SEC-1222: Provide a constructor for LdapUserDetailsService that does not require an LdapAuthoritiesPopulator. Done.

ldap/src/main/java/org/springframework/security/ldap/authentication/LdapAuthenticationProvider.java

@@ -33,7 +33,6 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.SpringSecurityMessageSource;
-import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.ldap.ppolicy.PasswordPolicyException;
@@ -166,7 +165,7 @@ public class LdapAuthenticationProvider implements AuthenticationProvider, Messa
      */
     public LdapAuthenticationProvider(LdapAuthenticator authenticator) {
         this.setAuthenticator(authenticator);
-        this.setAuthoritiesPopulator(new NullAuthoritiesPopulator());
+        this.setAuthoritiesPopulator(new NullLdapAuthoritiesPopulator());
     }
 
     //~ Methods ========================================================================================================
@@ -298,13 +297,5 @@ public class LdapAuthenticationProvider implements AuthenticationProvider, Messa
     public boolean supports(Class<? extends Object> authentication) {
         return (UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication));
     }
-
-    //~ Inner Classes ==================================================================================================
-
-    private static class NullAuthoritiesPopulator implements LdapAuthoritiesPopulator {
-        public List<GrantedAuthority> getGrantedAuthorities(DirContextOperations userDetails, String username) {
-            return AuthorityUtils.NO_AUTHORITIES;
-        }
-    }
 }
 

ldap/src/main/java/org/springframework/security/ldap/authentication/NullLdapAuthoritiesPopulator.java

@@ -0,0 +1,20 @@
+package org.springframework.security.ldap.authentication;
+
+import java.util.List;
+
+import org.springframework.ldap.core.DirContextOperations;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.AuthorityUtils;
+import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator;
+
+/**
+ *
+ * @author Luke Taylor
+ * @version $Id$
+ * @since 3.0
+ */
+public final class NullLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator {
+    public List<GrantedAuthority> getGrantedAuthorities(DirContextOperations userDetails, String username) {
+        return AuthorityUtils.NO_AUTHORITIES;
+    }
+}

ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsService.java

@@ -4,6 +4,7 @@ import org.springframework.ldap.core.DirContextOperations;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.ldap.authentication.NullLdapAuthoritiesPopulator;
 import org.springframework.security.ldap.search.LdapUserSearch;
 import org.springframework.util.Assert;
 
@@ -20,6 +21,10 @@ public class LdapUserDetailsService implements UserDetailsService {
     private LdapAuthoritiesPopulator authoritiesPopulator;
     private UserDetailsContextMapper userDetailsMapper = new LdapUserDetailsMapper();
 
+    public LdapUserDetailsService(LdapUserSearch userSearch) {
+        this(userSearch, new NullLdapAuthoritiesPopulator());
+    }
+
     public LdapUserDetailsService(LdapUserSearch userSearch, LdapAuthoritiesPopulator authoritiesPopulator) {
         Assert.notNull(userSearch, "userSearch must not be null");
         Assert.notNull(authoritiesPopulator, "authoritiesPopulator must not be null");

ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsServiceTests.java

@@ -1,7 +1,6 @@
 package org.springframework.security.ldap.userdetails;
 
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.*;
 
 import java.util.List;
 import java.util.Set;
@@ -14,8 +13,7 @@ import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.ldap.authentication.MockUserSearch;
-import org.springframework.security.ldap.userdetails.LdapUserDetailsMapper;
-import org.springframework.security.ldap.userdetails.LdapUserDetailsService;
+import org.springframework.security.ldap.authentication.NullLdapAuthoritiesPopulator;
 
 /**
  * Tests for {@link LdapUserDetailsService}
@@ -27,7 +25,7 @@ public class LdapUserDetailsServiceTests {
 
     @Test(expected = IllegalArgumentException.class)
     public void rejectsNullSearchObject() {
-        new LdapUserDetailsService(null, new MockAuthoritiesPopulator());
+        new LdapUserDetailsService(null, new NullLdapAuthoritiesPopulator());
     }
 
     @Test(expected = IllegalArgumentException.class)
@@ -50,6 +48,15 @@ public class LdapUserDetailsServiceTests {
         assertTrue(authorities.contains("ROLE_FROM_POPULATOR"));
     }
 
+    @Test
+    public void nullPopulatorConstructorReturnsEmptyAuthoritiesList() throws Exception {
+        DirContextAdapter userData = new DirContextAdapter(new DistinguishedName("uid=joe"));
+
+        LdapUserDetailsService service = new LdapUserDetailsService(new MockUserSearch(userData));
+        UserDetails user = service.loadUserByUsername("doesntmatterwegetjoeanyway");
+        assertEquals(0, user.getAuthorities().size());
+    }
+
     class MockAuthoritiesPopulator implements LdapAuthoritiesPopulator {
         public List<GrantedAuthority> getGrantedAuthorities(DirContextOperations userCtx, String username) {
             return AuthorityUtils.createAuthorityList("ROLE_FROM_POPULATOR");