From f0b259a32ef27173a2ba3d1ed3e4b794485b15a4 Mon Sep 17 00:00:00 2001 From: Ben Alex Date: Fri, 15 Sep 2006 03:42:11 +0000 Subject: [PATCH] SEC-349: GrantedAuthority constructor argument can be null. --- .../RememberMeAuthenticationToken.java | 19 +++++-------------- .../RememberMeAuthenticationTokenTests.java | 14 -------------- 2 files changed, 5 insertions(+), 28 deletions(-) diff --git a/core/src/main/java/org/acegisecurity/providers/rememberme/RememberMeAuthenticationToken.java b/core/src/main/java/org/acegisecurity/providers/rememberme/RememberMeAuthenticationToken.java index c605a5af9f..6b55633d27 100644 --- a/core/src/main/java/org/acegisecurity/providers/rememberme/RememberMeAuthenticationToken.java +++ b/core/src/main/java/org/acegisecurity/providers/rememberme/RememberMeAuthenticationToken.java @@ -15,14 +15,11 @@ package org.acegisecurity.providers.rememberme; -import org.acegisecurity.GrantedAuthority; - -import org.acegisecurity.providers.AbstractAuthenticationToken; - -import org.springframework.util.Assert; - import java.io.Serializable; +import org.acegisecurity.GrantedAuthority; +import org.acegisecurity.providers.AbstractAuthenticationToken; + /** * Represents a remembered Authentication.

A remembered Authentication must provide a @@ -39,7 +36,7 @@ public class RememberMeAuthenticationToken extends AbstractAuthenticationToken i //~ Constructors =================================================================================================== -/** + /** * Constructor. * * @param key to identify if this object made by an authorised client @@ -51,16 +48,10 @@ public class RememberMeAuthenticationToken extends AbstractAuthenticationToken i public RememberMeAuthenticationToken(String key, Object principal, GrantedAuthority[] authorities) { super(authorities); - if ((key == null) || ("".equals(key)) || (principal == null) || "".equals(principal) || (authorities == null) - || (authorities.length == 0)) { + if ((key == null) || ("".equals(key)) || (principal == null) || "".equals(principal)) { throw new IllegalArgumentException("Cannot pass null or empty values to constructor"); } - for (int i = 0; i < authorities.length; i++) { - Assert.notNull(authorities[i], - "Granted authority element " + i + " is null - GrantedAuthority[] cannot contain any null elements"); - } - this.keyHash = key.hashCode(); this.principal = principal; setAuthenticated(true); diff --git a/core/src/test/java/org/acegisecurity/providers/rememberme/RememberMeAuthenticationTokenTests.java b/core/src/test/java/org/acegisecurity/providers/rememberme/RememberMeAuthenticationTokenTests.java index 420f5f5d41..c063df3441 100644 --- a/core/src/test/java/org/acegisecurity/providers/rememberme/RememberMeAuthenticationTokenTests.java +++ b/core/src/test/java/org/acegisecurity/providers/rememberme/RememberMeAuthenticationTokenTests.java @@ -70,26 +70,12 @@ public class RememberMeAuthenticationTokenTests extends TestCase { assertTrue(true); } - try { - new RememberMeAuthenticationToken("key", "Test", null); - fail("Should have thrown IllegalArgumentException"); - } catch (IllegalArgumentException expected) { - assertTrue(true); - } - try { new RememberMeAuthenticationToken("key", "Test", new GrantedAuthority[] {null}); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { assertTrue(true); } - - try { - new RememberMeAuthenticationToken("key", "Test", new GrantedAuthority[] {}); - fail("Should have thrown IllegalArgumentException"); - } catch (IllegalArgumentException expected) { - assertTrue(true); - } } public void testEqualsWhenEqual() {