Home Explore Help
Register Sign In
github
/
spring-security
mirror of https://github.com/spring-projects/spring-security
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

SEC-134 fix. Authorities array is now copied on access. Also refactored token classes to move authorities to the base class.

Luke Taylor 19 years ago
parent
ccfc574894
commit
fe88d6ec17
19 changed files with 134 additions and 139 deletions
Unified View Show Diff Stats
  1. 5 0
      core/src/main/java/org/acegisecurity/Authentication.java
  2. 6 10
      core/src/main/java/org/acegisecurity/adapters/AbstractAdapterAuthenticationToken.java
  3. 57 4
      core/src/main/java/org/acegisecurity/providers/AbstractAuthenticationToken.java
  4. 1 10
      core/src/main/java/org/acegisecurity/providers/TestingAuthenticationToken.java
  5. 2 6
      core/src/main/java/org/acegisecurity/providers/UsernamePasswordAuthenticationToken.java
  6. 3 16
      core/src/main/java/org/acegisecurity/providers/anonymous/AnonymousAuthenticationToken.java
  7. 5 22
      core/src/main/java/org/acegisecurity/providers/cas/CasAuthenticationToken.java
  8. 2 10
      core/src/main/java/org/acegisecurity/providers/rememberme/RememberMeAuthenticationToken.java
  9. 6 8
      core/src/main/java/org/acegisecurity/providers/x509/X509AuthenticationToken.java
  10. 2 12
      core/src/main/java/org/acegisecurity/runas/RunAsUserToken.java
  11. 6 4
      core/src/test/java/org/acegisecurity/MockRunAsAuthenticationToken.java
  12. 3 1
      core/src/test/java/org/acegisecurity/adapters/AuthByAdapterTests.java
  13. 2 7
      core/src/test/java/org/acegisecurity/providers/AbstractAuthenticationTokenTests.java
  14. 7 4
      core/src/test/java/org/acegisecurity/providers/TestingAuthenticationTokenTests.java
  15. 7 4
      core/src/test/java/org/acegisecurity/providers/anonymous/AnonymousAuthenticationTokenTests.java
  16. 6 4
      core/src/test/java/org/acegisecurity/providers/cas/CasAuthenticationTokenTests.java
  17. 6 4
      core/src/test/java/org/acegisecurity/providers/rememberme/RememberMeAuthenticationTokenTests.java
  18. 7 4
      core/src/test/java/org/acegisecurity/runas/RunAsUserTokenTests.java
  19. 1 9
      sandbox/src/main/java/org/acegisecurity/providers/smb/NtlmAuthenticationToken.java

+ 5 - 0
core/src/main/java/org/acegisecurity/Authentication.java
View File 

@@ -96,6 +96,11 @@ public interface Authentication extends Principal, Serializable {
 
      * that the principal has been granted. Note that classes should not rely
 
      * that the principal has been granted. Note that classes should not rely
 
      * on this value as being valid unless it has been set by a trusted
 
      * on this value as being valid unless it has been set by a trusted
 
      * <code>AuthenticationManager</code>.
 
      * <code>AuthenticationManager</code>.
 
+     * <p>
 
+     * Implementations should ensure that modifications to the returned array
 
+     * do not affect the state of the Authentication object (e.g. by returning an
 
+     * array copy).
 
+     * </p>
 
      *
 
      *
 
      * @return the authorities granted to the principal, or <code>null</code>
 
      * @return the authorities granted to the principal, or <code>null</code>
 
      *         if authentication has not been completed
 
      *         if authentication has not been completed

+ 6 - 10
core/src/main/java/org/acegisecurity/adapters/AbstractAdapterAuthenticationToken.java
View File 

@@ -29,13 +29,12 @@ public abstract class AbstractAdapterAuthenticationToken
 
     extends AbstractAuthenticationToken implements AuthByAdapter {
 
     extends AbstractAuthenticationToken implements AuthByAdapter {
 
     //~ Instance fields ========================================================
 
     //~ Instance fields ========================================================
 
 
 
-    private GrantedAuthority[] authorities;
 
     private int keyHash;
 
     private int keyHash;
 
 
 
     //~ Constructors ===========================================================
 
     //~ Constructors ===========================================================
 
 
 
     protected AbstractAdapterAuthenticationToken() {
 
     protected AbstractAdapterAuthenticationToken() {
 
-        super();
 
+        super(null);
 
     }
 
     }
 
 
 
     /**
 
     /**
 
@@ -48,9 +47,8 @@ public abstract class AbstractAdapterAuthenticationToken
 
      */
 
      */
 
     protected AbstractAdapterAuthenticationToken(String key,
 
     protected AbstractAdapterAuthenticationToken(String key,
 
         GrantedAuthority[] authorities) {
 
         GrantedAuthority[] authorities) {
 
-        super();
 
+        super(authorities);
 
         this.keyHash = key.hashCode();
 
         this.keyHash = key.hashCode();
 
-        this.authorities = authorities;
 
     }
 
     }
 
 
 
     //~ Methods ================================================================
 
     //~ Methods ================================================================
 
@@ -73,10 +71,6 @@ public abstract class AbstractAdapterAuthenticationToken
 
         return true;
 
         return true;
 
