SEC-1325: Tighten up Authentication interface contract to disallow null authorities. Modified internals of AbstractAuthenticationToken to use an empty list instead of null. Clarified Javadoc. removed unnecessary null checks in classes which use the interface.

This commit is contained in:
Luke Taylor
2009-12-13 17:37:24 +00:00
parent ef3d9c7877
commit cad32ffe39
9 changed files with 41 additions and 53 deletions

View File

@@ -25,7 +25,7 @@ public class PreAuthenticatedAuthenticationTokenTests extends TestCase {
assertEquals(principal, token.getPrincipal());
assertEquals(credentials, token.getCredentials());
assertEquals(details, token.getDetails());
assertNull(token.getAuthorities());
assertTrue(token.getAuthorities().isEmpty());
}
public void testPreAuthenticatedAuthenticationTokenRequestWithoutDetails() {
@@ -35,7 +35,7 @@ public class PreAuthenticatedAuthenticationTokenTests extends TestCase {
assertEquals(principal, token.getPrincipal());
assertEquals(credentials, token.getCredentials());
assertNull(token.getDetails());
assertNull(token.getAuthorities());
assertTrue(token.getAuthorities().isEmpty());
}
public void testPreAuthenticatedAuthenticationTokenResponse() {