首页 发现 帮助
注册 登录
github
/
spring-security
镜像自地址 https://github.com/spring-projects/spring-security
2
0
派生 0
文件 工单管理 0 Wiki
浏览代码

SEC-2072: <security:anonymous> granted-authority supports multiple authorities again

Rob Winch 12 年之前
父节点
091549779c
当前提交
4c50d1f5de
共有 2 个文件被更改,包括 18 次插入1 次删除
分列视图 显示文件统计
  1. 1 1
      config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java
  2. 17 0
      config/src/test/groovy/org/springframework/security/config/http/MiscHttpConfigTests.groovy

+ 1 - 1
config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java
查看文件 

@@ -534,7 +534,7 @@ final class AuthenticationConfigBuilder {
 
         anonymousFilter = new RootBeanDefinition(AnonymousAuthenticationFilter.class);
 
         anonymousFilter.getConstructorArgumentValues().addIndexedArgumentValue(0, key);
 
         anonymousFilter.getConstructorArgumentValues().addIndexedArgumentValue(1, username);
 
-        anonymousFilter.getConstructorArgumentValues().addIndexedArgumentValue(2, AuthorityUtils.createAuthorityList(grantedAuthority));
 
+        anonymousFilter.getConstructorArgumentValues().addIndexedArgumentValue(2, AuthorityUtils.commaSeparatedStringToAuthorityList(grantedAuthority));
 
         anonymousFilter.setSource(source);
 
 
         RootBeanDefinition anonymousProviderBean = new RootBeanDefinition(AnonymousAuthenticationProvider.class);

+ 17 - 0
config/src/test/groovy/org/springframework/security/config/http/MiscHttpConfigTests.groovy
查看文件 

@@ -212,6 +212,23 @@ class MiscHttpConfigTests extends AbstractHttpConfigTests {
 
         'anonymity' == filter.authorities[0].authority
 
     }
 
 
+    def anonymousSupportsMultipleGrantedAuthorities() {
 
+        xml.http {
 
+            'form-login'()
 
+            'anonymous'(username: 'joe', 'granted-authority':'ROLE_INVITADO,ROLE_PROFILE_INVITADO,ROLE_GRUPO_PUBLICO', key: 'customKey')
 
+        }
 
+        createAppContext()
 
+
 
+        AnonymousAuthenticationFilter filter = getFilter(AnonymousAuthenticationFilter);
 
+        def providers = appContext.getBeansOfType(AuthenticationManager).values()*.providers.flatten()
 
+
 
+        expect:
 
+        'customKey' == providers.find { it instanceof AnonymousAuthenticationProvider }.key
 
+        'customKey' == filter.key
 
+        'joe' == filter.principal
 
+        ['ROLE_INVITADO','ROLE_PROFILE_INVITADO','ROLE_GRUPO_PUBLICO'] == filter.authorities*.authority
 
+    }
 
+
 
     def httpMethodMatchIsSupported() {
 
         httpAutoConfig {
 
             interceptUrl '/secure*', 'DELETE', 'ROLE_SUPERVISOR'