     }
 
     }
 
 
 
-    public GrantedAuthority[] getAuthorities() {
 
-        return authorities;
 
-    }
 
-
 
     public int getKeyHash() {
 
     public int getKeyHash() {
 
         return this.keyHash;
 
         return this.keyHash;
 
     }
 
     }
 
@@ -97,8 +91,10 @@ public abstract class AbstractAdapterAuthenticationToken
 
      *         <code>false</code> otherwise
 
      *         <code>false</code> otherwise
 
      */
 
      */
 
     public boolean isUserInRole(String role) {
 
     public boolean isUserInRole(String role) {
 
-        for (int i = 0; i < this.authorities.length; i++) {
 
-            if (role.equals(this.authorities[i].getAuthority())) {
 
+        GrantedAuthority[] authorities = super.getAuthorities();
 
+
 
+        for (int i = 0; i < authorities.length; i++) {
 
+            if (role.equals(authorities[i].getAuthority())) {
 
                 return true;
 
                 return true;
 
             }
 
             }
 
         }
 
         }

+ 57 - 4
core/src/main/java/org/acegisecurity/providers/AbstractAuthenticationToken.java
View File 

@@ -16,17 +16,59 @@
 
 package org.acegisecurity.providers;
 
 package org.acegisecurity.providers;
 
 
 
 import org.acegisecurity.Authentication;
 
 import org.acegisecurity.Authentication;
 
+import org.acegisecurity.GrantedAuthority;
 
 
 
 import org.acegisecurity.userdetails.UserDetails;
 
 import org.acegisecurity.userdetails.UserDetails;
 
 
 
-
 
 /**
 
 /**
 
- * Provides a <code>String</code> representation of the Authentication token.
 
+ * Base class for Authentication objects.
 
+ * <p>
 
+ * Implementations which use this class should be immutable.
 
+ * </p>
 
  *
 
  *
 
  * @author Ben Alex
 
  * @author Ben Alex
 
+ * @author Luke Taylor
 
  * @version $Id$
 
  * @version $Id$
 
  */
 
  */
 
 public abstract class AbstractAuthenticationToken implements Authentication {
 
 public abstract class AbstractAuthenticationToken implements Authentication {
 
+
 
+    //~ Instance fields
 
+    private GrantedAuthority[] authorities;
 
+
 
+    //~ Constructors ===========================================================
 
+
 
+    /**
 
+     * Retained for compatibility with subclasses written before the
 
+     * <tt>AbstractAuthenticationToken(GrantedAuthority[])</tt> constructor
 
+     * was introduced.
 
+     *
 
+     * @deprecated in favour of the constructor which takes a GrantedAuthority[]
 
+     * argument. 
+     */
 
+    public AbstractAuthenticationToken() {
 
+
 
+    }
 
+
 
+    /**
 
+     * Creates a token with the supplied array of authorities.
 
+     *
 
+     * @param authorities the list of <tt>GrantedAuthority</tt>s for the principal
 
+     *                    represented by this authentication object. A null value
 
+     *                    indicates that no authorities have been granted.
 
+     */
 
+    public AbstractAuthenticationToken(GrantedAuthority[] authorities) {
 
+        if(authorities != null) {
 
+            for (int i = 0; i < authorities.length; i++) {
 
+                if(authorities[i] == null) {
 
+                    throw new IllegalArgumentException("Granted authority element " + i
 
+                        + " is null - GrantedAuthority[] cannot contain any null elements");
 
+                }
 
+            }
 
+        }
 
+
 
+        this.authorities = authorities;
 
+    }
 
+
 
     //~ Methods ================================================================
 
     //~ Methods ================================================================
 
 
 
     public boolean equals(Object obj) {
 
     public boolean equals(Object obj) {
 
@@ -53,8 +95,8 @@ public abstract class AbstractAuthenticationToken implements Authentication {
 
             }
 
             }
 
 
 
             return (this.getPrincipal().equals(test.getPrincipal())
 
             return (this.getPrincipal().equals(test.getPrincipal())
 
-            && this.getCredentials().equals(test.getCredentials())
 
-            && (this.isAuthenticated() == test.isAuthenticated()));
 
+                && this.getCredentials().equals(test.getCredentials())
 
+                && (this.isAuthenticated() == test.isAuthenticated()));
 
         }
 
         }
 
 
 
         return false;
 
         return false;
 
@@ -78,6 +120,17 @@ public abstract class AbstractAuthenticationToken implements Authentication {
 
         return this.getPrincipal().toString();
 
         return this.getPrincipal().toString();
 
     }
 
     }
 
 
 
+    public GrantedAuthority[] getAuthorities() {
 
+        if(authorities == null) {
 
+            return null;
 
+        }
 
+
 
+        GrantedAuthority[] copy = new GrantedAuthority[authorities.length];
 
+        System.arraycopy(authorities, 0, copy, 0, authorities.length);
 
+
 
+        return copy;
 
+    }
 
+
 
     public int hashCode() {
 
     public int hashCode() {
 
         int code = 2305;
 
         int code = 2305;

+ 1 - 10
core/src/main/java/org/acegisecurity/providers/TestingAuthenticationToken.java
View File 

