OPEN - issue SEC-732: Encapsulate query objects in JdbcDaoImpl and JdbcUserDetailsManager

http://jira.springframework.org/browse/SEC-732. Updated these classes to hide the internal query and update objects to allow future refactoring.
2008-03-31 16:52:31 +00:00 · 2008-03-31 16:52:31 +00:00 · cc752cfc28
parent 53b084e2f9
commit cc752cfc28
2 changed files with 42 additions and 44 deletions
--- a/core/src/main/java/org/springframework/security/userdetails/jdbc/JdbcDaoImpl.java
+++ b/core/src/main/java/org/springframework/security/userdetails/jdbc/JdbcDaoImpl.java
@ -51,9 +51,7 @@ import javax.sql.DataSource;
 * <p>
 * A default database structure is assumed, (see {@link #DEF_USERS_BY_USERNAME_QUERY} and {@link
 * #DEF_AUTHORITIES_BY_USERNAME_QUERY}, which most users of this class will need to override, if using an existing
- * scheme. This may be done by setting the default query strings used. If this does not provide enough flexibility,
- * another strategy would be to subclass this class and override the {@link MappingSqlQuery} instances used, via the
- * {@link #initMappingSqlQueries()} extension point.
+ * scheme. This may be done by setting the default query strings used.
 * <p>
 * In order to minimise backward compatibility issues, this DAO does not recognise the expiration of user
 * accounts or the expiration of user credentials. However, it does recognise and honour the user enabled/disabled
@ -93,9 +91,9 @@ public class JdbcDaoImpl extends JdbcDaoSupport implements UserDetailsService {
    //~ Instance fields ================================================================================================

    protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
-    protected MappingSqlQuery authoritiesByUsernameMapping;
-    protected MappingSqlQuery groupAuthoritiesByUsernameMapping;
-    protected MappingSqlQuery usersByUsernameMapping;
+    private MappingSqlQuery authoritiesByUsernameMapping;
+    private MappingSqlQuery groupAuthoritiesByUsernameMapping;
+    private MappingSqlQuery usersByUsernameMapping;

    private String authoritiesByUsernameQuery;
    private String groupAuthoritiesByUsernameQuery;
@ -137,7 +135,7 @@ public class JdbcDaoImpl extends JdbcDaoSupport implements UserDetailsService {
    /**
     * Extension point to allow other MappingSqlQuery objects to be substituted in a subclass
     */
-    protected void initMappingSqlQueries() {
+    private void initMappingSqlQueries() {
        this.usersByUsernameMapping = new UsersByUsernameMapping(getDataSource());
        this.authoritiesByUsernameMapping = new AuthoritiesByUsernameMapping(getDataSource());
        this.groupAuthoritiesByUsernameMapping = new GroupAuthoritiesByUsernameMapping(getDataSource());
@ -288,7 +286,7 @@ public class JdbcDaoImpl extends JdbcDaoSupport implements UserDetailsService {
    /**
     * Query object to look up a user's authorities.
     */
-    protected class AuthoritiesByUsernameMapping extends MappingSqlQuery {
+    private class AuthoritiesByUsernameMapping extends MappingSqlQuery {
        protected AuthoritiesByUsernameMapping(DataSource ds) {
            super(ds, authoritiesByUsernameQuery);
            declareParameter(new SqlParameter(Types.VARCHAR));
@ -303,7 +301,7 @@ public class JdbcDaoImpl extends JdbcDaoSupport implements UserDetailsService {
        }
    }

-    protected class GroupAuthoritiesByUsernameMapping extends MappingSqlQuery {
+    private class GroupAuthoritiesByUsernameMapping extends MappingSqlQuery {
        protected GroupAuthoritiesByUsernameMapping(DataSource ds) {
            super(ds, groupAuthoritiesByUsernameQuery);
            declareParameter(new SqlParameter(Types.VARCHAR));
@ -321,7 +319,7 @@ public class JdbcDaoImpl extends JdbcDaoSupport implements UserDetailsService {
    /**
     * Query object to look up a user.
     */
-    protected class UsersByUsernameMapping extends MappingSqlQuery {
+    private class UsersByUsernameMapping extends MappingSqlQuery {
        protected UsersByUsernameMapping(DataSource ds) {
            super(ds, usersByUsernameQuery);
            declareParameter(new SqlParameter(Types.VARCHAR));
--- a/core/src/main/java/org/springframework/security/userdetails/jdbc/JdbcUserDetailsManager.java
+++ b/core/src/main/java/org/springframework/security/userdetails/jdbc/JdbcUserDetailsManager.java
@ -116,27 +116,27 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
    private String groupAuthoritiesSql = DEF_GROUP_AUTHORITIES_QUERY_SQL;
    private String deleteGroupAuthoritySql = DEF_DELETE_GROUP_AUTHORITY_SQL;

-    protected SqlUpdate insertUser;
-    protected SqlUpdate deleteUser;
-    protected SqlUpdate updateUser;
-    protected SqlUpdate insertAuthority;
-    protected SqlUpdate deleteUserAuthorities;
-    protected SqlQuery  userExistsQuery;
-    protected SqlUpdate changePassword;
+    private SqlUpdate insertUser;
+    private SqlUpdate deleteUser;
+    private SqlUpdate updateUser;
+    private SqlUpdate insertAuthority;
+    private SqlUpdate deleteUserAuthorities;
+    private SqlQuery  userExistsQuery;
+    private SqlUpdate changePassword;

