From f6f5855b527edcfb2b35392a5292726f1e05b26f Mon Sep 17 00:00:00 2001 From: Luke Taylor Date: Tue, 1 Sep 2009 16:42:11 +0000 Subject: [PATCH] SEC-1222: Provide a constructor for LdapUserDetailsService that does not require an LdapAuthoritiesPopulator. Done. --- .../LdapAuthenticationProvider.java | 11 +--------- .../NullLdapAuthoritiesPopulator.java | 20 +++++++++++++++++++ .../userdetails/LdapUserDetailsService.java | 5 +++++ .../LdapUserDetailsServiceTests.java | 17 +++++++++++----- 4 files changed, 38 insertions(+), 15 deletions(-) create mode 100644 ldap/src/main/java/org/springframework/security/ldap/authentication/NullLdapAuthoritiesPopulator.java diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapAuthenticationProvider.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapAuthenticationProvider.java index 4ea6310d6f..504b57a1a7 100644 --- a/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapAuthenticationProvider.java +++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapAuthenticationProvider.java @@ -33,7 +33,6 @@ import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.SpringSecurityMessageSource; -import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.security.ldap.ppolicy.PasswordPolicyException; @@ -166,7 +165,7 @@ public class LdapAuthenticationProvider implements AuthenticationProvider, Messa */ public LdapAuthenticationProvider(LdapAuthenticator authenticator) { this.setAuthenticator(authenticator); - this.setAuthoritiesPopulator(new NullAuthoritiesPopulator()); + this.setAuthoritiesPopulator(new NullLdapAuthoritiesPopulator()); } //~ Methods ======================================================================================================== @@ -298,13 +297,5 @@ public class LdapAuthenticationProvider implements AuthenticationProvider, Messa public boolean supports(Class authentication) { return (UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication)); } - - //~ Inner Classes ================================================================================================== - - private static class NullAuthoritiesPopulator implements LdapAuthoritiesPopulator { - public List getGrantedAuthorities(DirContextOperations userDetails, String username) { - return AuthorityUtils.NO_AUTHORITIES; - } - } } diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/NullLdapAuthoritiesPopulator.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/NullLdapAuthoritiesPopulator.java new file mode 100644 index 0000000000..a67736a5d0 --- /dev/null +++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/NullLdapAuthoritiesPopulator.java @@ -0,0 +1,20 @@ +package org.springframework.security.ldap.authentication; + +import java.util.List; + +import org.springframework.ldap.core.DirContextOperations; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.authority.AuthorityUtils; +import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator; + +/** + * + * @author Luke Taylor + * @version $Id$ + * @since 3.0 + */ +public final class NullLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator { + public List getGrantedAuthorities(DirContextOperations userDetails, String username) { + return AuthorityUtils.NO_AUTHORITIES; + } +} diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsService.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsService.java index dc9d72ed32..aa00e1ae8a 100644 --- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsService.java +++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsService.java @@ -4,6 +4,7 @@ import org.springframework.ldap.core.DirContextOperations; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; +import org.springframework.security.ldap.authentication.NullLdapAuthoritiesPopulator; import org.springframework.security.ldap.search.LdapUserSearch; import org.springframework.util.Assert; @@ -20,6 +21,10 @@ public class LdapUserDetailsService implements UserDetailsService { private LdapAuthoritiesPopulator authoritiesPopulator; private UserDetailsContextMapper userDetailsMapper = new LdapUserDetailsMapper(); + public LdapUserDetailsService(LdapUserSearch userSearch) { + this(userSearch, new NullLdapAuthoritiesPopulator()); + } + public LdapUserDetailsService(LdapUserSearch userSearch, LdapAuthoritiesPopulator authoritiesPopulator) { Assert.notNull(userSearch, "userSearch must not be null"); Assert.notNull(authoritiesPopulator, "authoritiesPopulator must not be null"); diff --git a/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsServiceTests.java b/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsServiceTests.java index 90aca563b7..61734b0fd9 100644 --- a/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsServiceTests.java +++ b/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsServiceTests.java @@ -1,7 +1,6 @@ package org.springframework.security.ldap.userdetails; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertTrue; +import static org.junit.Assert.*; import java.util.List; import java.util.Set; @@ -14,8 +13,7 @@ import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.ldap.authentication.MockUserSearch; -import org.springframework.security.ldap.userdetails.LdapUserDetailsMapper; -import org.springframework.security.ldap.userdetails.LdapUserDetailsService; +import org.springframework.security.ldap.authentication.NullLdapAuthoritiesPopulator; /** * Tests for {@link LdapUserDetailsService} @@ -27,7 +25,7 @@ public class LdapUserDetailsServiceTests { @Test(expected = IllegalArgumentException.class) public void rejectsNullSearchObject() { - new LdapUserDetailsService(null, new MockAuthoritiesPopulator()); + new LdapUserDetailsService(null, new NullLdapAuthoritiesPopulator()); } @Test(expected = IllegalArgumentException.class) @@ -50,6 +48,15 @@ public class LdapUserDetailsServiceTests { assertTrue(authorities.contains("ROLE_FROM_POPULATOR")); } + @Test + public void nullPopulatorConstructorReturnsEmptyAuthoritiesList() throws Exception { + DirContextAdapter userData = new DirContextAdapter(new DistinguishedName("uid=joe")); + + LdapUserDetailsService service = new LdapUserDetailsService(new MockUserSearch(userData)); + UserDetails user = service.loadUserByUsername("doesntmatterwegetjoeanyway"); + assertEquals(0, user.getAuthorities().size()); + } + class MockAuthoritiesPopulator implements LdapAuthoritiesPopulator { public List getGrantedAuthorities(DirContextOperations userCtx, String username) { return AuthorityUtils.createAuthorityList("ROLE_FROM_POPULATOR");