root
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Actions 6 Packages Projects Releases Wiki Activity

SEC-418: Changed interface SwitchAuthorityChanger to return List rather than expecting modification of passed in List of authorities.

This commit is contained in:
Luke Taylor 2008-01-28 19:26:30 +00:00
parent 0be34cdcc1
commit e63fa0f610
3 changed files with 34 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
core/src/main/java/org/springframework/security/ui/switchuser/SwitchUserAuthorityChanger.java
View File

@ -25,6 +25,8 @@ public interface SwitchUserAuthorityChanger {
* @param currentAuthentication the current Authentication of the principal performing the switching * @param currentAuthentication the current Authentication of the principal performing the switching
* @param authoritiesToBeGranted all {@link GrantedAuthority} instances to be granted to the user, * @param authoritiesToBeGranted all {@link GrantedAuthority} instances to be granted to the user,
* excluding the special "switch user" authority that is used internally (guaranteed never null) * excluding the special "switch user" authority that is used internally (guaranteed never null)
*
* @return the modified list of granted authorities.
*/ */
void modifyGrantedAuthorities(UserDetails targetUser, Authentication currentAuthentication, List authoritiesToBeGranted); List modifyGrantedAuthorities(UserDetails targetUser, Authentication currentAuthentication, List authoritiesToBeGranted);
} }

7
core/src/main/java/org/springframework/security/ui/switchuser/SwitchUserProcessingFilter.java
View File

@ -25,6 +25,7 @@ import org.springframework.security.DisabledException;
import org.springframework.security.GrantedAuthority; import org.springframework.security.GrantedAuthority;
import org.springframework.security.LockedException; import org.springframework.security.LockedException;
import org.springframework.security.util.RedirectUtils; import org.springframework.security.util.RedirectUtils;
import org.springframework.security.util.AuthorityUtils;
import org.springframework.security.context.SecurityContextHolder; import org.springframework.security.context.SecurityContextHolder;
@ -283,15 +284,15 @@ public class SwitchUserProcessingFilter extends SpringSecurityFilter implements
// Allow subclasses to change the authorities to be granted // Allow subclasses to change the authorities to be granted
if (switchUserAuthorityChanger != null) { if (switchUserAuthorityChanger != null) {
switchUserAuthorityChanger.modifyGrantedAuthorities(targetUser, currentAuth, orig); orig = switchUserAuthorityChanger.modifyGrantedAuthorities(targetUser, currentAuth, orig);
} }
// add the new switch user authority // add the new switch user authority
List newAuths = new ArrayList(orig); List newAuths = new ArrayList(orig);
newAuths.add(switchAuthority); newAuths.add(switchAuthority);
GrantedAuthority[] authorities = {}; GrantedAuthority[] authorities =
authorities = (GrantedAuthority[]) newAuths.toArray(authorities); (GrantedAuthority[]) newAuths.toArray(new GrantedAuthority[newAuths.size()]);
// create the new authentication token // create the new authentication token
targetUserRequest = new UsernamePasswordAuthenticationToken(targetUser, targetUser.getPassword(), authorities); targetUserRequest = new UsernamePasswordAuthenticationToken(targetUser, targetUser.getPassword(), authorities);

27
core/src/test/java/org/springframework/security/ui/switchuser/SwitchUserProcessingFilterTests.java
View File

@ -41,6 +41,9 @@ import org.springframework.dao.DataAccessException;
import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse; import org.springframework.mock.web.MockHttpServletResponse;
import java.util.List;
import java.util.ArrayList;
/** /**
* Tests {@link org.springframework.security.ui.switchuser.SwitchUserProcessingFilter}. * Tests {@link org.springframework.security.ui.switchuser.SwitchUserProcessingFilter}.
@ -400,6 +403,30 @@ public class SwitchUserProcessingFilterTests extends TestCase {
assertEquals("jacklord", ((User) targetAuth.getPrincipal()).getUsername()); assertEquals("jacklord", ((User) targetAuth.getPrincipal()).getUsername());
} }
public void testModificationOfAuthoritiesWorks() {
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("dano", "hawaii50");
SecurityContextHolder.getContext().setAuthentication(auth);
MockHttpServletRequest request = new MockHttpServletRequest();
request.addParameter(SwitchUserProcessingFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, "jacklord");
SwitchUserProcessingFilter filter = new SwitchUserProcessingFilter();
filter.setUserDetailsService(new MockAuthenticationDaoUserJackLord());
filter.setSwitchUserAuthorityChanger(new SwitchUserAuthorityChanger() {
public List modifyGrantedAuthorities(UserDetails targetUser, Authentication currentAuthentication, List authoritiesToBeGranted) {
List auths = new ArrayList();
auths.add(new GrantedAuthorityImpl("ROLE_NEW"));
return auths;
}
});
Authentication result = filter.attemptSwitchUser(request);
assertTrue(result != null);
assertEquals(2, result.getAuthorities().length);
assertEquals("ROLE_NEW", result.getAuthorities()[0].getAuthority());
}
//~ Inner Classes ================================================================================================== //~ Inner Classes ==================================================================================================
private class MockAuthenticationDaoUserJackLord implements UserDetailsService { private class MockAuthenticationDaoUserJackLord implements UserDetailsService {