SEC-1325: Tighten up Authentication interface contract to disallow null authorities. Modified internals of AbstractAuthenticationToken to use an empty list instead of null. Clarified Javadoc. removed unnecessary null checks in classes which use the interface.
This commit is contained in:
@@ -25,7 +25,7 @@ public class PreAuthenticatedAuthenticationTokenTests extends TestCase {
|
||||
assertEquals(principal, token.getPrincipal());
|
||||
assertEquals(credentials, token.getCredentials());
|
||||
assertEquals(details, token.getDetails());
|
||||
assertNull(token.getAuthorities());
|
||||
assertTrue(token.getAuthorities().isEmpty());
|
||||
}
|
||||
|
||||
public void testPreAuthenticatedAuthenticationTokenRequestWithoutDetails() {
|
||||
@@ -35,7 +35,7 @@ public class PreAuthenticatedAuthenticationTokenTests extends TestCase {
|
||||
assertEquals(principal, token.getPrincipal());
|
||||
assertEquals(credentials, token.getCredentials());
|
||||
assertNull(token.getDetails());
|
||||
assertNull(token.getAuthorities());
|
||||
assertTrue(token.getAuthorities().isEmpty());
|
||||
}
|
||||
|
||||
public void testPreAuthenticatedAuthenticationTokenResponse() {
|
||||
|
||||
Reference in New Issue
Block a user