From cc752cfc2847299aa8d439800c929694164d058a Mon Sep 17 00:00:00 2001 From: Luke Taylor Date: Mon, 31 Mar 2008 16:52:31 +0000 Subject: [PATCH] OPEN - issue SEC-732: Encapsulate query objects in JdbcDaoImpl and JdbcUserDetailsManager http://jira.springframework.org/browse/SEC-732. Updated these classes to hide the internal query and update objects to allow future refactoring. --- .../userdetails/jdbc/JdbcDaoImpl.java | 18 +++-- .../jdbc/JdbcUserDetailsManager.java | 68 +++++++++---------- 2 files changed, 42 insertions(+), 44 deletions(-) diff --git a/core/src/main/java/org/springframework/security/userdetails/jdbc/JdbcDaoImpl.java b/core/src/main/java/org/springframework/security/userdetails/jdbc/JdbcDaoImpl.java index 71cabeddc2..aaa8d97740 100644 --- a/core/src/main/java/org/springframework/security/userdetails/jdbc/JdbcDaoImpl.java +++ b/core/src/main/java/org/springframework/security/userdetails/jdbc/JdbcDaoImpl.java @@ -51,9 +51,7 @@ import javax.sql.DataSource; *

* A default database structure is assumed, (see {@link #DEF_USERS_BY_USERNAME_QUERY} and {@link * #DEF_AUTHORITIES_BY_USERNAME_QUERY}, which most users of this class will need to override, if using an existing - * scheme. This may be done by setting the default query strings used. If this does not provide enough flexibility, - * another strategy would be to subclass this class and override the {@link MappingSqlQuery} instances used, via the - * {@link #initMappingSqlQueries()} extension point. + * scheme. This may be done by setting the default query strings used. *

* In order to minimise backward compatibility issues, this DAO does not recognise the expiration of user * accounts or the expiration of user credentials. However, it does recognise and honour the user enabled/disabled @@ -93,9 +91,9 @@ public class JdbcDaoImpl extends JdbcDaoSupport implements UserDetailsService { //~ Instance fields ================================================================================================ protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor(); - protected MappingSqlQuery authoritiesByUsernameMapping; - protected MappingSqlQuery groupAuthoritiesByUsernameMapping; - protected MappingSqlQuery usersByUsernameMapping; + private MappingSqlQuery authoritiesByUsernameMapping; + private MappingSqlQuery groupAuthoritiesByUsernameMapping; + private MappingSqlQuery usersByUsernameMapping; private String authoritiesByUsernameQuery; private String groupAuthoritiesByUsernameQuery; @@ -137,7 +135,7 @@ public class JdbcDaoImpl extends JdbcDaoSupport implements UserDetailsService { /** * Extension point to allow other MappingSqlQuery objects to be substituted in a subclass */ - protected void initMappingSqlQueries() { + private void initMappingSqlQueries() { this.usersByUsernameMapping = new UsersByUsernameMapping(getDataSource()); this.authoritiesByUsernameMapping = new AuthoritiesByUsernameMapping(getDataSource()); this.groupAuthoritiesByUsernameMapping = new GroupAuthoritiesByUsernameMapping(getDataSource()); @@ -288,7 +286,7 @@ public class JdbcDaoImpl extends JdbcDaoSupport implements UserDetailsService { /** * Query object to look up a user's authorities. */ - protected class AuthoritiesByUsernameMapping extends MappingSqlQuery { + private class AuthoritiesByUsernameMapping extends MappingSqlQuery { protected AuthoritiesByUsernameMapping(DataSource ds) { super(ds, authoritiesByUsernameQuery); declareParameter(new SqlParameter(Types.VARCHAR)); @@ -303,7 +301,7 @@ public class JdbcDaoImpl extends JdbcDaoSupport implements UserDetailsService { } } - protected class GroupAuthoritiesByUsernameMapping extends MappingSqlQuery { + private class GroupAuthoritiesByUsernameMapping extends MappingSqlQuery { protected GroupAuthoritiesByUsernameMapping(DataSource ds) { super(ds, groupAuthoritiesByUsernameQuery); declareParameter(new SqlParameter(Types.VARCHAR)); @@ -321,7 +319,7 @@ public class JdbcDaoImpl extends JdbcDaoSupport implements UserDetailsService { /** * Query object to look up a user. */ - protected class UsersByUsernameMapping extends MappingSqlQuery { + private class UsersByUsernameMapping extends MappingSqlQuery { protected UsersByUsernameMapping(DataSource ds) { super(ds, usersByUsernameQuery); declareParameter(new SqlParameter(Types.VARCHAR)); diff --git a/core/src/main/java/org/springframework/security/userdetails/jdbc/JdbcUserDetailsManager.java b/core/src/main/java/org/springframework/security/userdetails/jdbc/JdbcUserDetailsManager.java index 13929f777d..a8f3cac706 100644 --- a/core/src/main/java/org/springframework/security/userdetails/jdbc/JdbcUserDetailsManager.java +++ b/core/src/main/java/org/springframework/security/userdetails/jdbc/JdbcUserDetailsManager.java @@ -116,27 +116,27 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa private String groupAuthoritiesSql = DEF_GROUP_AUTHORITIES_QUERY_SQL; private String deleteGroupAuthoritySql = DEF_DELETE_GROUP_AUTHORITY_SQL; - protected SqlUpdate insertUser; - protected SqlUpdate deleteUser; - protected SqlUpdate updateUser; - protected SqlUpdate insertAuthority; - protected SqlUpdate deleteUserAuthorities; - protected SqlQuery userExistsQuery; - protected SqlUpdate changePassword; + private SqlUpdate insertUser; + private SqlUpdate deleteUser; + private SqlUpdate updateUser; + private SqlUpdate insertAuthority; + private SqlUpdate deleteUserAuthorities; + private SqlQuery userExistsQuery; + private