Refactor CasAuthoritiesPopulator to use UserDetails rather than GrantedAuthority[].

changelog.txt

@@ -6,7 +6,8 @@ Changes in version 0.6 (2004-xx-xx)
 * Added stack trace logging to SecurityEnforcementFilter
 * Updated Authentication to be serializable (Weblogic support)
 * Updated to Clover 1.3
-* Refactored User to UserDetails interface
+* Refactored User to net.sf.acegisecurity.UserDetails interface
+* Refactored CAS package to store UserDetails in CasAuthenticationToken
 * Improved organisation of DaoAuthenticationProvider to facilitate subclassing
 * Improved test coverage (now 98.3%)
 * Fixed Linux compatibility issues (directory case sensitivity etc)

core/src/main/java/org/acegisecurity/providers/cas/CasAuthenticationProvider.java

@@ -18,7 +18,7 @@ package net.sf.acegisecurity.providers.cas;
 import net.sf.acegisecurity.Authentication;
 import net.sf.acegisecurity.AuthenticationException;
 import net.sf.acegisecurity.BadCredentialsException;
-import net.sf.acegisecurity.GrantedAuthority;
+import net.sf.acegisecurity.UserDetails;
 import net.sf.acegisecurity.providers.AuthenticationProvider;
 import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;
 import net.sf.acegisecurity.ui.cas.CasProcessingFilter;
@@ -209,13 +209,14 @@ public class CasAuthenticationProvider implements AuthenticationProvider,
         // Check proxy list is trusted
         this.casProxyDecider.confirmProxyListTrusted(response.getProxyList());
 
-        // Build list of granted authorities
-        GrantedAuthority[] ga = this.casAuthoritiesPopulator.getAuthorities(response
+        // Lookup user details
+        UserDetails userDetails = this.casAuthoritiesPopulator.getUserDetails(response
                 .getUser());
 
         // Construct CasAuthenticationToken
         return new CasAuthenticationToken(this.key, response.getUser(),
-            authentication.getCredentials(), ga, response.getProxyList(),
+            authentication.getCredentials(), userDetails.getAuthorities(),
+            userDetails, response.getProxyList(),
             response.getProxyGrantingTicketIou());
     }
 }

core/src/main/java/org/acegisecurity/providers/cas/CasAuthenticationToken.java

@@ -16,6 +16,7 @@
 package net.sf.acegisecurity.providers.cas;
 
 import net.sf.acegisecurity.GrantedAuthority;
+import net.sf.acegisecurity.UserDetails;
 import net.sf.acegisecurity.providers.AbstractAuthenticationToken;
 
 import java.io.Serializable;
@@ -37,6 +38,7 @@ public class CasAuthenticationToken extends AbstractAuthenticationToken
     private Object credentials;
     private Object principal;
     private String proxyGrantingTicketIou;
+    private UserDetails userDetails;
     private GrantedAuthority[] authorities;
     private int keyHash;
 
@@ -52,6 +54,8 @@ public class CasAuthenticationToken extends AbstractAuthenticationToken
      *        <code>null</code>)
      * @param authorities the authorities granted to the user (from {@link
      *        CasAuthoritiesPopulator}) (cannot be <code>null</code>)
+     * @param userDetails the user details (from {@link
+     *        CasAuthoritiesPopulator}) (cannot be <code>null</code>)
      * @param proxyList the list of proxies from CAS (cannot be
      *        <code>null</code>)
      * @param proxyGrantingTicketIou the PGT-IOU ID from CAS (cannot be
@@ -61,12 +65,13 @@ public class CasAuthenticationToken extends AbstractAuthenticationToken
      * @throws IllegalArgumentException if a <code>null</code> was passed
      */
     public CasAuthenticationToken(String key, Object principal,
-        Object credentials, GrantedAuthority[] authorities, List proxyList,
-        String proxyGrantingTicketIou) {
+        Object credentials, GrantedAuthority[] authorities,
+        UserDetails userDetails, List proxyList, String proxyGrantingTicketIou) {
         if ((key == null) || ("".equals(key)) || (principal == null)
             || "".equals(principal) || (credentials == null)
             || "".equals(credentials) || (authorities == null)
-            || (proxyList == null) || (proxyGrantingTicketIou == null)) {
+            || (userDetails == null) || (proxyList == null)
+            || (proxyGrantingTicketIou == null)) {
             throw new IllegalArgumentException(
                 "Cannot pass null or empty values to constructor");
         }
@@ -83,6 +88,7 @@ public class CasAuthenticationToken extends AbstractAuthenticationToken
         this.principal = principal;
         this.credentials = credentials;
         this.authorities = authorities;
+        this.userDetails = userDetails;
         this.proxyList = proxyList;
         this.proxyGrantingTicketIou = proxyGrantingTicketIou;
     }
@@ -141,6 +147,10 @@ public class CasAuthenticationToken extends AbstractAuthenticationToken
         return proxyList;
     }
 
