SEC-703: Expose customization of SQL used by <jdbc-user-service>

http://jira.springframework.org/browse/SEC-703. Added suggested attributes for sql queries.

core/src/main/java/org/springframework/security/config/JdbcUserServiceBeanDefinitionParser.java

@@ -1,6 +1,7 @@
 package org.springframework.security.config;
 
 import org.springframework.security.userdetails.jdbc.JdbcUserDetailsManager;
+import org.springframework.util.StringUtils;
 import org.springframework.beans.factory.support.BeanDefinitionBuilder;
 import org.springframework.beans.factory.xml.ParserContext;
 import org.springframework.beans.factory.BeanDefinitionStoreException;
@@ -13,6 +14,9 @@ import org.w3c.dom.Element;
  */
 public class JdbcUserServiceBeanDefinitionParser extends AbstractUserDetailsServiceBeanDefinitionParser {
 	static final String ATT_DATA_SOURCE = "data-source-ref";
+	static final String ATT_USERS_BY_USERNAME_QUERY = "users-by-username-query";
+	static final String ATT_AUTHORITIES_BY_USERNAME_QUERY = "authorities-by-username-query";
+	static final String ATT_GROUP_AUTHORITIES_QUERY = "group-authorities-by-username-query";
 
     protected Class getBeanClass(Element element) {
         return JdbcUserDetailsManager.class;
@@ -29,5 +33,22 @@ public class JdbcUserServiceBeanDefinitionParser extends AbstractUserDetailsServ
             throw new BeanDefinitionStoreException(ATT_DATA_SOURCE  + " is required for "
                     + Elements.JDBC_USER_SERVICE );
         }
+        
+        String usersQuery = element.getAttribute(ATT_USERS_BY_USERNAME_QUERY);
+        String authoritiesQuery = element.getAttribute(ATT_AUTHORITIES_BY_USERNAME_QUERY);
+        String groupAuthoritiesQuery = element.getAttribute(ATT_GROUP_AUTHORITIES_QUERY);
+        
+        if (StringUtils.hasText(usersQuery)) {
+            builder.addPropertyValue("usersByUsernameQuery", usersQuery);
+        }
+        
+        if (StringUtils.hasText(authoritiesQuery)) {
+            builder.addPropertyValue("authoritiesByUsernameQuery", authoritiesQuery);
+        }
+        
+        if (StringUtils.hasText(groupAuthoritiesQuery)) {
+            builder.addPropertyValue("enableGroups", Boolean.TRUE);
+            builder.addPropertyValue("authoritiesByUsernameQuery", groupAuthoritiesQuery);
+        }
     }
 }

core/src/main/resources/org/springframework/security/config/spring-security-2.0.rnc

@@ -415,6 +415,16 @@ jdbc-user-service.attlist &=
     attribute data-source-ref {xsd:string}
 jdbc-user-service.attlist &=
     cache-ref?
+jdbc-user-service.attlist &=
+    ## An SQL statement to query a username, password, and enabled status given a username
+    attribute users-by-username-query {xsd:string}?
+jdbc-user-service.attlist &=
+    ## An SQL statement to query for a user's granted authorities given a username.
+    attribute authorities-by-username-query {xsd:string}?
+jdbc-user-service.attlist &=
+    ## An SQL statement to query user's group authorities given a username.
+    attribute group-authorities-by-username-query {xsd:string}?
+    
 
 any-user-service = user-service | jdbc-user-service | ldap-user-service
     

core/src/main/resources/org/springframework/security/config/spring-security-2.0.xsd

@@ -1144,6 +1144,24 @@
         UserDetailsService.</xs:documentation>
       </xs:annotation>
     </xs:attribute>
+    <xs:attribute name="users-by-username-query" type="xs:string">
+      <xs:annotation>
+        <xs:documentation>An SQL statement to query a username, password, and enabled status given a
+          username</xs:documentation>
+      </xs:annotation>
+    </xs:attribute>
+    <xs:attribute name="authorities-by-username-query" type="xs:string">
+      <xs:annotation>
+        <xs:documentation>An SQL statement to query for a user's granted authorities given a
+          username.</xs:documentation>
+      </xs:annotation>
+    </xs:attribute>
+    <xs:attribute name="group-authorities-by-username-query" type="xs:string">
+      <xs:annotation>
+        <xs:documentation>An SQL statement to query user's group authorities given a
+        username.</xs:documentation>
+      </xs:annotation>
+    </xs:attribute>
   </xs:attributeGroup>
   <xs:element name="any-user-service" abstract="true"/>
   <xs:group name="custom-filter">

core/src/test/java/org/springframework/security/config/JdbcUserServiceBeanDefinitionParserTests.java

@@ -52,6 +52,16 @@ public class JdbcUserServiceBeanDefinitionParserTests {
         JdbcUserDetailsManager mgr = (JdbcUserDetailsManager) appContext.getBean("myUserService");
     }
 
+    @Test
+    public void usernameAndGroupQueriesAreParsedCorrectly() {
+        setContext("<jdbc-user-service id='myUserService' " +
+        		"data-source-ref='dataSource' " +
+        		"users-by-username-query='select username,password,enabled from users where username = ?' " +
+        		"authorities-by-username-query='select username,authority from authorities where username = ?'/>" + DATA_SOURCE);
+        JdbcUserDetailsManager mgr = (JdbcUserDetailsManager) appContext.getBean("myUserService");
+        assertTrue(mgr.loadUserByUsername("rod") != null);
+    }
+    
     @Test
     public void cacheRefIsparsedCorrectly() {
         setContext("<jdbc-user-service id='myUserService' cache-ref='userCache' data-source-ref='dataSource'/>"