@@ -35,20 +35,15 @@ public class TestingAuthenticationToken extends AbstractAuthenticationToken {
 
 
 
     private Object credentials;
 
     private Object credentials;
 
     private Object principal;
 
     private Object principal;
 
-    private GrantedAuthority[] authorities;
 
     private boolean authenticated = false;
 
     private boolean authenticated = false;
 
 
 
     //~ Constructors ===========================================================
 
     //~ Constructors ===========================================================
 
 
 
     public TestingAuthenticationToken(Object principal, Object credentials,
 
     public TestingAuthenticationToken(Object principal, Object credentials,
 
         GrantedAuthority[] authorities) {
 
         GrantedAuthority[] authorities) {
 
+        super(authorities);
 
         this.principal = principal;
 
         this.principal = principal;
 
         this.credentials = credentials;
 
         this.credentials = credentials;
 
-        this.authorities = authorities;
 
-    }
 
-
 
-    protected TestingAuthenticationToken() {
 
-        throw new IllegalArgumentException("Cannot use default constructor");
 
     }
 
     }
 
 
 
     //~ Methods ================================================================
 
     //~ Methods ================================================================
 
@@ -61,10 +56,6 @@ public class TestingAuthenticationToken extends AbstractAuthenticationToken {
 
         return this.authenticated;
 
         return this.authenticated;
 
     }
 
     }
 
 
 
-    public GrantedAuthority[] getAuthorities() {
 
-        return this.authorities;
 
-    }
 
-
 
     public Object getCredentials() {
 
     public Object getCredentials() {
 
         return this.credentials;
 
         return this.credentials;
 
     }
 
     }

+ 2 - 6
core/src/main/java/org/acegisecurity/providers/UsernamePasswordAuthenticationToken.java
View File 

@@ -39,7 +39,6 @@ public class UsernamePasswordAuthenticationToken
 
     private Object credentials;
 
     private Object credentials;
 
     private Object details = null;
 
     private Object details = null;
 
     private Object principal;
 
     private Object principal;
 
-    private GrantedAuthority[] authorities;
 
     private boolean authenticated;
 
     private boolean authenticated;
 
 
 
     //~ Constructors ===========================================================
 
     //~ Constructors ===========================================================
 
@@ -54,6 +53,7 @@ public class UsernamePasswordAuthenticationToken
 
      */
 
      */
 
     public UsernamePasswordAuthenticationToken(Object principal,
 
     public UsernamePasswordAuthenticationToken(Object principal,
 
         Object credentials) {
 
         Object credentials) {
 
+        super(null);
 
         this.principal = principal;
 
         this.principal = principal;
 
         this.credentials = credentials;
 
         this.credentials = credentials;
 
         this.authenticated = false;
 
         this.authenticated = false;
 
@@ -72,9 +72,9 @@ public class UsernamePasswordAuthenticationToken
 
      */
 
      */
 
     public UsernamePasswordAuthenticationToken(Object principal,
 
     public UsernamePasswordAuthenticationToken(Object principal,
 
         Object credentials, GrantedAuthority[] authorities) {
 
         Object credentials, GrantedAuthority[] authorities) {
 
+        super(authorities);
 
         this.principal = principal;
 
         this.principal = principal;
 
         this.credentials = credentials;
 
         this.credentials = credentials;
 
-        this.authorities = authorities;
 
         this.authenticated = true;
 
         this.authenticated = true;
 
     }
 
     }
 
 
 
@@ -94,10 +94,6 @@ public class UsernamePasswordAuthenticationToken
 
         return this.authenticated;
 
         return this.authenticated;
 
     }
 
     }
 
 
 
-    public GrantedAuthority[] getAuthorities() {
 
-        return this.authorities;
 
-    }
 
-
 
     public Object getCredentials() {
 
     public Object getCredentials() {
 
         return this.credentials;
 
         return this.credentials;
 
     }
 
     }

+ 3 - 16
core/src/main/java/org/acegisecurity/providers/anonymous/AnonymousAuthenticationToken.java
View File 

@@ -34,7 +34,6 @@ public class AnonymousAuthenticationToken extends AbstractAuthenticationToken
 
     //~ Instance fields ========================================================
 
     //~ Instance fields ========================================================
 
 
 
     private Object principal;
 
     private Object principal;
 
-    private GrantedAuthority[] authorities;
 
     private boolean authenticated;
 
     private boolean authenticated;
 
     private int keyHash;
 
     private int keyHash;
 
 
 
@@ -51,6 +50,9 @@ public class AnonymousAuthenticationToken extends AbstractAuthenticationToken
 
      */
 
      */
 
     public AnonymousAuthenticationToken(String key, Object principal,
 
     public AnonymousAuthenticationToken(String key, Object principal,
 
         GrantedAuthority[] authorities) {
 
         GrantedAuthority[] authorities) {
 
+
 
+        super(authorities);
 
+
 
         if ((key == null) || ("".equals(key)) || (principal == null)
 
         if ((key == null) || ("".equals(key)) || (principal == null)
 
             || "".equals(principal) || (authorities == null)
 
             || "".equals(principal) || (authorities == null)
 
             || (authorities.length == 0)) {
 
             || (authorities.length == 0)) {
 
@@ -58,22 +60,11 @@ public class AnonymousAuthenticationToken extends AbstractAuthenticationToken
 