+    public UserDetails getUserDetails() {
+        return userDetails;
+    }
+
     public boolean equals(Object obj) {
         if (!super.equals(obj)) {
             return false;

core/src/main/java/org/acegisecurity/providers/cas/CasAuthoritiesPopulator.java

@@ -16,12 +16,12 @@
 package net.sf.acegisecurity.providers.cas;
 
 import net.sf.acegisecurity.AuthenticationException;
-import net.sf.acegisecurity.GrantedAuthority;
+import net.sf.acegisecurity.UserDetails;
 
 
 /**
- * Populates the <code>GrantedAuthority[]</code> objects for a CAS
- * authenticated user.
+ * Populates the <code>UserDetails</code> associated with a CAS authenticated
+ * user.
  * 
  * <P>
  * CAS does not provide the authorities (roles) granted to a user. It merely
@@ -32,6 +32,18 @@ import net.sf.acegisecurity.GrantedAuthority;
  * </p>
  * 
  * <P>
+ * A {@link UserDetails} is returned by implementations. The
+ * <code>UserDetails</code> must, at minimum, contain the username and
+ * <code>GrantedAuthority[]</code> objects applicable to the CAS-authenticated
+ * user. Note that Acegi Security ignores the password and enabled/disabled
+ * status of the <code>UserDetails</code> because this is
+ * authentication-related and should have been enforced by the CAS server. The
+ * <code>UserDetails</code> returned by implementations is stored in the
+ * generated <code>CasAuthenticationToken</code>, so additional properties
+ * such as email addresses, telephone numbers etc can easily be stored.
+ * </p>
+ * 
+ * <P>
  * Implementations should not perform any caching. They will only be called
  * when a refresh is required.
  * </p>
@@ -52,8 +64,11 @@ public interface CasAuthoritiesPopulator {
      *
      * @param casUserId as obtained from the CAS validation service
      *
-     * @return the granted authorities for the indicated user
+     * @return the details of the indicated user (at minimum the granted
+     *         authorities and the username)
+     *
+     * @throws AuthenticationException DOCUMENT ME!
      */
-    public GrantedAuthority[] getAuthorities(String casUserId)
+    public UserDetails getUserDetails(String casUserId)
         throws AuthenticationException;
 }

core/src/main/java/org/acegisecurity/providers/cas/populator/DaoCasAuthoritiesPopulator.java

@@ -16,7 +16,7 @@
 package net.sf.acegisecurity.providers.cas.populator;
 
 import net.sf.acegisecurity.AuthenticationException;
-import net.sf.acegisecurity.GrantedAuthority;
+import net.sf.acegisecurity.UserDetails;
 import net.sf.acegisecurity.providers.cas.CasAuthoritiesPopulator;
 import net.sf.acegisecurity.providers.dao.AuthenticationDao;
 
@@ -52,10 +52,9 @@ public class DaoCasAuthoritiesPopulator implements CasAuthoritiesPopulator,
         return authenticationDao;
     }
 
