Addition of final to constructor set fields to improve immutability of authentication and user objects

2009-04-22 04:11:38 +00:00 · 2009-04-22 04:11:38 +00:00 · d7f202a111
parent a6e408ff49
commit d7f202a111
9 changed files with 41 additions and 41 deletions
--- a/core/src/main/java/org/springframework/security/access/intercept/RunAsUserToken.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/RunAsUserToken.java
@ -33,11 +33,10 @@ import org.springframework.security.core.GrantedAuthority;
 public class RunAsUserToken extends AbstractAuthenticationToken {
    //~ Instance fields ================================================================================================

-    private static final long serialVersionUID = 1L;
-    private Class<? extends Authentication> originalAuthentication;
-    private Object credentials;
-    private Object principal;
-    private int keyHash;
+    private final Class<? extends Authentication> originalAuthentication;
+    private final Object credentials;
+    private final Object principal;
+    private final int keyHash;

    //~ Constructors ===================================================================================================

--- a/core/src/main/java/org/springframework/security/authentication/AbstractAuthenticationToken.java
+++ b/core/src/main/java/org/springframework/security/authentication/AbstractAuthenticationToken.java
@ -37,7 +37,7 @@ public abstract class AbstractAuthenticationToken implements Authentication {
    //~ Instance fields ================================================================================================

    private Object details;
-    private List<GrantedAuthority> authorities;
+    private final List<GrantedAuthority> authorities;
    private boolean authenticated = false;

    //~ Constructors ===================================================================================================
@ -53,7 +53,9 @@ public abstract class AbstractAuthenticationToken implements Authentication {
     *                    presented if the principal has not been authenticated).
     */
    public AbstractAuthenticationToken(List<GrantedAuthority> authorities) {
-        if (authorities != null) {
+        if (authorities == null) {
+            this.authorities = null;
+        } else {
            for (int i = 0; i < authorities.size(); i++) {
                if(authorities.get(i) == null) {
                    throw new IllegalArgumentException("Granted authority element " + i
--- a/core/src/main/java/org/springframework/security/authentication/AnonymousAuthenticationToken.java
+++ b/core/src/main/java/org/springframework/security/authentication/AnonymousAuthenticationToken.java
@ -33,8 +33,8 @@ public class AnonymousAuthenticationToken extends AbstractAuthenticationToken im
    //~ Instance fields ================================================================================================

    private static final long serialVersionUID = 1L;
-    private Object principal;
-    private int keyHash;
+    private final Object principal;
+    private final int keyHash;

    //~ Constructors ===================================================================================================

--- a/core/src/main/java/org/springframework/security/authentication/RememberMeAuthenticationToken.java
+++ b/core/src/main/java/org/springframework/security/authentication/RememberMeAuthenticationToken.java
@ -23,8 +23,10 @@ import org.springframework.security.core.GrantedAuthority;


 /**
- * Represents a remembered <code>Authentication</code>.<p>A remembered <code>Authentication</code> must provide a
- * fully valid <code>Authentication</code>, including the <code>GrantedAuthority</code>[]s that apply.</p>
+ * Represents a remembered <code>Authentication</code>.
+ * <p>
+ * A remembered <code>Authentication</code> must provide a fully valid <code>Authentication</code>, including the
+ * <code>GrantedAuthority</code>s that apply.
 *
 * @author Ben Alex
 * @version $Id$
@ -32,9 +34,8 @@ import org.springframework.security.core.GrantedAuthority;
 public class RememberMeAuthenticationToken extends AbstractAuthenticationToken implements Serializable {
    //~ Instance fields ================================================================================================

-    private static final long serialVersionUID = 1L;
-    private Object principal;
-    private int keyHash;
+    private final Object principal;
+    private final int keyHash;

    //~ Constructors ===================================================================================================

--- a/core/src/main/java/org/springframework/security/authentication/UsernamePasswordAuthenticationToken.java
+++ b/core/src/main/java/org/springframework/security/authentication/UsernamePasswordAuthenticationToken.java
@ -35,9 +35,8 @@ import org.springframework.security.core.GrantedAuthority;
 public class UsernamePasswordAuthenticationToken extends AbstractAuthenticationToken {
    //~ Instance fields ================================================================================================

-    private static final long serialVersionUID = 1L;
-    private Object credentials;
-    private Object principal;
+    private final Object credentials;
+    private final Object principal;

    //~ Constructors ===================================================================================================

