Trang chủ Khám phá Trợ giúp
Đăng ký Đăng nhập
github
/
spring-security
mirror of https://github.com/spring-projects/spring-security
2
0
Fork 0
Các tập tin Các vấn đề 0 Wiki
Browse Source

SEC-2072: <security:anonymous> granted-authority supports multiple authorities again

Rob Winch 12 năm trước cách đây
mục cha
091549779c
commit
4c50d1f5de
2 tập tin đã thay đổi với 18 bổ sung1 xóa
Split View Hiển thị tình trạng sai khác
  1. 1 1
      config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java
  2. 17 0
      config/src/test/groovy/org/springframework/security/config/http/MiscHttpConfigTests.groovy

+ 1 - 1
config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java
Xem Tập Tin 

@@ -534,7 +534,7 @@ final class AuthenticationConfigBuilder {
 
         anonymousFilter = new RootBeanDefinition(AnonymousAuthenticationFilter.class);
 
         anonymousFilter.getConstructorArgumentValues().addIndexedArgumentValue(0, key);
 
         anonymousFilter.getConstructorArgumentValues().addIndexedArgumentValue(1, username);
 
-        anonymousFilter.getConstructorArgumentValues().addIndexedArgumentValue(2, AuthorityUtils.createAuthorityList(grantedAuthority));
 
+        anonymousFilter.getConstructorArgumentValues().addIndexedArgumentValue(2, AuthorityUtils.commaSeparatedStringToAuthorityList(grantedAuthority));
 
         anonymousFilter.setSource(source);
 
 
         RootBeanDefinition anonymousProviderBean = new RootBeanDefinition(AnonymousAuthenticationProvider.class);

+ 17 - 0
config/src/test/groovy/org/springframework/security/config/http/MiscHttpConfigTests.groovy
Xem Tập Tin 

@@ -212,6 +212,23 @@ class MiscHttpConfigTests extends AbstractHttpConfigTests {
 
         'anonymity' == filter.authorities[0].authority
 
     }
 
 
+    def anonymousSupportsMultipleGrantedAuthorities() {
 
+        xml.http {
 
+            'form-login'()
 
+            'anonymous'(username: 'joe', 'granted-authority':'ROLE_INVITADO,ROLE_PROFILE_INVITADO,ROLE_GRUPO_PUBLICO', key: 'customKey')
 
+        }
 
+        createAppContext()
 
+
 
+        AnonymousAuthenticationFilter filter = getFilter(AnonymousAuthenticationFilter);
 
+        def providers = appContext.getBeansOfType(AuthenticationManager).values()*.providers.flatten()
 
+
 
+        expect:
 
+        'customKey' == providers.find { it instanceof AnonymousAuthenticationProvider }.key
 
+        'customKey' == filter.key
 
+        'joe' == filter.principal
 
+        ['ROLE_INVITADO','ROLE_PROFILE_INVITADO','ROLE_GRUPO_PUBLICO'] == filter.authorities*.authority
 
+    }
 
+
 
     def httpMethodMatchIsSupported() {
 
         httpAutoConfig {
 
             interceptUrl '/secure*', 'DELETE', 'ROLE_SUPERVISOR'