首页 发现 帮助
注册 登录
github
/
spring-security
镜像自地址 https://github.com/spring-projects/spring-security
2
0
派生 0
文件 工单管理 0 Wiki
浏览代码

Make sure the username and password are set on the final UserDetails object returned by the provider.

Luke Taylor 19 年之前
父节点
e1eac8f0ca
当前提交
53b6735c3e
共有 2 个文件被更改,包括 11 次插入4 次删除
合并视图 显示文件统计
  1. 8 4
      core/src/main/java/org/acegisecurity/providers/ldap/LdapAuthenticationProvider.java
  2. 3 0
      core/src/test/java/org/acegisecurity/providers/ldap/LdapAuthenticationProviderTests.java

+ 8 - 4
core/src/main/java/org/acegisecurity/providers/ldap/LdapAuthenticationProvider.java
查看文件 

@@ -153,7 +153,7 @@ public class LdapAuthenticationProvider extends AbstractUserDetailsAuthenticatio
 
 
 
         LdapUserDetails ldapUser = authenticator.authenticate(username, password);
 
         LdapUserDetails ldapUser = authenticator.authenticate(username, password);
 
 
 
-        return createUserDetails(ldapUser);
 
+        return createUserDetails(ldapUser, username, password);
 
     }
 
     }
 
 
 
     /**
 
     /**
 
@@ -166,16 +166,20 @@ public class LdapAuthenticationProvider extends AbstractUserDetailsAuthenticatio
 
      * <p>
 
      * <p>
 
      * Can be overridden to customize the creation of the final UserDetails instance. The
 
      * Can be overridden to customize the creation of the final UserDetails instance. The
 
      * default will merge any additional authorities retrieved from the populator with the
 
      * default will merge any additional authorities retrieved from the populator with the
 
-     * original <tt>ldapUser</tt> object.
 
+     * propertis of original <tt>ldapUser</tt> object and set the values of the username and password.
 
      * </p>
 
      * </p>
 
      *
 
      *
 
-     * @param ldapUser The intermediate LdapUserDetails instance returned from the authenticator.  
+     * @param ldapUser The intermediate LdapUserDetails instance returned by the authenticator.
 
+     * @param username the username submitted to the provider
 
+     * @param password the password submitted to the provider
 
      *
 
      *
 
      * @return The UserDetails for the successfully authenticated user.
 
      * @return The UserDetails for the successfully authenticated user.
 
      */
 
      */
 
-    protected UserDetails createUserDetails(LdapUserDetails ldapUser) {
 
+    protected UserDetails createUserDetails(LdapUserDetails ldapUser, String username, String password) {
 
 
 
         LdapUserDetailsImpl.Essence user = new LdapUserDetailsImpl.Essence(ldapUser);
 
         LdapUserDetailsImpl.Essence user = new LdapUserDetailsImpl.Essence(ldapUser);
 
+        user.setUsername(username);
 
+        user.setPassword(password);
 
 
 
         GrantedAuthority[] extraAuthorities = authoritiesPopulator.getGrantedAuthorities(ldapUser);
 
         GrantedAuthority[] extraAuthorities = authoritiesPopulator.getGrantedAuthorities(ldapUser);

+ 3 - 0
core/src/test/java/org/acegisecurity/providers/ldap/LdapAuthenticationProviderTests.java
查看文件 

@@ -37,6 +37,8 @@ public class LdapAuthenticationProviderTests extends AbstractLdapServerTestCase
 
         UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("bob","bobspassword");
 
         UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("bob","bobspassword");
 
         UserDetails user = ldapProvider.retrieveUser("bob", token);
 
         UserDetails user = ldapProvider.retrieveUser("bob", token);
 
         assertEquals(2, user.getAuthorities().length);
 
         assertEquals(2, user.getAuthorities().length);
 
+        assertEquals("bobspassword", user.getPassword());
 
+        assertEquals("bob", user.getUsername());
 
 
 
         ArrayList authorities = new ArrayList();
 
         ArrayList authorities = new ArrayList();
 
         authorities.add(user.getAuthorities()[0].getAuthority());
 
         authorities.add(user.getAuthorities()[0].getAuthority());
 
@@ -101,6 +103,7 @@ public class LdapAuthenticationProviderTests extends AbstractLdapServerTestCase
 
             if(username.equals("bob") && password.equals("bobspassword")) {
 
             if(username.equals("bob") && password.equals("bobspassword")) {
 
                 LdapUserDetailsImpl.Essence userEssence = new LdapUserDetailsImpl.Essence();
 
                 LdapUserDetailsImpl.Essence userEssence = new LdapUserDetailsImpl.Essence();
 
                 userEssence.setDn("cn=bob,ou=people,dc=acegisecurity,dc=org");
 
                 userEssence.setDn("cn=bob,ou=people,dc=acegisecurity,dc=org");
 
+                userEssence.setPassword("{SHA}anencodedpassword");
 
                 userEssence.setAttributes(userAttributes);
 
                 userEssence.setAttributes(userAttributes);
 
                 userEssence.addAuthority(new GrantedAuthorityImpl("ROLE_FROM_ENTRY"));
 
                 userEssence.addAuthority(new GrantedAuthorityImpl("ROLE_FROM_ENTRY"));
 
                 return userEssence.createUserDetails();
 
                 return userEssence.createUserDetails();