-    protected SqlQuery  findAllGroupsQuery;
-    protected SqlQuery  findUsersInGroupQuery;
-    protected SqlUpdate insertGroup;
-    protected SqlQuery  findGroupIdQuery;
-    protected SqlUpdate insertGroupAuthority;
-    protected SqlUpdate deleteGroup;
-    protected SqlUpdate deleteGroupMembers;
-    protected SqlUpdate deleteGroupAuthorities;
-    protected SqlUpdate renameGroup;
-    protected SqlUpdate insertGroupMember;
-    protected SqlUpdate deleteGroupMember;
-    protected SqlQuery groupAuthoritiesQuery;
-    protected SqlUpdate deleteGroupAuthority;
+    private SqlQuery  findAllGroupsQuery;
+    private SqlQuery  findUsersInGroupQuery;
+    private SqlUpdate insertGroup;
+    private SqlQuery  findGroupIdQuery;
+    private SqlUpdate insertGroupAuthority;
+    private SqlUpdate deleteGroup;
+    private SqlUpdate deleteGroupMembers;
+    private SqlUpdate deleteGroupAuthorities;
+    private SqlUpdate renameGroup;
+    private SqlUpdate insertGroupMember;
+    private SqlUpdate deleteGroupMember;
+    private SqlQuery groupAuthoritiesQuery;
+    private SqlUpdate deleteGroupAuthority;

    private AuthenticationManager authenticationManager;

@ -414,7 +414,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa

    //~ Inner Classes ==================================================================================================

-    protected class InsertUser extends SqlUpdate {
+    private class InsertUser extends SqlUpdate {

        public InsertUser(DataSource ds) {
            super(ds, createUserSql);
@ -425,7 +425,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
        }
    }

-    protected class DeleteUser extends SqlUpdate {
+    private class DeleteUser extends SqlUpdate {
        public DeleteUser(DataSource ds) {
            super(ds, deleteUserSql);
            declareParameter(new SqlParameter(Types.VARCHAR));
@ -433,7 +433,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
        }
    }

-    protected class InsertAuthority extends SqlUpdate {
+    private class InsertAuthority extends SqlUpdate {
        public InsertAuthority(DataSource ds) {
            super(ds, createAuthoritySql);
            declareParameter(new SqlParameter(Types.VARCHAR));
@ -442,7 +442,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
        }
    }

-    protected class DeleteUserAuthorities extends SqlUpdate {
+    private class DeleteUserAuthorities extends SqlUpdate {
        public DeleteUserAuthorities(DataSource ds) {
            super(ds, deleteUserAuthoritiesSql);
            declareParameter(new SqlParameter(Types.VARCHAR));
@ -450,7 +450,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
        }
    }

-    protected class UpdateUser extends SqlUpdate {
+    private class UpdateUser extends SqlUpdate {
        public UpdateUser(DataSource ds) {
            super(ds, updateUserSql);
            declareParameter(new SqlParameter(Types.VARCHAR));
@ -460,7 +460,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
        }
    }

-    protected class ChangePassword extends SqlUpdate {
+    private class ChangePassword extends SqlUpdate {
        public ChangePassword(DataSource ds) {
            super(ds, changePasswordSql);
            declareParameter(new SqlParameter(Types.VARCHAR));
@ -470,7 +470,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
    }


-    protected class UserExistsQuery extends MappingSqlQuery {
+    private class UserExistsQuery extends MappingSqlQuery {
        public UserExistsQuery(DataSource ds) {
            super(ds, userExistsSql);
            declareParameter(new SqlParameter(Types.VARCHAR));
@ -482,7 +482,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
        }
    }

-    protected class AllGroupsQuery extends MappingSqlQuery {
+    private class AllGroupsQuery extends MappingSqlQuery {
        public AllGroupsQuery(DataSource ds) {
            super(ds, findAllGroupsSql);
            compile();
@ -493,7 +493,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
        }
    }

-    protected class GroupMembersQuery extends MappingSqlQuery {
+    private class GroupMembersQuery extends MappingSqlQuery {
        public GroupMembersQuery(DataSource ds) {
            super(ds, findUsersInGroupSql);
            declareParameter(new SqlParameter(Types.VARCHAR));
@ -505,7 +505,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
        }
    }

-    protected class InsertGroup extends SqlUpdate {
+    private class InsertGroup extends SqlUpdate {
        public InsertGroup(DataSource ds) {
            super(ds, insertGroupSql);
            declareParameter(new SqlParameter(Types.VARCHAR));
@ -525,7 +525,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
        }
    }

-    protected class InsertGroupAuthority extends SqlUpdate {
+    private class InsertGroupAuthority extends SqlUpdate {
        public InsertGroupAuthority(DataSource ds) {
            super(ds, insertGroupAuthoritySql);
            declareParameter(new SqlParameter(Types.INTEGER));
@ -542,7 +542,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
        }
    }

-    protected class DeleteGroupMembers extends SqlUpdate {
+    private class DeleteGroupMembers extends SqlUpdate {
        public DeleteGroupMembers(DataSource ds) {
            super(ds, deleteGroupMembersSql);
            declareParameter(new SqlParameter(Types.INTEGER));
@ -558,7 +558,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
        }
    }

-    protected class RenameGroup extends SqlUpdate {
+    private class RenameGroup extends SqlUpdate {
        public RenameGroup(DataSource ds) {
            super(ds, renameGroupSql);
            declareParameter(new SqlParameter(Types.VARCHAR));
@ -585,7 +585,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
        }
    }

-    protected class GroupAuthoritiesByGroupNameMapping extends MappingSqlQuery {
+    private class GroupAuthoritiesByGroupNameMapping extends MappingSqlQuery {
         protected GroupAuthoritiesByGroupNameMapping(DataSource ds) {
             super(ds, groupAuthoritiesSql);
             declareParameter(new SqlParameter(Types.VARCHAR));