswordAuthenticationToken( + "someone", + "password", + AuthorityUtils.createAuthorityList("SOME_ROLE")); - public HttpSessionContextIntegrationFilterTests() { - } - public HttpSessionContextIntegrationFilterTests(String arg0) { - super(arg0); - } + //~ Methods ======================================================================================================== - //~ Methods ======================================================================================================== + private static void executeFilterInContainerSimulator( + FilterConfig filterConfig, Filter filter, ServletRequest request, + ServletResponse response, FilterChain filterChain) + throws ServletException, IOException { + filter.init(filterConfig); + filter.doFilter(request, response, filterChain); + filter.destroy(); + } - private static void executeFilterInContainerSimulator( - FilterConfig filterConfig, Filter filter, ServletRequest request, - ServletResponse response, FilterChain filterChain) - throws ServletException, IOException { - filter.init(filterConfig); - filter.doFilter(request, response, filterChain); - filter.destroy(); - } + public void testDetectsIncompatibleSessionProperties() throws Exception { + HttpSessionContextIntegrationFilter filter = new HttpSessionContextIntegrationFilter(); - public void testDetectsIncompatibleSessionProperties() throws Exception { - HttpSessionContextIntegrationFilter filter = new HttpSessionContextIntegrationFilter(); + try { + filter.setAllowSessionCreation(false); + filter.setForceEagerSessionCreation(true); + filter.afterPropertiesSet(); + fail("Shown have thrown IllegalArgumentException"); + } catch (IllegalArgumentException expected) { + assertTrue(true); + } - try { - filter.setAllowSessionCreation(false); - filter.setForceEagerSessionCreation(true); - filter.afterPropertiesSet(); - fail("Shown have thrown IllegalArgumentException"); - } catch (IllegalArgumentException expected) { - assertTrue(true); - } + filter.setAllowSessionCreation(true); + filter.afterPropertiesSet(); + assertTrue(true); + } - filter.setAllowSessionCreation(true); - filter.afterPropertiesSet(); - assertTrue(true); - } + public void testDetectsMissingOrInvalidContext() throws Exception { + HttpSessionContextIntegrationFilter filter = new HttpSessionContextIntegrationFilter(); - public void testDetectsMissingOrInvalidContext() throws Exception { - HttpSessionContextIntegrationFilter filter = new HttpSessionContextIntegrationFilter(); + try { + filter.setContextClass(null); + filter.afterPropertiesSet(); + fail("Shown have thrown IllegalArgumentException"); + } catch (IllegalArgumentException expected) { + assertTrue(true); + } - try { - filter.setContextClass(null); - filter.afterPropertiesSet(); - fail("Shown have thrown IllegalArgumentException"); - } catch (IllegalArgumentException expected) { - assertTrue(true); - } + try { + filter.setContextClass(Integer.class); + assertEquals(Integer.class, filter.getContextClass()); + filter.afterPropertiesSet(); + fail("Shown have thrown IllegalArgumentException"); + } catch (IllegalArgumentException expected) { + assertTrue(true); + } + } - try { - filter.setContextClass(Integer.class); - assertEquals(Integer.class, filter.getContextClass()); - filter.afterPropertiesSet(); - fail("Shown have thrown IllegalArgumentException"); - } catch (IllegalArgumentException expected) { - assertTrue(true); - } - } + public void testExceptionWithinFilterChainStillClearsSecurityContextHolder() throws Exception { - public void testExceptionWithinFilterChainStillClearsSecurityContextHolder() throws Exception { - // Build an Authentication object we simulate came from HttpSession - PrincipalSpringSecurityUserToken sessionPrincipal = new PrincipalSpringSecurityUserToken( - "key", - "someone", - "password", - new GrantedAuthority[] { new GrantedAuthorityImpl("SOME_ROLE") }, - null); + // Build a Context to store in HttpSession (simulating prior request) + SecurityContext sc = new SecurityContextImpl(); + sc.setAuthentication(sessionPrincipal); - // Build a Context to store in HttpSession (simulating prior request) - SecurityContext sc = new SecurityContextImpl(); - sc.setAuthentication(sessionPrincipal); + // Build a mock request + MockHttpServletRequest request = new MockHttpServletRequest(); + request.getSession().setAttribute( + HttpSessionContextIntegrationFilter.SPRING_SECURITY_CONTEXT_KEY, + sc); - // Build a mock request - MockHttpServletRequest request = new MockHttpServletRequest(); - request.getSession().setAttribute( - HttpSessionContextIntegrationFilter.SPRING_SECURITY_CONTEXT_KEY, - sc); + MockHttpServletResponse response = new MockHttpServletResponse(); + FilterChain chain = new MockFilterChain(sessionPrincipal, null, + new IOException()); - MockHttpServletResponse response = new MockHttpServletResponse(); - FilterChain chain = new MockFilterChain(sessionPrincipal, null, - new IOException()); + // Prepare filter + HttpSessionContextIntegrationFilter filter = new HttpSessionContextIntegrationFilter(); + filter.setContextClass(SecurityContextImpl.class); + filter.afterPropertiesSet(); - // Prepare filter - HttpSessionContextIntegrationFilter filter = new HttpSessionContextIntegrationFilter(); - filter.setContextClass(SecurityContextImpl.class); - filter.afterPropertiesSet(); + // Execute filter + try { + executeFilterInContainerSimulator(new MockFilterConfig(), filter, + request, response, chain); + fail("We should have received the IOException thrown inside the filter chain here"); + } catch (IOException ioe) { + assertTrue(true); + } - // Execute filter - try { - executeFilterInContainerSimulator(new MockFilterConfig(), filter, - request, response, chain); - fail("We should have received the IOException thrown inside the filter chain here"); - } catch (IOException ioe) { - assertTrue(true); - } - - // Check the SecurityContextHolder is null, even though an exception was - // thrown during chain - assertEquals(new SecurityContextImpl(), SecurityContextHolder.getContext()); - assertNull("Should have cleared FILTER_APPLIED", + // Check the SecurityContextHolder is null, even though an exception was + // thrown during chain + assertEquals(new SecurityContextImpl(), SecurityContextHolder.getContext()); + assertNull("Should have cleared FILTER_APPLIED", request.getAttribute(HttpSessionContextIntegrationFilter.FILTER_APPLIED)); - } + } - public void testExistingContextContentsCopiedIntoContextHolderFromSessionAndChangesToContextCopiedBackToSession() - throws Exception { - // Build an Authentication object we simulate came from HttpSession - PrincipalSpringSecurityUserToken sessionPrincipal = new PrincipalSpringSecurityUserToken( - "key", - "someone", - "password", - new GrantedAuthority[] { new GrantedAuthorityImpl("SOME_ROLE") }, - null); + public void testExistingContextContentsCopiedIntoContextHolderFromSessionAndChangesToContextCopiedBackToSession() + throws Exception { - // Build an Authentication object we simulate our Authentication changed - // it to - PrincipalSpringSecurityUserToken updatedPrincipal = new PrincipalSpringSecurityUserToken( - "key", "someone", "password", - new GrantedAuthority[] { new GrantedAuthorityImpl( - "SOME_DIFFERENT_ROLE") }, null); + // Build an Authentication object we simulate came from HttpSession + UsernamePasswordAuthenticationToken updatedPrincipal = new UsernamePasswordAuthenticationToken( + "someone", + "password", + AuthorityUtils.createAuthorityList("SOME_DIFFERENT_ROLE")); - // Build a Context to store in HttpSession (simulating prior request) - SecurityContext sc = new SecurityContextImpl(); - sc.setAuthentication(sessionPrincipal); + // Build a Context to store in HttpSession (simulating prior request) + SecurityContext sc = new SecurityContextImpl(); + sc.setAuthentication(sessionPrincipal); - // Build a mock request - MockHttpServletRequest request = new MockHttpServletRequest(); - request.getSession().setAttribute( - HttpSessionContextIntegrationFilter.SPRING_SECURITY_CONTEXT_KEY, - sc); + // Build a mock request + MockHttpServletRequest request = new MockHttpServletRequest(); + request.getSession().setAttribute( + HttpSessionContextIntegrationFilter.SPRING_SECURITY_CONTEXT_KEY, + sc); - MockHttpServletResponse response = new MockHttpServletResponse(); - FilterChain chain = new MockFilterChain(sessionPrincipal, - updatedPrincipal, null); + MockHttpServletResponse response = new MockHttpServletResponse(); + FilterChain chain = new MockFilterChain(sessionPrincipal, + updatedPrincipal, null); - // Prepare filter - HttpSessionContextIntegrationFilter filter = new HttpSessionContextIntegrationFilter(); - filter.setContextClass(SecurityContextImpl.class); - filter.afterPropertiesSet(); + // Prepare filter + HttpSessionContextIntegrationFilter filter = new HttpSessionContextIntegrationFilter(); + filter.setContextClass(SecurityContextImpl.class); + filter.afterPropertiesSet(); - // Execute filter - executeFilterInContainerSimulator(new MockFilterConfig(), filter, - request, response, chain); + // Execute filter + executeFilterInContainerSimulator(new MockFilterConfig(), filter, + request, response, chain); - // Obtain new/update Authentication from HttpSession - SecurityContext context = (SecurityContext) request.getSession().getAttribute( - HttpSessionContextIntegrationFilter.SPRING_SECURITY_CONTEXT_KEY); - assertEquals(updatedPrincipal, ((SecurityContext) context).getAuthentication()); - } + // Obtain new/update Authentication from HttpSession + SecurityContext context = (SecurityContext) request.getSession().getAttribute( + HttpSessionContextIntegrationFilter.SPRING_SECURITY_CONTEXT_KEY); + assertEquals(updatedPrincipal, ((SecurityContext) context).getAuthentication()); + } - public void testHttpSessionCreatedWhenContextHolderChanges() throws Exception { - // Build an Authentication object we simulate our Authentication changed it to - PrincipalSpringSecurityUserToken updatedPrincipal = new PrincipalSpringSecurityUserToken( - "key", "someone", "password", - new GrantedAuthority[] { new GrantedAuthorityImpl( - "SOME_DIFFERENT_ROLE") }, null); + public void testHttpSessionCreatedWhenContextHolderChanges() throws Exception { + // Build an Authentication object we simulate our Authentication changed it to + UsernamePasswordAuthenticationToken updatedPrincipal = new UsernamePasswordAuthenticationToken( + "someone", + "password", + AuthorityUtils.createAuthorityList("SOME_ROLE")); - // Build a mock request - MockHttpServletRequest request = new MockHttpServletRequest(); - MockHttpServletResponse response = new MockHttpServletResponse(); - FilterChain chain = new MockFilterChain(null, updatedPrincipal, null); + // Build a mock request + MockHttpServletRequest request = new MockHttpServletRequest(); + MockHttpServletResponse response = new MockHttpServletResponse(); + FilterChain chain = new MockFilterChain(null, updatedPrincipal, null); - // Prepare filter - HttpSessionContextIntegrationFilter filter = new HttpSessionContextIntegrationFilter(); - filter.setContextClass(SecurityContextImpl.class); - // don't call afterPropertiesSet to test case when Spring filter.afterPropertiesSet(); isn't called + // Prepare filter + HttpSessionContextIntegrationFilter filter = new HttpSessionContextIntegrationFilter(); + filter.setContextClass(SecurityContextImpl.class); + // don't call afterPropertiesSet to test case when Spring filter.afterPropertiesSet(); isn't called - // Execute filter - executeFilterInContainerSimulator(new MockFilterConfig(), filter, request, response, chain); + // Execute filter + executeFilterInContainerSimulator(new MockFilterConfig(), filter, request, response, chain); - // Obtain new/updated Authentication from HttpSession - SecurityContext context = (SecurityContext) request.getSession(false).getAttribute( - HttpSessionContextIntegrationFilter.SPRING_SECURITY_CONTEXT_KEY); - assertEquals(updatedPrincipal, ((SecurityContext) context).getAuthentication()); - } + // Obtain new/updated Authentication from HttpSession + SecurityContext context = (SecurityContext) request.getSession(false).getAttribute( + HttpSessionContextIntegrationFilter.SPRING_SECURITY_CONTEXT_KEY); + assertEquals(updatedPrincipal, ((SecurityContext) context).getAuthentication()); + } - public void testHttpSessionEagerlyCreatedWhenDirected() throws Exception { - // Build a mock request - MockHttpServletRequest request = new MockHttpServletRequest(null, null); - MockHttpServletResponse response = new MockHttpServletResponse(); - FilterChain chain = new MockFilterChain(null, null, null); + public void testHttpSessionEagerlyCreatedWhenDirected() throws Exception { + // Build a mock request + MockHttpServletRequest request = new MockHttpServletRequest(null, null); + MockHttpServletResponse response = new MockHttpServletResponse(); + FilterChain chain = new MockFilterChain(null, null, null); - // Prepare filter - HttpSessionContextIntegrationFilter filter = new HttpSessionContextIntegrationFilter(); - filter.setContextClass(SecurityContextImpl.class); - filter.setForceEagerSessionCreation(true); // non-default - filter.afterPropertiesSet(); + // Prepare filter + HttpSessionContextIntegrationFilter filter = new HttpSessionContextIntegrationFilter(); + filter.setContextClass(SecurityContextImpl.class); + filter.setForceEagerSessionCreation(true); // non-default + filter.afterPropertiesSet(); - // Execute filter - executeFilterInContainerSimulator(new MockFilterConfig(), filter, - request, response, chain); + // Execute filter + executeFilterInContainerSimulator(new MockFilterConfig(), filter, + request, response, chain); - // Check the session is not null - assertNotNull(request.getSession(false)); - } + // Check the session is not null + assertNotNull(request.getSession(false)); + } - public void testHttpSessionNotCreatedUnlessContextHolderChanges() throws Exception { - // Build a mock request - MockHttpServletRequest request = new MockHttpServletRequest(null, null); - MockHttpServletResponse response = new MockHttpServletResponse(); - FilterChain chain = new MockFilterChain(null, null, null); + public void testHttpSessionNotCreatedUnlessContextHolderChanges() throws Exception { + // Build a mock request + MockHttpServletRequest request = new MockHttpServletRequest(null, null); + MockHttpServletResponse response = new MockHttpServletResponse(); + FilterChain chain = new MockFilterChain(null, null, null); - // Prepare filter - HttpSessionContextIntegrationFilter filter = new HttpSessionContextIntegrationFilter(); - filter.setContextClass(SecurityContextImpl.class); - filter.afterPropertiesSet(); + // Prepare filter + HttpSessionContextIntegrationFilter filter = new HttpSessionContextIntegrationFilter(); + filter.setContextClass(SecurityContextImpl.class); + filter.afterPropertiesSet(); - // Execute filter - executeFilterInContainerSimulator(new MockFilterConfig(), filter, - request, response, chain); + // Execute filter + executeFilterInContainerSimulator(new MockFilterConfig(), filter, + request, response, chain); - // Check the session is null - assertNull(request.getSession(false)); - } + // Check the session is null + assertNull(request.getSession(false)); + } - public void testHttpSessionWithNonContextInWellKnownLocationIsOverwritten() throws Exception { - // Build an Authentication object we simulate our Authentication changed - // it to - PrincipalSpringSecurityUserToken updatedPrincipal = new PrincipalSpringSecurityUserToken( - "key", "someone", "password", - new GrantedAuthority[] { new GrantedAuthorityImpl( - "SOME_DIFFERENT_ROLE") }, null); + public void testHttpSessionWithNonContextInWellKnownLocationIsOverwritten() throws Exception { + // Build an Authentication object we simulate our Authentication changed it to + UsernamePasswordAuthenticationToken updatedPrincipal = new UsernamePasswordAuthenticationToken( + "someone", + "password", + AuthorityUtils.createAuthorityList("SOME_DIFFERENT_ROLE")); - // Build a mock request - MockHttpServletRequest request = new MockHttpServletRequest(); - request.getSession().setAttribute( - HttpSessionContextIntegrationFilter.SPRING_SECURITY_CONTEXT_KEY, - "NOT_A_CONTEXT_OBJECT"); + // Build a mock request + MockHttpServletRequest request = new MockHttpServletRequest(); + request.getSession().setAttribute( + HttpSessionContextIntegrationFilter.SPRING_SECURITY_CONTEXT_KEY, + "NOT_A_CONTEXT_OBJECT"); - MockHttpServletResponse response = new MockHttpServletResponse(); - FilterChain chain = new MockFilterChain(null, updatedPrincipal, null); + MockHttpServletResponse response = new MockHttpServletResponse(); + FilterChain chain = new MockFilterChain(null, updatedPrincipal, null); - // Prepare filter - HttpSessionContextIntegrationFilter filter = new HttpSessionContextIntegrationFilter(); - filter.setContextClass(SecurityContextImpl.class); - filter.afterPropertiesSet(); + // Prepare filter + HttpSessionContextIntegrationFilter filter = new HttpSessionContextIntegrationFilter(); + filter.setContextClass(SecurityContextImpl.class); + filter.afterPropertiesSet(); - // Execute filter - executeFilterInContainerSimulator(new MockFilterConfig(), filter, request, response, chain); + // Execute filter + executeFilterInContainerSimulator(new MockFilterConfig(), filter, request, response, chain); - // Obtain new/update Authentication from HttpSession - SecurityContext context = (SecurityContext) request.getSession().getAttribute( - HttpSessionContextIntegrationFilter.SPRING_SECURITY_CONTEXT_KEY); - assertEquals(updatedPrincipal, ((SecurityContext) context).getAuthentication()); - } + // Obtain new/update Authentication from HttpSession + SecurityContext context = (SecurityContext) request.getSession().getAttribute( + HttpSessionContextIntegrationFilter.SPRING_SECURITY_CONTEXT_KEY); + assertEquals(updatedPrincipal, ((SecurityContext) context).getAuthentication()); + } - public void testConcurrentThreadsLazilyChangeFilterAppliedValueToTrue() throws Exception { - PrincipalSpringSecurityUserToken sessionPrincipal = new PrincipalSpringSecurityUserToken( - "key", - "someone", - "password", - new GrantedAuthority[] { new GrantedAuthorityImpl("SOME_ROLE") }, - null); + public void testConcurrentThreadsLazilyChangeFilterAppliedValueToTrue() throws Exception { + // Build a Context to store in HttpSession (simulating prior request) + SecurityContext sc = new SecurityContextImpl(); + sc.setAuthentication(sessionPrincipal); - // Build a Context to store in HttpSession (simulating prior request) - SecurityContext sc = new SecurityContextImpl(); - sc.setAuthentication(sessionPrincipal); + MockHttpServletRequest request = new MockHttpServletRequest(); + request.getSession().setAttribute( + HttpSessionContextIntegrationFilter.SPRING_SECURITY_CONTEXT_KEY, + sc); + MockHttpServletResponse response = new MockHttpServletResponse(); - MockHttpServletRequest request = new MockHttpServletRequest(); - request.getSession().setAttribute( - HttpSessionContextIntegrationFilter.SPRING_SECURITY_CONTEXT_KEY, - sc); - MockHttpServletResponse response = new MockHttpServletResponse(); + // Prepare filter + HttpSessionContextIntegrationFilter filter = new HttpSessionContextIntegrationFilter(); + filter.setContextClass(SecurityContextImpl.class); + filter.afterPropertiesSet(); - // Prepare filter - HttpSessionContextIntegrationFilter filter = new HttpSessionContextIntegrationFilter(); - filter.setContextClass(SecurityContextImpl.class); - filter.afterPropertiesSet(); + for (int i = 0; i < 3; i++) { + ThreadRunner runner = new ThreadRunner(request, response, filter, + new MockFilterChain(sessionPrincipal, null, null)); + runner.start(); + } - for (int i = 0; i < 3; i++) { - ThreadRunner runner = new ThreadRunner(request, response, filter, - new MockFilterChain(sessionPrincipal, null, null)); - runner.start(); - } + } - } + //~ Inner Classes ================================================================================================== - // ~ Inner Classes - // ================================================================================================== + private class MockFilterChain extends TestCase implements FilterChain { + private Authentication changeContextHolder; + private Authentication expectedOnContextHolder; + private IOException toThrowDuringChain; - private class MockFilterChain extends TestCase implements FilterChain { - private Authentication changeContextHolder; - private Authentication expectedOnContextHolder; - private IOException toThrowDuringChain; + public MockFilterChain(Authentication expectedOnContextHolder, + Authentication changeContextHolder, + IOException toThrowDuringChain) { + this.expectedOnContextHolder = expectedOnContextHolder; + this.changeContextHolder = changeContextHolder; + this.toThrowDuringChain = toThrowDuringChain; + } - public MockFilterChain(Authentication expectedOnContextHolder, - Authentication changeContextHolder, - IOException toThrowDuringChain) { - this.expectedOnContextHolder = expectedOnContextHolder; - this.changeContextHolder = changeContextHolder; - this.toThrowDuringChain = toThrowDuringChain; - } + public void doFilter(ServletRequest arg0, ServletResponse arg1) throws IOException, ServletException { + if (expectedOnContextHolder != null) { + assertEquals(expectedOnContextHolder, SecurityContextHolder.getContext().getAuthentication()); + } - public void doFilter(ServletRequest arg0, ServletResponse arg1) throws IOException, ServletException { - if (expectedOnContextHolder != null) { - assertEquals(expectedOnContextHolder, SecurityContextHolder.getContext().getAuthentication()); - } + if (changeContextHolder != null) { + SecurityContext sc = SecurityContextHolder.getContext(); + sc.setAuthentication(changeContextHolder); + SecurityContextHolder.setContext(sc); + } - if (changeContextHolder != null) { - SecurityContext sc = SecurityContextHolder.getContext(); - sc.setAuthentication(changeContextHolder); - SecurityContextHolder.setContext(sc); - } + if (toThrowDuringChain != null) { + throw toThrowDuringChain; + } - if (toThrowDuringChain != null) { - throw toThrowDuringChain; - } + } + } - } - } + private static class ThreadRunner extends Thread { + private MockHttpServletRequest request; + private MockHttpServletResponse response; + private HttpSessionContextIntegrationFilter filter; + private MockFilterChain chain; - private static class ThreadRunner extends Thread { - private MockHttpServletRequest request; - private MockHttpServletResponse response; - private HttpSessionContextIntegrationFilter filter; - private MockFilterChain chain; + public ThreadRunner(MockHttpServletRequest request, + MockHttpServletResponse response, + HttpSessionContextIntegrationFilter filter, + MockFilterChain chain) { + this.request = request; + this.response = response; + this.filter = filter; + this.chain = chain; + } - public ThreadRunner(MockHttpServletRequest request, - MockHttpServletResponse response, - HttpSessionContextIntegrationFilter filter, - MockFilterChain chain) { - this.request = request; - this.response = response; - this.filter = filter; - this.chain = chain; - } + public void run() { + try { + // Execute filter + executeFilterInContainerSimulator(new MockFilterConfig(), filter, request, response, chain); - public void run() { - try { - // Execute filter - executeFilterInContainerSimulator(new MockFilterConfig(), filter, request, response, chain); + // Check the session is not null + assertNotNull(request.getSession(false)); + } catch (Exception e) { + e.printStackTrace(); + } + } - // Check the session is not null - assertNotNull(request.getSession(false)); - } catch (Exception e) { - e.printStackTrace(); - } - } - - } + } } diff --git a/core/src/test/java/org/springframework/security/ldap/populator/DefaultLdapAuthoritiesPopulatorTests.java b/core/src/test/java/org/springframework/security/ldap/populator/DefaultLdapAuthoritiesPopulatorTests.java index bec329b71d..3a1684e381 100644 --- a/core/src/test/java/org/springframework/security/ldap/populator/DefaultLdapAuthoritiesPopulatorTests.java +++ b/core/src/test/java/org/springframework/security/ldap/populator/DefaultLdapAuthoritiesPopulatorTests.java @@ -24,6 +24,7 @@ import org.springframework.ldap.core.DirContextAdapter; import org.springframework.ldap.core.DistinguishedName; import java.util.HashSet; +import java.util.List; import java.util.Set; import static org.junit.Assert.*; @@ -53,9 +54,9 @@ public class DefaultLdapAuthoritiesPopulatorTests extends AbstractLdapIntegratio DirContextAdapter ctx = new DirContextAdapter(new DistinguishedName("cn=notfound")); - GrantedAuthority[] authorities = populator.getGrantedAuthorities(ctx, "notfound"); - assertEquals(1, authorities.length); - assertEquals("ROLE_USER", authorities[0].getAuthority()); + List authorities = populator.getGrantedAuthorities(ctx, "notfound"); + assertEquals(1, authorities.size()); + assertEquals("ROLE_USER", authorities.get(0).getAuthority()); } @Test @@ -69,13 +70,13 @@ public class DefaultLdapAuthoritiesPopulatorTests extends AbstractLdapIntegratio DirContextAdapter ctx = new DirContextAdapter(new DistinguishedName("uid=ben,ou=people,dc=springframework,dc=org")); - GrantedAuthority[] authorities = populator.getGrantedAuthorities(ctx, "ben"); + List authorities = populator.getGrantedAuthorities(ctx, "ben"); - assertEquals("Should have 2 roles", 2, authorities.length); + assertEquals("Should have 2 roles", 2, authorities.size()); Set roles = new HashSet(); - roles.add(authorities[0].toString()); - roles.add(authorities[1].toString()); + roles.add(authorities.get(0).toString()); + roles.add(authorities.get(1).toString()); assertTrue(roles.contains("ROLE_DEVELOPER")); assertTrue(roles.contains("ROLE_MANAGER")); } @@ -88,10 +89,10 @@ public class DefaultLdapAuthoritiesPopulatorTests extends AbstractLdapIntegratio DirContextAdapter ctx = new DirContextAdapter(new DistinguishedName("uid=ben,ou=people,dc=springframework,dc=org")); - GrantedAuthority[] authorities = populator.getGrantedAuthorities(ctx, "manager"); + List authorities = populator.getGrantedAuthorities(ctx, "manager"); - assertEquals("Should have 1 role", 1, authorities.length); - assertEquals("ROLE_MANAGER", authorities[0].getAuthority()); + assertEquals("Should have 1 role", 1, authorities.size()); + assertEquals("ROLE_MANAGER", authorities.get(0).getAuthority()); } @Test @@ -101,12 +102,12 @@ public class DefaultLdapAuthoritiesPopulatorTests extends AbstractLdapIntegratio DirContextAdapter ctx = new DirContextAdapter(new DistinguishedName("uid=ben,ou=people,dc=springframework,dc=org")); - GrantedAuthority[] authorities = populator.getGrantedAuthorities(ctx, "manager"); + List authorities = populator.getGrantedAuthorities(ctx, "manager"); - assertEquals("Should have 2 roles", 2, authorities.length); + assertEquals("Should have 2 roles", 2, authorities.size()); Set roles = new HashSet(2); - roles.add(authorities[0].getAuthority()); - roles.add(authorities[1].getAuthority()); + roles.add(authorities.get(0).getAuthority()); + roles.add(authorities.get(1).getAuthority()); assertTrue(roles.contains("ROLE_MANAGER")); assertTrue(roles.contains("ROLE_DEVELOPER")); } @@ -119,13 +120,13 @@ public class DefaultLdapAuthoritiesPopulatorTests extends AbstractLdapIntegratio DirContextAdapter ctx = new DirContextAdapter(new DistinguishedName("uid=ben,ou=people,dc=springframework,dc=org")); - GrantedAuthority[] authorities = populator.getGrantedAuthorities(ctx, "manager"); + List authorities = populator.getGrantedAuthorities(ctx, "manager"); - assertEquals("Should have 3 roles", 3, authorities.length); + assertEquals("Should have 3 roles", 3, authorities.size()); Set roles = new HashSet(3); - roles.add(authorities[0].getAuthority()); - roles.add(authorities[1].getAuthority()); - roles.add(authorities[2].getAuthority()); + roles.add(authorities.get(0).getAuthority()); + roles.add(authorities.get(1).getAuthority()); + roles.add(authorities.get(2).getAuthority()); assertTrue(roles.contains("ROLE_MANAGER")); assertTrue(roles.contains("ROLE_DEVELOPER")); assertTrue(roles.contains("ROLE_SUBMANAGER")); @@ -134,15 +135,15 @@ public class DefaultLdapAuthoritiesPopulatorTests extends AbstractLdapIntegratio @Test public void testUserDnWithEscapedCharacterParameterReturnsExpectedRoles() { populator.setGroupRoleAttribute("ou"); - populator.setConvertToUpperCase(true); + populator.setConvertToUpperCase(true); populator.setGroupSearchFilter("(member={0})"); DirContextAdapter ctx = new DirContextAdapter(new DistinguishedName("cn=mouse\\, jerry,ou=people,dc=springframework,dc=org")); - GrantedAuthority[] authorities = populator.getGrantedAuthorities(ctx, "notused"); + List authorities = populator.getGrantedAuthorities(ctx, "notused"); + + assertEquals("Should have 1 role", 1, authorities.size()); + assertEquals("ROLE_MANAGER", authorities.get(0).getAuthority()); + } - assertEquals("Should have 1 role", 1, authorities.length); - assertEquals("ROLE_MANAGER", authorities[0].getAuthority()); - } - } diff --git a/core/src/test/java/org/springframework/security/ldap/populator/UserDetailsServiceLdapAuthoritiesPopulatorTests.java b/core/src/test/java/org/springframework/security/ldap/populator/UserDetailsServiceLdapAuthoritiesPopulatorTests.java index e103b77382..5cafae7e4b 100644 --- a/core/src/test/java/org/springframework/security/ldap/populator/UserDetailsServiceLdapAuthoritiesPopulatorTests.java +++ b/core/src/test/java/org/springframework/security/ldap/populator/UserDetailsServiceLdapAuthoritiesPopulatorTests.java @@ -1,5 +1,7 @@ package org.springframework.security.ldap.populator; +import java.util.List; + import org.springframework.security.userdetails.UserDetailsService; import org.springframework.security.userdetails.MockUserDetailsService; import org.springframework.security.GrantedAuthority; @@ -20,9 +22,9 @@ public class UserDetailsServiceLdapAuthoritiesPopulatorTests { public void delegationToUserDetailsServiceReturnsCorrectRoles() throws Exception { UserDetailsServiceLdapAuthoritiesPopulator populator = new UserDetailsServiceLdapAuthoritiesPopulator(uds); - GrantedAuthority[] auths = populator.getGrantedAuthorities(new DirContextAdapter(), "valid"); + List auths = populator.getGrantedAuthorities(new DirContextAdapter(), "valid"); - assertEquals(1, auths.length); - assertEquals("ROLE_USER", auths[0].getAuthority()); + assertEquals(1, auths.size()); + assertEquals("ROLE_USER", auths.get(0).getAuthority()); } } diff --git a/core/src/test/java/org/springframework/security/providers/AbstractAuthenticationTokenTests.java b/core/src/test/java/org/springframework/security/providers/AbstractAuthenticationTokenTests.java index a4a5d7c43f..593a109d89 100644 --- a/core/src/test/java/org/springframework/security/providers/AbstractAuthenticationTokenTests.java +++ b/core/src/test/java/org/springframework/security/providers/AbstractAuthenticationTokenTests.java @@ -15,10 +15,17 @@ package org.springframework.security.providers; +import static org.junit.Assert.