Home Explore Help
Register Sign In
github
/
spring-security
mirror of https://github.com/spring-projects/spring-security
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Use SecurityContextHolderStrategy for Ldap

Issue gh-11060
Josh Cummings 3 years ago
parent
652c35db2f
commit
6e821382f1
4 changed files with 85 additions and 6 deletions
Split View Show Diff Stats
  1. 29 0
      ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManagerTests.java
  2. 19 3
      ldap/src/main/java/org/springframework/security/ldap/authentication/SpringSecurityAuthenticationSource.java
  3. 17 2
      ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManager.java
  4. 20 1
      ldap/src/test/java/org/springframework/security/ldap/SpringSecurityAuthenticationSourceTests.java

+ 29 - 0
ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManagerTests.java
View File 

@@ -31,6 +31,8 @@ import org.springframework.security.authentication.UsernamePasswordAuthenticatio
 
 import org.springframework.security.core.GrantedAuthority;
 
 import org.springframework.security.core.authority.AuthorityUtils;
 
 import org.springframework.security.core.context.SecurityContextHolder;
 
+import org.springframework.security.core.context.SecurityContextHolderStrategy;
 
+import org.springframework.security.core.context.SecurityContextImpl;
 
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 
 import org.springframework.security.ldap.ApacheDsContainerConfig;
 
 import org.springframework.security.ldap.DefaultLdapUsernameToDnMapper;
 
@@ -40,6 +42,9 @@ import org.springframework.test.context.junit.jupiter.SpringExtension;
 
 
 import static org.assertj.core.api.Assertions.assertThat;
 
 import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 
+import static org.mockito.BDDMockito.given;
 
+import static org.mockito.Mockito.mock;
 
+import static org.mockito.Mockito.verify;
 
 
 /**
 
  * @author Luke Taylor
 
@@ -201,6 +206,30 @@ public class LdapUserDetailsManagerTests {
 
 				.isTrue();
 
 	}
 
 
+	@Test
 
+	public void testPasswordChangeUsesCustomSecurityContextHolderStrategy() {
 
+		InetOrgPerson.Essence p = new InetOrgPerson.Essence();
 
+		p.setDn("whocares");
 
+		p.setCn(new String[] { "John Yossarian" });
 
+		p.setSn("Yossarian");
 
+		p.setUid("johnyossarian");
 
+		p.setPassword("yossarianspassword");
 
+		p.setAuthorities(TEST_AUTHORITIES);
 
+
 
+		this.mgr.createUser(p.createUserDetails());
 
+
 
+		SecurityContextHolderStrategy strategy = mock(SecurityContextHolderStrategy.class);
 
+		given(strategy.getContext()).willReturn(new SecurityContextImpl(UsernamePasswordAuthenticationToken
 
+				.authenticated("johnyossarian", "yossarianspassword", TEST_AUTHORITIES)));
 
+		this.mgr.setSecurityContextHolderStrategy(strategy);
 
+
 
+		this.mgr.changePassword("yossarianspassword", "yossariansnewpassword");
 
+
 
+		assertThat(this.template.compare("uid=johnyossarian,ou=test people", "userPassword", "yossariansnewpassword"))
 
+				.isTrue();
 
+		verify(strategy).getContext();
 
+	}
 
+
 
 	@Test
 
 	public void testPasswordChangeWithWrongOldPasswordFails() {
 
 		InetOrgPerson.Essence p = new InetOrgPerson.Essence();

+ 19 - 3
ldap/src/main/java/org/springframework/security/ldap/authentication/SpringSecurityAuthenticationSource.java
View File 

@@ -1,5 +1,5 @@
 
 /*
 
- * Copyright 2002-2016 the original author or authors.
 
+ * Copyright 2002-2022 the original author or authors.
 
  *
 
  * Licensed under the Apache License, Version 2.0 (the "License");
 
  * you may not use this file except in compliance with the License.
 
@@ -23,7 +23,9 @@ import org.springframework.ldap.core.AuthenticationSource;
 
 import org.springframework.security.authentication.AnonymousAuthenticationToken;
 
 import org.springframework.security.core.Authentication;
 
 import org.springframework.security.core.context.SecurityContextHolder;
 
+import org.springframework.security.core.context.SecurityContextHolderStrategy;
 
 import org.springframework.security.ldap.userdetails.LdapUserDetails;
 
+import org.springframework.util.Assert;
 
 
 /**
 
  * An AuthenticationSource to retrieve authentication information stored in Spring
 
@@ -40,13 +42,16 @@ public class SpringSecurityAuthenticationSource implements AuthenticationSource
 
 
 	private static final Log log = LogFactory.getLog(SpringSecurityAuthenticationSource.class);
 
 
+	private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder
 
+			.getContextHolderStrategy();
 
+
 
 	/**
 
 	 * Get the principals of the logged in user, in this case the distinguished name.
 
 	 * @return the distinguished name of the logged in user.
 
 	 */
 
 	@Override
 
 	public String getPrincipal() {
 
-		Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
 
+		Authentication authentication = this.securityContextHolderStrategy.getContext().getAuthentication();
 
 		if (authentication == null) {
 
 			log.debug("Returning empty String as Principal since authentication is null");
 
 			return "";
 
@@ -69,7 +74,7 @@ public class SpringSecurityAuthenticationSource implements AuthenticationSource
 
 	 */
 
 	@Override
 
 	public String getCredentials() {
 
-		Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
 
+		Authentication authentication = this.securityContextHolderStrategy.getContext().getAuthentication();
 
 		if (authentication == null) {
 
 			log.debug("Returning empty String as Credentials since authentication is null");
 
 			return "";
 
@@ -77,4 +82,15 @@ public class SpringSecurityAuthenticationSource implements AuthenticationSource
 
 		return (String) authentication.getCredentials();
 
 	}
 
 
+	/**
 
+	 * Sets the {@link SecurityContextHolderStrategy} to use. The default action is to use
 
+	 * the {@link SecurityContextHolderStrategy} stored in {@link SecurityContextHolder}.
 