                 "Cannot pass null or empty values to constructor");
 
                 "Cannot pass null or empty values to constructor");
 
         }
 
         }
 
 
 
-        for (int i = 0; i < authorities.length; i++) {
 
-            Assert.notNull(authorities[i],
 
-                "Granted authority element " + i
 
-                + " is null - GrantedAuthority[] cannot contain any null elements");
 
-        }
 
-
 
         this.keyHash = key.hashCode();
 
         this.keyHash = key.hashCode();
 
         this.principal = principal;
 
         this.principal = principal;
 
-        this.authorities = authorities;
 
 		this.authenticated = true;
 
 		this.authenticated = true;
 
     }
 
     }
 
 
 
-    protected AnonymousAuthenticationToken() {
 
-        throw new IllegalArgumentException("Cannot use default constructor");
 
-    }
 
-
 
     //~ Methods ================================================================
 
     //~ Methods ================================================================
 
 
 
     public void setAuthenticated(boolean isAuthenticated) {
 
     public void setAuthenticated(boolean isAuthenticated) {
 
@@ -84,10 +75,6 @@ public class AnonymousAuthenticationToken extends AbstractAuthenticationToken
 
         return this.authenticated;
 
         return this.authenticated;
 
     }
 
     }
 
 
 
-    public GrantedAuthority[] getAuthorities() {
 
-        return this.authorities;
 
-    }
 
-
 
     /**
 
     /**
 
      * Always returns an empty <code>String</code>
 
      * Always returns an empty <code>String</code>
 
      *
 
      *

+ 5 - 22
core/src/main/java/org/acegisecurity/providers/cas/CasAuthenticationToken.java
View File 

@@ -43,7 +43,6 @@ public class CasAuthenticationToken extends AbstractAuthenticationToken
 
     private Object principal;
 
     private Object principal;
 
     private String proxyGrantingTicketIou;
 
     private String proxyGrantingTicketIou;
 
     private UserDetails userDetails;
 
     private UserDetails userDetails;
 
-    private GrantedAuthority[] authorities;
 
     private boolean authenticated;
 
     private boolean authenticated;
 
     private int keyHash;
 
     private int keyHash;
 
 
 
@@ -72,6 +71,7 @@ public class CasAuthenticationToken extends AbstractAuthenticationToken
 
     public CasAuthenticationToken(String key, Object principal,
 
     public CasAuthenticationToken(String key, Object principal,
 
         Object credentials, GrantedAuthority[] authorities,
 
         Object credentials, GrantedAuthority[] authorities,
 
         UserDetails userDetails, List proxyList, String proxyGrantingTicketIou) {
 
         UserDetails userDetails, List proxyList, String proxyGrantingTicketIou) {
 
+        super(authorities);
 
         if ((key == null) || ("".equals(key)) || (principal == null)
 
         if ((key == null) || ("".equals(key)) || (principal == null)
 
             || "".equals(principal) || (credentials == null)
 
             || "".equals(principal) || (credentials == null)
 
             || "".equals(credentials) || (authorities == null)
 
             || "".equals(credentials) || (authorities == null)
 
@@ -81,26 +81,15 @@ public class CasAuthenticationToken extends AbstractAuthenticationToken
 
                 "Cannot pass null or empty values to constructor");
 
                 "Cannot pass null or empty values to constructor");
 
         }
 
         }
 
 
 
-        for (int i = 0; i < authorities.length; i++) {
 
-            Assert.notNull(authorities[i],
 
-                "Granted authority element " + i
 
-                + " is null - GrantedAuthority[] cannot contain any null elements");
 
-        }
 
-
 
         this.keyHash = key.hashCode();
 
         this.keyHash = key.hashCode();
 
         this.principal = principal;
 
         this.principal = principal;
 
         this.credentials = credentials;
 
         this.credentials = credentials;
 
-        this.authorities = authorities;
 
         this.userDetails = userDetails;
 
         this.userDetails = userDetails;
 
         this.proxyList = proxyList;
 
         this.proxyList = proxyList;
 
         this.proxyGrantingTicketIou = proxyGrantingTicketIou;
 
         this.proxyGrantingTicketIou = proxyGrantingTicketIou;
 
         this.authenticated = true;
 
         this.authenticated = true;
 
     }
 
     }
 
 
 
-    protected CasAuthenticationToken() {
 
-        throw new IllegalArgumentException("Cannot use default constructor");
 
-    }
 
-
 
     //~ Methods ================================================================
 
     //~ Methods ================================================================
 
 
 
     public boolean equals(Object obj) {
 
     public boolean equals(Object obj) {
 
@@ -132,10 +121,6 @@ public class CasAuthenticationToken extends AbstractAuthenticationToken
 
         return false;
 
         return false;
 
     }
 
     }
 
 
 
-    public GrantedAuthority[] getAuthorities() {
 
-        return this.authorities;
 
-    }
 
-
 
     public Object getCredentials() {
 
     public Object getCredentials() {
 
         return this.credentials;
 
         return this.credentials;
 