*; + +import java.util.List; + import junit.framework.TestCase; +import org.junit.Before; +import org.junit.Test; import org.springframework.security.GrantedAuthority; import org.springframework.security.GrantedAuthorityImpl; +import org.springframework.security.util.AuthorityUtils; /** @@ -27,49 +34,28 @@ import org.springframework.security.GrantedAuthorityImpl; * @author Ben Alex * @version $Id$ */ -public class AbstractAuthenticationTokenTests extends TestCase { +public class AbstractAuthenticationTokenTests { //~ Instance fields ================================================================================================ - private GrantedAuthority[] authorities = null; - - //~ Constructors =================================================================================================== - - public AbstractAuthenticationTokenTests() { - super(); - } - - public AbstractAuthenticationTokenTests(String arg0) { - super(arg0); - } + private List authorities = null; //~ Methods ======================================================================================================== - public static void main(String[] args) { - junit.textui.TestRunner.run(AbstractAuthenticationTokenTests.class); - } - + @Before public final void setUp() throws Exception { - super.setUp(); - - authorities = new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO")}; + authorities = AuthorityUtils.createAuthorityList("ROLE_ONE","ROLE_TWO"); } + @Test(expected=UnsupportedOperationException.class) public void testAuthoritiesAreImmutable() { MockAuthenticationImpl token = new MockAuthenticationImpl("Test", "Password", authorities); - GrantedAuthority[] gotAuthorities = token.getAuthorities(); + List gotAuthorities = token.getAuthorities(); assertNotSame(authorities, gotAuthorities); - gotAuthorities[0] = new GrantedAuthorityImpl("ROLE_SUPER_USER"); - - // reget them and check nothing has changed - gotAuthorities = token.getAuthorities(); - assertEquals(2, gotAuthorities.length); - assertEquals(gotAuthorities[0], authorities[0]); - assertEquals(gotAuthorities[1], authorities[1]); - assertFalse(gotAuthorities[0].equals("ROLE_SUPER_USER")); - assertFalse(gotAuthorities[1].equals("ROLE_SUPER_USER")); + gotAuthorities.set(0, new GrantedAuthorityImpl("ROLE_SUPER_USER")); } + @Test public void testGetters() throws Exception { MockAuthenticationImpl token = new MockAuthenticationImpl("Test", "Password", authorities); assertEquals("Test", token.getPrincipal()); @@ -77,10 +63,11 @@ public class AbstractAuthenticationTokenTests extends TestCase { assertEquals("Test", token.getName()); } + @Test public void testHashCode() throws Exception { MockAuthenticationImpl token1 = new MockAuthenticationImpl("Test", "Password", authorities); MockAuthenticationImpl token2 = new MockAuthenticationImpl("Test", "Password", authorities); - MockAuthenticationImpl token3 = new MockAuthenticationImpl(null, null, new GrantedAuthority[] {}); + MockAuthenticationImpl token3 = new MockAuthenticationImpl(null, null, AuthorityUtils.NO_AUTHORITIES); assertEquals(token1.hashCode(), token2.hashCode()); assertTrue(token1.hashCode() != token3.hashCode()); @@ -89,6 +76,7 @@ public class AbstractAuthenticationTokenTests extends TestCase { assertTrue(token1.hashCode() != token2.hashCode()); } + @Test public void testObjectsEquals() throws Exception { MockAuthenticationImpl token1 = new MockAuthenticationImpl("Test", "Password", authorities); MockAuthenticationImpl token2 = new MockAuthenticationImpl("Test", "Password", authorities); @@ -100,14 +88,10 @@ public class AbstractAuthenticationTokenTests extends TestCase { MockAuthenticationImpl token4 = new MockAuthenticationImpl("Test_Changed", "Password", authorities); assertTrue(!token1.equals(token4)); - MockAuthenticationImpl token5 = new MockAuthenticationImpl("Test", "Password", - new GrantedAuthority[] { - new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO_CHANGED") - }); + MockAuthenticationImpl token5 = new MockAuthenticationImpl("Test", "Password", AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO_CHANGED")); assertTrue(!token1.equals(token5)); - MockAuthenticationImpl token6 = new MockAuthenticationImpl("Test", "Password", - new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE")}); + MockAuthenticationImpl token6 = new MockAuthenticationImpl("Test", "Password", AuthorityUtils.createAuthorityList("ROLE_ONE")); assertTrue(!token1.equals(token6)); MockAuthenticationImpl token7 = new MockAuthenticationImpl("Test", "Password", null); @@ -117,6 +101,7 @@ public class AbstractAuthenticationTokenTests extends TestCase { assertTrue(!token1.equals(new Integer(100))); } + @Test public void testSetAuthenticated() throws Exception { MockAuthenticationImpl token = new MockAuthenticationImpl("Test", "Password", authorities); assertTrue(!token.isAuthenticated()); @@ -124,11 +109,13 @@ public class AbstractAuthenticationTokenTests extends TestCase { assertTrue(token.isAuthenticated()); } + @Test public void testToStringWithAuthorities() { MockAuthenticationImpl token = new MockAuthenticationImpl("Test", "Password", authorities); assertTrue(token.toString().lastIndexOf("ROLE_TWO") != -1); } + @Test public void testToStringWithNullAuthorities() { MockAuthenticationImpl token = new MockAuthenticationImpl("Test", "Password", null); assertTrue(token.toString().lastIndexOf("Not granted any authorities") != -1); @@ -140,7 +127,7 @@ public class AbstractAuthenticationTokenTests extends TestCase { private Object credentials; private Object principal; - public MockAuthenticationImpl(Object principal, Object credentials, GrantedAuthority[] authorities) { + public MockAuthenticationImpl(Object principal, Object credentials, List authorities) { super(authorities); this.principal = principal; this.credentials = credentials; diff --git a/core/src/test/java/org/springframework/security/providers/ProviderManagerTests.java b/core/src/test/java/org/springframework/security/providers/ProviderManagerTests.java index 9d95173552..bfb8cfd06b 100644 --- a/core/src/test/java/org/springframework/security/providers/ProviderManagerTests.java +++ b/core/src/test/java/org/springframework/security/providers/ProviderManagerTests.java @@ -25,7 +25,9 @@ import org.springframework.security.AccountStatusException; import org.springframework.security.concurrent.ConcurrentSessionControllerImpl; import org.springframework.security.concurrent.NullConcurrentSessionController; import org.springframework.security.concurrent.ConcurrentLoginException; +import org.springframework.security.util.AuthorityUtils; +import java.util.ArrayList; import java.util.Arrays; import java.util.List; import java.util.Vector; @@ -55,8 +57,7 @@ public class ProviderManagerTests { @Test public void authenticationSucceedsWithSupportedTokenAndReturnsExpectedObject() throws Exception { - TestingAuthenticationToken token = new TestingAuthenticationToken("Test", "Password", - new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO")}); + TestingAuthenticationToken token = new TestingAuthenticationToken("Test", "Password","ROLE_ONE","ROLE_TWO"); ProviderManager mgr = makeProviderManager(); mgr.setApplicationEventPublisher(new MockApplicationEventPublisher(true)); @@ -70,15 +71,12 @@ public class ProviderManagerTests { TestingAuthenticationToken castResult = (TestingAuthenticationToken) result; assertEquals("Test", castResult.getPrincipal()); assertEquals("Password", castResult.getCredentials()); - assertEquals("ROLE_ONE", castResult.getAuthorities()[0].getAuthority()); - assertEquals("ROLE_TWO", castResult.getAuthorities()[1].getAuthority()); + assertEquals(AuthorityUtils.createAuthorityList("ROLE_ONE","ROLE_TWO"), castResult.getAuthorities()); } @Test public void authenticationSuccessWhenFirstProviderReturnsNullButSecondAuthenticates() { - TestingAuthenticationToken token = new TestingAuthenticationToken("Test", "Password", - new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO")}); - + TestingAuthenticationToken token = new TestingAuthenticationToken("Test", "Password","ROLE_ONE","ROLE_TWO"); ProviderManager mgr = makeProviderManagerWithMockProviderWhichReturnsNullInList(); mgr.setApplicationEventPublisher(new MockApplicationEventPublisher(true)); @@ -91,8 +89,8 @@ public class ProviderManagerTests { TestingAuthenticationToken castResult = (TestingAuthenticationToken) result; assertEquals("Test", castResult.getPrincipal()); assertEquals("Password", castResult.getCredentials()); - assertEquals("ROLE_ONE", castResult.getAuthorities()[0].getAuthority()); - assertEquals("ROLE_TWO", castResult.getAuthorities()[1].getAuthority()); + assertEquals("ROLE_ONE", castResult.getAuthorities().get(0).getAuthority()); + assertEquals("ROLE_TWO", castResult.getAuthorities().get(1).getAuthority()); } @Test @@ -193,7 +191,7 @@ public class ProviderManagerTests { } private TestingAuthenticationToken createAuthenticationToken() { - return new TestingAuthenticationToken("name", "password", new GrantedAuthorityImpl[0]); + return new TestingAuthenticationToken("name", "password", new ArrayList(0)); } private ProviderManager makeProviderManager() throws Exception { @@ -221,7 +219,7 @@ public class ProviderManagerTests { return mgr; } - + //~ Inner Classes ================================================================================================== private class MockProvider implements AuthenticationProvider { diff --git a/core/src/test/java/org/springframework/security/providers/TestingAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/providers/TestingAuthenticationProviderTests.java index 07c3e0a55e..116cbcba84 100644 --- a/core/src/test/java/org/springframework/security/providers/TestingAuthenticationProviderTests.java +++ b/core/src/test/java/org/springframework/security/providers/TestingAuthenticationProviderTests.java @@ -18,9 +18,6 @@ package org.springframework.security.providers; import junit.framework.TestCase; import org.springframework.security.Authentication; -import org.springframework.security.GrantedAuthority; -import org.springframework.security.GrantedAuthorityImpl; - /** * Tests {@link TestingAuthenticationProvider}. @@ -29,41 +26,19 @@ import org.springframework.security.GrantedAuthorityImpl; * @version $Id$ */ public class TestingAuthenticationProviderTests extends TestCase { - //~ Constructors =================================================================================================== - - public TestingAuthenticationProviderTests() { - super(); - } - - public TestingAuthenticationProviderTests(String arg0) { - super(arg0); - } - - //~ Methods ======================================================================================================== - - public static void main(String[] args) { - junit.textui.TestRunner.run(TestingAuthenticationProviderTests.class); - } - - public final void setUp() throws Exception { - super.setUp(); - } public void testAuthenticates() { TestingAuthenticationProvider provider = new TestingAuthenticationProvider(); - TestingAuthenticationToken token = new TestingAuthenticationToken("Test", "Password", - new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO")}); + TestingAuthenticationToken token = new TestingAuthenticationToken("Test", "Password","ROLE_ONE","ROLE_TWO"); Authentication result = provider.authenticate(token); - if (!(result instanceof TestingAuthenticationToken)) { - fail("Should have returned instance of TestingAuthenticationToken"); - } + assertTrue(result instanceof TestingAuthenticationToken); TestingAuthenticationToken castResult = (TestingAuthenticationToken) result; assertEquals("Test", castResult.getPrincipal()); assertEquals("Password", castResult.getCredentials()); - assertEquals("ROLE_ONE", castResult.getAuthorities()[0].getAuthority()); - assertEquals("ROLE_TWO", castResult.getAuthorities()[1].getAuthority()); + assertEquals("ROLE_ONE", castResult.getAuthorities().get(0).getAuthority()); + assertEquals("ROLE_TWO", castResult.getAuthorities().get(1).getAuthority()); } public void testSupports() { diff --git a/core/src/test/java/org/springframework/security/providers/UsernamePasswordAuthenticationTokenTests.java b/core/src/test/java/org/springframework/security/providers/UsernamePasswordAuthenticationTokenTests.java index d43ffaf804..737db6223e 100644 --- a/core/src/test/java/org/springframework/security/providers/UsernamePasswordAuthenticationTokenTests.java +++ b/core/src/test/java/org/springframework/security/providers/UsernamePasswordAuthenticationTokenTests.java @@ -19,6 +19,7 @@ import junit.framework.TestCase; import org.springframework.security.GrantedAuthority; import org.springframework.security.GrantedAuthorityImpl; +import org.springframework.security.util.AuthorityUtils; /** @@ -49,9 +50,9 @@ public class UsernamePasswordAuthenticationTokenTests extends TestCase { } public void testAuthenticated() { - UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password", null); + UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password", AuthorityUtils.NO_AUTHORITIES); - // check default given we passed some GrantedAuthorty[]s (well, we passed null) + // check default given we passed some GrantedAuthorty[]s (well, we passed empty list) assertTrue(token.isAuthenticated()); // check explicit set to untrusted (we can safely go from trusted to untrusted, but not the reverse) @@ -81,8 +82,8 @@ public class UsernamePasswordAuthenticationTokenTests extends TestCase { new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO")}); assertEquals("Test", token.getPrincipal()); assertEquals("Password", token.getCredentials()); - assertEquals("ROLE_ONE", token.getAuthorities()[0].getAuthority()); - assertEquals("ROLE_TWO", token.getAuthorities()[1].getAuthority()); + assertEquals("ROLE_ONE", token.getAuthorities().get(0).getAuthority()); + assertEquals("ROLE_TWO", token.getAuthorities().get(1).getAuthority()); } public void testNoArgConstructorDoesntExist() { diff --git a/core/src/test/java/org/springframework/security/providers/anonymous/AnonymousAuthenticationTokenTests.java b/core/src/test/java/org/springframework/security/providers/anonymous/AnonymousAuthenticationTokenTests.java index 76e457cc6c..5c3772c4f6 100644 --- a/core/src/test/java/org/springframework/security/providers/anonymous/AnonymousAuthenticationTokenTests.java +++ b/core/src/test/java/org/springframework/security/providers/anonymous/AnonymousAuthenticationTokenTests.java @@ -29,26 +29,8 @@ import org.springframework.security.providers.UsernamePasswordAuthenticationToke * @version $Id$ */ public class AnonymousAuthenticationTokenTests extends TestCase { - //~ Constructors =================================================================================================== - - public AnonymousAuthenticationTokenTests() { - super(); - } - - public AnonymousAuthenticationTokenTests(String arg0) { - super(arg0); - } - //~ Methods ======================================================================================================== - public static void main(String[] args) { - junit.textui.TestRunner.run(AnonymousAuthenticationTokenTests.class); - } - - public final void setUp() throws Exception { - super.setUp(); - } - public void testConstructorRejectsNulls() { try { new AnonymousAuthenticationToken(null, "Test", @@ -66,12 +48,12 @@ public class AnonymousAuthenticationTokenTests extends TestCase { assertTrue(true); } - try { - new AnonymousAuthenticationToken("key", "Test", null); - fail("Should have thrown IllegalArgumentException"); - } catch (IllegalArgumentException expected) { - assertTrue(true); - } +// try { +// new AnonymousAuthenticationToken("key", "Test", null); +// fail("Should have thrown IllegalArgumentException"); +// } catch (IllegalArgumentException expected) { +// assertTrue(true); +// } try { new AnonymousAuthenticationToken("key", "Test", new GrantedAuthority[] {null}); @@ -105,8 +87,8 @@ public class AnonymousAuthenticationTokenTests extends TestCase { assertEquals("key".hashCode(), token.getKeyHash()); assertEquals("Test", token.getPrincipal()); assertEquals("", token.getCredentials()); - assertEquals("ROLE_ONE", token.getAuthorities()[0].getAuthority()); - assertEquals("ROLE_TWO", token.getAuthorities()[1].getAuthority()); + assertEquals("ROLE_ONE", token.getAuthorities().get(0).getAuthority()); + assertEquals("ROLE_TWO", token.getAuthorities().get(1).getAuthority()); assertTrue(token.isAuthenticated()); } diff --git a/core/src/test/java/org/springframework/security/providers/anonymous/AnonymousProcessingFilterTests.java b/core/src/test/java/org/springframework/security/providers/anonymous/AnonymousProcessingFilterTests.java index d50802c924..5f222296f4 100644 --- a/core/src/test/java/org/springframework/security/providers/anonymous/AnonymousProcessingFilterTests.java +++ b/core/src/test/java/org/springframework/security/providers/anonymous/AnonymousProcessingFilterTests.java @@ -150,8 +150,7 @@ public class AnonymousProcessingFilterTests extends TestCase { assertEquals(originalAuth, SecurityContextHolder.getContext().getAuthentication()); } - public void testOperationWhenNoAuthenticationInSecurityContextHolder() - throws Exception { + public void testOperationWhenNoAuthenticationInSecurityContextHolder() throws Exception { UserAttribute user = new UserAttribute(); user.setPassword("anonymousUsername"); user.addAuthority(new GrantedAuthorityImpl("ROLE_ANONYMOUS")); @@ -169,7 +168,7 @@ public class AnonymousProcessingFilterTests extends TestCase { Authentication auth = SecurityContextHolder.getContext().getAuthentication(); assertEquals("anonymousUsername", auth.getPrincipal()); - assertEquals(new GrantedAuthorityImpl("ROLE_ANONYMOUS"), auth.getAuthorities()[0]); + assertEquals(new GrantedAuthorityImpl("ROLE_ANONYMOUS"), auth.getAuthorities().get(0)); SecurityContextHolder.getContext().setAuthentication(null); // so anonymous fires again // Now test operation if we have removeAfterRequest = true diff --git a/core/src/test/java/org/springframework/security/providers/dao/DaoAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/providers/dao/DaoAuthenticationProviderTests.java index 5053aa246e..27a280bc22 100644 --- a/core/src/test/java/org/springframework/security/providers/dao/DaoAuthenticationProviderTests.java +++ b/core/src/test/java/org/springframework/security/providers/dao/DaoAuthenticationProviderTests.java @@ -69,18 +69,18 @@ public class DaoAuthenticationProviderTests extends TestCase { } public void testReceivedBadCredentialsWhenCredentialsNotProvided() { - // Test related to SEC-434 + // Test related to SEC-434 DaoAuthenticationProvider provider = new DaoAuthenticationProvider(); provider.setUserDetailsService(new MockAuthenticationDaoUserrod()); provider.setUserCache(new MockUserCache()); - UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken("rod", null); - try { - provider.authenticate(authenticationToken); - fail("Expected BadCredenialsException"); - } catch (BadCredentialsException expected) { - assertTrue(true); - } + UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken("rod", null); + try { + provider.authenticate(authenticationToken); + fail("Expected BadCredenialsException"); + } catch (BadCredentialsException expected) { + assertTrue(true); + } } public void testAuthenticateFailsIfAccountExpired() { @@ -263,8 +263,8 @@ public class DaoAuthenticationProviderTests extends TestCase { UsernamePasswordAuthenticationToken castResult = (UsernamePasswordAuthenticationToken) result; assertEquals(User.class, castResult.getPrincipal().getClass()); assertEquals("koala", castResult.getCredentials()); - assertEquals("ROLE_ONE", castResult.getAuthorities()[0].getAuthority()); - assertEquals("ROLE_TWO", castResult.getAuthorities()[1].getAuthority()); + assertEquals("ROLE_ONE", castResult.getAuthorities().get(0).getAuthority()); + assertEquals("ROLE_TWO", castResult.getAuthorities().get(1).getAuthority()); assertEquals("192.168.0.1", castResult.getDetails()); } @@ -313,8 +313,8 @@ public class DaoAuthenticationProviderTests extends TestCase { // We expect original credentials user submitted to be returned assertEquals("koala", castResult.getCredentials()); - assertEquals("ROLE_ONE", castResult.getAuthorities()[0].getAuthority()); - assertEquals("ROLE_TWO", castResult.getAuthorities()[1].getAuthority()); + assertEquals("ROLE_ONE", castResult.getAuthorities().get(0).getAuthority()); + assertEquals("ROLE_TWO", castResult.getAuthorities().get(1).getAuthority()); } public void testAuthenticatesWithForcePrincipalAsString() { diff --git a/core/src/test/java/org/springframework/security/providers/jaas/JaasAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/providers/jaas/JaasAuthenticationProviderTests.java index 5ebad58e0d..d3cdf00065 100644 --- a/core/src/test/java/org/springframework/security/providers/jaas/JaasAuthenticationProviderTests.java +++ b/core/src/test/java/org/springframework/security/providers/jaas/JaasAuthenticationProviderTests.java @@ -15,33 +15,30 @@ package org.springframework.security.providers.jaas; -import junit.framework.TestCase; - -import org.springframework.security.