-    public GrantedAuthority[] getAuthorities(String casUserId)
+    public UserDetails getUserDetails(String casUserId)
         throws AuthenticationException {
-        return this.authenticationDao.loadUserByUsername(casUserId)
-                                     .getAuthorities();
+        return this.authenticationDao.loadUserByUsername(casUserId);
     }
 
     public void afterPropertiesSet() throws Exception {

core/src/test/java/org/acegisecurity/providers/cas/CasAuthenticationProviderTests.java

@@ -22,9 +22,11 @@ import net.sf.acegisecurity.AuthenticationException;
 import net.sf.acegisecurity.BadCredentialsException;
 import net.sf.acegisecurity.GrantedAuthority;
 import net.sf.acegisecurity.GrantedAuthorityImpl;
+import net.sf.acegisecurity.UserDetails;
 import net.sf.acegisecurity.providers.TestingAuthenticationToken;
 import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;
 import net.sf.acegisecurity.providers.cas.ticketvalidator.AbstractTicketValidator;
+import net.sf.acegisecurity.providers.dao.User;
 import net.sf.acegisecurity.ui.cas.CasProcessingFilter;
 
 import java.util.HashMap;
@@ -177,7 +179,7 @@ public class CasAuthenticationProviderTests extends TestCase {
         CasAuthenticationToken token = new CasAuthenticationToken("WRONG_KEY",
                 "test", "credentials",
                 new GrantedAuthority[] {new GrantedAuthorityImpl("XX")},
-                new Vector(), "IOU-xxx");
+                makeUserDetails(), new Vector(), "IOU-xxx");
 
         try {
             Authentication result = cap.authenticate(token);
@@ -324,13 +326,20 @@ public class CasAuthenticationProviderTests extends TestCase {
         assertTrue(cap.supports(CasAuthenticationToken.class));
     }
 
+    private UserDetails makeUserDetails() {
+        return new User("user", "password", true,
+            new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
+                    "ROLE_TWO")});
+    }
+
     //~ Inner Classes ==========================================================
 
     private class MockAuthoritiesPopulator implements CasAuthoritiesPopulator {
-        public GrantedAuthority[] getAuthorities(String casUserId)
+        public UserDetails getUserDetails(String casUserId)
             throws AuthenticationException {
-            return new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_A"), new GrantedAuthorityImpl(
-                    "ROLE_B")};
+            return new User("user", "password", true,
+                new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_A"), new GrantedAuthorityImpl(
+                        "ROLE_B")});
         }
     }
 

core/src/test/java/org/acegisecurity/providers/cas/CasAuthenticationTokenTests.java

@@ -19,7 +19,9 @@ import junit.framework.TestCase;
 
 import net.sf.acegisecurity.GrantedAuthority;
 import net.sf.acegisecurity.GrantedAuthorityImpl;
+import net.sf.acegisecurity.UserDetails;
 import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;
+import net.sf.acegisecurity.providers.dao.User;
 
 import java.util.List;
 import java.util.Vector;
@@ -56,7 +58,7 @@ public class CasAuthenticationTokenTests extends TestCase {
         try {
             new CasAuthenticationToken(null, "Test", "Password",
                 new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
-                        "ROLE_TWO")}, new Vector(),
+                        "ROLE_TWO")}, makeUserDetails(), new Vector(),
                 "PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt");
             fail("Should have thrown IllegalArgumentException");
         } catch (IllegalArgumentException expected) {
@@ -66,7 +68,7 @@ public class CasAuthenticationTokenTests extends TestCase {
         try {
             new CasAuthenticationToken("key", null, "Password",
                 new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
-                        "ROLE_TWO")}, new Vector(),
+                        "ROLE_TWO")}, makeUserDetails(), new Vector(),
                 "PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt");
             fail("Should have thrown IllegalArgumentException");
         } catch (IllegalArgumentException expected) {
@@ -76,7 +78,7 @@ public class CasAuthenticationTokenTests extends TestCase {
         try {
             new CasAuthenticationToken("key", "Test", null,
                 new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
-                        "ROLE_TWO")}, new Vector(),
+                        "ROLE_TWO")}, makeUserDetails(), new Vector(),
                 "PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt");
             fail("Should have thrown IllegalArgumentException");
         } catch (IllegalArgumentException expected) {
@@ -85,7 +87,7 @@ public class CasAuthenticationTokenTests extends TestCase {
 