+	 *
 
+	 * @since 5.8
 
+	 */
 
+	public void setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy) {
 
+		Assert.notNull(securityContextHolderStrategy, "securityContextHolderStrategy cannot be null");
 
+		this.securityContextHolderStrategy = securityContextHolderStrategy;
 
+	}
 
+
 
 }

+ 17 - 2
ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManager.java
View File 

@@ -1,5 +1,5 @@
 
 /*
 
- * Copyright 2002-2018 the original author or authors.
 
+ * Copyright 2002-2022 the original author or authors.
 
  *
 
  * Licensed under the Apache License, Version 2.0 (the "License");
 
  * you may not use this file except in compliance with the License.
 
@@ -54,6 +54,7 @@ import org.springframework.security.core.Authentication;
 
 import org.springframework.security.core.GrantedAuthority;
 
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 
 import org.springframework.security.core.context.SecurityContextHolder;
 
+import org.springframework.security.core.context.SecurityContextHolderStrategy;
 
 import org.springframework.security.core.userdetails.UserDetails;
 
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 
 import org.springframework.security.ldap.DefaultLdapUsernameToDnMapper;
 
@@ -82,6 +83,9 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 
 
 	private final Log logger = LogFactory.getLog(LdapUserDetailsManager.class);
 
 
+	private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder
 
+			.getContextHolderStrategy();
 
+
 
 	/**
 
 	 * The strategy for mapping usernames to LDAP distinguished names. This will be used
 
 	 * when building DNs for creating new users etc.
 
@@ -179,7 +183,7 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 
 	 */
 
 	@Override
 
 	public void changePassword(final String oldPassword, final String newPassword) {
 
-		Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
 
+		Authentication authentication = this.securityContextHolderStrategy.getContext().getAuthentication();
 
 		Assert.notNull(authentication,
 
 				"No authentication object found in security context. Can't change current user's password!");
 
 		String username = authentication.getName();
 
@@ -388,6 +392,17 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 
 		this.usePasswordModifyExtensionOperation = usePasswordModifyExtensionOperation;
 
 	}
 
 
+	/**
 
+	 * Sets the {@link SecurityContextHolderStrategy} to use. The default action is to use
 
+	 * the {@link SecurityContextHolderStrategy} stored in {@link SecurityContextHolder}.
 
+	 *
 
+	 * @since 5.8
 
+	 */
 
+	public void setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy) {
 
+		Assert.notNull(securityContextHolderStrategy, "securityContextHolderStrategy cannot be null");
 
+		this.securityContextHolderStrategy = securityContextHolderStrategy;
 
+	}
 
+
 
 	private void changePasswordUsingAttributeModification(DistinguishedName userDn, String oldPassword,
 
 			String newPassword) {
 
 		ModificationItem[] passwordChange = new ModificationItem[] { new ModificationItem(DirContext.REPLACE_ATTRIBUTE,

+ 20 - 1
ldap/src/test/java/org/springframework/security/ldap/SpringSecurityAuthenticationSourceTests.java
View File 

@@ -1,5 +1,5 @@
 
 /*
 
- * Copyright 2002-2016 the original author or authors.
 
+ * Copyright 2002-2022 the original author or authors.
 
  *
 
  * Licensed under the Apache License, Version 2.0 (the "License");
 
  * you may not use this file except in compliance with the License.
 
@@ -26,11 +26,16 @@ import org.springframework.security.authentication.AnonymousAuthenticationToken;
 
 import org.springframework.security.authentication.TestingAuthenticationToken;
 
 import org.springframework.security.core.authority.AuthorityUtils;
 
 import org.springframework.security.core.context.SecurityContextHolder;
 
+import org.springframework.security.core.context.SecurityContextHolderStrategy;
 
+import org.springframework.security.core.context.SecurityContextImpl;
 
 import org.springframework.security.ldap.authentication.SpringSecurityAuthenticationSource;
 
 import org.springframework.security.ldap.userdetails.LdapUserDetailsImpl;
 
 
 import static org.assertj.core.api.Assertions.assertThat;
 
 import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 
+import static org.mockito.BDDMockito.given;
 
+import static org.mockito.Mockito.mock;
 
+import static org.mockito.Mockito.verify;
 
 
 /**
 
  * @author Luke Taylor
 
@@ -83,4 +88,18 @@ public class SpringSecurityAuthenticationSourceTests {
 
 		assertThat(source.getPrincipal()).isEqualTo("uid=joe,ou=users");
 
 	}
 
 
+	@Test
 
+	public void getPrincipalWhenCustomSecurityContextHolderStrategyThenExpectedPrincipalIsReturned() {
 
+		LdapUserDetailsImpl.Essence user = new LdapUserDetailsImpl.Essence();
 
+		user.setUsername("joe");
 
+		user.setDn(new DistinguishedName("uid=joe,ou=users"));
 
+		SecurityContextHolderStrategy strategy = mock(SecurityContextHolderStrategy.class);
 
+		given(strategy.getContext())
 
+				.willReturn(new SecurityContextImpl(new TestingAuthenticationToken(user.createUserDetails(), null)));
 
+		SpringSecurityAuthenticationSource source = new SpringSecurityAuthenticationSource();
 
+		source.setSecurityContextHolderStrategy(strategy);
 
+		assertThat(source.getPrincipal()).isEqualTo("uid=joe,ou=users");
 
+		verify(strategy).getContext();
 
+	}
 
+
 
 }