*; - -import org.springframework.security.context.HttpSessionContextIntegrationFilter; -import org.springframework.security.context.SecurityContextImpl; - -import org.springframework.security.providers.TestingAuthenticationToken; -import org.springframework.security.providers.UsernamePasswordAuthenticationToken; - -import org.springframework.security.ui.session.HttpSessionDestroyedEvent; - -import org.springframework.context.ApplicationContext; -import org.springframework.context.support.ClassPathXmlApplicationContext; - -import org.springframework.mock.web.MockHttpSession; - import java.net.URL; - import java.security.Security; - -import java.util.Arrays; import java.util.List; import javax.security.auth.login.LoginContext; import javax.security.auth.login.LoginException; +import junit.framework.TestCase; + +import org.springframework.context.ApplicationContext; +import org.springframework.context.support.ClassPathXmlApplicationContext; +import org.springframework.mock.web.MockHttpSession; +import org.springframework.security.Authentication; +import org.springframework.security.AuthenticationException; +import org.springframework.security.GrantedAuthority; +import org.springframework.security.GrantedAuthorityImpl; +import org.springframework.security.LockedException; +import org.springframework.security.SpringSecurityException; +import org.springframework.security.context.HttpSessionContextIntegrationFilter; +import org.springframework.security.context.SecurityContextImpl; +import org.springframework.security.providers.TestingAuthenticationToken; +import org.springframework.security.providers.UsernamePasswordAuthenticationToken; +import org.springframework.security.ui.session.HttpSessionDestroyedEvent; + /** * Tests for the JaasAuthenticationProvider @@ -155,14 +152,11 @@ public class JaasAuthenticationProviderTests extends TestCase { assertNotNull(jaasProvider.getLoginConfig()); assertNotNull(jaasProvider.getLoginContextName()); - List list = Arrays.asList(auth.getAuthorities()); + List list = auth.getAuthorities(); assertTrue("GrantedAuthorities should contain ROLE_TEST1", list.contains(new GrantedAuthorityImpl("ROLE_TEST1"))); - assertTrue("GrantedAuthorities should contain ROLE_TEST2", list.contains(new GrantedAuthorityImpl("ROLE_TEST2"))); - assertTrue("GrantedAuthorities should contain ROLE_1", list.contains(role1)); - assertTrue("GrantedAuthorities should contain ROLE_2", list.contains(role2)); boolean foundit = false; @@ -179,10 +173,10 @@ public class JaasAuthenticationProviderTests extends TestCase { assertTrue("Could not find a JaasGrantedAuthority", foundit); - assertNotNull("Success event not fired", eventCheck.successEvent); - assertEquals("Auth objects are not equal", auth, eventCheck.successEvent.getAuthentication()); + assertNotNull("Success event should be fired", eventCheck.successEvent); + assertEquals("Auth objects should be equal", auth, eventCheck.successEvent.getAuthentication()); - assertNull("Failure event was fired", eventCheck.failedEvent); + assertNull("Failure event should not be fired", eventCheck.failedEvent); } public void testGetApplicationEventPublisher() throws Exception { @@ -222,12 +216,12 @@ public class JaasAuthenticationProviderTests extends TestCase { } public void testNullDefaultAuthorities() { - UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password", null); + UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password"); assertTrue(jaasProvider.supports(UsernamePasswordAuthenticationToken.class)); Authentication auth = jaasProvider.authenticate(token); - assertTrue("Only ROLE_TEST1 and ROLE_TEST2 should have been returned", auth.getAuthorities().length == 2); + assertTrue("Only ROLE_TEST1 and ROLE_TEST2 should have been returned", auth.getAuthorities().size() == 2); } public void testUnsupportedAuthenticationObjectReturnsNull() { diff --git a/core/src/test/java/org/springframework/security/providers/ldap/LdapAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/providers/ldap/LdapAuthenticationProviderTests.java index 18d3e76858..3e7244d92d 100644 --- a/core/src/test/java/org/springframework/security/providers/ldap/LdapAuthenticationProviderTests.java +++ b/core/src/test/java/org/springframework/security/providers/ldap/LdapAuthenticationProviderTests.java @@ -23,6 +23,7 @@ import org.springframework.security.ldap.LdapAuthoritiesPopulator; import org.springframework.security.providers.UsernamePasswordAuthenticationToken; import org.springframework.security.userdetails.UserDetails; import org.springframework.security.userdetails.ldap.LdapUserDetailsMapper; +import org.springframework.security.util.AuthorityUtils; import org.springframework.ldap.core.DirContextAdapter; import org.springframework.ldap.core.DirContextOperations; import org.springframework.ldap.core.DistinguishedName; @@ -30,6 +31,7 @@ import org.springframework.ldap.core.DistinguishedName; import junit.framework.TestCase; import java.util.ArrayList; +import java.util.List; /** @@ -101,14 +103,14 @@ public class LdapAuthenticationProviderTests extends TestCase { Authentication authResult = ldapProvider.authenticate(authRequest); assertEquals("benspassword", authResult.getCredentials()); UserDetails user = (UserDetails) authResult.getPrincipal(); - assertEquals(2, user.getAuthorities().length); + assertEquals(2, user.getAuthorities().size()); assertEquals("{SHA}nFCebWjxfaLbHHG1Qk5UU4trbvQ=", user.getPassword()); assertEquals("ben", user.getUsername()); assertEquals("ben", populator.getRequestedUsername()); ArrayList authorities = new ArrayList(); - authorities.add(user.getAuthorities()[0].getAuthority()); - authorities.add(user.getAuthorities()[1].getAuthority()); + authorities.add(user.getAuthorities().get(0).getAuthority()); + authorities.add(user.getAuthorities().get(1).getAuthority()); assertTrue(authorities.contains("ROLE_FROM_ENTRY")); assertTrue(authorities.contains("ROLE_FROM_POPULATOR")); @@ -132,8 +134,8 @@ public class LdapAuthenticationProviderTests extends TestCase { ldapProvider.setUserDetailsContextMapper(userMapper); UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken("ben", "benspassword"); UserDetails user = (UserDetails) ldapProvider.authenticate(authRequest).getPrincipal(); - assertEquals(1, user.getAuthorities().length); - assertEquals("ROLE_FROM_ENTRY", user.getAuthorities()[0].getAuthority()); + assertEquals(1, user.getAuthorities().size()); + assertEquals("ROLE_FROM_ENTRY", user.getAuthorities().get(0).getAuthority()); } //~ Inner Classes ================================================================================================== @@ -165,9 +167,9 @@ public class LdapAuthenticationProviderTests extends TestCase { class MockAuthoritiesPopulator implements LdapAuthoritiesPopulator { String username; - public GrantedAuthority[] getGrantedAuthorities(DirContextOperations userCtx, String username) { + public List getGrantedAuthorities(DirContextOperations userCtx, String username) { this.username = username; - return new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_FROM_POPULATOR")}; + return AuthorityUtils.createAuthorityList("ROLE_FROM_POPULATOR"); } String getRequestedUsername() { diff --git a/core/src/test/java/org/springframework/security/providers/preauth/PreAuthenticatedAuthenticationTokenTests.java b/core/src/test/java/org/springframework/security/providers/preauth/PreAuthenticatedAuthenticationTokenTests.java index 3af8f164fb..d91cb1895b 100755 --- a/core/src/test/java/org/springframework/security/providers/preauth/PreAuthenticatedAuthenticationTokenTests.java +++ b/core/src/test/java/org/springframework/security/providers/preauth/PreAuthenticatedAuthenticationTokenTests.java @@ -9,49 +9,48 @@ import java.util.Collection; import junit.framework.TestCase; /** - * + * * @author TSARDD * @since 18-okt-2007 */ public class PreAuthenticatedAuthenticationTokenTests extends TestCase { - public void testPreAuthenticatedAuthenticationTokenRequestWithDetails() { - Object principal = "dummyUser"; - Object credentials = "dummyCredentials"; - Object details = "dummyDetails"; - PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken(principal, credentials); - token.setDetails(details); - assertEquals(principal, token.getPrincipal()); - assertEquals(credentials, token.getCredentials()); - assertEquals(details, token.getDetails()); - assertNull(token.getAuthorities()); - } + public void testPreAuthenticatedAuthenticationTokenRequestWithDetails() { + Object principal = "dummyUser"; + Object credentials = "dummyCredentials"; + Object details = "dummyDetails"; + PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken(principal, credentials); + token.setDetails(details); + assertEquals(principal, token.getPrincipal()); + assertEquals(credentials, token.getCredentials()); + assertEquals(details, token.getDetails()); + assertNull(token.getAuthorities()); + } - public void testPreAuthenticatedAuthenticationTokenRequestWithoutDetails() { - Object principal = "dummyUser"; - Object credentials = "dummyCredentials"; - PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken(principal, credentials); - assertEquals(principal, token.getPrincipal()); - assertEquals(credentials, token.getCredentials()); - assertNull(token.getDetails()); - assertNull(token.getAuthorities()); - } + public void testPreAuthenticatedAuthenticationTokenRequestWithoutDetails() { + Object principal = "dummyUser"; + Object credentials = "dummyCredentials"; + PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken(principal, credentials); + assertEquals(principal, token.getPrincipal()); + assertEquals(credentials, token.getCredentials()); + assertNull(token.getDetails()); + assertNull(token.getAuthorities()); + } - public void testPreAuthenticatedAuthenticationTokenResponse() { - Object principal = "dummyUser"; - Object credentials = "dummyCredentials"; - GrantedAuthority[] gas = new GrantedAuthority[] { new GrantedAuthorityImpl("Role1") }; - PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken(principal, credentials, gas); - assertEquals(principal, token.getPrincipal()); - assertEquals(credentials, token.getCredentials()); - assertNull(token.getDetails()); - assertNotNull(token.getAuthorities()); - Collection expectedColl = Arrays.asList(gas); - Collection resultColl = Arrays.asList(token.getAuthorities()); - assertTrue("GrantedAuthority collections do not match; result: " + resultColl + ", expected: " + expectedColl, expectedColl - .containsAll(resultColl) - && resultColl.containsAll(expectedColl)); + public void testPreAuthenticatedAuthenticationTokenResponse() { + Object principal = "dummyUser"; + Object credentials = "dummyCredentials"; + GrantedAuthority[] gas = new GrantedAuthority[] { new GrantedAuthorityImpl("Role1") }; + PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken(principal, credentials, gas); + assertEquals(principal, token.getPrincipal()); + assertEquals(credentials, token.getCredentials()); + assertNull(token.getDetails()); + assertNotNull(token.getAuthorities()); + Collection expectedColl = Arrays.asList(gas); + Collection resultColl = token.getAuthorities(); + assertTrue("GrantedAuthority collections do not match; result: " + resultColl + ", expected: " + expectedColl, + expectedColl.containsAll(resultColl) && resultColl.containsAll(expectedColl)); - } + } } diff --git a/core/src/test/java/org/springframework/security/providers/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsServiceTests.java b/core/src/test/java/org/springframework/security/providers/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsServiceTests.java index ca17e5f490..9470c9a6c3 100755 --- a/core/src/test/java/org/springframework/security/providers/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsServiceTests.java +++ b/core/src/test/java/org/springframework/security/providers/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsServiceTests.java @@ -1,80 +1,77 @@ package org.springframework.security.providers.preauth; -import org.springframework.security.GrantedAuthoritiesContainer; -import org.springframework.security.GrantedAuthorityImpl; -import org.springframework.security.GrantedAuthority; -import org.springframework.security.userdetails.UserDetails; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertTrue; import java.util.Arrays; import java.util.Collection; +import java.util.List; -import junit.framework.TestCase; +import org.junit.Test; +import org.springframework.security.GrantedAuthoritiesContainer; +import org.springframework.security.GrantedAuthority; +import org.springframework.security.userdetails.UserDetails; +import org.springframework.security.util.AuthorityUtils; /** - * + * * @author TSARDD * @since 18-okt-2007 */ -public class PreAuthenticatedGrantedAuthoritiesUserDetailsServiceTests extends TestCase { +public class PreAuthenticatedGrantedAuthoritiesUserDetailsServiceTests { - public final void testGetUserDetailsInvalidType() { - PreAuthenticatedGrantedAuthoritiesUserDetailsService svc = new PreAuthenticatedGrantedAuthoritiesUserDetailsService(); - PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken("dummy", "dummy"); - token.setDetails(new Object()); - try { - svc.loadUserDetails(token); - fail("Expected exception didn't occur"); - } catch (IllegalArgumentException expected) { - } - } + @Test(expected=IllegalArgumentException.class) + public void testGetUserDetailsInvalidType() { + PreAuthenticatedGrantedAuthoritiesUserDetailsService svc = new PreAuthenticatedGrantedAuthoritiesUserDetailsService(); + PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken("dummy", "dummy"); + token.setDetails(new Object()); + svc.loadUserDetails(token); + } - public final void testGetUserDetailsNoDetails() { - PreAuthenticatedGrantedAuthoritiesUserDetailsService svc = new PreAuthenticatedGrantedAuthoritiesUserDetailsService(); - PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken("dummy", "dummy"); - token.setDetails(null); - try { - svc.loadUserDetails(token); - fail("Expected exception didn't occur"); - } catch (IllegalArgumentException expected) { - } - } + @Test(expected=IllegalArgumentException.class) + public void testGetUserDetailsNoDetails() { + PreAuthenticatedGrantedAuthoritiesUserDetailsService svc = new PreAuthenticatedGrantedAuthoritiesUserDetailsService(); + PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken("dummy", "dummy"); + token.setDetails(null); + svc.loadUserDetails(token); + } - public final void testGetUserDetailsEmptyAuthorities() { - final String userName = "dummyUser"; - final GrantedAuthority[] gas = new GrantedAuthority[] {}; - testGetUserDetails(userName, gas); - } + @Test + public void testGetUserDetailsEmptyAuthorities() { + final String userName = "dummyUser"; + testGetUserDetails(userName, AuthorityUtils.NO_AUTHORITIES); + } - public final void testGetUserDetailsWithAuthorities() { - final String userName = "dummyUser"; - final GrantedAuthority[] gas = new GrantedAuthority[] { new GrantedAuthorityImpl("Role1"), new GrantedAuthorityImpl("Role2") }; - testGetUserDetails(userName, gas); - } + @Test + public void testGetUserDetailsWithAuthorities() { + final String userName = "dummyUser"; + testGetUserDetails(userName, AuthorityUtils.createAuthorityList("Role1", "Role2")); + } - private void testGetUserDetails(final String userName, final GrantedAuthority[] gas) { - PreAuthenticatedGrantedAuthoritiesUserDetailsService svc = new PreAuthenticatedGrantedAuthoritiesUserDetailsService(); - PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken(userName, "dummy"); - token.setDetails(new GrantedAuthoritiesContainer() { - public GrantedAuthority[] getGrantedAuthorities() { - return gas; - } - }); - UserDetails ud = svc.loadUserDetails(token); - assertTrue(ud.isAccountNonExpired()); - assertTrue(ud.isAccountNonLocked()); - assertTrue(ud.isCredentialsNonExpired()); - assertTrue(ud.isEnabled()); - assertEquals(ud.getUsername(), userName); + private void testGetUserDetails(final String userName, final List gas) { + PreAuthenticatedGrantedAuthoritiesUserDetailsService svc = new PreAuthenticatedGrantedAuthoritiesUserDetailsService(); + PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken(userName, "dummy"); + token.setDetails(new GrantedAuthoritiesContainer() { + public List getGrantedAuthorities() { + return gas; + } + }); + UserDetails ud = svc.loadUserDetails(token); + assertTrue(ud.isAccountNonExpired()); + assertTrue(ud.isAccountNonLocked()); + assertTrue(ud.isCredentialsNonExpired()); + assertTrue(ud.isEnabled()); + assertEquals(ud.getUsername(), userName); - //Password is not saved by - // PreAuthenticatedGrantedAuthoritiesUserDetailsService - //assertEquals(ud.getPassword(),password); + //Password is not saved by + // PreAuthenticatedGrantedAuthoritiesUserDetailsService + //assertEquals(ud.getPassword(),password); - Collection expectedColl = Arrays.asList(gas); - Collection resultColl = Arrays.asList(ud.getAuthorities()); - assertTrue("GrantedAuthority collections do not match; result: " + resultColl + ", expected: " + expectedColl, expectedColl - .containsAll(resultColl) - && resultColl.containsAll(expectedColl)); - } + Collection expectedColl = Arrays.asList(gas); + Collection resultColl = Arrays.asList(ud.getAuthorities()); + assertTrue("GrantedAuthority collections do not match; result: " + resultColl + ", expected: " + expectedColl, expectedColl + .containsAll(resultColl) + && resultColl.containsAll(expectedColl)); + } } diff --git a/core/src/test/java/org/springframework/security/providers/rcp/RemoteAuthenticationManagerImplTests.java b/core/src/test/java/org/springframework/security/providers/rcp/RemoteAuthenticationManagerImplTests.java index 662f7387fa..bb073178de 100644 --- a/core/src/test/java/org/springframework/security/providers/rcp/RemoteAuthenticationManagerImplTests.java +++ b/core/src/test/java/org/springframework/security/providers/rcp/RemoteAuthenticationManagerImplTests.java @@ -56,8 +56,7 @@ public class RemoteAuthenticationManagerImplTests extends TestCase { assertNotNull(manager.getAuthenticationManager()); } - public void testStartupChecksAuthenticationManagerSet() - throws Exception { + public void testStartupChecksAuthenticationManagerSet() throws Exception { RemoteAuthenticationManagerImpl manager = new RemoteAuthenticationManagerImpl(); try { diff --git a/core/src/test/java/org/springframework/security/providers/rcp/RemoteAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/providers/rcp/RemoteAuthenticationProviderTests.java index 72fbb8dd45..7caaa1ad44 100644 --- a/core/src/test/java/org/springframework/security/providers/rcp/RemoteAuthenticationProviderTests.java +++ b/core/src/test/java/org/springframework/security/providers/rcp/RemoteAuthenticationProviderTests.java @@ -82,7 +82,7 @@ public class RemoteAuthenticationProviderTests extends TestCase { Authentication result = provider.authenticate(new UsernamePasswordAuthenticationToken("rod", "password")); assertEquals("rod", result.getPrincipal()); assertEquals("password", result.getCredentials()); - assertEquals("foo", result.getAuthorities()[0].getAuthority()); + assertEquals("foo", result.getAuthorities().get(0).getAuthority()); } public void testSupports() { diff --git a/core/src/test/java/org/springframework/security/providers/rememberme/RememberMeAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/providers/rememberme/RememberMeAuthenticationProviderTests.java index fc8bbc5af8..814ca118bb 100644 --- a/core/src/test/java/org/springframework/security/providers/rememberme/RememberMeAuthenticationProviderTests.java +++ b/core/src/test/java/org/springframework/security/providers/rememberme/RememberMeAuthenticationProviderTests.java @@ -79,8 +79,7 @@ public class RememberMeAuthenticationProviderTests extends TestCase { RememberMeAuthenticationProvider aap = new RememberMeAuthenticationProvider(); aap.setKey("qwerty"); - TestingAuthenticationToken token = new TestingAuthenticationToken("user", "password", - new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_A")}); + TestingAuthenticationToken token = new TestingAuthenticationToken("user", "password","ROLE_A"); assertFalse(aap.supports(TestingAuthenticationToken.class)); // Try it anyway diff --git a/core/src/test/java/org/springframework/security/providers/rememberme/RememberMeAuthenticationTokenTests.java b/core/src/test/java/org/springframework/security/providers/rememberme/RememberMeAuthenticationTokenTests.java index 4898fdbba3..1cbe14ec12 100644 --- a/core/src/test/java/org/springframework/security/providers/rememberme/RememberMeAuthenticationTokenTests.java +++ b/core/src/test/java/org/springframework/security/providers/rememberme/RememberMeAuthenticationTokenTests.java @@ -91,22 +91,11 @@ public class RememberMeAuthenticationTokenTests extends TestCase { assertEquals("key".hashCode(), token.getKeyHash()); assertEquals("Test", token.getPrincipal()); assertEquals("", token.getCredentials()); - assertEquals("ROLE_ONE", token.getAuthorities()[0].getAuthority()); - assertEquals("ROLE_TWO", token.getAuthorities()[1].getAuthority()); + assertEquals("ROLE_ONE", token.getAuthorities().get(0).getAuthority()); + assertEquals("ROLE_TWO", token.getAuthorities().get(1).getAuthority()); assertTrue(token.isAuthenticated()); } - public void testNoArgConstructorDoesntExist() { - Class clazz = RememberMeAuthenticationToken.class; - - try { - clazz.getDeclaredConstructor((Class[]) null); - fail("Should have thrown NoSuchMethodException"); - } catch (NoSuchMethodException expected) { - assertTrue(true); - } - } - public void testNotEqualsDueToAbstractParentEqualsCheck() { RememberMeAuthenticationToken token1 = new RememberMeAuthenticationToken("key", "Test", new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO")}); diff --git a/core/src/test/java/org/springframework/security/providers/x509/X509AuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/providers/x509/X509AuthenticationProviderTests.java deleted file mode 100644 index e5bb761570..0000000000 --- a/core/src/test/java/org/springframework/security/providers/x509/X509AuthenticationProviderTests.java +++ /dev/null @@ -1,131 +0,0 @@ -/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.providers.x509; - -import junit.framework.TestCase; - -import org.springframework.security.Authentication; -import org.springframework.security.AuthenticationException; -import org.springframework.security.BadCredentialsException; -import org.springframework.security.GrantedAuthority; -import org.springframework.security.GrantedAuthorityImpl; - -import org.springframework.security.providers.UsernamePasswordAuthenticationToken; - -import org.springframework.security.userdetails.User; -import org.springframework.security.userdetails.UserDetails; - -import java.security.cert.X509Certificate; - - -/** - * Tests {@link X509AuthenticationProvider} - * - * @author Luke Taylor - * @version $Id$ - */ -public class X509AuthenticationProviderTests extends TestCase { - //~ Constructors =================================================================================================== - - public X509AuthenticationProviderTests() { - super(); - } - - public X509AuthenticationProviderTests(String arg0) { - super(arg0); - } - - //~ Methods ======================================================================================================== - - public final void setUp() throws Exception { - super.setUp(); - } - - public void testAuthenticationIsNullWithUnsupportedToken() { - X509AuthenticationProvider provider = new X509AuthenticationProvider(); - Authentication request = new UsernamePasswordAuthenticationToken("dummy", "dummy"); - Authentication result = provider.authenticate(request); - assertNull(result); - } - - public void testFailsWithNullCertificate() { - X509AuthenticationProvider provider = new X509AuthenticationProvider(); - - provider.setX509AuthoritiesPopulator(new MockAuthoritiesPopulator(false)); - - try { - provider.authenticate(new X509AuthenticationToken(null)); - fail("Should have thrown BadCredentialsException"); - } catch (BadCredentialsException e) { - //ignore - } - } - - public void testNormalOperation() throws Exception { - X509AuthenticationProvider provider = new X509AuthenticationProvider(); - - provider.setX509AuthoritiesPopulator(new MockAuthoritiesPopulator(false)); - provider.afterPropertiesSet(); - - Authentication result = provider.authenticate(X509TestUtils.createToken()); - - assertNotNull(result); - assertNotNull(result.getAuthorities()); - } - - public void testPopulatorRejectionCausesFailure() throws Exception { - X509AuthenticationProvider provider = new X509AuthenticationProvider(); - provider.setX509AuthoritiesPopulator(new MockAuthoritiesPopulator(true)); - - try { - provider.authenticate(X509TestUtils.createToken()); - fail("Should have thrown BadCredentialsException"); - } catch (BadCredentialsException e) { - //ignore - } - } - - public void testRequiresPopulator() throws Exception { - X509AuthenticationProvider provider = new X509AuthenticationProvider(); - - try { - provider.afterPropertiesSet(); - fail("Should have thrown IllegalArgumentException"); - } catch (IllegalArgumentException failed) { - //ignored - } - } - - //~ Inner Classes ================================================================================================== - - public static class MockAuthoritiesPopulator implements X509AuthoritiesPopulator { - private boolean rejectCertificate; - - public MockAuthoritiesPopulator(boolean rejectCertificate) { - this.rejectCertificate = rejectCertificate; - } - - public UserDetails getUserDetails(X509Certificate userCertificate) - throws AuthenticationException { - if (rejectCertificate) { - throw new BadCredentialsException("Invalid Certificate"); - } - - return new User("user", "password", true, true, true, true, - new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_A"), new GrantedAuthorityImpl("ROLE_B")}); - } - } -} diff --git a/core/src/test/java/org/springframework/security/providers/x509/X509AuthenticationTokenTests.java b/core/src/test/java/org/springframework/security/providers/x509/X509AuthenticationTokenTests.java deleted file mode 100644 index 02bc5f2a0a..0000000000 --- a/core/src/test/java/org/springframework/security/providers/x509/X509AuthenticationTokenTests.java +++ /dev/null @@ -1,52 +0,0 @@ -/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.providers.x509; - -import junit.framework.TestCase; - - -/** - * Tests for {@link X509AuthenticationToken}. - * - * @author Luke Taylor - * @version $Id$ - */ -public class X509AuthenticationTokenTests extends TestCase { - //~ Constructors =================================================================================================== - - public X509AuthenticationTokenTests() {} - - public X509AuthenticationTokenTests(String s) { - super(s); - } - - //~ Methods ======================================================================================================== - - public void setUp() throws Exception { - super.setUp(); - } - - public void testAuthenticated() throws Exception { - X509AuthenticationToken token = X509TestUtils.createToken(); - assertTrue(!token.isAuthenticated()); - token.setAuthenticated(true); - assertTrue(token.isAuthenticated()); - } - - public void testEquals() throws Exception { - assertEquals(X509TestUtils.createToken(), X509TestUtils.createToken()); - } -} diff --git a/core/src/test/java/org/springframework/security/providers/x509/cache/EhCacheBasedX509UserCacheTests.java b/core/src/test/java/org/springframework/security/providers/x509/cache/EhCacheBasedX509UserCacheTests.java deleted file mode 100644 index 1c5f9173da..0000000000 --- a/core/src/test/java/org/springframework/security/providers/x509/cache/EhCacheBasedX509UserCacheTests.java +++ /dev/null @@ -1,89 +0,0 @@ -/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.providers.x509.cache; - -import net.sf.ehcache.Ehcache; -import net.sf.ehcache.CacheManager; -import net.sf.ehcache.Cache; - -import org.springframework.security.GrantedAuthority; -import org.springframework.security.GrantedAuthorityImpl; - -import org.springframework.security.providers.x509.X509TestUtils; - -import org.springframework.security.userdetails.User; -import org.springframework.security.userdetails.UserDetails; - - -import org.junit.BeforeClass; -import org.junit.AfterClass; -import org.junit.Test; -import static org.junit.Assert.*; - - -/** - * Tests for {@link EhCacheBasedX509UserCache}. - * - * @author Luke Taylor - * @version $Id$ - */ -public class EhCacheBasedX509UserCacheTests { - private static CacheManager cacheManager; - - //~ Methods ======================================================================================================== - - @BeforeClass - public static void initCacheManaer() { - cacheManager = new CacheManager(); - cacheManager.addCache(new Cache("x509cachetests", 500, false, false, 30, 30)); - } - - @AfterClass - public static void shutdownCacheManager() { - cacheManager.removalAll(); - cacheManager.shutdown(); - } - - private Ehcache getCache() { - Ehcache cache = cacheManager.getCache("x509cachetests"); - cache.removeAll(); - - return cache; - } - - private UserDetails getUser() { - return new User("rod", "password", true, true, true, true, - new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO")}); - } - - @Test - public void cacheOperationsAreSucessful() throws Exception { - EhCacheBasedX509UserCache cache = new EhCacheBasedX509UserCache(); - cache.setCache(getCache()); - cache.afterPropertiesSet(); - - // Check it gets stored in the cache - cache.putUserInCache(X509TestUtils.buildTestCertificate(), getUser()); - assertEquals(getUser().getPassword(), cache.getUserFromCache(X509TestUtils.buildTestCertificate()).getPassword()); - - // Check it gets removed from the cache - cache.removeUserFromCache(X509TestUtils.buildTestCertificate()); - assertNull(cache.getUserFromCache(X509TestUtils.buildTestCertificate())); - - // Check it doesn't return values for null user - assertNull(cache.getUserFromCache(null)); - } -} diff --git a/core/src/test/java/org/springframework/security/providers/x509/populator/DaoX509AuthoritiesPopulatorTests.java b/core/src/test/java/org/springframework/security/providers/x509/populator/DaoX509AuthoritiesPopulatorTests.java deleted file mode 100644 index 84966f44fe..0000000000 --- a/core/src/test/java/org/springframework/security/providers/x509/populator/DaoX509AuthoritiesPopulatorTests.java +++ /dev/null @@ -1,146 +0,0 @@ -/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.providers.x509.populator; - -import junit.framework.TestCase; - -import org.springframework.security.BadCredentialsException; -import org.springframework.security.GrantedAuthority; -import org.springframework.security.GrantedAuthorityImpl; - -import org.springframework.security.providers.x509.X509TestUtils; - -import org.springframework.security.userdetails.User; -import org.springframework.security.userdetails.UserDetails; -import org.springframework.security.userdetails.UserDetailsService; -import org.springframework.security.userdetails.UsernameNotFoundException; - -import org.springframework.dao.DataAccessException; - -import java.security.cert.X509Certificate; - - -/** - * Tests for {@link DaoX509AuthoritiesPopulator} - * - * @author Luke Taylor - * @version $Id$ - */ -public class DaoX509AuthoritiesPopulatorTests extends TestCase { - //~ Constructors =================================================================================================== - - public DaoX509AuthoritiesPopulatorTests() { - } - - public DaoX509AuthoritiesPopulatorTests(String arg0) { - super(arg0); - } - - //~ Methods ======================================================================================================== - - public final void setUp() throws Exception { - super.setUp(); - } - - public void testDefaultCNPatternMatch() throws Exception { - X509Certificate cert = X509TestUtils.buildTestCertificate(); - DaoX509AuthoritiesPopulator populator = new DaoX509AuthoritiesPopulator(); - - populator.setUserDetailsService(new MockAuthenticationDaoMatchesNameOrEmail()); - populator.afterPropertiesSet(); - populator.getUserDetails(cert); - } - - public void testEmailPatternMatch() throws Exception { - X509Certificate cert = X509TestUtils.buildTestCertificate(); - DaoX509AuthoritiesPopulator populator = new DaoX509AuthoritiesPopulator(); - - populator.setUserDetailsService(new MockAuthenticationDaoMatchesNameOrEmail()); - populator.setSubjectDNRegex("emailAddress=(.