vor 9 Jahren · 9008a7af1d
--- a/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilter.java
@@ -123,6 +123,7 @@ public class SwitchUserFilter extends GenericFilterBean implements
 
				 	private String targetUrl;
			
 
				 	private String switchFailureUrl;
			
 
				 	private String usernameParameter = SPRING_SECURITY_SWITCH_USERNAME_KEY;
			
 
				+	private String switchAuthorityRole = ROLE_PREVIOUS_ADMINISTRATOR;
			
 
				 	private SwitchUserAuthorityChanger switchUserAuthorityChanger;
			
 
				 	private UserDetailsService userDetailsService;
			
 
				 	private UserDetailsChecker userDetailsChecker = new AccountStatusUserDetailsChecker();
			
@@ -319,7 +320,7 @@ public class SwitchUserFilter extends GenericFilterBean implements
 
				 		}
			
 
				 
			
 
				 		GrantedAuthority switchAuthority = new SwitchUserGrantedAuthority(
			
 
				-				ROLE_PREVIOUS_ADMINISTRATOR, currentAuth);
			
 
				+				switchAuthorityRole, currentAuth);
			
 
				 
			
 
				 		// get the original authorities
			
 
				 		Collection<? extends GrantedAuthority> orig = targetUser.getAuthorities();
			
@@ -527,6 +528,16 @@ public class SwitchUserFilter extends GenericFilterBean implements
 
				 		this.usernameParameter = usernameParameter;
			
 
				 	}
			
 
				 
			
 
				+	/**
			
 
				+	 * Allows the role of the switchAuthority to be customized.
			
 
				+	 * 
			
 
				+	 * @param switchAuthorityRole the role name. Defaults to {@link #ROLE_PREVIOUS_ADMINISTRATOR}
			
 
				+	 */
			
 
				+	public void setSwitchAuthorityRole(String switchAuthorityRole) {
			
 
				+		Assert.notNull(switchAuthorityRole, "switchAuthorityRole cannot be null");
			
 
				+		this.switchAuthorityRole = switchAuthorityRole;
			
 
				+	}
			
 
				+
			
 
				 	/**
			
 
				 	 * Strips any content after the ';' in the request URI
			
 
				 	 *
			
--- a/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java
@@ -19,6 +19,7 @@ import static org.junit.Assert.*;
 
				 import static org.mockito.Mockito.*;
			
 
				 
			
 
				 import org.junit.*;
			
 
				+import org.junit.rules.ExpectedException;
			
 
				 import org.springframework.mock.web.MockHttpServletRequest;
			
 
				 import org.springframework.mock.web.MockHttpServletResponse;
			
 
				 import org.springframework.security.authentication.AccountExpiredException;
			
@@ -52,6 +53,8 @@ import java.util.*;
 
				 public class SwitchUserFilterTests {
			
 
				 	private final static List<GrantedAuthority> ROLES_12 = AuthorityUtils
			
 
				 			.createAuthorityList("ROLE_ONE", "ROLE_TWO");
			
 
				+	@Rule
			
 
				+	public ExpectedException thrown = ExpectedException.none();
			
 
				 
			
 
				 	@Before
			
 
				 	public void authenticateCurrentUser() {
			
@@ -86,6 +89,17 @@ public class SwitchUserFilterTests {
 
				 
			
 
				 	}
			
 
				 
			
 
				+	private Authentication switchToUserWithAuthorityRole(String name, String switchAuthorityRole) {
			
 
				+		MockHttpServletRequest request = new MockHttpServletRequest();
			
 
				+		request.addParameter(SwitchUserFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, name);
			
 
				+
			
 
				+		SwitchUserFilter filter = new SwitchUserFilter();
			
 
				+		filter.setUserDetailsService(new MockUserDetailsService());
			
 
				+		filter.setSwitchAuthorityRole(switchAuthorityRole);
			
 
				+
			
 
				+		return filter.attemptSwitchUser(request);
			
 
				+	}
			
 
				+
			
 
				 	@Test
			
 
				 	public void requiresExitUserMatchesCorrectly() {
			
 
				 		SwitchUserFilter filter = new SwitchUserFilter();
			
@@ -412,7 +426,42 @@ public class SwitchUserFilterTests {
 
				 			}
			
 
				 		}
			
 
				 
			
 
				+		assertNotNull(switchedFrom);
			
 
				+		assertSame(source, switchedFrom.getSource());
			
 
				+	}
			
 
				+
			
 
				+	// gh-3697
			
 
				+	@Test
			
 
				+	public void switchAuthorityRoleCannotBeNull() throws Exception {
			
 
				+		thrown.expect(IllegalArgumentException.class);
			
 
				+		thrown.expectMessage("switchAuthorityRole cannot be null");
			
 
				+		switchToUserWithAuthorityRole("dano", null);
			
 
				+	}
			
 
				+
			
 
				+	// gh-3697
			
 
				+	@Test
			
 
				+	public void switchAuthorityRoleCanBeChanged() throws Exception {
			
 
				+		String switchAuthorityRole = "PREVIOUS_ADMINISTRATOR";
			
 
				+
			
 
				+		// original user
			
 
				+		UsernamePasswordAuthenticationToken source = new UsernamePasswordAuthenticationToken(
			
 
				+				"orig", "hawaii50", ROLES_12);
			
 
				+		SecurityContextHolder.getContext().setAuthentication(source);
			
 
				+		SecurityContextHolder.getContext().setAuthentication(switchToUser("jacklord"));
			
 
				+		Authentication switched = switchToUserWithAuthorityRole("dano", switchAuthorityRole);
			
 
				+
			
 
				+		SwitchUserGrantedAuthority switchedFrom = null;
			
 
				+
			
 
				+		for (GrantedAuthority ga : switched.getAuthorities()) {
			
 
				+			if (ga instanceof SwitchUserGrantedAuthority) {
			
 
				+				switchedFrom = (SwitchUserGrantedAuthority) ga;
			
 
				+				break;
			
 
				+			}
			
 
				+		}
			
 
				+
			
 
				+		assertNotNull(switchedFrom);
			
 
				 		assertSame(source, switchedFrom.getSource());
			
 
				+		assertEquals(switchAuthorityRole, switchedFrom.getAuthority());
			
 
				 	}
			
 
				 
			
 
				 	// ~ Inner Classes