SqlUpdate changePassword; - protected SqlQuery findAllGroupsQuery; - protected SqlQuery findUsersInGroupQuery; - protected SqlUpdate insertGroup; - protected SqlQuery findGroupIdQuery; - protected SqlUpdate insertGroupAuthority; - protected SqlUpdate deleteGroup; - protected SqlUpdate deleteGroupMembers; - protected SqlUpdate deleteGroupAuthorities; - protected SqlUpdate renameGroup; - protected SqlUpdate insertGroupMember; - protected SqlUpdate deleteGroupMember; - protected SqlQuery groupAuthoritiesQuery; - protected SqlUpdate deleteGroupAuthority; + private SqlQuery findAllGroupsQuery; + private SqlQuery findUsersInGroupQuery; + private SqlUpdate insertGroup; + private SqlQuery findGroupIdQuery; + private SqlUpdate insertGroupAuthority; + private SqlUpdate deleteGroup; + private SqlUpdate deleteGroupMembers; + private SqlUpdate deleteGroupAuthorities; + private SqlUpdate renameGroup; + private SqlUpdate insertGroupMember; + private SqlUpdate deleteGroupMember; + private SqlQuery groupAuthoritiesQuery; + private SqlUpdate deleteGroupAuthority; private AuthenticationManager authenticationManager; @@ -414,7 +414,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa //~ Inner Classes ================================================================================================== - protected class InsertUser extends SqlUpdate { + private class InsertUser extends SqlUpdate { public InsertUser(DataSource ds) { super(ds, createUserSql); @@ -425,7 +425,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa } } - protected class DeleteUser extends SqlUpdate { + private class DeleteUser extends SqlUpdate { public DeleteUser(DataSource ds) { super(ds, deleteUserSql); declareParameter(new SqlParameter(Types.VARCHAR)); @@ -433,7 +433,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa } } - protected class InsertAuthority extends SqlUpdate { + private class InsertAuthority extends SqlUpdate { public InsertAuthority(DataSource ds) { super(ds, createAuthoritySql); declareParameter(new SqlParameter(Types.VARCHAR)); @@ -442,7 +442,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa } } - protected class DeleteUserAuthorities extends SqlUpdate { + private class DeleteUserAuthorities extends SqlUpdate { public DeleteUserAuthorities(DataSource ds) { super(ds, deleteUserAuthoritiesSql); declareParameter(new SqlParameter(Types.VARCHAR)); @@ -450,7 +450,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa } } - protected class UpdateUser extends SqlUpdate { + private class UpdateUser extends SqlUpdate { public UpdateUser(DataSource ds) { super(ds, updateUserSql); declareParameter(new SqlParameter(Types.VARCHAR)); @@ -460,7 +460,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa } } - protected class ChangePassword extends SqlUpdate { + private class ChangePassword extends SqlUpdate { public ChangePassword(DataSource ds) { super(ds, changePasswordSql); declareParameter(new SqlParameter(Types.VARCHAR)); @@ -470,7 +470,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa } - protected class UserExistsQuery extends MappingSqlQuery { + private class UserExistsQuery extends MappingSqlQuery { public UserExistsQuery(DataSource ds) { super(ds, userExistsSql); declareParameter(new SqlParameter(Types.VARCHAR)); @@ -482,7 +482,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa } } - protected class AllGroupsQuery extends MappingSqlQuery { + private class AllGroupsQuery extends MappingSqlQuery { public AllGroupsQuery(DataSource ds) { super(ds, findAllGroupsSql); compile(); @@ -493,7 +493,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa } } - protected class GroupMembersQuery extends MappingSqlQuery { + private class GroupMembersQuery extends MappingSqlQuery { public GroupMembersQuery(DataSource ds) { super(ds, findUsersInGroupSql); declareParameter(new SqlParameter(Types.VARCHAR)); @@ -505,7 +505,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa } } - protected class InsertGroup extends SqlUpdate { + private class InsertGroup extends SqlUpdate { public InsertGroup(DataSource ds) { super(ds, insertGroupSql); declareParameter(new SqlParameter(Types.VARCHAR)); @@ -525,7 +525,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa } } - protected class InsertGroupAuthority extends SqlUpdate { + private class InsertGroupAuthority extends SqlUpdate { public InsertGroupAuthority(DataSource ds) { super(ds, insertGroupAuthoritySql); declareParameter(new SqlParameter(Types.INTEGER)); @@ -542,7 +542,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa } } - protected class DeleteGroupMembers extends SqlUpdate { + private class DeleteGroupMembers extends SqlUpdate { public DeleteGroupMembers(DataSource ds) { super(ds, deleteGroupMembersSql); declareParameter(new SqlParameter(Types.INTEGER)); @@ -558,7 +558,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa } } - protected class RenameGroup extends SqlUpdate { + private class RenameGroup extends SqlUpdate { public RenameGroup(DataSource ds) { super(ds, renameGroupSql); declareParameter(new SqlParameter(Types.VARCHAR)); @@ -585,7 +585,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa } } - protected class GroupAuthoritiesByGroupNameMapping extends MappingSqlQuery { + private class GroupAuthoritiesByGroupNameMapping extends MappingSqlQuery { protected GroupAuthoritiesByGroupNameMapping(DataSource ds) { super(ds, groupAuthoritiesSql); declareParameter(new SqlParameter(Types.VARCHAR));