         try {
             new CasAuthenticationToken("key", "Test", "Password", null,
-                new Vector(),
+                makeUserDetails(), new Vector(),
                 "PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt");
             fail("Should have thrown IllegalArgumentException");
         } catch (IllegalArgumentException expected) {
@@ -95,7 +97,7 @@ public class CasAuthenticationTokenTests extends TestCase {
         try {
             new CasAuthenticationToken("key", "Test", "Password",
                 new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
-                        "ROLE_TWO")}, null,
+                        "ROLE_TWO")}, makeUserDetails(), null,
                 "PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt");
             fail("Should have thrown IllegalArgumentException");
         } catch (IllegalArgumentException expected) {
@@ -105,7 +107,17 @@ public class CasAuthenticationTokenTests extends TestCase {
         try {
             new CasAuthenticationToken("key", "Test", "Password",
                 new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
-                        "ROLE_TWO")}, new Vector(), null);
+                        "ROLE_TWO")}, null, new Vector(),
+                "PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt");
+            fail("Should have thrown IllegalArgumentException");
+        } catch (IllegalArgumentException expected) {
+            assertTrue(true);
+        }
+
+        try {
+            new CasAuthenticationToken("key", "Test", "Password",
+                new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
+                        "ROLE_TWO")}, makeUserDetails(), new Vector(), null);
             fail("Should have thrown IllegalArgumentException");
         } catch (IllegalArgumentException expected) {
             assertTrue(true);
@@ -114,7 +126,7 @@ public class CasAuthenticationTokenTests extends TestCase {
         try {
             new CasAuthenticationToken("key", "Test", "Password",
                 new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), null, new GrantedAuthorityImpl(
-                        "ROLE_TWO")}, new Vector(),
+                        "ROLE_TWO")}, makeUserDetails(), new Vector(),
                 "PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt");
             fail("Should have thrown IllegalArgumentException");
         } catch (IllegalArgumentException expected) {
@@ -129,7 +141,7 @@ public class CasAuthenticationTokenTests extends TestCase {
         CasAuthenticationToken token1 = new CasAuthenticationToken("key",
                 "Test", "Password",
                 new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
-                        "ROLE_TWO")}, proxyList1,
+                        "ROLE_TWO")}, makeUserDetails(), proxyList1,
                 "PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt");
 
         List proxyList2 = new Vector();
@@ -138,7 +150,7 @@ public class CasAuthenticationTokenTests extends TestCase {
         CasAuthenticationToken token2 = new CasAuthenticationToken("key",
                 "Test", "Password",
                 new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
-                        "ROLE_TWO")}, proxyList2,
+                        "ROLE_TWO")}, makeUserDetails(), proxyList2,
                 "PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt");
 
         assertEquals(token1, token2);
@@ -152,7 +164,7 @@ public class CasAuthenticationTokenTests extends TestCase {
         CasAuthenticationToken token = new CasAuthenticationToken("key",
                 "Test", "Password",
                 new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
-                        "ROLE_TWO")}, proxyList,
+                        "ROLE_TWO")}, makeUserDetails(), proxyList,
                 "PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt");
         assertEquals("key".hashCode(), token.getKeyHash());
         assertEquals("Test", token.getPrincipal());
@@ -180,7 +192,7 @@ public class CasAuthenticationTokenTests extends TestCase {
         CasAuthenticationToken token1 = new CasAuthenticationToken("key",
                 "Test", "Password",
                 new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
-                        "ROLE_TWO")}, proxyList1,
+                        "ROLE_TWO")}, makeUserDetails(), proxyList1,
                 "PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt");
 