*?),"); - populator.afterPropertiesSet(); - populator.getUserDetails(cert); - } - - public void testInvalidRegexFails() throws Exception { - DaoX509AuthoritiesPopulator populator = new DaoX509AuthoritiesPopulator(); - populator.setUserDetailsService(new MockAuthenticationDaoMatchesNameOrEmail()); - populator.setSubjectDNRegex("CN=(.*?,"); // missing closing bracket on group - - try { - populator.afterPropertiesSet(); - fail("Should have thrown IllegalArgumentException"); - } catch (IllegalArgumentException failed) { - // ignored - } - } - - public void testMatchOnShoeSizeFieldInDNFails() throws Exception { - X509Certificate cert = X509TestUtils.buildTestCertificate(); - DaoX509AuthoritiesPopulator populator = new DaoX509AuthoritiesPopulator(); - - populator.setUserDetailsService(new MockAuthenticationDaoMatchesNameOrEmail()); - populator.setSubjectDNRegex("shoeSize=(.*?),"); - populator.afterPropertiesSet(); - - try { - populator.getUserDetails(cert); - fail("Should have thrown BadCredentialsException."); - } catch (BadCredentialsException failed) { - // ignored - } - } - - public void testPatternWithNoGroupFails() throws Exception { - X509Certificate cert = X509TestUtils.buildTestCertificate(); - DaoX509AuthoritiesPopulator populator = new DaoX509AuthoritiesPopulator(); - - populator.setUserDetailsService(new MockAuthenticationDaoMatchesNameOrEmail()); - populator.setSubjectDNRegex("CN=.*?,"); - populator.afterPropertiesSet(); - - try { - populator.getUserDetails(cert); - fail("Should have thrown IllegalArgumentException for regexp without group"); - } catch (IllegalArgumentException e) { - // ignored - } - } - - public void testRequiresDao() throws Exception { - DaoX509AuthoritiesPopulator populator = new DaoX509AuthoritiesPopulator(); - - try { - populator.afterPropertiesSet(); - fail("Should have thrown IllegalArgumentException"); - } catch (IllegalArgumentException failed) { - // ignored - } - } - - //~ Inner Classes ================================================================================================== - - private class MockAuthenticationDaoMatchesNameOrEmail implements UserDetailsService { - public UserDetails loadUserByUsername(String username) - throws UsernameNotFoundException, DataAccessException { - if ("Luke Taylor".equals(username) || "luke@monkeymachine".equals(username)) { - return new User("luke", "monkey", true, true, true, true, - new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE")}); - } else { - throw new UsernameNotFoundException("Could not find: " + username); - } - } - } -} diff --git a/core/src/test/java/org/springframework/security/runas/RunAsManagerImplTests.java b/core/src/test/java/org/springframework/security/runas/RunAsManagerImplTests.java index d092bf3af5..0d1fbf365c 100644 --- a/core/src/test/java/org/springframework/security/runas/RunAsManagerImplTests.java +++ b/core/src/test/java/org/springframework/security/runas/RunAsManagerImplTests.java @@ -64,9 +64,9 @@ public class RunAsManagerImplTests extends TestCase { assertEquals(inputToken.getPrincipal(), resultingToken.getPrincipal()); assertEquals(inputToken.getCredentials(), resultingToken.getCredentials()); - assertEquals("FOOBAR_RUN_AS_SOMETHING", resultingToken.getAuthorities()[0].getAuthority()); - assertEquals("ONE", resultingToken.getAuthorities()[1].getAuthority()); - assertEquals("TWO", resultingToken.getAuthorities()[2].getAuthority()); + assertEquals("FOOBAR_RUN_AS_SOMETHING", resultingToken.getAuthorities().get(0).getAuthority()); + assertEquals("ONE", resultingToken.getAuthorities().get(1).getAuthority()); + assertEquals("TWO", resultingToken.getAuthorities().get(2).getAuthority()); RunAsUserToken resultCast = (RunAsUserToken) resultingToken; assertEquals("my_password".hashCode(), resultCast.getKeyHash()); @@ -87,9 +87,9 @@ public class RunAsManagerImplTests extends TestCase { assertEquals(inputToken.getPrincipal(), resultingToken.getPrincipal()); assertEquals(inputToken.getCredentials(), resultingToken.getCredentials()); - assertEquals("ROLE_RUN_AS_SOMETHING", resultingToken.getAuthorities()[0].getAuthority()); - assertEquals("ROLE_ONE", resultingToken.getAuthorities()[1].getAuthority()); - assertEquals("ROLE_TWO", resultingToken.getAuthorities()[2].getAuthority()); + assertEquals("ROLE_RUN_AS_SOMETHING", resultingToken.getAuthorities().get(0).getAuthority()); + assertEquals("ROLE_ONE", resultingToken.getAuthorities().get(1).getAuthority()); + assertEquals("ROLE_TWO", resultingToken.getAuthorities().get(2).getAuthority()); RunAsUserToken resultCast = (RunAsUserToken) resultingToken; assertEquals("my_password".hashCode(), resultCast.getKeyHash()); diff --git a/core/src/test/java/org/springframework/security/ui/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetailsTests.java b/core/src/test/java/org/springframework/security/ui/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetailsTests.java index 23e437459e..bb6b31a080 100755 --- a/core/src/test/java/org/springframework/security/ui/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetailsTests.java +++ b/core/src/test/java/org/springframework/security/ui/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetailsTests.java @@ -1,68 +1,65 @@ package org.springframework.security.ui.preauth; -import org.springframework.security.GrantedAuthorityImpl; -import org.springframework.security.GrantedAuthority; +import static org.junit.Assert.assertTrue; import java.util.Arrays; import java.util.Collection; import java.util.HashSet; +import java.util.List; import java.util.Set; import javax.servlet.http.HttpServletRequest; -import junit.framework.TestCase; - +import org.junit.Test; import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.security.GrantedAuthority; +import org.springframework.security.util.AuthorityUtils; /** * @author TSARDD */ -public class PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetailsTests extends TestCase { +public class PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetailsTests { + List gas = AuthorityUtils.createAuthorityList("Role1", "Role2"); - public final void testToString() { - PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails details = new PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails( - getRequest("testUser", new String[] {})); - GrantedAuthority[] gas = new GrantedAuthority[] { new GrantedAuthorityImpl("Role1"), new GrantedAuthorityImpl("Role2") }; - details.setGrantedAuthorities(gas); - String toString = details.toString(); - assertTrue("toString should contain Role1", toString.contains("Role1")); - assertTrue("toString should contain Role2", toString.contains("Role2")); - } + @Test + public void testToString() { + PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails details = new PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails( + getRequest("testUser", new String[] {})); + details.setGrantedAuthorities(gas); + String toString = details.toString(); + assertTrue("toString should contain Role1", toString.contains("Role1")); + assertTrue("toString should contain Role2", toString.contains("Role2")); + } - public final void testGetSetPreAuthenticatedGrantedAuthorities() { - PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails details = new PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails( - getRequest("testUser", new String[] {})); - GrantedAuthority[] gas = new GrantedAuthority[] { new GrantedAuthorityImpl("Role1"), new GrantedAuthorityImpl("Role2") }; - Collection expectedGas = Arrays.asList(gas); + @Test + public void testGetSetPreAuthenticatedGrantedAuthorities() { + PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails details = new PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails( + getRequest("testUser", new String[] {})); - details.setGrantedAuthorities(gas); - Collection returnedGas = Arrays.asList(details.getGrantedAuthorities()); - assertTrue("Collections do not contain same elements; expected: " + expectedGas + ", returned: " + returnedGas, - expectedGas.containsAll(returnedGas) && returnedGas.containsAll(expectedGas)); - } + Collection expectedGas = Arrays.asList(gas); - public final void testGetWithoutSetPreAuthenticatedGrantedAuthorities() { - PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails details = new PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails( - getRequest("testUser", new String[] {})); - try { - GrantedAuthority[] gas = details.getGrantedAuthorities(); - fail("Expected exception didn't occur"); - } catch (IllegalArgumentException expected) { - } catch (Exception unexpected) { - fail("Unexpected exception: " + unexpected.toString()); - } - } - - private final HttpServletRequest getRequest(final String userName,final String[] aRoles) - { - MockHttpServletRequest req = new MockHttpServletRequest() { - private Set roles = new HashSet(Arrays.asList(aRoles)); - public boolean isUserInRole(String arg0) { - return roles.contains(arg0); - } - }; - req.setRemoteUser(userName); - return req; - } + details.setGrantedAuthorities(gas); + Collection returnedGas = Arrays.asList(details.getGrantedAuthorities()); + assertTrue("Collections do not contain same elements; expected: " + expectedGas + ", returned: " + returnedGas, + expectedGas.containsAll(returnedGas) && returnedGas.containsAll(expectedGas)); + } + + @Test(expected=IllegalArgumentException.class) + public void testGetWithoutSetPreAuthenticatedGrantedAuthorities() { + PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails details = new PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails( + getRequest("testUser", new String[] {})); + List gas = details.getGrantedAuthorities(); + } + + private HttpServletRequest getRequest(final String userName,final String[] aRoles) { + MockHttpServletRequest req = new MockHttpServletRequest() { + private Set roles = new HashSet(Arrays.asList(aRoles)); + public boolean isUserInRole(String arg0) { + return roles.contains(arg0); + } + }; + req.setRemoteUser(userName); + return req; + } } diff --git a/core/src/test/java/org/springframework/security/ui/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests.java b/core/src/test/java/org/springframework/security/ui/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests.java index 31ace40b78..c14032def4 100755 --- a/core/src/test/java/org/springframework/security/ui/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests.java +++ b/core/src/test/java/org/springframework/security/ui/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests.java @@ -3,6 +3,7 @@ package org.springframework.security.ui.preauth.j2ee; import java.util.Arrays; import java.util.Collection; import java.util.HashSet; +import java.util.List; import java.util.Set; import javax.servlet.http.HttpServletRequest; @@ -24,125 +25,125 @@ import org.springframework.mock.web.MockHttpServletRequest; */ public class J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests extends TestCase { - public final void testAfterPropertiesSetException() { - J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource t = new J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource(); - try { - t.afterPropertiesSet(); - fail("AfterPropertiesSet didn't throw expected exception"); - } catch (IllegalArgumentException expected) { - } catch (Exception unexpected) { - fail("AfterPropertiesSet throws unexpected exception"); - } - } + public final void testAfterPropertiesSetException() { + J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource t = new J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource(); + try { + t.afterPropertiesSet(); + fail("AfterPropertiesSet didn't throw expected exception"); + } catch (IllegalArgumentException expected) { + } catch (Exception unexpected) { + fail("AfterPropertiesSet throws unexpected exception"); + } + } - public final void testBuildDetailsHttpServletRequestNoMappedNoUserRoles() { - String[] mappedRoles = new String[] {}; - String[] roles = new String[] {}; - String[] expectedRoles = new String[] {}; - testDetails(mappedRoles, roles, expectedRoles); - } + public final void testBuildDetailsHttpServletRequestNoMappedNoUserRoles() { + String[] mappedRoles = new String[] {}; + String[] roles = new String[] {}; + String[] expectedRoles = new String[] {}; + testDetails(mappedRoles, roles, expectedRoles); + } - public final void testBuildDetailsHttpServletRequestNoMappedUnmappedUserRoles() { - String[] mappedRoles = new String[] {}; - String[] roles = new String[] { "Role1", "Role2" }; - String[] expectedRoles = new String[] {}; - testDetails(mappedRoles, roles, expectedRoles); - } + public final void testBuildDetailsHttpServletRequestNoMappedUnmappedUserRoles() { + String[] mappedRoles = new String[] {}; + String[] roles = new String[] { "Role1", "Role2" }; + String[] expectedRoles = new String[] {}; + testDetails(mappedRoles, roles, expectedRoles); + } - public final void testBuildDetailsHttpServletRequestNoUserRoles() { - String[] mappedRoles = new String[] { "Role1", "Role2", "Role3", "Role4" }; - String[] roles = new String[] {}; - String[] expectedRoles = new String[] {}; - testDetails(mappedRoles, roles, expectedRoles); - } + public final void testBuildDetailsHttpServletRequestNoUserRoles() { + String[] mappedRoles = new String[] { "Role1", "Role2", "Role3", "Role4" }; + String[] roles = new String[] {}; + String[] expectedRoles = new String[] {}; + testDetails(mappedRoles, roles, expectedRoles); + } - public final void testBuildDetailsHttpServletRequestAllUserRoles() { - String[] mappedRoles = new String[] { "Role1", "Role2", "Role3", "Role4" }; - String[] roles = new String[] { "Role1", "Role2", "Role3", "Role4" }; - String[] expectedRoles = new String[] { "Role1", "Role2", "Role3", "Role4" }; - testDetails(mappedRoles, roles, expectedRoles); - } + public final void testBuildDetailsHttpServletRequestAllUserRoles() { + String[] mappedRoles = new String[] { "Role1", "Role2", "Role3", "Role4" }; + String[] roles = new String[] { "Role1", "Role2", "Role3", "Role4" }; + String[] expectedRoles = new String[] { "Role1", "Role2", "Role3", "Role4" }; + testDetails(mappedRoles, roles, expectedRoles); + } - public final void testBuildDetailsHttpServletRequestUnmappedUserRoles() { - String[] mappedRoles = new String[] { "Role1", "Role2", "Role3", "Role4" }; - String[] roles = new String[] { "Role1", "Role2", "Role3", "Role4", "Role5" }; - String[] expectedRoles = new String[] { "Role1", "Role2", "Role3", "Role4" }; - testDetails(mappedRoles, roles, expectedRoles); - } + public final void testBuildDetailsHttpServletRequestUnmappedUserRoles() { + String[] mappedRoles = new String[] { "Role1", "Role2", "Role3", "Role4" }; + String[] roles = new String[] { "Role1", "Role2", "Role3", "Role4", "Role5" }; + String[] expectedRoles = new String[] { "Role1", "Role2", "Role3", "Role4" }; + testDetails(mappedRoles, roles, expectedRoles); + } - public final void testBuildDetailsHttpServletRequestPartialUserRoles() { - String[] mappedRoles = new String[] { "Role1", "Role2", "Role3", "Role4" }; - String[] roles = new String[] { "Role2", "Role3" }; - String[] expectedRoles = new String[] { "Role2", "Role3" }; - testDetails(mappedRoles, roles, expectedRoles); - } + public final void testBuildDetailsHttpServletRequestPartialUserRoles() { + String[] mappedRoles = new String[] { "Role1", "Role2", "Role3", "Role4" }; + String[] roles = new String[] { "Role2", "Role3" }; + String[] expectedRoles = new String[] { "Role2", "Role3" }; + testDetails(mappedRoles, roles, expectedRoles); + } - public final void testBuildDetailsHttpServletRequestPartialAndUnmappedUserRoles() { - String[] mappedRoles = new String[] { "Role1", "Role2", "Role3", "Role4" }; - String[] roles = new String[] { "Role2", "Role3", "Role5" }; - String[] expectedRoles = new String[] { "Role2", "Role3" }; - testDetails(mappedRoles, roles, expectedRoles); - } + public final void testBuildDetailsHttpServletRequestPartialAndUnmappedUserRoles() { + String[] mappedRoles = new String[] { "Role1", "Role2", "Role3", "Role4" }; + String[] roles = new String[] { "Role2", "Role3", "Role5" }; + String[] expectedRoles = new String[] { "Role2", "Role3" }; + testDetails(mappedRoles, roles, expectedRoles); + } - private void testDetails(String[] mappedRoles, String[] userRoles, String[] expectedRoles) { - J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource src = getJ2eeBasedPreAuthenticatedWebAuthenticationDetailsSource(mappedRoles); - Object o = src.buildDetails(getRequest("testUser", userRoles)); - assertNotNull(o); - assertTrue("Returned object not of type PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails, actual type: " + o.getClass(), - o instanceof PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails); - PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails details = (PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails) o; - GrantedAuthority[] gas = details.getGrantedAuthorities(); - assertNotNull("Granted authorities should not be null", gas); - assertTrue("Number of granted authorities should be " + expectedRoles.length, gas.length == expectedRoles.length); + private void testDetails(String[] mappedRoles, String[] userRoles, String[] expectedRoles) { + J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource src = getJ2eeBasedPreAuthenticatedWebAuthenticationDetailsSource(mappedRoles); + Object o = src.buildDetails(getRequest("testUser", userRoles)); + assertNotNull(o); + assertTrue("Returned object not of type PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails, actual type: " + o.getClass(), + o instanceof PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails); + PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails details = (PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails) o; + List gas = details.getGrantedAuthorities(); + assertNotNull("Granted authorities should not be null", gas); + assertEquals(expectedRoles.length, gas.size()); - Collection expectedRolesColl = Arrays.asList(expectedRoles); - Collection gasRolesSet = new HashSet(); - for (int i = 0; i < gas.length; i++) { - gasRolesSet.add(gas[i].getAuthority()); - } - assertTrue("Granted Authorities do not match expected roles", expectedRolesColl.containsAll(gasRolesSet) - && gasRolesSet.containsAll(expectedRolesColl)); - } + Collection expectedRolesColl = Arrays.asList(expectedRoles); + Collection gasRolesSet = new HashSet(); + for (int i = 0; i < gas.size(); i++) { + gasRolesSet.add(gas.get(i).getAuthority()); + } + assertTrue("Granted Authorities do not match expected roles", expectedRolesColl.containsAll(gasRolesSet) + && gasRolesSet.containsAll(expectedRolesColl)); + } - private final J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource getJ2eeBasedPreAuthenticatedWebAuthenticationDetailsSource( - String[] mappedRoles) { - J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource result = new J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource(); - result.setMappableRolesRetriever(getMappableRolesRetriever(mappedRoles)); - result.setUserRoles2GrantedAuthoritiesMapper(getJ2eeUserRoles2GrantedAuthoritiesMapper()); - result.setClazz(PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails.class); + private final J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource getJ2eeBasedPreAuthenticatedWebAuthenticationDetailsSource( + String[] mappedRoles) { + J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource result = new J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource(); + result.setMappableRolesRetriever(getMappableRolesRetriever(mappedRoles)); + result.setUserRoles2GrantedAuthoritiesMapper(getJ2eeUserRoles2GrantedAuthoritiesMapper()); + result.setClazz(PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails.class); - try { - result.afterPropertiesSet(); - } catch (Exception expected) { - fail("AfterPropertiesSet throws unexpected exception"); - } - return result; - } + try { + result.afterPropertiesSet(); + } catch (Exception expected) { + fail("AfterPropertiesSet throws unexpected exception"); + } + return result; + } - private MappableAttributesRetriever getMappableRolesRetriever(String[] mappedRoles) { - SimpleMappableAttributesRetriever result = new SimpleMappableAttributesRetriever(); - result.setMappableAttributes(mappedRoles); - return result; - } + private MappableAttributesRetriever getMappableRolesRetriever(String[] mappedRoles) { + SimpleMappableAttributesRetriever result = new SimpleMappableAttributesRetriever(); + result.setMappableAttributes(mappedRoles); + return result; + } - private Attributes2GrantedAuthoritiesMapper getJ2eeUserRoles2GrantedAuthoritiesMapper() { - SimpleAttributes2GrantedAuthoritiesMapper result = new SimpleAttributes2GrantedAuthoritiesMapper(); - result.setAddPrefixIfAlreadyExisting(false); - result.setConvertAttributeToLowerCase(false); - result.setConvertAttributeToUpperCase(false); - result.setAttributePrefix(""); - return result; - } + private Attributes2GrantedAuthoritiesMapper getJ2eeUserRoles2GrantedAuthoritiesMapper() { + SimpleAttributes2GrantedAuthoritiesMapper result = new SimpleAttributes2GrantedAuthoritiesMapper(); + result.setAddPrefixIfAlreadyExisting(false); + result.setConvertAttributeToLowerCase(false); + result.setConvertAttributeToUpperCase(false); + result.setAttributePrefix(""); + return result; + } - private final HttpServletRequest getRequest(final String userName,final String[] aRoles) - { - MockHttpServletRequest req = new MockHttpServletRequest() { - private Set roles = new HashSet(Arrays.asList(aRoles)); - public boolean isUserInRole(String arg0) { - return roles.contains(arg0); - } - }; - req.setRemoteUser(userName); - return req; - } + private final HttpServletRequest getRequest(final String userName,final String[] aRoles) + { + MockHttpServletRequest req = new MockHttpServletRequest() { + private Set roles = new HashSet(Arrays.asList(aRoles)); + public boolean isUserInRole(String arg0) { + return roles.contains(arg0); + } + }; + req.setRemoteUser(userName); + return req; + } } diff --git a/core/src/test/java/org/springframework/security/ui/preauth/x509/SubjectDnX509PrincipalExtractorTests.java b/core/src/test/java/org/springframework/security/ui/preauth/x509/SubjectDnX509PrincipalExtractorTests.java index d3433138a6..e09adc62bf 100644 --- a/core/src/test/java/org/springframework/security/ui/preauth/x509/SubjectDnX509PrincipalExtractorTests.java +++ b/core/src/test/java/org/springframework/security/ui/preauth/x509/SubjectDnX509PrincipalExtractorTests.java @@ -1,6 +1,5 @@ package org.springframework.security.ui.preauth.x509; -import org.springframework.security.providers.x509.X509TestUtils; import org.springframework.security.SpringSecurityMessageSource; import org.springframework.security.BadCredentialsException; diff --git a/core/src/test/java/org/springframework/security/providers/x509/X509TestUtils.java b/core/src/test/java/org/springframework/security/ui/preauth/x509/X509TestUtils.java similarity index 96% rename from core/src/test/java/org/springframework/security/providers/x509/X509TestUtils.java rename to core/src/test/java/org/springframework/security/ui/preauth/x509/X509TestUtils.java index b2be4d7f7a..3c82383a97 100644 --- a/core/src/test/java/org/springframework/security/providers/x509/X509TestUtils.java +++ b/core/src/test/java/org/springframework/security/ui/preauth/x509/X509TestUtils.java @@ -13,7 +13,7 @@ * limitations under the License. */ -package org.springframework.security.providers.x509; +package org.springframework.security.ui.preauth.x509; import java.io.ByteArrayInputStream; @@ -99,8 +99,4 @@ public class X509TestUtils { return (X509Certificate) cf.generateCertificate(in); } - - public static X509AuthenticationToken createToken() throws Exception { - return new X509AuthenticationToken(buildTestCertificate()); - } } diff --git a/core/src/test/java/org/springframework/security/ui/rememberme/RememberMeProcessingFilterTests.java b/core/src/test/java/org/springframework/security/ui/rememberme/RememberMeProcessingFilterTests.java index 14ae6da118..7bd5dcd7f8 100644 --- a/core/src/test/java/org/springframework/security/ui/rememberme/RememberMeProcessingFilterTests.java +++ b/core/src/test/java/org/springframework/security/ui/rememberme/RememberMeProcessingFilterTests.java @@ -15,19 +15,7 @@ package org.springframework.security.ui.rememberme; -import org.springframework.security.Authentication; -import org.springframework.security.GrantedAuthority; -import org.springframework.security.GrantedAuthorityImpl; -import org.springframework.security.MockAuthenticationManager; -import org.springframework.security.MockFilterConfig; -import org.springframework.security.AuthenticationException; -import org.springframework.security.MockApplicationEventPublisher; -import org.springframework.security.context.SecurityContextHolder; -import org.springframework.security.providers.TestingAuthenticationToken; -import org.springframework.mock.web.MockHttpServletRequest; -import org.springframework.mock.web.MockHttpServletResponse; - -import junit.framework.TestCase; +import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; @@ -37,7 +25,18 @@ import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import java.io.IOException; + +import junit.framework.TestCase; + +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.security.Authentication; +import org.springframework.security.AuthenticationException; +import org.springframework.security.MockApplicationEventPublisher; +import org.springframework.security.MockAuthenticationManager; +import org.springframework.security.MockFilterConfig; +import org.springframework.security.context.SecurityContextHolder; +import org.springframework.security.providers.TestingAuthenticationToken; /** @@ -47,14 +46,7 @@ import java.io.IOException; * @version $Id$ */ public class RememberMeProcessingFilterTests extends TestCase { - //~ Constructors =================================================================================================== - - public RememberMeProcessingFilterTests() { - } - - public RememberMeProcessingFilterTests(String arg0) { - super(arg0); - } + Authentication remembered = new TestingAuthenticationToken("remembered", "password","ROLE_REMEMBERED"); //~ Methods ======================================================================================================== @@ -118,13 +110,10 @@ public class RememberMeProcessingFilterTests extends TestCase { public void testOperationWhenAuthenticationExistsInContextHolder() throws Exception { // Put an Authentication object into the SecurityContextHolder - Authentication originalAuth = new TestingAuthenticationToken("user", "password", - new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_A")}); + Authentication originalAuth = new TestingAuthenticationToken("user", "password","ROLE_A"); SecurityContextHolder.getContext().setAuthentication(originalAuth); // Setup our filter correctly - Authentication remembered = new TestingAuthenticationToken("remembered", "password", - new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_REMEMBERED")}); RememberMeProcessingFilter filter = new RememberMeProcessingFilter(); filter.setAuthenticationManager(new MockAuthenticationManager()); filter.setRememberMeServices(new