@ -91,7 +90,7 @@ public class UsernamePasswordAuthenticationToken extends AbstractAuthenticationT
    public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException {
        if (isAuthenticated) {
            throw new IllegalArgumentException(
-                "Cannot set this token to trusted - use constructor containing GrantedAuthority[]s instead");
+                "Cannot set this token to trusted - use constructor which takes a GrantedAuthority list instead");
        }

        super.setAuthenticated(false);
--- a/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationToken.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationToken.java
@ -32,8 +32,7 @@ import javax.security.auth.login.LoginContext;
 public class JaasAuthenticationToken extends UsernamePasswordAuthenticationToken {
    //~ Instance fields ================================================================================================

-    private static final long serialVersionUID = 1L;
-    private transient LoginContext loginContext = null;
+    private final transient LoginContext loginContext;

    //~ Constructors ===================================================================================================

--- a/core/src/main/java/org/springframework/security/authentication/preauth/PreAuthenticatedAuthenticationToken.java
+++ b/core/src/main/java/org/springframework/security/authentication/preauth/PreAuthenticatedAuthenticationToken.java
@ -15,9 +15,8 @@ import org.springframework.security.core.GrantedAuthority;
 * @since 2.0
 */
 public class PreAuthenticatedAuthenticationToken extends AbstractAuthenticationToken {
-    private Object principal;
-
-    private Object credentials;
+    private final Object principal;
+    private final Object credentials;

    /**
     * Constructor used for an authentication request. The {@link
--- a/core/src/main/java/org/springframework/security/core/userdetails/User.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/User.java
@ -26,24 +26,24 @@ import org.springframework.security.core.GrantedAuthority;
 import org.springframework.util.Assert;

 /**
- * Models core user information retieved by an {@link UserDetailsService}.<p>Implemented with value object
- * semantics (immutable after construction, like a <code>String</code>). Developers may use this class directly,
- * subclass it, or write their own {@link UserDetails} implementation from scratch.</p>
+ * Models core user information retrieved by a {@link UserDetailsService}.
+ * <p>
+ * Implemented with value object semantics (immutable after construction, like a <code>String</code>).
+ * Developers may use this class directly, subclass it, or write their own {@link UserDetails} implementation from
+ * scratch.
 *
 * @author Ben Alex
 * @version $Id$
 */
 public class User implements UserDetails {
    //~ Instance fields ================================================================================================
-
-    private static final long serialVersionUID = 1L;
-    private String password;
-    private String username;
-    private List<GrantedAuthority> authorities;
-    private boolean accountNonExpired;
-    private boolean accountNonLocked;
-    private boolean credentialsNonExpired;
-    private boolean enabled;
+    private final String password;
+    private final String username;
+    private final List<GrantedAuthority> authorities;
+    private final boolean accountNonExpired;
+    private final boolean accountNonLocked;
+    private final boolean credentialsNonExpired;
+    private final boolean enabled;

    //~ Constructors ===================================================================================================

@ -92,7 +92,7 @@ public class User implements UserDetails {
        this.accountNonExpired = accountNonExpired;
        this.credentialsNonExpired = credentialsNonExpired;
        this.accountNonLocked = accountNonLocked;
-        setAuthorities(authorities);
+        this.authorities = Collections.unmodifiableList(sortAuthorities(authorities));
    }

    //~ Methods ========================================================================================================
@ -182,7 +182,7 @@ public class User implements UserDetails {
        return enabled;
    }

-    protected void setAuthorities(List<GrantedAuthority> authorities) {
+    private static List<GrantedAuthority> sortAuthorities(List<GrantedAuthority> authorities) {
        Assert.notNull(authorities, "Cannot pass a null GrantedAuthority array");
        // Ensure array iteration order is predictable (as per UserDetails.getAuthorities() contract and SEC-xxx)
        SortedSet<GrantedAuthority> sorter = new TreeSet<GrantedAuthority>();
@ -195,7 +195,7 @@ public class User implements UserDetails {
        List<GrantedAuthority> sortedAuthorities = new ArrayList<GrantedAuthority>(sorter.size());
        sortedAuthorities.addAll(sorter);

-        this.authorities = Collections.unmodifiableList(sortedAuthorities);
+        return sortedAuthorities;
    }

    public String toString() {
--- a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationToken.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationToken.java
@ -29,9 +29,9 @@ import org.springframework.security.core.GrantedAuthority;
 public class OpenIDAuthenticationToken extends AbstractAuthenticationToken {
    //~ Instance fields ================================================================================================

-    private OpenIDAuthenticationStatus status;
-    private String identityUrl;
-    private String message;
+    private final OpenIDAuthenticationStatus status;
+    private final String identityUrl;
+    private final String message;

    //~ Constructors ===================================================================================================

@ -52,6 +52,7 @@ public class OpenIDAuthenticationToken extends AbstractAuthenticationToken {
        super(authorities);
        this.status = status;
        this.identityUrl = identityUrl;
+        this.message = null;

        setAuthenticated(true);
    }