         List proxyList2 = new Vector();
@@ -189,7 +201,7 @@ public class CasAuthenticationTokenTests extends TestCase {
         CasAuthenticationToken token2 = new CasAuthenticationToken("key",
                 "OTHER_VALUE", "Password",
                 new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
-                        "ROLE_TWO")}, proxyList2,
+                        "ROLE_TWO")}, makeUserDetails(), proxyList2,
                 "PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt");
 
         assertTrue(!token1.equals(token2));
@@ -202,7 +214,7 @@ public class CasAuthenticationTokenTests extends TestCase {
         CasAuthenticationToken token1 = new CasAuthenticationToken("key",
                 "Test", "Password",
                 new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
-                        "ROLE_TWO")}, proxyList1,
+                        "ROLE_TWO")}, makeUserDetails(), proxyList1,
                 "PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt");
 
         UsernamePasswordAuthenticationToken token2 = new UsernamePasswordAuthenticationToken("Test",
@@ -221,7 +233,7 @@ public class CasAuthenticationTokenTests extends TestCase {
         CasAuthenticationToken token1 = new CasAuthenticationToken("key",
                 "Test", "Password",
                 new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
-                        "ROLE_TWO")}, proxyList1,
+                        "ROLE_TWO")}, makeUserDetails(), proxyList1,
                 "PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt");
 
         List proxyList2 = new Vector();
@@ -230,7 +242,7 @@ public class CasAuthenticationTokenTests extends TestCase {
         CasAuthenticationToken token2 = new CasAuthenticationToken("DIFFERENT_KEY",
                 "Test", "Password",
                 new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
-                        "ROLE_TWO")}, proxyList2,
+                        "ROLE_TWO")}, makeUserDetails(), proxyList2,
                 "PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt");
 
         assertTrue(!token1.equals(token2));
@@ -243,7 +255,7 @@ public class CasAuthenticationTokenTests extends TestCase {
         CasAuthenticationToken token1 = new CasAuthenticationToken("key",
                 "Test", "Password",
                 new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
-                        "ROLE_TWO")}, proxyList1,
+                        "ROLE_TWO")}, makeUserDetails(), proxyList1,
                 "PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt");
 
         List proxyList2 = new Vector();
@@ -252,7 +264,8 @@ public class CasAuthenticationTokenTests extends TestCase {
         CasAuthenticationToken token2 = new CasAuthenticationToken("key",
                 "Test", "Password",
                 new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
-                        "ROLE_TWO")}, proxyList2, "PGTIOU-SOME_OTHER_VALUE");
+                        "ROLE_TWO")}, makeUserDetails(), proxyList2,
+                "PGTIOU-SOME_OTHER_VALUE");
 
         assertTrue(!token1.equals(token2));
     }
@@ -264,7 +277,7 @@ public class CasAuthenticationTokenTests extends TestCase {
         CasAuthenticationToken token1 = new CasAuthenticationToken("key",
                 "Test", "Password",
                 new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
-                        "ROLE_TWO")}, proxyList1,
+                        "ROLE_TWO")}, makeUserDetails(), proxyList1,
                 "PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt");
 
         List proxyList2 = new Vector();
@@ -274,7 +287,7 @@ public class CasAuthenticationTokenTests extends TestCase {
         CasAuthenticationToken token2 = new CasAuthenticationToken("key",
                 "Test", "Password",
                 new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
-                        "ROLE_TWO")}, proxyList2,
+                        "ROLE_TWO")}, makeUserDetails(), proxyList2,
                 "PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt");
 
         assertTrue(!token1.equals(token2));
@@ -284,7 +297,7 @@ public class CasAuthenticationTokenTests extends TestCase {
         CasAuthenticationToken token = new CasAuthenticationToken("key",
                 "Test", "Password",
                 new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
-                        "ROLE_TWO")}, new Vector(),
+                        "ROLE_TWO")}, makeUserDetails(), new Vector(),
                 "PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt");
         assertTrue(token.isAuthenticated());
         token.setAuthenticated(false); // ignored
@@ -295,11 +308,17 @@ public class CasAuthenticationTokenTests extends TestCase {
         CasAuthenticationToken token = new CasAuthenticationToken("key",
                 "Test", "Password",
                 new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
-                        "ROLE_TWO")}, new Vector(),
+                        "ROLE_TWO")}, makeUserDetails(), new Vector(),
                 "PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt");
         String result = token.toString();
         assertTrue(result.lastIndexOf("Proxy List:") != -1);
         assertTrue(result.lastIndexOf("Proxy-Granting Ticket IOU:") != -1);
         assertTrue(result.lastIndexOf("Credentials (Service/Proxy Ticket):") != -1);
     }
+
+    private UserDetails makeUserDetails() {
+        return new User("user", "password", true,
+            new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
+                    "ROLE_TWO")});
+    }
 }

