Kezdőlap Felfedezés Súgó
Regisztráció Bejelentkezés
github
/
spring-security
tükrözi: https://github.com/spring-projects/spring-security
2
0
Másolás 0
Fájlok Problémák 0 Wiki
Forráskód Böngészése

Clarify and enforce interface interface contract for AuthenticationDao.

Ben Alex 20 éve
szülő
4bcc1222e1
commit
dc726ac75c
4 módosított fájl, 35 hozzáadás és 2 törlés
Osztott Nézet Diff Statisztika Mutatása
  1. 10 1
      core/src/main/java/org/acegisecurity/providers/dao/DaoAuthenticationProvider.java
  2. 1 1
      core/src/main/java/org/acegisecurity/userdetails/UserDetailsService.java
  3. 23 0
      core/src/test/java/org/acegisecurity/providers/dao/DaoAuthenticationProviderTests.java
  4. 1 0
      doc/xdocs/changes.xml

+ 10 - 1
core/src/main/java/org/acegisecurity/providers/dao/DaoAuthenticationProvider.java
Fájl Megtekintése 

@@ -356,8 +356,10 @@ public class DaoAuthenticationProvider implements AuthenticationProvider,
 
     }
 
 
     private UserDetails getUserFromBackend(String username) {
 
+        UserDetails loadedUser;
 
+
 
         try {
 
-            return this.authenticationDao.loadUserByUsername(username);
 
+            loadedUser = this.authenticationDao.loadUserByUsername(username);
 
         } catch (UsernameNotFoundException notFound) {
 
             if (hideUserNotFoundExceptions) {
 
                 throw new BadCredentialsException("Bad credentials presented");
 
@@ -368,5 +370,12 @@ public class DaoAuthenticationProvider implements AuthenticationProvider,
 
             throw new AuthenticationServiceException(repositoryProblem
 
                 .getMessage(), repositoryProblem);
 
         }
 
+
 
+        if (loadedUser == null) {
 
+            throw new AuthenticationServiceException(
 
+                "AuthenticationDao returned null, which is an interface contract violation");
 
+        }
 
+
 
+        return loadedUser;
 
     }
 
 }

+ 1 - 1
core/src/main/java/org/acegisecurity/userdetails/UserDetailsService.java
Fájl Megtekintése 

@@ -45,7 +45,7 @@ public interface AuthenticationDao {
 
      * @param username the username presented to the {@link
 
      *        DaoAuthenticationProvider}
 
      *
 
-     * @return a fully populated user record
 
+     * @return a fully populated user record (never <code>null</code>)
 
      *
 
      * @throws UsernameNotFoundException if the user could not be found or the
 
      *         user has no GrantedAuthority

+ 23 - 0
core/src/test/java/org/acegisecurity/providers/dao/DaoAuthenticationProviderTests.java
Fájl Megtekintése 

@@ -286,6 +286,22 @@ public class DaoAuthenticationProviderTests extends TestCase {
 
         assertEquals("marissa", castResult.getPrincipal());
 
     }
 
 
+    public void testDetectsNullBeingReturnedFromAuthenticationDao() {
 
+        UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("marissa",
 
+                "koala");
 
+
 
+        DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
 
+        provider.setAuthenticationDao(new MockAuthenticationDaoReturnsNull());
 
+
 
+        try {
 
+            provider.authenticate(token);
 
+            fail("Should have thrown AuthenticationServiceException");
 
+        } catch (AuthenticationServiceException expected) {
 
+            assertEquals("AuthenticationDao returned null, which is an interface contract violation",
 
+                expected.getMessage());
 
+        }
 
+    }
 
+
 
     public void testGettersSetters() {
 
         DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
 
         provider.setPasswordEncoder(new ShaPasswordEncoder());
 
@@ -384,6 +400,13 @@ public class DaoAuthenticationProviderTests extends TestCase {
 
 
     //~ Inner Classes ==========================================================
 
 
+    private class MockAuthenticationDaoReturnsNull implements AuthenticationDao {
 
+        public UserDetails loadUserByUsername(String username)
 
+            throws UsernameNotFoundException, DataAccessException {
 
+            return null;
 
+        }
 
+    }
 
+
 
     private class MockAuthenticationDaoSimulateBackendError
 
         implements AuthenticationDao {
 
         public UserDetails loadUserByUsername(String username)

+ 1 - 0
doc/xdocs/changes.xml
Fájl Megtekintése 

@@ -53,6 +53,7 @@
 
       <action dev="benalex" type="update">Improved JaasAuthenticationProvider startup error detection</action>
 
       <action dev="benalex" type="update">Refactored EH-CACHE implementations to use Spring IoC defined caches instead</action>
 
       <action dev="benalex" type="update">AbstractProcessingFilter now has various hook methods to assist subclasses</action>
 
+      <action dev="benalex" type="update">DaoAuthenticationProvider better detects AuthenticationDao interface violations</action>
 
       <action dev="benalex" type="fix">Fixed ambiguous column references in JdbcDaoImpl default query</action>
 
       <action dev="benalex" type="fix">Fixed AbstractProcessingFilter to use removeAttribute (JRun compatibility)</action>
 
       <action dev="benalex" type="fix">Fixed GrantedAuthorityEffectiveAclResolver support of UserDetails principals</action>