MockRememberMeServices(remembered)); @@ -141,8 +130,7 @@ public class RememberMeProcessingFilterTests extends TestCase { } public void testOperationWhenNoAuthenticationInContextHolder() throws Exception { - Authentication remembered = new TestingAuthenticationToken("remembered", "password", - new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_REMEMBERED")}); + RememberMeProcessingFilter filter = new RememberMeProcessingFilter(); filter.setAuthenticationManager(new MockAuthenticationManager()); filter.setRememberMeServices(new MockRememberMeServices(remembered)); @@ -158,8 +146,6 @@ public class RememberMeProcessingFilterTests extends TestCase { } public void testOnunsuccessfulLoginIsCalledWhenProviderRejectsAuth() throws Exception { - Authentication remembered = new TestingAuthenticationToken("remembered", "password", - new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_REMEMBERED")}); final Authentication failedAuth = new TestingAuthenticationToken("failed", ""); RememberMeProcessingFilter filter = new RememberMeProcessingFilter() { diff --git a/core/src/test/java/org/springframework/security/ui/rememberme/TokenBasedRememberMeServicesTests.java b/core/src/test/java/org/springframework/security/ui/rememberme/TokenBasedRememberMeServicesTests.java index 5f3addc1d2..2a447dd150 100644 --- a/core/src/test/java/org/springframework/security/ui/rememberme/TokenBasedRememberMeServicesTests.java +++ b/core/src/test/java/org/springframework/security/ui/rememberme/TokenBasedRememberMeServicesTests.java @@ -332,9 +332,7 @@ public class TokenBasedRememberMeServicesTests extends TestCase { request.addParameter(TokenBasedRememberMeServices.DEFAULT_PARAMETER, "false"); MockHttpServletResponse response = new MockHttpServletResponse(); - services.loginSuccess(request, response, - new TestingAuthenticationToken("someone", "password", - new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ABC")})); + services.loginSuccess(request, response, new TestingAuthenticationToken("someone", "password","ROLE_ABC")); Cookie cookie = response.getCookie(TokenBasedRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY); assertNull(cookie); @@ -349,9 +347,7 @@ public class TokenBasedRememberMeServicesTests extends TestCase { request.addParameter(TokenBasedRememberMeServices.DEFAULT_PARAMETER, "true"); MockHttpServletResponse response = new MockHttpServletResponse(); - services.loginSuccess(request, response, - new TestingAuthenticationToken("someone", "password", - new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ABC")})); + services.loginSuccess(request, response, new TestingAuthenticationToken("someone", "password","ROLE_ABC")); Cookie cookie = response.getCookie(TokenBasedRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY); String expiryTime = services.decodeCookie(cookie.getValue())[1]; @@ -373,9 +369,7 @@ public class TokenBasedRememberMeServicesTests extends TestCase { MockHttpServletResponse response = new MockHttpServletResponse(); UserDetails user = new User("someone", "password", true, true, true, true, new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ABC")}); - services.loginSuccess(request, response, - new TestingAuthenticationToken(user, "ignored", - new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ABC")})); + services.loginSuccess(request, response, new TestingAuthenticationToken("someone", "password","ROLE_ABC")); Cookie cookie = response.getCookie(TokenBasedRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY); assertNotNull(cookie); diff --git a/core/src/test/java/org/springframework/security/ui/switchuser/SwitchUserProcessingFilterTests.java b/core/src/test/java/org/springframework/security/ui/switchuser/SwitchUserProcessingFilterTests.java index bff5adc9d9..7faf83604c 100644 --- a/core/src/test/java/org/springframework/security/ui/switchuser/SwitchUserProcessingFilterTests.java +++ b/core/src/test/java/org/springframework/security/ui/switchuser/SwitchUserProcessingFilterTests.java @@ -56,12 +56,12 @@ public class SwitchUserProcessingFilterTests { @Before public void authenticateCurrentUser() { UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("dano", "hawaii50"); - SecurityContextHolder.getContext().setAuthentication(auth); + SecurityContextHolder.getContext().setAuthentication(auth); } - + @After public void clearContext() { - SecurityContextHolder.clearContext(); + SecurityContextHolder.clearContext(); } private MockHttpServletRequest createMockSwitchRequest() { @@ -72,7 +72,7 @@ public class SwitchUserProcessingFilterTests { return request; } - + private Authentication switchToUser(String name) { MockHttpServletRequest request = new MockHttpServletRequest(); request.addParameter(SwitchUserProcessingFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, name); @@ -81,9 +81,9 @@ public class SwitchUserProcessingFilterTests { filter.setUserDetailsService(new MockUserDetailsService()); return filter.attemptSwitchUser(request); - + } - + @Test public void requiresExitUserMatchesCorrectly() { SwitchUserProcessingFilter filter = new SwitchUserProcessingFilter(); @@ -101,11 +101,11 @@ public class SwitchUserProcessingFilterTests { filter.setSwitchUserUrl("/j_spring_security_my_switch_user"); MockHttpServletRequest request = new MockHttpServletRequest(); - request.setRequestURI("/j_spring_security_my_switch_user"); - + request.setRequestURI("/j_spring_security_my_switch_user"); + assertTrue(filter.requiresSwitchUser(request)); - } - + } + @Test(expected=UsernameNotFoundException.class) public void attemptSwitchToUnknownUserFails() throws Exception { @@ -119,27 +119,27 @@ public class SwitchUserProcessingFilterTests { @Test(expected=DisabledException.class) public void attemptSwitchToUserThatIsDisabledFails() throws Exception { - switchToUser("mcgarrett"); + switchToUser("mcgarrett"); } @Test(expected=AccountExpiredException.class) public void attemptSwitchToUserWithAccountExpiredFails() throws Exception { - switchToUser("wofat"); + switchToUser("wofat"); } @Test(expected=CredentialsExpiredException.class) public void attemptSwitchToUserWithExpiredCredentialsFails() throws Exception { - switchToUser("steve"); + switchToUser("steve"); } @Test(expected=UsernameNotFoundException.class) public void switchUserWithNullUsernameThrowsException() throws Exception { - switchToUser(null); - } - + switchToUser(null); + } + @Test public void attemptSwitchUserIsSuccessfulWithValidUser() throws Exception { - assertNotNull(switchToUser("jacklord")); + assertNotNull(switchToUser("jacklord")); } @Test @@ -177,7 +177,7 @@ public class SwitchUserProcessingFilterTests { filter.afterPropertiesSet(); } - @Test(expected=IllegalArgumentException.class) + @Test(expected=IllegalArgumentException.class) public void testBadConfigMissingTargetUrl() throws Exception { SwitchUserProcessingFilter filter = new SwitchUserProcessingFilter(); filter.setUserDetailsService(new MockUserDetailsService()); @@ -342,8 +342,8 @@ public class SwitchUserProcessingFilterTests { Authentication result = filter.attemptSwitchUser(request); assertTrue(result != null); - assertEquals(2, result.getAuthorities().length); - assertEquals("ROLE_NEW", result.getAuthorities()[0].getAuthority()); + assertEquals(2, result.getAuthorities().size()); + assertEquals("ROLE_NEW", result.getAuthorities().get(0).getAuthority()); } diff --git a/core/src/test/java/org/springframework/security/ui/x509/X509ProcessingFilterEntryPointTests.java b/core/src/test/java/org/springframework/security/ui/x509/X509ProcessingFilterEntryPointTests.java deleted file mode 100644 index 878ecc0275..0000000000 --- a/core/src/test/java/org/springframework/security/ui/x509/X509ProcessingFilterEntryPointTests.java +++ /dev/null @@ -1,59 +0,0 @@ -/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.ui.x509; - -import junit.framework.TestCase; - -import org.springframework.security.BadCredentialsException; - -import org.springframework.mock.web.MockHttpServletRequest; -import org.springframework.mock.web.MockHttpServletResponse; - -import javax.servlet.http.HttpServletResponse; - - -/** - * Tests {@link X509ProcessingFilterEntryPoint}. - * - * @author Luke Taylor - * @version $Id$ - */ -public class X509ProcessingFilterEntryPointTests extends TestCase { - //~ Constructors =================================================================================================== - - public X509ProcessingFilterEntryPointTests() { - super(); - } - - public X509ProcessingFilterEntryPointTests(String arg0) { - super(arg0); - } - - //~ Methods ======================================================================================================== - - public final void setUp() throws Exception { - super.setUp(); - } - - public void testNormalOperation() throws Exception { - MockHttpServletRequest request = new MockHttpServletRequest(); - MockHttpServletResponse response = new MockHttpServletResponse(); - X509ProcessingFilterEntryPoint entryPoint = new X509ProcessingFilterEntryPoint(); - - entryPoint.commence(request, response, new BadCredentialsException("As thrown by security enforcement filter")); - assertEquals(HttpServletResponse.SC_FORBIDDEN, response.getStatus()); - } -} diff --git a/core/src/test/java/org/springframework/security/ui/x509/X509ProcessingFilterTests.java b/core/src/test/java/org/springframework/security/ui/x509/X509ProcessingFilterTests.java deleted file mode 100644 index baa1ae9b5b..0000000000 --- a/core/src/test/java/org/springframework/security/ui/x509/X509ProcessingFilterTests.java +++ /dev/null @@ -1,191 +0,0 @@ -/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.ui.x509; - -import junit.framework.TestCase; - -import org.springframework.security.Authentication; -import org.springframework.security.AuthenticationManager; -import org.springframework.security.BadCredentialsException; -import org.springframework.security.MockAuthenticationManager; - -import org.springframework.security.context.SecurityContextHolder; - -import org.springframework.security.providers.x509.X509AuthenticationToken; -import org.springframework.security.providers.x509.X509TestUtils; - -import org.springframework.security.ui.AbstractProcessingFilter; - -import org.springframework.security.util.MockFilterChain; - -import org.springframework.mock.web.MockHttpServletRequest; -import org.springframework.mock.web.MockHttpServletResponse; - -import java.security.cert.X509Certificate; - -import javax.servlet.FilterChain; -import javax.servlet.ServletException; - - -/** - * Tests {@link org.springframework.security.ui.x509.X509ProcessingFilter}. - * - * @author Luke Taylor - * @version $Id$ - */ -public class X509ProcessingFilterTests extends TestCase { - //~ Constructors =================================================================================================== - - public X509ProcessingFilterTests() { - super(); - } - - public X509ProcessingFilterTests(String arg0) { - super(arg0); - } - - //~ Methods ======================================================================================================== - - public final void setUp() throws Exception { - super.setUp(); - } - - public void tearDown() { - SecurityContextHolder.clearContext(); - } - - public void testAuthenticationIsNullWithNoCertificate() - throws Exception { - MockHttpServletRequest request = new MockHttpServletRequest(); - MockHttpServletResponse response = new MockHttpServletResponse(); - FilterChain chain = new MockFilterChain(true); - - AuthenticationManager authMgr = new MockX509AuthenticationManager(); - X509ProcessingFilter filter = new X509ProcessingFilter(); - - filter.setAuthenticationManager(authMgr); - - SecurityContextHolder.getContext().setAuthentication(null); - filter.doFilter(request, response, chain); - - Object lastException = request.getSession() - .getAttribute(AbstractProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY); - - assertNull("Authentication should be null", SecurityContextHolder.getContext().getAuthentication()); - assertTrue("BadCredentialsException should have been thrown", lastException instanceof BadCredentialsException); - } - - public void testDoFilterWithNonHttpServletRequestDetected() - throws Exception { - X509ProcessingFilter filter = new X509ProcessingFilter(); - - try { - filter.doFilter(null, new MockHttpServletResponse(), new MockFilterChain(false)); - fail("Should have thrown ServletException"); - } catch (ServletException expected) { - assertEquals("Can only process HttpServletRequest", expected.getMessage()); - } - } - - public void testDoFilterWithNonHttpServletResponseDetected() - throws Exception { - X509ProcessingFilter filter = new X509ProcessingFilter(); - - try { - filter.doFilter(new MockHttpServletRequest(null, null), null, new MockFilterChain(false)); - fail("Should have thrown ServletException"); - } catch (ServletException expected) { - assertEquals("Can only process HttpServletResponse", expected.getMessage()); - } - } - - public void testFailedAuthentication() throws Exception { - MockHttpServletRequest request = new MockHttpServletRequest(); - MockHttpServletResponse response = new MockHttpServletResponse(); - FilterChain chain = new MockFilterChain(true); - - request.setAttribute("javax.servlet.request.X509Certificate", - new X509Certificate[] {X509TestUtils.buildTestCertificate()}); - - AuthenticationManager authMgr = new MockAuthenticationManager(false); - - SecurityContextHolder.getContext().setAuthentication(null); - - X509ProcessingFilter filter = new X509ProcessingFilter(); - - filter.setAuthenticationManager(authMgr); - filter.afterPropertiesSet(); - filter.init(null); - filter.doFilter(request, response, chain); - filter.destroy(); - - Authentication result = SecurityContextHolder.getContext().getAuthentication(); - - assertNull(result); - } - - public void testNeedsAuthenticationManager() throws Exception { - X509ProcessingFilter filter = new X509ProcessingFilter(); - - try { - filter.afterPropertiesSet(); - fail("Expected IllegalArgumentException"); - } catch (IllegalArgumentException failed) { - // ignored - } - } - - public void testNormalOperation() throws Exception { - MockHttpServletRequest request = new MockHttpServletRequest(); - MockHttpServletResponse response = new MockHttpServletResponse(); - FilterChain chain = new MockFilterChain(true); - - request.setAttribute("javax.servlet.request.X509Certificate", - new X509Certificate[] {X509TestUtils.buildTestCertificate()}); - - AuthenticationManager authMgr = new MockX509AuthenticationManager(); - - SecurityContextHolder.getContext().setAuthentication(null); - - X509ProcessingFilter filter = new X509ProcessingFilter(); - - filter.setAuthenticationManager(authMgr); - filter.afterPropertiesSet(); - filter.init(null); - filter.doFilter(request, response, chain); - filter.destroy(); - - Authentication result = SecurityContextHolder.getContext().getAuthentication(); - - assertNotNull(result); - } - - //~ Inner Classes ================================================================================================== - - private static class MockX509AuthenticationManager implements AuthenticationManager { - public Authentication authenticate(Authentication a) { - if (!(a instanceof X509AuthenticationToken)) { - TestCase.fail("Needed an X509Authentication token but found " + a); - } - - if (a.getCredentials() == null) { - throw new BadCredentialsException("Mock authentication manager rejecting null certificate"); - } - - return a; - } - } -} diff --git a/core/src/test/java/org/springframework/security/userdetails/UserTests.java b/core/src/test/java/org/springframework/security/userdetails/UserTests.java index 471ef26d45..6aa006ca22 100644 --- a/core/src/test/java/org/springframework/security/userdetails/UserTests.java +++ b/core/src/test/java/org/springframework/security/userdetails/UserTests.java @@ -126,12 +126,12 @@ public class UserTests extends TestCase { assertTrue(true); } - try { - UserDetails user = new User("rod", "koala", true, true, true, true, null); - fail("Should have thrown IllegalArgumentException"); - } catch (IllegalArgumentException expected) { - assertTrue(true); - } +// try { +// UserDetails user = new User("rod", "koala", true, true, true, true, null); +// fail("Should have thrown IllegalArgumentException"); +// } catch (IllegalArgumentException expected) { +// assertTrue(true); +// } try { UserDetails user = new User("rod", "koala", true, true, true, true, @@ -162,8 +162,8 @@ public class UserTests extends TestCase { assertEquals("rod", user.getUsername()); assertEquals("koala", user.getPassword()); assertTrue(user.isEnabled()); - assertEquals(new GrantedAuthorityImpl("ROLE_ONE"), user.getAuthorities()[0]); - assertEquals(new GrantedAuthorityImpl("ROLE_TWO"), user.getAuthorities()[1]); + assertEquals(new GrantedAuthorityImpl("ROLE_ONE"), user.getAuthorities().get(0)); + assertEquals(new GrantedAuthorityImpl("ROLE_TWO"), user.getAuthorities().get(1)); assertTrue(user.toString().indexOf("rod") != -1); } diff --git a/core/src/test/java/org/springframework/security/userdetails/hierarchicalroles/HierarchicalRolesTestHelper.java b/core/src/test/java/org/springframework/security/userdetails/hierarchicalroles/HierarchicalRolesTestHelper.java index a637243c71..491f369bac 100755 --- a/core/src/test/java/org/springframework/security/userdetails/hierarchicalroles/HierarchicalRolesTestHelper.java +++ b/core/src/test/java/org/springframework/security/userdetails/hierarchicalroles/HierarchicalRolesTestHelper.java @@ -14,7 +14,6 @@ package org.springframework.security.userdetails.hierarchicalroles; -import java.util.ArrayList; import java.util.List; import org.springframework.security.GrantedAuthority; @@ -27,17 +26,15 @@ import org.apache.commons.collections.CollectionUtils; */ public abstract class HierarchicalRolesTestHelper { - public static boolean containTheSameGrantedAuthorities(GrantedAuthority[] authorities1, GrantedAuthority[] authorities2) { + public static boolean containTheSameGrantedAuthorities(List authorities1, List authorities2) { if (authorities1 == null && authorities2 == null) { return true; - } else if (authorities1 == null || authorities2 == null) { + } + + if (authorities1 == null || authorities2 == null) { return false; } - List authoritiesList1 = new ArrayList(); - CollectionUtils.addAll(authoritiesList1, authorities1); - List authoritiesList2 = new ArrayList(); - CollectionUtils.addAll(authoritiesList2, authorities2); - return CollectionUtils.isEqualCollection(authoritiesList1, authoritiesList2); + return CollectionUtils.isEqualCollection(authorities1, authorities2); } -} \ No newline at end of file +} diff --git a/core/src/test/java/org/springframework/security/userdetails/hierarchicalroles/RoleHierarchyImplTests.java b/core/src/test/java/org/springframework/security/userdetails/hierarchicalroles/RoleHierarchyImplTests.java index d5a5c22ac5..bb129da472 100755 --- a/core/src/test/java/org/springframework/security/userdetails/hierarchicalroles/RoleHierarchyImplTests.java +++ b/core/src/test/java/org/springframework/security/userdetails/hierarchicalroles/RoleHierarchyImplTests.java @@ -14,10 +14,12 @@ package org.springframework.security.userdetails.hierarchicalroles; +import java.util.List; + import junit.framework.TestCase; import org.springframework.security.GrantedAuthority; -import org.springframework.security.GrantedAuthorityImpl; +import org.springframework.security.util.AuthorityUtils; /** * Tests for {@link RoleHierarchyImpl}. @@ -26,17 +28,11 @@ import org.springframework.security.GrantedAuthorityImpl; */ public class RoleHierarchyImplTests extends TestCase { - public RoleHierarchyImplTests() { - } - - public RoleHierarchyImplTests(String testCaseName) { - super(testCaseName); - } - public void testSimpleRoleHierarchy() { - GrantedAuthority[] authorities0 = new GrantedAuthority[] { new GrantedAuthorityImpl("ROLE_0") }; - GrantedAuthority[] authorities1 = new GrantedAuthority[] { new GrantedAuthorityImpl("ROLE_A") }; - GrantedAuthority[] authorities2 = new GrantedAuthority[] { new GrantedAuthorityImpl("ROLE_A"), new GrantedAuthorityImpl("ROLE_B") }; + + List authorities0 = AuthorityUtils.createAuthorityList("ROLE_0"); + List authorities1 = AuthorityUtils.createAuthorityList("ROLE_A"); + List authorities2 = AuthorityUtils.createAuthorityList("ROLE_A","ROLE_B"); RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl(); roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B"); @@ -47,10 +43,9 @@ public class RoleHierarchyImplTests extends TestCase { } public void testTransitiveRoleHierarchies() { - GrantedAuthority[] authorities1 = new GrantedAuthority[] { new GrantedAuthorityImpl("ROLE_A") }; - GrantedAuthority[] authorities2 = new GrantedAuthority[] { new GrantedAuthorityImpl("ROLE_A"), new GrantedAuthorityImpl("ROLE_B"), new GrantedAuthorityImpl("ROLE_C") }; - GrantedAuthority[] authorities3 = new GrantedAuthority[] { new GrantedAuthorityImpl("ROLE_A"), new GrantedAuthorityImpl("ROLE_B"), new GrantedAuthorityImpl("ROLE_C"), - new GrantedAuthorityImpl("ROLE_D") }; + List authorities1 = AuthorityUtils.createAuthorityList("ROLE_A"); + List authorities2 = AuthorityUtils.createAuthorityList("ROLE_A","ROLE_B","ROLE_C"); + List authorities3 = AuthorityUtils.createAuthorityList("ROLE_A","ROLE_B","ROLE_C","ROLE_D"); RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl(); @@ -62,15 +57,14 @@ public class RoleHierarchyImplTests extends TestCase { } public void testComplexRoleHierarchy() { - GrantedAuthority[] authoritiesInput1 = new GrantedAuthority[] { new GrantedAuthorityImpl("ROLE_A") }; - GrantedAuthority[] authoritiesOutput1 = new GrantedAuthority[] { new GrantedAuthorityImpl("ROLE_A"), new GrantedAuthorityImpl("ROLE_B"), new GrantedAuthorityImpl("ROLE_C"), - new GrantedAuthorityImpl("ROLE_D") }; - GrantedAuthority[] authoritiesInput2 = new GrantedAuthority[] { new GrantedAuthorityImpl("ROLE_B") }; - GrantedAuthority[] authoritiesOutput2 = new GrantedAuthority[] { new GrantedAuthorityImpl("ROLE_B"), new GrantedAuthorityImpl("ROLE_D") }; - GrantedAuthority[] authoritiesInput3 = new GrantedAuthority[] { new GrantedAuthorityImpl("ROLE_C") }; - GrantedAuthority[] authoritiesOutput3 = new GrantedAuthority[] { new GrantedAuthorityImpl("ROLE_C"), new GrantedAuthorityImpl("ROLE_D") }; - GrantedAuthority[] authoritiesInput4 = new GrantedAuthority[] { new GrantedAuthorityImpl("ROLE_D") }; - GrantedAuthority[] authoritiesOutput4 = new GrantedAuthority[] { new GrantedAuthorityImpl("ROLE_D") }; + List authoritiesInput1 = AuthorityUtils.createAuthorityList("ROLE_A"); + List authoritiesOutput1 = AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_B","ROLE_C", "ROLE_D"); + List authoritiesInput2 = AuthorityUtils.createAuthorityList("ROLE_B"); + List authoritiesOutput2 = AuthorityUtils.createAuthorityList("ROLE_B","ROLE_D"); + List authoritiesInput3 = AuthorityUtils.createAuthorityList("ROLE_C"); + List authoritiesOutput3 = AuthorityUtils.createAuthorityList("ROLE_C","ROLE_D"); + List authoritiesInput4 = AuthorityUtils.createAuthorityList("ROLE_D"); + List authoritiesOutput4 = AuthorityUtils.createAuthorityList("ROLE_D"); RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl(); roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B\nROLE_A > ROLE_C\nROLE_C > ROLE_D\nROLE_B > ROLE_D"); @@ -115,4 +109,4 @@ public class RoleHierarchyImplTests extends TestCase { } } -} \ No newline at end of file +} diff --git a/core/src/test/java/org/springframework/security/userdetails/hierarchicalroles/TestHelperTests.java b/core/src/test/java/org/springframework/security/userdetails/hierarchicalroles/TestHelperTests.java index efd766fe46..27680d68be 100755 --- a/core/src/test/java/org/springframework/security/userdetails/hierarchicalroles/TestHelperTests.java +++ b/core/src/test/java/org/springframework/security/userdetails/hierarchicalroles/TestHelperTests.java @@ -14,31 +14,29 @@ package org.springframework.security.userdetails.hierarchicalroles; -import junit.framework.TestCase; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; +import java.util.List; + +import org.junit.Test; import org.springframework.security.GrantedAuthority; -import org.springframework.security.GrantedAuthorityImpl; +import org.springframework.security.util.AuthorityUtils; /** * Tests for {@link HierarchicalRolesTestHelper}. * * @author Michael Mayr */ -public class TestHelperTests extends TestCase { - - public TestHelperTests() { - } - - public TestHelperTests(String testCaseName) { - super(testCaseName); - } +public class TestHelperTests { + @Test public void testContainTheSameGrantedAuthorities() { - GrantedAuthority[] authorities1 = new GrantedAuthority[] { new GrantedAuthorityImpl("ROLE_A"), new GrantedAuthorityImpl("ROLE_B") }; - GrantedAuthority[] authorities2 = new GrantedAuthority[] { new GrantedAuthorityImpl("ROLE_B"), new GrantedAuthorityImpl("ROLE_A") }; - GrantedAuthority[] authorities3 = new GrantedAuthority[] { new GrantedAuthorityImpl("ROLE_A"), new GrantedAuthorityImpl("ROLE_C") }; - GrantedAuthority[] authorities4 = new GrantedAuthority[] { new GrantedAuthorityImpl("ROLE_A") }; - GrantedAuthority[] authorities5 = new GrantedAuthority[] { new GrantedAuthorityImpl("ROLE_A"), new GrantedAuthorityImpl("ROLE_A") }; + List authorities1 = AuthorityUtils.createAuthorityList("ROLE_A","ROLE_B"); + List authorities2 = AuthorityUtils.createAuthorityList("ROLE_B","ROLE_A"); + List authorities3 = AuthorityUtils.createAuthorityList("ROLE_A","ROLE_C"); + List authorities4 = AuthorityUtils.createAuthorityList("ROLE_A"); + List authorities5 = AuthorityUtils.createAuthorityList("ROLE_A","ROLE_A"); assertTrue(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(null, null)); assertTrue(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(authorities1, authorities1)); diff --git a/core/src/test/java/org/springframework/security/userdetails/hierarchicalroles/UserDetailsWrapperTests.java b/core/src/test/java/org/springframework/security/userdetails/hierarchicalroles/UserDetailsWrapperTests.java index 4e6f6391ff..07c1c19cd7 100755 --- a/core/src/test/java/org/springframework/security/userdetails/hierarchicalroles/UserDetailsWrapperTests.java +++ b/core/src/test/java/org/springframework/security/userdetails/hierarchicalroles/UserDetailsWrapperTests.java @@ -1,11 +1,14 @@ package org.springframework.security.userdetails.hierarchicalroles; +import java.util.List; + import junit.framework.TestCase; import org.springframework.security.GrantedAuthority; import org.springframework.security.GrantedAuthorityImpl; import org.springframework.security.userdetails.User; import org.springframework.security.userdetails.UserDetails; +import org.springframework.security.util.AuthorityUtils; /** * Tests for {@link UserDetailsWrapper}. @@ -48,7 +51,7 @@ public class UserDetailsWrapperTests extends TestCase { } public void testGetAuthorities() { - GrantedAuthority[] expectedAuthorities = new GrantedAuthority[] { new GrantedAuthorityImpl("ROLE_A"), new GrantedAuthorityImpl("ROLE_B") }; + List expectedAuthorities = AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_B"); assertTrue(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(userDetailsWrapper1.getAuthorities(), expectedAuthorities)); assertTrue(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities(userDetailsWrapper2.getAuthorities(), expectedAuthorities)); } @@ -78,4 +81,4 @@ public class UserDetailsWrapperTests extends TestCase { assertTrue(userDetailsWrapper2.getUnwrappedUserDetails() == userDetails2); } -} \ No newline at end of file +} diff --git a/core/src/test/java/org/springframework/security/userdetails/jdbc/JdbcDaoImplTests.java b/core/src/test/java/org/springframework/security/userdetails/jdbc/JdbcDaoImplTests.java index 50e4eeb73a..0b94726265 100644 --- a/core/src/test/java/org/springframework/security/userdetails/jdbc/JdbcDaoImplTests.java +++ b/core/src/test/java/org/springframework/security/userdetails/jdbc/JdbcDaoImplTests.java @@ -73,8 +73,8 @@ public class JdbcDaoImplTests extends TestCase { assertTrue(user.isEnabled()); HashSet authorities = new HashSet(2); - authorities.add(user.getAuthorities()[0].getAuthority()); - authorities.add(user.getAuthorities()[1].getAuthority()); + authorities.add(user.getAuthorities().get(0).getAuthority()); + authorities.add(user.getAuthorities().get(1).getAuthority()); assertTrue(authorities.contains("ROLE_TELLER")); assertTrue(authorities.contains("ROLE_SUPERVISOR")); } @@ -82,8 +82,8 @@ public class JdbcDaoImplTests extends TestCase { public void testCheckDaoOnlyReturnsGrantedAuthoritiesGrantedToUser() throws Exception { JdbcDaoImpl dao = makePopulatedJdbcDao(); UserDetails user = dao.loadUserByUsername("scott"); - assertEquals("ROLE_TELLER", user.getAuthorities()[0].getAuthority()); - assertEquals(1, user.getAuthorities().length); + assertEquals("ROLE_TELLER", user.getAuthorities().get(0).getAuthority()); + assertEquals(1, user.getAuthorities().size()); } public void testCheckDaoReturnsCorrectDisabledProperty() throws Exception { @@ -135,11 +135,11 @@ public class JdbcDaoImplTests extends TestCase { UserDetails user = dao.loadUserByUsername("rod"); assertEquals("rod", user.getUsername()); - assertEquals(2, user.getAuthorities().length); + assertEquals(2, user.getAuthorities().size()); HashSet authorities = new HashSet(2); - authorities.add(user.getAuthorities()[0].getAuthority()); - authorities.add(user.getAuthorities()[1].getAuthority()); + authorities.add(user.getAuthorities().get(0).getAuthority()); + authorities.add(user.getAuthorities().get(1).getAuthority()); assertTrue(authorities.contains("ARBITRARY_PREFIX_ROLE_TELLER")); assertTrue(authorities.contains("ARBITRARY_PREFIX_ROLE_SUPERVISOR")); } @@ -150,7 +150,7 @@ public class JdbcDaoImplTests extends TestCase { dao.setEnableGroups(true); UserDetails jerry = dao.loadUserByUsername("jerry"); - assertEquals(3, jerry.getAuthorities().length); + assertEquals(3, jerry.getAuthorities().size()); } public void testDuplicateGroupAuthoritiesAreRemoved() throws Exception { @@ -159,7 +159,7 @@ public class JdbcDaoImplTests extends TestCase { dao.setEnableGroups(true); // Tom has roles A, B, C and B, C duplicates UserDetails tom = dao.loadUserByUsername("tom"); - assertEquals(3, tom.getAuthorities().length); + assertEquals(3, tom.getAuthorities().size()); } public void testStartupFailsIfDataSourceNotSet() throws Exception { @@ -184,12 +184,4 @@ public class JdbcDaoImplTests extends TestCase { assertTrue(true); } } - - //~ Inner Classes ================================================================================================== - - private class MockMappingSqlQuery extends MappingSqlQuery { - protected Object mapRow(ResultSet arg0, int arg1) throws SQLException { - return null; - } - } } diff --git a/core/src/test/java/org/springframework/security/userdetails/jdbc/JdbcUserDetailsManagerTests.java b/core/src/test/java/org/springframework/security/userdetails/jdbc/JdbcUserDetailsManagerTests.java index e06a36f156..ca16f93278 100644 --- a/core/src/test/java/org/springframework/security/userdetails/jdbc/JdbcUserDetailsManagerTests.java +++ b/core/src/test/java/org/springframework/security/userdetails/jdbc/JdbcUserDetailsManagerTests.java @@ -41,7 +41,7 @@ public class JdbcUserDetailsManagerTests { private static final String SELECT_JOE_AUTHORITIES_SQL = "select * from authorities where username = 'joe'"; private static final UserDetails joe = new User("joe", "password", true, true, true, true, - AuthorityUtils.stringArrayToAuthorityArray(new String[]{"A","C","B"})); + AuthorityUtils.createAuthorityList("A","C","B")); private static TestDataSource dataSource; private JdbcUserDetailsManager manager; @@ -116,7 +116,7 @@ public class JdbcUserDetailsManagerTests { public void updateUserChangesDataCorrectlyAndClearsCache() { insertJoe(); User newJoe = new User("joe","newpassword",false,true,true,true, - AuthorityUtils.stringArrayToAuthorityArray(new String[]{"D","F","E"})); + AuthorityUtils.createAuthorityList(new String[]{"D","F","E"})); manager.updateUser(newJoe); @@ -213,7 +213,7 @@ public class JdbcUserDetailsManagerTests { @Test public void createGroupInsertsCorrectData() { - manager.createGroup("TEST_GROUP", AuthorityUtils.stringArrayToAuthorityArray(new String[] {"ROLE_X", "ROLE_Y"})); + manager.createGroup("TEST_GROUP", AuthorityUtils.createAuthorityList("ROLE_X", "ROLE_Y")); List roles = template.queryForList( "select ga.authority from groups g, group_authorities ga " + @@ -258,9 +258,7 @@ public class JdbcUserDetailsManagerTests { @Test public void findGroupAuthoritiesReturnsCorrectAuthorities() throws Exception { - GrantedAuthority[] authorities = manager.findGroupAuthorities("GROUP_0"); - - assertEquals("ROLE_A", authorities[0].getAuthority()); + assertEquals(AuthorityUtils.createAuthorityList("ROLE_A"), manager.findGroupAuthorities("GROUP_0")); } @Test @@ -278,7 +276,7 @@ public class JdbcUserDetailsManagerTests { assertEquals(0, template.queryForList("select authority from group_authorities where group_id = 0").size()); manager.removeGroupAuthority("GROUP_2", auth); - assertEquals(2, template.queryForList("select authority from group_authorities where group_id = 2").size()); + assertEquals(2, template.queryForList("select authority from group_authorities where group_id = 2").size()); } private Authentication authenticateJoe() { diff --git a/core/src/test/java/org/springframework/security/userdetails/ldap/LdapUserDetailsManagerTests.java b/core/src/test/java/org/springframework/security/userdetails/ldap/LdapUserDetailsManagerTests.java index 055052322e..2a52bd76db 100644 --- a/core/src/test/java/org/springframework/security/userdetails/ldap/LdapUserDetailsManagerTests.java +++ b/core/src/test/java/org/springframework/security/userdetails/ldap/LdapUserDetailsManagerTests.java @@ -14,28 +14,32 @@ */ package org.springframework.security.userdetails.ldap; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; +import static org.junit.Assert.fail; + +import java.util.List; + +import org.junit.After; +import org.junit.Test; +import org.springframework.ldap.core.DirContextAdapter; import org.springframework.security.BadCredentialsException; import org.springframework.security.GrantedAuthority; -import org.springframework.security.GrantedAuthorityImpl; import org.springframework.security.context.SecurityContextHolder; import org.springframework.security.ldap.AbstractLdapIntegrationTests; import org.springframework.security.ldap.DefaultLdapUsernameToDnMapper; import org.springframework.security.ldap.SpringSecurityLdapTemplate; import org.springframework.security.providers.UsernamePasswordAuthenticationToken; import org.springframework.security.userdetails.UsernameNotFoundException; -import org.springframework.ldap.core.DirContextAdapter; - -import org.junit.After; -import static org.junit.Assert.*; -import org.junit.Test; +import org.springframework.security.util.AuthorityUtils; /** * @author Luke Taylor * @version $Id$ */ public class LdapUserDetailsManagerTests extends AbstractLdapIntegrationTests { - private static final GrantedAuthority[] TEST_AUTHORITIES = new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_CLOWNS"), - new GrantedAuthorityImpl("ROLE_ACROBATS")}; + private static final List TEST_AUTHORITIES = AuthorityUtils.createAuthorityList("ROLE_CLOWNS","ROLE_ACROBATS"); private LdapUserDetailsManager mgr; private SpringSecurityLdapTemplate template; @@ -94,7 +98,7 @@ public class LdapUserDetailsManagerTests extends AbstractLdapIntegrationTests { assertEquals("uid=bob, ou=people, dc=springframework, dc=org", bob.getDn()); assertEquals("bobspassword", bob.getPassword()); - assertEquals(1, bob.getAuthorities().length); + assertEquals(1, bob.getAuthorities().size()); } @Test(expected = UsernameNotFoundException.class) @@ -150,7 +154,7 @@ public class LdapUserDetailsManagerTests extends AbstractLdapIntegrationTests { InetOrgPerson don = (InetOrgPerson) mgr.loadUserByUsername("don"); - assertEquals(2, don.getAuthorities().length); + assertEquals(2, don.getAuthorities().size()); mgr.deleteUser("don"); @@ -162,7 +166,7 @@ public class LdapUserDetailsManagerTests extends AbstractLdapIntegrationTests { } // Check that no authorities are left - assertEquals(0, mgr.getUserAuthorities(mgr.usernameMapper.buildDn("don"), "don").length); + assertEquals(0, mgr.getUserAuthorities(mgr.usernameMapper.buildDn("don"), "don").size()); } @Test diff --git a/core/src/test/java/org/springframework/security/userdetails/ldap/LdapUserDetailsMapperTests.java b/core/src/test/java/org/springframework/security/userdetails/ldap/LdapUserDetailsMapperTests.java index 367e29379c..54dcf41d07 100644 --- a/core/src/test/java/org/springframework/security/userdetails/ldap/LdapUserDetailsMapperTests.java +++ b/core/src/test/java/org/springframework/security/userdetails/ldap/LdapUserDetailsMapperTests.java @@ -15,14 +15,14 @@ package org.springframework.security.userdetails.ldap; -import junit.framework.TestCase; - -import javax.naming.directory.BasicAttributes; import javax.naming.directory.BasicAttribute; +import javax.naming.directory.BasicAttributes; + +import junit.framework.TestCase; import org.springframework.ldap.core.DirContextAdapter; import org.springframework.ldap.core.DistinguishedName; -import org.springframework.security.GrantedAuthority; +import org.springframework.security.util.AuthorityUtils; /** * Tests {@link LdapUserDetailsMapper}. @@ -32,7 +32,6 @@ import org.springframework.security.GrantedAuthority; */ public class LdapUserDetailsMapperTests extends TestCase { - public void testMultipleRoleAttributeValuesAreMappedToAuthorities() throws Exception { LdapUserDetailsMapper mapper = new LdapUserDetailsMapper(); mapper.setConvertToUpperCase(false); @@ -45,9 +44,9 @@ public class LdapUserDetailsMapperTests extends TestCase { ctx.setAttributeValues("userRole", new String[] {"X", "Y", "Z"}); ctx.setAttributeValue("uid", "ani"); - LdapUserDetailsImpl user = (LdapUserDetailsImpl) mapper.mapUserFromContext(ctx, "ani", new GrantedAuthority[0]); + LdapUserDetailsImpl user = (LdapUserDetailsImpl) mapper.mapUserFromContext(ctx, "ani", AuthorityUtils.NO_AUTHORITIES); - assertEquals(3, user.getAuthorities().length); + assertEquals(3, user.getAuthorities().size()); } /** @@ -64,27 +63,12 @@ public class LdapUserDetailsMapperTests extends TestCase { DirContextAdapter ctx = new DirContextAdapter(attrs, new DistinguishedName("cn=someName")); ctx.setAttributeValue("uid", "ani"); - LdapUserDetailsImpl user = (LdapUserDetailsImpl) mapper.mapUserFromContext(ctx, "ani", new GrantedAuthority[0]); + LdapUserDetailsImpl user = (LdapUserDetailsImpl) mapper.mapUserFromContext(ctx, "ani", AuthorityUtils.NO_AUTHORITIES); - assertEquals(1, user.getAuthorities().length); - assertEquals("ROLE_X", user.getAuthorities()[0].getAuthority()); + assertEquals(1, user.getAuthorities().size()); + assertEquals("ROLE_X", user.getAuthorities().get(0).getAuthority()); } -// public void testNonStringRoleAttributeIsIgnoredByDefault() throws Exception { -// LdapUserDetailsMapper mapper = new LdapUserDetailsMapper(); -// -// mapper.setRoleAttributes(new String[] {"userRole"}); -// -// BasicAttributes attrs = new BasicAttributes(); -// attrs.put(new BasicAttribute("userRole", new GrantedAuthorityImpl("X"))); -// -// DirContextAdapter ctx = new DirContextAdapter(attrs, new DistinguishedName("cn=someName")); -// -// LdapUserDetailsImpl.Essence user = (LdapUserDetailsImpl.Essence) mapper.mapFromContext(ctx); -// -// assertEquals(0, user.getGrantedAuthorities().length); -// } - public void testPasswordAttributeIsMappedCorrectly() throws Exception { LdapUserDetailsMapper mapper = new LdapUserDetailsMapper(); @@ -95,7 +79,7 @@ public class LdapUserDetailsMapperTests extends TestCase { DirContextAdapter ctx = new DirContextAdapter(attrs, new DistinguishedName("cn=someName")); ctx.setAttributeValue("uid", "ani"); - LdapUserDetails user = (LdapUserDetailsImpl) mapper.mapUserFromContext(ctx, "ani", new GrantedAuthority[0]); + LdapUserDetails user = (LdapUserDetailsImpl) mapper.mapUserFromContext(ctx, "ani", AuthorityUtils.NO_AUTHORITIES); assertEquals("mypassword", user.getPassword()); } diff --git a/core/src/test/java/org/springframework/security/userdetails/ldap/LdapUserDetailsServiceTests.java b/core/src/test/java/org/springframework/security/userdetails/ldap/LdapUserDetailsServiceTests.java index d997a3a36e..37f7783219 100644 --- a/core/src/test/java/org/springframework/security/userdetails/ldap/LdapUserDetailsServiceTests.java +++ b/core/src/test/java/org/springframework/security/userdetails/ldap/LdapUserDetailsServiceTests.java @@ -1,19 +1,20 @@ package org.springframework.security.userdetails.ldap; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertTrue; + +import java.util.List; +import java.util.Set; + +import org.junit.Test; +import org.springframework.ldap.core.DirContextAdapter; +import org.springframework.ldap.core.DirContextOperations; +import org.springframework.ldap.core.DistinguishedName; import org.springframework.security.GrantedAuthority; -import org.springframework.security.GrantedAuthorityImpl; import org.springframework.security.ldap.LdapAuthoritiesPopulator; import org.springframework.security.providers.ldap.authenticator.MockUserSearch; import org.springframework.security.userdetails.UserDetails; import org.springframework.security.util.AuthorityUtils; -import org.springframework.ldap.core.DirContextAdapter; -import org.springframework.ldap.core.DirContextOperations; -import org.springframework.ldap.core.DistinguishedName; - -import static org.junit.Assert.*; -import org.junit.Test; - -import java.util.Set; /** * Tests for {@link LdapUserDetailsService} @@ -49,8 +50,8 @@ public class LdapUserDetailsServiceTests { } class MockAuthoritiesPopulator implements LdapAuthoritiesPopulator { - public GrantedAuthority[] getGrantedAuthorities(DirContextOperations userCtx, String username) { - return new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_FROM_POPULATOR")}; + public List getGrantedAuthorities(DirContextOperations userCtx, String username) { + return AuthorityUtils.createAuthorityList("ROLE_FROM_POPULATOR"); } } } diff --git a/core/src/test/java/org/springframework/security/userdetails/memory/UserMapEditorTests.java b/core/src/test/java/org/springframework/security/userdetails/memory/UserMapEditorTests.java index 71b8a44da3..ce20d2fd4f 100644 --- a/core/src/test/java/org/springframework/security/userdetails/memory/UserMapEditorTests.java +++ b/core/src/test/java/org/springframework/security/userdetails/memory/UserMapEditorTests.java @@ -63,8 +63,8 @@ public class UserMapEditorTests extends TestCase { UserMap map = (UserMap) editor.getValue(); assertEquals("rod", map.getUser("rod").getUsername()); assertEquals("koala", map.getUser("rod").getPassword()); - assertEquals("ROLE_ONE", map.getUser("rod").getAuthorities()[0].getAuthority()); - assertEquals("ROLE_TWO", map.getUser("rod").getAuthorities()[1].getAuthority()); + assertEquals("ROLE_ONE", map.getUser("rod").getAuthorities().get(0).getAuthority()); + assertEquals("ROLE_TWO", map.getUser("rod").getAuthorities().get(1).getAuthority()); assertTrue(map.getUser("rod").isEnabled()); } diff --git a/core/src/test/java/org/springframework/security/util/AuthorityUtilsTests.java b/core/src/test/java/org/springframework/security/util/AuthorityUtilsTests.java index 154fff0ec3..9b4df56492 100644 --- a/core/src/test/java/org/springframework/security/util/AuthorityUtilsTests.java +++ b/core/src/test/java/org/springframework/security/util/AuthorityUtilsTests.java @@ -10,6 +10,7 @@ import static org.junit.Assert.assertTrue; import org.junit.Before; import org.junit.Test; +import java.util.Arrays; import java.util.Set; /** @@ -39,7 +40,7 @@ public class AuthorityUtilsTests { @Test public void userHasAuthorityReturnsTrueWhenUserHasCorrectAuthority() { SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken("user", "password", - AuthorityUtils.stringArrayToAuthorityArray(new String[] {"A", "B"}))); + AuthorityUtils.createAuthorityList("A", "B"))); assertTrue(AuthorityUtils.userHasAuthority("A")); assertTrue(AuthorityUtils.userHasAuthority("B")); assertFalse(AuthorityUtils.userHasAuthority("C")); @@ -50,7 +51,7 @@ public class AuthorityUtilsTests { GrantedAuthority[] authorityArray = AuthorityUtils.commaSeparatedStringToAuthorityArray(" ROLE_A, B, C, ROLE_D, E "); - Set authorities = AuthorityUtils.authorityArrayToSet(authorityArray); + Set authorities = AuthorityUtils.authorityArrayToSet(Arrays.asList(authorityArray)); assertTrue(authorities.contains("B")); assertTrue(authorities.contains("C")); diff --git a/core/src/test/java/org/springframework/security/vote/UnanimousBasedTests.java b/core/src/test/java/org/springframework/security/vote/UnanimousBasedTests.java index cc8be6f055..a5be59c0c3 100644 --- a/core/src/test/java/org/springframework/security/vote/UnanimousBasedTests.java +++ b/core/src/test/java/org/springframework/security/vote/UnanimousBasedTests.java @@ -22,8 +22,6 @@ import junit.framework.TestCase; import org.springframework.security.AccessDeniedException; import org.springframework.security.ConfigAttribute; -import org.springframework.security.GrantedAuthority; -import org.springframework.security.GrantedAuthorityImpl; import org.springframework.security.SecurityConfig; import org.springframework.security.providers.TestingAuthenticationToken; @@ -69,17 +67,11 @@ public class UnanimousBasedTests extends TestCase { } private TestingAuthenticationToken makeTestToken() { - return new TestingAuthenticationToken("somebody", "password", - new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_1"), new GrantedAuthorityImpl("ROLE_2")}); + return new TestingAuthenticationToken("somebody", "password", "ROLE_1", "ROLE_2"); } private TestingAuthenticationToken makeTestTokenWithFooBarPrefix() { - return new TestingAuthenticationToken("somebody", "password", - new GrantedAuthority[] {new GrantedAuthorityImpl("FOOBAR_1"), new GrantedAuthorityImpl("FOOBAR_2")}); - } - - public final void setUp() throws Exception { - super.setUp(); + return new TestingAuthenticationToken("somebody", "password", "FOOBAR_1", "FOOBAR_2"); } public void testOneAffirmativeVoteOneDenyVoteOneAbstainVoteDeniesAccess() throws Exception { diff --git a/core/src/test/java/org/springframework/security/wrapper/SecurityContextHolderAwareRequestWrapperTests.java b/core/src/test/java/org/springframework/security/wrapper/SecurityContextHolderAwareRequestWrapperTests.java index 3e43b4e2cb..75441c6321 100644 --- a/core/src/test/java/org/springframework/security/wrapper/SecurityContextHolderAwareRequestWrapperTests.java +++ b/core/src/test/java/org/springframework/security/wrapper/SecurityContextHolderAwareRequestWrapperTests.java @@ -19,7 +19,6 @@ import junit.framework.TestCase; import org.springframework.security.Authentication; import org.springframework.security.GrantedAuthority; -import org.springframework.security.GrantedAuthorityImpl; import org.springframework.security.context.SecurityContextHolder; import org.springframework.security.providers.TestingAuthenticationToken; import org.springframework.security.userdetails.User; @@ -51,8 +50,7 @@ public class SecurityContextHolderAwareRequestWrapperTests extends TestCase { } public void testCorrectOperationWithStringBasedPrincipal() throws Exception { - Authentication auth = new TestingAuthenticationToken("rod", "koala", - new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_FOO")}); + Authentication auth = new TestingAuthenticationToken("rod", "koala","ROLE_FOO"); SecurityContextHolder.getContext().setAuthentication(auth); MockHttpServletRequest request = new MockHttpServletRequest(); @@ -67,8 +65,7 @@ public class SecurityContextHolderAwareRequestWrapperTests extends TestCase { } public void testUseOfRolePrefixMeansItIsntNeededWhenCallngIsUserInRole() { - Authentication auth = new TestingAuthenticationToken("rod", "koala", - new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_FOO")}); + Authentication auth = new TestingAuthenticationToken("rod", "koala", "ROLE_FOO"); SecurityContextHolder.getContext().setAuthentication(auth); MockHttpServletRequest request = new MockHttpServletRequest(); @@ -81,8 +78,7 @@ public class SecurityContextHolderAwareRequestWrapperTests extends TestCase { public void testCorrectOperationWithUserDetailsBasedPrincipal() throws Exception { Authentication auth = new TestingAuthenticationToken(new User("rodAsUserDetails", "koala", true, true, - true, true, new GrantedAuthority[] {}), "koala", - new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_HELLO"), new GrantedAuthorityImpl("ROLE_FOOBAR")}); + true, true, new GrantedAuthority[] {}), "koala", "ROLE_HELLO", "ROLE_FOOBAR"); SecurityContextHolder.getContext().setAuthentication(auth); MockHttpServletRequest request = new MockHttpServletRequest(); @@ -111,8 +107,7 @@ public class SecurityContextHolderAwareRequestWrapperTests extends TestCase { } public void testRolesArentHeldIfAuthenticationPrincipalIsNull() throws Exception { - Authentication auth = new TestingAuthenticationToken(null, "koala", - new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_HELLO"), new GrantedAuthorityImpl("ROLE_FOOBAR")}); + Authentication auth = new TestingAuthenticationToken(null, "koala","ROLE_HELLO","ROLE_FOOBAR"); SecurityContextHolder.getContext().setAuthentication(auth); MockHttpServletRequest request = new MockHttpServletRequest(); diff --git a/ntlm/src/main/java/org/springframework/security/ui/ntlm/NtlmUsernamePasswordAuthenticationToken.java b/ntlm/src/main/java/org/springframework/security/ui/ntlm/NtlmUsernamePasswordAuthenticationToken.java index 4fb465ef4a..d0b0affc37 100755 --- a/ntlm/src/main/java/org/springframework/security/ui/ntlm/NtlmUsernamePasswordAuthenticationToken.java +++ b/ntlm/src/main/java/org/springframework/security/ui/ntlm/NtlmUsernamePasswordAuthenticationToken.java @@ -15,6 +15,8 @@ package org.springframework.security.ui.ntlm; +import java.util.List; + import jcifs.smb.NtlmPasswordAuthentication; import org.springframework.security.providers.UsernamePasswordAuthenticationToken; @@ -29,29 +31,29 @@ import org.springframework.security.util.AuthorityUtils; */ public class NtlmUsernamePasswordAuthenticationToken extends UsernamePasswordAuthenticationToken { - private static final long serialVersionUID = 1L; + private static final long serialVersionUID = 1L; /** * Dummy authority array which is passed to the constructor of the parent class, * ensuring that the "authenticated" property is set to "true" by default. See SEC-609. */ - private static final GrantedAuthority[] NTLM_AUTHENTICATED = - AuthorityUtils.stringArrayToAuthorityArray(new String[] {"NTLM_AUTHENTICATED"}); + private static final List NTLM_AUTHENTICATED = + AuthorityUtils.createAuthorityList("NTLM_AUTHENTICATED"); /** - * Spring Security often checks password ; but we do not have one. This is the replacement password - */ - public static final String DEFAULT_PASSWORD = ""; + * Spring Security often checks password ; but we do not have one. This is the replacement password + */ + public static final String DEFAULT_PASSWORD = ""; - /** - * Create an NTLM {@link UsernamePasswordAuthenticationToken} using the - * JCIFS {@link NtlmPasswordAuthentication} object. - * - * @param ntlmAuth The {@link NtlmPasswordAuthentication} object. - * @param stripDomain Uses just the username if true, - * otherwise use the username and domain name. - */ - public NtlmUsernamePasswordAuthenticationToken(final NtlmPasswordAuthentication ntlmAuth, final boolean stripDomain) { - super((stripDomain) ? ntlmAuth.getUsername() : ntlmAuth.getName(), DEFAULT_PASSWORD, NTLM_AUTHENTICATED); - } + /** + * Create an NTLM {@link UsernamePasswordAuthenticationToken} using the + * JCIFS {@link NtlmPasswordAuthentication} object. + * + * @param ntlmAuth The {@link NtlmPasswordAuthentication} object. + * @param stripDomain Uses just the username if true, + * otherwise use the username and domain name. + */ + public NtlmUsernamePasswordAuthenticationToken(NtlmPasswordAuthentication ntlmAuth, boolean stripDomain) { + super((stripDomain) ? ntlmAuth.getUsername() : ntlmAuth.getName(), DEFAULT_PASSWORD, NTLM_AUTHENTICATED); + } } diff --git a/openid/src/main/java/org/springframework/security/providers/openid/OpenIDAuthenticationToken.java b/openid/src/main/java/org/springframework/security/providers/openid/OpenIDAuthenticationToken.java index 28254c3b7f..907f795296 100644 --- a/openid/src/main/java/org/springframework/security/providers/openid/OpenIDAuthenticationToken.java +++ b/openid/src/main/java/org/springframework/security/providers/openid/OpenIDAuthenticationToken.java @@ -14,6 +14,10 @@ */ package org.springframework.security.providers.openid; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.List; + import org.springframework.security.GrantedAuthority; import org.springframework.security.providers.AbstractAuthenticationToken; @@ -34,7 +38,7 @@ public class OpenIDAuthenticationToken extends AbstractAuthenticationToken { //~ Constructors =================================================================================================== public OpenIDAuthenticationToken(OpenIDAuthenticationStatus status, String identityUrl, String message) { - super(new GrantedAuthority[0]); + super(new ArrayList(0)); this.status = status; this.identityUrl = identityUrl; this.message = message; @@ -46,7 +50,7 @@ public class OpenIDAuthenticationToken extends AbstractAuthenticationToken { * Do not use directly * */ - public OpenIDAuthenticationToken(GrantedAuthority[] authorities, OpenIDAuthenticationStatus status, String identityUrl) { + public OpenIDAuthenticationToken(List authorities, OpenIDAuthenticationStatus status, String identityUrl) { super(authorities); this.status = status; this.identityUrl = identityUrl; diff --git a/openid/src/test/java/org/springframework/security/providers/openid/OpenIDAuthenticationProviderTests.java b/openid/src/test/java/org/springframework/security/providers/openid/OpenIDAuthenticationProviderTests.java index 58dcb2d586..9127ebbe05 100644 --- a/openid/src/test/java/org/springframework/security/providers/openid/OpenIDAuthenticationProviderTests.java +++ b/openid/src/test/java/org/springframework/security/providers/openid/OpenIDAuthenticationProviderTests.java @@ -134,7 +134,7 @@ public class OpenIDAuthenticationProviderTests extends TestCase { assertNotNull(postAuth.getPrincipal()); assertEquals(preAuth.getPrincipal(), postAuth.getPrincipal()); assertNotNull(postAuth.getAuthorities()); - assertTrue(postAuth.getAuthorities().length > 0); + assertTrue(postAuth.getAuthorities().size() > 0); assertTrue(((OpenIDAuthenticationToken) postAuth).getStatus() == OpenIDAuthenticationStatus.SUCCESS); assertTrue(((OpenIDAuthenticationToken) postAuth).getMessage() == null); } diff --git a/portlet/src/main/java/org/springframework/security/ui/portlet/PortletPreAuthenticatedAuthenticationDetails.java b/portlet/src/main/java/org/springframework/security/ui/portlet/PortletPreAuthenticatedAuthenticationDetails.java index 8a818f8b94..d9d279fe77 100644 --- a/portlet/src/main/java/org/springframework/security/ui/portlet/PortletPreAuthenticatedAuthenticationDetails.java +++ b/portlet/src/main/java/org/springframework/security/ui/portlet/PortletPreAuthenticatedAuthenticationDetails.java @@ -1,6 +1,8 @@ package org.springframework.security.ui.portlet; import java.util.Arrays; +import java.util.Collections; +import java.util.List; import javax.portlet.PortletRequest; @@ -9,25 +11,22 @@ import org.springframework.security.MutableGrantedAuthoritiesContainer; import org.springframework.util.Assert; public class PortletPreAuthenticatedAuthenticationDetails extends PortletAuthenticationDetails implements MutableGrantedAuthoritiesContainer { - - private GrantedAuthority[] preAuthenticatedGrantedAuthorities = null; - + + private List preAuthenticatedGrantedAuthorities = null; + public PortletPreAuthenticatedAuthenticationDetails(PortletRequest request) { super(request); } - - public GrantedAuthority[] getGrantedAuthorities() { + + public List getGrantedAuthorities() { Assert.notNull(preAuthenticatedGrantedAuthorities, "Pre-authenticated granted authorities have not been set"); - GrantedAuthority[] result = new GrantedAuthority[preAuthenticatedGrantedAuthorities.length]; - System.arraycopy(preAuthenticatedGrantedAuthorities, 0, result, 0, result.length); - return result; + return preAuthenticatedGrantedAuthorities; } - public void setGrantedAuthorities(GrantedAuthority[] authorities) { - this.preAuthenticatedGrantedAuthorities = new GrantedAuthority[authorities.length]; - System.arraycopy(authorities, 0, preAuthenticatedGrantedAuthorities, 0, preAuthenticatedGrantedAuthorities.length); + public void setGrantedAuthorities(List authorities) { + this.preAuthenticatedGrantedAuthorities = Collections.unmodifiableList(authorities); } - + public String toString() { StringBuffer sb = new StringBuffer(); sb.append(super.toString() + "; "); diff --git a/portlet/src/main/java/org/springframework/security/ui/portlet/PortletPreAuthenticatedAuthenticationDetailsSource.java b/portlet/src/main/java/org/springframework/security/ui/portlet/PortletPreAuthenticatedAuthenticationDetailsSource.java index dff1386768..cafd72f52c 100644 --- a/portlet/src/main/java/org/springframework/security/ui/portlet/PortletPreAuthenticatedAuthenticationDetailsSource.java +++ b/portlet/src/main/java/org/springframework/security/ui/portlet/PortletPreAuthenticatedAuthenticationDetailsSource.java @@ -1,18 +1,19 @@ package org.springframework.security.ui.portlet; import java.util.ArrayList; +import java.util.Collection; import javax.portlet.PortletRequest; import org.springframework.security.ui.preauth.j2ee.AbstractPreAuthenticatedAuthenticationDetailsSource; public class PortletPreAuthenticatedAuthenticationDetailsSource extends AbstractPreAuthenticatedAuthenticationDetailsSource { - + public PortletPreAuthenticatedAuthenticationDetailsSource() { setClazz(PortletPreAuthenticatedAuthenticationDetails.class); } - protected String[] getUserRoles(Object context, String[] mappableRoles) { + protected Collection getUserRoles(Object context, String[] mappableRoles) { ArrayList portletRoles = new ArrayList(); for (int i = 0; i < mappableRoles.length; i++) { @@ -20,8 +21,9 @@ public class PortletPreAuthenticatedAuthenticationDetailsSource extends Abstract portletRoles.add(mappableRoles[i]); } } - - return (String[]) portletRoles.toArray(new String[portletRoles.size()]); + portletRoles.trimToSize(); + + return portletRoles; } } diff --git a/portlet/src/test/java/org/springframework/security/providers/portlet/PortletTestUtils.java b/portlet/src/test/java/org/springframework/security/providers/portlet/PortletTestUtils.java index 27865ff358..78d60235e8 100644 --- a/portlet/src/test/java/org/springframework/security/providers/portlet/PortletTestUtils.java +++ b/portlet/src/test/java/org/springframework/security/providers/portlet/PortletTestUtils.java @@ -40,73 +40,73 @@ import org.springframework.mock.web.portlet.MockRenderResponse; */ public class PortletTestUtils { - //~ Static fields/initializers ===================================================================================== + //~ Static fields/initializers ===================================================================================== - public static final String PORTALROLE1 = "ONE"; - public static final String PORTALROLE2 = "TWO"; + public static final String PORTALROLE1 = "ONE"; + public static final String PORTALROLE2 = "TWO"; - public static final String TESTUSER = "testuser"; - public static final String TESTCRED = PortletRequest.FORM_AUTH; - public static final String TESTROLE1 = "ROLE_" + PORTALROLE1; - public static final String TESTROLE2 = "ROLE_" + PORTALROLE2; + public static final String TESTUSER = "testuser"; + public static final String TESTCRED = PortletRequest.FORM_AUTH; + public static final String TESTROLE1 = "ROLE_" + PORTALROLE1; + public static final String TESTROLE2 = "ROLE_" + PORTALROLE2; - //~ Methods ======================================================================================================== + //~ Methods ======================================================================================================== - public static UserDetails createUser() { - return new User(PortletTestUtils.TESTUSER, "dummy", true, true, true, true, - new GrantedAuthority[] {new GrantedAuthorityImpl(TESTROLE1), new GrantedAuthorityImpl(TESTROLE2)}); - } + public static UserDetails createUser() { + return new User(PortletTestUtils.TESTUSER, "dummy", true, true, true, true, + new GrantedAuthority[] {new GrantedAuthorityImpl(TESTROLE1), new GrantedAuthorityImpl(TESTROLE2)}); + } public static void applyPortletRequestSecurity(MockPortletRequest request) { - request.setRemoteUser(TESTUSER); - request.setUserPrincipal(new TestingAuthenticationToken(TESTUSER, TESTCRED)); - request.addUserRole(PORTALROLE1); - request.addUserRole(PORTALROLE2); + request.setRemoteUser(TESTUSER); + request.setUserPrincipal(new TestingAuthenticationToken(TESTUSER, TESTCRED)); + request.addUserRole(PORTALROLE1); + request.addUserRole(PORTALROLE2); // request.setAuthType(PortletRequest.FORM_AUTH); } public static MockRenderRequest createRenderRequest() { - MockRenderRequest request = new MockRenderRequest(); - applyPortletRequestSecurity(request); - return request; + MockRenderRequest request = new MockRenderRequest(); + applyPortletRequestSecurity(request); + return request; } public static MockRenderResponse createRenderResponse() { - MockRenderResponse response = new MockRenderResponse(); - return response; + MockRenderResponse response = new MockRenderResponse(); + return response; } public static MockActionRequest createActionRequest() { - MockActionRequest request = new MockActionRequest(); - applyPortletRequestSecurity(request); - return request; + MockActionRequest request = new MockActionRequest(); + applyPortletRequestSecurity(request); + return request; } public static MockActionResponse createActionResponse() { - MockActionResponse response = new MockActionResponse(); - return response; + MockActionResponse response = new MockActionResponse(); + return response; } - public static PreAuthenticatedAuthenticationToken createToken(PortletRequest request) { - PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken(TESTUSER, TESTCRED); - token.setDetails(new PortletAuthenticationDetails(request)); - return token; - } + public static PreAuthenticatedAuthenticationToken createToken(PortletRequest request) { + PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken(TESTUSER, TESTCRED); + token.setDetails(new PortletAuthenticationDetails(request)); + return token; + } - public static PreAuthenticatedAuthenticationToken createToken() { - MockRenderRequest request = createRenderRequest(); - return createToken(request); - } + public static PreAuthenticatedAuthenticationToken createToken() { + MockRenderRequest request = createRenderRequest(); + return createToken(request); + } - public static PreAuthenticatedAuthenticationToken createAuthenticatedToken(UserDetails user) { - PreAuthenticatedAuthenticationToken result = new PreAuthenticatedAuthenticationToken( - user, user.getPassword(), user.getAuthorities()); - result.setAuthenticated(true); - return result; - } + public static PreAuthenticatedAuthenticationToken createAuthenticatedToken(UserDetails user) { + PreAuthenticatedAuthenticationToken result = new PreAuthenticatedAuthenticationToken( + user, user.getPassword(), user.getAuthorities().toArray(new GrantedAuthority[0])); + result.setAuthenticated(true); + return result; + } - public static PreAuthenticatedAuthenticationToken createAuthenticatedToken() { - return createAuthenticatedToken(createUser()); - } + public static PreAuthenticatedAuthenticationToken createAuthenticatedToken() { + return createAuthenticatedToken(createUser()); + } } diff --git a/portlet/src/test/java/org/springframework/security/ui/portlet/PortletProcessingInterceptorTests.java b/portlet/src/test/java/org/springframework/security/ui/portlet/PortletProcessingInterceptorTests.java index 22b8483104..2cb58f8e72 100644 --- a/portlet/src/test/java/org/springframework/security/ui/portlet/PortletProcessingInterceptorTests.java +++ b/portlet/src/test/java/org/springframework/security/ui/portlet/PortletProcessingInterceptorTests.java @@ -50,236 +50,236 @@ import org.springframework.mock.web.portlet.MockRenderResponse; */ public class PortletProcessingInterceptorTests extends TestCase { - //~ Constructors =================================================================================================== + //~ Constructors =================================================================================================== - public PortletProcessingInterceptorTests() { - super(); - } + public PortletProcessingInterceptorTests() { + super(); + } - public PortletProcessingInterceptorTests(String arg0) { - super(arg0); - } + public PortletProcessingInterceptorTests(String arg0) { + super(arg0); + } - //~ Methods ======================================================================================================== + //~ Methods ======================================================================================================== - public void setUp() throws Exception { - super.setUp(); - SecurityContextHolder.clearContext(); - } + public void setUp() throws Exception { + super.setUp(); + SecurityContextHolder.clearContext(); + } - public void tearDown() throws Exception { - super.tearDown(); - SecurityContextHolder.clearContext(); - } + public void tearDown() throws Exception { + super.tearDown(); + SecurityContextHolder.clearContext(); + } - public void testRequiresAuthenticationManager() throws Exception { - PortletProcessingInterceptor interceptor = new PortletProcessingInterceptor(); - - try { - interceptor.afterPropertiesSet(); - fail("Expected IllegalArgumentException"); - } catch (IllegalArgumentException e) { - // ignored - } - } + public void testRequiresAuthenticationManager() throws Exception { + PortletProcessingInterceptor interceptor = new PortletProcessingInterceptor(); - public void testNormalRenderRequestProcessing() throws Exception { + try { + interceptor.afterPropertiesSet(); + fail("Expected IllegalArgumentException"); + } catch (IllegalArgumentException e) { + // ignored + } + } - // Build mock request and response - MockRenderRequest request = PortletTestUtils.createRenderRequest(); - MockRenderResponse response = PortletTestUtils.createRenderResponse(); + public void testNormalRenderRequestProcessing() throws Exception { - // Prepare interceptor - PortletProcessingInterceptor interceptor = new PortletProcessingInterceptor(); - interceptor.setAuthenticationManager(new MockPortletAuthenticationManager()); - interceptor.afterPropertiesSet(); + // Build mock request and response + MockRenderRequest request = PortletTestUtils.createRenderRequest(); + MockRenderResponse response = PortletTestUtils.createRenderResponse(); - // Execute preHandlerRender phase and verify results - interceptor.preHandleRender(request, response, null); - assertEquals(PortletTestUtils.createAuthenticatedToken(), - SecurityContextHolder.getContext().getAuthentication()); + // Prepare interceptor + PortletProcessingInterceptor interceptor = new PortletProcessingInterceptor(); + interceptor.setAuthenticationManager(new MockPortletAuthenticationManager()); + interceptor.afterPropertiesSet(); - // Execute postHandlerRender phase and verify nothing changed - interceptor.postHandleRender(request, response, null, null); - assertEquals(PortletTestUtils.createAuthenticatedToken(), - SecurityContextHolder.getContext().getAuthentication()); + // Execute preHandlerRender phase and verify results + interceptor.preHandleRender(request, response, null); + assertEquals(PortletTestUtils.createAuthenticatedToken(), + SecurityContextHolder.getContext().getAuthentication()); - // Execute afterRenderCompletion phase and verify nothing changed - interceptor.afterRenderCompletion(request, response, null, null); - assertEquals(PortletTestUtils.createAuthenticatedToken(), - SecurityContextHolder.getContext().getAuthentication()); - } + // Execute postHandlerRender phase and verify nothing changed + interceptor.postHandleRender(request, response, null, null); + assertEquals(PortletTestUtils.createAuthenticatedToken(), + SecurityContextHolder.getContext().getAuthentication()); - public void testNormalActionRequestProcessing() throws Exception { + // Execute afterRenderCompletion phase and verify nothing changed + interceptor.afterRenderCompletion(request, response, null, null); + assertEquals(PortletTestUtils.createAuthenticatedToken(), + SecurityContextHolder.getContext().getAuthentication()); + } - // Build mock request and response - MockActionRequest request = PortletTestUtils.createActionRequest(); - MockActionResponse response = PortletTestUtils.createActionResponse(); + public void testNormalActionRequestProcessing() throws Exception { - // Prepare interceptor - PortletProcessingInterceptor interceptor = new PortletProcessingInterceptor(); - interceptor.setAuthenticationManager(new MockPortletAuthenticationManager()); - interceptor.afterPropertiesSet(); + // Build mock request and response + MockActionRequest request = PortletTestUtils.createActionRequest(); + MockActionResponse response = PortletTestUtils.createActionResponse(); - // Execute preHandlerAction phase and verify results - interceptor.preHandleAction(request, response, null); - assertEquals(PortletTestUtils.createAuthenticatedToken(), - SecurityContextHolder.getContext().getAuthentication()); + // Prepare interceptor + PortletProcessingInterceptor interceptor = new PortletProcessingInterceptor(); + interceptor.setAuthenticationManager(new MockPortletAuthenticationManager()); + interceptor.afterPropertiesSet(); - // Execute afterActionCompletion phase and verify nothing changed - interceptor.afterActionCompletion(request, response, null, null); - assertEquals(PortletTestUtils.createAuthenticatedToken(), - SecurityContextHolder.getContext().getAuthentication()); - } + // Execute preHandlerAction phase and verify results + interceptor.preHandleAction(request, response, null); + assertEquals(PortletTestUtils.createAuthenticatedToken(), + SecurityContextHolder.getContext().getAuthentication()); - public void testAuthenticationFailsWithNoCredentials() - throws Exception { + // Execute afterActionCompletion phase and verify nothing changed + interceptor.afterActionCompletion(request, response, null, null); + assertEquals(PortletTestUtils.createAuthenticatedToken(), + SecurityContextHolder.getContext().getAuthentication()); + } - // Build mock request and response - MockActionRequest request = new MockActionRequest(); - MockActionResponse response = new MockActionResponse(); + public void testAuthenticationFailsWithNoCredentials() + throws Exception { - // Prepare and execute interceptor - PortletProcessingInterceptor interceptor = new PortletProcessingInterceptor(); - interceptor.setAuthenticationManager(new MockPortletAuthenticationManager()); - interceptor.afterPropertiesSet(); - interceptor.preHandleAction(request, response, null); + // Build mock request and response + MockActionRequest request = new MockActionRequest(); + MockActionResponse response = new MockActionResponse(); - // Verify that authentication is empty - assertNull(SecurityContextHolder.getContext().getAuthentication()); + // Prepare and execute interceptor + PortletProcessingInterceptor interceptor = new PortletProcessingInterceptor(); + interceptor.setAuthenticationManager(new MockPortletAuthenticationManager()); + interceptor.afterPropertiesSet(); + interceptor.preHandleAction(request, response, null); - // Verify that proper exception was thrown - assertTrue(request.getPortletSession().getAttribute( - AbstractProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY, - PortletSession.APPLICATION_SCOPE) - instanceof BadCredentialsException); - } + // Verify that authentication is empty + assertNull(SecurityContextHolder.getContext().getAuthentication()); - public void testExistingAuthenticationIsLeftAlone() throws Exception { + // Verify that proper exception was thrown + assertTrue(request.getPortletSession().getAttribute( + AbstractProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY, + PortletSession.APPLICATION_SCOPE) + instanceof BadCredentialsException); + } - // Build mock request and response - MockActionRequest request = PortletTestUtils.createActionRequest(); - MockActionResponse response = PortletTestUtils.createActionResponse(); + public void testExistingAuthenticationIsLeftAlone() throws Exception { - // Prepare interceptor - PortletProcessingInterceptor interceptor = new PortletProcessingInterceptor(); - interceptor.setAuthenticationManager(new MockPortletAuthenticationManager()); - interceptor.afterPropertiesSet(); + // Build mock request and response + MockActionRequest request = PortletTestUtils.createActionRequest(); + MockActionResponse response = PortletTestUtils.createActionResponse(); - UsernamePasswordAuthenticationToken testingToken = new UsernamePasswordAuthenticationToken("dummy", "dummy"); - UsernamePasswordAuthenticationToken baselineToken = new UsernamePasswordAuthenticationToken("dummy", "dummy"); - SecurityContextHolder.getContext().setAuthentication(testingToken); + // Prepare interceptor + PortletProcessingInterceptor interceptor = new PortletProcessingInterceptor(); + interceptor.setAuthenticationManager(new MockPortletAuthenticationManager()); + interceptor.afterPropertiesSet(); - // Execute preHandlerAction phase and verify results - interceptor.preHandleAction(request, response, null); - assertTrue(SecurityContextHolder.getContext().getAuthentication() == testingToken); - assertEquals(baselineToken, SecurityContextHolder.getContext().getAuthentication()); + UsernamePasswordAuthenticationToken testingToken = new UsernamePasswordAuthenticationToken("dummy", "dummy"); + UsernamePasswordAuthenticationToken baselineToken = new UsernamePasswordAuthenticationToken("dummy", "dummy"); + SecurityContextHolder.getContext().setAuthentication(testingToken); - // Execute afterActionCompletion phase and verify nothing changed - interceptor.afterActionCompletion(request, response, null, null); - assertTrue(SecurityContextHolder.getContext().getAuthentication() == testingToken); - assertEquals(baselineToken, SecurityContextHolder.getContext().getAuthentication()); - } + // Execute preHandlerAction phase and verify results + interceptor.preHandleAction(request, response, null); + assertTrue(SecurityContextHolder.getContext().getAuthentication() == testingToken); + assertEquals(baselineToken, SecurityContextHolder.getContext().getAuthentication()); - public void testUsernameFromRemoteUser() throws Exception { + // Execute afterActionCompletion phase and verify nothing changed + interceptor.afterActionCompletion(request, response, null, null); + assertTrue(SecurityContextHolder.getContext().getAuthentication() == testingToken); + assertEquals(baselineToken, SecurityContextHolder.getContext().getAuthentication()); + } - // Build mock request and response - MockActionRequest request = new MockActionRequest(); - MockActionResponse response = new MockActionResponse(); - request.setRemoteUser(PortletTestUtils.TESTUSER); - request.setAuthType(PortletRequest.FORM_AUTH); + public void testUsernameFromRemoteUser() throws Exception { - // Prepare and execute interceptor - PortletProcessingInterceptor interceptor = new PortletProcessingInterceptor(); - interceptor.setAuthenticationManager(new MockPortletAuthenticationManager()); - interceptor.afterPropertiesSet(); - interceptor.preHandleAction(request, response, null); + // Build mock request and response + MockActionRequest request = new MockActionRequest(); + MockActionResponse response = new MockActionResponse(); + request.setRemoteUser(PortletTestUtils.TESTUSER); + request.setAuthType(PortletRequest.FORM_AUTH); - // Verify username - assertEquals(PortletTestUtils.TESTUSER, - SecurityContextHolder.getContext().getAuthentication().getName()); - } + // Prepare and execute interceptor + PortletProcessingInterceptor interceptor = new PortletProcessingInterceptor(); + interceptor.setAuthenticationManager(new MockPortletAuthenticationManager()); + interceptor.afterPropertiesSet(); + interceptor.preHandleAction(request, response, null); - public void testUsernameFromPrincipal() throws Exception { + // Verify username + assertEquals(PortletTestUtils.TESTUSER, + SecurityContextHolder.getContext().getAuthentication().getName()); + } - // Build mock request and response - MockActionRequest request = new MockActionRequest(); - MockActionResponse response = new MockActionResponse(); - request.setUserPrincipal(new TestingAuthenticationToken(PortletTestUtils.TESTUSER, PortletTestUtils.TESTCRED)); - request.setAuthType(PortletRequest.FORM_AUTH); + public void testUsernameFromPrincipal() throws Exception { - // Prepare and execute interceptor - PortletProcessingInterceptor interceptor = new PortletProcessingInterceptor(); - interceptor.setAuthenticationManager(new MockPortletAuthenticationManager()); - interceptor.afterPropertiesSet(); - interceptor.preHandleAction(request, response, null); + // Build mock request and response + MockActionRequest request = new MockActionRequest(); + MockActionResponse response = new MockActionResponse(); + request.setUserPrincipal(new TestingAuthenticationToken(PortletTestUtils.TESTUSER, PortletTestUtils.TESTCRED)); + request.setAuthType(PortletRequest.FORM_AUTH); - // Verify username - assertEquals(PortletTestUtils.TESTUSER, - SecurityContextHolder.getContext().getAuthentication().getName()); - } + // Prepare and execute interceptor + PortletProcessingInterceptor interceptor = new PortletProcessingInterceptor(); + interceptor.setAuthenticationManager(new MockPortletAuthenticationManager()); + interceptor.afterPropertiesSet(); + interceptor.preHandleAction(request, response, null); - public void testUsernameFromUserInfo() throws Exception { + // Verify username + assertEquals(PortletTestUtils.TESTUSER, + SecurityContextHolder.getContext().getAuthentication().getName()); + } - // Build mock request and response - MockActionRequest request = new MockActionRequest(); - MockActionResponse response = new MockActionResponse(); - HashMap userInfo = new HashMap(); - userInfo.put("user.name.given", "Test"); - userInfo.put("user.name.family", "User"); - userInfo.put("user.id", "mytestuser"); - request.setAttribute(PortletRequest.USER_INFO, userInfo); - request.setAuthType(PortletRequest.FORM_AUTH); + public void testUsernameFromUserInfo() throws Exception { - // Prepare and execute interceptor - PortletProcessingInterceptor interceptor = new PortletProcessingInterceptor(); - interceptor.setAuthenticationManager(new MockPortletAuthenticationManager()); - ArrayList userNameAttributes = new ArrayList(); - userNameAttributes.add("user.name"); - userNameAttributes.add("user.id"); - interceptor.setUserNameAttributes(userNameAttributes); - interceptor.afterPropertiesSet(); - interceptor.preHandleAction(request, response, null); + // Build mock request and response + MockActionRequest request = new MockActionRequest(); + MockActionResponse response = new MockActionResponse(); + HashMap userInfo = new HashMap(); + userInfo.put("user.name.given", "Test"); + userInfo.put("user.name.family", "User"); + userInfo.put("user.id", "mytestuser"); + request.setAttribute(PortletRequest.USER_INFO, userInfo); + request.setAuthType(PortletRequest.FORM_AUTH); - // Verify username - assertEquals("mytestuser", SecurityContextHolder.getContext().getAuthentication().getName()); - } + // Prepare and execute interceptor + PortletProcessingInterceptor interceptor = new PortletProcessingInterceptor(); + interceptor.setAuthenticationManager(new MockPortletAuthenticationManager()); + ArrayList userNameAttributes = new ArrayList(); + userNameAttributes.add("user.name"); + userNameAttributes.add("user.id"); + interceptor.setUserNameAttributes(userNameAttributes); + interceptor.afterPropertiesSet(); + interceptor.preHandleAction(request, response, null); - //~ Inner Classes ================================================================================================== + // Verify username + assertEquals("mytestuser", SecurityContextHolder.getContext().getAuthentication().getName()); + } - private static class MockPortletAuthenticationManager implements AuthenticationManager { + //~ Inner Classes ================================================================================================== - public Authentication authenticate(Authentication token) { + private static class MockPortletAuthenticationManager implements AuthenticationManager { - // Make sure we got a valid token - if (!(token instanceof PreAuthenticatedAuthenticationToken)) { - TestCase.fail("Expected PreAuthenticatedAuthenticationToken object-- got: " + token); - } + public Authentication authenticate(Authentication token) { - // Make sure the token details are the PortletRequest + // Make sure we got a valid token + if (!(token instanceof PreAuthenticatedAuthenticationToken)) { + TestCase.fail("Expected PreAuthenticatedAuthenticationToken object-- got: " + token); + } + + // Make sure the token details are the PortletRequest // if (!(token.getDetails() instanceof PortletRequest)) { // TestCase.fail("Expected Authentication.getDetails to be a PortletRequest object -- got: " + token.getDetails()); // } - // Make sure it's got a principal - if (token.getPrincipal() == null) { - throw new BadCredentialsException("Mock authentication manager rejecting null principal"); - } + // Make sure it's got a principal + if (token.getPrincipal() == null) { + throw new BadCredentialsException("Mock authentication manager rejecting null principal"); + } - // Make sure it's got credentials - if (token.getCredentials() == null) { - throw new BadCredentialsException("Mock authentication manager rejecting null credentials"); - } + // Make sure it's got credentials + if (token.getCredentials() == null) { + throw new BadCredentialsException("Mock authentication manager rejecting null credentials"); + } - // create resulting Authentication object - User user = new User(token.getName(), token.getCredentials().toString(), true, true, true, true, - new GrantedAuthority[] {new GrantedAuthorityImpl(PortletTestUtils.TESTROLE1), new GrantedAuthorityImpl(PortletTestUtils.TESTROLE2)}); - PreAuthenticatedAuthenticationToken result = new PreAuthenticatedAuthenticationToken( - user, user.getPassword(), user.getAuthorities()); - result.setAuthenticated(true); - return result; - } + // create resulting Authentication object + User user = new User(token.getName(), token.getCredentials().toString(), true, true, true, true, + new GrantedAuthority[] {new GrantedAuthorityImpl(PortletTestUtils.TESTROLE1), new GrantedAuthorityImpl(PortletTestUtils.TESTROLE2)}); + PreAuthenticatedAuthenticationToken result = new PreAuthenticatedAuthenticationToken( + user, user.getPassword(), user.getAuthorities().toArray(new GrantedAuthority[0])); + result.setAuthenticated(true); + return result; + } - } + } } diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/authz/AclTag.java b/taglibs/src/main/java/org/springframework/security/taglibs/authz/AclTag.java index 8bcbf85803..7dc924c224 100644 --- a/taglibs/src/main/java/org/springframework/security/taglibs/authz/AclTag.java +++ b/taglibs/src/main/java/org/springframework/security/taglibs/authz/AclTag.java @@ -46,16 +46,19 @@ import javax.servlet.jsp.tagext.TagSupport; /** * An implementation of {@link javax.servlet.jsp.tagext.Tag} that allows its body through if some authorizations - * are granted to the request's principal.