     }
 
     }
 
@@ -177,12 +162,10 @@ public class CasAuthenticationToken extends AbstractAuthenticationToken
 
     public String toString() {
 
     public String toString() {
 
         StringBuffer sb = new StringBuffer();
 
         StringBuffer sb = new StringBuffer();
 
         sb.append(super.toString());
 
         sb.append(super.toString());
 
-        sb.append("; Credentials (Service/Proxy Ticket): ");
 
-        sb.append(this.credentials);
 
-        sb.append("; Proxy-Granting Ticket IOU: ");
 
-        sb.append(this.proxyGrantingTicketIou);
 
-        sb.append("; Proxy List: ");
 
-        sb.append(this.proxyList.toString());
 
+        sb.append("; Credentials (Service/Proxy Ticket): ").append(this.credentials);
 
+        sb.append("; Proxy-Granting Ticket IOU: ").append(this.proxyGrantingTicketIou);
 
+        sb.append("; Proxy List: ").append(this.proxyList);
 
+
 
 
 
         return (sb.toString());
 
         return (sb.toString());
 
     }
 
     }

+ 2 - 10
core/src/main/java/org/acegisecurity/providers/rememberme/RememberMeAuthenticationToken.java
View File 

@@ -40,7 +40,6 @@ public class RememberMeAuthenticationToken extends AbstractAuthenticationToken
 
     //~ Instance fields ========================================================
 
     //~ Instance fields ========================================================
 
 
 
     private Object principal;
 
     private Object principal;
 
-    private GrantedAuthority[] authorities;
 
     private int keyHash;
 
     private int keyHash;
 
 	private boolean authenticated;
 
 	private boolean authenticated;
 
 
 
@@ -57,6 +56,8 @@ public class RememberMeAuthenticationToken extends AbstractAuthenticationToken
 
      */
 
      */
 
     public RememberMeAuthenticationToken(String key, Object principal,
 
     public RememberMeAuthenticationToken(String key, Object principal,
 
         GrantedAuthority[] authorities) {
 
         GrantedAuthority[] authorities) {
 
+        super(authorities);
 
+
 
         if ((key == null) || ("".equals(key)) || (principal == null)
 
         if ((key == null) || ("".equals(key)) || (principal == null)
 
             || "".equals(principal) || (authorities == null)
 
             || "".equals(principal) || (authorities == null)
 
             || (authorities.length == 0)) {
 
             || (authorities.length == 0)) {
 
@@ -72,14 +73,9 @@ public class RememberMeAuthenticationToken extends AbstractAuthenticationToken
 
 
 
         this.keyHash = key.hashCode();
 
         this.keyHash = key.hashCode();
 
         this.principal = principal;
 
         this.principal = principal;
 
-        this.authorities = authorities;
 
 		this.authenticated = true;
 
 		this.authenticated = true;
 
     }
 
     }
 
 
 
-    protected RememberMeAuthenticationToken() {
 
-        throw new IllegalArgumentException("Cannot use default constructor");
 
-    }
 
-
 
     //~ Methods ================================================================
 
     //~ Methods ================================================================
 
 
 
     public void setAuthenticated(boolean isAuthenticated) {
 
     public void setAuthenticated(boolean isAuthenticated) {
 
@@ -90,10 +86,6 @@ public class RememberMeAuthenticationToken extends AbstractAuthenticationToken
 
         return this.authenticated;
 
         return this.authenticated;
 
     }
 
     }
 
 
 
-    public GrantedAuthority[] getAuthorities() {
 
-        return this.authorities;
 
-    }
 
-
 
     /**
 
     /**
 
      * Always returns an empty <code>String</code>
 
      * Always returns an empty <code>String</code>
 
      *
 
      *

+ 6 - 8
core/src/main/java/org/acegisecurity/providers/x509/X509AuthenticationToken.java
View File 

@@ -31,7 +31,6 @@ public class X509AuthenticationToken extends AbstractAuthenticationToken {
 
 
 
     private X509Certificate credentials;
 
     private X509Certificate credentials;
 
     private Object principal;
 
     private Object principal;
 
-    private GrantedAuthority[] authorities;
 
     private boolean authenticated = false;
 
     private boolean authenticated = false;
 
     private Object details = null;
 
     private Object details = null;
 
 
 
@@ -39,13 +38,16 @@ public class X509AuthenticationToken extends AbstractAuthenticationToken {
 
 
 
     /** Used for an authentication request */
 
     /** Used for an authentication request */
 
     public X509AuthenticationToken(X509Certificate credentials) {
 
     public X509AuthenticationToken(X509Certificate credentials) {
 
+        super(null);
 
         this.credentials = credentials;
 
         this.credentials = credentials;
 
     }
 
     }
 
 
 
-    public X509AuthenticationToken(Object principal, X509Certificate credentials, GrantedAuthority[] authorities) {
 
+    public X509AuthenticationToken(Object principal,
 
+                                   X509Certificate credentials,
 
+                                   GrantedAuthority[] authorities) {
 
+        super(authorities);
 
+        this.principal = principal;        
         this.credentials = credentials;
 
         this.credentials = credentials;
 
-        this.principal = principal;
 
-        this.authorities = authorities;
 
     }
 
     }
 
 
 
