|
@@ -2,6 +2,7 @@ package org.springframework.security.provisioning;
|
|
|
|
|
|
import static org.junit.Assert.*;
|
|
import static org.junit.Assert.*;
|
|
import static org.mockito.Mockito.*;
|
|
import static org.mockito.Mockito.*;
|
|
|
|
+import static org.fest.assertions.Assertions.assertThat;
|
|
|
|
|
|
import java.util.Collections;
|
|
import java.util.Collections;
|
|
import java.util.HashMap;
|
|
import java.util.HashMap;
|
|
@@ -302,6 +303,15 @@ public class JdbcUserDetailsManagerTests {
|
|
assertEquals(0, template.queryForList(SELECT_JOE_AUTHORITIES_SQL).size());
|
|
assertEquals(0, template.queryForList(SELECT_JOE_AUTHORITIES_SQL).size());
|
|
}
|
|
}
|
|
|
|
|
|
|
|
+ // SEC-2166
|
|
|
|
+ @Test
|
|
|
|
+ public void createNewAuthenticationUsesNullPasswordToKeepPassordsSave() {
|
|
|
|
+ insertJoe();
|
|
|
|
+ UsernamePasswordAuthenticationToken currentAuth = new UsernamePasswordAuthenticationToken("joe",null, AuthorityUtils.createAuthorityList("ROLE_USER"));
|
|
|
|
+ Authentication updatedAuth = manager.createNewAuthentication(currentAuth, "new");
|
|
|
|
+ assertThat(updatedAuth.getCredentials()).isNull();
|
|
|
|
+ }
|
|
|
|
+
|
|
private Authentication authenticateJoe() {
|
|
private Authentication authenticateJoe() {
|
|
UsernamePasswordAuthenticationToken auth =
|
|
UsernamePasswordAuthenticationToken auth =
|
|
new UsernamePasswordAuthenticationToken("joe","password", joe.getAuthorities());
|
|
new UsernamePasswordAuthenticationToken("joe","password", joe.getAuthorities());
|