il y a 18 ans · e63fa0f610
--- a/core/src/main/java/org/springframework/security/ui/switchuser/SwitchUserAuthorityChanger.java
+++ b/core/src/main/java/org/springframework/security/ui/switchuser/SwitchUserAuthorityChanger.java
@@ -25,6 +25,8 @@ public interface SwitchUserAuthorityChanger {
 
				      * @param currentAuthentication the current Authentication of the principal performing the switching
			
 
				      * @param authoritiesToBeGranted all {@link GrantedAuthority} instances to be granted to the user,
			
 
				      * excluding the special "switch user" authority that is used internally (guaranteed never null)
			
 
				+     *
			
 
				+     * @return the modified list of granted authorities.
			
 
				      */
			
 
				-    void modifyGrantedAuthorities(UserDetails targetUser, Authentication currentAuthentication, List authoritiesToBeGranted);
			
 
				+    List modifyGrantedAuthorities(UserDetails targetUser, Authentication currentAuthentication, List authoritiesToBeGranted);
			
 
				 }
			
--- a/core/src/main/java/org/springframework/security/ui/switchuser/SwitchUserProcessingFilter.java
+++ b/core/src/main/java/org/springframework/security/ui/switchuser/SwitchUserProcessingFilter.java
@@ -25,6 +25,7 @@ import org.springframework.security.DisabledException;
 
				 import org.springframework.security.GrantedAuthority;
			
 
				 import org.springframework.security.LockedException;
			
 
				 import org.springframework.security.util.RedirectUtils;
			
 
				+import org.springframework.security.util.AuthorityUtils;
			
 
				 
			
 
				 import org.springframework.security.context.SecurityContextHolder;
			
 
				 
			
@@ -283,15 +284,15 @@ public class SwitchUserProcessingFilter extends SpringSecurityFilter implements
 
				 
			
 
				         // Allow subclasses to change the authorities to be granted
			
 
				         if (switchUserAuthorityChanger != null) {
			
 
				-            switchUserAuthorityChanger.modifyGrantedAuthorities(targetUser, currentAuth, orig);
			
 
				+            orig = switchUserAuthorityChanger.modifyGrantedAuthorities(targetUser, currentAuth, orig);
			
 
				         }
			
 
				 
			
 
				         // add the new switch user authority
			
 
				         List newAuths = new ArrayList(orig);
			
 
				         newAuths.add(switchAuthority);
			
 
				 
			
 
				-        GrantedAuthority[] authorities = {};
			
 
				-        authorities = (GrantedAuthority[]) newAuths.toArray(authorities);
			
 
				+        GrantedAuthority[] authorities =
			
 
				+                (GrantedAuthority[]) newAuths.toArray(new GrantedAuthority[newAuths.size()]);
			
 
				 
			
 
				         // create the new authentication token
			
 
				         targetUserRequest = new UsernamePasswordAuthenticationToken(targetUser, targetUser.getPassword(), authorities);
			
--- a/core/src/test/java/org/springframework/security/ui/switchuser/SwitchUserProcessingFilterTests.java
+++ b/core/src/test/java/org/springframework/security/ui/switchuser/SwitchUserProcessingFilterTests.java
@@ -41,6 +41,9 @@ import org.springframework.dao.DataAccessException;
 
				 import org.springframework.mock.web.MockHttpServletRequest;
			
 
				 import org.springframework.mock.web.MockHttpServletResponse;
			
 
				 
			
 
				+import java.util.List;
			
 
				+import java.util.ArrayList;
			
 
				+
			
 
				 
			
 
				 /**
			
 
				  * Tests {@link org.springframework.security.ui.switchuser.SwitchUserProcessingFilter}.
			
@@ -400,6 +403,30 @@ public class SwitchUserProcessingFilterTests extends TestCase {
 
				         assertEquals("jacklord", ((User) targetAuth.getPrincipal()).getUsername());
			
 
				     }
			
 
				 
			
 
				+    public void testModificationOfAuthoritiesWorks() {
			
 
				+        UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("dano", "hawaii50");
			
 
				+        SecurityContextHolder.getContext().setAuthentication(auth);
			
 
				+
			
 
				+        MockHttpServletRequest request = new MockHttpServletRequest();
			
 
				+        request.addParameter(SwitchUserProcessingFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, "jacklord");
			
 
				+
			
 
				+        SwitchUserProcessingFilter filter = new SwitchUserProcessingFilter();
			
 
				+        filter.setUserDetailsService(new MockAuthenticationDaoUserJackLord());
			
 
				+        filter.setSwitchUserAuthorityChanger(new SwitchUserAuthorityChanger() {
			
 
				+            public List modifyGrantedAuthorities(UserDetails targetUser, Authentication currentAuthentication, List authoritiesToBeGranted) {
			
 
				+                List auths = new ArrayList();
			
 
				+                auths.add(new GrantedAuthorityImpl("ROLE_NEW"));
			
 
				+                return auths;
			
 
				+            }
			
 
				+        });
			
 
				+
			
 
				+        Authentication result = filter.attemptSwitchUser(request);
			
 
				+        assertTrue(result != null);
			
 
				+        assertEquals(2, result.getAuthorities().length);
			
 
				+        assertEquals("ROLE_NEW", result.getAuthorities()[0].getAuthority());
			
 
				+    }
			
 
				+
			
 
				+
			
 
				     //~ Inner Classes ==================================================================================================
			
 
				 
			
 
				     private class MockAuthenticationDaoUserJackLord implements UserDetailsService {