     //~ Methods ================================================================
 
     //~ Methods ================================================================
 
@@ -67,10 +69,6 @@ public class X509AuthenticationToken extends AbstractAuthenticationToken {
 
         return authenticated;
 
         return authenticated;
 
     }
 
     }
 
 
 
-    public GrantedAuthority[] getAuthorities() {
 
-        return authorities;
 
-    }
 
-
 
     public Object getCredentials() {
 
     public Object getCredentials() {
 
         return credentials;
 
         return credentials;
 
     }
 
     }

+ 2 - 12
core/src/main/java/org/acegisecurity/runas/RunAsUserToken.java
View File 

@@ -32,7 +32,6 @@ public class RunAsUserToken extends AbstractAuthenticationToken {
 
     private Class originalAuthentication;
 
     private Class originalAuthentication;
 
     private Object credentials;
 
     private Object credentials;
 
     private Object principal;
 
     private Object principal;
 
-    private GrantedAuthority[] authorities;
 
     private int keyHash;
 
     private int keyHash;
 
 	private boolean authenticated;
 
 	private boolean authenticated;
 
 
 
@@ -40,19 +39,14 @@ public class RunAsUserToken extends AbstractAuthenticationToken {
 
 
 
     public RunAsUserToken(String key, Object principal, Object credentials,
 
     public RunAsUserToken(String key, Object principal, Object credentials,
 
         GrantedAuthority[] authorities, Class originalAuthentication) {
 
         GrantedAuthority[] authorities, Class originalAuthentication) {
 
-        super();
 
+        super(authorities);
 
         this.keyHash = key.hashCode();
 
         this.keyHash = key.hashCode();
 
-        this.authorities = authorities;
 
         this.principal = principal;
 
         this.principal = principal;
 
         this.credentials = credentials;
 
         this.credentials = credentials;
 
         this.originalAuthentication = originalAuthentication;
 
         this.originalAuthentication = originalAuthentication;
 
 		this.authenticated = true;
 
 		this.authenticated = true;
 
     }
 
     }
 
 
 
-    protected RunAsUserToken() {
 
-        throw new IllegalArgumentException("Cannot use default constructor");
 
-    }
 
-
 
     //~ Methods ================================================================
 
     //~ Methods ================================================================
 
 
 
     public void setAuthenticated(boolean isAuthenticated) {
 
     public void setAuthenticated(boolean isAuthenticated) {
 
@@ -63,10 +57,6 @@ public class RunAsUserToken extends AbstractAuthenticationToken {
 
         return this.authenticated;
 
         return this.authenticated;
 
     }
 
     }
 
 
 
-    public GrantedAuthority[] getAuthorities() {
 
-        return this.authorities;
 
-    }
 
-
 
     public Object getCredentials() {
 
     public Object getCredentials() {
 
         return this.credentials;
 
         return this.credentials;
 
     }
 
     }
 
@@ -85,7 +75,7 @@ public class RunAsUserToken extends AbstractAuthenticationToken {
 
 
 
     public String toString() {
 
     public String toString() {
 
         StringBuffer sb = new StringBuffer(super.toString());
 
         StringBuffer sb = new StringBuffer(super.toString());
 
-        sb.append("; Original Class: " + this.originalAuthentication.getName());
 
+        sb.append("; Original Class: ").append(this.originalAuthentication.getName());
 
 
 
         return sb.toString();
 
         return sb.toString();
 
     }
 
     }

+ 6 - 4
core/src/test/java/org/acegisecurity/MockRunAsAuthenticationToken.java
View File 

@@ -30,6 +30,12 @@ public class MockRunAsAuthenticationToken extends AbstractAuthenticationToken {
 
 
 
     private boolean authenticated = false;
 
     private boolean authenticated = false;
 
 
 
+    //~ Constructors ===========================================================
 
+
 
+    public MockRunAsAuthenticationToken() {
 
+        super(null);
 
+    }
 
+
 
     //~ Methods ================================================================
 
     //~ Methods ================================================================
 
 
 
     public void setAuthenticated(boolean isAuthenticated) {
 
     public void setAuthenticated(boolean isAuthenticated) {
 
@@ -40,10 +46,6 @@ public class MockRunAsAuthenticationToken extends AbstractAuthenticationToken {
 
         return authenticated;
 
         return authenticated;
 
     }
 
     }
 
 
 
-    public GrantedAuthority[] getAuthorities() {
 
-        return null;
 
-    }
 
-
 
     public Object getCredentials() {
 
     public Object getCredentials() {
 
         return null;
 
         return null;
 
     }
 
     }

+ 3 - 1
core/src/test/java/org/acegisecurity/adapters/AuthByAdapterTests.java
View File 

@@ -24,6 +24,8 @@ import org.acegisecurity.GrantedAuthorityImpl;
 
 
 
 import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
 
 import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
 
 
 
+import java.util.Arrays;
 
+
 
 /**
 
 /**
 
  * Tests {@link AuthByAdapterProvider}
 
  * Tests {@link AuthByAdapterProvider}
 
  *
 
  *
 
@@ -67,7 +69,7 @@ public class AuthByAdapterTests extends TestCase {
 
 
 
         assertEquals(token.getCredentials(), response.getCredentials());
 
         assertEquals(token.getCredentials(), response.getCredentials());
 
         assertEquals(token.getPrincipal(), response.getPrincipal());
 
         assertEquals(token.getPrincipal(), response.getPrincipal());
 