core/src/test/java/org/acegisecurity/providers/cas/cache/EhCacheBasedTicketCacheTests.java

@@ -20,6 +20,7 @@ import junit.framework.TestCase;
 import net.sf.acegisecurity.GrantedAuthority;
 import net.sf.acegisecurity.GrantedAuthorityImpl;
 import net.sf.acegisecurity.providers.cas.CasAuthenticationToken;
+import net.sf.acegisecurity.providers.dao.User;
 
 import java.util.List;
 import java.util.Vector;
@@ -82,10 +83,14 @@ public class EhCacheBasedTicketCacheTests extends TestCase {
         List proxyList = new Vector();
         proxyList.add("https://localhost/newPortal/j_acegi_cas_security_check");
 
+        User user = new User("marissa", "password", true,
+                new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
+                        "ROLE_TWO")});
+
         return new CasAuthenticationToken("key", "marissa",
             "ST-0-ER94xMJmn6pha35CQRoZ",
             new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
-                    "ROLE_TWO")}, proxyList,
+                    "ROLE_TWO")}, user, proxyList,
             "PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt");
     }
 }

core/src/test/java/org/acegisecurity/providers/cas/populator/DaoCasAuthoritiesPopulatorTests.java

@@ -74,7 +74,7 @@ public class DaoCasAuthoritiesPopulatorTests extends TestCase {
         populator.afterPropertiesSet();
 
         try {
-            populator.getAuthorities("scott");
+            populator.getUserDetails("scott");
             fail("Should have thrown UsernameNotFoundException");
         } catch (UsernameNotFoundException expected) {
             assertTrue(true);
@@ -87,10 +87,12 @@ public class DaoCasAuthoritiesPopulatorTests extends TestCase {
         populator.setAuthenticationDao(new MockAuthenticationDaoUserMarissa());
         populator.afterPropertiesSet();
 
-        GrantedAuthority[] results = populator.getAuthorities("marissa");
-        assertEquals(2, results.length);
-        assertEquals(new GrantedAuthorityImpl("ROLE_ONE"), results[0]);
-        assertEquals(new GrantedAuthorityImpl("ROLE_TWO"), results[1]);
+        UserDetails results = populator.getUserDetails("marissa");
+        assertEquals(2, results.getAuthorities().length);
+        assertEquals(new GrantedAuthorityImpl("ROLE_ONE"),
+            results.getAuthorities()[0]);
+        assertEquals(new GrantedAuthorityImpl("ROLE_TWO"),
+            results.getAuthorities()[1]);
     }
 
     public void testGetGrantedAuthoritiesWhenDaoThrowsException()
@@ -100,7 +102,7 @@ public class DaoCasAuthoritiesPopulatorTests extends TestCase {
         populator.afterPropertiesSet();
 
         try {
-            populator.getAuthorities("THE_DAO_WILL_FAIL");
+            populator.getUserDetails("THE_DAO_WILL_FAIL");
             fail("Should have thrown DataRetrievalFailureException");
         } catch (DataRetrievalFailureException expected) {
             assertTrue(true);

upgrade-05-06.txt

@@ -43,5 +43,8 @@ applications:
 - Any custom event listeners relying on AuthenticationEvent should note a
   UserDetails is now provided in the AuthenticationEvent (not a User).
 
+- CAS users should note the CasAuthoritiesPopulator interface signature has
+  changed. Most CAS users will be using DaoCasAuthoritiesPopulator, so this
+  change is unlikely to require any action.
 
 $Id$