Only works with permissions that are subclasses of {@link - * org.springframework.security.acl.basic.BasicAclEntry}.

- *

One or more comma separate integer permissions are specified via the hasPermission attribute. + * are granted to the request's principal. + *

+ * Only works with permissions that are subclasses of {@link org.springframework.security.acl.basic.BasicAclEntry}. + *

+ * One or more comma separate integer permissions are specified via the hasPermission attribute. * The tag will include its body if any of the integer permissions have been granted to the current - * Authentication (obtained from the SecurityContextHolder).

- *

For this class to operate it must be able to access the application context via the + * Authentication (obtained from the SecurityContextHolder). + *

+ * For this class to operate it must be able to access the application context via the * WebApplicationContextUtils and locate an {@link AclManager}. Application contexts have no need to have * more than one AclManager (as a provider-based implementation can be used so that it locates a provider * that is authoritative for the given domain object instance), so the first AclManager located will be - * used.

+ * used. * * @author Ben Alex * @version $Id$ diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/authz/AuthorizeTag.java b/taglibs/src/main/java/org/springframework/security/taglibs/authz/AuthorizeTag.java index 5643d54921..85f4a1b2ca 100644 --- a/taglibs/src/main/java/org/springframework/security/taglibs/authz/AuthorizeTag.java +++ b/taglibs/src/main/java/org/springframework/security/taglibs/authz/AuthorizeTag.java @@ -15,17 +15,6 @@ package org.springframework.security.taglibs.authz; -import org.springframework.security.Authentication; -import org.springframework.security.GrantedAuthority; -import org.springframework.security.GrantedAuthorityImpl; - -import org.springframework.security.context.SecurityContextHolder; - -import org.springframework.util.StringUtils; - -import org.springframework.web.util.ExpressionEvaluationUtils; - -import java.util.Arrays; import java.util.Collection; import java.util.Collections; import java.util.HashSet; @@ -36,6 +25,13 @@ import javax.servlet.jsp.JspException; import javax.servlet.jsp.tagext.Tag; import javax.servlet.jsp.tagext.TagSupport; +import org.springframework.security.Authentication; +import org.springframework.security.GrantedAuthority; +import org.springframework.security.GrantedAuthorityImpl; +import org.springframework.security.context.SecurityContextHolder; +import org.springframework.util.StringUtils; +import org.springframework.web.util.ExpressionEvaluationUtils; + /** * An implementation of {@link javax.servlet.jsp.tagext.Tag} that allows it's body through if some authorizations @@ -125,20 +121,18 @@ public class AuthorizeTag extends TagSupport { return ifNotGranted; } - private Collection getPrincipalAuthorities() { + private Collection getPrincipalAuthorities() { Authentication currentUser = SecurityContextHolder.getContext().getAuthentication(); if (null == currentUser) { - return Collections.EMPTY_LIST; + return Collections.emptyList(); } - if ((null == currentUser.getAuthorities()) || (currentUser.getAuthorities().length < 1)) { - return Collections.EMPTY_LIST; + if ((null == currentUser.getAuthorities())) { + return Collections.emptyList(); } - Collection granted = Arrays.asList(currentUser.getAuthorities()); - - return granted; + return currentUser.getAuthorities(); } private Set parseAuthoritiesString(String authorizationsString) { diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/velocity/Authz.java b/taglibs/src/main/java/org/springframework/security/taglibs/velocity/Authz.java index 4452fae922..dfbeeb949b 100644 --- a/taglibs/src/main/java/org/springframework/security/taglibs/velocity/Authz.java +++ b/taglibs/src/main/java/org/springframework/security/taglibs/velocity/Authz.java @@ -17,8 +17,6 @@ package org.springframework.security.taglibs.velocity; import org.springframework.security.Authentication; -import org.springframework.security.acl.AclManager; - import org.springframework.security.taglibs.authz.AclTag; import org.springframework.security.taglibs.authz.AuthenticationTag; import org.springframework.security.taglibs.authz.AuthorizeTag; @@ -39,7 +37,7 @@ public interface Authz { //~ Methods ======================================================================================================== /** - * all the listed roles must be granted to return true, otherwise fasle; + * all the listed roles must be granted to return true, otherwise false; * * @param roles - comma separate GrantedAuthoritys * @@ -48,7 +46,7 @@ public interface Authz { boolean allGranted(String roles); /** - * any the listed roles must be granted to return true, otherwise fasle; + * any the listed roles must be granted to return true, otherwise false; * * @param roles - comma separate GrantedAuthoritys * @@ -57,9 +55,8 @@ public interface Authz { boolean anyGranted(String roles); /** - * set Spring application context which contains acegi related bean + * get Spring application context which contains * - * @return DOCUMENT ME! */ ApplicationContext getAppCtx(); @@ -72,20 +69,7 @@ public interface Authz { String getPrincipal(); /** - * return true if the principal holds either permission specified for the provided domain object

Only - * works with permissions that are subclasses of {@link org.springframework.security.acl.basic.AbstractBasicAclEntry}.

- *

For this class to operate it must be able to access the application context via the - * WebApplicationContextUtils and locate an {@link AclManager}.

- * - * @param domainObject - domain object need acl control - * @param permissions - comma separate integer permissions - * - * @return got acl permission (true|false) - */ - boolean hasPermission(Object domainObject, String permissions); - - /** - * none the listed roles must be granted to return true, otherwise fasle; + * none the listed roles must be granted to return true, otherwise false; * * @param roles - comma separate GrantedAuthoritys * @@ -94,9 +78,8 @@ public interface Authz { boolean noneGranted(String roles); /** - * get Spring application context which contains acegi related bean + * set Spring application context which contains Acegi related bean * - * @param appCtx DOCUMENT ME! */ void setAppCtx(ApplicationContext appCtx); } diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/velocity/AuthzImpl.java b/taglibs/src/main/java/org/springframework/security/taglibs/velocity/AuthzImpl.java index f02e549806..f146820c7b 100644 --- a/taglibs/src/main/java/org/springframework/security/taglibs/velocity/AuthzImpl.java +++ b/taglibs/src/main/java/org/springframework/security/taglibs/velocity/AuthzImpl.java @@ -15,17 +15,12 @@ package org.springframework.security.taglibs.velocity; -import org.springframework.security.acl.AclManager; - -import org.springframework.security.taglibs.authz.AclTag; -import org.springframework.security.taglibs.authz.AuthenticationTag; -import org.springframework.security.taglibs.authz.AuthorizeTag; +import javax.servlet.jsp.JspException; +import javax.servlet.jsp.tagext.Tag; import org.springframework.context.ApplicationContext; - -import javax.servlet.jsp.JspException; -import javax.servlet.jsp.PageContext; -import javax.servlet.jsp.tagext.Tag; +import org.springframework.security.taglibs.authz.AuthenticationTag; +import org.springframework.security.taglibs.authz.AuthorizeTag; /** @@ -60,18 +55,14 @@ public class AuthzImpl implements Authz { /** * implementation of AuthenticationTag - * - * @return DOCUMENT ME! - * - * @throws IllegalArgumentException DOCUMENT ME! */ public String getPrincipal() { MyAuthenticationTag authenticationTag = new MyAuthenticationTag(); - authenticationTag.setProperty("username"); + authenticationTag.setProperty("name"); try { - authenticationTag.doStartTag(); + authenticationTag.doEndTag(); } catch (JspException je) { je.printStackTrace(); throw new IllegalArgumentException(je.getMessage()); @@ -80,38 +71,6 @@ public class AuthzImpl implements Authz { return authenticationTag.getLastMessage(); } - /** - * implementation of AclTag - * - * @param domainObject DOCUMENT ME! - * @param permissions DOCUMENT ME! - * - * @return DOCUMENT ME! - * - * @throws IllegalArgumentException DOCUMENT ME! - */ - public boolean hasPermission(Object domainObject, String permissions) { - MyAclTag aclTag = new MyAclTag(); - aclTag.setPageContext(null); - aclTag.setContext(getAppCtx()); - aclTag.setDomainObject(domainObject); - aclTag.setHasPermission(permissions); - - int result = -1; - - try { - result = aclTag.doStartTag(); - } catch (JspException je) { - throw new IllegalArgumentException(je.getMessage()); - } - - if (Tag.EVAL_BODY_INCLUDE == result) { - return true; - } else { - return false; - } - } - /** * implementation of AuthorizeTag * @@ -166,8 +125,6 @@ public class AuthzImpl implements Authz { /** * test case can use this class to mock application context with aclManager bean in it. - * - * @param appCtx DOCUMENT ME! */ public void setAppCtx(ApplicationContext appCtx) { this.appCtx = appCtx; @@ -175,24 +132,6 @@ public class AuthzImpl implements Authz { //~ Inner Classes ================================================================================================== - /** - * AclTag need to access the application context via the WebApplicationContextUtils and - * locate an {@link AclManager}. WebApplicationContextUtils get application context via ServletContext. I decided - * to let the Authz provide the Spring application context. - */ - private class MyAclTag extends AclTag { - private static final long serialVersionUID = 6752340622125924108L; - ApplicationContext context; - - protected ApplicationContext getContext(PageContext pageContext) { - return context; - } - - protected void setContext(ApplicationContext context) { - this.context = context; - } - } - /** * it must output somthing to JSP page, so have to override the writeMessage method to avoid JSP related * operation. Get Idea from Acegi Test class. diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthenticationTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthenticationTagTests.java index 6440cec8e5..81d1c95236 100644 --- a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthenticationTagTests.java +++ b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthenticationTagTests.java @@ -22,6 +22,7 @@ import org.springframework.security.GrantedAuthority; import org.springframework.security.context.SecurityContextHolder; import org.springframework.security.providers.TestingAuthenticationToken; import org.springframework.security.userdetails.User; +import org.springframework.security.util.AuthorityUtils; import javax.servlet.jsp.JspException; import javax.servlet.jsp.tagext.Tag; @@ -38,7 +39,7 @@ public class AuthenticationTagTests extends TestCase { private final MyAuthenticationTag authenticationTag = new MyAuthenticationTag(); private final Authentication auth = new TestingAuthenticationToken(new User("rodUserDetails", "koala", true, true, true, - true, new GrantedAuthority[] {}), "koala", new GrantedAuthority[] {}); + true, AuthorityUtils.NO_AUTHORITIES), "koala", AuthorityUtils.NO_AUTHORITIES); //~ Methods ======================================================================================================== diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthorizeTagExpressionLanguageTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthorizeTagExpressionLanguageTests.java index dbebb02a84..424d812021 100644 --- a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthorizeTagExpressionLanguageTests.java +++ b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AuthorizeTagExpressionLanguageTests.java @@ -43,8 +43,6 @@ public class AuthorizeTagExpressionLanguageTests extends TestCase { //~ Methods ======================================================================================================== protected void setUp() throws Exception { - super.setUp(); - pageContext = new MockPageContext(); authorizeTag.setPageContext(pageContext); diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/velocity/AuthzImplTest.java b/taglibs/src/test/java/org/springframework/security/taglibs/velocity/AuthzImplTest.java deleted file mode 100644 index e2a002ba07..0000000000 --- a/taglibs/src/test/java/org/springframework/security/taglibs/velocity/AuthzImplTest.java +++ /dev/null @@ -1,246 +0,0 @@ -/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.taglibs.velocity; - -import junit.framework.TestCase; - -import org.springframework.security.Authentication; -import org.springframework.security.GrantedAuthority; - -import org.springframework.security.acl.AclEntry; -import org.springframework.security.acl.AclManager; -import org.springframework.security.acl.basic.SimpleAclEntry; -import org.springframework.security.acl.basic.AclObjectIdentity; - -import org.springframework.security.context.SecurityContextHolder; - -import org.springframework.security.providers.TestingAuthenticationToken; - -import org.springframework.security.userdetails.User; - -import org.springframework.context.ConfigurableApplicationContext; -import org.springframework.context.support.StaticApplicationContext; - - -public class AuthzImplTest extends TestCase { - //~ Instance fields ================================================================================================ - - private Authz authz = new AuthzImpl(); - private ConfigurableApplicationContext ctx; - - //~ Methods ======================================================================================================== - - protected void setUp() throws Exception { - super.setUp(); - - ctx = new StaticApplicationContext(); - - final AclEntry[] acls = new AclEntry[] {new MockAclEntry(), - new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.ADMINISTRATION), - new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.READ) - }; - - - // Create an AclManager - AclManager aclManager = new AclManager() { - String object = "object1"; - String principal = "rod"; - - public AclEntry[] getAcls(Object domainInstance) { - return domainInstance.equals(object) ? acls : null; - } - - public AclEntry[] getAcls(Object domainInstance, Authentication authentication) { - return domainInstance.equals(object) && authentication.getPrincipal().equals(principal) ? acls : null; - } - }; - - // Register the AclManager into our ApplicationContext - ctx.getBeanFactory().registerSingleton("aclManager", aclManager); - } - - protected void tearDown() throws Exception { - ctx.close(); - } - - public void testIllegalArgumentExceptionThrownIfHasPermissionNotValidFormat() { - Authentication auth = new TestingAuthenticationToken("john", "crow", new GrantedAuthority[] {}); - SecurityContextHolder.getContext().setAuthentication(auth); - - authz.setAppCtx(ctx); - - String permissions = "0,5, 6"; // shouldn't be any space - - try { - authz.hasPermission(null, permissions); - } catch (IllegalArgumentException iae) { - assertTrue(true); - } - - SecurityContextHolder.getContext().setAuthentication(null); - } - - public void testInclusionDeniedWhenAclManagerUnawareOfObject() { - Authentication auth = new TestingAuthenticationToken("rod", "koala", new GrantedAuthority[] {}); - SecurityContextHolder.getContext().setAuthentication(auth); - - authz.setAppCtx(ctx); - - boolean result = authz.hasPermission(new Integer(54), new Long(SimpleAclEntry.ADMINISTRATION).toString()); - - assertFalse(result); - - SecurityContextHolder.getContext().setAuthentication(null); - } - - public void testInclusionDeniedWhenNoListOfPermissionsGiven() { - Authentication auth = new TestingAuthenticationToken("rod", "koala", new GrantedAuthority[] {}); - SecurityContextHolder.getContext().setAuthentication(auth); - authz.setAppCtx(ctx); - - boolean result = authz.hasPermission("object1", null); - - assertFalse(result); - - SecurityContextHolder.getContext().setAuthentication(null); - } - - public void testInclusionDeniedWhenPrincipalDoesNotHoldAnyPermissions() { - Authentication auth = new TestingAuthenticationToken("john", "crow", new GrantedAuthority[] {}); - SecurityContextHolder.getContext().setAuthentication(auth); - - authz.setAppCtx(ctx); - - String permissions = new Integer(SimpleAclEntry.ADMINISTRATION) + "," + new Integer(SimpleAclEntry.READ); - - boolean result = authz.hasPermission("object1", permissions); - - assertFalse(result); - - SecurityContextHolder.getContext().setAuthentication(null); - } - - public void testInclusionDeniedWhenPrincipalDoesNotHoldRequiredPermissions() { - Authentication auth = new TestingAuthenticationToken("rod", "koala", new GrantedAuthority[] {}); - SecurityContextHolder.getContext().setAuthentication(auth); - authz.setAppCtx(ctx); - - String permissions = new Integer(SimpleAclEntry.DELETE).toString(); - - boolean result = authz.hasPermission("object1", permissions); - - assertFalse(result); - - SecurityContextHolder.getContext().setAuthentication(null); - } - - public void testInclusionDeniedWhenSecurityContextEmpty() { - SecurityContextHolder.getContext().setAuthentication(null); - - authz.setAppCtx(ctx); - - String permissions = new Long(SimpleAclEntry.ADMINISTRATION).toString(); - - boolean result = authz.hasPermission("object1", permissions); - - assertFalse(result); - - SecurityContextHolder.getContext().setAuthentication(null); - } - - public void testInclusionPermittedWhenDomainObjectIsNull() { - authz.setAppCtx(ctx); - - String permissions = new Integer(SimpleAclEntry.READ).toString(); - - boolean result = authz.hasPermission(null, permissions); - - assertTrue(result); - } - - public void testOperationWhenPrincipalHoldsPermissionOfMultipleList() { - Authentication auth = new TestingAuthenticationToken("rod", "koala", new GrantedAuthority[] {}); - SecurityContextHolder.getContext().setAuthentication(auth); - - authz.setAppCtx(ctx); - - String permissions = new Integer(SimpleAclEntry.ADMINISTRATION) + "," + new Integer(SimpleAclEntry.READ); - - boolean result = authz.hasPermission("object1", permissions); - - assertTrue(result); - - SecurityContextHolder.getContext().setAuthentication(null); - } - - public void testOperationWhenPrincipalHoldsPermissionOfSingleList() { - Authentication auth = new TestingAuthenticationToken("rod", "koala", new GrantedAuthority[] {}); - SecurityContextHolder.getContext().setAuthentication(auth); - - authz.setAppCtx(ctx); - - String permissions = new Integer(SimpleAclEntry.READ).toString(); - - boolean result = authz.hasPermission("object1", permissions); - - assertTrue(result); - SecurityContextHolder.getContext().setAuthentication(null); - } - - /* - * Test method for 'com.alibaba.exodus2.web.common.security.pulltool.AuthzImpl.getPrincipal()' - */ - public void testOperationWhenPrincipalIsAString() { - Authentication auth = new TestingAuthenticationToken("rodAsString", "koala", new GrantedAuthority[] {}); - SecurityContextHolder.getContext().setAuthentication(auth); - - assertEquals("rodAsString", authz.getPrincipal()); - } - - public void testOperationWhenPrincipalIsAUserDetailsInstance() { - Authentication auth = new TestingAuthenticationToken(new User("rodUserDetails", "koala", true, true, true, - true, new GrantedAuthority[] {}), "koala", new GrantedAuthority[] {}); - SecurityContextHolder.getContext().setAuthentication(auth); - - assertEquals("rodUserDetails", authz.getPrincipal()); - } - - public void testOperationWhenPrincipalIsNull() { - Authentication auth = new TestingAuthenticationToken(null, "koala", new GrantedAuthority[] {}); - SecurityContextHolder.getContext().setAuthentication(auth); - - assertNull(authz.getPrincipal()); - } - - public void testOperationWhenSecurityContextIsNull() { - SecurityContextHolder.getContext().setAuthentication(null); - - assertEquals(null, authz.getPrincipal()); - - SecurityContextHolder.getContext().setAuthentication(null); - } - - //~ Inner Classes ================================================================================================== - - private class MockAclEntry implements AclEntry { - private static final long serialVersionUID = 1L; - - // just so AclTag iterates some different types of AclEntrys - } - - private static class MockAclObjectIdentity implements AclObjectIdentity { - } -} diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/velocity/AuthzImplTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/velocity/AuthzImplTests.java new file mode 100644 index 0000000000..12a0db3ff2 --- /dev/null +++ b/taglibs/src/test/java/org/springframework/security/taglibs/velocity/AuthzImplTests.java @@ -0,0 +1,64 @@ +/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.springframework.security.taglibs.velocity; + +import junit.framework.TestCase; + +import org.springframework.security.Authentication; +import org.springframework.security.GrantedAuthority; +import org.springframework.security.context.SecurityContextHolder; +import org.springframework.security.providers.TestingAuthenticationToken; +import org.springframework.security.userdetails.User; +import org.springframework.security.util.AuthorityUtils; + + +public class AuthzImplTests extends TestCase { + //~ Instance fields ================================================================================================ + + private Authz authz = new AuthzImpl(); + + //~ Methods ======================================================================================================== + + public void testOperationWhenPrincipalIsAString() { + Authentication auth = new TestingAuthenticationToken("rodAsString", "koala", new GrantedAuthority[] {}); + SecurityContextHolder.getContext().setAuthentication(auth); + + assertEquals("rodAsString", authz.getPrincipal()); + } + + public void testOperationWhenPrincipalIsAUserDetailsInstance() { + Authentication auth = new TestingAuthenticationToken(new User("rodUserDetails", "koala", true, true, true, + true, AuthorityUtils.NO_AUTHORITIES), "koala", AuthorityUtils.NO_AUTHORITIES); + SecurityContextHolder.getContext().setAuthentication(auth); + + assertEquals("rodUserDetails", authz.getPrincipal()); + } + + public void testOperationWhenPrincipalIsNull() { + Authentication auth = new TestingAuthenticationToken(null, "koala", new GrantedAuthority[] {}); + SecurityContextHolder.getContext().setAuthentication(auth); + + assertNull(authz.getPrincipal()); + } + + public void testOperationWhenSecurityContextIsNull() { + SecurityContextHolder.getContext().setAuthentication(null); + + assertEquals(null, authz.getPrincipal()); + + SecurityContextHolder.getContext().setAuthentication(null); + } +}