-        assertEquals(token.getAuthorities(), response.getAuthorities());
 
+        assertTrue(Arrays.equals(token.getAuthorities(), response.getAuthorities()));
 
 
 
         if (!response.getClass().equals(token.getClass())) {
 
         if (!response.getClass().equals(token.getClass())) {
 
             fail("Should have returned same type of object it was given");
 
             fail("Should have returned same type of object it was given");

+ 2 - 7
core/src/test/java/org/acegisecurity/providers/AbstractAuthenticationTokenTests.java
View File 

@@ -148,22 +148,17 @@ public class AbstractAuthenticationTokenTests extends TestCase {
 
     private class MockAuthenticationImpl extends AbstractAuthenticationToken {
 
     private class MockAuthenticationImpl extends AbstractAuthenticationToken {
 
         private Object credentials;
 
         private Object credentials;
 
         private Object principal;
 
         private Object principal;
 
-        private GrantedAuthority[] authorities;
 
         private boolean authenticated = false;
 
         private boolean authenticated = false;
 
 
 
         public MockAuthenticationImpl(Object principal, Object credentials,
 
         public MockAuthenticationImpl(Object principal, Object credentials,
 
             GrantedAuthority[] authorities) {
 
             GrantedAuthority[] authorities) {
 
+            super(authorities);
 
             this.principal = principal;
 
             this.principal = principal;
 
             this.credentials = credentials;
 
             this.credentials = credentials;
 
-            this.authorities = authorities;
 
         }
 
         }
 
 
 
         private MockAuthenticationImpl() {
 
         private MockAuthenticationImpl() {
 
-            super();
 
-        }
 
-
 
-        public GrantedAuthority[] getAuthorities() {
 
-            return this.authorities;
 
+            super(null);
 
         }
 
         }
 
 
 
         public Object getCredentials() {
 
         public Object getCredentials() {

+ 7 - 4
core/src/test/java/org/acegisecurity/providers/TestingAuthenticationTokenTests.java
View File 

@@ -19,6 +19,7 @@ import junit.framework.TestCase;
 
 
 
 import org.acegisecurity.GrantedAuthority;
 
 import org.acegisecurity.GrantedAuthority;
 
 import org.acegisecurity.GrantedAuthorityImpl;
 
 import org.acegisecurity.GrantedAuthorityImpl;
 
+import org.acegisecurity.providers.rememberme.RememberMeAuthenticationToken;
 
 
 
 
 
 /**
 
 /**
 
@@ -67,11 +68,13 @@ public class TestingAuthenticationTokenTests extends TestCase {
 
         assertEquals("ROLE_TWO", token.getAuthorities()[1].getAuthority());
 
         assertEquals("ROLE_TWO", token.getAuthorities()[1].getAuthority());
 
     }
 
     }
 
 
 
-    public void testNoArgConstructor() {
 
+    public void testNoArgConstructorDoesntExist() {
 
+        Class clazz = TestingAuthenticationToken.class;
 
+
 
         try {
 
         try {
 
-            new TestingAuthenticationToken();
 
-            fail("Should have thrown IllegalArgumentException");
 
-        } catch (IllegalArgumentException expected) {
 
+            clazz.getDeclaredConstructor((Class[])null);
 
+            fail("Should have thrown NoSuchMethodException");
 
+        } catch (NoSuchMethodException expected) {
 
             assertTrue(true);
 
             assertTrue(true);
 
         }
 
         }
 
     }
 
     }

+ 7 - 4
core/src/test/java/org/acegisecurity/providers/anonymous/AnonymousAuthenticationTokenTests.java
View File 

@@ -20,6 +20,7 @@ import junit.framework.TestCase;
 
 import org.acegisecurity.GrantedAuthority;
 
 import org.acegisecurity.GrantedAuthority;
 
 import org.acegisecurity.GrantedAuthorityImpl;
 
 import org.acegisecurity.GrantedAuthorityImpl;
 
 import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
 
 import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
 
+import org.acegisecurity.providers.rememberme.RememberMeAuthenticationToken;
 
 
 
 import java.util.List;
 
 import java.util.List;
 
 import java.util.Vector;
 
 import java.util.Vector;
 
@@ -126,11 +127,13 @@ public class AnonymousAuthenticationTokenTests extends TestCase {
 
         assertTrue(token.isAuthenticated());
 
         assertTrue(token.isAuthenticated());
 
     }
 
     }
 
 
 
-    public void testNoArgConstructor() {
 
+    public void testNoArgConstructorDoesntExist() {
 
+        Class clazz = AnonymousAuthenticationToken.class;
 
+
 
         try {
 
         try {
 
-            new AnonymousAuthenticationToken();
 
-            fail("Should have thrown IllegalArgumentException");
 
-        } catch (IllegalArgumentException expected) {
 
+            clazz.getDeclaredConstructor((Class[])null);
 
+            fail("Should have thrown NoSuchMethodException");
 
+        } catch (NoSuchMethodException expected) {
 
             assertTrue(true);
 
             assertTrue(true);
 
