SEC-418: Changed interface SwitchAuthorityChanger to return List rather than expecting modification of passed in List of authorities.
This commit is contained in:
parent
0be34cdcc1
commit
e63fa0f610
|
@ -25,6 +25,8 @@ public interface SwitchUserAuthorityChanger {
|
||||||
* @param currentAuthentication the current Authentication of the principal performing the switching
|
* @param currentAuthentication the current Authentication of the principal performing the switching
|
||||||
* @param authoritiesToBeGranted all {@link GrantedAuthority} instances to be granted to the user,
|
* @param authoritiesToBeGranted all {@link GrantedAuthority} instances to be granted to the user,
|
||||||
* excluding the special "switch user" authority that is used internally (guaranteed never null)
|
* excluding the special "switch user" authority that is used internally (guaranteed never null)
|
||||||
|
*
|
||||||
|
* @return the modified list of granted authorities.
|
||||||
*/
|
*/
|
||||||
void modifyGrantedAuthorities(UserDetails targetUser, Authentication currentAuthentication, List authoritiesToBeGranted);
|
List modifyGrantedAuthorities(UserDetails targetUser, Authentication currentAuthentication, List authoritiesToBeGranted);
|
||||||
}
|
}
|
||||||
|
|
|
@ -25,6 +25,7 @@ import org.springframework.security.DisabledException;
|
||||||
import org.springframework.security.GrantedAuthority;
|
import org.springframework.security.GrantedAuthority;
|
||||||
import org.springframework.security.LockedException;
|
import org.springframework.security.LockedException;
|
||||||
import org.springframework.security.util.RedirectUtils;
|
import org.springframework.security.util.RedirectUtils;
|
||||||
|
import org.springframework.security.util.AuthorityUtils;
|
||||||
|
|
||||||
import org.springframework.security.context.SecurityContextHolder;
|
import org.springframework.security.context.SecurityContextHolder;
|
||||||
|
|
||||||
|
@ -283,15 +284,15 @@ public class SwitchUserProcessingFilter extends SpringSecurityFilter implements
|
||||||
|
|
||||||
// Allow subclasses to change the authorities to be granted
|
// Allow subclasses to change the authorities to be granted
|
||||||
if (switchUserAuthorityChanger != null) {
|
if (switchUserAuthorityChanger != null) {
|
||||||
switchUserAuthorityChanger.modifyGrantedAuthorities(targetUser, currentAuth, orig);
|
orig = switchUserAuthorityChanger.modifyGrantedAuthorities(targetUser, currentAuth, orig);
|
||||||
}
|
}
|
||||||
|
|
||||||
// add the new switch user authority
|
// add the new switch user authority
|
||||||
List newAuths = new ArrayList(orig);
|
List newAuths = new ArrayList(orig);
|
||||||
newAuths.add(switchAuthority);
|
newAuths.add(switchAuthority);
|
||||||
|
|
||||||
GrantedAuthority[] authorities = {};
|
GrantedAuthority[] authorities =
|
||||||
authorities = (GrantedAuthority[]) newAuths.toArray(authorities);
|
(GrantedAuthority[]) newAuths.toArray(new GrantedAuthority[newAuths.size()]);
|
||||||
|
|
||||||
// create the new authentication token
|
// create the new authentication token
|
||||||
targetUserRequest = new UsernamePasswordAuthenticationToken(targetUser, targetUser.getPassword(), authorities);
|
targetUserRequest = new UsernamePasswordAuthenticationToken(targetUser, targetUser.getPassword(), authorities);
|
||||||
|
|
|
@ -41,6 +41,9 @@ import org.springframework.dao.DataAccessException;
|
||||||
import org.springframework.mock.web.MockHttpServletRequest;
|
import org.springframework.mock.web.MockHttpServletRequest;
|
||||||
import org.springframework.mock.web.MockHttpServletResponse;
|
import org.springframework.mock.web.MockHttpServletResponse;
|
||||||
|
|
||||||
|
import java.util.List;
|
||||||
|
import java.util.ArrayList;
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Tests {@link org.springframework.security.ui.switchuser.SwitchUserProcessingFilter}.
|
* Tests {@link org.springframework.security.ui.switchuser.SwitchUserProcessingFilter}.
|
||||||
|
@ -400,6 +403,30 @@ public class SwitchUserProcessingFilterTests extends TestCase {
|
||||||
assertEquals("jacklord", ((User) targetAuth.getPrincipal()).getUsername());
|
assertEquals("jacklord", ((User) targetAuth.getPrincipal()).getUsername());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public void testModificationOfAuthoritiesWorks() {
|
||||||
|
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("dano", "hawaii50");
|
||||||
|
SecurityContextHolder.getContext().setAuthentication(auth);
|
||||||
|
|
||||||
|
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||||
|
request.addParameter(SwitchUserProcessingFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, "jacklord");
|
||||||
|
|
||||||
|
SwitchUserProcessingFilter filter = new SwitchUserProcessingFilter();
|
||||||
|
filter.setUserDetailsService(new MockAuthenticationDaoUserJackLord());
|
||||||
|
filter.setSwitchUserAuthorityChanger(new SwitchUserAuthorityChanger() {
|
||||||
|
public List modifyGrantedAuthorities(UserDetails targetUser, Authentication currentAuthentication, List authoritiesToBeGranted) {
|
||||||
|
List auths = new ArrayList();
|
||||||
|
auths.add(new GrantedAuthorityImpl("ROLE_NEW"));
|
||||||
|
return auths;
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
Authentication result = filter.attemptSwitchUser(request);
|
||||||
|
assertTrue(result != null);
|
||||||
|
assertEquals(2, result.getAuthorities().length);
|
||||||
|
assertEquals("ROLE_NEW", result.getAuthorities()[0].getAuthority());
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
//~ Inner Classes ==================================================================================================
|
//~ Inner Classes ==================================================================================================
|
||||||
|
|
||||||
private class MockAuthenticationDaoUserJackLord implements UserDetailsService {
|
private class MockAuthenticationDaoUserJackLord implements UserDetailsService {
|
||||||
|
|
Loading…
Reference in New Issue