         }
 
         }
 
     }
 
     }

+ 6 - 4
core/src/test/java/org/acegisecurity/providers/cas/CasAuthenticationTokenTests.java
View File 

@@ -178,11 +178,13 @@ public class CasAuthenticationTokenTests extends TestCase {
 
             token.getUserDetails().getUsername());
 
             token.getUserDetails().getUsername());
 
     }
 
     }
 
 
 
-    public void testNoArgConstructor() {
 
+    public void testNoArgConstructorDoesntExist() {
 
+        Class clazz = CasAuthenticationToken.class;
 
+
 
         try {
 
         try {
 
-            new CasAuthenticationToken();
 
-            fail("Should have thrown IllegalArgumentException");
 
-        } catch (IllegalArgumentException expected) {
 
+            clazz.getDeclaredConstructor((Class[])null);
 
+            fail("Should have thrown NoSuchMethodException");
 
+        } catch (NoSuchMethodException expected) {
 
             assertTrue(true);
 
             assertTrue(true);
 
         }
 
         }
 
     }
 
     }

+ 6 - 4
core/src/test/java/org/acegisecurity/providers/rememberme/RememberMeAuthenticationTokenTests.java
View File 

@@ -126,11 +126,13 @@ public class RememberMeAuthenticationTokenTests extends TestCase {
 
         assertTrue(token.isAuthenticated());
 
         assertTrue(token.isAuthenticated());
 
     }
 
     }
 
 
 
-    public void testNoArgConstructor() {
 
+    public void testNoArgConstructorDoesntExist() {
 
+        Class clazz = RememberMeAuthenticationToken.class;
 
+
 
         try {
 
         try {
 
-            new RememberMeAuthenticationToken();
 
-            fail("Should have thrown IllegalArgumentException");
 
-        } catch (IllegalArgumentException expected) {
 
+            clazz.getDeclaredConstructor((Class[])null);
 
+            fail("Should have thrown NoSuchMethodException");
 
+        } catch (NoSuchMethodException expected) {
 
             assertTrue(true);
 
             assertTrue(true);
 
         }
 
         }
 
     }
 
     }

+ 7 - 4
core/src/test/java/org/acegisecurity/runas/RunAsUserTokenTests.java
View File 

@@ -71,11 +71,14 @@ public class RunAsUserTokenTests extends TestCase {
 
             token.getOriginalAuthentication());
 
             token.getOriginalAuthentication());
 
     }
 
     }
 
 
 
-    public void testNoArgsConstructor() {
 
+
 
+    public void testNoArgConstructorDoesntExist() {
 
+        Class clazz = RunAsUserToken.class;
 
+
 
         try {
 
         try {
 
-            new RunAsUserToken();
 
-            fail("Should have thrown IllegalArgumentException");
 
-        } catch (IllegalArgumentException expected) {
 
+            clazz.getDeclaredConstructor((Class[])null);
 
+            fail("Should have thrown NoSuchMethodException");
 
+        } catch (NoSuchMethodException expected) {
 
             assertTrue(true);
 
             assertTrue(true);
 
         }
 
         }
 
     }
 
     }

+ 1 - 9
sandbox/src/main/java/org/acegisecurity/providers/smb/NtlmAuthenticationToken.java
View File 

@@ -38,7 +38,6 @@ public class NtlmAuthenticationToken extends AbstractAuthenticationToken {
 
 
 
     private NtlmPasswordAuthentication ntlmPasswordAuthentication;
 
     private NtlmPasswordAuthentication ntlmPasswordAuthentication;
 
     private transient UniAddress domainController;
 
     private transient UniAddress domainController;
 
-    private GrantedAuthority[] authorities;
 
     private boolean authenticated;
 
     private boolean authenticated;
 
 
 
     //~ Constructors ===========================================================
 
     //~ Constructors ===========================================================
 
@@ -46,6 +45,7 @@ public class NtlmAuthenticationToken extends AbstractAuthenticationToken {
 
     public NtlmAuthenticationToken(
 
     public NtlmAuthenticationToken(
 
         NtlmPasswordAuthentication ntlmPasswordAuthentication,
 
         NtlmPasswordAuthentication ntlmPasswordAuthentication,
 
         UniAddress domainController) {
 
         UniAddress domainController) {
 
+        super(null);
 
         this.ntlmPasswordAuthentication = ntlmPasswordAuthentication;
 
         this.ntlmPasswordAuthentication = ntlmPasswordAuthentication;
 
         this.domainController = domainController;
 
         this.domainController = domainController;
 
     }
 
     }
 
@@ -60,14 +60,6 @@ public class NtlmAuthenticationToken extends AbstractAuthenticationToken {
 
         return authenticated;
 
         return authenticated;
 
     }
 
     }
 
 
 
-    public void setAuthorities(GrantedAuthority[] authorities) {
 
-        this.authorities = authorities;
 
-    }
 
-
 
-    public GrantedAuthority[] getAuthorities() {
 
-        return authorities;
 
-    }
 
-
 
     public Object getCredentials() {
 
     public Object getCredentials() {
 
         return ntlmPasswordAuthentication.getPassword();
 
         return ntlmPasswordAuthentication.getPassword();
 
     }
 
     }